summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Makefile6
-rw-r--r--iphone.c1190
-rw-r--r--iphone.h79
-rw-r--r--main.c42
-rw-r--r--usbmux.c1181
-rw-r--r--usbmux.h51
6 files changed, 1255 insertions, 1294 deletions
diff --git a/Makefile b/Makefile
index cd3a0a0..535e028 100644
--- a/Makefile
+++ b/Makefile
@@ -6,8 +6,8 @@ INSTALL_PREFIX=/usr/local
all: $(TARGETS)
-main.o: main.c usbmuxd-proto.h sock_stuff.h iphone.h
-iphone.o: iphone.c iphone.h usbmuxd.h sock_stuff.h
+main.o: main.c usbmuxd-proto.h sock_stuff.h usbmux.h
+usbmux.o: usbmux.c usbmux.h usbmuxd.h sock_stuff.h
sock_stuff.o: sock_stuff.c sock_stuff.h
libusbmuxd.o: libusbmuxd.c usbmuxd.h usbmuxd-proto.h
iproxy.o: iproxy.c sock_stuff.h
@@ -19,7 +19,7 @@ libusbmuxd.so: libusbmuxd.o sock_stuff.o
%.o: %.c
$(CC) -o $@ $(CFLAGS) -c $<
-usbmuxd: main.o sock_stuff.o iphone.o
+usbmuxd: main.o sock_stuff.o usbmux.o
$(CC) -o $@ $(LDFLAGS) $^ $(LIBS)
iproxy: iproxy.o
diff --git a/iphone.c b/iphone.c
deleted file mode 100644
index cd91b2e..0000000
--- a/iphone.c
+++ /dev/null
@@ -1,1190 +0,0 @@
-/*
- * Copyright (c) 2008 Jing Su. All Rights Reserved.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
-#include <stdint.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include <string.h>
-#include <usb.h>
-#include <stdio.h>
-#include <arpa/inet.h>
-#include <errno.h>
-#include <pthread.h>
-#include "iphone.h"
-
-#define BULKIN 0x85
-#define BULKOUT 0x04
-#define HEADERLEN 28
-
-static const uint8_t TCP_FIN = 1;
-static const uint8_t TCP_SYN = 1 << 1;
-static const uint8_t TCP_RST = 1 << 2;
-static const uint8_t TCP_PSH = 1 << 3;
-static const uint8_t TCP_ACK = 1 << 4;
-static const uint8_t TCP_URG = 1 << 5;
-
-// I have trouble figuring out how to properly manage the windowing to
-// the iPhone. It keeps sending back 512 and seems to drop off a cliff
-// when the phone gets overwhelmed. In addition, the phone likes to
-// panic and send out RESETS before the window hits zero. Also, waiting
-// for responses seems to not be a winning strategy.
-//
-// Since I'm not sure how in the hell to interpret the window sizes that
-// the phone is sending back to us, I've figured out some magic number
-// constants which seem to work okay.
-static const uint32_t WINDOW_MAX = 5 * 1024;
-static const uint32_t WINDOW_INCREMENT = 512;
-
-typedef struct {
- char* buffer;
- int leftover;
- int capacity;
-} receivebuf_t;
-
-struct iphone_device_int {
- char *buffer;
- struct usb_dev_handle *device;
- struct usb_device *__device;
- receivebuf_t usbReceive;
-};
-
-typedef struct {
- uint32_t type, length, major, minor, allnull;
-} usbmux_version_header;
-
-typedef struct {
- uint32_t type, length;
- uint16_t sport, dport;
- uint32_t scnt, ocnt;
- uint8_t offset, tcp_flags;
- uint16_t window, nullnull, length16;
-} usbmux_tcp_header;
-
-struct iphone_umux_client_int {
- usbmux_tcp_header *header;
- iphone_device_t phone;
-
- char *recv_buffer;
- int r_len;
- pthread_cond_t wait;
-
- // this contains a conditional variable which usb-writers can wait
- // on while waiting for window updates from the phone.
- pthread_cond_t wr_wait;
- // I'm going to do something really cheesy here. We are going to
- // just record the most recent scnt that we are expecting to hear
- // back on. We will actually halt progress by limiting the number
- // of outstanding un-acked bulk sends that we have beamed out.
- uint32_t wr_pending_scnt;
- long wr_window;
-
- pthread_mutex_t mutex;
-
- // this variable is not protected by the mutex. This will always
- // be E_SUCCESS, unless an error of some kind breaks this stream.
- // this will then be set to the error that caused the broken stream.
- // no further operations other than free_client will be allowed.
- iphone_error_t error;
-
- int cleanup;
-};
-
-
-static pthread_mutex_t iphonemutex = PTHREAD_MUTEX_INITIALIZER;
-static iphone_umux_client_t *connlist = NULL;
-static int clients = 0;
-
-
-/**
- */
-int toto_debug = 0;
-
-void iphone_set_debug(int e)
-{
- toto_debug = e;
-}
-
-void log_debug_msg(const char *format, ...)
-{
-#ifndef STRIP_DEBUG_CODE
-
- va_list args;
- /* run the real fprintf */
- va_start(args, format);
-
- if (toto_debug)
- vfprintf(stderr, format, args);
-
- va_end(args);
-
-#endif
-}
-
-#ifdef DEBUG
-/**
- * for debugging purposes.
- */
-static void print_buffer(const char *data, const int length)
-{
- if (toto_debug > 0) {
- int i;
- int j;
- unsigned char c;
-
- for(i=0; i<length; i+=16) {
- printf("%04x: ", i);
- for (j=0;j<16;j++) {
- if (i+j >= length) {
- printf(" ");
- continue;
- }
- printf("%02hhx ", *(data+i+j));
- }
- printf(" | ");
- for(j=0;j<16;j++) {
- if (i+j >= length)
- break;
- c = *(data+i+j);
- if ((c < 32) || (c > 127)) {
- printf(".");
- continue;
- }
- printf("%c", c);
- }
- printf("\n");
- }
- printf("\n");
- }
-}
-#endif
-
-void hton_header(usbmux_tcp_header *hdr)
-{
- if (hdr) {
- hdr->length = htonl(hdr->length);
- hdr->scnt = htonl(hdr->scnt);
- hdr->ocnt = htonl(hdr->ocnt);
- hdr->length16 = htons(hdr->length16);
- }
-}
-
-void ntoh_header(usbmux_tcp_header *hdr)
-{
- if (hdr) {
- hdr->length = ntohl(hdr->length);
- hdr->scnt = ntohl(hdr->scnt);
- hdr->ocnt = ntohl(hdr->ocnt);
- hdr->length16 = ntohs(hdr->length16);
- }
-}
-
-/** Creates a USBMux header containing version information
- *
- * @return A USBMux header
- */
-usbmux_version_header *version_header()
-{
- usbmux_version_header *version = (usbmux_version_header *) malloc(sizeof(usbmux_version_header));
- version->type = 0;
- version->length = htonl(20);
- version->major = htonl(1);
- version->minor = 0;
- version->allnull = 0;
- return version;
-}
-
-/**
- * This function sets the configuration of the given device to 3
- * and claims the interface 1. If usb_set_configuration fails, it detaches
- * the kernel driver that blocks the device, and retries configuration.
- *
- * @param phone which device to configure
- */
-static iphone_error_t iphone_config_usb_device(iphone_device_t phone)
-{
- int ret;
- int bytes;
- char buf[512];
-
-#if 0
- log_debug_msg("checking configuration...\n");
- if (phone->__device->config->bConfigurationValue != 3) {
- log_debug_msg("WARNING: usb device configuration is not 3 as expected!\n");
- }
-
- log_debug_msg("setting configuration...\n");
- ret = usb_set_configuration(phone->device, 3);
- if (ret != 0) {
- log_debug_msg("Hm, usb_set_configuration returned %d: %s\n", ret, strerror(-ret));
-#if LIBUSB_HAS_GET_DRIVER_NP
- log_debug_msg("trying to fix:\n");
- log_debug_msg("-> detaching kernel driver... ");
- ret = usb_detach_kernel_driver_np(phone->device, phone->__device->config->interface->altsetting->bInterfaceNumber);
- if (ret != 0) {
- log_debug_msg("usb_detach_kernel_driver_np returned %d: %s\n", ret, strerror(-ret));
- } else {
- log_debug_msg("done.\n");
- log_debug_msg("setting configuration again... ");
- ret = usb_set_configuration(phone->device, 3);
- if (ret != 0) {
- log_debug_msg("Error: usb_set_configuration returned %d: %s\n", ret, strerror(-ret));
- log_debug_msg("--> trying to continue anyway...\n");
- } else {
- log_debug_msg("done.\n");
- }
- }
-#else
- log_debug_msg("--> trying to continue anyway...\n");
-#endif
- } else {
- log_debug_msg("done.\n");
- }
-#endif
-
- log_debug_msg("claiming interface... ");
- ret = usb_claim_interface(phone->device, 1);
- if (ret != 0) {
- log_debug_msg("Error: usb_claim_interface returned %d: %s\n", ret, strerror(-ret));
- return IPHONE_E_NO_DEVICE;
- } else {
- log_debug_msg("done.\n");
- }
-
- do {
- bytes = usb_bulk_read(phone->device, BULKIN, buf, 512, 800);
- } while (bytes > 0);
-
- return IPHONE_E_SUCCESS;
-}
-
-/**
- * Given a USB bus and device number, returns a device handle to the iPhone on
- * that bus. To aid compatibility with future devices, this function does not
- * check the vendor and device IDs! To do that, you should use
- * iphone_get_device() or a system-specific API (e.g. HAL).
- *
- * @param bus_n The USB bus number.
- * @param dev_n The USB device number.
- * @param device A pointer to a iphone_device_t, which must be set to NULL upon
- * calling iphone_get_specific_device, which will be filled with a device
- * descriptor on return.
- * @return IPHONE_E_SUCCESS if ok, otherwise an error code.
- */
-iphone_error_t iphone_get_specific_device(int bus_n, int dev_n, iphone_device_t * device)
-{
- struct usb_bus *bus;
- struct usb_device *dev;
- usbmux_version_header *version;
- int bytes = 0;
-
- //check we can actually write in device
- if (!device || (device && *device))
- return IPHONE_E_INVALID_ARG;
-
- iphone_device_t phone = (iphone_device_t) malloc(sizeof(struct iphone_device_int));
-
- // Initialize the struct
- phone->device = NULL;
- phone->__device = NULL;
- phone->buffer = NULL;
-
- // don't forget these:
- phone->usbReceive.buffer = NULL;
- phone->usbReceive.leftover = 0;
- phone->usbReceive.capacity = 0;
-
- // Initialize libusb
- usb_init();
- usb_find_busses();
- usb_find_devices();
-
- // Set the device configuration
- for (bus = usb_get_busses(); bus; bus = bus->next)
- //if (bus->location == bus_n)
- for (dev = bus->devices; dev != NULL; dev = dev->next)
- if (dev->devnum == dev_n) {
- phone->__device = dev;
- phone->device = usb_open(phone->__device);
- if (iphone_config_usb_device(phone) == IPHONE_E_SUCCESS) {
- goto found;
- }
- }
-
- iphone_free_device(phone);
-
- log_debug_msg("iphone_get_specific_device: iPhone not found\n");
- return IPHONE_E_NO_DEVICE;
-
- found:
- // Send the version command to the phone
- version = version_header();
- bytes = usb_bulk_write(phone->device, BULKOUT, (char *) version, sizeof(*version), 800);
- if (bytes < 20) {
- log_debug_msg("get_iPhone(): libusb did NOT send enough!\n");
- if (bytes < 0) {
- log_debug_msg("get_iPhone(): libusb gave me the error %d: %s (%s)\n",
- bytes, usb_strerror(), strerror(-bytes));
- }
- }
- // Read the phone's response
- bytes = usb_bulk_read(phone->device, BULKIN, (char *) version, sizeof(*version), 800);
-
- // Check for bad response
- if (bytes < 20) {
- free(version);
- iphone_free_device(phone);
- log_debug_msg("get_iPhone(): Invalid version message -- header too short.\n");
- if (bytes < 0)
- log_debug_msg("get_iPhone(): libusb error message %d: %s (%s)\n", bytes, usb_strerror(), strerror(-bytes));
- return IPHONE_E_NOT_ENOUGH_DATA;
- }
- // Check for correct version
- if (ntohl(version->major) == 1 && ntohl(version->minor) == 0) {
- // We're all ready to roll.
