2 * nmrpflash - Netgear Unbrick Utility
3 * Copyright (C) 2016 Joseph Lehner <joseph.c.lehner@gmail.com>
5 * nmrpflash is free software: you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation, either version 3 of the License, or
8 * (at your option) any later version.
10 * nmrpflash is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with nmrpflash. If not, see <http://www.gnu.org/licenses/>.
33 #define TFTP_BLKSIZE 1456
35 static const char *opcode_names[] = {
36 "RRQ", "WRQ", "DATA", "ACK", "ERR", "OACK"
48 static bool is_netascii(const char *str)
50 uint8_t *p = (uint8_t*)str;
53 if (*p < 0x20 || *p > 0x7f) {
61 static inline char *pkt_mknum(char *pkt, uint16_t n)
63 *(uint16_t*)pkt = htons(n);
67 static inline uint16_t pkt_num(char *pkt)
69 return ntohs(*(uint16_t*)pkt);
72 static char *pkt_mkopt(char *pkt, const char *opt, const char* val)
75 pkt += strlen(opt) + 1;
77 pkt += strlen(val) + 1;
81 static bool pkt_nextstr(char **pkt, char **str, size_t *rem)
85 if (!isprint(**pkt) || !(len = strnlen(*pkt, *rem))) {
102 static bool pkt_nextopt(char **pkt, char **opt, char **val, size_t *rem)
104 return pkt_nextstr(pkt, opt, rem) && pkt_nextstr(pkt, val, rem);
107 static char *pkt_optval(char* pkt, const char* name)
113 while (pkt_nextopt(&pkt, &opt, &val, &rem)) {
114 if (!strcasecmp(name, opt)) {
122 static size_t pkt_xrqlen(char *pkt)
127 while (pkt_nextopt(&pkt, NULL, NULL, &rem)) {
134 static void pkt_mkwrq(char *pkt, const char *filename, unsigned blksize)
136 filename = leafname(filename);
137 if (!tftp_is_valid_filename(filename)) {
138 fprintf(stderr, "Overlong/illegal filename; using 'firmware'.\n");
139 filename = "firmware";
140 } else if (!strcmp(filename, "-")) {
141 filename = "firmware";
144 pkt = pkt_mknum(pkt, WRQ);
145 pkt = pkt_mkopt(pkt, filename, "octet");
147 if (blksize && blksize != 512) {
148 pkt = pkt_mkopt(pkt, "blksize", lltostr(blksize, 10));
152 static inline void pkt_print(char *pkt, FILE *fp)
154 uint16_t opcode = pkt_num(pkt);
158 if (!opcode || opcode > OACK) {
159 fprintf(fp, "(%d)", opcode);
161 fprintf(fp, "%s", opcode_names[opcode - 1]);
162 if (opcode == ACK || opcode == DATA) {
163 fprintf(fp, "(%d)", pkt_num(pkt + 2));
164 } else if (opcode == WRQ || opcode == RRQ) {
165 fprintf(fp, "(%s, %s)", pkt + 2, pkt + 2 + strlen(pkt + 2) + 1);
166 } else if (opcode == OACK) {
170 while (pkt_nextopt(&pkt, &opt, &val, &rem)) {
171 fprintf(fp, " %s=%s ", opt, val);
178 static ssize_t tftp_recvfrom(int sock, char *pkt, uint16_t* port,
179 unsigned timeout, size_t pktlen)
182 struct sockaddr_in src;
183 #ifndef NMRPFLASH_WINDOWS
189 len = select_fd(sock, timeout);
197 len = recvfrom(sock, pkt, pktlen, 0, (struct sockaddr*)&src, &alen);
199 sock_perror("recvfrom");
203 *port = ntohs(src.sin_port);
205 uint16_t opcode = pkt_num(pkt);
208 fprintf(stderr, "Error (%d): %.511s\n", pkt_num(pkt + 2), pkt + 4);
210 } else if (isprint(pkt[0])) {
211 /* In case of a firmware checksum error, the EX2700 I've tested this
212 * on sends a raw UDP packet containing just an error message starting
213 * at offset 0. The limit of 32 chars is arbitrary.
