archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 827363a95b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '827363a95b'
${ noResults }
windows-server-2003/net/rras/ip/nat/timer.c

527 lines
14 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 1997 Microsoft Corporation
  5. Module:
  7. timer.c
  9. Abstract:
  11. Contains code for the NAT's periodic-timer routine.
  13. Author:
  15. Abolade Gbadegesin (t-abolag) 22-July-1997
  17. Revision History:
  19. --*/
  21. #include "precomp.h"
  22. #pragma hdrstop
  24. //
  25. // Defines the interval at which the timer fires, in 100-nanosecond intervals
  26. //
  28. #define TIMER_INTERVAL (60 * 1000 * 1000 * 10)
  30. //
  31. // DPC object for stress-triggered invocations of NatTimerRoutine
  32. //
  34. KDPC CleanupDpcObject;
  36. //
  37. // Flag indicating whether stress-triggered cleanup has been scheduled.
  38. //
  40. ULONG CleanupDpcPending;
  42. //
  43. // Return-value of KeQueryTimeIncrement, used for normalizing tick-counts
  44. //
  46. ULONG TimeIncrement;
  48. //
  49. // DPC object for NatTimerRoutine
  50. //
  52. KDPC TimerDpcObject;
  54. //
  55. // Timer object for NatTimerRoutine
  56. //
  58. KTIMER TimerObject;
  60. //
  61. // FORWARD DECLARATIONS
  62. //
  64. VOID
  65. NatCleanupDpcRoutine(
  66. PKDPC Dpc,
  67. PVOID DeferredContext,
  68. PVOID SystemArgument1,
  69. PVOID SystemArgument2
  70. );
  72. VOID
  73. NatTimerRoutine(
  74. PKDPC Dpc,
  75. PVOID DeferredContext,
  76. PVOID SystemArgument1,
  77. PVOID SystemArgument2
  78. );
  81. VOID
  82. NatCleanupDpcRoutine(
  83. PKDPC Dpc,
  84. PVOID DeferredContext,
  85. PVOID SystemArgument1,
  86. PVOID SystemArgument2
  87. )
  88. {
  89. KIRQL Irql;
  90. PLIST_ENTRY Link;
  91. PNAT_DYNAMIC_MAPPING Mapping;
  93. KeAcquireSpinLock(&MappingLock, &Irql);
  94. for (Link = MappingList.Flink; Link != &MappingList; Link = Link->Flink) {
  95. Mapping = CONTAINING_RECORD(Link, NAT_DYNAMIC_MAPPING, Link);
  96. if (NAT_MAPPING_EXPIRED(Mapping)) {
  97. Link = Link->Blink;
  98. NatDeleteMapping(Mapping);
  99. }
  100. }
  101. KeReleaseSpinLock(&MappingLock, Irql);
  103. InterlockedExchange(&CleanupDpcPending, FALSE);
  104. }
  107. VOID
  108. NatInitializeTimerManagement(
  109. VOID
  110. )
  112. /*++
  114. Routine Description:
  116. This routine is called to initialize the timer-management module,
  117. in preparation for active operation.
  119. Arguments:
  121. none.
  123. Return Value:
  125. none.
  127. --*/
  129. {
  130. CALLTRACE(("NatInitializeTimerManagement\n"));
  131. TimeIncrement = KeQueryTimeIncrement();
  132. KeInitializeDpc(&TimerDpcObject, NatTimerRoutine, NULL);
  133. KeInitializeTimer(&TimerObject);
  134. CleanupDpcPending = FALSE;
  135. KeInitializeDpc(&CleanupDpcObject, NatCleanupDpcRoutine, NULL);
  136. } // NatInitializeTimerManagement
  139. VOID
  140. NatShutdownTimerManagement(
  141. VOID
  142. )
  144. /*++
  146. Routine Description:
  148. This routine is called to shutdown the timer management module.
  150. Arguments:
  152. none.
  154. Return Value:
  156. none.
  158. --*/
  160. {
  161. CALLTRACE(("NatShutdownTimerManagement\n"));
  162. NatStopTimer();
  163. } // NatShutdownTimerManagement
  166. VOID
  167. NatStartTimer(
  168. VOID
  169. )
  171. /*++
  173. Routine Description:
  175. This routine is invoked to start the periodic timer.
  177. Arguments:
  179. none.
  181. Return Value:
  183. none.
