archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 7b07a90fc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b07a90fc1'
${ noResults }
windows-server-2003/net/tcpip/tpipv6/tcpip6/sys/ntdisp.c

3085 lines
94 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. // -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs)
  2. //
  3. // Copyright (c) 1985-2000 Microsoft Corporation
  4. //
  5. // This file is part of the Microsoft Research IPv6 Network Protocol Stack.
  6. // You should have received a copy of the Microsoft End-User License Agreement
  7. // for this software along with this release; see the file "license.txt".
  8. // If not, please see http://www.research.microsoft.com/msripv6/license.htm,
  9. // or write to Microsoft Research, One Microsoft Way, Redmond, WA 98052-6399.
  10. //
  11. // Abstract:
  12. //
  13. // NT specific routines for dispatching and handling IRPs.
  14. //
  17. #include <oscfg.h>
  18. #include <ndis.h>
  19. #include <tdikrnl.h>
  20. #include <tdint.h>
  21. #include <tdistat.h>
  22. #include <tdiinfo.h>
  23. #include <ip6imp.h>
  24. #include <ip6def.h>
  25. #include <ntddip6.h>
  26. #include "queue.h"
  27. #include "transprt.h"
  28. #include "addr.h"
  29. #include "tcp.h"
  30. #include "udp.h"
  31. #include "raw.h"
  32. #include <ntddtcp.h>
  33. #include "tcpcfg.h"
  34. #include "tcpconn.h"
  35. #include "tdilocal.h"
  37. //
  38. // Macros
  39. //
  41. //* Convert100nsToMillisconds
  42. //
  43. // Converts time expressed in hundreds of nanoseconds to milliseconds.
  44. //
  45. // REVIEW: replace RtlExtendedMagicDivide with 64 bit compiler support?
  46. //
  47. // LARGE_INTEGER // Returns: Time in milliseconds.
  48. // Convert100nsToMilliseconds(
  49. // IN LARGE_INTEGER HnsTime); // Time in hundreds of nanoseconds.
  50. //
  51. #define SHIFT10000 13
  52. static LARGE_INTEGER Magic10000 = {0xe219652c, 0xd1b71758};
  54. #define Convert100nsToMilliseconds(HnsTime) \
  55. RtlExtendedMagicDivide((HnsTime), Magic10000, SHIFT10000)
  58. //
  59. // Global variables
  60. //
  61. extern PSECURITY_DESCRIPTOR TcpAdminSecurityDescriptor;
  62. extern PDEVICE_OBJECT TCPDeviceObject, UDPDeviceObject;
  63. extern PDEVICE_OBJECT IPDeviceObject;
  64. extern PDEVICE_OBJECT RawIPDeviceObject;
  67. //
  68. // Local types
  69. //
  70. typedef struct {
  71. PIRP Irp;
  72. PMDL InputMdl;
  73. PMDL OutputMdl;
  74. TCP_REQUEST_QUERY_INFORMATION_EX QueryInformation;
  75. } TCP_QUERY_CONTEXT, *PTCP_QUERY_CONTEXT;
  78. //
  79. // General external function prototypes
  80. //
  81. extern
  82. NTSTATUS
  83. IPDispatch(
  84. IN PDEVICE_OBJECT DeviceObject,
  85. IN PIRP Irp
  86. );
  89. //
  90. // Other external functions
  91. //
  92. void
  93. TCPAbortAndIndicateDisconnect(
  94. CONNECTION_CONTEXT ConnnectionContext
  95. );
  97. //
  98. // Local pageable function prototypes
  99. //
  100. NTSTATUS
  101. TCPDispatchDeviceControl(
  102. IN PIRP Irp,
  103. IN PIO_STACK_LOCATION IrpSp
  104. );
  106. NTSTATUS
  107. TCPCreate(
  108. IN PDEVICE_OBJECT DeviceObject,
  109. IN PIRP Irp,
  110. IN PIO_STACK_LOCATION IrpSp
  111. );
  113. NTSTATUS
  114. TCPAssociateAddress(
  115. IN PIRP Irp,
  116. IN PIO_STACK_LOCATION IrpSp
  117. );
  119. NTSTATUS
  120. TCPSetEventHandler(
  121. IN PIRP Irp,
  122. IN PIO_STACK_LOCATION IrpSp
  123. );
  125. NTSTATUS
  126. TCPQueryInformation(
  127. IN PIRP Irp,
  128. IN PIO_STACK_LOCATION IrpSp
  129. );
  131. FILE_FULL_EA_INFORMATION UNALIGNED *
  132. FindEA(
  133. PFILE_FULL_EA_INFORMATION StartEA,
  134. CHAR *TargetName,
  135. USHORT TargetNameLength
  136. );
  138. BOOLEAN
  139. IsAdminIoRequest(
  140. PIRP Irp,
  141. PIO_STACK_LOCATION IrpSp
  142. );
  144. BOOLEAN
  145. IsDHCPZeroAddress(
  146. TRANSPORT_ADDRESS UNALIGNED *AddrList
  147. );
  149. ULONG
  150. RawExtractProtocolNumber(
  151. IN PUNICODE_STRING FileName
  152. );
  154. NTSTATUS
  155. CaptureCreatorSD(
  156. PIRP Irp,
  157. PIO_STACK_LOCATION IrpSp,
  158. OUT PSECURITY_DESCRIPTOR* CreatorSD
  159. );
  161. NTSTATUS
  162. TCPEnumerateConnectionList(
  163. IN PIRP Irp,
  164. IN PIO_STACK_LOCATION IrpSp
  165. );
  167. //
  168. // Local helper routine prototypes.
  169. //
  170. ULONG
  171. TCPGetMdlChainByteCount(
  172. PMDL Mdl
  173. );
  176. //
  177. // All of this code is pageable.
  178. //
  179. #ifdef ALLOC_PRAGMA
  181. #pragma alloc_text(PAGE, TCPDispatchDeviceControl)
  182. #pragma alloc_text(PAGE, TCPCreate)
  183. #pragma alloc_text(PAGE, TCPAssociateAddress)
  184. #pragma alloc_text(PAGE, TCPSetEventHandler)
  185. #pragma alloc_text(PAGE, FindEA)
  186. #pragma alloc_text(PAGE, IsDHCPZeroAddress)
  187. #pragma alloc_text(PAGE, RawExtractProtocolNumber)
  188. #pragma alloc_text(PAGE, IsAdminIoRequest)
  189. #pragma alloc_text(PAGE, CaptureCreatorSD)
  191. #endif // ALLOC_PRAGMA
  194. //
  195. // Generic Irp completion and cancellation routines.
  196. //
  198. //* TCPDataRequestComplete - Completes a UDP/TCP send/receive request.
  199. //
  200. NTSTATUS // Returns: Nothing.
  201. TCPDataRequestComplete(
  202. void *Context, // A pointer to the IRP for this request.
  203. unsigned int Status, // The final TDI status of the request.
  204. unsigned int ByteCount) // Bytes sent/received information.
  205. {
  206. KIRQL oldIrql;
  207. PIRP irp;
  208. PIO_STACK_LOCATION irpSp;
  209. PTCP_CONTEXT tcpContext;
  211. irp = (PIRP) Context;
  212. irpSp = IoGetCurrentIrpStackLocation(irp);
  213. tcpContext = (PTCP_CONTEXT) irpSp->FileObject->FsContext;
  215. if (IoSetCancelRoutine(irp, NULL) == NULL) {
  216. //
  217. // In case an old cancel routine is still running,
  218. // synchronize with it.
  219. //
  220. IoAcquireCancelSpinLock(&oldIrql);
  221. IoReleaseCancelSpinLock(oldIrql);
  222. }
  224. KeAcquireSpinLock(&tcpContext->EndpointLock, &oldIrql);
  226. #if DBG
  228. IF_TCPDBG(TCP_DEBUG_CANCEL) {
  230. PLIST_ENTRY entry, listHead;
  231. PIRP item = NULL;
  233. if (irp->Cancel) {
  234. ASSERT(irp->CancelRoutine == NULL);
  235. listHead = &(tcpContext->CancelledIrpList);
  236. } else {
  237. listHead = &(tcpContext->PendingIrpList);
  238. }
  240. //
  241. // Verify that the Irp is on the appropriate list.
  242. //
  243. for (entry = listHead->Flink; entry != listHead;
  244. entry = entry->Flink) {
  246. item = CONTAINING_RECORD(entry, IRP, Tail.Overlay.ListEntry);
  248. if (item == irp) {
  249. RemoveEntryList(&(irp->Tail.Overlay.ListEntry));
  250. break;
  251. }
  252. }
  254. ASSERT(item == irp);
  255. }
  257. #endif
  259. if ((Status == TDI_CANCELLED) && ByteCount) {
  260. Status = STATUS_SUCCESS;
  261. } else {
  262. if (irp->Cancel || tcpContext->CancelIrps) {
  264. IF_TCPDBG(TCP_DEBUG_IRP) {
  265. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_TCPDBG,
  266. "TCPDataRequestComplete: Irp %lx was cancelled\n",
  267. irp));
  268. }
  270. Status = (unsigned int) STATUS_CANCELLED;
  271. ByteCount = 0;
  272. }
  273. }
  275. ASSERT(tcpContext->ReferenceCount > 0);
  277. IF_TCPDBG(TCP_DEBUG_IRP) {
  278. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_TCPDBG,
  279. "TCPDataRequestComplete: "
  280. "Irp %lx fileobj %lx refcnt dec to %u\n",
  281. irp, irpSp->FileObject, tcpContext->ReferenceCount - 1));
  282. }
  284. if (--(tcpContext->ReferenceCount) == 0) {
  286. IF_TCPDBG(TCP_DEBUG_CANCEL) {
  287. ASSERT(IsListEmpty(&(tcpContext->CancelledIrpList)));
  288. ASSERT(IsListEmpty(&(tcpContext->PendingIrpList)));
  289. }
  291. KeReleaseSpinLock(&tcpContext->EndpointLock, oldIrql);
  293. //
  294. // Since the reference count on the tcpContext is now zero,
  295. // setting this event must be the last place we touch it.
  296. //
  297. KeSetEvent(&(tcpContext->CleanupEvent), 0, FALSE);
  299. } else {
  300. KeReleaseSpinLock(&tcpContext->EndpointLock, oldIrql);
  301. }
  303. IF_TCPDBG(TCP_DEBUG_IRP) {
  304. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_TCPDBG,
  305. "TCPDataRequestComplete: completing irp %lx, status %lx,"
  306. " byte count %lx\n", irp, Status, ByteCount));
  307. }
  309. irp->IoStatus.Status = (NTSTATUS) Status;
  310. irp->IoStatus.Information = ByteCount;
  312. IoCompleteRequest(irp, IO_NETWORK_INCREMENT);
  314. return Status;
  316. } // TCPDataRequestComplete
  319. //* TCPRequestComplete - Completes a TDI request.
  320. //
  321. // Completes a cancellable TDI request which returns no data by
  322. // calling TCPDataRequestComplete with a ByteCount of zero.
  323. //
  324. void // Returns: Nothing.
  325. TCPRequestComplete(
  326. void *Context, // A pointer to the IRP for this request.
  327. unsigned int Status, // The final TDI status of the request.
  328. unsigned int UnUsed) // An unused parameter.
  329. {
  330. UNREFERENCED_PARAMETER(UnUsed);
  332. TCPDataRequestComplete(Context, Status, 0);
  334. } // TCPRequestComplete
  337. //* TCPNonCancellableRequestComplete - Complete uncancellable TDI request.
  338. //
  339. // Completes a TDI request which cannot be cancelled.
  340. //
  341. void // Returns: Nothing.
  342. TCPNonCancellableRequestComplete(
  343. void *Context, // A pointer to the IRP for this request.
  344. unsigned int Status, // The final TDI status of the request.
  345. unsigned int UnUsed) // An unused parameter.
  346. {
  347. PIRP irp;
  348. PIO_STACK_LOCATION irpSp;
  350. UNREFERENCED_PARAMETER(UnUsed);
  352. irp = (PIRP) Context;
  353. irpSp = IoGetCurrentIrpStackLocation(irp);
  355. IF_TCPDBG(TCP_DEBUG_CLOSE) {
  356. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_TCPDBG,
  357. "TCPNonCancellableRequestComplete: irp %lx status %lx\n",
  358. irp, Status));
  359. }
  361. //
  362. // Complete the IRP.
  363. //
  364. irp->IoStatus.Status = (NTSTATUS) Status;
  365. irp->IoStatus.Information = 0;
  366. IoCompleteRequest(irp, IO_NETWORK_INCREMENT);
  368. return;
  370. } // TCPNonCancellableRequestComplete
  373. //* TCPCancelComplete
  374. //
  375. void
  376. TCPCancelComplete(
  377. void *Context,
  378. unsigned int Unused1,
  379. unsigned int Unused2)
  380. {
  381. PFILE_OBJECT fileObject = (PFILE_OBJECT) Context;
  382. PTCP_CONTEXT tcpContext = (PTCP_CONTEXT) fileObject->FsContext;
  383. KIRQL oldIrql;
  385. UNREFERENCED_PARAMETER(Unused1);
  386. UNREFERENCED_PARAMETER(Unused2);
  388. KeAcquireSpinLock(&tcpContext->EndpointLock, &oldIrql);
  390. //
  391. // Remove the reference placed on the endpoint by the cancel routine.
  392. // The cancelled Irp will be completed by the completion routine for the
  393. // request.
  394. //
  395. if (--(tcpContext->ReferenceCount) == 0) {
  397. IF_TCPDBG(TCP_DEBUG_CANCEL) {
  398. ASSERT(IsListEmpty(&(tcpContext->CancelledIrpList)));
  399. ASSERT(IsListEmpty(&(tcpContext->PendingIrpList)));
  400. }
  402. //
  403. // Set the cleanup event.
  404. //
  405. KeReleaseSpinLock(&tcpContext->EndpointLock, oldIrql);
  406. KeSetEvent(&(tcpContext->CleanupEvent), 0, FALSE);
  407. return;
  408. }
  410. IF_TCPDBG(TCP_DEBUG_IRP) {
  411. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_TCPDBG,
  412. "TCPCancelComplete: fileobj %lx refcnt dec to %u\n",
  413. fileObject, tcpContext->ReferenceCount));
  414. }
  416. KeReleaseSpinLock(&tcpContext->EndpointLock, oldIrql);
  418. return;
  420. } // TCPCancelComplete
  423. //* TCPCancelRequest - Cancels an outstanding Irp.
  424. //
  425. // Cancel an outstanding Irp.
