summaryrefslogtreecommitdiff
path: root/contrib/addons
diff options
context:
space:
mode:
authorTom Rini <trini@konsulko.com>2024-10-16 08:10:14 -0600
committerTom Rini <trini@konsulko.com>2024-10-16 08:10:14 -0600
commitf3f86fd1fe0fb288356bff78f8a6fa2edf89e3fc (patch)
treef0a99ea87d92f63895a6d053e3185838ebecf2d0 /contrib/addons
Squashed 'lib/lwip/lwip/' content from commit 0a0452b2c39b
git-subtree-dir: lib/lwip/lwip git-subtree-split: 0a0452b2c39bdd91e252aef045c115f88f6ca773
Diffstat (limited to 'contrib/addons')
-rw-r--r--contrib/addons/dhcp_extra_opts/README5
-rw-r--r--contrib/addons/dhcp_extra_opts/dhcp_extra_opts.c91
-rw-r--r--contrib/addons/dhcp_extra_opts/dhcp_extra_opts.h61
-rw-r--r--contrib/addons/ipv6_static_routing/README43
-rw-r--r--contrib/addons/ipv6_static_routing/ip6_route_table.c248
-rw-r--r--contrib/addons/ipv6_static_routing/ip6_route_table.h94
-rw-r--r--contrib/addons/netconn/external_resolve/dnssd.c164
-rw-r--r--contrib/addons/netconn/external_resolve/dnssd.h50
-rw-r--r--contrib/addons/tcp_isn/tcp_isn.c182
-rw-r--r--contrib/addons/tcp_isn/tcp_isn.h48
-rw-r--r--contrib/addons/tcp_md5/README27
-rw-r--r--contrib/addons/tcp_md5/tcp_md5.c534
-rw-r--r--contrib/addons/tcp_md5/tcp_md5.h84
13 files changed, 1631 insertions, 0 deletions
diff --git a/contrib/addons/dhcp_extra_opts/README b/contrib/addons/dhcp_extra_opts/README
new file mode 100644
index 00000000000..81a7ced5629
--- /dev/null
+++ b/contrib/addons/dhcp_extra_opts/README
@@ -0,0 +1,5 @@
+A simple example of using LWIP_HOOK_DHCP_PARSE/APPEND_OPTION hooks to implement:
+* DHCP_OPTION_MTU (option 26) to update the netif's MTU
+* DHCP_OPTION_CLIENT_ID (option 61) to advertize client's HW id of LWIP_IANA_HWTYPE_ETHERNET type
+
+Please follow the instructions in dhcp_extra_opts.h to add the hooks, definitions in lwipopts.h and enabling the extra options.
diff --git a/contrib/addons/dhcp_extra_opts/dhcp_extra_opts.c b/contrib/addons/dhcp_extra_opts/dhcp_extra_opts.c
new file mode 100644
index 00000000000..3e287bfe37c
--- /dev/null
+++ b/contrib/addons/dhcp_extra_opts/dhcp_extra_opts.c
@@ -0,0 +1,91 @@
+/*
+ * Copyright (c) Espressif Systems (Shanghai) CO LTD
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modification,
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * 3. Neither the name of the copyright holder nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#include <string.h>
+
+#include "lwip/prot/dhcp.h"
+#include "lwip/dhcp.h"
+#include "lwip/netif.h"
+#include "lwip/prot/iana.h"
+
+
+void dhcp_parse_extra_opts(struct dhcp *dhcp, uint8_t state, uint8_t option, uint8_t len, struct pbuf* p, uint16_t offset)
+{
+ LWIP_UNUSED_ARG(dhcp);
+ LWIP_UNUSED_ARG(state);
+ LWIP_UNUSED_ARG(option);
+ LWIP_UNUSED_ARG(len);
+ LWIP_UNUSED_ARG(p);
+ LWIP_UNUSED_ARG(offset);
+#if LWIP_DHCP_ENABLE_MTU_UPDATE
+ if ((option == DHCP_OPTION_MTU) &&
+ (state == DHCP_STATE_REBOOTING || state == DHCP_STATE_REBINDING ||
+ state == DHCP_STATE_RENEWING || state == DHCP_STATE_REQUESTING)) {
+ u32_t mtu = 0;
+ struct netif *netif;
+ LWIP_ERROR("dhcp_parse_extra_opts(): MTU option's len != 2", len == 2, return;);
+ LWIP_ERROR("dhcp_parse_extra_opts(): extracting MTU option failed",
+ pbuf_copy_partial(p, &mtu, 2, offset) == 2, return;);
+ mtu = lwip_htons((u16_t)mtu);
+ NETIF_FOREACH(netif) {
+ /* find the netif related to this dhcp */
+ if (dhcp == netif_dhcp_data(netif)) {
+ if (mtu < netif->mtu) {
+ netif->mtu = mtu;
+ LWIP_DEBUGF(DHCP_DEBUG | LWIP_DBG_TRACE, ("dhcp_parse_extra_opts(): Negotiated netif MTU is %d\n", netif->mtu));
+ }
+ return;
+ }
+ }
+ } /* DHCP_OPTION_MTU */
+#endif /* LWIP_DHCP_ENABLE_MTU_UPDATE */
+}
+
+void dhcp_append_extra_opts(struct netif *netif, uint8_t state, struct dhcp_msg *msg_out, uint16_t *options_out_len)
+{
+ LWIP_UNUSED_ARG(netif);
+ LWIP_UNUSED_ARG(state);
+ LWIP_UNUSED_ARG(msg_out);
+ LWIP_UNUSED_ARG(options_out_len);
+#if LWIP_DHCP_ENABLE_CLIENT_ID
+ if (state == DHCP_STATE_RENEWING || state == DHCP_STATE_REBINDING ||
+ state == DHCP_STATE_REBOOTING || state == DHCP_STATE_OFF ||
+ state == DHCP_STATE_REQUESTING || state == DHCP_STATE_BACKING_OFF || state == DHCP_STATE_SELECTING) {
+ size_t i;
+ u8_t *options = msg_out->options + *options_out_len;
+ LWIP_ERROR("dhcp_append(client_id): options_out_len + 3 + netif->hwaddr_len <= DHCP_OPTIONS_LEN",
+ *options_out_len + 3U + netif->hwaddr_len <= DHCP_OPTIONS_LEN, return;);
+ *options_out_len = *options_out_len + netif->hwaddr_len + 3;
+ *options++ = DHCP_OPTION_CLIENT_ID;
+ *options++ = netif->hwaddr_len + 1; /* option size */
+ *options++ = LWIP_IANA_HWTYPE_ETHERNET;
+ for (i = 0; i < netif->hwaddr_len; i++) {
+ *options++ = netif->hwaddr[i];
+ }
+ }
+#endif /* LWIP_DHCP_ENABLE_CLIENT_ID */
+}
diff --git a/contrib/addons/dhcp_extra_opts/dhcp_extra_opts.h b/contrib/addons/dhcp_extra_opts/dhcp_extra_opts.h
new file mode 100644
index 00000000000..959404d0d18
--- /dev/null
+++ b/contrib/addons/dhcp_extra_opts/dhcp_extra_opts.h
@@ -0,0 +1,61 @@
+/*
+ * Copyright (c) Espressif Systems (Shanghai) CO LTD
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modification,
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * 3. Neither the name of the copyright holder nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * To use these additional DHCP options, make sure this file is included in LWIP_HOOK_FILENAME
+ * and define these hooks:
+ *
+ * #define LWIP_HOOK_DHCP_PARSE_OPTION(netif, dhcp, state, msg, msg_type, option, len, pbuf, offset) \
+ * do { LWIP_UNUSED_ARG(msg); \
+ * dhcp_parse_extra_opts(dhcp, state, option, len, pbuf, offset); \
+ * } while(0)
+ *
+ * #define LWIP_HOOK_DHCP_APPEND_OPTIONS(netif, dhcp, state, msg, msg_type, options_len_ptr) \
+ * dhcp_append_extra_opts(netif, state, msg, options_len_ptr);
+ *
+ * To enable (disable) these option, please set one or both of the below macros to 1 (0)
+ * #define LWIP_DHCP_ENABLE_MTU_UPDATE 1
+ * #define LWIP_DHCP_ENABLE_CLIENT_ID 1
+ */
+
+#ifndef LWIP_HDR_CONTRIB_ADDONS_DHCP_OPTS_H
+#define LWIP_HDR_CONTRIB_ADDONS_DHCP_OPTS_H
+
+/* Add standard integers so the header could be included before lwip */
+#include <stdint.h>
+
+/* Forward declare lwip structs */
+struct dhcp;
+struct pbuf;
+struct dhcp;
+struct netif;
+struct dhcp_msg;
+
+/* Internal hook functions */
+void dhcp_parse_extra_opts(struct dhcp *dhcp, uint8_t state, uint8_t option, uint8_t len, struct pbuf* p, uint16_t offset);
+void dhcp_append_extra_opts(struct netif *netif, uint8_t state, struct dhcp_msg *msg_out, uint16_t *options_out_len);
+
+#endif /* LWIP_HDR_CONTRIB_ADDONS_DHCP_OPTS_H */
diff --git a/contrib/addons/ipv6_static_routing/README b/contrib/addons/ipv6_static_routing/README
new file mode 100644
index 00000000000..0c3b06cc08f
--- /dev/null
+++ b/contrib/addons/ipv6_static_routing/README
@@ -0,0 +1,43 @@
+A simple routing table implementation for addition, deletion and lookup of IPv6 routes. 
