You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3515 lines
131 KiB
3515 lines
131 KiB
/*++
|
|
|
|
Copyright (c) 1990-2000 Microsoft Corporation
|
|
|
|
Module Name:
|
|
|
|
iprcv.c - IP receive routines.
|
|
|
|
Abstract:
|
|
|
|
This module contains all receive related IP routines.
|
|
|
|
Author:
|
|
|
|
|
|
[Environment:]
|
|
|
|
kernel mode only
|
|
|
|
[Notes:]
|
|
|
|
optional-notes
|
|
|
|
Revision History:
|
|
|
|
|
|
--*/
|
|
|
|
#include "precomp.h"
|
|
#include "ip.h"
|
|
#include "info.h"
|
|
#include "iproute.h"
|
|
#include "arpdef.h"
|
|
#include "iprtdef.h"
|
|
#include "igmp.h"
|
|
|
|
#if IPMCAST
|
|
void IPMForwardAfterTD(NetTableEntry *pPrimarySrcNte, PNDIS_PACKET pnpPacket,
|
|
UINT uiBytesCopied);
|
|
#endif
|
|
|
|
// Following is to prevent ip fragment attack
|
|
uint MaxRH = 100; // maximum number of reassembly headers allowed
|
|
uint NumRH = 0; // Count of RH in use
|
|
uint MaxOverlap = 5; // maximum number overlaps allowed for one
|
|
// reassembled datagram
|
|
uint FragmentAttackDrops = 0;
|
|
|
|
extern IP_STATUS SendICMPErr(IPAddr, IPHeader UNALIGNED *, uchar, uchar, ulong, uchar);
|
|
|
|
extern uint IPSecStatus;
|
|
extern IPSecRcvFWPacketRtn IPSecRcvFWPacketPtr;
|
|
extern uchar RATimeout;
|
|
extern NDIS_HANDLE BufferPool;
|
|
extern ProtInfo IPProtInfo[]; // Protocol information table.
|
|
extern ProtInfo *LastPI; // Last protinfo structure looked at.
|
|
extern int NextPI; // Next PI field to be used.
|
|
extern ProtInfo *RawPI; // Raw IP protinfo
|
|
extern NetTableEntry **NewNetTableList; // hash table for NTEs
|
|
extern uint NET_TABLE_SIZE;
|
|
extern NetTableEntry *LoopNTE;
|
|
extern IPRcvBuf *g_PerCPUIpBuf; // Global RcvBuf used for proxy perf
|
|
// optimization.
|
|
extern Interface LoopInterface;
|
|
|
|
extern uint DisableIPSourceRouting;
|
|
|
|
uchar CheckLocalOptions(NetTableEntry *SrcNTE, IPHeader UNALIGNED *Header,
|
|
IPOptInfo *OptInfo, uchar DestType, uchar* Data,
|
|
uint DataSize, BOOLEAN FilterOnDrop);
|
|
|
|
|
|
#define PROT_RSVP 46 // Protocol number for RSVP
|
|
|
|
|
|
|
|
|
|
|
|
//* FindUserRcv - Find the receive handler to be called for a particular
|
|
// protocol.
|
|
//
|
|
// This functions takes as input a protocol value, and returns a pointer to
|
|
// the receive routine for that protocol.
|
|
//
|
|
// Input: NTE - Pointer to NetTableEntry to be searched
|
|
// Protocol - Protocol to be searched for.
|
|
// UContext - Place to returns UL Context value.
|
|
//
|
|
// Returns: Pointer to the receive routine.
|
|
//
|
|
ULRcvProc
|
|
FindUserRcv(uchar Protocol)
|
|
{
|
|
ULRcvProc RcvProc;
|
|
int i;
|
|
ProtInfo *TempPI;
|
|
|
|
if (((TempPI = LastPI)->pi_protocol == Protocol) &&
|
|
TempPI->pi_valid == PI_ENTRY_VALID) {
|
|
|
|
RcvProc = TempPI->pi_rcv;
|
|
return RcvProc;
|
|
}
|
|
|
|
RcvProc = (ULRcvProc) NULL;
|
|
for (i = 0; i < NextPI; i++) {
|
|
if (IPProtInfo[i].pi_protocol == Protocol) {
|
|
if (IPProtInfo[i].pi_valid == PI_ENTRY_VALID) {
|
|
InterlockedExchangePointer(&LastPI, &IPProtInfo[i]);
|
|
RcvProc = IPProtInfo[i].pi_rcv;
|
|
return RcvProc;
|
|
} else {
|
|
// Deregisterd entry. Treat this case as if
|
|
// there is no matching protocol.
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
|
|
//
|
|
// Didn't find a match. Use the raw protocol if it is registered.
|
|
//
|
|
if ((TempPI = RawPI) != NULL) {
|
|
RcvProc = TempPI->pi_rcv;
|
|
}
|
|
|
|
return RcvProc;
|
|
}
|
|
|
|
//* IPRcvComplete - Handle a receive complete.
|
|
//
|
|
// Called by the lower layer when receives are temporarily done.
|
|
//
|
|
// Entry: Nothing.
|
|
//
|
|
// Returns: Nothing.
|
|
//
|
|
void
|
|
__stdcall
|
|
IPRcvComplete(void)
|
|
{
|
|
void (*ULRcvCmpltProc) (void);
|
|
int i;
|
|
for (i = 0; i < NextPI; i++) {
|
|
if (((ULRcvCmpltProc = IPProtInfo[i].pi_rcvcmplt) != NULL) &&
|
|
(IPProtInfo[i].pi_valid == PI_ENTRY_VALID)) {
|
|
(*ULRcvCmpltProc) ();
|
|
}
|
|
}
|
|
|
|
}
|
|
//* XsumRcvBuf - Checksum a chain of IP receive buffers.
|
|
//
|
|
// Called to xsum a chain of IP receive buffers. We're given the
|
|
// pseudo-header xsum to start with, and we call xsum on each buffer.
|
|
//
|
|
// Input: PHXsum - Pseudo-header xsum.
|
|
// BufChain - Pointer to IPRcvBuf chain.
|
|
//
|
|
// Returns: The computed xsum.
|
|
//
|
|
ushort
|
|
XsumRcvBuf(uint PHXsum, IPRcvBuf * BufChain)
|
|
{
|
|
uint PrevSize = 0;
|
|
uint NeedSwap = 0;
|
|
|
|
PHXsum = (((PHXsum << 16) | (PHXsum >> 16)) + PHXsum) >> 16;
|
|
do {
|
|
// Whenever an odd number of bytes is checksummed in the interior
|
|
// of the buffer-chain, swap the sum and go on so that the next byte
|
|
// will overlay the existing sum correctly.
|
|
//
|
|
// (The correctness of this swap is a property of ones-complement
|
|
// checksums.)
|
|
|
|
if (PrevSize & 1) {
|
|
PHXsum = RtlUshortByteSwap(PHXsum);
|
|
NeedSwap ^= 1;
|
|
}
|
|
PHXsum = tcpxsum_routine(PHXsum, BufChain->ipr_buffer,
|
|
PrevSize = BufChain->ipr_size);
|
|
BufChain = BufChain->ipr_next;
|
|
} while (BufChain != NULL);
|
|
|
|
// If an odd number of swaps were performed, swap once more
|
|
// to undo the unmatched swap and obtain the final result.
|
|
|
|
return NeedSwap ? RtlUshortByteSwap(PHXsum) : (ushort)(PHXsum);
|
|
}
|
|
|
|
//* UpdateIPSecRcvBuf - update an IPRcvBuf after IPSec receive-processing.
|
|
//
|
|
// Called to perform IPSec-related changes (e.g. setting checksum-verified)
|
|
// for an IPRcvBuf.
|
|
//
|
|
// Input: RcvBuf - Pointer to IPRcvBuf.
|
|
// IPSecFlags - Flags for required changes.
|
|
//
|
|
void
|
|
UpdateIPSecRcvBuf(IPRcvBuf* RcvBuf, ulong IPSecFlags)
|
|
{
|
|
if (IPSecFlags & (IPSEC_FLAG_TCP_CHECKSUM_VALID |
|
|
IPSEC_FLAG_UDP_CHECKSUM_VALID) &&
|
|
RcvBuf->ipr_pClientCnt) {
|
|
|
|
PNDIS_PACKET Packet;
|
|
PNDIS_PACKET_EXTENSION PktExt;
|
|
PNDIS_TCP_IP_CHECKSUM_PACKET_INFO ChksumPktInfo;
|
|
|
|
if (RcvBuf->ipr_pMdl) {
|
|
Packet = NDIS_GET_ORIGINAL_PACKET((PNDIS_PACKET)
|
|
RcvBuf->ipr_RcvContext);
|
|
if (Packet == NULL) {
|
|
Packet = (PNDIS_PACKET)RcvBuf->ipr_RcvContext;
|
|
}
|
|
} else {
|
|
Packet = (PNDIS_PACKET)RcvBuf->ipr_pClientCnt;
|
|
}
|
|
|
|
PktExt = NDIS_PACKET_EXTENSION_FROM_PACKET(Packet);
|
|
ChksumPktInfo =
|
|
(PNDIS_TCP_IP_CHECKSUM_PACKET_INFO)
|
|
&PktExt->NdisPacketInfo[TcpIpChecksumPacketInfo];
|
|
|
|
if (IPSecFlags & IPSEC_FLAG_TCP_CHECKSUM_VALID) {
|
|
ChksumPktInfo->Receive.NdisPacketTcpChecksumSucceeded = TRUE;
|
|
ChksumPktInfo->Receive.NdisPacketTcpChecksumFailed = FALSE;
|
|
}
|
|
if (IPSecFlags & IPSEC_FLAG_UDP_CHECKSUM_VALID) {
|
|
ChksumPktInfo->Receive.NdisPacketUdpChecksumSucceeded = TRUE;
|
|
ChksumPktInfo->Receive.NdisPacketUdpChecksumFailed = FALSE;
|
|
}
|
|
}
|
|
}
|
|
|
|
//* FindRH - Look up a reassembly header on an NTE.
|
|
//
|
|
// A utility function to look up a reassembly header. We assume the lock
|
|
// on the NTE is taken when we are called. If we find a matching RH
|
|
// we'll take the lock on it. We also return the predecessor of the RH,
|
|
// for use in insertion or deletion.
|
|
//
|
|
// Input: PrevRH - Place to return pointer to previous RH
|
|
// NTE - NTE to be searched.
|
|
// Dest - Destination IP address
|
|
// Src - Src IP address
|
|
// ID - ID of RH
|
|
// Protocol - Protocol of RH
|
|
//
|
|
// Returns: Pointer to RH, or NULL if none.
|
|
//
|
|
ReassemblyHeader *
|
|
FindRH(ReassemblyHeader ** PrevRH, NetTableEntry * NTE, IPAddr Dest, IPAddr Src, ushort Id,
|
|
uchar Protocol)
|
|
{
|
|
ReassemblyHeader *TempPrev, *Current;
|
|
|
|
TempPrev = STRUCT_OF(ReassemblyHeader, &NTE->nte_ralist, rh_next);
|
|
Current = NTE->nte_ralist;
|
|
while (Current != (ReassemblyHeader *) NULL) {
|
|
if (Current->rh_dest == Dest && Current->rh_src == Src && Current->rh_id == Id &&
|
|
Current->rh_protocol == Protocol)
|
|
break;
|
|
TempPrev = Current;
|
|
Current = Current->rh_next;
|
|
}
|
|
|
|
*PrevRH = TempPrev;
|
|
return Current;
|
|
|
|
}
|
|
|
|
//* ParseRcvdOptions - Validate incoming options.
|
|
//
|
|
// Called during reception handling to validate incoming options. We make
|
|
// sure that everything is OK as best we can, and find indices for any
|
|
// source route option.
|
|
//
|
|
// Input: OptInfo - Pointer to option info. structure.
|
|
// Index - Pointer to optindex struct to be filled in.
|
|
//
|
|
//
|
|
// Returns: Index of error if any, MAX_OPT_SIZE if no errors.
|
|
//
|
|
uchar
|
|
ParseRcvdOptions(IPOptInfo * OptInfo, OptIndex * Index)
|
|
{
|
|
uint i = 0; // Index variable.
|
|
uchar *Options = OptInfo->ioi_options;
|
|
uint OptLength = (uint) OptInfo->ioi_optlength;
|
|
uchar Length = 0; // Length of option.
|
|
uchar Pointer; // Pointer field, for options that use it.
|
|
|
|
if (OptLength < 3) {
|
|
|
|
// Options should be at least 3 bytes, in the loop below we scan
|
|
// first 3 bytes of the packet for finding code, len and ptr value
|
|
return (uchar) IP_OPT_LENGTH;
|
|
}
|
|
while (i < OptLength && *Options != IP_OPT_EOL) {
|
|
if (*Options == IP_OPT_NOP) {
|
|
i++;
|
|
Options++;
|
|
continue;
|
|
}
|
|
if ((OptLength - i) < 2) {
|
|
return (uchar) i; // Not enough space for the length field.
|
|
} else if (((Length = Options[IP_OPT_LENGTH]) + i) > OptLength) {
|
|
return (uchar) i + (uchar) IP_OPT_LENGTH; // Length exceeds
|
|
//options length.
|
|
|
|
}
|
|
Pointer = Options[IP_OPT_DATA] - 1;
|
|
|
|
if (*Options == IP_OPT_TS) {
|
|
if (Length < (MIN_TS_PTR - 1))
|
|
return (uchar) i + (uchar) IP_OPT_LENGTH;
|
|
|
|
if ((Pointer > Length) || (Pointer + 1 < MIN_TS_PTR) || (Pointer % ROUTER_ALERT_SIZE))
|
|
return (uchar) i + (uchar) IP_OPT_LENGTH;
|
|
|
|
Index->oi_tsindex = (uchar) i;
|
|
} else {
|
|
if (Length < (MIN_RT_PTR - 1))
|
|
return (uchar) i + (uchar) IP_OPT_LENGTH;
|
|
|
|
if (*Options == IP_OPT_LSRR || *Options == IP_OPT_SSRR) {
|
|
|
|
OptInfo->ioi_flags |= IP_FLAG_SSRR;
|
|
|
|
if ((Pointer > Length) || (Pointer + 1 < MIN_RT_PTR) || ((Pointer + 1) % ROUTER_ALERT_SIZE))
|
|
return (uchar) i + (uchar) IP_OPT_LENGTH;
|
|
|
|
// A source route option
|
|
if (Pointer < Length) { // Route not complete
|
|
|
|
if ((Length - Pointer) < sizeof(IPAddr))
|
|
return (uchar) i + (uchar) IP_OPT_LENGTH;
|
|
|
|
Index->oi_srtype = *Options;
|
|
Index->oi_srindex = (uchar) i;
|
|
}
|
|
} else {
|
|
if (*Options == IP_OPT_RR) {
|
|
if ((Pointer > Length) || (Pointer + 1 < MIN_RT_PTR) || ((Pointer + 1) % ROUTER_ALERT_SIZE))
|
|
return (uchar) i + (uchar) IP_OPT_LENGTH;
|
|
|
|
Index->oi_rrindex = (uchar) i;
|
|
} else if (*Options == IP_OPT_ROUTER_ALERT) {
|
|
Index->oi_rtrindex = (uchar) i;
|
|
}
|
|
}
|
|
}
|
|
|
|
i += Length;
|
|
Options += Length;
|
|
}
|
|
|
|
return MAX_OPT_SIZE;
|
|
}
|
|
|
|
//* IsRtrAlertPacket - Finds whether an IP packet contains rtr alert option.
|
|
// Input: Header - Pointer to incoming header.
|
|
// Returns: TRUE if packet contains rtr alert option
|
|
//
|
|
BOOLEAN
|
|
IsRtrAlertPacket(IPHeader UNALIGNED * Header)
|
|
{
|
|
uint HeaderLength;
|
|
IPOptInfo OptInfo;
|
|
OptIndex Index;
|
|
|
|
HeaderLength = (Header->iph_verlen & (uchar) ~ IP_VER_FLAG) << 2;
|
|
|
|
if (HeaderLength <= sizeof(IPHeader)) {
|
|
return FALSE;
|
|
}
|
|
OptInfo.ioi_options = (uchar *) (Header + 1);
|
|
OptInfo.ioi_optlength = (uchar) (HeaderLength - sizeof(IPHeader));
|
|
|
|
Index.oi_rtrindex = MAX_OPT_SIZE;
|
|
ParseRcvdOptions(&OptInfo, &Index);
|
|
|
|
if (Index.oi_rtrindex == MAX_OPT_SIZE) {
|
|
return FALSE;
|
|
}
|
|
return TRUE;
|
|
}
|
|
|
|
BOOLEAN
|
|
IsBCastAllowed(IPAddr DestAddr, IPAddr SrcAddr, uchar Protocol,
|
|
NetTableEntry *NTE)
|
|
{
|
|
uchar DestType;
|
|
|
|
DestType = IsBCastOnNTE(DestAddr, NTE);
|
|
|
|
// Note that IGMP Queries must be immune to the source
|
|
// filter or else we cannot over
|
|
if (DestType == DEST_MCAST) {
|
|
uint PromiscuousMode = 0;
|
|
|
|
if (NTE->nte_flags & NTE_VALID) {
|
|
PromiscuousMode = NTE->nte_if->if_promiscuousmode;
|
|
}
|
|
if (!PromiscuousMode) {
|
|
DestType = IsMCastSourceAllowed(DestAddr, SrcAddr, Protocol, NTE);
|
|
}
|
|
}
|
|
|
|
return IS_BCAST_DEST(DestType);
|
|
}
|
|
|
|
//* BCastRcv - Receive a broadcast or multicast packet.
|
|
//
|
|
// Called when we have to receive a broadcast packet. We loop through the
|
|
// NTE table, calling the upper layer receive protocol for each net which
|
|
// matches the receive I/F and for which the destination address is a
|
|
// broadcast.
|
|
//
|
|
// Input: RcvProc - The receive procedure to be called.
|
|
// SrcNTE - NTE on which the packet was originally received.
|
|
// DestAddr - Destination address.
|
|
// SrcAddr - Source address of packet.
|
|
// Data - Pointer to received data.
|
|
// DataLength - Size in bytes of data
|
|
// Protocol - Upper layer protocol being called.
|
|
// OptInfo - Pointer to received IP option info.
|
|
//
|
|
// Returns: Nothing.
|
|
//
|
|
void
|
|
BCastRcv(ULRcvProc RcvProc, NetTableEntry * SrcNTE, IPAddr DestAddr,
|
|
IPAddr SrcAddr, IPHeader UNALIGNED * Header, uint HeaderLength,
|
|
IPRcvBuf * Data, uint DataLength, uchar Protocol, IPOptInfo * OptInfo)
|
|
{
|
|
NetTableEntry *CurrentNTE;
|
|
const Interface *SrcIF = SrcNTE->nte_if;
|
|
ulong Delivered = 0;
|
|
uint i;
|
|
|
|
for (i = 0; i < NET_TABLE_SIZE; i++) {
|
|
NetTableEntry *NetTableList = NewNetTableList[i];
|
|
for (CurrentNTE = NetTableList;
|
|
CurrentNTE != NULL;
|
|
CurrentNTE = CurrentNTE->nte_next) {
|
|
if ((CurrentNTE->nte_flags & NTE_ACTIVE) &&
|
|
(CurrentNTE->nte_if == SrcIF) &&
|
|
(IsBCastAllowed(DestAddr, SrcAddr, Protocol, CurrentNTE)
|
|
|| (SrcNTE == LoopNTE))) {
|
|
uchar *saveddata = Data->ipr_buffer;
|
|
uint savedlen = Data->ipr_size;
|
|
|
|
Delivered = 1;
|
|
|
|
(*RcvProc) (CurrentNTE, DestAddr, SrcAddr, CurrentNTE->nte_addr,
|
|
SrcNTE->nte_addr, Header, HeaderLength, Data, DataLength,
|
|
IS_BROADCAST, Protocol, OptInfo);
|
|
|
|
// restore the buffers;
|
|
Data->ipr_buffer = saveddata;
|
|
Data->ipr_size = savedlen;
|
|
}
|
|
}
|
|
}
|
|
|
|
if (Delivered) {
|
|
IPSIncrementInDeliverCount();
|
|
}
|
|
}
|
|
|
|
//
|
|
// Macro to send ICMP dest unreachable taking offset
|
|
// in to account in the case of IPSEC, and correctly pointing
|
|
// to payload part when ipheader is chained to data as in
|
|
// the case of loopback sends.
