1/*
2 * QEMU System Emulator
3 *
4 * Copyright (c) 2003-2008 Fabrice Bellard
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22 * THE SOFTWARE.
23 */
24#include <unistd.h>
25#include <fcntl.h>
26#include <signal.h>
27#include <time.h>
28#include <errno.h>
29#include <sys/time.h>
30#include <zlib.h>
31
32/* Needed early for CONFIG_BSD etc. */
33#include "config-host.h"
34
35#ifndef _WIN32
36#include <sys/times.h>
37#include <sys/wait.h>
38#include <termios.h>
39#include <sys/mman.h>
40#include <sys/ioctl.h>
41#include <sys/resource.h>
42#include <sys/socket.h>
43#include <netinet/in.h>
44#include <net/if.h>
45#ifdef __NetBSD__
46#include <net/if_tap.h>
47#endif
48#ifdef __linux__
49#include <linux/if_tun.h>
50#endif
51#include <arpa/inet.h>
52#include <dirent.h>
53#include <netdb.h>
54#include <sys/select.h>
55#ifdef CONFIG_BSD
56#include <sys/stat.h>
57#if defined(__FreeBSD__) || defined(__DragonFly__)
58#include <libutil.h>
59#else
60#include <util.h>
61#endif
62#elif defined (__GLIBC__) && defined (__FreeBSD_kernel__)
63#include <freebsd/stdlib.h>
64#else
65#ifdef __linux__
66#include <pty.h>
67#include <malloc.h>
68#include <linux/rtc.h>
69
70/* For the benefit of older linux systems which don't supply it,
71   we use a local copy of hpet.h. */
72/* #include <linux/hpet.h> */
73#include "hpet.h"
74
75#include <linux/ppdev.h>
76#include <linux/parport.h>
77#endif
78#ifdef __sun__
79#include <sys/stat.h>
80#include <sys/ethernet.h>
81#include <sys/sockio.h>
82#include <netinet/arp.h>
83#include <netinet/in.h>
84#include <netinet/in_systm.h>
85#include <netinet/ip.h>
86#include <netinet/ip_icmp.h> // must come after ip.h
87#include <netinet/udp.h>
88#include <netinet/tcp.h>
89#include <net/if.h>
90#include <syslog.h>
91#include <stropts.h>
92#endif
93#endif
94#endif
95
96#if defined(__OpenBSD__)
97#include <util.h>
98#endif
99
100#if defined(CONFIG_VDE)
101#include <libvdeplug.h>
102#endif
103
104#ifdef _WIN32
105#include <windows.h>
106#include <malloc.h>
107#include <sys/timeb.h>
108#include <mmsystem.h>
109#define getopt_long_only getopt_long
110#define memalign(align, size) malloc(size)
111#endif
112
113#include "qemu-common.h"
114#include "net.h"
115#include "monitor.h"
116#include "sysemu.h"
117#include "qemu-timer.h"
118#include "qemu-char.h"
119#include "audio/audio.h"
120#include "qemu_socket.h"
121#include "qemu-log.h"
122
123#if defined(CONFIG_SLIRP)
124#include "libslirp.h"
125#endif
126
127
128static VLANState *first_vlan;
129
130/***********************************************************/
131/* network device redirectors */
132
133#if defined(DEBUG_NET) || defined(DEBUG_SLIRP)
134static void hex_dump(FILE *f, const uint8_t *buf, int size)
135{
136    int len, i, j, c;
137
138    for(i=0;i<size;i+=16) {
139        len = size - i;
140        if (len > 16)
141            len = 16;
142        fprintf(f, "%08x ", i);
143        for(j=0;j<16;j++) {
144            if (j < len)
145                fprintf(f, " %02x", buf[i+j]);
146            else
147                fprintf(f, "   ");
148        }
149        fprintf(f, " ");
150        for(j=0;j<len;j++) {
151            c = buf[i+j];
152            if (c < ' ' || c > '~')
153                c = '.';
154            fprintf(f, "%c", c);
155        }
156        fprintf(f, "\n");
157    }
158}
159#endif
160
161static int parse_macaddr(uint8_t *macaddr, const char *p)
162{
163    int i;
164    char *last_char;
165    long int offset;
166
167    errno = 0;
168    offset = strtol(p, &last_char, 0);
169    if (0 == errno && '\0' == *last_char &&
170            offset >= 0 && offset <= 0xFFFFFF) {
171        macaddr[3] = (offset & 0xFF0000) >> 16;
172        macaddr[4] = (offset & 0xFF00) >> 8;
173        macaddr[5] = offset & 0xFF;
174        return 0;
175    } else {
176        for(i = 0; i < 6; i++) {
177            macaddr[i] = strtol(p, (char **)&p, 16);
178            if (i == 5) {
179                if (*p != '\0')
180                    return -1;
181            } else {
182                if (*p != ':' && *p != '-')
183                    return -1;
184                p++;
185            }
186        }
187        return 0;
188    }
189
190    return -1;
191}
192
193static int get_str_sep(char *buf, int buf_size, const char **pp, int sep)
194{
195    const char *p, *p1;
196    int len;
197    p = *pp;
198    p1 = strchr(p, sep);
199    if (!p1)
200        return -1;
201    len = p1 - p;
202    p1++;
203    if (buf_size > 0) {
204        if (len > buf_size - 1)
205            len = buf_size - 1;
206        memcpy(buf, p, len);
207        buf[len] = '\0';
208    }
209    *pp = p1;
210    return 0;
211}
212
213int parse_host_src_port(struct sockaddr_in *haddr,
214                        struct sockaddr_in *saddr,
215                        const char *input_str)
216{
217    char *str = strdup(input_str);
218    char *host_str = str;
219    char *src_str;
220    const char *src_str2;
221    char *ptr;
222
223    /*
224     * Chop off any extra arguments at the end of the string which
225     * would start with a comma, then fill in the src port information
226     * if it was provided else use the "any address" and "any port".
227     */
228    if ((ptr = strchr(str,',')))
229        *ptr = '\0';
230
231    if ((src_str = strchr(input_str,'@'))) {
232        *src_str = '\0';
233        src_str++;
234    }
235
236    if (parse_host_port(haddr, host_str) < 0)
237        goto fail;
238
239    src_str2 = src_str;
240    if (!src_str || *src_str == '\0')
241        src_str2 = ":0";
242
243    if (parse_host_port(saddr, src_str2) < 0)
244        goto fail;
245
246    free(str);
247    return(0);
248
249fail:
250    free(str);
251    return -1;
252}
253
254int parse_host_port(struct sockaddr_in *saddr, const char *str)
255{
256    char buf[512];
257    struct hostent *he;
258    const char *p, *r;
259    int port;
260
261    p = str;
262    if (get_str_sep(buf, sizeof(buf), &p, ':') < 0)
263        return -1;
264    saddr->sin_family = AF_INET;
265    if (buf[0] == '\0') {
266        saddr->sin_addr.s_addr = 0;
267    } else {
268        if (qemu_isdigit(buf[0])) {
269            if (!inet_aton(buf, &saddr->sin_addr))
270                return -1;
271        } else {
272            if ((he = gethostbyname(buf)) == NULL)
273                return - 1;
274            saddr->sin_addr = *(struct in_addr *)he->h_addr;
275        }
276    }
277    port = strtol(p, (char **)&r, 0);
278    if (r == p)
279        return -1;
280    saddr->sin_port = htons(port);
281    return 0;
282}
283
284#if !defined(_WIN32) && 0
285static int parse_unix_path(struct sockaddr_un *uaddr, const char *str)
286{
287    const char *p;
288    int len;
289
290    len = MIN(108, strlen(str));
291    p = strchr(str, ',');
292    if (p)
293	len = MIN(len, p - str);
294
295    memset(uaddr, 0, sizeof(*uaddr));
296
297    uaddr->sun_family = AF_UNIX;
298    memcpy(uaddr->sun_path, str, len);
299
300    return 0;
301}
302#endif
303
304void qemu_format_nic_info_str(VLANClientState *vc, uint8_t macaddr[6])
305{
306    snprintf(vc->info_str, sizeof(vc->info_str),
307             "model=%s,macaddr=%02x:%02x:%02x:%02x:%02x:%02x",
308             vc->model,
309             macaddr[0], macaddr[1], macaddr[2],
310             macaddr[3], macaddr[4], macaddr[5]);
311}
312
313static char *assign_name(VLANClientState *vc1, const char *model)
314{
315    VLANState *vlan;
316    char buf[256];
317    int id = 0;
318
319    for (vlan = first_vlan; vlan; vlan = vlan->next) {
320        VLANClientState *vc;
321
322        for (vc = vlan->first_client; vc; vc = vc->next)
323            if (vc != vc1 && strcmp(vc->model, model) == 0)
324                id++;
325    }
326
327    snprintf(buf, sizeof(buf), "%s.%d", model, id);
328
329    return strdup(buf);
330}
331
332VLANClientState *qemu_new_vlan_client(VLANState *vlan,
333                                      const char *model,
334                                      const char *name,
335                                      NetCanReceive *can_receive,
336                                      NetReceive *receive,
337                                      NetReceiveIOV *receive_iov,
338                                      NetCleanup *cleanup,
339                                      void *opaque)
340{
341    VLANClientState *vc, **pvc;
342    vc = qemu_mallocz(sizeof(VLANClientState));
343    vc->model = strdup(model);
344    if (name)
345        vc->name = strdup(name);
346    else
347        vc->name = assign_name(vc, model);
348    vc->can_receive = can_receive;
349    vc->receive = receive;
350    vc->receive_iov = receive_iov;
351    vc->cleanup = cleanup;
352    vc->opaque = opaque;
353    vc->vlan = vlan;
354
355    vc->next = NULL;
356    pvc = &vlan->first_client;
357    while (*pvc != NULL)
358        pvc = &(*pvc)->next;
359    *pvc = vc;
360    return vc;
361}
362
363void qemu_del_vlan_client(VLANClientState *vc)
364{
365    VLANClientState **pvc = &vc->vlan->first_client;
366
367    while (*pvc != NULL)
368        if (*pvc == vc) {
369            *pvc = vc->next;
370            if (vc->cleanup) {
371                vc->cleanup(vc);
372            }
373            free(vc->name);
374            free(vc->model);
375            qemu_free(vc);
376            break;
377        } else
378            pvc = &(*pvc)->next;
379}
380
381VLANClientState *qemu_find_vlan_client(VLANState *vlan, void *opaque)
382{
383    VLANClientState **pvc = &vlan->first_client;
384
385    while (*pvc != NULL)
386        if ((*pvc)->opaque == opaque)
387            return *pvc;
388        else
389            pvc = &(*pvc)->next;
390
391    return NULL;
392}
393
394int qemu_can_send_packet(VLANClientState *sender)
395{
396    VLANState *vlan = sender->vlan;
397    VLANClientState *vc;
398
399    for (vc = vlan->first_client; vc != NULL; vc = vc->next) {
400        if (vc == sender) {
401            continue;
402        }
403
404        /* no can_receive() handler, they can always receive */
405        if (!vc->can_receive || vc->can_receive(vc)) {
406            return 1;
407        }
408    }
409    return 0;
410}
411
412static int
413qemu_deliver_packet(VLANClientState *sender, const uint8_t *buf, int size)
