2008/11/10 Kieran Mansley
<address@hidden>
> but i'd like don't change lwip code... i'm searching a workaround if
> exist)
Depends what they mean by disable it. You could minimise your changes
to lwIP by just checking the if(optionPingEnabled) in icmp_input() and
return if it has been disabled. That would still leave some ICMP code
active though, for example the stack would still send "destination
protocol unreachable" in ip_input() in some circumstances.
Do you think that to leave ICMP active would be usefull for a PC application that tries to send something to my board?
An alternative that would not need any mods to lwIP would be to snoop
the IP header protocol field on all packets in your driver and drop any
that have the ICMP type when the protocol is disabled.
I'm thinking the same driving my car after work: i want to check if i can add a piece of code instead of low_level_input function ; it could be something like this:
ACTUAL CODE:
....
/* move received packet into a new pbuf */
p = low_level_input(netifLocal);
/* no packet could be read, silently ignore this */
if (p == NULL) return(ret);
....
NEW CODE:
....
/* move received packet into a new pbuf */
p = low_level_input(netifLocal);
/* no packet could be read, silently ignore this */
if (p == NULL) return(ret);
//---------------------------------------------
// low level firewall
if (low_level_firewall_isOn(netIfLocal))
{
// check packet head using netif firewall setting
if (low_level_firewall_filter(netIfLocal, p)!=ERR_OK)
{
// drop packet - free pbuf
pbuf_free(p);
}
}
//---------------------------------------------
....
and i have to implement some firewall policy (i.e. drop all ICMP packets, or drop ICMP echo request packets...) and to add some specific attribute to my netif->state struct for firewall settings
What do you think?
Thanks for your advices,
Piero