From 176494550e6cf558c38b36568a3931ee443cfb3d Mon Sep 17 00:00:00 2001 From: Vladimir Stoilov Date: Thu, 27 Jun 2024 16:39:31 +0300 Subject: [PATCH 1/9] [service] Fix kext verdict of update command --- .../interception/windowskext2/kext.go | 47 ++++++++++++++++++- 1 file changed, 45 insertions(+), 2 deletions(-) diff --git a/service/firewall/interception/windowskext2/kext.go b/service/firewall/interception/windowskext2/kext.go index fd6adb721..07e7c1069 100644 --- a/service/firewall/interception/windowskext2/kext.go +++ b/service/firewall/interception/windowskext2/kext.go @@ -130,7 +130,7 @@ func UpdateVerdict(conn *network.Connection) error { LocalPort: conn.LocalPort, RemoteAddress: [4]byte(conn.Entity.IP), RemotePort: conn.Entity.Port, - Verdict: uint8(conn.Verdict), + Verdict: uint8(getKextVerdictFromConnection(conn)), } return kextinterface.SendUpdateV4Command(kextFile, update) @@ -141,7 +141,7 @@ func UpdateVerdict(conn *network.Connection) error { LocalPort: conn.LocalPort, RemoteAddress: [16]byte(conn.Entity.IP), RemotePort: conn.Entity.Port, - Verdict: uint8(conn.Verdict), + Verdict: uint8(getKextVerdictFromConnection(conn)), } return kextinterface.SendUpdateV6Command(kextFile, update) @@ -149,6 +149,49 @@ func UpdateVerdict(conn *network.Connection) error { return nil } +func getKextVerdictFromConnection(conn *network.Connection) kextinterface.KextVerdict { + if conn.VerdictPermanent { + switch conn.Verdict { + case network.VerdictUndecided: + return kextinterface.VerdictUndecided + case network.VerdictUndeterminable: + return kextinterface.VerdictUndeterminable + case network.VerdictAccept: + return kextinterface.VerdictPermanentAccept + case network.VerdictBlock: + return kextinterface.VerdictPermanentBlock + case network.VerdictDrop: + return kextinterface.VerdictPermanentDrop + case network.VerdictRerouteToNameserver: + return kextinterface.VerdictRerouteToNameserver + case network.VerdictRerouteToTunnel: + return kextinterface.VerdictRerouteToTunnel + case network.VerdictFailed: + return kextinterface.VerdictFailed + } + } else { + switch conn.Verdict { + case network.VerdictUndecided: + return kextinterface.VerdictUndecided + case network.VerdictUndeterminable: + return kextinterface.VerdictUndeterminable + case network.VerdictAccept: + return kextinterface.VerdictAccept + case network.VerdictBlock: + return kextinterface.VerdictBlock + case network.VerdictDrop: + return kextinterface.VerdictDrop + case network.VerdictRerouteToNameserver: + return kextinterface.VerdictRerouteToNameserver + case network.VerdictRerouteToTunnel: + return kextinterface.VerdictRerouteToTunnel + case network.VerdictFailed: + return kextinterface.VerdictFailed + } + } + return kextinterface.VerdictUndeterminable +} + // Returns the kext version. func GetVersion() (*VersionInfo, error) { data, err := kextinterface.ReadVersion(kextFile) From 4bf1736a83d8e73eb917fdc7302c04622e80c361 Mon Sep 17 00:00:00 2001 From: Vladimir Stoilov Date: Fri, 28 Jun 2024 13:20:18 +0300 Subject: [PATCH 2/9] [service] Add check for kext command size --- .../interception/windowskext2/handler.go | 9 + windows_kext/kextinterface/info.go | 206 +++++++++++++----- windows_kext/kextinterface/protocol_test.go | 9 + .../kextinterface/testdata/rust_info_test.bin | Bin 57546 -> 58213 bytes windows_kext/protocol/src/info.rs | 17 ++ .../protocol/testdata/go_command_test.bin | Bin 43436 -> 42792 bytes 6 files changed, 186 insertions(+), 55 deletions(-) diff --git a/service/firewall/interception/windowskext2/handler.go b/service/firewall/interception/windowskext2/handler.go index bb6348dd2..166ebbc26 100644 --- a/service/firewall/interception/windowskext2/handler.go +++ b/service/firewall/interception/windowskext2/handler.go @@ -5,11 +5,13 @@ package windowskext import ( "context" + "errors" "fmt" "net" "time" "github.com/safing/portmaster/service/process" + "github.com/safing/portmaster/windows_kext/kextinterface" "github.com/tevino/abool" @@ -32,8 +34,15 @@ func (v *VersionInfo) String() string { func Handler(ctx context.Context, packets chan packet.Packet, bandwidthUpdate chan *packet.BandwidthUpdate) { for { packetInfo, err := RecvVerdictRequest() + + if errors.Is(err, kextinterface.ErrUnexpectedInfoSize) || errors.Is(err, kextinterface.ErrUnexpectedReadError) { + log.Criticalf("unexpected kext info data: %s", err) + continue // Depending on the info type this may not affect the functionality. Try to continue reading the next commands. + } + if err != nil { log.Warningf("failed to get packet from windows kext: %s", err) + // Probably IO error, nothing else we can do. return } diff --git a/windows_kext/kextinterface/info.go b/windows_kext/kextinterface/info.go index 763c3e8e7..a2f5cd91b 100644 --- a/windows_kext/kextinterface/info.go +++ b/windows_kext/kextinterface/info.go @@ -3,6 +3,7 @@ package kextinterface import ( "encoding/binary" "errors" + "fmt" "io" ) @@ -18,6 +19,7 @@ const ( var ( ErrUnknownInfoType = errors.New("unknown info type") + ErrUnexpectedInfoSize = errors.New("unexpected info size") ErrUnexpectedReadError = errors.New("unexpected read error") ) @@ -135,117 +137,215 @@ type Info struct { BandwidthStats *BandwidthStatsArray } -func RecvInfo(reader io.Reader) (*Info, error) { - var infoType byte - err := binary.Read(reader, binary.LittleEndian, &infoType) +type readHelper struct { + infoType byte + commandSize uint32 + + readSize int + + reader io.Reader +} + +func newReadHelper(reader io.Reader) (*readHelper, error) { + helper := &readHelper{reader: reader} + + err := binary.Read(reader, binary.LittleEndian, &helper.infoType) + if err != nil { + return nil, err + } + + err = binary.Read(reader, binary.LittleEndian, &helper.commandSize) if err != nil { return nil, err } - // Read size of data - var size uint32 - err = binary.Read(reader, binary.LittleEndian, &size) + return helper, nil +} + +func (r *readHelper) ReadData(data any) error { + err := binary.Read(r, binary.LittleEndian, data) + if err != nil { + return errors.Join(ErrUnexpectedReadError, err) + } + + if err := r.checkOverRead(); err != nil { + return err + } + + return nil +} + +// Passing size = 0 will read the rest of the command. +func (r *readHelper) ReadBytes(size uint32) ([]byte, error) { + if uint32(r.readSize) >= r.commandSize { + return nil, errors.Join(fmt.Errorf("cannot read more bytes than the command size: %d >= %d", r.readSize, r.commandSize), ErrUnexpectedReadError) + } + + if size == 0 { + size = r.commandSize - uint32(r.readSize) + } + + if r.commandSize < uint32(r.readSize)+size { + return nil, ErrUnexpectedInfoSize + } + + bytes := make([]byte, size) + err := binary.Read(r, binary.LittleEndian, bytes) + if err != nil { + return nil, errors.Join(ErrUnexpectedReadError, err) + } + + return bytes, nil +} + +func (r *readHelper) ReadUntilTheEnd() { + _, _ = r.ReadBytes(0) +} + +func (r *readHelper) checkOverRead() error { + if uint32(r.readSize) > r.commandSize { + return ErrUnexpectedInfoSize + } + + return nil +} + +func (r *readHelper) Read(p []byte) (n int, err error) { + n, err = r.reader.Read(p) + r.readSize += n + return +} + +func RecvInfo(reader io.Reader) (*Info, error) { + helper, err := newReadHelper(reader) if err != nil { return nil, err } + // Make sure the whole command is read before return. + defer helper.ReadUntilTheEnd() + // Read data - switch infoType { + switch helper.infoType { case InfoConnectionIpv4: { + parseError := fmt.Errorf("failed to parse InfoConnectionIpv4") + newInfo := ConnectionV4{} var fixedSizeValues connectionV4Internal - err = binary.Read(reader, binary.LittleEndian, &fixedSizeValues) + // Read fixed size values. + err = helper.ReadData(&fixedSizeValues) if err != nil { - return nil, errors.Join(ErrUnexpectedReadError, err) + return nil, errors.Join(parseError, err, fmt.Errorf("fixed")) } - // Read size of payload - var size uint32 - err = binary.Read(reader, binary.LittleEndian, &size) + newInfo.connectionV4Internal = fixedSizeValues + // Read size of payload. + var payloadSize uint32 + err = helper.ReadData(&payloadSize) if err != nil { - return nil, errors.Join(ErrUnexpectedReadError, err) + return nil, errors.Join(parseError, err, fmt.Errorf("payloadsize")) } - newInfo := ConnectionV4{connectionV4Internal: fixedSizeValues, Payload: make([]byte, size)} - err = binary.Read(reader, binary.LittleEndian, &newInfo.Payload) - if err != nil { - return