Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

1291 lines
36 KiB

/*++
Copyright (c) 1997 Microsoft Corporation
Module Name:
dispatch.c
Abstract:
This file contains the code for handling I/O request packets.
Author:
Abolade Gbadegesin (t-abolag) 11-July-1997
Revision History:
Abolade Gbadegesin (aboladeg) 19-July-1998
Cleaned up fast-path processing, and corrected input/output buffer logic
while making the mapping-tree global rather than per-interface.
--*/
#include "precomp.h"
#pragma hdrstop
//
// Fast-io-dispatch structure; we only support fast-IO for IOCTLs
//
FAST_IO_DISPATCH NatFastIoDispatch =
{
FIELD_OFFSET(FAST_IO_DISPATCH, FastIoDeviceControl),
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NatFastIoDeviceControl
};
//
// Spinlock to guard file object create / close
//
KSPIN_LOCK NatFileObjectLock;
//
// The process that owns the outstanding file objects
//
HANDLE NatOwnerProcessId;
//
// The count of outstanding user-mode file objects.
//
ULONG NatFileObjectCount;
//
// FORWARD DECLARATIONS
//
NTSTATUS
NatpExecuteIoDeviceControl(
PIRP Irp,
PFILE_OBJECT FileObject,
MODE RequestorMode,
PVOID InputBuffer,
ULONG InputBufferLength,
PVOID OutputBuffer,
ULONG OutputBufferLength,
ULONG IoControlCode,
PULONG Size
);
NTSTATUS
NatpSetGlobalInfo(
PVOID InputBuffer,
ULONG InputBufferLength,
PVOID OutputBuffer,
ULONG OutputBufferLength,
PULONG Size
);
BOOLEAN FASTCALL
NatpValidateHeader(
PRTR_INFO_BLOCK_HEADER Header,
ULONG Size
);
NTSTATUS
NatDispatch(
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp
)
/*++
Routine Description:
This routine is invoked to handle interrupt-request packets
queued to the NAT's device object. A single routine serves
to handle all the varios requests in which we are interested.
Arguments:
DeviceObject - the NAT's device-object
Irp - the interrupt request packet
Return Value:
NTSTATUS - status code.
--*/
{
PVOID Buffer;
PRTR_TOC_ENTRY Entry;
PRTR_INFO_BLOCK_HEADER Header;
ULONG i;
PIO_STACK_LOCATION IrpSp;
KIRQL Irql;
HANDLE ProcessId;
ULONG Size = 0;
NTSTATUS status = STATUS_SUCCESS;
BOOLEAN ShouldComplete = TRUE;
CALLTRACE(("NatDispatch\n"));
Irp->IoStatus.Status = STATUS_SUCCESS;
Irp->IoStatus.Information = 0;
Buffer = Irp->AssociatedIrp.SystemBuffer;
IrpSp = IoGetCurrentIrpStackLocation(Irp);
switch (IrpSp->MajorFunction) {
case IRP_MJ_CREATE: {
//
// If this is a user-mode request check process
// ownership.
//
if (UserMode == Irp->RequestorMode) {
ProcessId = PsGetCurrentProcessId();
KeAcquireSpinLock(&NatFileObjectLock, &Irql);
if (0 == NatFileObjectCount) {
//
// No process currently owns the NAT -- record
// the new owning process id, and update the
// outstanding file object count.
//
ASSERT(NULL == NatOwnerProcessId);
NatOwnerProcessId = ProcessId;
NatFileObjectCount = 1;
//
// We also mark the file object so that on
// deletion we know that it's user mode.
//
IrpSp->FileObject->FsContext = (PVOID) TRUE;
} else if (ProcessId == NatOwnerProcessId) {
//
// The owning process is creating another
// file object.
//
NatFileObjectCount += 1;
//
// We also mark the file object so that on
// deletion we know that it's user mode.
//
IrpSp->FileObject->FsContext = (PVOID) TRUE;
} else {
//
// A process that is not our owner is trying
// to create a file object -- fail the request.
//
status = STATUS_ACCESS_DENIED;
}
KeReleaseSpinLock(&NatFileObjectLock, Irql);
}
else
{
//
// Mark this as a kernel mode file object.