414{
415    VLANClientState *vc;
416    int ret = -1;
417
418    sender->vlan->delivering = 1;
419
420    for (vc = sender->vlan->first_client; vc != NULL; vc = vc->next) {
421        ssize_t len;
422
423        if (vc == sender) {
424            continue;
425        }
426
427        if (vc->link_down) {
428            ret = size;
429            continue;
430        }
431
432        len = vc->receive(vc, buf, size);
433
434        ret = (ret >= 0) ? ret : len;
435    }
436
437    sender->vlan->delivering = 0;
438
439    return ret;
440}
441
442void qemu_flush_queued_packets(VLANClientState *vc)
443{
444    VLANPacket *packet;
445
446    while ((packet = vc->vlan->send_queue) != NULL) {
447        int ret;
448
449        vc->vlan->send_queue = packet->next;
450
451        ret = qemu_deliver_packet(packet->sender, packet->data, packet->size);
452        if (ret == 0 && packet->sent_cb != NULL) {
453            packet->next = vc->vlan->send_queue;
454            vc->vlan->send_queue = packet;
455            break;
456        }
457
458        if (packet->sent_cb)
459            packet->sent_cb(packet->sender);
460
461        qemu_free(packet);
462    }
463}
464
465static void qemu_enqueue_packet(VLANClientState *sender,
466                                const uint8_t *buf, int size,
467                                NetPacketSent *sent_cb)
468{
469    VLANPacket *packet;
470
471    packet = qemu_malloc(sizeof(VLANPacket) + size);
472    packet->next = sender->vlan->send_queue;
473    packet->sender = sender;
474    packet->size = size;
475    packet->sent_cb = sent_cb;
476    memcpy(packet->data, buf, size);
477    sender->vlan->send_queue = packet;
478}
479
480ssize_t qemu_send_packet_async(VLANClientState *sender,
481                               const uint8_t *buf, int size,
482                               NetPacketSent *sent_cb)
483{
484    int ret;
485
486    if (sender->link_down) {
487        return size;
488    }
489
490#ifdef DEBUG_NET
491    printf("vlan %d send:\n", sender->vlan->id);
492    hex_dump(stdout, buf, size);
493#endif
494
495    if (sender->vlan->delivering) {
496        qemu_enqueue_packet(sender, buf, size, NULL);
497        return size;
498    }
499
500    ret = qemu_deliver_packet(sender, buf, size);
501    if (ret == 0 && sent_cb != NULL) {
502        qemu_enqueue_packet(sender, buf, size, sent_cb);
503        return 0;
504    }
505
506    qemu_flush_queued_packets(sender);
507
508    return ret;
509}
510
511void qemu_send_packet(VLANClientState *vc, const uint8_t *buf, int size)
512{
513    qemu_send_packet_async(vc, buf, size, NULL);
514}
515
516static ssize_t vc_sendv_compat(VLANClientState *vc, const struct iovec *iov,
517                               int iovcnt)
518{
519    uint8_t buffer[4096];
520    size_t offset = 0;
521    int i;
522
523    for (i = 0; i < iovcnt; i++) {
524        size_t len;
525
526        len = MIN(sizeof(buffer) - offset, iov[i].iov_len);
527        memcpy(buffer + offset, iov[i].iov_base, len);
528        offset += len;
529    }
530
531    return vc->receive(vc, buffer, offset);
532}
533
534static ssize_t calc_iov_length(const struct iovec *iov, int iovcnt)
535{
536    size_t offset = 0;
537    int i;
538
539    for (i = 0; i < iovcnt; i++)
540        offset += iov[i].iov_len;
541    return offset;
542}
543
544static int qemu_deliver_packet_iov(VLANClientState *sender,
545                                   const struct iovec *iov, int iovcnt)
546{
547    VLANClientState *vc;
548    int ret = -1;
549
550    sender->vlan->delivering = 1;
551
552    for (vc = sender->vlan->first_client; vc != NULL; vc = vc->next) {
553        ssize_t len;
554
555        if (vc == sender) {
556            continue;
557        }
558
559        if (vc->link_down) {
560            ret = calc_iov_length(iov, iovcnt);
561            continue;
562        }
563
564        if (vc->receive_iov) {
565            len = vc->receive_iov(vc, iov, iovcnt);
566        } else {
567            len = vc_sendv_compat(vc, iov, iovcnt);
568        }
569
570        ret = (ret >= 0) ? ret : len;
571    }
572
573    sender->vlan->delivering = 0;
574
575    return ret;
576}
577
578static ssize_t qemu_enqueue_packet_iov(VLANClientState *sender,
579                                       const struct iovec *iov, int iovcnt,
580                                       NetPacketSent *sent_cb)
581{
582    VLANPacket *packet;
583    size_t max_len = 0;
584    int i;
585
586    max_len = calc_iov_length(iov, iovcnt);
587
588    packet = qemu_malloc(sizeof(VLANPacket) + max_len);
589    packet->next = sender->vlan->send_queue;
590    packet->sender = sender;
591    packet->sent_cb = sent_cb;
592    packet->size = 0;
593
594    for (i = 0; i < iovcnt; i++) {
595        size_t len = iov[i].iov_len;
596
597        memcpy(packet->data + packet->size, iov[i].iov_base, len);
598        packet->size += len;
599    }
600
601    sender->vlan->send_queue = packet;
602
603    return packet->size;
604}
605
606ssize_t qemu_sendv_packet_async(VLANClientState *sender,
607                                const struct iovec *iov, int iovcnt,
608                                NetPacketSent *sent_cb)
609{
610    int ret;
611
612    if (sender->link_down) {
613        return calc_iov_length(iov, iovcnt);
614    }
615
616    if (sender->vlan->delivering) {
617        return qemu_enqueue_packet_iov(sender, iov, iovcnt, NULL);
618    }
619
620    ret = qemu_deliver_packet_iov(sender, iov, iovcnt);
621    if (ret == 0 && sent_cb != NULL) {
622        qemu_enqueue_packet_iov(sender, iov, iovcnt, sent_cb);
623        return 0;
624    }
625
626    qemu_flush_queued_packets(sender);
627
628    return ret;
629}
630
631ssize_t
632qemu_sendv_packet(VLANClientState *vc, const struct iovec *iov, int iovcnt)
633{
634    return qemu_sendv_packet_async(vc, iov, iovcnt, NULL);
635}
636
637static void config_error(Monitor *mon, const char *fmt, ...)
638{
639    va_list ap;
640
641    va_start(ap, fmt);
642    if (mon) {
643        monitor_vprintf(mon, fmt, ap);
644    } else {
645        fprintf(stderr, "qemu: ");
646        vfprintf(stderr, fmt, ap);
647        exit(1);
648    }
649    va_end(ap);
650}
651
652#if defined(CONFIG_SLIRP)
653
654/* slirp network adapter */
655
656struct slirp_config_str {
657    struct slirp_config_str *next;
658    const char *str;
659};
660
661static int slirp_inited;
662static struct slirp_config_str *slirp_redirs;
663#ifndef _WIN32
664static const char *slirp_smb_export;
665#endif
666static VLANClientState *slirp_vc;
667
668#ifndef _WIN32
669static void slirp_smb(const char *exported_dir);
670#endif
671static void slirp_redirection(Monitor *mon, const char *redir_str);
672
673int slirp_can_output(void)
674{
675    return !slirp_vc || qemu_can_send_packet(slirp_vc);
676}
677
678void slirp_output(const uint8_t *pkt, int pkt_len)
679{
680#ifdef DEBUG_SLIRP
681    printf("slirp output:\n");
682    hex_dump(stdout, pkt, pkt_len);
683#endif
684    if (!slirp_vc)
685        return;
686    qemu_send_packet(slirp_vc, pkt, pkt_len);
687}
688
689int slirp_is_inited(void)
690{
691    return slirp_inited;
692}
693
694static ssize_t slirp_receive(VLANClientState *vc, const uint8_t *buf, size_t size)
695{
696#ifdef DEBUG_SLIRP
697    printf("slirp input:\n");
698    hex_dump(stdout, buf, size);
699#endif
700    slirp_input(buf, size);
701    return size;
702}
703
704static int slirp_in_use;
705
706static void net_slirp_cleanup(VLANClientState *vc)
707{
708    slirp_in_use = 0;
709}
710
711static int net_slirp_init(VLANState *vlan, const char *model, const char *name,
712                          int restricted, const char *ip)
713{
714    if (slirp_in_use) {
715        /* slirp only supports a single instance so far */
716        return -1;
717    }
718    if (!slirp_inited) {
719        slirp_inited = 1;
720        slirp_init(restricted, ip);
721
722        while (slirp_redirs) {
723            struct slirp_config_str *config = slirp_redirs;
724
725            slirp_redirection(NULL, config->str);
726            slirp_redirs = config->next;
727            qemu_free(config);
728        }
729#ifndef _WIN32
730        if (slirp_smb_export) {
731            slirp_smb(slirp_smb_export);
732        }
733#endif
734    }
735
736    slirp_vc = qemu_new_vlan_client(vlan, model, name, NULL, slirp_receive,
737                                    NULL, net_slirp_cleanup, NULL);
738    slirp_vc->info_str[0] = '\0';
739    slirp_in_use = 1;
740    return 0;
741}
742
743static void net_slirp_redir_print(void *opaque, int is_udp,
744                                  struct in_addr *laddr, u_int lport,
745                                  struct in_addr *faddr, u_int fport)
746{
747    Monitor *mon = (Monitor *)opaque;
748    uint32_t h_addr;
749    uint32_t g_addr;
750    char buf[16];
751
752    h_addr = ntohl(faddr->s_addr);
753    g_addr = ntohl(laddr->s_addr);
754
755    monitor_printf(mon, "  %s |", is_udp ? "udp" : "tcp" );
756    snprintf(buf, 15, "%d.%d.%d.%d", (h_addr >> 24) & 0xff,
757                                     (h_addr >> 16) & 0xff,
758                                     (h_addr >> 8) & 0xff,
759                                     (h_addr) & 0xff);
760    monitor_printf(mon, " %15s |", buf);
761    monitor_printf(mon, " %5d |", fport);
762
763    snprintf(buf, 15, "%d.%d.%d.%d", (g_addr >> 24) & 0xff,
764                                     (g_addr >> 16) & 0xff,
765                                     (g_addr >> 8) & 0xff,
766                                     (g_addr) & 0xff);
767    monitor_printf(mon, " %15s |", buf);
768    monitor_printf(mon, " %5d\n", lport);
769
770}
771
772static void net_slirp_redir_list(Monitor *mon)
773{
774    if (!mon)
775        return;
776
777    monitor_printf(mon, " Prot |    Host Addr    | HPort |    Guest Addr   | GPort\n");
778    monitor_printf(mon, "      |                 |       |                 |      \n");
779    slirp_redir_loop(net_slirp_redir_print, mon);
780}
781
782static void net_slirp_redir_rm(Monitor *mon, const char *port_str)
783{
784    int host_port;
785    char buf[256] = "";
786    const char *p = port_str;
