Commit Graph

6739 Commits

Author SHA1 Message Date
Simon Goldschmidt
6e7ea92d56 ppp: fix compiling with CCP_SUPPORT=1 but MPPE_SUPPORT=0
Even if that might not make much sense, it still shouldn't
result in compiler warnings.

Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
2020-02-15 20:53:47 +01:00
Paul Mackerras
d281d3e959 PPP, EAP: ignore received EAP messages when not doing EAP
This adds some basic checks to the subroutines of eap_input to check
that we have requested or agreed to doing EAP authentication before
doing any processing on the received packet.  The motivation is to
make it harder for a malicious peer to disrupt the operation of pppd
by sending unsolicited EAP packets.  Note that eap_success() already
has a check that the EAP client state is reasonable, and does nothing
(apart from possibly printing a debug message) if not.

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
Signed-off-by: Sylvain Rochet <gradator@gradator.net> (ported to lwIP PPP pcb struct)
2020-02-10 23:37:33 +01:00
Paul Mackerras
2ee3cbe69c PPP, EAP: fix bounds check in EAP code
Given that we have just checked vallen < len, it can never be the case
that vallen >= len + sizeof(rhostname).  This fixes the check so we
actually avoid overflowing the rhostname array.

Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
Signed-off-by: Sylvain Rochet <gradator@gradator.net> (compiler warning fix about int vs uint comparisons)
2020-02-10 23:37:25 +01:00
Simon Goldschmidt
5e52d1a4b1 win32: fix 2 compiler warning nits in win32 port
Reported-by: Gisle Vanem <gisle.vanem@gmail.com>
2020-02-10 21:55:32 +01:00
Simon Goldschmidt
cc6d5b7a29 ppp: fix compiling eap after changing debug functions 2020-02-06 20:51:02 +01:00
Simon Goldschmidt
d843e47a1d icmp6: keep to the RFC and send as much as possible with icmp6 error messages
See bug 56013

Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
2020-02-05 20:43:25 +01:00
Simon Goldschmidt
4f30e0daff httpd: post example: fix typo in last version
See bug #57742

Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
2020-02-04 22:25:04 +01:00
Gao Qingshui
a9ac18aebb ip6: enable ip6_autoconfig_enabled by default
See bug #56135

Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
2020-02-04 22:23:58 +01:00
Simon Goldschmidt
3034e9fad0 httpd: post example: free pbuf in httpd_post_receive_data
See bug #57742

Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
2020-02-04 22:12:14 +01:00
Simon Goldschmidt
064d816ea1 altcp: fix altcp_tcp_close for LISTEN pcb
See bug #55219

Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
2020-02-03 22:13:07 +01:00
Simon Goldschmidt
84228d4f4b nd6: cache neighbour index for each next hop, not globally
See bug #47792

Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
2020-02-03 21:53:22 +01:00
Simon Goldschmidt
dc41eabf5f nd6: check defines for global tables for validity
Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
2020-02-03 21:49:57 +01:00
Simon Goldschmidt
b3046d938e nd6: use a pointer where appropriate to make the code more readable
Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
2020-02-03 21:33:21 +01:00
Simon Goldschmidt
177bb6ca06 nd6: update addr_hint only if the index has actually changed 2020-02-03 20:57:28 +01:00
Simon Goldschmidt
4c15191b1d snmp: update documentation 2020-02-03 20:35:22 +01:00
Simon Goldschmidt
5de4967f23 ip4: forward: try to fix the build...
... by adding a default case
2020-01-30 23:22:00 +01:00
Simon Goldschmidt
38894637e7 ip4: forward: remove invalid const modifiers
This should fix the build...
2020-01-30 23:13:07 +01:00
Simon Goldschmidt
61c67fc229 ip_forward: fix IPv4 forwarding with multiple netifs/offloading
When we have multiple netifs where at least one has checksum offloading
capabilities, IP forwarding needs to set various checksum fields to 0
to prevent HW algorithms on calculating an invalid checksum.

-> set checksum fields of IP/UDP/TCP/ICMP to 0 in ip4_forward().

See bug #56288

Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
2020-01-30 23:02:16 +01:00
Simon Goldschmidt
695c323164 icmp: add a dedicated struct for the standard ICMP header
This is just to keep the code clean and prevent using the "echo" header
where any ICMP header is meant.

Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
2020-01-30 22:50:25 +01:00
Simon Goldschmidt
75b2db4438 makefsdata: error files must start with "<errnr>." to match HTTP status
This is to prevent files like "4001.jpg" getting HTTP status 400 instead
of 100.

See bug #56290.

Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
2020-01-30 21:22:36 +01:00
Simon Goldschmidt
0f5bf0aa37 httpd: error files must start with "<errnr>." to match HTTP status
This is to prevent files like "4001.jpg" getting HTTP status 400 instead
of 100.

See bug #56290.

Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
2020-01-30 21:22:03 +01:00
Patrick Schlangen
8d7e436a9d Fix select_waiting not being decremented for sockets closed while in lwip_select()
See bug #57445. Short version of the description there: lwip_select() failed
to decrement 'select_waiting' of a socket since that code part failed on
'free_pending' sockets. However, the code does not have to check that as it
has marked the socket to be in use itself earlier.

Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
2020-01-30 21:04:37 +01:00
Simon Goldschmidt
32a72b1a20 sntp: ensure sntp_retry_timeout reaches the configured limit
See bug #57620

Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
2020-01-30 20:47:19 +01:00
Felix Werner
3b2d7e289a Additional Debug-Print in api_msg.c
Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
2020-01-30 20:43:56 +01:00
Simon Goldschmidt
a4b578b483 pbuf: avoid using multiple PBUF_POOL buffers for IPv6
Use 'PBUF_IP_HLEN+PBUF_TRANSPORT_HLEN' instead of '40' to calculate
PBUF_POOL_BUFSIZE (the size of each PBUF_POOL buffer) since the former
can be 60 when IPv6 is enabled.

See bug #56355

Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
2020-01-30 20:42:15 +01:00
Simon Goldschmidt
dae8eb8d6e adapt unit test to new netif ext callback reason 2020-01-13 19:37:59 +01:00
Simon Goldschmidt
d6b5b5222f opt: make LWIP_IPV6_SEND_ROUTER_SOLICIT default to LWIP_IPV6
This ensures struct netif doesn't contain 'rs_count' if LWIP_IPV6
is disabled but LWIP_IPV6_SEND_ROUTER_SOLICIT is at its default.

See bug #56509
2020-01-12 20:34:18 +01:00
Simon Goldschmidt
8a8058a436 netif: add IPV4_ADDR_VALID ext status callback reason
This ext-callback reason is always issued when an IPv4 config
has been set, even if it has not changed (e.g. DHCP reboot)

See bug #55121
2020-01-12 20:30:38 +01:00
Simon Goldschmidt
bb31fbd737 ip6: fix printing rx packet headers
The call to ip6_debug_print needs to be moved before the
next-header parsing code.

See bug #56708
2020-01-10 23:10:49 +01:00
Simon Goldschmidt
bf1285e3c9 ppp: don't link debug functions if disable
This converts all ppp_*() debug functions to ppp_*(()) macros that
ensure the code is left out by the linker if the corresponding debug
setting is disabled.

Downside is that many lines of code are touched, but since these
already differ to upstream PPP sources, I figured that's ok...

