xref: /openbmc/qemu/hw/net/virtio-net.c (revision 5e437d3c)
1 /*
2  * Virtio Network Device
3  *
4  * Copyright IBM, Corp. 2007
5  *
6  * Authors:
7  *  Anthony Liguori   <aliguori@us.ibm.com>
8  *
9  * This work is licensed under the terms of the GNU GPL, version 2.  See
10  * the COPYING file in the top-level directory.
11  *
12  */
13 
14 #include "qemu/osdep.h"
15 #include "qemu/atomic.h"
16 #include "qemu/iov.h"
17 #include "qemu/main-loop.h"
18 #include "qemu/module.h"
19 #include "hw/virtio/virtio.h"
20 #include "net/net.h"
21 #include "net/checksum.h"
22 #include "net/tap.h"
23 #include "qemu/error-report.h"
24 #include "qemu/timer.h"
25 #include "qemu/option.h"
26 #include "qemu/option_int.h"
27 #include "qemu/config-file.h"
28 #include "qapi/qmp/qdict.h"
29 #include "hw/virtio/virtio-net.h"
30 #include "net/vhost_net.h"
31 #include "net/announce.h"
32 #include "hw/virtio/virtio-bus.h"
33 #include "qapi/error.h"
34 #include "qapi/qapi-events-net.h"
35 #include "hw/qdev-properties.h"
36 #include "qapi/qapi-types-migration.h"
37 #include "qapi/qapi-events-migration.h"
38 #include "hw/virtio/virtio-access.h"
39 #include "migration/misc.h"
40 #include "standard-headers/linux/ethtool.h"
41 #include "sysemu/sysemu.h"
42 #include "trace.h"
43 #include "monitor/qdev.h"
44 #include "hw/pci/pci.h"
45 #include "net_rx_pkt.h"
46 #include "hw/virtio/vhost.h"
47 
48 #define VIRTIO_NET_VM_VERSION    11
49 
50 #define MAC_TABLE_ENTRIES    64
51 #define MAX_VLAN    (1 << 12)   /* Per 802.1Q definition */
52 
53 /* previously fixed value */
54 #define VIRTIO_NET_RX_QUEUE_DEFAULT_SIZE 256
55 #define VIRTIO_NET_TX_QUEUE_DEFAULT_SIZE 256
56 
57 /* for now, only allow larger queues; with virtio-1, guest can downsize */
58 #define VIRTIO_NET_RX_QUEUE_MIN_SIZE VIRTIO_NET_RX_QUEUE_DEFAULT_SIZE
59 #define VIRTIO_NET_TX_QUEUE_MIN_SIZE VIRTIO_NET_TX_QUEUE_DEFAULT_SIZE
60 
61 #define VIRTIO_NET_IP4_ADDR_SIZE   8        /* ipv4 saddr + daddr */
62 
63 #define VIRTIO_NET_TCP_FLAG         0x3F
64 #define VIRTIO_NET_TCP_HDR_LENGTH   0xF000
65 
66 /* IPv4 max payload, 16 bits in the header */
67 #define VIRTIO_NET_MAX_IP4_PAYLOAD (65535 - sizeof(struct ip_header))
68 #define VIRTIO_NET_MAX_TCP_PAYLOAD 65535
69 
70 /* header length value in ip header without option */
71 #define VIRTIO_NET_IP4_HEADER_LENGTH 5
72 
73 #define VIRTIO_NET_IP6_ADDR_SIZE   32      /* ipv6 saddr + daddr */
74 #define VIRTIO_NET_MAX_IP6_PAYLOAD VIRTIO_NET_MAX_TCP_PAYLOAD
75 
76 /* Purge coalesced packets timer interval, This value affects the performance
77    a lot, and should be tuned carefully, '300000'(300us) is the recommended
78    value to pass the WHQL test, '50000' can gain 2x netperf throughput with
79    tso/gso/gro 'off'. */
80 #define VIRTIO_NET_RSC_DEFAULT_INTERVAL 300000
81 
82 #define VIRTIO_NET_RSS_SUPPORTED_HASHES (VIRTIO_NET_RSS_HASH_TYPE_IPv4 | \
83                                          VIRTIO_NET_RSS_HASH_TYPE_TCPv4 | \
84                                          VIRTIO_NET_RSS_HASH_TYPE_UDPv4 | \
85                                          VIRTIO_NET_RSS_HASH_TYPE_IPv6 | \
86                                          VIRTIO_NET_RSS_HASH_TYPE_TCPv6 | \
87                                          VIRTIO_NET_RSS_HASH_TYPE_UDPv6 | \
88                                          VIRTIO_NET_RSS_HASH_TYPE_IP_EX | \
89                                          VIRTIO_NET_RSS_HASH_TYPE_TCP_EX | \
90                                          VIRTIO_NET_RSS_HASH_TYPE_UDP_EX)
91 
92 static VirtIOFeature feature_sizes[] = {
93     {.flags = 1ULL << VIRTIO_NET_F_MAC,
94      .end = endof(struct virtio_net_config, mac)},
95     {.flags = 1ULL << VIRTIO_NET_F_STATUS,
96      .end = endof(struct virtio_net_config, status)},
97     {.flags = 1ULL << VIRTIO_NET_F_MQ,
98      .end = endof(struct virtio_net_config, max_virtqueue_pairs)},
99     {.flags = 1ULL << VIRTIO_NET_F_MTU,
100      .end = endof(struct virtio_net_config, mtu)},
101     {.flags = 1ULL << VIRTIO_NET_F_SPEED_DUPLEX,
102      .end = endof(struct virtio_net_config, duplex)},
103     {.flags = (1ULL << VIRTIO_NET_F_RSS) | (1ULL << VIRTIO_NET_F_HASH_REPORT),
104      .end = endof(struct virtio_net_config, supported_hash_types)},
105     {}
106 };
107 
108 static VirtIONetQueue *virtio_net_get_subqueue(NetClientState *nc)
109 {
110     VirtIONet *n = qemu_get_nic_opaque(nc);
111 
112     return &n->vqs[nc->queue_index];
113 }
114 
115 static int vq2q(int queue_index)
116 {
117     return queue_index / 2;
118 }
119 
120 /* TODO
121  * - we could suppress RX interrupt if we were so inclined.
122  */
123 
124 static void virtio_net_get_config(VirtIODevice *vdev, uint8_t *config)
125 {
126     VirtIONet *n = VIRTIO_NET(vdev);
127     struct virtio_net_config netcfg;
128     NetClientState *nc = qemu_get_queue(n->nic);
129     static const MACAddr zero = { .a = { 0, 0, 0, 0, 0, 0 } };
130 
131     int ret = 0;
132     memset(&netcfg, 0 , sizeof(struct virtio_net_config));
133     virtio_stw_p(vdev, &netcfg.status, n->status);
134     virtio_stw_p(vdev, &netcfg.max_virtqueue_pairs, n->max_queues);
135     virtio_stw_p(vdev, &netcfg.mtu, n->net_conf.mtu);
136     memcpy(netcfg.mac, n->mac, ETH_ALEN);
137     virtio_stl_p(vdev, &netcfg.speed, n->net_conf.speed);
138     netcfg.duplex = n->net_conf.duplex;
139     netcfg.rss_max_key_size = VIRTIO_NET_RSS_MAX_KEY_SIZE;
140     virtio_stw_p(vdev, &netcfg.rss_max_indirection_table_length,
141                  virtio_host_has_feature(vdev, VIRTIO_NET_F_RSS) ?
142                  VIRTIO_NET_RSS_MAX_TABLE_LEN : 1);
143     virtio_stl_p(vdev, &netcfg.supported_hash_types,
144                  VIRTIO_NET_RSS_SUPPORTED_HASHES);
145     memcpy(config, &netcfg, n->config_size);
146 
147     /*
148      * Is this VDPA? No peer means not VDPA: there's no way to
149      * disconnect/reconnect a VDPA peer.
150      */
151     if (nc->peer && nc->peer->info->type == NET_CLIENT_DRIVER_VHOST_VDPA) {
152         ret = vhost_net_get_config(get_vhost_net(nc->peer), (uint8_t *)&netcfg,
153                                    n->config_size);
154         if (ret != -1) {
155             /*
156              * Some NIC/kernel combinations present 0 as the mac address.  As
157              * that is not a legal address, try to proceed with the
158              * address from the QEMU command line in the hope that the
159              * address has been configured correctly elsewhere - just not
160              * reported by the device.
161              */
162             if (memcmp(&netcfg.mac, &zero, sizeof(zero)) == 0) {
163                 info_report("Zero hardware mac address detected. Ignoring.");
164                 memcpy(netcfg.mac, n->mac, ETH_ALEN);
165             }
166             memcpy(config, &netcfg, n->config_size);
167         }
168     }
169 }
170 
171 static void virtio_net_set_config(VirtIODevice *vdev, const uint8_t *config)
172 {
173     VirtIONet *n = VIRTIO_NET(vdev);
174     struct virtio_net_config netcfg = {};
175     NetClientState *nc = qemu_get_queue(n->nic);
176 
177     memcpy(&netcfg, config, n->config_size);
178 
179     if (!virtio_vdev_has_feature(vdev, VIRTIO_NET_F_CTRL_MAC_ADDR) &&
180         !virtio_vdev_has_feature(vdev, VIRTIO_F_VERSION_1) &&
181         memcmp(netcfg.mac, n->mac, ETH_ALEN)) {
182         memcpy(n->mac, netcfg.mac, ETH_ALEN);
183         qemu_format_nic_info_str(qemu_get_queue(n->nic), n->mac);
184     }
185 
186     /*
187      * Is this VDPA? No peer means not VDPA: there's no way to
188      * disconnect/reconnect a VDPA peer.
189      */
190     if (nc->peer && nc->peer->info->type == NET_CLIENT_DRIVER_VHOST_VDPA) {
191         vhost_net_set_config(get_vhost_net(nc->peer),
192                              (uint8_t *)&netcfg, 0, n->config_size,
193                              VHOST_SET_CONFIG_TYPE_MASTER);
194       }
195 }
196 
197 static bool virtio_net_started(VirtIONet *n, uint8_t status)
198 {
199     VirtIODevice *vdev = VIRTIO_DEVICE(n);
200     return (status & VIRTIO_CONFIG_S_DRIVER_OK) &&
201         (n->status & VIRTIO_NET_S_LINK_UP) && vdev->vm_running;
202 }
203 
204 static void virtio_net_announce_notify(VirtIONet *net)
205 {
206     VirtIODevice *vdev = VIRTIO_DEVICE(net);
207     trace_virtio_net_announce_notify();
208 
209     net->status |= VIRTIO_NET_S_ANNOUNCE;
210     virtio_notify_config(vdev);
211 }
212 
213 static void virtio_net_announce_timer(void *opaque)
214 {
215     VirtIONet *n = opaque;
216     trace_virtio_net_announce_timer(n->announce_timer.round);
217 
218     n->announce_timer.round--;
219     virtio_net_announce_notify(n);
220 }
221 
222 static void virtio_net_announce(NetClientState *nc)
223 {
224     VirtIONet *n = qemu_get_nic_opaque(nc);
225     VirtIODevice *vdev = VIRTIO_DEVICE(n);
226 
227     /*
228      * Make sure the virtio migration announcement timer isn't running
229      * If it is, let it trigger announcement so that we do not cause
230      * confusion.
231      */
232     if (n->announce_timer.round) {
233         return;
234     }
235 
236     if (virtio_vdev_has_feature(vdev, VIRTIO_NET_F_GUEST_ANNOUNCE) &&
237         virtio_vdev_has_feature(vdev, VIRTIO_NET_F_CTRL_VQ)) {
238             virtio_net_announce_notify(n);
239     }
240 }
241 
242 static void virtio_net_vhost_status(VirtIONet *n, uint8_t status)
243 {
244     VirtIODevice *vdev = VIRTIO_DEVICE(n);
245     NetClientState *nc = qemu_get_queue(n->nic);
246     int queues = n->multiqueue ? n->max_queues : 1;
247 
248     if (!get_vhost_net(nc->peer)) {
249         return;
250     }
251 
252     if ((virtio_net_started(n, status) && !nc->peer->link_down) ==
253         !!n->vhost_started) {
254         return;
255     }
256     if (!n->vhost_started) {
257         int r, i;
258 
259         if (n->needs_vnet_hdr_swap) {
260             error_report("backend does not support %s vnet headers; "
261                          "falling back on userspace virtio",
262                          virtio_is_big_endian(vdev) ? "BE" : "LE");
263             return;
264         }
265 
266         /* Any packets outstanding? Purge them to avoid touching rings
267          * when vhost is running.
268          */
269         for (i = 0;  i < queues; i++) {
270             NetClientState *qnc = qemu_get_subqueue(n->nic, i);
271 
272             /* Purge both directions: TX and RX. */
273             qemu_net_queue_purge(qnc->peer->incoming_queue, qnc);
274             qemu_net_queue_purge(qnc->incoming_queue, qnc->peer);
275         }
276 
277         if (virtio_has_feature(vdev->guest_features, VIRTIO_NET_F_MTU)) {
278             r = vhost_net_set_mtu(get_vhost_net(nc->peer), n->net_conf.mtu);
279             if (r < 0) {
280                 error_report("%uBytes MTU not supported by the backend",
281                              n->net_conf.mtu);
282 
283                 return;
284             }
285         }
286 
287         n->vhost_started = 1;
288         r = vhost_net_start(vdev, n->nic->ncs, queues);
289         if (r < 0) {
290             error_report("unable to start vhost net: %d: "
291                          "falling back on userspace virtio", -r);
292             n->vhost_started = 0;
293         }
294     } else {
295         vhost_net_stop(vdev, n->nic->ncs, queues);
296         n->vhost_started = 0;
297     }
298 }
299 
300 static int virtio_net_set_vnet_endian_one(VirtIODevice *vdev,
301                                           NetClientState *peer,
302                                           bool enable)
303 {
304     if (virtio_is_big_endian(vdev)) {
305         return qemu_set_vnet_be(peer, enable);
306     } else {
307         return qemu_set_vnet_le(peer, enable);
308     }
309 }
310 
311 static bool virtio_net_set_vnet_endian(VirtIODevice *vdev, NetClientState *ncs,
312                                        int queues, bool enable)
313 {
314     int i;
315 
316     for (i = 0; i < queues; i++) {
317         if (virtio_net_set_vnet_endian_one(vdev, ncs[i].peer, enable) < 0 &&
318             enable) {
319             while (--i >= 0) {
320                 virtio_net_set_vnet_endian_one(vdev, ncs[i].peer, false);
321             }
322 
323             return true;
324         }
325     }
326 
327     return false;
328 }
329 
330 static void virtio_net_vnet_endian_status(VirtIONet *n, uint8_t status)
331 {
332     VirtIODevice *vdev = VIRTIO_DEVICE(n);
333     int queues = n->multiqueue ? n->max_queues : 1;
334 
335     if (virtio_net_started(n, status)) {
336         /* Before using the device, we tell the network backend about the
337          * endianness to use when parsing vnet headers. If the backend
338          * can't do it, we fallback onto fixing the headers in the core
339          * virtio-net code.
340          */
341         n->needs_vnet_hdr_swap = virtio_net_set_vnet_endian(vdev, n->nic->ncs,
342                                                             queues, true);
343     } else if (virtio_net_started(n, vdev->status)) {
344         /* After using the device, we need to reset the network backend to
345          * the default (guest native endianness), otherwise the guest may
346          * lose network connectivity if it is rebooted into a different
347          * endianness.
