First source code changes for security.

This basically parameterizes the serial bridges to ports 23 and 2323.

Makefile

@@ -99,6 +99,15 @@ MCU_ISP_PIN         ?= 13
 LED_CONN_PIN        ?= 0
 # GPIO pin used for "serial activity" LED, active low
 LED_SERIAL_PIN      ?= 14
+#
+# Default settings for access over TCP/IP connections
+#
+# Modes are 0 (unsecure), 1 (disabled), 2 (secure)
+#
+PORT1_MODE		?=	0
+PORT1_PORTNUMBER	?=	23
+PORT2_MODE		?=	0
+PORT2_PORTNUMBER	?=	2323
 
 # --------------- esp-link modules config options ---------------
 
@@ -243,6 +252,8 @@ CFLAGS	+= -Os -ggdb -std=c99 -Werror -Wpointer-arith -Wundef -Wall -Wl,-EL -fno-
 	-D__ets__ -DICACHE_FLASH -Wno-address -DFIRMWARE_SIZE=$(ESP_FLASH_MAX) \
 	-DMCU_RESET_PIN=$(MCU_RESET_PIN) -DMCU_ISP_PIN=$(MCU_ISP_PIN) \
 	-DLED_CONN_PIN=$(LED_CONN_PIN) -DLED_SERIAL_PIN=$(LED_SERIAL_PIN) \
+	-DPORT1_PORTNUMBER=$(PORT1_PORTNUMBER) -DPORT1_MODE=$(PORT1_MODE) \
+	-DPORT2_PORTNUMBER=$(PORT2_PORTNUMBER) -DPORT2_MODE=$(PORT2_MODE) \
 	-DVERSION="$(VERSION)"
 
 # linker flags used to generate the main object file

esp-link/config.h

@@ -41,6 +41,10 @@ typedef struct {
   int8_t   data_bits;
   int8_t   parity;
   int8_t   stop_bits;
+  int8_t   port1_mode,			// Security
+           port2_mode;
+  uint16_t port1_portnumber,
+           port2_portnumber;
 } FlashConfig;
 extern FlashConfig flashConfig;
 

esp-link/main.c

@@ -89,6 +89,7 @@ HttpdBuiltInUrl builtInUrls[] = {
   { "/wifi/connstatus", cgiWiFiConnStatus, NULL },
   { "/wifi/setmode", cgiWiFiSetMode, NULL },
   { "/wifi/special", cgiWiFiSpecial, NULL },
+  { "/wifi/security", jsonWiFiSecurity, NULL },
   { "/wifi/apinfo", cgiApSettingsInfo, NULL },
   { "/wifi/apchange", cgiApSettingsChange, NULL },
   { "/system/info", cgiSystemInfo, NULL },
@@ -179,7 +180,15 @@ user_init(void) {
   WEB_Init();
 
   // init the wifi-serial transparent bridge (port 23)
-  serbridgeInit(23, 2323);
+  flashConfig.port1_portnumber = 23;
+  flashConfig.port2_portnumber = 2323;
+  flashConfig.port1_mode = 0;
+  flashConfig.port2_mode = 0;
+
+  serbridgeInit();
+  serbridgeStart(0, flashConfig.port1_portnumber, flashConfig.port1_mode);
+  serbridgeStart(1, flashConfig.port2_portnumber, flashConfig.port2_mode);
+
   uart_add_recv_cb(&serbridgeUartCb);
 #ifdef SHOW_HEAP_USE
   os_timer_disarm(&prHeapTimer);

serial/serbridge.c

@@ -16,9 +16,8 @@
 #define syslog(X1...)
 #endif
 
-static struct espconn serbridgeConn1; // plain bridging port
-static struct espconn serbridgeConn2; // programming port
-static esp_tcp serbridgeTcp1, serbridgeTcp2;
+static struct espconn serbridgeConn[2]; // plain bridging port
+static esp_tcp serbridgeTcp[2];
 static int8_t mcu_reset_pin, mcu_isp_pin;
 
 uint8_t in_mcu_flashing;   // for disabling slip during MCU flashing
@@ -421,7 +420,7 @@ serbridgeConnectCb(void *arg)
   connData[i].readytosend = true;
   connData[i].conn_mode = cmInit;
   // if it's the second port we start out in programming mode
-  if (conn->proto.tcp->local_port == serbridgeConn2.proto.tcp->local_port)
+  if (conn->proto.tcp->local_port == serbridgeConn[1].proto.tcp->local_port)
     connData[i].conn_mode = cmPGMInit;
 
   espconn_regist_recvcb(conn, serbridgeRecvCb);
@@ -470,35 +469,33 @@ serbridgeInitPins()
 
