/**
* Parses addrString into an IPv4 or IPv6 address, then determines
* whether the priority of the address is higher than the existing
* adaptor IP address (according to EnumIPSelectionPriority).
* If it is, then the new address is assigned as the adaptor IP address
* and used to populate adapter->userData->ipAddr.
* If two addresses have the same highest priority, then the first one seen
* is chosen.
*/
static void stringToAdaptorIp(PCWSTR addrString, SFLAdaptor *adaptor)
{
HSPAdaptorNIO *nioState = (HSPAdaptorNIO *)adaptor->userData;
IN_ADDR in_addr = {0};
LPCWSTR terminator;
LONG result = RtlIpv4StringToAddressW(addrString, TRUE, &terminator, &in_addr);
if (NO_ERROR == result) {
SFLAddress addrv4;
addrv4.type = SFLADDRESSTYPE_IP_V4;
addrv4.address.ip_v4.addr = in_addr.S_un.S_addr;
EnumIPSelectionPriority ipPriority = agentAddressPriority(&addrv4);
if (ipPriority > nioState->ipPriority) {
nioState->ipPriority = ipPriority;
nioState->ipAddr = addrv4;
}
} else {
IN6_ADDR in6_addr = {0};
result = RtlIpv6StringToAddressW(addrString, &terminator, &in6_addr);
if (NO_ERROR == result) {
SFLAddress addrv6;
addrv6.type = SFLADDRESSTYPE_IP_V6;
memcpy(addrv6.address.ip_v6.addr, in_addr6.u.Byte, sizeof(in6_addr.u.Byte));
EnumIPSelectionPriority ipPriority = agentAddressPriority(&addrv6);
if (ipPriority > nioState->ipPriority) {
nioState->ipPriority = ipPriority;
nioState->ipAddr = addrv6;
}
}
}
}
NTSTATUS
TLInspectLoadConfig(
_In_ const WDFKEY key
)
{
NTSTATUS status;
DECLARE_CONST_UNICODE_STRING(valueName, L"RemoteAddressToInspect");
DECLARE_UNICODE_STRING_SIZE(value, INET6_ADDRSTRLEN);
status = WdfRegistryQueryUnicodeString(key, &valueName, NULL, &value);
if (NT_SUCCESS(status))
{
PWSTR terminator;
// Defensively null-terminate the string
value.Length = min(value.Length, value.MaximumLength - sizeof(WCHAR));
value.Buffer[value.Length/sizeof(WCHAR)] = UNICODE_NULL;
status = RtlIpv4StringToAddressW(
value.Buffer,
TRUE,
&terminator,
&remoteAddrStorageV4
);
if (NT_SUCCESS(status))
{
remoteAddrStorageV4.S_un.S_addr =
RtlUlongByteSwap(remoteAddrStorageV4.S_un.S_addr);
configInspectRemoteAddrV4 = &remoteAddrStorageV4.S_un.S_un_b.s_b1;
}
else
{
status = RtlIpv6StringToAddressW(
value.Buffer,
&terminator,
&remoteAddrStorageV6
);
if (NT_SUCCESS(status))
{
configInspectRemoteAddrV6 = (UINT8*)(&remoteAddrStorageV6.u.Byte[0]);
}
}
}
return status;
}
void
DDProxyLoadConfig(
IN PUNICODE_STRING registryPath
)
{
NTSTATUS status;
OBJECT_ATTRIBUTES objectAttributes;
HANDLE registryKey;
UNICODE_STRING valueName;
UCHAR regValueStorage[sizeof(KEY_VALUE_PARTIAL_INFORMATION) +
INET6_ADDRSTRLEN * sizeof(WCHAR)];
KEY_VALUE_PARTIAL_INFORMATION* regValue =
(KEY_VALUE_PARTIAL_INFORMATION*)regValueStorage;
ULONG resultLength;
InitializeObjectAttributes(
&objectAttributes,
registryPath,
OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
NULL,
NULL
);
status = ZwOpenKey(
®istryKey,
KEY_READ,
&objectAttributes
);
if (NT_SUCCESS(status))
{
RtlInitUnicodeString(
&valueName,
L"InspectUdp"
);
status = ZwQueryValueKey(
registryKey,
&valueName,
KeyValuePartialInformation,
regValue,
sizeof(regValueStorage),
&resultLength
);
if (NT_SUCCESS(status))
{
if ((*(PULONG)regValue->Data) != 0)
{
configInspectUdp = TRUE;
}
else
{
configInspectUdp = FALSE;
}
}
RtlInitUnicodeString(
&valueName,
