windows-nt/Source/XPSP1/NT/public/ddk/inc/ipfirewall.h
2020-09-26 16:20:57 +08:00

145 lines
3.8 KiB
C

/*++
Copyright (c) 1999-2001 Microsoft Corporation
Module Name:
ipfirewall.h
Abstract:
Header file for IP firewall hook clients.
--*/
#define INVALID_IF_INDEX 0xffffffff
#define LOCAL_IF_INDEX 0
//
// Indicates whether it is a transmitted or received packet.
//
typedef enum _IP_DIRECTION_E {
IP_TRANSMIT,
IP_RECEIVE
} DIRECTION_E, *PDIRECTION_E;
typedef struct _FIREWALL_CONTEXT_T {
DIRECTION_E Direction;
void *NTE;
void *LinkCtxt;
NDIS_HANDLE LContext1;
UINT LContext2;
} FIREWALL_CONTEXT_T, *PFIREWALL_CONTEXT_T;
// Definition of an IP receive buffer chain.
typedef struct IPRcvBuf {
struct IPRcvBuf *ipr_next; // Next buffer descriptor in chain.
UINT ipr_owner; // Owner of buffer.
UCHAR *ipr_buffer; // Pointer to buffer.
UINT ipr_size; // Buffer size.
PMDL ipr_pMdl;
UINT *ipr_pClientCnt;
UCHAR *ipr_RcvContext;
UINT ipr_RcvOffset;
ULONG ipr_flags;
} IPRcvBuf;
#define IPR_FLAG_CHECKSUM_OFFLOAD 0x00000002
//
// Enum for values that may be returned from filter routine.
//
typedef enum _FORWARD_ACTION {
FORWARD = 0,
DROP = 1,
ICMP_ON_DROP = 2
} FORWARD_ACTION;
// Definiton for a firewall routine callout.
typedef FORWARD_ACTION
(*IPPacketFirewallPtr)(
VOID **pData,
UINT RecvInterfaceIndex,
UINT *pSendInterfaceIndex,
UCHAR *pDestinationType,
VOID *pContext,
UINT ContextLength,
IPRcvBuf **ppRcvBuf
);
extern
int
IPAllocBuff(
IPRcvBuf *pRcvBuf,
UINT Size
);
extern
VOID
IPFreeBuff(
IPRcvBuf *pRcvBuf
);
extern
VOID
FreeIprBuff(
IPRcvBuf *pRcvBuf
);
typedef enum _IPROUTEINFOCLASS {
IPRouteNoInformation,
IPRouteOutgoingFirewallContext,
IPRouteOutgoingFilterContext,
MaxIPRouteInfoClass
} IPROUTEINFOCLASS;
extern
NTSTATUS
LookupRouteInformation(
IN VOID* RouteLookupData,
OUT VOID* RouteEntry OPTIONAL,
IN IPROUTEINFOCLASS RouteInfoClass OPTIONAL,
OUT VOID* RouteInformation OPTIONAL,
IN OUT UINT* RouteInfoLength OPTIONAL
);
// Structure passed to the IPSetFirewallHook call
typedef struct _IP_SET_FIREWALL_HOOK_INFO {
IPPacketFirewallPtr FirewallPtr; // Packet filter callout.
UINT Priority; // Priority of the hook
BOOLEAN Add; // if TRUE then ADD else DELETE
} IP_SET_FIREWALL_HOOK_INFO, *PIP_SET_FIREWALL_HOOK_INFO;
#define DEST_LOCAL 0 // Destination is local.
#define DEST_BCAST 0x01 // Destination is net or local bcast.
#define DEST_SN_BCAST 0x03 // A subnet bcast.
#define DEST_MCAST 0x05 // A local mcast.
#define DEST_REMOTE 0x08 // Destination is remote.
#define DEST_REM_BCAST 0x0b // Destination is a remote broadcast
#define DEST_REM_MCAST 0x0d // Destination is a remote mcast.
#define DEST_INVALID 0xff // Invalid destination
#define DEST_PROMIS 0x20 // Dest is promiscuous
#define DEST_BCAST_BIT 0x01
#define DEST_OFFNET_BIT 0x10 // Destination is offnet -
// used only by upper layer
// callers.
#define DEST_MCAST_BIT 0x05
#define DD_IP_DEVICE_NAME L"\\Device\\Ip"
#define FSCTL_IP_BASE FILE_DEVICE_NETWORK
#define _IP_CTL_CODE(function, method, access) \
CTL_CODE(FSCTL_IP_BASE, function, method, access)
#define IOCTL_IP_SET_FIREWALL_HOOK \
_IP_CTL_CODE(12, METHOD_BUFFERED, FILE_WRITE_ACCESS)