We use a table of network types to look up the initialization function
and parameter descriptions in net_client_init().

For now, we use QemuOpts for the 'none' and 'nic' types. Subsequent
patches port the other types too and the special casing is removed.

We're not parsing the full -net option string here as the type has
been stripped from the string, so we do not use qemu_opts_parse()
'firstname' facility. This will also be rectified in subsequent
patches.

No functional changes are introduced by this patch.
Signed-off-by: NMark McLoughlin <markmc@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Diagnostic output goes to stderr, except when we're in a monitor
command, when it goes to the monitor instead.

config_error() implements this with a monitor argument: if it's
non-null, report there, else to stderr.  This obliges us to pass the
monitor down various call chains, to make it available to
config_error().

The recently created qemu_error() doesn't need a monitor argument to
route output.  Use it.

There's one user-visible difference: config_error() prepended "qemu: "
to a message bound for stderr.  qemu_error() doesn't, which means the
prefix goes away with this commit.  If such a prefix is desired for
stderr, then I figure it should be slapped on all error messages, not
just the ones that used to go through config_error().
Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
Signed-off-by: NMark McLoughlin <markmc@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Propagating errors up the call chain is tedious.  In startup code, we
can take a shortcut: terminate the program.  This is wrong elsewhere,
the monitor in particular.

config_error() tries to cater for both customers: it terminates the
program unless its mon parameter tells it it's working for the
monitor.

Its users need to return status anyway (unless passing a null mon
argument, which none do), which their users need to check.  So this
automatic exit buys us exactly nothing useful.  Only the dangerous
delusion that we can get away without returning status.  Some of its
users fell for that.  Their callers continue executing after failure
when working for the monitor.

This bites monitor command host_net_add in two places:

* net_slirp_init() continues after slirp_hostfwd(), slirp_guestfwd(),
  or slirp_smb() failed, and may end up reporting success.  This
  happens for "host_net_add user guestfwd=foo": it complains about the
  invalid guest forwarding rule, then happily creates the user network
  without guest forwarding.

* net_client_init() can't detect slirp_guestfwd() failure, and gets
  fooled by net_slirp_init() lying about success.  Suppresses its
  "Could not initialize device" message.

Add the missing error reporting, make sure errors are checked, and
drop the exit() from config_error().
Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
Signed-off-by: NMark McLoughlin <markmc@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

net_slirp_init() walks slirp_configs, and stops when it encounters one
that doesn't work.  Instead of consuming slirp_configs members there,
consume them in the sole caller.  This makes sure all are consumed.
Before, the tail starting with the non-working one was left in place,
where it made the next net_slirp_init() fail again.
Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
Signed-off-by: NMark McLoughlin <markmc@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Signed-off-by: NMark McLoughlin <markmc@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

zeroing a structure before using it is more common than zeroing after
using it. Also makes the setting of nd->used more obvious.
Signed-off-by: NMark McLoughlin <markmc@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

We now only assign strdup()ed strings to these fields, never static
strings.

aliguori: fix build for ppc_prep and mips_jazz
Signed-off-by: NMark McLoughlin <markmc@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Signed-off-by: NMark McLoughlin <markmc@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Monitor command "pci_add ADDR nic model=MODEL" uses pci_nic_init() to
create the NIC.  When MODEL is unknown or "?", this prints to stderr
and terminates the program.

Change pci_nic_init() not to treat "?" specially, and to return NULL
on failure.  Switch uses during startup to new convenience wrapper
pci_nic_init_nofail(), which behaves just like pci_nic_init() used to
do.

Bonus bug fix: we now check for qdev_init() failing there.
Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Before this patch, pci_nic_init() returns NULL when it can't find the
model in pci_nic_models[].  Except this can't happen, because
qemu_check_nic_model_list() just searched for model in
pci_nic_models[], and terminated the program on failure.

Repeating the search here is pointless.  Instead, change
qemu_check_nic_model_list() to return the model's array index.
Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

When we "free" a NICInfo structure, we can leak pointers, since we don't do
much more than setting used = 0.

We free() the model parameter, but we don't set it to NULL. This means that
a new user of this structure will see garbage in there. It was not noticed
before because reusing a NICInfo is not that common, but it can be, for
users of device pci hotplug.

A user hit it, described at https://bugzilla.redhat.com/show_bug.cgi?id=524022

This patch memset's the whole structure, guaranteeing that anyone reusing it
will see a fresh NICinfo. Also, we free some other strings that are currently
leaking.

This codebase is quite old, so this patch should feed all stable trees.
Signed-off-by: NGlauber Costa <glommer@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Put space between = and - assigning a negative number
to avoid confusion with old-style "-="
(which we also have, and need to be fixed).
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Problem: Our file sys-queue.h is a copy of the BSD file, but there are
some additions and it's not entirely compatible. Because of that, there have
been conflicts with system headers on BSD systems. Some hacks have been
introduced in the commits 15cc9235,
f40d7537,
96555a96 and
3990d09a but the fixes were fragile.

