[PATCH 0/2] hw/uefi: add pcap support

[PATCH 0/2] hw/uefi: add pcap support

[Gerd Hoffmann]

Gerd Hoffmann (2):
  move pcap structs to header file
  hw/uefi: add pcap support

 include/hw/uefi/var-service.h | 10 ++++
 include/qemu/pcap.h           | 27 ++++++++++
 hw/uefi/var-service-core.c    |  7 +++
 hw/uefi/var-service-pcap.c    | 94 +++++++++++++++++++++++++++++++++++
 hw/uefi/var-service-sysbus.c  |  1 +
 hw/usb/pcap.c                 | 24 +--------
 hw/uefi/meson.build           |  1 +
 roms/edk2                     |  2 +-
 8 files changed, 142 insertions(+), 24 deletions(-)
 create mode 100644 include/qemu/pcap.h
 create mode 100644 hw/uefi/var-service-pcap.c

-- 
2.52.0

[PATCH 1/2] move pcap structs to header file

[Gerd Hoffmann]

Allow reusing them elsewhere in qemu.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 include/qemu/pcap.h | 27 +++++++++++++++++++++++++++
 hw/usb/pcap.c       | 24 +-----------------------
 2 files changed, 28 insertions(+), 23 deletions(-)
 create mode 100644 include/qemu/pcap.h

diff --git a/include/qemu/pcap.h b/include/qemu/pcap.h
new file mode 100644
index 000000000000..48e6070ffe04
--- /dev/null
+++ b/include/qemu/pcap.h
@@ -0,0 +1,27 @@
+#ifndef QEMU_PCAP_H
+#define QEMU_PCAP_H
+
+#define PCAP_MAGIC                   0xa1b2c3d4
+#define PCAP_MAJOR                   2
+#define PCAP_MINOR                   4
+
+/* https://wiki.wireshark.org/Development/LibpcapFileFormat */
+
+struct pcap_hdr {
+    uint32_t magic_number;   /* magic number */
+    uint16_t version_major;  /* major version number */
+    uint16_t version_minor;  /* minor version number */
+    int32_t  thiszone;       /* GMT to local correction */
+    uint32_t sigfigs;        /* accuracy of timestamps */
+    uint32_t snaplen;        /* max length of captured packets, in octets */
+    uint32_t network;        /* data link type */
+};
+
+struct pcaprec_hdr {
+    uint32_t ts_sec;         /* timestamp seconds */
+    uint32_t ts_usec;        /* timestamp microseconds */
+    uint32_t incl_len;       /* number of octets of packet saved in file */
+    uint32_t orig_len;       /* actual length of packet */
+};
+
+#endif /* QEMU_PCAP_H */
diff --git a/hw/usb/pcap.c b/hw/usb/pcap.c
index dbff00be252e..10ca6279f7d3 100644
--- a/hw/usb/pcap.c
+++ b/hw/usb/pcap.c
@@ -8,31 +8,9 @@
  */
 
 #include "qemu/osdep.h"
+#include "qemu/pcap.h"
 #include "hw/usb.h"
 
-#define PCAP_MAGIC                   0xa1b2c3d4
-#define PCAP_MAJOR                   2
-#define PCAP_MINOR                   4
-
-/* https://wiki.wireshark.org/Development/LibpcapFileFormat */
-
-struct pcap_hdr {
-    uint32_t magic_number;   /* magic number */
-    uint16_t version_major;  /* major version number */
-    uint16_t version_minor;  /* minor version number */
-    int32_t  thiszone;       /* GMT to local correction */
-    uint32_t sigfigs;        /* accuracy of timestamps */
-    uint32_t snaplen;        /* max length of captured packets, in octets */
-    uint32_t network;        /* data link type */
-};
-
-struct pcaprec_hdr {
-    uint32_t ts_sec;         /* timestamp seconds */
-    uint32_t ts_usec;        /* timestamp microseconds */
-    uint32_t incl_len;       /* number of octets of packet saved in file */
-    uint32_t orig_len;       /* actual length of packet */
-};
-
 /* https://www.tcpdump.org/linktypes.html */
 /* linux: Documentation/usb/usbmon.rst */
 /* linux: drivers/usb/mon/mon_bin.c */
-- 
2.52.0

[PATCH 2/2] hw/uefi: add pcap support

[Gerd Hoffmann]

