Bug Summary

File:slirp/slirp.c
Location:line 844, column 34
Description:The left operand of '==' is a garbage value

Annotated Source Code

1/*
2 * libslirp glue
3 *
4 * Copyright (c) 2004-2008 Fabrice Bellard
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22 * THE SOFTWARE.
23 */
24#include "qemu-common.h"
25#include "qemu/timer.h"
26#include "sysemu/char.h"
27#include "slirp.h"
28#include "hw/hw.h"
29
30/* host loopback address */
31struct in_addr loopback_addr;
32/* host loopback network mask */
33unsigned long loopback_mask;
34
35/* emulated hosts use the MAC addr 52:55:IP:IP:IP:IP */
36static const uint8_t special_ethaddr[ETH_ALEN6] = {
37 0x52, 0x55, 0x00, 0x00, 0x00, 0x00
38};
39
40static const uint8_t zero_ethaddr[ETH_ALEN6] = { 0, 0, 0, 0, 0, 0 };
41
42u_int curtime;
43
44static QTAILQ_HEAD(slirp_instances, Slirp)struct slirp_instances { struct Slirp *tqh_first; struct Slirp
* *tqh_last; } slirp_instances =
45 QTAILQ_HEAD_INITIALIZER(slirp_instances){ ((void*)0), &(slirp_instances).tqh_first };
46
47static struct in_addr dns_addr;
48static u_int dns_addr_time;
49
50#define TIMEOUT_FAST2 2 /* milliseconds */
51#define TIMEOUT_SLOW499 499 /* milliseconds */
52/* for the aging of certain requests like DNS */
53#define TIMEOUT_DEFAULT1000 1000 /* milliseconds */
54
55#ifdef _WIN32
56
57int get_dns_addr(struct in_addr *pdns_addr)
58{
59 FIXED_INFO *FixedInfo=NULL((void*)0);
60 ULONG BufLen;
61 DWORD ret;
62 IP_ADDR_STRING *pIPAddr;
63 struct in_addr tmp_addr;
64
65 if (dns_addr.s_addr != 0 && (curtime - dns_addr_time) < TIMEOUT_DEFAULT1000) {
66 *pdns_addr = dns_addr;
67 return 0;
68 }
69
70 FixedInfo = (FIXED_INFO *)GlobalAlloc(GPTR, sizeof(FIXED_INFO));
71 BufLen = sizeof(FIXED_INFO);
72
73 if (ERROR_BUFFER_OVERFLOW == GetNetworkParams(FixedInfo, &BufLen)) {
74 if (FixedInfo) {
75 GlobalFree(FixedInfo);
76 FixedInfo = NULL((void*)0);
77 }
78 FixedInfo = GlobalAlloc(GPTR, BufLen);
79 }
80
81 if ((ret = GetNetworkParams(FixedInfo, &BufLen)) != ERROR_SUCCESS) {
82 printf("GetNetworkParams failed. ret = %08x\n", (u_int)ret );
83 if (FixedInfo) {
84 GlobalFree(FixedInfo);
85 FixedInfo = NULL((void*)0);
86 }
87 return -1;
88 }
89
90 pIPAddr = &(FixedInfo->DnsServerList);
91 inet_aton(pIPAddr->IpAddress.String, &tmp_addr);
92 *pdns_addr = tmp_addr;
93 dns_addr = tmp_addr;
94 dns_addr_time = curtime;
95 if (FixedInfo) {
96 GlobalFree(FixedInfo);
97 FixedInfo = NULL((void*)0);
98 }
99 return 0;
100}
101
102static void winsock_cleanup(void)
103{
104 WSACleanup();
105}
106
107#else
108
109static struct stat dns_addr_stat;
110
111int get_dns_addr(struct in_addr *pdns_addr)
112{
113 char buff[512];
114 char buff2[257];
115 FILE *f;
116 int found = 0;
117 struct in_addr tmp_addr;
118
119 if (dns_addr.s_addr != 0) {
120 struct stat old_stat;
121 if ((curtime - dns_addr_time) < TIMEOUT_DEFAULT1000) {
122 *pdns_addr = dns_addr;
123 return 0;
124 }
125 old_stat = dns_addr_stat;
126 if (stat("/etc/resolv.conf", &dns_addr_stat) != 0)
127 return -1;
128 if ((dns_addr_stat.st_dev == old_stat.st_dev)
129 && (dns_addr_stat.st_ino == old_stat.st_ino)
130 && (dns_addr_stat.st_size == old_stat.st_size)
131 && (dns_addr_stat.st_mtimest_mtim.tv_sec == old_stat.st_mtimest_mtim.tv_sec)) {
132 *pdns_addr = dns_addr;
133 return 0;
134 }
135 }
136
137 f = fopen("/etc/resolv.conf", "r");
138 if (!f)
139 return -1;
140
141#ifdef DEBUG
142 lprint("IP address of your DNS(s): ");
143#endif
144 while (fgets(buff, 512, f) != NULL((void*)0)) {
145 if (sscanf(buff, "nameserver%*[ \t]%256s", buff2) == 1) {
146 if (!inet_aton(buff2, &tmp_addr))
147 continue;
148 /* If it's the first one, set it to dns_addr */
149 if (!found) {
150 *pdns_addr = tmp_addr;
151 dns_addr = tmp_addr;
152 dns_addr_time = curtime;
153 }
154#ifdef DEBUG
155 else
156 lprint(", ");
157#endif
158 if (++found > 3) {
159#ifdef DEBUG
160 lprint("(more)");
161#endif
162 break;
163 }
164#ifdef DEBUG
165 else
166 lprint("%s", inet_ntoa(tmp_addr));
167#endif
168 }
169 }
170 fclose(f);
171 if (!found)
172 return -1;
173 return 0;
174}
175
176#endif
177
178static void slirp_init_once(void)
179{
180 static int initialized;
181#ifdef _WIN32
182 WSADATA Data;
183#endif
184
185 if (initialized) {
186 return;
187 }
188 initialized = 1;
189
190#ifdef _WIN32
191 WSAStartup(MAKEWORD(2,0), &Data);
192 atexit(winsock_cleanup);
193#endif
194
195 loopback_addr.s_addr = htonl(INADDR_LOOPBACK((in_addr_t) 0x7f000001));
