xref: /openbmc/qemu/net/net.c (revision 47451466)
1 /*
2  * QEMU System Emulator
3  *
4  * Copyright (c) 2003-2008 Fabrice Bellard
5  *
6  * Permission is hereby granted, free of charge, to any person obtaining a copy
7  * of this software and associated documentation files (the "Software"), to deal
8  * in the Software without restriction, including without limitation the rights
9  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10  * copies of the Software, and to permit persons to whom the Software is
11  * furnished to do so, subject to the following conditions:
12  *
13  * The above copyright notice and this permission notice shall be included in
14  * all copies or substantial portions of the Software.
15  *
16  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22  * THE SOFTWARE.
23  */
24 
25 #include "qemu/osdep.h"
26 
27 #include "net/net.h"
28 #include "clients.h"
29 #include "hub.h"
30 #include "net/slirp.h"
31 #include "net/eth.h"
32 #include "util.h"
33 
34 #include "monitor/monitor.h"
35 #include "qemu/help_option.h"
36 #include "qapi/qapi-commands-net.h"
37 #include "qapi/qapi-visit-net.h"
38 #include "qapi/qmp/qdict.h"
39 #include "qapi/qmp/qerror.h"
40 #include "qemu/error-report.h"
41 #include "qemu/sockets.h"
42 #include "qemu/cutils.h"
43 #include "qemu/config-file.h"
44 #include "hw/qdev.h"
45 #include "qemu/iov.h"
46 #include "qemu/main-loop.h"
47 #include "qemu/option.h"
48 #include "qapi/error.h"
49 #include "qapi/opts-visitor.h"
50 #include "sysemu/sysemu.h"
51 #include "sysemu/qtest.h"
52 #include "net/filter.h"
53 #include "qapi/string-output-visitor.h"
54 
55 /* Net bridge is currently not supported for W32. */
56 #if !defined(_WIN32)
57 # define CONFIG_NET_BRIDGE
58 #endif
59 
60 static VMChangeStateEntry *net_change_state_entry;
61 static QTAILQ_HEAD(, NetClientState) net_clients;
62 
63 /***********************************************************/
64 /* network device redirectors */
65 
66 static int get_str_sep(char *buf, int buf_size, const char **pp, int sep)
67 {
68     const char *p, *p1;
69     int len;
70     p = *pp;
71     p1 = strchr(p, sep);
72     if (!p1)
73         return -1;
74     len = p1 - p;
75     p1++;
76     if (buf_size > 0) {
77         if (len > buf_size - 1)
78             len = buf_size - 1;
79         memcpy(buf, p, len);
80         buf[len] = '\0';
81     }
82     *pp = p1;
83     return 0;
84 }
85 
86 int parse_host_port(struct sockaddr_in *saddr, const char *str,
87                     Error **errp)
88 {
89     char buf[512];
90     struct hostent *he;
91     const char *p, *r;
92     int port;
93 
94     p = str;
95     if (get_str_sep(buf, sizeof(buf), &p, ':') < 0) {
96         error_setg(errp, "host address '%s' doesn't contain ':' "
97                    "separating host from port", str);
98         return -1;
99     }
100     saddr->sin_family = AF_INET;
101     if (buf[0] == '\0') {
102         saddr->sin_addr.s_addr = 0;
103     } else {
104         if (qemu_isdigit(buf[0])) {
105             if (!inet_aton(buf, &saddr->sin_addr)) {
106                 error_setg(errp, "host address '%s' is not a valid "
107                            "IPv4 address", buf);
108                 return -1;
109             }
110         } else {
111             he = gethostbyname(buf);
112             if (he == NULL) {
113                 error_setg(errp, "can't resolve host address '%s'", buf);
114                 return - 1;
115             }
116             saddr->sin_addr = *(struct in_addr *)he->h_addr;
117         }
118     }
119     port = strtol(p, (char **)&r, 0);
120     if (r == p) {
121         error_setg(errp, "port number '%s' is invalid", p);
122         return -1;
123     }
124     saddr->sin_port = htons(port);
125     return 0;
126 }
127 
128 char *qemu_mac_strdup_printf(const uint8_t *macaddr)
129 {
130     return g_strdup_printf("%.2x:%.2x:%.2x:%.2x:%.2x:%.2x",
131                            macaddr[0], macaddr[1], macaddr[2],
132                            macaddr[3], macaddr[4], macaddr[5]);
133 }
134 
135 void qemu_format_nic_info_str(NetClientState *nc, uint8_t macaddr[6])
136 {
137     snprintf(nc->info_str, sizeof(nc->info_str),
138              "model=%s,macaddr=%02x:%02x:%02x:%02x:%02x:%02x",
139              nc->model,
140              macaddr[0], macaddr[1], macaddr[2],
141              macaddr[3], macaddr[4], macaddr[5]);
142 }
143 
144 static int mac_table[256] = {0};
145 
146 static void qemu_macaddr_set_used(MACAddr *macaddr)
147 {
148     int index;
149 
150     for (index = 0x56; index < 0xFF; index++) {
151         if (macaddr->a[5] == index) {
152             mac_table[index]++;
153         }
154     }
155 }
156 
157 static void qemu_macaddr_set_free(MACAddr *macaddr)
158 {
159     int index;
160     static const MACAddr base = { .a = { 0x52, 0x54, 0x00, 0x12, 0x34, 0 } };
161 
162     if (memcmp(macaddr->a, &base.a, (sizeof(base.a) - 1)) != 0) {
163         return;
164     }
165     for (index = 0x56; index < 0xFF; index++) {
166         if (macaddr->a[5] == index) {
167             mac_table[index]--;
168         }
169     }
170 }
171 
172 static int qemu_macaddr_get_free(void)
173 {
174     int index;
175 
176     for (index = 0x56; index < 0xFF; index++) {
177         if (mac_table[index] == 0) {
178             return index;
179         }
180     }
181 
182     return -1;
183 }
184 
185 void qemu_macaddr_default_if_unset(MACAddr *macaddr)
186 {
187     static const MACAddr zero = { .a = { 0,0,0,0,0,0 } };
188     static const MACAddr base = { .a = { 0x52, 0x54, 0x00, 0x12, 0x34, 0 } };
189 
190     if (memcmp(macaddr, &zero, sizeof(zero)) != 0) {
191         if (memcmp(macaddr->a, &base.a, (sizeof(base.a) - 1)) != 0) {
192             return;
193         } else {
194             qemu_macaddr_set_used(macaddr);
195             return;
196         }
197     }
198 
199     macaddr->a[0] = 0x52;
200     macaddr->a[1] = 0x54;
201     macaddr->a[2] = 0x00;
202     macaddr->a[3] = 0x12;
203     macaddr->a[4] = 0x34;
204     macaddr->a[5] = qemu_macaddr_get_free();
205     qemu_macaddr_set_used(macaddr);
206 }
207 
208 /**
209  * Generate a name for net client
210  *
211  * Only net clients created with the legacy -net option and NICs need this.
