| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Fixes #70
|
|
Fixes #72
|
|
|
|
In macOS, as already commented in this source file as well, packets from SOCK_DGRAM + IPPROTO_ICMP sockets include IP header while Linux doesn't not prepend the header.
Due to the discrepancy, in macOS, we need to handle received ICMP packets as if they are IP packets so that its IPv4 header gets stripped.
As pointed out in review comments, it appears CONFIG_BSD is no longer propagated from QEMU. This patch fixes the issue by detecting BSD (including macOS) by ourselves.
|
|
Sometimes ipq were casted to ipasfrag, and the original and casted
pointer were used simultaneously in ip_reass(). GCC 12.1.0 assumes
these pointers are not aliases, and therefore incorrectly the pointed
data will not be modified when it is actually modified with another
pointer.
To fix this problem, introduce a new type "ipas", which is a universal
type denoting an entry in the assembly queue and contains union for
specialization as queue head (frequently referred as "q" or "ipq" in
the source code) or IP fragment ("f" or "ipf").
This bug was found by Alexander Bulekov when fuzzing QEMU:
https://patchew.org/QEMU/20230129053316.1071513-1-alxndr@bu.edu/
The fixed test case is:
fuzz/crash_449dd4ad72212627fe3245c875f79a7033cc5382
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
|
While windows does not care for case, mingw does, and has all its header
lower case.
|
|
It is defined by BaseTsd.h as LONG_PTR, which is 32bit size on win32, and
64bit size on win64.
It seems that mingw rather uses int for the 32bit case, but better stick
to the MS definition, and int/LONG_PTR will be abi-compatible on 32bit.
Fixes #68
|
|
|
|
|
|
Fixes #64
|
|
|
|
rather than rejecting only when all of them are bogus.
Reported-by: Michael T <michael.gr220@gmail.com>
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
|
|
The IPv6 support in libslirp fails to work with any NDP proxy. The code
used to interpret the NA packets uses the wrong address to insert into
it's neighbor table, the address of the source of the packet, aka the
proxy itself.
However the NA packet got the real target address readily available.
Just use it directly instead.
Signed-off-by: Bastian Blank <waldi@debian.org>
|
|
Commit e7362700b ("msvc: enable vmstate code on !gnuc") forgot to remove
HAVE_VMSTATE condition...
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
|
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
|
Fixes #62
|
|
Fixes #63
|
|
|
|
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
|
To be able to use typeof.
Fixes #60
|
|
|
|
|
|
|
|
|
|
|
|
|
|
It uses a saner strictly "from low to high bit" rule.
|
|
Since msvc provides the support through push/pop pragmas.
|
|
It doesn't have it.
|
|
|
|
We can just write the macro on one line.
|
|
Attempted to mirror the upstream Linux driver[1] as closely as reasonably
possible.
[1] https://github.com/torvalds/linux/blob/42226c989789d8da4af1de0c31070c96726d990c/net/ncsi/ncsi-rsp.c#L614-L638
Signed-off-by: Peter Delevoryas <pdel@fb.com>
|
|
If a network card supports NC-SI, then it redirects all traffic with the
out-of-band (OOB) management controller's (MC) ethernet address to the
out-of-band management controller, usually over some sideband RMII
interface, not like the PCIe connection to the main host.
It's also pretty common for the network card to provision the out-of-band
management controller's ethernet address. At startup, the OOB MC asks the
network card what its MAC address is through OEM NC-SI commands. This
protocol is so common that it's going to be standardized soon in NC-SI 1.2.0
[1] as "Get MC MAC Address".
Note: At some point, the network card may provision *multiple* OOB ethernet
addresses, but right now everything just uses one.
[1] https://www.dmtf.org/sites/default/files/standards/documents/DSP0222_1.2.0WIP80.pdf
Signed-off-by: Peter Delevoryas <pdel@fb.com>
|
|
This commit just sets up the OEM command handler to respond with
"unsupported" for now, as verified in the test.
Signed-off-by: Peter Delevoryas <pdel@fb.com>
|
|
In the Linux NC-SI driver[1], each response's length is validated with a
statically declared payload length, _unless_ it's an OEM command or some
more complicated NC-SI packet that you can't determine the length of just
from the "type" field, in which case it just uses the length provided by the
response's header.
To support OEM response handlers without requiring too many modifications we
can make the default payload length use the value specified in the handler
table, and then allow OEM handlers to override the length by modifying the
"length" in the response header within the handler implementation.
