You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2493 lines
60 KiB
2493 lines
60 KiB
/*++
|
|
|
|
Copyright (c) 1999 Microsoft Corporation
|
|
|
|
|
|
Module Name:
|
|
|
|
txspecific.c
|
|
|
|
Abstract:
|
|
|
|
This module contains all of the code to drive the
|
|
specific transport filter list management of IPSecSPD
|
|
Service.
|
|
|
|
Author:
|
|
|
|
abhisheV 29-October-1999
|
|
|
|
Environment
|
|
|
|
User Level: Win32
|
|
|
|
Revision History:
|
|
|
|
|
|
--*/
|
|
|
|
|
|
#include "precomp.h"
|
|
|
|
|
|
DWORD
|
|
ApplyTxTransform(
|
|
PINITXFILTER pFilter,
|
|
MATCHING_ADDR * pMatchingAddresses,
|
|
DWORD dwAddrCnt,
|
|
PSPECIAL_ADDR pSpecialAddrsList,
|
|
PINITXSFILTER * ppSpecificFilters
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This function expands a generic transport filter into its
|
|
corresponding specific filters.
|
|
|
|
Arguments:
|
|
|
|
pFilter - Generic filter to expand.
|
|
|
|
pMatchingAddresses - List of local ip addresses whose interface
|
|
type matches that of the filter.
|
|
|
|
dwAddrCnt - Number of local ip addresses in the list.
|
|
|
|
ppSpecificFilters - List of specific filters expanded for the
|
|
given generic filter.
|
|
|
|
Return Value:
|
|
|
|
ERROR_SUCCESS - Success.
|
|
|
|
Win32 Error - Failure.
|
|
|
|
--*/
|
|
{
|
|
DWORD dwError = 0;
|
|
PINITXSFILTER pSpecificFilters = NULL;
|
|
PINITXSFILTER pOutboundSpecificFilters = NULL;
|
|
PINITXSFILTER pInboundSpecificFilters = NULL;
|
|
|
|
PADDR_V4 pOutSrcAddrList = NULL;
|
|
DWORD dwOutSrcAddrCnt = 0;
|
|
PADDR_V4 pInSrcAddrList = NULL;
|
|
DWORD dwInSrcAddrCnt = 0;
|
|
|
|
PADDR_V4 pOutDesAddrList = NULL;
|
|
DWORD dwOutDesAddrCnt = 0;
|
|
PADDR_V4 pInDesAddrList = NULL;
|
|
DWORD dwInDesAddrCnt = 0;
|
|
|
|
|
|
//
|
|
// Form the outbound and inbound source and destination
|
|
// address lists.
|
|
//
|
|
|
|
dwError = FormTxOutboundInboundAddresses(
|
|
pFilter,
|
|
pMatchingAddresses,
|
|
dwAddrCnt,
|
|
pSpecialAddrsList,
|
|
&pOutSrcAddrList,
|
|
&dwOutSrcAddrCnt,
|
|
&pInSrcAddrList,
|
|
&dwInSrcAddrCnt,
|
|
&pOutDesAddrList,
|
|
&dwOutDesAddrCnt,
|
|
&pInDesAddrList,
|
|
&dwInDesAddrCnt
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
|
|
//
|
|
// Form outbound specific filters.
|
|
//
|
|
|
|
dwError = FormSpecificTxFilters(
|
|
pFilter,
|
|
pOutSrcAddrList,
|
|
dwOutSrcAddrCnt,
|
|
pOutDesAddrList,
|
|
dwOutDesAddrCnt,
|
|
FILTER_DIRECTION_OUTBOUND,
|
|
&pOutboundSpecificFilters
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
|
|
//
|
|
// Form inbound specific filters.
|
|
//
|
|
|
|
dwError = FormSpecificTxFilters(
|
|
pFilter,
|
|
pInSrcAddrList,
|
|
dwInSrcAddrCnt,
|
|
pInDesAddrList,
|
|
dwInDesAddrCnt,
|
|
FILTER_DIRECTION_INBOUND,
|
|
&pInboundSpecificFilters
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
|
|
pSpecificFilters = pOutboundSpecificFilters;
|
|
|
|
AddToSpecificTxList(
|
|
&pSpecificFilters,
|
|
pInboundSpecificFilters
|
|
);
|
|
|
|
|
|
*ppSpecificFilters = pSpecificFilters;
|
|
|
|
cleanup:
|
|
|
|
if (pOutSrcAddrList) {
|
|
FreeSPDMemory(pOutSrcAddrList);
|
|
}
|
|
|
|
if (pInSrcAddrList) {
|
|
FreeSPDMemory(pInSrcAddrList);
|
|
}
|
|
|
|
if (pOutDesAddrList) {
|
|
FreeSPDMemory(pOutDesAddrList);
|
|
}
|
|
|
|
if (pInDesAddrList) {
|
|
FreeSPDMemory(pInDesAddrList);
|
|
}
|
|
|
|
return (dwError);
|
|
|
|
error:
|
|
|
|
if (pOutboundSpecificFilters) {
|
|
FreeIniTxSFilterList(pOutboundSpecificFilters);
|
|
}
|
|
|
|
if (pInboundSpecificFilters) {
|
|
FreeIniTxSFilterList(pInboundSpecificFilters);
|
|
}
|
|
|
|
|
|
*ppSpecificFilters = NULL;
|
|
goto cleanup;
|
|
}
|
|
|
|
|
|
DWORD
|
|
FormTxOutboundInboundAddresses(
|
|
PINITXFILTER pFilter,
|
|
MATCHING_ADDR * pMatchingAddresses,
|
|
DWORD dwAddrCnt,
|
|
PSPECIAL_ADDR pSpecialAddrsList,
|
|
PADDR_V4 * ppOutSrcAddrList,
|
|
PDWORD pdwOutSrcAddrCnt,
|
|
PADDR_V4 * ppInSrcAddrList,
|
|
PDWORD pdwInSrcAddrCnt,
|
|
PADDR_V4 * ppOutDesAddrList,
|
|
PDWORD pdwOutDesAddrCnt,
|
|
PADDR_V4 * ppInDesAddrList,
|
|
PDWORD pdwInDesAddrCnt
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This function forms the outbound and inbound source and
|
|
destination address sets for a generic filter.
|
|
|
|
Arguments:
|
|
|
|
pFilter - Generic filter under consideration.
|
|
|
|
pMatchingAddresses - List of local ip addresses whose interface
|
|
type matches that of the filter.
|
|
|
|
dwAddrCnt - Number of local ip addresses in the list.
|
|
|
|
ppOutSrcAddrList - List of outbound source addresses.
|
|
|
|
pdwOutSrcAddrCnt - Number of addresses in the outbound
|
|
source address list.
|
|
|
|
ppInSrcAddrList - List of inbound source addresses.
|
|
|
|
pdwInSrcAddrCnt - Number of addresses in the inbound
|
|
source address list.
|
|
|
|
ppOutDesAddrList - List of outbound destination addresses.
|
|
|
|
pdwOutDesAddrCnt - Number of addresses in the outbound
|
|
destination address list.
|
|
|
|
ppInDesAddrList - List of inbound destination addresses.
|
|
|
|
pdwInDesAddrCnt - Number of addresses in the inbound
|
|
destination address list.
|
|
|
|
Return Value:
|
|
|
|
ERROR_SUCCESS - Success.
|
|
|
|
Win32 Error - Failure.
|
|
|
|
--*/
|
|
{
|
|
DWORD dwError = 0;
|
|
|
|
PADDR_V4 pSrcAddrList = NULL;
|
|
DWORD dwSrcAddrCnt = 0;
|
|
PADDR_V4 pDesAddrList = NULL;
|
|
DWORD dwDesAddrCnt = 0;
|
|
|
|
PADDR_V4 pOutSrcAddrList = NULL;
|
|
DWORD dwOutSrcAddrCnt = 0;
|
|
PADDR_V4 pInSrcAddrList = NULL;
|
|
DWORD dwInSrcAddrCnt = 0;
|
|
|
|
PADDR_V4 pOutDesAddrList = NULL;
|
|
DWORD dwOutDesAddrCnt = 0;
|
|
PADDR_V4 pInDesAddrList = NULL;
|
|
DWORD dwInDesAddrCnt = 0;
|
|
|
|
|
|
//
|
|
// Replace wild card information to generate the new source
|
|
// address list.
|
|
//
|
|
|
|
dwError = FormAddressList(
|
|
pFilter->SrcAddr,
|
|
pMatchingAddresses,
|
|
dwAddrCnt,
|
|
pSpecialAddrsList,
|
|
pFilter->InterfaceType,
|
|
&pSrcAddrList,
|
|
&dwSrcAddrCnt
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
//
|
|
// Replace wild card information to generate the new destination
|
|
// address list.
|
|
//
|
|
|
|
dwError = FormAddressList(
|
|
pFilter->DesAddr,
|
|
pMatchingAddresses,
|
|
dwAddrCnt,
|
|
pSpecialAddrsList,
|
|
pFilter->InterfaceType,
|
|
&pDesAddrList,
|
|
&dwDesAddrCnt
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
//
|
|
// Separate the source address list into outbound and inbound
|
|
// source address sets based on the local machine's ip addresses.
|
|
//
|
|
|
|
dwError = SeparateAddrList(
|
|
pFilter->SrcAddr.AddrType,
|
|
pSrcAddrList,
|
|
dwSrcAddrCnt,
|
|
pMatchingAddresses,
|
|
dwAddrCnt,
|
|
&pOutSrcAddrList,
|
|
&dwOutSrcAddrCnt,
|
|
&pInSrcAddrList,
|
|
&dwInSrcAddrCnt
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
//
|
|
// Separate the destination address list into outbound and inbound
|
|
// destination address sets based on the local machine's ip
|
|
// addresses.
