David van Moolenbroek 68ec20fffc ipv4/ipv6: restrict loopback-destined traffic
Generally speaking, packets with a loopback destination address -
127.0.0.1 for IPv4 and ::1 for IPv6 - should not be accepted on
non-loopback interfaces.  For IPv4, this is implied by RFC 1122
Sec. 3.2.1.3.  For IPv6, it is mandated by RFC 4291 Sec. 2.5.3.
Failure to perform this filtering may have security implications, as
applications that bind sockets to loopback addresses may not expect
that nodes on the local external network be able to produce traffic
that will arrive at such sockets.

With this patch, lwIP drops packets that are sent to a loopback
address but do not originate from the interface that has the loopback
address assigned to it.  This approach works regardless of whether it
is lwIP or the system using it that implements a loopback netif.  The
only exception that must be made is for configurations that enable
netif packet loopback but disable the lwIP loopback netif: in that
case, loopback packets are routed across non-loopback netifs and would
thus be lost by the new filter as well.

For IPv6, loopback-destined packets are also no longer forwarded; the
IPv4 forwarding code already had a check for that.

As a small performance improvement, the IPv6 link-local/loopback
address check is now performed only once per packet rather than
repeatedly for every candidate netif.
2016-11-22 20:51:36 +01:00
2016-10-23 10:00:54 +02:00
2016-11-10 11:19:51 +01:00
2002-10-20 15:13:14 +00:00
2016-08-03 20:21:54 +02:00
2016-08-14 15:39:58 +02:00

INTRODUCTION

lwIP is a small independent implementation of the TCP/IP protocol
suite that has been developed by Adam Dunkels at the Computer and
Networks Architectures (CNA) lab at the Swedish Institute of Computer
Science (SICS).

The focus of the lwIP TCP/IP implementation is to reduce the RAM usage
while still having a full scale TCP. This making lwIP suitable for use
in embedded systems with tens of kilobytes of free RAM and room for
around 40 kilobytes of code ROM.


FEATURES

  * IP (Internet Protocol, IPv4 and IPv6) including packet forwarding over
    multiple network interfaces
  * ICMP (Internet Control Message Protocol) for network maintenance and debugging
  * IGMP (Internet Group Management Protocol) for multicast traffic management
  * MLD (Multicast listener discovery for IPv6). Aims to be compliant with 
    RFC 2710. No support for MLDv2
  * ND (Neighbor discovery and stateless address autoconfiguration for IPv6).
    Aims to be compliant with RFC 4861 (Neighbor discovery) and RFC 4862
    (Address autoconfiguration)
  * UDP (User Datagram Protocol) including experimental UDP-lite extensions
  * TCP (Transmission Control Protocol) with congestion control, RTT estimation
    and fast recovery/fast retransmit
  * raw/native API for enhanced performance
  * Optional Berkeley-like socket API
  * DNS (Domain names resolver)


APPLICATIONS

  * HTTP server with SSI and CGI
  * SNMPv2c agent with MIB compiler (Simple Network Management Protocol)
  * SNTP (Simple network time protocol)
  * NetBIOS name service responder
  * MDNS (Multicast DNS) responder
  * iPerf server implementation


LICENSE

lwIP is freely available under a BSD license.


DEVELOPMENT

lwIP has grown into an excellent TCP/IP stack for embedded devices,
and developers using the stack often submit bug fixes, improvements,
and additions to the stack to further increase its usefulness.

Development of lwIP is hosted on Savannah, a central point for
software development, maintenance and distribution. Everyone can
help improve lwIP by use of Savannah's interface, Git and the
mailing list. A core team of developers will commit changes to the
Git source tree.

The lwIP TCP/IP stack is maintained in the 'lwip' Git module and
contributions (such as platform ports) are in the 'contrib' Git module.

See doc/savannah.txt for details on Git server access for users and
developers.

The current Git trees are web-browsable:
  http://git.savannah.gnu.org/cgit/lwip.git
  http://git.savannah.gnu.org/cgit/lwip/lwip-contrib.git

Submit patches and bugs via the lwIP project page:
  http://savannah.nongnu.org/projects/lwip/

Continuous integration builds (GCC, clang):
  https://travis-ci.org/yarrick/lwip-merged


DOCUMENTATION

Self documentation of the source code is regularly extracted from the current
Git sources and is available from this web page:
  http://www.nongnu.org/lwip/

There is now a constantly growing wiki about lwIP at
  http://lwip.wikia.com/wiki/LwIP_Wiki

Also, there are mailing lists you can subscribe at
  http://savannah.nongnu.org/mail/?group=lwip
plus searchable archives:
  http://lists.nongnu.org/archive/html/lwip-users/
  http://lists.nongnu.org/archive/html/lwip-devel/

lwIP was originally written by Adam Dunkels:
  http://dunkels.com/adam/

Reading Adam's papers, the files in docs/, browsing the source code
documentation and browsing the mailing list archives is a good way to
become familiar with the design of lwIP.

Adam Dunkels <adam@sics.se>
Leon Woestenberg <leon.woestenberg@gmx.net>
Description
Languages
C 93.5%
C# 5.1%
CMake 0.6%
Makefile 0.5%
HTML 0.1%