archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
1 Branch
0 Tags
4.9 GiB
Tree: 827363a95b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '827363a95b'
${ noResults }
windows-server-2003/net/tcpip/driver/ipsec/shim/nsconn.c

1180 lines
29 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 1997-2001 Microsoft Corporation
  5. Module Name:
  7. NsConn.c
  9. Abstract:
  11. IpSec NAT shim connection entry management
  13. Author:
  15. Jonathan Burstein (jonburs) 11-July-2001
  17. Environment:
  19. Kernel mode
  21. Revision History:
  23. --*/
  25. #include "precomp.h"
  26. #pragma hdrstop
  28. //
  29. // Global Variables
  30. //
  32. CACHE_ENTRY NsConnectionCache[CACHE_SIZE];
  33. ULONG NsConnectionCount;
  34. LIST_ENTRY NsConnectionList;
  35. KSPIN_LOCK NsConnectionLock;
  36. NPAGED_LOOKASIDE_LIST NsConnectionLookasideList;
  37. PNS_CONNECTION_ENTRY NsConnectionTree[NsMaximumDirection];
  38. USHORT NsNextSourcePort;
  40. //
  41. // Function Prototypes
  42. //
  44. PNS_CONNECTION_ENTRY
  45. NspInsertInboundConnectionEntry(
  46. PNS_CONNECTION_ENTRY pParent,
  47. PNS_CONNECTION_ENTRY pEntry
  48. );
  50. PNS_CONNECTION_ENTRY
  51. NspInsertOutboundConnectionEntry(
  52. PNS_CONNECTION_ENTRY pParent,
  53. PNS_CONNECTION_ENTRY pEntry
  54. );
  57. NTSTATUS
  58. NsAllocateSourcePort(
  59. ULONG64 ul64AddressKey,
  60. ULONG ulPortKey,
  61. UCHAR ucProtocol,
  62. BOOLEAN fPortConflicts,
  63. PNS_CONNECTION_ENTRY *ppOutboundInsertionPoint,
  64. PULONG pulTranslatedPortKey
  65. )
  67. /*++
  69. Routine Description:
  71. Called to allocate a source port for a connection entry. If the original
  72. port does not conflict with any existing connection entry it will be used.
  74. Arguments:
  76. ul64AddressKey - the addressing information for the connection
  78. ulPortKey - the original port information for the connection
  80. ucProtocol - the protocol for the connection
  82. fPortConflicts - if TRUE, indicates that the caller knows that the original
  83. port information conflicts w/ an existing connection. If FALSE the
  84. caller does not know whether or not a conflict definately exists.
  86. ppOutboundInsertionPoint - receives the insertion point for the
  87. outbound path
  89. pulTranslatedPortKey - on success, receives the allocated port information.
  91. Return Value:
  93. NTSTATUS.
  95. Environment:
  97. Invoked with NsConnectionLock held by the caller.
  99. --*/
  101. {
  102. NTSTATUS Status = STATUS_UNSUCCESSFUL;
  103. ULONG ulOutboundPortKey;
  104. USHORT usLocalPort;
  105. USHORT usStopPort;
  107. ASSERT(NULL != ppOutboundInsertionPoint);
  108. ASSERT(NULL != pulTranslatedPortKey);
  110. TRACE(
  111. PORT_ALLOC,
  112. ("NsAllocateSourcePort: %d: %d.%d.%d.%d/%d -> %d.%d.%d.%d/%d\n",
  113. ucProtocol,
  114. ADDRESS_BYTES(CONNECTION_REMOTE_ADDRESS(ul64AddressKey)),
  115. NTOHS(CONNECTION_REMOTE_PORT(ulPortKey)),
  116. ADDRESS_BYTES(CONNECTION_LOCAL_ADDRESS(ul64AddressKey)),
  117. NTOHS(CONNECTION_LOCAL_PORT(ulPortKey))
  118. ));
  120. usLocalPort = CONNECTION_LOCAL_PORT(ulPortKey);
  122. if (FALSE == fPortConflicts)
  123. {
  124. //
  125. // The caller indicates that the remote port does not
  126. // conflict on the inbound path, so we'll first attempt
  127. // to use the original port.
  128. //
  130. ulOutboundPortKey = ulPortKey;
  131. usStopPort =
  132. (NS_SOURCE_PORT_END == NsNextSourcePort
  133. ? NS_SOURCE_PORT_BASE
  134. : NsNextSourcePort + 1);
  135. }
  136. else
  137. {
  138. //
  139. // The caller indicates that the remote port conflicts
  140. // on the inbound path, so we'll assume that it also
  141. // conflicts on the outbound path and start by trying
  142. // out a new port.