|
|
//
|
|
|
|
dwError = SeparateAddrList(
|
|
pFilter->DesAddr.AddrType,
|
|
pDesAddrList,
|
|
dwDesAddrCnt,
|
|
pMatchingAddresses,
|
|
dwAddrCnt,
|
|
&pInDesAddrList,
|
|
&dwInDesAddrCnt,
|
|
&pOutDesAddrList,
|
|
&dwOutDesAddrCnt
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
*ppOutSrcAddrList = pOutSrcAddrList;
|
|
*pdwOutSrcAddrCnt = dwOutSrcAddrCnt;
|
|
*ppInSrcAddrList = pInSrcAddrList;
|
|
*pdwInSrcAddrCnt = dwInSrcAddrCnt;
|
|
|
|
*ppOutDesAddrList = pOutDesAddrList;
|
|
*pdwOutDesAddrCnt = dwOutDesAddrCnt;
|
|
*ppInDesAddrList = pInDesAddrList;
|
|
*pdwInDesAddrCnt = dwInDesAddrCnt;
|
|
|
|
cleanup:
|
|
|
|
if (pSrcAddrList) {
|
|
FreeSPDMemory(pSrcAddrList);
|
|
}
|
|
|
|
if (pDesAddrList) {
|
|
FreeSPDMemory(pDesAddrList);
|
|
}
|
|
|
|
return (dwError);
|
|
|
|
error:
|
|
|
|
if (pOutSrcAddrList) {
|
|
FreeSPDMemory(pOutSrcAddrList);
|
|
}
|
|
|
|
if (pInSrcAddrList) {
|
|
FreeSPDMemory(pInSrcAddrList);
|
|
}
|
|
|
|
if (pOutDesAddrList) {
|
|
FreeSPDMemory(pOutDesAddrList);
|
|
}
|
|
|
|
if (pInDesAddrList) {
|
|
FreeSPDMemory(pInDesAddrList);
|
|
}
|
|
|
|
*ppOutSrcAddrList = NULL;
|
|
*pdwOutSrcAddrCnt = 0;
|
|
*ppInSrcAddrList = NULL;
|
|
*pdwInSrcAddrCnt = 0;
|
|
|
|
*ppOutDesAddrList = NULL;
|
|
*pdwOutDesAddrCnt = 0;
|
|
*ppInDesAddrList = NULL;
|
|
*pdwInDesAddrCnt = 0;
|
|
|
|
goto cleanup;
|
|
}
|
|
|
|
|
|
DWORD
|
|
FormAddressList(
|
|
ADDR_V4 InAddr,
|
|
MATCHING_ADDR * pMatchingAddresses,
|
|
DWORD dwAddrCnt,
|
|
PSPECIAL_ADDR pSpecialAddrsList,
|
|
IF_TYPE FilterInterfaceType,
|
|
PADDR_V4 * ppOutAddr,
|
|
PDWORD pdwOutAddrCnt
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This function forms the address list for a generic
|
|
address.
|
|
|
|
Arguments:
|
|
|
|
InAddr - Generic address to expand.
|
|
|
|
pMatchingAddresses - List of local ip addresses whose interface
|
|
type matches that of the filter.
|
|
|
|
dwAddrCnt - Number of local ip addresses in the list.
|
|
|
|
ppOutAddr - Expanded address list for the generic address.
|
|
|
|
pdwOutAddrCnt - Number of addresses in the expanded list.
|
|
|
|
Return Value:
|
|
|
|
ERROR_SUCCESS - Success.
|
|
|
|
Win32 Error - Failure.
|
|
|
|
--*/
|
|
{
|
|
DWORD dwError = 0;
|
|
PADDR_V4 pOutAddr = NULL;
|
|
DWORD dwOutAddrCnt = 0;
|
|
PSPECIAL_ADDR pSpecialAddr;
|
|
DWORD i = 0, j = 0;
|
|
BOOL bMatches = FALSE;
|
|
|
|
switch(InAddr.AddrType) {
|
|
|
|
case IP_ADDR_UNIQUE:
|
|
|
|
if (InAddr.uIpAddr == IP_ADDRESS_ME) {
|
|
|
|
dwError = AllocateSPDMemory(
|
|
sizeof(ADDR_V4) * dwAddrCnt,
|
|
&pOutAddr
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
for (i = 0; i < dwAddrCnt; i++) {
|
|
pOutAddr[i].AddrType = InAddr.AddrType;
|
|
pOutAddr[i].uIpAddr = pMatchingAddresses[i].uIpAddr;
|
|
pOutAddr[i].uSubNetMask = InAddr.uSubNetMask;
|
|
memcpy(
|
|
&pOutAddr[i].gInterfaceID,
|
|
&InAddr.gInterfaceID,
|
|
sizeof(GUID)
|
|
);
|
|
}
|
|
dwOutAddrCnt = dwAddrCnt;
|
|
|
|
}
|
|
else {
|
|
|
|
dwError = AllocateSPDMemory(
|
|
sizeof(ADDR_V4),
|
|
&pOutAddr
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
memcpy(pOutAddr, &InAddr, sizeof(ADDR_V4));
|
|
dwOutAddrCnt = 1;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
case IP_ADDR_SUBNET:
|
|
|
|
dwError = AllocateSPDMemory(
|
|
sizeof(ADDR_V4),
|
|
&pOutAddr
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
memcpy(pOutAddr, &InAddr, sizeof(ADDR_V4));
|
|
dwOutAddrCnt = 1;
|
|
|
|
break;
|
|
|
|
case IP_ADDR_INTERFACE:
|
|
|
|
for (i = 0; i < dwAddrCnt; i++) {
|
|
if (!memcmp(
|
|
&pMatchingAddresses[i].gInterfaceID,
|
|
&InAddr.gInterfaceID,
|
|
sizeof(GUID))) {
|
|
dwOutAddrCnt++;
|
|
}
|
|
}
|
|
|
|
if (dwOutAddrCnt) {
|
|
|
|
dwError = AllocateSPDMemory(
|
|
sizeof(ADDR_V4) * dwOutAddrCnt,
|
|
&pOutAddr
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
for (i = 0; i < dwAddrCnt; i++) {
|
|
|
|
if (!memcmp(
|
|
&pMatchingAddresses[i].gInterfaceID,
|
|
&InAddr.gInterfaceID,
|
|
sizeof(GUID))) {
|
|
pOutAddr[j].AddrType = InAddr.AddrType;
|
|
pOutAddr[j].uIpAddr = pMatchingAddresses[i].uIpAddr;
|
|
pOutAddr[j].uSubNetMask = InAddr.uSubNetMask;
|
|
memcpy(
|
|
&pOutAddr[j].gInterfaceID,
|
|
&InAddr.gInterfaceID,
|
|
sizeof(GUID)
|
|
);
|
|
j++;
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
break;
|
|
default:
|
|
if (IsSpecialServ(InAddr.AddrType)) {
|
|
for (pSpecialAddr = pSpecialAddrsList;
|
|
pSpecialAddr;
|
|
pSpecialAddr = pSpecialAddr->pNext) {
|
|
//
|
|
// Match only if interface types match, or in case of
|
|
// INTERFACE_TYPE_ALL match only first occurence
|
|
//
|
|
if ((FilterInterfaceType == pSpecialAddr->InterfaceType)
|
|
|| (FilterInterfaceType == INTERFACE_TYPE_ALL
|
|
&& !pSpecialAddr->bDupInterface)) {
|
|
|
|
if (InAddr.AddrType == pSpecialAddr->AddrType) {
|
|
dwOutAddrCnt++;
|
|
}
|
|
}
|
|
}
|
|
|
|
if (dwOutAddrCnt) {
|
|
dwError = AllocateSPDMemory(
|
|
sizeof(ADDR_V4) * dwOutAddrCnt,
|
|
&pOutAddr
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
for (pSpecialAddr = pSpecialAddrsList;
|
|
pSpecialAddr;
|
|
pSpecialAddr = pSpecialAddr->pNext) {
|
|
if ((FilterInterfaceType == pSpecialAddr->InterfaceType)
|
|
|| (FilterInterfaceType == INTERFACE_TYPE_ALL
|
|
&& !pSpecialAddr->bDupInterface)) {
|
|
|
|
if (InAddr.AddrType == pSpecialAddr->AddrType) {
|
|
|
|
pOutAddr[j].AddrType = IP_ADDR_UNIQUE;
|
|
pOutAddr[j].uIpAddr = pSpecialAddr->uIpAddr;
|
|
pOutAddr[j].uSubNetMask = IP_ADDRESS_MASK_NONE;
|
|
memcpy(
|
|
&pOutAddr[j].gInterfaceID,
|
|
&InAddr.gInterfaceID,
|
|
sizeof(GUID)
|
|
);
|
|
j++;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
break;
|
|
}
|
|
|
|
*ppOutAddr = pOutAddr;
|
|
*pdwOutAddrCnt = dwOutAddrCnt;
|
|
return (dwError);
|
|
|
|
error:
|
|
|
|
*ppOutAddr = NULL;
|
|
*pdwOutAddrCnt = 0;
|
|
return (dwError);
|
|
}
|
|
|
|
|
|
DWORD
|
|
SeparateAddrList(
|
|
ADDR_TYPE AddrType,
|
|
PADDR_V4 pAddrList,
|
|
DWORD dwAddrCnt,
|
|
MATCHING_ADDR * pMatchingAddresses,
|
|
DWORD dwLocalAddrCnt,
|
|
PADDR_V4 * ppOutAddrList,
|
|
PDWORD pdwOutAddrCnt,
|
|
PADDR_V4 * ppInAddrList,
|
|
PDWORD pdwInAddrCnt
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This function separates the address list into
|
|
two mutually exclusive outbound and inbound
|
|
address sets.
|
|
|
|
Arguments:
|
|
|
|
AddrType - Type of address under consideration.
|
|
|
|
pAddrList - List of addresses to separate.
|
|
|
|
dwAddrCnt - Number of addresses in the list.
|
|
|
|
pMatchingAddresses - List of local ip addresses whose interface
|
|
type matches that of the filter.
|
|
|
|
dwLocalAddrCnt - Number of local ip addresses in the list.
|
|
|
|
ppOutAddrList - List of outbound addresses.
|
|
|
|
pdwOutAddrCnt - Number of addresses in the outbound
|
|
address list.
|
|
|
|
ppInAddrList - List of inbound addresses.
|
|
|
|
pdwInAddrCnt - Number of addresses in the inbound
|
|
address list.
