archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 744f0b4006
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '744f0b4006'
${ noResults }
windows-xp/Source/XPSP1/NT/net/tcpip/driver/ipsec/sys/gpc.c

868 lines
23 KiB
Raw Normal View History

Add source files
4 years ago
  1. /*++
  3. Copyright (c) 1999-2001 Microsoft Corporation
  5. Module Name:
  7. gpc.c
  9. Abstract:
  11. This module contains the GPC implementation
  13. Author:
  15. ChunYe
  17. Environment:
  19. Kernel mode
  21. Revision History:
  23. --*/
  26. #include "precomp.h"
  29. #if GPC
  32. NTSTATUS
  33. IPSecGpcInitialize()
  34. {
  35. NTSTATUS status;
  36. INT cf, i;
  38. PAGED_CODE();
  40. //
  41. // Initialize FilterList for patterns that are not installed in GPC.
  42. //
  43. for (i = MIN_FILTER; i <= MAX_FILTER; i++) {
  44. InitializeListHead(&g_ipsec.GpcFilterList[i]);
  45. }
  47. //
  48. // Start with inactive state for the error path.
  49. //
  50. IPSEC_DRIVER_INIT_GPC() = FALSE;
  51. IPSEC_UNSET_GPC_ACTIVE();
  53. //
  54. // GPC registration.
  55. //
  56. status = GpcInitialize(&g_ipsec.GpcEntries);
  58. if (status == STATUS_SUCCESS) {
  59. for (cf = GPC_CF_IPSEC_MIN; cf <= GPC_CF_IPSEC_MAX; cf++) {
  60. status = GPC_REGISTER_CLIENT( cf,
  61. 0,
  62. GPC_PRIORITY_IPSEC,
  63. NULL,
  64. NULL,
  65. &g_ipsec.GpcClients[cf]);
  67. if (status != STATUS_SUCCESS) {
  68. IPSEC_DEBUG(LOAD, ("GPC failed to register cf %d\n", cf));
  70. g_ipsec.GpcClients[cf] = NULL;
  71. IPSecGpcDeinitialize();
  73. return status;
  74. }
  75. }
  76. } else {
  77. IPSEC_DEBUG(LOAD, ("Failed to init GPC structures\n"));
  78. return status;
  79. }
  81. IPSEC_SET_GPC_ACTIVE();
  82. IPSEC_DRIVER_INIT_GPC() = TRUE;
  84. return STATUS_SUCCESS;
  85. }
  88. NTSTATUS
  89. IPSecGpcDeinitialize()
  90. {
  91. INT cf;
  93. PAGED_CODE();
  95. IPSEC_UNSET_GPC_ACTIVE();
  97. //
  98. // GPC deregistration.
  99. //
  100. for (cf = GPC_CF_IPSEC_MIN; cf <= GPC_CF_IPSEC_MAX; cf++) {
  101. if (g_ipsec.GpcClients[cf]) {
  102. GPC_DEREGISTER_CLIENT(g_ipsec.GpcClients[cf]);
  103. }
  104. }
  106. GpcDeinitialize(&g_ipsec.GpcEntries);
  108. return STATUS_SUCCESS;
  109. }
  112. NTSTATUS
  113. IPSecEnableGpc()
  114. {
  115. KIRQL kIrql;
  117. PAGED_CODE();
  119. if (IPSEC_DRIVER_INIT_GPC()) {
  120. AcquireWriteLock(&g_ipsec.SADBLock, &kIrql);
  122. IPSEC_SET_GPC_ACTIVE();
  124. ReleaseWriteLock(&g_ipsec.SADBLock, kIrql);
  125. }
  127. return STATUS_SUCCESS;
  128. }
  131. NTSTATUS
  132. IPSecDisableGpc()
  133. {