+
+APIs are:
+1) s8_t ip6_add_route_entry(struct ip6_prefix *ip6_prefix,
+                            struct netif *netif,
+                            ip6_addr_t *gateway,
+                            s8_t *index);
+
+2) err_t ip6_remove_route_entry(struct ip6_prefix *ip6_prefix);
+
+3) s8_t ip6_find_route_entry(ip6_addr_t *ip6_dest_addr);
+
+4) struct netif *ip6_static_route(ip6_addr_t *src, ip6_addr_t *dest);
+
+5) ip6_addr_t *ip6_get_gateway(struct netif *netif, ip6_addr_t *dest);
+
+6) struct ip6_route_entry *ip6_get_route_table(void);
+
+For route lookup from the table, The LWIP_HOOK_IP6_ROUTE hook in ip6_route(..) of ip6.c
+could be assigned to the ip6_static_route() API of this implementation to return the
+appropriate netif.
+
+-- The application can add routes using the API ip6_add_route_entry(..). 
+   This API adds the ip6 prefix route into the static route table while
+   keeping all entries sorted in decreasing order of prefix length.
+   Subsequently, a linear search down the list can be performed to retrieve a
+   matching route entry for a Longest Prefix Match.
+   The prefix length is expected to be at an 8-bit boundary. While this is 
+   a limitation, it would serve most practical purposes.
+
+-- The application can remove routes using the API ip6_remove_route_entry(..).
+
+-- The application can find a route entry for a specific address using the 
+   ip6_find_route_entry() function which returns the index of the found entry. 
+   This is used internally by the route lookup function ip6_static_route() API.
+
+-- To fetch the gateway IPv6 address for a specific destination IPv6 
+   address and target netif, the application can call ip6_get_gateway(..).
+ This API could be assigned to the LWIP_HOOK_ND6_GET_GW() if a gateway has
+ been added as part of the ip6_add_route_entry().
+
+-- To fetch a pointer to the head of the table, the application can call 
+   ip6_get_route_table().
diff --git a/contrib/addons/ipv6_static_routing/ip6_route_table.c b/contrib/addons/ipv6_static_routing/ip6_route_table.c
new file mode 100644
index 00000000000..a92dd33706d
--- /dev/null
+++ b/contrib/addons/ipv6_static_routing/ip6_route_table.c
@@ -0,0 +1,248 @@
+/**
+ * @file
+ * IPv6 static route table.
+ */
+
+/*
+ * Copyright (c) 2015 Nest Labs, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modification,
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ *
+ * Author: Pradip De <pradipd@google.com>
+ *
+ *
+ * Please coordinate changes and requests with Pradip De
+ * <pradipd@google.com>
+ */
+
+#include "lwip/opt.h"
+
+#if LWIP_IPV6 /* don't build if not configured for use in lwipopts.h */
+
+#include "ip6_route_table.h"
+#include "lwip/def.h"
+#include "lwip/mem.h"
+#include "lwip/netif.h"
+#include "lwip/ip6.h"
+#include "lwip/ip6_addr.h"
+#include "lwip/nd6.h"
+#include "lwip/debug.h"
+#include "lwip/stats.h"
+
+#include "string.h"
+
+static struct ip6_route_entry static_route_table[LWIP_IPV6_NUM_ROUTE_ENTRIES];
+
+/**
+ * Add the ip6 prefix route and target netif into the static route table while
+ * keeping all entries sorted in decreasing order of prefix length.
+ * 1. Search from the last entry up to find the correct slot to insert while
+ * moving entries one position down to create room.
+ * 2. Insert into empty slot created.
+ *
+ * Subsequently, a linear search down the list can be performed to retrieve a
+ * matching route entry for a Longest Prefix Match.
+ *
+ * @param ip6_prefix the route prefix entry to add.
+ * @param netif pointer to target netif.
+ * @param gateway the gateway address to use to send through. Has to be link local.
+ * @param idx return value argument of index where route entry was added in table.
+ * @return ERR_OK if addition was successful.
+ * ERR_MEM if table is already full.
+ * ERR_ARG if passed argument is bad or route already exists in table.
+ */
+err_t
+ip6_add_route_entry(const struct ip6_prefix *ip6_prefix, struct netif *netif, const ip6_addr_t *gateway, s8_t *idx)
+{
+ s8_t i = -1;
+ err_t retval = ERR_OK;
+
+ if (!ip6_prefix_valid(ip6_prefix->prefix_len) || (netif == NULL)) {
+ retval = ERR_ARG;
+ goto exit;
+ }
+
+ /* Check if an entry already exists with matching prefix; If so, replace it. */
+ for (i = 0; i < LWIP_IPV6_NUM_ROUTE_ENTRIES; i++) {
+ if ((ip6_prefix->prefix_len == static_route_table[i].prefix.prefix_len) &&
+ memcmp(&ip6_prefix->addr, &static_route_table[i].prefix.addr,
+ ip6_prefix->prefix_len / 8) == 0) {
+ /* Prefix matches; replace the netif with the one being added. */
+ goto insert;
+ }
+ }
+
+ /* Check if the table is full */
+ if (static_route_table[LWIP_IPV6_NUM_ROUTE_ENTRIES - 1].netif != NULL) {
+ retval = ERR_MEM;
+ goto exit;
+ }
+
+ /* Shift all entries down the table until slot is found */
+ for (i = LWIP_IPV6_NUM_ROUTE_ENTRIES - 1;
+ i > 0 && (ip6_prefix->prefix_len > static_route_table[i - 1].prefix.prefix_len); i--) {
+ SMEMCPY(&static_route_table[i], &static_route_table[i - 1], sizeof(struct ip6_route_entry));
+ }
+
+insert:
+ /* Insert into the slot selected */
+ SMEMCPY(&static_route_table[i].prefix, ip6_prefix, sizeof(struct ip6_prefix));
+ static_route_table[i].netif = netif;
+
+ /* Add gateway to route table */
+ static_route_table[i].gateway = gateway;
+
+ if (idx != NULL) {
+ *idx = i;
+ }
+
+exit:
+ return retval;
+}
+
+/**
+ * Removes the route entry from the static route table.
+ *
+ * @param ip6_prefix the route prefix entry to delete.
+ */
+void
+ip6_remove_route_entry(const struct ip6_prefix *ip6_prefix)
+{
+ int i, pos = -1;
+
+ for (i = 0; i < LWIP_IPV6_NUM_ROUTE_ENTRIES; i++) {
+ /* compare prefix to find position to delete */
+ if (ip6_prefix->prefix_len == static_route_table[i].prefix.prefix_len &&
+ memcmp(&ip6_prefix->addr, &static_route_table[i].prefix.addr,
+ ip6_prefix->prefix_len / 8) == 0) {
+ pos = i;
+ break;
+ }
+ }
+
+ if (pos >= 0) {
+ /* Shift everything beyond pos one slot up */
+ for (i = pos; i < LWIP_IPV6_NUM_ROUTE_ENTRIES - 1; i++) {
+ SMEMCPY(&static_route_table[i], &static_route_table[i+1], sizeof(struct ip6_route_entry));
+ if (static_route_table[i].netif == NULL) {
+ break;
+ }
+ }
+ /* Zero the remaining entries */
+ for (; i < LWIP_IPV6_NUM_ROUTE_ENTRIES; i++) {
+ ip6_addr_set_zero((&static_route_table[i].prefix.addr));
+ static_route_table[i].netif = NULL;
+ }
+ }
+}
+
+/**
+ * Finds the appropriate route entry in the static route table corresponding to the given
+ * destination IPv6 address. Since the entries in the route table are kept sorted in decreasing
+ * order of prefix length, a linear search down the list is performed to retrieve a matching
+ * index.
