Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

405 lines
13 KiB

  1. /*++
  2. Copyright (c) 1995-1999 Microsoft Corporation
  3. Module Name:
  4. fltdefs.h
  5. Abstract:
  6. Definitions for the WIN32 filter APIs
  7. Author:
  8. Arnold Miller (arnoldm) 24-Sept-1997
  9. Revision History:
  10. --*/
  11. #ifndef _FLTDEFS_H
  12. #define _FLTDEFS_H
  13. #if _MSC_VER > 1000
  14. #pragma once
  15. #endif
  16. typedef PVOID FILTER_HANDLE, *PFILTER_HANDLE;
  17. typedef PVOID INTERFACE_HANDLE, *PINTERFACE_HANDLE;
  18. #define PFEXPORT _declspec(dllexport)
  19. #ifdef __cplusplus
  20. #define EXTERNCDECL EXTERN_C
  21. #else
  22. #define EXTERNCDECL
  23. #endif
  24. #define PFAPIENTRY EXTERNCDECL DWORD PFEXPORT WINAPI
  25. typedef enum _GlobalFilter
  26. {
  27. GF_FRAGMENTS = 2, // check consistency of fragments
  28. GF_STRONGHOST = 8, // check destination address of input frames
  29. GF_FRAGCACHE = 9 // check fragments from cache
  30. } GLOBAL_FILTER, *PGLOBAL_FILTER;
  31. typedef enum _PfForwardAction
  32. {
  33. PF_ACTION_FORWARD = 0,
  34. PF_ACTION_DROP
  35. } PFFORWARD_ACTION, *PPFFORWARD_ACTION;
  36. typedef enum _PfAddresType
  37. {
  38. PF_IPV4,
  39. PF_IPV6
  40. } PFADDRESSTYPE, *PPFADDRESSTYPE;
  41. //////////////////////////////////////////////////////////////////////////////
  42. // //
  43. // The constants that should be used to set up the FILTER_INFO_STRUCTURE //
  44. // //
  45. //////////////////////////////////////////////////////////////////////////////
  46. #define FILTER_PROTO(ProtoId) MAKELONG(MAKEWORD((ProtoId),0x00),0x00000)
  47. #define FILTER_PROTO_ANY FILTER_PROTO(0x00)
  48. #define FILTER_PROTO_ICMP FILTER_PROTO(0x01)
  49. #define FILTER_PROTO_TCP FILTER_PROTO(0x06)
  50. #define FILTER_PROTO_UDP FILTER_PROTO(0x11)
  51. #define FILTER_TCPUDP_PORT_ANY (WORD)0x0000
  52. #define FILTER_ICMP_TYPE_ANY (BYTE)0xff
  53. #define FILTER_ICMP_CODE_ANY (BYTE)0xff
  54. typedef struct _PF_FILTER_DESCRIPTOR
  55. {
  56. DWORD dwFilterFlags; // see below
  57. DWORD dwRule; // copied into the log when appropriate
  58. PFADDRESSTYPE pfatType;
  59. PBYTE SrcAddr;
  60. PBYTE SrcMask;
  61. PBYTE DstAddr;
  62. PBYTE DstMask;
  63. DWORD dwProtocol;
  64. DWORD fLateBound;
  65. WORD wSrcPort;
  66. WORD wDstPort;
  67. WORD wSrcPortHighRange;
  68. WORD wDstPortHighRange;
  69. }PF_FILTER_DESCRIPTOR, *PPF_FILTER_DESCRIPTOR;
  70. //////////////////////////////////////////////////////////////////////////////
  71. // //
  72. // Structure for PfGetInterfaceStatistics //
  73. // //
  74. //////////////////////////////////////////////////////////////////////////////
  75. typedef struct _PF_FILTER_STATS
  76. {
  77. DWORD dwNumPacketsFiltered;
  78. PF_FILTER_DESCRIPTOR info;
  79. }PF_FILTER_STATS, *PPF_FILTER_STATS;
  80. typedef struct _PF_INTERFACE_STATS
  81. {
  82. PVOID pvDriverContext;
  83. DWORD dwFlags; // none as yet (28-Sept-1997)
  84. DWORD dwInDrops;
  85. DWORD dwOutDrops;
  86. PFFORWARD_ACTION eaInAction;
  87. PFFORWARD_ACTION eaOutAction;
  88. DWORD dwNumInFilters;
  89. DWORD dwNumOutFilters;
  90. DWORD dwFrag;
  91. DWORD dwSpoof;
  92. DWORD dwReserved1;
  93. DWORD dwReserved2;
  94. LARGE_INTEGER liSYN;
  95. LARGE_INTEGER liTotalLogged;
  96. DWORD dwLostLogEntries;
  97. PF_FILTER_STATS FilterInfo[1];
  98. } PF_INTERFACE_STATS, *PPF_INTERFACE_STATS;
