One extra character was being checked in the IPv6 string which caused the
last character of the address to be neither '\0' nor ':'. This raises an
error condition and causes the function to always return an error. This
issue was resolved by this fix.
Signed-off-by: Ehsan Mohandesi <emohandesi@microsoft.com>
Reviewed-by: Viacheslav Mitrofanov <v.v.mitrofanov@yadro.com>
In rfc7440, if an ACK is not received by the server or if the
last data block in a window is dropped, the server will timeout and
retransmit the window. In this case, the block count received will be
less than the internal block count. In this case, the client
should not ACK. ACK should only be sent if the received block
count is greater than the expected block count.
Signed-off-by: Sean Edmond <seanedmond@linux.microsoft.com>
Reviewed-by: Ramon Fried <rfried.dev@gmail.com>
The command tftpboot uses IPv4 by default. Add the possibility to use IPv6
instead. If an address in the command is an IPv6 address it will use IPv6
to boot or if there is a suffix -ipv6 in the end of the command it also
force using IPv6. All other tftpboot features and parameters are left
the same.
Signed-off-by: Viacheslav Mitrofanov <v.v.mitrofanov@yadro.com>
Reviewed-by: Ramon Fried <rfried.dev@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
U-Boot does not support IP fragmentation on TX (and unless
CONFIG_IP_DEFRAG is set, neither on RX). So the blocks we send must
fit in a single ethernet packet.
Currently, if tftpblocksize is set to something like 5000 and I
tftpput a large enough file, U-Boot crashes because we overflow
net_tx_packet (which only has room for 1500 bytes plus change).
Similarly, if tftpblocksize is set to something larger than what we
can actually receive (e.g. 50000, with NET_MAXDEFRAG being 16384), any
tftp get just hangs because we never receive any packets.
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Reviewed-by: Ramon Fried <rfried.dev@gmail.com>
Nothing inside this block depends on NET_TFTP_VARS to be set to parse
correctly. Switch to C if() in preparation for adding code before
this (to avoid a declaration-after-statement warning).
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
[trini: Update to cover CONFIG_TFTP_PORT case as well]
Signed-off-by: Tom Rini <trini@konsulko.com>
No platforms enable the functionality to tftp directly to NOR flash, and
this is discouraged by the documentation. Remove this code. Further,
this highlights an oddity of the code. Un-indent the start of this
function.
Cc: Joe Hershberger <joe.hershberger@ni.com>
Cc: Ramon Fried <rfried.dev@gmail.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Some globals where not properly initialized causing timeouts
as data packets where not immediately acknowledged.
Fixes: cc6b87ecaa ("net: tftp: Add client support for RFC 7440")
Signed-off-by: Arjan Minzinga Zijlstra <arjan.minzingazijlstra@fox-it.com>
Reviewed-by: Ramon Fried <rfried.dev@gmail.com>
It is a pain to have to specify the value 10 in each call. Add a new
dectoul() function and update the code to use it.
Signed-off-by: Simon Glass <sjg@chromium.org>
in tftpboot, if ack was already sent previously for this
packet, don't send again.
Fixes: cc6b87ecaa ("net: tftp: Add client support for RFC 7440")
Reported-by: Suneel Garapati <suneelglinux@gmail.com>
Signed-off-by: Ramon Fried <rfried.dev@gmail.com>
Tested-by: Suneel Garapati <suneelglinux@gmail.com>
Tested-by: Oliver Graute <oliver.graute@kococonnector.com>
Move this out of the common header and include it only where needed. In
a number of cases this requires adding "struct udevice;" to avoid adding
another large header or in other cases replacing / adding missing header
files that had been pulled in, very indirectly. Finally, we have a few
cases where we did not need to include <asm/global_data.h> at all, so
remove that include.
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
When the tftp server did not send any OACK, the tftp_next_ack variable
was not set to the correct value . As the server was transmitting
blocks we generated a lot of 'Received unexpected block: $n, expected
$n+1' error messages. Depending on the timeout setting the transfer
could still complete though.
Signed-off-by: Harm Berntsen <harm.berntsen@nedap.com>
CC: Ramon Fried <rfried.dev@gmail.com>
Reviewed-By: Ramon Fried <rfried.dev@gmail.com>
Up to now the bootefi command used the last file loaded to determine the
boot partition. This has led to errors when the fdt had been loaded from
another partition after the EFI binary.
Before setting the boot device from a loaded file check if it is a PE-COFF
image or a FIT image.
For a PE-COFF image remember address and size, boot device and path.
For a FIT image remember boot device and path.
If the PE-COFF image is overwritten by loading another file, forget it.
Do not allow to start an image via bootefi which is not the last loaded
PE-COFF image.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
When load the last block, the "len" might not be a block size. This cause
loading the incorrect last block data.
The fix change "len" to tftp_block_size and minus one tftp_block_size
for offset calculation.
Use same offset calculation formula as in store_block().
