Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

4344 lines
113 KiB

  1. /*++
  2. Copyright (c) Microsoft Corporation
  3. Module Name:
  4. ioctl.c
  5. Abstract:
  6. Author:
  7. Revision History:
  8. --*/
  9. /*----------------------------------------------------------------------------
  10. A note on the interlocking, as of 24-Feb-1997.
  11. There are two important locks: the FilterListResourceLock which is
  12. a resource and the g_filter.ifListLock, which is a spin lock but acts
  13. like a resource. The former is used to serialize API access to interface state
  14. and filters. The latter is used to serialize DPC access.
  15. ----------------------------------------------------------------------------*/
  16. #include "globals.h"
  17. ERESOURCE FilterListResourceLock;
  18. BOOL fCheckDups = FALSE;
  19. extern NPAGED_LOOKASIDE_LIST filter_slist;
  20. extern PAGED_LOOKASIDE_LIST paged_slist;
  21. NTSTATUS
  22. UpdateMatchBindingInformation(
  23. PFILTER_DRIVER_BINDING_INFO pBindInfo,
  24. PVOID pvContext
  25. );
  26. NTSTATUS
  27. CreateCommonInterface(PPAGED_FILTER_INTERFACE pPage,
  28. DWORD dwBind,
  29. DWORD dwName,
  30. DWORD dwFlags);
  31. VOID
  32. FreePagedFilterList(PPFFCB Fcb,
  33. PPAGED_FILTER pIn,
  34. PPAGED_FILTER_INTERFACE pPage,
  35. PDWORD pdwRemoved);
  36. VOID
  37. DeleteFilterList(PLIST_ENTRY pList);
  38. BOOL
  39. IsOnSpecialFilterList(PPAGED_FILTER pPageFilter,
  40. PLIST_ENTRY List,
  41. PPAGED_FILTER * pPageHit);
  42. PPAGED_FILTER
  43. IsOnPagedInterface(PPAGED_FILTER pPageFilter,
  44. PPAGED_FILTER_INTERFACE pPage);
  45. PPAGED_FILTER
  46. MakePagedFilter(
  47. IN PPFFCB Fcb,
  48. IN PFILTER_INFOEX pInfo,
  49. IN DWORD dwEpoch,
  50. DWORD dwFlags
  51. );
  52. VOID
  53. NotifyFastPath( PFILTER_INTERFACE pIf, DWORD dwIndex, DWORD dwCode);
  54. VOID
  55. NotifyFastPathIf( PFILTER_INTERFACE pIf);
  56. NTSTATUS
  57. DeleteByHandle(
  58. IN PPFFCB Fcb,
  59. IN PPAGED_FILTER_INTERFACE pPage,
  60. IN PVOID * ppHandles,
  61. IN DWORD dwLength);
  62. NTSTATUS
  63. CheckFilterAddress(DWORD dwAdd, PFILTER_INTERFACE pIf);
  64. VOID
  65. AddFilterToInterface(
  66. PFILTER pMatch,
  67. PFILTER_INTERFACE pIf,
  68. BOOL fInFilter,
  69. PFILTER * ppFilter);
  70. VOID
  71. RemoveFilterWorker(
  72. PPFFCB Fcb,
  73. PFILTER_INFOEX pFilt,
  74. DWORD dwCount,
  75. PPAGED_FILTER_INTERFACE pPage,
  76. PDWORD pdwRemoved,
  77. BOOL fInFilter);
  78. NTSTATUS
  79. AllocateAndAddFilterToMatchInterface(
  80. PPFFCB Fcb,
  81. PFILTER_INFOEX pInfo,
  82. BOOL fInFilter,
  83. PPAGED_FILTER_INTERFACE pPage,
  84. PBOOL pbAdded,
  85. PPAGED_FILTER * ppFilter);
  86. #pragma alloc_text(PAGED, SetFiltersEx)
  87. #pragma alloc_text(PAGED, NewInterface)
  88. #pragma alloc_text(PAGED, MakeNewFilters)
  89. #pragma alloc_text(PAGED, GetPointerToTocEntry)
  90. //#pragma alloc_text(PAGED, AddNewInterface)
  91. #pragma alloc_text(PAGED, MakePagedFilter)
  92. #pragma alloc_text(PAGED, AllocateAndAddFilterToMatchInterface)
  93. #pragma alloc_text(PAGED, IsOnSpecialFilterList)
  94. #pragma alloc_text(PAGED, IsOnPagedInterface)
  95. #pragma alloc_text(PAGED, UnSetFiltersEx)
  96. #pragma alloc_text(PAGED, DeleteByHandle)
  97. #pragma alloc_text(PAGED, DeletePagedInterface)
  98. #define HandleHash(x) HashList[(x) + g_dwHashLists]
  99. #define IsValidInterface(pIf) (pIf != 0)
  100. #define NOT_RESTRICTION 1
  101. #define NOT_UNBIND 2
  102. #if DOFRAGCHECKING
  103. DWORD
  104. GetFragIndex(DWORD dwProt)
  105. {
  106. switch(dwProt)
  107. {
  108. case FILTER_PROTO_ICMP:
  109. return FRAG_ICMP;
  110. case FILTER_PROTO_UDP:
  111. return FRAG_UDP;
  112. case FILTER_PROTO_TCP:
  113. return FRAG_TCP;
  114. }
  115. return FRAG_OTHER;
  116. }
  117. #endif
  118. BOOL CheckDescriptorSize(PFILTER_DESCRIPTOR2 pdsc, PBYTE pbEnd)
  119. {
  120. PFILTER_INFOEX pFilt = &pdsc->fiFilter[0];
  121. //
  122. // Check that there is a full header structure and that
  123. // the claimed number of filters is present.
  124. //
  125. if(((PBYTE)pFilt > pbEnd)
  126. ||
  127. ((PBYTE)(&pFilt[pdsc->dwNumFilters]) > pbEnd) )
  128. {
  129. return(FALSE);
  130. }
  131. return(TRUE);
  132. }
  133. BOOL
  134. WildFilter(PFILTER pf)
  135. {
  136. #if WILDHASH
  137. if(pf->dwFlags & FILTER_FLAGS_INFILTER)
  138. {
  139. if(pf->dwFlags & FILTER_FLAGS_DSTWILD)
  140. {
  141. return(TRUE);
  142. }
  143. }
  144. else
  145. {
  146. if(pf->dwFlags & FILTER_FLAGS_SRCWILD)
  147. {
  148. return(TRUE);
  149. }
  150. }
  151. return(FALSE);
  152. #else
  153. return(ANYWILDFILTER(pf))
  154. #endif
  155. }
  156. //
  157. // N.B. If WILDHASH is on, then there is code in match.c that
  158. // does a similar computation. Hence if this changes, then that
  159. // must also.
  160. //
  161. #if WILDHASH
  162. DWORD
  163. ComputeMatchHashIndex(PFILTER pf, PBOOL pfWild)
  164. {
  165. DWORD dwX;
  166. *pfWild = TRUE;
  167. if(!ANYWILDFILTER(pf))
  168. {
  169. *pfWild = FALSE;
  170. dwX = (pf->SRC_ADDR +
  171. pf->DEST_ADDR +
  172. pf->DEST_ADDR +
  173. PROTOCOLPART(pf->uliProtoSrcDstPort.LowPart) +
  174. pf->uliProtoSrcDstPort.HighPart);
  175. }
  176. else if(WildFilter(pf))
  177. {
  178. if(pf->dwFlags & FILTER_FLAGS_INFILTER)
  179. {
  180. dwX = g_dwHashLists;
  181. }
  182. else
  183. {
  184. dwX = g_dwHashLists + 1;
  185. }
  186. *pfWild = FALSE;
  187. return(dwX);
  188. }
  189. else if(pf->dwFlags & FILTER_FLAGS_INFILTER)
  190. {
  191. dwX = pf->DEST_ADDR +
  192. pf->DEST_ADDR +
  193. PROTOCOLPART(pf->uliProtoSrcDstPort.LowPart) +
  194. HIWORD(pf->uliProtoSrcDstPort.HighPart);
  195. }
  196. else
  197. {
  198. dwX = pf->SRC_ADDR +
  199. PROTOCOLPART(pf->uliProtoSrcDstPort.LowPart) +
  200. LOWORD(pf->uliProtoSrcDstPort.HighPart);
  201. }
  202. return(dwX % g_dwHashLists);
  203. }
  204. #else // WILDHASH
  205. __inline
  206. DWORD
  207. ComputeMatchHashIndex(PFILTER pf, PBOOL pfWild)
  208. {
  209. DWORD dwX;
  210. if(WildFilter(pf))
  211. {
  212. if(pf->dwFlags & FILTER_FLAGS_SRCWILD)
  213. {
  214. dwX = g_dwHashLists;
  215. }
  216. else
  217. {
  218. dwX = g_dwHashLists + 1;
  219. }
  220. return(dwIndex);
  221. }
  222. dwX = (pf->SRC_ADDR +
  223. pf->DEST_ADDR +
  224. pf->DEST_ADDR +
  225. PROTOCOLPART(pf->uliProtoSrcDstPort.LowPart) +
  226. pf->uliProtoSrcDstPort.HighPart) % g_dwHashLists;
  227. return(dwX);
  228. }
  229. #endif // WILDHASH
  230. PFILTER_INTERFACE
  231. FindMatchName(DWORD dwName, DWORD dwBind)
  232. /*++
  233. Routine Description:
  234. Find an interface with the same name or with the
  235. same binding. The calller must have locked the
  236. resource
  237. --*/
  238. {
  239. PFILTER_INTERFACE pIf1;
  240. PLIST_ENTRY pList;
  241. for(pList = g_filters.leIfListHead.Flink;
  242. pList != &g_filters.leIfListHead;
  243. pList = pList->Flink)
  244. {
  245. pIf1 = CONTAINING_RECORD(pList, FILTER_INTERFACE, leIfLink);
  246. if((pIf1->dwName && (dwName == pIf1->dwName))
  247. ||
  248. ((pIf1->dwIpIndex != UNKNOWN_IP_INDEX)
  249. &&
  250. (pIf1->dwIpIndex == dwBind)) )
  251. {
  252. return(pIf1);
  253. }
  254. }
  255. return(NULL);
  256. }
  257. VOID
  258. RemoveGlobalFilterFromInterface(PFILTER_INTERFACE pIf,
  259. DWORD dwType)
  260. {
  261. LOCK_STATE LockState;
  262. //
  263. // lock up the filters
  264. //
  265. AcquireWriteLock(&g_filters.ifListLock,&LockState);
  266. switch(dwType)
  267. {
  268. case PFE_SYNORFRAG:
  269. pIf->CountSynOrFrag.lInUse--;
  270. if(pIf->CountSynOrFrag.lInUse == 0)
  271. {
  272. pIf->CountSynOrFrag.lCount = 0;
  273. }
  274. break;
  275. case PFE_SPOOF:
  276. pIf->CountSpoof.lInUse--;
  277. if(pIf->CountSpoof.lInUse == 0)
  278. {
  279. pIf->CountSpoof.lCount = 0;
  280. }
  281. break;
  282. case PFE_UNUSEDPORT:
  283. pIf->CountUnused.lInUse--;
  284. if(pIf->CountUnused.lInUse == 0)
  285. {
  286. pIf->CountUnused.lCount = 0;
  287. }
  288. break;
  289. case PFE_STRONGHOST:
  290. pIf->CountStrongHost.lInUse--;
  291. if(pIf->CountStrongHost.lInUse == 0)
  292. {
  293. pIf->CountStrongHost.lCount = 0;
  294. }
  295. break;
  296. case PFE_ALLOWCTL:
  297. pIf->CountCtl.lInUse--;
  298. if(pIf->CountCtl.lInUse == 0)
  299. {
  300. pIf->CountCtl.lCount = 0;
  301. }
  302. break;
  303. case PFE_FULLDENY:
  304. pIf->CountFullDeny.lInUse--;
  305. if(pIf->CountFullDeny.lInUse == 0)
  306. {
  307. pIf->CountFullDeny.lCount = 0;
  308. }
  309. break;
  310. case PFE_NOFRAG:
  311. pIf->CountNoFrag.lInUse--;
  312. if(pIf->CountNoFrag.lInUse == 0)
  313. {
  314. pIf->CountNoFrag.lCount = 0;
  315. }
  316. break;
  317. case PFE_FRAGCACHE:
  318. pIf->CountFragCache.lInUse--;
  319. if(pIf->CountFragCache.lInUse == 0)
  320. {
  321. pIf->CountFragCache.lCount = 0;
  322. }
  323. break;
  324. }
  325. ReleaseWriteLock(&g_filters.ifListLock,&LockState);
  326. }
  327. VOID
  328. AddGlobalFilterToInterface(PPAGED_FILTER_INTERFACE pPage,
  329. PFILTER_INFOEX pfilt)
  330. {
  331. PFILTER_INTERFACE pIf = pPage->pFilter;
  332. LOCK_STATE LockState;
  333. //
  334. // lock up the filters
  335. //
  336. AcquireWriteLock(&g_filters.ifListLock,&LockState);
  337. switch(pfilt->type)
  338. {
  339. case PFE_SYNORFRAG:
  340. pIf->CountSynOrFrag.lInUse++;
  341. break;
  342. case PFE_SPOOF:
  343. pIf->CountSpoof.lInUse++;
  344. break;
  345. case PFE_UNUSEDPORT:
  346. pIf->CountUnused.lInUse++;
  347. break;
  348. case PFE_STRONGHOST:
  349. pIf->CountStrongHost.lInUse++;
  350. break;
  351. case PFE_ALLOWCTL:
  352. pIf->CountCtl.lInUse++;
  353. break;
  354. case PFE_FULLDENY:
  355. pIf->CountFullDeny.lInUse++;
  356. break;
  357. case PFE_NOFRAG:
  358. pIf->CountNoFrag.lInUse++;
  359. break;
  360. case PFE_FRAGCACHE:
  361. pIf->CountFragCache.lInUse++;
  362. break;
  363. }
  364. ReleaseWriteLock(&g_filters.ifListLock,&LockState);
  365. }
  366. /*++
  367. Start of old STEELHEAD APIS routines.
  368. --*/
  369. #if STEELHEAD
  370. NTSTATUS
  371. AddInterface(
  372. IN PVOID pvRtrMgrCtxt,
  373. IN DWORD dwRtrMgrIndex,
  374. IN DWORD dwAdapterId,
  375. IN PPFFCB Fcb,
  376. OUT PVOID *ppvFltrDrvrCtxt
  377. )
  378. /*++
  379. Routine Description
  380. Adds an interface to the filter driver and makes an association between context
  381. passed in and interface created
  382. Arguments
  383. pvRtrMgrCtxt - Context passed in
  384. pvFltrDrvrCtxt - Handle to interface created
  385. Return Value
  386. --*/
  387. {
  388. PFILTER_INTERFACE pIf;
  389. LOCK_STATE LockState;
  390. NTSTATUS Status;
  391. if(Fcb->dwFlags & PF_FCB_NEW)
  392. {
  393. return(STATUS_INVALID_DEVICE_REQUEST);
  394. }
  395. Fcb->dwFlags |= PF_FCB_OLD;
  396. pIf = NewInterface(pvRtrMgrCtxt,
  397. dwRtrMgrIndex,
  398. FORWARD,
  399. FORWARD,
  400. (PVOID)Fcb,
  401. dwAdapterId,
  402. 0);
  403. if(pIf is NULL)
  404. {
  405. return STATUS_NO_MEMORY;
  406. }
  407. //
  408. // lock the resource that protects adding new interfaces. This
  409. // is needed to hold off others until everything is properly
  410. // verified. The spin lock is insufficient for this.
  411. //
  412. KeEnterCriticalRegion();
  413. ExAcquireResourceExclusiveLite(&FilterListResourceLock, TRUE);
  414. //
  415. // Check for a name conflict
  416. //
  417. if(FindMatchName(0, dwAdapterId))
  418. {
  419. ExFreePool(pIf);
  420. Status = STATUS_DEVICE_BUSY;
  421. }
  422. else
  423. {
  424. pIf->dwGlobalEnables |= FI_ENABLE_OLD;
  425. *ppvFltrDrvrCtxt = (PVOID)pIf;
  426. AcquireWriteLock(&g_filters.ifListLock,&LockState);
  427. InsertTailList(&g_filters.leIfListHead,&pIf->leIfLink);
  428. ReleaseWriteLock(&g_filters.ifListLock,&LockState);
  429. Status = STATUS_SUCCESS;
  430. }
  431. ExReleaseResourceLite(&FilterListResourceLock);
  432. KeLeaveCriticalRegion();
  433. return(Status);
  434. }
  435. NTSTATUS
  436. DeleteInterface(
  437. IN PVOID pvIfContext
  438. )
  439. /*++
  440. Routine Description
  441. Deletes an interface and all the filters associated with it
  442. Clears the cache
  443. Arguments
  444. pvRtrMgrCtxt - Context passed in
  445. pvFltrDrvrCtxt - Handle to interface created
  446. Return Value
  447. --*/
  448. {
  449. PFILTER_INTERFACE pIf;
  450. LOCK_STATE LockState;
  451. pIf = (PFILTER_INTERFACE)pvIfContext;
  452. if(!IsValidInterface(pIf) || !(pIf->dwGlobalEnables & FI_ENABLE_OLD))
  453. {
  454. return(STATUS_INVALID_DEVICE_REQUEST);
  455. }
  456. KeEnterCriticalRegion();
  457. ExAcquireResourceExclusiveLite(&FilterListResourceLock, TRUE);
  458. AcquireWriteLock(&g_filters.ifListLock,&LockState);
  459. DeleteFilters(pIf,
  460. IN_FILTER_SET);
  461. DeleteFilters(pIf,
  462. OUT_FILTER_SET);
  463. RemoveEntryList(&pIf->leIfLink);
  464. ClearCache();
  465. ReleaseWriteLock(&g_filters.ifListLock,&LockState);
  466. ExReleaseResourceLite(&FilterListResourceLock);
  467. KeLeaveCriticalRegion();
  468. return STATUS_SUCCESS;
  469. }
  470. NTSTATUS
  471. SetFilters(
  472. IN PFILTER_DRIVER_SET_FILTERS pRtrMgrInfo
  473. )
  474. /*++
  475. Routine Description
  476. Adds the set of in and out filters passed to the interface (identified by the
  477. context). Also sets the default actions.
