Re: UDP packet handling weird behaviour of various operating systems

[Paul Sack <paulsack () mail utexas edu>]

Yesterday at 11:36pm, Stefan Laudat expounded:

++ Looks like there are some problems in some of the most popular TCP/IP
++ stack implementations. I've found a kiddie-tool on the internet that
++ looks like it's rising some problems in a matter of CPU usage for handling
++ incoming UDP packets. Its initial aim was another one (read the source)
++ but accidentally it can be used for locking up machines.

Most UDP packets should be firewalled from the Internet.

This is only really useful if someone has access to the local network. Is
Linux/UP actually *locking* or just temporarily unresponsive? Also, it is
invalid to compare Windows ME running on $3000 hardware with Linux/*BSD
running on an old Pentium. Are you running all of this on the same
hardware? Obviously faster hardware is going to be affected less by a UDP
flood. How about the network cards?

I am suspicious that you are just comparing hardware, given that different
versions of W2K perform much differently in your analysis. (You said the
load was server: 35%, professional: 60%) I somehow doubt that MS tuned the
network stack so much on the ``server'' version & wouldn't do the same on
the ``professional'' version.

I bet a Sun E10K with lots of NICs could flood the Sun UE3500 with lots of
NICs, but that probably doesn't mean that the Solaris 8 network stack is
better than the Solaris 8 network stack; it's because the E10K is faster.

-Paul Sack
ECE, UT Austin

-- 
Someone will try to honk your nose today.