- log_debug_msg("get_iPhone() success\n");
- free(version);
- *device = phone;
- return IPHONE_E_SUCCESS;
- } else {
- // Bad header
- iphone_free_device(phone);
- free(version);
- log_debug_msg("get_iPhone(): Received a bad header/invalid version number.");
- return IPHONE_E_BAD_HEADER;
- }
-
- // If it got to this point it's gotta be bad
- log_debug_msg("get_iPhone(): Unknown error.\n");
- iphone_free_device(phone);
- free(version);
- return IPHONE_E_UNKNOWN_ERROR; // if it got to this point it's gotta be bad
-}
-
-/** Cleans up an iPhone structure, then frees the structure itself.
- * This is a library-level function; deals directly with the iPhone to tear
- * down relations, but otherwise is mostly internal.
- *
- * @param phone A pointer to an iPhone structure.
- */
-iphone_error_t iphone_free_device(iphone_device_t device)
-{
- char buf[512];
- int bytes;
-
- if (!device)
- return IPHONE_E_INVALID_ARG;
- iphone_error_t ret = IPHONE_E_UNKNOWN_ERROR;
-
- if (device->device) {
- do {
- bytes = usb_bulk_read(device->device, BULKIN, buf, 512, 800);
- } while (bytes > 0);
- }
-
- if (device->buffer) {
- free(device->buffer);
- }
- if (device->usbReceive.buffer) {
- free(device->usbReceive.buffer);
- }
- if (device->device) {
- usb_release_interface(device->device, 1);
- usb_close(device->device);
- ret = IPHONE_E_SUCCESS;
- }
- free(device);
-
- return ret;
-}
-
-
-
-/** Sends data to the phone
- * This is a low-level (i.e. directly to phone) function.
- *
- * @param phone The iPhone to send data to
- * @param data The data to send to the iPhone
- * @param datalen The length of the data
- * @return The number of bytes sent, or -ERRNO on error
- */
-int send_to_phone(iphone_device_t phone, char *data, int datalen)
-{
- if (!phone)
- return -1;
-
- int timeout = 1000;
- int retrycount = 0;
- int bytes = 0;
-
-#ifdef DEBUG
- #ifdef DEBUG_MORE
- printf("===============================\n%s: trying to send\n", __func__);
- print_buffer(data, datalen);
- printf("===============================\n");
- #endif
-#endif
- do {
- if (retrycount > 3) {
- log_debug_msg("EPIC FAIL! aborting on retry count overload.\n");
- return -1;
- }
-
- bytes = usb_bulk_write(phone->device, BULKOUT, data, datalen, timeout);
- if (bytes == -ETIMEDOUT) {
- // timed out waiting for write.
- log_debug_msg("usb_bulk_write timeout error.\n");
- return bytes;
- }
- else if (bytes < 0) {
- log_debug_msg("usb_bulk_write failed with error. err:%d (%s)(%s)\n", bytes, usb_strerror(), strerror(-bytes));
- return -1;
- }
- else if (bytes == 0) {
- log_debug_msg("usb_bulk_write sent nothing. retrying.\n");
- timeout = timeout * 4;
- retrycount++;
- continue;
- }
- else if (bytes < datalen) {
- log_debug_msg("usb_bulk_write failed to send full dataload. %d of %d\n", bytes, datalen);
- timeout = timeout * 4;
- retrycount++;
- data += bytes;
- datalen -= bytes;
- continue;
- }
- }
- while(0); // fall out
-
-#ifdef DEBUG
- if (bytes > 0) {
- if (toto_debug > 0) {
- printf(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n");
- printf("%s: sent to phone\n", __func__);
- print_buffer(data, bytes);
- printf(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n");
- }
- }
-#endif
- return bytes;
-}
-
-/** Receives data from the phone
- * This function is a low-level (i.e. direct from iPhone) function.
- *
- * @param phone The iPhone to receive data from
- * @param data Where to put data read
- * @param datalen How much data to read in
- * @param timeout How many milliseconds to wait for data
- *
- * @return How many bytes were read in, or -1 on error.
- */
-int recv_from_phone_timeout(iphone_device_t phone, char *data, int datalen, int timeoutmillis)
-{
- if (!phone)
- return -EINVAL;
- //log_debug_msg("recv_from_phone(): attempting to receive %i bytes\n", datalen);
-
- int bytes = usb_bulk_read(phone->device, BULKIN, data, datalen, timeoutmillis);
- // There are some things which are errors, others which are no problem.
- // It's not documented in libUSB, but it seems that the error values
- // returned are just negated ERRNO values.
- if (bytes < 0) {
- if (bytes == -ETIMEDOUT) {
- // ignore this. it just means timeout reached before we
- // picked up any data. no problem.
- return 0;
- } else {
- fprintf(stderr, "recv_from_phone(): libusb gave me the error %d: %s (%s)\n", bytes, usb_strerror(), strerror(-bytes));
- log_debug_msg("recv_from_phone(): libusb gave me the error %d: %s (%s)\n", bytes, usb_strerror(), strerror(-bytes));
- }
- return bytes;
- }
-
-#ifdef DEBUG
- if (bytes > 0) {
- if (toto_debug > 0) {
- printf("<<<<<<<<<<<<<<<<<<<<<<<<<<<\n");
- printf("%s: received from phone:\n", __func__);
- print_buffer(data, bytes);
- printf("<<<<<<<<<<<<<<<<<<<<<<<<<<<\n");
- }
- }
-#endif
-
- return bytes;
-}
-
-/** Creates a USBMux packet for the given set of ports.
- *
- * @param s_port The source port for the connection.
- * @param d_port The destination port for the connection.
- *
- * @return A USBMux packet
- */
-usbmux_tcp_header *new_mux_packet(uint16_t s_port, uint16_t d_port)
-{
- usbmux_tcp_header *conn = (usbmux_tcp_header *) malloc(sizeof(usbmux_tcp_header));
- conn->type = htonl(6);
- conn->length = HEADERLEN;
- conn->sport = htons(s_port);
- conn->dport = htons(d_port);
- conn->scnt = 0;
- conn->ocnt = 0;
- conn->offset = 0x50;
- conn->window = htons(0x0200);
- conn->nullnull = 0x0000;
- conn->length16 = HEADERLEN;
- return conn;
-}
-
-
-/** Removes a connection from the list of connections made.
- * The list of connections is necessary for buffering.
- *
- * @param connection The connection to delete from the tracking list.
- */
-static void delete_connection(iphone_umux_client_t connection)
-{
- iphone_umux_client_t *newlist = NULL;
-
- pthread_mutex_lock(&iphonemutex);
-
- // update the global list of connections
- if (clients > 1) {
- newlist = (iphone_umux_client_t *) malloc(sizeof(iphone_umux_client_t) * (clients - 1));
- int i = 0, j = 0;
- for (i = 0; i < clients; i++) {
- if (connlist[i] == connection)
- continue;
- else {
- newlist[j] = connlist[i];
- j++;
- }
- }
- }
- if (connlist) {
- free(connlist);
- }
- connlist = newlist;
- clients--;
-
- // free up this connection
- pthread_mutex_lock(&connection->mutex);
- if (connection->recv_buffer)
- free(connection->recv_buffer);
- if (connection->header)
- free(connection->header);
- connection->r_len = 0;
- pthread_mutex_unlock(&connection->mutex);
- pthread_mutex_destroy(&connection->mutex);
- free(connection);
-
- pthread_mutex_unlock(&iphonemutex);
-}
-
-/** Adds a connection to the list of connections made.
- * The connection list is necessary for buffering.
- *
- * @param connection The connection to add to the global list of connections.
- */
-
-static void add_connection(iphone_umux_client_t connection)
-{
- pthread_mutex_lock(&iphonemutex);
- iphone_umux_client_t *newlist =
- (iphone_umux_client_t *) realloc(connlist, sizeof(iphone_umux_client_t) * (clients + 1));
- newlist[clients] = connection;
- connlist = newlist;
- clients++;
- pthread_mutex_unlock(&iphonemutex);
-}
-
-/**
- * Get a source port number that is not used by one of our connections
- * This is needed for us to make sure we are not sending on another
- * connection.
- */
-static uint16_t get_free_port()
-{
- int i;
- uint16_t newport = 30000;
- int cnt = 0;
-
- pthread_mutex_lock(&iphonemutex);
- while (1) {
- cnt = 0;
- for (i = 0; i < clients; i++) {
- if (ntohs(connlist[i]->header->sport) == newport) {
- cnt++;
- }
- }
- if (cnt == 0) {
- // newport is not used in our list of connections!
- break;
- } else {
- newport++;
- if (newport < 30000) {
- // if all ports from 30000 to 65535 are in use,
- // the value wraps (16-bit overflow)
- // return 0, no port is available.
- // This should not happen, but just in case ;)
- newport = 0;
- break;
- }
- }
- }
- pthread_mutex_unlock(&iphonemutex);
-
- return newport;
-}
-
-/** Initializes a connection on phone, with source port s_port and destination port d_port
- *
- * @param device The iPhone to initialize a connection on.
- * @param src_port The source port
- * @param dst_port The destination port -- 0xf27e for lockdownd.
- * @param client A mux TCP header for the connection which is used for tracking and data transfer.
- * @return IPHONE_E_SUCCESS on success, an error code otherwise.
- */
-iphone_error_t iphone_mux_new_client(iphone_device_t device, uint16_t src_port, uint16_t dst_port,
- iphone_umux_client_t * client)
-{
- if (!device || !dst_port)
- return IPHONE_E_INVALID_ARG;
-
- src_port = get_free_port();
-
- if (!src_port) {
- // this is a special case, if we get 0, this is not good, so
- return -EISCONN; // TODO: error code suitable?
- }
-
- // Initialize connection stuff
- iphone_umux_client_t new_connection = (iphone_umux_client_t) malloc(sizeof(struct iphone_umux_client_int));
- new_connection->header = new_mux_packet(src_port, dst_port);
-
- // send TCP syn
- if (new_connection && new_connection->header) {
- new_connection->header->tcp_flags = TCP_SYN;
- new_connection->header->length = new_connection->header->length;
- new_connection->header->length16 = new_connection->header->length16;
- new_connection->header->scnt = 0;
- new_connection->header->ocnt = 0;
- new_connection->phone = device;
- new_connection->recv_buffer = NULL;
- new_connection->r_len = 0;
- pthread_cond_init(&new_connection->wait, NULL);
- pthread_mutex_init(&new_connection->mutex, NULL);
- pthread_cond_init(&new_connection->wr_wait, NULL);
- new_connection->wr_pending_scnt = 0;
- new_connection->wr_window = 0;
- add_connection(new_connection);
- new_connection->error = IPHONE_E_SUCCESS;
- new_connection->cleanup = 0;
- hton_header(new_connection->header);
- log_debug_msg("%s: send_to_phone (%d --> %d)\n", __func__, ntohs(new_connection->header->sport), ntohs(new_connection->header->dport));
- if (send_to_phone(device, (char *) new_connection->header, sizeof(usbmux_tcp_header)) >= 0) {
- *client = new_connection;
- return IPHONE_E_SUCCESS;
- } else {
- delete_connection(new_connection);
- return IPHONE_E_NOT_ENOUGH_DATA;
- }
- }
- // if we get to this point it's probably bad
- return IPHONE_E_UNKNOWN_ERROR;
-}
-
-/** Cleans up the given USBMux connection.