196 loopback_mask = htonl(IN_CLASSA_NET0xff000000);
197}
198
199static void slirp_state_save(QEMUFile *f, void *opaque);
200static int slirp_state_load(QEMUFile *f, void *opaque, int version_id);
201
202Slirp *slirp_init(int restricted, struct in_addr vnetwork,
203 struct in_addr vnetmask, struct in_addr vhost,
204 const char *vhostname, const char *tftp_path,
205 const char *bootfile, struct in_addr vdhcp_start,
206 struct in_addr vnameserver, const char **vdnssearch,
207 void *opaque)
208{
209 Slirp *slirp = g_malloc0(sizeof(Slirp));
210
211 slirp_init_once();
212
213 slirp->restricted = restricted;
214
215 if_init(slirp);
216 ip_init(slirp);
217
218 /* Initialise mbufs *after* setting the MTU */
219 m_init(slirp);
220
221 slirp->vnetwork_addr = vnetwork;
222 slirp->vnetwork_mask = vnetmask;
223 slirp->vhost_addr = vhost;
224 if (vhostname) {
225 pstrcpy(slirp->client_hostname, sizeof(slirp->client_hostname),
226 vhostname);
227 }
228 slirp->tftp_prefix = g_strdup(tftp_path);
229 slirp->bootp_filename = g_strdup(bootfile);
230 slirp->vdhcp_startaddr = vdhcp_start;
231 slirp->vnameserver_addr = vnameserver;
232
233 if (vdnssearch) {
234 translate_dnssearch(slirp, vdnssearch);
235 }
236
237 slirp->opaque = opaque;
238
239 register_savevm(NULL((void*)0), "slirp", 0, 3,
240 slirp_state_save, slirp_state_load, slirp);
241
242 QTAILQ_INSERT_TAIL(&slirp_instances, slirp, entry)do { (slirp)->entry.tqe_next = ((void*)0); (slirp)->entry
.tqe_prev = (&slirp_instances)->tqh_last; *(&slirp_instances
)->tqh_last = (slirp); (&slirp_instances)->tqh_last
= &(slirp)->entry.tqe_next; } while ( 0);
243
244 return slirp;
245}
246
247void slirp_cleanup(Slirp *slirp)
248{
249 QTAILQ_REMOVE(&slirp_instances, slirp, entry)do { if (((slirp)->entry.tqe_next) != ((void*)0)) (slirp)->
entry.tqe_next->entry.tqe_prev = (slirp)->entry.tqe_prev
; else (&slirp_instances)->tqh_last = (slirp)->entry
.tqe_prev; *(slirp)->entry.tqe_prev = (slirp)->entry.tqe_next
; } while ( 0);
250
251 unregister_savevm(NULL((void*)0), "slirp", slirp);
252
253 ip_cleanup(slirp);
254 m_cleanup(slirp);
255
256 g_free(slirp->vdnssearch);
257 g_free(slirp->tftp_prefix);
258 g_free(slirp->bootp_filename);
259 g_free(slirp);
260}
261
262#define CONN_CANFSEND(so)(((so)->so_state & (0x010|0x004)) == 0x004) (((so)->so_state & (SS_FCANTSENDMORE0x010|SS_ISFCONNECTED0x004)) == SS_ISFCONNECTED0x004)
263#define CONN_CANFRCV(so)(((so)->so_state & (0x008|0x004)) == 0x004) (((so)->so_state & (SS_FCANTRCVMORE0x008|SS_ISFCONNECTED0x004)) == SS_ISFCONNECTED0x004)
264
265static void slirp_update_timeout(uint32_t *timeout)
266{
267 Slirp *slirp;
268 uint32_t t;
269
270 if (*timeout <= TIMEOUT_FAST2) {
271 return;
272 }
273
274 t = MIN(1000, *timeout)(((1000) < (*timeout)) ? (1000) : (*timeout));
275
276 /* If we have tcp timeout with slirp, then we will fill @timeout with
277 * more precise value.
278 */
279 QTAILQ_FOREACH(slirp, &slirp_instances, entry)for ((slirp) = ((&slirp_instances)->tqh_first); (slirp
); (slirp) = ((slirp)->entry.tqe_next)) {
280 if (slirp->time_fasttimo) {
281 *timeout = TIMEOUT_FAST2;
282 return;
283 }
284 if (slirp->do_slowtimo) {
285 t = MIN(TIMEOUT_SLOW, t)(((499) < (t)) ? (499) : (t));
286 }
287 }
288 *timeout = t;
289}
290
291void slirp_pollfds_fill(GArray *pollfds, uint32_t *timeout)
292{
293 Slirp *slirp;
294 struct socket *so, *so_next;
295
296 if (QTAILQ_EMPTY(&slirp_instances)((&slirp_instances)->tqh_first == ((void*)0))) {
297 return;
298 }
299
300 /*
301 * First, TCP sockets
302 */
303
304 QTAILQ_FOREACH(slirp, &slirp_instances, entry)for ((slirp) = ((&slirp_instances)->tqh_first); (slirp
); (slirp) = ((slirp)->entry.tqe_next)) {
305 /*
306 * *_slowtimo needs calling if there are IP fragments
307 * in the fragment queue, or there are TCP connections active
308 */
309 slirp->do_slowtimo = ((slirp->tcb.so_next != &slirp->tcb) ||
310 (&slirp->ipq.ip_link != slirp->ipq.ip_link.next));
311
312 for (so = slirp->tcb.so_next; so != &slirp->tcb;
313 so = so_next) {
314 int events = 0;
315
316 so_next = so->so_next;
317
318 so->pollfds_idx = -1;
319
320 /*
321 * See if we need a tcp_fasttimo
322 */
323 if (slirp->time_fasttimo == 0 &&
324 so->so_tcpcb->t_flags & TF_DELACK0x0002) {
325 slirp->time_fasttimo = curtime; /* Flag when want a fasttimo */
326 }
327
328 /*
329 * NOFDREF can include still connecting to local-host,
330 * newly socreated() sockets etc. Don't want to select these.
