aboutsummaryrefslogtreecommitdiff
path: root/net/net.c
AgeCommit message (Collapse)Author
2024-07-15net: Remove duplicate newlinesMarek Vasut
Drop all duplicate newlines. No functional change. Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
2024-05-20Restore patch series "arm: dts: am62-beagleplay: Fix Beagleplay Ethernet"Tom Rini
As part of bringing the master branch back in to next, we need to allow for all of these changes to exist here. Reported-by: Jonas Karlman <jonas@kwiboo.se> Signed-off-by: Tom Rini <trini@konsulko.com>
2024-05-19Revert "Merge patch series "arm: dts: am62-beagleplay: Fix Beagleplay Ethernet""Tom Rini
When bringing in the series 'arm: dts: am62-beagleplay: Fix Beagleplay Ethernet"' I failed to notice that b4 noticed it was based on next and so took that as the base commit and merged that part of next to master. This reverts commit c8ffd1356d42223cbb8c86280a083cc3c93e6426, reversing changes made to 2ee6f3a5f7550de3599faef9704e166e5dcace35. Reported-by: Jonas Karlman <jonas@kwiboo.se> Signed-off-by: Tom Rini <trini@konsulko.com>
2024-05-06net: Remove <common.h> and add needed includesTom Rini
Remove <common.h> from all "net/" files and when needed add missing include files directly. Signed-off-by: Tom Rini <trini@konsulko.com>
2023-11-05net: Add option for tracing packetsSean Anderson
Add an option to trace all packets send/received. This can be helpful when debugging protocol issues, as the packets can then be imported into wireshark [1] and analyzed further. [1] https://www.wireshark.org/docs/wsug_html_chunked/ChIOImportSection.html Signed-off-by: Sean Anderson <seanga2@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2023-10-17net: Fix compiling SPL when fastboot is enabledSean Anderson
When fastboot is enabled in U-Boot proper and SPL_NET is enabled, we will try to (unsuccessfully) reference it in SPL. Fix these linker errors by conditioning on SPL_UDP/TCP_FUNCTION_FASTBOOT. Signed-off-by: Sean Anderson <seanga2@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Tom Rini <trini@konsulko.com>
2023-08-22net: Fix the displayed value of bytes transferredSiddharth Vadapalli
In the case of NETLOOP_SUCCESS, the decimal value of the u32 variable "net_boot_file_size" is printed using "%d", resulting in negative values being reported for large file sizes. Fix this by using "%u" to print the decimal value corresponding to the bytes transferred. Fixes: 1411157d8578 ("net: cosmetic: Fixup var names related to boot file") Signed-off-by: Siddharth Vadapalli <s-vadapalli@ti.com> Reviewed-by: Tom Rini <trini@konsulko.com>
2023-05-05net: ipv6: Add support for default gateway discovery.Ehsan Mohandesi
In IPv6, the default gateway and prefix length are determined by receiving a router advertisement as defined in - https://www.rfc-editor.org/rfc/rfc4861. Add support for sending router solicitation (RS) and processing router advertisements (RA). If the RA has prefix info option and following conditions are met, then gatewayip6 and net_prefix_length of ip6addr env variables are initialized. These are later consumed by IPv6 code for non-local destination IP. - "Router Lifetime" != 0 - Prefix is NOT link-local prefix (0xfe80::/10) - L flag is 1 - "Valid Lifetime" != 0 Timing Parameters: - MAX_RTR_SOLICITATION_DELAY (0-1s) - RTR_SOLICITATION_INTERVAL (4s) (min retransmit delay) - MAX_RTR_SOLICITATIONS (3 RS transmissions) The functionality is enabled by CONFIG_IPV6_ROUTER_DISCOVERY and invoked automatically from net_init_loop(). Signed-off-by: Ehsan Mohandesi <emohandesi@linux.microsoft.com> Tested-by: Viacheslav Mitrofanov <v.v.mitrofanov@yadro.com>Reviewed-by: Tested-by: Viacheslav Mitrofanov <v.v.mitrofanov@yadro.com> Reviewed-by: Viacheslav Mitrofanov <v.v.mitrofanov@yadro.com> Tested-by: Sergei Antonov <saproj@gmail.com> Reviewed-by: Sergei Antonov <saproj@gmail.com>
2023-05-05net: add fastboot TCP supportDmitrii Merkurev
