1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
|
// SPDX-License-Identifier: BSD-2-Clause
/*
* Copyright (C) 2023 The Android Open Source Project
*/
#include <common.h>
#include <fastboot.h>
#include <net.h>
#include <net/fastboot_tcp.h>
#include <net/tcp.h>
static char command[FASTBOOT_COMMAND_LEN] = {0};
static char response[FASTBOOT_RESPONSE_LEN] = {0};
static const unsigned short handshake_length = 4;
static const uchar *handshake = "FB01";
static u16 curr_sport;
static u16 curr_dport;
static u32 curr_tcp_seq_num;
static u32 curr_tcp_ack_num;
static unsigned int curr_request_len;
static enum fastboot_tcp_state {
FASTBOOT_CLOSED,
FASTBOOT_CONNECTED,
FASTBOOT_DISCONNECTING
} state = FASTBOOT_CLOSED;
static void fastboot_tcp_answer(u8 action, unsigned int len)
{
const u32 response_seq_num = curr_tcp_ack_num;
const u32 response_ack_num = curr_tcp_seq_num +
(curr_request_len > 0 ? curr_request_len : 1);
net_send_tcp_packet(len, htons(curr_sport), htons(curr_dport),
action, response_seq_num, response_ack_num);
}
static void fastboot_tcp_reset(void)
{
fastboot_tcp_answer(TCP_RST, 0);
state = FASTBOOT_CLOSED;
}
static void fastboot_tcp_send_packet(u8 action, const uchar *data, unsigned int len)
{
uchar *pkt = net_get_async_tx_pkt_buf();
memset(pkt, '\0', PKTSIZE);
pkt += net_eth_hdr_size() + IP_TCP_HDR_SIZE + TCP_TSOPT_SIZE + 2;
memcpy(pkt, data, len);
fastboot_tcp_answer(action, len);
memset(pkt, '\0', PKTSIZE);
}
static void fastboot_tcp_send_message(const char *message, unsigned int len)
{
__be64 len_be = __cpu_to_be64(len);
uchar *pkt = net_get_async_tx_pkt_buf();
memset(pkt, '\0', PKTSIZE);
pkt += net_eth_hdr_size() + IP_TCP_HDR_SIZE + TCP_TSOPT_SIZE + 2;
// Put first 8 bytes as a big endian message length
memcpy(pkt, &len_be, 8);
pkt += 8;
memcpy(pkt, message, len);
fastboot_tcp_answer(TCP_ACK | TCP_PUSH, len + 8);
memset(pkt, '\0', PKTSIZE);
}
static void fastboot_tcp_handler_ipv4(uchar *pkt, u16 dport,
struct in_addr sip, u16 sport,
u32 tcp_seq_num, u32 tcp_ack_num,
u8 action, unsigned int len)
{
int fastboot_command_id;
u64 command_size;
u8 tcp_fin = action & TCP_FIN;
u8 tcp_push = action & TCP_PUSH;
curr_sport = sport;
curr_dport = dport;
curr_tcp_seq_num = tcp_seq_num;
curr_tcp_ack_num = tcp_ack_num;
curr_request_len = len;
switch (state) {
case FASTBOOT_CLOSED:
if (tcp_push) {
if (len != handshake_length ||
strlen(pkt) != handshake_length ||
memcmp(pkt, handshake, handshake_length) != 0) {
fastboot_tcp_reset();
break;
}
fastboot_tcp_send_packet(TCP_ACK | TCP_PUSH,
handshake, handshake_length);
state = FASTBOOT_CONNECTED;
}
break;
case FASTBOOT_CONNECTED:
if (tcp_fin) {
fastboot_tcp_answer(TCP_FIN | TCP_ACK, 0);
state = FASTBOOT_DISCONNECTING;
break;
}
if (tcp_push) {
// First 8 bytes is big endian message length
command_size = __be64_to_cpu(*(u64 *)pkt);
len -= 8;
pkt += 8;
// Only single packet messages are supported ATM
if (strlen(pkt) != command_size) {
fastboot_tcp_reset();
break;
}
strlcpy(command, pkt, len + 1);
fastboot_command_id = fastboot_handle_command(command, response);
fastboot_tcp_send_message(response, strlen(response));
fastboot_handle_boot(fastboot_command_id,
strncmp("OKAY", response, 4) == 0);
}
break;
case FASTBOOT_DISCONNECTING:
if (tcp_push)
state = FASTBOOT_CLOSED;
break;
}
memset(command, 0, FASTBOOT_COMMAND_LEN);
memset(response, 0, FASTBOOT_RESPONSE_LEN);
curr_sport = 0;
curr_dport = 0;
curr_tcp_seq_num = 0;
curr_tcp_ack_num = 0;
curr_request_len = 0;
}
void fastboot_tcp_start_server(void)
{
printf("Using %s device\n", eth_get_name());
printf("Listening for fastboot command on tcp %pI4\n", &net_ip);
tcp_set_tcp_handler(fastboot_tcp_handler_ipv4);
}
|
