David Brownell <david-b@pacbell.net>:

OpenOCD doesn't actually *need* to be keeping all TCP ports
active ... creating security issues in some network configs.

Instead, let config file specify e.g. "tcl_port 0" (or gdb_port,
telnet_port) to disable that particular remote access method.


git-svn-id: svn://svn.berlios.de/openocd/trunk@2240 b42882b7-edfa-0310-969c-e2dbd0fdcd60
This commit is contained in:
zwelch 2009-06-13 08:38:57 +00:00
parent 0ffbc60333
commit 4f4592539d
4 changed files with 19 additions and 9 deletions

View File

@ -1422,10 +1422,17 @@ the memory read/write commands. This includes @command{nand probe}.
@cindex TCP port
@cindex server
@cindex port
@cindex security
The OpenOCD server accepts remote commands in several syntaxes.
Each syntax uses a different TCP/IP port, which you may specify
only during configuration (before those ports are opened).
For reasons including security, you may wish to prevent remote
access using one or more of these ports.
In such cases, just specify the relevant port number as zero.
If you disable all access through TCP/IP, you will need to
use the command line @option{-pipe} option.
@deffn {Command} gdb_port (number)
@cindex GDB server
Specify or query the first port used for incoming GDB connections.
@ -1433,6 +1440,7 @@ The GDB port for the
first target will be gdb_port, the second target will listen on gdb_port + 1, and so on.
When not specified during the configuration stage,
the port @var{number} defaults to 3333.
When specified as zero, this port is not activated.
@end deffn
@deffn {Command} tcl_port (number)
@ -1442,6 +1450,7 @@ output from the Tcl engine.
Intended as a machine interface.
When not specified during the configuration stage,
the port @var{number} defaults to 6666.
When specified as zero, this port is not activated.
@end deffn
@deffn {Command} telnet_port (number)
@ -1450,6 +1459,7 @@ port on which to listen for incoming telnet connections.
This port is intended for interaction with one human through TCL commands.
When not specified during the configuration stage,
the port @var{number} defaults to 4444.
When specified as zero, this port is not activated.
@end deffn
@anchor{GDB Configuration}

View File

@ -44,7 +44,7 @@ static int gdb_breakpoint_override;
static enum breakpoint_type gdb_breakpoint_override_type;
extern int gdb_error(connection_t *connection, int retval);
static unsigned short gdb_port;
static unsigned short gdb_port = 3333;
static const char *DIGITS = "0123456789abcdef";
static void gdb_log_callback(void *priv, const char *file, int line,
@ -2198,8 +2198,8 @@ int gdb_init(void)
if (gdb_port == 0 && server_use_pipes == 0)
{
LOG_DEBUG("no gdb port specified, using default port 3333");
gdb_port = 3333;
LOG_INFO("gdb port disabled");
return ERROR_OK;
}
if (server_use_pipes)

View File

@ -34,7 +34,7 @@ typedef struct tcl_connection_s {
int tc_outerror; /* flag an output error */
} tcl_connection_t;
static unsigned short tcl_port = 0;
static unsigned short tcl_port = 6666;
/* commands */
static int handle_tcl_port_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
@ -165,8 +165,8 @@ int tcl_init(void)
if (tcl_port == 0)
{
LOG_DEBUG("no tcl port specified, using default port 6666");
tcl_port = 6666;
LOG_INFO("tcl port disabled");
return ERROR_OK;
}
retval = add_service("tcl", CONNECTION_TCP, tcl_port, 1, tcl_new_connection, tcl_input, tcl_closed, NULL);

View File

@ -30,7 +30,7 @@
#include "telnet_server.h"
#include "target_request.h"
static unsigned short telnet_port = 0;
static unsigned short telnet_port = 4444;
int handle_exit_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
int handle_telnet_port_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
@ -596,8 +596,8 @@ int telnet_init(char *banner)
if (telnet_port == 0)
{
LOG_DEBUG("no telnet port specified, using default port 4444");
telnet_port = 4444;
LOG_INFO("telnet port disabled");
return ERROR_OK;
}
telnet_service->banner = banner;