+ *
+ * @param ip6_dest_addr the destination address to match
+ * @return the idx of the found route entry; -1 if not found.
+ */
+s8_t
+ip6_find_route_entry(const ip6_addr_t *ip6_dest_addr)
+{
+ s8_t i, idx = -1;
+
+ /* Search prefix in the sorted(decreasing order of prefix length) list */
+ for(i = 0; i < LWIP_IPV6_NUM_ROUTE_ENTRIES; i++) {
+ if (memcmp(ip6_dest_addr, &static_route_table[i].prefix.addr,
+ static_route_table[i].prefix.prefix_len / 8) == 0) {
+ idx = i;
+ break;
+ }
+ }
+
+ return idx;
+}
+
+/**
+ * Finds the appropriate network interface for a given IPv6 address from a routing table with
+ * static IPv6 routes.
+ *
+ * @param src the source IPv6 address, if known
+ * @param dest the destination IPv6 address for which to find the route
+ * @return the netif on which to send to reach dest
+ */
+struct netif *
+ip6_static_route(const ip6_addr_t *src, const ip6_addr_t *dest)
+{
+ int i;
+
+ LWIP_UNUSED_ARG(src);
+
+ /* Perform table lookup */
+ i = ip6_find_route_entry(dest);
+
+ if (i >= 0) {
+ return static_route_table[i].netif;
+ } else {
+ return NULL;
+ }
+}
+
+/**
+ * Finds the gateway IP6 address for a given destination IPv6 address and target netif
+ * from a routing table with static IPv6 routes.
+ *
+ * @param netif the netif used for sending
+ * @param dest the destination IPv6 address
+ * @return the ip6 address of the gateway to forward packet to
+ */
+const ip6_addr_t *
+ip6_get_gateway(struct netif *netif, const ip6_addr_t *dest)
+{
+ const ip6_addr_t *ret_gw = NULL;
+ const int i = ip6_find_route_entry(dest);
+
+ LWIP_UNUSED_ARG(netif);
+
+ if (i >= 0) {
+ if (static_route_table[i].gateway != NULL) {
+ ret_gw = static_route_table[i].gateway;
+ }
+ }
+
+ return ret_gw;
+}
+
+/**
+ * Returns the top of the route table.
+ * This should be used for debug printing only.
+ *
+ * @return the top of the route table.
+ */
+const struct ip6_route_entry *
+ip6_get_route_table(void)
+{
+ return static_route_table;
+}
+
+#endif /* LWIP_IPV6 */
diff --git a/contrib/addons/ipv6_static_routing/ip6_route_table.h b/contrib/addons/ipv6_static_routing/ip6_route_table.h
new file mode 100644
index 00000000000..478328e47d7
--- /dev/null
+++ b/contrib/addons/ipv6_static_routing/ip6_route_table.h
@@ -0,0 +1,94 @@
+/**
+ * @file
+ *
+ * IPv6 static route table.
+ */
+
+/*
+ * Copyright (c) 2015 Nest Labs, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modification,
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ *
+ * Author: Pradip De <pradipd@google.com>
+ *
+ *
+ * Please coordinate changes and requests with Pradip De
+ * <pradipd@google.com>
+ */
+
+#ifndef __LWIP_IP6_ROUTE_TABLE_H__
+#define __LWIP_IP6_ROUTE_TABLE_H__
+
+#include "lwip/opt.h"
+
+#if LWIP_IPV6 /* don't build if not configured for use in lwipopts.h */
+
+#include "lwip/ip6_addr.h"
+#include "lwip/err.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct netif;
+
+/**
+ * LWIP_IPV6_NUM_ROUTES: Number of IPV6 routes that can be kept in the static route table.
+ */
+#ifndef LWIP_IPV6_NUM_ROUTE_ENTRIES
+#define LWIP_IPV6_NUM_ROUTE_ENTRIES (8)
+#endif
+
+#define IP6_MAX_PREFIX_LEN (128)
+#define IP6_PREFIX_ALLOWED_GRANULARITY (8)
+/* Prefix length cannot be greater than 128 bits and needs to be at a byte boundary */
+#define ip6_prefix_valid(prefix_len) (((prefix_len) <= IP6_MAX_PREFIX_LEN) && \
+ (((prefix_len) % IP6_PREFIX_ALLOWED_GRANULARITY) == 0))
+
+struct ip6_prefix {
+ ip6_addr_t addr;
+ u8_t prefix_len; /* prefix length in bits at byte boundaries */
+};
+
+struct ip6_route_entry {
+ struct ip6_prefix prefix;
+ struct netif *netif;
+ const ip6_addr_t *gateway;
+};
+
+err_t ip6_add_route_entry(const struct ip6_prefix *ip6_prefix, struct netif *netif,
+ const ip6_addr_t *gateway, s8_t *idx);
+void ip6_remove_route_entry(const struct ip6_prefix *ip6_prefix);
+s8_t ip6_find_route_entry(const ip6_addr_t *ip6_dest_addr);
+struct netif *ip6_static_route(const ip6_addr_t *src, const ip6_addr_t *dest);
+const ip6_addr_t *ip6_get_gateway(struct netif *netif, const ip6_addr_t *dest);
+const struct ip6_route_entry *ip6_get_route_table(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* LWIP_IPV6 */
+
+#endif /* __LWIP_IP6_ROUTE_TABLE_H__ */
diff --git a/contrib/addons/netconn/external_resolve/dnssd.c b/contrib/addons/netconn/external_resolve/dnssd.c
new file mode 100644
index 00000000000..d26743bc65c
--- /dev/null
+++ b/contrib/addons/netconn/external_resolve/dnssd.c
@@ -0,0 +1,164 @@
+/**
+ * @file
+ * DNS-SD APIs used by LWIP_HOOK_NETCONN_EXTERNAL_RESOLVE
+ *
+ * This implementation assumes the DNS-SD API implementation (most likely provided by
+ * mDNSResponder) is implemented in the same process space as LwIP and can directly
+ * invoke the callback for DNSServiceGetAddrInfo. This is the typical deployment in
+ * an embedded environment where as a traditional OS requires pumping the callback results
+ * through an IPC mechanism (see DNSServiceRefSockFD/DNSServiceProcessResult)
+ *
+ * @defgroup dnssd DNS-SD
+ * @ingroup dns
+ */
+
+/*
+ * Copyright (c) 2017 Joel Cunningham, Garmin International, Inc. <joel.cunningham@garmin.com>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modification,
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ *
+ * Author: Joel Cunningham <joel.cunningham@me.com>
+ *
+ */
+#include "lwip/opt.h"
+
+#include "lwip/err.h"
+#include "lwip/inet.h"
+#include "lwip/sockets.h"
+#include "lwip/sys.h"
+
+#include "dnssd.h"
+
+/* External headers */
+#include <string.h>
+#include <dns_sd.h>
+
+/* This timeout should allow for multiple queries.