|
|
//
|
|
|
|
#define SEND_ICMP_MSG(TYPE)\
|
|
{ \
|
|
uchar *buf; \
|
|
uchar Len = (uchar) (MIN(PayloadLen, \
|
|
MAX_ICMP_PAYLOAD_SIZE)); \
|
|
buf = CTEAllocMem(Len + HeaderLength); \
|
|
if (buf) { \
|
|
CTEMemCopy(buf, Header, HeaderLength); \
|
|
CTEMemCopy( buf+(uchar)HeaderLength, \
|
|
Payload+(uchar)RcvOffset,Len); \
|
|
SendICMPErr(DestNTE->nte_addr,(IPHeader *)buf, \
|
|
(uchar) ICMP_DEST_UNREACH, \
|
|
(uchar) TYPE, 0, (uchar) (Len+HeaderLength)); \
|
|
CTEFreeMem(buf); \
|
|
} \
|
|
}
|
|
|
|
|
|
|
|
//* DeliverToUser - Deliver data to a user protocol.
|
|
//
|
|
// This procedure is called when we have determined that an incoming
|
|
// packet belongs here, and any options have been processed. We accept
|
|
// it for upper layer processing, which means looking up the receive
|
|
// procedure and calling it, or passing it to BCastRcv if neccessary.
|
|
//
|
|
// Input: SrcNTE - Pointer to NTE on which packet arrived.
|
|
// DestNTE - Pointer to NTE that is accepting packet.
|
|
// Header - Pointer to IP header of packet.
|
|
// HeaderLength - Length of Header in bytes.
|
|
// Data - Pointer to IPRcvBuf chain.
|
|
// DataLength - Length in bytes of upper layer data.
|
|
// OptInfo - Pointer to Option information for this receive.
|
|
// DestType - Type of destination - LOCAL, BCAST.
|
|
//
|
|
// Returns: Nothing.
|
|
void
|
|
DeliverToUser(NetTableEntry * SrcNTE, NetTableEntry * DestNTE,
|
|
IPHeader UNALIGNED * Header, uint HeaderLength, IPRcvBuf * Data,
|
|
uint DataLength, IPOptInfo * OptInfo, PNDIS_PACKET Packet, uchar DestType)
|
|
{
|
|
ULRcvProc rcv;
|
|
uint PromiscuousMode;
|
|
uint FirewallMode;
|
|
uint RcvOffset = 0;
|
|
uchar *Payload = Data->ipr_buffer;
|
|
uint PayloadLen = Data->ipr_size;
|
|
uchar Flags = 0;
|
|
|
|
PromiscuousMode = SrcNTE->nte_if->if_promiscuousmode;
|
|
FirewallMode = ProcessFirewallQ();
|
|
|
|
//
|
|
// Call into IPSEC so he can decrypt the data. Call only for remote packets.
|
|
//
|
|
if (IPSecHandlerPtr) {
|
|
//
|
|
// See if IPSEC is enabled, see if it needs to do anything with this
|
|
// packet.
|
|
//
|
|
FORWARD_ACTION Action;
|
|
ULONG ipsecByteCount = 0;
|
|
ULONG ipsecMTU = 0;
|
|
ULONG ipsecFlags = IPSEC_FLAG_INCOMING;
|
|
PNDIS_BUFFER newBuf = NULL;
|
|
uint Offset = Data->ipr_RcvOffset;
|
|
|
|
if (!(RefPtrValid(&FilterRefPtr) || (FirewallMode) ||
|
|
(PromiscuousMode))) {
|
|
// else ipsec is already called in DeliverToUserEx
|
|
if (SrcNTE == LoopNTE) {
|
|
ipsecFlags |= IPSEC_FLAG_LOOPBACK;
|
|
}
|
|
if (OptInfo->ioi_flags & IP_FLAG_SSRR) {
|
|
ipsecFlags |= IPSEC_FLAG_SSRR;
|
|
}
|
|
|
|
Action = (*IPSecHandlerPtr) (
|
|
(PUCHAR) Header,
|
|
(PVOID) Data,
|
|
SrcNTE->nte_if, // SrcIF
|
|
Packet,
|
|
&ipsecByteCount,
|
|
&ipsecMTU,
|
|
(PVOID *) & newBuf,
|
|
&ipsecFlags,
|
|
DestType);
|
|
|
|
if (Action != eFORWARD) {
|
|
IPSInfo.ipsi_indiscards++;
|
|
return;
|
|
} else {
|
|
//
|
|
// Update the data length if IPSEC changed it
|
|
// (like by removing the AH)
|
|
//
|
|
DataLength -= ipsecByteCount;
|
|
RcvOffset = Data->ipr_RcvOffset - Offset;
|
|
UpdateIPSecRcvBuf(Data, ipsecFlags);
|
|
}
|
|
}
|
|
}
|
|
|
|
//
|
|
// Clear flags, except the loopback one.
|
|
//
|
|
Data->ipr_flags &= IPR_FLAG_LOOPBACK_PACKET;
|
|
|
|
// This tracks whether the interface is bound or not to a particular
|
|
// processor. The only transport protocol that cares about this is TCP.
|
|
if (Header->iph_protocol == PROTOCOL_TCP) {
|
|
|
|
// If the media type is Ethernet and the packet was indicated by means
|
|
// of Receive-handler and this is the first packet on this interface or
|
|
// the current processor is same as the one the previous packet was
|
|
// indicated on, we hope that this interface is bound.
|
|
if (SrcNTE->nte_if->if_mediatype == IF_TYPE_IS088023_CSMACD) {
|
|
if (Data->ipr_pMdl &&
|
|
((SrcNTE->nte_if->if_lastproc == (int)KeGetCurrentProcessorNumber()) ||
|
|
(SrcNTE->nte_if->if_lastproc == (int)KeNumberProcessors))) {
|
|
Flags |= IS_BOUND;
|
|
}
|
|
SrcNTE->nte_if->if_lastproc = KeGetCurrentProcessorNumber();
|
|
} else if (SrcNTE->nte_if == &LoopInterface) {
|
|
Flags |= IS_BOUND;
|
|
}
|
|
}
|
|
|
|
// Process this request right now. Look up the protocol. If we
|
|
// find it, copy the data if we need to, and call the protocol's
|
|
// receive handler. If we don't find it, send an ICMP
|
|
// 'protocol unreachable' message.
|
|
rcv = FindUserRcv(Header->iph_protocol);
|
|
|
|
if (!PromiscuousMode) {
|
|
|
|
if (rcv != NULL) {
|
|
IP_STATUS Status;
|
|
|
|
if (DestType == DEST_LOCAL) {
|
|
Status = (*rcv) (SrcNTE, Header->iph_dest, Header->iph_src,
|
|
DestNTE->nte_addr, SrcNTE->nte_addr, Header,
|
|
HeaderLength, Data, DataLength, Flags,
|
|
Header->iph_protocol, OptInfo);
|
|
|
|
if (Status == IP_SUCCESS) {
|
|
IPSIncrementInDeliverCount();
|
|
return;
|
|
}
|
|
if (Status == IP_DEST_PROT_UNREACHABLE) {
|
|
IPSInfo.ipsi_inunknownprotos++;
|
|
SEND_ICMP_MSG(PROT_UNREACH);
|
|
} else {
|
|
IPSIncrementInDeliverCount();
|
|
SEND_ICMP_MSG(PORT_UNREACH);
|
|
|
|
}
|
|
|
|
return; // Just return out of here now.
|
|
|
|
} else if (DestType < DEST_REMOTE) { // BCAST, SN_BCAST, MCAST
|
|
|
|
BCastRcv(rcv, SrcNTE, Header->iph_dest, Header->iph_src,
|
|
Header, HeaderLength, Data, DataLength,
|
|
Header->iph_protocol, OptInfo);
|
|
} else {
|
|
// DestType >= DEST_REMOTE
|
|
|
|
// Force Rcv protocol to be Raw
|
|
rcv = NULL;
|
|
if (RawPI != NULL) {
|
|
rcv = RawPI->pi_rcv;
|
|
}
|
|
if ((rcv != NULL) && (DestType != DEST_INVALID)) {
|
|
Data->ipr_flags |= IPR_FLAG_PROMISCUOUS;
|
|
Status = (*rcv) (SrcNTE,Header->iph_dest,Header->iph_src,
|
|
DestNTE->nte_addr, SrcNTE->nte_addr, Header,
|
|
HeaderLength, Data, DataLength, FALSE,
|
|
Header->iph_protocol, OptInfo);
|
|
}
|
|
return; // Just return out of here now.
|
|
|
|
}
|
|
} else {
|
|
IPSInfo.ipsi_inunknownprotos++;
|
|
// If we get here, we didn't find a matching protocol. Send an
|
|
// ICMP message.
|
|
SEND_ICMP_MSG(PROT_UNREACH);
|
|
|
|
}
|
|
} else { // PromiscuousMode = 1
|
|
|
|
IP_STATUS Status;
|
|
|
|
if (DestType == DEST_LOCAL) {
|
|
if (rcv != NULL) {
|
|
uchar *saveddata = Data->ipr_buffer;
|
|
uint savedlen = Data->ipr_size;
|
|
|
|
Data->ipr_flags |= IPR_FLAG_PROMISCUOUS;
|
|
|
|
Status = (*rcv) (SrcNTE, Header->iph_dest, Header->iph_src,
|
|
DestNTE->nte_addr, SrcNTE->nte_addr, Header,
|
|
HeaderLength, Data, DataLength, Flags,
|
|
Header->iph_protocol, OptInfo);
|
|
|
|
if (Status == IP_SUCCESS) {
|
|
IPSIncrementInDeliverCount();
|
|
|
|
// If succeed and promiscuous mode set
|
|
// also do a raw rcv if previous wasn't a RawRcv
|
|
|
|
if ((RawPI != NULL) && (RawPI->pi_rcv != NULL) && (RawPI->pi_rcv != rcv)) {
|
|
// we hv registered for RAW protocol
|
|
rcv = RawPI->pi_rcv;
|
|
|
|
// restore the buffers;
|
|
Data->ipr_buffer = saveddata;
|
|
Data->ipr_size = savedlen;
|
|
Status = (*rcv) (SrcNTE, Header->iph_dest, Header->iph_src,
|
|
DestNTE->nte_addr, SrcNTE->nte_addr, Header,
|
|
HeaderLength, Data, DataLength, FALSE,
|
|
Header->iph_protocol, OptInfo);
|
|
|
|
}
|
|
return;
|
|
}
|
|
if (Status == IP_DEST_PROT_UNREACHABLE) {
|
|
IPSInfo.ipsi_inunknownprotos++;
|
|
SEND_ICMP_MSG(PROT_UNREACH);
|
|
|
|
} else {
|
|
IPSIncrementInDeliverCount();
|
|
SEND_ICMP_MSG(PORT_UNREACH);
|
|
|
|
}
|
|
} else {
|
|
IPSInfo.ipsi_inunknownprotos++;
|
|
|
|
// If we get here, we didn't find a matching protocol. Send
|
|
// an ICMP message.
|
|
SEND_ICMP_MSG(PROT_UNREACH);
|
|
|
|
}
|
|
return; // Just return out of here now.
|
|
|
|
} else if (DestType < DEST_REMOTE) { // BCAST, SN_BCAST, MCAST
|
|
|
|
uchar *saveddata = Data->ipr_buffer;
|
|
uint savedlen = Data->ipr_size;
|
|
|
|
if (rcv != NULL) {
|
|
|
|
Data->ipr_flags |= IPR_FLAG_PROMISCUOUS;
|
|
|
|
BCastRcv(rcv, SrcNTE, Header->iph_dest, Header->iph_src,
|
|
Header, HeaderLength, Data, DataLength,
|
|
Header->iph_protocol, OptInfo);
|
|
|
|
// If succeed and promiscuous mode set
|
|
// also do a raw rcv if previous is not RawRcv
|
|
|
|
if ((RawPI != NULL) && (RawPI->pi_rcv != NULL) && (RawPI->pi_rcv != rcv)) {
|
|
// we hv registered for RAW protocol
|
|
rcv = RawPI->pi_rcv;
|
|
|
|
Data->ipr_buffer = saveddata;
|
|
Data->ipr_size = savedlen;
|
|
Status = (*rcv) (SrcNTE, Header->iph_dest, Header->iph_src,
|
|
DestNTE->nte_addr, SrcNTE->nte_addr, Header,
|
|
HeaderLength, Data, DataLength, FALSE,
|
|
Header->iph_protocol, OptInfo);
|
|
|
|
}
|
|
} else {
|
|
IPSInfo.ipsi_inunknownprotos++;
|
|
// If we get here, we didn't find a matching protocol. Send an ICMP message.
|
|
|
|
SEND_ICMP_MSG(PROT_UNREACH);
|
|
|
|
}
|
|
} else { // DestType >= DEST_REMOTE and promiscuous mode set
|
|
// Force Rcv protocol to be Raw
|
|
|
|
rcv = NULL;
|
|
if (RawPI != NULL) {
|
|
rcv = RawPI->pi_rcv;
|
|
}
|
|
if ((rcv != NULL) && (DestType != DEST_INVALID)) {
|
|
Data->ipr_flags |= IPR_FLAG_PROMISCUOUS;
|
|
Status = (*rcv) (SrcNTE, Header->iph_dest, Header->iph_src,
|
|
DestNTE->nte_addr, SrcNTE->nte_addr, Header,
|
|
HeaderLength, Data, DataLength, FALSE,
|
|
Header->iph_protocol, OptInfo);
|
|
|
|
return; // Just return out of here now.
|
|
|
|
} else {
|
|
if (rcv == NULL) {
|
|
KdPrint(("Rcv is NULL \n"));
|
|
} else {
|
|
KdPrint(("Dest invalid \n"));
|
|
}
|
|
}
|
|
} // DestType >= DEST_REMOTE
|
|
} // Promiscuous Mode
|
|
}
|
|
|
|
uchar *
|
|
ConvertIPRcvBufToFlatBuffer(IPRcvBuf * pRcvBuf, uint DataLength)
|
|
{
|
|
uchar *pBuff;
|
|
IPRcvBuf *tmpRcvBuf;
|
|
uint FrwlOffset;
|
|
|
|
// convert RcvBuf chain to a flat buffer
|
|
tmpRcvBuf = pRcvBuf;
|
|
FrwlOffset = 0;
|
|
|
|
pBuff = CTEAllocMemN(DataLength, 'aiCT');
|
|
|
|
if (pBuff) {
|
|
while (tmpRcvBuf != NULL) {
|
|
ASSERT(tmpRcvBuf->ipr_buffer != NULL);
|
|
RtlCopyMemory(pBuff + FrwlOffset, tmpRcvBuf->ipr_buffer, tmpRcvBuf->ipr_size);
|
|
FrwlOffset += tmpRcvBuf->ipr_size;
|
|
tmpRcvBuf = tmpRcvBuf->ipr_next;
|
|
}
|
|
}
|
|
return pBuff;
|
|
}
|
|
|
|
|
|
//* DeliverToUserEx - Called when (IPSEC & Filter)/Firewall/Promiscuous set
|
|
//
|
|
// Input: SrcNTE - Pointer to NTE on which packet arrived.
|
|
// DestNTE - Pointer to NTE that is accepting packet.
|
|
// Header - Pointer to IP header of packet.
|
|
// HeaderLength - Length of Header in bytes.
|
|
// Data - Pointer to IPRcvBuf chain.
|
|
// DataLength - Length in bytes of upper layer data +
|
|
// HeaderLength.
|
|
// OptInfo - Pointer to Option information for this receive.
|
|
// DestType - Type of destination - LOCAL, BCAST.
|
|
//
|
|
// It is assumed that if firewall is present Data contains IPHeader also.
|
|
// Also, DataLength includes HeaderLength in this case
|
|
//
|
|
// Returns: Nothing.
