xref: /openbmc/qemu/hw/net/virtio-net.c (revision c2387413)
1 /*
2  * Virtio Network Device
3  *
4  * Copyright IBM, Corp. 2007
5  *
6  * Authors:
7  *  Anthony Liguori   <aliguori@us.ibm.com>
8  *
9  * This work is licensed under the terms of the GNU GPL, version 2.  See
10  * the COPYING file in the top-level directory.
11  *
12  */
13 
14 #include "qemu/osdep.h"
15 #include "qemu/atomic.h"
16 #include "qemu/iov.h"
17 #include "qemu/main-loop.h"
18 #include "qemu/module.h"
19 #include "hw/virtio/virtio.h"
20 #include "net/net.h"
21 #include "net/checksum.h"
22 #include "net/tap.h"
23 #include "qemu/error-report.h"
24 #include "qemu/timer.h"
25 #include "qemu/option.h"
26 #include "qemu/option_int.h"
27 #include "qemu/config-file.h"
28 #include "qapi/qmp/qdict.h"
29 #include "hw/virtio/virtio-net.h"
30 #include "net/vhost_net.h"
31 #include "net/announce.h"
32 #include "hw/virtio/virtio-bus.h"
33 #include "qapi/error.h"
34 #include "qapi/qapi-events-net.h"
35 #include "hw/qdev-properties.h"
36 #include "qapi/qapi-types-migration.h"
37 #include "qapi/qapi-events-migration.h"
38 #include "hw/virtio/virtio-access.h"
39 #include "migration/misc.h"
40 #include "standard-headers/linux/ethtool.h"
41 #include "sysemu/sysemu.h"
42 #include "trace.h"
43 #include "monitor/qdev.h"
44 #include "hw/pci/pci.h"
45 #include "net_rx_pkt.h"
46 #include "hw/virtio/vhost.h"
47 
48 #define VIRTIO_NET_VM_VERSION    11
49 
50 #define MAC_TABLE_ENTRIES    64
51 #define MAX_VLAN    (1 << 12)   /* Per 802.1Q definition */
52 
53 /* previously fixed value */
54 #define VIRTIO_NET_RX_QUEUE_DEFAULT_SIZE 256
55 #define VIRTIO_NET_TX_QUEUE_DEFAULT_SIZE 256
56 
57 /* for now, only allow larger queues; with virtio-1, guest can downsize */
58 #define VIRTIO_NET_RX_QUEUE_MIN_SIZE VIRTIO_NET_RX_QUEUE_DEFAULT_SIZE
59 #define VIRTIO_NET_TX_QUEUE_MIN_SIZE VIRTIO_NET_TX_QUEUE_DEFAULT_SIZE
60 
61 #define VIRTIO_NET_IP4_ADDR_SIZE   8        /* ipv4 saddr + daddr */
62 
63 #define VIRTIO_NET_TCP_FLAG         0x3F
64 #define VIRTIO_NET_TCP_HDR_LENGTH   0xF000
65 
66 /* IPv4 max payload, 16 bits in the header */
67 #define VIRTIO_NET_MAX_IP4_PAYLOAD (65535 - sizeof(struct ip_header))
68 #define VIRTIO_NET_MAX_TCP_PAYLOAD 65535
69 
70 /* header length value in ip header without option */
71 #define VIRTIO_NET_IP4_HEADER_LENGTH 5
72 
73 #define VIRTIO_NET_IP6_ADDR_SIZE   32      /* ipv6 saddr + daddr */
74 #define VIRTIO_NET_MAX_IP6_PAYLOAD VIRTIO_NET_MAX_TCP_PAYLOAD
75 
76 /* Purge coalesced packets timer interval, This value affects the performance
77    a lot, and should be tuned carefully, '300000'(300us) is the recommended
78    value to pass the WHQL test, '50000' can gain 2x netperf throughput with
79    tso/gso/gro 'off'. */
80 #define VIRTIO_NET_RSC_DEFAULT_INTERVAL 300000
81 
82 #define VIRTIO_NET_RSS_SUPPORTED_HASHES (VIRTIO_NET_RSS_HASH_TYPE_IPv4 | \
83                                          VIRTIO_NET_RSS_HASH_TYPE_TCPv4 | \
84                                          VIRTIO_NET_RSS_HASH_TYPE_UDPv4 | \
85                                          VIRTIO_NET_RSS_HASH_TYPE_IPv6 | \
86                                          VIRTIO_NET_RSS_HASH_TYPE_TCPv6 | \
87                                          VIRTIO_NET_RSS_HASH_TYPE_UDPv6 | \
88                                          VIRTIO_NET_RSS_HASH_TYPE_IP_EX | \
89                                          VIRTIO_NET_RSS_HASH_TYPE_TCP_EX | \
90                                          VIRTIO_NET_RSS_HASH_TYPE_UDP_EX)
91 
92 static VirtIOFeature feature_sizes[] = {
93     {.flags = 1ULL << VIRTIO_NET_F_MAC,
94      .end = endof(struct virtio_net_config, mac)},
95     {.flags = 1ULL << VIRTIO_NET_F_STATUS,
96      .end = endof(struct virtio_net_config, status)},
97     {.flags = 1ULL << VIRTIO_NET_F_MQ,
98      .end = endof(struct virtio_net_config, max_virtqueue_pairs)},
99     {.flags = 1ULL << VIRTIO_NET_F_MTU,
100      .end = endof(struct virtio_net_config, mtu)},
101     {.flags = 1ULL << VIRTIO_NET_F_SPEED_DUPLEX,
102      .end = endof(struct virtio_net_config, duplex)},
103     {.flags = (1ULL << VIRTIO_NET_F_RSS) | (1ULL << VIRTIO_NET_F_HASH_REPORT),
104      .end = endof(struct virtio_net_config, supported_hash_types)},
105     {}
106 };
107 
108 static VirtIONetQueue *virtio_net_get_subqueue(NetClientState *nc)
109 {
110     VirtIONet *n = qemu_get_nic_opaque(nc);
111 
112     return &n->vqs[nc->queue_index];
113 }
114 
115 static int vq2q(int queue_index)
116 {
117     return queue_index / 2;
118 }
119 
120 /* TODO
121  * - we could suppress RX interrupt if we were so inclined.
122  */
123 
124 static void virtio_net_get_config(VirtIODevice *vdev, uint8_t *config)
125 {
126     VirtIONet *n = VIRTIO_NET(vdev);
127     struct virtio_net_config netcfg;
128     NetClientState *nc = qemu_get_queue(n->nic);
129 
130     int ret = 0;
131     memset(&netcfg, 0 , sizeof(struct virtio_net_config));
132     virtio_stw_p(vdev, &netcfg.status, n->status);
133     virtio_stw_p(vdev, &netcfg.max_virtqueue_pairs, n->max_queues);
134     virtio_stw_p(vdev, &netcfg.mtu, n->net_conf.mtu);
135     memcpy(netcfg.mac, n->mac, ETH_ALEN);
136     virtio_stl_p(vdev, &netcfg.speed, n->net_conf.speed);
137     netcfg.duplex = n->net_conf.duplex;
138     netcfg.rss_max_key_size = VIRTIO_NET_RSS_MAX_KEY_SIZE;
139     virtio_stw_p(vdev, &netcfg.rss_max_indirection_table_length,
140                  virtio_host_has_feature(vdev, VIRTIO_NET_F_RSS) ?
141                  VIRTIO_NET_RSS_MAX_TABLE_LEN : 1);
142     virtio_stl_p(vdev, &netcfg.supported_hash_types,
143                  VIRTIO_NET_RSS_SUPPORTED_HASHES);
144     memcpy(config, &netcfg, n->config_size);
145 
146     /*
147      * Is this VDPA? No peer means not VDPA: there's no way to
148      * disconnect/reconnect a VDPA peer.
149      */
150     if (nc->peer && nc->peer->info->type == NET_CLIENT_DRIVER_VHOST_VDPA) {
151         ret = vhost_net_get_config(get_vhost_net(nc->peer), (uint8_t *)&netcfg,
152                                    n->config_size);
153         if (ret != -1) {
154             memcpy(config, &netcfg, n->config_size);
155         }
156     }
157 }
158 
159 static void virtio_net_set_config(VirtIODevice *vdev, const uint8_t *config)
160 {
161     VirtIONet *n = VIRTIO_NET(vdev);
162     struct virtio_net_config netcfg = {};
163     NetClientState *nc = qemu_get_queue(n->nic);
164 
165     memcpy(&netcfg, config, n->config_size);
166 
167     if (!virtio_vdev_has_feature(vdev, VIRTIO_NET_F_CTRL_MAC_ADDR) &&
168         !virtio_vdev_has_feature(vdev, VIRTIO_F_VERSION_1) &&
169         memcmp(netcfg.mac, n->mac, ETH_ALEN)) {
170         memcpy(n->mac, netcfg.mac, ETH_ALEN);
171         qemu_format_nic_info_str(qemu_get_queue(n->nic), n->mac);
172     }
173 
174     /*
175      * Is this VDPA? No peer means not VDPA: there's no way to
176      * disconnect/reconnect a VDPA peer.
177      */
178     if (nc->peer && nc->peer->info->type == NET_CLIENT_DRIVER_VHOST_VDPA) {
179         vhost_net_set_config(get_vhost_net(nc->peer),
180                              (uint8_t *)&netcfg, 0, n->config_size,
181                              VHOST_SET_CONFIG_TYPE_MASTER);
182       }
183 }
184 
185 static bool virtio_net_started(VirtIONet *n, uint8_t status)
186 {
187     VirtIODevice *vdev = VIRTIO_DEVICE(n);
188     return (status & VIRTIO_CONFIG_S_DRIVER_OK) &&
189         (n->status & VIRTIO_NET_S_LINK_UP) && vdev->vm_running;
190 }
191 
192 static void virtio_net_announce_notify(VirtIONet *net)
193 {
194     VirtIODevice *vdev = VIRTIO_DEVICE(net);
195     trace_virtio_net_announce_notify();
196 
197     net->status |= VIRTIO_NET_S_ANNOUNCE;
198     virtio_notify_config(vdev);
199 }
200 
201 static void virtio_net_announce_timer(void *opaque)
202 {
203     VirtIONet *n = opaque;
204     trace_virtio_net_announce_timer(n->announce_timer.round);
205 
206     n->announce_timer.round--;
207     virtio_net_announce_notify(n);
208 }
209 
210 static void virtio_net_announce(NetClientState *nc)
211 {
212     VirtIONet *n = qemu_get_nic_opaque(nc);
213     VirtIODevice *vdev = VIRTIO_DEVICE(n);
214 
215     /*
216      * Make sure the virtio migration announcement timer isn't running
217      * If it is, let it trigger announcement so that we do not cause
218      * confusion.
219      */
220     if (n->announce_timer.round) {
221         return;
222     }
223 
224     if (virtio_vdev_has_feature(vdev, VIRTIO_NET_F_GUEST_ANNOUNCE) &&
225         virtio_vdev_has_feature(vdev, VIRTIO_NET_F_CTRL_VQ)) {
226             virtio_net_announce_notify(n);
227     }
228 }
229 
230 static void virtio_net_vhost_status(VirtIONet *n, uint8_t status)
231 {
232     VirtIODevice *vdev = VIRTIO_DEVICE(n);
233     NetClientState *nc = qemu_get_queue(n->nic);
234     int queues = n->multiqueue ? n->max_queues : 1;
235 
236     if (!get_vhost_net(nc->peer)) {
237         return;
238     }
239 
240     if ((virtio_net_started(n, status) && !nc->peer->link_down) ==
241         !!n->vhost_started) {
242         return;
243     }
244     if (!n->vhost_started) {
245         int r, i;
246 
247         if (n->needs_vnet_hdr_swap) {
248             error_report("backend does not support %s vnet headers; "
249                          "falling back on userspace virtio",
250                          virtio_is_big_endian(vdev) ? "BE" : "LE");
251             return;
252         }
253 
254         /* Any packets outstanding? Purge them to avoid touching rings
255          * when vhost is running.
256          */
257         for (i = 0;  i < queues; i++) {
258             NetClientState *qnc = qemu_get_subqueue(n->nic, i);
259 
260             /* Purge both directions: TX and RX. */
261             qemu_net_queue_purge(qnc->peer->incoming_queue, qnc);
262             qemu_net_queue_purge(qnc->incoming_queue, qnc->peer);
263         }
264 
265         if (virtio_has_feature(vdev->guest_features, VIRTIO_NET_F_MTU)) {
266             r = vhost_net_set_mtu(get_vhost_net(nc->peer), n->net_conf.mtu);
267             if (r < 0) {
268                 error_report("%uBytes MTU not supported by the backend",
269                              n->net_conf.mtu);
270 
271                 return;
272             }
273         }
274 
275         n->vhost_started = 1;
276         r = vhost_net_start(vdev, n->nic->ncs, queues);
277         if (r < 0) {
278             error_report("unable to start vhost net: %d: "
279                          "falling back on userspace virtio", -r);
280             n->vhost_started = 0;
281         }
282     } else {
283         vhost_net_stop(vdev, n->nic->ncs, queues);
284         n->vhost_started = 0;
285     }
286 }
287 
288 static int virtio_net_set_vnet_endian_one(VirtIODevice *vdev,
289                                           NetClientState *peer,
290                                           bool enable)
291 {
292     if (virtio_is_big_endian(vdev)) {
293         return qemu_set_vnet_be(peer, enable);
294     } else {
295         return qemu_set_vnet_le(peer, enable);
296     }
297 }
298 
299 static bool virtio_net_set_vnet_endian(VirtIODevice *vdev, NetClientState *ncs,
300                                        int queues, bool enable)
301 {
302     int i;
303 
304     for (i = 0; i < queues; i++) {
305         if (virtio_net_set_vnet_endian_one(vdev, ncs[i].peer, enable) < 0 &&
306             enable) {
307             while (--i >= 0) {
308                 virtio_net_set_vnet_endian_one(vdev, ncs[i].peer, false);
309             }
310 
311             return true;
312         }
313     }
314 
315     return false;
316 }
317 
318 static void virtio_net_vnet_endian_status(VirtIONet *n, uint8_t status)
319 {
320     VirtIODevice *vdev = VIRTIO_DEVICE(n);
321     int queues = n->multiqueue ? n->max_queues : 1;
322 
323     if (virtio_net_started(n, status)) {
324         /* Before using the device, we tell the network backend about the
325          * endianness to use when parsing vnet headers. If the backend
326          * can't do it, we fallback onto fixing the headers in the core
327          * virtio-net code.
328          */
329         n->needs_vnet_hdr_swap = virtio_net_set_vnet_endian(vdev, n->nic->ncs,
330                                                             queues, true);
331     } else if (virtio_net_started(n, vdev->status)) {
332         /* After using the device, we need to reset the network backend to
333          * the default (guest native endianness), otherwise the guest may
334          * lose network connectivity if it is rebooted into a different
335          * endianness.
