mirrors/fort
1
0
Fork 0
mirror of https://github.com/tnodir/fort synced 2024-11-15 13:16:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Driver: Reorganize common/.

Browse Source
This commit is contained in:
Nodir Temirkhodjaev 2020-09-06 15:26:55 +03:00
parent bfa9d41c01
commit 506c8a0c1e
17 changed files with 1049 additions and 1056 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/driver/Driver.pri
View File

@ -1,6 +1,18 @@
INCLUDEPATH += $$PWD INCLUDEPATH += $$PWD
SOURCES += \
$$PWD/common/fortconf.c \
$$PWD/common/fortlog.c \
$$PWD/common/fortprov.c \
$$PWD/common/wildmatch.c
HEADERS += \ HEADERS += \
$$PWD/common/common.h \ $$PWD/common/common.h \
$$PWD/common/fortconf.h \ $$PWD/common/fortconf.h \
$$PWD/common/fortdev.h $$PWD/common/fortdev.h \
$$PWD/common/fortlog.h \
$$PWD/common/fortprov.h \
$$PWD/common/wildmatch.h
# Windows
LIBS *= -lfwpuclnt -lkernel32 -luser32 -luuid -lversion -lws2_32

85
src/driver/_clang-format
View File

@ -1,85 +0,0 @@
---
# Webkit style was loosely based on the Qt style
BasedOnStyle: WebKit
Standard: Cpp11
# Column width is limited to 100 in accordance with Qt Coding Style.
# https://wiki.qt.io/Qt_Coding_Style
# Note that this may be changed at some point in the future.
ColumnLimit: 100
# How much weight do extra characters after the line length limit have.
# PenaltyExcessCharacter: 4
# Disable reflow of qdoc comments: indentation rules are different.
# Translation comments are also excluded.
CommentPragmas: "^!|^:"
# We want a space between the type and the star for pointer types.
PointerBindsToType: false
# We use template< without space.
SpaceAfterTemplateKeyword: false
# We want to break before the operators, but not before a '='.
BreakBeforeBinaryOperators: NonAssignment
# Braces are usually attached, but not after functions or class declarations.
BreakBeforeBraces: Custom
BraceWrapping:
AfterClass: true
AfterControlStatement: false
AfterEnum: false
AfterFunction: true
AfterNamespace: false
AfterObjCDeclaration: false
AfterStruct: true
AfterUnion: false
BeforeCatch: false
BeforeElse: false
IndentBraces: false
# When constructor initializers do not fit on one line, put them each on a new line.
ConstructorInitializerAllOnOneLineOrOnePerLine: true
# Indent initializers by 2 spaces
ConstructorInitializerIndentWidth: 2
# Indent width for line continuations.
ContinuationIndentWidth: 4
# No indentation for namespaces.
NamespaceIndentation: None
# Allow indentation for preprocessing directives (if/ifdef/endif). https://reviews.llvm.org/rL312125
IndentPPDirectives: AfterHash
# Don't horizontally align arguments after an open bracket.
AlignAfterOpenBracket: DontAlign
AlwaysBreakTemplateDeclarations: true
# Ideally we should also allow less short function in a single line, but
# clang-format does not handle that.
AllowShortFunctionsOnASingleLine: Inline
# The coding style specifies some include order categories, but also tells to
# separate categories with an empty line. It does not specify the order within
# the categories. Since the SortInclude feature of clang-format does not
# re-order includes separated by empty lines, the feature is not used.
SortIncludes: false
# Sort each #include block separately.
IncludeBlocks: Preserve
# macros for which the opening brace stays attached.
ForEachMacros: [ foreach, Q_FOREACH, BOOST_FOREACH, forever, Q_FOREVER, QBENCHMARK, QBENCHMARK_ONCE ]
# Break constructor initializers before the colon and after the commas.
BreakConstructorInitializers: AfterColon
# Align C/C++ preprocessor macros of consecutive lines.
AlignConsecutiveMacros: true
# Space is inserted after C style casts.
SpaceAfterCStyleCast: true

33
src/driver/common/common.h
View File

@ -1,16 +1,33 @@
#ifndef COMMON_H #ifndef COMMON_H
#define COMMON_H #define COMMON_H
#ifndef NT_SUCCESS #if !defined(FORT_API)
#define NT_SUCCESS(status) ((LONG) (status) >= 0) # if defined(FORT_AMALG)
# define FORT_API static
# else
# define FORT_API extern
# endif
#endif #endif
#define FORT_STATUS_USER_ERROR STATUS_INVALID_PARAMETER #define UNUSED(p) ((void) (p))
#define FORT_ERROR_USER_ERROR ERROR_INVALID_PARAMETER
#ifndef NT_SUCCESS
# define NT_SUCCESS(status) ((LONG)(status) >= 0)
#endif
#define FORT_STATUS_USER_ERROR STATUS_INVALID_PARAMETER
#define FORT_ERROR_USER_ERROR ERROR_INVALID_PARAMETER
/* Convert system time to seconds since 1970 */ /* Convert system time to seconds since 1970 */
#define SECSPERDAY 86400 #define SECSPERDAY 86400
#define SECS_1601_TO_1970 ((369 * 365 + 89) * (INT64) SECSPERDAY) /* 1601 to 1970 is 369 years plus 89 leap days */ #define SECS_1601_TO_1970 \
#define fort_system_to_unix_time(system_time) ((system_time) / 10000000 - SECS_1601_TO_1970) ((369 * 365 + 89) * (INT64) SECSPERDAY) /* 1601 to 1970 is 369 years plus 89 leap days */
#define fort_system_to_unix_time(system_time) ((system_time) / 10000000 - SECS_1601_TO_1970)
#endif COMMON_H #if !defined(FORT_DRIVER)
# define _WIN32_WINNT 0x0601
# define WIN32_LEAN_AND_MEAN
# include <windows.h>
#endif
#endif // COMMON_H

