network.c

臭氧层主动防御系统驱动源代码!臭氧层主动防御系统驱动源代码!

				}
			}

			break;
		}

		case IRP_MJ_CLEANUP:
			LOG(LOG_SS_NETWORK, LOG_PRIORITY_VERBOSE, ("IRP_MJ_CLEANUP\n"));
			break;

		case IRP_MJ_CLOSE:
			LOG(LOG_SS_NETWORK, LOG_PRIORITY_VERBOSE, ("IRP_MJ_CLOSE\n"));
			break;

		default:
			LOG(LOG_SS_NETWORK, LOG_PRIORITY_VERBOSE, ("TDIDispatch: default switch case triggered\n"));
			break;
	}


	if (*status == STATUS_ACCESS_DENIED)
	{
		pIrp->IoStatus.Status = STATUS_ACCESS_DENIED;
		IoCompleteRequest (pIrp, IO_NO_INCREMENT);

		HOOK_TDI_EXIT(TRUE);
	}


	if (Callback.Routine)
	{
		LOG(LOG_SS_NETWORK, LOG_PRIORITY_DEBUG, ("TDI Callback.Routine\n"));

		//XXX IoCopyCurrentIrpStackLocationToNext()
		IoSetCompletionRoutine(pIrp, Callback.Routine, Callback.Context, TRUE, TRUE, TRUE);
	}
	else
	{
		// Set up a completion routine to handle the bubbling of the "pending" mark of an IRP
//		IoSetCompletionRoutine(pIrp, GenericCompletion, NULL, TRUE, TRUE, TRUE);

		IoSkipCurrentIrpStackLocation(pIrp);
	}


	if (DeviceType == NET_DEVICE_TYPE_TCP)
	{
		*status = IoCallDriver(pTcpDeviceOriginal, pIrp);
	}
	else if (DeviceType == NET_DEVICE_TYPE_UDP)
	{
		*status = IoCallDriver(pUdpDeviceOriginal, pIrp);
	}
	else if (DeviceType == NET_DEVICE_TYPE_IP)
	{
		*status = IoCallDriver(pIpDeviceOriginal, pIrp);
	}
	else
	{
		LOG(LOG_SS_NETWORK, LOG_PRIORITY_DEBUG, ("TDIDispatch: Unknown device type\n"));
	}


	HOOK_TDI_EXIT(TRUE);
}



NTSTATUS
TDICreateAddressCompletion(IN PDEVICE_OBJECT DeviceObject, IN PIRP pIrp, IN PVOID Context)
{
	return STATUS_SUCCESS;
}



NTSTATUS
TDICreate(IN PDEVICE_OBJECT pDeviceObject, IN PIRP pIrp, IN PIO_STACK_LOCATION pIrpStack, OUT PTDI_CALLBACK pCompletion)
{
	FILE_FULL_EA_INFORMATION	*ea = (FILE_FULL_EA_INFORMATION *) pIrp->AssociatedIrp.SystemBuffer;


	HOOK_ROUTINE_ENTER();


	LOG(LOG_SS_NETWORK, LOG_PRIORITY_VERBOSE, ("TDICreate(%x %x %x)\n", pIrp, pIrpStack, ea));


	/*
	 * From DDK (TdiDispatchCreate):
	 *
	 * Irp->AssociatedIrp.SystemBuffer
	 *
	 * Pointer to a FILE_FULL_EA_INFORMATION-structured buffer if the file object represents an address or a
	 * connection endpoint to be opened. 
	 * For an address, the EaName member is set to the system-defined constant TdiTransportAddress and the EA value
	 * following the EaName array is of type TRANSPORT_ADDRESS, set up by the client to specify the address to be
	 * opened. For some transports, this value can be a symbolic netBIOS or DNS name to be translated by the transport. 
	 *
	 * For a connection endpoint, the EaName member is set to the system-defined constant TdiConnectionContext and
	 * the EA value following the EaName array is a client-supplied handle, opaque to the transport driver. The
	 * transport must save this handle and subsequently pass it back to the client's registered event handlers for
	 * this connection. 
	 *
	 * If the given file object represents a control channel, this member is NULL. 
	 */

	if (ea == NULL)
	{
		LOG(LOG_SS_NETWORK, LOG_PRIORITY_VERBOSE, ("TDICreate: Control channel\n"));
		HOOK_ROUTINE_EXIT(STATUS_SUCCESS);
	}


	if (! MmIsAddressValid(ea) || ea->EaName == NULL || ! MmIsAddressValid(ea->EaName))
	{
		LOG(LOG_SS_NETWORK, LOG_PRIORITY_DEBUG, ("TDICreate: MmIsAddressValid() failed\n"));
		HOOK_ROUTINE_EXIT(STATUS_SUCCESS);
	}


	if (ea->EaNameLength == TDI_CONNECTION_CONTEXT_LENGTH &&
				memcmp(ea->EaName, TdiConnectionContext, TDI_CONNECTION_CONTEXT_LENGTH) == 0)
	{	
		CONNECTION_CONTEXT conn_ctx = *(CONNECTION_CONTEXT *) (ea->EaName + ea->EaNameLength + 1);

		if (conn_ctx)
			LOG(LOG_SS_NETWORK, LOG_PRIORITY_VERBOSE, ("TDI Connection object 0x%x %x\n", conn_ctx, * (PULONG) conn_ctx));