Known limitations are 1. fastboot reboot doesn't work (answering OK but not rebooting) 2. flashing isn't supported (TCP transport only limitation) The command syntax is fastboot tcp Signed-off-by: Dmitrii Merkurev <dimorinny@google.com> Cc: Ying-Chun Liu (PaulLiu) <paul.liu@linaro.org> Cc: Simon Glass <sjg@chromium.org> Сс: Joe Hershberger <joe.hershberger@ni.com> Сс: Ramon Fried <rfried.dev@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2023-05-05net: dhcp6: Add DHCPv6 (DHCP for IPv6)Sean Edmond
Adds DHCPv6 protocol to u-boot. Allows for address assignement with DHCPv6 4-message exchange (SOLICIT->ADVERTISE->REQUEST->REPLY). Includes DHCPv6 options required by RFC 8415. Also adds DHCPv6 options required for PXE boot. Possible enhancements: - Duplicate address detection on DHCPv6 assigned address - IPv6 address assignement through SLAAC - Sending/parsing other DHCPv6 options (NTP, DNS, etc...) Signed-off-by: Sean Edmond <seanedmond@microsoft.com> Reviewed-by: Ramon Fried <rfried.dev@gmail.com>
2023-01-23sandbox: Allow ethernet to be disabled at runtimeSimon Glass
For bootstd tests it is seldom useful to have ethernet enabled. Add a way to disable it, so that ethernet operations like tftpboot do nothing. Signed-off-by: Simon Glass <sjg@chromium.org>
2022-12-22net: ipv6: Add missing break into IPv6 protocol handlerViacheslav Mitrofanov
IPv6 protocol handler is not terminated with a break statment. It can lead to running unexpected code. Signed-off-by: Viacheslav Mitrofanov <v.v.mitrofanov@yadro.com> Reviewed-by: Daniel Schwierzeck <daniel.schwierzeck@gmail.com>
2022-12-05net: ping6: Add ping6 commandViacheslav Mitrofanov
Implement ping6 command to ping hosts using IPv6. It works the same way as an ordinary ping command. There is no ICMP request so it is not possible to ping our host. This patch adds options in Kconfig and Makefile to build ping6 command. Series-changes: 3 - Added structures and functions descriptions - Added to ping6_receive() return value instead of void Series-changes: 4 - Fixed structures and functions description style Signed-off-by: Viacheslav Mitrofanov <v.v.mitrofanov@yadro.com> Reviewed-by: Ramon Fried <rfried.dev@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2022-12-05net: tftp: Add IPv6 support for tftpbootViacheslav Mitrofanov
The command tftpboot uses IPv4 by default. Add the possibility to use IPv6 instead. If an address in the command is an IPv6 address it will use IPv6 to boot or if there is a suffix -ipv6 in the end of the command it also force using IPv6. All other tftpboot features and parameters are left the same. Signed-off-by: Viacheslav Mitrofanov <v.v.mitrofanov@yadro.com> Reviewed-by: Ramon Fried <rfried.dev@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2022-12-05net: ipv6: Incorporate IPv6 support into u-boot net subsystemViacheslav Mitrofanov
Add net_ip6_handler (an IPv6 packet handler) into net_loop. Add neighbor discovery mechanism into network init process. That is the main step to run IPv6 in u-boot. Now u-boot is capable to use NDP and handle IPv6 packets. Signed-off-by: Viacheslav Mitrofanov <v.v.mitrofanov@yadro.com> Reviewed-by: Ramon Fried <rfried.dev@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2022-11-28net: Add wget applicationYing-Chun Liu (PaulLiu)
This commit adds a simple wget command that can download files from http server. The command syntax is wget ${loadaddr} <path of the file from server> Signed-off-by: Duncan Hare <DuncanCHare@yahoo.com> Signed-off-by: Ying-Chun Liu (PaulLiu) <paul.liu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Cc: Christian Gmeiner <christian.gmeiner@gmail.com> Cc: Joe Hershberger <joe.hershberger@ni.com> Cc: Michal Simek <michal.simek@xilinx.com> Cc: Ramon Fried <rfried.dev@gmail.com> Reviewed-by: Ramon Fried <rfried.dev@gmail.com>
2022-11-28net: Add TCP protocolYing-Chun Liu (PaulLiu)