  426. //
  427. VOID // Returns: Nothing.
  428. TCPCancelRequest(
  429. PDEVICE_OBJECT Device, // Pointer to the device object for this request.
  430. PIRP Irp) // Pointer to I/O request packet.
  431. {
  432. PIO_STACK_LOCATION irpSp;
  433. PTCP_CONTEXT tcpContext;
  434. NTSTATUS status = STATUS_SUCCESS;
  435. PFILE_OBJECT fileObject;
  436. UCHAR minorFunction;
  437. TDI_REQUEST request;
  438. KIRQL CancelIrql;
  440. UNREFERENCED_PARAMETER(Device);
  442. irpSp = IoGetCurrentIrpStackLocation(Irp);
  443. fileObject = irpSp->FileObject;
  444. tcpContext = (PTCP_CONTEXT) fileObject->FsContext;
  445. minorFunction = irpSp->MinorFunction;
  446. CancelIrql = Irp->CancelIrql;
  448. KeAcquireSpinLockAtDpcLevel(&tcpContext->EndpointLock);
  450. ASSERT(Irp->Cancel);
  451. IoReleaseCancelSpinLock(DISPATCH_LEVEL);
  453. IF_TCPDBG(TCP_DEBUG_IRP) {
  454. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_TCPDBG,
  455. "TCPCancelRequest: cancelling irp %lx, file object %lx\n",
  456. Irp, fileObject));
  457. }
  459. #if DBG
  461. IF_TCPDBG(TCP_DEBUG_CANCEL) {
  462. //
  463. // Verify that the Irp is on the pending list.
  464. //
  465. PLIST_ENTRY entry;
  466. PIRP item = NULL;
  468. for (entry = tcpContext->PendingIrpList.Flink;
  469. entry != &(tcpContext->PendingIrpList); entry = entry->Flink) {
  471. item = CONTAINING_RECORD(entry, IRP, Tail.Overlay.ListEntry);
  473. if (item == Irp) {
  474. RemoveEntryList( &(Irp->Tail.Overlay.ListEntry));
  475. break;
  476. }
  477. }
  479. ASSERT(item == Irp);
  481. InsertTailList(&(tcpContext->CancelledIrpList),
  482. &(Irp->Tail.Overlay.ListEntry));
  483. }
  485. #endif // DBG
  487. //
  488. // Add a reference so the object can't be closed while the cancel routine
  489. // is executing.
  490. //
  491. ASSERT(tcpContext->ReferenceCount > 0);
  492. tcpContext->ReferenceCount++;
  494. IF_TCPDBG(TCP_DEBUG_IRP) {
  495. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_TCPDBG,
  496. "TCPCancelRequest: Irp %lx fileobj %lx refcnt inc to %u\n",
  497. Irp, fileObject, tcpContext->ReferenceCount));
  498. }
  500. //
  501. // Try to cancel the request.
  502. //
  503. switch(minorFunction) {
  505. case TDI_SEND:
  506. case TDI_RECEIVE:
  507. KeReleaseSpinLock(&tcpContext->EndpointLock, CancelIrql);
  509. ASSERT((PtrToUlong(fileObject->FsContext2)) == TDI_CONNECTION_FILE);
  510. #ifndef UDP_ONLY
  511. TCPAbortAndIndicateDisconnect(tcpContext->Handle.ConnectionContext);
  512. #endif
  513. break;
  515. case TDI_SEND_DATAGRAM:
  517. ASSERT(PtrToUlong(fileObject->FsContext2) == TDI_TRANSPORT_ADDRESS_FILE);
  519. TdiCancelSendDatagram(tcpContext->Handle.AddressHandle, Irp,
  520. &tcpContext->EndpointLock, CancelIrql);
  521. break;
  523. case TDI_RECEIVE_DATAGRAM:
  525. ASSERT(PtrToUlong(fileObject->FsContext2) == TDI_TRANSPORT_ADDRESS_FILE);
  527. TdiCancelReceiveDatagram(tcpContext->Handle.AddressHandle, Irp,
  528. &tcpContext->EndpointLock, CancelIrql);
  529. break;
  531. case TDI_DISASSOCIATE_ADDRESS:
  533. ASSERT(PtrToUlong(fileObject->FsContext2) == TDI_CONNECTION_FILE);
  534. //
  535. // This pends but is not cancellable. We put it thru the cancel code
  536. // anyway so a reference is made for it and so it can be tracked in
  537. // a debug build.
  538. //
  539. KeReleaseSpinLock(&tcpContext->EndpointLock, CancelIrql);
  540. break;
  542. default:
  544. //
  545. // Initiate a disconnect to cancel the request.
  546. //
  547. KeReleaseSpinLock(&tcpContext->EndpointLock, CancelIrql);
  548. request.Handle.ConnectionContext =
  549. tcpContext->Handle.ConnectionContext;
  550. request.RequestNotifyObject = TCPCancelComplete;
  551. request.RequestContext = fileObject;
  553. status = TdiDisconnect(&request, NULL, TDI_DISCONNECT_ABORT, NULL,
  554. NULL, NULL);
  555. break;
  556. }
  558. if (status != TDI_PENDING) {
  559. TCPCancelComplete(fileObject, 0, 0);
  560. }
  562. return;
  564. } // TCPCancelRequest
  567. //* TCPPrepareIrpForCancel
  568. //
  569. NTSTATUS
  570. TCPPrepareIrpForCancel(
  571. PTCP_CONTEXT TcpContext,
  572. PIRP Irp,
  573. PDRIVER_CANCEL CancelRoutine)
  574. {
  575. KIRQL oldIrql;
  577. //
  578. // Set up for cancellation.
  579. //
  580. KeAcquireSpinLock(&TcpContext->EndpointLock, &oldIrql);
  582. ASSERT(Irp->CancelRoutine == NULL);
  584. if (!Irp->Cancel) {
  586. IoMarkIrpPending(Irp);
  587. IoSetCancelRoutine(Irp, CancelRoutine);
  588. TcpContext->ReferenceCount++;
  590. IF_TCPDBG(TCP_DEBUG_IRP) {
  591. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_TCPDBG,
  592. "TCPPrepareIrpForCancel: irp %lx fileobj %lx refcnt inc"
  593. " to %u\n", Irp,
  594. (IoGetCurrentIrpStackLocation(Irp))->FileObject,
  595. TcpContext->ReferenceCount));
  596. }
  598. #if DBG
  599. IF_TCPDBG(TCP_DEBUG_CANCEL) {
  600. PLIST_ENTRY entry;
  601. PIRP item = NULL;
  603. //
  604. // Verify that the Irp has not already been submitted.
  605. //
  606. for (entry = TcpContext->PendingIrpList.Flink;
  607. entry != &(TcpContext->PendingIrpList);
  608. entry = entry->Flink) {
  610. item = CONTAINING_RECORD(entry, IRP, Tail.Overlay.ListEntry);
  612. ASSERT(item != Irp);
  613. }
  615. for (entry = TcpContext->CancelledIrpList.Flink;
  616. entry != &(TcpContext->CancelledIrpList);
  617. entry = entry->Flink) {
  619. item = CONTAINING_RECORD(entry, IRP, Tail.Overlay.ListEntry);
  621. ASSERT(item != Irp);
  622. }
  624. InsertTailList(&(TcpContext->PendingIrpList),
  625. &(Irp->Tail.Overlay.ListEntry));
  626. }
  627. #endif // DBG
  629. KeReleaseSpinLock(&TcpContext->EndpointLock, oldIrql);
  631. return(STATUS_SUCCESS);
  632. }
  634. //
  635. // The IRP has already been cancelled. Complete it now.
  636. //
  638. IF_TCPDBG(TCP_DEBUG_IRP) {
  639. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_TCPDBG,
  640. "TCP: irp %lx already cancelled, completing.\n", Irp));
  641. }
  643. KeReleaseSpinLock(&TcpContext->EndpointLock, oldIrql);
  645. Irp->IoStatus.Status = STATUS_CANCELLED;
  646. Irp->IoStatus.Information = 0;
  648. IoCompleteRequest(Irp, IO_NETWORK_INCREMENT);
  650. return(STATUS_CANCELLED);
  652. } // TCPPrepareIrpForCancel
  655. //
  656. // TDI functions.
  657. //
  660. //* TCPAssociateAddress - Handle TDI Associate Address IRP.
  661. //
  662. // Converts a TDI Associate Address IRP into a call to TdiAssociateAddress.
  663. //
  664. // This routine does not pend.
  665. //
  666. NTSTATUS // Returns: indication of whether the request was successful.
  667. TCPAssociateAddress(
  668. IN PIRP Irp, // I/O request packet.
  669. IN PIO_STACK_LOCATION IrpSp) // Current stack location in the Irp.
  671. {
  672. NTSTATUS status;
  673. TDI_REQUEST request;
  674. PTCP_CONTEXT tcpContext;
  675. PTDI_REQUEST_KERNEL_ASSOCIATE associateInformation;
  676. PFILE_OBJECT fileObject;
  678. PAGED_CODE();
  680. tcpContext = (PTCP_CONTEXT) IrpSp->FileObject->FsContext;
  681. request.Handle.ConnectionContext = tcpContext->Handle.ConnectionContext;
  682. associateInformation =
  683. (PTDI_REQUEST_KERNEL_ASSOCIATE) &(IrpSp->Parameters);
  685. //
  686. // Get the file object for the address. Then extract the Address Handle
  687. // from the TCP_CONTEXT associated with it.
  688. //
  689. status = ObReferenceObjectByHandle(associateInformation->AddressHandle,
  690. 0, *IoFileObjectType, Irp->RequestorMode,
  691. &fileObject, NULL);
  693. if (NT_SUCCESS(status)) {
  695. if ((fileObject->DeviceObject == TCPDeviceObject) &&
  696. (PtrToUlong(fileObject->FsContext2) == TDI_TRANSPORT_ADDRESS_FILE)) {
  698. tcpContext = (PTCP_CONTEXT) fileObject->FsContext;
  700. status = TdiAssociateAddress(&request,
  701. tcpContext->Handle.AddressHandle);
  703. ASSERT(status != STATUS_PENDING);
  705. ObDereferenceObject(fileObject);
  707. IF_TCPDBG(TCP_DEBUG_ASSOCIATE) {
  708. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_TCPDBG,
  709. "TCPAssociateAddress complete on file object %lx\n",
  710. IrpSp->FileObject));
  711. }
  712. } else {
  713. ObDereferenceObject(fileObject);
  714. status = STATUS_INVALID_HANDLE;
  716. IF_TCPDBG(TCP_DEBUG_ASSOCIATE) {
  717. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_TCPDBG,
  718. "TCPAssociateAddress: ObReference failed on object"
  719. " %lx, status %lx\n",
  720. associateInformation->AddressHandle, status));
  721. }
  722. }
  723. } else {
  724. IF_TCPDBG(TCP_DEBUG_ASSOCIATE) {
  725. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_TCPDBG,
  726. "TCPAssociateAddress: ObReference failed on object %lx,"
  727. " status %lx\n", associateInformation->AddressHandle,
  728. status));
  729. }
  730. }
  732. return(status);
  733. }
  736. //* TCPDisassociateAddress - Handle TDI Disassociate Address IRP.
  737. //
  738. // Converts a TDI Disassociate Address IRP into a call to
  739. // TdiDisassociateAddress.
  740. NTSTATUS // Returns: Indication of whether the request was successful.
  741. TCPDisassociateAddress(
  742. IN PIRP Irp, // I/O request packet.
  743. IN PIO_STACK_LOCATION IrpSp) // Current stack location in the Irp.
  744. {
  745. NTSTATUS status;
  746. TDI_REQUEST request;
  747. PTCP_CONTEXT tcpContext;
  749. IF_TCPDBG(TCP_DEBUG_ASSOCIATE) {
  750. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_TCPDBG,
  751. "TCP disassociating address\n"));
  752. }
  754. ASSERT(PtrToUlong(IrpSp->FileObject->FsContext2) == TDI_CONNECTION_FILE);
  755. tcpContext = (PTCP_CONTEXT) IrpSp->FileObject->FsContext;
  756. request.Handle.ConnectionContext = tcpContext->Handle.ConnectionContext;
  757. request.RequestNotifyObject = TCPRequestComplete;
  758. request.RequestContext = Irp;
  760. status = TCPPrepareIrpForCancel(tcpContext, Irp, TCPCancelRequest);
  762. if (NT_SUCCESS(status)) {
  764. status = TdiDisAssociateAddress(&request);
  766. if (status != TDI_PENDING) {
  767. TCPRequestComplete(Irp, status, 0);
  768. }
  769. //
  770. // Return PENDING because TCPPrepareIrpForCancel marks Irp as PENDING.
  771. //
  772. return(TDI_PENDING);
  773. }
  775. return(status);
  777. } // TCPDisassociateAddress
  780. //* TCPConnect - Handle TDI Connect IRP.
  781. //
  782. // Converts a TDI Connect IRP into a call to TdiConnect.
  783. //
  784. NTSTATUS // Returns: Whether the request was successfully queued.
  785. TCPConnect(
  786. IN PIRP Irp, // Pointer to I/O request packet.
  787. IN PIO_STACK_LOCATION IrpSp) // Current stack location in the Irp.
  788. {
  789. NTSTATUS status;
  790. PTCP_CONTEXT tcpContext;
  791. TDI_REQUEST request;
  792. PTDI_CONNECTION_INFORMATION requestInformation, returnInformation;
  793. PTDI_REQUEST_KERNEL_CONNECT connectRequest;
  794. LARGE_INTEGER millisecondTimeout;
  795. PLARGE_INTEGER requestTimeout;
  797. IF_TCPDBG(TCP_DEBUG_CONNECT) {
  798. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_TCPDBG,
  799. "TCPConnect irp %lx, file object %lx\n", Irp,
  800. IrpSp->FileObject));
  801. }
  803. ASSERT(PtrToUlong(IrpSp->FileObject->FsContext2) == TDI_CONNECTION_FILE);
  805. connectRequest = (PTDI_REQUEST_KERNEL_CONNECT) &(IrpSp->Parameters);
  806. requestInformation = connectRequest->RequestConnectionInformation;
  807. returnInformation = connectRequest->ReturnConnectionInformation;
  808. tcpContext = (PTCP_CONTEXT) IrpSp->FileObject->FsContext;
  809. request.Handle.ConnectionContext = tcpContext->Handle.ConnectionContext;
  810. request.RequestNotifyObject = TCPRequestComplete;
  811. request.RequestContext = Irp;
  813. requestTimeout = (PLARGE_INTEGER) connectRequest->RequestSpecific;
  815. if (requestTimeout != NULL) {
  816. //
  817. // NT relative timeouts are negative. Negate first to get a positive
  818. // value to pass to the transport.
