Fixes bug #58553, and the newly added unit test.
The pbuf_take_at loop should probably be made into a pbuf library
function, which would avoid this mistake in the future and provide
a simpler implementation of pbuf_copy.
User application code should be responsible to call netif_set_up() but
let's not break compatibility for now.
Signed-off-by: Sylvain Rochet <gradator@gradator.net>
NETIF_FLAG_UP flag is not supposed to be set by netif init callback
anymore, call netif_set_up() instead.
Sure it would be better to let user application code call netif_set_up()
by itself as it is now meant to be but let's not break compatibility for
now and add a FIXME for next release with allowed behavior break.
Signed-off-by: Sylvain Rochet <gradator@gradator.net>
Building PPP CCP support without adding any compressor support serve
no real use case. Forbid doing so instead of bloating the code with
more ifdef.
Signed-off-by: Sylvain Rochet <gradator@gradator.net>
This reverts commit 6e7ea92d56.
We better forbid building configurations that does not make sense instead
of bloating the code with more ifdef. Here building CCP support without
adding any compressor support serve no real use case.
Fuzz tests need reproducible code, so we need an "unsafe" version of
LWIP_RAND() in this case...
Also, to reproduce fuzz tests cases from Linux on Windows,
LWIP_RAND_FOR_FUZZ_SIMULATE_GLIBC provides the first 20 random numbers that
glibc would have...
Any malicous segment could contain a SYN up to now (no check).
A SYN in the wrong segment could break OOSEQ queueing.
Fix this by allowing SYN only in states where it is required.
See bug #56397: Assert "tcp_receive: ooseq tcplen > rcv_wnd"
Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
This adds some basic checks to the subroutines of eap_input to check
that we have requested or agreed to doing EAP authentication before
doing any processing on the received packet. The motivation is to
make it harder for a malicious peer to disrupt the operation of pppd
by sending unsolicited EAP packets. Note that eap_success() already
has a check that the EAP client state is reasonable, and does nothing
(apart from possibly printing a debug message) if not.
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
Signed-off-by: Sylvain Rochet <gradator@gradator.net> (ported to lwIP PPP pcb struct)
Given that we have just checked vallen < len, it can never be the case
that vallen >= len + sizeof(rhostname). This fixes the check so we
actually avoid overflowing the rhostname array.
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
Signed-off-by: Sylvain Rochet <gradator@gradator.net> (compiler warning fix about int vs uint comparisons)
When we have multiple netifs where at least one has checksum offloading
capabilities, IP forwarding needs to set various checksum fields to 0
to prevent HW algorithms on calculating an invalid checksum.
-> set checksum fields of IP/UDP/TCP/ICMP to 0 in ip4_forward().
See bug #56288
Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
This is just to keep the code clean and prevent using the "echo" header
where any ICMP header is meant.
Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
See bug #57445. Short version of the description there: lwip_select() failed
to decrement 'select_waiting' of a socket since that code part failed on
'free_pending' sockets. However, the code does not have to check that as it
has marked the socket to be in use itself earlier.
Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
Use 'PBUF_IP_HLEN+PBUF_TRANSPORT_HLEN' instead of '40' to calculate
PBUF_POOL_BUFSIZE (the size of each PBUF_POOL buffer) since the former
can be 60 when IPv6 is enabled.
See bug #56355
Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
This converts all ppp_*() debug functions to ppp_*(()) macros that
ensure the code is left out by the linker if the corresponding debug
setting is disabled.
Downside is that many lines of code are touched, but since these
already differ to upstream PPP sources, I figured that's ok...
See bug #55199
Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
In order to reuse the debug-enable checks for PPP debug macros,
move the flag and level checks from LWIP_DEBUGF to a new macro
that can be used elsewhere.
First calculate and sum TLS overhead when altcp_mbedtls_write() is called.
Then take care of it when calling application sent callback. Give reveived
len from inner_conn, minus calculated overhead.
According to mbedTLS source code and documentation, calls to
`mbedtls_ssl_conf_session_cache` and `mbedtls_ssl_conf_session_tickets_cb`
are only available if mbedTLS is configured for server mode (ie. MBEDTLS_SSL_SRV_C
is defined). This cannot be used on client mode to resume a previous session.
To allow session reuse in client mode, application must save session parameters
(including tickets provided by the server if any) after successfull connection
and restore them before attemting to reconnect. Since `alctp_close()` free the
structure, it cannot be used to store the required information.
So, two new API were added, directly wrapped to mbedTLS functions, allow application
to do that by itself.
Also added full declaration of `struct altcp_tls_session` in altcp_tls.h to allow
easier usage in application when using mbedTLS port.
