mirrors/fort
1
0
Fork 0
mirror of https://github.com/tnodir/fort synced 2024-11-15 07:38:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Driver: fortcout: Simplify fort_callout_classify_check_conf()

Browse Source
This commit is contained in:
Nodir Temirkhodjaev 2023-01-14 11:34:33 +03:00
parent 3e5d0cd2e3
commit b78c6b2450
1 changed files with 64 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

115
src/driver/fortcout.c
View File

@ -93,76 +93,94 @@ inline static void fort_callout_classify_blocked_log_path(FORT_CONF_FLAGS conf_f
} }
} }
static BOOL fort_callout_classify_blocked_log(const FWPS_INCOMING_VALUES0 *inFixedValues, static void fort_callout_classify_blocked_log_ip(const FWPS_INCOMING_VALUES0 *inFixedValues,
FWPS_CLASSIFY_OUT0 *classifyOut, int localIpField, int remoteIpField, int localPortField,
int remotePortField, int ipProtoField, BOOL isIPv6, BOOL inbound, BOOL inherited,
const UINT32 *remote_ip, FORT_CONF_FLAGS conf_flags, UINT32 process_id,
PCUNICODE_STRING real_path, INT8 block_reason, PIRP *irp, ULONG_PTR *info)
{
if (block_reason != FORT_BLOCK_REASON_UNKNOWN && conf_flags.log_blocked_ip) {
const UINT32 *local_ip = isIPv6
? (const UINT32 *) inFixedValues->incomingValue[localIpField].value.byteArray16
: &inFixedValues->incomingValue[localIpField].value.uint32;
const UINT16 local_port = inFixedValues->incomingValue[localPortField].value.uint16;
const UINT16 remote_port = inFixedValues->incomingValue[remotePortField].value.uint16;
const IPPROTO ip_proto = (IPPROTO) inFixedValues->incomingValue[ipProtoField].value.uint8;
fort_buffer_blocked_ip_write(&fort_device()->buffer, isIPv6, inbound, inherited,
block_reason, ip_proto, local_port, remote_port, local_ip, remote_ip, process_id,
real_path->Length, real_path->Buffer, irp, info);
}
}
static void fort_callout_classify_blocked_log(const FWPS_INCOMING_VALUES0 *inFixedValues,
const FWPS_INCOMING_METADATA_VALUES0 *inMetaValues, const FWPS_FILTER0 *filter, const FWPS_INCOMING_METADATA_VALUES0 *inMetaValues, const FWPS_FILTER0 *filter,
FWPS_CLASSIFY_OUT0 *classifyOut, int flagsField, int localIpField, int remoteIpField, FWPS_CLASSIFY_OUT0 *classifyOut, int flagsField, int localIpField, int remoteIpField,
int localPortField, int remotePortField, int ipProtoField, BOOL isIPv6, BOOL inbound, int localPortField, int remotePortField, int ipProtoField, BOOL isIPv6, BOOL inbound,
UINT32 classify_flags, const UINT32 *remote_ip, FORT_CONF_FLAGS conf_flags, UINT32 classify_flags, const UINT32 *remote_ip, FORT_CONF_FLAGS conf_flags,
UINT32 process_id, PCUNICODE_STRING path, PCUNICODE_STRING real_path, UINT32 process_id, PCUNICODE_STRING path, PCUNICODE_STRING real_path,
PFORT_CONF_REF conf_ref, INT8 *block_reason, BOOL blocked, PIRP *irp, ULONG_PTR *info) PFORT_CONF_REF conf_ref, INT8 *block_reason, BOOL *blocked, PIRP *irp, ULONG_PTR *info)
{ {
FORT_APP_FLAGS app_flags = FORT_APP_FLAGS app_flags =
fort_conf_app_find(&conf_ref->conf, path->Buffer, path->Length, fort_conf_exe_find); fort_conf_app_find(&conf_ref->conf, path->Buffer, path->Length, fort_conf_exe_find);
if (!blocked /* collect traffic, when Filter Disabled */ if (!*blocked /* collect traffic, when Filter Disabled */