  143. //
  145. usStopPort = NsNextSourcePort--;
  147. MAKE_PORT_KEY(
  148. ulOutboundPortKey,
  149. usLocalPort,
  150. usStopPort
  151. );
  153. if (NsNextSourcePort < NS_SOURCE_PORT_BASE)
  154. {
  155. NsNextSourcePort = NS_SOURCE_PORT_END;
  156. }
  157. }
  159. do
  160. {
  161. //
  162. // Check to see if our current candidate conflicts
  163. // with any connection entries on the outbound path.
  164. //
  166. if (NULL ==
  167. NsLookupOutboundConnectionEntry(
  168. ul64AddressKey,
  169. ulOutboundPortKey,
  170. ucProtocol,
  171. ppOutboundInsertionPoint
  172. ))
  173. {
  174. //
  175. // No conflict was found -- break out of the loop and
  176. // return this info to the caller.
  177. //
  179. TRACE(PORT_ALLOC, ("NsAllocateSourcePort: Assigning %d\n",
  180. NTOHS(CONNECTION_REMOTE_PORT(ulOutboundPortKey))));
  182. *pulTranslatedPortKey = ulOutboundPortKey;
  183. Status = STATUS_SUCCESS;
  184. break;
  185. }
  187. //
  188. // This candidate conflicted; move on to the next.
  189. //
  191. MAKE_PORT_KEY(
  192. ulOutboundPortKey,
  193. usLocalPort,
  194. NsNextSourcePort--
  195. );
  197. if (NsNextSourcePort < NS_SOURCE_PORT_BASE)
  198. {
  199. NsNextSourcePort = NS_SOURCE_PORT_END;
  200. }
  201. }
  202. while (usStopPort != CONNECTION_REMOTE_PORT(ulOutboundPortKey));
  204. TRACE(PORT_ALLOC, ("NsAllocateSourcePort: No port available\n"));
  206. return Status;
  207. } // NsAllocateSourcePort
  210. VOID
  211. NsCleanupConnectionEntry(
  212. PNS_CONNECTION_ENTRY pEntry
  213. )
  215. /*++
  217. Routine Description:
  219. Called to perform final cleanup for a connection entry.
  221. Arguments:
  223. pEntry - the connection entry to be deleted.
  225. Return Value:
  227. none.
  229. Environment:
  231. Invoked with the last reference to the connection entry released.
  233. --*/
  235. {
  236. TRACE(CONN_LIFETIME, ("NsCleanupConnectionEntry\n"));
  237. ASSERT(NULL != pEntry);
  239. FREE_CONNECTION_BLOCK(pEntry);
  240. } // NsCleanupConnectionEntry
  243. NTSTATUS
  244. NsCreateConnectionEntry(
  245. ULONG64 ul64AddressKey,
  246. ULONG ulInboundPortKey,
  247. ULONG ulOutboundPortKey,
  248. UCHAR ucProtocol,
  249. PVOID pvIpSecContext,
  250. PNS_CONNECTION_ENTRY pInboundInsertionPoint,
  251. PNS_CONNECTION_ENTRY pOutboundInsertionPoint,
  252. PNS_CONNECTION_ENTRY *ppNewEntry
  253. )
  255. /*++
  257. Routine Description:
  259. Called to create a connection entry. On success, the connection entry
  260. will have been referenced twice -- the initial reference for the entry
  261. (which is released in NsDeleteConnectionEntry) and a reference for the
  262. caller. Thus, the caller must call NsDereferenceConnectionEntry on the
  263. new entry.
  265. Arguments:
  267. ul64AddressKey - the addressing information for this entry
  269. ulInboundPortKey - the inbound (original) ports for this entry
  271. ulOutboundPortKey - the outbound (translated) ports for this entry
  273. ucProtocol - the protocol for this entry
  275. pvIpSecContext - the IpSec context for this entry
  277. p*InsertionPoint - the inbound and outbound insertion points (normally
  278. obtained through NsAllocateSourcePort).
  280. ppEntry - receives a pointer to the newley-created connection entry. The
  281. caller must call NsDereferenceConnectionEntry on this pointer.
