OpenOCD doesn't actually *need* to be keeping all TCP ports
active ... creating security issues in some network configs.
Instead, let config file specify e.g. "tcl_port 0" (or gdb_port,
telnet_port) to disable that particular remote access method.
git-svn-id: svn://svn.berlios.de/openocd/trunk@2240
b42882b7-edfa-0310-969c-
e2dbd0fdcd60
@cindex TCP port
@cindex server
@cindex port
@cindex TCP port
@cindex server
@cindex port
The OpenOCD server accepts remote commands in several syntaxes.
Each syntax uses a different TCP/IP port, which you may specify
only during configuration (before those ports are opened).
The OpenOCD server accepts remote commands in several syntaxes.
Each syntax uses a different TCP/IP port, which you may specify
only during configuration (before those ports are opened).
+For reasons including security, you may wish to prevent remote
+access using one or more of these ports.
+In such cases, just specify the relevant port number as zero.
+If you disable all access through TCP/IP, you will need to
+use the command line @option{-pipe} option.
+
@deffn {Command} gdb_port (number)
@cindex GDB server
Specify or query the first port used for incoming GDB connections.
@deffn {Command} gdb_port (number)
@cindex GDB server
Specify or query the first port used for incoming GDB connections.
first target will be gdb_port, the second target will listen on gdb_port + 1, and so on.
When not specified during the configuration stage,
the port @var{number} defaults to 3333.
first target will be gdb_port, the second target will listen on gdb_port + 1, and so on.
When not specified during the configuration stage,
the port @var{number} defaults to 3333.
+When specified as zero, this port is not activated.
@end deffn
@deffn {Command} tcl_port (number)
@end deffn
@deffn {Command} tcl_port (number)
Intended as a machine interface.
When not specified during the configuration stage,
the port @var{number} defaults to 6666.
Intended as a machine interface.
When not specified during the configuration stage,
the port @var{number} defaults to 6666.
+When specified as zero, this port is not activated.
@end deffn
@deffn {Command} telnet_port (number)
@end deffn
@deffn {Command} telnet_port (number)
This port is intended for interaction with one human through TCL commands.
When not specified during the configuration stage,
the port @var{number} defaults to 4444.
This port is intended for interaction with one human through TCL commands.
When not specified during the configuration stage,
the port @var{number} defaults to 4444.
+When specified as zero, this port is not activated.
@end deffn
@anchor{GDB Configuration}
@end deffn
@anchor{GDB Configuration}
static enum breakpoint_type gdb_breakpoint_override_type;
extern int gdb_error(connection_t *connection, int retval);
static enum breakpoint_type gdb_breakpoint_override_type;
extern int gdb_error(connection_t *connection, int retval);
-static unsigned short gdb_port;
+static unsigned short gdb_port = 3333;
static const char *DIGITS = "0123456789abcdef";
static void gdb_log_callback(void *priv, const char *file, int line,
static const char *DIGITS = "0123456789abcdef";
static void gdb_log_callback(void *priv, const char *file, int line,
if (gdb_port == 0 && server_use_pipes == 0)
{
if (gdb_port == 0 && server_use_pipes == 0)
{
- LOG_DEBUG("no gdb port specified, using default port 3333");
- gdb_port = 3333;
+ LOG_INFO("gdb port disabled");
+ return ERROR_OK;
int tc_outerror; /* flag an output error */
} tcl_connection_t;
int tc_outerror; /* flag an output error */
} tcl_connection_t;
-static unsigned short tcl_port = 0;
+static unsigned short tcl_port = 6666;
/* commands */
static int handle_tcl_port_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
/* commands */
static int handle_tcl_port_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
- LOG_DEBUG("no tcl port specified, using default port 6666");
- tcl_port = 6666;
+ LOG_INFO("tcl port disabled");
+ return ERROR_OK;
}
retval = add_service("tcl", CONNECTION_TCP, tcl_port, 1, tcl_new_connection, tcl_input, tcl_closed, NULL);
}
retval = add_service("tcl", CONNECTION_TCP, tcl_port, 1, tcl_new_connection, tcl_input, tcl_closed, NULL);
#include "telnet_server.h"
#include "target_request.h"
#include "telnet_server.h"
#include "target_request.h"
-static unsigned short telnet_port = 0;
+static unsigned short telnet_port = 4444;
int handle_exit_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
int handle_telnet_port_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
int handle_exit_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
int handle_telnet_port_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
- LOG_DEBUG("no telnet port specified, using default port 4444");
- telnet_port = 4444;
+ LOG_INFO("telnet port disabled");
+ return ERROR_OK;
}
telnet_service->banner = banner;
}
telnet_service->banner = banner;
Linking to existing account procedure
If you already have an account and want to add another login method
you
MUST first sign in with your existing account and
then change URL to read
https://review.openocd.org/login/?link
to get to this page again but this time it'll work for linking. Thank you.
SSH host keys fingerprints
1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=.. |
|+o.. . |
|*.o . . |
|+B . . . |
|Bo. = o S |
|Oo.+ + = |
|oB=.* = . o |
| =+=.+ + E |
|. .=o . o |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)