212  */
213 static char *assign_name(NetClientState *nc1, const char *model)
214 {
215     NetClientState *nc;
216     int id = 0;
217 
218     QTAILQ_FOREACH(nc, &net_clients, next) {
219         if (nc == nc1) {
220             continue;
221         }
222         if (strcmp(nc->model, model) == 0) {
223             id++;
224         }
225     }
226 
227     return g_strdup_printf("%s.%d", model, id);
228 }
229 
230 static void qemu_net_client_destructor(NetClientState *nc)
231 {
232     g_free(nc);
233 }
234 
235 static void qemu_net_client_setup(NetClientState *nc,
236                                   NetClientInfo *info,
237                                   NetClientState *peer,
238                                   const char *model,
239                                   const char *name,
240                                   NetClientDestructor *destructor)
241 {
242     nc->info = info;
243     nc->model = g_strdup(model);
244     if (name) {
245         nc->name = g_strdup(name);
246     } else {
247         nc->name = assign_name(nc, model);
248     }
249 
250     if (peer) {
251         assert(!peer->peer);
252         nc->peer = peer;
253         peer->peer = nc;
254     }
255     QTAILQ_INSERT_TAIL(&net_clients, nc, next);
256 
257     nc->incoming_queue = qemu_new_net_queue(qemu_deliver_packet_iov, nc);
258     nc->destructor = destructor;
259     QTAILQ_INIT(&nc->filters);
260 }
261 
262 NetClientState *qemu_new_net_client(NetClientInfo *info,
263                                     NetClientState *peer,
264                                     const char *model,
265                                     const char *name)
266 {
267     NetClientState *nc;
268 
269     assert(info->size >= sizeof(NetClientState));
270 
271     nc = g_malloc0(info->size);
272     qemu_net_client_setup(nc, info, peer, model, name,
273                           qemu_net_client_destructor);
274 
275     return nc;
276 }
277 
278 NICState *qemu_new_nic(NetClientInfo *info,
279                        NICConf *conf,
280                        const char *model,
281                        const char *name,
282                        void *opaque)
283 {
284     NetClientState **peers = conf->peers.ncs;
285     NICState *nic;
286     int i, queues = MAX(1, conf->peers.queues);
287 
288     assert(info->type == NET_CLIENT_DRIVER_NIC);
289     assert(info->size >= sizeof(NICState));
290 
291     nic = g_malloc0(info->size + sizeof(NetClientState) * queues);
292     nic->ncs = (void *)nic + info->size;
293     nic->conf = conf;
294     nic->opaque = opaque;
295 
296     for (i = 0; i < queues; i++) {
297         qemu_net_client_setup(&nic->ncs[i], info, peers[i], model, name,
298                               NULL);
299         nic->ncs[i].queue_index = i;
300     }
301 
302     return nic;
303 }
304 
305 NetClientState *qemu_get_subqueue(NICState *nic, int queue_index)
306 {
307     return nic->ncs + queue_index;
308 }
309 
310 NetClientState *qemu_get_queue(NICState *nic)
311 {
312     return qemu_get_subqueue(nic, 0);
313 }
314 
315 NICState *qemu_get_nic(NetClientState *nc)
316 {
317     NetClientState *nc0 = nc - nc->queue_index;
318 
319     return (NICState *)((void *)nc0 - nc->info->size);
320 }
321 
322 void *qemu_get_nic_opaque(NetClientState *nc)
323 {
324     NICState *nic = qemu_get_nic(nc);
325 
326     return nic->opaque;
327 }
328 
329 static void qemu_cleanup_net_client(NetClientState *nc)
330 {
331     QTAILQ_REMOVE(&net_clients, nc, next);
332 
333     if (nc->info->cleanup) {
334         nc->info->cleanup(nc);
335     }
336 }
337 
338 static void qemu_free_net_client(NetClientState *nc)
339 {
340     if (nc->incoming_queue) {
341         qemu_del_net_queue(nc->incoming_queue);
342     }
343     if (nc->peer) {
344         nc->peer->peer = NULL;
345     }
346     g_free(nc->name);
347     g_free(nc->model);
348     if (nc->destructor) {
349         nc->destructor(nc);
350     }
351 }
352 
353 void qemu_del_net_client(NetClientState *nc)
354 {
355     NetClientState *ncs[MAX_QUEUE_NUM];
356     int queues, i;
357     NetFilterState *nf, *next;
358 
359     assert(nc->info->type != NET_CLIENT_DRIVER_NIC);
360 
361     /* If the NetClientState belongs to a multiqueue backend, we will change all
362      * other NetClientStates also.
363      */
364     queues = qemu_find_net_clients_except(nc->name, ncs,
365                                           NET_CLIENT_DRIVER_NIC,
366                                           MAX_QUEUE_NUM);
367     assert(queues != 0);
368 
369     QTAILQ_FOREACH_SAFE(nf, &nc->filters, next, next) {
370         object_unparent(OBJECT(nf));
371     }
372 
373     /* If there is a peer NIC, delete and cleanup client, but do not free. */
374     if (nc->peer && nc->peer->info->type == NET_CLIENT_DRIVER_NIC) {
375         NICState *nic = qemu_get_nic(nc->peer);
376         if (nic->peer_deleted) {
377             return;
378         }
379         nic->peer_deleted = true;
380 
381         for (i = 0; i < queues; i++) {
382             ncs[i]->peer->link_down = true;
383         }
384 
385         if (nc->peer->info->link_status_changed) {
386             nc->peer->info->link_status_changed(nc->peer);
387         }
388 
389         for (i = 0; i < queues; i++) {
390             qemu_cleanup_net_client(ncs[i]);
391         }
392 
393         return;
394     }
395 
396     for (i = 0; i < queues; i++) {
397         qemu_cleanup_net_client(ncs[i]);
398         qemu_free_net_client(ncs[i]);
399     }
400 }
401 
402 void qemu_del_nic(NICState *nic)
403 {
404     int i, queues = MAX(nic->conf->peers.queues, 1);
405 
406     qemu_macaddr_set_free(&nic->conf->macaddr);
407 
408     /* If this is a peer NIC and peer has already been deleted, free it now. */
409     if (nic->peer_deleted) {
410         for (i = 0; i < queues; i++) {
411             qemu_free_net_client(qemu_get_subqueue(nic, i)->peer);
412         }
413     }
414 
415     for (i = queues - 1; i >= 0; i--) {
416         NetClientState *nc = qemu_get_subqueue(nic, i);
417 
418         qemu_cleanup_net_client(nc);
419         qemu_free_net_client(nc);
420     }
421 
422     g_free(nic);
423 }
424 
425 void qemu_foreach_nic(qemu_nic_foreach func, void *opaque)
426 {
427     NetClientState *nc;
428 
429     QTAILQ_FOREACH(nc, &net_clients, next) {
430         if (nc->info->type == NET_CLIENT_DRIVER_NIC) {
431             if (nc->queue_index == 0) {
432                 func(qemu_get_nic(nc), opaque);
433             }
434         }
435     }
436 }
437 
438 bool qemu_has_ufo(NetClientState *nc)
439 {
440     if (!nc || !nc->info->has_ufo) {
441         return false;
442     }
443 
444     return nc->info->has_ufo(nc);
445 }
446 
447 bool qemu_has_vnet_hdr(NetClientState *nc)
448 {
449     if (!nc || !nc->info->has_vnet_hdr) {
450         return false;
451     }
452 
453     return nc->info->has_vnet_hdr(nc);
454 }
455 
456 bool qemu_has_vnet_hdr_len(NetClientState *nc, int len)
457 {
458     if (!nc || !nc->info->has_vnet_hdr_len) {