//
IrpSp->FileObject->FsContext = (PVOID) FALSE;
}
break;
}
case IRP_MJ_CLEANUP: {
NatDeleteAnyAssociatedInterface(IrpSp->FileObject);
NatCleanupAnyAssociatedRedirect(IrpSp->FileObject);
NatCleanupAnyAssociatedNotification(IrpSp->FileObject);
NatDeleteAnyAssociatedDynamicTicket(IrpSp->FileObject);
break;
}
case IRP_MJ_CLOSE: {
//
// If this is a user-mode file object update the outstanding
// file object count and process ownership.
//
if ((PVOID) TRUE == IrpSp->FileObject->FsContext) {
KeAcquireSpinLock(&NatFileObjectLock, &Irql);
ASSERT(NatFileObjectCount > 0);
NatFileObjectCount -= 1;
if (0 == NatFileObjectCount) {
//
// The process has closed its last outstanding
// file object, and thus is no longer our
// owner.
//
NatOwnerProcessId = NULL;
}
KeReleaseSpinLock(&NatFileObjectLock, Irql);
}
break;
}
case IRP_MJ_DEVICE_CONTROL: {
status =
NatpExecuteIoDeviceControl(
Irp,
IrpSp->FileObject,
Irp->RequestorMode,
Buffer,
IrpSp->Parameters.DeviceIoControl.InputBufferLength,
Buffer,
IrpSp->Parameters.DeviceIoControl.OutputBufferLength,
IrpSp->Parameters.DeviceIoControl.IoControlCode,
&Size
);
break;
}
#if NAT_WMI
case IRP_MJ_SYSTEM_CONTROL: {
status =
NatExecuteSystemControl(
DeviceObject,
Irp,
&ShouldComplete
);
if (ShouldComplete) {
ShouldComplete = FALSE;
IoCompleteRequest(Irp, IO_NO_INCREMENT);
}
break;
}
#endif
}
if (status != STATUS_PENDING && ShouldComplete) {
Irp->IoStatus.Status = status;
Irp->IoStatus.Information = Size;
IoCompleteRequest(Irp, IO_NO_INCREMENT);
}
return status;
} // NatDispatch
BOOLEAN
NatFastIoDeviceControl(
PFILE_OBJECT FileObject,
BOOLEAN Wait,
PVOID InputBuffer,
ULONG InputBufferLength,
PVOID OutputBuffer,
ULONG OutputBufferLength,
ULONG IoControlCode,
PIO_STATUS_BLOCK IoStatus,
PDEVICE_OBJECT DeviceObject
)
/*++
Routine Description:
This routine is invoked by the I/O system in an attempt to complete
an I/O control request without constructing an IRP.
Arguments:
FileObject - the file associated with the I/O request
Wait - indicates whether a wait is allowed in this context
InputBuffer - input information for the I/O request
InputBufferLength - length of 'InputBuffer'
OutputBuffer - output information for the I/O request
OutputBufferLength - length of 'OutputBuffer'
IoControlCode - I/O request code
IoStatus - receives the status of the I/O request
DeviceObject - device object of the NAT
Return Value:
BOOLEAN - TRUE if completed synchronously, FALSE otherwise
--*/
{
ULONG Size = 0;
NTSTATUS Status;
PVOID LocalInputBuffer;
MODE PreviousMode;
//
// We are in the context of the requesting thread,
// so exceptions may occur, and must be handled.
// To deal with modifications to the user-provided information
// capture the contents of the input buffer in non-paged pool.