575
src/driver/common/fortconf.c
View File

@ -1,380 +1,337 @@
/* Fort Firewall Driver Configuration */ /* Fort Firewall Driver Configuration */
#include "fortconf.h" #include "fortconf.h"
#include "wildmatch.h"
#include "wildmatch.c"
#ifndef FORT_DRIVER #ifndef FORT_DRIVER
#define fort_memcmp memcmp # define fort_memcmp memcmp
#else #else
static int static int fort_memcmp(const char *p1, const char *p2, size_t len)
fort_memcmp (const char *p1, const char *p2, size_t len)
{ {
const size_t n = RtlCompareMemory(p1, p2, len); const size_t n = RtlCompareMemory(p1, p2, len);
return (n == len) ? 0 : (p1[n] - p2[n]); return (n == len) ? 0 : (p1[n] - p2[n]);
} }
#endif #endif
static int FORT_API int bit_scan_forward(unsigned long mask)
bit_scan_forward (unsigned long mask)
{ {
unsigned long index; unsigned long index;
return _BitScanForward(&index, mask) ? index : -1; return _BitScanForward(&index, mask) ? index : -1;
} }
static BOOL FORT_API BOOL is_time_in_period(FORT_TIME time, FORT_PERIOD period)
is_time_in_period (FORT_TIME time, FORT_PERIOD period)
{ {
const int x = time.hour * 60 + time.minute; const int x = time.hour * 60 + time.minute;
const int from = period.from.hour * 60 + period.from.minute; const int from = period.from.hour * 60 + period.from.minute;
const int to = period.to.hour * 60 + period.to.minute; const int to = period.to.hour * 60 + period.to.minute;
return (from <= to ? (x >= from && x < (to - 1)) return (from <= to ? (x >= from && x < (to - 1)) : (x >= from || x < (to - 1)));
: (x >= from || x < (to - 1)));
} }
static BOOL static BOOL fort_conf_ip_find(UINT32 ip, UINT32 count, const UINT32 *iparr, BOOL is_range)
fort_conf_ip_find (UINT32 ip, UINT32 count, const UINT32 *iparr, BOOL is_range)
{ {
int low, high; int low, high;
if (count == 0) if (count == 0)
return FALSE; return FALSE;
low = 0, high = count - 1; low = 0, high = count - 1;
do { do {
const int mid = (low + high) / 2; const int mid = (low + high) / 2;
const UINT32 mid_ip = iparr[mid]; const UINT32 mid_ip = iparr[mid];
if (ip < mid_ip) if (ip < mid_ip)
high = mid - 1; high = mid - 1;
else if (ip > mid_ip) else if (ip > mid_ip)
low = mid + 1; low = mid + 1;
else else
return TRUE; return TRUE;
} while (low <= high); } while (low <= high);
if (!is_range) if (!is_range)
return FALSE; return FALSE;
return high >= 0 && ip >= iparr[high] return high >= 0 && ip >= iparr[high] && ip <= iparr[count + high];
&& ip <= iparr[count + high];
} }
static BOOL static BOOL fort_conf_ip_inarr(UINT32 ip, UINT32 count, const UINT32 *iparr)
fort_conf_ip_inarr (UINT32 ip, UINT32 count, const UINT32 *iparr)
{ {
return fort_conf_ip_find(ip, count, iparr, FALSE); return fort_conf_ip_find(ip, count, iparr, FALSE);
} }
static BOOL static BOOL fort_conf_ip_inrange(UINT32 ip, UINT32 count, const UINT32 *iprange)
fort_conf_ip_inrange (UINT32 ip, UINT32 count, const UINT32 *iprange)
{ {
return fort_conf_ip_find(ip, count, iprange, TRUE); return fort_conf_ip_find(ip, count, iprange, TRUE);
} }
#define fort_conf_addr_list_ip_ref(addr_list) \ #define fort_conf_addr_list_ip_ref(addr_list) (addr_list)->ip
(addr_list)->ip #define fort_conf_addr_list_pair_ref(addr_list) &(addr_list)->ip[(addr_list)->ip_n]
#define fort_conf_addr_list_pair_ref(addr_list) \
&(addr_list)->ip[(addr_list)->ip_n]
static BOOL FORT_API BOOL fort_conf_ip_inlist(UINT32 ip, const PFORT_CONF_ADDR_LIST addr_list)
fort_conf_ip_inlist (UINT32 ip, const PFORT_CONF_ADDR_LIST addr_list)
{ {
return fort_conf_ip_inarr(ip, addr_list->ip_n, return fort_conf_ip_inarr(ip, addr_list->ip_n, fort_conf_addr_list_ip_ref(addr_list))
fort_conf_addr_list_ip_ref(addr_list)) || fort_conf_ip_inrange(ip, addr_list->pair_n, fort_conf_addr_list_pair_ref(addr_list));
|| fort_conf_ip_inrange(ip, addr_list->pair_n,
fort_conf_addr_list_pair_ref(addr_list));
} }
static const PFORT_CONF_ADDR_GROUP FORT_API PFORT_CONF_ADDR_GROUP fort_conf_addr_group_ref(const PFORT_CONF conf, int addr_group_index)
fort_conf_addr_group_ref (const PFORT_CONF conf, int addr_group_index)
{ {
const UINT32 *addr_group_offsets = (const UINT32 *) const UINT32 *addr_group_offsets = (const UINT32 *) (conf->data + conf->addr_groups_off);
(conf->data + conf->addr_groups_off); const char *addr_group_data = (const char *) addr_group_offsets;
const char *addr_group_data = (const char *) addr_group_offsets;
return (PFORT_CONF_ADDR_GROUP) return (PFORT_CONF_ADDR_GROUP)(addr_group_data + addr_group_offsets[addr_group_index]);
(addr_group_data + addr_group_offsets[addr_group_index]);
} }
#define fort_conf_addr_group_include_list_ref(addr_group) \ FORT_API BOOL fort_conf_ip_included(const PFORT_CONF conf,
((PFORT_CONF_ADDR_LIST) (addr_group)->data) fort_conf_zones_ip_included_func zone_func, void *ctx, UINT32 remote_ip, int addr_group_index)
#define fort_conf_addr_group_exclude_list_ref(addr_group) \
((PFORT_CONF_ADDR_LIST) ((addr_group)->data + (addr_group)->exclude_off))
static BOOL
fort_conf_ip_included (const PFORT_CONF conf,
fort_conf_zones_ip_included_func zone_func,
void *ctx, UINT32 remote_ip, int addr_group_index)
{ {
const PFORT_CONF_ADDR_GROUP addr_group = fort_conf_addr_group_ref( const PFORT_CONF_ADDR_GROUP addr_group = fort_conf_addr_group_ref(conf, addr_group_index);
conf, addr_group_index);
const BOOL include_all = addr_group->include_all; const BOOL include_all = addr_group->include_all;
const BOOL exclude_all = addr_group->exclude_all; const BOOL exclude_all = addr_group->exclude_all;
const BOOL ip_included = include_all ? TRUE const BOOL ip_included = include_all
: ((!addr_group->include_is_empty ? TRUE
&& fort_conf_ip_inlist(remote_ip, fort_conf_addr_group_include_list_ref(addr_group))) : ((!addr_group->include_is_empty
|| (zone_func != NULL && zone_func(ctx, addr_group->include_zones, remote_ip))); && fort_conf_ip_inlist(remote_ip, fort_conf_addr_group_include_list_ref(addr_group)))
|| (zone_func != NULL && zone_func(ctx, addr_group->include_zones, remote_ip)));
const BOOL ip_excluded = exclude_all ? TRUE const BOOL ip_excluded = exclude_all
: ((!addr_group->exclude_is_empty ? TRUE
&& fort_conf_ip_inlist(remote_ip, fort_conf_addr_group_exclude_list_ref(addr_group))) : ((!addr_group->exclude_is_empty
|| (zone_func != NULL && zone_func(ctx, addr_group->exclude_zones, remote_ip))); && fort_conf_ip_inlist(remote_ip, fort_conf_addr_group_exclude_list_ref(addr_group)))
|| (zone_func != NULL && zone_func(ctx, addr_group->exclude_zones, remote_ip)));
return include_all ? !ip_excluded return include_all ? !ip_excluded : (exclude_all ? ip_included : (ip_included && !ip_excluded));
: (exclude_all ? ip_included
: (ip_included && !ip_excluded));
} }
#define fort_conf_ip_is_inet(conf, zones_func, ctx, remote_ip) \ #define fort_conf_ip_is_inet(conf, zones_func, ctx, remote_ip) \
fort_conf_ip_included((conf), (zones_func), (ctx), (remote_ip), 0) fort_conf_ip_included((conf), (zones_func), (ctx), (remote_ip), 0)
#define fort_conf_ip_inet_included(conf, zones_func, ctx, remote_ip) \ #define fort_conf_ip_inet_included(conf, zones_func, ctx, remote_ip) \
fort_conf_ip_included((conf), (zones_func), (ctx), (remote_ip), 1) fort_conf_ip_included((conf), (zones_func), (ctx), (remote_ip), 1)
static BOOL FORT_API BOOL fort_conf_app_exe_equal(PFORT_APP_ENTRY app_entry, const char *path, UINT32 path_len)
fort_conf_app_exe_equal (PFORT_APP_ENTRY app_entry,
const char *path, UINT32 path_len)
{ {
const char *app_path = (const char *) (app_entry + 1); const char *app_path = (const char *) (app_entry + 1);
const UINT32 app_path_len = app_entry->path_len; const UINT32 app_path_len = app_entry->path_len;
if (path_len != app_path_len) if (path_len != app_path_len)
return FALSE; return FALSE;
return fort_memcmp(path, app_path, path_len) == 0; return fort_memcmp(path, app_path, path_len) == 0;
} }
static FORT_APP_FLAGS FORT_API FORT_APP_FLAGS fort_conf_app_exe_find(
fort_conf_app_exe_find (const PFORT_CONF conf, const PFORT_CONF conf, const char *path, UINT32 path_len)
const char *path, UINT32 path_len)
{ {
FORT_APP_FLAGS app_flags; FORT_APP_FLAGS app_flags;
const char *data; const char *data;
const char *app_entries; const char *app_entries;
UINT16 count = conf->exe_apps_n; UINT16 count = conf->exe_apps_n;
if (count == 0) if (count == 0)
goto not_found; goto not_found;
data = conf->data; data = conf->data;
app_entries = (const char *) (data + conf->exe_apps_off); app_entries = (const char *) (data + conf->exe_apps_off);
do { do {
const PFORT_APP_ENTRY app_entry = (const PFORT_APP_ENTRY) app_entries; const PFORT_APP_ENTRY app_entry = (const PFORT_APP_ENTRY) app_entries;
if (fort_conf_app_exe_equal(app_entry, path, path_len)) { if (fort_conf_app_exe_equal(app_entry, path, path_len)) {
app_flags = app_entry->flags; app_flags = app_entry->flags;
goto end; goto end;
}
app_entries += FORT_CONF_APP_ENTRY_SIZE(app_entry->path_len);
} while (--count != 0);
not_found:
app_flags.v = 0;
end:
return app_flags;
}
static int fort_conf_app_prefix_cmp(PFORT_APP_ENTRY app_entry, const char *path, UINT32 path_len)
{
const char *app_path = (const char *) (app_entry + 1);
const UINT32 app_path_len = app_entry->path_len;
if (path_len > app_path_len)
path_len = app_path_len;
return fort_memcmp(path, app_path, path_len);
}
static FORT_APP_FLAGS fort_conf_app_prefix_find(
const PFORT_CONF conf, const char *path, UINT32 path_len)
{
FORT_APP_FLAGS app_flags;
const char *data;
const UINT32 *app_offsets;
const char *app_entries;
const UINT16 count = conf->prefix_apps_n;
int low, high;
if (count == 0)
goto not_found;
data = conf->data;
app_offsets = (const UINT32 *) (data + conf->prefix_apps_off);
app_entries = (const char *) (app_offsets + count + 1);
low = 0, high = count - 1;
do {
const int mid = (low + high) / 2;
const UINT32 app_off = app_offsets[mid];
const PFORT_APP_ENTRY app_entry = (PFORT_APP_ENTRY)(app_entries + app_off);
const int res = fort_conf_app_prefix_cmp(app_entry, path, path_len);
if (res < 0)
high = mid - 1;
else if (res > 0)
low = mid + 1;
else {
app_flags = app_entry->flags;
goto end;
}
} while (low <= high);
not_found:
app_flags.v = 0;
end:
return app_flags;
}
static FORT_APP_FLAGS fort_conf_app_wild_find(const PFORT_CONF conf, const char *path)
{
FORT_APP_FLAGS app_flags;
const char *data;
const char *app_entries;
UINT16 count = conf->wild_apps_n;
if (count == 0)
goto not_found;
data = conf->data;
app_entries = (const char *) (data + conf->wild_apps_off);
do {
const PFORT_APP_ENTRY app_entry = (const PFORT_APP_ENTRY) app_entries;
const WCHAR *app_path = (const WCHAR *) (app_entry + 1);
const int res = wildmatch(app_path, (const WCHAR *) path);
if (res == WM_MATCH) {
app_flags = app_entry->flags;
goto end;
}
app_entries += FORT_CONF_APP_ENTRY_SIZE(app_entry->path_len);
} while (--count != 0);
not_found:
app_flags.v = 0;
end:
return app_flags;
}
FORT_API FORT_APP_FLAGS fort_conf_app_find(const PFORT_CONF conf, const char *path, UINT32 path_len,
fort_conf_app_exe_find_func *exe_find_func)
{
FORT_APP_FLAGS app_flags;
app_flags = exe_find_func(conf, path, path_len);
if (app_flags.v != 0)
goto end;
app_flags = fort_conf_app_prefix_find(conf, path, path_len);
if (app_flags.v != 0)
goto end;
app_flags = fort_conf_app_wild_find(conf, path);
end:
return app_flags;
}
FORT_API BOOL fort_conf_app_blocked(const PFORT_CONF conf, FORT_APP_FLAGS app_flags)
{
const BOOL app_found = (app_flags.v != 0);
if (app_found && !app_flags.use_group_perm) {
return app_flags.blocked;
} else {
const UINT32 app_perm_val = app_flags.blocked ? 2 : 1;
const UINT32 app_perm = app_perm_val << (app_flags.group_index * 2);
const BOOL block_all = conf->flags.app_block_all;
const BOOL allow_all = conf->flags.app_allow_all;
const BOOL app_blocked =
block_all ? TRUE : (app_found && (app_perm & conf->app_perms_block_mask));
const BOOL app_allowed =
allow_all ? TRUE : (app_found && (app_perm & conf->app_perms_allow_mask));
return block_all ? !app_allowed : (allow_all ? app_blocked : (app_blocked && !app_allowed));
}
}
FORT_API UINT16 fort_conf_app_period_bits(const PFORT_CONF conf, FORT_TIME time, int *periods_n)
{
const char *data;
PFORT_PERIOD app_periods;
UINT16 period_bits;
UINT8 count = conf->app_periods_n;
int n, i;
if (count == 0)
return 0;
data = conf->data;
app_periods = (const PFORT_PERIOD)(data + conf->app_periods_off);
period_bits = (UINT16) conf->flags.group_bits;
n = 0;
for (i = 0; i < FORT_CONF_GROUP_MAX; ++i) {
const UINT16 bit = (1 << i);
const FORT_PERIOD period = *app_periods++;
if ((period_bits & bit) != 0 && period.v != 0) {
if (!is_time_in_period(time, period)) {
period_bits ^= bit;
}
++n;
if (--count == 0)
break;
}
} }
app_entries += FORT_CONF_APP_ENTRY_SIZE(app_entry->path_len); if (periods_n != NULL) {
} while (--count != 0); *periods_n = n;
not_found:
app_flags.v = 0;
end:
return app_flags;
}
static int
fort_conf_app_prefix_cmp (PFORT_APP_ENTRY app_entry,
const char *path, UINT32 path_len)
{
const char *app_path = (const char *) (app_entry + 1);
const UINT32 app_path_len = app_entry->path_len;
if (path_len > app_path_len)
path_len = app_path_len;
return fort_memcmp(path, app_path, path_len);
}
static FORT_APP_FLAGS
fort_conf_app_prefix_find (const PFORT_CONF conf,
const char *path, UINT32 path_len)
{
FORT_APP_FLAGS app_flags;
const char *data;
const UINT32 *app_offsets;
const char *app_entries;
const UINT16 count = conf->prefix_apps_n;
int low, high;
if (count == 0)
goto not_found;
data = conf->data;
app_offsets = (const UINT32 *) (data + conf->prefix_apps_off);
app_entries = (const char *) (app_offsets + count + 1);
low = 0, high = count - 1;
do {
const int mid = (low + high) / 2;
const UINT32 app_off = app_offsets[mid];
const PFORT_APP_ENTRY app_entry = (PFORT_APP_ENTRY) (app_entries + app_off);
const int res = fort_conf_app_prefix_cmp(app_entry, path, path_len);
if (res < 0)
high = mid - 1;
else if (res > 0)
low = mid + 1;
else {
app_flags = app_entry->flags;
goto end;
}
} while (low <= high);
not_found:
app_flags.v = 0;
end:
return app_flags;
}
static FORT_APP_FLAGS
fort_conf_app_wild_find (const PFORT_CONF conf, const char *path)
{
FORT_APP_FLAGS app_flags;
const char *data;
const char *app_entries;
UINT16 count = conf->wild_apps_n;
if (count == 0)
goto not_found;
data = conf->data;
app_entries = (const char *) (data + conf->wild_apps_off);
do {
const PFORT_APP_ENTRY app_entry = (const PFORT_APP_ENTRY) app_entries;
const WCHAR *app_path = (const WCHAR *) (app_entry + 1);
const int res = wildmatch(app_path, (const WCHAR *) path);
if (res == WM_MATCH) {
app_flags = app_entry->flags;
goto end;
} }
app_entries += FORT_CONF_APP_ENTRY_SIZE(app_entry->path_len); return period_bits;
} while (--count != 0);
not_found:
app_flags.v = 0;
end:
return app_flags;
} }
static FORT_APP_FLAGS FORT_API void fort_conf_app_perms_mask_init(PFORT_CONF conf, UINT32 group_bits)
fort_conf_app_find (const PFORT_CONF conf,
const char *path, UINT32 path_len,
fort_conf_app_exe_find_func *exe_find_func)
{ {
FORT_APP_FLAGS app_flags; UINT32 perms_mask = (group_bits & 0x0001) | ((group_bits & 0x0002) << 1)
| ((group_bits & 0x0004) << 2) | ((group_bits & 0x0008) << 3) | ((group_bits & 0x0010) << 4)
| ((group_bits & 0x0020) << 5) | ((group_bits & 0x0040) << 6) | ((group_bits & 0x0080) << 7)
| ((group_bits & 0x0100) << 8) | ((group_bits & 0x0200) << 9)
| ((group_bits & 0x0400) << 10) | ((group_bits & 0x0800) << 11)
| ((group_bits & 0x1000) << 12) | ((group_bits & 0x2000) << 13)
| ((group_bits & 0x4000) << 14) | ((group_bits & 0x8000) << 15);
app_flags = exe_find_func(conf, path, path_len); perms_mask |= perms_mask << 1;
if (app_flags.v != 0)
goto end;
app_flags = fort_conf_app_prefix_find(conf, path, path_len); conf->app_perms_block_mask = (perms_mask & 0xAAAAAAAA);
if (app_flags.v != 0) conf->app_perms_allow_mask = (perms_mask & 0x55555555);
goto end;
app_flags = fort_conf_app_wild_find(conf, path);
end:
return app_flags;
}
static BOOL
fort_conf_app_blocked (const PFORT_CONF conf, FORT_APP_FLAGS app_flags)
{
const BOOL app_found = (app_flags.v != 0);
if (app_found && !app_flags.use_group_perm) {
return app_flags.blocked;
} else {
const UINT32 app_perm_val = app_flags.blocked ? 2 : 1;
const UINT32 app_perm = app_perm_val << (app_flags.group_index * 2);
const BOOL block_all = conf->flags.app_block_all;
const BOOL allow_all = conf->flags.app_allow_all;
const BOOL app_blocked = block_all ? TRUE : (app_found
&& (app_perm & conf->app_perms_block_mask));
const BOOL app_allowed = allow_all ? TRUE : (app_found
&& (app_perm & conf->app_perms_allow_mask));
return block_all ? !app_allowed
: (allow_all ? app_blocked
: (app_blocked && !app_allowed));
}
}
static UINT16
fort_conf_app_period_bits (const PFORT_CONF conf, FORT_TIME time,
int *periods_n)
{
const char *data;
PFORT_PERIOD app_periods;
UINT16 period_bits;
UINT8 count = conf->app_periods_n;
int n, i;
if (count == 0)
return 0;
data = conf->data;
app_periods = (const PFORT_PERIOD) (data + conf->app_periods_off);
period_bits = (UINT16) conf->flags.group_bits;
n = 0;
for (i = 0; i < FORT_CONF_GROUP_MAX; ++i) {
const UINT16 bit = (1 << i);
const FORT_PERIOD period = *app_periods++;
if ((period_bits & bit) != 0 && period.v != 0) {
if (!is_time_in_period(time, period)) {
period_bits ^= bit;
}
++n;
if (--count == 0)
break;
}
}
if (periods_n != NULL) {
*periods_n = n;
}
return period_bits;
}
static void
fort_conf_app_perms_mask_init (PFORT_CONF conf, UINT32 group_bits)
{
UINT32 perms_mask =
(group_bits & 0x0001) | ((group_bits & 0x0002) << 1)
| ((group_bits & 0x0004) << 2) | ((group_bits & 0x0008) << 3)
| ((group_bits & 0x0010) << 4) | ((group_bits & 0x0020) << 5)
| ((group_bits & 0x0040) << 6) | ((group_bits & 0x0080) << 7)
| ((group_bits & 0x0100) << 8) | ((group_bits & 0x0200) << 9)
| ((group_bits & 0x0400) << 10) | ((group_bits & 0x0800) << 11)
| ((group_bits & 0x1000) << 12) | ((group_bits & 0x2000) << 13)
| ((group_bits & 0x4000) << 14) | ((group_bits & 0x8000) << 15);
perms_mask |= perms_mask << 1;
conf->app_perms_block_mask = (perms_mask & 0xAAAAAAAA);
conf->app_perms_allow_mask = (perms_mask & 0x55555555);
} }