In some noisy WiFi environment, it may be necessary to increase this value to
300ms to accomodate WiFi latencies which may result in less than the required
250ms between two probe frames received by the Apple BCT application.
Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
- Count tiebreaking loss in num_conflicts to include them in rate limit detection
- Restart probing using mdns_resp_restart allowing rate limiting for those cases
This ensure rate limiting is well activated during Apple Bonjour Conformance Tests.
Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
This allow Apple Bonjour Conformance Test to not fail with the following tests:
- DISTRIBUTED DUPLICATE SUPPRESSION
- MULTIPLE QUESTIONS - DISTRIBUTED DUPLICATE SUPPRESSION
Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
TXT records isn't required to be unique in network, so it shouldn't be
included in probe packets.
Additionnaly, when TXT record is present, the Bonjour Conformance Test
from Apple Inc. always fail because generated probe nevert have TXT record.
Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
Called with `MDNS_INITIAL_PROBE_DELAY_MS` or `MDNS_PROBE_DELAY_MS` according to
needs.
When `mdns_resp_restart_delay()` called by `mdns_resp_rename_(netif|service)()`
functions, it is assumed this is because a conflict. So we should not use
`MDNS_INITIAL_PROBE_DELAY_MS` because the Bonjour Conformance Test will
complain like this:
```
START (PROBING)
NOTICE 16:40:09.501911: conflicting probe:
smarTrEMotE-f8d0a4.Local.
ERROR 16:40:09.607288: Device did not provide a sufficient time gap between receiving a conflicting probe and reprobing.
ERROR 16:40:09.607333: expected_time_gap=237,actual_time_gap=105
```
Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
- Send service slot index to the mdns result function. In case of conflict, the user
will have to remove the service or rename it.
- Break after hostname conflict in order to managed it first, and managed service name
conflict after.
- Provide a function to get the TXT userdata for a service (allowing app to match with
its own data).
Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
When more than one service (just 2) need to be probed for conflict, generation
of the probe packet fail because pbuf is too small!
So OUTPACKET_SIZE renamed to MDNS_OUTPUT_PACKET_SIZE and moved to mdns_opts.h
to allow configuration. Default configuration raise it to 1450 to have enough
space when MDNS_MAX_SERVICES > 1 else it remain 512.
Extract from RFC 6762, chapter 17, Multicast DNS Message Size:
The 1987 DNS specification [RFC1035] restricts DNS messages carried
by UDP to no more than 512 bytes (not counting the IP or UDP
headers). For UDP packets carried over the wide-area Internet in
1987, this was appropriate. For link-local multicast packets on
today's networks, there is no reason to retain this restriction.
Given that the packets are by definition link-local, there are no
Path MTU issues to consider.
Multicast DNS messages carried by UDP may be up to the IP MTU of the
physical interface, less the space required for the IP header (20
bytes for IPv4; 40 bytes for IPv6) and the UDP header (8 bytes).
Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
sys_arch_mbox_tryfetch() shall return SYS_MBOX_EMPTY or 0 according
to the documentation. Wherever the function is used the return
value is incorrectly compared to SYS_ARCH_TIMEOUT. For now
SYS_MBOX_EMPTY is defined to SYS_ARCH_TIMEOUT so this is not an
issue as long as SYS_MBOX_EMPTY isn't re-defined.
Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
As written in RFC5227 in 2.1.1 Probe Details:
A host implementing this specification MUST take precautions to limit
the rate at which it probes for new candidate addresses: if the host
experiences MAX_CONFLICTS or more address conflicts on a given
interface, then the host MUST limit the rate at which it probes for
new addresses on this interface to no more than one attempted new
address per RATE_LIMIT_INTERVAL.
But `acd_restart` restart function check for `acd->num_conflicts > MAX_CONFLICTS`
which allow one more probe than expected.
So this commit change the test to `acd->num_conflicts >= MAX_CONFLICTS`.
Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
* Socket functions definitions moved out of the
#define LWIP_SOCKET_EXTERNAL_HEADERS as all users who
set LWIP_SOCKETS to 1 will need them regardless they use
lwip's or external socket headers.
* Include lwip/inet.h in some unit tests and apps
* Since they use htons() and pals.
* test/unit/api/test_sockets.c:
* write() could be declared by external socket headers
* Call lwip_write() instead.
* Code expects fcntl() to return 6
* But O_RDWR could have another value if external
socket headers are present
* Replace 6 by O_RDWR.
* apps/tftp/tftp.c:
* recv() could be declared by external socket headers
* Rename it to tftp_recv()
* Lwip declares msghdr->msg_iovlen as int, but when
using external socket headers, some systems declare
msg_iovlen as size_t or others.
