// Initialize the IPsec helper module for Windows 7 IPSEC_WIN7 *IPsecWin7Init() { IPSEC_WIN7 *w; FWPM_SESSION0 session; UINT ret; FWPM_FILTER0 filter; UINT64 weight = MAXUINT64; Debug("IPsecWin7Init()\n"); if (MsIsVista() == false) { return NULL; } if (MsIsAdmin() == false) { return NULL; } if (IPsecWin7InitApi() == false) { return NULL; } // Driver Initialization if (IPsecWin7InitDriver() == false) { return NULL; } // Open the WFP (Dynamic Session) Zero(&session, sizeof(session)); session.flags = FWPM_SESSION_FLAG_DYNAMIC; w = ZeroMalloc(sizeof(IPSEC_WIN7)); ret = api->FwpmEngineOpen0(NULL, RPC_C_AUTHN_DEFAULT, NULL, &session, &w->hEngine); if (ret) { Debug("FwpmEngineOpen0 Failed.\n"); IPsecWin7Free(w); return NULL; } // Create the Filter (IPv4) Zero(&filter, sizeof(filter)); filter.flags = FWPM_FILTER_FLAG_PERMIT_IF_CALLOUT_UNREGISTERED; filter.layerKey = FWPM_LAYER_INBOUND_IPPACKET_V4; filter.weight.type = FWP_UINT64; filter.weight.uint64 = &weight; filter.action.type = FWP_ACTION_CALLOUT_UNKNOWN; filter.action.calloutKey = GUID_WFP_CALLOUT_DRIVER_V4; filter.displayData.name = IPSEC_WIN7_FILTER_TITLE_V4; ret = api->FwpmFilterAdd0(w->hEngine, &filter, NULL, &w->FilterIPv4Id); if (ret) { Debug("FwpmFilterAdd0 for IPv4 Failed: 0x%X\n", ret); } else { Debug("FwpmFilterAdd0 for IPv4 Ok.\n"); } // Create the Filter (IPv6) Zero(&filter, sizeof(filter)); filter.flags = FWPM_FILTER_FLAG_PERMIT_IF_CALLOUT_UNREGISTERED; filter.layerKey = FWPM_LAYER_INBOUND_IPPACKET_V6; filter.weight.type = FWP_UINT64; filter.weight.uint64 = &weight; filter.action.type = FWP_ACTION_CALLOUT_UNKNOWN; filter.action.calloutKey = GUID_WFP_CALLOUT_DRIVER_V6; filter.displayData.name = IPSEC_WIN7_FILTER_TITLE_V6; ret = api->FwpmFilterAdd0(w->hEngine, &filter, NULL, &w->FilterIPv6Id); if (ret) { Debug("FwpmFilterAdd0 for IPv6 Failed: 0x%X\n", ret); } else { Debug("FwpmFilterAdd0 for IPv6 Ok.\n"); } // Open the device of the driver as a file w->hDriverFile = CreateFileA(WFP_DEVICE_FILE_NAME, GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL); if (w->hDriverFile == NULL || w->hDriverFile == INVALID_HANDLE_VALUE) { Debug("CreateFileA(\"%s\") Failed.\n", WFP_DEVICE_FILE_NAME); IPsecWin7Free(w); return NULL; } IPsecWin7UpdateHostIPAddressList(w); Debug("IPsecWin7Init() Ok.\n"); return w; }
// Monitoring process main bool IPsecCheckOsService(IPSEC_SERVER *s) { bool b_ipsec; IPSEC_SERVICES sl; bool ret = false; // Validate arguments if (s == NULL) { return false; } IPsecServerGetServices(s, &sl); b_ipsec = (sl.EtherIP_IPsec || sl.L2TP_IPsec); if (b_ipsec != s->Check_LastEnabledStatus) { s->Check_LastEnabledStatus = b_ipsec; if (b_ipsec) { // Use of IPsec has been started #ifdef OS_WIN32 if (s->Win7 == NULL) { s->Win7 = IPsecWin7Init(); s->HostIPAddressListChanged = true; } s->OsServiceStoped = false; #else // OS_WIN32 #endif // OS_WIN32 } else { // Use of IPsec is stopped #ifdef OS_WIN32 if (s->Win7 != NULL) { IPsecWin7Free(s->Win7); s->Win7 = NULL; } if (s->OsServiceStoped) { MsStartIPsecService(); s->OsServiceStoped = false; } #else // OS_WIN32 UnixSetEnableKernelEspProcessing(true); #endif // OS_WIN32 } } if (b_ipsec) { #ifdef OS_WIN32 if (MsStopIPsecService()) { s->OsServiceStoped = true; ret = true; } #else // OS_WIN32 UnixSetEnableKernelEspProcessing(false); #endif // OS_WIN32 } #ifdef OS_WIN32 if (s->Win7 != NULL) { IPsecWin7UpdateHostIPAddressList(s->Win7); s->HostIPAddressListChanged = false; } #endif // OS_WIN32 return ret; }