summaryrefslogtreecommitdiffstatsabout
path: root/SylixOS
diff options
context:
space:
mode:
authorHanhui <hanhui@acoinfo.com>2020-12-23 13:04:39 (GMT)
committer Hanhui <hanhui@acoinfo.com>2020-12-23 13:04:39 (GMT)
commit87ba014a6a1d97026c4f1cb7f545d0211e1b5ab5 (patch)
tree81995cb9c64f3a7d701aca9b24dcdcd274635d0b /SylixOS
parentda3d7854ee7020bd859b149db5d92f02ad6ec2d2 (diff)
downloadlibsylixos-87ba014a6a1d97026c4f1cb7f545d0211e1b5ab5.zip
libsylixos-87ba014a6a1d97026c4f1cb7f545d0211e1b5ab5.tar.gz
libsylixos-87ba014a6a1d97026c4f1cb7f545d0211e1b5ab5.tar.bz2
TCP ISN updates the secret key periodically.
Diffstat (limited to 'SylixOS')
-rw-r--r--SylixOS/net/lwip/lwip_config.h8
-rw-r--r--SylixOS/net/lwip/lwip_fix.c23
-rw-r--r--SylixOS/net/lwip/lwip_fix.h6
-rw-r--r--SylixOS/net/lwip/src/core/timeouts.c3
-rw-r--r--SylixOS/net/lwip/tcpext/tcp_isn.c18
-rw-r--r--SylixOS/net/lwip/tcpext/tcp_isn.h2
6 files changed, 41 insertions, 19 deletions
diff --git a/SylixOS/net/lwip/lwip_config.h b/SylixOS/net/lwip/lwip_config.h
index 3bc5463..b72eaa8 100644
--- a/SylixOS/net/lwip/lwip_config.h
+++ b/SylixOS/net/lwip/lwip_config.h
@@ -237,7 +237,7 @@ extern PVOID lwip_platform_smemcpy(PVOID pvDest, CPVOID pvSrc, size_t stCoun
timeouts (default + 10, aodv, lowpan ...)
*********************************************************************************************************/
-#define MEMP_NUM_SYS_TIMEOUT (LWIP_NUM_SYS_TIMEOUT_INTERNAL + 11 + LW_CFG_NET_FLOWCTL_EN + \
+#define MEMP_NUM_SYS_TIMEOUT (LWIP_NUM_SYS_TIMEOUT_INTERNAL + 12 + LW_CFG_NET_FLOWCTL_EN + \
(LW_CFG_NET_MROUTER * 2))
#define MEMP_NUM_NETBUF LW_CFG_LWIP_NUM_NETBUF
@@ -406,6 +406,12 @@ extern PVOID lwip_platform_smemcpy(PVOID pvDest, CPVOID pvSrc, size_t stCoun
#define TCP_WND_UPDATE_THRESHOLD (pcb->if_wnd >> 1) /* 1/2 window size */
/*********************************************************************************************************
+ TCP ISN
+*********************************************************************************************************/
+
+#define TCP_ISN_KEY_INTERVAL (5 * 60 * 1000) /* Update key per 5 min */
+
+/*********************************************************************************************************
TCP Other
*********************************************************************************************************/
diff --git a/SylixOS/net/lwip/lwip_fix.c b/SylixOS/net/lwip/lwip_fix.c
index 4cfb0f3..bdb5f4f 100644
--- a/SylixOS/net/lwip/lwip_fix.c
+++ b/SylixOS/net/lwip/lwip_fix.c
@@ -110,6 +110,22 @@ static void sys_thread_sem_init(LW_OBJECT_HANDLE id);
static void sys_thread_sem_fini(LW_OBJECT_HANDLE id);
#endif /* LW_CFG_NET_SAFE > 0 */
/*********************************************************************************************************
+** 函数名称: sys_tcp_isn_key_update
+** 功能描述: TCP ISN key 升级
+** 输 入 : NONE
+** 输 出 : NONE
+** 全局变量:
+** 调用模块:
+*********************************************************************************************************/
+void sys_tcp_isn_key_update (void)
+{
+ u8_t iv[16];
+
+ getrandom(iv, sizeof(iv), GRND_NONBLOCK);
+
+ tcp_isn_skey(iv); /* 初始化 TCP ISN 生成器 */
+}
+/*********************************************************************************************************
** 函数名称: sys_init
** 功能描述: 系统接口初始化
** 输 入 : NONE
@@ -119,14 +135,9 @@ static void sys_thread_sem_fini(LW_OBJECT_HANDLE id);
*********************************************************************************************************/
void sys_init (void)
{
- u8_t iv[16];
- time_t now;
-
LW_SPIN_INIT(&_G_slcaLwip.SLCA_sl); /* 初始化网络关键区域自旋锁 */
- lib_time(&now);