  99. //////////////////////////////////////////////////////////////////////////////
  100. // //
  101. // The number of bytes starting at SrcAddr. If you add something to the //
  102. // structure make sure this remains valid //
  103. // //
  104. //////////////////////////////////////////////////////////////////////////////
  105. #define FILTERSIZE \
  106. (sizeof(PF_FILTER_DESCRIPTOR) - \
  107. (DWORD)(&((PPF_FILTER_DESCRIPTOR)0)->SrcAddr))
  108. //////////////////////////////////////////////////////////////////////////////
  109. // //
  110. // Flags for PF_FILTER_DESCRIPTOR //
  111. // //
  112. //////////////////////////////////////////////////////////////////////////////
  113. //
  114. // Disallows incoming SYN
  115. //
  116. #define FD_FLAGS_NOSYN 0x1
  117. //
  118. // All legal flags
  119. //
  120. #define FD_FLAGS_ALLFLAGS FD_FLAGS_NOSYN
  121. //////////////////////////////////////////////////////////////////////////////
  122. // //
  123. // Late bound defs. Go in fLateBound in a PF_FILTER_DESCRIPTOR and //
  124. // describe which other fields of the filter are affected by a //
  125. // PfRebindFilters call. In general such filters are on WAN interfaces //
  126. // where one or the other address may change as the connection is //
  127. // reconnected. //
  128. // The assumption is that such interfaces HAVE ONLY ONE ADDRESS. //
  129. // //
  130. //////////////////////////////////////////////////////////////////////////////
  131. #define LB_SRC_ADDR_USE_SRCADDR_FLAG 0x00000001
  132. #define LB_SRC_ADDR_USE_DSTADDR_FLAG 0x00000002
  133. #define LB_DST_ADDR_USE_SRCADDR_FLAG 0x00000004
  134. #define LB_DST_ADDR_USE_DSTADDR_FLAG 0x00000008
  135. #define LB_SRC_MASK_LATE_FLAG 0x00000010
  136. #define LB_DST_MASK_LATE_FLAG 0x00000020
  137. typedef struct _PF_LATEBIND_INFO
  138. {
  139. PBYTE SrcAddr;
  140. PBYTE DstAddr;
  141. PBYTE Mask;
  142. }PF_LATEBIND_INFO, *PPF_LATEBIND_INFO;
  143. //////////////////////////////////////////////////////////////////////////////
  144. // //
  145. // The format of a logged frame and defs for it. //
  146. // //
  147. //////////////////////////////////////////////////////////////////////////////
  148. typedef enum _PfFrameType
  149. {
  150. PFFT_FILTER = 1, // a filter violation
  151. PFFT_FRAG = 2, // bad fragment
  152. PFFT_SPOOF = 3 // strong host failure
  153. } PFFRAMETYPE, *PPFFRAMETYPE;
  154. typedef struct _pfLogFrame
  155. {
  156. LARGE_INTEGER Timestamp;
  157. PFFRAMETYPE pfeTypeOfFrame;
  158. DWORD dwTotalSizeUsed; // used to find the next frame
  159. DWORD dwFilterRule; // from the filter
  160. WORD wSizeOfAdditionalData;
  161. WORD wSizeOfIpHeader;
  162. DWORD dwInterfaceName; // the name of the interface
  163. DWORD dwIPIndex;
  164. BYTE bPacketData[1]; // the frame. wsizeOfIpHeader
  165. // and wsizeOfAdditionalData
  166. // describe this
  167. } PFLOGFRAME, *PPFLOGFRAME;
  168. //////////////////////////////////////////////////////////////////////////////
  169. // //
  170. // Error codes. These extend the WIN32 errors by having errors specific to //
  171. // these APIs. Besides these errors, the APIs may return any of the WIN32 //
  172. // errors. //
  173. // //
  174. //////////////////////////////////////////////////////////////////////////////
  175. #define ERROR_BASE 23000
  176. #define PFERROR_NO_PF_INTERFACE (ERROR_BASE + 0) // never returned.