459         return false;
460     }
461 
462     return nc->info->has_vnet_hdr_len(nc, len);
463 }
464 
465 void qemu_using_vnet_hdr(NetClientState *nc, bool enable)
466 {
467     if (!nc || !nc->info->using_vnet_hdr) {
468         return;
469     }
470 
471     nc->info->using_vnet_hdr(nc, enable);
472 }
473 
474 void qemu_set_offload(NetClientState *nc, int csum, int tso4, int tso6,
475                           int ecn, int ufo)
476 {
477     if (!nc || !nc->info->set_offload) {
478         return;
479     }
480 
481     nc->info->set_offload(nc, csum, tso4, tso6, ecn, ufo);
482 }
483 
484 void qemu_set_vnet_hdr_len(NetClientState *nc, int len)
485 {
486     if (!nc || !nc->info->set_vnet_hdr_len) {
487         return;
488     }
489 
490     nc->vnet_hdr_len = len;
491     nc->info->set_vnet_hdr_len(nc, len);
492 }
493 
494 int qemu_set_vnet_le(NetClientState *nc, bool is_le)
495 {
496 #ifdef HOST_WORDS_BIGENDIAN
497     if (!nc || !nc->info->set_vnet_le) {
498         return -ENOSYS;
499     }
500 
501     return nc->info->set_vnet_le(nc, is_le);
502 #else
503     return 0;
504 #endif
505 }
506 
507 int qemu_set_vnet_be(NetClientState *nc, bool is_be)
508 {
509 #ifdef HOST_WORDS_BIGENDIAN
510     return 0;
511 #else
512     if (!nc || !nc->info->set_vnet_be) {
513         return -ENOSYS;
514     }
515 
516     return nc->info->set_vnet_be(nc, is_be);
517 #endif
518 }
519 
520 int qemu_can_send_packet(NetClientState *sender)
521 {
522     int vm_running = runstate_is_running();
523 
524     if (!vm_running) {
525         return 0;
526     }
527 
528     if (!sender->peer) {
529         return 1;
530     }
531 
532     if (sender->peer->receive_disabled) {
533         return 0;
534     } else if (sender->peer->info->can_receive &&
535                !sender->peer->info->can_receive(sender->peer)) {
536         return 0;
537     }
538     return 1;
539 }
540 
541 static ssize_t filter_receive_iov(NetClientState *nc,
542                                   NetFilterDirection direction,
543                                   NetClientState *sender,
544                                   unsigned flags,
545                                   const struct iovec *iov,
546                                   int iovcnt,
547                                   NetPacketSent *sent_cb)
548 {
549     ssize_t ret = 0;
550     NetFilterState *nf = NULL;
551 
552     if (direction == NET_FILTER_DIRECTION_TX) {
553         QTAILQ_FOREACH(nf, &nc->filters, next) {
554             ret = qemu_netfilter_receive(nf, direction, sender, flags, iov,
555                                          iovcnt, sent_cb);
556             if (ret) {
557                 return ret;
558             }
559         }
560     } else {
561         QTAILQ_FOREACH_REVERSE(nf, &nc->filters, NetFilterHead, next) {
562             ret = qemu_netfilter_receive(nf, direction, sender, flags, iov,
563                                          iovcnt, sent_cb);
564             if (ret) {
565                 return ret;
566             }
567         }
568     }
569 
570     return ret;
571 }
572 
573 static ssize_t filter_receive(NetClientState *nc,
574                               NetFilterDirection direction,
575                               NetClientState *sender,
576                               unsigned flags,
577                               const uint8_t *data,
578                               size_t size,
579                               NetPacketSent *sent_cb)
580 {
581     struct iovec iov = {
582         .iov_base = (void *)data,
583         .iov_len = size
584     };
585 
586     return filter_receive_iov(nc, direction, sender, flags, &iov, 1, sent_cb);
587 }
588 
589 void qemu_purge_queued_packets(NetClientState *nc)
590 {
591     if (!nc->peer) {
592         return;
593     }
594 
595     qemu_net_queue_purge(nc->peer->incoming_queue, nc);
596 }
597 
598 void qemu_flush_or_purge_queued_packets(NetClientState *nc, bool purge)
599 {
600     nc->receive_disabled = 0;
601 
602     if (nc->peer && nc->peer->info->type == NET_CLIENT_DRIVER_HUBPORT) {
603         if (net_hub_flush(nc->peer)) {
604             qemu_notify_event();
605         }
606     }
607     if (qemu_net_queue_flush(nc->incoming_queue)) {
608         /* We emptied the queue successfully, signal to the IO thread to repoll
609          * the file descriptor (for tap, for example).
610          */
611         qemu_notify_event();
612     } else if (purge) {
613         /* Unable to empty the queue, purge remaining packets */
614         qemu_net_queue_purge(nc->incoming_queue, nc);
615     }
616 }
617 
618 void qemu_flush_queued_packets(NetClientState *nc)
619 {
620     qemu_flush_or_purge_queued_packets(nc, false);
621 }
622 
623 static ssize_t qemu_send_packet_async_with_flags(NetClientState *sender,
624                                                  unsigned flags,
625                                                  const uint8_t *buf, int size,
626                                                  NetPacketSent *sent_cb)
627 {
628     NetQueue *queue;
629     int ret;
630 
631 #ifdef DEBUG_NET
632     printf("qemu_send_packet_async:\n");
633     qemu_hexdump((const char *)buf, stdout, "net", size);
634 #endif
635 
636     if (sender->link_down || !sender->peer) {
637         return size;
638     }
639 
640     /* Let filters handle the packet first */
641     ret = filter_receive(sender, NET_FILTER_DIRECTION_TX,
642                          sender, flags, buf, size, sent_cb);
643     if (ret) {
644         return ret;
645     }
646 
647     ret = filter_receive(sender->peer, NET_FILTER_DIRECTION_RX,
648                          sender, flags, buf, size, sent_cb);
649     if (ret) {
650         return ret;
651     }
652 
653     queue = sender->peer->incoming_queue;
654 
655     return qemu_net_queue_send(queue, sender, flags, buf, size, sent_cb);
656 }
657 
658 ssize_t qemu_send_packet_async(NetClientState *sender,
659                                const uint8_t *buf, int size,
660                                NetPacketSent *sent_cb)
661 {
662     return qemu_send_packet_async_with_flags(sender, QEMU_NET_PACKET_FLAG_NONE,
663                                              buf, size, sent_cb);
664 }
665 
666 void qemu_send_packet(NetClientState *nc, const uint8_t *buf, int size)
667 {
668     qemu_send_packet_async(nc, buf, size, NULL);
669 }
670 
671 ssize_t qemu_send_packet_raw(NetClientState *nc, const uint8_t *buf, int size)
672 {
673     return qemu_send_packet_async_with_flags(nc, QEMU_NET_PACKET_FLAG_RAW,
674                                              buf, size, NULL);
675 }
676 
677 static ssize_t nc_sendv_compat(NetClientState *nc, const struct iovec *iov,
678                                int iovcnt, unsigned flags)
679 {
680     uint8_t *buf = NULL;
681     uint8_t *buffer;
682     size_t offset;
683     ssize_t ret;
684 
685     if (iovcnt == 1) {
686         buffer = iov[0].iov_base;
687         offset = iov[0].iov_len;
688     } else {
