Prepare 2.1.0 release

Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>

CHANGELOG

@@ -1,10 +1,54 @@
 HISTORY
+ * These are only the most important changes. For a full list, use git log:
+   http://git.savannah.nongnu.org/cgit/lwip.git
 
 (git master)
 
   * [Enter new changes just after this line - do not remove this line]
 
+(STABLE-2.1.0):
+
   ++ New features:
+
+  2018-06-17: Simon Goldschmidt
+  * lwiperf: implemented iPerf client mode
+
+  2018-04-23: Dirk Ziegelmeier
+  * added cmake build files
+
+  2018-03-04: Ray Abram
+  * netbios responder: respond to '*' queries
+
+  2018-02-23: Benjamin Aigner
+  * 6lowpan: add 6lowpan-over-BLE netif (based on existing 6lowpan netif)
+
+  2018-02-22: Simon Goldschmidt
+  * ipv6: add support for stateless DHCPv6 (to get DNS servers in SLAAC nets)
+
+  2018-02-16: Simon Goldschmidt
+  * add raw API http(s) client (with proxy support)
+
+  2018-02-01: Simon Goldschmidt
+  * tcp: add hooks to implement additional socket options
+
+  2018-02-01: Simon Goldschmidt
+  * tcp: add hooks to implement tcp md5 signatures or similar (see contrib/addons for an example)
+
+  2018-01-05: Simon Goldschmidt
+  * Added sys_mbox_trypost_fromisr() and tcpip_callbackmsg_trycallback_fromisr()
+    These can be used to post preallocated messages from an ISR to the tcpip thread
+    (e.g. when using FreeRTOS)
+
+  2018-01-02: Dirk Ziegelmeier
+  * task #14780: Add debug helper asserts to ensure threading/locking requirements are met
+
+  2017-11-21: Simon Goldschmidt
+  * task #14600: tcp_alloc(): kill TF_CLOSEPEND connections before other ESTABLISHED
+
+  2017-11-21: Simon Goldschmidt
+  * makefsdata: added option "-ssi:<filename>" to control SSI tag checking/insertion
+    through a list of filenames, not by checking the file extension at runtime
+
   2017-11-20: Joel Cunningham
   * netconn: add LWIP_HOOK_NETCONN_EXTERNAL_RESOLVE to use external DNS resolver (patch #9427)
 
@@ -44,7 +88,7 @@ HISTORY
   * dhcp: added two hooks for adding and parsing user defined DHCP options
 
   2017-04-25: Joel Cunningham
-  * sockets: added CMSG and IP_PKTINFO for use with recvmsg (task #14247)
+  * sockets: added recvmsg for UDP (together with CMSG and IP_PKTINFO) (task #14247)
 
   2017-04-20: Joel Cunningham
   * tcp: added Appropriate Byte Counting support (task #14128)
@@ -53,6 +97,13 @@ HISTORY
   * netconn/sockets: remove fatal error handling, fix asynchronous error handling,
     ensure data before RST can be received
 
+  2017-03-30: Simon Goldschmidt
+  * added "application layered TCP" connection API (altcp) for seamless integration
+    of TLS or proxy connections
+
+  2017-03-09: Simon Goldschmidt
+  * sockets: add recvmsg for TCP
+
   2017-03-02: Joel Cunningham
   * netconn/sockets: vectorize netconn_write for TCP, treating a vectored I/O write
     atomically in regards to TCP segmentation (patch #8882)
@@ -63,17 +114,11 @@ HISTORY
   2017-02-28: Simon Goldschmidt
   * Added LWIP_SINGLE_NETIF for small targets with only one netif
 
-  2017-02-17: Simon Goldschmidt
-  * Improved DNS_LOCAL_HOSTLIST interface
-
   2017-02-10: David van Moolenbroek
   * Implement UDP and RAW multicast support for IPv6 (core API, not netconn/sockets)
 
-  2017-02-10: Simon Goldschmidt
-  * tcp_close does not fail on memory error (instead, FIN is sent from tcp_tmr)
-
   2017-02-04: David van Moolenbroek
-    - IPv6 scopes support
+  * IPv6 scopes support
 
   2017-01-20: Joel Cunningham
   * sockets: add interface name/index APIs (task #14314)
@@ -86,6 +131,34 @@ HISTORY
 
   ++ Bugfixes:
 
+  2018-06-19: Simon Goldschmidt
+  * tcp: fix RTO timer not working if link is down
+
+  2018-06-15: Sylvain Rochet
+  * ppp: multiple smaller bugfixes
+
+  2018-05-17: Simon Goldschmidt
+  * etharp: arp table can now be bigger than 127 entries
+
+  2018-04-25: Jens Nielsen
+  * tftp server: correctly handle retransmissions
+
+  2018-04-18: Simon Goldschmidt
+  sockets: fix race conditions when closing full-duplex sockets
+
+  2018-03-09: Simon Goldschmidt
+  * 6lowpan: fix to work against contiki; added ZigBee encapsulation netif for tests
+
+  2018-02-04: Simon Goldschmidt
+  * sockets: fix inconsistencies on close (inconsistent error codes, double FIN)
+
+  2018-01-05: Dirk Ziegelmeier
+  * Fix bug #52748: the bug in timeouts.c by reimplementing timer logic to use
+    absolute instead of relative timeout values
+
+  2017-12-31: Dirk Ziegelmeier
+  * Fix bug #52704: DHCP and bad OFFER: Stop timeout only if offer is accepted
+
   2017-11-08: Joel Cunningham
   * netif: ensure link and admin states are up in issue reports (bug #52353)
 
@@ -120,8 +193,50 @@ HISTORY
   * sockets.c: task #14420 (Remove sys_sem_signal from inside SYS_ARCH_PROTECT
     crit section) done for LWIP_TCPIP_CORE_LOCKING==1
 
+  2017-02-24: Simon Goldschmidt
+  * sockets.c: fixed close race conditions in lwip_select (for LWIP_NETCONN_FULLDUPLEX)
+
+  2017-02-24: Simon Goldschmidt
+  * sockets.c: fixed that select ignored invalid/not open sockets in the fd_sets (bug #50392)
+
+  2017-01-11: David van Moolenbroek
+  * Lots of IPv6 related fixes and improvements
+
+(STABLE-2.0.3)
+
+  ++ Bugfixes:
+
+  2017-09-11: Simon Goldschmidt
+  * tcp_in.c: fix bug #51937 (leaking tcp_pcbs on passive close with unacked data)
+
+  2017-08-02: Abroz Bizjak/Simon Goldschmidt
+  * multiple fixes in IPv4 reassembly (leading to corrupted datagrams received)
+  
+  2017-03-30: Simon Goldschmidt
+  * dhcp.c: return ERR_VAL instead of asserting on offset-out-of-pbuf
+
+  2017-03-23: Dirk Ziegelmeier
+  * dhcp.h: fix bug #50618 (dhcp_remove_struct() macro does not work)
+
+(STABLE-2.0.2)
+
+  ++ New features:
+
+  2017-02-10: Dirk Ziegelmeier
+  * Implement task #14367: Hooks need a better place to be defined:
+    We now have a #define for a header file name that is #included in every .c
+    file that provides hooks.
+
+  2017-02-10: Simon Goldschmidt
+  * tcp_close does not fail on memory error (instead, FIN is sent from tcp_tmr)
+
+  ++ Bugfixes:
+
+  2017-03-08
+  * tcp: do not keep sending SYNs when getting ACKs
+
   2017-03-08: Joel Cunningham
-  * tcp: initialize ssthresh to TCP_SND_BUF (bug #50476)
+  * tcp: Initialize ssthresh to TCP_SND_BUF (bug #50476)
 
   2017-03-01: Simon Goldschmidt
   * httpd: LWIP_HTTPD_POST_MANUAL_WND: fixed double-free when httpd_post_data_recved
@@ -130,23 +245,57 @@ HISTORY
   2017-02-28: David van Moolenbroek/Simon Goldschmidt
   * tcp: fixed bug #50418: LWIP_EVENT_API: fix invalid calbacks for SYN_RCVD pcb
 
-  2017-02-24: Simon Goldschmidt
-  * sockets.c: fixed close race conditions in lwip_select (for LWIP_NETCONN_FULLDUPLEX)
-
-  2017-02-24: Simon Goldschmidt
-  * sockets.c: fixed that select ignored invalid/not open sockets in the fd_sets (bug #50392)
+  2017-02-17: Simon Goldschmidt
+  * dns: Improved DNS_LOCAL_HOSTLIST interface (bug #50325)
 
   2017-02-16: Simon Goldschmidt
   * LWIP_NETCONN_FULLDUPLEX: fixed shutdown during write (bug #50274)
 
+  2017-02-13: Simon Goldschmidt/Dirk Ziegelmeier
+  * For tiny targtes, LWIP_RAND is optional (fix compile time checks)
+
+  2017-02-10: Simon Goldschmidt
+  * tcp: Fixed bug #47485 (tcp_close() should not fail on memory error) by retrying
+    to send FIN from tcp_fasttmr
+
+  2017-02-09: Simon Goldschmidt
+  * sockets: Fixed bug #44032 (LWIP_NETCONN_FULLDUPLEX: select might work on
+    invalid/reused socket) by not allowing to reallocate a socket that has
+    "select_waiting != 0"
+
+  2017-02-09: Simon Goldschmidt
+  * httpd: Fixed bug #50059 (httpd LWIP_HTTPD_SUPPORT_11_KEEPALIVE vs.
+    LWIP_HTTPD_KILL_OLD_ON_CONNECTIONS_EXCEEDED)
+
+  2017-02-08: Dirk Ziegelmeier
+  * Rename "IPv6 mapped IPv4 addresses" to their correct name from RFC4191:
+    "IPv4-mapped IPv6 address"
+
+  2017-02-08: Luc Revardel
+  * mld6.c: Fix bug #50220 (mld6_leavegroup does not send ICMP6_TYPE_MLD, even
+    if last reporter)
+
+  2017-02-08: David van Moolenbroek
+  * ip6.c: Patch #9250: fix source substitution in ip6_output_if()
+
+  2017-02-08: Simon Goldschmidt
+  * tcp_out.c: Fixed bug #50090 (last_unsent->oversize_left can become wrong value
+    in tcp_write error path)
+
+  2017-02-02: Dirk Ziegelmeier
+  * Fix bug #50206: UDP Netconn bind to IP6_ADDR_ANY fails
+
   2017-01-18: Dirk Ziegelmeier
   * Fix zero-copy RX, see bug bug #50064. PBUF_REFs were not supported as ARP requests.
 