294
src/driver/common/fortconf.h
View File

@ -1,182 +1,242 @@
#ifndef FORTCONF_H #ifndef FORTCONF_H
#define FORTCONF_H #define FORTCONF_H
#define FORT_CONF_IP_MAX (10 * 1024 * 1024) #include "common.h"
#define FORT_CONF_IP_ARR_SIZE(n) ((n) * sizeof(UINT32))
#define FORT_CONF_IP_RANGE_SIZE(n) (FORT_CONF_IP_ARR_SIZE(n) * 2)
#define FORT_CONF_ZONE_MAX 32
#define FORT_CONF_GROUP_MAX 16
#define FORT_CONF_APPS_LEN_MAX (64 * 1024 * 1024)
#define FORT_CONF_APP_PATH_MAX (2 * 1024)
#define FORT_CONF_STR_ALIGN 4
#define FORT_CONF_STR_HEADER_SIZE(n) (((n) + 1) * sizeof(UINT32))
#define FORT_CONF_STR_DATA_SIZE(size) ((((size) + (FORT_CONF_STR_ALIGN - 1)) & ~(FORT_CONF_STR_ALIGN - 1)))
#define FORT_CONF_APP_ENTRY_SIZE(len) (sizeof(FORT_APP_ENTRY) + (len) + sizeof(wchar_t)) /* include terminating zero */
typedef struct fort_conf_flags { #define FORT_CONF_IP_MAX (10 * 1024 * 1024)
UINT32 prov_boot : 1; #define FORT_CONF_IP_ARR_SIZE(n) ((n) * sizeof(UINT32))
UINT32 filter_enabled : 1; #define FORT_CONF_IP_RANGE_SIZE(n) (FORT_CONF_IP_ARR_SIZE(n) * 2)
UINT32 filter_locals : 1; #define FORT_CONF_ZONE_MAX 32
UINT32 stop_traffic : 1; #define FORT_CONF_GROUP_MAX 16
UINT32 stop_inet_traffic : 1; #define FORT_CONF_APPS_LEN_MAX (64 * 1024 * 1024)
UINT32 allow_all_new : 1; #define FORT_CONF_APP_PATH_MAX (2 * 1024)
UINT32 app_block_all : 1; #define FORT_CONF_STR_ALIGN 4
UINT32 app_allow_all : 1; #define FORT_CONF_STR_HEADER_SIZE(n) (((n) + 1) * sizeof(UINT32))
UINT32 log_blocked : 1; #define FORT_CONF_STR_DATA_SIZE(size) \
UINT32 log_stat : 1; ((((size) + (FORT_CONF_STR_ALIGN - 1)) & ~(FORT_CONF_STR_ALIGN - 1)))
#define FORT_CONF_APP_ENTRY_SIZE(len) \
(sizeof(FORT_APP_ENTRY) + (len) + sizeof(wchar_t)) /* include terminating zero */
UINT32 group_bits : 16; typedef struct fort_conf_flags
{
UINT32 prov_boot : 1;
UINT32 filter_enabled : 1;
UINT32 filter_locals : 1;
UINT32 stop_traffic : 1;
UINT32 stop_inet_traffic : 1;
UINT32 allow_all_new : 1;
UINT32 app_block_all : 1;
UINT32 app_allow_all : 1;
UINT32 log_blocked : 1;
UINT32 log_stat : 1;
UINT32 group_bits : 16;
} FORT_CONF_FLAGS, *PFORT_CONF_FLAGS; } FORT_CONF_FLAGS, *PFORT_CONF_FLAGS;
typedef struct fort_conf_addr_list { typedef struct fort_conf_addr_list
UINT32 ip_n; {
UINT32 pair_n; UINT32 ip_n;
UINT32 pair_n;
UINT32 ip[1]; UINT32 ip[1];
} FORT_CONF_ADDR_LIST, *PFORT_CONF_ADDR_LIST; } FORT_CONF_ADDR_LIST, *PFORT_CONF_ADDR_LIST;
typedef struct fort_conf_addr_group { typedef struct fort_conf_addr_group
UINT32 include_all : 1; {
UINT32 exclude_all : 1; UINT32 include_all : 1;
UINT32 include_is_empty : 1; UINT32 exclude_all : 1;
UINT32 exclude_is_empty : 1; UINT32 include_is_empty : 1;
UINT32 exclude_is_empty : 1;
UINT32 include_zones; UINT32 include_zones;
UINT32 exclude_zones; UINT32 exclude_zones;
UINT32 exclude_off; UINT32 exclude_off;
char data[4]; char data[4];
} FORT_CONF_ADDR_GROUP, *PFORT_CONF_ADDR_GROUP; } FORT_CONF_ADDR_GROUP, *PFORT_CONF_ADDR_GROUP;
typedef struct fort_conf_zones { typedef struct fort_conf_zones
UINT32 mask; {
UINT32 enabled_mask; UINT32 mask;
UINT32 enabled_mask;
UINT32 addr_off[FORT_CONF_ZONE_MAX]; UINT32 addr_off[FORT_CONF_ZONE_MAX];
char data[4]; char data[4];
} FORT_CONF_ZONES, *PFORT_CONF_ZONES; } FORT_CONF_ZONES, *PFORT_CONF_ZONES;
typedef struct fort_conf_zone_flag { typedef struct fort_conf_zone_flag
UCHAR zone_id; {
UCHAR enabled; UCHAR zone_id;
UCHAR enabled;
} FORT_CONF_ZONE_FLAG, *PFORT_CONF_ZONE_FLAG; } FORT_CONF_ZONE_FLAG, *PFORT_CONF_ZONE_FLAG;
typedef struct fort_traf { typedef struct fort_traf
union { {
UINT64 v; union {
UINT64 v;
struct { struct
UINT32 in_bytes; {
UINT32 out_bytes; UINT32 in_bytes;
UINT32 out_bytes;
};
}; };
};
} FORT_TRAF, *PFORT_TRAF; } FORT_TRAF, *PFORT_TRAF;
typedef struct fort_time { typedef struct fort_time
union { {
UINT16 v; union {
UINT16 v;
struct { struct
UCHAR hour; {
UCHAR minute; UCHAR hour;
UCHAR minute;
};
}; };
};
} FORT_TIME, *PFORT_TIME; } FORT_TIME, *PFORT_TIME;
typedef struct fort_period { typedef struct fort_period
union { {
UINT32 v; union {
UINT32 v;
struct { struct
FORT_TIME from; {
FORT_TIME to; FORT_TIME from;
FORT_TIME to;
};
}; };
};
} FORT_PERIOD, *PFORT_PERIOD; } FORT_PERIOD, *PFORT_PERIOD;
typedef struct fort_app_flags { typedef struct fort_app_flags
union { {
UINT16 v; union {
UINT16 v;
struct { struct
UCHAR group_index; {
UCHAR use_group_perm : 1; UCHAR group_index;
UCHAR blocked : 1; UCHAR use_group_perm : 1;
UCHAR alerted : 1; UCHAR blocked : 1;
UCHAR is_new : 1; UCHAR alerted : 1;
UCHAR found : 1; UCHAR is_new : 1;
UCHAR found : 1;
};
}; };
};
} FORT_APP_FLAGS, *PFORT_APP_FLAGS; } FORT_APP_FLAGS, *PFORT_APP_FLAGS;
typedef struct fort_app_entry { typedef struct fort_app_entry
union { {
UINT32 v; union {
UINT32 v;
struct { struct
UINT16 path_len; {
FORT_APP_FLAGS flags; UINT16 path_len;
FORT_APP_FLAGS flags;
};
}; };
};
} FORT_APP_ENTRY, *PFORT_APP_ENTRY; } FORT_APP_ENTRY, *PFORT_APP_ENTRY;
typedef struct fort_conf_group { typedef struct fort_conf_group
UINT16 fragment_bits; {
UINT16 fragment_bits;
UINT16 limit_bits; UINT16 limit_bits;
UINT32 limit_2bits; UINT32 limit_2bits;
FORT_TRAF limits[FORT_CONF_GROUP_MAX]; /* Bytes per 0.5 sec. */ FORT_TRAF limits[FORT_CONF_GROUP_MAX]; /* Bytes per 0.5 sec. */
} FORT_CONF_GROUP, *PFORT_CONF_GROUP; } FORT_CONF_GROUP, *PFORT_CONF_GROUP;
typedef struct fort_conf { typedef struct fort_conf
FORT_CONF_FLAGS flags; {
FORT_CONF_FLAGS flags;
UCHAR app_periods_n; UCHAR app_periods_n;
UINT16 wild_apps_n; UINT16 wild_apps_n;
UINT16 prefix_apps_n; UINT16 prefix_apps_n;
UINT16 exe_apps_n; UINT16 exe_apps_n;
UINT32 app_perms_block_mask; UINT32 app_perms_block_mask;
UINT32 app_perms_allow_mask; UINT32 app_perms_allow_mask;
UINT32 addr_groups_off; UINT32 addr_groups_off;
UINT32 app_periods_off; UINT32 app_periods_off;
UINT32 wild_apps_off; UINT32 wild_apps_off;
UINT32 prefix_apps_off; UINT32 prefix_apps_off;
UINT32 exe_apps_off; UINT32 exe_apps_off;
char data[4]; char data[4];
} FORT_CONF, *PFORT_CONF; } FORT_CONF, *PFORT_CONF;
typedef struct fort_conf_version { typedef struct fort_conf_version
UINT16 driver_version; {
UINT16 driver_version;
} FORT_CONF_VERSION, *PFORT_CONF_VERSION; } FORT_CONF_VERSION, *PFORT_CONF_VERSION;
typedef struct fort_conf_io { typedef struct fort_conf_io
FORT_CONF_GROUP conf_group; {
FORT_CONF_GROUP conf_group;
FORT_CONF conf; FORT_CONF conf;
} FORT_CONF_IO, *PFORT_CONF_IO; } FORT_CONF_IO, *PFORT_CONF_IO;
#define FORT_CONF_DATA_OFF offsetof(FORT_CONF, data) #define FORT_CONF_DATA_OFF offsetof(FORT_CONF, data)
#define FORT_CONF_IO_CONF_OFF offsetof(FORT_CONF_IO, conf) #define FORT_CONF_IO_CONF_OFF offsetof(FORT_CONF_IO, conf)
#define FORT_CONF_ADDR_LIST_OFF offsetof(FORT_CONF_ADDR_LIST, ip) #define FORT_CONF_ADDR_LIST_OFF offsetof(FORT_CONF_ADDR_LIST, ip)
#define FORT_CONF_ADDR_GROUP_OFF offsetof(FORT_CONF_ADDR_GROUP, data) #define FORT_CONF_ADDR_GROUP_OFF offsetof(FORT_CONF_ADDR_GROUP, data)
#define FORT_CONF_ZONES_DATA_OFF offsetof(FORT_CONF_ZONES, data) #define FORT_CONF_ZONES_DATA_OFF offsetof(FORT_CONF_ZONES, data)
#define FORT_CONF_ADDR_LIST_SIZE(ip_n, pair_n) \ #define FORT_CONF_ADDR_LIST_SIZE(ip_n, pair_n) \
(FORT_CONF_ADDR_LIST_OFF + FORT_CONF_IP_ARR_SIZE(ip_n) + FORT_CONF_IP_RANGE_SIZE(pair_n)) (FORT_CONF_ADDR_LIST_OFF + FORT_CONF_IP_ARR_SIZE(ip_n) + FORT_CONF_IP_RANGE_SIZE(pair_n))
typedef FORT_APP_FLAGS fort_conf_app_exe_find_func( typedef FORT_APP_FLAGS fort_conf_app_exe_find_func(
const PFORT_CONF conf, const char *path, UINT32 path_len); const PFORT_CONF conf, const char *path, UINT32 path_len);
typedef BOOL fort_conf_zones_ip_included_func( typedef BOOL fort_conf_zones_ip_included_func(void *ctx, UINT32 zones_mask, UINT32 remote_ip);
void *ctx, UINT32 zones_mask, UINT32 remote_ip);
#endif FORTCONF_H #if defined(__cplusplus)
extern "C" {
#endif
FORT_API int bit_scan_forward(unsigned long mask);
FORT_API BOOL is_time_in_period(FORT_TIME time, FORT_PERIOD period);
FORT_API BOOL fort_conf_ip_inlist(UINT32 ip, const PFORT_CONF_ADDR_LIST addr_list);
FORT_API PFORT_CONF_ADDR_GROUP fort_conf_addr_group_ref(
const PFORT_CONF conf, int addr_group_index);
#define fort_conf_addr_group_include_list_ref(addr_group) ((PFORT_CONF_ADDR_LIST)(addr_group)->data)
#define fort_conf_addr_group_exclude_list_ref(addr_group) \
((PFORT_CONF_ADDR_LIST)((addr_group)->data + (addr_group)->exclude_off))
FORT_API BOOL fort_conf_ip_included(const PFORT_CONF conf,
fort_conf_zones_ip_included_func zone_func, void *ctx, UINT32 remote_ip, int addr_group_index);
FORT_API BOOL fort_conf_app_exe_equal(PFORT_APP_ENTRY app_entry, const char *path, UINT32 path_len);
FORT_API FORT_APP_FLAGS fort_conf_app_exe_find(
const PFORT_CONF conf, const char *path, UINT32 path_len);
FORT_API FORT_APP_FLAGS fort_conf_app_find(const PFORT_CONF conf, const char *path, UINT32 path_len,
fort_conf_app_exe_find_func *exe_find_func);
FORT_API BOOL fort_conf_app_blocked(const PFORT_CONF conf, FORT_APP_FLAGS app_flags);
FORT_API UINT16 fort_conf_app_period_bits(const PFORT_CONF conf, FORT_TIME time, int *periods_n);
FORT_API void fort_conf_app_perms_mask_init(PFORT_CONF conf, UINT32 group_bits);
#ifdef __cplusplus
} // extern "C"
#endif
#endif // FORTCONF_H