  819. //
  820. millisecondTimeout.QuadPart = -((*requestTimeout).QuadPart);
  821. millisecondTimeout = Convert100nsToMilliseconds(millisecondTimeout);
  822. } else {
  823. millisecondTimeout.LowPart = 0;
  824. millisecondTimeout.HighPart = 0;
  825. }
  828. ASSERT(millisecondTimeout.HighPart == 0);
  830. status = TCPPrepareIrpForCancel(tcpContext, Irp, TCPCancelRequest);
  832. if (NT_SUCCESS(status)) {
  834. status = TdiConnect(&request, ((millisecondTimeout.LowPart != 0) ?
  835. &(millisecondTimeout.LowPart) : NULL),
  836. requestInformation, returnInformation);
  838. if (status != STATUS_PENDING) {
  839. TCPRequestComplete(Irp, status, 0);
  840. }
  841. //
  842. // Return PENDING because TCPPrepareIrpForCancel marks Irp as PENDING.
  843. //
  844. return(STATUS_PENDING);
  845. }
  847. return(status);
  849. } // TCPConnect
  852. //* TCPDisconnect - Handler for TDI Disconnect IRP
  853. //
  854. // Converts a TDI Disconnect IRP into a call to TdiDisconnect.
  855. //
  856. NTSTATUS // Returns: whether the request was successfully queued.
  857. TCPDisconnect(
  858. IN PIRP Irp, // I/O request packet.
  859. IN PIO_STACK_LOCATION IrpSp) // Current stack location in the Irp.
  860. {
  861. NTSTATUS status;
  862. PTCP_CONTEXT tcpContext;
  863. TDI_REQUEST request;
  864. PTDI_CONNECTION_INFORMATION requestInformation, returnInformation;
  865. PTDI_REQUEST_KERNEL_DISCONNECT disconnectRequest;
  866. LARGE_INTEGER millisecondTimeout;
  867. PLARGE_INTEGER requestTimeout;
  868. BOOLEAN abortive = FALSE;
  870. ASSERT(PtrToUlong(IrpSp->FileObject->FsContext2) == TDI_CONNECTION_FILE);
  872. disconnectRequest = (PTDI_REQUEST_KERNEL_CONNECT) &(IrpSp->Parameters);
  873. requestInformation = disconnectRequest->RequestConnectionInformation;
  874. returnInformation = disconnectRequest->ReturnConnectionInformation;
  875. tcpContext = (PTCP_CONTEXT) IrpSp->FileObject->FsContext;
  876. request.Handle.ConnectionContext = tcpContext->Handle.ConnectionContext;
  877. request.RequestContext = Irp;
  879. //
  880. // Set up the timeout value.
  881. //
  882. if (disconnectRequest->RequestSpecific != NULL) {
  883. requestTimeout = (PLARGE_INTEGER) disconnectRequest->RequestSpecific;
  885. if ((requestTimeout->LowPart == -1) &&
  886. (requestTimeout->HighPart == -1)) {
  888. millisecondTimeout.LowPart = requestTimeout->LowPart;
  889. millisecondTimeout.HighPart = 0;
  890. } else {
  891. //
  892. // NT relative timeouts are negative. Negate first to get a
  893. // positive value to pass to the transport.
  894. //
  895. millisecondTimeout.QuadPart = -((*requestTimeout).QuadPart);
  896. millisecondTimeout = Convert100nsToMilliseconds(
  897. millisecondTimeout);
  898. }
  899. } else {
  900. millisecondTimeout.LowPart = 0;
  901. millisecondTimeout.HighPart = 0;
  902. }
  904. ASSERT(millisecondTimeout.HighPart == 0);
  906. if (disconnectRequest->RequestFlags & TDI_DISCONNECT_ABORT) {
  907. //
  908. // Abortive disconnects cannot be cancelled and must use
  909. // a specific completion routine.
  910. //
  911. abortive = TRUE;
  912. IoMarkIrpPending(Irp);
  913. request.RequestNotifyObject = TCPNonCancellableRequestComplete;
  914. status = STATUS_SUCCESS;
  915. } else {
  916. //
  917. // Non-abortive disconnects can use the generic cancellation and
  918. // completion routines.
  919. //
  920. status = TCPPrepareIrpForCancel(tcpContext, Irp, TCPCancelRequest);
  921. request.RequestNotifyObject = TCPRequestComplete;
  922. }
  924. IF_TCPDBG(TCP_DEBUG_CLOSE) {
  925. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_TCPDBG,
  926. "TCPDisconnect "
  927. "irp %lx, flags %lx, fileobj %lx, abortive = %d\n",
  928. Irp, disconnectRequest->RequestFlags, IrpSp->FileObject,
  929. abortive));
  930. }
  932. if (NT_SUCCESS(status)) {
  933. status = TdiDisconnect(&request,((millisecondTimeout.LowPart != 0) ?
  934. &(millisecondTimeout.LowPart) : NULL),
  935. (ushort) disconnectRequest->RequestFlags,
  936. requestInformation, returnInformation,
  937. (TCPAbortReq*)&Irp->Tail.Overlay.DriverContext[0]);
  939. if (status != STATUS_PENDING) {
  940. if (abortive) {
  941. TCPNonCancellableRequestComplete(Irp, status, 0);
  942. } else {
  943. TCPRequestComplete(Irp, status, 0);
  944. }
  945. } else {
  946. IF_TCPDBG(TCP_DEBUG_CLOSE) {
  947. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_TCPDBG,
  948. "TCPDisconnect pending irp %lx\n", Irp));
  949. }
  950. }
  951. //
  952. // return PENDING because TCPPrepareIrpForCancel marks Irp as PENDING
  953. //
  954. return(STATUS_PENDING);
  955. }
  957. return(status);
  959. } // TCPDisconnect
  962. //* TCPListen - Handler for TDI Listen IRP.
  963. //
  964. // Converts a TDI Listen IRP into a call to TdiListen.
  965. //
  966. NTSTATUS // Returns: whether or not the request was successful.
  967. TCPListen(
  968. IN PIRP Irp, // I/O request packet.
  969. IN PIO_STACK_LOCATION IrpSp) // Current stack location in the Irp.
  971. {
  972. NTSTATUS status;
  973. PTCP_CONTEXT tcpContext;
  974. TDI_REQUEST request;
  975. PTDI_CONNECTION_INFORMATION requestInformation, returnInformation;
  976. PTDI_REQUEST_KERNEL_LISTEN listenRequest;
  978. IF_TCPDBG(TCP_DEBUG_CONNECT) {
  979. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_TCPDBG,
  980. "TCPListen irp %lx on file object %lx\n",
  981. Irp, IrpSp->FileObject));
  982. }
  984. ASSERT(PtrToUlong(IrpSp->FileObject->FsContext2) == TDI_CONNECTION_FILE);
  986. listenRequest = (PTDI_REQUEST_KERNEL_CONNECT) &(IrpSp->Parameters);
  987. requestInformation = listenRequest->RequestConnectionInformation;
  988. returnInformation = listenRequest->ReturnConnectionInformation;
  989. tcpContext = (PTCP_CONTEXT) IrpSp->FileObject->FsContext;
  990. request.Handle.ConnectionContext = tcpContext->Handle.ConnectionContext;
  991. request.RequestNotifyObject = TCPRequestComplete;
  992. request.RequestContext = Irp;
  994. status = TCPPrepareIrpForCancel(tcpContext, Irp, TCPCancelRequest);
  996. if (NT_SUCCESS(status)) {
  998. status = TdiListen(&request, (ushort) listenRequest->RequestFlags,
  999. requestInformation, returnInformation);
  1001. if (status != TDI_PENDING) {
  1002. TCPRequestComplete(Irp, status, 0);
  1003. }
  1004. //
  1005. // return PENDING because TCPPrepareIrpForCancel marks Irp as PENDING
  1006. //
  1007. return(TDI_PENDING);
  1008. }
  1010. return(status);
  1012. } // TCPListen
  1015. //* TCPAccept - Handle a TDI Accept IRP.
  1016. //
  1017. // Converts a TDI Accept IRP into a call to TdiAccept.
  1018. //
  1019. NTSTATUS // Returns: whether the request was successfully queued.
  1020. TCPAccept(
  1021. IN PIRP Irp, // I/O request packet.
  1022. IN PIO_STACK_LOCATION IrpSp) // Current stack location in the Irp.
  1023. {
  1024. NTSTATUS status;
  1025. PTCP_CONTEXT tcpContext;
  1026. TDI_REQUEST request;
  1027. PTDI_CONNECTION_INFORMATION requestInformation, returnInformation;
  1028. PTDI_REQUEST_KERNEL_ACCEPT acceptRequest;
  1030. IF_TCPDBG(TCP_DEBUG_CONNECT) {
  1031. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_TCPDBG,
  1032. "TCPAccept irp %lx on file object %lx\n", Irp,
  1033. IrpSp->FileObject));
  1034. }
  1036. ASSERT(PtrToUlong(IrpSp->FileObject->FsContext2) == TDI_CONNECTION_FILE);
  1038. acceptRequest = (PTDI_REQUEST_KERNEL_ACCEPT) &(IrpSp->Parameters);
  1039. requestInformation = acceptRequest->RequestConnectionInformation;
  1040. returnInformation = acceptRequest->ReturnConnectionInformation;
  1041. tcpContext = (PTCP_CONTEXT) IrpSp->FileObject->FsContext;
  1042. request.Handle.ConnectionContext = tcpContext->Handle.ConnectionContext;
  1043. request.RequestNotifyObject = TCPRequestComplete;
  1044. request.RequestContext = Irp;
  1046. status = TCPPrepareIrpForCancel(tcpContext, Irp, TCPCancelRequest);
  1048. if (NT_SUCCESS(status)) {
  1050. status = TdiAccept(&request, requestInformation, returnInformation);
  1052. if (status != TDI_PENDING) {
  1053. TCPRequestComplete(Irp, status, 0);
  1054. }
  1055. //
  1056. // Return PENDING because TCPPrepareIrpForCancel marks Irp as PENDING.
  1057. //
  1058. return(TDI_PENDING);
  1059. }
  1061. return(status);
  1063. } // TCPAccept
  1066. //* TCPSendData - Handle TDI Send IRP.
  1067. //
  1068. // Converts a TDI Send IRP into a call to TdiSend.
  1069. //
  1070. NTSTATUS
  1071. TCPSendData(
  1072. IN PIRP Irp, // I/O request packet.
  1073. IN PIO_STACK_LOCATION IrpSp) // Current stack location in the Irp.
  1074. {
  1075. TDI_STATUS status;
  1076. TDI_REQUEST request;
  1077. PTCP_CONTEXT tcpContext;
  1078. PTDI_REQUEST_KERNEL_SEND requestInformation;
  1079. KIRQL oldIrql;
  1081. tcpContext = (PTCP_CONTEXT) IrpSp->FileObject->FsContext;
  1082. ASSERT(PtrToUlong(IrpSp->FileObject->FsContext2) == TDI_CONNECTION_FILE);
  1083. requestInformation = (PTDI_REQUEST_KERNEL_SEND) &(IrpSp->Parameters);
  1085. request.Handle.ConnectionContext = tcpContext->Handle.ConnectionContext;
  1086. request.RequestNotifyObject = TCPDataRequestComplete;
  1087. request.RequestContext = Irp;
  1089. KeAcquireSpinLock(&tcpContext->EndpointLock, &oldIrql);
  1090. IoSetCancelRoutine(Irp, TCPCancelRequest);
  1092. if (!Irp->Cancel) {
  1093. //
  1094. // Set up for cancellation.
  1095. //
  1097. IoMarkIrpPending(Irp);
  1099. tcpContext->ReferenceCount++;
  1101. IF_TCPDBG(TCP_DEBUG_IRP) {
  1102. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_TCPDBG,
  1103. "TCPSendData: irp %lx fileobj %lx refcnt inc to %u\n",
  1104. Irp, IrpSp, tcpContext->ReferenceCount));
  1105. }
  1107. #if DBG
  1108. IF_TCPDBG(TCP_DEBUG_CANCEL) {
  1109. PLIST_ENTRY entry;
  1110. PIRP item = NULL;
  1112. //
  1113. // Verify that the Irp has not already been submitted.
  1114. //
  1115. for (entry = tcpContext->PendingIrpList.Flink;
  1116. entry != &(tcpContext->PendingIrpList);
  1117. entry = entry->Flink) {
  1119. item = CONTAINING_RECORD(entry, IRP, Tail.Overlay.ListEntry);
  1121. ASSERT(item != Irp);
  1122. }
  1124. for (entry = tcpContext->CancelledIrpList.Flink;
  1125. entry != &(tcpContext->CancelledIrpList);
  1126. entry = entry->Flink) {
  1128. item = CONTAINING_RECORD(entry, IRP, Tail.Overlay.ListEntry);
  1130. ASSERT(item != Irp);
  1131. }
  1133. InsertTailList(&(tcpContext->PendingIrpList),
  1134. &(Irp->Tail.Overlay.ListEntry));
  1135. }
  1136. #endif // DBG
  1138. KeReleaseSpinLock(&tcpContext->EndpointLock, oldIrql);
  1140. IF_TCPDBG(TCP_DEBUG_SEND) {
  1141. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_TCPDBG,
  1142. "TCPSendData irp %lx sending %d bytes, flags %lx,"
  1143. " fileobj %lx\n", Irp, requestInformation->SendLength,
  1144. requestInformation->SendFlags, IrpSp->FileObject));
  1145. }
  1147. status = TdiSend(&request, (ushort) requestInformation->SendFlags,
  1148. requestInformation->SendLength,
  1149. (PNDIS_BUFFER) Irp->MdlAddress);
  1151. if (status == TDI_PENDING) {
  1152. IF_TCPDBG(TCP_DEBUG_SEND) {
  1153. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_TCPDBG,
  1154. "TCPSendData pending irp %lx\n", Irp));
  1155. }
  1157. return(status);
  1158. }
  1159. //
  1160. // The status is not pending. We reset the pending bit
  1161. //
  1162. IrpSp->Control &= ~SL_PENDING_RETURNED;
  1164. if (status == TDI_SUCCESS) {
  1165. ASSERT(requestInformation->SendLength == 0);
  1167. status = TCPDataRequestComplete(Irp, status,
  1168. requestInformation->SendLength);
  1169. } else {
  1171. IF_TCPDBG(TCP_DEBUG_SEND) {
  1172. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_TCPDBG,
  1173. "TCPSendData - irp %lx send failed, status %lx\n",
  1174. Irp, status));
  1175. }
  1177. status = TCPDataRequestComplete(Irp, status, 0);
  1178. }
  1179. } else {
  1180. //
  1181. // Irp was cancelled previously.
