[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [lwip-devel] SYN flood attack - lwip crash
From: |
Rejean Groleau |
Subject: |
Re: [lwip-devel] SYN flood attack - lwip crash |
Date: |
Mon, 2 Feb 2009 13:29:35 -0800 (PST) |
I made a simple callback-based HTTP daemon,
which uses the LwIP backlog option.
To make it work, I had to implement two additional macros:
one to check the current pcb->accepts_pending value,
and the other to reset the pcb->accepts_pending value.
Periodically, I check to see if my number of incoming
active connections is less than the maximum I support.
If the pcb->accepts_pending value is not zero,
and my connection count is less than my maximum,
I reset the pcb->accepts_pending value.
Only then can I receive more connections.
I guess I would not have to do this if the RST flag
or the tcp_slowtmr() could deal properly with the
pcb->accepts_pending value.
I would be very interested in seeing your patch for this,
Thanks for finding that bug!
-Reggie.
Piero 74 wrote:
>
> Some news debugging the code....
> 1. i use nmap to scan open port in my lwip board
> 2. using wireshark i saw that nmap sends:
> - a SYN packet -----> after this packet lwip code increment in listener
> pcb
> the field accepts_pending, add a pcb for new connection and send an ACK
> - a RST packet ------> after this, lwip code remove allocated pcb, but
> DOESN'T decrement in listener pcb the field accepts_pending
>
--
View this message in context:
http://www.nabble.com/SYN-flood-attack---lwip-crash-tp21744136p21798764.html
Sent from the lwip-devel mailing list archive at Nabble.com.