|
|
/*++
Copyright (c) 1990-2000 Microsoft Corporation
Module Name:
iprcv.c - IP receive routines.
Abstract:
This module contains all receive related IP routines.
Author:
[Environment:]
kernel mode only
[Notes:]
optional-notes
Revision History:
--*/
#include "precomp.h"
#include "ip.h"
#include "info.h"
#include "iproute.h"
#include "arpdef.h"
#include "iprtdef.h"
#include "igmp.h"
#if IPMCAST
void IPMForwardAfterTD(NetTableEntry *pPrimarySrcNte, PNDIS_PACKET pnpPacket, UINT uiBytesCopied);#endif
// Following is to prevent ip fragment attack
uint MaxRH = 100; // maximum number of reassembly headers allowed
uint NumRH = 0; // Count of RH in use
uint MaxOverlap = 5; // maximum number overlaps allowed for one
// reassembled datagram
uint FragmentAttackDrops = 0;
extern IP_STATUS SendICMPErr(IPAddr, IPHeader UNALIGNED *, uchar, uchar, ulong, uchar);
extern uint IPSecStatus;extern IPSecRcvFWPacketRtn IPSecRcvFWPacketPtr;extern uchar RATimeout;extern NDIS_HANDLE BufferPool;extern ProtInfo IPProtInfo[]; // Protocol information table.
extern ProtInfo *LastPI; // Last protinfo structure looked at.
extern int NextPI; // Next PI field to be used.
extern ProtInfo *RawPI; // Raw IP protinfo
extern NetTableEntry **NewNetTableList; // hash table for NTEs
extern uint NET_TABLE_SIZE;extern NetTableEntry *LoopNTE;extern IPRcvBuf *g_PerCPUIpBuf; // Global RcvBuf used for proxy perf
// optimization.
extern Interface LoopInterface;
extern uint DisableIPSourceRouting;
uchar CheckLocalOptions(NetTableEntry *SrcNTE, IPHeader UNALIGNED *Header, IPOptInfo *OptInfo, uchar DestType, uchar* Data, uint DataSize, BOOLEAN FilterOnDrop);
#define PROT_RSVP 46 // Protocol number for RSVP
//* FindUserRcv - Find the receive handler to be called for a particular
// protocol.
//
// This functions takes as input a protocol value, and returns a pointer to
// the receive routine for that protocol.
//
// Input: NTE - Pointer to NetTableEntry to be searched
// Protocol - Protocol to be searched for.
// UContext - Place to returns UL Context value.
//
// Returns: Pointer to the receive routine.
//
ULRcvProcFindUserRcv(uchar Protocol){ ULRcvProc RcvProc; int i; ProtInfo *TempPI;
if (((TempPI = LastPI)->pi_protocol == Protocol) && TempPI->pi_valid == PI_ENTRY_VALID) {
RcvProc = TempPI->pi_rcv; return RcvProc; }
RcvProc = (ULRcvProc) NULL; for (i = 0; i < NextPI; i++) { if (IPProtInfo[i].pi_protocol == Protocol) { if (IPProtInfo[i].pi_valid == PI_ENTRY_VALID) { InterlockedExchangePointer(&LastPI, &IPProtInfo[i]); RcvProc = IPProtInfo[i].pi_rcv; return RcvProc; } else { // Deregisterd entry. Treat this case as if
// there is no matching protocol.
break; } } }
//
// Didn't find a match. Use the raw protocol if it is registered.
//
if ((TempPI = RawPI) != NULL) { RcvProc = TempPI->pi_rcv; }
return RcvProc;}
//* IPRcvComplete - Handle a receive complete.
//
// Called by the lower layer when receives are temporarily done.
//
// Entry: Nothing.
//
// Returns: Nothing.
//
void__stdcallIPRcvComplete(void){ void (*ULRcvCmpltProc) (void); int i; for (i = 0; i < NextPI; i++) { if (((ULRcvCmpltProc = IPProtInfo[i].pi_rcvcmplt) != NULL) && (IPProtInfo[i].pi_valid == PI_ENTRY_VALID)) { (*ULRcvCmpltProc) (); } }
}//* XsumRcvBuf - Checksum a chain of IP receive buffers.
//
// Called to xsum a chain of IP receive buffers. We're given the
// pseudo-header xsum to start with, and we call xsum on each buffer.
//
// Input: PHXsum - Pseudo-header xsum.
// BufChain - Pointer to IPRcvBuf chain.
//
// Returns: The computed xsum.
//
ushortXsumRcvBuf(uint PHXsum, IPRcvBuf * BufChain){ uint PrevSize = 0; uint NeedSwap = 0;
PHXsum = (((PHXsum << 16) | (PHXsum >> 16)) + PHXsum) >> 16; do { // Whenever an odd number of bytes is checksummed in the interior
// of the buffer-chain, swap the sum and go on so that the next byte
// will overlay the existing sum correctly.
//
// (The correctness of this swap is a property of ones-complement
// checksums.)
if (PrevSize & 1) { PHXsum = RtlUshortByteSwap(PHXsum); NeedSwap ^= 1; } PHXsum = tcpxsum_routine(PHXsum, BufChain->ipr_buffer, PrevSize = BufChain->ipr_size); BufChain = BufChain->ipr_next; } while (BufChain != NULL);
// If an odd number of swaps were performed, swap once more
// to undo the unmatched swap and obtain the final result.
return NeedSwap ? RtlUshortByteSwap(PHXsum) : (ushort)(PHXsum);}
//* UpdateIPSecRcvBuf - update an IPRcvBuf after IPSec receive-processing.
//
// Called to perform IPSec-related changes (e.g. setting checksum-verified)
// for an IPRcvBuf.
//
// Input: RcvBuf - Pointer to IPRcvBuf.
// IPSecFlags - Flags for required changes.
//
voidUpdateIPSecRcvBuf(IPRcvBuf* RcvBuf, ulong IPSecFlags){ if (IPSecFlags & (IPSEC_FLAG_TCP_CHECKSUM_VALID | IPSEC_FLAG_UDP_CHECKSUM_VALID) && RcvBuf->ipr_pClientCnt) {
PNDIS_PACKET Packet; PNDIS_PACKET_EXTENSION PktExt; PNDIS_TCP_IP_CHECKSUM_PACKET_INFO ChksumPktInfo;
if (RcvBuf->ipr_pMdl) { Packet = NDIS_GET_ORIGINAL_PACKET((PNDIS_PACKET) RcvBuf->ipr_RcvContext); if (Packet == NULL) { Packet = (PNDIS_PACKET)RcvBuf->ipr_RcvContext; } } else { Packet = (PNDIS_PACKET)RcvBuf->ipr_pClientCnt; }
PktExt = NDIS_PACKET_EXTENSION_FROM_PACKET(Packet); ChksumPktInfo = (PNDIS_TCP_IP_CHECKSUM_PACKET_INFO) &PktExt->NdisPacketInfo[TcpIpChecksumPacketInfo];
if (IPSecFlags & IPSEC_FLAG_TCP_CHECKSUM_VALID) { ChksumPktInfo->Receive.NdisPacketTcpChecksumSucceeded = TRUE; ChksumPktInfo->Receive.NdisPacketTcpChecksumFailed = FALSE; } if (IPSecFlags & IPSEC_FLAG_UDP_CHECKSUM_VALID) { ChksumPktInfo->Receive.NdisPacketUdpChecksumSucceeded = TRUE; ChksumPktInfo->Receive.NdisPacketUdpChecksumFailed = FALSE; } }}
//* FindRH - Look up a reassembly header on an NTE.
//
// A utility function to look up a reassembly header. We assume the lock
// on the NTE is taken when we are called. If we find a matching RH
// we'll take the lock on it. We also return the predecessor of the RH,
// for use in insertion or deletion.
//
// Input: PrevRH - Place to return pointer to previous RH
// NTE - NTE to be searched.
// Dest - Destination IP address
// Src - Src IP address
// ID - ID of RH
// Protocol - Protocol of RH
//
// Returns: Pointer to RH, or NULL if none.
//
ReassemblyHeader *FindRH(ReassemblyHeader ** PrevRH, NetTableEntry * NTE, IPAddr Dest, IPAddr Src, ushort Id, uchar Protocol){ ReassemblyHeader *TempPrev, *Current;
TempPrev = STRUCT_OF(ReassemblyHeader, &NTE->nte_ralist, rh_next); Current = NTE->nte_ralist; while (Current != (ReassemblyHeader *) NULL) { if (Current->rh_dest == Dest && Current->rh_src == Src && Current->rh_id == Id && Current->rh_protocol == Protocol) break; TempPrev = Current; Current = Current->rh_next; }
*PrevRH = TempPrev; return Current;
}
//* ParseRcvdOptions - Validate incoming options.
//
// Called during reception handling to validate incoming options. We make
// sure that everything is OK as best we can, and find indices for any
// source route option.
//
// Input: OptInfo - Pointer to option info. structure.
// Index - Pointer to optindex struct to be filled in.
//
//
// Returns: Index of error if any, MAX_OPT_SIZE if no errors.
//
ucharParseRcvdOptions(IPOptInfo * OptInfo, OptIndex * Index){ uint i = 0; // Index variable.
uchar *Options = OptInfo->ioi_options; uint OptLength = (uint) OptInfo->ioi_optlength; uchar Length = 0; // Length of option.
uchar Pointer; // Pointer field, for options that use it.
if (OptLength < 3) {
// Options should be at least 3 bytes, in the loop below we scan
// first 3 bytes of the packet for finding code, len and ptr value
return (uchar) IP_OPT_LENGTH; } while (i < OptLength && *Options != IP_OPT_EOL) { if (*Options == IP_OPT_NOP) { i++; Options++; continue; } if ((OptLength - i) < 2) { return (uchar) i; // Not enough space for the length field.
} else if (((Length = Options[IP_OPT_LENGTH]) + i) > OptLength) { return (uchar) i + (uchar) IP_OPT_LENGTH; // Length exceeds
//options length.
} Pointer = Options[IP_OPT_DATA] - 1;
if (*Options == IP_OPT_TS) { if (Length < (MIN_TS_PTR - 1)) return (uchar) i + (uchar) IP_OPT_LENGTH;
if ((Pointer > Length) || (Pointer + 1 < MIN_TS_PTR) || (Pointer % ROUTER_ALERT_SIZE)) return (uchar) i + (uchar) IP_OPT_LENGTH;
Index->oi_tsindex = (uchar) i; } else { if (Length < (MIN_RT_PTR - 1)) return (uchar) i + (uchar) IP_OPT_LENGTH;
if (*Options == IP_OPT_LSRR || *Options == IP_OPT_SSRR) {
OptInfo->ioi_flags |= IP_FLAG_SSRR;
if ((Pointer > Length) || (Pointer + 1 < MIN_RT_PTR) || ((Pointer + 1) % ROUTER_ALERT_SIZE)) return (uchar) i + (uchar) IP_OPT_LENGTH;
// A source route option
if (Pointer < Length) { // Route not complete
if ((Length - Pointer) < sizeof(IPAddr)) return (uchar) i + (uchar) IP_OPT_LENGTH;
Index->oi_srtype = *Options; Index->oi_srindex = (uchar) i; } } else { if (*Options == IP_OPT_RR) { if ((Pointer > Length) || (Pointer + 1 < MIN_RT_PTR) || ((Pointer + 1) % ROUTER_ALERT_SIZE)) return (uchar) i + (uchar) IP_OPT_LENGTH;
Index->oi_rrindex = (uchar) i; } else if (*Options == IP_OPT_ROUTER_ALERT) { Index->oi_rtrindex = (uchar) i; } } }
i += Length; Options += Length; }
return MAX_OPT_SIZE;}
//* IsRtrAlertPacket - Finds whether an IP packet contains rtr alert option.
// Input: Header - Pointer to incoming header.
// Returns: TRUE if packet contains rtr alert option
//
BOOLEANIsRtrAlertPacket(IPHeader UNALIGNED * Header){ uint HeaderLength; IPOptInfo OptInfo; OptIndex Index;
HeaderLength = (Header->iph_verlen & (uchar) ~ IP_VER_FLAG) << 2;
if (HeaderLength <= sizeof(IPHeader)) { return FALSE; } OptInfo.ioi_options = (uchar *) (Header + 1); OptInfo.ioi_optlength = (uchar) (HeaderLength - sizeof(IPHeader));
Index.oi_rtrindex = MAX_OPT_SIZE; ParseRcvdOptions(&OptInfo, &Index);
if (Index.oi_rtrindex == MAX_OPT_SIZE) { return FALSE; } return TRUE;}
BOOLEANIsBCastAllowed(IPAddr DestAddr, IPAddr SrcAddr, uchar Protocol, NetTableEntry *NTE){ uchar DestType;
DestType = IsBCastOnNTE(DestAddr, NTE);
// Note that IGMP Queries must be immune to the source
// filter or else we cannot over
if (DestType == DEST_MCAST) { uint PromiscuousMode = 0;
if (NTE->nte_flags & NTE_VALID) { PromiscuousMode = NTE->nte_if->if_promiscuousmode; } if (!PromiscuousMode) { DestType = IsMCastSourceAllowed(DestAddr, SrcAddr, Protocol, NTE); } }
return IS_BCAST_DEST(DestType);}
//* BCastRcv - Receive a broadcast or multicast packet.
//
// Called when we have to receive a broadcast packet. We loop through the
// NTE table, calling the upper layer receive protocol for each net which
// matches the receive I/F and for which the destination address is a
// broadcast.
//
// Input: RcvProc - The receive procedure to be called.
// SrcNTE - NTE on which the packet was originally received.
// DestAddr - Destination address.
// SrcAddr - Source address of packet.
// Data - Pointer to received data.
// DataLength - Size in bytes of data
// Protocol - Upper layer protocol being called.
// OptInfo - Pointer to received IP option info.
//
// Returns: Nothing.
//
voidBCastRcv(ULRcvProc RcvProc, NetTableEntry * SrcNTE, IPAddr DestAddr, IPAddr SrcAddr, IPHeader UNALIGNED * Header, uint HeaderLength, IPRcvBuf * Data, uint DataLength, uchar Protocol, IPOptInfo * OptInfo){ NetTableEntry *CurrentNTE; const Interface *SrcIF = SrcNTE->nte_if; ulong Delivered = 0; uint i;
for (i = 0; i < NET_TABLE_SIZE; i++) { NetTableEntry *NetTableList = NewNetTableList[i]; for (CurrentNTE = NetTableList; CurrentNTE != NULL; CurrentNTE = CurrentNTE->nte_next) { if ((CurrentNTE->nte_flags & NTE_ACTIVE) && (CurrentNTE->nte_if == SrcIF) && (IsBCastAllowed(DestAddr, SrcAddr, Protocol, CurrentNTE) || (SrcNTE == LoopNTE))) { uchar *saveddata = Data->ipr_buffer; uint savedlen = Data->ipr_size;
Delivered = 1;
(*RcvProc) (CurrentNTE, DestAddr, SrcAddr, CurrentNTE->nte_addr, SrcNTE->nte_addr, Header, HeaderLength, Data, DataLength, IS_BROADCAST, Protocol, OptInfo);
// restore the buffers;
Data->ipr_buffer = saveddata; Data->ipr_size = savedlen; } } }
if (Delivered) { IPSIncrementInDeliverCount(); }}
//
// Macro to send ICMP dest unreachable taking offset
// in to account in the case of IPSEC, and correctly pointing
// to payload part when ipheader is chained to data as in
// the case of loopback sends.