  1182. //
  1183. KeReleaseSpinLock(&tcpContext->EndpointLock, oldIrql);
  1185. //
  1186. // Ensure that the cancel-routine has executed.
  1187. //
  1189. IoAcquireCancelSpinLock(&oldIrql);
  1190. IoReleaseCancelSpinLock(oldIrql);
  1192. KeAcquireSpinLock(&tcpContext->EndpointLock, &oldIrql);
  1193. IoSetCancelRoutine(Irp, NULL);
  1194. KeReleaseSpinLock(&tcpContext->EndpointLock, oldIrql);
  1196. IF_TCPDBG(TCP_DEBUG_SEND) {
  1197. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_TCPDBG,
  1198. "TCPSendData: Irp %lx on fileobj %lx was cancelled\n",
  1199. Irp, IrpSp->FileObject));
  1200. }
  1202. Irp->IoStatus.Status = STATUS_CANCELLED;
  1203. Irp->IoStatus.Information = 0;
  1204. IoCompleteRequest(Irp, IO_NETWORK_INCREMENT);
  1206. status = STATUS_CANCELLED;
  1207. }
  1209. return(status);
  1211. } // TCPSendData
  1214. //* TCPReceiveData - Handler for TDI Receive IRP.
  1215. //
  1216. // Converts a TDI Receive IRP into a call to TdiReceive.
  1217. //
  1218. NTSTATUS // Returns: whether the request was successful.
  1219. TCPReceiveData(
  1220. IN PIRP Irp, // I/O request packet.
  1221. IN PIO_STACK_LOCATION IrpSp) // Current stack location in the Irp.
  1222. {
  1223. TDI_STATUS status;
  1224. TDI_REQUEST request;
  1225. PTCP_CONTEXT tcpContext;
  1226. PTDI_REQUEST_KERNEL_RECEIVE requestInformation;
  1227. KIRQL oldIrql;
  1229. tcpContext = (PTCP_CONTEXT) IrpSp->FileObject->FsContext;
  1230. ASSERT(PtrToUlong(IrpSp->FileObject->FsContext2) == TDI_CONNECTION_FILE);
  1231. requestInformation = (PTDI_REQUEST_KERNEL_RECEIVE) &(IrpSp->Parameters);
  1233. request.Handle.ConnectionContext = tcpContext->Handle.ConnectionContext;
  1234. request.RequestNotifyObject = TCPDataRequestComplete;
  1235. request.RequestContext = Irp;
  1237. KeAcquireSpinLock(&tcpContext->EndpointLock, &oldIrql);
  1238. IoSetCancelRoutine(Irp, TCPCancelRequest);
  1240. if (!Irp->Cancel) {
  1241. //
  1242. // Set up for cancellation.
  1243. //
  1245. IoMarkIrpPending(Irp);
  1247. tcpContext->ReferenceCount++;
  1249. IF_TCPDBG(TCP_DEBUG_IRP) {
  1250. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_TCPDBG,
  1251. "TCPReceiveData: irp %lx fileobj %lx refcnt inc to %u\n",
  1252. Irp, IrpSp->FileObject, tcpContext->ReferenceCount));
  1253. }
  1255. #if DBG
  1256. IF_TCPDBG(TCP_DEBUG_CANCEL) {
  1257. PLIST_ENTRY entry;
  1258. PIRP item = NULL;
  1260. //
  1261. // Verify that the Irp has not already been submitted.
  1262. //
  1263. for (entry = tcpContext->PendingIrpList.Flink;
  1264. entry != &(tcpContext->PendingIrpList);
  1265. entry = entry->Flink) {
  1267. item = CONTAINING_RECORD(entry, IRP, Tail.Overlay.ListEntry);
  1269. ASSERT(item != Irp);
  1270. }
  1272. for (entry = tcpContext->CancelledIrpList.Flink;
  1273. entry != &(tcpContext->CancelledIrpList);
  1274. entry = entry->Flink) {
  1276. item = CONTAINING_RECORD(entry, IRP, Tail.Overlay.ListEntry);
  1278. ASSERT(item != Irp);
  1279. }
  1281. InsertTailList(&(tcpContext->PendingIrpList),
  1282. &(Irp->Tail.Overlay.ListEntry));
  1283. }
  1284. #endif // DBG
  1286. KeReleaseSpinLock(&tcpContext->EndpointLock, oldIrql);
  1288. IF_TCPDBG(TCP_DEBUG_RECEIVE) {
  1289. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_TCPDBG,
  1290. "TCPReceiveData irp %lx receiving %d bytes flags %lx"
  1291. " filobj %lx\n", Irp, requestInformation->ReceiveLength,
  1292. requestInformation->ReceiveFlags, IrpSp->FileObject));
  1293. }
  1295. status = TdiReceive(&request,
  1296. (ushort *) &(requestInformation->ReceiveFlags),
  1297. &(requestInformation->ReceiveLength),
  1298. (PNDIS_BUFFER) Irp->MdlAddress);
  1300. if (status == TDI_PENDING) {
  1301. IF_TCPDBG(TCP_DEBUG_RECEIVE) {
  1302. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_TCPDBG,
  1303. "TCPReceiveData: pending irp %lx\n", Irp));
  1304. }
  1306. return(status);
  1307. }
  1308. //
  1309. // The status is not pending. We reset the pending bit
  1310. //
  1311. IrpSp->Control &= ~SL_PENDING_RETURNED;
  1313. IF_TCPDBG(TCP_DEBUG_RECEIVE) {
  1314. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_TCPDBG,
  1315. "TCPReceiveData - irp %lx failed, status %lx\n",
  1316. Irp, status));
  1317. }
  1319. status = TCPDataRequestComplete(Irp, status, 0);
  1320. } else {
  1321. //
  1322. // Irp was cancelled previously.
  1323. //
  1324. KeReleaseSpinLock(&tcpContext->EndpointLock, oldIrql);
  1326. //
  1327. // Ensure that the cancel-routine has executed.
  1328. //
  1330. IoAcquireCancelSpinLock(&oldIrql);
  1331. IoReleaseCancelSpinLock(oldIrql);
  1333. KeAcquireSpinLock(&tcpContext->EndpointLock, &oldIrql);
  1334. IoSetCancelRoutine(Irp, NULL);
  1335. KeReleaseSpinLock(&tcpContext->EndpointLock, oldIrql);
  1337. IF_TCPDBG(TCP_DEBUG_SEND) {
  1338. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_TCPDBG,
  1339. "TCPReceiveData: Irp %lx on fileobj %lx was cancelled\n",
  1340. Irp, IrpSp->FileObject));
  1341. }
  1343. Irp->IoStatus.Status = STATUS_CANCELLED;
  1344. Irp->IoStatus.Information = 0;
  1345. IoCompleteRequest(Irp, IO_NETWORK_INCREMENT);
  1347. status = STATUS_CANCELLED;
  1348. }
  1350. return status;
  1352. } // TCPReceiveData
  1355. //* UDPSendDatagram -
  1356. //
  1357. NTSTATUS // Returns: whether the request was successfully queued.
  1358. UDPSendDatagram(
  1359. IN PIRP Irp, // I/O request packet.
  1360. IN PIO_STACK_LOCATION IrpSp) // Current stack location in the Irp.
  1361. {
  1362. TDI_STATUS status;
  1363. TDI_REQUEST request;
  1364. PTCP_CONTEXT tcpContext;
  1365. PTDI_REQUEST_KERNEL_SENDDG datagramInformation;
  1366. ULONG bytesSent = 0;
  1368. tcpContext = (PTCP_CONTEXT) IrpSp->FileObject->FsContext;
  1369. datagramInformation = (PTDI_REQUEST_KERNEL_SENDDG) &(IrpSp->Parameters);
  1370. ASSERT(PtrToUlong(IrpSp->FileObject->FsContext2) ==
  1371. TDI_TRANSPORT_ADDRESS_FILE);
  1373. request.Handle.AddressHandle = tcpContext->Handle.AddressHandle;
  1374. request.RequestNotifyObject = TCPDataRequestComplete;
  1375. request.RequestContext = Irp;
  1377. IF_TCPDBG(TCP_DEBUG_SEND_DGRAM) {
  1378. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_TCPDBG,
  1379. "UDPSendDatagram irp %lx sending %d bytes\n", Irp,
  1380. datagramInformation->SendLength));
  1381. }
  1383. status = TCPPrepareIrpForCancel(tcpContext, Irp, TCPCancelRequest);
  1385. if (NT_SUCCESS(status)) {
  1387. status = TdiSendDatagram(&request,
  1388. datagramInformation->SendDatagramInformation,
  1389. datagramInformation->SendLength, &bytesSent,
  1390. (PNDIS_BUFFER) Irp->MdlAddress);
  1392. if (status == TDI_PENDING) {
  1393. return(status);
  1394. }
  1396. ASSERT(status != TDI_SUCCESS);
  1397. ASSERT(bytesSent == 0);
  1399. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INTERNAL_ERROR,
  1400. "UDPSendDatagram - irp %lx send failed, status %lx\n",
  1401. Irp, status));
  1403. TCPDataRequestComplete(Irp, status, bytesSent);
  1404. //
  1405. // Return PENDING because TCPPrepareIrpForCancel marks Irp as PENDING.
  1406. //
  1407. return(TDI_PENDING);
  1408. }
  1410. return status;
  1412. } // UDPSendDatagram
  1415. //* UDPReceiveDatagram - Handle TDI ReceiveDatagram IRP.
  1416. //
  1417. // Converts a TDI ReceiveDatagram IRP into a call to TdiReceiveDatagram.
  1418. //
  1419. NTSTATUS // Returns: whether the request was successful.
  1420. UDPReceiveDatagram(
  1421. IN PIRP Irp, // I/O request packet.
  1422. IN PIO_STACK_LOCATION IrpSp) // Current stack location in the Irp.
  1423. {
  1424. TDI_STATUS status;
  1425. TDI_REQUEST request;
  1426. PTCP_CONTEXT tcpContext;
  1427. PTDI_REQUEST_KERNEL_RECEIVEDG datagramInformation;
  1428. uint bytesReceived = 0;
  1430. tcpContext = (PTCP_CONTEXT) IrpSp->FileObject->FsContext;
  1431. datagramInformation = (PTDI_REQUEST_KERNEL_RECEIVEDG) &(IrpSp->Parameters);
  1432. ASSERT(PtrToUlong(IrpSp->FileObject->FsContext2) ==
  1433. TDI_TRANSPORT_ADDRESS_FILE);
  1435. request.Handle.AddressHandle = tcpContext->Handle.AddressHandle;
  1436. request.RequestNotifyObject = TCPDataRequestComplete;
  1437. request.RequestContext = Irp;
  1439. IF_TCPDBG(TCP_DEBUG_RECEIVE_DGRAM) {
  1440. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_TCPDBG,
  1441. "UDPReceiveDatagram: irp %lx receiveing %d bytes\n", Irp,
  1442. datagramInformation->ReceiveLength));
  1443. }
  1445. status = TCPPrepareIrpForCancel(tcpContext, Irp, TCPCancelRequest);
  1447. if (NT_SUCCESS(status)) {
  1449. status = TdiReceiveDatagram(&request,
  1450. datagramInformation->ReceiveDatagramInformation,
  1451. datagramInformation->ReturnDatagramInformation,
  1452. datagramInformation->ReceiveLength, &bytesReceived,
  1453. Irp->MdlAddress);
  1455. if (status == TDI_PENDING) {
  1456. return(status);
  1457. }
  1459. ASSERT(status != TDI_SUCCESS);
  1460. ASSERT(bytesReceived == 0);
  1462. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INTERNAL_ERROR,
  1463. "UDPReceiveDatagram: irp %lx send failed, status %lx\n",
  1464. Irp, status));
  1466. TCPDataRequestComplete(Irp, status, bytesReceived);
  1467. //
  1468. // Return PENDING because TCPPrepareIrpForCancel marks Irp as PENDING.
  1469. //
  1470. return(TDI_PENDING);
  1471. }
  1473. return status;
  1475. } // UDPReceiveDatagram
  1478. //* TCPSetEventHandler - Handle TDI SetEventHandler IRP.
  1479. //
  1480. // Converts a TDI SetEventHandler IRP into a call to TdiSetEventHandler.
  1481. //
  1482. NTSTATUS // Returns: whether the request was successful.
  1483. TCPSetEventHandler(
  1484. IN PIRP Irp, // I/O request packet.
  1485. IN PIO_STACK_LOCATION IrpSp) // Current stack location in the Irp.
  1486. {
  1487. NTSTATUS status;
  1488. PTDI_REQUEST_KERNEL_SET_EVENT event;
  1489. PTCP_CONTEXT tcpContext;
  1491. PAGED_CODE();
  1493. UNREFERENCED_PARAMETER(Irp);
  1495. tcpContext = (PTCP_CONTEXT) IrpSp->FileObject->FsContext;
  1496. event = (PTDI_REQUEST_KERNEL_SET_EVENT) &(IrpSp->Parameters);
  1498. IF_TCPDBG(TCP_DEBUG_EVENT_HANDLER) {
  1499. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_TCPDBG,
  1500. "TCPSetEventHandler: "
  1501. "irp %lx event %lx handler %lx context %lx\n", Irp,
  1502. event->EventType, event->EventHandler, event->EventContext));
  1503. }
  1505. status = TdiSetEvent(tcpContext->Handle.AddressHandle, event->EventType,
  1506. event->EventHandler, event->EventContext);
  1508. ASSERT(status != TDI_PENDING);
  1510. return(status);
  1512. } // TCPSetEventHandler
  1515. //* TCPQueryInformation - Handle a TDI QueryInformation IRP.
  1516. //
  1517. // Converts a TDI QueryInformation IRP into a call to TdiQueryInformation.
  1518. //
  1519. NTSTATUS // Returns: whether request was successful.
  1520. TCPQueryInformation(
  1521. IN PIRP Irp, // I/O request packet.
  1522. IN PIO_STACK_LOCATION IrpSp) // Current stack location in the Irp.
  1523. {
  1524. TDI_REQUEST request;
  1525. TDI_STATUS status = STATUS_SUCCESS;
  1526. PTCP_CONTEXT tcpContext;
  1527. PTDI_REQUEST_KERNEL_QUERY_INFORMATION queryInformation;
  1528. uint isConn = FALSE;
  1529. uint dataSize = 0;
  1531. tcpContext = (PTCP_CONTEXT) IrpSp->FileObject->FsContext;
  1532. queryInformation = (PTDI_REQUEST_KERNEL_QUERY_INFORMATION)
  1533. &(IrpSp->Parameters);
  1535. request.RequestNotifyObject = TCPDataRequestComplete;
  1536. request.RequestContext = Irp;
  1538. switch(queryInformation->QueryType) {
  1540. case TDI_QUERY_BROADCAST_ADDRESS:
  1541. ASSERT(PtrToUlong(IrpSp->FileObject->FsContext2) ==
  1542. TDI_CONTROL_CHANNEL_FILE);
  1543. request.Handle.ControlChannel = tcpContext->Handle.ControlChannel;
  1544. break;
  1546. case TDI_QUERY_PROVIDER_INFO:
  1547. //
  1548. // NetBT does this. Reinstate the ASSERT when it is fixed.
