mirror of
https://github.com/tnodir/fort
synced 2024-11-15 08:56:22 +00:00
Driver: Reorganize common/.
This commit is contained in:
parent
bfa9d41c01
commit
506c8a0c1e
@ -1,6 +1,18 @@
|
||||
INCLUDEPATH += $$PWD
|
||||
|
||||
SOURCES += \
|
||||
$$PWD/common/fortconf.c \
|
||||
$$PWD/common/fortlog.c \
|
||||
$$PWD/common/fortprov.c \
|
||||
$$PWD/common/wildmatch.c
|
||||
|
||||
HEADERS += \
|
||||
$$PWD/common/common.h \
|
||||
$$PWD/common/fortconf.h \
|
||||
$$PWD/common/fortdev.h
|
||||
$$PWD/common/fortdev.h \
|
||||
$$PWD/common/fortlog.h \
|
||||
$$PWD/common/fortprov.h \
|
||||
$$PWD/common/wildmatch.h
|
||||
|
||||
# Windows
|
||||
LIBS *= -lfwpuclnt -lkernel32 -luser32 -luuid -lversion -lws2_32
|
||||
|
@ -1,85 +0,0 @@
|
||||
---
|
||||
# Webkit style was loosely based on the Qt style
|
||||
BasedOnStyle: WebKit
|
||||
|
||||
Standard: Cpp11
|
||||
|
||||
# Column width is limited to 100 in accordance with Qt Coding Style.
|
||||
# https://wiki.qt.io/Qt_Coding_Style
|
||||
# Note that this may be changed at some point in the future.
|
||||
ColumnLimit: 100
|
||||
|
||||
# How much weight do extra characters after the line length limit have.
|
||||
# PenaltyExcessCharacter: 4
|
||||
|
||||
# Disable reflow of qdoc comments: indentation rules are different.
|
||||
# Translation comments are also excluded.
|
||||
CommentPragmas: "^!|^:"
|
||||
|
||||
# We want a space between the type and the star for pointer types.
|
||||
PointerBindsToType: false
|
||||
|
||||
# We use template< without space.
|
||||
SpaceAfterTemplateKeyword: false
|
||||
|
||||
# We want to break before the operators, but not before a '='.
|
||||
BreakBeforeBinaryOperators: NonAssignment
|
||||
|
||||
# Braces are usually attached, but not after functions or class declarations.
|
||||
BreakBeforeBraces: Custom
|
||||
BraceWrapping:
|
||||
AfterClass: true
|
||||
AfterControlStatement: false
|
||||
AfterEnum: false
|
||||
AfterFunction: true
|
||||
AfterNamespace: false
|
||||
AfterObjCDeclaration: false
|
||||
AfterStruct: true
|
||||
AfterUnion: false
|
||||
BeforeCatch: false
|
||||
BeforeElse: false
|
||||
IndentBraces: false
|
||||
|
||||
# When constructor initializers do not fit on one line, put them each on a new line.
|
||||
ConstructorInitializerAllOnOneLineOrOnePerLine: true
|
||||
|
||||
# Indent initializers by 2 spaces
|
||||
ConstructorInitializerIndentWidth: 2
|
||||
|
||||
# Indent width for line continuations.
|
||||
ContinuationIndentWidth: 4
|
||||
|
||||
# No indentation for namespaces.
|
||||
NamespaceIndentation: None
|
||||
|
||||
# Allow indentation for preprocessing directives (if/ifdef/endif). https://reviews.llvm.org/rL312125
|
||||
IndentPPDirectives: AfterHash
|
||||
|
||||
# Don't horizontally align arguments after an open bracket.
|
||||
AlignAfterOpenBracket: DontAlign
|
||||
AlwaysBreakTemplateDeclarations: true
|
||||
|
||||
# Ideally we should also allow less short function in a single line, but
|
||||
# clang-format does not handle that.
|
||||
AllowShortFunctionsOnASingleLine: Inline
|
||||
|
||||
# The coding style specifies some include order categories, but also tells to
|
||||
# separate categories with an empty line. It does not specify the order within
|
||||
# the categories. Since the SortInclude feature of clang-format does not
|
||||
# re-order includes separated by empty lines, the feature is not used.
|
||||
SortIncludes: false
|
||||
|
||||
# Sort each #include block separately.
|
||||
IncludeBlocks: Preserve
|
||||
|
||||
# macros for which the opening brace stays attached.
|
||||
ForEachMacros: [ foreach, Q_FOREACH, BOOST_FOREACH, forever, Q_FOREVER, QBENCHMARK, QBENCHMARK_ONCE ]
|
||||
|
||||
# Break constructor initializers before the colon and after the commas.
|
||||
BreakConstructorInitializers: AfterColon
|
||||
|
||||
# Align C/C++ preprocessor macros of consecutive lines.
|
||||
AlignConsecutiveMacros: true
|
||||
|
||||
# Space is inserted after C style casts.
|
||||
SpaceAfterCStyleCast: true
|
@ -1,16 +1,33 @@
|
||||
#ifndef COMMON_H
|
||||
#define COMMON_H
|
||||
|
||||
#ifndef NT_SUCCESS
|
||||
#define NT_SUCCESS(status) ((LONG) (status) >= 0)
|
||||
#if !defined(FORT_API)
|
||||
# if defined(FORT_AMALG)
|
||||
# define FORT_API static
|
||||
# else
|
||||
# define FORT_API extern
|
||||
# endif
|
||||
#endif
|
||||
|
||||
#define FORT_STATUS_USER_ERROR STATUS_INVALID_PARAMETER
|
||||
#define FORT_ERROR_USER_ERROR ERROR_INVALID_PARAMETER
|
||||
#define UNUSED(p) ((void) (p))
|
||||
|
||||
#ifndef NT_SUCCESS
|
||||
# define NT_SUCCESS(status) ((LONG)(status) >= 0)
|
||||
#endif
|
||||
|
||||
#define FORT_STATUS_USER_ERROR STATUS_INVALID_PARAMETER
|
||||
#define FORT_ERROR_USER_ERROR ERROR_INVALID_PARAMETER
|
||||
|
||||
/* Convert system time to seconds since 1970 */
|
||||
#define SECSPERDAY 86400
|
||||
#define SECS_1601_TO_1970 ((369 * 365 + 89) * (INT64) SECSPERDAY) /* 1601 to 1970 is 369 years plus 89 leap days */
|
||||
#define fort_system_to_unix_time(system_time) ((system_time) / 10000000 - SECS_1601_TO_1970)
|
||||
#define SECSPERDAY 86400
|
||||
#define SECS_1601_TO_1970 \
|
||||
((369 * 365 + 89) * (INT64) SECSPERDAY) /* 1601 to 1970 is 369 years plus 89 leap days */
|
||||
#define fort_system_to_unix_time(system_time) ((system_time) / 10000000 - SECS_1601_TO_1970)
|
||||
|
||||
#endif COMMON_H
|
||||
#if !defined(FORT_DRIVER)
|
||||
# define _WIN32_WINNT 0x0601
|
||||
# define WIN32_LEAN_AND_MEAN
|
||||
# include <windows.h>
|
||||
#endif
|
||||
|
||||
#endif // COMMON_H
|
||||
|
@ -1,380 +1,337 @@
|
||||
/* Fort Firewall Driver Configuration */
|
||||
|
||||
#include "fortconf.h"
|
||||
|
||||
#include "wildmatch.c"
|
||||
|
||||
#include "wildmatch.h"
|
||||
|
||||
#ifndef FORT_DRIVER
|
||||
#define fort_memcmp memcmp
|
||||
# define fort_memcmp memcmp
|
||||
#else
|
||||
static int
|
||||
fort_memcmp (const char *p1, const char *p2, size_t len)
|
||||
static int fort_memcmp(const char *p1, const char *p2, size_t len)
|
||||
{
|
||||
const size_t n = RtlCompareMemory(p1, p2, len);
|
||||
return (n == len) ? 0 : (p1[n] - p2[n]);
|
||||
const size_t n = RtlCompareMemory(p1, p2, len);
|
||||
return (n == len) ? 0 : (p1[n] - p2[n]);
|
||||
}
|
||||
#endif
|
||||
|
||||
static int
|
||||
bit_scan_forward (unsigned long mask)
|
||||
FORT_API int bit_scan_forward(unsigned long mask)
|
||||
{
|
||||
unsigned long index;
|
||||
return _BitScanForward(&index, mask) ? index : -1;
|
||||
}
|
||||
|
||||
static BOOL
|
||||
is_time_in_period (FORT_TIME time, FORT_PERIOD period)
|
||||
FORT_API BOOL is_time_in_period(FORT_TIME time, FORT_PERIOD period)
|
||||
{
|
||||
const int x = time.hour * 60 + time.minute;
|
||||
const int from = period.from.hour * 60 + period.from.minute;
|
||||
const int to = period.to.hour * 60 + period.to.minute;
|
||||
const int x = time.hour * 60 + time.minute;
|
||||
const int from = period.from.hour * 60 + period.from.minute;
|
||||
const int to = period.to.hour * 60 + period.to.minute;
|
||||
|
||||
return (from <= to ? (x >= from && x < (to - 1))
|
||||
: (x >= from || x < (to - 1)));
|
||||
return (from <= to ? (x >= from && x < (to - 1)) : (x >= from || x < (to - 1)));
|
||||
}
|
||||
|
||||
static BOOL
|
||||
fort_conf_ip_find (UINT32 ip, UINT32 count, const UINT32 *iparr, BOOL is_range)
|
||||
static BOOL fort_conf_ip_find(UINT32 ip, UINT32 count, const UINT32 *iparr, BOOL is_range)
|
||||
{
|
||||
int low, high;
|
||||
int low, high;
|
||||
|
||||
if (count == 0)
|
||||
return FALSE;
|
||||
if (count == 0)
|
||||
return FALSE;
|
||||
|
||||
low = 0, high = count - 1;
|
||||
low = 0, high = count - 1;
|
||||
|
||||
do {
|
||||
const int mid = (low + high) / 2;
|
||||
const UINT32 mid_ip = iparr[mid];
|
||||
do {
|
||||
const int mid = (low + high) / 2;
|
||||
const UINT32 mid_ip = iparr[mid];
|
||||
|
||||
if (ip < mid_ip)
|
||||
high = mid - 1;
|
||||
else if (ip > mid_ip)
|
||||
low = mid + 1;
|
||||
else
|
||||
return TRUE;
|
||||
} while (low <= high);
|
||||
if (ip < mid_ip)
|
||||
high = mid - 1;
|
||||
else if (ip > mid_ip)
|
||||
low = mid + 1;
|
||||
else
|
||||
return TRUE;
|
||||
} while (low <= high);
|
||||
|
||||
if (!is_range)
|
||||
return FALSE;
|
||||
if (!is_range)
|
||||
return FALSE;
|
||||
|
||||
return high >= 0 && ip >= iparr[high]
|
||||
&& ip <= iparr[count + high];
|
||||
return high >= 0 && ip >= iparr[high] && ip <= iparr[count + high];
|
||||
}
|
||||
|
||||
static BOOL
|
||||
fort_conf_ip_inarr (UINT32 ip, UINT32 count, const UINT32 *iparr)
|
||||
static BOOL fort_conf_ip_inarr(UINT32 ip, UINT32 count, const UINT32 *iparr)
|
||||
{
|
||||
return fort_conf_ip_find(ip, count, iparr, FALSE);
|
||||
return fort_conf_ip_find(ip, count, iparr, FALSE);
|
||||
}
|
||||
|
||||
static BOOL
|
||||
fort_conf_ip_inrange (UINT32 ip, UINT32 count, const UINT32 *iprange)
|
||||
static BOOL fort_conf_ip_inrange(UINT32 ip, UINT32 count, const UINT32 *iprange)
|
||||
{
|
||||
return fort_conf_ip_find(ip, count, iprange, TRUE);
|
||||
return fort_conf_ip_find(ip, count, iprange, TRUE);
|
||||
}
|
||||
|
||||
#define fort_conf_addr_list_ip_ref(addr_list) \
|
||||
(addr_list)->ip
|
||||
#define fort_conf_addr_list_pair_ref(addr_list) \
|
||||
&(addr_list)->ip[(addr_list)->ip_n]
|
||||
#define fort_conf_addr_list_ip_ref(addr_list) (addr_list)->ip
|
||||
#define fort_conf_addr_list_pair_ref(addr_list) &(addr_list)->ip[(addr_list)->ip_n]
|
||||
|
||||
static BOOL
|
||||
fort_conf_ip_inlist (UINT32 ip, const PFORT_CONF_ADDR_LIST addr_list)
|
||||
FORT_API BOOL fort_conf_ip_inlist(UINT32 ip, const PFORT_CONF_ADDR_LIST addr_list)
|
||||
{
|
||||
return fort_conf_ip_inarr(ip, addr_list->ip_n,
|
||||
fort_conf_addr_list_ip_ref(addr_list))
|
||||
|| fort_conf_ip_inrange(ip, addr_list->pair_n,
|
||||
fort_conf_addr_list_pair_ref(addr_list));
|
||||
return fort_conf_ip_inarr(ip, addr_list->ip_n, fort_conf_addr_list_ip_ref(addr_list))
|
||||
|| fort_conf_ip_inrange(ip, addr_list->pair_n, fort_conf_addr_list_pair_ref(addr_list));
|
||||
}
|
||||
|
||||
static const PFORT_CONF_ADDR_GROUP
|
||||
fort_conf_addr_group_ref (const PFORT_CONF conf, int addr_group_index)
|
||||
FORT_API PFORT_CONF_ADDR_GROUP fort_conf_addr_group_ref(const PFORT_CONF conf, int addr_group_index)
|
||||
{
|
||||
const UINT32 *addr_group_offsets = (const UINT32 *)
|
||||
(conf->data + conf->addr_groups_off);
|
||||
const char *addr_group_data = (const char *) addr_group_offsets;
|
||||
const UINT32 *addr_group_offsets = (const UINT32 *) (conf->data + conf->addr_groups_off);
|
||||
const char *addr_group_data = (const char *) addr_group_offsets;
|
||||
|
||||
return (PFORT_CONF_ADDR_GROUP)
|
||||
(addr_group_data + addr_group_offsets[addr_group_index]);
|
||||
return (PFORT_CONF_ADDR_GROUP)(addr_group_data + addr_group_offsets[addr_group_index]);
|
||||
}
|
||||
|
||||
#define fort_conf_addr_group_include_list_ref(addr_group) \
|
||||
((PFORT_CONF_ADDR_LIST) (addr_group)->data)
|
||||
#define fort_conf_addr_group_exclude_list_ref(addr_group) \
|
||||
((PFORT_CONF_ADDR_LIST) ((addr_group)->data + (addr_group)->exclude_off))
|
||||
|
||||
static BOOL
|
||||
fort_conf_ip_included (const PFORT_CONF conf,
|
||||
fort_conf_zones_ip_included_func zone_func,
|
||||
void *ctx, UINT32 remote_ip, int addr_group_index)
|
||||
FORT_API BOOL fort_conf_ip_included(const PFORT_CONF conf,
|
||||
fort_conf_zones_ip_included_func zone_func, void *ctx, UINT32 remote_ip, int addr_group_index)
|
||||
{
|
||||
const PFORT_CONF_ADDR_GROUP addr_group = fort_conf_addr_group_ref(
|
||||
conf, addr_group_index);
|
||||
