--- configure.orig	2010-01-29 14:36:00.000000000 -0500
+++ configure	2010-01-29 14:36:00.000000000 -0500
@@ -185,6 +185,9 @@ opengl=""
 zlib="yes"
 guest_agent="yes"
 libiscsi=""
+pcap="no"
+pcap_create="no"
+bpf="no"
 
 # parse CC options first
 for opt do
@@ -638,6 +641,8 @@ for opt do
   ;;
   --enable-vnc-thread) vnc_thread="yes"
   ;;
+  --enable-pcap) pcap="yes"
+  ;;
   --disable-slirp) slirp="no"
   ;;
   --disable-uuid) uuid="no"
@@ -1529,6 +1534,49 @@ EOF
 fi
 
 ##########################################
+# pcap probe
+
+if test "$pcap" = "yes" ; then
+  cat > $TMPC << EOF
+#include <pcap.h>
+int main(void) { return (pcap_lib_version() == (char *)0 ? 1 : 0); }
+EOF
+  if test "$mingw32" = "no" ; then
+    libpcap=-lpcap
+  else
+    libpcap=-lwpcap
+  fi
+  if ! $cc $ARCH_CFLAGS -o $TMPE $libpcap $TMPC 2> /dev/null ; then
+    echo
+    echo "Error: Could not find pcap"
+    echo "Make sure to have the pcap libs and headers installed."
+    echo
+    exit 1
+  fi
+  cat > $TMPC << EOF
+#include <pcap.h>
+int main(void)
+{
+  char errbuf[PCAP_ERRBUF_SIZE];
+  return (pcap_create("foo", errbuf) == (pcap_t *)0 ? 1 : 0);
+}
+EOF
+  if $cc $ARCH_CFLAGS -o $TMPE $libpcap $TMPC 2> /dev/null ; then
+    pcap_create="yes"
+  fi
+  cat > $TMPC << EOF
+#define PCAP_DONT_INCLUDE_PCAP_BPF_H
+#include <pcap.h>
+#include <net/bpf.h>
+int main(void) { return (BPF_MAJOR_VERSION); }
+EOF
+  if $cc $ARCH_CFLAGS -o $TMPE $TMPC 2> /dev/null ; then
+    bpf="yes"
+  fi
+  libs_softmmu="$libpcap $libs_softmmu"
+fi # test "$pcap"
+
+##########################################
 # VNC TLS detection
 if test "$vnc" = "yes" -a "$vnc_tls" != "no" ; then
   cat > $TMPC <<EOF
@@ -2950,6 +2998,15 @@ fi
 if test "$profiler" = "yes" ; then
   echo "CONFIG_PROFILER=y" >> $config_host_mak
 fi
+if test "$pcap" = "yes" ; then
+  echo "CONFIG_PCAP=y" >> $config_host_mak
+  if test "$pcap_create" = "yes" ; then
+    echo "CONFIG_PCAP_CREATE=y" >> $config_host_mak
+  fi
+  if test "$bpf" = "yes" ; then
+    echo "CONFIG_BPF=y" >> $config_host_mak
+  fi
+fi
 if test "$slirp" = "yes" ; then
   echo "CONFIG_SLIRP=y" >> $config_host_mak
   echo "CONFIG_SMBD_COMMAND=\"$smbd\"" >> $config_host_mak
Index: net.c
@@ -37,6 +37,11 @@
 #include "hw/qdev.h"
 #include "iov.h"
 
+#include <sys/ioctl.h>
+#ifdef __FreeBSD__
+#include <net/if.h>
+#endif
+
 static QTAILQ_HEAD(, VLANState) vlans;
 static QTAILQ_HEAD(, VLANClientState) non_vlan_clients;
 
@@ -797,6 +802,226 @@ static int net_init_nic(QemuOpts *opts,
     return idx;
 }
 
