mirrors/fort
1
0
Fork 0
mirror of https://github.com/tnodir/fort synced 2024-11-14 16:33:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

Driver: Refactor loopback address handling

Browse Source
This commit is contained in:
Nodir Temirkhodjaev 2024-11-08 14:46:39 +05:00
parent 54a69f2f56
commit 749d3024b6
6 changed files with 20 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/driver/fortcnf.c
View File

@ -48,7 +48,7 @@ FORT_API UINT16 fort_device_flag_set(PFORT_DEVICE_CONF device_conf, UINT16 flag,
: InterlockedAnd16(&device_conf->flags, ~flag);
}
FORT_API UINT16 fort_device_flags(PFORT_DEVICE_CONF device_conf)
static UINT16 fort_device_flags(PFORT_DEVICE_CONF device_conf)
{
return fort_device_flag_set(device_conf, 0, TRUE);
}
@ -340,9 +340,6 @@ static void fort_device_flags_conf_set(PFORT_DEVICE_CONF device_conf, FORT_CONF_
{
fort_device_flag_set(device_conf, FORT_DEVICE_BOOT_FILTER, conf_flags.boot_filter);
fort_device_flag_set(device_conf, FORT_DEVICE_BOOT_FILTER_LOCALS, conf_flags.filter_locals);
fort_device_flag_set(device_conf, FORT_DEVICE_BLOCK_TRAFFIC, conf_flags.block_traffic);
fort_device_flag_set(device_conf, FORT_DEVICE_BLOCK_LAN_TRAFFIC, conf_flags.block_lan_traffic);
}
FORT_API FORT_CONF_FLAGS fort_conf_ref_set(PFORT_DEVICE_CONF device_conf, PFORT_CONF_REF conf_ref)
@ -354,7 +351,7 @@ FORT_API FORT_CONF_FLAGS fort_conf_ref_set(PFORT_DEVICE_CONF device_conf, PFORT_
if (old_conf_ref != NULL) {
old_conf_flags = old_conf_ref->conf.flags;
} else {
const UINT16 flags = fort_device_flag(device_conf, FORT_DEVICE_BOOT_MASK);
const UINT16 flags = fort_device_flags(device_conf);
RtlZeroMemory(&old_conf_flags, sizeof(FORT_CONF_FLAGS));
old_conf_flags.boot_filter = (flags & FORT_DEVICE_BOOT_FILTER) != 0;
@ -392,7 +389,7 @@ FORT_API FORT_CONF_FLAGS fort_conf_ref_set(PFORT_DEVICE_CONF device_conf, PFORT_
}
FORT_API FORT_CONF_FLAGS fort_conf_ref_flags_set(
PFORT_DEVICE_CONF device_conf, const FORT_CONF_FLAGS conf_flags)
PFORT_DEVICE_CONF device_conf, FORT_CONF_FLAGS conf_flags)
{
FORT_CONF_FLAGS old_conf_flags;
@ -408,17 +405,17 @@ FORT_API FORT_CONF_FLAGS fort_conf_ref_flags_set(
conf->flags = conf_flags;
fort_device_flags_conf_set(device_conf, conf_flags);
device_conf->conf_flags = conf_flags;
} else {
const UINT16 flags = fort_device_flag(device_conf, FORT_DEVICE_BOOT_MASK);
const UINT16 flags = fort_device_flags(device_conf);
RtlZeroMemory(&old_conf_flags, sizeof(FORT_CONF_FLAGS));
old_conf_flags.boot_filter = (flags & FORT_DEVICE_BOOT_FILTER) != 0;
old_conf_flags.filter_locals = (flags & FORT_DEVICE_BOOT_FILTER_LOCALS) != 0;
device_conf->conf_flags = old_conf_flags;
conf_flags = old_conf_flags;
}
device_conf->conf_flags = conf_flags;
}
KeReleaseInStackQueuedSpinLock(&lock_queue);

