[J-u-boot.git] / net / wget.c

// SPDX-License-Identifier: GPL-2.0
/*
 * WGET/HTTP support driver based on U-BOOT's nfs.c
 * Copyright Duncan Hare <[email protected]> 2017
 */

#include <asm/global_data.h>
#include <command.h>
#include <display_options.h>
#include <env.h>
#include <efi_loader.h>
#include <image.h>
#include <lmb.h>
#include <mapmem.h>
#include <net.h>
#include <net/tcp.h>
#include <net/wget.h>
#include <stdlib.h>

DECLARE_GLOBAL_DATA_PTR;

/* The default, change with environment variable 'httpdstp' */
#define SERVER_PORT		80

static const char bootfileGET[] = "GET ";
static const char bootfileHEAD[] = "HEAD ";
static const char bootfile3[] = " HTTP/1.0\r\n\r\n";
static const char http_eom[] = "\r\n\r\n";
static const char content_len[] = "Content-Length";
static const char linefeed[] = "\r\n";
static struct in_addr web_server_ip;
static int our_port;
static int wget_timeout_count;

struct pkt_qd {
	uchar *pkt;
	unsigned int tcp_seq_num;
	unsigned int len;
};

/*
 * This is a control structure for out of order packets received.
 * The actual packet bufers are in the kernel space, and are
 * expected to be overwritten by the downloaded image.
 */
#define PKTQ_SZ (PKTBUFSRX / 4)
static struct pkt_qd pkt_q[PKTQ_SZ];
static int pkt_q_idx;
static unsigned long content_length;
static unsigned int packets;

static unsigned int initial_data_seq_num;
static unsigned int next_data_seq_num;

static enum  wget_state current_wget_state;

static char *image_url;
static unsigned int wget_timeout = WGET_TIMEOUT;

static enum net_loop_state wget_loop_state;

/* Timeout retry parameters */
static u8 retry_action;			/* actions for TCP retry */
static unsigned int retry_tcp_ack_num;	/* TCP retry acknowledge number*/
static unsigned int retry_tcp_seq_num;	/* TCP retry sequence number */
static int retry_len;			/* TCP retry length */

/**
 * store_block() - store block in memory
 * @src: source of data
 * @offset: offset
 * @len: length
 */
static inline int store_block(uchar *src, unsigned int offset, unsigned int len)
{
	ulong store_addr = image_load_addr + offset;
	ulong newsize = offset + len;
	uchar *ptr;

	if (CONFIG_IS_ENABLED(LMB) && wget_info->set_bootdev) {
		if (store_addr < image_load_addr ||
		    lmb_read_check(store_addr, len)) {
			printf("\nwget error: ");
			printf("trying to overwrite reserved memory...\n");
			return -1;
		}
	}

	ptr = map_sysmem(store_addr, len);
	memcpy(ptr, src, len);
	unmap_sysmem(ptr);

	if (net_boot_file_size < (offset + len))
		net_boot_file_size = newsize;

	return 0;
}

/**
 * wget_send_stored() - wget response dispatcher
 *
 * WARNING, This, and only this, is the place in wget.c where
 * SEQUENCE NUMBERS are swapped between incoming (RX)
 * and outgoing (TX).
 * Procedure wget_handler() is correct for RX traffic.
 */
static void wget_send_stored(void)
{
	u8 action = retry_action;
	int len = retry_len;
	unsigned int tcp_ack_num = retry_tcp_seq_num + (len == 0 ? 1 : len);
	unsigned int tcp_seq_num = retry_tcp_ack_num;
	unsigned int server_port;
	uchar *ptr, *offset;

	server_port = env_get_ulong("httpdstp", 10, SERVER_PORT) & 0xffff;

	switch (current_wget_state) {
	case WGET_CLOSED:
		debug_cond(DEBUG_WGET, "wget: send SYN\n");
		current_wget_state = WGET_CONNECTING;
		net_send_tcp_packet(0, server_port, our_port, action,
				    tcp_seq_num, tcp_ack_num);
		packets = 0;
		break;
	case WGET_CONNECTING:
		pkt_q_idx = 0;
		net_send_tcp_packet(0, server_port, our_port, action,
				    tcp_seq_num, tcp_ack_num);

		ptr = net_tx_packet + net_eth_hdr_size() +
			IP_TCP_HDR_SIZE + TCP_TSOPT_SIZE + 2;
		offset = ptr;

		switch (wget_info->method) {
		case WGET_HTTP_METHOD_HEAD:
			memcpy(offset, &bootfileHEAD, strlen(bootfileHEAD));
			offset += strlen(bootfileHEAD);
			break;
		case WGET_HTTP_METHOD_GET:
		default:
			memcpy(offset, &bootfileGET, strlen(bootfileGET));
			offset += strlen(bootfileGET);
			break;
		}

		memcpy(offset, image_url, strlen(image_url));
		offset += strlen(image_url);

		memcpy(offset, &bootfile3, strlen(bootfile3));
		offset += strlen(bootfile3);
		net_send_tcp_packet((offset - ptr), server_port, our_port,
				    TCP_PUSH, tcp_seq_num, tcp_ack_num);
		current_wget_state = WGET_CONNECTED;
		break;
	case WGET_CONNECTED:
	case WGET_TRANSFERRING:
	case WGET_TRANSFERRED:
		net_send_tcp_packet(0, server_port, our_port, action,
				    tcp_seq_num, tcp_ack_num);
		break;
	}
}

static void wget_send(u8 action, unsigned int tcp_seq_num,
		      unsigned int tcp_ack_num, int len)
{
	retry_action = action;
	retry_tcp_ack_num = tcp_ack_num;
	retry_tcp_seq_num = tcp_seq_num;
	retry_len = len;

	wget_send_stored();
}

void wget_fail(char *error_message, unsigned int tcp_seq_num,
	       unsigned int tcp_ack_num, u8 action)
{
	printf("wget: Transfer Fail - %s\n", error_message);
	net_set_timeout_handler(0, NULL);
	wget_send(action, tcp_seq_num, tcp_ack_num, 0);
}