|
|
|
|
Return Value:
|
|
|
|
ERROR_SUCCESS - Success.
|
|
|
|
Win32 Error - Failure.
|
|
|
|
--*/
|
|
{
|
|
DWORD dwError = 0;
|
|
|
|
switch(AddrType) {
|
|
|
|
case IP_ADDR_UNIQUE:
|
|
|
|
dwError = SeparateUniqueAddresses(
|
|
pAddrList,
|
|
dwAddrCnt,
|
|
pMatchingAddresses,
|
|
dwLocalAddrCnt,
|
|
ppOutAddrList,
|
|
pdwOutAddrCnt,
|
|
ppInAddrList,
|
|
pdwInAddrCnt
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
break;
|
|
|
|
case IP_ADDR_SUBNET:
|
|
|
|
dwError = SeparateSubNetAddresses(
|
|
pAddrList,
|
|
dwAddrCnt,
|
|
pMatchingAddresses,
|
|
dwLocalAddrCnt,
|
|
ppOutAddrList,
|
|
pdwOutAddrCnt,
|
|
ppInAddrList,
|
|
pdwInAddrCnt
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
break;
|
|
|
|
case IP_ADDR_INTERFACE:
|
|
|
|
dwError = SeparateInterfaceAddresses(
|
|
pAddrList,
|
|
dwAddrCnt,
|
|
pMatchingAddresses,
|
|
dwLocalAddrCnt,
|
|
ppOutAddrList,
|
|
pdwOutAddrCnt,
|
|
ppInAddrList,
|
|
pdwInAddrCnt
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
break;
|
|
|
|
|
|
default:
|
|
if (IsSpecialServ(AddrType)) {
|
|
dwError = SeparateUniqueAddresses(
|
|
pAddrList,
|
|
dwAddrCnt,
|
|
pMatchingAddresses,
|
|
dwLocalAddrCnt,
|
|
ppOutAddrList,
|
|
pdwOutAddrCnt,
|
|
ppInAddrList,
|
|
pdwInAddrCnt
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
}
|
|
break;
|
|
}
|
|
|
|
error:
|
|
|
|
return (dwError);
|
|
}
|
|
|
|
|
|
DWORD
|
|
FormSpecificTxFilters(
|
|
PINITXFILTER pFilter,
|
|
PADDR_V4 pSrcAddrList,
|
|
DWORD dwSrcAddrCnt,
|
|
PADDR_V4 pDesAddrList,
|
|
DWORD dwDesAddrCnt,
|
|
DWORD dwDirection,
|
|
PINITXSFILTER * ppSpecificFilters
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This function forms the specific transport filters
|
|
for the given generic filter and the source and
|
|
destination address sets.
|
|
|
|
Arguments:
|
|
|
|
pFilter - Generic filter for which specific filters
|
|
are to be created.
|
|
|
|
pSrcAddrList - List of source addresses.
|
|
|
|
dwSrcAddrCnt - Number of addresses in the source
|
|
address list.
|
|
|
|
pDesAddrList - List of destination addresses.
|
|
|
|
dwDesAddrCnt - Number of addresses in the destination
|
|
address list.
|
|
|
|
ppSpecificFilters - Specific filters created for the given
|
|
generic filter and the given addresses.
|
|
|
|
Return Value:
|
|
|
|
ERROR_SUCCESS - Success.
|
|
|
|
Win32 Error - Failure.
|
|
|
|
--*/
|
|
{
|
|
DWORD dwError = 0;
|
|
PINITXSFILTER pSpecificFilters = NULL;
|
|
DWORD i = 0, j = 0;
|
|
PINITXSFILTER pSpecificFilter = NULL;
|
|
|
|
|
|
|
|
for (i = 0; i < dwSrcAddrCnt; i++) {
|
|
|
|
for (j = 0; j < dwDesAddrCnt; j++) {
|
|
|
|
dwError = CreateSpecificTxFilter(
|
|
pFilter,
|
|
pSrcAddrList[i],
|
|
pDesAddrList[j],
|
|
&pSpecificFilter
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
//
|
|
// Set the direction of the filter.
|
|
//
|
|
|
|
pSpecificFilter->dwDirection = dwDirection;
|
|
|
|
AssignTxFilterWeight(pSpecificFilter);
|
|
|
|
AddToSpecificTxList(
|
|
&pSpecificFilters,
|
|
pSpecificFilter
|
|
);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
*ppSpecificFilters = pSpecificFilters;
|
|
return (dwError);
|
|
|
|
error:
|
|
|
|
if (pSpecificFilters) {
|
|
FreeIniTxSFilterList(pSpecificFilters);
|
|
}
|
|
|
|
*ppSpecificFilters = NULL;
|
|
return (dwError);
|
|
}
|
|
|
|
|
|
DWORD
|
|
SeparateUniqueAddresses(
|
|
PADDR_V4 pAddrList,
|
|
DWORD dwAddrCnt,
|
|
MATCHING_ADDR * pMatchingAddresses,
|
|
DWORD dwLocalAddrCnt,
|
|
PADDR_V4 * ppIsMeAddrList,
|
|
PDWORD pdwIsMeAddrCnt,
|
|
PADDR_V4 * ppIsNotMeAddrList,
|
|
PDWORD pdwIsNotMeAddrCnt
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This function separates a list of unique ip addresses into
|
|
two mutually exclusive local and non-local address sets.
|
|
|
|
Arguments:
|
|
|
|
pAddrList - List of unique ip addresses to separate.
|
|
|
|
dwAddrCnt - Number of unique ip addresses in the list.
|
|
|
|
pMatchingAddresses - List of local ip addresses whose interface
|
|
type matches that of the filter.
|
|
|
|
dwAddrCnt - Number of local ip addresses in the list.
|
|
|
|
ppIsMeAddrList - List of machine's ip addresses separated from
|
|
the given list.
|
|
|
|
pdwIsMeAddrCnt - Number of machine's ip addresses in the list.
|
|
|
|
ppIsNotMeAddrList - List of not machine's ip addresses separated from
|
|
the given list.
|
|
|
|
pdwIsNotMeAddrCnt - Number of not machine's ip addresses in the list.
|
|
|
|
Return Value:
|
|
|
|
ERROR_SUCCESS - Success.
|
|
|
|
Win32 Error - Failure.
|
|
|
|
--*/
|
|
{
|
|
DWORD dwError = 0;
|
|
PADDR_V4 pIsMeAddrList = NULL;
|
|
DWORD dwIsMeAddrCnt = 0;
|
|
PADDR_V4 pIsNotMeAddrList = NULL;
|
|
DWORD dwIsNotMeAddrCnt = 0;
|
|
DWORD i = 0, j = 0, k = 0;
|
|
BOOL bEqual = FALSE;
|
|
BOOL bIsClassD = FALSE;
|
|
|
|
|
|
for (i = 0; i < dwAddrCnt; i++) {
|
|
|
|
bIsClassD = IN_CLASSD(ntohl(pAddrList[i].uIpAddr));
|
|
|
|
switch (bIsClassD) {
|
|
|
|
case TRUE:
|
|
|
|
dwIsMeAddrCnt++;
|
|
dwIsNotMeAddrCnt++;
|
|
|
|
break;
|
|
|
|
case FALSE:
|
|
|
|
//
|
|
// Check if the address is one of the matching interfaces' address.
|
|
//
|
|
|
|
bEqual = InterfaceAddrIsLocal(
|
|
pAddrList[i].uIpAddr,
|
|
pAddrList[i].uSubNetMask,
|
|
pMatchingAddresses,
|
|
dwLocalAddrCnt
|
|
);
|
|
if (bEqual) {
|
|
dwIsMeAddrCnt++;
|
|
}
|
|
else {
|
|
//
|
|
// Check if the address is one of the machine's ip address.
|
|
//
|
|
bEqual = IsMyAddress(
|
|
pAddrList[i].uIpAddr,
|
|
pAddrList[i].uSubNetMask,
|
|
gpInterfaceList
|
|
);
|
|
if (!bEqual) {
|
|
dwIsNotMeAddrCnt++;
|
|
}
|
|
}
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (dwIsMeAddrCnt) {
|
|
dwError = AllocateSPDMemory(
|
|
sizeof(ADDR_V4) * dwIsMeAddrCnt,
|
|
&pIsMeAddrList
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
}
|
|
|
|
if (dwIsNotMeAddrCnt) {
|
|
dwError = AllocateSPDMemory(
|
|
sizeof(ADDR_V4) * dwIsNotMeAddrCnt,
|
|
&pIsNotMeAddrList
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
}
|
|
|
|
for (i = 0; i < dwAddrCnt; i++) {
|
|
|
|
bIsClassD = IN_CLASSD(ntohl(pAddrList[i].uIpAddr));
|
|
|
|
switch (bIsClassD) {
|
|
|
|
case TRUE:
|
|
|
|
memcpy(
|
|
&(pIsMeAddrList[j]),
|
|
&(pAddrList[i]),
|
|
sizeof(ADDR_V4)
|
|
);
|
|
j++;
|
|
|
|
memcpy(
|
|
&pIsNotMeAddrList[k],
|
|
&pAddrList[i],
|
|
sizeof(ADDR_V4)
|
|
);
|
|
k++;
|
|
|
|
break;
|
|
|
|
case FALSE:
|
|
|
|
bEqual = InterfaceAddrIsLocal(
|
|
pAddrList[i].uIpAddr,
|
|
pAddrList[i].uSubNetMask,
|
|
pMatchingAddresses,
|
|
dwLocalAddrCnt
|
|
);
|
|
if (bEqual) {
|
|
memcpy(
|
|
&(pIsMeAddrList[j]),
|
|
&(pAddrList[i]),
|
|
sizeof(ADDR_V4)
|
|
);
|
|
j++;
|
|
}
|
|
else {
|
|
bEqual = IsMyAddress(
|
|
pAddrList[i].uIpAddr,
|
|
pAddrList[i].uSubNetMask,
|
|
gpInterfaceList
|
|
);
|
|
if (!bEqual) {
|
|
memcpy(
|
|
&pIsNotMeAddrList[k],
|
|
&pAddrList[i],
|
|
sizeof(ADDR_V4)
|
|
);
|
|
k++;
|
|
}
|
|
}
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
*ppIsMeAddrList = pIsMeAddrList;
|
|
*pdwIsMeAddrCnt = dwIsMeAddrCnt;
|
|
*ppIsNotMeAddrList = pIsNotMeAddrList;
|
|
*pdwIsNotMeAddrCnt = dwIsNotMeAddrCnt;
|
|
|
|
return (dwError);
|
|
|
|
error:
|
|
|
|
if (pIsMeAddrList) {
|
|
FreeSPDMemory(pIsMeAddrList);
|
|
}
|
|
|
|
if (pIsNotMeAddrList) {
|
|
FreeSPDMemory(pIsNotMeAddrList);
|
|
}
|
|
|
|
*ppIsMeAddrList = NULL;
|
|
*pdwIsMeAddrCnt = 0;
|
|
*ppIsNotMeAddrList = NULL;
|
|
*pdwIsNotMeAddrCnt = 0;
|
|
|
|
return (dwError);
|
|
}
|
|
|
|
|
|
DWORD
|
|
SeparateSubNetAddresses(
|
|
PADDR_V4 pAddrList,
|
|
DWORD dwAddrCnt,
|
|
MATCHING_ADDR * pMatchingAddresses,
|
|
DWORD dwLocalAddrCnt,
|
|
PADDR_V4 * ppIsMeAddrList,
|
|
PDWORD pdwIsMeAddrCnt,
|
|
PADDR_V4 * ppIsNotMeAddrList,
|
|
PDWORD pdwIsNotMeAddrCnt
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This function separates a list of subnet addresses into
|
|
two non-mutually exclusive local and non-local address sets.
