[Qemu-devel] Patch for sending large (>4k) packets through qemu/slirp

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] Patch for sending large (>4k) packets through qemu/slirp

From:	Kenneth Duda
Subject:	[Qemu-devel] Patch for sending large (>4k) packets through qemu/slirp
Date:	Thu, 06 Apr 2006 08:53:34 -0000

In qemu-0.8.0.20060327, there are three problems with sending large
packets from guest to host:

 (1) the code in slirp's ip_reass() reads a next pointer out an mbuf
after freeing it via m_cat().

 (2) the code in slirp's m_inc() calls realloc() on a large mbuf, but
fails to adjust m_data to point to the new allocation (see
http://lists.gnu.org/archive/html/qemu-devel/2005-05/msg00228.html).

 (3) there are many places within ip_input(), ip_reass(),
udp_input(), etc., that treat ip_len and ip_off as though they were
declared unsigned, when in fact they have been declared signed.

Patches fixing these problems are attached. I hope they can be
applied.  Please let me know what I can do to make the patches more
likely to be accepted.

Thanks,

   -Ken

qemu-slirp-reassembly-bug.patch
Description: Text document

qemu-slirp-mbuf-bug.patch
Description: Text document

qemu-slirp-32k-packets.patch
Description: Text document

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] Patch for sending large (>4k) packets through qemu/slirp, Kenneth Duda <=

Prev by Date: Re: [Qemu-devel] qemu-0.8.0 and vde-1.5.9 question
Next by Date: [Qemu-devel] Patch for minor qemu heap corruption bug when the console is zero width
Previous by thread: Re: [Qemu-devel] qemu-0.8.0 and vde-1.5.9 question
Next by thread: [Qemu-devel] Patch for minor qemu heap corruption bug when the console is zero width
Index(es):
- Date
- Thread