94
src/driver/common/fortdev.h
View File

@ -1,89 +1,93 @@
#ifndef FORTDEV_H #ifndef FORTDEV_H
#define FORTDEV_H #define FORTDEV_H
#include "common.h"
#define INITGUID #define INITGUID
#include <guiddef.h> #include <guiddef.h>
#include <winioctl.h>
/* GUID-s generated by guidgen.exe */ /* GUID-s generated by guidgen.exe */
/* {012B3999-B791-463E-918C-C32B53E9350E} */ /* {012B3999-B791-463E-918C-C32B53E9350E} */
DEFINE_GUID(FORT_GUID_PROVIDER, DEFINE_GUID(
0x12b3999, 0xb791, 0x463e, 0x91, 0x8c, 0xc3, 0x2b, 0x53, 0xe9, 0x35, 0xe); FORT_GUID_PROVIDER, 0x12b3999, 0xb791, 0x463e, 0x91, 0x8c, 0xc3, 0x2b, 0x53, 0xe9, 0x35, 0xe);
/* {749978E2-CB6A-42F9-9C30-1A3EA9810185} */ /* {749978E2-CB6A-42F9-9C30-1A3EA9810185} */
DEFINE_GUID(FORT_GUID_CALLOUT_CONNECT_V4, DEFINE_GUID(FORT_GUID_CALLOUT_CONNECT_V4, 0x749978e2, 0xcb6a, 0x42f9, 0x9c, 0x30, 0x1a, 0x3e, 0xa9,
0x749978e2, 0xcb6a, 0x42f9, 0x9c, 0x30, 0x1a, 0x3e, 0xa9, 0x81, 0x1, 0x85); 0x81, 0x1, 0x85);
/* {CED9C0FC-DF22-4F39-9185-B435726CABB2} */ /* {CED9C0FC-DF22-4F39-9185-B435726CABB2} */
DEFINE_GUID(FORT_GUID_CALLOUT_ACCEPT_V4, DEFINE_GUID(FORT_GUID_CALLOUT_ACCEPT_V4, 0xced9c0fc, 0xdf22, 0x4f39, 0x91, 0x85, 0xb4, 0x35, 0x72,
0xced9c0fc, 0xdf22, 0x4f39, 0x91, 0x85, 0xb4, 0x35, 0x72, 0x6c, 0xab, 0xb2); 0x6c, 0xab, 0xb2);
/* {1F50005D-CDBC-42A0-A0C0-53E43081FABE} */ /* {1F50005D-CDBC-42A0-A0C0-53E43081FABE} */
DEFINE_GUID(FORT_GUID_CALLOUT_STREAM_V4, DEFINE_GUID(FORT_GUID_CALLOUT_STREAM_V4, 0x1f50005d, 0xcdbc, 0x42a0, 0xa0, 0xc0, 0x53, 0xe4, 0x30,
0x1f50005d, 0xcdbc, 0x42a0, 0xa0, 0xc0, 0x53, 0xe4, 0x30, 0x81, 0xfa, 0xbe); 0x81, 0xfa, 0xbe);
/* {5F1A7B3C-3E88-41C9-A442-61CFE6A48806} */ /* {5F1A7B3C-3E88-41C9-A442-61CFE6A48806} */
DEFINE_GUID(FORT_GUID_CALLOUT_DATAGRAM_V4, DEFINE_GUID(FORT_GUID_CALLOUT_DATAGRAM_V4, 0x5f1a7b3c, 0x3e88, 0x41c9, 0xa4, 0x42, 0x61, 0xcf, 0xe6,
0x5f1a7b3c, 0x3e88, 0x41c9, 0xa4, 0x42, 0x61, 0xcf, 0xe6, 0xa4, 0x88, 0x6); 0xa4, 0x88, 0x6);
/* {DED18B1B-0022-415F-AFDC-C9D59CE6D475} */ /* {DED18B1B-0022-415F-AFDC-C9D59CE6D475} */
DEFINE_GUID(FORT_GUID_CALLOUT_IN_TRANSPORT_V4, DEFINE_GUID(FORT_GUID_CALLOUT_IN_TRANSPORT_V4, 0xded18b1b, 0x22, 0x415f, 0xaf, 0xdc, 0xc9, 0xd5,
0xded18b1b, 0x22, 0x415f, 0xaf, 0xdc, 0xc9, 0xd5, 0x9c, 0xe6, 0xd4, 0x75); 0x9c, 0xe6, 0xd4, 0x75);
/* {0004F6D3-8430-4B35-9BF7-23C25C25003E} */ /* {0004F6D3-8430-4B35-9BF7-23C25C25003E} */
DEFINE_GUID(FORT_GUID_CALLOUT_OUT_TRANSPORT_V4, DEFINE_GUID(FORT_GUID_CALLOUT_OUT_TRANSPORT_V4, 0x4f6d3, 0x8430, 0x4b35, 0x9b, 0xf7, 0x23, 0xc2,
0x4f6d3, 0x8430, 0x4b35, 0x9b, 0xf7, 0x23, 0xc2, 0x5c, 0x25, 0x0, 0x3e); 0x5c, 0x25, 0x0, 0x3e);
/* {AFA06CD5-4942-4FDF-8A4A-2EDEB25BBECE} */ /* {AFA06CD5-4942-4FDF-8A4A-2EDEB25BBECE} */
DEFINE_GUID(FORT_GUID_SUBLAYER, DEFINE_GUID(
0xafa06cd5, 0x4942, 0x4fdf, 0x8a, 0x4a, 0x2e, 0xde, 0xb2, 0x5b, 0xbe, 0xce); FORT_GUID_SUBLAYER, 0xafa06cd5, 0x4942, 0x4fdf, 0x8a, 0x4a, 0x2e, 0xde, 0xb2, 0x5b, 0xbe, 0xce);
/* {91CF8B80-7BB2-42BA-8A26-8242E14532FC} */ /* {91CF8B80-7BB2-42BA-8A26-8242E14532FC} */
DEFINE_GUID(FORT_GUID_FILTER_CONNECT_V4, DEFINE_GUID(FORT_GUID_FILTER_CONNECT_V4, 0x91cf8b80, 0x7bb2, 0x42ba, 0x8a, 0x26, 0x82, 0x42, 0xe1,
0x91cf8b80, 0x7bb2, 0x42ba, 0x8a, 0x26, 0x82, 0x42, 0xe1, 0x45, 0x32, 0xfc); 0x45, 0x32, 0xfc);
/* {544A3E25-7BEB-4970-88EF-B4BCA2CE2482} */ /* {544A3E25-7BEB-4970-88EF-B4BCA2CE2482} */
DEFINE_GUID(FORT_GUID_FILTER_ACCEPT_V4, DEFINE_GUID(FORT_GUID_FILTER_ACCEPT_V4, 0x544a3e25, 0x7beb, 0x4970, 0x88, 0xef, 0xb4, 0xbc, 0xa2,
0x544a3e25, 0x7beb, 0x4970, 0x88, 0xef, 0xb4, 0xbc, 0xa2, 0xce, 0x24, 0x82); 0xce, 0x24, 0x82);
/* {ED0F2527-A787-4CA2-9493-C96320422FCF} */ /* {ED0F2527-A787-4CA2-9493-C96320422FCF} */
DEFINE_GUID(FORT_GUID_FILTER_STREAM_V4, DEFINE_GUID(FORT_GUID_FILTER_STREAM_V4, 0xed0f2527, 0xa787, 0x4ca2, 0x94, 0x93, 0xc9, 0x63, 0x20,
0xed0f2527, 0xa787, 0x4ca2, 0x94, 0x93, 0xc9, 0x63, 0x20, 0x42, 0x2f, 0xcf); 0x42, 0x2f, 0xcf);
/* {A3700639-1B50-461C-BE4C-BC350A7FB3A9} */ /* {A3700639-1B50-461C-BE4C-BC350A7FB3A9} */
DEFINE_GUID(FORT_GUID_FILTER_DATAGRAM_V4, DEFINE_GUID(FORT_GUID_FILTER_DATAGRAM_V4, 0xa3700639, 0x1b50, 0x461c, 0xbe, 0x4c, 0xbc, 0x35, 0xa,
0xa3700639, 0x1b50, 0x461c, 0xbe, 0x4c, 0xbc, 0x35, 0xa, 0x7f, 0xb3, 0xa9); 0x7f, 0xb3, 0xa9);
/* {F515D62B-26A3-413E-874C-D65CE70C9AEF} */ /* {F515D62B-26A3-413E-874C-D65CE70C9AEF} */
DEFINE_GUID(FORT_GUID_FILTER_IN_TRANSPORT_V4, DEFINE_GUID(FORT_GUID_FILTER_IN_TRANSPORT_V4, 0xf515d62b, 0x26a3, 0x413e, 0x87, 0x4c, 0xd6, 0x5c,
0xf515d62b, 0x26a3, 0x413e, 0x87, 0x4c, 0xd6, 0x5c, 0xe7, 0xc, 0x9a, 0xef); 0xe7, 0xc, 0x9a, 0xef);
/* {D284AFE8-4CAF-4432-A753-B6F311BDA2BA} */ /* {D284AFE8-4CAF-4432-A753-B6F311BDA2BA} */
DEFINE_GUID(FORT_GUID_FILTER_OUT_TRANSPORT_V4, DEFINE_GUID(FORT_GUID_FILTER_OUT_TRANSPORT_V4, 0xd284afe8, 0x4caf, 0x4432, 0xa7, 0x53, 0xb6, 0xf3,
0xd284afe8, 0x4caf, 0x4432, 0xa7, 0x53, 0xb6, 0xf3, 0x11, 0xbd, 0xa2, 0xba); 0x11, 0xbd, 0xa2, 0xba);
/* {C2D858F8-2951-4EED-8DA1-A4930F8E5204} */ /* {C2D858F8-2951-4EED-8DA1-A4930F8E5204} */
DEFINE_GUID(FORT_GUID_FILTER_REAUTH_IN, DEFINE_GUID(FORT_GUID_FILTER_REAUTH_IN, 0xc2d858f8, 0x2951, 0x4eed, 0x8d, 0xa1, 0xa4, 0x93, 0xf,
0xc2d858f8, 0x2951, 0x4eed, 0x8d, 0xa1, 0xa4, 0x93, 0xf, 0x8e, 0x52, 0x4); 0x8e, 0x52, 0x4);
/* {749709CE-9686-4056-B89A-7A5852DFC898} */ /* {749709CE-9686-4056-B89A-7A5852DFC898} */
DEFINE_GUID(FORT_GUID_FILTER_REAUTH_OUT, DEFINE_GUID(FORT_GUID_FILTER_REAUTH_OUT, 0x749709ce, 0x9686, 0x4056, 0xb8, 0x9a, 0x7a, 0x58, 0x52,
0x749709ce, 0x9686, 0x4056, 0xb8, 0x9a, 0x7a, 0x58, 0x52, 0xdf, 0xc8, 0x98); 0xdf, 0xc8, 0x98);
#define FORT_DEVICE_NAME "\\\\.\\fortfw" #define FORT_DEVICE_NAME "\\\\.\\fortfw"
#define FORT_DEVICE_TYPE 0xD000 #define FORT_DEVICE_TYPE 0xD000
#define FORT_IOCTL_BASE 0xD00 #define FORT_IOCTL_BASE 0xD00
#define FORT_CTL_CODE(i,a) CTL_CODE(FORT_DEVICE_TYPE, FORT_IOCTL_BASE + (i), METHOD_BUFFERED, (a)) #define FORT_CTL_CODE(i, a) CTL_CODE(FORT_DEVICE_TYPE, FORT_IOCTL_BASE + (i), METHOD_BUFFERED, (a))
#define FORT_IOCTL_VALIDATE FORT_CTL_CODE(0, FILE_WRITE_DATA) #define FORT_IOCTL_VALIDATE FORT_CTL_CODE(0, FILE_WRITE_DATA)
#define FORT_IOCTL_SETCONF FORT_CTL_CODE(1, FILE_WRITE_DATA) #define FORT_IOCTL_SETCONF FORT_CTL_CODE(1, FILE_WRITE_DATA)
#define FORT_IOCTL_SETFLAGS FORT_CTL_CODE(2, FILE_WRITE_DATA) #define FORT_IOCTL_SETFLAGS FORT_CTL_CODE(2, FILE_WRITE_DATA)
#define FORT_IOCTL_GETLOG FORT_CTL_CODE(3, FILE_READ_DATA) #define FORT_IOCTL_GETLOG FORT_CTL_CODE(3, FILE_READ_DATA)
#define FORT_IOCTL_ADDAPP FORT_CTL_CODE(4, FILE_WRITE_DATA) #define FORT_IOCTL_ADDAPP FORT_CTL_CODE(4, FILE_WRITE_DATA)
#define FORT_IOCTL_DELAPP FORT_CTL_CODE(5, FILE_WRITE_DATA) #define FORT_IOCTL_DELAPP FORT_CTL_CODE(5, FILE_WRITE_DATA)
#define FORT_IOCTL_SETZONES FORT_CTL_CODE(6, FILE_WRITE_DATA) #define FORT_IOCTL_SETZONES FORT_CTL_CODE(6, FILE_WRITE_DATA)
#define FORT_IOCTL_SETZONEFLAG FORT_CTL_CODE(7, FILE_WRITE_DATA) #define FORT_IOCTL_SETZONEFLAG FORT_CTL_CODE(7, FILE_WRITE_DATA)
#endif FORTDEV_H #endif // FORTDEV_H