- * @note Once a connection is closed it may not be used again.
- *
- * @param connection The connection to close.
- *
- * @return IPHONE_E_SUCCESS on success.
- */
-iphone_error_t iphone_mux_free_client(iphone_umux_client_t client)
-{
- if (!client || !client->phone)
- return IPHONE_E_INVALID_ARG;
-
- iphone_error_t result = IPHONE_E_SUCCESS;
- pthread_mutex_lock(&client->mutex);
- client->header->tcp_flags = TCP_FIN;
- client->header->length = 0x1C;
- client->header->window = 0;
- client->header->length16 = 0x1C;
- hton_header(client->header);
-
- if (send_to_phone(client->phone, (char*)client->header, sizeof(usbmux_tcp_header)) < 0) {
- log_debug_msg("%s: error sending TCP_FIN\n", __func__);
- result = IPHONE_E_UNKNOWN_ERROR;
- }
-
- client->cleanup = 1;
-
- // make sure we don't have any last-minute laggards waiting on this.
- // I put it after the mutex unlock because we have cases where the
- // conditional wait is dependent on re-grabbing that mutex.
- pthread_cond_broadcast(&client->wait);
- pthread_cond_destroy(&client->wait);
- pthread_cond_broadcast(&client->wr_wait);
- pthread_cond_destroy(&client->wr_wait);
-
- pthread_mutex_unlock(&client->mutex);
-
- return result;
-}
-
-/** Sends the given data over the selected connection.
- *
- * @param phone The iPhone to send to.
- * @param client The client we're sending data on.
- * @param data A pointer to the data to send.
- * @param datalen How much data we're sending.
- * @param sent_bytes The number of bytes sent, minus the header (28)
- *
- * @return IPHONE_E_SUCCESS on success.
- */
-iphone_error_t iphone_mux_send(iphone_umux_client_t client, const char *data, uint32_t datalen, uint32_t * sent_bytes)
-{
- if (!client->phone || !client || !sent_bytes)
- return IPHONE_E_INVALID_ARG;
-
- if (client->error != IPHONE_E_SUCCESS) {
- return client->error;
- }
-
- *sent_bytes = 0;
- pthread_mutex_lock(&client->mutex);
-
- int sendresult = 0;
- uint32_t blocksize = 0;
- if (client->wr_window <= 0) {
- struct timespec ts;
- clock_gettime(CLOCK_REALTIME, &ts);
- //ts.tv_sec += 1;
- ts.tv_nsec += 750 * 1000;
- if (pthread_cond_timedwait(&client->wait, &client->mutex, &ts) == ETIMEDOUT) {
- // timd out. optimistically grow the window and try to make progress
- client->wr_window += WINDOW_INCREMENT;
- }
- }
-
- blocksize = sizeof(usbmux_tcp_header) + datalen;
-
- // client->scnt and client->ocnt should already be in host notation...
- // we don't need to change them juuuust yet.
- char *buffer = (char *) malloc(blocksize + 2); // allow 2 bytes of safety padding
- // Set the length
- client->header->length = blocksize;
- client->header->length16 = blocksize;
-
- // Put header into big-endian notation
- hton_header(client->header);
- // Concatenation of stuff in the buffer.
- memcpy(buffer, client->header, sizeof(usbmux_tcp_header));
- memcpy(buffer + sizeof(usbmux_tcp_header), data, datalen);
-
- log_debug_msg("%s: send_to_phone(%d --> %d)\n", __func__, ntohs(client->header->sport), ntohs(client->header->dport));
- sendresult = send_to_phone(client->phone, buffer, blocksize);
- // Now that we've sent it off, we can clean up after our sloppy selves.
- if (buffer)
- free(buffer);
-
- // revert header fields that have been swapped before trying to send
- ntoh_header(client->header);
-
- // update counts ONLY if the send succeeded.
- if ((uint32_t)sendresult == blocksize) {
- // Re-calculate scnt
- client->header->scnt += datalen;
- client->wr_window -= blocksize;
- }
-
-
- pthread_mutex_unlock(&client->mutex);
-
-
- if (sendresult == -ETIMEDOUT || sendresult == 0) {
- // no problem for now...
- *sent_bytes = 0;
- return IPHONE_E_TIMEOUT;
- }
- else if (sendresult < 0) {
- return IPHONE_E_UNKNOWN_ERROR;
- }
- else if ((uint32_t)sendresult == blocksize) {
- // actual number of data bytes sent.
- *sent_bytes = sendresult - HEADERLEN;
- return IPHONE_E_SUCCESS;
- }
- else {
- fprintf(stderr, "usbsend managed to dump a packet that is not full size. %d of %d\n",
- sendresult, blocksize);
- return IPHONE_E_UNKNOWN_ERROR;
- }
-}
-
-/** append the packet's DATA to the receive buffer for the client.
- *
- * this has a few other corner-case functions:
- * 1. this will properly handle the handshake syn+ack.
- * 2. for all receives, this will appropriately update the ocnt.
- *
- * @return number of bytes consumed (header + data)
- */
-uint32_t append_receive_buffer(iphone_umux_client_t client, char* packet)
-{
- if (client == NULL || packet == NULL) return 0;
-
- usbmux_tcp_header *header = (usbmux_tcp_header *) packet;
- char* data = &packet[HEADERLEN];
- uint32_t packetlen = ntohl(header->length);
- uint32_t datalen = packetlen-HEADERLEN;
-
- int dobroadcast = 0;
-
- pthread_mutex_lock(&client->mutex);
-
- // we need to handle a few corner case tasks and book-keeping which
- // falls on our responsibility because we are the ones reading in
- // feedback.
- if (client->header->scnt == 0 && client->header->ocnt == 0 ) {
- log_debug_msg("client is still waiting for handshake.\n");
- if (header->tcp_flags == (TCP_SYN | TCP_ACK)) {
- log_debug_msg("yes, got syn+ack ; replying with ack.\n");
- client->header->tcp_flags = TCP_ACK;
- client->header->length = sizeof(usbmux_tcp_header);
- client->header->length16 = sizeof(usbmux_tcp_header);
- client->header->scnt += 1;
- client->header->ocnt = header->ocnt;
- hton_header(client->header);
- // push it to USB
- // TODO: need to check for error in the send here.... :(
- log_debug_msg("%s: send_to_phone (%d --> %d)\n", __func__, ntohs(client->header->sport), ntohs(client->header->dport));
- if (send_to_phone(client->phone, (char *)client->header, sizeof(usbmux_tcp_header)) <= 0) {
- log_debug_msg("%s: error when pushing to usb...\n", __func__);
- }
- // need to revert some of the fields back to host notation.
- ntoh_header(client->header);
- }
- else {
- client->error = IPHONE_E_ECONNABORTED;
- // woah... this connection failed us.
- // TODO: somehow signal that this stream is a no-go.
- log_debug_msg("WOAH! client failed to get proper syn+ack.\n");
- }
- }
-
- // update TCP counters and windows.
- //
- // save the window that we're getting from the USB device.
- // apparently the window is bigger than just the 512 that's typically
- // advertised. iTunes apparently shifts this value by 8 to get a much
- // larger number.
- if (header->tcp_flags & TCP_RST) {
- client->error = IPHONE_E_ECONNRESET;
-
- if (datalen > 0) {
- char e_msg[128];
- e_msg[0] = 0;
- if (datalen > 1) {
- memcpy(e_msg, data+1, datalen-1);
- e_msg[datalen-1] = 0;
- }
- // fetch the message
- switch(data[0]) {
- case 0:
- // this is not an error, it's just a status message.
- log_debug_msg("received status message: %s\n", e_msg);
- datalen = 0;
- break;
- case 1:
- log_debug_msg("received error message: %s\n", e_msg);
- datalen = 0;
- break;
- default:
- log_debug_msg("received unknown message (type 0x%02x): %s\n", data[0], e_msg);
- //datalen = 0; // <-- we let this commented out for testing
- break;
- }
- } else {
- log_debug_msg("peer sent connection reset. setting error: %d\n", client->error);
- }
- }
-
- // the packet's ocnt tells us how much of our data the device has received.
- if (header->tcp_flags & TCP_ACK) {
-
- // this is a hacky magic number condition. it seems that once the window
- // reported by the phone starts to drop below this number, we quickly fall
- // into connection reset problems. Once we see the reported window size
- // start falling off, cut off and wait for solid acks to come back.
- if (ntohs(header->window) < 256)
- client->wr_window = 0;
-
- // check what just got acked.
- if (ntohl(header->ocnt) < client->header->scnt) {
- // we got some kind of ack, but it hasn't caught up with the
- // pending that have been sent.
- pthread_cond_broadcast(&client->wr_wait);
- }
- else if (ntohl(header->ocnt) > /*client->wr_pending_scnt*/ client->header->scnt) {
- fprintf(stderr, "WTF?! acks overtook pending outstanding. %u,%u\n",
- ntohl(header->ocnt), client->wr_pending_scnt);
- }
- else {
- // reset the window
- client->wr_window = WINDOW_MAX;
- pthread_cond_broadcast(&client->wr_wait);
- }
- }
-
- // the packet's scnt will be our new ocnt.
- client->header->ocnt = ntohl(header->scnt);
-
- // ensure there is enough space, either by first malloc or realloc
- if (datalen > 0) {
- log_debug_msg("%s: putting %d bytes into client's recv_buffer\n", __func__, datalen);
- if (client->r_len == 0) dobroadcast = 1;
-
- if (client->recv_buffer == NULL) {
- client->recv_buffer = malloc(datalen);
- client->r_len = 0;
- }
- else {
- client->recv_buffer = realloc(client->recv_buffer, client->r_len + datalen);
- }
-
- memcpy(&client->recv_buffer[client->r_len], data, datalen);
- client->r_len += datalen;
- }
-
- pthread_mutex_unlock(&client->mutex);
-
- // I put this outside the mutex unlock just so that when the threads
- // wake, we don't have to do another round of unlock+try to grab.
- if (dobroadcast)
- pthread_cond_broadcast(&client->wait);
-
-
- return packetlen;
-}
-
-/** NOTE! THERE IS NO MUTEX LOCK IN THIS FUNCTION!
- because we're only called from one location, pullbulk, where the lock
- is already held.
- */
-iphone_umux_client_t find_client(usbmux_tcp_header* recv_header)
-{
- // remember, as we're looking for the client, the receive header is
- // coming from the USB into our client. This means that when we check
- // the src/dst ports, we need to reverse them.
- iphone_umux_client_t retval = NULL;
-
- // just for debugging check, I'm going to convert the numbers to host-endian.
- uint16_t hsport = ntohs(recv_header->sport);
- uint16_t hdport = ntohs(recv_header->dport);
-
- pthread_mutex_lock(&iphonemutex);
- int i;
- for (i = 0; i < clients; i++) {
- uint16_t csport = ntohs(connlist[i]->header->sport);
- uint16_t cdport = ntohs(connlist[i]->header->dport);
-
- if (hsport == cdport && hdport == csport) {
- retval = connlist[i];
- break;
- }
- }
- pthread_mutex_unlock(&iphonemutex);
-
- return retval;
-}
-
-/** pull in a big USB bulk packet and distribute it to queues appropriately.