336          */
337         virtio_net_set_vnet_endian(vdev, n->nic->ncs, queues, false);
338     }
339 }
340 
341 static void virtio_net_drop_tx_queue_data(VirtIODevice *vdev, VirtQueue *vq)
342 {
343     unsigned int dropped = virtqueue_drop_all(vq);
344     if (dropped) {
345         virtio_notify(vdev, vq);
346     }
347 }
348 
349 static void virtio_net_set_status(struct VirtIODevice *vdev, uint8_t status)
350 {
351     VirtIONet *n = VIRTIO_NET(vdev);
352     VirtIONetQueue *q;
353     int i;
354     uint8_t queue_status;
355 
356     virtio_net_vnet_endian_status(n, status);
357     virtio_net_vhost_status(n, status);
358 
359     for (i = 0; i < n->max_queues; i++) {
360         NetClientState *ncs = qemu_get_subqueue(n->nic, i);
361         bool queue_started;
362         q = &n->vqs[i];
363 
364         if ((!n->multiqueue && i != 0) || i >= n->curr_queues) {
365             queue_status = 0;
366         } else {
367             queue_status = status;
368         }
369         queue_started =
370             virtio_net_started(n, queue_status) && !n->vhost_started;
371 
372         if (queue_started) {
373             qemu_flush_queued_packets(ncs);
374         }
375 
376         if (!q->tx_waiting) {
377             continue;
378         }
379 
380         if (queue_started) {
381             if (q->tx_timer) {
382                 timer_mod(q->tx_timer,
383                                qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + n->tx_timeout);
384             } else {
385                 qemu_bh_schedule(q->tx_bh);
386             }
387         } else {
388             if (q->tx_timer) {
389                 timer_del(q->tx_timer);
390             } else {
391                 qemu_bh_cancel(q->tx_bh);
392             }
393             if ((n->status & VIRTIO_NET_S_LINK_UP) == 0 &&
394                 (queue_status & VIRTIO_CONFIG_S_DRIVER_OK) &&
395                 vdev->vm_running) {
396                 /* if tx is waiting we are likely have some packets in tx queue
397                  * and disabled notification */
398                 q->tx_waiting = 0;
399                 virtio_queue_set_notification(q->tx_vq, 1);
400                 virtio_net_drop_tx_queue_data(vdev, q->tx_vq);
401             }
402         }
403     }
404 }
405 
406 static void virtio_net_set_link_status(NetClientState *nc)
407 {
408     VirtIONet *n = qemu_get_nic_opaque(nc);
409     VirtIODevice *vdev = VIRTIO_DEVICE(n);
410     uint16_t old_status = n->status;
411 
412     if (nc->link_down)
413         n->status &= ~VIRTIO_NET_S_LINK_UP;
414     else
415         n->status |= VIRTIO_NET_S_LINK_UP;
416 
417     if (n->status != old_status)
418         virtio_notify_config(vdev);
419 
420     virtio_net_set_status(vdev, vdev->status);
421 }
422 
423 static void rxfilter_notify(NetClientState *nc)
424 {
425     VirtIONet *n = qemu_get_nic_opaque(nc);
426 
427     if (nc->rxfilter_notify_enabled) {
428         char *path = object_get_canonical_path(OBJECT(n->qdev));
429         qapi_event_send_nic_rx_filter_changed(!!n->netclient_name,
430                                               n->netclient_name, path);
431         g_free(path);
432 
433         /* disable event notification to avoid events flooding */
434         nc->rxfilter_notify_enabled = 0;
435     }
436 }
437 
438 static intList *get_vlan_table(VirtIONet *n)
439 {
440     intList *list;
441     int i, j;
442 
443     list = NULL;
444     for (i = 0; i < MAX_VLAN >> 5; i++) {
445         for (j = 0; n->vlans[i] && j <= 0x1f; j++) {
446             if (n->vlans[i] & (1U << j)) {
447                 QAPI_LIST_PREPEND(list, (i << 5) + j);
448             }
449         }
450     }
451 
452     return list;
453 }
454 
455 static RxFilterInfo *virtio_net_query_rxfilter(NetClientState *nc)
456 {
457     VirtIONet *n = qemu_get_nic_opaque(nc);
458     VirtIODevice *vdev = VIRTIO_DEVICE(n);
459     RxFilterInfo *info;
460     strList *str_list;
461     int i;
462 
463     info = g_malloc0(sizeof(*info));
464     info->name = g_strdup(nc->name);
465     info->promiscuous = n->promisc;
466 
467     if (n->nouni) {
468         info->unicast = RX_STATE_NONE;
469     } else if (n->alluni) {
470         info->unicast = RX_STATE_ALL;
471     } else {
472         info->unicast = RX_STATE_NORMAL;
473     }
474 
475     if (n->nomulti) {
476         info->multicast = RX_STATE_NONE;
477     } else if (n->allmulti) {
478         info->multicast = RX_STATE_ALL;
479     } else {
480         info->multicast = RX_STATE_NORMAL;
481     }
482 
483     info->broadcast_allowed = n->nobcast;
484     info->multicast_overflow = n->mac_table.multi_overflow;
485     info->unicast_overflow = n->mac_table.uni_overflow;
486 
487     info->main_mac = qemu_mac_strdup_printf(n->mac);
488 
489     str_list = NULL;
490     for (i = 0; i < n->mac_table.first_multi; i++) {
491         QAPI_LIST_PREPEND(str_list,
492                       qemu_mac_strdup_printf(n->mac_table.macs + i * ETH_ALEN));
493     }
494     info->unicast_table = str_list;
495 
496     str_list = NULL;
497     for (i = n->mac_table.first_multi; i < n->mac_table.in_use; i++) {
498         QAPI_LIST_PREPEND(str_list,
499                       qemu_mac_strdup_printf(n->mac_table.macs + i * ETH_ALEN));
500     }
501     info->multicast_table = str_list;
502     info->vlan_table = get_vlan_table(n);
503 
504     if (!virtio_vdev_has_feature(vdev, VIRTIO_NET_F_CTRL_VLAN)) {
505         info->vlan = RX_STATE_ALL;
506     } else if (!info->vlan_table) {
507         info->vlan = RX_STATE_NONE;
508     } else {
509         info->vlan = RX_STATE_NORMAL;
510     }
511 
512     /* enable event notification after query */
513     nc->rxfilter_notify_enabled = 1;
514 
515     return info;
516 }
517 
518 static void virtio_net_reset(VirtIODevice *vdev)
519 {
520     VirtIONet *n = VIRTIO_NET(vdev);
521     int i;
522 
523     /* Reset back to compatibility mode */
524     n->promisc = 1;
525     n->allmulti = 0;
526     n->alluni = 0;
527     n->nomulti = 0;
528     n->nouni = 0;
529     n->nobcast = 0;
530     /* multiqueue is disabled by default */
531     n->curr_queues = 1;
532     timer_del(n->announce_timer.tm);
533     n->announce_timer.round = 0;
534     n->status &= ~VIRTIO_NET_S_ANNOUNCE;
535 
536     /* Flush any MAC and VLAN filter table state */
537     n->mac_table.in_use = 0;
538     n->mac_table.first_multi = 0;
539     n->mac_table.multi_overflow = 0;
540     n->mac_table.uni_overflow = 0;
541     memset(n->mac_table.macs, 0, MAC_TABLE_ENTRIES * ETH_ALEN);
542     memcpy(&n->mac[0], &n->nic->conf->macaddr, sizeof(n->mac));
543     qemu_format_nic_info_str(qemu_get_queue(n->nic), n->mac);
544     memset(n->vlans, 0, MAX_VLAN >> 3);
545 
546     /* Flush any async TX */
547     for (i = 0;  i < n->max_queues; i++) {
548         NetClientState *nc = qemu_get_subqueue(n->nic, i);
549 
550         if (nc->peer) {
551             qemu_flush_or_purge_queued_packets(nc->peer, true);
552             assert(!virtio_net_get_subqueue(nc)->async_tx.elem);
553         }
554     }
555 }
556 
557 static void peer_test_vnet_hdr(VirtIONet *n)
558 {
559     NetClientState *nc = qemu_get_queue(n->nic);
560     if (!nc->peer) {
561         return;
562     }
563 
564     n->has_vnet_hdr = qemu_has_vnet_hdr(nc->peer);
565 }
566 
567 static int peer_has_vnet_hdr(VirtIONet *n)
568 {
569     return n->has_vnet_hdr;
570 }
571 
572 static int peer_has_ufo(VirtIONet *n)
573 {
574     if (!peer_has_vnet_hdr(n))
575         return 0;
576 
577     n->has_ufo = qemu_has_ufo(qemu_get_queue(n->nic)->peer);
578 
579     return n->has_ufo;
580 }
581 
582 static void virtio_net_set_mrg_rx_bufs(VirtIONet *n, int mergeable_rx_bufs,
583                                        int version_1, int hash_report)
584 {
585     int i;
586     NetClientState *nc;
587 
588     n->mergeable_rx_bufs = mergeable_rx_bufs;
589 
590     if (version_1) {
591         n->guest_hdr_len = hash_report ?
592             sizeof(struct virtio_net_hdr_v1_hash) :
593             sizeof(struct virtio_net_hdr_mrg_rxbuf);
594         n->rss_data.populate_hash = !!hash_report;
595     } else {
596         n->guest_hdr_len = n->mergeable_rx_bufs ?
597             sizeof(struct virtio_net_hdr_mrg_rxbuf) :
598             sizeof(struct virtio_net_hdr);
599     }
600 
601     for (i = 0; i < n->max_queues; i++) {
602         nc = qemu_get_subqueue(n->nic, i);
603 
604         if (peer_has_vnet_hdr(n) &&
605             qemu_has_vnet_hdr_len(nc->peer, n->guest_hdr_len)) {
606             qemu_set_vnet_hdr_len(nc->peer, n->guest_hdr_len);
607             n->host_hdr_len = n->guest_hdr_len;
608         }
609     }
610 }
611 
612 static int virtio_net_max_tx_queue_size(VirtIONet *n)
613 {
614     NetClientState *peer = n->nic_conf.peers.ncs[0];
615 
616     /*
617      * Backends other than vhost-user don't support max queue size.
618      */
619     if (!peer) {
620         return VIRTIO_NET_TX_QUEUE_DEFAULT_SIZE;
621     }
622 
623     if (peer->info->type != NET_CLIENT_DRIVER_VHOST_USER) {
624         return VIRTIO_NET_TX_QUEUE_DEFAULT_SIZE;
625     }
626 
627     return VIRTQUEUE_MAX_SIZE;
628 }
629 
630 static int peer_attach(VirtIONet *n, int index)
631 {
632     NetClientState *nc = qemu_get_subqueue(n->nic, index);
633 
634     if (!nc->peer) {
635         return 0;
636     }
637 
638     if (nc->peer->info->type == NET_CLIENT_DRIVER_VHOST_USER) {
639         vhost_set_vring_enable(nc->peer, 1);
640     }
641 
642     if (nc->peer->info->type != NET_CLIENT_DRIVER_TAP) {
643         return 0;
644     }
645 
646     if (n->max_queues == 1) {
647         return 0;
648     }
649 
650     return tap_enable(nc->peer);
651 }
652 
653 static int peer_detach(VirtIONet *n, int index)
654 {
655     NetClientState *nc = qemu_get_subqueue(n->nic, index);
656 
657     if (!nc->peer) {
658         return 0;
659     }
660 
661     if (nc->peer->info->type == NET_CLIENT_DRIVER_VHOST_USER) {
662         vhost_set_vring_enable(nc->peer, 0);
663     }
664 
665     if (nc->peer->info->type !=  NET_CLIENT_DRIVER_TAP) {
666         return 0;
667     }
668 
669     return tap_disable(nc->peer);
670 }
671 
672 static void virtio_net_set_queues(VirtIONet *n)
673 {
674     int i;
675     int r;
676 
677     if (n->nic->peer_deleted) {
678         return;
679     }
680 
681     for (i = 0; i < n->max_queues; i++) {
682         if (i < n->curr_queues) {
683             r = peer_attach(n, i);
684             assert(!r);
685         } else {
686             r = peer_detach(n, i);
687             assert(!r);
688         }
689     }
690 }
691 
692 static void virtio_net_set_multiqueue(VirtIONet *n, int multiqueue);
693 
694 static uint64_t virtio_net_get_features(VirtIODevice *vdev, uint64_t features,
695                                         Error **errp)
696 {
697     VirtIONet *n = VIRTIO_NET(vdev);
698     NetClientState *nc = qemu_get_queue(n->nic);
699 
700     /* Firstly sync all virtio-net possible supported features */
701     features |= n->host_features;
702 
703     virtio_add_feature(&features, VIRTIO_NET_F_MAC);
704 
705     if (!peer_has_vnet_hdr(n)) {
706         virtio_clear_feature(&features, VIRTIO_NET_F_CSUM);
707         virtio_clear_feature(&features, VIRTIO_NET_F_HOST_TSO4);
708         virtio_clear_feature(&features, VIRTIO_NET_F_HOST_TSO6);
709         virtio_clear_feature(&features, VIRTIO_NET_F_HOST_ECN);
710 
711         virtio_clear_feature(&features, VIRTIO_NET_F_GUEST_CSUM);
712         virtio_clear_feature(&features, VIRTIO_NET_F_GUEST_TSO4);
713         virtio_clear_feature(&features, VIRTIO_NET_F_GUEST_TSO6);
714         virtio_clear_feature(&features, VIRTIO_NET_F_GUEST_ECN);
715 
716         virtio_clear_feature(&features, VIRTIO_NET_F_HASH_REPORT);
717     }
718 
719     if (!peer_has_vnet_hdr(n) || !peer_has_ufo(n)) {
720         virtio_clear_feature(&features, VIRTIO_NET_F_GUEST_UFO);
721         virtio_clear_feature(&features, VIRTIO_NET_F_HOST_UFO);
722     }
723 
724     if (!get_vhost_net(nc->peer)) {
725         return features;
726     }
727 
728     virtio_clear_feature(&features, VIRTIO_NET_F_RSS);
729     virtio_clear_feature(&features, VIRTIO_NET_F_HASH_REPORT);
730     features = vhost_net_get_features(get_vhost_net(nc->peer), features);
731     vdev->backend_features = features;
732 
733     if (n->mtu_bypass_backend &&
734             (n->host_features & 1ULL << VIRTIO_NET_F_MTU)) {
735         features |= (1ULL << VIRTIO_NET_F_MTU);
736     }
737 
738     return features;
739 }
740 
741 static uint64_t virtio_net_bad_features(VirtIODevice *vdev)
742 {
743     uint64_t features = 0;
744 
745     /* Linux kernel 2.6.25.  It understood MAC (as everyone must),
746      * but also these: */
747     virtio_add_feature(&features, VIRTIO_NET_F_MAC);
748     virtio_add_feature(&features, VIRTIO_NET_F_CSUM);
749     virtio_add_feature(&features, VIRTIO_NET_F_HOST_TSO4);
750     virtio_add_feature(&features, VIRTIO_NET_F_HOST_TSO6);
751     virtio_add_feature(&features, VIRTIO_NET_F_HOST_ECN);
752 
753     return features;
754 }
755 
756 static void virtio_net_apply_guest_offloads(VirtIONet *n)
757 {
758     qemu_set_offload(qemu_get_queue(n->nic)->peer,
759             !!(n->curr_guest_offloads & (1ULL << VIRTIO_NET_F_GUEST_CSUM)),
760             !!(n->curr_guest_offloads & (1ULL << VIRTIO_NET_F_GUEST_TSO4)),
761             !!(n->curr_guest_offloads & (1ULL << VIRTIO_NET_F_GUEST_TSO6)),
762             !!(n->curr_guest_offloads & (1ULL << VIRTIO_NET_F_GUEST_ECN)),
763             !!(n->curr_guest_offloads & (1ULL << VIRTIO_NET_F_GUEST_UFO)));
764 }
765 
766 static uint64_t virtio_net_guest_offloads_by_features(uint32_t features)
767 {
768     static const uint64_t guest_offloads_mask =
769         (1ULL << VIRTIO_NET_F_GUEST_CSUM) |
770         (1ULL << VIRTIO_NET_F_GUEST_TSO4) |
771         (1ULL << VIRTIO_NET_F_GUEST_TSO6) |
772         (1ULL << VIRTIO_NET_F_GUEST_ECN)  |
773         (1ULL << VIRTIO_NET_F_GUEST_UFO);
774 
775     return guest_offloads_mask & features;
776 }
777 
778 static inline uint64_t virtio_net_supported_guest_offloads(VirtIONet *n)
779 {
780     VirtIODevice *vdev = VIRTIO_DEVICE(n);
781     return virtio_net_guest_offloads_by_features(vdev->guest_features);
782 }
783 
784 typedef struct {
785     VirtIONet *n;
786     char *id;
787 } FailoverId;
788 
789 /**
790  * Set the id of the failover primary device
791  *
792  * @opaque: FailoverId to setup
793  * @opts: opts for device we are handling
794  * @errp: returns an error if this function fails
795  */
796 static int failover_set_primary(void *opaque, QemuOpts *opts, Error **errp)
797 {
798     FailoverId *fid = opaque;
799     const char *standby_id = qemu_opt_get(opts, "failover_pair_id");
800 
801     if (g_strcmp0(standby_id, fid->n->netclient_name) == 0) {
802         fid->id = g_strdup(opts->id);
803         return 1;
804     }
805 
806     return 0;
807 }
808 
809 /**
810  * Find the primary device id for this failover virtio-net
811  *
812  * @n: VirtIONet device
813  * @errp: returns an error if this function fails
814  */
815 static char *failover_find_primary_device_id(VirtIONet *n)
816 {
817     Error *err = NULL;
818     FailoverId fid;
819 
820     fid.n = n;
821     if (!qemu_opts_foreach(qemu_find_opts("device"),
822                            failover_set_primary, &fid, &err)) {
823         return NULL;
824     }
825     return fid.id;
826 }
827 
828 /**
829  * Find the primary device for this failover virtio-net
830  *
831  * @n: VirtIONet device
832  * @errp: returns an error if this function fails
833  */
834 static DeviceState *failover_find_primary_device(VirtIONet *n)
835 {
836     char *id = failover_find_primary_device_id(n);
837 
838     if (!id) {
839         return NULL;
840     }
841 
842     return qdev_find_recursive(sysbus_get_default(), id);
843 }
844 
845 static void failover_add_primary(VirtIONet *n, Error **errp)
846 {
847     Error *err = NULL;
848     QemuOpts *opts;
849     char *id;
850     DeviceState *dev = failover_find_primary_device(n);
851 
852     if (dev) {
853         return;
854     }
855 
856     id = failover_find_primary_device_id(n);
857     if (!id) {
858         return;
859     }
860     opts = qemu_opts_find(qemu_find_opts("device"), id);
861     if (opts) {
862         dev = qdev_device_add(opts, &err);
863         if (err) {
864             qemu_opts_del(opts);
865         }
866     } else {
867         error_setg(errp, "Primary device not found");
868         error_append_hint(errp, "Virtio-net failover will not work. Make "
869                           "sure primary device has parameter"
870                           " failover_pair_id=<virtio-net-id>\n");
871     }
872     error_propagate(errp, err);
873 }
874 
875 static void virtio_net_set_features(VirtIODevice *vdev, uint64_t features)
876 {
877     VirtIONet *n = VIRTIO_NET(vdev);
878     Error *err = NULL;
879     int i;
880 
881     if (n->mtu_bypass_backend &&
882             !virtio_has_feature(vdev->backend_features, VIRTIO_NET_F_MTU)) {
883         features &= ~(1ULL << VIRTIO_NET_F_MTU);
884     }
885 
886     virtio_net_set_multiqueue(n,
887                               virtio_has_feature(features, VIRTIO_NET_F_RSS) ||
888                               virtio_has_feature(features, VIRTIO_NET_F_MQ));
889 
890     virtio_net_set_mrg_rx_bufs(n,
891                                virtio_has_feature(features,
892                                                   VIRTIO_NET_F_MRG_RXBUF),
893                                virtio_has_feature(features,
894                                                   VIRTIO_F_VERSION_1),
895                                virtio_has_feature(features,
896                                                   VIRTIO_NET_F_HASH_REPORT));
897 
898     n->rsc4_enabled = virtio_has_feature(features, VIRTIO_NET_F_RSC_EXT) &&
899         virtio_has_feature(features, VIRTIO_NET_F_GUEST_TSO4);
900     n->rsc6_enabled = virtio_has_feature(features, VIRTIO_NET_F_RSC_EXT) &&
901         virtio_has_feature(features, VIRTIO_NET_F_GUEST_TSO6);
902     n->rss_data.redirect = virtio_has_feature(features, VIRTIO_NET_F_RSS);
903 
904     if (n->has_vnet_hdr) {
905         n->curr_guest_offloads =
906             virtio_net_guest_offloads_by_features(features);
907         virtio_net_apply_guest_offloads(n);
908     }
909 
910     for (i = 0;  i < n->max_queues; i++) {
911         NetClientState *nc = qemu_get_subqueue(n->nic, i);