787    int is_udp = 0;
788    int n;
789
790    if (!mon)
791        return;
792
793    if (!port_str || !port_str[0])
794        goto fail_syntax;
795
796    get_str_sep(buf, sizeof(buf), &p, ':');
797
798    if (!strcmp(buf, "tcp") || buf[0] == '\0') {
799        is_udp = 0;
800    } else if (!strcmp(buf, "udp")) {
801        is_udp = 1;
802    } else {
803        goto fail_syntax;
804    }
805
806    host_port = atoi(p);
807
808    n = slirp_redir_rm(is_udp, host_port);
809
810    monitor_printf(mon, "removed %d redirections to %s port %d\n", n,
811                        is_udp ? "udp" : "tcp", host_port);
812    return;
813
814 fail_syntax:
815    monitor_printf(mon, "invalid format\n");
816}
817
818static void slirp_redirection(Monitor *mon, const char *redir_str)
819{
820    struct in_addr guest_addr;
821    int host_port, guest_port;
822    const char *p;
823    char buf[256], *r;
824    int is_udp;
825
826    p = redir_str;
827    if (get_str_sep(buf, sizeof(buf), &p, ':') < 0) {
828        goto fail_syntax;
829    }
830    if (!strcmp(buf, "tcp") || buf[0] == '\0') {
831        is_udp = 0;
832    } else if (!strcmp(buf, "udp")) {
833        is_udp = 1;
834    } else {
835        goto fail_syntax;
836    }
837
838    if (get_str_sep(buf, sizeof(buf), &p, ':') < 0) {
839        goto fail_syntax;
840    }
841    host_port = strtol(buf, &r, 0);
842    if (r == buf) {
843        goto fail_syntax;
844    }
845
846    if (get_str_sep(buf, sizeof(buf), &p, ':') < 0) {
847        goto fail_syntax;
848    }
849    if (buf[0] == '\0') {
850        pstrcpy(buf, sizeof(buf), "10.0.2.15");
851    }
852    if (!inet_aton(buf, &guest_addr)) {
853        goto fail_syntax;
854    }
855
856    guest_port = strtol(p, &r, 0);
857    if (r == p) {
858        goto fail_syntax;
859    }
860
861    if (slirp_redir(is_udp, host_port, guest_addr, guest_port) < 0) {
862        config_error(mon, "could not set up redirection '%s'\n", redir_str);
863    }
864    return;
865
866 fail_syntax:
867    config_error(mon, "invalid redirection format '%s'\n", redir_str);
868}
869
870void net_slirp_redir(Monitor *mon, const char *redir_str, const char *redir_opt2)
871{
872    struct slirp_config_str *config;
873
874    if (!slirp_inited) {
875        if (mon) {
876            monitor_printf(mon, "user mode network stack not in use\n");
877        } else {
878            config = qemu_malloc(sizeof(*config));
879            config->str = redir_str;
880            config->next = slirp_redirs;
881            slirp_redirs = config;
882        }
883        return;
884    }
885
886    if (!strcmp(redir_str, "remove")) {
887        net_slirp_redir_rm(mon, redir_opt2);
888        return;
889    }
890
891    if (!strcmp(redir_str, "list")) {
892        net_slirp_redir_list(mon);
893        return;
894    }
895
896    slirp_redirection(mon, redir_str);
897}
898
899#ifndef _WIN32
900
901static char smb_dir[1024];
902
903static void erase_dir(char *dir_name)
904{
905    DIR *d;
906    struct dirent *de;
907    char filename[1024];
908
909    /* erase all the files in the directory */
910    if ((d = opendir(dir_name)) != NULL) {
911        for(;;) {
912            de = readdir(d);
913            if (!de)
914                break;
915            if (strcmp(de->d_name, ".") != 0 &&
916                strcmp(de->d_name, "..") != 0) {
917                snprintf(filename, sizeof(filename), "%s/%s",
918                         smb_dir, de->d_name);
919                if (unlink(filename) != 0)  /* is it a directory? */
920                    erase_dir(filename);
921            }
922        }
923        closedir(d);
924        rmdir(dir_name);
925    }
926}
927
928/* automatic user mode samba server configuration */
929static void smb_exit(void)
930{
931    erase_dir(smb_dir);
932}
933
934static void slirp_smb(const char *exported_dir)
935{
936    char smb_conf[1024];
937    char smb_cmdline[1024];
938    FILE *f;
939
940    /* XXX: better tmp dir construction */
941    snprintf(smb_dir, sizeof(smb_dir), "/tmp/qemu-smb.%ld", (long)getpid());
942    if (mkdir(smb_dir, 0700) < 0) {
943        fprintf(stderr, "qemu: could not create samba server dir '%s'\n", smb_dir);
944        exit(1);
945    }
946    snprintf(smb_conf, sizeof(smb_conf), "%s/%s", smb_dir, "smb.conf");
947
948    f = fopen(smb_conf, "w");
949    if (!f) {
950        fprintf(stderr, "qemu: could not create samba server configuration file '%s'\n", smb_conf);
951        exit(1);
952    }
953    fprintf(f,
954            "[global]\n"
955            "private dir=%s\n"
956            "smb ports=0\n"
957            "socket address=127.0.0.1\n"
958            "pid directory=%s\n"
959            "lock directory=%s\n"
960            "log file=%s/log.smbd\n"
961            "smb passwd file=%s/smbpasswd\n"
962            "security = share\n"
963            "[qemu]\n"
964            "path=%s\n"
965            "read only=no\n"
966            "guest ok=yes\n",
967            smb_dir,
968            smb_dir,
969            smb_dir,
970            smb_dir,
971            smb_dir,
972            exported_dir
973            );
974    fclose(f);
975    atexit(smb_exit);
976
977    snprintf(smb_cmdline, sizeof(smb_cmdline), "%s -s %s",
978             SMBD_COMMAND, smb_conf);
979
980    slirp_add_exec(0, smb_cmdline, 4, 139);
981}
982
983/* automatic user mode samba server configuration */
984void net_slirp_smb(const char *exported_dir)
985{
986    if (slirp_smb_export) {
987        fprintf(stderr, "-smb given twice\n");
988        exit(1);
989    }
990    slirp_smb_export = exported_dir;
991    if (slirp_inited) {
992        slirp_smb(exported_dir);
993    }
994}
995
996#endif /* !defined(_WIN32) */
997
998void do_info_slirp(Monitor *mon)
999{
1000    slirp_stats();
1001}
1002
1003struct VMChannel {
1004    CharDriverState *hd;
1005    int port;
1006};
1007
1008static int vmchannel_can_read(void *opaque)
1009{
1010    struct VMChannel *vmc = (struct VMChannel*)opaque;
1011    return slirp_socket_can_recv(4, vmc->port);
1012}
1013
1014static void vmchannel_read(void *opaque, const uint8_t *buf, int size)
1015{
1016    struct VMChannel *vmc = (struct VMChannel*)opaque;
1017    slirp_socket_recv(4, vmc->port, buf, size);
1018}
1019
1020#endif /* CONFIG_SLIRP */
1021
1022#if !defined(_WIN32)
1023
1024typedef struct TAPState {
1025    VLANClientState *vc;
1026    int fd;
1027    char down_script[1024];
1028    char down_script_arg[128];
1029    uint8_t buf[4096];
1030} TAPState;
1031
1032static int launch_script(const char *setup_script, const char *ifname, int fd);
1033
1034static ssize_t tap_receive_iov(VLANClientState *vc, const struct iovec *iov,
1035                               int iovcnt)
1036{
1037    TAPState *s = vc->opaque;
1038    ssize_t len;
1039
1040    do {
1041        len = writev(s->fd, iov, iovcnt);
1042    } while (len == -1 && (errno == EINTR || errno == EAGAIN));
1043
1044    return len;
1045}
1046
1047static ssize_t tap_receive(VLANClientState *vc, const uint8_t *buf, size_t size)
1048{
1049    TAPState *s = vc->opaque;
1050    ssize_t len;
1051
1052    do {
1053        len = write(s->fd, buf, size);
1054    } while (len == -1 && (errno == EINTR || errno == EAGAIN));
1055
1056    return len;
1057}
1058
1059static int tap_can_send(void *opaque)
1060{
1061    TAPState *s = opaque;
1062
1063    return qemu_can_send_packet(s->vc);
1064}
1065
1066#ifdef __sun__
1067static ssize_t tap_read_packet(int tapfd, uint8_t *buf, int maxlen)
1068{
1069    struct strbuf sbuf;
1070    int f = 0;
1071
1072    sbuf.maxlen = maxlen;
1073    sbuf.buf = (char *)buf;
1074
1075    return getmsg(tapfd, NULL, &sbuf, &f) >= 0 ? sbuf.len : -1;
1076}
1077#else
1078static ssize_t tap_read_packet(int tapfd, uint8_t *buf, int maxlen)
1079{
1080    return read(tapfd, buf, maxlen);
1081}
1082#endif
1083
1084static void tap_send(void *opaque);
1085
1086static void tap_send_completed(VLANClientState *vc)
1087{
1088    TAPState *s = vc->opaque;
1089
1090    qemu_set_fd_handler2(s->fd, tap_can_send, tap_send, NULL, s);
1091}
1092
1093static void tap_send(void *opaque)
1094{
1095    TAPState *s = opaque;
1096    int size;
1097
1098    do {
1099        size = tap_read_packet(s->fd, s->buf, sizeof(s->buf));
1100        if (size <= 0) {
1101            break;
1102        }
1103
1104        size = qemu_send_packet_async(s->vc, s->buf, size, tap_send_completed);
1105        if (size == 0) {
1106            qemu_set_fd_handler2(s->fd, NULL, NULL, NULL, NULL);
1107        }
1108    } while (size > 0);
1109}
1110
1111static void tap_cleanup(VLANClientState *vc)
1112{
1113    TAPState *s = vc->opaque;
1114
1115    if (s->down_script[0])
1116        launch_script(s->down_script, s->down_script_arg, s->fd);
1117
1118    qemu_set_fd_handler(s->fd, NULL, NULL, NULL);
1119    close(s->fd);
1120    qemu_free(s);
1121}
1122
1123/* fd support */
1124
1125static TAPState *net_tap_fd_init(VLANState *vlan,
1126                                 const char *model,
1127                                 const char *name,
1128                                 int fd)
1129{
1130    TAPState *s;
1131
1132    s = qemu_mallocz(sizeof(TAPState));
1133    s->fd = fd;
1134    s->vc = qemu_new_vlan_client(vlan, model, name, NULL, tap_receive,
1135                                 tap_receive_iov, tap_cleanup, s);
1136    qemu_set_fd_handler2(s->fd, tap_can_send, tap_send, NULL, s);
1137    snprintf(s->vc->info_str, sizeof(s->vc->info_str), "fd=%d", fd);
1138    return s;
1139}
1140
1141#if defined (CONFIG_BSD) || defined (__FreeBSD_kernel__)
1142static int tap_open(char *ifname, int ifname_size)
1143{
1144    int fd;
1145    char *dev;
1146    struct stat s;
1147
1148    TFR(fd = open("/dev/tap", O_RDWR));
1149    if (fd < 0) {
1150        fprintf(stderr, "warning: could not open /dev/tap: no virtual network emulation\n");
1151        return -1;
1152    }
1153
1154    fstat(fd, &s);
1155    dev = devname(s.st_rdev, S_IFCHR);
1156    pstrcpy(ifname, ifname_size, dev);
1157
1158    fcntl(fd, F_SETFL, O_NONBLOCK);
1159    return fd;
1160}
1161#elif defined(__sun__)
1162#define TUNNEWPPA       (('T'<<16) | 0x0001)
1163/*
1164 * Allocate TAP device, returns opened fd.
