Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

3551 lines
100 KiB

/*++
Copyright (c) 1995 Microsoft Corporation
Module Name:
net\ip\fltrdrvr\driver.c
Abstract:
Revision History:
--*/
#include "globals.h"
#include <ipinfo.h>
#include <ntddtcp.h>
#include <tdiinfo.h>
#define DEFAULT_DIRECTORY L"DosDevices"
#define DEFAULT_FLTRDRVR_NAME L"IPFILTERDRIVER"
typedef enum
{
NULL_INTERFACE = 0,
OLD_INTERFACE,
NEW_INTERFACE
} INTTYPE, *PINTTTYPE;
FILTER_DRIVER g_filters;
DWORD g_dwCacheSize;
DWORD g_dwHashLists;
BOOL g_bDriverRunning;
KSPIN_LOCK g_lOutFilterLock;
KSPIN_LOCK g_lInFilterLock;
KSPIN_LOCK g_FcbSpin;
MRSW_LOCK g_IpTableLock;
LIST_ENTRY g_freeOutFilters;
LIST_ENTRY g_freeInFilters;
LIST_ENTRY g_leFcbs;
DWORD g_dwMakingNewTable;
DWORD g_dwNumHitsDefaultIn;
DWORD g_dwNumHitsDefaultOut;
DWORD g_FragThresholdSize = MINIMUM_FRAGMENT_OFFSET;
ULONG AddrModulus;
IPAddrEntry *AddrTable;
PADDRESSARRAY * AddrHashTable;
PADDRESSARRAY * AddrSubnetHashTable;
NPAGED_LOOKASIDE_LIST filter_slist;
PAGED_LOOKASIDE_LIST paged_slist;
ERESOURCE FilterAddressLock;
EXTENSION_DRIVER g_Extension;
ULONG g_ulBoundInterfaceCount;
//
// Fragment cache related variables & globals.
//
KTIMER g_ktTimer;
KDPC g_kdTimerDpc;
NPAGED_LOOKASIDE_LIST g_llFragCacheBlocks;
LONGLONG g_llInactivityTime;
KSPIN_LOCK g_kslFragLock;
DWORD g_dwFragTableSize;
PLIST_ENTRY g_pleFragTable;
DWORD g_dwNumFragsAllocs;
//
// Variables to control the debug output.
//
ULONG TraceClassesEnabled = 0;
WCHAR TraceClassesEnabledName[] = L"TraceClassesEnabled";
WCHAR ParametersName[] = L"Parameters";
#ifdef DRIVER_PERF
DWORD g_dwNumPackets,g_dwFragments,g_dwCache1,g_dwCache2;
DWORD g_dwWalk1,g_dwWalk2,g_dwForw,g_dwWalkCache;
KSPIN_LOCK g_slPerfLock;
LARGE_INTEGER g_liTotalTime;
#endif
VOID ClearFragCache();
VOID
FragCacheTimerRoutine(
PKDPC Dpc,
PVOID DeferredContext,
PVOID SystemArgument1,
PVOID SystemArgument2
);
NTSTATUS
OpenRegKey(
PHANDLE phRegHandle,
PUNICODE_STRING pusKeyName
);
NTSTATUS
GetRegDWORDValue(
HANDLE KeyHandle,
PWCHAR ValueName,
PULONG ValueData
);
//
// Forward references.
//
NTSTATUS
OpenNewHandle(PFILE_OBJECT FileObject);
NTSTATUS
CloseFcb(PPFFCB Fcb, PFILE_OBJECT FileObject);
PPAGED_FILTER_INTERFACE
FindInterfaceOnHandle(PFILE_OBJECT FileObject,
PVOID pvValue);
DWORD
LocalIpLook(DWORD Addr);
BOOLEAN
PfFastIoDeviceControl (
IN struct _FILE_OBJECT *FileObject,
IN BOOLEAN Wait,
IN PVOID InputBuffer OPTIONAL,
IN ULONG InputBufferLength,
OUT PVOID OutputBuffer OPTIONAL,
IN ULONG OutputBufferLength,
IN ULONG IoControlCode,
OUT PIO_STATUS_BLOCK IoStatus,
IN struct _DEVICE_OBJECT *DeviceObject
);
NTSTATUS
LockFcb(
IN struct _FILE_OBJECT *FileObject);
VOID
PFReadRegistryParameters(PUNICODE_STRING RegistryPath);
NTSTATUS
InitFragCacheParameters(
IN PUNICODE_STRING RegistryPath
);
VOID
UnLockFcb(
IN struct _FILE_OBJECT *FileObject);
NTSTATUS
GetSynCountTotal(PFILTER_DRIVER_GET_SYN_COUNT OutputBuffer);
NTSTATUS
DeleteByHandle(
IN PPFFCB Fcb,
IN PPAGED_FILTER_INTERFACE pPage,
IN PVOID * ppHandles,
IN DWORD dwLength);
FAST_IO_DISPATCH PfFastIoDispatch =
{
11,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
PfFastIoDeviceControl
};
#pragma alloc_text(PAGED, DoIpIoctl)
//#pragma alloc_text(PAGED, OpenNewHandle)
#pragma alloc_text(PAGED, FindInterfaceOnHandle)
#pragma alloc_text(PAGED, PfFastIoDeviceControl)
#pragma alloc_text(INIT, DriverEntry, PFReadRegistryParameters)
VOID
FcbLockDown(PPFFCB Fcb)
{
KIRQL kirql;
KeAcquireSpinLock(&g_FcbSpin, &kirql);
if(!(Fcb->dwFlags & PF_FCB_CLOSED))
{
InterlockedDecrement(&Fcb->UseCount);
Fcb->dwFlags |= PF_FCB_CLOSED;
}
KeReleaseSpinLock(&g_FcbSpin, kirql);
}
BOOLEAN FASTCALL
ValidateHeader(
PRTR_INFO_BLOCK_HEADER Header,
ULONG Size
)
/*++
Routine Description:
Copied from NAT driver sources. Author: AboladeG
This routine is invoked to ensure that the given header is consistent.
This is the case if
* the header's size is less than or equal to 'Size'
* each entry in the header is contained in 'Header->Size'.
* the data for each entry is contained in 'Header->Size'.
Arguments:
Header - the header to be validated
Size - the size of the buffer in which 'Header' appears
Return Value:
BOOLEAN - TRUE if valid, FALSE otherwise.
--*/
{
ULONG i;
ULONG64 Length;
//
// Check that the base structure is present
//
if (Size < FIELD_OFFSET(RTR_INFO_BLOCK_HEADER, TocEntry) ||
Size < Header->Size) {
return FALSE;
}
//
// Check that the table of contents is present
//
Length = (ULONG64)Header->TocEntriesCount * sizeof(RTR_TOC_ENTRY);
if (Length > MAXLONG) {
return FALSE;
}
Length += FIELD_OFFSET(RTR_INFO_BLOCK_HEADER, TocEntry);
if (Length > Header->Size) {
return FALSE;
}
//
// Check that all the data is present
//
for (i = 0; i < Header->TocEntriesCount; i++) {
Length =
(ULONG64)Header->TocEntry[i].Count * Header->TocEntry[i].InfoSize;
if (Length > MAXLONG) {
return FALSE;
}
if ((Length + Header->TocEntry[i].Offset) > Header->Size) {
return FALSE;
}
}
return TRUE;
} // ValidateHeader
NTSTATUS
DriverEntry(
IN PDRIVER_OBJECT DriverObject,
IN PUNICODE_STRING RegistryPath
)
/*++
Routine Description
Called when the driver is loaded. It creates the device object and sets up the DOS name.
Also does the initialization of standard entry points and its own global data
Arguments
DriverObject
RegistryPath
Return Value
NTSTATUS
--*/
{
INT i;
PDEVICE_OBJECT deviceObject = NULL;
NTSTATUS ntStatus;
WCHAR deviceNameBuffer[] = DD_IPFLTRDRVR_DEVICE_NAME;
UNICODE_STRING deviceNameUnicodeString;
UNICODE_STRING String;
OBJECT_ATTRIBUTES ObjectAttributes;
HANDLE ParametersKey;
HANDLE ServiceKey;
TRACE0("Filter Driver: Entering DriverEntry\n") ;
#if DBG
//
// Open the registry key
//
InitializeObjectAttributes(
&ObjectAttributes,
RegistryPath,
OBJ_CASE_INSENSITIVE,
NULL,
NULL
);
ntStatus = ZwOpenKey(&ServiceKey, KEY_READ, &ObjectAttributes);
if (NT_SUCCESS(ntStatus)) {
RtlInitUnicodeString(&String, ParametersName);
InitializeObjectAttributes(
&ObjectAttributes,
&String,
OBJ_CASE_INSENSITIVE,
ServiceKey,
NULL
);
ntStatus = ZwOpenKey(&ParametersKey, KEY_READ, &ObjectAttributes);
ZwClose(ServiceKey);
if (NT_SUCCESS(ntStatus)) {
UCHAR Buffer[32];
ULONG BytesRead;
PKEY_VALUE_PARTIAL_INFORMATION Value;
RtlInitUnicodeString(&String, TraceClassesEnabledName);
ntStatus =
ZwQueryValueKey(
ParametersKey,
&String,
KeyValuePartialInformation,
(PKEY_VALUE_PARTIAL_INFORMATION)Buffer,
sizeof(Buffer),
&BytesRead
);
if (NT_SUCCESS(ntStatus) &&
((PKEY_VALUE_PARTIAL_INFORMATION)Buffer)->Type == REG_DWORD
) {
TraceClassesEnabled =
*(PULONG)((PKEY_VALUE_PARTIAL_INFORMATION)Buffer)->Data;
}
DbgPrint("MSPFLTEX: TraceClassesEnabled=0x%08x\n", TraceClassesEnabled);
ZwClose(ParametersKey);
}
}
#endif
//
// Initialize the lock and the list
//
InitializeMRSWLock(&g_filters.ifListLock);
InitializeListHead(&g_filters.leIfListHead);
InitializeListHead(&g_leFcbs);
g_filters.ppInCache = NULL;
g_filters.ppOutCache = NULL;
g_bDriverRunning = FALSE;
InitializeMRSWLock(&g_IpTableLock);
KeInitializeSpinLock(&g_lOutFilterLock);
KeInitializeSpinLock(&g_lInFilterLock);
KeInitializeSpinLock(&g_FcbSpin);
InitializeListHead(&g_freeOutFilters);
InitializeListHead(&g_freeInFilters);
g_dwNumHitsDefaultIn = g_dwNumHitsDefaultOut = 0;
#ifdef DRIVER_PERF
g_dwFragments = g_dwCache1 = g_dwCache2 = g_dwNumPackets = 0;
g_dwWalk1 = g_dwWalk2 = g_dwForw = g_dwWalkCache = 0;
g_liTotalTime.HighPart = g_liTotalTime.LowPart = 0;
KeInitializeSpinLock(&g_slPerfLock);
#endif
//
// Initialize interface cache.
//
g_ulBoundInterfaceCount = 0;
g_filters.pInterfaceCache = (PCACHE_ENTRY)
ExAllocatePoolWithTag(
NonPagedPool,
(CACHE_SIZE * sizeof(CACHE_ENTRY)),
'hCnI'
);
if(g_filters.pInterfaceCache == NULL)
{
return STATUS_NO_MEMORY;
}
InitializeCache(g_filters.pInterfaceCache);
//
// Initialize fragment cache.