  1549. //
  1550. // ASSERT(PtrToUlong(IrpSp->FileObject->FsContext2) ==
  1551. // TDI_CONTROL_CHANNEL_FILE);
  1552. request.Handle.ControlChannel = tcpContext->Handle.ControlChannel;
  1553. break;
  1555. case TDI_QUERY_ADDRESS_INFO:
  1556. if (PtrToUlong(IrpSp->FileObject->FsContext2) == TDI_CONNECTION_FILE) {
  1557. //
  1558. // This is a TCP connection object.
  1559. //
  1560. isConn = TRUE;
  1561. request.Handle.ConnectionContext =
  1562. tcpContext->Handle.ConnectionContext;
  1563. } else {
  1564. //
  1565. // This is an address object.
  1566. //
  1567. request.Handle.AddressHandle = tcpContext->Handle.AddressHandle;
  1568. }
  1569. break;
  1571. case TDI_QUERY_CONNECTION_INFO:
  1573. if (PtrToUlong(IrpSp->FileObject->FsContext2) != TDI_CONNECTION_FILE){
  1575. status = STATUS_INVALID_PARAMETER;
  1577. } else {
  1579. isConn = TRUE;
  1580. request.Handle.ConnectionContext = tcpContext->Handle.ConnectionContext;
  1581. }
  1582. break;
  1584. case TDI_QUERY_PROVIDER_STATISTICS:
  1585. request.Handle.ControlChannel = tcpContext->Handle.ControlChannel;
  1586. break;
  1588. default:
  1589. status = STATUS_NOT_IMPLEMENTED;
  1590. break;
  1591. }
  1593. if (NT_SUCCESS(status)) {
  1594. //
  1595. // This request isn't cancellable, but we put it through
  1596. // the cancel path because it handles some checks for us
  1597. // and tracks the irp.
  1598. //
  1599. status = TCPPrepareIrpForCancel(tcpContext, Irp, NULL);
  1601. if (NT_SUCCESS(status)) {
  1602. dataSize = TCPGetMdlChainByteCount(Irp->MdlAddress);
  1604. status = TdiQueryInformation(&request, queryInformation->QueryType,
  1605. Irp->MdlAddress, &dataSize, isConn);
  1607. if (status != TDI_PENDING) {
  1608. IrpSp->Control &= ~SL_PENDING_RETURNED;
  1609. status = TCPDataRequestComplete(Irp, status, dataSize);
  1610. return(status);
  1611. }
  1613. return(STATUS_PENDING);
  1614. }
  1616. return(status);
  1617. }
  1619. Irp->IoStatus.Status = (NTSTATUS) status;
  1620. Irp->IoStatus.Information = 0;
  1622. IoCompleteRequest(Irp, IO_NETWORK_INCREMENT);
  1624. return(status);
  1626. } // TCPQueryInformation
  1629. //* TCPQueryInformationExComplete - Complete a TdiQueryInformationEx request.
  1630. //
  1631. NTSTATUS
  1632. TCPQueryInformationExComplete(
  1633. void *Context, // A pointer to the IRP for this request.
  1634. TDI_STATUS Status, // Final TDI status of the request.
  1635. unsigned int ByteCount) // Bytes returned in output buffer.
  1636. {
  1637. PTCP_QUERY_CONTEXT queryContext = (PTCP_QUERY_CONTEXT) Context;
  1638. ULONG bytesCopied;
  1640. if (NT_SUCCESS(Status)) {
  1641. //
  1642. // Copy the returned context to the input buffer.
  1643. //
  1644. TdiCopyBufferToMdl(&(queryContext->QueryInformation.Context), 0,
  1645. CONTEXT_SIZE, queryContext->InputMdl,
  1646. FIELD_OFFSET(TCP_REQUEST_QUERY_INFORMATION_EX,
  1647. Context),
  1648. &bytesCopied);
  1650. if (bytesCopied != CONTEXT_SIZE) {
  1651. Status = STATUS_INSUFFICIENT_RESOURCES;
  1652. ByteCount = 0;
  1653. }
  1654. }
  1656. //
  1657. // Unlock the user's buffers and free the MDLs describing them.
  1658. //
  1659. MmUnlockPages(queryContext->InputMdl);
  1660. IoFreeMdl(queryContext->InputMdl);
  1661. MmUnlockPages(queryContext->OutputMdl);
  1662. IoFreeMdl(queryContext->OutputMdl);
  1664. //
  1665. // Complete the request.
  1666. //
  1667. Status = TCPDataRequestComplete(queryContext->Irp, Status, ByteCount);
  1669. ExFreePool(queryContext);
  1671. return Status;
  1672. }
  1675. //* TCPQueryInformationEx - Handle a TDI QueryInformationEx IRP.
  1676. //
  1677. // Converts a TDI QueryInformationEx IRP into a call to TdiQueryInformationEx.
  1678. //
  1679. NTSTATUS // Returns: whether the request was successful.
  1680. TCPQueryInformationEx(
  1681. IN PIRP Irp, // I/O request packet.
  1682. IN PIO_STACK_LOCATION IrpSp) // Current stack location in the Irp.
  1683. {
  1684. TDI_REQUEST request;
  1685. TDI_STATUS status = STATUS_SUCCESS;
  1686. PTCP_CONTEXT tcpContext;
  1687. uint size;
  1688. PTCP_REQUEST_QUERY_INFORMATION_EX InputBuffer;
  1689. PVOID OutputBuffer;
  1690. PMDL inputMdl = NULL;
  1691. PMDL outputMdl = NULL;
  1692. ULONG InputBufferLength, OutputBufferLength;
  1693. PTCP_QUERY_CONTEXT queryContext;
  1694. BOOLEAN inputLocked = FALSE;
  1695. BOOLEAN outputLocked = FALSE;
  1696. BOOLEAN inputBufferValid = FALSE;
  1698. PAGED_CODE();
  1700. IF_TCPDBG(TCP_DEBUG_INFO) {
  1701. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_TCPDBG,
  1702. "QueryInformationEx starting - irp %lx fileobj %lx\n",
  1703. Irp, IrpSp->FileObject));
  1704. }
  1706. tcpContext = (PTCP_CONTEXT) IrpSp->FileObject->FsContext;
  1708. switch (PtrToUlong(IrpSp->FileObject->FsContext2)) {
  1710. case TDI_TRANSPORT_ADDRESS_FILE:
  1711. request.Handle.AddressHandle = tcpContext->Handle.AddressHandle;
  1712. break;
  1714. case TDI_CONNECTION_FILE:
  1715. request.Handle.ConnectionContext =
  1716. tcpContext->Handle.ConnectionContext;
  1717. break;
  1719. case TDI_CONTROL_CHANNEL_FILE:
  1720. request.Handle.ControlChannel = tcpContext->Handle.ControlChannel;
  1721. break;
  1723. default:
  1724. ABORT();
  1726. Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
  1727. Irp->IoStatus.Information = 0;
  1729. IoCompleteRequest(Irp, IO_NETWORK_INCREMENT);
  1731. return(STATUS_INVALID_PARAMETER);
  1732. }
  1734. InputBufferLength = IrpSp->Parameters.DeviceIoControl.InputBufferLength;
  1735. OutputBufferLength = IrpSp->Parameters.DeviceIoControl.OutputBufferLength;
  1737. //
  1738. // Validate the input parameters.
  1739. //
  1740. if (InputBufferLength >= sizeof(TCP_REQUEST_QUERY_INFORMATION_EX) &&
  1741. InputBufferLength < MAXLONG) {
  1742. inputBufferValid = TRUE;
  1743. } else {
  1744. inputBufferValid = FALSE;
  1745. }
  1746. if (inputBufferValid && (OutputBufferLength != 0)) {
  1748. OutputBuffer = Irp->UserBuffer;
  1749. InputBuffer = (PTCP_REQUEST_QUERY_INFORMATION_EX)
  1750. IrpSp->Parameters.DeviceIoControl.Type3InputBuffer;
  1752. queryContext = ExAllocatePool(NonPagedPool, InputBufferLength
  1753. + FIELD_OFFSET(TCP_QUERY_CONTEXT, QueryInformation));
  1755. if (queryContext != NULL) {
  1756. status = TCPPrepareIrpForCancel(tcpContext, Irp, NULL);
  1758. if (!NT_SUCCESS(status)) {
  1759. ExFreePool(queryContext);
  1760. return(status);
  1761. }
  1763. //
  1764. // Allocate Mdls to describe the input and output buffers.
  1765. // Probe and lock the buffers.
  1766. //
  1767. try {
  1768. inputMdl = IoAllocateMdl(InputBuffer, InputBufferLength,
  1769. FALSE, TRUE, NULL);
  1771. outputMdl = IoAllocateMdl(OutputBuffer, OutputBufferLength,
  1772. FALSE, TRUE, NULL);
  1774. if ((inputMdl != NULL) && (outputMdl != NULL)) {
  1776. MmProbeAndLockPages(inputMdl, Irp->RequestorMode,
  1777. IoModifyAccess);
  1779. inputLocked = TRUE;
  1781. MmProbeAndLockPages(outputMdl, Irp->RequestorMode,
  1782. IoWriteAccess);
  1784. outputLocked = TRUE;
  1786. //
  1787. // Copy the input parameter to our pool block so
  1788. // TdiQueryInformationEx can manipulate it directly.
  1789. //
  1790. RtlCopyMemory(&(queryContext->QueryInformation),
  1791. InputBuffer,
  1792. InputBufferLength);
  1793. } else {
  1795. IF_TCPDBG(TCP_DEBUG_INFO) {
  1796. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_TCPDBG,
  1797. "QueryInfoEx: Couldn't allocate MDL\n"));
  1798. }
  1800. IrpSp->Control &= ~SL_PENDING_RETURNED;
  1802. status = STATUS_INSUFFICIENT_RESOURCES;
  1803. }
  1805. } except(EXCEPTION_EXECUTE_HANDLER) {
  1807. IF_TCPDBG(TCP_DEBUG_INFO) {
  1808. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_TCPDBG,
  1809. "QueryInfoEx: "
  1810. "exception copying input param %lx\n",
  1811. GetExceptionCode()));
  1812. }
  1814. status = GetExceptionCode();
  1815. }
  1817. if (NT_SUCCESS(status)) {
  1818. //
  1819. // It's finally time to do this thing.
  1820. //
  1821. size = TCPGetMdlChainByteCount(outputMdl);
  1823. queryContext->Irp = Irp;
  1824. queryContext->InputMdl = inputMdl;
  1825. queryContext->OutputMdl = outputMdl;
  1827. request.RequestNotifyObject = TCPQueryInformationExComplete;
  1828. request.RequestContext = queryContext;
  1830. status = TdiQueryInformationEx(&request,
  1831. &(queryContext->QueryInformation.ID),
  1832. outputMdl, &size,
  1833. &(queryContext->QueryInformation.Context),
  1834. InputBufferLength - FIELD_OFFSET(TCP_REQUEST_QUERY_INFORMATION_EX, Context));
  1836. if (status != TDI_PENDING) {
  1838. //
  1839. // Since status is not pending, clear the
  1840. // control flag to keep IO verifier happy.
  1841. //
  1842. IrpSp->Control &= ~SL_PENDING_RETURNED;
  1844. status = TCPQueryInformationExComplete(queryContext,
  1845. status, size);
  1846. return(status);
  1847. }
  1849. IF_TCPDBG(TCP_DEBUG_INFO) {
  1850. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_TCPDBG,
  1851. "QueryInformationEx - "
  1852. "pending irp %lx fileobj %lx\n",
  1853. Irp, IrpSp->FileObject));
  1854. }
  1856. return(STATUS_PENDING);
  1857. }
  1859. //
  1860. // If we get here, something failed. Clean up.
  1861. //
  1862. if (inputMdl != NULL) {
  1863. if (inputLocked) {
  1864. MmUnlockPages(inputMdl);
  1865. }
  1867. IoFreeMdl(inputMdl);
  1868. }
  1870. if (outputMdl != NULL) {
  1871. if (outputLocked) {
  1872. MmUnlockPages(outputMdl);
  1873. }
  1875. IoFreeMdl(outputMdl);
  1876. }
  1878. ExFreePool(queryContext);
  1880. // Since status is not pending, clear the
  1881. // control flag to keep IO verifier happy.
  1883. IrpSp->Control &= ~SL_PENDING_RETURNED;
  1885. status = TCPDataRequestComplete(Irp, status, 0);
  1887. return(status);
  1889. } else {
  1890. IrpSp->Control &= ~SL_PENDING_RETURNED;
  1891. status = STATUS_INSUFFICIENT_RESOURCES;
  1893. IF_TCPDBG(TCP_DEBUG_INFO) {
  1894. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_TCPDBG,
  1895. "QueryInfoEx: Unable to allocate query context\n"));
  1896. }
  1897. }
  1898. } else {
  1899. status = STATUS_INVALID_PARAMETER;
  1901. IF_TCPDBG(TCP_DEBUG_INFO) {
  1902. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_TCPDBG,
  1903. "QueryInfoEx: Bad buffer len, OBufLen %d, InBufLen %d\n",
  1904. OutputBufferLength, InputBufferLength));
  1905. }
  1906. }
  1908. IF_TCPDBG(TCP_DEBUG_INFO) {
  1909. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_TCPDBG,
  1910. "QueryInformationEx complete - irp %lx, status %lx\n",
  1911. Irp, status));
  1912. }
  1914. Irp->IoStatus.Status = (NTSTATUS) status;
  1915. Irp->IoStatus.Information = 0;
  1917. IoCompleteRequest(Irp, IO_NETWORK_INCREMENT);
  1919. return(status);
  1920. }
  1923. //* TCPSetInformationEx - Handle TDI SetInformationEx IRP.
  1924. //
  1925. // Converts a TDI SetInformationEx IRP into a call to TdiSetInformationEx.
  1926. //
  1927. // This routine does not pend.