-  2017-01-11: David van Moolenbroek
-  * Lots of IPv6 related fixes and improvements
+  2017-01-15: Axel Lin, Dirk Ziegelmeier
+  * minor bug fixes in mqtt
+
+  2017-01-11: Knut Andre Tidemann
+  * sockets/netconn: fix broken default ICMPv6 handling of checksums
 
 (STABLE-2.0.1)
- 
+
   ++ New features:
 
   2016-12-31: Simon Goldschmidt
@@ -186,7 +335,7 @@ HISTORY
 
   2016-12-05: Dirk Ziegelmeier
   * fixed compiling with IPv4 disabled (IPv6 only case)
-  
+
   2016-11-28: Simon Goldschmidt
   * api_lib.c: fixed bug #49725 (send-timeout: netconn_write() can return
     ERR_OK without all bytes being written)
@@ -215,7 +364,7 @@ HISTORY
   2016-11-11: Dirk Ziegelmeier
   * sockets.c: fixed bug #49578 (dropping multicast membership does not work
     with LWIP_SOCKET_OFFSET)
-  
+
 (STABLE-2.0.0)
 
   ++ New features:

CMakeLists.txt

@@ -12,6 +12,7 @@ set(CPACK_PACKAGE_VERSION_MAJOR "${LWIP_VERSION_MAJOR}")
 set(CPACK_PACKAGE_VERSION_MINOR "${LWIP_VERSION_MINOR}")
 set(CPACK_PACKAGE_VERSION_PATCH "${LWIP_VERSION_REVISION}")
 set(CPACK_SOURCE_IGNORE_FILES "/build/;${CPACK_SOURCE_IGNORE_FILES};.git")
+set(CPACK_SOURCE_PACKAGE_FILE_NAME "lwip-${LWIP_VERSION_MAJOR}.${LWIP_VERSION_MINOR}.${LWIP_VERSION_REVISION}")
 include(CPack)
 
 # Target for package generation

FEATURES

@@ -0,0 +1,11 @@
+lwIP is a small independent implementation of the TCP/IP protocol suite targeted at embedded systems.
+
+The focus of the lwIP TCP/IP implementation is to reduce resource usage while still having a full scale TCP. This makes lwIP suitable for use in embedded systems with tens of kilobytes of free RAM and room for around 40 kilobytes of code ROM.
+
+Main features include:
+- Protocols: IP, IPv6, ICMP, ND, MLD, UDP, TCP, IGMP, ARP, PPPoS, PPPoE, 6LowPAN (via IEEE 802.15.4, BLE or ZEP; since v2.1.0)
+- DHCP client, stateless DHCPv6 (since v2.1.0), DNS client (incl. mDNS hostname resolver), AutoIP/APIPA (Zeroconf), SNMP agent (v1, v2c, v3 (since v2.1.0), private MIB support & MIB compiler)
+- APIs: specialized APIs for enhanced performance & zero copy, optional Berkeley-alike socket API
+- Extended features: IP forwarding over multiple network interfaces
+- Extended TCP features: congestion control, RTT estimation and fast recovery/fast retransmit, sending SACKs (since v2.1.0), "altcp": nearly transparent TLS for any tcp pcb (since v2.1.0)
+- Addon applications: HTTP server (HTTPS via altcp), HTTP(S) client (since v2.1.0), SNTP client, SMTP client (SMTPS via altcp), ping, NetBIOS nameserver, mDNS responder, MQTT client (TLS support since v2.1.0), TFTP server, iPerf2 counterpart

README

@@ -1,15 +1,15 @@
 INTRODUCTION
 
-lwIP is a small independent implementation of the TCP/IP protocol
-suite that has been developed by Adam Dunkels at the Computer and
-Networks Architectures (CNA) lab at the Swedish Institute of Computer
-Science (SICS).
+lwIP is a small independent implementation of the TCP/IP protocol suite.
 
 The focus of the lwIP TCP/IP implementation is to reduce the RAM usage
 while still having a full scale TCP. This making lwIP suitable for use
 in embedded systems with tens of kilobytes of free RAM and room for
 around 40 kilobytes of code ROM.
 
+lwIP was originally developed by Adam Dunkels at the Computer and Networks
+Architectures (CNA) lab at the Swedish Institute of Computer Science (SICS)
+and is now developed and maintained by a worldwide network of developers.
 
 FEATURES
 
@@ -22,22 +22,28 @@ FEATURES
   * ND (Neighbor discovery and stateless address autoconfiguration for IPv6).
     Aims to be compliant with RFC 4861 (Neighbor discovery) and RFC 4862
     (Address autoconfiguration)
+  * DHCP, AutoIP/APIPA (Zeroconf) and (stateless) DHCPv6
   * UDP (User Datagram Protocol) including experimental UDP-lite extensions
   * TCP (Transmission Control Protocol) with congestion control, RTT estimation
-    and fast recovery/fast retransmit
+    fast recovery/fast retransmit and sending SACKs
   * raw/native API for enhanced performance
   * Optional Berkeley-like socket API
-  * DNS (Domain names resolver)
+  * TLS: optional layered TCP ("altcp") for nearly transparent TLS for any
+    TCP-based protocol (ported to mbedTLS) (see changelog for more info)
+  * PPPoS and PPPoE (Point-to-point protocol over Serial/Ethernet)
+  * DNS (Domain name resolver incl. mDNS)
+  * 6LoWPAN (via IEEE 802.15.4, BLE or ZEP)
 
 
 APPLICATIONS
 
-  * HTTP server with SSI and CGI
-  * SNMPv2c agent with MIB compiler (Simple Network Management Protocol)
+  * HTTP server with SSI and CGI (HTTPS via altcp)
+  * SNMPv2c agent with MIB compiler (Simple Network Management Protocol), v3 via altcp
   * SNTP (Simple network time protocol)
   * NetBIOS name service responder
   * MDNS (Multicast DNS) responder
   * iPerf server implementation
+  * MQTT client (TLS support via altcp)
 
 
 LICENSE

UPGRADING

@@ -8,45 +8,40 @@ with newer versions.
 
   * [Enter new changes just after this line - do not remove this line]
 
+(2.1.0)
+
   ++ Application changes:
 
-  * tcpip_trycallback() was renamed to tcpip_callbackmsg_trycallback() to avoid confusion
-    with tcpip_try_callback()
-
+  * Use the new altcp API for seamless TLS integration into existing TCP applications (see changelog)
   * TCP only kills existing connections with a LOWER priority than the one currently being opened.
     Previous implementations also kill existing connections of the SAME priority.
-
   * ip4_route_src: parameter order is reversed: ip4_route_src(dest, src) -> ip4_route_src(src, dest)
     to make parameter order consistent with other ip*_route*() functions.
     Same also applies to LWIP_HOOK_IP4_ROUTE_SRC() parameter order.
-
   * pbuf API: pbuf->type (an u8_t holding the enum 'pbuf_type') has changed to only hold a
     description of the pbuf (e.g. data following pbuf struct, data volatile, allocation
     source heap/pool/etc.). As a consequence, applications can't test pbuf->type any more.
     Use pbuf_match_type(pbuf, type) instead.
-
   * socket API: according to the standard, SO_ERROR now only returns asynchronous errors.
     All other/normal/synchronous errors are (and always were) available via 'errno'.
     LWIP_SOCKET_SET_ERRNO has been removed - 'errno' is always set - and required!
+  * httpd LWIP_HTTPD_CGI_SSI: httpd_cgi_handler() has an additional parameter "struct fs_file *"
 
+  ++ Port changes:
+
+  * tcpip_trycallback() was renamed to tcpip_callbackmsg_trycallback() to avoid confusion
+    with tcpip_try_callback()
   * compatibility headers: moved from 'src/include/posix' to 'src/include/compat/posix',
     'src/include/compat/stdc' etc.
-
-  * The IPv6 implementation now supports address scopes. All addresses that have a scope according
-    to the default policy (link-local unicast addresses, interface-local and link-local multicast
-    addresses) should now have a zone set on them before being passed to the core API, although
-    lwIP will currently attempt to select a zone on the caller's behalf when necessary.
-    Applications that directly assign IPv6 addresses to interfaces (which is NOT recommended)
-    must now ensure that link-local addresses carry the netif's zone. See the new ip6_zone.h header
-    file for more information and relevant macros. For now it is still possible to turn off scopes
-    support through the new LWIP_IPV6_SCOPES option. When upgrading an implementation that uses the
-    core API directly, it is highly recommended to enable LWIP_IPV6_SCOPES_DEBUG at least for
-    a while, to ensure e.g. proper address initialization.
-
+  * The IPv6 implementation now supports address scopes. (See LWIP_IPV6_SCOPES documentation
+    and ip6_zone.h for more documentation)
   * LWIP_HOOK_DHCP_APPEND_OPTIONS() has changed, see description in opt.h (options_out_len is not
     available in struct dhcp any more)
-
-  * httpd LWIP_HTTPD_CGI_SSI: httpd_cgi_handler() has an additional parameter "struct fs_file *"
+  * Added debug helper asserts to ensure threading/locking requirements are met (define
+    LWIP_MARK_TCPIP_THREAD() and LWIP_ASSERT_CORE_LOCKED()).
+  * Added sys_mbox_trypost_fromisr() and tcpip_callbackmsg_trycallback_fromisr()
+    These can be used to post preallocated messages from an ISR to the tcpip thread
+    (e.g. when using FreeRTOS)
 
 (2.0.2)
 

astylerc

@@ -1,22 +0,0 @@
-# lwIP astyle formatting options
-
-# NOT FINISHED - DON'T USE
-
-# braces and indent
-style=otbs
-indent=spaces=2
-attach-extern-c
-#attach-closing-while
-# indentation
-indent-switches
-#max-continuation-indent=40
-# padding
-pad-oper
-pad-comma
-pad-header
-align-pointer=name
-# formatting
-break-one-line-headers
-keep-one-line-blocks
-# don't use "other options" (e.g. formatted) in this file
-# send them as additional command line options

doc/doxygen/lwip.Doxyfile

@@ -38,7 +38,7 @@ PROJECT_NAME           = "lwIP"
 # could be handy for archiving the generated documentation or if some version
 # control system is used.
 