  283. Return Value:
  285. NTSTATUS - indicates success/failure.
  287. Environment:
  289. Invoked with 'NsConnectionLock' held by the caller.
  291. --*/
  293. {
  294. PNS_CONNECTION_ENTRY pEntry;
  296. TRACE(
  297. CONN_LIFETIME,
  298. ("NsCreateConnectionEntry: %d: %d.%d.%d.%d/%d/%d -> %d.%d.%d.%d/%d : %d\n",
  299. ucProtocol,
  300. ADDRESS_BYTES(CONNECTION_REMOTE_ADDRESS(ul64AddressKey)),
  301. NTOHS(CONNECTION_REMOTE_PORT(ulInboundPortKey)),
  302. NTOHS(CONNECTION_REMOTE_PORT(ulOutboundPortKey)),
  303. ADDRESS_BYTES(CONNECTION_LOCAL_ADDRESS(ul64AddressKey)),
  304. NTOHS(CONNECTION_LOCAL_PORT(ulInboundPortKey)),
  305. pvIpSecContext
  306. ));
  308. ASSERT(NULL != ppNewEntry);
  309. ASSERT(NS_PROTOCOL_TCP == ucProtocol || NS_PROTOCOL_UDP == ucProtocol);
  311. pEntry = ALLOCATE_CONNECTION_BLOCK();
  312. if (NULL == pEntry)
  313. {
  314. ERROR(("NsCreateConnectionEntry: Unable to allocate entry\n"));
  315. return STATUS_NO_MEMORY;
  316. }
  318. RtlZeroMemory(pEntry, sizeof(*pEntry));
  319. KeInitializeSpinLock(&pEntry->Lock);
  320. pEntry->ulReferenceCount = 1;
  321. pEntry->ul64AddressKey = ul64AddressKey;
  322. pEntry->ulPortKey[NsInboundDirection] = ulInboundPortKey;
  323. pEntry->ulPortKey[NsOutboundDirection] = ulOutboundPortKey;
  324. pEntry->ucProtocol = ucProtocol;
  325. pEntry->pvIpSecContext = pvIpSecContext;
  326. pEntry->ulAccessCount[NsInboundDirection] = NS_CONNECTION_RESPLAY_THRESHOLD;
  327. pEntry->ulAccessCount[NsOutboundDirection] = NS_CONNECTION_RESPLAY_THRESHOLD;
  328. InitializeListHead(&pEntry->Link);
  329. RtlInitializeSplayLinks(&pEntry->SLink[NsInboundDirection]);
  330. RtlInitializeSplayLinks(&pEntry->SLink[NsOutboundDirection]);
  332. //
  333. // Incremeent the reference count on the connection; the caller
  334. // is required to do a dereference.
  335. //
  337. pEntry->ulReferenceCount += 1;
  339. //
  340. // Setup checksum deltas (if necessary) and per-packet routines
  341. //
  343. if (ulInboundPortKey != ulOutboundPortKey)
  344. {
  345. //
  346. // This connection entry is translating the remote port, so
  347. // precompute the checksum deltas (see RFC 1624).
  348. //
  350. pEntry->ulProtocolChecksumDelta[NsInboundDirection] =
  351. (USHORT)~CONNECTION_REMOTE_PORT(ulInboundPortKey)
  352. + (USHORT)CONNECTION_REMOTE_PORT(ulOutboundPortKey);
  354. pEntry->ulProtocolChecksumDelta[NsOutboundDirection] =
  355. (USHORT)~CONNECTION_REMOTE_PORT(ulOutboundPortKey)
  356. + (USHORT)CONNECTION_REMOTE_PORT(ulInboundPortKey);
  358. if (NS_PROTOCOL_TCP == ucProtocol)
  359. {
  360. pEntry->PacketRoutine[NsInboundDirection] =
  361. NsInboundTcpTranslatePortPacketRoutine;
  362. pEntry->PacketRoutine[NsOutboundDirection] =
  363. NsOutboundTcpTranslatePortPacketRoutine;
  364. }
  365. else
  366. {
  367. pEntry->PacketRoutine[NsInboundDirection] =
  368. NsInboundUdpTranslatePortPacketRoutine;
  369. pEntry->PacketRoutine[NsOutboundDirection] =
  370. NsOutboundUdpTranslatePortPacketRoutine;
  371. }
  372. }
  373. else if (NS_PROTOCOL_TCP == ucProtocol)
  374. {
  375. pEntry->PacketRoutine[NsInboundDirection] = NsInboundTcpPacketRoutine;
  376. pEntry->PacketRoutine[NsOutboundDirection] = NsOutboundTcpPacketRoutine;
  377. }
  378. else
  379. {
  380. pEntry->PacketRoutine[NsInboundDirection] = NsInboundUdpPacketRoutine;
  381. pEntry->PacketRoutine[NsOutboundDirection] = NsOutboundUdpPacketRoutine;
  382. }
  384. NsConnectionTree[NsInboundDirection] =
  385. NspInsertInboundConnectionEntry(pInboundInsertionPoint, pEntry);
  387. NsConnectionTree[NsOutboundDirection] =
  388. NspInsertOutboundConnectionEntry(pOutboundInsertionPoint, pEntry);
  390. InsertTailList(&NsConnectionList, &pEntry->Link);
  391. InterlockedIncrement(&NsConnectionCount);
  393. *ppNewEntry = pEntry;
  395. return STATUS_SUCCESS;
  396. } // NsCreateConnectionEntry
  399. NTSTATUS
  400. NsDeleteConnectionEntry(
  401. PNS_CONNECTION_ENTRY pEntry
  402. )
  404. /*++
  406. Routine Description:
  408. Called to delete a connection entry. The initial reference to the entry
  409. is released, so that cleanup occurs whenever the last reference is released.