348          */
349         virtio_net_set_vnet_endian(vdev, n->nic->ncs, queues, false);
350     }
351 }
352 
353 static void virtio_net_drop_tx_queue_data(VirtIODevice *vdev, VirtQueue *vq)
354 {
355     unsigned int dropped = virtqueue_drop_all(vq);
356     if (dropped) {
357         virtio_notify(vdev, vq);
358     }
359 }
360 
361 static void virtio_net_set_status(struct VirtIODevice *vdev, uint8_t status)
362 {
363     VirtIONet *n = VIRTIO_NET(vdev);
364     VirtIONetQueue *q;
365     int i;
366     uint8_t queue_status;
367 
368     virtio_net_vnet_endian_status(n, status);
369     virtio_net_vhost_status(n, status);
370 
371     for (i = 0; i < n->max_queues; i++) {
372         NetClientState *ncs = qemu_get_subqueue(n->nic, i);
373         bool queue_started;
374         q = &n->vqs[i];
375 
376         if ((!n->multiqueue && i != 0) || i >= n->curr_queues) {
377             queue_status = 0;
378         } else {
379             queue_status = status;
380         }
381         queue_started =
382             virtio_net_started(n, queue_status) && !n->vhost_started;
383 
384         if (queue_started) {
385             qemu_flush_queued_packets(ncs);
386         }
387 
388         if (!q->tx_waiting) {
389             continue;
390         }
391 
392         if (queue_started) {
393             if (q->tx_timer) {
394                 timer_mod(q->tx_timer,
395                                qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + n->tx_timeout);
396             } else {
397                 qemu_bh_schedule(q->tx_bh);
398             }
399         } else {
400             if (q->tx_timer) {
401                 timer_del(q->tx_timer);
402             } else {
403                 qemu_bh_cancel(q->tx_bh);
404             }
405             if ((n->status & VIRTIO_NET_S_LINK_UP) == 0 &&
406                 (queue_status & VIRTIO_CONFIG_S_DRIVER_OK) &&
407                 vdev->vm_running) {
408                 /* if tx is waiting we are likely have some packets in tx queue
409                  * and disabled notification */
410                 q->tx_waiting = 0;
411                 virtio_queue_set_notification(q->tx_vq, 1);
412                 virtio_net_drop_tx_queue_data(vdev, q->tx_vq);
413             }
414         }
415     }
416 }
417 
418 static void virtio_net_set_link_status(NetClientState *nc)
419 {
420     VirtIONet *n = qemu_get_nic_opaque(nc);
421     VirtIODevice *vdev = VIRTIO_DEVICE(n);
422     uint16_t old_status = n->status;
423 
424     if (nc->link_down)
425         n->status &= ~VIRTIO_NET_S_LINK_UP;
426     else
427         n->status |= VIRTIO_NET_S_LINK_UP;
428 
429     if (n->status != old_status)
430         virtio_notify_config(vdev);
431 
432     virtio_net_set_status(vdev, vdev->status);
433 }
434 
435 static void rxfilter_notify(NetClientState *nc)
436 {
437     VirtIONet *n = qemu_get_nic_opaque(nc);
438 
439     if (nc->rxfilter_notify_enabled) {
440         char *path = object_get_canonical_path(OBJECT(n->qdev));
441         qapi_event_send_nic_rx_filter_changed(!!n->netclient_name,
442                                               n->netclient_name, path);
443         g_free(path);
444 
445         /* disable event notification to avoid events flooding */
446         nc->rxfilter_notify_enabled = 0;
447     }
448 }
449 
450 static intList *get_vlan_table(VirtIONet *n)
451 {
452     intList *list;
453     int i, j;
454 
455     list = NULL;
456     for (i = 0; i < MAX_VLAN >> 5; i++) {
457         for (j = 0; n->vlans[i] && j <= 0x1f; j++) {
458             if (n->vlans[i] & (1U << j)) {
459                 QAPI_LIST_PREPEND(list, (i << 5) + j);
460             }
461         }
462     }
463 
464     return list;
465 }
466 
467 static RxFilterInfo *virtio_net_query_rxfilter(NetClientState *nc)
468 {
469     VirtIONet *n = qemu_get_nic_opaque(nc);
470     VirtIODevice *vdev = VIRTIO_DEVICE(n);
471     RxFilterInfo *info;
472     strList *str_list;
473     int i;
474 
475     info = g_malloc0(sizeof(*info));
476     info->name = g_strdup(nc->name);
477     info->promiscuous = n->promisc;
478 
479     if (n->nouni) {
480         info->unicast = RX_STATE_NONE;
481     } else if (n->alluni) {
482         info->unicast = RX_STATE_ALL;
483     } else {
484         info->unicast = RX_STATE_NORMAL;
485     }
486 
487     if (n->nomulti) {
488         info->multicast = RX_STATE_NONE;
489     } else if (n->allmulti) {
490         info->multicast = RX_STATE_ALL;
491     } else {
492         info->multicast = RX_STATE_NORMAL;
493     }
494 
495     info->broadcast_allowed = n->nobcast;
496     info->multicast_overflow = n->mac_table.multi_overflow;
497     info->unicast_overflow = n->mac_table.uni_overflow;
498 
499     info->main_mac = qemu_mac_strdup_printf(n->mac);
500 
501     str_list = NULL;
502     for (i = 0; i < n->mac_table.first_multi; i++) {
503         QAPI_LIST_PREPEND(str_list,
504                       qemu_mac_strdup_printf(n->mac_table.macs + i * ETH_ALEN));
505     }
506     info->unicast_table = str_list;
507 
508     str_list = NULL;
509     for (i = n->mac_table.first_multi; i < n->mac_table.in_use; i++) {
510         QAPI_LIST_PREPEND(str_list,
511                       qemu_mac_strdup_printf(n->mac_table.macs + i * ETH_ALEN));
512     }
513     info->multicast_table = str_list;
514     info->vlan_table = get_vlan_table(n);
515 
516     if (!virtio_vdev_has_feature(vdev, VIRTIO_NET_F_CTRL_VLAN)) {
517         info->vlan = RX_STATE_ALL;
518     } else if (!info->vlan_table) {
519         info->vlan = RX_STATE_NONE;
520     } else {
521         info->vlan = RX_STATE_NORMAL;
522     }
523 
524     /* enable event notification after query */
525     nc->rxfilter_notify_enabled = 1;
526 
527     return info;
528 }
529 
530 static void virtio_net_reset(VirtIODevice *vdev)
531 {
532     VirtIONet *n = VIRTIO_NET(vdev);
533     int i;
534 
535     /* Reset back to compatibility mode */
536     n->promisc = 1;
537     n->allmulti = 0;
538     n->alluni = 0;
539     n->nomulti = 0;
540     n->nouni = 0;
541     n->nobcast = 0;
542     /* multiqueue is disabled by default */
543     n->curr_queues = 1;
544     timer_del(n->announce_timer.tm);
545     n->announce_timer.round = 0;
546     n->status &= ~VIRTIO_NET_S_ANNOUNCE;
547 
548     /* Flush any MAC and VLAN filter table state */
549     n->mac_table.in_use = 0;
550     n->mac_table.first_multi = 0;
551     n->mac_table.multi_overflow = 0;
552     n->mac_table.uni_overflow = 0;
553     memset(n->mac_table.macs, 0, MAC_TABLE_ENTRIES * ETH_ALEN);
554     memcpy(&n->mac[0], &n->nic->conf->macaddr, sizeof(n->mac));
555     qemu_format_nic_info_str(qemu_get_queue(n->nic), n->mac);
556     memset(n->vlans, 0, MAX_VLAN >> 3);
557 
558     /* Flush any async TX */
559     for (i = 0;  i < n->max_queues; i++) {
560         NetClientState *nc = qemu_get_subqueue(n->nic, i);
561 
562         if (nc->peer) {
563             qemu_flush_or_purge_queued_packets(nc->peer, true);
564             assert(!virtio_net_get_subqueue(nc)->async_tx.elem);
565         }
566     }
567 }
568 
569 static void peer_test_vnet_hdr(VirtIONet *n)
570 {
571     NetClientState *nc = qemu_get_queue(n->nic);
572     if (!nc->peer) {
573         return;
574     }
575 
576     n->has_vnet_hdr = qemu_has_vnet_hdr(nc->peer);
577 }
578 
579 static int peer_has_vnet_hdr(VirtIONet *n)
580 {
581     return n->has_vnet_hdr;
582 }
583 
584 static int peer_has_ufo(VirtIONet *n)
585 {
586     if (!peer_has_vnet_hdr(n))
587         return 0;
588 
589     n->has_ufo = qemu_has_ufo(qemu_get_queue(n->nic)->peer);
590 
591     return n->has_ufo;
592 }
593 
594 static void virtio_net_set_mrg_rx_bufs(VirtIONet *n, int mergeable_rx_bufs,
595                                        int version_1, int hash_report)
596 {
597     int i;
598     NetClientState *nc;
599 
600     n->mergeable_rx_bufs = mergeable_rx_bufs;
601 
602     if (version_1) {
603         n->guest_hdr_len = hash_report ?
604             sizeof(struct virtio_net_hdr_v1_hash) :
605             sizeof(struct virtio_net_hdr_mrg_rxbuf);
606         n->rss_data.populate_hash = !!hash_report;
607     } else {
608         n->guest_hdr_len = n->mergeable_rx_bufs ?
609             sizeof(struct virtio_net_hdr_mrg_rxbuf) :
610             sizeof(struct virtio_net_hdr);
611     }
612 
613     for (i = 0; i < n->max_queues; i++) {
614         nc = qemu_get_subqueue(n->nic, i);
615 
616         if (peer_has_vnet_hdr(n) &&
617             qemu_has_vnet_hdr_len(nc->peer, n->guest_hdr_len)) {
618             qemu_set_vnet_hdr_len(nc->peer, n->guest_hdr_len);
619             n->host_hdr_len = n->guest_hdr_len;
620         }
621     }
622 }
623 
624 static int virtio_net_max_tx_queue_size(VirtIONet *n)
625 {
626     NetClientState *peer = n->nic_conf.peers.ncs[0];
627 
628     /*
629      * Backends other than vhost-user don't support max queue size.
630      */
631     if (!peer) {
632         return VIRTIO_NET_TX_QUEUE_DEFAULT_SIZE;
633     }
634 
635     if (peer->info->type != NET_CLIENT_DRIVER_VHOST_USER) {
636         return VIRTIO_NET_TX_QUEUE_DEFAULT_SIZE;
637     }
638 
639     return VIRTQUEUE_MAX_SIZE;
640 }
641 
642 static int peer_attach(VirtIONet *n, int index)
643 {
644     NetClientState *nc = qemu_get_subqueue(n->nic, index);
645 
646     if (!nc->peer) {
647         return 0;
648     }
649 
650     if (nc->peer->info->type == NET_CLIENT_DRIVER_VHOST_USER) {
651         vhost_set_vring_enable(nc->peer, 1);
652     }
653 
654     if (nc->peer->info->type != NET_CLIENT_DRIVER_TAP) {
655         return 0;
656     }
657 
658     if (n->max_queues == 1) {
659         return 0;
660     }
661 
662     return tap_enable(nc->peer);
663 }
664 
665 static int peer_detach(VirtIONet *n, int index)
666 {
667     NetClientState *nc = qemu_get_subqueue(n->nic, index);
668 
669     if (!nc->peer) {
670         return 0;
671     }
672 
673     if (nc->peer->info->type == NET_CLIENT_DRIVER_VHOST_USER) {
674         vhost_set_vring_enable(nc->peer, 0);
675     }
676 
677     if (nc->peer->info->type !=  NET_CLIENT_DRIVER_TAP) {
678         return 0;
679     }
680 
681     return tap_disable(nc->peer);
682 }
683 
684 static void virtio_net_set_queues(VirtIONet *n)
685 {
686     int i;
687     int r;
688 
689     if (n->nic->peer_deleted) {
690         return;
691     }
692 
693     for (i = 0; i < n->max_queues; i++) {
694         if (i < n->curr_queues) {
695             r = peer_attach(n, i);
696             assert(!r);
697         } else {
698             r = peer_detach(n, i);
699             assert(!r);
700         }
701     }
702 }
703 
704 static void virtio_net_set_multiqueue(VirtIONet *n, int multiqueue);
705 
706 static uint64_t virtio_net_get_features(VirtIODevice *vdev, uint64_t features,
707                                         Error **errp)
708 {
709     VirtIONet *n = VIRTIO_NET(vdev);
710     NetClientState *nc = qemu_get_queue(n->nic);
711 
712     /* Firstly sync all virtio-net possible supported features */
713     features |= n->host_features;
714 
715     virtio_add_feature(&features, VIRTIO_NET_F_MAC);
716 
717     if (!peer_has_vnet_hdr(n)) {
718         virtio_clear_feature(&features, VIRTIO_NET_F_CSUM);
719         virtio_clear_feature(&features, VIRTIO_NET_F_HOST_TSO4);
720         virtio_clear_feature(&features, VIRTIO_NET_F_HOST_TSO6);
721         virtio_clear_feature(&features, VIRTIO_NET_F_HOST_ECN);
722 
723         virtio_clear_feature(&features, VIRTIO_NET_F_GUEST_CSUM);
724         virtio_clear_feature(&features, VIRTIO_NET_F_GUEST_TSO4);
725         virtio_clear_feature(&features, VIRTIO_NET_F_GUEST_TSO6);
726         virtio_clear_feature(&features, VIRTIO_NET_F_GUEST_ECN);
727 
728         virtio_clear_feature(&features, VIRTIO_NET_F_HASH_REPORT);
729     }
730 
731     if (!peer_has_vnet_hdr(n) || !peer_has_ufo(n)) {
732         virtio_clear_feature(&features, VIRTIO_NET_F_GUEST_UFO);
733         virtio_clear_feature(&features, VIRTIO_NET_F_HOST_UFO);
734     }
735 
736     if (!get_vhost_net(nc->peer)) {
737         return features;
738     }
739 
740     virtio_clear_feature(&features, VIRTIO_NET_F_RSS);
741     virtio_clear_feature(&features, VIRTIO_NET_F_HASH_REPORT);
742     features = vhost_net_get_features(get_vhost_net(nc->peer), features);
743     vdev->backend_features = features;
744 
745     if (n->mtu_bypass_backend &&
746             (n->host_features & 1ULL << VIRTIO_NET_F_MTU)) {
747         features |= (1ULL << VIRTIO_NET_F_MTU);
748     }
749 
750     return features;
751 }
752 
753 static uint64_t virtio_net_bad_features(VirtIODevice *vdev)
754 {
755     uint64_t features = 0;
756 
757     /* Linux kernel 2.6.25.  It understood MAC (as everyone must),
758      * but also these: */
759     virtio_add_feature(&features, VIRTIO_NET_F_MAC);
760     virtio_add_feature(&features, VIRTIO_NET_F_CSUM);
761     virtio_add_feature(&features, VIRTIO_NET_F_HOST_TSO4);
762     virtio_add_feature(&features, VIRTIO_NET_F_HOST_TSO6);
763     virtio_add_feature(&features, VIRTIO_NET_F_HOST_ECN);
764 
765     return features;
766 }
767 
768 static void virtio_net_apply_guest_offloads(VirtIONet *n)
769 {
770     qemu_set_offload(qemu_get_queue(n->nic)->peer,
771             !!(n->curr_guest_offloads & (1ULL << VIRTIO_NET_F_GUEST_CSUM)),
772             !!(n->curr_guest_offloads & (1ULL << VIRTIO_NET_F_GUEST_TSO4)),
773             !!(n->curr_guest_offloads & (1ULL << VIRTIO_NET_F_GUEST_TSO6)),
774             !!(n->curr_guest_offloads & (1ULL << VIRTIO_NET_F_GUEST_ECN)),
775             !!(n->curr_guest_offloads & (1ULL << VIRTIO_NET_F_GUEST_UFO)));
776 }
777 
778 static uint64_t virtio_net_guest_offloads_by_features(uint32_t features)
779 {
780     static const uint64_t guest_offloads_mask =
781         (1ULL << VIRTIO_NET_F_GUEST_CSUM) |
782         (1ULL << VIRTIO_NET_F_GUEST_TSO4) |
783         (1ULL << VIRTIO_NET_F_GUEST_TSO6) |
784         (1ULL << VIRTIO_NET_F_GUEST_ECN)  |
785         (1ULL << VIRTIO_NET_F_GUEST_UFO);
786 
787     return guest_offloads_mask & features;
788 }
789 
790 static inline uint64_t virtio_net_supported_guest_offloads(VirtIONet *n)
791 {
792     VirtIODevice *vdev = VIRTIO_DEVICE(n);
793     return virtio_net_guest_offloads_by_features(vdev->guest_features);
794 }
795 
796 typedef struct {
797     VirtIONet *n;
798     char *id;
799 } FailoverId;
800 
801 /**
802  * Set the id of the failover primary device
803  *
804  * @opaque: FailoverId to setup
805  * @opts: opts for device we are handling
806  * @errp: returns an error if this function fails
807  */
808 static int failover_set_primary(void *opaque, QemuOpts *opts, Error **errp)
809 {
810     FailoverId *fid = opaque;
811     const char *standby_id = qemu_opt_get(opts, "failover_pair_id");
812 
813     if (g_strcmp0(standby_id, fid->n->netclient_name) == 0) {
814         fid->id = g_strdup(opts->id);
815         return 1;
816     }
817 
818     return 0;
819 }
820 
821 /**
822  * Find the primary device id for this failover virtio-net
823  *
824  * @n: VirtIONet device
825  * @errp: returns an error if this function fails
826  */
827 static char *failover_find_primary_device_id(VirtIONet *n)
828 {
829     Error *err = NULL;
830     FailoverId fid;
831 
832     fid.n = n;
833     if (!qemu_opts_foreach(qemu_find_opts("device"),
834                            failover_set_primary, &fid, &err)) {
835         return NULL;
836     }
837     return fid.id;
838 }
839 
840 /**
841  * Find the primary device for this failover virtio-net
842  *
843  * @n: VirtIONet device
844  * @errp: returns an error if this function fails
845  */
846 static DeviceState *failover_find_primary_device(VirtIONet *n)
847 {
848     char *id = failover_find_primary_device_id(n);
849 
850     if (!id) {
851         return NULL;
852     }
853 
854     return qdev_find_recursive(sysbus_get_default(), id);
855 }
856 
857 static void failover_add_primary(VirtIONet *n, Error **errp)
858 {
859     Error *err = NULL;
860     QemuOpts *opts;
861     char *id;
862     DeviceState *dev = failover_find_primary_device(n);
863 
864     if (dev) {
865         return;
866     }
867 
868     id = failover_find_primary_device_id(n);
869     if (!id) {
870         error_setg(errp, "Primary device not found");
871         error_append_hint(errp, "Virtio-net failover will not work. Make "
872                           "sure primary device has parameter"
873                           " failover_pair_id=%s\n", n->netclient_name);
874         return;
875     }
876     opts = qemu_opts_find(qemu_find_opts("device"), id);
877     g_assert(opts); /* cannot be NULL because id was found using opts list */
878     dev = qdev_device_add(opts, &err);
879     if (err) {
880         qemu_opts_del(opts);
881     } else {
882         object_unref(OBJECT(dev));
883     }
884     error_propagate(errp, err);
885 }
886 
887 static void virtio_net_set_features(VirtIODevice *vdev, uint64_t features)
888 {
889     VirtIONet *n = VIRTIO_NET(vdev);
890     Error *err = NULL;
891     int i;
892 
893     if (n->mtu_bypass_backend &&
894             !virtio_has_feature(vdev->backend_features, VIRTIO_NET_F_MTU)) {
895         features &= ~(1ULL << VIRTIO_NET_F_MTU);
896     }
897 
898     virtio_net_set_multiqueue(n,
899                               virtio_has_feature(features, VIRTIO_NET_F_RSS) ||
900                               virtio_has_feature(features, VIRTIO_NET_F_MQ));
901 
902     virtio_net_set_mrg_rx_bufs(n,
903                                virtio_has_feature(features,
904                                                   VIRTIO_NET_F_MRG_RXBUF),
905                                virtio_has_feature(features,
906                                                   VIRTIO_F_VERSION_1),
907                                virtio_has_feature(features,
908                                                   VIRTIO_NET_F_HASH_REPORT));
909 
910     n->rsc4_enabled = virtio_has_feature(features, VIRTIO_NET_F_RSC_EXT) &&
911         virtio_has_feature(features, VIRTIO_NET_F_GUEST_TSO4);
912     n->rsc6_enabled = virtio_has_feature(features, VIRTIO_NET_F_RSC_EXT) &&
913         virtio_has_feature(features, VIRTIO_NET_F_GUEST_TSO6);
914     n->rss_data.redirect = virtio_has_feature(features, VIRTIO_NET_F_RSS);
915 
916     if (n->has_vnet_hdr) {
917         n->curr_guest_offloads =
918             virtio_net_guest_offloads_by_features(features);
919         virtio_net_apply_guest_offloads(n);
920     }
921 
922     for (i = 0;  i < n->max_queues; i++) {
