// Initialize the IPsec helper module for Windows 7
IPSEC_WIN7 *IPsecWin7Init()
{
IPSEC_WIN7 *w;
FWPM_SESSION0 session;
UINT ret;
FWPM_FILTER0 filter;
UINT64 weight = MAXUINT64;
Debug("IPsecWin7Init()\n");
if (MsIsVista() == false)
{
return NULL;
}
if (MsIsAdmin() == false)
{
return NULL;
}
if (IPsecWin7InitApi() == false)
{
return NULL;
}
// Driver Initialization
if (IPsecWin7InitDriver() == false)
{
return NULL;
}
// Open the WFP (Dynamic Session)
Zero(&session, sizeof(session));
session.flags = FWPM_SESSION_FLAG_DYNAMIC;
w = ZeroMalloc(sizeof(IPSEC_WIN7));
ret = api->FwpmEngineOpen0(NULL, RPC_C_AUTHN_DEFAULT, NULL, &session, &w->hEngine);
if (ret)
{
Debug("FwpmEngineOpen0 Failed.\n");
IPsecWin7Free(w);
return NULL;
}
// Create the Filter (IPv4)
Zero(&filter, sizeof(filter));
filter.flags = FWPM_FILTER_FLAG_PERMIT_IF_CALLOUT_UNREGISTERED;
filter.layerKey = FWPM_LAYER_INBOUND_IPPACKET_V4;
filter.weight.type = FWP_UINT64;
filter.weight.uint64 = &weight;
filter.action.type = FWP_ACTION_CALLOUT_UNKNOWN;
filter.action.calloutKey = GUID_WFP_CALLOUT_DRIVER_V4;
filter.displayData.name = IPSEC_WIN7_FILTER_TITLE_V4;
ret = api->FwpmFilterAdd0(w->hEngine, &filter, NULL, &w->FilterIPv4Id);
if (ret)
{
Debug("FwpmFilterAdd0 for IPv4 Failed: 0x%X\n", ret);
}
else
{
Debug("FwpmFilterAdd0 for IPv4 Ok.\n");
}
// Create the Filter (IPv6)
Zero(&filter, sizeof(filter));
filter.flags = FWPM_FILTER_FLAG_PERMIT_IF_CALLOUT_UNREGISTERED;
filter.layerKey = FWPM_LAYER_INBOUND_IPPACKET_V6;
filter.weight.type = FWP_UINT64;
filter.weight.uint64 = &weight;
filter.action.type = FWP_ACTION_CALLOUT_UNKNOWN;
filter.action.calloutKey = GUID_WFP_CALLOUT_DRIVER_V6;
filter.displayData.name = IPSEC_WIN7_FILTER_TITLE_V6;
ret = api->FwpmFilterAdd0(w->hEngine, &filter, NULL, &w->FilterIPv6Id);
if (ret)
{
Debug("FwpmFilterAdd0 for IPv6 Failed: 0x%X\n", ret);
}
else
{
Debug("FwpmFilterAdd0 for IPv6 Ok.\n");
}
// Open the device of the driver as a file
w->hDriverFile = CreateFileA(WFP_DEVICE_FILE_NAME, GENERIC_READ | GENERIC_WRITE,
FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL);
if (w->hDriverFile == NULL || w->hDriverFile == INVALID_HANDLE_VALUE)
{
Debug("CreateFileA(\"%s\") Failed.\n", WFP_DEVICE_FILE_NAME);
IPsecWin7Free(w);
return NULL;
}
IPsecWin7UpdateHostIPAddressList(w);
Debug("IPsecWin7Init() Ok.\n");
return w;
}
// Monitoring process main
bool IPsecCheckOsService(IPSEC_SERVER *s)
{
bool b_ipsec;
IPSEC_SERVICES sl;
bool ret = false;
// Validate arguments
if (s == NULL)
{
return false;
}
IPsecServerGetServices(s, &sl);
b_ipsec = (sl.EtherIP_IPsec || sl.L2TP_IPsec);
if (b_ipsec != s->Check_LastEnabledStatus)
{
s->Check_LastEnabledStatus = b_ipsec;
if (b_ipsec)
{
// Use of IPsec has been started
#ifdef OS_WIN32
if (s->Win7 == NULL)
{
s->Win7 = IPsecWin7Init();
s->HostIPAddressListChanged = true;
}
s->OsServiceStoped = false;
#else // OS_WIN32
#endif // OS_WIN32
}
else
{
// Use of IPsec is stopped
#ifdef OS_WIN32
if (s->Win7 != NULL)
{
IPsecWin7Free(s->Win7);
s->Win7 = NULL;
}
if (s->OsServiceStoped)
{
MsStartIPsecService();
s->OsServiceStoped = false;
}
#else // OS_WIN32
UnixSetEnableKernelEspProcessing(true);
#endif // OS_WIN32
}
}
if (b_ipsec)
{
#ifdef OS_WIN32
if (MsStopIPsecService())
{
s->OsServiceStoped = true;
ret = true;
}
#else // OS_WIN32
UnixSetEnableKernelEspProcessing(false);
#endif // OS_WIN32
}
#ifdef OS_WIN32
if (s->Win7 != NULL)
{
IPsecWin7UpdateHostIPAddressList(s->Win7);
s->HostIPAddressListChanged = false;
}
#endif // OS_WIN32
return ret;
}
