David Brownell <david-b@pacbell.net>:
OpenOCD doesn't actually *need* to be keeping all TCP ports active ... creating security issues in some network configs. Instead, let config file specify e.g. "tcl_port 0" (or gdb_port, telnet_port) to disable that particular remote access method. git-svn-id: svn://svn.berlios.de/openocd/trunk@2240 b42882b7-edfa-0310-969c-e2dbd0fdcd60
This commit is contained in:
parent
0ffbc60333
commit
4f4592539d
|
@ -1422,10 +1422,17 @@ the memory read/write commands. This includes @command{nand probe}.
|
|||
@cindex TCP port
|
||||
@cindex server
|
||||
@cindex port
|
||||
@cindex security
|
||||
The OpenOCD server accepts remote commands in several syntaxes.
|
||||
Each syntax uses a different TCP/IP port, which you may specify
|
||||
only during configuration (before those ports are opened).
|
||||
|
||||
For reasons including security, you may wish to prevent remote
|
||||
access using one or more of these ports.
|
||||
In such cases, just specify the relevant port number as zero.
|
||||
If you disable all access through TCP/IP, you will need to
|
||||
use the command line @option{-pipe} option.
|
||||
|
||||
@deffn {Command} gdb_port (number)
|
||||
@cindex GDB server
|
||||
Specify or query the first port used for incoming GDB connections.
|
||||
|
@ -1433,6 +1440,7 @@ The GDB port for the
|
|||
first target will be gdb_port, the second target will listen on gdb_port + 1, and so on.
|
||||
When not specified during the configuration stage,
|
||||
the port @var{number} defaults to 3333.
|
||||
When specified as zero, this port is not activated.
|
||||
@end deffn
|
||||
|
||||
@deffn {Command} tcl_port (number)
|
||||
|
@ -1442,6 +1450,7 @@ output from the Tcl engine.
|
|||
Intended as a machine interface.
|
||||
When not specified during the configuration stage,
|
||||
the port @var{number} defaults to 6666.
|
||||
When specified as zero, this port is not activated.
|
||||
@end deffn
|
||||
|
||||
@deffn {Command} telnet_port (number)
|
||||
|
@ -1450,6 +1459,7 @@ port on which to listen for incoming telnet connections.
|
|||
This port is intended for interaction with one human through TCL commands.
|
||||
When not specified during the configuration stage,
|
||||
the port @var{number} defaults to 4444.
|
||||
When specified as zero, this port is not activated.
|
||||
@end deffn
|
||||
|
||||
@anchor{GDB Configuration}
|
||||
|
|
|
@ -44,7 +44,7 @@ static int gdb_breakpoint_override;
|
|||
static enum breakpoint_type gdb_breakpoint_override_type;
|
||||
|
||||
extern int gdb_error(connection_t *connection, int retval);
|
||||
static unsigned short gdb_port;
|
||||
static unsigned short gdb_port = 3333;
|
||||
static const char *DIGITS = "0123456789abcdef";
|
||||
|
||||
static void gdb_log_callback(void *priv, const char *file, int line,
|
||||
|
@ -2198,8 +2198,8 @@ int gdb_init(void)
|
|||
|
||||
if (gdb_port == 0 && server_use_pipes == 0)
|
||||
{
|
||||
LOG_DEBUG("no gdb port specified, using default port 3333");
|
||||
gdb_port = 3333;
|
||||
LOG_INFO("gdb port disabled");
|
||||
return ERROR_OK;
|
||||
}
|
||||
|
||||
if (server_use_pipes)
|
||||
|
|
|
@ -34,7 +34,7 @@ typedef struct tcl_connection_s {
|
|||
int tc_outerror; /* flag an output error */
|
||||
} tcl_connection_t;
|
||||
|
||||
static unsigned short tcl_port = 0;
|
||||
static unsigned short tcl_port = 6666;
|
||||
|
||||
/* commands */
|
||||
static int handle_tcl_port_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
|
||||
|
@ -165,8 +165,8 @@ int tcl_init(void)
|
|||
|
||||
if (tcl_port == 0)
|
||||
{
|
||||
LOG_DEBUG("no tcl port specified, using default port 6666");
|
||||
tcl_port = 6666;
|
||||
LOG_INFO("tcl port disabled");
|
||||
return ERROR_OK;
|
||||
}
|
||||
|
||||
retval = add_service("tcl", CONNECTION_TCP, tcl_port, 1, tcl_new_connection, tcl_input, tcl_closed, NULL);
|
||||
|
|
|
@ -30,7 +30,7 @@
|
|||
#include "telnet_server.h"
|
||||
#include "target_request.h"
|
||||
|
||||
static unsigned short telnet_port = 0;
|
||||
static unsigned short telnet_port = 4444;
|
||||
|
||||
int handle_exit_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
|
||||
int handle_telnet_port_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
|
||||
|
@ -596,8 +596,8 @@ int telnet_init(char *banner)
|
|||
|
||||
if (telnet_port == 0)
|
||||
{
|
||||
LOG_DEBUG("no telnet port specified, using default port 4444");
|
||||
telnet_port = 4444;
|
||||
LOG_INFO("telnet port disabled");
|
||||
return ERROR_OK;
|
||||
}
|
||||
|
||||
telnet_service->banner = banner;
|
||||
|
|
Loading…
Reference in New Issue