/*
 * Interfaces of U-BOOT
 */
static void wget_timeout_handler(void)
{
	if (++wget_timeout_count > WGET_RETRY_COUNT) {
		puts("\nRetry count exceeded; starting again\n");
		wget_send(TCP_RST, 0, 0, 0);
		net_start_again();
	} else {
		puts("T ");
		net_set_timeout_handler(wget_timeout +
					WGET_TIMEOUT * wget_timeout_count,
					wget_timeout_handler);
		wget_send_stored();
	}
}

#define PKT_QUEUE_OFFSET 0x20000
#define PKT_QUEUE_PACKET_SIZE 0x800

static void wget_fill_info(const uchar *pkt, int hlen)
{
	const char *first_space;
	const char *second_space;
	char *pos, *end;

	if (wget_info->headers) {
		if (hlen < MAX_HTTP_HEADERS_SIZE)
			strncpy(wget_info->headers, pkt, hlen);
		else
			hlen = 0;
		wget_info->headers[hlen] = 0;
	}

	//Get status code
	first_space = strchr(pkt, ' ');
	if (!first_space) {
		wget_info->status_code = -1;
		return;
	}

	second_space = strchr(first_space + 1, ' ');
	if (!second_space) {
		wget_info->status_code = -1;
		return;
	}

	wget_info->status_code = (u32)simple_strtoul(first_space + 1, &end, 10);

	if (second_space != end)
		wget_info->status_code = -1;

	pos = strstr((char *)pkt, content_len);

	if (pos) {
		pos += sizeof(content_len) + 1;
		while (*pos == ' ')
			pos++;
		content_length = simple_strtoul(pos, &end, 10);
		debug_cond(DEBUG_WGET,
			   "wget: Connected Len %lu\n",
			   content_length);
		wget_info->hdr_cont_len = content_length;
	}
}

static void wget_connected(uchar *pkt, unsigned int tcp_seq_num,
			   u8 action, unsigned int tcp_ack_num, unsigned int len)
{
	uchar *pkt_in_q;
	char *pos;
	int hlen, i;
	uchar *ptr1;

	pkt[len] = '\0';
	pos = strstr((char *)pkt, http_eom);

	if (!pos) {
		debug_cond(DEBUG_WGET,
			   "wget: Connected, data before Header %p\n", pkt);
		pkt_in_q = (void *)image_load_addr + PKT_QUEUE_OFFSET +
			(pkt_q_idx * PKT_QUEUE_PACKET_SIZE);

		ptr1 = map_sysmem((ulong)pkt_in_q, len);
		memcpy(ptr1, pkt, len);
		unmap_sysmem(ptr1);

		pkt_q[pkt_q_idx].pkt = pkt_in_q;
		pkt_q[pkt_q_idx].tcp_seq_num = tcp_seq_num;
		pkt_q[pkt_q_idx].len = len;
		pkt_q_idx++;

		if (pkt_q_idx >= PKTQ_SZ) {
			printf("wget: Fatal error, queue overrun!\n");
			net_set_state(NETLOOP_FAIL);

			return;
		}
	} else {
		debug_cond(DEBUG_WGET, "wget: Connected HTTP Header %p\n", pkt);
		/* sizeof(http_eom) - 1 is the string length of (http_eom) */
		hlen = pos - (char *)pkt + sizeof(http_eom) - 1;
		pos = strstr((char *)pkt, linefeed);
		if (pos > 0)
			i = pos - (char *)pkt;
		else
			i = hlen;
		printf("%.*s", i,  pkt);

		current_wget_state = WGET_TRANSFERRING;

		initial_data_seq_num = tcp_seq_num + hlen;
		next_data_seq_num    = tcp_seq_num + len;

		wget_fill_info(pkt, hlen);
		debug_cond(DEBUG_WGET,
			   "wget: HTTP Status Code %d\n", wget_info->status_code);

		if (wget_info->status_code != 200) {
			debug_cond(DEBUG_WGET,
				   "wget: Connected Bad Xfer\n");
			wget_loop_state = NETLOOP_FAIL;
			wget_send(action, tcp_seq_num, tcp_ack_num, len);
		} else {
			debug_cond(DEBUG_WGET,
				   "wget: Connected Pkt %p hlen %x\n",
				   pkt, hlen);

			net_boot_file_size = 0;

			if (len > hlen) {
				if (store_block(pkt + hlen, 0, len - hlen) != 0) {
					wget_loop_state = NETLOOP_FAIL;
					wget_fail("wget: store error\n", tcp_seq_num, tcp_ack_num, action);
					net_set_state(NETLOOP_FAIL);
					return;
				}
			}

			for (i = 0; i < pkt_q_idx; i++) {
				int err;

				ptr1 = map_sysmem((ulong)pkt_q[i].pkt,
						  pkt_q[i].len);
				err = store_block(ptr1,
					  pkt_q[i].tcp_seq_num -
					  initial_data_seq_num,
					  pkt_q[i].len);
				unmap_sysmem(ptr1);
				debug_cond(DEBUG_WGET,
					   "wget: Conncted pkt Q %p len %x\n",
					   pkt_q[i].pkt, pkt_q[i].len);
				if (err) {
					wget_loop_state = NETLOOP_FAIL;
					wget_fail("wget: store error\n", tcp_seq_num, tcp_ack_num, action);
					net_set_state(NETLOOP_FAIL);
					return;
				}
			}
		}
	}
	wget_send(action, tcp_seq_num, tcp_ack_num, len);
}

