ange/VMs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: win11iotltsc, nftables, cleanup

Browse Source
This commit is contained in:
ange 2025-06-17 05:09:42 +00:00
parent 914cf61d44
commit a23900c1f5
Signed by: ange
GPG Key ID: 9E0C4157BB7BEB1D
14 changed files with 114 additions and 484 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1,2 +1,3 @@
*.iso
*.qcow2
*.conf

33
README.md
View File

@ -8,8 +8,8 @@ $ ./run.sh [OPTS]
```
You can pass `qemu` flags (see `QEMU(1)`) to `./run.sh` directly or you can
make theses flags permanent by editing `run.sh` (this VM only) or `lib.sh` (all
VMs).
make theses flags permanent by editing `run.sh` (current VM only) or `lib.sh`
(all VMs).
### Headless
@ -38,6 +38,35 @@ If you need USB passthrough, uncomment and fill in the corresponding line in
`run.sh`.
[You may need root privileges](https://wiki.archlinux.org/title/QEMU#Pass-through_host_USB_device).
## Windows installation
`Shift`+`F10` to open cmd.exe
```console
D:
pnputil /add-driver amd64\{version}\*.inf /install
diskpart
> list disk
> sel disk 0
> convert gpt
> create par efi size=100
> create par primary
> sel par 1
> format fs=fat32 quick
> assign letter=G:
> sel par 2
> format fs=ntfs quick
> assign letter=C:
> exit
E:
cd sources
dism /get-imageinfo /imagefile:install.wim
dism /apply-image /imagefile:install.wim /index:2 /applydir:C:
dism /image:C:\ /add-driver /driver:D:\amd64\{version}\viostor.inf
bcdboot C:\windows /s G: /f UEFI
```
## See also
<https://github.com/quickemu-project/quickemu>

17
android-x86/run.sh
View File

@ -1,17 +0,0 @@
#!/bin/bash -e
cd "$(dirname "$0")"
. ../lib.sh
ISO=(
[android]='https://sourceforge.net/projects/android-x86/files/latest/download'
)
if ! [ -f hda.qcow2 ]; then
ask_yn 'hda not found, create?' || exit 1
qemu-img create -f qcow2 hda.qcow2 10G
download_isos
fi
qemu "$@" \
-vga std \
#-device usb-host,vendorid=0xffff,productid=0xffff

4
arch/run.sh
View File

@ -5,9 +5,7 @@ cd "$(dirname "$0")"
hda='https://geo.mirror.pkgbuild.com/images/latest/Arch-Linux-x86_64-basic.qcow2'
if ! [ -f hda.qcow2 ]; then
ask_yn "hda does not exist. Download?" \
&& curl -LC- -o hda.qcow2 "$hda" \
|| exit 1
curl -Lo hda.qcow2 "$hda"
fi
echo "User: ${BOLD}${RED}arch:arch${NORMAL}"

4
debian12/run.sh
View File

@ -5,9 +5,7 @@ cd "$(dirname "$0")"
hda='https://cloud.debian.org/images/cloud/bookworm/latest/debian-12-nocloud-amd64.qcow2'
if ! [ -f hda.qcow2 ]; then
ask_yn "hda does not exist. Download?" \
&& curl -LC- -o hda.qcow2 "$hda" \
|| exit 1
curl -Lo hda.qcow2 "$hda"
fi
echo "User: ${BOLD}${RED}root:${NORMAL}"

369
fedora39/nft
View File

@ -1,369 +0,0 @@
table inet firewalld {
ct helper helper-netbios-ns-udp {
type "netbios-ns" protocol udp
l3proto ip
}
chain mangle_PREROUTING {
type filter hook prerouting priority mangle + 10; policy accept;
jump mangle_PREROUTING_POLICIES
}
chain mangle_PREROUTING_POLICIES {
iifname "enp0s2" jump mangle_PRE_policy_allow-host-ipv6
iifname "enp0s2" jump mangle_PRE_FedoraWorkstation