//
InitFragCacheParameters(RegistryPath);
//
// Initialize Extension Data
//
InitializeMRSWLock(&g_Extension.ExtLock);
g_Extension.ExtPointer = NULL;
g_Extension.ExtFileObject = NULL;
//
// Create a device object
//
RtlInitUnicodeString (&deviceNameUnicodeString, deviceNameBuffer);
__try
{
ntStatus = IoCreateDevice (DriverObject,
0,
&deviceNameUnicodeString,
FILE_DEVICE_NETWORK,
FILE_DEVICE_SECURE_OPEN,
FALSE, // Exclusive
&deviceObject
);
if (NT_SUCCESS(ntStatus))
{
//
// Initialize the driver object
//
DriverObject->DriverUnload = FilterDriverUnload;
DriverObject->FastIoDispatch = &PfFastIoDispatch;
DriverObject->DriverStartIo = NULL;
for (i=0; i <= IRP_MJ_MAXIMUM_FUNCTION; i++)
{
DriverObject->MajorFunction[i] = FilterDriverDispatch;
}
}
else
{
ERROR((
"IPFLTDRV: Couldn't get device pointer to Filt Driver 0x%08x\n",
ntStatus
));
__leave;
}
SetupExternalNaming (&deviceNameUnicodeString) ;
}
__finally
{
if(!NT_SUCCESS(ntStatus))
{
ERROR(("IPFLTDRV: Error in DriverEntry routine\n"));
}
else
{
ExInitializeResourceLite ( &FilterListResourceLock );
ExInitializeResourceLite ( &FilterAddressLock );
CALLTRACE(("IPFLTDRV: DriverEntry routine successful\n"));
}
if(NT_SUCCESS(ntStatus))
{
PFReadRegistryParameters(RegistryPath);
}
}
return ntStatus;
}
NTSTATUS
FilterDriverDispatch(
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp
)
/*++
Routine Description
Dispatch Routine for the filter driver. Gets the current irp stack location, validates
the parameters and calls the necessary routing (which is ioctl.c)
Arguments
DeviceObject
Irp
Return Value
Status as returned by the worker functions
--*/
{
PIO_STACK_LOCATION irpStack;
PVOID pvIoBuffer;
ULONG inputBufferLength;
ULONG outputBufferLength;
ULONG ioControlCode;
NTSTATUS ntStatus;
DWORD dwSize = 0;
Irp->IoStatus.Status = STATUS_SUCCESS;
Irp->IoStatus.Information = 0;
//
// Get a pointer to the current location in the Irp. This is where
// the function codes and parameters are located.
//
irpStack = IoGetCurrentIrpStackLocation(Irp);
//
// Get the pointer to the input/output buffer and it's length
//
pvIoBuffer = Irp->AssociatedIrp.SystemBuffer;
inputBufferLength = irpStack->Parameters.DeviceIoControl.InputBufferLength;
outputBufferLength = irpStack->Parameters.DeviceIoControl.OutputBufferLength;
CALLTRACE(("IPFLTDRV: FilterDriverDispatch\n"));
switch (irpStack->MajorFunction)
{
case IRP_MJ_CREATE:
{
TRACE(CONFIG,(
"IPFLTDRV: IRP_MJ_CREATE, FileObject=%08x\n",
irpStack->FileObject
));
//
// Initialize the driver. The first time it gets a create IRP, it starts up the
// filtering.
//
ntStatus = STATUS_SUCCESS;
if(!g_bDriverRunning)
{
KeEnterCriticalRegion();
ExAcquireResourceExclusiveLite( &FilterListResourceLock, TRUE);
if (g_bDriverRunning || InitFilterDriver())
{
g_bDriverRunning = TRUE;
}
else
{
ntStatus = STATUS_UNSUCCESSFUL ;
}
ExReleaseResourceLite( &FilterListResourceLock );
KeLeaveCriticalRegion();
}
if(NT_SUCCESS(ntStatus))
{
ntStatus = OpenNewHandle(irpStack->FileObject);
}
break;
}
case IRP_MJ_CLEANUP:
{
CALLTRACE(("IPFLTDRV: IRP_MJ_CLEANUP\n"));
//
// Closing the file handle to the driver doesnt shut the driver down
//
ntStatus = STATUS_SUCCESS;
break;
}
case IRP_MJ_CLOSE:
{
//
// All done with this file object and this FCB. Run
// down the interfaces getting rid of them
//
ntStatus = LockFcb(irpStack->FileObject);
if(NT_SUCCESS(ntStatus))
{
PPFFCB Fcb = irpStack->FileObject->FsContext2;
FcbLockDown(Fcb);
UnLockFcb(irpStack->FileObject);
}
break;
}
case IRP_MJ_DEVICE_CONTROL:
{
CALLTRACE(("IPFLTDRV: IRP_MJ_DEVICE_CONTROL\n"));
ioControlCode = irpStack->Parameters.DeviceIoControl.IoControlCode;
switch (ioControlCode)
{
#if FWPF
case IOCTL_CLEAR_INTERFACE_BINDING:
{
PINTERFACEBINDING pBind;
PPAGED_FILTER_INTERFACE pPage;
CALLTRACE(("IPFLTDRV: IOCTL_CLEAR_INTERFACE_BINDING called\n"));
dwSize = sizeof(*pBind);
if(inputBufferLength < sizeof(*pBind))
{
ntStatus = STATUS_INVALID_BUFFER_SIZE;
break;
}
if(outputBufferLength < sizeof(*pBind))
{
ntStatus = STATUS_INVALID_BUFFER_SIZE;
break;
}
pBind = (PINTERFACEBINDING)pvIoBuffer;
ntStatus = LockFcb(irpStack->FileObject);
if(!NT_SUCCESS(ntStatus))
{
break;
}
pPage = FindInterfaceOnHandle(irpStack->FileObject,
pBind->pvDriverContext);
if(!pPage)
{
ntStatus = STATUS_INVALID_PARAMETER;
}
else
{
ntStatus = ClearInterfaceBinding(pPage, pBind);
}
UnLockFcb(irpStack->FileObject);
break;
}
case IOCTL_SET_INTERFACE_BINDING:
{
PINTERFACEBINDING pBind;
PPAGED_FILTER_INTERFACE pPage;
CALLTRACE(("IPFLTDRV: IOCTL_SET_INTERFACE_BINDING called\n"));
dwSize = sizeof(*pBind);
if(inputBufferLength < sizeof(*pBind))
{
ntStatus = STATUS_INVALID_BUFFER_SIZE;
break;
}
if(outputBufferLength < sizeof(*pBind))
{
ntStatus = STATUS_INVALID_BUFFER_SIZE;
break;
}
pBind = (PINTERFACEBINDING)pvIoBuffer;
ntStatus = LockFcb(irpStack->FileObject);
if(!NT_SUCCESS(ntStatus))
{
break;
}
pPage = FindInterfaceOnHandle(irpStack->FileObject,
pBind->pvDriverContext);
if(!pPage)
{
ntStatus = STATUS_INVALID_PARAMETER;
}
else
{
ntStatus = SetInterfaceBinding(pBind, pPage);
}
UnLockFcb(irpStack->FileObject);
break;
}
case IOCTL_SET_INTERFACE_BINDING2:
{
PINTERFACEBINDING2 pBind2;
PPAGED_FILTER_INTERFACE pPage;
CALLTRACE(("IPFLTDRV: IOCTL_SET_INTERFACE_BINDING2 called\n"));
dwSize = sizeof(*pBind2);
if(inputBufferLength < sizeof(*pBind2))
{
ntStatus = STATUS_INVALID_BUFFER_SIZE;
break;
}
if(outputBufferLength < sizeof(*pBind2))
{
ntStatus = STATUS_INVALID_BUFFER_SIZE;
break;
}
pBind2 = (PINTERFACEBINDING2)pvIoBuffer;
ntStatus = LockFcb(irpStack->FileObject);
if(!NT_SUCCESS(ntStatus))
{
break;
}
pPage = FindInterfaceOnHandle(irpStack->FileObject,
pBind2->pvDriverContext);
if(!pPage)
{
ntStatus = STATUS_INVALID_PARAMETER;
}
else
{
ntStatus = SetInterfaceBinding2(pBind2, pPage);
}
UnLockFcb(irpStack->FileObject);
break;
}
case IOCTL_PF_GET_INTERFACE_PARAMETERS:
{
PPFGETINTERFACEPARAMETERS pp;
PPAGED_FILTER_INTERFACE pPage;
CALLTRACE(("IPFLTDRV: GET_INTERFACE_PARAMETERS called\n"));
dwSize = sizeof(*pp);
if(inputBufferLength < (sizeof(*pp) - sizeof(FILTER_STATS_EX)))
{
ntStatus = STATUS_INVALID_BUFFER_SIZE;
break;
}
if(outputBufferLength < (sizeof(*pp) - sizeof(FILTER_STATS_EX)))
{
ntStatus = STATUS_INVALID_BUFFER_SIZE;
break;
}
pp = (PPFGETINTERFACEPARAMETERS)pvIoBuffer;
ntStatus = LockFcb(irpStack->FileObject);
if(!NT_SUCCESS(ntStatus))
{
break;
}
if(pp->dwFlags & GET_BY_INDEX)
{
pPage = 0;
}
else
{
pPage = FindInterfaceOnHandle(irpStack->FileObject,
pp->pvDriverContext);
if(!pPage)
{
ntStatus = STATUS_INVALID_PARAMETER;
UnLockFcb(irpStack->FileObject);
break;
}
}
dwSize = outputBufferLength;
ntStatus = GetInterfaceParameters(pPage,
pp,
&dwSize);
UnLockFcb(irpStack->FileObject);
break;
}
case IOCTL_PF_CREATE_AND_SET_INTERFACE_PARAMETERS:
{
//
// create a new style interface.
