g_new(T, n) is neater than g_malloc(sizeof(T) * n).  It's also safer,
for two reasons.  One, it catches multiplication overflowing size_t.
Two, it returns T * rather than void *, which lets the compiler catch
more type errors.

This commit only touches allocations with size arguments of the form
sizeof(T).
Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>

Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>

[Adjusted doc comment for grammar.
--Stefan]
Signed-off-by: NWangkai <wangkai86@huawei.com>
Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>

If is_connected parameter is false, the saddr
variable will no initialize. Coverity report:
uninit_use: Using uninitialized value saddr.sin_port.

We don't need add saddr information to nc->info_str
when is_connected is false.
Signed-off-by: NGonglei <arei.gonglei@huawei.com>
Reviewed-by: NJason Wang <jasowang@redhat.com>
Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>

commit b412eb61 introduce 'cmd:' target for guestfwd,
and fwd don't be used in this scenario, and will leak
memory in true branch with 'cmd:'. Let's allocate memory
for fwd variable just in else statement.

Cc: Alexander Graf <agraf@suse.de>
Signed-off-by: NGonglei <arei.gonglei@huawei.com>
Reviewed-by: NJason Wang <jasowang@redhat.com>
Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>

Signed-off-by: Nzhanghailiang <zhang.zhanghailiang@huawei.com>
Reviewed-by: NMarkus Armbruster <armbru@redhat.com>
Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>

In this false branch, fd will leak when it is zero.
Change the testing condition.
Signed-off-by: NGonglei <arei.gonglei@huawei.com>
[Fix net_l2tpv3_cleanup as well. - Paolo]
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

freeaddrinfo(result) does not assign result = NULL, after frees it.
There will be a double free when it goes error case.
It is reported by covertiy.
Reviewed-by: NGonglei <arei.gonglei@huawei.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Nzhanghailiang <zhang.zhanghailiang@huawei.com>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

The file sharing module should not handle printers, so disable it.
The options 'load printers' and 'printing' have been available since the
beginning (May 1996, commit 0e8fd3398771da2f016d72830179507f3edda51b).
Option 'disable spoolss' is available since Samba 2.0.4, commit
de5f42c9d9172592779fa2504d44544e3b6b1c0d).

Next, "socket address" was reported as deprecated, use a combination of
"interfaces" and "bind interfaces only" instead (available since October
1997, commit 79f4fb52c1ed56fd843f81b4eb0cdd2991d4d0f4).

Override cache directory to avoid writing to a global directory. Option
available since Samba 3.4.0, Jan 2009, commit
19a05bf2f485023b11b41dfae3f6459847d55ef7.

Set "usershare max shared=0" to prevent a global directory from being
used. Option available since Samba 3.0.23, February 2006, commit
5831715049f2d460ce42299963a5defdc160891b.

The last option was introduced with Samba 3.4.0, but previously
"state directory" was already added which exists in Samba 3.4.0. As
unknown parameters are ignored (while printing a warning), it should be
safe to add another option.
Signed-off-by: NPeter Wu <peter@lekensteyn.nl>
Cc: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>

In hotplugging scenario, taking those true branch, the file
handler do not be closed. Let's close them before return.
Signed-off-by: NGonglei <arei.gonglei@huawei.com>
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>

commit 5193e5fb (tap: factor out common tap initialization)
introduce net_init_tap_one(). But it's inappropriate that
we close fd in net_init_tap_one(), we should lay it in the
caller, becuase some callers needn't to close it if we get
the fd by monitor_handle_fd_param().

On the other hand, in other exceptional branches fd isn't
closed, so that's incomplete anyway.
Signed-off-by: NGonglei <arei.gonglei@huawei.com>
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>

DEFAULT_NETWORK_SCRIPT and DEFAULT_NETWORK_DOWN_SCRIPT
have been defined in net/net.h included in
tap.c, which is the only C file that using those two macro.
Let's remove the repeating macroinstruction.
Signed-off-by: NGonglei <arei.gonglei@huawei.com>
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>

It looks like smbd always logs to /var/log/samba/log.$progname
even if config file specifies different logfile -- when it needs
to log something before completing reading the config file.  But
if it can't open it for writing, it fails and exits.  Tell smbd
to use our temp dir as logbase (-l option) to avoid that.

