filteritem.c

DDK中的PassThru

		JudgeRecordInclude(			
			InputValue,							
			InputMin,							
			InputMax,							
			InputCount,
			iTempFlag );									
												
		switch(InputOperate)					
		{										
		case OrOperateType:						
			(*InputRetFlag) = (*InputRetFlag) | iTempFlag;			
			
			break;								
												
		case AndOperateType:					
	//If the context 's operate is (And)
	//And the value is Exclude,
	//Should return 0 
	//which mean that the total flag(Include Or Not) is Exclude.
			//if(!iTempFlag)			
			if(!iTempFlag)
				return 1;
			else
				*InputRetFlag=iTempFlag;
			
			break;								
												
		default:								
			//No handle.

			break;								
		}											
	}				
	
	return 0;
}

//Judge whether the input data Include in filter item or not.
//If Include,return NoZero;
//Else return Zero.

//Note: the filter only handle Ethernet packet!!!
int JudgeItemInclude(
		SpecialCode		*pInputSpecialCode,
		FilterContext	*pInputFilterContext
	)
{
	TcpArg		*pTempTcpArg;
	TcpParam	*pTempTcpParam;

	IcmpArg		*pTempIcmpArg;
	IcmpParam	*pTempIcmpParam;

	int iTempRetFlag=0;
	
//Src Ip Address. 
	if(pInputFilterContext->SrcIpOperate)
	{
		if(  MatchOneContext(
					pInputFilterContext->SrcIpOperate,
					&iTempRetFlag,
					pInputSpecialCode->SrcIpAdd.address.U8Address,
					pInputFilterContext->MinSrcIp.address.U8Address,
					pInputFilterContext->MaxSrcIp.address.U8Address,
					sizeof(IpAddress) ) )
			return 0;
	}

//Dest Ip Address. 
	if(pInputFilterContext->DestIpOperate)
	{
		if(  MatchOneContext(
					pInputFilterContext->DestIpOperate,
					&iTempRetFlag,
					pInputSpecialCode->DestIpAdd.address.U8Address,
					pInputFilterContext->MinDestIp.address.U8Address,
					pInputFilterContext->MaxDestIp.address.U8Address,
					sizeof(IpAddress) ) )
			return 0;
	}

//Ip Protocol.
	if(pInputFilterContext->IpProtoOperate)
	{
		if(  MatchOneContext(
					pInputFilterContext->IpProtoOperate,
					&iTempRetFlag,
					(U8*)( pInputSpecialCode->IpProto ),
					(U8*)( pInputFilterContext->MinIpProtocol ),
					(U8*)( pInputFilterContext->MaxIpProtocol ),
					sizeof(U8) ) )
			return 0;
	}

	if(pInputFilterContext->SpecialProtocolFlag)
	{
		//The filter item has protocol's filter.

		if(pInputFilterContext->SpecialProtocolFlag
				== pInputSpecialCode->IpProto)
		{
			//Enter Protocol's filter area.

			switch(pInputSpecialCode->IpProto)
			{
			case TCP:
				
				//Tcp protocol's Handle.		
				pTempTcpArg=(TcpArg*)GetSpecialArg(pInputSpecialCode);
				
				pTempTcpParam=(TcpParam *)
						GetFilterParamFromFilterContext(pInputFilterContext);
				
				//Src Port.
				if(pTempTcpParam->SrcPortOperate)
				{
					if(  MatchOneContext(
							pTempTcpParam->SrcPortOperate,
							&iTempRetFlag,
							(U8*)( pTempTcpArg->SrcPort ),
							(U8*)( pTempTcpParam->MinSrcPort ),
							(U8*)( pTempTcpParam->MaxSrcPort ),
							sizeof(U16) ) )
						return 0;
				}
				
				//Dest Port.
				if(pTempTcpParam->DestPortOperate)
				{
					if(  MatchOneContext(
							pTempTcpParam->DestPortOperate,
							&iTempRetFlag,
							(U8*)( pTempTcpArg->DestPort ),
							(U8*)( pTempTcpParam->MinDestPort ),
							(U8*)( pTempTcpParam->MaxDestPort ),
							sizeof(U16) ) )
						return 0;
				}
				
				break;
				
			case ICMP:
				
				//Icmp protocol's handle.
				pTempIcmpArg=(IcmpArg*)GetSpecialArg(pInputSpecialCode);
				
				pTempIcmpParam=(IcmpParam*)
						GetFilterParamFromFilterContext(pInputFilterContext);
				
