VOID* __RPC_USER MIDL_user_allocate(/* _In_ */ size_t size)
{
BYTE* pBuffer = 0;
if(size)
{
HLPR_NEW_ARRAY(pBuffer,
BYTE,
size);
}
return pBuffer;
}
/**
@helper_function="HlprLogError"
Purpose: Log an error message to the console. <br>
<br>
Notes: <br>
<br>
MSDN_Ref: <br>
*/
VOID HlprLogError(_In_ PCWSTR pMessage,
...)
{
ASSERT(pMessage);
UINT32 status = NO_ERROR;
PCWSTR pFormatMessage = L"ERROR: %s\n";
PWSTR pActualMessage = 0;
size_t size = 0;
size_t actualSize = 11; /// Size of format Message and room for NULL Terminator '\0'
WCHAR pLogMessage[MAX_CHARS] = {0};
va_list argumentList;
va_start(argumentList,
pMessage);
status = StringCchVPrintf(pLogMessage,
MAX_CHARS,
pMessage,
argumentList);
if(status != NO_ERROR)
{
wprintf(L"HlprLogError : StringCchVPrintf() [status: %#x]",
status);
HLPR_BAIL;
}
status = StringCchLength(pLogMessage,
STRSAFE_MAX_CCH,
&size);
if(status != NO_ERROR)
{
wprintf(L"HlprLogError : StringCchLength() [status: %#x]",
status);
HLPR_BAIL;
}
actualSize += size;
HLPR_NEW_ARRAY(pActualMessage,
WCHAR,
actualSize);
HLPR_BAIL_ON_ALLOC_FAILURE(pActualMessage,
status);
status = StringCchPrintf(pActualMessage,
actualSize,
pFormatMessage,
pLogMessage);
if(status != NO_ERROR)
{
wprintf(L"HlprLogError : StringCchPrintf() [status: %#x]",
status);
HLPR_BAIL;
}
wprintf(pActualMessage);
HLPR_BAIL_LABEL:
va_end(argumentList);
HLPR_DELETE_ARRAY(pActualMessage);
return;
}
NTSTATUS PrvCloneAuthorizedNBLAndInject(_Inout_ CLASSIFY_DATA** ppClassifyData,
_Inout_ INJECTION_DATA** ppInjectionData)
{
#if DBG
DbgPrintEx(DPFLTR_IHVNETWORK_ID,
DPFLTR_INFO_LEVEL,
" ---> PrvCloneAuthorizedNBLAndInject()\n");
#endif /// DBG
NT_ASSERT(ppClassifyData);
NT_ASSERT(ppInjectionData);
NT_ASSERT(*ppClassifyData);
NT_ASSERT(*ppInjectionData);
NTSTATUS status = STATUS_SUCCESS;
FWPS_INCOMING_VALUES* pClassifyValues = (FWPS_INCOMING_VALUES*)(*ppClassifyData)->pClassifyValues;
FWPS_INCOMING_METADATA_VALUES* pMetadata = (FWPS_INCOMING_METADATA_VALUES*)(*ppClassifyData)->pMetadataValues;
UINT32 bytesRetreated = 0;
COMPARTMENT_ID compartmentID = UNSPECIFIED_COMPARTMENT_ID;
BOOLEAN isInbound = FALSE;
NET_BUFFER_LIST* pNetBufferList = 0;
PEND_AUTHORIZATION_COMPLETION_DATA* pCompletionData = 0;
FWPS_TRANSPORT_SEND_PARAMS* pSendParams = 0;
BYTE* pRemoteAddress = 0;
#pragma warning(push)
#pragma warning(disable: 6014) /// pCompletionData will be freed in completionFn using PendAuthorizationCompletionDataDestroy
HLPR_NEW(pCompletionData,
PEND_AUTHORIZATION_COMPLETION_DATA,
WFPSAMPLER_CALLOUT_DRIVER_TAG);
HLPR_BAIL_ON_ALLOC_FAILURE(pCompletionData,
status);
HLPR_NEW(pSendParams,
FWPS_TRANSPORT_SEND_PARAMS,
WFPSAMPLER_CALLOUT_DRIVER_TAG);
HLPR_BAIL_ON_ALLOC_FAILURE(pSendParams,
status);
#pragma warning(pop)
KeInitializeSpinLock(&(pCompletionData->spinLock));