/**
 * wget_handler() - TCP handler of wget
 * @pkt: pointer to the application packet
 * @dport: destination TCP port
 * @sip: source IP address
 * @sport: source TCP port
 * @tcp_seq_num: TCP sequential number
 * @tcp_ack_num: TCP acknowledgment number
 * @action: TCP action (SYN, ACK, FIN, etc)
 * @len: packet length
 *
 * In the "application push" invocation, the TCP header with all
 * its information is pointed to by the packet pointer.
 */
static void wget_handler(uchar *pkt, u16 dport,
			 struct in_addr sip, u16 sport,
			 u32 tcp_seq_num, u32 tcp_ack_num,
			 u8 action, unsigned int len)
{
	enum tcp_state wget_tcp_state = tcp_get_tcp_state();

	net_set_timeout_handler(wget_timeout, wget_timeout_handler);
	packets++;

	switch (current_wget_state) {
	case WGET_CLOSED:
		debug_cond(DEBUG_WGET, "wget: Handler: Error!, State wrong\n");
		break;
	case WGET_CONNECTING:
		debug_cond(DEBUG_WGET,
			   "wget: Connecting In len=%x, Seq=%u, Ack=%u\n",
			   len, tcp_seq_num, tcp_ack_num);
		if (!len) {
			if (wget_tcp_state == TCP_ESTABLISHED) {
				debug_cond(DEBUG_WGET,
					   "wget: Cting, send, len=%x\n", len);
				wget_send(action, tcp_seq_num, tcp_ack_num,
					  len);
			} else {
				printf("%.*s", len,  pkt);
				wget_fail("wget: Handler Connected Fail\n",
					  tcp_seq_num, tcp_ack_num, action);
			}
		}
		break;
	case WGET_CONNECTED:
		debug_cond(DEBUG_WGET, "wget: Connected seq=%u, len=%x\n",
			   tcp_seq_num, len);
		if (!len) {
			wget_fail("Image not found, no data returned\n",
				  tcp_seq_num, tcp_ack_num, action);
		} else {
			wget_connected(pkt, tcp_seq_num, action, tcp_ack_num, len);
		}
		break;
	case WGET_TRANSFERRING:
		debug_cond(DEBUG_WGET,
			   "wget: Transferring, seq=%x, ack=%x,len=%x\n",
			   tcp_seq_num, tcp_ack_num, len);

		if (next_data_seq_num != tcp_seq_num) {
			debug_cond(DEBUG_WGET, "wget: seq=%x packet was lost\n", next_data_seq_num);
			return;
		}
		next_data_seq_num = tcp_seq_num + len;

		if (store_block(pkt, tcp_seq_num - initial_data_seq_num, len) != 0) {
			wget_fail("wget: store error\n",
				  tcp_seq_num, tcp_ack_num, action);
			net_set_state(NETLOOP_FAIL);
			return;
		}

		switch (wget_tcp_state) {
		case TCP_FIN_WAIT_2:
			wget_send(TCP_ACK, tcp_seq_num, tcp_ack_num, len);
			fallthrough;
		case TCP_SYN_SENT:
		case TCP_SYN_RECEIVED:
		case TCP_CLOSING:
		case TCP_FIN_WAIT_1:
		case TCP_CLOSED:
			net_set_state(NETLOOP_FAIL);
			break;
		case TCP_ESTABLISHED:
			wget_send(TCP_ACK, tcp_seq_num, tcp_ack_num,
				  len);
			wget_loop_state = NETLOOP_SUCCESS;
			break;
		case TCP_CLOSE_WAIT:     /* End of transfer */
			current_wget_state = WGET_TRANSFERRED;
			wget_send(action | TCP_ACK | TCP_FIN,
				  tcp_seq_num, tcp_ack_num, len);
			break;
		}
		break;
	case WGET_TRANSFERRED:
		printf("Packets received %d, Transfer Successful\n", packets);
		net_set_state(wget_loop_state);
		wget_info->file_size = net_boot_file_size;
		if (wget_info->method == WGET_HTTP_METHOD_GET && wget_info->set_bootdev) {
			efi_set_bootdev("Http", NULL, image_url,
					map_sysmem(image_load_addr, 0),
					net_boot_file_size);
			env_set_hex("filesize", net_boot_file_size);
		}
		break;
	}
}

#define RANDOM_PORT_START 1024
#define RANDOM_PORT_RANGE 0x4000

/**
 * random_port() - make port a little random (1024-17407)
 *
 * Return: random port number from 1024 to 17407
 *
 * This keeps the math somewhat trivial to compute, and seems to work with
 * all supported protocols/clients/servers
 */
static unsigned int random_port(void)
{
	return RANDOM_PORT_START + (get_timer(0) % RANDOM_PORT_RANGE);
}

#define BLOCKSIZE 512

void wget_start(void)
{
	if (!wget_info)
		wget_info = &default_wget_info;

	image_url = strchr(net_boot_file_name, ':');
	if (image_url > 0) {
		web_server_ip = string_to_ip(net_boot_file_name);
		++image_url;
		net_server_ip = web_server_ip;
	} else {
		web_server_ip = net_server_ip;
		image_url = net_boot_file_name;
	}

	debug_cond(DEBUG_WGET,
		   "wget: Transfer HTTP Server %pI4; our IP %pI4\n",
		   &web_server_ip, &net_ip);

	/* Check if we need to send across this subnet */
	if (net_gateway.s_addr && net_netmask.s_addr) {
		struct in_addr our_net;
		struct in_addr server_net;

		our_net.s_addr = net_ip.s_addr & net_netmask.s_addr;
		server_net.s_addr = net_server_ip.s_addr & net_netmask.s_addr;
		if (our_net.s_addr != server_net.s_addr)
			debug_cond(DEBUG_WGET,
				   "wget: sending through gateway %pI4",
				   &net_gateway);
	}
	debug_cond(DEBUG_WGET, "URL '%s'\n", image_url);

	if (net_boot_file_expected_size_in_blocks) {
		debug_cond(DEBUG_WGET, "wget: Size is 0x%x Bytes = ",
			   net_boot_file_expected_size_in_blocks * BLOCKSIZE);
		print_size(net_boot_file_expected_size_in_blocks * BLOCKSIZE,
			   "");
	}
	debug_cond(DEBUG_WGET,
		   "\nwget:Load address: 0x%lx\nLoading: *\b", image_load_addr);

	net_set_timeout_handler(wget_timeout, wget_timeout_handler);
	tcp_set_tcp_handler(wget_handler);

	wget_timeout_count = 0;
	current_wget_state = WGET_CLOSED;

	our_port = random_port();

	/*
	 * Zero out server ether to force arp resolution in case
	 * the server ip for the previous u-boot command, for example dns
	 * is not the same as the web server ip.
	 */

	memset(net_server_ethaddr, 0, 6);

	wget_send(TCP_SYN, 0, 0, 0);
}

int wget_do_request(ulong dst_addr, char *uri)
{
	int ret;
	char *s, *host_name, *file_name, *str_copy;

