| Age | Commit message (Collapse) | Author |
|---|
|
TFTP transfers fail when tftpblocksize is set to 8192 or larger due to
insufficient buffer resources for IP fragment reassembly.
Calculate PBUF_POOL_SIZE and IP_REASS_MAX_PBUFS dynamically based on
CONFIG_TFTP_BLOCKSIZE using IP fragmentation boundaries (1480 usable
bytes per fragment at 1500 MTU). The pool size includes headroom for
TX, ARP, and protocol overhead, while ensuring PBUF_POOL_SIZE remains
greater than IP_REASS_MAX_PBUFS as required by lwIP.
Signed-off-by: Pranav Tilak <[email protected]>
|
|
The PBUF_POOL_BUFSIZE ends up being only 592 bytes, instead of 1514,
when PROT_TCP_LWIP Kconfig option is disabled. This results in a full
Ethernet frame requiring three PBUFs instead of just one.
This happens because the PBUF_POOL_BUFSIZE constant depends on the value
of a TCP_MSS constant, something that defaults to 536 when PROT_TCP_LWIP
is disabled.
PBUF_POOL_BUFSIZE = LWIP_MEM_ALIGN_SIZE(TCP_MSS + 40 + PBUF_LINK_HLEN)
Ensure that a full Ethernet frame fits inside a single PBUF by moving
the define of TCP_MSS outside the PROT_TCP_LWIP ifdef block.
Fixes: 1c41a7afaa15 ("net: lwip: build lwIP")
Acked-by: Jerome Forissier <[email protected]>
Signed-off-by: Jonas Karlman <[email protected]>
|
|
The TFTP server can report the size of the entire file that is about to
be received in the Transfer Size Option, this is described in RFC 2349.
This functionality is optional and the server may not report tsize in
case it is not supported.
Always send tsize request to the server to query the transfer size,
and in case the server does respond, cache that information locally
in tftp_state.tsize, otherwise cache size 0. Introduce new function
tftp_client_get_tsize() which returns the cached tftp_state.tsize so
clients can determine the transfer size and use it.
Update net/lwip/tftp.c to make use of tftp_client_get_tsize() and
avoid excessive printing of '#' during TFTP transfers in case the
transfer size is reported by the server.
Submitted upstream: https://savannah.nongnu.org/patch/index.php?item_id=10557
Signed-off-by: Marek Vasut <[email protected]>
Acked-by: Jerome Forissier <[email protected]>
|
|
sprintf will add a trailing \0 so manually adding a trailing \0 will
result in an extra unaccounted for character being written. This
overwrote the first byte of the following allocation block resulting in
unexpected behavior.
This was found by Running 'pxe get' with no available file resulting in
multiple attempts, using the default algorithm, to attempt to find a file.
Eventually there would be a failed assert when free() was called.
Failing the assert would result in a system reset.
Fixes: 27d7ccda94fa ("net: lwip: tftp: add support of blksize option to client")
Reported-by: Michal Simek <[email protected]>
Tested-by: Michal Simek <[email protected]>
Signed-off-by: Andrew Goodbody <[email protected]>
Tested-by: Tom Rini <[email protected]> # Pine64+
Reviewed-by: Jerome Forissier <[email protected]>
Reviewed-by: Jerome Forissier <[email protected]>
|
|
Now that SNTP is supported, enable SNTP debug traces when LWIP_DEBUG is
enabled. In particular, this allows to see which NTP servers are
received during DHCP.
Signed-off-by: Jerome Forissier <[email protected]>
|
|
The TFTP implementation does not resend the initial request if there is
no response from the server. Since TFTP is based on UDP, there should be
a mechanism to deal with unreliable transmissions at this point, similar
to what we have for data packets. Therefore, introduce request
retransmission.
Signed-off-by: Jerome Forissier <[email protected]>
CC: Venkatesh Abbarapu <[email protected]>
CC: Michal Simek <[email protected]>
CC: Ilias Apalodimas <[email protected]>
|
|
Add Kconfig symbol LWIP_ICMP_SHOW_UNREACH which, when enabled, prints a
message to the console upon reception of ICMP unreachable messages. For
example:
$ make qemu_arm64_lwip_defconfig
$ qemu-system-aarch64 -M virt -cpu max -nographic -bios u-boot.bin
[...]
=> dhcp
DHCP client bound to address 10.0.2.15 (0 ms)
=> tftp 192.168.0.100:69:Image
Using virtio-net#32 device
TFTP from server 192.168.0.100; our IP address is 10.0.2.15
Filename 'Image'.