Currently file transfers are done using tftp or NFS both over udp. This requires a request to be sent from client (u-boot) to the boot server. The current standard is TCP with selective acknowledgment. Signed-off-by: Duncan Hare <DH@Synoia.com> Signed-off-by: Duncan Hare <DuncanCHare@yahoo.com> Signed-off-by: Ying-Chun Liu (PaulLiu) <paul.liu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Cc: Christian Gmeiner <christian.gmeiner@gmail.com> Cc: Joe Hershberger <joe.hershberger@ni.com> Cc: Michal Simek <michal.simek@xilinx.com> Cc: Ramon Fried <rfried.dev@gmail.com> Reviewed-by: Ramon Fried <rfried.dev@gmail.com>
2022-11-28net: deal with fragment-overlapping-two-holes caseRasmus Villemoes
With a suitable sequence of malicious packets, it's currently possible to get a hole descriptor to contain arbitrary attacker-controlled contents, and then with one more packet to use that as an arbitrary write vector. While one could possibly change the algorithm so we instead loop over all holes, and in each hole puts as much of the current fragment as belongs there (taking care to carefully update the hole list as appropriate), it's not worth the complexity: In real, non-malicious scenarios, one never gets overlapping fragments, and certainly not fragments that would be supersets of one another. So instead opt for this simple protection: Simply don't allow the eventual memcpy() to write beyond the last_byte of the current hole. Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
2022-11-28net: fix ip_len in reassembled IP datagramRasmus Villemoes
For some reason, the ip_len field in a reassembled IP datagram is set to just the size of the payload, but it should be set to the value it would have had if the datagram had never been fragmented in the first place, i.e. size of payload plus size of IP header. That latter value is currently returned correctly via the "len" variable. And before entering net_defragment(), len does have the value ntohs(ip->ip_len), so if we're not dealing with a fragment (so net_defragment leaves *len alone), that relationship of course also holds after the net_defragment() call. The only use I can find of ip->ip_len after the net_defragment call is the ntohs(ip->udp_len) > ntohs(ip->ip_len) sanity check - none of the functions that are passed the "ip" pointer themselves inspect ->ip_len but instead use the passed len. But that sanity check is a bit odd, since the RHS really should be "ntohs(ip->ip_len) - 20", i.e. the IP payload size. Now that we've fixed things so that len == ntohs(ip->ip_len) in all cases, change that sanity check to use len-20 as the RHS. Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
2022-11-28net: (actually/better) deal with CVE-2022-{30790,30552}Rasmus Villemoes
I hit a strange problem with v2022.10: Sometimes my tftp transfer would seemingly just hang. It only happened for some files. Moreover, changing tftpblocksize from 65464 to 65460 or 65000 made it work again for all the files I tried. So I started suspecting it had something to do with the file sizes and in particular the way the tftp blocks get fragmented and reassembled. v2022.01 showed no problems with any of the files or any value of tftpblocksize. Looking at what had changed in net.c or tftp.c since January showed only one remotely interesting thing, b85d130ea0ca. So I fired up wireshark on my host to see if somehow one of the packets would be too small. But no, with both v2022.01 and v2022.10, the exact same sequence of packets were sent, all but the last of size 1500, and the last being 1280 bytes. But then it struck me that 1280 is 5*256, so one of the two bytes on-the-wire is 0 and the other is 5, and when then looking at the code again the lack of endianness conversion becomes obvious. [ntohs is both applied to ip->ip_off just above, as well as to ip->ip_len just a little further down when the "len" is actually computed]. IOWs the current code would falsely reject any packet which happens to be a multiple of 256 bytes in size, breaking tftp transfers somewhat randomly, and if it did get one of those "malicious" packets with ip_len set to, say, 27, it would be seen by this check as being 6912 and hence not rejected. ==== Now, just adding the missing ntohs() would make my initial problem go away, in that I can now download the file where the last fragment ends up being 1280 bytes. But there's another bug in the code and/or analysis: The right-hand side is too strict, in that it is ok for the last fragment not to have a multiple of 8 bytes as payload - it really must be ok, because nothing in the IP spec says that IP datagrams must have a multiple of 8 bytes as payload. And comments in the code also mention this. To fix that, replace the comparison with <= IP_HDR_SIZE and add another check that len is actually a multiple of 8 when the "more fragments" bit is set - which it necessarily is for the case where offset8 ends up being 0, since we're only called when (ip_off & (IP_OFFS | IP_FLAGS_MFRAG)). ==== So, does this fix CVE-2022-30790 for real? It certainly correctly rejects the POC code which relies on sending a packet of size 27 with the MFRAG flag set. Can the attack be carried out with a size 27 packet that doesn't set MFRAG (hence must set a non-zero fragment offset)? I dunno. If we get a packet without MFRAG, we update h->last_byte in the hole we've found to be start+len, hence we'd enter one of if ((h >= thisfrag) && (h->last_byte <= start + len)) { or } else if (h->last_byte <= start + len) { and thus won't reach any of the /* overlaps with initial part of the hole: move this hole */ newh = thisfrag + (len / 8); /* fragment sits in the middle: split the hole */ newh = thisfrag + (len / 8); IOW these division are now guaranteed to be exact, and thus I think the scenario in CVE-2022-30790 cannot happen anymore. ==== However, there's a big elephant in the room, which has always been spelled out in the comments, and which makes me believe that one can still cause mayhem even with packets whose payloads are all 8-byte aligned: This code doesn't deal with a fragment that overlaps with two different holes (thus being a superset of a previously-received fragment). Suppose each character below represents 8 bytes, with D being already received data, H being a hole descriptor (struct hole), h being non-populated chunks, and P representing where the payload of a just received packet should go: DDDHhhhhDDDDHhhhDDDD PPPPPPPPP I'm pretty sure in this case we'd end up with h being the first hole, enter the simple } else if (h->last_byte <= start + len) { /* overlaps with final part of the hole: shorten this hole */ h->last_byte = start; case, and thus in the memcpy happily overwrite the second H with our chosen payload. This is probably worth fixing... Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
2022-11-28net: compare received length to sizeof(ip_hdr), not sizeof(ip_udp_hdr)Rasmus Villemoes
While the code mostly/only handles UDP packets, it's possible for the last fragment of a fragmented UDP packet to be smaller than 28 bytes; it can be as small as 21 bytes (an IP header plus one byte of payload). So until we've performed the defragmentation step and thus know whether we're now holding a full packet, we should only check for the existence of the fields in the ip header, i.e. that there are at least 20 bytes present. In practice, we always seem to be handed a "len" of minimum 60 from the device layer, i.e. minimal ethernet frame length minus FCS, so this is mostly theoretical. After we've fetched the header's claimed length and used that to update the len variable, check that the header itself claims to be the minimal possible length. This is probably how CVE-2022-30552 should have been dealt with in the first place, because net_defragment() is not the only place that wants to know the size of the IP datagram payload: If we receive a non-fragmented ICMP packet, we pass "len" to receive_icmp() which in turn may pass it to ping_receive() which does compute_ip_checksum(icmph, len - IP_HDR_SIZE) and due to the signature of compute_ip_checksum(), that would then lead to accessing ~4G of address space, very likely leading to a crash. Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
