Electronics > Microcontrollers

Any micros with ETH and hardware incoming packet filtering by IP?

(1/7) > >>

peter-h:
Currently I have a 32F417 whose ETH is feeding packets to LWIP and this filtering of traffic not addressed to your IP is done up in LWIP.

In the embedded world one is unlikely to get deliberately DOS'd, and most "RJ45 boxes" connect to a port of a switch, not a hub, so only packets addressed to your MAC should be reaching you, but all broadcasts will reach you and there is a possibility of overload.

This was actually a real issue with some of the RJ45-to-serial modules (intended to make adding ETH to an old style Z80-type board which can't run a TCP/IP stack) which could not deal with any significant incoming traffic not addressed to their IP.

I guess one could hook up the ETH DMA and have an ISR dumping the packets down there, which is better.

Just wondering why such an apparently obvious feature was left out.

nctnico:

--- Quote from: peter-h on August 07, 2022, 09:38:16 pm ---Currently I have a 32F417 whose ETH is feeding packets to LWIP and this filtering of traffic not addressed to your IP is done up in LWIP.

Just wondering why such an apparently obvious feature was left out.

--- End quote ---
It isn't. The hardware seems to be perfectly capable of doing all kinds of filtering. It is just left out at the driver level  :-//.

westfw:
Not receiving broadcasts would be a bad thing.  ARP would break, for example (although, those aren't even IP packets.)  Multicasts are typically filterable, either as a whole, or via a table of hashes.

If your network has a large quantity of broadcast IP packets, you should probably figure our why, and maybe change things at the network level.  There used to be a thing called "broadcast storms", but they should have been eliminated a long time ago.



--- Quote ---I guess one could hook up the ETH DMA and have an ISR dumping the packets down there
--- End quote ---
Yes, you can save many cycles and dramatically improve performance by discarding packets that are "not useful" as early as possible.

wek:

--- Quote from: nctnico on August 07, 2022, 11:22:50 pm ---
--- Quote from: peter-h on August 07, 2022, 09:38:16 pm ---Currently I have a 32F417 whose ETH is feeding packets to LWIP and this filtering of traffic not addressed to your IP is done up in LWIP.

Just wondering why such an apparently obvious feature was left out.

--- End quote ---
It isn't. The hardware seems to be perfectly capable of doing all kinds of filtering. It is just left out at the driver level  :-//.

--- End quote ---
Can you please point me to the description of IP-level filtering in RM0090? All I can see is ETH level SA/DA filtering as described in 33.5.5. MAC filtering subchapter.

Sure, in purely LAN setting, there may be a nearly 1:1 relationship between MAC and IP addresses, but I am not sure how could this apply generally.

JW

westfw:

--- Quote ---The hardware seems to be perfectly capable of doing all kinds of filtering.
--- End quote ---
All sorts of MAC address filtering (multiple unicast addresses - nice!)
I don't see any filtering capabilities above the MAC layer.

Navigation

[0] Message Index

[#] Next page