				//type.
				if(pTempIcmpParam->TypeOperate)
				{
					if(  MatchOneContext(
							pTempIcmpParam->TypeOperate,
							&iTempRetFlag,
							(U8*)( pTempIcmpArg->type ),
							(U8*)( pTempIcmpParam->MinType ),
							(U8*)( pTempIcmpParam->MaxType ),
							sizeof(U8) ) )
						return 0;
				}
				
				//code.
				if(pTempIcmpParam->CodeOperate)
				{
					if(  MatchOneContext(
							pTempIcmpParam->CodeOperate,
							&iTempRetFlag,
							(U8*)( pTempIcmpArg->code ),
							(U8*)( pTempIcmpParam->MinCode ),
							(U8*)( pTempIcmpParam->MaxCode ),
							sizeof(U8) ) )
						return 0;
				}
				
				break;
				
			default:
				//No handle.
				
				break;
			}

		}else
		{
			//The protocol is not compatitle.
			return 0;
		}
	}

	return iTempRetFlag;
}


/*External Function*/
//Judge whether the input data included in the item entry.
//If Include,Mark the copy Flag ,return NoZero;
//Else return Zero.
int JudgeEntryInclude(
		SpecialCode		*pInputSpecialCode,
		FilterItem		*pInputItemEntry,
		int				*pOutputCopyFlag
	)
{
	FilterItem *pTempFilterItem;
	
	KeAcquireSpinLock(&FilterItemLock,&FilterItemIrql);
	
	pTempFilterItem=pInputItemEntry->pNext;

	while(pTempFilterItem)
	{
		if( JudgeItemInclude(
					pInputSpecialCode,
					GetFilterContext(pTempFilterItem)
					)	)
		{
			//Mark the copy flag.
			*pOutputCopyFlag=
					GetFilterTypeCopy(pTempFilterItem->FilterType) ?
							1 : 0;

			KeReleaseSpinLock(&FilterItemLock,FilterItemIrql);

			return 1;
		}
		
		pTempFilterItem=pTempFilterItem->pNext;
	}
	
	KeReleaseSpinLock(&FilterItemLock,FilterItemIrql);

	return 0;
}


//The Internal Function.
//	To Get the Special code from a plat buffer.
//If success ,return 0;
//else return NoZero.
int GetSpecialCode(
		U8				*pInputBuf,
		ULONG			uInputBufLen,
		SpecialCode		*pOutputSpecialCode
	)
{
	PIpPacketHeader pTempIpPacketHeader;

	U8* pTempArg;

//	if( uInputBufLen<sizeof(IpPacketHeader) )
//	{
		//Error:The buffer smaller than ip packet header,
//		return 1;
//	}
	//I don't think it will happen,
	//Because it has be handled foreward.
	

/*********************************

You should check the packet's valid.
Such as :checksum().

***********************************/
	

	//Copy Ip header.
	pTempIpPacketHeader=(PIpPacketHeader)pInputBuf;

	pOutputSpecialCode->SrcIpAdd.address.U32Address =
				pTempIpPacketHeader->srcAddress.address.U32Address;
	
	pOutputSpecialCode->DestIpAdd.address.U32Address =
				pTempIpPacketHeader->destAddress.address.U32Address;

	pOutputSpecialCode->IpProto=pTempIpPacketHeader->protocolType;

//Set Special code 's function arg.
	pTempArg=GetSpecialArg(pOutputSpecialCode);

	switch(pTempIpPacketHeader->protocolType)
	{
	case TCP:
		if(uInputBufLen	< sizeof(IpPacketHeader) + sizeof(TcpHeader) )
		{
			//the buffer too small,no data to read.
			return 1;
		}

		((TcpArg *)pTempArg)->SrcPort
				= ( (TcpHeader *)GetIpContextFromIpPacket(pTempIpPacketHeader) )
						->srcPort;

		((TcpArg *)pTempArg)->DestPort
				= ( (TcpHeader *)GetIpContextFromIpPacket(pTempIpPacketHeader) )
						->destPort;
		break;

	case ICMP:
		if(uInputBufLen < sizeof(IpPacketHeader) + sizeof(IcmpHeader) )
		{
			//The buffer too small,no data to read.
			return 1;
		}

