| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
m_cleanup didn't cleanup the if_batchq and if_fastq queues, resulting in
a memory leak (reported by ASAN while fuzzing).
|
|
ip6_output: fix memory leak on fast-send
See merge request slirp/libslirp!67
|
|
When emitting NDP Neighbour Sollicitations, ip6_output immediately calls
if_encap without going through any queue. if_encap however does not free
the mbuf, so ip6_output has to do it.
This was leaking one mbuf per NDP NS sent by slirp. Hopefully the guest was
not using more than NDP_TABLE_SIZE (16) IPv6 addresses, in which case it was
limited to a bound number, but more addresses would result to leaks.
|
|
Reject host forwarding to ipv6 "addr-any"
See merge request slirp/libslirp!66
|
|
Libslirp currently only provides a stateless DHCPv6 server,
and thus can't do the "addr-any -> guest IP address" translation
that is done for ipv4. Until a stateful DHCPv6 server is available,
reject addr-any.
Signed-off-by: Doug Evans <dje@google.com>
|
|
tcpx_listen: Pass sizeof(addr) to memset
See merge request slirp/libslirp!65
|
|
Signed-off-by: Doug Evans <dje@google.com>
|
|
|
|
|
|
Add ipv6 host forward support
See merge request slirp/libslirp!62
|
|
Two exported functions are added which are the ipv6 versions of their
ipv4 counterparts: slirp_add_ipv6_hostfwd, slirp_remove_ipv6_hostfwd.
Signed-off-by: Doug Evans <dje@google.com>
|
|
This is actually similar to the fix in 9f78e94912f9 ("Fix a typo that
can cause slow socket response on Windows."), except that here there is
no semantic change since s = so->s above.
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
|
|
[PATCH] Fix a typo that can cause slow socket response on Windows.
See merge request slirp/libslirp!64
|
|
We observed slow responses on a host forwarded port on Windows. Investigation revealed that qemu_fd_register was being called with fd=-1 and this caused g_poll in qemu_poll_ns timing out. I tracked this behavior to following commit:
748f8f4 slirp: replace qemu_set_nonblock()
@@ -482,7 +483,8 @@ void tcp_connect(struct socket *inso)
tcp_close(sototcpcb(so)); /* This will sofree() as well */
return;
}
- qemu_set_nonblock(s);
+ slirp_set_nonblock(s);
+ so->slirp->cb->register_poll_fd(so->s);
It seems that calling register_poll_fd with so->s instead of s may be a typo. Changing it back to s solves this issue. The commit 748f8f4 made similar change in tcp_fconnect but I have not touched it.
Signed-off-by: Hafiz Abid Qadeer <abidh@codesourcery.com>
|
|
Fix unused variables
See merge request slirp/libslirp!63
|
|
../../subprojects/libslirp/src/slirp.c:131:17: error: unused variable
'old_stat' [-Werror,-Wunused-variable]
struct stat old_stat;
^
../../subprojects/libslirp/src/slirp.c:143:10: error: unused variable
'buff' [-Werror,-Wunused-variable]
char buff[512];
^
2 errors generated.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
|
fork_exec_child_setup: improve signal handling
See merge request slirp/libslirp!61
|
|
Blocked signal state is inherited across exec(), so let's zero that out rather
than inherit whatever it was when we spawned the child.
POSIX has some strange rules about SIG_IGN'd SIGCHLD across exec, so let's not
do that, just for consistency.
|
|
Remove some needless (void)casts
See merge request slirp/libslirp!60
|
|
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
|
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
|
Release v4.4.0
See merge request slirp/libslirp!59
|
|
|
|
socket: consume empty packets
See merge request slirp/libslirp!55
|
|
it fixes a tightloop when a packet with len==0 is received.
Closes: https://github.com/rootless-containers/slirp4netns/issues/227
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
Enable forwarding ICMP errors
See merge request slirp/libslirp!49
|
|
udp, udp6, icmp: handle TTL value
See merge request slirp/libslirp!48
|
|
slirp: check pkt_len before reading protocol header
See merge request slirp/libslirp!57
|
|
While processing ARP/NCSI packets in 'arp_input' or 'ncsi_input'
routines, ensure that pkt_len is large enough to accommodate the
respective protocol headers, lest it should do an OOB access.
Add check to avoid it.
CVE-2020-29129 CVE-2020-29130
QEMU: slirp: out-of-bounds access while processing ARP/NCSI packets
-> https://www.openwall.com/lists/oss-security/2020/11/27/1
Reported-by: Qiuhao Li <Qiuhao.Li@outlook.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-Id: <20201126135706.273950-1-ppandit@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
|
Remove the QEMU-special make build-system
See merge request slirp/libslirp!56
|
|
Since QEMU 5.2, QEMU uses meson and handle the build itelf before it
starts using libslirp as a subproject.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
|
meson: support compiling as subproject
See merge request slirp/libslirp!53
|
|
Add DNS resolving for iOS
See merge request slirp/libslirp!54
|
|
iOS does not support reading /etc/resolv.conf so we have to use libresolv
Also modified build script to support building on Darwin systems.
|
|
Skip installation of devel files if compiling as
a subproject, including the library if a static version is
available; the parent project can force usage of the (installed)
shared library using default_library=shared.
An option can also be used to customize the SLIRP_VERSION_STRING
and ascertain if the parent project is using the embedded version
of slirp.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
Unfortunately meson subprojects do not support add_dist_script, so we
cannot generate the .tarball-version file at "meson dist" time.
Include the version in the meson project declaration, and use
build-aux/git-version-gen only to determine SLIRP_VERSION_STRING.
Instead of the dist script, we check that the version in the
project declaration matches the latest tag. If they do not match
it will be impossible to run "ninja dist" successfully.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
.gitlab-ci: add a Coverity stage
See merge request slirp/libslirp!51
|
|
Add G_GNUC_PRINTF to local function slirp_vsnprintf
See merge request slirp/libslirp!52
|
|
Signed-off-by: Stefan Weil <sw@weilnetz.de>
|
|
|
|
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
|
sizeof() returns a size_t so the tcpiphdr / ip+tcphdr difference will be
a size_t and always be >= 0, while this intended to detect the
difference getting < 0.
This is actually a no-op with the current code because it currently has
tcpiphdr bigger than ip+tcphdr.
Spotted by Coverity: CID 212435.
Spotted by Coverity: CID 212440.
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
|
|
Not all icmp errors are reported as errno errors. Linux however lets us
get them through a message error queue.
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
|
|
They work like icmp_send_error and icmp6_send_error but allow to specify
the source IP address
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
|
|
For traceroute and such, we need to handle the TTL value like a router.
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
|
|
ip_stripoptions use memmove
See merge request slirp/libslirp!47
|
|
ip_stripoptions is moving data long in the same buffer; that's undefined
with memcpy, use memmove.
Buglink: https://bugs.launchpad.net/qemu/+bug/1878043
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
|
|
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
|
Release v4.3.1
See merge request slirp/libslirp!46
|
|
|