912 
913         if (!get_vhost_net(nc->peer)) {
914             continue;
915         }
916         vhost_net_ack_features(get_vhost_net(nc->peer), features);
917     }
918 
919     if (virtio_has_feature(features, VIRTIO_NET_F_CTRL_VLAN)) {
920         memset(n->vlans, 0, MAX_VLAN >> 3);
921     } else {
922         memset(n->vlans, 0xff, MAX_VLAN >> 3);
923     }
924 
925     if (virtio_has_feature(features, VIRTIO_NET_F_STANDBY)) {
926         qapi_event_send_failover_negotiated(n->netclient_name);
927         qatomic_set(&n->failover_primary_hidden, false);
928         failover_add_primary(n, &err);
929         if (err) {
930             warn_report_err(err);
931         }
932     }
933 }
934 
935 static int virtio_net_handle_rx_mode(VirtIONet *n, uint8_t cmd,
936                                      struct iovec *iov, unsigned int iov_cnt)
937 {
938     uint8_t on;
939     size_t s;
940     NetClientState *nc = qemu_get_queue(n->nic);
941 
942     s = iov_to_buf(iov, iov_cnt, 0, &on, sizeof(on));
943     if (s != sizeof(on)) {
944         return VIRTIO_NET_ERR;
945     }
946 
947     if (cmd == VIRTIO_NET_CTRL_RX_PROMISC) {
948         n->promisc = on;
949     } else if (cmd == VIRTIO_NET_CTRL_RX_ALLMULTI) {
950         n->allmulti = on;
951     } else if (cmd == VIRTIO_NET_CTRL_RX_ALLUNI) {
952         n->alluni = on;
953     } else if (cmd == VIRTIO_NET_CTRL_RX_NOMULTI) {
954         n->nomulti = on;
955     } else if (cmd == VIRTIO_NET_CTRL_RX_NOUNI) {
956         n->nouni = on;
957     } else if (cmd == VIRTIO_NET_CTRL_RX_NOBCAST) {
958         n->nobcast = on;
959     } else {
960         return VIRTIO_NET_ERR;
961     }
962 
963     rxfilter_notify(nc);
964 
965     return VIRTIO_NET_OK;
966 }
967 
968 static int virtio_net_handle_offloads(VirtIONet *n, uint8_t cmd,
969                                      struct iovec *iov, unsigned int iov_cnt)
970 {
971     VirtIODevice *vdev = VIRTIO_DEVICE(n);
972     uint64_t offloads;
973     size_t s;
974 
975     if (!virtio_vdev_has_feature(vdev, VIRTIO_NET_F_CTRL_GUEST_OFFLOADS)) {
976         return VIRTIO_NET_ERR;
977     }
978 
979     s = iov_to_buf(iov, iov_cnt, 0, &offloads, sizeof(offloads));
980     if (s != sizeof(offloads)) {
981         return VIRTIO_NET_ERR;
982     }
983 
984     if (cmd == VIRTIO_NET_CTRL_GUEST_OFFLOADS_SET) {
985         uint64_t supported_offloads;
986 
987         offloads = virtio_ldq_p(vdev, &offloads);
988 
989         if (!n->has_vnet_hdr) {
990             return VIRTIO_NET_ERR;
991         }
992 
993         n->rsc4_enabled = virtio_has_feature(offloads, VIRTIO_NET_F_RSC_EXT) &&
994             virtio_has_feature(offloads, VIRTIO_NET_F_GUEST_TSO4);
995         n->rsc6_enabled = virtio_has_feature(offloads, VIRTIO_NET_F_RSC_EXT) &&
996             virtio_has_feature(offloads, VIRTIO_NET_F_GUEST_TSO6);
997         virtio_clear_feature(&offloads, VIRTIO_NET_F_RSC_EXT);
998 
999         supported_offloads = virtio_net_supported_guest_offloads(n);
1000         if (offloads & ~supported_offloads) {
1001             return VIRTIO_NET_ERR;
1002         }
1003 
1004         n->curr_guest_offloads = offloads;
1005         virtio_net_apply_guest_offloads(n);
1006 
1007         return VIRTIO_NET_OK;
1008     } else {
1009         return VIRTIO_NET_ERR;
1010     }
1011 }
1012 
1013 static int virtio_net_handle_mac(VirtIONet *n, uint8_t cmd,
1014                                  struct iovec *iov, unsigned int iov_cnt)
1015 {
1016     VirtIODevice *vdev = VIRTIO_DEVICE(n);
1017     struct virtio_net_ctrl_mac mac_data;
1018     size_t s;
1019     NetClientState *nc = qemu_get_queue(n->nic);
1020 
1021     if (cmd == VIRTIO_NET_CTRL_MAC_ADDR_SET) {
1022         if (iov_size(iov, iov_cnt) != sizeof(n->mac)) {
1023             return VIRTIO_NET_ERR;
1024         }
1025         s = iov_to_buf(iov, iov_cnt, 0, &n->mac, sizeof(n->mac));
1026         assert(s == sizeof(n->mac));
1027         qemu_format_nic_info_str(qemu_get_queue(n->nic), n->mac);
1028         rxfilter_notify(nc);
1029 
1030         return VIRTIO_NET_OK;
1031     }
1032 
1033     if (cmd != VIRTIO_NET_CTRL_MAC_TABLE_SET) {
1034         return VIRTIO_NET_ERR;
1035     }
1036 
1037     int in_use = 0;
1038     int first_multi = 0;
1039     uint8_t uni_overflow = 0;
1040     uint8_t multi_overflow = 0;
1041     uint8_t *macs = g_malloc0(MAC_TABLE_ENTRIES * ETH_ALEN);
1042 
1043     s = iov_to_buf(iov, iov_cnt, 0, &mac_data.entries,
1044                    sizeof(mac_data.entries));
1045     mac_data.entries = virtio_ldl_p(vdev, &mac_data.entries);
1046     if (s != sizeof(mac_data.entries)) {
1047         goto error;
1048     }
1049     iov_discard_front(&iov, &iov_cnt, s);
1050 
1051     if (mac_data.entries * ETH_ALEN > iov_size(iov, iov_cnt)) {
1052         goto error;
1053     }
1054 
1055     if (mac_data.entries <= MAC_TABLE_ENTRIES) {
1056         s = iov_to_buf(iov, iov_cnt, 0, macs,
1057                        mac_data.entries * ETH_ALEN);
1058         if (s != mac_data.entries * ETH_ALEN) {
1059             goto error;
1060         }
1061         in_use += mac_data.entries;
1062     } else {
1063         uni_overflow = 1;
1064     }
1065 
1066     iov_discard_front(&iov, &iov_cnt, mac_data.entries * ETH_ALEN);
1067 
1068     first_multi = in_use;
1069 
1070     s = iov_to_buf(iov, iov_cnt, 0, &mac_data.entries,
1071                    sizeof(mac_data.entries));
1072     mac_data.entries = virtio_ldl_p(vdev, &mac_data.entries);
1073     if (s != sizeof(mac_data.entries)) {
1074         goto error;
1075     }
1076 
1077     iov_discard_front(&iov, &iov_cnt, s);
1078 
1079     if (mac_data.entries * ETH_ALEN != iov_size(iov, iov_cnt)) {
1080         goto error;
1081     }
1082 
1083     if (mac_data.entries <= MAC_TABLE_ENTRIES - in_use) {
1084         s = iov_to_buf(iov, iov_cnt, 0, &macs[in_use * ETH_ALEN],
1085                        mac_data.entries * ETH_ALEN);
1086         if (s != mac_data.entries * ETH_ALEN) {
1087             goto error;
1088         }
1089         in_use += mac_data.entries;
1090     } else {
1091         multi_overflow = 1;
1092     }
1093 
1094     n->mac_table.in_use = in_use;
1095     n->mac_table.first_multi = first_multi;
1096     n->mac_table.uni_overflow = uni_overflow;
1097     n->mac_table.multi_overflow = multi_overflow;
1098     memcpy(n->mac_table.macs, macs, MAC_TABLE_ENTRIES * ETH_ALEN);
1099     g_free(macs);
1100     rxfilter_notify(nc);
1101 
1102     return VIRTIO_NET_OK;
1103 
1104 error:
1105     g_free(macs);
1106     return VIRTIO_NET_ERR;
1107 }
1108 
1109 static int virtio_net_handle_vlan_table(VirtIONet *n, uint8_t cmd,
1110                                         struct iovec *iov, unsigned int iov_cnt)
1111 {
1112     VirtIODevice *vdev = VIRTIO_DEVICE(n);
1113     uint16_t vid;
1114     size_t s;
1115     NetClientState *nc = qemu_get_queue(n->nic);
1116 
1117     s = iov_to_buf(iov, iov_cnt, 0, &vid, sizeof(vid));
1118     vid = virtio_lduw_p(vdev, &vid);
1119     if (s != sizeof(vid)) {
1120         return VIRTIO_NET_ERR;
1121     }
1122 
1123     if (vid >= MAX_VLAN)
1124         return VIRTIO_NET_ERR;
1125 
1126     if (cmd == VIRTIO_NET_CTRL_VLAN_ADD)
1127         n->vlans[vid >> 5] |= (1U << (vid & 0x1f));
1128     else if (cmd == VIRTIO_NET_CTRL_VLAN_DEL)
1129         n->vlans[vid >> 5] &= ~(1U << (vid & 0x1f));
1130     else
1131         return VIRTIO_NET_ERR;
1132 
1133     rxfilter_notify(nc);
1134 
1135     return VIRTIO_NET_OK;
1136 }
1137 
1138 static int virtio_net_handle_announce(VirtIONet *n, uint8_t cmd,
1139                                       struct iovec *iov, unsigned int iov_cnt)
1140 {
1141     trace_virtio_net_handle_announce(n->announce_timer.round);
1142     if (cmd == VIRTIO_NET_CTRL_ANNOUNCE_ACK &&
1143         n->status & VIRTIO_NET_S_ANNOUNCE) {
1144         n->status &= ~VIRTIO_NET_S_ANNOUNCE;
1145         if (n->announce_timer.round) {
1146             qemu_announce_timer_step(&n->announce_timer);
1147         }
1148         return VIRTIO_NET_OK;
1149     } else {
1150         return VIRTIO_NET_ERR;
1151     }
1152 }
1153 
1154 static void virtio_net_disable_rss(VirtIONet *n)
1155 {
1156     if (n->rss_data.enabled) {
1157         trace_virtio_net_rss_disable();
1158     }
1159     n->rss_data.enabled = false;
1160 }
1161 
1162 static uint16_t virtio_net_handle_rss(VirtIONet *n,
1163                                       struct iovec *iov,
1164                                       unsigned int iov_cnt,
1165                                       bool do_rss)
1166 {
1167     VirtIODevice *vdev = VIRTIO_DEVICE(n);
1168     struct virtio_net_rss_config cfg;
1169     size_t s, offset = 0, size_get;
1170     uint16_t queues, i;
1171     struct {
1172         uint16_t us;
1173         uint8_t b;
1174     } QEMU_PACKED temp;
1175     const char *err_msg = "";
1176     uint32_t err_value = 0;
1177 
1178     if (do_rss && !virtio_vdev_has_feature(vdev, VIRTIO_NET_F_RSS)) {
1179         err_msg = "RSS is not negotiated";
1180         goto error;
1181     }
1182     if (!do_rss && !virtio_vdev_has_feature(vdev, VIRTIO_NET_F_HASH_REPORT)) {
1183         err_msg = "Hash report is not negotiated";
1184         goto error;
1185     }
1186     size_get = offsetof(struct virtio_net_rss_config, indirection_table);
1187     s = iov_to_buf(iov, iov_cnt, offset, &cfg, size_get);
1188     if (s != size_get) {
1189         err_msg = "Short command buffer";
1190         err_value = (uint32_t)s;
1191         goto error;
1192     }
1193     n->rss_data.hash_types = virtio_ldl_p(vdev, &cfg.hash_types);
1194     n->rss_data.indirections_len =
1195         virtio_lduw_p(vdev, &cfg.indirection_table_mask);
1196     n->rss_data.indirections_len++;
1197     if (!do_rss) {
1198         n->rss_data.indirections_len = 1;
1199     }
1200     if (!is_power_of_2(n->rss_data.indirections_len)) {
1201         err_msg = "Invalid size of indirection table";
1202         err_value = n->rss_data.indirections_len;
1203         goto error;
1204     }
1205     if (n->rss_data.indirections_len > VIRTIO_NET_RSS_MAX_TABLE_LEN) {
1206         err_msg = "Too large indirection table";
1207         err_value = n->rss_data.indirections_len;
1208         goto error;
1209     }
1210     n->rss_data.default_queue = do_rss ?
1211         virtio_lduw_p(vdev, &cfg.unclassified_queue) : 0;
1212     if (n->rss_data.default_queue >= n->max_queues) {
1213         err_msg = "Invalid default queue";
1214         err_value = n->rss_data.default_queue;
1215         goto error;
1216     }
1217     offset += size_get;
1218     size_get = sizeof(uint16_t) * n->rss_data.indirections_len;
1219     g_free(n->rss_data.indirections_table);
1220     n->rss_data.indirections_table = g_malloc(size_get);
1221     if (!n->rss_data.indirections_table) {
1222         err_msg = "Can't allocate indirections table";
1223         err_value = n->rss_data.indirections_len;
1224         goto error;
1225     }
1226     s = iov_to_buf(iov, iov_cnt, offset,
1227                    n->rss_data.indirections_table, size_get);
1228     if (s != size_get) {
1229         err_msg = "Short indirection table buffer";
1230         err_value = (uint32_t)s;
1231         goto error;
1232     }
1233     for (i = 0; i < n->rss_data.indirections_len; ++i) {
1234         uint16_t val = n->rss_data.indirections_table[i];
1235         n->rss_data.indirections_table[i] = virtio_lduw_p(vdev, &val);
1236     }
1237     offset += size_get;
1238     size_get = sizeof(temp);
1239     s = iov_to_buf(iov, iov_cnt, offset, &temp, size_get);
1240     if (s != size_get) {
1241         err_msg = "Can't get queues";
1242         err_value = (uint32_t)s;
1243         goto error;
1244     }
1245     queues = do_rss ? virtio_lduw_p(vdev, &temp.us) : n->curr_queues;
1246     if (queues == 0 || queues > n->max_queues) {
1247         err_msg = "Invalid number of queues";
1248         err_value = queues;
1249         goto error;
1250     }
1251     if (temp.b > VIRTIO_NET_RSS_MAX_KEY_SIZE) {
1252         err_msg = "Invalid key size";
1253         err_value = temp.b;
1254         goto error;
1255     }
1256     if (!temp.b && n->rss_data.hash_types) {
1257         err_msg = "No key provided";
1258         err_value = 0;
1259         goto error;
1260     }
1261     if (!temp.b && !n->rss_data.hash_types) {
1262         virtio_net_disable_rss(n);
1263         return queues;
1264     }
1265     offset += size_get;
1266     size_get = temp.b;
1267     s = iov_to_buf(iov, iov_cnt, offset, n->rss_data.key, size_get);
1268     if (s != size_get) {
1269         err_msg = "Can get key buffer";
1270         err_value = (uint32_t)s;
1271         goto error;
1272     }
1273     n->rss_data.enabled = true;
1274     trace_virtio_net_rss_enable(n->rss_data.hash_types,
1275                                 n->rss_data.indirections_len,
1276                                 temp.b);
1277     return queues;
1278 error:
1279     trace_virtio_net_rss_error(err_msg, err_value);
1280     virtio_net_disable_rss(n);
1281     return 0;
1282 }
1283 
1284 static int virtio_net_handle_mq(VirtIONet *n, uint8_t cmd,
1285                                 struct iovec *iov, unsigned int iov_cnt)
1286 {
1287     VirtIODevice *vdev = VIRTIO_DEVICE(n);
1288     uint16_t queues;
1289 
1290     virtio_net_disable_rss(n);
1291     if (cmd == VIRTIO_NET_CTRL_MQ_HASH_CONFIG) {
1292         queues = virtio_net_handle_rss(n, iov, iov_cnt, false);
1293         return queues ? VIRTIO_NET_OK : VIRTIO_NET_ERR;
1294     }
1295     if (cmd == VIRTIO_NET_CTRL_MQ_RSS_CONFIG) {
1296         queues = virtio_net_handle_rss(n, iov, iov_cnt, true);
1297     } else if (cmd == VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET) {
1298         struct virtio_net_ctrl_mq mq;
1299         size_t s;
1300         if (!virtio_vdev_has_feature(vdev, VIRTIO_NET_F_MQ)) {
1301             return VIRTIO_NET_ERR;
1302         }
1303         s = iov_to_buf(iov, iov_cnt, 0, &mq, sizeof(mq));
1304         if (s != sizeof(mq)) {
1305             return VIRTIO_NET_ERR;
1306         }
1307         queues = virtio_lduw_p(vdev, &mq.virtqueue_pairs);
1308 
1309     } else {
1310         return VIRTIO_NET_ERR;
1311     }
1312 
1313     if (queues < VIRTIO_NET_CTRL_MQ_VQ_PAIRS_MIN ||
1314         queues > VIRTIO_NET_CTRL_MQ_VQ_PAIRS_MAX ||
1315         queues > n->max_queues ||
1316         !n->multiqueue) {
1317         return VIRTIO_NET_ERR;
1318     }
1319 
1320     n->curr_queues = queues;
1321     /* stop the backend before changing the number of queues to avoid handling a
1322      * disabled queue */
1323     virtio_net_set_status(vdev, vdev->status);
1324     virtio_net_set_queues(n);
1325 
1326     return VIRTIO_NET_OK;
1327 }
1328 
1329 static void virtio_net_handle_ctrl(VirtIODevice *vdev, VirtQueue *vq)
1330 {
1331     VirtIONet *n = VIRTIO_NET(vdev);
1332     struct virtio_net_ctrl_hdr ctrl;
1333     virtio_net_ctrl_ack status = VIRTIO_NET_ERR;
1334     VirtQueueElement *elem;
1335     size_t s;
1336     struct iovec *iov, *iov2;
1337     unsigned int iov_cnt;
1338 
1339     for (;;) {
1340         elem = virtqueue_pop(vq, sizeof(VirtQueueElement));
1341         if (!elem) {
1342             break;
1343         }
1344         if (iov_size(elem->in_sg, elem->in_num) < sizeof(status) ||
1345             iov_size(elem->out_sg, elem->out_num) < sizeof(ctrl)) {
1346             virtio_error(vdev, "virtio-net ctrl missing headers");
1347             virtqueue_detach_element(vq, elem, 0);
1348             g_free(elem);
1349             break;
1350         }
1351 
1352         iov_cnt = elem->out_num;
1353         iov2 = iov = g_memdup(elem->out_sg, sizeof(struct iovec) * elem->out_num);
1354         s = iov_to_buf(iov, iov_cnt, 0, &ctrl, sizeof(ctrl));
1355         iov_discard_front(&iov, &iov_cnt, sizeof(ctrl));
1356         if (s != sizeof(ctrl)) {
1357             status = VIRTIO_NET_ERR;
1358         } else if (ctrl.class == VIRTIO_NET_CTRL_RX) {
1359             status = virtio_net_handle_rx_mode(n, ctrl.cmd, iov, iov_cnt);
1360         } else if (ctrl.class == VIRTIO_NET_CTRL_MAC) {
1361             status = virtio_net_handle_mac(n, ctrl.cmd, iov, iov_cnt);
1362         } else if (ctrl.class == VIRTIO_NET_CTRL_VLAN) {
1363             status = virtio_net_handle_vlan_table(n, ctrl.cmd, iov, iov_cnt);
1364         } else if (ctrl.class == VIRTIO_NET_CTRL_ANNOUNCE) {
1365             status = virtio_net_handle_announce(n, ctrl.cmd, iov, iov_cnt);
1366         } else if (ctrl.class == VIRTIO_NET_CTRL_MQ) {
1367             status = virtio_net_handle_mq(n, ctrl.cmd, iov, iov_cnt);
1368         } else if (ctrl.class == VIRTIO_NET_CTRL_GUEST_OFFLOADS) {
1369             status = virtio_net_handle_offloads(n, ctrl.cmd, iov, iov_cnt);
1370         }
1371 
1372         s = iov_from_buf(elem->in_sg, elem->in_num, 0, &status, sizeof(status));
1373         assert(s == sizeof(status));
1374 
1375         virtqueue_push(vq, elem, sizeof(status));
1376         virtio_notify(vdev, vq);
1377         g_free(iov2);
1378         g_free(elem);
1379     }
1380 }
1381 
1382 /* RX */
1383 
1384 static void virtio_net_handle_rx(VirtIODevice *vdev, VirtQueue *vq)
1385 {
1386     VirtIONet *n = VIRTIO_NET(vdev);
1387     int queue_index = vq2q(virtio_get_queue_index(vq));
1388 
1389     qemu_flush_queued_packets(qemu_get_subqueue(n->nic, queue_index));
1390 }
1391 
1392 static bool virtio_net_can_receive(NetClientState *nc)
1393 {
1394     VirtIONet *n = qemu_get_nic_opaque(nc);
1395     VirtIODevice *vdev = VIRTIO_DEVICE(n);
1396     VirtIONetQueue *q = virtio_net_get_subqueue(nc);
1397 
1398     if (!vdev->vm_running) {
1399         return false;
1400     }
1401 
1402     if (nc->queue_index >= n->curr_queues) {
1403         return false;
1404     }
1405 
1406     if (!virtio_queue_ready(q->rx_vq) ||
1407         !(vdev->status & VIRTIO_CONFIG_S_DRIVER_OK)) {
1408         return false;
1409     }
1410 
1411     return true;
1412 }
1413 
1414 static int virtio_net_has_buffers(VirtIONetQueue *q, int bufsize)
1415 {
1416     VirtIONet *n = q->n;
1417     if (virtio_queue_empty(q->rx_vq) ||
1418         (n->mergeable_rx_bufs &&
1419          !virtqueue_avail_bytes(q->rx_vq, bufsize, 0))) {
1420         virtio_queue_set_notification(q->rx_vq, 1);
1421 
1422         /* To avoid a race condition where the guest has made some buffers
1423          * available after the above check but before notification was
1424          * enabled, check for available buffers again.