  1928. //
  1929. NTSTATUS // Returns: whether the request was successful.
  1930. TCPSetInformationEx(
  1931. IN PIRP Irp, // I/O request packet.
  1932. IN PIO_STACK_LOCATION IrpSp) // Current stack location in the Irp.
  1933. {
  1934. TDI_REQUEST request;
  1935. TDI_STATUS status;
  1936. PTCP_CONTEXT tcpContext;
  1937. PTCP_REQUEST_SET_INFORMATION_EX setInformation;
  1939. PAGED_CODE();
  1941. IF_TCPDBG(TCP_DEBUG_INFO) {
  1942. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_TCPDBG,
  1943. "SetInformationEx - irp %lx fileobj %lx\n", Irp,
  1944. IrpSp->FileObject));
  1945. }
  1947. tcpContext = (PTCP_CONTEXT) IrpSp->FileObject->FsContext;
  1948. setInformation = (PTCP_REQUEST_SET_INFORMATION_EX)
  1949. Irp->AssociatedIrp.SystemBuffer;
  1951. if (IrpSp->Parameters.DeviceIoControl.InputBufferLength <
  1952. FIELD_OFFSET(TCP_REQUEST_SET_INFORMATION_EX, Buffer) ||
  1953. IrpSp->Parameters.DeviceIoControl.InputBufferLength -
  1954. FIELD_OFFSET(TCP_REQUEST_SET_INFORMATION_EX, Buffer) < setInformation->BufferSize) {
  1956. Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
  1957. Irp->IoStatus.Information = 0;
  1959. IoCompleteRequest(Irp, IO_NETWORK_INCREMENT);
  1961. return (STATUS_INVALID_PARAMETER);
  1962. }
  1964. switch (PtrToUlong(IrpSp->FileObject->FsContext2)) {
  1966. case TDI_TRANSPORT_ADDRESS_FILE:
  1967. request.Handle.AddressHandle = tcpContext->Handle.AddressHandle;
  1968. break;
  1970. case TDI_CONNECTION_FILE:
  1971. request.Handle.ConnectionContext =
  1972. tcpContext->Handle.ConnectionContext;
  1973. break;
  1975. case TDI_CONTROL_CHANNEL_FILE:
  1976. request.Handle.ControlChannel = tcpContext->Handle.ControlChannel;
  1977. break;
  1979. default:
  1980. ABORT();
  1981. Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
  1982. Irp->IoStatus.Information = 0;
  1984. IoCompleteRequest(Irp, IO_NETWORK_INCREMENT);
  1986. return(STATUS_INVALID_PARAMETER);
  1987. }
  1989. //
  1990. // Prevent non-privleged access (i.e. IOCTL_TCP_WSH_SET_INFORMATION_EX
  1991. // calls) from making changes outside of the transport layer.
  1992. // Privleged calls should be using IOCTL_TCP_SET_INFORMATION_EX instead.
  1993. //
  1994. if (IrpSp->Parameters.DeviceIoControl.IoControlCode ==
  1995. IOCTL_TCP_WSH_SET_INFORMATION_EX) {
  1996. uint Entity;
  1998. Entity = setInformation->ID.toi_entity.tei_entity;
  2000. if ((Entity != CO_TL_ENTITY) && (Entity != CL_TL_ENTITY) ) {
  2001. Irp->IoStatus.Status = STATUS_ACCESS_DENIED;
  2002. Irp->IoStatus.Information = 0;
  2003. IoCompleteRequest(Irp, IO_NETWORK_INCREMENT);
  2004. return (STATUS_ACCESS_DENIED);
  2005. }
  2006. }
  2008. status = TCPPrepareIrpForCancel(tcpContext, Irp, NULL);
  2010. if (NT_SUCCESS(status)) {
  2011. request.RequestNotifyObject = TCPDataRequestComplete;
  2012. request.RequestContext = Irp;
  2014. status = TdiSetInformationEx(&request, &(setInformation->ID),
  2015. &(setInformation->Buffer[0]),
  2016. setInformation->BufferSize);
  2018. if (status != TDI_PENDING) {
  2019. IrpSp->Control &= ~SL_PENDING_RETURNED;
  2021. status = TCPDataRequestComplete(Irp, status, 0);
  2023. return(status);
  2024. }
  2026. IF_TCPDBG(TCP_DEBUG_INFO) {
  2027. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_TCPDBG,
  2028. "SetInformationEx - pending irp %lx fileobj %lx\n",
  2029. Irp, IrpSp->FileObject));
  2030. }
  2032. return(STATUS_PENDING);
  2033. }
  2035. IF_TCPDBG(TCP_DEBUG_INFO) {
  2036. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_TCPDBG,
  2037. "SetInformationEx complete - irp %lx\n", Irp));
  2038. }
  2040. //
  2041. // The irp has already been completed.
  2042. //
  2043. return(status);
  2044. }
  2047. #if 0
  2048. //* TCPEnumerateConnectionList -
  2049. //
  2050. // Processes a request to enumerate the workstation connection list.
  2051. //
  2052. // This routine does not pend.
  2053. //
  2054. NTSTATUS // Return: whether the request was successful.
  2055. TCPEnumerateConnectionList(
  2056. IN PIRP Irp, // I/O request packet.
  2057. IN PIO_STACK_LOCATION IrpSp) // Current stack location in the Irp.
  2058. {
  2060. TCPConnectionListEntry *request;
  2061. TCPConnectionListEnum *response;
  2062. ULONG requestLength, responseLength;
  2063. NTSTATUS status;
  2065. PAGED_CODE();
  2067. request = (TCPConnectionListEntry *) Irp->AssociatedIrp.SystemBuffer;
  2068. response = (TCPConnectionListEnum *) request;
  2069. requestLength = IrpSp->Parameters.DeviceIoControl.InputBufferLength;
  2070. responseLength = IrpSp->Parameters.DeviceIoControl.OutputBufferLength;
  2072. if (responseLength < sizeof(TCPConnectionListEnum)) {
  2073. status = STATUS_BUFFER_TOO_SMALL;
  2074. Irp->IoStatus.Information = 0;
  2075. } else {
  2076. EnumerateConnectionList((uchar *) (response + 1),
  2077. responseLength - sizeof(TCPConnectionListEnum),
  2078. &(response->tce_entries_returned),
  2079. &(response->tce_entries_available));
  2081. status = TDI_SUCCESS;
  2082. Irp->IoStatus.Information = sizeof(TCPConnectionListEnum) +
  2083. (response->tce_entries_returned * sizeof(TCPConnectionListEntry));
  2084. }
  2086. Irp->IoStatus.Status = status;
  2088. IoCompleteRequest(Irp, IO_NETWORK_INCREMENT);
  2090. return(status);
  2091. }
  2092. #endif
  2095. //* TCPCreate -
  2096. //
  2097. NTSTATUS // Returns: whether the request was successfully queued.
  2098. TCPCreate(
  2099. IN PDEVICE_OBJECT DeviceObject, // Device object for this request.
  2100. IN PIRP Irp, // I/O request packet.
  2101. IN PIO_STACK_LOCATION IrpSp) // Current stack location in the Irp.
  2102. {
  2103. TDI_REQUEST Request;
  2104. NTSTATUS status;
  2105. FILE_FULL_EA_INFORMATION *ea;
  2106. FILE_FULL_EA_INFORMATION UNALIGNED *targetEA;
  2107. PTCP_CONTEXT tcpContext;
  2108. uint protocol;
  2110. PAGED_CODE();
  2112. tcpContext = ExAllocatePool(NonPagedPool, sizeof(TCP_CONTEXT));
  2114. if (tcpContext == NULL) {
  2115. return(STATUS_INSUFFICIENT_RESOURCES);
  2116. }
  2118. #if DBG
  2119. InitializeListHead(&(tcpContext->PendingIrpList));
  2120. InitializeListHead(&(tcpContext->CancelledIrpList));
  2121. #endif
  2123. tcpContext->ReferenceCount = 1; // Put initial reference on open object.
  2124. tcpContext->CancelIrps = FALSE;
  2125. KeInitializeEvent(&(tcpContext->CleanupEvent), SynchronizationEvent,
  2126. FALSE);
  2127. KeInitializeSpinLock(&tcpContext->EndpointLock);
  2129. ea = (PFILE_FULL_EA_INFORMATION) Irp->AssociatedIrp.SystemBuffer;
  2131. //
  2132. // See if this is a Control Channel open.
  2133. //
  2134. if (!ea) {
  2135. IF_TCPDBG(TCP_DEBUG_OPEN) {
  2136. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_TCPDBG,
  2137. "TCPCreate: "
  2138. "Opening control channel for file object %lx\n",
  2139. IrpSp->FileObject));
  2140. }
  2142. tcpContext->Handle.ControlChannel = NULL;
  2143. IrpSp->FileObject->FsContext = tcpContext;
  2144. IrpSp->FileObject->FsContext2 = (PVOID) TDI_CONTROL_CHANNEL_FILE;
  2146. return(STATUS_SUCCESS);
  2147. }
  2149. //
  2150. // See if this is an Address Object open.
  2151. //
  2152. targetEA = FindEA(ea, TdiTransportAddress, TDI_TRANSPORT_ADDRESS_LENGTH);
  2154. if (targetEA != NULL) {
  2155. UCHAR optionsBuffer[3];
  2156. PUCHAR optionsPointer = optionsBuffer;
  2157. PSECURITY_DESCRIPTOR addrSD = NULL;
  2159. if (DeviceObject == TCPDeviceObject) {
  2160. protocol = IP_PROTOCOL_TCP;
  2161. }
  2162. else if (DeviceObject == UDPDeviceObject) {
  2163. protocol = IP_PROTOCOL_UDP;
  2165. ASSERT(optionsPointer - optionsBuffer <= 3);
  2167. if (IsDHCPZeroAddress((TRANSPORT_ADDRESS UNALIGNED *)
  2168. &(targetEA->EaName[targetEA->EaNameLength + 1]))) {
  2170. if (!IsAdminIoRequest(Irp, IrpSp)) {
  2171. ExFreePool(tcpContext);
  2172. return(STATUS_ACCESS_DENIED);
  2173. }
  2175. *optionsPointer = TDI_ADDRESS_OPTION_DHCP;
  2176. optionsPointer++;
  2177. }
  2179. ASSERT(optionsPointer - optionsBuffer <= 3);
  2180. } else {
  2181. //
  2182. // This is a raw ip open.
  2183. //
  2185. //
  2186. // Only administrators can create raw addresses
  2187. // unless this is allowed through registry.
  2188. //
  2189. if (!AllowUserRawAccess && !IsAdminIoRequest(Irp, IrpSp)) {
  2190. ExFreePool(tcpContext);
  2191. return(STATUS_ACCESS_DENIED);
  2192. }
  2194. protocol = RawExtractProtocolNumber(
  2195. &(IrpSp->FileObject->FileName));
  2197. //
  2198. // We need to protect the IPv6Send routine's packet rewriting
  2199. // code (for fragmentation, header inclusion, etc) from getting
  2200. // confused by malformed extension headers coming from user-land.
  2201. // So we disallow these types.
  2202. //
  2203. if ((protocol == 0xFFFFFFFF) ||
  2204. IsExtensionHeader((uchar)protocol)) {
  2205. ExFreePool(tcpContext);
  2206. return(STATUS_INVALID_PARAMETER);
  2207. }
  2209. *optionsPointer = TDI_ADDRESS_OPTION_RAW;
  2210. optionsPointer++;
  2211. }
  2213. if ((IrpSp->Parameters.Create.ShareAccess & FILE_SHARE_READ) ||
  2214. (IrpSp->Parameters.Create.ShareAccess & FILE_SHARE_WRITE)) {
  2216. *optionsPointer = TDI_ADDRESS_OPTION_REUSE;
  2217. optionsPointer++;
  2218. }
  2220. *optionsPointer = TDI_OPTION_EOL;
  2222. Request.Handle.AddressHandle = NULL;
  2223. Request.RequestContext = Irp;
  2224. if (protocol == IP_PROTOCOL_TCP || protocol == IP_PROTOCOL_UDP) {
  2225. status = CaptureCreatorSD(Irp, IrpSp, &addrSD);
  2226. } else {
  2227. status = STATUS_SUCCESS;
  2228. }
  2230. IF_TCPDBG(TCP_DEBUG_OPEN) {
  2231. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_TCPDBG,
  2232. "TCPCreate: Opening address for file object %lx\n",
  2233. IrpSp->FileObject));
  2234. }
  2236. if (NT_SUCCESS(status)) {
  2237. status = TdiOpenAddress(&Request, (TRANSPORT_ADDRESS UNALIGNED *)
  2238. &(targetEA->EaName[targetEA->EaNameLength + 1]),
  2239. protocol, optionsBuffer, addrSD);
  2240. }
  2242. if (NT_SUCCESS(status)) {
  2243. //
  2244. // Save off the handle to the AO passed back.
  2245. //
  2246. tcpContext->Handle.AddressHandle = Request.Handle.AddressHandle;
  2247. IrpSp->FileObject->FsContext = tcpContext;
  2248. IrpSp->FileObject->FsContext2 = (PVOID) TDI_TRANSPORT_ADDRESS_FILE;
  2249. } else {
  2250. if (addrSD != NULL) {
  2251. ObDereferenceSecurityDescriptor(addrSD, 1);
  2252. }
  2253. ExFreePool(tcpContext);
  2254. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INTERNAL_ERROR,
  2255. "TdiOpenAddress failed, status %lx\n", status));
  2256. if (status == STATUS_ADDRESS_ALREADY_EXISTS) {
  2257. status = STATUS_SHARING_VIOLATION;
  2258. }
  2259. }
  2261. ASSERT(status != TDI_PENDING);
  2263. return(status);
  2264. }
  2266. //
  2267. // See if this is a Connection Object open.
  2268. //
  2269. targetEA = FindEA(ea, TdiConnectionContext, TDI_CONNECTION_CONTEXT_LENGTH);
  2271. if (targetEA != NULL) {
  2272. //
  2273. // This is an open of a Connection Object.
  2274. //
  2276. if (DeviceObject == TCPDeviceObject) {
  2277. //
  2278. // Keep W4 happy.
  2279. //
  2280. Request.Handle.ConnectionContext = NULL;
  2282. IF_TCPDBG(TCP_DEBUG_OPEN) {
  2283. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_TCPDBG,
  2284. "TCPCreate: Opening connection for file object %lx\n",
  2285. IrpSp->FileObject));
  2286. }
  2288. if (targetEA->EaValueLength < sizeof(CONNECTION_CONTEXT)) {
  2289. status = STATUS_EA_LIST_INCONSISTENT;
  2290. } else {
  2291. status = TdiOpenConnection(&Request,
  2292. *((CONNECTION_CONTEXT UNALIGNED *)
  2293. &(targetEA->EaName[targetEA->EaNameLength + 1])));
  2294. }
  2296. if (NT_SUCCESS(status)) {
  2297. //
  2298. // Save off the Connection Context passed back.