|
|
|
|
Arguments:
|
|
|
|
pAddrList - List of subnet addresses to separate.
|
|
|
|
dwAddrCnt - Number of subnet addresses in the list.
|
|
|
|
pMatchingAddresses - List of local ip addresses whose interface
|
|
type matches that of the filter.
|
|
|
|
dwAddrCnt - Number of local ip addresses in the list.
|
|
|
|
ppIsMeAddrList - List of subnet addresses that contain atleast
|
|
one of the machine's ip address.
|
|
|
|
pdwIsMeAddrCnt - Number of subnet addresses containing atleast
|
|
one of the machine's ip address.
|
|
|
|
ppIsNotMeAddrList - List of subnet addresses as in the input list.
|
|
|
|
pdwIsNotMeAddrCnt - Number of subnet addresses as in the input list.
|
|
|
|
Return Value:
|
|
|
|
ERROR_SUCCESS - Success.
|
|
|
|
Win32 Error - Failure.
|
|
|
|
--*/
|
|
{
|
|
DWORD dwError = 0;
|
|
PADDR_V4 pIsMeAddrList = NULL;
|
|
DWORD dwIsMeAddrCnt = 0;
|
|
PADDR_V4 pIsNotMeAddrList = NULL;
|
|
DWORD dwIsNotMeAddrCnt = 0;
|
|
DWORD i = 0, j = 0, k = 0;
|
|
BOOL bEqual = FALSE;
|
|
BOOL bIsClassD = FALSE;
|
|
|
|
|
|
for (i = 0; i < dwAddrCnt; i++) {
|
|
|
|
bIsClassD = IN_CLASSD(ntohl(pAddrList[i].uIpAddr));
|
|
|
|
switch (bIsClassD) {
|
|
|
|
case TRUE:
|
|
|
|
dwIsMeAddrCnt++;
|
|
break;
|
|
|
|
case FALSE:
|
|
|
|
//
|
|
// Check if one of the matching interfaces' address belongs to
|
|
// the subnet.
|
|
//
|
|
|
|
bEqual = InterfaceAddrIsLocal(
|
|
pAddrList[i].uIpAddr,
|
|
pAddrList[i].uSubNetMask,
|
|
pMatchingAddresses,
|
|
dwLocalAddrCnt
|
|
);
|
|
if (bEqual) {
|
|
dwIsMeAddrCnt++;
|
|
}
|
|
break;
|
|
|
|
}
|
|
|
|
//
|
|
// The subnet will have addresses that don't belong to the local
|
|
// machine.
|
|
//
|
|
|
|
dwIsNotMeAddrCnt++;
|
|
|
|
}
|
|
|
|
if (dwIsMeAddrCnt) {
|
|
dwError = AllocateSPDMemory(
|
|
sizeof(ADDR_V4) * dwIsMeAddrCnt,
|
|
&pIsMeAddrList
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
}
|
|
|
|
if (dwIsNotMeAddrCnt) {
|
|
dwError = AllocateSPDMemory(
|
|
sizeof(ADDR_V4) * dwIsNotMeAddrCnt,
|
|
&pIsNotMeAddrList
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
}
|
|
|
|
for (i = 0; i < dwAddrCnt; i++) {
|
|
|
|
bIsClassD = IN_CLASSD(ntohl(pAddrList[i].uIpAddr));
|
|
|
|
switch (bIsClassD) {
|
|
|
|
case TRUE:
|
|
|
|
memcpy(
|
|
&(pIsMeAddrList[j]),
|
|
&(pAddrList[i]),
|
|
sizeof(ADDR_V4)
|
|
);
|
|
j++;
|
|
break;
|
|
|
|
case FALSE:
|
|
|
|
bEqual = InterfaceAddrIsLocal(
|
|
pAddrList[i].uIpAddr,
|
|
pAddrList[i].uSubNetMask,
|
|
pMatchingAddresses,
|
|
dwLocalAddrCnt
|
|
);
|
|
if (bEqual) {
|
|
memcpy(
|
|
&(pIsMeAddrList[j]),
|
|
&(pAddrList[i]),
|
|
sizeof(ADDR_V4)
|
|
);
|
|
j++;
|
|
}
|
|
break;
|
|
|
|
}
|
|
|
|
memcpy(
|
|
&pIsNotMeAddrList[k],
|
|
&pAddrList[i],
|
|
sizeof(ADDR_V4)
|
|
);
|
|
k++;
|
|
|
|
}
|
|
|
|
*ppIsMeAddrList = pIsMeAddrList;
|
|
*pdwIsMeAddrCnt = dwIsMeAddrCnt;
|
|
*ppIsNotMeAddrList = pIsNotMeAddrList;
|
|
*pdwIsNotMeAddrCnt = dwIsNotMeAddrCnt;
|
|
|
|
return (dwError);
|
|
|
|
error:
|
|
|
|
if (pIsMeAddrList) {
|
|
FreeSPDMemory(pIsMeAddrList);
|
|
}
|
|
|
|
if (pIsNotMeAddrList) {
|
|
FreeSPDMemory(pIsNotMeAddrList);
|
|
}
|
|
|
|
*ppIsMeAddrList = NULL;
|
|
*pdwIsMeAddrCnt = 0;
|
|
*ppIsNotMeAddrList = NULL;
|
|
*pdwIsNotMeAddrCnt = 0;
|
|
|
|
return (dwError);
|
|
}
|
|
|
|
|
|
DWORD
|
|
CreateSpecificTxFilter(
|
|
PINITXFILTER pGenericFilter,
|
|
ADDR_V4 SrcAddr,
|
|
ADDR_V4 DesAddr,
|
|
PINITXSFILTER * ppSpecificFilter
|
|
)
|
|
{
|
|
DWORD dwError = 0;
|
|
PINITXSFILTER pSpecificFilter = NULL;
|
|
|
|
|
|
dwError = AllocateSPDMemory(
|
|
sizeof(INITXSFILTER),
|
|
&pSpecificFilter
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
pSpecificFilter->cRef = 0;
|
|
|
|
pSpecificFilter->IpVersion = pGenericFilter->IpVersion;
|
|
|
|
CopyGuid(pGenericFilter->gFilterID, &(pSpecificFilter->gParentID));
|
|
|
|
dwError = AllocateSPDString(
|
|
pGenericFilter->pszFilterName,
|
|
&(pSpecificFilter->pszFilterName)
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
pSpecificFilter->InterfaceType = pGenericFilter->InterfaceType;
|
|
|
|
pSpecificFilter->dwFlags = pGenericFilter->dwFlags;
|
|
|
|
CopyAddresses(SrcAddr, &(pSpecificFilter->SrcAddr));
|
|
|
|
CopyAddresses(DesAddr, &(pSpecificFilter->DesAddr));
|
|
|
|
CopyPorts(pGenericFilter->SrcPort, &(pSpecificFilter->SrcPort));
|
|
|
|
CopyPorts(pGenericFilter->DesPort, &(pSpecificFilter->DesPort));
|
|
|
|
CopyProtocols(pGenericFilter->Protocol, &(pSpecificFilter->Protocol));
|
|
|
|
pSpecificFilter->InboundFilterAction = pGenericFilter->InboundFilterAction;
|
|
|
|
pSpecificFilter->OutboundFilterAction = pGenericFilter->OutboundFilterAction;
|
|
|
|
//
|
|
// Direction must be set in the calling routine.
|
|
//
|
|
|
|
pSpecificFilter->dwDirection = 0;
|
|
|
|
//
|
|
// Weight must be set in the calling routine.
|
|
//
|
|
|
|
pSpecificFilter->dwWeight = 0;
|
|
|
|
CopyGuid(pGenericFilter->gPolicyID, &(pSpecificFilter->gPolicyID));
|
|
|
|
pSpecificFilter->pIniQMPolicy = NULL;
|
|
|
|
pSpecificFilter->pNext = NULL;
|
|
|
|
*ppSpecificFilter = pSpecificFilter;
|
|
return (dwError);
|
|
|
|
error:
|
|
|
|
if (pSpecificFilter) {
|
|
FreeIniTxSFilter(pSpecificFilter);
|
|
}
|
|
|
|
*ppSpecificFilter = NULL;
|
|
return (dwError);
|
|
|
|
}
|
|
|
|
|
|
VOID
|
|
AssignTxFilterWeight(
|
|
PINITXSFILTER pSpecificFilter
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Computes and assigns the weight to a specific transport filter.