-PROJECT_NUMBER         = "2.1.0.rc1"
+PROJECT_NUMBER         = "2.1.0"
 
 # Using the PROJECT_BRIEF tag one can provide an optional one line description
 # for a project that appears at the top of each page and should give viewer a

doc/doxygen/main_page.h

@@ -101,6 +101,20 @@
 
 /**
  * @page changelog Changelog
+ *
+ * 2.1.0
+ * -----
+ * * Support TLS via new @ref altcp_api connection API (https, smtps, mqtt over TLS)
+ * * Switch to cmake as the main build system (Makefile file lists are still
+ *   maintained for now)
+ * * Improve IPv6 support: support address scopes, support stateless DHCPv6, bugfixes
+ * * Add debug helper asserts to ensure threading/locking requirements are met
+ * * Add sys_mbox_trypost_fromisr() and tcpip_callbackmsg_trycallback_fromisr()
+ *   (for FreeRTOS, mainly)
+ * * socket API: support poll(), sendmsg() and recvmsg(); fix problems on close
+ * 
+ * Detailed Changelog
+ * ------------------
  * @verbinclude "CHANGELOG"
  */
 

src/Filelists.cmake

@@ -14,7 +14,7 @@ set(LWIP_VERSION_REVISION "0")
 # LWIP_VERSION_RC is set to LWIP_RC_RELEASE for official releases
 # LWIP_VERSION_RC is set to LWIP_RC_DEVELOPMENT for Git versions
 # Numbers 1..31 are reserved for release candidates
-set(LWIP_VERSION_RC       "1")
+set(LWIP_VERSION_RC       "LWIP_RC_RELEASE")
 
 if ("${LWIP_VERSION_RC}" STREQUAL "LWIP_RC_RELEASE")
     set(LWIP_VERSION_STRING
@@ -257,21 +257,23 @@ find_package(Doxygen)
 if (DOXYGEN_FOUND)
     message("Doxygen build started")
 
-    add_custom_target(lwipdocs EXCLUDE_FROM_ALL
+    add_custom_target(lwipdocs
+        COMMAND ${CMAKE_COMMAND} -E remove_directory ${DOXYGEN_DIR}/${DOXYGEN_OUTPUT_DIR}/html
         COMMAND ${DOXYGEN_EXECUTABLE} ${DOXYGEN_OUT}
         WORKING_DIRECTORY ${DOXYGEN_DIR}
         COMMENT "Generating API documentation with Doxygen"
         VERBATIM)
-
-    # Remove old docs before generating new ones to prevent stale files
-    add_custom_command(TARGET lwipdocs
-        PRE_BUILD
-        COMMAND ${CMAKE_COMMAND} -E remove_directory ${DOXYGEN_DIR}/${DOXYGEN_OUTPUT_DIR}/html
-)
 else (DOXYGEN_FOUND)
     message("Doxygen needs to be installed to generate the doxygen documentation")
 endif (DOXYGEN_FOUND)
 
 # lwIP libraries
 add_library(lwipcore EXCLUDE_FROM_ALL ${lwipnoapps_SRCS})
+target_compile_options(lwipcore PRIVATE ${LWIP_COMPILER_FLAGS})
+target_compile_definitions(lwipcore PRIVATE ${LWIP_DEFINITIONS}  ${LWIP_MBEDTLS_DEFINITIONS})
+target_include_directories(lwipcore PRIVATE ${LWIP_INCLUDE_DIRS} ${LWIP_MBEDTLS_INCLUDE_DIRS})
+
 add_library(lwipallapps EXCLUDE_FROM_ALL ${lwipallapps_SRCS})
+target_compile_options(lwipallapps PRIVATE ${LWIP_COMPILER_FLAGS})
+target_compile_definitions(lwipallapps PRIVATE ${LWIP_DEFINITIONS}  ${LWIP_MBEDTLS_DEFINITIONS})
+target_include_directories(lwipallapps PRIVATE ${LWIP_INCLUDE_DIRS} ${LWIP_MBEDTLS_INCLUDE_DIRS})

src/api/api_lib.c

@@ -95,7 +95,7 @@
 #define NETCONN_RECVMBOX_WAITABLE(conn) (sys_mbox_valid(&(conn)->recvmbox) && (((conn)->flags & NETCONN_FLAG_MBOXINVALID) == 0))
 #define NETCONN_ACCEPTMBOX_WAITABLE(conn) (sys_mbox_valid(&(conn)->acceptmbox) && (((conn)->flags & (NETCONN_FLAG_MBOXCLOSED|NETCONN_FLAG_MBOXINVALID)) == 0))
 #define NETCONN_MBOX_WAITING_INC(conn) SYS_ARCH_INC(conn->mbox_threads_waiting, 1)
-#define NETCONN_MBOX_WAITING_DEC(conn) SYS_ARCH_INC(conn->mbox_threads_waiting, 1)
+#define NETCONN_MBOX_WAITING_DEC(conn) SYS_ARCH_DEC(conn->mbox_threads_waiting, 1)
 #else /* LWIP_NETCONN_FULLDUPLEX */
 #define NETCONN_RECVMBOX_WAITABLE(conn)   sys_mbox_valid(&(conn)->recvmbox)
 #define NETCONN_ACCEPTMBOX_WAITABLE(conn) (sys_mbox_valid(&(conn)->acceptmbox) && (((conn)->flags & NETCONN_FLAG_MBOXCLOSED) == 0))

src/apps/altcp_tls/altcp_tls_mbedtls.c

@@ -103,6 +103,7 @@ struct altcp_tls_config {
   mbedtls_ctr_drbg_context ctr_drbg;
   mbedtls_x509_crt *cert;
   mbedtls_pk_context *pkey;
+  mbedtls_x509_crt *ca;
 #if defined(MBEDTLS_SSL_CACHE_C) && ALTCP_MBEDTLS_SESSION_CACHE_TIMEOUT_SECONDS
   /** Inter-connection cache for fast connection startup */
   struct mbedtls_ssl_cache_context cache;
@@ -604,7 +605,7 @@ altcp_mbedtls_setup(void *conf, struct altcp_pcb *conn, struct altcp_pcb *inner_
 }
 
 struct altcp_pcb *
-altcp_tls_new(struct altcp_tls_config *config, struct altcp_pcb *inner_pcb)
+altcp_tls_wrap(struct altcp_tls_config *config, struct altcp_pcb *inner_pcb)
 {
   struct altcp_pcb *ret;
   if (inner_pcb == NULL) {
@@ -663,16 +664,28 @@ dummy_rng(void *ctx, unsigned char *buffer, size_t len)
  * ATTENTION: Server certificate and private key have to be added outside this function!
  */
 static struct altcp_tls_config *
-altcp_tls_create_config(int is_server)
+altcp_tls_create_config(int is_server, int have_cert, int have_pkey, int have_ca)
 {
   size_t sz;
   int ret;
   struct altcp_tls_config *conf;
+  mbedtls_x509_crt *mem;
+
+  if (TCP_WND < MBEDTLS_SSL_MAX_CONTENT_LEN) {
+    LWIP_DEBUGF(ALTCP_MBEDTLS_DEBUG|LWIP_DBG_LEVEL_SERIOUS,
+      ("altcp_tls: TCP_WND is smaller than the RX decrypion buffer, connection RX might stall!\n"));
+  }
 
   altcp_mbedtls_mem_init();
 
-  sz = sizeof(struct altcp_tls_config) + sizeof(mbedtls_x509_crt);
-  if (is_server) {
+  sz = sizeof(struct altcp_tls_config);
+  if (have_cert) {
+    sz += sizeof(mbedtls_x509_crt);
+  }
+  if (have_ca) {
+    sz += sizeof(mbedtls_x509_crt);
+  }
+  if (have_pkey) {
     sz += sizeof(mbedtls_pk_context);
   }
 
@@ -680,9 +693,17 @@ altcp_tls_create_config(int is_server)
   if (conf == NULL) {
     return NULL;
   }
-  conf->cert = (mbedtls_x509_crt *)(conf + 1);
-  if (is_server) {
-    conf->pkey = (mbedtls_pk_context *)((conf->cert) + 1);
+  mem = (mbedtls_x509_crt *)(conf + 1);
+  if (have_cert) {
+    conf->cert = mem;
+    mem++;
+  }
+  if (have_ca) {
+    conf->ca = mem;
+    mem++;
+  }
+  if (have_pkey) {
+    conf->pkey = (mbedtls_pk_context *)mem;
   }
 
   mbedtls_ssl_config_init(&conf->conf);
@@ -732,7 +753,7 @@ altcp_tls_create_config_server_privkey_cert(const u8_t *privkey, size_t privkey_
   int ret;
   mbedtls_x509_crt *srvcert;
   mbedtls_pk_context *pkey;
-  struct altcp_tls_config *conf = altcp_tls_create_config(1);
+  struct altcp_tls_config *conf = altcp_tls_create_config(1, 1, 1, 0);
   if (conf == NULL) {
     return NULL;
   }
@@ -771,29 +792,80 @@ altcp_tls_create_config_server_privkey_cert(const u8_t *privkey, size_t privkey_
   return conf;
 }
 
-struct altcp_tls_config *
-altcp_tls_create_config_client(const u8_t *cert, size_t cert_len)
+static struct altcp_tls_config *
+altcp_tls_create_config_client_common(const u8_t *ca, size_t ca_len, int is_2wayauth)
 {
   int ret;
-  mbedtls_x509_crt *acc_cert;
-  struct altcp_tls_config *conf = altcp_tls_create_config(0);
+  struct altcp_tls_config *conf = altcp_tls_create_config(0, is_2wayauth, is_2wayauth, ca != NULL);
   if (conf == NULL) {
     return NULL;
   }
 
-  /* Initialise certificates, allocated with conf */
-  acc_cert = conf->cert;
-  mbedtls_x509_crt_init(acc_cert);
+  /* Initialize the CA certificate if provided
+   * CA certificate is optional (to save memory) but recommended for production environment
+   * Without CA certificate, connection will be prone to man-in-the-middle attacks */
+  if (ca) {
+    mbedtls_x509_crt_init(conf->ca);
+    ret = mbedtls_x509_crt_parse(conf->ca, ca, ca_len);
+    if (ret != 0) {
+      LWIP_DEBUGF(ALTCP_MBEDTLS_DEBUG, ("mbedtls_x509_crt_parse ca failed: %d 0x%x", ret, -1*ret));
+      altcp_mbedtls_free_config(conf);
+      return NULL;
+    }
 
-  /* Load the certificates */
-  ret = mbedtls_x509_crt_parse(acc_cert, cert, cert_len);
+    mbedtls_ssl_conf_ca_chain(&conf->conf, conf->ca, NULL);
+  }
+  return conf;
+}
+
+struct altcp_tls_config *
+altcp_tls_create_config_client(const u8_t *ca, size_t ca_len)
+{
+  return altcp_tls_create_config_client_common(ca, ca_len, 0);
+}
+
+struct altcp_tls_config *
+altcp_tls_create_config_client_2wayauth(const u8_t *ca, size_t ca_len, const u8_t *privkey, size_t privkey_len,
+                                        const u8_t *privkey_pass, size_t privkey_pass_len,
+                                        const u8_t *cert, size_t cert_len)
+{
+  int ret;
+  struct altcp_tls_config *conf;
+
+  if (!cert || !privkey) {
+    LWIP_DEBUGF(ALTCP_MBEDTLS_DEBUG, ("altcp_tls_create_config_client_2wayauth: certificate and priv key required"));
+    return NULL;
+  }
+
+  conf = altcp_tls_create_config_client_common(ca, ca_len, 1);
+  if (conf == NULL) {
+    return NULL;
+  }
+
+  /* Initialize the client certificate and corresponding private key */
+  mbedtls_x509_crt_init(conf->cert);
+  ret = mbedtls_x509_crt_parse(conf->cert, cert, cert_len);
   if (ret != 0) {
-    LWIP_DEBUGF(ALTCP_MBEDTLS_DEBUG, ("mbedtls_x509_crt_parse failed: %d", ret));
+    LWIP_DEBUGF(ALTCP_MBEDTLS_DEBUG, ("mbedtls_x509_crt_parse cert failed: %d 0x%x", ret, -1*ret));
+    altcp_mbedtls_free_config(conf->cert);
+    return NULL;
+  }
+
+  mbedtls_pk_init(conf->pkey);
+  ret = mbedtls_pk_parse_key(conf->pkey, privkey, privkey_len, privkey_pass, privkey_pass_len);
+  if (ret != 0) {
+    LWIP_DEBUGF(ALTCP_MBEDTLS_DEBUG, ("mbedtls_pk_parse_key failed: %d 0x%x", ret, -1*ret));
+    altcp_mbedtls_free_config(conf);
+    return NULL;
+  }
+
+  ret = mbedtls_ssl_conf_own_cert(&conf->conf, conf->cert, conf->pkey);
+  if (ret != 0) {
+    LWIP_DEBUGF(ALTCP_MBEDTLS_DEBUG, ("mbedtls_ssl_conf_own_cert failed: %d 0x%x", ret, -1*ret));
     altcp_mbedtls_free_config(conf);
     return NULL;
   }
 