const PFORT_CONF_ADDR_GROUP addr_group = fort_conf_addr_group_ref(conf, addr_group_index);
|
||||
|
||||
const BOOL include_all = addr_group->include_all;
|
||||
const BOOL exclude_all = addr_group->exclude_all;
|
||||
const BOOL include_all = addr_group->include_all;
|
||||
const BOOL exclude_all = addr_group->exclude_all;
|
||||
|
||||
const BOOL ip_included = include_all ? TRUE
|
||||
: ((!addr_group->include_is_empty
|
||||
&& fort_conf_ip_inlist(remote_ip, fort_conf_addr_group_include_list_ref(addr_group)))
|
||||
|| (zone_func != NULL && zone_func(ctx, addr_group->include_zones, remote_ip)));
|
||||
const BOOL ip_included = include_all
|
||||
? TRUE
|
||||
: ((!addr_group->include_is_empty
|
||||
&& fort_conf_ip_inlist(remote_ip, fort_conf_addr_group_include_list_ref(addr_group)))
|
||||
|| (zone_func != NULL && zone_func(ctx, addr_group->include_zones, remote_ip)));
|
||||
|
||||
const BOOL ip_excluded = exclude_all ? TRUE
|
||||
: ((!addr_group->exclude_is_empty
|
||||
&& fort_conf_ip_inlist(remote_ip, fort_conf_addr_group_exclude_list_ref(addr_group)))
|
||||
|| (zone_func != NULL && zone_func(ctx, addr_group->exclude_zones, remote_ip)));
|
||||
const BOOL ip_excluded = exclude_all
|
||||
? TRUE
|
||||
: ((!addr_group->exclude_is_empty
|
||||
&& fort_conf_ip_inlist(remote_ip, fort_conf_addr_group_exclude_list_ref(addr_group)))
|
||||
|| (zone_func != NULL && zone_func(ctx, addr_group->exclude_zones, remote_ip)));
|
||||
|
||||
return include_all ? !ip_excluded
|
||||
: (exclude_all ? ip_included
|
||||
: (ip_included && !ip_excluded));
|
||||
return include_all ? !ip_excluded : (exclude_all ? ip_included : (ip_included && !ip_excluded));
|
||||
}
|
||||
|
||||
#define fort_conf_ip_is_inet(conf, zones_func, ctx, remote_ip) \
|
||||
fort_conf_ip_included((conf), (zones_func), (ctx), (remote_ip), 0)
|
||||
#define fort_conf_ip_is_inet(conf, zones_func, ctx, remote_ip) \
|
||||
fort_conf_ip_included((conf), (zones_func), (ctx), (remote_ip), 0)
|
||||
|
||||
#define fort_conf_ip_inet_included(conf, zones_func, ctx, remote_ip) \
|
||||
fort_conf_ip_included((conf), (zones_func), (ctx), (remote_ip), 1)
|
||||
#define fort_conf_ip_inet_included(conf, zones_func, ctx, remote_ip) \
|
||||
fort_conf_ip_included((conf), (zones_func), (ctx), (remote_ip), 1)
|
||||
|
||||
static BOOL
|
||||
fort_conf_app_exe_equal (PFORT_APP_ENTRY app_entry,
|
||||
const char *path, UINT32 path_len)
|
||||
FORT_API BOOL fort_conf_app_exe_equal(PFORT_APP_ENTRY app_entry, const char *path, UINT32 path_len)
|
||||
{
|
||||
const char *app_path = (const char *) (app_entry + 1);
|
||||
const UINT32 app_path_len = app_entry->path_len;
|
||||
const char *app_path = (const char *) (app_entry + 1);
|
||||
const UINT32 app_path_len = app_entry->path_len;
|
||||
|
||||
if (path_len != app_path_len)
|
||||
return FALSE;
|
||||
if (path_len != app_path_len)
|
||||
return FALSE;
|
||||
|
||||
return fort_memcmp(path, app_path, path_len) == 0;
|
||||
return fort_memcmp(path, app_path, path_len) == 0;
|
||||
}
|
||||
|
||||
static FORT_APP_FLAGS
|
||||
fort_conf_app_exe_find (const PFORT_CONF conf,
|
||||
const char *path, UINT32 path_len)
|
||||
FORT_API FORT_APP_FLAGS fort_conf_app_exe_find(
|
||||
const PFORT_CONF conf, const char *path, UINT32 path_len)
|
||||
{
|
||||
FORT_APP_FLAGS app_flags;
|
||||
const char *data;
|
||||
const char *app_entries;
|
||||
UINT16 count = conf->exe_apps_n;
|
||||
FORT_APP_FLAGS app_flags;
|
||||
const char *data;
|
||||
const char *app_entries;
|
||||
UINT16 count = conf->exe_apps_n;
|
||||
|
||||
if (count == 0)
|
||||
goto not_found;
|
||||
if (count == 0)
|
||||
goto not_found;
|
||||
|
||||
data = conf->data;
|
||||
app_entries = (const char *) (data + conf->exe_apps_off);
|
||||
data = conf->data;
|
||||
app_entries = (const char *) (data + conf->exe_apps_off);
|
||||
|
||||
do {
|
||||
const PFORT_APP_ENTRY app_entry = (const PFORT_APP_ENTRY) app_entries;
|
||||
do {
|
||||
const PFORT_APP_ENTRY app_entry = (const PFORT_APP_ENTRY) app_entries;
|
||||
|
||||
if (fort_conf_app_exe_equal(app_entry, path, path_len)) {
|
||||
app_flags = app_entry->flags;
|
||||
goto end;
|
||||
if (fort_conf_app_exe_equal(app_entry, path, path_len)) {
|
||||
app_flags = app_entry->flags;
|
||||
goto end;
|
||||
}
|
||||
|
||||
app_entries += FORT_CONF_APP_ENTRY_SIZE(app_entry->path_len);
|
||||
} while (--count != 0);
|
||||
|
||||
not_found:
|
||||
app_flags.v = 0;
|
||||
|
||||
end:
|
||||
return app_flags;
|
||||
}
|
||||
|
||||
static int fort_conf_app_prefix_cmp(PFORT_APP_ENTRY app_entry, const char *path, UINT32 path_len)
|
||||
{
|
||||
const char *app_path = (const char *) (app_entry + 1);
|
||||
const UINT32 app_path_len = app_entry->path_len;
|
||||
|
||||
if (path_len > app_path_len)
|
||||
path_len = app_path_len;
|
||||
|
||||
return fort_memcmp(path, app_path, path_len);
|
||||
}
|
||||
|
||||
static FORT_APP_FLAGS fort_conf_app_prefix_find(
|
||||
const PFORT_CONF conf, const char *path, UINT32 path_len)
|
||||
{
|
||||
FORT_APP_FLAGS app_flags;
|
||||
const char *data;
|
||||
const UINT32 *app_offsets;
|
||||
const char *app_entries;
|
||||
const UINT16 count = conf->prefix_apps_n;
|
||||
int low, high;
|
||||
|
||||
if (count == 0)
|
||||
goto not_found;
|
||||
|
||||
data = conf->data;
|
||||
app_offsets = (const UINT32 *) (data + conf->prefix_apps_off);
|
||||
|
||||
app_entries = (const char *) (app_offsets + count + 1);
|
||||
low = 0, high = count - 1;
|
||||
|
||||
do {
|
||||
const int mid = (low + high) / 2;
|
||||
const UINT32 app_off = app_offsets[mid];
|
||||
const PFORT_APP_ENTRY app_entry = (PFORT_APP_ENTRY)(app_entries + app_off);
|
||||
const int res = fort_conf_app_prefix_cmp(app_entry, path, path_len);
|
||||
|
||||
if (res < 0)
|
||||
high = mid - 1;
|
||||
else if (res > 0)
|
||||
low = mid + 1;
|
||||
else {
|
||||
app_flags = app_entry->flags;
|
||||
goto end;
|
||||
}
|
||||
} while (low <= high);
|
||||
|
||||
not_found:
|
||||
app_flags.v = 0;
|
||||
|
||||
end:
|
||||
return app_flags;
|
||||
}
|
||||
|
||||
static FORT_APP_FLAGS fort_conf_app_wild_find(const PFORT_CONF conf, const char *path)
|
||||
{
|
||||
FORT_APP_FLAGS app_flags;
|
||||
const char *data;
|
||||
const char *app_entries;
|
||||
UINT16 count = conf->wild_apps_n;
|
||||
|
||||
if (count == 0)
|
||||
goto not_found;
|
||||
|
||||
data = conf->data;
|
||||
app_entries = (const char *) (data + conf->wild_apps_off);
|
||||
|
||||
do {
|
||||
const PFORT_APP_ENTRY app_entry = (const PFORT_APP_ENTRY) app_entries;
|
||||
const WCHAR *app_path = (const WCHAR *) (app_entry + 1);
|
||||
const int res = wildmatch(app_path, (const WCHAR *) path);
|
||||
|
||||
if (res == WM_MATCH) {
|
||||
app_flags = app_entry->flags;
|
||||
goto end;
|
||||
}
|
||||
|
||||
app_entries += FORT_CONF_APP_ENTRY_SIZE(app_entry->path_len);
|
||||
} while (--count != 0);
|
||||
|
||||
not_found:
|
||||
app_flags.v = 0;
|
||||
|
||||
end:
|
||||
return app_flags;
|
||||
}
|
||||
|
||||
FORT_API FORT_APP_FLAGS fort_conf_app_find(const PFORT_CONF conf, const char *path, UINT32 path_len,
|
||||
fort_conf_app_exe_find_func *exe_find_func)
|
||||
{
|
||||
FORT_APP_FLAGS app_flags;
|
||||
|
||||
app_flags = exe_find_func(conf, path, path_len);
|
||||
if (app_flags.v != 0)
|
||||
goto end;
|
||||
|
||||
app_flags = fort_conf_app_prefix_find(conf, path, path_len);
|
||||
if (app_flags.v != 0)
|
||||
goto end;
|
||||
|
||||
app_flags = fort_conf_app_wild_find(conf, path);
|
||||
|
||||
end:
|
||||
return app_flags;
|
||||
}
|
||||
|
||||
FORT_API BOOL fort_conf_app_blocked(const PFORT_CONF conf, FORT_APP_FLAGS app_flags)
|
||||
{
|
||||
const BOOL app_found = (app_flags.v != 0);
|
||||
|
||||
if (app_found && !app_flags.use_group_perm) {
|
||||
return app_flags.blocked;
|
||||
} else {
|
||||
const UINT32 app_perm_val = app_flags.blocked ? 2 : 1;
|
||||
const UINT32 app_perm = app_perm_val << (app_flags.group_index * 2);
|
||||
|
||||
const BOOL block_all = conf->flags.app_block_all;
|
||||
const BOOL allow_all = conf->flags.app_allow_all;
|
||||
|
||||
const BOOL app_blocked =
|
||||
block_all ? TRUE : (app_found && (app_perm & conf->app_perms_block_mask));
|
||||
const BOOL app_allowed =
|
||||
allow_all ? TRUE : (app_found && (app_perm & conf->app_perms_allow_mask));
|
||||
|
||||
return block_all ? !app_allowed : (allow_all ? app_blocked : (app_blocked && !app_allowed));
|
||||
}
|
||||
}
|
||||
|
||||
FORT_API UINT16 fort_conf_app_period_bits(const PFORT_CONF conf, FORT_TIME time, int *periods_n)
|
||||
{
|
||||
const char *data;
|
||||
PFORT_PERIOD app_periods;
|
||||
UINT16 period_bits;
|
||||
UINT8 count = conf->app_periods_n;
|
||||
int n, i;
|
||||
|
||||
if (count == 0)
|
||||
return 0;
|
||||
|
||||
data = conf->data;
|
||||
app_periods = (const PFORT_PERIOD)(data + conf->app_periods_off);
|
||||
period_bits = (UINT16) conf->flags.group_bits;
|
||||
n = 0;
|
||||
|
||||
for (i = 0; i < FORT_CONF_GROUP_MAX; ++i) {
|
||||
const UINT16 bit = (1 << i);
|
||||
const FORT_PERIOD period = *app_periods++;
|
||||
|
||||
if ((period_bits & bit) != 0 && period.v != 0) {
|
||||
if (!is_time_in_period(time, period)) {
|
||||
period_bits ^= bit;
|
||||
}
|
||||
|
||||
++n;
|
||||
|
||||
if (--count == 0)
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
app_entries += FORT_CONF_APP_ENTRY_SIZE(app_entry->path_len);
|
||||
} while (--count != 0);
|
||||
|
||||
not_found:
|
||||
app_flags.v = 0;
|
||||
|
||||
end:
|
||||
return app_flags;
|
||||
}
|
||||
|
||||
static int
|
||||
fort_conf_app_prefix_cmp (PFORT_APP_ENTRY app_entry,
|
||||
const char *path, UINT32 path_len)
|
||||
{
|
||||
const char *app_path = (const char *) (app_entry + 1);
|
||||
const UINT32 app_path_len = app_entry->path_len;
|
||||
|
||||
if (path_len > app_path_len)
|
||||
path_len = app_path_len;
|
||||
|
||||
return fort_memcmp(path, app_path, path_len);
|
||||
}
|
||||
|
||||
static FORT_APP_FLAGS
|
||||
fort_conf_app_prefix_find (const PFORT_CONF conf,
|
||||
const char *path, UINT32 path_len)
|
||||
{
|
||||
FORT_APP_FLAGS app_flags;
|
||||
const char *data;
|
||||
const UINT32 *app_offsets;
|
||||
const char *app_entries;
|
||||
const UINT16 count = conf->prefix_apps_n;
|
||||
int low, high;
|
||||
|
||||
if (count == 0)
|
||||
goto not_found;
|
||||
|
||||
data = conf->data;
|
||||
app_offsets = (const UINT32 *) (data + conf->prefix_apps_off);
|
||||
|
||||
app_entries = (const char *) (app_offsets + count + 1);
|
||||
low = 0, high = count - 1;
|
||||
|
||||
do {
|
||||
const int mid = (low + high) / 2;
|
||||
const UINT32 app_off = app_offsets[mid];
|
||||
const PFORT_APP_ENTRY app_entry = (PFORT_APP_ENTRY) (app_entries + app_off);
|
||||
const int res = fort_conf_app_prefix_cmp(app_entry, path, path_len);
|
||||
|
||||
if (res < 0)
|
||||
high = mid - 1;
|
||||
else if (res > 0)
|
||||
low = mid + 1;
|
||||
else {
|
||||
app_flags = app_entry->flags;
|
||||
goto end;
|
||||
}
|
||||
} while (low <= high);
|
||||
|
||||
not_found:
|
||||
app_flags.v = 0;
|
||||
|
||||
end:
|
||||
return app_flags;
|
||||
}
|
||||
|
||||
static FORT_APP_FLAGS
|
||||
fort_conf_app_wild_find (const PFORT_CONF conf, const char *path)
|
||||
{
|
||||
FORT_APP_FLAGS app_flags;
|
||||
const char *data;
|
||||
const char *app_entries;
|
||||
UINT16 count = conf->wild_apps_n;
|
||||
|
||||
if (count == 0)
|
||||
goto not_found;
|
||||
|
||||
data = conf->data;
|
||||
app_entries = (const char *) (data + conf->wild_apps_off);
|
||||
|
||||
do {
|
||||
const PFORT_APP_ENTRY app_entry = (const PFORT_APP_ENTRY) app_entries;
|
||||