1165 * Stores dev name in the first arg(must be large enough).
1166 */
1167static int tap_alloc(char *dev, size_t dev_size)
1168{
1169    int tap_fd, if_fd, ppa = -1;
1170    static int ip_fd = 0;
1171    char *ptr;
1172
1173    static int arp_fd = 0;
1174    int ip_muxid, arp_muxid;
1175    struct strioctl  strioc_if, strioc_ppa;
1176    int link_type = I_PLINK;;
1177    struct lifreq ifr;
1178    char actual_name[32] = "";
1179
1180    memset(&ifr, 0x0, sizeof(ifr));
1181
1182    if( *dev ){
1183       ptr = dev;
1184       while( *ptr && !qemu_isdigit((int)*ptr) ) ptr++;
1185       ppa = atoi(ptr);
1186    }
1187
1188    /* Check if IP device was opened */
1189    if( ip_fd )
1190       close(ip_fd);
1191
1192    TFR(ip_fd = open("/dev/udp", O_RDWR, 0));
1193    if (ip_fd < 0) {
1194       syslog(LOG_ERR, "Can't open /dev/ip (actually /dev/udp)");
1195       return -1;
1196    }
1197
1198    TFR(tap_fd = open("/dev/tap", O_RDWR, 0));
1199    if (tap_fd < 0) {
1200       syslog(LOG_ERR, "Can't open /dev/tap");
1201       return -1;
1202    }
1203
1204    /* Assign a new PPA and get its unit number. */
1205    strioc_ppa.ic_cmd = TUNNEWPPA;
1206    strioc_ppa.ic_timout = 0;
1207    strioc_ppa.ic_len = sizeof(ppa);
1208    strioc_ppa.ic_dp = (char *)&ppa;
1209    if ((ppa = ioctl (tap_fd, I_STR, &strioc_ppa)) < 0)
1210       syslog (LOG_ERR, "Can't assign new interface");
1211
1212    TFR(if_fd = open("/dev/tap", O_RDWR, 0));
1213    if (if_fd < 0) {
1214       syslog(LOG_ERR, "Can't open /dev/tap (2)");
1215       return -1;
1216    }
1217    if(ioctl(if_fd, I_PUSH, "ip") < 0){
1218       syslog(LOG_ERR, "Can't push IP module");
1219       return -1;
1220    }
1221
1222    if (ioctl(if_fd, SIOCGLIFFLAGS, &ifr) < 0)
1223	syslog(LOG_ERR, "Can't get flags\n");
1224
1225    snprintf (actual_name, 32, "tap%d", ppa);
1226    pstrcpy(ifr.lifr_name, sizeof(ifr.lifr_name), actual_name);
1227
1228    ifr.lifr_ppa = ppa;
1229    /* Assign ppa according to the unit number returned by tun device */
1230
1231    if (ioctl (if_fd, SIOCSLIFNAME, &ifr) < 0)
1232        syslog (LOG_ERR, "Can't set PPA %d", ppa);
1233    if (ioctl(if_fd, SIOCGLIFFLAGS, &ifr) <0)
1234        syslog (LOG_ERR, "Can't get flags\n");
1235    /* Push arp module to if_fd */
1236    if (ioctl (if_fd, I_PUSH, "arp") < 0)
1237        syslog (LOG_ERR, "Can't push ARP module (2)");
1238
1239    /* Push arp module to ip_fd */
1240    if (ioctl (ip_fd, I_POP, NULL) < 0)
1241        syslog (LOG_ERR, "I_POP failed\n");
1242    if (ioctl (ip_fd, I_PUSH, "arp") < 0)
1243        syslog (LOG_ERR, "Can't push ARP module (3)\n");
1244    /* Open arp_fd */
1245    TFR(arp_fd = open ("/dev/tap", O_RDWR, 0));
1246    if (arp_fd < 0)
1247       syslog (LOG_ERR, "Can't open %s\n", "/dev/tap");
1248
1249    /* Set ifname to arp */
1250    strioc_if.ic_cmd = SIOCSLIFNAME;
1251    strioc_if.ic_timout = 0;
1252    strioc_if.ic_len = sizeof(ifr);
1253    strioc_if.ic_dp = (char *)&ifr;
1254    if (ioctl(arp_fd, I_STR, &strioc_if) < 0){
1255        syslog (LOG_ERR, "Can't set ifname to arp\n");
1256    }
1257
1258    if((ip_muxid = ioctl(ip_fd, I_LINK, if_fd)) < 0){
1259       syslog(LOG_ERR, "Can't link TAP device to IP");
1260       return -1;
1261    }
1262
1263    if ((arp_muxid = ioctl (ip_fd, link_type, arp_fd)) < 0)
1264        syslog (LOG_ERR, "Can't link TAP device to ARP");
1265
1266    close (if_fd);
1267
1268    memset(&ifr, 0x0, sizeof(ifr));
1269    pstrcpy(ifr.lifr_name, sizeof(ifr.lifr_name), actual_name);
1270    ifr.lifr_ip_muxid  = ip_muxid;
1271    ifr.lifr_arp_muxid = arp_muxid;
1272
1273    if (ioctl (ip_fd, SIOCSLIFMUXID, &ifr) < 0)
1274    {
1275      ioctl (ip_fd, I_PUNLINK , arp_muxid);
1276      ioctl (ip_fd, I_PUNLINK, ip_muxid);
1277      syslog (LOG_ERR, "Can't set multiplexor id");
1278    }
1279
1280    snprintf(dev, dev_size, "tap%d", ppa);
1281    return tap_fd;
1282}
1283
1284static int tap_open(char *ifname, int ifname_size)
1285{
1286    char  dev[10]="";
1287    int fd;
1288    if( (fd = tap_alloc(dev, sizeof(dev))) < 0 ){
1289       fprintf(stderr, "Cannot allocate TAP device\n");
1290       return -1;
1291    }
1292    pstrcpy(ifname, ifname_size, dev);
1293    fcntl(fd, F_SETFL, O_NONBLOCK);
1294    return fd;
1295}
1296#elif defined (_AIX)
1297static int tap_open(char *ifname, int ifname_size)
1298{
1299    fprintf (stderr, "no tap on AIX\n");
1300    return -1;
1301}
1302#else
1303static int tap_open(char *ifname, int ifname_size)
1304{
1305    struct ifreq ifr;
1306    int fd, ret;
1307
1308    TFR(fd = open("/dev/net/tun", O_RDWR));
1309    if (fd < 0) {
1310        fprintf(stderr, "warning: could not open /dev/net/tun: no virtual network emulation\n");
1311        return -1;
1312    }
1313    memset(&ifr, 0, sizeof(ifr));
1314    ifr.ifr_flags = IFF_TAP | IFF_NO_PI;
1315    if (ifname[0] != '\0')
1316        pstrcpy(ifr.ifr_name, IFNAMSIZ, ifname);
1317    else
1318        pstrcpy(ifr.ifr_name, IFNAMSIZ, "tap%d");
1319    ret = ioctl(fd, TUNSETIFF, (void *) &ifr);
1320    if (ret != 0) {
1321        fprintf(stderr, "warning: could not configure /dev/net/tun: no virtual network emulation\n");
1322        close(fd);
1323        return -1;
1324    }
1325    pstrcpy(ifname, ifname_size, ifr.ifr_name);
1326    fcntl(fd, F_SETFL, O_NONBLOCK);
1327    return fd;
1328}
1329#endif
1330
1331static int launch_script(const char *setup_script, const char *ifname, int fd)
1332{
1333    sigset_t oldmask, mask;
1334    int pid, status;
1335    char *args[3];
1336    char **parg;
1337
1338    sigemptyset(&mask);
1339    sigaddset(&mask, SIGCHLD);
1340    sigprocmask(SIG_BLOCK, &mask, &oldmask);
1341
1342    /* try to launch network script */
1343    pid = fork();
1344    if (pid == 0) {
1345        int open_max = sysconf(_SC_OPEN_MAX), i;
1346
1347        for (i = 0; i < open_max; i++) {
1348            if (i != STDIN_FILENO &&
1349                i != STDOUT_FILENO &&
1350                i != STDERR_FILENO &&
1351                i != fd) {
1352                close(i);
1353            }
1354        }
1355        parg = args;
1356        *parg++ = (char *)setup_script;
1357        *parg++ = (char *)ifname;
1358        *parg++ = NULL;
1359        execv(setup_script, args);
1360        _exit(1);
1361    } else if (pid > 0) {
1362        while (waitpid(pid, &status, 0) != pid) {
1363            /* loop */
1364        }
1365        sigprocmask(SIG_SETMASK, &oldmask, NULL);
1366
1367        if (WIFEXITED(status) && WEXITSTATUS(status) == 0) {
1368            return 0;
1369        }
1370    }
1371    fprintf(stderr, "%s: could not launch network script\n", setup_script);
1372    return -1;
1373}
1374
1375static int net_tap_init(VLANState *vlan, const char *model,
1376                        const char *name, const char *ifname1,
1377                        const char *setup_script, const char *down_script)
1378{
1379    TAPState *s;
1380    int fd;
1381    char ifname[128];
1382
1383    if (ifname1 != NULL)
1384        pstrcpy(ifname, sizeof(ifname), ifname1);
1385    else
1386        ifname[0] = '\0';
1387    TFR(fd = tap_open(ifname, sizeof(ifname)));
1388    if (fd < 0)
1389        return -1;
1390
1391    if (!setup_script || !strcmp(setup_script, "no"))
1392        setup_script = "";
1393    if (setup_script[0] != '\0') {
1394	if (launch_script(setup_script, ifname, fd))
1395	    return -1;
1396    }
1397    s = net_tap_fd_init(vlan, model, name, fd);
1398    snprintf(s->vc->info_str, sizeof(s->vc->info_str),
1399             "ifname=%s,script=%s,downscript=%s",
1400             ifname, setup_script, down_script);
1401    if (down_script && strcmp(down_script, "no")) {
1402        snprintf(s->down_script, sizeof(s->down_script), "%s", down_script);
1403        snprintf(s->down_script_arg, sizeof(s->down_script_arg), "%s", ifname);
1404    }
1405    return 0;
1406}
1407
1408#endif /* !_WIN32 */
1409
1410#if defined(CONFIG_VDE)
1411typedef struct VDEState {
1412    VLANClientState *vc;
1413    VDECONN *vde;
1414} VDEState;
1415
1416static void vde_to_qemu(void *opaque)
1417{
1418    VDEState *s = opaque;
1419    uint8_t buf[4096];
1420    int size;
1421
1422    size = vde_recv(s->vde, (char *)buf, sizeof(buf), 0);
1423    if (size > 0) {
1424        qemu_send_packet(s->vc, buf, size);
1425    }
1426}
1427
1428static ssize_t vde_receive(VLANClientState *vc, const uint8_t *buf, size_t size)
1429{
1430    VDEState *s = vc->opaque;
1431    ssize_t ret;
1432
1433    do {
1434      ret = vde_send(s->vde, (const char *)buf, size, 0);
1435    } while (ret < 0 && errno == EINTR);
1436
1437    return ret;
1438}
1439
1440static void vde_cleanup(VLANClientState *vc)
1441{
1442    VDEState *s = vc->opaque;
1443    qemu_set_fd_handler(vde_datafd(s->vde), NULL, NULL, NULL);
1444    vde_close(s->vde);
1445    qemu_free(s);
1446}
1447
1448static int net_vde_init(VLANState *vlan, const char *model,