  185. --*/
  187. {
  188. LARGE_INTEGER DueTime;
  190. //
  191. // Launch the periodic timer
  192. //
  194. DueTime.LowPart = TIMER_INTERVAL;
  195. DueTime.HighPart = 0;
  196. DueTime = RtlLargeIntegerNegate(DueTime);
  197. KeSetTimerEx(
  198. &TimerObject,
  199. DueTime,
  200. TIMER_INTERVAL / 10000,
  201. &TimerDpcObject
  202. );
  203. }
  206. VOID
  207. NatStopTimer(
  208. VOID
  209. )
  211. /*++
  213. Routine Description:
  215. This routine is invoked to stop the periodic timer.
  217. Arguments:
  219. none.
  221. Return Value:
  223. none.
  225. --*/
  227. {
  228. KeCancelTimer(&TimerObject);
  229. }
  232. VOID
  233. NatTimerRoutine(
  234. PKDPC Dpc,
  235. PVOID DeferredContext,
  236. PVOID SystemArgument1,
  237. PVOID SystemArgument2
  238. )
  240. /*++
  242. Routine Description:
  244. This routine is invoked periodically to garbage-collect expired mappings.
  246. Arguments:
  248. Dpc - associated DPC object
  250. DeferredContext - unused.
  252. SystemArgument1 - unused.
  254. SystemArgument2 - unused.
  256. Return Value:
  258. none.
  260. --*/
  262. {
  263. LONG64 CurrentTime;
  264. PNAT_EDITOR Editor;
  265. PNAT_ICMP_MAPPING IcmpMapping;
  266. PNAT_INTERFACE Interfacep;
  267. PNAT_IP_MAPPING IpMapping;
  268. KIRQL Irql;
  269. PLIST_ENTRY Link;
  270. PNAT_DYNAMIC_MAPPING Mapping;
  271. PNAT_PPTP_MAPPING PptpMapping;
  272. LONG64 PptpMinAccessTime;
  273. UCHAR Protocol;
  274. PRTL_SPLAY_LINKS SLink;
  275. PNAT_TICKET Ticketp;
  276. LONG64 Timeout;
  277. LONG64 TcpMinAccessTime;
  278. LONG64 UdpMinAccessTime;
  280. CALLTRACE(("NatTimerRoutine\n"));
  282. //
  283. // Compute the minimum values allowed in TCP/UDP 'LastAccessTime' fields;
  284. // any mappings last accessed before these thresholds will be eliminated.
  285. //
  287. KeQueryTickCount((PLARGE_INTEGER)&CurrentTime);
  288. TcpMinAccessTime = CurrentTime - SECONDS_TO_TICKS(TcpTimeoutSeconds);
  289. UdpMinAccessTime = CurrentTime - SECONDS_TO_TICKS(UdpTimeoutSeconds);
  290. PptpMinAccessTime = CurrentTime - SECONDS_TO_TICKS(2 * UdpTimeoutSeconds);
  292. //
  293. // Update mapping statistics and clean out expired mappings,
  294. // using the above precomputed minimum access times
  295. //
  297. KeAcquireSpinLock(&MappingLock, &Irql);
  298. for (Link = MappingList.Flink; Link != &MappingList; Link = Link->Flink) {
  300. Mapping = CONTAINING_RECORD(Link, NAT_DYNAMIC_MAPPING, Link);
  301. NatUpdateStatisticsMapping(Mapping);
  303. //
  304. // Don't check for expiration if the mapping is marked no-timeout;
  305. // however, if it is detached from its director, then go ahead
  306. // with the expiration-check.
  307. //
  309. if (!NAT_MAPPING_EXPIRED(Mapping) && NAT_MAPPING_NO_TIMEOUT(Mapping) &&
  310. Mapping->Director) {
  311. continue;
  312. }
  314. //
  315. // See if the mapping has expired
  316. //
  318. KeAcquireSpinLockAtDpcLevel(&Mapping->Lock);
  319. Protocol = MAPPING_PROTOCOL(Mapping->SourceKey[NatForwardPath]);
  320. if (!NAT_MAPPING_EXPIRED(Mapping)) {
  321. //
  322. // The mapping is not explicitly marked for expiration;
  323. // see if its last access time is too long ago
  324. //
  325. if (Protocol == NAT_PROTOCOL_TCP) {
  326. if (!NAT_MAPPING_INBOUND(Mapping)) {
  327. if ((Mapping->Flags & NAT_MAPPING_FLAG_FWD_SYN)
  328. && !(Mapping->Flags & NAT_MAPPING_FLAG_REV_SYN)) {
  330. //
  331. // This is an outbound connection for which we've seen
  332. // the outbound SYN (which means we've been tracking
  333. // it from the beginning), but not an inbound SYN. We
  334. // want to use a smaller timeout here so that we may
  335. // reclaim memory for mappings created for connection
  336. // attempts to non-existant servers. (A large number
  337. // of these types of mappings would exist if a machine
  338. // on the private network is performing some sort of a
  339. // network scan; e.g., a machine infected w/ nimda.)
