Bugtraq mailing list archives
Re: UDP packet handling weird behaviour of various operating systems
From: Michal Zalewski <lcamtuf () gis net>
Date: Wed, 25 Jul 2001 17:38:32 -0400 (EDT)
On Tue, 24 Jul 2001, Stefan Laudat wrote:
/.../ looks like it's rising some problems in a matter of CPU usage for handling incoming UDP packets. Its initial aim was another one (read the source) but accidentally it can be used for locking up machines. You can try it from
http://rootshell.com/archive-j457nxiqi3gq59dv/199803/biffit.c I'm not a TCP stack-writing guru but I presume the behaviour described below is way beyond normal, as its results are quite different depending on the OS used. Please don't bash me if I'm wrong.
Uh-huh. Tested it on Linux 2.2 and 2.4, can't confirm the problem. It would be pretty strange, btw, since it simply generates normal UDP packet, no black magic, really, and remote system, unless there's comast service running, politely responds with 'ICMP destination port unreachable', which is translated into 'Connection refused'. Nothing magic about its behavior: sendto(4, "test@0", 6, 0, {sin_family=AF_INET, sin_port=htons(512), sin_addr=inet_addr("127.0.0.1")}}, 16) = -1 ECONNREFUSED (Connection refused)
1. Linux 2.4.7 UP (pristine source, waiting for a new shiny Alan Cox patch) - system gets frozen after 3 seconds of flood on a gigabit link.
Maybe there's comsat service running? Or you made system too busy handling I/O by flooding using 1 Gbit (I doubt it)...
3. Windows 2000 Server UP. - the system graphs jump from 2% cpu usage (in a calm evening with no ongoing backups and domain synchronizations) to approx. 35% and holds it steady.
Windows are usually impacted by high-ratio packet floods.
The flood is performed via a Gigabit link. The packet rate handling of win2k is wonderful, it even beats an OpenBSD 2.8. Kudos to MS guys, this one is a real hit. As I couldn't believe my eyes I ran some applications on it (crunching queries on the local MS SQL2k server etc) and I got timely-fashion responses.
I believe you are actually testing link layer performance, PCI bus speed and network cards, not operating systems ;) -- _____________________________________________________ Michal Zalewski [lcamtuf () bos bindview com] [security] [http://lcamtuf.coredump.cx] <=-=> bash$ :(){ :|:&};: =-=> Did you know that clones never use mirrors? <=-=
Current thread:
- UDP packet handling weird behaviour of various operating systems Stefan Laudat (Jul 25)
- Re: UDP packet handling weird behaviour of various operating systems Michal Zalewski (Jul 26)
- Re: UDP packet handling weird behaviour of various operating systems Kevin Day (Jul 26)
- Re: UDP packet handling weird behaviour of various operating systems Cade Cairns (Jul 26)
- Re: UDP packet handling weird behaviour of various operating systems Michal Zalewski (Jul 26)
- Re: UDP packet handling weird behaviour of various operating systems Cade Cairns (Jul 27)
- Re: UDP packet handling weird behaviour of various operating systems aland (Jul 27)
- Re: UDP packet handling weird behaviour of various operating systems Stefan Laudat (Jul 26)
- Re: UDP packet handling weird behaviour of various operating systems Michal Zalewski (Jul 26)
- Re: UDP packet handling weird behaviour of various operating systems Stefan Laudat (Jul 26)
- Re: UDP packet handling weird behaviour of various operating systems Niels Bakker (Jul 27)
- RE: UDP packet handling weird behaviour of various operating systems David LeBlanc (Jul 26)
- Re: UDP packet handling weird behaviour of various operating systems Michal Zalewski (Jul 26)