//
PPFINTERFACEPARAMETERS pInfo;
CALLTRACE(("IPFLTDRV: IOCTL_CREATE_AND_SET called\n"));
dwSize = sizeof(PFINTERFACEPARAMETERS);
//
// Both input and output Buffer lengths should be the same a nd
//
if(inputBufferLength != dwSize)
{
ntStatus = STATUS_INVALID_BUFFER_SIZE;
break;
}
if(outputBufferLength != dwSize)
{
ntStatus = STATUS_INVALID_BUFFER_SIZE;
break;
}
pInfo = (PPFINTERFACEPARAMETERS)pvIoBuffer;
//
// now establish the interface
//
ntStatus = LockFcb(irpStack->FileObject);
if(!NT_SUCCESS(ntStatus))
{
break;
}
ntStatus = AddNewInterface(pInfo,
irpStack->FileObject->FsContext2);
UnLockFcb(irpStack->FileObject);
break;
}
case IOCTL_PF_CREATE_LOG:
{
PPFPAGEDLOG pPage;
PPFLOG ppfLog;
CALLTRACE(("IPFLTDRV: IOCTL_PF_CREATE_LOG\n"));
//
// Check the size
//
dwSize = sizeof(PFLOG);
if((inputBufferLength < dwSize)
||
(outputBufferLength < dwSize))
{
ntStatus = STATUS_BUFFER_TOO_SMALL;
break;
}
ppfLog = (PPFLOG)pvIoBuffer;
ntStatus = LockFcb(irpStack->FileObject);
if(!NT_SUCCESS(ntStatus))
{
break;
}
ntStatus = PfLogCreateLog(
ppfLog,
irpStack->FileObject->FsContext2,
Irp);
UnLockFcb(irpStack->FileObject);
break;
}
case IOCTL_PF_DELETE_LOG:
{
CALLTRACE(("IPFLTDRV: IOCTL_PF_DELETE_LOG\n"));
//
// Check the size
//
dwSize = sizeof(PFDELETELOG);
if(inputBufferLength < dwSize)
{
ntStatus = STATUS_BUFFER_TOO_SMALL;
break;
}
ntStatus = LockFcb(irpStack->FileObject);
if(!NT_SUCCESS(ntStatus))
{
break;
}
ntStatus = PfDeleteLog(
(PPFDELETELOG)pvIoBuffer,
irpStack->FileObject->FsContext2);
UnLockFcb(irpStack->FileObject);
break;
}
case IOCTL_SET_LOG_BUFFER:
{
CALLTRACE(("IPFLTDRV: IOCTL_SET_LOG_BUFFER\n"));
//
// Check the size
//
dwSize = sizeof(PFSETBUFFER);
if((inputBufferLength < dwSize)
||
(outputBufferLength < dwSize))
{
ntStatus = STATUS_BUFFER_TOO_SMALL;
break;
}
ntStatus = LockFcb(irpStack->FileObject);
if(!NT_SUCCESS(ntStatus))
{
break;
}
ntStatus = PfLogSetBuffer(
(PPFSETBUFFER)pvIoBuffer,
irpStack->FileObject->FsContext2,
Irp);
UnLockFcb(irpStack->FileObject);
break;
}
case IOCTL_PF_DELETE_BY_HANDLE:
{
PPAGED_FILTER_INTERFACE pPage;
CALLTRACE(("IPFLTDRV: IOCTL_PF_DELETE_BY_HANDLE\n"));
if(inputBufferLength < sizeof(PFDELETEBYHANDLE))
{
ntStatus = STATUS_BUFFER_TOO_SMALL;
break;
}
ntStatus = LockFcb(irpStack->FileObject);
if(!NT_SUCCESS(ntStatus))
{
break;
}
pPage = FindInterfaceOnHandle(
irpStack->FileObject,
((PPFDELETEBYHANDLE)pvIoBuffer)->pvDriverContext);
if(!pPage)
{
ntStatus = STATUS_INVALID_PARAMETER;
}
else
{
ntStatus = DeleteByHandle(
(PPFFCB)irpStack->FileObject->FsContext2,
pPage,
&((PPFDELETEBYHANDLE)pvIoBuffer)->pvHandles[0],
inputBufferLength - sizeof(PVOID));
}
UnLockFcb(irpStack->FileObject);
break;
}
case IOCTL_DELETE_INTERFACE_FILTERS_EX:
{
PPAGED_FILTER_INTERFACE pPage;
CALLTRACE(("IPFLTDRV: IOCTL_UNSET_INTERFACE_FILTERSEX\n"));
//
// The minimum size is without any TOCs
//
dwSize = sizeof(FILTER_DRIVER_SET_FILTERS) - sizeof(RTR_TOC_ENTRY);
if(inputBufferLength < dwSize)
{
ntStatus = STATUS_BUFFER_TOO_SMALL;
break;
}
//
// Verify the sizes if individual entries in the buffer.
//
if (!ValidateHeader(
&((PFILTER_DRIVER_SET_FILTERS)pvIoBuffer)->ribhInfoBlock,
inputBufferLength -
FIELD_OFFSET(FILTER_DRIVER_SET_FILTERS, ribhInfoBlock)
)) {
ntStatus = STATUS_INVALID_BUFFER_SIZE;
break;
}
ntStatus = LockFcb(irpStack->FileObject);
if(!NT_SUCCESS(ntStatus))
{
break;
}
pPage = FindInterfaceOnHandle(
irpStack->FileObject,
((PFILTER_DRIVER_SET_FILTERS)pvIoBuffer)->pvDriverContext);
if(!pPage)
{
ntStatus = STATUS_INVALID_PARAMETER;
}
else
{
ntStatus = UnSetFiltersEx(
(PPFFCB)irpStack->FileObject->FsContext2,
pPage,
inputBufferLength,
(PFILTER_DRIVER_SET_FILTERS)pvIoBuffer);
}
UnLockFcb(irpStack->FileObject);
break;
}
case IOCTL_SET_INTERFACE_FILTERS_EX:
{
PPAGED_FILTER_INTERFACE pPage;
CALLTRACE(("IPFLTDRV: IOCTL_SET_INTERFACE_FILTERSEX\n"));
//
// The minimum size is without any TOCs
//
dwSize = sizeof(FILTER_DRIVER_SET_FILTERS) - sizeof(RTR_TOC_ENTRY);
if(inputBufferLength < dwSize)
{
ntStatus = STATUS_BUFFER_TOO_SMALL;
break;
}
//
// Verify the sizes if individual entries in the buffer.
//
if (!ValidateHeader(
&((PFILTER_DRIVER_SET_FILTERS)pvIoBuffer)->ribhInfoBlock,
inputBufferLength -
FIELD_OFFSET(FILTER_DRIVER_SET_FILTERS, ribhInfoBlock)
)) {
ntStatus = STATUS_INVALID_BUFFER_SIZE;
break;
}
ntStatus = LockFcb(irpStack->FileObject);
if(!NT_SUCCESS(ntStatus))
{
break;
}
pPage = FindInterfaceOnHandle(
irpStack->FileObject,
((PFILTER_DRIVER_SET_FILTERS)pvIoBuffer)->pvDriverContext);
if(!pPage)
{
ntStatus = STATUS_INVALID_PARAMETER;
}
else
{
ntStatus = SetFiltersEx(
(PPFFCB)irpStack->FileObject->FsContext2,
pPage,
inputBufferLength,
(PFILTER_DRIVER_SET_FILTERS)pvIoBuffer);
}
UnLockFcb(irpStack->FileObject);
break;
}
case IOCTL_DELETE_INTERFACEEX:
{
PFILTER_DRIVER_DELETE_INTERFACE pDel;
PPAGED_FILTER_INTERFACE pPage;
CALLTRACE(("IPFLTDRV: IOCTL_DELETE_INTERFACE\n"));
pDel = (PFILTER_DRIVER_DELETE_INTERFACE)pvIoBuffer;
dwSize = sizeof(FILTER_DRIVER_DELETE_INTERFACE);
if(inputBufferLength != dwSize)
{
ntStatus = STATUS_INVALID_BUFFER_SIZE;
break;
}
ntStatus = LockFcb(irpStack->FileObject);
if(!NT_SUCCESS(ntStatus))
{
break;
}
pPage = FindInterfaceOnHandle(irpStack->FileObject,
pDel->pvDriverContext);
if(pPage)
{
RemoveEntryList(&pPage->leIfLink);
ntStatus = DeletePagedInterface(
(PPFFCB)irpStack->FileObject->FsContext2,
pPage);
}
else
{
ntStatus = STATUS_INVALID_PARAMETER;
}
UnLockFcb(irpStack->FileObject);
break;
}
case IOCTL_SET_LATE_BOUND_FILTERSEX:
{
PFILTER_DRIVER_BINDING_INFO pBindInfo;
PPAGED_FILTER_INTERFACE pPage;
CALLTRACE(("FilterDriver: IOCTL_SET_LATE_BOUND_FILTERS\n"));
pBindInfo = (PFILTER_DRIVER_BINDING_INFO)pvIoBuffer;
dwSize = sizeof(FILTER_DRIVER_BINDING_INFO);
if(inputBufferLength isnot dwSize)
{
ntStatus = STATUS_INVALID_BUFFER_SIZE;
break;
}
ntStatus = LockFcb(irpStack->FileObject);
if(!NT_SUCCESS(ntStatus))
{
break;
}
pPage = FindInterfaceOnHandle(irpStack->FileObject,
pBindInfo->pvDriverContext);
if(pPage)
{
ntStatus = UpdateBindingInformationEx(pBindInfo,
pPage);
}
else
{
ntStatus = STATUS_INVALID_PARAMETER;
}
UnLockFcb(irpStack->FileObject);
break;
}
#endif // FWPF
#if STEELHEAD
case IOCTL_CREATE_INTERFACE:
{
//
// the old style of creating an interface.