  340. //
  342. if (Mapping->LastAccessTime >= UdpMinAccessTime) {
  343. KeReleaseSpinLockFromDpcLevel(&Mapping->Lock);
  344. continue;
  345. }
  346. }
  347. else if (Mapping->LastAccessTime >= TcpMinAccessTime) {
  348. KeReleaseSpinLockFromDpcLevel(&Mapping->Lock);
  349. continue;
  350. }
  351. } else if (!NAT_MAPPING_TCP_OPEN(Mapping)) {
  353. //
  354. // This is an inbound connection for which we have not
  355. // yet completed the 3-way handshake. We want to use
  356. // a shorter timeout here to reduce memory consumption
  357. // in those cases where someone is performing a synflood
  358. // against us.
  359. //
  361. if (Mapping->LastAccessTime >= UdpMinAccessTime) {
  362. KeReleaseSpinLockFromDpcLevel(&Mapping->Lock);
  363. continue;
  364. }
  365. } else if (Mapping->LastAccessTime >= TcpMinAccessTime) {
  366. KeReleaseSpinLockFromDpcLevel(&Mapping->Lock);
  367. continue;
  368. }
  369. }
  370. else
  371. if (Mapping->LastAccessTime >= UdpMinAccessTime) {
  372. KeReleaseSpinLockFromDpcLevel(&Mapping->Lock);
  373. continue;
  374. }
  375. }
  376. KeReleaseSpinLockFromDpcLevel(&Mapping->Lock);
  378. //
  379. // The mapping has expired; remove it
  380. //
  382. TRACE(
  383. MAPPING, (
  384. "NatTimerRoutine: >Source,Destination=%016I64X:%016I64X\n",
  385. Mapping->SourceKey[NatForwardPath],
  386. Mapping->DestinationKey[NatForwardPath]
  387. ));
  388. TRACE(
  389. MAPPING, (
  390. "NatTimerRoutine: <Source,Destination=%016I64X:%016I64X\n",
  391. Mapping->SourceKey[NatReversePath],
  392. Mapping->DestinationKey[NatReversePath]
  393. ));
  395. Link = Link->Blink;
  396. NatDeleteMapping(Mapping);
  397. }
  398. KeReleaseSpinLockFromDpcLevel(&MappingLock);
  400. //
  401. // Traverse the PPTP-mapping list and remove all expired entries.
  402. //
  404. KeAcquireSpinLockAtDpcLevel(&PptpMappingLock);
  405. for (Link = PptpMappingList[NatInboundDirection].Flink;
  406. Link != &PptpMappingList[NatInboundDirection]; Link = Link->Flink) {
  407. PptpMapping =
  408. CONTAINING_RECORD(
  409. Link, NAT_PPTP_MAPPING, Link[NatInboundDirection]
  410. );
  411. if (!NAT_PPTP_DISCONNECTED(PptpMapping) &&
  412. PptpMapping->LastAccessTime >= PptpMinAccessTime) {
  413. continue;
  414. }
  415. Link = Link->Blink;
  416. RemoveEntryList(&PptpMapping->Link[NatInboundDirection]);
  417. RemoveEntryList(&PptpMapping->Link[NatOutboundDirection]);
  418. TRACE(
  419. MAPPING, ("NatTimerRoutine: Pptp=%016I64X:%016I64X:%d:%d:%d\n",
  420. PptpMapping->PrivateKey,
  421. PptpMapping->PublicKey,
  422. PptpMapping->PrivateCallId,
  423. PptpMapping->PublicCallId,
  424. PptpMapping->RemoteCallId
  425. ));
  426. FREE_PPTP_BLOCK(PptpMapping);
  427. }
  428. KeReleaseSpinLockFromDpcLevel(&PptpMappingLock);
  430. //
  431. // Traverse the ICMP-mapping list and remove each expired entry.