-  mbedtls_ssl_conf_ca_chain(&conf->conf, acc_cert, NULL);
   return conf;
 }
 
@@ -803,7 +875,12 @@ altcp_tls_free_config(struct altcp_tls_config *conf)
   if (conf->pkey) {
     mbedtls_pk_free(conf->pkey);
   }
-  mbedtls_x509_crt_free(conf->cert);
+  if (conf->cert) {
+    mbedtls_x509_crt_free(conf->cert);
+  }
+  if (conf->ca) {
+    mbedtls_x509_crt_free(conf->ca);
+  }  
   altcp_mbedtls_free_config(conf);
 }
 

src/apps/http/altcp_proxyconnect.c

@@ -384,7 +384,7 @@ altcp_proxyconnect_new_tcp(struct altcp_proxyconnect_config *config, u8_t ip_typ
 /** Allocator function to allocate a proxy connect altcp pcb connecting directly
  * via tcp to the proxy.
  *
- * The returned pcb is a chain: <altcp_proxyconnect> - <altcp_tcp> - <tcp pcb>
+ * The returned pcb is a chain: altcp_proxyconnect - altcp_tcp - tcp pcb
  *
  * This function is meant for use with @ref altcp_new.
  *
@@ -402,7 +402,7 @@ altcp_proxyconnect_alloc(void *arg, u8_t ip_type)
 
 /** Allocator function to allocate a TLS connection through a proxy.
  *
- * The returned pcb is a chain: <altcp_tls> - <altcp_proxyconnect> - <altcp_tcp> - <tcp pcb>
+ * The returned pcb is a chain: altcp_tls - altcp_proxyconnect - altcp_tcp - tcp pcb
  *
  * This function is meant for use with @ref altcp_new.
  *
@@ -418,7 +418,7 @@ altcp_proxyconnect_tls_alloc(void *arg, u8_t ip_type)
   struct altcp_pcb *tls_pcb;
 
   proxy_pcb = altcp_proxyconnect_new_tcp(&cfg->proxy, ip_type);
-  tls_pcb = altcp_tls_new(cfg->tls_config, proxy_pcb);
+  tls_pcb = altcp_tls_wrap(cfg->tls_config, proxy_pcb);
 
   if (tls_pcb == NULL) {
     altcp_close(proxy_pcb);

src/apps/http/http_client.c

@@ -57,6 +57,8 @@
 #include <stdio.h>
 #include <string.h>
 
+#if LWIP_TCP && LWIP_CALLBACK_API
+
 /**
  * HTTPC_DEBUG: Enable debugging for HTTP client.
  */
@@ -902,3 +904,5 @@ httpc_get_file_dns_to_disk(const char* server_name, u16_t port, const char* uri,
   return ERR_OK;
 }
 #endif /* LWIP_HTTPC_HAVE_FILE_IO */
+
+#endif /* LWIP_TCP && LWIP_CALLBACK_API */

src/apps/http/httpd.c

@@ -2685,10 +2685,7 @@ void
 httpd_inits(struct altcp_tls_config *conf)
 {
 #if LWIP_ALTCP_TLS
-  struct altcp_pcb *pcb_tls;
-  struct altcp_pcb *pcb_tcp = altcp_tcp_new_ip_type(IPADDR_TYPE_ANY);
-  LWIP_ASSERT("httpd_init: tcp_new failed", pcb_tcp != NULL);
-  pcb_tls = altcp_tls_new(conf, pcb_tcp);
+  struct altcp_pcb *pcb_tls = altcp_tls_new(conf, IPADDR_TYPE_ANY);
   LWIP_ASSERT("httpd_init: altcp_tls_new failed", pcb_tls != NULL);
   httpd_init_pcb(pcb_tls, HTTPD_SERVER_PORT_HTTPS);
 #else /* LWIP_ALTCP_TLS */

src/apps/mqtt/mqtt.c

@@ -1289,7 +1289,7 @@ mqtt_client_connect(mqtt_client_t *client, const ip_addr_t *ip_addr, u16_t port,
   /* Length is the sum of 2+"MQTT", protocol level, flags and keep alive */
   u16_t remaining_length = 2 + 4 + 1 + 1 + 2;
   u8_t flags = 0, will_topic_len = 0, will_msg_len = 0;
-  u8_t client_user_len = 0, client_pass_len = 0;
+  u16_t client_user_len = 0, client_pass_len = 0;
 
   LWIP_ASSERT_CORE_LOCKED();
   LWIP_ASSERT("mqtt_client_connect: client != NULL", client != NULL);
@@ -1330,9 +1330,9 @@ mqtt_client_connect(mqtt_client_t *client, const ip_addr_t *ip_addr, u16_t port,
   if (client_info->client_user != NULL) {
     flags |= MQTT_CONNECT_FLAG_USERNAME;
     len = strlen(client_info->client_user);
-    LWIP_ERROR("mqtt_client_connect: client_info->client_user length overflow", len <= 0xFF, return ERR_VAL);
+    LWIP_ERROR("mqtt_client_connect: client_info->client_user length overflow", len <= 0xFFFF, return ERR_VAL);
     LWIP_ERROR("mqtt_client_connect: client_info->client_user length must be > 0", len > 0, return ERR_VAL);
-    client_user_len = (u8_t)len;
+    client_user_len = (u16_t)len;
     len = remaining_length + 2 + client_user_len;
     LWIP_ERROR("mqtt_client_connect: remaining_length overflow", len <= 0xFFFF, return ERR_VAL);
     remaining_length = (u16_t)len;
@@ -1340,9 +1340,9 @@ mqtt_client_connect(mqtt_client_t *client, const ip_addr_t *ip_addr, u16_t port,
   if (client_info->client_pass != NULL) {
     flags |= MQTT_CONNECT_FLAG_PASSWORD;
     len = strlen(client_info->client_pass);
-    LWIP_ERROR("mqtt_client_connect: client_info->client_pass length overflow", len <= 0xFF, return ERR_VAL);
+    LWIP_ERROR("mqtt_client_connect: client_info->client_pass length overflow", len <= 0xFFFF, return ERR_VAL);
     LWIP_ERROR("mqtt_client_connect: client_info->client_pass length must be > 0", len > 0, return ERR_VAL);
-    client_pass_len = (u8_t)len;
+    client_pass_len = (u16_t)len;
     len = remaining_length + 2 + client_pass_len;
     LWIP_ERROR("mqtt_client_connect: remaining_length overflow", len <= 0xFFFF, return ERR_VAL);
     remaining_length = (u16_t)len;
@@ -1362,20 +1362,17 @@ mqtt_client_connect(mqtt_client_t *client, const ip_addr_t *ip_addr, u16_t port,
     return ERR_MEM;
   }
 
-  client->conn = altcp_tcp_new();
+#if LWIP_ALTCP && LWIP_ALTCP_TLS
+  if (client_info->tls_config) {
+    client->conn = altcp_tls_new(client_info->tls_config, IP_GET_TYPE(ip_addr));
+  } else
+#endif
+  {
+    client->conn = altcp_tcp_new_ip_type(IP_GET_TYPE(ip_addr));
+  }
   if (client->conn == NULL) {
     return ERR_MEM;
   }
-#if LWIP_ALTCP && LWIP_ALTCP_TLS
-  if (client_info->tls_config) {
-    struct altcp_pcb *pcb_tls = altcp_tls_new(client_info->tls_config, client->conn);
-    if (pcb_tls == NULL) {
-      altcp_close(client->conn);
-      return ERR_MEM;
-    }
-    client->conn = pcb_tls;
-  }
-#endif
 
   /* Set arg pointer for callbacks */
   altcp_arg(client->conn, client);

src/apps/smtp/smtp.c

@@ -460,18 +460,15 @@ smtp_setup_pcb(struct smtp_session *s, const ip_addr_t* remote_ip)
   struct altcp_pcb* pcb;
   LWIP_UNUSED_ARG(remote_ip);
 
-  pcb = altcp_tcp_new_ip_type(IP_GET_TYPE(remote_ip));
-  if (pcb != NULL) {
 #if LWIP_ALTCP && LWIP_ALTCP_TLS
-    if (smtp_server_tls_config) {
-      struct altcp_pcb *pcb_tls = altcp_tls_new(smtp_server_tls_config, pcb);
-      if (pcb_tls == NULL) {
-        altcp_close(pcb);
-        return NULL;
-      }
-      pcb = pcb_tls;
-    }
+  if (smtp_server_tls_config) {
+    pcb = altcp_tls_new(smtp_server_tls_config, IP_GET_TYPE(remote_ip));
+  } else
 #endif
+  {
+    pcb = altcp_tcp_new_ip_type(IP_GET_TYPE(remote_ip));
+  }
+  if (pcb != NULL) {
     altcp_arg(pcb, s);
     altcp_recv(pcb, smtp_tcp_recv);
     altcp_err(pcb, smtp_tcp_err);

src/apps/snmp/snmp_msg.c

@@ -451,10 +451,10 @@ snmp_process_varbind(struct snmp_request *request, struct snmp_varbind *vb, u8_t
     }
   } else {
     s16_t len = node_instance.get_value(&node_instance, vb->value);
-    vb->type = node_instance.asn1_type;
 
     if (len >= 0) {
       vb->value_len = (u16_t)len; /* cast is OK because we checked >= 0 above */
+      vb->type = node_instance.asn1_type;
 