//
if (!InputBufferLength) {
LocalInputBuffer = NULL;
} else {
LocalInputBuffer =
ExAllocatePoolWithTag(
NonPagedPool,
InputBufferLength,
NAT_TAG_IOCTL
);
if (!LocalInputBuffer) {
return FALSE;
}
}
PreviousMode = ExGetPreviousMode();
__try {
if (InputBufferLength) {
if (PreviousMode != KernelMode) {
ProbeForRead(InputBuffer, InputBufferLength, sizeof(UCHAR));
}
RtlCopyMemory(LocalInputBuffer, InputBuffer, InputBufferLength);
}
Status =
NatpExecuteIoDeviceControl(
NULL,
FileObject,
PreviousMode,
LocalInputBuffer,
InputBufferLength,
OutputBuffer,
OutputBufferLength,
IoControlCode,
&Size
);
if (Status != STATUS_PENDING && NT_SUCCESS(Status)) {
IoStatus->Information = Size;
IoStatus->Status = Status;
} else {
Status = STATUS_PENDING;
}
} __except(EXCEPTION_EXECUTE_HANDLER) {
if (LocalInputBuffer) { ExFreePool(LocalInputBuffer); }
return FALSE;
}
if (LocalInputBuffer) { ExFreePool(LocalInputBuffer); }
return ((Status == STATUS_PENDING) ? FALSE : TRUE);
} // NatFastIoDeviceControl
NTSTATUS
NatpExecuteIoDeviceControl(
PIRP Irp,
PFILE_OBJECT FileObject,
MODE RequestorMode,
PVOID InputBuffer,
ULONG InputBufferLength,
PVOID OutputBuffer,
ULONG OutputBufferLength,
ULONG IoControlCode,
PULONG Size
)
/*++
Routine Description:
This routine is invoked to handle I/O controls, either in the context
of the requesting thread (via FastIoDispatch) or in the context of a
system thread (with a corresponding IRP).
For certain requests, particularly those requiring output information,
we return 'STATUS_PENDING' when invoked in the fast path since we cannot
write into the output buffer at raised IRQL. Instead, we wait to be
reinvoked via the slow path with a non-paged system buffer.
Arguments:
Irp - in the slow-path, the IRP associated with the control;
in the fast-path, NULL
FileObject - the file-object associated with the control
RequestorMode - indicates whether the requestor is in kernel-mode
or user-mode
InputBuffer/InputBufferLength - describe data passed in with the control;
may be user-mode or kernel-mode buffer
OutputBuffer/OutputBufferLength - describe space in which to return
information; may be user-mode or kernel-mode buffer
IoControlCode - indicates control requested
Size - on output, number of bytes stored in 'OutputBuffer'.
Return Value:
NTSTATUS - status code.
--*/
{
PIP_ADAPTER_BINDING_INFO BindingInfo;
PRTR_TOC_ENTRY Entry;
PRTR_INFO_BLOCK_HEADER Header;
ULONG i;
NTSTATUS status = STATUS_SUCCESS;
*Size = 0;
switch (IoControlCode) {
case IOCTL_IP_NAT_REQUEST_NOTIFICATION: {
if (!Irp) { return STATUS_PENDING; }
if (InputBufferLength < sizeof(IP_NAT_REQUEST_NOTIFICATION)) {
status = STATUS_INVALID_BUFFER_SIZE;
break;
}
status =
NatRequestNotification(
(PIP_NAT_REQUEST_NOTIFICATION)InputBuffer,
Irp,
FileObject
);
break;
}
case IOCTL_IP_NAT_SET_GLOBAL_INFO: {
status =
NatpSetGlobalInfo(
InputBuffer,
InputBufferLength,
OutputBuffer,
OutputBufferLength,
Size
);
break;
}
case IOCTL_IP_NAT_CREATE_INTERFACE: {
if (InputBufferLength <
sizeof(IP_NAT_CREATE_INTERFACE) +
sizeof(IP_ADAPTER_BINDING_INFO)
) {
status = STATUS_INVALID_BUFFER_SIZE;
break;
}
BindingInfo =
(PIP_ADAPTER_BINDING_INFO)
((PIP_NAT_CREATE_INTERFACE)InputBuffer)->BindingInfo;
if (BindingInfo->AddressCount >= MAXLONG / sizeof(NAT_ADDRESS) ||
SIZEOF_IP_BINDING(BindingInfo->AddressCount) +
sizeof(IP_NAT_CREATE_INTERFACE) > InputBufferLength) {
status = STATUS_INVALID_PARAMETER;
break;
}
status =
NatCreateInterface(
(PIP_NAT_CREATE_INTERFACE)InputBuffer,
FileObject
);
break;
}
case IOCTL_IP_NAT_DELETE_INTERFACE: {
if (InputBufferLength != sizeof(ULONG)) {
status = STATUS_INVALID_BUFFER_SIZE;
break;
}
status =
NatDeleteInterface(
*(PULONG)InputBuffer,
FileObject
);
if (status == STATUS_PENDING) {
//
// A return of STATUS_PENDING indicates that the interface
// is now marked for deletion but an active thread holds
// a reference to it; convert this to a STATUS_SUCCESS code
// to avoid bypassing our IRP-completion code in 'NatDispatch'.