iifname "enp0s2" return
jump mangle_PRE_policy_allow-host-ipv6
jump mangle_PRE_FedoraWorkstation
return
}
chain nat_PREROUTING {
type nat hook prerouting priority dstnat + 10; policy accept;
jump nat_PREROUTING_POLICIES
}
chain nat_PREROUTING_POLICIES {
iifname "enp0s2" jump nat_PRE_policy_allow-host-ipv6
iifname "enp0s2" jump nat_PRE_FedoraWorkstation
iifname "enp0s2" return
jump nat_PRE_policy_allow-host-ipv6
jump nat_PRE_FedoraWorkstation
return
}
chain nat_POSTROUTING {
type nat hook postrouting priority srcnat + 10; policy accept;
jump nat_POSTROUTING_POLICIES
}
chain nat_POSTROUTING_POLICIES {
iifname "enp0s2" oifname "enp0s2" jump nat_POST_FedoraWorkstation
iifname "enp0s2" oifname "enp0s2" return
oifname "enp0s2" jump nat_POST_FedoraWorkstation
oifname "enp0s2" return
iifname "enp0s2" jump nat_POST_FedoraWorkstation
iifname "enp0s2" return
jump nat_POST_FedoraWorkstation
return
}
chain nat_OUTPUT {
type nat hook output priority -90; policy accept;
jump nat_OUTPUT_POLICIES
}
chain nat_OUTPUT_POLICIES {
oifname "enp0s2" jump nat_OUT_FedoraWorkstation
oifname "enp0s2" return
jump nat_OUT_FedoraWorkstation
return
}
chain filter_PREROUTING {
type filter hook prerouting priority filter + 10; policy accept;
icmpv6 type { nd-router-advert, nd-neighbor-solicit } accept
meta nfproto ipv6 fib saddr . mark . iif oif missing drop
}
chain filter_INPUT {
type filter hook input priority filter + 10; policy accept;
ct state { established, related } accept
ct status dnat accept
iifname "lo" accept
ct state invalid drop
jump filter_INPUT_POLICIES
reject with icmpx admin-prohibited
}
chain filter_FORWARD {
type filter hook forward priority filter + 10; policy accept;
ct state { established, related } accept
ct status dnat accept
iifname "lo" accept
ct state invalid drop
ip6 daddr { ::/96, ::ffff:0.0.0.0/96, 2002::/24, 2002:a00::/24, 2002:7f00::/24, 2002:a9fe::/32, 2002:ac10::/28, 2002:c0a8::/32, 2002:e000::/19 } reject with icmpv6 addr-unreachable
jump filter_FORWARD_POLICIES
reject with icmpx admin-prohibited
}
chain filter_OUTPUT {
type filter hook output priority filter + 10; policy accept;
ct state { established, related } accept
oifname "lo" accept
ip6 daddr { ::/96, ::ffff:0.0.0.0/96, 2002::/24, 2002:a00::/24, 2002:7f00::/24, 2002:a9fe::/32, 2002:ac10::/28, 2002:c0a8::/32, 2002:e000::/19 } reject with icmpv6 addr-unreachable
jump filter_OUTPUT_POLICIES
}
chain filter_INPUT_POLICIES {
iifname "enp0s2" jump filter_IN_policy_allow-host-ipv6
iifname "enp0s2" jump filter_IN_FedoraWorkstation
iifname "enp0s2" reject with icmpx admin-prohibited
jump filter_IN_policy_allow-host-ipv6
jump filter_IN_FedoraWorkstation
reject with icmpx admin-prohibited
}
chain filter_FORWARD_POLICIES {
iifname "enp0s2" oifname "enp0s2" jump filter_FWD_FedoraWorkstation
iifname "enp0s2" oifname "enp0s2" reject with icmpx admin-prohibited
iifname "enp0s2" jump filter_FWD_FedoraWorkstation
iifname "enp0s2" reject with icmpx admin-prohibited