|
|
|
|
The transport filter weight consists of the following:
|
|
|
|
31 16 12 8 0
|
|
+-----------+--------+-----------+--------+
|
|
|AddrMaskWgt|Reserved|ProtocolWgt|PortWgts|
|
|
+-----------+--------+-----------+--------+
|
|
|
|
Arguments:
|
|
|
|
pSpecificFilter - Specific transport filter to which the weight
|
|
is to be assigned.
|
|
|
|
Return Value:
|
|
|
|
None.
|
|
|
|
--*/
|
|
{
|
|
DWORD dwWeight = 0;
|
|
ULONG SrcMask = 0;
|
|
ULONG DesMask = 0;
|
|
DWORD dwSrcMaskWeight = 0;
|
|
DWORD dwDesMaskWeight = 0;
|
|
DWORD dwMaskWeight = 0;
|
|
DWORD i = 0;
|
|
|
|
|
|
//
|
|
// Weight Rule:
|
|
// A field with a more specific value gets a higher weight than
|
|
// the same field with a lesser specific value.
|
|
//
|
|
|
|
//
|
|
// If the protocol is specific then assign the specific protocol
|
|
// weight else the weight is zero.
|
|
// All the specific filters that have a specific protocol and
|
|
// differ only in the protocol field will have the same weight.
|
|
//
|
|
|
|
if (pSpecificFilter->Protocol.dwProtocol != 0) {
|
|
dwWeight |= WEIGHT_SPECIFIC_PROTOCOL;
|
|
}
|
|
|
|
//
|
|
// If the source port is specific then assign the specific source
|
|
// port weight else the weight is zero.
|
|
// All the specific filters that have a specific source port and
|
|
// differ only in the source port field will have the same weight.
|
|
//
|
|
|
|
if (pSpecificFilter->SrcPort.wPort != 0) {
|
|
dwWeight |= WEIGHT_SPECIFIC_SOURCE_PORT;
|
|
}
|
|
|
|
//
|
|
// If the destination port is specific then assign the specific
|
|
// destination port weight else the weight is zero.
|
|
// All the specific filters that have a specific destination port
|
|
// and differ only in the destination port field will have the
|
|
// same weight.
|
|
//
|
|
|
|
if (pSpecificFilter->DesPort.wPort != 0) {
|
|
dwWeight |= WEIGHT_SPECIFIC_DESTINATION_PORT;
|
|
}
|
|
|
|
//
|
|
// IP addresses get the weight values based on their mask values.
|
|
// In the address case, the weight is computed as a sum of the
|
|
// bit positions starting from the position that contains the
|
|
// first least significant non-zero bit to the most significant
|
|
// bit position of the mask.
|
|
// All unique ip addresses have a mask of 0xFFFFFFFF and thus get
|
|
// the same weight, which is 1 + 2 + .... + 32.
|
|
// A subnet address has a mask with atleast the least significant
|
|
// bit zero and thus gets weight in the range (2 + .. + 32) to 0.
|
|
//
|
|
|
|
DesMask = ntohl(pSpecificFilter->DesAddr.uSubNetMask);
|
|
|
|
for (i = 0; i < sizeof(ULONG) * 8; i++) {
|
|
|
|
//
|
|
// If the bit position contains a non-zero bit, add the bit
|
|
// position to the sum.
|
|
//
|
|
|
|
if ((DesMask & 0x1) == 0x1) {
|
|
dwMaskWeight += (i+1);
|
|
dwDesMaskWeight += (i+1);
|
|
}
|
|
|
|
//
|
|
// Move to the next bit position.
|
|
//
|
|
|
|
DesMask = DesMask >> 1;
|
|
|
|
}
|
|
|
|
|
|
SrcMask = ntohl(pSpecificFilter->SrcAddr.uSubNetMask);
|
|
|
|
for (i = 0; i < sizeof(ULONG) * 8; i++) {
|
|
|
|
//
|
|
// If the bit position contains a non-zero bit, add the bit
|
|
// position to the sum.
|
|
//
|
|
|
|
if ((SrcMask & 0x1) == 0x1) {
|
|
dwMaskWeight += (i+1);
|
|
dwSrcMaskWeight += (i+1);
|
|
}
|
|
|
|
//
|
|
// Move to the next bit position.
|
|
//
|
|
|
|
SrcMask = SrcMask >> 1;
|
|
|
|
}
|
|
|
|
if (dwDesMaskWeight >= dwSrcMaskWeight) {
|
|
dwWeight |= WEIGHT_ADDRESS_TIE_BREAKER;
|
|
}
|
|
|
|
//
|
|
// Move the mask weight to the set of bits in the overall weight
|
|
// that it occupies.
|
|
//
|
|
|
|
dwMaskWeight = dwMaskWeight << 16;
|
|
|
|
dwWeight += dwMaskWeight;
|
|
|
|
pSpecificFilter->dwWeight = dwWeight;
|
|
}
|
|
|
|
|
|
VOID
|
|
AddToSpecificTxList(
|
|
PINITXSFILTER * ppSpecificTxFilterList,
|
|
PINITXSFILTER pSpecificTxFilters
|
|
)
|
|
{
|
|
PINITXSFILTER pListOne = NULL;
|
|
PINITXSFILTER pListTwo = NULL;
|
|
PINITXSFILTER pListMerge = NULL;
|
|
PINITXSFILTER pLast = NULL;
|
|
|
|
if (!(*ppSpecificTxFilterList) && !pSpecificTxFilters) {
|
|
return;
|
|
}
|
|
|
|
if (!(*ppSpecificTxFilterList)) {
|
|
*ppSpecificTxFilterList = pSpecificTxFilters;
|
|
return;
|
|
}
|
|
|
|
if (!pSpecificTxFilters) {
|
|
return;
|
|
}
|
|
|
|
pListOne = *ppSpecificTxFilterList;
|
|
pListTwo = pSpecificTxFilters;
|
|
|
|
while (pListOne && pListTwo) {
|
|
|
|
if ((pListOne->dwWeight) > (pListTwo->dwWeight)) {
|
|
|
|
if (!pListMerge) {
|
|
pListMerge = pListOne;
|
|
pLast = pListOne;
|
|
pListOne = pListOne->pNext;
|
|
}
|
|
else {
|
|
pLast->pNext = pListOne;
|
|
pListOne = pListOne->pNext;
|
|
pLast = pLast->pNext;
|
|
}
|
|
|
|
}
|
|
else {
|
|
|
|
if (!pListMerge) {
|
|
pListMerge = pListTwo;
|
|
pLast = pListTwo;
|
|
pListTwo = pListTwo->pNext;
|
|
}
|
|
else {
|
|
pLast->pNext = pListTwo;
|
|
pListTwo = pListTwo->pNext;
|
|
pLast = pLast->pNext;
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (pListMerge) {
|
|
if (pListOne) {
|
|
pLast->pNext = pListOne;
|
|
}
|
|
else {
|
|
pLast->pNext = pListTwo;
|
|
}
|
|
}
|
|
|
|
*ppSpecificTxFilterList = pListMerge;
|
|
return;
|
|
}
|
|
|
|
|
|
VOID
|
|
FreeIniTxSFilterList(
|
|
PINITXSFILTER pIniTxSFilterList
|
|
)
|
|
{
|
|
PINITXSFILTER pFilter = NULL;
|
|
PINITXSFILTER pTempFilter = NULL;
|
|
|
|
pFilter = pIniTxSFilterList;
|
|
|
|
while (pFilter) {
|
|
pTempFilter = pFilter;
|
|
pFilter = pFilter->pNext;
|
|
FreeIniTxSFilter(pTempFilter);
|
|
}
|
|
}
|
|
|
|
|
|
VOID
|
|
FreeIniTxSFilter(
|
|
PINITXSFILTER pIniTxSFilter
|
|
)
|
|
{
|
|
if (pIniTxSFilter) {
|
|
if (pIniTxSFilter->pszFilterName) {
|
|
FreeSPDString(pIniTxSFilter->pszFilterName);
|
|
}
|
|
|
|
//
|
|
// Must not ever free pIniTxSFilter->pIniQMPolicy.
|
|
//
|
|
|
|
FreeSPDMemory(pIniTxSFilter);
|
|
}
|
|
}
|
|
|
|
|
|
VOID
|
|
LinkTxSpecificFilters(
|
|
PINIQMPOLICY pIniQMPolicy,
|
|
PINITXSFILTER pIniTxSFilters
|
|
)
|
|
{
|
|
PINITXSFILTER pTemp = NULL;
|
|
|
|
pTemp = pIniTxSFilters;
|
|
|
|
while (pTemp) {
|
|
pTemp->pIniQMPolicy = pIniQMPolicy;
|
|
pTemp = pTemp->pNext;
|
|
}
|
|
|
|
return;
|
|
}
|
|
|
|
|
|
VOID
|
|
RemoveIniTxSFilter(
|
|
PINITXSFILTER pIniTxSFilter
|
|
)
|
|
{
|
|
PINITXSFILTER * ppTemp = NULL;
|
|
|
|
ppTemp = &gpIniTxSFilter;
|
|
|
|
while (*ppTemp) {
|
|
|
|
if (*ppTemp == pIniTxSFilter) {
|
|
break;
|
|
}
|
|
ppTemp = &((*ppTemp)->pNext);
|
|
}
|
|
|
|
if (*ppTemp) {
|
|
*ppTemp = pIniTxSFilter->pNext;
|
|
}
|
|
|
|
return;
|
|
}
|
|
|
|
|
|
DWORD
|
|
EnumSpecificTxFilters(
|
|
PINITXSFILTER pIniTxSFilterList,
|
|
DWORD dwResumeHandle,
|
|
DWORD dwPreferredNumEntries,
|
|
PTRANSPORT_FILTER * ppTxFilters,
|
|
PDWORD pdwNumTxFilters
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This function creates enumerated specific filters.
|
|
|
|
Arguments:
|
|
|
|
pIniTxSFilterList - List of specific filters to enumerate.
|
|
|
|
dwResumeHandle - Location in the specific filter list from which
|
|
to resume enumeration.
|
|
|
|
dwPreferredNumEntries - Preferred number of enumeration entries.