       LWIP_ASSERT("SNMP_MAX_VALUE_SIZE is configured too low", (vb->value_len & ~SNMP_GET_VALUE_RAW_DATA) <= SNMP_MAX_VALUE_SIZE);
       err = snmp_append_outbound_varbind(&request->outbound_pbuf_stream, vb);

src/apps/sntp/sntp.c

@@ -793,8 +793,8 @@ sntp_setserver(u8_t idx, const ip_addr_t *server)
 /**
  * Initialize one of the NTP servers by IP address, required by DHCP
  *
- * @param numdns the index of the NTP server to set must be < SNTP_MAX_SERVERS
- * @param dnsserver IP address of the NTP server to set
+ * @param num the index of the NTP server to set must be < SNTP_MAX_SERVERS
+ * @param server IP address of the NTP server to set
  */
 void
 dhcp_set_ntp_servers(u8_t num, const ip4_addr_t *server)
@@ -837,8 +837,8 @@ sntp_getserver(u8_t idx)
 /**
  * Initialize one of the NTP servers by name
  *
- * @param numdns the index of the NTP server to set must be < SNTP_MAX_SERVERS
- * @param dnsserver DNS name of the NTP server to set, to be resolved at contact time
+ * @param idx the index of the NTP server to set must be < SNTP_MAX_SERVERS
+ * @param server DNS name of the NTP server to set, to be resolved at contact time
  */
 void
 sntp_setservername(u8_t idx, const char *server)
@@ -852,7 +852,7 @@ sntp_setservername(u8_t idx, const char *server)
 /**
  * Obtain one of the currently configured by name NTP servers.
  *
- * @param numdns the index of the NTP server
+ * @param idx the index of the NTP server
  * @return IP address of the indexed NTP server or NULL if the NTP
  *         server has not been configured by name (or at all)
  */

src/core/altcp.c

@@ -1,14 +1,85 @@
 /**
  * @file
- * @defgroup altcp Application layered TCP
- * @ingroup callbackstyle_api
- * Application layered TCP connection API (to be used from TCPIP thread)\n
- * This interface mimics the tcp callback API to the application while preventing
- * direct linking (much like virtual functions).
- * This way, an application can make use of other application layer protocols
- * on top of TCP without knowing the details (e.g. TLS, proxy connection).
+ * @defgroup altcp Application layered TCP Functions
+ * @ingroup altcp_api
  *
  * This file contains the common functions for altcp to work.
+ * For more details see @ref altcp_api.
+ */
+
+/**
+ * @defgroup altcp_api Application layered TCP Introduction
+ * @ingroup callbackstyle_api
+ *
+ * Overview
+ * --------
+ * altcp (application layered TCP connection API; to be used from TCPIP thread)
+ * is an abstraction layer that prevents applications linking hard against the
+ * @ref tcp.h functions while providing the same functionality. It is used to
+ * e.g. add SSL/TLS (see LWIP_ALTCP_TLS) or proxy-connect support to an application
+ * written for the tcp callback API without that application knowing the
+ * protocol details.
+ *
+ * * This interface mimics the tcp callback API to the application while preventing
+ *   direct linking (much like virtual functions).
+ * * This way, an application can make use of other application layer protocols
+ *   on top of TCP without knowing the details (e.g. TLS, proxy connection).
+ * * This is achieved by simply including "lwip/altcp.h" instead of "lwip/tcp.h",
+ *   replacing "struct tcp_pcb" with "struct altcp_pcb" and prefixing all functions
+ *   with "altcp_" instead of "tcp_".
+ *
+ * With altcp support disabled (LWIP_ALTCP==0), applications written against the
+ * altcp API can still be compiled but are directly linked against the tcp.h
+ * callback API and then cannot use layered protocols. To minimize code changes
+ * in this case, the use of altcp_allocators is strongly suggested.
+ *
+ * Usage
+ * -----
+ * To make use of this API from an existing tcp raw API application:
+ * * Include "lwip/altcp.h" instead of "lwip/tcp.h"
+ * * Replace "struct tcp_pcb" with "struct altcp_pcb"
+ * * Prefix all called tcp API functions with "altcp_" instead of "tcp_" to link
+ *   against the altcp functions
+ * * @ref altcp_new (and @ref altcp_new_ip_type/@ref altcp_new_ip6) take
+ *   an @ref altcp_allocator_t as an argument, whereas the original tcp API
+ *   functions take no arguments.
+ * * An @ref altcp_allocator_t allocator is an object that holds a pointer to an
+ *   allocator object and a corresponding state (e.g. for TLS, the corresponding
+ *   state may hold certificates or keys). This way, the application does not
+ *   even need to know if it uses TLS or pure TCP, this is handled at runtime
+ *   by passing a specific allocator.
+ * * An application can alternatively bind hard to the altcp_tls API by calling
+ *   @ref altcp_tls_new or @ref altcp_tls_wrap.
+ * * The TLS layer is not directly implemented by lwIP, but a port to mbedTLS is
+ *   provided.
+ * * Another altcp layer is proxy-connect to use TLS behind a HTTP proxy (see
+ *   @ref altcp_proxyconnect.h)
+ *
+ * altcp_allocator_t
+ * -----------------
+ * An altcp allocator is created by the application by combining an allocator
+ * callback function and a corresponding state, e.g.:\code{.c}
+ * static const unsigned char cert[] = {0x2D, ... (see mbedTLS doc for how to create this)};
+ * struct altcp_tls_config * conf = altcp_tls_create_config_client(cert, sizeof(cert));
+ * altcp_allocator_t tls_allocator = {
+ *   altcp_tls_alloc, conf
+ * };
+ * \endcode
+ *
+ *
+ * struct altcp_tls_config
+ * -----------------------
+ * The struct altcp_tls_config holds state that is needed to create new TLS client
+ * or server connections (e.g. certificates and private keys).
+ *
+ * It is not defined by lwIP itself but by the TLS port (e.g. altcp_tls to mbedTLS
+ * adaption). However, the parameters used to create it are defined in @ref
+ * altcp_tls.h (see @ref altcp_tls_create_config_server_privkey_cert for servers
+ * and @ref altcp_tls_create_config_client/@ref altcp_tls_create_config_client_2wayauth
+ * for clients).
+ *
+ * For mbedTLS, ensure that certificates can be parsed by 'mbedtls_x509_crt_parse()' and
+ * private keys can be parsed by 'mbedtls_pk_parse_key()'.
  */
 
 /*

src/core/altcp_alloc.c

@@ -58,23 +58,29 @@
 /** This standard allocator function creates an altcp pcb for
  * TLS over TCP */
 struct altcp_pcb *
-altcp_tls_alloc(void *arg, u8_t ip_type)
+altcp_tls_new(struct altcp_tls_config *config, u8_t ip_type)
 {
   struct altcp_pcb *inner_conn, *ret;
-  struct altcp_tls_config *config = (struct altcp_tls_config *)arg;
   LWIP_UNUSED_ARG(ip_type);
 
   inner_conn = altcp_tcp_new_ip_type(ip_type);
   if (inner_conn == NULL) {
     return NULL;
   }
-  ret = altcp_tls_new(config, inner_conn);
+  ret = altcp_tls_wrap(config, inner_conn);
   if (ret == NULL) {
     altcp_close(inner_conn);
   }
   return ret;
 }
 
+/** This standard allocator function creates an altcp pcb for
+ * TLS over TCP */
+struct altcp_pcb *
+altcp_tls_alloc(void *arg, u8_t ip_type)
+{
+  return altcp_tls_new((struct altcp_tls_config *)arg, ip_type);
+}
 
 #endif /* LWIP_ALTCP_TLS */
 

src/core/init.c

@@ -238,16 +238,6 @@ PACK_STRUCT_END
 #endif
 #endif /* LWIP_NETCONN && LWIP_TCP */
 #if LWIP_SOCKET
-/* Check that the SO_* socket options and SOF_* lwIP-internal flags match */
-#if SO_REUSEADDR != SOF_REUSEADDR
-#error "WARNING: SO_REUSEADDR != SOF_REUSEADDR"
-#endif
-#if SO_KEEPALIVE != SOF_KEEPALIVE
-#error "WARNING: SO_KEEPALIVE != SOF_KEEPALIVE"
-#endif
-#if SO_BROADCAST != SOF_BROADCAST
-#error "WARNING: SO_BROADCAST != SOF_BROADCAST"
-#endif
 #endif /* LWIP_SOCKET */
 
 

src/core/ipv4/dhcp.c

@@ -784,14 +784,11 @@ dhcp_start(struct netif *netif)
   }
   dhcp->pcb_allocated = 1;
 
-#if LWIP_DHCP_CHECK_LINK_UP
   if (!netif_is_link_up(netif)) {
     /* set state INIT and wait for dhcp_network_changed() to call dhcp_discover() */
     dhcp_set_state(dhcp, DHCP_STATE_INIT);
     return ERR_OK;
   }
-#endif /* LWIP_DHCP_CHECK_LINK_UP */
-
 
   /* (re)start the DHCP negotiation */
   result = dhcp_discover(netif);

src/core/ipv4/icmp.c

@@ -382,7 +382,7 @@ icmp_send_response(struct pbuf *p, u8_t type, u8_t code)
   {
     ip4_addr_t iphdr_dst;
     ip4_addr_copy(iphdr_dst, iphdr->dest);
-    netif = ip4_route_src(&iphdr_src, &iphdr_dst);
+    netif = ip4_route_src(&iphdr_dst, &iphdr_src);
   }
 #else
   netif = ip4_route(&iphdr_src);

src/core/ipv4/ip4.c

@@ -163,6 +163,9 @@ ip4_route(const ip4_addr_t *dest)
   }
 #endif /* LWIP_MULTICAST_TX_OPTIONS */
 
+  /* bug #54569: in case LWIP_SINGLE_NETIF=1 and LWIP_DEBUGF() disabled, the following loop is optimized away */
+  LWIP_UNUSED_ARG(dest);
+
   /* iterate through netifs */
   NETIF_FOREACH(netif) {
     /* is the netif up, does it have a link and a valid address? */

src/core/pbuf.c

@@ -1074,7 +1074,7 @@ void *
 pbuf_get_contiguous(const struct pbuf *p, void *buffer, size_t bufsize, u16_t len, u16_t offset)
 {
   const struct pbuf *q;
-  uint16_t out_offset;
+  u16_t out_offset;
 
   LWIP_ERROR("pbuf_get_contiguous: invalid buf", (p != NULL), return NULL;);
   LWIP_ERROR("pbuf_get_contiguous: invalid dataptr", (buffer != NULL), return NULL;);

src/core/tcp.c

@@ -734,7 +734,11 @@ tcp_bind(struct tcp_pcb *pcb, const ip_addr_t *ipaddr, u16_t port)
     }
   }
 
-  if (!ip_addr_isany(ipaddr)) {
+  if (!ip_addr_isany(ipaddr)
+#if LWIP_IPV4 && LWIP_IPV6
+      || (IP_GET_TYPE(ipaddr) != IP_GET_TYPE(&pcb->local_ip))
+#endif /* LWIP_IPV4 && LWIP_IPV6 */
+     ) {
     ip_addr_set(&pcb->local_ip, ipaddr);
   }
   pcb->local_port = port;

src/core/tcp_out.c

@@ -1585,8 +1585,8 @@ tcp_output_segment(struct tcp_seg *seg, struct tcp_pcb *pcb, struct netif *netif
       seg->chksum = SWAP_BYTES_IN_WORD(seg->chksum);
       seg->chksum_swapped = 0;
     }
-    acc += (u16_t)~(seg->chksum);
-    seg->tcphdr->chksum = FOLD_U32T(acc);
+    acc = (u16_t)~acc + seg->chksum;
+    seg->tcphdr->chksum = (u16_t)~FOLD_U32T(acc);
 #if TCP_CHECKSUM_ON_COPY_SANITY_CHECK
     if (chksum_slow != seg->tcphdr->chksum) {
       TCP_CHECKSUM_ON_COPY_SANITY_CHECK_FAIL(

src/include/lwip/altcp.h

@@ -1,12 +1,9 @@
 /**
  * @file
  * Application layered TCP connection API (to be used from TCPIP thread)\n
- * This interface mimics the tcp callback API to the application while preventing
- * direct linking (much like virtual functions).
- * This way, an application can make use of other application layer protocols
- * on top of TCP without knowing the details (e.g. TLS, proxy connection).
  *
  * This file contains the generic API.
+ * For more details see @ref altcp_api.
  */
 
