2021-06-10 22:02:00 +03:00
|
|
|
// Copyright (c) Microsoft Corporation
|
|
|
|
|
// SPDX-License-Identifier: MIT
|
2021-02-11 19:15:57 +03:00
|
|
|
|
2021-01-14 23:48:48 +03:00
|
|
|
/*++
|
|
|
|
|
|
|
|
|
|
Abstract:
|
|
|
|
|
|
|
|
|
|
Header file for structures/prototypes of the driver.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Environment:
|
|
|
|
|
|
|
|
|
|
Kernel mode
|
|
|
|
|
|
|
|
|
|
--*/
|
|
|
|
|
|
2021-03-10 01:54:03 +03:00
|
|
|
#pragma once
|
2021-02-09 04:16:52 +03:00
|
|
|
|
2021-04-28 06:39:20 +03:00
|
|
|
#include <ntddk.h>
|
2021-09-21 18:46:35 +03:00
|
|
|
#pragma warning(push)
|
|
|
|
|
#pragma warning(disable : 28253) // Inconsistent annotation for '_umul128'
|
|
|
|
|
#include <ntintsafe.h>
|
|
|
|
|
#pragma warning(pop)
|
2021-04-28 06:39:20 +03:00
|
|
|
|
2021-09-14 00:46:43 +03:00
|
|
|
#define INITGUID
|
|
|
|
|
|
|
|
|
|
#include <fwpmk.h>
|
|
|
|
|
|
|
|
|
|
#pragma warning(push)
|
|
|
|
|
#pragma warning(disable : 4201) // unnamed struct/union
|
|
|
|
|
#include <fwpsk.h>
|
|
|
|
|
#pragma warning(pop)
|
|
|
|
|
|
|
|
|
|
#include <guiddef.h>
|
2022-03-15 01:16:11 +03:00
|
|
|
#include <netioapi.h>
|
2021-09-14 00:46:43 +03:00
|
|
|
#include <netiodef.h>
|
|
|
|
|
#include <ntddk.h>
|
|
|
|
|
|
|
|
|
|
#include "ebpf_nethooks.h"
|
|
|
|
|
#include "ebpf_platform.h"
|
|
|
|
|
#include "ebpf_program_types.h"
|
2022-02-26 04:53:12 +03:00
|
|
|
#include "ebpf_program_attach_type_guids.h"
|
2021-09-14 00:46:43 +03:00
|
|
|
#include "ebpf_windows.h"
|
|
|
|
|
|
2022-02-26 04:53:12 +03:00
|
|
|
#include "net_ebpf_ext_hook_provider.h"
|
|
|
|
|
#include "net_ebpf_ext_prog_info_provider.h"
|
2021-09-14 03:46:23 +03:00
|
|
|
#include "net_ebpf_ext_program_info.h"
|
|
|
|
|
|
2021-09-21 18:46:35 +03:00
|
|
|
#define NET_EBPF_EXTENSION_POOL_TAG 'Nfbe'
|
2021-09-14 00:46:43 +03:00
|
|
|
#define NET_EBPF_EXTENSION_NPI_PROVIDER_VERSION 0
|
|
|
|
|
|
2022-04-12 21:37:44 +03:00
|
|
|
#define htonl(x) _byteswap_ulong(x)
|
|
|
|
|
#define htons(x) _byteswap_ushort(x)
|
|
|
|
|
|
2022-03-15 01:16:11 +03:00
|
|
|
typedef struct _net_ebpf_extension_wfp_filter_parameters
|
|
|
|
|
{
|
|
|
|
|
const GUID* layer_guid; ///< GUID of WFP layer to which this filter is associated.
|
|
|
|
|
const GUID* callout_guid; ///< GUID of WFP callout to which this filter is associated.
|
|
|
|
|
const wchar_t* name; ///< Display name of filter.
|
|
|
|
|
const wchar_t* description; ///< Description of filter.
|
|
|
|
|
} net_ebpf_extension_wfp_filter_parameters_t;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Add WFP filters with specified conditions at specified layers.
|
|
|
|
|
*
|
|
|
|
|
* @param[in] filter_count Count of filters to be added.
|
|
|
|
|
* @param[in] filter Parameters Filter parameters.
|
|
|
|
|
* @param[in] condition_count Count of filter conditions.
|
|
|
|
|
* @param[in] conditions Common filter conditions to be applied to each filter.
|
|
|
|
|
* @param[in] raw_context Caller supplied context to be associated with the WFP filter.
|
|
|
|
|
* @param[out] filter_ids Output buffer where the added filter IDs are stored.
|
|
|
|
|
*
|
|
|
|
|
* @retval EBPF_SUCCESS The operation completed successfully.
|
|
|
|
|
* @retval EBPF_INVALID_ARGUMENT One or more arguments are invalid.
|
|
|
|
|
*/
|
|
|
|
|
ebpf_result_t
|
|
|
|
|
net_ebpf_extension_add_wfp_filters(
|
|
|
|
|
uint32_t filter_count,
|
|
|
|
|
_In_count_(filter_count) const net_ebpf_extension_wfp_filter_parameters_t* parameters,
|
|
|
|
|
uint32_t condition_count,
|
|
|
|
|
_In_opt_count_(condition_count) const FWPM_FILTER_CONDITION* conditions,
|
|
|
|
|
_In_ const void* raw_context,
|
|
|
|
|
_Out_writes_(filter_count) uint64_t* filter_ids);
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Deletes WFP filters with specified filter IDs.