  411. Arguments:
  413. pEntry - the connection entry to be deleted.
  415. Return Value:
  417. NTSTATUS - indicates success/failure.
  419. Environment:
  421. Invoked with 'NsConnectionLock' held by the caller.
  423. --*/
  425. {
  426. PRTL_SPLAY_LINKS SLink;
  428. TRACE(CONN_LIFETIME, ("NsDeleteConnectionEntry\n"));
  430. ASSERT(NULL != pEntry);
  432. if (NS_CONNECTION_DELETED(pEntry))
  433. {
  434. return STATUS_PENDING;
  435. }
  437. //
  438. // Mark the entry as deleted so attempts to reference it
  439. // will fail from now on.
  440. //
  442. pEntry->ulFlags |= NS_CONNECTION_FLAG_DELETED;
  444. //
  445. // Take the entry off the list and splay-trees
  446. //
  448. InterlockedDecrement(&NsConnectionCount);
  449. RemoveEntryList(&pEntry->Link);
  451. SLink = RtlDelete(&pEntry->SLink[NsInboundDirection]);
  452. NsConnectionTree[NsInboundDirection] =
  453. (SLink
  454. ? CONTAINING_RECORD(SLink,NS_CONNECTION_ENTRY,SLink[NsInboundDirection])
  455. : NULL);
  457. SLink = RtlDelete(&pEntry->SLink[NsOutboundDirection]);
  458. NsConnectionTree[NsOutboundDirection] =
  459. (SLink
  460. ? CONTAINING_RECORD(SLink,NS_CONNECTION_ENTRY,SLink[NsOutboundDirection])
  461. : NULL);
  463. //
  464. // Clear the entry from the connection cache
  465. //
  467. ClearCache(
  468. NsConnectionCache,
  469. (ULONG)pEntry->ul64AddressKey
  470. );
  472. if (0 != InterlockedDecrement(&pEntry->ulReferenceCount)) {
  474. //
  475. // The entry is in use, defer final cleanup
  476. //
  478. return STATUS_PENDING;
  479. }
  481. //
  482. // Go ahead with final cleanup
  483. //
  485. NsCleanupConnectionEntry(pEntry);
  487. return STATUS_SUCCESS;
  488. } // NsDeleteConnectionEntry
  491. NTSTATUS
  492. NsInitializeConnectionManagement(
  493. VOID
  494. )
  496. /*++
  498. Routine Description:
  500. This routine is invoked to initialize the connection management module.
  502. Arguments:
  504. none.
  506. Return Value:
  508. NTSTATUS.
  510. --*/
  512. {
  513. CALLTRACE(("NsInitializeConnectionManagement\n"));
  515. InitializeCache(NsConnectionCache);
  516. NsConnectionCount = 0;
  517. InitializeListHead(&NsConnectionList);
  518. KeInitializeSpinLock(&NsConnectionLock);
  519. ExInitializeNPagedLookasideList(
  520. &NsConnectionLookasideList,
  521. NULL,
  522. NULL,
  523. 0,
  524. sizeof(NS_CONNECTION_ENTRY),
  525. NS_TAG_CONNECTION,
  526. NS_CONNECTION_LOOKASIDE_DEPTH
  527. );
  528. NsConnectionTree[NsInboundDirection] = NULL;
  529. NsConnectionTree[NsOutboundDirection] = NULL;
  530. NsNextSourcePort = NS_SOURCE_PORT_END;
  532. return STATUS_SUCCESS;
  533. } // NsInitializeConnectionManagement
  536. PNS_CONNECTION_ENTRY
  537. NsLookupInboundConnectionEntry(
  538. ULONG64 ul64AddressKey,
  539. ULONG ulPortKey,
  540. UCHAR ucProtocol,
  541. PVOID pvIpSecContext,
  542. BOOLEAN *pfPortConflicts OPTIONAL,
  543. PNS_CONNECTION_ENTRY *ppInsertionPoint OPTIONAL
  544. )
  546. /*++
  548. Routine Description:
  550. Called to lookup an inbound connection entry.
  552. Arguments:
  554. ul64AddressKey - the addressing information for the connection
  556. ulPortKey - the port information for the connection
  558. ucProtocol - the protocol for the connection
  560. pvIpSecContext - the IpSec context for the connection
  562. pfPortConflicts - on failure, receives a boolean the indicates why
  563. the lookup failed: TRUE if the lookup failed because there is
  564. an identical connection entry w/ different IpSec context, FALSE
  565. otherwise.