2022-11-28net: improve check for no IP optionsRasmus Villemoes
There's no reason we should accept an IP packet with a malformed IHL field. So ensure that it is exactly 5, not just <= 5. Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk> Reviewed-by: Ramon Fried <rfried.dev@gmail.com>
2022-10-21cmd: Add ncsi commandSamuel Mendoza-Jonas
Adds an "ncsi" command to manually start NC-SI configuration. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com> Signed-off-by: Joel Stanley <joel@jms.id.au> Reviewed-by: Cédric Le Goater <clg@kaod.org>
2022-10-21net: NC-SI setup and handlingSamuel Mendoza-Jonas
Add the handling of NC-SI ethernet frames, and add a check at the start of net_loop() to configure NC-SI before starting other network commands. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com> Signed-off-by: Joel Stanley <joel@jms.id.au> Reviewed-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: Ramon Fried <rfried.dev@gmail.com>
2022-09-18cyclic: Use schedule() instead of WATCHDOG_RESET()Stefan Roese
Globally replace all occurances of WATCHDOG_RESET() with schedule(), which handles the HW_WATCHDOG functionality and the cyclic infrastructure. Signed-off-by: Stefan Roese <sr@denx.de> Reviewed-by: Simon Glass <sjg@chromium.org> Tested-by: Tom Rini <trini@konsulko.com> [am335x_evm, mx6cuboxi, rpi_3,dra7xx_evm, pine64_plus, am65x_evm, j721e_evm]
2022-06-03net: Check for the minimum IP fragmented datagram sizeFabio Estevam
Nicolas Bidron and Nicolas Guigo reported the two bugs below: " ----------BUG 1---------- In compiled versions of U-Boot that define CONFIG_IP_DEFRAG, a value of `ip->ip_len` (IP packet header's Total Length) higher than `IP_HDR_SIZE` and strictly lower than `IP_HDR_SIZE+8` will lead to a value for `len` comprised between `0` and `7`. This will ultimately result in a truncated division by `8` resulting value of `0` forcing the hole metadata and fragment to point to the same location. The subsequent memcopy will overwrite the hole metadata with the fragment data. Through a second fragment, this can be exploited to write to an arbitrary offset controlled by that overwritten hole metadata value. This bug is only exploitable locally as it requires crafting two packets the first of which would most likely be dropped through routing due to its unexpectedly low Total Length. However, this bug can potentially be exploited to root linux based embedded devices locally. ```C static struct ip_udp_hdr *__net_defragment(struct ip_udp_hdr *ip, int *lenp) { static uchar pkt_buff[IP_PKTSIZE] __aligned(PKTALIGN); static u16 first_hole, total_len; struct hole *payload, *thisfrag, *h, *newh; struct ip_udp_hdr *localip = (struct ip_udp_hdr *)pkt_buff; uchar *indata = (uchar *)ip; int offset8, start, len, done = 0; u16 ip_off = ntohs(ip->ip_off); /* payload starts after IP header, this fragment is in there */ payload = (struct hole *)(pkt_buff + IP_HDR_SIZE); offset8 = (ip_off & IP_OFFS); thisfrag = payload + offset8; start = offset8 * 8; len = ntohs(ip->ip_len) - IP_HDR_SIZE; ``` The last line of the previous excerpt from `u-boot/net/net.c` shows how the attacker can control the value of `len` to be strictly lower than `8` by issuing a packet with `ip_len` between `21` and `27` (`IP_HDR_SIZE` has a value of `20`). Also note that `offset8` here is `0` which leads to `thisfrag = payload`. ```C } else if (h >= thisfrag) { /* overlaps with initial part of the hole: move this hole */ newh = thisfrag + (len / 8); *newh = *h; h = newh; if (h->next_hole) payload[h->next_hole].prev_hole = (h - payload); if (h->prev_hole) payload[h->prev_hole].next_hole = (h - payload); else first_hole = (h - payload); } else { ``` Lower down the same function, execution reaches the above code path. Here, `len / 