  134. KIRQL kIrql;
  136. PAGED_CODE();
  138. if (IPSEC_DRIVER_INIT_GPC()) {
  139. AcquireWriteLock(&g_ipsec.SADBLock, &kIrql);
  141. IPSEC_UNSET_GPC_ACTIVE();
  143. ReleaseWriteLock(&g_ipsec.SADBLock, kIrql);
  144. }
  146. return STATUS_SUCCESS;
  147. }
  150. NTSTATUS
  151. IPSecInitGpcFilter(
  152. IN PFILTER pFilter,
  153. IN PGPC_IP_PATTERN pPattern,
  154. IN PGPC_IP_PATTERN pMask
  155. )
  156. {
  157. PAGED_CODE();
  159. RtlZeroMemory(pPattern, sizeof(GPC_IP_PATTERN));
  160. RtlZeroMemory(pMask, sizeof(GPC_IP_PATTERN));
  162. pPattern->SrcAddr = pFilter->SRC_ADDR;
  163. pPattern->DstAddr = pFilter->DEST_ADDR;
  164. pPattern->ProtocolId = (UCHAR)pFilter->PROTO;
  165. pPattern->gpcSrcPort = FI_SRC_PORT(pFilter);
  166. pPattern->gpcDstPort = FI_DEST_PORT(pFilter);
  168. pMask->SrcAddr = pFilter->SRC_MASK;
  169. pMask->DstAddr = pFilter->DEST_MASK;
  170. pMask->ProtocolId = (UCHAR)IPSEC_GPC_MASK_ALL;
  171. pMask->gpcSrcPort = IPSEC_GPC_MASK_NONE;
  172. pMask->gpcDstPort = IPSEC_GPC_MASK_NONE;
  174. switch (pFilter->PROTO) {
  175. case FILTER_PROTO_ANY:
  176. if (FI_SRC_PORT(pFilter) != FILTER_TCPUDP_PORT_ANY) {
  177. RtlFillMemory( &pMask->gpcSrcPort,
  178. sizeof(pMask->gpcSrcPort),
  179. IPSEC_GPC_MASK_ALL);
  180. }
  181. if (FI_DEST_PORT(pFilter) != FILTER_TCPUDP_PORT_ANY) {
  182. RtlFillMemory( &pMask->gpcDstPort,
  183. sizeof(pMask->gpcDstPort),
  184. IPSEC_GPC_MASK_ALL);
  185. }
  186. pMask->ProtocolId = (UCHAR)IPSEC_GPC_MASK_NONE;
  187. break;
  189. case FILTER_PROTO_TCP:
  190. case FILTER_PROTO_UDP:
  191. if (FI_SRC_PORT(pFilter) != FILTER_TCPUDP_PORT_ANY) {
  192. RtlFillMemory( &pMask->gpcSrcPort,
  193. sizeof(pMask->gpcSrcPort),
  194. IPSEC_GPC_MASK_ALL);
  195. }
  196. if (FI_DEST_PORT(pFilter) != FILTER_TCPUDP_PORT_ANY) {
  197. RtlFillMemory( &pMask->gpcDstPort,
  198. sizeof(pMask->gpcDstPort),
  199. IPSEC_GPC_MASK_ALL);
  200. }
  201. break;
  203. default:
  204. break;
  205. }
  207. return STATUS_SUCCESS;
  208. }
  211. NTSTATUS
  212. IPSecInsertGpcPattern(
  213. IN PFILTER pFilter
  214. )
  215. {
  216. CLASSIFICATION_HANDLE GpcHandle;
  217. GPC_IP_PATTERN GpcPattern;
  218. GPC_IP_PATTERN GpcMask;
  219. ULONG GpcPriority;
  220. INT GpcCf;
  221. NTSTATUS status;
  223. PAGED_CODE();
  225. GpcCf = IPSecResolveGpcCf(IS_OUTBOUND_FILTER(pFilter));
  227. //
  228. // Add the filter as a CfInfo
  229. //
  230. status = GPC_ADD_CFINFO(g_ipsec.GpcClients[GpcCf],
  231. sizeof(PFILTER),
  232. (PVOID)&pFilter,
  233. (GPC_CLIENT_HANDLE)pFilter,