  2299. //
  2300. tcpContext->Handle.ConnectionContext =
  2301. Request.Handle.ConnectionContext;
  2302. IrpSp->FileObject->FsContext = tcpContext;
  2303. IrpSp->FileObject->FsContext2 = (PVOID) TDI_CONNECTION_FILE;
  2304. } else {
  2305. ExFreePool(tcpContext);
  2306. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INTERNAL_ERROR,
  2307. "TdiOpenConnection failed, status %lx\n", status));
  2308. }
  2309. } else {
  2310. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_USER_ERROR,
  2311. "TCP: TdiOpenConnection issued on UDP device!\n"));
  2312. status = STATUS_INVALID_DEVICE_REQUEST;
  2313. ExFreePool(tcpContext);
  2314. }
  2316. ASSERT(status != TDI_PENDING);
  2318. return(status);
  2319. }
  2321. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_USER_ERROR,
  2322. "TCPCreate: didn't find any useful ea's\n"));
  2323. status = STATUS_INVALID_EA_NAME;
  2324. ExFreePool(tcpContext);
  2326. ASSERT(status != TDI_PENDING);
  2328. return(status);
  2330. } // TCPCreate
  2333. //* IsAdminIoRequest -
  2334. //
  2335. // (Lifted from AFD - AfdPerformSecurityCheck)
  2336. // Compares security context of the endpoint creator to that
  2337. // of the administrator and local system.
  2338. //
  2339. BOOLEAN // return TRUE if socket creator has admin or local system privilege
  2340. IsAdminIoRequest(
  2341. PIRP Irp, // Pointer to I/O request packet.
  2342. PIO_STACK_LOCATION IrpSp) // Pointer to the I/O stack location to use for this request.
  2343. {
  2344. BOOLEAN accessGranted;
  2345. PACCESS_STATE accessState;
  2346. PIO_SECURITY_CONTEXT securityContext;
  2347. PPRIVILEGE_SET privileges = NULL;
  2348. ACCESS_MASK grantedAccess;
  2349. PGENERIC_MAPPING GenericMapping;
  2350. ACCESS_MASK AccessMask = GENERIC_ALL;
  2351. NTSTATUS Status;
  2353. //
  2354. // Enable access to all the globally defined SIDs
  2355. //
  2357. GenericMapping = IoGetFileObjectGenericMapping();
  2359. RtlMapGenericMask(&AccessMask, GenericMapping);
  2361. securityContext = IrpSp->Parameters.Create.SecurityContext;
  2362. accessState = securityContext->AccessState;
  2364. SeLockSubjectContext(&accessState->SubjectSecurityContext);
  2366. accessGranted = SeAccessCheck(TcpAdminSecurityDescriptor,
  2367. &accessState->SubjectSecurityContext,
  2368. TRUE,
  2369. AccessMask,
  2370. 0,
  2371. &privileges,
  2372. IoGetFileObjectGenericMapping(),
  2373. (KPROCESSOR_MODE) ((IrpSp->Flags & SL_FORCE_ACCESS_CHECK)
  2374. ? UserMode
  2375. : Irp->RequestorMode),
  2376. &grantedAccess,
  2377. &Status);
  2379. if (privileges) {
  2380. (VOID) SeAppendPrivileges(accessState,
  2381. privileges);
  2382. SeFreePrivileges(privileges);
  2383. }
  2384. if (accessGranted) {
  2385. accessState->PreviouslyGrantedAccess |= grantedAccess;
  2386. accessState->RemainingDesiredAccess &= ~(grantedAccess | MAXIMUM_ALLOWED);
  2387. ASSERT(NT_SUCCESS(Status));
  2388. } else {
  2389. ASSERT(!NT_SUCCESS(Status));
  2390. }
  2391. SeUnlockSubjectContext(&accessState->SubjectSecurityContext);
  2393. return accessGranted;
  2394. } // IsAdminIoRequest
  2397. //* TCPCloseObjectComplete -
  2398. //
  2399. // Completes a TdiCloseConnectoin or TdiCloseAddress request.
  2400. //
  2401. void // Returns: Nothing.
  2402. TCPCloseObjectComplete(
  2403. void *Context, // Pointer to the IRP for this request.
  2404. unsigned int Status, // Final status of the operation.
  2405. unsigned int UnUsed) // Unused parameter.
  2406. {
  2407. KIRQL oldIrql;
  2408. PIRP irp;
  2409. PIO_STACK_LOCATION irpSp;
  2410. PTCP_CONTEXT tcpContext;
  2412. UNREFERENCED_PARAMETER(UnUsed);
  2414. irp = (PIRP) Context;
  2415. irpSp = IoGetCurrentIrpStackLocation(irp);
  2416. tcpContext = (PTCP_CONTEXT) irpSp->FileObject->FsContext;
  2417. irp->IoStatus.Status = Status;
  2419. IF_TCPDBG(TCP_DEBUG_CLEANUP) {
  2420. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_TCPDBG,
  2421. "TCPCloseObjectComplete on file object %lx\n",
  2422. irpSp->FileObject));
  2423. }
  2425. KeAcquireSpinLock(&tcpContext->EndpointLock, &oldIrql);
  2427. ASSERT(tcpContext->ReferenceCount > 0);
  2428. ASSERT(tcpContext->CancelIrps);
  2430. //
  2431. // Remove the initial reference that was put on by TCPCreate.
  2432. //
  2433. ASSERT(tcpContext->ReferenceCount > 0);
  2435. IF_TCPDBG(TCP_DEBUG_IRP) {
  2436. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_TCPDBG,
  2437. "TCPCloseObjectComplete: "
  2438. "irp %lx fileobj %lx refcnt dec to %u\n",
  2439. irp, irpSp, tcpContext->ReferenceCount - 1));
  2440. }
  2442. if (--(tcpContext->ReferenceCount) == 0) {
  2444. IF_TCPDBG(TCP_DEBUG_CANCEL) {
  2445. ASSERT(IsListEmpty(&(tcpContext->CancelledIrpList)));
  2446. ASSERT(IsListEmpty(&(tcpContext->PendingIrpList)));
  2447. }
  2449. KeReleaseSpinLock(&tcpContext->EndpointLock, oldIrql);
  2450. KeSetEvent(&(tcpContext->CleanupEvent), 0, FALSE);
  2451. return;
  2452. }
  2454. KeReleaseSpinLock(&tcpContext->EndpointLock, oldIrql);
  2456. return;
  2458. } // TCPCloseObjectComplete
  2462. //* TCPCleanup -
  2463. //
  2464. // Cancels all outstanding Irps on a TDI object by calling the close
  2465. // routine for the object. It then waits for them to be completed
  2466. // before returning.
  2467. //
  2468. // This routine blocks, but does not pend.
  2469. //
  2470. NTSTATUS // Returns: whether the request was successfully queued.
  2471. TCPCleanup(
  2472. IN PDEVICE_OBJECT DeviceObject, // Device object for this request.
  2473. IN PIRP Irp, // I/O request packet.
  2474. IN PIO_STACK_LOCATION IrpSp) // Current stack location in the Irp.
  2475. {
  2476. KIRQL oldIrql;
  2477. PTCP_CONTEXT tcpContext;
  2478. NTSTATUS status;
  2479. TDI_REQUEST request;
  2481. UNREFERENCED_PARAMETER(DeviceObject);
  2483. tcpContext = (PTCP_CONTEXT) IrpSp->FileObject->FsContext;
  2485. KeAcquireSpinLock(&tcpContext->EndpointLock, &oldIrql);
  2487. tcpContext->CancelIrps = TRUE;
  2488. KeResetEvent(&(tcpContext->CleanupEvent));
  2490. KeReleaseSpinLock(&tcpContext->EndpointLock, oldIrql);
  2492. //
  2493. // Now call the TDI close routine for this object to force all of its Irps
  2494. // to complete.
  2495. //
  2496. request.RequestNotifyObject = TCPCloseObjectComplete;
  2497. request.RequestContext = Irp;
  2499. switch (PtrToUlong(IrpSp->FileObject->FsContext2)) {
  2501. case TDI_TRANSPORT_ADDRESS_FILE:
  2502. IF_TCPDBG(TCP_DEBUG_CLOSE) {
  2503. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_TCPDBG,
  2504. "TCPCleanup: Closing address object on file object %lx\n",
  2505. IrpSp->FileObject));
  2506. }
  2507. request.Handle.AddressHandle = tcpContext->Handle.AddressHandle;
  2508. status = TdiCloseAddress(&request);
  2509. break;
  2511. case TDI_CONNECTION_FILE:
  2512. IF_TCPDBG(TCP_DEBUG_CLOSE) {
  2513. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_TCPDBG,
  2514. "TCPCleanup: "
  2515. "Closing Connection object on file object %lx\n",
  2516. IrpSp->FileObject));
  2517. }
  2518. request.Handle.ConnectionContext =
  2519. tcpContext->Handle.ConnectionContext;
  2520. status = TdiCloseConnection(&request);
  2521. break;
  2523. case TDI_CONTROL_CHANNEL_FILE:
  2524. IF_TCPDBG(TCP_DEBUG_CLOSE) {
  2525. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_TCPDBG,
  2526. "TCPCleanup: Closing Control Channel object on"
  2527. " file object %lx\n", IrpSp->FileObject));
  2528. }
  2529. status = STATUS_SUCCESS;
  2530. break;
  2532. default:
  2533. //
  2534. // This should never happen.
  2535. //
  2536. ABORT();
  2538. KeAcquireSpinLock(&tcpContext->EndpointLock, &oldIrql);
  2539. tcpContext->CancelIrps = FALSE;
  2540. KeReleaseSpinLock(&tcpContext->EndpointLock, oldIrql);
  2542. return(STATUS_INVALID_PARAMETER);
  2543. }
  2545. if (status != TDI_PENDING) {
  2546. TCPCloseObjectComplete(Irp, status, 0);
  2547. }
  2549. IF_TCPDBG(TCP_DEBUG_CLEANUP) {
  2550. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_TCPDBG,
  2551. "TCPCleanup: waiting for completion of Irps on"
  2552. " file object %lx\n", IrpSp->FileObject));
  2553. }
  2555. status = KeWaitForSingleObject(&(tcpContext->CleanupEvent), UserRequest,
  2556. KernelMode, FALSE, NULL);
  2558. ASSERT(NT_SUCCESS(status));
  2560. IF_TCPDBG(TCP_DEBUG_CLEANUP) {
  2561. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_TCPDBG,
  2562. "TCPCleanup: Wait on file object %lx finished\n",
  2563. IrpSp->FileObject));
  2564. }
  2566. //
  2567. // The cleanup Irp will be completed by the dispatch routine.
  2568. //
  2570. return(Irp->IoStatus.Status);
  2572. } // TCPCleanup
  2575. //* TCPClose -
  2576. //
  2577. // Dispatch routine for MJ_CLOSE IRPs. Performs final cleanup of the
  2578. // open endpoint.
  2579. //
  2580. // This request does not pend.
  2581. //
  2582. NTSTATUS // Returns: whether the request was successfully queued.
  2583. TCPClose(
  2584. IN PIRP Irp, // I/O request packet.
  2585. IN PIO_STACK_LOCATION IrpSp) // Current stack location in the Irp.
  2586. {
  2587. PTCP_CONTEXT tcpContext;
  2589. UNREFERENCED_PARAMETER(Irp);
  2591. tcpContext = (PTCP_CONTEXT) IrpSp->FileObject->FsContext;
  2593. #if DBG
  2595. IF_TCPDBG(TCP_DEBUG_CANCEL) {
  2597. KIRQL oldIrql;
  2599. IoAcquireCancelSpinLock(&oldIrql);
  2601. ASSERT(tcpContext->ReferenceCount == 0);
  2602. ASSERT(IsListEmpty(&(tcpContext->PendingIrpList)));
  2603. ASSERT(IsListEmpty(&(tcpContext->CancelledIrpList)));
  2605. IoReleaseCancelSpinLock(oldIrql);
  2606. }
  2607. #endif // DBG
  2609. IF_TCPDBG(TCP_DEBUG_CLOSE) {
  2610. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_TCPDBG,
  2611. "TCPClose on file object %lx\n", IrpSp->FileObject));
  2612. }
  2614. ExFreePool(tcpContext);
  2616. return(STATUS_SUCCESS);
  2618. } // TCPClose
  2621. //* TCPDispatchDeviceControl -
  2622. //
  2623. NTSTATUS // Returns: whether the request was successfully queued.
  2624. TCPDispatchDeviceControl(
  2625. IN PIRP Irp, // I/O request packet.
  2626. IN PIO_STACK_LOCATION IrpSp) // Current stack location in the Irp.
  2627. {
  2628. NTSTATUS status;
  2630. PAGED_CODE();
  2632. //
  2633. // Set this in advance. Any IOCTL dispatch routine that cares about it
  2634. // will modify it itself.
  2635. //
  2636. Irp->IoStatus.Information = 0;
  2638. switch(IrpSp->Parameters.DeviceIoControl.IoControlCode) {
  2640. case IOCTL_TCP_QUERY_INFORMATION_EX:
  2641. return(TCPQueryInformationEx(Irp, IrpSp));
  2642. break;
  2644. case IOCTL_TCP_SET_INFORMATION_EX:
  2645. case IOCTL_TCP_WSH_SET_INFORMATION_EX:
  2646. return(TCPSetInformationEx(Irp, IrpSp));
  2647. break;
  2649. default:
  2650. status = STATUS_NOT_IMPLEMENTED;
  2651. break;
  2652. }
  2654. Irp->IoStatus.Status = status;
  2656. IoCompleteRequest(Irp, IO_NETWORK_INCREMENT);
  2658. return status;
  2660. } // TCPDispatchDeviceControl
  2663. //* TCPDispatchInternalDeviceControl -
  2664. //
  2665. // This is the dispatch routine for Internal Device Control IRPs.
  2666. // This is the hot path for kernel-mode clients.
  2667. //
  2668. NTSTATUS // Returns: whether the request was successfully queued.
  2669. TCPDispatchInternalDeviceControl(
  2670. IN PDEVICE_OBJECT DeviceObject, // Device object for target device.
  2671. IN PIRP Irp) // I/O request packet.
  2672. {
  2673. PIO_STACK_LOCATION irpSp;
  2674. NTSTATUS status;
  2676. if (DeviceObject != IPDeviceObject) {
  2678. irpSp = IoGetCurrentIrpStackLocation(Irp);
  2680. if (PtrToUlong(irpSp->FileObject->FsContext2) == TDI_CONNECTION_FILE) {
  2681. //
  2682. // Send and receive are the performance path, so check for them
  2683. // right away.