923         NetClientState *nc = qemu_get_subqueue(n->nic, i);
924 
925         if (!get_vhost_net(nc->peer)) {
926             continue;
927         }
928         vhost_net_ack_features(get_vhost_net(nc->peer), features);
929     }
930 
931     if (virtio_has_feature(features, VIRTIO_NET_F_CTRL_VLAN)) {
932         memset(n->vlans, 0, MAX_VLAN >> 3);
933     } else {
934         memset(n->vlans, 0xff, MAX_VLAN >> 3);
935     }
936 
937     if (virtio_has_feature(features, VIRTIO_NET_F_STANDBY)) {
938         qapi_event_send_failover_negotiated(n->netclient_name);
939         qatomic_set(&n->failover_primary_hidden, false);
940         failover_add_primary(n, &err);
941         if (err) {
942             warn_report_err(err);
943         }
944     }
945 }
946 
947 static int virtio_net_handle_rx_mode(VirtIONet *n, uint8_t cmd,
948                                      struct iovec *iov, unsigned int iov_cnt)
949 {
950     uint8_t on;
951     size_t s;
952     NetClientState *nc = qemu_get_queue(n->nic);
953 
954     s = iov_to_buf(iov, iov_cnt, 0, &on, sizeof(on));
955     if (s != sizeof(on)) {
956         return VIRTIO_NET_ERR;
957     }
958 
959     if (cmd == VIRTIO_NET_CTRL_RX_PROMISC) {
960         n->promisc = on;
961     } else if (cmd == VIRTIO_NET_CTRL_RX_ALLMULTI) {
962         n->allmulti = on;
963     } else if (cmd == VIRTIO_NET_CTRL_RX_ALLUNI) {
964         n->alluni = on;
965     } else if (cmd == VIRTIO_NET_CTRL_RX_NOMULTI) {
966         n->nomulti = on;
967     } else if (cmd == VIRTIO_NET_CTRL_RX_NOUNI) {
968         n->nouni = on;
969     } else if (cmd == VIRTIO_NET_CTRL_RX_NOBCAST) {
970         n->nobcast = on;
971     } else {
972         return VIRTIO_NET_ERR;
973     }
974 
975     rxfilter_notify(nc);
976 
977     return VIRTIO_NET_OK;
978 }
979 
980 static int virtio_net_handle_offloads(VirtIONet *n, uint8_t cmd,
981                                      struct iovec *iov, unsigned int iov_cnt)
982 {
983     VirtIODevice *vdev = VIRTIO_DEVICE(n);
984     uint64_t offloads;
985     size_t s;
986 
987     if (!virtio_vdev_has_feature(vdev, VIRTIO_NET_F_CTRL_GUEST_OFFLOADS)) {
988         return VIRTIO_NET_ERR;
989     }
990 
991     s = iov_to_buf(iov, iov_cnt, 0, &offloads, sizeof(offloads));
992     if (s != sizeof(offloads)) {
993         return VIRTIO_NET_ERR;
994     }
995 
996     if (cmd == VIRTIO_NET_CTRL_GUEST_OFFLOADS_SET) {
997         uint64_t supported_offloads;
998 
999         offloads = virtio_ldq_p(vdev, &offloads);
1000 
1001         if (!n->has_vnet_hdr) {
1002             return VIRTIO_NET_ERR;
1003         }
1004 
1005         n->rsc4_enabled = virtio_has_feature(offloads, VIRTIO_NET_F_RSC_EXT) &&
1006             virtio_has_feature(offloads, VIRTIO_NET_F_GUEST_TSO4);
1007         n->rsc6_enabled = virtio_has_feature(offloads, VIRTIO_NET_F_RSC_EXT) &&
1008             virtio_has_feature(offloads, VIRTIO_NET_F_GUEST_TSO6);
1009         virtio_clear_feature(&offloads, VIRTIO_NET_F_RSC_EXT);
1010 
1011         supported_offloads = virtio_net_supported_guest_offloads(n);
1012         if (offloads & ~supported_offloads) {
1013             return VIRTIO_NET_ERR;
1014         }
1015 
1016         n->curr_guest_offloads = offloads;
1017         virtio_net_apply_guest_offloads(n);
1018 
1019         return VIRTIO_NET_OK;
1020     } else {
1021         return VIRTIO_NET_ERR;
1022     }
1023 }
1024 
1025 static int virtio_net_handle_mac(VirtIONet *n, uint8_t cmd,
1026                                  struct iovec *iov, unsigned int iov_cnt)
1027 {
1028     VirtIODevice *vdev = VIRTIO_DEVICE(n);
1029     struct virtio_net_ctrl_mac mac_data;
1030     size_t s;
1031     NetClientState *nc = qemu_get_queue(n->nic);
1032 
1033     if (cmd == VIRTIO_NET_CTRL_MAC_ADDR_SET) {
1034         if (iov_size(iov, iov_cnt) != sizeof(n->mac)) {
1035             return VIRTIO_NET_ERR;
1036         }
1037         s = iov_to_buf(iov, iov_cnt, 0, &n->mac, sizeof(n->mac));
1038         assert(s == sizeof(n->mac));
1039         qemu_format_nic_info_str(qemu_get_queue(n->nic), n->mac);
1040         rxfilter_notify(nc);
1041 
1042         return VIRTIO_NET_OK;
1043     }
1044 
1045     if (cmd != VIRTIO_NET_CTRL_MAC_TABLE_SET) {
1046         return VIRTIO_NET_ERR;
1047     }
1048 
1049     int in_use = 0;
1050     int first_multi = 0;
1051     uint8_t uni_overflow = 0;
1052     uint8_t multi_overflow = 0;
1053     uint8_t *macs = g_malloc0(MAC_TABLE_ENTRIES * ETH_ALEN);
1054 
1055     s = iov_to_buf(iov, iov_cnt, 0, &mac_data.entries,
1056                    sizeof(mac_data.entries));
1057     mac_data.entries = virtio_ldl_p(vdev, &mac_data.entries);
1058     if (s != sizeof(mac_data.entries)) {
1059         goto error;
1060     }
1061     iov_discard_front(&iov, &iov_cnt, s);
1062 
1063     if (mac_data.entries * ETH_ALEN > iov_size(iov, iov_cnt)) {
1064         goto error;
1065     }
1066 
1067     if (mac_data.entries <= MAC_TABLE_ENTRIES) {
1068         s = iov_to_buf(iov, iov_cnt, 0, macs,
1069                        mac_data.entries * ETH_ALEN);
1070         if (s != mac_data.entries * ETH_ALEN) {
1071             goto error;
1072         }
1073         in_use += mac_data.entries;
1074     } else {
1075         uni_overflow = 1;
1076     }
1077 
1078     iov_discard_front(&iov, &iov_cnt, mac_data.entries * ETH_ALEN);
1079 
1080     first_multi = in_use;
1081 
1082     s = iov_to_buf(iov, iov_cnt, 0, &mac_data.entries,
1083                    sizeof(mac_data.entries));
1084     mac_data.entries = virtio_ldl_p(vdev, &mac_data.entries);
1085     if (s != sizeof(mac_data.entries)) {
1086         goto error;
1087     }
1088 
1089     iov_discard_front(&iov, &iov_cnt, s);
1090 
1091     if (mac_data.entries * ETH_ALEN != iov_size(iov, iov_cnt)) {
1092         goto error;
1093     }
1094 
1095     if (mac_data.entries <= MAC_TABLE_ENTRIES - in_use) {
1096         s = iov_to_buf(iov, iov_cnt, 0, &macs[in_use * ETH_ALEN],
1097                        mac_data.entries * ETH_ALEN);
1098         if (s != mac_data.entries * ETH_ALEN) {
1099             goto error;
1100         }
1101         in_use += mac_data.entries;
1102     } else {
1103         multi_overflow = 1;
1104     }
1105 
1106     n->mac_table.in_use = in_use;
1107     n->mac_table.first_multi = first_multi;
1108     n->mac_table.uni_overflow = uni_overflow;
1109     n->mac_table.multi_overflow = multi_overflow;
1110     memcpy(n->mac_table.macs, macs, MAC_TABLE_ENTRIES * ETH_ALEN);
1111     g_free(macs);
1112     rxfilter_notify(nc);
1113 
1114     return VIRTIO_NET_OK;
1115 
1116 error:
1117     g_free(macs);
1118     return VIRTIO_NET_ERR;
1119 }
1120 
1121 static int virtio_net_handle_vlan_table(VirtIONet *n, uint8_t cmd,
1122                                         struct iovec *iov, unsigned int iov_cnt)
1123 {
1124     VirtIODevice *vdev = VIRTIO_DEVICE(n);
1125     uint16_t vid;
1126     size_t s;
1127     NetClientState *nc = qemu_get_queue(n->nic);
1128 
1129     s = iov_to_buf(iov, iov_cnt, 0, &vid, sizeof(vid));
1130     vid = virtio_lduw_p(vdev, &vid);
1131     if (s != sizeof(vid)) {
1132         return VIRTIO_NET_ERR;
1133     }
1134 
1135     if (vid >= MAX_VLAN)
1136         return VIRTIO_NET_ERR;
1137 
1138     if (cmd == VIRTIO_NET_CTRL_VLAN_ADD)
1139         n->vlans[vid >> 5] |= (1U << (vid & 0x1f));
1140     else if (cmd == VIRTIO_NET_CTRL_VLAN_DEL)
1141         n->vlans[vid >> 5] &= ~(1U << (vid & 0x1f));
1142     else
1143         return VIRTIO_NET_ERR;
1144 
1145     rxfilter_notify(nc);
1146 
1147     return VIRTIO_NET_OK;
1148 }
1149 
1150 static int virtio_net_handle_announce(VirtIONet *n, uint8_t cmd,
1151                                       struct iovec *iov, unsigned int iov_cnt)
1152 {
1153     trace_virtio_net_handle_announce(n->announce_timer.round);
1154     if (cmd == VIRTIO_NET_CTRL_ANNOUNCE_ACK &&
1155         n->status & VIRTIO_NET_S_ANNOUNCE) {
1156         n->status &= ~VIRTIO_NET_S_ANNOUNCE;
1157         if (n->announce_timer.round) {
1158             qemu_announce_timer_step(&n->announce_timer);
1159         }
1160         return VIRTIO_NET_OK;
1161     } else {
1162         return VIRTIO_NET_ERR;
1163     }
1164 }
1165 
1166 static void virtio_net_disable_rss(VirtIONet *n)
1167 {
1168     if (n->rss_data.enabled) {
1169         trace_virtio_net_rss_disable();
1170     }
1171     n->rss_data.enabled = false;
1172 }
1173 
1174 static uint16_t virtio_net_handle_rss(VirtIONet *n,
1175                                       struct iovec *iov,
1176                                       unsigned int iov_cnt,
1177                                       bool do_rss)
1178 {
1179     VirtIODevice *vdev = VIRTIO_DEVICE(n);
1180     struct virtio_net_rss_config cfg;
1181     size_t s, offset = 0, size_get;
1182     uint16_t queues, i;
1183     struct {
1184         uint16_t us;
1185         uint8_t b;
1186     } QEMU_PACKED temp;
1187     const char *err_msg = "";
1188     uint32_t err_value = 0;
1189 
1190     if (do_rss && !virtio_vdev_has_feature(vdev, VIRTIO_NET_F_RSS)) {
1191         err_msg = "RSS is not negotiated";
1192         goto error;
1193     }
1194     if (!do_rss && !virtio_vdev_has_feature(vdev, VIRTIO_NET_F_HASH_REPORT)) {
1195         err_msg = "Hash report is not negotiated";
1196         goto error;
1197     }
1198     size_get = offsetof(struct virtio_net_rss_config, indirection_table);
1199     s = iov_to_buf(iov, iov_cnt, offset, &cfg, size_get);
1200     if (s != size_get) {
1201         err_msg = "Short command buffer";
1202         err_value = (uint32_t)s;
1203         goto error;
1204     }
1205     n->rss_data.hash_types = virtio_ldl_p(vdev, &cfg.hash_types);
1206     n->rss_data.indirections_len =
1207         virtio_lduw_p(vdev, &cfg.indirection_table_mask);
1208     n->rss_data.indirections_len++;
1209     if (!do_rss) {
1210         n->rss_data.indirections_len = 1;
1211     }
1212     if (!is_power_of_2(n->rss_data.indirections_len)) {
1213         err_msg = "Invalid size of indirection table";
1214         err_value = n->rss_data.indirections_len;
1215         goto error;
1216     }
1217     if (n->rss_data.indirections_len > VIRTIO_NET_RSS_MAX_TABLE_LEN) {
1218         err_msg = "Too large indirection table";
1219         err_value = n->rss_data.indirections_len;
1220         goto error;
1221     }
1222     n->rss_data.default_queue = do_rss ?
1223         virtio_lduw_p(vdev, &cfg.unclassified_queue) : 0;
1224     if (n->rss_data.default_queue >= n->max_queues) {
1225         err_msg = "Invalid default queue";
1226         err_value = n->rss_data.default_queue;
1227         goto error;
1228     }
1229     offset += size_get;
1230     size_get = sizeof(uint16_t) * n->rss_data.indirections_len;
1231     g_free(n->rss_data.indirections_table);
1232     n->rss_data.indirections_table = g_malloc(size_get);
1233     if (!n->rss_data.indirections_table) {
1234         err_msg = "Can't allocate indirections table";
1235         err_value = n->rss_data.indirections_len;
1236         goto error;
1237     }
1238     s = iov_to_buf(iov, iov_cnt, offset,
1239                    n->rss_data.indirections_table, size_get);
1240     if (s != size_get) {
1241         err_msg = "Short indirection table buffer";
1242         err_value = (uint32_t)s;
1243         goto error;
1244     }
1245     for (i = 0; i < n->rss_data.indirections_len; ++i) {
1246         uint16_t val = n->rss_data.indirections_table[i];
1247         n->rss_data.indirections_table[i] = virtio_lduw_p(vdev, &val);
1248     }
1249     offset += size_get;
1250     size_get = sizeof(temp);
1251     s = iov_to_buf(iov, iov_cnt, offset, &temp, size_get);
1252     if (s != size_get) {
1253         err_msg = "Can't get queues";
1254         err_value = (uint32_t)s;
1255         goto error;
1256     }
1257     queues = do_rss ? virtio_lduw_p(vdev, &temp.us) : n->curr_queues;
1258     if (queues == 0 || queues > n->max_queues) {
1259         err_msg = "Invalid number of queues";
1260         err_value = queues;
1261         goto error;
1262     }
1263     if (temp.b > VIRTIO_NET_RSS_MAX_KEY_SIZE) {
1264         err_msg = "Invalid key size";
1265         err_value = temp.b;
1266         goto error;
1267     }
1268     if (!temp.b && n->rss_data.hash_types) {
1269         err_msg = "No key provided";
1270         err_value = 0;
1271         goto error;
1272     }
1273     if (!temp.b && !n->rss_data.hash_types) {
1274         virtio_net_disable_rss(n);
1275         return queues;
1276     }
1277     offset += size_get;
1278     size_get = temp.b;
1279     s = iov_to_buf(iov, iov_cnt, offset, n->rss_data.key, size_get);
1280     if (s != size_get) {
1281         err_msg = "Can get key buffer";
1282         err_value = (uint32_t)s;
1283         goto error;
1284     }
1285     n->rss_data.enabled = true;
1286     trace_virtio_net_rss_enable(n->rss_data.hash_types,
1287                                 n->rss_data.indirections_len,
1288                                 temp.b);
1289     return queues;
1290 error:
1291     trace_virtio_net_rss_error(err_msg, err_value);
1292     virtio_net_disable_rss(n);
1293     return 0;
1294 }
1295 
1296 static int virtio_net_handle_mq(VirtIONet *n, uint8_t cmd,
1297                                 struct iovec *iov, unsigned int iov_cnt)
1298 {
1299     VirtIODevice *vdev = VIRTIO_DEVICE(n);
1300     uint16_t queues;
1301 
1302     virtio_net_disable_rss(n);
1303     if (cmd == VIRTIO_NET_CTRL_MQ_HASH_CONFIG) {
1304         queues = virtio_net_handle_rss(n, iov, iov_cnt, false);
1305         return queues ? VIRTIO_NET_OK : VIRTIO_NET_ERR;
1306     }
1307     if (cmd == VIRTIO_NET_CTRL_MQ_RSS_CONFIG) {
1308         queues = virtio_net_handle_rss(n, iov, iov_cnt, true);
1309     } else if (cmd == VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET) {
1310         struct virtio_net_ctrl_mq mq;
1311         size_t s;
1312         if (!virtio_vdev_has_feature(vdev, VIRTIO_NET_F_MQ)) {
1313             return VIRTIO_NET_ERR;
1314         }
1315         s = iov_to_buf(iov, iov_cnt, 0, &mq, sizeof(mq));
1316         if (s != sizeof(mq)) {
1317             return VIRTIO_NET_ERR;
1318         }
1319         queues = virtio_lduw_p(vdev, &mq.virtqueue_pairs);
1320 
1321     } else {
1322         return VIRTIO_NET_ERR;
1323     }
1324 
1325     if (queues < VIRTIO_NET_CTRL_MQ_VQ_PAIRS_MIN ||
1326         queues > VIRTIO_NET_CTRL_MQ_VQ_PAIRS_MAX ||
1327         queues > n->max_queues ||
1328         !n->multiqueue) {
1329         return VIRTIO_NET_ERR;
1330     }
1331 
1332     n->curr_queues = queues;
1333     /* stop the backend before changing the number of queues to avoid handling a
1334      * disabled queue */
1335     virtio_net_set_status(vdev, vdev->status);
1336     virtio_net_set_queues(n);
1337 
1338     return VIRTIO_NET_OK;
1339 }
1340 
1341 static void virtio_net_handle_ctrl(VirtIODevice *vdev, VirtQueue *vq)
1342 {
1343     VirtIONet *n = VIRTIO_NET(vdev);
1344     struct virtio_net_ctrl_hdr ctrl;
1345     virtio_net_ctrl_ack status = VIRTIO_NET_ERR;
1346     VirtQueueElement *elem;
1347     size_t s;
1348     struct iovec *iov, *iov2;
1349     unsigned int iov_cnt;
1350 
1351     for (;;) {
1352         elem = virtqueue_pop(vq, sizeof(VirtQueueElement));
1353         if (!elem) {
1354             break;
1355         }
1356         if (iov_size(elem->in_sg, elem->in_num) < sizeof(status) ||
1357             iov_size(elem->out_sg, elem->out_num) < sizeof(ctrl)) {
1358             virtio_error(vdev, "virtio-net ctrl missing headers");
1359             virtqueue_detach_element(vq, elem, 0);
1360             g_free(elem);
1361             break;
1362         }
1363 
1364         iov_cnt = elem->out_num;
1365         iov2 = iov = g_memdup(elem->out_sg, sizeof(struct iovec) * elem->out_num);
1366         s = iov_to_buf(iov, iov_cnt, 0, &ctrl, sizeof(ctrl));
1367         iov_discard_front(&iov, &iov_cnt, sizeof(ctrl));
1368         if (s != sizeof(ctrl)) {
1369             status = VIRTIO_NET_ERR;
1370         } else if (ctrl.class == VIRTIO_NET_CTRL_RX) {
1371             status = virtio_net_handle_rx_mode(n, ctrl.cmd, iov, iov_cnt);
1372         } else if (ctrl.class == VIRTIO_NET_CTRL_MAC) {
1373             status = virtio_net_handle_mac(n, ctrl.cmd, iov, iov_cnt);
1374         } else if (ctrl.class == VIRTIO_NET_CTRL_VLAN) {
1375             status = virtio_net_handle_vlan_table(n, ctrl.cmd, iov, iov_cnt);
1376         } else if (ctrl.class == VIRTIO_NET_CTRL_ANNOUNCE) {
1377             status = virtio_net_handle_announce(n, ctrl.cmd, iov, iov_cnt);
1378         } else if (ctrl.class == VIRTIO_NET_CTRL_MQ) {
1379             status = virtio_net_handle_mq(n, ctrl.cmd, iov, iov_cnt);
1380         } else if (ctrl.class == VIRTIO_NET_CTRL_GUEST_OFFLOADS) {
1381             status = virtio_net_handle_offloads(n, ctrl.cmd, iov, iov_cnt);
1382         }
1383 
1384         s = iov_from_buf(elem->in_sg, elem->in_num, 0, &status, sizeof(status));
1385         assert(s == sizeof(status));
1386 
1387         virtqueue_push(vq, elem, sizeof(status));
1388         virtio_notify(vdev, vq);
1389         g_free(iov2);
1390         g_free(elem);
1391     }
1392 }
1393 
1394 /* RX */
1395 
1396 static void virtio_net_handle_rx(VirtIODevice *vdev, VirtQueue *vq)
1397 {
1398     VirtIONet *n = VIRTIO_NET(vdev);
1399     int queue_index = vq2q(virtio_get_queue_index(vq));
1400 
1401     qemu_flush_queued_packets(qemu_get_subqueue(n->nic, queue_index));
1402 }
1403 
1404 static bool virtio_net_can_receive(NetClientState *nc)
1405 {
1406     VirtIONet *n = qemu_get_nic_opaque(nc);
1407     VirtIODevice *vdev = VIRTIO_DEVICE(n);
1408     VirtIONetQueue *q = virtio_net_get_subqueue(nc);
1409 
1410     if (!vdev->vm_running) {
1411         return false;
1412     }
1413 
1414     if (nc->queue_index >= n->curr_queues) {
1415         return false;
1416     }
1417 
1418     if (!virtio_queue_ready(q->rx_vq) ||
1419         !(vdev->status & VIRTIO_CONFIG_S_DRIVER_OK)) {
1420         return false;
1421     }
1422 
1423     return true;
1424 }
1425 
1426 static int virtio_net_has_buffers(VirtIONetQueue *q, int bufsize)
1427 {
1428     VirtIONet *n = q->n;
1429     if (virtio_queue_empty(q->rx_vq) ||
1430         (n->mergeable_rx_bufs &&
1431          !virtqueue_avail_bytes(q->rx_vq, bufsize, 0))) {
1432         virtio_queue_set_notification(q->rx_vq, 1);
1433 
1434         /* To avoid a race condition where the guest has made some buffers
1435          * available after the above check but before notification was
1436          * enabled, check for available buffers again.