145
src/driver/common/fortlog.c
View File

@ -1,135 +1,78 @@
/* Fort Firewall Driver Log */ /* Fort Firewall Driver Log */
#define FORT_BUFFER_SIZE (16 * 1024 - 64) #include "fortlog.h"
#define FORT_LOG_PATH_MAX 512
#define FORT_LOG_ALIGN 4
#define FORT_LOG_FLAG_BLOCKED 0x01000000 FORT_API void fort_log_blocked_header_write(char *p, BOOL blocked, UINT32 remote_ip,
#define FORT_LOG_FLAG_PROC_NEW 0x02000000 UINT16 remote_port, UCHAR ip_proto, UINT32 pid, UINT32 path_len)
#define FORT_LOG_FLAG_STAT_TRAF 0x04000000
#define FORT_LOG_FLAG_BLOCKED_ALLOW 0x10000000
#define FORT_LOG_FLAG_TYPE_MASK 0x0F000000
#define FORT_LOG_FLAG_OPT_MASK 0xF0000000
#define FORT_LOG_FLAG_EX_MASK 0xFF000000
#define FORT_LOG_BLOCKED_HEADER_SIZE (4 * sizeof(UINT32))
#define FORT_LOG_BLOCKED_SIZE(path_len) \
((FORT_LOG_BLOCKED_HEADER_SIZE + (path_len) \
+ (FORT_LOG_ALIGN - 1)) & ~(FORT_LOG_ALIGN - 1))
#define FORT_LOG_BLOCKED_SIZE_MAX FORT_LOG_BLOCKED_SIZE(FORT_LOG_PATH_MAX)
#define FORT_LOG_PROC_NEW_HEADER_SIZE (2 * sizeof(UINT32))
#define FORT_LOG_PROC_NEW_SIZE(path_len) \
((FORT_LOG_PROC_NEW_HEADER_SIZE + (path_len) \
+ (FORT_LOG_ALIGN - 1)) & ~(FORT_LOG_ALIGN - 1))
#define FORT_LOG_STAT_HEADER_SIZE (sizeof(UINT32) + sizeof(INT64))
#define FORT_LOG_STAT_TRAF_SIZE(proc_count) \
(proc_count * 3 * sizeof(UINT32))
#define FORT_LOG_STAT_SIZE(proc_count) \
(FORT_LOG_STAT_HEADER_SIZE + FORT_LOG_STAT_TRAF_SIZE(proc_count))
#define FORT_LOG_STAT_BUFFER_PROC_COUNT \
((FORT_BUFFER_SIZE - FORT_LOG_STAT_HEADER_SIZE) / FORT_LOG_STAT_TRAF_SIZE(1))
#define FORT_LOG_SIZE_MAX FORT_LOG_BLOCKED_SIZE_MAX
#define fort_log_type(p) (*((UINT32 *) (p)) & FORT_LOG_FLAG_TYPE_MASK)
static void
fort_log_blocked_header_write (char *p, BOOL blocked, UINT32 remote_ip,
UINT16 remote_port, UCHAR ip_proto,
UINT32 pid, UINT32 path_len)
{ {
UINT32 *up = (UINT32 *) p; UINT32 *up = (UINT32 *) p;
*up++ = FORT_LOG_FLAG_BLOCKED *up++ = FORT_LOG_FLAG_BLOCKED | (blocked ? 0 : FORT_LOG_FLAG_BLOCKED_ALLOW) | path_len;
| (blocked ? 0 : FORT_LOG_FLAG_BLOCKED_ALLOW) *up++ = remote_ip;
| path_len; *up++ = remote_port | (ip_proto << 16);
*up++ = remote_ip; *up = pid;
*up++ = remote_port | (ip_proto << 16);
*up = pid;
} }
static void FORT_API void fort_log_blocked_write(char *p, BOOL blocked, UINT32 remote_ip, UINT16 remote_port,
fort_log_blocked_write (char *p, BOOL blocked, UINT32 remote_ip, UCHAR ip_proto, UINT32 pid, UINT32 path_len, const char *path)
UINT16 remote_port, UCHAR ip_proto,
UINT32 pid, UINT32 path_len, const char *path)
{ {
fort_log_blocked_header_write(p, blocked, remote_ip, remote_port, fort_log_blocked_header_write(p, blocked, remote_ip, remote_port, ip_proto, pid, path_len);
ip_proto, pid, path_len);
if (path_len) { if (path_len) {
RtlCopyMemory(p + FORT_LOG_BLOCKED_HEADER_SIZE, path, path_len); RtlCopyMemory(p + FORT_LOG_BLOCKED_HEADER_SIZE, path, path_len);
} }
} }
static void FORT_API void fort_log_blocked_header_read(const char *p, BOOL *blocked, UINT32 *remote_ip,
fort_log_blocked_header_read (const char *p, BOOL *blocked, UINT32 *remote_ip, UINT16 *remote_port, UCHAR *ip_proto, UINT32 *pid, UINT32 *path_len)
UINT16 *remote_port, UCHAR *ip_proto,
UINT32 *pid, UINT32 *path_len)
{ {
const UINT32 *up = (const UINT32 *) p; const UINT32 *up = (const UINT32 *) p;
*blocked = !(*up & FORT_LOG_FLAG_BLOCKED_ALLOW); *blocked = !(*up & FORT_LOG_FLAG_BLOCKED_ALLOW);
*path_len = (*up++ & ~FORT_LOG_FLAG_EX_MASK); *path_len = (*up++ & ~FORT_LOG_FLAG_EX_MASK);
*remote_ip = *up++; *remote_ip = *up++;
*remote_port = *((const UINT16 *) up); *remote_port = *((const UINT16 *) up);
*ip_proto = (UCHAR) (*up++ >> 16); *ip_proto = (UCHAR)(*up++ >> 16);
*pid = *up; *pid = *up;
} }
static void FORT_API void fort_log_proc_new_header_write(char *p, UINT32 pid, UINT32 path_len)
fort_log_proc_new_header_write (char *p, UINT32 pid,
UINT32 path_len)
{ {
UINT32 *up = (UINT32 *) p; UINT32 *up = (UINT32 *) p;
*up++ = FORT_LOG_FLAG_PROC_NEW | path_len; *up++ = FORT_LOG_FLAG_PROC_NEW | path_len;
*up = pid; *up = pid;
} }
static void FORT_API void fort_log_proc_new_write(char *p, UINT32 pid, UINT32 path_len, const char *path)
fort_log_proc_new_write (char *p, UINT32 pid,
UINT32 path_len, const char *path)
{ {
fort_log_proc_new_header_write(p, pid, path_len); fort_log_proc_new_header_write(p, pid, path_len);
if (path_len) { if (path_len) {
RtlCopyMemory(p + FORT_LOG_PROC_NEW_HEADER_SIZE, path, path_len); RtlCopyMemory(p + FORT_LOG_PROC_NEW_HEADER_SIZE, path, path_len);
} }
} }
static void FORT_API void fort_log_proc_new_header_read(const char *p, UINT32 *pid, UINT32 *path_len)
fort_log_proc_new_header_read (const char *p, UINT32 *pid,
UINT32 *path_len)
{ {
const UINT32 *up = (const UINT32 *) p; const UINT32 *up = (const UINT32 *) p;
*path_len = (*up++ & ~FORT_LOG_FLAG_EX_MASK); *path_len = (*up++ & ~FORT_LOG_FLAG_EX_MASK);
*pid = *up; *pid = *up;
} }
static void FORT_API void fort_log_stat_traf_header_write(char *p, INT64 unix_time, UINT16 proc_count)
fort_log_stat_traf_header_write (char *p, INT64 unix_time, UINT16 proc_count)
{ {
UINT32 *up = (UINT32 *) p; UINT32 *up = (UINT32 *) p;
*up++ = FORT_LOG_FLAG_STAT_TRAF | proc_count; *up++ = FORT_LOG_FLAG_STAT_TRAF | proc_count;
*((INT64 *) up) = unix_time; *((INT64 *) up) = unix_time;
} }
static void FORT_API void fort_log_stat_traf_header_read(const char *p, INT64 *unix_time, UINT16 *proc_count)
fort_log_stat_traf_header_read (const char *p, INT64 *unix_time, UINT16 *proc_count)
{ {
const UINT32 *up = (const UINT32 *) p; const UINT32 *up = (const UINT32 *) p;
*proc_count = (UINT16) *up++; *proc_count = (UINT16) *up++;
*unix_time = *((INT64 *) up); *unix_time = *((INT64 *) up);
} }

71
src/driver/common/fortlog.h Normal file
View File

@ -0,0 +1,71 @@
#ifndef FORTLOG_H
#define FORTLOG_H
#include "common.h"
#define FORT_BUFFER_SIZE (16 * 1024 - 64)
#define FORT_LOG_PATH_MAX 512
#define FORT_LOG_ALIGN 4
#define FORT_LOG_FLAG_BLOCKED 0x01000000
#define FORT_LOG_FLAG_PROC_NEW 0x02000000
#define FORT_LOG_FLAG_STAT_TRAF 0x04000000
#define FORT_LOG_FLAG_BLOCKED_ALLOW 0x10000000
#define FORT_LOG_FLAG_TYPE_MASK 0x0F000000
#define FORT_LOG_FLAG_OPT_MASK 0xF0000000
#define FORT_LOG_FLAG_EX_MASK 0xFF000000
#define FORT_LOG_BLOCKED_HEADER_SIZE (4 * sizeof(UINT32))
#define FORT_LOG_BLOCKED_SIZE(path_len) \
((FORT_LOG_BLOCKED_HEADER_SIZE + (path_len) + (FORT_LOG_ALIGN - 1)) & ~(FORT_LOG_ALIGN - 1))
#define FORT_LOG_BLOCKED_SIZE_MAX FORT_LOG_BLOCKED_SIZE(FORT_LOG_PATH_MAX)
#define FORT_LOG_PROC_NEW_HEADER_SIZE (2 * sizeof(UINT32))
#define FORT_LOG_PROC_NEW_SIZE(path_len) \
((FORT_LOG_PROC_NEW_HEADER_SIZE + (path_len) + (FORT_LOG_ALIGN - 1)) & ~(FORT_LOG_ALIGN - 1))
#define FORT_LOG_STAT_HEADER_SIZE (sizeof(UINT32) + sizeof(INT64))
#define FORT_LOG_STAT_TRAF_SIZE(proc_count) (proc_count * 3 * sizeof(UINT32))
#define FORT_LOG_STAT_SIZE(proc_count) \
(FORT_LOG_STAT_HEADER_SIZE + FORT_LOG_STAT_TRAF_SIZE(proc_count))
#define FORT_LOG_STAT_BUFFER_PROC_COUNT \
((FORT_BUFFER_SIZE - FORT_LOG_STAT_HEADER_SIZE) / FORT_LOG_STAT_TRAF_SIZE(1))
#define FORT_LOG_SIZE_MAX FORT_LOG_BLOCKED_SIZE_MAX
#define fort_log_type(p) (*((UINT32 *) (p)) & FORT_LOG_FLAG_TYPE_MASK)
#if defined(__cplusplus)
extern "C" {
#endif
FORT_API void fort_log_blocked_header_write(char *p, BOOL blocked, UINT32 remote_ip,
UINT16 remote_port, UCHAR ip_proto, UINT32 pid, UINT32 path_len);
FORT_API void fort_log_blocked_write(char *p, BOOL blocked, UINT32 remote_ip, UINT16 remote_port,
UCHAR ip_proto, UINT32 pid, UINT32 path_len, const char *path);
FORT_API void fort_log_blocked_header_read(const char *p, BOOL *blocked, UINT32 *remote_ip,
UINT16 *remote_port, UCHAR *ip_proto, UINT32 *pid, UINT32 *path_len);
FORT_API void fort_log_proc_new_header_write(char *p, UINT32 pid, UINT32 path_len);
FORT_API void fort_log_proc_new_write(char *p, UINT32 pid, UINT32 path_len, const char *path);
FORT_API void fort_log_proc_new_header_read(const char *p, UINT32 *pid, UINT32 *path_len);
FORT_API void fort_log_stat_traf_header_write(char *p, INT64 unix_time, UINT16 proc_count);
FORT_API void fort_log_stat_traf_header_read(const char *p, INT64 *unix_time, UINT16 *proc_count);
#ifdef __cplusplus
} // extern "C"
#endif
#endif // FORTLOG_H

