aboutsummaryrefslogtreecommitdiff
path: root/slirp/bootp.c
AgeCommit message (Collapse)AuthorFilesLines
2017-08-03slirp: check len against dhcp options array endPrasad J Pandit1-0/+3
While parsing dhcp options string in 'dhcp_decode', if an options' length 'len' appeared towards the end of 'bp_vend' array, ensuing read could lead to an OOB memory access issue. Add check to avoid it. This is CVE-2017-11434. Reported-by: Reno Robert <renorobert@gmail.com> Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
2016-07-12Use #include "..." for our own headers, <...> for othersMarkus Armbruster1-1/+1
Tracked down with an ugly, brittle and probably buggy Perl script. Also move includes converted to <...> up so they get included before ours where that's obviously okay. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Tested-by: Eric Blake <eblake@redhat.com> Reviewed-by: Richard Henderson <rth@twiddle.net>
2016-02-04slirp: Clean up includesPeter Maydell1-0/+1
Clean up includes so that osdep.h is included first and headers which it implies are not included manually. This commit was created with scripts/clean-includes. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1454089805-5470-10-git-send-email-peter.maydell@linaro.org
2016-02-04slirp: Factorizing address translationGuillaume Subiron1-1/+1
This patch factorizes some duplicate code into a new function, sotranslate_out(). This function perform the address translation when a packet is transmitted to the host network. If the packet is destinated to the host, the loopback address is used, and if the packet is destinated to the virtual DNS, the real DNS address is used. This code is just a copy of the existent, but factorized and ready to manage the IPv6 case. On the same model, the major part of udp_output() code is moved into a new sotranslate_in(). This function is directly used in sorecvfrom(), like sotranslate_out() in sosendto(). udp_output() becoming useless, it is removed and udp_output2() is renamed into udp_output(). This adds consistency with the udp6_output() function introduced by further patches. Lastly, this factorizes some duplicate code into sotranslate_accept(), which performs the address translation when a connection is established on the host for port forwarding: if it comes from localhost, the host virtual address is used instead. This prepares for IPv6 support. Signed-off-by: Guillaume Subiron <maethor@subiron.org> Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2015-11-12slirp: Fix type casts and format strings in debug codeStefan Weil1-3/+9
Casting pointers to long won't work on 64 bit Windows. It is not needed with the right format strings. Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Jason Wang <jasowang@redhat.com>
2012-11-15slirp: Add domain-search option to slirp's DHCP serverKlaus Stengel1-0/+12
This patch will allow the user to include the domain-search option in replies from the built-in DHCP server. The domain suffixes can be specified by adding dnssearch= entries to the "-net user" parameter. [Jan: tiny style adjustments] Signed-off-by: Klaus Stengel <Klaus.Stengel@asamnet.de> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2012-02-27slirp: Fix assertion failure on rejected DHCP requestsDavid Gibson1-1/+2
The guest network stack might DHCPREQUEST an address that the slirp built in dhcp server can't let it have - for example if the guest has an old leases file from another network configuration. In this case the dhcp server should and does reject the request and prepares to send a DHCPNAK to the client. However, in this case the daddr variable in bootp_reply() is set to 0.0.0.0. Shortly afterwards, it unconditionally attempts to pre-insert the new client address into the ARP table. This causes an assertion failure in arp_address_add() because of the 0.0.0.0 address. According to RFC2131, DHCPNAK messages for clients on the same subnet must be sent to the broadcast address (S3.2, subpoint 2). Cc: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2011-08-03Simple ARP tableFabien Chouteau1-8/+13
This patch adds a simple ARP table in Slirp and also adds handling of gratuitous ARP requests. Signed-off-by: Fabien Chouteau <chouteau@adacore.com> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2011-03-05net: fix trace when debug is activated in slirpVincent Palatin1-1/+1
make the code compile correctly when DEBUG is activated. Signed-off-by: Vincent Palatin <vpalatin@chromium.org> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2011-01-10slirp: fix unaligned access in bootp codeAurelien Jarno1-15/+17
Slirp code tries to be smart an avoid data copy by using pointer to the data. This solution leads to unaligned access, in this case preq_addr, which is a 32-bit long structure. There is no real point of avoiding data copy in a such case, as the value itself is smaller or the same size as a pointer. The patch replaces pointers to the preq_addr structure by the strcture itself, and use the address 0.0.0.0 if no address has been requested (this is not a valid address in such a request). It compares it with htonl(0L) for correctness reasons, in case a code checker look for such mistakes. It also uses memcpy() for copying the data, which takes care of alignement issues. This fixes an unaligned access on IA64 host while requesting a DHCP address. Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2010-09-04Change DPRINTF() to do{}while(0) to avoid compiler warningJes Sorensen1-1/+1
Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2010-03-07slirp: remove dead increments, spotted by clangBlue Swirl1-1/+1
Value stored is never read. Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2010-02-07Do not use dprintfmalc1-9/+9
dprintf is already claimed by POSIX[1], and on at least one system is implemented as a macro [1] http://www.opengroup.org/onlinepubs/9699919799/functions/dprintf.html Signed-off-by: malc <av1474@comtv.ru>