8` evaluates to `0` leading to `newh = thisfrag`. Also note that `first_hole` here is `0` since `h` and `payload` point to the same location. ```C /* finally copy this fragment and possibly return whole packet */ memcpy((uchar *)thisfrag, indata + IP_HDR_SIZE, len); ``` Finally, in the above excerpt the `memcpy` overwrites the hole metadata since `thisfrag` and `h` both point to the same location. The hole metadata is effectively overwritten with arbitrary data from the fragmented IP packet data. If `len` was crafted to be `6`, `last_byte`, `next_hole`, and `prev_hole` of the `first_hole` can be controlled by the attacker. Finally the arbitrary offset write occurs through a second fragment that only needs to be crafted to write data in the hole pointed to by the previously controlled hole metadata (`next_hole`) from the first packet. ### Recommendation Handle cases where `len` is strictly lower than 8 by preventing the overwrite of the hole metadata during the memcpy of the fragment. This could be achieved by either: * Moving the location where the hole metadata is stored when `len` is lower than `8`. * Or outright rejecting fragmented IP datagram with a Total Length (`ip_len`) lower than 28 bytes which is the minimum valid fragmented IP datagram size (as defined as the minimum fragment of 8 octets in the IP Specification Document: [RFC791](https://datatracker.ietf.org/doc/html/rfc791) page 25). ----------BUG 2---------- In compiled versions of U-Boot that define CONFIG_IP_DEFRAG, a value of `ip->ip_len` (IP packet header's Total Length) lower than `IP_HDR_SIZE` will lead to a negative value for `len` which will ultimately result in a buffer overflow during the subsequent `memcpy` that uses `len` as it's `count` parameter. This bug is only exploitable on local ethernet as it requires crafting an invalid packet to include an unexpected `ip_len` value in the IP UDP header that's lower than the minimum accepted Total Length of a packet (21 as defined in the IP Specification Document: [RFC791](https://datatracker.ietf.org/doc/html/rfc791)). Such packet would in all likelihood be dropped while being routed to its final destination through most routing equipment and as such requires the attacker to be in a local position in order to be exploited. ```C static struct ip_udp_hdr *__net_defragment(struct ip_udp_hdr *ip, int *lenp) { static uchar pkt_buff[IP_PKTSIZE] __aligned(PKTALIGN); static u16 first_hole, total_len; struct hole *payload, *thisfrag, *h, *newh; struct ip_udp_hdr *localip = (struct ip_udp_hdr *)pkt_buff; uchar *indata = (uchar *)ip; int offset8, start, len, done = 0; u16 ip_off = ntohs(ip->ip_off); /* payload starts after IP header, this fragment is in there */ payload = (struct hole *)(pkt_buff + IP_HDR_SIZE); offset8 = (ip_off & IP_OFFS); thisfrag = payload + offset8; start = offset8 * 8; len = ntohs(ip->ip_len) - IP_HDR_SIZE; ``` The last line of the previous excerpt from `u-boot/net/net.c` shows where the underflow to a negative `len` value occurs if `ip_len` is set to a value strictly lower than 20 (`IP_HDR_SIZE` being 20). Also note that in the above excerpt the `pkt_buff` buffer has a size of `CONFIG_NET_MAXDEFRAG` which defaults to 16 KB but can range from 1KB to 64 KB depending on configurations. ```C /* finally copy this fragment and possibly return whole packet */ memcpy((uchar *)thisfrag, indata + IP_HDR_SIZE, len); ``` In the above excerpt the `memcpy` overflows the destination by attempting to make a copy of nearly 4 gigabytes in a buffer that's designed to hold `CONFIG_NET_MAXDEFRAG` bytes at most which leads to a DoS. ### Recommendation Stop processing of the packet if `ip_len` is lower than 21 (as defined by the minimum length of a data carrying datagram in the IP Specification Document: [RFC791](https://datatracker.ietf.org/doc/html/rfc791) page 34)." Add a check for ip_len lesser than 28 and stop processing the packet in this case. Such a check covers the two reported bugs. Reported-by: Nicolas Bidron <nicolas.bidron@nccgroup.com> Signed-off-by: Fabio Estevam <festevam@denx.de>