  478. Clears the cache
  479. Arguments
  480. pInfo Pointer to info passed by the router manager
  481. Return Value
  482. --*/
  483. {
  484. PFILTER_INTERFACE pIf;
  485. LOCK_STATE LockState;
  486. NTSTATUS ntStatus;
  487. DWORD dwNumInFilters,dwNumOutFilters;
  488. FORWARD_ACTION faInAction,faOutAction;
  489. PFILTER_DESCRIPTOR pFilterDesc;
  490. PRTR_TOC_ENTRY pInToc,pOutToc;
  491. LIST_ENTRY InList, OutList;
  492. //
  493. // Sensible defaults
  494. //
  495. dwNumInFilters = dwNumOutFilters = 0;
  496. faInAction = faOutAction = FORWARD;
  497. pIf = (PFILTER_INTERFACE)pRtrMgrInfo->pvDriverContext;
  498. if(!IsValidInterface(pIf) || !(pIf->dwGlobalEnables & FI_ENABLE_OLD))
  499. {
  500. return(STATUS_INVALID_DEVICE_REQUEST);
  501. }
  502. pInToc = GetPointerToTocEntry(IP_FILTER_DRIVER_IN_FILTER_INFO,
  503. &pRtrMgrInfo->ribhInfoBlock);
  504. pOutToc = GetPointerToTocEntry(IP_FILTER_DRIVER_OUT_FILTER_INFO,
  505. &pRtrMgrInfo->ribhInfoBlock);
  506. if(!pInToc && !pOutToc)
  507. {
  508. //
  509. // Nothing to change
  510. //
  511. TRACE(CONFIG,(
  512. "IPFLTDRV: Both filter set TOCs were null so nothing to change"
  513. ));
  514. return STATUS_SUCCESS;
  515. }
  516. if(pInToc)
  517. {
  518. //
  519. // If the infosize is 0, the filters will get deleted and default action
  520. // set to FORWARD. If infosize isnot 0 but the number of filters in the
  521. // descriptor is zero, the old filters will get deleted, no new filters
  522. // will be added, but the default action will be the one specified in the
  523. // descriptor. If Infosize is not 0 and number od filters is also not zero
  524. // then old filters will get deleted, new filters created and default
  525. // action set to what is specified in the
  526. //
  527. if(pInToc->InfoSize)
  528. {
  529. pFilterDesc = GetInfoFromTocEntry(&pRtrMgrInfo->ribhInfoBlock,
  530. pInToc);
  531. if(pFilterDesc->dwVersion != 1)
  532. {
  533. return(STATUS_INVALID_PARAMETER);
  534. }
  535. if(!NT_SUCCESS( ntStatus = MakeNewFilters(pFilterDesc->dwNumFilters,
  536. pFilterDesc->fiFilter,
  537. TRUE,
  538. &InList)))
  539. {
  540. ERROR(("IPFLTDRV: MakeNewFilters failed\n"));
  541. return ntStatus;
  542. }
  543. dwNumInFilters = pFilterDesc->dwNumFilters;
  544. faInAction = pFilterDesc->faDefaultAction;
  545. }
  546. }
  547. if(pOutToc)
  548. {
  549. if(pOutToc->InfoSize isnot 0)
  550. {
  551. pFilterDesc = GetInfoFromTocEntry(&pRtrMgrInfo->ribhInfoBlock,
  552. pOutToc);
  553. if(pFilterDesc->dwVersion != 1)
  554. {
  555. ntStatus = STATUS_INVALID_PARAMETER;
  556. DeleteFilterList(&InList);
  557. return ntStatus;
  558. }
  559. if(!NT_SUCCESS( ntStatus = MakeNewFilters(pFilterDesc->dwNumFilters,
  560. pFilterDesc->fiFilter,
  561. FALSE,
  562. &OutList)))
  563. {
  564. ERROR(("IPFLTDRV: MakeNewFilters failed - %x\n", ntStatus));
  565. DeleteFilterList(&InList);
  566. return ntStatus;
  567. }
  568. dwNumOutFilters = pFilterDesc->dwNumFilters;
  569. faOutAction = pFilterDesc->faDefaultAction;
  570. }
  571. }
  572. AcquireWriteLock(&g_filters.ifListLock,&LockState);
  573. //
  574. // If new info was given, then blow away the old filters
  575. // If new filters were also given, then add them
  576. //
  577. if(pInToc)
  578. {
  579. DeleteFilters(pIf, IN_FILTER_SET);
  580. if(dwNumInFilters)
  581. {
  582. InList.Flink->Blink = &pIf->pleInFilterSet;
  583. InList.Blink->Flink = &pIf->pleInFilterSet;
  584. pIf->pleInFilterSet = InList;
  585. }
  586. pIf->dwNumInFilters = dwNumInFilters;
  587. pIf->eaInAction = faInAction;
  588. }
  589. if(pOutToc)
  590. {
  591. DeleteFilters(pIf, OUT_FILTER_SET);
  592. if(dwNumOutFilters)
  593. {
  594. OutList.Flink->Blink = &pIf->pleOutFilterSet;
  595. OutList.Blink->Flink = &pIf->pleOutFilterSet;
  596. pIf->pleOutFilterSet = OutList;
  597. }
  598. pIf->dwNumOutFilters = dwNumOutFilters;
  599. pIf->eaOutAction = faOutAction;
  600. }
  601. ClearCache();
  602. ReleaseWriteLock(&g_filters.ifListLock,&LockState);
  603. return(STATUS_SUCCESS);
  604. }
  605. NTSTATUS
  606. UpdateBindingInformation(
  607. PFILTER_DRIVER_BINDING_INFO pBindInfo,
  608. PVOID pvContext
  609. )
  610. /*++
  611. Routine Description
  612. Gets filters and statistics associated with an interface
  613. It is called with the Spin Lock held as reader
  614. Arguments
  615. pvIf Pointer to FILTER_INTERFACE structure which was passed as a PVOID
  616. to router manager as a context for the interface
  617. pInfo FILTER_IF structure filled in by driver
  618. Return Value
  619. --*/
  620. {
  621. PFILTER_INTERFACE pIf;
  622. LOCK_STATE LockState;
  623. PFILTER pf;
  624. DWORD i;
  625. PLIST_ENTRY List;
  626. pIf = (PFILTER_INTERFACE)pvContext;
  627. if(!IsValidInterface(pIf) || !(pIf->dwGlobalEnables & FI_ENABLE_OLD))
  628. {
  629. return(STATUS_INVALID_DEVICE_REQUEST);
  630. }
  631. AcquireWriteLock(&g_filters.ifListLock,&LockState);
  632. for(List = pIf->pleInFilterSet.Flink;
  633. List != &pIf->pleInFilterSet;
  634. List = List->Flink)
  635. {
  636. pf = CONTAINING_RECORD(List, FILTER, pleFilters);
  637. if(AreAllFieldsUnchanged(pf))
  638. {
  639. continue;
  640. }
  641. if(DoesSrcAddrUseLocalAddr(pf))
  642. {
  643. pf->SRC_ADDR = pBindInfo->dwLocalAddr;
  644. }
  645. else if(DoesSrcAddrUseRemoteAddr(pf))
  646. {
  647. pf->SRC_ADDR = pBindInfo->dwRemoteAddr;
  648. }
  649. if(DoesDstAddrUseLocalAddr(pf))
  650. {
  651. pf->DEST_ADDR = pBindInfo->dwLocalAddr;
  652. }
  653. else if(DoesDstAddrUseRemoteAddr(pf))
  654. {
  655. pf->DEST_ADDR = pBindInfo->dwRemoteAddr;
  656. }
  657. if(IsSrcMaskLateBound(pf))
  658. {
  659. pf->SRC_MASK = pBindInfo->dwMask;
  660. }
  661. if(IsDstMaskLateBound(pf))
  662. {
  663. pf->DEST_MASK = pBindInfo->dwMask;
  664. }
  665. }
  666. for(List = pIf->pleOutFilterSet.Flink;
  667. List != &pIf->pleOutFilterSet;
  668. List = List->Flink)
  669. {
  670. pf = CONTAINING_RECORD(List, FILTER, pleFilters);
  671. if(AreAllFieldsUnchanged(pf))
  672. {
  673. continue;
  674. }
  675. if(DoesSrcAddrUseLocalAddr(pf))
  676. {
  677. pf->SRC_ADDR = pBindInfo->dwLocalAddr;
  678. }
  679. if(DoesSrcAddrUseRemoteAddr(pf))
  680. {
  681. pf->SRC_ADDR = pBindInfo->dwRemoteAddr;
  682. }
  683. if(DoesDstAddrUseLocalAddr(pf))
  684. {
  685. pf->SRC_ADDR = pBindInfo->dwLocalAddr;
  686. }
  687. if(DoesDstAddrUseRemoteAddr(pf))
  688. {
  689. pf->SRC_ADDR = pBindInfo->dwRemoteAddr;
  690. }
  691. if(IsSrcMaskLateBound(pf))
  692. {
  693. pf->SRC_MASK = pBindInfo->dwMask;
  694. }
  695. if(IsDstMaskLateBound(pf))
  696. {
  697. pf->DEST_MASK = pBindInfo->dwMask;
  698. }
  699. }
  700. ClearCache();
  701. ReleaseWriteLock(&g_filters.ifListLock,&LockState);
  702. return STATUS_SUCCESS;
  703. }
  704. NTSTATUS
  705. GetFilters(
  706. IN PFILTER_INTERFACE pIf,
  707. IN BOOL fClear,
  708. OUT PFILTER_IF pInfo
  709. )
  710. /*++
  711. Routine Description
  712. Gets filters and statistics associated with an interface
  713. It is called with the Spin Lock held as reader
  714. Arguments
  715. pvIf Pointer to FILTER_INTERFACE structure which was passed as a PVOID
  716. to router manager as a context for the interface
  717. pInfo FILTER_IF structure filled in by driver
  718. Return Value
  719. --*/
  720. {
  721. DWORD i,dwNumInFilters,dwNumOutFilters;
  722. PFILTER pf;
  723. PLIST_ENTRY List;
  724. if(!IsValidInterface(pIf) || !(pIf->dwGlobalEnables & FI_ENABLE_OLD))
  725. {
  726. return(STATUS_INVALID_DEVICE_REQUEST);
  727. }
  728. dwNumInFilters = pIf->dwNumInFilters;
  729. dwNumOutFilters = pIf->dwNumOutFilters;
  730. i = 0;
  731. for(List = pIf->pleInFilterSet.Flink;
  732. List != &pIf->pleInFilterSet;
  733. i++, List = List->Flink)
  734. {
  735. pf = CONTAINING_RECORD(List, FILTER, pleFilters);
  736. pInfo->filters[i].dwNumPacketsFiltered = (DWORD)pf->Count.lCount;
  737. if(fClear)
  738. {
  739. pf->Count.lCount = 0;
  740. }
  741. pInfo->filters[i].info.dwSrcAddr = pf->SRC_ADDR;
  742. pInfo->filters[i].info.dwSrcMask = pf->SRC_MASK;
  743. pInfo->filters[i].info.dwDstAddr = pf->DEST_ADDR;
  744. pInfo->filters[i].info.dwDstMask = pf->DEST_MASK;
  745. pInfo->filters[i].info.dwProtocol = pf->PROTO;
  746. pInfo->filters[i].info.fLateBound = pf->fLateBound;
  747. if(pInfo->filters[i].info.dwProtocol is FILTER_PROTO_ICMP)
  748. {
  749. if(LOBYTE(LOWORD(pf->uliProtoSrcDstMask.HighPart)) isnot 0xff)
  750. {
  751. pInfo->filters[i].info.wSrcPort = FILTER_ICMP_TYPE_ANY;
  752. }
  753. else
  754. {
  755. pInfo->filters[i].info.wSrcPort =
  756. MAKEWORD(LOBYTE(LOWORD(pf->uliProtoSrcDstPort.HighPart)),0x00);
  757. }
  758. if(HIBYTE(LOWORD(pf->uliProtoSrcDstMask.HighPart)) isnot 0xff)
  759. {
  760. pInfo->filters[i].info.wDstPort = FILTER_ICMP_CODE_ANY;
  761. }
  762. else
  763. {
  764. pInfo->filters[i].info.wDstPort =
  765. MAKEWORD(HIBYTE(LOWORD(pf->uliProtoSrcDstPort.HighPart)),0x00);
  766. }
  767. }
  768. else
  769. {
  770. pInfo->filters[i].info.wSrcPort =
  771. LOWORD(pf->uliProtoSrcDstPort.HighPart);
  772. pInfo->filters[i].info.wDstPort =
  773. HIWORD(pf->uliProtoSrcDstPort.HighPart);
  774. if(pInfo->filters[i].info.dwProtocol is FILTER_PROTO_TCP)
  775. {
  776. if(HIBYTE(LOWORD(pf->PROTO)))
  777. {
  778. pInfo->filters[i].info.dwProtocol = FILTER_PROTO_TCP_ESTAB;
  779. }
  780. }
  781. }
  782. }
  783. i = 0;
  784. for(List = pIf->pleOutFilterSet.Flink;
  785. List != &pIf->pleOutFilterSet;
  786. i++, List = List->Flink)
  787. {
  788. pf = CONTAINING_RECORD(List, FILTER, pleFilters);
  789. pInfo->filters[i+dwNumInFilters].dwNumPacketsFiltered =
  790. (DWORD)pf->Count.lCount;
  791. if(fClear)
  792. {
  793. pf->Count.lCount = 0;
  794. }
  795. pInfo->filters[i+dwNumInFilters].info.dwSrcAddr = pf->SRC_ADDR;
  796. pInfo->filters[i+dwNumInFilters].info.dwSrcMask = pf->SRC_MASK;
  797. pInfo->filters[i+dwNumInFilters].info.dwDstAddr = pf->DEST_ADDR;
  798. pInfo->filters[i+dwNumInFilters].info.dwDstMask = pf->DEST_MASK;
  799. pInfo->filters[i+dwNumInFilters].info.dwProtocol = pf->PROTO;
  800. pInfo->filters[i+dwNumInFilters].info.fLateBound = pf->fLateBound;
  801. if(pInfo->filters[i+dwNumInFilters].info.dwProtocol is FILTER_PROTO_ICMP)
  802. {
  803. if(LOBYTE(LOWORD(pf->uliProtoSrcDstMask.HighPart)) isnot 0xff)
  804. {
  805. pInfo->filters[i+dwNumInFilters].info.wSrcPort = FILTER_ICMP_TYPE_ANY;
  806. }
  807. else
  808. {
  809. pInfo->filters[i+dwNumInFilters].info.wSrcPort =
  810. MAKEWORD(LOBYTE(LOWORD(pf->uliProtoSrcDstPort.HighPart)),0x00);
  811. }
  812. if(HIBYTE(LOWORD(pf->uliProtoSrcDstMask.HighPart)) isnot 0xff)
  813. {
  814. pInfo->filters[i+dwNumInFilters].info.wDstPort = FILTER_ICMP_CODE_ANY;
  815. }
  816. else
  817. {
  818. pInfo->filters[i+dwNumInFilters].info.wDstPort =
  819. MAKEWORD(HIBYTE(LOWORD(pf->uliProtoSrcDstPort.HighPart)),0x00);
  820. }
  821. }
  822. else
  823. {
  824. pInfo->filters[i+dwNumInFilters].info.wSrcPort =
  825. LOWORD(pf->uliProtoSrcDstPort.HighPart);
  826. pInfo->filters[i+dwNumInFilters].info.wDstPort =
  827. HIWORD(pf->uliProtoSrcDstPort.HighPart);
  828. if(pInfo->filters[i].info.dwProtocol is FILTER_PROTO_TCP)
  829. {
  830. if(HIBYTE(LOWORD(pf->PROTO)))
  831. {
  832. pInfo->filters[i].info.dwProtocol = FILTER_PROTO_TCP_ESTAB;
  833. }
  834. }
  835. }
  836. }
  837. return(STATUS_SUCCESS);
  838. }
  839. NTSTATUS
  840. MakeNewFilters(
  841. IN DWORD dwNumFilters,
  842. IN PFILTER_INFO pFilterInfo,
  843. IN BOOL fInFilter,
  844. OUT PLIST_ENTRY pList
  845. )
  846. /*++
  847. Routine Description
  848. Arguments
  849. Return Value
  850. --*/
  851. {
  852. DWORD i;
  853. PFILTER pCurrent;
  854. DWORD dwFlags = (fInFilter ? FILTER_FLAGS_INFILTER : 0) |
  855. FILTER_FLAGS_OLDFILTER;
  856. PAGED_CODE();
  857. InitializeListHead(pList);
  858. //
  859. // Allocate memory for the filters
  860. //
  861. if(!dwNumFilters)
  862. {
  863. return STATUS_SUCCESS;
  864. }
  865. for(i = 0; i < dwNumFilters; i++)
  866. {
  867. pCurrent = ExAllocatePoolWithTag(
  868. NonPagedPool,
  869. dwNumFilters * sizeof(FILTER),
  870. '2liF');
  871. if(!pCurrent)
  872. {
  873. ERROR((
  874. "IPFLTDRV: MakeNewFilters: Couldnt allocate memory for in filter set\n"
  875. ));
  876. DeleteFilterList(pList);
  877. return STATUS_NO_MEMORY;
  878. }
  879. InsertTailList(pList, &pCurrent->pleFilters);
  880. pCurrent->SRC_ADDR = pFilterInfo[i].dwSrcAddr;
  881. pCurrent->DEST_ADDR = pFilterInfo[i].dwDstAddr;
  882. pCurrent->SRC_MASK = pFilterInfo[i].dwSrcMask;
  883. pCurrent->DEST_MASK = pFilterInfo[i].dwDstMask;
  884. pCurrent->fLateBound = pFilterInfo[i].fLateBound;
  885. pCurrent->dwFlags = dwFlags;
  886. //
  887. // Now the network ordering stuff - tricky part
  888. // LP0 LP1 LP2 LP3 HP0 HP1 HP2 HP3
  889. // Proto 00 00 00 SrcPort DstPort
  890. //
  891. // If we have proto == TCP_ESTAB, LP1 is the flags
  892. //
  893. // LP0 LP1 LP2 LP3 HP0 HP1 HP2 HP3
  894. // Proto TCPFlags 00 00 SrcPort DstPort
  895. //
  896. //
  897. // For addresses, ANY_ADDR is given by 0.0.0.0 and the MASK must be 0.0.0.0
  898. // For proto and ports 0 means any and the mask is generated as follows
  899. // If the proto is O then LP0 for Mask is 0xff else its 0x00
  900. // If a port is 0, the corresponding XP0XP1 is 0x0000 else its 0xffff
  901. //
  902. //
  903. // ICMP:
  904. // LP0 LP1 LP2 LP3 HP0 HP1 HP2 HP3
  905. // 0x1 00 00 00 Typ Cod 00 00
  906. // ICMP is different since 0 is a valid code and type, so 0xff is used by the
  907. // user to signify that ANY code or type is to be matched. However to do this
  908. // we need to have the field set to zero and the the mask set to 00 (for any).