		HOOK_ROUTINE_EXIT(STATUS_SUCCESS);
	}


	// NOTE: for RawIp you can extract protocol number from irps->FileObject->FileName

	if (ea->EaNameLength == TDI_TRANSPORT_ADDRESS_LENGTH &&
		memcmp(ea->EaName, TdiTransportAddress, TDI_TRANSPORT_ADDRESS_LENGTH) == 0)
	{
		PTRANSPORT_ADDRESS	pTransportAddress;
		PTA_ADDRESS			pAddress;
		PIRP				QueryIrp;
		int					i;


		pTransportAddress = (PTRANSPORT_ADDRESS) (ea->EaName + ea->EaNameLength + 1);
		pAddress = pTransportAddress->Address;

		LOG(LOG_SS_NETWORK, LOG_PRIORITY_VERBOSE, ("TDICreate: TDI Address object. Num %d\n", pTransportAddress->TAAddressCount));


		for (i = 0; i < pTransportAddress->TAAddressCount; i++)
		{
			LOG(LOG_SS_NETWORK, LOG_PRIORITY_VERBOSE, ("TDICreate: TDI Address %d: %x %x\n", i, pAddress->AddressLength, pAddress->AddressType));


			if (pAddress->AddressType == TDI_ADDRESS_TYPE_IP)
			{
				PTDI_ADDRESS_IP		ip = (PTDI_ADDRESS_IP) &pAddress->Address;
				CHAR				NETWORKNAME[MAX_PATH];
				PCHAR				FunctionName = "TDICreate";


				if (ip->sin_port != 0)
				{
					LOG(LOG_SS_NETWORK, LOG_PRIORITY_DEBUG, ("%d TDICreate: Bind IP %x:%u (%s)\n", (ULONG) PsGetCurrentProcessId(), ntohl(ip->in_addr), ntohs(ip->sin_port), inet_ntoa2(ip->in_addr)));

					itoa( ntohs(ip->sin_port), NETWORKNAME, 10 );
					//inet_ntoa(ip->in_addr, NETWORKNAME);

					if (LearningMode == FALSE)
					{
						POLICY_CHECK_OPTYPE_NAME(NETWORK, OP_BIND);
					}
					else
					{
						// learning mode
						AddRule(RULE_NETWORK, NETWORKNAME, OP_BIND);
					}
				}
				else
				{
					LOG(LOG_SS_NETWORK, LOG_PRIORITY_VERBOSE, ("%d TDICreate: IP & port are both zero\n", (ULONG) PsGetCurrentProcessId()));
				}
			}
			else
			{
				//XXX fail if only IP network addresses are allowed.
			}

			pAddress += 1;
		}

		//XXX reread WDM ch 5.3 "COmpleting I/O requests"
/*
		QueryIrp = TdiBuildInternalDeviceControlIrp(TDI_QUERY_INFORMATION, pDeviceObject,
													pIrpStack->FileObject, NULL, NULL);
		if (QueryIrp == NULL)
		{
			LOG(LOG_SS_NETWORK, LOG_PRIORITY_DEBUG, ("TDICreate: QueryIrp is NULL\n"));
			return FALSE;
		}

		pCompletion->Routine = TDICreateAddressCompletion;
		pCompletion->Context = QueryIrp;
*/
	}


	HOOK_ROUTINE_EXIT(STATUS_SUCCESS);
}



/*
 * InstallNetworkHooks()
 *
 * Description:
 *		.
 *
 *		NOTE: Called once during driver initialization (DriverEntry()).
 *			  There is no need to cleanup in case a failure since RemoveNetworkHooks() will be called later.
 *
 * Parameters:
 *		pDriverObject - pointer to a driver object that represents this driver.
 *
 * Returns:
 *		STATUS_SUCCESS to indicate success or an NTSTATUS error code if failed.
 */

NTSTATUS
InstallNetworkHooks(PDRIVER_OBJECT pDriverObject)
{
	UNICODE_STRING	Name;
	NTSTATUS		status;


	status = IoCreateDevice(pDriverObject, 0, NULL, FILE_DEVICE_UNKNOWN, 0, TRUE, &pTcpDevice);
	if (! NT_SUCCESS(status))
	{
		LOG(LOG_SS_NETWORK, LOG_PRIORITY_DEBUG, ("InstallNetworkHooks: IoCreateDevice(tcp) failed\n"));
		return status;
	}


	status = IoCreateDevice(pDriverObject, 0, NULL, FILE_DEVICE_UNKNOWN, 0, TRUE, &pUdpDevice);
	if (! NT_SUCCESS(status))
	{
		LOG(LOG_SS_NETWORK, LOG_PRIORITY_DEBUG, ("InstallNetworkHooks: IoCreateDevice(udp) failed\n"));
		return status;
	}


	status = IoCreateDevice(pDriverObject, 0, NULL, FILE_DEVICE_UNKNOWN, 0, TRUE, &pIpDevice);
	if (! NT_SUCCESS(status))
	{
		LOG(LOG_SS_NETWORK, LOG_PRIORITY_DEBUG, ("InstallNetworkHooks: IoCreateDevice(udp) failed\n"));
		return status;
	}


