diff --git a/components/esp_netif/lwip/esp_netif_lwip.c b/components/esp_netif/lwip/esp_netif_lwip.c index 8a3e2f16ff..84b10d0a10 100644 --- a/components/esp_netif/lwip/esp_netif_lwip.c +++ b/components/esp_netif/lwip/esp_netif_lwip.c @@ -33,8 +33,8 @@ #include "lwip/dns.h" #endif -#if CONFIG_LWIP_TCP_ISN_HOOK -#include "tcp_isn.h" +#if CONFIG_LWIP_HOOK_TCP_ISN_DEFAULT +#include "lwip_default_hooks.h" #endif #include "esp_netif_lwip_ppp.h" @@ -273,7 +273,7 @@ esp_err_t esp_netif_init(void) { if (tcpip_initialized == false) { tcpip_initialized = true; -#if CONFIG_LWIP_TCP_ISN_HOOK +#if CONFIG_LWIP_HOOK_TCP_ISN_DEFAULT uint8_t rand_buf[16]; /* * This is early startup code where WiFi/BT is yet to be enabled and hence diff --git a/components/lwip/CMakeLists.txt b/components/lwip/CMakeLists.txt index 6833d68af5..92ab45a9fd 100644 --- a/components/lwip/CMakeLists.txt +++ b/components/lwip/CMakeLists.txt @@ -4,7 +4,6 @@ set(include_dirs lwip/src/include port/esp32/include port/esp32/include/arch - port/esp32/tcp_isn ) set(srcs @@ -87,6 +86,8 @@ set(srcs "lwip/src/netif/ppp/upap.c" "lwip/src/netif/ppp/utils.c" "lwip/src/netif/ppp/vj.c" + "port/esp32/hooks/tcp_isn_default.c" + "port/esp32/hooks/lwip_default_hooks.c" "port/esp32/debug/lwip_debug.c" "port/esp32/freertos/sys_arch.c" "port/esp32/netif/dhcp_state.c" @@ -136,10 +137,6 @@ else() list(APPEND srcs "port/esp32/no_vfs_syscalls.c") endif() -if(CONFIG_LWIP_TCP_ISN_HOOK) - list(APPEND srcs "port/esp32/tcp_isn/tcp_isn.c") -endif() - idf_component_register(SRCS "${srcs}" INCLUDE_DIRS "${include_dirs}" LDFRAGMENTS linker.lf diff --git a/components/lwip/Kconfig b/components/lwip/Kconfig index 95a1bf61d8..41d9ea6f97 100644 --- a/components/lwip/Kconfig +++ b/components/lwip/Kconfig @@ -327,17 +327,6 @@ menu "LWIP" menu "TCP" - config LWIP_TCP_ISN_HOOK - bool "Enable TCP ISN Hook" - default y - help - Enables custom TCP ISN hook to randomize initial sequence - number in TCP connection. This is recommended as default - lwIP implementation (`tcp_next_iss`) is not very strong, - as it does not take into consideration any platform - specific entropy source. - - config LWIP_MAX_ACTIVE_TCP int "Maximum active TCP Connections" range 1 1024 @@ -750,6 +739,74 @@ menu "LWIP" Enable this option allows lwip to check assert. It is recommended to keep it open, do not close it. + menu "Hooks" + + choice LWIP_HOOK_TCP_ISN + prompt "TCP ISN Hook" + default LWIP_HOOK_TCP_ISN_DEFAULT + help + Enables to define a TCP ISN hook to randomize initial sequence + number in TCP connection. + The default TCP ISN algorithm used in IDF (standardized in RFC 6528) + produces ISN by combining an MD5 of the new TCP id and a stable + secret with the current time. + This is because the lwIP implementation (`tcp_next_iss`) is not + very strong, as it does not take into consideration any platform + specific entropy source. + + Set to LWIP_HOOK_TCP_ISN_CUSTOM to provide custom implementation. + Set to LWIP_HOOK_TCP_ISN_NONE to use lwIP implementation. + + + config LWIP_HOOK_TCP_ISN_NONE + bool "No hook declared" + config LWIP_HOOK_TCP_ISN_DEFAULT + bool "Default implementation" + config LWIP_HOOK_TCP_ISN_CUSTOM + bool "Custom implementation" + + endchoice + + choice LWIP_HOOK_IP6_ROUTE + prompt "IPv6 route Hook" + default LWIP_HOOK_IP6_ROUTE_NONE + help + Enables custom IPv6 route hook. + Setting this to "default" provides weak implementation + stub that could be overwritten in application code. + Setting this to "custom" provides hook's declaration + only and expects the application to implement it. + + config LWIP_HOOK_IP6_ROUTE_NONE + bool "No hook declared" + config LWIP_HOOK_IP6_ROUTE_DEFAULT + bool "Default (weak) implementation" + config