[En-Nut-Discussion] ARP Flood...

[Hugo Simon]

> Using Ethereal to confirm the actual process I (among a few other tests)
> flooded the network with 30 Million ARP announcements (random MAC and
random
> IP) over a timeframe of 5 minutes (~100000 per second). You might be happy
> to know that the only component on the network that almost jumped out of
its
> skin during this test was ethereal (took about 7 minutes to recover)
whereas
> all 30 modules running Nut/OS remained stable. The only noticeable effect
That confirms my observations. My NutOS device hangs nearly without any ARPs
on the network.
So I don't think it's an ARP problem.

>From my debug outputs I think it hangs in the TCP/IP statemachine, looping
several times in the part described as "recover from SYN attacks". Look for
this part in the THREAD in tcpsm.c:


                /*
                 * Recover from SYN flood attacks.
                 */
                else if (sock->so_state == TCPS_SYN_RECEIVED) {
#ifdef NUTDEBUG
/*DEBUG*/  fputs("SMSYNRECOVER;",stdout);
#endif
                    if (sock->so_time_wait++ >= 45) {
                        sock->so_state = TCPS_LISTEN;
                        sock->so_time_wait = 0;
                    }
                }

This debugoutput comes several times directly before NutOS hangs.

> - simulate a few thousand clients attempting a connection to Nut/OS
> - simulate extensive UDP Broadcasts hitting the Nut/OS
> - <your suggestion could go here>
I am sorry, but I am not such a network specialist to know what a test makes
sense, I even don't know what a SYN is. I only wanted to use NutOS and now I
have a crashing Nut laying around and I have no idea what to do. :(

If you can find anything I would be _very_ happy.

Thanks
Thorsten