1437          */
1438         if (virtio_queue_empty(q->rx_vq) ||
1439             (n->mergeable_rx_bufs &&
1440              !virtqueue_avail_bytes(q->rx_vq, bufsize, 0))) {
1441             return 0;
1442         }
1443     }
1444 
1445     virtio_queue_set_notification(q->rx_vq, 0);
1446     return 1;
1447 }
1448 
1449 static void virtio_net_hdr_swap(VirtIODevice *vdev, struct virtio_net_hdr *hdr)
1450 {
1451     virtio_tswap16s(vdev, &hdr->hdr_len);
1452     virtio_tswap16s(vdev, &hdr->gso_size);
1453     virtio_tswap16s(vdev, &hdr->csum_start);
1454     virtio_tswap16s(vdev, &hdr->csum_offset);
1455 }
1456 
1457 /* dhclient uses AF_PACKET but doesn't pass auxdata to the kernel so
1458  * it never finds out that the packets don't have valid checksums.  This
1459  * causes dhclient to get upset.  Fedora's carried a patch for ages to
1460  * fix this with Xen but it hasn't appeared in an upstream release of
1461  * dhclient yet.
1462  *
1463  * To avoid breaking existing guests, we catch udp packets and add
1464  * checksums.  This is terrible but it's better than hacking the guest
1465  * kernels.
1466  *
1467  * N.B. if we introduce a zero-copy API, this operation is no longer free so
1468  * we should provide a mechanism to disable it to avoid polluting the host
1469  * cache.
1470  */
1471 static void work_around_broken_dhclient(struct virtio_net_hdr *hdr,
1472                                         uint8_t *buf, size_t size)
1473 {
1474     if ((hdr->flags & VIRTIO_NET_HDR_F_NEEDS_CSUM) && /* missing csum */
1475         (size > 27 && size < 1500) && /* normal sized MTU */
1476         (buf[12] == 0x08 && buf[13] == 0x00) && /* ethertype == IPv4 */
1477         (buf[23] == 17) && /* ip.protocol == UDP */
1478         (buf[34] == 0 && buf[35] == 67)) { /* udp.srcport == bootps */
1479         net_checksum_calculate(buf, size, CSUM_UDP);
1480         hdr->flags &= ~VIRTIO_NET_HDR_F_NEEDS_CSUM;
1481     }
1482 }
1483 
1484 static void receive_header(VirtIONet *n, const struct iovec *iov, int iov_cnt,
1485                            const void *buf, size_t size)
1486 {
1487     if (n->has_vnet_hdr) {
1488         /* FIXME this cast is evil */
1489         void *wbuf = (void *)buf;
1490         work_around_broken_dhclient(wbuf, wbuf + n->host_hdr_len,
1491                                     size - n->host_hdr_len);
1492 
1493         if (n->needs_vnet_hdr_swap) {
1494             virtio_net_hdr_swap(VIRTIO_DEVICE(n), wbuf);
1495         }
1496         iov_from_buf(iov, iov_cnt, 0, buf, sizeof(struct virtio_net_hdr));
1497     } else {
1498         struct virtio_net_hdr hdr = {
1499             .flags = 0,
1500             .gso_type = VIRTIO_NET_HDR_GSO_NONE
1501         };
1502         iov_from_buf(iov, iov_cnt, 0, &hdr, sizeof hdr);
1503     }
1504 }
1505 
1506 static int receive_filter(VirtIONet *n, const uint8_t *buf, int size)
1507 {
1508     static const uint8_t bcast[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
1509     static const uint8_t vlan[] = {0x81, 0x00};
1510     uint8_t *ptr = (uint8_t *)buf;
1511     int i;
1512 
1513     if (n->promisc)
1514         return 1;
1515 
1516     ptr += n->host_hdr_len;
1517 
1518     if (!memcmp(&ptr[12], vlan, sizeof(vlan))) {
1519         int vid = lduw_be_p(ptr + 14) & 0xfff;
1520         if (!(n->vlans[vid >> 5] & (1U << (vid & 0x1f))))
1521             return 0;
1522     }
1523 
1524     if (ptr[0] & 1) { // multicast
1525         if (!memcmp(ptr, bcast, sizeof(bcast))) {
1526             return !n->nobcast;
1527         } else if (n->nomulti) {
1528             return 0;
1529         } else if (n->allmulti || n->mac_table.multi_overflow) {
1530             return 1;
1531         }
1532 
1533         for (i = n->mac_table.first_multi; i < n->mac_table.in_use; i++) {
1534             if (!memcmp(ptr, &n->mac_table.macs[i * ETH_ALEN], ETH_ALEN)) {
1535                 return 1;
1536             }
1537         }
1538     } else { // unicast
1539         if (n->nouni) {
1540             return 0;
1541         } else if (n->alluni || n->mac_table.uni_overflow) {
1542             return 1;
1543         } else if (!memcmp(ptr, n->mac, ETH_ALEN)) {
1544             return 1;
1545         }
1546 
1547         for (i = 0; i < n->mac_table.first_multi; i++) {
1548             if (!memcmp(ptr, &n->mac_table.macs[i * ETH_ALEN], ETH_ALEN)) {
1549                 return 1;
1550             }
1551         }
1552     }
1553 
1554     return 0;
1555 }
1556 
1557 static uint8_t virtio_net_get_hash_type(bool isip4,
1558                                         bool isip6,
1559                                         bool isudp,
1560                                         bool istcp,
1561                                         uint32_t types)
1562 {
1563     if (isip4) {
1564         if (istcp && (types & VIRTIO_NET_RSS_HASH_TYPE_TCPv4)) {
1565             return NetPktRssIpV4Tcp;
1566         }
1567         if (isudp && (types & VIRTIO_NET_RSS_HASH_TYPE_UDPv4)) {
1568             return NetPktRssIpV4Udp;
1569         }
1570         if (types & VIRTIO_NET_RSS_HASH_TYPE_IPv4) {
1571             return NetPktRssIpV4;
1572         }
1573     } else if (isip6) {
1574         uint32_t mask = VIRTIO_NET_RSS_HASH_TYPE_TCP_EX |
1575                         VIRTIO_NET_RSS_HASH_TYPE_TCPv6;
1576 
1577         if (istcp && (types & mask)) {
1578             return (types & VIRTIO_NET_RSS_HASH_TYPE_TCP_EX) ?
1579                 NetPktRssIpV6TcpEx : NetPktRssIpV6Tcp;
1580         }
1581         mask = VIRTIO_NET_RSS_HASH_TYPE_UDP_EX | VIRTIO_NET_RSS_HASH_TYPE_UDPv6;
1582         if (isudp && (types & mask)) {
1583             return (types & VIRTIO_NET_RSS_HASH_TYPE_UDP_EX) ?
1584                 NetPktRssIpV6UdpEx : NetPktRssIpV6Udp;
1585         }
1586         mask = VIRTIO_NET_RSS_HASH_TYPE_IP_EX | VIRTIO_NET_RSS_HASH_TYPE_IPv6;
1587         if (types & mask) {
1588             return (types & VIRTIO_NET_RSS_HASH_TYPE_IP_EX) ?
1589                 NetPktRssIpV6Ex : NetPktRssIpV6;
1590         }
1591     }
1592     return 0xff;
1593 }
1594 
1595 static void virtio_set_packet_hash(const uint8_t *buf, uint8_t report,
1596                                    uint32_t hash)
1597 {
1598     struct virtio_net_hdr_v1_hash *hdr = (void *)buf;
1599     hdr->hash_value = hash;
1600     hdr->hash_report = report;
1601 }
1602 
1603 static int virtio_net_process_rss(NetClientState *nc, const uint8_t *buf,
1604                                   size_t size)
1605 {
1606     VirtIONet *n = qemu_get_nic_opaque(nc);
1607     unsigned int index = nc->queue_index, new_index = index;
1608     struct NetRxPkt *pkt = n->rx_pkt;
1609     uint8_t net_hash_type;
1610     uint32_t hash;
1611     bool isip4, isip6, isudp, istcp;
1612     static const uint8_t reports[NetPktRssIpV6UdpEx + 1] = {
1613         VIRTIO_NET_HASH_REPORT_IPv4,
1614         VIRTIO_NET_HASH_REPORT_TCPv4,
1615         VIRTIO_NET_HASH_REPORT_TCPv6,
1616         VIRTIO_NET_HASH_REPORT_IPv6,
1617         VIRTIO_NET_HASH_REPORT_IPv6_EX,
1618         VIRTIO_NET_HASH_REPORT_TCPv6_EX,
1619         VIRTIO_NET_HASH_REPORT_UDPv4,
1620         VIRTIO_NET_HASH_REPORT_UDPv6,
1621         VIRTIO_NET_HASH_REPORT_UDPv6_EX
1622     };
1623 
1624     net_rx_pkt_set_protocols(pkt, buf + n->host_hdr_len,
1625                              size - n->host_hdr_len);
1626     net_rx_pkt_get_protocols(pkt, &isip4, &isip6, &isudp, &istcp);
1627     if (isip4 && (net_rx_pkt_get_ip4_info(pkt)->fragment)) {
1628         istcp = isudp = false;
1629     }
1630     if (isip6 && (net_rx_pkt_get_ip6_info(pkt)->fragment)) {
1631         istcp = isudp = false;
1632     }
1633     net_hash_type = virtio_net_get_hash_type(isip4, isip6, isudp, istcp,
1634                                              n->rss_data.hash_types);
1635     if (net_hash_type > NetPktRssIpV6UdpEx) {
1636         if (n->rss_data.populate_hash) {
1637             virtio_set_packet_hash(buf, VIRTIO_NET_HASH_REPORT_NONE, 0);
1638         }
1639         return n->rss_data.redirect ? n->rss_data.default_queue : -1;
1640     }
1641 
1642     hash = net_rx_pkt_calc_rss_hash(pkt, net_hash_type, n->rss_data.key);
1643 
1644     if (n->rss_data.populate_hash) {
1645         virtio_set_packet_hash(buf, reports[net_hash_type], hash);
1646     }
1647 
1648     if (n->rss_data.redirect) {
1649         new_index = hash & (n->rss_data.indirections_len - 1);
1650         new_index = n->rss_data.indirections_table[new_index];
1651     }
1652 
1653     return (index == new_index) ? -1 : new_index;
1654 }
1655 
1656 static ssize_t virtio_net_receive_rcu(NetClientState *nc, const uint8_t *buf,
1657                                       size_t size, bool no_rss)
1658 {
1659     VirtIONet *n = qemu_get_nic_opaque(nc);
1660     VirtIONetQueue *q = virtio_net_get_subqueue(nc);
1661     VirtIODevice *vdev = VIRTIO_DEVICE(n);
1662     struct iovec mhdr_sg[VIRTQUEUE_MAX_SIZE];
1663     struct virtio_net_hdr_mrg_rxbuf mhdr;
1664     unsigned mhdr_cnt = 0;
1665     size_t offset, i, guest_offset;
1666 
1667     if (!virtio_net_can_receive(nc)) {
1668         return -1;
1669     }
1670 
1671     if (!no_rss && n->rss_data.enabled) {
1672         int index = virtio_net_process_rss(nc, buf, size);
1673         if (index >= 0) {
1674             NetClientState *nc2 = qemu_get_subqueue(n->nic, index);
1675             return virtio_net_receive_rcu(nc2, buf, size, true);
1676         }
1677     }
1678 
1679     /* hdr_len refers to the header we supply to the guest */
1680     if (!virtio_net_has_buffers(q, size + n->guest_hdr_len - n->host_hdr_len)) {
1681         return 0;
1682     }
1683 
1684     if (!receive_filter(n, buf, size))
1685         return size;
1686 
1687     offset = i = 0;
1688 
1689     while (offset < size) {
1690         VirtQueueElement *elem;
1691         int len, total;
1692         const struct iovec *sg;
1693 
1694         total = 0;
1695 
1696         elem = virtqueue_pop(q->rx_vq, sizeof(VirtQueueElement));
1697         if (!elem) {
1698             if (i) {
1699                 virtio_error(vdev, "virtio-net unexpected empty queue: "
1700                              "i %zd mergeable %d offset %zd, size %zd, "
1701                              "guest hdr len %zd, host hdr len %zd "
1702                              "guest features 0x%" PRIx64,
1703                              i, n->mergeable_rx_bufs, offset, size,
1704                              n->guest_hdr_len, n->host_hdr_len,
1705                              vdev->guest_features);
1706             }
1707             return -1;
1708         }
1709 
1710         if (elem->in_num < 1) {
1711             virtio_error(vdev,
1712                          "virtio-net receive queue contains no in buffers");
1713             virtqueue_detach_element(q->rx_vq, elem, 0);
1714             g_free(elem);
1715             return -1;
1716         }
1717 
1718         sg = elem->in_sg;
1719         if (i == 0) {
1720             assert(offset == 0);
1721             if (n->mergeable_rx_bufs) {
1722                 mhdr_cnt = iov_copy(mhdr_sg, ARRAY_SIZE(mhdr_sg),
1723                                     sg, elem->in_num,
1724                                     offsetof(typeof(mhdr), num_buffers),
1725                                     sizeof(mhdr.num_buffers));
1726             }
1727 
1728             receive_header(n, sg, elem->in_num, buf, size);
1729             if (n->rss_data.populate_hash) {
1730                 offset = sizeof(mhdr);
1731                 iov_from_buf(sg, elem->in_num, offset,
1732                              buf + offset, n->host_hdr_len - sizeof(mhdr));
1733             }
1734             offset = n->host_hdr_len;
1735             total += n->guest_hdr_len;
1736             guest_offset = n->guest_hdr_len;
1737         } else {
1738             guest_offset = 0;
1739         }
1740 
1741         /* copy in packet.  ugh */
1742         len = iov_from_buf(sg, elem->in_num, guest_offset,
1743                            buf + offset, size - offset);
1744         total += len;
1745         offset += len;
1746         /* If buffers can't be merged, at this point we
1747          * must have consumed the complete packet.