  234. &pFilter->GpcFilter.GpcCfInfoHandle);
  236. if (status == STATUS_SUCCESS) {
  237. //
  238. // Now add the filter as a pattern
  239. //
  240. IPSecInitGpcFilter(pFilter, &GpcPattern, &GpcMask);
  242. if (FI_DEST_PORT(pFilter) == FILTER_TCPUDP_PORT_ANY) {
  243. GpcPriority = 1;
  244. } else {
  245. GpcPriority = 0;
  246. }
  248. ASSERT(GpcPriority < GPC_PRIORITY_IPSEC);
  250. status = GPC_ADD_PATTERN( g_ipsec.GpcClients[GpcCf],
  251. GPC_PROTOCOL_TEMPLATE_IP,
  252. &GpcPattern,
  253. &GpcMask,
  254. GpcPriority,
  255. pFilter->GpcFilter.GpcCfInfoHandle,
  256. &pFilter->GpcFilter.GpcPatternHandle,
  257. &GpcHandle);
  259. if (status != STATUS_SUCCESS) {
  260. IPSEC_DEBUG(GPC, ("GpcAddPattern: failed with status %lx\n", status));
  262. GPC_REMOVE_CFINFO( g_ipsec.GpcClients[GpcCf],
  263. pFilter->GpcFilter.GpcCfInfoHandle);
  265. pFilter->GpcFilter.GpcCfInfoHandle = NULL;
  266. pFilter->GpcFilter.GpcPatternHandle = NULL;
  267. } else {
  268. g_ipsec.GpcNumFilters[GpcPriority]++;
  269. }
  270. }
  272. return status;
  273. }
  276. NTSTATUS
  277. IPSecDeleteGpcPattern(
  278. IN PFILTER pFilter
  279. )
  280. {
  281. ULONG GpcPriority;
  282. INT GpcCf = IPSecResolveGpcCf(IS_OUTBOUND_FILTER(pFilter));
  284. PAGED_CODE();
  286. if (pFilter->GpcFilter.GpcPatternHandle) {
  287. GPC_REMOVE_PATTERN( g_ipsec.GpcClients[GpcCf],
  288. pFilter->GpcFilter.GpcPatternHandle);
  290. pFilter->GpcFilter.GpcPatternHandle = NULL;
  292. ASSERT(pFilter->GpcFilter.GpcCfInfoHandle);
  294. if (pFilter->GpcFilter.GpcCfInfoHandle) {
  295. GPC_REMOVE_CFINFO( g_ipsec.GpcClients[GpcCf],
  296. pFilter->GpcFilter.GpcCfInfoHandle);
  298. pFilter->GpcFilter.GpcCfInfoHandle = NULL;
  299. }
  301. if (FI_DEST_PORT(pFilter) == FILTER_TCPUDP_PORT_ANY) {
  302. GpcPriority = 1;
  303. } else {
  304. GpcPriority = 0;
  305. }
  307. ASSERT(GpcPriority < GPC_PRIORITY_IPSEC);
  309. g_ipsec.GpcNumFilters[GpcPriority]--;
  310. }
  312. return STATUS_SUCCESS;
  313. }
  316. NTSTATUS
  317. IPSecInsertGpcFilter(
  318. IN PFILTER pFilter
  319. )
  320. {
  321. NTSTATUS status;
  322. PFILTER pTempFilter;
  323. BOOL InsertedFilter = FALSE;
  324. PLIST_ENTRY pEntry, pPrev;
  325. PLIST_ENTRY pFilterList;
  326. KIRQL kIrql;
  328. PAGED_CODE();
  330. AcquireWriteLock(&g_ipsec.SADBLock, &kIrql);
  332. pFilterList = IPSecResolveGpcFilterList(IS_TUNNEL_FILTER(pFilter),
  333. IS_OUTBOUND_FILTER(pFilter));
  335. pEntry = pFilterList->Flink;
  336. pPrev = pFilterList;
  338. while (pEntry != pFilterList) {
  339. pTempFilter = CONTAINING_RECORD(pEntry,
