archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
1 Branch
0 Tags
4.9 GiB
Tree: 827363a95b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '827363a95b'
${ noResults }
windows-server-2003/net/tcpip/driver/ipsec/shim/nspacket.c

446 lines
10 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 1997-2001 Microsoft Corporation
  5. Module Name:
  7. NsPacket.h
  9. Abstract:
  11. IpSec NAT shim packet handling routines
  13. Author:
  15. Jonathan Burstein (jonburs) 11-July-2001
  17. Environment:
  19. Kernel mode
  21. Revision History:
  23. --*/
  25. #include "precomp.h"
  26. #pragma hdrstop
  29. NTSTATUS
  30. NsInitializePacketManagement(
  31. VOID
  32. )
  34. /*++
  36. Routine Description:
  38. This routine is invoked to initialize the packet management module.
  40. Arguments:
  42. none.
  44. Return Value:
  46. NTSTATUS.
  48. --*/
  50. {
  51. CALLTRACE(("NsInitializePacketManagement\n"));
  53. return STATUS_SUCCESS;
  54. } // NsInitializePacketManagement
  57. NTSTATUS
  58. NsProcessOutgoingPacket(
  59. IPHeader UNALIGNED *pIpHeader,
  60. PVOID pvProtocolHeader,
  61. ULONG ulProtocolHeaderSize,
  62. PVOID *ppvIpSecContext
  63. )
  65. /*++
  67. Routine Description:
  69. This routine is invoked by IpSec for each outgoing packet. If this
  70. packet matches a known connection the remote port will be translated
  71. (if necessary), and the IpSec context will be returned to the caller.
  73. Arguments:
  75. pIpHeader - points to the IP header for the packet
  77. pvProtocolHeader - points to the upper level protocol header (i.e., TCP,
  78. UDP, or ICMP) for the packet. Will be NULL if this is not a TCP, UDP,
  79. or ICMP packet.
  81. ulProtocolHeaderSize - the length of the buffer pointed to by
  82. pvProtocolHeader
  84. ppvIpSecContext - receives the IpSec context for this packet; will
  85. receive NULL if this packet does not belong to a known connection.
  87. Return Value:
  89. NTSTATUS.
  91. --*/
  93. {
  94. NS_PACKET_CONTEXT Context;
  95. KIRQL Irql;
  96. NTSTATUS Status;
  97. PNS_CONNECTION_ENTRY pEntry;
  98. ULONG64 ul64AddressKey;
  99. ULONG ulPortKey;
  101. ASSERT(NULL != pIpHeader);
  102. ASSERT(NULL != ppvIpSecContext);
  104. //
  105. // Set context to default value
  106. //
  108. *ppvIpSecContext = NULL;
  110. Status =
  111. NsBuildPacketContext(
  112. pIpHeader,
  113. pvProtocolHeader,
  114. ulProtocolHeaderSize,
  115. &Context
  116. );
  118. //
  119. // Return immediately if the packet is malformed, or if it
  120. // is not TCP, UDP, or ICMP
  121. //
  123. if (!NT_SUCCESS(Status)
  124. || (NS_PROTOCOL_ICMP != Context.ucProtocol
  125. && NS_PROTOCOL_TCP != Context.ucProtocol
  126. && NS_PROTOCOL_UDP != Context.ucProtocol))
  127. {
  128. TRACE(PACKET,
  129. ("NsProcessOutgoingPacket: Bad or non-TCP/UDP/ICMP packet\n"));
  130. return Status;
  131. }
  133. TRACE(
  134. PACKET,
  135. ("NsProcessOutgoingPacket: %d: %d.%d.%d.%d/%d -> %d.%d.%d.%d/%d\n",
  136. Context.ucProtocol,
  137. ADDRESS_BYTES(Context.ulSourceAddress),
  138. NTOHS(Context.usSourcePort),
  139. ADDRESS_BYTES(Context.ulDestinationAddress),
  140. NTOHS(Context.usDestinationPort)
  141. ));
  143. if (NS_PROTOCOL_ICMP != Context.ucProtocol)
  144. {
  145. //
  146. // Build the connection lookup keys
  147. //
  149. MAKE_ADDRESS_KEY(
  150. ul64AddressKey,
  151. Context.ulSourceAddress,
  152. Context.ulDestinationAddress
  153. );
  155. MAKE_PORT_KEY(
  156. ulPortKey,
  157. Context.usSourcePort,
  158. Context.usDestinationPort
  159. );
  161. //
  162. // See if this packet matches an existing connection entry
  163. //
  165. KeAcquireSpinLock(&NsConnectionLock, &Irql);
  167. pEntry =
  168. NsLookupOutboundConnectionEntry(
  169. ul64AddressKey,
  170. ulPortKey,
  171. Context.ucProtocol,
  172. NULL
  173. );
  175. if (NULL != pEntry
  176. && NsReferenceConnectionEntry(pEntry))
  177. {
  178. KeReleaseSpinLockFromDpcLevel(&NsConnectionLock);
  180. *ppvIpSecContext = pEntry->pvIpSecContext;
  181. Status =
  182. pEntry->PacketRoutine[NsOutboundDirection](pEntry, &Context);
  184. NsDereferenceConnectionEntry(pEntry);
  185. KeLowerIrql(Irql);
  186. }
  187. else
  188. {
  189. //
  190. // No match (or entry already deleted) -- nothing more to do.