689         offset = iov_size(iov, iovcnt);
690         if (offset > NET_BUFSIZE) {
691             return -1;
692         }
693         buf = g_malloc(offset);
694         buffer = buf;
695         offset = iov_to_buf(iov, iovcnt, 0, buf, offset);
696     }
697 
698     if (flags & QEMU_NET_PACKET_FLAG_RAW && nc->info->receive_raw) {
699         ret = nc->info->receive_raw(nc, buffer, offset);
700     } else {
701         ret = nc->info->receive(nc, buffer, offset);
702     }
703 
704     g_free(buf);
705     return ret;
706 }
707 
708 ssize_t qemu_deliver_packet_iov(NetClientState *sender,
709                                 unsigned flags,
710                                 const struct iovec *iov,
711                                 int iovcnt,
712                                 void *opaque)
713 {
714     NetClientState *nc = opaque;
715     int ret;
716 
717     if (nc->link_down) {
718         return iov_size(iov, iovcnt);
719     }
720 
721     if (nc->receive_disabled) {
722         return 0;
723     }
724 
725     if (nc->info->receive_iov && !(flags & QEMU_NET_PACKET_FLAG_RAW)) {
726         ret = nc->info->receive_iov(nc, iov, iovcnt);
727     } else {
728         ret = nc_sendv_compat(nc, iov, iovcnt, flags);
729     }
730 
731     if (ret == 0) {
732         nc->receive_disabled = 1;
733     }
734 
735     return ret;
736 }
737 
738 ssize_t qemu_sendv_packet_async(NetClientState *sender,
739                                 const struct iovec *iov, int iovcnt,
740                                 NetPacketSent *sent_cb)
741 {
742     NetQueue *queue;
743     int ret;
744 
745     if (sender->link_down || !sender->peer) {
746         return iov_size(iov, iovcnt);
747     }
748 
749     /* Let filters handle the packet first */
750     ret = filter_receive_iov(sender, NET_FILTER_DIRECTION_TX, sender,
751                              QEMU_NET_PACKET_FLAG_NONE, iov, iovcnt, sent_cb);
752     if (ret) {
753         return ret;
754     }
755 
756     ret = filter_receive_iov(sender->peer, NET_FILTER_DIRECTION_RX, sender,
757                              QEMU_NET_PACKET_FLAG_NONE, iov, iovcnt, sent_cb);
758     if (ret) {
759         return ret;
760     }
761 
762     queue = sender->peer->incoming_queue;
763 
764     return qemu_net_queue_send_iov(queue, sender,
765                                    QEMU_NET_PACKET_FLAG_NONE,
766                                    iov, iovcnt, sent_cb);
767 }
768 
769 ssize_t
770 qemu_sendv_packet(NetClientState *nc, const struct iovec *iov, int iovcnt)
771 {
772     return qemu_sendv_packet_async(nc, iov, iovcnt, NULL);
773 }
774 
775 NetClientState *qemu_find_netdev(const char *id)
776 {
777     NetClientState *nc;
778 
779     QTAILQ_FOREACH(nc, &net_clients, next) {
780         if (nc->info->type == NET_CLIENT_DRIVER_NIC)
781             continue;
782         if (!strcmp(nc->name, id)) {
783             return nc;
784         }
785     }
786 
787     return NULL;
788 }
789 
790 int qemu_find_net_clients_except(const char *id, NetClientState **ncs,
791                                  NetClientDriver type, int max)
792 {
793     NetClientState *nc;
794     int ret = 0;
795 
796     QTAILQ_FOREACH(nc, &net_clients, next) {
797         if (nc->info->type == type) {
798             continue;
799         }
800         if (!id || !strcmp(nc->name, id)) {
801             if (ret < max) {
802                 ncs[ret] = nc;
803             }
804             ret++;
805         }
806     }
807 
808     return ret;
809 }
810 
811 static int nic_get_free_idx(void)
812 {
813     int index;
814 
815     for (index = 0; index < MAX_NICS; index++)
816         if (!nd_table[index].used)
817             return index;
818     return -1;
819 }
820 
821 int qemu_show_nic_models(const char *arg, const char *const *models)
822 {
823     int i;
824 
825     if (!arg || !is_help_option(arg)) {
826         return 0;
827     }
828 
829     fprintf(stderr, "qemu: Supported NIC models: ");
830     for (i = 0 ; models[i]; i++)
831         fprintf(stderr, "%s%c", models[i], models[i+1] ? ',' : '\n');
832     return 1;
833 }
834 
835 void qemu_check_nic_model(NICInfo *nd, const char *model)
836 {
837     const char *models[2];
838 
839     models[0] = model;
840     models[1] = NULL;
841 
842     if (qemu_show_nic_models(nd->model, models))
843         exit(0);
844     if (qemu_find_nic_model(nd, models, model) < 0)
845         exit(1);
846 }
847 
848 int qemu_find_nic_model(NICInfo *nd, const char * const *models,
849                         const char *default_model)
850 {
851     int i;
852 
853     if (!nd->model)
854         nd->model = g_strdup(default_model);
855 
856     for (i = 0 ; models[i]; i++) {
857         if (strcmp(nd->model, models[i]) == 0)
858             return i;
859     }
860 
861     error_report("Unsupported NIC model: %s", nd->model);
862     return -1;
863 }
864 
865 static int net_init_nic(const Netdev *netdev, const char *name,
866                         NetClientState *peer, Error **errp)
867 {
868     int idx;
869     NICInfo *nd;
870     const NetLegacyNicOptions *nic;
871 
872     assert(netdev->type == NET_CLIENT_DRIVER_NIC);
873     nic = &netdev->u.nic;
874 
875     idx = nic_get_free_idx();
876     if (idx == -1 || nb_nics >= MAX_NICS) {
877         error_setg(errp, "too many NICs");
878         return -1;
879     }
880 
881     nd = &nd_table[idx];
882 
883     memset(nd, 0, sizeof(*nd));
884 
885     if (nic->has_netdev) {
886         nd->netdev = qemu_find_netdev(nic->netdev);
887         if (!nd->netdev) {
888             error_setg(errp, "netdev '%s' not found", nic->netdev);
889             return -1;
890         }
891     } else {
892         assert(peer);
893         nd->netdev = peer;
894     }
895     nd->name = g_strdup(name);
896     if (nic->has_model) {
897         nd->model = g_strdup(nic->model);
898     }
899     if (nic->has_addr) {
900         nd->devaddr = g_strdup(nic->addr);
901     }
902 
903     if (nic->has_macaddr &&
904         net_parse_macaddr(nd->macaddr.a, nic->macaddr) < 0) {
905         error_setg(errp, "invalid syntax for ethernet address");
906         return -1;
907     }
908     if (nic->has_macaddr &&
909         is_multicast_ether_addr(nd->macaddr.a)) {
910         error_setg(errp,
911                    "NIC cannot have multicast MAC address (odd 1st byte)");
912         return -1;
913     }
914     qemu_macaddr_default_if_unset(&nd->macaddr);
915 
916     if (nic->has_vectors) {
917         if (nic->vectors > 0x7ffffff) {
918             error_setg(errp, "invalid # of vectors: %"PRIu32, nic->vectors);
919             return -1;
920         }
921         nd->nvectors = nic->vectors;
922     } else {
923         nd->nvectors = DEV_NVECTORS_UNSPECIFIED;
924     }
925 
926     nd->used = 1;
927     nb_nics++;
928 
929     return idx;
930 }
931 
932 
933 static int (* const net_client_init_fun[NET_CLIENT_DRIVER__MAX])(
934     const Netdev *netdev,
935     const char *name,
936     NetClientState *peer, Error **errp) = {