//
#define SEND_ICMP_MSG(TYPE)\
{ \ uchar *buf; \ uchar Len = (uchar) (MIN(PayloadLen, \ MAX_ICMP_PAYLOAD_SIZE)); \ buf = CTEAllocMem(Len + HeaderLength); \ if (buf) { \ CTEMemCopy(buf, Header, HeaderLength); \ CTEMemCopy( buf+(uchar)HeaderLength, \ Payload+(uchar)RcvOffset,Len); \ SendICMPErr(DestNTE->nte_addr,(IPHeader *)buf, \ (uchar) ICMP_DEST_UNREACH, \ (uchar) TYPE, 0, (uchar) (Len+HeaderLength)); \ CTEFreeMem(buf); \ } \ }
//* DeliverToUser - Deliver data to a user protocol.
//
// This procedure is called when we have determined that an incoming
// packet belongs here, and any options have been processed. We accept
// it for upper layer processing, which means looking up the receive
// procedure and calling it, or passing it to BCastRcv if neccessary.
//
// Input: SrcNTE - Pointer to NTE on which packet arrived.
// DestNTE - Pointer to NTE that is accepting packet.
// Header - Pointer to IP header of packet.
// HeaderLength - Length of Header in bytes.
// Data - Pointer to IPRcvBuf chain.
// DataLength - Length in bytes of upper layer data.
// OptInfo - Pointer to Option information for this receive.
// DestType - Type of destination - LOCAL, BCAST.
//
// Returns: Nothing.
voidDeliverToUser(NetTableEntry * SrcNTE, NetTableEntry * DestNTE, IPHeader UNALIGNED * Header, uint HeaderLength, IPRcvBuf * Data, uint DataLength, IPOptInfo * OptInfo, PNDIS_PACKET Packet, uchar DestType){ ULRcvProc rcv; uint PromiscuousMode; uint FirewallMode; uint RcvOffset = 0; uchar *Payload = Data->ipr_buffer; uint PayloadLen = Data->ipr_size; uchar Flags = 0;
PromiscuousMode = SrcNTE->nte_if->if_promiscuousmode; FirewallMode = ProcessFirewallQ();
//
// Call into IPSEC so he can decrypt the data. Call only for remote packets.
//
if (IPSecHandlerPtr) { //
// See if IPSEC is enabled, see if it needs to do anything with this
// packet.
//
FORWARD_ACTION Action; ULONG ipsecByteCount = 0; ULONG ipsecMTU = 0; ULONG ipsecFlags = IPSEC_FLAG_INCOMING; PNDIS_BUFFER newBuf = NULL; uint Offset = Data->ipr_RcvOffset; if (!(RefPtrValid(&FilterRefPtr) || (FirewallMode) || (PromiscuousMode))) { // else ipsec is already called in DeliverToUserEx
if (SrcNTE == LoopNTE) { ipsecFlags |= IPSEC_FLAG_LOOPBACK; } if (OptInfo->ioi_flags & IP_FLAG_SSRR) { ipsecFlags |= IPSEC_FLAG_SSRR; }
Action = (*IPSecHandlerPtr) ( (PUCHAR) Header, (PVOID) Data, SrcNTE->nte_if, // SrcIF
Packet, &ipsecByteCount, &ipsecMTU, (PVOID *) & newBuf, &ipsecFlags, DestType);
if (Action != eFORWARD) { IPSInfo.ipsi_indiscards++; return; } else { //
// Update the data length if IPSEC changed it
// (like by removing the AH)
//
DataLength -= ipsecByteCount; RcvOffset = Data->ipr_RcvOffset - Offset; UpdateIPSecRcvBuf(Data, ipsecFlags); } } }
//
// Clear flags, except the loopback one.
//
Data->ipr_flags &= IPR_FLAG_LOOPBACK_PACKET;
// This tracks whether the interface is bound or not to a particular
// processor. The only transport protocol that cares about this is TCP.
if (Header->iph_protocol == PROTOCOL_TCP) {
// If the media type is Ethernet and the packet was indicated by means
// of Receive-handler and this is the first packet on this interface or
// the current processor is same as the one the previous packet was
// indicated on, we hope that this interface is bound.
if (SrcNTE->nte_if->if_mediatype == IF_TYPE_IS088023_CSMACD) { if (Data->ipr_pMdl && ((SrcNTE->nte_if->if_lastproc == (int)KeGetCurrentProcessorNumber()) || (SrcNTE->nte_if->if_lastproc == (int)KeNumberProcessors))) { Flags |= IS_BOUND; } SrcNTE->nte_if->if_lastproc = KeGetCurrentProcessorNumber(); } else if (SrcNTE->nte_if == &LoopInterface) { Flags |= IS_BOUND; } }
// Process this request right now. Look up the protocol. If we
// find it, copy the data if we need to, and call the protocol's
// receive handler. If we don't find it, send an ICMP
// 'protocol unreachable' message.
rcv = FindUserRcv(Header->iph_protocol);
if (!PromiscuousMode) {
if (rcv != NULL) { IP_STATUS Status;
if (DestType == DEST_LOCAL) { Status = (*rcv) (SrcNTE, Header->iph_dest, Header->iph_src, DestNTE->nte_addr, SrcNTE->nte_addr, Header, HeaderLength, Data, DataLength, Flags, Header->iph_protocol, OptInfo);
if (Status == IP_SUCCESS) { IPSIncrementInDeliverCount(); return; } if (Status == IP_DEST_PROT_UNREACHABLE) { IPSInfo.ipsi_inunknownprotos++; SEND_ICMP_MSG(PROT_UNREACH); } else { IPSIncrementInDeliverCount(); SEND_ICMP_MSG(PORT_UNREACH);
}
return; // Just return out of here now.
} else if (DestType < DEST_REMOTE) { // BCAST, SN_BCAST, MCAST
BCastRcv(rcv, SrcNTE, Header->iph_dest, Header->iph_src, Header, HeaderLength, Data, DataLength, Header->iph_protocol, OptInfo); } else { // DestType >= DEST_REMOTE
// Force Rcv protocol to be Raw
rcv = NULL; if (RawPI != NULL) { rcv = RawPI->pi_rcv; } if ((rcv != NULL) && (DestType != DEST_INVALID)) { Data->ipr_flags |= IPR_FLAG_PROMISCUOUS; Status = (*rcv) (SrcNTE,Header->iph_dest,Header->iph_src, DestNTE->nte_addr, SrcNTE->nte_addr, Header, HeaderLength, Data, DataLength, FALSE, Header->iph_protocol, OptInfo); } return; // Just return out of here now.
} } else { IPSInfo.ipsi_inunknownprotos++; // If we get here, we didn't find a matching protocol. Send an
// ICMP message.
SEND_ICMP_MSG(PROT_UNREACH);
} } else { // PromiscuousMode = 1
IP_STATUS Status;
if (DestType == DEST_LOCAL) { if (rcv != NULL) { uchar *saveddata = Data->ipr_buffer; uint savedlen = Data->ipr_size;
Data->ipr_flags |= IPR_FLAG_PROMISCUOUS;
Status = (*rcv) (SrcNTE, Header->iph_dest, Header->iph_src, DestNTE->nte_addr, SrcNTE->nte_addr, Header, HeaderLength, Data, DataLength, Flags, Header->iph_protocol, OptInfo);
if (Status == IP_SUCCESS) { IPSIncrementInDeliverCount();
// If succeed and promiscuous mode set
// also do a raw rcv if previous wasn't a RawRcv
if ((RawPI != NULL) && (RawPI->pi_rcv != NULL) && (RawPI->pi_rcv != rcv)) { // we hv registered for RAW protocol
rcv = RawPI->pi_rcv;
// restore the buffers;
Data->ipr_buffer = saveddata; Data->ipr_size = savedlen; Status = (*rcv) (SrcNTE, Header->iph_dest, Header->iph_src, DestNTE->nte_addr, SrcNTE->nte_addr, Header, HeaderLength, Data, DataLength, FALSE, Header->iph_protocol, OptInfo);
} return; } if (Status == IP_DEST_PROT_UNREACHABLE) { IPSInfo.ipsi_inunknownprotos++; SEND_ICMP_MSG(PROT_UNREACH);
} else { IPSIncrementInDeliverCount(); SEND_ICMP_MSG(PORT_UNREACH);
} } else { IPSInfo.ipsi_inunknownprotos++;
// If we get here, we didn't find a matching protocol. Send
// an ICMP message.
SEND_ICMP_MSG(PROT_UNREACH);
} return; // Just return out of here now.
} else if (DestType < DEST_REMOTE) { // BCAST, SN_BCAST, MCAST
uchar *saveddata = Data->ipr_buffer; uint savedlen = Data->ipr_size;
if (rcv != NULL) {
Data->ipr_flags |= IPR_FLAG_PROMISCUOUS;
BCastRcv(rcv, SrcNTE, Header->iph_dest, Header->iph_src, Header, HeaderLength, Data, DataLength, Header->iph_protocol, OptInfo);
// If succeed and promiscuous mode set
// also do a raw rcv if previous is not RawRcv
if ((RawPI != NULL) && (RawPI->pi_rcv != NULL) && (RawPI->pi_rcv != rcv)) { // we hv registered for RAW protocol
rcv = RawPI->pi_rcv;
Data->ipr_buffer = saveddata; Data->ipr_size = savedlen; Status = (*rcv) (SrcNTE, Header->iph_dest, Header->iph_src, DestNTE->nte_addr, SrcNTE->nte_addr, Header, HeaderLength, Data, DataLength, FALSE, Header->iph_protocol, OptInfo);
} } else { IPSInfo.ipsi_inunknownprotos++; // If we get here, we didn't find a matching protocol. Send an ICMP message.
SEND_ICMP_MSG(PROT_UNREACH);
} } else { // DestType >= DEST_REMOTE and promiscuous mode set
// Force Rcv protocol to be Raw
rcv = NULL; if (RawPI != NULL) { rcv = RawPI->pi_rcv; } if ((rcv != NULL) && (DestType != DEST_INVALID)) { Data->ipr_flags |= IPR_FLAG_PROMISCUOUS; Status = (*rcv) (SrcNTE, Header->iph_dest, Header->iph_src, DestNTE->nte_addr, SrcNTE->nte_addr, Header, HeaderLength, Data, DataLength, FALSE, Header->iph_protocol, OptInfo);
return; // Just return out of here now.
} else { if (rcv == NULL) { KdPrint(("Rcv is NULL \n")); } else { KdPrint(("Dest invalid \n")); } } } // DestType >= DEST_REMOTE
} // Promiscuous Mode
}
uchar *ConvertIPRcvBufToFlatBuffer(IPRcvBuf * pRcvBuf, uint DataLength){ uchar *pBuff; IPRcvBuf *tmpRcvBuf; uint FrwlOffset;
// convert RcvBuf chain to a flat buffer
tmpRcvBuf = pRcvBuf; FrwlOffset = 0;
pBuff = CTEAllocMemN(DataLength, 'aiCT');
if (pBuff) { while (tmpRcvBuf != NULL) { ASSERT(tmpRcvBuf->ipr_buffer != NULL); RtlCopyMemory(pBuff + FrwlOffset, tmpRcvBuf->ipr_buffer, tmpRcvBuf->ipr_size); FrwlOffset += tmpRcvBuf->ipr_size; tmpRcvBuf = tmpRcvBuf->ipr_next; } } return pBuff;}
//* DeliverToUserEx - Called when (IPSEC & Filter)/Firewall/Promiscuous set
//
// Input: SrcNTE - Pointer to NTE on which packet arrived.
// DestNTE - Pointer to NTE that is accepting packet.
// Header - Pointer to IP header of packet.
// HeaderLength - Length of Header in bytes.
// Data - Pointer to IPRcvBuf chain.
// DataLength - Length in bytes of upper layer data +
// HeaderLength.
// OptInfo - Pointer to Option information for this receive.
// DestType - Type of destination - LOCAL, BCAST.
//
// It is assumed that if firewall is present Data contains IPHeader also.