  191. //
  193. KeReleaseSpinLock(&NsConnectionLock, Irql);
  194. }
  196. }
  197. else
  198. {
  199. //
  200. // Branch to ICMP logic
  201. //
  203. Status = NsProcessOutgoingIcmpPacket(&Context, ppvIpSecContext);
  204. }
  206. return Status;
  207. } // NsProcessOutgoingPacket
  210. NTSTATUS
  211. NsProcessIncomingPacket(
  212. IPHeader UNALIGNED *pIpHeader,
  213. PVOID pvProtocolHeader,
  214. ULONG ulProtocolHeaderSize,
  215. PVOID pvIpSecContext
  216. )
  218. /*++
  220. Routine Description:
  222. This routine is invoked by IpSec for each incoming packet. It
  223. will record the connection information and context for the
  224. packet (if such information does not yet exist), and, if necessary,
  225. allocate a new remote port and modify the packet accordingly.
  227. Arguments:
  229. pIpHeader - points to the IP header for the packet
  231. pvProtocolHeader - points to the upper level protocol header (i.e., TCP,
  232. UDP, or ICMP) for the packet. Will be NULL if this is not a TCP, UDP,
  233. or ICMP packet.
  235. ulProtocolHeaderSize - the length of the buffer pointed to by
  236. pvProtocolHeader
  238. pvIpSecContext - the IpSec context for this packet; this is considered
  239. an opaque value.
  241. Return Value:
  243. NTSTATUS.
  245. --*/
  247. {
  248. NS_PACKET_CONTEXT Context;
  249. BOOLEAN fPortConflicts;
  250. KIRQL Irql;
  251. NTSTATUS Status;
  252. PNS_CONNECTION_ENTRY pEntry;
  253. PNS_CONNECTION_ENTRY pInboundInsertionPoint;
  254. PNS_CONNECTION_ENTRY pOutboundInsertionPoint;
  255. ULONG64 ul64AddressKey;
  256. ULONG ulPortKey;
  257. ULONG ulTranslatedPortKey;
  259. ASSERT(NULL != pIpHeader);
  261. Status =
  262. NsBuildPacketContext(
  263. pIpHeader,
  264. pvProtocolHeader,
  265. ulProtocolHeaderSize,
  266. &Context
  267. );
  269. //
  270. // Return immediately if the packet is malformed, or if it
  271. // is not TCP, UDP, or ICMP
  272. //
  274. if (!NT_SUCCESS(Status)
  275. || (NS_PROTOCOL_ICMP != Context.ucProtocol
  276. && NS_PROTOCOL_TCP != Context.ucProtocol
  277. && NS_PROTOCOL_UDP != Context.ucProtocol))
  278. {
  279. TRACE(PACKET,
  280. ("NsProcessIncomingPacket: Bad or non-TCP/UDP/ICMP packet\n"));
  281. return Status;
  282. }
  284. TRACE(
  285. PACKET,
  286. ("NsProcessIncomingPacket: %d: %d.%d.%d.%d/%d -> %d.%d.%d.%d/%d\n",
  287. Context.ucProtocol,
  288. ADDRESS_BYTES(Context.ulSourceAddress),
  289. NTOHS(Context.usSourcePort),
  290. ADDRESS_BYTES(Context.ulDestinationAddress),
  291. NTOHS(Context.usDestinationPort)
  292. ));
  294. if (NS_PROTOCOL_ICMP != Context.ucProtocol)
  295. {
  296. //
  297. // Build the connection lookup keys
  298. //
  300. MAKE_ADDRESS_KEY(
  301. ul64AddressKey,
  302. Context.ulDestinationAddress,
