Re: [lwip-users] How to limit the UDP Rx packet size to avoid big RAM allocations

[address@hidden]

On 27.06.2018 16:12, R. Diez wrote:
> I must admit that I am always in a rush. Did I miss some place in the
> documentation where this is explained?

Hmm dunno, I haven't read the docs lately ;-)
If there's somthing missing in the docs you discover here on the list, 
please don't hesitate to send a patch fixing the docs. Thanks!

> Otherwise, please let me help understand how this works. If the remote
> host decides to send 10 fragments, each with just 4 bytes, will lwIP
> allocate (with or without malloc) 10 pbufs and leave them almost empty?

Yes.

> Or will it fill the first pbuf first (appending on the first pbuf), and
> only allocate the next one when the first pbuf is full?

No, it can't easily fill the first pbuf as pbufs (currently) don't hold 
information about the unused buffer space behind payload + len.

> [..]
> What else would you propose? Doing nothing at the moment leaves lwIP
> extremely vulnerable to memory exhaustion due to fragmentation.

Again, we have IP_REASS_MAX_PBUFS, so unless you allocate input pbufs as 
something else than PBUF_POOL, you do know the upper limit of bytes 
consumed in reassembly. This being said, there is no vulnerability with 
the current configuration options available (if they are set correctly - 
the default for IP_REASS_MAX_PBUFS is 10, so this should be pretty safe).

If that's not enough (again, which only is the case if you use a pbuf 
type != PBUF_POOL), counting the total number of bytes over all queued 
pbufs might be better than limiting fragment size. Or perhaps just do 
both...

Simon