OpenOCD doesn't actually *need* to be keeping all TCP ports
active ... creating security issues in some network configs.
Instead, let config file specify e.g. "tcl_port 0" (or gdb_port,
telnet_port) to disable that particular remote access method.
git-svn-id: svn://svn.berlios.de/openocd/trunk@2240
b42882b7-edfa-0310-969c-
e2dbd0fdcd60
@cindex TCP port
@cindex server
@cindex port
+@cindex security
The OpenOCD server accepts remote commands in several syntaxes.
Each syntax uses a different TCP/IP port, which you may specify
only during configuration (before those ports are opened).
+For reasons including security, you may wish to prevent remote
+access using one or more of these ports.
+In such cases, just specify the relevant port number as zero.
+If you disable all access through TCP/IP, you will need to
+use the command line @option{-pipe} option.
+
@deffn {Command} gdb_port (number)
@cindex GDB server
Specify or query the first port used for incoming GDB connections.
first target will be gdb_port, the second target will listen on gdb_port + 1, and so on.
When not specified during the configuration stage,
the port @var{number} defaults to 3333.
+When specified as zero, this port is not activated.
@end deffn
@deffn {Command} tcl_port (number)
Intended as a machine interface.
When not specified during the configuration stage,
the port @var{number} defaults to 6666.
+When specified as zero, this port is not activated.
@end deffn
@deffn {Command} telnet_port (number)
This port is intended for interaction with one human through TCL commands.
When not specified during the configuration stage,
the port @var{number} defaults to 4444.
+When specified as zero, this port is not activated.
@end deffn
@anchor{GDB Configuration}
static enum breakpoint_type gdb_breakpoint_override_type;
extern int gdb_error(connection_t *connection, int retval);
-static unsigned short gdb_port;
+static unsigned short gdb_port = 3333;
static const char *DIGITS = "0123456789abcdef";
static void gdb_log_callback(void *priv, const char *file, int line,
if (gdb_port == 0 && server_use_pipes == 0)
{
- LOG_DEBUG("no gdb port specified, using default port 3333");
- gdb_port = 3333;
+ LOG_INFO("gdb port disabled");
+ return ERROR_OK;
}
if (server_use_pipes)
int tc_outerror; /* flag an output error */
} tcl_connection_t;
-static unsigned short tcl_port = 0;
+static unsigned short tcl_port = 6666;
/* commands */
static int handle_tcl_port_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
if (tcl_port == 0)
{
- LOG_DEBUG("no tcl port specified, using default port 6666");
- tcl_port = 6666;
+ LOG_INFO("tcl port disabled");
+ return ERROR_OK;
}
retval = add_service("tcl", CONNECTION_TCP, tcl_port, 1, tcl_new_connection, tcl_input, tcl_closed, NULL);
#include "telnet_server.h"
#include "target_request.h"
-static unsigned short telnet_port = 0;
+static unsigned short telnet_port = 4444;
int handle_exit_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
int handle_telnet_port_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
if (telnet_port == 0)
{
- LOG_DEBUG("no telnet port specified, using default port 4444");
- telnet_port = 4444;
+ LOG_INFO("telnet port disabled");
+ return ERROR_OK;
}
telnet_service->banner = banner;
projects / openocd / commitdiff