diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..5966153 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,2 @@ +.gitattributes export-ignore +.gitignore export-ignore diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..2e3ff6e --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2022 Florian Hoss + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/esp32example/.gitignore b/esp32example/.gitignore new file mode 100644 index 0000000..c34f3ba --- /dev/null +++ b/esp32example/.gitignore @@ -0,0 +1,4 @@ +.pio +.vscode +include/theSecrets.h +components diff --git a/esp32example/CMakeLists.txt b/esp32example/CMakeLists.txt new file mode 100644 index 0000000..8f9cf32 --- /dev/null +++ b/esp32example/CMakeLists.txt @@ -0,0 +1,3 @@ +cmake_minimum_required(VERSION 3.16.0) +include($ENV{IDF_PATH}/tools/cmake/project.cmake) +project(ESP32Firewall) diff --git a/esp32example/include/lwip_hooks.h b/esp32example/include/lwip_hooks.h new file mode 100644 index 0000000..8c58d5a --- /dev/null +++ b/esp32example/include/lwip_hooks.h @@ -0,0 +1,16 @@ +#ifndef _LWIP_HOOKS_H_ +#define _LWIP_HOOKS_H_ + +#ifdef __cplusplus +extern "C" +{ +#endif + + int lwip_hook_ip4_input(struct pbuf *pbuf, struct netif *input_netif); +#define LWIP_HOOK_IP4_INPUT lwip_hook_ip4_input + +#ifdef __cplusplus +} +#endif + +#endif /* _LWIP_HOOKS_H_ */ diff --git a/esp32example/include/theSecrets-example.h b/esp32example/include/theSecrets-example.h new file mode 100644 index 0000000..81eca13 --- /dev/null +++ b/esp32example/include/theSecrets-example.h @@ -0,0 +1,9 @@ +#ifndef _THE_SECRETS_H_ +#define _THE_SECRETS_H_ + +const char *ssid = "Wifi"; +const char *psk = "password"; +const char *username = "username"; +const char *password = "password"; + +#endif diff --git a/esp32example/platformio.ini b/esp32example/platformio.ini new file mode 100644 index 0000000..0e791fb --- /dev/null +++ b/esp32example/platformio.ini @@ -0,0 +1,23 @@ +; PlatformIO Project Configuration File +; +; Build options: build flags, source filter +; Upload options: custom upload port, speed and extra flags +; Library options: dependencies, extra library storages +; Advanced options: extra scripting +; +; Please visit documentation for the other options and examples +; https://docs.platformio.org/page/projectconf.html + +[platformio] +default_envs = esp32 + +[env:esp32] +platform = espressif32 +board = az-delivery-devkit-v4 +framework = espidf +monitor_speed = 115200 +lib_compat_mode = off +build_flags = + '-Iinclude' + '-DESP_IDF_LWIP_HOOK_FILENAME="lwip_hooks.h"' +lib_deps = https://gitlab.hs-esslingen.de/toheer/iot-security-tools.git \ No newline at end of file diff --git a/esp32example/sdkconfig.esp32 b/esp32example/sdkconfig.esp32 new file mode 100644 index 0000000..cc332d4 --- /dev/null +++ b/esp32example/sdkconfig.esp32 @@ -0,0 +1,1439 @@ +# +# Automatically generated file. DO NOT EDIT. +# Espressif IoT Development Framework (ESP-IDF) Project Configuration +# +CONFIG_IDF_CMAKE=y +CONFIG_IDF_TARGET_ARCH_XTENSA=y +CONFIG_IDF_TARGET="esp32" +CONFIG_IDF_TARGET_ESP32=y +CONFIG_IDF_FIRMWARE_CHIP_ID=0x0000 + +# +# SDK tool configuration +# +CONFIG_SDK_TOOLPREFIX="xtensa-esp32-elf-" +# CONFIG_SDK_TOOLCHAIN_SUPPORTS_TIME_WIDE_64_BITS is not set +# end of SDK tool configuration + +# +# Build type +# +CONFIG_APP_BUILD_TYPE_APP_2NDBOOT=y +# CONFIG_APP_BUILD_TYPE_ELF_RAM is not set +CONFIG_APP_BUILD_GENERATE_BINARIES=y +CONFIG_APP_BUILD_BOOTLOADER=y +CONFIG_APP_BUILD_USE_FLASH_SECTIONS=y +# end of Build type + +# +# Application manager +# +CONFIG_APP_COMPILE_TIME_DATE=y +# CONFIG_APP_EXCLUDE_PROJECT_VER_VAR is not set +# CONFIG_APP_EXCLUDE_PROJECT_NAME_VAR is not set +# CONFIG_APP_PROJECT_VER_FROM_CONFIG is not set +CONFIG_APP_RETRIEVE_LEN_ELF_SHA=16 +# end of Application manager + +# +# Bootloader config +# +CONFIG_BOOTLOADER_OFFSET_IN_FLASH=0x1000 +CONFIG_BOOTLOADER_COMPILER_OPTIMIZATION_SIZE=y +# CONFIG_BOOTLOADER_COMPILER_OPTIMIZATION_DEBUG is not set +# CONFIG_BOOTLOADER_COMPILER_OPTIMIZATION_PERF is not set +# CONFIG_BOOTLOADER_COMPILER_OPTIMIZATION_NONE is not set +CONFIG_BOOTLOADER_LOG_LEVEL_NONE=y +# CONFIG_BOOTLOADER_LOG_LEVEL_ERROR is not set +# CONFIG_BOOTLOADER_LOG_LEVEL_WARN is not set +# CONFIG_BOOTLOADER_LOG_LEVEL_INFO is not set +# CONFIG_BOOTLOADER_LOG_LEVEL_DEBUG is not set +# CONFIG_BOOTLOADER_LOG_LEVEL_VERBOSE is not set +CONFIG_BOOTLOADER_LOG_LEVEL=0 +# CONFIG_BOOTLOADER_VDDSDIO_BOOST_1_8V is not set +CONFIG_BOOTLOADER_VDDSDIO_BOOST_1_9V=y +# CONFIG_BOOTLOADER_FACTORY_RESET is not set +# CONFIG_BOOTLOADER_APP_TEST is not set +# CONFIG_BOOTLOADER_WDT_ENABLE is not set +# CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE is not set +# CONFIG_BOOTLOADER_SKIP_VALIDATE_IN_DEEP_SLEEP is not set +# CONFIG_BOOTLOADER_SKIP_VALIDATE_ON_POWER_ON is not set +# CONFIG_BOOTLOADER_SKIP_VALIDATE_ALWAYS is not set +CONFIG_BOOTLOADER_RESERVE_RTC_SIZE=0 +# CONFIG_BOOTLOADER_CUSTOM_RESERVE_RTC is not set +CONFIG_BOOTLOADER_FLASH_XMC_SUPPORT=y +# end of Bootloader config + +# +# Security features +# +# CONFIG_SECURE_SIGNED_APPS_NO_SECURE_BOOT is not set +# CONFIG_SECURE_BOOT is not set +# CONFIG_SECURE_FLASH_ENC_ENABLED is not set +# end of Security features + +# +# Serial flasher config +# +CONFIG_ESPTOOLPY_BAUD_OTHER_VAL=115200 +# CONFIG_ESPTOOLPY_NO_STUB is not set +# CONFIG_ESPTOOLPY_FLASHMODE_QIO is not set +# CONFIG_ESPTOOLPY_FLASHMODE_QOUT is not set +CONFIG_ESPTOOLPY_FLASHMODE_DIO=y +# CONFIG_ESPTOOLPY_FLASHMODE_DOUT is not set +CONFIG_ESPTOOLPY_FLASH_SAMPLE_MODE_STR=y +CONFIG_ESPTOOLPY_FLASHMODE="dio" +# CONFIG_ESPTOOLPY_FLASHFREQ_80M is not set +CONFIG_ESPTOOLPY_FLASHFREQ_40M=y +# CONFIG_ESPTOOLPY_FLASHFREQ_26M is not set +# CONFIG_ESPTOOLPY_FLASHFREQ_20M is not set +CONFIG_ESPTOOLPY_FLASHFREQ="40m" +# CONFIG_ESPTOOLPY_FLASHSIZE_1MB is not set +CONFIG_ESPTOOLPY_FLASHSIZE_2MB=y +# CONFIG_ESPTOOLPY_FLASHSIZE_4MB is not set +# CONFIG_ESPTOOLPY_FLASHSIZE_8MB is not set +# CONFIG_ESPTOOLPY_FLASHSIZE_16MB is not set +CONFIG_ESPTOOLPY_FLASHSIZE="2MB" +CONFIG_ESPTOOLPY_FLASHSIZE_DETECT=y +CONFIG_ESPTOOLPY_BEFORE_RESET=y +# CONFIG_ESPTOOLPY_BEFORE_NORESET is not set +CONFIG_ESPTOOLPY_BEFORE="default_reset" +CONFIG_ESPTOOLPY_AFTER_RESET=y +# CONFIG_ESPTOOLPY_AFTER_NORESET is not set +CONFIG_ESPTOOLPY_AFTER="hard_reset" +# CONFIG_ESPTOOLPY_MONITOR_BAUD_CONSOLE is not set +# CONFIG_ESPTOOLPY_MONITOR_BAUD_9600B is not set +# CONFIG_ESPTOOLPY_MONITOR_BAUD_57600B is not set +CONFIG_ESPTOOLPY_MONITOR_BAUD_115200B=y +# CONFIG_ESPTOOLPY_MONITOR_BAUD_230400B is not set +# CONFIG_ESPTOOLPY_MONITOR_BAUD_921600B is not set +# CONFIG_ESPTOOLPY_MONITOR_BAUD_2MB is not set +# CONFIG_ESPTOOLPY_MONITOR_BAUD_OTHER is not set +CONFIG_ESPTOOLPY_MONITOR_BAUD_OTHER_VAL=115200 +CONFIG_ESPTOOLPY_MONITOR_BAUD=115200 +# end of Serial flasher config + +# +# Partition Table +# +CONFIG_PARTITION_TABLE_SINGLE_APP=y +# CONFIG_PARTITION_TABLE_SINGLE_APP_LARGE is not set +# CONFIG_PARTITION_TABLE_TWO_OTA is not set +# CONFIG_PARTITION_TABLE_CUSTOM is not set +CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="partitions.csv" +CONFIG_PARTITION_TABLE_FILENAME="partitions_singleapp.csv" +CONFIG_PARTITION_TABLE_OFFSET=0x8000 +CONFIG_PARTITION_TABLE_MD5=y +# end of Partition Table + +# +# Arduino Configuration +# +CONFIG_ENABLE_ARDUINO_DEPENDS=y +CONFIG_AUTOSTART_ARDUINO=y +# CONFIG_ARDUINO_RUN_CORE0 is not set +CONFIG_ARDUINO_RUN_CORE1=y +# CONFIG_ARDUINO_RUN_NO_AFFINITY is not set +CONFIG_ARDUINO_RUNNING_CORE=1 +CONFIG_ARDUINO_LOOP_STACK_SIZE=8192 +# CONFIG_ARDUINO_EVENT_RUN_CORE0 is not set +CONFIG_ARDUINO_EVENT_RUN_CORE1=y +# CONFIG_ARDUINO_EVENT_RUN_NO_AFFINITY is not set +CONFIG_ARDUINO_EVENT_RUNNING_CORE=1 +# CONFIG_ARDUINO_SERIAL_EVENT_RUN_CORE0 is not set +# CONFIG_ARDUINO_SERIAL_EVENT_RUN_CORE1 is not set +CONFIG_ARDUINO_SERIAL_EVENT_RUN_NO_AFFINITY=y +CONFIG_ARDUINO_SERIAL_EVENT_TASK_RUNNING_CORE=-1 +CONFIG_ARDUINO_SERIAL_EVENT_TASK_STACK_SIZE=2048 +CONFIG_ARDUINO_SERIAL_EVENT_TASK_PRIORITY=24 +CONFIG_ARDUINO_UDP_RUN_CORE0=y +# CONFIG_ARDUINO_UDP_RUN_CORE1 is not set +# CONFIG_ARDUINO_UDP_RUN_NO_AFFINITY is not set +CONFIG_ARDUINO_UDP_RUNNING_CORE=0 +CONFIG_ARDUINO_UDP_TASK_PRIORITY=3 +# CONFIG_ARDUINO_ISR_IRAM is not set +# CONFIG_DISABLE_HAL_LOCKS is not set + +# +# Debug Log Configuration +# +CONFIG_ARDUHAL_LOG_DEFAULT_LEVEL_NONE=y +# CONFIG_ARDUHAL_LOG_DEFAULT_LEVEL_ERROR is not set +# CONFIG_ARDUHAL_LOG_DEFAULT_LEVEL_WARN is not set +# CONFIG_ARDUHAL_LOG_DEFAULT_LEVEL_INFO is not set +# CONFIG_ARDUHAL_LOG_DEFAULT_LEVEL_DEBUG is not set +# CONFIG_ARDUHAL_LOG_DEFAULT_LEVEL_VERBOSE is not set +CONFIG_ARDUHAL_LOG_DEFAULT_LEVEL=0 +# CONFIG_ARDUHAL_LOG_COLORS is not set +# CONFIG_ARDUHAL_ESP_LOG is not set +# end of Debug Log Configuration + +CONFIG_ARDUHAL_PARTITION_SCHEME_DEFAULT=y +# CONFIG_ARDUHAL_PARTITION_SCHEME_MINIMAL is not set +# CONFIG_ARDUHAL_PARTITION_SCHEME_NO_OTA is not set +# CONFIG_ARDUHAL_PARTITION_SCHEME_HUGE_APP is not set +# CONFIG_ARDUHAL_PARTITION_SCHEME_MIN_SPIFFS is not set +CONFIG_ARDUHAL_PARTITION_SCHEME="default" +# CONFIG_AUTOCONNECT_WIFI is not set +# CONFIG_ARDUINO_SELECTIVE_COMPILATION is not set +# end of Arduino Configuration + +# +# Compiler options +# +CONFIG_COMPILER_OPTIMIZATION_DEFAULT=y +# CONFIG_COMPILER_OPTIMIZATION_SIZE is not set +# CONFIG_COMPILER_OPTIMIZATION_PERF is not set +# CONFIG_COMPILER_OPTIMIZATION_NONE is not set +CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_ENABLE=y +# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_SILENT is not set +# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_DISABLE is not set +CONFIG_COMPILER_OPTIMIZATION_ASSERTION_LEVEL=2 +# CONFIG_COMPILER_OPTIMIZATION_CHECKS_SILENT is not set +CONFIG_COMPILER_HIDE_PATHS_MACROS=y +# CONFIG_COMPILER_CXX_EXCEPTIONS is not set +# CONFIG_COMPILER_CXX_RTTI is not set +CONFIG_COMPILER_STACK_CHECK_MODE_NONE=y +# CONFIG_COMPILER_STACK_CHECK_MODE_NORM is not set +# CONFIG_COMPILER_STACK_CHECK_MODE_STRONG is not set +# CONFIG_COMPILER_STACK_CHECK_MODE_ALL is not set +# CONFIG_COMPILER_WARN_WRITE_STRINGS is not set +# CONFIG_COMPILER_DISABLE_GCC8_WARNINGS is not set +# CONFIG_COMPILER_DUMP_RTL_FILES is not set +# end of Compiler options + +# +# Component config +# + +# +# Application Level Tracing +# +# CONFIG_APPTRACE_DEST_JTAG is not set +CONFIG_APPTRACE_DEST_NONE=y +CONFIG_APPTRACE_LOCK_ENABLE=y +# end of Application Level Tracing + +# +# ESP-ASIO +# +# CONFIG_ASIO_SSL_SUPPORT is not set +# end of ESP-ASIO + +# +# Bluetooth +# +# CONFIG_BT_ENABLED is not set +# end of Bluetooth + +# +# CoAP Configuration +# +CONFIG_COAP_MBEDTLS_PSK=y +# CONFIG_COAP_MBEDTLS_PKI is not set +# CONFIG_COAP_MBEDTLS_DEBUG is not set +CONFIG_COAP_LOG_DEFAULT_LEVEL=0 +# end of CoAP Configuration + +# +# Driver configurations +# + +# +# ADC configuration +# +# CONFIG_ADC_FORCE_XPD_FSM is not set +CONFIG_ADC_DISABLE_DAC=y +# end of ADC configuration + +# +# MCPWM configuration +# +# CONFIG_MCPWM_ISR_IN_IRAM is not set +# end of MCPWM configuration + +# +# SPI configuration +# +# CONFIG_SPI_MASTER_IN_IRAM is not set +CONFIG_SPI_MASTER_ISR_IN_IRAM=y +# CONFIG_SPI_SLAVE_IN_IRAM is not set +CONFIG_SPI_SLAVE_ISR_IN_IRAM=y +# end of SPI configuration + +# +# TWAI configuration +# +# CONFIG_TWAI_ISR_IN_IRAM is not set +# CONFIG_TWAI_ERRATA_FIX_BUS_OFF_REC is not set +# CONFIG_TWAI_ERRATA_FIX_TX_INTR_LOST is not set +# CONFIG_TWAI_ERRATA_FIX_RX_FRAME_INVALID is not set +# CONFIG_TWAI_ERRATA_FIX_RX_FIFO_CORRUPT is not set +# end of TWAI configuration + +# +# UART configuration +# +# CONFIG_UART_ISR_IN_IRAM is not set +# end of UART configuration + +# +# RTCIO configuration +# +# CONFIG_RTCIO_SUPPORT_RTC_GPIO_DESC is not set +# end of RTCIO configuration + +# +# GPIO Configuration +# +# CONFIG_GPIO_ESP32_SUPPORT_SWITCH_SLP_PULL is not set +# end of GPIO Configuration + +# +# GDMA Configuration +# +# CONFIG_GDMA_CTRL_FUNC_IN_IRAM is not set +# CONFIG_GDMA_ISR_IRAM_SAFE is not set +# end of GDMA Configuration +# end of Driver configurations + +# +# eFuse Bit Manager +# +# CONFIG_EFUSE_CUSTOM_TABLE is not set +# CONFIG_EFUSE_VIRTUAL is not set +# CONFIG_EFUSE_CODE_SCHEME_COMPAT_NONE is not set +CONFIG_EFUSE_CODE_SCHEME_COMPAT_3_4=y +# CONFIG_EFUSE_CODE_SCHEME_COMPAT_REPEAT is not set +CONFIG_EFUSE_MAX_BLK_LEN=192 +# end of eFuse Bit Manager + +# +# ESP-TLS +# +CONFIG_ESP_TLS_USING_MBEDTLS=y +# CONFIG_ESP_TLS_USE_SECURE_ELEMENT is not set +# CONFIG_ESP_TLS_SERVER is not set +# CONFIG_ESP_TLS_CLIENT_SESSION_TICKETS is not set +# CONFIG_ESP_TLS_PSK_VERIFICATION is not set +# CONFIG_ESP_TLS_INSECURE is not set +# end of ESP-TLS + +# +# ESP32-specific +# +CONFIG_ESP32_REV_MIN_0=y +# CONFIG_ESP32_REV_MIN_1 is not set +# CONFIG_ESP32_REV_MIN_2 is not set +# CONFIG_ESP32_REV_MIN_3 is not set +CONFIG_ESP32_REV_MIN=0 +CONFIG_ESP32_DPORT_WORKAROUND=y +# CONFIG_ESP32_DEFAULT_CPU_FREQ_80 is not set +CONFIG_ESP32_DEFAULT_CPU_FREQ_160=y +# CONFIG_ESP32_DEFAULT_CPU_FREQ_240 is not set +CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ=160 +# CONFIG_ESP32_SPIRAM_SUPPORT is not set +# CONFIG_ESP32_TRAX is not set +CONFIG_ESP32_TRACEMEM_RESERVE_DRAM=0x0 +# CONFIG_ESP32_ULP_COPROC_ENABLED is not set +CONFIG_ESP32_ULP_COPROC_RESERVE_MEM=0 +CONFIG_ESP32_DEBUG_OCDAWARE=y +CONFIG_ESP32_BROWNOUT_DET=y +CONFIG_ESP32_BROWNOUT_DET_LVL_SEL_0=y +# CONFIG_ESP32_BROWNOUT_DET_LVL_SEL_1 is not set +# CONFIG_ESP32_BROWNOUT_DET_LVL_SEL_2 is not set +# CONFIG_ESP32_BROWNOUT_DET_LVL_SEL_3 is not set +# CONFIG_ESP32_BROWNOUT_DET_LVL_SEL_4 is not set +# CONFIG_ESP32_BROWNOUT_DET_LVL_SEL_5 is not set +# CONFIG_ESP32_BROWNOUT_DET_LVL_SEL_6 is not set +# CONFIG_ESP32_BROWNOUT_DET_LVL_SEL_7 is not set +CONFIG_ESP32_BROWNOUT_DET_LVL=0 +CONFIG_ESP32_TIME_SYSCALL_USE_RTC_FRC1=y +# CONFIG_ESP32_TIME_SYSCALL_USE_RTC is not set +# CONFIG_ESP32_TIME_SYSCALL_USE_FRC1 is not set +# CONFIG_ESP32_TIME_SYSCALL_USE_NONE is not set +CONFIG_ESP32_RTC_CLK_SRC_INT_RC=y +# CONFIG_ESP32_RTC_CLK_SRC_EXT_CRYS is not set +# CONFIG_ESP32_RTC_CLK_SRC_EXT_OSC is not set +# CONFIG_ESP32_RTC_CLK_SRC_INT_8MD256 is not set +CONFIG_ESP32_RTC_CLK_CAL_CYCLES=1024 +CONFIG_ESP32_DEEP_SLEEP_WAKEUP_DELAY=2000 +CONFIG_ESP32_XTAL_FREQ_40=y +# CONFIG_ESP32_XTAL_FREQ_26 is not set +# CONFIG_ESP32_XTAL_FREQ_AUTO is not set +CONFIG_ESP32_XTAL_FREQ=40 +# CONFIG_ESP32_DISABLE_BASIC_ROM_CONSOLE is not set +# CONFIG_ESP32_NO_BLOBS is not set +# CONFIG_ESP32_COMPATIBLE_PRE_V2_1_BOOTLOADERS is not set +# CONFIG_ESP32_COMPATIBLE_PRE_V3_1_BOOTLOADERS is not set +# CONFIG_ESP32_USE_FIXED_STATIC_RAM_SIZE is not set +CONFIG_ESP32_DPORT_DIS_INTERRUPT_LVL=5 +# end of ESP32-specific + +# +# ADC-Calibration +# +CONFIG_ADC_CAL_EFUSE_TP_ENABLE=y +CONFIG_ADC_CAL_EFUSE_VREF_ENABLE=y +CONFIG_ADC_CAL_LUT_ENABLE=y +# end of ADC-Calibration + +# +# Common ESP-related +# +CONFIG_ESP_ERR_TO_NAME_LOOKUP=y +# end of Common ESP-related + +# +# Ethernet +# +CONFIG_ETH_ENABLED=y +CONFIG_ETH_USE_ESP32_EMAC=y +CONFIG_ETH_PHY_INTERFACE_RMII=y +CONFIG_ETH_RMII_CLK_INPUT=y +# CONFIG_ETH_RMII_CLK_OUTPUT is not set +CONFIG_ETH_RMII_CLK_IN_GPIO=0 +CONFIG_ETH_DMA_BUFFER_SIZE=512 +CONFIG_ETH_DMA_RX_BUFFER_NUM=10 +CONFIG_ETH_DMA_TX_BUFFER_NUM=10 +CONFIG_ETH_USE_SPI_ETHERNET=y +# CONFIG_ETH_SPI_ETHERNET_DM9051 is not set +# CONFIG_ETH_SPI_ETHERNET_W5500 is not set +# CONFIG_ETH_SPI_ETHERNET_KSZ8851SNL is not set +# CONFIG_ETH_USE_OPENETH is not set +# end of Ethernet + +# +# Event Loop Library +# +# CONFIG_ESP_EVENT_LOOP_PROFILING is not set +CONFIG_ESP_EVENT_POST_FROM_ISR=y +CONFIG_ESP_EVENT_POST_FROM_IRAM_ISR=y +# end of Event Loop Library + +# +# GDB Stub +# +# end of GDB Stub + +# +# ESP HTTP client +# +CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=y +# CONFIG_ESP_HTTP_CLIENT_ENABLE_BASIC_AUTH is not set +CONFIG_ESP_HTTP_CLIENT_ENABLE_DIGEST_AUTH=y +# end of ESP HTTP client + +# +# HTTP Server +# +CONFIG_HTTPD_MAX_REQ_HDR_LEN=512 +CONFIG_HTTPD_MAX_URI_LEN=512 +CONFIG_HTTPD_ERR_RESP_NO_DELAY=y +CONFIG_HTTPD_PURGE_BUF_LEN=32 +# CONFIG_HTTPD_LOG_PURGE_DATA is not set +# CONFIG_HTTPD_WS_SUPPORT is not set +# end of HTTP Server + +# +# ESP HTTPS OTA +# +# CONFIG_OTA_ALLOW_HTTP is not set +# end of ESP HTTPS OTA + +# +# ESP HTTPS server +# +# CONFIG_ESP_HTTPS_SERVER_ENABLE is not set +# end of ESP HTTPS server + +# +# Hardware Settings +# + +# +# MAC Config +# +CONFIG_ESP_MAC_ADDR_UNIVERSE_WIFI_STA=y +CONFIG_ESP_MAC_ADDR_UNIVERSE_WIFI_AP=y +CONFIG_ESP_MAC_ADDR_UNIVERSE_BT=y +CONFIG_ESP_MAC_ADDR_UNIVERSE_ETH=y +# CONFIG_ESP32_UNIVERSAL_MAC_ADDRESSES_TWO is not set +CONFIG_ESP32_UNIVERSAL_MAC_ADDRESSES_FOUR=y +CONFIG_ESP32_UNIVERSAL_MAC_ADDRESSES=4 +# end of MAC Config + +# +# Sleep Config +# +CONFIG_ESP_SLEEP_POWER_DOWN_FLASH=y +CONFIG_ESP_SLEEP_RTC_BUS_ISO_WORKAROUND=y +# CONFIG_ESP_SLEEP_GPIO_RESET_WORKAROUND is not set +# CONFIG_ESP_SLEEP_FLASH_LEAKAGE_WORKAROUND is not set +# end of Sleep Config + +# +# RTC Clock Config +# +# end of RTC Clock Config +# end of Hardware Settings + +# +# IPC (Inter-Processor Call) +# +CONFIG_ESP_IPC_TASK_STACK_SIZE=1536 +CONFIG_ESP_IPC_USES_CALLERS_PRIORITY=y +CONFIG_ESP_IPC_ISR_ENABLE=y +# end of IPC (Inter-Processor Call) + +# +# LCD and Touch Panel +# + +# +# LCD Peripheral Configuration +# +CONFIG_LCD_PANEL_IO_FORMAT_BUF_SIZE=32 +# end of LCD Peripheral Configuration +# end of LCD and Touch Panel + +# +# ESP NETIF Adapter +# +CONFIG_ESP_NETIF_IP_LOST_TIMER_INTERVAL=120 +CONFIG_ESP_NETIF_TCPIP_LWIP=y +# CONFIG_ESP_NETIF_LOOPBACK is not set +CONFIG_ESP_NETIF_TCPIP_ADAPTER_COMPATIBLE_LAYER=y +# end of ESP NETIF Adapter + +# +# PHY +# +CONFIG_ESP_PHY_CALIBRATION_AND_DATA_STORAGE=y +# CONFIG_ESP_PHY_INIT_DATA_IN_PARTITION is not set +CONFIG_ESP_PHY_MAX_WIFI_TX_POWER=20 +CONFIG_ESP_PHY_MAX_TX_POWER=20 +CONFIG_ESP_PHY_REDUCE_TX_POWER=y +# end of PHY + +# +# Power Management +# +# CONFIG_PM_ENABLE is not set +# end of Power Management + +# +# ESP System Settings +# +# CONFIG_ESP_SYSTEM_PANIC_PRINT_HALT is not set +CONFIG_ESP_SYSTEM_PANIC_PRINT_REBOOT=y +# CONFIG_ESP_SYSTEM_PANIC_SILENT_REBOOT is not set +# CONFIG_ESP_SYSTEM_PANIC_GDBSTUB is not set +# CONFIG_ESP_SYSTEM_GDBSTUB_RUNTIME is not set + +# +# Memory protection +# +# end of Memory protection + +CONFIG_ESP_SYSTEM_EVENT_QUEUE_SIZE=32 +CONFIG_ESP_SYSTEM_EVENT_TASK_STACK_SIZE=2304 +CONFIG_ESP_MAIN_TASK_STACK_SIZE=3584 +CONFIG_ESP_MAIN_TASK_AFFINITY_CPU0=y +# CONFIG_ESP_MAIN_TASK_AFFINITY_CPU1 is not set +# CONFIG_ESP_MAIN_TASK_AFFINITY_NO_AFFINITY is not set +CONFIG_ESP_MAIN_TASK_AFFINITY=0x0 +CONFIG_ESP_MINIMAL_SHARED_STACK_SIZE=2048 +CONFIG_ESP_CONSOLE_UART_DEFAULT=y +# CONFIG_ESP_CONSOLE_UART_CUSTOM is not set +# CONFIG_ESP_CONSOLE_NONE is not set +CONFIG_ESP_CONSOLE_UART=y +CONFIG_ESP_CONSOLE_MULTIPLE_UART=y +CONFIG_ESP_CONSOLE_UART_NUM=0 +CONFIG_ESP_CONSOLE_UART_BAUDRATE=115200 +CONFIG_ESP_INT_WDT=y +CONFIG_ESP_INT_WDT_TIMEOUT_MS=300 +CONFIG_ESP_INT_WDT_CHECK_CPU1=y +CONFIG_ESP_TASK_WDT=y +# CONFIG_ESP_TASK_WDT_PANIC is not set +CONFIG_ESP_TASK_WDT_TIMEOUT_S=5 +CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU0=y +CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU1=y +# CONFIG_ESP_PANIC_HANDLER_IRAM is not set +# CONFIG_ESP_DEBUG_STUBS_ENABLE is not set +# CONFIG_ESP_SYSTEM_CHECK_INT_LEVEL_5 is not set +CONFIG_ESP_SYSTEM_CHECK_INT_LEVEL_4=y +# end of ESP System Settings + +# +# High resolution timer (esp_timer) +# +# CONFIG_ESP_TIMER_PROFILING is not set +CONFIG_ESP_TIME_FUNCS_USE_RTC_TIMER=y +CONFIG_ESP_TIME_FUNCS_USE_ESP_TIMER=y +CONFIG_ESP_TIMER_TASK_STACK_SIZE=3584 +CONFIG_ESP_TIMER_INTERRUPT_LEVEL=1 +# CONFIG_ESP_TIMER_SUPPORTS_ISR_DISPATCH_METHOD is not set +# CONFIG_ESP_TIMER_IMPL_FRC2 is not set +CONFIG_ESP_TIMER_IMPL_TG0_LAC=y +# end of High resolution timer (esp_timer) + +# +# Wi-Fi +# +CONFIG_ESP32_WIFI_ENABLED=y +CONFIG_ESP32_WIFI_STATIC_RX_BUFFER_NUM=10 +CONFIG_ESP32_WIFI_DYNAMIC_RX_BUFFER_NUM=32 +# CONFIG_ESP32_WIFI_STATIC_TX_BUFFER is not set +CONFIG_ESP32_WIFI_DYNAMIC_TX_BUFFER=y +CONFIG_ESP32_WIFI_TX_BUFFER_TYPE=1 +CONFIG_ESP32_WIFI_DYNAMIC_TX_BUFFER_NUM=32 +# CONFIG_ESP32_WIFI_CSI_ENABLED is not set +CONFIG_ESP32_WIFI_AMPDU_TX_ENABLED=y +CONFIG_ESP32_WIFI_TX_BA_WIN=6 +CONFIG_ESP32_WIFI_AMPDU_RX_ENABLED=y +CONFIG_ESP32_WIFI_RX_BA_WIN=6 +CONFIG_ESP32_WIFI_NVS_ENABLED=y +CONFIG_ESP32_WIFI_TASK_PINNED_TO_CORE_0=y +# CONFIG_ESP32_WIFI_TASK_PINNED_TO_CORE_1 is not set +CONFIG_ESP32_WIFI_SOFTAP_BEACON_MAX_LEN=752 +CONFIG_ESP32_WIFI_MGMT_SBUF_NUM=32 +CONFIG_ESP32_WIFI_IRAM_OPT=y +CONFIG_ESP32_WIFI_RX_IRAM_OPT=y +CONFIG_ESP32_WIFI_ENABLE_WPA3_SAE=y +# CONFIG_ESP_WIFI_SLP_IRAM_OPT is not set +# CONFIG_ESP_WIFI_STA_DISCONNECTED_PM_ENABLE is not set +# CONFIG_ESP_WIFI_GMAC_SUPPORT is not set +CONFIG_ESP_WIFI_SOFTAP_SUPPORT=y +# end of Wi-Fi + +# +# Core dump +# +# CONFIG_ESP_COREDUMP_ENABLE_TO_FLASH is not set +# CONFIG_ESP_COREDUMP_ENABLE_TO_UART is not set +CONFIG_ESP_COREDUMP_ENABLE_TO_NONE=y +# end of Core dump + +# +# FAT Filesystem support +# +# CONFIG_FATFS_CODEPAGE_DYNAMIC is not set +CONFIG_FATFS_CODEPAGE_437=y +# CONFIG_FATFS_CODEPAGE_720 is not set +# CONFIG_FATFS_CODEPAGE_737 is not set +# CONFIG_FATFS_CODEPAGE_771 is not set +# CONFIG_FATFS_CODEPAGE_775 is not set +# CONFIG_FATFS_CODEPAGE_850 is not set +# CONFIG_FATFS_CODEPAGE_852 is not set +# CONFIG_FATFS_CODEPAGE_855 is not set +# CONFIG_FATFS_CODEPAGE_857 is not set +# CONFIG_FATFS_CODEPAGE_860 is not set +# CONFIG_FATFS_CODEPAGE_861 is not set +# CONFIG_FATFS_CODEPAGE_862 is not set +# CONFIG_FATFS_CODEPAGE_863 is not set +# CONFIG_FATFS_CODEPAGE_864 is not set +# CONFIG_FATFS_CODEPAGE_865 is not set +# CONFIG_FATFS_CODEPAGE_866 is not set +# CONFIG_FATFS_CODEPAGE_869 is not set +# CONFIG_FATFS_CODEPAGE_932 is not set +# CONFIG_FATFS_CODEPAGE_936 is not set +# CONFIG_FATFS_CODEPAGE_949 is not set +# CONFIG_FATFS_CODEPAGE_950 is not set +CONFIG_FATFS_CODEPAGE=437 +CONFIG_FATFS_LFN_NONE=y +# CONFIG_FATFS_LFN_HEAP is not set +# CONFIG_FATFS_LFN_STACK is not set +CONFIG_FATFS_FS_LOCK=0 +CONFIG_FATFS_TIMEOUT_MS=10000 +CONFIG_FATFS_PER_FILE_CACHE=y +# CONFIG_FATFS_USE_FASTSEEK is not set +# end of FAT Filesystem support + +# +# Modbus configuration +# +CONFIG_FMB_COMM_MODE_TCP_EN=y +CONFIG_FMB_TCP_PORT_DEFAULT=502 +CONFIG_FMB_TCP_PORT_MAX_CONN=5 +CONFIG_FMB_TCP_CONNECTION_TOUT_SEC=20 +CONFIG_FMB_COMM_MODE_RTU_EN=y +CONFIG_FMB_COMM_MODE_ASCII_EN=y +CONFIG_FMB_MASTER_TIMEOUT_MS_RESPOND=150 +CONFIG_FMB_MASTER_DELAY_MS_CONVERT=200 +CONFIG_FMB_QUEUE_LENGTH=20 +CONFIG_FMB_PORT_TASK_STACK_SIZE=4096 +CONFIG_FMB_SERIAL_BUF_SIZE=256 +CONFIG_FMB_SERIAL_ASCII_BITS_PER_SYMB=8 +CONFIG_FMB_SERIAL_ASCII_TIMEOUT_RESPOND_MS=1000 +CONFIG_FMB_PORT_TASK_PRIO=10 +# CONFIG_FMB_PORT_TASK_AFFINITY_NO_AFFINITY is not set +CONFIG_FMB_PORT_TASK_AFFINITY_CPU0=y +# CONFIG_FMB_PORT_TASK_AFFINITY_CPU1 is not set +CONFIG_FMB_PORT_TASK_AFFINITY=0x0 +CONFIG_FMB_CONTROLLER_SLAVE_ID_SUPPORT=y +CONFIG_FMB_CONTROLLER_SLAVE_ID=0x00112233 +CONFIG_FMB_CONTROLLER_NOTIFY_TIMEOUT=20 +CONFIG_FMB_CONTROLLER_NOTIFY_QUEUE_SIZE=20 +CONFIG_FMB_CONTROLLER_STACK_SIZE=4096 +CONFIG_FMB_EVENT_QUEUE_TIMEOUT=20 +# CONFIG_FMB_TIMER_PORT_ENABLED is not set +CONFIG_FMB_TIMER_GROUP=0 +CONFIG_FMB_TIMER_INDEX=0 +CONFIG_FMB_MASTER_TIMER_GROUP=0 +CONFIG_FMB_MASTER_TIMER_INDEX=0 +# CONFIG_FMB_TIMER_ISR_IN_IRAM is not set +# end of Modbus configuration + +# +# FreeRTOS +# +# CONFIG_FREERTOS_UNICORE is not set +CONFIG_FREERTOS_NO_AFFINITY=0x7FFFFFFF +CONFIG_FREERTOS_TICK_SUPPORT_CORETIMER=y +CONFIG_FREERTOS_CORETIMER_0=y +# CONFIG_FREERTOS_CORETIMER_1 is not set +CONFIG_FREERTOS_SYSTICK_USES_CCOUNT=y +CONFIG_FREERTOS_HZ=100 +CONFIG_FREERTOS_ASSERT_ON_UNTESTED_FUNCTION=y +# CONFIG_FREERTOS_CHECK_STACKOVERFLOW_NONE is not set +# CONFIG_FREERTOS_CHECK_STACKOVERFLOW_PTRVAL is not set +CONFIG_FREERTOS_CHECK_STACKOVERFLOW_CANARY=y +# CONFIG_FREERTOS_WATCHPOINT_END_OF_STACK is not set +CONFIG_FREERTOS_INTERRUPT_BACKTRACE=y +CONFIG_FREERTOS_THREAD_LOCAL_STORAGE_POINTERS=1 +CONFIG_FREERTOS_ASSERT_FAIL_ABORT=y +# CONFIG_FREERTOS_ASSERT_FAIL_PRINT_CONTINUE is not set +# CONFIG_FREERTOS_ASSERT_DISABLE is not set +CONFIG_FREERTOS_IDLE_TASK_STACKSIZE=1536 +CONFIG_FREERTOS_ISR_STACKSIZE=1536 +# CONFIG_FREERTOS_LEGACY_HOOKS is not set +CONFIG_FREERTOS_MAX_TASK_NAME_LEN=16 +CONFIG_FREERTOS_SUPPORT_STATIC_ALLOCATION=y +# CONFIG_FREERTOS_ENABLE_STATIC_TASK_CLEAN_UP