331 */
332 if (so->so_state & SS_NOFDREF0x001 || so->s == -1) {
333 continue;
334 }
335
336 /*
337 * Set for reading sockets which are accepting
338 */
339 if (so->so_state & SS_FACCEPTCONN0x100) {
340 GPollFD pfd = {
341 .fd = so->s,
342 .events = G_IO_IN | G_IO_HUP | G_IO_ERR,
343 };
344 so->pollfds_idx = pollfds->len;
345 g_array_append_val(pollfds, pfd)g_array_append_vals (pollfds, &(pfd), 1);
346 continue;
347 }
348
349 /*
350 * Set for writing sockets which are connecting
351 */
352 if (so->so_state & SS_ISFCONNECTING0x002) {
353 GPollFD pfd = {
354 .fd = so->s,
355 .events = G_IO_OUT | G_IO_ERR,
356 };
357 so->pollfds_idx = pollfds->len;
358 g_array_append_val(pollfds, pfd)g_array_append_vals (pollfds, &(pfd), 1);
359 continue;
360 }
361
362 /*
363 * Set for writing if we are connected, can send more, and
364 * we have something to send
365 */
366 if (CONN_CANFSEND(so)(((so)->so_state & (0x010|0x004)) == 0x004) && so->so_rcv.sb_cc) {
367 events |= G_IO_OUT | G_IO_ERR;
368 }
369
370 /*
371 * Set for reading (and urgent data) if we are connected, can
372 * receive more, and we have room for it XXX /2 ?
373 */
374 if (CONN_CANFRCV(so)(((so)->so_state & (0x008|0x004)) == 0x004) &&
375 (so->so_snd.sb_cc < (so->so_snd.sb_datalen/2))) {
376 events |= G_IO_IN | G_IO_HUP | G_IO_ERR | G_IO_PRI;
377 }
378
379 if (events) {
380 GPollFD pfd = {
381 .fd = so->s,
382 .events = events,
383 };
384 so->pollfds_idx = pollfds->len;
385 g_array_append_val(pollfds, pfd)g_array_append_vals (pollfds, &(pfd), 1);
386 }
387 }
388
389 /*
390 * UDP sockets
391 */
392 for (so = slirp->udb.so_next; so != &slirp->udb;
393 so = so_next) {
394 so_next = so->so_next;
395
396 so->pollfds_idx = -1;
397
398 /*
399 * See if it's timed out
400 */
401 if (so->so_expire) {
402 if (so->so_expire <= curtime) {
403 udp_detach(so);
404 continue;
405 } else {
406 slirp->do_slowtimo = true1; /* Let socket expire */
407 }
408 }
409
410 /*
411 * When UDP packets are received from over the
412 * link, they're sendto()'d straight away, so
413 * no need for setting for writing
414 * Limit the number of packets queued by this session
415 * to 4. Note that even though we try and limit this
416 * to 4 packets, the session could have more queued
417 * if the packets needed to be fragmented
418 * (XXX <= 4 ?)
419 */
420 if ((so->so_state & SS_ISFCONNECTED0x004) && so->so_queued <= 4) {
421 GPollFD pfd = {
422 .fd = so->s,
423 .events = G_IO_IN | G_IO_HUP | G_IO_ERR,
424 };
425 so->pollfds_idx = pollfds->len;
426 g_array_append_val(pollfds, pfd)g_array_append_vals (pollfds, &(pfd), 1);
427 }
428 }
429
430 /*
431 * ICMP sockets
432 */
433 for (so = slirp->icmp.so_next; so != &slirp->icmp;
434 so = so_next) {
435 so_next = so->so_next;
436
437 so->pollfds_idx = -1;
438
439 /*
440 * See if it's timed out
441 */
442 if (so->so_expire) {
443 if (so->so_expire <= curtime) {
444 icmp_detach(so);
445 continue;
446 } else {
447 slirp->do_slowtimo = true1; /* Let socket expire */
448 }
449 }
450
451 if (so->so_state & SS_ISFCONNECTED0x004) {
452 GPollFD pfd = {
453 .fd = so->s,
454 .events = G_IO_IN | G_IO_HUP | G_IO_ERR,
455 };
456 so->pollfds_idx = pollfds->len;
457 g_array_append_val(pollfds, pfd)g_array_append_vals (pollfds, &(pfd), 1);
458 }
459 }
460 }
461 slirp_update_timeout(timeout);
462}
463
464void slirp_pollfds_poll(GArray *pollfds, int select_error)
465{
466 Slirp *slirp;
467 struct socket *so, *so_next;
468 int ret;
469
470 if (QTAILQ_EMPTY(&slirp_instances)((&slirp_instances)->tqh_first == ((void*)0))) {
471 return;
472 }
473
474 curtime = qemu_clock_get_ms(QEMU_CLOCK_REALTIME);
475
476 QTAILQ_FOREACH(slirp, &slirp_instances, entry)for ((slirp) = ((&slirp_instances)->tqh_first); (slirp
); (slirp) = ((slirp)->entry.tqe_next)) {
477 /*
478 * See if anything has timed out
479 */
480 if (slirp->time_fasttimo &&
481 ((curtime - slirp->time_fasttimo) >= TIMEOUT_FAST2)) {
482 tcp_fasttimo(slirp);
483 slirp->time_fasttimo = 0;
484 }
485 if (slirp->do_slowtimo &&
486 ((curtime - slirp->last_slowtimo) >= TIMEOUT_SLOW499)) {
487 ip_slowtimo(slirp);
488 tcp_slowtimo(slirp);
489 slirp->last_slowtimo = curtime;
490 }
491
492 /*
493 * Check sockets
494 */
495 if (!select_error) {
496 /*
497 * Check TCP sockets