	/*
	 * Download file using wget.
	 *
	 * U-Boot wget takes the target uri in this format.
	 *  "<http server ip>:<file path>"  e.g.) 192.168.1.1:/sample/test.iso
	 * Need to resolve the http server ip address before starting wget.
	 */
	str_copy = strdup(uri);
	if (!str_copy)
		return -ENOMEM;

	s = str_copy + strlen("http://");
	host_name = strsep(&s, "/");
	if (!s) {
		ret = -EINVAL;
		goto out;
	}
	file_name = s;

	host_name = strsep(&host_name, ":");

	if (string_to_ip(host_name).s_addr) {
		s = host_name;
	} else {
#if IS_ENABLED(CONFIG_CMD_DNS)
		net_dns_resolve = host_name;
		net_dns_env_var = "httpserverip";
		if (net_loop(DNS) < 0) {
			ret = -EINVAL;
			goto out;
		}
		s = env_get("httpserverip");
		if (!s) {
			ret = -EINVAL;
			goto out;
		}
#else
		ret = -EINVAL;
		goto out;
#endif
	}

	strlcpy(net_boot_file_name, s, sizeof(net_boot_file_name));
	strlcat(net_boot_file_name, ":/", sizeof(net_boot_file_name)); /* append '/' which is removed by strsep() */
	strlcat(net_boot_file_name, file_name, sizeof(net_boot_file_name));
	image_load_addr = dst_addr;
	ret = net_loop(WGET);

out:
	free(str_copy);

	return ret < 0 ? ret : 0;
}

/**
 * wget_validate_uri() - validate the uri for wget
 *
 * @uri:	uri string
 *
 * This function follows the current U-Boot wget implementation.
 * scheme: only "http:" is supported
 * authority:
 *   - user information: not supported
 *   - host: supported
 *   - port: not supported(always use the default port)
 *
 * Uri is expected to be correctly percent encoded.
 * This is the minimum check, control codes(0x1-0x19, 0x7F, except '\0')
 * and space character(0x20) are not allowed.
 *
 * TODO: stricter uri conformance check
 *
 * Return:	true on success, false on failure
 */
bool wget_validate_uri(char *uri)
{
	char c;
	bool ret = true;
	char *str_copy, *s, *authority;

	for (c = 0x1; c < 0x21; c++) {
		if (strchr(uri, c)) {
			log_err("invalid character is used\n");
			return false;
		}
	}
	if (strchr(uri, 0x7f)) {
		log_err("invalid character is used\n");
		return false;
	}

	if (strncmp(uri, "http://", 7)) {
		log_err("only http:// is supported\n");
		return false;
	}
	str_copy = strdup(uri);
	if (!str_copy)
		return false;

	s = str_copy + strlen("http://");
	authority = strsep(&s, "/");
	if (!s) {
		log_err("invalid uri, no file path\n");
		ret = false;
		goto out;
	}
	s = strchr(authority, '@');
	if (s) {
		log_err("user information is not supported\n");
		ret = false;
		goto out;
	}
	s = strchr(authority, ':');
	if (s) {
		log_err("user defined port is not supported\n");
		ret = false;
		goto out;
	}

out:
	free(str_copy);