- */
-int iphone_mux_pullbulk(iphone_device_t phone)
-{
- if (!phone)
- return -EINVAL;
-
- int res = 0;
- static const int DEFAULT_CAPACITY = 128*1024;
- if (phone->usbReceive.buffer == NULL) {
- phone->usbReceive.capacity = DEFAULT_CAPACITY;
- phone->usbReceive.buffer = malloc(phone->usbReceive.capacity);
- phone->usbReceive.leftover = 0;
- }
-
- // start the cursor off just ahead of the leftover.
- char* cursor = &phone->usbReceive.buffer[phone->usbReceive.leftover];
- // pull in content, note that the amount we can pull is capacity minus leftover
- int readlen = recv_from_phone_timeout(phone, cursor, phone->usbReceive.capacity - phone->usbReceive.leftover, 3000);
- if (readlen < 0) {
- res = readlen;
- //fprintf(stderr, "recv_from_phone_timeout gave us an error.\n");
- readlen = 0;
- }
- if (readlen > 0) {
- //fprintf(stdout, "recv_from_phone_timeout pulled an extra %d bytes\n", readlen);
- }
-
- // the amount of content we have to work with is the remainder plus
- // what we managed to read
- phone->usbReceive.leftover += readlen;
-
- // reset the cursor to the front of that buffer and work through
- // trying to decode packets out of them.
- cursor = phone->usbReceive.buffer;
- while (1) {
- // check if there's even sufficient data to decode a header
- if (phone->usbReceive.leftover < HEADERLEN) break;
- usbmux_tcp_header *header = (usbmux_tcp_header *) cursor;
-
- log_debug_msg("%s: recv_from_phone_timeout (%d --> %d)\n", __func__, ntohs(header->sport), ntohs(header->dport));
-
- // now that we have a header, check if there is sufficient data
- // to construct a full packet, including its data
- uint32_t packetlen = ntohl(header->length);
- if ((uint32_t)phone->usbReceive.leftover < packetlen) {
- fprintf(stderr, "%s: not enough data to construct a full packet\n", __func__);
- break;
- }
-
- // ok... find the client this packet will get stuffed to.
- iphone_umux_client_t client = find_client(header);
- if (client == NULL) {
- log_debug_msg("WARNING: client for packet cannot be found. dropping packet.\n");
- }
- else {
- // stuff the data
- log_debug_msg("%s: found client, calling append_receive_buffer\n", __func__);
- append_receive_buffer(client, cursor);
-
- // perhaps this is too general, == IPHONE_E_ECONNRESET
- // might be a better check here
- if (client->error != IPHONE_E_SUCCESS) {
- pthread_mutex_lock(&client->mutex);
- if (client->cleanup) {
- pthread_mutex_unlock(&client->mutex);
- log_debug_msg("freeing up connection (%d->%d)\n", ntohs(client->header->sport), ntohs(client->header->dport));
- delete_connection(client);
- } else {
- pthread_mutex_unlock(&client->mutex);
- }
- }
- }
-
- // move the cursor and account for the consumption
- cursor += packetlen;
- phone->usbReceive.leftover -= packetlen;
- }
-
- // now, we need to manage any leftovers.
- // I'm going to manage the leftovers by alloc'ing a new block and copying
- // the leftovers to it. This is just to prevent problems with memory
- // moves where there may be overlap. Besides, the leftovers should be
- // small enough that this copy is minimal in overhead.
- //
- // if there are no leftovers, we just leave the datastructure as is,
- // and re-use the block next time.
- if (phone->usbReceive.leftover > 0 && cursor != phone->usbReceive.buffer) {
- log_debug_msg("%s: we got a leftover, so handle it\n", __func__);
- char* newbuff = malloc(DEFAULT_CAPACITY);
- memcpy(newbuff, cursor, phone->usbReceive.leftover);
- free(phone->usbReceive.buffer);
- phone->usbReceive.buffer = newbuff;
- phone->usbReceive.capacity = DEFAULT_CAPACITY;
- }
-
- return res;
-}
-
-/**
- * return the error code stored in iphone_umux_client_t structure,
- * e.g. non-zero when an usb read error occurs.
- *
- * @param client the umux client
- *
- * @return IPHONE_E_* error codes.
- */
-iphone_error_t iphone_mux_get_error(iphone_umux_client_t client)
-{
- if (!client) {
- return 0;
- }
-
- return client->error;
-}
-
-/** This function reads from the client's recv_buffer.
- *
- * @param client The client to receive data from.
- * @param data Where to put the data we receive.
- * @param datalen How much data to read.
- * @param timeout How many milliseconds to wait for data
- *
- * @return IPHONE_E_SUCCESS or error code if failure.
- */
-iphone_error_t iphone_mux_recv_timeout(iphone_umux_client_t client, char *data, uint32_t datalen, uint32_t * recv_bytes, int timeout)
-{
-
- if (!client || !data || datalen == 0 || !recv_bytes)
- return IPHONE_E_INVALID_ARG;
-
- if (client->error != IPHONE_E_SUCCESS) return client->error;
-
- pthread_mutex_lock(&client->mutex);
-
- if (timeout > 0 && (client->recv_buffer == NULL ||client->r_len == 0)) {
- struct timespec ts;
- clock_gettime(CLOCK_REALTIME, &ts);
- ts.tv_sec += timeout/1000;
- ts.tv_nsec += (timeout-((int)(timeout/1000))*1000)*1000; //millis * 1000;
- pthread_cond_timedwait(&client->wait, &client->mutex, &ts);
- }
-
- *recv_bytes = 0;
- if (client->recv_buffer != NULL && client->r_len > 0) {
- uint32_t foolen = datalen;
- if ((int)foolen > client->r_len) foolen = client->r_len;
- memcpy(data, client->recv_buffer, foolen);
- *recv_bytes = foolen;
-
- // preserve any left-over unread amounts.
- int remainder = client->r_len - foolen;
- if (remainder > 0) {
- char* newbuf = malloc(remainder);
- memcpy(newbuf, client->recv_buffer + foolen, remainder);
- client->r_len = remainder;
- free(client->recv_buffer);
- client->recv_buffer = newbuf;
- }
- else {
- free(client->recv_buffer);
- client->recv_buffer = NULL;
- client->r_len = 0;
- }
- }
-
- pthread_mutex_unlock(&client->mutex);
-
-
- return IPHONE_E_SUCCESS;
-}
diff --git a/iphone.h b/iphone.h
deleted file mode 100644
index 9900b99..0000000
--- a/iphone.h
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- * Copyright (c) 2008 Jing Su. All Rights Reserved.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
-
-#ifndef __IPHONE_H__
-#define __IPHONE_H__
-
-#include <stdint.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-
-//general errors
-#define IPHONE_E_SUCCESS 0
-#define IPHONE_E_INVALID_ARG -1
-#define IPHONE_E_UNKNOWN_ERROR -2
-#define IPHONE_E_NO_DEVICE -3
-#define IPHONE_E_TIMEOUT -4
-#define IPHONE_E_NOT_ENOUGH_DATA -5
-#define IPHONE_E_BAD_HEADER -6
-
-//lockdownd specific error
-#define IPHONE_E_INVALID_CONF -7
-#define IPHONE_E_PAIRING_FAILED -8
-#define IPHONE_E_SSL_ERROR -9
-#define IPHONE_E_PLIST_ERROR -10
-#define IPHONE_E_DICT_ERROR -11
-
-//afc specific error
-#define IPHONE_E_NO_SUCH_FILE -12
-
-//general TCP-style errors and conditions
-#define IPHONE_E_ECONNABORTED -ECONNABORTED
-#define IPHONE_E_ECONNRESET -ECONNRESET
-#define IPHONE_E_ENOTCONN -ENOTCONN
-#define IPHONE_E_ESHUTDOWN -ESHUTDOWN
-#define IPHONE_E_ETIMEDOUT -ETIMEDOUT
-#define IPHONE_E_ECONNREFUSED -ECONNREFUSED
-
-void iphone_set_debug(int e);
-
-typedef int16_t iphone_error_t;
-
-struct iphone_device_int;
-typedef struct iphone_device_int *iphone_device_t;
-
-struct iphone_umux_client_int;
-typedef struct iphone_umux_client_int *iphone_umux_client_t;
-
-iphone_error_t iphone_get_device ( iphone_device_t *device );
-iphone_error_t iphone_get_specific_device(int bus_n, int dev_n, iphone_device_t * device);
-iphone_error_t iphone_free_device ( iphone_device_t device );
-
-
-iphone_error_t iphone_mux_new_client ( iphone_device_t device, uint16_t src_port, uint16_t dst_port, iphone_umux_client_t *client );
-iphone_error_t iphone_mux_free_client ( iphone_umux_client_t client );
-
-iphone_error_t iphone_mux_send(iphone_umux_client_t client, const char *data, uint32_t datalen, uint32_t * sent_bytes);
-
-iphone_error_t iphone_mux_recv_timeout(iphone_umux_client_t client, char *data, uint32_t datalen, uint32_t * recv_bytes, int timeout);
-
-int iphone_mux_pullbulk(iphone_device_t phone);
-
-iphone_error_t iphone_mux_get_error(iphone_umux_client_t client);
-
-#endif
diff --git a/main.c b/main.c
index c9bf884..43f0425 100644
--- a/main.c
+++ b/main.c
@@ -42,7 +42,7 @@
#include "usbmuxd-proto.h"
#include "sock_stuff.h"
-#include "iphone.h"
+#include "usbmux.h"
#define DEFAULT_TIMEOUT 4000
#define DEFAULT_CHILDREN_CAPACITY 10
@@ -60,11 +60,11 @@ static int exit_on_no_devices = 0;
struct device_info {
uint32_t device_id;
- iphone_device_t phone;
+ usbmux_device_t phone;
int use_count;
pthread_t bulk_reader;
pthread_mutex_t mutex;
- /* mutex for mutual exclusion of calling the iphone_mux_send function
+ /* mutex for mutual exclusion of calling the usbmux_send function
* TODO: I don't know if we need really need this? */
pthread_mutex_t writer_mutex;
};
@@ -80,7 +80,7 @@ struct client_data {
int reader_dead;
int handler_dead;
int connected;
- iphone_umux_client_t muxclient;
+ usbmux_client_t muxclient;
struct device_info *dev;
};
@@ -249,7 +249,7 @@ static void *usbmuxd_client_reader_thread(void *arg)
char rbuffer[512];
uint32_t rbuffersize = 512;
uint32_t rlen;
- iphone_error_t err;
+ int err;
char *cursor;
ssize_t len;
int result;
@@ -276,7 +276,7 @@ static void *usbmuxd_client_reader_thread(void *arg)
}
rlen = 0;
- err = iphone_mux_recv_timeout(cdata->muxclient, rbuffer, rbuffersize, &rlen, DEFAULT_TIMEOUT);
+ err = usbmux_recv_timeout(cdata->muxclient, rbuffer, rbuffersize, &rlen, DEFAULT_TIMEOUT);
if (err != 0) {
if (verbose >= 2) logmsg(LOG_ERR, "%s[%d:%d]: encountered USB read error: %d", __func__, cdata->dev->device_id, cdata->dev->use_count, err);
break;
@@ -327,7 +327,7 @@ static int usbmuxd_handleConnectResult(struct client_data *cdata)
int err_code;
ssize_t maxlen = 512;
uint32_t rlen;
- iphone_error_t err;
+ int err;
if (!cdata) {
if (verbose >= 2) logmsg(LOG_ERR, "%s: Invalid client_data provided!", __func__);
@@ -342,8 +342,8 @@ static int usbmuxd_handleConnectResult(struct client_data *cdata)
}
} else {
result = 0;
- err = iphone_mux_recv_timeout(cdata->muxclient, buffer, maxlen, &rlen, 100);
- if (err != 0) {
+ err = usbmux_recv_timeout(cdata->muxclient, buffer, maxlen, &rlen, 100);
+ if (err < 0) {
if (verbose >= 2) logmsg(LOG_ERR, "%s: encountered USB read error: %d", __func__, err);
usbmuxd_send_result(cdata->socket, cdata->tag, -err);
return err;
@@ -390,7 +390,7 @@ static void *usbmuxd_client_handler_thread(void *arg)
ssize_t len;
ssize_t maxlen = sizeof(buffer);
uint32_t wlen;
- iphone_error_t err;
+ int err;
if (!arg) {
if (verbose >= 2) logmsg(LOG_ERR, "%s: invalid client_data provided!", __func__);
@@ -441,10 +441,10 @@ static void *usbmuxd_client_handler_thread(void *arg)
pthread_mutex_lock(&cdata->dev->writer_mutex);
do {
wlen = 0;
- err = iphone_mux_send(cdata->muxclient, cursor, len, &wlen);
- if (err == IPHONE_E_TIMEOUT) {
+ err = usbmux_send(cdata->muxclient, cursor, len, &wlen);
+ if (err == -ETIMEDOUT) {
// some kind of timeout... just be patient and retry.
