vikarti.anatra/safing-portmaster
1
0
Fork 0
mirror of https://github.com/safing/portmaster synced 2025-09-01 18:19:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

[windows_kext] Fix ALE layer TCP conn pend

Browse source
This commit is contained in:
Vladimir Stoilov 2024-06-04 14:47:56 +03:00
parent 401e09b963
commit b72cf2577a
No known key found for this signature in database
GPG key ID: 2F190B67A43A81AF
4 changed files with 14 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
windows_kext/driver/src/ale_callouts.rs
View file

@ -287,21 +287,7 @@ fn save_packet(
ale_data: &AleLayerData,
pend: bool,
) -> Result<Packet, alloc::string::String> {
let mut packet_list = None;
let mut save_packet_list = true;
match ale_data.protocol {
IpProtocol::Tcp => {
if let Direction::Outbound = ale_data.direction {
// Only time a packet data is missing is during connect state of outbound TCP connection.
// Don't save packet list only if connection is outbound, reauthorize is false and the protocol is TCP.
save_packet_list = ale_data.reauthorize;
}
}
_ => {}
};
if save_packet_list {
packet_list = create_packet_list(device, callout_data, ale_data);
}
let packet_list = create_packet_list(device, callout_data, ale_data);
if pend && matches!(ale_data.protocol, IpProtocol::Tcp | IpProtocol::Udp) {
match callout_data.pend_operation(packet_list) {
Ok(classify_defer) => Ok(Packet::AleLayer(classify_defer)),

2
windows_kext/driver/src/id_cache.rs
View file

@ -65,7 +65,7 @@ fn get_payload<'a>(packet: &'a Packet) -> Option<&'a [u8]> {
wdk::filter_engine::callout_data::ClassifyDefer::Reauthorization(_, p) => p,
};
if let Some(tpl) = p {
tpl.net_buffer_list_queue.get_data()
tpl.net_buffer_list.get_data()
} else {
None
}

9
windows_kext/wdk/src/filter_engine/callout_data.rs
View file

@ -32,8 +32,13 @@ impl ClassifyDefer {
unsafe {
match self {
ClassifyDefer::Initial(context, packet_list) => {
FwpsCompleteOperation0(context, core::ptr::null_mut());
return Ok(packet_list);
if let Some(packet) = packet_list {
FwpsCompleteOperation0(context, packet.net_buffer_list.nbl as _);
return Ok(Some(packet));
} else {
FwpsCompleteOperation0(context, core::ptr::null_mut());
}
return Ok(None);
}
ClassifyDefer::Reauthorization(_callout_id, packet_list) => {
// There is no way to reset single filter. If another request for filter reset is trigger at the same time it will fail.

8
windows_kext/wdk/src/filter_engine/packet.rs
View file

@ -24,7 +24,7 @@ use super::{callout_data::CalloutData, net_buffer::NetBufferList};
pub struct TransportPacketList {
ipv6: bool,
pub net_buffer_list_queue: NetBufferList,
pub net_buffer_list: NetBufferList,
remote_ip: [u8; 16],
endpoint_handle: u64,
remote_scope_id: SCOPE_ID,
@ -112,7 +112,7 @@ impl Injector {
TransportPacketList {
ipv6,
net_buffer_list_queue: net_buffer_list,
net_buffer_list,
remote_ip,
endpoint_handle: callout_data.get_transport_endpoint_handle().unwrap_or(0),
remote_scope_id: callout_data
@ -153,7 +153,7 @@ impl Injector {
};
let address_family = if packet_list.ipv6 { AF_INET6 } else { AF_INET };
let net_buffer_list = packet_list.net_buffer_list_queue;
let net_buffer_list = packet_list.net_buffer_list;
// Escape the stack. Packet buffer should be valid until the packet is injected.
let boxed_nbl = Box::new(net_buffer_list);
let raw_nbl = boxed_nbl.nbl;
@ -338,6 +338,8 @@ unsafe extern "C" fn free_packet(
if let Some(nbl) = net_buffer_list.as_ref() {
if let Err(err) = check_ntstatus(nbl.Status) {
crate::err!("inject status: {}", err);
} else {
crate::dbg!("inject status: Ok");
}
}
_ = Box::from_raw(context as *mut NetBufferList);