2022-04-22Allow colon in PXE bootfile URLsLyle Franklin
- U-boot's PXE flow supports prefixing your bootfile name with an IP address to fetch from a server other than the DHCP server, e.g. `hostIPaddr:bootfilename`: https://github.com/u-boot/u-boot/commit/a93907c43f847f076dd0e34ee3b69b5e8e6d0d29 - However, this breaks bootfile paths which contain a colon, e.g. `f0:ad:4e:10:1b:87/7/pxelinux.cfg/default` - This patch checks whether the `hostIPaddr` prefix is a valid IP address before overriding the serverIP otherwise the whole bootfile path is preserved Signed-off-by: Lyle Franklin <lylejfranklin@gmail.com>
2022-01-21net: Drop #ifdefs with CONFIG_BOOTP_SERVERIPSimon Glass
Use IS_ENABLED() instead, to reduce the number of build paths. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Ramon Fried <rfried.dev@gmail.com>
2022-01-21Convert CONFIG_UDP_CHECKSUM to KconfigSimon Glass
This converts the following to Kconfig: CONFIG_UDP_CHECKSUM Signed-off-by: Simon Glass <sjg@chromium.org>
2021-08-02global: Convert simple_strtoul() with decimal to dectoul()Simon Glass
It is a pain to have to specify the value 10 in each call. Add a new dectoul() function and update the code to use it. Signed-off-by: Simon Glass <sjg@chromium.org>
2021-01-27net: fix ping in netconsoleYang Liu
Should not init eth device when doing ping in netconsole. Signed-off-by: Yang Liu <yliu@cybertec.com.au> Cc: Joe Hershberger <joe.hershberger@ni.com>
2020-10-10net: Expose some errors generated in net_initSean Anderson
net_init does not always succeed, and there is no existing mechanism to discover errors. This patch allows callers of net_init (such as net_init) to handle errors. The root issue is that eth_get_dev can fail, but net_init_loop doesn't expose that. The ideal way to fix eth_get_dev would be to return an error with ERR_PTR, but there are a lot of callers, and all of them just check if it's NULL. Another approach would be to change the signature to something like int eth_get_dev(struct udevice **pdev) but that would require rewriting all of the many callers. Signed-off-by: Sean Anderson <seanga2@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2020-09-30sntp: use udp frameworkPhilippe Reynes
This commits update the support of sntp to use the framework udp. This change allows to remove all the reference to sntp in the main network file net/net.c. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2020-09-30net: add a generic udp protocolPhilippe Reynes
This commit adds a generic udp protocol framework in the network loop. So protocol based on udp may be implemented without modifying the network loop (for example custom wait magic packet). Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2020-08-04net: ping: reset stored IP addressMarek Szyprowski
Reset the stored ping IP address before entering a netloop with different protocol to ensure that it won't be interrupted by the received correct ICMP_ECHO_REPLY packet. Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
2020-06-12net: move random_port() to dnsBaruch Siach
The random_port() routine is not used anywhere else. Make it local to dns.c to reduce code clutter, and shrink generated code a little. Signed-off-by: Baruch Siach <baruch@tkos.co.il>
2020-06-12net: Fix error if some network features are disabledKrebs, Olaf
If 'CONFIG_CMD_TFTPBOOT' or 'CONFIG_CMD_BOOTP' are disabled, the usage must be disabled, too! Signed-off-by: Olaf Krebs <olaf.krebs@emh-metering.com> CC: Joe Hershberger <joe.hershberger@ni.com>
2020-05-18common: Drop log.h from common headerSimon Glass
Move this header out of the common header. Signed-off-by: Simon Glass <sjg@chromium.org>
2020-05-18common: Drop bootstage.h from common headerSimon Glass
Move this fairly uncommon header out of the common header. Signed-off-by: Simon Glass <sjg@chromium.org>