|
|
void
|
|
DeliverToUserEx(NetTableEntry * SrcNTE, NetTableEntry * DestNTE,
|
|
IPHeader UNALIGNED * Header, uint HeaderLength, IPRcvBuf * Data,
|
|
uint DataLength, IPOptInfo * OptInfo, PNDIS_PACKET Packet, uchar DestType, LinkEntry * LinkCtxt)
|
|
{
|
|
|
|
uint PromiscuousMode;
|
|
uint FirewallMode;
|
|
uint FirewallRef;
|
|
Queue* FirewallQ;
|
|
uint FastPath;
|
|
IPRcvBuf *tmpRcvBuf;
|
|
uchar *pBuff;
|
|
BOOLEAN OneChunk;
|
|
|
|
|
|
PromiscuousMode = SrcNTE->nte_if->if_promiscuousmode;
|
|
FirewallMode = ProcessFirewallQ();
|
|
|
|
if (DestType == DEST_PROMIS) {
|
|
// We don't call any hook for this packet
|
|
// if firewall is there take the header off
|
|
// and then delivertouser
|
|
|
|
if (FirewallMode) {
|
|
if (Data->ipr_size > HeaderLength) { //1st buff contains data also
|
|
|
|
uchar *saveddata = Data->ipr_buffer;
|
|
Data->ipr_buffer += HeaderLength;
|
|
Data->ipr_size -= HeaderLength;
|
|
DataLength -= HeaderLength;
|
|
DeliverToUser(SrcNTE, DestNTE, Header, HeaderLength, Data, DataLength, OptInfo, NULL, DestType);
|
|
// restore the buffers;
|
|
Data->ipr_buffer = saveddata;
|
|
Data->ipr_size += HeaderLength;
|
|
IPFreeBuff(Data);
|
|
} else { // First buffer just contains Header
|
|
|
|
uchar *saveddata;
|
|
|
|
if (Data->ipr_next == NULL) {
|
|
// we received the data s.t. datasize == headersize
|
|
IPSInfo.ipsi_indiscards++;
|
|
IPFreeBuff(Data);
|
|
return;
|
|
}
|
|
saveddata = Data->ipr_next->ipr_buffer;
|
|
|
|
DataLength -= HeaderLength;
|
|
DeliverToUser(SrcNTE, DestNTE, Header, HeaderLength, Data->ipr_next, DataLength, OptInfo, NULL, DestType);
|
|
|
|
// restore the buffers;
|
|
Data->ipr_next->ipr_buffer = saveddata;
|
|
IPFreeBuff(Data);
|
|
}
|
|
} else { // FirewallMode is 0
|
|
|
|
DeliverToUser(SrcNTE, DestNTE, Header, HeaderLength,
|
|
Data, DataLength, OptInfo, NULL, DestType);
|
|
}
|
|
return;
|
|
}
|
|
if (DestType >= DEST_REMOTE) {
|
|
|
|
// Packet would have gone to the forward path, normally
|
|
// Call the filter/firewall hook if its there
|
|
|
|
if (FirewallMode) {
|
|
|
|
FORWARD_ACTION Action = FORWARD;
|
|
FIREWALL_CONTEXT_T FrCtx;
|
|
IPAddr DAddr = Header->iph_dest;
|
|
IPRcvBuf *pRcvBuf = Data;
|
|
IPRcvBuf *pOutRcvBuf = NULL;
|
|
NetTableEntry *DstNTE;
|
|
Queue *CurrQ;
|
|
FIREWALL_HOOK *CurrHook;
|
|
uint DestIFIndex = INVALID_IF_INDEX;
|
|
uchar DestinationType = DestType;
|
|
uint BufferChanged = 0;
|
|
|
|
FrCtx.Direction = IP_RECEIVE;
|
|
FrCtx.NTE = SrcNTE; //NTE the dg arrived on
|
|
|
|
FrCtx.LinkCtxt = LinkCtxt;
|
|
|
|
if (pRcvBuf->ipr_size > HeaderLength) { //1st buffer contains data also
|
|
|
|
FastPath = 1;
|
|
} else {
|
|
FastPath = 0;
|
|
if (pRcvBuf->ipr_next == NULL) {
|
|
// we received the data s.t. datasize == headersize
|
|
IPSInfo.ipsi_indiscards++;
|
|
IPFreeBuff(pRcvBuf);
|
|
return;
|
|
}
|
|
}
|
|
|
|
// Call the filter hook if installed
|
|
if (RefPtrValid(&FilterRefPtr)) {
|
|
IPPacketFilterPtr FilterPtr;
|
|
FORWARD_ACTION Action = FORWARD;
|
|
|
|
if (FastPath) {
|
|
// first buffer contains data also
|
|
Interface *IF = SrcNTE->nte_if;
|
|
IPAddr LinkNextHop;
|
|
if ((IF->if_flags & IF_FLAGS_P2MP) && LinkCtxt) {
|
|
LinkNextHop = LinkCtxt->link_NextHop;
|
|
} else {
|
|
LinkNextHop = NULL_IP_ADDR;
|
|
}
|
|
FilterPtr = AcquireRefPtr(&FilterRefPtr);
|
|
Action = (*FilterPtr) ( Header,
|
|
pRcvBuf->ipr_buffer + HeaderLength,
|
|
pRcvBuf->ipr_size - HeaderLength,
|
|
IF->if_index,
|
|
INVALID_IF_INDEX,
|
|
LinkNextHop,
|
|
NULL_IP_ADDR);
|
|
ReleaseRefPtr(&FilterRefPtr);
|
|
} else { // Fast Path = 0
|
|
// first buffer contains IPHeader only
|
|
|
|
Interface *IF = SrcNTE->nte_if;
|
|
IPAddr LinkNextHop;
|
|
if ((IF->if_flags & IF_FLAGS_P2MP) && LinkCtxt) {
|
|
LinkNextHop = LinkCtxt->link_NextHop;
|
|
} else {
|
|
LinkNextHop = NULL_IP_ADDR;
|
|
}
|
|
|
|
FilterPtr = AcquireRefPtr(&FilterRefPtr);
|
|
|
|
Action = (*FilterPtr) (Header,
|
|
pRcvBuf->ipr_next->ipr_buffer,
|
|
pRcvBuf->ipr_next->ipr_size,
|
|
IF->if_index,
|
|
INVALID_IF_INDEX,
|
|
LinkNextHop,
|
|
NULL_IP_ADDR);
|
|
ReleaseRefPtr(&FilterRefPtr);
|
|
}
|
|
|
|
if (Action != FORWARD) {
|
|
IPSInfo.ipsi_indiscards++;
|
|
IPFreeBuff(pRcvBuf);
|
|
return;
|
|
}
|
|
}
|
|
// call the firewallhook from front;
|
|
// in xmit path we call it from rear
|
|
|
|
#if MILLEN
|
|
KeRaiseIrql(DISPATCH_LEVEL, &OldIrql);
|
|
#else // MILLEN
|
|
ASSERT(KeGetCurrentIrql() >= DISPATCH_LEVEL);
|
|
#endif // MILLEN
|
|
FirewallRef = RefFirewallQ(&FirewallQ);
|
|
CurrQ = QHEAD(FirewallQ);
|
|
|
|
while (CurrQ != QEND(FirewallQ)) {
|
|
CurrHook = QSTRUCT(FIREWALL_HOOK, CurrQ, hook_q);
|
|
pOutRcvBuf = NULL;
|
|
|
|
// pOutRcvBuf is assumed to be NULL before firewall hook is
|
|
//called
|
|
Action = (*CurrHook->hook_Ptr) (&pRcvBuf,
|
|
SrcNTE->nte_if->if_index,
|
|
&DestIFIndex,
|
|
&DestinationType,
|
|
&FrCtx,
|
|
sizeof(FrCtx),
|
|
&pOutRcvBuf);
|
|
|
|
if (Action == DROP) {
|
|
DerefFirewallQ(FirewallRef);
|
|
#if MILLEN
|
|
KeLowerIrql(OldIrql);
|
|
#endif // MILLEN
|
|
IPSInfo.ipsi_indiscards++;
|
|
|
|
if (pRcvBuf != NULL) {
|
|
IPFreeBuff(pRcvBuf);
|
|
}
|
|
if (pOutRcvBuf != NULL) {
|
|
IPFreeBuff(pOutRcvBuf);
|
|
}
|
|
IPSInfo.ipsi_indiscards++;
|
|
return;
|
|
} else {
|
|
ASSERT(Action == FORWARD);
|
|
if (pOutRcvBuf != NULL) {
|
|
// free the old buffer
|
|
if (pRcvBuf != NULL) {
|
|
IPFreeBuff(pRcvBuf);
|
|
}
|
|
pRcvBuf = pOutRcvBuf;
|
|
BufferChanged = 1;
|
|
}
|
|
}
|
|
CurrQ = QNEXT(CurrQ);
|
|
}
|
|
DerefFirewallQ(FirewallRef);
|
|
#if MILLEN
|
|
KeLowerIrql(OldIrql);
|
|
#endif // MILLEN
|
|
|
|
ASSERT(Action == FORWARD);
|
|
|
|
if (BufferChanged) {
|
|
// if packet touched compute the new length: DataSize
|
|
DataLength = 0;
|
|
tmpRcvBuf = pRcvBuf;
|
|
while (tmpRcvBuf != NULL) {
|
|
ASSERT(tmpRcvBuf->ipr_buffer != NULL);
|
|
DataLength += tmpRcvBuf->ipr_size;
|
|
tmpRcvBuf = tmpRcvBuf->ipr_next;
|
|
}
|
|
|
|
// also make Header point to new buffer
|
|
Header = (IPHeader *) pRcvBuf->ipr_buffer;
|
|
HeaderLength = (Header->iph_verlen & 0xf) << 2;
|
|
}
|
|
DataLength -= HeaderLength; // decrement the header length
|
|
|
|
if (DestinationType == DEST_INVALID) { // Dest Addr changed by hook
|
|
|
|
DAddr = Header->iph_dest;
|
|
DstNTE = SrcNTE;
|
|
DestType = GetLocalNTE(DAddr, &DstNTE);
|
|
DestNTE = DstNTE;
|
|
}
|
|
if (DestType < DEST_REMOTE) {
|
|
// Check to see options
|
|
if (HeaderLength != sizeof(IPHeader)) {
|
|
// We have options
|
|
uchar NewDType;
|
|
NewDType = CheckLocalOptions(
|
|
SrcNTE,
|
|
(IPHeader UNALIGNED *) Header,
|
|
OptInfo,
|
|
DestType,
|
|
NULL,
|
|
0,
|
|
FALSE);
|
|
|
|
if (NewDType != DEST_LOCAL) {
|
|
if (NewDType == DEST_REMOTE) {
|
|
if (PromiscuousMode) {
|
|
if (FastPath) {
|
|
uchar *saveddata = pRcvBuf->ipr_buffer;
|
|
pRcvBuf->ipr_buffer += HeaderLength;
|
|
pRcvBuf->ipr_size -= HeaderLength;
|
|
DeliverToUser(
|
|
SrcNTE,
|
|
DestNTE,
|
|
(IPHeader UNALIGNED *) Header,
|
|
HeaderLength,
|
|
pRcvBuf,
|
|
DataLength,
|
|
OptInfo,
|
|
NULL,
|
|
DestType);
|
|
|
|
// restore the buffer
|
|
pRcvBuf->ipr_buffer = saveddata;
|
|
pRcvBuf->ipr_size += HeaderLength;
|
|
} else {
|
|
uchar *saveddata = pRcvBuf->ipr_next->ipr_buffer;
|
|
|
|
DeliverToUser(
|
|
SrcNTE,
|
|
DestNTE,
|
|
(IPHeader UNALIGNED *)Header,
|
|
HeaderLength,
|
|
pRcvBuf->ipr_next,
|
|
DataLength,
|
|
OptInfo,
|
|
NULL,
|
|
DestType);
|
|
|
|
// restore the buffers;
|
|
pRcvBuf->ipr_next->ipr_buffer = saveddata;
|
|
}
|
|
}
|
|
goto forward_remote;
|
|
} else {
|
|
IPSInfo.ipsi_inhdrerrors++;
|
|
IPFreeBuff(pRcvBuf);
|
|
//CTEFreeMem(pBuff);
|
|
return; // Bad Options
|
|
|
|
}
|
|
} // NewDtype != LOCAL
|
|
|
|
} // Options present
|
|
|
|
} // DestType < DEST_REMOTE
|
|
|
|
else { // DestType >=DEST_REMOTE
|
|
|
|
if (PromiscuousMode) {
|
|
if (FastPath) {
|
|
uchar *savedata = pRcvBuf->ipr_buffer;
|
|
pRcvBuf->ipr_buffer += HeaderLength;
|
|
pRcvBuf->ipr_size -= HeaderLength;
|
|
DeliverToUser(SrcNTE,
|
|
DestNTE, (IPHeader UNALIGNED *) Header,
|
|
HeaderLength,pRcvBuf, DataLength,
|
|
OptInfo, NULL, DestType);
|
|
// restore the buffer
|
|
pRcvBuf->ipr_buffer = savedata;
|
|
pRcvBuf->ipr_size += HeaderLength;
|
|
} else {
|
|
uchar *saveddata = pRcvBuf->ipr_next->ipr_buffer;
|
|
|
|
DeliverToUser(SrcNTE, DestNTE,
|
|
(IPHeader UNALIGNED *)Header,HeaderLength,
|
|
pRcvBuf->ipr_next, DataLength, OptInfo,
|
|
NULL, DestType);
|
|
|
|
// restore the buffers;
|
|
pRcvBuf->ipr_next->ipr_buffer = saveddata;
|
|
}
|
|
}
|
|
goto forward_remote;
|
|
}
|
|
|
|
// DestType <= DEST_REMOTE
|
|
if (FastPath) {
|
|
uchar *saveddata = pRcvBuf->ipr_buffer;
|
|
pRcvBuf->ipr_buffer += HeaderLength;
|
|
pRcvBuf->ipr_size -= HeaderLength;
|
|
DeliverToUser(SrcNTE, DestNTE, (IPHeader UNALIGNED *) Header,
|
|
HeaderLength,pRcvBuf, DataLength, OptInfo, NULL,
|
|
DestType);
|
|
|
|
// restore the buffer
|
|
pRcvBuf->ipr_buffer = saveddata;
|
|
pRcvBuf->ipr_size += HeaderLength;
|
|
} else {
|
|
uchar *saveddata = pRcvBuf->ipr_next->ipr_buffer;
|
|
|
|
DeliverToUser(SrcNTE, DestNTE, (IPHeader UNALIGNED *) Header,
|
|
HeaderLength, pRcvBuf->ipr_next, DataLength,
|
|
OptInfo, NULL, DestType);
|
|
|
|
// restore the buffers;
|
|
pRcvBuf->ipr_next->ipr_buffer = saveddata;
|
|
}
|
|
|
|
if (IS_BCAST_DEST(DestType)) {
|
|
OneChunk = FALSE;
|
|
|
|
if (pRcvBuf->ipr_next == NULL) {
|
|
|
|
OneChunk = TRUE;
|
|
pBuff = pRcvBuf->ipr_buffer;
|
|
} else {
|
|
pBuff = ConvertIPRcvBufToFlatBuffer(pRcvBuf,
|
|
DataLength + HeaderLength);
|
|
if (!pBuff) {
|
|
IPSInfo.ipsi_indiscards++;
|
|
IPFreeBuff(pRcvBuf);
|
|
return;
|
|
}
|
|
}
|
|
|
|
if (!(pRcvBuf->ipr_flags & IPR_FLAG_LOOPBACK_PACKET)) {
|
|
|
|
IPForwardPkt(SrcNTE, (IPHeader UNALIGNED *) pBuff,
|
|
HeaderLength, pBuff + HeaderLength, DataLength,
|
|
NULL, 0, DestType, 0, NULL, NULL, LinkCtxt);
|
|
}
|
|
|
|
if (!OneChunk) {
|
|
CTEFreeMem(pBuff); // free the flat buffer
|
|
}
|
|
|
|
|
|
}
|
|
IPFreeBuff(pRcvBuf);
|
|
return;
|
|
|
|
forward_remote:
|
|
OneChunk = FALSE;
|
|
|
|
if (pRcvBuf->ipr_next == NULL) {
|
|
OneChunk = TRUE;
|
|
pBuff = pRcvBuf->ipr_buffer;
|
|
} else {
|
|
pBuff = ConvertIPRcvBufToFlatBuffer(pRcvBuf,
|
|
DataLength + HeaderLength);
|
|
if (!pBuff) {
|
|
IPSInfo.ipsi_indiscards++;
|
|
IPFreeBuff(pRcvBuf);
|
|
return;
|
|
}
|
|
}
|
|
|
|
//
|
|
// Calling fwd routine for loopback packets results
|
|
// in stack overflow. Check for this.
|
|
//
|
|
if (!(pRcvBuf->ipr_flags & IPR_FLAG_LOOPBACK_PACKET)) {
|
|
|
|
IPForwardPkt(SrcNTE, (IPHeader UNALIGNED *) pBuff, HeaderLength,
|
|
pBuff + HeaderLength, DataLength, NULL, 0,
|
|
DestType, 0, NULL, NULL, LinkCtxt);
|
|
}
|
|
|
|
IPFreeBuff(pRcvBuf);
|
|
|
|
if (!OneChunk) {
|
|
CTEFreeMem(pBuff); // free the flat buffer
|
|
}
|
|
|
|
return;
|
|
} else { // No Firewall
|
|
|
|
if (PromiscuousMode) {
|
|
DeliverToUser(SrcNTE, DestNTE, (IPHeader UNALIGNED *) Header,
|
|
HeaderLength, Data, DataLength, OptInfo, NULL,
|
|
DestType);
|
|
}
|
|
// Convert IPRcvBuf chain to a flat buffer
|
|
OneChunk = FALSE;
|
|
|
|
if (Data != NULL && !Data->ipr_next) {
|
|
OneChunk = TRUE;
|
|
pBuff = Data->ipr_buffer;
|
|
} else {
|
|
pBuff = ConvertIPRcvBufToFlatBuffer(
|
|
Data, DataLength + HeaderLength);
|
|
if (!pBuff) {
|
|
IPSInfo.ipsi_indiscards++;
|
|
return;
|
|
}
|
|
}
|
|
|
|
if (!(Data->ipr_flags & IPR_FLAG_LOOPBACK_PACKET)) {
|
|
IPForwardPkt(SrcNTE, (IPHeader UNALIGNED *) Header, HeaderLength,
|
|
pBuff, DataLength, NULL, 0, DestType, 0, NULL, NULL,
|
|
LinkCtxt);
|
|
}
|
|
|
|
if (!OneChunk) CTEFreeMem(pBuff);
|
|
|
|
}
|
|
return;
|
|
} // DestType >= DEST_REMOTE
|
|
|
|
ASSERT(DestType <= DEST_REMOTE);
|
|
|
|
// Call IPSEC -> Filter -> Firewall
|
|
// These are local packets only.
|
|
|
|
if (FirewallMode) { // Header is part of the Data
|
|
|
|
FORWARD_ACTION Action = FORWARD;
|
|
FIREWALL_CONTEXT_T FrCtx;
|
|
IPAddr DAddr = Header->iph_dest;
|
|
IPRcvBuf *pRcvBuf = Data;
|
|
IPRcvBuf *pOutRcvBuf = NULL;
|
|
NetTableEntry *DstNTE;
|
|
Queue *CurrQ;
|
|
FIREWALL_HOOK *CurrHook;
|
|
uint DestIFIndex = LOCAL_IF_INDEX;
|
|
uchar DestinationType = DestType;
|
|
uint BufferChanged = 0;
|
|
ULONG ipsecFlags = IPSEC_FLAG_INCOMING;
|
|
|
|
if (pRcvBuf->ipr_size > HeaderLength) { //1st buffer contains data also
|
|
|
|
FastPath = 1;
|
|
} else {
|
|
FastPath = 0;
|
|
if (pRcvBuf->ipr_next == NULL) {
|
|
// we received the data s.t. datasize == headersize
|
|
IPSInfo.ipsi_indiscards++;
|
|
IPFreeBuff(pRcvBuf);
|
|
return;
|
|
}
|
|
}
|
|
|
|
//
|
|
// Call into IPSEC so he can decrypt the data
|
|
//
|
|
// In case of firewall make sure we pass the data only but we don't actually strip the header
|
|
|
|
if (IPSecHandlerPtr) {
|
|
//
|
|
// See if IPSEC is enabled, see if it needs to do anything with this
|
|
// packet.
|
|
//
|
|
FORWARD_ACTION Action;
|
|
ULONG ipsecByteCount = 0;
|
|
ULONG ipsecMTU = 0;
|
|
PNDIS_BUFFER newBuf = NULL;
|
|
|
|
if (SrcNTE == LoopNTE) {
|
|
ipsecFlags |= IPSEC_FLAG_LOOPBACK;
|
|
}
|
|
if (OptInfo->ioi_flags & IP_FLAG_SSRR) {
|
|
ipsecFlags |= IPSEC_FLAG_SSRR;
|
|
}
|
|
|
|
if (FastPath) {
|
|
// first buffer contains IPHeader also
|
|
pRcvBuf->ipr_buffer += HeaderLength;
|
|
pRcvBuf->ipr_size -= HeaderLength;
|
|
|
|
// this tells IPSEC to move IPHeader after decryption
|
|
ipsecFlags |= IPSEC_FLAG_FASTRCV;
|
|
|
|
Action = (*IPSecHandlerPtr) (
|
|
(PUCHAR) Header,
|
|
(PVOID) pRcvBuf,
|
|
SrcNTE->nte_if, // SrcIF
|
|
Packet,
|
|
&ipsecByteCount,
|
|
&ipsecMTU,
|
|
(PVOID *) & newBuf,
|
|
&ipsecFlags,
|
|
DestType);
|
|
|
|
// restore the buffer
|
|
pRcvBuf->ipr_buffer -= HeaderLength;
|
|
pRcvBuf->ipr_size += HeaderLength;
|
|
|
|
Header = (IPHeader UNALIGNED *)pRcvBuf->ipr_buffer;
|
|
|
|
} else { // FastPath = 0
|
|
|
|
Action = (*IPSecHandlerPtr) (
|
|
(PUCHAR) Header,
|
|
(PVOID) (pRcvBuf->ipr_next),
|
|
SrcNTE->nte_if, // SrcIF
|
|
Packet,
|
|
&ipsecByteCount,
|
|
&ipsecMTU,
|
|
(PVOID *) & newBuf,
|
|
&ipsecFlags,
|
|
DestType);
|
|
|
|
}
|
|
|
|
if (Action != eFORWARD) {
|
|
IPSInfo.ipsi_indiscards++;
|
|
IPFreeBuff(pRcvBuf);
|
|
return;
|
|
} else {
|
|
//
|
|
// Update the data length if IPSEC changed it (like by removing the AH)
|
|
//
|
|
DataLength -= ipsecByteCount;
|
|
UpdateIPSecRcvBuf(pRcvBuf, ipsecFlags);
|
|
}
|
|
}
|
|
|
|
// If ipsec acted on this, mark ipr_flags for
|
|
// filter driver.