 // Start transparent serial bridge TCP server on specified port (typ. 23)
 void ICACHE_FLASH_ATTR
-serbridgeInit(int port1, int port2)
+serbridgeInit()
 {
   serbridgeInitPins();
 
   os_memset(connData, 0, sizeof(connData));
-  os_memset(&serbridgeTcp1, 0, sizeof(serbridgeTcp1));
-  os_memset(&serbridgeTcp2, 0, sizeof(serbridgeTcp2));
+  os_memset(&serbridgeTcp[0], 0, sizeof(serbridgeTcp[0]));
+  os_memset(&serbridgeTcp[1], 0, sizeof(serbridgeTcp[1]));
+}
 
+// Start transparent serial bridge TCP server on specified port (typ. 23)
+void ICACHE_FLASH_ATTR
+serbridgeStart(int ix, int port, int mode)
+{
+  if (ix < 0 || ix > 2)			// FIXME hardcoded limit
+    return;
+  if (0 < port && port < 65536) {
     // set-up the primary port for plain bridging
-  serbridgeConn1.type = ESPCONN_TCP;
-  serbridgeConn1.state = ESPCONN_NONE;
-  serbridgeTcp1.local_port = port1;
-  serbridgeConn1.proto.tcp = &serbridgeTcp1;
-
-  espconn_regist_connectcb(&serbridgeConn1, serbridgeConnectCb);
-  espconn_accept(&serbridgeConn1);
-  espconn_tcp_set_max_con_allow(&serbridgeConn1, MAX_CONN);
-  espconn_regist_time(&serbridgeConn1, SER_BRIDGE_TIMEOUT, 0);
-
-  // set-up the secondary port for programming
-  serbridgeConn2.type = ESPCONN_TCP;
-  serbridgeConn2.state = ESPCONN_NONE;
-  serbridgeTcp2.local_port = port2;
-  serbridgeConn2.proto.tcp = &serbridgeTcp2;
-
-  espconn_regist_connectcb(&serbridgeConn2, serbridgeConnectCb);
-  espconn_accept(&serbridgeConn2);
-  espconn_tcp_set_max_con_allow(&serbridgeConn2, MAX_CONN);
-  espconn_regist_time(&serbridgeConn2, SER_BRIDGE_TIMEOUT, 0);
+    serbridgeConn[ix].type = ESPCONN_TCP;
+    serbridgeConn[ix].state = ESPCONN_NONE;
+    serbridgeTcp[ix].local_port = port;
+    serbridgeConn[ix].proto.tcp = &serbridgeTcp[ix];
+
+    espconn_regist_connectcb(&serbridgeConn[ix], serbridgeConnectCb);
+    espconn_accept(&serbridgeConn[ix]);
+    espconn_tcp_set_max_con_allow(&serbridgeConn[ix], MAX_CONN);
+    espconn_regist_time(&serbridgeConn[ix], SER_BRIDGE_TIMEOUT, 0);
+  }
 }
 
 int  ICACHE_FLASH_ATTR serbridgeInMCUFlashing()

serial/serbridge.h

@@ -31,7 +31,8 @@ typedef struct serbridgeConnData {
 } serbridgeConnData;
 
 // port1 is transparent&programming, second port is programming only
-void ICACHE_FLASH_ATTR serbridgeInit(int port1, int port2);
+void ICACHE_FLASH_ATTR serbridgeInit();
+void ICACHE_FLASH_ATTR serbridgeStart(int ix, int port, int mode);
 void ICACHE_FLASH_ATTR serbridgeInitPins(void);
 void ICACHE_FLASH_ATTR serbridgeUartCb(char *buf, short len);
 void ICACHE_FLASH_ATTR serbridgeReset();