|
|
|
|
ppTxFilters - Enumerated filters returned to the caller.
|
|
|
|
pdwNumTxFilters - Number of filters actually enumerated.
|
|
|
|
Return Value:
|
|
|
|
ERROR_SUCCESS - Success.
|
|
|
|
Win32 Error - Failure.
|
|
|
|
--*/
|
|
{
|
|
DWORD dwError = 0;
|
|
DWORD dwNumToEnum = 0;
|
|
PINITXSFILTER pIniTxSFilter = NULL;
|
|
DWORD i = 0;
|
|
PINITXSFILTER pTemp = NULL;
|
|
DWORD dwNumTxFilters = 0;
|
|
PTRANSPORT_FILTER pTxFilters = 0;
|
|
PTRANSPORT_FILTER pTxFilter = 0;
|
|
|
|
|
|
if (!dwPreferredNumEntries ||
|
|
(dwPreferredNumEntries > MAX_TRANSPORTFILTER_ENUM_COUNT)) {
|
|
dwNumToEnum = MAX_TRANSPORTFILTER_ENUM_COUNT;
|
|
}
|
|
else {
|
|
dwNumToEnum = dwPreferredNumEntries;
|
|
}
|
|
|
|
pIniTxSFilter = pIniTxSFilterList;
|
|
|
|
for (i = 0; (i < dwResumeHandle) && (pIniTxSFilter != NULL); i++) {
|
|
pIniTxSFilter = pIniTxSFilter->pNext;
|
|
}
|
|
|
|
if (!pIniTxSFilter) {
|
|
dwError = ERROR_NO_DATA;
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
}
|
|
|
|
pTemp = pIniTxSFilter;
|
|
|
|
while (pTemp && (dwNumTxFilters < dwNumToEnum)) {
|
|
dwNumTxFilters++;
|
|
pTemp = pTemp->pNext;
|
|
}
|
|
|
|
dwError = SPDApiBufferAllocate(
|
|
sizeof(TRANSPORT_FILTER)*dwNumTxFilters,
|
|
&pTxFilters
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
pTemp = pIniTxSFilter;
|
|
pTxFilter = pTxFilters;
|
|
|
|
for (i = 0; i < dwNumTxFilters; i++) {
|
|
|
|
dwError = CopyTxSFilter(
|
|
pTemp,
|
|
pTxFilter
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
pTemp = pTemp->pNext;
|
|
pTxFilter++;
|
|
|
|
}
|
|
|
|
*ppTxFilters = pTxFilters;
|
|
*pdwNumTxFilters = dwNumTxFilters;
|
|
return (dwError);
|
|
|
|
error:
|
|
|
|
if (pTxFilters) {
|
|
FreeTxFilters(
|
|
i,
|
|
pTxFilters
|
|
);
|
|
}
|
|
|
|
*ppTxFilters = NULL;
|
|
*pdwNumTxFilters = 0;
|
|
|
|
return (dwError);
|
|
}
|
|
|
|
|
|
DWORD
|
|
CopyTxSFilter(
|
|
PINITXSFILTER pIniTxSFilter,
|
|
PTRANSPORT_FILTER pTxFilter
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This function copies an internal filter into an external filter
|
|
container.
|
|
|
|
Arguments:
|
|
|
|
pIniTxSFilter - Internal filter to copy.
|
|
|
|
pTxFilter - External filter container in which to copy.
|
|
|
|
Return Value:
|
|
|
|
ERROR_SUCCESS - Success.
|
|
|
|
Win32 Error - Failure.
|
|
|
|
--*/
|
|
{
|
|
DWORD dwError = 0;
|
|
|
|
|
|
pTxFilter->IpVersion = pIniTxSFilter->IpVersion;
|
|
|
|
CopyGuid(pIniTxSFilter->gParentID, &(pTxFilter->gFilterID));
|
|
|
|
dwError = CopyName(
|
|
pIniTxSFilter->pszFilterName,
|
|
&(pTxFilter->pszFilterName)
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
pTxFilter->InterfaceType = pIniTxSFilter->InterfaceType;
|
|
|
|
pTxFilter->bCreateMirror = FALSE;
|
|
|
|
pTxFilter->dwFlags = pIniTxSFilter->dwFlags;
|
|
|
|
dwError = CopyIntToExtAddresses(pIniTxSFilter->SrcAddr, &(pTxFilter->SrcAddr));
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
dwError = CopyIntToExtAddresses(pIniTxSFilter->DesAddr, &(pTxFilter->DesAddr));
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
CopyProtocols(pIniTxSFilter->Protocol, &(pTxFilter->Protocol));
|
|
|
|
CopyPorts(pIniTxSFilter->SrcPort, &(pTxFilter->SrcPort));
|
|
|
|
CopyPorts(pIniTxSFilter->DesPort, &(pTxFilter->DesPort));
|
|
|
|
pTxFilter->InboundFilterAction = pIniTxSFilter->InboundFilterAction;
|
|
|
|
pTxFilter->OutboundFilterAction = pIniTxSFilter->OutboundFilterAction;
|
|
|
|
pTxFilter->dwDirection = pIniTxSFilter->dwDirection;
|
|
|
|
pTxFilter->dwWeight = pIniTxSFilter->dwWeight;
|
|
|
|
CopyGuid(pIniTxSFilter->gPolicyID, &(pTxFilter->gPolicyID));
|
|
|
|
return (dwError);
|
|
|
|
error:
|
|
|
|
if (pTxFilter->pszFilterName) {
|
|
SPDApiBufferFree(pTxFilter->pszFilterName);
|
|
pTxFilter->pszFilterName = NULL;
|
|
}
|
|
|
|
if (pTxFilter->SrcAddr.pgInterfaceID) {
|
|
SPDApiBufferFree(pTxFilter->SrcAddr.pgInterfaceID);
|
|
pTxFilter->SrcAddr.pgInterfaceID = NULL;
|
|
}
|
|
|
|
if (pTxFilter->DesAddr.pgInterfaceID) {
|
|
SPDApiBufferFree(pTxFilter->DesAddr.pgInterfaceID);
|
|
pTxFilter->DesAddr.pgInterfaceID = NULL;
|
|
}
|
|
|
|
return (dwError);
|
|
}
|
|
|
|
|
|
DWORD
|
|
EnumSelectSpecificTxFilters(
|
|
PINITXFILTER pIniTxFilter,
|
|
DWORD dwResumeHandle,
|
|
DWORD dwPreferredNumEntries,
|
|
PTRANSPORT_FILTER * ppTxFilters,
|
|
PDWORD pdwNumTxFilters
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This function creates enumerated specific filters for
|
|
the given generic filter.
|
|
|
|
Arguments:
|
|
|
|
pIniTxFilter - Generic filter for which specific filters
|
|
are to be enumerated.
|
|
|
|
dwResumeHandle - Location in the specific filter list for the
|
|
given generic filter from which to resume
|
|
enumeration.
|
|
|
|
dwPreferredNumEntries - Preferred number of enumeration entries.
|
|
|
|
ppTxFilters - Enumerated filters returned to the caller.
|
|
|
|
pdwNumTxFilters - Number of filters actually enumerated.
|
|
|
|
Return Value:
|
|
|
|
ERROR_SUCCESS - Success.
|
|
|
|
Win32 Error - Failure.
|
|
|
|
--*/
|
|
{
|
|
DWORD dwError = 0;
|
|
DWORD dwNumToEnum = 0;
|
|
DWORD dwNumTxSFilters = 0;
|
|
PINITXSFILTER * ppIniTxSFilters = NULL;
|
|
DWORD i = 0;
|
|
DWORD dwNumTxFilters = 0;
|
|
PTRANSPORT_FILTER pTxFilters = 0;
|
|
PTRANSPORT_FILTER pTxFilter = 0;
|
|
|
|
|
|
if (!dwPreferredNumEntries ||
|
|
(dwPreferredNumEntries > MAX_TRANSPORTFILTER_ENUM_COUNT)) {
|
|
dwNumToEnum = MAX_TRANSPORTFILTER_ENUM_COUNT;
|
|
}
|
|
else {
|
|
dwNumToEnum = dwPreferredNumEntries;
|
|
}
|
|
|
|
dwNumTxSFilters = pIniTxFilter->dwNumTxSFilters;
|
|
ppIniTxSFilters = pIniTxFilter->ppIniTxSFilters;
|
|
|
|
if (!dwNumTxSFilters || (dwNumTxSFilters <= dwResumeHandle)) {
|
|
dwError = ERROR_NO_DATA;
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
}
|
|
|
|
dwNumTxFilters = min((dwNumTxSFilters-dwResumeHandle),
|
|
dwNumToEnum);
|
|
|
|
dwError = SPDApiBufferAllocate(
|
|
sizeof(TRANSPORT_FILTER)*dwNumTxFilters,
|
|
&pTxFilters
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
pTxFilter = pTxFilters;
|
|
|
|
for (i = 0; i < dwNumTxFilters; i++) {
|
|
|
|
dwError = CopyTxSFilter(
|
|
*(ppIniTxSFilters + (dwResumeHandle + i)),
|
|
pTxFilter
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
pTxFilter++;
|
|
|
|
}
|
|
|
|
*ppTxFilters = pTxFilters;
|
|
*pdwNumTxFilters = dwNumTxFilters;
|
|
return (dwError);
|
|
|
|
error:
|
|
|
|
if (pTxFilters) {
|
|
FreeTxFilters(
|
|
i,
|
|
pTxFilters
|
|
);
|
|
}
|
|
|
|
*ppTxFilters = NULL;
|
|
*pdwNumTxFilters = 0;
|
|
|
|
return (dwError);
|
|
}
|
|
|
|
|
|
DWORD
|
|
MatchTransportFilter(
|
|
LPWSTR pServerName,
|
|
DWORD dwVersion,
|
|
PTRANSPORT_FILTER pTxFilter,
|
|
DWORD dwFlags,
|
|
DWORD dwPreferredNumEntries,
|
|
PTRANSPORT_FILTER * ppMatchedTxFilters,
|
|
PIPSEC_QM_POLICY * ppMatchedQMPolicies,
|
|
LPDWORD pdwNumMatches,
|
|
LPDWORD pdwResumeHandle,
|
|
LPVOID pvReserved
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This function finds the matching transport filters for the
|
|
given transport filter template. The matched filters can not
|
|
be more specific than the given filter template.