is not set +CONFIG_FREERTOS_TIMER_TASK_PRIORITY=1 +CONFIG_FREERTOS_TIMER_TASK_STACK_DEPTH=2048 +CONFIG_FREERTOS_TIMER_QUEUE_LENGTH=10 +CONFIG_FREERTOS_QUEUE_REGISTRY_SIZE=0 +# CONFIG_FREERTOS_USE_TRACE_FACILITY is not set +# CONFIG_FREERTOS_GENERATE_RUN_TIME_STATS is not set +CONFIG_FREERTOS_TASK_FUNCTION_WRAPPER=y +CONFIG_FREERTOS_CHECK_MUTEX_GIVEN_BY_OWNER=y +# CONFIG_FREERTOS_CHECK_PORT_CRITICAL_COMPLIANCE is not set +# CONFIG_FREERTOS_PLACE_FUNCTIONS_INTO_FLASH is not set +CONFIG_FREERTOS_DEBUG_OCDAWARE=y +# CONFIG_FREERTOS_FPU_IN_ISR is not set +CONFIG_FREERTOS_ENABLE_TASK_SNAPSHOT=y +# CONFIG_FREERTOS_PLACE_SNAPSHOT_FUNS_INTO_FLASH is not set +# end of FreeRTOS + +# +# Hardware Abstraction Layer (HAL) and Low Level (LL) +# +CONFIG_HAL_ASSERTION_EQUALS_SYSTEM=y +# CONFIG_HAL_ASSERTION_DISABLE is not set +# CONFIG_HAL_ASSERTION_SILIENT is not set +# CONFIG_HAL_ASSERTION_ENABLE is not set +CONFIG_HAL_DEFAULT_ASSERTION_LEVEL=2 +# end of Hardware Abstraction Layer (HAL) and Low Level (LL) + +# +# Heap memory debugging +# +CONFIG_HEAP_POISONING_DISABLED=y +# CONFIG_HEAP_POISONING_LIGHT is not set +# CONFIG_HEAP_POISONING_COMPREHENSIVE is not set +CONFIG_HEAP_TRACING_OFF=y +# CONFIG_HEAP_TRACING_STANDALONE is not set +# CONFIG_HEAP_TRACING_TOHOST is not set +# CONFIG_HEAP_ABORT_WHEN_ALLOCATION_FAILS is not set +# end of Heap memory debugging + +# +# jsmn +# +# CONFIG_JSMN_PARENT_LINKS is not set +# CONFIG_JSMN_STRICT is not set +# end of jsmn + +# +# libsodium +# +# end of libsodium + +# +# Log output +# +CONFIG_LOG_DEFAULT_LEVEL_NONE=y +# CONFIG_LOG_DEFAULT_LEVEL_ERROR is not set +# CONFIG_LOG_DEFAULT_LEVEL_WARN is not set +# CONFIG_LOG_DEFAULT_LEVEL_INFO is not set +# CONFIG_LOG_DEFAULT_LEVEL_DEBUG is not set +# CONFIG_LOG_DEFAULT_LEVEL_VERBOSE is not set +CONFIG_LOG_DEFAULT_LEVEL=0 +CONFIG_LOG_MAXIMUM_EQUALS_DEFAULT=y +# CONFIG_LOG_MAXIMUM_LEVEL_ERROR is not set +# CONFIG_LOG_MAXIMUM_LEVEL_WARN is not set +# CONFIG_LOG_MAXIMUM_LEVEL_INFO is not set +# CONFIG_LOG_MAXIMUM_LEVEL_DEBUG is not set +# CONFIG_LOG_MAXIMUM_LEVEL_VERBOSE is not set +CONFIG_LOG_MAXIMUM_LEVEL=0 +CONFIG_LOG_COLORS=y +CONFIG_LOG_TIMESTAMP_SOURCE_RTOS=y +# CONFIG_LOG_TIMESTAMP_SOURCE_SYSTEM is not set +# end of Log output + +# +# LWIP +# +CONFIG_LWIP_LOCAL_HOSTNAME="espressif" +# CONFIG_LWIP_NETIF_API is not set +# CONFIG_LWIP_TCPIP_CORE_LOCKING is not set +CONFIG_LWIP_DNS_SUPPORT_MDNS_QUERIES=y +# CONFIG_LWIP_L2_TO_L3_COPY is not set +# CONFIG_LWIP_IRAM_OPTIMIZATION is not set +CONFIG_LWIP_TIMERS_ONDEMAND=y +CONFIG_LWIP_MAX_SOCKETS=10 +# CONFIG_LWIP_USE_ONLY_LWIP_SELECT is not set +# CONFIG_LWIP_SO_LINGER is not set +CONFIG_LWIP_SO_REUSE=y +CONFIG_LWIP_SO_REUSE_RXTOALL=y +CONFIG_LWIP_SO_RCVBUF=y +# CONFIG_LWIP_NETBUF_RECVINFO is not set +CONFIG_LWIP_IP4_FRAG=y +CONFIG_LWIP_IP6_FRAG=y +# CONFIG_LWIP_IP4_REASSEMBLY is not set +# CONFIG_LWIP_IP6_REASSEMBLY is not set +# CONFIG_LWIP_IP_FORWARD is not set +# CONFIG_LWIP_STATS is not set +# CONFIG_LWIP_ETHARP_TRUST_IP_MAC is not set +CONFIG_LWIP_ESP_GRATUITOUS_ARP=y +CONFIG_LWIP_GARP_TMR_INTERVAL=60 +CONFIG_LWIP_TCPIP_RECVMBOX_SIZE=32 +CONFIG_LWIP_DHCP_DOES_ARP_CHECK=y +# CONFIG_LWIP_DHCP_DISABLE_CLIENT_ID is not set +CONFIG_LWIP_DHCP_DISABLE_VENDOR_CLASS_ID=y +# CONFIG_LWIP_DHCP_RESTORE_LAST_IP is not set +CONFIG_LWIP_DHCP_OPTIONS_LEN=68 + +# +# DHCP server +# +CONFIG_LWIP_DHCPS=y +CONFIG_LWIP_DHCPS_LEASE_UNIT=60 +CONFIG_LWIP_DHCPS_MAX_STATION_NUM=8 +# end of DHCP server + +# CONFIG_LWIP_AUTOIP is not set +CONFIG_LWIP_IPV6=y +# CONFIG_LWIP_IPV6_AUTOCONFIG is not set +CONFIG_LWIP_IPV6_NUM_ADDRESSES=3 +# CONFIG_LWIP_IPV6_FORWARD is not set +# CONFIG_LWIP_NETIF_STATUS_CALLBACK is not set +CONFIG_LWIP_NETIF_LOOPBACK=y +CONFIG_LWIP_LOOPBACK_MAX_PBUFS=8 + +# +# TCP +# +CONFIG_LWIP_MAX_ACTIVE_TCP=16 +CONFIG_LWIP_MAX_LISTENING_TCP=16 +CONFIG_LWIP_TCP_HIGH_SPEED_RETRANSMISSION=y +CONFIG_LWIP_TCP_MAXRTX=12 +CONFIG_LWIP_TCP_SYNMAXRTX=12 +CONFIG_LWIP_TCP_MSS=1440 +CONFIG_LWIP_TCP_TMR_INTERVAL=250 +CONFIG_LWIP_TCP_MSL=60000 +CONFIG_LWIP_TCP_SND_BUF_DEFAULT=5744 +CONFIG_LWIP_TCP_WND_DEFAULT=5744 +CONFIG_LWIP_TCP_RECVMBOX_SIZE=6 +CONFIG_LWIP_TCP_QUEUE_OOSEQ=y +# CONFIG_LWIP_TCP_SACK_OUT is not set +# CONFIG_LWIP_TCP_KEEP_CONNECTION_WHEN_IP_CHANGES is not set +CONFIG_LWIP_TCP_OVERSIZE_MSS=y +# CONFIG_LWIP_TCP_OVERSIZE_QUARTER_MSS is not set +# CONFIG_LWIP_TCP_OVERSIZE_DISABLE is not set +CONFIG_LWIP_TCP_RTO_TIME=1500 +# end of TCP + +# +# UDP +# +CONFIG_LWIP_MAX_UDP_PCBS=16 +CONFIG_LWIP_UDP_RECVMBOX_SIZE=6 +# end of UDP + +# +# Checksums +# +# CONFIG_LWIP_CHECKSUM_CHECK_IP is not set +# CONFIG_LWIP_CHECKSUM_CHECK_UDP is not set +CONFIG_LWIP_CHECKSUM_CHECK_ICMP=y +# end of Checksums + +CONFIG_LWIP_TCPIP_TASK_STACK_SIZE=3072 +CONFIG_LWIP_TCPIP_TASK_AFFINITY_NO_AFFINITY=y +# CONFIG_LWIP_TCPIP_TASK_AFFINITY_CPU0 is not set +# CONFIG_LWIP_TCPIP_TASK_AFFINITY_CPU1 is not set +CONFIG_LWIP_TCPIP_TASK_AFFINITY=0x7FFFFFFF +# CONFIG_LWIP_PPP_SUPPORT is not set +CONFIG_LWIP_IPV6_MEMP_NUM_ND6_QUEUE=3 +CONFIG_LWIP_IPV6_ND6_NUM_NEIGHBORS=5 +# CONFIG_LWIP_SLIP_SUPPORT is not set + +# +# ICMP +# +CONFIG_LWIP_ICMP=y +# CONFIG_LWIP_MULTICAST_PING is not set +# CONFIG_LWIP_BROADCAST_PING is not set +# end of ICMP + +# +# LWIP RAW API +# +CONFIG_LWIP_MAX_RAW_PCBS=16 +# end of LWIP RAW API + +# +# SNTP +# +CONFIG_LWIP_SNTP_MAX_SERVERS=1 +# CONFIG_LWIP_DHCP_GET_NTP_SRV is not set +CONFIG_LWIP_SNTP_UPDATE_DELAY=3600000 +# end of SNTP + +CONFIG_LWIP_ESP_LWIP_ASSERT=y + +# +# Hooks +# +# CONFIG_LWIP_HOOK_TCP_ISN_NONE is not set +CONFIG_LWIP_HOOK_TCP_ISN_DEFAULT=y +# CONFIG_LWIP_HOOK_TCP_ISN_CUSTOM is not set +CONFIG_LWIP_HOOK_IP6_ROUTE_NONE=y +# CONFIG_LWIP_HOOK_IP6_ROUTE_DEFAULT is not set +# CONFIG_LWIP_HOOK_IP6_ROUTE_CUSTOM is not set +CONFIG_LWIP_HOOK_ND6_GET_GW_NONE=y +# CONFIG_LWIP_HOOK_ND6_GET_GW_DEFAULT is not set +# CONFIG_LWIP_HOOK_ND6_GET_GW_CUSTOM is not set +CONFIG_LWIP_HOOK_NETCONN_EXT_RESOLVE_NONE=y +# CONFIG_LWIP_HOOK_NETCONN_EXT_RESOLVE_DEFAULT is not set +# CONFIG_LWIP_HOOK_NETCONN_EXT_RESOLVE_CUSTOM is not set +# end of Hooks + +# CONFIG_LWIP_DEBUG is not set +# end of LWIP + +# +# mbedTLS +# +CONFIG_MBEDTLS_INTERNAL_MEM_ALLOC=y +# CONFIG_MBEDTLS_DEFAULT_MEM_ALLOC is not set +# CONFIG_MBEDTLS_CUSTOM_MEM_ALLOC is not set +CONFIG_MBEDTLS_ASYMMETRIC_CONTENT_LEN=y +CONFIG_MBEDTLS_SSL_IN_CONTENT_LEN=16384 +CONFIG_MBEDTLS_SSL_OUT_CONTENT_LEN=4096 +# CONFIG_MBEDTLS_DYNAMIC_BUFFER is not set +# CONFIG_MBEDTLS_DEBUG is not set + +# +# mbedTLS v2.28.x related +# +# CONFIG_MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH is not set +# CONFIG_MBEDTLS_X509_TRUSTED_CERT_CALLBACK is not set +# CONFIG_MBEDTLS_SSL_CONTEXT_SERIALIZATION is not set +CONFIG_MBEDTLS_SSL_KEEP_PEER_CERTIFICATE=y +# end of mbedTLS v2.28.x related + +# +# Certificate Bundle +# +CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=y +CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_FULL=y +# CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_CMN is not set +# CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_NONE is not set +# CONFIG_MBEDTLS_CUSTOM_CERTIFICATE_BUNDLE is not set +# end of Certificate Bundle + +# CONFIG_MBEDTLS_ECP_RESTARTABLE is not set +# CONFIG_MBEDTLS_CMAC_C is not set +CONFIG_MBEDTLS_HARDWARE_AES=y +CONFIG_MBEDTLS_HARDWARE_MPI=y +CONFIG_MBEDTLS_HARDWARE_SHA=y +CONFIG_MBEDTLS_ROM_MD5=y +# CONFIG_MBEDTLS_ATCA_HW_ECDSA_SIGN is not set +# CONFIG_MBEDTLS_ATCA_HW_ECDSA_VERIFY is not set +CONFIG_MBEDTLS_HAVE_TIME=y +# CONFIG_MBEDTLS_HAVE_TIME_DATE is not set +CONFIG_MBEDTLS_ECDSA_DETERMINISTIC=y +CONFIG_MBEDTLS_SHA512_C=y +CONFIG_MBEDTLS_TLS_SERVER_AND_CLIENT=y +# CONFIG_MBEDTLS_TLS_SERVER_ONLY is not set +# CONFIG_MBEDTLS_TLS_CLIENT_ONLY is not set +# CONFIG_MBEDTLS_TLS_DISABLED is not set +CONFIG_MBEDTLS_TLS_SERVER=y +CONFIG_MBEDTLS_TLS_CLIENT=y +CONFIG_MBEDTLS_TLS_ENABLED=y + +# +# TLS Key Exchange Methods +# +# CONFIG_MBEDTLS_PSK_MODES is not set +CONFIG_MBEDTLS_KEY_EXCHANGE_RSA=y +CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_RSA=y +CONFIG_MBEDTLS_KEY_EXCHANGE_ELLIPTIC_CURVE=y +CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_RSA=y +CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA=y +CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA=y +CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_RSA=y +# end of TLS Key Exchange Methods + +CONFIG_MBEDTLS_SSL_RENEGOTIATION=y +# CONFIG_MBEDTLS_SSL_PROTO_SSL3 is not set +CONFIG_MBEDTLS_SSL_PROTO_TLS1=y +CONFIG_MBEDTLS_SSL_PROTO_TLS1_1=y +CONFIG_MBEDTLS_SSL_PROTO_TLS1_2=y +# CONFIG_MBEDTLS_SSL_PROTO_GMTSSL1_1 is not set +# CONFIG_MBEDTLS_SSL_PROTO_DTLS is not set +CONFIG_MBEDTLS_SSL_ALPN=y +CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=y +CONFIG_MBEDTLS_X509_CHECK_KEY_USAGE=y +CONFIG_MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE=y +CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS=y + +# +# Symmetric Ciphers +# +CONFIG_MBEDTLS_AES_C=y +# CONFIG_MBEDTLS_CAMELLIA_C is not set +# CONFIG_MBEDTLS_DES_C is not set +CONFIG_MBEDTLS_RC4_DISABLED=y +# CONFIG_MBEDTLS_RC4_ENABLED_NO_DEFAULT is not set +# CONFIG_MBEDTLS_RC4_ENABLED is not set +# CONFIG_MBEDTLS_BLOWFISH_C is not set +# CONFIG_MBEDTLS_XTEA_C is not set +CONFIG_MBEDTLS_CCM_C=y +CONFIG_MBEDTLS_GCM_C=y +# CONFIG_MBEDTLS_NIST_KW_C is not set +# end of Symmetric Ciphers + +# CONFIG_MBEDTLS_RIPEMD160_C is not set + +# +# Certificates +# +CONFIG_MBEDTLS_PEM_PARSE_C=y +CONFIG_MBEDTLS_PEM_WRITE_C=y +CONFIG_MBEDTLS_X509_CRL_PARSE_C=y +CONFIG_MBEDTLS_X509_CSR_PARSE_C=y +# end of Certificates + +CONFIG_MBEDTLS_ECP_C=y +CONFIG_MBEDTLS_ECDH_C=y +CONFIG_MBEDTLS_ECDSA_C=y +# CONFIG_MBEDTLS_ECJPAKE_C is not set +CONFIG_MBEDTLS_ECP_DP_SECP192R1_ENABLED=y +CONFIG_MBEDTLS_ECP_DP_SECP224R1_ENABLED=y +CONFIG_MBEDTLS_ECP_DP_SECP256R1_ENABLED=y +CONFIG_MBEDTLS_ECP_DP_SECP384R1_ENABLED=y +CONFIG_MBEDTLS_ECP_DP_SECP521R1_ENABLED=y +CONFIG_MBEDTLS_ECP_DP_SECP192K1_ENABLED=y +CONFIG_MBEDTLS_ECP_DP_SECP224K1_ENABLED=y +CONFIG_MBEDTLS_ECP_DP_SECP256K1_ENABLED=y +CONFIG_MBEDTLS_ECP_DP_BP256R1_ENABLED=y +CONFIG_MBEDTLS_ECP_DP_BP384R1_ENABLED=y +CONFIG_MBEDTLS_ECP_DP_BP512R1_ENABLED=y +CONFIG_MBEDTLS_ECP_DP_CURVE25519_ENABLED=y +CONFIG_MBEDTLS_ECP_NIST_OPTIM=y +# CONFIG_MBEDTLS_POLY1305_C is not set +# CONFIG_MBEDTLS_CHACHA20_C is not set +# CONFIG_MBEDTLS_HKDF_C is not set +# CONFIG_MBEDTLS_THREADING_C is not set +# CONFIG_MBEDTLS_LARGE_KEY_SOFTWARE_MPI is not set +# CONFIG_MBEDTLS_SECURITY_RISKS is not set +# end of mbedTLS + +# +# mDNS +# +CONFIG_MDNS_MAX_SERVICES=10 +CONFIG_MDNS_TASK_PRIORITY=1 +CONFIG_MDNS_TASK_STACK_SIZE=4096 +# CONFIG_MDNS_TASK_AFFINITY_NO_AFFINITY is not set +CONFIG_MDNS_TASK_AFFINITY_CPU0=y +# CONFIG_MDNS_TASK_AFFINITY_CPU1 is not set +CONFIG_MDNS_TASK_AFFINITY=0x0 +CONFIG_MDNS_SERVICE_ADD_TIMEOUT_MS=2000 +# CONFIG_MDNS_STRICT_MODE is not set +CONFIG_MDNS_TIMER_PERIOD_MS=100 +# CONFIG_MDNS_NETWORKING_SOCKET is not set +CONFIG_MDNS_MULTIPLE_INSTANCE=y +# end of mDNS + +# +# ESP-MQTT Configurations +# +CONFIG_MQTT_PROTOCOL_311=y +CONFIG_MQTT_TRANSPORT_SSL=y +CONFIG_MQTT_TRANSPORT_WEBSOCKET=y +CONFIG_MQTT_TRANSPORT_WEBSOCKET_SECURE=y +# CONFIG_MQTT_MSG_ID_INCREMENTAL is not set +# CONFIG_MQTT_SKIP_PUBLISH_IF_DISCONNECTED is not set +# CONFIG_MQTT_REPORT_DELETED_MESSAGES is not set +# CONFIG_MQTT_USE_CUSTOM_CONFIG is not set +# CONFIG_MQTT_TASK_CORE_SELECTION_ENABLED is not set +# CONFIG_MQTT_CUSTOM_OUTBOX is not set +# end of ESP-MQTT Configurations + +# +# Newlib +# +CONFIG_NEWLIB_STDOUT_LINE_ENDING_CRLF=y +# CONFIG_NEWLIB_STDOUT_LINE_ENDING_LF is not set +# CONFIG_NEWLIB_STDOUT_LINE_ENDING_CR is not set +# CONFIG_NEWLIB_STDIN_LINE_ENDING_CRLF is not set +# CONFIG_NEWLIB_STDIN_LINE_ENDING_LF is not set +CONFIG_NEWLIB_STDIN_LINE_ENDING_CR=y +# CONFIG_NEWLIB_NANO_FORMAT is not set +# end of Newlib + +# +# NVS +# +# end of NVS + +# +# OpenSSL +# +# CONFIG_OPENSSL_DEBUG is not set +CONFIG_OPENSSL_ERROR_STACK=y +# CONFIG_OPENSSL_ASSERT_DO_NOTHING is not set +CONFIG_OPENSSL_ASSERT_EXIT=y +# end of OpenSSL + +# +# OpenThread +# +# CONFIG_OPENTHREAD_ENABLED is not set +# end of OpenThread + +# +# PThreads +# +CONFIG_PTHREAD_TASK_PRIO_DEFAULT=5 +CONFIG_PTHREAD_TASK_STACK_SIZE_DEFAULT=3072 +CONFIG_PTHREAD_STACK_MIN=768 +CONFIG_PTHREAD_DEFAULT_CORE_NO_AFFINITY=y +# CONFIG_PTHREAD_DEFAULT_CORE_0 is not set +# CONFIG_PTHREAD_DEFAULT_CORE_1 is not set +CONFIG_PTHREAD_TASK_CORE_DEFAULT=-1 +CONFIG_PTHREAD_TASK_NAME_DEFAULT="pthread" +# end of PThreads + +# +# SPI Flash driver +# +# CONFIG_SPI_FLASH_VERIFY_WRITE is not set +# CONFIG_SPI_FLASH_ENABLE_COUNTERS is not set +CONFIG_SPI_FLASH_ROM_DRIVER_PATCH=y +CONFIG_SPI_FLASH_DANGEROUS_WRITE_ABORTS=y +# CONFIG_SPI_FLASH_DANGEROUS_WRITE_FAILS is not set +# CONFIG_SPI_FLASH_DANGEROUS_WRITE_ALLOWED is not set +# CONFIG_SPI_FLASH_USE_LEGACY_IMPL is not set +# CONFIG_SPI_FLASH_SHARE_SPI1_BUS is not set +# CONFIG_SPI_FLASH_BYPASS_BLOCK_ERASE is not set +CONFIG_SPI_FLASH_YIELD_DURING_ERASE=y +CONFIG_SPI_FLASH_ERASE_YIELD_DURATION_MS=20 +CONFIG_SPI_FLASH_ERASE_YIELD_TICKS=1 +CONFIG_SPI_FLASH_WRITE_CHUNK_SIZE=8192 +# CONFIG_SPI_FLASH_SIZE_OVERRIDE is not set +# CONFIG_SPI_FLASH_CHECK_ERASE_TIMEOUT_DISABLED is not set +# CONFIG_SPI_FLASH_OVERRIDE_CHIP_DRIVER_LIST is not set + +# +# Auto-detect flash chips +# +CONFIG_SPI_FLASH_SUPPORT_ISSI_CHIP=y +CONFIG_SPI_FLASH_SUPPORT_MXIC_CHIP=y +CONFIG_SPI_FLASH_SUPPORT_GD_CHIP=y +CONFIG_SPI_FLASH_SUPPORT_WINBOND_CHIP=y +# CONFIG_SPI_FLASH_SUPPORT_BOYA_CHIP is not set +# CONFIG_SPI_FLASH_SUPPORT_TH_CHIP is not set +# end of Auto-detect flash chips + +CONFIG_SPI_FLASH_ENABLE_ENCRYPTED_READ_WRITE=y +# end of SPI Flash driver + +# +# SPIFFS Configuration +# +CONFIG_SPIFFS_MAX_PARTITIONS=3 + +# +# SPIFFS Cache Configuration +# +CONFIG_SPIFFS_CACHE=y +CONFIG_SPIFFS_CACHE_WR=y +# CONFIG_SPIFFS_CACHE_STATS is not set +# end of SPIFFS Cache Configuration + +CONFIG_SPIFFS_PAGE_CHECK=y +CONFIG_SPIFFS_GC_MAX_RUNS=10 +# CONFIG_SPIFFS_GC_STATS is not set +CONFIG_SPIFFS_PAGE_SIZE=256 +CONFIG_SPIFFS_OBJ_NAME_LEN=32 +# CONFIG_SPIFFS_FOLLOW_SYMLINKS is not set +CONFIG_SPIFFS_USE_MAGIC=y +CONFIG_SPIFFS_USE_MAGIC_LENGTH=y +CONFIG_SPIFFS_META_LENGTH=4 +CONFIG_SPIFFS_USE_MTIME=y + +# +# Debug Configuration +# +# CONFIG_SPIFFS_DBG is not set +# CONFIG_SPIFFS_API_DBG is not set +# CONFIG_SPIFFS_GC_DBG is not set +# CONFIG_SPIFFS_CACHE_DBG is not set +# CONFIG_SPIFFS_CHECK_DBG is not set +# CONFIG_SPIFFS_TEST_VISUALISATION is not set +# end of Debug Configuration +# end of SPIFFS Configuration + +# +# TCP Transport +# + +# +# Websocket +# +CONFIG_WS_TRANSPORT=y +CONFIG_WS_BUFFER_SIZE=1024 +# end of Websocket +# end of TCP Transport + +# +# Unity unit testing library +# +CONFIG_UNITY_ENABLE_FLOAT=y +CONFIG_UNITY_ENABLE_DOUBLE=y +# CONFIG_UNITY_ENABLE_64BIT is not set +# CONFIG_UNITY_ENABLE_COLOR is not set +CONFIG_UNITY_ENABLE_IDF_TEST_RUNNER=y +# CONFIG_UNITY_ENABLE_FIXTURE is not set +# CONFIG_UNITY_ENABLE_BACKTRACE_ON_FAIL is not set +# end of Unity unit testing library + +# +# Virtual file system +# +CONFIG_VFS_SUPPORT_IO=y +CONFIG_VFS_SUPPORT_DIR=y +CONFIG_VFS_SUPPORT_SELECT=y +CONFIG_VFS_SUPPRESS_SELECT_DEBUG_OUTPUT=y +CONFIG_VFS_SUPPORT_TERMIOS=y + +# +# Host File System I/O (Semihosting) +# +CONFIG_VFS_SEMIHOSTFS_MAX_MOUNT_POINTS=1 +CONFIG_VFS_SEMIHOSTFS_HOST_PATH_MAX_LEN=128 +# end of Host File System I/O (Semihosting) +# end of Virtual file system + +# +# Wear Levelling +# +# CONFIG_WL_SECTOR_SIZE_512 is not set +CONFIG_WL_SECTOR_SIZE_4096=y +CONFIG_WL_SECTOR_SIZE=4096 +# end of Wear Levelling + +# +# Wi-Fi Provisioning Manager +# +CONFIG_WIFI_PROV_SCAN_MAX_ENTRIES=16 +CONFIG_WIFI_PROV_AUTOSTOP_TIMEOUT=30 +# end of Wi-Fi Provisioning Manager + +# +# Supplicant +# +CONFIG_WPA_MBEDTLS_CRYPTO=y +# CONFIG_WPA_WAPI_PSK is not set +# CONFIG_WPA_SUITE_B_192 is not set +# CONFIG_WPA_DEBUG_PRINT is not set +# CONFIG_WPA_TESTING_OPTIONS is not set +# CONFIG_WPA_WPS_STRICT is not set +# CONFIG_WPA_11KV_SUPPORT is not set +# end of Supplicant +# end of Component config + +# +# Compatibility options +# +# CONFIG_LEGACY_INCLUDE_COMMON_HEADERS is not set +# end of Compatibility options + +# Deprecated options for backward compatibility +CONFIG_TOOLPREFIX="xtensa-esp32-elf-" +CONFIG_LOG_BOOTLOADER_LEVEL_NONE=y +# CONFIG_LOG_BOOTLOADER_LEVEL_ERROR is not set +# CONFIG_LOG_BOOTLOADER_LEVEL_WARN is not set +# CONFIG_LOG_BOOTLOADER_LEVEL_INFO is not set +# CONFIG_LOG_BOOTLOADER_LEVEL_DEBUG is not set +# CONFIG_LOG_BOOTLOADER_LEVEL_VERBOSE is not set +CONFIG_LOG_BOOTLOADER_LEVEL=0 +# CONFIG_APP_ROLLBACK_ENABLE is not set +# CONFIG_FLASH_ENCRYPTION_ENABLED is not set +# CONFIG_FLASHMODE_QIO is not set +# CONFIG_FLASHMODE_QOUT is not set +CONFIG_FLASHMODE_DIO=y +# CONFIG_FLASHMODE_DOUT is not set +# CONFIG_MONITOR_BAUD_9600B is not set +# CONFIG_MONITOR_BAUD_57600B is not set +CONFIG_MONITOR_BAUD_115200B=y +# CONFIG_MONITOR_BAUD_230400B is not set +# CONFIG_MONITOR_BAUD_921600B is not set +# CONFIG_MONITOR_BAUD_2MB is not set +# CONFIG_MONITOR_BAUD_OTHER is not set +CONFIG_MONITOR_BAUD_OTHER_VAL=115200 +CONFIG_MONITOR_BAUD=115200 +CONFIG_COMPILER_OPTIMIZATION_LEVEL_DEBUG=y +# CONFIG_COMPILER_OPTIMIZATION_LEVEL_RELEASE is not set +CONFIG_OPTIMIZATION_ASSERTIONS_ENABLED=y +# CONFIG_OPTIMIZATION_ASSERTIONS_SILENT is not set +# CONFIG_OPTIMIZATION_ASSERTIONS_DISABLED is not set +CONFIG_OPTIMIZATION_ASSERTION_LEVEL=2 +# CONFIG_CXX_EXCEPTIONS is not set +CONFIG_STACK_CHECK_NONE=y +# CONFIG_STACK_CHECK_NORM is not set +# CONFIG_STACK_CHECK_STRONG is not set +# CONFIG_STACK_CHECK_ALL is not set +# CONFIG_WARN_WRITE_STRINGS is not set +# CONFIG_DISABLE_GCC8_WARNINGS is not set +# CONFIG_ESP32_APPTRACE_DEST_TRAX is not set +CONFIG_ESP32_APPTRACE_DEST_NONE=y +CONFIG_ESP32_APPTRACE_LOCK_ENABLE=y +CONFIG_ADC2_DISABLE_DAC=y +# CONFIG_SPIRAM_SUPPORT is not set +CONFIG_TRACEMEM_RESERVE_DRAM=0x0 +# CONFIG_ULP_COPROC_ENABLED is not set +CONFIG_ULP_COPROC_RESERVE_MEM=0 +CONFIG_BROWNOUT_DET=y +CONFIG_BROWNOUT_DET_LVL_SEL_0=y +# CONFIG_BROWNOUT_DET_LVL_SEL_1 is not set +# CONFIG_BROWNOUT_DET_LVL_SEL_2 is not set +# CONFIG_BROWNOUT_DET_LVL_SEL_3 is not set +# CONFIG_BROWNOUT_DET_LVL_SEL_4 is not set +# CONFIG_BROWNOUT_DET_LVL_SEL_5 is not set +# CONFIG_BROWNOUT_DET_LVL_SEL_6 is not set +# CONFIG_BROWNOUT_DET_LVL_SEL_7 is not set +CONFIG_BROWNOUT_DET_LVL=0 +CONFIG_ESP32_RTC_CLOCK_SOURCE_INTERNAL_RC=y +# CONFIG_ESP32_RTC_CLOCK_SOURCE_EXTERNAL_CRYSTAL is not set +# CONFIG_ESP32_RTC_CLOCK_SOURCE_EXTERNAL_OSC is not set +# CONFIG_ESP32_RTC_CLOCK_SOURCE_INTERNAL_8MD256 is not set +# CONFIG_DISABLE_BASIC_ROM_CONSOLE is not set +# CONFIG_NO_BLOBS is not set +# CONFIG_COMPATIBLE_PRE_V2_1_BOOTLOADERS is not set +# CONFIG_EVENT_LOOP_PROFILING is not set +CONFIG_POST_EVENTS_FROM_ISR=y +CONFIG_POST_EVENTS_FROM_IRAM_ISR=y +# CONFIG_TWO_UNIVERSAL_MAC_ADDRESS is not set +CONFIG_FOUR_UNIVERSAL_MAC_ADDRESS=y +CONFIG_NUMBER_OF_UNIVERSAL_MAC_ADDRESS=4 +CONFIG_ESP_SYSTEM_PD_FLASH=y +# CONFIG_ESP32C3_LIGHTSLEEP_GPIO_RESET_WORKAROUND is not set +CONFIG_IPC_TASK_STACK_SIZE=1536 +CONFIG_ESP32_PHY_CALIBRATION_AND_DATA_STORAGE=y +# CONFIG_ESP32_PHY_INIT_DATA_IN_PARTITION is not set +CONFIG_ESP32_PHY_MAX_WIFI_TX_POWER=20 +CONFIG_ESP32_PHY_MAX_TX_POWER=20 +CONFIG_ESP32_REDUCE_PHY_TX_POWER=y +# CONFIG_ESP32S2_PANIC_PRINT_HALT is not set +CONFIG_ESP32S2_PANIC_PRINT_REBOOT=y +# CONFIG_ESP32S2_PANIC_SILENT_REBOOT is not set +# CONFIG_ESP32S2_PANIC_GDBSTUB is not set +CONFIG_SYSTEM_EVENT_QUEUE_SIZE=32 +CONFIG_SYSTEM_EVENT_TASK_STACK_SIZE=2304 +CONFIG_MAIN_TASK_STACK_SIZE=3584 +CONFIG_CONSOLE_UART_DEFAULT=y +# CONFIG_CONSOLE_UART_CUSTOM is not set +# CONFIG_ESP_CONSOLE_UART_NONE is not set +CONFIG_CONSOLE_UART=y +CONFIG_CONSOLE_UART_NUM=0 +CONFIG_CONSOLE_UART_BAUDRATE=115200 +CONFIG_INT_WDT=y +CONFIG_INT_WDT_TIMEOUT_MS=300 +CONFIG_INT_WDT_CHECK_CPU1=y +CONFIG_TASK_WDT=y +# CONFIG_TASK_WDT_PANIC is not set +CONFIG_TASK_WDT_TIMEOUT_S=5 +CONFIG_TASK_WDT_CHECK_IDLE_TASK_CPU0=y +CONFIG_TASK_WDT_CHECK_IDLE_TASK_CPU1=y +# CONFIG_ESP32_DEBUG_STUBS_ENABLE is not set +CONFIG_TIMER_TASK_STACK_SIZE=3584 +# CONFIG_ESP32_ENABLE_COREDUMP_TO_FLASH is not set +# CONFIG_ESP32_ENABLE_COREDUMP_TO_UART is not set +CONFIG_ESP32_ENABLE_COREDUMP_TO_NONE=y +CONFIG_MB_MASTER_TIMEOUT_MS_RESPOND=150 +CONFIG_MB_MASTER_DELAY_MS_CONVERT=200 +CONFIG_MB_QUEUE_LENGTH=20 +CONFIG_MB_SERIAL_TASK_STACK_SIZE=4096 +CONFIG_MB_SERIAL_BUF_SIZE=256 +CONFIG_MB_SERIAL_TASK_PRIO=10 +CONFIG_MB_CONTROLLER_SLAVE_ID_SUPPORT=y +CONFIG_MB_CONTROLLER_SLAVE_ID=0x00112233 +CONFIG_MB_CONTROLLER_NOTIFY_TIMEOUT=20 +CONFIG_MB_CONTROLLER_NOTIFY_QUEUE_SIZE=20 +CONFIG_MB_CONTROLLER_STACK_SIZE=4096 +CONFIG_MB_EVENT_QUEUE_TIMEOUT=20 +# CONFIG_MB_TIMER_PORT_ENABLED is not set +CONFIG_MB_TIMER_GROUP=0 +CONFIG_MB_TIMER_INDEX=0 +# CONFIG_ENABLE_STATIC_TASK_CLEAN_UP_HOOK is not set +CONFIG_TIMER_TASK_PRIORITY=1 +CONFIG_TIMER_TASK_STACK_DEPTH=2048 +CONFIG_TIMER_QUEUE_LENGTH=10 +# CONFIG_L2_TO_L3_COPY is not set +# CONFIG_USE_ONLY_LWIP_SELECT is not set +CONFIG_ESP_GRATUITOUS_ARP=y +CONFIG_GARP_TMR_INTERVAL=60 +CONFIG_TCPIP_RECVMBOX_SIZE=32 +CONFIG_TCP_MAXRTX=12 +CONFIG_TCP_SYNMAXRTX=12 +CONFIG_TCP_MSS=1440 +CONFIG_TCP_MSL=60000 +CONFIG_TCP_SND_BUF_DEFAULT=5744 +CONFIG_TCP_WND_DEFAULT=5744 +CONFIG_TCP_RECVMBOX_SIZE=6 +CONFIG_TCP_QUEUE_OOSEQ=y +# CONFIG_ESP_TCP_KEEP_CONNECTION_WHEN_IP_CHANGES is not set +CONFIG_TCP_OVERSIZE_MSS=y +# CONFIG_TCP_OVERSIZE_QUARTER_MSS is not set +# CONFIG_TCP_OVERSIZE_DISABLE is not set +CONFIG_UDP_RECVMBOX_SIZE=6 +CONFIG_TCPIP_TASK_STACK_SIZE=3072 +CONFIG_TCPIP_TASK_AFFINITY_NO_AFFINITY=y +# CONFIG_TCPIP_TASK_AFFINITY_CPU0 is not set +# CONFIG_TCPIP_TASK_AFFINITY_CPU1 is not set +CONFIG_TCPIP_TASK_AFFINITY=0x7FFFFFFF +# CONFIG_PPP_SUPPORT is not set +CONFIG_ESP32_PTHREAD_TASK_PRIO_DEFAULT=5 +CONFIG_ESP32_PTHREAD_TASK_STACK_SIZE_DEFAULT=3072 +CONFIG_ESP32_PTHREAD_STACK_MIN=768 +CONFIG_ESP32_DEFAULT_PTHREAD_CORE_NO_AFFINITY=y +# CONFIG_ESP32_DEFAULT_PTHREAD_CORE_0 is not set +# CONFIG_ESP32_DEFAULT_PTHREAD_CORE_1 is not set +CONFIG_ESP32_PTHREAD_TASK_CORE_DEFAULT=-1 +CONFIG_ESP32_PTHREAD_TASK_NAME_DEFAULT="pthread" +CONFIG_SPI_FLASH_WRITING_DANGEROUS_REGIONS_ABORTS=y +# CONFIG_SPI_FLASH_WRITING_DANGEROUS_REGIONS_FAILS is not set +# CONFIG_SPI_FLASH_WRITING_DANGEROUS_REGIONS_ALLOWED is not set +CONFIG_SUPPRESS_SELECT_DEBUG_OUTPUT=y +CONFIG_SUPPORT_TERMIOS=y +CONFIG_SEMIHOSTFS_MAX_MOUNT_POINTS=1 +CONFIG_SEMIHOSTFS_HOST_PATH_MAX_LEN=128 +# End of deprecated options diff --git a/esp32example/src/CMakeLists.txt b/esp32example/src/CMakeLists.txt new file mode 100644 index 0000000..483bc0c --- /dev/null +++ b/esp32example/src/CMakeLists.txt @@ -0,0 +1,6 @@ +# This file was automatically generated for projects +# without default 'CMakeLists.txt' file. + +FILE(GLOB_RECURSE app_sources ${CMAKE_SOURCE_DIR}/src/*.