L"DestinationAddressToIntercept"
);
status = ZwQueryValueKey(
registryKey,
&valueName,
KeyValuePartialInformation,
regValue,
sizeof(regValueStorage),
&resultLength
);
if (NT_SUCCESS(status))
{
PWSTR terminator;
status = RtlIpv4StringToAddressW(
(PCWSTR)(regValue->Data),
TRUE,
&terminator,
&destAddrStorageV4
);
if (NT_SUCCESS(status))
{
destAddrStorageV4.S_un.S_addr =
RtlUlongByteSwap(destAddrStorageV4.S_un.S_addr);
configInspectDestAddrV4 = &destAddrStorageV4.S_un.S_un_b.s_b1;
}
else
{
status = RtlIpv6StringToAddressW(
(PCWSTR)(regValue->Data),
&terminator,
&destAddrStorageV6
);
if (NT_SUCCESS(status))
{
configInspectDestAddrV6 = (UINT8*)(&destAddrStorageV6.u.Byte[0]);
}
}
}
RtlInitUnicodeString(
&valueName,
L"DestinationPortToIntercept"
);
status = ZwQueryValueKey(
registryKey,
&valueName,
KeyValuePartialInformation,
regValue,
sizeof(regValueStorage),
&resultLength
);
if (NT_SUCCESS(status))
{
configInspectDestPort = (USHORT)(*(PULONG)regValue->Data);
}
RtlInitUnicodeString(
&valueName,
L"NewDestinationAddress"
);
status = ZwQueryValueKey(
registryKey,
&valueName,
KeyValuePartialInformation,
regValue,
sizeof(regValueStorage),
&resultLength
);
if (NT_SUCCESS(status))
{
PWSTR terminator;
status = RtlIpv4StringToAddressW(
(PCWSTR)(regValue->Data),
TRUE,
&terminator,
&newDestAddrStorageV4
);
if (NT_SUCCESS(status))
{
newDestAddrStorageV4.S_un.S_addr =
RtlUlongByteSwap(newDestAddrStorageV4.S_un.S_addr);
configNewDestAddrV4 = &newDestAddrStorageV4.S_un.S_un_b.s_b1;
}
else
{
status = RtlIpv6StringToAddressW(
(PCWSTR)(regValue->Data),
&terminator,
&newDestAddrStorageV6
);
if (NT_SUCCESS(status))
{
configNewDestAddrV6 = (UINT8*)(&newDestAddrStorageV6.u.Byte[0]);
}
}
}
RtlInitUnicodeString(
&valueName,
L"NewDestinationPort"
);
status = ZwQueryValueKey(
registryKey,
&valueName,
KeyValuePartialInformation,
regValue,
sizeof(regValueStorage),
&resultLength
);
if (NT_SUCCESS(status))
{
configNewDestPort = (USHORT)(*(PULONG)regValue->Data);
}
ZwClose(registryKey);
}
}
void
TLInspectLoadConfig(
IN PUNICODE_STRING registryPath
)
{
NTSTATUS status;
OBJECT_ATTRIBUTES objectAttributes;
UNICODE_STRING valueName;
KEY_VALUE_PARTIAL_INFORMATION* regValue =
(KEY_VALUE_PARTIAL_INFORMATION*)gRegValueStorage;
ULONG resultLength;
InitializeObjectAttributes(
&objectAttributes,
registryPath,
OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
NULL,
NULL
);
status = ZwOpenKey(
&gRegistryKey,
KEY_READ,
&objectAttributes
);
if (NT_SUCCESS(status))
{
RtlInitUnicodeString(
&valueName,
L"RemoteAddressToInspect"
);
status = ZwQueryValueKey(
gRegistryKey,
&valueName,
KeyValuePartialInformation,
regValue,
sizeof(gRegValueStorage),
&resultLength
);
if (NT_SUCCESS(status))
{
PWSTR terminator;
status = RtlIpv4StringToAddressW(
(PCWSTR)(regValue->Data),
TRUE,
&terminator,
&remoteAddrStorageV4
);
if (NT_SUCCESS(status))
{
remoteAddrStorageV4.S_un.S_addr =
RtlUlongByteSwap(remoteAddrStorageV4.S_un.S_addr);
configInspectRemoteAddrV4 = &remoteAddrStorageV4.S_un.S_un_b.s_b1;
}
else
{
status = RtlIpv6StringToAddressW(
(PCWSTR)(regValue->Data),
&terminator,
&remoteAddrStorageV6
);
if (NT_SUCCESS(status))
{
configInspectRemoteAddrV6 = (UINT8*)(&remoteAddrStorageV6.u.Byte[0]);
}
}
}
}
}
/**
* Finds the associated Win32_NetworkAdapterConfiguration for Win32_NetworkAdapter adapterObj.