const WCHAR *app_path = (const WCHAR *) (app_entry + 1);
|
||||
const int res = wildmatch(app_path, (const WCHAR *) path);
|
||||
|
||||
if (res == WM_MATCH) {
|
||||
app_flags = app_entry->flags;
|
||||
goto end;
|
||||
if (periods_n != NULL) {
|
||||
*periods_n = n;
|
||||
}
|
||||
|
||||
app_entries += FORT_CONF_APP_ENTRY_SIZE(app_entry->path_len);
|
||||
} while (--count != 0);
|
||||
|
||||
not_found:
|
||||
app_flags.v = 0;
|
||||
|
||||
end:
|
||||
return app_flags;
|
||||
return period_bits;
|
||||
}
|
||||
|
||||
static FORT_APP_FLAGS
|
||||
fort_conf_app_find (const PFORT_CONF conf,
|
||||
const char *path, UINT32 path_len,
|
||||
fort_conf_app_exe_find_func *exe_find_func)
|
||||
FORT_API void fort_conf_app_perms_mask_init(PFORT_CONF conf, UINT32 group_bits)
|
||||
{
|
||||
FORT_APP_FLAGS app_flags;
|
||||
UINT32 perms_mask = (group_bits & 0x0001) | ((group_bits & 0x0002) << 1)
|
||||
| ((group_bits & 0x0004) << 2) | ((group_bits & 0x0008) << 3) | ((group_bits & 0x0010) << 4)
|
||||
| ((group_bits & 0x0020) << 5) | ((group_bits & 0x0040) << 6) | ((group_bits & 0x0080) << 7)
|
||||
| ((group_bits & 0x0100) << 8) | ((group_bits & 0x0200) << 9)
|
||||
| ((group_bits & 0x0400) << 10) | ((group_bits & 0x0800) << 11)
|
||||
| ((group_bits & 0x1000) << 12) | ((group_bits & 0x2000) << 13)
|
||||
| ((group_bits & 0x4000) << 14) | ((group_bits & 0x8000) << 15);
|
||||
|
||||
app_flags = exe_find_func(conf, path, path_len);
|
||||
if (app_flags.v != 0)
|
||||
goto end;
|
||||
perms_mask |= perms_mask << 1;
|
||||
|
||||
app_flags = fort_conf_app_prefix_find(conf, path, path_len);
|
||||
if (app_flags.v != 0)
|
||||
goto end;
|
||||
|
||||
app_flags = fort_conf_app_wild_find(conf, path);
|
||||
|
||||
end:
|
||||
return app_flags;
|
||||
}
|
||||
|
||||
static BOOL
|
||||
fort_conf_app_blocked (const PFORT_CONF conf, FORT_APP_FLAGS app_flags)
|
||||
{
|
||||
const BOOL app_found = (app_flags.v != 0);
|
||||
|
||||
if (app_found && !app_flags.use_group_perm) {
|
||||
return app_flags.blocked;
|
||||
} else {
|
||||
const UINT32 app_perm_val = app_flags.blocked ? 2 : 1;
|
||||
const UINT32 app_perm = app_perm_val << (app_flags.group_index * 2);
|
||||
|
||||
const BOOL block_all = conf->flags.app_block_all;
|
||||
const BOOL allow_all = conf->flags.app_allow_all;
|
||||
|
||||
const BOOL app_blocked = block_all ? TRUE : (app_found
|
||||
&& (app_perm & conf->app_perms_block_mask));
|
||||
const BOOL app_allowed = allow_all ? TRUE : (app_found
|
||||
&& (app_perm & conf->app_perms_allow_mask));
|
||||
|
||||
return block_all ? !app_allowed
|
||||
: (allow_all ? app_blocked
|
||||
: (app_blocked && !app_allowed));
|
||||
}
|
||||
}
|
||||
|
||||
static UINT16
|
||||
fort_conf_app_period_bits (const PFORT_CONF conf, FORT_TIME time,
|
||||
int *periods_n)
|
||||
{
|
||||
const char *data;
|
||||
PFORT_PERIOD app_periods;
|
||||
UINT16 period_bits;
|
||||
UINT8 count = conf->app_periods_n;
|
||||
int n, i;
|
||||
|
||||
if (count == 0)
|
||||
return 0;
|
||||
|
||||
data = conf->data;
|
||||
app_periods = (const PFORT_PERIOD) (data + conf->app_periods_off);
|
||||
period_bits = (UINT16) conf->flags.group_bits;
|
||||
n = 0;
|
||||
|
||||
for (i = 0; i < FORT_CONF_GROUP_MAX; ++i) {
|
||||
const UINT16 bit = (1 << i);
|
||||
const FORT_PERIOD period = *app_periods++;
|
||||
|
||||
if ((period_bits & bit) != 0 && period.v != 0) {
|
||||
if (!is_time_in_period(time, period)) {
|
||||
period_bits ^= bit;
|
||||
}
|
||||
|
||||
++n;
|
||||
|
||||
if (--count == 0)
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (periods_n != NULL) {
|
||||
*periods_n = n;
|
||||
}
|
||||
|
||||
return period_bits;
|
||||
}
|
||||
|
||||
static void
|
||||
fort_conf_app_perms_mask_init (PFORT_CONF conf, UINT32 group_bits)
|
||||
{
|
||||
UINT32 perms_mask =
|
||||
(group_bits & 0x0001) | ((group_bits & 0x0002) << 1)
|
||||
| ((group_bits & 0x0004) << 2) | ((group_bits & 0x0008) << 3)
|
||||
| ((group_bits & 0x0010) << 4) | ((group_bits & 0x0020) << 5)
|
||||
| ((group_bits & 0x0040) << 6) | ((group_bits & 0x0080) << 7)
|
||||
| ((group_bits & 0x0100) << 8) | ((group_bits & 0x0200) << 9)
|
||||
| ((group_bits & 0x0400) << 10) | ((group_bits & 0x0800) << 11)
|
||||
| ((group_bits & 0x1000) << 12) | ((group_bits & 0x2000) << 13)
|
||||
| ((group_bits & 0x4000) << 14) | ((group_bits & 0x8000) << 15);
|
||||
|
||||
perms_mask |= perms_mask << 1;
|
||||
|
||||
conf->app_perms_block_mask = (perms_mask & 0xAAAAAAAA);
|
||||
conf->app_perms_allow_mask = (perms_mask & 0x55555555);
|
||||
conf->app_perms_block_mask = (perms_mask & 0xAAAAAAAA);
|
||||
conf->app_perms_allow_mask = (perms_mask & 0x55555555);
|
||||
}
|
||||
|
@ -1,182 +1,242 @@
|
||||
#ifndef FORTCONF_H
|
||||
#define FORTCONF_H
|
||||
|
||||
#define FORT_CONF_IP_MAX (10 * 1024 * 1024)
|
||||
#define FORT_CONF_IP_ARR_SIZE(n) ((n) * sizeof(UINT32))
|
||||
#define FORT_CONF_IP_RANGE_SIZE(n) (FORT_CONF_IP_ARR_SIZE(n) * 2)
|
||||
#define FORT_CONF_ZONE_MAX 32
|
||||
#define FORT_CONF_GROUP_MAX 16
|
||||
#define FORT_CONF_APPS_LEN_MAX (64 * 1024 * 1024)
|
||||
#define FORT_CONF_APP_PATH_MAX (2 * 1024)
|
||||
#define FORT_CONF_STR_ALIGN 4
|
||||
#define FORT_CONF_STR_HEADER_SIZE(n) (((n) + 1) * sizeof(UINT32))
|
||||
#define FORT_CONF_STR_DATA_SIZE(size) ((((size) + (FORT_CONF_STR_ALIGN - 1)) & ~(FORT_CONF_STR_ALIGN - 1)))
|
||||
#define FORT_CONF_APP_ENTRY_SIZE(len) (sizeof(FORT_APP_ENTRY) + (len) + sizeof(wchar_t)) /* include terminating zero */
|
||||
#include "common.h"
|
||||
|
||||
typedef struct fort_conf_flags {
|
||||
UINT32 prov_boot : 1;
|
||||
UINT32 filter_enabled : 1;
|
||||
UINT32 filter_locals : 1;
|
||||
UINT32 stop_traffic : 1;
|
||||
UINT32 stop_inet_traffic : 1;
|
||||
UINT32 allow_all_new : 1;
|
||||
UINT32 app_block_all : 1;
|
||||
UINT32 app_allow_all : 1;
|
||||
UINT32 log_blocked : 1;
|
||||
UINT32 log_stat : 1;
|
||||
#define FORT_CONF_IP_MAX (10 * 1024 * 1024)
|
||||
#define FORT_CONF_IP_ARR_SIZE(n) ((n) * sizeof(UINT32))
|
||||
#define FORT_CONF_IP_RANGE_SIZE(n) (FORT_CONF_IP_ARR_SIZE(n) * 2)
|
||||
#define FORT_CONF_ZONE_MAX 32
|
||||
#define FORT_CONF_GROUP_MAX 16
|
||||
#define FORT_CONF_APPS_LEN_MAX (64 * 1024 * 1024)
|
||||
#define FORT_CONF_APP_PATH_MAX (2 * 1024)
|
||||
#define FORT_CONF_STR_ALIGN 4
|
||||
#define FORT_CONF_STR_HEADER_SIZE(n) (((n) + 1) * sizeof(UINT32))
|
||||
#define FORT_CONF_STR_DATA_SIZE(size) \
|
||||
((((size) + (FORT_CONF_STR_ALIGN - 1)) & ~(FORT_CONF_STR_ALIGN - 1)))
|
||||
#define FORT_CONF_APP_ENTRY_SIZE(len) \
|
||||
(sizeof(FORT_APP_ENTRY) + (len) + sizeof(wchar_t)) /* include terminating zero */
|
||||
|
||||
UINT32 group_bits : 16;
|
||||
typedef struct fort_conf_flags
|
||||
{
|
||||
UINT32 prov_boot : 1;
|
||||
UINT32 filter_enabled : 1;
|
||||
UINT32 filter_locals : 1;
|
||||
UINT32 stop_traffic : 1;
|
||||
UINT32 stop_inet_traffic : 1;
|
||||
UINT32 allow_all_new : 1;
|
||||
UINT32 app_block_all : 1;
|
||||
UINT32 app_allow_all : 1;
|
||||
UINT32 log_blocked : 1;
|
||||
UINT32 log_stat : 1;
|
||||
|
||||
UINT32 group_bits : 16;
|
||||
} FORT_CONF_FLAGS, *PFORT_CONF_FLAGS;
|
||||
|
||||
typedef struct fort_conf_addr_list {
|
||||
UINT32 ip_n;
|
||||
UINT32 pair_n;
|
||||
typedef struct fort_conf_addr_list
|
||||
{
|
||||
UINT32 ip_n;
|
||||
UINT32 pair_n;
|
||||
|
||||
UINT32 ip[1];
|
||||
UINT32 ip[1];
|
||||
} FORT_CONF_ADDR_LIST, *PFORT_CONF_ADDR_LIST;
|
||||
|
||||
typedef struct fort_conf_addr_group {
|
||||
UINT32 include_all : 1;
|
||||
UINT32 exclude_all : 1;
|
||||
UINT32 include_is_empty : 1;
|
||||
UINT32 exclude_is_empty : 1;
|
||||
typedef struct fort_conf_addr_group
|
||||
{
|
||||
UINT32 include_all : 1;
|
||||
UINT32 exclude_all : 1;
|
||||
UINT32 include_is_empty : 1;
|
||||
UINT32 exclude_is_empty : 1;
|
||||
|
||||
UINT32 include_zones;
|
||||
UINT32 exclude_zones;
|
||||
UINT32 include_zones;
|
||||
UINT32 exclude_zones;
|
||||
|
||||
UINT32 exclude_off;
|
||||
UINT32 exclude_off;
|
||||
|
||||
char data[4];
|
||||
char data[4];
|
||||
} FORT_CONF_ADDR_GROUP, *PFORT_CONF_ADDR_GROUP;
|
||||
|
||||
typedef struct fort_conf_zones {
|
||||
UINT32 mask;
|
||||
UINT32 enabled_mask;
|
||||
typedef struct fort_conf_zones
|
||||
{
|
||||
UINT32 mask;
|
||||
UINT32 enabled_mask;
|
||||
|
||||
UINT32 addr_off[FORT_CONF_ZONE_MAX];
|
||||
UINT32 addr_off[FORT_CONF_ZONE_MAX];
|
||||
|
||||
char data[4];
|
||||
char data[4];
|
||||
} FORT_CONF_ZONES, *PFORT_CONF_ZONES;
|
||||
|
||||
typedef struct fort_conf_zone_flag {
|
||||
UCHAR zone_id;
|
||||
UCHAR enabled;
|
||||
typedef struct fort_conf_zone_flag
|
||||
{
|
||||
UCHAR zone_id;
|
||||
UCHAR enabled;
|
||||
} FORT_CONF_ZONE_FLAG, *PFORT_CONF_ZONE_FLAG;
|
||||
|
||||
typedef struct fort_traf {
|
||||
union {
|
||||
UINT64 v;
|
||||
typedef struct fort_traf
|
||||
{
|
||||
union {
|
||||
UINT64 v;
|
||||
|
||||
struct {
|
||||
UINT32 in_bytes;
|
||||
UINT32 out_bytes;
|
||||
struct
|
||||
{
|
||||
UINT32 in_bytes;
|
||||
UINT32 out_bytes;
|
||||
};
|
||||
};
|
||||
};
|
||||
} FORT_TRAF, *PFORT_TRAF;
|
||||
|
||||
typedef struct fort_time {
|
||||
union {
|
||||
UINT16 v;
|
||||
typedef struct fort_time
|
||||
{
|
||||
union {
|
||||
UINT16 v;
|
||||
|
||||
struct {
|
||||
UCHAR hour;
|
||||
UCHAR minute;
|
||||
struct
|
||||
{
|
||||
UCHAR hour;
|
||||
UCHAR minute;
|
||||
};
|
||||
};
|
||||
};
|
||||
} FORT_TIME, *PFORT_TIME;
|
||||
|
||||
typedef struct fort_period {
|
||||
union {
|
||||
UINT32 v;
|
||||
typedef struct fort_period
|
||||
{
|
||||
union {
|
||||
UINT32 v;
|
||||
|
||||
struct {
|
||||
FORT_TIME from;
|
||||
FORT_TIME to;
|
||||
struct
|
||||
{
|
||||
FORT_TIME from;
|
||||
FORT_TIME to;
|
||||
};
|
||||
};
|
||||
};
|
||||
} FORT_PERIOD, *PFORT_PERIOD;
|
||||
|
||||
typedef struct fort_app_flags {
|
||||
union {
|
||||
UINT16 v;
|
||||
typedef struct fort_app_flags
|
||||
{
|
||||
union {
|
||||
UINT16 v;
|
||||
|
||||
struct {
|
||||
UCHAR group_index;
|
||||
UCHAR use_group_perm : 1;
|
||||
UCHAR blocked : 1;
|
||||
UCHAR alerted : 1;
|
||||
UCHAR is_new : 1;
|
||||
UCHAR found : 1;
|
||||
struct
|
||||
{
|
||||
UCHAR group_index;
|
||||
UCHAR use_group_perm : 1;
|
||||
UCHAR blocked : 1;
|
||||
UCHAR alerted : 1;
|
||||
UCHAR is_new : 1;
|
||||
UCHAR found : 1;
|
||||
};
|
||||
};
|
||||
};
|
||||
} FORT_APP_FLAGS, *PFORT_APP_FLAGS;
|
||||
|
||||
typedef struct fort_app_entry {
|
||||
union {
|
||||
UINT32 v;
|
||||
typedef struct fort_app_entry
|
||||
{
|
||||
union {
|
||||
UINT32 v;
|
||||
|
||||
struct {
|
||||
UINT16 path_len;
|
||||
FORT_APP_FLAGS flags;
|
||||
struct
|
||||
{
|
||||
UINT16 path_len;
|
||||
FORT_APP_FLAGS flags;
|
||||
};
|
||||
};
|
||||
};
|
||||
} FORT_APP_ENTRY, *PFORT_APP_ENTRY;
|
||||
|
||||
typedef struct fort_conf_group {
|
||||
UINT16 fragment_bits;
|
||||
typedef struct fort_conf_group
|
||||
{
|
||||
UINT16 fragment_bits;
|
||||
|
||||
UINT16 limit_bits;
|
||||
UINT32 limit_2bits;
|
||||
UINT16 limit_bits;
|
||||
UINT32 limit_2bits;
|
||||
|
||||
FORT_TRAF limits[FORT_CONF_GROUP_MAX]; /* Bytes per 0.5 sec. */
|
||||
FORT_TRAF limits[FORT_CONF_GROUP_MAX]; /* Bytes per 0.5 sec. */
|
||||
} FORT_CONF_GROUP, *PFORT_CONF_GROUP;
|
||||
|
||||
typedef struct fort_conf {
|
||||
FORT_CONF_FLAGS flags;
|
||||
typedef struct fort_conf
|
||||
{
|
||||
FORT_CONF_FLAGS flags;
|
||||
|
||||
UCHAR app_periods_n;
|
||||
UCHAR app_periods_n;
|
||||
|
||||
UINT16 wild_apps_n;
|
||||
UINT16 prefix_apps_n;
|
||||
UINT16 exe_apps_n;
|
||||
UINT16 wild_apps_n;
|
||||
UINT16 prefix_apps_n;
|
||||
UINT16 exe_apps_n;
|
||||
|
||||
UINT32 app_perms_block_mask;
|
||||
UINT32 app_perms_allow_mask;