*) + +idf_component_register(SRCS ${app_sources}) diff --git a/esp32example/src/main.cpp b/esp32example/src/main.cpp new file mode 100644 index 0000000..36989e9 --- /dev/null +++ b/esp32example/src/main.cpp @@ -0,0 +1,72 @@ +#include "Arduino.h" +#include "theSecrets.h" +#include "WiFi.h" +#include "lwip_hooks.h" + +#include "esp32/Firewall.hpp" +#include "esp32/API.hpp" + +fw::Firewall *firewall; +fw::API *firewallApi; + +int lwip_hook_ip4_input(struct pbuf *pbuf, struct netif *input_netif) +{ + // Firewall is not setup yet + if (firewall != NULL) + { + if (firewall->is_packet_allowed(pbuf)) + return 0; + else + { + pbuf_free(pbuf); + return 1; + } + } + return 0; +} + +void initFirewall(const String ip) +{ + firewall = new fw::Firewall(); + firewallApi = new fw::API(firewall, username, password, ip); +} + +void handle_wifi_events(WiFiEvent_t event, WiFiEventInfo_t info) +{ + switch (event) + { + case ARDUINO_EVENT_WIFI_STA_START: + Serial.println("[WiFi] connecting..."); + break; + case ARDUINO_EVENT_WIFI_STA_CONNECTED: + Serial.println("[WiFi] connected"); + break; + case ARDUINO_EVENT_WIFI_STA_DISCONNECTED: + Serial.println("[WiFi] disconnected"); + WiFi.reconnect(); + break; + case ARDUINO_EVENT_WIFI_STA_GOT_IP: + initFirewall(WiFi.localIP().toString()); + break; + default: + Serial.print("[WiFi] other event: "); + Serial.println(event); + } +} + +void setup() +{ + Serial.begin(115200); + WiFi.mode(WIFI_STA); + WiFi.onEvent(handle_wifi_events, ARDUINO_EVENT_MAX); + WiFi.begin(ssid, psk); + + // fix for https://github.com/espressif/arduino-esp32/issues/4732 + WiFi.config(((u32_t)0x0UL), ((u32_t)0x0UL), ((u32_t)0x0UL)); +} + +void loop() +{ + // https://docs.espressif.com/projects/arduino-esp32/en/latest/esp-idf_component.html + sleep(1); +} \ No newline at end of file diff --git a/library.json b/library.json new file mode 100644 index 0000000..f6dd113 --- /dev/null +++ b/library.json @@ -0,0 +1,20 @@ +{ + "name": "esp_firewall_api", + "authors": [ + { + "name": "Florian Hoss", + "email": "flhoit00@hs-esslingen.de", + "maintainer": true + } + ], + "keywords": "communication, esp32, esp8266, firewall", + "description": "An Arduino library for editing and creating firewall rules via REST API on an ESP32/ESP8266", + "repository": { + "type": "git", + "url": "https://gitlab.hs-esslingen.de/toheer/iot-security-tools.git" + }, + "license": "MIT", + "version": "1.0.0", + "frameworks": "arduino", + "platforms": ["espressif32", "espressif8266"] +} diff --git a/src/esp32/API.cpp b/src/esp32/API.cpp new file mode 100644 index 0000000..6d9c734 --- /dev/null +++ b/src/esp32/API.cpp @@ -0,0 +1,285 @@ +#include "API.hpp" + +namespace fw +{ + API::API(fw::Firewall *firewall, const char *username, const char *password, const String ip, const uint16_t port) + { + this->firewall = firewall; + this->api_ip = ip; + this->api_port = port; + if (this->setup_auth(username, password) == ERROR) + endless_loop(); + this->server = new WebServer(port); + this->setup_routing(); + this->server->begin(); + Serial.printf("%s endpoints -> %s/api\n", TAG, this->get_url_base().c_str()); + while (true) + { + this->server->handleClient(); + // https://docs.espressif.com/projects/arduino-esp32/en/latest/esp-idf_component.html + sleep(1); + } + } + + API::~API() + { + this->server->stop(); + } + + String API::get_url_base() + { + return "http://" + this->api_ip + ":" + this->api_port; + } + + ok_t API::setup_auth(const char *username, const char *password) + { + if (!username || *username == 0x00 || strlen(username) > CREDENTIALS_LENGTH) + { + Serial.printf("%s Username too long or missing!\n", TAG); + return ERROR; + } + strncpy(credentials.username, username, CREDENTIALS_LENGTH); + if (!password || *password == 0x00 || strlen(password) > CREDENTIALS_LENGTH) + { + Serial.printf("%s Password too long or missing!\n", TAG); + return ERROR; + } + strncpy(credentials.password, password, CREDENTIALS_LENGTH); + return SUCCESS; + } + + auth_t API::check_auth() + { + if (server->authenticate(this->credentials.username, this->credentials.password)) + { + return AUTHENTICATED; + } + this->json_message_response("unauthorized", 403); + return DENIED; + } + + void API::setup_routing() + { + this->server->on("/api/firewall/rules", HTTP_GET, std::bind(&API::get_firewall_rules_handler, this)); + this->server->on(UriBraces("/api/firewall/rules/{}"), HTTP_GET, std::bind(&API::get_firewall_rule_handler, this)); + this->server->on("/api/firewall/rules", HTTP_POST, std::bind(&API::post_firewall_handler, this)); + this->server->on(UriBraces("/api/firewall/rules/{}"), HTTP_PUT, std::bind(&API::put_firewall_handler, this)); + this->server->on(UriBraces("/api/firewall/rules/{}"), HTTP_DELETE, std::bind(&API::delete_firewall_handler, this)); + this->server->on("/api", HTTP_GET, std::bind(&API::get_endpoint_list_handler, this)); + this->server->onNotFound(std::bind(&API::not_found_handler, this)); + + add_endpoint_to_list("/api/firewall/rules", "GET", "Get all Firewall Rules"); + add_endpoint_to_list("/api/firewall/rules/", "GET", "Get Firewall Rule by key"); + add_endpoint_to_list("/api/firewall/rules", "POST", "Create Firewall Rule"); + add_endpoint_to_list("/api/firewall/rules/", "PUT", "Update Firewall Rule by key"); + add_endpoint_to_list("/api/firewall/rules/", "DELETE", "Delete Firewall Rule by key"); + } + + void API::add_endpoint_to_list(const String uri, const char *method, const char *description) + { + api_endpoint_t *temp; + const String url = get_url_base() + uri; + + api_endpoint_t *api_ptr = (api_endpoint_t *)malloc(sizeof(api_endpoint_t)); + strncpy(api_ptr->uri, url.c_str(), sizeof(api_ptr->uri)); + strncpy(api_ptr->method, method, sizeof(api_ptr->method)); + strncpy(api_ptr->description, description, sizeof(api_ptr->description)); + + if (this->endpoint_head == NULL) + { + this->endpoint_head = api_ptr; + api_ptr->next = NULL; + return; + } + temp = this->endpoint_head; + while (temp->next != NULL) + { + temp = temp->next; + } + temp->next = api_ptr; + api_ptr->next = NULL; + return; + } + + void API::not_found_handler() + { + this->json_message_response("see " + get_url_base() + "/api for available routes", 404); + } + + void API::get_endpoint_list_handler() + { + this->json_array_response(this->construct_json_api(), 200); + } + + void API::get_firewall_rule_handler() + { + if (this->check_auth() == DENIED) + return; + String param = this->server->pathArg(0); + int rule_number = atoi(param.c_str()); + firewall_rule_t *rule_ptr = firewall->get_rule_from_firewall(rule_number); + if (rule_ptr == NULL) + this->json_message_response("rule does not exist", 404); + else + this->json_generic_response(this->construct_json_firewall_rule(rule_ptr), 200); + } + + void API::get_firewall_rules_handler() + { + if (this->check_auth() == DENIED) + return; + this->json_array_response(this->construct_json_firewall(), 200); + } + + void API::post_firewall_handler() + { + if (this->check_auth() == DENIED) + return; + if (request_has_all_firewall_parameter()) + { + String args[IPV4ADDRESS_LENGTH] = {}; + for (uint8_t i = 0; i < firewall_fields_amount; i++) + { + args[i] = this->server->arg(firewall_fields[i]); + } + firewall_rule_t *rule_ptr = firewall->add_rule_to_firewall(args); + this->json_generic_response(this->construct_json_firewall_rule(rule_ptr), 201); + } + else + { + this->json_message_response("not enough parameter provided", 400); + } + } + + void API::put_firewall_handler() + { + if (this->check_auth() == DENIED) + return; + String param = this->server->pathArg(0); + int rule_number = atoi(param.c_str()); + if (request_has_all_firewall_parameter()) + { + String args[IPV4ADDRESS_LENGTH] = {}; + for (uint8_t i = 0; i < firewall_fields_amount; i++) + { + args[i] = this->server->arg(firewall_fields[i]); + } + firewall_rule_t *rule_ptr = firewall->update_rule_of_firewall(args, rule_number); + if (rule_ptr == NULL) + this->json_message_response("rule does not exist", 404); + else + this->json_generic_response(this->construct_json_firewall_rule(rule_ptr), 200); + } + else + { + this->json_message_response("not enough parameter provided", 400); + } + } + + void API::delete_firewall_handler() + { + if (this->check_auth() == DENIED) + return; + String param = this->server->pathArg(0); + int rule_number = atoi(param.c_str()); + if (firewall->delete_rule_from_firewall(rule_number) == SUCCESS) + this->json_message_response("firewall rule deleted", 200); + else + this->json_message_response("cannot delete firewall rule", 500); + } + + bool API::request_has_all_firewall_parameter() + { + if (!this->server->args()) + return false; + for (uint8_t i = 0; i < firewall_fields_amount; i++) + { + if (i != KEY && !this->server->hasArg(firewall_fields[i])) + return false; + } + return true; + } + + String API::json_new_attribute(String key, String value, bool last) + { + String json_string; + json_string += "\"" + key + "\": \"" + value + "\""; + if (!last) + json_string += ","; + return json_string; + } + + String API::json_new_attribute(String key, uint32_t value, bool last) + { + return json_new_attribute(key, String(value), last); + } + + void API::json_generic_response(String serialized_string, const uint16_t response_code) + { + this->server->send(response_code, json_response_type, serialized_string); + } + + void API::json_array_response(String serialized_string, const uint16_t response_code) + { + this->server->send(response_code, json_response_type, "[" + serialized_string + "]"); + } + + void API::json_message_response(String message, const uint16_t response_code) + { + String serialized_string = "{"; + serialized_string += json_new_attribute("message", message, true); + serialized_string += "}"; + this->server->send(response_code, json_response_type, serialized_string); + } + + String API::construct_json_firewall_rule(firewall_rule_t *rule_ptr) + { + String serialized_string = "{"; + serialized_string += json_new_attribute(firewall_fields[KEY], rule_ptr->key); + serialized_string += json_new_attribute(firewall_fields[IP], rule_ptr->ip); + serialized_string += json_new_attribute(firewall_fields[PORT_FROM], rule_ptr->port_from); + serialized_string += json_new_attribute(firewall_fields[PORT_TO], rule_ptr->port_to); + serialized_string += json_new_attribute(firewall_fields[PROTOCOL], protocol_to_string(rule_ptr->protocol)); + serialized_string += json_new_attribute(firewall_fields[TARGET], target_to_string(rule_ptr->target), true); + serialized_string += "}"; + return serialized_string; + } + + String API::construct_json_firewall() + { + firewall_rule_t *rule_ptr = firewall->get_rule_head(); + String serialized_string; + while (rule_ptr != NULL) + { + serialized_string += construct_json_firewall_rule(rule_ptr); + rule_ptr = rule_ptr->next; + if (rule_ptr != NULL) + serialized_string += ","; + } + return serialized_string; + } + + String API::construct_json_api_endpoint(api_endpoint_t *api_ptr) + { + String serialized_string = "{"; + serialized_string += json_new_attribute("endpoint", api_ptr->uri); + serialized_string += json_new_attribute("description", api_ptr->description); + serialized_string += json_new_attribute("method", api_ptr->method, true); + serialized_string += "}"; + return serialized_string; + } + + String API::construct_json_api() + { + api_endpoint_t *api_ptr = this->endpoint_head; + String serialized_string; + while (api_ptr != NULL) + { + serialized_string += construct_json_api_endpoint(api_ptr); + api_ptr = api_ptr->next; + if (api_ptr != NULL) + serialized_string += ","; + } + return serialized_string; + } +} diff --git a/src/esp32/API.hpp b/src/esp32/API.hpp new file mode 100644 index 0000000..bd5cd78 --- /dev/null +++ b/src/esp32/API.hpp @@ -0,0 +1,55 @@ +#ifndef ESP32_API_HPP +#define ESP32_API_HPP + +#include "WebServer.h" +#include "uri/UriBraces.h" +#include "Firewall.hpp" +#include "Utils.hpp" + +namespace fw +{ + class API + { + public: + API(Firewall *firewall, const char *username, const char *password, const String ip, const uint16_t port = 8080); + ~API(); + + private: + WebServer *server; + Firewall *firewall; + credential_t credentials; + api_endpoint_t *endpoint_head = NULL; + String api_ip = "0.0.0.0"; + uint16_t api_port; + String json_response_type = "application/json; charset=utf-8"; + const char *TAG = "[API]"; + + String get_url_base(); + ok_t setup_auth(const char *username, const char *password); + auth_t check_auth(); + + void setup_routing(); + void add_endpoint_to_list(const String uri, const char *method, const char *description); + void not_found_handler(); + void get_endpoint_list_handler(); + void get_firewall_rule_handler(); + void get_firewall_rules_handler(); + void post_firewall_handler(); + void put_firewall_handler(); + void delete_firewall_handler(); + + bool request_has_all_firewall_parameter(); + String json_new_attribute(String key, String value, bool last = false); + String json_new_attribute(String key, uint32_t value, bool last = false); + void json_generic_response(String serialized_string, const uint16_t response_code); + void json_array_response(String serialized_string, const uint16_t response_code); + void json_message_response(String message, const uint16_t response_code); + + String construct_json_firewall_rule(firewall_rule_t *rule_ptr); + String construct_json_firewall(); + String construct_json_api_endpoint(api_endpoint_t *api_ptr); + String construct_json_api(); + }; +} + +#endif diff --git a/src/esp32/Firewall.cpp b/src/esp32/Firewall.cpp new file mode 100644 index 0000000..f94012c --- /dev/null +++ b/src/esp32/Firewall.cpp @@ -0,0 +1,181 @@ +#include "Firewall.hpp" + +namespace fw +{ + Firewall::Firewall() + { + this->amount_of_rules = retrieve_amount_of_rules(); + for (uint8_t i = 1; i <= this->amount_of_rules; i++) + { + firewall_rule_t *rule_ptr = retrieve_firewall_rule(i); + this->add_rule_to_firewall(rule_ptr, false); + } + } + + Firewall::~Firewall() + { + } + + firewall_rule_t *Firewall::get_rule_head() + { + return this->rule_head; + } + + void Firewall::add_rule_to_firewall(firewall_rule_t *rule_ptr, const bool save_in_eeprom) + { + store_amount_of_rules(this->amount_of_rules); + if (save_in_eeprom) + Storage::store_firewall_rule(rule_ptr); + if (this->rule_head == NULL) + { + this->rule_head = rule_ptr; + rule_ptr->next = NULL; + return; + } + firewall_rule_t *current_rule; + current_rule = this->rule_head; + while (current_rule->next != NULL) + current_rule = current_rule->next; + current_rule->next = rule_ptr; + rule_ptr->next = NULL; + } + + firewall_rule_t *Firewall::add_rule_to_firewall(String *args) + { + firewall_rule_t *rule_ptr = (firewall_rule_t *)malloc(sizeof(firewall_rule_t)); + rule_ptr->key = ++this->amount_of_rules; + + strncpy(rule_ptr->ip, args[IP].c_str(), sizeof(rule_ptr->ip)); + rule_ptr->port_from = args[PORT_FROM].toInt(); + rule_ptr->port_to = args[PORT_TO].toInt(); + rule_ptr->protocol = string_to_protocol(args[PROTOCOL]); + rule_ptr->target = string_to_target(args[TARGET]); + + add_rule_to_firewall(rule_ptr); + return rule_ptr; + } + + firewall_rule_t *Firewall::update_rule_of_firewall(String *args, const uint8_t key) + { + firewall_rule_t *rule_ptr = get_rule_from_firewall(key); + strncpy(rule_ptr->ip, args[IP].c_str(), sizeof(rule_ptr->ip)); + rule_ptr->port_from = args[PORT_FROM].toInt(); + rule_ptr->port_to = args[PORT_TO].toInt(); + rule_ptr->protocol = string_to_protocol(args[PROTOCOL]); + rule_ptr->target = string_to_target(args[TARGET]); + + Storage::store_firewall_rule(rule_ptr); + return rule_ptr; + } + + firewall_rule_t *Firewall::get_rule_from_firewall(const uint8_t key) + { + firewall_rule_t *rule_ptr = this->rule_head; + if (this->rule_head == NULL) + return NULL; + while (rule_ptr->key != key) + { + if (rule_ptr->next == NULL) + return NULL; + else + rule_ptr = rule_ptr->next; + } + return rule_ptr; + } + + ok_t Firewall::delete_rule_from_firewall(const uint8_t key) + { + if (this->rule_head == NULL) + return NO_ACTION; + firewall_rule_t *current_rule = this->rule_head; + firewall_rule_t *previous_rule = NULL; + firewall_rule_t *temp = NULL; + while (current_rule->key != key) + { + if (current_rule->next == NULL) + return NO_ACTION; + else + { + previous_rule = current_rule; + current_rule = current_rule->next; + } + } + if (current_rule == this->rule_head) + { + this->rule_head = rule_head->next; + temp = this->rule_head; + } + else + { + previous_rule->next = current_rule->next; + temp = previous_rule->next; + } + while (temp != NULL) + { + temp->key--; + temp = temp->next; + } + free(current_rule); + this->amount_of_rules--; + Storage::store_amount_of_rules(this->amount_of_rules); + if (this->amount_of_rules != 0) + Storage::store_all_firewall_rules(rule_head); + return SUCCESS; + } + + my_packet_t *Firewall::get_packet_information(struct pbuf *pbuf) + { + my_packet_t *packet = (my_packet_t *)malloc(sizeof(my_packet_t)); + const struct ip_hdr *iphdr = (struct ip_hdr *)pbuf->payload; + u16_t iphdr_hlen = IPH_HL_BYTES(iphdr); + + packet->protocol = (firewall_protocol_t)IPH_PROTO(iphdr); + sprintf(packet->ip, "%d.%d.%d.%d", ip4_addr1_16_val(iphdr->src), ip4_addr2_16_val(iphdr->src), ip4_addr3_16_val(iphdr->src), ip4_addr4_16_val(iphdr->src)); + + if (packet->protocol == PROTOCOL_UDP) + { + const struct udp_hdr *udphdr = (const struct udp_hdr *)((const u8_t *)iphdr + iphdr_hlen); + packet->port = lwip_ntohs(udphdr->dest); + } + else if (packet->protocol == PROTOCOL_TCP) + { + const struct tcp_hdr *tcphdr = (const struct tcp_hdr *)((const u8_t *)iphdr + iphdr_hlen); + packet->port = lwip_ntohs(tcphdr->dest); + } + + return packet; + } + + bool Firewall::rule_allows_packet(firewall_rule_t *rule_ptr, my_packet_t *packet) + { + if (strncmp(rule_ptr->ip, packet->ip, IPV4ADDRESS_LENGTH) == 0) + { + if ((rule_ptr->protocol == PROTOCOL_ALL || packet->protocol == rule_ptr->protocol) && + is_in_range(packet->port, rule_ptr->port_from, rule_ptr->port_to) && + rule_ptr->target == TARGET_ACCEPT) + { + free(packet); + return true; + } + } + return false; + } + + bool Firewall::is_packet_allowed(struct pbuf *pbuf) + { + // no rules -> no action + if (this->amount_of_rules == 0) + return true; + + my_packet_t *packet = get_packet_information(pbuf); + firewall_rule_t *rule_ptr = this->rule_head; + while (rule_ptr != NULL) + { + if (rule_allows_packet(rule_ptr, packet)) + return true; + rule_ptr = rule_ptr->next; + } + free(packet); + return false; + } +} diff --git a/src/esp32/Firewall.hpp b/src/esp32/Firewall.hpp new file mode 100644 index 0000000..091e9e3 --- /dev/null +++ b/src/esp32/Firewall.hpp @@ -0,0 +1,39 @@ +#ifndef ESP32_FIREWALL_HPP +#define ESP32_FIREWALL_HPP + +#include "Utils.hpp" +#include "Storage.hpp" +#include "WiFiClient.h" +#include "lwip/netif.h" +#include "lwip/pbuf.h" +#include "lwip/ip4.h" +#include "lwip/udp.h" +#include "lwip/tcp.h" +#include "lwip/prot/tcp.h" + +namespace fw +{ + class Firewall : public Storage + { + public: + Firewall(); + ~Firewall(); + + firewall_rule_t *get_rule_head(); + void add_rule_to_firewall(firewall_rule_t *rule_ptr, const bool save_in_eeprom = true); + firewall_rule_t *add_rule_to_firewall(String *args); + firewall_rule_t *update_rule_of_firewall(String *args, const uint8_t key); + firewall_rule_t *get_rule_from_firewall(const uint8_t key); + ok_t delete_rule_from_firewall(const uint8_t key); + bool is_packet_allowed(struct pbuf *pbuf); + + protected: + bool rule_allows_packet(firewall_rule_t *rule_ptr, my_packet_t *packet); + my_packet_t *get_packet_information(struct pbuf *pbuf); + + uint8_t amount_of_rules = 0; + firewall_rule_t *rule_head = NULL; + }; +} + +#endif diff --git a/src/esp32/Storage.cpp b/src/esp32/Storage.cpp new file mode 100644 index 0000000..d9d44ee --- /dev/null +++ b/src/esp32/Storage.cpp @@ -0,0 +1,70 @@ +#include "Storage.hpp" + +namespace fw +{ + Storage::Storage() + { + } + + Storage::~Storage() + { + } + + uint8_t Storage::retrieve_amount_of_rules() + { + this->memory.begin("settings", true); + const uint8_t amount_of_rules = memory.getUChar("amount_of_rules", 0); + this->memory.end(); + + return amount_of_rules; + } + + void Storage::store_amount_of_rules(const uint8_t new_amount) + { + this->memory.begin("settings", false); + this->memory.putUChar("amount_of_rules", new_amount); + this->memory.end(); + } + + firewall_rule_t *Storage::retrieve_firewall_rule(const uint8_t key) + { + firewall_rule_t *rule_ptr = (firewall_rule_t *)malloc(sizeof(firewall_rule_t)); + rule_ptr->key = key; + char rulename[10]; // fwRule99\n + sprintf(rulename, "fwRule%i", key); + + this->memory.begin(rulename, true); + strncpy(rule_ptr->ip, this->memory.getString(firewall_fields[IP], "0.0.0.0").c_str(), sizeof(rule_ptr->ip)); + rule_ptr->port_from = this->memory.getUShort(firewall_fields[PORT_FROM], 0); + rule_ptr->port_to = this->memory.getUShort(firewall_fields[PORT_TO], 0); + rule_ptr->protocol = static_cast(this->memory.getUChar(firewall_fields[PROTOCOL], PROTOCOL_ALL)); + rule_ptr->target = static_cast(this->memory.getUChar(firewall_fields[TARGET], TARGET_ACCEPT)); + this->memory.end(); + return rule_ptr; + } + + void Storage::store_all_firewall_rules(firewall_rule_t *rule_head) + { + firewall_rule_t *temp = rule_head; + while (temp != NULL) + { + store_firewall_rule(temp); + temp = temp->next; + } + } + + void Storage::store_firewall_rule(firewall_rule_t *rule_ptr) + { + char rulename[10]; // fwRule99\n + sprintf(rulename, "fwRule%i", rule_ptr->key); + + this->memory.begin(rulename, false); + this->memory.putString(firewall_fields[IP], rule_ptr->ip); + this->memory.putUShort(firewall_fields[PORT_FROM], rule_ptr->port_from); + this->memory.putUShort(firewall_fields[PORT_TO], rule_ptr->port_to); + this->memory.putUChar(firewall_fields[PROTOCOL], rule_ptr->protocol); + this->memory.putUChar(firewall_fields[TARGET], rule_ptr->target); + + this->memory.end(); + } +} diff --git a/src/esp32/Storage.hpp b/src/esp32/Storage.hpp new file mode 100644 index 0000000..2cf4414 --- /dev/null +++ b/src/esp32/Storage.hpp @@ -0,0 +1,27 @@ +#ifndef ESP32_STORAGE_HPP +#define ESP32_STORAGE_HPP + +#include "Preferences.h" +#include "Utils.hpp" + +namespace fw +{ + class Storage + { + public: + Storage(); + ~Storage(); + + private: + Preferences memory; + + protected: + uint8_t retrieve_amount_of_rules(); + void store_amount_of_rules(const uint8_t new_amount); + firewall_rule_t *retrieve_firewall_rule(const uint8_t key); + void store_all_firewall_rules(firewall_rule_t *rule_head); + void store_firewall_rule(firewall_rule_t *rule_ptr); + }; +} + +#endif diff --git a/src/esp32/Utils.cpp b/src/esp32/Utils.cpp new file mode 100644 index 0000000..c2a5137 --- /dev/null +++ b/src/esp32/Utils.cpp @@ -0,0 +1,58 @@ +#include "Utils.hpp" + +namespace fw +{ + String protocol_to_string(firewall_protocol_t &protocol) + { + switch (protocol) + { + case PROTOCOL_TCP: + return "TCP"; + case PROTOCOL_UDP: + return "UDP"; + default: + return "ALL"; + } + } + + firewall_protocol_t string_to_protocol(String &protocol) + { + if (protocol.equals("TCP")) + return PROTOCOL_TCP; + else if (protocol.equals("UDP")) + return PROTOCOL_UDP; + else + return PROTOCOL_ALL; + } + + String target_to_string(firewall_target_t &target) + { + switch (target) + { + case TARGET_DROP: + return "DROP"; + default: + return "ACCEPT"; + } + } + + firewall_target_t string_to_target(String &target) + { + if (target.equals("DROP")) + return TARGET_DROP; + else + return TARGET_ACCEPT; + } + + void endless_loop() + { + Serial.printf("Something went wrong. Running endless loop until fixed..."); + while (true) + delay(500); + } + + bool is_in_range(const uint16_t number, const uint16_t lower, const uint16_t upper) + { + return lower <= number && number <= upper; + } +} diff --git a/src/esp32/Utils.hpp b/src/esp32/Utils.hpp new file mode 100644 index 0000000..ffe0970 --- /dev/null +++ b/src/esp32/Utils.hpp @@ -0,0 +1,90 @@ +#ifndef UTILS_HPP +#define UTILS_HPP + +#include "Arduino.h" +#include "WString.h" + +namespace fw +{ + typedef enum firewall_targets : uint8_t + { + TARGET_DROP = 1, + TARGET_ACCEPT = 2, + } firewall_target_t; + + typedef enum firewall_protocols : uint8_t + { + PROTOCOL_TCP = 6, + PROTOCOL_UDP = 17, + PROTOCOL_ALL = 255, + } firewall_protocol_t; + + typedef enum ok : uint8_t + { + SUCCESS = 0, + ERROR = 1, + NO_ACTION = 2, + } ok_t; + + typedef enum auth : uint8_t + { + AUTHENTICATED = 0, + DENIED = 1, + } auth_t; + + static const uint8_t IPV4ADDRESS_LENGTH = 16; + typedef struct firewall_rules + { + uint8_t key; + char ip[IPV4ADDRESS_LENGTH]; + uint16_t port_from; + uint16_t port_to; + firewall_protocol_t protocol; + firewall_target_t target; + struct firewall_rules *next; + } firewall_rule_t; + + typedef struct my_packet + { + char ip[IPV4ADDRESS_LENGTH]; + firewall_protocol_t protocol; + uint16_t port; + } my_packet_t; + + static const uint8_t firewall_fields_amount = 6; + const char firewall_fields[firewall_fields_amount][10] = {"key", "ip", "port_from", "port_to", "protocol", "target"}; + typedef enum firewall_fields : uint8_t + { + KEY, + IP, + PORT_FROM, + PORT_TO, + PROTOCOL, + TARGET, + } firewall_fields_t; + + static const uint8_t CREDENTIALS_LENGTH = 32; + typedef struct credentials + { + char password[CREDENTIALS_LENGTH]; + char username[CREDENTIALS_LENGTH]; + } credential_t; + + typedef struct api_endpoints + { + char uri[60]; + char method[7]; + char description[30]; + struct api_endpoints *next; + } api_endpoint_t; + + String protocol_to_string(firewall_protocol_t &protocol); + firewall_protocol_t string_to_protocol(String &protocol); + String target_to_string(firewall_target_t &target); + firewall_target_t string_to_target(String &target); + String response_code_to_string(const uint16_t response_code); + void endless_loop(); + bool is_in_range(const uint16_t number, const uint16_t lower, const uint16_t upper); +} + +#endif diff --git a/src/esp8266/API.cpp b/src/esp8266/API.cpp new file mode 100644 index 0000000..13a1558 --- /dev/null +++ b/src/esp8266/API.cpp @@ -0,0 +1,287 @@ +#include "API.hpp" + +namespace fw +{ + API::API(fw::Firewall *firewall, const char *cert, const char *key, const char *username, const char *password, const String ip, const uint16_t port) + { + this->firewall = firewall; + this->api_ip = ip; + this->api_port = port; + if (this->setup_auth(username, password) == ERROR) + endless_loop(); + this->server = new ESP8266WebServerSecure(port); + this->serverCache = new ServerSessions(5); + this->setup_routing(cert, key); + this->server->begin(); + Serial.printf("%s endpoints -> %s/api\n", TAG, this->get_url_base().c_str()); + } + + API::~API() + { + this->server->stop(); + } + + void API::handle_client() + { + this->server->handleClient(); + } + + String API::get_url_base() + { + return "https://" + this->api_ip + ":" + this->api_port; + } + + ok_t API::setup_auth(const char *username, const char *password) + { + if (!username || *username == 0x00 || strlen(username) > CREDENTIALS_LENGTH) + { + Serial.printf("%s Username too long or missing!