937         [NET_CLIENT_DRIVER_NIC]       = net_init_nic,
938 #ifdef CONFIG_SLIRP
939         [NET_CLIENT_DRIVER_USER]      = net_init_slirp,
940 #endif
941         [NET_CLIENT_DRIVER_TAP]       = net_init_tap,
942         [NET_CLIENT_DRIVER_SOCKET]    = net_init_socket,
943 #ifdef CONFIG_VDE
944         [NET_CLIENT_DRIVER_VDE]       = net_init_vde,
945 #endif
946 #ifdef CONFIG_NETMAP
947         [NET_CLIENT_DRIVER_NETMAP]    = net_init_netmap,
948 #endif
949 #ifdef CONFIG_NET_BRIDGE
950         [NET_CLIENT_DRIVER_BRIDGE]    = net_init_bridge,
951 #endif
952         [NET_CLIENT_DRIVER_HUBPORT]   = net_init_hubport,
953 #ifdef CONFIG_VHOST_NET_USED
954         [NET_CLIENT_DRIVER_VHOST_USER] = net_init_vhost_user,
955 #endif
956 #ifdef CONFIG_L2TPV3
957         [NET_CLIENT_DRIVER_L2TPV3]    = net_init_l2tpv3,
958 #endif
959 };
960 
961 
962 static int net_client_init1(const void *object, bool is_netdev, Error **errp)
963 {
964     Netdev legacy = {0};
965     const Netdev *netdev;
966     const char *name;
967     NetClientState *peer = NULL;
968 
969     if (is_netdev) {
970         netdev = object;
971         name = netdev->id;
972 
973         if (netdev->type == NET_CLIENT_DRIVER_NIC ||
974             !net_client_init_fun[netdev->type]) {
975             error_setg(errp, QERR_INVALID_PARAMETER_VALUE, "type",
976                        "a netdev backend type");
977             return -1;
978         }
979     } else {
980         const NetLegacy *net = object;
981         const NetLegacyOptions *opts = net->opts;
982         legacy.id = net->id;
983         netdev = &legacy;
984         /* missing optional values have been initialized to "all bits zero" */
985         name = net->has_id ? net->id : net->name;
986 
987         /* Map the old options to the new flat type */
988         switch (opts->type) {
989         case NET_LEGACY_OPTIONS_TYPE_NONE:
990             return 0; /* nothing to do */
991         case NET_LEGACY_OPTIONS_TYPE_NIC:
992             legacy.type = NET_CLIENT_DRIVER_NIC;
993             legacy.u.nic = opts->u.nic;
994             break;
995         case NET_LEGACY_OPTIONS_TYPE_USER:
996             legacy.type = NET_CLIENT_DRIVER_USER;
997             legacy.u.user = opts->u.user;
998             break;
999         case NET_LEGACY_OPTIONS_TYPE_TAP:
1000             legacy.type = NET_CLIENT_DRIVER_TAP;
1001             legacy.u.tap = opts->u.tap;
1002             break;
1003         case NET_LEGACY_OPTIONS_TYPE_L2TPV3:
1004             legacy.type = NET_CLIENT_DRIVER_L2TPV3;
1005             legacy.u.l2tpv3 = opts->u.l2tpv3;
1006             break;
1007         case NET_LEGACY_OPTIONS_TYPE_SOCKET:
1008             legacy.type = NET_CLIENT_DRIVER_SOCKET;
1009             legacy.u.socket = opts->u.socket;
1010             break;
1011         case NET_LEGACY_OPTIONS_TYPE_VDE:
1012             legacy.type = NET_CLIENT_DRIVER_VDE;
1013             legacy.u.vde = opts->u.vde;
1014             break;
1015         case NET_LEGACY_OPTIONS_TYPE_BRIDGE:
1016             legacy.type = NET_CLIENT_DRIVER_BRIDGE;
1017             legacy.u.bridge = opts->u.bridge;
1018             break;
1019         case NET_LEGACY_OPTIONS_TYPE_NETMAP:
1020             legacy.type = NET_CLIENT_DRIVER_NETMAP;
1021             legacy.u.netmap = opts->u.netmap;
1022             break;
1023         case NET_LEGACY_OPTIONS_TYPE_VHOST_USER:
1024             legacy.type = NET_CLIENT_DRIVER_VHOST_USER;
1025             legacy.u.vhost_user = opts->u.vhost_user;
1026             break;
1027         default:
1028             abort();
1029         }
1030 
1031         if (!net_client_init_fun[netdev->type]) {
1032             error_setg(errp, QERR_INVALID_PARAMETER_VALUE, "type",
1033                        "a net backend type (maybe it is not compiled "
1034                        "into this binary)");
1035             return -1;
1036         }
1037 
1038         /* Do not add to a hub if it's a nic with a netdev= parameter. */
1039         if (netdev->type != NET_CLIENT_DRIVER_NIC ||
1040             !opts->u.nic.has_netdev) {
1041             peer = net_hub_add_port(0, NULL, NULL);
1042         }
1043     }
1044 
1045     if (net_client_init_fun[netdev->type](netdev, name, peer, errp) < 0) {
1046         /* FIXME drop when all init functions store an Error */
1047         if (errp && !*errp) {
1048             error_setg(errp, QERR_DEVICE_INIT_FAILED,
1049                        NetClientDriver_str(netdev->type));
1050         }
1051         return -1;
1052     }
1053     return 0;
1054 }
1055 
1056 static void show_netdevs(void)
1057 {
1058     int idx;
1059     const char *available_netdevs[] = {
1060         "socket",
1061         "hubport",
1062         "tap",
1063 #ifdef CONFIG_SLIRP
1064         "user",
1065 #endif
1066 #ifdef CONFIG_L2TPV3
1067         "l2tpv3",
1068 #endif
1069 #ifdef CONFIG_VDE
1070         "vde",
1071 #endif
1072 #ifdef CONFIG_NET_BRIDGE
1073         "bridge",
1074 #endif
1075 #ifdef CONFIG_NETMAP
1076         "netmap",
1077 #endif
1078 #ifdef CONFIG_POSIX
1079         "vhost-user",
1080 #endif
1081     };
1082 
1083     printf("Available netdev backend types:\n");
1084     for (idx = 0; idx < ARRAY_SIZE(available_netdevs); idx++) {
1085         puts(available_netdevs[idx]);
1086     }
1087 }
1088 
1089 static int net_client_init(QemuOpts *opts, bool is_netdev, Error **errp)
1090 {
1091     void *object = NULL;
1092     Error *err = NULL;
1093     int ret = -1;
1094     Visitor *v = opts_visitor_new(opts);
1095 
1096     const char *type = qemu_opt_get(opts, "type");
1097 
1098     if (is_netdev && type && is_help_option(type)) {
1099         show_netdevs();
1100         exit(0);
1101     } else {
1102         /* Parse convenience option format ip6-net=fec0::0[/64] */
1103         const char *ip6_net = qemu_opt_get(opts, "ipv6-net");
1104 
1105         if (ip6_net) {
1106             char buf[strlen(ip6_net) + 1];
1107 
1108             if (get_str_sep(buf, sizeof(buf), &ip6_net, '/') < 0) {
1109                 /* Default 64bit prefix length.  */
1110                 qemu_opt_set(opts, "ipv6-prefix", ip6_net, &error_abort);
1111                 qemu_opt_set_number(opts, "ipv6-prefixlen", 64, &error_abort);
1112             } else {
1113                 /* User-specified prefix length.  */
1114                 unsigned long len;
1115                 int err;
1116 
1117                 qemu_opt_set(opts, "ipv6-prefix", buf, &error_abort);
1118                 err = qemu_strtoul(ip6_net, NULL, 10, &len);
1119 
1120                 if (err) {
1121                     error_setg(errp, QERR_INVALID_PARAMETER_VALUE,
1122                               "ipv6-prefix", "a number");
1123                 } else {
1124                     qemu_opt_set_number(opts, "ipv6-prefixlen", len,
1125                                         &error_abort);
1126                 }
1127             }
1128             qemu_opt_unset(opts, "ipv6-net");
1129         }
1130     }
1131 