	return ret;
}
Commit	Line	Data
cfbae482 YCLP	1	// SPDX-License-Identifier: GPL-2.0
	2	/*
	3	* WGET/HTTP support driver based on U-BOOT's nfs.c
	4	* Copyright Duncan Hare <[email protected]> 2017
	5	*/
	6
04592adb	7	#include <asm/global_data.h>
cfbae482	8	#include <command.h>
fe1489bc	9	#include <display_options.h>
cfbae482	10	#include <env.h>
0ebbed66	11	#include <efi_loader.h>
cfbae482	12	#include <image.h>
04592adb	13	#include <lmb.h>
cfbae482 YCLP	14	#include <mapmem.h>
	15	#include <net.h>
	16	#include <net/tcp.h>
	17	#include <net/wget.h>
8cf18da1	18	#include <stdlib.h>
cfbae482	19
04592adb MK	20	DECLARE_GLOBAL_DATA_PTR;
04592adb MK	21
4caacb2f MV	22	/* The default, change with environment variable 'httpdstp' */
	23	#define SERVER_PORT 80
	24
2dd076a9 AC	25	static const char bootfileGET[] = "GET ";
2dd076a9 AC	26	static const char bootfileHEAD[] = "HEAD ";
cfbae482 YCLP	27	static const char bootfile3[] = " HTTP/1.0\r\n\r\n";
cfbae482 YCLP	28	static const char http_eom[] = "\r\n\r\n";
cfbae482 YCLP	29	static const char content_len[] = "Content-Length";
	30	static const char linefeed[] = "\r\n";
	31	static struct in_addr web_server_ip;
	32	static int our_port;
	33	static int wget_timeout_count;
	34
	35	struct pkt_qd {
	36	uchar *pkt;
	37	unsigned int tcp_seq_num;
	38	unsigned int len;
	39	};
	40
	41	/*
	42	* This is a control structure for out of order packets received.
	43	* The actual packet bufers are in the kernel space, and are
	44	* expected to be overwritten by the downloaded image.
	45	*/
a8bd5ec0 RW	46	#define PKTQ_SZ (PKTBUFSRX / 4)
a8bd5ec0 RW	47	static struct pkt_qd pkt_q[PKTQ_SZ];
cfbae482 YCLP	48	static int pkt_q_idx;
	49	static unsigned long content_length;
	50	static unsigned int packets;
	51
	52	static unsigned int initial_data_seq_num;
cab7867c	53	static unsigned int next_data_seq_num;
cfbae482 YCLP	54
	55	static enum wget_state current_wget_state;
	56
	57	static char *image_url;
	58	static unsigned int wget_timeout = WGET_TIMEOUT;
	59
	60	static enum net_loop_state wget_loop_state;
	61
	62	/* Timeout retry parameters */
	63	static u8 retry_action; /* actions for TCP retry */
	64	static unsigned int retry_tcp_ack_num; /* TCP retry acknowledge number*/
	65	static unsigned int retry_tcp_seq_num; /* TCP retry sequence number */
	66	static int retry_len; /* TCP retry length */
	67
	68	/**
	69	* store_block() - store block in memory
	70	* @src: source of data
	71	* @offset: offset
	72	* @len: length
	73	*/
	74	static inline int store_block(uchar *src, unsigned int offset, unsigned int len)
	75	{
04592adb	76	ulong store_addr = image_load_addr + offset;
cfbae482 YCLP	77	ulong newsize = offset + len;
	78	uchar *ptr;
	79
2dd076a9	80	if (CONFIG_IS_ENABLED(LMB) && wget_info->set_bootdev) {
04592adb	81	if (store_addr < image_load_addr \|\|
51ebd514	82	lmb_read_check(store_addr, len)) {
04592adb MK	83	printf("\nwget error: ");
	84	printf("trying to overwrite reserved memory...\n");
	85	return -1;
	86	}
	87	}
	88
	89	ptr = map_sysmem(store_addr, len);
cfbae482 YCLP	90	memcpy(ptr, src, len);
	91	unmap_sysmem(ptr);
	92
	93	if (net_boot_file_size < (offset + len))
	94	net_boot_file_size = newsize;
	95
	96	return 0;
	97	}
	98
	99	/**
	100	* wget_send_stored() - wget response dispatcher
	101	*
	102	* WARNING, This, and only this, is the place in wget.c where
	103	* SEQUENCE NUMBERS are swapped between incoming (RX)
	104	* and outgoing (TX).
	105	* Procedure wget_handler() is correct for RX traffic.
	106	*/
	107	static void wget_send_stored(void)
	108	{
	109	u8 action = retry_action;
	110	int len = retry_len;
08fb8da3 DM	111	unsigned int tcp_ack_num = retry_tcp_seq_num + (len == 0 ? 1 : len);
08fb8da3 DM	112	unsigned int tcp_seq_num = retry_tcp_ack_num;
4caacb2f	113	unsigned int server_port;
cfbae482 YCLP	114	uchar ptr, offset;
cfbae482 YCLP	115
4caacb2f MV	116	server_port = env_get_ulong("httpdstp", 10, SERVER_PORT) & 0xffff;
4caacb2f MV	117
cfbae482 YCLP	118	switch (current_wget_state) {
	119	case WGET_CLOSED:
	120	debug_cond(DEBUG_WGET, "wget: send SYN\n");
	121	current_wget_state = WGET_CONNECTING;
4caacb2f	122	net_send_tcp_packet(0, server_port, our_port, action,
cfbae482 YCLP	123	tcp_seq_num, tcp_ack_num);
	124	packets = 0;
	125	break;
	126	case WGET_CONNECTING:
	127	pkt_q_idx = 0;
4caacb2f	128	net_send_tcp_packet(0, server_port, our_port, action,
cfbae482 YCLP	129	tcp_seq_num, tcp_ack_num);
	130
	131	ptr = net_tx_packet + net_eth_hdr_size() +
	132	IP_TCP_HDR_SIZE + TCP_TSOPT_SIZE + 2;
	133	offset = ptr;
	134
2dd076a9 AC	135	switch (wget_info->method) {
	136	case WGET_HTTP_METHOD_HEAD:
	137	memcpy(offset, &bootfileHEAD, strlen(bootfileHEAD));
	138	offset += strlen(bootfileHEAD);
	139	break;
	140	case WGET_HTTP_METHOD_GET:
	141	default:
	142	memcpy(offset, &bootfileGET, strlen(bootfileGET));
	143	offset += strlen(bootfileGET);
	144	break;
	145	}
cfbae482 YCLP	146
	147	memcpy(offset, image_url, strlen(image_url));
	148	offset += strlen(image_url);
	149
	150	memcpy(offset, &bootfile3, strlen(bootfile3));
	151	offset += strlen(bootfile3);