1449                        const char *name, const char *sock,
1450                        int port, const char *group, int mode)
1451{
1452    VDEState *s;
1453    char *init_group = strlen(group) ? (char *)group : NULL;
1454    char *init_sock = strlen(sock) ? (char *)sock : NULL;
1455
1456    struct vde_open_args args = {
1457        .port = port,
1458        .group = init_group,
1459        .mode = mode,
1460    };
1461
1462    s = qemu_mallocz(sizeof(VDEState));
1463    s->vde = vde_open(init_sock, (char *)"QEMU", &args);
1464    if (!s->vde){
1465        free(s);
1466        return -1;
1467    }
1468    s->vc = qemu_new_vlan_client(vlan, model, name, NULL, vde_receive,
1469                                 NULL, vde_cleanup, s);
1470    qemu_set_fd_handler(vde_datafd(s->vde), vde_to_qemu, NULL, s);
1471    snprintf(s->vc->info_str, sizeof(s->vc->info_str), "sock=%s,fd=%d",
1472             sock, vde_datafd(s->vde));
1473    return 0;
1474}
1475#endif
1476
1477/* network connection */
1478typedef struct NetSocketState {
1479    VLANClientState *vc;
1480    int fd;
1481    int state; /* 0 = getting length, 1 = getting data */
1482    unsigned int index;
1483    unsigned int packet_len;
1484    uint8_t buf[4096];
1485    struct sockaddr_in dgram_dst; /* contains inet host and port destination iff connectionless (SOCK_DGRAM) */
1486} NetSocketState;
1487
1488typedef struct NetSocketListenState {
1489    VLANState *vlan;
1490    char *model;
1491    char *name;
1492    int fd;
1493} NetSocketListenState;
1494
1495/* XXX: we consider we can send the whole packet without blocking */
1496static ssize_t net_socket_receive(VLANClientState *vc, const uint8_t *buf, size_t size)
1497{
1498    NetSocketState *s = vc->opaque;
1499    uint32_t len;
1500    len = htonl(size);
1501
1502    send_all(s->fd, (const uint8_t *)&len, sizeof(len));
1503    return send_all(s->fd, buf, size);
1504}
1505
1506static ssize_t net_socket_receive_dgram(VLANClientState *vc, const uint8_t *buf, size_t size)
1507{
1508    NetSocketState *s = vc->opaque;
1509
1510    return sendto(s->fd, (const void *)buf, size, 0,
1511                  (struct sockaddr *)&s->dgram_dst, sizeof(s->dgram_dst));
1512}
1513
1514static void net_socket_send(void *opaque)
1515{
1516    NetSocketState *s = opaque;
1517    int size, err;
1518    unsigned l;
1519    uint8_t buf1[4096];
1520    const uint8_t *buf;
1521
1522    size = recv(s->fd, (void *)buf1, sizeof(buf1), 0);
1523    if (size < 0) {
1524        err = socket_error();
1525        if (err != EWOULDBLOCK)
1526            goto eoc;
1527    } else if (size == 0) {
1528        /* end of connection */
1529    eoc:
1530        qemu_set_fd_handler(s->fd, NULL, NULL, NULL);
1531        closesocket(s->fd);
1532        return;
1533    }
1534    buf = buf1;
1535    while (size > 0) {
1536        /* reassemble a packet from the network */
1537        switch(s->state) {
1538        case 0:
1539            l = 4 - s->index;
1540            if (l > size)
1541                l = size;
1542            memcpy(s->buf + s->index, buf, l);
1543            buf += l;
1544            size -= l;
1545            s->index += l;
1546            if (s->index == 4) {
1547                /* got length */
1548                s->packet_len = ntohl(*(uint32_t *)s->buf);
1549                s->index = 0;
1550                s->state = 1;
1551            }
1552            break;
1553        case 1:
1554            l = s->packet_len - s->index;
1555            if (l > size)
1556                l = size;
1557            if (s->index + l <= sizeof(s->buf)) {
1558                memcpy(s->buf + s->index, buf, l);
1559            } else {
1560                fprintf(stderr, "serious error: oversized packet received,"
1561                    "connection terminated.\n");
1562                s->state = 0;
1563                goto eoc;
1564            }
1565
1566            s->index += l;
1567            buf += l;
1568            size -= l;
1569            if (s->index >= s->packet_len) {
1570                qemu_send_packet(s->vc, s->buf, s->packet_len);
1571                s->index = 0;
1572                s->state = 0;
1573            }
1574            break;
1575        }
1576    }
1577}
1578
1579static void net_socket_send_dgram(void *opaque)
1580{
1581    NetSocketState *s = opaque;
1582    int size;
1583
1584    size = recv(s->fd, (void *)s->buf, sizeof(s->buf), 0);
1585    if (size < 0)
1586        return;
1587    if (size == 0) {
1588        /* end of connection */
1589        qemu_set_fd_handler(s->fd, NULL, NULL, NULL);
1590        return;
1591    }
1592    qemu_send_packet(s->vc, s->buf, size);
1593}
1594
1595static int net_socket_mcast_create(struct sockaddr_in *mcastaddr)
1596{
1597    struct ip_mreq imr;
1598    int fd;
1599    int val, ret;
1600    if (!IN_MULTICAST(ntohl(mcastaddr->sin_addr.s_addr))) {
1601	fprintf(stderr, "qemu: error: specified mcastaddr \"%s\" (0x%08x) does not contain a multicast address\n",
1602		inet_ntoa(mcastaddr->sin_addr),
1603                (int)ntohl(mcastaddr->sin_addr.s_addr));
1604	return -1;
1605
1606    }
1607    fd = socket(PF_INET, SOCK_DGRAM, 0);
1608    if (fd < 0) {
1609        perror("socket(PF_INET, SOCK_DGRAM)");
1610        return -1;
1611    }
1612
1613    val = 1;
1614    ret=setsockopt(fd, SOL_SOCKET, SO_REUSEADDR,
1615                   (const char *)&val, sizeof(val));
1616    if (ret < 0) {
1617	perror("setsockopt(SOL_SOCKET, SO_REUSEADDR)");
1618	goto fail;
1619    }
1620
1621    ret = bind(fd, (struct sockaddr *)mcastaddr, sizeof(*mcastaddr));
1622    if (ret < 0) {
1623        perror("bind");
1624        goto fail;
1625    }
1626
1627    /* Add host to multicast group */
1628    imr.imr_multiaddr = mcastaddr->sin_addr;
1629    imr.imr_interface.s_addr = htonl(INADDR_ANY);
1630
1631    ret = setsockopt(fd, IPPROTO_IP, IP_ADD_MEMBERSHIP,
1632                     (const char *)&imr, sizeof(struct ip_mreq));
1633    if (ret < 0) {
1634	perror("setsockopt(IP_ADD_MEMBERSHIP)");
1635	goto fail;
1636    }
1637
1638    /* Force mcast msgs to loopback (eg. several QEMUs in same host */
1639    val = 1;
1640    ret=setsockopt(fd, IPPROTO_IP, IP_MULTICAST_LOOP,
1641                   (const char *)&val, sizeof(val));
1642    if (ret < 0) {
1643	perror("setsockopt(SOL_IP, IP_MULTICAST_LOOP)");
1644	goto fail;
1645    }
1646
1647    socket_set_nonblock(fd);
1648    return fd;
1649fail:
1650    if (fd >= 0)
1651        closesocket(fd);
1652    return -1;
1653}
1654
1655static void net_socket_cleanup(VLANClientState *vc)
1656{
1657    NetSocketState *s = vc->opaque;
1658    qemu_set_fd_handler(s->fd, NULL, NULL, NULL);
1659    close(s->fd);
1660    qemu_free(s);
1661}
1662
1663static NetSocketState *net_socket_fd_init_dgram(VLANState *vlan,
1664                                                const char *model,
1665                                                const char *name,
1666                                                int fd, int is_connected)
1667{
1668    struct sockaddr_in saddr;
1669    int newfd;
1670    socklen_t saddr_len;
1671    NetSocketState *s;
1672
1673    /* fd passed: multicast: "learn" dgram_dst address from bound address and save it
1674     * Because this may be "shared" socket from a "master" process, datagrams would be recv()
1675     * by ONLY ONE process: we must "clone" this dgram socket --jjo
1676     */
1677
1678    if (is_connected) {
1679	if (getsockname(fd, (struct sockaddr *) &saddr, &saddr_len) == 0) {
1680	    /* must be bound */
1681	    if (saddr.sin_addr.s_addr==0) {
1682		fprintf(stderr, "qemu: error: init_dgram: fd=%d unbound, cannot setup multicast dst addr\n",
1683			fd);
1684		return NULL;
1685	    }
1686	    /* clone dgram socket */
1687	    newfd = net_socket_mcast_create(&saddr);
1688	    if (newfd < 0) {
1689		/* error already reported by net_socket_mcast_create() */
1690		close(fd);
1691		return NULL;
1692	    }
1693	    /* clone newfd to fd, close newfd */
1694	    dup2(newfd, fd);
1695	    close(newfd);
1696
1697	} else {
1698	    fprintf(stderr, "qemu: error: init_dgram: fd=%d failed getsockname(): %s\n",
1699		    fd, strerror(errno));
1700	    return NULL;
1701	}
1702    }
1703
1704    s = qemu_mallocz(sizeof(NetSocketState));
1705    s->fd = fd;
1706
1707    s->vc = qemu_new_vlan_client(vlan, model, name, NULL, net_socket_receive_dgram,
1708                                 NULL, net_socket_cleanup, s);
1709    qemu_set_fd_handler(s->fd, net_socket_send_dgram, NULL, s);
1710
1711    /* mcast: save bound address as dst */
1712    if (is_connected) s->dgram_dst=saddr;
1713
1714    snprintf(s->vc->info_str, sizeof(s->vc->info_str),
1715	    "socket: fd=%d (%s mcast=%s:%d)",
1716	    fd, is_connected? "cloned" : "",
1717	    inet_ntoa(saddr.sin_addr), ntohs(saddr.sin_port));
1718    return s;
1719}
1720
1721static void net_socket_connect(void *opaque)
1722{
1723    NetSocketState *s = opaque;