nil, errors.Join(ErrUnexpectedReadError, err) + + // Check if there is payload. + if payloadSize > 0 { + // Read payload. + newInfo.Payload, err = helper.ReadBytes(payloadSize) + if err != nil { + return nil, errors.Join(parseError, err, fmt.Errorf("payload")) + } } return &Info{ConnectionV4: &newInfo}, nil } case InfoConnectionIpv6: { - var fixedSizeValues connectionV6Internal - err = binary.Read(reader, binary.LittleEndian, &fixedSizeValues) + parseError := fmt.Errorf("failed to parse InfoConnectionIpv6") + newInfo := ConnectionV6{} + + // Read fixed size values. + err = helper.ReadData(&newInfo.connectionV6Internal) if err != nil { - return nil, errors.Join(ErrUnexpectedReadError, err) + return nil, errors.Join(parseError, err) } - // Read size of payload - var size uint32 - err = binary.Read(reader, binary.LittleEndian, &size) + + // Read size of payload. + var payloadSize uint32 + err = helper.ReadData(&payloadSize) if err != nil { - return nil, errors.Join(ErrUnexpectedReadError, err) + return nil, errors.Join(parseError, err) } - newInfo := ConnectionV6{connectionV6Internal: fixedSizeValues, Payload: make([]byte, size)} - err = binary.Read(reader, binary.LittleEndian, &newInfo.Payload) - if err != nil { - return nil, errors.Join(ErrUnexpectedReadError, err) + + // Check if there is payload. + if payloadSize > 0 { + // Read payload. + newInfo.Payload, err = helper.ReadBytes(payloadSize) + if err != nil { + return nil, errors.Join(parseError, err) + } } + return &Info{ConnectionV6: &newInfo}, nil } case InfoConnectionEndEventV4: { + parseError := fmt.Errorf("failed to parse InfoConnectionEndEventV4") var connectionEnd ConnectionEndV4 - err = binary.Read(reader, binary.LittleEndian, &connectionEnd) + + // Read fixed size values. + err = helper.ReadData(&connectionEnd) if err != nil { - return nil, errors.Join(ErrUnexpectedReadError, err) + return nil, errors.Join(parseError, err) } return &Info{ConnectionEndV4: &connectionEnd}, nil } case InfoConnectionEndEventV6: { + parseError := fmt.Errorf("failed to parse InfoConnectionEndEventV6") var connectionEnd ConnectionEndV6 - err = binary.Read(reader, binary.LittleEndian, &connectionEnd) + + // Read fixed size values. + err = helper.ReadData(&connectionEnd) if err != nil { - return nil, errors.Join(ErrUnexpectedReadError, err) + return nil, errors.Join(parseError, err) } return &Info{ConnectionEndV6: &connectionEnd}, nil } case InfoLogLine: { + parseError := fmt.Errorf("failed to parse InfoLogLine") logLine := LogLine{} // Read severity - err = binary.Read(reader, binary.LittleEndian, &logLine.Severity) + err = helper.ReadData(&logLine.Severity) if err != nil { - return nil, errors.Join(ErrUnexpectedReadError, err) + return nil, errors.Join(parseError, err) } // Read string - line := make([]byte, size-1) // -1 for the severity enum. - err = binary.Read(reader, binary.LittleEndian, &line) + bytes, err := helper.ReadBytes(0) if err != nil { - return nil, errors.Join(ErrUnexpectedReadError, err) + return nil, errors.Join(parseError, err) } - logLine.Line = string(line) + logLine.Line = string(bytes) return &Info{LogLine: &logLine}, nil } case InfoBandwidthStatsV4: { + parseError := fmt.Errorf("failed to parse InfoBandwidthStatsV4") // Read Protocol var protocol uint8 - err = binary.Read(reader, binary.LittleEndian, &protocol) + err = helper.ReadData(&protocol) if err != nil { - return nil, errors.Join(ErrUnexpectedReadError, err) + return nil, errors.Join(parseError, err) } // Read size of array var size uint32 - err = binary.Read(reader, binary.LittleEndian, &size) + err = helper.ReadData(&size) if err != nil { - return nil, errors.Join(ErrUnexpectedReadError, err) + return nil, errors.Join(parseError, err) } // Read array statsArray := make([]BandwidthValueV4, size) for i := range int(size) { - err = binary.Read(reader, binary.LittleEndian, &statsArray[i]) + err = helper.ReadData(&statsArray[i]) if err != nil { - return nil, errors.Join(ErrUnexpectedReadError, err) + return nil, errors.Join(parseError, err) } } @@ -253,24 +353,25 @@ func RecvInfo(reader io.Reader) (*Info, error) { } case InfoBandwidthStatsV6: { + parseError := fmt.Errorf("failed to parse InfoBandwidthStatsV6") // Read Protocol var protocol uint8 - err = binary.Read(reader, binary.LittleEndian, &protocol) + err = helper.ReadData(&protocol) if err != nil { - return nil, errors.Join(ErrUnexpectedReadError, err) + return nil, errors.Join(parseError, err) } // Read size of array var size uint32 - err = binary.Read(reader, binary.LittleEndian, &size) + err = helper.ReadData(&size) if err != nil { - return nil, errors.Join(ErrUnexpectedReadError, err) + return nil, errors.Join(parseError, err) } // Read array statsArray := make([]BandwidthValueV6, size) for i := range int(size) { - err = binary.Read(reader, binary.LittleEndian, &statsArray[i]) + err = helper.ReadData(&statsArray[i]) if err != nil { - return nil, errors.Join(ErrUnexpectedReadError, err) + return nil, errors.Join(parseError, err) } } @@ -278,10 +379,5 @@ func RecvInfo(reader io.Reader) (*Info, error) { } } - // Command not recognized, read until the end of command and return. - // During normal operation this should not happen. - unknownData := make([]byte, size) - _, _ = reader.Read(unknownData) - return nil, ErrUnknownInfoType } diff --git a/windows_kext/kextinterface/protocol_test.go b/windows_kext/kextinterface/protocol_test.go index cf0474426..c09cf2861 100644 --- a/windows_kext/kextinterface/protocol_test.go +++ b/windows_kext/kextinterface/protocol_test.go @@ -18,8 +18,17 @@ func TestRustInfoFile(t *testing.T) { defer func() { _ = file.Close() }() + first := true for { info, err := RecvInfo(file) + // First info should be with invalid size. + if first { + if !errors.Is(err, ErrUnexpectedInfoSize) { + t.Errorf("unexpected error: %s\n", err) + } + first = false + continue + } if err != nil { if errors.Is(err, ErrUnexpectedReadError) { t.Errorf("unexpected error: %s\n", err) diff --git a/windows_kext/kextinterface/testdata/rust_info_test.bin b/windows_kext/kextinterface/testdata/rust_info_test.bin index 3f9049a9d776e2eedec281a37386a26f05a396e1..3b8588c7f89039b308ff0da53345ebd70d20134a 100644 GIT binary patch literal 58213 zcmeHJ+l~|k5bfES0mLgWKJx?m0VY2BDQHYI80EpwcgEdFfMX@+GN-#)h-9T_tLogU zdJaD=%W}B)$`TeDmtBH!pvC{mbFI>(k5M>z{Wuxe@`~kKbN?^S_GY70&fHPs@41 zBl=yE(T&numeTQ=Fg@w-E)uCJ8nE?#H6nuqXhEU?i4}a0%`SuMKopwf-?Yat5&Mgu3db`S_P!azxAB-h z{6Y?>`VwIscv5}j{fUEdt1gy*%W(?u(?JD3HhjgZN(;mLG0k0UKUjibLdg(GpF&Q~ zT&I4hd>sW}`RjmBmjCpT2!7K=;@#}4o?Fper@jjPi8;0SlnI9^2iL!=__ztAa3dce z?+9NZ(B+5p*8*G8$FZfn3s(CX#zy#k`4A4T=$uQ#5UfN$k{AaKoHw9Ru|}|jz2c?F zMO1)0go9@?G|Q13h6wz5l70^Hn)c5{f8yX>E+AX%G!P#?;=_rfl~ZH@>+c0mcYq_@ zf}z_^6dV}v;_?;4_*)0Ff6M&5V@-tM=F+)G8GR!J$+34nls#LS!@k8%!*Pq{XPDtf ztH0a)8zg7EuNRO0ruN~B(>GNJ`<7fCJlchpeUSZ$gGc;Q=E5f=zpouW6FCtEZv=gK zJNb$ncmJJ|!!r2L51rtAP6=T+A0oU~ejqB~b6WSKm9pwq1`d0;XW93R-QUU_dp^GX z6|3AJVTkWzU(4Yf2nq-#zG(PT_NDAk5=wmUhXX3$;dL73^UVar(fK^$ zRab8hd*mmaH-)dj-!=B2Z!Um+w!`k`Xklyj8xen@ge$wLZ1ln8(%8q&Cq2h@Sa7_S z_-S7>i~~O%NDdzfONhq{jXEU*`CP(so&39s{mCKBb>eTrU}k?idH8*dIkWs=@_Oaa z^RxL1ym-Qu^QF!S=VR%Iez+1bkA@k(WJB{*Ec>qXCk`^^79`gRXEWDdxI}!~R)y1*n#PH*gBfR%u4KeLg^Nr*EnoSXQBAOJ)o3`4#3Xh79t}e7(1laGty1 zuP+x5Gk3i{-R|YE-2b^d9`25(%YWz7a$a~-`cevM6-tKVlFOmLMfm9OHV$+J@%Z_| zkbd%V#tU?LO>=Ploc7J)^}@U4a~I6cS%*pG`U~XtkcB=*Y?L4`AN;M5&84!>Xn2A4 z!SE4?rLRwRP=5GmQ#g6QguBpZj6;Q=@)B%?508A6uN3~!+5z=dB~_-Q`}4X!t}JxhQ; zCD_PZ82gd9H6vbQz9O3ntO$OZojlx?iYS=lRx-J@!?G1!wt^$O3%Q#*Y!wbX^E3w& IPwkug4@6CXZ2$lO literal 57546 zcmeHN$!=X$5PY8E5QfAX*7*VW03?=tNl=@iCYW+kR5<<`(3|!}!mC z`LNo3i;K%ofqh!_IQZfE#qHJqp9r|let59?ZCTKSOfoMfAU@pOBL3^|H^2V=?@zDa zz4_p$N9);9shAq;d<{qYo6Ki~Q4-dyiv^gwjp$K|t#>_rbeUykzroFso+4@+A6 zj=|uCJPB8D@0DFrS;aYmHg%R@h<>d70L>-$d-i$4QS~Pw4#X|Vg-y}qLWk#CA}xgc zz9oIR{R)H-@~F=h_MAUIuA9q>kP3gOzC81H2qwOd9OJ;JIa}l^k(3JFo9pPib>5TA z?8E6>aMN)F6Z9DnKoZi{39s)~LPM5R(r6xF0h&)0wgs6h{-__Uxis?|f|!Ka6*v+m z7OvzzBlI~X0+UAqNu-*;G3HtDd*UrMMm=ZMGk=Q#UZV&wRAKF|CHNv3brIUGy` z0h#lZKQ0E3Pjk41mv>5++z^-~e7cv=`iAifnu~~Y*ymupD#jP~GO3Ww-Cn_* z3UF~D|8=nPS`cVV<=-dXuaJ{&kCplxcJ2+bVzoy(Ay%NzkHB0qyhnvif(!L&Cr0!6 z#Y5uL{^+^1_)Pf~`uxRQPdtddB6MDn;Q4y$n_!MHCaK_pSnn0>gopPh@hb>QlAV#; z>y;+`%x-0b{v<@8Cl01Re!nA8fBstP!