|
|
|
|
if (ipsecFlags & IPSEC_FLAG_TRANSFORMED) {
|
|
pRcvBuf->ipr_flags |= IPR_FLAG_IPSEC_TRANSFORMED;
|
|
}
|
|
|
|
// Call the filter hook if installed
|
|
if (RefPtrValid(&FilterRefPtr)) {
|
|
IPPacketFilterPtr FilterPtr;
|
|
FORWARD_ACTION Action = FORWARD;
|
|
|
|
if (FastPath) {
|
|
Interface *IF = SrcNTE->nte_if;
|
|
IPAddr LinkNextHop;
|
|
if ((IF->if_flags & IF_FLAGS_P2MP) && LinkCtxt) {
|
|
LinkNextHop = LinkCtxt->link_NextHop;
|
|
} else {
|
|
LinkNextHop = NULL_IP_ADDR;
|
|
}
|
|
|
|
FilterPtr = AcquireRefPtr(&FilterRefPtr);
|
|
|
|
Action = (*FilterPtr) (Header,
|
|
pRcvBuf->ipr_buffer + HeaderLength,
|
|
pRcvBuf->ipr_size - HeaderLength,
|
|
IF->if_index,
|
|
INVALID_IF_INDEX,
|
|
LinkNextHop,
|
|
NULL_IP_ADDR);
|
|
ReleaseRefPtr(&FilterRefPtr);
|
|
} else { // Fast Path = 0
|
|
|
|
Interface *IF = SrcNTE->nte_if;
|
|
IPAddr LinkNextHop;
|
|
if ((IF->if_flags & IF_FLAGS_P2MP) && LinkCtxt) {
|
|
LinkNextHop = LinkCtxt->link_NextHop;
|
|
} else {
|
|
LinkNextHop = NULL_IP_ADDR;
|
|
}
|
|
|
|
FilterPtr = AcquireRefPtr(&FilterRefPtr);
|
|
Action = (*FilterPtr) (Header,
|
|
pRcvBuf->ipr_next->ipr_buffer,
|
|
pRcvBuf->ipr_next->ipr_size,
|
|
IF->if_index,
|
|
INVALID_IF_INDEX,
|
|
LinkNextHop,
|
|
NULL_IP_ADDR);
|
|
ReleaseRefPtr(&FilterRefPtr);
|
|
}
|
|
|
|
if (Action != FORWARD) {
|
|
IPSInfo.ipsi_indiscards++;
|
|
IPFreeBuff(pRcvBuf);
|
|
return;
|
|
}
|
|
}
|
|
// Call the firewall hook
|
|
|
|
FrCtx.Direction = IP_RECEIVE;
|
|
FrCtx.NTE = SrcNTE; //NTE the dg arrived on
|
|
|
|
FrCtx.LinkCtxt = LinkCtxt;
|
|
|
|
// call the firewall hooks from front of the Queue
|
|
|
|
#if MILLEN
|
|
KeRaiseIrql(DISPATCH_LEVEL, &OldIrql);
|
|
#else // MILLEN
|
|
ASSERT(KeGetCurrentIrql() >= DISPATCH_LEVEL);
|
|
#endif // MILLEN
|
|
FirewallRef = RefFirewallQ(&FirewallQ);
|
|
CurrQ = QHEAD(FirewallQ);
|
|
|
|
while (CurrQ != QEND(FirewallQ)) {
|
|
CurrHook = QSTRUCT(FIREWALL_HOOK, CurrQ, hook_q);
|
|
pOutRcvBuf = NULL;
|
|
|
|
Action = (*CurrHook->hook_Ptr) (&pRcvBuf,
|
|
SrcNTE->nte_if->if_index,
|
|
&DestIFIndex,
|
|
&DestinationType,
|
|
&FrCtx,
|
|
sizeof(FrCtx),
|
|
&pOutRcvBuf);
|
|
|
|
if (Action == DROP) {
|
|
DerefFirewallQ(FirewallRef);
|
|
#if MILLEN
|
|
KeLowerIrql(OldIrql);
|
|
#endif // MILLEN
|
|
IPSInfo.ipsi_indiscards++;
|
|
if (pRcvBuf != NULL) {
|
|
IPFreeBuff(pRcvBuf);
|
|
}
|
|
if (pOutRcvBuf != NULL) {
|
|
IPFreeBuff(pOutRcvBuf);
|
|
}
|
|
return;
|
|
} else {
|
|
ASSERT(Action == FORWARD);
|
|
if (pOutRcvBuf != NULL) {
|
|
// free the old buffer
|
|
if (pRcvBuf != NULL) {
|
|
IPFreeBuff(pRcvBuf);
|
|
}
|
|
pRcvBuf = pOutRcvBuf;
|
|
BufferChanged = 1;
|
|
}
|
|
}
|
|
CurrQ = QNEXT(CurrQ);
|
|
}
|
|
DerefFirewallQ(FirewallRef);
|
|
#if MILLEN
|
|
KeLowerIrql(OldIrql);
|
|
#endif // MILLEN
|
|
|
|
ASSERT(Action == FORWARD);
|
|
|
|
if (BufferChanged) {
|
|
// if packet touched compute the new length: DataSize
|
|
DataLength = 0;
|
|
tmpRcvBuf = pRcvBuf;
|
|
while (tmpRcvBuf != NULL) {
|
|
ASSERT(tmpRcvBuf->ipr_buffer != NULL);
|
|
DataLength += tmpRcvBuf->ipr_size;
|
|
tmpRcvBuf = tmpRcvBuf->ipr_next;
|
|
}
|
|
// also make Header point to new buffer
|
|
Header = (IPHeader *) pRcvBuf->ipr_buffer;
|
|
HeaderLength = (Header->iph_verlen & 0xf) << 2;
|
|
}
|
|
DataLength -= HeaderLength; // decrement the header length
|
|
|
|
if (DestinationType == DEST_INVALID) { // Dest Addr changed by hook
|
|
|
|
// Can IPSEC changed iph_dest ???
|
|
DAddr = Header->iph_dest;
|
|
DstNTE = SrcNTE;
|
|
DestType = GetLocalNTE(DAddr, &DstNTE);
|
|
DestNTE = DstNTE;
|
|
}
|
|
if (DestType < DEST_REMOTE) {
|
|
// Check to see options
|
|
if (HeaderLength != sizeof(IPHeader)) {
|
|
// We have options
|
|
uchar NewDType;
|
|
NewDType = CheckLocalOptions(SrcNTE,
|
|
(IPHeader UNALIGNED *) Header,
|
|
OptInfo,
|
|
DestType,
|
|
NULL,
|
|
0,
|
|
FALSE);
|
|
if (NewDType != DEST_LOCAL) {
|
|
if (NewDType == DEST_REMOTE) {
|
|
if (PromiscuousMode) {
|
|
if (FastPath) {
|
|
uchar *saveddata = pRcvBuf->ipr_buffer;
|
|
pRcvBuf->ipr_buffer += HeaderLength;
|
|
pRcvBuf->ipr_size -= HeaderLength;
|
|
DeliverToUser(SrcNTE, DestNTE,
|
|
(IPHeader UNALIGNED *) Header,
|
|
HeaderLength, pRcvBuf,
|
|
DataLength, OptInfo, NULL,
|
|
DestType);
|
|
// restore the buffer
|
|
pRcvBuf->ipr_buffer = saveddata;
|
|
pRcvBuf->ipr_size += HeaderLength;
|
|
} else {
|
|
uchar *saveddata = pRcvBuf->ipr_next->ipr_buffer;
|
|
|
|
DeliverToUser(SrcNTE, DestNTE,
|
|
(IPHeader UNALIGNED *) Header,
|
|
HeaderLength, pRcvBuf->ipr_next,
|
|
DataLength, OptInfo, NULL,
|
|
DestType);
|
|
// restore the buffers;
|
|
pRcvBuf->ipr_next->ipr_buffer = saveddata;
|
|
}
|
|
}
|
|
goto forward_local;
|
|
} else {
|
|
IPSInfo.ipsi_inhdrerrors++;
|
|
IPFreeBuff(pRcvBuf);
|
|
//CTEFreeMem(pBuff);
|
|
return; // Bad Options
|
|
|
|
}
|
|
} // NewDtype != LOCAL
|
|
} // Options present
|
|
} // DestType < DEST_REMOTE
|
|
|
|
else { // DestType >=DEST_REMOTE
|
|
|
|
if (PromiscuousMode) {
|
|
if (FastPath) {
|
|
uchar *saveddata = pRcvBuf->ipr_buffer;
|
|
pRcvBuf->ipr_buffer += HeaderLength;
|
|
pRcvBuf->ipr_size -= HeaderLength;
|
|
DeliverToUser(SrcNTE, DestNTE,
|
|
(IPHeader UNALIGNED *) Header, HeaderLength,
|
|
pRcvBuf, DataLength, OptInfo, NULL, DestType);
|
|
// restore the buffer
|
|
pRcvBuf->ipr_buffer = saveddata;
|
|
pRcvBuf->ipr_size += HeaderLength;
|
|
} else {
|
|
uchar *saveddata = pRcvBuf->ipr_next->ipr_buffer;
|
|
|
|
DeliverToUser(SrcNTE, DestNTE,
|
|
(IPHeader UNALIGNED *) Header, HeaderLength,
|
|
pRcvBuf->ipr_next, DataLength, OptInfo,
|
|
NULL, DestType);
|
|
|
|
// restore the buffers;
|
|
pRcvBuf->ipr_next->ipr_buffer = saveddata;
|
|
}
|
|
}
|
|
goto forward_local;
|
|
}
|
|
|
|
if (FastPath) {
|
|
uchar *saveddata = pRcvBuf->ipr_buffer;
|
|
pRcvBuf->ipr_buffer += HeaderLength;
|
|
pRcvBuf->ipr_size -= HeaderLength;
|
|
DeliverToUser(SrcNTE, DestNTE, (IPHeader UNALIGNED *) Header, HeaderLength,
|
|
pRcvBuf, DataLength, OptInfo, NULL, DestType);
|
|
// restore the buffer
|
|
pRcvBuf->ipr_buffer = saveddata;
|
|
pRcvBuf->ipr_size += HeaderLength;
|
|
} else {
|
|
uchar *saveddata = pRcvBuf->ipr_next->ipr_buffer;
|
|
|
|
DeliverToUser(
|
|
SrcNTE, DestNTE, (IPHeader UNALIGNED *) Header,
|
|
HeaderLength, pRcvBuf->ipr_next, DataLength,
|
|
OptInfo, NULL, DestType);
|
|
// restore the buffers;
|
|
pRcvBuf->ipr_next->ipr_buffer = saveddata;
|
|
}
|
|
if (IS_BCAST_DEST(DestType)) {
|
|
OneChunk = FALSE;
|
|
if (pRcvBuf->ipr_next == NULL) {
|
|
OneChunk = TRUE;
|
|
pBuff = pRcvBuf->ipr_buffer;
|
|
}else {
|
|
pBuff = ConvertIPRcvBufToFlatBuffer(
|
|
pRcvBuf, DataLength + HeaderLength);
|
|
|
|
if (!pBuff) {
|
|
IPSInfo.ipsi_indiscards++;
|
|
IPFreeBuff(pRcvBuf);
|
|
return;
|
|
}
|
|
|
|
}
|
|
if (!(pRcvBuf->ipr_flags & IPR_FLAG_LOOPBACK_PACKET)) {
|
|
IPForwardPkt(SrcNTE, (IPHeader UNALIGNED *) pBuff,
|
|
HeaderLength, pBuff + HeaderLength,
|
|
DataLength, NULL, 0, DestType, 0, NULL,
|
|
NULL, LinkCtxt);
|
|
}
|
|
if (!OneChunk) {
|
|
CTEFreeMem(pBuff); // free the flat buffer
|
|
}
|
|
|
|
}
|
|
IPFreeBuff(pRcvBuf);
|
|
//CTEFreeMem(pBuff); // free the flat buffer
|
|
return;
|
|
forward_local:
|
|
OneChunk = FALSE;
|
|
if (pRcvBuf->ipr_next == NULL) {
|
|
OneChunk = TRUE;
|
|
pBuff = pRcvBuf->ipr_buffer;
|
|
} else {
|
|
pBuff = ConvertIPRcvBufToFlatBuffer(pRcvBuf, DataLength + HeaderLength);
|
|
|
|
if (!pBuff) {
|
|
IPSInfo.ipsi_indiscards++;
|
|
IPFreeBuff(pRcvBuf);
|
|
return;
|
|
|
|
}
|
|
}
|
|
|
|
//
|
|
// If mdl in the packet is not changed and this is a simple
|
|
// packet with only one buffer then pass the packet, mdl and
|
|
// ClientCnt so that IPForwardPkt() can try to use super fast
|
|
// path.
|
|
//
|
|
|
|
if (!(pRcvBuf->ipr_flags & IPR_FLAG_LOOPBACK_PACKET)) {
|
|
if (OneChunk && pRcvBuf->ipr_pMdl &&
|
|
((BufferChanged == 0) ||
|
|
(pRcvBuf->ipr_flags & IPR_FLAG_BUFFER_UNCHANGED))) {
|
|
|
|
uint MacHeaderSize = pRcvBuf->ipr_RcvOffset - HeaderLength;
|
|
|
|
IPForwardPkt(SrcNTE, (IPHeader UNALIGNED *) pBuff, HeaderLength,
|
|
pBuff + HeaderLength, DataLength, Packet, 0, DestType,
|
|
MacHeaderSize, pRcvBuf->ipr_pMdl,pRcvBuf->ipr_pClientCnt, LinkCtxt);
|
|
|
|
} else {
|
|
IPForwardPkt(SrcNTE, (IPHeader UNALIGNED *) pBuff, HeaderLength,
|
|
pBuff + HeaderLength, DataLength, NULL, 0, DestType,
|
|
0, NULL, NULL, LinkCtxt);
|
|
|
|
}
|
|
}
|
|
|
|
if (!OneChunk) {
|
|
CTEFreeMem(pBuff); // free the flat buffer
|
|
}
|
|
IPFreeBuff(pRcvBuf);
|
|
|
|
return;
|
|
|
|
} else { // No Firewall
|
|
|
|
//
|
|
// Call into IPSEC so he can decrypt the data
|
|
//
|
|
if (IPSecHandlerPtr) {
|
|
//
|
|
// See if IPSEC is enabled, see if it needs to do anything with this
|
|
// packet.
|
|
//
|
|
FORWARD_ACTION Action;
|
|
ULONG ipsecByteCount = 0;
|
|
ULONG ipsecMTU = 0;
|
|
ULONG ipsecFlags = IPSEC_FLAG_INCOMING;
|
|
PNDIS_BUFFER newBuf = NULL;
|
|
|
|
if (SrcNTE == LoopNTE) {
|
|
ipsecFlags |= IPSEC_FLAG_LOOPBACK;
|
|
}
|
|
if (OptInfo->ioi_flags & IP_FLAG_SSRR) {
|
|
ipsecFlags |= IPSEC_FLAG_SSRR;
|
|
}
|
|
|
|
Action = (*IPSecHandlerPtr) (
|
|
(PUCHAR) Header,
|
|
(PVOID) Data,
|
|
SrcNTE->nte_if, // SrcIF
|
|
Packet,
|
|
&ipsecByteCount,
|
|
&ipsecMTU,
|
|
(PVOID *) &newBuf,
|
|
&ipsecFlags,
|
|
DestType);
|
|
|
|
if (Action != eFORWARD) {
|
|
IPSInfo.ipsi_indiscards++;
|
|
return;
|
|
} else {
|
|
//
|
|
// Update the data length if IPSEC changed it
|
|
// (like by removing the AH)
|
|
//
|
|
DataLength -= ipsecByteCount;
|
|
UpdateIPSecRcvBuf(Data, ipsecFlags);
|
|
}
|
|
}
|
|
|
|
// Call the filter hook if installed
|
|
if (RefPtrValid(&FilterRefPtr)) {
|
|
Interface *IF = SrcNTE->nte_if;
|
|
IPAddr LinkNextHop;
|
|
FORWARD_ACTION Action;
|
|
IPPacketFilterPtr FilterPtr;
|
|
if ((IF->if_flags & IF_FLAGS_P2MP) && LinkCtxt) {
|
|
LinkNextHop = LinkCtxt->link_NextHop;
|
|
} else {
|
|
LinkNextHop = NULL_IP_ADDR;
|
|
}
|
|
FilterPtr = AcquireRefPtr(&FilterRefPtr);
|
|
Action = (*FilterPtr) (Header,
|
|
Data->ipr_buffer,
|
|
Data->ipr_size,
|
|
IF->if_index,
|
|
INVALID_IF_INDEX,
|
|
LinkNextHop,
|
|
NULL_IP_ADDR);
|
|
ReleaseRefPtr(&FilterRefPtr);
|
|
|
|
if (Action != FORWARD) {
|
|
IPSInfo.ipsi_indiscards++;
|
|
return;
|
|
}
|
|
}
|
|
// Packet was local only: so even if promiscuous mode set just call
|
|
// delivertouser
|
|
|
|
DeliverToUser(SrcNTE, DestNTE, (IPHeader UNALIGNED *) Header,
|
|
HeaderLength, Data, DataLength, OptInfo, NULL, DestType);
|
|
|
|
if (IS_BCAST_DEST(DestType)) {
|
|
uchar *pBuff;
|
|
|
|
OneChunk = FALSE;
|
|
if (Data != NULL && !Data->ipr_next) {
|
|
OneChunk = TRUE;
|
|
pBuff = Data->ipr_buffer;
|
|
} else {
|
|
pBuff = ConvertIPRcvBufToFlatBuffer(Data, DataLength);
|
|
if (!pBuff) {
|
|
return;
|
|
}
|
|
}
|
|
if (!(Data->ipr_flags & IPR_FLAG_LOOPBACK_PACKET)) {
|
|
IPForwardPkt(SrcNTE, (IPHeader UNALIGNED *) Header, HeaderLength,
|
|
pBuff, DataLength, NULL, 0, DestType, 0, NULL, NULL,
|
|
LinkCtxt);
|
|
}
|
|
|
|
if (!OneChunk) {
|
|
CTEFreeMem(pBuff);
|
|
}
|
|
|
|
|
|
}
|
|
}
|
|
}
|
|
|
|
//* FreeRH - Free a reassembly header.
|
|
//
|
|
// Called when we need to free a reassembly header, either because of a
|
|
// timeout or because we're done with it.
|
|
//
|
|
// Input: RH - RH to be freed.
|
|
//
|
|
// Returns: Nothing.