  340. FILTER,
  341. GpcLinkage);
  343. if (pFilter->Index > pTempFilter->Index) {
  344. //
  345. // found the spot, insert it before pTempFilter
  346. //
  347. InsertHeadList(pPrev, &pFilter->GpcLinkage);
  348. InsertedFilter = TRUE;
  349. break;
  350. }
  352. pPrev = pEntry;
  353. pEntry = pEntry->Flink;
  354. }
  356. if (!InsertedFilter) {
  357. //
  358. // didn't find spot, stick it in the end
  359. //
  360. InsertTailList(pFilterList, &pFilter->GpcLinkage);
  361. }
  363. ReleaseWriteLock(&g_ipsec.SADBLock, kIrql);
  365. return STATUS_SUCCESS;
  366. }
  369. NTSTATUS
  370. IPSecDeleteGpcFilter(
  371. IN PFILTER pFilter
  372. )
  373. {
  374. KIRQL kIrql;
  376. PAGED_CODE();
  378. if (!pFilter->GpcLinkage.Flink || !pFilter->GpcLinkage.Blink) {
  379. return STATUS_SUCCESS;
  380. }
  382. AcquireWriteLock(&g_ipsec.SADBLock, &kIrql);
  384. IPSecRemoveEntryList(&pFilter->GpcLinkage);
  386. ReleaseWriteLock(&g_ipsec.SADBLock, kIrql);
  388. return STATUS_SUCCESS;
  389. }
  392. NTSTATUS
  393. IPSecInstallGpcFilter(
  394. IN PFILTER pFilter
  395. )
  396. {
  397. PAGED_CODE();
  399. if (IS_TUNNEL_FILTER(pFilter)) {
  400. return STATUS_SUCCESS;
  401. }
  403. if (IS_GPC_FILTER(pFilter)) {
  404. return IPSecInsertGpcPattern(pFilter);
  405. } else {
  406. return IPSecInsertGpcFilter(pFilter);
  407. }
  408. }
  411. NTSTATUS
  412. IPSecUninstallGpcFilter(
  413. IN PFILTER pFilter
  414. )
  415. {
  416. PAGED_CODE();
  418. if (IS_TUNNEL_FILTER(pFilter)) {
  419. return STATUS_SUCCESS;
  420. }
  422. if (IS_GPC_FILTER(pFilter)) {
  423. return IPSecDeleteGpcPattern(pFilter);
  424. } else {
  425. return IPSecDeleteGpcFilter(pFilter);
  426. }
  427. }
  430. NTSTATUS
  431. IPSecLookupGpcSA(
  432. IN ULARGE_INTEGER uliSrcDstAddr,
  433. IN ULARGE_INTEGER uliProtoSrcDstPort,
  434. IN CLASSIFICATION_HANDLE GpcHandle,
  435. OUT PFILTER *ppFilter,
  436. OUT PSA_TABLE_ENTRY *ppSA,
  437. OUT PSA_TABLE_ENTRY *ppNextSA,
  438. OUT PSA_TABLE_ENTRY *ppTunnelSA,
  439. IN BOOLEAN fOutbound
  440. )
  441. {
  442. PFILTER pFilter;
  443. PFILTER pTempFilter;
  444. PLIST_ENTRY pEntry;
  445. PLIST_ENTRY pFilterList;
  446. PLIST_ENTRY pSAChain;
  447. PSA_TABLE_ENTRY pSA;
  448. REGISTER ULARGE_INTEGER uliPort;
  449. REGISTER ULARGE_INTEGER uliAddr;
  450. BOOLEAN fFound = FALSE;
  451. INT GpcCf;
  452. CLASSIFICATION_HANDLE TempGpcHandle;
  454. *ppSA = NULL;
  455. *ppFilter = NULL;
  456. *ppTunnelSA = NULL;
  458. //
  459. // Search in Tunnel filters list first.