The same option is used by samba3 and samba4, so there should
be no incompatible changes.
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>
Reviewed-by: NJan Kiszka <jan.kiszka@siemens.com>
Tested-by: NJan Kiszka <jan.kiszka@siemens.com>

This completes all packets, ensuring that callbacks
will not run when VM is stopped.

Cc: qemu-stable@nongnu.org
Cc: Jason Wang <jasowang@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>

devices rely on packet callbacks eventually running,
but we violate this rule whenever we purge the queue.
To fix, invoke callbacks on all packets on purge.
Set length to 0, this way callers can detect that
this happened and re-queue if necessary.

Cc: qemu-stable@nongnu.org
Cc: Jason Wang <jasowang@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
Acked-by: NJason Wang <jasowang@redhat.com>
Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>

For all NICs(except virtio-net) emulated by qemu,
Such as e1000, rtl8139, pcnet and ne2k_pci,
Qemu can still receive packets when VM is not running.

If this happened in *migration's* last PAUSE VM stage, but
before the end of the migration, the new receiving packets will possibly dirty
parts of RAM which has been cached in *iovec*(will be sent asynchronously) and
dirty parts of new RAM which will be missed.
This will lead serious network fault in VM.

To avoid this, we forbid receiving packets in generic net code when
VM is not running.

Bug reproduction steps:
(1) Start a VM which configured at least one NIC
(2) In VM, open several Terminal and do *Ping IP -i 0.1*
(3) Migrate the VM repeatedly between two Hosts
And the *PING* command in VM will very likely fail with message:
'Destination HOST Unreachable', the NIC in VM will stay unavailable unless you
run 'service network restart'
Signed-off-by: Nzhanghailiang <zhang.zhanghailiang@huawei.com>
Reviewed-by: NJason Wang <jasowang@redhat.com>
Reviewed-by: NJuan Quintela <quintela@redhat.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>

The hostfwd_add and hostfwd_remove monitor commands allow the user
to optionally specify a vlan/stack tuple. hostfwd_add honours this,
but hostfwd_remove does not (it looks up the tuple but then ignores
the SlirpState it has looked up and always uses the first stack
in the list anyway). Correct this to honour what the user requested.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>

The current behaviour of tap_open for BSD systems differ greatly from
it's Linux counterpart. Since FreeBSD supports interface renaming and
tap device cloning by opening /dev/tap, implement a FreeBSD specific
version of tap_open that behaves like it's Linux counterpart.

This is specially important for toolstacks that use Qemu (like Xen
libxl), in order to have a unified behaviour across suported
platforms.
Signed-off-by: NRoger Pau Monné <roger.pau@citrix.com>
Signed-off-by: NStefano Stabellini <stefano.stabellini@eu.citrix.com>
Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com>

If the user specified a (vlan ID, slirp stack name) tuple in a monitor
hostfwd_add/remove command and we can't find it, give the user an
error message rather than silently doing nothing.

This brings this error case in slirp_lookup() into line with the
other two.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: NMichael Tokarev <mjt@tls.msk.ru>
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>

The mmsghdr struct is only introduced in Linux 2.6.32; add a
configure check for it and disable L2TPV3 on hosts which are
too old to provide it, rather than simply failing to compile.
Reported-by: Nchenliang <chenliang88@huawei.com>
Signed-off-by: NGonglei <arei.gonglei@huawei.com>
Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com>
Message-id: 1404219488-11196-1-git-send-email-arei.gonglei@huawei.com
[PMM: cleaned up commit message and corrected kernel version number]
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

It indicates the number of elements in ncs field and makes sense to have
int inside NICPeers. Also in parse_netdev we do not need to access
container and work with NICPeers only.
Signed-off-by: NJiri Pirko <jiri@resnulli.us>
Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>

This transport allows to connect a QEMU nic to a static Ethernet
over L2TPv3 tunnel. The transport supports all options present
in the Linux kernel implementation. It allows QEMU to connect
to any Linux host running kernel 3.3+, most routers and network
devices as well as other QEMU instances.