 /*

src/include/lwip/altcp_tls.h

@@ -72,20 +72,33 @@ struct altcp_tls_config *altcp_tls_create_config_server_privkey_cert(const u8_t
  */
 struct altcp_tls_config *altcp_tls_create_config_client(const u8_t *cert, size_t cert_len);
 
+/** @ingroup altcp_tls
+ * Create an ALTCP_TLS client configuration handle with two-way server/client authentication
+ */
+struct altcp_tls_config *altcp_tls_create_config_client_2wayauth(const u8_t *ca, size_t ca_len, const u8_t *privkey, size_t privkey_len,
+                            const u8_t *privkey_pass, size_t privkey_pass_len,
+                            const u8_t *cert, size_t cert_len);
+
 /** @ingroup altcp_tls
  * Free an ALTCP_TLS configuration handle
  */
 void altcp_tls_free_config(struct altcp_tls_config *conf);
 
 /** @ingroup altcp_tls
- * Create new ALTCP_TLS layer
+ * Create new ALTCP_TLS layer wrapping an existing pcb as inner connection (e.g. TLS over TCP)
  */
-struct altcp_pcb *altcp_tls_new(struct altcp_tls_config *config, struct altcp_pcb *inner_pcb);
+struct altcp_pcb *altcp_tls_wrap(struct altcp_tls_config *config, struct altcp_pcb *inner_pcb);
 
 /** @ingroup altcp_tls
- * Create new ALTCP_TLS layer
- * This allocator function fits to @ref altcp_allocator_t / @ref altcp_new.
- * 'arg' must contain a struct altcp_tls_config *.
+ * Create new ALTCP_TLS pcb and its inner tcp pcb
+ */
+struct altcp_pcb *altcp_tls_new(struct altcp_tls_config *config, u8_t ip_type);
+
+/** @ingroup altcp_tls
+ * Create new ALTCP_TLS layer pcb and its inner tcp pcb.
+ * Same as @ref altcp_tls_new but this allocator function fits to
+ * @ref altcp_allocator_t / @ref altcp_new.\n
+ 'arg' must contain a struct altcp_tls_config *.
  */
 struct altcp_pcb *altcp_tls_alloc(void *arg, u8_t ip_type);
 

src/include/lwip/apps/altcp_proxyconnect.h

@@ -47,6 +47,10 @@
 
 #include "lwip/ip_addr.h"
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 struct altcp_proxyconnect_config {
   ip_addr_t proxy_addr;
   u16_t proxy_port;
@@ -67,5 +71,9 @@ struct altcp_proxyconnect_tls_config {
 struct altcp_pcb *altcp_proxyconnect_tls_alloc(void *arg, u8_t ip_type);
 #endif /* LWIP_ALTCP_TLS */
 
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* LWIP_ALTCP */
 #endif /* LWIP_HDR_APPS_ALTCP_PROXYCONNECT_H */

src/include/lwip/apps/http_client.h

@@ -45,6 +45,8 @@
 #include "lwip/prot/iana.h"
 #include "lwip/pbuf.h"
 
+#if LWIP_TCP && LWIP_CALLBACK_API
+
 #ifdef __cplusplus
 extern "C" {
 #endif
@@ -153,4 +155,6 @@ err_t httpc_get_file_dns_to_disk(const char* server_name, u16_t port, const char
 }
 #endif
 
+#endif /* LWIP_TCP && LWIP_CALLBACK_API */
+
 #endif /* LWIP_HDR_APPS_HTTP_CLIENT_H */

src/include/lwip/apps/mdns.h

@@ -41,6 +41,10 @@
 #include "lwip/apps/mdns_opts.h"
 #include "lwip/netif.h"
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 #if LWIP_MDNS_RESPONDER
 
 enum mdns_sd_proto {
@@ -94,4 +98,8 @@ void mdns_resp_announce(struct netif *netif);
 
 #endif /* LWIP_MDNS_RESPONDER */
 
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* LWIP_HDR_APPS_MDNS_H */

src/include/lwip/apps/mdns_priv.h

@@ -40,6 +40,10 @@
 #include "lwip/apps/mdns_opts.h"
 #include "lwip/pbuf.h"
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 #if LWIP_MDNS_RESPONDER
 
 /* Domain struct and methods - visible for unit tests */
@@ -63,4 +67,8 @@ u16_t mdns_compress_domain(struct pbuf *pbuf, u16_t *offset, struct mdns_domain
 
 #endif /* LWIP_MDNS_RESPONDER */
 
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* LWIP_HDR_MDNS_PRIV_H */

src/include/lwip/apps/mqtt.h

@@ -116,7 +116,7 @@ typedef enum
  * @ingroup mqtt
  * Function prototype for mqtt connection status callback. Called when
  * client has connected to the server after initiating a mqtt connection attempt by
- * calling mqtt_connect() or when connection is closed by server or an error
+ * calling mqtt_client_connect() or when connection is closed by server or an error
  *
  * @param client MQTT client itself
  * @param arg Additional argument to pass to the callback function

src/include/lwip/apps/netbiosns.h

@@ -34,10 +34,18 @@
 
 #include "lwip/apps/netbiosns_opts.h"
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 void netbiosns_init(void);
 #ifndef NETBIOS_LWIP_NAME
 void netbiosns_set_name(const char* hostname);
 #endif
 void netbiosns_stop(void);
 
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* LWIP_HDR_APPS_NETBIOS_H */

src/include/lwip/apps/smtp.h

@@ -1,6 +1,10 @@
 #ifndef LWIP_HDR_APPS_SMTP_H
 #define LWIP_HDR_APPS_SMTP_H
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 #include "lwip/apps/smtp_opts.h"
 #include "lwip/err.h"
 #include "lwip/prot/iana.h"
@@ -117,4 +121,8 @@ void smtp_send_mail_int(void *arg);
 const char* smtp_result_str(u8_t smtp_result);
 #endif
 
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* LWIP_HDR_APPS_SMTP_H */

src/include/lwip/apps/smtp_opts.h

@@ -72,7 +72,7 @@ extern "C" {
 /**
  * @}
  */
-    
+
 #ifdef __cplusplus
 }
 #endif

src/include/lwip/apps/snmp_core.h

@@ -191,7 +191,7 @@ typedef snmp_err_t (*node_instance_set_test_method)(struct snmp_node_instance*,
 typedef snmp_err_t (*node_instance_set_value_method)(struct snmp_node_instance*, u16_t, void*);
 typedef void (*node_instance_release_method)(struct snmp_node_instance*);
 
-#define SNMP_GET_VALUE_RAW_DATA 0x8000
+#define SNMP_GET_VALUE_RAW_DATA 0x4000  /* do not use 0x8000 because return value of node_instance_get_value_method is signed16 and 0x8000 would be the signed bit */
 
 /** SNMP node instance */
 struct snmp_node_instance

src/include/lwip/apps/snmpv3.h

@@ -38,23 +38,27 @@
 #include "lwip/apps/snmp_opts.h"
 #include "lwip/err.h"
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 #if LWIP_SNMP && LWIP_SNMP_V3
 
-typedef enum 
+typedef enum
 {
   SNMP_V3_AUTH_ALGO_INVAL = 0,
   SNMP_V3_AUTH_ALGO_MD5   = 1,
   SNMP_V3_AUTH_ALGO_SHA   = 2
 } snmpv3_auth_algo_t;
 
-typedef enum 
+typedef enum
 {
   SNMP_V3_PRIV_ALGO_INVAL = 0,
   SNMP_V3_PRIV_ALGO_DES   = 1,
   SNMP_V3_PRIV_ALGO_AES   = 2
 } snmpv3_priv_algo_t;
 
-typedef enum 
+typedef enum
 {
   SNMP_V3_USER_STORAGETYPE_OTHER       = 1,
   SNMP_V3_USER_STORAGETYPE_VOLATILE    = 2,
@@ -103,4 +107,8 @@ void snmpv3_password_to_key_sha(
 
 #endif
 
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* LWIP_HDR_APPS_SNMP_V3_H */

src/include/lwip/dhcp6.h

@@ -47,6 +47,10 @@
 #include "lwip/err.h"
 #include "lwip/netif.h"
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 /** period (in milliseconds) of the application calling dhcp6_tmr() */
 #define DHCP6_TIMER_MSECS   500
 
@@ -91,6 +95,10 @@ extern void dhcp6_set_ntp_servers(u8_t num_ntp_servers, const ip_addr_t* ntp_ser
 
 #define netif_dhcp6_data(netif) ((struct dhcp6*)netif_get_client_data(netif, LWIP_NETIF_CLIENT_DATA_INDEX_DHCP6))
 
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* LWIP_IPV6_DHCP6 */
 
 #endif /* LWIP_HDR_IP6_DHCP6_H */

src/include/lwip/init.h

@@ -58,7 +58,7 @@ extern "C" {
 /** For release candidates, this is set to 1..254
   * For official releases, this is set to 255 (LWIP_RC_RELEASE)
   * For development versions (Git), this is set to 0 (LWIP_RC_DEVELOPMENT) */
-#define LWIP_VERSION_RC         1
+#define LWIP_VERSION_RC         LWIP_RC_RELEASE
 
 /** LWIP_VERSION_RC is set to LWIP_RC_RELEASE for official releases */
 #define LWIP_RC_RELEASE         255

src/include/lwip/ip6_zone.h

@@ -85,6 +85,10 @@
 #ifndef LWIP_HDR_IP6_ZONE_H
 #define LWIP_HDR_IP6_ZONE_H
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 /**
  * @defgroup ip6_zones IPv6 Zones
  * @ingroup ip6
@@ -293,4 +297,8 @@ enum lwip_ipv6_scope_type
 
 #endif /* LWIP_IPV6 */
 
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* LWIP_HDR_IP6_ZONE_H */

src/include/lwip/opt.h

@@ -930,16 +930,6 @@
 #define DHCP_DOES_ARP_CHECK             (LWIP_DHCP && LWIP_ARP)
 #endif
 
-/**
- * LWIP_DHCP_CHECK_LINK_UP==1: dhcp_start() only really starts if the netif has
- * NETIF_FLAG_LINK_UP set in its flags. As this is only an optimization and
- * netif drivers might not set this flag, the default is off. If enabled,
- * netif_set_link_up() must be called to continue dhcp starting.
- */
-#if !defined LWIP_DHCP_CHECK_LINK_UP
-#define LWIP_DHCP_CHECK_LINK_UP         0
-#endif
-
 /**
  * LWIP_DHCP_BOOTP_FILE==1: Store offered_si_addr and boot_file_name.
  */
@@ -1489,15 +1479,19 @@
 #define LWIP_TCP_PCB_NUM_EXT_ARGS       0
 #endif
 