2020-02-13net: convert NET_MAXDEFRAG to KconfigRasmus Villemoes
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk> Reviewed-by: Simon Glass <sjg@chromium.org>
2020-01-17common: Move the image globals into image.hSimon Glass
These three globals relate to image handling. Move them to the image header file. Signed-off-by: Simon Glass <sjg@chromium.org>
2020-01-17image: Rename load_addr, save_addr, save_sizeSimon Glass
These global variables are quite short and generic. In fact the same name is more often used locally for struct members and function arguments. Add a image_ prefix to make them easier to distinguish. Signed-off-by: Simon Glass <sjg@chromium.org>
2019-12-09net: avoid address-of-packed-member errorHeinrich Schuchardt
sandbox_defconfig does not compile using GCC 9.2.1: net/net.c: In function ‘net_process_received_packet’: net/net.c:1288:23: error: taking address of packed member of ‘struct ip_udp_hdr’ may result in an unaligned pointer value [-Werror=address-of-packed-member] 1288 | sumptr = (ushort *)&(ip->udp_src); | ^~~~~~~~~~~~~~ Avoid the error by using a u8 pointer instead of an u16 pointer and in-lining ntohs(). Simplify the checksumming of the last message byte. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com> Acked-by: Joe Hershberger <joe.hershberger@ni.com>
2019-12-09net: nfs: Only link in NFS code outside of SPL buildsTom Rini
While we have networking use cases within SPL we do not support loading files via NFS at this point in time. Disable calling nfs_start() so that the NFS related code can be garbage collected at link time. Signed-off-by: Tom Rini <trini@konsulko.com> Acked-by: Joe Hershberger <joe.hershberger@ni.com>
2019-12-09net: Always build the string_to_enetaddr() helperJoe Hershberger
Part of the env cleanup moved this out of the environment code and into the net code. However, this helper is sometimes needed even when the net stack isn't included. Move the helper to lib/net_utils.c like it's similarly-purposed string_to_ip(). Also rename the moved function to similar naming. Signed-off-by: Joe Hershberger <joe.hershberger@ni.com> Reported-by: Ondrej Jirman <megous@megous.com>
2019-12-02Drop CONFIG_SHOW_ACTIVITYSimon Glass
This feature is not enabled by any board. Drop it. Signed-off-by: Simon Glass <sjg@chromium.org>
2019-09-04CVE: net: fix unbounded memcpy of UDP packetliucheng (G)
This patch adds a check to udp_len to fix unbounded memcpy for CVE-2019-14192, CVE-2019-14193 and CVE-2019-14199. Signed-off-by: Cheng Liu <liucheng32@huawei.com> Reviewed-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com> Reported-by: Fermín Serna <fermin@semmle.com> Acked-by: Joe Hershberger <joe.hershberger@ni.com>
2019-09-04net: introduce packet capture supportRamon Fried
Add support for capturing ethernet packets and storing them in memory in PCAP(2.4) format, later to be analyzed by any PCAP viewer software (IE. Wireshark) This feature greatly assist debugging network issues such as detecting dropped packets, packet corruption etc. Signed-off-by: Ramon Fried <rfried.dev@gmail.com> Reviewed-by: Alex Marginean <alexm.osslist@gmail.com> Tested-by: Alex Marginean <alexm.osslist@gmail.com> Acked-by: Joe Hershberger <joe.hershberger@ni.com>
2019-08-11env: Rename environment.h to env_internal.hSimon Glass
This file contains lots of internal details about the environment. Most code can include env.h instead, calling the functions there as needed. Rename this file and add a comment at the top to indicate its internal nature. Signed-off-by: Simon Glass <sjg@chromium.org> Acked-by: Joe Hershberger <joe.hershberger@ni.com> Reviewed-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com> [trini: Fixup apalis-tk1.c] Signed-off-by: Tom Rini <trini@konsulko.com>
2019-08-11env: net: Move eth_parse_enetaddr() to net.c/hSimon Glass
This function fits better with the network subsystem, so move it. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Joe Hershberger <joe.hershberger@ni.com>