- getrandom(iv, sizeof(iv), GRND_NONBLOCK);
- tcp_isn_init(&now, iv); /* 初始化 TCP ISN 生成器 */
+ sys_tcp_isn_key_update();
#if LW_CFG_NET_SAFE > 0
#if LW_CFG_NET_SAFE_LAZY == 0
diff --git a/SylixOS/net/lwip/lwip_fix.h b/SylixOS/net/lwip/lwip_fix.h
index 954224c..d588cf8 100644
--- a/SylixOS/net/lwip/lwip_fix.h
+++ b/SylixOS/net/lwip/lwip_fix.h
@@ -200,6 +200,12 @@ void sys_arch_msleep(u32_t ms); /* XXX
#define sys_msleep sys_arch_msleep
/*********************************************************************************************************
+ TCP ISN function
+*********************************************************************************************************/
+
+void sys_tcp_isn_key_update(void);
+
+/*********************************************************************************************************
rand()
*********************************************************************************************************/
diff --git a/SylixOS/net/lwip/src/core/timeouts.c b/SylixOS/net/lwip/src/core/timeouts.c
index 8c8d497..7a9346e 100644
--- a/SylixOS/net/lwip/src/core/timeouts.c
+++ b/SylixOS/net/lwip/src/core/timeouts.c
@@ -113,6 +113,9 @@ const struct lwip_cyclic_timer lwip_cyclic_timers[] = {
{DHCP6_TIMER_MSECS, HANDLER(dhcp6_tmr)},
#endif /* LWIP_IPV6_DHCP6 */
#endif /* LWIP_IPV6 */
+#ifdef SYLIXOS /* SylixOS Add TCP ISN key update cyclic timer */
+ {TCP_ISN_KEY_INTERVAL, HANDLER(sys_tcp_isn_key_update)},
+#endif /* SYLIXOS */
};
const int lwip_num_cyclic_timers = LWIP_ARRAYSIZE(lwip_cyclic_timers);
diff --git a/SylixOS/net/lwip/tcpext/tcp_isn.c b/SylixOS/net/lwip/tcpext/tcp_isn.c
index 09ffe25..b2b4d4b 100644
--- a/SylixOS/net/lwip/tcpext/tcp_isn.c
+++ b/SylixOS/net/lwip/tcpext/tcp_isn.c
@@ -80,24 +80,16 @@
#include "mbedtls/md5.h"
static u8_t input[64];
-static u32_t base_time;
/**
- * Initialize the TCP ISN module, with the boot time and a secret.
+ * Set the TCP ISN module secret key.
*
- * @param boot_time Wall clock boot time of the system, in seconds.
* @param secret_16_bytes A 16-byte secret used to randomize the TCP ISNs.
*/
void
-tcp_isn_init(time_t *boot_time, const u8_t *secret_16_bytes)
+tcp_isn_skey(const u8_t *secret_16_bytes)
{
- /* Initialize the input buffer with the secret and trailing zeroes. */
- memset(input, 0, sizeof(input));
-
MEMCPY(&input[36], secret_16_bytes, 16);
-
- /* Save the boot time in 4-us units. Overflow is no problem here. */
- base_time = (u32_t)(*boot_time * 250000);
}
/**
@@ -114,6 +106,7 @@ tcp_isn_hook(const ip_addr_t *local_ip, u16_t local_port,
const ip_addr_t *remote_ip, u16_t remote_port)
{
mbedtls_md5_context ctx;
+ struct timespec timestamp;
u8_t output[16];
u32_t isn;
@@ -169,8 +162,11 @@ tcp_isn_hook(const ip_addr_t *local_ip, u16_t local_port,
/* Arbitrarily take the first 32 bits from the generated hash. */
MEMCPY(&isn, output, sizeof(isn));
+ /* Get current time */
+ lib_clock_gettime(CLOCK_MONOTONIC, &timestamp);
+
/* Add the current time in 4-microsecond units. */
- return isn + base_time + sys_now() * 250;
+ return isn + (u32_t)(timestamp.tv_sec * 4000000) + (timestamp.tv_nsec / 4000);
}
#endif /* LWIP_HOOK_TCP_ISN */
diff --git a/SylixOS/net/lwip/tcpext/tcp_isn.h b/SylixOS/net/lwip/tcpext/tcp_isn.h
index b5b6809..fe7b796 100644
--- a/SylixOS/net/lwip/tcpext/tcp_isn.h
+++ b/SylixOS/net/lwip/tcpext/tcp_isn.h
@@ -37,7 +37,7 @@
extern "C" {
#endif
-void tcp_isn_init(time_t *boot_time, const u8_t *secret_16_bytes);
+void tcp_isn_skey(const u8_t *secret_16_bytes);
u32_t tcp_isn_hook(const ip_addr_t *local_ip, u16_t local_port,
const ip_addr_t *remote_ip, u16_t remote_port);