// Also, DataLength includes HeaderLength in this case
//
// Returns: Nothing.
voidDeliverToUserEx(NetTableEntry * SrcNTE, NetTableEntry * DestNTE, IPHeader UNALIGNED * Header, uint HeaderLength, IPRcvBuf * Data, uint DataLength, IPOptInfo * OptInfo, PNDIS_PACKET Packet, uchar DestType, LinkEntry * LinkCtxt){
uint PromiscuousMode; uint FirewallMode; uint FirewallRef; Queue* FirewallQ; uint FastPath; IPRcvBuf *tmpRcvBuf; uchar *pBuff; BOOLEAN OneChunk;
PromiscuousMode = SrcNTE->nte_if->if_promiscuousmode; FirewallMode = ProcessFirewallQ();
if (DestType == DEST_PROMIS) { // We don't call any hook for this packet
// if firewall is there take the header off
// and then delivertouser
if (FirewallMode) { if (Data->ipr_size > HeaderLength) { //1st buff contains data also
uchar *saveddata = Data->ipr_buffer; Data->ipr_buffer += HeaderLength; Data->ipr_size -= HeaderLength; DataLength -= HeaderLength; DeliverToUser(SrcNTE, DestNTE, Header, HeaderLength, Data, DataLength, OptInfo, NULL, DestType); // restore the buffers;
Data->ipr_buffer = saveddata; Data->ipr_size += HeaderLength; IPFreeBuff(Data); } else { // First buffer just contains Header
uchar *saveddata;
if (Data->ipr_next == NULL) { // we received the data s.t. datasize == headersize
IPSInfo.ipsi_indiscards++; IPFreeBuff(Data); return; } saveddata = Data->ipr_next->ipr_buffer;
DataLength -= HeaderLength; DeliverToUser(SrcNTE, DestNTE, Header, HeaderLength, Data->ipr_next, DataLength, OptInfo, NULL, DestType);
// restore the buffers;
Data->ipr_next->ipr_buffer = saveddata; IPFreeBuff(Data); } } else { // FirewallMode is 0
DeliverToUser(SrcNTE, DestNTE, Header, HeaderLength, Data, DataLength, OptInfo, NULL, DestType); } return; } if (DestType >= DEST_REMOTE) {
// Packet would have gone to the forward path, normally
// Call the filter/firewall hook if its there
if (FirewallMode) {
FORWARD_ACTION Action = FORWARD; FIREWALL_CONTEXT_T FrCtx; IPAddr DAddr = Header->iph_dest; IPRcvBuf *pRcvBuf = Data; IPRcvBuf *pOutRcvBuf = NULL; NetTableEntry *DstNTE; Queue *CurrQ; FIREWALL_HOOK *CurrHook; uint DestIFIndex = INVALID_IF_INDEX; uchar DestinationType = DestType; uint BufferChanged = 0;
FrCtx.Direction = IP_RECEIVE; FrCtx.NTE = SrcNTE; //NTE the dg arrived on
FrCtx.LinkCtxt = LinkCtxt;
if (pRcvBuf->ipr_size > HeaderLength) { //1st buffer contains data also
FastPath = 1; } else { FastPath = 0; if (pRcvBuf->ipr_next == NULL) { // we received the data s.t. datasize == headersize
IPSInfo.ipsi_indiscards++; IPFreeBuff(pRcvBuf); return; } }
// Call the filter hook if installed
if (RefPtrValid(&FilterRefPtr)) { IPPacketFilterPtr FilterPtr; FORWARD_ACTION Action = FORWARD;
if (FastPath) { // first buffer contains data also
Interface *IF = SrcNTE->nte_if; IPAddr LinkNextHop; if ((IF->if_flags & IF_FLAGS_P2MP) && LinkCtxt) { LinkNextHop = LinkCtxt->link_NextHop; } else { LinkNextHop = NULL_IP_ADDR; } FilterPtr = AcquireRefPtr(&FilterRefPtr); Action = (*FilterPtr) ( Header, pRcvBuf->ipr_buffer + HeaderLength, pRcvBuf->ipr_size - HeaderLength, IF->if_index, INVALID_IF_INDEX, LinkNextHop, NULL_IP_ADDR); ReleaseRefPtr(&FilterRefPtr); } else { // Fast Path = 0
// first buffer contains IPHeader only
Interface *IF = SrcNTE->nte_if; IPAddr LinkNextHop; if ((IF->if_flags & IF_FLAGS_P2MP) && LinkCtxt) { LinkNextHop = LinkCtxt->link_NextHop; } else { LinkNextHop = NULL_IP_ADDR; }
FilterPtr = AcquireRefPtr(&FilterRefPtr); Action = (*FilterPtr) (Header, pRcvBuf->ipr_next->ipr_buffer, pRcvBuf->ipr_next->ipr_size, IF->if_index, INVALID_IF_INDEX, LinkNextHop, NULL_IP_ADDR); ReleaseRefPtr(&FilterRefPtr); }
if (Action != FORWARD) { IPSInfo.ipsi_indiscards++; IPFreeBuff(pRcvBuf); return; } } // call the firewallhook from front;
// in xmit path we call it from rear
#if MILLEN
KeRaiseIrql(DISPATCH_LEVEL, &OldIrql);#else // MILLEN
ASSERT(KeGetCurrentIrql() >= DISPATCH_LEVEL);#endif // MILLEN
FirewallRef = RefFirewallQ(&FirewallQ); CurrQ = QHEAD(FirewallQ);
while (CurrQ != QEND(FirewallQ)) { CurrHook = QSTRUCT(FIREWALL_HOOK, CurrQ, hook_q); pOutRcvBuf = NULL;
// pOutRcvBuf is assumed to be NULL before firewall hook is
//called
Action = (*CurrHook->hook_Ptr) (&pRcvBuf, SrcNTE->nte_if->if_index, &DestIFIndex, &DestinationType, &FrCtx, sizeof(FrCtx), &pOutRcvBuf);
if (Action == DROP) { DerefFirewallQ(FirewallRef);#if MILLEN
KeLowerIrql(OldIrql);#endif // MILLEN
IPSInfo.ipsi_indiscards++;
if (pRcvBuf != NULL) { IPFreeBuff(pRcvBuf); } if (pOutRcvBuf != NULL) { IPFreeBuff(pOutRcvBuf); } IPSInfo.ipsi_indiscards++; return; } else { ASSERT(Action == FORWARD); if (pOutRcvBuf != NULL) { // free the old buffer
if (pRcvBuf != NULL) { IPFreeBuff(pRcvBuf); } pRcvBuf = pOutRcvBuf; BufferChanged = 1; } } CurrQ = QNEXT(CurrQ); } DerefFirewallQ(FirewallRef);#if MILLEN
KeLowerIrql(OldIrql);#endif // MILLEN
ASSERT(Action == FORWARD);
if (BufferChanged) { // if packet touched compute the new length: DataSize
DataLength = 0; tmpRcvBuf = pRcvBuf; while (tmpRcvBuf != NULL) { ASSERT(tmpRcvBuf->ipr_buffer != NULL); DataLength += tmpRcvBuf->ipr_size; tmpRcvBuf = tmpRcvBuf->ipr_next; }
// also make Header point to new buffer
Header = (IPHeader *) pRcvBuf->ipr_buffer; HeaderLength = (Header->iph_verlen & 0xf) << 2; } DataLength -= HeaderLength; // decrement the header length
if (DestinationType == DEST_INVALID) { // Dest Addr changed by hook
DAddr = Header->iph_dest; DstNTE = SrcNTE; DestType = GetLocalNTE(DAddr, &DstNTE); DestNTE = DstNTE; } if (DestType < DEST_REMOTE) { // Check to see options
if (HeaderLength != sizeof(IPHeader)) { // We have options
uchar NewDType; NewDType = CheckLocalOptions( SrcNTE, (IPHeader UNALIGNED *) Header, OptInfo, DestType, NULL, 0, FALSE);
if (NewDType != DEST_LOCAL) { if (NewDType == DEST_REMOTE) { if (PromiscuousMode) { if (FastPath) { uchar *saveddata = pRcvBuf->ipr_buffer; pRcvBuf->ipr_buffer += HeaderLength; pRcvBuf->ipr_size -= HeaderLength; DeliverToUser( SrcNTE, DestNTE, (IPHeader UNALIGNED *) Header, HeaderLength, pRcvBuf, DataLength, OptInfo, NULL, DestType);
// restore the buffer
pRcvBuf->ipr_buffer = saveddata; pRcvBuf->ipr_size += HeaderLength; } else { uchar *saveddata = pRcvBuf->ipr_next->ipr_buffer;
DeliverToUser( SrcNTE, DestNTE, (IPHeader UNALIGNED *)Header, HeaderLength, pRcvBuf->ipr_next, DataLength, OptInfo, NULL, DestType);
// restore the buffers;
pRcvBuf->ipr_next->ipr_buffer = saveddata; } } goto forward_remote; } else { IPSInfo.ipsi_inhdrerrors++; IPFreeBuff(pRcvBuf); //CTEFreeMem(pBuff);
return; // Bad Options
} } // NewDtype != LOCAL
} // Options present
} // DestType < DEST_REMOTE
else { // DestType >=DEST_REMOTE
if (PromiscuousMode) { if (FastPath) { uchar *savedata = pRcvBuf->ipr_buffer; pRcvBuf->ipr_buffer += HeaderLength; pRcvBuf->ipr_size -= HeaderLength; DeliverToUser(SrcNTE, DestNTE, (IPHeader UNALIGNED *) Header, HeaderLength,pRcvBuf, DataLength, OptInfo, NULL, DestType); // restore the buffer
pRcvBuf->ipr_buffer = savedata; pRcvBuf->ipr_size += HeaderLength; } else { uchar *saveddata = pRcvBuf->ipr_next->ipr_buffer;
DeliverToUser(SrcNTE, DestNTE, (IPHeader UNALIGNED *)Header,HeaderLength, pRcvBuf->ipr_next, DataLength, OptInfo, NULL, DestType);
// restore the buffers;
pRcvBuf->ipr_next->ipr_buffer = saveddata; } } goto forward_remote; }
// DestType <= DEST_REMOTE
if (FastPath) { uchar *saveddata = pRcvBuf->ipr_buffer; pRcvBuf->ipr_buffer += HeaderLength; pRcvBuf->ipr_size -= HeaderLength; DeliverToUser(SrcNTE, DestNTE, (IPHeader UNALIGNED *) Header, HeaderLength,pRcvBuf, DataLength, OptInfo, NULL, DestType);
// restore the buffer
pRcvBuf->ipr_buffer = saveddata; pRcvBuf->ipr_size += HeaderLength; } else { uchar *saveddata = pRcvBuf->ipr_next->ipr_buffer;
DeliverToUser(SrcNTE, DestNTE, (IPHeader UNALIGNED *) Header, HeaderLength, pRcvBuf->ipr_next, DataLength, OptInfo, NULL, DestType);
// restore the buffers;
pRcvBuf->ipr_next->ipr_buffer = saveddata; }
if (IS_BCAST_DEST(DestType)) { OneChunk = FALSE;
if (pRcvBuf->ipr_next == NULL) {
OneChunk = TRUE; pBuff = pRcvBuf->ipr_buffer; } else { pBuff = ConvertIPRcvBufToFlatBuffer(pRcvBuf, DataLength + HeaderLength); if (!pBuff) { IPSInfo.ipsi_indiscards++; IPFreeBuff(pRcvBuf); return; } }
if (!(pRcvBuf->ipr_flags & IPR_FLAG_LOOPBACK_PACKET)) {
IPForwardPkt(SrcNTE, (IPHeader UNALIGNED *) pBuff, HeaderLength, pBuff + HeaderLength, DataLength, NULL, 0, DestType, 0, NULL, NULL, LinkCtxt); }
if (!OneChunk) { CTEFreeMem(pBuff); // free the flat buffer
}
} IPFreeBuff(pRcvBuf); return;
forward_remote: OneChunk = FALSE;
if (pRcvBuf->ipr_next == NULL) { OneChunk = TRUE; pBuff = pRcvBuf->ipr_buffer; } else { pBuff = ConvertIPRcvBufToFlatBuffer(pRcvBuf, DataLength + HeaderLength); if (!pBuff) { IPSInfo.ipsi_indiscards++; IPFreeBuff(pRcvBuf); return; } }
//
// Calling fwd routine for loopback packets results
// in stack overflow. Check for this.
//
if (!(pRcvBuf->ipr_flags & IPR_FLAG_LOOPBACK_PACKET)) {
IPForwardPkt(SrcNTE, (IPHeader UNALIGNED *) pBuff, HeaderLength, pBuff + HeaderLength, DataLength, NULL, 0, DestType, 0, NULL, NULL, LinkCtxt); }
IPFreeBuff(pRcvBuf);
if (!OneChunk) { CTEFreeMem(pBuff); // free the flat buffer
}
return; } else { // No Firewall
if (PromiscuousMode) { DeliverToUser(SrcNTE, DestNTE, (IPHeader UNALIGNED *) Header, HeaderLength, Data, DataLength, OptInfo, NULL, DestType); } // Convert IPRcvBuf chain to a flat buffer
OneChunk = FALSE;
if (Data != NULL && !Data->ipr_next) { OneChunk = TRUE; pBuff = Data->ipr_buffer; } else { pBuff = ConvertIPRcvBufToFlatBuffer( Data, DataLength + HeaderLength); if (!pBuff) { IPSInfo.ipsi_indiscards++; return; } }
if (!(Data->ipr_flags & IPR_FLAG_LOOPBACK_PACKET)) { IPForwardPkt(SrcNTE, (IPHeader UNALIGNED *) Header, HeaderLength, pBuff, DataLength, NULL, 0, DestType, 0, NULL, NULL, LinkCtxt); }
if (!OneChunk) CTEFreeMem(pBuff);
} return; } // DestType >= DEST_REMOTE
ASSERT(DestType <= DEST_REMOTE);
// Call IPSEC -> Filter -> Firewall
// These are local packets only.
if (FirewallMode) { // Header is part of the Data
FORWARD_ACTION Action = FORWARD; FIREWALL_CONTEXT_T FrCtx; IPAddr DAddr = Header->iph_dest; IPRcvBuf *pRcvBuf = Data; IPRcvBuf *pOutRcvBuf = NULL; NetTableEntry *DstNTE; Queue *CurrQ; FIREWALL_HOOK *CurrHook; uint DestIFIndex = LOCAL_IF_INDEX; uchar DestinationType = DestType; uint BufferChanged = 0; ULONG ipsecFlags = IPSEC_FLAG_INCOMING;
if (pRcvBuf->ipr_size > HeaderLength) { //1st buffer contains data also
FastPath = 1; } else { FastPath = 0; if (pRcvBuf->ipr_next == NULL) { // we received the data s.t. datasize == headersize
IPSInfo.ipsi_indiscards++; IPFreeBuff(pRcvBuf); return; } }
//
// Call into IPSEC so he can decrypt the data
//
// In case of firewall make sure we pass the data only but we don't actually strip the header
if (IPSecHandlerPtr) { //
// See if IPSEC is enabled, see if it needs to do anything with this
// packet.