  909. // But if the filter is specifically for Type/Code = 0 then the field is zero
  910. // with the mask as 0xff
  911. //
  912. //
  913. // The protocol is in the low byte of the dwProtocol, so we take that out and
  914. // make a dword out of it
  915. //
  916. pCurrent->uliProtoSrcDstPort.LowPart =
  917. MAKELONG(MAKEWORD(LOBYTE(LOWORD(pFilterInfo[i].dwProtocol)),0x00),0x0000);
  918. pCurrent->uliProtoSrcDstMask.LowPart = MAKELONG(MAKEWORD(0xff,0x00),0x0000);
  919. switch(pFilterInfo[i].dwProtocol)
  920. {
  921. case FILTER_PROTO_ANY:
  922. {
  923. pCurrent->uliProtoSrcDstPort.HighPart = 0x00000000;
  924. pCurrent->uliProtoSrcDstMask.LowPart = 0x00000000;
  925. pCurrent->uliProtoSrcDstMask.HighPart = 0x00000000;
  926. break;
  927. }
  928. case FILTER_PROTO_ICMP:
  929. {
  930. WORD wTypeCode = 0x0000;
  931. WORD wTypeCodeMask = 0x0000;
  932. if((BYTE)(pFilterInfo[i].wSrcPort) isnot FILTER_ICMP_TYPE_ANY)
  933. {
  934. wTypeCode |= MAKEWORD((BYTE)(pFilterInfo[i].wSrcPort),0x00);
  935. wTypeCodeMask |= MAKEWORD(0xff,0x00);
  936. }
  937. if((BYTE)(pFilterInfo[i].wDstPort) isnot FILTER_ICMP_CODE_ANY)
  938. {
  939. wTypeCode |= MAKEWORD(0x00,(BYTE)(pFilterInfo[i].wDstPort));
  940. wTypeCodeMask |= MAKEWORD(0x00,0xff);
  941. }
  942. pCurrent->uliProtoSrcDstPort.HighPart =
  943. MAKELONG(wTypeCode,0x0000);
  944. pCurrent->uliProtoSrcDstMask.HighPart =
  945. MAKELONG(wTypeCodeMask,0x0000);
  946. break;
  947. }
  948. case FILTER_PROTO_TCP:
  949. case FILTER_PROTO_UDP:
  950. {
  951. DWORD dwSrcDstPort = 0x00000000;
  952. DWORD dwSrcDstMask = 0x00000000;
  953. if(pFilterInfo[i].wSrcPort isnot FILTER_TCPUDP_PORT_ANY)
  954. {
  955. dwSrcDstPort |= MAKELONG(pFilterInfo[i].wSrcPort,0x0000);
  956. dwSrcDstMask |= MAKELONG(0xffff,0x0000);
  957. }
  958. if(pFilterInfo[i].wDstPort isnot FILTER_TCPUDP_PORT_ANY)
  959. {
  960. dwSrcDstPort |= MAKELONG(0x0000,pFilterInfo[i].wDstPort);
  961. dwSrcDstMask |= MAKELONG(0x0000,0xffff);
  962. }
  963. pCurrent->uliProtoSrcDstPort.HighPart = dwSrcDstPort;
  964. pCurrent->uliProtoSrcDstMask.HighPart = dwSrcDstMask;
  965. break;
  966. }
  967. case FILTER_PROTO_TCP_ESTAB:
  968. {
  969. DWORD dwSrcDstPort = 0x00000000;
  970. DWORD dwSrcDstMask = 0x00000000;
  971. //
  972. // The actual protocol is FILTER_PROTO_TCP
  973. //
  974. pCurrent->uliProtoSrcDstPort.LowPart =
  975. MAKELONG(MAKEWORD(FILTER_PROTO_TCP,ESTAB_FLAGS),0x0000);
  976. pCurrent->uliProtoSrcDstMask.LowPart =
  977. MAKELONG(MAKEWORD(0xff,ESTAB_MASK),0x0000);
  978. if(pFilterInfo[i].wSrcPort isnot FILTER_TCPUDP_PORT_ANY)
  979. {
  980. dwSrcDstPort |= MAKELONG(pFilterInfo[i].wSrcPort,0x0000);
  981. dwSrcDstMask |= MAKELONG(0xffff,0x0000);
  982. }
  983. if(pFilterInfo[i].wDstPort isnot FILTER_TCPUDP_PORT_ANY)
  984. {
  985. dwSrcDstPort |= MAKELONG(0x0000,pFilterInfo[i].wDstPort);
  986. dwSrcDstMask |= MAKELONG(0x0000,0xffff);
  987. }
  988. pCurrent->uliProtoSrcDstPort.HighPart = dwSrcDstPort;
  989. pCurrent->uliProtoSrcDstMask.HighPart = dwSrcDstMask;
  990. break;
  991. }
  992. default:
  993. {
  994. //
  995. // All other protocols have no use for the port field
  996. //
  997. pCurrent->uliProtoSrcDstPort.HighPart = 0x00000000;
  998. pCurrent->uliProtoSrcDstMask.HighPart = 0x00000000;
  999. }
  1000. }
  1001. }
  1002. return STATUS_SUCCESS;
  1003. }
  1004. #endif // STEELHEAD
  1005. VOID
  1006. DeleteFilters(
  1007. IN PFILTER_INTERFACE pIf,
  1008. DWORD dwInOrOut
  1009. )
  1010. /*++
  1011. Routine Description
  1012. Deletes all filters associated with an interface
  1013. Assumes that the write lock for this interface is held
  1014. Arguments
  1015. pIf Pointer to interface
  1016. Return Value
  1017. --*/
  1018. {
  1019. if(dwInOrOut == IN_FILTER_SET)
  1020. {
  1021. pIf->dwNumInFilters = 0;
  1022. DeleteFilterList(&pIf->pleInFilterSet);
  1023. }
  1024. else
  1025. {
  1026. pIf->dwNumOutFilters = 0;
  1027. DeleteFilterList(&pIf->pleOutFilterSet);
  1028. }
  1029. }
  1030. NTSTATUS
  1031. SetFiltersEx(
  1032. IN PPFFCB Fcb,
  1033. IN PPAGED_FILTER_INTERFACE pPage,
  1034. IN DWORD dwLength,
  1035. IN PFILTER_DRIVER_SET_FILTERS pInfo)
  1036. /*++
  1037. Routine Description:
  1038. Set filters use the new interface definitions.
  1039. --*/
  1040. {
  1041. PRTR_TOC_ENTRY pInToc,pOutToc;
  1042. PFILTER_INTERFACE pIf = pPage->pFilter;
  1043. PFILTER_DESCRIPTOR2 pFilterDescIn, pFilterDescOut;
  1044. DWORD dwInCount, dwOutCount;
  1045. DWORD i;
  1046. PPAGED_FILTER pPFilter;
  1047. NTSTATUS Status = STATUS_SUCCESS;
  1048. PBYTE pbEnd = (PBYTE)pInfo + dwLength;
  1049. DWORD dwFiltersAdded = 0;
  1050. PAGED_CODE();
  1051. if(pIf->dwGlobalEnables & FI_ENABLE_OLD)
  1052. {
  1053. return(STATUS_INVALID_DEVICE_REQUEST);
  1054. }
  1055. pInToc = GetPointerToTocEntry(IP_FILTER_DRIVER_IN_FILTER_INFO,
  1056. &pInfo->ribhInfoBlock);
  1057. pOutToc = GetPointerToTocEntry(IP_FILTER_DRIVER_OUT_FILTER_INFO,
  1058. &pInfo->ribhInfoBlock);
  1059. if(pInToc && pInToc->InfoSize)
  1060. {
  1061. //
  1062. // filters are defined.
  1063. //
  1064. pFilterDescIn = GetInfoFromTocEntry(&pInfo->ribhInfoBlock,
  1065. pInToc);
  1066. if(pFilterDescIn->dwVersion != 2)
  1067. {
  1068. ERROR(("IPFLTDRV: SetFiltersEx: Invalid version for FiltersEx\n"));
  1069. return(STATUS_INVALID_PARAMETER);
  1070. }
  1071. }
  1072. else
  1073. {
  1074. pFilterDescIn = NULL;
  1075. }
  1076. if(pOutToc && pOutToc->InfoSize)
  1077. {
  1078. //
  1079. // filters are defined.
  1080. //
  1081. pFilterDescOut = GetInfoFromTocEntry(&pInfo->ribhInfoBlock,
  1082. pOutToc);
  1083. if(pFilterDescOut->dwVersion != 2)
  1084. {
  1085. ERROR(("IPFLTDRV: SetFiltersEx: Invalid version for FiltersEx\n"));
  1086. return(STATUS_INVALID_PARAMETER);
  1087. }
  1088. }
  1089. else
  1090. {
  1091. pFilterDescOut = NULL;
  1092. }
  1093. //
  1094. // For each set of filters, add the filters to the paged, FCB
  1095. // interface and therefore to the match interface.
  1096. //
  1097. if((pFilterDescIn && !CheckDescriptorSize(pFilterDescIn, pbEnd))
  1098. ||
  1099. (pFilterDescOut && !CheckDescriptorSize(pFilterDescOut, pbEnd)) )
  1100. {
  1101. return(STATUS_BUFFER_TOO_SMALL);
  1102. }
  1103. if(pFilterDescIn)
  1104. {
  1105. // Adding in filters. For each filter, process as
  1106. // needed. Input filters include the global checks
  1107. /// such as spoofing.
  1108. //
  1109. for(dwInCount = 0;
  1110. (dwInCount < pFilterDescIn->dwNumFilters);
  1111. dwInCount++)
  1112. {
  1113. PFILTER_INFOEX pFilt = &pFilterDescIn->fiFilter[dwInCount];
  1114. BOOL bAdded;
  1115. //
  1116. // If a regular filter, add it. If a special, global
  1117. // filter, handle it specially.
  1118. //
  1119. if(pFilt->type == PFE_FILTER)
  1120. {
  1121. Status = AllocateAndAddFilterToMatchInterface(
  1122. Fcb,
  1123. pFilt,
  1124. TRUE,
  1125. pPage,
  1126. &bAdded,
  1127. &pPFilter);
  1128. if(!NT_SUCCESS(Status))
  1129. {
  1130. if((Status == STATUS_OBJECT_NAME_COLLISION)
  1131. &&
  1132. pPFilter)
  1133. {
  1134. if(!fCheckDups
  1135. ||
  1136. (pPFilter->dwFlags & FLAGS_INFOEX_ALLOWDUPS))
  1137. {
  1138. pPFilter->dwInUse++;
  1139. Status = STATUS_SUCCESS;
  1140. }
  1141. else
  1142. {
  1143. ERROR((
  1144. "IPFLTDRV: Adding in filter failed %x\n",
  1145. Status
  1146. ));
  1147. break;
  1148. }
  1149. }
  1150. else
  1151. {
  1152. break;
  1153. }
  1154. }
  1155. else if(bAdded && (pIf->eaInAction == FORWARD))
  1156. {
  1157. dwFiltersAdded++;
  1158. }
  1159. }
  1160. else
  1161. {
  1162. //
  1163. // a special filter of some sort.
  1164. //
  1165. pPFilter = MakePagedFilter(Fcb, pFilt, pPage->dwUpdateEpoch, 0);
  1166. if(!pPFilter)
  1167. {
  1168. Status = STATUS_NO_MEMORY;
  1169. }
  1170. else
  1171. {
  1172. PPAGED_FILTER pWhoCares;
  1173. if(IsOnSpecialFilterList(pPFilter,
  1174. &pPage->leSpecialFilterList,
  1175. &pWhoCares))
  1176. {
  1177. pWhoCares->dwInUse++;
  1178. ExFreePool(pPFilter);
  1179. pPFilter = 0;
  1180. }
  1181. else
  1182. {
  1183. switch(pFilt->type)
  1184. {
  1185. case PFE_SYNORFRAG:
  1186. case PFE_SPOOF:
  1187. case PFE_UNUSEDPORT:
  1188. case PFE_ALLOWCTL:
  1189. case PFE_STRONGHOST:
  1190. case PFE_FULLDENY:
  1191. case PFE_NOFRAG:
  1192. case PFE_FRAGCACHE:
  1193. AddGlobalFilterToInterface(pPage, pFilt);
  1194. break;
  1195. default:
  1196. ERROR(("IPFLTDRV: Unknown filter type\n"));
  1197. ExFreePool(pPFilter);
  1198. pPFilter = 0;
  1199. Status = STATUS_INVALID_PARAMETER;
  1200. break;
  1201. }
  1202. }
  1203. if(pPFilter)
  1204. {
  1205. InsertTailList(&pPage->leSpecialFilterList,
  1206. &pPFilter->leSpecialList);
  1207. }
  1208. else if(!NT_SUCCESS(Status))
  1209. {
  1210. break;
  1211. }
  1212. }
  1213. }
  1214. }
  1215. }
  1216. else
  1217. {
  1218. dwInCount = 0;
  1219. }
  1220. if(!NT_SUCCESS(Status))
  1221. {
  1222. RemoveFilterWorker(
  1223. Fcb,
  1224. &pFilterDescIn->fiFilter[0],
  1225. dwInCount,
  1226. pPage,
  1227. &dwFiltersAdded,
  1228. TRUE);
  1229. return(Status);
  1230. }
  1231. //
  1232. // now the output filters. This is a bit simpler since there
  1233. // are no global settings.
  1234. //
  1235. if(pFilterDescOut)
  1236. {
  1237. //
  1238. // Adding in filters. For each filter, process as
  1239. // needed. Input filters include the global checks
  1240. /// such as spoofing.
  1241. //
  1242. for(dwOutCount = 0;
  1243. dwOutCount < pFilterDescOut->dwNumFilters;
  1244. dwOutCount++)
  1245. {
  1246. PFILTER_INFOEX pFilt = &pFilterDescOut->fiFilter[dwOutCount];
  1247. BOOL bAdded;
  1248. //
  1249. // If a regular filter, add it. If a special, global
  1250. // filter, handle it specially.