  460. //
  461. pFilterList = IPSecResolveFilterList(TRUE, fOutbound);
  463. for ( pEntry = pFilterList->Flink;
  464. pEntry != pFilterList;
  465. pEntry = pEntry->Flink) {
  467. pFilter = CONTAINING_RECORD(pEntry,
  468. FILTER,
  469. MaskedLinkage);
  471. uliAddr.QuadPart = uliSrcDstAddr.QuadPart & pFilter->uliSrcDstMask.QuadPart;
  472. uliPort.QuadPart = uliProtoSrcDstPort.QuadPart & pFilter->uliProtoSrcDstMask.QuadPart;
  474. if ((uliAddr.QuadPart == pFilter->uliSrcDstAddr.QuadPart) &&
  475. (uliPort.QuadPart == pFilter->uliProtoSrcDstPort.QuadPart)) {
  476. //
  477. // Found filter
  478. //
  479. fFound = TRUE;
  480. break;
  481. }
  482. }
  484. if (fFound) {
  485. //
  486. // Search for the particular SA now.
  487. //
  488. fFound = FALSE;
  490. pSAChain = IPSecResolveSAChain(pFilter, fOutbound? DEST_ADDR: SRC_ADDR);
  492. for ( pEntry = pSAChain->Flink;
  493. pEntry != pSAChain;
  494. pEntry = pEntry->Flink) {
  496. pSA = CONTAINING_RECORD(pEntry,
  497. SA_TABLE_ENTRY,
  498. sa_FilterLinkage);
  500. ASSERT(pSA->sa_Flags & FLAGS_SA_TUNNEL);
  502. if (pFilter->TunnelAddr != 0) {
  503. //
  504. // match the outbound flag also
  505. //
  506. ASSERT(fOutbound == (BOOLEAN)((pSA->sa_Flags & FLAGS_SA_OUTBOUND) != 0));
  507. fFound = TRUE;
  508. *ppTunnelSA = pSA;
  509. break;
  510. }
  511. }
  513. if (fFound) {
  514. fFound = FALSE;
  515. *ppFilter = pFilter;
  516. } else {
  517. //
  518. // Found a filter entry, but need to negotiate keys.
  519. //
  520. *ppFilter = pFilter;
  521. return STATUS_PENDING;
  522. }
  523. }
  525. #if DBG
  526. if (fOutbound) {
  527. ADD_TO_LARGE_INTEGER(&g_ipsec.GpcTotalPassedIn, 1);
  528. }
  529. #endif
  531. GpcCf = IPSecResolveGpcCf(fOutbound);
  533. TempGpcHandle = 0;
  535. if (GpcHandle == 0) {
  536. #if DBG
  537. if (fOutbound) {
  538. ADD_TO_LARGE_INTEGER(&g_ipsec.GpcClassifyNeeded, 1);
  539. }
  540. #endif
  542. //
  543. // Classify directly if no GpcHandle passed in.
  544. //
  545. IPSEC_CLASSIFY_PACKET( GpcCf,
  546. uliSrcDstAddr,
  547. uliProtoSrcDstPort,
  548. &pFilter,
  549. &TempGpcHandle);
  550. } else {
  551. NTSTATUS status;
  553. //
  554. // Or we use GpcHandle directly to get the filter installed.
  555. //
  556. pFilter = NULL;
  558. status = GPC_GET_CLIENT_CONTEXT(g_ipsec.GpcClients[GpcCf],
  559. GpcHandle,
  560. &pFilter);
  562. if (status == STATUS_INVALID_HANDLE) {
  563. //
  564. // Re-classify if handle is invalid.
