www.pudn.com > tdi_fw.rar > ipc.h, change:2009-04-28,size:5195b
/* Copyright (c) 2002-2005 Vladislav Goncharov.
*
* Redistribution and use in source forms, with and without modification,
* are permitted provided that this entire comment appears intact.
*
* Redistribution in binary form may occur without any restrictions.
*
* This software is provided ``AS IS'' without any warranties of any kind.
*/
// -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs)
//
// $Id: ipc.h,v 1.1 2009/04/28 12:53:28 tanwen Exp $
#ifndef _ipc_h_
#define _ipc_h_
/* ioctls */
#define FILE_DEVICE_TDI_FW 0x8e86
#define IOCTL_CMD_GETREQUEST CTL_CODE(FILE_DEVICE_TDI_FW, 0x801, METHOD_BUFFERED, FILE_ANY_ACCESS)
#define IOCTL_CMD_CLEARCHAIN CTL_CODE(FILE_DEVICE_TDI_FW, 0x802, METHOD_BUFFERED, FILE_ANY_ACCESS)
#define IOCTL_CMD_APPENDRULE CTL_CODE(FILE_DEVICE_TDI_FW, 0x803, METHOD_BUFFERED, FILE_ANY_ACCESS)
#define IOCTL_CMD_SETCHAINPNAME CTL_CODE(FILE_DEVICE_TDI_FW, 0x804, METHOD_BUFFERED, FILE_ANY_ACCESS)
#define IOCTL_CMD_SETPNAME CTL_CODE(FILE_DEVICE_TDI_FW, 0x805, METHOD_BUFFERED, FILE_ANY_ACCESS)
#define IOCTL_CMD_ACTIVATECHAIN CTL_CODE(FILE_DEVICE_TDI_FW, 0x806, METHOD_BUFFERED, FILE_ANY_ACCESS)
#define IOCTL_CMD_SET_SIDS CTL_CODE(FILE_DEVICE_TDI_FW, 0x807, METHOD_BUFFERED, FILE_ANY_ACCESS)
#define FILE_DEVICE_TDI_FW_NFO 0x8e87
#define IOCTL_CMD_ENUM_LISTEN CTL_CODE(FILE_DEVICE_TDI_FW_NFO, 0x901, METHOD_BUFFERED, FILE_ANY_ACCESS)
#define IOCTL_CMD_ENUM_TCP_CONN CTL_CODE(FILE_DEVICE_TDI_FW_NFO, 0x902, METHOD_BUFFERED, FILE_ANY_ACCESS)
#define IOCTL_CMD_GET_COUNTERS CTL_CODE(FILE_DEVICE_TDI_FW_NFO, 0x903, METHOD_BUFFERED, FILE_ANY_ACCESS)
/*
* direction type for filter
* for quick filter:
* if proto == IPPROTO_TCP (DIRECTION_IN - accept connections; DIRECTION_OUT - connect)
* if proto == IPPROTO_UDP (DIRECTION_IN - receive datagram; DIRECTION_OUT - send datagram)
*/
#define DIRECTION_IN 0
#define DIRECTION_OUT 1
#define DIRECTION_ANY -1
/* filter result */
enum {
FILTER_ALLOW = 1,
FILTER_DENY,
FILTER_PACKET_LOG,
FILTER_PACKET_BAD,
FILTER_DISCONNECT
};
/* types of request */
enum {
TYPE_CONNECT = 1,
TYPE_DATAGRAM,
TYPE_RESOLVE_PID,
TYPE_CONNECT_ERROR,
TYPE_LISTEN,
TYPE_NOT_LISTEN,
TYPE_CONNECT_CANCELED,
TYPE_CONNECT_RESET,
TYPE_CONNECT_TIMEOUT,
TYPE_CONNECT_UNREACH,
TYPE_PROCESS_CREATE, // add by tan wen
TYPE_PROCESS_TERMINATE // add by tan wen
};
#pragma pack(1)
#define RULE_ID_SIZE 32
/*
* request for filter
*/
struct flt_request {
int struct_size; /* should be sizeof(flt_request) */
int type; /* see TYPE_xxx */
ULONG status; /* for TYPE_CONNECT_xxx */
int result; /* see FILTER_xxx */
int direction; /* see DIRECTION_xxx */
int proto; /* see IPPROTO_xxx */
ULONG pid;
ULONG sid_a_size;
/* addr */
struct {
struct sockaddr from;
struct sockaddr to;
int len;
} addr;
/* info from packet filter (valid for FILTER_PACKET_LOG) */
struct {
int is_broadcast; // 0 or 1 (for now unused)
UCHAR tcp_flags;
UCHAR icmp_type;
UCHAR icmp_code;
int tcp_state; // see TCP_STATE_xxx
} packet;
/* info for logging */
ULONG log_skipped;
ULONG log_bytes_in;
ULONG log_bytes_out;
char log_rule_id[RULE_ID_SIZE];
/* for internal use (like private:) */
char *pname;
struct _SID_AND_ATTRIBUTES *sid_a;
};
// I think 128 is a good number :-) (better than 256 :))
#define MAX_CHAINS_COUNT 128
// how many users can be assigned per rule? (MUST: MAX_SIDS_COUNT % 8 == 0 !!!)
#define MAX_SIDS_COUNT 128
/*
* IP rule for quick filter (addr & port are in network order)
*/
struct flt_rule {
union {
struct flt_rule *next; // for internal use
int chain; // useful for IOCTL_CMD_APPENDRULE
};
int result;
int proto;
int direction;
ULONG addr_from;
ULONG mask_from;
USHORT port_from;
USHORT port2_from; /* if nonzero use port range from port_from */
ULONG addr_to;
ULONG mask_to;
USHORT port_to;
USHORT port2_to; /* if nonzero use port range from port_to */
int log; /* see RULE_LOG_xxx */
UCHAR sid_mask[MAX_SIDS_COUNT / 8]; /* SIDs bitmask */
char rule_id[RULE_ID_SIZE];
};
#define RULE_LOG_NOLOG 0
#define RULE_LOG_LOG 1
#define RULE_LOG_COUNT 2
#define IPPROTO_ANY -1
/*
* Entry for listen info
*/
struct listen_nfo {
int ipproto;
ULONG addr;
USHORT port;
ULONG pid;
};
/*
* TCP states
*/
enum {
TCP_STATE_NONE,
TCP_STATE_SYN_SENT,
TCP_STATE_SYN_RCVD,
TCP_STATE_ESTABLISHED_IN,
TCP_STATE_ESTABLISHED_OUT,
TCP_STATE_FIN_WAIT1,
TCP_STATE_FIN_WAIT2,
TCP_STATE_TIME_WAIT,
TCP_STATE_CLOSE_WAIT,
TCP_STATE_LAST_ACK,
TCP_STATE_CLOSED,
TCP_STATE_MAX
};
/*
* Entry for connection info
*/
struct tcp_conn_nfo {
int state;
ULONG laddr;
USHORT lport;
ULONG raddr;
USHORT rport;
ULONG pid;
ULONG bytes_in;
ULONG bytes_out;
};
/*
* traffic counters for IOCTL_CMD_GET_COUNTERS
*/
enum {
TRAFFIC_TOTAL_IN,
TRAFFIC_TOTAL_OUT,
TRAFFIC_COUNTED_IN,
TRAFFIC_COUNTED_OUT,
TRAFFIC_MAX
};
#pragma pack()
#endif