oifname "enp0s2" jump filter_FWD_FedoraWorkstation
oifname "enp0s2" reject with icmpx admin-prohibited
jump filter_FWD_FedoraWorkstation
reject with icmpx admin-prohibited
}
chain filter_OUTPUT_POLICIES {
oifname "enp0s2" jump filter_OUT_FedoraWorkstation
oifname "enp0s2" return
jump filter_OUT_FedoraWorkstation
return
}
chain filter_IN_FedoraWorkstation {
jump filter_IN_FedoraWorkstation_pre
jump filter_IN_FedoraWorkstation_log
jump filter_IN_FedoraWorkstation_deny
jump filter_IN_FedoraWorkstation_allow
jump filter_IN_FedoraWorkstation_post
meta l4proto { icmp, ipv6-icmp } accept
}
chain filter_IN_FedoraWorkstation_pre {
}
chain filter_IN_FedoraWorkstation_log {
}
chain filter_IN_FedoraWorkstation_deny {
}
chain filter_IN_FedoraWorkstation_allow {
ip6 daddr fe80::/64 udp dport 546 accept
tcp dport 22 accept
udp dport 137 ct helper set "helper-netbios-ns-udp"
udp dport 137 accept
udp dport 138 accept
ip daddr 224.0.0.251 udp dport 5353 accept
ip6 daddr ff02::fb udp dport 5353 accept
udp dport 1025-65535 accept
tcp dport 1025-65535 accept
}
chain filter_IN_FedoraWorkstation_post {
}
chain filter_OUT_FedoraWorkstation {
jump filter_OUT_FedoraWorkstation_pre
jump filter_OUT_FedoraWorkstation_log
jump filter_OUT_FedoraWorkstation_deny
jump filter_OUT_FedoraWorkstation_allow
jump filter_OUT_FedoraWorkstation_post
}
chain filter_OUT_FedoraWorkstation_pre {
}
chain filter_OUT_FedoraWorkstation_log {
}
chain filter_OUT_FedoraWorkstation_deny {
}
chain filter_OUT_FedoraWorkstation_allow {
}
chain filter_OUT_FedoraWorkstation_post {
}
chain nat_OUT_FedoraWorkstation {
jump nat_OUT_FedoraWorkstation_pre
jump nat_OUT_FedoraWorkstation_log
jump nat_OUT_FedoraWorkstation_deny
jump nat_OUT_FedoraWorkstation_allow
jump nat_OUT_FedoraWorkstation_post
}
chain nat_OUT_FedoraWorkstation_pre {
}
chain nat_OUT_FedoraWorkstation_log {
}
chain nat_OUT_FedoraWorkstation_deny {
}
chain nat_OUT_FedoraWorkstation_allow {
}
chain nat_OUT_FedoraWorkstation_post {
}
chain nat_POST_FedoraWorkstation {
jump nat_POST_FedoraWorkstation_pre
jump nat_POST_FedoraWorkstation_log
jump nat_POST_FedoraWorkstation_deny
jump nat_POST_FedoraWorkstation_allow
jump nat_POST_FedoraWorkstation_post
}
chain nat_POST_FedoraWorkstation_pre {
}
chain nat_POST_FedoraWorkstation_log {
}
chain nat_POST_FedoraWorkstation_deny {
}
chain nat_POST_FedoraWorkstation_allow {
}
chain nat_POST_FedoraWorkstation_post {
}
chain filter_FWD_FedoraWorkstation {
jump filter_FWD_FedoraWorkstation_pre
jump filter_FWD_FedoraWorkstation_log
jump filter_FWD_FedoraWorkstation_deny
jump filter_FWD_FedoraWorkstation_allow
jump filter_FWD_FedoraWorkstation_post
}
chain filter_FWD_FedoraWorkstation_pre {
}
chain filter_FWD_FedoraWorkstation_log {
}
chain filter_FWD_FedoraWorkstation_deny {
}
chain filter_FWD_FedoraWorkstation_allow {
oifname "enp0s2" accept
}
chain filter_FWD_FedoraWorkstation_post {
}
chain nat_PRE_FedoraWorkstation {
jump nat_PRE_FedoraWorkstation_pre
jump nat_PRE_FedoraWorkstation_log