+#if defined(CONFIG_PCAP)
+#if defined(CONFIG_BPF)
+#define PCAP_DONT_INCLUDE_PCAP_BPF_H
+#include <net/bpf.h>
+#endif
+#include <pcap.h>
+
+typedef struct PCAPState {
+    VLANClientState nc;
+    pcap_t *handle;
+    int max_eth_frame_size;
+} PCAPState;
+
+static ssize_t pcap_receive(VLANClientState *nc, const uint8_t *buf, size_t size)
+{
+    PCAPState *s = DO_UPCAST(PCAPState, nc, nc);
+
+    return pcap_inject(s->handle, (u_char*)buf, size);
+}
+
+static void pcap_callback(u_char *user, struct pcap_pkthdr *phdr, u_char *pdata)
+{
+    VLANClientState *nc = (VLANClientState *)user;
+
+    int len = phdr->len;
+#ifdef __FreeBSD__
+    PCAPState *s = DO_UPCAST(PCAPState, nc, nc);
+    int max_eth_frame_size = s->max_eth_frame_size;
+
+    if (len > max_eth_frame_size) {
+        fprintf(stderr,
+            "pcap_send: packet size > %d (%d), truncating\n",
+            max_eth_frame_size, len);
+        len = max_eth_frame_size;
+    }
+#endif
+    qemu_send_packet(nc, pdata, len);
+}
+
+static void pcap_send(void *opaque)
+{
+    PCAPState *s = (PCAPState *)opaque;
+
+    for (;;) {
+        if (pcap_dispatch(s->handle, 0, (pcap_handler)&pcap_callback, (u_char *)&s->nc) >= 0)
+            break;
+    }
+}
+
+static void pcap_cleanup(VLANClientState *nc)
+{
+    PCAPState *s = DO_UPCAST(PCAPState, nc, nc);
+
+    pcap_close(s->handle);
+}
+
+static NetClientInfo net_pcap_info = {
+    .type = NET_CLIENT_TYPE_PCAP,
+    .size = sizeof(PCAPState),
+    .receive = pcap_receive,
+    .cleanup = pcap_cleanup,
+};
+
+static int net_pcap_init(VLANState *vlan, const char *model, const char *name, const char *ifname)
+{
+    VLANClientState *nc;
+    PCAPState *s = NULL;
+    char errbuf[PCAP_ERRBUF_SIZE];
+#if defined(_WIN32)
+    HANDLE h;
+#endif
+    int i;
+
+    s = g_malloc0(sizeof(PCAPState));
+    nc = qemu_new_net_client(&net_pcap_info, vlan, NULL, model, name);
+
+    s = DO_UPCAST(PCAPState, nc, nc);
+    if (!s)
+        return -1;
+
+    if (ifname == NULL && (ifname = pcap_lookupdev(errbuf)) == NULL) {
+        fprintf(stderr, "qemu: pcap_create: %s\n", errbuf);
+        goto fail;
+    }
+
+#ifdef __FreeBSD__
+    /*
+     * We want to avoid passing oversize packets to the guest, which
+     * at least on FreeBSD can happen if the host interface uses tso
+     * (seen with an em(4) in this case) - so find out the host
+     * interface's mtu and assume the guest is configured the same.
+     */
+    s->max_eth_frame_size = 1514;
+    i = socket(AF_INET, SOCK_DGRAM, 0);
+    if (i >= 0) {
+        struct ifreq ifr;
+
+        (void) memset(&ifr, 0, sizeof(ifr));
+        strncpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name));
+        if (ioctl(i, SIOCGIFMTU, &ifr) != -1)
+            s->max_eth_frame_size = ifr.ifr_mtu + 14;
+        close(i);
+    }
+#endif
+#if defined(CONFIG_PCAP_CREATE) || defined(_WIN32)
+    /*
+     * Create pcap handle for the device, set promiscuous mode and activate.
+     */
+    s->handle = (void *)pcap_create(ifname, errbuf);
+    if (!s->handle) {
+        fprintf(stderr, "qemu: pcap_create: %s\n", errbuf);
+        goto fail;
+    }
+    if (pcap_set_promisc(s->handle, 1) != 0) {
+        pcap_perror(s->handle, (char *)"qemu: pcap_set_promisc:");
+        goto fail;
+    }
+    if (pcap_activate(s->handle) != 0) {
+        pcap_perror(s->handle, (char *)"qemu: pcap_activate:");
+        goto fail;
+    }
+#else
+    /* Attempt to connect device. */
+    s->handle = (void *)pcap_open_live(ifname, 65535, 1, 0, errbuf);
+    if (!s->handle) {
+        fprintf(stderr, "qemu: pcap_open_live: %s\n", errbuf);
+        goto fail;
+    }
+#endif
+
+    /* Set non-blocking mode. */
+    if (pcap_setnonblock(s->handle, 1, errbuf) < 0) {
+        fprintf(stderr, "qemu: pcap_setnonblock: %s\n", errbuf);
+        goto fail;
+    }
+
+#if defined(_WIN32)
+    /*