//
status = STATUS_SUCCESS;
}
break;
}
case IOCTL_IP_NAT_SET_INTERFACE_INFO: {
if (InputBufferLength <
FIELD_OFFSET(IP_NAT_INTERFACE_INFO, Header) +
FIELD_OFFSET(RTR_INFO_BLOCK_HEADER, TocEntry)
) {
status = STATUS_INVALID_BUFFER_SIZE;
break;
}
Header = &((PIP_NAT_INTERFACE_INFO)InputBuffer)->Header;
if (!NatpValidateHeader(
Header,
InputBufferLength -
FIELD_OFFSET(IP_NAT_INTERFACE_INFO, Header)
)) {
status = STATUS_INVALID_BUFFER_SIZE;
break;
}
status =
NatConfigureInterface(
(PIP_NAT_INTERFACE_INFO)InputBuffer,
FileObject
);
break;
}
case IOCTL_IP_NAT_GET_INTERFACE_INFO: {
*Size = OutputBufferLength;
if (InputBufferLength != sizeof(ULONG)) {
status = STATUS_INVALID_BUFFER_SIZE;
break;
}
status =
NatQueryInformationInterface(
*(PULONG)InputBuffer,
(PIP_NAT_INTERFACE_INFO)OutputBuffer,
Size
);
break;
}
case IOCTL_IP_NAT_GET_INTERFACE_STATISTICS: {
if (InputBufferLength != sizeof(ULONG)) {
status = STATUS_INVALID_BUFFER_SIZE;
break;
}
if (OutputBufferLength < sizeof(IP_NAT_INTERFACE_STATISTICS)) {
status = STATUS_BUFFER_TOO_SMALL;
break;
}
*Size = sizeof(IP_NAT_INTERFACE_STATISTICS);
status =
NatQueryStatisticsInterface(
*(PULONG)InputBuffer,
(PIP_NAT_INTERFACE_STATISTICS)OutputBuffer
);
break;
}
case IOCTL_IP_NAT_GET_INTERFACE_MAPPING_TABLE: {
if (!Irp) { return STATUS_PENDING; }
*Size = OutputBufferLength;
if (InputBufferLength <
FIELD_OFFSET(IP_NAT_ENUMERATE_SESSION_MAPPINGS,
EnumerateTable)) {
status = STATUS_INVALID_BUFFER_SIZE;
break;
}
if (OutputBufferLength <
FIELD_OFFSET(IP_NAT_ENUMERATE_SESSION_MAPPINGS,
EnumerateTable)) {
status = STATUS_INVALID_BUFFER_SIZE;
break;
}
status =
NatQueryInterfaceMappingTable(
(PIP_NAT_ENUMERATE_SESSION_MAPPINGS)InputBuffer,
(PIP_NAT_ENUMERATE_SESSION_MAPPINGS)OutputBuffer,
Size
);
break;
}
case IOCTL_IP_NAT_GET_MAPPING_TABLE: {
if (!Irp) { return STATUS_PENDING; }
*Size = OutputBufferLength;
if (InputBufferLength <
FIELD_OFFSET(IP_NAT_ENUMERATE_SESSION_MAPPINGS,
EnumerateTable)) {
status = STATUS_INVALID_BUFFER_SIZE;
break;
}
if (OutputBufferLength <
FIELD_OFFSET(IP_NAT_ENUMERATE_SESSION_MAPPINGS,
EnumerateTable)) {
status = STATUS_INVALID_BUFFER_SIZE;
break;
}
status =
NatQueryMappingTable(
(PIP_NAT_ENUMERATE_SESSION_MAPPINGS)InputBuffer,
(PIP_NAT_ENUMERATE_SESSION_MAPPINGS)OutputBuffer,
Size
);
break;
}
case IOCTL_IP_NAT_REGISTER_DIRECTOR: {
*Size = sizeof(IP_NAT_REGISTER_DIRECTOR);
//
// Only kernel-mode drivers can register as directors
//
if (RequestorMode != KernelMode ||
SharedUserData->NtProductType == NtProductWinNt) {
status = STATUS_ACCESS_DENIED;
break;
}
if (InputBufferLength != sizeof(IP_NAT_REGISTER_DIRECTOR)) {
status = STATUS_INVALID_BUFFER_SIZE;
break;
}
if (OutputBufferLength < sizeof(IP_NAT_REGISTER_DIRECTOR)) {