1132     if (is_netdev) {
1133         visit_type_Netdev(v, NULL, (Netdev **)&object, &err);
1134     } else {
1135         visit_type_NetLegacy(v, NULL, (NetLegacy **)&object, &err);
1136     }
1137 
1138     if (!err) {
1139         ret = net_client_init1(object, is_netdev, &err);
1140     }
1141 
1142     if (is_netdev) {
1143         qapi_free_Netdev(object);
1144     } else {
1145         qapi_free_NetLegacy(object);
1146     }
1147 
1148     error_propagate(errp, err);
1149     visit_free(v);
1150     return ret;
1151 }
1152 
1153 void netdev_add(QemuOpts *opts, Error **errp)
1154 {
1155     net_client_init(opts, true, errp);
1156 }
1157 
1158 void qmp_netdev_add(QDict *qdict, QObject **ret, Error **errp)
1159 {
1160     Error *local_err = NULL;
1161     QemuOptsList *opts_list;
1162     QemuOpts *opts;
1163 
1164     opts_list = qemu_find_opts_err("netdev", &local_err);
1165     if (local_err) {
1166         goto out;
1167     }
1168 
1169     opts = qemu_opts_from_qdict(opts_list, qdict, &local_err);
1170     if (local_err) {
1171         goto out;
1172     }
1173 
1174     netdev_add(opts, &local_err);
1175     if (local_err) {
1176         qemu_opts_del(opts);
1177         goto out;
1178     }
1179 
1180 out:
1181     error_propagate(errp, local_err);
1182 }
1183 
1184 void qmp_netdev_del(const char *id, Error **errp)
1185 {
1186     NetClientState *nc;
1187     QemuOpts *opts;
1188 
1189     nc = qemu_find_netdev(id);
1190     if (!nc) {
1191         error_set(errp, ERROR_CLASS_DEVICE_NOT_FOUND,
1192                   "Device '%s' not found", id);
1193         return;
1194     }
1195 
1196     opts = qemu_opts_find(qemu_find_opts_err("netdev", NULL), id);
1197     if (!opts) {
1198         error_setg(errp, "Device '%s' is not a netdev", id);
1199         return;
1200     }
1201 
1202     qemu_del_net_client(nc);
1203     qemu_opts_del(opts);
1204 }
1205 
1206 static void netfilter_print_info(Monitor *mon, NetFilterState *nf)
1207 {
1208     char *str;
1209     ObjectProperty *prop;
1210     ObjectPropertyIterator iter;
1211     Visitor *v;
1212 
1213     /* generate info str */
1214     object_property_iter_init(&iter, OBJECT(nf));
1215     while ((prop = object_property_iter_next(&iter))) {
1216         if (!strcmp(prop->name, "type")) {
1217             continue;
1218         }
1219         v = string_output_visitor_new(false, &str);
1220         object_property_get(OBJECT(nf), v, prop->name, NULL);
1221         visit_complete(v, &str);
1222         visit_free(v);
1223         monitor_printf(mon, ",%s=%s", prop->name, str);
1224         g_free(str);
1225     }
1226     monitor_printf(mon, "\n");
1227 }
1228 
1229 void print_net_client(Monitor *mon, NetClientState *nc)
1230 {
1231     NetFilterState *nf;
1232 
1233     monitor_printf(mon, "%s: index=%d,type=%s,%s\n", nc->name,
1234                    nc->queue_index,
1235                    NetClientDriver_str(nc->info->type),
1236                    nc->info_str);
1237     if (!QTAILQ_EMPTY(&nc->filters)) {
1238         monitor_printf(mon, "filters:\n");
1239     }
1240     QTAILQ_FOREACH(nf, &nc->filters, next) {
1241         char *path = object_get_canonical_path_component(OBJECT(nf));
1242 
1243         monitor_printf(mon, "  - %s: type=%s", path,
1244                        object_get_typename(OBJECT(nf)));
1245         netfilter_print_info(mon, nf);
1246         g_free(path);
1247     }
1248 }
1249 
1250 RxFilterInfoList *qmp_query_rx_filter(bool has_name, const char *name,
1251                                       Error **errp)
1252 {
1253     NetClientState *nc;
1254     RxFilterInfoList *filter_list = NULL, *last_entry = NULL;
1255 
1256     QTAILQ_FOREACH(nc, &net_clients, next) {
1257         RxFilterInfoList *entry;
1258         RxFilterInfo *info;
1259 
1260         if (has_name && strcmp(nc->name, name) != 0) {
1261             continue;
1262         }
1263 
1264         /* only query rx-filter information of NIC */
1265         if (nc->info->type != NET_CLIENT_DRIVER_NIC) {
1266             if (has_name) {
1267                 error_setg(errp, "net client(%s) isn't a NIC", name);
1268                 return NULL;
1269             }
1270             continue;
1271         }
1272 
1273         /* only query information on queue 0 since the info is per nic,
1274          * not per queue
1275          */
1276         if (nc->queue_index != 0)
1277             continue;
1278 
1279         if (nc->info->query_rx_filter) {
1280             info = nc->info->query_rx_filter(nc);
1281             entry = g_malloc0(sizeof(*entry));
1282             entry->value = info;
1283 
1284             if (!filter_list) {
1285                 filter_list = entry;
1286             } else {
1287                 last_entry->next = entry;
1288             }
1289             last_entry = entry;
1290         } else if (has_name) {
1291             error_setg(errp, "net client(%s) doesn't support"
1292                        " rx-filter querying", name);
1293             return NULL;
1294         }
1295 
1296         if (has_name) {
1297             break;
1298         }
1299     }
1300 
1301     if (filter_list == NULL && has_name) {
1302         error_setg(errp, "invalid net client name: %s", name);
1303     }
1304 
1305     return filter_list;
1306 }
1307 
1308 void hmp_info_network(Monitor *mon, const QDict *qdict)
1309 {
1310     NetClientState *nc, *peer;
1311     NetClientDriver type;
1312 
1313     net_hub_info(mon);
1314 
1315     QTAILQ_FOREACH(nc, &net_clients, next) {
1316         peer = nc->peer;
1317         type = nc->info->type;
1318 
1319         /* Skip if already printed in hub info */
1320         if (net_hub_id_for_client(nc, NULL) == 0) {
1321             continue;
1322         }
1323 
1324         if (!peer || type == NET_CLIENT_DRIVER_NIC) {
1325             print_net_client(mon, nc);
1326         } /* else it's a netdev connected to a NIC, printed with the NIC */
1327         if (peer && type == NET_CLIENT_DRIVER_NIC) {
1328             monitor_printf(mon, " \\ ");
1329             print_net_client(mon, peer);
1330         }
1331     }
1332 }
1333 
1334 void qmp_set_link(const char *name, bool up, Error **errp)
1335 {
1336     NetClientState *ncs[MAX_QUEUE_NUM];
1337     NetClientState *nc;
1338     int queues, i;
1339 
1340     queues = qemu_find_net_clients_except(name, ncs,
1341                                           NET_CLIENT_DRIVER__MAX,
1342                                           MAX_QUEUE_NUM);
1343 
1344     if (queues == 0) {
1345         error_set(errp, ERROR_CLASS_DEVICE_NOT_FOUND,
1346                   "Device '%s' not found", name);
1347         return;
1348     }
1349     nc = ncs[0];
1350 
1351     for (i = 0; i < queues; i++) {
1352         ncs[i]->link_down = !up;
1353     }
1354 
1355     if (nc->info->link_status_changed) {
1356         nc->info->link_status_changed(nc);
1357     }
1358 
1359     if (nc->peer) {
1360         /* Change peer link only if the peer is NIC and then notify peer.
