lwip-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [lwip-devel] SYN flood attack - lwip crash

From: Piero 74
Subject: Re: [lwip-devel] SYN flood attack - lwip crash
Date: Fri, 30 Jan 2009 16:18:56 +0100
kieran... i found something interesting... :OD

first, in my code, i set a backlog = 1:

#define SOCKTCPBACKLOG                    1

....

// create TCP listener
INT32 createTCPListener(UINT16 port)
{
  INT32 sd;
  struct sockaddr_in serv_addr;

  sd = socket(AF_INET,SOCK_STREAM,IPPROTO_TCP);
  if (sd >= 0)
  {
    // valid socket
    serv_addr.sin_family = AF_INET;
    serv_addr.sin_addr.s_addr = INADDR_ANY;
    serv_addr.sin_port = htons(port);
    bind(sd, (struct sockaddr *) &serv_addr, sizeof(serv_addr));
    listen(sd, SOCKTCPBACKLOG);
  }

  return(sd);
}


i have 3 listener created in this way.

After a scan with nmap, and syn flood, i found that 

tcp_listen_pcbs

are listener with field

accepts_pending = 1

so, lwip code reject the connect request.

I didn't understand why this field is not reset!!!

any idea?


Piero

2009/1/30 Kieran Mansley <address@hidden>
On Fri, 2009-01-30 at 15:20 +0100, Piero 74 wrote:
> watching with debugger...
>
>
> tcp_slowtmr() seems not work... i checked some vars:
> tcp_active_pcbs point to NULL (no pcb available)
>

What about the other PCB lists:

tcp_bound_pcbs
tcp_listen_pcbs
tcp_tw_pcbs

Can you confirm what the state of the PCB stats are?  i.e. How many PCBs
are allocated etc?

Kieran



_______________________________________________
lwip-devel mailing list
address@hidden
http://lists.nongnu.org/mailman/listinfo/lwip-devel

reply via email to
[Prev in Thread] Current Thread [Next in Thread]