// just pass it through to the underlying code
//
PFILTER_DRIVER_CREATE_INTERFACE pInfo;
CALLTRACE(("IPFLTDRV: IOCTL_CREATE_INTERFACE\n"));
dwSize = sizeof(FILTER_DRIVER_CREATE_INTERFACE);
//
// Both input and output Buffer lengths should be the same and
//
if(inputBufferLength != dwSize)
{
ntStatus = STATUS_INVALID_BUFFER_SIZE;
break;
}
if(outputBufferLength != dwSize)
{
ntStatus = STATUS_INVALID_BUFFER_SIZE;
break;
}
pInfo = (PFILTER_DRIVER_CREATE_INTERFACE)pvIoBuffer;
ntStatus = AddInterface(
pInfo->pvRtrMgrContext,
pInfo->dwIfIndex,
pInfo->dwAdapterId,
irpStack->FileObject->FsContext2,
&pInfo->pvDriverContext);
if(NT_SUCCESS(ntStatus))
{
dwSize = sizeof(FILTER_DRIVER_CREATE_INTERFACE);
}
break;
}
case IOCTL_SET_INTERFACE_FILTERS:
{
CALLTRACE(("IPFLTDRV: IOCTL_SET_INTERFACE_FILTERS\n"));
//
// The minimum size is without any TOCs
//
dwSize = sizeof(FILTER_DRIVER_SET_FILTERS) - sizeof(RTR_TOC_ENTRY);
if(inputBufferLength < dwSize)
{
ntStatus = STATUS_BUFFER_TOO_SMALL;
break;
}
ntStatus = SetFilters((PFILTER_DRIVER_SET_FILTERS)pvIoBuffer);
break;
}
case IOCTL_SET_LATE_BOUND_FILTERS:
{
PFILTER_DRIVER_BINDING_INFO pBindInfo;
CALLTRACE(("IPFLTDRV: IOCTL_SET_LATE_BOUND_FILTERS\n"));
pBindInfo = (PFILTER_DRIVER_BINDING_INFO)pvIoBuffer;
dwSize = sizeof(FILTER_DRIVER_BINDING_INFO);
if(inputBufferLength isnot dwSize)
{
ntStatus = STATUS_INVALID_BUFFER_SIZE;
break;
}
ntStatus = UpdateBindingInformation(pBindInfo,
pBindInfo->pvDriverContext);
break;
}
case IOCTL_DELETE_INTERFACE:
{
PFILTER_DRIVER_DELETE_INTERFACE pDel;
CALLTRACE(("IPFLTDRV: IOCTL_DELETE_INTERFACE\n"));
pDel = (PFILTER_DRIVER_DELETE_INTERFACE)pvIoBuffer;
dwSize = sizeof(FILTER_DRIVER_DELETE_INTERFACE);
if(inputBufferLength isnot dwSize)
{
ntStatus = STATUS_INVALID_BUFFER_SIZE;
break;
}
ntStatus = DeleteInterface(pDel->pvDriverContext);
break;
}
#endif // STEELHEAD
case IOCTL_TEST_PACKET:
{
PFILTER_DRIVER_TEST_PACKET pPacketInfo;
PPAGED_FILTER_INTERFACE pInPage, pOutPage;
FORWARD_ACTION eaResult;
UNALIGNED IPHeader *pHeader;
DWORD dwSizeOfHeader;
PBYTE pbRest;
DWORD dwSizeOfData;
CALLTRACE(("IPFLTDRV IOCTL_TEST_PACKET\n"));
pPacketInfo = (PFILTER_DRIVER_TEST_PACKET)pvIoBuffer;
dwSize = FIELD_OFFSET(FILTER_DRIVER_TEST_PACKET,
bIpPacket[0]);
if(inputBufferLength < dwSize)
{
ntStatus = STATUS_BUFFER_TOO_SMALL;
break;
}
if(outputBufferLength < dwSize)
{
ntStatus = STATUS_BUFFER_TOO_SMALL;
break;
}
pHeader = (IPHeader*)(pPacketInfo->bIpPacket);
dwSizeOfHeader = ((pHeader->iph_verlen)&0x0f)<<2;
pbRest = (PBYTE)pHeader + dwSizeOfHeader;
//
// make sure the header fits
//
dwSizeOfData = inputBufferLength - dwSize;
if(dwSizeOfData < dwSizeOfHeader)
{
ntStatus = STATUS_BUFFER_TOO_SMALL;
break;
}
//
// it does. Make sure the data fits
//
if(dwSizeOfData < RtlUshortByteSwap(pHeader->iph_length))
{
ntStatus = STATUS_BUFFER_TOO_SMALL;
break;
}
dwSizeOfData -= dwSizeOfHeader;
//
// Find the paged interface corresponding to the
// context
//
ntStatus = LockFcb(irpStack->FileObject);
if(!NT_SUCCESS(ntStatus))
{
break;
}
pInPage = FindInterfaceOnHandle(
irpStack->FileObject,
pPacketInfo->pvInInterfaceContext
);
pOutPage = FindInterfaceOnHandle(
irpStack->FileObject,
pPacketInfo->pvOutInterfaceContext
);
//
// pInPage and pOutPage can be NULL
//
eaResult = MatchFilterp(
pHeader,
pbRest,
dwSizeOfData,
INVALID_IF_INDEX,
INVALID_IF_INDEX,
NULL_IP_ADDR,
NULL_IP_ADDR,
pInPage ? pInPage->pFilter : NULL,
pOutPage ? pOutPage->pFilter : NULL,
FALSE,
TRUE
);
UnLockFcb(irpStack->FileObject);
ntStatus = STATUS_SUCCESS;
pPacketInfo->eaResult = eaResult;
//
// We dont need to copy the full packet out
//
dwSize = sizeof(FILTER_DRIVER_TEST_PACKET);
break;
}
case IOCTL_PF_SET_EXTENSION_POINTER:
{
PPF_SET_EXTENSION_HOOK_INFO ExtensionInfo;
TRACE(CONFIG,(
"ipfltdrv: IOCTL_PF_SET_EXTENSION_POINTER Called, inputLength=%d\n",
inputBufferLength
));
if (Irp->RequestorMode != KernelMode)
{
ntStatus = STATUS_ACCESS_DENIED;
break;
}
ExtensionInfo = (PPF_SET_EXTENSION_HOOK_INFO)pvIoBuffer;
if (inputBufferLength < sizeof(PF_SET_EXTENSION_HOOK_INFO))
{
ntStatus = STATUS_BUFFER_TOO_SMALL;
break;
}
ntStatus = SetExtensionPointer(
ExtensionInfo,
irpStack->FileObject
);
break;
}
#if STEELHEAD
case IOCTL_GET_FILTER_INFO:
{
PFILTER_DRIVER_GET_FILTERS pInfo;
PFILTER_INTERFACE pIf;
LOCK_STATS LockState;
CALLTRACE(("IPFLTDRV: IOCTL_GET_FILTER_INFO\n"));
pInfo = (PFILTER_DRIVER_GET_FILTERS)pvIoBuffer;
pIf = (PFILTER_INTERFACE)(pInfo->pvDriverContext);
//
// If we cant even report the number of filters, lets get out
//
if(inputBufferLength < (sizeof(FILTER_DRIVER_GET_FILTERS) - sizeof(FILTER_STATS)))
{
ntStatus = STATUS_BUFFER_TOO_SMALL;
break;
}
if(outputBufferLength < (sizeof(FILTER_DRIVER_GET_FILTERS) - sizeof(FILTER_STATS)))
{
ntStatus = STATUS_BUFFER_TOO_SMALL;
break;
}
//
// Ok we have enough space to plug in the number of filters
//
AcquireReadLock(&g_filters.ifListLock,&LockState);
pInfo->interfaces.eaInAction = pIf->eaInAction;
pInfo->interfaces.eaOutAction = pIf->eaOutAction;
pInfo->interfaces.dwNumInFilters = pIf->dwNumInFilters;
pInfo->interfaces.dwNumOutFilters = pIf->dwNumOutFilters;
dwSize = SIZEOF_FILTERS(pIf);
if(inputBufferLength < dwSize)
{
dwSize = sizeof(FILTER_DRIVER_GET_FILTERS) - sizeof(FILTER_STATS);
ntStatus = STATUS_SUCCESS;
ReleaseReadLock(&g_filters.ifListLock,&LockState);
break;
}
if(outputBufferLength < dwSize)
{
dwSize = sizeof(FILTER_DRIVER_GET_FILTERS) - sizeof(FILTER_STATS);
ntStatus = STATUS_SUCCESS;
ReleaseReadLock(&g_filters.ifListLock,&LockState);
break;
}
ntStatus = GetFilters(pIf,
FALSE,
&(pInfo->interfaces));
pInfo->dwDefaultHitsIn = g_dwNumHitsDefaultIn;
pInfo->dwDefaultHitsOut = g_dwNumHitsDefaultOut;
ReleaseReadLock(&g_filters.ifListLock,kIrql);
break;
}
#endif
case IOCTL_GET_FILTER_TIMES:
{
PFILTER_DRIVER_GET_TIMES pInfo;
PFILTER_INTERFACE pIf;
KIRQL kIrql;
CALLTRACE(("IPFLTDRV: IOCTL_GET_FILTER_TIMES\n"));
dwSize = sizeof(FILTER_DRIVER_GET_TIMES);
if(outputBufferLength < sizeof(FILTER_DRIVER_GET_TIMES))
{
ntStatus = STATUS_BUFFER_TOO_SMALL;
break;
}
pInfo = (PFILTER_DRIVER_GET_TIMES)pvIoBuffer;
#ifdef DRIVER_PERF
pInfo->dwFragments = g_dwFragments;
pInfo->dwCache1 = g_dwCache1;
pInfo->dwCache2 = g_dwCache2;
pInfo->dwNumPackets = g_dwNumPackets;
pInfo->dwWalk1 = g_dwWalk1;
pInfo->dwWalk2 = g_dwWalk2;
pInfo->dwForw = g_dwForw;
pInfo->dwWalkCache = g_dwWalkCache;
pInfo->liTotalTime.HighPart = g_liTotalTime.HighPart;
pInfo->liTotalTime.LowPart = g_liTotalTime.LowPart;
#else
pInfo->dwFragments = 0;
pInfo->dwCache1 = 0;
pInfo->dwCache2 = 0;
pInfo->dwNumPackets = 0;
pInfo->dwWalk1 = 0;
pInfo->dwWalk2 = 0;
pInfo->dwForw = 0;
pInfo->dwWalkCache = 0;
pInfo->liTotalTime.HighPart = 0;
pInfo->liTotalTime.LowPart = 0;
#endif
ntStatus = STATUS_SUCCESS;
break;
}
default:
{
ERROR(("IPFLTDRV: unknown IOCTL\n"));
ntStatus = STATUS_INVALID_PARAMETER;
break;
}
}
break;
}
default:
{
ERROR(("IPFLTDRV:: unknown IRP_MJ_XXX\n"));
ntStatus = STATUS_INVALID_PARAMETER;
break;
}
}
if(ntStatus != STATUS_PENDING)
{
Irp->IoStatus.Status = ntStatus;
Irp->IoStatus.Information = dwSize;
IoCompleteRequest(Irp, IO_NO_INCREMENT);
}
return(ntStatus);
}
VOID
FilterDriverUnload(
IN PDRIVER_OBJECT DriverObject
)
/*++
Routine Description
Called when the driver is unloaded. This shuts down the filtering (if it hasnt been shut
down already) and removes the DOS name
Arguments
DriverObject
Return Value
None
--*/
{
CALLTRACE(("IPFLTDRV: FilterDriverUnload\n"));
CloseFilterDriver();
TearDownExternalNaming();
IoDeleteDevice(DriverObject->DeviceObject);
}
VOID
SetupExternalNaming (
IN PUNICODE_STRING ntname
)
/*++
Routine Description
Inserts the input name as the DOS name
Arguments
ntname - Name of driver
Return Value
None
--*/
{
UNICODE_STRING ObjectDirectory;
UNICODE_STRING SymbolicLinkName;
UNICODE_STRING fullLinkName;
BYTE buffer[100] ;
//
// Form the full symbolic link name we wish to create.
//
RtlInitUnicodeString (&fullLinkName, NULL);
RtlInitUnicodeString (&ObjectDirectory, DEFAULT_DIRECTORY);
RtlInitUnicodeString(&SymbolicLinkName, DEFAULT_FLTRDRVR_NAME);
fullLinkName.MaximumLength = (sizeof(L"\\")*2) + ObjectDirectory.Length
+ SymbolicLinkName.Length + sizeof(WCHAR);
fullLinkName.Buffer = (WCHAR *)buffer ;
RtlZeroMemory (fullLinkName.Buffer, fullLinkName.MaximumLength);
RtlAppendUnicodeToString (&fullLinkName, L"\\");
RtlAppendUnicodeStringToString (&fullLinkName, &ObjectDirectory);
RtlAppendUnicodeToString (&fullLinkName, L"\\");
RtlAppendUnicodeStringToString (&fullLinkName, &SymbolicLinkName);
if (!NT_SUCCESS(IoCreateSymbolicLink (&fullLinkName, ntname)))
{
ERROR((
"IPFLTDRV: ERROR win32 device name could not be created \n"
));
}
}
VOID
TearDownExternalNaming()
/*++
Routine Description
Removes the DOS name from the registry
Called when the driver is unloaded
Arguments
None
Return Value
None
--*/
{
UNICODE_STRING ObjectDirectory;
UNICODE_STRING SymbolicLinkName;
UNICODE_STRING fullLinkName;
BYTE buffer[100] ;
RtlInitUnicodeString (&fullLinkName, NULL);
RtlInitUnicodeString (&ObjectDirectory, DEFAULT_DIRECTORY);
RtlInitUnicodeString(&SymbolicLinkName, DEFAULT_FLTRDRVR_NAME);
fullLinkName.MaximumLength = (sizeof(L"\\")*2) + ObjectDirectory.Length
+ SymbolicLinkName.Length + sizeof(WCHAR);
fullLinkName.Buffer = (WCHAR *)buffer ;
RtlZeroMemory (fullLinkName.Buffer, fullLinkName.MaximumLength);
RtlAppendUnicodeToString (&fullLinkName, L"\\");
RtlAppendUnicodeStringToString (&fullLinkName, &ObjectDirectory);
RtlAppendUnicodeToString (&fullLinkName, L"\\");
RtlAppendUnicodeStringToString (&fullLinkName, &SymbolicLinkName);
if (!NT_SUCCESS(IoDeleteSymbolicLink (&fullLinkName)))
{
ERROR((
"IPFLTDRV: ERROR win32 device name could not be deleted\n"
));
}
}
BOOL
InitFilterDriver()
/*++
Routine Description
Starts the driver. Allocates memory for the cache and cache entries. Clears the entries
Sends an IOCTL to the Forwarder to set up its entry point (which starts the filtering
process in the forwarder)
Arguments
None
Return Value
TRUE if successful
--*/
{
NTSTATUS status;
BOOL bRet;
SYSTEM_BASIC_INFORMATION PerfInfo;
status = ZwQuerySystemInformation(
SystemBasicInformation,
&PerfInfo,
sizeof(PerfInfo),
NULL
);
//
// adjust cache and hash sizes based on the memory
//
if(PerfInfo.NumberOfPhysicalPages <= 8000)
{
//
// 32 MB or smaller. A very chincy server
//
g_dwCacheSize = 257;
g_dwHashLists = 127;
}
else if(PerfInfo.NumberOfPhysicalPages < 16000)
{
//
// 32-64 MB. Better.