|
|
//
|
|
void
|
|
FreeRH(ReassemblyHeader *RH)
|
|
{
|
|
RABufDesc *RBD, *TempRBD;
|
|
|
|
RBD = RH->rh_rbd;
|
|
if (IPSecHandlerPtr) {
|
|
IPFreeBuff((IPRcvBuf *) RBD);
|
|
} else {
|
|
while (RBD != NULL) {
|
|
TempRBD = RBD;
|
|
RBD = (RABufDesc *) RBD->rbd_buf.ipr_next;
|
|
CTEFreeMem(TempRBD);
|
|
}
|
|
}
|
|
CTEFreeMem(RH);
|
|
// decrement NumRH
|
|
CTEInterlockedDecrementLong(&NumRH);
|
|
|
|
}
|
|
|
|
//* ReassembleFragment - Put a fragment into the reassembly list.
|
|
//
|
|
// This routine is called once we've put a fragment into the proper buffer.
|
|
// We look for a reassembly header for the fragment. If we don't find one,
|
|
// we create one. Otherwise we search the reassembly list, and insert the
|
|
// datagram in it's proper place.
|
|
//
|
|
// Input: NTE - NTE to reassemble on.
|
|
// SrcNTE - NTE datagram arrived on.
|
|
// NewRBD - New RBD to be inserted.
|
|
// IPH - Pointer to header of datagram.
|
|
// HeaderSize - Size in bytes of header.
|
|
// DestType - Type of destination address.
|
|
//
|
|
// Returns: Nothing.
|
|
//
|
|
void
|
|
ReassembleFragment(NetTableEntry * NTE, NetTableEntry * SrcNTE, RABufDesc * NewRBD,
|
|
IPHeader UNALIGNED * IPH, uint HeaderSize, uchar DestType, LinkEntry * LinkCtxt)
|
|
{
|
|
ReassemblyHeader *RH, *PrevRH; // Current and previous reassembly headers.
|
|
RABufDesc *PrevRBD; // Previous RBD in reassembly header list.
|
|
RABufDesc *CurrentRBD;
|
|
ushort DataLength = (ushort) NewRBD->rbd_buf.ipr_size, DataOffset;
|
|
ushort Offset; // Offset of this fragment.
|
|
ushort NewOffset; // Offset we'll copy from after checking RBD list.
|
|
ushort NewEnd; // End offset of fragment, after trimming (if any).
|
|
|
|
|
|
// used by the firewall code
|
|
IPRcvBuf *pRcvBuf;
|
|
uint FirewallMode;
|
|
uint PromiscuousMode;
|
|
|
|
PromiscuousMode = SrcNTE->nte_if->if_promiscuousmode;
|
|
FirewallMode = ProcessFirewallQ();
|
|
|
|
// If this is a broadcast, go ahead and forward it now.
|
|
// if second condition is false then delivertouserex() will take care of
|
|
// this
|
|
if (IS_BCAST_DEST(DestType) &&
|
|
!(((IPSecHandlerPtr) && (RefPtrValid(&FilterRefPtr))) ||
|
|
(FirewallMode) || (PromiscuousMode))) {
|
|
IPForwardPkt(SrcNTE, IPH, HeaderSize, NewRBD->rbd_buf.ipr_buffer,
|
|
NewRBD->rbd_buf.ipr_size, NULL, 0, DestType, 0, NULL,
|
|
NULL, LinkCtxt);
|
|
}
|
|
|
|
if (NumRH > MaxRH) {
|
|
IPSInfo.ipsi_reasmfails++;
|
|
FragmentAttackDrops++;
|
|
CTEFreeMem(NewRBD);
|
|
return;
|
|
}
|
|
Offset = IPH->iph_offset & IP_OFFSET_MASK;
|
|
Offset = net_short(Offset) * 8;
|
|
|
|
if ((NumRH == MaxRH) && !Offset) {
|
|
IPSInfo.ipsi_reasmfails++;
|
|
CTEFreeMem(NewRBD);
|
|
return;
|
|
}
|
|
|
|
|
|
if ((ulong) (Offset + DataLength) > MAX_DATA_LENGTH) {
|
|
IPSInfo.ipsi_reasmfails++;
|
|
CTEFreeMem(NewRBD);
|
|
return;
|
|
}
|
|
// We've got the buffer we need. Now get the reassembly header, if there is one. If
|
|
// there isn't, create one.
|
|
CTEGetLockAtDPC(&NTE->nte_lock);
|
|
RH = FindRH(&PrevRH, NTE, IPH->iph_dest, IPH->iph_src, IPH->iph_id,
|
|
IPH->iph_protocol);
|
|
if (RH == (ReassemblyHeader *) NULL) { // Didn't find one, so create one.
|
|
|
|
ReassemblyHeader *NewRH;
|
|
CTEFreeLockFromDPC(&NTE->nte_lock);
|
|
RH = CTEAllocMemN(sizeof(ReassemblyHeader), 'diCT');
|
|
if (RH == (ReassemblyHeader *) NULL) { // Couldn't get a buffer.
|
|
IPSInfo.ipsi_reasmfails++;
|
|
CTEFreeMem(NewRBD);
|
|
return;
|
|
}
|
|
CTEInterlockedIncrementLong(&NumRH);
|
|
|
|
CTEGetLockAtDPC(&NTE->nte_lock);
|
|
// Need to look it up again - it could have changed during above call.
|
|
NewRH = FindRH(&PrevRH, NTE, IPH->iph_dest, IPH->iph_src, IPH->iph_id, IPH->iph_protocol);
|
|
if (NewRH != (ReassemblyHeader *) NULL) {
|
|
CTEFreeMem(RH);
|
|
RH = NewRH;
|
|
CTEInterlockedDecrementLong(&NumRH);
|
|
} else {
|
|
|
|
RH->rh_next = PrevRH->rh_next;
|
|
PrevRH->rh_next = RH;
|
|
|
|
// Initialize our new reassembly header.
|
|
RH->rh_dest = IPH->iph_dest;
|
|
RH->rh_src = IPH->iph_src;
|
|
RH->rh_id = IPH->iph_id;
|
|
RH->rh_protocol = IPH->iph_protocol;
|
|
//RH->rh_ttl = RATimeout;
|
|
RH->rh_ttl = MAX(RATimeout, MIN(120, IPH->iph_ttl) + 1);
|
|
RH->rh_numoverlaps = 0;
|
|
RH->rh_datasize = MAX_TOTAL_LENGTH; // Default datasize to maximum.
|
|
|
|
RH->rh_rbd = (RABufDesc *) NULL; // And nothing on chain.
|
|
|
|
RH->rh_datarcvd = 0; // Haven't received any data yet.
|
|
|
|
RH->rh_headersize = 0;
|
|
|
|
}
|
|
}
|
|
|
|
// When we reach here RH points to the reassembly header we want to use.
|
|
// and we hold locks on the NTE and the RH. If this is the first fragment
|
|
// we'll save the options and header information here.
|
|
|
|
if (Offset == 0) { // First fragment.
|
|
|
|
RH->rh_headersize = (ushort)HeaderSize;
|
|
RtlCopyMemory(RH->rh_header, IPH, HeaderSize + 8);
|
|
}
|
|
|
|
// If this is the last fragment, update the amount of data we expect to
|
|
// receive.
|
|
|
|
if (!(IPH->iph_offset & IP_MF_FLAG)) {
|
|
RH->rh_datasize = Offset + DataLength;
|
|
}
|
|
if (RH->rh_datasize < RH->rh_datarcvd ||
|
|
(RH->rh_datasize != MAX_TOTAL_LENGTH &&
|
|
(RH->rh_datasize + RH->rh_headersize) > MAX_TOTAL_LENGTH)) {
|
|
|
|
// random packets. drop!
|
|
|
|
CTEFreeMem(NewRBD);
|
|
|
|
PrevRH->rh_next = RH->rh_next;
|
|
|
|
FreeRH(RH);
|
|
CTEFreeLockFromDPC(&NTE->nte_lock);
|
|
return;
|
|
|
|
}
|
|
|
|
// Update the TTL value with the maximum of the current TTL and the
|
|
// incoming TTL (+1, to deal with rounding errors).
|
|
// Following is commented out to protect against fragmentation attack
|
|
// Default TTL now used is 120 seconds now, used only for the first header
|
|
// RH->rh_ttl = MAX(RH->rh_ttl, MIN(254, IPH->iph_ttl) + 1);
|
|
// Now we need to see where in the RBD list to put this.
|
|
//
|
|
// The idea is to go through the list of RBDs one at a time. The RBD
|
|
// currently being examined is CurrentRBD. If the start offset of the new
|
|
// fragment is less than (i.e. in front of) the offset of CurrentRBD, we
|
|
// need to insert the NewRBD in front of the CurrentRBD. If this is the
|
|
// case we need to check and see if the
|
|
// end of the new fragment overlaps some or all of the fragment described by
|
|
// CurrentRBD, and possibly subsequent fragment. If it overlaps part of a
|
|
// fragment we'll adjust our end down to be in front of the existing
|
|
// fragment. If it overlaps all of the fragment we'll free the old fragment.
|
|
//
|
|
// If the new fragment does not start in front of the current fragment
|
|
// we'll check to see if it starts somewhere in the middle of the current
|
|
// fragment. If this isn't the case, we move on the the next fragment. If
|
|
// this is the case, we check to see if the current fragment completely // covers the new fragment. If not we
|
|
// move our start up and continue with the next fragment.
|
|
//
|
|
|
|
NewOffset = Offset;
|
|
NewEnd = Offset + DataLength - 1;
|
|
PrevRBD = STRUCT_OF(RABufDesc, STRUCT_OF(IPRcvBuf, &RH->rh_rbd, ipr_next), rbd_buf);
|
|
CurrentRBD = RH->rh_rbd;
|
|
for (; CurrentRBD != NULL; PrevRBD = CurrentRBD, CurrentRBD = (RABufDesc *) CurrentRBD->rbd_buf.ipr_next) {
|
|
|
|
// See if it starts in front of this fragment.
|
|
if (NewOffset < CurrentRBD->rbd_start) {
|
|
// It does start in front. Check to see if there's any overlap.
|
|
|
|
if (NewEnd < CurrentRBD->rbd_start)
|
|
break; // No overlap, so get out.
|
|
|
|
else {
|
|
//
|
|
// It does overlap. While we have overlap, walk down the list
|
|
// looking for RBDs we overlap completely. If we find one,
|
|
// put it on our deletion list. If we have overlap but not
|
|
// complete overlap, move our end down if front of the
|
|
// fragment we overlap.
|
|
//
|
|
do {
|
|
RH->rh_numoverlaps++;
|
|
if (RH->rh_numoverlaps >= MaxOverlap) {
|
|
|
|
//Looks like we are being attacked.
|
|
//Just drop this whole datagram.
|
|
|
|
NewRBD->rbd_buf.ipr_next = (IPRcvBuf *) CurrentRBD;
|
|
PrevRBD->rbd_buf.ipr_next = &NewRBD->rbd_buf;
|
|
|
|
PrevRH->rh_next = RH->rh_next;
|
|
|
|
FreeRH(RH);
|
|
FragmentAttackDrops++;
|
|
CTEFreeLockFromDPC(&NTE->nte_lock);
|
|
return;
|
|
}
|
|
if (NewEnd > CurrentRBD->rbd_end) { //overlaps completely.
|
|
|
|
RABufDesc *TempRBD;
|
|
|
|
RH->rh_datarcvd = RH->rh_datarcvd -
|
|
(ushort) (CurrentRBD->rbd_buf.ipr_size);
|
|
TempRBD = CurrentRBD;
|
|
CurrentRBD = (RABufDesc *) CurrentRBD->rbd_buf.ipr_next;
|
|
CTEFreeMem(TempRBD);
|
|
} else { //partial ovelap.
|
|
|
|
if (NewOffset < CurrentRBD->rbd_start) {
|
|
NewEnd = CurrentRBD->rbd_start - 1;
|
|
} else {
|
|
// Looks like we are being attacked.
|
|
// Just drop this whole datagram.
|
|
|
|
NewRBD->rbd_buf.ipr_next = (IPRcvBuf *) CurrentRBD;
|
|
PrevRBD->rbd_buf.ipr_next = &NewRBD->rbd_buf;
|
|
|
|
PrevRH->rh_next = RH->rh_next;
|
|
|
|
FreeRH(RH);
|
|
|
|
CTEFreeLockFromDPC(&NTE->nte_lock);
|
|
return;
|
|
|
|
}
|
|
|
|
}
|
|
// Update of NewEnd will force us out of loop.
|
|
|
|
} while (CurrentRBD != NULL && NewEnd >= CurrentRBD->rbd_start);
|
|
break;
|
|
}
|
|
} else {
|
|
// This fragment doesn't go in front of the current RBD. See if it
|
|
// is entirely beyond the end of the current fragment. If it is,
|
|
// just continue. Otherwise see if the current fragment
|
|
// completely subsumes us. If it does, get out, otherwise update
|
|
// our start offset and continue.
|
|
|
|
if (NewOffset > CurrentRBD->rbd_end)
|
|
continue; // No overlap at all.
|
|
|
|
else {
|
|
|
|
RH->rh_numoverlaps++;
|
|
if (RH->rh_numoverlaps >= MaxOverlap) {
|
|
|
|
//Looks like we are being attacked.
|
|
//Just drop this whole datagram.
|
|
|
|
NewRBD->rbd_buf.ipr_next = (IPRcvBuf *) CurrentRBD;
|
|
PrevRBD->rbd_buf.ipr_next = &NewRBD->rbd_buf;
|
|
|
|
PrevRH->rh_next = RH->rh_next;
|
|
|
|
FreeRH(RH);
|
|
FragmentAttackDrops++;
|
|
CTEFreeLockFromDPC(&NTE->nte_lock);
|
|
return;
|
|
}
|
|
|
|
if (NewEnd <= CurrentRBD->rbd_end) {
|
|
//
|
|
// The current fragment overlaps the new fragment
|
|
// totally. Set our offsets so that we'll skip the copy
|
|
// below.
|
|
NewEnd = NewOffset - 1;
|
|
break;
|
|
} else // Only partial overlap.
|
|
|
|
NewOffset = CurrentRBD->rbd_end + 1;
|
|
}
|
|
}
|
|
} // End of for loop.
|
|
|
|
// Adjust the length and offset fields in the new RBD.
|
|
// If we've trimmed all the data away, ignore this fragment.
|
|
|
|
DataLength = NewEnd - NewOffset + 1;
|
|
DataOffset = NewOffset - Offset;
|
|
if (!DataLength) {
|
|
CTEFreeMem(NewRBD);
|
|
CTEFreeLockFromDPC(&NTE->nte_lock);
|
|
return;
|
|
}
|
|
// Link him in chain.
|
|
NewRBD->rbd_buf.ipr_size = (uint) DataLength;
|
|
NewRBD->rbd_end = NewEnd;
|
|
NewRBD->rbd_start = (ushort) NewOffset;
|
|
RH->rh_datarcvd = RH->rh_datarcvd + (ushort) DataLength;
|
|
NewRBD->rbd_buf.ipr_buffer += DataOffset;
|
|
NewRBD->rbd_buf.ipr_next = (IPRcvBuf *) CurrentRBD;
|
|
NewRBD->rbd_buf.ipr_owner = IPR_OWNER_IP;
|
|
PrevRBD->rbd_buf.ipr_next = &NewRBD->rbd_buf;
|
|
|
|
// If we've received all the data, deliver it to the user.
|
|
// Only if header size is valid deliver to the user
|
|
// BUG #NTQFE 65742
|
|
|
|
if (RH->rh_datarcvd == RH->rh_datasize && RH->rh_headersize) { // We have it all.
|
|
|
|
IPOptInfo OptInfo;
|
|
IPHeader *Header;
|
|
IPRcvBuf *FirstBuf;
|
|
ulong Checksum;
|
|
|
|
PrevRH->rh_next = RH->rh_next;
|
|
CTEFreeLockFromDPC(&NTE->nte_lock);
|
|
|
|
Header = (IPHeader *) RH->rh_header;
|
|
OptInfo.ioi_ttl = Header->iph_ttl;
|
|
OptInfo.ioi_tos = Header->iph_tos;
|
|
OptInfo.ioi_flags = 0; // Flags must be 0 - DF can't be set,
|
|
// this was reassembled.
|
|
|
|
if (RH->rh_headersize != sizeof(IPHeader)) { // We had options.
|
|
|
|
OptInfo.ioi_options = (uchar *) (Header + 1);
|
|
OptInfo.ioi_optlength = (uchar) (RH->rh_headersize - sizeof(IPHeader));
|
|
} else {
|
|
OptInfo.ioi_options = (uchar *) NULL;
|
|
OptInfo.ioi_optlength = 0;
|
|
}
|
|
|
|
//
|
|
// update the indicated header len to the total len; earlier we passed in
|
|
// just the first fragment's length.
|
|
// also update the 'MF' bit in the flags field.
|
|
//
|
|
// in the process update the header-checksum,
|
|
// by first adding the negation of the original length and flags,
|
|
// and then adding the new length and flags.
|
|
//
|
|
|
|
// extract the original checksum
|
|
|
|
Checksum = (ushort) ~ Header->iph_xsum;
|
|
|
|
// update the header length
|
|
|
|
Checksum += (ushort) ~ Header->iph_length;
|
|
Header->iph_length = net_short(RH->rh_datasize + RH->rh_headersize);
|
|
Checksum += (ushort) Header->iph_length;
|
|
|
|
// update the 'MF' flag if set
|
|
|
|
if (Header->iph_offset & IP_MF_FLAG) {
|
|
Checksum += (ushort) ~ IP_MF_FLAG;
|
|
Header->iph_offset &= ~IP_MF_FLAG;
|
|
}
|
|
// insert the new checksum
|
|
|
|
Checksum = (ushort) Checksum + (ushort) (Checksum >> 16);
|
|
Checksum += Checksum >> 16;
|
|
Header->iph_xsum = (ushort) ~ Checksum;
|
|
|
|
// Make sure that the first buffer contains enough data.
|
|
FirstBuf = (IPRcvBuf *) RH->rh_rbd;
|
|
|
|
// Make sure that this can hold MIN_FIRST_SIZE
|
|
// Else treat it as attack
|
|
|
|
if (RH->rh_rbd->rbd_AllocSize < MIN_FIRST_SIZE) {
|
|
//Attack???
|
|
FreeRH(RH);
|
|
return;
|
|
}
|
|
while (FirstBuf->ipr_size < MIN_FIRST_SIZE) {
|
|
IPRcvBuf *NextBuf = FirstBuf->ipr_next;
|
|
uint CopyLength;
|
|
|
|
if (NextBuf == NULL)
|
|
break;
|
|
|
|
CopyLength = MIN(MIN_FIRST_SIZE - FirstBuf->ipr_size,
|
|
NextBuf->ipr_size);
|
|
RtlCopyMemory(FirstBuf->ipr_buffer + FirstBuf->ipr_size,
|
|
NextBuf->ipr_buffer, CopyLength);
|
|
FirstBuf->ipr_size += CopyLength;
|
|
NextBuf->ipr_buffer += CopyLength;
|
|
NextBuf->ipr_size -= CopyLength;
|
|
if (NextBuf->ipr_size == 0) {
|
|
FirstBuf->ipr_next = NextBuf->ipr_next;
|
|
CTEFreeMem(NextBuf);
|
|
}
|
|
}
|
|
|
|
IPSInfo.ipsi_reasmoks++;
|
|
|
|
if (((IPSecHandlerPtr) && (RefPtrValid(&FilterRefPtr))) ||
|
|
(FirewallMode) || (PromiscuousMode) ) {
|
|
uint DataSize;
|
|
|
|
DataSize = RH->rh_datasize;
|
|
if (FirewallMode) {
|
|
// Attach header to pass to Firewall hook
|
|
pRcvBuf = (IPRcvBuf *) CTEAllocMemN(sizeof(IPRcvBuf), 'eiCT');
|
|
if (!pRcvBuf) {
|
|
FreeRH(RH);
|
|
return;
|
|
}
|
|
pRcvBuf->ipr_buffer = (uchar *) RH->rh_header;
|
|
pRcvBuf->ipr_size = RH->rh_headersize;
|
|
pRcvBuf->ipr_owner = IPR_OWNER_IP;
|
|
pRcvBuf->ipr_next = FirstBuf;
|
|
pRcvBuf->ipr_flags = 0;
|
|
DataSize += RH->rh_headersize;
|
|
} else {
|
|
pRcvBuf = FirstBuf;
|
|
}
|
|
DeliverToUserEx(SrcNTE, NTE, Header, RH->rh_headersize, pRcvBuf,
|
|
DataSize, &OptInfo, NULL, DestType, LinkCtxt);
|
|
if (FirewallMode) {
|
|
// RH chain is already freed.