|| (app_flags.v == 0 && conf_flags.allow_all_new) /* collect new Blocked Programs */ || (app_flags.v == 0 && conf_flags.allow_all_new) /* collect new Blocked Programs */
|| !fort_conf_app_blocked(&conf_ref->conf, app_flags, block_reason)) { || !fort_conf_app_blocked(&conf_ref->conf, app_flags, block_reason)) {
if (conf_flags.log_stat if (conf_flags.log_stat
&& fort_callout_classify_blocked_log_stat(inFixedValues, inMetaValues, filter, && fort_callout_classify_blocked_log_stat(inFixedValues, inMetaValues, filter,
classifyOut, flagsField, localIpField, remoteIpField, localPortField, classifyOut, flagsField, localIpField, remoteIpField, localPortField,
remotePortField, ipProtoField, isIPv6, inbound, classify_flags, remote_ip, remotePortField, ipProtoField, isIPv6, inbound, classify_flags, remote_ip,
conf_flags, process_id, real_path, conf_ref, block_reason, blocked, conf_flags, process_id, real_path, conf_ref, block_reason, *blocked,
app_flags, irp, info)) app_flags, irp, info)) {
return TRUE; /* blocked */ *blocked = TRUE; /* blocked */
return;
}
blocked = FALSE; /* allow */ *blocked = FALSE; /* allow */
} }
fort_callout_classify_blocked_log_path( fort_callout_classify_blocked_log_path(
conf_flags, process_id, path, real_path, conf_ref, blocked, app_flags, irp, info); conf_flags, process_id, path, real_path, conf_ref, *blocked, app_flags, irp, info);
return blocked;
} }
static BOOL fort_callout_classify_blocked(const FWPS_INCOMING_VALUES0 *inFixedValues, inline static BOOL fort_callout_classify_blocked_flags(const UINT32 *remote_ip, BOOL isIPv6,
const FWPS_INCOMING_METADATA_VALUES0 *inMetaValues, const FWPS_FILTER0 *filter, FORT_CONF_FLAGS conf_flags, PFORT_CONF_REF conf_ref, INT8 *block_reason, BOOL *blocked)
FWPS_CLASSIFY_OUT0 *classifyOut, int flagsField, int localIpField, int remoteIpField,
int localPortField, int remotePortField, int ipProtoField, BOOL isIPv6, BOOL inbound,
UINT32 classify_flags, const UINT32 *remote_ip, FORT_CONF_FLAGS conf_flags,
UINT32 process_id, PUNICODE_STRING path, PUNICODE_STRING real_path, PFORT_CONF_REF conf_ref,
INT8 *block_reason, PIRP *irp, ULONG_PTR *info)
{ {
BOOL blocked = TRUE;
if (conf_flags.filter_enabled) { if (conf_flags.filter_enabled) {
if (conf_flags.stop_traffic) if (conf_flags.stop_traffic) {
return TRUE; /* block all */ *blocked = TRUE; /* block all */
return TRUE;
}
if (!fort_conf_ip_is_inet(&conf_ref->conf, if (!fort_conf_ip_is_inet(&conf_ref->conf,
(fort_conf_zones_ip_included_func *) fort_conf_zones_ip_included, (fort_conf_zones_ip_included_func *) fort_conf_zones_ip_included,
&fort_device()->conf, remote_ip, isIPv6)) &fort_device()->conf, remote_ip, isIPv6)) {
return FALSE; /* allow LocalNetwork */ *blocked = FALSE; /* allow LocalNetwork */
return TRUE;
}
if (conf_flags.stop_inet_traffic) if (conf_flags.stop_inet_traffic) {
return TRUE; /* block Internet */ *blocked = TRUE; /* block Internet */
return TRUE;
}
if (!fort_conf_ip_inet_included(&conf_ref->conf, if (!fort_conf_ip_inet_included(&conf_ref->conf,
(fort_conf_zones_ip_included_func *) fort_conf_zones_ip_included, (fort_conf_zones_ip_included_func *) fort_conf_zones_ip_included,
