mirror of
https://github.com/lwip-tcpip/lwip.git
synced 2024-12-28 18:16:13 +00:00
a8b986bbb6
lwIP produces a TCP Initial Sequence Number (ISN) for each new TCP connection. The current algorithm is simple and predictable however. The result is that lwIP TCP connections may be the target of TCP spoofing attacks. The problem of such attacks is well known, and a recommended ISN generation algorithm is standardized in RFC 6528. This algorithm requires a high-resolution timer and cryptographic hashing function, though. The implementation (or best-effort approximation) of both of these aspects is well beyond the scope of lwIP itself. For that reason, this patch adds LWIP_HOOK_TCP_ISN, a hook that allows each platform to implement its own ISN generation using locally available means. The hook provides full flexibility, in that the hook may generate anything from a simple random number (by being set to LWIP_RAND()) to a full RFC 6528 implementation. Implementation note: Users of the hook would typically declare the function prototype of the hook function in arch/cc.h, as this is the last place where such prototypes can be supplied. However, at that point, the ip_addr_t type has not yet been defined. For that reason, this patch removes the leading underscore from "struct _ip_addr", so that a prototype of the hook function can use "struct ip_addr" instead of "ip_addr_t". Signed-off-by: sg <goldsimon@gmx.de> |
||
|---|---|---|
| .. | ||
| api | ||
| apps | ||
| core | ||
| include | ||
| netif | ||
| Filelists.mk | ||
| FILES | ||