|
|
|
|
Arguments:
|
|
|
|
pServerName - Server on which a filter template is to be matched.
|
|
|
|
pTxFilter - Filter template to match.
|
|
|
|
dwFlags - Flags.
|
|
|
|
ppMatchedTxFilters - Matched transport filters returned to the
|
|
caller.
|
|
|
|
ppMatchedQMPolicies - Quick mode policies corresponding to the
|
|
matched transport filters returned to the
|
|
caller.
|
|
|
|
dwPreferredNumEntries - Preferred number of matched entries.
|
|
|
|
pdwNumMatches - Number of filters actually matched.
|
|
|
|
pdwResumeHandle - Handle to the location in the matched filter
|
|
list from which to resume enumeration.
|
|
|
|
Return Value:
|
|
|
|
ERROR_SUCCESS - Success.
|
|
|
|
Win32 Error - Failure.
|
|
|
|
--*/
|
|
{
|
|
DWORD dwError = 0;
|
|
DWORD dwResumeHandle = 0;
|
|
DWORD dwNumToMatch = 0;
|
|
PINITXSFILTER pIniTxSFilter = NULL;
|
|
DWORD i = 0;
|
|
BOOL bMatches = FALSE;
|
|
PINITXSFILTER pTemp = NULL;
|
|
DWORD dwNumMatches = 0;
|
|
PINITXSFILTER pLastMatchedFilter = NULL;
|
|
PTRANSPORT_FILTER pMatchedTxFilters = NULL;
|
|
PIPSEC_QM_POLICY pMatchedQMPolicies = NULL;
|
|
DWORD dwNumFilters = 0;
|
|
DWORD dwNumPolicies = 0;
|
|
PTRANSPORT_FILTER pMatchedTxFilter = NULL;
|
|
PIPSEC_QM_POLICY pMatchedQMPolicy = NULL;
|
|
|
|
|
|
dwError = ValidateTxFilterTemplate(
|
|
pTxFilter
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
dwResumeHandle = *pdwResumeHandle;
|
|
|
|
if (!dwPreferredNumEntries) {
|
|
dwNumToMatch = 1;
|
|
}
|
|
else if (dwPreferredNumEntries > MAX_TRANSPORTFILTER_ENUM_COUNT) {
|
|
dwNumToMatch = MAX_TRANSPORTFILTER_ENUM_COUNT;
|
|
}
|
|
else {
|
|
dwNumToMatch = dwPreferredNumEntries;
|
|
}
|
|
|
|
ENTER_SPD_SECTION();
|
|
|
|
dwError = ValidateTxSecurity(
|
|
SPD_OBJECT_SERVER,
|
|
SERVER_ACCESS_ADMINISTER,
|
|
NULL,
|
|
NULL
|
|
);
|
|
BAIL_ON_LOCK_ERROR(dwError);
|
|
|
|
pIniTxSFilter = gpIniTxSFilter;
|
|
|
|
while ((i < dwResumeHandle) && (pIniTxSFilter != NULL)) {
|
|
bMatches = MatchIniTxSFilter(
|
|
pIniTxSFilter,
|
|
pTxFilter
|
|
);
|
|
if (bMatches) {
|
|
i++;
|
|
}
|
|
pIniTxSFilter = pIniTxSFilter->pNext;
|
|
}
|
|
|
|
if (!pIniTxSFilter) {
|
|
if (!(dwFlags & RETURN_DEFAULTS_ON_NO_MATCH)) {
|
|
dwError = ERROR_NO_DATA;
|
|
BAIL_ON_LOCK_ERROR(dwError);
|
|
}
|
|
else {
|
|
dwError = CopyTxMatchDefaults(
|
|
dwFlags,
|
|
&pMatchedTxFilters,
|
|
&pMatchedQMPolicies,
|
|
&dwNumMatches
|
|
);
|
|
BAIL_ON_LOCK_ERROR(dwError);
|
|
BAIL_ON_LOCK_SUCCESS(dwError);
|
|
}
|
|
}
|
|
|
|
pTemp = pIniTxSFilter;
|
|
|
|
while (pTemp && (dwNumMatches < dwNumToMatch)) {
|
|
bMatches = MatchIniTxSFilter(
|
|
pTemp,
|
|
pTxFilter
|
|
);
|
|
if (bMatches) {
|
|
pLastMatchedFilter = pTemp;
|
|
dwNumMatches++;
|
|
}
|
|
pTemp = pTemp->pNext;
|
|
}
|
|
|
|
if (!dwNumMatches) {
|
|
if (!(dwFlags & RETURN_DEFAULTS_ON_NO_MATCH)) {
|
|
dwError = ERROR_NO_DATA;
|
|
BAIL_ON_LOCK_ERROR(dwError);
|
|
}
|
|
else {
|
|
dwError = CopyTxMatchDefaults(
|
|
dwFlags,
|
|
&pMatchedTxFilters,
|
|
&pMatchedQMPolicies,
|
|
&dwNumMatches
|
|
);
|
|
BAIL_ON_LOCK_ERROR(dwError);
|
|
BAIL_ON_LOCK_SUCCESS(dwError);
|
|
}
|
|
}
|
|
|
|
dwError = SPDApiBufferAllocate(
|
|
sizeof(TRANSPORT_FILTER)*dwNumMatches,
|
|
&pMatchedTxFilters
|
|
);
|
|
BAIL_ON_LOCK_ERROR(dwError);
|
|
|
|
dwError = SPDApiBufferAllocate(
|
|
sizeof(IPSEC_QM_POLICY)*dwNumMatches,
|
|
&pMatchedQMPolicies
|
|
);
|
|
BAIL_ON_LOCK_ERROR(dwError);
|
|
|
|
|
|
if (dwNumMatches == 1) {
|
|
|
|
dwError = CopyTxSFilter(
|
|
pLastMatchedFilter,
|
|
pMatchedTxFilters
|
|
);
|
|
BAIL_ON_LOCK_ERROR(dwError);
|
|
dwNumFilters++;
|
|
|
|
if (pLastMatchedFilter->pIniQMPolicy) {
|
|
dwError = CopyQMPolicy(
|
|
dwFlags,
|
|
pLastMatchedFilter->pIniQMPolicy,
|
|
pMatchedQMPolicies
|
|
);
|
|
BAIL_ON_LOCK_ERROR(dwError);
|
|
}
|
|
else {
|
|
memset(pMatchedQMPolicies, 0, sizeof(IPSEC_QM_POLICY));
|
|
}
|
|
dwNumPolicies++;
|
|
|
|
}
|
|
else {
|
|
|
|
pTemp = pIniTxSFilter;
|
|
pMatchedTxFilter = pMatchedTxFilters;
|
|
pMatchedQMPolicy = pMatchedQMPolicies;
|
|
i = 0;
|
|
|
|
while (i < dwNumMatches) {
|
|
|
|
bMatches = MatchIniTxSFilter(
|
|
pTemp,
|
|
pTxFilter
|
|
);
|
|
if (bMatches) {
|
|
|
|
dwError = CopyTxSFilter(
|
|
pTemp,
|
|
pMatchedTxFilter
|
|
);
|
|
BAIL_ON_LOCK_ERROR(dwError);
|
|
pMatchedTxFilter++;
|
|
dwNumFilters++;
|
|
|
|
if (pTemp->pIniQMPolicy) {
|
|
dwError = CopyQMPolicy(
|
|
dwFlags,
|
|
pTemp->pIniQMPolicy,
|
|
pMatchedQMPolicy
|
|
);
|
|
BAIL_ON_LOCK_ERROR(dwError);
|
|
}
|
|
else {
|
|
memset(pMatchedQMPolicy, 0, sizeof(IPSEC_QM_POLICY));
|
|
}
|
|
pMatchedQMPolicy++;
|
|
dwNumPolicies++;
|
|
|
|
i++;
|
|
|
|
}
|
|
|
|
pTemp = pTemp->pNext;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
lock_success:
|
|
|
|
LEAVE_SPD_SECTION();
|
|
|
|
*ppMatchedTxFilters = pMatchedTxFilters;
|
|
*ppMatchedQMPolicies = pMatchedQMPolicies;
|
|
*pdwNumMatches = dwNumMatches;
|
|
*pdwResumeHandle = dwResumeHandle + dwNumMatches;
|
|
|
|
return (dwError);
|
|
|
|
lock:
|
|
|
|
LEAVE_SPD_SECTION();
|
|
|
|
error:
|
|
|
|
if (pMatchedTxFilters) {
|
|
FreeTxFilters(
|
|
dwNumFilters,
|
|
pMatchedTxFilters
|
|
);
|
|
}
|
|
|
|
if (pMatchedQMPolicies) {
|
|
FreeQMPolicies(
|
|
dwNumPolicies,
|
|
pMatchedQMPolicies
|
|
);
|
|
}
|
|
|
|
*ppMatchedTxFilters = NULL;
|
|
*ppMatchedQMPolicies = NULL;
|
|
*pdwNumMatches = 0;
|
|
*pdwResumeHandle = dwResumeHandle;
|
|
|
|
return (dwError);
|
|
}
|
|
|
|
|
|
DWORD
|
|
ValidateTxFilterTemplate(
|
|
PTRANSPORT_FILTER pTxFilter
|
|
)
|
|
{
|
|
DWORD dwError = 0;
|
|
BOOL bConflicts = FALSE;
|
|
|
|
|
|
if (!pTxFilter) {
|
|
dwError = ERROR_INVALID_PARAMETER;
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
}
|
|
|
|
dwError = VerifyAddresses(&(pTxFilter->SrcAddr), TRUE, FALSE);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
dwError = VerifyAddresses(&(pTxFilter->DesAddr), TRUE, TRUE);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
bConflicts = AddressesConflict(
|
|
pTxFilter->SrcAddr,
|
|
pTxFilter->DesAddr
|
|
);
|
|
if (bConflicts) {
|
|
dwError = ERROR_INVALID_PARAMETER;
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
}
|
|
|
|
dwError = VerifyProtocols(pTxFilter->Protocol);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