Add pcapfile property to uevi-vars-* devices, allowing to write out a
capture of the communication traffic between uefi firmware and qemu.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 include/hw/uefi/var-service.h | 10 ++++
 hw/uefi/var-service-core.c    |  7 +++
 hw/uefi/var-service-pcap.c    | 94 +++++++++++++++++++++++++++++++++++
 hw/uefi/var-service-sysbus.c  |  1 +
 hw/uefi/meson.build           |  1 +
 roms/edk2                     |  2 +-
 6 files changed, 114 insertions(+), 1 deletion(-)
 create mode 100644 hw/uefi/var-service-pcap.c

diff --git a/include/hw/uefi/var-service.h b/include/hw/uefi/var-service.h
index 91fb4a20918a..116ee90a1146 100644
--- a/include/hw/uefi/var-service.h
+++ b/include/hw/uefi/var-service.h
@@ -77,6 +77,10 @@ struct uefi_vars_state {
     bool                              force_secure_boot;
     bool                              disable_custom_mode;
     bool                              use_pio;
+
+    /* request + reply capture */
+    char                              *pcapfile;
+    FILE                              *pcapfp;
 };
 
 struct uefi_vars_cert {
@@ -189,4 +193,10 @@ uefi_var_policy *uefi_vars_add_policy(uefi_vars_state *uv,
                                       variable_policy_entry *pe);
 uint32_t uefi_vars_mm_check_policy_proto(uefi_vars_state *uv);
 
+/* vars-service-pcap.c */
+void uefi_vars_pcap_init(uefi_vars_state *uv);
+void uefi_vars_pcap_reset(uefi_vars_state *uv);
+void uefi_vars_pcap_request(uefi_vars_state *uv, void *buffer, size_t size);
+void uefi_vars_pcap_reply(uefi_vars_state *uv, void *buffer, size_t size);
+
 #endif /* QEMU_UEFI_VAR_SERVICE_H */
diff --git a/hw/uefi/var-service-core.c b/hw/uefi/var-service-core.c
index 6ab8df091aaf..6d7913e03f45 100644
--- a/hw/uefi/var-service-core.c
+++ b/hw/uefi/var-service-core.c
@@ -101,6 +101,8 @@ static uint32_t uefi_vars_cmd_mm(uefi_vars_state *uv, bool dma_mode)
     }
     memset(uv->buffer + size, 0, uv->buf_size - size);
 
+    uefi_vars_pcap_request(uv, uv->buffer, size);
+
     /* dispatch */
     if (qemu_uuid_is_equal(&mhdr->guid, &EfiSmmVariableProtocolGuid)) {
         retval = uefi_vars_mm_vars_proto(uv);
@@ -127,6 +129,8 @@ static uint32_t uefi_vars_cmd_mm(uefi_vars_state *uv, bool dma_mode)
         retval = UEFI_VARS_STS_ERR_NOT_SUPPORTED;
     }
 
+    uefi_vars_pcap_reply(uv, uv->buffer, sizeof(*mhdr) + mhdr->length);
+
     /* write buffer */
     if (dma_mode) {
         dma_memory_write(&address_space_memory, dma,
@@ -163,6 +167,8 @@ void uefi_vars_hard_reset(uefi_vars_state *uv)
     uefi_vars_clear_volatile(uv);
     uefi_vars_policies_clear(uv);
     uefi_vars_auth_init(uv);
+
+    uefi_vars_pcap_reset(uv);
 }
 