//
FORWARD_ACTION Action; ULONG ipsecByteCount = 0; ULONG ipsecMTU = 0; PNDIS_BUFFER newBuf = NULL;
if (SrcNTE == LoopNTE) { ipsecFlags |= IPSEC_FLAG_LOOPBACK; } if (OptInfo->ioi_flags & IP_FLAG_SSRR) { ipsecFlags |= IPSEC_FLAG_SSRR; }
if (FastPath) { // first buffer contains IPHeader also
pRcvBuf->ipr_buffer += HeaderLength; pRcvBuf->ipr_size -= HeaderLength;
// this tells IPSEC to move IPHeader after decryption
ipsecFlags |= IPSEC_FLAG_FASTRCV;
Action = (*IPSecHandlerPtr) ( (PUCHAR) Header, (PVOID) pRcvBuf, SrcNTE->nte_if, // SrcIF
Packet, &ipsecByteCount, &ipsecMTU, (PVOID *) & newBuf, &ipsecFlags, DestType);
// restore the buffer
pRcvBuf->ipr_buffer -= HeaderLength; pRcvBuf->ipr_size += HeaderLength;
Header = (IPHeader UNALIGNED *)pRcvBuf->ipr_buffer;
} else { // FastPath = 0
Action = (*IPSecHandlerPtr) ( (PUCHAR) Header, (PVOID) (pRcvBuf->ipr_next), SrcNTE->nte_if, // SrcIF
Packet, &ipsecByteCount, &ipsecMTU, (PVOID *) & newBuf, &ipsecFlags, DestType);
}
if (Action != eFORWARD) { IPSInfo.ipsi_indiscards++; IPFreeBuff(pRcvBuf); return; } else { //
// Update the data length if IPSEC changed it (like by removing the AH)
//
DataLength -= ipsecByteCount; UpdateIPSecRcvBuf(pRcvBuf, ipsecFlags); } }
// If ipsec acted on this, mark ipr_flags for
// filter driver.
if (ipsecFlags & IPSEC_FLAG_TRANSFORMED) { pRcvBuf->ipr_flags |= IPR_FLAG_IPSEC_TRANSFORMED; }
// Call the filter hook if installed
if (RefPtrValid(&FilterRefPtr)) { IPPacketFilterPtr FilterPtr; FORWARD_ACTION Action = FORWARD;
if (FastPath) { Interface *IF = SrcNTE->nte_if; IPAddr LinkNextHop; if ((IF->if_flags & IF_FLAGS_P2MP) && LinkCtxt) { LinkNextHop = LinkCtxt->link_NextHop; } else { LinkNextHop = NULL_IP_ADDR; }
FilterPtr = AcquireRefPtr(&FilterRefPtr); Action = (*FilterPtr) (Header, pRcvBuf->ipr_buffer + HeaderLength, pRcvBuf->ipr_size - HeaderLength, IF->if_index, INVALID_IF_INDEX, LinkNextHop, NULL_IP_ADDR); ReleaseRefPtr(&FilterRefPtr); } else { // Fast Path = 0
Interface *IF = SrcNTE->nte_if; IPAddr LinkNextHop; if ((IF->if_flags & IF_FLAGS_P2MP) && LinkCtxt) { LinkNextHop = LinkCtxt->link_NextHop; } else { LinkNextHop = NULL_IP_ADDR; }
FilterPtr = AcquireRefPtr(&FilterRefPtr); Action = (*FilterPtr) (Header, pRcvBuf->ipr_next->ipr_buffer, pRcvBuf->ipr_next->ipr_size, IF->if_index, INVALID_IF_INDEX, LinkNextHop, NULL_IP_ADDR); ReleaseRefPtr(&FilterRefPtr); }
if (Action != FORWARD) { IPSInfo.ipsi_indiscards++; IPFreeBuff(pRcvBuf); return; } } // Call the firewall hook
FrCtx.Direction = IP_RECEIVE; FrCtx.NTE = SrcNTE; //NTE the dg arrived on
FrCtx.LinkCtxt = LinkCtxt;
// call the firewall hooks from front of the Queue
#if MILLEN
KeRaiseIrql(DISPATCH_LEVEL, &OldIrql);#else // MILLEN
ASSERT(KeGetCurrentIrql() >= DISPATCH_LEVEL);#endif // MILLEN
FirewallRef = RefFirewallQ(&FirewallQ); CurrQ = QHEAD(FirewallQ);
while (CurrQ != QEND(FirewallQ)) { CurrHook = QSTRUCT(FIREWALL_HOOK, CurrQ, hook_q); pOutRcvBuf = NULL;
Action = (*CurrHook->hook_Ptr) (&pRcvBuf, SrcNTE->nte_if->if_index, &DestIFIndex, &DestinationType, &FrCtx, sizeof(FrCtx), &pOutRcvBuf);
if (Action == DROP) { DerefFirewallQ(FirewallRef);#if MILLEN
KeLowerIrql(OldIrql);#endif // MILLEN
IPSInfo.ipsi_indiscards++; if (pRcvBuf != NULL) { IPFreeBuff(pRcvBuf); } if (pOutRcvBuf != NULL) { IPFreeBuff(pOutRcvBuf); } return; } else { ASSERT(Action == FORWARD); if (pOutRcvBuf != NULL) { // free the old buffer
if (pRcvBuf != NULL) { IPFreeBuff(pRcvBuf); } pRcvBuf = pOutRcvBuf; BufferChanged = 1; } } CurrQ = QNEXT(CurrQ); } DerefFirewallQ(FirewallRef);#if MILLEN
KeLowerIrql(OldIrql);#endif // MILLEN
ASSERT(Action == FORWARD);
if (BufferChanged) { // if packet touched compute the new length: DataSize
DataLength = 0; tmpRcvBuf = pRcvBuf; while (tmpRcvBuf != NULL) { ASSERT(tmpRcvBuf->ipr_buffer != NULL); DataLength += tmpRcvBuf->ipr_size; tmpRcvBuf = tmpRcvBuf->ipr_next; } // also make Header point to new buffer
Header = (IPHeader *) pRcvBuf->ipr_buffer; HeaderLength = (Header->iph_verlen & 0xf) << 2; } DataLength -= HeaderLength; // decrement the header length
if (DestinationType == DEST_INVALID) { // Dest Addr changed by hook
// Can IPSEC changed iph_dest ???
DAddr = Header->iph_dest; DstNTE = SrcNTE; DestType = GetLocalNTE(DAddr, &DstNTE); DestNTE = DstNTE; } if (DestType < DEST_REMOTE) { // Check to see options
if (HeaderLength != sizeof(IPHeader)) { // We have options
uchar NewDType; NewDType = CheckLocalOptions(SrcNTE, (IPHeader UNALIGNED *) Header, OptInfo, DestType, NULL, 0, FALSE); if (NewDType != DEST_LOCAL) { if (NewDType == DEST_REMOTE) { if (PromiscuousMode) { if (FastPath) { uchar *saveddata = pRcvBuf->ipr_buffer; pRcvBuf->ipr_buffer += HeaderLength; pRcvBuf->ipr_size -= HeaderLength; DeliverToUser(SrcNTE, DestNTE, (IPHeader UNALIGNED *) Header, HeaderLength, pRcvBuf, DataLength, OptInfo, NULL, DestType); // restore the buffer
pRcvBuf->ipr_buffer = saveddata; pRcvBuf->ipr_size += HeaderLength; } else { uchar *saveddata = pRcvBuf->ipr_next->ipr_buffer;
DeliverToUser(SrcNTE, DestNTE, (IPHeader UNALIGNED *) Header, HeaderLength, pRcvBuf->ipr_next, DataLength, OptInfo, NULL, DestType); // restore the buffers;
pRcvBuf->ipr_next->ipr_buffer = saveddata; } } goto forward_local; } else { IPSInfo.ipsi_inhdrerrors++; IPFreeBuff(pRcvBuf); //CTEFreeMem(pBuff);
return; // Bad Options
} } // NewDtype != LOCAL
} // Options present
} // DestType < DEST_REMOTE
else { // DestType >=DEST_REMOTE
if (PromiscuousMode) { if (FastPath) { uchar *saveddata = pRcvBuf->ipr_buffer; pRcvBuf->ipr_buffer += HeaderLength; pRcvBuf->ipr_size -= HeaderLength; DeliverToUser(SrcNTE, DestNTE, (IPHeader UNALIGNED *) Header, HeaderLength, pRcvBuf, DataLength, OptInfo, NULL, DestType); // restore the buffer
pRcvBuf->ipr_buffer = saveddata; pRcvBuf->ipr_size += HeaderLength; } else { uchar *saveddata = pRcvBuf->ipr_next->ipr_buffer;
DeliverToUser(SrcNTE, DestNTE, (IPHeader UNALIGNED *) Header, HeaderLength, pRcvBuf->ipr_next, DataLength, OptInfo, NULL, DestType);
// restore the buffers;
pRcvBuf->ipr_next->ipr_buffer = saveddata; } } goto forward_local; }
if (FastPath) { uchar *saveddata = pRcvBuf->ipr_buffer; pRcvBuf->ipr_buffer += HeaderLength; pRcvBuf->ipr_size -= HeaderLength; DeliverToUser(SrcNTE, DestNTE, (IPHeader UNALIGNED *) Header, HeaderLength, pRcvBuf, DataLength, OptInfo, NULL, DestType); // restore the buffer
pRcvBuf->ipr_buffer = saveddata; pRcvBuf->ipr_size += HeaderLength; } else { uchar *saveddata = pRcvBuf->ipr_next->ipr_buffer;
DeliverToUser( SrcNTE, DestNTE, (IPHeader UNALIGNED *) Header, HeaderLength, pRcvBuf->ipr_next, DataLength, OptInfo, NULL, DestType); // restore the buffers;
pRcvBuf->ipr_next->ipr_buffer = saveddata; } if (IS_BCAST_DEST(DestType)) { OneChunk = FALSE; if (pRcvBuf->ipr_next == NULL) { OneChunk = TRUE; pBuff = pRcvBuf->ipr_buffer; }else { pBuff = ConvertIPRcvBufToFlatBuffer( pRcvBuf, DataLength + HeaderLength);
if (!pBuff) { IPSInfo.ipsi_indiscards++; IPFreeBuff(pRcvBuf); return; }
} if (!(pRcvBuf->ipr_flags & IPR_FLAG_LOOPBACK_PACKET)) { IPForwardPkt(SrcNTE, (IPHeader UNALIGNED *) pBuff, HeaderLength, pBuff + HeaderLength, DataLength, NULL, 0, DestType, 0, NULL, NULL, LinkCtxt); } if (!OneChunk) { CTEFreeMem(pBuff); // free the flat buffer
}
} IPFreeBuff(pRcvBuf); //CTEFreeMem(pBuff); // free the flat buffer
return; forward_local: OneChunk = FALSE; if (pRcvBuf->ipr_next == NULL) { OneChunk = TRUE; pBuff = pRcvBuf->ipr_buffer; } else { pBuff = ConvertIPRcvBufToFlatBuffer(pRcvBuf, DataLength + HeaderLength);
if (!pBuff) { IPSInfo.ipsi_indiscards++; IPFreeBuff(pRcvBuf); return;
} }
//
// If mdl in the packet is not changed and this is a simple
// packet with only one buffer then pass the packet, mdl and
// ClientCnt so that IPForwardPkt() can try to use super fast
// path.
//
if (!(pRcvBuf->ipr_flags & IPR_FLAG_LOOPBACK_PACKET)) { if (OneChunk && pRcvBuf->ipr_pMdl && ((BufferChanged == 0) || (pRcvBuf->ipr_flags & IPR_FLAG_BUFFER_UNCHANGED))) {
uint MacHeaderSize = pRcvBuf->ipr_RcvOffset - HeaderLength;
IPForwardPkt(SrcNTE, (IPHeader UNALIGNED *) pBuff, HeaderLength, pBuff + HeaderLength, DataLength, Packet, 0, DestType, MacHeaderSize, pRcvBuf->ipr_pMdl,pRcvBuf->ipr_pClientCnt, LinkCtxt);
} else { IPForwardPkt(SrcNTE, (IPHeader UNALIGNED *) pBuff, HeaderLength, pBuff + HeaderLength, DataLength, NULL, 0, DestType, 0, NULL, NULL, LinkCtxt);
} }
if (!OneChunk) { CTEFreeMem(pBuff); // free the flat buffer
} IPFreeBuff(pRcvBuf);
return;
} else { // No Firewall
//
// Call into IPSEC so he can decrypt the data
//
if (IPSecHandlerPtr) { //
// See if IPSEC is enabled, see if it needs to do anything with this
// packet.
//
FORWARD_ACTION Action; ULONG ipsecByteCount = 0; ULONG ipsecMTU = 0; ULONG ipsecFlags = IPSEC_FLAG_INCOMING; PNDIS_BUFFER newBuf = NULL;
if (SrcNTE == LoopNTE) { ipsecFlags |= IPSEC_FLAG_LOOPBACK; } if (OptInfo->ioi_flags & IP_FLAG_SSRR) { ipsecFlags |= IPSEC_FLAG_SSRR; }
Action = (*IPSecHandlerPtr) ( (PUCHAR) Header, (PVOID) Data, SrcNTE->nte_if, // SrcIF
Packet, &ipsecByteCount, &ipsecMTU, (PVOID *) &newBuf, &ipsecFlags, DestType);
if (Action != eFORWARD) { IPSInfo.ipsi_indiscards++; return; } else { //
// Update the data length if IPSEC changed it
// (like by removing the AH)
//
DataLength -= ipsecByteCount; UpdateIPSecRcvBuf(Data, ipsecFlags); } }
// Call the filter hook if installed
if (RefPtrValid(&FilterRefPtr)) { Interface *IF = SrcNTE->nte_if; IPAddr LinkNextHop; FORWARD_ACTION Action; IPPacketFilterPtr FilterPtr; if ((IF->if_flags & IF_FLAGS_P2MP) && LinkCtxt) { LinkNextHop = LinkCtxt->link_NextHop; } else { LinkNextHop = NULL_IP_ADDR; } FilterPtr = AcquireRefPtr(&FilterRefPtr); Action = (*FilterPtr) (Header, Data->ipr_buffer, Data->ipr_size, IF->if_index, INVALID_IF_INDEX, LinkNextHop, NULL_IP_ADDR); ReleaseRefPtr(&FilterRefPtr);
if (Action != FORWARD) { IPSInfo.ipsi_indiscards++; return; } } // Packet was local only: so even if promiscuous mode set just call
// delivertouser
DeliverToUser(SrcNTE, DestNTE, (IPHeader UNALIGNED *) Header, HeaderLength, Data, DataLength, OptInfo, NULL, DestType);
if (IS_BCAST_DEST(DestType)) { uchar *pBuff;
OneChunk = FALSE; if (Data != NULL && !Data->ipr_next) { OneChunk = TRUE; pBuff = Data->ipr_buffer; } else { pBuff = ConvertIPRcvBufToFlatBuffer(Data, DataLength); if (!pBuff) { return; } } if (!(Data->ipr_flags & IPR_FLAG_LOOPBACK_PACKET)) { IPForwardPkt(SrcNTE, (IPHeader UNALIGNED *) Header, HeaderLength, pBuff, DataLength, NULL, 0, DestType, 0, NULL, NULL, LinkCtxt); }
if (!OneChunk) { CTEFreeMem(pBuff); }
} }}
//* FreeRH - Free a reassembly header.
//
// Called when we need to free a reassembly header, either because of a
// timeout or because we're done with it.
//
// Input: RH - RH to be freed.
//
// Returns: Nothing.
//
voidFreeRH(ReassemblyHeader *RH){ RABufDesc *RBD, *TempRBD;
RBD = RH->rh_rbd; if (IPSecHandlerPtr) { IPFreeBuff((IPRcvBuf *) RBD); } else { while (RBD != NULL) { TempRBD = RBD; RBD = (RABufDesc *) RBD->rbd_buf.ipr_next; CTEFreeMem(TempRBD); } } CTEFreeMem(RH); // decrement NumRH
CTEInterlockedDecrementLong(&NumRH);
}
//* ReassembleFragment - Put a fragment into the reassembly list.
//
// This routine is called once we've put a fragment into the proper buffer.
// We look for a reassembly header for the fragment. If we don't find one,
// we create one. Otherwise we search the reassembly list, and insert the
// datagram in it's proper place.
//
// Input: NTE - NTE to reassemble on.
// SrcNTE - NTE datagram arrived on.
// NewRBD - New RBD to be inserted.
// IPH - Pointer to header of datagram.
// HeaderSize - Size in bytes of header.
// DestType - Type of destination address.
//
// Returns: Nothing.