1425          */
1426         if (virtio_queue_empty(q->rx_vq) ||
1427             (n->mergeable_rx_bufs &&
1428              !virtqueue_avail_bytes(q->rx_vq, bufsize, 0))) {
1429             return 0;
1430         }
1431     }
1432 
1433     virtio_queue_set_notification(q->rx_vq, 0);
1434     return 1;
1435 }
1436 
1437 static void virtio_net_hdr_swap(VirtIODevice *vdev, struct virtio_net_hdr *hdr)
1438 {
1439     virtio_tswap16s(vdev, &hdr->hdr_len);
1440     virtio_tswap16s(vdev, &hdr->gso_size);
1441     virtio_tswap16s(vdev, &hdr->csum_start);
1442     virtio_tswap16s(vdev, &hdr->csum_offset);
1443 }
1444 
1445 /* dhclient uses AF_PACKET but doesn't pass auxdata to the kernel so
1446  * it never finds out that the packets don't have valid checksums.  This
1447  * causes dhclient to get upset.  Fedora's carried a patch for ages to
1448  * fix this with Xen but it hasn't appeared in an upstream release of
1449  * dhclient yet.
1450  *
1451  * To avoid breaking existing guests, we catch udp packets and add
1452  * checksums.  This is terrible but it's better than hacking the guest
1453  * kernels.
1454  *
1455  * N.B. if we introduce a zero-copy API, this operation is no longer free so
1456  * we should provide a mechanism to disable it to avoid polluting the host
1457  * cache.
1458  */
1459 static void work_around_broken_dhclient(struct virtio_net_hdr *hdr,
1460                                         uint8_t *buf, size_t size)
1461 {
1462     if ((hdr->flags & VIRTIO_NET_HDR_F_NEEDS_CSUM) && /* missing csum */
1463         (size > 27 && size < 1500) && /* normal sized MTU */
1464         (buf[12] == 0x08 && buf[13] == 0x00) && /* ethertype == IPv4 */
1465         (buf[23] == 17) && /* ip.protocol == UDP */
1466         (buf[34] == 0 && buf[35] == 67)) { /* udp.srcport == bootps */
1467         net_checksum_calculate(buf, size, CSUM_UDP);
1468         hdr->flags &= ~VIRTIO_NET_HDR_F_NEEDS_CSUM;
1469     }
1470 }
1471 
1472 static void receive_header(VirtIONet *n, const struct iovec *iov, int iov_cnt,
1473                            const void *buf, size_t size)
1474 {
1475     if (n->has_vnet_hdr) {
1476         /* FIXME this cast is evil */
1477         void *wbuf = (void *)buf;
1478         work_around_broken_dhclient(wbuf, wbuf + n->host_hdr_len,
1479                                     size - n->host_hdr_len);
1480 
1481         if (n->needs_vnet_hdr_swap) {
1482             virtio_net_hdr_swap(VIRTIO_DEVICE(n), wbuf);
1483         }
1484         iov_from_buf(iov, iov_cnt, 0, buf, sizeof(struct virtio_net_hdr));
1485     } else {
1486         struct virtio_net_hdr hdr = {
1487             .flags = 0,
1488             .gso_type = VIRTIO_NET_HDR_GSO_NONE
1489         };
1490         iov_from_buf(iov, iov_cnt, 0, &hdr, sizeof hdr);
1491     }
1492 }
1493 
1494 static int receive_filter(VirtIONet *n, const uint8_t *buf, int size)
1495 {
1496     static const uint8_t bcast[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
1497     static const uint8_t vlan[] = {0x81, 0x00};
1498     uint8_t *ptr = (uint8_t *)buf;
1499     int i;
1500 
1501     if (n->promisc)
1502         return 1;
1503 
1504     ptr += n->host_hdr_len;
1505 
1506     if (!memcmp(&ptr[12], vlan, sizeof(vlan))) {
1507         int vid = lduw_be_p(ptr + 14) & 0xfff;
1508         if (!(n->vlans[vid >> 5] & (1U << (vid & 0x1f))))
1509             return 0;
1510     }
1511 
1512     if (ptr[0] & 1) { // multicast
1513         if (!memcmp(ptr, bcast, sizeof(bcast))) {
1514             return !n->nobcast;
1515         } else if (n->nomulti) {
1516             return 0;
1517         } else if (n->allmulti || n->mac_table.multi_overflow) {
1518             return 1;
1519         }
1520 
1521         for (i = n->mac_table.first_multi; i < n->mac_table.in_use; i++) {
1522             if (!memcmp(ptr, &n->mac_table.macs[i * ETH_ALEN], ETH_ALEN)) {
1523                 return 1;
1524             }
1525         }
1526     } else { // unicast
1527         if (n->nouni) {
1528             return 0;
1529         } else if (n->alluni || n->mac_table.uni_overflow) {
1530             return 1;
1531         } else if (!memcmp(ptr, n->mac, ETH_ALEN)) {
1532             return 1;
1533         }
1534 
1535         for (i = 0; i < n->mac_table.first_multi; i++) {
1536             if (!memcmp(ptr, &n->mac_table.macs[i * ETH_ALEN], ETH_ALEN)) {
1537                 return 1;
1538             }
1539         }
1540     }
1541 
1542     return 0;
1543 }
1544 
1545 static uint8_t virtio_net_get_hash_type(bool isip4,
1546                                         bool isip6,
1547                                         bool isudp,
1548                                         bool istcp,
1549                                         uint32_t types)
1550 {
1551     if (isip4) {
1552         if (istcp && (types & VIRTIO_NET_RSS_HASH_TYPE_TCPv4)) {
1553             return NetPktRssIpV4Tcp;
1554         }
1555         if (isudp && (types & VIRTIO_NET_RSS_HASH_TYPE_UDPv4)) {
1556             return NetPktRssIpV4Udp;
1557         }
1558         if (types & VIRTIO_NET_RSS_HASH_TYPE_IPv4) {
1559             return NetPktRssIpV4;
1560         }
1561     } else if (isip6) {
1562         uint32_t mask = VIRTIO_NET_RSS_HASH_TYPE_TCP_EX |
1563                         VIRTIO_NET_RSS_HASH_TYPE_TCPv6;
1564 
1565         if (istcp && (types & mask)) {
1566             return (types & VIRTIO_NET_RSS_HASH_TYPE_TCP_EX) ?
1567                 NetPktRssIpV6TcpEx : NetPktRssIpV6Tcp;
1568         }
1569         mask = VIRTIO_NET_RSS_HASH_TYPE_UDP_EX | VIRTIO_NET_RSS_HASH_TYPE_UDPv6;
1570         if (isudp && (types & mask)) {
1571             return (types & VIRTIO_NET_RSS_HASH_TYPE_UDP_EX) ?
1572                 NetPktRssIpV6UdpEx : NetPktRssIpV6Udp;
1573         }
1574         mask = VIRTIO_NET_RSS_HASH_TYPE_IP_EX | VIRTIO_NET_RSS_HASH_TYPE_IPv6;
1575         if (types & mask) {
1576             return (types & VIRTIO_NET_RSS_HASH_TYPE_IP_EX) ?
1577                 NetPktRssIpV6Ex : NetPktRssIpV6;
1578         }
1579     }
1580     return 0xff;
1581 }
1582 
1583 static void virtio_set_packet_hash(const uint8_t *buf, uint8_t report,
1584                                    uint32_t hash)
1585 {
1586     struct virtio_net_hdr_v1_hash *hdr = (void *)buf;
1587     hdr->hash_value = hash;
1588     hdr->hash_report = report;
1589 }
1590 
1591 static int virtio_net_process_rss(NetClientState *nc, const uint8_t *buf,
1592                                   size_t size)
1593 {
1594     VirtIONet *n = qemu_get_nic_opaque(nc);
1595     unsigned int index = nc->queue_index, new_index = index;
1596     struct NetRxPkt *pkt = n->rx_pkt;
1597     uint8_t net_hash_type;
1598     uint32_t hash;
1599     bool isip4, isip6, isudp, istcp;
1600     static const uint8_t reports[NetPktRssIpV6UdpEx + 1] = {
1601         VIRTIO_NET_HASH_REPORT_IPv4,
1602         VIRTIO_NET_HASH_REPORT_TCPv4,
1603         VIRTIO_NET_HASH_REPORT_TCPv6,
1604         VIRTIO_NET_HASH_REPORT_IPv6,
1605         VIRTIO_NET_HASH_REPORT_IPv6_EX,
1606         VIRTIO_NET_HASH_REPORT_TCPv6_EX,
1607         VIRTIO_NET_HASH_REPORT_UDPv4,
1608         VIRTIO_NET_HASH_REPORT_UDPv6,
1609         VIRTIO_NET_HASH_REPORT_UDPv6_EX
1610     };
1611 
1612     net_rx_pkt_set_protocols(pkt, buf + n->host_hdr_len,
1613                              size - n->host_hdr_len);
1614     net_rx_pkt_get_protocols(pkt, &isip4, &isip6, &isudp, &istcp);
1615     if (isip4 && (net_rx_pkt_get_ip4_info(pkt)->fragment)) {
1616         istcp = isudp = false;
1617     }
1618     if (isip6 && (net_rx_pkt_get_ip6_info(pkt)->fragment)) {
1619         istcp = isudp = false;
1620     }
1621     net_hash_type = virtio_net_get_hash_type(isip4, isip6, isudp, istcp,
1622                                              n->rss_data.hash_types);
1623     if (net_hash_type > NetPktRssIpV6UdpEx) {
1624         if (n->rss_data.populate_hash) {
1625             virtio_set_packet_hash(buf, VIRTIO_NET_HASH_REPORT_NONE, 0);
1626         }
1627         return n->rss_data.redirect ? n->rss_data.default_queue : -1;
1628     }
1629 
1630     hash = net_rx_pkt_calc_rss_hash(pkt, net_hash_type, n->rss_data.key);
1631 
1632     if (n->rss_data.populate_hash) {
1633         virtio_set_packet_hash(buf, reports[net_hash_type], hash);
1634     }
1635 
1636     if (n->rss_data.redirect) {
1637         new_index = hash & (n->rss_data.indirections_len - 1);
1638         new_index = n->rss_data.indirections_table[new_index];
1639     }
1640 
1641     return (index == new_index) ? -1 : new_index;
1642 }
1643 
1644 static ssize_t virtio_net_receive_rcu(NetClientState *nc, const uint8_t *buf,
1645                                       size_t size, bool no_rss)
1646 {
1647     VirtIONet *n = qemu_get_nic_opaque(nc);
1648     VirtIONetQueue *q = virtio_net_get_subqueue(nc);
1649     VirtIODevice *vdev = VIRTIO_DEVICE(n);
1650     struct iovec mhdr_sg[VIRTQUEUE_MAX_SIZE];
1651     struct virtio_net_hdr_mrg_rxbuf mhdr;
1652     unsigned mhdr_cnt = 0;
1653     size_t offset, i, guest_offset;
1654 
1655     if (!virtio_net_can_receive(nc)) {
1656         return -1;
1657     }
1658 
1659     if (!no_rss && n->rss_data.enabled) {
1660         int index = virtio_net_process_rss(nc, buf, size);
1661         if (index >= 0) {
1662             NetClientState *nc2 = qemu_get_subqueue(n->nic, index);
1663             return virtio_net_receive_rcu(nc2, buf, size, true);
1664         }
1665     }
1666 
1667     /* hdr_len refers to the header we supply to the guest */
1668     if (!virtio_net_has_buffers(q, size + n->guest_hdr_len - n->host_hdr_len)) {
1669         return 0;
1670     }
1671 
1672     if (!receive_filter(n, buf, size))
1673         return size;
1674 
1675     offset = i = 0;
1676 
1677     while (offset < size) {
1678         VirtQueueElement *elem;
1679         int len, total;
1680         const struct iovec *sg;
1681 
1682         total = 0;
1683 
1684         elem = virtqueue_pop(q->rx_vq, sizeof(VirtQueueElement));
1685         if (!elem) {
1686             if (i) {
1687                 virtio_error(vdev, "virtio-net unexpected empty queue: "
1688                              "i %zd mergeable %d offset %zd, size %zd, "
1689                              "guest hdr len %zd, host hdr len %zd "
1690                              "guest features 0x%" PRIx64,
1691                              i, n->mergeable_rx_bufs, offset, size,
1692                              n->guest_hdr_len, n->host_hdr_len,
1693                              vdev->guest_features);
1694             }
1695             return -1;
1696         }
1697 
1698         if (elem->in_num < 1) {
1699             virtio_error(vdev,
1700                          "virtio-net receive queue contains no in buffers");
1701             virtqueue_detach_element(q->rx_vq, elem, 0);
1702             g_free(elem);
1703             return -1;
1704         }
1705 
1706         sg = elem->in_sg;
1707         if (i == 0) {
1708             assert(offset == 0);
1709             if (n->mergeable_rx_bufs) {
1710                 mhdr_cnt = iov_copy(mhdr_sg, ARRAY_SIZE(mhdr_sg),
1711                                     sg, elem->in_num,
1712                                     offsetof(typeof(mhdr), num_buffers),
1713                                     sizeof(mhdr.num_buffers));
1714             }
1715 
1716             receive_header(n, sg, elem->in_num, buf, size);
1717             if (n->rss_data.populate_hash) {
1718                 offset = sizeof(mhdr);
1719                 iov_from_buf(sg, elem->in_num, offset,
1720                              buf + offset, n->host_hdr_len - sizeof(mhdr));
1721             }
1722             offset = n->host_hdr_len;
1723             total += n->guest_hdr_len;
1724             guest_offset = n->guest_hdr_len;
1725         } else {
1726             guest_offset = 0;
1727         }
1728 
1729         /* copy in packet.  ugh */
1730         len = iov_from_buf(sg, elem->in_num, guest_offset,
1731                            buf + offset, size - offset);
1732         total += len;
1733         offset += len;
1734         /* If buffers can't be merged, at this point we
1735          * must have consumed the complete packet.