  567. ppInsertionPoint - receives the insertion point if not found
  569. Return Value:
  571. PNS_CONNECTION_ENTRY - a pointer to the connection entry, if found, or
  572. NULL otherwise.
  574. Environment:
  576. Invoked with NsConnectionLock held by the caller.
  578. --*/
  580. {
  581. PNS_CONNECTION_ENTRY pRoot;
  582. PNS_CONNECTION_ENTRY pEntry;
  583. PNS_CONNECTION_ENTRY pParent = NULL;
  584. PRTL_SPLAY_LINKS SLink;
  586. TRACE(
  587. CONN_LOOKUP,
  588. ("NsLookupInboundConnectionEntry: %d: %d.%d.%d.%d/%d -> %d.%d.%d.%d/%d : %d\n",
  589. ucProtocol,
  590. ADDRESS_BYTES(CONNECTION_REMOTE_ADDRESS(ul64AddressKey)),
  591. NTOHS(CONNECTION_REMOTE_PORT(ulPortKey)),
  592. ADDRESS_BYTES(CONNECTION_LOCAL_ADDRESS(ul64AddressKey)),
  593. NTOHS(CONNECTION_LOCAL_PORT(ulPortKey)),
  594. pvIpSecContext
  595. ));
  597. //
  598. // First look in the cache
  599. //
  601. pEntry = (PNS_CONNECTION_ENTRY)
  602. ProbeCache(
  603. NsConnectionCache,
  604. (ULONG)ul64AddressKey
  605. );
  607. if (NULL != pEntry
  608. && pEntry->ul64AddressKey == ul64AddressKey
  609. && pEntry->ucProtocol == ucProtocol
  610. && pEntry->ulPortKey[NsInboundDirection] == ulPortKey
  611. && pEntry->pvIpSecContext == pvIpSecContext)
  612. {
  613. TRACE(CONN_LOOKUP, ("NsLookupInboundConnectionEntry: Cache Hit\n"));
  614. return pEntry;
  615. }
  617. if (pfPortConflicts)
  618. {
  619. *pfPortConflicts = FALSE;
  620. }
  622. //
  623. // Search the full tree. Keys are checked in the
  624. // following order:
  625. //
  626. // 1. Address Key
  627. // 2. Protocol
  628. // 3. Inbound port key
  629. // 4. IpSec context
  630. //
  632. pRoot = NsConnectionTree[NsInboundDirection];
  633. for (SLink = (pRoot ? &pRoot->SLink[NsInboundDirection] : NULL ); SLink; )
  634. {
  635. pEntry =
  636. CONTAINING_RECORD(SLink, NS_CONNECTION_ENTRY, SLink[NsInboundDirection]);
  638. if (ul64AddressKey < pEntry->ul64AddressKey)
  639. {
  640. pParent = pEntry;
  641. SLink = RtlLeftChild(SLink);
  642. continue;
  643. }
  644. else if (ul64AddressKey > pEntry->ul64AddressKey)
  645. {
  646. pParent = pEntry;
  647. SLink = RtlRightChild(SLink);
  648. continue;
  649. }
  650. else if (ucProtocol < pEntry->ucProtocol)
  651. {
  652. pParent = pEntry;
  653. SLink = RtlLeftChild(SLink);
  654. continue;
  655. }
  656. else if (ucProtocol > pEntry->ucProtocol)
  657. {
  658. pParent = pEntry;
  659. SLink = RtlRightChild(SLink);
  660. continue;
  661. }
  662. else if (ulPortKey < pEntry->ulPortKey[NsInboundDirection])
  663. {
  664. pParent = pEntry;
  665. SLink = RtlLeftChild(SLink);
  666. continue;
  667. }
  668. else if (ulPortKey > pEntry->ulPortKey[NsInboundDirection])
  669. {
  670. pParent = pEntry;
  671. SLink = RtlRightChild(SLink);
  672. continue;
  673. }
  674. else if (pvIpSecContext < pEntry->pvIpSecContext)
  675. {
  676. //
  677. // Everything matched w/ the exception of the IpSec
  678. // context -- we have a port conflict.
  679. //
  681. if (pfPortConflicts)
  682. {
  683. *pfPortConflicts = TRUE;
  684. }
  686. pParent = pEntry;
  687. SLink = RtlLeftChild(SLink);
  688. continue;
  689. }
  690. else if (pvIpSecContext > pEntry->pvIpSecContext)
  691. {
  692. //
  693. // Everything matched w/ the exception of the IpSec
  694. // context -- we have a port conflict.