639
src/driver/common/fortprov.c
View File

@ -1,338 +1,327 @@
/* Fort Firewall Driver Provider (Un)Registration */ /* Fort Firewall Driver Provider (Un)Registration */
#define fort_prov_open(engine) FwpmEngineOpen0(NULL, RPC_C_AUTHN_WINNT, NULL, NULL, (engine)) #include "fortdev.h"
#define fort_prov_close(engine) FwpmEngineClose0(engine) #include "fortprov.h"
#define fort_prov_trans_begin(engine) FwpmTransactionBegin0((engine), 0)
#define fort_prov_trans_commit(engine) FwpmTransactionCommit0(engine)
#define fort_prov_trans_abort(engine) FwpmTransactionAbort0(engine)
static void FORT_API void fort_prov_unregister(HANDLE transEngine)
fort_prov_unregister (HANDLE transEngine)
{ {
HANDLE engine = transEngine; HANDLE engine = transEngine;
if (!transEngine) { if (!transEngine) {
if (fort_prov_open(&engine)) if (fort_prov_open(&engine))
return; return;
fort_prov_trans_begin(engine); fort_prov_trans_begin(engine);
}
FwpmFilterDeleteByKey0(engine, (GUID *) &FORT_GUID_FILTER_CONNECT_V4);
FwpmFilterDeleteByKey0(engine, (GUID *) &FORT_GUID_FILTER_ACCEPT_V4);
FwpmFilterDeleteByKey0(engine, (GUID *) &FORT_GUID_FILTER_STREAM_V4);
FwpmFilterDeleteByKey0(engine, (GUID *) &FORT_GUID_FILTER_DATAGRAM_V4);
FwpmFilterDeleteByKey0(engine, (GUID *) &FORT_GUID_FILTER_IN_TRANSPORT_V4);
FwpmFilterDeleteByKey0(engine, (GUID *) &FORT_GUID_FILTER_OUT_TRANSPORT_V4);
FwpmFilterDeleteByKey0(engine, (GUID *) &FORT_GUID_FILTER_REAUTH_IN);
FwpmFilterDeleteByKey0(engine, (GUID *) &FORT_GUID_FILTER_REAUTH_OUT);
FwpmSubLayerDeleteByKey0(engine, (GUID *) &FORT_GUID_SUBLAYER);
FwpmCalloutDeleteByKey0(engine, (GUID *) &FORT_GUID_CALLOUT_CONNECT_V4);
FwpmCalloutDeleteByKey0(engine, (GUID *) &FORT_GUID_CALLOUT_ACCEPT_V4);
FwpmCalloutDeleteByKey0(engine, (GUID *) &FORT_GUID_CALLOUT_STREAM_V4);
FwpmCalloutDeleteByKey0(engine, (GUID *) &FORT_GUID_CALLOUT_DATAGRAM_V4);
FwpmCalloutDeleteByKey0(engine, (GUID *) &FORT_GUID_CALLOUT_IN_TRANSPORT_V4);
FwpmCalloutDeleteByKey0(engine, (GUID *) &FORT_GUID_CALLOUT_OUT_TRANSPORT_V4);
FwpmProviderDeleteByKey0(engine, (GUID *) &FORT_GUID_PROVIDER);
if (!transEngine) {
fort_prov_trans_commit(engine);
fort_prov_close(engine);
}
}
static void
fort_prov_flow_unregister (HANDLE transEngine)
{
HANDLE engine = transEngine;
if (!transEngine) {
if (fort_prov_open(&engine))
return;
fort_prov_trans_begin(engine);
}
FwpmFilterDeleteByKey0(engine, (GUID *) &FORT_GUID_FILTER_STREAM_V4);
FwpmFilterDeleteByKey0(engine, (GUID *) &FORT_GUID_FILTER_DATAGRAM_V4);
FwpmFilterDeleteByKey0(engine, (GUID *) &FORT_GUID_FILTER_IN_TRANSPORT_V4);
FwpmFilterDeleteByKey0(engine, (GUID *) &FORT_GUID_FILTER_OUT_TRANSPORT_V4);
if (!transEngine) {
fort_prov_trans_commit(engine);
fort_prov_close(engine);
}
}
static DWORD
fort_prov_register (HANDLE transEngine, BOOL is_boot)
{
FWPM_PROVIDER0 provider;
FWPM_CALLOUT0 ocallout4, icallout4;
FWPM_CALLOUT0 scallout4, dcallout4;
FWPM_CALLOUT0 itcallout4, otcallout4;
FWPM_SUBLAYER0 sublayer;
FWPM_FILTER0 ofilter4, ifilter4;
HANDLE engine = transEngine;
const UINT32 filter_flags = is_boot ? 0 : FWPM_FILTER_FLAG_PERMIT_IF_CALLOUT_UNREGISTERED;
DWORD status;
if (!transEngine) {
if ((status = fort_prov_open(&engine)))
goto end;
fort_prov_trans_begin(engine);
}
RtlZeroMemory(&provider, sizeof(FWPM_PROVIDER0));
provider.flags = is_boot ? FWPM_PROVIDER_FLAG_PERSISTENT : 0;
provider.providerKey = FORT_GUID_PROVIDER;
provider.displayData.name = (PWCHAR) L"FortProvider";
provider.displayData.description = (PWCHAR) L"Fort Firewall Provider";
provider.serviceName = (PWCHAR) L"fortfw";
RtlZeroMemory(&ocallout4, sizeof(FWPM_CALLOUT0));
ocallout4.calloutKey = FORT_GUID_CALLOUT_CONNECT_V4;
ocallout4.displayData.name = (PWCHAR) L"FortCalloutConnect4";
ocallout4.displayData.description = (PWCHAR) L"Fort Firewall Callout Connect V4";
ocallout4.providerKey = (GUID *) &FORT_GUID_PROVIDER;
ocallout4.applicableLayer = FWPM_LAYER_ALE_AUTH_CONNECT_V4;
RtlZeroMemory(&icallout4, sizeof(FWPM_CALLOUT0));
icallout4.calloutKey = FORT_GUID_CALLOUT_ACCEPT_V4;
icallout4.displayData.name = (PWCHAR) L"FortCalloutAccept4";
icallout4.displayData.description = (PWCHAR) L"Fort Firewall Callout Accept V4";
icallout4.providerKey = (GUID *) &FORT_GUID_PROVIDER;
icallout4.applicableLayer = FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4;
RtlZeroMemory(&scallout4, sizeof(FWPM_CALLOUT0));
scallout4.calloutKey = FORT_GUID_CALLOUT_STREAM_V4;
scallout4.displayData.name = (PWCHAR) L"FortCalloutStream4";
scallout4.displayData.description = (PWCHAR) L"Fort Firewall Callout Stream V4";
scallout4.providerKey = (GUID *) &FORT_GUID_PROVIDER;
scallout4.applicableLayer = FWPM_LAYER_STREAM_V4;
RtlZeroMemory(&dcallout4, sizeof(FWPM_CALLOUT0));
dcallout4.calloutKey = FORT_GUID_CALLOUT_DATAGRAM_V4;
dcallout4.displayData.name = (PWCHAR) L"FortCalloutDatagram4";
dcallout4.displayData.description = (PWCHAR) L"Fort Firewall Callout Datagram V4";
dcallout4.providerKey = (GUID *) &FORT_GUID_PROVIDER;
dcallout4.applicableLayer = FWPM_LAYER_DATAGRAM_DATA_V4;
RtlZeroMemory(&itcallout4, sizeof(FWPM_CALLOUT0));
itcallout4.calloutKey = FORT_GUID_CALLOUT_IN_TRANSPORT_V4;
itcallout4.displayData.name = (PWCHAR) L"FortCalloutInTransport4";
itcallout4.displayData.description = (PWCHAR) L"Fort Firewall Callout Inbound Transport V4";
itcallout4.providerKey = (GUID *) &FORT_GUID_PROVIDER;
itcallout4.applicableLayer = FWPM_LAYER_INBOUND_TRANSPORT_V4;
RtlZeroMemory(&otcallout4, sizeof(FWPM_CALLOUT0));
otcallout4.calloutKey = FORT_GUID_CALLOUT_OUT_TRANSPORT_V4;
otcallout4.displayData.name = (PWCHAR) L"FortCalloutOutTransport4";
otcallout4.displayData.description = (PWCHAR) L"Fort Firewall Callout Outbound Transport V4";
otcallout4.providerKey = (GUID *) &FORT_GUID_PROVIDER;
otcallout4.applicableLayer = FWPM_LAYER_OUTBOUND_TRANSPORT_V4;
RtlZeroMemory(&sublayer, sizeof(FWPM_SUBLAYER0));
sublayer.subLayerKey = FORT_GUID_SUBLAYER;
sublayer.displayData.name = (PWCHAR) L"FortSublayer";
sublayer.displayData.description = (PWCHAR) L"Fort Firewall Sublayer";
sublayer.providerKey = (GUID *) &FORT_GUID_PROVIDER;
RtlZeroMemory(&ofilter4, sizeof(FWPM_FILTER0));
ofilter4.flags = filter_flags;
ofilter4.filterKey = FORT_GUID_FILTER_CONNECT_V4;
ofilter4.layerKey = FWPM_LAYER_ALE_AUTH_CONNECT_V4;
ofilter4.subLayerKey = FORT_GUID_SUBLAYER;
ofilter4.displayData.name = (PWCHAR) L"FortFilterConnect4";
ofilter4.displayData.description = (PWCHAR) L"Fort Firewall Filter Connect V4";
ofilter4.action.type = FWP_ACTION_CALLOUT_UNKNOWN;
ofilter4.action.calloutKey = FORT_GUID_CALLOUT_CONNECT_V4;
RtlZeroMemory(&ifilter4, sizeof(FWPM_FILTER0));
ifilter4.flags = filter_flags;
ifilter4.filterKey = FORT_GUID_FILTER_ACCEPT_V4;
ifilter4.layerKey = FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4;
ifilter4.subLayerKey = FORT_GUID_SUBLAYER;
ifilter4.displayData.name = (PWCHAR) L"FortFilterAccept4";
ifilter4.displayData.description = (PWCHAR) L"Fort Firewall Filter Accept V4";
ifilter4.action.type = FWP_ACTION_CALLOUT_UNKNOWN;
ifilter4.action.calloutKey = FORT_GUID_CALLOUT_ACCEPT_V4;
if ((status = FwpmProviderAdd0(engine, &provider, NULL))
|| (status = FwpmCalloutAdd0(engine, &ocallout4, NULL, NULL))
|| (status = FwpmCalloutAdd0(engine, &icallout4, NULL, NULL))
|| (status = FwpmCalloutAdd0(engine, &scallout4, NULL, NULL))
|| (status = FwpmCalloutAdd0(engine, &dcallout4, NULL, NULL))
|| (status = FwpmCalloutAdd0(engine, &itcallout4, NULL, NULL))
|| (status = FwpmCalloutAdd0(engine, &otcallout4, NULL, NULL))
|| (status = FwpmSubLayerAdd0(engine, &sublayer, NULL))
|| (status = FwpmFilterAdd0(engine, &ofilter4, NULL, NULL))
|| (status = FwpmFilterAdd0(engine, &ifilter4, NULL, NULL))) {
fort_prov_trans_abort(engine);
}
if (!transEngine) {
if (NT_SUCCESS(status)) {
status = fort_prov_trans_commit(engine);
} }
fort_prov_close(engine); FwpmFilterDeleteByKey0(engine, (GUID *) &FORT_GUID_FILTER_CONNECT_V4);
} FwpmFilterDeleteByKey0(engine, (GUID *) &FORT_GUID_FILTER_ACCEPT_V4);
FwpmFilterDeleteByKey0(engine, (GUID *) &FORT_GUID_FILTER_STREAM_V4);
end: FwpmFilterDeleteByKey0(engine, (GUID *) &FORT_GUID_FILTER_DATAGRAM_V4);
return status; FwpmFilterDeleteByKey0(engine, (GUID *) &FORT_GUID_FILTER_IN_TRANSPORT_V4);
} FwpmFilterDeleteByKey0(engine, (GUID *) &FORT_GUID_FILTER_OUT_TRANSPORT_V4);
FwpmFilterDeleteByKey0(engine, (GUID *) &FORT_GUID_FILTER_REAUTH_IN);
static DWORD
fort_prov_flow_register (HANDLE transEngine, BOOL filter_transport)
{
FWPM_FILTER0 sfilter4, dfilter4;
FWPM_FILTER0 itfilter4, otfilter4;
HANDLE engine = transEngine;
const UINT32 filter_flags = FWPM_FILTER_FLAG_PERMIT_IF_CALLOUT_UNREGISTERED
| FWP_CALLOUT_FLAG_ALLOW_MID_STREAM_INSPECTION;
DWORD status;
if (!transEngine) {
if ((status = fort_prov_open(&engine)))
goto end;
fort_prov_trans_begin(engine);
}
RtlZeroMemory(&sfilter4, sizeof(FWPM_FILTER0));
sfilter4.flags = filter_flags;
sfilter4.filterKey = FORT_GUID_FILTER_STREAM_V4;
sfilter4.layerKey = FWPM_LAYER_STREAM_V4;
sfilter4.subLayerKey = FORT_GUID_SUBLAYER;
sfilter4.displayData.name = (PWCHAR) L"FortFilterStream4";
sfilter4.displayData.description = (PWCHAR) L"Fort Firewall Filter Stream V4";
sfilter4.action.type = FWP_ACTION_CALLOUT_TERMINATING;
sfilter4.action.calloutKey = FORT_GUID_CALLOUT_STREAM_V4;
RtlZeroMemory(&dfilter4, sizeof(FWPM_FILTER0));
dfilter4.flags = filter_flags;
dfilter4.filterKey = FORT_GUID_FILTER_DATAGRAM_V4;
dfilter4.layerKey = FWPM_LAYER_DATAGRAM_DATA_V4;
dfilter4.subLayerKey = FORT_GUID_SUBLAYER;
dfilter4.displayData.name = (PWCHAR) L"FortFilterDatagram4";
dfilter4.displayData.description = (PWCHAR) L"Fort Firewall Filter Datagram V4";
dfilter4.action.type = FWP_ACTION_CALLOUT_TERMINATING;
dfilter4.action.calloutKey = FORT_GUID_CALLOUT_DATAGRAM_V4;
RtlZeroMemory(&itfilter4, sizeof(FWPM_FILTER0));
itfilter4.flags = filter_flags;
itfilter4.filterKey = FORT_GUID_FILTER_IN_TRANSPORT_V4;
itfilter4.layerKey = FWPM_LAYER_INBOUND_TRANSPORT_V4;
itfilter4.subLayerKey = FORT_GUID_SUBLAYER;
itfilter4.displayData.name = (PWCHAR) L"FortFilterInTransport4";
itfilter4.displayData.description = (PWCHAR) L"Fort Firewall Filter Inbound Transport V4";
itfilter4.action.type = FWP_ACTION_CALLOUT_TERMINATING;
itfilter4.action.calloutKey = FORT_GUID_CALLOUT_IN_TRANSPORT_V4;
RtlZeroMemory(&otfilter4, sizeof(FWPM_FILTER0));
otfilter4.flags = filter_flags;
otfilter4.filterKey = FORT_GUID_FILTER_OUT_TRANSPORT_V4;
otfilter4.layerKey = FWPM_LAYER_OUTBOUND_TRANSPORT_V4;
otfilter4.subLayerKey = FORT_GUID_SUBLAYER;
otfilter4.displayData.name = (PWCHAR) L"FortFilterOutTransport4";
otfilter4.displayData.description = (PWCHAR) L"Fort Firewall Filter Outbound Transport V4";
otfilter4.action.type = FWP_ACTION_CALLOUT_TERMINATING;
otfilter4.action.calloutKey = FORT_GUID_CALLOUT_OUT_TRANSPORT_V4;
if ((status = FwpmFilterAdd0(engine, &sfilter4, NULL, NULL))
|| (status = FwpmFilterAdd0(engine, &dfilter4, NULL, NULL))
|| (filter_transport
&& ((status = FwpmFilterAdd0(engine, &itfilter4, NULL, NULL))
|| (status = FwpmFilterAdd0(engine, &otfilter4, NULL, NULL))))
) {
fort_prov_trans_abort(engine);
}
if (!transEngine) {
if (NT_SUCCESS(status)) {
status = fort_prov_trans_commit(engine);
}
fort_prov_close(engine);
}
end:
return status;
}
static BOOL
fort_prov_is_boot (void)
{
HANDLE engine;
BOOL is_boot = FALSE;
if (!fort_prov_open(&engine)) {
FWPM_PROVIDER0 *provider;
if (!FwpmProviderGetByKey0(engine, (GUID *) &FORT_GUID_PROVIDER, &provider)) {
is_boot = (provider->flags & FWPM_PROVIDER_FLAG_PERSISTENT);
FwpmFreeMemory0((void **) &provider);
}
fort_prov_close(engine);
}
return is_boot;
}
static DWORD
fort_prov_reauth (HANDLE transEngine)
{
HANDLE engine = transEngine;
DWORD status;
if (!transEngine) {
if ((status = fort_prov_open(&engine)))
goto end;
fort_prov_trans_begin(engine);
}
status = FwpmFilterDeleteByKey0(engine, (GUID *) &FORT_GUID_FILTER_REAUTH_IN);
if (NT_SUCCESS(status)) {
FwpmFilterDeleteByKey0(engine, (GUID *) &FORT_GUID_FILTER_REAUTH_OUT); FwpmFilterDeleteByKey0(engine, (GUID *) &FORT_GUID_FILTER_REAUTH_OUT);
} else { FwpmSubLayerDeleteByKey0(engine, (GUID *) &FORT_GUID_SUBLAYER);
