Commit Graph

26 Commits

Author SHA1 Message Date
Prasad J Pandit c22098c74a slirp: reformat m_inc routine
Coding style changes to the m_inc routine and minor refactoring.

Reported-by: ZDI Disclosures <zdi-disclosures@trendmicro.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
2018-06-08 09:08:30 +03:00
Prasad J Pandit 864036e251 slirp: correct size computation while concatenating mbuf
While reassembling incoming fragmented datagrams, 'm_cat' routine
extends the 'mbuf' buffer, if it has insufficient room. It computes
a wrong buffer size, which leads to overwriting adjacent heap buffer
area. Correct this size computation in m_cat.

Reported-by: ZDI Disclosures <zdi-disclosures@trendmicro.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
2018-06-08 09:08:30 +03:00
Peter Maydell 70f2e64e4d slirp: Convert mbufs to use g_malloc() and g_free()
The mbuf code currently doesn't check the result of doing a malloc()
or realloc() of its data (spotted by Coverity, CID 1238946).
Since the m_inc() API assumes that extending an mbuf must succeed,
just convert to g_malloc() and g_free().

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
2017-02-26 15:39:05 +01:00
Markus Armbruster a9c94277f0 Use #include "..." for our own headers, <...> for others
Tracked down with an ugly, brittle and probably buggy Perl script.

Also move includes converted to <...> up so they get included before
ours where that's obviously okay.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Tested-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>
2016-07-12 16:19:16 +02:00
Samuel Thibault 67e3eee454 Avoid embedding struct mbuf in other structures
struct mbuf uses a C99 open char array to allow inlining data. Inlining
this in another structure is however a GNU extension. The inlines used
so far in struct Slirp were actually only needed as head of struct
mbuf lists. This replaces these inline with mere struct quehead,
and use casts as appropriate.

Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
2016-03-23 00:57:01 +01:00
Guillaume Subiron 98c63057d2 slirp: Factorizing tcpiphdr structure with an union
This patch factorizes the tcpiphdr structure to put the IPv4 fields in
an union, for addition of version 6 in further patch.
Using some macros, retrocompatibility of the existing code is assured.

This patch also fixes the SLIRP_MSIZE and margin computation in various
functions, and makes them compatible with the new tcpiphdr structure,
whose size will be bigger than sizeof(struct tcphdr) + sizeof(struct ip)

Signed-off-by: Guillaume Subiron <maethor@subiron.org>
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
2016-03-15 10:35:11 +01:00
Peter Maydell 7df7482bf6 slirp: Clean up includes
Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1454089805-5470-10-git-send-email-peter.maydell@linaro.org
2016-02-04 17:41:30 +00:00
Guillaume Subiron fc3779a118 slirp: Generalizing and neutralizing ARP code
Basically, this patch replaces "arp" by "resolution" every time "arp"
means "mac resolution" and not specifically ARP.

This prepares for IPv6 support.

Signed-off-by: Guillaume Subiron <maethor@subiron.org>
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2016-02-04 13:22:06 +08:00
Stefan Weil ecc804cac3 slirp: Fix type casts and format strings in debug code
Casting pointers to long won't work on 64 bit Windows.
It is not needed with the right format strings.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2015-11-12 13:48:36 +08:00
Jan Kiszka a68adc2206 slirp: Cleanup resources on instance removal
Close & free sockets when shutting down a slirp instance, also release
all buffers.

CC: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2012-03-13 14:05:49 +01:00
Fabien Chouteau 1ab74cea06 Delayed IP packets
In the current implementation, if Slirp tries to send an IP packet to a client
with an unknown hardware address, the packet is simply dropped and an ARP
request is sent (if_encap in slirp/slirp.c).

With this patch, Slirp will send the ARP request, re-queue the packet and try
to send it later. The packet is dropped after one second if the ARP reply is
not received.

Signed-off-by: Fabien Chouteau <chouteau@adacore.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2011-08-03 12:57:11 +02:00
Anthony Liguori 8fe3046f17 Fix build from previous commit
I unfortunately got on an unnamed branch and pushed the wrong bits

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-02-14 14:24:24 -06:00
Bruce Rogers 53fae6d27f PATCH] slirp: fix buffer overrun
Since the addition of the slirp member to struct mbuf, the value of
SLIRP_MSIZE and the initialization of m_size have not been correct,
resulting in overrunning the end of the malloc'd buffer in some cases.

Signed-off-by: Bruce Rogers <brogers@novell.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-02-14 13:23:00 -06:00
Mark McLoughlin e0cf6d15e3 slirp: fix use-after-free
460fec67ee introduced a use-after free in slirp.

Cc: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2009-11-21 00:34:04 +01:00
Jan Kiszka 460fec67ee slirp: Factor out internal state structure
The essence of this patch is to stuff (almost) all global variables of
the slirp stack into the structure Slirp. In this step, we still keep
the structure as global variable, directly accessible by the whole
stack. Changes to the external interface of slirp will be applied in
the following patches.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-06-29 08:52:49 -05:00
Jan Kiszka 0fe6a7f284 slirp: Drop statistic code
As agreed on the mailing list, there is no interest in keeping the
usually disabled slirp statistics in the tree. So this patch removes
them.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-06-29 08:52:46 -05:00
Jan Kiszka 0d62c4cfe2 slirp: Drop dead code
After all its years inside the qemu tree, there is no point in keeping
the dead code paths of slirp. This patch is a first round of removing
usually commented out code parts. More cleanups need to follow (and
maybe finally a proper reindention).

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-06-29 08:52:46 -05:00
blueswir1 511d2b140f Sparse fixes: NULL use, header order, ANSI prototypes, static
Fix Sparse warnings:
 * use NULL instead of plain 0
 * rearrange header include order to avoid redefining types accidentally
 * ANSIfy SLIRP
 * avoid "restrict" keyword
 * add static



git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6736 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-07 15:32:56 +00:00
blueswir1 1d6198c3b0 Remove unnecessary trailing newlines
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6000 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-13 09:32:43 +00:00
blueswir1 393e0768e2 Remove unused variables
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5374 c046a42c-6fe2-441c-8c8c-71466251a162
2008-10-01 18:08:41 +00:00
blueswir1 79383c9c08 Fix some warnings that would be generated by gcc -Wredundant-decls
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5115 c046a42c-6fe2-441c-8c8c-71466251a162
2008-08-30 09:51:20 +00:00
blueswir1 9634d9031c Use const and static as needed, disable unused code
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3452 c046a42c-6fe2-441c-8c8c-71466251a162
2007-10-26 19:01:16 +00:00
ths 3b46e62427 find -type f | xargs sed -i 's/[\t ]*$//g' # Yes, again. Note the star in the regex.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3177 c046a42c-6fe2-441c-8c8c-71466251a162
2007-09-17 08:09:54 +00:00
ths 5fafdf24ef find -type f | xargs sed -i 's/[\t ]$//g' # on most files
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3173 c046a42c-6fe2-441c-8c8c-71466251a162
2007-09-16 21:08:06 +00:00
bellard 4b6ccfdec9 fixed realloc logic (Ed Swierk)
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@1879 c046a42c-6fe2-441c-8c8c-71466251a162
2006-05-01 10:59:02 +00:00
bellard f0cbd3ec9f initial user mode network support
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@733 c046a42c-6fe2-441c-8c8c-71466251a162
2004-04-22 00:10:48 +00:00