obj_tbl.h

基于TDI驱动编写的个人防火墙程序。包括驱动模块、应用层规则配置及加载模块。

// -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs)
//
// $Id: obj_tbl.h,v 1.2 2002/10/01 12:54:02 dev Exp $

#ifndef _obj_tbl_h_
#define _obj_tbl_h_

#include "filter.h"

NTSTATUS	ot_init(void);
void		ot_free(void);

#define FILEOBJ_CONTROLOBJ	0
#define FILEOBJ_ADDROBJ		1
#define FILEOBJ_CONNOBJ		2

NTSTATUS	ot_add_fileobj(
	PDEVICE_OBJECT devobj, PFILE_OBJECT fileobj, int fileobj_type, CONNECTION_CONTEXT conn_ctx,
	int no_guard);

NTSTATUS	ot_del_fileobj(
	PFILE_OBJECT fileobj, int *fileobj_type);

// maximum length of TDI_ADDRESS_TYPE_*
#define TDI_ADDRESS_MAX_LENGTH	TDI_ADDRESS_LENGTH_OSI_TSAP
#define TA_ADDRESS_MAX			(sizeof(TA_ADDRESS) - 1 + TDI_ADDRESS_MAX_LENGTH)
#define TDI_ADDRESS_INFO_MAX	(sizeof(TDI_ADDRESS_INFO) - 1 + TDI_ADDRESS_MAX_LENGTH)

// max event index
#ifdef TDI_EVENT_ERROR_EX
// 2k
#	define MAX_EVENT	(TDI_EVENT_ERROR_EX + 1)
#else
// NT4
#	define MAX_EVENT	(TDI_EVENT_CHAINED_RECEIVE_EXPEDITED + 1)
#endif

/* replaced context */
typedef struct {
	PFILE_OBJECT	fileobj;		/* address object */
    PVOID			old_handler;	/* old event handler */
    PVOID			old_context;	/* old event handler context */
} TDI_EVENT_CONTEXT;

struct ot_entry {
	ULONG signature;
	struct ot_entry		*next;
	
	ULONG				pid;
	
	PDEVICE_OBJECT		devobj;
	PFILE_OBJECT		fileobj;
	PFILE_OBJECT		associated_fileobj;
	
	int					type;
	
	TDI_EVENT_CONTEXT	ctx[MAX_EVENT];
	UCHAR				local_addr[TA_ADDRESS_MAX];
	UCHAR				remote_addr[TA_ADDRESS_MAX];

	CONNECTION_CONTEXT	conn_ctx;
};

struct ot_entry	*ot_find_fileobj(PFILE_OBJECT fileobj, KIRQL *irql);
// Note: don't forget KeReleaseSpinLock(&g_ot_hash_guard, irql);

extern KSPIN_LOCK g_ot_hash_guard;

NTSTATUS	ot_add_conn_ctx(
	PFILE_OBJECT addrobj, CONNECTION_CONTEXT conn_ctx, PFILE_OBJECT connobj);

NTSTATUS	ot_del_conn_ctx(
	PFILE_OBJECT addrobj, CONNECTION_CONTEXT conn_ctx);

PFILE_OBJECT ot_find_conn_ctx(
	PFILE_OBJECT addrobj, CONNECTION_CONTEXT conn_ctx);

#endif