=Gam_N2d@3Cn)*tya;dpf@ev_hIgRiPg;2 z&sCadkBB}mCIq?f3o@}Ee1QSs3N|DeY%V2kAz+=i&c(sk)2}d}Um#hyf(6cTPu$qg zyugoer9W3iu1XVPmr8<2|E-fUpU>Y)egz>PIU`|7@M*5=%K7eNCyDBV@%@g?C8R*O z;-jDMn7&4sVSL(0C&-4O3x!UhKZ&mo=Oi3pIp)bA%tVWkK95QPtczfgIs1(p{Z)kt z-PBH`c>EC_&yNJIoBQ}kh!D))x7F(Sb4t$F#u5VK0N~RnMFDYsKZgB|bFKRrw_5)~ zaD6C#gmFDj}Jewe|aD`B=J?by>oOER3ToXS*eg(lO z!WADU5yUU;%W)ko4_XFldH6%Kb_TgOufmv9AVq3=twi*rQx z$I4;HLiu6Db%`AFJ-IUND@@zxH@0Zz^yU(^Rd#X+`@)jk<3-_{lRJ>JuV(O}H{Q*ZhV6%hyt9TG{vlF1)_xIuLu$ zi}eG6X~3rf%Q^Kiq+IQ|xk~&?!tu zmJfO4i%W{nX%M)M_Maop<%|rnGnFbc3sw-W^j~4VmKFMam@86?-vBwnPq|-mQ>^HX zO}DGCcnF@HP>&~qTL&|%pdXN&2QYKQe)|XSBlIf}0{f}UxuuVN{z~-4>ra{8FG4lp zO3qazEWVh+WCYLLjzWKb=)Qw}%zg!;o1j9UL;Nnz1f%7GL74D0UuQpTO2ZSgRL-2f1BGn$)#`VgzjAPteSvUYe7XWpeT-yv^}+at z5E7ePIM{cDVSE9f=3o*)^JLF&_#*oia%9fue>%N*xfW(UAtdpyRk>b<7 z*krr(!3fU7Jnm{L3{jYMfvIA%=JH2a!)X1_Z=_{ERP(nKre$77uy{`PIow=tqJO1{ zK>VC8p-FCdY|(zW`W*LigB;PhN^{=+1DT4+>i_@% diff --git a/windows_kext/protocol/src/info.rs b/windows_kext/protocol/src/info.rs index b8eb0c794..fc50d5891 100644 --- a/windows_kext/protocol/src/info.rs +++ b/windows_kext/protocol/src/info.rs @@ -441,6 +441,22 @@ fn generate_test_info_file() -> Result<(), std::io::Error> { for _ in 0..selected.capacity() { selected.push(enums.choose(&mut rng).unwrap().clone()); } + // Write wrong size data. + let mut info = connection_info_v6( + 1, + 2, + 3, + 4, + [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16], + [2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17], + 5, + 6, + 7, + &[1, 2, 3, 4, 5, 6, 7, 8, 9, 10], + ); + info.assert_size(); + info.0[0] = InfoType::ConnectionIpv4 as u8; + file.write_all(&info.0)?; for value in selected { file.write_all(&match value { @@ -548,5 +564,6 @@ fn generate_test_info_file() -> Result<(), std::io::Error> { } })?; } + return Ok(()); } diff --git a/windows_kext/protocol/testdata/go_command_test.bin b/windows_kext/protocol/testdata/go_command_test.bin index 586c70adf31fba822a9baddee108d6f8a36b6763..d518dbf12a3ac354dd6381a8f4a530e549449206 100644 GIT binary patch literal 42792 zcmcJY+k)f94Mb^MWSD#M|390;_@PRL(fUYPuOCcOjXN3*pqrfEe);9s-yY}nm;0}O z`};rs`LBQf=hvei{P(xxasBek@%z7D@82NEZ5Ur&cRW5Js$ah-{?6Di^SBQPd784X zf`gFDzXwnbeV^oY+z+EIDX1PH*~0#K-1p(LJ{ zxrcr*7*xSU?Qs>wBYfz%!eMG03luj>z&pVAZPNxy%i|Qz>Wp%ah&@d(?k1zH#SobFmjAfMb>}Y*lhjJV25>(4Y_g21FkLs4X zZ-H6ow}d$41}_Id!x#MadnwFR>FlI>J5{k6duE`;mo!>W4(eqEcOPd*zt2<^QOqLr zRFIj9J|qT*Q6*5r6|)p9T!eCDorNMNqd%40KXisoL@HRAiC(kaKboo0FR9nM$oSPxpH{7pJn4Rkj5THhc2ERy%a z2>qj=sA>=1w~`<<)P{bnUMPs7t6_FaqvTwQgjCvrOmc-!iV==m0<5VTywqSwg3bjK z$`;jm#+)by>edJ#XW61PuqrCm(VbHJcZggK0wsc)bGT5T!B-3Zy}F-za;aCQzH=-& zp}M#E@0jpX*>7W(at+h2uLuPd{F0&cm>Z*OgVX2|qFlRrx|I+Wqfk6JOdTI{(95!_ z#Uh^TOo>Rs&d?ojYkV}1H zdWt66jkKtT#>^pGL&P@AUB6Q(&s4|Hal?V??`S=xoHlc_@4S|tyhT~Tv3g(X6^q@>Hv zMWG;8nXih}LlL1KLF5HBb5FGZPuCzBIIOs-TZ`YqDwm%~B<90?&v4a)=lYPDvCh>~SJSi?c^O=8b*w*Y z1+=xPPK!CH04ja(qXj#Saz!h~qlz0m<072wvlEIoE1sxtt7cx2qf)7D^dY1r)sn7K zt~r=^PPr%+pyhOMBr*&2l+_BCDhgTnSkGoiXT-C#ivY!vofitT#VP6PmM$0tmgzjs z&#aO)cX6`_cf6s(!cJz7dSS0Ov4R=dL%BO;W;RsAc`GOt z8=*6-CVcc4uT)k#wS9*MSq|#pqH-Rc-(-~xi7BL(&Yxo7sF;pt4V2CuTi#df!FP9a!tD>kNNEFQYu<&=4-=c8ok&rsjD=lUeij<{uv4c zhZQj`>-|IvZ$FAaJj-X>6i+T&8i(C4qpL}!j_4de)&GjQ=D(*@WMC#=IQ+x3p6Ki- zBz4<-;M%M3n75X6n#2*I3r;G7F43Gu8a8cBGq6vgKngluL`TALdFHDHU)6FCfHYd) zp=*d?HgKDG-Dg{*e^LTmk90yr@zWNeWoINV*egt>nNVA*#Ztu(Zc_l-j5RW-I(4Si zR&7LmACtRR72aUfnh2Rv|3}*naIlstOO3Y$JNAa%N%Eq}_uu(S~fM9wA8h;MWn8VlCNe_oNimH!_-^AKQ!L)j;3#svz*| z4YQ3)gTZRNLv1OYZ#@^g5YejRRmZB9wI#wR3KZ(Lrz?0^QJ>=^&ENztoHEmxVh+Sv zG4ag?Azc(^^Bih$8RDx|s{=1;L3HTdTZv!WCXiCfTB6R@xpHmoe&X%oj`{l_p6Sib z4sV7+al*57o~Z=NW+bnj)P`w17NSW&HsP>d6x$i8=c!d`mP?qdhqWyYIoq962uSDP z^pocJ5=5($U|BU#DiFJs*RC*!OG=?0JbQ+8#$(0LhZu^Ys{3iiKw&0|&MP@|c*N!i z;nXmA3#MeE>`B7~xeT&eH&F7zn|7_AM*aR-rig4v6=02qMa7_^s4DmxwbO&$cf<-xGjr}Yx=&{z?WtB4`tF~z|LxOmGEBDZ8esQEwS zd*0_%8lYFAClQ4VwWmQaIP630k%4JrH}4=_tJzn1{=Ng9NBK$z*)tW)x=YbiIaDT5 z27?@yjScTB)q#84G%^g2%*y?nt$Pm)=uXA(VznDulTSjiBeZAu|EB(c2;nfRz*nIR znhzTIZMsTu4Xy3j-S5!BYmZprp&W+JZ>6uwxB_qC@h=fL{Sb;t%|GjMOlOK+$%|PE zVd5cwsfl+Ms8p-SfO5fMmQsbdPI*AEPNkoAb5-R+H1p+v)g1^M;G!jq=h+UIUv>hT$zsaj4u=!8@~`)vTsYorY10sKf>e zr2Io0YnrL6$%x8Yb2UuJt0glgse_yaj8sdK5UpJK7@Umz{}oxX55->qmo zG4-%tL)vhdS;QwlN(hBRBk@&e@57n?zC*q(^PdG!D$1m@Q-;*j`ee%Ptww|{B4LF^ zg9dQ*VO4hV&-r(|>FLX9P`PlJJu6i3Nd!{NH?GjW;;*0ks&yH_9yITBt}_cNUf<7Z z)+=T*2R`hM_w&rTul7e+V*-}18H!4%zPN$-;%FG?CSlOxnXV`*?td_q)JyMhR&?kJ zN9QCIytt4xvrS&VVn-=B-14&BlnTw3?PpTp38d`FBtN4S-kz7eW@oBj+L;eVgqPF$ z!i=x@kB^4V3rWQd)WV$FT_>>%)v8(`ZcFAX2nvTaqxb-eHZaT+Zkj8LGnB7zffP=< zbiUX667Gk4yEV4GwtkkQN|X*{7ARjg#c|W%zFJ3b{F6RpM`y@q&R|lZ_ELnls`*PT zkPW>h)p=0_lwyG5v@pI3vF4Lq{6)U`fXx2<-r6C}1tjBZi4aqwele@qm|kwiYhX?+rI9bk6>@i*e=p|)1o^4OeXDDiOH|oX_7SZ%?a_ZbJOz34^~rc?nb^PWI4t2J&8Fb z{b5PCPZ(QFybx$l99rDSeT5e$?Hp?E8Stq>n?q`liJtfnOsSpdmmAINL=YYhvwXhF zj9gRZLjhET&4GHz$D*Q5UsXH$S1N$`sG1797CXE!7AThVjkDgp*2EHuCxJG0i&Ln= zYd(iwptxZSX+*>c|AW9kcbKXoh>!;4(j7&w$UCo#P!G1=d<6wDfV`fvr&%3t_)W7% zix1^J5mBx7oPe^@>1mx%g+K=2F!i+8fgSVYD~RrG03}2{=^-g`ZfZ|2sZi7QgfY7M z}cgBmd?@OrGG|m#ep~uTYg9cdPDOq|gCO8V7(`9(iY6k)fh=>HH#`xW6sP0++YRj({_Iwpw~Y29gVF;4{=M3`O969 zHf~!$d^!!%DdjoW8f`+sN43k zd8x#dYp~vQsV7j(eRQ2~rv2oAx%S-ndl#7Jd9|$+HNE6|1a%iqRS0Y+sv|>mrdg;L zv(5aj1Pg<9*7M~xQ-)$2K>2RF-9EIAb9}lQWaxj&GuyII9(_EqG_-zxwX|fEkcUZ1asOUr3`7fuMHF9O;;<;Q zeFhO~3yNDrK z#)?`~7&fBH`fSyj4q1WEQHoMnN5TkwHIizsQ+)YBmW%4sRTZuQ1HM5It! zun_Q$P;Eu`#LEvzcvMlul{aL~gxc}&QBO!oWuS>E$)ItPX4gICD1PdM*iE$WVL@Zv z^24%eE~QYJS}xmtsGhXS=%~jJSm+5$bME>2Y%EMr5*0Cf=V-BK-9fYxQ4_nQgs^X% z9n|~IxWz>sO}h^HD*NoKSp0eUwk@xH7fq+>+{ZX5YZwfF;B3EEsGY~5mah=}l+ zmW!|%R53+kU;sfTp1xQU;31BmLYykf43lM4dulq2A*OPCsSL=1qGzF?hMey-%o+#@ z(Q!}Be2CjBfdFvWlsv}$yswwfOM`W*qpy(O*Sp9%z+DJvSSc{7@dkVPLkgJlIdKun zYNQYk9F|R6B>@nsXI1goa|vR79U-aRAffs8O|z`+EeKtZb<2Ge*X2dQ^Tk*Ea9FnN zzm2#?`g8PA+(V>r7>x%V2q1dvg4U?~y~{bnZv1iShq;jXDdZiW@ao!2Mb)2bvuG>5 Tp79?V4C>}vZI{q>d*A;9LH~IY literal 43436 zcmc(o>$2Rst%PN7Nl|i6ZtwrHX)af#Ta6j}8T;KjX z_UMmq-@gB`ALn1Lzy9t2{{Qd)_~*aAZ}o?N|FP{a*Pi=sK<9Dp6xg-FnFjy;i_Rak zi5|HAJPd*2Jom!2ody!a01c_xuKhf(a|>afaH%OM;^6w@f)kBM)LvB1$8kKP>pIR_ zcv3y}I)RdKL$+q6ree0B%&v{9u?aDW+i`96_Mp;FC}&tGB!Anf$gizwyfz~*@*#FO z&1jCR9WpaiEMb&da_}9im=uVM`ezr3nLQvOrVN-*wQ0mHL&WBNC z8$rbE9TBJZ?TV*kqna_aeFVB~_^2W$lxZQ_H*B~N0i0%Gc(k8K*w!Y= zZq%#jJn3#%plwl_hS03`S^vF5R!0xdO#gtwfYXj9f-0Rx=49Rsc~r&&$-W}m;XN)y z57E$Q(LywPS9sN3_DOSWF2@Z&xA97#g!u)W}bdJ&#rKB2O*L9-t&TG#0)4ML8Xr zXhAYV^`ah!c&?hTZ)>XCO=rekyP|TxVMDuH(Nz-Cy*qa0cgxAo|WHQ8G9QWL~jTljbm9Mu17C?`(h7M zfrN#&&vleB78=0bQWK!w&dI7uO@a)_Zxzz1Zd-jXJq}kI%;AQMV;l8hDt{;^>6Y#! zrHG$D-p;3xmP?jq+3ouGlM{j`hH*kfDv@4idPVV~U5r|e$)Jh}+k)g?lo)Nl$9C@W z*fwZtT_MY-c5&>gFrO-nLhf4j`!S+v2lpdnSj(Rw4K3ngOlN4jN-rB08l+QE%(Urr zaE&x9L**$0pk}D@SAf=&EGN7#hSYXS6LMe3B%Ic)7rr(U2z6KLFMnxmDp!#(3x$LP zq3Sk8K&`s0sPvJL%9r9!lY!)F6DU?MT>;gf>XCx3Wz;BY8NVgku1keINL^|OR}dj= zUXsL@ZP-*wddIC)3hBRSik|fvN+G17_`s*$_OXJ~ud_CGKB*_zj@oM=qi~w>jAMfK zO~3W1IIl;lE){c{u~ArnEbJ$)KFVy1UWmi&D;c5@=jPl8OUH`VFsuq$52yAx4>WXl@J&goICq&3qp{z#;gqndet$+}Ov-?HHQ&WRGH_85@FU#g1@m5-8_rYojWq8ZkkVi_#43Sjvp9 zY#x6|!U6@UUDpwCYKcdw9A3KSrl}A0LK0TrF`OFcT8fz)D%mc+!Y|Y$s&rL-KM-d_ z(k&KT8Pw)>*?}BFgVVwfs14X=i&uO@s%%hU8{g|gR&Mu&a7{-D+1AKNAt*SlWtP1o z!zD5RpTkJ08{q7P0)(vEP^f8zH8!^fHg>UXXwj2BD#5S2Yrj0^-qL#3}2nNfZ$ zM4e>{7%#V}A_MWkY39SDH0Ag!RX)T#GKLZg1hcCeA7MU%Z^6SYDz%OZ+>)X>uvZjH z_2rHfsiuU784R^$MOZp@Q;$IQTXvc^qHGXWB-f+K&gzT*iZ8{ojQr;*YcQTM{XJ{h zX9F!-H8nW1zT8r}siZ3M<|1p@l!e`C6(pb#&tymI6eEAaVv!bRGLt!`YTkA>unL17ZR#PX|Q$z+R zV>pd}NQlcAmQ1Mib6d)tv@HTMx0+^3=y0WZfD5oHGhi2OYWQo{rlu8=R`v8nr%<7) zN3+Xsy;XDavbXSBbIsuA`#n^MX`@b-sc`Y5ySA`MsMb|HBsbvG^uiQ*q=1go zliQWR{lgGQ^r+KcsuGlVumC7dGuxYj-*`0o!&Js73L#?32rj!e9VWU6qz0^`5Ot?^ zOWimdJrzhZ0N1VBo+7jHQOTBA)ciQK+t$}ha2Y^%owc?eP5!Hqys+luOA9DPIBig| z%1)6@)caOx)(6Zd#0{qv3G2pkeWYb{@Any81zq=72I!IM%>f;Q!<7UzLX33X*r9-^ ze;BYwC0xJoD9gZar$bU}eaIF9$f|Dv3yM9|&P-z-qySE%LAjV1-P$_um>Z8E6%Ab} zWc`U|6Ss@bG>Kc|igJc<%tDptC`fVprXDkVQ_(R`rjQFo)NyEqOG|`i zwO)jv>J3C>$R5F^DyWIWLQ6$l%cwa*(jveVqBKUe-avS`BMZW7qS`w@)tXs_^`Jshir)Z@nF3K2IlQmvr6E8k040&Co78%f1NEVA>FCTXCmD}gUy6oN z4}=J`U(1EX7n~nj#~leuTp@H_g6StkLQ`-Zj^g;-*5ajv(0M;IYMO#zsopxI)W1ZD zTt7)B+pyi0RN4q5$5In$Y=wrPw7G!Pqb8^}s3!75U#`?UOt)HQ5`DvYNm)MvZAM zI9Z~8?Uby z>l2jvldkf0^`|;w+E?%nDS*?kEm5h_P#*e{fmlG0?h;x!k0kdoG%xT760$Z2862HG zvZD1{kaXLGNX!ETOqKgF0TNDWN=?KN3cd`4@WuhENh?YfMOJ6^ERTtWnreyT#uMe0 zt5ck6NC817K*(uCi$Q953WQd?YEK?%kYd%X0V$(#EvKed%UV}LDE&x7tG|0CXBsH# z^Tr>ZbUqW4yc!