\n", TAG); + return ERROR; + } + strncpy(credentials.username, username, CREDENTIALS_LENGTH); + if (!password || *password == 0x00 || strlen(password) > CREDENTIALS_LENGTH) + { + Serial.printf("%s Password too long or missing!\n", TAG); + return ERROR; + } + strncpy(credentials.password, password, CREDENTIALS_LENGTH); + return SUCCESS; + } + + auth_t API::check_auth() + { + if (server->authenticate(this->credentials.username, this->credentials.password)) + { + return AUTHENTICATED; + } + this->json_message_response("unauthorised", 403); + return DENIED; + } + + void API::setup_routing(const char *cert, const char *key) + { + this->server->getServer().setRSACert(new BearSSL::X509List(cert), new BearSSL::PrivateKey(key)); + this->server->getServer().setCache(serverCache); + this->server->on("/api/firewall/rules", HTTP_GET, std::bind(&API::get_firewall_rules_handler, this)); + this->server->on(UriBraces("/api/firewall/rules/{}"), HTTP_GET, std::bind(&API::get_firewall_rule_handler, this)); + this->server->on("/api/firewall/rules", HTTP_POST, std::bind(&API::post_firewall_handler, this)); + this->server->on(UriBraces("/api/firewall/rules/{}"), HTTP_PUT, std::bind(&API::put_firewall_handler, this)); + this->server->on(UriBraces("/api/firewall/rules/{}"), HTTP_DELETE, std::bind(&API::delete_firewall_handler, this)); + this->server->on("/api", HTTP_GET, std::bind(&API::get_endpoint_list_handler, this)); + this->server->onNotFound(std::bind(&API::not_found_handler, this)); + + add_endpoint_to_list("/api/firewall/rules", "GET", "Get all Firewall Rules"); + add_endpoint_to_list("/api/firewall/rules/", "GET", "Get Firewall Rule by key"); + add_endpoint_to_list("/api/firewall/rules", "POST", "Create Firewall Rule"); + add_endpoint_to_list("/api/firewall/rules/", "PUT", "Update Firewall Rule by key"); + add_endpoint_to_list("/api/firewall/rules/", "DELETE", "Delete Firewall Rule by key"); + } + + void API::add_endpoint_to_list(const String uri, const char *method, const char *description) + { + api_endpoint_t *temp; + const String url = get_url_base() + uri; + + api_endpoint_t *api_ptr = (api_endpoint_t *)malloc(sizeof(api_endpoint_t)); + strncpy(api_ptr->uri, url.c_str(), sizeof(api_ptr->uri)); + strncpy(api_ptr->method, method, sizeof(api_ptr->method)); + strncpy(api_ptr->description, description, sizeof(api_ptr->description)); + + if (this->endpoint_head == NULL) + { + this->endpoint_head = api_ptr; + api_ptr->next = NULL; + return; + } + temp = this->endpoint_head; + while (temp->next != NULL) + { + temp = temp->next; + } + temp->next = api_ptr; + api_ptr->next = NULL; + return; + } + + void API::not_found_handler() + { + this->json_message_response("see " + get_url_base() + "/api for available routes", 404); + } + + void API::get_endpoint_list_handler() + { + this->json_array_response(this->construct_json_api(), 200); + } + + void API::get_firewall_rule_handler() + { + if (this->check_auth() == DENIED) + return; + String param = this->server->pathArg(0); + int rule_number = atoi(param.c_str()); + firewall_rule_t *rule_ptr = firewall->get_rule_from_firewall(rule_number); + if (rule_ptr == NULL) + this->json_message_response("rule does not exist", 404); + else + this->json_generic_response(this->construct_json_firewall_rule(rule_ptr), 200); + } + + void API::get_firewall_rules_handler() + { + if (this->check_auth() == DENIED) + return; + this->json_array_response(this->construct_json_firewall(), 200); + } + + void API::post_firewall_handler() + { + if (this->check_auth() == DENIED) + return; + if (request_has_all_firewall_parameter()) + { + String args[IPV4ADDRESS_LENGTH] = {}; + for (uint8_t i = 0; i < firewall_fields_amount; i++) + { + args[i] = this->server->arg(firewall_fields[i]); + } + firewall_rule_t *rule_ptr = firewall->add_rule_to_firewall(args); + this->json_generic_response(this->construct_json_firewall_rule(rule_ptr), 201); + } + else + { + this->json_message_response("not enough parameter provided", 400); + } + } + + void API::put_firewall_handler() + { + if (this->check_auth() == DENIED) + return; + String param = this->server->pathArg(0); + int rule_number = atoi(param.c_str()); + if (request_has_all_firewall_parameter()) + { + String args[IPV4ADDRESS_LENGTH] = {}; + for (uint8_t i = 0; i < firewall_fields_amount; i++) + { + args[i] = this->server->arg(firewall_fields[i]); + } + firewall_rule_t *rule_ptr = firewall->update_rule_of_firewall(args, rule_number); + if (rule_ptr == NULL) + this->json_message_response("rule does not exist", 404); + else + this->json_generic_response(this->construct_json_firewall_rule(rule_ptr), 200); + } + else + { + this->json_message_response("not enough parameter provided", 400); + } + } + + void API::delete_firewall_handler() + { + if (this->check_auth() == DENIED) + return; + String param = this->server->pathArg(0); + int rule_number = atoi(param.c_str()); + if (firewall->delete_rule_from_firewall(rule_number) == SUCCESS) + this->json_message_response("firewall rule deleted", 200); + else + this->json_message_response("cannot delete firewall rule", 500); + } + + bool API::request_has_all_firewall_parameter() + { + if (!this->server->args()) + return false; + for (uint8_t i = 0; i < firewall_fields_amount; i++) + { + if (i != KEY && !this->server->hasArg(firewall_fields[i])) + return false; + } + return true; + } + + String API::json_new_attribute(String key, String value, bool last) + { + String json_string; + json_string += "\"" + key + "\": \"" + value + "\""; + if (!last) + json_string += ","; + return json_string; + } + + String API::json_new_attribute(String key, uint32_t value, bool last) + { + return json_new_attribute(key, String(value), last); + } + + void API::json_generic_response(String serialized_string, const uint16_t response_code) + { + this->server->send(response_code, json_response_type, serialized_string); + } + + void API::json_array_response(String serialized_string, const uint16_t response_code) + { + this->server->send(response_code, json_response_type, "[" + serialized_string + "]"); + } + + void API::json_message_response(String message, const uint16_t response_code) + { + String serialized_string = "{"; + serialized_string += json_new_attribute("message", message, true); + serialized_string += "}"; + this->server->send(response_code, json_response_type, serialized_string); + } + + String API::construct_json_firewall_rule(firewall_rule_t *rule_ptr) + { + String serialized_string = "{"; + serialized_string += json_new_attribute(firewall_fields[KEY], rule_ptr->key); + serialized_string += json_new_attribute(firewall_fields[IP], rule_ptr->ip); + serialized_string += json_new_attribute(firewall_fields[PORT_FROM], rule_ptr->port_from); + serialized_string += json_new_attribute(firewall_fields[PORT_TO], rule_ptr->port_to); + serialized_string += json_new_attribute(firewall_fields[PROTOCOL], protocol_to_string(rule_ptr->protocol)); + serialized_string += json_new_attribute(firewall_fields[TARGET], target_to_string(rule_ptr->target), true); + serialized_string += "}"; + return serialized_string; + } + + String API::construct_json_firewall() + { + firewall_rule_t *rule_ptr = firewall->get_rule_head(); + String serialized_string; + while (rule_ptr != NULL) + { + serialized_string += construct_json_firewall_rule(rule_ptr); + rule_ptr = rule_ptr->next; + if (rule_ptr != NULL) + serialized_string += ","; + } + return serialized_string; + } + + String API::construct_json_api_endpoint(api_endpoint_t *api_ptr) + { + String serialized_string = "{"; + serialized_string += json_new_attribute("endpoint", api_ptr->uri); + serialized_string += json_new_attribute("description", api_ptr->description); + serialized_string += json_new_attribute("method", api_ptr->method, true); + serialized_string += "}"; + return serialized_string; + } + + String API::construct_json_api() + { + api_endpoint_t *api_ptr = this->endpoint_head; + String serialized_string; + while (api_ptr != NULL) + { + serialized_string += construct_json_api_endpoint(api_ptr); + api_ptr = api_ptr->next; + if (api_ptr != NULL) + serialized_string += ","; + } + return serialized_string; + } +} diff --git a/src/esp8266/API.hpp b/src/esp8266/API.hpp new file mode 100644 index 0000000..d5bcc5a --- /dev/null +++ b/src/esp8266/API.hpp @@ -0,0 +1,57 @@ +#ifndef ESP8266_API_HPP +#define ESP8266_API_HPP + +#include "ESP8266WebServerSecure.h" +#include "uri/UriBraces.h" +#include "Firewall.hpp" +#include "Utils.hpp" + +namespace fw +{ + class API + { + public: + API(Firewall *, const char *cert, const char *key, const char *username, const char *password, const String ip, const uint16_t port = 8080); + ~API(); + void handle_client(); + + private: + BearSSL::ESP8266WebServerSecure *server; + BearSSL::ServerSessions *serverCache; + Firewall *firewall; + credential_t credentials; + api_endpoint_t *endpoint_head = NULL; + String api_ip = "0.0.0.0"; + uint16_t api_port; + String json_response_type = "application/json; charset=utf-8"; + const char *TAG = "[API]"; + + String get_url_base(); + ok_t setup_auth(const char *username, const char *password); + auth_t check_auth(); + + void setup_routing(const char *cert, const char *key); + void add_endpoint_to_list(const String uri, const char *method, const char *description); + void not_found_handler(); + void get_endpoint_list_handler(); + void get_firewall_rule_handler(); + void get_firewall_rules_handler(); + void post_firewall_handler(); + void put_firewall_handler(); + void delete_firewall_handler(); + + bool request_has_all_firewall_parameter(); + String json_new_attribute(String key, String value, bool last = false); + String json_new_attribute(String key, uint32_t value, bool last = false); + void json_generic_response(String serialized_string, const uint16_t response_code); + void json_array_response(String serialized_string, const uint16_t response_code); + void json_message_response(String message, const uint16_t response_code); + + String construct_json_firewall_rule(firewall_rule_t *rule_ptr); + String construct_json_firewall(); + String construct_json_api_endpoint(api_endpoint_t *api_ptr); + String construct_json_api(); + }; +} + +#endif diff --git a/src/esp8266/Firewall.cpp b/src/esp8266/Firewall.cpp new file mode 100644 index 0000000..f94012c --- /dev/null +++ b/src/esp8266/Firewall.cpp @@ -0,0 +1,181 @@ +#include "Firewall.hpp" + +namespace fw +{ + Firewall::Firewall() + { + this->amount_of_rules = retrieve_amount_of_rules(); + for (uint8_t i = 1; i <= this->amount_of_rules; i++) + { + firewall_rule_t *rule_ptr = retrieve_firewall_rule(i); + this->add_rule_to_firewall(rule_ptr, false); + } + } + + Firewall::~Firewall() + { + } + + firewall_rule_t *Firewall::get_rule_head() + { + return