  695. //
  697. if (pfPortConflicts)
  698. {
  699. *pfPortConflicts = TRUE;
  700. }
  702. pParent = pEntry;
  703. SLink = RtlRightChild(SLink);
  704. continue;
  705. }
  707. //
  708. // We found the entry -- update cache and return
  709. //
  711. UpdateCache(
  712. NsConnectionCache,
  713. (ULONG)ul64AddressKey,
  714. (PVOID)pEntry
  715. );
  717. return pEntry;
  718. }
  720. //
  721. // Not found -- provide insertion point if requested
  722. //
  724. if (ppInsertionPoint)
  725. {
  726. *ppInsertionPoint = pParent;
  727. }
  729. return NULL;
  730. } // NsLookupInboundConnectionEntry
  733. PNS_CONNECTION_ENTRY
  734. NsLookupOutboundConnectionEntry(
  735. ULONG64 ul64AddressKey,
  736. ULONG ulPortKey,
  737. UCHAR ucProtocol,
  738. PNS_CONNECTION_ENTRY *ppInsertionPoint OPTIONAL
  739. )
  741. /*++
  743. Routine Description:
  745. Called to lookup an outbound connection entry.
  747. Arguments:
  749. ul64AddressKey - the addressing information for the connection
  751. ulPortKey - the port information for the connection
  753. ucProtocol - the protocol for the connection
  755. ppInsertionPoint - receives the insertion point if not found
  757. Return Value:
  759. PNS_CONNECTION_ENTRY - a pointer to the connection entry, if found, or
  760. NULL otherwise.
  762. Environment:
  764. Invoked with NsConnectionLock held by the caller.
  766. --*/
  768. {
  769. PNS_CONNECTION_ENTRY pRoot;
  770. PNS_CONNECTION_ENTRY pEntry;
  771. PNS_CONNECTION_ENTRY pParent = NULL;
  772. PRTL_SPLAY_LINKS SLink;
  774. TRACE(
  775. CONN_LOOKUP,
  776. ("NsLookupOutboundConnectionEntry: %d: %d.%d.%d.%d/%d -> %d.%d.%d.%d/%d\n",
  777. ucProtocol,
  778. ADDRESS_BYTES(CONNECTION_LOCAL_ADDRESS(ul64AddressKey)),
  779. NTOHS(CONNECTION_LOCAL_PORT(ulPortKey)),
  780. ADDRESS_BYTES(CONNECTION_REMOTE_ADDRESS(ul64AddressKey)),
  781. NTOHS(CONNECTION_REMOTE_PORT(ulPortKey))
  782. ));
  784. //
  785. // First look in the cache
  786. //
  788. pEntry = (PNS_CONNECTION_ENTRY)
  789. ProbeCache(
  790. NsConnectionCache,
  791. (ULONG)ul64AddressKey
  792. );
  794. if (NULL != pEntry
  795. && pEntry->ul64AddressKey == ul64AddressKey
  796. && pEntry->ucProtocol == ucProtocol
  797. && pEntry->ulPortKey[NsOutboundDirection] == ulPortKey)
  798. {
  799. TRACE(CONN_LOOKUP, ("NsLookupOutboundConnectionEntry: Cache Hit\n"));
  800. return pEntry;
  801. }
  803. //
  804. // Search the full tree. Keys are checked in the
  805. // following order:
  806. //
  807. // 1. Address Key
  808. // 2. Protocol
  809. // 3. Outbound port key
  810. //
  812. pRoot = NsConnectionTree[NsOutboundDirection];
  813. for (SLink = (pRoot ? &pRoot->SLink[NsOutboundDirection] : NULL ); SLink; )
  814. {
  815. pEntry =
  816. CONTAINING_RECORD(SLink, NS_CONNECTION_ENTRY, SLink[NsOutboundDirection]);
  818. if (ul64AddressKey < pEntry->ul64AddressKey)
  819. {
  820. pParent = pEntry;
  821. SLink = RtlLeftChild(SLink);
  822. continue;
  823. }
  824. else if (ul64AddressKey > pEntry->ul64AddressKey)
  825. {
  826. pParent = pEntry;
  827. SLink = RtlRightChild(SLink);
  828. continue;
  829. }
  830. else if (ucProtocol < pEntry->ucProtocol)
  831. {
  832. pParent = pEntry;
  833. SLink = RtlLeftChild(SLink);
  834. continue;
  835. }
  836. else if (ucProtocol > pEntry->ucProtocol)
  837. {
  838. pParent = pEntry;
  839. SLink = RtlRightChild(SLink);
  840. continue;
  841. }
  842. else if (ulPortKey < pEntry->ulPortKey[NsOutboundDirection])
  843. {
  844. pParent = pEntry;
  845. SLink = RtlLeftChild(SLink);
  846. continue;
  847. }
  848. else if (ulPortKey > pEntry->ulPortKey[NsOutboundDirection])
  849. {
  850. pParent = pEntry;
  851. SLink = RtlRightChild(SLink);
  852. continue;
  853. }
  855. //
  856. // We found the entry -- update cache and return
  857. //
  859. UpdateCache(
  860. NsConnectionCache,
  861. (ULONG)ul64AddressKey,
  862. (PVOID)pEntry
  863. );
  865. return pEntry;
  866. }
  868. //
  869. // Not found -- provide insertion point if requested
  870. //
  872. if (ppInsertionPoint)
  873. {
  874. *ppInsertionPoint = pParent;
  875. }
  877. return NULL;
  878. } // NsLookupOutboundConnectionEntry
  881. PNS_CONNECTION_ENTRY
  882. NspInsertInboundConnectionEntry(
  883. PNS_CONNECTION_ENTRY pParent,
  884. PNS_CONNECTION_ENTRY pEntry
  885. )