//
voidReassembleFragment(NetTableEntry * NTE, NetTableEntry * SrcNTE, RABufDesc * NewRBD, IPHeader UNALIGNED * IPH, uint HeaderSize, uchar DestType, LinkEntry * LinkCtxt){ ReassemblyHeader *RH, *PrevRH; // Current and previous reassembly headers.
RABufDesc *PrevRBD; // Previous RBD in reassembly header list.
RABufDesc *CurrentRBD; ushort DataLength = (ushort) NewRBD->rbd_buf.ipr_size, DataOffset; ushort Offset; // Offset of this fragment.
ushort NewOffset; // Offset we'll copy from after checking RBD list.
ushort NewEnd; // End offset of fragment, after trimming (if any).
// used by the firewall code
IPRcvBuf *pRcvBuf; uint FirewallMode; uint PromiscuousMode;
PromiscuousMode = SrcNTE->nte_if->if_promiscuousmode; FirewallMode = ProcessFirewallQ();
// If this is a broadcast, go ahead and forward it now.
// if second condition is false then delivertouserex() will take care of
// this
if (IS_BCAST_DEST(DestType) && !(((IPSecHandlerPtr) && (RefPtrValid(&FilterRefPtr))) || (FirewallMode) || (PromiscuousMode))) { IPForwardPkt(SrcNTE, IPH, HeaderSize, NewRBD->rbd_buf.ipr_buffer, NewRBD->rbd_buf.ipr_size, NULL, 0, DestType, 0, NULL, NULL, LinkCtxt); }
if (NumRH > MaxRH) { IPSInfo.ipsi_reasmfails++; FragmentAttackDrops++; CTEFreeMem(NewRBD); return; } Offset = IPH->iph_offset & IP_OFFSET_MASK; Offset = net_short(Offset) * 8;
if ((NumRH == MaxRH) && !Offset) { IPSInfo.ipsi_reasmfails++; CTEFreeMem(NewRBD); return; }
if ((ulong) (Offset + DataLength) > MAX_DATA_LENGTH) { IPSInfo.ipsi_reasmfails++; CTEFreeMem(NewRBD); return; } // We've got the buffer we need. Now get the reassembly header, if there is one. If
// there isn't, create one.
CTEGetLockAtDPC(&NTE->nte_lock); RH = FindRH(&PrevRH, NTE, IPH->iph_dest, IPH->iph_src, IPH->iph_id, IPH->iph_protocol); if (RH == (ReassemblyHeader *) NULL) { // Didn't find one, so create one.
ReassemblyHeader *NewRH; CTEFreeLockFromDPC(&NTE->nte_lock); RH = CTEAllocMemN(sizeof(ReassemblyHeader), 'diCT'); if (RH == (ReassemblyHeader *) NULL) { // Couldn't get a buffer.
IPSInfo.ipsi_reasmfails++; CTEFreeMem(NewRBD); return; } CTEInterlockedIncrementLong(&NumRH);
CTEGetLockAtDPC(&NTE->nte_lock); // Need to look it up again - it could have changed during above call.
NewRH = FindRH(&PrevRH, NTE, IPH->iph_dest, IPH->iph_src, IPH->iph_id, IPH->iph_protocol); if (NewRH != (ReassemblyHeader *) NULL) { CTEFreeMem(RH); RH = NewRH; CTEInterlockedDecrementLong(&NumRH); } else {
RH->rh_next = PrevRH->rh_next; PrevRH->rh_next = RH;
// Initialize our new reassembly header.
RH->rh_dest = IPH->iph_dest; RH->rh_src = IPH->iph_src; RH->rh_id = IPH->iph_id; RH->rh_protocol = IPH->iph_protocol; //RH->rh_ttl = RATimeout;
RH->rh_ttl = MAX(RATimeout, MIN(120, IPH->iph_ttl) + 1); RH->rh_numoverlaps = 0; RH->rh_datasize = MAX_TOTAL_LENGTH; // Default datasize to maximum.
RH->rh_rbd = (RABufDesc *) NULL; // And nothing on chain.
RH->rh_datarcvd = 0; // Haven't received any data yet.
RH->rh_headersize = 0;
} }
// When we reach here RH points to the reassembly header we want to use.
// and we hold locks on the NTE and the RH. If this is the first fragment
// we'll save the options and header information here.
if (Offset == 0) { // First fragment.
RH->rh_headersize = (ushort)HeaderSize; RtlCopyMemory(RH->rh_header, IPH, HeaderSize + 8); }
// If this is the last fragment, update the amount of data we expect to
// receive.
if (!(IPH->iph_offset & IP_MF_FLAG)) { RH->rh_datasize = Offset + DataLength; } if (RH->rh_datasize < RH->rh_datarcvd || (RH->rh_datasize != MAX_TOTAL_LENGTH && (RH->rh_datasize + RH->rh_headersize) > MAX_TOTAL_LENGTH)) {
// random packets. drop!
CTEFreeMem(NewRBD);
PrevRH->rh_next = RH->rh_next;
FreeRH(RH); CTEFreeLockFromDPC(&NTE->nte_lock); return;
}
// Update the TTL value with the maximum of the current TTL and the
// incoming TTL (+1, to deal with rounding errors).
// Following is commented out to protect against fragmentation attack
// Default TTL now used is 120 seconds now, used only for the first header
// RH->rh_ttl = MAX(RH->rh_ttl, MIN(254, IPH->iph_ttl) + 1);
// Now we need to see where in the RBD list to put this.
//
// The idea is to go through the list of RBDs one at a time. The RBD
// currently being examined is CurrentRBD. If the start offset of the new
// fragment is less than (i.e. in front of) the offset of CurrentRBD, we
// need to insert the NewRBD in front of the CurrentRBD. If this is the
// case we need to check and see if the
// end of the new fragment overlaps some or all of the fragment described by
// CurrentRBD, and possibly subsequent fragment. If it overlaps part of a
// fragment we'll adjust our end down to be in front of the existing
// fragment. If it overlaps all of the fragment we'll free the old fragment.
//
// If the new fragment does not start in front of the current fragment
// we'll check to see if it starts somewhere in the middle of the current
// fragment. If this isn't the case, we move on the the next fragment. If
// this is the case, we check to see if the current fragment completely // covers the new fragment. If not we
// move our start up and continue with the next fragment.
//
NewOffset = Offset; NewEnd = Offset + DataLength - 1; PrevRBD = STRUCT_OF(RABufDesc, STRUCT_OF(IPRcvBuf, &RH->rh_rbd, ipr_next), rbd_buf); CurrentRBD = RH->rh_rbd; for (; CurrentRBD != NULL; PrevRBD = CurrentRBD, CurrentRBD = (RABufDesc *) CurrentRBD->rbd_buf.ipr_next) {
// See if it starts in front of this fragment.
if (NewOffset < CurrentRBD->rbd_start) { // It does start in front. Check to see if there's any overlap.
if (NewEnd < CurrentRBD->rbd_start) break; // No overlap, so get out.
else { //
// It does overlap. While we have overlap, walk down the list
// looking for RBDs we overlap completely. If we find one,
// put it on our deletion list. If we have overlap but not
// complete overlap, move our end down if front of the
// fragment we overlap.
//
do { RH->rh_numoverlaps++; if (RH->rh_numoverlaps >= MaxOverlap) {
//Looks like we are being attacked.
//Just drop this whole datagram.
NewRBD->rbd_buf.ipr_next = (IPRcvBuf *) CurrentRBD; PrevRBD->rbd_buf.ipr_next = &NewRBD->rbd_buf;
PrevRH->rh_next = RH->rh_next;
FreeRH(RH); FragmentAttackDrops++; CTEFreeLockFromDPC(&NTE->nte_lock); return; } if (NewEnd > CurrentRBD->rbd_end) { //overlaps completely.
RABufDesc *TempRBD;
RH->rh_datarcvd = RH->rh_datarcvd - (ushort) (CurrentRBD->rbd_buf.ipr_size); TempRBD = CurrentRBD; CurrentRBD = (RABufDesc *) CurrentRBD->rbd_buf.ipr_next; CTEFreeMem(TempRBD); } else { //partial ovelap.
if (NewOffset < CurrentRBD->rbd_start) { NewEnd = CurrentRBD->rbd_start - 1; } else { // Looks like we are being attacked.
// Just drop this whole datagram.
NewRBD->rbd_buf.ipr_next = (IPRcvBuf *) CurrentRBD; PrevRBD->rbd_buf.ipr_next = &NewRBD->rbd_buf;
PrevRH->rh_next = RH->rh_next;
FreeRH(RH);
CTEFreeLockFromDPC(&NTE->nte_lock); return;
}
} // Update of NewEnd will force us out of loop.
} while (CurrentRBD != NULL && NewEnd >= CurrentRBD->rbd_start); break; } } else { // This fragment doesn't go in front of the current RBD. See if it
// is entirely beyond the end of the current fragment. If it is,
// just continue. Otherwise see if the current fragment
// completely subsumes us. If it does, get out, otherwise update
// our start offset and continue.
if (NewOffset > CurrentRBD->rbd_end) continue; // No overlap at all.
else {
RH->rh_numoverlaps++; if (RH->rh_numoverlaps >= MaxOverlap) {
//Looks like we are being attacked.
//Just drop this whole datagram.
NewRBD->rbd_buf.ipr_next = (IPRcvBuf *) CurrentRBD; PrevRBD->rbd_buf.ipr_next = &NewRBD->rbd_buf;
PrevRH->rh_next = RH->rh_next;
FreeRH(RH); FragmentAttackDrops++; CTEFreeLockFromDPC(&NTE->nte_lock); return; }
if (NewEnd <= CurrentRBD->rbd_end) { //
// The current fragment overlaps the new fragment
// totally. Set our offsets so that we'll skip the copy
// below.
NewEnd = NewOffset - 1; break; } else // Only partial overlap.
NewOffset = CurrentRBD->rbd_end + 1; } } } // End of for loop.
// Adjust the length and offset fields in the new RBD.
// If we've trimmed all the data away, ignore this fragment.
DataLength = NewEnd - NewOffset + 1; DataOffset = NewOffset - Offset; if (!DataLength) { CTEFreeMem(NewRBD); CTEFreeLockFromDPC(&NTE->nte_lock); return; } // Link him in chain.
NewRBD->rbd_buf.ipr_size = (uint) DataLength; NewRBD->rbd_end = NewEnd; NewRBD->rbd_start = (ushort) NewOffset; RH->rh_datarcvd = RH->rh_datarcvd + (ushort) DataLength; NewRBD->rbd_buf.ipr_buffer += DataOffset; NewRBD->rbd_buf.ipr_next = (IPRcvBuf *) CurrentRBD; NewRBD->rbd_buf.ipr_owner = IPR_OWNER_IP; PrevRBD->rbd_buf.ipr_next = &NewRBD->rbd_buf;
// If we've received all the data, deliver it to the user.
// Only if header size is valid deliver to the user
// BUG #NTQFE 65742
if (RH->rh_datarcvd == RH->rh_datasize && RH->rh_headersize) { // We have it all.
IPOptInfo OptInfo; IPHeader *Header; IPRcvBuf *FirstBuf; ulong Checksum;
PrevRH->rh_next = RH->rh_next; CTEFreeLockFromDPC(&NTE->nte_lock);
Header = (IPHeader *) RH->rh_header; OptInfo.ioi_ttl = Header->iph_ttl; OptInfo.ioi_tos = Header->iph_tos; OptInfo.ioi_flags = 0; // Flags must be 0 - DF can't be set,
// this was reassembled.
if (RH->rh_headersize != sizeof(IPHeader)) { // We had options.
OptInfo.ioi_options = (uchar *) (Header + 1); OptInfo.ioi_optlength = (uchar) (RH->rh_headersize - sizeof(IPHeader)); } else { OptInfo.ioi_options = (uchar *) NULL; OptInfo.ioi_optlength = 0; }
//
// update the indicated header len to the total len; earlier we passed in
// just the first fragment's length.
// also update the 'MF' bit in the flags field.
//
// in the process update the header-checksum,
// by first adding the negation of the original length and flags,
// and then adding the new length and flags.
//
// extract the original checksum
Checksum = (ushort) ~ Header->iph_xsum;
// update the header length
Checksum += (ushort) ~ Header->iph_length; Header->iph_length = net_short(RH->rh_datasize + RH->rh_headersize); Checksum += (ushort) Header->iph_length;
// update the 'MF' flag if set
if (Header->iph_offset & IP_MF_FLAG) { Checksum += (ushort) ~ IP_MF_FLAG; Header->iph_offset &= ~IP_MF_FLAG; } // insert the new checksum
Checksum = (ushort) Checksum + (ushort) (Checksum >> 16); Checksum += Checksum >> 16; Header->iph_xsum = (ushort) ~ Checksum;
// Make sure that the first buffer contains enough data.
FirstBuf = (IPRcvBuf *) RH->rh_rbd;
// Make sure that this can hold MIN_FIRST_SIZE
// Else treat it as attack
if (RH->rh_rbd->rbd_AllocSize < MIN_FIRST_SIZE) { //Attack???
FreeRH(RH); return; } while (FirstBuf->ipr_size < MIN_FIRST_SIZE) { IPRcvBuf *NextBuf = FirstBuf->ipr_next; uint CopyLength;
if (NextBuf == NULL) break;
CopyLength = MIN(MIN_FIRST_SIZE - FirstBuf->ipr_size, NextBuf->ipr_size); RtlCopyMemory(FirstBuf->ipr_buffer + FirstBuf->ipr_size, NextBuf->ipr_buffer, CopyLength); FirstBuf->ipr_size += CopyLength; NextBuf->ipr_buffer += CopyLength; NextBuf->ipr_size -= CopyLength; if (NextBuf->ipr_size == 0) { FirstBuf->ipr_next = NextBuf->ipr_next; CTEFreeMem(NextBuf); } }
IPSInfo.ipsi_reasmoks++;
if (((IPSecHandlerPtr) && (RefPtrValid(&FilterRefPtr))) || (FirewallMode) || (PromiscuousMode) ) { uint DataSize;
DataSize = RH->rh_datasize; if (FirewallMode) { // Attach header to pass to Firewall hook
pRcvBuf = (IPRcvBuf *) CTEAllocMemN(sizeof(IPRcvBuf), 'eiCT'); if (!pRcvBuf) { FreeRH(RH); return; } pRcvBuf->ipr_buffer = (uchar *) RH->rh_header; pRcvBuf->ipr_size = RH->rh_headersize; pRcvBuf->ipr_owner = IPR_OWNER_IP; pRcvBuf->ipr_next = FirstBuf; pRcvBuf->ipr_flags = 0; DataSize += RH->rh_headersize; } else { pRcvBuf = FirstBuf; } DeliverToUserEx(SrcNTE, NTE, Header, RH->rh_headersize, pRcvBuf, DataSize, &OptInfo, NULL, DestType, LinkCtxt); if (FirewallMode) { // RH chain is already freed.
