espressif/FreeRTOS
1
0
Fork 0
mirror of https://github.com/FreeRTOS/FreeRTOS.git synced 2025-06-19 06:39:21 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix some build issues in older kernel demo projects.

Browse Source 
Update to V2.0.7 of the TCP/IP stack:
   + Multiple security improvements and fixes in packet parsing routines, DNS
     caching, and TCP sequence number and ID generation.
   + Disable NBNS and LLMNR by default.
   + Add TCP hang protection by default.

We thank Ori Karliner of Zimperium zLabs Team for reporting these issues.
This commit is contained in:
Richard Barry
2018-08-22 21:29:21 +00:00
parent fb9de58f56
commit bdb088e66f
68 changed files with 5322 additions and 3910 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
FreeRTOS-Plus/Source/FreeRTOS-Plus-TCP/include/FreeRTOSIPConfigDefaults.h
View File

@ -1,5 +1,5 @@
/*
* FreeRTOS+TCP V2.0.3
* FreeRTOS+TCP V2.0.7
* Copyright (C) 2017 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy of
@ -389,11 +389,13 @@ from the FreeRTOSIPConfig.h configuration header file. */
#if( ipconfigUSE_DNS_CACHE != 0 )
#ifndef ipconfigDNS_CACHE_NAME_LENGTH
#define ipconfigDNS_CACHE_NAME_LENGTH ( 16 )
/* Per https://tools.ietf.org/html/rfc1035, 253 is the maximum string length
of a DNS name. The following default accounts for a null terminator. */
#define ipconfigDNS_CACHE_NAME_LENGTH 254
#endif
#ifndef ipconfigDNS_CACHE_ENTRIES
#define ipconfigDNS_CACHE_ENTRIES 0
#define ipconfigDNS_CACHE_ENTRIES 1
#endif
#endif /* ipconfigUSE_DNS_CACHE != 0 */
@ -510,7 +512,7 @@ from the FreeRTOSIPConfig.h configuration header file. */
#endif
#ifndef ipconfigTCP_KEEP_ALIVE
#define ipconfigTCP_KEEP_ALIVE 1
#define ipconfigTCP_KEEP_ALIVE 0
#endif
#ifndef ipconfigDNS_USE_CALLBACKS
@ -525,10 +527,17 @@ from the FreeRTOSIPConfig.h configuration header file. */
#define ipconfigUSE_NBNS 0
#endif
/* As an attack surface reduction for ports that listen for inbound
connections, hang protection can help reduce the impact of SYN floods. */
#ifndef ipconfigTCP_HANG_PROTECTION
#define ipconfigTCP_HANG_PROTECTION 1
#endif
/* Non-activity timeout is expressed in seconds. */
#ifndef ipconfigTCP_HANG_PROTECTION_TIME
#define ipconfigTCP_HANG_PROTECTION_TIME 30
#endif
#ifndef ipconfigTCP_IP_SANITY
#define ipconfigTCP_IP_SANITY 0
#endif