FWPM_FILTER0 ifilter, ofilter; FwpmCalloutDeleteByKey0(engine, (GUID *) &FORT_GUID_CALLOUT_CONNECT_V4);
FwpmCalloutDeleteByKey0(engine, (GUID *) &FORT_GUID_CALLOUT_ACCEPT_V4);
FwpmCalloutDeleteByKey0(engine, (GUID *) &FORT_GUID_CALLOUT_STREAM_V4);
FwpmCalloutDeleteByKey0(engine, (GUID *) &FORT_GUID_CALLOUT_DATAGRAM_V4);
FwpmCalloutDeleteByKey0(engine, (GUID *) &FORT_GUID_CALLOUT_IN_TRANSPORT_V4);
FwpmCalloutDeleteByKey0(engine, (GUID *) &FORT_GUID_CALLOUT_OUT_TRANSPORT_V4);
FwpmProviderDeleteByKey0(engine, (GUID *) &FORT_GUID_PROVIDER);
RtlZeroMemory(&ifilter, sizeof(FWPM_FILTER0)); if (!transEngine) {
ifilter.filterKey = FORT_GUID_FILTER_REAUTH_IN; fort_prov_trans_commit(engine);
ifilter.layerKey = FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4; fort_prov_close(engine);
ifilter.subLayerKey = FORT_GUID_SUBLAYER;
ifilter.displayData.name = (PWCHAR) L"FortFilterReauthIn";
ifilter.displayData.description = (PWCHAR) L"Fort Firewall Filter Reauth Inbound";
ifilter.action.type = FWP_ACTION_CONTINUE;
RtlZeroMemory(&ofilter, sizeof(FWPM_FILTER0));
ofilter.filterKey = FORT_GUID_FILTER_REAUTH_OUT;
ofilter.layerKey = FWPM_LAYER_ALE_AUTH_CONNECT_V4;
ofilter.subLayerKey = FORT_GUID_SUBLAYER;
ofilter.displayData.name = (PWCHAR) L"FortFilterReauthOut";
ofilter.displayData.description = (PWCHAR) L"Fort Firewall Filter Reauth Outbound";
ofilter.action.type = FWP_ACTION_CONTINUE;
status = FwpmFilterAdd0(engine, &ifilter, NULL, NULL);
FwpmFilterAdd0(engine, &ofilter, NULL, NULL);
}
if (!transEngine) {
if (NT_SUCCESS(status)) {
status = fort_prov_trans_commit(engine);
} else {
fort_prov_trans_abort(engine);
} }
fort_prov_close(engine);
}
end:
return status;
} }
FORT_API void fort_prov_flow_unregister(HANDLE transEngine)
{
HANDLE engine = transEngine;
if (!transEngine) {
if (fort_prov_open(&engine))
return;
fort_prov_trans_begin(engine);
}
FwpmFilterDeleteByKey0(engine, (GUID *) &FORT_GUID_FILTER_STREAM_V4);
FwpmFilterDeleteByKey0(engine, (GUID *) &FORT_GUID_FILTER_DATAGRAM_V4);
FwpmFilterDeleteByKey0(engine, (GUID *) &FORT_GUID_FILTER_IN_TRANSPORT_V4);
FwpmFilterDeleteByKey0(engine, (GUID *) &FORT_GUID_FILTER_OUT_TRANSPORT_V4);
if (!transEngine) {
fort_prov_trans_commit(engine);
fort_prov_close(engine);
}
}
FORT_API DWORD fort_prov_register(HANDLE transEngine, BOOL is_boot)
{
FWPM_PROVIDER0 provider;
FWPM_CALLOUT0 ocallout4, icallout4;
FWPM_CALLOUT0 scallout4, dcallout4;
FWPM_CALLOUT0 itcallout4, otcallout4;
FWPM_SUBLAYER0 sublayer;
FWPM_FILTER0 ofilter4, ifilter4;
HANDLE engine = transEngine;
const UINT32 filter_flags = is_boot ? 0 : FWPM_FILTER_FLAG_PERMIT_IF_CALLOUT_UNREGISTERED;
DWORD status;
if (!transEngine) {
if ((status = fort_prov_open(&engine)))
goto end;
fort_prov_trans_begin(engine);
}
RtlZeroMemory(&provider, sizeof(FWPM_PROVIDER0));
provider.flags = is_boot ? FWPM_PROVIDER_FLAG_PERSISTENT : 0;
provider.providerKey = FORT_GUID_PROVIDER;
provider.displayData.name = (PWCHAR) L"FortProvider";
provider.displayData.description = (PWCHAR) L"Fort Firewall Provider";
provider.serviceName = (PWCHAR) L"fortfw";
RtlZeroMemory(&ocallout4, sizeof(FWPM_CALLOUT0));
ocallout4.calloutKey = FORT_GUID_CALLOUT_CONNECT_V4;
ocallout4.displayData.name = (PWCHAR) L"FortCalloutConnect4";
ocallout4.displayData.description = (PWCHAR) L"Fort Firewall Callout Connect V4";
ocallout4.providerKey = (GUID *) &FORT_GUID_PROVIDER;
ocallout4.applicableLayer = FWPM_LAYER_ALE_AUTH_CONNECT_V4;
RtlZeroMemory(&icallout4, sizeof(FWPM_CALLOUT0));
icallout4.calloutKey = FORT_GUID_CALLOUT_ACCEPT_V4;
icallout4.displayData.name = (PWCHAR) L"FortCalloutAccept4";
icallout4.displayData.description = (PWCHAR) L"Fort Firewall Callout Accept V4";
icallout4.providerKey = (GUID *) &FORT_GUID_PROVIDER;
icallout4.applicableLayer = FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4;
RtlZeroMemory(&scallout4, sizeof(FWPM_CALLOUT0));
scallout4.calloutKey = FORT_GUID_CALLOUT_STREAM_V4;
scallout4.displayData.name = (PWCHAR) L"FortCalloutStream4";
scallout4.displayData.description = (PWCHAR) L"Fort Firewall Callout Stream V4";
scallout4.providerKey = (GUID *) &FORT_GUID_PROVIDER;
scallout4.applicableLayer = FWPM_LAYER_STREAM_V4;
RtlZeroMemory(&dcallout4, sizeof(FWPM_CALLOUT0));
dcallout4.calloutKey = FORT_GUID_CALLOUT_DATAGRAM_V4;
dcallout4.displayData.name = (PWCHAR) L"FortCalloutDatagram4";
dcallout4.displayData.description = (PWCHAR) L"Fort Firewall Callout Datagram V4";
dcallout4.providerKey = (GUID *) &FORT_GUID_PROVIDER;
dcallout4.applicableLayer = FWPM_LAYER_DATAGRAM_DATA_V4;
RtlZeroMemory(&itcallout4, sizeof(FWPM_CALLOUT0));
itcallout4.calloutKey = FORT_GUID_CALLOUT_IN_TRANSPORT_V4;
itcallout4.displayData.name = (PWCHAR) L"FortCalloutInTransport4";
itcallout4.displayData.description = (PWCHAR) L"Fort Firewall Callout Inbound Transport V4";
itcallout4.providerKey = (GUID *) &FORT_GUID_PROVIDER;
itcallout4.applicableLayer = FWPM_LAYER_INBOUND_TRANSPORT_V4;
RtlZeroMemory(&otcallout4, sizeof(FWPM_CALLOUT0));
otcallout4.calloutKey = FORT_GUID_CALLOUT_OUT_TRANSPORT_V4;
otcallout4.displayData.name = (PWCHAR) L"FortCalloutOutTransport4";
otcallout4.displayData.description = (PWCHAR) L"Fort Firewall Callout Outbound Transport V4";
otcallout4.providerKey = (GUID *) &FORT_GUID_PROVIDER;
otcallout4.applicableLayer = FWPM_LAYER_OUTBOUND_TRANSPORT_V4;
RtlZeroMemory(&sublayer, sizeof(FWPM_SUBLAYER0));
sublayer.subLayerKey = FORT_GUID_SUBLAYER;
sublayer.displayData.name = (PWCHAR) L"FortSublayer";
sublayer.displayData.description = (PWCHAR) L"Fort Firewall Sublayer";
sublayer.providerKey = (GUID *) &FORT_GUID_PROVIDER;
RtlZeroMemory(&ofilter4, sizeof(FWPM_FILTER0));
ofilter4.flags = filter_flags;
ofilter4.filterKey = FORT_GUID_FILTER_CONNECT_V4;
ofilter4.layerKey = FWPM_LAYER_ALE_AUTH_CONNECT_V4;
ofilter4.subLayerKey = FORT_GUID_SUBLAYER;
ofilter4.displayData.name = (PWCHAR) L"FortFilterConnect4";
ofilter4.displayData.description = (PWCHAR) L"Fort Firewall Filter Connect V4";
ofilter4.action.type = FWP_ACTION_CALLOUT_UNKNOWN;
ofilter4.action.calloutKey = FORT_GUID_CALLOUT_CONNECT_V4;
RtlZeroMemory(&ifilter4, sizeof(FWPM_FILTER0));
ifilter4.flags = filter_flags;
ifilter4.filterKey = FORT_GUID_FILTER_ACCEPT_V4;
ifilter4.layerKey = FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4;
ifilter4.subLayerKey = FORT_GUID_SUBLAYER;
ifilter4.displayData.name = (PWCHAR) L"FortFilterAccept4";
ifilter4.displayData.description = (PWCHAR) L"Fort Firewall Filter Accept V4";
ifilter4.action.type = FWP_ACTION_CALLOUT_UNKNOWN;
ifilter4.action.calloutKey = FORT_GUID_CALLOUT_ACCEPT_V4;
if ((status = FwpmProviderAdd0(engine, &provider, NULL))
|| (status = FwpmCalloutAdd0(engine, &ocallout4, NULL, NULL))
|| (status = FwpmCalloutAdd0(engine, &icallout4, NULL, NULL))
|| (status = FwpmCalloutAdd0(engine, &scallout4, NULL, NULL))
|| (status = FwpmCalloutAdd0(engine, &dcallout4, NULL, NULL))
|| (status = FwpmCalloutAdd0(engine, &itcallout4, NULL, NULL))
|| (status = FwpmCalloutAdd0(engine, &otcallout4, NULL, NULL))
|| (status = FwpmSubLayerAdd0(engine, &sublayer, NULL))
|| (status = FwpmFilterAdd0(engine, &ofilter4, NULL, NULL))
|| (status = FwpmFilterAdd0(engine, &ifilter4, NULL, NULL))) {
fort_prov_trans_abort(engine);
}
if (!transEngine) {
if (NT_SUCCESS(status)) {
status = fort_prov_trans_commit(engine);
}
fort_prov_close(engine);
}
end:
return status;
}
FORT_API DWORD fort_prov_flow_register(HANDLE transEngine, BOOL filter_transport)
{
FWPM_FILTER0 sfilter4, dfilter4;
FWPM_FILTER0 itfilter4, otfilter4;
HANDLE engine = transEngine;
const UINT32 filter_flags = FWPM_FILTER_FLAG_PERMIT_IF_CALLOUT_UNREGISTERED
| FWP_CALLOUT_FLAG_ALLOW_MID_STREAM_INSPECTION;
DWORD status;
if (!transEngine) {
if ((status = fort_prov_open(&engine)))
goto end;
fort_prov_trans_begin(engine);
}
RtlZeroMemory(&sfilter4, sizeof(FWPM_FILTER0));
sfilter4.flags = filter_flags;
sfilter4.filterKey = FORT_GUID_FILTER_STREAM_V4;
sfilter4.layerKey = FWPM_LAYER_STREAM_V4;
sfilter4.subLayerKey = FORT_GUID_SUBLAYER;
sfilter4.displayData.name = (PWCHAR) L"FortFilterStream4";
sfilter4.displayData.description = (PWCHAR) L"Fort Firewall Filter Stream V4";
sfilter4.action.type = FWP_ACTION_CALLOUT_TERMINATING;
sfilter4.action.calloutKey = FORT_GUID_CALLOUT_STREAM_V4;
RtlZeroMemory(&dfilter4, sizeof(FWPM_FILTER0));
dfilter4.flags = filter_flags;
dfilter4.filterKey = FORT_GUID_FILTER_DATAGRAM_V4;
dfilter4.layerKey = FWPM_LAYER_DATAGRAM_DATA_V4;
dfilter4.subLayerKey = FORT_GUID_SUBLAYER;
dfilter4.displayData.name = (PWCHAR) L"FortFilterDatagram4";
dfilter4.displayData.description = (PWCHAR) L"Fort Firewall Filter Datagram V4";
dfilter4.action.type = FWP_ACTION_CALLOUT_TERMINATING;
dfilter4.action.calloutKey = FORT_GUID_CALLOUT_DATAGRAM_V4;
RtlZeroMemory(&itfilter4, sizeof(FWPM_FILTER0));
itfilter4.flags = filter_flags;
itfilter4.filterKey = FORT_GUID_FILTER_IN_TRANSPORT_V4;
itfilter4.layerKey = FWPM_LAYER_INBOUND_TRANSPORT_V4;
itfilter4.subLayerKey = FORT_GUID_SUBLAYER;
itfilter4.displayData.name = (PWCHAR) L"FortFilterInTransport4";
itfilter4.displayData.description = (PWCHAR) L"Fort Firewall Filter Inbound Transport V4";
itfilter4.action.type = FWP_ACTION_CALLOUT_TERMINATING;
itfilter4.action.calloutKey = FORT_GUID_CALLOUT_IN_TRANSPORT_V4;
RtlZeroMemory(&otfilter4, sizeof(FWPM_FILTER0));
otfilter4.flags = filter_flags;
otfilter4.filterKey = FORT_GUID_FILTER_OUT_TRANSPORT_V4;
otfilter4.layerKey = FWPM_LAYER_OUTBOUND_TRANSPORT_V4;
otfilter4.subLayerKey = FORT_GUID_SUBLAYER;
otfilter4.displayData.name = (PWCHAR) L"FortFilterOutTransport4";
otfilter4.displayData.description = (PWCHAR) L"Fort Firewall Filter Outbound Transport V4";
otfilter4.action.type = FWP_ACTION_CALLOUT_TERMINATING;
otfilter4.action.calloutKey = FORT_GUID_CALLOUT_OUT_TRANSPORT_V4;
if ((status = FwpmFilterAdd0(engine, &sfilter4, NULL, NULL))
|| (status = FwpmFilterAdd0(engine, &dfilter4, NULL, NULL))
|| (filter_transport
&& ((status = FwpmFilterAdd0(engine, &itfilter4, NULL, NULL))
|| (status = FwpmFilterAdd0(engine, &otfilter4, NULL, NULL))))) {
fort_prov_trans_abort(engine);
}
if (!transEngine) {
if (NT_SUCCESS(status)) {
status = fort_prov_trans_commit(engine);
}
fort_prov_close(engine);
}
end:
return status;
}
FORT_API BOOL fort_prov_is_boot(void)
{
HANDLE engine;
BOOL is_boot = FALSE;
if (!fort_prov_open(&engine)) {
FWPM_PROVIDER0 *provider;
if (!FwpmProviderGetByKey0(engine, (GUID *) &FORT_GUID_PROVIDER, &provider)) {
is_boot = (provider->flags & FWPM_PROVIDER_FLAG_PERSISTENT);
FwpmFreeMemory0((void **) &provider);
}
fort_prov_close(engine);
}
return is_boot;
}
FORT_API DWORD fort_prov_reauth(HANDLE transEngine)
{
HANDLE engine = transEngine;
DWORD status;
if (!transEngine) {
if ((status = fort_prov_open(&engine)))
goto end;
fort_prov_trans_begin(engine);
}
status = FwpmFilterDeleteByKey0(engine, (GUID *) &FORT_GUID_FILTER_REAUTH_IN);
if (NT_SUCCESS(status)) {
FwpmFilterDeleteByKey0(engine, (GUID *) &FORT_GUID_FILTER_REAUTH_OUT);
} else {
FWPM_FILTER0 ifilter, ofilter;
RtlZeroMemory(&ifilter, sizeof(FWPM_FILTER0));
ifilter.filterKey = FORT_GUID_FILTER_REAUTH_IN;
ifilter.layerKey = FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4;
ifilter.subLayerKey = FORT_GUID_SUBLAYER;
ifilter.displayData.name = (PWCHAR) L"FortFilterReauthIn";
ifilter.displayData.description = (PWCHAR) L"Fort Firewall Filter Reauth Inbound";
ifilter.action.type = FWP_ACTION_CONTINUE;
RtlZeroMemory(&ofilter, sizeof(FWPM_FILTER0));
ofilter.filterKey = FORT_GUID_FILTER_REAUTH_OUT;
ofilter.layerKey = FWPM_LAYER_ALE_AUTH_CONNECT_V4;
ofilter.subLayerKey = FORT_GUID_SUBLAYER;
ofilter.displayData.name = (PWCHAR) L"FortFilterReauthOut";
ofilter.displayData.description = (PWCHAR) L"Fort Firewall Filter Reauth Outbound";
ofilter.action.type = FWP_ACTION_CONTINUE;
status = FwpmFilterAdd0(engine, &ifilter, NULL, NULL);
FwpmFilterAdd0(engine, &ofilter, NULL, NULL);
}
if (!transEngine) {
if (NT_SUCCESS(status)) {
status = fort_prov_trans_commit(engine);
} else {
fort_prov_trans_abort(engine);
}
fort_prov_close(engine);
}
end:
return status;
}