4caacb2f	152	net_send_tcp_packet((offset - ptr), server_port, our_port,
cfbae482 YCLP	153	TCP_PUSH, tcp_seq_num, tcp_ack_num);
	154	current_wget_state = WGET_CONNECTED;
	155	break;
	156	case WGET_CONNECTED:
	157	case WGET_TRANSFERRING:
	158	case WGET_TRANSFERRED:
4caacb2f	159	net_send_tcp_packet(0, server_port, our_port, action,
cfbae482 YCLP	160	tcp_seq_num, tcp_ack_num);
	161	break;
	162	}
	163	}
	164
08fb8da3 DM	165	static void wget_send(u8 action, unsigned int tcp_seq_num,
08fb8da3 DM	166	unsigned int tcp_ack_num, int len)
cfbae482 YCLP	167	{
	168	retry_action = action;
	169	retry_tcp_ack_num = tcp_ack_num;
	170	retry_tcp_seq_num = tcp_seq_num;
	171	retry_len = len;
	172
	173	wget_send_stored();
	174	}
	175
	176	void wget_fail(char *error_message, unsigned int tcp_seq_num,
	177	unsigned int tcp_ack_num, u8 action)
	178	{
	179	printf("wget: Transfer Fail - %s\n", error_message);
	180	net_set_timeout_handler(0, NULL);
	181	wget_send(action, tcp_seq_num, tcp_ack_num, 0);
	182	}
	183
cfbae482 YCLP	184	/*
	185	* Interfaces of U-BOOT
	186	*/
	187	static void wget_timeout_handler(void)
	188	{
	189	if (++wget_timeout_count > WGET_RETRY_COUNT) {
	190	puts("\nRetry count exceeded; starting again\n");
	191	wget_send(TCP_RST, 0, 0, 0);
	192	net_start_again();
	193	} else {
	194	puts("T ");
	195	net_set_timeout_handler(wget_timeout +
	196	WGET_TIMEOUT * wget_timeout_count,
	197	wget_timeout_handler);
	198	wget_send_stored();
	199	}
	200	}
	201
	202	#define PKT_QUEUE_OFFSET 0x20000
	203	#define PKT_QUEUE_PACKET_SIZE 0x800
	204
2dd076a9 AC	205	static void wget_fill_info(const uchar *pkt, int hlen)
	206	{
	207	const char *first_space;
	208	const char *second_space;
	209	char pos, end;
	210
737c2dca HS	211	if (wget_info->headers) {
	212	if (hlen < MAX_HTTP_HEADERS_SIZE)
	213	strncpy(wget_info->headers, pkt, hlen);
	214	else
	215	hlen = 0;
	216	wget_info->headers[hlen] = 0;
	217	}
2dd076a9 AC	218
	219	//Get status code
	220	first_space = strchr(pkt, ' ');
	221	if (!first_space) {
	222	wget_info->status_code = -1;
	223	return;
	224	}
	225
	226	second_space = strchr(first_space + 1, ' ');
	227	if (!second_space) {
	228	wget_info->status_code = -1;
	229	return;
	230	}
	231
	232	wget_info->status_code = (u32)simple_strtoul(first_space + 1, &end, 10);
	233
	234	if (second_space != end)
	235	wget_info->status_code = -1;
	236
	237	pos = strstr((char *)pkt, content_len);
	238
	239	if (pos) {
	240	pos += sizeof(content_len) + 1;
	241	while (*pos == ' ')
	242	pos++;
	243	content_length = simple_strtoul(pos, &end, 10);
	244	debug_cond(DEBUG_WGET,
	245	"wget: Connected Len %lu\n",
	246	content_length);
	247	wget_info->hdr_cont_len = content_length;
	248	}
	249	}
	250
cfbae482	251	static void wget_connected(uchar *pkt, unsigned int tcp_seq_num,
08fb8da3	252	u8 action, unsigned int tcp_ack_num, unsigned int len)
cfbae482	253	{
cfbae482 YCLP	254	uchar *pkt_in_q;
	255	char *pos;
	256	int hlen, i;
	257	uchar *ptr1;
	258
	259	pkt[len] = '\0';
	260	pos = strstr((char *)pkt, http_eom);
	261
	262	if (!pos) {
	263	debug_cond(DEBUG_WGET,
	264	"wget: Connected, data before Header %p\n", pkt);
	265	pkt_in_q = (void *)image_load_addr + PKT_QUEUE_OFFSET +
	266	(pkt_q_idx * PKT_QUEUE_PACKET_SIZE);
	267
4f64730f	268	ptr1 = map_sysmem((ulong)pkt_in_q, len);
cfbae482 YCLP	269	memcpy(ptr1, pkt, len);
	270	unmap_sysmem(ptr1);
	271
	272	pkt_q[pkt_q_idx].pkt = pkt_in_q;
	273	pkt_q[pkt_q_idx].tcp_seq_num = tcp_seq_num;
	274	pkt_q[pkt_q_idx].len = len;
	275	pkt_q_idx++;
a8bd5ec0 RW	276
	277	if (pkt_q_idx >= PKTQ_SZ) {
	278	printf("wget: Fatal error, queue overrun!\n");
	279	net_set_state(NETLOOP_FAIL);
	280
	281	return;
	282	}
cfbae482 YCLP	283	} else {
	284	debug_cond(DEBUG_WGET, "wget: Connected HTTP Header %p\n", pkt);
	285	/* sizeof(http_eom) - 1 is the string length of (http_eom) */
	286	hlen = pos - (char *)pkt + sizeof(http_eom) - 1;
	287	pos = strstr((char *)pkt, linefeed);
	288	if (pos > 0)
	289	i = pos - (char *)pkt;
	290	else
	291	i = hlen;
	292	printf("%.*s", i, pkt);
	293
	294	current_wget_state = WGET_TRANSFERRING;
	295
cab7867c YS	296	initial_data_seq_num = tcp_seq_num + hlen;
	297	next_data_seq_num = tcp_seq_num + len;
	298
2dd076a9 AC	299	wget_fill_info(pkt, hlen);
	300	debug_cond(DEBUG_WGET,
	301	"wget: HTTP Status Code %d\n", wget_info->status_code);
	302
	303	if (wget_info->status_code != 200) {
cfbae482 YCLP	304	debug_cond(DEBUG_WGET,
cfbae482 YCLP	305	"wget: Connected Bad Xfer\n");
cfbae482 YCLP	306	wget_loop_state = NETLOOP_FAIL;
	307	wget_send(action, tcp_seq_num, tcp_ack_num, len);
	308	} else {
	309	debug_cond(DEBUG_WGET,
ea2515fd	310	"wget: Connected Pkt %p hlen %x\n",
cfbae482	311	pkt, hlen);
cfbae482	312
cfbae482 YCLP	313	net_boot_file_size = 0;
cfbae482 YCLP	314
04592adb MK	315	if (len > hlen) {
	316	if (store_block(pkt + hlen, 0, len - hlen) != 0) {
	317	wget_loop_state = NETLOOP_FAIL;
	318	wget_fail("wget: store error\n", tcp_seq_num, tcp_ack_num, action);
	319	net_set_state(NETLOOP_FAIL);
	320	return;
	321	}
	322	}
cfbae482	323
cfbae482	324	for (i = 0; i < pkt_q_idx; i++) {
04592adb MK	325	int err;