|
|
CTEFreeMem(RH);
|
|
CTEInterlockedDecrementLong(&NumRH);
|
|
} else {
|
|
FreeRH(RH);
|
|
}
|
|
} else { // Normal Path
|
|
|
|
DeliverToUser(SrcNTE, NTE, Header, RH->rh_headersize, FirstBuf,
|
|
RH->rh_datasize, &OptInfo, NULL, DestType);
|
|
FreeRH(RH);
|
|
}
|
|
} else
|
|
CTEFreeLockFromDPC(&NTE->nte_lock);
|
|
}
|
|
|
|
//* RATDComplete - Completion routing for a reassembly transfer data.
|
|
//
|
|
// This is the completion handle for TDs invoked because we are reassembling
|
|
// a fragment.
|
|
//
|
|
// Input: NetContext - Ptr to the net table entry on which we received
|
|
// this.
|
|
// Packet - Packet we received into.
|
|
// Status - Final status of copy.
|
|
// DataSize - Size in bytes of data transferred.
|
|
//
|
|
// Returns: Nothing
|
|
//
|
|
void
|
|
RATDComplete(void *NetContext, PNDIS_PACKET Packet, NDIS_STATUS Status, uint DataSize)
|
|
{
|
|
NetTableEntry *NTE = (NetTableEntry *) NetContext;
|
|
Interface *SrcIF;
|
|
TDContext *Context = (TDContext *) Packet->ProtocolReserved;
|
|
PNDIS_BUFFER Buffer;
|
|
|
|
if (Status == NDIS_STATUS_SUCCESS) {
|
|
Context->tdc_rbd->rbd_buf.ipr_size = DataSize;
|
|
ReassembleFragment(Context->tdc_nte, NTE, Context->tdc_rbd,
|
|
(IPHeader *) Context->tdc_header, Context->tdc_hlength, Context->tdc_dtype, NULL);
|
|
}
|
|
NdisUnchainBufferAtFront(Packet, &Buffer);
|
|
NdisFreeBuffer(Buffer);
|
|
Context->tdc_common.pc_flags &= ~PACKET_FLAG_RA;
|
|
SrcIF = NTE->nte_if;
|
|
CTEGetLockAtDPC(&SrcIF->if_lock);
|
|
|
|
Context->tdc_common.pc_link = SrcIF->if_tdpacket;
|
|
SrcIF->if_tdpacket = Packet;
|
|
CTEFreeLockFromDPC(&SrcIF->if_lock);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
//* IPReassemble - Reassemble an incoming datagram.
|
|
//
|
|
// Called when we receive an incoming fragment. The first thing we do is
|
|
// get a buffer to put the fragment in. If we can't we'll exit. Then we
|
|
// copy the data, either via transfer data or directly if it all fits.
|
|
//
|
|
// Input: SrcNTE - Pointer to NTE that received the datagram.
|
|
// NTE - Pointer to NTE on which to reassemble.
|
|
// IPH - Pointer to header of packet.
|
|
// HeaderSize - Size in bytes of header.
|
|
// Data - Pointer to data part of fragment.
|
|
// BufferLengt - Length in bytes of user data available in the
|
|
// buffer.
|
|
// DataLength - Length in bytes of the (upper-layer) data.
|
|
// DestType - Type of destination
|
|
// LContext1, LContext2 - Link layer context values.
|
|
//
|
|
// Returns: Nothing.
|
|
//
|
|
void
|
|
IPReassemble(NetTableEntry * SrcNTE, NetTableEntry * NTE, IPHeader UNALIGNED * IPH,
|
|
uint HeaderSize,
|
|
uchar * Data, uint BufferLength, uint DataLength, uchar DestType, NDIS_HANDLE LContext1,
|
|
uint LContext2, LinkEntry * LinkCtxt)
|
|
{
|
|
Interface *RcvIF;
|
|
PNDIS_PACKET TDPacket; // NDIS packet used for TD.
|
|
TDContext *TDC = (TDContext *) NULL; // Transfer data context.
|
|
NDIS_STATUS Status;
|
|
PNDIS_BUFFER Buffer;
|
|
RABufDesc *NewRBD; // Pointer to new RBD to hold
|
|
// arriving fragment.
|
|
uint AllocSize;
|
|
|
|
IPSInfo.ipsi_reasmreqds++;
|
|
|
|
//
|
|
// Drop invalid length fragments.
|
|
// We expect at least 8 byte len payload
|
|
// in fragments except for the last one.
|
|
//
|
|
|
|
if ((DataLength == 0) ||
|
|
((IPH->iph_offset & IP_MF_FLAG) && DataLength < 8)) {
|
|
return;
|
|
}
|
|
|
|
//
|
|
// First, get a new RBD to hold the arriving fragment. If we can't,
|
|
// then just skip the rest. The RBD has the buffer implicitly at the end
|
|
// of it. The buffer for the first fragment must be at least
|
|
// MIN_FIRST_SIZE bytes.
|
|
//
|
|
if ((IPH->iph_offset & IP_OFFSET_MASK) == 0) {
|
|
AllocSize = MAX(MIN_FIRST_SIZE, DataLength);
|
|
} else
|
|
AllocSize = DataLength;
|
|
|
|
NewRBD = CTEAllocMemN(sizeof(RABufDesc) + AllocSize, 'fiCT');
|
|
|
|
if (NewRBD != (RABufDesc *) NULL) {
|
|
|
|
NewRBD->rbd_buf.ipr_buffer = (uchar *) (NewRBD + 1);
|
|
NewRBD->rbd_buf.ipr_size = DataLength;
|
|
NewRBD->rbd_buf.ipr_owner = IPR_OWNER_IP;
|
|
NewRBD->rbd_buf.ipr_flags = 0;
|
|
|
|
NewRBD->rbd_AllocSize = AllocSize;
|
|
|
|
NewRBD->rbd_buf.ipr_pMdl = NULL;
|
|
NewRBD->rbd_buf.ipr_pClientCnt = NULL;
|
|
|
|
//
|
|
// Copy the data into the buffer. If we need to call transfer data
|
|
// do so now.
|
|
//
|
|
if (DataLength > BufferLength) { // Need to call transfer data.
|
|
|
|
NdisAllocateBuffer(&Status, &Buffer, BufferPool, NewRBD + 1, DataLength);
|
|
if (Status != NDIS_STATUS_SUCCESS) {
|
|
IPSInfo.ipsi_reasmfails++;
|
|
CTEFreeMem(NewRBD);
|
|
return;
|
|
}
|
|
// Now get a packet for transferring the frame.
|
|
RcvIF = SrcNTE->nte_if;
|
|
CTEGetLockAtDPC(&RcvIF->if_lock);
|
|
TDPacket = RcvIF->if_tdpacket;
|
|
|
|
if (TDPacket != (PNDIS_PACKET) NULL) {
|
|
|
|
TDC = (TDContext *) TDPacket->ProtocolReserved;
|
|
RcvIF->if_tdpacket = TDC->tdc_common.pc_link;
|
|
CTEFreeLockFromDPC(&RcvIF->if_lock);
|
|
|
|
TDC->tdc_common.pc_flags |= PACKET_FLAG_RA;
|
|
TDC->tdc_nte = NTE;
|
|
TDC->tdc_dtype = DestType;
|
|
TDC->tdc_hlength = (uchar) HeaderSize;
|
|
TDC->tdc_rbd = NewRBD;
|
|
RtlCopyMemory(TDC->tdc_header, IPH, HeaderSize + 8);
|
|
NdisChainBufferAtFront(TDPacket, Buffer);
|
|
Status = (*(RcvIF->if_transfer)) (RcvIF->if_lcontext,
|
|
LContext1, LContext2, HeaderSize,
|
|
DataLength, TDPacket, &DataLength);
|
|
if (Status != NDIS_STATUS_PENDING)
|
|
RATDComplete(SrcNTE, TDPacket, Status, DataLength);
|
|
else
|
|
return;
|
|
} else { // Couldn't get a TD packet.
|
|
|
|
CTEFreeLockFromDPC(&RcvIF->if_lock);
|
|
CTEFreeMem(NewRBD);
|
|
IPSInfo.ipsi_reasmfails++;
|
|
return;
|
|
}
|
|
} else { // It all fits, copy it.
|
|
|
|
RtlCopyMemory(NewRBD + 1, Data, DataLength);
|
|
ReassembleFragment(NTE, SrcNTE, NewRBD, IPH, HeaderSize, DestType, LinkCtxt);
|
|
}
|
|
} else {
|
|
IPSInfo.ipsi_reasmfails++;
|
|
}
|
|
}
|
|
|
|
//* CheckLocalOptions - Check the options received with a packet.
|
|
//
|
|
// A routine called when we've received a packet for this host and want to
|
|
// examine it for options. We process the options, and return TRUE or FALSE
|
|
// depending on whether or not it's for us.
|
|
//
|
|
// Input: SrcNTE - Pointer to NTE this came in on.
|
|
// Header - Pointer to incoming header.
|
|
// OptInfo - Place to put opt info.
|
|
// DestType - Type of incoming packet.
|
|
//
|
|
// Returns: DestType - Local or remote.
|
|
//
|
|
uchar
|
|
CheckLocalOptions(NetTableEntry * SrcNTE, IPHeader UNALIGNED * Header,
|
|
IPOptInfo * OptInfo, uchar DestType, uchar* Data,
|
|
uint DataSize, BOOLEAN FilterOnDrop)
|
|
{
|
|
uint HeaderLength; // Length in bytes of header.
|
|
OptIndex Index;
|
|
uchar ErrIndex;
|
|
|
|
HeaderLength = (Header->iph_verlen & (uchar) ~ IP_VER_FLAG) << 2;
|
|
ASSERT(HeaderLength > sizeof(IPHeader));
|
|
|
|
OptInfo->ioi_options = (uchar *) (Header + 1);
|
|
OptInfo->ioi_optlength = (uchar) (HeaderLength - sizeof(IPHeader));
|
|
|
|
// We have options of some sort. The packet may or may not be bound for us.
|
|
Index.oi_srindex = MAX_OPT_SIZE;
|
|
if ((ErrIndex = ParseRcvdOptions(OptInfo, &Index)) < MAX_OPT_SIZE) {
|
|
if (!FilterOnDrop || !RefPtrValid(&FilterRefPtr) ||
|
|
NotifyFilterOfDiscard(SrcNTE, Header, Data, DataSize)) {
|
|
SendICMPErr(SrcNTE->nte_addr, Header, ICMP_PARAM_PROBLEM, PTR_VALID,
|
|
((ulong) ErrIndex + sizeof(IPHeader)), 0);
|
|
}
|
|
return DEST_INVALID; // Parameter error.
|
|
|
|
}
|
|
//
|
|
// If there's no source route, or if the destination is a broadcast, we'll
|
|
// take it. If it is a broadcast DeliverToUser will forward it when it's
|
|
// done, and the forwarding code will reprocess the options.
|
|
//
|
|
if (Index.oi_srindex == MAX_OPT_SIZE || IS_BCAST_DEST(DestType))
|
|
return DEST_LOCAL;
|
|
else
|
|
return DEST_REMOTE;
|
|
}
|
|
|
|
//* TDUserRcv - Completion routing for a user transfer data.
|
|
//
|
|
// This is the completion handle for TDs invoked because we need to give
|
|
// data to a upper layer client. All we really do is call the upper layer
|
|
// handler with the data.
|
|
//
|
|
// Input: NetContext - Pointer to the net table entry on which we
|
|
// received this.
|
|
// Packet - Packet we received into.
|
|
// Status - Final status of copy.
|
|
// DataSize - Size in bytes of data transferred.
|
|
//
|
|
// Returns: Nothing
|
|
//
|
|
void
|
|
TDUserRcv(void *NetContext, PNDIS_PACKET Packet, NDIS_STATUS Status,
|
|
uint DataSize)
|
|
{
|
|
NetTableEntry *NTE = (NetTableEntry *) NetContext;
|
|
Interface *SrcIF;
|
|
TDContext *Context = (TDContext *) Packet->ProtocolReserved;
|
|
uchar DestType;
|
|
IPRcvBuf RcvBuf;
|
|
IPOptInfo OptInfo;
|
|
IPHeader *Header;
|
|
uint PromiscuousMode = 0;
|
|
uint FirewallMode = 0;
|
|
|
|
if (NTE->nte_flags & NTE_VALID) {
|
|
FirewallMode = ProcessFirewallQ();
|
|
PromiscuousMode = NTE->nte_if->if_promiscuousmode;
|
|
}
|
|
if (Status == NDIS_STATUS_SUCCESS) {
|
|
Header = (IPHeader *) Context->tdc_header;
|
|
OptInfo.ioi_ttl = Header->iph_ttl;
|
|
OptInfo.ioi_tos = Header->iph_tos;
|
|
OptInfo.ioi_flags = (uchar) ((net_short(Header->iph_offset) >> 13) & IP_FLAG_DF);
|
|
if (Context->tdc_hlength != sizeof(IPHeader)) {
|
|
OptInfo.ioi_options = (uchar *) (Header + 1);
|
|
OptInfo.ioi_optlength = Context->tdc_hlength - sizeof(IPHeader);
|
|
} else {
|
|
OptInfo.ioi_options = (uchar *) NULL;
|
|
OptInfo.ioi_optlength = 0;
|
|
}
|
|
|
|
DestType = Context->tdc_dtype;
|
|
RcvBuf.ipr_next = NULL;
|
|
RcvBuf.ipr_owner = IPR_OWNER_STACK;
|
|
RcvBuf.ipr_buffer = (uchar *) Context->tdc_buffer;
|
|
RcvBuf.ipr_size = DataSize;
|
|
RcvBuf.ipr_flags = 0;
|
|
RcvBuf.ipr_pMdl = NULL;
|
|
RcvBuf.ipr_pClientCnt = NULL;
|
|
|
|
if (((IPSecHandlerPtr) && (RefPtrValid(&FilterRefPtr))) ||
|
|
(FirewallMode) || (PromiscuousMode)) {
|
|
|
|
if (FirewallMode) {
|
|
// attach the header and allocate pRcvBuf on a heap, we free it if firewall is present
|
|
IPRcvBuf *pRcvBuf;
|
|
// attach the header
|
|
pRcvBuf = (IPRcvBuf *) CTEAllocMemN(sizeof(IPRcvBuf), 'giCT');
|
|
if (!pRcvBuf) {
|
|
return;
|
|
}
|
|
pRcvBuf->ipr_owner = IPR_OWNER_IP;
|
|
pRcvBuf->ipr_buffer = (uchar *) Header;
|
|
pRcvBuf->ipr_size = Context->tdc_hlength;
|
|
pRcvBuf->ipr_pMdl = NULL;
|
|
pRcvBuf->ipr_pClientCnt = NULL;
|
|
pRcvBuf->ipr_flags = 0;
|
|
|
|
// attach the data
|
|
pRcvBuf->ipr_next = (IPRcvBuf *) CTEAllocMemN(sizeof(IPRcvBuf), 'hiCT');
|
|
if (!pRcvBuf->ipr_next) {
|
|
CTEFreeMem(pRcvBuf);
|
|
return;
|
|
}
|
|
pRcvBuf->ipr_next->ipr_owner = IPR_OWNER_IP;
|
|
pRcvBuf->ipr_next->ipr_buffer = (uchar *) Context->tdc_buffer;
|
|
pRcvBuf->ipr_next->ipr_size = DataSize;
|
|
pRcvBuf->ipr_next->ipr_pMdl = NULL;
|
|
pRcvBuf->ipr_next->ipr_pClientCnt = NULL;
|
|
pRcvBuf->ipr_next->ipr_next = NULL;
|
|
pRcvBuf->ipr_next->ipr_flags = 0;
|
|
|
|
|
|
DataSize += Context->tdc_hlength;
|
|
DeliverToUserEx(NTE, Context->tdc_nte, Header, Context->tdc_hlength,
|
|
pRcvBuf, DataSize, &OptInfo, Packet, DestType, NULL);
|
|
} else {
|
|
DeliverToUserEx(NTE, Context->tdc_nte, Header, Context->tdc_hlength,
|
|
&RcvBuf, DataSize, &OptInfo, Packet, DestType, NULL);
|
|
}
|
|
} else {
|
|
|
|
DeliverToUser(NTE, Context->tdc_nte, Header, Context->tdc_hlength,
|
|
&RcvBuf, DataSize, &OptInfo, Packet, DestType);
|
|
// If it's a broadcast packet forward it on.
|
|
if (IS_BCAST_DEST(DestType))
|
|
IPForwardPkt(NTE, Header, Context->tdc_hlength, RcvBuf.ipr_buffer, DataSize,
|
|
NULL, 0, DestType, 0, NULL, NULL, NULL);
|
|
}
|
|
}
|
|
|
|
SrcIF = NTE->nte_if;
|
|
CTEGetLockAtDPC(&SrcIF->if_lock);
|
|
|
|
Context->tdc_common.pc_link = SrcIF->if_tdpacket;
|
|
SrcIF->if_tdpacket = Packet;
|
|
|
|
CTEFreeLockFromDPC(&SrcIF->if_lock);
|
|
}
|
|
|
|
void
|
|
IPInjectPkt(FORWARD_ACTION Action, void *SavedContext, uint SavedContextLength,
|
|
struct IPHeader UNALIGNED *IPH, struct IPRcvBuf *DataChain)
|
|
{
|
|
char *Data;
|
|
char *PreservedData;
|
|
uint DataSize;
|
|
PFIREWALL_CONTEXT_T pFirCtx = (PFIREWALL_CONTEXT_T) SavedContext;
|
|
NetTableEntry *NTE = pFirCtx->NTE; // Local NTE received on
|
|
LinkEntry *LinkCtxt = pFirCtx->LinkCtxt; // Local NTE received on
|
|
NetTableEntry *DestNTE; // NTE to receive on.
|
|
IPAddr DAddr; // Dest. IP addr. of received packet.
|
|
uint HeaderLength; // Size in bytes of received header.
|
|
uint IPDataLength; // Length in bytes of IP (including UL) data in packet.
|
|
IPOptInfo OptInfo; // Incoming header information.
|
|
uchar DestType; // Type (LOCAL, REMOTE, SR) of Daddr.
|
|
IPRcvBuf RcvBuf;
|
|
IPRcvBuf *tmpRcvBuf;
|
|
ulong Offset;
|
|
KIRQL OldIrql;
|
|
|
|
|
|
UNREFERENCED_PARAMETER(SavedContextLength);
|
|
|
|
//
|
|
// One can not inject a packet that was being transmitted earlier
|
|
//
|
|
ASSERT(pFirCtx->Direction == IP_RECEIVE);
|
|
|
|
if (Action == ICMP_ON_DROP) {
|
|
// send an ICMP message ?????