	RtlInitUnicodeString(&Name, L"\\Device\\Tcp");

	status = IoAttachDevice(pTcpDevice, &Name, &pTcpDeviceOriginal);
	if (! NT_SUCCESS(status))
	{
		LOG(LOG_SS_NETWORK, LOG_PRIORITY_DEBUG, ("InstallNetworkHooks: IoAttachDevice(\\Device\\Tcp) failed\n"));
		return status;
	}


	RtlInitUnicodeString(&Name, L"\\Device\\Udp");

	status = IoAttachDevice(pUdpDevice, &Name, &pUdpDeviceOriginal);
	if (! NT_SUCCESS(status))
	{
		LOG(LOG_SS_NETWORK, LOG_PRIORITY_DEBUG, ("InstallNetworkHooks: IoAttachDevice(\\Device\\Udp) failed\n"));
		return status;
	}


	RtlInitUnicodeString(&Name, L"\\Device\\Ip");

	status = IoAttachDevice(pIpDevice, &Name, &pIpDeviceOriginal);
	if (! NT_SUCCESS(status))
	{
		LOG(LOG_SS_NETWORK, LOG_PRIORITY_DEBUG, ("InstallNetworkHooks: IoAttachDevice(\\Device\\Ip) failed\n"));
		return status;
	}


	pTcpDevice->StackSize = pTcpDeviceOriginal->StackSize + 1;
	// XXX Flags &= ~DO_DEVICE_INITIALIZING;
	pTcpDevice->Flags |= pTcpDeviceOriginal->Flags & (DO_BUFFERED_IO | DO_DIRECT_IO | DO_POWER_PAGABLE | DO_POWER_INRUSH) & ~DO_DEVICE_INITIALIZING;
	pTcpDevice->DeviceType = pTcpDeviceOriginal->DeviceType;
	pTcpDevice->Characteristics = pTcpDeviceOriginal->Characteristics;


	pUdpDevice->StackSize = pUdpDeviceOriginal->StackSize + 1;
	pUdpDevice->Flags |= pUdpDeviceOriginal->Flags & (DO_BUFFERED_IO | DO_DIRECT_IO | DO_POWER_PAGABLE | DO_POWER_INRUSH) & ~DO_DEVICE_INITIALIZING;
	pUdpDevice->DeviceType = pUdpDeviceOriginal->DeviceType;
	pUdpDevice->Characteristics = pUdpDeviceOriginal->Characteristics;


	pIpDevice->StackSize = pIpDeviceOriginal->StackSize + 1;
	pIpDevice->Flags |= pIpDeviceOriginal->Flags & (DO_BUFFERED_IO | DO_DIRECT_IO | DO_POWER_PAGABLE | DO_POWER_INRUSH) & ~DO_DEVICE_INITIALIZING;
	pIpDevice->DeviceType = pIpDeviceOriginal->DeviceType;
	pIpDevice->Characteristics = pIpDeviceOriginal->Characteristics;


	return STATUS_SUCCESS;
}



/*
 * RemoveNetworkHooks()
 *
 * Description:
 *		Detach from all network devices.
 *
 * Parameters:
 *		pDriverObject - pointer to a driver object that represents this driver.
 *
 * Returns:
 *		Nothing.
 */

void
RemoveNetworkHooks(PDRIVER_OBJECT pDriverObject)
{
//	int	i;

	//XXX is this necessary? we detach so we should not receive any network IRPs
//	if (pDriverObject && pTcpDevice && pTcpDeviceOriginal)
//		for (i = 0; i < IRP_MJ_MAXIMUM_FUNCTION; i++)
//			pDriverObject->MajorFunction[i] = pTcpDeviceOriginal->DriverObject->MajorFunction[i];


	if (pTcpDeviceOriginal != NULL)
		IoDetachDevice(pTcpDeviceOriginal);

	if (pUdpDeviceOriginal != NULL)
		IoDetachDevice(pUdpDeviceOriginal);

	if (pIpDeviceOriginal != NULL)
		IoDetachDevice(pIpDeviceOriginal);


	if (pTcpDevice != NULL)
		IoDeleteDevice(pTcpDevice);

	if (pUdpDevice != NULL)
		IoDeleteDevice(pUdpDevice);

	if (pIpDevice != NULL)
		IoDeleteDevice(pIpDevice);
}