04592adb MK	326
4f64730f YS	327	ptr1 = map_sysmem((ulong)pkt_q[i].pkt,
4f64730f YS	328	pkt_q[i].len);
04592adb MK	329	err = store_block(ptr1,
	330	pkt_q[i].tcp_seq_num -
	331	initial_data_seq_num,
	332	pkt_q[i].len);
cfbae482 YCLP	333	unmap_sysmem(ptr1);
cfbae482 YCLP	334	debug_cond(DEBUG_WGET,
ea2515fd	335	"wget: Conncted pkt Q %p len %x\n",
cfbae482	336	pkt_q[i].pkt, pkt_q[i].len);
04592adb MK	337	if (err) {
	338	wget_loop_state = NETLOOP_FAIL;
	339	wget_fail("wget: store error\n", tcp_seq_num, tcp_ack_num, action);
	340	net_set_state(NETLOOP_FAIL);
	341	return;
	342	}
cfbae482 YCLP	343	}
	344	}
	345	}
	346	wget_send(action, tcp_seq_num, tcp_ack_num, len);
	347	}
	348
	349	/**
08fb8da3 DM	350	* wget_handler() - TCP handler of wget
	351	* @pkt: pointer to the application packet
	352	* @dport: destination TCP port
	353	* @sip: source IP address
	354	* @sport: source TCP port
	355	* @tcp_seq_num: TCP sequential number
	356	* @tcp_ack_num: TCP acknowledgment number
	357	* @action: TCP action (SYN, ACK, FIN, etc)
	358	* @len: packet length
cfbae482 YCLP	359	*
	360	* In the "application push" invocation, the TCP header with all
	361	* its information is pointed to by the packet pointer.
	362	*/
08fb8da3 DM	363	static void wget_handler(uchar *pkt, u16 dport,
	364	struct in_addr sip, u16 sport,
	365	u32 tcp_seq_num, u32 tcp_ack_num,
	366	u8 action, unsigned int len)
cfbae482 YCLP	367	{
cfbae482 YCLP	368	enum tcp_state wget_tcp_state = tcp_get_tcp_state();
cfbae482 YCLP	369
	370	net_set_timeout_handler(wget_timeout, wget_timeout_handler);
	371	packets++;
	372
	373	switch (current_wget_state) {
	374	case WGET_CLOSED:
	375	debug_cond(DEBUG_WGET, "wget: Handler: Error!, State wrong\n");
	376	break;
	377	case WGET_CONNECTING:
	378	debug_cond(DEBUG_WGET,
08fb8da3	379	"wget: Connecting In len=%x, Seq=%u, Ack=%u\n",
cfbae482 YCLP	380	len, tcp_seq_num, tcp_ack_num);
	381	if (!len) {
	382	if (wget_tcp_state == TCP_ESTABLISHED) {
	383	debug_cond(DEBUG_WGET,
	384	"wget: Cting, send, len=%x\n", len);
	385	wget_send(action, tcp_seq_num, tcp_ack_num,
	386	len);
	387	} else {
	388	printf("%.*s", len, pkt);
	389	wget_fail("wget: Handler Connected Fail\n",
	390	tcp_seq_num, tcp_ack_num, action);
	391	}
	392	}
	393	break;
	394	case WGET_CONNECTED:
08fb8da3	395	debug_cond(DEBUG_WGET, "wget: Connected seq=%u, len=%x\n",
cfbae482 YCLP	396	tcp_seq_num, len);
	397	if (!len) {
	398	wget_fail("Image not found, no data returned\n",
	399	tcp_seq_num, tcp_ack_num, action);
	400	} else {
08fb8da3	401	wget_connected(pkt, tcp_seq_num, action, tcp_ack_num, len);
cfbae482 YCLP	402	}
	403	break;
	404	case WGET_TRANSFERRING:
	405	debug_cond(DEBUG_WGET,
	406	"wget: Transferring, seq=%x, ack=%x,len=%x\n",
	407	tcp_seq_num, tcp_ack_num, len);
	408
cab7867c YS	409	if (next_data_seq_num != tcp_seq_num) {
	410	debug_cond(DEBUG_WGET, "wget: seq=%x packet was lost\n", next_data_seq_num);
	411	return;
	412	}
	413	next_data_seq_num = tcp_seq_num + len;
	414
beac9581	415	if (store_block(pkt, tcp_seq_num - initial_data_seq_num, len) != 0) {
cfbae482 YCLP	416	wget_fail("wget: store error\n",
cfbae482 YCLP	417	tcp_seq_num, tcp_ack_num, action);
04592adb	418	net_set_state(NETLOOP_FAIL);
cfbae482 YCLP	419	return;
	420	}
	421
	422	switch (wget_tcp_state) {
	423	case TCP_FIN_WAIT_2:
	424	wget_send(TCP_ACK, tcp_seq_num, tcp_ack_num, len);
	425	fallthrough;
	426	case TCP_SYN_SENT:
08fb8da3	427	case TCP_SYN_RECEIVED:
cfbae482 YCLP	428	case TCP_CLOSING:
	429	case TCP_FIN_WAIT_1:
	430	case TCP_CLOSED:
	431	net_set_state(NETLOOP_FAIL);
	432	break;
	433	case TCP_ESTABLISHED:
	434	wget_send(TCP_ACK, tcp_seq_num, tcp_ack_num,
	435	len);
	436	wget_loop_state = NETLOOP_SUCCESS;
	437	break;
	438	case TCP_CLOSE_WAIT: /* End of transfer */
	439	current_wget_state = WGET_TRANSFERRED;
	440	wget_send(action \| TCP_ACK \| TCP_FIN,
	441	tcp_seq_num, tcp_ack_num, len);
	442	break;
	443	}
	444	break;
	445	case WGET_TRANSFERRED:
	446	printf("Packets received %d, Transfer Successful\n", packets);
	447	net_set_state(wget_loop_state);
2dd076a9 AC	448	wget_info->file_size = net_boot_file_size;
2dd076a9 AC	449	if (wget_info->method == WGET_HTTP_METHOD_GET && wget_info->set_bootdev) {
e55a4acb	450	efi_set_bootdev("Http", NULL, image_url,
2dd076a9 AC	451	map_sysmem(image_load_addr, 0),
	452	net_boot_file_size);
	453	env_set_hex("filesize", net_boot_file_size);
	454	}
cfbae482 YCLP	455	break;
	456	}
	457	}
	458
	459	#define RANDOM_PORT_START 1024
	460	#define RANDOM_PORT_RANGE 0x4000
	461
	462	/**
	463	* random_port() - make port a little random (1024-17407)
	464	*
	465	* Return: random port number from 1024 to 17407
	466	*
	467	* This keeps the math somewhat trivial to compute, and seems to work with
	468	* all supported protocols/clients/servers
	469	*/
	470	static unsigned int random_port(void)
	471	{
	472	return RANDOM_PORT_START + (get_timer(0) % RANDOM_PORT_RANGE);
	473	}
	474
	475	#define BLOCKSIZE 512
	476
	477	void wget_start(void)
	478	{
2dd076a9 AC	479	if (!wget_info)
	480	wget_info = &default_wget_info;
	481