- } else if (err != IPHONE_E_SUCCESS) {
+ } else if (err < 0) {
if (verbose >= 2) logmsg(LOG_ERR, "%s[%d:%d]: USB write error: %d", __func__, cdata->dev->device_id, cdata->dev->use_count, err);
len = -1;
break;
@@ -502,7 +502,7 @@ static void *usbmuxd_bulk_reader_thread(void *arg)
}
pthread_mutex_unlock(&cur_dev->mutex);
- if ((err = iphone_mux_pullbulk(cur_dev->phone)) < 0) {
+ if ((err = usbmux_pullbulk(cur_dev->phone)) < 0) {
if (verbose >= 1) logmsg(LOG_ERR, "%s: error %d when reading from device", __func__, err);
break;
}
@@ -532,10 +532,8 @@ static void *usbmuxd_client_init_thread(void *arg)
int found = 0;
int res;
int i;
-// int sent_result;
-// iphone_error_t err;
- iphone_device_t phone = NULL;
+ usbmux_device_t phone = NULL;
struct device_info *cur_dev = NULL;
if (!arg) {
@@ -667,7 +665,7 @@ connect:
if (verbose >= 2) logmsg(LOG_NOTICE, "%s[%x]: creating new usb connection, device_id=%d", __func__, THREAD, c_req->device_id);
pthread_mutex_lock(&usb_mutex);
- if (iphone_get_specific_device(0, c_req->device_id, &phone) != IPHONE_E_SUCCESS) {
+ if (usbmux_get_specific_device(0, c_req->device_id, &phone) < 0) {
pthread_mutex_unlock(&usb_mutex);
pthread_mutex_unlock(&usbmux_mutex);
if (verbose >= 1) logmsg(LOG_ERR, "%s[%x]: device_id %d could not be opened", __func__, THREAD, c_req->device_id);
@@ -702,7 +700,7 @@ connect:
// setup connection to iPhone/iPod
// pthread_mutex_lock(&usbmux_mutex);
- res = iphone_mux_new_client(cur_dev->phone, 0, ntohs(c_req->tcp_dport), &(cdata->muxclient));
+ res = usbmux_new_client(cur_dev->phone, 0, ntohs(c_req->tcp_dport), &(cdata->muxclient));
// pthread_mutex_unlock(&usbmux_mutex);
if (res != 0) {
@@ -737,7 +735,7 @@ connect:
// time to clean up
if (cdata && cdata->muxclient) { // should be non-NULL
- iphone_mux_free_client(cdata->muxclient);
+ usbmux_free_client(cdata->muxclient);
}
leave:
@@ -768,7 +766,7 @@ leave:
pthread_join(cur_dev->bulk_reader, NULL);
}
pthread_mutex_lock(&usb_mutex);
- iphone_free_device(cur_dev->phone);
+ usbmux_free_device(cur_dev->phone);
pthread_mutex_unlock(&usb_mutex);
pthread_mutex_destroy(&cur_dev->writer_mutex);
pthread_mutex_destroy(&cur_dev->mutex);
@@ -1001,7 +999,7 @@ int main(int argc, char **argv)
chmod(USBMUXD_SOCKET_FILE, 0666);
- if (verbose >= 3) iphone_set_debug(1);
+ if (verbose >= 3) usbmux_set_debug(1);
if (!foreground) {
if (daemonize() < 0) {
diff --git a/usbmux.c b/usbmux.c
new file mode 100644
index 0000000..0a175ed
--- /dev/null
+++ b/usbmux.c
@@ -0,0 +1,1181 @@
+/*
+ * Copyright (c) 2008 Jing Su. All Rights Reserved.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+#include <stdint.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <string.h>
+#include <usb.h>
+#include <stdio.h>
+#include <arpa/inet.h>
+#include <errno.h>
+#include <pthread.h>
+#include "usbmux.h"
+
+#define BULKIN 0x85
+#define BULKOUT 0x04
+#define HEADERLEN 28
+
+static const uint8_t TCP_FIN = 1;
+static const uint8_t TCP_SYN = 1 << 1;
+static const uint8_t TCP_RST = 1 << 2;
+static const uint8_t TCP_PSH = 1 << 3;
+static const uint8_t TCP_ACK = 1 << 4;
+static const uint8_t TCP_URG = 1 << 5;
+
+// I have trouble figuring out how to properly manage the windowing to
+// the device. It keeps sending back 512 and seems to drop off a cliff
+// when the device gets overwhelmed. In addition, the device likes to
+// panic and send out RESETS before the window hits zero. Also, waiting
+// for responses seems to not be a winning strategy.
+//
+// Since I'm not sure how in the hell to interpret the window sizes that
+// the device is sending back to us, I've figured out some magic number
+// constants which seem to work okay.
+static const uint32_t WINDOW_MAX = 5 * 1024;
+static const uint32_t WINDOW_INCREMENT = 512;
+
+typedef struct {
+ char* buffer;
+ int leftover;
+ int capacity;
+} receivebuf_t;
+
+struct usbmux_device_int {
+ char *buffer;
+ struct usb_dev_handle *usbdev;
+ struct usb_device *__device;
+ receivebuf_t usbReceive;
+};
+
+typedef struct {
+ uint32_t type, length, major, minor, allnull;
+} usbmux_version_header;
+
+typedef struct {
+ uint32_t type, length;
+ uint16_t sport, dport;
+ uint32_t scnt, ocnt;
+ uint8_t offset, tcp_flags;
+ uint16_t window, nullnull, length16;
+} usbmux_tcp_header;
+
+struct usbmux_client_int {
+ usbmux_tcp_header *header;
+ usbmux_device_t device;
+
+ char *recv_buffer;
+ int r_len;
+ pthread_cond_t wait;
+
+ // this contains a conditional variable which usb-writers can wait
+ // on while waiting for window updates from the device.
+ pthread_cond_t wr_wait;
+ // I'm going to do something really cheesy here. We are going to
+ // just record the most recent scnt that we are expecting to hear
+ // back on. We will actually halt progress by limiting the number
+ // of outstanding un-acked bulk sends that we have beamed out.
+ uint32_t wr_pending_scnt;
+ long wr_window;
+
+ pthread_mutex_t mutex;
+
+ // this variable is not protected by the mutex. This will always
+ // be E_SUCCESS, unless an error of some kind breaks this stream.
+ // this will then be set to the error that caused the broken stream.
+ // no further operations other than free_client will be allowed.
+ int error;
+
+ int cleanup;
+};
+
+
+static pthread_mutex_t usbmuxmutex = PTHREAD_MUTEX_INITIALIZER;
+static usbmux_client_t *connlist = NULL;
+static int clients = 0;
+
+
+/**
+ */
+int toto_debug = 0;
+
+void usbmux_set_debug(int e)
+{
+ toto_debug = e;
+}
+
+void log_debug_msg(const char *format, ...)
+{
+#ifndef STRIP_DEBUG_CODE
+ va_list args;
+ /* run the real fprintf */
+ va_start(args, format);
+
+ if (toto_debug)
+ vfprintf(stderr, format, args);
+
+ va_end(args);
+#endif
+}
+
+#ifdef DEBUG
+/**
+ * for debugging purposes.
+ */
+static void print_buffer(const char *data, const int length)
+{
+ if (toto_debug <= 0) {
+ return;
+ }
+ int i;
+ int j;
+ unsigned char c;
+
+ for(i=0; i<length; i+=16) {
+ printf("%04x: ", i);
+ for (j=0;j<16;j++) {
+ if (i+j >= length) {
+ printf(" ");
+ continue;
+ }
+ printf("%02hhx ", *(data+i+j));
+ }
+ printf(" | ");
+ for(j=0;j<16;j++) {
+ if (i+j >= length)
+ break;
+ c = *(data+i+j);
+ if ((c < 32) || (c > 127)) {
+ printf(".");
+ continue;
+ }
+ printf("%c", c);
+ }
+ printf("\n");
+ }
+ printf("\n");
+}
+#endif
+
+void hton_header(usbmux_tcp_header *hdr)
+{
+ if (hdr) {
+ hdr->length = htonl(hdr->length);
+ hdr->scnt = htonl(hdr->scnt);
+ hdr->ocnt = htonl(hdr->ocnt);
+ hdr->length16 = htons(hdr->length16);
+ }
+}
+
+void ntoh_header(usbmux_tcp_header *hdr)
+{
+ if (hdr) {
+ hdr->length = ntohl(hdr->length);
+ hdr->scnt = ntohl(hdr->scnt);
+ hdr->ocnt = ntohl(hdr->ocnt);
+ hdr->length16 = ntohs(hdr->length16);
+ }
+}
+
+/** Creates a USBMux header containing version information
+ *
+ * @return A USBMux header
+ */
+usbmux_version_header *version_header()
+{
+ usbmux_version_header *version = (usbmux_version_header *) malloc(sizeof(usbmux_version_header));
+ version->type = 0;
+ version->length = htonl(20);
+ version->major = htonl(1);
+ version->minor = 0;
+ version->allnull = 0;
+ return version;
+}
+
+/**
+ * This function sets the configuration of the given device to 3
+ * and claims the interface 1. If usb_set_configuration fails, it detaches
+ * the kernel driver that blocks the device, and retries configuration.
+ *
+ * @param device which device to configure
+ */
+static int usbmux_config_usb_device(usbmux_device_t device)
+{
+ int ret;
+ int bytes;
+ char buf[512];
+
+#if 0
+ log_debug_msg("checking configuration...\n");
+ if (device->__device->config->bConfigurationValue != 3) {
+ log_debug_msg("WARNING: usb device configuration is not 3 as expected!\n");
+ }
+
+ log_debug_msg("setting configuration...\n");
+ ret = usb_set_configuration(device->device, 3);
+ if (ret != 0) {
+ log_debug_msg("Hm, usb_set_configuration returned %d: %s\n", ret, strerror(-ret));
+#if LIBUSB_HAS_GET_DRIVER_NP
+ log_debug_msg("trying to fix:\n");
+ log_debug_msg("-> detaching kernel driver... ");
+ ret = usb_detach_kernel_driver_np(device->device, device->__device->config->interface->altsetting->bInterfaceNumber);
+ if (ret != 0) {
+ log_debug_msg("usb_detach_kernel_driver_np returned %d: %s\n", ret, strerror(-ret));
+ } else {
+ log_debug_msg("done.\n");
+ log_debug_msg("setting configuration again... ");
+ ret = usb_set_configuration(device->device, 3);
+ if (ret != 0) {
+ log_debug_msg("Error: usb_set_configuration returned %d: %s\n", ret, strerror(-ret));
+ log_debug_msg("--> trying to continue anyway...\n");
+ } else {
+ log_debug_msg("done.\n");
+ }
+ }
+#else
+ log_debug_msg("--> trying to continue anyway...\n");
+#endif
+ } else {
+ log_debug_msg("done.\n");
+ }
+#endif
+
+ log_debug_msg("claiming interface... ");
+ ret = usb_claim_interface(device->usbdev, 1);
+ if (ret != 0) {
+ log_debug_msg("Error: usb_claim_interface returned %d: %s\n", ret, strerror(-ret));
+ return -ENODEV;
+ } else {
+ log_debug_msg("done.\n");
+ }
+
+ do {
+ bytes = usb_bulk_read(device->usbdev, BULKIN, buf, 512, 800);
+ } while (bytes > 0);
+
+ return 0;
+}
+
+/**
+ * Given a USB bus and device number, returns a device handle to the device on
+ * that bus. To aid compatibility with future devices, this function does not
+ * check the vendor and device IDs! To do that, you should use
+ * usbmux_get_device() or a system-specific API (e.g. HAL).
