windows-xp/Source/XPSP1/NT/public/ddk/inc/ipfirewall.h

/*++

Copyright (c) 1999-2001  Microsoft Corporation

Module Name:

    ipfirewall.h

Abstract:

    Header file for IP firewall hook clients.

--*/

#define INVALID_IF_INDEX        0xffffffff
#define LOCAL_IF_INDEX          0

//
// Indicates whether it is a transmitted or received packet.
//

typedef enum _IP_DIRECTION_E {
    IP_TRANSMIT,
    IP_RECEIVE
} DIRECTION_E, *PDIRECTION_E;

typedef struct _FIREWALL_CONTEXT_T {
    DIRECTION_E Direction;
    void        *NTE;
    void        *LinkCtxt;
    NDIS_HANDLE LContext1;
    UINT        LContext2;
} FIREWALL_CONTEXT_T, *PFIREWALL_CONTEXT_T;

//  Definition of an IP receive buffer chain.
typedef struct IPRcvBuf {
    struct IPRcvBuf *ipr_next;          // Next buffer descriptor in chain.
    UINT            ipr_owner;          // Owner of buffer.
    UCHAR           *ipr_buffer;        // Pointer to buffer.
    UINT            ipr_size;           // Buffer size.
    PMDL            ipr_pMdl;
    UINT            *ipr_pClientCnt;
    UCHAR           *ipr_RcvContext;
    UINT            ipr_RcvOffset;
    ULONG           ipr_flags;
} IPRcvBuf;

#define IPR_FLAG_CHECKSUM_OFFLOAD   0x00000002

//
// Enum for values that may be returned from filter routine.
//

typedef enum _FORWARD_ACTION {
    FORWARD         = 0,
    DROP            = 1,
    ICMP_ON_DROP    = 2
} FORWARD_ACTION;


// Definiton for a firewall routine callout.
typedef FORWARD_ACTION
(*IPPacketFirewallPtr)(
    VOID        **pData,
    UINT        RecvInterfaceIndex,
    UINT        *pSendInterfaceIndex,
    UCHAR       *pDestinationType,
    VOID        *pContext,
    UINT        ContextLength,
    IPRcvBuf    **ppRcvBuf
    );

extern
int
IPAllocBuff(
    IPRcvBuf    *pRcvBuf,
    UINT        Size
    );

extern
VOID
IPFreeBuff(
    IPRcvBuf    *pRcvBuf
    );

extern
VOID
FreeIprBuff(
    IPRcvBuf    *pRcvBuf
    );

typedef enum _IPROUTEINFOCLASS {
    IPRouteNoInformation,
    IPRouteOutgoingFirewallContext,
    IPRouteOutgoingFilterContext,
    MaxIPRouteInfoClass
} IPROUTEINFOCLASS;

extern
NTSTATUS
LookupRouteInformation(
    IN      VOID*               RouteLookupData,
    OUT     VOID*               RouteEntry OPTIONAL,
    IN      IPROUTEINFOCLASS    RouteInfoClass OPTIONAL,
    OUT     VOID*               RouteInformation OPTIONAL,
    IN OUT  UINT*               RouteInfoLength OPTIONAL
    );

// Structure passed to the IPSetFirewallHook call

typedef struct _IP_SET_FIREWALL_HOOK_INFO {
    IPPacketFirewallPtr FirewallPtr;    // Packet filter callout.
    UINT                Priority;       // Priority of the hook
    BOOLEAN             Add;            // if TRUE then ADD else DELETE
} IP_SET_FIREWALL_HOOK_INFO, *PIP_SET_FIREWALL_HOOK_INFO;


#define DEST_LOCAL          0           // Destination is local.
#define DEST_BCAST          0x01        // Destination is net or local bcast.
#define DEST_SN_BCAST       0x03        // A subnet bcast.
#define DEST_MCAST          0x05        // A local mcast.
#define DEST_REMOTE         0x08        // Destination is remote.
#define DEST_REM_BCAST      0x0b        // Destination is a remote broadcast
#define DEST_REM_MCAST      0x0d        // Destination is a remote mcast.
#define DEST_INVALID        0xff        // Invalid destination

#define DEST_PROMIS         0x20        // Dest is promiscuous

#define DEST_BCAST_BIT      0x01
#define DEST_OFFNET_BIT     0x10        // Destination is offnet -
                                        // used only by upper layer
                                        // callers.
#define DEST_MCAST_BIT      0x05

#define DD_IP_DEVICE_NAME   L"\\Device\\Ip"

#define FSCTL_IP_BASE       FILE_DEVICE_NETWORK

#define _IP_CTL_CODE(function, method, access) \
            CTL_CODE(FSCTL_IP_BASE, function, method, access)

#define IOCTL_IP_SET_FIREWALL_HOOK  \
            _IP_CTL_CODE(12, METHOD_BUFFERED, FILE_WRITE_ACCESS)