pCompletionData->performedInline = FALSE;
pCompletionData->pClassifyData = *ppClassifyData;
pCompletionData->pInjectionData = *ppInjectionData;
pCompletionData->pSendParams = pSendParams;
/// Responsibility for freeing this memory has been transferred to the pCompletionData
*ppClassifyData = 0;
*ppInjectionData = 0;
pSendParams = 0;
if(pCompletionData->pInjectionData->direction == FWP_DIRECTION_INBOUND)
isInbound = TRUE;
if(FWPS_IS_METADATA_FIELD_PRESENT(pMetadata,
FWPS_METADATA_FIELD_COMPARTMENT_ID))
compartmentID = (COMPARTMENT_ID)pMetadata->compartmentId;
if(FWPS_IS_METADATA_FIELD_PRESENT(pMetadata,
FWPS_METADATA_FIELD_IP_HEADER_SIZE))
bytesRetreated = pMetadata->ipHeaderSize;
if(FWPS_IS_METADATA_FIELD_PRESENT(pMetadata,
FWPS_METADATA_FIELD_TRANSPORT_HEADER_SIZE))
bytesRetreated += pMetadata->transportHeaderSize;
if(pClassifyValues->layerId == FWPS_LAYER_ALE_AUTH_RECV_ACCEPT_V4 ||
pClassifyValues->layerId == FWPS_LAYER_ALE_AUTH_RECV_ACCEPT_V6)
{
if(isInbound) /// NBL offset is at the start of the transport header ...
{
if(bytesRetreated)
{
/// so retreat (size of IP Header) to clone the whole NBL
status = NdisRetreatNetBufferDataStart(NET_BUFFER_LIST_FIRST_NB((NET_BUFFER_LIST*)pCompletionData->pClassifyData->pPacket),
bytesRetreated,
0,
0);
if(status != STATUS_SUCCESS)
{
DbgPrintEx(DPFLTR_IHVNETWORK_ID,
DPFLTR_ERROR_LEVEL,
" !!!! PrvCloneAuthorizedNBLAndInject: NdisRetreatNetBufferDataStart() [status: %#x]\n",
status);
HLPR_BAIL;
}
}
}
}
else if(pClassifyValues->layerId == FWPS_LAYER_ALE_AUTH_CONNECT_V4 ||
pClassifyValues->layerId == FWPS_LAYER_ALE_AUTH_CONNECT_V6)
{
/// NBL offset is at the Transport Header, and no IP Header is present yet
bytesRetreated = 0;
isInbound = FALSE;
}
else
{
status = STATUS_FWP_INCOMPATIBLE_LAYER;
HLPR_BAIL;
}
status = FwpsAllocateCloneNetBufferList((NET_BUFFER_LIST*)(pCompletionData->pClassifyData->pPacket),
g_pNDISPoolData->nblPoolHandle,
g_pNDISPoolData->nbPoolHandle,
0,
&pNetBufferList);
if(bytesRetreated)
{
/// Advance the NBL offset so we are back at the expected position in the NET_BUFFER_LIST
NdisAdvanceNetBufferDataStart(NET_BUFFER_LIST_FIRST_NB((NET_BUFFER_LIST*)pCompletionData->pClassifyData->pPacket),
bytesRetreated,
FALSE,
0);
}
if(status != STATUS_SUCCESS)
{
DbgPrintEx(DPFLTR_IHVNETWORK_ID,
DPFLTR_ERROR_LEVEL,
" !!!! PrvCloneAuthorizedNBLAndInject : FwpsAllocateCloneNetBufferList() [status: %#x]\n",
status);
HLPR_BAIL;
}
if(isInbound)
{
FWP_VALUE* pInterfaceIndex = KrnlHlprFwpValueGetFromFwpsIncomingValues(pClassifyValues,
&FWPM_CONDITION_INTERFACE_INDEX);
FWP_VALUE* pSubInterfaceIndex = KrnlHlprFwpValueGetFromFwpsIncomingValues(pClassifyValues,
&FWPM_CONDITION_SUB_INTERFACE_INDEX);
IF_INDEX interfaceIndex = 0;
IF_INDEX subInterfaceIndex = 0;