  1251. //
  1252. if(pFilt->type == PFE_FILTER)
  1253. {
  1254. Status = AllocateAndAddFilterToMatchInterface(
  1255. Fcb,
  1256. pFilt,
  1257. FALSE,
  1258. pPage,
  1259. &bAdded,
  1260. &pPFilter);
  1261. if(!NT_SUCCESS(Status))
  1262. {
  1263. if((Status == STATUS_OBJECT_NAME_COLLISION)
  1264. &&
  1265. pPFilter)
  1266. {
  1267. if(!fCheckDups
  1268. ||
  1269. (pPFilter->dwFlags & FLAGS_INFOEX_ALLOWDUPS))
  1270. {
  1271. pPFilter->dwInUse++;
  1272. Status = STATUS_SUCCESS;
  1273. }
  1274. else
  1275. {
  1276. ERROR((
  1277. "IPFLTDRV: Adding out filter failed %x\n",
  1278. Status
  1279. ));
  1280. break;
  1281. }
  1282. }
  1283. else
  1284. {
  1285. break;
  1286. }
  1287. }
  1288. else if(bAdded && (pIf->eaOutAction == FORWARD))
  1289. {
  1290. dwFiltersAdded++;
  1291. }
  1292. }
  1293. else
  1294. {
  1295. ERROR(("IPFLTDRV: Ignoring global out filter\n"));
  1296. }
  1297. }
  1298. }
  1299. if(!NT_SUCCESS(Status))
  1300. {
  1301. RemoveFilterWorker(
  1302. Fcb,
  1303. &pFilterDescIn->fiFilter[0],
  1304. dwInCount,
  1305. pPage,
  1306. &dwFiltersAdded,
  1307. TRUE);
  1308. RemoveFilterWorker(
  1309. Fcb,
  1310. &pFilterDescOut->fiFilter[0],
  1311. dwOutCount,
  1312. pPage,
  1313. &dwFiltersAdded,
  1314. FALSE);
  1315. }
  1316. else if(dwFiltersAdded)
  1317. {
  1318. NotifyFastPath(pIf, pIf->dwIpIndex, NOT_RESTRICTION);
  1319. }
  1320. return(Status);
  1321. }
  1322. NTSTATUS
  1323. UpdateBindingInformationEx(
  1324. PFILTER_DRIVER_BINDING_INFO pBindInfo,
  1325. PPAGED_FILTER_INTERFACE pPage)
  1326. /*++
  1327. Routine Description:
  1328. Just like the routine below. But this fixes up the
  1329. paged filters only
  1330. --*/
  1331. {
  1332. PPAGED_FILTER pf;
  1333. DWORD i;
  1334. if((pPage->pFilter->dwGlobalEnables & FI_ENABLE_OLD))
  1335. {
  1336. return(STATUS_INVALID_DEVICE_REQUEST);
  1337. }
  1338. pPage->dwUpdateEpoch++;
  1339. //
  1340. // update all filters on this paged interface
  1341. //
  1342. for(i = 0; i < g_dwHashLists; i++)
  1343. {
  1344. PLIST_ENTRY List = &pPage->HashList[i];
  1345. PLIST_ENTRY pList, NextListItem;
  1346. for(pList = List->Flink;
  1347. pList != List;
  1348. pList = NextListItem)
  1349. {
  1350. NextListItem = pList->Flink;
  1351. pf = CONTAINING_RECORD(pList, PAGED_FILTER, leHash);
  1352. if(pf->dwEpoch == pPage->dwUpdateEpoch)
  1353. {
  1354. break;
  1355. }
  1356. if(AreAllFieldsUnchanged(pf))
  1357. {
  1358. continue;
  1359. }
  1360. //
  1361. // it's to be changed. Take it off of its hash list
  1362. // so it can be rehashed when we are done
  1363. //
  1364. RemoveEntryList(&pf->leHash);
  1365. if(DoesSrcAddrUseLocalAddr(pf))
  1366. {
  1367. pf->SRC_ADDR = pBindInfo->dwLocalAddr;
  1368. }
  1369. else if(DoesSrcAddrUseRemoteAddr(pf))
  1370. {
  1371. pf->SRC_ADDR = pBindInfo->dwRemoteAddr;
  1372. }
  1373. if(DoesDstAddrUseLocalAddr(pf))
  1374. {
  1375. pf->DEST_ADDR = pBindInfo->dwLocalAddr;
  1376. }
  1377. else if(DoesDstAddrUseRemoteAddr(pf))
  1378. {
  1379. pf->DEST_ADDR = pBindInfo->dwRemoteAddr;
  1380. }
  1381. if(IsSrcMaskLateBound(pf))
  1382. {
  1383. pf->SRC_MASK = pBindInfo->dwMask;
  1384. }
  1385. if(IsDstMaskLateBound(pf))
  1386. {
  1387. pf->DEST_MASK = pBindInfo->dwMask;
  1388. }
  1389. pf->dwEpoch = pPage->dwUpdateEpoch;
  1390. //
  1391. // compute new hash index
  1392. //
  1393. pf->dwHashIndex = (
  1394. pf->SRC_ADDR +
  1395. pf->DEST_ADDR +
  1396. pf->DEST_ADDR +
  1397. PROTOCOLPART(pf->uliProtoSrcDstPort.LowPart) +
  1398. pf->uliProtoSrcDstPort.HighPart) % g_dwHashLists;
  1399. InsertTailList(&pPage->HashList[pf->dwHashIndex],
  1400. &pf->leHash);
  1401. }
  1402. }
  1403. return(UpdateMatchBindingInformation(pBindInfo, (PVOID)pPage->pFilter));
  1404. }
  1405. VOID
  1406. UpdateLateBoundFilter(PFILTER pf,
  1407. DWORD dwLocalAddr,
  1408. DWORD dwRemoteAddr,
  1409. DWORD dwMask)
  1410. {
  1411. if(DoesSrcAddrUseLocalAddr(pf))
  1412. {
  1413. pf->SRC_ADDR = dwLocalAddr;
  1414. }
  1415. else if(DoesSrcAddrUseRemoteAddr(pf))
  1416. {
  1417. pf->SRC_ADDR = dwRemoteAddr;
  1418. }
  1419. if(DoesDstAddrUseLocalAddr(pf))
  1420. {
  1421. pf->DEST_ADDR = dwLocalAddr;
  1422. }
  1423. else if(DoesDstAddrUseRemoteAddr(pf))
  1424. {
  1425. pf->DEST_ADDR = dwRemoteAddr;
  1426. }
  1427. if(IsSrcMaskLateBound(pf))
  1428. {
  1429. pf->SRC_MASK = dwMask;
  1430. }
  1431. if(IsDstMaskLateBound(pf))
  1432. {
  1433. pf->DEST_MASK = dwMask;
  1434. }
  1435. }
  1436. NTSTATUS
  1437. UpdateMatchBindingInformation(
  1438. PFILTER_DRIVER_BINDING_INFO pBindInfo,
  1439. PVOID pvContext
  1440. )
  1441. /*++
  1442. Routine Description
  1443. Update the bindings for a new style interface
  1444. Arguments
  1445. pvIf Pointer to FILTER_INTERFACE structure which was passed as a PVOID
  1446. to router manager as a context for the interface
  1447. pInfo FILTER_IF structure filled in by driver
  1448. Return Value
  1449. --*/
  1450. {
  1451. PFILTER_INTERFACE pIf;
  1452. LOCK_STATE LockState;
  1453. PFILTER pf;
  1454. DWORD i;
  1455. DWORD dwX;
  1456. PLIST_ENTRY List, NextList;
  1457. pIf = (PFILTER_INTERFACE)pvContext;
  1458. AcquireWriteLock(&g_filters.ifListLock,&LockState);
  1459. pIf->dwUpdateEpoch++;
  1460. for(i = 0; i < g_dwHashLists; i++)
  1461. {
  1462. for(List = pIf->HashList[i].Flink;
  1463. List != &pIf->HashList[i];
  1464. List = NextList)
  1465. {
  1466. pf = CONTAINING_RECORD(List, FILTER, pleHashList);
  1467. NextList = List->Flink;
  1468. if(pf->dwEpoch == pIf->dwUpdateEpoch)
  1469. {
  1470. break;
  1471. }
  1472. pf->dwEpoch = pIf->dwUpdateEpoch;
  1473. if(!AreAllFieldsUnchanged(pf))
  1474. {
  1475. BOOL fWild;
  1476. UpdateLateBoundFilter(pf,
  1477. pBindInfo->dwLocalAddr,
  1478. pBindInfo->dwRemoteAddr,
  1479. pBindInfo->dwMask);
  1480. dwX = ComputeMatchHashIndex(pf, &fWild);
  1481. RemoveEntryList(&pf->pleHashList);
  1482. InsertTailList(&pIf->HashList[dwX], &pf->pleHashList);
  1483. }
  1484. }
  1485. }
  1486. //
  1487. // finally the wild card filters
  1488. //
  1489. for(i = g_dwHashLists; i <= g_dwHashLists + 1; i++)
  1490. {
  1491. for(List = pIf->HashList[i].Flink;
  1492. List != &pIf->HashList[i];
  1493. List = List->Flink)
  1494. {
  1495. pf = CONTAINING_RECORD(List, FILTER, pleHashList);
  1496. if(pf->dwEpoch == pIf->dwUpdateEpoch)
  1497. {
  1498. break;
  1499. }
  1500. pf->dwEpoch = pIf->dwUpdateEpoch;
  1501. if(!AreAllFieldsUnchanged(pf))
  1502. {
  1503. UpdateLateBoundFilter(pf,
  1504. pBindInfo->dwLocalAddr,
  1505. pBindInfo->dwRemoteAddr,
  1506. pBindInfo->dwMask);
  1507. }
  1508. }
  1509. }
  1510. ClearCache();
  1511. ReleaseWriteLock(&g_filters.ifListLock,&LockState);
  1512. NotifyFastPathIf(pIf);
  1513. return STATUS_SUCCESS;
  1514. }
  1515. PFILTER_INTERFACE
  1516. NewInterface(
  1517. IN PVOID pvContext,
  1518. IN DWORD dwIndex,
  1519. IN FORWARD_ACTION inAction,
  1520. IN FORWARD_ACTION outAction,
  1521. IN PVOID pvOldInterfaceContext,
  1522. IN DWORD dwIpIndex,
  1523. IN DWORD dwName
  1524. )
  1525. /*++
  1526. Routine Description
  1527. Interface constructor
  1528. Arguments
  1529. pIf Pointer to interface
  1530. Return Value
  1531. --*/
  1532. {
  1533. PFILTER_INTERFACE pIf;
  1534. PAGED_CODE();
  1535. pIf = (PFILTER_INTERFACE)ExAllocatePoolWithTag(NonPagedPool,
  1536. FILTER_INTERFACE_SIZE,
  1537. '1liF');
  1538. if(pIf != NULL)
  1539. {
  1540. DWORD i;
  1541. RtlZeroMemory(pIf, sizeof(*pIf));
  1542. pIf->dwNumOutFilters = pIf->dwNumInFilters = 0;
  1543. pIf->pvRtrMgrContext = pvContext;
  1544. pIf->dwRtrMgrIndex = dwIndex;
  1545. pIf->eaInAction = inAction;
  1546. pIf->eaOutAction = outAction;
  1547. pIf->dwIpIndex = dwIpIndex;
  1548. pIf->dwLinkIpAddress = 0;
  1549. pIf->lInUse = 1;
  1550. pIf->lTotalInDrops = pIf->lTotalOutDrops = 0;
  1551. pIf->dwName = dwName;
  1552. pIf->dwUpdateEpoch = 0;
  1553. pIf->pvHandleContext = pvOldInterfaceContext;
  1554. InitializeListHead(&pIf->pleInFilterSet);
  1555. InitializeListHead(&pIf->pleOutFilterSet);
  1556. for(i = 0; i < FRAG_NUMBEROFENTRIES; i++)
  1557. {
  1558. InitializeListHead(&pIf->FragLists[i]);
  1559. }
  1560. for(i = 0; i <= (g_dwHashLists + 1); i++)
  1561. {
  1562. InitializeListHead(&pIf->HashList[i]);
  1563. }
  1564. }
  1565. return pIf;
  1566. }
  1567. VOID
  1568. DeleteFilterList(PLIST_ENTRY pList)
  1569. /*++
  1570. Routine Description
  1571. Free the list of filters given
  1572. --*/
  1573. {
  1574. while(!IsListEmpty(pList))
  1575. {
  1576. PLIST_ENTRY pEntry = RemoveHeadList(pList);
  1577. ExFreePool(pEntry);
  1578. }
  1579. }
  1580. VOID
  1581. ClearFragCache()
  1582. /*++
  1583. Routine Description
  1584. Clears the fragments cache
  1585. Arguments
  1586. None
  1587. Return Value
  1588. None
  1589. --*/
  1590. {
  1591. DWORD i;
  1592. KIRQL kiCurrIrql;
  1593. PLIST_ENTRY pleNode;
  1594. if (g_pleFragTable)
  1595. {
  1596. KeAcquireSpinLock(&g_kslFragLock, &kiCurrIrql);
  1597. for(i = 0; i < g_dwFragTableSize; i++)
  1598. {
  1599. PLIST_ENTRY pleNode;
  1600. pleNode = g_pleFragTable[i].Flink;
  1601. while(pleNode != &(g_pleFragTable[i]))
  1602. {
  1603. PFRAG_INFO pfiFragInfo;
  1604. pfiFragInfo = CONTAINING_RECORD(pleNode, FRAG_INFO, leCacheLink);
  1605. pleNode = pleNode->Flink;
  1606. RemoveEntryList(&(pfiFragInfo->leCacheLink));
  1607. ExFreeToNPagedLookasideList(
  1608. &g_llFragCacheBlocks,
  1609. pfiFragInfo);
  1610. }
  1611. }
  1612. KeReleaseSpinLock(&g_kslFragLock,
  1613. kiCurrIrql);
  1614. }
  1615. TRACE(FRAG,("IPFLTDRV: Frag cache cleanup Done\n"));
  1616. }
  1617. VOID
  1618. ClearCache()
  1619. /*++
  1620. Routine Description
  1621. Clears the input and output caches
  1622. Assumes that the write lock has been acquired (for the system)
  1623. Arguments
  1624. None
  1625. Return Value
  1626. None
  1627. --*/
  1628. {
  1629. DWORD i;
  1630. PLIST_ENTRY pleNode;
  1631. //
  1632. // This code assumes that the g_filter.pIn/OutCache is valid and that each of the
  1633. // pointers in the array are valid. If they are not, there is something seriously
  1634. // wrong and you would end up blue screening in someother part of the code anyways
  1635. //
  1636. TRACE(CACHE,("IPFLTDRV: Clearing in and out cache..."));
  1637. for(i = 0; i < g_dwCacheSize; i ++)
  1638. {
  1639. ClearInCacheEntry(g_filters.ppInCache[i]);
  1640. ClearOutCacheEntry(g_filters.ppOutCache[i]);
  1641. }
  1642. TRACE(CACHE,("IPFLTDRV: Done Clearing in and out cache\n"));
  1643. pleNode = g_freeInFilters.Flink;
  1644. TRACE(CACHE,("IPFLTDRV: Clearing in free list...\n"));
  1645. while(pleNode isnot &g_freeInFilters)
  1646. {
  1647. PFILTER_INCACHE pInCache;
  1648. pInCache = CONTAINING_RECORD(pleNode,FILTER_INCACHE,leFreeLink);
  1649. ClearInFreeEntry(pInCache);
  1650. pleNode = pleNode->Flink;
  1651. }
  1652. TRACE(CACHE,("IPFLTDRV: Done Clearing in free list\n"));
  1653. pleNode = g_freeOutFilters.Flink;
  1654. TRACE(CACHE,("IPFLTDRV: Clearing out free list...\n"));
  1655. while(pleNode isnot &g_freeOutFilters)
  1656. {
  1657. PFILTER_OUTCACHE pOutCache;
  1658. pOutCache = CONTAINING_RECORD(pleNode,FILTER_OUTCACHE,leFreeLink);
  1659. ClearOutFreeEntry(pOutCache);
  1660. pleNode = pleNode->Flink;
  1661. }
  1662. TRACE(CACHE,("IPFLTDRV: Done Clearing out free list\n"));
  1663. ClearFragCache();
  1664. CALLTRACE(("IPFLTDRV: ClearCache Done\n"));
  1665. return;
  1666. }
  1667. PRTR_TOC_ENTRY
  1668. GetPointerToTocEntry(
  1669. DWORD dwType,
  1670. PRTR_INFO_BLOCK_HEADER pInfoHdr
  1671. )
  1672. {
  1673. DWORD i;
  1674. PAGED_CODE();
  1675. if(!pInfoHdr)
  1676. {
  1677. return NULL;
  1678. }
  1679. for(i = 0; i < pInfoHdr->TocEntriesCount; i++)
  1680. {
  1681. if(pInfoHdr->TocEntry[i].InfoType is dwType)
  1682. {
  1683. return &(pInfoHdr->TocEntry[i]);
  1684. }
  1685. }
  1686. return NULL;
  1687. }
  1688. NTSTATUS
  1689. AddNewInterface(PPFINTERFACEPARAMETERS pInfo,
  1690. PPFFCB Fcb)
  1691. /*++
  1692. Routine Description:
  1693. Create a new interface for this handle. Also create or
  1694. merge with a common underlying interface.
  1695. --*/
  1696. {
  1697. PPAGED_FILTER_INTERFACE pgIf;
  1698. PPAGED_FILTER_INTERFACE pPaged;
  1699. DWORD dwBind = pInfo->dwBindingData;
  1700. NTSTATUS Status;
  1701. KPROCESSOR_MODE Mode;
  1702. DWORD i, dwName = 0;
  1703. PAGED_CODE();
  1704. if(Fcb->dwFlags & PF_FCB_OLD)
  1705. {
  1706. return(STATUS_INVALID_DEVICE_REQUEST);
  1707. }
  1708. Fcb->dwFlags |= PF_FCB_NEW;
  1709. Mode = ExGetPreviousMode();
  1710. //
  1711. // verify that this interface is unique on this handle.
  1712. //
  1713. switch(pInfo->pfbType)
  1714. {
  1715. default:
  1716. Status = STATUS_NO_SUCH_DEVICE;
  1717. break;
  1718. case PF_BIND_NONE:
  1719. dwBind = UNKNOWN_IP_INDEX;
  1720. Status = STATUS_SUCCESS;
  1721. break;
  1722. case PF_BIND_NAME:
  1723. dwName = dwBind;
  1724. dwBind = UNKNOWN_IP_INDEX;
  1725. Status = STATUS_SUCCESS;
  1726. break;
  1727. }
  1728. if(NT_SUCCESS(Status))
  1729. {
  1730. //
  1731. // it's not in use on this handle. So create an PAGED
  1732. // FCB to remember this and to link into a non-paged interface.
  1733. //
  1734. pPaged = ExAllocatePoolWithTag(PagedPool,
  1735. PAGED_INTERFACE_SIZE,
  1736. 'pfpI');
  1737. if(!pPaged)
  1738. {
  1739. return(STATUS_NO_MEMORY);
  1740. }
  1741. //
  1742. // fill in the paged filter definition and allocate
  1743. // a non-paged filter. The non-paged filter could already
  1744. // exist, in which case simply link this to the existing
  1745. // one.
  1746. if(pInfo->pfLogId)
  1747. {
  1748. //
  1749. // If a Log ID is given, reference the log to
  1750. // prevent it from going away
  1751. //
  1752. Status = ReferenceLogByHandleId(pInfo->pfLogId,
  1753. Fcb,
  1754. &pPaged->pLog);
  1755. if(!NT_SUCCESS(Status))
  1756. {
  1757. ExFreePool(pPaged);
  1758. return(Status);
  1759. }
  1760. }
  1761. else
  1762. {
  1763. pPaged->pLog = NULL;
  1764. }
  1765. pPaged->dwNumInFilters = pPaged->dwNumOutFilters = 0;
  1766. pPaged->eaInAction = pInfo->eaIn;
  1767. pPaged->eaOutAction = pInfo->eaOut;
  1768. pPaged->dwGlobalEnables = 0;
  1769. pPaged->pvRtrMgrContext = pInfo->fdInterface.pvRtrMgrContext;
  1770. pPaged->dwRtrMgrIndex = pInfo->fdInterface.dwIfIndex;
  1771. pPaged->dwUpdateEpoch = 0;
  1772. Status = CreateCommonInterface(pPaged,
  1773. dwBind,
  1774. dwName,
  1775. pInfo->dwInterfaceFlags);
  1776. if(!NT_SUCCESS(Status))
  1777. {
  1778. if(pPaged->pLog)
  1779. {
  1780. ERROR(("IPFLTDRV: CreateCommonInterface failed: DereferenceLog being called\n"));
  1781. DereferenceLog(pPaged->pLog);
  1782. }
  1783. ExFreePool(pPaged);
  1784. return(Status);
  1785. }
  1786. pPaged->pvDriverContext =
  1787. pInfo->fdInterface.pvDriverContext = (PVOID)pPaged;
  1788. InitializeListHead(&pPaged->leSpecialFilterList);
  1789. for(i = 0; i < 2 * g_dwHashLists; i++)
  1790. {
  1791. PLIST_ENTRY List = &pPaged->HashList[i];
  1792. InitializeListHead(List);
  1793. }
  1794. InsertTailList(&Fcb->leInterfaces, &pPaged->leIfLink);
  1795. }
  1796. return(Status);
  1797. }
  1798. BOOL
  1799. DereferenceFilterInterface(PFILTER_INTERFACE pIf, PPFLOGINTERFACE pLog)
  1800. /*++
  1801. Routine Description:
  1802. Nonpaged routine to dereference a match interface. If the
  1803. reference count goes to zero, free the interface
  1804. --*/
  1805. {
  1806. LOCK_STATE LockState, LockState2;
  1807. BOOL fRel = FALSE;
  1808. //
  1809. // lock the resource that protects adding new interfaces. This
  1810. // is needed to hold off others until everything is properly
  1811. // verified. The spin lock is insufficient for this.
  1812. //
  1813. KeEnterCriticalRegion();
  1814. ExAcquireResourceExclusiveLite(&FilterListResourceLock, TRUE);
  1815. AcquireWriteLock(&g_filters.ifListLock,&LockState);
  1816. if(--pIf->lInUse == 0)
  1817. {
  1818. RemoveEntryList(&pIf->leIfLink);
  1819. if(pIf->dwIpIndex != UNKNOWN_IP_INDEX)
  1820. {
  1821. InterlockedCleanCache(g_filters.pInterfaceCache, pIf->dwIpIndex, pIf->dwLinkIpAddress);
  1822. InterlockedDecrement(&g_ulBoundInterfaceCount);
  1823. TRACE(CONFIG,(
  1824. "IPFLTDRV: UnBound Interface Index=%d, Link=%d, TotalCnt=%d\n",
  1825. pIf->dwIpIndex,
  1826. pIf->dwLinkIpAddress,
  1827. g_ulBoundInterfaceCount
  1828. ));
  1829. }
  1830. fRel = TRUE;
  1831. }
  1832. ReleaseWriteLock(&g_filters.ifListLock,&LockState);
  1833. if(fRel)
  1834. {
  1835. //
  1836. // Getting rid of it
  1837. //
  1838. if(pIf->dwIpIndex != UNKNOWN_IP_INDEX)
  1839. {
  1840. DWORD dwIndex = pIf->dwIpIndex;
  1841. pIf->dwIpIndex = UNKNOWN_IP_INDEX;
  1842. NotifyFastPath(pIf, dwIndex, NOT_UNBIND);
  1843. }
  1844. AcquireWriteLock(&g_filters.ifListLock,&LockState2);
  1845. ClearCache();
  1846. ReleaseWriteLock(&g_filters.ifListLock,&LockState2);
  1847. if(pIf->pLog)
  1848. {
  1849. DereferenceLog(pIf->pLog);
  1850. }
  1851. ExFreePool(pIf);
  1852. }
  1853. else if(pLog)
  1854. {
  1855. //
  1856. // this deref owns the log. So take the log off of the
  1857. // the interface. Note it may be true that the match interface
  1858. // has a different log than the paged interface. This will
  1859. // happen if the log is closed while it exists on the interface.