[1] https://github.com/torvalds/linux/blob/ec7f49619d8ee13e108740c82f942cd401b989e9/net/ncsi/ncsi-rsp.c#L1215-L1220
Signed-off-by: Peter Delevoryas <pdel@fb.com>
|
|
This change passes the command header as an additional read-only parameter
to each response handler so that they can make more response handling
descisions based on the command header fields. This is especially useful for
handling OEM NC-SI commands, or any protocol that's encapsulated in an NC-SI
header.
Signed-off-by: Peter Delevoryas <pdel@fb.com>
|
|
Windows Vista is not supported by its vendor anymore. Additionally,
glib uses 0x0601 as setting for _WIN32_WINNT since version 2.53.6
already, so unless libslirp is used with a very old version of glib,
we are depending on Windows 7 anyway.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Message-Id: <20220516090410.39727-1-thuth@redhat.com>
|
|
Get Version ID is one of the first commands used in NC-SI, because BMC's
use a lot of OEM NC-SI extensions, and you need to query the device's
manufacturer through Get Version ID before you can decide which OEM
NC-SI extensions to use.
The response format is documented in the NC-SI spec[1]. We're just
setting the NC-SI version supported to 1.0.0 (BCD-encoded[2]) and
returning the manufacturer's ID in network byte-order.
[1] https://www.dmtf.org/sites/default/files/standards/documents/DSP0222_1.0.0.pdf
[2] https://en.wikipedia.org/wiki/Binary-coded_decimal
Signed-off-by: Peter Delevoryas <pdel@fb.com>
|
|
This will let us use Slirp fields to generate more interesting NC-SI
responses.
Signed-off-by: Peter Delevoryas <pdel@fb.com>
|
|
The manufacturer's ID is used in NC-SI commands such as "Get Version ID"
[1]. It is also essential to providing a path towards adding OEM
(non-standardized) NC-SI commands.
This field should be derived from the IANA Private Enterprise Numbers list,
per the NC-SI specification. It may be useful for things besides NC-SI, but
NC-SI responses for BMC's in QEMU are the main use case I have in mind.
Note: I did not add this attribute to slirp_init, since it is deprecated.
[1] https://www.dmtf.org/sites/default/files/standards/documents/DSP0222_1.0.0.pdf
[2] https://www.iana.org/assignments/enterprise-numbers/enterprise-numbers
Signed-off-by: Peter Delevoryas <pdel@fb.com>
|
|
These functions do not have a prototype and are not meant to be public.
Declare them as static.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
The introduction of .timer_new_opaque adds an interesting conundrum.
The Slirp* needs to be stored in .timer_new_opaque so that it can be
passed back to slirp_handle_timer, but it is not returned by slirp_new
and slirp_init until after the first call to .timer_new_opaque (which
is in ip6_init). This is a problem for programs that, like QEMU, use
more than one Slirp*.
Fix them by passing the Slirp* to a callback before slirp_new returns,
and initializing the timer afterwards.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
Add a new callback that supports CFI better by avoiding having function pointers
in the external libslirp API. Instead, the new API passes an opaque integer
and requests the application to call a new libslirp function when the timer
expires.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
In order to support CFI, we would like to avoid passing function pointers out of
libslirp, and instead use opaque integers for the timer callbacks. This patch
introduces an internal API for creating a timer that is based on such a timer
callback.
For now, it receives the id (SLIRP_TIMER_RA is the only one) and calls
slirp->cb->timer_new. The prototype of ra_timer_handler is changed slightly
to fit better with the next patch which introduces a new libslirp function,
to be called on timer expiration.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
recv can return ECONNABORTED due to a time-out on the socket. The socket is no longer useable once it enters this state.
|
|
Fixes: commit 60535013c3e ("bootp: add support for UEFI HTTP boot")
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
|
When debug is enabled, we duplicate the packet in tcp_reass, but ti is still
pointing to the old buffer, resulting in a use after free.
This makes valgrind debugging a little trickier, but makes it
crash a lot less.
Signed-off-by: Brett Nash <nash@fb.com>
|
|
Avoid a macro translation when not needed, and potentially doing really
weird things to headers.
|
|
DEBUG is set by a number of IDEs and development environments (*cough*
xcode *cough*). This means we use mbuf duplication when we don't need
(or expect) it. Change the name to SLIRP_DEBUG to enable this feature.
Signed-off-by: Pablo Fiori <pablofiori@fb.com>
Signed-off-by: Brett Nash <nash@fb.com>
|