//
g_dwCacheSize = 311;
g_dwHashLists = 311;
}
else if(PerfInfo.NumberOfPhysicalPages < 32000)
{
//
// 64 - 128 MB.
//
g_dwCacheSize = 511;
g_dwHashLists = 511;
}
else
{
//
// big machine
//
g_dwCacheSize = 511;
g_dwHashLists = 1023;
}
InitLogs();
__try
{
bRet = TRUE;
if(!AllocateCacheStructures())
{
ERROR(("IPFLTDRV: Couldnt allocate cache structures\n"));
bRet = FALSE;
__leave;
}
//
// Clean the cache
//
ClearCache();
//
// Now send and Irp to IP Forwarder and give him our entry point
// Do it twice, once to make sure it is cleared and to
// erase any previous filter contexts and once to do what
// we want it to do.
//
status = SetForwarderEntryPoint(NULL);
status = SetForwarderEntryPoint(MatchFilter);
if(status isnot STATUS_SUCCESS)
{
ERROR((
"IPFLTDRV: IOCTL to IP Forwarder failed - status \n",
status
));
bRet = FALSE;
__leave;
}
}
__finally
{
LARGE_INTEGER liDueTime;
if(!bRet)
{
FreeExistingCache();
}
else
{
ExInitializeNPagedLookasideList(
&filter_slist,
ExAllocatePoolWithTag,
ExFreePool,
0,
sizeof(FILTER),
(ULONG)'2liF',
100);
ExInitializePagedLookasideList(
&paged_slist,
ExAllocatePoolWithTag,
ExFreePool,
0,
sizeof(PAGED_FILTER),
(ULONG)'2liF',
100);
ExInitializeNPagedLookasideList(
&g_llFragCacheBlocks,
NULL,
NULL,
0,
sizeof(FRAG_INFO),
'ftlF',
32);
//
// Set the timer for fragment cache.
//
KeInitializeDpc(
&g_kdTimerDpc,
FragCacheTimerRoutine,
NULL);
KeInitializeTimer(&g_ktTimer);
liDueTime.QuadPart = (ULONGLONG)TIMER_IN_MILLISECS * (ULONGLONG)SYS_UNITS_IN_ONE_MILLISEC;
liDueTime.QuadPart = -liDueTime.QuadPart;
KeSetTimerEx(
&g_ktTimer,
liDueTime,
TIMER_IN_MILLISECS,
&g_kdTimerDpc);
}
}
return bRet;
}
BOOL
CloseFilterDriver()
/*++
Routine Description
Shuts down the driver.
Arguments
Return Value
--*/
{
NTSTATUS status;
LOCK_STATE LockState;
PLIST_ENTRY pleHead;
BOOL bStopForw = TRUE;
PFREEFILTER pFree, pFree1;
PPFFCB Fcb;
//
// The first thing to do is send an IOCTL to forwarder to tell him to stop sending
// us anymore packets.
//
status = SetForwarderEntryPoint(NULL);
if(!NT_SUCCESS(status))
{
//
// This means we could not tell IP Forwarder
// to stop filtering packets so we cant go away.
//
ERROR((
"IPFLTDRV: CloseFilterDriver - SetForwardEntryPoint() was UNSUCCESSFUL, Error-0x%08x\n",
status
));
bStopForw = FALSE;
}
//
// remove the FCBS
//
while(TRUE)
{
NTSTATUS ntStatus;
FILE_OBJECT fo;
KIRQL kirql;
BOOL fDone = TRUE;
KeAcquireSpinLock(&g_FcbSpin, &kirql);
for(pleHead = g_leFcbs.Flink;
pleHead != &g_leFcbs;
pleHead = pleHead->Flink)
{
Fcb = CONTAINING_RECORD(pleHead, PFFCB, leList);
//
// This can happen if some other thread is closing the FCB.
//
if(Fcb->dwFlags & PF_FCB_CLOSED)
{
continue;
}
KeReleaseSpinLock(&g_FcbSpin, kirql);
fDone = FALSE;
fo.FsContext2 = (PVOID)Fcb;
ntStatus = LockFcb(&fo);
if(!NT_SUCCESS(ntStatus))
{
break;
}
FcbLockDown(Fcb);
UnLockFcb(&fo);
break;
}
if(fDone)
{
KeReleaseSpinLock(&g_FcbSpin, kirql);
break;
}
}
ExDeleteResourceLite ( &FilterListResourceLock );
ExDeleteResourceLite ( &FilterAddressLock );
AcquireWriteLock(&(g_filters.ifListLock),&LockState);
while(!IsListEmpty(&g_filters.leIfListHead))
{
PFILTER_INTERFACE pIf;
pleHead = g_filters.leIfListHead.Flink;
pIf = CONTAINING_RECORD(pleHead,FILTER_INTERFACE,leIfLink);
DeleteFilters(pIf,
IN_FILTER_SET);
DeleteFilters(pIf,
OUT_FILTER_SET);
//
// Set the number of filters to 0 and the default action to forward so
// that if we havent been able to stop the forwarder from calling us,
// atleast no packets get filtered
//
pIf->dwNumInFilters = 0;
pIf->dwNumOutFilters = 0;
pIf->eaInAction = FORWARD;
pIf->eaOutAction = FORWARD;
if(bStopForw)
{
//
// We could stop the forwarder so lets blow away the interface
//
RemoveHeadList(&g_filters.leIfListHead);
ExFreePool(pIf);
}
}
ClearCache();
if(bStopForw)
{
//
// If we could stop the forwarder, blow away the cache
//
FreeExistingCache();
}
ReleaseWriteLock(&g_filters.ifListLock,&LockState);
if(g_bDriverRunning)
{
//
// Fragment cache related cleanup.
// remove the timer
//
if(KeCancelTimer(&g_ktTimer) is FALSE)
{
//
// Tmer was not in the system queue. Maybe we should sleep
// or something
//
ERROR(("IPFLTDRV: Timer NOT in system queue\n"));
DbgBreakPoint();
}
ExDeleteNPagedLookasideList( &filter_slist );
ExDeletePagedLookasideList( &paged_slist );
ExDeleteNPagedLookasideList(&g_llFragCacheBlocks);
}
if(AddrTable)
{
ExFreePool(AddrTable);
AddrTable = 0;
}
if(AddrHashTable)
{
ExFreePool(AddrHashTable);
AddrHashTable = 0;
}
if(AddrSubnetHashTable)
{
ExFreePool(AddrSubnetHashTable);
AddrSubnetHashTable = 0;
}
if (g_pleFragTable)
{
ExFreePool(g_pleFragTable);
g_pleFragTable = 0;
}
if(g_filters.pInterfaceCache)
{
ExFreePool(g_filters.pInterfaceCache);
g_filters.pInterfaceCache = NULL;
}
TRACE(CONFIG,(
"IPFLTDRV: BoundInterfaceCnt=%d\n",
g_ulBoundInterfaceCount
));
if(bStopForw)
{
CALLTRACE(("IPFLTDRV: CloseFilterDriver - returning SUCCESS\n"));
return STATUS_SUCCESS;
}
else
{
ERROR(("CloseFilterDriver - returning UNSUCCESSFUL\n"));
return STATUS_UNSUCCESSFUL;
}
}
NTSTATUS
SetForwarderEntryPoint(
IN IPPacketFilterPtr pfnMatch
)
/*++
Routine Description
Sets the entry point to IP Forwarder. Used to start and stop the forwarding code in
the forwarder
Arguments
pfnMatch Pointer to the function that implements the filter matching code
NULL will stop forwarding, while any other value will cause the forwarder to
invoke the function pointed to. Thus if on stopping, the IOCTL to the
forwarder doesnt succeed, and the filter driver goes away, the system will
blue screen
Return Value
NTSTATUS
--*/
{
NTSTATUS status;
IP_SET_FILTER_HOOK_INFO functionInfo;
functionInfo.FilterPtr = pfnMatch;
status = DoIpIoctl(
DD_IP_DEVICE_NAME,
IOCTL_IP_SET_FILTER_POINTER,
(PVOID)&functionInfo,
sizeof(functionInfo),
NULL,
0,
NULL);
return(status);
}
NTSTATUS
DoIpIoctl(
IN PWCHAR DriverName,
IN DWORD Ioctl,
IN PVOID pvInArg,
IN DWORD dwInSize,
IN PVOID pvOutArg,
IN DWORD dwOutSize,
OUT PDWORD pdwInfo OPTIONAL)
/*++
Routine Description:
Do an IOCTL to the stack. Used for a varity of purposes
--*/
{
NTSTATUS status;
UNICODE_STRING nameString;
OBJECT_ATTRIBUTES Atts;
IO_STATUS_BLOCK ioStatusBlock;
HANDLE Handle;
PAGED_CODE();
RtlInitUnicodeString(&nameString, DriverName);
InitializeObjectAttributes(&Atts,
&nameString,
OBJ_CASE_INSENSITIVE,
NULL,
NULL);
status = ZwCreateFile(&Handle,
SYNCHRONIZE | FILE_READ_DATA | FILE_WRITE_DATA,
&Atts,
&ioStatusBlock,
NULL,
FILE_ATTRIBUTE_NORMAL,
FILE_SHARE_READ | FILE_SHARE_WRITE,
FILE_OPEN_IF,
0,
NULL,
0);
if (!NT_SUCCESS(status))
{
ERROR(("IPFLTDRV: Couldnt open IP Forwarder - status %d\n",status));
return STATUS_UNSUCCESSFUL;
}
//
// Submit the request to the forwarder
//
status = ZwDeviceIoControlFile(
Handle,
NULL,
NULL,
NULL,
&ioStatusBlock,
Ioctl,
pvInArg,
dwInSize,
pvOutArg,
dwOutSize);
if(!NT_SUCCESS(status))
{
ERROR((
"IPFLTDRV: DoIpIoctl: IOCTL request failed - status %x\n",
status
));
}
else
{
if(pdwInfo)
{
*pdwInfo = (DWORD)ioStatusBlock.Information;
}
}
//
// Close the device.