>D`Oy=1M@c4-ZaA$o>)#AM%yJ$jDXy}adhE=sIf8iHuVjMCa zayR;DW&UymNZyJkMbbk$3Q9e$*2MbL*aB%tXh3rPbtDVZu~1b)fRcdII^<(XL-_ht zF*p;?vouNreldLwH-q7OiNNOJtI^konnh~la^w48D6hyg;fkUm(^DP$6xU5X^|x_b zw>GZE(>5mSRu}gA{j8p<4fg>N>oQE_7h39mkySuB>JP)YYgD@#nJjmGFocg7tZ9Q@ShvP2 zdHaUJc|<{JU-Tl~7AfAg1FN1Ka~gSgegJxya>gcDMrYU_;gYGBG;i98Y5G(Ijn>2I zCn1{kVXmq0NSmx5sLs5CZpy8+)Mtyt&^-#;v$(%5usjKpPoqLePZpTJ@W5;3y3UZ` z0}@qsp6mGySD6SD2n{alN(k>35Vy5gwAUlQGOmRynvZx6iPPSwEC)_rC8qQ-xXc2` zo;m+jKduuGs$b~KCkR>>-(h)hk-kPWK9AsPTxBz4Nw`&3&$7GBA2E&s6MQ}XO)ZlR z1>yxd5#+Zp!zNW_<6kM`oNbj5vyT9hEw3r*nGpyAPRnCUp;WY~zbKaC8|+$IkB~ZZ zjn6uHW`$VBX8`H9tK?e5o2pfYt(U83CPId`NJzzfpKARVmd4tz=_YGdAeEUe!X>vH zCldx5NIQFpNCHVPo00jzwJJ(bLfc=AmhSPCCPQwVE8_U=xWMo$ovFqT@rL0-O4?2X ze%T}hSgX|X^|{KZ^{eBl&^;p(uG05gFTRH2|3QQrMIa_BfY#n>0{f~-SdAXx+;ett z29Qft{s^o?4W($rW{l++{L4ItYQ3Qa2Uc?gWO9r4@rwEW8c=O0esSj}L+S{l+g7RulelG=s zetp!C_l^sQOo+VRBS<6_c@bZa+PE^M4ymb{11WhJ_d{Pr6vSJr>Jb77D%uEXc)9Sf8(u8Uq>H~**A4+2Ra#efR@9664hYGU6t>5&{_PYn+;#Lsn zJNBr$scS&8lsOHe8%CDcKrs8SlR4B`XaAp>kja(K|yxO0<4leQn>Pryt|705F zA&ngp+JVr5%fh?=>QSj3;*%4$vGwyaz~T7#>QAOctZo3?eJeBu1qi3z znug#Syzhjp)sWb!NWAUjR3(+t?l@;zJhuw`xOIzp4KmI~Uq5E@6M~lFB&yp!VaN?Q zcb6yS2}92025$ultTYk?Ca8RENw^)kJ=WMDvUT7r;r4UCp1sXDbN%|diBhIqR;R`B zqu^#ySCZ??9sgkjv?4vs(ThBSgwgN|r9_>XC}p+M1VBB=X9|Q4d0|1} zQFK!-c=br3tXoc+>kb|u^I>8*M=4v0Mt`W=bc@<i|KrTSWEsq`D&?m=4MG^5ft0=mN)iM9k#)UEzq z2)$P}I}nVCgbTudbaqx23fED8QXLzY4)Hl)nUUyV{=>i3a|GGplt7U$L~bwKj+LaszV+@sz@4DAONL!5dFG_RvkeL`Y! zlNE%g>ulRHm zUrpXFlOer^_KpJpPrv!8M{Zip1|=YWG(K0p=YBQCBKqvJ*pk{tM*iX&Sopa z_J}&;k6$Ehqf@T^xuq9{>zC4l9;#2M_THhW^#w)R5S3aq)u(P#)l*e}_Oj4=&4HBb z)XEEIfp=IKRdH^NtABJT+ejX4aoQJGh}K7&s<1`$yfwubL&*$(_6vmzr>P^c2)X_P D1$2qa From b1d168e06d008701435ea46891a34f6575968d50 Mon Sep 17 00:00:00 2001 From: Vladimir Stoilov Date: Fri, 28 Jun 2024 13:29:35 +0300 Subject: [PATCH 3/9] [service] Improve kext verdict translation --- .../interception/windowskext2/kext.go | 58 ++++++++----------- 1 file changed, 24 insertions(+), 34 deletions(-) diff --git a/service/firewall/interception/windowskext2/kext.go b/service/firewall/interception/windowskext2/kext.go index 07e7c1069..aaedac89e 100644 --- a/service/firewall/interception/windowskext2/kext.go +++ b/service/firewall/interception/windowskext2/kext.go @@ -41,7 +41,6 @@ func Start() error { // Start service and open file service.Start(true) kextFile, err = service.OpenFile(1024) - if err != nil { return fmt.Errorf("failed to open driver: %w", err) } @@ -150,44 +149,35 @@ func UpdateVerdict(conn *network.Connection) error { } func getKextVerdictFromConnection(conn *network.Connection) kextinterface.KextVerdict { - if conn.VerdictPermanent { - switch conn.Verdict { - case network.VerdictUndecided: - return kextinterface.VerdictUndecided - case network.VerdictUndeterminable: - return kextinterface.VerdictUndeterminable - case network.VerdictAccept: + switch conn.Verdict { + case network.VerdictUndecided: + return kextinterface.VerdictUndecided + case network.VerdictUndeterminable: + return kextinterface.VerdictUndeterminable + case network.VerdictAccept: + if conn.VerdictPermanent { return kextinterface.VerdictPermanentAccept - case network.VerdictBlock: - return kextinterface.VerdictPermanentBlock - case network.VerdictDrop: - return kextinterface.VerdictPermanentDrop - case network.VerdictRerouteToNameserver: - return kextinterface.VerdictRerouteToNameserver - case network.VerdictRerouteToTunnel: - return kextinterface.VerdictRerouteToTunnel - case network.VerdictFailed: - return kextinterface.VerdictFailed - } - } else { - switch conn.Verdict { - case network.VerdictUndecided: - return kextinterface.VerdictUndecided - case network.VerdictUndeterminable: - return kextinterface.VerdictUndeterminable - case network.VerdictAccept: + } else { return kextinterface.VerdictAccept - case network.VerdictBlock: + } + case network.VerdictBlock: + if conn.VerdictPermanent { + return kextinterface.VerdictPermanentBlock + } else { return kextinterface.VerdictBlock - case network.VerdictDrop: + } + case network.VerdictDrop: + if conn.VerdictPermanent { + return kextinterface.VerdictPermanentDrop + } else { return kextinterface.VerdictDrop - case network.VerdictRerouteToNameserver: - return kextinterface.VerdictRerouteToNameserver - case network.VerdictRerouteToTunnel: - return kextinterface.VerdictRerouteToTunnel - case network.VerdictFailed: - return kextinterface.VerdictFailed } + case network.VerdictRerouteToNameserver: + return kextinterface.VerdictRerouteToNameserver + case network.VerdictRerouteToTunnel: + return kextinterface.VerdictRerouteToTunnel + case network.VerdictFailed: + return kextinterface.VerdictFailed } return kextinterface.VerdictUndeterminable } From 2d9d4339456cade584a5452af85fda762d45b3cc Mon Sep 17 00:00:00 2001 From: Vladimir Stoilov Date: Fri, 28 Jun 2024 16:03:12 +0300 Subject: [PATCH 4/9] [windows_kext] Improve callouts description --- windows_kext/driver/src/callouts.rs | 56 ++++++++++++++--------------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/windows_kext/driver/src/callouts.rs b/windows_kext/driver/src/callouts.rs index 0999a7078..d49c7f071 100644 --- a/windows_kext/driver/src/callouts.rs +++ b/windows_kext/driver/src/callouts.rs @@ -12,8 +12,8 @@ pub fn get_callout_vec() -> Vec { // ----------------------------------------- // ALE Auth layers Callout::new( - "AleLayerOutboundV4", - "ALE layer for outbound connection for ipv4", + "Portmaster ALE Outbound IPv4", + "Portmaster uses this layer to block/permit outgoing ipv4 connections", 0x58545073_f893_454c_bbea_a57bc964f46d, Layer::AleAuthConnectV4, consts::FWP_ACTION_CALLOUT_TERMINATING, @@ -21,8 +21,8 @@ pub fn get_callout_vec() -> Vec { ale_callouts::ale_layer_connect_v4, ), Callout::new( - "AleLayerOutboundV6", - "ALE layer for outbound connections for ipv6", + "Portmaster ALE Outbound IPv6", + "Portmaster uses this layer to block/permit outgoing ipv6 connections", 0x4bd2a080_2585_478d_977c_7f340c6bc3d4, Layer::AleAuthConnectV6, consts::FWP_ACTION_CALLOUT_TERMINATING, @@ -32,8 +32,8 @@ pub fn get_callout_vec() -> Vec { // ----------------------------------------- // ALE connection end layers Callout::new( - "AleEndpointClosureV4", - "ALE layer for indicating closing of connection for ipv4", + "Portmaster Endpoint Closure IPv4", + "Portmaster uses this layer to detect when a IPv4 connection has ended", 0x58f02845_ace9_4455_ac80_8a84b86fe566, Layer::AleEndpointClosureV4, consts::FWP_ACTION_CALLOUT_INSPECTION, @@ -41,8 +41,8 @@ pub fn get_callout_vec() -> Vec { ale_callouts::endpoint_closure_v4, ), Callout::new( - "AleEndpointClosureV6", - "ALE layer for indicating closing of connection for ipv6", + "Portmaster Endpoint Closure IPv6", + "Portmaster uses this layer to detect when a IPv6 connection has ended", 0x2bc82359_9dc5_4315_9c93_c89467e283ce, Layer::AleEndpointClosureV6, consts::FWP_ACTION_CALLOUT_INSPECTION, @@ -61,8 +61,8 @@ pub fn get_callout_vec() -> Vec { // ale_callouts::ale_resource_monitor, // ), Callout::new( - "AleResourceReleaseV4", - "Ipv4 Port release monitor", + "Portmaster resource release IPv4", + "Portmaster uses this layer to detect when a IPv4 port has been released", 0x7b513bb3_a0be_4f77_a4bc_03c052abe8d7, Layer::AleResourceReleaseV4, consts::FWP_ACTION_CALLOUT_INSPECTION, @@ -79,8 +79,8 @@ pub fn get_callout_vec() -> Vec { // ale_callouts::ale_resource_monitor, // ), Callout::new( - "AleResourceReleaseV6", - "Ipv6 Port release monitor", + "Portmaster resource release IPv6", + "Portmaster uses this layer to detect when a IPv6 port has been released", 0x6cf36e04_e656_42c3_8cac_a1ce05328bd1, Layer::AleResourceReleaseV6, consts::FWP_ACTION_CALLOUT_INSPECTION, @@ -90,8 +90,8 @@ pub fn get_callout_vec() -> Vec { // ----------------------------------------- // Stream layer Callout::new( - "StreamLayerV4", - "Stream layer for ipv4", + "Portmaster Stream IPv4", + "Portmaster uses this layer for bandwidth statistics of IPv4 TCP connections", 0xe2ca13bf_9710_4caa_a45c_e8c78b5ac780, Layer::StreamV4, consts::FWP_ACTION_CALLOUT_INSPECTION, @@ -99,8 +99,8 @@ pub fn get_callout_vec() -> Vec { stream_callouts::stream_layer_tcp_v4, ), Callout::new( - "StreamLayerV6", - "Stream layer for ipv6", + "Portmaster Stream IPv6", + "Portmaster uses this layer for bandwidth statistics of IPv6 TCP connections", 0x66c549b3_11e2_4b27_8f73_856e6fd82baa, Layer::StreamV6, consts::FWP_ACTION_CALLOUT_INSPECTION, @@ -108,8 +108,8 @@ pub fn get_callout_vec() -> Vec { stream_callouts::stream_layer_tcp_v6, ), Callout::new( - "DatagramDataLayerV4", - "DatagramData layer for ipv4", + "Portmaster Datagram IPv4", + "Portmaster uses this layer for bandwidth statistics of IPv4 UDP connections", 0xe7eeeaba_168a_45bb_8747_e1a702feb2c5, Layer::DatagramDataV4, consts::FWP_ACTION_CALLOUT_INSPECTION, @@ -117,8 +117,8 @@ pub fn get_callout_vec() -> Vec { stream_callouts::stream_layer_udp_v4, ), Callout::new( - "DatagramDataLayerV6", - "DatagramData layer for ipv4", + "Portmaster Datagram IPv6", + "Portmaster uses this layer for bandwidth statistics of IPv6 UDP connections", 0xb25862cd_f744_4452_b14a_d0c1e5a25b30, Layer::DatagramDataV6, consts::FWP_ACTION_CALLOUT_INSPECTION, @@ -128,8 +128,8 @@ pub fn get_callout_vec() -> Vec { // ----------------------------------------- // Packet layers Callout::new( - "IPPacketOutboundV4", - "IP packet outbound network layer callout for Ipv4", + "Portmaster Packet Outbound IPv4", + "Portmaster uses this layer to redirect/block/permit outgoing ipv4 packets", 0xf3183afe_dc35_49f1_8ea2_b16b5666dd36, Layer::OutboundIppacketV4, consts::FWP_ACTION_CALLOUT_TERMINATING, @@ -137,8 +137,8 @@ pub fn get_callout_vec() -> Vec { packet_callouts::ip_packet_layer_outbound_v4, ), Callout::new( - "IPPacketInboundV4", - "IP packet inbound network layer callout for Ipv4", + "Portmaster Packet Inbound IPv4", + "Portmaster uses this layer to redirect/block/permit inbound ipv4 packets", 0xf0369374_203d_4bf0_83d2_b2ad3cc17a50, Layer::InboundIppacketV4, consts::FWP_ACTION_CALLOUT_TERMINATING, @@ -146,8 +146,8 @@ pub fn get_callout_vec() -> Vec { packet_callouts::ip_packet_layer_inbound_v4, ), Callout::new( - "IPPacketOutboundV6", - "IP packet outbound network layer callout for Ipv6", + "Portmaster Packet Outbound IPv6", + "Portmaster uses this layer to redirect/block/permit outgoing ipv6 packets", 0x91daf8bc_0908_4bf8_9f81_2c538ab8f25a, Layer::OutboundIppacketV6, consts::FWP_ACTION_CALLOUT_TERMINATING, @@ -155,8 +155,8 @@ pub fn get_callout_vec() -> Vec { packet_callouts::ip_packet_layer_outbound_v6, ), Callout::new( - "IPPacketInboundV6", - "IP packet inbound network layer callout for Ipv6", + "Portmaster Packet Inbound IPv6", + "Portmaster uses this layer to redirect/block/permit inbound ipv6 packets", 0xfe9faf5f_ceb2_4cd9_9995_f2f2b4f5fcc0, Layer::InboundIppacketV6, consts::FWP_ACTION_CALLOUT_TERMINATING, From 81bee82b8fb25ef58455ab78cd60614a3bf67a4c Mon Sep 17 00:00:00 2001 From: Vladimir Stoilov Date: Fri, 28 Jun 2024 16:06:30 +0300 Subject: [PATCH 5/9] [windows_kext] Update windows-rs --- windows_kext/driver/Cargo.lock | 40 +++++++++++-------- windows_kext/driver/Cargo.toml | 2 +- windows_kext/driver/src/entry.rs | 26 ++++++------ windows_kext/wdk/Cargo.lock | 40 +++++++++++-------- windows_kext/wdk/Cargo.toml | 2 +- windows_kext/wdk/README.md | 4 +- windows_kext/wdk/src/driver.rs | 29 ++++++-------- windows_kext/wdk/src/ffi.rs | 2 +- windows_kext/wdk/src/filter_engine/callout.rs | 10 ++--- .../wdk/src/filter_engine/callout_data.rs | 2 +- windows_kext/wdk/src/filter_engine/mod.rs | 2 +- windows_kext/wdk/src/filter_engine/packet.rs | 16 ++++---- 12 files changed, 92 insertions(+), 83 deletions(-) diff --git a/windows_kext/driver/Cargo.lock b/windows_kext/driver/Cargo.lock index 0374a4c7f..b87467456 100644 --- a/windows_kext/driver/Cargo.lock +++ b/windows_kext/driver/Cargo.lock @@ -340,19 +340,20 @@ checksum = "653f141f39ec16bba3c5abe400a0c60da7468261cc2cbf36805022876bc721a8" [[package]] name = "windows-sys" version = "0.52.0" -source = "git+https://github.com/microsoft/windows-rs?rev=41ad38d8c42c92fd23fe25ba4dca76c2d861ca06#41ad38d8c42c92fd23fe25ba4dca76c2d861ca06" +source = "git+https://github.com/microsoft/windows-rs?rev=dffa8b03dc4987c278d82e88015ffe96aa8ac317#dffa8b03dc4987c278d82e88015ffe96aa8ac317" dependencies = [ "windows-targets", ] [[package]] name = "windows-targets" -version = "0.52.0" -source = "git+https://github.com/microsoft/windows-rs?rev=41ad38d8c42c92fd23fe25ba4dca76c2d861ca06#41ad38d8c42c92fd23fe25ba4dca76c2d861ca06" +version = "0.52.5" +source = "git+https://github.com/microsoft/windows-rs?rev=dffa8b03dc4987c278d82e88015ffe96aa8ac317#dffa8b03dc4987c278d82e88015ffe96aa8ac317" dependencies = [ "windows_aarch64_gnullvm", "windows_aarch64_msvc", "windows_i686_gnu", + "windows_i686_gnullvm", "windows_i686_msvc", "windows_x86_64_gnu", "windows_x86_64_gnullvm", @@ -361,38 +362,43 @@ dependencies = [ [[package]] name = "windows_aarch64_gnullvm" -version = "0.52.0" -source = "git+https://github.com/microsoft/windows-rs?rev=41ad38d8c42c92fd23fe25ba4dca76c2d861ca06#41ad38d8c42c92fd23fe25ba4dca76c2d861ca06" +version = "0.52.5" +source = "git+https://github.com/microsoft/windows-rs?rev=dffa8b03dc4987c278d82e88015ffe96aa8ac317#dffa8b03dc4987c278d82e88015ffe96aa8ac317" [[package]] name = "windows_aarch64_msvc" -version = "0.52.0" -source = "git+https://github.com/microsoft/windows-rs?rev=41ad38d8c42c92fd23fe25ba4dca76c2d861ca06#41ad38d8c42c92fd23fe25ba4dca76c2d861ca06" +version = "0.52.5" +source = "git+https://github.com/microsoft/windows-rs?rev=dffa8b03dc4987c278d82e88015ffe96aa8ac317#dffa8b03dc4987c278d82e88015ffe96aa8ac317" [[package]] name = "windows_i686_gnu" -version = "0.52.0" -source = "git+https://github.com/microsoft/windows-rs?rev=41ad38d8c42c92fd23fe25ba4dca76c2d861ca06#41ad38d8c42c92fd23fe25ba4dca76c2d861ca06" +version = "0.52.5" +source = "git+https://github.com/microsoft/windows-rs?rev=dffa8b03dc4987c278d82e88015ffe96aa8ac317#dffa8b03dc4987c278d82e88015ffe96aa8ac317" + +[[package]] +name = "windows_i686_gnullvm" +version = "0.52.5" +source = "git+https://github.com/microsoft/windows-rs?rev=dffa8b03dc4987c278d82e88015ffe96aa8ac317#dffa8b03dc4987c278d82e88015ffe96aa8ac317" [[package]] name = "windows_i686_msvc" -version = "0.52.0" -source = "git+https://github.com/microsoft/windows-rs?rev=41ad38d8c42c92fd23fe25ba4dca76c2d861ca06#41ad38d8c42c92fd23fe25ba4dca76c2d861ca06" +version = "0.52.5" +source = "git+https://github.com/microsoft/windows-rs?rev=dffa8b03dc4987c278d82e88015ffe96aa8ac317#dffa8b03dc4987c278d82e88015ffe96aa8ac317" [[package]] name = "windows_x86_64_gnu" -version = "0.52.0" -source = "git+https://github.com/microsoft/windows-rs?rev=41ad38d8c42c92fd23fe25ba4dca76c2d861ca06#41ad38d8c42c92fd23fe25ba4dca76c2d861ca06" +version = "0.52.5" +source = "git+https://github.com/microsoft/windows-rs?rev=dffa8b03dc4987c278d82e88015ffe96aa8ac317#dffa8b03dc4987c278d82e88015ffe96aa8ac317" [[package]] name = "windows_x86_64_gnullvm" -version = "0.52.0" -source = "git+https://github.com/microsoft/windows-rs?rev=41ad38d8c42c92fd23fe25ba4dca76c2d861ca06#41ad38d8c42c92fd23fe25ba4dca76c2d861ca06" +version = "0.52.5" +source = "git+https://github.com/microsoft/windows-rs?rev=dffa8b03dc4987c278d82e88015ffe96aa8ac317#dffa8b03dc4987c278d82e88015ffe96aa8ac317" [[package]] name = "windows_x86_64_msvc" -version = "0.52.0" -source = "git+https://github.com/microsoft/windows-rs?rev=41ad38d8c42c92fd23fe25ba4dca76c2d861ca06#41ad38d8c42c92fd23fe25ba4dca76c2d861ca06" +version = "0.52.5" +source = "git+https://github.com/microsoft/windows-rs?rev=dffa8b03dc4987c278d82e88015ffe96aa8ac317#dffa8b03dc4987c278d82e88015ffe96aa8ac317" [[package]] name = "zerocopy" diff --git a/windows_kext/driver/Cargo.toml b/windows_kext/driver/Cargo.toml index 09ca639dc..66dffacab 100644 --- a/windows_kext/driver/Cargo.toml +++ b/windows_kext/driver/Cargo.toml @@ -22,5 +22,5 @@ hashbrown = { version = "0.14.3", default-features = false, features = ["ahash"] # WARNING: Do not update. The version was choosen for a reason. See wdk/README.md for more detiels. [dependencies.windows-sys] git = "https://github.com/microsoft/windows-rs" -rev = "41ad38d8c42c92fd23fe25ba4dca76c2d861ca06" +rev = "dffa8b03dc4987c278d82e88015ffe96aa8ac317" features = ["Wdk_Foundation", "Wdk_Storage_FileSystem", "Wdk_System_SystemServices", "Win32_Foundation", "Win32_Security", "Win32_System_IO", "Win32_System_Kernel", "Win32_System_Power", "Win32_System_WindowsProgramming", "Win32_NetworkManagement_IpHelper", "Win32_Networking_WinSock", "Win32_NetworkManagement_WindowsFilteringPlatform"] diff --git a/windows_kext/driver/src/entry.rs b/windows_kext/driver/src/entry.rs index 479fe42a1..513c004b8 100644 --- a/windows_kext/driver/src/entry.rs +++ b/windows_kext/driver/src/entry.rs @@ -38,10 +38,10 @@ pub extern "system" fn driver_entry( }; // Set driver functions. - driver.set_driver_unload(driver_unload); - driver.set_read_fn(driver_read); - driver.set_write_fn(driver_write); - driver.set_device_control_fn(device_control); + driver.set_driver_unload(Some(driver_unload)); + driver.set_read_fn(Some(driver_read)); + driver.set_write_fn(Some(driver_write)); + driver.set_device_control_fn(Some(device_control)); // Initialize