1361          * If the peer is a HUBPORT or a backend, we do not change the
1362          * link status.
1363          *
1364          * This behavior is compatible with qemu hubs where there could be
1365          * multiple clients that can still communicate with each other in
1366          * disconnected mode. For now maintain this compatibility.
1367          */
1368         if (nc->peer->info->type == NET_CLIENT_DRIVER_NIC) {
1369             for (i = 0; i < queues; i++) {
1370                 ncs[i]->peer->link_down = !up;
1371             }
1372         }
1373         if (nc->peer->info->link_status_changed) {
1374             nc->peer->info->link_status_changed(nc->peer);
1375         }
1376     }
1377 }
1378 
1379 static void net_vm_change_state_handler(void *opaque, int running,
1380                                         RunState state)
1381 {
1382     NetClientState *nc;
1383     NetClientState *tmp;
1384 
1385     QTAILQ_FOREACH_SAFE(nc, &net_clients, next, tmp) {
1386         if (running) {
1387             /* Flush queued packets and wake up backends. */
1388             if (nc->peer && qemu_can_send_packet(nc)) {
1389                 qemu_flush_queued_packets(nc->peer);
1390             }
1391         } else {
1392             /* Complete all queued packets, to guarantee we don't modify
1393              * state later when VM is not running.
1394              */
1395             qemu_flush_or_purge_queued_packets(nc, true);
1396         }
1397     }
1398 }
1399 
1400 void net_cleanup(void)
1401 {
1402     NetClientState *nc;
1403 
1404     /* We may del multiple entries during qemu_del_net_client(),
1405      * so QTAILQ_FOREACH_SAFE() is also not safe here.
1406      */
1407     while (!QTAILQ_EMPTY(&net_clients)) {
1408         nc = QTAILQ_FIRST(&net_clients);
1409         if (nc->info->type == NET_CLIENT_DRIVER_NIC) {
1410             qemu_del_nic(qemu_get_nic(nc));
1411         } else {
1412             qemu_del_net_client(nc);
1413         }
1414     }
1415 
1416     qemu_del_vm_change_state_handler(net_change_state_entry);
1417 }
1418 
1419 void net_check_clients(void)
1420 {
1421     NetClientState *nc;
1422     int i;
1423 
1424     net_hub_check_clients();
1425 
1426     QTAILQ_FOREACH(nc, &net_clients, next) {
1427         if (!nc->peer) {
1428             warn_report("%s %s has no peer",
1429                         nc->info->type == NET_CLIENT_DRIVER_NIC
1430                         ? "nic" : "netdev",
1431                         nc->name);
1432         }
1433     }
1434 
1435     /* Check that all NICs requested via -net nic actually got created.
1436      * NICs created via -device don't need to be checked here because
1437      * they are always instantiated.
1438      */
1439     for (i = 0; i < MAX_NICS; i++) {
1440         NICInfo *nd = &nd_table[i];
1441         if (nd->used && !nd->instantiated) {
1442             warn_report("requested NIC (%s, model %s) "
1443                         "was not created (not supported by this machine?)",
1444                         nd->name ? nd->name : "anonymous",
1445                         nd->model ? nd->model : "unspecified");
1446         }
1447     }
1448 }
1449 
1450 static int net_init_client(void *dummy, QemuOpts *opts, Error **errp)
1451 {
1452     return net_client_init(opts, false, errp);
1453 }
1454 
1455 static int net_init_netdev(void *dummy, QemuOpts *opts, Error **errp)
1456 {
1457     return net_client_init(opts, true, errp);
1458 }
1459 
1460 /* For the convenience "--nic" parameter */
1461 static int net_param_nic(void *dummy, QemuOpts *opts, Error **errp)
1462 {
1463     char *mac, *nd_id;
1464     int idx, ret;
1465     NICInfo *ni;
1466     const char *type;
1467 
1468     type = qemu_opt_get(opts, "type");
1469     if (type && g_str_equal(type, "none")) {
1470         return 0;    /* Nothing to do, default_net is cleared in vl.c */
1471     }
1472 
1473     idx = nic_get_free_idx();
1474     if (idx == -1 || nb_nics >= MAX_NICS) {
1475         error_setg(errp, "no more on-board/default NIC slots available");
1476         return -1;
1477     }
1478 
1479     if (!type) {
1480         qemu_opt_set(opts, "type", "user", &error_abort);
1481     }
1482 
1483     ni = &nd_table[idx];
1484     memset(ni, 0, sizeof(*ni));
1485     ni->model = qemu_opt_get_del(opts, "model");
1486 
1487     /* Create an ID if the user did not specify one */
1488     nd_id = g_strdup(qemu_opts_id(opts));
1489     if (!nd_id) {
1490         nd_id = g_strdup_printf("__org.qemu.nic%i\n", idx);
1491         qemu_opts_set_id(opts, nd_id);
1492     }
1493 
1494     /* Handle MAC address */
1495     mac = qemu_opt_get_del(opts, "mac");
1496     if (mac) {
1497         ret = net_parse_macaddr(ni->macaddr.a, mac);
1498         g_free(mac);
1499         if (ret) {
1500             error_setg(errp, "invalid syntax for ethernet address");
1501             goto out;
1502         }
1503         if (is_multicast_ether_addr(ni->macaddr.a)) {
1504             error_setg(errp, "NIC cannot have multicast MAC address");
1505             ret = -1;
1506             goto out;
1507         }
1508     }
1509     qemu_macaddr_default_if_unset(&ni->macaddr);
1510 
1511     ret = net_client_init(opts, true, errp);
1512     if (ret == 0) {
1513         ni->netdev = qemu_find_netdev(nd_id);
1514         ni->used = true;
1515         nb_nics++;
1516     }
1517 
1518 out:
1519     g_free(nd_id);
1520     return ret;
1521 }
1522 
1523 int net_init_clients(Error **errp)
1524 {
1525     net_change_state_entry =
1526         qemu_add_vm_change_state_handler(net_vm_change_state_handler, NULL);
1527 
1528     QTAILQ_INIT(&net_clients);
1529 
1530     if (qemu_opts_foreach(qemu_find_opts("netdev"),
1531                           net_init_netdev, NULL, errp)) {
1532         return -1;
1533     }