1724    qemu_set_fd_handler(s->fd, net_socket_send, NULL, s);
1725}
1726
1727static NetSocketState *net_socket_fd_init_stream(VLANState *vlan,
1728                                                 const char *model,
1729                                                 const char *name,
1730                                                 int fd, int is_connected)
1731{
1732    NetSocketState *s;
1733    s = qemu_mallocz(sizeof(NetSocketState));
1734    s->fd = fd;
1735    s->vc = qemu_new_vlan_client(vlan, model, name, NULL, net_socket_receive,
1736                                 NULL, net_socket_cleanup, s);
1737    snprintf(s->vc->info_str, sizeof(s->vc->info_str),
1738             "socket: fd=%d", fd);
1739    if (is_connected) {
1740        net_socket_connect(s);
1741    } else {
1742        qemu_set_fd_handler(s->fd, NULL, net_socket_connect, s);
1743    }
1744    return s;
1745}
1746
1747static NetSocketState *net_socket_fd_init(VLANState *vlan,
1748                                          const char *model, const char *name,
1749                                          int fd, int is_connected)
1750{
1751    int so_type=-1, optlen=sizeof(so_type);
1752
1753    if(getsockopt(fd, SOL_SOCKET, SO_TYPE, (char *)&so_type,
1754        (socklen_t *)&optlen)< 0) {
1755	fprintf(stderr, "qemu: error: getsockopt(SO_TYPE) for fd=%d failed\n", fd);
1756	return NULL;
1757    }
1758    switch(so_type) {
1759    case SOCK_DGRAM:
1760        return net_socket_fd_init_dgram(vlan, model, name, fd, is_connected);
1761    case SOCK_STREAM:
1762        return net_socket_fd_init_stream(vlan, model, name, fd, is_connected);
1763    default:
1764        /* who knows ... this could be a eg. a pty, do warn and continue as stream */
1765        fprintf(stderr, "qemu: warning: socket type=%d for fd=%d is not SOCK_DGRAM or SOCK_STREAM\n", so_type, fd);
1766        return net_socket_fd_init_stream(vlan, model, name, fd, is_connected);
1767    }
1768    return NULL;
1769}
1770
1771static void net_socket_accept(void *opaque)
1772{
1773    NetSocketListenState *s = opaque;
1774    NetSocketState *s1;
1775    struct sockaddr_in saddr;
1776    socklen_t len;
1777    int fd;
1778
1779    for(;;) {
1780        len = sizeof(saddr);
1781        fd = accept(s->fd, (struct sockaddr *)&saddr, &len);
1782        if (fd < 0 && errno != EINTR) {
1783            return;
1784        } else if (fd >= 0) {
1785            break;
1786        }
1787    }
1788    s1 = net_socket_fd_init(s->vlan, s->model, s->name, fd, 1);
1789    if (!s1) {
1790        closesocket(fd);
1791    } else {
1792        snprintf(s1->vc->info_str, sizeof(s1->vc->info_str),
1793                 "socket: connection from %s:%d",
1794                 inet_ntoa(saddr.sin_addr), ntohs(saddr.sin_port));
1795    }
1796}
1797
1798static int net_socket_listen_init(VLANState *vlan,
1799                                  const char *model,
1800                                  const char *name,
1801                                  const char *host_str)
1802{
1803    NetSocketListenState *s;
1804    int fd, val, ret;
1805    struct sockaddr_in saddr;
1806
1807    if (parse_host_port(&saddr, host_str) < 0)
1808        return -1;
1809
1810    s = qemu_mallocz(sizeof(NetSocketListenState));
1811
1812    fd = socket(PF_INET, SOCK_STREAM, 0);
1813    if (fd < 0) {
1814        perror("socket");
1815        return -1;
1816    }
1817    socket_set_nonblock(fd);
1818
1819    /* allow fast reuse */
1820    val = 1;
1821    setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, (const char *)&val, sizeof(val));
1822
1823    ret = bind(fd, (struct sockaddr *)&saddr, sizeof(saddr));
1824    if (ret < 0) {
1825        perror("bind");
1826        return -1;
1827    }
1828    ret = listen(fd, 0);
1829    if (ret < 0) {
1830        perror("listen");
1831        return -1;
1832    }
1833    s->vlan = vlan;
1834    s->model = strdup(model);
1835    s->name = name ? strdup(name) : NULL;
1836    s->fd = fd;
1837    qemu_set_fd_handler(fd, net_socket_accept, NULL, s);
1838    return 0;
1839}
1840
1841static int net_socket_connect_init(VLANState *vlan,
1842                                   const char *model,
1843                                   const char *name,
1844                                   const char *host_str)
1845{
1846    NetSocketState *s;
1847    int fd, connected, ret, err;
1848    struct sockaddr_in saddr;
1849
1850    if (parse_host_port(&saddr, host_str) < 0)
1851        return -1;
1852
1853    fd = socket(PF_INET, SOCK_STREAM, 0);
1854    if (fd < 0) {
1855        perror("socket");
1856        return -1;
1857    }
1858    socket_set_nonblock(fd);
1859
1860    connected = 0;
1861    for(;;) {
1862        ret = connect(fd, (struct sockaddr *)&saddr, sizeof(saddr));
1863        if (ret < 0) {
1864            err = socket_error();
1865            if (err == EINTR || err == EWOULDBLOCK) {
1866            } else if (err == EINPROGRESS) {
1867                break;
1868#ifdef _WIN32
1869            } else if (err == WSAEALREADY) {
1870                break;
1871#endif
1872            } else {
1873                perror("connect");
1874                closesocket(fd);
1875                return -1;
1876            }
1877        } else {
1878            connected = 1;
1879            break;
1880        }
1881    }
1882    s = net_socket_fd_init(vlan, model, name, fd, connected);
1883    if (!s)
1884        return -1;
1885    snprintf(s->vc->info_str, sizeof(s->vc->info_str),
1886             "socket: connect to %s:%d",
1887             inet_ntoa(saddr.sin_addr), ntohs(saddr.sin_port));
1888    return 0;
1889}
1890
1891static int net_socket_mcast_init(VLANState *vlan,
1892                                 const char *model,
1893                                 const char *name,
1894                                 const char *host_str)
1895{
1896    NetSocketState *s;
1897    int fd;
1898    struct sockaddr_in saddr;
1899
1900    if (parse_host_port(&saddr, host_str) < 0)
1901        return -1;
1902
1903
1904    fd = net_socket_mcast_create(&saddr);
1905    if (fd < 0)
1906	return -1;
1907
1908    s = net_socket_fd_init(vlan, model, name, fd, 0);
1909    if (!s)
1910        return -1;
1911
1912    s->dgram_dst = saddr;
1913
1914    snprintf(s->vc->info_str, sizeof(s->vc->info_str),
1915             "socket: mcast=%s:%d",
1916             inet_ntoa(saddr.sin_addr), ntohs(saddr.sin_port));
1917    return 0;
1918
1919}
1920
1921typedef struct DumpState {
1922    VLANClientState *pcap_vc;
1923    int fd;
1924    int pcap_caplen;
1925} DumpState;
1926
1927#define PCAP_MAGIC 0xa1b2c3d4
1928
1929struct pcap_file_hdr {
1930    uint32_t magic;
1931    uint16_t version_major;
1932    uint16_t version_minor;
1933    int32_t thiszone;
1934    uint32_t sigfigs;
1935    uint32_t snaplen;
1936    uint32_t linktype;
1937};
1938
1939struct pcap_sf_pkthdr {
1940    struct {
1941        int32_t tv_sec;
1942        int32_t tv_usec;
1943    } ts;
1944    uint32_t caplen;
1945    uint32_t len;
1946};
1947
1948static ssize_t dump_receive(VLANClientState *vc, const uint8_t *buf, size_t size)
1949{
1950    DumpState *s = vc->opaque;
1951    struct pcap_sf_pkthdr hdr;
1952    int64_t ts;
1953    int caplen;
1954
1955    /* Early return in case of previous error. */
1956    if (s->fd < 0) {
1957        return size;
1958    }
1959
1960    ts = muldiv64(qemu_get_clock(vm_clock), 1000000, get_ticks_per_sec());
1961    caplen = size > s->pcap_caplen ? s->pcap_caplen : size;
1962
1963    hdr.ts.tv_sec = ts / 1000000;
1964    hdr.ts.tv_usec = ts % 1000000;
1965    hdr.caplen = caplen;
1966    hdr.len = size;
1967    if (write(s->fd, &hdr, sizeof(hdr)) != sizeof(hdr) ||
1968        write(s->fd, buf, caplen) != caplen) {
1969        qemu_log("-net dump write error - stop dump\n");
1970        close(s->fd);
1971        s->fd = -1;
1972    }
1973
1974    return size;
1975}
1976
1977static void net_dump_cleanup(VLANClientState *vc)
1978{
1979    DumpState *s = vc->opaque;
1980
1981    close(s->fd);
1982    qemu_free(s);
1983}
1984
1985static int net_dump_init(Monitor *mon, VLANState *vlan, const char *device,
1986                         const char *name, const char *filename, int len)
1987{
1988    struct pcap_file_hdr hdr;
1989    DumpState *s;
1990
1991    s = qemu_malloc(sizeof(DumpState));
1992
1993    s->fd = open(filename, O_CREAT | O_WRONLY, 0644);
1994    if (s->fd < 0) {
1995        config_error(mon, "-net dump: can't open %s\n", filename);
1996        return -1;
1997    }
1998
1999    s->pcap_caplen = len;
2000
2001    hdr.magic = PCAP_MAGIC;
2002    hdr.version_major = 2;
2003    hdr.version_minor = 4;
2004    hdr.thiszone = 0;
2005    hdr.sigfigs = 0;
2006    hdr.snaplen = s->pcap_caplen;
2007    hdr.linktype = 1;
2008
2009    if (write(s->fd, &hdr, sizeof(hdr)) < sizeof(hdr)) {
2010        config_error(mon, "-net dump write error: %s\n", strerror(errno));
2011        close(s->fd);
2012        qemu_free(s);