34
src/driver/common/fortprov.h Normal file
View File

@ -0,0 +1,34 @@
#ifndef FORTPROV_H
#define FORTPROV_H
#include "common.h"
#include <fwpmu.h>
#define fort_prov_open(engine) FwpmEngineOpen0(NULL, RPC_C_AUTHN_WINNT, NULL, NULL, (engine))
#define fort_prov_close(engine) FwpmEngineClose0(engine)
#define fort_prov_trans_begin(engine) FwpmTransactionBegin0((engine), 0)
#define fort_prov_trans_commit(engine) FwpmTransactionCommit0(engine)
#define fort_prov_trans_abort(engine) FwpmTransactionAbort0(engine)
#if defined(__cplusplus)
extern "C" {
#endif
FORT_API void fort_prov_unregister(HANDLE transEngine);
FORT_API void fort_prov_flow_unregister(HANDLE transEngine);
FORT_API DWORD fort_prov_register(HANDLE transEngine, BOOL is_boot);
FORT_API DWORD fort_prov_flow_register(HANDLE transEngine, BOOL filter_transport);
FORT_API BOOL fort_prov_is_boot(void);
FORT_API DWORD fort_prov_reauth(HANDLE transEngine);
#ifdef __cplusplus
} // extern "C"
#endif
#endif // FORTPROV_H

71
src/driver/common/wildmatch.c
View File

@ -12,42 +12,35 @@
** and to ignore the '/'. ** and to ignore the '/'.
*/ */
#define WM_NOMATCH 1 #include "wildmatch.h"
#define WM_MATCH 0
#define WM_ABORT_ALL -1
#define WM_ABORT_TO_STARSTAR -2
typedef unsigned char uchar; typedef unsigned char uchar;
typedef WCHAR wm_char;
#define ISASCII(c) ((c) < 128) #define ISASCII(c) ((c) < 128)
#define WM_STRCHR(str,c) ((const WCHAR *) wcschr((const WCHAR *) (str),(c))) #define WM_STRCHR(str, c) ((const WCHAR *) wcschr((const WCHAR *) (str), (c)))
#define DIR_SEP '\\' #define DIR_SEP '\\'
/* What character marks an inverted character class? */ /* What character marks an inverted character class? */
#define NEGATE_CLASS '!' #define NEGATE_CLASS '!'
#define NEGATE_CLASS2 '^' #define NEGATE_CLASS2 '^'
#define GIT_SPACE 0x01
#define GIT_SPACE 0x01 #define GIT_DIGIT 0x02
#define GIT_DIGIT 0x02 #define GIT_ALPHA 0x04
#define GIT_ALPHA 0x04 #define GIT_GLOB_SPECIAL 0x08
#define GIT_GLOB_SPECIAL 0x08 #define GIT_REGEX_SPECIAL 0x10
#define GIT_REGEX_SPECIAL 0x10
#define GIT_PATHSPEC_MAGIC 0x20 #define GIT_PATHSPEC_MAGIC 0x20
#define GIT_CNTRL 0x40 #define GIT_CNTRL 0x40
#define GIT_PUNCT 0x80 #define GIT_PUNCT 0x80
enum { enum {
S = GIT_SPACE, S = GIT_SPACE,
A = GIT_ALPHA, A = GIT_ALPHA,
D = GIT_DIGIT, D = GIT_DIGIT,
G = GIT_GLOB_SPECIAL, /* *, ?, [ */ G = GIT_GLOB_SPECIAL, /* *, ?, [ */
R = GIT_REGEX_SPECIAL, /* $, (, ), +, ., ^, {, | */ R = GIT_REGEX_SPECIAL, /* $, (, ), +, ., ^, {, | */
P = GIT_PATHSPEC_MAGIC, /* other non-alnum, except for ] and } */ P = GIT_PATHSPEC_MAGIC, /* other non-alnum, except for ] and } */
X = GIT_CNTRL, X = GIT_CNTRL,
U = GIT_PUNCT, U = GIT_PUNCT,
@ -55,28 +48,27 @@ enum {
}; };
const uchar sane_ctype[256] = { const uchar sane_ctype[256] = {
X, X, X, X, X, X, X, X, X, Z, Z, X, X, Z, X, X, /* 0.. 15 */ X, X, X, X, X, X, X, X, X, Z, Z, X, X, Z, X, X, /* 0.. 15 */
X, X, X, X, X, X, X, X, X, X, X, X, X, X, X, X, /* 16.. 31 */ X, X, X, X, X, X, X, X, X, X, X, X, X, X, X, X, /* 16.. 31 */
S, P, P, P, R, P, P, P, R, R, G, R, P, P, R, P, /* 32.. 47 */ S, P, P, P, R, P, P, P, R, R, G, R, P, P, R, P, /* 32.. 47 */
D, D, D, D, D, D, D, D, D, D, P, P, P, P, P, G, /* 48.. 63 */ D, D, D, D, D, D, D, D, D, D, P, P, P, P, P, G, /* 48.. 63 */
P, A, A, A, A, A, A, A, A, A, A, A, A, A, A, A, /* 64.. 79 */ P, A, A, A, A, A, A, A, A, A, A, A, A, A, A, A, /* 64.. 79 */
A, A, A, A, A, A, A, A, A, A, A, G, P, U, R, P, /* 80.. 95 */ A, A, A, A, A, A, A, A, A, A, A, G, P, U, R, P, /* 80.. 95 */
P, A, A, A, A, A, A, A, A, A, A, A, A, A, A, A, /* 96..111 */ P, A, A, A, A, A, A, A, A, A, A, A, A, A, A, A, /* 96..111 */
A, A, A, A, A, A, A, A, A, A, A, R, R, U, P, X, /* 112..127 */ A, A, A, A, A, A, A, A, A, A, A, R, R, U, P, X, /* 112..127 */
/* Nothing in the 128.. range */ /* Nothing in the 128.. range */
}; };
#define sane_istest(x,mask) ((sane_ctype[(uchar)(x)] & (mask)) != 0) #define sane_istest(x, mask) ((sane_ctype[(uchar)(x)] & (mask)) != 0)
#define is_glob_special(x) (ISASCII(x) && sane_istest(x,GIT_GLOB_SPECIAL)) #define is_glob_special(x) (ISASCII(x) && sane_istest(x, GIT_GLOB_SPECIAL))
/* Match the "pattern" against the "text" string. */ /* Match the "pattern" against the "text" string. */
static int wildmatch(const wm_char *pattern, const wm_char *text) FORT_API int wildmatch(const wm_char *pattern, const wm_char *text)
{ {
const wm_char *p = pattern; const wm_char *p = pattern;
wm_char p_ch; wm_char p_ch;
for ( ; (p_ch = *p) != '\0'; text++, p++) { for (; (p_ch = *p) != '\0'; text++, p++) {
int matched, match_slash, negated; int matched, match_slash, negated;
wm_char t_ch, prev_ch; wm_char t_ch, prev_ch;
@ -96,9 +88,8 @@ static int wildmatch(const wm_char *pattern, const wm_char *text)
case '*': case '*':
if (*++p == '*') { if (*++p == '*') {
const wm_char *prev_p = p - 2; const wm_char *prev_p = p - 2;
while (*++p == '*') {} while (*++p == '*') { }
if ((prev_p < pattern || *prev_p == DIR_SEP) if ((prev_p < pattern || *prev_p == DIR_SEP) && (*p == '\0' || *p == DIR_SEP)) {
&& (*p == '\0' || *p == DIR_SEP)) {
/* /*
* Assuming we already match 'foo/' and are at * Assuming we already match 'foo/' and are at
* <star star slash>, just assume it matches * <star star slash>, just assume it matches
@ -108,8 +99,7 @@ static int wildmatch(const wm_char *pattern, const wm_char *text)
* otherwise it breaks C comment syntax) match * otherwise it breaks C comment syntax) match
* both foo/bar and foo/a/bar. * both foo/bar and foo/a/bar.
*/ */
if (p[0] == DIR_SEP if (p[0] == DIR_SEP && wildmatch(p + 1, text) == WM_MATCH)
&& wildmatch(p + 1, text) == WM_MATCH)
return WM_MATCH; return WM_MATCH;
match_slash = 1; match_slash = 1;
} else { } else {
@ -151,8 +141,7 @@ static int wildmatch(const wm_char *pattern, const wm_char *text)
*/ */
if (!is_glob_special(*p)) { if (!is_glob_special(*p)) {
p_ch = *p; p_ch = *p;
while ((t_ch = *text) != '\0' while ((t_ch = *text) != '\0' && (match_slash || t_ch != DIR_SEP)) {
&& (match_slash || t_ch != DIR_SEP)) {
if (t_ch == p_ch) if (t_ch == p_ch)
break; break;
text++; text++;

23
src/driver/common/wildmatch.h Normal file
View File

@ -0,0 +1,23 @@
#ifndef WILDMATCH_H
#define WILDMATCH_H
#include "common.h"
#define WM_NOMATCH 1
#define WM_MATCH 0
#define WM_ABORT_ALL -1
#define WM_ABORT_TO_STARSTAR -2
typedef WCHAR wm_char;
#if defined(__cplusplus)
extern "C" {
#endif
FORT_API int wildmatch(const wm_char *pattern, const wm_char *text);
#ifdef __cplusplus
} // extern "C"
#endif
#endif // WILDMATCH_H

4
src/driver/fortdrv.h
View File

@ -16,6 +16,4 @@
#define fort_request_complete(irp, status) \ #define fort_request_complete(irp, status) \
fort_request_complete_info((irp), (status), 0) fort_request_complete_info((irp), (status), 0)
#define UNUSED(p) ((void) (p)) #endif // FORTDRV_H
#endif FORTDRV_H

3
src/tests/Common/Common.pri
View File

@ -12,8 +12,5 @@ UI_PWD = $$PWD/../../ui
# Driver integration # Driver integration
include($$UI_PWD/../driver/Driver.pri) include($$UI_PWD/../driver/Driver.pri)
# Windows
LIBS += -lfwpuclnt -lkernel32 -luser32 -luuid -lws2_32
INCLUDEPATH += $$PWD INCLUDEPATH += $$PWD
INCLUDEPATH += $$UI_PWD INCLUDEPATH += $$UI_PWD

1
src/ui/FortFirewallUI.pro
View File

@ -263,7 +263,6 @@ RESOURCES += conf/conf-zone.qrc
} }
# Windows # Windows
LIBS += -lfwpuclnt -lkernel32 -luser32 -luuid -lversion -lws2_32
RC_FILE = FortFirewall.rc RC_FILE = FortFirewall.rc
OTHER_FILES += $${RC_FILE} OTHER_FILES += $${RC_FILE}

13
src/ui/fortcommon.cpp
View File

@ -1,18 +1,9 @@
#include "fortcommon.h" #include "fortcommon.h"
#define _WIN32_WINNT 0x0601
#define WIN32_LEAN_AND_MEAN
#include <qt_windows.h>
#include <winioctl.h>
#include <fwpmu.h>
#include <common/common.h>
#include <common/fortconf.h> #include <common/fortconf.h>
#include <common/fortdev.h> #include <common/fortdev.h>
#include <common/fortlog.h>
#include <common/fortconf.c> #include <common/fortprov.h>
#include <common/fortlog.c>
#include <common/fortprov.c>
FortCommon::FortCommon(QObject *parent) : QObject(parent) { } FortCommon::FortCommon(QObject *parent) : QObject(parent) { }

6
src/ui/util/conf/confutil.cpp
View File

@ -2,12 +2,6 @@
#include <QRegularExpression> #include <QRegularExpression>
#define BOOL quint8
#define UCHAR quint8
#define UINT16 quint16
#define UINT32 quint32
#define UINT64 quint64
#include <common/fortconf.h> #include <common/fortconf.h>
#include "../../conf/addressgroup.h" #include "../../conf/addressgroup.h"