* This patch creates a new type msg_iovlen_t and
expects users to typedef it to the type they need
for their system.
Lwip's struct sockaddr includes sa_len, but some systems
like Linux doesn't have this filed, which produces many
compilation problems when using external headers.
A set of macros has benn added to detect the absence of
sa_len and adapt sockets.c
* LWIP_MARK_TCPIP_THREAD moved to include/lwip/sys.h
* Unix port macro definitions moved to sys_arch.h
* LWIP_MARK_TCPIP_THREAD
* LOCK_TCPIP_CORE
* UNLOCK_TCPIP_CORE
(goldsimon@gmx.de: fixed unix Makefile build and win32 build)
Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
In timeouts.c commit 7d1c26cc0c replaced
timeout for AUTOIP with a timeout for ACD, however the value of
LWIP_NUM_SYS_TIMEOUT_INTERNAL was not updated and still counts
LWIP_AUTOIP instead of LWIP_ACD. If user has AUTOIP disabled (or not
explicitly enabled) and DHCP enabled, then ACD gets automatically
enabled too. In this case there will be one timeout too little for lwIP
and first TCP packet received causes an assertion.
Also add LWIP_IPV6_DHCP6 to the value of LWIP_NUM_SYS_TIMEOUT_INTERNAL,
as it was also not accounted for.
This reuses the member 'int socket' by making it a union containing
both int and void pointer.
See bug #56593.
Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
Suggested-by: Wilfred <wilfrednilsen@hotmail.com>
The err field is removed from struct lwip_sock since commit e0a2472706
("netconn/sockets: remove fatal error handling, fix asynchronous error handling, ensure data before RST can be received")
sock_set_errno() simply calls set_errno() now, so use set_errno() instead.
Signed-off-by: Axel Lin <axel.lin@ingics.com>
Acked-by: Dirk Ziegelmeier <dziegelmeier@de.pepperl-fuchs.com>
If client reception buffer is bigger than the first frame we receive, the first packet test
will always fail for the second one if it is shorter the the diffence between reception
buffer size and first frame length.
For example, if we receive a PUBLISH message with length = 1517 (payload len = 1514 +
header len = 3), this result in total message length of 1517.
altcp_tls will send MQTT client frame up to 1516 bytes max. This result to PUBLISH
message splitted in two frame: first is 1516 bytes, the second of 1 bytes.
If MQTT_VAR_HEADER_BUFFER_LEN is 1520 (1516 + 4 bytes for stored fixed header), the
second frame of 1 bytes is considered as first publish frame because
client->msg_idx (1517) < MQTT_VAR_HEADER_BUFFER_LEN (1520).
This result in disconnection AND application callback never called for the end of the
payload.
The fix will check `(client->msg_idx - (fixed_hdr_len + length)) == 0` which can be
only true for the first frame of a message.
Below logs showing the bug:
```
April 3rd 2019, 23:14:05.459 lwip_dbg mqtt_parse_incoming: Remaining length after fixed header: 1514
April 3rd 2019, 23:14:05.460 lwip_dbg mqtt_parse_incoming: msg_idx: 1516, cpy_len: 1513, remaining 1
April 3rd 2019, 23:14:05.460 lwip_dbg mqtt_incomming_publish: Received message with QoS 1 at topic: v2/inte...
April 3rd 2019, 23:14:05.461 lwip_dbg mqtt_parse_incoming: Remaining length after fixed header: 1514
April 3rd 2019, 23:14:05.461 lwip_dbg mqtt_parse_incoming: msg_idx: 1517, cpy_len: 1, remaining 0
April 3rd 2019, 23:14:05.461 lwip_dbg mqtt_message_received: Received short PUBLISH packet
```
When using the MEMP_MEM_MALLOC option, memp_malloc() can not be relied on to
limit the number of allocations allowed for each MEMP queue, as the ND6 code
had been. This caused the ND6 queue to keep growing until the heap allocation
failed when using the MEMP_MEM_MALLOC option. So add an explicit queue size
check in ND6.
Replace '\n' with '<br>', as this allows doxygen to understand reference
names followed by newline. For some cases just drop the newline if it's
not required.
Doxygen 1.8.15 doesn't like if the name of reference is followed by
anything else than (selected?) punctuation or whitespace.
bug #56004
According to rfc5681:
https://tools.ietf.org/html/rfc5681
Paragraph 3.2. Fast Retransmit/Fast Recovery
The TCP sender SHOULD use the "fast retransmit" algorithm to detect
and repair loss, based on incoming duplicate ACKs. The fast
retransmit algorithm uses the arrival of 3 duplicate ACKs (as defined
in section 2, without any intervening ACKs which move SND.UNA) as an
indication that a segment has been lost. After receiving 3 duplicate
ACKs, TCP performs a retransmission of what appears to be the missing
segment, without waiting for the retransmission timer to expire.