  1860. // In such a case, the log is removed from the match interface
  1861. // but not the paged interface. And when the paged interface
  1862. // is closed, as is happening now, the log it has is incorrect.
  1863. // So this check is required.
  1864. // The FilterListResourceLock serializes all of this ...
  1865. //
  1866. if(pLog == pIf->pLog)
  1867. {
  1868. AcquireWriteLock(&g_filters.ifListLock,&LockState2);
  1869. pIf->pLog = 0;
  1870. ReleaseWriteLock(&g_filters.ifListLock,&LockState2);
  1871. DereferenceLog(pLog);
  1872. }
  1873. }
  1874. ExReleaseResourceLite(&FilterListResourceLock);
  1875. KeLeaveCriticalRegion();
  1876. return(fRel);
  1877. }
  1878. NTSTATUS
  1879. CreateCommonInterface(PPAGED_FILTER_INTERFACE pPage,
  1880. DWORD dwBind,
  1881. DWORD dwName,
  1882. DWORD dwFlags)
  1883. /*++
  1884. Routine Description:
  1885. Non-paged routine called by AddNewInterface to bind the
  1886. paged interface to an underlying interface, and to bind
  1887. that to a stack interface. The caller should have
  1888. verified that dwBind is a valid stack interface.
  1889. --*/
  1890. {
  1891. PFILTER_INTERFACE pIf, pIf1;
  1892. LOCK_STATE LockState;
  1893. NTSTATUS Status = STATUS_SUCCESS;
  1894. PPFLOGINTERFACE pLog = pPage->pLog;
  1895. pIf = NewInterface(pPage->pvRtrMgrContext,
  1896. pPage->dwRtrMgrIndex,
  1897. pPage->eaInAction,
  1898. pPage->eaOutAction,
  1899. 0,
  1900. dwBind,
  1901. dwName);
  1902. if(pIf == NULL)
  1903. {
  1904. return STATUS_NO_MEMORY;
  1905. }
  1906. if(dwFlags & PFSET_FLAGS_UNIQUE)
  1907. {
  1908. pIf->dwGlobalEnables |= FI_ENABLE_UNIQUE;
  1909. }
  1910. //
  1911. // lock the resource that protects adding new interfaces. This
  1912. // is needed to hold off others until everything is properly
  1913. // verified. The spin lock is insufficient for this.
  1914. //
  1915. KeEnterCriticalRegion();
  1916. ExAcquireResourceExclusiveLite(&FilterListResourceLock, TRUE);
  1917. //
  1918. // Now reconcile the binding. Note that we had to make the interface
  1919. // first in order to prevent a race with another process trying
  1920. // to bind to the same stack interface.
  1921. //
  1922. AcquireWriteLock(&g_filters.ifListLock,&LockState);
  1923. if((dwBind != UNKNOWN_IP_INDEX)
  1924. ||
  1925. dwName)
  1926. {
  1927. pIf1 = FindMatchName(dwName, dwBind);
  1928. if(pIf1)
  1929. {
  1930. // found it. Make sure it agrees. If so,
  1931. // refcount it and use it
  1932. //
  1933. if(!(pIf->dwGlobalEnables & FI_ENABLE_OLD)
  1934. &&
  1935. (pIf->eaInAction == pIf1->eaInAction)
  1936. &&
  1937. (pIf->eaOutAction == pIf1->eaOutAction)
  1938. &&
  1939. !(pIf->dwGlobalEnables & FI_ENABLE_UNIQUE)
  1940. &&
  1941. !(pIf1->dwGlobalEnables & FI_ENABLE_UNIQUE)
  1942. )
  1943. {
  1944. pIf1->lInUse++;
  1945. }
  1946. else
  1947. {
  1948. //
  1949. // mismatch. Can't do it
  1950. //
  1951. Status = STATUS_INVALID_PARAMETER;
  1952. }
  1953. }
  1954. }
  1955. else
  1956. {
  1957. pIf1 = 0;
  1958. }
  1959. if(!pIf1)
  1960. {
  1961. InsertTailList(&g_filters.leIfListHead,&pIf->leIfLink);
  1962. }
  1963. ReleaseWriteLock(&g_filters.ifListLock,&LockState);
  1964. if(pIf1)
  1965. {
  1966. //
  1967. // If log is specifed but log alreadye exists, error.
  1968. //
  1969. ExFreePool(pIf);
  1970. if(NT_SUCCESS(Status))
  1971. {
  1972. pPage->pFilter = pIf1;
  1973. if(pIf1->pLog)
  1974. {
  1975. if(pPage->pLog)
  1976. {
  1977. //
  1978. // the interface already has a log. In prinicple
  1979. // this should call DereferenceFilterInterface but
  1980. // this will do and it's faster.
  1981. //
  1982. Status = STATUS_DEVICE_BUSY;
  1983. pIf1->lInUse--;
  1984. }
  1985. }
  1986. else if(pPage->pLog)
  1987. {
  1988. //
  1989. // see comment below about log referencing
  1990. //
  1991. AddRefToLog(pIf1->pLog = pPage->pLog);
  1992. }
  1993. }
  1994. ExReleaseResourceLite(&FilterListResourceLock);
  1995. KeLeaveCriticalRegion();
  1996. return(Status);
  1997. }
  1998. NotifyFastPathIf(pIf);
  1999. pPage->pFilter = pIf;
  2000. if(pPage->pLog)
  2001. {
  2002. //
  2003. // Reference the log. Need this since the
  2004. // paged interface can be deleted before the
  2005. // match interface, so each must apply a reference.
  2006. // Actually, only the match needs to do it, but
  2007. // the way the log works, the paged interface already
  2008. // got a reference, so just do it this way.
  2009. // N.B. The single = is intentional
  2010. //
  2011. AddRefToLog(pIf->pLog = pPage->pLog);
  2012. }
  2013. ExReleaseResourceLite(&FilterListResourceLock);
  2014. KeLeaveCriticalRegion();
  2015. return(Status);
  2016. }
  2017. VOID
  2018. MakeFilterInfo(IN PPAGED_FILTER pPage,
  2019. IN PFILTER_INFOEX pInfo,
  2020. IN DWORD dwFlags)
  2021. {
  2022. PFILTER_INFO2 pFilterInfo = &pInfo->info;
  2023. if(pInfo->type != PFE_FILTER)
  2024. {
  2025. //
  2026. // a special filter.
  2027. //
  2028. memset(pPage, 0, sizeof(*pPage));
  2029. pPage->type = pInfo->type;
  2030. pPage->fLateBound = pInfo->dwFlags;
  2031. pPage->dwInUse = 1;
  2032. return;
  2033. }
  2034. pPage->type = pInfo->type;
  2035. pPage->SRC_ADDR = pFilterInfo->dwaSrcAddr[0];
  2036. pPage->DEST_ADDR = pFilterInfo->dwaDstAddr[0];
  2037. pPage->SRC_MASK = pFilterInfo->dwaSrcMask[0];
  2038. pPage->DEST_MASK = pFilterInfo->dwaDstMask[0];
  2039. pPage->fLateBound = pFilterInfo->fLateBound;
  2040. pPage->wSrcPortHigh = pPage->wDstPortHigh = 0;
  2041. pPage->dwFlags = dwFlags;
  2042. pPage->dwInUse = 1;
  2043. if(pPage->SRC_MASK != INADDR_SPECIFIC)
  2044. {
  2045. pPage->dwFlags |= FILTER_FLAGS_SRCWILD;
  2046. }
  2047. if(pPage->DEST_MASK != INADDR_SPECIFIC)
  2048. {
  2049. pPage->dwFlags |= FILTER_FLAGS_DSTWILD;
  2050. }
  2051. //
  2052. // Now the network ordering stuff - tricky part
  2053. // LP0 LP1 LP2 LP3 HP0 HP1 HP2 HP3
  2054. // Proto 00 00 00 SrcPort DstPort
  2055. //
  2056. //
  2057. // For addresses, ANY_ADDR is given by 0.0.0.0 and the MASK must be 0.0.0.0
  2058. // For proto and ports 0 means any and the mask is generated as follows
  2059. // If the proto is O then LP0 for Mask is 0xff else its 0x00
  2060. // If a port is 0, the corresponding XP0XP1 is 0x0000 else its 0xffff
  2061. //
  2062. //
  2063. // ICMP:
  2064. // LP0 LP1 LP2 LP3 HP0 HP1 HP2 HP3
  2065. // 0x1 00 00 00 Typ Cod 00 00
  2066. // ICMP is different since 0 is a valid code and type, so 0xff is used by the
  2067. // user to signify that ANY code or type is to be matched. However to do this
  2068. // we need to have the field set to zero and the the mask set to 00 (for any).
  2069. // But if the filter is specifically for Type/Code = 0 then the field is zero
  2070. // with the mask as 0xff
  2071. //
  2072. //
  2073. // The protocol is in the low byte of the dwProtocol, so we take that out and
  2074. // make a dword out of it
  2075. //
  2076. pPage->uliProtoSrcDstPort.LowPart =
  2077. MAKELONG(MAKEWORD(LOBYTE(LOWORD(pFilterInfo->dwProtocol)),0x00),0x0000);
  2078. pPage->uliProtoSrcDstMask.LowPart = MAKELONG(MAKEWORD(0xff,0x00),0x0000);
  2079. switch(pFilterInfo->dwProtocol)
  2080. {
  2081. case FILTER_PROTO_ANY:
  2082. {
  2083. pPage->uliProtoSrcDstPort.HighPart = 0x00000000;
  2084. pPage->uliProtoSrcDstMask.LowPart = 0x00000000;
  2085. pPage->uliProtoSrcDstMask.HighPart = 0x00000000;
  2086. pPage->dwFlags |= FILTER_FLAGS_SRCWILD | FILTER_FLAGS_DSTWILD;
  2087. break;
  2088. }
  2089. case FILTER_PROTO_ICMP:
  2090. {
  2091. WORD wTypeCode = 0x0000;
  2092. WORD wTypeCodeMask = 0x0000;
  2093. //
  2094. // For ICMP, the "ports" occupy the same place as the
  2095. // source port for TCP/UDP. So a wild card in here
  2096. // can never produce a FILTER_FLAGS_DSTWILD but we assume
  2097. // it does. This will put all wild ICMP filters into
  2098. // the default bucket. This seems OK since the performance
  2099. // for matching these is not critical.
  2100. //
  2101. if((BYTE)(pFilterInfo->wSrcPort) != FILTER_ICMP_TYPE_ANY)
  2102. {
  2103. wTypeCode |= MAKEWORD((BYTE)(pFilterInfo->wSrcPort),0x00);
  2104. wTypeCodeMask |= MAKEWORD(0xff,0x00);
  2105. }
  2106. else
  2107. {
  2108. pPage->dwFlags |= FILTER_FLAGS_SRCWILD | FILTER_FLAGS_DSTWILD;
  2109. }
  2110. if((BYTE)(pFilterInfo->wDstPort) != FILTER_ICMP_CODE_ANY)
  2111. {
  2112. wTypeCode |= MAKEWORD(0x00,(BYTE)(pFilterInfo->wDstPort));
  2113. wTypeCodeMask |= MAKEWORD(0x00,0xff);
  2114. }
  2115. else
  2116. {
  2117. pPage->dwFlags |= FILTER_FLAGS_SRCWILD | FILTER_FLAGS_DSTWILD;
  2118. }
  2119. pPage->uliProtoSrcDstPort.HighPart =
  2120. MAKELONG(wTypeCode,0x0000);
  2121. pPage->uliProtoSrcDstMask.HighPart =
  2122. MAKELONG(wTypeCodeMask,0x0000);
  2123. break;
  2124. }
  2125. case FILTER_PROTO_TCP:
  2126. //
  2127. // if no connections allowed, set the ESTAB_MASK
  2128. // value in the comparison mask
  2129. //
  2130. if(pInfo->dwFlags & FLAGS_INFOEX_NOSYN)
  2131. {
  2132. pPage->uliProtoSrcDstMask.LowPart |=
  2133. MAKELONG(MAKEWORD(0,ESTAB_MASK),0x0000);
  2134. pPage->uliProtoSrcDstPort.LowPart |=
  2135. MAKELONG(MAKEWORD(0,ESTAB_MASK),0x0000);
  2136. }
  2137. //
  2138. // fall through
  2139. //
  2140. case FILTER_PROTO_UDP:
  2141. {
  2142. DWORD dwSrcDstPort = 0x00000000;
  2143. DWORD dwSrcDstMask = 0x00000000;
  2144. if(pFilterInfo->wSrcPort != FILTER_TCPUDP_PORT_ANY)
  2145. {
  2146. dwSrcDstPort |= MAKELONG(pFilterInfo->wSrcPort,0x0000);
  2147. if(pFilterInfo->wSrcPortHigh)
  2148. {
  2149. pPage->wSrcPortHigh = pFilterInfo->wSrcPortHigh;
  2150. pPage->dwFlags |=
  2151. (FILTER_FLAGS_PORTWILD | FILTER_FLAGS_SRCWILD);
  2152. }
  2153. else
  2154. {
  2155. dwSrcDstMask |= MAKELONG(0xffff,0x0000);
  2156. }
  2157. }
  2158. else
  2159. {
  2160. pPage->dwFlags |= FILTER_FLAGS_SRCWILD;
  2161. }
  2162. if(pFilterInfo->wDstPort != FILTER_TCPUDP_PORT_ANY)
  2163. {
  2164. dwSrcDstPort |= MAKELONG(0x0000,pFilterInfo->wDstPort);
  2165. if(pFilterInfo->wDstPortHigh)
  2166. {
  2167. pPage->wDstPortHigh = pFilterInfo->wDstPortHigh;
  2168. pPage->dwFlags |=
  2169. (FILTER_FLAGS_PORTWILD | FILTER_FLAGS_DSTWILD);
  2170. }
  2171. else
  2172. {
  2173. dwSrcDstMask |= MAKELONG(0x0000,0xffff);
  2174. }
  2175. }
  2176. else
  2177. {
  2178. pPage->dwFlags |= FILTER_FLAGS_DSTWILD;
  2179. }
  2180. pPage->uliProtoSrcDstPort.HighPart = dwSrcDstPort;
  2181. pPage->uliProtoSrcDstMask.HighPart = dwSrcDstMask;
  2182. break;
  2183. }
  2184. default:
  2185. {
  2186. //
  2187. // All other protocols have no use for the port field
  2188. //
  2189. pPage->uliProtoSrcDstPort.HighPart = 0x00000000;
  2190. pPage->uliProtoSrcDstMask.HighPart = 0x00000000;
  2191. }
  2192. }
  2193. //
  2194. // compute the hash index
  2195. //
  2196. pPage->dwHashIndex = (
  2197. pPage->SRC_ADDR +
  2198. pPage->DEST_ADDR +
  2199. pPage->DEST_ADDR +
  2200. PROTOCOLPART(pPage->uliProtoSrcDstPort.LowPart) +
  2201. pPage->uliProtoSrcDstPort.HighPart) % g_dwHashLists;
  2202. }
  2203. PPAGED_FILTER
  2204. MakePagedFilter(
  2205. IN PPFFCB Fcb,
  2206. IN PFILTER_INFOEX pInfo,
  2207. IN DWORD dwEpoch,
  2208. IN DWORD dwFlags
  2209. )
  2210. /*++
  2211. Routine Description
  2212. Arguments
  2213. Return Value
  2214. --*/
  2215. {
  2216. PPAGED_FILTER pPage;
  2217. PFILTER_INFO2 pFilterInfo = &pInfo->info;
  2218. PAGED_CODE();
  2219. //
  2220. // Allocate memory for the filters
  2221. //
  2222. pPage = (PPAGED_FILTER)ExAllocateFromPagedLookasideList(&paged_slist);
  2223. if(!pPage)
  2224. {
  2225. ERROR(("IPFLTDRV: Couldnt allocate memory for paged filter set\n"));
  2226. return NULL;
  2227. }
  2228. pPage->pFilters = NULL;
  2229. MakeFilterInfo(pPage, pInfo, dwFlags);
  2230. pPage->dwEpoch = dwEpoch;
  2231. return pPage;
  2232. }
  2233. NTSTATUS
  2234. AllocateAndAddFilterToMatchInterface(
  2235. PPFFCB Fcb,
  2236. PFILTER_INFOEX pInfo,
  2237. BOOL fInFilter,
  2238. PPAGED_FILTER_INTERFACE pPage,
  2239. PBOOL pbAdded,
  2240. PPAGED_FILTER * ppFilter)
  2241. /*++
  2242. Routine Description:
  2243. Check if this filter is already on the handle. If not
  2244. allocate a handle fitler and add it to the match
  2245. interface. Note the handle filter is not added to
  2246. the handle. This is so the caller can easily back out
  2247. if something fails.
  2248. Returns: STATUS_SUCCESS if all is well. ppFilter is either NULL
  2249. or contains the new filter.
  2250. --*/
  2251. {
  2252. PPAGED_FILTER pPageFilter, pPage1;
  2253. PFILTER pMatch, pMatch1;
  2254. DWORD dwFlags = (fInFilter ? FILTER_FLAGS_INFILTER : 0);
  2255. DWORD dwAdd;
  2256. PAGED_CODE();
  2257. //
  2258. // Make a paged filter so we can figure out whether
  2259. // it exists yet.
  2260. //
  2261. pPageFilter = MakePagedFilter(
  2262. Fcb,
  2263. pInfo,
  2264. pPage->dwUpdateEpoch,
  2265. dwFlags);
  2266. if(!pPageFilter)
  2267. {
  2268. return STATUS_NO_MEMORY;
  2269. }
  2270. if(pPage1 = IsOnPagedInterface(pPageFilter, pPage))
  2271. {
  2272. {
  2273. //
  2274. // it already exists. So return the existing one
  2275. // and also the handle
  2276. //
  2277. ExFreeToPagedLookasideList(&paged_slist,
  2278. (PVOID)pPageFilter);
  2279. *ppFilter = pPage1;
  2280. pInfo->pvFilterHandle = (PVOID)pPage1;
  2281. return(STATUS_OBJECT_NAME_COLLISION);
  2282. }
  2283. }
  2284. //
  2285. // See if we should check out the address.
