On 19.06.2018 18:11, Sergio R. Caprile wrote:
UDP datagrams are carried by Ethernet frames. It is not lwIP but your driver who allocates memory to hold those frames before handling them to lwIP, which in turn will deliver to your application. The only way to stop allocation is there. Someone could also send pings of death, repeated SYNs... If you need firewall functionality, you need to build a firewall.
Well, the OP was not really asking about a firewall but about DoS protection. And he's correct in that to prevent DoS, a device must be able to keep up receiving at full wire speed, wether the packets are short or long.
But you are right here that throwing packets away in the driver as early as possible is the best way to achieve this on a resource constrained target. Of course, this makes the driver depend on the application in some kind of way, but I wouldn't consider it bad design if it was clearly separated from the driver.
You're also right that lwIP can't really help here :-) Simon _______________________________________________ lwip-users mailing list lwip-users@nongnu.org https://lists.nongnu.org/mailman/listinfo/lwip-users