+ *
+ * @param bus_n The USB bus number.
+ * @param dev_n The USB device number.
+ * @param device A pointer to a usbmux_device_t, which must be set to NULL upon
+ * calling usbmux_get_specific_device, which will be filled with a device
+ * descriptor on return.
+ * @return 0 if ok, otherwise a negative errno value.
+ */
+int usbmux_get_specific_device(int bus_n, int dev_n, usbmux_device_t * device)
+{
+ struct usb_bus *bus;
+ struct usb_device *dev;
+ usbmux_version_header *version;
+ int bytes = 0;
+
+ //check we can actually write in device
+ if (!device || (device && *device))
+ return -EINVAL;
+
+ usbmux_device_t newdevice = (usbmux_device_t) malloc(sizeof(struct usbmux_device_int));
+
+ // Initialize the struct
+ newdevice->usbdev = NULL;
+ newdevice->__device = NULL;
+ newdevice->buffer = NULL;
+
+ // don't forget these:
+ newdevice->usbReceive.buffer = NULL;
+ newdevice->usbReceive.leftover = 0;
+ newdevice->usbReceive.capacity = 0;
+
+ // Initialize libusb
+ usb_init();
+ usb_find_busses();
+ usb_find_devices();
+
+ // Set the device configuration
+ for (bus = usb_get_busses(); bus; bus = bus->next)
+ //if (bus->location == bus_n)
+ for (dev = bus->devices; dev != NULL; dev = dev->next)
+ if (dev->devnum == dev_n) {
+ newdevice->__device = dev;
+ newdevice->usbdev = usb_open(newdevice->__device);
+ if (usbmux_config_usb_device(newdevice) == 0) {
+ goto found;
+ }
+ }
+
+ usbmux_free_device(newdevice);
+
+ log_debug_msg("usbmux_get_specific_device: device not found\n");
+ return -ENODEV;
+
+found:
+ // Send the version command to the device
+ version = version_header();
+ bytes = usb_bulk_write(newdevice->usbdev, BULKOUT, (char *) version, sizeof(*version), 800);
+ if (bytes < 20) {
+ log_debug_msg("%s: libusb did NOT send enough!\n", __func__);
+ if (bytes < 0) {
+ log_debug_msg("%s: libusb gave me the error %d: %s (%s)\n", __func__, bytes, usb_strerror(), strerror(-bytes));
+ }
+ }
+ // Read the device's response
+ bytes = usb_bulk_read(newdevice->usbdev, BULKIN, (char *) version, sizeof(*version), 800);
+
+ // Check for bad response
+ if (bytes < 20) {
+ free(version);
+ usbmux_free_device(newdevice);
+ log_debug_msg("%s: Invalid version message -- header too short.\n", __func__);
+ if (bytes < 0) {
+ log_debug_msg("%s: libusb error message %d: %s (%s)\n", __func__, bytes, usb_strerror(), strerror(-bytes));
+ return bytes;
+ }
+ return -EBADMSG;
+ }
+ // Check for correct version
+ if (ntohl(version->major) == 1 && ntohl(version->minor) == 0) {
+ // We're all ready to roll.
+ log_debug_msg("%s: success\n", __func__);
+ free(version);
+ *device = newdevice;
+ return 0;
+ } else {
+ // Bad header
+ usbmux_free_device(newdevice);
+ free(version);
+ log_debug_msg("%s: Received a bad header/invalid version number.", __func__);
+ return -EBADMSG;
+ }
+
+ // If it got to this point it's gotta be bad
+ log_debug_msg("%s: Unknown error.\n", __func__);
+ usbmux_free_device(newdevice);
+ free(version);
+ return -EBADMSG; // if it got to this point it's gotta be bad
+}
+
+/** Cleans up an usbmux_device_t structure, then frees the structure itself.
+ * This is a library-level function; deals directly with the device to tear
+ * down relations, but otherwise is mostly internal.
+ *
+ * @param device A pointer to an usbmux_device_t structure.
+ */
+int usbmux_free_device(usbmux_device_t device)
+{
+ char buf[512];
+ int bytes;
+
+ if (!device)
+ return -EINVAL;
+ int ret = 0;
+
+ if (device->usbdev) {
+ do {
+ bytes = usb_bulk_read(device->usbdev, BULKIN, buf, 512, 800);
+ } while (bytes > 0);
+ }
+
+ if (bytes < 0) {
+ ret = bytes;
+ }
+
+ if (device->buffer) {
+ free(device->buffer);
+ }
+ if (device->usbReceive.buffer) {
+ free(device->usbReceive.buffer);
+ }
+ if (device->usbdev) {
+ usb_release_interface(device->usbdev, 1);
+ usb_close(device->usbdev);
+ ret = 0;
+ }
+ free(device);
+
+ return ret;
+}
+
+
+
+/** Sends data to the device
+ * This is a low-level (i.e. directly to device) function.
+ *
+ * @param device The device to send data to
+ * @param data The data to send
+ * @param datalen The length of the data
+ * @return The number of bytes sent, or -ERRNO on error
+ */
+int send_to_device(usbmux_device_t device, char *data, int datalen)
+{
+ if (!device)
+ return -EINVAL;
+
+ int timeout = 1000;
+ int retrycount = 0;
+ int bytes = 0;
+
+#ifdef DEBUG
+ #ifdef DEBUG_MORE
+ printf("===============================\n%s: trying to send\n", __func__);
+ print_buffer(data, datalen);
+ printf("===============================\n");
+ #endif
+#endif
+ do {
+ if (retrycount > 3) {
+ log_debug_msg("EPIC FAIL! aborting on retry count overload.\n");
+ return -ECOMM;
+ }
+
+ bytes = usb_bulk_write(device->usbdev, BULKOUT, data, datalen, timeout);
+ if (bytes == -ETIMEDOUT) {
+ // timed out waiting for write.
+ log_debug_msg("usb_bulk_write timeout error.\n");
+ return bytes;
+ } else if (bytes < 0) {
+ log_debug_msg("usb_bulk_write failed with error. err:%d (%s)(%s)\n", bytes, usb_strerror(), strerror(-bytes));
+ return bytes;
+ } else if (bytes == 0) {
+ log_debug_msg("usb_bulk_write sent nothing. retrying.\n");
+ timeout = timeout * 4;
+ retrycount++;
+ continue;
+ } else if (bytes < datalen) {
+ log_debug_msg("usb_bulk_write failed to send full dataload. %d of %d\n", bytes, datalen);
+ timeout = timeout * 4;
+ retrycount++;
+ data += bytes;
+ datalen -= bytes;
+ continue;
+ }
+ } while(0); // fall out
+
+#ifdef DEBUG
+ if (bytes > 0) {
+ if (toto_debug > 0) {
+ printf(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n");
+ printf("%s: sent to device\n", __func__);
+ print_buffer(data, bytes);
+ printf(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n");
+ }
+ }
+#endif
+ return bytes;
+}
+
+/** Receives data from the device
+ * This function is a low-level (i.e. direct from device) function.
+ *
+ * @param device The device to receive data from
+ * @param data Where to put data read
+ * @param datalen How much data to read in
+ * @param timeout How many milliseconds to wait for data
+ *
+ * @return How many bytes were read in, or -1 on error.
+ */
+int recv_from_device_timeout(usbmux_device_t device, char *data, int datalen, int timeoutmillis)
+{
+ if (!device)
+ return -EINVAL;
+ //log_debug_msg("%s: attempting to receive %i bytes\n", __func__, datalen);
+
+ int bytes = usb_bulk_read(device->usbdev, BULKIN, data, datalen, timeoutmillis);
+ // There are some things which are errors, others which are no problem.
+ // It's not documented in libUSB, but it seems that the error values
+ // returned are just negated ERRNO values.
+ if (bytes < 0) {
+ if (bytes == -ETIMEDOUT) {
+ // ignore this. it just means timeout reached before we
+ // picked up any data. no problem.
+ return 0;
+ } else {
+ fprintf(stderr, "%s: libusb gave me the error %d: %s (%s)\n", __func__, bytes, usb_strerror(), strerror(-bytes));
+ log_debug_msg("%s: libusb gave me the error %d: %s (%s)\n", __func__, bytes, usb_strerror(), strerror(-bytes));
+ }
+ return bytes;
+ }
+
+#ifdef DEBUG
+ if (bytes > 0) {
+ if (toto_debug > 0) {
+ printf("<<<<<<<<<<<<<<<<<<<<<<<<<<<\n");
+ printf("%s: received from device:\n", __func__);
+ print_buffer(data, bytes);
+ printf("<<<<<<<<<<<<<<<<<<<<<<<<<<<\n");
+ }
+ }
+#endif
+
+ return bytes;
+}
+
+/** Creates a USBMux packet for the given set of ports.
+ *
+ * @param s_port The source port for the connection.
+ * @param d_port The destination port for the connection.
+ *
+ * @return A USBMux packet
+ */
+usbmux_tcp_header *new_mux_packet(uint16_t s_port, uint16_t d_port)
+{
+ usbmux_tcp_header *conn = (usbmux_tcp_header *) malloc(sizeof(usbmux_tcp_header));
+ conn->type = htonl(6);
+ conn->length = HEADERLEN;
+ conn->sport = htons(s_port);
+ conn->dport = htons(d_port);
+ conn->scnt = 0;
+ conn->ocnt = 0;
+ conn->offset = 0x50;
+ conn->window = htons(0x0200);
+ conn->nullnull = 0x0000;
+ conn->length16 = HEADERLEN;
+ return conn;
+}
+
+
+/** Removes a connection from the list of connections made.
+ * The list of connections is necessary for buffering.
+ *
+ * @param connection The connection to delete from the tracking list.
+ */
+static void delete_connection(usbmux_client_t connection)
+{
+ usbmux_client_t *newlist = NULL;
+
+ pthread_mutex_lock(&usbmuxmutex);
+
+ // update the global list of connections
+ if (clients > 1) {
+ newlist = (usbmux_client_t *) malloc(sizeof(usbmux_client_t) * (clients - 1));
+ int i = 0, j = 0;
+ for (i = 0; i < clients; i++) {
+ if (connlist[i] == connection)
+ continue;
+ else {
+ newlist[j] = connlist[i];
+ j++;
+ }
+ }
+ }
+ if (connlist) {
+ free(connlist);
+ }
+ connlist = newlist;
+ clients--;
+
+ // free up this connection
+ pthread_mutex_lock(&connection->mutex);
+ if (connection->recv_buffer)
+ free(connection->recv_buffer);
+ if (connection->header)
+ free(connection->header);
+ connection->r_len = 0;
+ pthread_mutex_unlock(&connection->mutex);
+ pthread_mutex_destroy(&connection->mutex);
+ free(connection);
+
+ pthread_mutex_unlock(&usbmuxmutex);
+}
+
+/** Adds a connection to the list of connections made.