device. unsafe { @@ -70,10 +70,10 @@ unsafe extern "system" fn driver_unload(_object: *const DRIVER_OBJECT) { // driver_read event triggered from user-space on file.Read. unsafe extern "system" fn driver_read( - _device_object: &mut DEVICE_OBJECT, - irp: &mut IRP, + _device_object: *const DEVICE_OBJECT, + irp: *mut IRP, ) -> NTSTATUS { - let mut read_request = ReadRequest::new(irp); + let mut read_request = ReadRequest::new(irp.as_mut().unwrap()); let Some(device) = get_device() else { read_request.complete(); @@ -86,10 +86,10 @@ unsafe extern "system" fn driver_read( /// driver_write event triggered from user-space on file.Write. unsafe extern "system" fn driver_write( - _device_object: &mut DEVICE_OBJECT, - irp: &mut IRP, + _device_object: *const DEVICE_OBJECT, + irp: *mut IRP, ) -> NTSTATUS { - let mut write_request = WriteRequest::new(irp); + let mut write_request = WriteRequest::new(irp.as_mut().unwrap()); let Some(device) = get_device() else { write_request.complete(); return write_request.get_status(); @@ -104,10 +104,10 @@ unsafe extern "system" fn driver_write( /// device_control event triggered from user-space on file.deviceIOControl. unsafe extern "system" fn device_control( - _device_object: &mut DEVICE_OBJECT, - irp: &mut IRP, + _device_object: *const DEVICE_OBJECT, + irp: *mut IRP, ) -> NTSTATUS { - let mut control_request = DeviceControlRequest::new(irp); + let mut control_request = DeviceControlRequest::new(irp.as_mut().unwrap()); let Some(device) = get_device() else { control_request.complete(); return control_request.get_status(); diff --git a/windows_kext/wdk/Cargo.lock b/windows_kext/wdk/Cargo.lock index a6ffcec35..788225356 100644 --- a/windows_kext/wdk/Cargo.lock +++ b/windows_kext/wdk/Cargo.lock @@ -84,19 +84,20 @@ checksum = "653f141f39ec16bba3c5abe400a0c60da7468261cc2cbf36805022876bc721a8" [[package]] name = "windows-sys" version = "0.52.0" -source = "git+https://github.com/microsoft/windows-rs?rev=41ad38d8c42c92fd23fe25ba4dca76c2d861ca06#41ad38d8c42c92fd23fe25ba4dca76c2d861ca06" +source = "git+https://github.com/microsoft/windows-rs?rev=dffa8b03dc4987c278d82e88015ffe96aa8ac317#dffa8b03dc4987c278d82e88015ffe96aa8ac317" dependencies = [ "windows-targets", ] [[package]] name = "windows-targets" -version = "0.52.0" -source = "git+https://github.com/microsoft/windows-rs?rev=41ad38d8c42c92fd23fe25ba4dca76c2d861ca06#41ad38d8c42c92fd23fe25ba4dca76c2d861ca06" +version = "0.52.5" +source = "git+https://github.com/microsoft/windows-rs?rev=dffa8b03dc4987c278d82e88015ffe96aa8ac317#dffa8b03dc4987c278d82e88015ffe96aa8ac317" dependencies = [ "windows_aarch64_gnullvm", "windows_aarch64_msvc", "windows_i686_gnu", + "windows_i686_gnullvm", "windows_i686_msvc", "windows_x86_64_gnu", "windows_x86_64_gnullvm", @@ -105,35 +106,40 @@ dependencies = [ [[package]] name = "windows_aarch64_gnullvm" -version = "0.52.0" -source = "git+https://github.com/microsoft/windows-rs?rev=41ad38d8c42c92fd23fe25ba4dca76c2d861ca06#41ad38d8c42c92fd23fe25ba4dca76c2d861ca06" +version = "0.52.5" +source = "git+https://github.com/microsoft/windows-rs?rev=dffa8b03dc4987c278d82e88015ffe96aa8ac317#dffa8b03dc4987c278d82e88015ffe96aa8ac317" [[package]] name = "windows_aarch64_msvc" -version = "0.52.0" -source = "git+https://github.com/microsoft/windows-rs?rev=41ad38d8c42c92fd23fe25ba4dca76c2d861ca06#41ad38d8c42c92fd23fe25ba4dca76c2d861ca06" +version = "0.52.5" +source = "git+https://github.com/microsoft/windows-rs?rev=dffa8b03dc4987c278d82e88015ffe96aa8ac317#dffa8b03dc4987c278d82e88015ffe96aa8ac317" [[package]] name = "windows_i686_gnu" -version = "0.52.0" -source = "git+https://github.com/microsoft/windows-rs?rev=41ad38d8c42c92fd23fe25ba4dca76c2d861ca06#41ad38d8c42c92fd23fe25ba4dca76c2d861ca06" +version = "0.52.5" +source = "git+https://github.com/microsoft/windows-rs?rev=dffa8b03dc4987c278d82e88015ffe96aa8ac317#dffa8b03dc4987c278d82e88015ffe96aa8ac317" + +[[package]] +name = "windows_i686_gnullvm" +version = "0.52.5" +source = "git+https://github.com/microsoft/windows-rs?rev=dffa8b03dc4987c278d82e88015ffe96aa8ac317#dffa8b03dc4987c278d82e88015ffe96aa8ac317" [[package]] name = "windows_i686_msvc" -version = "0.52.0" -source = "git+https://github.com/microsoft/windows-rs?rev=41ad38d8c42c92fd23fe25ba4dca76c2d861ca06#41ad38d8c42c92fd23fe25ba4dca76c2d861ca06" +version = "0.52.5" +source = "git+https://github.com/microsoft/windows-rs?rev=dffa8b03dc4987c278d82e88015ffe96aa8ac317#dffa8b03dc4987c278d82e88015ffe96aa8ac317" [[package]] name = "windows_x86_64_gnu" -version = "0.52.0" -source = "git+https://github.com/microsoft/windows-rs?rev=41ad38d8c42c92fd23fe25ba4dca76c2d861ca06#41ad38d8c42c92fd23fe25ba4dca76c2d861ca06" +version = "0.52.5" +source = "git+https://github.com/microsoft/windows-rs?rev=dffa8b03dc4987c278d82e88015ffe96aa8ac317#dffa8b03dc4987c278d82e88015ffe96aa8ac317" [[package]] name = "windows_x86_64_gnullvm" -version = "0.52.0" -source = "git+https://github.com/microsoft/windows-rs?rev=41ad38d8c42c92fd23fe25ba4dca76c2d861ca06#41ad38d8c42c92fd23fe25ba4dca76c2d861ca06" +version = "0.52.5" +source = "git+https://github.com/microsoft/windows-rs?rev=dffa8b03dc4987c278d82e88015ffe96aa8ac317#dffa8b03dc4987c278d82e88015ffe96aa8ac317" [[package]] name = "windows_x86_64_msvc" -version = "0.52.0" -source = "git+https://github.com/microsoft/windows-rs?rev=41ad38d8c42c92fd23fe25ba4dca76c2d861ca06#41ad38d8c42c92fd23fe25ba4dca76c2d861ca06" +version = "0.52.5" +source = "git+https://github.com/microsoft/windows-rs?rev=dffa8b03dc4987c278d82e88015ffe96aa8ac317#dffa8b03dc4987c278d82e88015ffe96aa8ac317" diff --git a/windows_kext/wdk/Cargo.toml b/windows_kext/wdk/Cargo.toml index a3edbf083..0b85e05ae 100644 --- a/windows_kext/wdk/Cargo.toml +++ b/windows_kext/wdk/Cargo.toml @@ -16,5 +16,5 @@ features = ["alloc"] # WARNING: Do not update. The version was choosen for a reason. See wdk/README.md for more detiels. [dependencies.windows-sys] git = "https://github.com/microsoft/windows-rs" -rev = "41ad38d8c42c92fd23fe25ba4dca76c2d861ca06" +rev = "dffa8b03dc4987c278d82e88015ffe96aa8ac317" features = ["Wdk_Foundation", "Wdk_Storage_FileSystem", "Wdk_System_SystemServices", "Win32_Foundation", "Win32_Security", "Win32_System_IO", "Win32_System_Kernel", "Win32_System_Power", "Win32_System_WindowsProgramming", "Win32_NetworkManagement_IpHelper", "Win32_Networking_WinSock", "Win32_NetworkManagement_WindowsFilteringPlatform", "Win32_System_Rpc"] diff --git a/windows_kext/wdk/README.md b/windows_kext/wdk/README.md index 36107c4bc..4712225d6 100644 --- a/windows_kext/wdk/README.md +++ b/windows_kext/wdk/README.md @@ -10,5 +10,7 @@ see: `wdk/src/driver.rs` see: `wdk/src/irp_helper.rs` Open issues need to be resolved: -https://github.com/microsoft/wdkmetadata/issues/59 https://github.com/microsoft/windows-rs/issues/2805 + +Resolved: +https://github.com/microsoft/wdkmetadata/issues/59 diff --git a/windows_kext/wdk/src/driver.rs b/windows_kext/wdk/src/driver.rs index a8b7440d1..97f08d6d5 100644 --- a/windows_kext/wdk/src/driver.rs +++ b/windows_kext/wdk/src/driver.rs @@ -1,6 +1,6 @@ use windows_sys::{ - Wdk::Foundation::{DEVICE_OBJECT, DRIVER_OBJECT, IRP}, - Win32::Foundation::{HANDLE, NTSTATUS}, + Wdk::Foundation::{DEVICE_OBJECT, DRIVER_DISPATCH, DRIVER_OBJECT, DRIVER_UNLOAD}, + Win32::Foundation::HANDLE, }; use crate::{ @@ -23,11 +23,6 @@ pub struct Driver { } unsafe impl Sync for Driver {} -// This is a workaround for current state of wdk bindings. -// TODO: replace with official version when they are correct: https://github.com/microsoft/wdkmetadata/issues/59 -pub type UnloadFnType = unsafe extern "system" fn(driver_object: *const DRIVER_OBJECT); -pub type MjFnType = unsafe extern "system" fn(&mut DEVICE_OBJECT, &mut IRP) -> NTSTATUS; - impl Driver { pub(crate) fn new( driver_object: *mut DRIVER_OBJECT, @@ -50,54 +45,54 @@ impl Driver { return unsafe { self.device_object.as_mut() }; } - pub fn set_driver_unload(&mut self, driver_unload: UnloadFnType) { + pub fn set_driver_unload(&mut self, driver_unload: DRIVER_UNLOAD) { if let Some(driver) = unsafe { self.driver_object.as_mut() } { - driver.DriverUnload = Some(unsafe { core::mem::transmute(driver_unload) }) + driver.DriverUnload = driver_unload } } - pub fn set_read_fn(&mut self, mj_fn: MjFnType) { + pub fn set_read_fn(&mut self, mj_fn: DRIVER_DISPATCH) { self.set_major_fn(windows_sys::Wdk::System::SystemServices::IRP_MJ_READ, mj_fn); } - pub