Crash_Override/OVMS3-idf
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

lwip: provide configuration option to enable TCP ISN hook

Browse source
This commit is contained in:
Mahavir Jain 2020-10-15 19:10:11 +05:30
parent 59112bbd76
commit 516ca4698f
4 changed files with 33 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
components/lwip/CMakeLists.txt
View file

@ -5,6 +5,7 @@ set(COMPONENT_ADD_INCLUDEDIRS
port/esp32/include port/esp32/include
port/esp32/include/arch port/esp32/include/arch
include_compat include_compat
port/esp32/tcp_isn
) )
set(COMPONENT_SRCS "apps/dhcpserver/dhcpserver.c" set(COMPONENT_SRCS "apps/dhcpserver/dhcpserver.c"
@ -123,6 +124,10 @@ if(CONFIG_PPP_SUPPORT)
"lwip/src/netif/ppp/polarssl/sha1.c") "lwip/src/netif/ppp/polarssl/sha1.c")
endif() endif()
if(CONFIG_LWIP_TCP_ISN_HOOK)
list(APPEND COMPONENT_SRCS "port/esp32/tcp_isn/tcp_isn.c")
endif()
set(COMPONENT_REQUIRES vfs) set(COMPONENT_REQUIRES vfs)
set(COMPONENT_PRIV_REQUIRES ethernet tcpip_adapter nvs_flash) set(COMPONENT_PRIV_REQUIRES ethernet tcpip_adapter nvs_flash)

11
components/lwip/Kconfig
View file

@ -296,6 +296,17 @@ menu "LWIP"
menu "TCP" menu "TCP"
config LWIP_TCP_ISN_HOOK
bool "Enable TCP ISN Hook"
default y
help
Enables custom TCP ISN hook to randomize initial sequence
number in TCP connection. This is recommended as default
lwIP implementation (`tcp_next_iss`) is not very strong,
as it does not take into consideration any platform
specific entropy source.
config LWIP_MAX_ACTIVE_TCP config LWIP_MAX_ACTIVE_TCP
int "Maximum active TCP Connections" int "Maximum active TCP Connections"
range 1 1024 range 1 1024

7
components/lwip/component.mk
View file

@ -9,7 +9,8 @@ COMPONENT_ADD_INCLUDEDIRS := \
lwip/src/include \ lwip/src/include \
port/esp32/include \ port/esp32/include \
port/esp32/include/arch \ port/esp32/include/arch \
include_compat include_compat \
port/esp32/tcp_isn
COMPONENT_SRCDIRS := \ COMPONENT_SRCDIRS := \
apps/dhcpserver \ apps/dhcpserver \
@ -30,6 +31,10 @@ ifdef CONFIG_PPP_SUPPORT
COMPONENT_SRCDIRS += lwip/src/netif/ppp lwip/src/netif/ppp/polarssl COMPONENT_SRCDIRS += lwip/src/netif/ppp lwip/src/netif/ppp/polarssl
endif endif
ifdef CONFIG_LWIP_TCP_ISN_HOOK
COMPONENT_SRCDIRS += port/esp32/tcp_isn
endif
CFLAGS += -Wno-address # lots of LWIP source files evaluate macros that check address of stack variables CFLAGS += -Wno-address # lots of LWIP source files evaluate macros that check address of stack variables
ifeq ($(GCC_NOT_5_2_0), 1) ifeq ($(GCC_NOT_5_2_0), 1)

11
components/lwip/port/esp32/include/lwipopts.h
View file

@ -396,6 +396,17 @@
*/ */
#define LWIP_TCP_RTO_TIME CONFIG_LWIP_TCP_RTO_TIME #define LWIP_TCP_RTO_TIME CONFIG_LWIP_TCP_RTO_TIME
/**
* Set TCP hook for Initial Sequence Number (ISN)
*/
#ifdef CONFIG_LWIP_TCP_ISN_HOOK
#include <lwip/arch.h>
struct ip_addr;
u32_t lwip_hook_tcp_isn(const struct ip_addr *local_ip, u16_t local_port,
const struct ip_addr *remote_ip, u16_t remote_port);
#define LWIP_HOOK_TCP_ISN lwip_hook_tcp_isn
#endif
/* /*
---------------------------------- ----------------------------------
---------- Pbuf options ---------- ---------- Pbuf options ----------