Signed-off-by: Ley Foon Tan <ley.foon.tan@intel.com>
Reviewed-By: Ramon Fried <rfried.dev@gmail.com>
tftp_cur_block start with 1 for first block, but tftp_cur_block counter is
start with zero when block number is rollover. The existing code
"tftp_cur_block - 1" will cause the block number become -1 in store_block()
when tftp_cur_block is 0 when tftp_cur_block is rollover.
The fix pass in tftp_cur_block to store_block() and minus the
tftp_block_size when do the offset calculation.
Signed-off-by: Ley Foon Tan <ley.foon.tan@intel.com>
Reviewed-By: Ramon Fried <rfried.dev@gmail.com>
Fixes missing update to tftp_prev_block counter before increase
tftp_cur_block counter when do the tftpput operation.
tftp_prev_block counter is used in update_block_number() function to
check whether block number (sequence number) is rollover. This bug
cause the tftpput command fail to upload a large file when block
number is greater than 16-bit (0xFFFF).
Signed-off-by: Ley Foon Tan <ley.foon.tan@intel.com>
Reviewed-By: Ramon Fried <rfried.dev@gmail.com>
Add support for RFC 7440: "TFTP Windowsize Option".
This optional feature allows the client and server
to negotiate a window size of consecutive blocks to send as an
alternative for replacing the single-block lockstep schema.
windowsize can be defined statically during compilation by
setting CONFIG_TFTP_WINDOWSIZE, or defined in runtime by
setting an environment variable: "tftpwindowsize"
If not defined, the windowsize is set to 1, meaning that it
behaves as it was never defined.
Choosing the appropriate windowsize depends on the specific
network topology, underlying NIC.
You should test various windowsize scenarios and see which
best work for you.
Setting a windowsize too big can actually decreases performance.
Signed-off-by: Ramon Fried <rfried.dev@gmail.com>
Reviewed-by: Marek Vasut <marex@denx.de>
RFC2348, RFC2349:
- Option string is case in-sensitive.
- Client must generate ERR pkt in case option value mismatch in server OACK
- Fix debug print for options
Signed-off-by: Ravik Hasija <rahasij@linux.microsoft.com>
Reviewed-By: Ramon Fried <rfried.dev@gmail.com>
During packet sequence number wraparound the show_block_marker() API was
not called, as a result the progress marker doesn't stay within column
boundary. Use position in file instead of sequence number to align the
marker.
Signed-off-by: Ravik Hasija <rahasij@linux.microsoft.com>
Reviewed-By: Ramon Fried <rfried.dev@gmail.com>
Remove the unneeded define TFTP_MTU_BLOCKSIZE.
Since the KConfig migration done by commit b618b37076 ("net:
Convert CONFIG_TFTP_BLOCKSIZE to Kconfig"), CONFIG_TFTP_BLOCKSIZE
is always defined and can be used directly to avoid confusion
(fallback to 1468 in code is never used).
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
These global variables are quite short and generic. In fact the same name
is more often used locally for struct members and function arguments.
Add a image_ prefix to make them easier to distinguish.
Signed-off-by: Simon Glass <sjg@chromium.org>
During testing of qemu-riscv32 with a 2GiB memory configuration,
tftp always fails with a error message:
Load address: 0x84000000
Loading: #
TFTP error: trying to overwrite reserved memory...
It turns out the result of 'tftp_load_addr + tftp_load_size' just
overflows (0x100000000) and the test logic in store_block() fails.
Fix this by adjusting the end address to ULONG_MAX when overflow
is detected.
Fixes: a156c47e39 ("tftp: prevent overwriting reserved memory")
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
This fixes the automatic lmb initialization and reservation for boards
with more than one DRAM bank.
This fixes the CVE-2018-18439 and -18440 fixes that only allowed to load
files into the firs DRAM bank from fs and via tftp.
Found-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
As a follow-up, change the name of the newly introduced function
'lmb_get_unreserved_size' to 'lmb_get_free_size', which is more
appropriate.
Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
[trini: Fix test/lib/lmb.c]
Signed-off-by: Tom Rini <trini@konsulko.com>
No mainline board enables CONFIG_MCAST_TFTP and there have been
compilation issues with the code for some time. Additionally, it has a
potential buffer underrun issue (reported as a side note in
CVE-2018-18439).
Remove the multicast TFTP code but keep the driver API for the future
addition of IPv6.
Cc: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
Signed-off-by: Chris Packham <judge.packham@gmail.com>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
This fixes CVE-2018-18439 ("insufficient boundary checks in network
image boot") by using lmb to check for a valid range to store
received blocks.
Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
[trini: Always build lib/lmb.o on LMB and lib/fdtdec.o on OF_LIBFDT]
Signed-off-by: Tom Rini <trini@konsulko.com>
The same basic parsing was implemented in tftp and nfs, so add a helper
function to do the work once.
Signed-off-by: Joe Hershberger <joe.hershberger@ni.com>
We are now using an env_ prefix for environment functions. Rename these
two functions for consistency. Also add function comments in common.h.
Quite a few places use getenv() in a condition context, provoking a
warning from checkpatch. These are fixed up in this patch also.
