From 10b6b88b0131c4bbe36945ab4e83349b75e052e9 Mon Sep 17 00:00:00 2001
From: Martin Stein <martin.stein@genode-labs.com>
Date: Wed, 6 Feb 2019 14:20:44 +0100
Subject: [PATCH] nic_bridge: simplified session request handling

1) A session request gets denied if there is no matching session policy.
   (The <defaul-policy/> tag can be used for the former default behavior)
2) A session request gets denied if the MAC address is given through the
   matching policy but this address cannot be allocated.
3) A session request gets denied if the MAC address is not given through the
   matching policy and it is also not possible to allocate one.

Issue #3040
---
 repos/libports/run/nic_bridge.run          | 23 +++++-
 repos/os/src/server/nic_bridge/component.h | 83 +++++-----------------
 repos/ports/run/virtualbox.run             |  2 +-
 3 files changed, 40 insertions(+), 68 deletions(-)

diff --git a/repos/libports/run/nic_bridge.run b/repos/libports/run/nic_bridge.run
index 30d91f8b5..0db0a6000 100644
--- a/repos/libports/run/nic_bridge.run
+++ b/repos/libports/run/nic_bridge.run
@@ -62,8 +62,10 @@ append config {
 		<resource name="RAM" quantum="24M"/>
 		<provides><service name="Nic"/></provides>
 		<config verbose="yes" mac="02:02:02:02:42:00">
+			<policy label_prefix="client_1"/>
 			<policy label_prefix="server_1" ip_addr="10.0.2.55"/>
 			<policy label_prefix="server_2" ip_addr="10.0.2.56" mac="02:02:02:02:23:00"/>
+			<policy label_prefix="client_2"                     mac="02:02:02:02:79:00"/>
 		</config>
 		<route>
 			<service name="Nic"> <child name="nic_drv"/> </service>
@@ -138,6 +140,22 @@ append config {
 			<libc stdout="/dev/log" stderr="/dev/log" socket="/socket"/>
 		</config>
 	</start>
+
+	<start name="client_3" caps="120">
+		<binary name="test-http_clnt"/>
+		<resource name="RAM" quantum="32M"/>
+		<route>
+			<service name="Nic"> <child name="nic_bridge"/> </service>
+			<any-service> <parent/> <any-child/> </any-service>
+		</route>
+		<config server_ip="10.0.2.56" server_port="80">
+			<vfs>
+				<dir name="socket"> <lwip dhcp="yes"/> </dir>
+				<dir name="dev">    <log/>             </dir>
+			</vfs>
+			<libc stdout="/dev/log" stderr="/dev/log" socket="/socket"/>
+		</config>
+	</start>
 </config>}
 
 install_config $config
@@ -178,7 +196,10 @@ proc qemu_nic_model {} {
 append qemu_args " -netdev user,id=net0 "
 append qemu_args " -net nic,model=[qemu_nic_model],netdev=net0 "
 
-append done_string {.*?\[server_1 -> lwip] rcv .\[32mETH.\[0m 02:02:02:02:42:00}
+append done_string {.*?\[init -> client_3] .\[31mError: Nic-session creation failed}
+append done_string {.*?\[client_1 -> lwip] rcv .\[32mETH.\[0m 02:02:02:02:42:0.}
+append done_string {.*?\[client_2 -> lwip] rcv .\[32mETH.\[0m 02:02:02:02:79:00}
+append done_string {.*?\[server_1 -> lwip] rcv .\[32mETH.\[0m 02:02:02:02:42:0.}
 append done_string {.*?\[server_2 -> lwip] rcv .\[32mETH.\[0m 02:02:02:02:23:00}
 append done_string {.*?"client_." exited with exit value 0}
 append done_string {.*?"client_." exited with exit value 0}
diff --git a/repos/os/src/server/nic_bridge/component.h b/repos/os/src/server/nic_bridge/component.h
index 1795b3088..2d326abb9 100644
--- a/repos/os/src/server/nic_bridge/component.h
+++ b/repos/os/src/server/nic_bridge/component.h
@@ -209,84 +209,35 @@ class Net::Root : public Genode::Root_component<Net::Session_component>
 		Genode::Xml_node  _config;
 		bool       const &_verbose;
 