cfbae482 YCLP	482	image_url = strchr(net_boot_file_name, ':');
	483	if (image_url > 0) {
	484	web_server_ip = string_to_ip(net_boot_file_name);
	485	++image_url;
	486	net_server_ip = web_server_ip;
	487	} else {
	488	web_server_ip = net_server_ip;
	489	image_url = net_boot_file_name;
	490	}
	491
	492	debug_cond(DEBUG_WGET,
	493	"wget: Transfer HTTP Server %pI4; our IP %pI4\n",
	494	&web_server_ip, &net_ip);
	495
	496	/* Check if we need to send across this subnet */
	497	if (net_gateway.s_addr && net_netmask.s_addr) {
	498	struct in_addr our_net;
	499	struct in_addr server_net;
	500
	501	our_net.s_addr = net_ip.s_addr & net_netmask.s_addr;
	502	server_net.s_addr = net_server_ip.s_addr & net_netmask.s_addr;
	503	if (our_net.s_addr != server_net.s_addr)
	504	debug_cond(DEBUG_WGET,
	505	"wget: sending through gateway %pI4",
	506	&net_gateway);
	507	}
	508	debug_cond(DEBUG_WGET, "URL '%s'\n", image_url);
	509
	510	if (net_boot_file_expected_size_in_blocks) {
	511	debug_cond(DEBUG_WGET, "wget: Size is 0x%x Bytes = ",
	512	net_boot_file_expected_size_in_blocks * BLOCKSIZE);
	513	print_size(net_boot_file_expected_size_in_blocks * BLOCKSIZE,
	514	"");
	515	}
	516	debug_cond(DEBUG_WGET,
	517	"\nwget:Load address: 0x%lx\nLoading: *\b", image_load_addr);
	518
	519	net_set_timeout_handler(wget_timeout, wget_timeout_handler);
	520	tcp_set_tcp_handler(wget_handler);
	521
	522	wget_timeout_count = 0;
	523	current_wget_state = WGET_CLOSED;
	524
	525	our_port = random_port();
	526
	527	/*
	528	* Zero out server ether to force arp resolution in case
	529	* the server ip for the previous u-boot command, for example dns
	530	* is not the same as the web server ip.
	531	*/
	532
	533	memset(net_server_ethaddr, 0, 6);
	534
	535	wget_send(TCP_SYN, 0, 0, 0);
	536	}
8cf18da1	537
9bab7d2a	538	int wget_do_request(ulong dst_addr, char *uri)
8cf18da1 MK	539	{
	540	int ret;
	541	char s, host_name, file_name, str_copy;
	542
	543	/*
	544	* Download file using wget.
	545	*
	546	* U-Boot wget takes the target uri in this format.
	547	* "<http server ip>:<file path>" e.g.) 192.168.1.1:/sample/test.iso
	548	* Need to resolve the http server ip address before starting wget.
	549	*/
	550	str_copy = strdup(uri);
	551	if (!str_copy)
	552	return -ENOMEM;
	553
	554	s = str_copy + strlen("http://");
	555	host_name = strsep(&s, "/");
	556	if (!s) {
8cf18da1 MK	557	ret = -EINVAL;
	558	goto out;
	559	}
	560	file_name = s;
	561
9bab7d2a AC	562	host_name = strsep(&host_name, ":");
	563
	564	if (string_to_ip(host_name).s_addr) {
	565	s = host_name;
	566	} else {
	567	#if IS_ENABLED(CONFIG_CMD_DNS)
	568	net_dns_resolve = host_name;
	569	net_dns_env_var = "httpserverip";
	570	if (net_loop(DNS) < 0) {
	571	ret = -EINVAL;
	572	goto out;
	573	}
	574	s = env_get("httpserverip");
	575	if (!s) {
	576	ret = -EINVAL;
	577	goto out;
	578	}
	579	#else
8cf18da1 MK	580	ret = -EINVAL;
8cf18da1 MK	581	goto out;
9bab7d2a	582	#endif
8cf18da1 MK	583	}
	584
	585	strlcpy(net_boot_file_name, s, sizeof(net_boot_file_name));
	586	strlcat(net_boot_file_name, ":/", sizeof(net_boot_file_name)); /* append '/' which is removed by strsep() */
	587	strlcat(net_boot_file_name, file_name, sizeof(net_boot_file_name));
	588	image_load_addr = dst_addr;
	589	ret = net_loop(WGET);
	590
	591	out:
	592	free(str_copy);
	593
de28a2a5	594	return ret < 0 ? ret : 0;
8cf18da1	595	}
f01c961e MK	596
	597	/**
	598	* wget_validate_uri() - validate the uri for wget
	599	*
	600	* @uri: uri string
	601	*
	602	* This function follows the current U-Boot wget implementation.
	603	* scheme: only "http:" is supported
	604	* authority:
	605	* - user information: not supported
	606	* - host: supported
	607	* - port: not supported(always use the default port)
	608	*
	609	* Uri is expected to be correctly percent encoded.
	610	* This is the minimum check, control codes(0x1-0x19, 0x7F, except '\0')
	611	* and space character(0x20) are not allowed.
	612	*
	613	* TODO: stricter uri conformance check
	614	*
	615	* Return: true on success, false on failure
	616	*/
	617	bool wget_validate_uri(char *uri)
	618	{
	619	char c;
	620	bool ret = true;
	621	char str_copy, s, *authority;
	622
	623	for (c = 0x1; c < 0x21; c++) {
	624	if (strchr(uri, c)) {
	625	log_err("invalid character is used\n");
	626	return false;
	627	}
	628	}
	629	if (strchr(uri, 0x7f)) {
	630	log_err("invalid character is used\n");
	631	return false;
	632	}
	633
	634	if (strncmp(uri, "http://", 7)) {
	635	log_err("only http:// is supported\n");
	636	return false;
	637	}
	638	str_copy = strdup(uri);
	639	if (!str_copy)
	640	return false;
	641
	642	s = str_copy + strlen("http://");
	643	authority = strsep(&s, "/");
	644	if (!s) {
	645	log_err("invalid uri, no file path\n");
	646	ret = false;
	647	goto out;
	648	}
	649	s = strchr(authority, '@');
	650	if (s) {
	651	log_err("user information is not supported\n");
	652	ret = false;
	653	goto out;
	654	}
	655	s = strchr(authority, ':');
	656	if (s) {
	657	log_err("user defined port is not supported\n");
	658	ret = false;
	659	goto out;
660	}
661
662	out:
663	free(str_copy);
664
665	return ret;
666	}