NTSTATUS
DDProxyRegisterCallouts(
IN void* deviceObject
)
/* ++
This function registers dynamic callouts and filters that intercept UDP or
non-error ICMP traffic at WFP FWPM_LAYER_DATAGRAM_DATA_V{4|6} and
FWPM_LAYER_ALE_FLOW_ESTABLISHED_V{4|6} layers.
Callouts and filters will be removed during DriverUnload.
-- */
{
NTSTATUS status = STATUS_SUCCESS;
FWPM_SUBLAYER0 DDProxySubLayer;
BOOLEAN engineOpened = FALSE;
BOOLEAN inTransaction = FALSE;
FWPM_SESSION0 session = {0};
session.flags = FWPM_SESSION_FLAG_DYNAMIC;
status = FwpmEngineOpen0(
NULL,
RPC_C_AUTHN_WINNT,
NULL,
&session,
&gEngineHandle
);
if (!NT_SUCCESS(status))
{
goto Exit;
}
engineOpened = TRUE;
status = FwpmTransactionBegin0(gEngineHandle, 0);
if (!NT_SUCCESS(status))
{
goto Exit;
}
inTransaction = TRUE;
RtlZeroMemory(&DDProxySubLayer, sizeof(FWPM_SUBLAYER0));
DDProxySubLayer.subLayerKey = DD_PROXY_SUBLAYER;
DDProxySubLayer.displayData.name = L"Datagram-Data Proxy Sub-Layer";
DDProxySubLayer.displayData.description =
L"Sub-Layer for use by Datagram-Data Proxy callouts";
DDProxySubLayer.flags = 0;
DDProxySubLayer.weight = FWP_EMPTY; // auto-weight.;
status = FwpmSubLayerAdd0(gEngineHandle, &DDProxySubLayer, NULL);
if (!NT_SUCCESS(status))
{
goto Exit;
}
status = DDProxyRegisterFlowEstablishedCallouts(
&FWPM_LAYER_ALE_FLOW_ESTABLISHED_V4,
&DD_PROXY_FLOW_ESTABLISHED_CALLOUT_V4,
deviceObject,
&gFlowEstablishedCalloutIdV4
);
if (!NT_SUCCESS(status))
{
goto Exit;
}
status = DDProxyRegisterFlowEstablishedCallouts(
&FWPM_LAYER_ALE_FLOW_ESTABLISHED_V6,
&DD_PROXY_FLOW_ESTABLISHED_CALLOUT_V6,
deviceObject,
&gFlowEstablishedCalloutIdV6
);
if (!NT_SUCCESS(status))
{
goto Exit;
}
status = DDProxyRegisterDatagramDataCallouts(
&FWPM_LAYER_DATAGRAM_DATA_V4,
&DD_PROXY_CALLOUT_V4,
deviceObject,
&gCalloutIdV4
);
if (!NT_SUCCESS(status))
{
goto Exit;
}
status = DDProxyRegisterDatagramDataCallouts(
&FWPM_LAYER_DATAGRAM_DATA_V6,
&DD_PROXY_CALLOUT_V6,
deviceObject,
&gCalloutIdV6
);
if (!NT_SUCCESS(status))
{
goto Exit;
}
status = FwpmTransactionCommit0(gEngineHandle);
if (!NT_SUCCESS(status))
{
goto Exit;
}
inTransaction = FALSE;
Exit:
if (!NT_SUCCESS(status))
{
if (inTransaction)
{
FwpmTransactionAbort0(gEngineHandle);
}
if (engineOpened)
{
FwpmEngineClose0(gEngineHandle);
gEngineHandle = NULL;
}
}
return status;
}
NTSTATUS
TLInspectRegisterCallouts(
IN void* deviceObject
)
/* ++
This function registers dynamic callouts and filters that intercept
transport traffic at ALE AUTH_CONNECT/AUTH_RECV_ACCEPT and
INBOUND/OUTBOUND transport layers.
Callouts and filters will be removed during DriverUnload.