CTEFreeMem(RH); CTEInterlockedDecrementLong(&NumRH); } else { FreeRH(RH); } } else { // Normal Path
DeliverToUser(SrcNTE, NTE, Header, RH->rh_headersize, FirstBuf, RH->rh_datasize, &OptInfo, NULL, DestType); FreeRH(RH); } } else CTEFreeLockFromDPC(&NTE->nte_lock);}
//* RATDComplete - Completion routing for a reassembly transfer data.
//
// This is the completion handle for TDs invoked because we are reassembling
// a fragment.
//
// Input: NetContext - Ptr to the net table entry on which we received
// this.
// Packet - Packet we received into.
// Status - Final status of copy.
// DataSize - Size in bytes of data transferred.
//
// Returns: Nothing
//
voidRATDComplete(void *NetContext, PNDIS_PACKET Packet, NDIS_STATUS Status, uint DataSize){ NetTableEntry *NTE = (NetTableEntry *) NetContext; Interface *SrcIF; TDContext *Context = (TDContext *) Packet->ProtocolReserved; PNDIS_BUFFER Buffer;
if (Status == NDIS_STATUS_SUCCESS) { Context->tdc_rbd->rbd_buf.ipr_size = DataSize; ReassembleFragment(Context->tdc_nte, NTE, Context->tdc_rbd, (IPHeader *) Context->tdc_header, Context->tdc_hlength, Context->tdc_dtype, NULL); } NdisUnchainBufferAtFront(Packet, &Buffer); NdisFreeBuffer(Buffer); Context->tdc_common.pc_flags &= ~PACKET_FLAG_RA; SrcIF = NTE->nte_if; CTEGetLockAtDPC(&SrcIF->if_lock);
Context->tdc_common.pc_link = SrcIF->if_tdpacket; SrcIF->if_tdpacket = Packet; CTEFreeLockFromDPC(&SrcIF->if_lock);
return;
}
//* IPReassemble - Reassemble an incoming datagram.
//
// Called when we receive an incoming fragment. The first thing we do is
// get a buffer to put the fragment in. If we can't we'll exit. Then we
// copy the data, either via transfer data or directly if it all fits.
//
// Input: SrcNTE - Pointer to NTE that received the datagram.
// NTE - Pointer to NTE on which to reassemble.
// IPH - Pointer to header of packet.
// HeaderSize - Size in bytes of header.
// Data - Pointer to data part of fragment.
// BufferLengt - Length in bytes of user data available in the
// buffer.
// DataLength - Length in bytes of the (upper-layer) data.
// DestType - Type of destination
// LContext1, LContext2 - Link layer context values.
//
// Returns: Nothing.
//
voidIPReassemble(NetTableEntry * SrcNTE, NetTableEntry * NTE, IPHeader UNALIGNED * IPH, uint HeaderSize, uchar * Data, uint BufferLength, uint DataLength, uchar DestType, NDIS_HANDLE LContext1, uint LContext2, LinkEntry * LinkCtxt){ Interface *RcvIF; PNDIS_PACKET TDPacket; // NDIS packet used for TD.
TDContext *TDC = (TDContext *) NULL; // Transfer data context.
NDIS_STATUS Status; PNDIS_BUFFER Buffer; RABufDesc *NewRBD; // Pointer to new RBD to hold
// arriving fragment.
uint AllocSize;
IPSInfo.ipsi_reasmreqds++;
//
// Drop invalid length fragments.
// We expect at least 8 byte len payload
// in fragments except for the last one.
//
if ((DataLength == 0) || ((IPH->iph_offset & IP_MF_FLAG) && DataLength < 8)) { return; }
//
// First, get a new RBD to hold the arriving fragment. If we can't,
// then just skip the rest. The RBD has the buffer implicitly at the end
// of it. The buffer for the first fragment must be at least
// MIN_FIRST_SIZE bytes.
//
if ((IPH->iph_offset & IP_OFFSET_MASK) == 0) { AllocSize = MAX(MIN_FIRST_SIZE, DataLength); } else AllocSize = DataLength;
NewRBD = CTEAllocMemN(sizeof(RABufDesc) + AllocSize, 'fiCT');
if (NewRBD != (RABufDesc *) NULL) {
NewRBD->rbd_buf.ipr_buffer = (uchar *) (NewRBD + 1); NewRBD->rbd_buf.ipr_size = DataLength; NewRBD->rbd_buf.ipr_owner = IPR_OWNER_IP; NewRBD->rbd_buf.ipr_flags = 0;
NewRBD->rbd_AllocSize = AllocSize;
NewRBD->rbd_buf.ipr_pMdl = NULL; NewRBD->rbd_buf.ipr_pClientCnt = NULL;
//
// Copy the data into the buffer. If we need to call transfer data
// do so now.
//
if (DataLength > BufferLength) { // Need to call transfer data.
NdisAllocateBuffer(&Status, &Buffer, BufferPool, NewRBD + 1, DataLength); if (Status != NDIS_STATUS_SUCCESS) { IPSInfo.ipsi_reasmfails++; CTEFreeMem(NewRBD); return; } // Now get a packet for transferring the frame.
RcvIF = SrcNTE->nte_if; CTEGetLockAtDPC(&RcvIF->if_lock); TDPacket = RcvIF->if_tdpacket;
if (TDPacket != (PNDIS_PACKET) NULL) {
TDC = (TDContext *) TDPacket->ProtocolReserved; RcvIF->if_tdpacket = TDC->tdc_common.pc_link; CTEFreeLockFromDPC(&RcvIF->if_lock);
TDC->tdc_common.pc_flags |= PACKET_FLAG_RA; TDC->tdc_nte = NTE; TDC->tdc_dtype = DestType; TDC->tdc_hlength = (uchar) HeaderSize; TDC->tdc_rbd = NewRBD; RtlCopyMemory(TDC->tdc_header, IPH, HeaderSize + 8); NdisChainBufferAtFront(TDPacket, Buffer); Status = (*(RcvIF->if_transfer)) (RcvIF->if_lcontext, LContext1, LContext2, HeaderSize, DataLength, TDPacket, &DataLength); if (Status != NDIS_STATUS_PENDING) RATDComplete(SrcNTE, TDPacket, Status, DataLength); else return; } else { // Couldn't get a TD packet.
CTEFreeLockFromDPC(&RcvIF->if_lock); CTEFreeMem(NewRBD); IPSInfo.ipsi_reasmfails++; return; } } else { // It all fits, copy it.
RtlCopyMemory(NewRBD + 1, Data, DataLength); ReassembleFragment(NTE, SrcNTE, NewRBD, IPH, HeaderSize, DestType, LinkCtxt); } } else { IPSInfo.ipsi_reasmfails++; }}
//* CheckLocalOptions - Check the options received with a packet.
//
// A routine called when we've received a packet for this host and want to
// examine it for options. We process the options, and return TRUE or FALSE
// depending on whether or not it's for us.
//
// Input: SrcNTE - Pointer to NTE this came in on.
// Header - Pointer to incoming header.
// OptInfo - Place to put opt info.
// DestType - Type of incoming packet.
//
// Returns: DestType - Local or remote.
//
ucharCheckLocalOptions(NetTableEntry * SrcNTE, IPHeader UNALIGNED * Header, IPOptInfo * OptInfo, uchar DestType, uchar* Data, uint DataSize, BOOLEAN FilterOnDrop){ uint HeaderLength; // Length in bytes of header.
OptIndex Index; uchar ErrIndex;
HeaderLength = (Header->iph_verlen & (uchar) ~ IP_VER_FLAG) << 2; ASSERT(HeaderLength > sizeof(IPHeader));
OptInfo->ioi_options = (uchar *) (Header + 1); OptInfo->ioi_optlength = (uchar) (HeaderLength - sizeof(IPHeader));
// We have options of some sort. The packet may or may not be bound for us.
Index.oi_srindex = MAX_OPT_SIZE; if ((ErrIndex = ParseRcvdOptions(OptInfo, &Index)) < MAX_OPT_SIZE) { if (!FilterOnDrop || !RefPtrValid(&FilterRefPtr) || NotifyFilterOfDiscard(SrcNTE, Header, Data, DataSize)) { SendICMPErr(SrcNTE->nte_addr, Header, ICMP_PARAM_PROBLEM, PTR_VALID, ((ulong) ErrIndex + sizeof(IPHeader)), 0); } return DEST_INVALID; // Parameter error.
} //
// If there's no source route, or if the destination is a broadcast, we'll
// take it. If it is a broadcast DeliverToUser will forward it when it's
// done, and the forwarding code will reprocess the options.
//
if (Index.oi_srindex == MAX_OPT_SIZE || IS_BCAST_DEST(DestType)) return DEST_LOCAL; else return DEST_REMOTE;}
//* TDUserRcv - Completion routing for a user transfer data.
//
// This is the completion handle for TDs invoked because we need to give
// data to a upper layer client. All we really do is call the upper layer
// handler with the data.
//
// Input: NetContext - Pointer to the net table entry on which we
// received this.
// Packet - Packet we received into.
// Status - Final status of copy.
// DataSize - Size in bytes of data transferred.
//
// Returns: Nothing
//
voidTDUserRcv(void *NetContext, PNDIS_PACKET Packet, NDIS_STATUS Status, uint DataSize){ NetTableEntry *NTE = (NetTableEntry *) NetContext; Interface *SrcIF; TDContext *Context = (TDContext *) Packet->ProtocolReserved; uchar DestType; IPRcvBuf RcvBuf; IPOptInfo OptInfo; IPHeader *Header; uint PromiscuousMode = 0; uint FirewallMode = 0;
if (NTE->nte_flags & NTE_VALID) { FirewallMode = ProcessFirewallQ(); PromiscuousMode = NTE->nte_if->if_promiscuousmode; } if (Status == NDIS_STATUS_SUCCESS) { Header = (IPHeader *) Context->tdc_header; OptInfo.ioi_ttl = Header->iph_ttl; OptInfo.ioi_tos = Header->iph_tos; OptInfo.ioi_flags = (uchar) ((net_short(Header->iph_offset) >> 13) & IP_FLAG_DF); if (Context->tdc_hlength != sizeof(IPHeader)) { OptInfo.ioi_options = (uchar *) (Header + 1); OptInfo.ioi_optlength = Context->tdc_hlength - sizeof(IPHeader); } else { OptInfo.ioi_options = (uchar *) NULL; OptInfo.ioi_optlength = 0; }
DestType = Context->tdc_dtype; RcvBuf.ipr_next = NULL; RcvBuf.ipr_owner = IPR_OWNER_STACK; RcvBuf.ipr_buffer = (uchar *) Context->tdc_buffer; RcvBuf.ipr_size = DataSize; RcvBuf.ipr_flags = 0; RcvBuf.ipr_pMdl = NULL; RcvBuf.ipr_pClientCnt = NULL;
if (((IPSecHandlerPtr) && (RefPtrValid(&FilterRefPtr))) || (FirewallMode) || (PromiscuousMode)) {
if (FirewallMode) { // attach the header and allocate pRcvBuf on a heap, we free it if firewall is present
IPRcvBuf *pRcvBuf; // attach the header
pRcvBuf = (IPRcvBuf *) CTEAllocMemN(sizeof(IPRcvBuf), 'giCT'); if (!pRcvBuf) { return; } pRcvBuf->ipr_owner = IPR_OWNER_IP; pRcvBuf->ipr_buffer = (uchar *) Header; pRcvBuf->ipr_size = Context->tdc_hlength; pRcvBuf->ipr_pMdl = NULL; pRcvBuf->ipr_pClientCnt = NULL; pRcvBuf->ipr_flags = 0;
// attach the data
pRcvBuf->ipr_next = (IPRcvBuf *) CTEAllocMemN(sizeof(IPRcvBuf), 'hiCT'); if (!pRcvBuf->ipr_next) { CTEFreeMem(pRcvBuf); return; } pRcvBuf->ipr_next->ipr_owner = IPR_OWNER_IP; pRcvBuf->ipr_next->ipr_buffer = (uchar *) Context->tdc_buffer; pRcvBuf->ipr_next->ipr_size = DataSize; pRcvBuf->ipr_next->ipr_pMdl = NULL; pRcvBuf->ipr_next->ipr_pClientCnt = NULL; pRcvBuf->ipr_next->ipr_next = NULL; pRcvBuf->ipr_next->ipr_flags = 0;
DataSize += Context->tdc_hlength; DeliverToUserEx(NTE, Context->tdc_nte, Header, Context->tdc_hlength, pRcvBuf, DataSize, &OptInfo, Packet, DestType, NULL); } else { DeliverToUserEx(NTE, Context->tdc_nte, Header, Context->tdc_hlength, &RcvBuf, DataSize, &OptInfo, Packet, DestType, NULL); } } else {
DeliverToUser(NTE, Context->tdc_nte, Header, Context->tdc_hlength, &RcvBuf, DataSize, &OptInfo, Packet, DestType); // If it's a broadcast packet forward it on.
if (IS_BCAST_DEST(DestType)) IPForwardPkt(NTE, Header, Context->tdc_hlength, RcvBuf.ipr_buffer, DataSize, NULL, 0, DestType, 0, NULL, NULL, NULL); } }
SrcIF = NTE->nte_if; CTEGetLockAtDPC(&SrcIF->if_lock);
Context->tdc_common.pc_link = SrcIF->if_tdpacket; SrcIF->if_tdpacket = Packet;
CTEFreeLockFromDPC(&SrcIF->if_lock);}
voidIPInjectPkt(FORWARD_ACTION Action, void *SavedContext, uint SavedContextLength, struct IPHeader UNALIGNED *IPH, struct IPRcvBuf *DataChain){ char *Data; char *PreservedData; uint DataSize; PFIREWALL_CONTEXT_T pFirCtx = (PFIREWALL_CONTEXT_T) SavedContext; NetTableEntry *NTE = pFirCtx->NTE; // Local NTE received on
LinkEntry *LinkCtxt = pFirCtx->LinkCtxt; // Local NTE received on
NetTableEntry *DestNTE; // NTE to receive on.
IPAddr DAddr; // Dest. IP addr. of received packet.
uint HeaderLength; // Size in bytes of received header.
uint IPDataLength; // Length in bytes of IP (including UL) data in packet.
IPOptInfo OptInfo; // Incoming header information.
uchar DestType; // Type (LOCAL, REMOTE, SR) of Daddr.