dwError = VerifyPortsForProtocol(
|
|
pTxFilter->SrcPort,
|
|
pTxFilter->Protocol
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
dwError = VerifyPortsForProtocol(
|
|
pTxFilter->DesPort,
|
|
pTxFilter->Protocol
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
if (pTxFilter->dwDirection) {
|
|
if ((pTxFilter->dwDirection != FILTER_DIRECTION_INBOUND) &&
|
|
(pTxFilter->dwDirection != FILTER_DIRECTION_OUTBOUND)) {
|
|
dwError = ERROR_INVALID_PARAMETER;
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
}
|
|
}
|
|
|
|
error:
|
|
|
|
return (dwError);
|
|
}
|
|
|
|
|
|
BOOL
|
|
MatchIniTxSFilter(
|
|
PINITXSFILTER pIniTxSFilter,
|
|
PTRANSPORT_FILTER pTxFilter
|
|
)
|
|
{
|
|
BOOL bMatches = FALSE;
|
|
|
|
if (pTxFilter->dwDirection) {
|
|
if (pTxFilter->dwDirection != pIniTxSFilter->dwDirection) {
|
|
return (FALSE);
|
|
}
|
|
}
|
|
|
|
if ((pIniTxSFilter->InboundFilterAction != NEGOTIATE_SECURITY) &&
|
|
(pIniTxSFilter->OutboundFilterAction != NEGOTIATE_SECURITY)) {
|
|
return (FALSE);
|
|
}
|
|
|
|
bMatches = MatchAddresses(
|
|
pIniTxSFilter->SrcAddr,
|
|
pTxFilter->SrcAddr
|
|
);
|
|
if (!bMatches) {
|
|
return (FALSE);
|
|
}
|
|
|
|
bMatches = MatchAddresses(
|
|
pIniTxSFilter->DesAddr,
|
|
pTxFilter->DesAddr
|
|
);
|
|
if (!bMatches) {
|
|
return (FALSE);
|
|
}
|
|
|
|
bMatches = MatchPorts(
|
|
pIniTxSFilter->SrcPort,
|
|
pTxFilter->SrcPort
|
|
);
|
|
if (!bMatches) {
|
|
return (FALSE);
|
|
}
|
|
|
|
bMatches = MatchPorts(
|
|
pIniTxSFilter->DesPort,
|
|
pTxFilter->DesPort
|
|
);
|
|
if (!bMatches) {
|
|
return (FALSE);
|
|
}
|
|
|
|
bMatches = MatchProtocols(
|
|
pIniTxSFilter->Protocol,
|
|
pTxFilter->Protocol
|
|
);
|
|
if (!bMatches) {
|
|
return (FALSE);
|
|
}
|
|
|
|
return (TRUE);
|
|
}
|
|
|
|
|
|
DWORD
|
|
CopyTxMatchDefaults(
|
|
DWORD dwFlags,
|
|
PTRANSPORT_FILTER * ppTxFilters,
|
|
PIPSEC_QM_POLICY * ppQMPolicies,
|
|
PDWORD pdwNumMatches
|
|
)
|
|
{
|
|
DWORD dwError = 0;
|
|
PTRANSPORT_FILTER pTxFilters = NULL;
|
|
PIPSEC_QM_POLICY pQMPolicies = NULL;
|
|
DWORD dwNumFilters = 0;
|
|
DWORD dwNumPolicies = 0;
|
|
|
|
|
|
if (!gpIniDefaultQMPolicy) {
|
|
dwError = ERROR_IPSEC_DEFAULT_QM_POLICY_NOT_FOUND;
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
}
|
|
|
|
dwError = SPDApiBufferAllocate(
|
|
sizeof(TRANSPORT_FILTER),
|
|
&pTxFilters
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
dwError = SPDApiBufferAllocate(
|
|
sizeof(IPSEC_QM_POLICY),
|
|
&pQMPolicies
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
dwError = CopyDefaultTxFilter(
|
|
pTxFilters,
|
|
gpIniDefaultQMPolicy
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
dwNumFilters++;
|
|
|
|
dwError = CopyQMPolicy(
|
|
dwFlags,
|
|
gpIniDefaultQMPolicy,
|
|
pQMPolicies
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
pQMPolicies->dwFlags |= IPSEC_QM_POLICY_ON_NO_MATCH;
|
|
dwNumPolicies++;
|
|
|
|
*ppTxFilters = pTxFilters;
|
|
*ppQMPolicies = pQMPolicies;
|
|
*pdwNumMatches = 1;
|
|
|
|
return (dwError);
|
|
|
|
error:
|
|
|
|
if (pTxFilters) {
|
|
FreeTxFilters(
|
|
dwNumFilters,
|
|
pTxFilters
|
|
);
|
|
}
|
|
|
|
if (pQMPolicies) {
|
|
FreeQMPolicies(
|
|
dwNumPolicies,
|
|
pQMPolicies
|
|
);
|
|
}
|
|
|
|
*ppTxFilters = NULL;
|
|
*ppQMPolicies = NULL;
|
|
*pdwNumMatches = 0;
|
|
|
|
return (dwError);
|
|
}
|
|
|
|
|
|
DWORD
|
|
CopyDefaultTxFilter(
|
|
PTRANSPORT_FILTER pTxFilter,
|
|
PINIQMPOLICY pIniQMPolicy
|
|
)
|
|
{
|
|
DWORD dwError = 0;
|
|
RPC_STATUS RpcStatus = RPC_S_OK;
|
|
|
|
|
|
pTxFilter->IpVersion = IPSEC_PROTOCOL_V4;
|
|
|
|
RpcStatus = UuidCreate(&(pTxFilter->gFilterID));
|
|
if (!(RpcStatus == RPC_S_OK || RpcStatus == RPC_S_UUID_LOCAL_ONLY)) {
|
|
dwError = RPC_S_CALL_FAILED;
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
}
|
|
|
|
dwError = CopyName(
|
|
L"0",
|
|
&(pTxFilter->pszFilterName)
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
pTxFilter->InterfaceType = INTERFACE_TYPE_ALL;
|
|
|
|
pTxFilter->bCreateMirror = TRUE;
|
|
|
|
pTxFilter->dwFlags = 0;
|
|
pTxFilter->dwFlags |= IPSEC_QM_POLICY_DEFAULT_POLICY;
|
|
|
|
pTxFilter->SrcAddr.AddrType = IP_ADDR_SUBNET;
|
|
pTxFilter->SrcAddr.uIpAddr = SUBNET_ADDRESS_ANY;
|
|
pTxFilter->SrcAddr.uSubNetMask = SUBNET_MASK_ANY;
|
|
pTxFilter->SrcAddr.pgInterfaceID = NULL;
|
|
|
|
pTxFilter->DesAddr.AddrType = IP_ADDR_SUBNET;
|
|
pTxFilter->DesAddr.uIpAddr = SUBNET_ADDRESS_ANY;
|
|
pTxFilter->DesAddr.uSubNetMask = SUBNET_MASK_ANY;
|
|
pTxFilter->DesAddr.pgInterfaceID = NULL;
|
|
|
|
pTxFilter->Protocol.ProtocolType = PROTOCOL_UNIQUE;
|
|
pTxFilter->Protocol.dwProtocol = 0;
|
|
|
|
pTxFilter->SrcPort.PortType = PORT_UNIQUE;
|
|
pTxFilter->SrcPort.wPort = 0;
|
|
|
|
pTxFilter->DesPort.PortType = PORT_UNIQUE;
|
|
pTxFilter->DesPort.wPort = 0;
|
|
|
|
pTxFilter->InboundFilterAction = NEGOTIATE_SECURITY;
|
|
|
|
pTxFilter->OutboundFilterAction = NEGOTIATE_SECURITY;
|
|
|
|
pTxFilter->dwDirection = 0;
|
|
|
|
pTxFilter->dwWeight = 0;
|
|
|
|
CopyGuid(pIniQMPolicy->gPolicyID, &(pTxFilter->gPolicyID));
|
|
|
|
error:
|
|
|
|
return (dwError);
|
|
}
|
|
|
|
|
|
DWORD
|
|
SeparateInterfaceAddresses(
|
|
PADDR_V4 pAddrList,
|
|
DWORD dwAddrCnt,
|
|
MATCHING_ADDR * pMatchingAddresses,
|
|
DWORD dwLocalAddrCnt,
|
|
PADDR_V4 * ppIsMeAddrList,
|
|
PDWORD pdwIsMeAddrCnt,
|
|
PADDR_V4 * ppIsNotMeAddrList,
|
|
PDWORD pdwIsNotMeAddrCnt
|
|
)
|
|
{
|
|
DWORD dwError = 0;
|
|
PADDR_V4 pIsMeAddrList = NULL;
|
|
DWORD i = 0;
|
|
|
|
|
|
if (dwAddrCnt) {
|
|
dwError = AllocateSPDMemory(
|
|
sizeof(ADDR_V4) * dwAddrCnt,
|
|
&pIsMeAddrList
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
}
|
|
|
|
for (i = 0; i < dwAddrCnt; i++) {
|
|
|
|
memcpy(
|
|
&(pIsMeAddrList[i]),
|
|
&(pAddrList[i]),
|
|
sizeof(ADDR_V4)
|
|
);
|
|
|
|
}
|
|
|
|
*ppIsMeAddrList = pIsMeAddrList;
|
|
*pdwIsMeAddrCnt = dwAddrCnt;
|
|
*ppIsNotMeAddrList = NULL;
|
|
*pdwIsNotMeAddrCnt = 0;
|
|
|
|
return (dwError);
|
|
|
|
error:
|
|
|
|
if (pIsMeAddrList) {
|
|
FreeSPDMemory(pIsMeAddrList);
|
|
}
|
|
|
|
*ppIsMeAddrList = NULL;
|
|
*pdwIsMeAddrCnt = 0;
|
|
*ppIsNotMeAddrList = NULL;
|
|
*pdwIsNotMeAddrCnt = 0;
|
|
|
|
return (dwError);
|
|
}
|
|
|