|
|
return;
|
|
}
|
|
ASSERT(Action == FORWARD);
|
|
|
|
DataSize = 0;
|
|
tmpRcvBuf = DataChain;
|
|
while (tmpRcvBuf != NULL) {
|
|
ASSERT(tmpRcvBuf->ipr_buffer != NULL);
|
|
DataSize += tmpRcvBuf->ipr_size;
|
|
tmpRcvBuf = tmpRcvBuf->ipr_next;
|
|
}
|
|
|
|
Data = (char *) CTEAllocMemN(DataSize, 'iiCT');
|
|
if (Data == NULL) {
|
|
return;
|
|
}
|
|
tmpRcvBuf = DataChain;
|
|
Offset = 0;
|
|
|
|
while (tmpRcvBuf != NULL) {
|
|
ASSERT(tmpRcvBuf->ipr_buffer != NULL);
|
|
#if DBG_VALIDITY_CHECK
|
|
if (Offset + tmpRcvBuf->ipr_size > DataSize) {
|
|
DbgPrint("Offset %d: tmpRcvBuf->ipr_size %d: DataSize %d ::::\n",
|
|
Offset, tmpRcvBuf->ipr_size, DataSize);
|
|
DbgBreakPoint();
|
|
}
|
|
#endif
|
|
RtlCopyMemory(Data + Offset, tmpRcvBuf->ipr_buffer, tmpRcvBuf->ipr_size);
|
|
Offset += tmpRcvBuf->ipr_size;
|
|
tmpRcvBuf = tmpRcvBuf->ipr_next;
|
|
}
|
|
|
|
PreservedData = Data;
|
|
|
|
// free the data chain
|
|
// IPFreeBuff(pContextInfo->DataChain);
|
|
IPH = (IPHeader UNALIGNED *) Data;
|
|
// Make sure we actually have data.
|
|
if (DataSize) {
|
|
|
|
// Check the header length, the xsum and the version. If any of these
|
|
// checks fail silently discard the packet.
|
|
HeaderLength = ((IPH->iph_verlen & (uchar) ~ IP_VER_FLAG) << 2);
|
|
if (HeaderLength >= sizeof(IPHeader) && HeaderLength <= DataSize) {
|
|
|
|
// Check the version, and sanity check the total length.
|
|
IPDataLength = (uint) net_short(IPH->iph_length);
|
|
if ((IPH->iph_verlen & IP_VER_FLAG) == IP_VERSION &&
|
|
IPDataLength > sizeof(IPHeader)) {
|
|
|
|
IPDataLength -= HeaderLength;
|
|
Data = (char *) Data + HeaderLength;
|
|
DataSize -= HeaderLength;
|
|
|
|
// IPDataLength should be equal to DataSize
|
|
ASSERT(IPDataLength == DataSize);
|
|
|
|
DAddr = IPH->iph_dest;
|
|
DestNTE = NTE;
|
|
|
|
// Find local NTE, if any.
|
|
DestType = GetLocalNTE(DAddr, &DestNTE);
|
|
|
|
OptInfo.ioi_ttl = IPH->iph_ttl;
|
|
OptInfo.ioi_tos = IPH->iph_tos;
|
|
OptInfo.ioi_flags = (uchar) ((net_short(IPH->iph_offset) >> 13) &
|
|
IP_FLAG_DF);
|
|
OptInfo.ioi_options = (uchar *) NULL;
|
|
OptInfo.ioi_optlength = 0;
|
|
|
|
if ((DestType < DEST_REMOTE)) {
|
|
// It's either local or some sort of broadcast.
|
|
|
|
// The data probably belongs at this station. If there
|
|
// aren't any options, it definetly belongs here, and we'll
|
|
// dispatch it either to our reasssmbly code or to the
|
|
// deliver to user code. If there are options, we'll check
|
|
// them and then either handle the packet locally or pass it
|
|
// to our forwarding code.
|
|
|
|
if (HeaderLength != sizeof(IPHeader)) {
|
|
// We have options.
|
|
uchar NewDType;
|
|
|
|
NewDType = CheckLocalOptions(NTE, IPH, &OptInfo,
|
|
DestType, NULL, 0, FALSE);
|
|
if (NewDType != DEST_LOCAL) {
|
|
if (NewDType == DEST_REMOTE)
|
|
goto forward;
|
|
else {
|
|
IPSInfo.ipsi_inhdrerrors++;
|
|
CTEFreeMem(PreservedData);
|
|
return; // Bad Options.
|
|
|
|
}
|
|
}
|
|
}
|
|
RcvBuf.ipr_next = NULL;
|
|
RcvBuf.ipr_owner = IPR_OWNER_STACK;
|
|
RcvBuf.ipr_buffer = (uchar *) Data;
|
|
RcvBuf.ipr_size = IPDataLength;
|
|
RcvBuf.ipr_flags = 0;
|
|
|
|
RcvBuf.ipr_pMdl = NULL;
|
|
RcvBuf.ipr_pClientCnt = NULL;
|
|
|
|
// When we get here, we have the whole packet. Deliver
|
|
// it.
|
|
KeRaiseIrql(DISPATCH_LEVEL, &OldIrql);
|
|
DeliverToUser(NTE, DestNTE, IPH, HeaderLength, &RcvBuf,
|
|
IPDataLength, &OptInfo, NULL, DestType);
|
|
// When we're here, we're through with the packet
|
|
// locally. If it's a broadcast packet forward it on.
|
|
if (IS_BCAST_DEST(DestType)) {
|
|
IPForwardPkt(NTE, IPH, HeaderLength, Data, IPDataLength, NULL, 0, DestType, 0, NULL, NULL, LinkCtxt);
|
|
}
|
|
KeLowerIrql(OldIrql);
|
|
// free the data, work item and various fields within them.
|
|
CTEFreeMem(PreservedData);
|
|
return;
|
|
}
|
|
// Not for us, may need to be forwarded. It might be an outgoing
|
|
// broadcast that came in through a source route, so we need to
|
|
// check that.
|
|
forward:
|
|
if (DestType != DEST_INVALID) {
|
|
KeRaiseIrql(DISPATCH_LEVEL, &OldIrql);
|
|
IPForwardPkt(NTE, IPH, HeaderLength, Data, DataSize,
|
|
NULL, 0, DestType, 0, NULL, NULL, LinkCtxt);
|
|
KeLowerIrql(OldIrql);
|
|
} else
|
|
IPSInfo.ipsi_inaddrerrors++;
|
|
// free the data, work item and various fields within them.
|
|
CTEFreeMem(PreservedData);
|
|
|
|
return;
|
|
|
|
} // Bad Version
|
|
} // Bad checksum
|
|
} // No data
|
|
|
|
IPSInfo.ipsi_inhdrerrors++;
|
|
// free the data, work item and various fields within them.
|
|
CTEFreeMem(PreservedData);
|
|
}
|
|
|
|
//* IPRcvPacket - Receive an incoming IP datagram along with the ndis packet
|
|
//
|
|
// This is the routine called by the link layer module when an incoming IP
|
|
// datagram is to be processed. We validate the datagram (including doing
|
|
// the xsum), copy and process incoming options, and decide what to do
|
|
// with it.
|
|
//
|
|
// Entry: MyContext - The context valued we gave to the link layer.
|
|
// Data - Pointer to the data buffer.
|
|
// DataSize - Size in bytes of the data buffer.
|
|
// TotalSize - Total size in bytes available.
|
|
// LContext1 - 1st link context.
|
|
// LContext2 - 2nd link context.
|
|
// BCast - Indicates whether or not packet was received
|
|
// on bcast address.
|
|
// HeaderSize - size of the mac header
|
|
// pMdl - NDIS Packet from the MAC driver
|
|
// pClientCnt - Variable to indicate how many upper layer
|
|
// clients were given this packet
|
|
// for TCP it will be only 1.
|
|
//
|
|
// Returns: Nothing.
|
|
//
|
|
void
|
|
__stdcall
|
|
IPRcvPacket(void *MyContext, void *Data, uint DataSize, uint TotalSize,
|
|
NDIS_HANDLE LContext1, uint LContext2, uint BCast,
|
|
uint MacHeaderSize, PNDIS_BUFFER pNdisBuffer, uint *pClientCnt,
|
|
LinkEntry *LinkCtxt)
|
|
{
|
|
IPHeader UNALIGNED *IPH = (IPHeader UNALIGNED *) Data;
|
|
NetTableEntry *NTE = (NetTableEntry *) MyContext; // Local NTE received on
|
|
NetTableEntry *DestNTE; // NTE to receive on.
|
|
Interface *RcvIF = NULL; // Interface corresponding to NTE.
|
|
PNDIS_PACKET TDPacket = NULL; // NDIS packet used for TD.
|
|
TDContext *TDC = (TDContext *) NULL; // Transfer data context.
|
|
NDIS_STATUS Status;
|
|
IPAddr DAddr; // Dest. IP addr. of received packet.
|
|
uint HeaderLength; // Size in bytes of received header.
|
|
uint IPDataLength; // Length in bytes of IP (including UL)
|
|
// data in packet.
|
|
IPOptInfo OptInfo; // Incoming header information.
|
|
uchar DestType; // Type (LOCAL, REMOTE, SR) of Daddr.
|
|
IPRcvBuf RcvBuf;
|
|
|
|
BOOLEAN ChkSumOk = FALSE;
|
|
|
|
// used by firewall
|
|
uchar NewDType;
|
|
IPRcvBuf *pRcvBuf;
|
|
uint MoreData = 0;
|
|
uchar *PreservedData;
|
|
uchar *HdrBuf;
|
|
uint DataLength;
|
|
uint FirewallMode = 0;
|
|
uint PromiscuousMode = 0;
|
|
uint AbsorbFwdPkt = 0;
|
|
PNDIS_PACKET OffLoadPkt = NULL;
|
|
BOOLEAN Loopback = FALSE;
|
|
|
|
IPSIncrementInReceiveCount();
|
|
|
|
// Make sure we actually have data.
|
|
if (0 == DataSize) {
|
|
goto HeaderError;
|
|
}
|
|
|
|
// Check the header length, the xsum and the version. If any of these
|
|
// checks fail silently discard the packet.
|
|
HeaderLength = ((IPH->iph_verlen & (uchar)~IP_VER_FLAG) << 2);
|
|
|
|
if ((HeaderLength < sizeof(IPHeader)) || (HeaderLength > DataSize)) {
|
|
goto HeaderError;
|
|
}
|
|
|
|
//Check if hardware did the checksum or not by inspecting Lcontext1
|
|
if (pClientCnt) {
|
|
PNDIS_PACKET_EXTENSION PktExt;
|
|
NDIS_TCP_IP_CHECKSUM_PACKET_INFO ChksumPktInfo;
|
|
|
|
if (pNdisBuffer) {
|
|
OffLoadPkt = NDIS_GET_ORIGINAL_PACKET((PNDIS_PACKET) (LContext1));
|
|
if (!OffLoadPkt) {
|
|
OffLoadPkt = (PNDIS_PACKET) (LContext1);
|
|
}
|
|
} else {
|
|
OffLoadPkt = (PNDIS_PACKET) pClientCnt;
|
|
}
|
|
|
|
PktExt = NDIS_PACKET_EXTENSION_FROM_PACKET(OffLoadPkt);
|
|
|
|
ChksumPktInfo.Value = PtrToUshort(PktExt->NdisPacketInfo[TcpIpChecksumPacketInfo]);
|
|
|
|
if (ChksumPktInfo.Value) {
|
|
if (ChksumPktInfo.Receive.NdisPacketIpChecksumSucceeded) {
|
|
ChkSumOk = TRUE;
|
|
}
|
|
}
|
|
//
|
|
// Check if this packet is an echo of packet that we sent.
|
|
//
|
|
Loopback = (NdisGetPacketFlags(OffLoadPkt) & NDIS_FLAGS_IS_LOOPBACK_PACKET)?TRUE : FALSE;
|
|
}
|
|
|
|
// Unless the hardware says the checksum was correct, checksum the
|
|
// header ourselves and bail out if it is incorrect.
|
|
if (!ChkSumOk && (xsum(Data, HeaderLength) != (ushort) 0xffff)) {
|
|
goto HeaderError;
|
|
}
|
|
|
|
// Check the version, and sanity check the total length.
|
|
IPDataLength = (uint) net_short(IPH->iph_length);
|
|
|
|
if (((IPH->iph_verlen & IP_VER_FLAG) != IP_VERSION) ||
|
|
(IPDataLength < HeaderLength) || (IPDataLength > TotalSize)) {
|
|
goto HeaderError;
|
|
}
|
|
|
|
IPDataLength -= HeaderLength;
|
|
// In case of firewall, we need to pass the whole data including header
|
|
PreservedData = (uchar *) Data;
|
|
Data = (uchar *) Data + HeaderLength;
|
|
DataSize -= HeaderLength;
|
|
|
|
DAddr = IPH->iph_dest;
|
|
DestNTE = NTE;
|
|
|
|
// Find local NTE, if any.
|
|
if (BCast == AI_PROMIS_INDEX) {
|
|
DestType = DEST_PROMIS;
|
|
} else {
|
|
DestType = GetLocalNTE(DAddr, &DestNTE);
|
|
}
|
|
|
|
AbsorbFwdPkt = (DestType >= DEST_REMOTE) &&
|
|
(NTE->nte_if->if_absorbfwdpkts) &&
|
|
(IPH->iph_protocol == NTE->nte_if->if_absorbfwdpkts) &&
|
|
IsRtrAlertPacket(IPH);
|
|
PromiscuousMode = NTE->nte_if->if_promiscuousmode;
|
|
FirewallMode = ProcessFirewallQ();
|
|
|
|
// Check to see if this is a non-broadcast IP address that
|
|
// came in as a link layer broadcast. If it is, throw it out.
|
|
// This is an important check for DHCP, since if we're
|
|
// DHCPing an interface all otherwise unknown addresses will
|
|
// come in as DEST_LOCAL. This check here will throw them out
|
|
// if they didn't come in as unicast.
|
|
|
|
if ((BCast == AI_NONUCAST_INDEX) && !IS_BCAST_DEST(DestType)) {
|
|
IPSInfo.ipsi_inaddrerrors++;
|
|
return; // Non bcast packet on bcast address.
|
|
}
|
|
|
|
if (CLASSD_ADDR(DAddr)) {
|
|
NTE->nte_if->if_InMcastPkts++;
|
|
NTE->nte_if->if_InMcastOctets += IPDataLength;
|
|
}
|
|
|
|
OptInfo.ioi_ttl = IPH->iph_ttl;
|
|
OptInfo.ioi_tos = IPH->iph_tos;
|
|
OptInfo.ioi_flags = (uchar) ((net_short(IPH->iph_offset) >> 13) & IP_FLAG_DF);
|
|
OptInfo.ioi_options = (uchar *) NULL;
|
|
OptInfo.ioi_optlength = 0;
|
|
|
|
if ((DestType < DEST_REMOTE) || (AbsorbFwdPkt) ||
|
|
(((FirewallMode) || (PromiscuousMode)) && (DestType != DEST_INVALID)))
|
|
{
|
|
// It's either local or some sort of broadcast.
|
|
|
|
// The data probably belongs at this station. If there
|
|
// aren't any options, it definitely belongs here, and we'll
|
|
// dispatch it either to our reassembly code or to the
|
|
// deliver to user code. If there are options, we'll check
|
|
// them and then either handle the packet locally or pass it
|
|
// to our forwarding code.
|
|
|
|
NewDType = DestType;
|
|
if (DestType < DEST_REMOTE) {
|
|
if (HeaderLength != sizeof(IPHeader)) {
|
|
// We have options.
|
|
|
|
NewDType = CheckLocalOptions(NTE, IPH, &OptInfo, DestType,
|
|
Data, DataSize, TRUE);
|
|
|
|
if (NewDType != DEST_LOCAL) {
|
|
if (NewDType == DEST_REMOTE) {
|
|
if ((!FirewallMode) && (!PromiscuousMode) && (!AbsorbFwdPkt))
|
|
goto forward;
|
|
else
|
|
DestType = NewDType;
|
|
} else {
|
|
goto HeaderError;
|
|
}
|
|
}
|
|
if ((OptInfo.ioi_flags & IP_FLAG_SSRR) &&
|
|
DisableIPSourceRouting == 2) {
|
|
IPSInfo.ipsi_outdiscards++;
|
|
if (RefPtrValid(&FilterRefPtr)) {
|
|
NotifyFilterOfDiscard(NTE, IPH, Data, DataSize);
|
|
}
|
|
return;
|
|
}
|
|
}
|
|
}
|
|
|
|
//
|
|
// Before we go further, if we have a filter installed
|
|
// call it to see if we should take this.
|
|
// if ForwardFirewall/Promiscuous, we can reach at this
|
|
// point
|
|
// if firewall/ipsec/promiscuous present, we will call
|
|
// filter hook in delivertouserex
|
|
// Except if we have a fragment, we also call filter hook
|
|
// now.
|
|
//
|
|
if (((RefPtrValid(&FilterRefPtr)) && (!IPSecHandlerPtr) &&
|
|
(!FirewallMode) && (!PromiscuousMode) &&
|
|
(!AbsorbFwdPkt)) ||
|
|
((RefPtrValid(&FilterRefPtr)) &&
|
|
(IPH->iph_offset & ~(IP_DF_FLAG | IP_RSVD_FLAG)))) {
|
|
Interface *IF = NTE->nte_if;
|
|
IPAddr LinkNextHop;
|
|
IPPacketFilterPtr FilterPtr;
|
|
FORWARD_ACTION Action;
|
|
if ((IF->if_flags & IF_FLAGS_P2MP) && LinkCtxt) {
|
|
LinkNextHop = LinkCtxt->link_NextHop;
|
|
} else {
|
|
LinkNextHop = NULL_IP_ADDR;
|
|
}
|
|
|
|
FilterPtr = AcquireRefPtr(&FilterRefPtr);
|
|
Action = (*FilterPtr) (IPH,
|
|
Data,
|
|
MIN(DataSize, IPDataLength),
|
|
IF->if_index,
|
|
INVALID_IF_INDEX,
|
|
LinkNextHop,
|
|
NULL_IP_ADDR);
|
|
ReleaseRefPtr(&FilterRefPtr);
|
|
|
|
if (Action != FORWARD) {
|
|
IPSInfo.ipsi_indiscards++;
|
|
return;
|
|
}
|
|
}
|
|
// No options. See if it's a fragment. If it is, call our
|
|
// reassembly handler.
|
|
if ((IPH->iph_offset & ~(IP_DF_FLAG | IP_RSVD_FLAG)) == 0) {
|
|
|
|
// We don't have a fragment. If the data all fits,
|
|
// handle it here. Otherwise transfer data it.
|
|
|
|
// Make sure data is all in buffer, and directly
|
|
// accesible.
|
|
if ((IPDataLength > DataSize) || !(NTE->nte_flags & NTE_COPY))
|
|
{
|
|
// The data isn't all here. Transfer data it.