|
||||
UINT32 app_perms_block_mask;
|
||||
UINT32 app_perms_allow_mask;
|
||||
|
||||
UINT32 addr_groups_off;
|
||||
UINT32 addr_groups_off;
|
||||
|
||||
UINT32 app_periods_off;
|
||||
UINT32 app_periods_off;
|
||||
|
||||
UINT32 wild_apps_off;
|
||||
UINT32 prefix_apps_off;
|
||||
UINT32 exe_apps_off;
|
||||
UINT32 wild_apps_off;
|
||||
UINT32 prefix_apps_off;
|
||||
UINT32 exe_apps_off;
|
||||
|
||||
char data[4];
|
||||
char data[4];
|
||||
} FORT_CONF, *PFORT_CONF;
|
||||
|
||||
typedef struct fort_conf_version {
|
||||
UINT16 driver_version;
|
||||
typedef struct fort_conf_version
|
||||
{
|
||||
UINT16 driver_version;
|
||||
} FORT_CONF_VERSION, *PFORT_CONF_VERSION;
|
||||
|
||||
typedef struct fort_conf_io {
|
||||
FORT_CONF_GROUP conf_group;
|
||||
typedef struct fort_conf_io
|
||||
{
|
||||
FORT_CONF_GROUP conf_group;
|
||||
|
||||
FORT_CONF conf;
|
||||
FORT_CONF conf;
|
||||
} FORT_CONF_IO, *PFORT_CONF_IO;
|
||||
|
||||
#define FORT_CONF_DATA_OFF offsetof(FORT_CONF, data)
|
||||
#define FORT_CONF_IO_CONF_OFF offsetof(FORT_CONF_IO, conf)
|
||||
#define FORT_CONF_ADDR_LIST_OFF offsetof(FORT_CONF_ADDR_LIST, ip)
|
||||
#define FORT_CONF_ADDR_GROUP_OFF offsetof(FORT_CONF_ADDR_GROUP, data)
|
||||
#define FORT_CONF_ZONES_DATA_OFF offsetof(FORT_CONF_ZONES, data)
|
||||
#define FORT_CONF_DATA_OFF offsetof(FORT_CONF, data)
|
||||
#define FORT_CONF_IO_CONF_OFF offsetof(FORT_CONF_IO, conf)
|
||||
#define FORT_CONF_ADDR_LIST_OFF offsetof(FORT_CONF_ADDR_LIST, ip)
|
||||
#define FORT_CONF_ADDR_GROUP_OFF offsetof(FORT_CONF_ADDR_GROUP, data)
|
||||
#define FORT_CONF_ZONES_DATA_OFF offsetof(FORT_CONF_ZONES, data)
|
||||
|
||||
#define FORT_CONF_ADDR_LIST_SIZE(ip_n, pair_n) \
|
||||
(FORT_CONF_ADDR_LIST_OFF + FORT_CONF_IP_ARR_SIZE(ip_n) + FORT_CONF_IP_RANGE_SIZE(pair_n))
|
||||
#define FORT_CONF_ADDR_LIST_SIZE(ip_n, pair_n) \
|
||||
(FORT_CONF_ADDR_LIST_OFF + FORT_CONF_IP_ARR_SIZE(ip_n) + FORT_CONF_IP_RANGE_SIZE(pair_n))
|
||||
|
||||
typedef FORT_APP_FLAGS fort_conf_app_exe_find_func(
|
||||
const PFORT_CONF conf, const char *path, UINT32 path_len);
|
||||
|
||||
typedef BOOL fort_conf_zones_ip_included_func(
|
||||
void *ctx, UINT32 zones_mask, UINT32 remote_ip);
|
||||
typedef BOOL fort_conf_zones_ip_included_func(void *ctx, UINT32 zones_mask, UINT32 remote_ip);
|
||||
|
||||
#endif FORTCONF_H
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
FORT_API int bit_scan_forward(unsigned long mask);
|
||||
|
||||
FORT_API BOOL is_time_in_period(FORT_TIME time, FORT_PERIOD period);
|
||||
|
||||
FORT_API BOOL fort_conf_ip_inlist(UINT32 ip, const PFORT_CONF_ADDR_LIST addr_list);
|
||||
|
||||
FORT_API PFORT_CONF_ADDR_GROUP fort_conf_addr_group_ref(
|
||||
const PFORT_CONF conf, int addr_group_index);
|
||||
|
||||
#define fort_conf_addr_group_include_list_ref(addr_group) ((PFORT_CONF_ADDR_LIST)(addr_group)->data)
|
||||
#define fort_conf_addr_group_exclude_list_ref(addr_group) \
|
||||
((PFORT_CONF_ADDR_LIST)((addr_group)->data + (addr_group)->exclude_off))
|
||||
|
||||
FORT_API BOOL fort_conf_ip_included(const PFORT_CONF conf,
|
||||
fort_conf_zones_ip_included_func zone_func, void *ctx, UINT32 remote_ip, int addr_group_index);
|
||||
|
||||
FORT_API BOOL fort_conf_app_exe_equal(PFORT_APP_ENTRY app_entry, const char *path, UINT32 path_len);
|
||||
|
||||
FORT_API FORT_APP_FLAGS fort_conf_app_exe_find(
|
||||
const PFORT_CONF conf, const char *path, UINT32 path_len);
|
||||
|
||||
FORT_API FORT_APP_FLAGS fort_conf_app_find(const PFORT_CONF conf, const char *path, UINT32 path_len,
|
||||
fort_conf_app_exe_find_func *exe_find_func);
|
||||
|
||||
FORT_API BOOL fort_conf_app_blocked(const PFORT_CONF conf, FORT_APP_FLAGS app_flags);
|
||||
|
||||
FORT_API UINT16 fort_conf_app_period_bits(const PFORT_CONF conf, FORT_TIME time, int *periods_n);
|
||||
|
||||
FORT_API void fort_conf_app_perms_mask_init(PFORT_CONF conf, UINT32 group_bits);
|
||||
|
||||
#ifdef __cplusplus
|
||||
} // extern "C"
|
||||
#endif
|
||||
|
||||
#endif // FORTCONF_H
|
||||
|
@ -1,89 +1,93 @@
|
||||
#ifndef FORTDEV_H
|
||||
#define FORTDEV_H
|
||||
|
||||
#include "common.h"
|
||||
|
||||
#define INITGUID
|
||||
#include <guiddef.h>
|
||||
|
||||
#include <winioctl.h>
|
||||
|
||||
/* GUID-s generated by guidgen.exe */
|
||||
|
||||
/* {012B3999-B791-463E-918C-C32B53E9350E} */
|
||||
DEFINE_GUID(FORT_GUID_PROVIDER,
|
||||
0x12b3999, 0xb791, 0x463e, 0x91, 0x8c, 0xc3, 0x2b, 0x53, 0xe9, 0x35, 0xe);
|
||||
DEFINE_GUID(
|
||||
FORT_GUID_PROVIDER, 0x12b3999, 0xb791, 0x463e, 0x91, 0x8c, 0xc3, 0x2b, 0x53, 0xe9, 0x35, 0xe);
|
||||
|
||||
/* {749978E2-CB6A-42F9-9C30-1A3EA9810185} */
|
||||
DEFINE_GUID(FORT_GUID_CALLOUT_CONNECT_V4,
|
||||
0x749978e2, 0xcb6a, 0x42f9, 0x9c, 0x30, 0x1a, 0x3e, 0xa9, 0x81, 0x1, 0x85);
|
||||
DEFINE_GUID(FORT_GUID_CALLOUT_CONNECT_V4, 0x749978e2, 0xcb6a, 0x42f9, 0x9c, 0x30, 0x1a, 0x3e, 0xa9,
|
||||
0x81, 0x1, 0x85);
|
||||
|
||||
/* {CED9C0FC-DF22-4F39-9185-B435726CABB2} */
|
||||
DEFINE_GUID(FORT_GUID_CALLOUT_ACCEPT_V4,
|
||||
0xced9c0fc, 0xdf22, 0x4f39, 0x91, 0x85, 0xb4, 0x35, 0x72, 0x6c, 0xab, 0xb2);
|
||||
DEFINE_GUID(FORT_GUID_CALLOUT_ACCEPT_V4, 0xced9c0fc, 0xdf22, 0x4f39, 0x91, 0x85, 0xb4, 0x35, 0x72,
|
||||
0x6c, 0xab, 0xb2);
|
||||
|
||||
/* {1F50005D-CDBC-42A0-A0C0-53E43081FABE} */
|
||||
DEFINE_GUID(FORT_GUID_CALLOUT_STREAM_V4,
|
||||
0x1f50005d, 0xcdbc, 0x42a0, 0xa0, 0xc0, 0x53, 0xe4, 0x30, 0x81, 0xfa, 0xbe);
|
||||
DEFINE_GUID(FORT_GUID_CALLOUT_STREAM_V4, 0x1f50005d, 0xcdbc, 0x42a0, 0xa0, 0xc0, 0x53, 0xe4, 0x30,
|
||||
0x81, 0xfa, 0xbe);
|
||||
|
||||
/* {5F1A7B3C-3E88-41C9-A442-61CFE6A48806} */
|
||||
DEFINE_GUID(FORT_GUID_CALLOUT_DATAGRAM_V4,
|
||||
0x5f1a7b3c, 0x3e88, 0x41c9, 0xa4, 0x42, 0x61, 0xcf, 0xe6, 0xa4, 0x88, 0x6);
|
||||
DEFINE_GUID(FORT_GUID_CALLOUT_DATAGRAM_V4, 0x5f1a7b3c, 0x3e88, 0x41c9, 0xa4, 0x42, 0x61, 0xcf, 0xe6,
|
||||
0xa4, 0x88, 0x6);
|
||||
|
||||
/* {DED18B1B-0022-415F-AFDC-C9D59CE6D475} */
|
||||
DEFINE_GUID(FORT_GUID_CALLOUT_IN_TRANSPORT_V4,
|
||||
0xded18b1b, 0x22, 0x415f, 0xaf, 0xdc, 0xc9, 0xd5, 0x9c, 0xe6, 0xd4, 0x75);
|
||||
DEFINE_GUID(FORT_GUID_CALLOUT_IN_TRANSPORT_V4, 0xded18b1b, 0x22, 0x415f, 0xaf, 0xdc, 0xc9, 0xd5,
|
||||
0x9c, 0xe6, 0xd4, 0x75);
|
||||
|
||||
/* {0004F6D3-8430-4B35-9BF7-23C25C25003E} */
|
||||
DEFINE_GUID(FORT_GUID_CALLOUT_OUT_TRANSPORT_V4,
|
||||
0x4f6d3, 0x8430, 0x4b35, 0x9b, 0xf7, 0x23, 0xc2, 0x5c, 0x25, 0x0, 0x3e);
|
||||
DEFINE_GUID(FORT_GUID_CALLOUT_OUT_TRANSPORT_V4, 0x4f6d3, 0x8430, 0x4b35, 0x9b, 0xf7, 0x23, 0xc2,
|
||||
0x5c, 0x25, 0x0, 0x3e);
|
||||
|
||||
/* {AFA06CD5-4942-4FDF-8A4A-2EDEB25BBECE} */
|
||||
DEFINE_GUID(FORT_GUID_SUBLAYER,
|
||||
0xafa06cd5, 0x4942, 0x4fdf, 0x8a, 0x4a, 0x2e, 0xde, 0xb2, 0x5b, 0xbe, 0xce);
|
||||
DEFINE_GUID(
|
||||
FORT_GUID_SUBLAYER, 0xafa06cd5, 0x4942, 0x4fdf, 0x8a, 0x4a, 0x2e, 0xde, 0xb2, 0x5b, 0xbe, 0xce);
|
||||
|
||||
/* {91CF8B80-7BB2-42BA-8A26-8242E14532FC} */
|
||||
DEFINE_GUID(FORT_GUID_FILTER_CONNECT_V4,
|
||||
0x91cf8b80, 0x7bb2, 0x42ba, 0x8a, 0x26, 0x82, 0x42, 0xe1, 0x45, 0x32, 0xfc);
|
||||
DEFINE_GUID(FORT_GUID_FILTER_CONNECT_V4, 0x91cf8b80, 0x7bb2, 0x42ba, 0x8a, 0x26, 0x82, 0x42, 0xe1,
|
||||
0x45, 0x32, 0xfc);
|
||||
|
||||
/* {544A3E25-7BEB-4970-88EF-B4BCA2CE2482} */
|
||||
DEFINE_GUID(FORT_GUID_FILTER_ACCEPT_V4,
|
||||
0x544a3e25, 0x7beb, 0x4970, 0x88, 0xef, 0xb4, 0xbc, 0xa2, 0xce, 0x24, 0x82);
|
||||
DEFINE_GUID(FORT_GUID_FILTER_ACCEPT_V4, 0x544a3e25, 0x7beb, 0x4970, 0x88, 0xef, 0xb4, 0xbc, 0xa2,
|
||||
0xce, 0x24, 0x82);
|
||||
|
||||
/* {ED0F2527-A787-4CA2-9493-C96320422FCF} */
|
||||
DEFINE_GUID(FORT_GUID_FILTER_STREAM_V4,
|
||||
0xed0f2527, 0xa787, 0x4ca2, 0x94, 0x93, 0xc9, 0x63, 0x20, 0x42, 0x2f, 0xcf);
|
||||
DEFINE_GUID(FORT_GUID_FILTER_STREAM_V4, 0xed0f2527, 0xa787, 0x4ca2, 0x94, 0x93, 0xc9, 0x63, 0x20,
|
||||
0x42, 0x2f, 0xcf);
|
||||
|
||||
/* {A3700639-1B50-461C-BE4C-BC350A7FB3A9} */
|
||||
DEFINE_GUID(FORT_GUID_FILTER_DATAGRAM_V4,
|
||||
0xa3700639, 0x1b50, 0x461c, 0xbe, 0x4c, 0xbc, 0x35, 0xa, 0x7f, 0xb3, 0xa9);
|
||||
DEFINE_GUID(FORT_GUID_FILTER_DATAGRAM_V4, 0xa3700639, 0x1b50, 0x461c, 0xbe, 0x4c, 0xbc, 0x35, 0xa,
|
||||
0x7f, 0xb3, 0xa9);
|
||||
|
||||
/* {F515D62B-26A3-413E-874C-D65CE70C9AEF} */
|
||||
DEFINE_GUID(FORT_GUID_FILTER_IN_TRANSPORT_V4,
|
||||
0xf515d62b, 0x26a3, 0x413e, 0x87, 0x4c, 0xd6, 0x5c, 0xe7, 0xc, 0x9a, 0xef);
|
||||
DEFINE_GUID(FORT_GUID_FILTER_IN_TRANSPORT_V4, 0xf515d62b, 0x26a3, 0x413e, 0x87, 0x4c, 0xd6, 0x5c,
|
||||
0xe7, 0xc, 0x9a, 0xef);
|
||||
|
||||
/* {D284AFE8-4CAF-4432-A753-B6F311BDA2BA} */
|
||||
DEFINE_GUID(FORT_GUID_FILTER_OUT_TRANSPORT_V4,
|
||||
0xd284afe8, 0x4caf, 0x4432, 0xa7, 0x53, 0xb6, 0xf3, 0x11, 0xbd, 0xa2, 0xba);
|
||||
DEFINE_GUID(FORT_GUID_FILTER_OUT_TRANSPORT_V4, 0xd284afe8, 0x4caf, 0x4432, 0xa7, 0x53, 0xb6, 0xf3,
|
||||
0x11, 0xbd, 0xa2, 0xba);
|
||||
|
||||
/* {C2D858F8-2951-4EED-8DA1-A4930F8E5204} */
|
||||
DEFINE_GUID(FORT_GUID_FILTER_REAUTH_IN,
|
||||
0xc2d858f8, 0x2951, 0x4eed, 0x8d, 0xa1, 0xa4, 0x93, 0xf, 0x8e, 0x52, 0x4);
|
||||
DEFINE_GUID(FORT_GUID_FILTER_REAUTH_IN, 0xc2d858f8, 0x2951, 0x4eed, 0x8d, 0xa1, 0xa4, 0x93, 0xf,
|
||||
0x8e, 0x52, 0x4);
|
||||
|
||||
/* {749709CE-9686-4056-B89A-7A5852DFC898} */
|
||||
DEFINE_GUID(FORT_GUID_FILTER_REAUTH_OUT,
|
||||
0x749709ce, 0x9686, 0x4056, 0xb8, 0x9a, 0x7a, 0x58, 0x52, 0xdf, 0xc8, 0x98);
|
||||
DEFINE_GUID(FORT_GUID_FILTER_REAUTH_OUT, 0x749709ce, 0x9686, 0x4056, 0xb8, 0x9a, 0x7a, 0x58, 0x52,
|
||||
0xdf, 0xc8, 0x98);
|
||||
|
||||
#define FORT_DEVICE_NAME "\\\\.\\fortfw"
|
||||
#define FORT_DEVICE_NAME "\\\\.\\fortfw"
|
||||
|
||||
#define FORT_DEVICE_TYPE 0xD000
|
||||
#define FORT_IOCTL_BASE 0xD00
|
||||
#define FORT_DEVICE_TYPE 0xD000
|
||||
#define FORT_IOCTL_BASE 0xD00
|
||||
|
||||
#define FORT_CTL_CODE(i,a) CTL_CODE(FORT_DEVICE_TYPE, FORT_IOCTL_BASE + (i), METHOD_BUFFERED, (a))
|
||||
#define FORT_CTL_CODE(i, a) CTL_CODE(FORT_DEVICE_TYPE, FORT_IOCTL_BASE + (i), METHOD_BUFFERED, (a))
|
||||
|
||||
#define FORT_IOCTL_VALIDATE FORT_CTL_CODE(0, FILE_WRITE_DATA)
|
||||
#define FORT_IOCTL_SETCONF FORT_CTL_CODE(1, FILE_WRITE_DATA)
|
||||
#define FORT_IOCTL_SETFLAGS FORT_CTL_CODE(2, FILE_WRITE_DATA)
|
||||
#define FORT_IOCTL_GETLOG FORT_CTL_CODE(3, FILE_READ_DATA)
|
||||
#define FORT_IOCTL_ADDAPP FORT_CTL_CODE(4, FILE_WRITE_DATA)
|
||||
#define FORT_IOCTL_DELAPP FORT_CTL_CODE(5, FILE_WRITE_DATA)
|
||||
#define FORT_IOCTL_SETZONES FORT_CTL_CODE(6, FILE_WRITE_DATA)
|
||||
#define FORT_IOCTL_SETZONEFLAG FORT_CTL_CODE(7, FILE_WRITE_DATA)
|
||||
#define FORT_IOCTL_VALIDATE FORT_CTL_CODE(0, FILE_WRITE_DATA)
|
||||
#define FORT_IOCTL_SETCONF FORT_CTL_CODE(1, FILE_WRITE_DATA)
|
||||
#define FORT_IOCTL_SETFLAGS FORT_CTL_CODE(2, FILE_WRITE_DATA)
|
||||
#define FORT_IOCTL_GETLOG FORT_CTL_CODE(3, FILE_READ_DATA)
|
||||
#define FORT_IOCTL_ADDAPP FORT_CTL_CODE(4, FILE_WRITE_DATA)
|
||||
#define FORT_IOCTL_DELAPP FORT_CTL_CODE(5, FILE_WRITE_DATA)
|
||||
#define FORT_IOCTL_SETZONES FORT_CTL_CODE(6, FILE_WRITE_DATA)
|
||||
#define FORT_IOCTL_SETZONEFLAG FORT_CTL_CODE(7, FILE_WRITE_DATA)
|
||||
|
||||
#endif FORTDEV_H
|
||||
#endif // FORTDEV_H
|
||||
|
@ -1,135 +1,78 @@
|
||||
/* Fort Firewall Driver Log */
|
||||
|
||||
#define FORT_BUFFER_SIZE (16 * 1024 - 64)
|
||||
#define FORT_LOG_PATH_MAX 512
|
||||
#define FORT_LOG_ALIGN 4
|
||||
#include "fortlog.h"
|
||||
|
||||
#define FORT_LOG_FLAG_BLOCKED 0x01000000
|
||||
#define FORT_LOG_FLAG_PROC_NEW 0x02000000
|
||||
#define FORT_LOG_FLAG_STAT_TRAF 0x04000000
|
||||
#define FORT_LOG_FLAG_BLOCKED_ALLOW 0x10000000
|
||||
#define FORT_LOG_FLAG_TYPE_MASK 0x0F000000
|
||||
#define FORT_LOG_FLAG_OPT_MASK 0xF0000000