status = STATUS_BUFFER_TOO_SMALL;
break;
}
//
// Perform the director-registration
//
status =
NatCreateDirector(
(PIP_NAT_REGISTER_DIRECTOR)InputBuffer
);
break;
}
case IOCTL_IP_NAT_GET_DIRECTOR_TABLE: {
if (!Irp) { return STATUS_PENDING; }
*Size = OutputBufferLength;
if (InputBufferLength <
FIELD_OFFSET(IP_NAT_ENUMERATE_DIRECTORS, EnumerateTable)) {
status = STATUS_INVALID_BUFFER_SIZE;
break;
}
if (OutputBufferLength <
FIELD_OFFSET(IP_NAT_ENUMERATE_DIRECTORS, EnumerateTable)) {
status = STATUS_INVALID_BUFFER_SIZE;
break;
}
status =
NatQueryDirectorTable(
(PIP_NAT_ENUMERATE_DIRECTORS)InputBuffer,
(PIP_NAT_ENUMERATE_DIRECTORS)OutputBuffer,
Size
);
break;
}
case IOCTL_IP_NAT_REGISTER_EDITOR: {
*Size = sizeof(IP_NAT_REGISTER_EDITOR);
//
// Only kernel-mode drivers can register as editors
//
if (RequestorMode != KernelMode) {
status = STATUS_ACCESS_DENIED;
break;
}
if (InputBufferLength != sizeof(IP_NAT_REGISTER_EDITOR)) {
status = STATUS_INVALID_BUFFER_SIZE;
break;
}
if (OutputBufferLength < sizeof(IP_NAT_REGISTER_EDITOR)) {
status = STATUS_BUFFER_TOO_SMALL;
break;
}
//
// Perform the editor-registration
//
status = NatCreateEditor((PIP_NAT_REGISTER_EDITOR)InputBuffer);
break;
}
case IOCTL_IP_NAT_GET_EDITOR_TABLE: {
if (!Irp) { return STATUS_PENDING; }
*Size = OutputBufferLength;
if (InputBufferLength <
FIELD_OFFSET(IP_NAT_ENUMERATE_EDITORS, EnumerateTable)) {
status = STATUS_INVALID_BUFFER_SIZE;
break;
}
if (OutputBufferLength <
FIELD_OFFSET(IP_NAT_ENUMERATE_EDITORS, EnumerateTable)) {
status = STATUS_INVALID_BUFFER_SIZE;
break;
}
status =
NatQueryEditorTable(
(PIP_NAT_ENUMERATE_EDITORS)InputBuffer,
(PIP_NAT_ENUMERATE_EDITORS)OutputBuffer,
Size
);
break;
}
case IOCTL_IP_NAT_CREATE_REDIRECT: {
if (!Irp) { return STATUS_PENDING; }
#if 0
if (SharedUserData->NtProductType == NtProductWinNt) {
status = STATUS_ACCESS_DENIED;
break;
}
#endif
if (InputBufferLength != sizeof(IP_NAT_CREATE_REDIRECT) ||
OutputBufferLength != sizeof(IP_NAT_REDIRECT_STATISTICS)) {
status = STATUS_INVALID_BUFFER_SIZE;
break;
}
status =
NatCreateRedirect(
(PIP_NAT_CREATE_REDIRECT)InputBuffer,
Irp,
FileObject
);
break;
}
case IOCTL_IP_NAT_CREATE_REDIRECT_EX: {
if (!Irp) { return STATUS_PENDING; }
#if 0
if (SharedUserData->NtProductType == NtProductWinNt) {
status = STATUS_ACCESS_DENIED;
break;
}
#endif
if (InputBufferLength != sizeof(IP_NAT_CREATE_REDIRECT_EX) ||
OutputBufferLength != sizeof(IP_NAT_REDIRECT_STATISTICS)) {
status = STATUS_INVALID_BUFFER_SIZE;
break;
}
status =
NatCreateRedirectEx(
(PIP_NAT_CREATE_REDIRECT_EX)InputBuffer,
Irp,
FileObject
);
break;
}
case IOCTL_IP_NAT_CANCEL_REDIRECT: {
if (InputBufferLength != sizeof(IP_NAT_LOOKUP_REDIRECT)) {
status = STATUS_INVALID_BUFFER_SIZE;