  2286. //
  2287. if(!(pInfo->dwFlags & FLAGS_INFOEX_ALLOWANYREMOTEADDRESS))
  2288. {
  2289. if(pPageFilter->dwFlags & FILTER_FLAGS_INFILTER)
  2290. {
  2291. if(pPageFilter->SRC_MASK != INADDR_SPECIFIC)
  2292. {
  2293. dwAdd = 0;
  2294. }
  2295. else
  2296. {
  2297. dwAdd = pPageFilter->SRC_ADDR;
  2298. }
  2299. }
  2300. else if(pPageFilter->DEST_MASK != INADDR_SPECIFIC)
  2301. {
  2302. dwAdd = 0;
  2303. }
  2304. else
  2305. {
  2306. dwAdd = pPageFilter->DEST_ADDR;
  2307. }
  2308. //
  2309. // see if address checking should be done. It is done if an
  2310. // address is specified and the filter does not indicate the
  2311. // address is late bound. If it is late bound, just allow it
  2312. // since it may change
  2313. //
  2314. if(dwAdd)
  2315. {
  2316. NTSTATUS Status;
  2317. if(!BMAddress(dwAdd))
  2318. {
  2319. Status = CheckFilterAddress(dwAdd, pPage->pFilter);
  2320. if(!NT_SUCCESS(Status))
  2321. {
  2322. ExFreeToPagedLookasideList(&paged_slist,
  2323. (PVOID)pPageFilter);
  2324. return(Status);
  2325. }
  2326. }
  2327. }
  2328. }
  2329. else
  2330. {
  2331. TRACE(CONFIG,("IPFLTDRV: Allow any address is filter\n"));
  2332. }
  2333. if(!(pInfo->dwFlags & FLAGS_INFOEX_ALLOWANYLOCALADDRESS))
  2334. {
  2335. if(pPageFilter->dwFlags & FILTER_FLAGS_INFILTER)
  2336. {
  2337. if(pPageFilter->DEST_MASK != INADDR_SPECIFIC)
  2338. {
  2339. dwAdd = 0;
  2340. }
  2341. else
  2342. {
  2343. dwAdd = pPageFilter->DEST_ADDR;
  2344. }
  2345. }
  2346. else if(pPageFilter->SRC_MASK != INADDR_SPECIFIC)
  2347. {
  2348. dwAdd = 0;
  2349. }
  2350. else
  2351. {
  2352. dwAdd = pPageFilter->SRC_ADDR;
  2353. }
  2354. if(dwAdd)
  2355. {
  2356. if(pPage->pFilter->dwIpIndex != UNKNOWN_IP_INDEX)
  2357. {
  2358. if(!BMAddress(dwAdd) &&
  2359. (GetIpStackIndex(dwAdd, FALSE) != pPage->pFilter->dwIpIndex))
  2360. {
  2361. ExFreeToPagedLookasideList(&paged_slist,
  2362. (PVOID)pPageFilter);
  2363. return(STATUS_INVALID_ADDRESS);
  2364. }
  2365. }
  2366. }
  2367. }
  2368. //
  2369. // Not on the handle. Assume we need to add a new filter
  2370. // to the match interface. Allocate memory for this filter if
  2371. // necessary
  2372. //
  2373. pMatch = (PFILTER)ExAllocateFromNPagedLookasideList(
  2374. &filter_slist);
  2375. if(!pMatch)
  2376. {
  2377. ExFreePool(pPageFilter);
  2378. return(STATUS_NO_MEMORY);
  2379. }
  2380. pInfo->pvFilterHandle = (PVOID)pPageFilter;
  2381. //
  2382. // We will keep this filter so add it to the hash list
  2383. //
  2384. InsertTailList(&(pPage->HashList[pPageFilter->dwHashIndex]),
  2385. &pPageFilter->leHash);
  2386. //
  2387. // Now add it to the handle hash list
  2388. //
  2389. InsertTailList(&(pPage->HandleHash((UINT_PTR)pPageFilter & HANDLE_HASH_SIZE)),
  2390. &pPageFilter->leHandleHash);
  2391. //
  2392. // fix up the match interface
  2393. //
  2394. pMatch->uliSrcDstAddr = pPageFilter->uliSrcDstAddr;
  2395. pMatch->uliSrcDstMask = pPageFilter->uliSrcDstMask;
  2396. pMatch->uliProtoSrcDstPort = pPageFilter->uliProtoSrcDstPort;
  2397. pMatch->uliProtoSrcDstMask = pPageFilter->uliProtoSrcDstMask;
  2398. pMatch->fLateBound = pPageFilter->fLateBound;
  2399. pMatch->wSrcPortHigh = pPageFilter->wSrcPortHigh;
  2400. pMatch->wDstPortHigh = pPageFilter->wDstPortHigh;
  2401. pMatch->Count.lCount = 0;
  2402. pMatch->dwFlags = pPageFilter->dwFlags;
  2403. pMatch->dwFlags |= (pInfo->dwFlags & FLAGS_INFOEX_ALLFLAGS);
  2404. pMatch->dwFilterRule = pInfo->dwFilterRule;
  2405. pMatch->Count.lInUse = 0;
  2406. AddFilterToInterface(
  2407. pMatch,
  2408. pPage->pFilter,
  2409. fInFilter,
  2410. &pMatch1);
  2411. if(pMatch1)
  2412. {
  2413. //
  2414. // the filter already exists. Don't need the one we built
  2415. //
  2416. ExFreePool(pMatch);
  2417. pMatch = pMatch1;
  2418. *pbAdded = FALSE;
  2419. }
  2420. else
  2421. {
  2422. *pbAdded = TRUE;
  2423. }
  2424. pPageFilter->pMatchFilter = pMatch;
  2425. *ppFilter = pPageFilter;
  2426. return(STATUS_SUCCESS);
  2427. }
  2428. VOID
  2429. AddFilterToInterface(
  2430. PFILTER pFilter,
  2431. PFILTER_INTERFACE pIf,
  2432. BOOL fInFilter,
  2433. PFILTER * ppFilter)
  2434. /*++
  2435. Routine Description:
  2436. Add pFilter to the interface. If it already exists,
  2437. just refcount it and return the address of the
  2438. existing filter.
  2439. --*/
  2440. {
  2441. PFILTER pTemp;
  2442. LOCK_STATE LockState;
  2443. PLIST_ENTRY List, pList;
  2444. PDWORD pdwCount;
  2445. DWORD dwIndex;
  2446. DWORD dwType = pFilter->dwFlags & FILTER_FLAGS_INFILTER;
  2447. BOOL fWild;
  2448. *ppFilter = NULL;
  2449. dwIndex = ComputeMatchHashIndex(pFilter, &fWild);
  2450. if(fInFilter)
  2451. {
  2452. pList = &pIf->pleInFilterSet;
  2453. pdwCount = &pIf->dwNumInFilters;
  2454. }
  2455. else
  2456. {
  2457. pList = &pIf->pleOutFilterSet;
  2458. pdwCount = &pIf->dwNumOutFilters;
  2459. }
  2460. //
  2461. // lock up the filters
  2462. //
  2463. AcquireWriteLock(&g_filters.ifListLock,&LockState);
  2464. for(List = pIf->HashList[dwIndex].Flink;
  2465. List != &pIf->HashList[dwIndex];
  2466. List = List->Flink)
  2467. {
  2468. pTemp = CONTAINING_RECORD(List, FILTER, pleHashList);
  2469. if((dwType == (pTemp->dwFlags & FILTER_FLAGS_INFILTER))
  2470. &&
  2471. (pTemp->uliSrcDstAddr.QuadPart == pFilter->uliSrcDstAddr.QuadPart)
  2472. &&
  2473. (pTemp->uliSrcDstMask.QuadPart == pFilter->uliSrcDstMask.QuadPart)
  2474. &&
  2475. (pTemp->uliProtoSrcDstPort.QuadPart == pFilter->uliProtoSrcDstPort.QuadPart)
  2476. &&
  2477. (pTemp->uliProtoSrcDstMask.QuadPart == pFilter->uliProtoSrcDstMask.QuadPart)
  2478. &&
  2479. (pTemp->wSrcPortHigh == pFilter->wSrcPortHigh)
  2480. &&
  2481. (pTemp->wDstPortHigh == pFilter->wDstPortHigh)
  2482. )
  2483. {
  2484. pFilter = *ppFilter = pTemp;
  2485. break;
  2486. }
  2487. }
  2488. if(!*ppFilter)
  2489. {
  2490. //
  2491. // a new filter. Add it to the interface. First flush incorrect cache
  2492. // entries.
  2493. //
  2494. if(ANYWILDFILTER(pFilter))
  2495. {
  2496. //
  2497. // wild card filters can cause cache entries almost anywhere
  2498. // in the table. Very nasty. So take the draconian step of
  2499. // deleting the entire cache.
  2500. //
  2501. ClearCache();
  2502. }
  2503. else
  2504. {
  2505. ClearCacheEntry(pFilter, pIf);
  2506. }
  2507. pFilter->dwEpoch = pIf->dwUpdateEpoch;
  2508. InsertTailList(pList, &pFilter->pleFilters);
  2509. //
  2510. // and add it to the proper fragment list
  2511. //
  2512. #if DOFRAGCHECKING
  2513. InsertTailList(
  2514. &pIf->FragLists[GetFragIndex(PROTOCOLPART(pFilter->PROTO))],
  2515. &pFilter->leFragList);
  2516. #endif
  2517. *pdwCount+= 1;
  2518. #if WILDHASH
  2519. if(fWild)
  2520. {
  2521. //
  2522. // if a wild filter of some sort, insert at the tail
  2523. // keeping specific filters ahead of wild filters
  2524. //
  2525. InsertTailList((&pIf->HashList[dwIndex]), &pFilter->pleHashList);
  2526. pIf->dwWilds++;
  2527. }
  2528. else
  2529. #endif
  2530. {
  2531. //
  2532. // insert at the head on the assumption this filter will
  2533. // be used soon and existing filters already have been
  2534. // used to produce a valid packet cache entry
  2535. //
  2536. InsertHeadList((&pIf->HashList[dwIndex]), &pFilter->pleHashList);
  2537. }
  2538. }
  2539. pFilter->Count.lInUse++;
  2540. ReleaseWriteLock(&g_filters.ifListLock,&LockState);
  2541. }
  2542. BOOL
  2543. DereferenceFilter(PFILTER pFilt, PFILTER_INTERFACE pIf)
  2544. /*++
  2545. Routine Description:
  2546. Dereference a filter and if it has no more referents, free it.
  2547. Returns TRUE if the filter was freed, FALSE otherwise.
  2548. --*/
  2549. {
  2550. LOCK_STATE LockState;
  2551. BOOL fFreed = FALSE;
  2552. //
  2553. // lock up the filters
  2554. //
  2555. AcquireWriteLock(&g_filters.ifListLock,&LockState);
  2556. //
  2557. // Decrement reference count. If new count is 0, remove
  2558. // the entry but defer freeing the memory until the
  2559. // spin lock is released
  2560. //
  2561. if(--pFilt->Count.lInUse == 0)
  2562. {
  2563. TRACE(FLDES, ("IPFLTDRV: Deleting a filter: "));
  2564. TRACE_FILTER_DESCRIPTION(pFilt);
  2565. RemoveEntryList(&pFilt->pleFilters);
  2566. RemoveEntryList(&pFilt->pleHashList);
  2567. #if DOFRAGCHECKING
  2568. RemoveEntryList(&pFilt->leFragList);
  2569. #endif
  2570. if(pFilt->dwFlags & FILTER_FLAGS_INFILTER)
  2571. {
  2572. pIf->dwNumInFilters--;
  2573. }
  2574. else
  2575. {
  2576. pIf->dwNumOutFilters--;
  2577. pIf->lEpoch++;
  2578. }
  2579. if(ANYWILDFILTER(pFilt))
  2580. {
  2581. //
  2582. // wild card filters can cause cache entries almost anywhere
  2583. // in the table. Very nasty.
  2584. //
  2585. #if WILDHASH
  2586. if(!WildFilter(pFilt))
  2587. {
  2588. pIf->dwWilds--;
  2589. }
  2590. #endif
  2591. ClearAnyCacheEntry(pFilt, pIf);
  2592. }
  2593. else
  2594. {
  2595. ClearCacheEntry(pFilt, pIf);
  2596. }
  2597. fFreed = TRUE;
  2598. }
  2599. ReleaseWriteLock(&g_filters.ifListLock,&LockState);
  2600. if(fFreed)
  2601. {
  2602. ExFreeToNPagedLookasideList(
  2603. &filter_slist,
  2604. (PVOID)pFilt);
  2605. }
  2606. return(fFreed);
  2607. }
  2608. PPAGED_FILTER
  2609. IsOnPagedInterface(PPAGED_FILTER pPageFilter,
  2610. PPAGED_FILTER_INTERFACE pPage)
  2611. {
  2612. PPAGED_FILTER pPage1;
  2613. PLIST_ENTRY List = &pPage->HashList[pPageFilter->dwHashIndex];
  2614. PLIST_ENTRY pEntry;
  2615. DWORD dwFlags = pPageFilter->dwFlags & FILTER_FLAGS_INFILTER;
  2616. PAGED_CODE();
  2617. for(pEntry = List->Flink;
  2618. pEntry != List;
  2619. pEntry = pEntry->Flink)
  2620. {
  2621. pPage1 = CONTAINING_RECORD(pEntry, PAGED_FILTER, leHash);
  2622. if((dwFlags == (pPage1->dwFlags & FILTER_FLAGS_INFILTER))
  2623. &&
  2624. (pPage1->uliSrcDstAddr.QuadPart == pPageFilter->uliSrcDstAddr.QuadPart)
  2625. &&
  2626. (pPage1->uliSrcDstMask.QuadPart == pPageFilter->uliSrcDstMask.QuadPart)
  2627. &&
  2628. (pPage1->uliProtoSrcDstPort.QuadPart == pPageFilter->uliProtoSrcDstPort.QuadPart)
  2629. &&
  2630. (pPage1->uliProtoSrcDstMask.QuadPart == pPageFilter->uliProtoSrcDstMask.QuadPart)
  2631. &&
  2632. (pPage1->wSrcPortHigh == pPageFilter->wSrcPortHigh)
  2633. &&
  2634. (pPage1->wDstPortHigh == pPageFilter->wDstPortHigh)
  2635. )
  2636. {
  2637. return(pPage1);
  2638. }
  2639. }
  2640. return(NULL);
  2641. }
  2642. BOOL
  2643. IsOnSpecialFilterList(PPAGED_FILTER pPageFilter,
  2644. PLIST_ENTRY List,
  2645. PPAGED_FILTER * pPageHit)
  2646. {
  2647. PPAGED_FILTER pPage1;
  2648. PLIST_ENTRY pList;
  2649. PAGED_CODE();
  2650. for(pList = List->Flink;
  2651. pList != List;
  2652. pList = pList->Flink)
  2653. {
  2654. pPage1 = CONTAINING_RECORD(pList, PAGED_FILTER, leSpecialList);
  2655. //
  2656. // See if this filter matches the new one. If so,
  2657. // we've already got it, so just free the new filter
  2658. // and return success
  2659. if(pPageFilter->type == pPage1->type)
  2660. {
  2661. *pPageHit = pPage1;
  2662. return(TRUE);
  2663. }
  2664. }
  2665. return(FALSE);
  2666. }
  2667. VOID
  2668. FreePagedFilterList(PPFFCB Fcb,
  2669. PPAGED_FILTER pList,
  2670. PPAGED_FILTER_INTERFACE pPage,
  2671. PDWORD pdwRemoved)
  2672. /*++
  2673. Routine Description:
  2674. Release all of the filters in the list. Each such filter
  2675. has to cause a derefernce of the underlying match
  2676. filter. If the paged filter is a global filter, handle
  2677. it specially
  2678. --*/
  2679. {
  2680. PPAGED_FILTER pFilt;
  2681. while(pList)
  2682. {
  2683. if(pList->type == PFE_FILTER)
  2684. {
  2685. if(DereferenceFilter(pList->pMatchFilter, pPage->pFilter))
  2686. {
  2687. //
  2688. // removed a filter. If this added a restriction,
  2689. // note it. A restriction is added only if the
  2690. // default action is DROP
  2691. //
  2692. if(pList->dwFlags & FILTER_FLAGS_INFILTER)
  2693. {
  2694. if(pPage->eaInAction == DROP)
  2695. {
  2696. *pdwRemoved += 1;
  2697. }
  2698. } else if(pPage->eaOutAction == DROP)
  2699. {
  2700. *pdwRemoved += 1;
  2701. }
  2702. }
  2703. RemoveEntryList(&pList->leHash);
  2704. RemoveEntryList(&pList->leHandleHash);
  2705. }
  2706. else
  2707. {
  2708. RemoveGlobalFilterFromInterface(pPage->pFilter,
  2709. pList->type);
  2710. RemoveEntryList(&pList->leSpecialList);
  2711. }
  2712. pFilt = pList->pFilters;
  2713. ExFreeToPagedLookasideList(&paged_slist,
  2714. (PVOID)pList);
  2715. pList = pFilt;
  2716. }
  2717. }
  2718. NTSTATUS
  2719. FindAndRemovePagedFilter(
  2720. PPFFCB Fcb,
  2721. PFILTER_INFOEX pInfo,
  2722. BOOL fInFilter,
  2723. PDWORD pdwRemoved,
  2724. PPAGED_FILTER_INTERFACE pPage)
  2725. /*++
  2726. Routine Description:
  2727. Find if the described filter in on the paged interface,
  2728. and if so, remove it, and derefernce the underlying match
  2729. filter.
  2730. --*/
  2731. {
  2732. PAGED_FILTER Page;
  2733. PPAGED_FILTER pPageHit;
  2734. DWORD dwFlags = fInFilter ? FILTER_FLAGS_INFILTER : 0;
  2735. MakeFilterInfo(&Page, pInfo, dwFlags);
  2736. //
  2737. // search the interface to see if we have this already.