-/** LWIP_ALTCP==1: enable the altcp API
+/** LWIP_ALTCP==1: enable the altcp API.
  * altcp is an abstraction layer that prevents applications linking against the
  * tcp.h functions but provides the same functionality. It is used to e.g. add
  * SSL/TLS or proxy-connect support to an application written for the tcp callback
  * API without that application knowing the protocol details.
- * Applications written against the altcp API are directly linked against the
- * tcp callback API for LWIP_ALTCP==0, but then cannot use layered protocols.
+ *
+ * With LWIP_ALTCP==0, applications written against the altcp API can still be
+ * compiled but are directly linked against the tcp.h callback API and then
+ * cannot use layered protocols.
+ *
+ * See @ref altcp_api
  */
-#ifndef LWIP_ALTCP
+#if !defined LWIP_ALTCP || defined __DOXYGEN__
 #define LWIP_ALTCP                      0
 #endif
 
@@ -1506,7 +1500,7 @@
  * A port to ARM mbedtls is provided with lwIP, see apps/altcp_tls/ directory
  * and LWIP_ALTCP_TLS_MBEDTLS option.
  */
-#ifndef LWIP_ALTCP_TLS
+#if !defined LWIP_ALTCP_TLS || defined __DOXYGEN__
 #define LWIP_ALTCP_TLS                  0
 #endif
 
@@ -1558,7 +1552,7 @@
  * LWIP_PBUF_REF_T: Refcount type in pbuf.
  * Default width of u8_t can be increased if 255 refs are not enough for you.
  */
-#ifndef LWIP_PBUF_REF_T
+#if !defined LWIP_PBUF_REF_T || defined __DOXYGEN__
 #define LWIP_PBUF_REF_T                 u8_t
 #endif
 /**
@@ -2392,6 +2386,18 @@
  * LWIP_IPV6_SCOPES==1: Enable support for IPv6 address scopes, ensuring that
  * e.g. link-local addresses are really treated as link-local. Disable this
  * setting only for single-interface configurations.
+ * All addresses that have a scope according to the default policy (link-local
+ * unicast addresses, interface-local and link-local multicast addresses) should
+ * now have a zone set on them before being passed to the core API, although
+ * lwIP will currently attempt to select a zone on the caller's behalf when 
+ * necessary. Applications that directly assign IPv6 addresses to interfaces
+ * (which is NOT recommended) must now ensure that link-local addresses carry
+ * the netif's zone. See the new ip6_zone.h header file for more information and
+ * relevant macros. For now it is still possible to turn off scopes support
+ * through the new LWIP_IPV6_SCOPES option. When upgrading an implementation that
+ * uses the core API directly, it is highly recommended to enable
+ * LWIP_IPV6_SCOPES_DEBUG at least for a while, to ensure e.g. proper address
+ * initialization.
  */
 #if !defined LWIP_IPV6_SCOPES || defined __DOXYGEN__
 #define LWIP_IPV6_SCOPES                (LWIP_IPV6 && !LWIP_SINGLE_NETIF)

src/include/lwip/prot/dhcp.h

@@ -39,6 +39,8 @@
 #define LWIP_HDR_PROT_DHCP_H
 
 #include "lwip/opt.h"
+#include "lwip/arch.h"
+#include "lwip/prot/ip4.h"
 
 #ifdef __cplusplus
 extern "C" {

src/include/lwip/prot/iana.h

@@ -41,6 +41,10 @@
 #ifndef LWIP_HDR_PROT_IANA_H
 #define LWIP_HDR_PROT_IANA_H
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 /**
  * @ingroup iana
  * Hardware types
@@ -86,4 +90,8 @@ enum lwip_iana_port_number {
   LWIP_IANA_PORT_SECURE_MQTT = 8883
 };
 
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* LWIP_HDR_PROT_IANA_H */

src/include/lwip/prot/ieee.h

@@ -41,6 +41,10 @@
 #ifndef LWIP_HDR_PROT_IEEE_H
 #define LWIP_HDR_PROT_IEEE_H
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 /**
  * @ingroup ieee
  * A list of often ethtypes (although lwIP does not use all of them).
@@ -80,4 +84,8 @@ enum lwip_ieee_eth_type {
   ETHTYPE_QINQ      = 0x9100U
 };
 
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* LWIP_HDR_PROT_IEEE_H */

src/include/lwip/prot/igmp.h

@@ -38,7 +38,7 @@
 #define LWIP_HDR_PROT_IGMP_H
 
 #include "lwip/arch.h"
-#include "lwip/ip4_addr.h"
+#include "lwip/prot/ip4.h"
 
 #ifdef __cplusplus
 extern "C" {

src/include/lwip/prot/ip.h

@@ -39,6 +39,10 @@
 
 #include "lwip/arch.h"
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 #define IP_PROTO_ICMP    1
 #define IP_PROTO_IGMP    2
 #define IP_PROTO_UDP     17
@@ -48,4 +52,8 @@
 /** This operates on a void* by loading the first byte */
 #define IP_HDR_GET_VERSION(ptr)   ((*(u8_t*)(ptr)) >> 4)
 
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* LWIP_HDR_PROT_IP_H */

src/include/lwip/prot/ip6.h

@@ -43,7 +43,7 @@
 #ifdef __cplusplus
 extern "C" {
 #endif
-   
+
 /** This is the packed version of ip6_addr_t,
     used in network headers that are itself packed */
 #ifdef PACK_STRUCT_USE_INCLUDES

src/include/netif/bridgeif.h

@@ -42,6 +42,10 @@
 #include "lwip/err.h"
 #include "lwip/prot/ethernet.h"
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 struct netif;
 
 #if (BRIDGEIF_MAX_PORTS < 0) || (BRIDGEIF_MAX_PORTS >= 64)
@@ -116,4 +120,8 @@ void*               bridgeif_fdb_init(u16_t max_fdb_entries);
 #define BRIDGEIF_WRITE_UNPROTECT(lev)
 #endif /* BRIDGEIF_PORT_NETIFS_OUTPUT_DIRECT */
 
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* LWIP_HDR_NETIF_BRIDGEIF_H */

src/include/netif/ieee802154.h

@@ -39,6 +39,10 @@
 
 #include "lwip/opt.h"
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 #ifdef PACK_STRUCT_USE_INCLUDES
 #  include "arch/bpstruct.h"
 #endif
@@ -101,5 +105,8 @@ PACK_STRUCT_END
 #define IEEE_802154_FC_SRC_ADDR_MODE_SHORT     (IEEE_802154_ADDR_MODE_SHORT << 14)
 #define IEEE_802154_FC_SRC_ADDR_MODE_EXT       (IEEE_802154_ADDR_MODE_EXT << 14)
 
+#ifdef __cplusplus
+}
+#endif
 
 #endif /* LWIP_HDR_NETIF_IEEE802154_H */

src/include/netif/ppp/ccp.h

@@ -36,6 +36,10 @@
 #ifndef CCP_H
 #define CCP_H
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 /*
  * CCP codes.
  */
@@ -152,5 +156,9 @@ extern const struct protent ccp_protent;
 
 void ccp_resetrequest(ppp_pcb *pcb);  /* Issue a reset-request. */
 
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* CCP_H */
 #endif /* PPP_SUPPORT && CCP_SUPPORT */

src/include/netif/ppp/chap-new.h

@@ -36,6 +36,10 @@
 
 #include "ppp.h"
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 /*
  * CHAP packets begin with a standard header with code, id, len (2 bytes).
  */
@@ -188,5 +192,9 @@ extern void chap_auth_with_peer(ppp_pcb *pcb, const char *our_name, int digest_c
 /* Represents the CHAP protocol to the main pppd code */
 extern const struct protent chap_protent;
 
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* CHAP_H */
 #endif /* PPP_SUPPORT && CHAP_SUPPORT */

src/include/netif/ppp/ecp.h

@@ -34,6 +34,13 @@
 #include "netif/ppp/ppp_opts.h"
 #if PPP_SUPPORT && ECP_SUPPORT  /* don't build if not configured for use in lwipopts.h */
 
+#ifndef ECP_H
+#define ECP_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 typedef struct ecp_options {
     bool required;		/* Is ECP required? */
     unsigned enctype;		/* Encryption type */
@@ -47,4 +54,9 @@ extern ecp_options ecp_hisoptions[];
 
 extern const struct protent ecp_protent;
 
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* ECP_H */
 #endif /* PPP_SUPPORT && ECP_SUPPORT */

src/include/netif/ppp/eui64.h

@@ -41,6 +41,10 @@
 #ifndef EUI64_H
 #define EUI64_H
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 /*
  * @todo:
  *
@@ -90,5 +94,9 @@ typedef union
 
 char *eui64_ntoa(eui64_t);	/* Returns ascii representation of id */
 
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* EUI64_H */
 #endif /* PPP_SUPPORT && PPP_IPV6_SUPPORT */

src/include/netif/ppp/fsm.h

@@ -50,6 +50,10 @@
 
 #include "ppp.h"
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 /*
  * Packet header = Code, id, length.
  */
@@ -170,6 +174,9 @@ void fsm_input(fsm *f, u_char *inpacket, int l);
 void fsm_protreject(fsm *f);
 void fsm_sdata(fsm *f, u_char code, u_char id, const u_char *data, int datalen);
 
+#ifdef __cplusplus
+}
+#endif
 
 #endif /* FSM_H */
 #endif /* PPP_SUPPORT */

src/include/netif/ppp/ipcp.h

@@ -48,6 +48,10 @@
 #ifndef IPCP_H
 #define	IPCP_H
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 /*
  * Options.
  */
@@ -122,5 +126,9 @@ char *ip_ntoa (u32_t);
 
 extern const struct protent ipcp_protent;
 
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* IPCP_H */
 #endif /* PPP_SUPPORT && PPP_IPV4_SUPPORT */

src/include/netif/ppp/ipv6cp.h

@@ -146,6 +146,10 @@
 
 #include "eui64.h"
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 /*
  * Options.
  */
@@ -179,5 +183,9 @@ typedef struct ipv6cp_options {
 
 extern const struct protent ipv6cp_protent;
 
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* IPV6CP_H */
 #endif /* PPP_SUPPORT && PPP_IPV6_SUPPORT */

src/include/netif/ppp/lcp.h

@@ -50,6 +50,10 @@
 
 #include "ppp.h"
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 /*
  * Options.
  */
@@ -167,5 +171,9 @@ extern const struct protent lcp_protent;
 #define DEFLOOPBACKFAIL	10
 #endif /* moved to ppp_opts.h */
 
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* LCP_H */
 #endif /* PPP_SUPPORT */

src/include/netif/ppp/magic.h

@@ -80,6 +80,10 @@
 #ifndef MAGIC_H
 #define MAGIC_H
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 /***********************
 *** PUBLIC FUNCTIONS ***
 ***********************/
@@ -117,6 +121,10 @@ void magic_random_bytes(unsigned char *buf, u32_t buf_len);
  */
 u32_t magic_pow(u8_t pow);
 