1748          * Otherwise, drop it. */
1749         if (!n->mergeable_rx_bufs && offset < size) {
1750             virtqueue_unpop(q->rx_vq, elem, total);
1751             g_free(elem);
1752             return size;
1753         }
1754 
1755         /* signal other side */
1756         virtqueue_fill(q->rx_vq, elem, total, i++);
1757         g_free(elem);
1758     }
1759 
1760     if (mhdr_cnt) {
1761         virtio_stw_p(vdev, &mhdr.num_buffers, i);
1762         iov_from_buf(mhdr_sg, mhdr_cnt,
1763                      0,
1764                      &mhdr.num_buffers, sizeof mhdr.num_buffers);
1765     }
1766 
1767     virtqueue_flush(q->rx_vq, i);
1768     virtio_notify(vdev, q->rx_vq);
1769 
1770     return size;
1771 }
1772 
1773 static ssize_t virtio_net_do_receive(NetClientState *nc, const uint8_t *buf,
1774                                   size_t size)
1775 {
1776     RCU_READ_LOCK_GUARD();
1777 
1778     return virtio_net_receive_rcu(nc, buf, size, false);
1779 }
1780 
1781 static void virtio_net_rsc_extract_unit4(VirtioNetRscChain *chain,
1782                                          const uint8_t *buf,
1783                                          VirtioNetRscUnit *unit)
1784 {
1785     uint16_t ip_hdrlen;
1786     struct ip_header *ip;
1787 
1788     ip = (struct ip_header *)(buf + chain->n->guest_hdr_len
1789                               + sizeof(struct eth_header));
1790     unit->ip = (void *)ip;
1791     ip_hdrlen = (ip->ip_ver_len & 0xF) << 2;
1792     unit->ip_plen = &ip->ip_len;
1793     unit->tcp = (struct tcp_header *)(((uint8_t *)unit->ip) + ip_hdrlen);
1794     unit->tcp_hdrlen = (htons(unit->tcp->th_offset_flags) & 0xF000) >> 10;
1795     unit->payload = htons(*unit->ip_plen) - ip_hdrlen - unit->tcp_hdrlen;
1796 }
1797 
1798 static void virtio_net_rsc_extract_unit6(VirtioNetRscChain *chain,
1799                                          const uint8_t *buf,
1800                                          VirtioNetRscUnit *unit)
1801 {
1802     struct ip6_header *ip6;
1803 
1804     ip6 = (struct ip6_header *)(buf + chain->n->guest_hdr_len
1805                                  + sizeof(struct eth_header));
1806     unit->ip = ip6;
1807     unit->ip_plen = &(ip6->ip6_ctlun.ip6_un1.ip6_un1_plen);
1808     unit->tcp = (struct tcp_header *)(((uint8_t *)unit->ip)
1809                                         + sizeof(struct ip6_header));
1810     unit->tcp_hdrlen = (htons(unit->tcp->th_offset_flags) & 0xF000) >> 10;
1811 
1812     /* There is a difference between payload lenght in ipv4 and v6,
1813        ip header is excluded in ipv6 */
1814     unit->payload = htons(*unit->ip_plen) - unit->tcp_hdrlen;
1815 }
1816 
1817 static size_t virtio_net_rsc_drain_seg(VirtioNetRscChain *chain,
1818                                        VirtioNetRscSeg *seg)
1819 {
1820     int ret;
1821     struct virtio_net_hdr_v1 *h;
1822 
1823     h = (struct virtio_net_hdr_v1 *)seg->buf;
1824     h->flags = 0;
1825     h->gso_type = VIRTIO_NET_HDR_GSO_NONE;
1826 
1827     if (seg->is_coalesced) {
1828         h->rsc.segments = seg->packets;
1829         h->rsc.dup_acks = seg->dup_ack;
1830         h->flags = VIRTIO_NET_HDR_F_RSC_INFO;
1831         if (chain->proto == ETH_P_IP) {
1832             h->gso_type = VIRTIO_NET_HDR_GSO_TCPV4;
1833         } else {
1834             h->gso_type = VIRTIO_NET_HDR_GSO_TCPV6;
1835         }
1836     }
1837 
1838     ret = virtio_net_do_receive(seg->nc, seg->buf, seg->size);
1839     QTAILQ_REMOVE(&chain->buffers, seg, next);
1840     g_free(seg->buf);
1841     g_free(seg);
1842 
1843     return ret;
1844 }
1845 
1846 static void virtio_net_rsc_purge(void *opq)
1847 {
1848     VirtioNetRscSeg *seg, *rn;
1849     VirtioNetRscChain *chain = (VirtioNetRscChain *)opq;
1850 
1851     QTAILQ_FOREACH_SAFE(seg, &chain->buffers, next, rn) {
1852         if (virtio_net_rsc_drain_seg(chain, seg) == 0) {
1853             chain->stat.purge_failed++;
1854             continue;
1855         }
1856     }
1857 
1858     chain->stat.timer++;
1859     if (!QTAILQ_EMPTY(&chain->buffers)) {
1860         timer_mod(chain->drain_timer,
1861               qemu_clock_get_ns(QEMU_CLOCK_HOST) + chain->n->rsc_timeout);
1862     }
1863 }
1864 
1865 static void virtio_net_rsc_cleanup(VirtIONet *n)
1866 {
1867     VirtioNetRscChain *chain, *rn_chain;
1868     VirtioNetRscSeg *seg, *rn_seg;
1869 
1870     QTAILQ_FOREACH_SAFE(chain, &n->rsc_chains, next, rn_chain) {
1871         QTAILQ_FOREACH_SAFE(seg, &chain->buffers, next, rn_seg) {
1872             QTAILQ_REMOVE(&chain->buffers, seg, next);
1873             g_free(seg->buf);
1874             g_free(seg);
1875         }
1876 
1877         timer_free(chain->drain_timer);
1878         QTAILQ_REMOVE(&n->rsc_chains, chain, next);
1879         g_free(chain);
1880     }
1881 }
1882 
1883 static void virtio_net_rsc_cache_buf(VirtioNetRscChain *chain,
1884                                      NetClientState *nc,
1885                                      const uint8_t *buf, size_t size)
1886 {
1887     uint16_t hdr_len;
1888     VirtioNetRscSeg *seg;
1889 
1890     hdr_len = chain->n->guest_hdr_len;
1891     seg = g_malloc(sizeof(VirtioNetRscSeg));
1892     seg->buf = g_malloc(hdr_len + sizeof(struct eth_header)
1893         + sizeof(struct ip6_header) + VIRTIO_NET_MAX_TCP_PAYLOAD);
1894     memcpy(seg->buf, buf, size);
1895     seg->size = size;
1896     seg->packets = 1;
1897     seg->dup_ack = 0;
1898     seg->is_coalesced = 0;
1899     seg->nc = nc;
1900 
1901     QTAILQ_INSERT_TAIL(&chain->buffers, seg, next);
1902     chain->stat.cache++;
1903 
1904     switch (chain->proto) {
1905     case ETH_P_IP:
1906         virtio_net_rsc_extract_unit4(chain, seg->buf, &seg->unit);
1907         break;
1908     case ETH_P_IPV6:
1909         virtio_net_rsc_extract_unit6(chain, seg->buf, &seg->unit);
1910         break;
1911     default:
1912         g_assert_not_reached();
1913     }
1914 }
1915 
1916 static int32_t virtio_net_rsc_handle_ack(VirtioNetRscChain *chain,
1917                                          VirtioNetRscSeg *seg,
1918                                          const uint8_t *buf,
1919                                          struct tcp_header *n_tcp,
1920                                          struct tcp_header *o_tcp)
1921 {
1922     uint32_t nack, oack;
1923     uint16_t nwin, owin;
1924 
1925     nack = htonl(n_tcp->th_ack);
1926     nwin = htons(n_tcp->th_win);
1927     oack = htonl(o_tcp->th_ack);
1928     owin = htons(o_tcp->th_win);
1929 
1930     if ((nack - oack) >= VIRTIO_NET_MAX_TCP_PAYLOAD) {
1931         chain->stat.ack_out_of_win++;
1932         return RSC_FINAL;
1933     } else if (nack == oack) {
1934         /* duplicated ack or window probe */
1935         if (nwin == owin) {
1936             /* duplicated ack, add dup ack count due to whql test up to 1 */
1937             chain->stat.dup_ack++;
1938             return RSC_FINAL;
1939         } else {
1940             /* Coalesce window update */
1941             o_tcp->th_win = n_tcp->th_win;
1942             chain->stat.win_update++;
1943             return RSC_COALESCE;
1944         }
1945     } else {
1946         /* pure ack, go to 'C', finalize*/
1947         chain->stat.pure_ack++;
1948         return RSC_FINAL;
1949     }
1950 }
1951 
1952 static int32_t virtio_net_rsc_coalesce_data(VirtioNetRscChain *chain,
1953                                             VirtioNetRscSeg *seg,
1954                                             const uint8_t *buf,
1955                                             VirtioNetRscUnit *n_unit)
1956 {
1957     void *data;
1958     uint16_t o_ip_len;
1959     uint32_t nseq, oseq;
1960     VirtioNetRscUnit *o_unit;
1961 
1962     o_unit = &seg->unit;
1963     o_ip_len = htons(*o_unit->ip_plen);
1964     nseq = htonl(n_unit->tcp->th_seq);
1965     oseq = htonl(o_unit->tcp->th_seq);
1966 
1967     /* out of order or retransmitted. */
1968     if ((nseq - oseq) > VIRTIO_NET_MAX_TCP_PAYLOAD) {
1969         chain->stat.data_out_of_win++;
1970         return RSC_FINAL;
1971     }
1972 
1973     data = ((uint8_t *)n_unit->tcp) + n_unit->tcp_hdrlen;
1974     if (nseq == oseq) {
1975         if ((o_unit->payload == 0) && n_unit->payload) {
1976             /* From no payload to payload, normal case, not a dup ack or etc */
1977             chain->stat.data_after_pure_ack++;
1978             goto coalesce;
1979         } else {
1980             return virtio_net_rsc_handle_ack(chain, seg, buf,
1981                                              n_unit->tcp, o_unit->tcp);
1982         }
1983     } else if ((nseq - oseq) != o_unit->payload) {
1984         /* Not a consistent packet, out of order */
1985         chain->stat.data_out_of_order++;
1986         return RSC_FINAL;
1987     } else {
1988 coalesce:
1989         if ((o_ip_len + n_unit->payload) > chain->max_payload) {
1990             chain->stat.over_size++;
1991             return RSC_FINAL;
1992         }
1993 
1994         /* Here comes the right data, the payload length in v4/v6 is different,
1995            so use the field value to update and record the new data len */
1996         o_unit->payload += n_unit->payload; /* update new data len */
1997 
1998         /* update field in ip header */
1999         *o_unit->ip_plen = htons(o_ip_len + n_unit->payload);
2000 
2001         /* Bring 'PUSH' big, the whql test guide says 'PUSH' can be coalesced
2002            for windows guest, while this may change the behavior for linux
2003            guest (only if it uses RSC feature). */
2004         o_unit->tcp->th_offset_flags = n_unit->tcp->th_offset_flags;
2005 
2006         o_unit->tcp->th_ack = n_unit->tcp->th_ack;
2007         o_unit->tcp->th_win = n_unit->tcp->th_win;
2008 
2009         memmove(seg->buf + seg->size, data, n_unit->payload);
2010         seg->size += n_unit->payload;
2011         seg->packets++;
2012         chain->stat.coalesced++;
2013         return RSC_COALESCE;
2014     }
2015 }
2016 
2017 static int32_t virtio_net_rsc_coalesce4(VirtioNetRscChain *chain,
2018                                         VirtioNetRscSeg *seg,
2019                                         const uint8_t *buf, size_t size,
2020                                         VirtioNetRscUnit *unit)
2021 {
2022     struct ip_header *ip1, *ip2;
2023 
2024     ip1 = (struct ip_header *)(unit->ip);
2025     ip2 = (struct ip_header *)(seg->unit.ip);
2026     if ((ip1->ip_src ^ ip2->ip_src) || (ip1->ip_dst ^ ip2->ip_dst)
2027         || (unit->tcp->th_sport ^ seg->unit.tcp->th_sport)
2028         || (unit->tcp->th_dport ^ seg->unit.tcp->th_dport)) {
2029         chain->stat.no_match++;
2030         return RSC_NO_MATCH;
2031     }
2032 
2033     return virtio_net_rsc_coalesce_data(chain, seg, buf, unit);
2034 }
2035 
2036 static int32_t virtio_net_rsc_coalesce6(VirtioNetRscChain *chain,
2037                                         VirtioNetRscSeg *seg,
2038                                         const uint8_t *buf, size_t size,
2039                                         VirtioNetRscUnit *unit)
2040 {
2041     struct ip6_header *ip1, *ip2;
2042 
2043     ip1 = (struct ip6_header *)(unit->ip);
2044     ip2 = (struct ip6_header *)(seg->unit.ip);
2045     if (memcmp(&ip1->ip6_src, &ip2->ip6_src, sizeof(struct in6_address))
2046         || memcmp(&ip1->ip6_dst, &ip2->ip6_dst, sizeof(struct in6_address))
2047         || (unit->tcp->th_sport ^ seg->unit.tcp->th_sport)
2048         || (unit->tcp->th_dport ^ seg->unit.tcp->th_dport)) {
2049             chain->stat.no_match++;
2050             return RSC_NO_MATCH;
2051     }
2052 
2053     return virtio_net_rsc_coalesce_data(chain, seg, buf, unit);
2054 }
2055 
2056 /* Packets with 'SYN' should bypass, other flag should be sent after drain
2057  * to prevent out of order */
2058 static int virtio_net_rsc_tcp_ctrl_check(VirtioNetRscChain *chain,
2059                                          struct tcp_header *tcp)
2060 {
2061     uint16_t tcp_hdr;
2062     uint16_t tcp_flag;
2063 
2064     tcp_flag = htons(tcp->th_offset_flags);
2065     tcp_hdr = (tcp_flag & VIRTIO_NET_TCP_HDR_LENGTH) >> 10;
2066     tcp_flag &= VIRTIO_NET_TCP_FLAG;
2067     if (tcp_flag & TH_SYN) {
2068         chain->stat.tcp_syn++;
2069         return RSC_BYPASS;
2070     }
2071 
2072     if (tcp_flag & (TH_FIN | TH_URG | TH_RST | TH_ECE | TH_CWR)) {
2073         chain->stat.tcp_ctrl_drain++;
2074         return RSC_FINAL;
2075     }
2076 
2077     if (tcp_hdr > sizeof(struct tcp_header)) {
2078         chain->stat.tcp_all_opt++;
2079         return RSC_FINAL;
2080     }
2081 
2082     return RSC_CANDIDATE;
2083 }
2084 
2085 static size_t virtio_net_rsc_do_coalesce(VirtioNetRscChain *chain,
2086                                          NetClientState *nc,
2087                                          const uint8_t *buf, size_t size,
2088                                          VirtioNetRscUnit *unit)
2089 {
2090     int ret;
2091     VirtioNetRscSeg *seg, *nseg;
2092 
2093     if (QTAILQ_EMPTY(&chain->buffers)) {
2094         chain->stat.empty_cache++;
2095         virtio_net_rsc_cache_buf(chain, nc, buf, size);
2096         timer_mod(chain->drain_timer,
2097               qemu_clock_get_ns(QEMU_CLOCK_HOST) + chain->n->rsc_timeout);
2098         return size;
2099     }
2100 
2101     QTAILQ_FOREACH_SAFE(seg, &chain->buffers, next, nseg) {
2102         if (chain->proto == ETH_P_IP) {
2103             ret = virtio_net_rsc_coalesce4(chain, seg, buf, size, unit);
2104         } else {
2105             ret = virtio_net_rsc_coalesce6(chain, seg, buf, size, unit);
2106         }
2107 
2108         if (ret == RSC_FINAL) {
2109             if (virtio_net_rsc_drain_seg(chain, seg) == 0) {
2110                 /* Send failed */
2111                 chain->stat.final_failed++;
2112                 return 0;
2113             }
2114 
2115             /* Send current packet */
2116             return virtio_net_do_receive(nc, buf, size);
2117         } else if (ret == RSC_NO_MATCH) {
2118             continue;
2119         } else {
2120             /* Coalesced, mark coalesced flag to tell calc cksum for ipv4 */
2121             seg->is_coalesced = 1;
2122             return size;
2123         }
2124     }
2125 
2126     chain->stat.no_match_cache++;
2127     virtio_net_rsc_cache_buf(chain, nc, buf, size);
2128     return size;
2129 }
2130 
2131 /* Drain a connection data, this is to avoid out of order segments */
2132 static size_t virtio_net_rsc_drain_flow(VirtioNetRscChain *chain,
2133                                         NetClientState *nc,
2134                                         const uint8_t *buf, size_t size,
2135                                         uint16_t ip_start, uint16_t ip_size,
2136                                         uint16_t tcp_port)
2137 {
2138     VirtioNetRscSeg *seg, *nseg;
2139     uint32_t ppair1, ppair2;
2140 
2141     ppair1 = *(uint32_t *)(buf + tcp_port);
2142     QTAILQ_FOREACH_SAFE(seg, &chain->buffers, next, nseg) {
2143         ppair2 = *(uint32_t *)(seg->buf + tcp_port);
2144         if (memcmp(buf + ip_start, seg->buf + ip_start, ip_size)
2145             || (ppair1 != ppair2)) {
2146             continue;
2147         }
2148         if (virtio_net_rsc_drain_seg(chain, seg) == 0) {
2149             chain->stat.drain_failed++;
2150         }
2151 
2152         break;
2153     }
2154 
2155     return virtio_net_do_receive(nc, buf, size);
2156 }
2157 
2158 static int32_t virtio_net_rsc_sanity_check4(VirtioNetRscChain *chain,
2159                                             struct ip_header *ip,
2160                                             const uint8_t *buf, size_t size)
2161 {
2162     uint16_t ip_len;
2163 
2164     /* Not an ipv4 packet */
2165     if (((ip->ip_ver_len & 0xF0) >> 4) != IP_HEADER_VERSION_4) {
2166         chain->stat.ip_option++;
2167         return RSC_BYPASS;
2168     }
2169 
2170     /* Don't handle packets with ip option */
2171     if ((ip->ip_ver_len & 0xF) != VIRTIO_NET_IP4_HEADER_LENGTH) {
2172         chain->stat.ip_option++;
2173         return RSC_BYPASS;
2174     }
2175 
2176     if (ip->ip_p != IPPROTO_TCP) {
2177         chain->stat.bypass_not_tcp++;
2178         return RSC_BYPASS;
2179     }
2180 
2181     /* Don't handle packets with ip fragment */
2182     if (!(htons(ip->ip_off) & IP_DF)) {
2183         chain->stat.ip_frag++;
2184         return RSC_BYPASS;
2185     }
2186 
2187     /* Don't handle packets with ecn flag */
2188     if (IPTOS_ECN(ip->ip_tos)) {
2189         chain->stat.ip_ecn++;
2190         return RSC_BYPASS;
2191     }
2192 
2193     ip_len = htons(ip->ip_len);
2194     if (ip_len < (sizeof(struct ip_header) + sizeof(struct tcp_header))
2195         || ip_len > (size - chain->n->guest_hdr_len -
2196                      sizeof(struct eth_header))) {
2197         chain->stat.ip_hacked++;
2198         return RSC_BYPASS;
2199     }
2200 
2201     return RSC_CANDIDATE;
2202 }
2203 
2204 static size_t virtio_net_rsc_receive4(VirtioNetRscChain *chain,
2205                                       NetClientState *nc,
2206                                       const uint8_t *buf, size_t size)
2207 {
2208     int32_t ret;
2209     uint16_t hdr_len;
2210     VirtioNetRscUnit unit;
2211 
2212     hdr_len = ((VirtIONet *)(chain->n))->guest_hdr_len;
2213 
2214     if (size < (hdr_len + sizeof(struct eth_header) + sizeof(struct ip_header)
2215         + sizeof(struct tcp_header))) {
2216         chain->stat.bypass_not_tcp++;
2217         return virtio_net_do_receive(nc, buf, size);
2218     }
2219 
2220     virtio_net_rsc_extract_unit4(chain, buf, &unit);
2221     if (virtio_net_rsc_sanity_check4(chain, unit.ip, buf, size)
2222         != RSC_CANDIDATE) {
2223         return virtio_net_do_receive(nc, buf, size);
2224     }
2225 
2226     ret = virtio_net_rsc_tcp_ctrl_check(chain, unit.tcp);
2227     if (ret == RSC_BYPASS) {
2228         return virtio_net_do_receive(nc, buf, size);
2229     } else if (ret == RSC_FINAL) {
2230         return virtio_net_rsc_drain_flow(chain, nc, buf, size,
2231                 ((hdr_len + sizeof(struct eth_header)) + 12),
2232                 VIRTIO_NET_IP4_ADDR_SIZE,
2233                 hdr_len + sizeof(struct eth_header) + sizeof(struct ip_header));
2234     }
2235 
