lwip-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [lwip-devel] SYN flood attack - lwip crash

From: Simon Goldschmidt
Subject: Re: [lwip-devel] SYN flood attack - lwip crash
Date: Tue, 03 Feb 2009 07:33:17 +0100 
> > Does this mean there are not problems when TCP_LISTEN_BACKLOG is turned
> off?
> 
> i will try tomorrow.... but in this case i cannot have pending request
> to connect?

No, it means you cannot _limit_ the number of pending requests. Before 1.3.0, 
lwIP accepted every incoming connection on a listening pcb. When the connection 
is fully established, it is posted to the accept_mbox of the listening netconn 
(when using the netconn or socket API, of course). This means the connection is 
already open and can be fetched from that mbox at any time you like.

In contrast to that, the listen backlog limits the number of connections opened 
on a listening port that are not yet handled by the application (increased when 
a connection is opened, decreased when the application calls accept()). This is 
a new feature that is not useful to everyone, maybe you don't need it, too. 
It's mainly there for posix compatiblity.

Simon
-- 
Psssst! Schon vom neuen GMX MultiMessenger gehört? Der kann`s mit allen: 
http://www.gmx.net/de/go/multimessenger01
reply via email to
[Prev in Thread] Current Thread [Next in Thread]