//
ZwClose(Handle);
return status;
}
BOOL
AllocateCacheStructures()
/*++
Routine Description
Allocates the necessary memory for cache (which is an array of pointers to
cache entries)
Allocates necessary number of cache entries (but doesnt initialize them)
Allocates a small number of entries and puts them on the free list (doesnt
initialize these either)
Arguments
None
Return Value
True if the function completely succeeds, else FALSE. If FALSE, it is upto
the CALLER to do a rollback and clear any allocated memory
--*/
{
DWORD i;
KIRQL kiCurrIrql;
CALLTRACE(("IPFLTDRV: AllocateCacheStructures\n"));
g_filters.ppInCache = ExAllocatePoolWithTag(NonPagedPool,
g_dwCacheSize * sizeof(PFILTER_INCACHE),
'hCnI');
if(g_filters.ppInCache is NULL)
{
ERROR(("IPFLTDRV: Couldnt allocate memory for Input Cache\n"));
return FALSE;
}
g_filters.ppOutCache = ExAllocatePoolWithTag(NonPagedPool,
g_dwCacheSize * sizeof(PFILTER_OUTCACHE),
'CtuO');
if(g_filters.ppOutCache is NULL)
{
ERROR(("IPFLTDRV: Couldnt allocate memory for Output Cache\n"));
return FALSE;
}
for(i = 0; i < g_dwCacheSize; i++)
{
g_filters.ppInCache[i] = NULL;
g_filters.ppOutCache[i] = NULL;
}
for(i = 0; i < g_dwCacheSize; i++)
{
PFILTER_INCACHE pTemp1;
PFILTER_OUTCACHE pTemp2;
pTemp1 = ExAllocatePoolWithTag(NonPagedPool,
sizeof(FILTER_INCACHE),
'NI');
if(pTemp1 is NULL)
{
return FALSE;
}
g_filters.ppInCache[i] = pTemp1;
pTemp2 = ExAllocatePoolWithTag(NonPagedPool,
sizeof(FILTER_OUTCACHE),
'TUO');
if(pTemp2 is NULL)
{
return FALSE;
}
g_filters.ppOutCache[i] = pTemp2;
}
TRACE(CACHE,("IPFLTDRV: Allocated cache structures\n"));
TRACE(CACHE,("IPFLTDRV: Creating in and out free list..."));
for(i = 0; i < FREE_LIST_SIZE; i++)
{
PFILTER_INCACHE pTemp1;
PFILTER_OUTCACHE pTemp2;
pTemp1 = ExAllocatePoolWithTag(NonPagedPool,
sizeof(FILTER_INCACHE),
'FNI');
if(pTemp1 is NULL)
{
return FALSE;
}
InitializeListHead(&pTemp1->leFreeLink);
InsertHeadList(&g_freeInFilters,&pTemp1->leFreeLink);
pTemp2 = ExAllocatePoolWithTag(NonPagedPool,
sizeof(FILTER_OUTCACHE),
'FTUO');
if(pTemp2 is NULL)
{
return FALSE;
}
InitializeListHead(&pTemp2->leFreeLink);
InsertHeadList(&g_freeOutFilters,&pTemp2->leFreeLink);
}
KeAcquireSpinLock(
&g_kslFragLock,
&kiCurrIrql);
g_pleFragTable = ExAllocatePoolWithTag(
NonPagedPool,
g_dwFragTableSize * sizeof(LIST_ENTRY),
'2tlF');
if(!g_pleFragTable)
{
ERROR(("IPFLTDRV: Couldnt allocate frag table\n"));
KeReleaseSpinLock(
&g_kslFragLock,
kiCurrIrql);
return FALSE;
}
TRACE(FRAG,("IPFLTDRV: Initializing fragment cache\n"));
for(i = 0; i < g_dwFragTableSize; i++)
{
InitializeListHead(&(g_pleFragTable[i]));
}
KeReleaseSpinLock(
&g_kslFragLock,
kiCurrIrql);
CALLTRACE(("IPFLTDRV: AllocateCacheStructures Done\n"));
return TRUE;
}
VOID
FreeExistingCache()
/*++
Routine Description
Frees all the cache entries, free entries and cache pointer array
Arguments
None
Return Value
None
--*/
{
DWORD i;
KIRQL kiCurrIrql;
CALLTRACE(("IPFLTDRV: FreeExistingCache\n"));
if(g_filters.ppInCache isnot NULL)
{
for(i = 0; i < g_dwCacheSize; i ++)
{
if(g_filters.ppInCache[i] isnot NULL)
{
ExFreePool(g_filters.ppInCache[i]);
}
}
ExFreePool(g_filters.ppInCache);
g_filters.ppInCache = NULL;
}
TRACE(CACHE,("IPFLTDRV: Done freeing In cache\n"));
TRACE(CACHE,("IPFLTDRV: Freeing existing out cache\n"));
if(g_filters.ppOutCache isnot NULL)
{
for(i = 0; i < g_dwCacheSize; i ++)
{
if(g_filters.ppOutCache[i] isnot NULL)
{
ExFreePool(g_filters.ppOutCache[i]);
}
}
ExFreePool(g_filters.ppOutCache);
g_filters.ppOutCache = NULL;
}
TRACE(CACHE,("IPFLTDRV: Done freeing Out cache\n"));
TRACE(CACHE,("IPFLTDRV: Freeing free in filters\n"));
while(!IsListEmpty(&g_freeInFilters))
{
PFILTER_INCACHE pIn;
PLIST_ENTRY pleHead;
pleHead = RemoveHeadList(&g_freeInFilters);
pIn = CONTAINING_RECORD(pleHead,FILTER_INCACHE,leFreeLink);
ExFreePool(pIn);
}
TRACE(CACHE,("IPFLTDRV: Done freeing free in filters\n"));
TRACE(CACHE,("IPFLTDRV: Freeing free out filters\n"));
while(!IsListEmpty(&g_freeOutFilters))
{
PFILTER_OUTCACHE pOut;
PLIST_ENTRY pleHead;
pleHead = RemoveHeadList(&g_freeOutFilters);
pOut = CONTAINING_RECORD(pleHead,FILTER_OUTCACHE,leFreeLink);
ExFreePool(pOut);
}
TRACE(CACHE,("IPFLTDRV: Done freeing free out filters\n"));
TRACE(FRAG,("IPFLTDRV: Freeing fragment cache\n"));
ClearFragCache();
TRACE(CACHE,("IPFLTDRV: Done freeing fragment cache\n"));
CALLTRACE(("IPFLTDRV: FreeExistingCache Done\n"));
}
NTSTATUS
OpenNewHandle(PFILE_OBJECT FileObject)
/*++
Routine Description:
Open a new handle to the driver. Allocate FCB from the paged pool
and initialize it. If no memory available, fail. If success
store the FCB pointer into the file object.
--*/
{
PPFFCB Fcb;
KIRQL kirql;
//
// Allocate an FCB for this handle.
//
Fcb = ExAllocatePoolWithTag(NonPagedPool,
sizeof(*Fcb),
'pfFC');
if(Fcb)
{
FileObject->FsContext2 = (PVOID)Fcb;
Fcb->dwFlags = 0;
Fcb->UseCount = 1;
InitializeListHead(&Fcb->leInterfaces);
InitializeListHead(&Fcb->leLogs);
ExInitializeResourceLite ( &Fcb->Resource );
ExAcquireSpinLock(&g_FcbSpin, &kirql);
InsertTailList(&g_leFcbs, &Fcb->leList);
ExReleaseSpinLock(&g_FcbSpin, kirql);
return(STATUS_SUCCESS);
}
return(STATUS_NO_MEMORY);
}
PPAGED_FILTER_INTERFACE
FindInterfaceOnHandle(PFILE_OBJECT FileObject,
PVOID pvValue)
/*++
Routine Description:
Find the paged interface for the call. If none found
return a NULL. Uses the caller-supplied DriverContext to
search the contexts on this handle. In general, there should
not be many such handles.
--*/
{
PPFFCB Fcb = FileObject->FsContext2;
PPAGED_FILTER_INTERFACE pPage;
PAGED_CODE();
for(pPage = (PPAGED_FILTER_INTERFACE)Fcb->leInterfaces.Flink;
(PLIST_ENTRY)pPage != &Fcb->leInterfaces;
pPage = (PPAGED_FILTER_INTERFACE)pPage->leIfLink.Flink)
{
if(pPage->pvDriverContext == pvValue)
{
return(pPage);
}
}
return(NULL);
}
NTSTATUS
CloseFcb(PPFFCB Fcb, PFILE_OBJECT FileObject)
/*++
Routine Description:
Called when an FCB has no more references. The caller must
have removed the FCB from the master list. It is immaterial whether
the CB resource is locked.
--*/
{
PPAGED_FILTER_INTERFACE pPage;
PFREEFILTER pList, pList1;
NTSTATUS ntStatus;
TRACE(CONFIG,(
"IPFLTDRV: CloseFcb, Fcb=0x%08x, FileObject=0x%08x\n", Fcb, FileObject
));
//
// First clean up the logs
//
while(!IsListEmpty(&Fcb->leLogs))
{
PFDELETELOG DelLog;
DelLog.pfLogId = (PFLOGGER)Fcb->leLogs.Flink;
(VOID)PfDeleteLog(&DelLog, Fcb);
}
//
// Next, clean up the interfaces
//
while(!IsListEmpty(&Fcb->leInterfaces))
{
TRACE(CONFIG,("IPFLTDRV: Removing interface\n"));
pPage = (PPAGED_FILTER_INTERFACE)RemoveHeadList(&Fcb->leInterfaces);
(VOID)DeletePagedInterface(Fcb, pPage);
}
#if 0
//
// Can't do this because can't get the filter context from the stack.
//
if(Fcb->dwFlags & PF_FCB_OLD)
{
DeleteOldInterfaces(Fcb);
}
#endif
//
// Free the Fcb
//
ExDeleteResourceLite ( &Fcb->Resource );
ExFreePool(Fcb);
if(FileObject)
{
FileObject->FsContext2 = NULL;
}
return(STATUS_SUCCESS);
}
DWORD
GetIpStackIndex(IPAddr Addr, BOOL fNew)
/*++
Routine Description:
Get the stack index for the corresponding address and mask
--*/
{
DWORD dwResult;
DWORD dwInBufLen;
DWORD dwOutBufLen;
TCP_REQUEST_QUERY_INFORMATION_EX trqiInBuf;
TDIObjectID *ID;
BYTE *Context;
NTSTATUS Status;
IPSNMPInfo IPSnmpInfo;
IPAddrEntry *AddrTable1;
DWORD dwSpace, dwIpIndex;
DWORD dwFinalAddrSize;
DWORD dwFinalSize, dwX;
PADDRESSARRAY pa;
LOCK_STATE LockState;
KeEnterCriticalRegion();
ExAcquireResourceSharedLite( &FilterAddressLock, TRUE);
if(!AddrTable || fNew)
{
ExReleaseResourceLite(&FilterAddressLock );
ExAcquireResourceExclusiveLite( &FilterAddressLock, TRUE);
if(fNew && AddrTable)
{
//
// acquire the spin lock to synchronize with Match
// code running at DPC so we can "lock out"
// the table while we do the rest of this. Note
// we can't hold a spin lock while building the table
// because the calls into the IP stack hit pageable
// code
//
AcquireWriteLock(&g_IpTableLock, &LockState);
g_dwMakingNewTable = TRUE;
ReleaseWriteLock(&g_IpTableLock, &LockState);
ExFreePool( AddrTable );
AddrTable = 0;
}
}
if(!AddrTable)
{
dwInBufLen = sizeof(TCP_REQUEST_QUERY_INFORMATION_EX);
dwOutBufLen = sizeof(IPSNMPInfo);
ID = &(trqiInBuf.ID);
ID->toi_entity.tei_entity = CL_NL_ENTITY;
ID->toi_entity.tei_instance = 0;
ID->toi_class = INFO_CLASS_PROTOCOL;
ID->toi_type = INFO_TYPE_PROVIDER;
ID->toi_id = IP_MIB_STATS_ID;
Context = (BYTE *) &(trqiInBuf.Context[0]);
RtlZeroMemory(Context, CONTEXT_SIZE);
Status = DoIpIoctl(
DD_TCP_DEVICE_NAME,
IOCTL_TCP_QUERY_INFORMATION_EX,
(PVOID)&trqiInBuf,
sizeof(TCP_REQUEST_QUERY_INFORMATION_EX),
(PVOID)&IPSnmpInfo,
dwOutBufLen,
NULL);
if(NT_SUCCESS(Status))
{
//
// allocate some memory to fetch the address table.