1736          * Otherwise, drop it. */
1737         if (!n->mergeable_rx_bufs && offset < size) {
1738             virtqueue_unpop(q->rx_vq, elem, total);
1739             g_free(elem);
1740             return size;
1741         }
1742 
1743         /* signal other side */
1744         virtqueue_fill(q->rx_vq, elem, total, i++);
1745         g_free(elem);
1746     }
1747 
1748     if (mhdr_cnt) {
1749         virtio_stw_p(vdev, &mhdr.num_buffers, i);
1750         iov_from_buf(mhdr_sg, mhdr_cnt,
1751                      0,
1752                      &mhdr.num_buffers, sizeof mhdr.num_buffers);
1753     }
1754 
1755     virtqueue_flush(q->rx_vq, i);
1756     virtio_notify(vdev, q->rx_vq);
1757 
1758     return size;
1759 }
1760 
1761 static ssize_t virtio_net_do_receive(NetClientState *nc, const uint8_t *buf,
1762                                   size_t size)
1763 {
1764     RCU_READ_LOCK_GUARD();
1765 
1766     return virtio_net_receive_rcu(nc, buf, size, false);
1767 }
1768 
1769 static void virtio_net_rsc_extract_unit4(VirtioNetRscChain *chain,
1770                                          const uint8_t *buf,
1771                                          VirtioNetRscUnit *unit)
1772 {
1773     uint16_t ip_hdrlen;
1774     struct ip_header *ip;
1775 
1776     ip = (struct ip_header *)(buf + chain->n->guest_hdr_len
1777                               + sizeof(struct eth_header));
1778     unit->ip = (void *)ip;
1779     ip_hdrlen = (ip->ip_ver_len & 0xF) << 2;
1780     unit->ip_plen = &ip->ip_len;
1781     unit->tcp = (struct tcp_header *)(((uint8_t *)unit->ip) + ip_hdrlen);
1782     unit->tcp_hdrlen = (htons(unit->tcp->th_offset_flags) & 0xF000) >> 10;
1783     unit->payload = htons(*unit->ip_plen) - ip_hdrlen - unit->tcp_hdrlen;
1784 }
1785 
1786 static void virtio_net_rsc_extract_unit6(VirtioNetRscChain *chain,
1787                                          const uint8_t *buf,
1788                                          VirtioNetRscUnit *unit)
1789 {
1790     struct ip6_header *ip6;
1791 
1792     ip6 = (struct ip6_header *)(buf + chain->n->guest_hdr_len
1793                                  + sizeof(struct eth_header));
1794     unit->ip = ip6;
1795     unit->ip_plen = &(ip6->ip6_ctlun.ip6_un1.ip6_un1_plen);
1796     unit->tcp = (struct tcp_header *)(((uint8_t *)unit->ip)
1797                                         + sizeof(struct ip6_header));
1798     unit->tcp_hdrlen = (htons(unit->tcp->th_offset_flags) & 0xF000) >> 10;
1799 
1800     /* There is a difference between payload lenght in ipv4 and v6,
1801        ip header is excluded in ipv6 */
1802     unit->payload = htons(*unit->ip_plen) - unit->tcp_hdrlen;
1803 }
1804 
1805 static size_t virtio_net_rsc_drain_seg(VirtioNetRscChain *chain,
1806                                        VirtioNetRscSeg *seg)
1807 {
1808     int ret;
1809     struct virtio_net_hdr_v1 *h;
1810 
1811     h = (struct virtio_net_hdr_v1 *)seg->buf;
1812     h->flags = 0;
1813     h->gso_type = VIRTIO_NET_HDR_GSO_NONE;
1814 
1815     if (seg->is_coalesced) {
1816         h->rsc.segments = seg->packets;
1817         h->rsc.dup_acks = seg->dup_ack;
1818         h->flags = VIRTIO_NET_HDR_F_RSC_INFO;
1819         if (chain->proto == ETH_P_IP) {
1820             h->gso_type = VIRTIO_NET_HDR_GSO_TCPV4;
1821         } else {
1822             h->gso_type = VIRTIO_NET_HDR_GSO_TCPV6;
1823         }
1824     }
1825 
1826     ret = virtio_net_do_receive(seg->nc, seg->buf, seg->size);
1827     QTAILQ_REMOVE(&chain->buffers, seg, next);
1828     g_free(seg->buf);
1829     g_free(seg);
1830 
1831     return ret;
1832 }
1833 
1834 static void virtio_net_rsc_purge(void *opq)
1835 {
1836     VirtioNetRscSeg *seg, *rn;
1837     VirtioNetRscChain *chain = (VirtioNetRscChain *)opq;
1838 
1839     QTAILQ_FOREACH_SAFE(seg, &chain->buffers, next, rn) {
1840         if (virtio_net_rsc_drain_seg(chain, seg) == 0) {
1841             chain->stat.purge_failed++;
1842             continue;
1843         }
1844     }
1845 
1846     chain->stat.timer++;
1847     if (!QTAILQ_EMPTY(&chain->buffers)) {
1848         timer_mod(chain->drain_timer,
1849               qemu_clock_get_ns(QEMU_CLOCK_HOST) + chain->n->rsc_timeout);
1850     }
1851 }
1852 
1853 static void virtio_net_rsc_cleanup(VirtIONet *n)
1854 {
1855     VirtioNetRscChain *chain, *rn_chain;
1856     VirtioNetRscSeg *seg, *rn_seg;
1857 
1858     QTAILQ_FOREACH_SAFE(chain, &n->rsc_chains, next, rn_chain) {
1859         QTAILQ_FOREACH_SAFE(seg, &chain->buffers, next, rn_seg) {
1860             QTAILQ_REMOVE(&chain->buffers, seg, next);
1861             g_free(seg->buf);
1862             g_free(seg);
1863         }
1864 
1865         timer_free(chain->drain_timer);
1866         QTAILQ_REMOVE(&n->rsc_chains, chain, next);
1867         g_free(chain);
1868     }
1869 }
1870 
1871 static void virtio_net_rsc_cache_buf(VirtioNetRscChain *chain,
1872                                      NetClientState *nc,
1873                                      const uint8_t *buf, size_t size)
1874 {
1875     uint16_t hdr_len;
1876     VirtioNetRscSeg *seg;
1877 
1878     hdr_len = chain->n->guest_hdr_len;
1879     seg = g_malloc(sizeof(VirtioNetRscSeg));
1880     seg->buf = g_malloc(hdr_len + sizeof(struct eth_header)
1881         + sizeof(struct ip6_header) + VIRTIO_NET_MAX_TCP_PAYLOAD);
1882     memcpy(seg->buf, buf, size);
1883     seg->size = size;
1884     seg->packets = 1;
1885     seg->dup_ack = 0;
1886     seg->is_coalesced = 0;
1887     seg->nc = nc;
1888 
1889     QTAILQ_INSERT_TAIL(&chain->buffers, seg, next);
1890     chain->stat.cache++;
1891 
1892     switch (chain->proto) {
1893     case ETH_P_IP:
1894         virtio_net_rsc_extract_unit4(chain, seg->buf, &seg->unit);
1895         break;
1896     case ETH_P_IPV6:
1897         virtio_net_rsc_extract_unit6(chain, seg->buf, &seg->unit);
1898         break;
1899     default:
1900         g_assert_not_reached();
1901     }
1902 }
1903 
1904 static int32_t virtio_net_rsc_handle_ack(VirtioNetRscChain *chain,
1905                                          VirtioNetRscSeg *seg,
1906                                          const uint8_t *buf,
1907                                          struct tcp_header *n_tcp,
1908                                          struct tcp_header *o_tcp)
1909 {
1910     uint32_t nack, oack;
1911     uint16_t nwin, owin;
1912 
1913     nack = htonl(n_tcp->th_ack);
1914     nwin = htons(n_tcp->th_win);
1915     oack = htonl(o_tcp->th_ack);
1916     owin = htons(o_tcp->th_win);
1917 
1918     if ((nack - oack) >= VIRTIO_NET_MAX_TCP_PAYLOAD) {
1919         chain->stat.ack_out_of_win++;
1920         return RSC_FINAL;
1921     } else if (nack == oack) {
1922         /* duplicated ack or window probe */
1923         if (nwin == owin) {
1924             /* duplicated ack, add dup ack count due to whql test up to 1 */
1925             chain->stat.dup_ack++;
1926             return RSC_FINAL;
1927         } else {
1928             /* Coalesce window update */
1929             o_tcp->th_win = n_tcp->th_win;
1930             chain->stat.win_update++;
1931             return RSC_COALESCE;
1932         }
1933     } else {
1934         /* pure ack, go to 'C', finalize*/
1935         chain->stat.pure_ack++;
1936         return RSC_FINAL;
1937     }
1938 }
1939 
1940 static int32_t virtio_net_rsc_coalesce_data(VirtioNetRscChain *chain,
1941                                             VirtioNetRscSeg *seg,
1942                                             const uint8_t *buf,
1943                                             VirtioNetRscUnit *n_unit)
1944 {
1945     void *data;
1946     uint16_t o_ip_len;
1947     uint32_t nseq, oseq;
1948     VirtioNetRscUnit *o_unit;
1949 
1950     o_unit = &seg->unit;
1951     o_ip_len = htons(*o_unit->ip_plen);
1952     nseq = htonl(n_unit->tcp->th_seq);
1953     oseq = htonl(o_unit->tcp->th_seq);
1954 
1955     /* out of order or retransmitted. */
1956     if ((nseq - oseq) > VIRTIO_NET_MAX_TCP_PAYLOAD) {
1957         chain->stat.data_out_of_win++;
1958         return RSC_FINAL;
1959     }
1960 
1961     data = ((uint8_t *)n_unit->tcp) + n_unit->tcp_hdrlen;
1962     if (nseq == oseq) {
1963         if ((o_unit->payload == 0) && n_unit->payload) {
1964             /* From no payload to payload, normal case, not a dup ack or etc */
1965             chain->stat.data_after_pure_ack++;
1966             goto coalesce;
1967         } else {
1968             return virtio_net_rsc_handle_ack(chain, seg, buf,
1969                                              n_unit->tcp, o_unit->tcp);
1970         }
1971     } else if ((nseq - oseq) != o_unit->payload) {
1972         /* Not a consistent packet, out of order */
1973         chain->stat.data_out_of_order++;
1974         return RSC_FINAL;
1975     } else {
1976 coalesce:
1977         if ((o_ip_len + n_unit->payload) > chain->max_payload) {
1978             chain->stat.over_size++;
1979             return RSC_FINAL;
1980         }
1981 
1982         /* Here comes the right data, the payload length in v4/v6 is different,
1983            so use the field value to update and record the new data len */
1984         o_unit->payload += n_unit->payload; /* update new data len */
1985 
1986         /* update field in ip header */
1987         *o_unit->ip_plen = htons(o_ip_len + n_unit->payload);
1988 
1989         /* Bring 'PUSH' big, the whql test guide says 'PUSH' can be coalesced
1990            for windows guest, while this may change the behavior for linux
1991            guest (only if it uses RSC feature). */
1992         o_unit->tcp->th_offset_flags = n_unit->tcp->th_offset_flags;
1993 
1994         o_unit->tcp->th_ack = n_unit->tcp->th_ack;
1995         o_unit->tcp->th_win = n_unit->tcp->th_win;
1996 
1997         memmove(seg->buf + seg->size, data, n_unit->payload);
1998         seg->size += n_unit->payload;
1999         seg->packets++;
2000         chain->stat.coalesced++;
2001         return RSC_COALESCE;
2002     }
2003 }
2004 
2005 static int32_t virtio_net_rsc_coalesce4(VirtioNetRscChain *chain,
2006                                         VirtioNetRscSeg *seg,
2007                                         const uint8_t *buf, size_t size,
2008                                         VirtioNetRscUnit *unit)
2009 {
2010     struct ip_header *ip1, *ip2;
2011 
2012     ip1 = (struct ip_header *)(unit->ip);
2013     ip2 = (struct ip_header *)(seg->unit.ip);
2014     if ((ip1->ip_src ^ ip2->ip_src) || (ip1->ip_dst ^ ip2->ip_dst)
2015         || (unit->tcp->th_sport ^ seg->unit.tcp->th_sport)
2016         || (unit->tcp->th_dport ^ seg->unit.tcp->th_dport)) {
2017         chain->stat.no_match++;
2018         return RSC_NO_MATCH;
2019     }
2020 
2021     return virtio_net_rsc_coalesce_data(chain, seg, buf, unit);
2022 }
2023 
2024 static int32_t virtio_net_rsc_coalesce6(VirtioNetRscChain *chain,
2025                                         VirtioNetRscSeg *seg,
2026                                         const uint8_t *buf, size_t size,
2027                                         VirtioNetRscUnit *unit)
2028 {
2029     struct ip6_header *ip1, *ip2;
2030 
2031     ip1 = (struct ip6_header *)(unit->ip);
2032     ip2 = (struct ip6_header *)(seg->unit.ip);
2033     if (memcmp(&ip1->ip6_src, &ip2->ip6_src, sizeof(struct in6_address))
2034         || memcmp(&ip1->ip6_dst, &ip2->ip6_dst, sizeof(struct in6_address))
2035         || (unit->tcp->th_sport ^ seg->unit.tcp->th_sport)
2036         || (unit->tcp->th_dport ^ seg->unit.tcp->th_dport)) {
2037             chain->stat.no_match++;
2038             return RSC_NO_MATCH;
2039     }
2040 
2041     return virtio_net_rsc_coalesce_data(chain, seg, buf, unit);
2042 }
2043 
2044 /* Packets with 'SYN' should bypass, other flag should be sent after drain
2045  * to prevent out of order */
2046 static int virtio_net_rsc_tcp_ctrl_check(VirtioNetRscChain *chain,
2047                                          struct tcp_header *tcp)
2048 {
2049     uint16_t tcp_hdr;
2050     uint16_t tcp_flag;
2051 
2052     tcp_flag = htons(tcp->th_offset_flags);
2053     tcp_hdr = (tcp_flag & VIRTIO_NET_TCP_HDR_LENGTH) >> 10;
2054     tcp_flag &= VIRTIO_NET_TCP_FLAG;
2055     if (tcp_flag & TH_SYN) {
2056         chain->stat.tcp_syn++;
2057         return RSC_BYPASS;
2058     }
2059 
2060     if (tcp_flag & (TH_FIN | TH_URG | TH_RST | TH_ECE | TH_CWR)) {
2061         chain->stat.tcp_ctrl_drain++;
2062         return RSC_FINAL;
2063     }
2064 
2065     if (tcp_hdr > sizeof(struct tcp_header)) {
2066         chain->stat.tcp_all_opt++;
2067         return RSC_FINAL;
2068     }
2069 
2070     return RSC_CANDIDATE;
2071 }
2072 
2073 static size_t virtio_net_rsc_do_coalesce(VirtioNetRscChain *chain,
2074                                          NetClientState *nc,
2075                                          const uint8_t *buf, size_t size,
2076                                          VirtioNetRscUnit *unit)
2077 {
2078     int ret;
2079     VirtioNetRscSeg *seg, *nseg;
2080 
2081     if (QTAILQ_EMPTY(&chain->buffers)) {
2082         chain->stat.empty_cache++;
2083         virtio_net_rsc_cache_buf(chain, nc, buf, size);
2084         timer_mod(chain->drain_timer,
2085               qemu_clock_get_ns(QEMU_CLOCK_HOST) + chain->n->rsc_timeout);
2086         return size;
2087     }
2088 
2089     QTAILQ_FOREACH_SAFE(seg, &chain->buffers, next, nseg) {
2090         if (chain->proto == ETH_P_IP) {
2091             ret = virtio_net_rsc_coalesce4(chain, seg, buf, size, unit);
2092         } else {
2093             ret = virtio_net_rsc_coalesce6(chain, seg, buf, size, unit);
2094         }
2095 
2096         if (ret == RSC_FINAL) {
2097             if (virtio_net_rsc_drain_seg(chain, seg) == 0) {
2098                 /* Send failed */
2099                 chain->stat.final_failed++;
2100                 return 0;
2101             }
2102 
2103             /* Send current packet */
2104             return virtio_net_do_receive(nc, buf, size);
2105         } else if (ret == RSC_NO_MATCH) {
2106             continue;
2107         } else {
2108             /* Coalesced, mark coalesced flag to tell calc cksum for ipv4 */
2109             seg->is_coalesced = 1;
2110             return size;
2111         }
2112     }
2113 
2114     chain->stat.no_match_cache++;
2115     virtio_net_rsc_cache_buf(chain, nc, buf, size);
2116     return size;
2117 }
2118 
2119 /* Drain a connection data, this is to avoid out of order segments */
2120 static size_t virtio_net_rsc_drain_flow(VirtioNetRscChain *chain,
2121                                         NetClientState *nc,
2122                                         const uint8_t *buf, size_t size,
2123                                         uint16_t ip_start, uint16_t ip_size,
2124                                         uint16_t tcp_port)
2125 {
2126     VirtioNetRscSeg *seg, *nseg;
2127     uint32_t ppair1, ppair2;
2128 
2129     ppair1 = *(uint32_t *)(buf + tcp_port);
2130     QTAILQ_FOREACH_SAFE(seg, &chain->buffers, next, nseg) {
2131         ppair2 = *(uint32_t *)(seg->buf + tcp_port);
2132         if (memcmp(buf + ip_start, seg->buf + ip_start, ip_size)
2133             || (ppair1 != ppair2)) {
2134             continue;
2135         }
2136         if (virtio_net_rsc_drain_seg(chain, seg) == 0) {
2137             chain->stat.drain_failed++;
2138         }
2139 
2140         break;
2141     }
2142 
2143     return virtio_net_do_receive(nc, buf, size);
2144 }
2145 
2146 static int32_t virtio_net_rsc_sanity_check4(VirtioNetRscChain *chain,
2147                                             struct ip_header *ip,
2148                                             const uint8_t *buf, size_t size)
2149 {
2150     uint16_t ip_len;
2151 
2152     /* Not an ipv4 packet */
2153     if (((ip->ip_ver_len & 0xF0) >> 4) != IP_HEADER_VERSION_4) {
2154         chain->stat.ip_option++;
2155         return RSC_BYPASS;
2156     }
2157 
2158     /* Don't handle packets with ip option */
2159     if ((ip->ip_ver_len & 0xF) != VIRTIO_NET_IP4_HEADER_LENGTH) {
2160         chain->stat.ip_option++;
2161         return RSC_BYPASS;
2162     }
2163 
2164     if (ip->ip_p != IPPROTO_TCP) {
2165         chain->stat.bypass_not_tcp++;
2166         return RSC_BYPASS;
2167     }
2168 
2169     /* Don't handle packets with ip fragment */
2170     if (!(htons(ip->ip_off) & IP_DF)) {
2171         chain->stat.ip_frag++;
2172         return RSC_BYPASS;
2173     }
2174 
2175     /* Don't handle packets with ecn flag */
2176     if (IPTOS_ECN(ip->ip_tos)) {
2177         chain->stat.ip_ecn++;
2178         return RSC_BYPASS;
2179     }
2180 
2181     ip_len = htons(ip->ip_len);
2182     if (ip_len < (sizeof(struct ip_header) + sizeof(struct tcp_header))
2183         || ip_len > (size - chain->n->guest_hdr_len -
2184                      sizeof(struct eth_header))) {
2185         chain->stat.ip_hacked++;
2186         return RSC_BYPASS;
2187     }
2188 
2189     return RSC_CANDIDATE;
2190 }
2191 
2192 static size_t virtio_net_rsc_receive4(VirtioNetRscChain *chain,
2193                                       NetClientState *nc,
2194                                       const uint8_t *buf, size_t size)
2195 {
2196     int32_t ret;
2197     uint16_t hdr_len;
2198     VirtioNetRscUnit unit;
2199 
2200     hdr_len = ((VirtIONet *)(chain->n))->guest_hdr_len;
2201 
2202     if (size < (hdr_len + sizeof(struct eth_header) + sizeof(struct ip_header)
2203         + sizeof(struct tcp_header))) {
2204         chain->stat.bypass_not_tcp++;
2205         return virtio_net_do_receive(nc, buf, size);
2206     }
2207 
2208     virtio_net_rsc_extract_unit4(chain, buf, &unit);
2209     if (virtio_net_rsc_sanity_check4(chain, unit.ip, buf, size)
2210         != RSC_CANDIDATE) {
2211         return virtio_net_do_receive(nc, buf, size);
2212     }
2213 
2214     ret = virtio_net_rsc_tcp_ctrl_check(chain, unit.tcp);
2215     if (ret == RSC_BYPASS) {
2216         return virtio_net_do_receive(nc, buf, size);
2217     } else if (ret == RSC_FINAL) {
2218         return virtio_net_rsc_drain_flow(chain, nc, buf, size,
2219                 ((hdr_len + sizeof(struct eth_header)) + 12),
2220                 VIRTIO_NET_IP4_ADDR_SIZE,
2221                 hdr_len + sizeof(struct eth_header) + sizeof(struct ip_header));
2222     }
2223 