2236     return virtio_net_rsc_do_coalesce(chain, nc, buf, size, &unit);
2237 }
2238 
2239 static int32_t virtio_net_rsc_sanity_check6(VirtioNetRscChain *chain,
2240                                             struct ip6_header *ip6,
2241                                             const uint8_t *buf, size_t size)
2242 {
2243     uint16_t ip_len;
2244 
2245     if (((ip6->ip6_ctlun.ip6_un1.ip6_un1_flow & 0xF0) >> 4)
2246         != IP_HEADER_VERSION_6) {
2247         return RSC_BYPASS;
2248     }
2249 
2250     /* Both option and protocol is checked in this */
2251     if (ip6->ip6_ctlun.ip6_un1.ip6_un1_nxt != IPPROTO_TCP) {
2252         chain->stat.bypass_not_tcp++;
2253         return RSC_BYPASS;
2254     }
2255 
2256     ip_len = htons(ip6->ip6_ctlun.ip6_un1.ip6_un1_plen);
2257     if (ip_len < sizeof(struct tcp_header) ||
2258         ip_len > (size - chain->n->guest_hdr_len - sizeof(struct eth_header)
2259                   - sizeof(struct ip6_header))) {
2260         chain->stat.ip_hacked++;
2261         return RSC_BYPASS;
2262     }
2263 
2264     /* Don't handle packets with ecn flag */
2265     if (IP6_ECN(ip6->ip6_ctlun.ip6_un3.ip6_un3_ecn)) {
2266         chain->stat.ip_ecn++;
2267         return RSC_BYPASS;
2268     }
2269 
2270     return RSC_CANDIDATE;
2271 }
2272 
2273 static size_t virtio_net_rsc_receive6(void *opq, NetClientState *nc,
2274                                       const uint8_t *buf, size_t size)
2275 {
2276     int32_t ret;
2277     uint16_t hdr_len;
2278     VirtioNetRscChain *chain;
2279     VirtioNetRscUnit unit;
2280 
2281     chain = (VirtioNetRscChain *)opq;
2282     hdr_len = ((VirtIONet *)(chain->n))->guest_hdr_len;
2283 
2284     if (size < (hdr_len + sizeof(struct eth_header) + sizeof(struct ip6_header)
2285         + sizeof(tcp_header))) {
2286         return virtio_net_do_receive(nc, buf, size);
2287     }
2288 
2289     virtio_net_rsc_extract_unit6(chain, buf, &unit);
2290     if (RSC_CANDIDATE != virtio_net_rsc_sanity_check6(chain,
2291                                                  unit.ip, buf, size)) {
2292         return virtio_net_do_receive(nc, buf, size);
2293     }
2294 
2295     ret = virtio_net_rsc_tcp_ctrl_check(chain, unit.tcp);
2296     if (ret == RSC_BYPASS) {
2297         return virtio_net_do_receive(nc, buf, size);
2298     } else if (ret == RSC_FINAL) {
2299         return virtio_net_rsc_drain_flow(chain, nc, buf, size,
2300                 ((hdr_len + sizeof(struct eth_header)) + 8),
2301                 VIRTIO_NET_IP6_ADDR_SIZE,
2302                 hdr_len + sizeof(struct eth_header)
2303                 + sizeof(struct ip6_header));
2304     }
2305 
2306     return virtio_net_rsc_do_coalesce(chain, nc, buf, size, &unit);
2307 }
2308 
2309 static VirtioNetRscChain *virtio_net_rsc_lookup_chain(VirtIONet *n,
2310                                                       NetClientState *nc,
2311                                                       uint16_t proto)
2312 {
2313     VirtioNetRscChain *chain;
2314 
2315     if ((proto != (uint16_t)ETH_P_IP) && (proto != (uint16_t)ETH_P_IPV6)) {
2316         return NULL;
2317     }
2318 
2319     QTAILQ_FOREACH(chain, &n->rsc_chains, next) {
2320         if (chain->proto == proto) {
2321             return chain;
2322         }
2323     }
2324 
2325     chain = g_malloc(sizeof(*chain));
2326     chain->n = n;
2327     chain->proto = proto;
2328     if (proto == (uint16_t)ETH_P_IP) {
2329         chain->max_payload = VIRTIO_NET_MAX_IP4_PAYLOAD;
2330         chain->gso_type = VIRTIO_NET_HDR_GSO_TCPV4;
2331     } else {
2332         chain->max_payload = VIRTIO_NET_MAX_IP6_PAYLOAD;
2333         chain->gso_type = VIRTIO_NET_HDR_GSO_TCPV6;
2334     }
2335     chain->drain_timer = timer_new_ns(QEMU_CLOCK_HOST,
2336                                       virtio_net_rsc_purge, chain);
2337     memset(&chain->stat, 0, sizeof(chain->stat));
2338 
2339     QTAILQ_INIT(&chain->buffers);
2340     QTAILQ_INSERT_TAIL(&n->rsc_chains, chain, next);
2341 
2342     return chain;
2343 }
2344 
2345 static ssize_t virtio_net_rsc_receive(NetClientState *nc,
2346                                       const uint8_t *buf,
2347                                       size_t size)
2348 {
2349     uint16_t proto;
2350     VirtioNetRscChain *chain;
2351     struct eth_header *eth;
2352     VirtIONet *n;
2353 
2354     n = qemu_get_nic_opaque(nc);
2355     if (size < (n->host_hdr_len + sizeof(struct eth_header))) {
2356         return virtio_net_do_receive(nc, buf, size);
2357     }
2358 
2359     eth = (struct eth_header *)(buf + n->guest_hdr_len);
2360     proto = htons(eth->h_proto);
2361 
2362     chain = virtio_net_rsc_lookup_chain(n, nc, proto);
2363     if (chain) {
2364         chain->stat.received++;
2365         if (proto == (uint16_t)ETH_P_IP && n->rsc4_enabled) {
2366             return virtio_net_rsc_receive4(chain, nc, buf, size);
2367         } else if (proto == (uint16_t)ETH_P_IPV6 && n->rsc6_enabled) {
2368             return virtio_net_rsc_receive6(chain, nc, buf, size);
2369         }
2370     }
2371     return virtio_net_do_receive(nc, buf, size);
2372 }
2373 
2374 static ssize_t virtio_net_receive(NetClientState *nc, const uint8_t *buf,
2375                                   size_t size)
2376 {
2377     VirtIONet *n = qemu_get_nic_opaque(nc);
2378     if ((n->rsc4_enabled || n->rsc6_enabled)) {
2379         return virtio_net_rsc_receive(nc, buf, size);
2380     } else {
2381         return virtio_net_do_receive(nc, buf, size);
2382     }
2383 }
2384 
2385 static int32_t virtio_net_flush_tx(VirtIONetQueue *q);
2386 
2387 static void virtio_net_tx_complete(NetClientState *nc, ssize_t len)
2388 {
2389     VirtIONet *n = qemu_get_nic_opaque(nc);
2390     VirtIONetQueue *q = virtio_net_get_subqueue(nc);
2391     VirtIODevice *vdev = VIRTIO_DEVICE(n);
2392 
2393     virtqueue_push(q->tx_vq, q->async_tx.elem, 0);
2394     virtio_notify(vdev, q->tx_vq);
2395 
2396     g_free(q->async_tx.elem);
2397     q->async_tx.elem = NULL;
2398 
2399     virtio_queue_set_notification(q->tx_vq, 1);
2400     virtio_net_flush_tx(q);
2401 }
2402 
2403 /* TX */
2404 static int32_t virtio_net_flush_tx(VirtIONetQueue *q)
2405 {
2406     VirtIONet *n = q->n;
2407     VirtIODevice *vdev = VIRTIO_DEVICE(n);
2408     VirtQueueElement *elem;
2409     int32_t num_packets = 0;
2410     int queue_index = vq2q(virtio_get_queue_index(q->tx_vq));
2411     if (!(vdev->status & VIRTIO_CONFIG_S_DRIVER_OK)) {
2412         return num_packets;
2413     }
2414 
2415     if (q->async_tx.elem) {
2416         virtio_queue_set_notification(q->tx_vq, 0);
2417         return num_packets;
2418     }
2419 
2420     for (;;) {
2421         ssize_t ret;
2422         unsigned int out_num;
2423         struct iovec sg[VIRTQUEUE_MAX_SIZE], sg2[VIRTQUEUE_MAX_SIZE + 1], *out_sg;
2424         struct virtio_net_hdr_mrg_rxbuf mhdr;
2425 
2426         elem = virtqueue_pop(q->tx_vq, sizeof(VirtQueueElement));
2427         if (!elem) {
2428             break;
2429         }
2430 
2431         out_num = elem->out_num;
2432         out_sg = elem->out_sg;
2433         if (out_num < 1) {
2434             virtio_error(vdev, "virtio-net header not in first element");
2435             virtqueue_detach_element(q->tx_vq, elem, 0);
2436             g_free(elem);
2437             return -EINVAL;
2438         }
2439 
2440         if (n->has_vnet_hdr) {
2441             if (iov_to_buf(out_sg, out_num, 0, &mhdr, n->guest_hdr_len) <
2442                 n->guest_hdr_len) {
2443                 virtio_error(vdev, "virtio-net header incorrect");
2444                 virtqueue_detach_element(q->tx_vq, elem, 0);
2445                 g_free(elem);
2446                 return -EINVAL;
2447             }
2448             if (n->needs_vnet_hdr_swap) {
2449                 virtio_net_hdr_swap(vdev, (void *) &mhdr);
2450                 sg2[0].iov_base = &mhdr;
2451                 sg2[0].iov_len = n->guest_hdr_len;
2452                 out_num = iov_copy(&sg2[1], ARRAY_SIZE(sg2) - 1,
2453                                    out_sg, out_num,
2454                                    n->guest_hdr_len, -1);
2455                 if (out_num == VIRTQUEUE_MAX_SIZE) {
2456                     goto drop;
2457                 }
2458                 out_num += 1;
2459                 out_sg = sg2;
2460             }
2461         }
2462         /*
2463          * If host wants to see the guest header as is, we can
2464          * pass it on unchanged. Otherwise, copy just the parts
2465          * that host is interested in.
2466          */
2467         assert(n->host_hdr_len <= n->guest_hdr_len);
2468         if (n->host_hdr_len != n->guest_hdr_len) {
2469             unsigned sg_num = iov_copy(sg, ARRAY_SIZE(sg),
2470                                        out_sg, out_num,
2471                                        0, n->host_hdr_len);
2472             sg_num += iov_copy(sg + sg_num, ARRAY_SIZE(sg) - sg_num,
2473                              out_sg, out_num,
2474                              n->guest_hdr_len, -1);
2475             out_num = sg_num;
2476             out_sg = sg;
2477         }
2478 
2479         ret = qemu_sendv_packet_async(qemu_get_subqueue(n->nic, queue_index),
2480                                       out_sg, out_num, virtio_net_tx_complete);
2481         if (ret == 0) {
2482             virtio_queue_set_notification(q->tx_vq, 0);
2483             q->async_tx.elem = elem;
2484             return -EBUSY;
2485         }
2486 
2487 drop:
2488         virtqueue_push(q->tx_vq, elem, 0);
2489         virtio_notify(vdev, q->tx_vq);
2490         g_free(elem);
2491 
2492         if (++num_packets >= n->tx_burst) {
2493             break;
2494         }
2495     }
2496     return num_packets;
2497 }
2498 
2499 static void virtio_net_handle_tx_timer(VirtIODevice *vdev, VirtQueue *vq)
2500 {
2501     VirtIONet *n = VIRTIO_NET(vdev);
2502     VirtIONetQueue *q = &n->vqs[vq2q(virtio_get_queue_index(vq))];
2503 
2504     if (unlikely((n->status & VIRTIO_NET_S_LINK_UP) == 0)) {
2505         virtio_net_drop_tx_queue_data(vdev, vq);
2506         return;
2507     }
2508 
2509     /* This happens when device was stopped but VCPU wasn't. */
2510     if (!vdev->vm_running) {
2511         q->tx_waiting = 1;
2512         return;
2513     }
2514 
2515     if (q->tx_waiting) {
2516         virtio_queue_set_notification(vq, 1);
2517         timer_del(q->tx_timer);
2518         q->tx_waiting = 0;
2519         if (virtio_net_flush_tx(q) == -EINVAL) {
2520             return;
2521         }
2522     } else {
2523         timer_mod(q->tx_timer,
2524                        qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + n->tx_timeout);
2525         q->tx_waiting = 1;
2526         virtio_queue_set_notification(vq, 0);
2527     }
2528 }
2529 
2530 static void virtio_net_handle_tx_bh(VirtIODevice *vdev, VirtQueue *vq)
2531 {
2532     VirtIONet *n = VIRTIO_NET(vdev);
2533     VirtIONetQueue *q = &n->vqs[vq2q(virtio_get_queue_index(vq))];
2534 
2535     if (unlikely((n->status & VIRTIO_NET_S_LINK_UP) == 0)) {
2536         virtio_net_drop_tx_queue_data(vdev, vq);
2537         return;
2538     }
2539 
2540     if (unlikely(q->tx_waiting)) {
2541         return;
2542     }
2543     q->tx_waiting = 1;
2544     /* This happens when device was stopped but VCPU wasn't. */
2545     if (!vdev->vm_running) {
2546         return;
2547     }
2548     virtio_queue_set_notification(vq, 0);
2549     qemu_bh_schedule(q->tx_bh);
2550 }
2551 
2552 static void virtio_net_tx_timer(void *opaque)
2553 {
2554     VirtIONetQueue *q = opaque;
2555     VirtIONet *n = q->n;
2556     VirtIODevice *vdev = VIRTIO_DEVICE(n);
2557     /* This happens when device was stopped but BH wasn't. */
2558     if (!vdev->vm_running) {
2559         /* Make sure tx waiting is set, so we'll run when restarted. */
2560         assert(q->tx_waiting);
2561         return;
2562     }
2563 
2564     q->tx_waiting = 0;
2565 
2566     /* Just in case the driver is not ready on more */
2567     if (!(vdev->status & VIRTIO_CONFIG_S_DRIVER_OK)) {
2568         return;
2569     }
2570 
2571     virtio_queue_set_notification(q->tx_vq, 1);
2572     virtio_net_flush_tx(q);
2573 }
2574 
2575 static void virtio_net_tx_bh(void *opaque)
2576 {
2577     VirtIONetQueue *q = opaque;
2578     VirtIONet *n = q->n;
2579     VirtIODevice *vdev = VIRTIO_DEVICE(n);
2580     int32_t ret;
2581 
2582     /* This happens when device was stopped but BH wasn't. */
2583     if (!vdev->vm_running) {
2584         /* Make sure tx waiting is set, so we'll run when restarted. */
2585         assert(q->tx_waiting);
2586         return;
2587     }
2588 
2589     q->tx_waiting = 0;
2590 
2591     /* Just in case the driver is not ready on more */
2592     if (unlikely(!(vdev->status & VIRTIO_CONFIG_S_DRIVER_OK))) {
2593         return;
2594     }
2595 
2596     ret = virtio_net_flush_tx(q);
2597     if (ret == -EBUSY || ret == -EINVAL) {
2598         return; /* Notification re-enable handled by tx_complete or device
2599                  * broken */
2600     }
2601 
2602     /* If we flush a full burst of packets, assume there are
2603      * more coming and immediately reschedule */
2604     if (ret >= n->tx_burst) {
2605         qemu_bh_schedule(q->tx_bh);
2606         q->tx_waiting = 1;
2607         return;
2608     }
2609 
2610     /* If less than a full burst, re-enable notification and flush
2611      * anything that may have come in while we weren't looking.  If
2612      * we find something, assume the guest is still active and reschedule */
2613     virtio_queue_set_notification(q->tx_vq, 1);
2614     ret = virtio_net_flush_tx(q);
2615     if (ret == -EINVAL) {
2616         return;
2617     } else if (ret > 0) {
2618         virtio_queue_set_notification(q->tx_vq, 0);
2619         qemu_bh_schedule(q->tx_bh);
2620         q->tx_waiting = 1;
2621     }
2622 }
2623 
2624 static void virtio_net_add_queue(VirtIONet *n, int index)
2625 {
2626     VirtIODevice *vdev = VIRTIO_DEVICE(n);
2627 
2628     n->vqs[index].rx_vq = virtio_add_queue(vdev, n->net_conf.rx_queue_size,
2629                                            virtio_net_handle_rx);
2630 
2631     if (n->net_conf.tx && !strcmp(n->net_conf.tx, "timer")) {
2632         n->vqs[index].tx_vq =
2633             virtio_add_queue(vdev, n->net_conf.tx_queue_size,
2634                              virtio_net_handle_tx_timer);
2635         n->vqs[index].tx_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL,
2636                                               virtio_net_tx_timer,
2637                                               &n->vqs[index]);
2638     } else {
2639         n->vqs[index].tx_vq =
2640             virtio_add_queue(vdev, n->net_conf.tx_queue_size,
2641                              virtio_net_handle_tx_bh);
2642         n->vqs[index].tx_bh = qemu_bh_new(virtio_net_tx_bh, &n->vqs[index]);
2643     }
2644 
2645     n->vqs[index].tx_waiting = 0;
2646     n->vqs[index].n = n;
2647 }
2648 
2649 static void virtio_net_del_queue(VirtIONet *n, int index)
2650 {
2651     VirtIODevice *vdev = VIRTIO_DEVICE(n);
2652     VirtIONetQueue *q = &n->vqs[index];
2653     NetClientState *nc = qemu_get_subqueue(n->nic, index);
2654 
2655     qemu_purge_queued_packets(nc);
2656 
2657     virtio_del_queue(vdev, index * 2);
2658     if (q->tx_timer) {
2659         timer_free(q->tx_timer);
2660         q->tx_timer = NULL;
2661     } else {
2662         qemu_bh_delete(q->tx_bh);
2663         q->tx_bh = NULL;
2664     }
2665     q->tx_waiting = 0;
2666     virtio_del_queue(vdev, index * 2 + 1);
2667 }
2668 
2669 static void virtio_net_change_num_queues(VirtIONet *n, int new_max_queues)
2670 {
2671     VirtIODevice *vdev = VIRTIO_DEVICE(n);
2672     int old_num_queues = virtio_get_num_queues(vdev);
2673     int new_num_queues = new_max_queues * 2 + 1;
2674     int i;
2675 
2676     assert(old_num_queues >= 3);
2677     assert(old_num_queues % 2 == 1);
2678 
2679     if (old_num_queues == new_num_queues) {
2680         return;
2681     }
2682 
2683     /*
2684      * We always need to remove and add ctrl vq if
2685      * old_num_queues != new_num_queues. Remove ctrl_vq first,
2686      * and then we only enter one of the following two loops.
2687      */
2688     virtio_del_queue(vdev, old_num_queues - 1);
2689 
2690     for (i = new_num_queues - 1; i < old_num_queues - 1; i += 2) {
2691         /* new_num_queues < old_num_queues */
2692         virtio_net_del_queue(n, i / 2);
2693     }
2694 
2695     for (i = old_num_queues - 1; i < new_num_queues - 1; i += 2) {
2696         /* new_num_queues > old_num_queues */
2697         virtio_net_add_queue(n, i / 2);
2698     }
2699 
2700     /* add ctrl_vq last */
2701     n->ctrl_vq = virtio_add_queue(vdev, 64, virtio_net_handle_ctrl);
2702 }
2703 
2704 static void virtio_net_set_multiqueue(VirtIONet *n, int multiqueue)
2705 {
2706     int max = multiqueue ? n->max_queues : 1;
2707 
2708     n->multiqueue = multiqueue;
2709     virtio_net_change_num_queues(n, max);
2710 
2711     virtio_net_set_queues(n);
2712 }
2713 
2714 static int virtio_net_post_load_device(void *opaque, int version_id)
2715 {
2716     VirtIONet *n = opaque;
2717     VirtIODevice *vdev = VIRTIO_DEVICE(n);
2718     int i, link_down;
2719 
2720     trace_virtio_net_post_load_device();
2721     virtio_net_set_mrg_rx_bufs(n, n->mergeable_rx_bufs,
2722                                virtio_vdev_has_feature(vdev,
2723                                                        VIRTIO_F_VERSION_1),
2724                                virtio_vdev_has_feature(vdev,
2725                                                        VIRTIO_NET_F_HASH_REPORT));
2726 
2727     /* MAC_TABLE_ENTRIES may be different from the saved image */
2728     if (n->mac_table.in_use > MAC_TABLE_ENTRIES) {
2729         n->mac_table.in_use = 0;
2730     }
2731 
2732     if (!virtio_vdev_has_feature(vdev, VIRTIO_NET_F_CTRL_GUEST_OFFLOADS)) {
2733         n->curr_guest_offloads = virtio_net_supported_guest_offloads(n);
2734     }
2735 
2736     /*
2737      * curr_guest_offloads will be later overwritten by the
2738      * virtio_set_features_nocheck call done from the virtio_load.
2739      * Here we make sure it is preserved and restored accordingly
2740      * in the virtio_net_post_load_virtio callback.