  2738. //
  2739. if(Page.type != PFE_FILTER)
  2740. {
  2741. //
  2742. // it's a special filte. Search the list
  2743. //
  2744. if(!IsOnSpecialFilterList(&Page,
  2745. &pPage->leSpecialFilterList,
  2746. &pPageHit)
  2747. )
  2748. {
  2749. return(STATUS_INVALID_PARAMETER);
  2750. }
  2751. }
  2752. else
  2753. {
  2754. //
  2755. // a regular filter
  2756. //
  2757. pPageHit = IsOnPagedInterface(&Page, pPage);
  2758. if(!pPageHit)
  2759. {
  2760. return(STATUS_INVALID_PARAMETER);
  2761. }
  2762. }
  2763. if(!--pPageHit->dwInUse)
  2764. {
  2765. pPageHit->pFilters = NULL;
  2766. FreePagedFilterList(Fcb, pPageHit, pPage, pdwRemoved);
  2767. }
  2768. return(STATUS_SUCCESS);
  2769. }
  2770. PPAGED_FILTER
  2771. FindFilterByHandle(
  2772. IN PPFFCB Fcb,
  2773. IN PPAGED_FILTER_INTERFACE pPage,
  2774. IN PVOID pvHandle)
  2775. /*++
  2776. Routine Description:
  2777. Find a filter given its filter handle
  2778. --*/
  2779. {
  2780. PPAGED_FILTER pPaged = 0;
  2781. DWORD dwHash = (DWORD)(((UINT_PTR)pvHandle % HANDLE_HASH_SIZE));
  2782. PLIST_ENTRY pList;
  2783. for(pList = pPage->HandleHash(dwHash).Flink;
  2784. pList != &pPage->HandleHash(dwHash);
  2785. pList = pList->Flink)
  2786. {
  2787. PPAGED_FILTER ppf = CONTAINING_RECORD(pList,
  2788. PAGED_FILTER,
  2789. leHandleHash);
  2790. if(ppf == (PPAGED_FILTER)pvHandle)
  2791. {
  2792. pPaged = ppf;
  2793. break;
  2794. }
  2795. }
  2796. return(pPaged);
  2797. }
  2798. NTSTATUS
  2799. DeleteByHandle(
  2800. IN PPFFCB Fcb,
  2801. IN PPAGED_FILTER_INTERFACE pPage,
  2802. IN PVOID * ppHandles,
  2803. IN DWORD dwLength)
  2804. /*++
  2805. Routine Description:
  2806. Delete filters using the assigned filter handles
  2807. Note the FCB is locked, so it won't change
  2808. --*/
  2809. {
  2810. PFILTER_INTERFACE pIf = pPage->pFilter;
  2811. DWORD dwFilters;
  2812. PPAGED_FILTER pPFilter;
  2813. NTSTATUS Status = STATUS_SUCCESS;
  2814. DWORD dwFiltersRemoved = 0;
  2815. PAGED_CODE();
  2816. if(pPage->pFilter->dwGlobalEnables & FI_ENABLE_OLD)
  2817. {
  2818. return(STATUS_INVALID_DEVICE_REQUEST);
  2819. }
  2820. //
  2821. // compute number of filters
  2822. //
  2823. dwFilters = dwLength / sizeof(PVOID);
  2824. for(; dwFilters; dwFilters--, ppHandles++)
  2825. {
  2826. //
  2827. // for each handle, locate the filter
  2828. //
  2829. pPFilter = FindFilterByHandle(Fcb, pPage, *ppHandles);
  2830. if(!pPFilter)
  2831. {
  2832. TRACE(CONFIG,("IPFLTDRV: Could not translate handle to filter\n"));
  2833. }
  2834. else
  2835. {
  2836. if(!--pPFilter->dwInUse)
  2837. {
  2838. pPFilter->pFilters = NULL;
  2839. FreePagedFilterList(Fcb, pPFilter, pPage, &dwFiltersRemoved);
  2840. }
  2841. }
  2842. }
  2843. if(dwFiltersRemoved)
  2844. {
  2845. NotifyFastPath(pIf, pIf->dwIpIndex, NOT_RESTRICTION);
  2846. }
  2847. return(STATUS_SUCCESS);
  2848. }
  2849. NTSTATUS
  2850. UnSetFiltersEx(
  2851. IN PPFFCB Fcb,
  2852. IN PPAGED_FILTER_INTERFACE pPage,
  2853. IN DWORD dwLength,
  2854. IN PFILTER_DRIVER_SET_FILTERS pInfo)
  2855. /*++
  2856. Routine Description:
  2857. Unset a list of filters from an interface. This is the
  2858. inverse operation of SetFilterEx
  2859. --*/
  2860. {
  2861. PRTR_TOC_ENTRY pInToc,pOutToc;
  2862. PFILTER_INTERFACE pIf = pPage->pFilter;
  2863. PFILTER_DESCRIPTOR2 pFilterDescIn, pFilterDescOut;
  2864. PPAGED_FILTER pIn = NULL, pOut = NULL;
  2865. DWORD i;
  2866. PPAGED_FILTER pPFilter;
  2867. NTSTATUS Status = STATUS_SUCCESS;
  2868. PBYTE pbEnd = (PBYTE)pInfo + dwLength;
  2869. DWORD dwFiltersRemoved = 0;
  2870. PAGED_CODE();
  2871. if(pPage->pFilter->dwGlobalEnables & FI_ENABLE_OLD)
  2872. {
  2873. return(STATUS_INVALID_DEVICE_REQUEST);
  2874. }
  2875. pInToc = GetPointerToTocEntry(IP_FILTER_DRIVER_IN_FILTER_INFO,
  2876. &pInfo->ribhInfoBlock);
  2877. pOutToc = GetPointerToTocEntry(IP_FILTER_DRIVER_OUT_FILTER_INFO,
  2878. &pInfo->ribhInfoBlock);
  2879. if(pInToc && pInToc->InfoSize)
  2880. {
  2881. //
  2882. // filters are defined.
  2883. //
  2884. pFilterDescIn = GetInfoFromTocEntry(&pInfo->ribhInfoBlock,
  2885. pInToc);
  2886. if(pFilterDescIn->dwVersion != 2)
  2887. {
  2888. TRACE(CONFIG,("IPFLTDRV: Invalid version for FiltersEx\n"));
  2889. return(STATUS_INVALID_PARAMETER);
  2890. }
  2891. }
  2892. else
  2893. {
  2894. pFilterDescIn = NULL;
  2895. }
  2896. if(pOutToc && pOutToc->InfoSize)
  2897. {
  2898. //
  2899. // filters are defined.
  2900. //
  2901. pFilterDescOut = GetInfoFromTocEntry(&pInfo->ribhInfoBlock,
  2902. pOutToc);
  2903. if(pFilterDescOut->dwVersion != 2)
  2904. {
  2905. TRACE(CONFIG,("IPFLTDRV: Invalid version for FiltersEx\n"));
  2906. return(STATUS_INVALID_PARAMETER);
  2907. }
  2908. }
  2909. else
  2910. {
  2911. pFilterDescOut = NULL;
  2912. }
  2913. if((pFilterDescIn && !CheckDescriptorSize(pFilterDescIn, pbEnd))
  2914. ||
  2915. (pFilterDescOut && !CheckDescriptorSize(pFilterDescOut, pbEnd)) )
  2916. {
  2917. return(STATUS_BUFFER_TOO_SMALL);
  2918. }
  2919. //
  2920. // For each set of filters, remove the filters from the
  2921. // paged interface and thence from the match interface
  2922. if(pFilterDescIn)
  2923. {
  2924. //
  2925. // Removing in filters. For each filter, process as
  2926. // needed. Input filters include the global checks
  2927. /// such as spoofing.
  2928. //
  2929. RemoveFilterWorker(Fcb,
  2930. &pFilterDescIn->fiFilter[0],
  2931. pFilterDescIn->dwNumFilters,
  2932. pPage,
  2933. &dwFiltersRemoved,
  2934. TRUE);
  2935. }
  2936. //
  2937. // now the output filters. This is a bit simpler since there
  2938. // are no global settings.
  2939. //
  2940. if(pFilterDescOut)
  2941. {
  2942. //
  2943. // Adding in filters. For each filter, process as
  2944. // needed. Input filters include the global checks
  2945. /// such as spoofing.
  2946. //
  2947. RemoveFilterWorker(Fcb,
  2948. &pFilterDescOut->fiFilter[0],
  2949. pFilterDescOut->dwNumFilters,
  2950. pPage,
  2951. &dwFiltersRemoved,
  2952. FALSE);
  2953. }
  2954. if(dwFiltersRemoved)
  2955. {
  2956. NotifyFastPath(pIf, pIf->dwIpIndex, NOT_RESTRICTION);
  2957. }
  2958. return(STATUS_SUCCESS);
  2959. }
  2960. VOID
  2961. RemoveFilterWorker(
  2962. PPFFCB Fcb,
  2963. PFILTER_INFOEX pFilt,
  2964. DWORD dwCount,
  2965. PPAGED_FILTER_INTERFACE pPage,
  2966. PDWORD pdwRemoved,
  2967. BOOL fInFilter)
  2968. {
  2969. NTSTATUS Status;
  2970. //
  2971. // If a regular filter, add it. If a special, global
  2972. // filter, handle it specially.
  2973. //
  2974. while(dwCount)
  2975. {
  2976. if(fInFilter || (pFilt->type == PFE_FILTER))
  2977. {
  2978. Status = FindAndRemovePagedFilter(
  2979. Fcb,
  2980. pFilt,
  2981. fInFilter,
  2982. pdwRemoved,
  2983. pPage);
  2984. if(!NT_SUCCESS(Status))
  2985. {
  2986. ERROR(("IPFLTDRV: Removing filter failed %x\n", Status));
  2987. }
  2988. }
  2989. else
  2990. {
  2991. ERROR(("IPFLTDRV: Ignoring global out filter\n"));
  2992. }
  2993. dwCount--;
  2994. pFilt++;
  2995. }
  2996. }
  2997. NTSTATUS
  2998. SetInterfaceBinding(PINTERFACEBINDING pBind,
  2999. PPAGED_FILTER_INTERFACE pPage)
  3000. {
  3001. INTERFACEBINDING2 Bind2;
  3002. NTSTATUS status;
  3003. //
  3004. // Rather than duplicating the code for the new & the old routine
  3005. // call the new routine by transforming old structure to the new
  3006. // structure.
  3007. //
  3008. Bind2.pvDriverContext = pBind->pvDriverContext;
  3009. Bind2.pfType = pBind->pfType;
  3010. Bind2.dwAdd = pBind->dwAdd;
  3011. Bind2.dwEpoch = pBind->dwEpoch;
  3012. Bind2.dwLinkAdd = 0;
  3013. status = SetInterfaceBinding2(&Bind2, pPage);
  3014. pBind->dwEpoch = Bind2.dwEpoch;
  3015. return(status);
  3016. }
  3017. NTSTATUS
  3018. SetInterfaceBinding2(PINTERFACEBINDING2 pBind,
  3019. PPAGED_FILTER_INTERFACE pPage)
  3020. {
  3021. PFILTER_INTERFACE pIf1, pIf = pPage->pFilter;
  3022. NTSTATUS Status;
  3023. LOCK_STATE LockState;
  3024. DWORD dwBind, dwOldBind;
  3025. if(pPage->pFilter->dwGlobalEnables & FI_ENABLE_OLD)
  3026. {
  3027. return(STATUS_INVALID_DEVICE_REQUEST);
  3028. }
  3029. KeEnterCriticalRegion();
  3030. ExAcquireResourceExclusiveLite(&FilterListResourceLock, TRUE);
  3031. //
  3032. // verify binding type
  3033. //
  3034. switch(pBind->pfType)
  3035. {
  3036. default:
  3037. dwBind = UNKNOWN_IP_INDEX;
  3038. break;
  3039. case PF_BIND_INTERFACEINDEX:
  3040. (VOID)GetIpStackIndex(0, TRUE); // make sure have this list
  3041. dwBind = pBind->dwAdd;
  3042. break;
  3043. case PF_BIND_IPV4ADDRESS:
  3044. dwBind = GetIpStackIndex((IPAddr)pBind->dwAdd, TRUE);
  3045. break;
  3046. }
  3047. //
  3048. // Make sure it is not bound or if it is that it is
  3049. // bound to this interface
  3050. //
  3051. if(((pIf->dwIpIndex != UNKNOWN_IP_INDEX) &&
  3052. (pIf->dwIpIndex != dwBind) &&
  3053. (pIf->dwLinkIpAddress != pBind->dwLinkAdd) )
  3054. ||
  3055. (dwBind == UNKNOWN_IP_INDEX)
  3056. )
  3057. {
  3058. Status = STATUS_INVALID_PARAMETER;
  3059. }
  3060. else
  3061. {
  3062. BOOL fFound = FALSE;
  3063. PLIST_ENTRY pList;
  3064. //
  3065. // verify that this is not already in use by some other
  3066. // interface
  3067. //
  3068. dwOldBind = pIf->dwIpIndex;
  3069. AcquireWriteLock(&g_filters.ifListLock,&LockState);
  3070. for(pList = g_filters.leIfListHead.Flink;
  3071. pList != &g_filters.leIfListHead;
  3072. pList = pList->Flink)
  3073. {
  3074. pIf1 = CONTAINING_RECORD(pList, FILTER_INTERFACE, leIfLink);
  3075. if((pIf1->dwIpIndex == dwBind) && (pIf1->dwLinkIpAddress == pBind->dwLinkAdd))
  3076. {
  3077. //
  3078. // found it.