+mDNSResponder has the following query timeline:
+ Query 1: time = 0s
+ Query 2: time = 1s
+ Query 3: time = 4s
+*/
+#define GETADDR_TIMEOUT_MS 5000
+#define LOCAL_DOMAIN ".local"
+
+/* Only consume .local hosts */
+#ifndef CONSUME_LOCAL_ONLY
+#define CONSUME_LOCAL_ONLY 1
+#endif
+
+struct addr_clbk_msg {
+ sys_sem_t sem;
+ struct sockaddr_storage addr;
+ err_t err;
+};
+
+static void addr_info_callback(DNSServiceRef ref, DNSServiceFlags flags, u32_t interface_index,
+ DNSServiceErrorType error_code, char const* hostname,
+ const struct sockaddr* address, u32_t ttl, void* context);
+
+int
+lwip_dnssd_gethostbyname(const char *name, ip_addr_t *addr, u8_t addrtype, err_t *err)
+{
+ DNSServiceErrorType result;
+ DNSServiceRef ref;
+ struct addr_clbk_msg msg;
+ char *p;
+
+ /* @todo: use with IPv6 */
+ LWIP_UNUSED_ARG(addrtype);
+
+#if CONSUME_LOCAL_ONLY
+ /* check if this is a .local host. If it is, then we consume the query */
+ p = strstr(name, LOCAL_DOMAIN);
+ if (p == NULL) {
+ return 0; /* not consumed */
+ }
+ p += (sizeof(LOCAL_DOMAIN) - 1);
+ /* check to make sure .local isn't a substring (only allow .local\0 or .local.\0) */
+ if ((*p != '.' && *p != '\0') ||
+ (*p == '.' && *(p + 1) != '\0')) {
+ return 0; /* not consumed */
+ }
+#endif /* CONSUME_LOCAL_ONLY */
+
+ msg.err = sys_sem_new(&msg.sem, 0);
+ if (msg.err != ERR_OK) {
+ goto query_done;
+ }
+
+ msg.err = ERR_TIMEOUT;
+ result = DNSServiceGetAddrInfo(&ref, 0, 0, kDNSServiceProtocol_IPv4, name, addr_info_callback, &msg);
+ if (result == kDNSServiceErr_NoError) {
+ sys_arch_sem_wait(&msg.sem, GETADDR_TIMEOUT_MS);
+ DNSServiceRefDeallocate(ref);
+
+ /* We got a response */
+ if (msg.err == ERR_OK) {
+ struct sockaddr_in* addr_in = (struct sockaddr_in *)&msg.addr;
+ if (addr_in->sin_family == AF_INET) {
+ inet_addr_to_ip4addr(ip_2_ip4(addr), &addr_in->sin_addr);
+ } else {
+ /* @todo add IPv6 support */
+ msg.err = ERR_VAL;
+ }
+ }
+ }
+ sys_sem_free(&msg.sem);
+
+/* Query has been consumed and is finished */
+query_done:
+*err = msg.err;
+return 1;
+}
+
+static void
+addr_info_callback(DNSServiceRef ref, DNSServiceFlags flags, u32_t interface_index,
+ DNSServiceErrorType error_code, char const* hostname,
+ const struct sockaddr* address, u32_t ttl, void* context)
+{
+ struct addr_clbk_msg* msg = (struct addr_clbk_msg*)context;
+ struct sockaddr_in* addr_in = (struct sockaddr_in *)address;
+
+ LWIP_UNUSED_ARG(ref);
+ LWIP_UNUSED_ARG(flags);
+ LWIP_UNUSED_ARG(interface_index);
+ LWIP_UNUSED_ARG(hostname);
+ LWIP_UNUSED_ARG(ttl);
+ LWIP_UNUSED_ARG(context);
+
+ if ((error_code == kDNSServiceErr_NoError) &&
+ (addr_in->sin_family == AF_INET)) {
+ MEMCPY(&msg->addr, addr_in, sizeof(*addr_in));
+ msg->err = ERR_OK;
+ }
+ else {
+ /* @todo add IPv6 support */
+ msg->err = ERR_VAL;
+ }
+
+ sys_sem_signal(&msg->sem);
+} /* addr_info_callback() */
diff --git a/contrib/addons/netconn/external_resolve/dnssd.h b/contrib/addons/netconn/external_resolve/dnssd.h
new file mode 100644
index 00000000000..e2d71d93083
--- /dev/null
+++ b/contrib/addons/netconn/external_resolve/dnssd.h
@@ -0,0 +1,50 @@
+/**
+ * @file
+ * DNS-SD APIs used by LWIP_HOOK_NETCONN_EXTERNAL_RESOLVE
+ *
+ * @defgroup dnssd DNS-SD
+ * @ingroup dns
+ */
+
+/*
+ * Copyright (c) 2017 Joel Cunningham, Garmin International, Inc. <joel.cunningham@garmin.com>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modification,
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ *
+ * This file is part of the lwIP TCP/IP stack.
+ *
+ * Author: Joel Cunningham <joel.cunningham@me.com>
+ *
+ */
+#include "lwip/opt.h"
+
+#ifndef LWIP_HDR_DNSSD_H
+#define LWIP_HDR_DNSSD_H
+
+#include "lwip/err.h"
+#include "lwip/ip_addr.h"
+
+int lwip_dnssd_gethostbyname(const char *name, ip_addr_t *addr, u8_t addrtype, err_t *err);
+
+#endif /* LWIP_HDR_DNSSD_H */
diff --git a/contrib/addons/tcp_isn/tcp_isn.c b/contrib/addons/tcp_isn/tcp_isn.c
new file mode 100644
index 00000000000..c1614996381
--- /dev/null
+++ b/contrib/addons/tcp_isn/tcp_isn.c
@@ -0,0 +1,182 @@
+/**
+ * @file
+ *
+ * Reference implementation of the TCP ISN algorithm standardized in RFC 6528.
+ * Produce TCP Initial Sequence Numbers by combining an MD5-generated hash
+ * based on the new TCP connection's identity and a stable secret, with the
+ * current time at 4-microsecond granularity.
+ *
+ * Specifically, the implementation uses MD5 to compute a hash of the input
+ * buffer, which contains both the four-tuple of the new TCP connection (local
+ * and remote IP address and port), as well as a 16-byte secret to make the
+ * results unpredictable to external parties. The secret must be given at
+ * initialization time and should ideally remain the same across system
+ * reboots. To be sure: the spoofing-resistance of the resulting ISN depends
+ * mainly on the strength of the supplied secret!
+ *
+ * The implementation takes 32 bits from the computed hash, and adds to it the
+ * current time, in 4-microsecond units. The current time is computed from a
+ * boot time given at initialization, and the current uptime as provided by
+ * sys_now(). Thus, it assumes that sys_now() returns a time value that is
+ * relative to the boot time, i.e., that it starts at 0 at system boot, and
+ * only ever increases monotonically.
+ *
+ * For efficiency reasons, a single MD5 input buffer is used, and partially
+ * filled in at initialization time. Specifically, of this 64-byte buffer, the
+ * first 36 bytes are used for the four-way TCP tuple data, followed by the
+ * 16-byte secret, followed by 12-byte zero padding. The 64-byte size of the
+ * buffer should achieve the best performance for the actual MD5 computation.
+ *
+ * Basic usage:
+ *
+ * 1. in your lwipopts.h, add the following lines:
+ *
+ * #include <lwip/arch.h>
+ * struct ip_addr;
+ * u32_t lwip_hook_tcp_isn(const struct ip_addr *local_ip, u16_t local_port,
+ * const struct ip_addr *remote_ip, u16_t remote_port);
+ * "#define LWIP_HOOK_TCP_ISN lwip_hook_tcp_isn";
+ *
+ * 2. from your own code, call lwip_init_tcp_isn() at initialization time, with
+ * appropriate parameters.
+ */
+
+/*
+ * Copyright (c) 2016 The MINIX 3 Project.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modification,
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ *
+ * Author: David van Moolenbroek <david@minix3.org>
+ */
+
+#include "tcp_isn.h"
+#include "lwip/ip_addr.h"
+#include "lwip/sys.h"
+#include <string.h>
+
+#ifdef LWIP_HOOK_TCP_ISN
+
+/* pull in md5 of ppp? */
+#include "netif/ppp/ppp_opts.h"
+#if !PPP_SUPPORT || (!LWIP_USE_EXTERNAL_POLARSSL && !LWIP_USE_EXTERNAL_MBEDTLS)
+#undef LWIP_INCLUDED_POLARSSL_MD5
+#define LWIP_INCLUDED_POLARSSL_MD5 1
+#include "netif/ppp/polarssl/md5.h"
+#endif
+
+static u8_t input[64];
+static u32_t base_time;
+
+/**
+ * Initialize the TCP ISN module, with the boot time and a secret.
+ *
+ * @param boot_time Wall clock boot time of the system, in seconds.
+ * @param secret_16_bytes A 16-byte secret used to randomize the TCP ISNs.
+ */
+void
+lwip_init_tcp_isn(u32_t boot_time, const u8_t *secret_16_bytes)
+{
+ /* Initialize the input buffer with the secret and trailing zeroes. */
+ memset(input, 0, sizeof(input));
+
+ MEMCPY(&input[36], secret_16_bytes, 16);
+
+ /* Save the boot time in 4-us units. Overflow is no problem here. */
+ base_time = boot_time * 250000;
+}
+
+/**
+ * Hook to generate an Initial Sequence Number (ISN) for a new TCP connection.
+ *
+ * @param local_ip The local IP address.
+ * @param local_port The local port number, in host-byte order.
+ * @param remote_ip The remote IP address.
+ * @param remote_port The remote port number, in host-byte order.