break;
}
status =
NatCancelRedirect(
(PIP_NAT_LOOKUP_REDIRECT)InputBuffer,
FileObject
);
break;
}
case IOCTL_IP_NAT_GET_REDIRECT_STATISTICS: {
if (!Irp) { return STATUS_PENDING; }
if (InputBufferLength != sizeof(IP_NAT_LOOKUP_REDIRECT) ||
OutputBufferLength != sizeof(IP_NAT_REDIRECT_STATISTICS)) {
status = STATUS_INVALID_BUFFER_SIZE;
break;
}
status =
NatQueryInformationRedirect(
(PIP_NAT_LOOKUP_REDIRECT)InputBuffer,
OutputBuffer,
OutputBufferLength,
NatStatisticsRedirectInformation
);
if (NT_SUCCESS(status)) { *Size = OutputBufferLength; }
break;
}
case IOCTL_IP_NAT_GET_REDIRECT_DESTINATION_MAPPING: {
if (!Irp) { return STATUS_PENDING; }
if (InputBufferLength != sizeof(IP_NAT_LOOKUP_REDIRECT) ||
OutputBufferLength !=
sizeof(IP_NAT_REDIRECT_DESTINATION_MAPPING)) {
status = STATUS_INVALID_BUFFER_SIZE;
break;
}
status =
NatQueryInformationRedirect(
(PIP_NAT_LOOKUP_REDIRECT)InputBuffer,
OutputBuffer,
OutputBufferLength,
NatDestinationMappingRedirectInformation
);
if (NT_SUCCESS(status)) { *Size = OutputBufferLength; }
break;
}
case IOCTL_IP_NAT_GET_REDIRECT_SOURCE_MAPPING: {
if (!Irp) { return STATUS_PENDING; }
if (InputBufferLength != sizeof(IP_NAT_LOOKUP_REDIRECT) ||
OutputBufferLength != sizeof(IP_NAT_REDIRECT_SOURCE_MAPPING)) {
status = STATUS_INVALID_BUFFER_SIZE;
break;
}
status =
NatQueryInformationRedirect(
(PIP_NAT_LOOKUP_REDIRECT)InputBuffer,
OutputBuffer,
OutputBufferLength,
NatSourceMappingRedirectInformation
);
if (NT_SUCCESS(status)) { *Size = OutputBufferLength; }
break;
}
case IOCTL_IP_NAT_LOOKUP_SESSION_MAPPING_KEY: {
PIP_NAT_LOOKUP_SESSION_MAPPING LookupMapping;
if (!Irp) { return STATUS_PENDING; }
if (InputBufferLength != sizeof(IP_NAT_LOOKUP_SESSION_MAPPING) ||
OutputBufferLength != sizeof(IP_NAT_SESSION_MAPPING_KEY)) {
status = STATUS_INVALID_BUFFER_SIZE;
break;
}
LookupMapping = (PIP_NAT_LOOKUP_SESSION_MAPPING)InputBuffer;
status =
NatLookupAndQueryInformationMapping(
LookupMapping->Protocol,
LookupMapping->DestinationAddress,
LookupMapping->DestinationPort,
LookupMapping->SourceAddress,
LookupMapping->SourcePort,
OutputBuffer,
OutputBufferLength,
NatKeySessionMappingInformation
);
if (NT_SUCCESS(status)) { *Size = OutputBufferLength; }
break;
}
case IOCTL_IP_NAT_LOOKUP_SESSION_MAPPING_KEY_EX: {
PIP_NAT_LOOKUP_SESSION_MAPPING LookupMapping;
if (!Irp) { return STATUS_PENDING; }
if (InputBufferLength != sizeof(IP_NAT_LOOKUP_SESSION_MAPPING) ||
OutputBufferLength != sizeof(IP_NAT_SESSION_MAPPING_KEY_EX)) {
status = STATUS_INVALID_BUFFER_SIZE;
break;
}
LookupMapping = (PIP_NAT_LOOKUP_SESSION_MAPPING)InputBuffer;
status =
NatLookupAndQueryInformationMapping(
LookupMapping->Protocol,
LookupMapping->DestinationAddress,
LookupMapping->DestinationPort,