See bug #55199

Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
2020-01-10 21:42:45 +01:00
Simon Goldschmidt
827b60c155 debug: split debug enable checks from LWIP_DEBUGF to LWIP_DEBUG_ENABLED
In order to reuse the debug-enable checks for PPP debug macros,
move the flag and level checks from LWIP_DEBUGF to a new macro
that can be used elsewhere.
2020-01-10 20:50:25 +01:00
Simon Goldschmidt
b43f081b9a sockets: ioctl: fix _IO macros for 16 bit platforms
See bug #57565
2020-01-10 20:46:23 +01:00
David Girault
5c2887a241 sntp: remove existing timeout before creating new
This prevents sntp using more than 2 timeouts.
See bug #56431
2020-01-10 20:42:17 +01:00
Axel Lin
555812dcec netif_find: correctly check if atoi means '0' or error
Fixes: 4528215c99 ("netif_find: check if atoi means '0' or error")
Signed-off-by: Axel Lin <axel.lin@ingics.com>
2019-12-12 09:23:11 +08:00
Simon Goldschmidt
f857260e29 fix compiling fuzz test under Linux after merging contrib to main repo 2019-12-11 22:20:14 +01:00
David Girault
2be031e238 altcp_tls: ensure no memory leaks and entropy counter is protected 2019-12-11 21:22:42 +01:00
David Girault
dc7ba26e69 altcp_tls: use ERR_CLSD only for handshake error
This allow better handling of handshake error in application.
2019-12-11 21:22:42 +01:00
David Girault
316dbc792f altcp_tls: call the application sent() callback with usefull len
First calculate and sum TLS overhead when altcp_mbedtls_write() is called.
Then take care of it when calling application sent callback. Give reveived
len from inner_conn, minus calculated overhead.
2019-12-11 21:22:41 +01:00
David Girault
f97dacd014 altcp_tls: support for saving/restoring session information
According to mbedTLS source code and documentation, calls to
`mbedtls_ssl_conf_session_cache` and `mbedtls_ssl_conf_session_tickets_cb`
are only available if mbedTLS is configured for server mode (ie. MBEDTLS_SSL_SRV_C
is defined). This cannot be used on client mode to resume a previous session.

To allow session reuse in client mode, application must save session parameters
(including tickets provided by the server if any) after successfull connection
and restore them before attemting to reconnect. Since `alctp_close()` free the
structure, it cannot be used to store the required information.

So, two new API were added, directly wrapped to mbedTLS functions, allow application
to do that by itself.

Also added full declaration of `struct altcp_tls_session` in altcp_tls.h to allow
easier usage in application when using mbedTLS port.
2019-12-11 21:22:41 +01:00
David Girault
d84a84e5ca altcp_tls_mbedtls: ensure configuration is properly freed 2019-12-11 21:22:41 +01:00
Simon Goldschmidt
44a3f631b3 inet: added missing IN6_IS_ADDR_* macros 2019-12-11 21:11:55 +01:00
Simon Goldschmidt
a9e73bc412 ip6addr_aton: support scoped address strings (via '%')
See task #15393

Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
2019-12-11 20:43:28 +01:00
Simon Goldschmidt
4528215c99 netif_find: check if atoi means '0' or error
Since atoi() returns 0 on error, we need to check if name[2] is '0'.
If it's not, atoi() failed.
2019-12-11 20:42:36 +01:00
Simon Goldschmidt
fbe032d05d mdns: fix clang warning about documentation error 2019-12-11 20:23:14 +01:00
David Girault
4baf17d5b2 mdns: restart probing when IP addresses has changed
Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
2019-12-11 20:13:10 +01:00
David Girault
4ca115a08e mdns: move MDNS_PROBE_DELAY_MS to mdns_opts.h to allow customisation
In some noisy WiFi environment, it may be necessary to increase this value to
300ms to accomodate WiFi latencies which may result in less than the required
250ms between two probe frames received by the Apple BCT application.

Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
2019-12-11 20:13:10 +01:00
David Girault
2441c6fa3f mdns: abort packet analysis if conflict detected
Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
2019-12-11 20:13:10 +01:00
David Girault
6302423d7f mdns: handle tiebreaking loose like conflict
- Count tiebreaking loss in num_conflicts to include them in rate limit detection
- Restart probing using mdns_resp_restart allowing rate limiting for those cases

This ensure rate limiting is well activated during Apple Bonjour Conformance Tests.

Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
2019-12-11 20:13:10 +01:00
David Girault
9301225895 mdns: support for multi-packet known answer (questions with TC bit)
This allow Apple Bonjour Conformance Test to not fail with the following tests:
- DISTRIBUTED DUPLICATE SUPPRESSION
- MULTIPLE QUESTIONS - DISTRIBUTED DUPLICATE SUPPRESSION

Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
2019-12-11 20:13:01 +01:00
David Girault
e85e473838 mdns: remove service TXT record from probe packets
TXT records isn't required to be unique in network, so it shouldn't be
included in probe packets.

Additionnaly, when TXT record is present, the Bonjour Conformance Test
from Apple Inc. always fail because generated probe nevert have TXT record.

Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
2019-12-11 20:12:26 +01:00