jump nat_PRE_FedoraWorkstation_deny
jump nat_PRE_FedoraWorkstation_allow
jump nat_PRE_FedoraWorkstation_post
}
chain nat_PRE_FedoraWorkstation_pre {
}
chain nat_PRE_FedoraWorkstation_log {
}
chain nat_PRE_FedoraWorkstation_deny {
}
chain nat_PRE_FedoraWorkstation_allow {
}
chain nat_PRE_FedoraWorkstation_post {
}
chain mangle_PRE_FedoraWorkstation {
jump mangle_PRE_FedoraWorkstation_pre
jump mangle_PRE_FedoraWorkstation_log
jump mangle_PRE_FedoraWorkstation_deny
jump mangle_PRE_FedoraWorkstation_allow
jump mangle_PRE_FedoraWorkstation_post
}
chain mangle_PRE_FedoraWorkstation_pre {
}
chain mangle_PRE_FedoraWorkstation_log {
}
chain mangle_PRE_FedoraWorkstation_deny {
}
chain mangle_PRE_FedoraWorkstation_allow {
}
chain mangle_PRE_FedoraWorkstation_post {
}
chain filter_IN_policy_allow-host-ipv6 {
jump filter_IN_policy_allow-host-ipv6_pre
jump filter_IN_policy_allow-host-ipv6_log
jump filter_IN_policy_allow-host-ipv6_deny
jump filter_IN_policy_allow-host-ipv6_allow
jump filter_IN_policy_allow-host-ipv6_post
}
chain filter_IN_policy_allow-host-ipv6_pre {
}
chain filter_IN_policy_allow-host-ipv6_log {
}
chain filter_IN_policy_allow-host-ipv6_deny {
}
chain filter_IN_policy_allow-host-ipv6_allow {
icmpv6 type nd-neighbor-advert accept
icmpv6 type nd-neighbor-solicit accept
icmpv6 type nd-router-advert accept
icmpv6 type nd-redirect accept
}
chain filter_IN_policy_allow-host-ipv6_post {
}
chain nat_PRE_policy_allow-host-ipv6 {
jump nat_PRE_policy_allow-host-ipv6_pre
jump nat_PRE_policy_allow-host-ipv6_log
jump nat_PRE_policy_allow-host-ipv6_deny
jump nat_PRE_policy_allow-host-ipv6_allow
jump nat_PRE_policy_allow-host-ipv6_post
}
chain nat_PRE_policy_allow-host-ipv6_pre {
}
chain nat_PRE_policy_allow-host-ipv6_log {
}
chain nat_PRE_policy_allow-host-ipv6_deny {
}
chain nat_PRE_policy_allow-host-ipv6_allow {
}
chain nat_PRE_policy_allow-host-ipv6_post {
}
chain mangle_PRE_policy_allow-host-ipv6 {
jump mangle_PRE_policy_allow-host-ipv6_pre
jump mangle_PRE_policy_allow-host-ipv6_log
jump mangle_PRE_policy_allow-host-ipv6_deny
jump mangle_PRE_policy_allow-host-ipv6_allow
jump mangle_PRE_policy_allow-host-ipv6_post
}
chain mangle_PRE_policy_allow-host-ipv6_pre {
}
chain mangle_PRE_policy_allow-host-ipv6_log {
}
chain mangle_PRE_policy_allow-host-ipv6_deny {
}
chain mangle_PRE_policy_allow-host-ipv6_allow {
}
chain mangle_PRE_policy_allow-host-ipv6_post {
}
}

16
fedora39/run.sh
View File

@ -1,16 +0,0 @@
#!/bin/bash -e
cd "$(dirname "$0")"
. ../lib.sh
ISO=(
[fedora39]='https://download.fedoraproject.org/pub/fedora/linux/releases/39/Workstation/x86_64/iso/Fedora-Workstation-Live-x86_64-39-1.5.iso'
)
if ! [ -f hda.qcow2 ]; then
ask_yn 'hda not found, create?' || exit 1
qemu-img create -f qcow2 hda.qcow2 20G
download_isos
fi
qemu "$@" \
#-device usb-host,vendorid=0xffff,productid=0xffff

1
fedora39/todo
View File

@ -1 +0,0 @@
/var/lib/misc/dnsmasq.leases

3
getip.sh Executable file
View File

@ -0,0 +1,3 @@
#!/bin/bash