498 */
499 for (so = slirp->tcb.so_next; so != &slirp->tcb;
500 so = so_next) {
501 int revents;
502
503 so_next = so->so_next;
504
505 revents = 0;
506 if (so->pollfds_idx != -1) {
507 revents = g_array_index(pollfds, GPollFD,(((GPollFD*) (void *) (pollfds)->data) [(so->pollfds_idx
)])
508 so->pollfds_idx)(((GPollFD*) (void *) (pollfds)->data) [(so->pollfds_idx
)]).revents;
509 }
510
511 if (so->so_state & SS_NOFDREF0x001 || so->s == -1) {
512 continue;
513 }
514
515 /*
516 * Check for URG data
517 * This will soread as well, so no need to
518 * test for G_IO_IN below if this succeeds
519 */
520 if (revents & G_IO_PRI) {
521 sorecvoob(so);
522 }
523 /*
524 * Check sockets for reading
525 */
526 else if (revents & (G_IO_IN | G_IO_HUP | G_IO_ERR)) {
527 /*
528 * Check for incoming connections
529 */
530 if (so->so_state & SS_FACCEPTCONN0x100) {
531 tcp_connect(so);
532 continue;
533 } /* else */
534 ret = soread(so);
535
536 /* Output it if we read something */
537 if (ret > 0) {
538 tcp_output(sototcpcb(so)((so)->so_tcpcb));
539 }
540 }
541
542 /*
543 * Check sockets for writing
544 */
545 if (!(so->so_state & SS_NOFDREF0x001) &&
546 (revents & (G_IO_OUT | G_IO_ERR))) {
547 /*
548 * Check for non-blocking, still-connecting sockets
549 */
550 if (so->so_state & SS_ISFCONNECTING0x002) {
551 /* Connected */
552 so->so_state &= ~SS_ISFCONNECTING0x002;
553
554 ret = send(so->s, (const void *) &ret, 0, 0);
555 if (ret < 0) {
556 /* XXXXX Must fix, zero bytes is a NOP */
557 if (errno(*__errno_location ()) == EAGAIN11 || errno(*__errno_location ()) == EWOULDBLOCK11 ||
558 errno(*__errno_location ()) == EINPROGRESS115 || errno(*__errno_location ()) == ENOTCONN107) {
559 continue;
560 }
561
562 /* else failed */
563 so->so_state &= SS_PERSISTENT_MASK0xf000;
564 so->so_state |= SS_NOFDREF0x001;
565 }
566 /* else so->so_state &= ~SS_ISFCONNECTING; */
567
568 /*
569 * Continue tcp_input
570 */
571 tcp_input((struct mbuf *)NULL((void*)0), sizeof(struct ip), so);
572 /* continue; */
573 } else {
574 ret = sowrite(so);
575 }
576 /*
577 * XXXXX If we wrote something (a lot), there
578 * could be a need for a window update.
579 * In the worst case, the remote will send
580 * a window probe to get things going again
581 */
582 }
583
584 /*
585 * Probe a still-connecting, non-blocking socket
586 * to check if it's still alive
587 */
588#ifdef PROBE_CONN
589 if (so->so_state & SS_ISFCONNECTING0x002) {
590 ret = qemu_recv(so->s, &ret, 0, 0)recv(so->s, &ret, 0, 0);
591
592 if (ret < 0) {
593 /* XXX */
594 if (errno(*__errno_location ()) == EAGAIN11 || errno(*__errno_location ()) == EWOULDBLOCK11 ||
595 errno(*__errno_location ()) == EINPROGRESS115 || errno(*__errno_location ()) == ENOTCONN107) {
596 continue; /* Still connecting, continue */
597 }
598
599 /* else failed */
600 so->so_state &= SS_PERSISTENT_MASK0xf000;
601 so->so_state |= SS_NOFDREF0x001;
602
603 /* tcp_input will take care of it */
604 } else {
605 ret = send(so->s, &ret, 0, 0);
606 if (ret < 0) {
607 /* XXX */
608 if (errno(*__errno_location ()) == EAGAIN11 || errno(*__errno_location ()) == EWOULDBLOCK11 ||
609 errno(*__errno_location ()) == EINPROGRESS115 || errno(*__errno_location ()) == ENOTCONN107) {
610 continue;
611 }
612 /* else failed */
613 so->so_state &= SS_PERSISTENT_MASK0xf000;
614 so->so_state |= SS_NOFDREF0x001;
615 } else {
616 so->so_state &= ~SS_ISFCONNECTING0x002;
617 }
618
619 }
620 tcp_input((struct mbuf *)NULL((void*)0), sizeof(struct ip), so);
621 } /* SS_ISFCONNECTING */
622#endif
623 }
624
625 /*
626 * Now UDP sockets.
627 * Incoming packets are sent straight away, they're not buffered.
628 * Incoming UDP data isn't buffered either.
629 */
630 for (so = slirp->udb.so_next; so != &slirp->udb;
631 so = so_next) {
632 int revents;
633
634 so_next = so->so_next;
635
636 revents = 0;
637 if (so->pollfds_idx != -1) {
638 revents = g_array_index(pollfds, GPollFD,(((GPollFD*) (void *) (pollfds)->data) [(so->pollfds_idx
)])
639 so->pollfds_idx)(((GPollFD*) (void *) (pollfds)->data) [(so->pollfds_idx
)]).revents;
640 }
641
642 if (so->s != -1 &&
643 (revents & (G_IO_IN | G_IO_HUP | G_IO_ERR))) {
644 sorecvfrom(so);
645 }
646 }
647
648 /*
649 * Check incoming ICMP relies.