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* MAGIC_H */
 
 #endif /* PPP_SUPPORT */

src/include/netif/ppp/mppe.h

@@ -41,6 +41,10 @@
 
 #include "netif/ppp/pppcrypt.h"
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 #define MPPE_PAD		4	/* MPPE growth per frame */
 #define MPPE_MAX_KEY_LEN	16	/* largest key length (128-bit) */
 
@@ -169,5 +173,9 @@ err_t mppe_compress(ppp_pcb *pcb, ppp_mppe_state *state, struct pbuf **pb, u16_t
 void mppe_decomp_reset(ppp_pcb *pcb, ppp_mppe_state *state);
 err_t mppe_decompress(ppp_pcb *pcb, ppp_mppe_state *state, struct pbuf **pb);
 
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* MPPE_H */
 #endif /* PPP_SUPPORT && MPPE_SUPPORT */

src/include/netif/ppp/ppp.h

@@ -47,6 +47,10 @@
 #include "lwip/ip6_addr.h"
 #endif /* PPP_IPV6_SUPPORT */
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 /* Disable non-working or rarely used PPP feature, so rarely that we don't want to bloat ppp_opts.h with them */
 #ifndef PPP_OPTIONS
 #define PPP_OPTIONS         0
@@ -685,6 +689,10 @@ err_t ppp_ioctl(ppp_pcb *pcb, u8_t cmd, void *arg);
 #define ppp_set_netif_linkcallback(ppp, link_cb)           \
         netif_set_link_callback(ppp->netif, link_cb);
 
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* PPP_H */
 
 #endif /* PPP_SUPPORT */

src/include/netif/ppp/ppp_impl.h

@@ -53,6 +53,10 @@
 #include "ppp.h"
 #include "pppdebug.h"
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 /*
  * Memory used for control packets.
  *
@@ -710,5 +714,9 @@ void ppp_dump_packet(ppp_pcb *pcb, const char *tag, unsigned char *p, int len);
  * 1 + PPP_IPV4_SUPPORT + PPP_IPV6_SUPPORT + CCP_SUPPORT
  */
 
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* PPP_SUPPORT */
 #endif /* LWIP_HDR_PPP_IMPL_H */

src/include/netif/ppp/pppcrypt.h

@@ -44,6 +44,10 @@
  */
 #include "lwip/arch.h"
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 /*
  * Map hashes and ciphers functions to PolarSSL
  */
@@ -131,6 +135,10 @@
 
 void pppcrypt_56_to_64_bit_key(u_char *key, u_char *des_key);
 
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* PPPCRYPT_H */
 
 #endif /* PPP_SUPPORT */

src/include/netif/ppp/pppdebug.h

@@ -40,6 +40,10 @@
 #ifndef PPPDEBUG_H
 #define PPPDEBUG_H
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 /* Trace levels. */
 #define LOG_CRITICAL  (PPP_DEBUG | LWIP_DBG_LEVEL_SEVERE)
 #define LOG_ERR       (PPP_DEBUG | LWIP_DBG_LEVEL_SEVERE)
@@ -75,6 +79,10 @@
 
 #endif /* PPP_DEBUG */
 
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* PPPDEBUG_H */
 
 #endif /* PPP_SUPPORT */

src/include/netif/ppp/pppoe.h

@@ -76,6 +76,10 @@
 #include "ppp.h"
 #include "lwip/etharp.h"
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 #ifdef PACK_STRUCT_USE_INCLUDES
 #  include "arch/bpstruct.h"
 #endif
@@ -174,6 +178,10 @@ ppp_pcb *pppoe_create(struct netif *pppif,
 void pppoe_disc_input(struct netif *netif, struct pbuf *p);
 void pppoe_data_input(struct netif *netif, struct pbuf *p);
 
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* PPP_OE_H */
 
 #endif /* PPP_SUPPORT && PPPOE_SUPPORT */

src/include/netif/ppp/pppol2tp.h

@@ -39,6 +39,10 @@
 
 #include "ppp.h"
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 /* Timeout */
 #define PPPOL2TP_CONTROL_TIMEOUT         (5*1000)  /* base for quick timeout calculation */
 #define PPPOL2TP_SLOW_RETRY              (60*1000) /* persistent retry interval */
@@ -197,5 +201,9 @@ ppp_pcb *pppol2tp_create(struct netif *pppif,
        const u8_t *secret, u8_t secret_len,
        ppp_link_status_cb_fn link_status_cb, void *ctx_cb);
 
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* PPPOL2TP_H */
 #endif /* PPP_SUPPORT && PPPOL2TP_SUPPORT */

src/include/netif/ppp/pppos.h

@@ -42,6 +42,10 @@
 #include "ppp.h"
 #include "vj.h"
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 /* PPP packet parser states.  Current state indicates operation yet to be
  * completed. */
 enum {
@@ -114,5 +118,9 @@ void pppos_input(ppp_pcb *ppp, u8_t* data, int len);
 err_t pppos_input_sys(struct pbuf *p, struct netif *inp);
 #endif /* !NO_SYS && !PPP_INPROC_IRQ_SAFE */
 
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* PPPOS_H */
 #endif /* PPP_SUPPORT && PPPOL2TP_SUPPORT */

src/include/netif/ppp/upap.h

@@ -50,6 +50,10 @@
 
 #include "ppp.h"
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 /*
  * Packet header = Code, id, length.
  */
@@ -119,5 +123,9 @@ void upap_authpeer(ppp_pcb *pcb);
 
 extern const struct protent pap_protent;
 
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* UPAP_H */
 #endif /* PPP_SUPPORT && PAP_SUPPORT */

src/include/netif/ppp/vj.h

@@ -31,6 +31,10 @@
 #include "lwip/ip.h"
 #include "lwip/priv/tcp_priv.h"
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 #define MAX_SLOTS 16 /* must be > 2 and < 256 */
 #define MAX_HDR   128
 
@@ -156,6 +160,10 @@ extern void  vj_uncompress_err   (struct vjcompress *comp);
 extern int   vj_uncompress_uncomp(struct pbuf *nb, struct vjcompress *comp);
 extern int   vj_uncompress_tcp   (struct pbuf **nb, struct vjcompress *comp);
 
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* VJ_H */
 
 #endif /* PPP_SUPPORT && VJ_SUPPORT */

src/include/netif/zepif.h

@@ -43,7 +43,7 @@
 #include "lwip/opt.h"
 #include "netif/lowpan6.h"
 
-#if LWIP_IPV6 /* don't build if not configured for use in lwipopts.h */
+#if LWIP_IPV6 && LWIP_UDP /* don't build if not configured for use in lwipopts.h */
 
 #include "lwip/netif.h"
 
@@ -76,6 +76,6 @@ err_t zepif_init(struct netif *netif);
 }
 #endif
 
-#endif /* LWIP_IPV6 */
+#endif /* LWIP_IPV6 && LWIP_UDP */
 
 #endif /* LWIP_HDR_ZEPIF_H */

src/netif/lowpan6_ble.c

@@ -131,8 +131,8 @@ ble_addr_to_eui64(uint8_t *dst, const uint8_t *src, int public_addr)
  * 
  * This method converts an EUI64 address to a Bluetooth MAC address,
  * 
- * @param src IPv6 source
  * @param dst BLE MAC address destination
+ * @param src IPv6 source
  * 
  */
 void

src/netif/ppp/fsm.c

@@ -236,7 +236,7 @@ static void terminate_layer(fsm *f, int nextstate) {
  */
 void fsm_close(fsm *f, const char *reason) {
     f->term_reason = reason;
-    f->term_reason_len = (reason == NULL? 0: LWIP_MIN(strlen(reason), 0xFF) );
+    f->term_reason_len = (reason == NULL? 0: (u8_t)LWIP_MIN(strlen(reason), 0xFF) );
     switch( f->state ){
     case PPP_FSM_STARTING:
 	f->state = PPP_FSM_INITIAL;

src/netif/ppp/ppp.c

@@ -276,6 +276,8 @@ err_t ppp_connect(ppp_pcb *pcb, u16_t holdoff) {
 
   PPPDEBUG(LOG_DEBUG, ("ppp_connect[%d]: holdoff=%d\n", pcb->netif->num, holdoff));
 
+  magic_randomize();
+
   if (holdoff == 0) {
     ppp_do_connect(pcb);
     return ERR_OK;
@@ -303,6 +305,8 @@ err_t ppp_listen(ppp_pcb *pcb) {
 
   PPPDEBUG(LOG_DEBUG, ("ppp_listen[%d]\n", pcb->netif->num));
 
+  magic_randomize();
+
   if (pcb->link_cb->listen) {
     new_phase(pcb, PPP_PHASE_INITIALIZE);
     pcb->link_cb->listen(pcb, pcb->link_ctx_cb);

src/netif/ppp/upap.c

@@ -159,9 +159,9 @@ void upap_authwithpeer(ppp_pcb *pcb, const char *user, const char *password) {
 
     /* Save the username and password we're given */
     pcb->upap.us_user = user;
-    pcb->upap.us_userlen = LWIP_MIN(strlen(user), 0xff);
+    pcb->upap.us_userlen = (u8_t)LWIP_MIN(strlen(user), 0xff);
     pcb->upap.us_passwd = password;
-    pcb->upap.us_passwdlen = LWIP_MIN(strlen(password), 0xff);
+    pcb->upap.us_passwdlen = (u8_t)LWIP_MIN(strlen(password), 0xff);
     pcb->upap.us_transmits = 0;
 
     /* Lower layer up yet? */

src/netif/ppp/utils.c

@@ -58,8 +58,6 @@
 #endif
 #endif /* UNUSED */
 
-#include <ctype.h>  /* isdigit() */
-
 #include "netif/ppp/ppp_impl.h"
 
 #include "netif/ppp/fsm.h"
@@ -180,7 +178,7 @@ int ppp_vslprintf(char *buf, int buflen, const char *fmt, va_list args) {
 	    width = va_arg(args, int);
 	    c = *++fmt;
 	} else {
-	    while (isdigit(c)) {
+	    while (lwip_isdigit(c)) {
 		width = width * 10 + c - '0';
 		c = *++fmt;
 	    }
@@ -192,7 +190,7 @@ int ppp_vslprintf(char *buf, int buflen, const char *fmt, va_list args) {
 		c = *++fmt;
 	    } else {
 		prec = 0;
-		while (isdigit(c)) {
+		while (lwip_isdigit(c)) {
 		    prec = prec * 10 + c - '0';
 		    c = *++fmt;
 		}

src/netif/zepif.c

@@ -49,7 +49,7 @@
 
 #include "netif/zepif.h"
 
-#if LWIP_IPV6
+#if LWIP_IPV6 && LWIP_UDP
 
 #include "netif/lowpan6.h"
 #include "lwip/udp.h"
@@ -297,4 +297,4 @@ err_ret:
   return err;
 }
 
-#endif /* LWIP_IPV6 */
+#endif /* LWIP_IPV6 && LWIP_UDP */