From 516ca4698fddff43beec46495f3bd726d1f77c04 Mon Sep 17 00:00:00 2001 From: Mahavir Jain Date: Thu, 15 Oct 2020 19:10:11 +0530 Subject: [PATCH] lwip: provide configuration option to enable TCP ISN hook --- components/lwip/CMakeLists.txt | 5 +++++ components/lwip/Kconfig | 11 +++++++++++ components/lwip/component.mk | 7 ++++++- components/lwip/port/esp32/include/lwipopts.h | 11 +++++++++++ 4 files changed, 33 insertions(+), 1 deletion(-) diff --git a/components/lwip/CMakeLists.txt b/components/lwip/CMakeLists.txt index 632d866ed..826d7f1e5 100644 --- a/components/lwip/CMakeLists.txt +++ b/components/lwip/CMakeLists.txt @@ -5,6 +5,7 @@ set(COMPONENT_ADD_INCLUDEDIRS port/esp32/include port/esp32/include/arch include_compat + port/esp32/tcp_isn ) set(COMPONENT_SRCS "apps/dhcpserver/dhcpserver.c" @@ -123,6 +124,10 @@ if(CONFIG_PPP_SUPPORT) "lwip/src/netif/ppp/polarssl/sha1.c") endif() +if(CONFIG_LWIP_TCP_ISN_HOOK) + list(APPEND COMPONENT_SRCS "port/esp32/tcp_isn/tcp_isn.c") +endif() + set(COMPONENT_REQUIRES vfs) set(COMPONENT_PRIV_REQUIRES ethernet tcpip_adapter nvs_flash) diff --git a/components/lwip/Kconfig b/components/lwip/Kconfig index f307ef04a..7ad19499c 100644 --- a/components/lwip/Kconfig +++ b/components/lwip/Kconfig @@ -296,6 +296,17 @@ menu "LWIP" menu "TCP" + config LWIP_TCP_ISN_HOOK + bool "Enable TCP ISN Hook" + default y + help + Enables custom TCP ISN hook to randomize initial sequence + number in TCP connection. This is recommended as default + lwIP implementation (`tcp_next_iss`) is not very strong, + as it does not take into consideration any platform + specific entropy source. + + config LWIP_MAX_ACTIVE_TCP int "Maximum active TCP Connections" range 1 1024 diff --git a/components/lwip/component.mk b/components/lwip/component.mk index f43250baa..dca378477 100644 --- a/components/lwip/component.mk +++ b/components/lwip/component.mk @@ -9,7 +9,8 @@ COMPONENT_ADD_INCLUDEDIRS := \ lwip/src/include \ port/esp32/include \ port/esp32/include/arch \ - include_compat + include_compat \ + port/esp32/tcp_isn COMPONENT_SRCDIRS := \ apps/dhcpserver \ @@ -30,6 +31,10 @@ ifdef CONFIG_PPP_SUPPORT COMPONENT_SRCDIRS += lwip/src/netif/ppp lwip/src/netif/ppp/polarssl endif +ifdef CONFIG_LWIP_TCP_ISN_HOOK + COMPONENT_SRCDIRS += port/esp32/tcp_isn +endif + CFLAGS += -Wno-address # lots of LWIP source files evaluate macros that check address of stack variables ifeq ($(GCC_NOT_5_2_0), 1) diff --git a/components/lwip/port/esp32/include/lwipopts.h b/components/lwip/port/esp32/include/lwipopts.h index ad9a776f8..f213aeef1 100644 --- a/components/lwip/port/esp32/include/lwipopts.h +++ b/components/lwip/port/esp32/include/lwipopts.h @@ -396,6 +396,17 @@ */ #define LWIP_TCP_RTO_TIME CONFIG_LWIP_TCP_RTO_TIME +/** + * Set TCP hook for Initial Sequence Number (ISN) + */ +#ifdef CONFIG_LWIP_TCP_ISN_HOOK +#include +struct ip_addr; +u32_t lwip_hook_tcp_isn(const struct ip_addr *local_ip, u16_t local_port, + const struct ip_addr *remote_ip, u16_t remote_port); +#define LWIP_HOOK_TCP_ISN lwip_hook_tcp_isn +#endif + /* ---------------------------------- ---------- Pbuf options ----------