2224     return virtio_net_rsc_do_coalesce(chain, nc, buf, size, &unit);
2225 }
2226 
2227 static int32_t virtio_net_rsc_sanity_check6(VirtioNetRscChain *chain,
2228                                             struct ip6_header *ip6,
2229                                             const uint8_t *buf, size_t size)
2230 {
2231     uint16_t ip_len;
2232 
2233     if (((ip6->ip6_ctlun.ip6_un1.ip6_un1_flow & 0xF0) >> 4)
2234         != IP_HEADER_VERSION_6) {
2235         return RSC_BYPASS;
2236     }
2237 
2238     /* Both option and protocol is checked in this */
2239     if (ip6->ip6_ctlun.ip6_un1.ip6_un1_nxt != IPPROTO_TCP) {
2240         chain->stat.bypass_not_tcp++;
2241         return RSC_BYPASS;
2242     }
2243 
2244     ip_len = htons(ip6->ip6_ctlun.ip6_un1.ip6_un1_plen);
2245     if (ip_len < sizeof(struct tcp_header) ||
2246         ip_len > (size - chain->n->guest_hdr_len - sizeof(struct eth_header)
2247                   - sizeof(struct ip6_header))) {
2248         chain->stat.ip_hacked++;
2249         return RSC_BYPASS;
2250     }
2251 
2252     /* Don't handle packets with ecn flag */
2253     if (IP6_ECN(ip6->ip6_ctlun.ip6_un3.ip6_un3_ecn)) {
2254         chain->stat.ip_ecn++;
2255         return RSC_BYPASS;
2256     }
2257 
2258     return RSC_CANDIDATE;
2259 }
2260 
2261 static size_t virtio_net_rsc_receive6(void *opq, NetClientState *nc,
2262                                       const uint8_t *buf, size_t size)
2263 {
2264     int32_t ret;
2265     uint16_t hdr_len;
2266     VirtioNetRscChain *chain;
2267     VirtioNetRscUnit unit;
2268 
2269     chain = (VirtioNetRscChain *)opq;
2270     hdr_len = ((VirtIONet *)(chain->n))->guest_hdr_len;
2271 
2272     if (size < (hdr_len + sizeof(struct eth_header) + sizeof(struct ip6_header)
2273         + sizeof(tcp_header))) {
2274         return virtio_net_do_receive(nc, buf, size);
2275     }
2276 
2277     virtio_net_rsc_extract_unit6(chain, buf, &unit);
2278     if (RSC_CANDIDATE != virtio_net_rsc_sanity_check6(chain,
2279                                                  unit.ip, buf, size)) {
2280         return virtio_net_do_receive(nc, buf, size);
2281     }
2282 
2283     ret = virtio_net_rsc_tcp_ctrl_check(chain, unit.tcp);
2284     if (ret == RSC_BYPASS) {
2285         return virtio_net_do_receive(nc, buf, size);
2286     } else if (ret == RSC_FINAL) {
2287         return virtio_net_rsc_drain_flow(chain, nc, buf, size,
2288                 ((hdr_len + sizeof(struct eth_header)) + 8),
2289                 VIRTIO_NET_IP6_ADDR_SIZE,
2290                 hdr_len + sizeof(struct eth_header)
2291                 + sizeof(struct ip6_header));
2292     }
2293 
2294     return virtio_net_rsc_do_coalesce(chain, nc, buf, size, &unit);
2295 }
2296 
2297 static VirtioNetRscChain *virtio_net_rsc_lookup_chain(VirtIONet *n,
2298                                                       NetClientState *nc,
2299                                                       uint16_t proto)
2300 {
2301     VirtioNetRscChain *chain;
2302 
2303     if ((proto != (uint16_t)ETH_P_IP) && (proto != (uint16_t)ETH_P_IPV6)) {
2304         return NULL;
2305     }
2306 
2307     QTAILQ_FOREACH(chain, &n->rsc_chains, next) {
2308         if (chain->proto == proto) {
2309             return chain;
2310         }
2311     }
2312 
2313     chain = g_malloc(sizeof(*chain));
2314     chain->n = n;
2315     chain->proto = proto;
2316     if (proto == (uint16_t)ETH_P_IP) {
2317         chain->max_payload = VIRTIO_NET_MAX_IP4_PAYLOAD;
2318         chain->gso_type = VIRTIO_NET_HDR_GSO_TCPV4;
2319     } else {
2320         chain->max_payload = VIRTIO_NET_MAX_IP6_PAYLOAD;
2321         chain->gso_type = VIRTIO_NET_HDR_GSO_TCPV6;
2322     }
2323     chain->drain_timer = timer_new_ns(QEMU_CLOCK_HOST,
2324                                       virtio_net_rsc_purge, chain);
2325     memset(&chain->stat, 0, sizeof(chain->stat));
2326 
2327     QTAILQ_INIT(&chain->buffers);
2328     QTAILQ_INSERT_TAIL(&n->rsc_chains, chain, next);
2329 
2330     return chain;
2331 }
2332 
2333 static ssize_t virtio_net_rsc_receive(NetClientState *nc,
2334                                       const uint8_t *buf,
2335                                       size_t size)
2336 {
2337     uint16_t proto;
2338     VirtioNetRscChain *chain;
2339     struct eth_header *eth;
2340     VirtIONet *n;
2341 
2342     n = qemu_get_nic_opaque(nc);
2343     if (size < (n->host_hdr_len + sizeof(struct eth_header))) {
2344         return virtio_net_do_receive(nc, buf, size);
2345     }
2346 
2347     eth = (struct eth_header *)(buf + n->guest_hdr_len);
2348     proto = htons(eth->h_proto);
2349 
2350     chain = virtio_net_rsc_lookup_chain(n, nc, proto);
2351     if (chain) {
2352         chain->stat.received++;
2353         if (proto == (uint16_t)ETH_P_IP && n->rsc4_enabled) {
2354             return virtio_net_rsc_receive4(chain, nc, buf, size);
2355         } else if (proto == (uint16_t)ETH_P_IPV6 && n->rsc6_enabled) {
2356             return virtio_net_rsc_receive6(chain, nc, buf, size);
2357         }
2358     }
2359     return virtio_net_do_receive(nc, buf, size);
2360 }
2361 
2362 static ssize_t virtio_net_receive(NetClientState *nc, const uint8_t *buf,
2363                                   size_t size)
2364 {
2365     VirtIONet *n = qemu_get_nic_opaque(nc);
2366     if ((n->rsc4_enabled || n->rsc6_enabled)) {
2367         return virtio_net_rsc_receive(nc, buf, size);
2368     } else {
2369         return virtio_net_do_receive(nc, buf, size);
2370     }
2371 }
2372 
2373 static int32_t virtio_net_flush_tx(VirtIONetQueue *q);
2374 
2375 static void virtio_net_tx_complete(NetClientState *nc, ssize_t len)
2376 {
2377     VirtIONet *n = qemu_get_nic_opaque(nc);
2378     VirtIONetQueue *q = virtio_net_get_subqueue(nc);
2379     VirtIODevice *vdev = VIRTIO_DEVICE(n);
2380 
2381     virtqueue_push(q->tx_vq, q->async_tx.elem, 0);
2382     virtio_notify(vdev, q->tx_vq);
2383 
2384     g_free(q->async_tx.elem);
2385     q->async_tx.elem = NULL;
2386 
2387     virtio_queue_set_notification(q->tx_vq, 1);
2388     virtio_net_flush_tx(q);
2389 }
2390 
2391 /* TX */
2392 static int32_t virtio_net_flush_tx(VirtIONetQueue *q)
2393 {
2394     VirtIONet *n = q->n;
2395     VirtIODevice *vdev = VIRTIO_DEVICE(n);
2396     VirtQueueElement *elem;
2397     int32_t num_packets = 0;
2398     int queue_index = vq2q(virtio_get_queue_index(q->tx_vq));
2399     if (!(vdev->status & VIRTIO_CONFIG_S_DRIVER_OK)) {
2400         return num_packets;
2401     }
2402 
2403     if (q->async_tx.elem) {
2404         virtio_queue_set_notification(q->tx_vq, 0);
2405         return num_packets;
2406     }
2407 
2408     for (;;) {
2409         ssize_t ret;
2410         unsigned int out_num;
2411         struct iovec sg[VIRTQUEUE_MAX_SIZE], sg2[VIRTQUEUE_MAX_SIZE + 1], *out_sg;
2412         struct virtio_net_hdr_mrg_rxbuf mhdr;
2413 
2414         elem = virtqueue_pop(q->tx_vq, sizeof(VirtQueueElement));
2415         if (!elem) {
2416             break;
2417         }
2418 
2419         out_num = elem->out_num;
2420         out_sg = elem->out_sg;
2421         if (out_num < 1) {
2422             virtio_error(vdev, "virtio-net header not in first element");
2423             virtqueue_detach_element(q->tx_vq, elem, 0);
2424             g_free(elem);
2425             return -EINVAL;
2426         }
2427 
2428         if (n->has_vnet_hdr) {
2429             if (iov_to_buf(out_sg, out_num, 0, &mhdr, n->guest_hdr_len) <
2430                 n->guest_hdr_len) {
2431                 virtio_error(vdev, "virtio-net header incorrect");
2432                 virtqueue_detach_element(q->tx_vq, elem, 0);
2433                 g_free(elem);
2434                 return -EINVAL;
2435             }
2436             if (n->needs_vnet_hdr_swap) {
2437                 virtio_net_hdr_swap(vdev, (void *) &mhdr);
2438                 sg2[0].iov_base = &mhdr;
2439                 sg2[0].iov_len = n->guest_hdr_len;
2440                 out_num = iov_copy(&sg2[1], ARRAY_SIZE(sg2) - 1,
2441                                    out_sg, out_num,
2442                                    n->guest_hdr_len, -1);
2443                 if (out_num == VIRTQUEUE_MAX_SIZE) {
2444                     goto drop;
2445                 }
2446                 out_num += 1;
2447                 out_sg = sg2;
2448             }
2449         }
2450         /*
2451          * If host wants to see the guest header as is, we can
2452          * pass it on unchanged. Otherwise, copy just the parts
2453          * that host is interested in.
2454          */
2455         assert(n->host_hdr_len <= n->guest_hdr_len);
2456         if (n->host_hdr_len != n->guest_hdr_len) {
2457             unsigned sg_num = iov_copy(sg, ARRAY_SIZE(sg),
2458                                        out_sg, out_num,
2459                                        0, n->host_hdr_len);
2460             sg_num += iov_copy(sg + sg_num, ARRAY_SIZE(sg) - sg_num,
2461                              out_sg, out_num,
2462                              n->guest_hdr_len, -1);
2463             out_num = sg_num;
2464             out_sg = sg;
2465         }
2466 
2467         ret = qemu_sendv_packet_async(qemu_get_subqueue(n->nic, queue_index),
2468                                       out_sg, out_num, virtio_net_tx_complete);
2469         if (ret == 0) {
2470             virtio_queue_set_notification(q->tx_vq, 0);
2471             q->async_tx.elem = elem;
2472             return -EBUSY;
2473         }
2474 
2475 drop:
2476         virtqueue_push(q->tx_vq, elem, 0);
2477         virtio_notify(vdev, q->tx_vq);
2478         g_free(elem);
2479 
2480         if (++num_packets >= n->tx_burst) {
2481             break;
2482         }
2483     }
2484     return num_packets;
2485 }
2486 
2487 static void virtio_net_handle_tx_timer(VirtIODevice *vdev, VirtQueue *vq)
2488 {
2489     VirtIONet *n = VIRTIO_NET(vdev);
2490     VirtIONetQueue *q = &n->vqs[vq2q(virtio_get_queue_index(vq))];
2491 
2492     if (unlikely((n->status & VIRTIO_NET_S_LINK_UP) == 0)) {
2493         virtio_net_drop_tx_queue_data(vdev, vq);
2494         return;
2495     }
2496 
2497     /* This happens when device was stopped but VCPU wasn't. */
2498     if (!vdev->vm_running) {
2499         q->tx_waiting = 1;
2500         return;
2501     }
2502 
2503     if (q->tx_waiting) {
2504         virtio_queue_set_notification(vq, 1);
2505         timer_del(q->tx_timer);
2506         q->tx_waiting = 0;
2507         if (virtio_net_flush_tx(q) == -EINVAL) {
2508             return;
2509         }
2510     } else {
2511         timer_mod(q->tx_timer,
2512                        qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + n->tx_timeout);
2513         q->tx_waiting = 1;
2514         virtio_queue_set_notification(vq, 0);
2515     }
2516 }
2517 
2518 static void virtio_net_handle_tx_bh(VirtIODevice *vdev, VirtQueue *vq)
2519 {
2520     VirtIONet *n = VIRTIO_NET(vdev);
2521     VirtIONetQueue *q = &n->vqs[vq2q(virtio_get_queue_index(vq))];
2522 
2523     if (unlikely((n->status & VIRTIO_NET_S_LINK_UP) == 0)) {
2524         virtio_net_drop_tx_queue_data(vdev, vq);
2525         return;
2526     }
2527 
2528     if (unlikely(q->tx_waiting)) {
2529         return;
2530     }
2531     q->tx_waiting = 1;
2532     /* This happens when device was stopped but VCPU wasn't. */
2533     if (!vdev->vm_running) {
2534         return;
2535     }
2536     virtio_queue_set_notification(vq, 0);
2537     qemu_bh_schedule(q->tx_bh);
2538 }
2539 
2540 static void virtio_net_tx_timer(void *opaque)
2541 {
2542     VirtIONetQueue *q = opaque;
2543     VirtIONet *n = q->n;
2544     VirtIODevice *vdev = VIRTIO_DEVICE(n);
2545     /* This happens when device was stopped but BH wasn't. */
2546     if (!vdev->vm_running) {
2547         /* Make sure tx waiting is set, so we'll run when restarted. */
2548         assert(q->tx_waiting);
2549         return;
2550     }
2551 
2552     q->tx_waiting = 0;
2553 
2554     /* Just in case the driver is not ready on more */
2555     if (!(vdev->status & VIRTIO_CONFIG_S_DRIVER_OK)) {
2556         return;
2557     }
2558 
2559     virtio_queue_set_notification(q->tx_vq, 1);
2560     virtio_net_flush_tx(q);
2561 }
2562 
2563 static void virtio_net_tx_bh(void *opaque)
2564 {
2565     VirtIONetQueue *q = opaque;
2566     VirtIONet *n = q->n;
2567     VirtIODevice *vdev = VIRTIO_DEVICE(n);
2568     int32_t ret;
2569 
2570     /* This happens when device was stopped but BH wasn't. */
2571     if (!vdev->vm_running) {
2572         /* Make sure tx waiting is set, so we'll run when restarted. */
2573         assert(q->tx_waiting);
2574         return;
2575     }
2576 
2577     q->tx_waiting = 0;
2578 
2579     /* Just in case the driver is not ready on more */
2580     if (unlikely(!(vdev->status & VIRTIO_CONFIG_S_DRIVER_OK))) {
2581         return;
2582     }
2583 
2584     ret = virtio_net_flush_tx(q);
2585     if (ret == -EBUSY || ret == -EINVAL) {
2586         return; /* Notification re-enable handled by tx_complete or device
2587                  * broken */
2588     }
2589 
2590     /* If we flush a full burst of packets, assume there are
2591      * more coming and immediately reschedule */
2592     if (ret >= n->tx_burst) {
2593         qemu_bh_schedule(q->tx_bh);
2594         q->tx_waiting = 1;
2595         return;
2596     }
2597 
2598     /* If less than a full burst, re-enable notification and flush
2599      * anything that may have come in while we weren't looking.  If
2600      * we find something, assume the guest is still active and reschedule */
2601     virtio_queue_set_notification(q->tx_vq, 1);
2602     ret = virtio_net_flush_tx(q);
2603     if (ret == -EINVAL) {
2604         return;
2605     } else if (ret > 0) {
2606         virtio_queue_set_notification(q->tx_vq, 0);
2607         qemu_bh_schedule(q->tx_bh);
2608         q->tx_waiting = 1;
2609     }
2610 }
2611 
2612 static void virtio_net_add_queue(VirtIONet *n, int index)
2613 {
2614     VirtIODevice *vdev = VIRTIO_DEVICE(n);
2615 
2616     n->vqs[index].rx_vq = virtio_add_queue(vdev, n->net_conf.rx_queue_size,
2617                                            virtio_net_handle_rx);
2618 
2619     if (n->net_conf.tx && !strcmp(n->net_conf.tx, "timer")) {
2620         n->vqs[index].tx_vq =
2621             virtio_add_queue(vdev, n->net_conf.tx_queue_size,
2622                              virtio_net_handle_tx_timer);
2623         n->vqs[index].tx_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL,
2624                                               virtio_net_tx_timer,
2625                                               &n->vqs[index]);
2626     } else {
2627         n->vqs[index].tx_vq =
2628             virtio_add_queue(vdev, n->net_conf.tx_queue_size,
2629                              virtio_net_handle_tx_bh);
2630         n->vqs[index].tx_bh = qemu_bh_new(virtio_net_tx_bh, &n->vqs[index]);
2631     }
2632 
2633     n->vqs[index].tx_waiting = 0;
2634     n->vqs[index].n = n;
2635 }
2636 
2637 static void virtio_net_del_queue(VirtIONet *n, int index)
2638 {
2639     VirtIODevice *vdev = VIRTIO_DEVICE(n);
2640     VirtIONetQueue *q = &n->vqs[index];
2641     NetClientState *nc = qemu_get_subqueue(n->nic, index);
2642 
2643     qemu_purge_queued_packets(nc);
2644 
2645     virtio_del_queue(vdev, index * 2);
2646     if (q->tx_timer) {
2647         timer_free(q->tx_timer);
2648         q->tx_timer = NULL;
2649     } else {
2650         qemu_bh_delete(q->tx_bh);
2651         q->tx_bh = NULL;
2652     }
2653     q->tx_waiting = 0;
2654     virtio_del_queue(vdev, index * 2 + 1);
2655 }
2656 
2657 static void virtio_net_change_num_queues(VirtIONet *n, int new_max_queues)
2658 {
2659     VirtIODevice *vdev = VIRTIO_DEVICE(n);
2660     int old_num_queues = virtio_get_num_queues(vdev);
2661     int new_num_queues = new_max_queues * 2 + 1;
2662     int i;
2663 
2664     assert(old_num_queues >= 3);
2665     assert(old_num_queues % 2 == 1);
2666 
2667     if (old_num_queues == new_num_queues) {
2668         return;
2669     }
2670 
2671     /*
2672      * We always need to remove and add ctrl vq if
2673      * old_num_queues != new_num_queues. Remove ctrl_vq first,
2674      * and then we only enter one of the following two loops.
2675      */
2676     virtio_del_queue(vdev, old_num_queues - 1);
2677 
2678     for (i = new_num_queues - 1; i < old_num_queues - 1; i += 2) {
2679         /* new_num_queues < old_num_queues */
2680         virtio_net_del_queue(n, i / 2);
2681     }
2682 
2683     for (i = old_num_queues - 1; i < new_num_queues - 1; i += 2) {
2684         /* new_num_queues > old_num_queues */
2685         virtio_net_add_queue(n, i / 2);
2686     }
2687 
2688     /* add ctrl_vq last */
2689     n->ctrl_vq = virtio_add_queue(vdev, 64, virtio_net_handle_ctrl);
2690 }
2691 
2692 static void virtio_net_set_multiqueue(VirtIONet *n, int multiqueue)
2693 {
2694     int max = multiqueue ? n->max_queues : 1;
2695 
2696     n->multiqueue = multiqueue;
2697     virtio_net_change_num_queues(n, max);
2698 
2699     virtio_net_set_queues(n);
2700 }
2701 
2702 static int virtio_net_post_load_device(void *opaque, int version_id)
2703 {
2704     VirtIONet *n = opaque;
2705     VirtIODevice *vdev = VIRTIO_DEVICE(n);
2706     int i, link_down;
2707 
2708     trace_virtio_net_post_load_device();
2709     virtio_net_set_mrg_rx_bufs(n, n->mergeable_rx_bufs,
2710                                virtio_vdev_has_feature(vdev,
2711                                                        VIRTIO_F_VERSION_1),
2712                                virtio_vdev_has_feature(vdev,
2713                                                        VIRTIO_NET_F_HASH_REPORT));
2714 
2715     /* MAC_TABLE_ENTRIES may be different from the saved image */
2716     if (n->mac_table.in_use > MAC_TABLE_ENTRIES) {
2717         n->mac_table.in_use = 0;
2718     }
2719 
2720     if (!virtio_vdev_has_feature(vdev, VIRTIO_NET_F_CTRL_GUEST_OFFLOADS)) {
2721         n->curr_guest_offloads = virtio_net_supported_guest_offloads(n);
2722     }
2723 
2724     /*
2725      * curr_guest_offloads will be later overwritten by the
2726      * virtio_set_features_nocheck call done from the virtio_load.
2727      * Here we make sure it is preserved and restored accordingly
2728      * in the virtio_net_post_load_virtio callback.