  565. //
  566. IPSEC_CLASSIFY_PACKET( GpcCf,
  567. uliSrcDstAddr,
  568. uliProtoSrcDstPort,
  569. &pFilter,
  570. &TempGpcHandle);
  571. }
  572. }
  574. #if DBG
  575. if (IPSecDebug & IPSEC_DEBUG_GPC) {
  576. PFILTER pDbgFilter = NULL;
  578. pFilterList = IPSecResolveFilterList(FALSE, fOutbound);
  580. for ( pEntry = pFilterList->Flink;
  581. pEntry != pFilterList;
  582. pEntry = pEntry->Flink) {
  584. pTempFilter = CONTAINING_RECORD(pEntry,
  585. FILTER,
  586. MaskedLinkage);
  588. uliAddr.QuadPart = uliSrcDstAddr.QuadPart & pTempFilter->uliSrcDstMask.QuadPart;
  589. uliPort.QuadPart = uliProtoSrcDstPort.QuadPart & pTempFilter->uliProtoSrcDstMask.QuadPart;
  591. if ((uliAddr.QuadPart == pTempFilter->uliSrcDstAddr.QuadPart) &&
  592. (uliPort.QuadPart == pTempFilter->uliProtoSrcDstPort.QuadPart)) {
  593. pDbgFilter = pTempFilter;
  594. break;
  595. }
  596. }
  598. if (pFilter != pDbgFilter &&
  599. (!pDbgFilter || IS_GPC_FILTER(pDbgFilter))) {
  600. IPSEC_DEBUG(GPC, ("LookupGpcSA: pFilter %lx, pDbgFilter %lx, GpcHandle %lx, TempGpcHandle %lx\n", pFilter, pDbgFilter, GpcHandle, TempGpcHandle));
  601. IPSEC_DEBUG(GPC, ("LookupGpcSA: Src %lx, Dest %lx, Protocol %d, SPort %lx, DPort %lx\n", SRC_ADDR, DEST_ADDR, PROTO, SRC_PORT, DEST_PORT));
  603. if (DebugGPC) {
  604. DbgBreakPoint();
  605. }
  606. }
  607. }
  608. #endif
  610. //
  611. // Continue searching the local GPC filter list if not found.
  612. //
  613. if (!pFilter) {
  614. pFilterList = IPSecResolveGpcFilterList(FALSE, fOutbound);
  616. for ( pEntry = pFilterList->Flink;
  617. pEntry != pFilterList;
  618. pEntry = pEntry->Flink) {
  620. pTempFilter = CONTAINING_RECORD(pEntry,
  621. FILTER,
  622. GpcLinkage);
  624. uliAddr.QuadPart = uliSrcDstAddr.QuadPart & pTempFilter->uliSrcDstMask.QuadPart;
  625. uliPort.QuadPart = uliProtoSrcDstPort.QuadPart & pTempFilter->uliProtoSrcDstMask.QuadPart;
  627. if ((uliAddr.QuadPart == pTempFilter->uliSrcDstAddr.QuadPart) &&
  628. (uliPort.QuadPart == pTempFilter->uliProtoSrcDstPort.QuadPart)) {
  629. pFilter = pTempFilter;
  630. break;
  631. }
  632. }
  633. }
  636. if (pFilter) {
  637. //
  638. // Search for the particular SA now.
  639. //
  641. fFound=FALSE;
  642. pSAChain = IPSecResolveSAChain(pFilter, fOutbound? DEST_ADDR: SRC_ADDR);
  644. for ( pEntry = pSAChain->Flink;
  645. pEntry != pSAChain;
  646. pEntry = pEntry->Flink) {
  648. pSA = CONTAINING_RECORD(pEntry,
  649. SA_TABLE_ENTRY,
  650. sa_FilterLinkage);
  653. if (IS_CLASSD(NET_LONG(pSA->SA_SRC_ADDR))
  654. || IS_CLASSD(NET_LONG(pSA->SA_DEST_ADDR))) {
  655. uliAddr.QuadPart = uliSrcDstAddr.QuadPart & pSA->sa_uliSrcDstMask.QuadPart;
  657. IPSEC_DEBUG(HASH, ("MCAST: %d %d %d %d", uliAddr.LowPart, uliAddr.HighPart,
  658. pSA->sa_uliSrcDstAddr.LowPart,pSA->sa_uliSrcDstAddr.HighPart));
  660. if (uliAddr.QuadPart == pSA->sa_uliSrcDstAddr.QuadPart) {
  661. fFound=TRUE;
  662. }
  663. } else if (uliSrcDstAddr.QuadPart == pSA->sa_uliSrcDstAddr.QuadPart) {
  664. fFound=TRUE;
  665. }
  666. if (fFound) {
  667. IPSEC_DEBUG(HASH, ("Matched entry: %lx\n", pSA));
  668. ASSERT(fOutbound == (BOOLEAN)((pSA->sa_Flags & FLAGS_SA_OUTBOUND) != 0));
  670. //
  671. // if there is also a tunnel SA, associate it here.