+ * The connection list is necessary for buffering.
+ *
+ * @param connection The connection to add to the global list of connections.
+ */
+
+static void add_connection(usbmux_client_t connection)
+{
+ pthread_mutex_lock(&usbmuxmutex);
+ usbmux_client_t *newlist =
+ (usbmux_client_t *) realloc(connlist, sizeof(usbmux_client_t) * (clients + 1));
+ newlist[clients] = connection;
+ connlist = newlist;
+ clients++;
+ pthread_mutex_unlock(&usbmuxmutex);
+}
+
+/**
+ * Get a source port number that is not used by one of our connections
+ * This is needed for us to make sure we are not sending on another
+ * connection.
+ */
+static uint16_t get_free_port()
+{
+ int i;
+ uint16_t newport = 30000;
+ int cnt = 0;
+
+ pthread_mutex_lock(&usbmuxmutex);
+ while (1) {
+ cnt = 0;
+ for (i = 0; i < clients; i++) {
+ if (ntohs(connlist[i]->header->sport) == newport) {
+ cnt++;
+ }
+ }
+ if (cnt == 0) {
+ // newport is not used in our list of connections!
+ break;
+ } else {
+ newport++;
+ if (newport < 30000) {
+ // if all ports from 30000 to 65535 are in use,
+ // the value wraps (16-bit overflow)
+ // return 0, no port is available.
+ // This should not happen, but just in case ;)
+ newport = 0;
+ break;
+ }
+ }
+ }
+ pthread_mutex_unlock(&usbmuxmutex);
+
+ return newport;
+}
+
+/** Initializes a connection to 'device' with source port s_port and destination port d_port
+ *
+ * @param device The device to initialize a connection on.
+ * @param src_port The source port
+ * @param dst_port The destination port -- 0xf27e for lockdownd.
+ * @param client A mux TCP header for the connection which is used for tracking and data transfer.
+ * @return 0 on success, a negative errno value otherwise.
+ */
+int usbmux_new_client(usbmux_device_t device, uint16_t src_port, uint16_t dst_port, usbmux_client_t * client)
+{
+ if (!device || !dst_port)
+ return -EINVAL;
+
+ src_port = get_free_port();
+
+ if (!src_port) {
+ // this is a special case, if we get 0, this is not good, so
+ return -EISCONN; // TODO: error code suitable?
+ }
+
+ // Initialize connection stuff
+ usbmux_client_t new_connection = (usbmux_client_t) malloc(sizeof(struct usbmux_client_int));
+ new_connection->header = new_mux_packet(src_port, dst_port);
+
+ // send TCP syn
+ if (new_connection && new_connection->header) {
+ int err = 0;
+ new_connection->header->tcp_flags = TCP_SYN;
+ new_connection->header->length = new_connection->header->length;
+ new_connection->header->length16 = new_connection->header->length16;
+ new_connection->header->scnt = 0;
+ new_connection->header->ocnt = 0;
+ new_connection->device = device;
+ new_connection->recv_buffer = NULL;
+ new_connection->r_len = 0;
+ pthread_cond_init(&new_connection->wait, NULL);
+ pthread_mutex_init(&new_connection->mutex, NULL);
+ pthread_cond_init(&new_connection->wr_wait, NULL);
+ new_connection->wr_pending_scnt = 0;
+ new_connection->wr_window = 0;
+ add_connection(new_connection);
+ new_connection->error = 0;
+ new_connection->cleanup = 0;
+ hton_header(new_connection->header);
+ log_debug_msg("%s: send_to_device (%d --> %d)\n", __func__, ntohs(new_connection->header->sport), ntohs(new_connection->header->dport));
+ err = send_to_device(device, (char *) new_connection->header, sizeof(usbmux_tcp_header));
+ if (err >= 0) {
+ *client = new_connection;
+ return 0;
+ } else {
+ delete_connection(new_connection);
+ return err;
+ }
+ }
+ // if we get to this point it's probably bad
+ return -ENOMEM;
+}
+
+/** Cleans up the given USBMux connection.
+ * @note Once a connection is closed it may not be used again.
+ *
+ * @param connection The connection to close.
+ *
+ * @return 0 on success or a negative errno value on error.
+ */
+int usbmux_free_client(usbmux_client_t client)
+{
+ if (!client || !client->device)
+ return -EINVAL;
+
+ int err = 0;
+ int result = 0;
+ pthread_mutex_lock(&client->mutex);
+ client->header->tcp_flags = TCP_FIN;
+ client->header->length = 0x1C;
+ client->header->window = 0;
+ client->header->length16 = 0x1C;
+ hton_header(client->header);
+
+ err = send_to_device(client->device, (char*)client->header, sizeof(usbmux_tcp_header));
+ if (err < 0) {
+ log_debug_msg("%s: error sending TCP_FIN\n", __func__);
+ result = err;
+ }
+
+ client->cleanup = 1;
+
+ // make sure we don't have any last-minute laggards waiting on this.
+ // I put it after the mutex unlock because we have cases where the
+ // conditional wait is dependent on re-grabbing that mutex.
+ pthread_cond_broadcast(&client->wait);
+ pthread_cond_destroy(&client->wait);
+ pthread_cond_broadcast(&client->wr_wait);
+ pthread_cond_destroy(&client->wr_wait);
+
+ pthread_mutex_unlock(&client->mutex);
+
+ return result;
+}
+
+/** Sends the given data over the selected connection.
+ *
+ * @param client The client we're sending data on.
+ * @param data A pointer to the data to send.
+ * @param datalen How much data we're sending.
+ * @param sent_bytes The number of bytes sent, minus the header (28)
+ *
+ * @return 0 on success or a negative errno value on error.
+ */
+int usbmux_send(usbmux_client_t client, const char *data, uint32_t datalen, uint32_t * sent_bytes)
+{
+ if (!client->device || !client || !sent_bytes)
+ return -EINVAL;
+
+ if (client->error < 0) {
+ return client->error;
+ }
+
+ *sent_bytes = 0;
+ pthread_mutex_lock(&client->mutex);
+
+ int sendresult = 0;
+ uint32_t blocksize = 0;
+ if (client->wr_window <= 0) {
+ struct timespec ts;
+ clock_gettime(CLOCK_REALTIME, &ts);
+ //ts.tv_sec += 1;
+ ts.tv_nsec += 750 * 1000;
+ if (pthread_cond_timedwait(&client->wait, &client->mutex, &ts) == ETIMEDOUT) {
+ // timed out. optimistically grow the window and try to make progress
+ client->wr_window += WINDOW_INCREMENT;
+ }
+ }
+
+ blocksize = sizeof(usbmux_tcp_header) + datalen;
+
+ // client->scnt and client->ocnt should already be in host notation...
+ // we don't need to change them juuuust yet.
+ char *buffer = (char *) malloc(blocksize + 2); // allow 2 bytes of safety padding
+ // Set the length
+ client->header->length = blocksize;
+ client->header->length16 = blocksize;
+
+ // Put header into big-endian notation
+ hton_header(client->header);
+ // Concatenation of stuff in the buffer.
+ memcpy(buffer, client->header, sizeof(usbmux_tcp_header));
+ memcpy(buffer + sizeof(usbmux_tcp_header), data, datalen);
+
+ log_debug_msg("%s: send_to_device(%d --> %d)\n", __func__, ntohs(client->header->sport), ntohs(client->header->dport));
+ sendresult = send_to_device(client->device, buffer, blocksize);
+ // Now that we've sent it off, we can clean up after our sloppy selves.
+ if (buffer)
+ free(buffer);
+
+ // revert header fields that have been swapped before trying to send
+ ntoh_header(client->header);
+
+ // update counts ONLY if the send succeeded.
+ if ((uint32_t)sendresult == blocksize) {
+ // Re-calculate scnt
+ client->header->scnt += datalen;
+ client->wr_window -= blocksize;
+ }
+
+ pthread_mutex_unlock(&client->mutex);
+
+ if (sendresult == -ETIMEDOUT || sendresult == 0) {
+ // no problem for now...
+ *sent_bytes = 0;
+ return -ETIMEDOUT;
+ } else if (sendresult < 0) {
+ return sendresult;
+ } else if ((uint32_t)sendresult == blocksize) {
+ // actual number of data bytes sent.
+ *sent_bytes = sendresult - HEADERLEN;
+ return 0;
+ } else {
+ fprintf(stderr, "usbsend managed to dump a packet that is not full size. %d of %d\n", sendresult, blocksize);
+ return -EBADMSG;
+ }
+}
+
+/** append the packet's DATA to the receive buffer for the client.
+ *
+ * this has a few other corner-case functions:
+ * 1. this will properly handle the handshake syn+ack.
+ * 2. for all receives, this will appropriately update the ocnt.
+ *
+ * @return number of bytes consumed (header + data)
+ */
+uint32_t append_receive_buffer(usbmux_client_t client, char* packet)
+{
+ if (client == NULL || packet == NULL) return 0;
+
+ usbmux_tcp_header *header = (usbmux_tcp_header *) packet;
+ char* data = &packet[HEADERLEN];
+ uint32_t packetlen = ntohl(header->length);
+ uint32_t datalen = packetlen-HEADERLEN;
+
+ int dobroadcast = 0;
+
+ pthread_mutex_lock(&client->mutex);
+
+ // we need to handle a few corner case tasks and book-keeping which
+ // falls on our responsibility because we are the ones reading in
+ // feedback.
+ if (client->header->scnt == 0 && client->header->ocnt == 0 ) {
+ log_debug_msg("client is still waiting for handshake.\n");
+ if (header->tcp_flags == (TCP_SYN | TCP_ACK)) {
+ log_debug_msg("yes, got syn+ack ; replying with ack.\n");
+ client->header->tcp_flags = TCP_ACK;
+ client->header->length = sizeof(usbmux_tcp_header);
+ client->header->length16 = sizeof(usbmux_tcp_header);
+ client->header->scnt += 1;
+ client->header->ocnt = header->ocnt;
+ hton_header(client->header);
+ // push it to USB
+ // TODO: need to check for error in the send here.... :(
+ log_debug_msg("%s: send_to_device (%d --> %d)\n", __func__, ntohs(client->header->sport), ntohs(client->header->dport));
+ if (send_to_device(client->device, (char *)client->header, sizeof(usbmux_tcp_header)) <= 0) {
+ log_debug_msg("%s: error when pushing to usb...\n", __func__);
+ }
+ // need to revert some of the fields back to host notation.
+ ntoh_header(client->header);
+ } else {
+ client->error = -ECONNABORTED;
+ // woah... this connection failed us.
+ // TODO: somehow signal that this stream is a no-go.
+ log_debug_msg("WOAH! client failed to get proper syn+ack.\n");
+ }
+ }
+
+ // update TCP counters and windows.
+ //
+ // save the window that we're getting from the USB device.
+ // apparently the window is bigger than just the 512 that's typically
+ // advertised. iTunes apparently shifts this value by 8 to get a much
+ // larger number.
+ if (header->tcp_flags & TCP_RST) {
+ client->error = -ECONNRESET;
+
+ if (datalen > 0) {
+ char e_msg[128];
+ e_msg[0] = 0;
+ if (datalen > 1) {
+ memcpy(e_msg, data+1, datalen-1);
+ e_msg[datalen-1] = 0;
+ }
+ // fetch the message
+ switch(data[0]) {
+ case 0:
+ // this is not an error, it's just a status message.