fn set_write_fn(&mut self, mj_fn: MjFnType) { + pub fn set_write_fn(&mut self, mj_fn: DRIVER_DISPATCH) { self.set_major_fn( windows_sys::Wdk::System::SystemServices::IRP_MJ_WRITE, mj_fn, ); } - pub fn set_create_fn(&mut self, mj_fn: MjFnType) { + pub fn set_create_fn(&mut self, mj_fn: DRIVER_DISPATCH) { self.set_major_fn( windows_sys::Wdk::System::SystemServices::IRP_MJ_CREATE, mj_fn, ); } - pub fn set_device_control_fn(&mut self, mj_fn: MjFnType) { + pub fn set_device_control_fn(&mut self, mj_fn: DRIVER_DISPATCH) { self.set_major_fn( windows_sys::Wdk::System::SystemServices::IRP_MJ_DEVICE_CONTROL, mj_fn, ); } - pub fn set_close_fn(&mut self, mj_fn: MjFnType) { + pub fn set_close_fn(&mut self, mj_fn: DRIVER_DISPATCH) { self.set_major_fn( windows_sys::Wdk::System::SystemServices::IRP_MJ_CLOSE, mj_fn, ); } - pub fn set_cleanup_fn(&mut self, mj_fn: MjFnType) { + pub fn set_cleanup_fn(&mut self, mj_fn: DRIVER_DISPATCH) { self.set_major_fn( windows_sys::Wdk::System::SystemServices::IRP_MJ_CLEANUP, mj_fn, ); } - fn set_major_fn(&mut self, fn_index: u32, mj_fn: MjFnType) { + fn set_major_fn(&mut self, fn_index: u32, mj_fn: DRIVER_DISPATCH) { if let Some(driver) = unsafe { self.driver_object.as_mut() } { - driver.MajorFunction[fn_index as usize] = Some(unsafe { core::mem::transmute(mj_fn) }) + driver.MajorFunction[fn_index as usize] = mj_fn } } } diff --git a/windows_kext/wdk/src/ffi.rs b/windows_kext/wdk/src/ffi.rs index b7fea16c3..c250499e0 100644 --- a/windows_kext/wdk/src/ffi.rs +++ b/windows_kext/wdk/src/ffi.rs @@ -270,7 +270,7 @@ impl WdfObjectAttributes { evt_destroy_callback: None, execution_level: WdfExecutionLevel::InheritFromParent, synchronization_scope: WdfSynchronizationScope::InheritFromParent, - parent_object: 0, + parent_object: core::ptr::null_mut(), context_size_override: 0, context_type_info: core::ptr::null(), } diff --git a/windows_kext/wdk/src/filter_engine/callout.rs b/windows_kext/wdk/src/filter_engine/callout.rs index ad4fcf4ef..5651de1d7 100644 --- a/windows_kext/wdk/src/filter_engine/callout.rs +++ b/windows_kext/wdk/src/filter_engine/callout.rs @@ -1,7 +1,7 @@ use super::{callout_data::CalloutData, ffi, layer::Layer}; use crate::ffi::FwpsCalloutClassifyFn; use alloc::{borrow::ToOwned, format, string::String}; -use windows_sys::Wdk::Foundation::DEVICE_OBJECT; +use windows_sys::{Wdk::Foundation::DEVICE_OBJECT, Win32::Foundation::HANDLE}; pub enum FilterType { Resettable, @@ -49,13 +49,13 @@ impl Callout { pub fn register_filter( &mut self, - filter_engine_handle: isize, + filter_engine_handle: HANDLE, sublayer_guid: u128, ) -> Result<(), String> { match ffi::register_filter( filter_engine_handle, sublayer_guid, - &format!("{}-filter", self.name), + &self.name, &self.description, self.guid, self.layer, @@ -75,14 +75,14 @@ impl Callout { pub(crate) fn register_callout( &mut self, - filter_engine_handle: isize, + filter_engine_handle: HANDLE, device_object: *mut DEVICE_OBJECT, callout_fn: FwpsCalloutClassifyFn, ) -> Result<(), String> { match ffi::register_callout( device_object, filter_engine_handle, - &format!("{}-callout", self.name), + &self.name, &self.description, self.guid, self.layer, diff --git a/windows_kext/wdk/src/filter_engine/callout_data.rs b/windows_kext/wdk/src/filter_engine/callout_data.rs index c09be368a..640baab3a 100644 --- a/windows_kext/wdk/src/filter_engine/callout_data.rs +++ b/windows_kext/wdk/src/filter_engine/callout_data.rs @@ -140,7 +140,7 @@ impl<'a> CalloutData<'a> { packet_list: Option, ) -> Result { unsafe { - let mut completion_context = 0; + let mut completion_context: HANDLE = core::ptr::null_mut(); if let Some(completion_handle) = (*self.metadata).get_completion_handle() { let status = FwpsPendOperation0(completion_handle, &mut completion_context); check_ntstatus(status)?; diff --git a/windows_kext/wdk/src/filter_engine/mod.rs b/windows_kext/wdk/src/filter_engine/mod.rs index 7e6cc20f5..8ceb76b51 100644 --- a/windows_kext/wdk/src/filter_engine/mod.rs +++ b/windows_kext/wdk/src/filter_engine/mod.rs @@ -192,7 +192,7 @@ impl Drop for FilterEngine { } } - if self.handle != 0 && self.handle != INVALID_HANDLE_VALUE { + if !self.handle.is_null() && self.handle != INVALID_HANDLE_VALUE { _ = ffi::filter_engine_close(self.handle); } } diff --git a/windows_kext/wdk/src/filter_engine/packet.rs b/windows_kext/wdk/src/filter_engine/packet.rs index 85e260067..fcaab347b 100644 --- a/windows_kext/wdk/src/filter_engine/packet.rs +++ b/windows_kext/wdk/src/filter_engine/packet.rs @@ -163,7 +163,7 @@ impl Injector { let status = if packet_list.inbound { FwpsInjectTransportReceiveAsync0( self.transport_inject_handle, - 0, + core::ptr::null_mut(), core::ptr::null_mut(), 0, address_family, @@ -177,7 +177,7 @@ impl Injector { } else { FwpsInjectTransportSendAsync1( self.transport_inject_handle, - 0, + core::ptr::null_mut(), packet_list.endpoint_handle, 0, &mut send_params, @@ -222,7 +222,7 @@ impl Injector { unsafe { FwpsInjectNetworkReceiveAsync0( inject_handle, - 0, + core::ptr::null_mut(), 0, UNSPECIFIED_COMPARTMENT_ID, inject_info.interface_index, @@ -237,7 +237,7 @@ impl Injector { unsafe { FwpsInjectNetworkSendAsync0( inject_handle, - 0, + core::ptr::null_mut(), 0, UNSPECIFIED_COMPARTMENT_ID, nbl, @@ -269,7 +269,7 @@ impl Injector { } else { self.packet_inject_handle_v4 }; - if inject_handle == INVALID_HANDLE_VALUE || inject_handle == 0 { + if inject_handle == INVALID_HANDLE_VALUE || inject_handle.is_null() { return false; } @@ -309,19 +309,19 @@ impl Drop for Injector { fn drop(&mut self) { unsafe { if self.transport_inject_handle != INVALID_HANDLE_VALUE - && self.transport_inject_handle != 0 + && !self.transport_inject_handle.is_null() { FwpsInjectionHandleDestroy0(self.transport_inject_handle); self.transport_inject_handle = INVALID_HANDLE_VALUE; } if self.packet_inject_handle_v4 != INVALID_HANDLE_VALUE - && self.packet_inject_handle_v4 != 0 + && !self.packet_inject_handle_v4.is_null() { FwpsInjectionHandleDestroy0(self.packet_inject_handle_v4); self.packet_inject_handle_v4 = INVALID_HANDLE_VALUE; } if self.packet_inject_handle_v6 != INVALID_HANDLE_VALUE - && self.packet_inject_handle_v6 != 0 + && !self.packet_inject_handle_v6.is_null() { FwpsInjectionHandleDestroy0(self.packet_inject_handle_v6); self.packet_inject_handle_v6 = INVALID_HANDLE_VALUE; From ea59c11d0ddeb9955b8fb137c5c5d972af13b3af Mon Sep 17 00:00:00 2001 From: Vladimir Stoilov Date: Fri, 28 Jun 2024 16:12:07 +0300 Subject: [PATCH 6/9] [windows_kext] Fix some clippy warnings --- windows_kext/wdk/src/allocator.rs | 4 ++-- windows_kext/wdk/src/filter_engine/callout_data.rs | 4 +--- windows_kext/wdk/src/filter_engine/ffi.rs | 4 +--- windows_kext/wdk/src/filter_engine/metadata.rs | 8 ++++---- windows_kext/wdk/src/filter_engine/mod.rs | 8 ++------ windows_kext/wdk/src/filter_engine/net_buffer.rs | 4 ++-- windows_kext/wdk/src/filter_engine/packet.rs | 4 ++-- windows_kext/wdk/src/irp_helpers.rs | 8 ++++---- 8 files changed, 18 insertions(+), 26 deletions(-) diff --git a/windows_kext/wdk/src/allocator.rs b/windows_kext/wdk/src/allocator.rs index e3f65fa88..f8767b8aa 100644 --- a/windows_kext/wdk/src/allocator.rs +++ b/windows_kext/wdk/src/allocator.rs @@ -43,8 +43,8 @@ unsafe impl GlobalAlloc for WindowsAllocator { } unsafe fn alloc_zeroed(&self, layout: Layout) -> *mut u8 { - let pool = self.alloc(layout); - pool + + self.alloc(layout) } unsafe fn realloc(&self, ptr: *mut u8, layout: Layout, new_size: usize) -> *mut u8 { diff --git a/windows_kext/wdk/src/filter_engine/callout_data.rs b/windows_kext/wdk/src/filter_engine/callout_data.rs index 640baab3a..bb861f84f 100644 --- a/windows_kext/wdk/src/filter_engine/callout_data.rs +++ b/windows_kext/wdk/src/filter_engine/callout_data.rs @@ -37,9 +37,7 @@ impl ClassifyDefer { } ClassifyDefer::Reauthorization(_callout_id, packet_list) => { // There is no way to reset single filter. If another request for filter reset is trigger at the same time it will fail. - if let Err(err) = filter_engine.reset_all_filters() { - return Err(err); - } + filter_engine.reset_all_filters()?; return Ok(packet_list); } } diff --git a/windows_kext/wdk/src/filter_engine/ffi.rs b/windows_kext/wdk/src/filter_engine/ffi.rs index 766c1ef14..45103272e 100644 --- a/windows_kext/wdk/src/filter_engine/ffi.rs +++ b/windows_kext/wdk/src/filter_engine/ffi.rs @@ -113,9 +113,7 @@ pub(crate) fn register_callout( check_ntstatus(status)?; - if let Err(err) = callout_add(filter_engine_handle, guid, layer, name, description) { - return Err(err); - } + callout_add(filter_engine_handle, guid, layer, name, description)?; return Ok(callout_id); } diff --git a/windows_kext/wdk/src/filter_engine/metadata.rs b/windows_kext/wdk/src/filter_engine/metadata.rs index 294197866..632830fab 100644 --- a/windows_kext/wdk/src/filter_engine/metadata.rs +++ b/windows_kext/wdk/src/filter_engine/metadata.rs @@ -154,10 +154,10 @@ impl FwpsIncomingMetadataValues { #[allow(dead_code)] #[repr(C)] enum FwpsDiscardModule0 { - FwpsDiscardModuleNetwork = 0, - FwpsDiscardModuleTransport = 1, - FwpsDiscardModuleGeneral = 2, - FwpsDiscardModuleMax = 3, + Network = 0, + Transport = 1, + General = 2, + Max = 3, } #[repr(C)] diff --git a/windows_kext/wdk/src/filter_engine/mod.rs b/windows_kext/wdk/src/filter_engine/mod.rs index 8ceb76b51..0405afba2 100644 --- a/windows_kext/wdk/src/filter_engine/mod.rs +++ b/windows_kext/wdk/src/filter_engine/mod.rs @@ -107,9 +107,7 @@ impl FilterEngine { filter_engine.callouts = Some(boxed_callouts); } - if let Err(err) = filter_engine.commit() { - return Err(err); - } + filter_engine.commit()? } self.committed = true; info!