		((IcmpArg *)pTempArg)->type
				= ( (IcmpHeader *)GetIpContextFromIpPacket(pTempIpPacketHeader) )
						->type;

		((IcmpArg *)pTempArg)->code
				= ( (IcmpHeader *)GetIpContextFromIpPacket(pTempIpPacketHeader) )
						->code;
		break;

	default:
		//Error: No Handle .

		return 1;
	}

	return 0;
}


/*External*/
//You can call this function to get special code.
//And Check the special code in filter.
//If success ,return 0;
//else return NoZero.
int GetSpecialCodeFromPacket(
			PNDIS_PACKET	pInputPacket,
			SpecialCode		*pOutputSpecialCode
		)
{
	ULONG uTempNumOfBytesRead;
	int iTempRetFlag;
	U8 *pTempBuf;

	pTempBuf=ExAllocatePool(
				NonPagedPool,
				SpecialCodeAndArgBufSize
			);

	if(pTempBuf==NULL)
	{
		//Error : Allocate Buffer fail!
		return 1;
	}

	if( CopyDataFromPacket(
				pInputPacket,
				SpecialCodeAndArgBufSize,
				&pTempBuf,
				&uTempNumOfBytesRead,
				0  )
			)
	{
		//Copy data error.
		ExFreePool(pTempBuf);

		return 1;
	}

	//At first,		Should comfine:
	//			The size is enough for Ethernet Header and Ip Header.
	if( uTempNumOfBytesRead
					> 14 + sizeof(IpPacketHeader) )
	{//Note: 14--Do not use "sizeof(EthernetHeader)"=16.
	
		if( ((PEthernetHeader)pTempBuf)->type == IP )
		{//comfine a Ip packet.

			//Get Special code(Input the Ip buffer
			//			---Not Include the Ethernet Header).
			iTempRetFlag= GetSpecialCode(
				(U8*)GetIpHeaderFromEtherHeader(pTempBuf),
				(uTempNumOfBytesRead-14),
				pOutputSpecialCode	
				);
			
			ExFreePool(pTempBuf);
			
			return iTempRetFlag;
		}
	}

	//It 's not a Ethernet packet
	//	And It 's not a Ip Packet
	//	 should return error.
	ExFreePool(pTempBuf);
		
	return 1;
}

/*External*/
//You can call this function to get special code.
//		(Now Only Get the Ip's Address, protocol And port,
//				So the HeaderBuffer no used.)
//And Check the special code in filter.
//If success ,return 0;
//else return NoZero.
int GetSpecialCodeFromBuffer(
		IN  PVOID				HeaderBuffer,
		IN  UINT				HeaderBufferSize,
		IN  PVOID				LookAheadBuffer,
		IN  UINT				LookAheadBufferSize,
		SpecialCode				*pOutputSpecialCode
	)
{
	U32 uTempEthernetHeaderLength;
	U32 uTempIpPacketHeaderLength;
		
	PIpPacketHeader pTempIpPacketHeader;
	PEthernetHeader pTempEthernetHeader;

	uTempEthernetHeaderLength=HeaderBufferSize;
	pTempEthernetHeader=(PEthernetHeader)HeaderBuffer;
				
	if(uTempEthernetHeaderLength==14)
	{//Note: 14--Do not use "sizeof(EthernetHeader)"=16.
		if( (pTempEthernetHeader->type)==8 )
		{
			//Ethernet packet.
			//	Ip Packet.

			uTempIpPacketHeaderLength=(U32)LookAheadBufferSize;
			pTempIpPacketHeader=(PIpPacketHeader)LookAheadBuffer;

			//Judge the size of packet is big enough.
			if( uTempIpPacketHeaderLength>sizeof(IpPacketHeader) )
			{
				if( ( ((U32)(pTempIpPacketHeader->headerLength)) <<2) > 
						uTempIpPacketHeaderLength)
				{
					//Error:The size of packet Declared in Ip Header
					//			is bigger than the Ip Packet 's Length.
					return 1;
				}

				//Get Special code(Input the Ip buffer
				//			---Not Include the Ethernet Header).
				return GetSpecialCode(
						LookAheadBuffer,
						LookAheadBufferSize,
						pOutputSpecialCode	
					);			
					
			}
		}
	}

	//It 's not a Ethernet packet
	//	And It 's not a Ip Packet
	//	 should return error.
	return 1;
}