awk '{print $3,$4}' /var/lib/misc/dnsmasq.leases

33
lib.sh
View File

@ -7,34 +7,28 @@ NORMAL=$'\e[0m'
BOLD=$'\e[1m'
RED=$'\e[31m'
function ask_yn() {
local ans
ask_yn() {
local a
printf '%s (Y/n) ' "$1" >&2
read -r ans
case "${ans,,}" in
y*|'') return 0 ;;
*) return 1 ;;
esac
read -rp "$* (Y/n) " a
[ -z "$a" ] || [[ "${a,,}" == y* ]]
}
declare -A ISO
declare -a OPTS
function download_isos() {
local file
download_isos() {
local curl file
curl=(curl -ZLC-)
for iso in "${!ISO[@]}"; do
file="$iso.iso"
if ! [ -f "$file" ] && ask_yn "download $file?"; then
curl -LC- -o "$file" "${ISO[$iso]}"
fi
if [ -f "$file" ]; then
OPTS+=(-drive "file=$file,media=cdrom,readonly=on")
fi
curl+=(-o "$file" "${ISO[$iso]}")
OPTS+=(-drive "file=$file,media=cdrom,readonly=on")
done
"${curl[@]}"
}
function _getmaxram() {
_getmaxram() {
local ram; ram="$(free -g | awk '/^Mem:/{print $2 - 2}')"
if [ "$ram" -le 2 ]; then ram=2
@ -42,7 +36,7 @@ function _getmaxram() {
echo "${ram}G"
}
function _getnet() {
_getnet() {
local net=user
if ! ip link show "$BRIDGE" | grep -q UP; then
@ -54,7 +48,7 @@ function _getnet() {
echo "$net"
}
function qemu() {
qemu() {
local ram=2G
local maxram; maxram="$(_getmaxram)"
local net; net="$(_getnet)"
@ -63,6 +57,7 @@ function qemu() {
qemu-system-x86_64 -accel kvm \
-monitor stdio \
-M q35 \
-bios /usr/share/edk2/x64/OVMF.4m.fd \
-cpu host \
-m "$ram,maxmem=$maxram" \
-vga virtio \

69
startnat.sh
View File

@ -1,22 +1,22 @@
#!/bin/bash -ex
#!/bin/bash -e
DIR="$(dirname "${BASH_SOURCE[0]}")"
function _iptables() {
local table="QEMU_$1"; shift
fix_nft_drops() {
local j h chain
iptables -C "$table" "$@" 2> /dev/null || iptables -A "$table" "$@"
: > "$DIR/restore-nft.conf"
j="$(nft -j list chains | jq '.[][].chain | select(.policy == "drop")')"
while read -r h; do
mapfile -t chain < <(jq -r "select(.policy != \"accept\" and .hook == \"$h\") | .family,.table,.name,.policy" <<< "$j")
if [ -n "${chain[0]}" ]; then
nft add chain "${chain[0]}" "${chain[1]}" "${chain[2]}" '{ policy accept; }'
echo "add chain ${chain[0]} ${chain[1]} ${chain[2]} { policy ${chain[3]}; }" >> "$DIR/restore-nft.conf"
fi
done < <(nft -j list chains | jq -r '.[][].chain | select(.table == "qemu") | .hook')
}
function newtable() {
local table="$1"; shift
iptables -N "QEMU_$table" "$@" 2> /dev/null || true
iptables -A "$table" -j "QEMU_$table" "$@"
}
if ! command -v dnsmasq iptables-nft; then
echo 'missing 1+ dependencies: dnsmasq iptables-nft' >&2
exit 1
fi
command -V dnsmasq > /dev/null
command -V nft > /dev/null
if [ "$EUID" != 0 ]; then
echo 'this script must be run as root' >&2
@ -25,29 +25,40 @@ fi
BRIDGE="${1-virbr0}"
modprobe nft_masq
sysctl net.ipv4.conf.all.forwarding=1
if ! ip link show "$BRIDGE" > /dev/null; then
if ! ip link show "$BRIDGE" 2> /dev/null; then
ip link add "$BRIDGE" type bridge
fi
ip link set dev "$BRIDGE" up
ip address flush dev "$BRIDGE"
ip address add 192.168.123.1/24 dev "$BRIDGE"
newtable INPUT
newtable FORWARD
newtable POSTROUTING -tnat
