Skip to content

Fix test_callout to dispatch via filter's bound calloutKey + add bind_ipv6 helper #307

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
mikeagun wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Fix test_callout to dispatch via filter's bound calloutKey + add bind_ipv6 helper #307

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions inc/usersim/fwp_test.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,9 @@ usersim_fwp_classify_packet(_In_ const GUID* layer_guid, NET_IFINDEX if_index);
USERSIM_API FWP_ACTION_TYPE
usersim_fwp_bind_ipv4(_In_ fwp_classify_parameters_t* parameters);

USERSIM_API FWP_ACTION_TYPE
usersim_fwp_bind_ipv6(_In_ fwp_classify_parameters_t* parameters);

USERSIM_API FWP_ACTION_TYPE
usersim_fwp_cgroup_inet4_recv_accept(_In_ fwp_classify_parameters_t* parameters);

Expand Down
43 changes: 37 additions & 6 deletions src/fwp_um.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -138,6 +138,10 @@ fwp_engine_t::test_bind_ipv4(_In_ fwp_classify_parameters_t* parameters)
parameters->destination_ipv4_address;
incoming_value[FWPS_FIELD_ALE_RESOURCE_ASSIGNMENT_V4_IP_PROTOCOL].value.uint8 = parameters->protocol;
incoming_value[FWPS_FIELD_ALE_RESOURCE_ASSIGNMENT_V4_ALE_APP_ID].value.byteBlob = &parameters->app_id;
incoming_value[FWPS_FIELD_ALE_RESOURCE_ASSIGNMENT_V4_COMPARTMENT_ID].value.uint32 = parameters->compartment_id;
incoming_value[FWPS_FIELD_ALE_RESOURCE_ASSIGNMENT_V4_IP_LOCAL_INTERFACE].value.uint64 =
const_cast<UINT64*>(&parameters->interface_luid);
incoming_value[FWPS_FIELD_ALE_RESOURCE_ASSIGNMENT_V4_ALE_USER_ID].value.byteBlob = &parameters->user_id;

return test_callout(
FWPS_LAYER_ALE_RESOURCE_ASSIGNMENT_V4,
Expand All @@ -147,6 +151,29 @@ fwp_engine_t::test_bind_ipv4(_In_ fwp_classify_parameters_t* parameters)
nullptr);
}

// This is used to test the IPv6 bind hook.
FWP_ACTION_TYPE
fwp_engine_t::test_bind_ipv6(_In_ fwp_classify_parameters_t* parameters)
{
FWPS_INCOMING_VALUE0 incoming_value[FWPS_FIELD_ALE_RESOURCE_ASSIGNMENT_V6_MAX] = {};
incoming_value[FWPS_FIELD_ALE_RESOURCE_ASSIGNMENT_V6_IP_LOCAL_PORT].value.uint16 = parameters->destination_port;
incoming_value[FWPS_FIELD_ALE_RESOURCE_ASSIGNMENT_V6_IP_LOCAL_ADDRESS].value.byteArray16 =
&parameters->destination_ipv6_address;
incoming_value[FWPS_FIELD_ALE_RESOURCE_ASSIGNMENT_V6_IP_PROTOCOL].value.uint8 = parameters->protocol;
incoming_value[FWPS_FIELD_ALE_RESOURCE_ASSIGNMENT_V6_ALE_APP_ID].value.byteBlob = &parameters->app_id;
incoming_value[FWPS_FIELD_ALE_RESOURCE_ASSIGNMENT_V6_COMPARTMENT_ID].value.uint32 = parameters->compartment_id;
incoming_value[FWPS_FIELD_ALE_RESOURCE_ASSIGNMENT_V6_IP_LOCAL_INTERFACE].value.uint64 =
const_cast<UINT64*>(&parameters->interface_luid);
incoming_value[FWPS_FIELD_ALE_RESOURCE_ASSIGNMENT_V6_ALE_USER_ID].value.byteBlob = &parameters->user_id;

return test_callout(
FWPS_LAYER_ALE_RESOURCE_ASSIGNMENT_V6,
FWPM_LAYER_ALE_RESOURCE_ASSIGNMENT_V6,
_default_sublayer,
incoming_value,
nullptr);
}

_Requires_lock_not_held_(this->lock) FWP_ACTION_TYPE fwp_engine_t::test_callout(
uint16_t layer_id,
_In_ const GUID& layer_guid,
Expand All @@ -167,12 +194,10 @@ _Requires_lock_not_held_(this->lock) FWP_ACTION_TYPE fwp_engine_t::test_callout(
}
fwps_filter.context = fwpm_filter->rawContext;

const GUID* callout_key = get_callout_key_from_layer_guid_under_lock(&layer_guid);
if (callout_key == nullptr) {
return FWP_ACTION_CALLOUT_UNKNOWN;
}

callout = get_callout_from_key_under_lock(callout_key);
// Look up the callout via the filter's calloutKey rather than scanning by layer.
// This matches real WFP behavior where each filter is bound to a specific callout
// and correctly handles multiple callouts registered at the same WFP layer.
callout = get_callout_from_key_under_lock(&fwpm_filter->action.calloutKey);
if (callout == nullptr) {
return FWP_ACTION_CALLOUT_UNKNOWN;
}
Expand Down Expand Up @@ -1006,6 +1031,12 @@ usersim_fwp_bind_ipv4(_In_ fwp_classify_parameters_t* parameters)
return fwp_engine_t::get()->test_bind_ipv4(parameters);
}

FWP_ACTION_TYPE
usersim_fwp_bind_ipv6(_In_ fwp_classify_parameters_t* parameters)
{
return fwp_engine_t::get()->test_bind_ipv6(parameters);
}

FWP_ACTION_TYPE
usersim_fwp_cgroup_inet4_recv_accept(_In_ fwp_classify_parameters_t* parameters)
{
Expand Down
3 changes: 3 additions & 0 deletions src/fwp_um.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -220,6 +220,9 @@ typedef class fwp_engine_t
FWP_ACTION_TYPE
test_bind_ipv4(_In_ fwp_classify_parameters_t* parameters);

FWP_ACTION_TYPE
test_bind_ipv6(_In_ fwp_classify_parameters_t* parameters);

FWP_ACTION_TYPE
test_cgroup_inet4_recv_accept(_In_ fwp_classify_parameters_t* parameters);

Expand Down