LookupMapping->SourceAddress,
LookupMapping->SourcePort,
OutputBuffer,
OutputBufferLength,
NatKeySessionMappingExInformation
);
if (NT_SUCCESS(status)) { *Size = OutputBufferLength; }
break;
}
case IOCTL_IP_NAT_LOOKUP_SESSION_MAPPING_STATISTICS: {
PIP_NAT_LOOKUP_SESSION_MAPPING LookupMapping;
if (!Irp) { return STATUS_PENDING; }
if (InputBufferLength != sizeof(IP_NAT_LOOKUP_SESSION_MAPPING) ||
OutputBufferLength != sizeof(IP_NAT_SESSION_MAPPING_STATISTICS)) {
status = STATUS_INVALID_BUFFER_SIZE;
break;
}
LookupMapping = (PIP_NAT_LOOKUP_SESSION_MAPPING)InputBuffer;
status =
NatLookupAndQueryInformationMapping(
LookupMapping->Protocol,
LookupMapping->DestinationAddress,
LookupMapping->DestinationPort,
LookupMapping->SourceAddress,
LookupMapping->SourcePort,
OutputBuffer,
OutputBufferLength,
NatStatisticsSessionMappingInformation
);
if (NT_SUCCESS(status)) { *Size = OutputBufferLength; }
break;
}
case IOCTL_IP_NAT_CREATE_DYNAMIC_TICKET: {
if (InputBufferLength < sizeof(IP_NAT_CREATE_DYNAMIC_TICKET)) {
status = STATUS_INVALID_BUFFER_SIZE;
break;
}
status =
NatCreateDynamicTicket(
(PIP_NAT_CREATE_DYNAMIC_TICKET)InputBuffer,
InputBufferLength,
FileObject
);
break;
}
case IOCTL_IP_NAT_DELETE_DYNAMIC_TICKET: {
if (InputBufferLength != sizeof(IP_NAT_DELETE_DYNAMIC_TICKET)) {
status = STATUS_INVALID_BUFFER_SIZE;
break;
}
status =
NatDeleteDynamicTicket(
(PIP_NAT_DELETE_DYNAMIC_TICKET)InputBuffer,
FileObject
);
break;
}
case IOCTL_IP_NAT_CREATE_TICKET: {
if (InputBufferLength != sizeof(IP_NAT_CREATE_TICKET)) {
status = STATUS_INVALID_BUFFER_SIZE;
break;
}
status =
NatProcessCreateTicket(
(PIP_NAT_CREATE_TICKET)InputBuffer,
FileObject
);
break;
}
case IOCTL_IP_NAT_DELETE_TICKET: {
if (InputBufferLength != sizeof(IP_NAT_CREATE_TICKET)) {
status = STATUS_INVALID_BUFFER_SIZE;
break;
}
status =
NatProcessDeleteTicket(
(PIP_NAT_CREATE_TICKET)InputBuffer,
FileObject
);
break;
}
case IOCTL_IP_NAT_LOOKUP_TICKET: {
if (InputBufferLength != sizeof(IP_NAT_CREATE_TICKET)) {
status = STATUS_INVALID_BUFFER_SIZE;
break;
}
if (OutputBufferLength != sizeof(IP_NAT_PORT_MAPPING)) {
status = STATUS_INVALID_BUFFER_SIZE;
break;
}
status =
NatProcessLookupTicket(
(PIP_NAT_CREATE_TICKET)InputBuffer,
(PIP_NAT_PORT_MAPPING)OutputBuffer,
FileObject
);
break;
}
default: {
status = STATUS_INVALID_PARAMETER;
break;
}
}
return status;
} // NatpExecuteIoDeviceControl
NTSTATUS
NatpSetGlobalInfo(
PVOID InputBuffer,
ULONG InputBufferLength,
PVOID OutputBuffer,
ULONG OutputBufferLength,
PULONG Size
)
/*++
Routine Description:
This routine is invoked upon receipt of the NAT's configuration.
Arguments:
InputBuffer/InputBufferLength - describe configuration information
OutputBuffer/OutputBufferLength - unused.