if(pInterfaceIndex &&
pInterfaceIndex->type == FWP_UINT32)
interfaceIndex = (IF_INDEX)pInterfaceIndex->uint32;
if(pSubInterfaceIndex &&
pSubInterfaceIndex->type == FWP_UINT32)
subInterfaceIndex = (IF_INDEX)pSubInterfaceIndex->uint32;
status = FwpsInjectTransportReceiveAsync(pCompletionData->pInjectionData->injectionHandle,
pCompletionData->pInjectionData->injectionContext,
0,
0,
pCompletionData->pInjectionData->addressFamily,
compartmentID,
interfaceIndex,
subInterfaceIndex,
pNetBufferList,
CompletePendAuthorization,
pCompletionData);
}
else
{
UINT64 endpointHandle = 0;
FWP_VALUE* pAddressValue = 0;
if(FWPS_IS_METADATA_FIELD_PRESENT(pMetadata,
FWPS_METADATA_FIELD_TRANSPORT_ENDPOINT_HANDLE))
endpointHandle = pMetadata->transportEndpointHandle;
pAddressValue = KrnlHlprFwpValueGetFromFwpsIncomingValues(pClassifyValues,
&FWPM_CONDITION_IP_REMOTE_ADDRESS);
if(pAddressValue)
{
if(pCompletionData->pInjectionData->addressFamily == AF_INET)
{
UINT32 tempAddress = htonl(pAddressValue->uint32);
#pragma warning(push)
#pragma warning(disable: 6014) /// pRemoteAddress will be freed in completionFn using PendAuthorizationCompletionDataDestroy
HLPR_NEW_ARRAY(pRemoteAddress,
BYTE,
IPV4_ADDRESS_SIZE,
WFPSAMPLER_CALLOUT_DRIVER_TAG);
HLPR_BAIL_ON_ALLOC_FAILURE(pRemoteAddress,
status);
#pragma warning(pop)
RtlCopyMemory(pRemoteAddress,
&tempAddress,
IPV4_ADDRESS_SIZE);
}
else
{
#pragma warning(push)
#pragma warning(disable: 6014) /// pRemoteAddress will be freed in completionFn using PendAuthorizationCompletionDataDestroy
HLPR_NEW_ARRAY(pRemoteAddress,
BYTE,
IPV6_ADDRESS_SIZE,
WFPSAMPLER_CALLOUT_DRIVER_TAG);
HLPR_BAIL_ON_ALLOC_FAILURE(pRemoteAddress,
status);
#pragma warning(pop)
RtlCopyMemory(pRemoteAddress,
pAddressValue->byteArray16->byteArray16,
IPV6_ADDRESS_SIZE);
if(FWPS_IS_METADATA_FIELD_PRESENT(pMetadata,
FWPS_METADATA_FIELD_REMOTE_SCOPE_ID))
pCompletionData->pSendParams->remoteScopeId = pMetadata->remoteScopeId;
}
pCompletionData->pSendParams->remoteAddress = pRemoteAddress;
}
pCompletionData->refCount = KrnlHlprNBLGetRequiredRefCount(pNetBufferList);
status = FwpsInjectTransportSendAsync(pCompletionData->pInjectionData->injectionHandle,
pCompletionData->pInjectionData->injectionContext,
endpointHandle,
0,
pCompletionData->pSendParams,
pCompletionData->pInjectionData->addressFamily,
compartmentID,
pNetBufferList,
CompletePendAuthorization,
pCompletionData);
}
HLPR_BAIL_LABEL:
if(status != STATUS_SUCCESS)
{
if(pNetBufferList)
{
FwpsFreeCloneNetBufferList(pNetBufferList,
0);
pNetBufferList = 0;
}
if(pCompletionData)
PendAuthorizationCompletionDataDestroy(&pCompletionData,
TRUE);
}
#if DBG
DbgPrintEx(DPFLTR_IHVNETWORK_ID,
DPFLTR_INFO_LEVEL,
" <--- PrvCloneAuthorizedNBLAndInject() [status: %#x]\n",
status);
#endif /// DBG
return status;
}