IPRcvBuf RcvBuf; IPRcvBuf *tmpRcvBuf; ulong Offset; KIRQL OldIrql;
UNREFERENCED_PARAMETER(SavedContextLength);
//
// One can not inject a packet that was being transmitted earlier
//
ASSERT(pFirCtx->Direction == IP_RECEIVE);
if (Action == ICMP_ON_DROP) { // send an ICMP message ?????
return; } ASSERT(Action == FORWARD);
DataSize = 0; tmpRcvBuf = DataChain; while (tmpRcvBuf != NULL) { ASSERT(tmpRcvBuf->ipr_buffer != NULL); DataSize += tmpRcvBuf->ipr_size; tmpRcvBuf = tmpRcvBuf->ipr_next; }
Data = (char *) CTEAllocMemN(DataSize, 'iiCT'); if (Data == NULL) { return; } tmpRcvBuf = DataChain; Offset = 0;
while (tmpRcvBuf != NULL) { ASSERT(tmpRcvBuf->ipr_buffer != NULL);#if DBG_VALIDITY_CHECK
if (Offset + tmpRcvBuf->ipr_size > DataSize) { DbgPrint("Offset %d: tmpRcvBuf->ipr_size %d: DataSize %d ::::\n", Offset, tmpRcvBuf->ipr_size, DataSize); DbgBreakPoint(); }#endif
RtlCopyMemory(Data + Offset, tmpRcvBuf->ipr_buffer, tmpRcvBuf->ipr_size); Offset += tmpRcvBuf->ipr_size; tmpRcvBuf = tmpRcvBuf->ipr_next; }
PreservedData = Data;
// free the data chain
// IPFreeBuff(pContextInfo->DataChain);
IPH = (IPHeader UNALIGNED *) Data; // Make sure we actually have data.
if (DataSize) {
// Check the header length, the xsum and the version. If any of these
// checks fail silently discard the packet.
HeaderLength = ((IPH->iph_verlen & (uchar) ~ IP_VER_FLAG) << 2); if (HeaderLength >= sizeof(IPHeader) && HeaderLength <= DataSize) {
// Check the version, and sanity check the total length.
IPDataLength = (uint) net_short(IPH->iph_length); if ((IPH->iph_verlen & IP_VER_FLAG) == IP_VERSION && IPDataLength > sizeof(IPHeader)) {
IPDataLength -= HeaderLength; Data = (char *) Data + HeaderLength; DataSize -= HeaderLength;
// IPDataLength should be equal to DataSize
ASSERT(IPDataLength == DataSize);
DAddr = IPH->iph_dest; DestNTE = NTE;
// Find local NTE, if any.
DestType = GetLocalNTE(DAddr, &DestNTE);
OptInfo.ioi_ttl = IPH->iph_ttl; OptInfo.ioi_tos = IPH->iph_tos; OptInfo.ioi_flags = (uchar) ((net_short(IPH->iph_offset) >> 13) & IP_FLAG_DF); OptInfo.ioi_options = (uchar *) NULL; OptInfo.ioi_optlength = 0;
if ((DestType < DEST_REMOTE)) { // It's either local or some sort of broadcast.
// The data probably belongs at this station. If there
// aren't any options, it definetly belongs here, and we'll
// dispatch it either to our reasssmbly code or to the
// deliver to user code. If there are options, we'll check
// them and then either handle the packet locally or pass it
// to our forwarding code.
if (HeaderLength != sizeof(IPHeader)) { // We have options.
uchar NewDType;
NewDType = CheckLocalOptions(NTE, IPH, &OptInfo, DestType, NULL, 0, FALSE); if (NewDType != DEST_LOCAL) { if (NewDType == DEST_REMOTE) goto forward; else { IPSInfo.ipsi_inhdrerrors++; CTEFreeMem(PreservedData); return; // Bad Options.
} } } RcvBuf.ipr_next = NULL; RcvBuf.ipr_owner = IPR_OWNER_STACK; RcvBuf.ipr_buffer = (uchar *) Data; RcvBuf.ipr_size = IPDataLength; RcvBuf.ipr_flags = 0;
RcvBuf.ipr_pMdl = NULL; RcvBuf.ipr_pClientCnt = NULL;
// When we get here, we have the whole packet. Deliver
// it.
KeRaiseIrql(DISPATCH_LEVEL, &OldIrql); DeliverToUser(NTE, DestNTE, IPH, HeaderLength, &RcvBuf, IPDataLength, &OptInfo, NULL, DestType); // When we're here, we're through with the packet
// locally. If it's a broadcast packet forward it on.
if (IS_BCAST_DEST(DestType)) { IPForwardPkt(NTE, IPH, HeaderLength, Data, IPDataLength, NULL, 0, DestType, 0, NULL, NULL, LinkCtxt); } KeLowerIrql(OldIrql); // free the data, work item and various fields within them.
CTEFreeMem(PreservedData); return; } // Not for us, may need to be forwarded. It might be an outgoing
// broadcast that came in through a source route, so we need to
// check that.
forward: if (DestType != DEST_INVALID) { KeRaiseIrql(DISPATCH_LEVEL, &OldIrql); IPForwardPkt(NTE, IPH, HeaderLength, Data, DataSize, NULL, 0, DestType, 0, NULL, NULL, LinkCtxt); KeLowerIrql(OldIrql); } else IPSInfo.ipsi_inaddrerrors++; // free the data, work item and various fields within them.
CTEFreeMem(PreservedData);
return;
} // Bad Version
} // Bad checksum
} // No data
IPSInfo.ipsi_inhdrerrors++; // free the data, work item and various fields within them.
CTEFreeMem(PreservedData);}
//* IPRcvPacket - Receive an incoming IP datagram along with the ndis packet
//
// This is the routine called by the link layer module when an incoming IP
// datagram is to be processed. We validate the datagram (including doing
// the xsum), copy and process incoming options, and decide what to do
// with it.
//
// Entry: MyContext - The context valued we gave to the link layer.
// Data - Pointer to the data buffer.
// DataSize - Size in bytes of the data buffer.
// TotalSize - Total size in bytes available.
// LContext1 - 1st link context.
// LContext2 - 2nd link context.
// BCast - Indicates whether or not packet was received
// on bcast address.
// HeaderSize - size of the mac header
// pMdl - NDIS Packet from the MAC driver
// pClientCnt - Variable to indicate how many upper layer
// clients were given this packet
// for TCP it will be only 1.
//
// Returns: Nothing.
//
void__stdcallIPRcvPacket(void *MyContext, void *Data, uint DataSize, uint TotalSize, NDIS_HANDLE LContext1, uint LContext2, uint BCast, uint MacHeaderSize, PNDIS_BUFFER pNdisBuffer, uint *pClientCnt, LinkEntry *LinkCtxt){ IPHeader UNALIGNED *IPH = (IPHeader UNALIGNED *) Data; NetTableEntry *NTE = (NetTableEntry *) MyContext; // Local NTE received on
NetTableEntry *DestNTE; // NTE to receive on.
Interface *RcvIF = NULL; // Interface corresponding to NTE.
PNDIS_PACKET TDPacket = NULL; // NDIS packet used for TD.
TDContext *TDC = (TDContext *) NULL; // Transfer data context.
NDIS_STATUS Status; IPAddr DAddr; // Dest. IP addr. of received packet.
uint HeaderLength; // Size in bytes of received header.
uint IPDataLength; // Length in bytes of IP (including UL)
// data in packet.
IPOptInfo OptInfo; // Incoming header information.
uchar DestType; // Type (LOCAL, REMOTE, SR) of Daddr.
IPRcvBuf RcvBuf;
BOOLEAN ChkSumOk = FALSE;
// used by firewall
uchar NewDType; IPRcvBuf *pRcvBuf; uint MoreData = 0; uchar *PreservedData; uchar *HdrBuf; uint DataLength; uint FirewallMode = 0; uint PromiscuousMode = 0; uint AbsorbFwdPkt = 0; PNDIS_PACKET OffLoadPkt = NULL; BOOLEAN Loopback = FALSE;
IPSIncrementInReceiveCount();
// Make sure we actually have data.
if (0 == DataSize) { goto HeaderError; }
// Check the header length, the xsum and the version. If any of these
// checks fail silently discard the packet.
HeaderLength = ((IPH->iph_verlen & (uchar)~IP_VER_FLAG) << 2);
if ((HeaderLength < sizeof(IPHeader)) || (HeaderLength > DataSize)) { goto HeaderError; }
//Check if hardware did the checksum or not by inspecting Lcontext1
if (pClientCnt) { PNDIS_PACKET_EXTENSION PktExt; NDIS_TCP_IP_CHECKSUM_PACKET_INFO ChksumPktInfo;
if (pNdisBuffer) { OffLoadPkt = NDIS_GET_ORIGINAL_PACKET((PNDIS_PACKET) (LContext1)); if (!OffLoadPkt) { OffLoadPkt = (PNDIS_PACKET) (LContext1); } } else { OffLoadPkt = (PNDIS_PACKET) pClientCnt; }
PktExt = NDIS_PACKET_EXTENSION_FROM_PACKET(OffLoadPkt);
ChksumPktInfo.Value = PtrToUshort(PktExt->NdisPacketInfo[TcpIpChecksumPacketInfo]);
if (ChksumPktInfo.Value) { if (ChksumPktInfo.Receive.NdisPacketIpChecksumSucceeded) { ChkSumOk = TRUE; } } //
// Check if this packet is an echo of packet that we sent.
//
Loopback = (NdisGetPacketFlags(OffLoadPkt) & NDIS_FLAGS_IS_LOOPBACK_PACKET)?TRUE : FALSE; }
// Unless the hardware says the checksum was correct, checksum the
// header ourselves and bail out if it is incorrect.
if (!ChkSumOk && (xsum(Data, HeaderLength) != (ushort) 0xffff)) { goto HeaderError; }
// Check the version, and sanity check the total length.
IPDataLength = (uint) net_short(IPH->iph_length);
if (((IPH->iph_verlen & IP_VER_FLAG) != IP_VERSION) || (IPDataLength < HeaderLength) || (IPDataLength > TotalSize)) { goto HeaderError; }
IPDataLength -= HeaderLength; // In case of firewall, we need to pass the whole data including header
PreservedData = (uchar *) Data; Data = (uchar *) Data + HeaderLength; DataSize -= HeaderLength;
DAddr = IPH->iph_dest; DestNTE = NTE;
// Find local NTE, if any.
if (BCast == AI_PROMIS_INDEX) { DestType = DEST_PROMIS; } else { DestType = GetLocalNTE(DAddr, &DestNTE); }
AbsorbFwdPkt = (DestType >= DEST_REMOTE) && (NTE->nte_if->if_absorbfwdpkts) && (IPH->iph_protocol == NTE->nte_if->if_absorbfwdpkts) && IsRtrAlertPacket(IPH); PromiscuousMode = NTE->nte_if->if_promiscuousmode; FirewallMode = ProcessFirewallQ();
// Check to see if this is a non-broadcast IP address that
// came in as a link layer broadcast. If it is, throw it out.
// This is an important check for DHCP, since if we're
// DHCPing an interface all otherwise unknown addresses will
// come in as DEST_LOCAL. This check here will throw them out
// if they didn't come in as unicast.
if ((BCast == AI_NONUCAST_INDEX) && !IS_BCAST_DEST(DestType)) { IPSInfo.ipsi_inaddrerrors++; return; // Non bcast packet on bcast address.
}
if (CLASSD_ADDR(DAddr)) { NTE->nte_if->if_InMcastPkts++; NTE->nte_if->if_InMcastOctets += IPDataLength; }
OptInfo.ioi_ttl = IPH->iph_ttl; OptInfo.ioi_tos = IPH->iph_tos; OptInfo.ioi_flags = (uchar) ((net_short(IPH->iph_offset) >> 13) & IP_FLAG_DF); OptInfo.ioi_options = (uchar *) NULL; OptInfo.ioi_optlength = 0;
if ((DestType < DEST_REMOTE) || (AbsorbFwdPkt) || (((FirewallMode) || (PromiscuousMode)) && (DestType != DEST_INVALID))) { // It's either local or some sort of broadcast.
// The data probably belongs at this station. If there
// aren't any options, it definitely belongs here, and we'll
// dispatch it either to our reassembly code or to the
// deliver to user code. If there are options, we'll check
// them and then either handle the packet locally or pass it
// to our forwarding code.
NewDType = DestType; if (DestType < DEST_REMOTE) { if (HeaderLength != sizeof(IPHeader)) { // We have options.
NewDType = CheckLocalOptions(NTE, IPH, &OptInfo, DestType, Data, DataSize, TRUE);
if (NewDType != DEST_LOCAL) { if (NewDType == DEST_REMOTE) { if ((!FirewallMode) && (!PromiscuousMode) && (!AbsorbFwdPkt)) goto forward; else DestType = NewDType; } else { goto HeaderError; } } if ((OptInfo.ioi_flags & IP_FLAG_SSRR) && DisableIPSourceRouting == 2) { IPSInfo.ipsi_outdiscards++; if (RefPtrValid(&FilterRefPtr)) { NotifyFilterOfDiscard(NTE, IPH, Data, DataSize); } return; } } }
//
// Before we go further, if we have a filter installed
// call it to see if we should take this.
// if ForwardFirewall/Promiscuous, we can reach at this
// point
// if firewall/ipsec/promiscuous present, we will call
// filter hook in delivertouserex
// Except if we have a fragment, we also call filter hook
// now.
//
if (((RefPtrValid(&FilterRefPtr)) && (!IPSecHandlerPtr) && (!FirewallMode) && (!PromiscuousMode) && (!AbsorbFwdPkt)) || ((RefPtrValid(&FilterRefPtr)) && (IPH->iph_offset & ~(IP_DF_FLAG | IP_RSVD_FLAG)))) { Interface *IF = NTE->nte_if; IPAddr LinkNextHop; IPPacketFilterPtr FilterPtr; FORWARD_ACTION Action; if ((IF->if_flags & IF_FLAGS_P2MP) && LinkCtxt) { LinkNextHop = LinkCtxt->link_NextHop; } else { LinkNextHop = NULL_IP_ADDR; }
FilterPtr = AcquireRefPtr(&FilterRefPtr); Action = (*FilterPtr) (IPH, Data, MIN(DataSize, IPDataLength), IF->if_index, INVALID_IF_INDEX, LinkNextHop, NULL_IP_ADDR); ReleaseRefPtr(&FilterRefPtr);
if (Action != FORWARD) { IPSInfo.ipsi_indiscards++; return; } } // No options. See if it's a fragment. If it is, call our
// reassembly handler.
if ((IPH->iph_offset & ~(IP_DF_FLAG | IP_RSVD_FLAG)) == 0) {
// We don't have a fragment. If the data all fits,
// handle it here. Otherwise transfer data it.
// Make sure data is all in buffer, and directly
// accesible.
if ((IPDataLength > DataSize) || !(NTE->nte_flags & NTE_COPY)) { // The data isn't all here. Transfer data it.