  2684. //
  2685. if (irpSp->MinorFunction == TDI_SEND) {
  2686. return(TCPSendData(Irp, irpSp));
  2687. }
  2689. if (irpSp->MinorFunction == TDI_RECEIVE) {
  2690. return(TCPReceiveData(Irp, irpSp));
  2691. }
  2693. switch(irpSp->MinorFunction) {
  2695. case TDI_ASSOCIATE_ADDRESS:
  2696. status = TCPAssociateAddress(Irp, irpSp);
  2697. Irp->IoStatus.Status = status;
  2698. Irp->IoStatus.Information = 0;
  2699. IoCompleteRequest(Irp, IO_NETWORK_INCREMENT);
  2701. return(status);
  2703. case TDI_DISASSOCIATE_ADDRESS:
  2704. return(TCPDisassociateAddress(Irp, irpSp));
  2706. case TDI_CONNECT:
  2707. return(TCPConnect(Irp, irpSp));
  2709. case TDI_DISCONNECT:
  2710. return(TCPDisconnect(Irp, irpSp));
  2712. case TDI_LISTEN:
  2713. return(TCPListen(Irp, irpSp));
  2715. case TDI_ACCEPT:
  2716. return(TCPAccept(Irp, irpSp));
  2718. default:
  2719. break;
  2720. }
  2722. //
  2723. // Fall through.
  2724. //
  2725. }
  2726. else if (PtrToUlong(irpSp->FileObject->FsContext2) ==
  2727. TDI_TRANSPORT_ADDRESS_FILE) {
  2729. if (irpSp->MinorFunction == TDI_SEND_DATAGRAM) {
  2730. return(UDPSendDatagram(Irp, irpSp));
  2731. }
  2733. if (irpSp->MinorFunction == TDI_RECEIVE_DATAGRAM) {
  2734. return(UDPReceiveDatagram(Irp, irpSp));
  2735. }
  2737. if (irpSp->MinorFunction == TDI_SET_EVENT_HANDLER) {
  2738. status = TCPSetEventHandler(Irp, irpSp);
  2740. Irp->IoStatus.Status = status;
  2741. Irp->IoStatus.Information = 0;
  2742. IoCompleteRequest(Irp, IO_NETWORK_INCREMENT);
  2744. return(status);
  2745. }
  2747. //
  2748. // Fall through.
  2749. //
  2750. }
  2752. ASSERT(
  2753. (PtrToUlong(irpSp->FileObject->FsContext2) == TDI_TRANSPORT_ADDRESS_FILE)
  2754. ||
  2755. (PtrToUlong(irpSp->FileObject->FsContext2) == TDI_CONNECTION_FILE)
  2756. ||
  2757. (PtrToUlong(irpSp->FileObject->FsContext2) == TDI_CONTROL_CHANNEL_FILE));
  2759. //
  2760. // These functions are common to all endpoint types.
  2761. //
  2762. switch(irpSp->MinorFunction) {
  2764. case TDI_QUERY_INFORMATION:
  2765. return(TCPQueryInformation(Irp, irpSp));
  2767. case TDI_SET_INFORMATION:
  2768. case TDI_ACTION:
  2769. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_USER_ERROR,
  2770. "TCP: Call to unimplemented TDI function 0x%p\n",
  2771. irpSp->MinorFunction));
  2772. status = STATUS_NOT_IMPLEMENTED;
  2773. break;
  2775. default:
  2776. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_USER_ERROR,
  2777. "TCP: call to invalid TDI function 0x%p\n",
  2778. irpSp->MinorFunction));
  2779. status = STATUS_INVALID_DEVICE_REQUEST;
  2780. }
  2782. ASSERT(status != TDI_PENDING);
  2784. Irp->IoStatus.Status = status;
  2785. Irp->IoStatus.Information = 0;
  2787. IoCompleteRequest(Irp, IO_NETWORK_INCREMENT);
  2789. return status;
  2790. }
  2792. return(IPDispatch(DeviceObject, Irp));
  2793. }
  2796. //* TCPDispatch -
  2797. //
  2798. // This is the generic dispatch routine for TCP/UDP/RawIP.
  2799. //
  2800. NTSTATUS // Returns: whether the request was successfully queued.
  2801. TCPDispatch(
  2802. IN PDEVICE_OBJECT DeviceObject, // Device object for target device.
  2803. IN PIRP Irp) // I/O request packet.
  2804. {
  2805. PIO_STACK_LOCATION irpSp;
  2806. NTSTATUS status;
  2808. if (DeviceObject != IPDeviceObject) {
  2810. irpSp = IoGetCurrentIrpStackLocation(Irp);
  2812. ASSERT(irpSp->MajorFunction != IRP_MJ_INTERNAL_DEVICE_CONTROL);
  2814. switch (irpSp->MajorFunction) {
  2816. case IRP_MJ_CREATE:
  2817. status = TCPCreate(DeviceObject, Irp, irpSp);
  2818. break;
  2820. case IRP_MJ_CLEANUP:
  2821. status = TCPCleanup(DeviceObject, Irp, irpSp);
  2822. break;
  2824. case IRP_MJ_CLOSE:
  2825. status = TCPClose(Irp, irpSp);
  2826. break;
  2828. case IRP_MJ_DEVICE_CONTROL:
  2829. status = TdiMapUserRequest(DeviceObject, Irp, irpSp);
  2831. if (status == STATUS_SUCCESS) {
  2832. return(TCPDispatchInternalDeviceControl(DeviceObject, Irp));
  2833. }
  2835. if (irpSp->Parameters.DeviceIoControl.IoControlCode ==
  2836. IOCTL_TDI_QUERY_DIRECT_SEND_HANDLER) {
  2837. if (Irp->RequestorMode == KernelMode) {
  2838. *(PULONG_PTR)irpSp->Parameters.DeviceIoControl.Type3InputBuffer = (ULONG_PTR)TCPSendData;
  2839. status = STATUS_SUCCESS;
  2840. } else {
  2841. status = STATUS_ACCESS_DENIED;
  2842. }
  2843. break;
  2844. }
  2846. return(TCPDispatchDeviceControl(Irp,
  2847. IoGetCurrentIrpStackLocation(Irp)));
  2848. break;
  2850. case IRP_MJ_QUERY_SECURITY:
  2851. //
  2852. // This is generated on Raw endpoints. We don't do anything
  2853. // for it.
  2854. //
  2855. status = STATUS_INVALID_DEVICE_REQUEST;
  2856. break;
  2858. case IRP_MJ_WRITE:
  2859. case IRP_MJ_READ:
  2861. default:
  2862. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_USER_ERROR,
  2863. "TCPDispatch: Irp %lx unsupported major function 0x%lx\n",
  2864. irpSp, irpSp->MajorFunction));
  2865. status = STATUS_INVALID_DEVICE_REQUEST;
  2866. break;
  2867. }
  2869. ASSERT(status != TDI_PENDING);
  2871. Irp->IoStatus.Status = status;
  2872. Irp->IoStatus.Information = 0;
  2874. IoCompleteRequest(Irp, IO_NETWORK_INCREMENT);
  2876. return status;
  2877. }
  2879. return(IPDispatch(DeviceObject, Irp));
  2881. } // TCPDispatch
  2884. //
  2885. // Private utility functions
  2886. //
  2888. //* FindEA -
  2889. //
  2890. // Parses and extended attribute list for a given target attribute.
  2891. //
  2892. FILE_FULL_EA_INFORMATION UNALIGNED * // Returns: requested attribute or NULL.
  2893. FindEA(
  2894. PFILE_FULL_EA_INFORMATION StartEA, // First extended attribute in list.
  2895. CHAR *TargetName, // Name of target attribute.
  2896. USHORT TargetNameLength) // Length of above.
  2897. {
  2898. USHORT i;
  2899. BOOLEAN found;
  2900. FILE_FULL_EA_INFORMATION UNALIGNED *CurrentEA;
  2902. PAGED_CODE();
  2904. do {
  2905. found = TRUE;
  2907. CurrentEA = StartEA;
  2908. StartEA += CurrentEA->NextEntryOffset;
  2910. if (CurrentEA->EaNameLength != TargetNameLength) {
  2911. continue;
  2912. }
  2914. for (i=0; i < CurrentEA->EaNameLength; i++) {
  2915. if (CurrentEA->EaName[i] == TargetName[i]) {
  2916. continue;
  2917. }
  2918. found = FALSE;
  2919. break;
  2920. }
  2922. if (found) {
  2923. return(CurrentEA);
  2924. }
  2926. } while(CurrentEA->NextEntryOffset != 0);
  2928. return(NULL);
  2929. }
  2931. //* IsDHCPZeroAddress -
  2932. //
  2933. // Checks a TDI IP address list for an address from DHCP binding
  2934. // to the IP address zero. Normally, binding to zero means wildcard.
  2935. // For DHCP, it really means bind to an interface with an address of
  2936. // zero. This semantic is flagged by a special value in an unused
  2937. // portion of the address structure (ie. this is a kludge).
  2938. //
  2939. BOOLEAN // Returns: TRUE iff first IP address found had the flag set.
  2940. IsDHCPZeroAddress(
  2941. TRANSPORT_ADDRESS UNALIGNED *AddrList) // TDI transport address list
  2942. // passed in the create IRP.
  2943. {
  2944. int i; // Index variable.
  2945. TA_ADDRESS *CurrentAddr; // Address we're examining and may use.
  2947. // First, verify that someplace in Address is an address we can use.
  2948. CurrentAddr = (TA_ADDRESS *)AddrList->Address;
  2950. for (i = 0; i < AddrList->TAAddressCount; i++) {
  2951. if (CurrentAddr->AddressType == TDI_ADDRESS_TYPE_IP) {
  2952. if (CurrentAddr->AddressLength == TDI_ADDRESS_LENGTH_IP) {
  2953. TDI_ADDRESS_IP UNALIGNED *ValidAddr;
  2955. ValidAddr = (TDI_ADDRESS_IP UNALIGNED *)CurrentAddr->Address;
  2957. if (*((ULONG UNALIGNED *) ValidAddr->sin_zero) == 0x12345678) {
  2958. return TRUE;
  2959. }
  2961. } else {
  2962. return FALSE; // Wrong length for address.
  2963. }
  2964. } else {
  2965. CurrentAddr = (TA_ADDRESS *)
  2966. (CurrentAddr->Address + CurrentAddr->AddressLength);
  2967. }
  2968. }
  2970. return FALSE; // Didn't find a match.
  2971. }
  2974. //* TCPGetMdlChainByteCount -
  2975. //
  2976. // Sums the byte counts of each MDL in a chain.
  2977. //
  2978. ULONG // Returns: byte count of the MDL chain.
  2979. TCPGetMdlChainByteCount(
  2980. PMDL Mdl) // MDL chain to sum.
  2981. {
  2982. ULONG count = 0;
  2984. while (Mdl != NULL) {
  2985. count += MmGetMdlByteCount(Mdl);
  2986. Mdl = Mdl->Next;
  2987. }
  2989. return(count);
  2990. }
  2993. //* RawExtractProtocolNumber -
  2994. //
  2995. // Extracts the protocol number from the file object name.
  2996. //
  2997. ULONG // Returns: the protocol number or 0xFFFFFFFF on error.
  2998. RawExtractProtocolNumber(
  2999. IN PUNICODE_STRING FileName) // File name (Unicode).
  3000. {
  3001. PWSTR name;
  3002. UNICODE_STRING unicodeString;
  3003. ULONG protocol;
  3004. NTSTATUS status;
  3006. PAGED_CODE();
  3008. name = FileName->Buffer;
  3010. if (FileName->Length < (sizeof(OBJ_NAME_PATH_SEPARATOR) + sizeof(WCHAR))) {
  3011. return(0xFFFFFFFF);
  3012. }
  3014. //
  3015. // Step over separator.
  3016. //
  3017. if (*name++ != OBJ_NAME_PATH_SEPARATOR) {
  3018. return(0xFFFFFFFF);
  3019. }
  3021. if (*name == UNICODE_NULL) {
  3022. return(0xFFFFFFFF);
  3023. }
  3025. //
  3026. // Convert the remaining name into a number.
  3027. //
  3028. RtlInitUnicodeString(&unicodeString, name);
  3030. status = RtlUnicodeStringToInteger(&unicodeString, 10, &protocol);
  3032. if (!NT_SUCCESS(status)) {
  3033. return(0xFFFFFFFF);
  3034. }
  3036. if (protocol > 255) {
  3037. return(0xFFFFFFFF);
  3038. }
  3040. return(protocol);
  3041. }
  3043. //* CaptureCreatorSD -
  3044. //
  3045. // Captures the security-descriptor associated with an IRP_MJ_CREATE request.
  3046. //
  3047. NTSTATUS // Returns: status of the capture attempt.
  3048. CaptureCreatorSD(
  3049. PIRP Irp, // IRP_MJ_CREATE request packet.
  3050. PIO_STACK_LOCATION IrpSp, // Stack-location containing create parameters.
  3051. OUT PSECURITY_DESCRIPTOR* CreatorSD) // Receives the captured SD.
  3052. {
  3053. NTSTATUS status;
  3054. PSECURITY_DESCRIPTOR mergedSD;
  3055. PACCESS_STATE accessState =
  3056. IrpSp->Parameters.Create.SecurityContext->AccessState;
  3058. PAGED_CODE();
  3060. if (Irp->RequestorMode == KernelMode &&
  3061. IrpSp->Parameters.Create.ShareAccess == 0 &&
  3062. accessState->SecurityDescriptor == NULL) {
  3063. *CreatorSD = NULL;
  3064. status = STATUS_SUCCESS;
  3065. } else {
  3066. //
  3067. // Take a read-lock on the subject security context for the request,
  3068. // and merge the request's SD into a new SD.
  3069. //
  3070. SeLockSubjectContext(&accessState->SubjectSecurityContext);
  3071. status = SeAssignSecurity(NULL, accessState->SecurityDescriptor,
  3072. &mergedSD, FALSE,
  3073. &accessState->SubjectSecurityContext,
  3074. IoGetFileObjectGenericMapping(), PagedPool);
  3075. SeUnlockSubjectContext(&accessState->SubjectSecurityContext);
  3076. if (NT_SUCCESS(status)) {
  3077. // Request a tracked and referenced copy of the merged SD.
  3079. status = ObLogSecurityDescriptor(mergedSD, CreatorSD, 1);
  3080. ExFreePool(mergedSD);
  3081. }
  3082. }
  3083. return status;
  3084. }