  887. /*++
  889. Routine Description:
  891. This routine inserts a connection entry into the tree.
  893. Arguments:
  895. pParent - the node to be the parent for the new connection entry.
  896. If NULL, the new entry becomes the root.
  898. pEntry - the new connection entry to be inserted.
  900. Return Value:
  902. PNS_CONNECTION_ENTRY - The new root of the tree.
  903. If insertion fails, returns NULL.
  905. Environment:
  907. Invoked with 'NsConnectionLock' held by the caller.
  909. --*/
  911. {
  912. PRTL_SPLAY_LINKS pRoot;
  914. ASSERT(NULL != pEntry);
  916. if (NULL == pParent)
  917. {
  918. //
  919. // The new entry is to be the root.
  920. //
  922. return pEntry;
  923. }
  925. //
  926. // Insert as left or right child. Keys are checked in the
  927. // following order:
  928. //
  929. // 1. Address Key
  930. // 2. Protocol
  931. // 3. Inbound port key
  932. // 4. IpSec context
  933. //
  935. if (pEntry->ul64AddressKey < pParent->ul64AddressKey)
  936. {
  937. RtlInsertAsLeftChild(
  938. &pParent->SLink[NsInboundDirection],
  939. &pEntry->SLink[NsInboundDirection]
  940. );
  941. }
  942. else if (pEntry->ul64AddressKey > pParent->ul64AddressKey)
  943. {
  944. RtlInsertAsRightChild(
  945. &pParent->SLink[NsInboundDirection],
  946. &pEntry->SLink[NsInboundDirection]
  947. );
  949. }
  950. else if (pEntry->ucProtocol < pParent->ucProtocol)
  951. {
  952. RtlInsertAsLeftChild(
  953. &pParent->SLink[NsInboundDirection],
  954. &pEntry->SLink[NsInboundDirection]
  955. );
  956. }
  957. else if (pEntry->ucProtocol > pParent->ucProtocol)
  958. {
  959. RtlInsertAsRightChild(
  960. &pParent->SLink[NsInboundDirection],
  961. &pEntry->SLink[NsInboundDirection]
  962. );
  963. }
  964. else if (pEntry->ulPortKey[NsInboundDirection] < pParent->ulPortKey[NsInboundDirection])
  965. {
  966. RtlInsertAsLeftChild(
  967. &pParent->SLink[NsInboundDirection],
  968. &pEntry->SLink[NsInboundDirection]
  969. );
  970. }
  971. else if (pEntry->ulPortKey[NsInboundDirection] > pParent->ulPortKey[NsInboundDirection])
  972. {
  973. RtlInsertAsRightChild(
  974. &pParent->SLink[NsInboundDirection],
  975. &pEntry->SLink[NsInboundDirection]
  976. );
  977. }
  978. else if (pEntry->pvIpSecContext < pParent->pvIpSecContext)
  979. {
  980. RtlInsertAsLeftChild(
  981. &pParent->SLink[NsInboundDirection],
  982. &pEntry->SLink[NsInboundDirection]
  983. );
  984. }
  985. else if (pEntry->pvIpSecContext > pParent->pvIpSecContext)
  986. {
  987. RtlInsertAsRightChild(
  988. &pParent->SLink[NsInboundDirection],
  989. &pEntry->SLink[NsInboundDirection]
  990. );
  991. }
  992. else
  993. {
  994. //
  995. // Duplicate entry -- this should not happen.
  996. //
  998. ASSERT(FALSE);
  999. return NULL;
  1000. }
  1002. //
  1003. // Splay the new node and return the resulting root.
  1004. //
  1006. pRoot = RtlSplay(&pEntry->SLink[NsInboundDirection]);
  1007. return CONTAINING_RECORD(pRoot, NS_CONNECTION_ENTRY, SLink[NsInboundDirection]);
  1008. } // NspInsertInboundConnectionEntry
  1011. PNS_CONNECTION_ENTRY
  1012. NspInsertOutboundConnectionEntry(
  1013. PNS_CONNECTION_ENTRY pParent,
  1014. PNS_CONNECTION_ENTRY pEntry
  1015. )
  1017. /*++
  1019. Routine Description:
  1021. This routine inserts a connection entry into the tree.
  1023. Arguments:
  1025. pParent - the node to be the parent for the new connection entry.