650 */
651 for (so = slirp->icmp.so_next; so != &slirp->icmp;
652 so = so_next) {
653 int revents;
654
655 so_next = so->so_next;
656
657 revents = 0;
658 if (so->pollfds_idx != -1) {
659 revents = g_array_index(pollfds, GPollFD,(((GPollFD*) (void *) (pollfds)->data) [(so->pollfds_idx
)])
660 so->pollfds_idx)(((GPollFD*) (void *) (pollfds)->data) [(so->pollfds_idx
)]).revents;
661 }
662
663 if (so->s != -1 &&
664 (revents & (G_IO_IN | G_IO_HUP | G_IO_ERR))) {
665 icmp_receive(so);
666 }
667 }
668 }
669
670 if_start(slirp);
671 }
672}
673
674static void arp_input(Slirp *slirp, const uint8_t *pkt, int pkt_len)
675{
676 struct arphdr *ah = (struct arphdr *)(pkt + ETH_HLEN14);
677 uint8_t arp_reply[max(ETH_HLEN + sizeof(struct arphdr), 64)((14 + sizeof(struct arphdr)) > (64) ? (14 + sizeof(struct
arphdr)) : (64))];
678 struct ethhdr *reh = (struct ethhdr *)arp_reply;
679 struct arphdr *rah = (struct arphdr *)(arp_reply + ETH_HLEN14);
680 int ar_op;
681 struct ex_list *ex_ptr;
682
683 ar_op = ntohs(ah->ar_op);
684 switch(ar_op) {
685 case ARPOP_REQUEST1:
686 if (ah->ar_tip == ah->ar_sip) {
687 /* Gratuitous ARP */
688 arp_table_add(slirp, ah->ar_sip, ah->ar_sha);
689 return;
690 }
691
692 if ((ah->ar_tip & slirp->vnetwork_mask.s_addr) ==
693 slirp->vnetwork_addr.s_addr) {
694 if (ah->ar_tip == slirp->vnameserver_addr.s_addr ||
695 ah->ar_tip == slirp->vhost_addr.s_addr)
696 goto arp_ok;
697 for (ex_ptr = slirp->exec_list; ex_ptr; ex_ptr = ex_ptr->ex_next) {
698 if (ex_ptr->ex_addr.s_addr == ah->ar_tip)
699 goto arp_ok;
700 }
701 return;
702 arp_ok:
703 memset(arp_reply, 0, sizeof(arp_reply));
704
705 arp_table_add(slirp, ah->ar_sip, ah->ar_sha);
706
707 /* ARP request for alias/dns mac address */
708 memcpy(reh->h_dest, pkt + ETH_ALEN6, ETH_ALEN6);
709 memcpy(reh->h_source, special_ethaddr, ETH_ALEN6 - 4);
710 memcpy(&reh->h_source[2], &ah->ar_tip, 4);
711 reh->h_proto = htons(ETH_P_ARP0x0806);
712
713 rah->ar_hrd = htons(1);
714 rah->ar_pro = htons(ETH_P_IP0x0800);
715 rah->ar_hln = ETH_ALEN6;
716 rah->ar_pln = 4;
717 rah->ar_op = htons(ARPOP_REPLY2);
718 memcpy(rah->ar_sha, reh->h_source, ETH_ALEN6);
719 rah->ar_sip = ah->ar_tip;
720 memcpy(rah->ar_tha, ah->ar_sha, ETH_ALEN6);
721 rah->ar_tip = ah->ar_sip;
722 slirp_output(slirp->opaque, arp_reply, sizeof(arp_reply));
723 }
724 break;
725 case ARPOP_REPLY2:
726 arp_table_add(slirp, ah->ar_sip, ah->ar_sha);
727 break;
728 default:
729 break;
730 }
731}
732
733void slirp_input(Slirp *slirp, const uint8_t *pkt, int pkt_len)
734{
735 struct mbuf *m;
736 int proto;
737
738 if (pkt_len < ETH_HLEN14)
739 return;
740
741 proto = ntohs(*(uint16_t *)(pkt + 12));
742 switch(proto) {
743 case ETH_P_ARP0x0806:
744 arp_input(slirp, pkt, pkt_len);
745 break;
746 case ETH_P_IP0x0800:
747 m = m_get(slirp);
748 if (!m)
749 return;
750 /* Note: we add to align the IP header */
751 if (M_FREEROOM(m)(((m->m_flags & 0x01)? (((m)->m_ext + (m)->m_size
) - (m)->m_data) : (((m)->m_dat + (m)->m_size) - (m)
->m_data)) - (m)->m_len) < pkt_len + 2) {
752 m_inc(m, pkt_len + 2);
753 }
754 m->m_len = pkt_len + 2;
755 memcpy(m->m_data + 2, pkt, pkt_len);
756
757 m->m_data += 2 + ETH_HLEN14;
758 m->m_len -= 2 + ETH_HLEN14;
759
760 ip_input(m);
761 break;
762 default:
763 break;
764 }
765}
766
767/* Output the IP packet to the ethernet device. Returns 0 if the packet must be
768 * re-queued.