2741      */
2742     n->saved_guest_offloads = n->curr_guest_offloads;
2743 
2744     virtio_net_set_queues(n);
2745 
2746     /* Find the first multicast entry in the saved MAC filter */
2747     for (i = 0; i < n->mac_table.in_use; i++) {
2748         if (n->mac_table.macs[i * ETH_ALEN] & 1) {
2749             break;
2750         }
2751     }
2752     n->mac_table.first_multi = i;
2753 
2754     /* nc.link_down can't be migrated, so infer link_down according
2755      * to link status bit in n->status */
2756     link_down = (n->status & VIRTIO_NET_S_LINK_UP) == 0;
2757     for (i = 0; i < n->max_queues; i++) {
2758         qemu_get_subqueue(n->nic, i)->link_down = link_down;
2759     }
2760 
2761     if (virtio_vdev_has_feature(vdev, VIRTIO_NET_F_GUEST_ANNOUNCE) &&
2762         virtio_vdev_has_feature(vdev, VIRTIO_NET_F_CTRL_VQ)) {
2763         qemu_announce_timer_reset(&n->announce_timer, migrate_announce_params(),
2764                                   QEMU_CLOCK_VIRTUAL,
2765                                   virtio_net_announce_timer, n);
2766         if (n->announce_timer.round) {
2767             timer_mod(n->announce_timer.tm,
2768                       qemu_clock_get_ms(n->announce_timer.type));
2769         } else {
2770             qemu_announce_timer_del(&n->announce_timer, false);
2771         }
2772     }
2773 
2774     if (n->rss_data.enabled) {
2775         trace_virtio_net_rss_enable(n->rss_data.hash_types,
2776                                     n->rss_data.indirections_len,
2777                                     sizeof(n->rss_data.key));
2778     } else {
2779         trace_virtio_net_rss_disable();
2780     }
2781     return 0;
2782 }
2783 
2784 static int virtio_net_post_load_virtio(VirtIODevice *vdev)
2785 {
2786     VirtIONet *n = VIRTIO_NET(vdev);
2787     /*
2788      * The actual needed state is now in saved_guest_offloads,
2789      * see virtio_net_post_load_device for detail.
2790      * Restore it back and apply the desired offloads.
2791      */
2792     n->curr_guest_offloads = n->saved_guest_offloads;
2793     if (peer_has_vnet_hdr(n)) {
2794         virtio_net_apply_guest_offloads(n);
2795     }
2796 
2797     return 0;
2798 }
2799 
2800 /* tx_waiting field of a VirtIONetQueue */
2801 static const VMStateDescription vmstate_virtio_net_queue_tx_waiting = {
2802     .name = "virtio-net-queue-tx_waiting",
2803     .fields = (VMStateField[]) {
2804         VMSTATE_UINT32(tx_waiting, VirtIONetQueue),
2805         VMSTATE_END_OF_LIST()
2806    },
2807 };
2808 
2809 static bool max_queues_gt_1(void *opaque, int version_id)
2810 {
2811     return VIRTIO_NET(opaque)->max_queues > 1;
2812 }
2813 
2814 static bool has_ctrl_guest_offloads(void *opaque, int version_id)
2815 {
2816     return virtio_vdev_has_feature(VIRTIO_DEVICE(opaque),
2817                                    VIRTIO_NET_F_CTRL_GUEST_OFFLOADS);
2818 }
2819 
2820 static bool mac_table_fits(void *opaque, int version_id)
2821 {
2822     return VIRTIO_NET(opaque)->mac_table.in_use <= MAC_TABLE_ENTRIES;
2823 }
2824 
2825 static bool mac_table_doesnt_fit(void *opaque, int version_id)
2826 {
2827     return !mac_table_fits(opaque, version_id);
2828 }
2829 
2830 /* This temporary type is shared by all the WITH_TMP methods
2831  * although only some fields are used by each.
2832  */
2833 struct VirtIONetMigTmp {
2834     VirtIONet      *parent;
2835     VirtIONetQueue *vqs_1;
2836     uint16_t        curr_queues_1;
2837     uint8_t         has_ufo;
2838     uint32_t        has_vnet_hdr;
2839 };
2840 
2841 /* The 2nd and subsequent tx_waiting flags are loaded later than
2842  * the 1st entry in the queues and only if there's more than one
2843  * entry.  We use the tmp mechanism to calculate a temporary
2844  * pointer and count and also validate the count.
2845  */
2846 
2847 static int virtio_net_tx_waiting_pre_save(void *opaque)
2848 {
2849     struct VirtIONetMigTmp *tmp = opaque;
2850 
2851     tmp->vqs_1 = tmp->parent->vqs + 1;
2852     tmp->curr_queues_1 = tmp->parent->curr_queues - 1;
2853     if (tmp->parent->curr_queues == 0) {
2854         tmp->curr_queues_1 = 0;
2855     }
2856 
2857     return 0;
2858 }
2859 
2860 static int virtio_net_tx_waiting_pre_load(void *opaque)
2861 {
2862     struct VirtIONetMigTmp *tmp = opaque;
2863 
2864     /* Reuse the pointer setup from save */
2865     virtio_net_tx_waiting_pre_save(opaque);
2866 
2867     if (tmp->parent->curr_queues > tmp->parent->max_queues) {
2868         error_report("virtio-net: curr_queues %x > max_queues %x",
2869             tmp->parent->curr_queues, tmp->parent->max_queues);
2870 
2871         return -EINVAL;
2872     }
2873 
2874     return 0; /* all good */
2875 }
2876 
2877 static const VMStateDescription vmstate_virtio_net_tx_waiting = {
2878     .name      = "virtio-net-tx_waiting",
2879     .pre_load  = virtio_net_tx_waiting_pre_load,
2880     .pre_save  = virtio_net_tx_waiting_pre_save,
2881     .fields    = (VMStateField[]) {
2882         VMSTATE_STRUCT_VARRAY_POINTER_UINT16(vqs_1, struct VirtIONetMigTmp,
2883                                      curr_queues_1,
2884                                      vmstate_virtio_net_queue_tx_waiting,
2885                                      struct VirtIONetQueue),
2886         VMSTATE_END_OF_LIST()
2887     },
2888 };
2889 
2890 /* the 'has_ufo' flag is just tested; if the incoming stream has the
2891  * flag set we need to check that we have it
2892  */
2893 static int virtio_net_ufo_post_load(void *opaque, int version_id)
2894 {
2895     struct VirtIONetMigTmp *tmp = opaque;
2896 
2897     if (tmp->has_ufo && !peer_has_ufo(tmp->parent)) {
2898         error_report("virtio-net: saved image requires TUN_F_UFO support");
2899         return -EINVAL;
2900     }
2901 
2902     return 0;
2903 }
2904 
2905 static int virtio_net_ufo_pre_save(void *opaque)
2906 {
2907     struct VirtIONetMigTmp *tmp = opaque;
2908 
2909     tmp->has_ufo = tmp->parent->has_ufo;
2910 
2911     return 0;
2912 }
2913 
2914 static const VMStateDescription vmstate_virtio_net_has_ufo = {
2915     .name      = "virtio-net-ufo",
2916     .post_load = virtio_net_ufo_post_load,
2917     .pre_save  = virtio_net_ufo_pre_save,
2918     .fields    = (VMStateField[]) {
2919         VMSTATE_UINT8(has_ufo, struct VirtIONetMigTmp),
2920         VMSTATE_END_OF_LIST()
2921     },
2922 };
2923 
2924 /* the 'has_vnet_hdr' flag is just tested; if the incoming stream has the
2925  * flag set we need to check that we have it
2926  */
2927 static int virtio_net_vnet_post_load(void *opaque, int version_id)
2928 {
2929     struct VirtIONetMigTmp *tmp = opaque;
2930 
2931     if (tmp->has_vnet_hdr && !peer_has_vnet_hdr(tmp->parent)) {
2932         error_report("virtio-net: saved image requires vnet_hdr=on");
2933         return -EINVAL;
2934     }
2935 
2936     return 0;
2937 }
2938 
2939 static int virtio_net_vnet_pre_save(void *opaque)
2940 {
2941     struct VirtIONetMigTmp *tmp = opaque;
2942 
2943     tmp->has_vnet_hdr = tmp->parent->has_vnet_hdr;
2944 
2945     return 0;
2946 }
2947 
2948 static const VMStateDescription vmstate_virtio_net_has_vnet = {
2949     .name      = "virtio-net-vnet",
2950     .post_load = virtio_net_vnet_post_load,
2951     .pre_save  = virtio_net_vnet_pre_save,
2952     .fields    = (VMStateField[]) {
2953         VMSTATE_UINT32(has_vnet_hdr, struct VirtIONetMigTmp),
2954         VMSTATE_END_OF_LIST()
2955     },
2956 };
2957 
2958 static bool virtio_net_rss_needed(void *opaque)
2959 {
2960     return VIRTIO_NET(opaque)->rss_data.enabled;
2961 }
2962 
2963 static const VMStateDescription vmstate_virtio_net_rss = {
2964     .name      = "virtio-net-device/rss",
2965     .version_id = 1,
2966     .minimum_version_id = 1,
2967     .needed = virtio_net_rss_needed,
2968     .fields = (VMStateField[]) {
2969         VMSTATE_BOOL(rss_data.enabled, VirtIONet),
2970         VMSTATE_BOOL(rss_data.redirect, VirtIONet),
2971         VMSTATE_BOOL(rss_data.populate_hash, VirtIONet),
2972         VMSTATE_UINT32(rss_data.hash_types, VirtIONet),
2973         VMSTATE_UINT16(rss_data.indirections_len, VirtIONet),
2974         VMSTATE_UINT16(rss_data.default_queue, VirtIONet),
2975         VMSTATE_UINT8_ARRAY(rss_data.key, VirtIONet,
2976                             VIRTIO_NET_RSS_MAX_KEY_SIZE),
2977         VMSTATE_VARRAY_UINT16_ALLOC(rss_data.indirections_table, VirtIONet,
2978                                     rss_data.indirections_len, 0,
2979                                     vmstate_info_uint16, uint16_t),
2980         VMSTATE_END_OF_LIST()
2981     },
2982 };
2983 
2984 static const VMStateDescription vmstate_virtio_net_device = {
2985     .name = "virtio-net-device",
2986     .version_id = VIRTIO_NET_VM_VERSION,
2987     .minimum_version_id = VIRTIO_NET_VM_VERSION,
2988     .post_load = virtio_net_post_load_device,
2989     .fields = (VMStateField[]) {
2990         VMSTATE_UINT8_ARRAY(mac, VirtIONet, ETH_ALEN),
2991         VMSTATE_STRUCT_POINTER(vqs, VirtIONet,
2992                                vmstate_virtio_net_queue_tx_waiting,
2993                                VirtIONetQueue),
2994         VMSTATE_UINT32(mergeable_rx_bufs, VirtIONet),
2995         VMSTATE_UINT16(status, VirtIONet),
2996         VMSTATE_UINT8(promisc, VirtIONet),
2997         VMSTATE_UINT8(allmulti, VirtIONet),
2998         VMSTATE_UINT32(mac_table.in_use, VirtIONet),
2999 
3000         /* Guarded pair: If it fits we load it, else we throw it away
3001          * - can happen if source has a larger MAC table.; post-load
3002          *  sets flags in this case.
3003          */
3004         VMSTATE_VBUFFER_MULTIPLY(mac_table.macs, VirtIONet,
3005                                 0, mac_table_fits, mac_table.in_use,
3006                                  ETH_ALEN),
3007         VMSTATE_UNUSED_VARRAY_UINT32(VirtIONet, mac_table_doesnt_fit, 0,
3008                                      mac_table.in_use, ETH_ALEN),
3009 
3010         /* Note: This is an array of uint32's that's always been saved as a
3011          * buffer; hold onto your endiannesses; it's actually used as a bitmap
3012          * but based on the uint.
3013          */
3014         VMSTATE_BUFFER_POINTER_UNSAFE(vlans, VirtIONet, 0, MAX_VLAN >> 3),
3015         VMSTATE_WITH_TMP(VirtIONet, struct VirtIONetMigTmp,
3016                          vmstate_virtio_net_has_vnet),
3017         VMSTATE_UINT8(mac_table.multi_overflow, VirtIONet),
3018         VMSTATE_UINT8(mac_table.uni_overflow, VirtIONet),
3019         VMSTATE_UINT8(alluni, VirtIONet),
3020         VMSTATE_UINT8(nomulti, VirtIONet),
3021         VMSTATE_UINT8(nouni, VirtIONet),
3022         VMSTATE_UINT8(nobcast, VirtIONet),
3023         VMSTATE_WITH_TMP(VirtIONet, struct VirtIONetMigTmp,
3024                          vmstate_virtio_net_has_ufo),
3025         VMSTATE_SINGLE_TEST(max_queues, VirtIONet, max_queues_gt_1, 0,
3026                             vmstate_info_uint16_equal, uint16_t),
3027         VMSTATE_UINT16_TEST(curr_queues, VirtIONet, max_queues_gt_1),
3028         VMSTATE_WITH_TMP(VirtIONet, struct VirtIONetMigTmp,
3029                          vmstate_virtio_net_tx_waiting),
3030         VMSTATE_UINT64_TEST(curr_guest_offloads, VirtIONet,
3031                             has_ctrl_guest_offloads),
3032         VMSTATE_END_OF_LIST()
3033    },
3034     .subsections = (const VMStateDescription * []) {
3035         &vmstate_virtio_net_rss,
3036         NULL
3037     }
3038 };
3039 
3040 static NetClientInfo net_virtio_info = {
3041     .type = NET_CLIENT_DRIVER_NIC,
3042     .size = sizeof(NICState),
3043     .can_receive = virtio_net_can_receive,
3044     .receive = virtio_net_receive,
3045     .link_status_changed = virtio_net_set_link_status,
3046     .query_rx_filter = virtio_net_query_rxfilter,
3047     .announce = virtio_net_announce,
3048 };
3049 
3050 static bool virtio_net_guest_notifier_pending(VirtIODevice *vdev, int idx)
3051 {
3052     VirtIONet *n = VIRTIO_NET(vdev);
3053     NetClientState *nc = qemu_get_subqueue(n->nic, vq2q(idx));
3054     assert(n->vhost_started);
3055     return vhost_net_virtqueue_pending(get_vhost_net(nc->peer), idx);
3056 }
3057 
3058 static void virtio_net_guest_notifier_mask(VirtIODevice *vdev, int idx,
3059                                            bool mask)
3060 {
3061     VirtIONet *n = VIRTIO_NET(vdev);
3062     NetClientState *nc = qemu_get_subqueue(n->nic, vq2q(idx));
3063     assert(n->vhost_started);
3064     vhost_net_virtqueue_mask(get_vhost_net(nc->peer),
3065                              vdev, idx, mask);
3066 }
3067 
3068 static void virtio_net_set_config_size(VirtIONet *n, uint64_t host_features)
3069 {
3070     virtio_add_feature(&host_features, VIRTIO_NET_F_MAC);
3071 
3072     n->config_size = virtio_feature_get_config_size(feature_sizes,
3073                                                     host_features);
3074 }
3075 
3076 void virtio_net_set_netclient_name(VirtIONet *n, const char *name,
3077                                    const char *type)
3078 {
3079     /*
3080      * The name can be NULL, the netclient name will be type.x.
3081      */
3082     assert(type != NULL);
3083 
3084     g_free(n->netclient_name);
3085     g_free(n->netclient_type);
3086     n->netclient_name = g_strdup(name);
3087     n->netclient_type = g_strdup(type);
3088 }
3089 
3090 static bool failover_unplug_primary(VirtIONet *n, DeviceState *dev)
3091 {
3092     HotplugHandler *hotplug_ctrl;
3093     PCIDevice *pci_dev;
3094     Error *err = NULL;
3095 
3096     hotplug_ctrl = qdev_get_hotplug_handler(dev);
3097     if (hotplug_ctrl) {
3098         pci_dev = PCI_DEVICE(dev);
3099         pci_dev->partially_hotplugged = true;
3100         hotplug_handler_unplug_request(hotplug_ctrl, dev, &err);
3101         if (err) {
3102             error_report_err(err);
3103             return false;
3104         }
3105     } else {
3106         return false;
3107     }
3108     return true;
3109 }
3110 
3111 static bool failover_replug_primary(VirtIONet *n, DeviceState *dev,
3112                                     Error **errp)
3113 {
3114     Error *err = NULL;
3115     HotplugHandler *hotplug_ctrl;
3116     PCIDevice *pdev = PCI_DEVICE(dev);
3117     BusState *primary_bus;
3118 
3119     if (!pdev->partially_hotplugged) {
3120         return true;
3121     }
3122     primary_bus = dev->parent_bus;
3123     if (!primary_bus) {
3124         error_setg(errp, "virtio_net: couldn't find primary bus");
3125         return false;
3126     }
3127     qdev_set_parent_bus(dev, primary_bus, &error_abort);
3128     qatomic_set(&n->failover_primary_hidden, false);
3129     hotplug_ctrl = qdev_get_hotplug_handler(dev);
3130     if (hotplug_ctrl) {
3131         hotplug_handler_pre_plug(hotplug_ctrl, dev, &err);
3132         if (err) {
3133             goto out;
3134         }
3135         hotplug_handler_plug(hotplug_ctrl, dev, &err);
3136     }
3137 
3138 out:
3139     error_propagate(errp, err);
3140     return !err;
3141 }
3142 
3143 static void virtio_net_handle_migration_primary(VirtIONet *n, MigrationState *s)
3144 {
3145     bool should_be_hidden;
3146     Error *err = NULL;
3147     DeviceState *dev = failover_find_primary_device(n);
3148 
3149     if (!dev) {
3150         return;
3151     }
3152 
3153     should_be_hidden = qatomic_read(&n->failover_primary_hidden);
3154 
3155     if (migration_in_setup(s) && !should_be_hidden) {
3156         if (failover_unplug_primary(n, dev)) {
3157             vmstate_unregister(VMSTATE_IF(dev), qdev_get_vmsd(dev), dev);
3158             qapi_event_send_unplug_primary(dev->id);
3159             qatomic_set(&n->failover_primary_hidden, true);
3160         } else {
3161             warn_report("couldn't unplug primary device");
3162         }
3163     } else if (migration_has_failed(s)) {
3164         /* We already unplugged the device let's plug it back */
3165         if (!failover_replug_primary(n, dev, &err)) {
3166             if (err) {
3167                 error_report_err(err);
3168             }
3169         }
3170     }
3171 }
3172 
3173 static void virtio_net_migration_state_notifier(Notifier *notifier, void *data)
3174 {
3175     MigrationState *s = data;
3176     VirtIONet *n = container_of(notifier, VirtIONet, migration_state);
3177     virtio_net_handle_migration_primary(n, s);
3178 }
3179 
3180 static bool failover_hide_primary_device(DeviceListener *listener,
3181                                          QemuOpts *device_opts)
3182 {
3183     VirtIONet *n = container_of(listener, VirtIONet, primary_listener);
3184     const char *standby_id;
3185 
3186     if (!device_opts) {
3187         return false;
3188     }
3189     standby_id = qemu_opt_get(device_opts, "failover_pair_id");
3190     if (g_strcmp0(standby_id, n->netclient_name) != 0) {
3191         return false;
3192     }
3193 
3194     /* failover_primary_hidden is set during feature negotiation */
3195     return qatomic_read(&n->failover_primary_hidden);
3196 }
3197 
3198 static void virtio_net_device_realize(DeviceState *dev, Error **errp)
3199 {
3200     VirtIODevice *vdev = VIRTIO_DEVICE(dev);
3201     VirtIONet *n = VIRTIO_NET(dev);
3202     NetClientState *nc;
3203     int i;
3204 
3205     if (n->net_conf.mtu) {
3206         n->host_features |= (1ULL << VIRTIO_NET_F_MTU);
3207     }
3208 
3209     if (n->net_conf.duplex_str) {
3210         if (strncmp(n->net_conf.duplex_str, "half", 5) == 0) {
3211             n->net_conf.duplex = DUPLEX_HALF;
3212         } else if (strncmp(n->net_conf.duplex_str, "full", 5) == 0) {
3213             n->net_conf.duplex = DUPLEX_FULL;
3214         } else {
3215             error_setg(errp, "'duplex' must be 'half' or 'full'");
3216             return;
3217         }
3218         n->host_features |= (1ULL << VIRTIO_NET_F_SPEED_DUPLEX);
3219     } else {
3220         n->net_conf.duplex = DUPLEX_UNKNOWN;
3221     }
3222 
3223     if (n->net_conf.speed < SPEED_UNKNOWN) {
3224         error_setg(errp, "'speed' must be between 0 and INT_MAX");
3225         return;
3226     }
3227     if (n->net_conf.speed >= 0) {
3228         n->host_features |= (1ULL << VIRTIO_NET_F_SPEED_DUPLEX);
3229     }
3230 
3231     if (n->failover) {
3232         n->primary_listener.hide_device = failover_hide_primary_device;
3233         qatomic_set(&n->failover_primary_hidden, true);
3234         device_listener_register(&n->primary_listener);
3235         n->migration_state.notify = virtio_net_migration_state_notifier;
3236         add_migration_state_change_notifier(&n->migration_state);
3237         n->host_features |= (1ULL << VIRTIO_NET_F_STANDBY);
3238     }
3239 
3240     virtio_net_set_config_size(n, n->host_features);
3241     virtio_init(vdev, "virtio-net", VIRTIO_ID_NET, n->config_size);
3242 
3243     /*
3244      * We set a lower limit on RX queue size to what it always was.