Size - unused
Return Value:
NTSTATUS - status code.
--*/
{
PRTR_TOC_ENTRY Entry;
PRTR_INFO_BLOCK_HEADER Header;
ULONG i;
ULONG Protocol;
if (InputBufferLength <
FIELD_OFFSET(IP_NAT_GLOBAL_INFO, Header) +
FIELD_OFFSET(RTR_INFO_BLOCK_HEADER, TocEntry)
) {
return STATUS_INVALID_BUFFER_SIZE;
}
Header = &((PIP_NAT_GLOBAL_INFO)InputBuffer)->Header;
if (!NatpValidateHeader(
Header,
InputBufferLength - FIELD_OFFSET(IP_NAT_GLOBAL_INFO, Header)
)) {
return STATUS_INVALID_BUFFER_SIZE;
}
for (i = 0; i < Header->TocEntriesCount; i++) {
Entry = &Header->TocEntry[i];
switch (Entry->InfoType) {
case IP_NAT_TIMEOUT_TYPE: {
PIP_NAT_TIMEOUT Timeout = GetInfoFromTocEntry(Header,Entry);
InterlockedExchange(
&TcpTimeoutSeconds,
Timeout->TCPTimeoutSeconds
);
InterlockedExchange(
&UdpTimeoutSeconds,
Timeout->UDPTimeoutSeconds
);
break;
}
case IP_NAT_PROTOCOLS_ALLOWED_TYPE: {
PIP_NAT_PROTOCOLS_ALLOWED ProtocolsAllowed =
GetInfoFromTocEntry(Header,Entry);
//
// The protocols allowed are specified using a 256-bit bitmap;
// an allowed protocol has the bit for its protocol number set.
// For each protocol enabled in the bitmap, we now install the
// default IP-header translation routine, with the exception
// of protocols which are always enabled.
//
#define IS_BIT_SET(b,i) ((b)[(i) / 32] & (1 << ((i) & 31)))
for (Protocol = 0; Protocol < 256; Protocol++) {
if (Protocol == NAT_PROTOCOL_ICMP ||
Protocol == NAT_PROTOCOL_PPTP ||
Protocol == NAT_PROTOCOL_TCP ||
Protocol == NAT_PROTOCOL_UDP
) {
continue;
}
if (IS_BIT_SET(ProtocolsAllowed->Bitmap, Protocol)) {
InterlockedExchangePointer(
(PVOID)TranslateRoutineTable[Protocol],
(PVOID)NatTranslateIp
);
}
else {
InterlockedExchangePointer(
(PVOID)TranslateRoutineTable[Protocol],
NULL
);
}
}
break;
}
}
}
return STATUS_SUCCESS;
}
BOOLEAN FASTCALL
NatpValidateHeader(
PRTR_INFO_BLOCK_HEADER Header,
ULONG Size
)
/*++
Routine Description:
This routine is invoked to ensure that the given header is consistent.
This is the case if
* the header's size is less than or equal to 'Size'
* each entry in the header is contained in 'Header->Size'.
* the data for each entry is contained in 'Header->Size'.
Arguments:
Header - the header to be validated
Size - the size of the buffer in which 'Header' appears
Return Value:
BOOLEAN - TRUE if valid, FALSE otherwise.
--*/
{
ULONG i;
ULONG64 Length;
//
// Check that the base structure is present
//
if (Size < FIELD_OFFSET(RTR_INFO_BLOCK_HEADER, TocEntry) ||
Size < Header->Size) {
return FALSE;
}
//
// Check that the table of contents is present
//
Length = (ULONG64)Header->TocEntriesCount * sizeof(RTR_TOC_ENTRY);
if (Length > MAXLONG) {
return FALSE;
}
Length += FIELD_OFFSET(RTR_INFO_BLOCK_HEADER, TocEntry);
if (Length > Header->Size) {
return FALSE;
}
//
// Check that all the data is present
//
for (i = 0; i < Header->TocEntriesCount; i++) {
Length =
(ULONG64)Header->TocEntry[i].Count * Header->TocEntry[i].InfoSize;
if (Length > MAXLONG) {
return FALSE;
}
if ((Length + Header->TocEntry[i].Offset) > Header->Size) {
return FALSE;
}
}
return TRUE;
} // NatpValidateHeader