diff --git a/slirp/ip_icmp.c b/slirp/ip_icmp.c index 0b667a429ad6109d678f5e2b43f16c1671af42a4..da100d1f55fe652529dab210680c8d980b9e7312 100644 --- a/slirp/ip_icmp.c +++ b/slirp/ip_icmp.c @@ -420,7 +420,32 @@ void icmp_receive(struct socket *so) icp = mtod(m, struct icmp *); id = icp->icmp_id; - len = qemu_recv(so->s, icp, m->m_len, 0); + len = qemu_recv(so->s, icp, M_ROOM(m), 0); + /* + * The behavior of reading SOCK_DGRAM+IPPROTO_ICMP sockets is inconsistent + * between host OSes. On Linux, only the ICMP header and payload is + * included. On macOS/Darwin, the socket acts like a raw socket and + * includes the IP header as well. On other BSDs, SOCK_DGRAM+IPPROTO_ICMP + * sockets aren't supported at all, so we treat them like raw sockets. It + * isn't possible to detect this difference at runtime, so we must use an + * #ifdef to determine if we need to remove the IP header. + */ +#ifdef CONFIG_BSD + if (len >= sizeof(struct ip)) { + struct ip *inner_ip = mtod(m, struct ip *); + int inner_hlen = inner_ip->ip_hl << 2; + if (inner_hlen > len) { + len = -1; + errno = -EINVAL; + } else { + len -= inner_hlen; + memmove(icp, (unsigned char *)icp + inner_hlen, len); + } + } else { + len = -1; + errno = -EINVAL; + } +#endif icp->icmp_id = id; m->m_data -= hlen; diff --git a/slirp/mbuf.c b/slirp/mbuf.c index 1b7868355a38554ca9b47726d73a08aefcd13538..aa1f28afb180c1877dde8be64a98b43516913c13 100644 --- a/slirp/mbuf.c +++ b/slirp/mbuf.c @@ -151,7 +151,7 @@ m_cat(struct mbuf *m, struct mbuf *n) void m_inc(struct mbuf *m, int size) { - int datasize; + int gapsize; /* some compilers throw up on gotos. This one we can fake. */ if (M_ROOM(m) > size) { @@ -159,17 +159,17 @@ m_inc(struct mbuf *m, int size) } if (m->m_flags & M_EXT) { - datasize = m->m_data - m->m_ext; - m->m_ext = g_realloc(m->m_ext, size + datasize); + gapsize = m->m_data - m->m_ext; + m->m_ext = g_realloc(m->m_ext, size + gapsize); } else { - datasize = m->m_data - m->m_dat; - m->m_ext = g_malloc(size + datasize); + gapsize = m->m_data - m->m_dat; + m->m_ext = g_malloc(size + gapsize); memcpy(m->m_ext, m->m_dat, m->m_size); m->m_flags |= M_EXT; } - m->m_data = m->m_ext + datasize; - m->m_size = size + datasize; + m->m_data = m->m_ext + gapsize; + m->m_size = size + gapsize; } diff --git a/slirp/mbuf.h b/slirp/mbuf.h index 33b84485d631c44cbcf154485488285b687bcde6..bfdf8c4577a9ccbe574f45482da81fa13cbc80fb 100644 --- a/slirp/mbuf.h +++ b/slirp/mbuf.h @@ -47,6 +47,19 @@ * free the m_ext. This is inefficient memory-wise, but who cares. */ +/* + * mbufs allow to have a gap between the start of the allocated buffer (m_ext if + * M_EXT is set, m_dat otherwise) and the in-use data: + * + * |--gapsize----->|---m_len-------> + * |----------m_size------------------------------> + * |----M_ROOM--------------------> + * |-M_FREEROOM--> + * + * ^ ^ ^ + * m_dat/m_ext m_data end of buffer + */ + /* * How much room is in the mbuf, from m_data to the end of the mbuf */ diff --git a/slirp/socket.c b/slirp/socket.c index 08fe98907d08b3b49b5aff08140c6b84142a6dfd..322383a1f9f2edf28a0d740a48511bd83c863274 100644 --- a/slirp/socket.c +++ b/slirp/socket.c @@ -204,12 +204,19 @@ soread(struct socket *so) return 0; else { int err; - socklen_t slen = sizeof err; + socklen_t elen = sizeof err; + struct sockaddr_storage addr; + struct sockaddr *paddr = (struct sockaddr *) &addr; + socklen_t alen = sizeof addr; err = errno; if (nn == 0) { - getsockopt(so->s, SOL_SOCKET, SO_ERROR, - &err, &slen); + if (getpeername(so->s, paddr, &alen) < 0) { + err = errno; + } else { + getsockopt(so->s, SOL_SOCKET, SO_ERROR, + &err, &elen); + } } DEBUG_MISC((dfd, " --- soread() disconnected, nn = %d, errno = %d-%s\n", nn, errno,strerror(errno)));