|
|
|
|
|
*
|
|
|
|
|
* @param[in] filter_count Count of filters to be added.
|
|
|
|
|
* @param[in] filter_ids ID of the filter being deleted.
|
|
|
|
|
*/
|
|
|
|
|
void
|
|
|
|
|
net_ebpf_extension_delete_wfp_filters(uint32_t filter_count, _In_count_(filter_count) uint64_t* filter_ids);
|
|
|
|
|
|
|
|
|
|
// eBPF WFP Sublayer GUID.
|
|
|
|
|
// 7c7b3fb9-3331-436a-98e1-b901df457fff
|
|
|
|
|
DEFINE_GUID(EBPF_SUBLAYER, 0x7c7b3fb9, 0x3331, 0x436a, 0x98, 0xe1, 0xb9, 0x01, 0xdf, 0x45, 0x7f, 0xff);
|
|
|
|
|
|
2021-09-21 18:46:35 +03:00
|
|
|
// Globals.
|
|
|
|
|
extern NDIS_HANDLE _net_ebpf_ext_nbl_pool_handle;
|
|
|
|
|
extern NDIS_HANDLE _net_ebpf_ext_ndis_handle;
|
|
|
|
|
extern HANDLE _net_ebpf_ext_l2_injection_handle;
|
2022-02-26 04:53:12 +03:00
|
|
|
extern DEVICE_OBJECT* _net_ebpf_ext_driver_device_object;
|
2021-09-21 18:46:35 +03:00
|
|
|
|
2021-01-14 23:48:48 +03:00
|
|
|
//
|
2021-09-14 00:46:43 +03:00
|
|
|
// Shared function prototypes.
|
2021-01-14 23:48:48 +03:00
|
|
|
//
|
|
|
|
|
|
2021-09-21 18:46:35 +03:00
|
|
|
/**
|
|
|
|
|
* @brief Initialize global NDIS handles.
|
|
|
|
|
*
|
|
|
|
|
* @param[in] driver_object The driver object to associate the NDIS generic object handle with.
|
|
|
|
|
* @retval STATUS_SUCCESS NDIS handles initialized successfully.
|
|
|
|
|
* @retval STATUS_INSUFFICIENT_RESOURCES Failed to initialize NDIS handles due to insufficient resources.
|
|
|
|
|
*/
|
|
|
|
|
NTSTATUS
|
|
|
|
|
net_ebpf_ext_initialize_ndis_handles(_In_ const DRIVER_OBJECT* driver_object);
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Uninitialize global NDIS handles.
|
|
|
|
|
*/
|
|
|
|
|
void
|
|
|
|
|
net_ebpf_ext_uninitialize_ndis_handles();
|
|
|
|
|
|
2021-04-28 06:39:20 +03:00
|
|
|
/**
|
|
|
|
|
* @brief Register for the WFP callouts used to power hooks.
|
|
|
|
|
*
|
|
|
|
|
* @param[in] device_object Device object used by this driver.
|
|
|
|
|
* @retval STATUS_SUCCESS Operation succeeded.
|
|
|
|
|
* @retval FWP_E_* A Windows Filtering Platform (WFP) specific error.
|
|
|
|
|
*/
|
2021-01-14 23:48:48 +03:00
|
|
|
NTSTATUS
|
2022-03-15 01:16:11 +03:00
|
|
|
net_ebpf_extension_initialize_wfp_components(_Inout_ void* device_object);
|
2021-01-14 23:48:48 +03:00
|
|
|
|
2021-04-28 06:39:20 +03:00
|
|
|
/**
|
|
|
|
|
* @brief Unregister the WFP callouts.
|
|
|
|
|
*
|
|
|
|
|
*/
|
|
|
|
|
void
|
2022-03-15 01:16:11 +03:00
|
|
|
net_ebpf_extension_uninitialize_wfp_components(void);
|
2021-04-28 06:39:20 +03:00
|
|
|
|
|
|
|
|
/**
|
2021-09-14 00:46:43 +03:00
|
|
|
* @brief Register network extension NPI providers with eBPF core.
|
2021-04-28 06:39:20 +03:00
|
|
|
*
|
|
|
|
|
* @retval STATUS_SUCCESS Operation succeeded.
|
|
|
|
|
* @retval STATUS_UNSUCCESSFUL Operation failed.
|
|
|
|
|
*/
|
|
|
|
|
NTSTATUS
|
2021-05-05 00:31:12 +03:00
|
|
|
net_ebpf_ext_register_providers();
|
2021-04-28 06:39:20 +03:00
|
|
|
|
|
|
|
|
/**
|
2021-09-14 00:46:43 +03:00
|
|
|
* @brief Unregister network extension NPI providers from eBPF core.
|
2021-05-04 01:17:10 +03:00
|
|
|
*
|
|
|
|
|
*/
|
|
|
|
|
void
|
2021-09-14 00:46:43 +03:00
|
|
|
net_ebpf_ext_unregister_providers();
|