 static uint32_t uefi_vars_cmd(uefi_vars_state *uv, uint32_t cmd)
@@ -319,4 +325,5 @@ void uefi_vars_realize(uefi_vars_state *uv, Error **errp)
 {
     uefi_vars_json_init(uv, errp);
     uefi_vars_json_load(uv, errp);
+    uefi_vars_pcap_init(uv);
 }
diff --git a/hw/uefi/var-service-pcap.c b/hw/uefi/var-service-pcap.c
new file mode 100644
index 000000000000..879eee4699a3
--- /dev/null
+++ b/hw/uefi/var-service-pcap.c
@@ -0,0 +1,94 @@
+/*
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+#include "qemu/osdep.h"
+#include "qemu/error-report.h"
+#include "qemu/pcap.h"
+#include "system/dma.h"
+
+#include "hw/uefi/var-service.h"
+
+#define LINKTYPE_EDK2_MM  302
+
+#define SNAPLEN   (64 * 1024)
+#define TYPE_RESET       0x01
+#define TYPE_REQUEST     0x02
+#define TYPE_REPLY       0x03
+
+static void uefi_vars_pcap_header(FILE *fp)
+{
+    struct pcap_hdr header = {
+        .magic_number  = PCAP_MAGIC,
+        .version_major = PCAP_MAJOR,
+        .version_minor = PCAP_MINOR,
+        .snaplen       = SNAPLEN,
+        .network       = LINKTYPE_EDK2_MM,
+    };
+
+    fwrite(&header, sizeof(header), 1, fp);
+    fflush(fp);
+}
+
+static void uefi_vars_pcap_packet(FILE *fp, uint32_t type, void *buffer, size_t size)
+{
+    struct pcaprec_hdr header;
+    struct timeval tv;
+    uint32_t orig_len = size + sizeof(type);
+    uint32_t incl_len = MIN(orig_len, SNAPLEN);
+
+    gettimeofday(&tv, NULL);
+    header.ts_sec   = tv.tv_sec;
+    header.ts_usec  = tv.tv_usec;
+    header.incl_len = incl_len;
+    header.orig_len = orig_len;
+
+    fwrite(&header, sizeof(header), 1, fp);
+    fwrite(&type, sizeof(type), 1, fp);
+    if (buffer) {
+        fwrite(buffer, incl_len - sizeof(type), 1, fp);
+    }
+    fflush(fp);
+}
+
+void uefi_vars_pcap_init(uefi_vars_state *uv)
+{
+    int fd;
+
+    if (!uv->pcapfile) {
+        return;
+    }
+
+    fd = qemu_open_old(uv->pcapfile,
+                       O_CREAT | O_WRONLY | O_TRUNC | O_BINARY, 0666);
+    if (fd < 0) {
+        warn_report("open %s: %s", uv->pcapfile, strerror(errno));
+        return;
+    }
+
+    uv->pcapfp = fdopen(fd, "wb");
+    uefi_vars_pcap_header(uv->pcapfp);
+}
+
+void uefi_vars_pcap_reset(uefi_vars_state *uv)
+{
+    if (!uv->pcapfp) {
+        return;
+    }
+    uefi_vars_pcap_packet(uv->pcapfp, TYPE_RESET, NULL, 0);
+}
+
+void uefi_vars_pcap_request(uefi_vars_state *uv, void *buffer, size_t size)
+{
+    if (!uv->pcapfp) {
+        return;
+    }
+    uefi_vars_pcap_packet(uv->pcapfp, TYPE_REQUEST, buffer, size);
+}
+
+void uefi_vars_pcap_reply(uefi_vars_state *uv, void *buffer, size_t size)
+{
+    if (!uv->pcapfp) {
+        return;
+    }
+    uefi_vars_pcap_packet(uv->pcapfp, TYPE_REPLY, buffer, size);
+}
diff --git a/hw/uefi/var-service-sysbus.c b/hw/uefi/var-service-sysbus.c
index a5aa218e2600..bd37d5bd3526 100644
--- a/hw/uefi/var-service-sysbus.c
+++ b/hw/uefi/var-service-sysbus.c
@@ -33,6 +33,7 @@ static const Property uefi_vars_sysbus_properties[] = {
     DEFINE_PROP_SIZE("size", uefi_vars_sysbus_state, state.max_storage,
                      256 * 1024),
     DEFINE_PROP_STRING("jsonfile", uefi_vars_sysbus_state, state.jsonfile),
+    DEFINE_PROP_STRING("pcapfile", uefi_vars_sysbus_state, state.pcapfile),
     DEFINE_PROP_BOOL("force-secure-boot", uefi_vars_sysbus_state,
                      state.force_secure_boot, false),
     DEFINE_PROP_BOOL("disable-custom-mode", uefi_vars_sysbus_state,
diff --git a/hw/uefi/meson.build b/hw/uefi/meson.build
index c8f38dfae247..3eae47553315 100644
--- a/hw/uefi/meson.build
+++ b/hw/uefi/meson.build
@@ -3,6 +3,7 @@ system_ss.add(files('hardware-info.c', 'ovmf-log.c'))
 uefi_vars_ss = ss.source_set()
 if (config_all_devices.has_key('CONFIG_UEFI_VARS'))
   uefi_vars_ss.add(files('var-service-core.c',
+                         'var-service-pcap.c',
                          'var-service-json.c',
                          'var-service-vars.c',
                          'var-service-auth.c',
diff --git a/roms/edk2 b/roms/edk2
index 4dfdca63a934..46548b1adac8 160000
--- a/roms/edk2
+++ b/roms/edk2
@@ -1 +1 @@
-Subproject commit 4dfdca63a93497203f197ec98ba20e2327e4afe4
+Subproject commit 46548b1adac82211d8d11da12dd914f41e7aa775
-- 
2.52.0

Re: [PATCH 1/2] move pcap structs to header file

[Philippe Mathieu-Daudé]

On 26/11/25 15:25, Gerd Hoffmann wrote:
> Allow reusing them elsewhere in qemu.
> 
> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
> ---
>   include/qemu/pcap.h | 27 +++++++++++++++++++++++++++
>   hw/usb/pcap.c       | 24 +-----------------------
>   2 files changed, 28 insertions(+), 23 deletions(-)
>   create mode 100644 include/qemu/pcap.h
> 
> diff --git a/include/qemu/pcap.h b/include/qemu/pcap.h
> new file mode 100644
> index 000000000000..48e6070ffe04
> --- /dev/null
> +++ b/include/qemu/pcap.h
> @@ -0,0 +1,27 @@
> +#ifndef QEMU_PCAP_H
> +#define QEMU_PCAP_H

Missing SPDX license identifier.