Load address: 0x40200000
Loading: ICMP destination unreachable (host unreachable) from 192.168.0.16
Timeout!
=> tftp 192.168.0.16:69:Image
Using virtio-net#32 device
TFTP from server 192.168.0.16; our IP address is 10.0.2.15
Filename 'Image'.
Load address: 0x40200000
Loading: ICMP destination unreachable (port unreachable) from 192.168.0.16
Timeout!
=>
Submitted upstream as https://github.com/lwip-tcpip/lwip/pull/73.
Signed-off-by: Jerome Forissier <[email protected]>
|
|
Allow reporting ICMP destination unreachable messages via a user-defined
callback.
Signed-off-by: Jerome Forissier <[email protected]>
|
|
Provide a trivial implementation of sntp_format_time() to fix a build
error when CONFIG_LWIP_DEBUG=y:
lib/lwip/lwip/src/apps/sntp/sntp.c: In function ‘sntp_format_time’:
lib/lwip/lwip/src/apps/sntp/sntp.c:283:10: error: implicit declaration of function ‘ctime’ [-Werror=implicit-function-declaration]
283 | return ctime(&ut);
| ^~~~~
Signed-off-by: Jerome Forissier <[email protected]>
|
|
Implement the sntp command when NET_LWIP=y.
Signed-off-by: Jerome Forissier <[email protected]>
|
|
Enable IP_FRAG and IP_REASSEMBLY to allow packets larger than MTU.
Signed-off-by: Tim Harvey <[email protected]>
Reviewed-by: Jerome Forissier <[email protected]>
Acked-by: Heinrich Schuchardt <[email protected]>
|
|
Functions called from EFI applications should not do console output.
Refactor the wget code to implement this requirement. The wget_http_info
struct is used to hold the boolean that signifies whether the output is
allowed or not.
Signed-off-by: Jerome Forissier <[email protected]>
Reported-by: Heinrich Schuchardt <[email protected]>
|
|
It is confusing to have both "$(PHASE_)" and "$(XPL_)" be used in our
Makefiles as part of the macros to determine when to do something in our
Makefiles based on what phase of the build we are in. For consistency,
bring this down to a single macro and use "$(PHASE_)" only.
Signed-off-by: Tom Rini <[email protected]>
|
|
Using HTTPS without root (CA) certificates is a security issue. Print a
warning in this case. Also, when certificate verification fail, print
an additional message because "HTTP client error 4" is not very
informative (4 is HTTPC_RESULT_ERR_CLOSED).
Signed-off-by: Jerome Forissier <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
|
|
Instead of relying on some build time configuration to determine if
server certificates need to be checked against CA certificates, do it
based on the availability of such certificates. If no CA is configured
then no check can succeed; on the other hand if we have CA certs then
we should not ignore them. It is always possible to remove the CA certs
(via 'wget cacert 0 0') to force an HTTPS download that would fail
certificate validation.
Signed-off-by: Jerome Forissier <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
|
|
Using strstr() instead of strnstr() creates a security concern.
Fixes: 1c41a7afaa15 ("net: lwip: build lwIP")
Signed-off-by: Heinrich Schuchardt <[email protected]>
Reviewed-by: Jerome Forissier <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
Signed-off-by: Jerome Forissier <[email protected]>
|
|
Find_option() is used to retrieve the block size value in an option
acknowledgment in response to a request containing a block size option
according to RFC2348.
The format of an OACK response is described in RFC2347 as
+-------+---~~---+---+---~~---+---+---~~---+---+---~~---+---+
| opc | opt1 | 0 | value1 | 0 | optN | 0 | valueN | 0 |
+-------+---~~---+---+---~~---+---+---~~---+---+---~~---+---+
The current implementation of find_option() only works if
* blksize is the first option
* lwip_strnstr() ignores the length parameter,
i.e. is implemented via strstr()
The OACK messages starts with 0x00 0x06. If 'blksize' is the first option,
strstr() reports a match when the first parameter points to 0x06. Adding
the string length of 'blksize' plus 2 to the location of the 0x06 byte
points to the value.
Find_option() would report a match for option 'blksize' if the response
contained an option called 'foo_blksize_bar'. In this case find_option()
would return 'bar' as the value string.
If 'blksize' were the second option, find_option() would return a pointer
to the second character of the value string.
Furthermore find_option() does not detect if the value string is NUL
terminated. This may lead to a buffer overrun.
Provide an implementation that correctly steps from option to option.