2009-06-29slirp: Factor out internal state structureJan Kiszka1-44/+36
The essence of this patch is to stuff (almost) all global variables of the slirp stack into the structure Slirp. In this step, we still keep the structure as global variable, directly accessible by the whole stack. Changes to the external interface of slirp will be applied in the following patches. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-06-29slirp: Cleanup and basic reanimation of debug codeJan Kiszka1-1/+1
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-06-29slirp: Rework internal configurationJan Kiszka1-16/+10
The user mode IP stack is currently only minimally configurable /wrt to its virtual IP addresses. This is unfortunate if some guest has a fixed idea of which IP addresses to use. Therefore this patch prepares the stack for fully configurable IP addresses and masks. The user interface and default addresses remain untouched in this step, they will be enhanced in the following patch. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-06-29slirp: Move smb, redir, tftp and bootp parameters and -net channelJan Kiszka1-1/+1
So far a couple of slirp-related parameters were expressed via stand-alone command line options. This it inconsistent and unintuitive. Moreover, it prevents both dynamically reconfigured (host_net_add/ delete) and multi-instance slirp. This patch refactors the configuration by turning -smb, -redir, -tftp and -bootp as well as -net channel into options of "-net user". The old stand-alone command line options are still processed, but no longer advertised. This allows smooth migration of management applications to to the new syntax and also the extension of that syntax later in this series. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-05-22slirp: Reassign same address to same DHCP clientJan Kiszka1-3/+5
In case a client restarts a DHCP recovery without releasing its old address, reassign the same address to prevent consuming free addresses and moving away from the standard client address. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2009-05-13Replace gcc variadic macro extension with C99 versionBlue Swirl1-3/+3
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2009-04-21slirp: Handle DHCP requests for specific IP (Jan Kiszka)aliguori1-34/+93
This adds proper handling of the ciaddr field as well as the "Requested IP Address" option to slirp's DHCP server. If the client requests an invalid or used IP, a NAK reply is sent, if it requests a specific but valid IP, this is now respected. NAK'ing invalid IPs is specifically useful when changing the slirp IP range via '-net user,ip=...' while the client saved its previously used address and tries to reacquire it. Now this will be NAK'ed and the client will start a new discovery round. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@7198 c046a42c-6fe2-441c-8c8c-71466251a162
2009-01-24Use broadcast address for slirp dhcp repliesaurel321-0/+2
Windows Vista drops unicast dhcp replies to its yet-unconfigured address, so use a broadcast address. This behaviour is allowed by the RFC. Signed-off-by: Avi Kivity <avi@redhat.com> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6430 c046a42c-6fe2-441c-8c8c-71466251a162
2009-01-08Add slirp_restrict option (Gleb Natapov)aliguori1-10/+12
Add "slirp firewall" to permit connection only to vmchannel addresses. Signed-off-by: Gleb Natapov <gleb@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6241 c046a42c-6fe2-441c-8c8c-71466251a162
2008-10-01Make some variables staticblueswir11-1/+1
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5376 c046a42c-6fe2-441c-8c8c-71466251a162
2008-09-20Suppress gcc 4.x -Wpointer-sign (included in -Wall) warningsblueswir11-1/+2
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5275 c046a42c-6fe2-441c-8c8c-71466251a162
2007-10-26 Use const and static as needed, disable unused codeblueswir11-1/+1
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3452 c046a42c-6fe2-441c-8c8c-71466251a162
2007-09-17find -type f | xargs sed -i 's/[\t ]*$//g' # Yes, again. Note the star in ↵ths1-8/+8
the regex. git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3177 c046a42c-6fe2-441c-8c8c-71466251a162
2007-09-16find -type f | xargs sed -i 's/[\t ]$//g' # on most filesths1-13/+13
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3173 c046a42c-6fe2-441c-8c8c-71466251a162
2007-02-20Add -bootp option for slirp, by Anthony Liguori.ths1-0/+6
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@2439 c046a42c-6fe2-441c-8c8c-71466251a162
2006-04-16Set slirp client hostname.pbrook1-0/+8
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@1813 c046a42c-6fe2-441c-8c8c-71466251a162
2005-06-0564 bit fixes (initial patch by Gwenole Beauchesne)bellard1-1/+1
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@1458 c046a42c-6fe2-441c-8c8c-71466251a162
2004-10-03hack for bootp supportbellard1-0/+3
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@1089 c046a42c-6fe2-441c-8c8c-71466251a162
2004-09-30full system SPARC emulation (Blue Swirl)bellard1-1/+2
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@1087 c046a42c-6fe2-441c-8c8c-71466251a162
2004-09-30give a new address at DHCPREQUEST too (useful if the OS remembers its IP addressbellard1-2/+4
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@1081 c046a42c-6fe2-441c-8c8c-71466251a162
2004-06-04dhcp packet size fix (aka pump fix)bellard1-1/+2
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@888 c046a42c-6fe2-441c-8c8c-71466251a162
2004-05-04fixed dhcp for windows clientbellard1-4/+31
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@784 c046a42c-6fe2-441c-8c8c-71466251a162
2004-04-22initial user mode network supportbellard1-0/+212
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@733 c046a42c-6fe2-441c-8c8c-71466251a162