From 7d226ce542540cb8c9fa7464b074114f846b42bc Mon Sep 17 00:00:00 2001
From: Mahavir Jain <mahavir@espressif.com>
Date: Thu, 15 Oct 2020 19:10:11 +0530
Subject: [PATCH] lwip: provide configuration option to enable TCP ISN hook

---
 components/lwip/CMakeLists.txt                |  5 +++++
 components/lwip/Kconfig                       | 11 +++++++++++
 components/lwip/component.mk                  |  7 ++++++-
 components/lwip/port/esp32/include/lwipopts.h | 11 +++++++++++
 4 files changed, 33 insertions(+), 1 deletion(-)

diff --git a/components/lwip/CMakeLists.txt b/components/lwip/CMakeLists.txt
index dec0ecb86c..6833d68af5 100644
--- a/components/lwip/CMakeLists.txt
+++ b/components/lwip/CMakeLists.txt
@@ -4,6 +4,7 @@ set(include_dirs
     lwip/src/include
     port/esp32/include
     port/esp32/include/arch
+    port/esp32/tcp_isn
     )
 
 set(srcs
@@ -135,6 +136,10 @@ else()
     list(APPEND srcs "port/esp32/no_vfs_syscalls.c")
 endif()
 
+if(CONFIG_LWIP_TCP_ISN_HOOK)
+    list(APPEND srcs "port/esp32/tcp_isn/tcp_isn.c")
+endif()
+
 idf_component_register(SRCS "${srcs}"
                     INCLUDE_DIRS "${include_dirs}"
                     LDFRAGMENTS linker.lf
diff --git a/components/lwip/Kconfig b/components/lwip/Kconfig
index 4dea01dda4..d420a80a72 100644
--- a/components/lwip/Kconfig
+++ b/components/lwip/Kconfig
@@ -327,6 +327,17 @@ menu "LWIP"
 
     menu "TCP"
 
+        config LWIP_TCP_ISN_HOOK
+            bool "Enable TCP ISN Hook"
+            default y
+            help
+                Enables custom TCP ISN hook to randomize initial sequence
+                number in TCP connection. This is recommended as default
+                lwIP implementation (`tcp_next_iss`) is not very strong,
+                as it does not take into consideration any platform
+                specific entropy source.
+
+
         config LWIP_MAX_ACTIVE_TCP
             int "Maximum active TCP Connections"
             range 1 1024
diff --git a/components/lwip/component.mk b/components/lwip/component.mk
index d4e53d6949..9bcab5d710 100644
--- a/components/lwip/component.mk
+++ b/components/lwip/component.mk
@@ -8,7 +8,8 @@ COMPONENT_ADD_INCLUDEDIRS := \
 	include/apps/sntp \
 	lwip/src/include \
 	port/esp32/include \
-	port/esp32/include/arch
+	port/esp32/include/arch \
+	port/esp32/tcp_isn
 
 COMPONENT_SRCDIRS := \
 	apps/dhcpserver \
@@ -39,6 +40,10 @@ ifdef CONFIG_LWIP_PPP_SUPPORT
     COMPONENT_SRCDIRS += lwip/src/netif/ppp lwip/src/netif/ppp/polarssl
 endif
 
+ifdef CONFIG_LWIP_TCP_ISN_HOOK
+    COMPONENT_SRCDIRS += port/esp32/tcp_isn
+endif
+
 CFLAGS += -Wno-address  # lots of LWIP source files evaluate macros that check address of stack variables
 
 lwip/src/netif/ppp/ppp.o: CFLAGS += -Wno-uninitialized
diff --git a/components/lwip/port/esp32/include/lwipopts.h b/components/lwip/port/esp32/include/lwipopts.h
index 99e42c8be6..5ef469da35 100644
--- a/components/lwip/port/esp32/include/lwipopts.h
+++ b/components/lwip/port/esp32/include/lwipopts.h
@@ -420,6 +420,17 @@
  */
 #define LWIP_TCP_RTO_TIME             CONFIG_LWIP_TCP_RTO_TIME
 
+/**
+ * Set TCP hook for Initial Sequence Number (ISN)
+ */
+#ifdef CONFIG_LWIP_TCP_ISN_HOOK
+#include <lwip/arch.h>
+struct ip_addr;
+u32_t lwip_hook_tcp_isn(const struct ip_addr *local_ip, u16_t local_port,
+                        const struct ip_addr *remote_ip, u16_t remote_port);
+#define LWIP_HOOK_TCP_ISN               lwip_hook_tcp_isn
+#endif
+
 /*
    ----------------------------------
    ---------- Pbuf options ----------