[Fixed up net_client_init1() switch statement to support -netdev
--Stefan]
Signed-off-by: NAnton Ivanov <antivano@cisco.com>
Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>

The supplied chardev id will be inspected for supported options. Only
a socket backend, with a set path (i.e. a Unix socket) and optionally
the server parameter set, will be allowed. Other options (nowait, telnet)
will make the chardev unusable and the netdev will not be initialised.

Additional checks for validity:
  - requires `-numa node,memdev=..`
  - requires `-device virtio-net-*`

The `vhostforce` option is used to force vhost-net when we deal with
non-MSIX guests.
Signed-off-by: NAntonios Motakis <a.motakis@virtualopensystems.com>
Signed-off-by: NNikolay Nikolaev <n.nikolaev@virtualopensystems.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
Acked-by: NLuiz Capitulino <lcapitulino@redhat.com>
Reviewed-by: NEric Blake <eblake@redhat.com>

Add a new QEMU netdev backend that is intended to invoke vhost_net with the
vhost-user backend. It uses an Unix socket chardev to establish a
communication with the 'slave' (client and server mode supported).

At runtime the netdev will handle OPEN/CLOSE events from the chardev. Upon
disconnection it will set link_down accordingly and notify virtio-net; the
virtio-net interface will go down.
Signed-off-by: NAntonios Motakis <a.motakis@virtualopensystems.com>
Signed-off-by: NNikolay Nikolaev <n.nikolaev@virtualopensystems.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>

Use vhost_set_backend_type to initialise a proper vhost_ops structure.
In vhost_net_init and vhost_net_start_one call conditionally TAP related
initialisation depending on the vhost backend type.
Signed-off-by: NAntonios Motakis <a.motakis@virtualopensystems.com>
Signed-off-by: NNikolay Nikolaev <n.nikolaev@virtualopensystems.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>

vhost_dev_init will replace devfd and devpath with a single opaque argument.
This is initialised with a file descriptor. When TAP is used (through
vhost_net), open /dev/vhost-net and pass the fd as an opaque parameter in
VhostNetOptions. The same applies to vhost-scsi - open /dev/vhost-scsi and
pass the fd.
Signed-off-by: NAntonios Motakis <a.motakis@virtualopensystems.com>
Signed-off-by: NNikolay Nikolaev <n.nikolaev@virtualopensystems.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>

Signed-off-by: NHani Benhabiles <hani@linux.com>
Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: NLuiz Capitulino <lcapitulino@redhat.com>

Make it possible to query all net clients without specifying an ID when calling
qemu_find_net_clients_except().

This also adds the add_completion_option() function which is to be used for
other commands completions as well.
Signed-off-by: NHani Benhabiles <hani@linux.com>
Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: NLuiz Capitulino <lcapitulino@redhat.com>

The smbd forked by qemu still uses the default ncalrpc directory
in /var/run/samba. This may lead to problems, if /var/run/samba
does not exist (for example if /var/run is a tmpfs and the host
smbd was not started).

This leads to the following error message from samba
and an unworkable smbd:
	Failed to create pipe directory /var/run/samba/ncalrpc - No such file or directory

Fix this by pointing smbd to /tmp/qemu-smb.%d.%d/ncalrpc as ncalrpc directory.
Smbd will create the actual ncalrpc subdirectory on its own.
Signed-off-by: NMichael Buesch <m@bues.ch>
Cc: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>
(Applying this to -trivial because it _is_ rather trivial
 and because Jan does not reply for months)

Signed-off-by: NIgor Ryzhov <iryzhov@arccn.ru>
Reviewed-by: NStefan Weil <sw@weilnetz.de>
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>

Using error_is_set(errp) that way can sweep programming errors under
the carpet when we get called incorrectly with an error set.

qmp_query_rx_filter() breaks its loop when it detects an error.  It
needs to set another error when the loop completes normally.