|
||||
#define FORT_LOG_FLAG_EX_MASK 0xFF000000
|
||||
|
||||
#define FORT_LOG_BLOCKED_HEADER_SIZE (4 * sizeof(UINT32))
|
||||
|
||||
#define FORT_LOG_BLOCKED_SIZE(path_len) \
|
||||
((FORT_LOG_BLOCKED_HEADER_SIZE + (path_len) \
|
||||
+ (FORT_LOG_ALIGN - 1)) & ~(FORT_LOG_ALIGN - 1))
|
||||
|
||||
#define FORT_LOG_BLOCKED_SIZE_MAX FORT_LOG_BLOCKED_SIZE(FORT_LOG_PATH_MAX)
|
||||
|
||||
#define FORT_LOG_PROC_NEW_HEADER_SIZE (2 * sizeof(UINT32))
|
||||
|
||||
#define FORT_LOG_PROC_NEW_SIZE(path_len) \
|
||||
((FORT_LOG_PROC_NEW_HEADER_SIZE + (path_len) \
|
||||
+ (FORT_LOG_ALIGN - 1)) & ~(FORT_LOG_ALIGN - 1))
|
||||
|
||||
#define FORT_LOG_STAT_HEADER_SIZE (sizeof(UINT32) + sizeof(INT64))
|
||||
|
||||
#define FORT_LOG_STAT_TRAF_SIZE(proc_count) \
|
||||
(proc_count * 3 * sizeof(UINT32))
|
||||
|
||||
#define FORT_LOG_STAT_SIZE(proc_count) \
|
||||
(FORT_LOG_STAT_HEADER_SIZE + FORT_LOG_STAT_TRAF_SIZE(proc_count))
|
||||
|
||||
#define FORT_LOG_STAT_BUFFER_PROC_COUNT \
|
||||
((FORT_BUFFER_SIZE - FORT_LOG_STAT_HEADER_SIZE) / FORT_LOG_STAT_TRAF_SIZE(1))
|
||||
|
||||
#define FORT_LOG_SIZE_MAX FORT_LOG_BLOCKED_SIZE_MAX
|
||||
|
||||
#define fort_log_type(p) (*((UINT32 *) (p)) & FORT_LOG_FLAG_TYPE_MASK)
|
||||
|
||||
|
||||
static void
|
||||
fort_log_blocked_header_write (char *p, BOOL blocked, UINT32 remote_ip,
|
||||
UINT16 remote_port, UCHAR ip_proto,
|
||||
UINT32 pid, UINT32 path_len)
|
||||
FORT_API void fort_log_blocked_header_write(char *p, BOOL blocked, UINT32 remote_ip,
|
||||
UINT16 remote_port, UCHAR ip_proto, UINT32 pid, UINT32 path_len)
|
||||
{
|
||||
UINT32 *up = (UINT32 *) p;
|
||||
UINT32 *up = (UINT32 *) p;
|
||||
|
||||
*up++ = FORT_LOG_FLAG_BLOCKED
|
||||
| (blocked ? 0 : FORT_LOG_FLAG_BLOCKED_ALLOW)
|
||||
| path_len;
|
||||
*up++ = remote_ip;
|
||||
*up++ = remote_port | (ip_proto << 16);
|
||||
*up = pid;
|
||||
*up++ = FORT_LOG_FLAG_BLOCKED | (blocked ? 0 : FORT_LOG_FLAG_BLOCKED_ALLOW) | path_len;
|
||||
*up++ = remote_ip;
|
||||
*up++ = remote_port | (ip_proto << 16);
|
||||
*up = pid;
|
||||
}
|
||||
|
||||
static void
|
||||
fort_log_blocked_write (char *p, BOOL blocked, UINT32 remote_ip,
|
||||
UINT16 remote_port, UCHAR ip_proto,
|
||||
UINT32 pid, UINT32 path_len, const char *path)
|
||||
FORT_API void fort_log_blocked_write(char *p, BOOL blocked, UINT32 remote_ip, UINT16 remote_port,
|
||||
UCHAR ip_proto, UINT32 pid, UINT32 path_len, const char *path)
|
||||
{
|
||||
fort_log_blocked_header_write(p, blocked, remote_ip, remote_port,
|
||||
ip_proto, pid, path_len);
|
||||
fort_log_blocked_header_write(p, blocked, remote_ip, remote_port, ip_proto, pid, path_len);
|
||||
|
||||
if (path_len) {
|
||||
RtlCopyMemory(p + FORT_LOG_BLOCKED_HEADER_SIZE, path, path_len);
|
||||
}
|
||||
if (path_len) {
|
||||
RtlCopyMemory(p + FORT_LOG_BLOCKED_HEADER_SIZE, path, path_len);
|
||||
}
|
||||
}
|
||||
|
||||
static void
|
||||
fort_log_blocked_header_read (const char *p, BOOL *blocked, UINT32 *remote_ip,
|
||||
UINT16 *remote_port, UCHAR *ip_proto,
|
||||
UINT32 *pid, UINT32 *path_len)
|
||||
FORT_API void fort_log_blocked_header_read(const char *p, BOOL *blocked, UINT32 *remote_ip,
|
||||
UINT16 *remote_port, UCHAR *ip_proto, UINT32 *pid, UINT32 *path_len)
|
||||
{
|
||||
const UINT32 *up = (const UINT32 *) p;
|
||||
const UINT32 *up = (const UINT32 *) p;
|
||||
|
||||
*blocked = !(*up & FORT_LOG_FLAG_BLOCKED_ALLOW);
|
||||
*path_len = (*up++ & ~FORT_LOG_FLAG_EX_MASK);
|
||||
*remote_ip = *up++;
|
||||
*remote_port = *((const UINT16 *) up);
|
||||
*ip_proto = (UCHAR) (*up++ >> 16);
|
||||
*pid = *up;
|
||||
*blocked = !(*up & FORT_LOG_FLAG_BLOCKED_ALLOW);
|
||||
*path_len = (*up++ & ~FORT_LOG_FLAG_EX_MASK);
|
||||
*remote_ip = *up++;
|
||||
*remote_port = *((const UINT16 *) up);
|
||||
*ip_proto = (UCHAR)(*up++ >> 16);
|
||||
*pid = *up;
|
||||
}
|
||||
|
||||
static void
|
||||
fort_log_proc_new_header_write (char *p, UINT32 pid,
|
||||
UINT32 path_len)
|
||||
FORT_API void fort_log_proc_new_header_write(char *p, UINT32 pid, UINT32 path_len)
|
||||
{
|
||||
UINT32 *up = (UINT32 *) p;
|
||||
UINT32 *up = (UINT32 *) p;
|
||||
|
||||
*up++ = FORT_LOG_FLAG_PROC_NEW | path_len;
|
||||
*up = pid;
|
||||
*up++ = FORT_LOG_FLAG_PROC_NEW | path_len;
|
||||
*up = pid;
|
||||
}
|
||||
|
||||
static void
|
||||
fort_log_proc_new_write (char *p, UINT32 pid,
|
||||
UINT32 path_len, const char *path)
|
||||
FORT_API void fort_log_proc_new_write(char *p, UINT32 pid, UINT32 path_len, const char *path)
|
||||
{
|
||||
fort_log_proc_new_header_write(p, pid, path_len);
|
||||
fort_log_proc_new_header_write(p, pid, path_len);
|
||||
|
||||
if (path_len) {
|
||||
RtlCopyMemory(p + FORT_LOG_PROC_NEW_HEADER_SIZE, path, path_len);
|
||||
}
|
||||
if (path_len) {
|
||||
RtlCopyMemory(p + FORT_LOG_PROC_NEW_HEADER_SIZE, path, path_len);
|
||||
}
|
||||
}
|
||||
|
||||
static void
|
||||
fort_log_proc_new_header_read (const char *p, UINT32 *pid,
|
||||
UINT32 *path_len)
|
||||
FORT_API void fort_log_proc_new_header_read(const char *p, UINT32 *pid, UINT32 *path_len)
|
||||
{
|
||||
const UINT32 *up = (const UINT32 *) p;
|
||||
const UINT32 *up = (const UINT32 *) p;
|
||||
|
||||
*path_len = (*up++ & ~FORT_LOG_FLAG_EX_MASK);
|
||||
*pid = *up;
|
||||
*path_len = (*up++ & ~FORT_LOG_FLAG_EX_MASK);
|
||||
*pid = *up;
|
||||
}
|
||||
|
||||
static void
|
||||
fort_log_stat_traf_header_write (char *p, INT64 unix_time, UINT16 proc_count)
|
||||
FORT_API void fort_log_stat_traf_header_write(char *p, INT64 unix_time, UINT16 proc_count)
|
||||
{
|
||||
UINT32 *up = (UINT32 *) p;
|
||||
UINT32 *up = (UINT32 *) p;
|
||||
|
||||
*up++ = FORT_LOG_FLAG_STAT_TRAF | proc_count;
|
||||
*((INT64 *) up) = unix_time;
|
||||
*up++ = FORT_LOG_FLAG_STAT_TRAF | proc_count;
|
||||
*((INT64 *) up) = unix_time;
|
||||
}
|
||||
|
||||
static void
|
||||
fort_log_stat_traf_header_read (const char *p, INT64 *unix_time, UINT16 *proc_count)
|
||||
FORT_API void fort_log_stat_traf_header_read(const char *p, INT64 *unix_time, UINT16 *proc_count)
|
||||
{
|
||||
const UINT32 *up = (const UINT32 *) p;
|
||||
const UINT32 *up = (const UINT32 *) p;
|
||||
|
||||
*proc_count = (UINT16) *up++;
|
||||
*unix_time = *((INT64 *) up);
|
||||
*proc_count = (UINT16) *up++;
|
||||
*unix_time = *((INT64 *) up);
|
||||
}
|
||||
|
71
src/driver/common/fortlog.h
Normal file
71
src/driver/common/fortlog.h
Normal file
@ -0,0 +1,71 @@
|
||||
#ifndef FORTLOG_H
|
||||
#define FORTLOG_H
|
||||
|
||||
#include "common.h"
|
||||
|
||||
#define FORT_BUFFER_SIZE (16 * 1024 - 64)
|
||||
#define FORT_LOG_PATH_MAX 512
|
||||
#define FORT_LOG_ALIGN 4
|
||||
|
||||
#define FORT_LOG_FLAG_BLOCKED 0x01000000
|
||||
#define FORT_LOG_FLAG_PROC_NEW 0x02000000
|
||||
#define FORT_LOG_FLAG_STAT_TRAF 0x04000000
|
||||
#define FORT_LOG_FLAG_BLOCKED_ALLOW 0x10000000
|
||||
#define FORT_LOG_FLAG_TYPE_MASK 0x0F000000
|
||||
#define FORT_LOG_FLAG_OPT_MASK 0xF0000000
|
||||
#define FORT_LOG_FLAG_EX_MASK 0xFF000000
|
||||
|
||||
#define FORT_LOG_BLOCKED_HEADER_SIZE (4 * sizeof(UINT32))
|
||||
|
||||
#define FORT_LOG_BLOCKED_SIZE(path_len) \
|
||||
((FORT_LOG_BLOCKED_HEADER_SIZE + (path_len) + (FORT_LOG_ALIGN - 1)) & ~(FORT_LOG_ALIGN - 1))
|
||||
|
||||
#define FORT_LOG_BLOCKED_SIZE_MAX FORT_LOG_BLOCKED_SIZE(FORT_LOG_PATH_MAX)
|
||||
|
||||
#define FORT_LOG_PROC_NEW_HEADER_SIZE (2 * sizeof(UINT32))
|
||||
|
||||
#define FORT_LOG_PROC_NEW_SIZE(path_len) \
|
||||
((FORT_LOG_PROC_NEW_HEADER_SIZE + (path_len) + (FORT_LOG_ALIGN - 1)) & ~(FORT_LOG_ALIGN - 1))
|
||||
|
||||
#define FORT_LOG_STAT_HEADER_SIZE (sizeof(UINT32) + sizeof(INT64))
|
||||
|
||||
#define FORT_LOG_STAT_TRAF_SIZE(proc_count) (proc_count * 3 * sizeof(UINT32))
|
||||
|
||||
#define FORT_LOG_STAT_SIZE(proc_count) \
|
||||
(FORT_LOG_STAT_HEADER_SIZE + FORT_LOG_STAT_TRAF_SIZE(proc_count))
|
||||
|
||||
#define FORT_LOG_STAT_BUFFER_PROC_COUNT \
|
||||
((FORT_BUFFER_SIZE - FORT_LOG_STAT_HEADER_SIZE) / FORT_LOG_STAT_TRAF_SIZE(1))
|
||||
|
||||
#define FORT_LOG_SIZE_MAX FORT_LOG_BLOCKED_SIZE_MAX
|
||||
|
||||
#define fort_log_type(p) (*((UINT32 *) (p)) & FORT_LOG_FLAG_TYPE_MASK)
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
FORT_API void fort_log_blocked_header_write(char *p, BOOL blocked, UINT32 remote_ip,
|
||||
UINT16 remote_port, UCHAR ip_proto, UINT32 pid, UINT32 path_len);
|
||||
|
||||
FORT_API void fort_log_blocked_write(char *p, BOOL blocked, UINT32 remote_ip, UINT16 remote_port,
|
||||
UCHAR ip_proto, UINT32 pid, UINT32 path_len, const char *path);
|
||||
|
||||
FORT_API void fort_log_blocked_header_read(const char *p, BOOL *blocked, UINT32 *remote_ip,
|
||||
UINT16 *remote_port, UCHAR *ip_proto, UINT32 *pid, UINT32 *path_len);
|
||||
|
||||
FORT_API void fort_log_proc_new_header_write(char *p, UINT32 pid, UINT32 path_len);
|
||||
|
||||
FORT_API void fort_log_proc_new_write(char *p, UINT32 pid, UINT32 path_len, const char *path);
|
||||
|
||||
FORT_API void fort_log_proc_new_header_read(const char *p, UINT32 *pid, UINT32 *path_len);
|
||||
|
||||
FORT_API void fort_log_stat_traf_header_write(char *p, INT64 unix_time, UINT16 proc_count);
|
||||
|
||||
FORT_API void fort_log_stat_traf_header_read(const char *p, INT64 *unix_time, UINT16 *proc_count);
|
||||
|
||||
#ifdef __cplusplus
|
||||
} // extern "C"
|
||||
#endif
|
||||
|
||||
#endif // FORTLOG_H
|
@ -1,338 +1,327 @@
|
||||
/* Fort Firewall Driver Provider (Un)Registration */
|
||||
|
||||
#define fort_prov_open(engine) FwpmEngineOpen0(NULL, RPC_C_AUTHN_WINNT, NULL, NULL, (engine))
|
||||
#define fort_prov_close(engine) FwpmEngineClose0(engine)
|
||||
#define fort_prov_trans_begin(engine) FwpmTransactionBegin0((engine), 0)
|
||||
#define fort_prov_trans_commit(engine) FwpmTransactionCommit0(engine)
|
||||
#define fort_prov_trans_abort(engine) FwpmTransactionAbort0(engine)
|
||||
#include "fortdev.h"
|
||||
#include "fortprov.h"
|
||||
|
||||
static void
|
||||
fort_prov_unregister (HANDLE transEngine)
|
||||
FORT_API void fort_prov_unregister(HANDLE transEngine)
|
||||
{
|
||||
HANDLE engine = transEngine;
|
||||
HANDLE engine = transEngine;
|
||||
|
||||
if (!transEngine) {
|
||||
if (fort_prov_open(&engine))
|
||||
return;
|
||||
if (!transEngine) {
|
||||
if (fort_prov_open(&engine))
|
||||
return;
|
||||
|
||||
fort_prov_trans_begin(engine);
|
||||
}
|
||||
|
||||
FwpmFilterDeleteByKey0(engine, (GUID *) &FORT_GUID_FILTER_CONNECT_V4);
|
||||
FwpmFilterDeleteByKey0(engine, (GUID *) &FORT_GUID_FILTER_ACCEPT_V4);
|
||||
FwpmFilterDeleteByKey0(engine, (GUID *) &FORT_GUID_FILTER_STREAM_V4);
|
||||
FwpmFilterDeleteByKey0(engine, (GUID *) &FORT_GUID_FILTER_DATAGRAM_V4);
|
||||
FwpmFilterDeleteByKey0(engine, (GUID *) &FORT_GUID_FILTER_IN_TRANSPORT_V4);
|
||||
FwpmFilterDeleteByKey0(engine, (GUID *) &FORT_GUID_FILTER_OUT_TRANSPORT_V4);
|
||||
FwpmFilterDeleteByKey0(engine, (GUID *) &FORT_GUID_FILTER_REAUTH_IN);
|
||||
FwpmFilterDeleteByKey0(engine, (GUID *) &FORT_GUID_FILTER_REAUTH_OUT);
|
||||
FwpmSubLayerDeleteByKey0(engine, (GUID *) &FORT_GUID_SUBLAYER);
|
||||
FwpmCalloutDeleteByKey0(engine, (GUID *) &FORT_GUID_CALLOUT_CONNECT_V4);
|
||||
FwpmCalloutDeleteByKey0(engine, (GUID *) &FORT_GUID_CALLOUT_ACCEPT_V4);
|
||||
FwpmCalloutDeleteByKey0(engine, (GUID *) &FORT_GUID_CALLOUT_STREAM_V4);
|
||||
FwpmCalloutDeleteByKey0(engine, (GUID *) &FORT_GUID_CALLOUT_DATAGRAM_V4);
|
||||
FwpmCalloutDeleteByKey0(engine, (GUID *) &FORT_GUID_CALLOUT_IN_TRANSPORT_V4);
|
||||
FwpmCalloutDeleteByKey0(engine, (GUID *) &FORT_GUID_CALLOUT_OUT_TRANSPORT_V4);
|
||||
FwpmProviderDeleteByKey0(engine, (GUID *) &FORT_GUID_PROVIDER);
