Re: Embedded Ethernet and Corporate LAN

TECH_NEWS wrote: 
We get massive buffer overflows on a typical LAN network.
What did you do to reduce "House Keeping" signals (DHCP
OFFERS, ARP REQUESTS, DNS, NETBIOS BROADCASTS)?

* It'd possible that the environment is to blame, but it'd have to be really bad. A "normal" corporate LAN would only see ~10 broadcast packets per second. OTOH, the system should be able to do 10pps in its sleep, so maybe it's a combination of environment and code.

* Have you set the broadcast receive flags in the controller? You should have promiscuous mode turned off, along with all types of multicasts. This will cause the controller to pre-filter all the incoming packets.

* Is your MAC address loaded into the controller (it becomes the unicast address filter)?

* You will need to have broadcasts enabled because some of the broadcast protocols (all F's MAC) are critical (e.g., ARP)

* What sequence are you using to validate the received packets for processing? Because many of the broadcast packets will not be useful to your application, you need a very streamlined way to discard them. An excellent tip is to do the filtering steps (address, frame type, protocol, port) before validating the checksum, since it's very CPU intensive.

* Is the driver interrupt-triggered, or does it poll? If polled, do you check for the next packet right after you're finished with the last one? If it's interrupt triggered, is it possible your interrupts aren't working as expected under a moderate load? For example, look at how interrupts and flags are being reset - how promptly, possible race conditions, etc.

Richard
.

Relevant Pages

  • Re: spoofing ip as broadcast
    ... A subnet broadcast is sent out to the MAC address ff:ff:ff:ff:ff:ff ... only hosts in the same subnet will pay attention to the packet; ... As far out as practical that you can arrange, you should filter packets ...
    (comp.security.misc)
  • Re: spoofing ip as broadcast
    ... A subnet broadcast is sent out to the MAC address ff:ff:ff:ff:ff:ff ... only hosts in the same subnet will pay attention to the packet; ... As far out as practical that you can arrange, you should filter packets ...
    (comp.security.misc)
  • Re: spoofing ip as broadcast
    ... :There's an attack for win9x machines wherein the hacker spoofs another users ... :IP so as to cause all those on the same network to consider that IP as a "broadcast" ... What would make sense as an attack would be to spoof someone else's ... I got a flood of packets from just about every imaginable ...
    (comp.security.firewalls)
  • Re: spoofing ip as broadcast
    ... :There's an attack for win9x machines wherein the hacker spoofs another users ... :IP so as to cause all those on the same network to consider that IP as a "broadcast" ... What would make sense as an attack would be to spoof someone else's ... I got a flood of packets from just about every imaginable ...
    (comp.security.firewalls)
  • Re: Embedded Ethernet and Corporate LAN
    ... >> OFFERS, ARP REQUESTS, DNS, NETBIOS BROADCASTS)? ... > packets per second. ... > * Have you set the broadcast receive flags in the controller? ... is it possible your interrupts aren't ...
    (comp.arch.embedded)