769 */
770int if_encap(Slirp *slirp, struct mbuf *ifm)
771{
772 uint8_t buf[1600];
773 struct ethhdr *eh = (struct ethhdr *)buf;
774 uint8_t ethaddr[ETH_ALEN6];
775 const struct ip *iph = (const struct ip *)ifm->m_data;
776
777 if (ifm->m_len + ETH_HLEN14 > sizeof(buf)) {
778 return 1;
779 }
780
781 if (!arp_table_search(slirp, iph->ip_dst.s_addr, ethaddr)) {
782 uint8_t arp_req[ETH_HLEN14 + sizeof(struct arphdr)];
783 struct ethhdr *reh = (struct ethhdr *)arp_req;
784 struct arphdr *rah = (struct arphdr *)(arp_req + ETH_HLEN14);
785
786 if (!ifm->arp_requested) {
787 /* If the client addr is not known, send an ARP request */
788 memset(reh->h_dest, 0xff, ETH_ALEN6);
789 memcpy(reh->h_source, special_ethaddr, ETH_ALEN6 - 4);
790 memcpy(&reh->h_source[2], &slirp->vhost_addr, 4);
791 reh->h_proto = htons(ETH_P_ARP0x0806);
792 rah->ar_hrd = htons(1);
793 rah->ar_pro = htons(ETH_P_IP0x0800);
794 rah->ar_hln = ETH_ALEN6;
795 rah->ar_pln = 4;
796 rah->ar_op = htons(ARPOP_REQUEST1);
797
798 /* source hw addr */
799 memcpy(rah->ar_sha, special_ethaddr, ETH_ALEN6 - 4);
800 memcpy(&rah->ar_sha[2], &slirp->vhost_addr, 4);
801
802 /* source IP */
803 rah->ar_sip = slirp->vhost_addr.s_addr;
804
805 /* target hw addr (none) */
806 memset(rah->ar_tha, 0, ETH_ALEN6);
807
808 /* target IP */
809 rah->ar_tip = iph->ip_dst.s_addr;
810 slirp->client_ipaddr = iph->ip_dst;
811 slirp_output(slirp->opaque, arp_req, sizeof(arp_req));
812 ifm->arp_requested = true1;
813
814 /* Expire request and drop outgoing packet after 1 second */
815 ifm->expiration_date = qemu_clock_get_ns(QEMU_CLOCK_REALTIME) + 1000000000ULL;
816 }
817 return 0;
818 } else {
819 memcpy(eh->h_dest, ethaddr, ETH_ALEN6);
820 memcpy(eh->h_source, special_ethaddr, ETH_ALEN6 - 4);
821 /* XXX: not correct */
822 memcpy(&eh->h_source[2], &slirp->vhost_addr, 4);
823 eh->h_proto = htons(ETH_P_IP0x0800);
824 memcpy(buf + sizeof(struct ethhdr), ifm->m_data, ifm->m_len);
825 slirp_output(slirp->opaque, buf, ifm->m_len + ETH_HLEN14);
826 return 1;
827 }
828}
829
830/* Drop host forwarding rule, return 0 if found. */
831int slirp_remove_hostfwd(Slirp *slirp, int is_udp, struct in_addr host_addr,
832 int host_port)
833{
834 struct socket *so;
835 struct socket *head = (is_udp ? &slirp->udb : &slirp->tcb);
1
Assuming 'is_udp' is 0
2
'?' condition is false
836 struct sockaddr_in addr;
837 int port = htons(host_port);
838 socklen_t addr_len;
839
840 for (so = head->so_next; so != head; so = so->so_next) {
3
Loop condition is true. Entering loop body
841 addr_len = sizeof(addr);
842 if ((so->so_state & SS_HOSTFWD0x1000) &&
843 getsockname(so->s, (struct sockaddr *)&addr, &addr_len) == 0 &&
844 addr.sin_addr.s_addr == host_addr.s_addr &&
4
The left operand of '==' is a garbage value
845 addr.sin_port == port) {
846 close(so->s);
847 sofree(so);
848 return 0;
849 }
850 }
851
852 return -1;
853}
854
855int slirp_add_hostfwd(Slirp *slirp, int is_udp, struct in_addr host_addr,
856 int host_port, struct in_addr guest_addr, int guest_port)
857{
858 if (!guest_addr.s_addr) {
859 guest_addr = slirp->vdhcp_startaddr;
860 }
861 if (is_udp) {
862 if (!udp_listen(slirp, host_addr.s_addr, htons(host_port),
863 guest_addr.s_addr, htons(guest_port), SS_HOSTFWD0x1000))
864 return -1;
865 } else {
866 if (!tcp_listen(slirp, host_addr.s_addr, htons(host_port),
867 guest_addr.s_addr, htons(guest_port), SS_HOSTFWD0x1000))
868 return -1;
869 }
870 return 0;
871}
872
873int slirp_add_exec(Slirp *slirp, int do_pty, const void *args,
874 struct in_addr *guest_addr, int guest_port)
875{
876 if (!guest_addr->s_addr) {
877 guest_addr->s_addr = slirp->vnetwork_addr.s_addr |
878 (htonl(0x0204) & ~slirp->vnetwork_mask.s_addr);
879 }
880 if ((guest_addr->s_addr & slirp->vnetwork_mask.s_addr) !=
881 slirp->vnetwork_addr.s_addr ||
882 guest_addr->s_addr == slirp->vhost_addr.s_addr ||
883 guest_addr->s_addr == slirp->vnameserver_addr.s_addr) {
884 return -1;
885 }
886 return add_exec(&slirp->exec_list, do_pty, (char *)args, *guest_addr,
887 htons(guest_port));
888}
889
890ssize_t slirp_send(struct socket *so, const void *buf, size_t len, int flags)
891{
892 if (so->s == -1 && so->extra) {
893 qemu_chr_fe_write(so->extra, buf, len);
894 return len;
895 }
896
897 return send(so->s, buf, len, flags);
898}
899
900static struct socket *
901slirp_find_ctl_socket(Slirp *slirp, struct in_addr guest_addr, int guest_port)