LWIP_HOOK_IP6_ROUTE_CUSTOM + bool "Custom implementation" + + endchoice + + choice LWIP_HOOK_NETCONN_EXTERNAL_RESOLVE + prompt "Netconn external resolve Hook" + default LWIP_HOOK_NETCONN_EXT_RESOLVE_NONE + help + Enables custom DNS resolve hook. + Setting this to "default" provides weak implementation + stub that could be overwritten in application code. + Setting this to "custom" provides hook's declaration + only and expects the application to implement it. + + config LWIP_HOOK_NETCONN_EXT_RESOLVE_NONE + bool "No hook declared" + config LWIP_HOOK_NETCONN_EXT_RESOLVE_DEFAULT + bool "Default (weak) implementation" + config LWIP_HOOK_NETCONN_EXT_RESOLVE_CUSTOM + bool "Custom implementation" + + endchoice + + endmenu # Hooks + menu "Debug" config LWIP_NETIF_DEBUG diff --git a/components/lwip/component.mk b/components/lwip/component.mk index 9bcab5d710..6b9ca1df69 100644 --- a/components/lwip/component.mk +++ b/components/lwip/component.mk @@ -8,8 +8,7 @@ COMPONENT_ADD_INCLUDEDIRS := \ include/apps/sntp \ lwip/src/include \ port/esp32/include \ - port/esp32/include/arch \ - port/esp32/tcp_isn + port/esp32/include/arch COMPONENT_SRCDIRS := \ apps/dhcpserver \ @@ -24,6 +23,7 @@ COMPONENT_SRCDIRS := \ lwip/src/netif \ port/esp32 \ port/esp32/freertos \ + port/esp32/hooks \ port/esp32/netif \ port/esp32/debug @@ -40,10 +40,6 @@ ifdef CONFIG_LWIP_PPP_SUPPORT COMPONENT_SRCDIRS += lwip/src/netif/ppp lwip/src/netif/ppp/polarssl endif -ifdef CONFIG_LWIP_TCP_ISN_HOOK - COMPONENT_SRCDIRS += port/esp32/tcp_isn -endif - CFLAGS += -Wno-address # lots of LWIP source files evaluate macros that check address of stack variables lwip/src/netif/ppp/ppp.o: CFLAGS += -Wno-uninitialized diff --git a/components/lwip/port/esp32/hooks/lwip_default_hooks.c b/components/lwip/port/esp32/hooks/lwip_default_hooks.c new file mode 100644 index 0000000000..468f16d5d0 --- /dev/null +++ b/components/lwip/port/esp32/hooks/lwip_default_hooks.c @@ -0,0 +1,40 @@ +// Copyright 2020 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at + +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#include "lwip_default_hooks.h" + +#define __weak __attribute__((weak)) + +#ifdef CONFIG_LWIP_HOOK_IP6_ROUTE_DEFAULT +struct netif *__weak +lwip_hook_ip6_route(const ip6_addr_t *src, const ip6_addr_t *dest) +{ + LWIP_UNUSED_ARG(src); + LWIP_UNUSED_ARG(dest); + + return NULL; +} +#endif + +#ifdef CONFIG_LWIP_HOOK_NETCONN_EXT_RESOLVE_DEFAULT +int __weak lwip_hook_netconn_external_resolve(const char *name, ip_addr_t *addr, u8_t addrtype, err_t *err) +{ + LWIP_UNUSED_ARG(name); + LWIP_UNUSED_ARG(addr); + LWIP_UNUSED_ARG(addrtype); + LWIP_UNUSED_ARG(err); + + return 0; +} +#endif diff --git a/components/lwip/port/esp32/tcp_isn/tcp_isn.c b/components/lwip/port/esp32/hooks/tcp_isn_default.c similarity index 98% rename from components/lwip/port/esp32/tcp_isn/tcp_isn.c rename to components/lwip/port/esp32/hooks/tcp_isn_default.c index 02fd43322c..858bee7de1 100644 --- a/components/lwip/port/esp32/tcp_isn/tcp_isn.c +++ b/components/lwip/port/esp32/hooks/tcp_isn_default.c @@ -70,13 +70,13 @@ * Author: David van Moolenbroek */ -#include "tcp_isn.h" +#include "lwip_default_hooks.h" #include "lwip/ip_addr.h" #include "lwip/sys.h" #include #include "esp_rom_md5.h" -#ifdef LWIP_HOOK_TCP_ISN +#ifdef CONFIG_LWIP_HOOK_TCP_ISN_DEFAULT static u8_t input[64]; static u32_t base_time; diff --git a/components/lwip/port/esp32/include/lwip_default_hooks.h b/components/lwip/port/esp32/include/lwip_default_hooks.h new file mode 100644 index 0000000000..c882ddbd24 --- /dev/null +++ b/components/lwip/port/esp32/include/lwip_default_hooks.h @@ -0,0 +1,51 @@ +// Copyright 2020 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at + +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#ifndef _LWIP_DEFAULT_HOOKS_H_ +#define _LWIP_DEFAULT_HOOKS_H_ +#include "lwip/ip_addr.h" +#include "lwip/arch.h" +#include "lwip/err.h" + +#ifdef __cplusplus +extern "C" { +#endif + +#ifdef CONFIG_LWIP_HOOK_TCP_ISN_DEFAULT +void lwip_init_tcp_isn(u32_t boot_time, const u8_t *secret_16_bytes); +#endif +#if defined(CONFIG_LWIP_HOOK_TCP_ISN_CUSTOM) || defined(CONFIG_LWIP_HOOK_TCP_ISN_DEFAULT) +u32_t lwip_hook_tcp_isn(const ip_addr_t *local_ip, u16_t local_port, + const ip_addr_t *remote_ip, u16_t remote_port); +#define LWIP_HOOK_TCP_ISN lwip_hook_tcp_isn +#endif /* CONFIG_LWIP_HOOK_TCP_ISN... */ + +#if defined(CONFIG_LWIP_HOOK_IP6_ROUTE_CUSTOM) || defined(CONFIG_LWIP_HOOK_IP6_ROUTE_DEFAULT) +struct netif * +lwip_hook_ip6_route(const ip6_addr_t *src, const ip6_addr_t *dest); + +#define LWIP_HOOK_IP6_ROUTE lwip_hook_ip6_route +#endif /* CONFIG_LWIP_HOOK_IP6_ROUTE... */ + +#if defined(CONFIG_LWIP_HOOK_NETCONN_EXT_RESOLVE_CUSTOM) || defined(CONFIG_LWIP_HOOK_NETCONN_EXT_RESOLVE_DEFAULT) +int lwip_hook_netconn_external_resolve(const char *name, ip_addr_t *addr, u8_t addrtype, err_t *err); + +#define LWIP_HOOK_NETCONN_EXTERNAL_RESOLVE lwip_hook_netconn_external_resolve +#endif /* CONFIG_LWIP_HOOK_NETCONN_EXTERNAL_RESOLVE... */ + +#ifdef __cplusplus +} +#endif + +#endif /* _LWIP_DEFAULT_HOOKS_H_ */ diff --git a/components/lwip/port/esp32/include/lwipopts.h b/components/lwip/port/esp32/include/lwipopts.h index 709730afa7..aa20e4ea27 100644 --- a/components/lwip/port/esp32/include/lwipopts.h +++ b/components/lwip/port/esp32/include/lwipopts.h @@ -420,17 +420,6 @@ */ #define LWIP_TCP_RTO_TIME CONFIG_LWIP_TCP_RTO_TIME -/** - * Set TCP hook for Initial Sequence Number (ISN) - */ -#ifdef CONFIG_LWIP_TCP_ISN_HOOK -#include -struct ip_addr; -u32_t lwip_hook_tcp_isn(const struct ip_addr *local_ip, u16_t local_port, - const struct ip_addr *remote_ip, u16_t remote_port); -#define LWIP_HOOK_TCP_ISN lwip_hook_tcp_isn -#endif - /* ---------------------------------- ---------- Pbuf options ---------- @@ -778,7 +767,9 @@ u32_t lwip_hook_tcp_isn(const struct ip_addr *local_ip, u16_t local_port, ---------- Hook options --------------- --------------------------------------- */ +#define LWIP_HOOK_FILENAME "lwip_default_hooks.h" #define LWIP_HOOK_IP4_ROUTE_SRC ip4_route_src_hook + /* --------------------------------------- ---------- Debugging options ---------- diff --git a/components/lwip/port/esp32/tcp_isn/tcp_isn.h b/components/lwip/port/esp32/tcp_isn/tcp_isn.h deleted file mode 100644 index a40c4a1ad6..0000000000 --- a/components/lwip/port/esp32/tcp_isn/tcp_isn.h +++ /dev/null @@ -1,48 +0,0 @@ -/* - * Copyright (c) 2016 The MINIX 3 Project. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * 1. Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * 3. The name of the author may not be used to endorse or promote products - * derived from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED - * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT - * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT - * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING - * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY - * OF SUCH DAMAGE. - * - * Author: David van Moolenbroek - */ - -#ifndef LWIP_TCP_ISN_H -#define LWIP_TCP_ISN_H - -#include "lwip/opt.h" -#include "lwip/ip_addr.h" - -#ifdef __cplusplus -extern "C" { -#endif - -void lwip_init_tcp_isn(u32_t boot_time, const u8_t *secret_16_bytes); -u32_t lwip_hook_tcp_isn(const ip_addr_t *local_ip, u16_t local_port, - const ip_addr_t *remote_ip, u16_t remote_port); - -#ifdef __cplusplus -} -#endif - -#endif /* LWIP_TCP_ISN_H */