+ * @return The ISN to use for the new TCP connection.
+ */
+u32_t
+lwip_hook_tcp_isn(const ip_addr_t *local_ip, u16_t local_port,
+ const ip_addr_t *remote_ip, u16_t remote_port)
+{
+ md5_context ctx;
+ u8_t output[16];
+ u32_t isn;
+
+#if LWIP_IPV4 && LWIP_IPV6
+ if (IP_IS_V6(local_ip))
+#endif /* LWIP_IPV4 && LWIP_IPV6 */
+#if LWIP_IPV6
+ {
+ const ip6_addr_t *local_ip6, *remote_ip6;
+
+ local_ip6 = ip_2_ip6(local_ip);
+ remote_ip6 = ip_2_ip6(remote_ip);
+
+ SMEMCPY(&input[0], &local_ip6->addr, 16);
+ SMEMCPY(&input[16], &remote_ip6->addr, 16);
+ }
+#endif /* LWIP_IPV6 */
+#if LWIP_IPV4 && LWIP_IPV6
+ else
+#endif /* LWIP_IPV4 && LWIP_IPV6 */
+#if LWIP_IPV4
+ {
+ const ip4_addr_t *local_ip4, *remote_ip4;
+
+ local_ip4 = ip_2_ip4(local_ip);
+ remote_ip4 = ip_2_ip4(remote_ip);
+
+ /* Represent IPv4 addresses as IPv4-mapped IPv6 addresses, to ensure that
+ * the IPv4 and IPv6 address spaces are completely disjoint. */
+ memset(&input[0], 0, 10);
+ input[10] = 0xff;
+ input[11] = 0xff;
+ SMEMCPY(&input[12], &local_ip4->addr, 4);
+ memset(&input[16], 0, 10);
+ input[26] = 0xff;
+ input[27] = 0xff;
+ SMEMCPY(&input[28], &remote_ip4->addr, 4);
+ }
+#endif /* LWIP_IPV4 */
+
+ input[32] = (u8_t)(local_port >> 8);
+ input[33] = (u8_t)(local_port & 0xff);
+ input[34] = (u8_t)(remote_port >> 8);
+ input[35] = (u8_t)(remote_port & 0xff);
+
+ /* The secret and padding are already filled in. */
+
+ /* Generate the hash, using MD5. */
+ md5_starts(&ctx);
+ md5_update(&ctx, input, sizeof(input));
+ md5_finish(&ctx, output);
+
+ /* Arbitrarily take the first 32 bits from the generated hash. */
+ MEMCPY(&isn, output, sizeof(isn));
+
+ /* Add the current time in 4-microsecond units. */
+ return isn + base_time + sys_now() * 250;
+}
+
+#endif /* LWIP_HOOK_TCP_ISN */
diff --git a/contrib/addons/tcp_isn/tcp_isn.h b/contrib/addons/tcp_isn/tcp_isn.h
new file mode 100644
index 00000000000..ebaeca24729
--- /dev/null
+++ b/contrib/addons/tcp_isn/tcp_isn.h
@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 2016 The MINIX 3 Project.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modification,
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ *
+ * Author: David van Moolenbroek <david@minix3.org>
+ */
+
+#ifndef LWIP_HDR_CONTRIB_ADDONS_TCP_ISN_H
+#define LWIP_HDR_CONTRIB_ADDONS_TCP_ISN_H
+
+#include "lwip/opt.h"
+#include "lwip/ip_addr.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+void lwip_init_tcp_isn(u32_t boot_time, const u8_t *secret_16_bytes);
+u32_t lwip_hook_tcp_isn(const ip_addr_t *local_ip, u16_t local_port,
+ const ip_addr_t *remote_ip, u16_t remote_port);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* LWIP_HDR_CONTRIB_ADDONS_TCP_ISN_H */
diff --git a/contrib/addons/tcp_md5/README b/contrib/addons/tcp_md5/README
new file mode 100644
index 00000000000..a6408ca2c20
--- /dev/null
+++ b/contrib/addons/tcp_md5/README
@@ -0,0 +1,27 @@
+This folder provides an example implementation of how to add custom tcp header
+options and custom socket options.
+
+It does this by implementing the (seldom used) tcp md5 signature.
+
+To enable it, add an LWIP_HOOK_FILENAME hook file, include tcp_md5.h in it and
+define these hooks:
+
+ #define LWIP_HOOK_TCP_INPACKET_PCB(pcb, hdr, optlen, opt1len, opt2, p) tcp_md5_check_inpacket(pcb, hdr, optlen, opt1len, opt2, p)
+ #define LWIP_HOOK_TCP_OPT_LENGTH_SEGMENT(pcb, internal_len) tcp_md5_get_additional_option_length(pcb, internal_len)
+ #define LWIP_HOOK_TCP_ADD_TX_OPTIONS(p, hdr, pcb, opts) tcp_md5_add_tx_options(p, hdr, pcb, opts)
+ #define LWIP_HOOK_SOCKETS_SETSOCKOPT(s, sock, level, optname, optval, optlen, err) tcp_md5_setsockopt_hook(sock, level, optname, optval, optlen, err)
+
+Then, in your sockets application, enable md5 signature on a socket like this:
+
+ struct tcp_md5sig md5;
+ struct sockaddr_storage addr_remote; /* Initialize this to remote address and port */
+ memcpy(&md5.tcpm_addr, &addr_remote, sizeof(addr_remote));
+ strcpy(md5.tcpm_key, key); /* this is the md5 key per connection */
+ md5.tcpm_keylen = strlen(key);
+ if ((ret = setsockopt(sockfd, IPPROTO_TCP, TCP_MD5SIG, &md5, sizeof(md5))) < 0) {
+ perror("setsockopt TCP_MD5SIG");
+ return;
+ }
+
+After that, your connection (client) or all incoming connections (server) require
+tcp md5 signatures.
diff --git a/contrib/addons/tcp_md5/tcp_md5.c b/contrib/addons/tcp_md5/tcp_md5.c
new file mode 100644
index 00000000000..e7815d8f19c
--- /dev/null
+++ b/contrib/addons/tcp_md5/tcp_md5.c
@@ -0,0 +1,534 @@
+/**
+ * @file: An implementation of TCP MD5 signatures by using various hooks in
+ * lwIP to implement custom tcp options and custom socket options.