  672. //
  673. if (*ppTunnelSA && fOutbound) {
  674. *ppNextSA = *ppTunnelSA;
  675. *ppTunnelSA = NULL;
  676. }
  678. *ppFilter = pFilter;
  679. *ppSA = pSA;
  680. return STATUS_SUCCESS;
  681. }
  682. }
  684. //
  685. // Found a filter entry, but need to negotiate keys
  686. // Also, ppTunnelSA is set to the proper tunnel SA we need
  687. // to hook to this end-2-end SA once it is negotiated.
  688. //
  689. *ppFilter = pFilter;
  691. return STATUS_PENDING;
  692. } else {
  693. //
  694. // if only tunnel SA found, return that as the SA found.
  695. //
  696. if (*ppTunnelSA) {
  697. *ppSA = *ppTunnelSA;
  698. *ppTunnelSA = NULL;
  699. return STATUS_SUCCESS;
  700. }
  701. }
  703. //
  704. // no entry found
  705. //
  706. return STATUS_NOT_FOUND;
  708. }
  711. NTSTATUS
  712. IPSecLookupGpcMaskedSA(
  713. IN ULARGE_INTEGER uliSrcDstAddr,
  714. IN ULARGE_INTEGER uliProtoSrcDstPort,
  715. OUT PFILTER *ppFilter,
  716. OUT PSA_TABLE_ENTRY *ppSA,
  717. IN BOOLEAN fOutbound
  718. )
  719. /*++
  721. Routine Description:
  723. Looks up the SA given the relevant addresses.
  725. Arguments:
  727. uliSrcDstAddr - src/dest IP addr
  728. uliProtoSrcDstPort - protocol, src/dest port
  729. ppFilter - filter found
  730. ppSA - SA found
  731. fOutbound - direction flag
  733. Return Value:
  735. STATUS_SUCCESS - both filter and SA found
  736. STATUS_UNSUCCESSFUL - none found
  737. STATUS_PENDING - filter found, but no SA
  739. Notes:
  741. Called with SADBLock held.
  743. --*/
  744. {
  745. REGISTER ULARGE_INTEGER uliPort;
  746. REGISTER ULARGE_INTEGER uliAddr;
  747. PFILTER pFilter;
  748. PFILTER pTempFilter;
  749. PLIST_ENTRY pFilterList;
  750. PLIST_ENTRY pSAChain;
  751. PLIST_ENTRY pEntry;
  752. PSA_TABLE_ENTRY pSA;
  753. CLASSIFICATION_HANDLE GpcHandle;
  754. INT GpcCf;
  756. *ppSA = NULL;
  757. *ppFilter = NULL;
  759. GpcCf = IPSecResolveGpcCf(fOutbound);
  761. GpcHandle = 0;
  763. IPSEC_CLASSIFY_PACKET( GpcCf,
  764. uliSrcDstAddr,
  765. uliProtoSrcDstPort,
  766. &pFilter,
  767. &GpcHandle);
  769. #if DBG
  770. if (IPSecDebug & IPSEC_DEBUG_GPC) {
  771. PFILTER pDbgFilter = NULL;
  773. pFilterList = IPSecResolveFilterList(FALSE, fOutbound);
  775. for ( pEntry = pFilterList->Flink;
  776. pEntry != pFilterList;
  777. pEntry = pEntry->Flink) {
  779. pTempFilter = CONTAINING_RECORD(pEntry,
  780. FILTER,
  781. MaskedLinkage);