215 fprintf(stderr, "Error: %.32s\n", pkt);
217 } else if (!opcode || opcode > OACK) {
218 fprintf(stderr, "Received invalid packet: ");
219 pkt_print(pkt, stderr);
220 fprintf(stderr, ".\n");
226 pkt_print(pkt, stdout);
233 static ssize_t tftp_sendto(int sock, char *pkt, size_t len,
234 struct sockaddr_in *dst)
238 switch (pkt_num(pkt)) {
242 len = pkt_xrqlen(pkt);
251 len = 4 + strlen(pkt + 4);
254 fprintf(stderr, "Attempted to send invalid packet ");
255 pkt_print(pkt, stderr);
256 fprintf(stderr, "; this is a bug!\n");
262 pkt_print(pkt, stdout);
266 sent = sendto(sock, pkt, len, 0, (struct sockaddr*)dst, sizeof(*dst));
268 sock_perror("sendto");
274 const char *leafname(const char *path)
280 const char *slash, *bslash;
282 slash = strrchr(path, '/');
283 bslash = strrchr(path, '\\');
285 if (slash && bslash) {
286 path = 1 + (slash > bslash ? slash : bslash);
296 #ifdef NMRPFLASH_WINDOWS
297 void sock_perror(const char *msg)
299 win_perror2(msg, WSAGetLastError());
303 inline bool tftp_is_valid_filename(const char *filename)
305 return strlen(filename) <= 255 && is_netascii(filename);
308 static const char *spinner = "\\|/-";
310 int tftp_put(struct nmrpd_args *args)
312 struct sockaddr_in addr;
313 uint16_t block, port, op, blksize;
314 ssize_t len, last_len;
315 int fd, sock, ret, timeouts, errors, ackblock;
316 char rx[2048], tx[2048];
317 const char *file_remote = args->file_remote;
320 const unsigned rx_timeout = MAX(args->rx_timeout / (args->blind ? 50 : 5), 2000);
321 const unsigned max_timeouts = args->blind ? 3 : 5;
331 if (!strcmp(args->file_local, "-")) {
334 file_remote = "firmware";
337 fd = open(args->file_local, O_RDONLY | O_BINARY);
342 } else if (!file_remote) {
343 file_remote = args->file_local;
347 sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
349 sock_perror("socket");
354 memset(&addr, 0, sizeof(addr));
356 addr.sin_family = AF_INET;
358 if (args->ipaddr_intf) {
359 if ((addr.sin_addr.s_addr = inet_addr(args->ipaddr_intf)) == INADDR_NONE) {
360 xperror("inet_addr");
364 if (bind(sock, (struct sockaddr*)&addr, sizeof(addr)) != 0) {
370 if ((addr.sin_addr.s_addr = inet_addr(args->ipaddr)) == INADDR_NONE) {
371 xperror("inet_addr");
375 addr.sin_port = htons(args->port);
383 /* Not really, but this way the loop sends our WRQ before receiving */
386 pkt_mkwrq(tx, file_remote, TFTP_BLKSIZE);
388 while (!g_interrupted) {
394 ackblock = pkt_num(rx + 2);
395 } else if (op == OACK) {
397 if ((val = pkt_optval(rx, "blksize"))) {
398 blksize = strtol(val, &end, 10);
399 if (*end != '\0' || blksize < 8 || blksize > TFTP_BLKSIZE) {
400 fprintf(stderr, "Error: invalid blksize in OACK: %s\n", val);
406 printf("Remote accepted blksize option: %d b\n", blksize);
412 if (timeouts || ackblock == block) {
416 printf("Warning: TFTP block rollover. Upload might fail!\n");
421 printf("%c ", spinner[block & 3]);
426 pkt_mknum(tx + 2, block);
427 len = read(fd, tx + 4, blksize);
433 if (last_len != blksize && last_len != -1) {
441 ret = tftp_sendto(sock, tx, len, &addr);
445 } else if ((op != OACK && op != ACK) || ackblock > block) {
447 fprintf(stderr, "Expected ACK(%d), got ", block);
448 pkt_print(rx, stderr);
449 fprintf(stderr, ".\n");
452 if (ackblock != -1 && ++errors > 5) {
453 fprintf(stderr, "Protocol error; bailing out.\n");
459 ret = tftp_recvfrom(sock, rx, &port, rx_timeout, blksize + 4);
463 if (++timeouts < max_timeouts || (!block && timeouts < (max_timeouts * 4))) {
465 } else if (args->blind) {
467 // fake an ACK packet
469 pkt_mknum(rx + 2, block);
472 fprintf(stderr, "Timeout while waiting for ACK(%d).\n", block);
474 fprintf(stderr, "Timeout while waiting for ACK(0)/OACK.\n");
482 if (!block && port != args->port) {
484 printf("Switching to port %d\n", port);
486 addr.sin_port = htons(port);
491 ret = !g_interrupted ? 0 : -1;
499 #ifndef NMRPFLASH_WINDOWS
500 shutdown(sock, SHUT_RDWR);
503 shutdown(sock, SD_BOTH);