// Needed by firewall since we need to attach the IPheader
MoreData = 1;
RcvIF = NTE->nte_if; CTEGetLockAtDPC(&RcvIF->if_lock); TDPacket = RcvIF->if_tdpacket;
if (TDPacket != (PNDIS_PACKET) NULL) {
TDC = (TDContext *) TDPacket->ProtocolReserved; RcvIF->if_tdpacket = TDC->tdc_common.pc_link; CTEFreeLockFromDPC(&RcvIF->if_lock);
TDC->tdc_nte = DestNTE; TDC->tdc_dtype = DestType; TDC->tdc_hlength = (uchar) HeaderLength; RtlCopyMemory(TDC->tdc_header, IPH, HeaderLength + 8);
Status = (*(RcvIF->if_transfer)) ( RcvIF->if_lcontext, LContext1, LContext2, HeaderLength, IPDataLength, TDPacket, &IPDataLength);
// Check the status. If it's success, call the
// receive procedure. Otherwise, if it's pending
// wait for the callback.
Data = TDC->tdc_buffer; if (Status != NDIS_STATUS_PENDING) { if (Status != NDIS_STATUS_SUCCESS) { IPSInfo.ipsi_indiscards++; CTEGetLockAtDPC(&RcvIF->if_lock); TDC->tdc_common.pc_link = RcvIF->if_tdpacket; RcvIF->if_tdpacket = TDPacket; CTEFreeLockFromDPC(&RcvIF->if_lock); return; } } else { return; // Status is pending.
} } else { // Couldn't get a packet.
IPSInfo.ipsi_indiscards++; CTEFreeLockFromDPC(&RcvIF->if_lock); return; } } if (!FirewallMode) { // fast path
RcvBuf.ipr_next = NULL; RcvBuf.ipr_owner = IPR_OWNER_STACK; RcvBuf.ipr_buffer = (uchar *) Data; RcvBuf.ipr_size = IPDataLength; RcvBuf.ipr_flags = 0;
//
// Encapsulate the mdl and context info in RcvBuf
// structure if TD Packet is not involved.
//
RcvBuf.ipr_pMdl = NULL; RcvBuf.ipr_pClientCnt = NULL; if (!MoreData) { RcvBuf.ipr_pMdl = pNdisBuffer; RcvBuf.ipr_pClientCnt = pClientCnt; } RcvBuf.ipr_RcvContext = (uchar *)LContext1; //ASSERT(LContext2 <= 8);
RcvBuf.ipr_RcvOffset = MacHeaderSize + HeaderLength + LContext2; DataLength = IPDataLength; pRcvBuf = &RcvBuf;
} else { // ForwardFirewallPtr != NULL
//
// if Firewall hooks are present we will allocate
// RcvBuf. Also we will pass IPHeader to
// DelivertoUserEx
if (!MoreData) {
if (g_PerCPUIpBuf) { pRcvBuf = g_PerCPUIpBuf + KeGetCurrentProcessorNumber(); pRcvBuf->ipr_owner = IPR_OWNER_STACK; } else { pRcvBuf = (IPRcvBuf *) CTEAllocMemN(sizeof(IPRcvBuf), 'jiCT'); if (!pRcvBuf) { IPSInfo.ipsi_indiscards++; return; } pRcvBuf->ipr_owner = IPR_OWNER_FIREWALL; }
pRcvBuf->ipr_next = NULL;
pRcvBuf->ipr_buffer = (uchar *) PreservedData; pRcvBuf->ipr_size = IPDataLength + HeaderLength; pRcvBuf->ipr_flags = 0;
//
// Encapsulate the mdl and context info in
// RcvBuf structure
//
pRcvBuf->ipr_pMdl = NULL; pRcvBuf->ipr_pClientCnt = NULL;
//
// Enable Buffer ownership in Firewall mode
// When re-route lookup results in forwarding
// local packets, this will help firwall clients
// like proxy/nat to use super fast path in
// IPForwardPkt().
//
if (DestType < DEST_REMOTE) { pRcvBuf->ipr_pMdl = pNdisBuffer; pRcvBuf->ipr_pClientCnt = pClientCnt; }
pRcvBuf->ipr_RcvContext = (uchar *)LContext1;
pRcvBuf->ipr_RcvOffset = MacHeaderSize + HeaderLength + LContext2; } else { // MoreData=1; we have gone thru TD
// path attach the header
pRcvBuf = (IPRcvBuf *) CTEAllocMemN(sizeof(IPRcvBuf), 'jiCT'); if (!pRcvBuf) { IPSInfo.ipsi_indiscards++; return; }
pRcvBuf->ipr_owner = IPR_OWNER_FIREWALL; HdrBuf = (uchar *) CTEAllocMemN(HeaderLength, 'kiCT'); if (!HdrBuf) { CTEFreeMem(pRcvBuf); IPSInfo.ipsi_indiscards++; return; } RtlCopyMemory(HdrBuf, IPH, HeaderLength); pRcvBuf->ipr_buffer = HdrBuf; // remember to
// free HdrBuf &
//pRcvBuf
pRcvBuf->ipr_size = HeaderLength; pRcvBuf->ipr_flags = 0; pRcvBuf->ipr_pMdl = NULL; pRcvBuf->ipr_pClientCnt = NULL; pRcvBuf->ipr_next = (IPRcvBuf *) CTEAllocMemN(sizeof(IPRcvBuf), 'liCT'); if (!pRcvBuf->ipr_next) { CTEFreeMem(pRcvBuf); CTEFreeMem(HdrBuf); IPSInfo.ipsi_indiscards++; return; } pRcvBuf->ipr_next->ipr_next = NULL; pRcvBuf->ipr_next->ipr_owner = IPR_OWNER_IP; pRcvBuf->ipr_next->ipr_buffer = (uchar *) Data; pRcvBuf->ipr_next->ipr_size = IPDataLength;
//
//encapsulate the mdl and context info in
//RcvBuf structure
//
pRcvBuf->ipr_next->ipr_pMdl = NULL; pRcvBuf->ipr_next->ipr_pClientCnt = NULL; pRcvBuf->ipr_next->ipr_RcvContext = (uchar *)LContext1;
pRcvBuf->ipr_next->ipr_flags = 0;
//ASSERT(LContext2 <= 8);
pRcvBuf->ipr_next->ipr_RcvOffset = MacHeaderSize + HeaderLength + LContext2; } // In case of firewall, Data includes ipheader also
DataLength = IPDataLength + HeaderLength; }
// 3 cases when we go to DeliverToUserEx
// IPSEC & Filter present; Firewallhooks present;
// promiscuous mode set on the interface
if (((IPSecHandlerPtr) && (RefPtrValid(&FilterRefPtr))) || (FirewallMode) || (PromiscuousMode)) {
if (Loopback) { //
// Loopbacked packet should not end up getting
// forwarded again to prevent nested receive
// indications from ndis, causing stack overflow.
//
pRcvBuf->ipr_flags |= IPR_FLAG_LOOPBACK_PACKET; }
if (pClientCnt) {
DeliverToUserEx(NTE, DestNTE, IPH, HeaderLength, pRcvBuf, DataLength, &OptInfo, LContext1, DestType, LinkCtxt); } else { DeliverToUserEx(NTE, DestNTE, IPH, HeaderLength, pRcvBuf, DataLength, &OptInfo, NULL, DestType, LinkCtxt);
} } else { //
// When we get here, we have the whole packet.
// Deliver it.
//
if (pNdisBuffer) { DeliverToUser(NTE, DestNTE, IPH, HeaderLength, pRcvBuf, IPDataLength, &OptInfo, (PNDIS_PACKET) (LContext1), DestType); } else if (OffLoadPkt) { DeliverToUser(NTE, DestNTE, IPH, HeaderLength, pRcvBuf, IPDataLength, &OptInfo, OffLoadPkt, DestType);
} else {
DeliverToUser( NTE, DestNTE, IPH, HeaderLength, pRcvBuf, IPDataLength, &OptInfo, NULL, DestType);
}
//
// When we're here, we're through with the packet
// locally. If it's a broadcast packet forward it
// on.
if (IS_BCAST_DEST(DestType)) {
IPForwardPkt(NTE, IPH, HeaderLength, Data, IPDataLength, NULL, 0, DestType, 0, NULL, NULL, LinkCtxt); } }
if (TDC != NULL) { CTEGetLockAtDPC(&RcvIF->if_lock); TDC->tdc_common.pc_link = RcvIF->if_tdpacket; RcvIF->if_tdpacket = TDPacket; CTEFreeLockFromDPC(&RcvIF->if_lock); } return; } else { // This is a fragment. Reassemble it.
IPReassemble(NTE, DestNTE, IPH, HeaderLength, Data, DataSize, IPDataLength, DestType, LContext1, LContext2, LinkCtxt); return; }
} // Not for us, may need to be forwarded. It might be an outgoing
// broadcast that came in through a source route, so we need to
// check that.
forward: if (DestType != DEST_INVALID) { //
// If IPSec is active, make sure there are no inbound policies
// that apply to this packet.
// N.B - IPSecStatus will be true if there is at least one ipsec policy.
//
if (IPSecStatus && (*IPSecRcvFWPacketPtr)((PCHAR) IPH, Data, DataSize, DestType) != eFORWARD) {
IPSInfo.ipsi_indiscards++; return; }
// Super Fast Forward
// chk the parameters
IPForwardPkt(NTE, IPH, HeaderLength, Data, DataSize, LContext1, LContext2, DestType, MacHeaderSize, pNdisBuffer, pClientCnt, LinkCtxt); } else { IPSInfo.ipsi_inaddrerrors++; }
return;
HeaderError: IPSInfo.ipsi_inhdrerrors++;}
//* IPRcv - Receive an incoming IP datagram.
//
// This is the routine called by the link layer module when an incoming IP
// datagram is to be processed. We validate the datagram (including doing
// the xsum), copy and process incoming options, and decide what to do with it.
//
// Entry: MyContext - The context valued we gave to the link layer.
// Data - Pointer to the data buffer.
// DataSize - Size in bytes of the data buffer.
// TotalSize - Total size in bytes available.
// LContext1 - 1st link context.
// LContext2 - 2nd link context.
// BCast - Indicates whether or not packet was received on bcast address.
//
// Returns: Nothing.
//
// For buffer ownership version, we just call RcvPacket, with additional
// two null arguments. Currently LANARP supports buffer owner ship.
// Rest of the folks (rasarp, wanarp and atmarp) come this way.
//
void__stdcallIPRcv(void *MyContext, void *Data, uint DataSize, uint TotalSize, NDIS_HANDLE LContext1, uint LContext2, uint BCast, LinkEntry * LinkCtxt){ IPRcvPacket(MyContext, Data, DataSize, TotalSize, LContext1, LContext2, BCast, (uint) 0, NULL, NULL, LinkCtxt);}
//* IPTDComplete - IP Transfer data complete handler.
//
// This is the routine called by the link layer when a transfer data completes.
//
// Entry: MyContext - Context value we gave to the link layer.
// Packet - Packet we originally gave to transfer data.
// Status - Final status of command.
// BytesCopied - Number of bytes copied.
//
// Exit: Nothing
//
void__stdcallIPTDComplete(void *MyContext, PNDIS_PACKET Packet, NDIS_STATUS Status, uint BytesCopied){ TDContext *TDC = (TDContext *) Packet->ProtocolReserved; FWContext *pFWC = (FWContext *) Packet->ProtocolReserved; NetTableEntry *NTE = (NetTableEntry *) MyContext; uint PromiscuousMode = 0; uint FirewallMode = 0;
if (NTE->nte_flags & NTE_VALID) { PromiscuousMode = NTE->nte_if->if_promiscuousmode; FirewallMode = ProcessFirewallQ(); } if (((IPSecHandlerPtr) && (RefPtrValid(&FilterRefPtr))) || (FirewallMode) || (PromiscuousMode)) { if (!(TDC->tdc_common.pc_flags & PACKET_FLAG_RA)) TDUserRcv(MyContext, Packet, Status, BytesCopied); else RATDComplete(MyContext, Packet, Status, BytesCopied); } else { // Normal Path
if (!(TDC->tdc_common.pc_flags & PACKET_FLAG_FW)) if (!(TDC->tdc_common.pc_flags & PACKET_FLAG_RA)) TDUserRcv(MyContext, Packet, Status, BytesCopied); else RATDComplete(MyContext, Packet, Status, BytesCopied); else {#if IPMCAST
if (pFWC->fc_dtype == DEST_REM_MCAST) { IPMForwardAfterTD(MyContext, Packet, BytesCopied); return; }#endif
SendFWPacket(Packet, Status, BytesCopied); } }}
//* IPFreeBuff -
// Frees the chain and the buffers associated with the chain if allocated
// by firewall hook
//
//
voidIPFreeBuff(IPRcvBuf * pRcvBuf){ IPRcvBuf *Curr = pRcvBuf; IPRcvBuf *Prev;
//
// Free all blocks carried by pRcvbuf
//
while (pRcvBuf != NULL) { FreeIprBuff(pRcvBuf); pRcvBuf = pRcvBuf->ipr_next; }
while (Curr != NULL) { Prev = Curr; Curr = Curr->ipr_next; //
// Free pRcvBuf itself
// if it is not allocated
// on the stack.
//
if (Prev->ipr_owner != IPR_OWNER_STACK) { CTEFreeMem(Prev); }
}}
//* FreeIprBuff -
// Frees the buffer associated by IPRcvBuf if tag in rcvbuf is firewall
// The idea is that if the buffer is allocated by firewall, the tag is firewall
// and its freed when we call ipfreebuff or this routine. However, there is a
// slight catch here. In the reassembly path, the buffer is tagged as ip but
// it has to be freed by ip driver only since the reassembly buffers are
// allocated by ip only. But in this case, the flat buffer is part of the
// Rcvbuf structure and so when Rcvbuf structure is freed the flat buffer is
// also freed. In other cases, fast path in Rcv and xmit path, respective
// lower and upper layers free the flat buffer. This makes sure that ip is
// not freeing the buffers which some other layer allocates. This technique
// is now used by IPSEC also.
//
voidFreeIprBuff(IPRcvBuf * pRcvBuf){ ASSERT(pRcvBuf != NULL);
if ((pRcvBuf->ipr_buffer != NULL) && (pRcvBuf->ipr_owner == IPR_OWNER_FIREWALL)) { CTEFreeMem(pRcvBuf->ipr_buffer); }}
//* IPAllocBuff -
// Allocates a buffer of given size and attaches it to IPRcvBuf
//
// Returns: TRUE if success else FALSE
//
intIPAllocBuff(IPRcvBuf * pRcvBuf, uint size){ ASSERT(pRcvBuf != NULL);
// put a tag in iprcvbuf that firewall allocated it so that
// FreeIprBuff / IPFreeBuff can free it
pRcvBuf->ipr_owner = IPR_OWNER_FIREWALL; if ((pRcvBuf->ipr_buffer = (uchar *) CTEAllocMemN(size, 'miCT')) == NULL) { return FALSE; }
return TRUE;}
|