Suggested-by: Wolfgang Denk <wd@denx.de>
Signed-off-by: Simon Glass <sjg@chromium.org>
For strncpy() select a minimal string length of destination and source
strings, here DEFAULT_NAME_LEN is preferable to MAX_LEN.
Due to the NUL-terminated contents of default_string the change is
a noop, however it removes a compilation warning if SH2/3/4 platform
specific strncpy() function is used:
In file included from include/linux/string.h:21:0,
from include/common.h:28,
from net/tftp.c:9:
net/tftp.c: In function 'tftp_start':
arch/sh/include/asm/string.h:52:42: warning: array subscript is above array bounds [-Warray-bounds]
: "0" (__dest), "1" (__src), "r" (__src+__n)
Signed-off-by: Vladimir Zapolskiy <vz@mleia.com>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
We can now successfully boot EFI applications from disk, but users
may want to also run them from a PXE setup.
This patch implements rudimentary network support, allowing a payload
to send and receive network packets.
With this patch, I was able to successfully run grub2 with network
access inside of QEMU's -M xlnx-ep108.
Signed-off-by: Alexander Graf <agraf@suse.de>
TFTP source and destination port variable names are
'tftpsrcp' and 'tftpdstp' in the code, but 'tftpsrcport'
and 'tftpdstport' in the README file. Fix the README.
Add environment variable 'tftptimeoutcountmax'. As per the
comments about the global variable tftp_timeout_count_max,
make sure tftptimeoutcountmax is nonnegative.
Introduce configuration option CONFIG_NET_TFTP_VARS,
which controls whether environment variables tftpblocksize,
tftptimeout, and tftptimoueoutcountmax are read by the TFTP
client code. CONFIG_NET_TFTP_VARS defaults to y but can be
set to n by targets with to tight size contraints.
Make bf527-ezkit set CONFIG_NET_TFTP_VARS to n to keep the
target size below limit.
Commit 620776d "tftp: adjust settings to be suitable for 100Mbit ethernet"
causes the following error message when trying to load a file using 'tftp'
command via a tftp server.
TFTP error: 'Unsupported option(s) requested' (8)
This is due to with commit 620776d changes, the tftp option 'timeout'
value is now set to zero which is an invalid value as per RFC2349 [1].
Valid values range between "1" and "255" seconds, inclusive. With some
tftp servers that strictly implement the RFC requirement, it reports
such an error message.
Revert commit 620776d for RFC compliance.
[1] https://www.ietf.org/rfc/rfc2349.txt
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
This change gives the ability to reuse the <tftp.h> header file by other
subsystems (like e.g. dfu).
Without this change compilation error emerges for the legacy update.c file.
Signed-off-by: Lukasz Majewski <l.majewski@majess.pl>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
Adjust timouts and retry counts to be suitable for loaded ethernet
network. With 5 seconds timeout, 10 retries maximum, tftp is
impossible even on local network with single full-speed TCP
connection.
100msec timeout should be suitable for most networks tftp is used on,
that is local ethernets. Timeout count really needs to be way higher,
as lost packets are normal when TCP is running over the same network.
Enforce 10msec minimum.
Signed-off-by: Pavel Machek <pavel@denx.de>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
CONFIG_TFTP_TSIZE should limit a tftp downloads progress to 50 '#'
chars. Make this work also for small files.
If the file size is small, i.e. smaller than 2 tftp block sizes the
number of '#' can get much larger. i.e. with a 1 byte file 65000
characters are printed, with a 512 byte file around 500.
When using CONFIG TFTP BLOCKSIZE together with CONFIG_IP_DEFRAG the
issue is more notable.
Signed-off-by: Max Krummenacher <max.krummenacher@toradex.com>
Signed-off-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
Reviewed-by: Marek Vasut <marex@denx.de>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
Finish eliminating CamelCase from net.c and other failures
Signed-off-by: Joe Hershberger <joe.hershberger@ni.com>
Acked-by: Simon Glass <sjg@chromium.org>
Make a thorough pass through all variables and function names contained
within tftp and remove CamelCase and improve naming.
Signed-off-by: Joe Hershberger <joe.hershberger@ni.com>
Acked-by: Simon Glass <sjg@chromium.org>
This patch cleans up the names of internal packet buffer names that are
used within the network stack and the functions that use them.
Signed-off-by: Joe Hershberger <joe.hershberger@ni.com>
Use "_ethaddr" at the end of variables and drop CamelCase.
Make constant values actually 'const'.
Signed-off-by: Joe Hershberger <joe.hershberger@ni.com>
Acked-by: Simon Glass <sjg@chromium.org>
The variables around the bootfile were inconsistent and used CamelCase.
Update them to make the code more readable.
Signed-off-by: Joe Hershberger <joe.hershberger@ni.com>
Acked-by: Simon Glass <sjg@chromium.org>
This patch is simply clean-up to make the IPv4 type that is used match
what Linux uses. It also attempts to move all variables that are IP
addresses use good naming instead of CamelCase. No functional change.
Signed-off-by: Joe Hershberger <joe.hershberger@ni.com>
Acked-by: Simon Glass <sjg@chromium.org>