Now consider the following scenario:
Server sends packets to client P0, P1, P2 .. PK.
Client sends packets to server P`0 P`1 ... P`k.
I.e. it is a pipelined conversation. Now lets assume that P1 is lost, Client will
send an empty "duplicate" ack upon receive of P2, P3... In addition client will
also send a new packet with "Client Data", P`0 P`1 .. e.t.c. according to sever receive
window and client congestion window.
Current implementation resets "duplicate" ack count upon receive of packets from client
that holds new data. This in turn prevents server from fast recovery upon 3-duplicate acks
receive.
This is not required as in this case "sender unacknowledged window" is not moving.
Signed-off-by: Solganik Alexander <sashas@lightbitslabs.com>
Two new API:
err_t mdns_search_service(const char *name, const char *service, enum mdns_sd_proto proto,
struct netif *netif, search_result_fn_t result_fn, void *arg,
s8_t *request_id);
void mdns_search_stop(s8_t request_id);
One compilation flags:
LWIP_MDNS_SEARCH
One options flags:
MDNS_MAX_REQUESTS
Some structure declarations moved to allow use by callback result function.
Result domain names are early uncompress before calling application callback
because it cannot be made by application itself.
Allow search services with multiples labels included, like '_services._dns-sd'.
Search for `_services._dns-sd._udp.local.` is handled in a special way.
Only `PTR` answers are send back to the application.
The `mdns_search_service()` function won't assert if no more space in `mdns_request`
table, just return an error if too many simultanous requests.
Apparently the TFTP server now also invokes the error() function in the
tftp_context struct.
Some tftp clients (for example Windows 10 TFTP client) will open the
remote file before checking the local file can be opened - and will then
send an error indication to the server to indicate there was an error
opening the local file. When the happens, the LWIP tftp server will
invoke the error() member of the tftp_context.
This adds support for RFC4075 SNTP server configuration via DHCPv6.
The DHCPv6 options transmitted are now conditional on how LwIP is
configured.
A new SNTP application option SNTP_GET_SERVERS_FROM_DHCPV6 is used
to enable. For simplicity this is configured to use the global
LWIP_DHCP6_GET_NTP_SRV configuration setting.
Tests:
- Check the global options now control the DHCPv6 request sent
in Wireshark
- Check against 0, 1 and 3 SNTP servers configured on an odhcpd
server configured to support RFC 4075 SNTP server lists.
Verify that the SNTP server list is updated on connection
establishment on an ESP8266 WeMOS D1.
- Verify that SNTP packets are sent and recieved from a
configured server and that system time is updated.
Signed-off-by: David J. Fiddes <D.J@fiddes.net>
Use only one entropy/ctr_drbg context for all altcp_tls_config structure allocated.
(Small adjustments before committing: fix coding style, adapt to changes in master)
- client->msg_idx can be > MQTT_VAR_HEADER_BUFFER_LEN in long message splitted in multiple pbufs
- renamed fixed_hdr_idx to fixed_hdr_len because it is length of fixed header in rx_buffer, not an index to it
- removed the cpy_start as data always copied right after the fixed header
Make pppoe_create() actually store the passed service name and
concentrator name, so that they are passed in the PADI/PADR/PADS
packets.
Assume that the user application won't be freeing the strings and just
copy the string pointers, therefore remove the mem_free() in
pppoe_destroy().
Since only the pointers are copied now, make them 'const' in
pppoe_softc.
Signed-off-by: Sylvain Rochet <gradator@gradator.net>
lwip/src/netif/ppp/pppoe.c:768:24: error: pointer targets in passing argument 1 of ‘strlen’ differ in signedness [-Werror=poin$
l1 = (int)strlen(sc->sc_service_name);
lwip/src/netif/ppp/pppoe.c:772:24: error: pointer targets in passing argument 1 of ‘strlen’ differ in signedness [-Werror=poin$
l2 = (int)strlen(sc->sc_concentrator_name);
sc->sc_service_name and sc->sc_concentrator_name are best defined as
char* because there are passed to libc strings functions which expect
a char*.
Signed-off-by: Sylvain Rochet <gradator@gradator.net>
Rename PPPOE_TODO to PPPOE_SCNAME_SUPPORT because this is the only
feature enclosed by them. Prepare for proper service name and
concentrator name support by moving PPPOE_SCNAME_SUPPORT define to
ppp_opts.h.
Signed-off-by: Sylvain Rochet <gradator@gradator.net>