1534 
1535     if (qemu_opts_foreach(qemu_find_opts("nic"), net_param_nic, NULL, errp)) {
1536         return -1;
1537     }
1538 
1539     if (qemu_opts_foreach(qemu_find_opts("net"), net_init_client, NULL, errp)) {
1540         return -1;
1541     }
1542 
1543     return 0;
1544 }
1545 
1546 int net_client_parse(QemuOptsList *opts_list, const char *optarg)
1547 {
1548     if (!qemu_opts_parse_noisily(opts_list, optarg, true)) {
1549         return -1;
1550     }
1551 
1552     return 0;
1553 }
1554 
1555 /* From FreeBSD */
1556 /* XXX: optimize */
1557 uint32_t net_crc32(const uint8_t *p, int len)
1558 {
1559     uint32_t crc;
1560     int carry, i, j;
1561     uint8_t b;
1562 
1563     crc = 0xffffffff;
1564     for (i = 0; i < len; i++) {
1565         b = *p++;
1566         for (j = 0; j < 8; j++) {
1567             carry = ((crc & 0x80000000L) ? 1 : 0) ^ (b & 0x01);
1568             crc <<= 1;
1569             b >>= 1;
1570             if (carry) {
1571                 crc = ((crc ^ POLYNOMIAL_BE) | carry);
1572             }
1573         }
1574     }
1575 
1576     return crc;
1577 }
1578 
1579 uint32_t net_crc32_le(const uint8_t *p, int len)
1580 {
1581     uint32_t crc;
1582     int carry, i, j;
1583     uint8_t b;
1584 
1585     crc = 0xffffffff;
1586     for (i = 0; i < len; i++) {
1587         b = *p++;
1588         for (j = 0; j < 8; j++) {
1589             carry = (crc & 0x1) ^ (b & 0x01);
1590             crc >>= 1;
1591             b >>= 1;
1592             if (carry) {
1593                 crc ^= POLYNOMIAL_LE;
1594             }
1595         }
1596     }
1597 
1598     return crc;
1599 }
1600 
1601 QemuOptsList qemu_netdev_opts = {
1602     .name = "netdev",
1603     .implied_opt_name = "type",
1604     .head = QTAILQ_HEAD_INITIALIZER(qemu_netdev_opts.head),
1605     .desc = {
1606         /*
1607          * no elements => accept any params
1608          * validation will happen later
1609          */
1610         { /* end of list */ }
1611     },
1612 };
1613 
1614 QemuOptsList qemu_nic_opts = {
1615     .name = "nic",
1616     .implied_opt_name = "type",
1617     .head = QTAILQ_HEAD_INITIALIZER(qemu_nic_opts.head),
1618     .desc = {
1619         /*
1620          * no elements => accept any params
1621          * validation will happen later
1622          */
1623         { /* end of list */ }
1624     },
1625 };
1626 
1627 QemuOptsList qemu_net_opts = {
1628     .name = "net",
1629     .implied_opt_name = "type",
1630     .head = QTAILQ_HEAD_INITIALIZER(qemu_net_opts.head),
1631     .desc = {
1632         /*
1633          * no elements => accept any params
1634          * validation will happen later
1635          */
1636         { /* end of list */ }
1637     },
1638 };
1639 
1640 void net_socket_rs_init(SocketReadState *rs,
1641                         SocketReadStateFinalize *finalize,
1642                         bool vnet_hdr)
1643 {
1644     rs->state = 0;
1645     rs->vnet_hdr = vnet_hdr;
1646     rs->index = 0;
1647     rs->packet_len = 0;
1648     rs->vnet_hdr_len = 0;
1649     memset(rs->buf, 0, sizeof(rs->buf));
1650     rs->finalize = finalize;
1651 }
1652 
1653 /*
1654  * Returns
1655  * 0: success
1656  * -1: error occurs
1657  */
1658 int net_fill_rstate(SocketReadState *rs, const uint8_t *buf, int size)
1659 {
1660     unsigned int l;
1661 
1662     while (size > 0) {
1663         /* Reassemble a packet from the network.
1664          * 0 = getting length.
1665          * 1 = getting vnet header length.
1666          * 2 = getting data.
1667          */
1668         switch (rs->state) {
1669         case 0:
1670             l = 4 - rs->index;
1671             if (l > size) {
1672                 l = size;
1673             }
1674             memcpy(rs->buf + rs->index, buf, l);
1675             buf += l;
1676             size -= l;
1677             rs->index += l;
1678             if (rs->index == 4) {
1679                 /* got length */
1680                 rs->packet_len = ntohl(*(uint32_t *)rs->buf);
1681                 rs->index = 0;
1682                 if (rs->vnet_hdr) {
1683                     rs->state = 1;
1684                 } else {
1685                     rs->state = 2;
1686                     rs->vnet_hdr_len = 0;
1687                 }
1688             }
1689             break;
1690         case 1:
1691             l = 4 - rs->index;
1692             if (l > size) {
1693                 l = size;
1694             }
1695             memcpy(rs->buf + rs->index, buf, l);
1696             buf += l;
1697             size -= l;
1698             rs->index += l;
1699             if (rs->index == 4) {
1700                 /* got vnet header length */
1701                 rs->vnet_hdr_len = ntohl(*(uint32_t *)rs->buf);
1702                 rs->index = 0;
1703                 rs->state = 2;
1704             }
1705             break;
1706         case 2:
1707             l = rs->packet_len - rs->index;
1708             if (l > size) {
1709                 l = size;
1710             }
1711             if (rs->index + l <= sizeof(rs->buf)) {
1712                 memcpy(rs->buf + rs->index, buf, l);
1713             } else {
1714                 fprintf(stderr, "serious error: oversized packet received,"
1715                     "connection terminated.\n");
1716                 rs->index = rs->state = 0;
1717                 return -1;
1718             }
1719 
1720             rs->index += l;
1721             buf += l;
1722             size -= l;
1723             if (rs->index >= rs->packet_len) {
1724                 rs->index = 0;
1725                 rs->state = 0;
1726                 assert(rs->finalize);
1727                 rs->finalize(rs);
1728             }
1729             break;
1730         }
1731     }
1732 
1733     assert(size == 0);
1734     return 0;
1735 }
1736