  1026. If NULL, the new entry becomes the root.
  1028. pEntry - the new connection entry to be inserted.
  1030. Return Value:
  1032. PNS_CONNECTION_ENTRY - The new root of the tree.
  1033. If insertion fails, returns NULL.
  1035. Environment:
  1037. Invoked with 'NsConnectionLock' held by the caller.
  1039. --*/
  1041. {
  1042. PRTL_SPLAY_LINKS pRoot;
  1044. ASSERT(NULL != pEntry);
  1046. if (NULL == pParent)
  1047. {
  1048. //
  1049. // The new entry is to be the root.
  1050. //
  1052. return pEntry;
  1053. }
  1055. //
  1056. // Insert as left or right child. Keys are checked in the
  1057. // following order:
  1058. //
  1059. // 1. Address Key
  1060. // 2. Protocol
  1061. // 3. Outbound port key
  1062. //
  1064. if (pEntry->ul64AddressKey < pParent->ul64AddressKey)
  1065. {
  1066. RtlInsertAsLeftChild(
  1067. &pParent->SLink[NsOutboundDirection],
  1068. &pEntry->SLink[NsOutboundDirection]
  1069. );
  1070. }
  1071. else if (pEntry->ul64AddressKey > pParent->ul64AddressKey)
  1072. {
  1073. RtlInsertAsRightChild(
  1074. &pParent->SLink[NsOutboundDirection],
  1075. &pEntry->SLink[NsOutboundDirection]
  1076. );
  1078. }
  1079. else if (pEntry->ucProtocol < pParent->ucProtocol)
  1080. {
  1081. RtlInsertAsLeftChild(
  1082. &pParent->SLink[NsOutboundDirection],
  1083. &pEntry->SLink[NsOutboundDirection]
  1084. );
  1085. }
  1086. else if (pEntry->ucProtocol > pParent->ucProtocol)
  1087. {
  1088. RtlInsertAsRightChild(
  1089. &pParent->SLink[NsOutboundDirection],
  1090. &pEntry->SLink[NsOutboundDirection]
  1091. );
  1092. }
  1093. else if (pEntry->ulPortKey[NsOutboundDirection] < pParent->ulPortKey[NsOutboundDirection])
  1094. {
  1095. RtlInsertAsLeftChild(
  1096. &pParent->SLink[NsOutboundDirection],
  1097. &pEntry->SLink[NsOutboundDirection]
  1098. );
  1099. }
  1100. else if (pEntry->ulPortKey[NsOutboundDirection] > pParent->ulPortKey[NsOutboundDirection])
  1101. {
  1102. RtlInsertAsRightChild(
  1103. &pParent->SLink[NsOutboundDirection],
  1104. &pEntry->SLink[NsOutboundDirection]
  1105. );
  1106. }
  1107. else
  1108. {
  1109. //
  1110. // Duplicate entry -- this should not happen.
  1111. //
  1113. ASSERT(FALSE);
  1114. return NULL;
  1115. }
  1117. //
  1118. // Splay the new node and return the resulting root.
  1119. //
  1121. pRoot = RtlSplay(&pEntry->SLink[NsOutboundDirection]);
  1122. return CONTAINING_RECORD(pRoot, NS_CONNECTION_ENTRY, SLink[NsOutboundDirection]);
  1123. } // NspInsertOutboundConnectionEntry
  1127. VOID
  1128. NsShutdownConnectionManagement(
  1129. VOID
  1130. )
  1132. /*++
  1134. Routine Description:
  1136. This routine is invoked to shutdown the connection management module.
  1138. Arguments:
  1140. none.
  1142. Return Value:
  1144. none.
  1146. Environment:
  1148. Invoked with no references made to any connection entry.
  1150. --*/
  1152. {
  1153. KIRQL Irql;
  1154. PNS_CONNECTION_ENTRY pEntry;
  1156. CALLTRACE(("NsShutdownConnectionManagement\n"));
  1158. KeAcquireSpinLock(&NsConnectionLock, &Irql);
  1160. while (!IsListEmpty(&NsConnectionList))
  1161. {
  1162. pEntry =
  1163. CONTAINING_RECORD(
  1164. RemoveHeadList(&NsConnectionList),
  1165. NS_CONNECTION_ENTRY,
  1166. Link
  1167. );
  1169. NsCleanupConnectionEntry(pEntry);
  1170. }
  1172. NsConnectionTree[NsInboundDirection] = NULL;
  1173. NsConnectionTree[NsOutboundDirection] = NULL;
  1175. KeReleaseSpinLock(&NsConnectionLock, Irql);
  1177. ExDeleteNPagedLookasideList(&NsConnectionLookasideList);
  1178. } // NsShutdownConnectionManagement