  432. //
  434. KeAcquireSpinLockAtDpcLevel(&IcmpMappingLock);
  435. for (Link = IcmpMappingList[NatInboundDirection].Flink;
  436. Link != &IcmpMappingList[NatInboundDirection]; Link = Link->Flink) {
  437. IcmpMapping =
  438. CONTAINING_RECORD(
  439. Link, NAT_ICMP_MAPPING, Link[NatInboundDirection]
  440. );
  441. if (IcmpMapping->LastAccessTime >= UdpMinAccessTime) { continue; }
  442. Link = Link->Blink;
  443. RemoveEntryList(&IcmpMapping->Link[NatInboundDirection]);
  444. RemoveEntryList(&IcmpMapping->Link[NatOutboundDirection]);
  445. TRACE(
  446. MAPPING,
  447. ("NatTimerRoutine: Icmp=%016I64X:%04X::%016I64X:%04X\n",
  448. IcmpMapping->PrivateKey, IcmpMapping->PrivateId,
  449. IcmpMapping->PublicKey, IcmpMapping->PublicId
  450. ));
  451. FREE_ICMP_BLOCK(IcmpMapping);
  452. }
  453. KeReleaseSpinLockFromDpcLevel(&IcmpMappingLock);
  455. //
  456. // Traverse the interface's IP-mapping list
  457. // and remove each expired entry.
  458. //
  460. KeAcquireSpinLockAtDpcLevel(&IpMappingLock);
  461. for (Link = IpMappingList[NatInboundDirection].Flink;
  462. Link != &IpMappingList[NatInboundDirection]; Link = Link->Flink) {
  463. IpMapping =
  464. CONTAINING_RECORD(
  465. Link, NAT_IP_MAPPING, Link[NatInboundDirection]
  466. );
  467. if (IpMapping->LastAccessTime >= UdpMinAccessTime) { continue; }
  468. Link = Link->Blink;
  469. RemoveEntryList(&IpMapping->Link[NatInboundDirection]);
  470. RemoveEntryList(&IpMapping->Link[NatOutboundDirection]);
  471. TRACE(
  472. MAPPING, (
  473. "NatTimerRoutine: Ip=%d:%016I64X:%016I64X\n",
  474. IpMapping->Protocol, IpMapping->PrivateKey, IpMapping->PublicKey
  475. ));
  476. FREE_IP_BLOCK(IpMapping);
  477. }
  478. KeReleaseSpinLockFromDpcLevel(&IpMappingLock);
  480. //
  481. // Garbage collect all interfaces' structures
  482. //
  484. KeAcquireSpinLockAtDpcLevel(&InterfaceLock);
  486. for (Link = InterfaceList.Flink; Link != &InterfaceList;
  487. Link = Link->Flink) {
  489. Interfacep = CONTAINING_RECORD(Link, NAT_INTERFACE, Link);
  491. //
  492. // Traverse the interface's ticket list
  493. //
  495. KeAcquireSpinLockAtDpcLevel(&Interfacep->Lock);
  496. for (Link = Interfacep->TicketList.Flink;
  497. Link != &Interfacep->TicketList; Link = Link->Flink) {
  498. Ticketp = CONTAINING_RECORD(Link, NAT_TICKET, Link);
  499. if (NAT_TICKET_PERSISTENT(Ticketp)) { continue; }
  500. if (Ticketp->LastAccessTime >= UdpMinAccessTime) { continue; }
  501. Link = Link->Blink;
  502. NatDeleteTicket(Interfacep, Ticketp);
  503. }
  504. KeReleaseSpinLockFromDpcLevel(&Interfacep->Lock);
  505. Link = &Interfacep->Link;
  506. }
  507. KeReleaseSpinLock(&InterfaceLock, Irql);
  508. return;
  510. } // NatTimerRoutine
  513. VOID
  514. NatTriggerTimer(
  515. VOID
  516. )
  517. {
  518. if (!InterlockedCompareExchange(&CleanupDpcPending, TRUE, FALSE)) {
  519. #if DBG
  520. DbgPrint("NatTriggerTimer: scheduling DPC\n");
  521. #endif
  522. KeInsertQueueDpc(&CleanupDpcObject, NULL, NULL);
  523. }
  524. }