-		struct Policy
-		{
-			Session_component::Ip_addr ip_addr;
-
-			Mac_address mac;
-		};
-
-		static Policy _session_policy(Genode::Session_label const &label,
-		                              Genode::Xml_node             config,
-		                              Mac_allocator               &mac_alloc)
-		{
-			using namespace Genode;
-
-			typedef Session_component::Ip_addr Ip_addr;
-
-			Ip_addr ip_addr { };
-
-			try {
-				Session_policy const policy(label, config);
-
-				/* read IP address from policy */
-				if (!policy.has_attribute("ip_addr"))
-					warning("Missing \"ip_addr\" attribute in policy definition");
-
-				ip_addr = policy.attribute_value("ip_addr", Ip_addr());
-
-				/* determine session MAC address */
-				if (policy.has_attribute("mac")) {
-
-					Mac_address const mac = policy.attribute_value("mac", Mac_address());
-
-					if (mac_alloc.mac_managed_by_allocator(mac)) {
-						Genode::warning("Bad MAC address in policy");
-						throw Service_denied();
-					}
-					return Policy { .ip_addr = ip_addr, .mac = mac };
-				}
-
-			} catch (Session_policy::No_policy_defined) { }
-
-			/*
-			 * If no policy is defined or if the policy lacks a 'mac'
-			 * attribute, allocate a MAC from the allocator.
-			 */
-			auto alloc_mac = [&] ()
-			{
-				try { return mac_alloc.alloc(); }
-				catch (Mac_allocator::Alloc_failed) {
-					Genode::warning("MAC address allocation failed!"); }
-
-				throw Service_denied();
-			};
-
-			return Policy { .ip_addr = ip_addr, .mac = alloc_mac() };
-		}
-
 	protected:
 
 		Session_component *_create_session(const char *args)
 		{
 			using namespace Genode;
 
-			Session_label const label = label_from_args(args);
+			Session_label  const label  { label_from_args(args) };
+			Session_policy const policy { label, _config };
+			Mac_address          mac    { policy.attribute_value("mac", Mac_address()) };
 
-			Policy const policy = _session_policy(label, _config, _mac_alloc);
-
-			size_t const tx_buf_size =
-				Arg_string::find_arg(args, "tx_buf_size").ulong_value(0);
-			size_t const rx_buf_size =
-				Arg_string::find_arg(args, "rx_buf_size").ulong_value(0);
+			if (mac == Mac_address()) {
+				try { mac = _mac_alloc.alloc(); }
+				catch (Mac_allocator::Alloc_failed) {
+					Genode::warning("MAC address allocation failed!");
+					throw Service_denied();
+				}
+			} else if (_mac_alloc.mac_managed_by_allocator(mac)) {
+				Genode::warning("MAC address already in use");
+				throw Service_denied();
+			}
 
 			return new (md_alloc())
 				Session_component(_env.ram(), _env.rm(), _env.ep(),
 				                  ram_quota_from_args(args),
 				                  cap_quota_from_args(args),
-				                  tx_buf_size, rx_buf_size,
-				                  policy.mac, _nic, _verbose, label,
-				                  policy.ip_addr);
+				                  Arg_string::find_arg(args, "tx_buf_size").ulong_value(0),
+				                  Arg_string::find_arg(args, "rx_buf_size").ulong_value(0),
+				                  mac, _nic, _verbose, label,
+				                  policy.attribute_value("ip_addr", Session_component::Ip_addr()));
 		}
 
 	public:
diff --git a/repos/ports/run/virtualbox.run b/repos/ports/run/virtualbox.run
index 49f864f02..63571f70d 100644
--- a/repos/ports/run/virtualbox.run
+++ b/repos/ports/run/virtualbox.run
@@ -137,7 +137,7 @@ append_if [expr $use_bridge] config {
 	<start name="nic_bridge" priority="-1">
 		<resource name="RAM" quantum="6M"/>
 		<provides><service name="Nic"/></provides>
-		<config/>
+		<config> <default-policy/> </config>
 		<route>
 			<service name="Nic"><child name="nic_drv"/></service>
 			<any-service><parent/></any-service>