Update documentation. Add Porting guide. Fix httpd free slot check.#138
Update documentation. Add Porting guide. Fix httpd free slot check.#138danielinux wants to merge 6 commits into
Conversation
Add docs/porting_guide.md covering link-layer driver design (PIO and DMA, descriptor rings, cache coherency, PHY/MDIO bring-up) and porting wolfIP to a new OS (poll task, core mutex, BSD socket wrapper, callback wakeups), with snippets from existing ports and a Zephyr case study. Link both the porting guide and the lwIP migration guide from README.
Add docs/ipsec_esp_howto.md (build flags, SA install API, transport-mode data path, cipher-suite selection, and Linux ip xfrm interop) and docs/tftp_howto.md (callback-driven client/server wiring over wolfIP UDP sockets, protocol options, and the firmware-download hash/verify pattern), drawing on src/test/esp/, tools/ip-xfrm/, the stm32h563 TFTP demo, and the tftp-hpa interop test. Link both from README and API.md, and note ESP (RFC 4303) and the module how-tos in API.md.
…IPv4 Add five module getting-started guides, each grounded in the actual sources and example/test code: - docs/tls_howto.md: wolfSSL/TLS over wolfIP sockets (WOLFSSL_WOLFIP), the wolfssl_io.c I/O-callback bridge, and non-blocking handshakes driven alongside wolfIP_poll(). - docs/http_server_howto.md: the src/http/ server module, handler registration, and HTTPS via a WOLFSSL_CTX. - docs/wolfguard_howto.md: the in-stack WireGuard tunnel (WOLFGUARD), peer/key setup, the wg0 interface, and kernel interop. - docs/dhcp_dns_howto.md: DHCP lease acquisition and DNS resolution with nslookup, and their poll-loop lifecycle. - docs/advanced_ipv4_howto.md: multicast/IGMP, IPv4 forwarding, multiple interfaces (the _ex accessors), and loopback. Link all five from README and API.md.
Remove the Limitations section from each module how-to (TLS, HTTP, wolfGuard, DHCP/DNS, ESP, advanced IPv4) and their ToC entries. Also clean up two stray agent-emitted closing tags at the end of the HTTP and wolfGuard guides. wolfGuard: reframe the intro to simply state it is WireGuard with the crypto replaced for FIPS compliance, dropping the WireGuard-interop caveats (the FIPS suite difference is self-evident).
double check no static content is associated to the slot
There was a problem hiding this comment.
I like the ESP docs!
I think we could also mention these in the ESP doc eventually. This PR is already large so I'm leaving this as a note:
-
wolfesp does 32 bit sequence numbers, and does not do IKE. This is to keep things simple for embedded context. For embedded line rates it's assumed that sequence number exhaustion will not be a problem. Similarly, rapid rekeying via IKE is not expected to be needed. We can always build in this complexity if it's needed (and wolfssl can provide the guts needed).
-
For the GCMs we follow
NIST SP 800-38D, section 8.2.1 Deterministic Constructionfor the iv construction. We construct a IV from: user supplied 4 byte salt (which may be public and shared), concatenated with 8 bytes randomly generated fromwc_RNG_GenerateBlock()at SA creation time, which is xor'ed with sequence number for a deterministic counter with random starting value. -
Tunnel mode, UDP encap of ESP, and more sophisticated proto/port filtering of SAs can be added as they are needed.
All my nits are suggestions that can be done in another PR. I think it's good as is.
3 participants
No description provided.