+ log_debug_msg("received status message: %s\n", e_msg);
+ datalen = 0;
+ break;
+ case 1:
+ log_debug_msg("received error message: %s\n", e_msg);
+ datalen = 0;
+ break;
+ default:
+ log_debug_msg("received unknown message (type 0x%02x): %s\n", data[0], e_msg);
+ //datalen = 0; // <-- we let this commented out for testing
+ break;
+ }
+ } else {
+ log_debug_msg("peer sent connection reset. setting error: %d\n", client->error);
+ }
+ }
+
+ // the packet's ocnt tells us how much of our data the device has received.
+ if (header->tcp_flags & TCP_ACK) {
+ // this is a hacky magic number condition. it seems that once
+ // the window reported by the device starts to drop below this
+ // number, we quickly fall into connection reset problems.
+ // Once we see the reported window size start falling off,
+ // ut off and wait for solid acks to come back.
+ if (ntohs(header->window) < 256)
+ client->wr_window = 0;
+
+ // check what just got acked.
+ if (ntohl(header->ocnt) < client->header->scnt) {
+ // we got some kind of ack, but it hasn't caught up
+ // with the pending that have been sent.
+ pthread_cond_broadcast(&client->wr_wait);
+ } else if (ntohl(header->ocnt) > /*client->wr_pending_scnt*/ client->header->scnt) {
+ fprintf(stderr, "WTF?! acks overtook pending outstanding. %u,%u\n", ntohl(header->ocnt), client->wr_pending_scnt);
+ } else {
+ // reset the window
+ client->wr_window = WINDOW_MAX;
+ pthread_cond_broadcast(&client->wr_wait);
+ }
+ }
+
+ // the packet's scnt will be our new ocnt.
+ client->header->ocnt = ntohl(header->scnt);
+
+ // ensure there is enough space, either by first malloc or realloc
+ if (datalen > 0) {
+ log_debug_msg("%s: putting %d bytes into client's recv_buffer\n", __func__, datalen);
+ if (client->r_len == 0)
+ dobroadcast = 1;
+
+ if (client->recv_buffer == NULL) {
+ client->recv_buffer = malloc(datalen);
+ client->r_len = 0;
+ } else {
+ client->recv_buffer = realloc(client->recv_buffer, client->r_len + datalen);
+ }
+
+ memcpy(&client->recv_buffer[client->r_len], data, datalen);
+ client->r_len += datalen;
+ }
+
+ pthread_mutex_unlock(&client->mutex);
+
+ // I put this outside the mutex unlock just so that when the threads
+ // wake, we don't have to do another round of unlock+try to grab.
+ if (dobroadcast)
+ pthread_cond_broadcast(&client->wait);
+
+ return packetlen;
+}
+
+/**
+ * @note THERE IS NO MUTEX LOCK IN THIS FUNCTION!
+ * because we're only called from one location, pullbulk, where the lock
+ * is already held.
+ */
+usbmux_client_t find_client(usbmux_tcp_header* recv_header)
+{
+ // remember, as we're looking for the client, the receive header is
+ // coming from the USB into our client. This means that when we check
+ // the src/dst ports, we need to reverse them.
+ usbmux_client_t retval = NULL;
+
+ // just for debugging check, I'm going to convert the numbers to host-endian.
+ uint16_t hsport = ntohs(recv_header->sport);
+ uint16_t hdport = ntohs(recv_header->dport);
+
+ pthread_mutex_lock(&usbmuxmutex);
+ int i;
+ for (i = 0; i < clients; i++) {
+ uint16_t csport = ntohs(connlist[i]->header->sport);
+ uint16_t cdport = ntohs(connlist[i]->header->dport);
+
+ if (hsport == cdport && hdport == csport) {
+ retval = connlist[i];
+ break;
+ }
+ }
+ pthread_mutex_unlock(&usbmuxmutex);
+
+ return retval;
+}
+
+/** pull in a big USB bulk packet and distribute it to queues appropriately.
+ */
+int usbmux_pullbulk(usbmux_device_t device)
+{
+ if (!device)
+ return -EINVAL;
+
+ int res = 0;
+ static const int DEFAULT_CAPACITY = 128*1024;
+ if (device->usbReceive.buffer == NULL) {
+ device->usbReceive.capacity = DEFAULT_CAPACITY;
+ device->usbReceive.buffer = malloc(device->usbReceive.capacity);
+ device->usbReceive.leftover = 0;
+ }
+
+ // start the cursor off just ahead of the leftover.
+ char* cursor = &device->usbReceive.buffer[device->usbReceive.leftover];
+ // pull in content, note that the amount we can pull is capacity minus leftover
+ int readlen = recv_from_device_timeout(device, cursor, device->usbReceive.capacity - device->usbReceive.leftover, 3000);
+ if (readlen < 0) {
+ res = readlen;
+ //fprintf(stderr, "recv_from_device_timeout gave us an error.\n");
+ readlen = 0;
+ }
+ if (readlen > 0) {
+ //fprintf(stdout, "recv_from_device_timeout pulled an extra %d bytes\n", readlen);
+ }
+
+ // the amount of content we have to work with is the remainder plus
+ // what we managed to read
+ device->usbReceive.leftover += readlen;
+
+ // reset the cursor to the front of that buffer and work through
+ // trying to decode packets out of them.
+ cursor = device->usbReceive.buffer;
+ while (1) {
+ // check if there's even sufficient data to decode a header
+ if (device->usbReceive.leftover < HEADERLEN)
+ break;
+ usbmux_tcp_header *header = (usbmux_tcp_header *) cursor;
+
+ log_debug_msg("%s: recv_from_device_timeout (%d --> %d)\n", __func__, ntohs(header->sport), ntohs(header->dport));
+
+ // now that we have a header, check if there is sufficient data
+ // to construct a full packet, including its data
+ uint32_t packetlen = ntohl(header->length);
+ if ((uint32_t)device->usbReceive.leftover < packetlen) {
+ fprintf(stderr, "%s: not enough data to construct a full packet\n", __func__);
+ break;
+ }
+
+ // ok... find the client this packet will get stuffed to.
+ usbmux_client_t client = find_client(header);
+ if (client == NULL) {
+ log_debug_msg("WARNING: client for packet cannot be found. dropping packet.\n");
+ } else {
+ // stuff the data
+ log_debug_msg("%s: found client, calling append_receive_buffer\n", __func__);
+ append_receive_buffer(client, cursor);
+
+ // perhaps this is too general, == -ECONNRESET
+ // might be a better check here
+ if (client->error < 0) {
+ pthread_mutex_lock(&client->mutex);
+ if (client->cleanup) {
+ pthread_mutex_unlock(&client->mutex);
+ log_debug_msg("freeing up connection (%d->%d)\n", ntohs(client->header->sport), ntohs(client->header->dport));
+ delete_connection(client);
+ } else {
+ pthread_mutex_unlock(&client->mutex);
+ }
+ }
+ }
+
+ // move the cursor and account for the consumption
+ cursor += packetlen;
+ device->usbReceive.leftover -= packetlen;
+ }
+
+ // now, we need to manage any leftovers.
+ // I'm going to manage the leftovers by alloc'ing a new block and
+ // copyingthe leftovers to it. This is just to prevent problems with
+ // memory moves where there may be overlap. Besides, the leftovers
+ // should be small enough that this copy is minimal in overhead.
+ //
+ // if there are no leftovers, we just leave the datastructure as is,
+ // and re-use the block next time.
+ if (device->usbReceive.leftover > 0 && cursor != device->usbReceive.buffer) {
+ log_debug_msg("%s: we got a leftover, so handle it\n", __func__);
+ char* newbuff = malloc(DEFAULT_CAPACITY);
+ memcpy(newbuff, cursor, device->usbReceive.leftover);
+ free(device->usbReceive.buffer);
+ device->usbReceive.buffer = newbuff;
+ device->usbReceive.capacity = DEFAULT_CAPACITY;
+ }
+
+ return res;
+}
+
+/**
+ * return the error code stored in usbmux_client_t structure,
+ * e.g. non-zero when an usb read error occurs.
+ *
+ * @param client the usbmux client
+ *
+ * @return 0 or a negative errno value.
+ */
+int usbmux_get_error(usbmux_client_t client)
+{
+ if (!client) {
+ return 0;
+ }
+ return client->error;
+}
+
+/** This function reads from the client's recv_buffer.
+ *
+ * @param client The client to receive data from.
+ * @param data Where to put the data we receive.
+ * @param datalen How much data to read.
+ * @param timeout How many milliseconds to wait for data
+ *
+ * @return 0 on success or a negative errno value on failure.
+ */
+int usbmux_recv_timeout(usbmux_client_t client, char *data, uint32_t datalen, uint32_t * recv_bytes, int timeout)
+{
+
+ if (!client || !data || datalen == 0 || !recv_bytes)
+ return -EINVAL;
+
+ if (client->error < 0)
+ return client->error;
+
+ pthread_mutex_lock(&client->mutex);
+
+ if (timeout > 0 && (client->recv_buffer == NULL || client->r_len == 0)) {
+ struct timespec ts;
+ clock_gettime(CLOCK_REALTIME, &ts);
+ ts.tv_sec += timeout/1000;
+ ts.tv_nsec += (timeout-((int)(timeout/1000))*1000)*1000;
+ pthread_cond_timedwait(&client->wait, &client->mutex, &ts);
+ }
+
+ *recv_bytes = 0;
+ if (client->recv_buffer != NULL && client->r_len > 0) {
+ uint32_t foolen = datalen;
+ if ((int)foolen > client->r_len)
+ foolen = client->r_len;
+ memcpy(data, client->recv_buffer, foolen);
+ *recv_bytes = foolen;
+
+ // preserve any left-over unread amounts.
+ int remainder = client->r_len - foolen;
+ if (remainder > 0) {
+ char* newbuf = malloc(remainder);
+ memcpy(newbuf, client->recv_buffer + foolen, remainder);
+ client->r_len = remainder;
+ free(client->recv_buffer);
+ client->recv_buffer = newbuf;
+ } else {
+ free(client->recv_buffer);
+ client->recv_buffer = NULL;
+ client->r_len = 0;
+ }
+ }
+
+ pthread_mutex_unlock(&client->mutex);
+
+ return 0;
+}
diff --git a/usbmux.h b/usbmux.h
new file mode 100644
index 0000000..2bcdb15
--- /dev/null
+++ b/usbmux.h
@@ -0,0 +1,51 @@
+/*
+ * Copyright (c) 2008 Jing Su. All Rights Reserved.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef __USBMUX_H__
+#define __USBMUX_H__
+
+#include <stdint.h>
+#include <sys/types.h>
+//#include <sys/stat.h>
+
+
+void usbmux_set_debug(int e);
+
+struct usbmux_device_int;
+typedef struct usbmux_device_int *usbmux_device_t;
+
+struct usbmux_client_int;
+typedef struct usbmux_client_int *usbmux_client_t;
+
+int usbmux_get_device ( usbmux_device_t *device );
+int usbmux_get_specific_device(int bus_n, int dev_n, usbmux_device_t * device);
+int usbmux_free_device ( usbmux_device_t device );
+
+
+int usbmux_new_client ( usbmux_device_t device, uint16_t src_port, uint16_t dst_port, usbmux_client_t *client );
+int usbmux_free_client ( usbmux_client_t client );
+
+int usbmux_send(usbmux_client_t client, const char *data, uint32_t datalen, uint32_t * sent_bytes);
+
+int usbmux_recv_timeout(usbmux_client_t client, char *data, uint32_t datalen, uint32_t * recv_bytes, int timeout);
+
+int usbmux_pullbulk(usbmux_device_t device);
+
+int usbmux_get_error(usbmux_client_t client);
+
+#endif