//
dwSpace = IPSnmpInfo.ipsi_numaddr + 10;
dwOutBufLen = dwSpace * sizeof(IPAddrEntry);
if(!AddrHashTable)
{
//
// the hash table size was not specified in the
// registry. Compute it based on the number of
// addresses. Try to keep the hash table less than
// half full.
//
if(!AddrModulus)
{
if(IPSnmpInfo.ipsi_numaddr < ADDRHASHLOWLEVEL)
{
AddrModulus = ADDRHASHLOW;
}
else if(IPSnmpInfo.ipsi_numaddr < ADDRHASHMEDLEVEL)
{
AddrModulus = ADDRHASHMED;
}
else
{
AddrModulus = ADDRHASHHIGH;
}
}
AddrHashTable = (PADDRESSARRAY *)ExAllocatePoolWithTag(
NonPagedPool,
AddrModulus *
sizeof(PADDRESSARRAY),
'pfAh');
if(!AddrHashTable)
{
ERROR(("IPFLTDRV: Could not allocate AddrHashTable"));
g_dwMakingNewTable = FALSE;
ExReleaseResourceLite(&FilterAddressLock );
KeLeaveCriticalRegion();
return(UNKNOWN_IP_INDEX);
}
}
if(!AddrSubnetHashTable)
{
AddrSubnetHashTable = (PADDRESSARRAY *)ExAllocatePoolWithTag(
NonPagedPool,
AddrModulus *
sizeof(PADDRESSARRAY),
'pfAh');
if(!AddrSubnetHashTable)
{
ERROR(("IPFLTDRV: Could not allocate AddrSubnetHashTable"));
g_dwMakingNewTable = FALSE;
ExReleaseResourceLite(&FilterAddressLock );
KeLeaveCriticalRegion();
return(UNKNOWN_IP_INDEX);
}
}
RtlZeroMemory(AddrHashTable, AddrModulus * sizeof(PADDRESSARRAY));
RtlZeroMemory(AddrSubnetHashTable,
AddrModulus * sizeof(PADDRESSARRAY));
AddrTable = (IPAddrEntry *)ExAllocatePoolWithTag(
NonPagedPool,
dwOutBufLen,
'pfAt');
if(!AddrTable)
{
ERROR((
"IPFLTDRV: Could not allocate AddrTable of size %d\n",
dwSpace
));
g_dwMakingNewTable = FALSE;
ExReleaseResourceLite(&FilterAddressLock );
KeLeaveCriticalRegion();
return(UNKNOWN_IP_INDEX);
}
}
else
{
ERROR((
"IPFLTDRV: GetIpStackIndex: DoIpIoctl failed, Status=%08x\n",
Status
));
g_dwMakingNewTable = FALSE;
ExReleaseResourceLite(&FilterAddressLock );
KeLeaveCriticalRegion();
return(UNKNOWN_IP_INDEX);
}
ID->toi_type = INFO_TYPE_PROVIDER;
ID->toi_id = IP_MIB_ADDRTABLE_ENTRY_ID;
RtlZeroMemory( Context, CONTEXT_SIZE );
Status = DoIpIoctl(
DD_TCP_DEVICE_NAME,
IOCTL_TCP_QUERY_INFORMATION_EX,
(PVOID)&trqiInBuf,
dwInBufLen,
(PVOID)AddrTable,
dwOutBufLen,
&dwFinalAddrSize);
if(!NT_SUCCESS(Status))
{
ERROR(("IPFLTDRV: Reading IP addr table failed %x\n", Status));
ExFreePool(AddrTable);
AddrTable = 0;
g_dwMakingNewTable = FALSE;
ExReleaseResourceLite(&FilterAddressLock );
KeLeaveCriticalRegion();
return(UNKNOWN_IP_INDEX);
}
//
// Now to get sleazy. Convert each IPAddrEntry into an ADDRESSARRAY
// entry and hash it into the AddrHashTable. Note this depends
// on the structures having common definitions and on
// IPAddrEntry to be at least as large as ADDRESSARRAY. So be
// careful.
//
dwFinalSize = dwFinalAddrSize / sizeof(IPAddrEntry);
for(AddrTable1 = AddrTable;
dwFinalSize;
dwFinalSize--, AddrTable1++)
{
dwX = ADDRHASHX(AddrTable1->iae_addr);
pa = (PADDRESSARRAY)AddrTable1;
pa->ulSubnetBcastAddress = AddrTable1->iae_addr |
~AddrTable1->iae_mask;
//
// Now hash it into the hash table
//
pa->pNext = AddrHashTable[dwX];
AddrHashTable[dwX] = pa;
//
// and do a hash on the subnet address as well
//
dwX = ADDRHASHX(pa->ulSubnetBcastAddress);
pa->pNextSubnet = AddrSubnetHashTable[dwX];
AddrSubnetHashTable[dwX] = pa;
}
//
// allow the DPC match code to use the table. Note
// this does not require interlocking since storing
// memory is atomic.
//
g_dwMakingNewTable = FALSE;
}
//
// search the table for the address.
//
dwIpIndex = LocalIpLook(Addr);
ExReleaseResourceLite(&FilterAddressLock );
KeLeaveCriticalRegion();
return(dwIpIndex);
}
BOOL
MatchLocalLook(DWORD Addr, DWORD dwIndex)
/*++
Routine Description:
Called from the Match code, probably at DPC level, to
check an address. If the address table is being rebuilt
just return success. See inner comment for more on this
--*/
{
BOOL fRet;
LOCK_STATE LockState;
if(!BMAddress(Addr))
{
//
// Look it up. Note that if the table is being rebuilt,
// this succeeds. This is a security hole but it is very
// small and nearly impossible to exploit effectively and
// the alternative, denying this, is even worse.
// ArnoldM 19-Sept-1997.
//
AcquireReadLock(&g_IpTableLock, &LockState);
if(AddrTable && !g_dwMakingNewTable)
{
DWORD dwLookupIndex = LocalIpLook(Addr);
//
// the address is acceptable if it belongs to
// the arriving interface or if it belongs to
// no interfaces. The latter is the route-through case.
//
if((dwIndex == dwLookupIndex)
||
(dwLookupIndex == UNKNOWN_IP_INDEX) )
{
fRet = TRUE;
}
else
{
fRet = FALSE;
}
}
else
{
fRet = TRUE;
}
ReleaseReadLock(&g_IpTableLock, &LockState);
}
else
{
fRet = TRUE;
}
return(fRet);
}
DWORD
LocalIpLook(DWORD Addr)
/*++
Routine Description:
Called to lookup an address in the address hash tables. The caller
either must hold the g_IpTableLock read sping lock or must hold
the FilterAddressLock resource. This should never be called
while the address table is being built and holding one of
these locks insures this.
--*/
{
DWORD dwIpIndex, dwX;
PADDRESSARRAY pa;
dwX = ADDRHASHX(Addr);
for(pa = AddrHashTable[dwX]; pa; pa = pa->pNext)
{
if(pa->ulAddress == Addr)
{
dwIpIndex = pa->ulIndex;
goto alldone; // ugly but faster than a break and another test.
}
}
for(pa = AddrSubnetHashTable[dwX]; pa; pa = pa->pNextSubnet)
{
if(pa->ulSubnetBcastAddress == Addr)
{
dwIpIndex = pa->ulIndex;
goto alldone;
}
}
//
// not found. Deliver the bad news.
//
dwIpIndex = UNKNOWN_IP_INDEX;
alldone:
return(dwIpIndex);
}
BOOLEAN
PfFastIoDeviceControl (
IN struct _FILE_OBJECT *FileObject,
IN BOOLEAN Wait,
IN PVOID InputBuffer OPTIONAL,
IN ULONG InputBufferLength,
OUT PVOID OutputBuffer OPTIONAL,
IN ULONG OutputBufferLength,
IN ULONG IoControlCode,
OUT PIO_STATUS_BLOCK IoStatus,
IN struct _DEVICE_OBJECT *DeviceObject
)
{
DWORD dwSize;
PPAGED_FILTER_INTERFACE pPage;
NTSTATUS ntStatus;
BOOL fLockedFcb = FALSE;
MODE PreviousMode;
PreviousMode = ExGetPreviousMode();
try {
if (InputBufferLength) {
if (PreviousMode != KernelMode) {
ProbeForRead(InputBuffer, InputBufferLength, sizeof(UCHAR));
}
}
switch(IoControlCode)
{
default:
return(FALSE);
case IOCTL_PF_IP_ADDRESS_LOOKUP:
//
// do a dummy fetch to make it recompute.