|
||||
|
||||
if (!transEngine) {
|
||||
fort_prov_trans_commit(engine);
|
||||
fort_prov_close(engine);
|
||||
}
|
||||
}
|
||||
|
||||
static void
|
||||
fort_prov_flow_unregister (HANDLE transEngine)
|
||||
{
|
||||
HANDLE engine = transEngine;
|
||||
|
||||
if (!transEngine) {
|
||||
if (fort_prov_open(&engine))
|
||||
return;
|
||||
|
||||
fort_prov_trans_begin(engine);
|
||||
}
|
||||
|
||||
FwpmFilterDeleteByKey0(engine, (GUID *) &FORT_GUID_FILTER_STREAM_V4);
|
||||
FwpmFilterDeleteByKey0(engine, (GUID *) &FORT_GUID_FILTER_DATAGRAM_V4);
|
||||
FwpmFilterDeleteByKey0(engine, (GUID *) &FORT_GUID_FILTER_IN_TRANSPORT_V4);
|
||||
FwpmFilterDeleteByKey0(engine, (GUID *) &FORT_GUID_FILTER_OUT_TRANSPORT_V4);
|
||||
|
||||
if (!transEngine) {
|
||||
fort_prov_trans_commit(engine);
|
||||
fort_prov_close(engine);
|
||||
}
|
||||
}
|
||||
|
||||
static DWORD
|
||||
fort_prov_register (HANDLE transEngine, BOOL is_boot)
|
||||
{
|
||||
FWPM_PROVIDER0 provider;
|
||||
FWPM_CALLOUT0 ocallout4, icallout4;
|
||||
FWPM_CALLOUT0 scallout4, dcallout4;
|
||||
FWPM_CALLOUT0 itcallout4, otcallout4;
|
||||
FWPM_SUBLAYER0 sublayer;
|
||||
FWPM_FILTER0 ofilter4, ifilter4;
|
||||
HANDLE engine = transEngine;
|
||||
const UINT32 filter_flags = is_boot ? 0 : FWPM_FILTER_FLAG_PERMIT_IF_CALLOUT_UNREGISTERED;
|
||||
DWORD status;
|
||||
|
||||
if (!transEngine) {
|
||||
if ((status = fort_prov_open(&engine)))
|
||||
goto end;
|
||||
|
||||
fort_prov_trans_begin(engine);
|
||||
}
|
||||
|
||||
RtlZeroMemory(&provider, sizeof(FWPM_PROVIDER0));
|
||||
provider.flags = is_boot ? FWPM_PROVIDER_FLAG_PERSISTENT : 0;
|
||||
provider.providerKey = FORT_GUID_PROVIDER;
|
||||
provider.displayData.name = (PWCHAR) L"FortProvider";
|
||||
provider.displayData.description = (PWCHAR) L"Fort Firewall Provider";
|
||||
provider.serviceName = (PWCHAR) L"fortfw";
|
||||
|
||||
RtlZeroMemory(&ocallout4, sizeof(FWPM_CALLOUT0));
|
||||
ocallout4.calloutKey = FORT_GUID_CALLOUT_CONNECT_V4;
|
||||
ocallout4.displayData.name = (PWCHAR) L"FortCalloutConnect4";
|
||||
ocallout4.displayData.description = (PWCHAR) L"Fort Firewall Callout Connect V4";
|
||||
ocallout4.providerKey = (GUID *) &FORT_GUID_PROVIDER;
|
||||
ocallout4.applicableLayer = FWPM_LAYER_ALE_AUTH_CONNECT_V4;
|
||||
|
||||
RtlZeroMemory(&icallout4, sizeof(FWPM_CALLOUT0));
|
||||
icallout4.calloutKey = FORT_GUID_CALLOUT_ACCEPT_V4;
|
||||
icallout4.displayData.name = (PWCHAR) L"FortCalloutAccept4";
|
||||
icallout4.displayData.description = (PWCHAR) L"Fort Firewall Callout Accept V4";
|
||||
icallout4.providerKey = (GUID *) &FORT_GUID_PROVIDER;
|
||||
icallout4.applicableLayer = FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4;
|
||||
|
||||
RtlZeroMemory(&scallout4, sizeof(FWPM_CALLOUT0));
|
||||
scallout4.calloutKey = FORT_GUID_CALLOUT_STREAM_V4;
|
||||
scallout4.displayData.name = (PWCHAR) L"FortCalloutStream4";
|
||||
scallout4.displayData.description = (PWCHAR) L"Fort Firewall Callout Stream V4";
|
||||
scallout4.providerKey = (GUID *) &FORT_GUID_PROVIDER;
|
||||
scallout4.applicableLayer = FWPM_LAYER_STREAM_V4;
|
||||
|
||||
RtlZeroMemory(&dcallout4, sizeof(FWPM_CALLOUT0));
|
||||
dcallout4.calloutKey = FORT_GUID_CALLOUT_DATAGRAM_V4;
|
||||
dcallout4.displayData.name = (PWCHAR) L"FortCalloutDatagram4";
|
||||
dcallout4.displayData.description = (PWCHAR) L"Fort Firewall Callout Datagram V4";
|
||||
dcallout4.providerKey = (GUID *) &FORT_GUID_PROVIDER;
|
||||
dcallout4.applicableLayer = FWPM_LAYER_DATAGRAM_DATA_V4;
|
||||
|
||||
RtlZeroMemory(&itcallout4, sizeof(FWPM_CALLOUT0));
|
||||
itcallout4.calloutKey = FORT_GUID_CALLOUT_IN_TRANSPORT_V4;
|
||||
itcallout4.displayData.name = (PWCHAR) L"FortCalloutInTransport4";
|
||||
itcallout4.displayData.description = (PWCHAR) L"Fort Firewall Callout Inbound Transport V4";
|
||||
itcallout4.providerKey = (GUID *) &FORT_GUID_PROVIDER;
|
||||
itcallout4.applicableLayer = FWPM_LAYER_INBOUND_TRANSPORT_V4;
|
||||
|
||||
RtlZeroMemory(&otcallout4, sizeof(FWPM_CALLOUT0));
|
||||
otcallout4.calloutKey = FORT_GUID_CALLOUT_OUT_TRANSPORT_V4;
|
||||
otcallout4.displayData.name = (PWCHAR) L"FortCalloutOutTransport4";
|
||||
otcallout4.displayData.description = (PWCHAR) L"Fort Firewall Callout Outbound Transport V4";
|
||||
otcallout4.providerKey = (GUID *) &FORT_GUID_PROVIDER;
|
||||
otcallout4.applicableLayer = FWPM_LAYER_OUTBOUND_TRANSPORT_V4;
|
||||
|
||||
RtlZeroMemory(&sublayer, sizeof(FWPM_SUBLAYER0));
|
||||
sublayer.subLayerKey = FORT_GUID_SUBLAYER;
|
||||
sublayer.displayData.name = (PWCHAR) L"FortSublayer";
|
||||
sublayer.displayData.description = (PWCHAR) L"Fort Firewall Sublayer";
|
||||
sublayer.providerKey = (GUID *) &FORT_GUID_PROVIDER;
|
||||
|
||||
RtlZeroMemory(&ofilter4, sizeof(FWPM_FILTER0));
|
||||
ofilter4.flags = filter_flags;
|
||||
ofilter4.filterKey = FORT_GUID_FILTER_CONNECT_V4;
|
||||
ofilter4.layerKey = FWPM_LAYER_ALE_AUTH_CONNECT_V4;
|
||||
ofilter4.subLayerKey = FORT_GUID_SUBLAYER;
|
||||
ofilter4.displayData.name = (PWCHAR) L"FortFilterConnect4";
|
||||
ofilter4.displayData.description = (PWCHAR) L"Fort Firewall Filter Connect V4";
|
||||
ofilter4.action.type = FWP_ACTION_CALLOUT_UNKNOWN;
|
||||
ofilter4.action.calloutKey = FORT_GUID_CALLOUT_CONNECT_V4;
|
||||
|
||||
RtlZeroMemory(&ifilter4, sizeof(FWPM_FILTER0));
|
||||
ifilter4.flags = filter_flags;
|
||||
ifilter4.filterKey = FORT_GUID_FILTER_ACCEPT_V4;
|
||||
ifilter4.layerKey = FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4;
|
||||
ifilter4.subLayerKey = FORT_GUID_SUBLAYER;
|
||||
ifilter4.displayData.name = (PWCHAR) L"FortFilterAccept4";
|
||||
ifilter4.displayData.description = (PWCHAR) L"Fort Firewall Filter Accept V4";
|
||||
ifilter4.action.type = FWP_ACTION_CALLOUT_UNKNOWN;
|
||||
ifilter4.action.calloutKey = FORT_GUID_CALLOUT_ACCEPT_V4;
|
||||
|
||||
if ((status = FwpmProviderAdd0(engine, &provider, NULL))
|
||||
|| (status = FwpmCalloutAdd0(engine, &ocallout4, NULL, NULL))
|
||||
|| (status = FwpmCalloutAdd0(engine, &icallout4, NULL, NULL))
|
||||
|| (status = FwpmCalloutAdd0(engine, &scallout4, NULL, NULL))
|
||||
|| (status = FwpmCalloutAdd0(engine, &dcallout4, NULL, NULL))
|
||||
|| (status = FwpmCalloutAdd0(engine, &itcallout4, NULL, NULL))
|
||||
|| (status = FwpmCalloutAdd0(engine, &otcallout4, NULL, NULL))
|
||||
|| (status = FwpmSubLayerAdd0(engine, &sublayer, NULL))
|
||||
|| (status = FwpmFilterAdd0(engine, &ofilter4, NULL, NULL))
|
||||
|| (status = FwpmFilterAdd0(engine, &ifilter4, NULL, NULL))) {
|
||||
fort_prov_trans_abort(engine);
|
||||
}
|
||||
|
||||
if (!transEngine) {
|
||||
if (NT_SUCCESS(status)) {
|
||||
status = fort_prov_trans_commit(engine);
|
||||
fort_prov_trans_begin(engine);
|
||||
}
|
||||
|
||||
fort_prov_close(engine);
|
||||
}
|
||||
|
||||
end:
|
||||
return status;
|
||||
}
|
||||
|
||||
static DWORD
|
||||
fort_prov_flow_register (HANDLE transEngine, BOOL filter_transport)
|
||||
{
|
||||
FWPM_FILTER0 sfilter4, dfilter4;
|
||||
FWPM_FILTER0 itfilter4, otfilter4;
|
||||
HANDLE engine = transEngine;
|
||||
const UINT32 filter_flags = FWPM_FILTER_FLAG_PERMIT_IF_CALLOUT_UNREGISTERED
|
||||
| FWP_CALLOUT_FLAG_ALLOW_MID_STREAM_INSPECTION;
|
||||
DWORD status;
|
||||
|
||||
if (!transEngine) {
|
||||
if ((status = fort_prov_open(&engine)))
|
||||
goto end;
|
||||
|
||||
fort_prov_trans_begin(engine);
|
||||
}
|
||||
|
||||
RtlZeroMemory(&sfilter4, sizeof(FWPM_FILTER0));
|
||||
sfilter4.flags = filter_flags;
|
||||
sfilter4.filterKey = FORT_GUID_FILTER_STREAM_V4;
|
||||
sfilter4.layerKey = FWPM_LAYER_STREAM_V4;
|
||||
sfilter4.subLayerKey = FORT_GUID_SUBLAYER;
|
||||
sfilter4.displayData.name = (PWCHAR) L"FortFilterStream4";
|
||||
sfilter4.displayData.description = (PWCHAR) L"Fort Firewall Filter Stream V4";
|
||||
sfilter4.action.type = FWP_ACTION_CALLOUT_TERMINATING;
|
||||
sfilter4.action.calloutKey = FORT_GUID_CALLOUT_STREAM_V4;
|
||||
|
||||
RtlZeroMemory(&dfilter4, sizeof(FWPM_FILTER0));
|
||||
dfilter4.flags = filter_flags;
|
||||
dfilter4.filterKey = FORT_GUID_FILTER_DATAGRAM_V4;
|
||||
dfilter4.layerKey = FWPM_LAYER_DATAGRAM_DATA_V4;
|
||||
dfilter4.subLayerKey = FORT_GUID_SUBLAYER;
|
||||
dfilter4.displayData.name = (PWCHAR) L"FortFilterDatagram4";
|
||||
dfilter4.displayData.description = (PWCHAR) L"Fort Firewall Filter Datagram V4";
|
||||
dfilter4.action.type = FWP_ACTION_CALLOUT_TERMINATING;
|
||||
dfilter4.action.calloutKey = FORT_GUID_CALLOUT_DATAGRAM_V4;
|
||||
|
||||
RtlZeroMemory(&itfilter4, sizeof(FWPM_FILTER0));
|
||||
itfilter4.flags = filter_flags;
|
||||
itfilter4.filterKey = FORT_GUID_FILTER_IN_TRANSPORT_V4;
|
||||
itfilter4.layerKey = FWPM_LAYER_INBOUND_TRANSPORT_V4;
|
||||
itfilter4.subLayerKey = FORT_GUID_SUBLAYER;
|
||||
itfilter4.displayData.name = (PWCHAR) L"FortFilterInTransport4";
|
||||
itfilter4.displayData.description = (PWCHAR) L"Fort Firewall Filter Inbound Transport V4";
|
||||
itfilter4.action.type = FWP_ACTION_CALLOUT_TERMINATING;
|
||||
itfilter4.action.calloutKey = FORT_GUID_CALLOUT_IN_TRANSPORT_V4;
|
||||
|
||||
RtlZeroMemory(&otfilter4, sizeof(FWPM_FILTER0));
|
||||
otfilter4.flags = filter_flags;
|
||||
otfilter4.filterKey = FORT_GUID_FILTER_OUT_TRANSPORT_V4;
|
||||
otfilter4.layerKey = FWPM_LAYER_OUTBOUND_TRANSPORT_V4;
|
||||
otfilter4.subLayerKey = FORT_GUID_SUBLAYER;
|
||||
otfilter4.displayData.name = (PWCHAR) L"FortFilterOutTransport4";
|
||||
otfilter4.displayData.description = (PWCHAR) L"Fort Firewall Filter Outbound Transport V4";
|
||||
otfilter4.action.type = FWP_ACTION_CALLOUT_TERMINATING;
|
||||
otfilter4.action.calloutKey = FORT_GUID_CALLOUT_OUT_TRANSPORT_V4;
|
||||
|
||||
if ((status = FwpmFilterAdd0(engine, &sfilter4, NULL, NULL))
|
||||
|| (status = FwpmFilterAdd0(engine, &dfilter4, NULL, NULL))
|
||||
|| (filter_transport
|
||||
&& ((status = FwpmFilterAdd0(engine, &itfilter4, NULL, NULL))
|
||||
|| (status = FwpmFilterAdd0(engine, &otfilter4, NULL, NULL))))
|
||||
) {
|
||||
fort_prov_trans_abort(engine);
|
||||
}
|
||||
|
||||
if (!transEngine) {
|
||||
if (NT_SUCCESS(status)) {
|
||||
status = fort_prov_trans_commit(engine);
|
||||
}
|
||||
|
||||
fort_prov_close(engine);
|
||||
}
|
||||
|
||||
end:
|
||||
return status;
|
||||
}
|
||||
|
||||
static BOOL
|
||||
fort_prov_is_boot (void)
|
||||
{
|
||||
HANDLE engine;
|
||||
BOOL is_boot = FALSE;
|
||||
|
||||
if (!fort_prov_open(&engine)) {
|
||||
FWPM_PROVIDER0 *provider;
|
||||
|
||||
if (!FwpmProviderGetByKey0(engine, (GUID *) &FORT_GUID_PROVIDER, &provider)) {
|
||||
is_boot = (provider->flags & FWPM_PROVIDER_FLAG_PERSISTENT);
|
||||
|
||||
FwpmFreeMemory0((void **) &provider);
|
||||
}
|
||||
|
||||
fort_prov_close(engine);
|
||||
}
|
||||
|
||||
return is_boot;
|
||||
}
|
||||
|
||||
static DWORD
|
||||
fort_prov_reauth (HANDLE transEngine)
|
||||
{
|
||||
HANDLE engine = transEngine;
|
||||
DWORD status;
|
||||
|
||||
if (!transEngine) {
|
||||
if ((status = fort_prov_open(&engine)))
|
||||
goto end;
|
||||
|
||||
fort_prov_trans_begin(engine);
|
||||
}
|
||||
|
||||
status = FwpmFilterDeleteByKey0(engine, (GUID *) &FORT_GUID_FILTER_REAUTH_IN);
|
||||
if (NT_SUCCESS(status)) {
|
||||
FwpmFilterDeleteByKey0(engine, (GUID *) &FORT_GUID_FILTER_CONNECT_V4);
|
||||
FwpmFilterDeleteByKey0(engine, (GUID *) &FORT_GUID_FILTER_ACCEPT_V4);
|
||||
FwpmFilterDeleteByKey0(engine, (GUID *) &FORT_GUID_FILTER_STREAM_V4);
|
||||
FwpmFilterDeleteByKey0(engine, (GUID *) &FORT_GUID_FILTER_DATAGRAM_V4);
|
||||
FwpmFilterDeleteByKey0(engine, (GUID *) &FORT_GUID_FILTER_IN_TRANSPORT_V4);
|
||||
FwpmFilterDeleteByKey0(engine, (GUID *) &FORT_GUID_FILTER_OUT_TRANSPORT_V4);
