2 * nmrpflash - Netgear Unbrick Utility
3 * Copyright (C) 2016 Joseph Lehner <joseph.c.lehner@gmail.com>
5 * nmrpflash is free software: you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation, either version 3 of the License, or
8 * (at your option) any later version.
10 * nmrpflash is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with nmrpflash. If not, see <http://www.gnu.org/licenses/>.
29 #define TFTP_PKT_SIZE 516
31 static const char *opcode_names[] = {
32 "RRQ", "WRQ", "DATA", "ACK", "ERR"
43 static const char *leafname(const char *path)
45 const char *slash, *bslash;
47 slash = strrchr(path, '/');
48 bslash = strrchr(path, '\\');
50 if (slash && bslash) {
51 path = 1 + (slash > bslash ? slash : bslash);
61 static bool is_netascii(const char *str)
63 uint8_t *p = (uint8_t*)str;
66 if (*p < 0x20 || *p > 0x7f) {
74 static inline void pkt_mknum(char *pkt, uint16_t n)
76 *(uint16_t*)pkt = htons(n);
79 static inline uint16_t pkt_num(char *pkt)
81 return ntohs(*(uint16_t*)pkt);
84 static void pkt_mkwrq(char *pkt, const char *filename)
88 filename = leafname(filename);
89 if (!is_netascii(filename) || strlen(filename) > 500) {
90 fprintf(stderr, "Overlong/illegal filename; using 'firmware.bin'.\n");
91 filename = "firmware.bin";
96 strcpy(pkt + len, filename);
97 len += strlen(filename) + 1;
98 strcpy(pkt + len, "octet");
101 static inline void pkt_print(char *pkt, FILE *fp)
103 uint16_t opcode = pkt_num(pkt);
104 if (!opcode || opcode > ERR) {
105 fprintf(fp, "(%d)", opcode);
107 fprintf(fp, "%s", opcode_names[opcode - 1]);
108 if (opcode == ACK || opcode == DATA) {
109 fprintf(fp, "(%d)", pkt_num(pkt + 2));
110 } else if (opcode == WRQ || opcode == RRQ) {
111 fprintf(fp, "(%s, %s)", pkt + 2, pkt + 2 + strlen(pkt + 2) + 1);
116 static ssize_t tftp_recvfrom(int sock, char *pkt, uint16_t* port,
120 struct sockaddr_in src;
121 #ifndef NMRPFLASH_WINDOWS
127 len = select_fd(sock, timeout);
135 len = recvfrom(sock, pkt, TFTP_PKT_SIZE, 0, (struct sockaddr*)&src, &alen);
137 sock_perror("recvfrom");
141 *port = ntohs(src.sin_port);
143 uint16_t opcode = pkt_num(pkt);
146 fprintf(stderr, "Error (%d): %.511s\n", pkt_num(pkt + 2), pkt + 4);
148 } else if (isprint(pkt[0])) {
149 /* In case of a firmware checksum error, the EX2700 I've tested this
150 * on sends a raw UDP packet containing just an error message starting
151 * at offset 0. The limit of 32 chars is arbitrary.
153 fprintf(stderr, "Error: %.32s\n", pkt);
155 } else if (!opcode || opcode > ERR) {
156 fprintf(stderr, "Received invalid packet: ");
157 pkt_print(pkt, stderr);
158 fprintf(stderr, ".\n");
164 pkt_print(pkt, stdout);
171 static ssize_t tftp_sendto(int sock, char *pkt, size_t len,
172 struct sockaddr_in *dst)
176 switch (pkt_num(pkt)) {
179 len = 2 + strlen(pkt + 2) + 1;
180 len += strlen(pkt + len) + 1;
189 len = 4 + strlen(pkt + 4);
192 fprintf(stderr, "Attempted to send invalid packet ");
193 pkt_print(pkt, stderr);
194 fprintf(stderr, "; this is a bug!\n");
200 pkt_print(pkt, stdout);
204 sent = sendto(sock, pkt, len, 0, (struct sockaddr*)dst, sizeof(*dst));
206 sock_perror("sendto");
212 #ifdef NMRPFLASH_WINDOWS
213 void sock_perror(const char *msg)
215 win_perror2(msg, WSAGetLastError());
218 inline void sock_perror(const char *msg)
224 int tftp_put(struct nmrpd_args *args)
226 struct sockaddr_in addr;
227 uint16_t block, port;
228 ssize_t len, last_len;
229 int fd, sock, ret, timeout, errors, ackblock;
230 char rx[TFTP_PKT_SIZE], tx[TFTP_PKT_SIZE];
235 fd = open(args->filename, O_RDONLY);
242 sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
244 sock_perror("socket");
249 if ((addr.sin_addr.s_addr = inet_addr(args->ipaddr)) == INADDR_NONE) {
254 addr.sin_family = AF_INET;
255 addr.sin_port = htons(args->port);
261 /* Not really, but this way the loop sends our WRQ before receiving */
264 pkt_mkwrq(tx, args->filename);
267 if (!timeout && pkt_num(rx) == ACK) {
268 ackblock = pkt_num(rx + 2);
273 if (timeout || ackblock == block) {
277 pkt_mknum(tx + 2, block);
278 len = read(fd, tx + 4, 512);
284 if (last_len != 512 && last_len != -1) {
292 ret = tftp_sendto(sock, tx, len, &addr);
296 } else if (pkt_num(rx) != ACK || ackblock > block) {
298 fprintf(stderr, "Expected ACK(%d), got ", block);
299 pkt_print(rx, stderr);
300 fprintf(stderr, ".\n");
303 if (ackblock != -1 && ++errors > 5) {
304 fprintf(stderr, "Protocol error; bailing out.\n");
310 ret = tftp_recvfrom(sock, rx, &port, args->rx_timeout);
317 fprintf(stderr, "Timeout while waiting for ACK(%d).\n", block);
319 fprintf(stderr, "Timeout while waiting for initial reply.\n");
327 if (!block && port != args->port) {
329 printf("Switching to port %d\n", port);
331 addr.sin_port = htons(port);
344 #ifndef NMRPFLASH_WINDOWS
345 shutdown(sock, SHUT_RDWR);
348 shutdown(sock, SD_BOTH);