-- */
{
NTSTATUS status = STATUS_SUCCESS;
FWPM_SUBLAYER0 TLInspectSubLayer;
BOOLEAN engineOpened = FALSE;
BOOLEAN inTransaction = FALSE;
FWPM_SESSION0 session = {0};
session.flags = FWPM_SESSION_FLAG_DYNAMIC;
status = FwpmEngineOpen0(
NULL,
RPC_C_AUTHN_WINNT,
NULL,
&session,
&gEngineHandle
);
if (!NT_SUCCESS(status))
{
goto Exit;
}
engineOpened = TRUE;
status = FwpmTransactionBegin0(gEngineHandle, 0);
if (!NT_SUCCESS(status))
{
goto Exit;
}
inTransaction = TRUE;
RtlZeroMemory(&TLInspectSubLayer, sizeof(FWPM_SUBLAYER0));
TLInspectSubLayer.subLayerKey = TL_INSPECT_SUBLAYER;
TLInspectSubLayer.displayData.name = L"Transport Inspect Sub-Layer";
TLInspectSubLayer.displayData.description =
L"Sub-Layer for use by Transport Inspect callouts";
TLInspectSubLayer.flags = 0;
TLInspectSubLayer.weight = 0; // must be less than the weight of
// FWPM_SUBLAYER_UNIVERSAL to be
// compatible with Vista's IpSec
// implementation.
status = FwpmSubLayerAdd0(gEngineHandle, &TLInspectSubLayer, NULL);
if (!NT_SUCCESS(status))
{
goto Exit;
}
//if (configInspectRemoteAddrV4 != NULL)
{
/*
status = TLInspectRegisterALEClassifyCallouts(
&FWPM_LAYER_ALE_AUTH_CONNECT_V4,
&TL_INSPECT_ALE_CONNECT_CALLOUT_V4,
deviceObject,
&gAleConnectCalloutIdV4
);
if (!NT_SUCCESS(status))
{
goto Exit;
}
status = TLInspectRegisterALEClassifyCallouts(
&FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4,
&TL_INSPECT_ALE_RECV_ACCEPT_CALLOUT_V4,
deviceObject,
&gAleRecvAcceptCalloutIdV4
);
if (!NT_SUCCESS(status))
{
goto Exit;
}
*/
status = TLInspectRegisterTransportCallouts(
&FWPM_LAYER_OUTBOUND_TRANSPORT_V4,
&TL_INSPECT_OUTBOUND_TRANSPORT_CALLOUT_V4,
deviceObject,
&gOutboundTlCalloutIdV4
);
if (!NT_SUCCESS(status))
{
goto Exit;
}
status = TLInspectRegisterTransportCallouts(
&FWPM_LAYER_INBOUND_TRANSPORT_V4,
&TL_INSPECT_INBOUND_TRANSPORT_CALLOUT_V4,
deviceObject,
&gInboundTlCalloutIdV4
);
if (!NT_SUCCESS(status))
{
goto Exit;
}
}
/*
if (configInspectRemoteAddrV6 != NULL)
{
status = TLInspectRegisterALEClassifyCallouts(
&FWPM_LAYER_ALE_AUTH_CONNECT_V6,
&TL_INSPECT_ALE_CONNECT_CALLOUT_V6,
deviceObject,
&gAleConnectCalloutIdV6
);
if (!NT_SUCCESS(status))
{
goto Exit;
}
status = TLInspectRegisterALEClassifyCallouts(
&FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V6,
&TL_INSPECT_ALE_RECV_ACCEPT_CALLOUT_V6,
deviceObject,
&gAleRecvAcceptCalloutIdV6
);
if (!NT_SUCCESS(status))
{
goto Exit;
}
status = TLInspectRegisterTransportCallouts(
&FWPM_LAYER_OUTBOUND_TRANSPORT_V6,
&TL_INSPECT_OUTBOUND_TRANSPORT_CALLOUT_V6,
deviceObject,
&gOutboundTlCalloutIdV6
);
if (!NT_SUCCESS(status))
{
goto Exit;
}
status = TLInspectRegisterTransportCallouts(
&FWPM_LAYER_INBOUND_TRANSPORT_V6,
&TL_INSPECT_INBOUND_TRANSPORT_CALLOUT_V6,
deviceObject,
&gInboundTlCalloutIdV6
);
if (!NT_SUCCESS(status))
{
goto Exit;
}
}
*/
status = FwpmTransactionCommit0(gEngineHandle);
if (!NT_SUCCESS(status))
{
goto Exit;
}
inTransaction = FALSE;
Exit:
if (!NT_SUCCESS(status))
{
if (inTransaction)
{
FwpmTransactionAbort0(gEngineHandle);
}
if (engineOpened)
{
FwpmEngineClose0(gEngineHandle);
gEngineHandle = NULL;
}
}
return status;
}