|
||||
FwpmFilterDeleteByKey0(engine, (GUID *) &FORT_GUID_FILTER_REAUTH_IN);
|
||||
FwpmFilterDeleteByKey0(engine, (GUID *) &FORT_GUID_FILTER_REAUTH_OUT);
|
||||
} else {
|
||||
FWPM_FILTER0 ifilter, ofilter;
|
||||
FwpmSubLayerDeleteByKey0(engine, (GUID *) &FORT_GUID_SUBLAYER);
|
||||
FwpmCalloutDeleteByKey0(engine, (GUID *) &FORT_GUID_CALLOUT_CONNECT_V4);
|
||||
FwpmCalloutDeleteByKey0(engine, (GUID *) &FORT_GUID_CALLOUT_ACCEPT_V4);
|
||||
FwpmCalloutDeleteByKey0(engine, (GUID *) &FORT_GUID_CALLOUT_STREAM_V4);
|
||||
FwpmCalloutDeleteByKey0(engine, (GUID *) &FORT_GUID_CALLOUT_DATAGRAM_V4);
|
||||
FwpmCalloutDeleteByKey0(engine, (GUID *) &FORT_GUID_CALLOUT_IN_TRANSPORT_V4);
|
||||
FwpmCalloutDeleteByKey0(engine, (GUID *) &FORT_GUID_CALLOUT_OUT_TRANSPORT_V4);
|
||||
FwpmProviderDeleteByKey0(engine, (GUID *) &FORT_GUID_PROVIDER);
|
||||
|
||||
RtlZeroMemory(&ifilter, sizeof(FWPM_FILTER0));
|
||||
ifilter.filterKey = FORT_GUID_FILTER_REAUTH_IN;
|
||||
ifilter.layerKey = FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4;
|
||||
ifilter.subLayerKey = FORT_GUID_SUBLAYER;
|
||||
ifilter.displayData.name = (PWCHAR) L"FortFilterReauthIn";
|
||||
ifilter.displayData.description = (PWCHAR) L"Fort Firewall Filter Reauth Inbound";
|
||||
ifilter.action.type = FWP_ACTION_CONTINUE;
|
||||
|
||||
RtlZeroMemory(&ofilter, sizeof(FWPM_FILTER0));
|
||||
ofilter.filterKey = FORT_GUID_FILTER_REAUTH_OUT;
|
||||
ofilter.layerKey = FWPM_LAYER_ALE_AUTH_CONNECT_V4;
|
||||
ofilter.subLayerKey = FORT_GUID_SUBLAYER;
|
||||
ofilter.displayData.name = (PWCHAR) L"FortFilterReauthOut";
|
||||
ofilter.displayData.description = (PWCHAR) L"Fort Firewall Filter Reauth Outbound";
|
||||
ofilter.action.type = FWP_ACTION_CONTINUE;
|
||||
|
||||
status = FwpmFilterAdd0(engine, &ifilter, NULL, NULL);
|
||||
FwpmFilterAdd0(engine, &ofilter, NULL, NULL);
|
||||
}
|
||||
|
||||
if (!transEngine) {
|
||||
if (NT_SUCCESS(status)) {
|
||||
status = fort_prov_trans_commit(engine);
|
||||
} else {
|
||||
fort_prov_trans_abort(engine);
|
||||
if (!transEngine) {
|
||||
fort_prov_trans_commit(engine);
|
||||
fort_prov_close(engine);
|
||||
}
|
||||
|
||||
fort_prov_close(engine);
|
||||
}
|
||||
|
||||
end:
|
||||
return status;
|
||||
}
|
||||
|
||||
FORT_API void fort_prov_flow_unregister(HANDLE transEngine)
|
||||
{
|
||||
HANDLE engine = transEngine;
|
||||
|
||||
if (!transEngine) {
|
||||
if (fort_prov_open(&engine))
|
||||
return;
|
||||
|
||||
fort_prov_trans_begin(engine);
|
||||
}
|
||||
|
||||
FwpmFilterDeleteByKey0(engine, (GUID *) &FORT_GUID_FILTER_STREAM_V4);
|
||||
FwpmFilterDeleteByKey0(engine, (GUID *) &FORT_GUID_FILTER_DATAGRAM_V4);
|
||||
FwpmFilterDeleteByKey0(engine, (GUID *) &FORT_GUID_FILTER_IN_TRANSPORT_V4);
|
||||
FwpmFilterDeleteByKey0(engine, (GUID *) &FORT_GUID_FILTER_OUT_TRANSPORT_V4);
|
||||
|
||||
if (!transEngine) {
|
||||
fort_prov_trans_commit(engine);
|
||||
fort_prov_close(engine);
|
||||
}
|
||||
}
|
||||
|
||||
FORT_API DWORD fort_prov_register(HANDLE transEngine, BOOL is_boot)
|
||||
{
|
||||
FWPM_PROVIDER0 provider;
|
||||
FWPM_CALLOUT0 ocallout4, icallout4;
|
||||
FWPM_CALLOUT0 scallout4, dcallout4;
|
||||
FWPM_CALLOUT0 itcallout4, otcallout4;
|
||||
FWPM_SUBLAYER0 sublayer;
|
||||
FWPM_FILTER0 ofilter4, ifilter4;
|
||||
HANDLE engine = transEngine;
|
||||
const UINT32 filter_flags = is_boot ? 0 : FWPM_FILTER_FLAG_PERMIT_IF_CALLOUT_UNREGISTERED;
|
||||
DWORD status;
|
||||
|
||||
if (!transEngine) {
|
||||
if ((status = fort_prov_open(&engine)))
|
||||
goto end;
|
||||
|
||||
fort_prov_trans_begin(engine);
|
||||
}
|
||||
|
||||
RtlZeroMemory(&provider, sizeof(FWPM_PROVIDER0));
|
||||
provider.flags = is_boot ? FWPM_PROVIDER_FLAG_PERSISTENT : 0;
|
||||
provider.providerKey = FORT_GUID_PROVIDER;
|
||||
provider.displayData.name = (PWCHAR) L"FortProvider";
|
||||
provider.displayData.description = (PWCHAR) L"Fort Firewall Provider";
|
||||
provider.serviceName = (PWCHAR) L"fortfw";
|
||||
|
||||
RtlZeroMemory(&ocallout4, sizeof(FWPM_CALLOUT0));
|
||||
ocallout4.calloutKey = FORT_GUID_CALLOUT_CONNECT_V4;
|
||||
ocallout4.displayData.name = (PWCHAR) L"FortCalloutConnect4";
|
||||
ocallout4.displayData.description = (PWCHAR) L"Fort Firewall Callout Connect V4";
|
||||
ocallout4.providerKey = (GUID *) &FORT_GUID_PROVIDER;
|
||||
ocallout4.applicableLayer = FWPM_LAYER_ALE_AUTH_CONNECT_V4;
|
||||
|
||||
RtlZeroMemory(&icallout4, sizeof(FWPM_CALLOUT0));
|
||||
icallout4.calloutKey = FORT_GUID_CALLOUT_ACCEPT_V4;
|
||||
icallout4.displayData.name = (PWCHAR) L"FortCalloutAccept4";
|
||||
icallout4.displayData.description = (PWCHAR) L"Fort Firewall Callout Accept V4";
|
||||
icallout4.providerKey = (GUID *) &FORT_GUID_PROVIDER;
|
||||
icallout4.applicableLayer = FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4;
|
||||
|
||||
RtlZeroMemory(&scallout4, sizeof(FWPM_CALLOUT0));
|
||||
scallout4.calloutKey = FORT_GUID_CALLOUT_STREAM_V4;
|
||||
scallout4.displayData.name = (PWCHAR) L"FortCalloutStream4";
|
||||
scallout4.displayData.description = (PWCHAR) L"Fort Firewall Callout Stream V4";
|
||||
scallout4.providerKey = (GUID *) &FORT_GUID_PROVIDER;
|
||||
scallout4.applicableLayer = FWPM_LAYER_STREAM_V4;
|
||||
|
||||
RtlZeroMemory(&dcallout4, sizeof(FWPM_CALLOUT0));
|
||||
dcallout4.calloutKey = FORT_GUID_CALLOUT_DATAGRAM_V4;
|
||||
dcallout4.displayData.name = (PWCHAR) L"FortCalloutDatagram4";
|
||||
dcallout4.displayData.description = (PWCHAR) L"Fort Firewall Callout Datagram V4";
|
||||
dcallout4.providerKey = (GUID *) &FORT_GUID_PROVIDER;
|
||||
dcallout4.applicableLayer = FWPM_LAYER_DATAGRAM_DATA_V4;
|
||||
|
||||
RtlZeroMemory(&itcallout4, sizeof(FWPM_CALLOUT0));
|
||||
itcallout4.calloutKey = FORT_GUID_CALLOUT_IN_TRANSPORT_V4;
|
||||
itcallout4.displayData.name = (PWCHAR) L"FortCalloutInTransport4";
|
||||
itcallout4.displayData.description = (PWCHAR) L"Fort Firewall Callout Inbound Transport V4";
|
||||
itcallout4.providerKey = (GUID *) &FORT_GUID_PROVIDER;
|
||||
itcallout4.applicableLayer = FWPM_LAYER_INBOUND_TRANSPORT_V4;
|
||||
|
||||
RtlZeroMemory(&otcallout4, sizeof(FWPM_CALLOUT0));
|
||||
otcallout4.calloutKey = FORT_GUID_CALLOUT_OUT_TRANSPORT_V4;
|
||||
otcallout4.displayData.name = (PWCHAR) L"FortCalloutOutTransport4";
|
||||
otcallout4.displayData.description = (PWCHAR) L"Fort Firewall Callout Outbound Transport V4";
|
||||
otcallout4.providerKey = (GUID *) &FORT_GUID_PROVIDER;
|
||||
otcallout4.applicableLayer = FWPM_LAYER_OUTBOUND_TRANSPORT_V4;
|
||||
|
||||
RtlZeroMemory(&sublayer, sizeof(FWPM_SUBLAYER0));
|
||||
sublayer.subLayerKey = FORT_GUID_SUBLAYER;
|
||||
sublayer.displayData.name = (PWCHAR) L"FortSublayer";
|
||||
sublayer.displayData.description = (PWCHAR) L"Fort Firewall Sublayer";
|
||||
sublayer.providerKey = (GUID *) &FORT_GUID_PROVIDER;
|
||||
|
||||
RtlZeroMemory(&ofilter4, sizeof(FWPM_FILTER0));
|
||||
ofilter4.flags = filter_flags;
|
||||
ofilter4.filterKey = FORT_GUID_FILTER_CONNECT_V4;
|
||||
ofilter4.layerKey = FWPM_LAYER_ALE_AUTH_CONNECT_V4;
|
||||
ofilter4.subLayerKey = FORT_GUID_SUBLAYER;
|
||||
ofilter4.displayData.name = (PWCHAR) L"FortFilterConnect4";
|
||||
ofilter4.displayData.description = (PWCHAR) L"Fort Firewall Filter Connect V4";
|
||||
ofilter4.action.type = FWP_ACTION_CALLOUT_UNKNOWN;
|
||||
ofilter4.action.calloutKey = FORT_GUID_CALLOUT_CONNECT_V4;
|
||||
|
||||
RtlZeroMemory(&ifilter4, sizeof(FWPM_FILTER0));
|
||||
ifilter4.flags = filter_flags;
|
||||
ifilter4.filterKey = FORT_GUID_FILTER_ACCEPT_V4;
|
||||
ifilter4.layerKey = FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4;
|
||||
ifilter4.subLayerKey = FORT_GUID_SUBLAYER;
|
||||
ifilter4.displayData.name = (PWCHAR) L"FortFilterAccept4";
|
||||
ifilter4.displayData.description = (PWCHAR) L"Fort Firewall Filter Accept V4";
|
||||
ifilter4.action.type = FWP_ACTION_CALLOUT_UNKNOWN;
|
||||
ifilter4.action.calloutKey = FORT_GUID_CALLOUT_ACCEPT_V4;
|
||||
|
||||
if ((status = FwpmProviderAdd0(engine, &provider, NULL))
|
||||
|| (status = FwpmCalloutAdd0(engine, &ocallout4, NULL, NULL))
|
||||
|| (status = FwpmCalloutAdd0(engine, &icallout4, NULL, NULL))
|
||||
|| (status = FwpmCalloutAdd0(engine, &scallout4, NULL, NULL))
|
||||
|| (status = FwpmCalloutAdd0(engine, &dcallout4, NULL, NULL))
|
||||
|| (status = FwpmCalloutAdd0(engine, &itcallout4, NULL, NULL))
|
||||
|| (status = FwpmCalloutAdd0(engine, &otcallout4, NULL, NULL))
|
||||
|| (status = FwpmSubLayerAdd0(engine, &sublayer, NULL))
|
||||
|| (status = FwpmFilterAdd0(engine, &ofilter4, NULL, NULL))
|
||||
|| (status = FwpmFilterAdd0(engine, &ifilter4, NULL, NULL))) {
|
||||
fort_prov_trans_abort(engine);
|
||||
}
|
||||
|
||||
if (!transEngine) {
|
||||
if (NT_SUCCESS(status)) {
|
||||
status = fort_prov_trans_commit(engine);
|
||||
}
|
||||
|
||||
fort_prov_close(engine);
|
||||
}
|
||||
|
||||
end:
|
||||
return status;
|
||||
}
|
||||
|
||||
FORT_API DWORD fort_prov_flow_register(HANDLE transEngine, BOOL filter_transport)
|
||||
{
|
||||
FWPM_FILTER0 sfilter4, dfilter4;
|
||||
FWPM_FILTER0 itfilter4, otfilter4;
|
||||
HANDLE engine = transEngine;
|
||||
const UINT32 filter_flags = FWPM_FILTER_FLAG_PERMIT_IF_CALLOUT_UNREGISTERED
|
||||
| FWP_CALLOUT_FLAG_ALLOW_MID_STREAM_INSPECTION;
|
||||
DWORD status;
|
||||
|
||||
if (!transEngine) {
|
||||
if ((status = fort_prov_open(&engine)))
|
||||
goto end;
|
||||
|
||||
fort_prov_trans_begin(engine);
|
||||
}
|
||||
|
||||
RtlZeroMemory(&sfilter4, sizeof(FWPM_FILTER0));
|
||||
sfilter4.flags = filter_flags;
|
||||
sfilter4.filterKey = FORT_GUID_FILTER_STREAM_V4;
|
||||
sfilter4.layerKey = FWPM_LAYER_STREAM_V4;
|
||||
sfilter4.subLayerKey = FORT_GUID_SUBLAYER;
|
||||
sfilter4.displayData.name = (PWCHAR) L"FortFilterStream4";
|
||||
sfilter4.displayData.description = (PWCHAR) L"Fort Firewall Filter Stream V4";
|
||||
sfilter4.action.type = FWP_ACTION_CALLOUT_TERMINATING;
|
||||
sfilter4.action.calloutKey = FORT_GUID_CALLOUT_STREAM_V4;
|
||||
|
||||
RtlZeroMemory(&dfilter4, sizeof(FWPM_FILTER0));
|
||||
dfilter4.flags = filter_flags;
|
||||
dfilter4.filterKey = FORT_GUID_FILTER_DATAGRAM_V4;
|
||||
dfilter4.layerKey = FWPM_LAYER_DATAGRAM_DATA_V4;
|
||||
dfilter4.subLayerKey = FORT_GUID_SUBLAYER;
|
||||
dfilter4.displayData.name = (PWCHAR) L"FortFilterDatagram4";
|
||||
dfilter4.displayData.description = (PWCHAR) L"Fort Firewall Filter Datagram V4";
|
||||
dfilter4.action.type = FWP_ACTION_CALLOUT_TERMINATING;
|
||||
dfilter4.action.calloutKey = FORT_GUID_CALLOUT_DATAGRAM_V4;
|
||||
|
||||
RtlZeroMemory(&itfilter4, sizeof(FWPM_FILTER0));
|
||||
itfilter4.flags = filter_flags;
|
||||
itfilter4.filterKey = FORT_GUID_FILTER_IN_TRANSPORT_V4;
|
||||
itfilter4.layerKey = FWPM_LAYER_INBOUND_TRANSPORT_V4;
|
||||
itfilter4.subLayerKey = FORT_GUID_SUBLAYER;
|
||||
itfilter4.displayData.name = (PWCHAR) L"FortFilterInTransport4";
|
||||
itfilter4.displayData.description = (PWCHAR) L"Fort Firewall Filter Inbound Transport V4";
|
||||
itfilter4.action.type = FWP_ACTION_CALLOUT_TERMINATING;
|
||||
itfilter4.action.calloutKey = FORT_GUID_CALLOUT_IN_TRANSPORT_V4;
|
||||
|
||||
RtlZeroMemory(&otfilter4, sizeof(FWPM_FILTER0));
|
||||
otfilter4.flags = filter_flags;
|
||||
otfilter4.filterKey = FORT_GUID_FILTER_OUT_TRANSPORT_V4;
|
||||
otfilter4.layerKey = FWPM_LAYER_OUTBOUND_TRANSPORT_V4;
|
||||
otfilter4.subLayerKey = FORT_GUID_SUBLAYER;
|
||||
otfilter4.displayData.name = (PWCHAR) L"FortFilterOutTransport4";
|
||||
otfilter4.displayData.description = (PWCHAR) L"Fort Firewall Filter Outbound Transport V4";
|
||||
otfilter4.action.type = FWP_ACTION_CALLOUT_TERMINATING;
