> In order to reduce the processing load of the host CPU, the FTGMAC100 > implements TCP, UDP, and IP V4 checksum generation and validation, and > supports VLAN tagging.
I see no evidence of these features in the code. > +static void ftgmac100_read_desc(hwaddr addr, void *desc) > +{ > + int i; > + uint32_t *p = desc; > + > + cpu_physical_memory_read(addr, desc, 16); > + > + for (i = 0; i < 16; i += 4) { > + *p = le32_to_cpu(*p); > + } > +} You're relying on the compiler choosing a particular bitfield and structure layout. Don't do that. Especially when one of the fields is a void*. Clearly never been tested on a 64-bit host. "void *desc" is just plain lazy. > + buf = s->txbuff.buf + s->txbuff.len; > + cpu_physical_memory_read(txd.buf, (uint8_t *)buf, txd.len); Buffer overflow. In at least two differnt ways. > + if (!(s->maccr & MACCR_HT_MULTI_EN)) { > + printf("[qemu] ftgmac100_receive: mcst filtered\n"); > + return -1; Looks like stray debug code. Several other occurences. > + case REG_TXPD: > + case REG_HPTXPD: > + qemu_mod_timer(s->qtimer, qemu_get_clock_ns(vm_clock) + 1); Using a timer here is wrong. Either you should transmit immediately, or you should wait for something else to happen. Delaying by 1ns is never the right answer. Paul