+ */
+
+/*
+ * Copyright (c) 2018 Simon Goldschmidt
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modification,
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ *
+ * Author: Simon Goldschmidt <goldsimon@gmx.de>
+ */
+
+#include "tcp_md5.h"
+#include "lwip/ip_addr.h"
+#include "lwip/sys.h"
+#include "lwip/prot/tcp.h"
+#include "lwip/priv/tcp_priv.h"
+#include "lwip/sockets.h"
+#include "lwip/priv/sockets_priv.h"
+#include "lwip/api.h"
+#include <string.h>
+
+/* pull in md5 of ppp? */
+#include "netif/ppp/ppp_opts.h"
+#if !PPP_SUPPORT || (!LWIP_USE_EXTERNAL_POLARSSL && !LWIP_USE_EXTERNAL_MBEDTLS)
+#undef LWIP_INCLUDED_POLARSSL_MD5
+#define LWIP_INCLUDED_POLARSSL_MD5 1
+#include "netif/ppp/polarssl/md5.h"
+#endif
+
+#if !LWIP_TCP_PCB_NUM_EXT_ARGS
+#error tcp_md5 needs LWIP_TCP_PCB_NUM_EXT_ARGS
+#endif
+
+#define LWIP_TCP_OPT_MD5 19 /* number of the md5 option */
+#define LWIP_TCP_OPT_LEN_MD5 18 /* length of the md5 option */
+#define LWIP_TCP_OPT_LEN_MD5_OUT 20 /* 18 + alignment */
+
+#define LWIP_TCP_MD5_DIGEST_LEN 16
+
+/* This keeps the md5 state internally */
+struct tcp_md5_conn_info {
+ struct tcp_md5_conn_info *next;
+ ip_addr_t remote_addr;
+ u16_t remote_port;
+ u8_t key[TCP_MD5SIG_MAXKEYLEN];
+ u16_t key_len;
+};
+
+/* Callback function prototypes: */
+static void tcp_md5_extarg_destroy(u8_t id, void *data);
+static err_t tcp_md5_extarg_passive_open(u8_t id, struct tcp_pcb_listen *lpcb, struct tcp_pcb *cpcb);
+/* Define our tcp ext arg callback structure: */
+const struct tcp_ext_arg_callbacks tcp_md5_ext_arg_callbacks = {
+ tcp_md5_extarg_destroy,
+ tcp_md5_extarg_passive_open
+};
+
+static u8_t tcp_md5_extarg_id = LWIP_TCP_PCB_NUM_EXT_ARG_ID_INVALID;
+static u8_t tcp_md5_opts_buf[40];
+
+/** Initialize this module (allocates a tcp ext arg id) */
+void
+tcp_md5_init(void)
+{
+ tcp_md5_extarg_id = tcp_ext_arg_alloc_id();
+}
+
+/* Create a conn-info structure that holds the md5 state per connection */
+static struct tcp_md5_conn_info *
+tcp_md5_conn_info_alloc(void)
+{
+ return (struct tcp_md5_conn_info *)mem_malloc(sizeof(struct tcp_md5_conn_info));
+}
+
+/* Frees a conn-info structure that holds the md5 state per connection */
+static void
+tcp_md5_conn_info_free(struct tcp_md5_conn_info *info)
+{
+ mem_free(info);
+}
+
+/* A pcb is about to be destroyed. Free its extdata */
+static void
+tcp_md5_extarg_destroy(u8_t id, void *data)
+{
+ struct tcp_md5_conn_info *iter;
+
+ LWIP_ASSERT("tcp_md5_extarg_id != LWIP_TCP_PCB_NUM_EXT_ARG_ID_INVALID",
+ tcp_md5_extarg_id != LWIP_TCP_PCB_NUM_EXT_ARG_ID_INVALID);
+ LWIP_ASSERT("id == tcp_md5_extarg_id", id == tcp_md5_extarg_id);
+ LWIP_UNUSED_ARG(id);
+
+ iter = (struct tcp_md5_conn_info *)data;
+ while (iter != NULL) {
+ struct tcp_md5_conn_info *info = iter;
+ iter = iter->next;
+ tcp_md5_conn_info_free(info);
+ }
+}
+
+/* Try to find an md5 connection info for the specified remote connection */
+static struct tcp_md5_conn_info *
+tcp_md5_get_info(const struct tcp_pcb *pcb, const ip_addr_t *remote_ip, u16_t remote_port)
+{
+ if (pcb != NULL) {
+ struct tcp_md5_conn_info *info = (struct tcp_md5_conn_info *)tcp_ext_arg_get(pcb, tcp_md5_extarg_id);
+ while (info != NULL) {
+ if (ip_addr_eq(&info->remote_addr, remote_ip)) {
+ if (info->remote_port == remote_port) {
+ return info;
+ }
+ }
+ info = info->next;
+ }
+ }
+ return NULL;
+}
+
+/* Passive open: copy md5 connection info from listen pcb to connection pcb
+ * or return error (connection will be closed)
+ */
+static err_t
+tcp_md5_extarg_passive_open(u8_t id, struct tcp_pcb_listen *lpcb, struct tcp_pcb *cpcb)
+{
+ struct tcp_md5_conn_info *iter;
+
+ LWIP_ASSERT("lpcb != NULL", lpcb != NULL);
+ LWIP_ASSERT("cpcb != NULL", cpcb != NULL);
+ LWIP_ASSERT("tcp_md5_extarg_id != LWIP_TCP_PCB_NUM_EXT_ARG_ID_INVALID",
+ tcp_md5_extarg_id != LWIP_TCP_PCB_NUM_EXT_ARG_ID_INVALID);
+ LWIP_ASSERT("id == tcp_md5_extarg_id", id == tcp_md5_extarg_id);
+ LWIP_UNUSED_ARG(id);
+
+ iter = (struct tcp_md5_conn_info *)tcp_ext_arg_get((struct tcp_pcb *)lpcb, id);
+ while (iter != NULL) {
+ if (iter->remote_port == cpcb->remote_port) {
+ if (ip_addr_eq(&iter->remote_addr, &cpcb->remote_ip)) {
+ struct tcp_md5_conn_info *info = tcp_md5_conn_info_alloc();
+ if (info != NULL) {
+ memcpy(info, iter, sizeof(struct tcp_md5_conn_info));
+ tcp_ext_arg_set(cpcb, id, info);
+ tcp_ext_arg_set_callbacks(cpcb, id, &tcp_md5_ext_arg_callbacks);
+ return ERR_OK;
+ } else {
+ return ERR_MEM;
+ }
+ }
+ }
+ iter = iter->next;
+ }
+ /* remote connection not found */
+ return ERR_VAL;
+}
+
+/* Parse tcp header options and return 1 if an md5 signature option was found */
+static int
+tcp_md5_parseopt(const u8_t *opts, u16_t optlen, u8_t *md5_digest_out)
+{
+ u8_t data;
+ u16_t optidx;
+
+ /* Parse the TCP MSS option, if present. */
+ if (optlen != 0) {
+ for (optidx = 0; optidx < optlen; ) {
+ u8_t opt = opts[optidx++];
+ switch (opt) {
+ case LWIP_TCP_OPT_EOL:
+ /* End of options. */
+ LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: EOL\n"));
+ return 0;
+ case LWIP_TCP_OPT_NOP:
+ /* NOP option. */
+ LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: NOP\n"));
+ break;
+ case LWIP_TCP_OPT_MD5:
+ LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: MD5\n"));
+ if (opts[optidx++] != LWIP_TCP_OPT_LEN_MD5 || (optidx - 2 + LWIP_TCP_OPT_LEN_MD5) > optlen) {
+ /* Bad length */
+ LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: bad length\n"));
+ return 0;
+ }
+ /* An MD5 option with the right option length. */
+ memcpy(md5_digest_out, &opts[optidx], LWIP_TCP_MD5_DIGEST_LEN);
+ /* no need to process the options further */
+ return 1;
+ break;
+ default:
+ LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: other\n"));
+ data = opts[optidx++];
+ if (data < 2) {
+ LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: bad length\n"));
+ /* If the length field is zero, the options are malformed
+ and we don't process them further. */
+ return 0;
+ }
+ /* All other options have a length field, so that we easily
+ can skip past them. */
+ optidx += data - 2;
+ }
+ }
+ }
+ return 0;
+}
+
+/* Get tcp options into contiguous memory. May be required if input pbufs
+ * are chained.