("transaction committed"); @@ -147,9 +145,7 @@ impl FilterEngine { } } // Commit transaction. - if let Err(err) = filter_engine.commit() { - return Err(err); - } + filter_engine.commit()?; return Ok(()); } diff --git a/windows_kext/wdk/src/filter_engine/net_buffer.rs b/windows_kext/wdk/src/filter_engine/net_buffer.rs index f52745470..ff94ca806 100644 --- a/windows_kext/wdk/src/filter_engine/net_buffer.rs +++ b/windows_kext/wdk/src/filter_engine/net_buffer.rs @@ -85,7 +85,7 @@ impl NetBufferList { } // Allocate space in buffer, if buffer is too small. - let mut buffer = alloc::vec![0 as u8; data_length as usize]; + let mut buffer = alloc::vec![0_u8; data_length as usize]; let ptr = NdisGetDataBuffer(nb, data_length, buffer.as_mut_ptr(), 1, 0); @@ -209,7 +209,7 @@ impl Iterator for NetBufferListIter { } } -pub fn read_packet_partial<'a>(nbl: *mut NET_BUFFER_LIST, buffer: &'a mut [u8]) -> Result<(), ()> { +pub fn read_packet_partial(nbl: *mut NET_BUFFER_LIST, buffer: &mut [u8]) -> Result<(), ()> { unsafe { let Some(nbl) = nbl.as_ref() else { return Err(()); diff --git a/windows_kext/wdk/src/filter_engine/packet.rs b/windows_kext/wdk/src/filter_engine/packet.rs index fcaab347b..afdcb0217 100644 --- a/windows_kext/wdk/src/filter_engine/packet.rs +++ b/windows_kext/wdk/src/filter_engine/packet.rs @@ -105,9 +105,9 @@ impl Injector { } let mut remote_ip: [u8; 16] = [0; 16]; if ipv6 { - remote_ip[0..16].copy_from_slice(&remote_ip_slice); + remote_ip[0..16].copy_from_slice(remote_ip_slice); } else { - remote_ip[0..4].copy_from_slice(&remote_ip_slice); + remote_ip[0..4].copy_from_slice(remote_ip_slice); } TransportPacketList { diff --git a/windows_kext/wdk/src/irp_helpers.rs b/windows_kext/wdk/src/irp_helpers.rs index 52960d5ea..821c3b135 100644 --- a/windows_kext/wdk/src/irp_helpers.rs +++ b/windows_kext/wdk/src/irp_helpers.rs @@ -67,7 +67,7 @@ impl ReadRequest<'_> { for i in 0..bytes_to_write { self.buffer[self.fill_index + i] = bytes[i]; } - self.fill_index = self.fill_index + bytes_to_write; + self.fill_index += bytes_to_write; bytes_to_write } @@ -94,7 +94,7 @@ impl WriteRequest<'_> { } pub fn get_buffer(&self) -> &[u8] { - &self.buffer + self.buffer } pub fn mark_all_as_read(&mut self) { @@ -155,7 +155,7 @@ impl DeviceControlRequest<'_> { } pub fn get_buffer(&self) -> &[u8] { - &self.buffer + self.buffer } pub fn write(&mut self, bytes: &[u8]) -> usize { let mut bytes_to_write: usize = bytes.len(); @@ -168,7 +168,7 @@ impl DeviceControlRequest<'_> { for i in 0..bytes_to_write { self.buffer[self.fill_index + i] = bytes[i]; } - self.fill_index = self.fill_index + bytes_to_write; + self.fill_index += bytes_to_write; bytes_to_write } From 89657123ec66dbd66466a58522584bda6fa07ae9 Mon Sep 17 00:00:00 2001 From: Vladimir Stoilov Date: Mon, 1 Jul 2024 10:28:39 +0300 Subject: [PATCH 7/9] [windows_kext] Remove warning to reduce confusion. --- windows_kext/driver/src/packet_callouts.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows_kext/driver/src/packet_callouts.rs b/windows_kext/driver/src/packet_callouts.rs index a1b5733ad..fb3ee90b8 100644 --- a/windows_kext/driver/src/packet_callouts.rs +++ b/windows_kext/driver/src/packet_callouts.rs @@ -140,7 +140,7 @@ fn ip_packet_layer( } { Ok(key) => key, Err(err) => { - crate::warn!("failed to get key from nbl: {}", err); + crate::dbg!("failed to get key from nbl: {}", err); return; } }; From 2e3304809f5bee3dcfdb7d7b15aa319c1c24e070 Mon Sep 17 00:00:00 2001 From: Vladimir Stoilov Date: Mon, 1 Jul 2024 15:06:54 +0300 Subject: [PATCH 8/9] [windows_kext] Fix minor problems --- service/firewall/interception/windowskext2/kext.go | 6 +++++- windows_kext/kextinterface/kext.go | 5 +++-- windows_kext/kextinterface/protocol_test.go | 1 + windows_kext/protocol/src/info.rs | 2 +- 4 files changed, 10 insertions(+), 4 deletions(-) diff --git a/service/firewall/interception/windowskext2/kext.go b/service/firewall/interception/windowskext2/kext.go index aaedac89e..fa5a8f0d4 100644 --- a/service/firewall/interception/windowskext2/kext.go +++ b/service/firewall/interception/windowskext2/kext.go @@ -39,7 +39,11 @@ func Start() error { } // Start service and open file - service.Start(true) + err = service.Start(true) + if err != nil { + log.Errorf("failed to start service: %s", err) + } + kextFile, err = service.OpenFile(1024) if err != nil { return fmt.Errorf("failed to open driver: %w", err) diff --git a/windows_kext/kextinterface/kext.go b/windows_kext/kextinterface/kext.go index 2707a791f..8322ead8f 100644 --- a/windows_kext/kextinterface/kext.go +++ b/windows_kext/kextinterface/kext.go @@ -11,6 +11,7 @@ import ( "syscall" "time" + "github.com/safing/portmaster/base/log" "golang.org/x/sys/windows" ) @@ -221,7 +222,7 @@ func CreateKextService(driverName string, driverPath string) (*KextService, erro // Check if there is an old service. service, err := windows.OpenService(manager, &driverNameU16[0], windows.SERVICE_ALL_ACCESS) if err == nil { - fmt.Println("kext: old driver service was found") + log.Warning("kext: old driver service was found") oldService := &KextService{handle: service, driverName: driverName} oldService.Stop(true) err = oldService.Delete() @@ -234,7 +235,7 @@ func CreateKextService(driverName string, driverPath string) (*KextService, erro } service = winInvalidHandleValue - fmt.Println("kext: old driver service was deleted successfully") + log.Warning("kext: old driver service was deleted successfully") } driverPathU16, err := syscall.UTF16FromString(driverPath) diff --git a/windows_kext/kextinterface/protocol_test.go b/windows_kext/kextinterface/protocol_test.go index c09cf2861..35a5264df 100644 --- a/windows_kext/kextinterface/protocol_test.go +++ b/windows_kext/kextinterface/protocol_test.go @@ -22,6 +22,7 @@ func TestRustInfoFile(t *testing.T) { for { info, err := RecvInfo(file) // First info should be with invalid size. + // This tests if invalid info data is handled properly. if first { if !errors.Is(err, ErrUnexpectedInfoSize) { t.Errorf("unexpected error: %s\n", err) diff --git a/windows_kext/protocol/src/info.rs b/windows_kext/protocol/src/info.rs index fc50d5891..cb0e7664c 100644 --- a/windows_kext/protocol/src/info.rs +++ b/windows_kext/protocol/src/info.rs @@ -441,7 +441,7 @@ fn generate_test_info_file() -> Result<(), std::io::Error> { for _ in 0..selected.capacity() { selected.push(enums.choose(&mut rng).unwrap().clone()); } - // Write wrong size data. + // Write wrong size data. To make sure that mismatches between kext and portmaster are handled properly. let mut info = connection_info_v6( 1, 2, From 8579958811ee14374bd264ad4ff17257ca114584 Mon Sep 17 00:00:00 2001 From: Vladimir Stoilov Date: Mon, 1 Jul 2024 18:28:16 +0300 Subject: [PATCH 9/9] [windows_kext] Fix go compiler error --- windows_kext/kextinterface/kext.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows_kext/kextinterface/kext.go b/windows_kext/kextinterface/kext.go index 8322ead8f..3b0956cc3 100644 --- a/windows_kext/kextinterface/kext.go +++ b/windows_kext/kextinterface/kext.go @@ -11,7 +11,7 @@ import ( "syscall" "time" - "github.com/safing/portmaster/base/log" + "github.com/safing/portbase/log" "golang.org/x/sys/windows" )