2 * nmrpflash - Netgear Unbrick Utility
3 * Copyright (C) 2016 Joseph Lehner <joseph.c.lehner@gmail.com>
5 * nmrpflash is free software: you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation, either version 3 of the License, or
8 * (at your option) any later version.
10 * nmrpflash is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with nmrpflash. If not, see <http://www.gnu.org/licenses/>.
29 #define TFTP_PKT_SIZE 516
31 static const char *opcode_names[] = {
32 "RRQ", "WRQ", "DATA", "ACK", "ERR"
43 static const char *leafname(const char *path)
45 const char *slash, *bslash;
47 slash = strrchr(path, '/');
48 bslash = strrchr(path, '\\');
50 if (slash && bslash) {
51 path = 1 + (slash > bslash ? slash : bslash);
61 static bool is_netascii(const char *str)
63 uint8_t *p = (uint8_t*)str;
66 if (*p < 0x20 || *p > 0x7f) {
74 static inline void pkt_mknum(char *pkt, uint16_t n)
76 *(uint16_t*)pkt = htons(n);
79 static inline uint16_t pkt_num(char *pkt)
81 return ntohs(*(uint16_t*)pkt);
84 static void pkt_mkwrq(char *pkt, const char *filename)
88 filename = leafname(filename);
89 if (!tftp_is_valid_filename(filename)) {
90 fprintf(stderr, "Overlong/illegal filename; using 'firmware'.\n");
91 filename = "firmware";
92 } else if (!strcmp(filename, "-")) {
93 filename = "firmware";
98 strcpy(pkt + len, filename);
99 len += strlen(filename) + 1;
100 strcpy(pkt + len, "octet");
103 static inline void pkt_print(char *pkt, FILE *fp)
105 uint16_t opcode = pkt_num(pkt);
106 if (!opcode || opcode > ERR) {
107 fprintf(fp, "(%d)", opcode);
109 fprintf(fp, "%s", opcode_names[opcode - 1]);
110 if (opcode == ACK || opcode == DATA) {
111 fprintf(fp, "(%d)", pkt_num(pkt + 2));
112 } else if (opcode == WRQ || opcode == RRQ) {
113 fprintf(fp, "(%s, %s)", pkt + 2, pkt + 2 + strlen(pkt + 2) + 1);
118 static ssize_t tftp_recvfrom(int sock, char *pkt, uint16_t* port,
122 struct sockaddr_in src;
123 #ifndef NMRPFLASH_WINDOWS
129 len = select_fd(sock, timeout);
137 len = recvfrom(sock, pkt, TFTP_PKT_SIZE, 0, (struct sockaddr*)&src, &alen);
139 sock_perror("recvfrom");
143 *port = ntohs(src.sin_port);
145 uint16_t opcode = pkt_num(pkt);
148 fprintf(stderr, "Error (%d): %.511s\n", pkt_num(pkt + 2), pkt + 4);
150 } else if (isprint(pkt[0])) {
151 /* In case of a firmware checksum error, the EX2700 I've tested this
152 * on sends a raw UDP packet containing just an error message starting
153 * at offset 0. The limit of 32 chars is arbitrary.
155 fprintf(stderr, "Error: %.32s\n", pkt);
157 } else if (!opcode || opcode > ERR) {
158 fprintf(stderr, "Received invalid packet: ");
159 pkt_print(pkt, stderr);
160 fprintf(stderr, ".\n");
166 pkt_print(pkt, stdout);
173 static ssize_t tftp_sendto(int sock, char *pkt, size_t len,
174 struct sockaddr_in *dst)
178 switch (pkt_num(pkt)) {
181 len = 2 + strlen(pkt + 2) + 1;
182 len += strlen(pkt + len) + 1;
191 len = 4 + strlen(pkt + 4);
194 fprintf(stderr, "Attempted to send invalid packet ");
195 pkt_print(pkt, stderr);
196 fprintf(stderr, "; this is a bug!\n");
202 pkt_print(pkt, stdout);
206 sent = sendto(sock, pkt, len, 0, (struct sockaddr*)dst, sizeof(*dst));
208 sock_perror("sendto");
214 #ifdef NMRPFLASH_WINDOWS
215 void sock_perror(const char *msg)
217 win_perror2(msg, WSAGetLastError());
220 inline void sock_perror(const char *msg)
226 inline bool tftp_is_valid_filename(const char *filename)
228 return strlen(filename) <= 500 && is_netascii(filename);
231 int tftp_put(struct nmrpd_args *args)
233 struct sockaddr_in addr;
234 uint16_t block, port;
235 ssize_t len, last_len;
236 int fd, sock, ret, timeout, errors, ackblock;
237 char rx[TFTP_PKT_SIZE], tx[TFTP_PKT_SIZE];
242 if (!strcmp(args->file_local, "-")) {
245 fd = open(args->file_local, O_RDONLY);
253 sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
255 sock_perror("socket");
260 if ((addr.sin_addr.s_addr = inet_addr(args->ipaddr)) == INADDR_NONE) {
265 addr.sin_family = AF_INET;
266 addr.sin_port = htons(args->port);
272 /* Not really, but this way the loop sends our WRQ before receiving */
275 pkt_mkwrq(tx, args->file_remote);
278 if (!timeout && pkt_num(rx) == ACK) {
279 ackblock = pkt_num(rx + 2);
284 if (timeout || ackblock == block) {
288 pkt_mknum(tx + 2, block);
289 len = read(fd, tx + 4, 512);
295 if (last_len != 512 && last_len != -1) {
303 ret = tftp_sendto(sock, tx, len, &addr);
307 } else if (pkt_num(rx) != ACK || ackblock > block) {
309 fprintf(stderr, "Expected ACK(%d), got ", block);
310 pkt_print(rx, stderr);
311 fprintf(stderr, ".\n");
314 if (ackblock != -1 && ++errors > 5) {
315 fprintf(stderr, "Protocol error; bailing out.\n");
321 ret = tftp_recvfrom(sock, rx, &port, args->rx_timeout);
328 fprintf(stderr, "Timeout while waiting for ACK(%d).\n", block);
330 fprintf(stderr, "Timeout while waiting for initial reply.\n");
338 if (!block && port != args->port) {
340 printf("Switching to port %d\n", port);
342 addr.sin_port = htons(port);
355 #ifndef NMRPFLASH_WINDOWS
356 shutdown(sock, SHUT_RDWR);
359 shutdown(sock, SD_BOTH);