4
src/driver/fortcnf.h
View File

@ -29,8 +29,6 @@ typedef struct fort_conf_ref
#define FORT_DEVICE_BOOT_FILTER 0x01
#define FORT_DEVICE_BOOT_FILTER_LOCALS 0x02
#define FORT_DEVICE_BOOT_MASK (FORT_DEVICE_BOOT_FILTER | FORT_DEVICE_BOOT_FILTER_LOCALS)
#define FORT_DEVICE_BLOCK_TRAFFIC 0x04
#define FORT_DEVICE_BLOCK_LAN_TRAFFIC 0x08
#define FORT_DEVICE_IS_OPENED 0x10
#define FORT_DEVICE_IS_VALIDATED 0x20
#define FORT_DEVICE_POWER_OFF 0x40
@ -57,8 +55,6 @@ FORT_API void fort_device_conf_open(PFORT_DEVICE_CONF device_conf);
FORT_API UINT16 fort_device_flag_set(PFORT_DEVICE_CONF device_conf, UINT16 flag, BOOL on);
FORT_API UINT16 fort_device_flags(PFORT_DEVICE_CONF device_conf);
FORT_API UINT16 fort_device_flag(PFORT_DEVICE_CONF device_conf, UINT16 flag);
FORT_API FORT_APP_DATA fort_conf_exe_find(

18
src/driver/fortcout.c
View File

@ -299,7 +299,7 @@ inline static BOOL fort_callout_ale_check_filter_flags(PCFORT_CALLOUT_ARG ca,
cx->remote_ip, ca->isIPv6);
if (cx->is_local_net) {
if (conf_flags.block_lan_traffic) {
if (conf_flags.block_lan_traffic && !cx->is_loopback) {
return TRUE; /* block LAN */
}
@ -439,19 +439,21 @@ inline static void fort_callout_ale_by_conf(
}
inline static BOOL fort_callout_ale_is_local_address(PFORT_CALLOUT_ARG ca,
PCFORT_CALLOUT_ALE_EXTRA cx, PFORT_DEVICE_CONF device_conf, const UINT32 classify_flags)
PFORT_CALLOUT_ALE_EXTRA cx, PFORT_DEVICE_CONF device_conf, const UINT32 classify_flags)
{
const UINT16 device_flags = fort_device_flags(device_conf);
const FORT_CONF_FLAGS conf_flags = device_conf->conf_flags;
if ((device_flags & FORT_DEVICE_BOOT_FILTER_LOCALS) != 0)
cx->is_loopback = (classify_flags & FWP_CONDITION_FLAG_IS_LOOPBACK) != 0;
if (conf_flags.filter_locals)
return FALSE;
if ((classify_flags & FWP_CONDITION_FLAG_IS_LOOPBACK) == 0
|| (device_flags & FORT_DEVICE_BLOCK_TRAFFIC) != 0)
/* Loopback */
if (!cx->is_loopback || conf_flags.block_traffic)
return FALSE;
if (!fort_addr_is_local_broadcast(cx->remote_ip, ca->isIPv6)
|| (device_flags & FORT_DEVICE_BLOCK_LAN_TRAFFIC) != 0)
/* Multicast */
if (!fort_addr_is_local_multicast(cx->remote_ip, ca->isIPv6) || conf_flags.block_lan_traffic)
return FALSE;
return TRUE;

1
src/driver/fortcoutarg.h
View File

@ -44,6 +44,7 @@ typedef const FORT_CALLOUT_ARG *PCFORT_CALLOUT_ARG;
typedef struct fort_callout_ale_extra
{
UCHAR is_reauth : 1;
UCHAR is_loopback : 1;
UCHAR is_local_net : 1;
UCHAR app_data_found : 1;
UCHAR inherited : 1;

2
src/driver/fortutl.c
View File

@ -444,7 +444,7 @@ FORT_API void fort_ascii_downcase(PUNICODE_STRING dst, PCUNICODE_STRING src)
}
}
FORT_API BOOL fort_addr_is_local_broadcast(const UINT32 *ip, BOOL isIPv6)
FORT_API BOOL fort_addr_is_local_multicast(const UINT32 *ip, BOOL isIPv6)
{
if (isIPv6) {
const ip6_addr_t *ip6 = (const ip6_addr_t *) ip;

2
src/driver/fortutl.h
View File

@ -30,7 +30,7 @@ FORT_API DWORD fort_le_u32_read(const char *cp, int offset);
FORT_API void fort_ascii_downcase(PUNICODE_STRING dst, PCUNICODE_STRING src);
FORT_API BOOL fort_addr_is_local_broadcast(const UINT32 *ip, BOOL isIPv6);
FORT_API BOOL fort_addr_is_local_multicast(const UINT32 *ip, BOOL isIPv6);
FORT_API UINT32 fort_bits_duplicate16(UINT16 num);