902{
903 struct socket *so;
904
905 for (so = slirp->tcb.so_next; so != &slirp->tcb; so = so->so_next) {
906 if (so->so_faddr.s_addr == guest_addr.s_addr &&
907 htons(so->so_fport) == guest_port) {
908 return so;
909 }
910 }
911 return NULL((void*)0);
912}
913
914size_t slirp_socket_can_recv(Slirp *slirp, struct in_addr guest_addr,
915 int guest_port)
916{
917 struct iovec iov[2];
918 struct socket *so;
919
920 so = slirp_find_ctl_socket(slirp, guest_addr, guest_port);
921
922 if (!so || so->so_state & SS_NOFDREF0x001) {
923 return 0;
924 }
925
926 if (!CONN_CANFRCV(so)(((so)->so_state & (0x008|0x004)) == 0x004) || so->so_snd.sb_cc >= (so->so_snd.sb_datalen/2)) {
927 return 0;
928 }
929
930 return sopreprbuf(so, iov, NULL((void*)0));
931}
932
933void slirp_socket_recv(Slirp *slirp, struct in_addr guest_addr, int guest_port,
934 const uint8_t *buf, int size)
935{
936 int ret;
937 struct socket *so = slirp_find_ctl_socket(slirp, guest_addr, guest_port);
938
939 if (!so)
940 return;
941
942 ret = soreadbuf(so, (const char *)buf, size);
943
944 if (ret > 0)
945 tcp_output(sototcpcb(so)((so)->so_tcpcb));
946}
947
948static void slirp_tcp_save(QEMUFile *f, struct tcpcb *tp)
949{
950 int i;
951
952 qemu_put_sbe16(f, tp->t_state);
953 for (i = 0; i < TCPT_NTIMERS4; i++)
954 qemu_put_sbe16(f, tp->t_timer[i]);
955 qemu_put_sbe16(f, tp->t_rxtshift);
956 qemu_put_sbe16(f, tp->t_rxtcur);
957 qemu_put_sbe16(f, tp->t_dupacks);
958 qemu_put_be16(f, tp->t_maxseg);
959 qemu_put_sbyteqemu_put_byte(f, tp->t_force);
960 qemu_put_be16(f, tp->t_flags);
961 qemu_put_be32(f, tp->snd_una);
962 qemu_put_be32(f, tp->snd_nxt);
963 qemu_put_be32(f, tp->snd_up);
964 qemu_put_be32(f, tp->snd_wl1);
965 qemu_put_be32(f, tp->snd_wl2);
966 qemu_put_be32(f, tp->iss);
967 qemu_put_be32(f, tp->snd_wnd);
968 qemu_put_be32(f, tp->rcv_wnd);
969 qemu_put_be32(f, tp->rcv_nxt);
970 qemu_put_be32(f, tp->rcv_up);
971 qemu_put_be32(f, tp->irs);
972 qemu_put_be32(f, tp->rcv_adv);
973 qemu_put_be32(f, tp->snd_max);
974 qemu_put_be32(f, tp->snd_cwnd);
975 qemu_put_be32(f, tp->snd_ssthresh);
976 qemu_put_sbe16(f, tp->t_idle);
977 qemu_put_sbe16(f, tp->t_rtt);
978 qemu_put_be32(f, tp->t_rtseq);
979 qemu_put_sbe16(f, tp->t_srtt);
980 qemu_put_sbe16(f, tp->t_rttvar);
981 qemu_put_be16(f, tp->t_rttmin);
982 qemu_put_be32(f, tp->max_sndwnd);
983 qemu_put_byte(f, tp->t_oobflags);
984 qemu_put_byte(f, tp->t_iobc);
985 qemu_put_sbe16(f, tp->t_softerror);
986 qemu_put_byte(f, tp->snd_scale);
987 qemu_put_byte(f, tp->rcv_scale);
988 qemu_put_byte(f, tp->request_r_scale);
989 qemu_put_byte(f, tp->requested_s_scale);
990 qemu_put_be32(f, tp->ts_recent);
991 qemu_put_be32(f, tp->ts_recent_age);
992 qemu_put_be32(f, tp->last_ack_sent);
993}
994
995static void slirp_sbuf_save(QEMUFile *f, struct sbuf *sbuf)
996{
997 uint32_t off;
998
999 qemu_put_be32(f, sbuf->sb_cc);
1000 qemu_put_be32(f, sbuf->sb_datalen);
1001 off = (uint32_t)(sbuf->sb_wptr - sbuf->sb_data);
1002 qemu_put_sbe32(f, off);
1003 off = (uint32_t)(sbuf->sb_rptr - sbuf->sb_data);
1004 qemu_put_sbe32(f, off);
1005 qemu_put_buffer(f, (unsigned char*)sbuf->sb_data, sbuf->sb_datalen);
1006}
1007
1008static void slirp_socket_save(QEMUFile *f, struct socket *so)
1009{
1010 qemu_put_be32(f, so->so_urgc);
1011 qemu_put_be32(f, so->so_faddr.s_addr);
1012 qemu_put_be32(f, so->so_laddr.s_addr);
1013 qemu_put_be16(f, so->so_fport);
1014 qemu_put_be16(f, so->so_lport);
1015 qemu_put_byte(f, so->so_iptos);
1016 qemu_put_byte(f, so->so_emu);
1017 qemu_put_byte(f, so->so_type);
1018 qemu_put_be32(f, so->so_state);
1019 slirp_sbuf_save(f, &so->so_rcv);
1020 slirp_sbuf_save(f, &so->so_snd);
1021 slirp_tcp_save(f, so->so_tcpcb);
1022}
1023
1024static void slirp_bootp_save(QEMUFile *f, Slirp *slirp)
1025{
1026 int i;
1027
1028 for (i = 0; i < NB_BOOTP_CLIENTS16; i++) {
1029 qemu_put_be16(f, slirp->bootp_clients[i].allocated);
1030 qemu_put_buffer(f, slirp->bootp_clients[i].macaddr, 6);
1031 }
1032}
1033
1034static void slirp_state_save(QEMUFile *f, void *opaque)
1035{
1036 Slirp *slirp = opaque;
1037 struct ex_list *ex_ptr;
1038
1039 for (ex_ptr = slirp->exec_list; ex_ptr; ex_ptr = ex_ptr->ex_next)
1040 if (ex_ptr->ex_pty == 3) {
1041 struct socket *so;
1042 so = slirp_find_ctl_socket(slirp, ex_ptr->ex_addr,
1043 ntohs(ex_ptr->ex_fport));
1044 if (!so)
1045 continue;
1046
1047 qemu_put_byte(f, 42);