* Iterates through the IP addresses associated with the adapter and chooses the highest
* priority IP address (according to EnumIPSelectionPriority) as the adapter address
* which is used to populate adapter->userData->ipAddr.
* If two addresses have the same highest priority, then the first one seen is chosen.
*/
void readIpAddresses(IWbemServices *pNamespace, IWbemClassObject *adapterObj, SFLAdaptor *adaptor)
{
IEnumWbemClassObject *configEnum;
HRESULT hr = associatorsOf(pNamespace, adapterObj,
L"Win32_NetworkAdapterSetting",
L"Win32_NetworkAdapterConfiguration",
L"Setting", &configEnum);
if (SUCCEEDED(hr)) {
IWbemClassObject *configObj;
ULONG configCount;
hr = configEnum->Next(WBEM_INFINITE, 1, &configObj, &configCount);
if (SUCCEEDED(hr) && configCount == 1) {
VARIANT addresses;
hr = configObj->Get(L"IPAddress", 0, &addresses, 0, 0);
if (WBEM_S_NO_ERROR == hr && addresses.vt == (VT_ARRAY |VT_BSTR)) {
SAFEARRAY *sa = V_ARRAY(&addresses);
LONG lstart, lend;
hr = SafeArrayGetLBound(sa, 1, &lstart);
hr = SafeArrayGetUBound(sa, 1, &lend);
BSTR *pbstr;
hr = SafeArrayAccessData(sa, (void HUGEP **)&pbstr);
if (SUCCEEDED(hr)) {
HSPAdaptorNIO *nioState = (HSPAdaptorNIO *)adaptor->userData;
for (LONG idx=lstart; idx <= lend; idx++) {
PCWSTR addrStr = pbstr[idx];
IN_ADDR in_addr = {0};
LPCWSTR terminator;
LONG result = RtlIpv4StringToAddressW(addrStr, TRUE, &terminator, &in_addr);
if (NO_ERROR == result) {
SFLAddress addrv4;
addrv4.type = SFLADDRESSTYPE_IP_V4;
addrv4.address.ip_v4.addr = in_addr.S_un.S_addr;
EnumIPSelectionPriority ipPriority = agentAddressPriority(&addrv4);
if (ipPriority > nioState->ipPriority) {
nioState->ipPriority = ipPriority;
nioState->ipAddr = addrv4;
}
} else {
IN6_ADDR in6_addr = {0};
result = RtlIpv6StringToAddressW(addrStr, &terminator, &in6_addr);
if (NO_ERROR == result) {
SFLAddress addrv6;
addrv6.type = SFLADDRESSTYPE_IP_V6;
memcpy(addrv6.address.ip_v6.addr, in_addr6.u.Byte, sizeof(in6_addr.u.Byte));
EnumIPSelectionPriority ipPriority = agentAddressPriority(&addrv6);
if (ipPriority > nioState->ipPriority) {
nioState->ipPriority = ipPriority;
nioState->ipAddr = addrv6;
}
}
}
}
SafeArrayUnaccessData(sa);
}
}
VariantClear(&addresses);
configObj->Release();
}
configEnum->Release();
}
}