  303. Context.ulSourceAddress
  304. );
  306. MAKE_PORT_KEY(
  307. ulPortKey,
  308. Context.usDestinationPort,
  309. Context.usSourcePort
  310. );
  312. KeAcquireSpinLock(&NsConnectionLock, &Irql);
  314. //
  315. // See if this packet matches an existing connection entry
  316. //
  318. pEntry =
  319. NsLookupInboundConnectionEntry(
  320. ul64AddressKey,
  321. ulPortKey,
  322. Context.ucProtocol,
  323. pvIpSecContext,
  324. &fPortConflicts,
  325. &pInboundInsertionPoint
  326. );
  328. if (NULL != pEntry
  329. && NsReferenceConnectionEntry(pEntry))
  330. {
  331. KeReleaseSpinLockFromDpcLevel(&NsConnectionLock);
  333. Status =
  334. pEntry->PacketRoutine[NsInboundDirection](pEntry, &Context);
  336. NsDereferenceConnectionEntry(pEntry);
  337. KeLowerIrql(Irql);
  338. }
  339. else
  340. {
  341. //
  342. // No valid connection entry was found for this packet. Allocate
  343. // a new source port for the connection (if necessary).
  344. //
  346. Status =
  347. NsAllocateSourcePort(
  348. ul64AddressKey,
  349. ulPortKey,
  350. Context.ucProtocol,
  351. fPortConflicts,
  352. &pOutboundInsertionPoint,
  353. &ulTranslatedPortKey
  354. );
  356. if (NT_SUCCESS(Status))
  357. {
  358. //
  359. // Create the new connection entry
  360. //
  362. Status =
  363. NsCreateConnectionEntry(
  364. ul64AddressKey,
  365. ulPortKey,
  366. ulTranslatedPortKey,
  367. Context.ucProtocol,
  368. pvIpSecContext,
  369. pInboundInsertionPoint,
  370. pOutboundInsertionPoint,
  371. &pEntry
  372. );
  374. KeReleaseSpinLockFromDpcLevel(&NsConnectionLock);
  376. if (NT_SUCCESS(Status))
  377. {
  378. Status =
  379. pEntry->PacketRoutine[NsInboundDirection](
  380. pEntry,
  381. &Context
  382. );
  384. NsDereferenceConnectionEntry(pEntry);
  385. }
  387. KeLowerIrql(Irql);
  388. }
  389. else
  390. {
  391. KeReleaseSpinLock(&NsConnectionLock, Irql);
  392. }
  393. }
  394. }
  395. else
  396. {
  397. //
  398. // Branch to ICMP logic
  399. //
  401. Status = NsProcessIncomingIcmpPacket(&Context, pvIpSecContext);
  402. }
  404. return Status;
  405. } // NsProcessIncomingPacket
  408. VOID
  409. NsShutdownPacketManagement(
  410. VOID
  411. )
  413. /*++
  415. Routine Description:
  417. This routine is invoked to shutdown the packet management module.
  419. Arguments:
  421. none.
  423. Return Value:
  425. none.
  427. --*/
  429. {
  430. CALLTRACE(("NsShutdownPacketManagement\n"));
  431. } // NsShutdownPacketManagement
  433. //
  434. // Now include the code for the per-packet routines --
  435. // see NsPacketRoutines.h for details
  436. //
  438. #define NS_INBOUND
  439. #include "NsPacketRoutines.h"
  440. #undef NS_INBOUND
  442. #define NS_OUTBOUND
  443. #include "NsPacketRoutines.h"
  444. #undef NS_OUTBOUND