+     * Tell the kernel that the packet has to be seen immediately.
+     */
+    if (pcap_setmintocopy(s->handle, 0) < 0) {
+        fprintf(stderr, "qemu: pcap failed to set immediate mode\n");
+        goto fail;
+    }
+#else /* !_WIN32 */
+#if defined(CONFIG_BPF)
+#if defined(BIOCIMMEDIATE)
+    /*
+     * Tell the kernel that the packet has to be seen immediately.
+     */
+    {
+        unsigned int one = 1;
+        if (ioctl(pcap_fileno(s->handle), BIOCIMMEDIATE, &one) < 0) {
+            fprintf(stderr, "qemu: pcap failed to set immediate mode\n");
+            goto fail;
+        }
+    }
+#endif /* BIOCIMMEDIATE */
+
+#if defined(BIOCFEEDBACK)
+    /*
+     * Tell the kernel that the sent packet has to be fed back.
+     * This is necessary to connect host and guest.
+     */
+    {
+        unsigned int one = 1;
+        if (ioctl(pcap_fileno(s->handle), BIOCFEEDBACK, &one) < 0) {
+            fprintf(stderr, "qemu: pcap failed to set feedback mode\n");
+            goto fail;
+        }
+    }
+#endif /* BIOCFEEDBACK */
+#endif /* CONFIG_BPF */
+#endif /* _WIN32 */
+
+    snprintf(s->nc.info_str, sizeof(s->nc.info_str), "pcap redirector");
+
+#if defined(_WIN32)
+    if ((h = pcap_getevent(s->handle)) == NULL) {
+        fprintf(stderr, "qemu: pcap_getevent failed\n");
+        goto fail;
+    }
+    qemu_add_wait_object(h, pcap_send, s);
+#else /* !_WIN32 */
+    if ((i = pcap_get_selectable_fd(s->handle)) < 0) {
+        fprintf(stderr, "qemu: pcap_get_selectable_fd failed\n");
+        goto fail;
+    }
+    qemu_set_fd_handler(i, pcap_send, NULL, s);
+#endif /* _WIN32 */
+
+    return 0;
+
+fail:
+    if (s) {
+        if (s->handle)
+            pcap_close(s->handle);
+        g_free(s);
+    }
+
+    return -1;
+}
+
+static int net_init_pcap(QemuOpts *opts,
+                          Monitor *mon,
+                          const char *name,
+                          VLANState *vlan)
+{
+    const char *ifname;
+
+    ifname = qemu_opt_get(opts, "ifname");
+
+    if (net_pcap_init(vlan, "pcap", name, ifname) == -1) {
+        return -1;
+    }
+
+    return 0;
+}
+#endif /* CONFIG_PCAP */
+
 #define NET_COMMON_PARAMS_DESC                     \
     {                                              \
         .name = "type",                            \
@@ -973,6 +1198,21 @@ static const struct {
             { /* end of list */ }
         },
     },
+#ifdef CONFIG_PCAP
+    [NET_CLIENT_TYPE_PCAP] = {
+        .type = "pcap",
+        .init = net_init_pcap,
+        .desc = {
+            NET_COMMON_PARAMS_DESC,
+            {
+                .name = "ifname",
+                .type = QEMU_OPT_STRING,
+                .help = "interface name",
+            },
+            { /* end of list */ }
+        },
+    },
+#endif
     [NET_CLIENT_TYPE_SOCKET] = {
         .type = "socket",
         .init = net_init_socket,
@@ -1343,6 +1583,7 @@ void net_check_clients(void)
             case NET_CLIENT_TYPE_TAP:
             case NET_CLIENT_TYPE_SOCKET:
             case NET_CLIENT_TYPE_VDE:
+            case NET_CLIENT_TYPE_PCAP:
                 has_host_dev = 1;
                 break;
             default: ;
--- qemu-options.hx.orig	2010-01-14 17:18:00.000000000 -0500
+++ qemu-options.hx	2010-01-29 14:36:00.000000000 -0500
@@ -799,6 +799,10 @@ DEF("smb", HAS_ARG, QEMU_OPTION_smb, "")
 DEF("net", HAS_ARG, QEMU_OPTION_net,
     "-net nic[,vlan=n][,macaddr=mac][,model=type][,name=str][,addr=str][,vectors=v]\n"
     "                create a new Network Interface Card and connect it to VLAN 'n'\n"
+#ifdef CONFIG_PCAP
+    "-net pcap[,vlan=n][,name=str][,ifname=name]\n"
+    "                connect the host network interface using PCAP to VLAN 'n'\n"
+#endif
 #ifdef CONFIG_SLIRP
     "-net user[,vlan=n][,name=str][,net=addr[/mask]][,host=addr][,restrict=y|n]\n"
     "         [,hostname=host][,dhcpstart=addr][,dns=addr][,tftp=dir][,bootfile=f]\n"