+ */
+static const u8_t*
+tcp_md5_options_singlebuf(struct tcp_hdr *hdr, u16_t optlen, u16_t opt1len, u8_t *opt2)
+{
+ const u8_t *opts;
+ LWIP_ASSERT("hdr != NULL", hdr != NULL);
+ LWIP_ASSERT("optlen >= opt1len", optlen >= opt1len);
+ opts = (const u8_t *)hdr + TCP_HLEN;
+ if (optlen == opt1len) {
+ /* arleady in one piece */
+ return opts;
+ }
+ if (optlen > sizeof(tcp_md5_opts_buf)) {
+ /* options too long */
+ return NULL;
+ }
+ LWIP_ASSERT("opt2 != NULL", opt2 != NULL);
+ /* copy first part */
+ memcpy(tcp_md5_opts_buf, opts, opt1len);
+ /* copy second part */
+ memcpy(&tcp_md5_opts_buf[opt1len], opt2, optlen - opt1len);
+ return tcp_md5_opts_buf;
+}
+
+/* Create the md5 digest for a given segment */
+static int
+tcp_md5_create_digest(const ip_addr_t *ip_src, const ip_addr_t *ip_dst, const struct tcp_hdr *hdr,
+ const u8_t *key, size_t key_len, u8_t *digest_out, struct pbuf *p)
+{
+ md5_context ctx;
+ u8_t tmp8;
+ u16_t tmp16;
+ const size_t addr_len = IP_ADDR_RAW_SIZE(*ip_src);
+
+ if (p != NULL) {
+ LWIP_ASSERT("pbuf must not point to tcp header here!", (const void *)hdr != p->payload);
+ }
+
+ /* Generate the hash, using MD5. */
+ md5_starts(&ctx);
+ /* 1. the TCP pseudo-header (in the order: source IP address,
+ destination IP address, zero-padded protocol number, and
+ segment length) */
+ md5_update(&ctx, (const unsigned char*)ip_src, addr_len);
+ md5_update(&ctx, (const unsigned char*)ip_dst, addr_len);
+ tmp8 = 0; /* zero-padded */
+ md5_update(&ctx, &tmp8, 1);
+ tmp8 = IP_PROTO_TCP;
+ md5_update(&ctx, &tmp8, 1);
+ tmp16 = lwip_htons(TCPH_HDRLEN_BYTES(hdr) + (p ? p->tot_len : 0));
+ md5_update(&ctx, (const unsigned char*)&tmp16, 2);
+ /* 2. the TCP header, excluding options, and assuming a checksum of
+ zero */
+ md5_update(&ctx, (const unsigned char*)hdr, sizeof(struct tcp_hdr));
+ /* 3. the TCP segment data (if any) */
+ if ((p != NULL) && (p->tot_len != 0)) {
+ struct pbuf *q;
+ for (q = p; q != NULL; q = q->next) {
+ md5_update(&ctx, (const unsigned char*)q->payload, q->len);
+ }
+ }
+ /* 4. an independently-specified key or password, known to both TCPs
+ and presumably connection-specific */
+ md5_update(&ctx, key, key_len);
+
+ md5_finish(&ctx, digest_out);
+ return 1;
+}
+
+/* Duplicate a tcp header and make sure the fields are in network byte order */
+static void
+tcp_md5_dup_tcphdr(struct tcp_hdr *tcphdr_copy, const struct tcp_hdr *tcphdr_in, int tcphdr_in_is_host_order)
+{
+ memcpy(tcphdr_copy, tcphdr_in, sizeof(struct tcp_hdr));
+ tcphdr_copy->chksum = 0; /* checksum is zero for the pseudo header */
+ if (tcphdr_in_is_host_order) {
+ /* lwIP writes the TCP header values back to the buffer, we need to invert that here: */
+ tcphdr_copy->src = lwip_htons(tcphdr_copy->src);
+ tcphdr_copy->dest = lwip_htons(tcphdr_copy->dest);
+ tcphdr_copy->seqno = lwip_htonl(tcphdr_copy->seqno);
+ tcphdr_copy->ackno = lwip_htonl(tcphdr_copy->ackno);
+ tcphdr_copy->wnd = lwip_htons(tcphdr_copy->wnd);
+ tcphdr_copy->urgp = lwip_htons(tcphdr_copy->urgp);
+ }
+}
+
+/* Check if md5 is enabled on a given pcb */
+static int
+tcp_md5_is_enabled_on_pcb(const struct tcp_pcb *pcb)
+{
+ if (tcp_md5_extarg_id != LWIP_TCP_PCB_NUM_EXT_ARG_ID_INVALID) {
+ struct tcp_md5_conn_info *info = (struct tcp_md5_conn_info *)tcp_ext_arg_get(pcb, tcp_md5_extarg_id);
+ if (info != NULL) {
+ return 1;
+ }
+ }
+ return 0;
+}
+
+/* Check if md5 is enabled on a given listen pcb */
+static int
+tcp_md5_is_enabled_on_lpcb(const struct tcp_pcb_listen *lpcb)
+{
+ /* same as for connection pcbs */
+ return tcp_md5_is_enabled_on_pcb((const struct tcp_pcb *)lpcb);
+}
+
+/* Hook implementation for LWIP_HOOK_TCP_OPT_LENGTH_SEGMENT */
+u8_t
+tcp_md5_get_additional_option_length(const struct tcp_pcb *pcb, u8_t internal_option_length)
+{
+ if ((pcb != NULL) && tcp_md5_is_enabled_on_pcb(pcb)) {
+ u8_t new_option_length = internal_option_length + LWIP_TCP_OPT_LEN_MD5_OUT;
+ LWIP_ASSERT("overflow", new_option_length > internal_option_length);
+ LWIP_ASSERT("options too long", new_option_length <= TCP_MAX_OPTION_BYTES);
+ return new_option_length;
+ }
+ return internal_option_length;
+}
+
+/* Hook implementation for LWIP_HOOK_TCP_INPACKET_PCB when called for listen pcbs */
+static err_t
+tcp_md5_check_listen(struct tcp_pcb_listen* lpcb, struct tcp_hdr *hdr, u16_t optlen, u16_t opt1len, u8_t *opt2)
+{
+ LWIP_ASSERT("lpcb != NULL", lpcb != NULL);
+
+ if (tcp_md5_is_enabled_on_lpcb(lpcb)) {
+ const u8_t *opts;
+ u8_t digest_received[LWIP_TCP_MD5_DIGEST_LEN];
+ u8_t digest_calculated[LWIP_TCP_MD5_DIGEST_LEN];
+ const struct tcp_md5_conn_info *info = tcp_md5_get_info((struct tcp_pcb *)lpcb, ip_current_src_addr(), hdr->src);
+ if (info != NULL) {
+ opts = tcp_md5_options_singlebuf(hdr, optlen, opt1len, opt2);
+ if (opts != NULL) {
+ if (tcp_md5_parseopt(opts, optlen, digest_received)) {
+ struct tcp_hdr tcphdr_copy;
+ tcp_md5_dup_tcphdr(&tcphdr_copy, hdr, 1);
+ if (tcp_md5_create_digest(ip_current_src_addr(), ip_current_dest_addr(), &tcphdr_copy, info->key, info->key_len, digest_calculated, NULL)) {
+ /* everything set up, compare the digests */
+ if (!memcmp(digest_received, digest_calculated, LWIP_TCP_MD5_DIGEST_LEN)) {
+ /* equal */
+ return ERR_OK;
+ }
+ /* not equal */
+ }
+ }
+ }
+ }
+ /* md5 enabled on this pcb but no match or other error -> fail */
+ return ERR_VAL;
+ }
+ return ERR_OK;
+}
+
+/* Hook implementation for LWIP_HOOK_TCP_INPACKET_PCB */
+err_t
+tcp_md5_check_inpacket(struct tcp_pcb* pcb, struct tcp_hdr *hdr, u16_t optlen, u16_t opt1len, u8_t *opt2, struct pbuf *p)
+{
+ LWIP_ASSERT("pcb != NULL", pcb != NULL);
+
+ if (pcb->state == LISTEN) {
+ return tcp_md5_check_listen((struct tcp_pcb_listen *)pcb, hdr, optlen, opt1len, opt2);
+ }
+
+ if (tcp_md5_is_enabled_on_pcb(pcb)) {
+ const struct tcp_md5_conn_info *info = tcp_md5_get_info(pcb, ip_current_src_addr(), hdr->src);
+ if (info != NULL) {
+ const u8_t *opts;
+ u8_t digest_received[LWIP_TCP_MD5_DIGEST_LEN];
+ u8_t digest_calculated[LWIP_TCP_MD5_DIGEST_LEN];
+ opts = tcp_md5_options_singlebuf(hdr, optlen, opt1len, opt2);
+ if (opts != NULL) {
+ if (tcp_md5_parseopt(opts, optlen, digest_received)) {
+ struct tcp_hdr hdr_copy;
+ tcp_md5_dup_tcphdr(&hdr_copy, hdr, 1);
+ if (tcp_md5_create_digest(&pcb->remote_ip, &pcb->local_ip, &hdr_copy, info->key, info->key_len, digest_calculated, p)) {
+ /* everything set up, compare the digests */
+ if (!memcmp(digest_received, digest_calculated, LWIP_TCP_MD5_DIGEST_LEN)) {
+ /* equal */
+ return ERR_OK;
+ }
+ /* not equal */
+ }
+ }
+ }
+ }
+ /* md5 enabled on this pcb but no match or other error -> fail */