this->rule_head; + } + + void Firewall::add_rule_to_firewall(firewall_rule_t *rule_ptr, const bool save_in_eeprom) + { + store_amount_of_rules(this->amount_of_rules); + if (save_in_eeprom) + Storage::store_firewall_rule(rule_ptr); + if (this->rule_head == NULL) + { + this->rule_head = rule_ptr; + rule_ptr->next = NULL; + return; + } + firewall_rule_t *current_rule; + current_rule = this->rule_head; + while (current_rule->next != NULL) + current_rule = current_rule->next; + current_rule->next = rule_ptr; + rule_ptr->next = NULL; + } + + firewall_rule_t *Firewall::add_rule_to_firewall(String *args) + { + firewall_rule_t *rule_ptr = (firewall_rule_t *)malloc(sizeof(firewall_rule_t)); + rule_ptr->key = ++this->amount_of_rules; + + strncpy(rule_ptr->ip, args[IP].c_str(), sizeof(rule_ptr->ip)); + rule_ptr->port_from = args[PORT_FROM].toInt(); + rule_ptr->port_to = args[PORT_TO].toInt(); + rule_ptr->protocol = string_to_protocol(args[PROTOCOL]); + rule_ptr->target = string_to_target(args[TARGET]); + + add_rule_to_firewall(rule_ptr); + return rule_ptr; + } + + firewall_rule_t *Firewall::update_rule_of_firewall(String *args, const uint8_t key) + { + firewall_rule_t *rule_ptr = get_rule_from_firewall(key); + strncpy(rule_ptr->ip, args[IP].c_str(), sizeof(rule_ptr->ip)); + rule_ptr->port_from = args[PORT_FROM].toInt(); + rule_ptr->port_to = args[PORT_TO].toInt(); + rule_ptr->protocol = string_to_protocol(args[PROTOCOL]); + rule_ptr->target = string_to_target(args[TARGET]); + + Storage::store_firewall_rule(rule_ptr); + return rule_ptr; + } + + firewall_rule_t *Firewall::get_rule_from_firewall(const uint8_t key) + { + firewall_rule_t *rule_ptr = this->rule_head; + if (this->rule_head == NULL) + return NULL; + while (rule_ptr->key != key) + { + if (rule_ptr->next == NULL) + return NULL; + else + rule_ptr = rule_ptr->next; + } + return rule_ptr; + } + + ok_t Firewall::delete_rule_from_firewall(const uint8_t key) + { + if (this->rule_head == NULL) + return NO_ACTION; + firewall_rule_t *current_rule = this->rule_head; + firewall_rule_t *previous_rule = NULL; + firewall_rule_t *temp = NULL; + while (current_rule->key != key) + { + if (current_rule->next == NULL) + return NO_ACTION; + else + { + previous_rule = current_rule; + current_rule = current_rule->next; + } + } + if (current_rule == this->rule_head) + { + this->rule_head = rule_head->next; + temp = this->rule_head; + } + else + { + previous_rule->next = current_rule->next; + temp = previous_rule->next; + } + while (temp != NULL) + { + temp->key--; + temp = temp->next; + } + free(current_rule); + this->amount_of_rules--; + Storage::store_amount_of_rules(this->amount_of_rules); + if (this->amount_of_rules != 0) + Storage::store_all_firewall_rules(rule_head); + return SUCCESS; + } + + my_packet_t *Firewall::get_packet_information(struct pbuf *pbuf) + { + my_packet_t *packet = (my_packet_t *)malloc(sizeof(my_packet_t)); + const struct ip_hdr *iphdr = (struct ip_hdr *)pbuf->payload; + u16_t iphdr_hlen = IPH_HL_BYTES(iphdr); + + packet->protocol = (firewall_protocol_t)IPH_PROTO(iphdr); + sprintf(packet->ip, "%d.%d.%d.%d", ip4_addr1_16_val(iphdr->src), ip4_addr2_16_val(iphdr->src), ip4_addr3_16_val(iphdr->src), ip4_addr4_16_val(iphdr->src)); + + if (packet->protocol == PROTOCOL_UDP) + { + const struct udp_hdr *udphdr = (const struct udp_hdr *)((const u8_t *)iphdr + iphdr_hlen); + packet->port = lwip_ntohs(udphdr->dest); + } + else if (packet->protocol == PROTOCOL_TCP) + { + const struct tcp_hdr *tcphdr = (const struct tcp_hdr *)((const u8_t *)iphdr + iphdr_hlen); + packet->port = lwip_ntohs(tcphdr->dest); + } + + return packet; + } + + bool Firewall::rule_allows_packet(firewall_rule_t *rule_ptr, my_packet_t *packet) + { + if (strncmp(rule_ptr->ip, packet->ip, IPV4ADDRESS_LENGTH) == 0) + { + if ((rule_ptr->protocol == PROTOCOL_ALL || packet->protocol == rule_ptr->protocol) && + is_in_range(packet->port, rule_ptr->port_from, rule_ptr->port_to) && + rule_ptr->target == TARGET_ACCEPT) + { + free(packet); + return true; + } + } + return false; + } + + bool Firewall::is_packet_allowed(struct pbuf *pbuf) + { + // no rules -> no action + if (this->amount_of_rules == 0) + return true; + + my_packet_t *packet = get_packet_information(pbuf); + firewall_rule_t *rule_ptr = this->rule_head; + while (rule_ptr != NULL) + { + if (rule_allows_packet(rule_ptr, packet)) + return true; + rule_ptr = rule_ptr->next; + } + free(packet); + return false; + } +} diff --git a/src/esp8266/Firewall.hpp b/src/esp8266/Firewall.hpp new file mode 100644 index 0000000..bcff05d --- /dev/null +++ b/src/esp8266/Firewall.hpp @@ -0,0 +1,38 @@ +#ifndef ESP8266_FIREWALL_HPP +#define ESP8266_FIREWALL_HPP + +#include "Utils.hpp" +#include "Storage.hpp" +#include "WiFiClient.h" +#include "lwip/netif.h" +#include "lwip/pbuf.h" +#include "lwip/ip4.h" +#include "lwip/udp.h" +#include "lwip/prot/tcp.h" + +namespace fw +{ + class Firewall : public Storage + { + public: + Firewall(); + ~Firewall(); + + firewall_rule_t *get_rule_head(); + void add_rule_to_firewall(firewall_rule_t *rule_ptr, const bool save_in_eeprom = true); + firewall_rule_t *add_rule_to_firewall(String *args); + firewall_rule_t *update_rule_of_firewall(String *args, const uint8_t key); + firewall_rule_t *get_rule_from_firewall(const uint8_t key); + ok_t delete_rule_from_firewall(const uint8_t key); + bool is_packet_allowed(struct pbuf *pbuf); + + protected: + bool rule_allows_packet(firewall_rule_t *rule_ptr, my_packet_t *packet); + my_packet_t *get_packet_information(struct pbuf *pbuf); + + uint8_t amount_of_rules = 0; + firewall_rule_t *rule_head = NULL; + }; +} + +#endif diff --git a/src/esp8266/Storage.cpp b/src/esp8266/Storage.cpp new file mode 100644 index 0000000..9299a28 --- /dev/null +++ b/src/esp8266/Storage.cpp @@ -0,0 +1,74 @@ +#include "Storage.hpp" + +namespace fw +{ + Storage::Storage() + { + this->max_rules = 15; + this->eeprom_amount_of_rules = 0; + this->eeprom_rules_head = 1; + this->eeprom_size = this->max_rules * sizeof(firewall_rule_t) + eeprom_rules_head; + EEPROM.begin(this->eeprom_size); + } + + Storage::~Storage() + { + } + + uint16_t Storage::eeprom_rule_position(uint8_t key) + { + return eeprom_rules_head + (key - 1) * sizeof(firewall_rule_t); + } + + uint8_t Storage::retrieve_amount_of_rules() + { + uint8_t amount_of_rules = EEPROM.read(this->eeprom_amount_of_rules); + + if (amount_of_rules > this->max_rules) + return 0; + return amount_of_rules; + } + + void Storage::store_amount_of_rules(const uint8_t new_amount) + { + EEPROM.put(this->eeprom_amount_of_rules, new_amount); + EEPROM.commit(); + } + + firewall_rule_t *Storage::retrieve_firewall_rule(const uint8_t key) + { + firewall_rule_t *rule_ptr = (firewall_rule_t *)malloc(sizeof(firewall_rule_t)); + rule_ptr->key = key; + uint16_t eespom_position = eeprom_rule_position(key); + + EEPROM.get(eespom_position, rule_ptr->ip); + EEPROM.get(eespom_position += sizeof(rule_ptr->ip), rule_ptr->port_from); + EEPROM.get(eespom_position += sizeof(rule_ptr->port_from), rule_ptr->port_to); + EEPROM.get(eespom_position += sizeof(rule_ptr->port_to), rule_ptr->protocol); + EEPROM.get(eespom_position += sizeof(rule_ptr->protocol), rule_ptr->target); + return rule_ptr; + } + + void Storage::store_all_firewall_rules(firewall_rule_t *rule_head) + { + firewall_rule_t *temp = rule_head; + while (temp != NULL) + { + store_firewall_rule(temp); + temp = temp->next; + } + } + + void Storage::store_firewall_rule(firewall_rule_t *rule_ptr) + { + uint16_t eespom_position = eeprom_rule_position(rule_ptr->key); + + EEPROM.put(eespom_position, rule_ptr->ip); + EEPROM.put(eespom_position += sizeof(rule_ptr->ip), rule_ptr->port_from); + EEPROM.put(eespom_position += sizeof(rule_ptr->port_from), rule_ptr->port_to); + EEPROM.put(eespom_position += sizeof(rule_ptr->port_to), rule_ptr->protocol); + EEPROM.put(eespom_position += sizeof(rule_ptr->protocol), rule_ptr->target); + + EEPROM.commit(); + } +} diff --git a/src/esp8266/Storage.hpp b/src/esp8266/Storage.hpp new file mode 100644 index 0000000..d9a3747 --- /dev/null +++ b/src/esp8266/Storage.hpp @@ -0,0 +1,32 @@ +#ifndef ESP8266_STORAGE_HPP +#define ESP8266_STORAGE_HPP + +#include "EEPROM.h" +#include "Utils.hpp" + +namespace fw +{ + class Storage + { + public: + Storage(); + ~Storage(); + + private: + uint8_t max_rules; + uint16_t eeprom_size; + uint16_t eeprom_amount_of_rules; + uint16_t eeprom_rules_head; + + uint16_t eeprom_rule_position(uint8_t key); + + protected: + uint8_t retrieve_amount_of_rules(); + void store_amount_of_rules(const uint8_t new_amount); + firewall_rule_t *retrieve_firewall_rule(const uint8_t key); + void store_all_firewall_rules(firewall_rule_t *rule_head); + void store_firewall_rule(firewall_rule_t *rule_ptr); + }; +} + +#endif diff --git a/src/esp8266/Utils.cpp b/src/esp8266/Utils.cpp new file mode 100644 index 0000000..c2a5137 --- /dev/null +++ b/src/esp8266/Utils.cpp @@ -0,0 +1,58 @@ +#include "Utils.hpp" + +namespace fw +{ + String protocol_to_string(firewall_protocol_t &protocol) + { + switch (protocol) + { + case PROTOCOL_TCP: + return "TCP"; + case PROTOCOL_UDP: + return "UDP"; + default: + return "ALL"; + } + } + + firewall_protocol_t string_to_protocol(String &protocol) + { + if (protocol.equals("TCP")) + return PROTOCOL_TCP; + else if (protocol.equals("UDP")) + return PROTOCOL_UDP; + else + return PROTOCOL_ALL; + } + + String target_to_string(firewall_target_t &target) + { + switch (target) + { + case TARGET_DROP: + return "DROP"; + default: + return "ACCEPT"; + } + } + + firewall_target_t string_to_target(String &target) + { + if (target.equals("DROP")) + return TARGET_DROP; + else + return TARGET_ACCEPT; + } + + void endless_loop() + { + Serial.printf("Something went wrong. Running endless loop until fixed..."); + while (true) + delay(500); + } + + bool is_in_range(const uint16_t number, const uint16_t lower, const uint16_t upper) + { + return lower <= number && number <= upper; + } +} diff --git a/src/esp8266/Utils.hpp b/src/esp8266/Utils.hpp new file mode 100644 index 0000000..ffe0970 --- /dev/null +++ b/src/esp8266/Utils.hpp @@ -0,0 +1,90 @@ +#ifndef UTILS_HPP +#define UTILS_HPP + +#include "Arduino.h" +#include "WString.h" + +namespace fw +{ + typedef enum firewall_targets : uint8_t + { + TARGET_DROP = 1, + TARGET_ACCEPT = 2, + } firewall_target_t; + + typedef enum firewall_protocols : uint8_t + { + PROTOCOL_TCP = 6, + PROTOCOL_UDP = 17, + PROTOCOL_ALL = 255, + } firewall_protocol_t; + + typedef enum ok : uint8_t + { + SUCCESS = 0, + ERROR = 1, + NO_ACTION = 2, + } ok_t; + + typedef enum auth : uint8_t + { + AUTHENTICATED = 0, + DENIED = 1, + } auth_t; + + static const uint8_t IPV4ADDRESS_LENGTH = 16; + typedef struct firewall_rules + { + uint8_t key; + char ip[IPV4ADDRESS_LENGTH]; + uint16_t port_from; + uint16_t port_to; + firewall_protocol_t protocol; + firewall_target_t target; + struct firewall_rules *next; + } firewall_rule_t; + + typedef struct my_packet + { + char ip[IPV4ADDRESS_LENGTH]; + firewall_protocol_t protocol; + uint16_t port; + } my_packet_t; + + static const uint8_t firewall_fields_amount = 6; + const char firewall_fields[firewall_fields_amount][10] = {"key", "ip", "port_from", "port_to", "protocol", "target"}; + typedef enum firewall_fields : uint8_t + { + KEY, + IP, + PORT_FROM, + PORT_TO, + PROTOCOL, + TARGET, + } firewall_fields_t; + + static const uint8_t CREDENTIALS_LENGTH = 32; + typedef struct credentials + { + char password[CREDENTIALS_LENGTH]; + char username[CREDENTIALS_LENGTH]; + } credential_t; + + typedef struct api_endpoints + { + char uri[60]; + char method[7]; + char description[30]; + struct api_endpoints *next; + } api_endpoint_t; + + String protocol_to_string(firewall_protocol_t &protocol); + firewall_protocol_t string_to_protocol(String &protocol); + String target_to_string(firewall_target_t &target); + firewall_target_t string_to_target(String &target); + String response_code_to_string(const uint16_t response_code); + void endless_loop(); + bool is_in_range(const uint16_t number, const uint16_t lower, const uint16_t upper); +} + +#endif