[windows_kext] Update docs and few minor fixes

2025-04-09 05:29:11 +00:00 · 2024-06-05 15:22:45 +03:00 · 2024-06-05 15:22:45 +03:00 · 916a83a2a0
commit 916a83a2a0
parent 1730250a86
3 changed files with 21 additions and 13 deletions
--- a/windows_kext/PacketFlow.md
+++ b/windows_kext/PacketFlow.md
@ -26,12 +26,11 @@ For outgoing connections this logic fallows:
  - If Packet is not TCP/UDP forward to packet layer

 For incoming connection this logic fallow:
-  - Packet enter in one of the Packet layer, if packet is TCP or UDP it will be forwarded to ALE layer. From there:
+  - Packet enter in one of the Packet layer:
    1. Save packet and absorb.
    2. Send an event to Portmaster. 
-    2. Create a cache entry.
+    2. Create a cache entry if the protocol is TCP or UDP.
    3. Wait for Portmasters decision.
-  - If Packet is not TCP/UDP. It will be handled only by the packet layer. 


 If more packets arrive before Portmaster returns a decision, packet will be absorbed and another event will be sent.
@ -49,7 +48,9 @@ The next steps depend of the direction of the packet and the verdict
  - Always Allow - this connections are solely handled by the packet layer. (This is true only for outgoing connections) 

 * Permanent or Temporary Verdict / Incoming connection
-  - Allow / Block / Drop directly in the ALE layer. They always go through the packet layer first no need to do anything special
+  - Allow / Block / Drop. Handled by the Packet layer
+
+> There is no defined ALE layers for inbound connection. Inbound packets are handed compactly by the packet layer 

 Fallowing specifics apply to the ALE layer:  
 1. Connections with flag `reauthorize == false` are special. When the flag is `false` that means that a applications is calling a function `connect()` or `accept()` for a connection. This is a special case because we control the result of the function, telling the application that it's allowed or not allowed to continue with the connection. Since we are making request to Portmaster we need to take longer time. This is done with pending the packet. This allows the kernel extension to pause the event and continue when it has the verdict. See `ale_callouts.rs -> save_packet()` function.
--- a/windows_kext/driver/src/ale_callouts.rs
+++ b/windows_kext/driver/src/ale_callouts.rs
@ -226,7 +226,7 @@ fn ale_layer_auth(mut data: CalloutData, ale_data: AleLayerData) {
        };

        // Connection is not in cache, add it.
-        crate::dbg!("adding connection: {} PID: {}", key, ale_data.process_id);
+        crate::dbg!("ale layer adding connection: {} PID: {}", key, ale_data.process_id);
        if ale_data.is_ipv6 {
            let conn =
                ConnectionV6::from_key(&key, ale_data.process_id, ale_data.direction).unwrap();
@ -250,15 +250,12 @@ fn save_packet(
 ) -> Result<Packet, alloc::string::String> {
    let mut packet_list = None;
    let mut save_packet_list = true;
-    match ale_data.protocol {
-        IpProtocol::Tcp => {
-            if let Direction::Outbound = ale_data.direction {
-                // Only time a packet data is missing is during connect state of outbound TCP connection.
-                // Don't save packet list only if connection is outbound, reauthorize is false and the protocol is TCP.
-                save_packet_list = ale_data.reauthorize;
-            }
+    if ale_data.protocol == IpProtocol::Tcp {
+        if let Direction::Outbound = ale_data.direction {
+            // Only time a packet data is missing is during connect state of outbound TCP connection.
+            // Don't save packet list only if connection is outbound, reauthorize is false and the protocol is TCP.
+            save_packet_list = ale_data.reauthorize;
        }
-        _ => {}
    };
    if save_packet_list {
        packet_list = create_packet_list(device, callout_data, ale_data);
--- a/windows_kext/driver/src/packet_callouts.rs
+++ b/windows_kext/driver/src/packet_callouts.rs
@ -201,6 +201,16 @@ fn ip_packet_layer(
                        continue;
                    }
                }
+            } else {
+                // Connections is not in the cache.
+                crate::dbg!("packet layer adding connection: {} PID: 0", key);
+                if ipv6 {
+                    let conn = ConnectionV6::from_key(&key, 0, direction).unwrap();
+                    device.connection_cache.add_connection_v6(conn);
+                } else {
+                    let conn = ConnectionV4::from_key(&key, 0, direction).unwrap();
+                    device.connection_cache.add_connection_v4(conn);
+                }
            }
        }