2729      */
2730     n->saved_guest_offloads = n->curr_guest_offloads;
2731 
2732     virtio_net_set_queues(n);
2733 
2734     /* Find the first multicast entry in the saved MAC filter */
2735     for (i = 0; i < n->mac_table.in_use; i++) {
2736         if (n->mac_table.macs[i * ETH_ALEN] & 1) {
2737             break;
2738         }
2739     }
2740     n->mac_table.first_multi = i;
2741 
2742     /* nc.link_down can't be migrated, so infer link_down according
2743      * to link status bit in n->status */
2744     link_down = (n->status & VIRTIO_NET_S_LINK_UP) == 0;
2745     for (i = 0; i < n->max_queues; i++) {
2746         qemu_get_subqueue(n->nic, i)->link_down = link_down;
2747     }
2748 
2749     if (virtio_vdev_has_feature(vdev, VIRTIO_NET_F_GUEST_ANNOUNCE) &&
2750         virtio_vdev_has_feature(vdev, VIRTIO_NET_F_CTRL_VQ)) {
2751         qemu_announce_timer_reset(&n->announce_timer, migrate_announce_params(),
2752                                   QEMU_CLOCK_VIRTUAL,
2753                                   virtio_net_announce_timer, n);
2754         if (n->announce_timer.round) {
2755             timer_mod(n->announce_timer.tm,
2756                       qemu_clock_get_ms(n->announce_timer.type));
2757         } else {
2758             qemu_announce_timer_del(&n->announce_timer, false);
2759         }
2760     }
2761 
2762     if (n->rss_data.enabled) {
2763         trace_virtio_net_rss_enable(n->rss_data.hash_types,
2764                                     n->rss_data.indirections_len,
2765                                     sizeof(n->rss_data.key));
2766     } else {
2767         trace_virtio_net_rss_disable();
2768     }
2769     return 0;
2770 }
2771 
2772 static int virtio_net_post_load_virtio(VirtIODevice *vdev)
2773 {
2774     VirtIONet *n = VIRTIO_NET(vdev);
2775     /*
2776      * The actual needed state is now in saved_guest_offloads,
2777      * see virtio_net_post_load_device for detail.
2778      * Restore it back and apply the desired offloads.
2779      */
2780     n->curr_guest_offloads = n->saved_guest_offloads;
2781     if (peer_has_vnet_hdr(n)) {
2782         virtio_net_apply_guest_offloads(n);
2783     }
2784 
2785     return 0;
2786 }
2787 
2788 /* tx_waiting field of a VirtIONetQueue */
2789 static const VMStateDescription vmstate_virtio_net_queue_tx_waiting = {
2790     .name = "virtio-net-queue-tx_waiting",
2791     .fields = (VMStateField[]) {
2792         VMSTATE_UINT32(tx_waiting, VirtIONetQueue),
2793         VMSTATE_END_OF_LIST()
2794    },
2795 };
2796 
2797 static bool max_queues_gt_1(void *opaque, int version_id)
2798 {
2799     return VIRTIO_NET(opaque)->max_queues > 1;
2800 }
2801 
2802 static bool has_ctrl_guest_offloads(void *opaque, int version_id)
2803 {
2804     return virtio_vdev_has_feature(VIRTIO_DEVICE(opaque),
2805                                    VIRTIO_NET_F_CTRL_GUEST_OFFLOADS);
2806 }
2807 
2808 static bool mac_table_fits(void *opaque, int version_id)
2809 {
2810     return VIRTIO_NET(opaque)->mac_table.in_use <= MAC_TABLE_ENTRIES;
2811 }
2812 
2813 static bool mac_table_doesnt_fit(void *opaque, int version_id)
2814 {
2815     return !mac_table_fits(opaque, version_id);
2816 }
2817 
2818 /* This temporary type is shared by all the WITH_TMP methods
2819  * although only some fields are used by each.
2820  */
2821 struct VirtIONetMigTmp {
2822     VirtIONet      *parent;
2823     VirtIONetQueue *vqs_1;
2824     uint16_t        curr_queues_1;
2825     uint8_t         has_ufo;
2826     uint32_t        has_vnet_hdr;
2827 };
2828 
2829 /* The 2nd and subsequent tx_waiting flags are loaded later than
2830  * the 1st entry in the queues and only if there's more than one
2831  * entry.  We use the tmp mechanism to calculate a temporary
2832  * pointer and count and also validate the count.
2833  */
2834 
2835 static int virtio_net_tx_waiting_pre_save(void *opaque)
2836 {
2837     struct VirtIONetMigTmp *tmp = opaque;
2838 
2839     tmp->vqs_1 = tmp->parent->vqs + 1;
2840     tmp->curr_queues_1 = tmp->parent->curr_queues - 1;
2841     if (tmp->parent->curr_queues == 0) {
2842         tmp->curr_queues_1 = 0;
2843     }
2844 
2845     return 0;
2846 }
2847 
2848 static int virtio_net_tx_waiting_pre_load(void *opaque)
2849 {
2850     struct VirtIONetMigTmp *tmp = opaque;
2851 
2852     /* Reuse the pointer setup from save */
2853     virtio_net_tx_waiting_pre_save(opaque);
2854 
2855     if (tmp->parent->curr_queues > tmp->parent->max_queues) {
2856         error_report("virtio-net: curr_queues %x > max_queues %x",
2857             tmp->parent->curr_queues, tmp->parent->max_queues);
2858 
2859         return -EINVAL;
2860     }
2861 
2862     return 0; /* all good */
2863 }
2864 
2865 static const VMStateDescription vmstate_virtio_net_tx_waiting = {
2866     .name      = "virtio-net-tx_waiting",
2867     .pre_load  = virtio_net_tx_waiting_pre_load,
2868     .pre_save  = virtio_net_tx_waiting_pre_save,
2869     .fields    = (VMStateField[]) {
2870         VMSTATE_STRUCT_VARRAY_POINTER_UINT16(vqs_1, struct VirtIONetMigTmp,
2871                                      curr_queues_1,
2872                                      vmstate_virtio_net_queue_tx_waiting,
2873                                      struct VirtIONetQueue),
2874         VMSTATE_END_OF_LIST()
2875     },
2876 };
2877 
2878 /* the 'has_ufo' flag is just tested; if the incoming stream has the
2879  * flag set we need to check that we have it
2880  */
2881 static int virtio_net_ufo_post_load(void *opaque, int version_id)
2882 {
2883     struct VirtIONetMigTmp *tmp = opaque;
2884 
2885     if (tmp->has_ufo && !peer_has_ufo(tmp->parent)) {
2886         error_report("virtio-net: saved image requires TUN_F_UFO support");
2887         return -EINVAL;
2888     }
2889 
2890     return 0;
2891 }
2892 
2893 static int virtio_net_ufo_pre_save(void *opaque)
2894 {
2895     struct VirtIONetMigTmp *tmp = opaque;
2896 
2897     tmp->has_ufo = tmp->parent->has_ufo;
2898 
2899     return 0;
2900 }
2901 
2902 static const VMStateDescription vmstate_virtio_net_has_ufo = {
2903     .name      = "virtio-net-ufo",
2904     .post_load = virtio_net_ufo_post_load,
2905     .pre_save  = virtio_net_ufo_pre_save,
2906     .fields    = (VMStateField[]) {
2907         VMSTATE_UINT8(has_ufo, struct VirtIONetMigTmp),
2908         VMSTATE_END_OF_LIST()
2909     },
2910 };
2911 
2912 /* the 'has_vnet_hdr' flag is just tested; if the incoming stream has the
2913  * flag set we need to check that we have it
2914  */
2915 static int virtio_net_vnet_post_load(void *opaque, int version_id)
2916 {
2917     struct VirtIONetMigTmp *tmp = opaque;
2918 
2919     if (tmp->has_vnet_hdr && !peer_has_vnet_hdr(tmp->parent)) {
2920         error_report("virtio-net: saved image requires vnet_hdr=on");
2921         return -EINVAL;
2922     }
2923 
2924     return 0;
2925 }
2926 
2927 static int virtio_net_vnet_pre_save(void *opaque)
2928 {
2929     struct VirtIONetMigTmp *tmp = opaque;
2930 
2931     tmp->has_vnet_hdr = tmp->parent->has_vnet_hdr;
2932 
2933     return 0;
2934 }
2935 
2936 static const VMStateDescription vmstate_virtio_net_has_vnet = {
2937     .name      = "virtio-net-vnet",
2938     .post_load = virtio_net_vnet_post_load,
2939     .pre_save  = virtio_net_vnet_pre_save,
2940     .fields    = (VMStateField[]) {
2941         VMSTATE_UINT32(has_vnet_hdr, struct VirtIONetMigTmp),
2942         VMSTATE_END_OF_LIST()
2943     },
2944 };
2945 
2946 static bool virtio_net_rss_needed(void *opaque)
2947 {
2948     return VIRTIO_NET(opaque)->rss_data.enabled;
2949 }
2950 
2951 static const VMStateDescription vmstate_virtio_net_rss = {
2952     .name      = "virtio-net-device/rss",
2953     .version_id = 1,
2954     .minimum_version_id = 1,
2955     .needed = virtio_net_rss_needed,
2956     .fields = (VMStateField[]) {
2957         VMSTATE_BOOL(rss_data.enabled, VirtIONet),
2958         VMSTATE_BOOL(rss_data.redirect, VirtIONet),
2959         VMSTATE_BOOL(rss_data.populate_hash, VirtIONet),
2960         VMSTATE_UINT32(rss_data.hash_types, VirtIONet),
2961         VMSTATE_UINT16(rss_data.indirections_len, VirtIONet),
2962         VMSTATE_UINT16(rss_data.default_queue, VirtIONet),
2963         VMSTATE_UINT8_ARRAY(rss_data.key, VirtIONet,
2964                             VIRTIO_NET_RSS_MAX_KEY_SIZE),
2965         VMSTATE_VARRAY_UINT16_ALLOC(rss_data.indirections_table, VirtIONet,
2966                                     rss_data.indirections_len, 0,
2967                                     vmstate_info_uint16, uint16_t),
2968         VMSTATE_END_OF_LIST()
2969     },
2970 };
2971 
2972 static const VMStateDescription vmstate_virtio_net_device = {
2973     .name = "virtio-net-device",
2974     .version_id = VIRTIO_NET_VM_VERSION,
2975     .minimum_version_id = VIRTIO_NET_VM_VERSION,
2976     .post_load = virtio_net_post_load_device,
2977     .fields = (VMStateField[]) {
2978         VMSTATE_UINT8_ARRAY(mac, VirtIONet, ETH_ALEN),
2979         VMSTATE_STRUCT_POINTER(vqs, VirtIONet,
2980                                vmstate_virtio_net_queue_tx_waiting,
2981                                VirtIONetQueue),
2982         VMSTATE_UINT32(mergeable_rx_bufs, VirtIONet),
2983         VMSTATE_UINT16(status, VirtIONet),
2984         VMSTATE_UINT8(promisc, VirtIONet),
2985         VMSTATE_UINT8(allmulti, VirtIONet),
2986         VMSTATE_UINT32(mac_table.in_use, VirtIONet),
2987 
2988         /* Guarded pair: If it fits we load it, else we throw it away
2989          * - can happen if source has a larger MAC table.; post-load
2990          *  sets flags in this case.
2991          */
2992         VMSTATE_VBUFFER_MULTIPLY(mac_table.macs, VirtIONet,
2993                                 0, mac_table_fits, mac_table.in_use,
2994                                  ETH_ALEN),
2995         VMSTATE_UNUSED_VARRAY_UINT32(VirtIONet, mac_table_doesnt_fit, 0,
2996                                      mac_table.in_use, ETH_ALEN),
2997 
2998         /* Note: This is an array of uint32's that's always been saved as a
2999          * buffer; hold onto your endiannesses; it's actually used as a bitmap
3000          * but based on the uint.
3001          */
3002         VMSTATE_BUFFER_POINTER_UNSAFE(vlans, VirtIONet, 0, MAX_VLAN >> 3),
3003         VMSTATE_WITH_TMP(VirtIONet, struct VirtIONetMigTmp,
3004                          vmstate_virtio_net_has_vnet),
3005         VMSTATE_UINT8(mac_table.multi_overflow, VirtIONet),
3006         VMSTATE_UINT8(mac_table.uni_overflow, VirtIONet),
3007         VMSTATE_UINT8(alluni, VirtIONet),
3008         VMSTATE_UINT8(nomulti, VirtIONet),
3009         VMSTATE_UINT8(nouni, VirtIONet),
3010         VMSTATE_UINT8(nobcast, VirtIONet),
3011         VMSTATE_WITH_TMP(VirtIONet, struct VirtIONetMigTmp,
3012                          vmstate_virtio_net_has_ufo),
3013         VMSTATE_SINGLE_TEST(max_queues, VirtIONet, max_queues_gt_1, 0,
3014                             vmstate_info_uint16_equal, uint16_t),
3015         VMSTATE_UINT16_TEST(curr_queues, VirtIONet, max_queues_gt_1),
3016         VMSTATE_WITH_TMP(VirtIONet, struct VirtIONetMigTmp,
3017                          vmstate_virtio_net_tx_waiting),
3018         VMSTATE_UINT64_TEST(curr_guest_offloads, VirtIONet,
3019                             has_ctrl_guest_offloads),
3020         VMSTATE_END_OF_LIST()
3021    },
3022     .subsections = (const VMStateDescription * []) {
3023         &vmstate_virtio_net_rss,
3024         NULL
3025     }
3026 };
3027 
3028 static NetClientInfo net_virtio_info = {
3029     .type = NET_CLIENT_DRIVER_NIC,
3030     .size = sizeof(NICState),
3031     .can_receive = virtio_net_can_receive,
3032     .receive = virtio_net_receive,
3033     .link_status_changed = virtio_net_set_link_status,
3034     .query_rx_filter = virtio_net_query_rxfilter,
3035     .announce = virtio_net_announce,
3036 };
3037 
3038 static bool virtio_net_guest_notifier_pending(VirtIODevice *vdev, int idx)
3039 {
3040     VirtIONet *n = VIRTIO_NET(vdev);
3041     NetClientState *nc = qemu_get_subqueue(n->nic, vq2q(idx));
3042     assert(n->vhost_started);
3043     return vhost_net_virtqueue_pending(get_vhost_net(nc->peer), idx);
3044 }
3045 
3046 static void virtio_net_guest_notifier_mask(VirtIODevice *vdev, int idx,
3047                                            bool mask)
3048 {
3049     VirtIONet *n = VIRTIO_NET(vdev);
3050     NetClientState *nc = qemu_get_subqueue(n->nic, vq2q(idx));
3051     assert(n->vhost_started);
3052     vhost_net_virtqueue_mask(get_vhost_net(nc->peer),
3053                              vdev, idx, mask);
3054 }
3055 
3056 static void virtio_net_set_config_size(VirtIONet *n, uint64_t host_features)
3057 {
3058     virtio_add_feature(&host_features, VIRTIO_NET_F_MAC);
3059 
3060     n->config_size = virtio_feature_get_config_size(feature_sizes,
3061                                                     host_features);
3062 }
3063 
3064 void virtio_net_set_netclient_name(VirtIONet *n, const char *name,
3065                                    const char *type)
3066 {
3067     /*
3068      * The name can be NULL, the netclient name will be type.x.
3069      */
3070     assert(type != NULL);
3071 
3072     g_free(n->netclient_name);
3073     g_free(n->netclient_type);
3074     n->netclient_name = g_strdup(name);
3075     n->netclient_type = g_strdup(type);
3076 }
3077 
3078 static bool failover_unplug_primary(VirtIONet *n, DeviceState *dev)
3079 {
3080     HotplugHandler *hotplug_ctrl;
3081     PCIDevice *pci_dev;
3082     Error *err = NULL;
3083 
3084     hotplug_ctrl = qdev_get_hotplug_handler(dev);
3085     if (hotplug_ctrl) {
3086         pci_dev = PCI_DEVICE(dev);
3087         pci_dev->partially_hotplugged = true;
3088         hotplug_handler_unplug_request(hotplug_ctrl, dev, &err);
3089         if (err) {
3090             error_report_err(err);
3091             return false;
3092         }
3093     } else {
3094         return false;
3095     }
3096     return true;
3097 }
3098 
3099 static bool failover_replug_primary(VirtIONet *n, DeviceState *dev,
3100                                     Error **errp)
3101 {
3102     Error *err = NULL;
3103     HotplugHandler *hotplug_ctrl;
3104     PCIDevice *pdev = PCI_DEVICE(dev);
3105     BusState *primary_bus;
3106 
3107     if (!pdev->partially_hotplugged) {
3108         return true;
3109     }
3110     primary_bus = dev->parent_bus;
3111     if (!primary_bus) {
3112         error_setg(errp, "virtio_net: couldn't find primary bus");
3113         return false;
3114     }
3115     qdev_set_parent_bus(dev, primary_bus, &error_abort);
3116     qatomic_set(&n->failover_primary_hidden, false);
3117     hotplug_ctrl = qdev_get_hotplug_handler(dev);
3118     if (hotplug_ctrl) {
3119         hotplug_handler_pre_plug(hotplug_ctrl, dev, &err);
3120         if (err) {
3121             goto out;
3122         }
3123         hotplug_handler_plug(hotplug_ctrl, dev, &err);
3124     }
3125 
3126 out:
3127     error_propagate(errp, err);
3128     return !err;
3129 }
3130 
3131 static void virtio_net_handle_migration_primary(VirtIONet *n, MigrationState *s)
3132 {
3133     bool should_be_hidden;
3134     Error *err = NULL;
3135     DeviceState *dev = failover_find_primary_device(n);
3136 
3137     if (!dev) {
3138         return;
3139     }
3140 
3141     should_be_hidden = qatomic_read(&n->failover_primary_hidden);
3142 
3143     if (migration_in_setup(s) && !should_be_hidden) {
3144         if (failover_unplug_primary(n, dev)) {
3145             vmstate_unregister(VMSTATE_IF(dev), qdev_get_vmsd(dev), dev);
3146             qapi_event_send_unplug_primary(dev->id);
3147             qatomic_set(&n->failover_primary_hidden, true);
3148         } else {
3149             warn_report("couldn't unplug primary device");
3150         }
3151     } else if (migration_has_failed(s)) {
3152         /* We already unplugged the device let's plug it back */
3153         if (!failover_replug_primary(n, dev, &err)) {
3154             if (err) {
3155                 error_report_err(err);
3156             }
3157         }
3158     }
3159 }
3160 
3161 static void virtio_net_migration_state_notifier(Notifier *notifier, void *data)
3162 {
3163     MigrationState *s = data;
3164     VirtIONet *n = container_of(notifier, VirtIONet, migration_state);
3165     virtio_net_handle_migration_primary(n, s);
3166 }
3167 
3168 static bool failover_hide_primary_device(DeviceListener *listener,
3169                                          QemuOpts *device_opts)
3170 {
3171     VirtIONet *n = container_of(listener, VirtIONet, primary_listener);
3172     const char *standby_id;
3173 
3174     if (!device_opts) {
3175         return false;
3176     }
3177     standby_id = qemu_opt_get(device_opts, "failover_pair_id");
3178     if (g_strcmp0(standby_id, n->netclient_name) != 0) {
3179         return false;
3180     }
3181 
3182     /* failover_primary_hidden is set during feature negotiation */
3183     return qatomic_read(&n->failover_primary_hidden);
3184 }
3185 
3186 static void virtio_net_device_realize(DeviceState *dev, Error **errp)
3187 {
3188     VirtIODevice *vdev = VIRTIO_DEVICE(dev);
3189     VirtIONet *n = VIRTIO_NET(dev);
3190     NetClientState *nc;
3191     int i;
3192 
3193     if (n->net_conf.mtu) {
3194         n->host_features |= (1ULL << VIRTIO_NET_F_MTU);
3195     }
3196 
3197     if (n->net_conf.duplex_str) {
3198         if (strncmp(n->net_conf.duplex_str, "half", 5) == 0) {
3199             n->net_conf.duplex = DUPLEX_HALF;
3200         } else if (strncmp(n->net_conf.duplex_str, "full", 5) == 0) {
3201             n->net_conf.duplex = DUPLEX_FULL;
3202         } else {
3203             error_setg(errp, "'duplex' must be 'half' or 'full'");
3204             return;
3205         }
3206         n->host_features |= (1ULL << VIRTIO_NET_F_SPEED_DUPLEX);
3207     } else {
3208         n->net_conf.duplex = DUPLEX_UNKNOWN;
3209     }
3210 
3211     if (n->net_conf.speed < SPEED_UNKNOWN) {
3212         error_setg(errp, "'speed' must be between 0 and INT_MAX");
3213         return;
3214     }
3215     if (n->net_conf.speed >= 0) {
3216         n->host_features |= (1ULL << VIRTIO_NET_F_SPEED_DUPLEX);
3217     }
3218 
3219     if (n->failover) {
3220         n->primary_listener.hide_device = failover_hide_primary_device;
3221         qatomic_set(&n->failover_primary_hidden, true);
3222         device_listener_register(&n->primary_listener);
3223         n->migration_state.notify = virtio_net_migration_state_notifier;
3224         add_migration_state_change_notifier(&n->migration_state);
3225         n->host_features |= (1ULL << VIRTIO_NET_F_STANDBY);
3226     }
3227 
3228     virtio_net_set_config_size(n, n->host_features);
3229     virtio_init(vdev, "virtio-net", VIRTIO_ID_NET, n->config_size);
3230 
3231     /*
3232      * We set a lower limit on RX queue size to what it always was.