nft -f- <<EOF
destroy table ip qemu;
table ip qemu {
chain input {
type filter hook input priority filter; policy accept;
iifname "$BRIDGE" counter
}
chain forward {
type filter hook forward priority filter; policy accept;
iifname "$BRIDGE" counter
}
chain postrouting {
type nat hook postrouting priority srcnat; policy accept;
masquerade
}
}
EOF
_iptables INPUT -i virbr0 -j ACCEPT
_iptables FORWARD -i virbr0 -j ACCEPT
_iptables FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
fix_nft_drops
_iptables POSTROUTING -t nat -i "$BRIDGE" -j MASQUERADE
pidof dnsmasq | grep -q "$(cat /var/run/dnsmasq-virbr0.pid)" \
|| dnsmasq -z \
if ! pidof dnsmasq | grep -q "$(cat /var/run/dnsmasq-virbr0.pid)"; then
dnsmasq -z \
-i "$BRIDGE" \
-F 192.168.123.2,192.168.123.254,255.255.255.0 \
-x /var/run/dnsmasq-virbr0.pid
-x /var/run/dnsmasq-virbr0.pid \
--server 1.1.1.1
fi

14
stopnat.sh
View File

@ -1,4 +1,4 @@
#!/bin/bash -x
#!/bin/bash
if [ "$EUID" != 0 ]; then
echo "this script must be run as root" >&2
@ -7,14 +7,12 @@ fi
BRIDGE="${1-virbr0}"
sysctl net.ipv4.conf.all.forwarding=0
ip link del dev "$BRIDGE"
iptables -S | sed -n '/QEMU/s/-A/iptables -D/p' | bash
iptables -S -tnat | sed -n '/QEMU/s/-A/iptables -tnat -D/p' | bash
iptables -S | sed -n '/QEMU/s/-N/iptables -X/p' | bash
iptables -S -tnat | sed -n '/QEMU/s/-N/iptables -tnat -X/p' | bash
nft destroy table qemu
if [ -f restore-nft.conf ]; then
nft -f ./restore-nft.conf
rm restore-nft.conf
fi
kill -TERM "$(cat /var/run/dnsmasq-virbr0.pid)"

17
win11iotltsc/run.sh Executable file
View File

@ -0,0 +1,17 @@
#!/bin/bash -e
# vim: nowrap
cd "$(dirname "$0")"
. ../lib.sh
ISO=(
[win]='https://oemsoc.download.prss.microsoft.com/dbazure/X23-81951_26100.1742.240906-0331.ge_release_svc_refresh_CLIENT_ENTERPRISES_OEM_x64FRE_en-us.iso_640de540-87c4-427f-be87-e6d53a3a60b4?t=2c3b664b-b119-4088-9db1-ccff72c6d22e&P1=102816950270&P2=601&P3=2&P4=OC448onxqdmdUsBUApAiE8pj1FZ%2bEPTU3%2bC6Quq29MVwMyyDUtR%2fsbiy7RdVoZOHaZRndvzeOOnIwJZ2x3%2bmP6YK9cjJSP41Lvs0SulF4SVyL5C0DdDmiWqh2QW%2bcDPj2Xp%2bMrI9NOeElSBS5kkOWP8Eiyf2VkkQFM3g5vIk3HJVvu5sWo6pFKpFv4lML%2bHaIiTSuwbPMs5xwEQTfScuTKfigNlUZPdHRMp1B3uKLgIA3r0IbRpZgHYMXEwXQ%2fSLMdDNQthpqQvz1PThVkx7ObD55CXgt0GNSAWRfjdURWb8ywWk1gT7ozAgpP%2fKNm56U5nh33WZSuMZIuO1SBM2vw%3d%3d'
[virtio]='https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/latest-virtio/virtio-win.iso'
)
if ! [ -f hda.qcow2 ]; then
qemu-img create -f qcow2 hda.qcow2 40G
download_isos
fi
qemu "$@" \
#-device usb-host,vendorid=0xffff,productid=0xffff

17
win2k22/run.sh
View File

@ -1,17 +0,0 @@
#!/bin/bash -e
cd "$(dirname "$0")"
. ../lib.sh
ISO=(
[win2k22]='https://go.microsoft.com/fwlink/p/?LinkID=2195280'
[virtio]='https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/latest-virtio/virtio-win.iso'
)
if ! [ -f hda.qcow2 ]; then
ask_yn 'hda not found, create?' || exit 1
qemu-img create -f qcow2 hda.qcow2 40G
download_isos
fi
qemu "$@" \
#-device usb-host,vendorid=0xffff,productid=0xffff