|
||||
otfilter4.action.calloutKey = FORT_GUID_CALLOUT_OUT_TRANSPORT_V4;
|
||||
|
||||
if ((status = FwpmFilterAdd0(engine, &sfilter4, NULL, NULL))
|
||||
|| (status = FwpmFilterAdd0(engine, &dfilter4, NULL, NULL))
|
||||
|| (filter_transport
|
||||
&& ((status = FwpmFilterAdd0(engine, &itfilter4, NULL, NULL))
|
||||
|| (status = FwpmFilterAdd0(engine, &otfilter4, NULL, NULL))))) {
|
||||
fort_prov_trans_abort(engine);
|
||||
}
|
||||
|
||||
if (!transEngine) {
|
||||
if (NT_SUCCESS(status)) {
|
||||
status = fort_prov_trans_commit(engine);
|
||||
}
|
||||
|
||||
fort_prov_close(engine);
|
||||
}
|
||||
|
||||
end:
|
||||
return status;
|
||||
}
|
||||
|
||||
FORT_API BOOL fort_prov_is_boot(void)
|
||||
{
|
||||
HANDLE engine;
|
||||
BOOL is_boot = FALSE;
|
||||
|
||||
if (!fort_prov_open(&engine)) {
|
||||
FWPM_PROVIDER0 *provider;
|
||||
|
||||
if (!FwpmProviderGetByKey0(engine, (GUID *) &FORT_GUID_PROVIDER, &provider)) {
|
||||
is_boot = (provider->flags & FWPM_PROVIDER_FLAG_PERSISTENT);
|
||||
|
||||
FwpmFreeMemory0((void **) &provider);
|
||||
}
|
||||
|
||||
fort_prov_close(engine);
|
||||
}
|
||||
|
||||
return is_boot;
|
||||
}
|
||||
|
||||
FORT_API DWORD fort_prov_reauth(HANDLE transEngine)
|
||||
{
|
||||
HANDLE engine = transEngine;
|
||||
DWORD status;
|
||||
|
||||
if (!transEngine) {
|
||||
if ((status = fort_prov_open(&engine)))
|
||||
goto end;
|
||||
|
||||
fort_prov_trans_begin(engine);
|
||||
}
|
||||
|
||||
status = FwpmFilterDeleteByKey0(engine, (GUID *) &FORT_GUID_FILTER_REAUTH_IN);
|
||||
if (NT_SUCCESS(status)) {
|
||||
FwpmFilterDeleteByKey0(engine, (GUID *) &FORT_GUID_FILTER_REAUTH_OUT);
|
||||
} else {
|
||||
FWPM_FILTER0 ifilter, ofilter;
|
||||
|
||||
RtlZeroMemory(&ifilter, sizeof(FWPM_FILTER0));
|
||||
ifilter.filterKey = FORT_GUID_FILTER_REAUTH_IN;
|
||||
ifilter.layerKey = FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4;
|
||||
ifilter.subLayerKey = FORT_GUID_SUBLAYER;
|
||||
ifilter.displayData.name = (PWCHAR) L"FortFilterReauthIn";
|
||||
ifilter.displayData.description = (PWCHAR) L"Fort Firewall Filter Reauth Inbound";
|
||||
ifilter.action.type = FWP_ACTION_CONTINUE;
|
||||
|
||||
RtlZeroMemory(&ofilter, sizeof(FWPM_FILTER0));
|
||||
ofilter.filterKey = FORT_GUID_FILTER_REAUTH_OUT;
|
||||
ofilter.layerKey = FWPM_LAYER_ALE_AUTH_CONNECT_V4;
|
||||
ofilter.subLayerKey = FORT_GUID_SUBLAYER;
|
||||
ofilter.displayData.name = (PWCHAR) L"FortFilterReauthOut";
|
||||
ofilter.displayData.description = (PWCHAR) L"Fort Firewall Filter Reauth Outbound";
|
||||
ofilter.action.type = FWP_ACTION_CONTINUE;
|
||||
|
||||
status = FwpmFilterAdd0(engine, &ifilter, NULL, NULL);
|
||||
FwpmFilterAdd0(engine, &ofilter, NULL, NULL);
|
||||
}
|
||||
|
||||
if (!transEngine) {
|
||||
if (NT_SUCCESS(status)) {
|
||||
status = fort_prov_trans_commit(engine);
|
||||
} else {
|
||||
fort_prov_trans_abort(engine);
|
||||
}
|
||||
|
||||
fort_prov_close(engine);
|
||||
}
|
||||
|
||||
end:
|
||||
return status;
|
||||
}
|
||||
|
34
src/driver/common/fortprov.h
Normal file
34
src/driver/common/fortprov.h
Normal file
@ -0,0 +1,34 @@
|
||||
#ifndef FORTPROV_H
|
||||
#define FORTPROV_H
|
||||
|
||||
#include "common.h"
|
||||
|
||||
#include <fwpmu.h>
|
||||
|
||||
#define fort_prov_open(engine) FwpmEngineOpen0(NULL, RPC_C_AUTHN_WINNT, NULL, NULL, (engine))
|
||||
#define fort_prov_close(engine) FwpmEngineClose0(engine)
|
||||
#define fort_prov_trans_begin(engine) FwpmTransactionBegin0((engine), 0)
|
||||
#define fort_prov_trans_commit(engine) FwpmTransactionCommit0(engine)
|
||||
#define fort_prov_trans_abort(engine) FwpmTransactionAbort0(engine)
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
FORT_API void fort_prov_unregister(HANDLE transEngine);
|
||||
|
||||
FORT_API void fort_prov_flow_unregister(HANDLE transEngine);
|
||||
|
||||
FORT_API DWORD fort_prov_register(HANDLE transEngine, BOOL is_boot);
|
||||
|
||||
FORT_API DWORD fort_prov_flow_register(HANDLE transEngine, BOOL filter_transport);
|
||||
|
||||
FORT_API BOOL fort_prov_is_boot(void);
|
||||
|
||||
FORT_API DWORD fort_prov_reauth(HANDLE transEngine);
|
||||
|
||||
#ifdef __cplusplus
|
||||
} // extern "C"
|
||||
#endif
|
||||
|
||||
#endif // FORTPROV_H
|
@ -12,42 +12,35 @@
|
||||
** and to ignore the '/'.
|
||||
*/
|
||||
|
||||
#define WM_NOMATCH 1
|
||||
#define WM_MATCH 0
|
||||
#define WM_ABORT_ALL -1
|
||||
#define WM_ABORT_TO_STARSTAR -2
|
||||
|
||||
#include "wildmatch.h"
|
||||
|
||||
typedef unsigned char uchar;
|
||||
|
||||
typedef WCHAR wm_char;
|
||||
|
||||
#define ISASCII(c) ((c) < 128)
|
||||
|
||||
#define WM_STRCHR(str,c) ((const WCHAR *) wcschr((const WCHAR *) (str),(c)))
|
||||
#define WM_STRCHR(str, c) ((const WCHAR *) wcschr((const WCHAR *) (str), (c)))
|
||||
|
||||
#define DIR_SEP '\\'
|
||||
#define DIR_SEP '\\'
|
||||
|
||||
/* What character marks an inverted character class? */
|
||||
#define NEGATE_CLASS '!'
|
||||
#define NEGATE_CLASS2 '^'
|
||||
#define NEGATE_CLASS '!'
|
||||
#define NEGATE_CLASS2 '^'
|
||||
|
||||
|
||||
#define GIT_SPACE 0x01
|
||||
#define GIT_DIGIT 0x02
|
||||
#define GIT_ALPHA 0x04
|
||||
#define GIT_GLOB_SPECIAL 0x08
|
||||
#define GIT_REGEX_SPECIAL 0x10
|
||||
#define GIT_SPACE 0x01
|
||||
#define GIT_DIGIT 0x02
|
||||
#define GIT_ALPHA 0x04
|
||||
#define GIT_GLOB_SPECIAL 0x08
|
||||
#define GIT_REGEX_SPECIAL 0x10
|
||||
#define GIT_PATHSPEC_MAGIC 0x20
|
||||
#define GIT_CNTRL 0x40
|
||||
#define GIT_PUNCT 0x80
|
||||
#define GIT_CNTRL 0x40
|
||||
#define GIT_PUNCT 0x80
|
||||
|
||||
enum {
|
||||
S = GIT_SPACE,
|
||||
A = GIT_ALPHA,
|
||||
D = GIT_DIGIT,
|
||||
G = GIT_GLOB_SPECIAL, /* *, ?, [ */
|
||||
R = GIT_REGEX_SPECIAL, /* $, (, ), +, ., ^, {, | */
|
||||
G = GIT_GLOB_SPECIAL, /* *, ?, [ */
|
||||
R = GIT_REGEX_SPECIAL, /* $, (, ), +, ., ^, {, | */
|
||||
P = GIT_PATHSPEC_MAGIC, /* other non-alnum, except for ] and } */
|
||||
X = GIT_CNTRL,
|
||||
U = GIT_PUNCT,
|
||||
@ -55,28 +48,27 @@ enum {
|
||||
};
|
||||
|
||||
const uchar sane_ctype[256] = {
|
||||
X, X, X, X, X, X, X, X, X, Z, Z, X, X, Z, X, X, /* 0.. 15 */
|
||||
X, X, X, X, X, X, X, X, X, X, X, X, X, X, X, X, /* 16.. 31 */
|
||||
S, P, P, P, R, P, P, P, R, R, G, R, P, P, R, P, /* 32.. 47 */
|
||||
D, D, D, D, D, D, D, D, D, D, P, P, P, P, P, G, /* 48.. 63 */
|
||||
P, A, A, A, A, A, A, A, A, A, A, A, A, A, A, A, /* 64.. 79 */
|
||||
A, A, A, A, A, A, A, A, A, A, A, G, P, U, R, P, /* 80.. 95 */
|
||||
P, A, A, A, A, A, A, A, A, A, A, A, A, A, A, A, /* 96..111 */
|
||||
A, A, A, A, A, A, A, A, A, A, A, R, R, U, P, X, /* 112..127 */
|
||||
X, X, X, X, X, X, X, X, X, Z, Z, X, X, Z, X, X, /* 0.. 15 */
|
||||
X, X, X, X, X, X, X, X, X, X, X, X, X, X, X, X, /* 16.. 31 */
|
||||
S, P, P, P, R, P, P, P, R, R, G, R, P, P, R, P, /* 32.. 47 */
|
||||
D, D, D, D, D, D, D, D, D, D, P, P, P, P, P, G, /* 48.. 63 */
|
||||
P, A, A, A, A, A, A, A, A, A, A, A, A, A, A, A, /* 64.. 79 */
|
||||
A, A, A, A, A, A, A, A, A, A, A, G, P, U, R, P, /* 80.. 95 */
|
||||
P, A, A, A, A, A, A, A, A, A, A, A, A, A, A, A, /* 96..111 */
|
||||
A, A, A, A, A, A, A, A, A, A, A, R, R, U, P, X, /* 112..127 */
|
||||
/* Nothing in the 128.. range */
|
||||
};
|
||||
|
||||
#define sane_istest(x,mask) ((sane_ctype[(uchar)(x)] & (mask)) != 0)
|
||||
#define is_glob_special(x) (ISASCII(x) && sane_istest(x,GIT_GLOB_SPECIAL))
|
||||
|
||||
#define sane_istest(x, mask) ((sane_ctype[(uchar)(x)] & (mask)) != 0)
|
||||
#define is_glob_special(x) (ISASCII(x) && sane_istest(x, GIT_GLOB_SPECIAL))
|
||||
|
||||
/* Match the "pattern" against the "text" string. */
|
||||
static int wildmatch(const wm_char *pattern, const wm_char *text)
|
||||
FORT_API int wildmatch(const wm_char *pattern, const wm_char *text)
|
||||
{
|
||||
const wm_char *p = pattern;
|
||||
wm_char p_ch;
|
||||
|
||||
for ( ; (p_ch = *p) != '\0'; text++, p++) {
|
||||
for (; (p_ch = *p) != '\0'; text++, p++) {
|
||||
int matched, match_slash, negated;
|
||||
wm_char t_ch, prev_ch;
|
||||
|
||||
@ -96,9 +88,8 @@ static int wildmatch(const wm_char *pattern, const wm_char *text)
|
||||
case '*':
|
||||
if (*++p == '*') {
|
||||
const wm_char *prev_p = p - 2;
|
||||
while (*++p == '*') {}
|
||||
if ((prev_p < pattern || *prev_p == DIR_SEP)
|
||||
&& (*p == '\0' || *p == DIR_SEP)) {
|
||||
while (*++p == '*') { }
|
||||
if ((prev_p < pattern || *prev_p == DIR_SEP) && (*p == '\0' || *p == DIR_SEP)) {
|
||||
/*
|
||||
* Assuming we already match 'foo/' and are at
|
||||
* <star star slash>, just assume it matches
|
||||
@ -108,8 +99,7 @@ static int wildmatch(const wm_char *pattern, const wm_char *text)
|
||||
* otherwise it breaks C comment syntax) match
|
||||
* both foo/bar and foo/a/bar.
|
||||
*/
|
||||
if (p[0] == DIR_SEP
|
||||
&& wildmatch(p + 1, text) == WM_MATCH)
|
||||
if (p[0] == DIR_SEP && wildmatch(p + 1, text) == WM_MATCH)
|
||||
return WM_MATCH;
|
||||
match_slash = 1;
|
||||
} else {
|
||||
@ -151,8 +141,7 @@ static int wildmatch(const wm_char *pattern, const wm_char *text)
|
||||
*/
|
||||
if (!is_glob_special(*p)) {
|
||||
p_ch = *p;
|
||||
while ((t_ch = *text) != '\0'
|
||||
&& (match_slash || t_ch != DIR_SEP)) {
|
||||
while ((t_ch = *text) != '\0' && (match_slash || t_ch != DIR_SEP)) {
|
||||
if (t_ch == p_ch)
|
||||
break;
|
||||
text++;
|
||||
|
23
src/driver/common/wildmatch.h
Normal file
23
src/driver/common/wildmatch.h
Normal file
@ -0,0 +1,23 @@
|
||||
#ifndef WILDMATCH_H
|
||||
#define WILDMATCH_H
|
||||
|
||||
#include "common.h"
|
||||
|
||||
#define WM_NOMATCH 1
|
||||
#define WM_MATCH 0
|
||||
#define WM_ABORT_ALL -1
|
||||
#define WM_ABORT_TO_STARSTAR -2
|
||||
|
||||
typedef WCHAR wm_char;
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
FORT_API int wildmatch(const wm_char *pattern, const wm_char *text);
|
||||
|
||||
#ifdef __cplusplus
|
||||
} // extern "C"
|
||||
#endif
|
||||
|
||||
#endif // WILDMATCH_H
|
@ -16,6 +16,4 @@
|
||||
#define fort_request_complete(irp, status) \
|
||||
fort_request_complete_info((irp), (status), 0)
|
||||
|
||||
#define UNUSED(p) ((void) (p))
|
||||
|
||||
#endif FORTDRV_H
|
||||
#endif // FORTDRV_H
|
||||
|
@ -12,8 +12,5 @@ UI_PWD = $$PWD/../../ui
|
||||
# Driver integration
|
||||
include($$UI_PWD/../driver/Driver.pri)
|
||||
|
||||
# Windows
|
||||
LIBS += -lfwpuclnt -lkernel32 -luser32 -luuid -lws2_32
|
||||
|
||||
INCLUDEPATH += $$PWD
|
||||
INCLUDEPATH += $$UI_PWD
|
||||
|
@ -263,7 +263,6 @@ RESOURCES += conf/conf-zone.qrc
|
||||
}
|
||||
|
||||
# Windows
|
||||
LIBS += -lfwpuclnt -lkernel32 -luser32 -luuid -lversion -lws2_32
|
||||
RC_FILE = FortFirewall.rc
|
||||
OTHER_FILES += $${RC_FILE}
|
||||
|
||||
|
@ -1,18 +1,9 @@
|
||||
#include "fortcommon.h"
|
||||
|
||||
#define _WIN32_WINNT 0x0601
|
||||
#define WIN32_LEAN_AND_MEAN
|
||||
#include <qt_windows.h>
|
||||
#include <winioctl.h>
|
||||
#include <fwpmu.h>
|
||||
|
||||
#include <common/common.h>
|
||||
#include <common/fortconf.h>
|
||||
#include <common/fortdev.h>
|
||||
|
||||
#include <common/fortconf.c>
|
||||
#include <common/fortlog.c>
|
||||
#include <common/fortprov.c>
|
||||
#include <common/fortlog.h>
|
||||
#include <common/fortprov.h>
|
||||
|
||||
FortCommon::FortCommon(QObject *parent) : QObject(parent) { }
|
||||
|
||||
|
@ -2,12 +2,6 @@
|
||||
|
||||
#include <QRegularExpression>
|
||||
|
||||
#define BOOL quint8
|
||||
#define UCHAR quint8
|
||||
#define UINT16 quint16
|
||||
#define UINT32 quint32
|
||||
#define UINT64 quint64
|
||||
|
||||
#include <common/fortconf.h>
|
||||
|
||||
#include "../../conf/addressgroup.h"
|
||||
|
Loading…
Reference in New Issue
Block a user