&fort_device()->conf, remote_ip, isIPv6)) { &fort_device()->conf, remote_ip, isIPv6)) {
*block_reason = FORT_BLOCK_REASON_IP_INET; *block_reason = FORT_BLOCK_REASON_IP_INET;
return TRUE; /* block address */ *blocked = TRUE; /* block address */
return TRUE;
} }
} else { } else {
if (!(conf_flags.log_stat && conf_flags.log_stat_no_filter)) *blocked = FALSE;
return FALSE; /* allow (Filter Disabled) */
blocked = FALSE; if (!(conf_flags.log_stat && conf_flags.log_stat_no_filter))
return TRUE; /* allow (Filter Disabled) */
} }
return fort_callout_classify_blocked_log(inFixedValues, inMetaValues, filter, classifyOut, return FALSE;
flagsField, localIpField, remoteIpField, localPortField, remotePortField, ipProtoField,
isIPv6, inbound, classify_flags, remote_ip, conf_flags, process_id, path, real_path,
conf_ref, block_reason, blocked, irp, info);
} }
static void fort_callout_classify_check_conf(const FWPS_INCOMING_VALUES0 *inFixedValues, static void fort_callout_classify_check_conf(const FWPS_INCOMING_VALUES0 *inFixedValues,
@ -191,27 +209,22 @@ static void fort_callout_classify_check_conf(const FWPS_INCOMING_VALUES0 *inFixe
} }
INT8 block_reason = FORT_BLOCK_REASON_UNKNOWN; INT8 block_reason = FORT_BLOCK_REASON_UNKNOWN;
const BOOL blocked = fort_callout_classify_blocked(inFixedValues, inMetaValues, filter, BOOL blocked = TRUE;
classifyOut, flagsField, localIpField, remoteIpField, localPortField, remotePortField,
ipProtoField, isIPv6, inbound, classify_flags, remote_ip, conf_flags, process_id, &path, if (!fort_callout_classify_blocked_flags(
&real_path, conf_ref, &block_reason, irp, info); remote_ip, isIPv6, conf_flags, conf_ref, &block_reason, &blocked)) {
fort_callout_classify_blocked_log(inFixedValues, inMetaValues, filter, classifyOut,
flagsField, localIpField, remoteIpField, localPortField, remotePortField,
ipProtoField, isIPv6, inbound, classify_flags, remote_ip, conf_flags, process_id,
&path, &real_path, conf_ref, &block_reason, &blocked, irp, info);
}
if (blocked) { if (blocked) {
/* Log the blocked connection */ /* Log the blocked connection */
if (block_reason != FORT_BLOCK_REASON_UNKNOWN && conf_flags.log_blocked_ip) { fort_callout_classify_blocked_log_ip(inFixedValues, classifyOut, localIpField,
const UINT32 *local_ip = isIPv6 remoteIpField, localPortField, remotePortField, ipProtoField, isIPv6, inbound,
? (const UINT32 *) inFixedValues->incomingValue[localIpField].value.byteArray16 inherited, remote_ip, conf_flags, process_id, &real_path, block_reason, irp, info);
: &inFixedValues->incomingValue[localIpField].value.uint32;
const UINT16 local_port = inFixedValues->incomingValue[localPortField].value.uint16;
const UINT16 remote_port = inFixedValues->incomingValue[remotePortField].value.uint16;
const IPPROTO ip_proto =
(IPPROTO) inFixedValues->incomingValue[ipProtoField].value.uint8;
fort_buffer_blocked_ip_write(&fort_device()->buffer, isIPv6, inbound, inherited,
block_reason, ip_proto, local_port, remote_port, local_ip, remote_ip,
process_id, real_path.Length, real_path.Buffer, irp, info);
}
/* Block the connection */ /* Block the connection */
fort_callout_classify_block(classifyOut); fort_callout_classify_block(classifyOut);