[En-Nut-Discussion] ARP Flood...
Hugo Simon
hugo.simon at gmx.de
Sat Jan 28 14:33:36 CET 2006
> Using Ethereal to confirm the actual process I (among a few other tests)
> flooded the network with 30 Million ARP announcements (random MAC and
random
> IP) over a timeframe of 5 minutes (~100000 per second). You might be happy
> to know that the only component on the network that almost jumped out of
its
> skin during this test was ethereal (took about 7 minutes to recover)
whereas
> all 30 modules running Nut/OS remained stable. The only noticeable effect
That confirms my observations. My NutOS device hangs nearly without any ARPs
on the network.
So I don't think it's an ARP problem.
>From my debug outputs I think it hangs in the TCP/IP statemachine, looping
several times in the part described as "recover from SYN attacks". Look for
this part in the THREAD in tcpsm.c:
/*
* Recover from SYN flood attacks.
*/
else if (sock->so_state == TCPS_SYN_RECEIVED) {
#ifdef NUTDEBUG
/*DEBUG*/ fputs("SMSYNRECOVER;",stdout);
#endif
if (sock->so_time_wait++ >= 45) {
sock->so_state = TCPS_LISTEN;
sock->so_time_wait = 0;
}
}
This debugoutput comes several times directly before NutOS hangs.
> - simulate a few thousand clients attempting a connection to Nut/OS
> - simulate extensive UDP Broadcasts hitting the Nut/OS
> - <your suggestion could go here>
I am sorry, but I am not such a network specialist to know what a test makes
sense, I even don't know what a SYN is. I only wanted to use NutOS and now I
have a crashing Nut laying around and I have no idea what to do. :(
If you can find anything I would be _very_ happy.
Thanks
Thorsten
More information about the En-Nut-Discussion
mailing list