  177. #define PFERROR_NO_FILTERS_GIVEN (ERROR_BASE + 1)
  178. #define PFERROR_BUFFER_TOO_SMALL (ERROR_BASE + 2)
  179. #define ERROR_IPV6_NOT_IMPLEMENTED (ERROR_BASE + 3)
  180. //////////////////////////////////////////////////////////////////////////////
  181. // //
  182. // The API prototypes //
  183. // //
  184. //////////////////////////////////////////////////////////////////////////////
  185. PFAPIENTRY
  186. PfCreateInterface(
  187. DWORD dwName,
  188. PFFORWARD_ACTION inAction,
  189. PFFORWARD_ACTION outAction,
  190. BOOL bUseLog,
  191. BOOL bMustBeUnique,
  192. INTERFACE_HANDLE *ppInterface
  193. );
  194. PFAPIENTRY
  195. PfDeleteInterface(
  196. INTERFACE_HANDLE pInterface
  197. );
  198. PFAPIENTRY
  199. PfAddFiltersToInterface(
  200. INTERFACE_HANDLE ih,
  201. DWORD cInFilters,
  202. PPF_FILTER_DESCRIPTOR pfiltIn,
  203. DWORD cOutFilters,
  204. PPF_FILTER_DESCRIPTOR pfiltOut,
  205. PFILTER_HANDLE pfHandle
  206. );
  207. PFAPIENTRY
  208. PfRemoveFiltersFromInterface(
  209. INTERFACE_HANDLE ih,
  210. DWORD cInFilters,
  211. PPF_FILTER_DESCRIPTOR pfiltIn,
  212. DWORD cOutFilters,
  213. PPF_FILTER_DESCRIPTOR pfiltOut
  214. );
  215. PFAPIENTRY
  216. PfRemoveFilterHandles(
  217. INTERFACE_HANDLE pInterface,
  218. DWORD cFilters,
  219. PFILTER_HANDLE pvHandles
  220. );
  221. PFAPIENTRY
  222. PfUnBindInterface(
  223. INTERFACE_HANDLE pInterface
  224. );
  225. PFAPIENTRY
  226. PfBindInterfaceToIndex(
  227. INTERFACE_HANDLE pInterface,
  228. DWORD dwIndex,
  229. PFADDRESSTYPE pfatLinkType,
  230. PBYTE LinkIPAddress
  231. );
  232. PFAPIENTRY
  233. PfBindInterfaceToIPAddress(
  234. INTERFACE_HANDLE pInterface,
  235. PFADDRESSTYPE pfatType,
  236. PBYTE IPAddress
  237. );
  238. PFAPIENTRY
  239. PfRebindFilters(
  240. INTERFACE_HANDLE pInterface,
  241. PPF_LATEBIND_INFO pLateBindInfo
  242. );
  243. PFAPIENTRY
  244. PfAddGlobalFilterToInterface(
  245. INTERFACE_HANDLE pInterface,
  246. GLOBAL_FILTER gfFilter
  247. );
  248. PFAPIENTRY
  249. PfRemoveGlobalFilterFromInterface(
  250. INTERFACE_HANDLE pInterface,
  251. GLOBAL_FILTER gfFilter
  252. );
  253. //////////////////////////////////////////////////////////////////////////////
  254. // //
  255. // Log APIs. Note that there is at most one log and it must be created //
  256. // before any interface needing it is created. There is no way to set a //
  257. // log onto an existing interface. The log can be applied to any or all of //
  258. // the interfaces. //
  259. // //
  260. //////////////////////////////////////////////////////////////////////////////
  261. PFAPIENTRY
  262. PfMakeLog(
  263. HANDLE hEvent
  264. );
  265. //
  266. // Provide a buffer, and notification parameters, and get back
  267. // the old buffer and status.
  268. //
  269. PFAPIENTRY
  270. PfSetLogBuffer(
  271. PBYTE pbBuffer,
  272. DWORD dwSize,
  273. DWORD dwThreshold,
  274. DWORD dwEntries,
  275. PDWORD pdwLoggedEntries,
  276. PDWORD pdwLostEntries,
  277. PDWORD pdwSizeUsed
  278. );
  279. //
  280. // Doing this will disable the log on any of the interfaces. But if
  281. // an interface was created with the log, the actual log will not be
  282. // completely deleted until that interface is deleted. This is a small
  283. // point, but it might explain a mystery or two.
  284. //
  285. PFAPIENTRY
  286. PfDeleteLog(
  287. VOID
  288. );
  289. //////////////////////////////////////////////////////////////////////////////
  290. // //
  291. // Get statistics. Note pdwBufferSize in an IN/OUT parameter. If //
  292. // ERROR_INSUFFICIENT_BUFFER is returned, the common statistics are //
  293. // available and the correct byte count is in *pdwBufferSize. If only the //
  294. // interface statistics are needed, provide a buffer of size //
  295. // PF_INTERFACE_STATS only. //
  296. // If the filter descriptions are also needed, then supply a large buffer, //
  297. // or use the returned count from the first call to allocate a buffer of //
  298. // sufficient size. Note that for a shared interface, this second call may //
  299. // fail with ERROR_INSUFFICIENT_BUFFER. This can happen if the other //
  300. // sharers add filters in the interim. This should not happen for a UNIQUE //
  301. // interface. //
  302. // //
  303. //////////////////////////////////////////////////////////////////////////////
  304. PFAPIENTRY
  305. PfGetInterfaceStatistics(
  306. INTERFACE_HANDLE pInterface,
  307. PPF_INTERFACE_STATS ppfStats,
  308. PDWORD pdwBufferSize,
  309. BOOL fResetCounters
  310. );
  311. //////////////////////////////////////////////////////////////////////////////
  312. // //
  313. // Test a packet. //
  314. // This call will evaluate the packet against the given interfaces //
  315. // and return the filtering action. //
  316. // //
  317. //////////////////////////////////////////////////////////////////////////////
  318. PFAPIENTRY
  319. PfTestPacket(
  320. INTERFACE_HANDLE pInInterface OPTIONAL,
  321. INTERFACE_HANDLE pOutInterface OPTIONAL,
  322. DWORD cBytes,
  323. PBYTE pbPacket,
  324. PPFFORWARD_ACTION ppAction
  325. );
  326. #endif