  783. uliAddr.QuadPart = uliSrcDstAddr.QuadPart & pTempFilter->uliSrcDstMask.QuadPart;
  784. uliPort.QuadPart = uliProtoSrcDstPort.QuadPart & pTempFilter->uliProtoSrcDstMask.QuadPart;
  786. if ((uliAddr.QuadPart == pTempFilter->uliSrcDstAddr.QuadPart) &&
  787. (uliPort.QuadPart == pTempFilter->uliProtoSrcDstPort.QuadPart)) {
  788. pDbgFilter = pTempFilter;
  789. break;
  790. }
  791. }
  793. if (pFilter != pDbgFilter &&
  794. (!pDbgFilter || IS_GPC_FILTER(pDbgFilter))) {
  795. IPSEC_DEBUG(GPC, ("LookupMaskedSA: pFilter %lx, pDbgFilter %lx, GpcHandle %lx\n", pFilter, pDbgFilter, GpcHandle));
  796. IPSEC_DEBUG(GPC, ("LookupMaskedSA: Src %lx, Dest %lx, Protocol %d, SPort %lx, DPort %lx\n", SRC_ADDR, DEST_ADDR, PROTO, SRC_PORT, DEST_PORT));
  798. if (DebugGPC) {
  799. DbgBreakPoint();
  800. }
  801. }
  802. }
  803. #endif
  805. //
  806. // Continue searching the local GPC filter list if not found.
  807. //
  808. if (!pFilter) {
  809. pFilterList = IPSecResolveGpcFilterList(FALSE, fOutbound);
  811. for ( pEntry = pFilterList->Flink;
  812. pEntry != pFilterList;
  813. pEntry = pEntry->Flink) {
  815. pTempFilter = CONTAINING_RECORD(pEntry,
  816. FILTER,
  817. GpcLinkage);
  819. uliAddr.QuadPart = uliSrcDstAddr.QuadPart & pTempFilter->uliSrcDstMask.QuadPart;
  820. uliPort.QuadPart = uliProtoSrcDstPort.QuadPart & pTempFilter->uliProtoSrcDstMask.QuadPart;
  822. if ((uliAddr.QuadPart == pTempFilter->uliSrcDstAddr.QuadPart) &&
  823. (uliPort.QuadPart == pTempFilter->uliProtoSrcDstPort.QuadPart)) {
  824. pFilter = pTempFilter;
  825. break;
  826. }
  827. }
  828. }
  830. if (pFilter) {
  831. //
  832. // Search for the particular SA now.
  833. //
  834. pSAChain = IPSecResolveSAChain(pFilter, fOutbound? DEST_ADDR: SRC_ADDR);
  836. for ( pEntry = pSAChain->Flink;
  837. pEntry != pSAChain;
  838. pEntry = pEntry->Flink) {
  840. pSA = CONTAINING_RECORD(pEntry,
  841. SA_TABLE_ENTRY,
  842. sa_FilterLinkage);
  844. if (uliSrcDstAddr.QuadPart == pSA->sa_uliSrcDstAddr.QuadPart) {
  845. IPSEC_DEBUG(HASH, ("Matched entry: %lx\n", pSA));
  846. ASSERT(fOutbound == (BOOLEAN)((pSA->sa_Flags & FLAGS_SA_OUTBOUND) != 0));
  847. *ppFilter = pFilter;
  848. *ppSA = pSA;
  849. return STATUS_SUCCESS;
  850. }
  851. }
  853. //
  854. // Found a filter entry, but need to negotiate keys
  855. //
  856. *ppFilter = pFilter;
  857. return STATUS_PENDING;
  858. }
  860. //
  861. // no entry found
  862. //
  863. return STATUS_NOT_FOUND;
  864. }
  867. #endif