Solution: Avoid the conflict entirely by renaming the functions and the
file. Revert the previous hacks.
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Signed-off-by: NJuan Quintela <quintela@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

This commit ports command handlers that receive three arguments to use
the new monitor's dictionary.
Signed-off-by: NLuiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

This commit ports command handlers that receive two arguments to use
the new monitor's dictionary.
Signed-off-by: NLuiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Ensure that packets enqueued for delayed delivery are dequeued in FIFO
order. At least one simplistic guest TCP/IP stack became unhappy due to
sporadically reordered packet streams.

At this chance, switch the send queue implementation to TAILQ.
Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

The error message for an unknown network device given to
monitor command set_link looks better with a terminating
linefeed.
Signed-off-by: NStefan Weil <weil@mail.berlios.de>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

do_set_link() returns int, but Monitor handler functions should
always return void.
Signed-off-by: NLuiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>
Message-Id: 

Signed-off-by: NJuan Quintela <quintela@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Signed-off-by: NFilip Navara <filip.navara@gmail.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Unless a virtual server address was explicitly defined (which is
impossible with the legacy -net channel format), guestfwd did not
properly forwarded host->guest packets. This patch fixes it.
Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

This allows a program to initialize a host networking device using a
file descriptor passed over a unix monitor socket.

The program must first pass the file descriptor using SCM_RIGHTS
ancillary data with the getfd monitor command. It then may do
"host_net_add tap fd=name" to use the named file descriptor.
Signed-off-by: NMark McLoughlin <markmc@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

This got broken between a13a4126 and c92ef6a2: old slirp code used
255.255.255.0.
Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

If no tap,sndbuf= arg is supplied, we use a default value. If
TUNSETSNDBUF fails in this case, we should not abort.
Signed-off-by: NMark McLoughlin <markmc@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

On reflection, perhaps it does make sense to set a default value for
the sndbuf= tap parameter.

For best effect, sndbuf= should be set to just below the capacity of
the physical NIC.

Setting it higher will cause packets to be dropped before the limit
is hit. Setting it much lower will not cause any problems unless
you set it low enough such that the guest cannot queue up new packets
before the NIC has emptied its queue.

In Linux, txqueuelen=1000 by default for ethernet NICs. Given a 1500
byte MTU, 1Mb is a good choice for sndbuf.

If it turns out that txqueuelen is actually much lower than this, then
sndbuf is essentially disabled. In the event that txqueuelen is much
higher, it's unlikely that the NIC will be able to empty a 1Mb queue.

Thanks to Herbert Xu for this logic.
Signed-off-by: NMark McLoughlin <markmc@redhat.com>
Cc: Herbert Xu <herbert.xu@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Extend the syntax of hostfwd_add/remove to optionally take a tuple of
VLAN ID and slirp stack name. If those are omitted, the commands will
continue to work on the first registered slirp stack.
Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Introduce qemu_find_vlan_client_by_name for VLANClientState lookup based
on VLAN ID and client name. This is useful for monitor commands.
Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Push the smb state, smb_dir, into SlirpState and construct it in a way
that allows multiple smb instances (one per slirp stack). Remove the smb
directory on slirp cleanup instead of qemu termination. As VLAN clients
are also cleaned up on process termination, no feature is lost.
Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Make sure for invocations from the monitor that slirp_smb properly
reports errors and doesn't terminate qemu.
Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Instead of open-coding this, we can use the power of the shell to remove
the smb_dir on exit.
Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Once again this was a long journey to reach the destination: Allow to
instantiate slirp multiple times. But as in the past, the journey was
worthwhile, cleaning up, fixing and enhancing various parts of the user
space network stack along the way.

What is this particular change good for? Multiple slirps instances
allow separated user space networks for guests with multiple NICs. This
is already possible, but without any slirp support for the second
network, ie. without a chance to talk to that network from the host via
IP. We have a legacy guest system here that benefits from this slirp
enhancement, allowing us to run both of its NICs purely over
unprivileged user space IP stacks.

Another benefit of this patch is that it simply removes an artificial
restriction of the configuration space qemu is providing, avoiding
another source of surprises that users may face when playing with
possible setups.
Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Allocate the internal slirp state dynamically and provide and call
slirp_cleanup to properly release it after use. This patch finally
unbreaks slirp release and re-instantiation via host_net_* monitor
commands.
Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

This now also exports the internal state to the slirp users in qemu,
returning it from slirp_init and expecting it along with service
invocations. Additionally provide an opaque value interface for the
callbacks from slirp into the qemu core.
Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Slirp doesn't invoke slirp[_can]_output before it is initialized. The
motivation for these checks (3b7f5d47) no longer applies. So drop
them.

Note: slirp_vc will become invalid if the slirp stack is removed during
runtime. But this is no new bug and will be fixed later.
Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Avoid the need for slirp_is_inited by refactoring the protected
slirp_select_* functions. This also avoids the clearing of all fd sets
on select errors.
Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>