|
|
// Needed by firewall since we need to attach the IPheader
|
|
MoreData = 1;
|
|
|
|
RcvIF = NTE->nte_if;
|
|
CTEGetLockAtDPC(&RcvIF->if_lock);
|
|
TDPacket = RcvIF->if_tdpacket;
|
|
|
|
if (TDPacket != (PNDIS_PACKET) NULL) {
|
|
|
|
TDC = (TDContext *) TDPacket->ProtocolReserved;
|
|
RcvIF->if_tdpacket = TDC->tdc_common.pc_link;
|
|
CTEFreeLockFromDPC(&RcvIF->if_lock);
|
|
|
|
TDC->tdc_nte = DestNTE;
|
|
TDC->tdc_dtype = DestType;
|
|
TDC->tdc_hlength = (uchar) HeaderLength;
|
|
RtlCopyMemory(TDC->tdc_header, IPH,
|
|
HeaderLength + 8);
|
|
|
|
Status = (*(RcvIF->if_transfer)) (
|
|
RcvIF->if_lcontext, LContext1,
|
|
LContext2, HeaderLength,
|
|
IPDataLength, TDPacket,
|
|
&IPDataLength);
|
|
|
|
// Check the status. If it's success, call the
|
|
// receive procedure. Otherwise, if it's pending
|
|
// wait for the callback.
|
|
Data = TDC->tdc_buffer;
|
|
if (Status != NDIS_STATUS_PENDING) {
|
|
if (Status != NDIS_STATUS_SUCCESS) {
|
|
IPSInfo.ipsi_indiscards++;
|
|
CTEGetLockAtDPC(&RcvIF->if_lock);
|
|
TDC->tdc_common.pc_link =
|
|
RcvIF->if_tdpacket;
|
|
RcvIF->if_tdpacket = TDPacket;
|
|
CTEFreeLockFromDPC(&RcvIF->if_lock);
|
|
return;
|
|
}
|
|
} else {
|
|
return; // Status is pending.
|
|
|
|
}
|
|
} else { // Couldn't get a packet.
|
|
|
|
IPSInfo.ipsi_indiscards++;
|
|
CTEFreeLockFromDPC(&RcvIF->if_lock);
|
|
return;
|
|
}
|
|
}
|
|
if (!FirewallMode) {
|
|
// fast path
|
|
RcvBuf.ipr_next = NULL;
|
|
RcvBuf.ipr_owner = IPR_OWNER_STACK;
|
|
RcvBuf.ipr_buffer = (uchar *) Data;
|
|
RcvBuf.ipr_size = IPDataLength;
|
|
RcvBuf.ipr_flags = 0;
|
|
|
|
//
|
|
// Encapsulate the mdl and context info in RcvBuf
|
|
// structure if TD Packet is not involved.
|
|
//
|
|
RcvBuf.ipr_pMdl = NULL;
|
|
RcvBuf.ipr_pClientCnt = NULL;
|
|
if (!MoreData) {
|
|
RcvBuf.ipr_pMdl = pNdisBuffer;
|
|
RcvBuf.ipr_pClientCnt = pClientCnt;
|
|
}
|
|
RcvBuf.ipr_RcvContext = (uchar *)LContext1;
|
|
//ASSERT(LContext2 <= 8);
|
|
RcvBuf.ipr_RcvOffset = MacHeaderSize +
|
|
HeaderLength + LContext2;
|
|
DataLength = IPDataLength;
|
|
pRcvBuf = &RcvBuf;
|
|
|
|
} else { // ForwardFirewallPtr != NULL
|
|
//
|
|
// if Firewall hooks are present we will allocate
|
|
// RcvBuf. Also we will pass IPHeader to
|
|
// DelivertoUserEx
|
|
|
|
if (!MoreData) {
|
|
|
|
if (g_PerCPUIpBuf) {
|
|
pRcvBuf = g_PerCPUIpBuf + KeGetCurrentProcessorNumber();
|
|
pRcvBuf->ipr_owner = IPR_OWNER_STACK;
|
|
} else {
|
|
pRcvBuf = (IPRcvBuf *) CTEAllocMemN(sizeof(IPRcvBuf), 'jiCT');
|
|
if (!pRcvBuf) {
|
|
IPSInfo.ipsi_indiscards++;
|
|
return;
|
|
}
|
|
pRcvBuf->ipr_owner = IPR_OWNER_FIREWALL;
|
|
}
|
|
|
|
|
|
pRcvBuf->ipr_next = NULL;
|
|
|
|
pRcvBuf->ipr_buffer = (uchar *) PreservedData;
|
|
pRcvBuf->ipr_size = IPDataLength + HeaderLength;
|
|
pRcvBuf->ipr_flags = 0;
|
|
|
|
//
|
|
// Encapsulate the mdl and context info in
|
|
// RcvBuf structure
|
|
//
|
|
|
|
pRcvBuf->ipr_pMdl = NULL;
|
|
pRcvBuf->ipr_pClientCnt = NULL;
|
|
|
|
//
|
|
// Enable Buffer ownership in Firewall mode
|
|
// When re-route lookup results in forwarding
|
|
// local packets, this will help firwall clients
|
|
// like proxy/nat to use super fast path in
|
|
// IPForwardPkt().
|
|
//
|
|
|
|
if (DestType < DEST_REMOTE) {
|
|
pRcvBuf->ipr_pMdl = pNdisBuffer;
|
|
pRcvBuf->ipr_pClientCnt = pClientCnt;
|
|
}
|
|
|
|
pRcvBuf->ipr_RcvContext = (uchar *)LContext1;
|
|
|
|
pRcvBuf->ipr_RcvOffset = MacHeaderSize + HeaderLength + LContext2;
|
|
} else { // MoreData=1; we have gone thru TD
|
|
// path attach the header
|
|
|
|
pRcvBuf = (IPRcvBuf *) CTEAllocMemN(sizeof(IPRcvBuf), 'jiCT');
|
|
if (!pRcvBuf) {
|
|
IPSInfo.ipsi_indiscards++;
|
|
return;
|
|
}
|
|
|
|
pRcvBuf->ipr_owner = IPR_OWNER_FIREWALL;
|
|
HdrBuf = (uchar *) CTEAllocMemN(HeaderLength, 'kiCT');
|
|
if (!HdrBuf) {
|
|
CTEFreeMem(pRcvBuf);
|
|
IPSInfo.ipsi_indiscards++;
|
|
return;
|
|
}
|
|
RtlCopyMemory(HdrBuf, IPH, HeaderLength);
|
|
pRcvBuf->ipr_buffer = HdrBuf; // remember to
|
|
// free HdrBuf &
|
|
//pRcvBuf
|
|
|
|
pRcvBuf->ipr_size = HeaderLength;
|
|
pRcvBuf->ipr_flags = 0;
|
|
pRcvBuf->ipr_pMdl = NULL;
|
|
pRcvBuf->ipr_pClientCnt = NULL;
|
|
pRcvBuf->ipr_next = (IPRcvBuf *) CTEAllocMemN(sizeof(IPRcvBuf), 'liCT');
|
|
if (!pRcvBuf->ipr_next) {
|
|
CTEFreeMem(pRcvBuf);
|
|
CTEFreeMem(HdrBuf);
|
|
IPSInfo.ipsi_indiscards++;
|
|
return;
|
|
}
|
|
pRcvBuf->ipr_next->ipr_next = NULL;
|
|
pRcvBuf->ipr_next->ipr_owner = IPR_OWNER_IP;
|
|
pRcvBuf->ipr_next->ipr_buffer = (uchar *) Data;
|
|
pRcvBuf->ipr_next->ipr_size = IPDataLength;
|
|
|
|
//
|
|
//encapsulate the mdl and context info in
|
|
//RcvBuf structure
|
|
//
|
|
pRcvBuf->ipr_next->ipr_pMdl = NULL;
|
|
pRcvBuf->ipr_next->ipr_pClientCnt = NULL;
|
|
pRcvBuf->ipr_next->ipr_RcvContext = (uchar *)LContext1;
|
|
|
|
pRcvBuf->ipr_next->ipr_flags = 0;
|
|
|
|
//ASSERT(LContext2 <= 8);
|
|
pRcvBuf->ipr_next->ipr_RcvOffset =
|
|
MacHeaderSize + HeaderLength + LContext2;
|
|
}
|
|
// In case of firewall, Data includes ipheader also
|
|
DataLength = IPDataLength + HeaderLength;
|
|
}
|
|
|
|
// 3 cases when we go to DeliverToUserEx
|
|
// IPSEC & Filter present; Firewallhooks present;
|
|
// promiscuous mode set on the interface
|
|
|
|
if (((IPSecHandlerPtr) && (RefPtrValid(&FilterRefPtr))) ||
|
|
(FirewallMode) || (PromiscuousMode)) {
|
|
|
|
if (Loopback) {
|
|
//
|
|
// Loopbacked packet should not end up getting
|
|
// forwarded again to prevent nested receive
|
|
// indications from ndis, causing stack overflow.
|
|
//
|
|
pRcvBuf->ipr_flags |= IPR_FLAG_LOOPBACK_PACKET;
|
|
}
|
|
|
|
if (pClientCnt) {
|
|
|
|
DeliverToUserEx(NTE, DestNTE, IPH, HeaderLength,
|
|
pRcvBuf, DataLength, &OptInfo,
|
|
LContext1, DestType, LinkCtxt);
|
|
} else {
|
|
DeliverToUserEx(NTE, DestNTE, IPH, HeaderLength,
|
|
pRcvBuf, DataLength, &OptInfo,
|
|
NULL, DestType, LinkCtxt);
|
|
|
|
}
|
|
} else {
|
|
//
|
|
// When we get here, we have the whole packet.
|
|
// Deliver it.
|
|
//
|
|
|
|
if (pNdisBuffer) {
|
|
DeliverToUser(NTE, DestNTE, IPH, HeaderLength,
|
|
pRcvBuf, IPDataLength, &OptInfo,
|
|
(PNDIS_PACKET) (LContext1),
|
|
DestType);
|
|
} else if (OffLoadPkt) {
|
|
DeliverToUser(NTE, DestNTE, IPH, HeaderLength, pRcvBuf,
|
|
IPDataLength, &OptInfo, OffLoadPkt, DestType);
|
|
|
|
} else {
|
|
|
|
DeliverToUser(
|
|
NTE, DestNTE, IPH, HeaderLength, pRcvBuf,
|
|
IPDataLength, &OptInfo, NULL, DestType);
|
|
|
|
}
|
|
|
|
//
|
|
// When we're here, we're through with the packet
|
|
// locally. If it's a broadcast packet forward it
|
|
// on.
|
|
if (IS_BCAST_DEST(DestType)) {
|
|
|
|
IPForwardPkt(NTE, IPH, HeaderLength, Data,
|
|
IPDataLength, NULL, 0, DestType,
|
|
0, NULL, NULL, LinkCtxt);
|
|
}
|
|
}
|
|
|
|
if (TDC != NULL) {
|
|
CTEGetLockAtDPC(&RcvIF->if_lock);
|
|
TDC->tdc_common.pc_link = RcvIF->if_tdpacket;
|
|
RcvIF->if_tdpacket = TDPacket;
|
|
CTEFreeLockFromDPC(&RcvIF->if_lock);
|
|
}
|
|
return;
|
|
} else {
|
|
// This is a fragment. Reassemble it.
|
|
IPReassemble(NTE, DestNTE, IPH, HeaderLength, Data,
|
|
DataSize, IPDataLength, DestType, LContext1,
|
|
LContext2, LinkCtxt);
|
|
return;
|
|
}
|
|
|
|
}
|
|
// Not for us, may need to be forwarded. It might be an outgoing
|
|
// broadcast that came in through a source route, so we need to
|
|
// check that.
|
|
|
|
forward:
|
|
if (DestType != DEST_INVALID) {
|
|
//
|
|
// If IPSec is active, make sure there are no inbound policies
|
|
// that apply to this packet.
|
|
// N.B - IPSecStatus will be true if there is at least one ipsec policy.
|
|
//
|
|
|
|
if (IPSecStatus &&
|
|
(*IPSecRcvFWPacketPtr)((PCHAR) IPH, Data, DataSize, DestType) != eFORWARD) {
|
|
|
|
IPSInfo.ipsi_indiscards++;
|
|
return;
|
|
}
|
|
|
|
// Super Fast Forward
|
|
// chk the parameters
|
|
IPForwardPkt(NTE, IPH, HeaderLength, Data, DataSize,
|
|
LContext1, LContext2, DestType, MacHeaderSize, pNdisBuffer,
|
|
pClientCnt, LinkCtxt);
|
|
} else {
|
|
IPSInfo.ipsi_inaddrerrors++;
|
|
}
|
|
|
|
return;
|
|
|
|
HeaderError:
|
|
IPSInfo.ipsi_inhdrerrors++;
|
|
}
|
|
|
|
//* IPRcv - Receive an incoming IP datagram.
|
|
//
|
|
// This is the routine called by the link layer module when an incoming IP
|
|
// datagram is to be processed. We validate the datagram (including doing
|
|
// the xsum), copy and process incoming options, and decide what to do with it.
|
|
//
|
|
// Entry: MyContext - The context valued we gave to the link layer.
|
|
// Data - Pointer to the data buffer.
|
|
// DataSize - Size in bytes of the data buffer.
|
|
// TotalSize - Total size in bytes available.
|
|
// LContext1 - 1st link context.
|
|
// LContext2 - 2nd link context.
|
|
// BCast - Indicates whether or not packet was received on bcast address.
|
|
//
|
|
// Returns: Nothing.
|
|
//
|
|
// For buffer ownership version, we just call RcvPacket, with additional
|
|
// two null arguments. Currently LANARP supports buffer owner ship.
|
|
// Rest of the folks (rasarp, wanarp and atmarp) come this way.
|
|
//
|
|
void
|
|
__stdcall
|
|
IPRcv(void *MyContext, void *Data, uint DataSize, uint TotalSize,
|
|
NDIS_HANDLE LContext1, uint LContext2, uint BCast, LinkEntry * LinkCtxt)
|
|
{
|
|
IPRcvPacket(MyContext,
|
|
Data,
|
|
DataSize,
|
|
TotalSize,
|
|
LContext1,
|
|
LContext2,
|
|
BCast,
|
|
(uint) 0,
|
|
NULL,
|
|
NULL,
|
|
LinkCtxt);
|
|
}
|
|
|
|
//* IPTDComplete - IP Transfer data complete handler.
|
|
//
|
|
// This is the routine called by the link layer when a transfer data completes.
|
|
//
|
|
// Entry: MyContext - Context value we gave to the link layer.
|
|
// Packet - Packet we originally gave to transfer data.
|
|
// Status - Final status of command.
|
|
// BytesCopied - Number of bytes copied.
|
|
//
|
|
// Exit: Nothing
|
|
//
|
|
void
|
|
__stdcall
|
|
IPTDComplete(void *MyContext, PNDIS_PACKET Packet, NDIS_STATUS Status,
|
|
uint BytesCopied)
|
|
{
|
|
TDContext *TDC = (TDContext *) Packet->ProtocolReserved;
|
|
FWContext *pFWC = (FWContext *) Packet->ProtocolReserved;
|
|
NetTableEntry *NTE = (NetTableEntry *) MyContext;
|
|
uint PromiscuousMode = 0;
|
|
uint FirewallMode = 0;
|
|
|
|
if (NTE->nte_flags & NTE_VALID) {
|
|
PromiscuousMode = NTE->nte_if->if_promiscuousmode;
|
|
FirewallMode = ProcessFirewallQ();
|
|
}
|
|
if (((IPSecHandlerPtr) && (RefPtrValid(&FilterRefPtr))) ||
|
|
(FirewallMode) || (PromiscuousMode)) {
|
|
if (!(TDC->tdc_common.pc_flags & PACKET_FLAG_RA))
|
|
TDUserRcv(MyContext, Packet, Status, BytesCopied);
|
|
else
|
|
RATDComplete(MyContext, Packet, Status, BytesCopied);
|
|
} else { // Normal Path
|
|
|
|
if (!(TDC->tdc_common.pc_flags & PACKET_FLAG_FW))
|
|
if (!(TDC->tdc_common.pc_flags & PACKET_FLAG_RA))
|
|
TDUserRcv(MyContext, Packet, Status, BytesCopied);
|
|
else
|
|
RATDComplete(MyContext, Packet, Status, BytesCopied);
|
|
else {
|
|
#if IPMCAST
|
|
if (pFWC->fc_dtype == DEST_REM_MCAST) {
|
|
IPMForwardAfterTD(MyContext, Packet, BytesCopied);
|
|
return;
|
|
}
|
|
#endif
|
|
SendFWPacket(Packet, Status, BytesCopied);
|
|
}
|
|
}
|
|
}
|
|
|
|
//* IPFreeBuff -
|
|
// Frees the chain and the buffers associated with the chain if allocated
|
|
// by firewall hook
|
|
//
|
|
//
|
|
void
|
|
IPFreeBuff(IPRcvBuf * pRcvBuf)
|
|
{
|
|
IPRcvBuf *Curr = pRcvBuf;
|
|
IPRcvBuf *Prev;
|
|
|
|
//
|
|
// Free all blocks carried by pRcvbuf
|
|
//
|
|
while (pRcvBuf != NULL) {
|
|
FreeIprBuff(pRcvBuf);
|
|
pRcvBuf = pRcvBuf->ipr_next;
|
|
}
|
|
|
|
while (Curr != NULL) {
|
|
Prev = Curr;
|
|
Curr = Curr->ipr_next;
|
|
//
|
|
// Free pRcvBuf itself
|
|
// if it is not allocated
|
|
// on the stack.
|
|
//
|
|
if (Prev->ipr_owner != IPR_OWNER_STACK) {
|
|
CTEFreeMem(Prev);
|
|
}
|
|
|
|
}
|
|
}
|
|
|
|
//* FreeIprBuff -
|
|
// Frees the buffer associated by IPRcvBuf if tag in rcvbuf is firewall
|
|
// The idea is that if the buffer is allocated by firewall, the tag is firewall
|
|
// and its freed when we call ipfreebuff or this routine. However, there is a
|
|
// slight catch here. In the reassembly path, the buffer is tagged as ip but
|
|
// it has to be freed by ip driver only since the reassembly buffers are
|
|
// allocated by ip only. But in this case, the flat buffer is part of the
|
|
// Rcvbuf structure and so when Rcvbuf structure is freed the flat buffer is
|
|
// also freed. In other cases, fast path in Rcv and xmit path, respective
|
|
// lower and upper layers free the flat buffer. This makes sure that ip is
|
|
// not freeing the buffers which some other layer allocates. This technique
|
|
// is now used by IPSEC also.
|
|
//
|
|
void
|
|
FreeIprBuff(IPRcvBuf * pRcvBuf)
|
|
{
|
|
ASSERT(pRcvBuf != NULL);
|
|
|
|
if ((pRcvBuf->ipr_buffer != NULL) && (pRcvBuf->ipr_owner == IPR_OWNER_FIREWALL)) {
|
|
CTEFreeMem(pRcvBuf->ipr_buffer);
|
|
}
|
|
}
|
|
|
|
//* IPAllocBuff -
|
|
// Allocates a buffer of given size and attaches it to IPRcvBuf
|
|
//
|
|
// Returns: TRUE if success else FALSE
|
|
//
|
|
int
|
|
IPAllocBuff(IPRcvBuf * pRcvBuf, uint size)
|
|
{
|
|
ASSERT(pRcvBuf != NULL);
|
|
|
|
// put a tag in iprcvbuf that firewall allocated it so that
|
|
// FreeIprBuff / IPFreeBuff can free it
|
|
|
|
pRcvBuf->ipr_owner = IPR_OWNER_FIREWALL;
|
|
if ((pRcvBuf->ipr_buffer = (uchar *) CTEAllocMemN(size, 'miCT')) == NULL) {
|
|
return FALSE;
|
|
}
|
|
|
|
return TRUE;
|
|
}
|
|
|