mirror of
https://github.com/lwip-tcpip/lwip.git
synced 2024-11-17 17:10:03 +00:00
removed ETHARP_TRUST_IP_MAC since it is insecure and we don't need it any more after implementing unicast ARP renewal towards arp entry timeout
This commit is contained in:
parent
fc54556d80
commit
d99d91dae9
@ -328,6 +328,10 @@ HISTORY
|
||||
|
||||
++ Bugfixes:
|
||||
|
||||
2016-08-23: Simon Goldschmidt
|
||||
* etharp: removed ETHARP_TRUST_IP_MAC since it is insecure and we don't need
|
||||
it any more after implementing unicast ARP renewal towards arp entry timeout
|
||||
|
||||
2016-07-20: Simon Goldschmidt
|
||||
* memp.h/.c: fixed bug #48442 (memp stats don't work for MEMP_MEM_MALLOC)
|
||||
|
||||
|
@ -616,56 +616,6 @@ etharp_get_entry(u8_t i, ip4_addr_t **ipaddr, struct netif **netif, struct eth_a
|
||||
}
|
||||
}
|
||||
|
||||
#if ETHARP_TRUST_IP_MAC
|
||||
/**
|
||||
* Updates the ARP table using the given IP packet.
|
||||
*
|
||||
* Uses the incoming IP packet's source address to update the
|
||||
* ARP cache for the local network. The function does not alter
|
||||
* or free the packet. This function must be called before the
|
||||
* packet p is passed to the IP layer.
|
||||
*
|
||||
* @param netif The lwIP network interface on which the IP packet pbuf arrived.
|
||||
* @param p The IP packet that arrived on netif.
|
||||
*
|
||||
* @return NULL
|
||||
*
|
||||
* @see pbuf_free()
|
||||
*/
|
||||
void
|
||||
etharp_ip_input(struct netif *netif, struct pbuf *p)
|
||||
{
|
||||
struct eth_hdr *ethhdr;
|
||||
struct ip_hdr *iphdr;
|
||||
ip4_addr_t iphdr_src;
|
||||
LWIP_ERROR("netif != NULL", (netif != NULL), return;);
|
||||
|
||||
/* Only insert an entry if the source IP address of the
|
||||
incoming IP packet comes from a host on the local network. */
|
||||
ethhdr = (struct eth_hdr *)p->payload;
|
||||
iphdr = (struct ip_hdr *)((u8_t*)ethhdr + SIZEOF_ETH_HDR);
|
||||
#if ETHARP_SUPPORT_VLAN
|
||||
if (ethhdr->type == PP_HTONS(ETHTYPE_VLAN)) {
|
||||
iphdr = (struct ip_hdr *)((u8_t*)ethhdr + SIZEOF_ETH_HDR + SIZEOF_VLAN_HDR);
|
||||
}
|
||||
#endif /* ETHARP_SUPPORT_VLAN */
|
||||
|
||||
ip4_addr_copy(iphdr_src, iphdr->src);
|
||||
|
||||
/* source is not on the local network? */
|
||||
if (!ip4_addr_netcmp(&iphdr_src, netif_ip4_addr(netif), netif_ip4_netmask(netif))) {
|
||||
/* do nothing */
|
||||
return;
|
||||
}
|
||||
|
||||
LWIP_DEBUGF(ETHARP_DEBUG | LWIP_DBG_TRACE, ("etharp_ip_input: updating ETHARP table.\n"));
|
||||
/* update the source IP address in the cache, if present */
|
||||
/* @todo We could use ETHARP_FLAG_TRY_HARD if we think we are going to talk
|
||||
* back soon (for example, if the destination IP address is ours. */
|
||||
etharp_update_arp_entry(netif, &iphdr_src, &(ethhdr->src), ETHARP_FLAG_FIND_ONLY);
|
||||
}
|
||||
#endif /* ETHARP_TRUST_IP_MAC */
|
||||
|
||||
/**
|
||||
* Responds to ARP requests to us. Upon ARP replies to us, add entry to cache
|
||||
* send out queued IP packets. Updates cache with snooped address pairs.
|
||||
|
@ -94,7 +94,6 @@ err_t etharp_request(struct netif *netif, const ip4_addr_t *ipaddr);
|
||||
* From RFC 3220 "IP Mobility Support for IPv4" section 4.6. */
|
||||
#define etharp_gratuitous(netif) etharp_request((netif), netif_ip4_addr(netif))
|
||||
void etharp_cleanup_netif(struct netif *netif);
|
||||
void etharp_ip_input(struct netif *netif, struct pbuf *p);
|
||||
|
||||
#if ETHARP_SUPPORT_STATIC_ENTRIES
|
||||
err_t etharp_add_static_entry(const ip4_addr_t *ipaddr, struct eth_addr *ethaddr);
|
||||
|
@ -576,20 +576,6 @@
|
||||
#define ARP_QUEUE_LEN 3
|
||||
#endif
|
||||
|
||||
/**
|
||||
* ETHARP_TRUST_IP_MAC==1: Incoming IP packets cause the ARP table to be
|
||||
* updated with the source MAC and IP addresses supplied in the packet.
|
||||
* You may want to disable this if you do not trust LAN peers to have the
|
||||
* correct addresses, or as a limited approach to attempt to handle
|
||||
* spoofing. If disabled, lwIP will need to make a new ARP request if
|
||||
* the peer is not already in the ARP table, adding a little latency.
|
||||
* The peer *is* in the ARP table if it requested our address before.
|
||||
* Also notice that this slows down input processing of every IP packet!
|
||||
*/
|
||||
#if !defined ETHARP_TRUST_IP_MAC || defined __DOXYGEN__
|
||||
#define ETHARP_TRUST_IP_MAC 0
|
||||
#endif
|
||||
|
||||
/**
|
||||
* ETHARP_SUPPORT_VLAN==1: support receiving and sending ethernet packets with
|
||||
* VLAN header. See the description of LWIP_HOOK_VLAN_CHECK and
|
||||
|
@ -157,10 +157,6 @@ ethernet_input(struct pbuf *p, struct netif *netif)
|
||||
if (!(netif->flags & NETIF_FLAG_ETHARP)) {
|
||||
goto free_and_return;
|
||||
}
|
||||
#if ETHARP_TRUST_IP_MAC
|
||||
/* update ARP table */
|
||||
etharp_ip_input(netif, p);
|
||||
#endif /* ETHARP_TRUST_IP_MAC */
|
||||
/* skip Ethernet header */
|
||||
if ((p->len < ip_hdr_offset) || pbuf_header(p, (s16_t)-ip_hdr_offset)) {
|
||||
LWIP_DEBUGF(ETHARP_DEBUG | LWIP_DBG_TRACE | LWIP_DBG_LEVEL_WARNING,
|
||||
|
Loading…
Reference in New Issue
Block a user