2013        return -1;
2014    }
2015
2016    s->pcap_vc = qemu_new_vlan_client(vlan, device, name, NULL, dump_receive, NULL,
2017                                      net_dump_cleanup, s);
2018    snprintf(s->pcap_vc->info_str, sizeof(s->pcap_vc->info_str),
2019             "dump to %s (len=%d)", filename, len);
2020    return 0;
2021}
2022
2023/* find or alloc a new VLAN */
2024VLANState *qemu_find_vlan(int id)
2025{
2026    VLANState **pvlan, *vlan;
2027    for(vlan = first_vlan; vlan != NULL; vlan = vlan->next) {
2028        if (vlan->id == id)
2029            return vlan;
2030    }
2031    vlan = qemu_mallocz(sizeof(VLANState));
2032    vlan->id = id;
2033    vlan->next = NULL;
2034    pvlan = &first_vlan;
2035    while (*pvlan != NULL)
2036        pvlan = &(*pvlan)->next;
2037    *pvlan = vlan;
2038    return vlan;
2039}
2040
2041static int nic_get_free_idx(void)
2042{
2043    int index;
2044
2045    for (index = 0; index < MAX_NICS; index++)
2046        if (!nd_table[index].used)
2047            return index;
2048    return -1;
2049}
2050
2051void qemu_check_nic_model(NICInfo *nd, const char *model)
2052{
2053    const char *models[2];
2054
2055    models[0] = model;
2056    models[1] = NULL;
2057
2058    qemu_check_nic_model_list(nd, models, model);
2059}
2060
2061void qemu_check_nic_model_list(NICInfo *nd, const char * const *models,
2062                               const char *default_model)
2063{
2064    int i, exit_status = 0;
2065
2066    if (!nd->model)
2067        nd->model = strdup(default_model);
2068
2069    if (strcmp(nd->model, "?") != 0) {
2070        for (i = 0 ; models[i]; i++)
2071            if (strcmp(nd->model, models[i]) == 0)
2072                return;
2073
2074        fprintf(stderr, "qemu: Unsupported NIC model: %s\n", nd->model);
2075        exit_status = 1;
2076    }
2077
2078    fprintf(stderr, "qemu: Supported NIC models: ");
2079    for (i = 0 ; models[i]; i++)
2080        fprintf(stderr, "%s%c", models[i], models[i+1] ? ',' : '\n');
2081
2082    exit(exit_status);
2083}
2084
2085int net_client_init(Monitor *mon, const char *device, const char *p)
2086{
2087    static const char * const fd_params[] = {
2088        "vlan", "name", "fd", NULL
2089    };
2090    char buf[1024];
2091    int vlan_id, ret;
2092    VLANState *vlan;
2093    char *name = NULL;
2094
2095    vlan_id = 0;
2096    if (get_param_value(buf, sizeof(buf), "vlan", p)) {
2097        vlan_id = strtol(buf, NULL, 0);
2098    }
2099    vlan = qemu_find_vlan(vlan_id);
2100
2101    if (get_param_value(buf, sizeof(buf), "name", p)) {
2102        name = qemu_strdup(buf);
2103    }
2104    if (!strcmp(device, "nic")) {
2105        static const char * const nic_params[] = {
2106            "vlan", "name", "macaddr", "model", NULL
2107        };
2108        NICInfo *nd;
2109        uint8_t *macaddr;
2110        int idx = nic_get_free_idx();
2111
2112        if (check_params(buf, sizeof(buf), nic_params, p) < 0) {
2113            config_error(mon, "invalid parameter '%s' in '%s'\n", buf, p);
2114            ret = -1;
2115            goto out;
2116        }
2117        if (idx == -1 || nb_nics >= MAX_NICS) {
2118            config_error(mon, "Too Many NICs\n");
2119            ret = -1;
2120            goto out;
2121        }
2122        nd = &nd_table[idx];
2123        macaddr = nd->macaddr;
2124        macaddr[0] = 0x52;
2125        macaddr[1] = 0x54;
2126        macaddr[2] = 0x00;
2127        macaddr[3] = 0x12;
2128        macaddr[4] = 0x34;
2129        macaddr[5] = 0x56 + idx;
2130
2131        if (get_param_value(buf, sizeof(buf), "macaddr", p)) {
2132            if (parse_macaddr(macaddr, buf) < 0) {
2133                config_error(mon, "invalid syntax for ethernet address\n");
2134                ret = -1;
2135                goto out;
2136            }
2137        }
2138        if (get_param_value(buf, sizeof(buf), "model", p)) {
2139            nd->model = strdup(buf);
2140        }
2141        nd->vlan = vlan;
2142        nd->name = name;
2143        nd->used = 1;
2144        name = NULL;
2145        nb_nics++;
2146        vlan->nb_guest_devs++;
2147        ret = idx;
2148    } else
2149    if (!strcmp(device, "none")) {
2150        if (*p != '\0') {
2151            config_error(mon, "'none' takes no parameters\n");
2152            ret = -1;
2153            goto out;
2154        }
2155        /* does nothing. It is needed to signal that no network cards
2156           are wanted */
2157        ret = 0;
2158    } else
2159#ifdef CONFIG_SLIRP
2160    if (!strcmp(device, "user")) {
2161        static const char * const slirp_params[] = {
2162            "vlan", "name", "hostname", "restrict", "ip", NULL
2163        };
2164        int restricted = 0;
2165        char *ip = NULL;
2166
2167        if (check_params(buf, sizeof(buf), slirp_params, p) < 0) {
2168            config_error(mon, "invalid parameter '%s' in '%s'\n", buf, p);
2169            ret = -1;
2170            goto out;
2171        }
2172        if (get_param_value(buf, sizeof(buf), "hostname", p)) {
2173            pstrcpy(slirp_hostname, sizeof(slirp_hostname), buf);
2174        }
2175        if (get_param_value(buf, sizeof(buf), "restrict", p)) {
2176            restricted = (buf[0] == 'y') ? 1 : 0;
2177        }
2178        if (get_param_value(buf, sizeof(buf), "ip", p)) {
2179            ip = qemu_strdup(buf);
2180        }
2181        vlan->nb_host_devs++;
2182        ret = net_slirp_init(vlan, device, name, restricted, ip);
2183        qemu_free(ip);
2184    } else if (!strcmp(device, "channel")) {
2185        long port;
2186        char name[20], *devname;
2187        struct VMChannel *vmc;
2188
2189        port = strtol(p, &devname, 10);
2190        devname++;
2191        if (port < 1 || port > 65535) {
2192            config_error(mon, "vmchannel wrong port number\n");
2193            ret = -1;
2194            goto out;
2195        }
2196        vmc = malloc(sizeof(struct VMChannel));
2197        snprintf(name, 20, "vmchannel%ld", port);
2198        vmc->hd = qemu_chr_open(name, devname, NULL);
2199        if (!vmc->hd) {
2200            config_error(mon, "could not open vmchannel device '%s'\n",
2201                         devname);
2202            ret = -1;
2203            goto out;
2204        }
2205        vmc->port = port;
2206        slirp_add_exec(3, vmc->hd, 4, port);
2207        qemu_chr_add_handlers(vmc->hd, vmchannel_can_read, vmchannel_read,
2208                NULL, vmc);
2209        ret = 0;
2210    } else
2211#endif
2212#ifdef _WIN32
2213    if (!strcmp(device, "tap")) {
2214        static const char * const tap_params[] = {
2215            "vlan", "name", "ifname", NULL
2216        };
2217        char ifname[64];
2218
2219        if (check_params(buf, sizeof(buf), tap_params, p) < 0) {
2220            config_error(mon, "invalid parameter '%s' in '%s'\n", buf, p);
2221            ret = -1;
2222            goto out;
2223        }
2224        if (get_param_value(ifname, sizeof(ifname), "ifname", p) <= 0) {
2225            config_error(mon, "tap: no interface name\n");
2226            ret = -1;
2227            goto out;
2228        }
2229        vlan->nb_host_devs++;
2230        ret = tap_win32_init(vlan, device, name, ifname);
2231    } else
2232#elif defined (_AIX)
2233#else
2234    if (!strcmp(device, "tap")) {
2235        char ifname[64], chkbuf[64];
2236        char setup_script[1024], down_script[1024];
2237        int fd;
2238        vlan->nb_host_devs++;
2239        if (get_param_value(buf, sizeof(buf), "fd", p) > 0) {
2240            if (check_params(chkbuf, sizeof(chkbuf), fd_params, p) < 0) {
2241                config_error(mon, "invalid parameter '%s' in '%s'\n", chkbuf, p);
2242                ret = -1;
2243                goto out;
2244            }
2245            fd = strtol(buf, NULL, 0);
2246            fcntl(fd, F_SETFL, O_NONBLOCK);
2247            net_tap_fd_init(vlan, device, name, fd);
2248            ret = 0;
2249        } else {
2250            static const char * const tap_params[] = {
2251                "vlan", "name", "ifname", "script", "downscript", NULL
2252            };
2253            if (check_params(chkbuf, sizeof(chkbuf), tap_params, p) < 0) {
2254                config_error(mon, "invalid parameter '%s' in '%s'\n", chkbuf, p);
2255                ret = -1;
2256                goto out;
2257            }
2258            if (get_param_value(ifname, sizeof(ifname), "ifname", p) <= 0) {
2259                ifname[0] = '\0';
2260            }
2261            if (get_param_value(setup_script, sizeof(setup_script), "script", p) == 0) {
2262                pstrcpy(setup_script, sizeof(setup_script), DEFAULT_NETWORK_SCRIPT);
2263            }
2264            if (get_param_value(down_script, sizeof(down_script), "downscript", p) == 0) {
2265                pstrcpy(down_script, sizeof(down_script), DEFAULT_NETWORK_DOWN_SCRIPT);
2266            }