+ return ERR_VAL;
+ }
+ return ERR_OK;
+}
+
+/* Hook implementation for LWIP_HOOK_TCP_ADD_TX_OPTIONS */
+u32_t *
+tcp_md5_add_tx_options(struct pbuf *p, struct tcp_hdr *hdr, const struct tcp_pcb *pcb, u32_t *opts)
+{
+ LWIP_ASSERT("p != NULL", p != NULL);
+ LWIP_ASSERT("hdr != NULL", hdr != NULL);
+ LWIP_ASSERT("pcb != NULL", pcb != NULL);
+ LWIP_ASSERT("opts != NULL", opts != NULL);
+
+ if (tcp_md5_is_enabled_on_pcb(pcb)) {
+ u8_t digest_calculated[LWIP_TCP_MD5_DIGEST_LEN];
+ u32_t *opts_ret = opts + 5; /* we use 20 bytes: 2 bytes padding + 18 bytes for this option */
+ u8_t *ptr = (u8_t*)opts;
+
+ const struct tcp_md5_conn_info *info = tcp_md5_get_info(pcb, &pcb->remote_ip, pcb->remote_port);
+ if (info != NULL) {
+ struct tcp_hdr hdr_copy;
+ size_t hdrsize = TCPH_HDRLEN_BYTES(hdr);
+ tcp_md5_dup_tcphdr(&hdr_copy, hdr, 0);
+ /* p->payload points to the tcp header */
+ LWIP_ASSERT("p->payload == hdr", p->payload == hdr);
+ if (!pbuf_remove_header(p, hdrsize)) {
+ u8_t ret;
+ if (!tcp_md5_create_digest(&pcb->local_ip, &pcb->remote_ip, &hdr_copy, info->key, info->key_len, digest_calculated, p)) {
+ info = NULL;
+ }
+ ret = pbuf_add_header_force(p, hdrsize);
+ LWIP_ASSERT("tcp_md5_add_tx_options: pbuf_add_header_force failed", !ret);
+ LWIP_UNUSED_ARG(ret);
+ } else {
+ LWIP_ASSERT("error", 0);
+ }
+ }
+ if (info == NULL) {
+ /* create an invalid signature by zeroing the digest */
+ memset(&digest_calculated, 0, sizeof(digest_calculated));
+ }
+
+ *ptr++ = LWIP_TCP_OPT_NOP;
+ *ptr++ = LWIP_TCP_OPT_NOP;
+ *ptr++ = LWIP_TCP_OPT_MD5;
+ *ptr++ = LWIP_TCP_OPT_LEN_MD5;
+ memcpy(ptr, digest_calculated, LWIP_TCP_MD5_DIGEST_LEN);
+ ptr += LWIP_TCP_MD5_DIGEST_LEN;
+ LWIP_ASSERT("ptr == opts_ret", ptr == (u8_t *)opts_ret);
+ return opts_ret;
+ }
+ return opts;
+}
+
+/* Hook implementation for LWIP_HOOK_SOCKETS_SETSOCKOPT */
+int
+tcp_md5_setsockopt_hook(struct lwip_sock *sock, int level, int optname, const void *optval, socklen_t optlen, int *err)
+{
+ LWIP_ASSERT("sock != NULL", sock != NULL);
+ LWIP_ASSERT("err != NULL", err != NULL);
+
+ if ((level == IPPROTO_TCP) && (optname == TCP_MD5SIG)) {
+ const struct tcp_md5sig *md5 = (const struct tcp_md5sig*)optval;
+ if ((optval == NULL) || (optlen < sizeof(struct tcp_md5sig))) {
+ *err = EINVAL;
+ } else {
+ if (sock->conn && (NETCONNTYPE_GROUP(netconn_type(sock->conn)) == NETCONN_TCP) && (sock->conn->pcb.tcp != NULL)) {
+ if (tcp_md5_extarg_id == LWIP_TCP_PCB_NUM_EXT_ARG_ID_INVALID) {
+ /* not initialized */
+ *err = EINVAL;
+ } else {
+ struct tcp_md5_conn_info *info = tcp_md5_conn_info_alloc();
+ if (info == NULL) {
+ *err = ENOMEM;
+ } else {
+ int addr_valid = 0;
+ /* OK, fill and link this request */
+ memcpy(info->key, md5->tcpm_key, TCP_MD5SIG_MAXKEYLEN);
+ info->key_len = md5->tcpm_keylen;
+ memset(&info->remote_addr, 0, sizeof(info->remote_addr));
+ if (md5->tcpm_addr.ss_family == AF_INET) {
+#if LWIP_IPV4
+ const struct sockaddr_in *sin = (const struct sockaddr_in *)&md5->tcpm_addr;
+ memcpy(&info->remote_addr, &sin->sin_addr, sizeof(sin->sin_addr));
+ IP_SET_TYPE_VAL(info->remote_addr, IPADDR_TYPE_V4);
+ info->remote_port = lwip_htons(sin->sin_port);
+ addr_valid = 1;
+#endif /* LWIP_IPV4 */
+ } else if (md5->tcpm_addr.ss_family == AF_INET6) {
+#if LWIP_IPV6
+ const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)&md5->tcpm_addr;
+ memcpy(&info->remote_addr, &sin6->sin6_addr, sizeof(sin6->sin6_addr));
+ IP_SET_TYPE_VAL(info->remote_addr, IPADDR_TYPE_V6);
+ info->remote_port = lwip_htons(sin6->sin6_port);
+ addr_valid = 1;
+#endif /* LWIP_IPV6 */
+ }
+ if (addr_valid) {
+ /* store it */
+ tcp_ext_arg_set_callbacks(sock->conn->pcb.tcp, tcp_md5_extarg_id, &tcp_md5_ext_arg_callbacks);
+ info->next = (struct tcp_md5_conn_info *)tcp_ext_arg_get(sock->conn->pcb.tcp, tcp_md5_extarg_id);
+ tcp_ext_arg_set(sock->conn->pcb.tcp, tcp_md5_extarg_id, info);
+ } else {
+ *err = EINVAL;
+ tcp_md5_conn_info_free(info);
+ }
+ }
+ }
+ } else {
+ /* not a tcp netconn */
+ *err = EINVAL;
+ }
+ }
+ return 1;
+ }
+ return 0;
+}
diff --git a/contrib/addons/tcp_md5/tcp_md5.h b/contrib/addons/tcp_md5/tcp_md5.h
new file mode 100644
index 00000000000..e55740a414b
--- /dev/null
+++ b/contrib/addons/tcp_md5/tcp_md5.h
@@ -0,0 +1,84 @@
+/*
+ * Copyright (c) 2018 Simon Goldschmidt
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modification,
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+ * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ *
+ * Author: Simon Goldschmidt <goldsimon@gmx.de>
+ *
+ * To use the hooks in this file, make sure this file is included in LWIP_HOOK_FILENAME
+ * and define these hooks:
+ *
+ * #define LWIP_HOOK_TCP_INPACKET_PCB(pcb, hdr, optlen, opt1len, opt2, p) tcp_md5_check_inpacket(pcb, hdr, optlen, opt1len, opt2, p)
+ * #define LWIP_HOOK_TCP_OPT_LENGTH_SEGMENT(pcb, internal_len) tcp_md5_get_additional_option_length(pcb, internal_len)
+ * #define LWIP_HOOK_TCP_ADD_TX_OPTIONS(p, hdr, pcb, opts) tcp_md5_add_tx_options(p, hdr, pcb, opts)
+ *
+ * #define LWIP_HOOK_SOCKETS_SETSOCKOPT(s, sock, level, optname, optval, optlen, err) tcp_md5_setsockopt_hook(sock, level, optname, optval, optlen, err)
+ */
+
+#ifndef LWIP_HDR_CONTRIB_ADDONS_TCP_MD5_H
+#define LWIP_HDR_CONTRIB_ADDONS_TCP_MD5_H
+
+#include "lwip/opt.h"
+#include "lwip/ip_addr.h"
+#include "lwip/err.h"
+
+#include "lwip/priv/sockets_priv.h"
+#include "lwip/priv/tcp_priv.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* setsockopt definitions and structs: */
+
+/* This is the optname (for level = IPPROTO_TCP) */
+#ifndef TCP_MD5SIG
+#define TCP_MD5SIG 14
+#endif
+
+#define TCP_MD5SIG_MAXKEYLEN 80
+
+/* This is the optval type */
+struct tcp_md5sig {
+ struct sockaddr_storage tcpm_addr;
+ u16_t __tcpm_pad1;
+ u16_t tcpm_keylen;
+ u32_t __tcpm_pad2;
+ u8_t tcpm_key[TCP_MD5SIG_MAXKEYLEN];
+};
+
+/* socket setsockopt hook: */
+int tcp_md5_setsockopt_hook(struct lwip_sock *sock, int level, int optname, const void *optval, u32_t optlen, int *err);
+
+/* Internal hook functions */
+void tcp_md5_init(void);
+err_t tcp_md5_check_inpacket(struct tcp_pcb* pcb, struct tcp_hdr *hdr, u16_t optlen, u16_t opt1len, u8_t *opt2, struct pbuf *p);
+u8_t tcp_md5_get_additional_option_length(const struct tcp_pcb *pcb, u8_t internal_option_length);
+u32_t *tcp_md5_add_tx_options(struct pbuf *p, struct tcp_hdr *hdr, const struct tcp_pcb *pcb, u32_t *opts);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* LWIP_HDR_CONTRIB_ADDONS_TCP_MD5_H */
generated by cgit v1.2.3 (git 2.0.4) at 2025-09-21 17:07:56 +0000