> +
> +#define PCAP_MAGIC                   0xa1b2c3d4
> +#define PCAP_MAJOR                   2
> +#define PCAP_MINOR                   4
> +
> +/* https://wiki.wireshark.org/Development/LibpcapFileFormat */
> +
> +struct pcap_hdr {
> +    uint32_t magic_number;   /* magic number */
> +    uint16_t version_major;  /* major version number */
> +    uint16_t version_minor;  /* minor version number */
> +    int32_t  thiszone;       /* GMT to local correction */
> +    uint32_t sigfigs;        /* accuracy of timestamps */
> +    uint32_t snaplen;        /* max length of captured packets, in octets */
> +    uint32_t network;        /* data link type */
> +};
> +
> +struct pcaprec_hdr {
> +    uint32_t ts_sec;         /* timestamp seconds */
> +    uint32_t ts_usec;        /* timestamp microseconds */
> +    uint32_t incl_len;       /* number of octets of packet saved in file */
> +    uint32_t orig_len;       /* actual length of packet */
> +};

Maybe good opportunity to add QEMU_PACKED?

Otherwise,
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>

Re: [PATCH 2/2] hw/uefi: add pcap support

[Philippe Mathieu-Daudé]

On 26/11/25 15:25, Gerd Hoffmann wrote:
> Add pcapfile property to uevi-vars-* devices, allowing to write out a
> capture of the communication traffic between uefi firmware and qemu.
> 
> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
> ---
>   include/hw/uefi/var-service.h | 10 ++++
>   hw/uefi/var-service-core.c    |  7 +++
>   hw/uefi/var-service-pcap.c    | 94 +++++++++++++++++++++++++++++++++++
>   hw/uefi/var-service-sysbus.c  |  1 +
>   hw/uefi/meson.build           |  1 +
>   roms/edk2                     |  2 +-
>   6 files changed, 114 insertions(+), 1 deletion(-)
>   create mode 100644 hw/uefi/var-service-pcap.c


> diff --git a/hw/uefi/var-service-pcap.c b/hw/uefi/var-service-pcap.c
> new file mode 100644
> index 000000000000..879eee4699a3
> --- /dev/null
> +++ b/hw/uefi/var-service-pcap.c
> @@ -0,0 +1,94 @@
> +/*
> + * SPDX-License-Identifier: GPL-2.0-or-later
> + */
> +#include "qemu/osdep.h"
> +#include "qemu/error-report.h"
> +#include "qemu/pcap.h"
> +#include "system/dma.h"
> +
> +#include "hw/uefi/var-service.h"
> +
> +#define LINKTYPE_EDK2_MM  302
> +
> +#define SNAPLEN   (64 * 1024)
> +#define TYPE_RESET       0x01
> +#define TYPE_REQUEST     0x02
> +#define TYPE_REPLY       0x03
> +
> +static void uefi_vars_pcap_header(FILE *fp)
> +{

static const

> +    struct pcap_hdr header = {
> +        .magic_number  = PCAP_MAGIC,
> +        .version_major = PCAP_MAJOR,
> +        .version_minor = PCAP_MINOR,
> +        .snaplen       = SNAPLEN,
> +        .network       = LINKTYPE_EDK2_MM,
> +    };
> +
> +    fwrite(&header, sizeof(header), 1, fp);
> +    fflush(fp);
> +}


> +void uefi_vars_pcap_init(uefi_vars_state *uv)
> +{
> +    int fd;
> +
> +    if (!uv->pcapfile) {
> +        return;
> +    }
> +
> +    fd = qemu_open_old(uv->pcapfile,
> +                       O_CREAT | O_WRONLY | O_TRUNC | O_BINARY, 0666);

Consider qemu_create() to help Markus' tree-wide cleanup.

> +    if (fd < 0) {
> +        warn_report("open %s: %s", uv->pcapfile, strerror(errno));
> +        return;
> +    }
> +
> +    uv->pcapfp = fdopen(fd, "wb");
> +    uefi_vars_pcap_header(uv->pcapfp);
> +}


> diff --git a/roms/edk2 b/roms/edk2
> index 4dfdca63a934..46548b1adac8 160000
> --- a/roms/edk2
> +++ b/roms/edk2
> @@ -1 +1 @@
> -Subproject commit 4dfdca63a93497203f197ec98ba20e2327e4afe4
> +Subproject commit 46548b1adac82211d8d11da12dd914f41e7aa775

Unrelated change I presume.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>