2267            ret = net_tap_init(vlan, device, name, ifname, setup_script, down_script);
2268        }
2269    } else
2270#endif
2271    if (!strcmp(device, "socket")) {
2272        char chkbuf[64];
2273        if (get_param_value(buf, sizeof(buf), "fd", p) > 0) {
2274            int fd;
2275            if (check_params(chkbuf, sizeof(chkbuf), fd_params, p) < 0) {
2276                config_error(mon, "invalid parameter '%s' in '%s'\n", chkbuf, p);
2277                ret = -1;
2278                goto out;
2279            }
2280            fd = strtol(buf, NULL, 0);
2281            ret = -1;
2282            if (net_socket_fd_init(vlan, device, name, fd, 1))
2283                ret = 0;
2284        } else if (get_param_value(buf, sizeof(buf), "listen", p) > 0) {
2285            static const char * const listen_params[] = {
2286                "vlan", "name", "listen", NULL
2287            };
2288            if (check_params(chkbuf, sizeof(chkbuf), listen_params, p) < 0) {
2289                config_error(mon, "invalid parameter '%s' in '%s'\n", chkbuf, p);
2290                ret = -1;
2291                goto out;
2292            }
2293            ret = net_socket_listen_init(vlan, device, name, buf);
2294        } else if (get_param_value(buf, sizeof(buf), "connect", p) > 0) {
2295            static const char * const connect_params[] = {
2296                "vlan", "name", "connect", NULL
2297            };
2298            if (check_params(chkbuf, sizeof(chkbuf), connect_params, p) < 0) {
2299                config_error(mon, "invalid parameter '%s' in '%s'\n", chkbuf, p);
2300                ret = -1;
2301                goto out;
2302            }
2303            ret = net_socket_connect_init(vlan, device, name, buf);
2304        } else if (get_param_value(buf, sizeof(buf), "mcast", p) > 0) {
2305            static const char * const mcast_params[] = {
2306                "vlan", "name", "mcast", NULL
2307            };
2308            if (check_params(chkbuf, sizeof(chkbuf), mcast_params, p) < 0) {
2309                config_error(mon, "invalid parameter '%s' in '%s'\n", chkbuf, p);
2310                ret = -1;
2311                goto out;
2312            }
2313            ret = net_socket_mcast_init(vlan, device, name, buf);
2314        } else {
2315            config_error(mon, "Unknown socket options: %s\n", p);
2316            ret = -1;
2317            goto out;
2318        }
2319        vlan->nb_host_devs++;
2320    } else
2321#ifdef CONFIG_VDE
2322    if (!strcmp(device, "vde")) {
2323        static const char * const vde_params[] = {
2324            "vlan", "name", "sock", "port", "group", "mode", NULL
2325        };
2326        char vde_sock[1024], vde_group[512];
2327	int vde_port, vde_mode;
2328
2329        if (check_params(buf, sizeof(buf), vde_params, p) < 0) {
2330            config_error(mon, "invalid parameter '%s' in '%s'\n", buf, p);
2331            ret = -1;
2332            goto out;
2333        }
2334        vlan->nb_host_devs++;
2335        if (get_param_value(vde_sock, sizeof(vde_sock), "sock", p) <= 0) {
2336	    vde_sock[0] = '\0';
2337	}
2338	if (get_param_value(buf, sizeof(buf), "port", p) > 0) {
2339	    vde_port = strtol(buf, NULL, 10);
2340	} else {
2341	    vde_port = 0;
2342	}
2343	if (get_param_value(vde_group, sizeof(vde_group), "group", p) <= 0) {
2344	    vde_group[0] = '\0';
2345	}
2346	if (get_param_value(buf, sizeof(buf), "mode", p) > 0) {
2347	    vde_mode = strtol(buf, NULL, 8);
2348	} else {
2349	    vde_mode = 0700;
2350	}
2351	ret = net_vde_init(vlan, device, name, vde_sock, vde_port, vde_group, vde_mode);
2352    } else
2353#endif
2354    if (!strcmp(device, "dump")) {
2355        int len = 65536;
2356
2357        if (get_param_value(buf, sizeof(buf), "len", p) > 0) {
2358            len = strtol(buf, NULL, 0);
2359        }
2360        if (!get_param_value(buf, sizeof(buf), "file", p)) {
2361            snprintf(buf, sizeof(buf), "qemu-vlan%d.pcap", vlan_id);
2362        }
2363        ret = net_dump_init(mon, vlan, device, name, buf, len);
2364    } else {
2365        config_error(mon, "Unknown network device: %s\n", device);
2366        ret = -1;
2367        goto out;
2368    }
2369    if (ret < 0) {
2370        config_error(mon, "Could not initialize device '%s'\n", device);
2371    }
2372out:
2373    qemu_free(name);
2374    return ret;
2375}
2376
2377void net_client_uninit(NICInfo *nd)
2378{
2379    nd->vlan->nb_guest_devs--;
2380    nb_nics--;
2381    nd->used = 0;
2382    free((void *)nd->model);
2383}
2384
2385static int net_host_check_device(const char *device)
2386{
2387    int i;
2388    const char *valid_param_list[] = { "tap", "socket", "dump"
2389#ifdef CONFIG_SLIRP
2390                                       ,"user"
2391#endif
2392#ifdef CONFIG_VDE
2393                                       ,"vde"
2394#endif
2395    };
2396    for (i = 0; i < sizeof(valid_param_list) / sizeof(char *); i++) {
2397        if (!strncmp(valid_param_list[i], device,
2398                     strlen(valid_param_list[i])))
2399            return 1;
2400    }
2401
2402    return 0;
2403}
2404
2405void net_host_device_add(Monitor *mon, const char *device, const char *opts)
2406{
2407    if (!net_host_check_device(device)) {
2408        monitor_printf(mon, "invalid host network device %s\n", device);
2409        return;
2410    }
2411    if (net_client_init(mon, device, opts ? opts : "") < 0) {
2412        monitor_printf(mon, "adding host network device %s failed\n", device);
2413    }
2414}
2415
2416void net_host_device_remove(Monitor *mon, int vlan_id, const char *device)
2417{
2418    VLANState *vlan;
2419    VLANClientState *vc;
2420
2421    vlan = qemu_find_vlan(vlan_id);
2422
2423    for (vc = vlan->first_client; vc != NULL; vc = vc->next) {
2424        if (!strcmp(vc->name, device)) {
2425            break;
2426        }
2427    }
2428
2429    if (!vc) {
2430        monitor_printf(mon, "can't find device %s\n", device);
2431        return;
2432    }
2433    if (!net_host_check_device(vc->model)) {
2434        monitor_printf(mon, "invalid host network device %s\n", device);
2435        return;
2436    }
2437    qemu_del_vlan_client(vc);
2438}
2439
2440int net_client_parse(const char *str)
2441{
2442    const char *p;
2443    char *q;
2444    char device[64];
2445
2446    p = str;
2447    q = device;
2448    while (*p != '\0' && *p != ',') {
2449        if ((q - device) < sizeof(device) - 1)
2450            *q++ = *p;
2451        p++;
2452    }
2453    *q = '\0';
2454    if (*p == ',')
2455        p++;
2456
2457    return net_client_init(NULL, device, p);
2458}
2459
2460void do_info_network(Monitor *mon)
2461{
2462    VLANState *vlan;
2463    VLANClientState *vc;
2464
2465    for(vlan = first_vlan; vlan != NULL; vlan = vlan->next) {
2466        monitor_printf(mon, "VLAN %d devices:\n", vlan->id);
2467        for(vc = vlan->first_client; vc != NULL; vc = vc->next)
2468            monitor_printf(mon, "  %s: %s\n", vc->name, vc->info_str);
2469    }
2470}
2471
2472int do_set_link(Monitor *mon, const char *name, const char *up_or_down)
2473{
2474    VLANState *vlan;
2475    VLANClientState *vc = NULL;
2476
2477    for (vlan = first_vlan; vlan != NULL; vlan = vlan->next)
2478        for (vc = vlan->first_client; vc != NULL; vc = vc->next)
2479            if (strcmp(vc->name, name) == 0)
2480                goto done;
2481done:
2482
2483    if (!vc) {
2484        monitor_printf(mon, "could not find network device '%s'", name);
2485        return 0;
2486    }
2487
2488    if (strcmp(up_or_down, "up") == 0)
2489        vc->link_down = 0;
2490    else if (strcmp(up_or_down, "down") == 0)
2491        vc->link_down = 1;
2492    else
2493        monitor_printf(mon, "invalid link status '%s'; only 'up' or 'down' "
2494                       "valid\n", up_or_down);
2495
2496    if (vc->link_status_changed)
2497        vc->link_status_changed(vc);
2498
2499    return 1;
2500}
2501
2502void net_cleanup(void)
2503{
2504    VLANState *vlan;
2505
2506    /* close network clients */
2507    for(vlan = first_vlan; vlan != NULL; vlan = vlan->next) {
2508        VLANClientState *vc = vlan->first_client;
2509
2510        while (vc) {
2511            VLANClientState *next = vc->next;
2512
2513            qemu_del_vlan_client(vc);
2514
2515            vc = next;
2516        }
2517    }
2518}
2519
2520void net_client_check(void)
2521{
2522    VLANState *vlan;
2523
2524    for(vlan = first_vlan; vlan != NULL; vlan = vlan->next) {
2525        if (vlan->nb_guest_devs == 0 && vlan->nb_host_devs == 0)
2526            continue;
2527        if (vlan->nb_guest_devs == 0)
2528            fprintf(stderr, "Warning: vlan %d with no nics\n", vlan->id);
2529        if (vlan->nb_host_devs == 0)
2530            fprintf(stderr,
2531                    "Warning: vlan %d is not connected to host network\n",
2532                    vlan->id);
2533    }
2534}
2535