//
if((InputBufferLength < sizeof(DWORD))
||
(OutputBufferLength < sizeof(DWORD)) )
{
return(FALSE);
}
*(PDWORD)OutputBuffer = GetIpStackIndex(*(PDWORD)InputBuffer, TRUE);
ntStatus = STATUS_SUCCESS;
break;
case IOCTL_PF_DELETE_BY_HANDLE:
if(InputBufferLength < sizeof(PFDELETEBYHANDLE))
{
return(FALSE);
}
ntStatus = LockFcb(FileObject);
if(!NT_SUCCESS(ntStatus))
{
return(FALSE);
}
fLockedFcb = TRUE;
pPage = FindInterfaceOnHandle(
FileObject,
((PPFDELETEBYHANDLE)InputBuffer)->pvDriverContext);
if(!pPage)
{
UnLockFcb(FileObject);
return(FALSE);
}
ntStatus = DeleteByHandle(
(PPFFCB)FileObject->FsContext2,
pPage,
&((PPFDELETEBYHANDLE)InputBuffer)->pvHandles[0],
InputBufferLength - sizeof(PVOID));
UnLockFcb(FileObject);
fLockedFcb = FALSE;
break;
case IOCTL_DELETE_INTERFACE_FILTERS_EX:
{
//
// The minimum size is without any TOCs
//
dwSize = sizeof(FILTER_DRIVER_SET_FILTERS) - sizeof(RTR_TOC_ENTRY);
if(InputBufferLength < dwSize)
{
return(FALSE);
}
ntStatus = LockFcb(FileObject);
if(!NT_SUCCESS(ntStatus))
{
return(FALSE);
}
fLockedFcb = TRUE;
pPage = FindInterfaceOnHandle(
FileObject,
((PFILTER_DRIVER_SET_FILTERS)InputBuffer)->pvDriverContext);
if(!pPage)
{
UnLockFcb(FileObject);
return(FALSE);
}
ntStatus = UnSetFiltersEx(
(PPFFCB)FileObject->FsContext2,
pPage,
InputBufferLength,
(PFILTER_DRIVER_SET_FILTERS)InputBuffer);
UnLockFcb(FileObject);
fLockedFcb = FALSE;
break;
}
case IOCTL_GET_SYN_COUNTS:
{
if(OutputBufferLength < sizeof(FILTER_DRIVER_GET_SYN_COUNT))
{
return(FALSE);
}
ntStatus = GetSynCountTotal(
(PFILTER_DRIVER_GET_SYN_COUNT)OutputBuffer);
break;
}
case IOCTL_SET_INTERFACE_FILTERS_EX:
{
//
// Make sure the caller is using symmetric buffers. If not
// do it the slow way
//
if((InputBuffer != OutputBuffer)
||
(InputBufferLength != OutputBufferLength))
{
return(FALSE);
}
//
// The minimum size is without any TOCs
//
dwSize = sizeof(FILTER_DRIVER_SET_FILTERS) - sizeof(RTR_TOC_ENTRY);
if(InputBufferLength < dwSize)
{
return(FALSE);
}
ntStatus = LockFcb(FileObject);
if(!NT_SUCCESS(ntStatus))
{
return(FALSE);
}
fLockedFcb = TRUE;
pPage = FindInterfaceOnHandle(
FileObject,
((PFILTER_DRIVER_SET_FILTERS)InputBuffer)->pvDriverContext);
if(!pPage)
{
UnLockFcb(FileObject);
return(FALSE);
}
ntStatus = SetFiltersEx(
(PPFFCB)FileObject->FsContext2,
pPage,
InputBufferLength,
(PFILTER_DRIVER_SET_FILTERS)InputBuffer);
UnLockFcb(FileObject);
fLockedFcb = FALSE;
break;
}
}
IoStatus->Status = ntStatus;
IoStatus->Information = OutputBufferLength;
return(TRUE);
} except (EXCEPTION_EXECUTE_HANDLER) {
if (fLockedFcb) {
UnLockFcb(FileObject);
}
return(FALSE);
}
}
NTSTATUS
LockFcb(
IN struct _FILE_OBJECT *FileObject)
/*++
Routine Description:
Lock an FCB. Check if the FCB is on the master list and if
it is still valid. On success, returns with the FCB resource locked
and the FCB referenced.
--*/
{
PPFFCB Fcb = (PPFFCB)FileObject->FsContext2;
KIRQL kirql;
PLIST_ENTRY List;
PPFFCB Fcb1 = 0;
if ( Fcb == NULL )
return(STATUS_INVALID_PARAMETER);
KeAcquireSpinLock(&g_FcbSpin, &kirql);
for(List = g_leFcbs.Flink;
List != &g_leFcbs;
List = List->Flink)
{
Fcb1 = CONTAINING_RECORD(List, PFFCB, leList);
//
// use it if it is not being closed
//
if(Fcb1 == Fcb)
{
if( !(Fcb->dwFlags & PF_FCB_CLOSED) )
{
InterlockedIncrement(&Fcb->UseCount);
}
else
{
Fcb1 = 0;
}
break;
}
}
KeReleaseSpinLock(&g_FcbSpin, kirql);
if(Fcb != Fcb1)
{
//
// didn't find it.
//
return(STATUS_INVALID_PARAMETER);
}
//
// found it. Lock it up.
//
KeEnterCriticalRegion();
ExAcquireResourceExclusiveLite( &Fcb->Resource, TRUE );
//
// must look one more time to see if it has been closed. This can
// happen if the closer sneaked in. So we have to become the closer.
//
if(Fcb->dwFlags & PF_FCB_CLOSED)
{
//
// it was. Unlock it and return an error
//
UnLockFcb(FileObject);
return(STATUS_INVALID_PARAMETER);
}
return(STATUS_SUCCESS);
}
VOID
UnLockFcb(
IN struct _FILE_OBJECT *FileObject)
/*++
Routine Description:
Unlock and derefence an FCB. If the reference count becomes zero,
remove the FCB from the master list and close it.
--*/
{
PPFFCB Fcb = (PPFFCB)FileObject->FsContext2;
KIRQL kirql;
KeAcquireSpinLock(&g_FcbSpin, &kirql);
if(InterlockedDecrement(&Fcb->UseCount) <= 0)
{
ASSERT(Fcb->dwFlags & PF_FCB_CLOSED);
RemoveEntryList(&Fcb->leList);
KeReleaseSpinLock(&g_FcbSpin, kirql);
ExReleaseResourceLite( &Fcb->Resource );
KeLeaveCriticalRegion();
CloseFcb(Fcb, FileObject);
}
else
{
KeReleaseSpinLock(&g_FcbSpin, kirql);
ExReleaseResourceLite( &Fcb->Resource );
KeLeaveCriticalRegion();
}
}
NTSTATUS
InitFragCacheParameters(
IN PUNICODE_STRING RegistryPath
)
/*++
Routine Description
Called when the driver is loaded. It read the registry for the overrides
related to fragment cache
Arguments
RegistryPath
Return Value
NTSTATUS
--*/
{
INT i;
USHORT usRegLen;
PWCHAR pwcBuffer;
HANDLE hRegKey;
DWORD dwCheck;
NTSTATUS ntStatus;
UNICODE_STRING usParamString, usTempString;
CALLTRACE(("IPFLTDRV: InitFragCacheParams\n"));
//
// Fragment cache related intialiazation.
//
g_llInactivityTime = SECS_TO_TICKS(INACTIVITY_PERIOD);
g_dwFragTableSize = 127;
//
// Read the registry for parameters
//
usRegLen = RegistryPath->Length +
(sizeof(WCHAR) * (wcslen(L"\\Parameters") + 2));
pwcBuffer = ExAllocatePoolWithTag(NonPagedPool,
usRegLen,
'1tlF');
if(!pwcBuffer)
{
return STATUS_INSUFFICIENT_RESOURCES;
}
RtlZeroMemory(pwcBuffer, usRegLen);
usParamString.MaximumLength = usRegLen;
usParamString.Buffer = pwcBuffer;
RtlCopyUnicodeString(&usParamString, RegistryPath);
RtlInitUnicodeString(&usTempString, L"\\Parameters");
RtlAppendUnicodeStringToString(&usParamString, &usTempString);
ntStatus = OpenRegKey(&hRegKey, &usParamString);
ExFreePool(pwcBuffer);
if(NT_SUCCESS(ntStatus))
{
dwCheck = 0;
ntStatus = GetRegDWORDValue(
hRegKey,
L"FragmentLifetime",
&dwCheck);
if(NT_SUCCESS(ntStatus))
{
if(dwCheck > INACTIVITY_PERIOD)
{
g_llInactivityTime = SECS_TO_TICKS(dwCheck);
}
}
dwCheck = 0;
ntStatus = GetRegDWORDValue(hRegKey,
L"FragmentCacheSize",
&dwCheck);
if(NT_SUCCESS(ntStatus))
{
if(dwCheck > 127)
{
g_dwFragTableSize = dwCheck;
}
}
ZwClose(hRegKey);
}
TRACE(FRAG,(
"Filter:LifeTime %d.%d Cache Size %d\n",
((PLARGE_INTEGER)&g_llInactivityTime)->HighPart,
((PLARGE_INTEGER)&g_llInactivityTime)->LowPart,
g_dwFragTableSize
));
KeInitializeSpinLock(&g_kslFragLock);
return(STATUS_SUCCESS);
}
VOID
PFReadRegistryParameters(PUNICODE_STRING RegistryPath)
/*++
Routine Description:
Called when the driver is loaded. Reads registry paramters
for configuring the driver
--*/
{
OBJECT_ATTRIBUTES ObjectAttributes;
HANDLE PFHandle;
HANDLE PFParHandle;
NTSTATUS Status;
UNICODE_STRING UnicodeString;
ULONG Storage[8];
PKEY_VALUE_PARTIAL_INFORMATION Value =
(PKEY_VALUE_PARTIAL_INFORMATION)Storage;
InitializeObjectAttributes(
&ObjectAttributes,
RegistryPath, // name
OBJ_CASE_INSENSITIVE, // attributes
NULL, // root
NULL // security descriptor
);
Status = ZwOpenKey (&PFHandle, KEY_READ, &ObjectAttributes);
RtlInitUnicodeString(&UnicodeString, L"Parameters");
if(NT_SUCCESS(Status))
{
InitializeObjectAttributes(
&ObjectAttributes,
&UnicodeString,
OBJ_CASE_INSENSITIVE,
PFHandle,
NULL
);
Status = ZwOpenKey (&PFParHandle, KEY_READ, &ObjectAttributes);
ZwClose(PFHandle);
if(NT_SUCCESS(Status))
{
ULONG BytesRead;
RtlInitUnicodeString(&UnicodeString, L"AddressHashSize");
Status = ZwQueryValueKey(
PFParHandle,
&UnicodeString,
KeyValuePartialInformation,
Value,
sizeof(Storage),
&BytesRead);
if(NT_SUCCESS(Status)
&&
(Value->Type == REG_DWORD) )
{
AddrModulus = *(PULONG)Value->Data;
}
RtlInitUnicodeString(&UnicodeString, L"FragmentThreshold");
Status = ZwQueryValueKey(
PFParHandle,
&UnicodeString,
KeyValuePartialInformation,
Value,
sizeof(Storage),
&BytesRead);
if(NT_SUCCESS(Status)
&&
(Value->Type == REG_DWORD) )
{
g_FragThresholdSize = *(PULONG)Value->Data;
}
ZwClose(PFParHandle);
}
}
}
#pragma alloc_text(PAGE, GetRegDWORDValue)
NTSTATUS
GetRegDWORDValue(
HANDLE KeyHandle,
PWCHAR ValueName,
PULONG ValueData
)
{
NTSTATUS status;
ULONG resultLength;
PKEY_VALUE_FULL_INFORMATION keyValueFullInformation;
UCHAR keybuf[128];
UNICODE_STRING UValueName;
PAGED_CODE();
RtlInitUnicodeString(&UValueName, ValueName);
keyValueFullInformation = (PKEY_VALUE_FULL_INFORMATION)keybuf;
RtlZeroMemory(keyValueFullInformation, sizeof(keyValueFullInformation));
status = ZwQueryValueKey(KeyHandle,
&UValueName,
KeyValueFullInformation,
keyValueFullInformation,
128,
&resultLength);
if (NT_SUCCESS(status)) {
if (keyValueFullInformation->Type != REG_DWORD) {
status = STATUS_INVALID_PARAMETER_MIX;
} else {
*ValueData = *((ULONG UNALIGNED *)((PCHAR)keyValueFullInformation +
keyValueFullInformation->DataOffset));
}
}
return status;
}
#pragma alloc_text(PAGE, OpenRegKey)
NTSTATUS
OpenRegKey(
PHANDLE phRegHandle,
PUNICODE_STRING pusKeyName
)
{
NTSTATUS Status;
OBJECT_ATTRIBUTES ObjectAttributes;
PAGED_CODE();
RtlZeroMemory(&ObjectAttributes,
sizeof(OBJECT_ATTRIBUTES));
InitializeObjectAttributes(&ObjectAttributes,
pusKeyName,
OBJ_CASE_INSENSITIVE,
NULL,
NULL);
Status = ZwOpenKey(phRegHandle,
KEY_READ,
&ObjectAttributes);
return Status;
}