Return right away instead of merely breaking the loop.
Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>

With a client name, the QMP command is specified to return a list of
one element.  This isn't locally obvious in the code.  Make it so.
Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>

Signed-off-by: NIgor Ryzhov <iryzhov@arccn.ru>
Reviewed-by: NStefan Weil <sw@weilnetz.de>
Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>

Avoid iterations for fd 0, 1 & 2 when we are closing file fds in child process.
Signed-off-by: NPankaj Gupta <pagupta@redhat.com>
Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>

Also convert nearby monitor_printf() call to error_report().
Signed-off-by: NHani Benhabiles <hani@linux.com>
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>

Signed-off-by: NPrasad Joshi <prasadjoshi.linux@gmail.com>
Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>

The net subsystem has a control flow mechanism so peer NetClientStates
can tell each other to stop sending packets.  This is used to stop
monitoring the tap file descriptor for incoming packets if the guest rx
ring has no spare buffers.

There is a corner case when tap_can_send() is true at the beginning of
an event loop iteration but becomes false before the tap_send() fd
handler is invoked.

tap_send() will read the packet from the tap file descriptor and attempt
to send it.  The net queue will hold on to the packet and return 0,
indicating that further I/O is not possible.  tap then stops monitoring
the file descriptor for reads.

This is unlike the normal case where tap_can_send() is the same before
and during the event loop iteration.  The event loop would simply not
monitor the file descriptor if tap_can_send() returns true.  Upon next
iteration it would check tap_can_send() again and begin monitoring if we
can send.

The deadlock happens because tap_send() explicitly disabled read_poll.
This is done with the expectation that the peer will call
qemu_net_queue_flush().  But hw/net/virtio-net.c does not monitor
vm_running transitions and issue the flush.  Hence we're left with a
broken tap device.

Cc: qemu-stable@nongnu.org
Reported-by: NNeil Skrypuch <neil@tembosocial.com>
Tested-by: NNeil Skrypuch <neil@tembosocial.com>
Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>

After numerous reports that -smb (or -netdev user,smb=foo) not working
with modern windows (win7 and vista are reported as non-working), I
started digging myself.  And found that indeed it doesn't work, and
why.

The thing is that modern win tries to connect to port 445 (microsoft-ds)
first, and if that fails, it falls back to old port 139 (netbios-ssn).

slirp code in qemu only redirects port 139, it does not touch port 445.

So the prob is that if samba is also running on the host, guest will try
to communicate using port 445, and that will succed, but ofcourse guest
will not talk with our samba but with samba running on the host.

If samba is not running on the host, guest will fall back to port 139,
and will reach the redirecting rule and qemu will spawn smbd correctly.

The solution is to redirect both ports (139 and 445), and the fix is
a one-liner, adding second call to slirp_add_exec() at the end of
net/slirp.c:slirp_smb() function (provided below).

But it looks like that is not a proper fix really, since in theory
we should redirect both ports to the SAME, single samba instance,
but I'm not sure this is possible with slirp.  Well, even if two
smbd processes will be run on the same config dir, it should not
be a problem.

The one-liner (not exactly 1 since it touches previous line too) is like
this:
Signed-off-By: NMichael Tokarev <mjt@tls.msk.ru>
Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com>

The smb.conf automatically generated by qemu's -smb option fails on current
samba, because smbd rejects the security=share option with the following warning:

>   WARNING: Ignoring invalid value 'share' for parameter 'security'

Which makes it fall back to security=user without guest login.
This results in being unable to login to the samba server from the guest OS.

This fixes it by selecting 'user' explicitly and mapping
unknown users to guest logins.
Signed-off-by: NMichael Buesch <m@bues.ch>
Reviewed-by: NMichael Tokarev <mjt@tls.msk.ru>
Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com>

The virtio_net offload APIs are used on the NIC's peer (i.e. the tap
device).  The API was defined to implicitly use nc->peer, saving the
caller the trouble.

This wasn't ideal because:
1. There are callers who have the peer but not the NIC.  Currently they
   are forced to bypass the API and access peer->info->... directly.
2. The rest of the net.h API uses nc, not nc->peer, so it is
   inconsistent.

This patch pushes nc->peer back up to callers.
Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>