3233      * Guests that want a smaller ring can always resize it without
3234      * help from us (using virtio 1 and up).
3235      */
3236     if (n->net_conf.rx_queue_size < VIRTIO_NET_RX_QUEUE_MIN_SIZE ||
3237         n->net_conf.rx_queue_size > VIRTQUEUE_MAX_SIZE ||
3238         !is_power_of_2(n->net_conf.rx_queue_size)) {
3239         error_setg(errp, "Invalid rx_queue_size (= %" PRIu16 "), "
3240                    "must be a power of 2 between %d and %d.",
3241                    n->net_conf.rx_queue_size, VIRTIO_NET_RX_QUEUE_MIN_SIZE,
3242                    VIRTQUEUE_MAX_SIZE);
3243         virtio_cleanup(vdev);
3244         return;
3245     }
3246 
3247     if (n->net_conf.tx_queue_size < VIRTIO_NET_TX_QUEUE_MIN_SIZE ||
3248         n->net_conf.tx_queue_size > VIRTQUEUE_MAX_SIZE ||
3249         !is_power_of_2(n->net_conf.tx_queue_size)) {
3250         error_setg(errp, "Invalid tx_queue_size (= %" PRIu16 "), "
3251                    "must be a power of 2 between %d and %d",
3252                    n->net_conf.tx_queue_size, VIRTIO_NET_TX_QUEUE_MIN_SIZE,
3253                    VIRTQUEUE_MAX_SIZE);
3254         virtio_cleanup(vdev);
3255         return;
3256     }
3257 
3258     n->max_queues = MAX(n->nic_conf.peers.queues, 1);
3259     if (n->max_queues * 2 + 1 > VIRTIO_QUEUE_MAX) {
3260         error_setg(errp, "Invalid number of queues (= %" PRIu32 "), "
3261                    "must be a positive integer less than %d.",
3262                    n->max_queues, (VIRTIO_QUEUE_MAX - 1) / 2);
3263         virtio_cleanup(vdev);
3264         return;
3265     }
3266     n->vqs = g_malloc0(sizeof(VirtIONetQueue) * n->max_queues);
3267     n->curr_queues = 1;
3268     n->tx_timeout = n->net_conf.txtimer;
3269 
3270     if (n->net_conf.tx && strcmp(n->net_conf.tx, "timer")
3271                        && strcmp(n->net_conf.tx, "bh")) {
3272         warn_report("virtio-net: "
3273                     "Unknown option tx=%s, valid options: \"timer\" \"bh\"",
3274                     n->net_conf.tx);
3275         error_printf("Defaulting to \"bh\"");
3276     }
3277 
3278     n->net_conf.tx_queue_size = MIN(virtio_net_max_tx_queue_size(n),
3279                                     n->net_conf.tx_queue_size);
3280 
3281     for (i = 0; i < n->max_queues; i++) {
3282         virtio_net_add_queue(n, i);
3283     }
3284 
3285     n->ctrl_vq = virtio_add_queue(vdev, 64, virtio_net_handle_ctrl);
3286     qemu_macaddr_default_if_unset(&n->nic_conf.macaddr);
3287     memcpy(&n->mac[0], &n->nic_conf.macaddr, sizeof(n->mac));
3288     n->status = VIRTIO_NET_S_LINK_UP;
3289     qemu_announce_timer_reset(&n->announce_timer, migrate_announce_params(),
3290                               QEMU_CLOCK_VIRTUAL,
3291                               virtio_net_announce_timer, n);
3292     n->announce_timer.round = 0;
3293 
3294     if (n->netclient_type) {
3295         /*
3296          * Happen when virtio_net_set_netclient_name has been called.
3297          */
3298         n->nic = qemu_new_nic(&net_virtio_info, &n->nic_conf,
3299                               n->netclient_type, n->netclient_name, n);
3300     } else {
3301         n->nic = qemu_new_nic(&net_virtio_info, &n->nic_conf,
3302                               object_get_typename(OBJECT(dev)), dev->id, n);
3303     }
3304 
3305     peer_test_vnet_hdr(n);
3306     if (peer_has_vnet_hdr(n)) {
3307         for (i = 0; i < n->max_queues; i++) {
3308             qemu_using_vnet_hdr(qemu_get_subqueue(n->nic, i)->peer, true);
3309         }
3310         n->host_hdr_len = sizeof(struct virtio_net_hdr);
3311     } else {
3312         n->host_hdr_len = 0;
3313     }
3314 
3315     qemu_format_nic_info_str(qemu_get_queue(n->nic), n->nic_conf.macaddr.a);
3316 
3317     n->vqs[0].tx_waiting = 0;
3318     n->tx_burst = n->net_conf.txburst;
3319     virtio_net_set_mrg_rx_bufs(n, 0, 0, 0);
3320     n->promisc = 1; /* for compatibility */
3321 
3322     n->mac_table.macs = g_malloc0(MAC_TABLE_ENTRIES * ETH_ALEN);
3323 
3324     n->vlans = g_malloc0(MAX_VLAN >> 3);
3325 
3326     nc = qemu_get_queue(n->nic);
3327     nc->rxfilter_notify_enabled = 1;
3328 
3329    if (nc->peer && nc->peer->info->type == NET_CLIENT_DRIVER_VHOST_VDPA) {
3330         struct virtio_net_config netcfg = {};
3331         memcpy(&netcfg.mac, &n->nic_conf.macaddr, ETH_ALEN);
3332         vhost_net_set_config(get_vhost_net(nc->peer),
3333             (uint8_t *)&netcfg, 0, ETH_ALEN, VHOST_SET_CONFIG_TYPE_MASTER);
3334     }
3335     QTAILQ_INIT(&n->rsc_chains);
3336     n->qdev = dev;
3337 
3338     net_rx_pkt_init(&n->rx_pkt, false);
3339 }
3340 
3341 static void virtio_net_device_unrealize(DeviceState *dev)
3342 {
3343     VirtIODevice *vdev = VIRTIO_DEVICE(dev);
3344     VirtIONet *n = VIRTIO_NET(dev);
3345     int i, max_queues;
3346 
3347     /* This will stop vhost backend if appropriate. */
3348     virtio_net_set_status(vdev, 0);
3349 
3350     g_free(n->netclient_name);
3351     n->netclient_name = NULL;
3352     g_free(n->netclient_type);
3353     n->netclient_type = NULL;
3354 
3355     g_free(n->mac_table.macs);
3356     g_free(n->vlans);
3357 
3358     if (n->failover) {
3359         device_listener_unregister(&n->primary_listener);
3360     }
3361 
3362     max_queues = n->multiqueue ? n->max_queues : 1;
3363     for (i = 0; i < max_queues; i++) {
3364         virtio_net_del_queue(n, i);
3365     }
3366     /* delete also control vq */
3367     virtio_del_queue(vdev, max_queues * 2);
3368     qemu_announce_timer_del(&n->announce_timer, false);
3369     g_free(n->vqs);
3370     qemu_del_nic(n->nic);
3371     virtio_net_rsc_cleanup(n);
3372     g_free(n->rss_data.indirections_table);
3373     net_rx_pkt_uninit(n->rx_pkt);
3374     virtio_cleanup(vdev);
3375 }
3376 
3377 static void virtio_net_instance_init(Object *obj)
3378 {
3379     VirtIONet *n = VIRTIO_NET(obj);
3380 
3381     /*
3382      * The default config_size is sizeof(struct virtio_net_config).
3383      * Can be overriden with virtio_net_set_config_size.
3384      */
3385     n->config_size = sizeof(struct virtio_net_config);
3386     device_add_bootindex_property(obj, &n->nic_conf.bootindex,
3387                                   "bootindex", "/ethernet-phy@0",
3388                                   DEVICE(n));
3389 }
3390 
3391 static int virtio_net_pre_save(void *opaque)
3392 {
3393     VirtIONet *n = opaque;
3394 
3395     /* At this point, backend must be stopped, otherwise
3396      * it might keep writing to memory. */
3397     assert(!n->vhost_started);
3398 
3399     return 0;
3400 }
3401 
3402 static bool primary_unplug_pending(void *opaque)
3403 {
3404     DeviceState *dev = opaque;
3405     DeviceState *primary;
3406     VirtIODevice *vdev = VIRTIO_DEVICE(dev);
3407     VirtIONet *n = VIRTIO_NET(vdev);
3408 
3409     if (!virtio_vdev_has_feature(vdev, VIRTIO_NET_F_STANDBY)) {
3410         return false;
3411     }
3412     primary = failover_find_primary_device(n);
3413     return primary ? primary->pending_deleted_event : false;
3414 }
3415 
3416 static bool dev_unplug_pending(void *opaque)
3417 {
3418     DeviceState *dev = opaque;
3419     VirtioDeviceClass *vdc = VIRTIO_DEVICE_GET_CLASS(dev);
3420 
3421     return vdc->primary_unplug_pending(dev);
3422 }
3423 
3424 static const VMStateDescription vmstate_virtio_net = {
3425     .name = "virtio-net",
3426     .minimum_version_id = VIRTIO_NET_VM_VERSION,
3427     .version_id = VIRTIO_NET_VM_VERSION,
3428     .fields = (VMStateField[]) {
3429         VMSTATE_VIRTIO_DEVICE,
3430         VMSTATE_END_OF_LIST()
3431     },
3432     .pre_save = virtio_net_pre_save,
3433     .dev_unplug_pending = dev_unplug_pending,
3434 };
3435 
3436 static Property virtio_net_properties[] = {
3437     DEFINE_PROP_BIT64("csum", VirtIONet, host_features,
3438                     VIRTIO_NET_F_CSUM, true),
3439     DEFINE_PROP_BIT64("guest_csum", VirtIONet, host_features,
3440                     VIRTIO_NET_F_GUEST_CSUM, true),
3441     DEFINE_PROP_BIT64("gso", VirtIONet, host_features, VIRTIO_NET_F_GSO, true),
3442     DEFINE_PROP_BIT64("guest_tso4", VirtIONet, host_features,
3443                     VIRTIO_NET_F_GUEST_TSO4, true),
3444     DEFINE_PROP_BIT64("guest_tso6", VirtIONet, host_features,
3445                     VIRTIO_NET_F_GUEST_TSO6, true),
3446     DEFINE_PROP_BIT64("guest_ecn", VirtIONet, host_features,
3447                     VIRTIO_NET_F_GUEST_ECN, true),
3448     DEFINE_PROP_BIT64("guest_ufo", VirtIONet, host_features,
3449                     VIRTIO_NET_F_GUEST_UFO, true),
3450     DEFINE_PROP_BIT64("guest_announce", VirtIONet, host_features,
3451                     VIRTIO_NET_F_GUEST_ANNOUNCE, true),
3452     DEFINE_PROP_BIT64("host_tso4", VirtIONet, host_features,
3453                     VIRTIO_NET_F_HOST_TSO4, true),
3454     DEFINE_PROP_BIT64("host_tso6", VirtIONet, host_features,
3455                     VIRTIO_NET_F_HOST_TSO6, true),
3456     DEFINE_PROP_BIT64("host_ecn", VirtIONet, host_features,
3457                     VIRTIO_NET_F_HOST_ECN, true),
3458     DEFINE_PROP_BIT64("host_ufo", VirtIONet, host_features,
3459                     VIRTIO_NET_F_HOST_UFO, true),
3460     DEFINE_PROP_BIT64("mrg_rxbuf", VirtIONet, host_features,
3461                     VIRTIO_NET_F_MRG_RXBUF, true),
3462     DEFINE_PROP_BIT64("status", VirtIONet, host_features,
3463                     VIRTIO_NET_F_STATUS, true),
3464     DEFINE_PROP_BIT64("ctrl_vq", VirtIONet, host_features,
3465                     VIRTIO_NET_F_CTRL_VQ, true),
3466     DEFINE_PROP_BIT64("ctrl_rx", VirtIONet, host_features,
3467                     VIRTIO_NET_F_CTRL_RX, true),
3468     DEFINE_PROP_BIT64("ctrl_vlan", VirtIONet, host_features,
3469                     VIRTIO_NET_F_CTRL_VLAN, true),
3470     DEFINE_PROP_BIT64("ctrl_rx_extra", VirtIONet, host_features,
3471                     VIRTIO_NET_F_CTRL_RX_EXTRA, true),
3472     DEFINE_PROP_BIT64("ctrl_mac_addr", VirtIONet, host_features,
3473                     VIRTIO_NET_F_CTRL_MAC_ADDR, true),
3474     DEFINE_PROP_BIT64("ctrl_guest_offloads", VirtIONet, host_features,
3475                     VIRTIO_NET_F_CTRL_GUEST_OFFLOADS, true),
3476     DEFINE_PROP_BIT64("mq", VirtIONet, host_features, VIRTIO_NET_F_MQ, false),
3477     DEFINE_PROP_BIT64("rss", VirtIONet, host_features,
3478                     VIRTIO_NET_F_RSS, false),
3479     DEFINE_PROP_BIT64("hash", VirtIONet, host_features,
3480                     VIRTIO_NET_F_HASH_REPORT, false),
3481     DEFINE_PROP_BIT64("guest_rsc_ext", VirtIONet, host_features,
3482                     VIRTIO_NET_F_RSC_EXT, false),
3483     DEFINE_PROP_UINT32("rsc_interval", VirtIONet, rsc_timeout,
3484                        VIRTIO_NET_RSC_DEFAULT_INTERVAL),
3485     DEFINE_NIC_PROPERTIES(VirtIONet, nic_conf),
3486     DEFINE_PROP_UINT32("x-txtimer", VirtIONet, net_conf.txtimer,
3487                        TX_TIMER_INTERVAL),
3488     DEFINE_PROP_INT32("x-txburst", VirtIONet, net_conf.txburst, TX_BURST),
3489     DEFINE_PROP_STRING("tx", VirtIONet, net_conf.tx),
3490     DEFINE_PROP_UINT16("rx_queue_size", VirtIONet, net_conf.rx_queue_size,
3491                        VIRTIO_NET_RX_QUEUE_DEFAULT_SIZE),
3492     DEFINE_PROP_UINT16("tx_queue_size", VirtIONet, net_conf.tx_queue_size,
3493                        VIRTIO_NET_TX_QUEUE_DEFAULT_SIZE),
3494     DEFINE_PROP_UINT16("host_mtu", VirtIONet, net_conf.mtu, 0),
3495     DEFINE_PROP_BOOL("x-mtu-bypass-backend", VirtIONet, mtu_bypass_backend,
3496                      true),
3497     DEFINE_PROP_INT32("speed", VirtIONet, net_conf.speed, SPEED_UNKNOWN),
3498     DEFINE_PROP_STRING("duplex", VirtIONet, net_conf.duplex_str),
3499     DEFINE_PROP_BOOL("failover", VirtIONet, failover, false),
3500     DEFINE_PROP_END_OF_LIST(),
3501 };
3502 
3503 static void virtio_net_class_init(ObjectClass *klass, void *data)
3504 {
3505     DeviceClass *dc = DEVICE_CLASS(klass);
3506     VirtioDeviceClass *vdc = VIRTIO_DEVICE_CLASS(klass);
3507 
3508     device_class_set_props(dc, virtio_net_properties);
3509     dc->vmsd = &vmstate_virtio_net;
3510     set_bit(DEVICE_CATEGORY_NETWORK, dc->categories);
3511     vdc->realize = virtio_net_device_realize;
3512     vdc->unrealize = virtio_net_device_unrealize;
3513     vdc->get_config = virtio_net_get_config;
3514     vdc->set_config = virtio_net_set_config;
3515     vdc->get_features = virtio_net_get_features;
3516     vdc->set_features = virtio_net_set_features;
3517     vdc->bad_features = virtio_net_bad_features;
3518     vdc->reset = virtio_net_reset;
3519     vdc->set_status = virtio_net_set_status;
3520     vdc->guest_notifier_mask = virtio_net_guest_notifier_mask;
3521     vdc->guest_notifier_pending = virtio_net_guest_notifier_pending;
3522     vdc->legacy_features |= (0x1 << VIRTIO_NET_F_GSO);
3523     vdc->post_load = virtio_net_post_load_virtio;
3524     vdc->vmsd = &vmstate_virtio_net_device;
3525     vdc->primary_unplug_pending = primary_unplug_pending;
3526 }
3527 
3528 static const TypeInfo virtio_net_info = {
3529     .name = TYPE_VIRTIO_NET,
3530     .parent = TYPE_VIRTIO_DEVICE,
3531     .instance_size = sizeof(VirtIONet),
3532     .instance_init = virtio_net_instance_init,
3533     .class_init = virtio_net_class_init,
3534 };
3535 
3536 static void virtio_register_types(void)
3537 {
3538     type_register_static(&virtio_net_info);
3539 }
3540 
3541 type_init(virtio_register_types)
3542