Fixes: 27d7ccda94fa ("net: lwip: tftp: add support of blksize option to client")
Signed-off-by: Heinrich Schuchardt <[email protected]>
Reviewed-by: Jerome Forissier <[email protected]>
Tested-by: Jerome Forissier <[email protected]> (qemu_arm64_lwip)
Signed-off-by: Jerome Forissier <[email protected]>
|
|
When MbedTLS TLS features were added MBEDTLS_HAVE_TIME was defined as part
of enabling https:// support. However that pointed to the wrong function
which could crash if it received a NULL pointer.
Looking closer that function is not really needed, as it only seems to
increase the RNG entropy by using 4b of the current time and date.
The reason that was enabled is that lwIP was unconditionally requiring it,
although it's configurable and can be turned off.
Since lwIP doesn't use that field anywhere else, make it conditional and
disable it from our config.
Fixes: commit a564f5094f62 ("mbedtls: Enable TLS 1.2 support")
Reported-by: Heinrich Schuchardt <[email protected]>
Signed-off-by: Ilias Apalodimas <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
Acked-by: Jerome Forissier <[email protected]>
|
|
Building SPL fails with MBEDTLS enabled.
Currently we don't need it there.
Signed-off-by: Heinrich Schuchardt <[email protected]>
Acked-by: Jerome Forissier <[email protected]>
|
|
Fix various code style issues in the lwIP code.
Reported-by: Tom Rini <[email protected]>
Signed-off-by: Jerome Forissier <[email protected]>
Acked-by: Ilias Apalodimas <[email protected]>
|
|
SNI, or Server Name Indication, is an addition to the TLS encryption
protocol that enables a client device to specify the domain name it is
trying to reach in the first step of the TLS handshake, preventing
common name mismatch errors and not reaching to HTTPS server that
enforce this condition. Since most of the websites require it nowadays
add support for it.
It's worth noting that this is already sent to lwIP [0]
[0] https://github.com/lwip-tcpip/lwip/pull/47
Signed-off-by: Javier Tia <[email protected]>
Reviewed-by: Jerome Forissier <[email protected]>
Signed-off-by: Ilias Apalodimas <[email protected]>
|
|
The current code support mbedTLS 2.28. Since we are using a newer
version in U-Boot, update the necessary accessors and the lwIP codebase
to work with mbedTLS 3.6.0. It's worth noting that the patches are
already sent to lwIP [0]
While at it enable LWIP_ALTCP_TLS and enable TLS support in lwIP
[0] https://github.com/lwip-tcpip/lwip/pull/47
Signed-off-by: Javier Tia <[email protected]>
Acked-by: Jerome Forissier <[email protected]>
Signed-off-by: Ilias Apalodimas <[email protected]>
|
|
The TFTP protocol uses a default block size of 512 bytes. This value is
sub-optimal for ethernet devices, which have a MTU (Maximum Transmission
Unit) of 1500 bytes. When taking into acount the overhead of the IP and
UDP layers, this leaves 1468 bytes for the TFTP payload.
This patch introduces a new function: tftp_client_set_blksize() which
may be used to change the block size from the default. It has to be
called after tftp_client_init() and before tftp_get(). If the server
does not support the option, the client will still accept to receive
512-byte blocks.
Submitted upstream: https://savannah.nongnu.org/patch/index.php?10462
Signed-off-by: Jerome Forissier <[email protected]>
Acked-by: Ilias Apalodimas <[email protected]>
|
|
The TFTP app should not bind to the TFTP server port when configured as
a client. Instead, the local port should be chosen from the dynamic
range (49152 ~ 65535) so that if the application is stopped and started
again, the remote server will not consider the new packets as part of
the same context (which would cause an error since a new RRQ would be
unexpected).
Submitted upstream: https://savannah.nongnu.org/patch/?10480
Signed-off-by: Jerome Forissier <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
|
|
Build the lwIP library when NET_LWIP is enabled. The following files
are adaptation layers written specially for U-Boot:
lib/lwip/u-boot/arch/cc.h
lib/lwip/u-boot/arch/sys_arch.h (empty)
lib/lwip/u-boot/limits.h (empty)
lib/lwip/u-boot/lwipopts.h
They were initially contributed by Maxim in a previous RFC patch series.
The lwIP stack needs to be added as a Git subtree with the following
command:
$ git subtree add --squash --prefix lib/lwip/lwip \
https://github.com/lwip-tcpip/lwip.git STABLE-2_2_0_RELEASE
Signed-off-by: Jerome Forissier <[email protected]>
Co-developed-by: Maxim Uvarov <[email protected]>
Cc: Maxim Uvarov <[email protected]>
Acked-by: Ilias Apalodimas <[email protected]>
|
|
|
