Hey,
we performed pretty thorough Tests with the Stack (including the usual
stuff like SYN-Floods) and found the TCP Options-bug.
I would give LwIP a pretty good grade there. The Stack itself is very
robust.
The problematic part is always the driver implementation. And that is
where LwIP could provide more help to developers (more documentation,
tips, hints, best practices).
Because timing issues, flooding issues and all that stuff all arise in the
driver. If your driver is not secure, the stack can't help crashing.
So debug your driver while under SYN flood and you'll probably find
something overflowing.
Now on to the topic of filtering. Filtering packets in the MAC layer by
whitelisting IPs is pretty much nonsense. It's basically the same
simulation of security as MAC-ACLs in Wireless routers. An IP can easily
be spoofed just like a MAC can. Building extensive packet filtering
options and configuration options into LwIP will only increase complexity
and code size. And if you want filtering on the lowest level it will be a
driver issue anyways.
Network-security is a very complex topic and you can't try to make a
single device ultra-secure and then never worry again. The whole network
has to be taken into account. Also there are no statements about it that
are correct under every circumstance (like using UDP because it's
simpler).
You cannot judge the security of a device by the IP stack alone.
To close: you should probably never expose a device with such low
resources that it uses a minimal Stack like LwIP _directly_ to the
internet. This WILL starve your resources and DoS your device.
Packet-filtering should be done by appliances that are built for that.
Firewalls, VPN-Tunnels, ...
regards,
Fabian
_______________________________________________
lwip-users mailing list
[email protected]
http://lists.nongnu.org/mailman/listinfo/lwip-users