3245      * Guests that want a smaller ring can always resize it without
3246      * help from us (using virtio 1 and up).
3247      */
3248     if (n->net_conf.rx_queue_size < VIRTIO_NET_RX_QUEUE_MIN_SIZE ||
3249         n->net_conf.rx_queue_size > VIRTQUEUE_MAX_SIZE ||
3250         !is_power_of_2(n->net_conf.rx_queue_size)) {
3251         error_setg(errp, "Invalid rx_queue_size (= %" PRIu16 "), "
3252                    "must be a power of 2 between %d and %d.",
3253                    n->net_conf.rx_queue_size, VIRTIO_NET_RX_QUEUE_MIN_SIZE,
3254                    VIRTQUEUE_MAX_SIZE);
3255         virtio_cleanup(vdev);
3256         return;
3257     }
3258 
3259     if (n->net_conf.tx_queue_size < VIRTIO_NET_TX_QUEUE_MIN_SIZE ||
3260         n->net_conf.tx_queue_size > VIRTQUEUE_MAX_SIZE ||
3261         !is_power_of_2(n->net_conf.tx_queue_size)) {
3262         error_setg(errp, "Invalid tx_queue_size (= %" PRIu16 "), "
3263                    "must be a power of 2 between %d and %d",
3264                    n->net_conf.tx_queue_size, VIRTIO_NET_TX_QUEUE_MIN_SIZE,
3265                    VIRTQUEUE_MAX_SIZE);
3266         virtio_cleanup(vdev);
3267         return;
3268     }
3269 
3270     n->max_queues = MAX(n->nic_conf.peers.queues, 1);
3271     if (n->max_queues * 2 + 1 > VIRTIO_QUEUE_MAX) {
3272         error_setg(errp, "Invalid number of queues (= %" PRIu32 "), "
3273                    "must be a positive integer less than %d.",
3274                    n->max_queues, (VIRTIO_QUEUE_MAX - 1) / 2);
3275         virtio_cleanup(vdev);
3276         return;
3277     }
3278     n->vqs = g_malloc0(sizeof(VirtIONetQueue) * n->max_queues);
3279     n->curr_queues = 1;
3280     n->tx_timeout = n->net_conf.txtimer;
3281 
3282     if (n->net_conf.tx && strcmp(n->net_conf.tx, "timer")
3283                        && strcmp(n->net_conf.tx, "bh")) {
3284         warn_report("virtio-net: "
3285                     "Unknown option tx=%s, valid options: \"timer\" \"bh\"",
3286                     n->net_conf.tx);
3287         error_printf("Defaulting to \"bh\"");
3288     }
3289 
3290     n->net_conf.tx_queue_size = MIN(virtio_net_max_tx_queue_size(n),
3291                                     n->net_conf.tx_queue_size);
3292 
3293     for (i = 0; i < n->max_queues; i++) {
3294         virtio_net_add_queue(n, i);
3295     }
3296 
3297     n->ctrl_vq = virtio_add_queue(vdev, 64, virtio_net_handle_ctrl);
3298     qemu_macaddr_default_if_unset(&n->nic_conf.macaddr);
3299     memcpy(&n->mac[0], &n->nic_conf.macaddr, sizeof(n->mac));
3300     n->status = VIRTIO_NET_S_LINK_UP;
3301     qemu_announce_timer_reset(&n->announce_timer, migrate_announce_params(),
3302                               QEMU_CLOCK_VIRTUAL,
3303                               virtio_net_announce_timer, n);
3304     n->announce_timer.round = 0;
3305 
3306     if (n->netclient_type) {
3307         /*
3308          * Happen when virtio_net_set_netclient_name has been called.
3309          */
3310         n->nic = qemu_new_nic(&net_virtio_info, &n->nic_conf,
3311                               n->netclient_type, n->netclient_name, n);
3312     } else {
3313         n->nic = qemu_new_nic(&net_virtio_info, &n->nic_conf,
3314                               object_get_typename(OBJECT(dev)), dev->id, n);
3315     }
3316 
3317     for (i = 0; i < n->max_queues; i++) {
3318         n->nic->ncs[i].do_not_pad = true;
3319     }
3320 
3321     peer_test_vnet_hdr(n);
3322     if (peer_has_vnet_hdr(n)) {
3323         for (i = 0; i < n->max_queues; i++) {
3324             qemu_using_vnet_hdr(qemu_get_subqueue(n->nic, i)->peer, true);
3325         }
3326         n->host_hdr_len = sizeof(struct virtio_net_hdr);
3327     } else {
3328         n->host_hdr_len = 0;
3329     }
3330 
3331     qemu_format_nic_info_str(qemu_get_queue(n->nic), n->nic_conf.macaddr.a);
3332 
3333     n->vqs[0].tx_waiting = 0;
3334     n->tx_burst = n->net_conf.txburst;
3335     virtio_net_set_mrg_rx_bufs(n, 0, 0, 0);
3336     n->promisc = 1; /* for compatibility */
3337 
3338     n->mac_table.macs = g_malloc0(MAC_TABLE_ENTRIES * ETH_ALEN);
3339 
3340     n->vlans = g_malloc0(MAX_VLAN >> 3);
3341 
3342     nc = qemu_get_queue(n->nic);
3343     nc->rxfilter_notify_enabled = 1;
3344 
3345    if (nc->peer && nc->peer->info->type == NET_CLIENT_DRIVER_VHOST_VDPA) {
3346         struct virtio_net_config netcfg = {};
3347         memcpy(&netcfg.mac, &n->nic_conf.macaddr, ETH_ALEN);
3348         vhost_net_set_config(get_vhost_net(nc->peer),
3349             (uint8_t *)&netcfg, 0, ETH_ALEN, VHOST_SET_CONFIG_TYPE_MASTER);
3350     }
3351     QTAILQ_INIT(&n->rsc_chains);
3352     n->qdev = dev;
3353 
3354     net_rx_pkt_init(&n->rx_pkt, false);
3355 }
3356 
3357 static void virtio_net_device_unrealize(DeviceState *dev)
3358 {
3359     VirtIODevice *vdev = VIRTIO_DEVICE(dev);
3360     VirtIONet *n = VIRTIO_NET(dev);
3361     int i, max_queues;
3362 
3363     /* This will stop vhost backend if appropriate. */
3364     virtio_net_set_status(vdev, 0);
3365 
3366     g_free(n->netclient_name);
3367     n->netclient_name = NULL;
3368     g_free(n->netclient_type);
3369     n->netclient_type = NULL;
3370 
3371     g_free(n->mac_table.macs);
3372     g_free(n->vlans);
3373 
3374     if (n->failover) {
3375         device_listener_unregister(&n->primary_listener);
3376     }
3377 
3378     max_queues = n->multiqueue ? n->max_queues : 1;
3379     for (i = 0; i < max_queues; i++) {
3380         virtio_net_del_queue(n, i);
3381     }
3382     /* delete also control vq */
3383     virtio_del_queue(vdev, max_queues * 2);
3384     qemu_announce_timer_del(&n->announce_timer, false);
3385     g_free(n->vqs);
3386     qemu_del_nic(n->nic);
3387     virtio_net_rsc_cleanup(n);
3388     g_free(n->rss_data.indirections_table);
3389     net_rx_pkt_uninit(n->rx_pkt);
3390     virtio_cleanup(vdev);
3391 }
3392 
3393 static void virtio_net_instance_init(Object *obj)
3394 {
3395     VirtIONet *n = VIRTIO_NET(obj);
3396 
3397     /*
3398      * The default config_size is sizeof(struct virtio_net_config).
3399      * Can be overriden with virtio_net_set_config_size.
3400      */
3401     n->config_size = sizeof(struct virtio_net_config);
3402     device_add_bootindex_property(obj, &n->nic_conf.bootindex,
3403                                   "bootindex", "/ethernet-phy@0",
3404                                   DEVICE(n));
3405 }
3406 
3407 static int virtio_net_pre_save(void *opaque)
3408 {
3409     VirtIONet *n = opaque;
3410 
3411     /* At this point, backend must be stopped, otherwise
3412      * it might keep writing to memory. */
3413     assert(!n->vhost_started);
3414 
3415     return 0;
3416 }
3417 
3418 static bool primary_unplug_pending(void *opaque)
3419 {
3420     DeviceState *dev = opaque;
3421     DeviceState *primary;
3422     VirtIODevice *vdev = VIRTIO_DEVICE(dev);
3423     VirtIONet *n = VIRTIO_NET(vdev);
3424 
3425     if (!virtio_vdev_has_feature(vdev, VIRTIO_NET_F_STANDBY)) {
3426         return false;
3427     }
3428     primary = failover_find_primary_device(n);
3429     return primary ? primary->pending_deleted_event : false;
3430 }
3431 
3432 static bool dev_unplug_pending(void *opaque)
3433 {
3434     DeviceState *dev = opaque;
3435     VirtioDeviceClass *vdc = VIRTIO_DEVICE_GET_CLASS(dev);
3436 
3437     return vdc->primary_unplug_pending(dev);
3438 }
3439 
3440 static const VMStateDescription vmstate_virtio_net = {
3441     .name = "virtio-net",
3442     .minimum_version_id = VIRTIO_NET_VM_VERSION,
3443     .version_id = VIRTIO_NET_VM_VERSION,
3444     .fields = (VMStateField[]) {
3445         VMSTATE_VIRTIO_DEVICE,
3446         VMSTATE_END_OF_LIST()
3447     },
3448     .pre_save = virtio_net_pre_save,
3449     .dev_unplug_pending = dev_unplug_pending,
3450 };
3451 
3452 static Property virtio_net_properties[] = {
3453     DEFINE_PROP_BIT64("csum", VirtIONet, host_features,
3454                     VIRTIO_NET_F_CSUM, true),
3455     DEFINE_PROP_BIT64("guest_csum", VirtIONet, host_features,
3456                     VIRTIO_NET_F_GUEST_CSUM, true),
3457     DEFINE_PROP_BIT64("gso", VirtIONet, host_features, VIRTIO_NET_F_GSO, true),
3458     DEFINE_PROP_BIT64("guest_tso4", VirtIONet, host_features,
3459                     VIRTIO_NET_F_GUEST_TSO4, true),
3460     DEFINE_PROP_BIT64("guest_tso6", VirtIONet, host_features,
3461                     VIRTIO_NET_F_GUEST_TSO6, true),
3462     DEFINE_PROP_BIT64("guest_ecn", VirtIONet, host_features,
3463                     VIRTIO_NET_F_GUEST_ECN, true),
3464     DEFINE_PROP_BIT64("guest_ufo", VirtIONet, host_features,
3465                     VIRTIO_NET_F_GUEST_UFO, true),
3466     DEFINE_PROP_BIT64("guest_announce", VirtIONet, host_features,
3467                     VIRTIO_NET_F_GUEST_ANNOUNCE, true),
3468     DEFINE_PROP_BIT64("host_tso4", VirtIONet, host_features,
3469                     VIRTIO_NET_F_HOST_TSO4, true),
3470     DEFINE_PROP_BIT64("host_tso6", VirtIONet, host_features,
3471                     VIRTIO_NET_F_HOST_TSO6, true),
3472     DEFINE_PROP_BIT64("host_ecn", VirtIONet, host_features,
3473                     VIRTIO_NET_F_HOST_ECN, true),
3474     DEFINE_PROP_BIT64("host_ufo", VirtIONet, host_features,
3475                     VIRTIO_NET_F_HOST_UFO, true),
3476     DEFINE_PROP_BIT64("mrg_rxbuf", VirtIONet, host_features,
3477                     VIRTIO_NET_F_MRG_RXBUF, true),
3478     DEFINE_PROP_BIT64("status", VirtIONet, host_features,
3479                     VIRTIO_NET_F_STATUS, true),
3480     DEFINE_PROP_BIT64("ctrl_vq", VirtIONet, host_features,
3481                     VIRTIO_NET_F_CTRL_VQ, true),
3482     DEFINE_PROP_BIT64("ctrl_rx", VirtIONet, host_features,
3483                     VIRTIO_NET_F_CTRL_RX, true),
3484     DEFINE_PROP_BIT64("ctrl_vlan", VirtIONet, host_features,
3485                     VIRTIO_NET_F_CTRL_VLAN, true),
3486     DEFINE_PROP_BIT64("ctrl_rx_extra", VirtIONet, host_features,
3487                     VIRTIO_NET_F_CTRL_RX_EXTRA, true),
3488     DEFINE_PROP_BIT64("ctrl_mac_addr", VirtIONet, host_features,
3489                     VIRTIO_NET_F_CTRL_MAC_ADDR, true),
3490     DEFINE_PROP_BIT64("ctrl_guest_offloads", VirtIONet, host_features,
3491                     VIRTIO_NET_F_CTRL_GUEST_OFFLOADS, true),
3492     DEFINE_PROP_BIT64("mq", VirtIONet, host_features, VIRTIO_NET_F_MQ, false),
3493     DEFINE_PROP_BIT64("rss", VirtIONet, host_features,
3494                     VIRTIO_NET_F_RSS, false),
3495     DEFINE_PROP_BIT64("hash", VirtIONet, host_features,
3496                     VIRTIO_NET_F_HASH_REPORT, false),
3497     DEFINE_PROP_BIT64("guest_rsc_ext", VirtIONet, host_features,
3498                     VIRTIO_NET_F_RSC_EXT, false),
3499     DEFINE_PROP_UINT32("rsc_interval", VirtIONet, rsc_timeout,
3500                        VIRTIO_NET_RSC_DEFAULT_INTERVAL),
3501     DEFINE_NIC_PROPERTIES(VirtIONet, nic_conf),
3502     DEFINE_PROP_UINT32("x-txtimer", VirtIONet, net_conf.txtimer,
3503                        TX_TIMER_INTERVAL),
3504     DEFINE_PROP_INT32("x-txburst", VirtIONet, net_conf.txburst, TX_BURST),
3505     DEFINE_PROP_STRING("tx", VirtIONet, net_conf.tx),
3506     DEFINE_PROP_UINT16("rx_queue_size", VirtIONet, net_conf.rx_queue_size,
3507                        VIRTIO_NET_RX_QUEUE_DEFAULT_SIZE),
3508     DEFINE_PROP_UINT16("tx_queue_size", VirtIONet, net_conf.tx_queue_size,
3509                        VIRTIO_NET_TX_QUEUE_DEFAULT_SIZE),
3510     DEFINE_PROP_UINT16("host_mtu", VirtIONet, net_conf.mtu, 0),
3511     DEFINE_PROP_BOOL("x-mtu-bypass-backend", VirtIONet, mtu_bypass_backend,
3512                      true),
3513     DEFINE_PROP_INT32("speed", VirtIONet, net_conf.speed, SPEED_UNKNOWN),
3514     DEFINE_PROP_STRING("duplex", VirtIONet, net_conf.duplex_str),
3515     DEFINE_PROP_BOOL("failover", VirtIONet, failover, false),
3516     DEFINE_PROP_END_OF_LIST(),
3517 };
3518 
3519 static void virtio_net_class_init(ObjectClass *klass, void *data)
3520 {
3521     DeviceClass *dc = DEVICE_CLASS(klass);
3522     VirtioDeviceClass *vdc = VIRTIO_DEVICE_CLASS(klass);
3523 
3524     device_class_set_props(dc, virtio_net_properties);
3525     dc->vmsd = &vmstate_virtio_net;
3526     set_bit(DEVICE_CATEGORY_NETWORK, dc->categories);
3527     vdc->realize = virtio_net_device_realize;
3528     vdc->unrealize = virtio_net_device_unrealize;
3529     vdc->get_config = virtio_net_get_config;
3530     vdc->set_config = virtio_net_set_config;
3531     vdc->get_features = virtio_net_get_features;
3532     vdc->set_features = virtio_net_set_features;
3533     vdc->bad_features = virtio_net_bad_features;
3534     vdc->reset = virtio_net_reset;
3535     vdc->set_status = virtio_net_set_status;
3536     vdc->guest_notifier_mask = virtio_net_guest_notifier_mask;
3537     vdc->guest_notifier_pending = virtio_net_guest_notifier_pending;
3538     vdc->legacy_features |= (0x1 << VIRTIO_NET_F_GSO);
3539     vdc->post_load = virtio_net_post_load_virtio;
3540     vdc->vmsd = &vmstate_virtio_net_device;
3541     vdc->primary_unplug_pending = primary_unplug_pending;
3542 }
3543 
3544 static const TypeInfo virtio_net_info = {
3545     .name = TYPE_VIRTIO_NET,
3546     .parent = TYPE_VIRTIO_DEVICE,
3547     .instance_size = sizeof(VirtIONet),
3548     .instance_init = virtio_net_instance_init,
3549     .class_init = virtio_net_class_init,
3550 };
3551 
3552 static void virtio_register_types(void)
3553 {
3554     type_register_static(&virtio_net_info);
3555 }
3556 
3557 type_init(virtio_register_types)
3558