  3079. //
  3080. fFound = TRUE;
  3081. break;
  3082. }
  3083. }
  3084. if(!fFound)
  3085. {
  3086. pIf->dwIpIndex = dwBind;
  3087. pIf->dwLinkIpAddress = pBind->dwLinkAdd;
  3088. InterlockedIncrement(&g_ulBoundInterfaceCount);
  3089. TRACE(CONFIG,(
  3090. "IPFLTDRV: Bound Interface Index=%d, Link=%d, TotalCnt=%d\n",
  3091. dwBind,
  3092. pBind->dwLinkAdd,
  3093. g_ulBoundInterfaceCount
  3094. ));
  3095. }
  3096. ReleaseWriteLock(&g_filters.ifListLock,&LockState);
  3097. if(fFound)
  3098. {
  3099. if(pIf1 == pIf)
  3100. {
  3101. Status = STATUS_SUCCESS;
  3102. }
  3103. else
  3104. {
  3105. Status = STATUS_INVALID_PARAMETER;
  3106. }
  3107. }
  3108. else
  3109. {
  3110. NotifyFastPathIf(pIf);
  3111. if(!++pIf->dwBindEpoch)
  3112. {
  3113. pIf->dwBindEpoch++;
  3114. }
  3115. Status = STATUS_SUCCESS;
  3116. }
  3117. }
  3118. pBind->dwEpoch = pIf->dwBindEpoch;
  3119. ExReleaseResourceLite(&FilterListResourceLock);
  3120. KeLeaveCriticalRegion();
  3121. return(Status);
  3122. }
  3123. NTSTATUS
  3124. ClearInterfaceBinding(PPAGED_FILTER_INTERFACE pPage,
  3125. PINTERFACEBINDING pBind)
  3126. {
  3127. PFILTER_INTERFACE pIf = pPage->pFilter;
  3128. NTSTATUS Status;
  3129. if(pIf->dwGlobalEnables & FI_ENABLE_OLD)
  3130. {
  3131. return(STATUS_INVALID_DEVICE_REQUEST);
  3132. }
  3133. KeEnterCriticalRegion();
  3134. ExAcquireResourceExclusiveLite(&FilterListResourceLock, TRUE);
  3135. //
  3136. // Make sure it is bound
  3137. //
  3138. if((pIf->dwIpIndex == UNKNOWN_IP_INDEX)
  3139. ||
  3140. ( pBind->dwEpoch
  3141. &&
  3142. (pIf->dwBindEpoch != pBind->dwEpoch)))
  3143. {
  3144. Status = STATUS_SUCCESS;
  3145. }
  3146. else
  3147. {
  3148. LOCK_STATE LockState;
  3149. DWORD dwIndex;
  3150. AcquireWriteLock(&g_filters.ifListLock,&LockState);
  3151. InterlockedCleanCache(g_filters.pInterfaceCache, pIf->dwIpIndex, pIf->dwLinkIpAddress);
  3152. InterlockedDecrement(&g_ulBoundInterfaceCount);
  3153. TRACE(CONFIG,(
  3154. "IPFLTDRV: UnBound Interface Index=%d, Link=%d, TotalCnt=%d\n",
  3155. pIf->dwIpIndex,
  3156. pIf->dwLinkIpAddress,
  3157. g_ulBoundInterfaceCount
  3158. ));
  3159. ClearCache();
  3160. ReleaseWriteLock(&g_filters.ifListLock, &LockState);
  3161. dwIndex = pIf->dwIpIndex;
  3162. pIf->dwIpIndex = UNKNOWN_IP_INDEX;
  3163. NotifyFastPath(pIf, dwIndex, NOT_UNBIND);
  3164. Status = STATUS_SUCCESS;
  3165. }
  3166. ExReleaseResourceLite(&FilterListResourceLock);
  3167. KeLeaveCriticalRegion();
  3168. return(Status);
  3169. }
  3170. NTSTATUS
  3171. DeletePagedInterface(PPFFCB Fcb, PPAGED_FILTER_INTERFACE pPage)
  3172. /*++
  3173. Routine Description:
  3174. Delete the filters and this interface
  3175. --*/
  3176. {
  3177. PLIST_ENTRY pList;
  3178. PPAGED_FILTER pf;
  3179. PPAGED_FILTER pfp = NULL;
  3180. DWORD i;
  3181. DWORD dwDummy;
  3182. PAGED_CODE();
  3183. if(pPage->pFilter->dwGlobalEnables & FI_ENABLE_OLD)
  3184. {
  3185. return(STATUS_INVALID_DEVICE_REQUEST);
  3186. }
  3187. for(pList = pPage->leSpecialFilterList.Flink;
  3188. pList != &pPage->leSpecialFilterList;
  3189. pList = pList->Flink)
  3190. {
  3191. pf = CONTAINING_RECORD(pList, PAGED_FILTER, leSpecialList);
  3192. pf->pFilters = pfp;
  3193. pfp = pf;
  3194. }
  3195. for(i = 0; i < g_dwHashLists; i++)
  3196. {
  3197. for(pList = pPage->HashList[i].Flink;
  3198. pList != &pPage->HashList[i];
  3199. pList = pList->Flink)
  3200. {
  3201. pf = CONTAINING_RECORD(pList, PAGED_FILTER, leHash);
  3202. pf->pFilters = pfp;
  3203. pfp = pf;
  3204. }
  3205. }
  3206. FreePagedFilterList(Fcb, pfp, pPage, &dwDummy);
  3207. DereferenceFilterInterface(pPage->pFilter, pPage->pLog);
  3208. if(pPage->pLog)
  3209. {
  3210. DereferenceLog(pPage->pLog);
  3211. }
  3212. ExFreePool(pPage);
  3213. return(STATUS_SUCCESS);
  3214. }
  3215. NTSTATUS
  3216. GetFiltersEx(
  3217. IN PFILTER_INTERFACE pIf,
  3218. IN BOOL fClear,
  3219. OUT PFILTER_STATS_EX pInfo
  3220. )
  3221. /*++
  3222. Routine Description
  3223. Gets filters and statistics associated with an interface
  3224. It is called with the Spin Lock held as reader
  3225. Arguments
  3226. pvIf Pointer to FILTER_INTERFACE structure which was passed as a PVOID
  3227. to router manager as a context for the interface
  3228. pInfo FILTER_IF structure filled in by driver
  3229. Return Value
  3230. --*/
  3231. {
  3232. DWORD i,dwNumInFilters,dwNumOutFilters;
  3233. PFILTER pf;
  3234. PLIST_ENTRY List;
  3235. dwNumInFilters = pIf->dwNumInFilters;
  3236. dwNumOutFilters = pIf->dwNumOutFilters;
  3237. for(i = 0, List = pIf->pleInFilterSet.Flink;
  3238. List != &pIf->pleInFilterSet;
  3239. i++, List = List->Flink)
  3240. {
  3241. PFILTER_INFOEX pEx = &pInfo->info;
  3242. PFILTER_INFO2 pFilt = &pEx->info;
  3243. pf = CONTAINING_RECORD(List, FILTER, pleFilters);
  3244. pInfo->dwNumPacketsFiltered = (DWORD)pf->Count.lCount;;
  3245. if(fClear)
  3246. {
  3247. pf->Count.lCount = 0;
  3248. }
  3249. pEx->dwFilterRule = pf->dwFilterRule;
  3250. pEx->type = PFE_FILTER;
  3251. pEx->dwFlags = pf->dwFlags & FLAGS_INFOEX_ALLFLAGS;
  3252. pFilt->addrType = IPV4;
  3253. pFilt->dwaSrcAddr[0] = pf->SRC_ADDR;
  3254. pFilt->dwaSrcMask[0] = pf->SRC_MASK;
  3255. pFilt->dwaDstAddr[0] = pf->DEST_ADDR;
  3256. pFilt->dwaDstMask[0] = pf->DEST_MASK;
  3257. pFilt->dwProtocol = pf->PROTO;
  3258. pFilt->fLateBound = pf->fLateBound;
  3259. pFilt->wSrcPortHigh = pf->wSrcPortHigh;
  3260. pFilt->wDstPortHigh = pf->wDstPortHigh;
  3261. if(pFilt->dwProtocol == FILTER_PROTO_ICMP)
  3262. {
  3263. if(LOBYTE(LOWORD(pf->uliProtoSrcDstMask.HighPart)) isnot 0xff)
  3264. {
  3265. pFilt->wSrcPort = FILTER_ICMP_TYPE_ANY;
  3266. }
  3267. else
  3268. {
  3269. pFilt->wSrcPort =
  3270. MAKEWORD(LOBYTE(LOWORD(pf->uliProtoSrcDstPort.HighPart)),0x00);
  3271. }
  3272. if(HIBYTE(LOWORD(pf->uliProtoSrcDstMask.HighPart)) isnot 0xff)
  3273. {
  3274. pFilt->wDstPort = FILTER_ICMP_CODE_ANY;
  3275. }
  3276. else
  3277. {
  3278. pFilt->wDstPort =
  3279. MAKEWORD(HIBYTE(LOWORD(pf->uliProtoSrcDstPort.HighPart)),0x00);
  3280. }
  3281. }
  3282. else
  3283. {
  3284. pFilt->wSrcPort =
  3285. LOWORD(pf->uliProtoSrcDstPort.HighPart);
  3286. pFilt->wDstPort =
  3287. HIWORD(pf->uliProtoSrcDstPort.HighPart);
  3288. }
  3289. pInfo++;
  3290. }
  3291. for(i = 0, List = pIf->pleOutFilterSet.Flink;
  3292. List != &pIf->pleOutFilterSet;
  3293. i++, List = List->Flink)
  3294. {
  3295. PFILTER_INFOEX pEx = &pInfo->info;
  3296. PFILTER_INFO2 pFilt = &pEx->info;
  3297. pf = CONTAINING_RECORD(List, FILTER, pleFilters);
  3298. pInfo->dwNumPacketsFiltered =
  3299. (DWORD)pf->Count.lCount;
  3300. if(fClear)
  3301. {
  3302. pf->Count.lCount = 0;
  3303. }
  3304. pEx->dwFilterRule = pf->dwFilterRule;
  3305. pEx->type = PFE_FILTER;
  3306. pEx->dwFlags = pf->dwFlags & FLAGS_INFOEX_ALLFLAGS;
  3307. pFilt->addrType = IPV4;
  3308. pFilt->dwaSrcAddr[0] = pf->SRC_ADDR;
  3309. pFilt->dwaSrcMask[0] = pf->SRC_MASK;
  3310. pFilt->dwaDstAddr[0] = pf->DEST_ADDR;
  3311. pFilt->dwaDstMask[0] = pf->DEST_MASK;
  3312. pFilt->dwProtocol = pf->PROTO;
  3313. pFilt->fLateBound = pf->fLateBound;
  3314. if(pFilt->dwProtocol == FILTER_PROTO_ICMP)
  3315. {
  3316. if(LOBYTE(LOWORD(pf->uliProtoSrcDstMask.HighPart)) isnot 0xff)
  3317. {
  3318. pFilt->wSrcPort = FILTER_ICMP_TYPE_ANY;
  3319. }
  3320. else
  3321. {
  3322. pFilt->wSrcPort =
  3323. MAKEWORD(LOBYTE(LOWORD(pf->uliProtoSrcDstPort.HighPart)),0x00);
  3324. }
  3325. if(HIBYTE(LOWORD(pf->uliProtoSrcDstMask.HighPart)) isnot 0xff)
  3326. {
  3327. pFilt->wDstPort = FILTER_ICMP_CODE_ANY;
  3328. }
  3329. else
  3330. {
  3331. pFilt->wDstPort =
  3332. MAKEWORD(HIBYTE(LOWORD(pf->uliProtoSrcDstPort.HighPart)),0x00);
  3333. }
  3334. }
  3335. else
  3336. {
  3337. pFilt->wSrcPort =
  3338. LOWORD(pf->uliProtoSrcDstPort.HighPart);
  3339. pFilt->wDstPort =
  3340. HIWORD(pf->uliProtoSrcDstPort.HighPart);
  3341. }
  3342. pInfo++;
  3343. }
  3344. return(STATUS_SUCCESS);
  3345. }
  3346. NTSTATUS
  3347. GetInterfaceParameters(PPAGED_FILTER_INTERFACE pPage,
  3348. PPFGETINTERFACEPARAMETERS pp,
  3349. PDWORD pdwSize)
  3350. /*++
  3351. Routine Description:
  3352. Read the information about an interface
  3353. pPage -- the paged filter interface
  3354. pp -- the user's args to this
  3355. pdwSize -- the size of the buffer on IN and the bytes used on OUT
  3356. --*/
  3357. {
  3358. PFILTER_INTERFACE pIf;
  3359. DWORD dwFilterSize;
  3360. BOOL fClear = (pp->dwFlags & GET_FLAGS_RESET) != 0;
  3361. LOCK_STATE LockState;
  3362. KeEnterCriticalRegion();
  3363. ExAcquireResourceExclusiveLite(&FilterListResourceLock, TRUE);
  3364. if(!pPage)
  3365. {
  3366. pIf = FindMatchName(0, (DWORD)((DWORD_PTR)pp->pvDriverContext));
  3367. if(!pIf)
  3368. {
  3369. ExReleaseResourceLite(&FilterListResourceLock);
  3370. KeLeaveCriticalRegion();
  3371. return(STATUS_INVALID_PARAMETER);
  3372. }
  3373. }
  3374. else
  3375. {
  3376. pIf = pPage->pFilter;
  3377. }
  3378. if(pIf->dwGlobalEnables & FI_ENABLE_OLD)
  3379. {
  3380. ExReleaseResourceLite(&FilterListResourceLock);
  3381. KeLeaveCriticalRegion();
  3382. return(STATUS_INVALID_DEVICE_REQUEST);
  3383. }
  3384. //
  3385. // fill in what we can fill in. Need to double lock -- the
  3386. // outer to prevent the interface from going away and filters
  3387. // being changed, the inner to protect the counts.
  3388. //
  3389. AcquireWriteLock(&g_filters.ifListLock,&LockState);
  3390. pp->dwInDrops = (DWORD)pIf->lTotalInDrops;
  3391. pp->dwOutDrops = (DWORD)pIf->lTotalOutDrops;
  3392. pp->dwSynOrFrag = (DWORD)pIf->CountSynOrFrag.lCount +
  3393. (DWORD)pIf->CountNoFrag.lCount;
  3394. pp->dwSpoof = (DWORD)pIf->CountSpoof.lCount +
  3395. (DWORD)pIf->CountStrongHost.lCount;
  3396. pp->dwUnused = (DWORD)pIf->CountUnused.lCount;
  3397. pp->dwTcpCtl = (DWORD)pIf->CountCtl.lCount;
  3398. pp->liSYN.QuadPart = pIf->liSYNCount.QuadPart;
  3399. pp->liTotalLogged.QuadPart = pIf->liLoggedFrames.QuadPart;
  3400. pp->dwLostLogEntries = pIf->dwLostFrames;
  3401. pp->eaInAction = pIf->eaInAction;
  3402. pp->eaOutAction = pIf->eaOutAction;
  3403. pp->dwNumInFilters = pIf->dwNumInFilters;
  3404. pp->dwNumOutFilters = pIf->dwNumOutFilters;
  3405. dwFilterSize = (pIf->dwNumInFilters + pIf->dwNumOutFilters) *
  3406. sizeof(FILTER_STATS_EX);
  3407. if((pp->dwFlags & GET_FLAGS_FILTERS) != 0)
  3408. {
  3409. //
  3410. // Make sure all of the filters fit
  3411. //
  3412. if((*pdwSize -
  3413. (sizeof(PFGETINTERFACEPARAMETERS) - sizeof(FILTER_STATS_EX))) <
  3414. dwFilterSize)
  3415. {
  3416. //
  3417. // doesn't fit. Return the required size
  3418. //
  3419. pp->dwReserved =
  3420. dwFilterSize + (sizeof(PFGETINTERFACEPARAMETERS) -
  3421. sizeof(FILTER_STATS_EX));
  3422. ReleaseWriteLock(&g_filters.ifListLock, &LockState);
  3423. ExReleaseResourceLite(&FilterListResourceLock);
  3424. KeLeaveCriticalRegion();
  3425. return(STATUS_SUCCESS);
  3426. }
  3427. (VOID)GetFiltersEx(pIf,
  3428. fClear,
  3429. &pp->FilterInfo[0]);
  3430. }
  3431. //
  3432. // if clear requested, do it now
  3433. //
  3434. if(fClear)
  3435. {
  3436. pIf->lTotalInDrops = 0;
  3437. pIf->lTotalOutDrops = 0;
  3438. pIf->CountSynOrFrag.lCount = 0;
  3439. pIf->CountNoFrag.lCount = 0;
  3440. pIf->CountFragCache.lCount = 0;
  3441. pIf->CountSpoof.lCount = 0;
  3442. pIf->CountUnused.lCount = 0;
  3443. pIf->CountCtl.lCount = 0;
  3444. pIf->CountStrongHost.lCount = 0;
  3445. pIf->liSYNCount.QuadPart = 0;
  3446. pIf->liLoggedFrames.QuadPart = 0;
  3447. pIf->dwLostFrames = 0;
  3448. }
  3449. ReleaseWriteLock(&g_filters.ifListLock, &LockState);
  3450. ExReleaseResourceLite(&FilterListResourceLock);
  3451. KeLeaveCriticalRegion();
  3452. return(STATUS_SUCCESS);
  3453. }
  3454. NTSTATUS
  3455. GetSynCountTotal(PFILTER_DRIVER_GET_SYN_COUNT pscCount)
  3456. /*++
  3457. Routine Description:
  3458. Get sum of SYNs on filter interfaces
  3459. --*/
  3460. {
  3461. PFILTER_INTERFACE pIf;
  3462. PLIST_ENTRY pList;
  3463. LOCK_STATE LockState;
  3464. LONGLONG llCount = 0;
  3465. AcquireWriteLock(&g_filters.ifListLock,&LockState);
  3466. for(pList = g_filters.leIfListHead.Flink;
  3467. pList != &g_filters.leIfListHead;
  3468. pList = pList->Flink)
  3469. {
  3470. pIf = CONTAINING_RECORD(pList, FILTER_INTERFACE, leIfLink);
  3471. if(!(pIf->dwGlobalEnables & FI_ENABLE_OLD))
  3472. {
  3473. //
  3474. // accumulate it here to avoid page faults.
  3475. //
  3476. llCount += pIf->liSYNCount.QuadPart;
  3477. }
  3478. }
  3479. ReleaseWriteLock(&g_filters.ifListLock,&LockState);
  3480. //
  3481. // Now that no lock is held, store into the pageable
  3482. // value
  3483. //
  3484. pscCount->liCount.QuadPart = llCount;
  3485. return(STATUS_SUCCESS);
  3486. }
  3487. VOID
  3488. NotifyFastPath(PFILTER_INTERFACE pIf, DWORD dwIndex, DWORD dwCode)
  3489. /*++
  3490. Routine Description:
  3491. Called whenever the filter of an interface change so that
  3492. we can tell the fast path code to clear its cache. This
  3493. must be called at base level as it might sleep or yield.
  3494. --*/
  3495. {
  3496. DWORD dwFilterCount = 1;
  3497. if(dwIndex != UNKNOWN_IP_INDEX)
  3498. {
  3499. InterlockedIncrement(&pIf->lNotify);
  3500. if(dwCode == NOT_UNBIND)
  3501. {
  3502. LARGE_INTEGER liInterval;
  3503. //
  3504. // it's an unbind. Wait for all existing callouts to
  3505. // complete.
  3506. //
  3507. liInterval.QuadPart = -1000; // short delay. Start with
  3508. // 100 us;
  3509. while(pIf->lNotify > 1)
  3510. {
  3511. //
  3512. // small delay to allow this to settle
  3513. //
  3514. KeDelayExecutionThread(KernelMode, FALSE, &liInterval);
  3515. liInterval.QuadPart *= 2;
  3516. }
  3517. dwFilterCount = 0;
  3518. }
  3519. //
  3520. // tell the fast path of this
  3521. //
  3522. InterlockedDecrement(&pIf->lNotify);
  3523. }
  3524. }
  3525. VOID
  3526. NotifyFastPathIf(PFILTER_INTERFACE pIf)
  3527. /*++
  3528. Routine Description:
  3529. Same as above, but this is called when an interface is first
  3530. bound. Notify only if it has filters or is a DROP interface
  3531. --*/
  3532. {
  3533. if(
  3534. (pIf->eaInAction == DROP)
  3535. ||
  3536. (pIf->eaOutAction == DROP)
  3537. ||
  3538. pIf->dwNumInFilters
  3539. ||
  3540. pIf->dwNumOutFilters)
  3541. {
  3542. NotifyFastPath(pIf, pIf->dwIpIndex, NOT_RESTRICTION);
  3543. }
  3544. }
  3545. NTSTATUS
  3546. SetExtensionPointer(
  3547. PPF_SET_EXTENSION_HOOK_INFO Info,
  3548. PFILE_OBJECT FileObject
  3549. )
  3550. {
  3551. LOCK_STATE LockState;
  3552. PFILTER_INTERFACE pIf;
  3553. PLIST_ENTRY pList;
  3554. AcquireWriteLock(&g_Extension.ExtLock, &LockState);
  3555. if (Info->ExtensionPointer == NULL)
  3556. {
  3557. //
  3558. // Extension hook is already set to NULL, be strict about it.
  3559. //
  3560. if (g_Extension.ExtPointer == NULL)
  3561. {
  3562. ReleaseWriteLock(&g_Extension.ExtLock, &LockState);
  3563. return(STATUS_INVALID_PARAMETER);
  3564. }
  3565. //
  3566. // File object of the entity hooking and unhooking should match.
  3567. //
  3568. if (g_Extension.ExtFileObject != FileObject)
  3569. {
  3570. ReleaseWriteLock(&g_Extension.ExtLock, &LockState);
  3571. return(STATUS_INVALID_PARAMETER);
  3572. }
  3573. g_Extension.ExtPointer = NULL;
  3574. g_Extension.ExtFileObject = NULL;
  3575. }
  3576. else
  3577. {
  3578. //
  3579. // We are setting the extension pointer to a non NULL value. The extension pointer must
  3580. // be already set to NULL to begin with, otherwise someone else registered it already.
  3581. //
  3582. if (g_Extension.ExtPointer != NULL)
  3583. {
  3584. ReleaseWriteLock(&g_Extension.ExtLock,&LockState);
  3585. return(STATUS_INVALID_PARAMETER);
  3586. }
  3587. //
  3588. // Record the file object here, every other call should be validated against this
  3589. // file object.
  3590. //
  3591. g_Extension.ExtFileObject = FileObject;
  3592. g_Extension.ExtPointer = Info->ExtensionPointer ;
  3593. }
  3594. CALLTRACE(("IPFLTDRV: SetExtensionPointer SUCCESSFUL\n"));
  3595. ReleaseWriteLock(&g_Extension.ExtLock,&LockState);
  3596. return(STATUS_SUCCESS);
  3597. }
  3598. PFILTER_INTERFACE
  3599. FilterDriverLookupInterface(
  3600. IN ULONG Index,
  3601. IN IPAddr LinkNextHop
  3602. )
  3603. /*++
  3604. Routine Description:
  3605. This routine is invoked to search for an interface with the given index
  3606. in our list of interfaces.
  3607. --*/
  3608. {
  3609. PFILTER_INTERFACE pIf;
  3610. PLIST_ENTRY pList;
  3611. for (pList = g_filters.leIfListHead.Flink;
  3612. pList != &g_filters.leIfListHead;
  3613. pList = pList->Flink)
  3614. {
  3615. pIf = CONTAINING_RECORD(pList, FILTER_INTERFACE, leIfLink);
  3616. if ((pIf->dwIpIndex == Index) && (pIf->dwLinkIpAddress == LinkNextHop))
  3617. {
  3618. TRACE(CONFIG,(
  3619. "IPFLTDRV: LookupIF: Found Entry %8x for Index=%d, NextHop=%d\n",
  3620. pIf,
  3621. Index,
  3622. LinkNextHop
  3623. ));
  3624. return pIf;
  3625. }
  3626. }
  3627. return NULL;
  3628. } // FilterDriverLookupInterface