Re: UDP packet handling weird behaviour of various operating systems

[Radu-Adrian Feurdean <raf () chez com>]

On Wed, 25 Jul 2001, Michal Zalewski wrote:

> On Tue, 24 Jul 2001, Stefan Laudat wrote:
>
> > http://rootshell.com/archive-j457nxiqi3gq59dv/199803/biffit.c
>
> Uh-huh. Tested it on Linux 2.2 and 2.4, can't confirm the problem. It
> would be pretty strange, btw, since it simply generates normal UDP packet,
> no black magic, really, and remote system, unless there's comast service
> running, politely responds with 'ICMP destination port unreachable', which
> is translated into 'Connection refused'.
>
> > 1. Linux 2.4.7 UP (pristine source, waiting for a new shiny Alan Cox patch) 
> > - system gets frozen after 3 seconds of flood on a gigabit link.
>
> Maybe there's comsat service running? Or you made system too busy handling
> I/O by flooding using 1 Gbit (I doubt it)...

Tested several times with 2.2 kernels (and in the past with 2.0). If a logging
firewall is used machine becomes unresponsive, but if the flood does dot take
much time, it recovers after the flood ends.

Without a logging firewall, the machine remains responsive, but becomes much
slower. This highly depends on teh packet rate, but on a 100Mbps link it is
close to impossible to make it get frozen. Mainly because packets get dropped.

> > 3. Windows 2000 Server UP. - the system graphs jump from 2% cpu usage
> > (in a calm evening with no ongoing backups and domain
> > synchronizations) to approx. 35% and holds it steady.

What about packet loss ?


Radu-Adrian Feurdean
mailto: raf () chez com
----------------------------------------------------------------------------
The light at the end of the tunnel is the headlight of an approaching train.