[lwip-users] reduce DOS vulnerability by changing pbufs?

lwip-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[lwip-users] reduce DOS vulnerability by changing pbufs?

From:	CS-AntiSpam
Subject:	[lwip-users] reduce DOS vulnerability by changing pbufs?
Date:	Wed, 19 Nov 2003 12:19:16 +0100 (MET)

Hello,

I am experimenting with PBUF_POOL_BUFSIZE of 1500 bytes in order
to receive packets as a whole in one contiguous piece of memory.
This is needed to easily apply cryptographic operations in place
and forwarding the packet to ip_input() without copying the packet.

Memory is limited here to 10 concurrent pbufs of 1500 bytes each.
If 10 new packets arrive while the first one is beeing processed,
it can happen that p = pbuf_alloc(PBUF_IP, TCP_HLEN, PBUF_RAM);
in tcp_output() will fail? Is this correct?

The reason for such a failure could is the fact that a pbuf_alloc()
in cs8900_input() has the same priority as in tcp_output().

May be pbuf_alloc() in cs8900_input() should fail if proper 
processing of the packet can not be assured. With this, lwIP
could not be blocked by massive inbound traffic.

Any comment is welcome.

Christian

-- 
NEU FÜR ALLE - GMX MediaCenter - für Fotos, Musik, Dateien...
Fotoalbum, File Sharing, MMS, Multimedia-Gruß, GMX FotoService

Jetzt kostenlos anmelden unter http://www.gmx.net

+++ GMX - die erste Adresse für Mail, Message, More! +++

[Prev in Thread]

Current Thread

[Next in Thread]

[lwip-users] unix/sys_arch.c problem, Karl Jeacle, 2003/11/19
- [lwip-users] reduce DOS vulnerability by changing pbufs?, CS-AntiSpam <=
  - Re: [lwip-users] reduce DOS vulnerability by changing pbufs?, Sandeep Sarat, 2003/11/19

Prev by Date: [lwip-users] unix/sys_arch.c problem
Next by Date: Re: [lwip-users] reduce DOS vulnerability by changing pbufs?
Previous by thread: [lwip-users] unix/sys_arch.c problem
Next by thread: Re: [lwip-users] reduce DOS vulnerability by changing pbufs?
Index(es):
- Date
- Thread