1048 slirp_socket_save(f, so);
1049 }
1050 qemu_put_byte(f, 0);
1051
1052 qemu_put_be16(f, slirp->ip_id);
1053
1054 slirp_bootp_save(f, slirp);
1055}
1056
1057static void slirp_tcp_load(QEMUFile *f, struct tcpcb *tp)
1058{
1059 int i;
1060
1061 tp->t_state = qemu_get_sbe16(f);
1062 for (i = 0; i < TCPT_NTIMERS4; i++)
1063 tp->t_timer[i] = qemu_get_sbe16(f);
1064 tp->t_rxtshift = qemu_get_sbe16(f);
1065 tp->t_rxtcur = qemu_get_sbe16(f);
1066 tp->t_dupacks = qemu_get_sbe16(f);
1067 tp->t_maxseg = qemu_get_be16(f);
1068 tp->t_force = qemu_get_sbyteqemu_get_byte(f);
1069 tp->t_flags = qemu_get_be16(f);
1070 tp->snd_una = qemu_get_be32(f);
1071 tp->snd_nxt = qemu_get_be32(f);
1072 tp->snd_up = qemu_get_be32(f);
1073 tp->snd_wl1 = qemu_get_be32(f);
1074 tp->snd_wl2 = qemu_get_be32(f);
1075 tp->iss = qemu_get_be32(f);
1076 tp->snd_wnd = qemu_get_be32(f);
1077 tp->rcv_wnd = qemu_get_be32(f);
1078 tp->rcv_nxt = qemu_get_be32(f);
1079 tp->rcv_up = qemu_get_be32(f);
1080 tp->irs = qemu_get_be32(f);
1081 tp->rcv_adv = qemu_get_be32(f);
1082 tp->snd_max = qemu_get_be32(f);
1083 tp->snd_cwnd = qemu_get_be32(f);
1084 tp->snd_ssthresh = qemu_get_be32(f);
1085 tp->t_idle = qemu_get_sbe16(f);
1086 tp->t_rtt = qemu_get_sbe16(f);
1087 tp->t_rtseq = qemu_get_be32(f);
1088 tp->t_srtt = qemu_get_sbe16(f);
1089 tp->t_rttvar = qemu_get_sbe16(f);
1090 tp->t_rttmin = qemu_get_be16(f);
1091 tp->max_sndwnd = qemu_get_be32(f);
1092 tp->t_oobflags = qemu_get_byte(f);
1093 tp->t_iobc = qemu_get_byte(f);
1094 tp->t_softerror = qemu_get_sbe16(f);
1095 tp->snd_scale = qemu_get_byte(f);
1096 tp->rcv_scale = qemu_get_byte(f);
1097 tp->request_r_scale = qemu_get_byte(f);
1098 tp->requested_s_scale = qemu_get_byte(f);
1099 tp->ts_recent = qemu_get_be32(f);
1100 tp->ts_recent_age = qemu_get_be32(f);
1101 tp->last_ack_sent = qemu_get_be32(f);
1102 tcp_template(tp);
1103}
1104
1105static int slirp_sbuf_load(QEMUFile *f, struct sbuf *sbuf)
1106{
1107 uint32_t off, sb_cc, sb_datalen;
1108
1109 sb_cc = qemu_get_be32(f);
1110 sb_datalen = qemu_get_be32(f);
1111
1112 sbreserve(sbuf, sb_datalen);
1113
1114 if (sbuf->sb_datalen != sb_datalen)
1115 return -ENOMEM12;
1116
1117 sbuf->sb_cc = sb_cc;
1118
1119 off = qemu_get_sbe32(f);
1120 sbuf->sb_wptr = sbuf->sb_data + off;
1121 off = qemu_get_sbe32(f);
1122 sbuf->sb_rptr = sbuf->sb_data + off;
1123 qemu_get_buffer(f, (unsigned char*)sbuf->sb_data, sbuf->sb_datalen);
1124
1125 return 0;
1126}
1127
1128static int slirp_socket_load(QEMUFile *f, struct socket *so)
1129{
1130 if (tcp_attach(so) < 0)
1131 return -ENOMEM12;
1132
1133 so->so_urgc = qemu_get_be32(f);
1134 so->so_faddr.s_addr = qemu_get_be32(f);
1135 so->so_laddr.s_addr = qemu_get_be32(f);
1136 so->so_fport = qemu_get_be16(f);
1137 so->so_lport = qemu_get_be16(f);
1138 so->so_iptos = qemu_get_byte(f);
1139 so->so_emu = qemu_get_byte(f);
1140 so->so_type = qemu_get_byte(f);
1141 so->so_state = qemu_get_be32(f);
1142 if (slirp_sbuf_load(f, &so->so_rcv) < 0)
1143 return -ENOMEM12;
1144 if (slirp_sbuf_load(f, &so->so_snd) < 0)
1145 return -ENOMEM12;
1146 slirp_tcp_load(f, so->so_tcpcb);
1147
1148 return 0;
1149}
1150
1151static void slirp_bootp_load(QEMUFile *f, Slirp *slirp)
1152{
1153 int i;
1154
1155 for (i = 0; i < NB_BOOTP_CLIENTS16; i++) {
1156 slirp->bootp_clients[i].allocated = qemu_get_be16(f);
1157 qemu_get_buffer(f, slirp->bootp_clients[i].macaddr, 6);
1158 }
1159}
1160
1161static int slirp_state_load(QEMUFile *f, void *opaque, int version_id)
1162{
1163 Slirp *slirp = opaque;
1164 struct ex_list *ex_ptr;
1165
1166 while (qemu_get_byte(f)) {
1167 int ret;
1168 struct socket *so = socreate(slirp);
1169
1170 if (!so)
1171 return -ENOMEM12;
1172
1173 ret = slirp_socket_load(f, so);
1174
1175 if (ret < 0)
1176 return ret;
1177
1178 if ((so->so_faddr.s_addr & slirp->vnetwork_mask.s_addr) !=
1179 slirp->vnetwork_addr.s_addr) {
1180 return -EINVAL22;
1181 }
1182 for (ex_ptr = slirp->exec_list; ex_ptr; ex_ptr = ex_ptr->ex_next) {
1183 if (ex_ptr->ex_pty == 3 &&
1184 so->so_faddr.s_addr == ex_ptr->ex_addr.s_addr &&
1185 so->so_fport == ex_ptr->ex_fport) {
1186 break;
1187 }
1188 }
1189 if (!ex_ptr)
1190 return -EINVAL22;
1191
1192 so->extra = (void *)ex_ptr->ex_exec;
1193 }
1194
1195 if (version_id >= 2) {
1196 slirp->ip_id = qemu_get_be16(f);
1197 }
1198
1199 if (version_id >= 3) {
1200 slirp_bootp_load(f, slirp);
1201 }
1202
1203 return 0;
1204}