Verwenden von Klassifikationsoptionen
Die folgenden Codebeispiele veranschaulichen, wie Filterklassifizierungsoptionen verwendet werden, um den Filterprozess zu ändern.
Aktivieren der losen Quellzuordnung für einen UDP-Remoteport
#include <windows.h>
#include <fwpmu.h>
#include <stdio.h>
#pragma comment(lib, "fwpuclnt.lib")
#pragma comment(lib, "rpcrt4.lib")
#define EXIT_ON_ERROR(fnName) \
if (result != ERROR_SUCCESS) \
{ \
printf(#fnName " = 0x%08X\n", result); \
goto CLEANUP; \
}
DWORD EnableLooseSourceMapping(
__in HANDLE engine,
__in PCWSTR provCtxtName,
__in PCWSTR filterName,
__in_opt const GUID* providerKey,
__in_opt const GUID* subLayerKey,
__in UINT16 port
)
{
DWORD result = ERROR_SUCCESS;
FWPM_CLASSIFY_OPTION0 option;
FWPM_CLASSIFY_OPTIONS0 options;
FWPM_PROVIDER_CONTEXT0 provCtxt;
FWPM_FILTER_CONDITION0 conds[2];
FWPM_FILTER0 filter;
BOOL txnInProgress = FALSE;
//////////
// Loose source mapping is controlled through classify options, so first
// you add a provider context with the desired option value.
//////////
option.type = FWP_CLASSIFY_OPTION_LOOSE_SOURCE_MAPPING;
option.value.type = FWP_UINT32;
option.value.uint32 = FWP_OPTION_VALUE_ENABLE_LOOSE_SOURCE;
options.numOptions = 1;
options.options = &option;
memset(&provCtxt, 0, sizeof(provCtxt));
// You have to assign the key yourself since you'll need it when adding
// the filters that reference this provider context.
result = UuidCreate(&(provCtxt.providerContextKey));
EXIT_ON_ERROR(UuidCreate);
// For MUI compatibility, object names should be indirect strings. See
// SHLoadIndirectString for details.
provCtxt.displayData.name = (PWSTR)provCtxtName;
// Link all objects to your provider. When multiple providers are
// installed on a computer, this makes it easy to determine who added what.
provCtxt.providerKey = (GUID*)providerKey;
provCtxt.type = FWPM_CLASSIFY_OPTIONS_CONTEXT;
provCtxt.classifyOptions = &options;
// Add all the objects from within a single transaction to make it easy
// to clean up partial results in error paths.
result = FwpmTransactionBegin0(engine, 0);
EXIT_ON_ERROR(FwpmTransactionBegin0);
txnInProgress = TRUE;
result = FwpmProviderContextAdd0(engine, &provCtxt, NULL, NULL);
EXIT_ON_ERROR(FwpmProviderContextAdd0);
//////////
// Next, add filters at the ALE_AUTH_CONNECT layers that reference the
// provider context.
//////////
// First condition matches UDP traffic only.
conds[0].fieldKey = FWPM_CONDITION_IP_PROTOCOL;
conds[0].matchType = FWP_MATCH_EQUAL;
conds[0].conditionValue.type = FWP_UINT8;
conds[0].conditionValue.uint16 = IPPROTO_UDP;
// Second condition matches the remote port.
conds[1].fieldKey = FWPM_CONDITION_IP_REMOTE_PORT;
conds[1].matchType = FWP_MATCH_EQUAL;
conds[1].conditionValue.type = FWP_UINT16;
conds[1].conditionValue.uint16 = port;
// Fill in the common fields shared by all filters.
memset(&filter, 0, sizeof(filter));
filter.displayData.name = (PWSTR)filterName;
// Filters can have either a raw context (which is a UINT64) or a
// provider context. If using the latter, you have to set the
// appropriate flag.
filter.flags = FWPM_FILTER_FLAG_HAS_PROVIDER_CONTEXT;
filter.providerKey = (GUID*)providerKey;
// Generally, it's best to add filters to your own sublayer, so you don't have
// to worry about being overridden by filters added by another provider.
if (subLayerKey != NULL)
{
filter.subLayerKey = *subLayerKey;
}
filter.numFilterConditions = 2;
filter.filterCondition = conds;
// The set options callouts never return permit or block, so they're
// inspection callouts.
filter.action.type = FWP_ACTION_CALLOUT_INSPECTION;
// Link the filter to the provider context we just added. Note that multiple
// filters can reference a single provider context, so once you've added a
// provider context to enable LSM, you can use it over and over again.
filter.providerContextKey = provCtxt.providerContextKey;
// Add the IPv4 filter.
filter.layerKey = FWPM_LAYER_ALE_AUTH_CONNECT_V4;
filter.action.calloutKey = FWPM_CALLOUT_SET_OPTIONS_AUTH_CONNECT_LAYER_V4;
result = FwpmFilterAdd0(engine, &filter, NULL, NULL);
EXIT_ON_ERROR(FwpmFilterAdd0);
// Add the IPv6 filter.
filter.layerKey = FWPM_LAYER_ALE_AUTH_CONNECT_V6;
filter.action.calloutKey = FWPM_CALLOUT_SET_OPTIONS_AUTH_CONNECT_LAYER_V6;
result = FwpmFilterAdd0(engine, &filter, NULL, NULL);
EXIT_ON_ERROR(FwpmFilterAdd0);
// Once all the adds have succeeded, commit the transaction to atomically
// add all the new objects.
result = FwpmTransactionCommit0(engine);
EXIT_ON_ERROR(FwpmTransactionCommit0);
txnInProgress = FALSE;
CLEANUP:
if (txnInProgress)
{
// Abort any transaction still in progress to clean up partial results.
FwpmTransactionAbort0(engine);
}
return result;
}
Ändern der Leerlauflebensdauer für ALE-Flows
#include <windows.h>
#include <stdio.h>
#include <fwpmu.h>
#define INITGUID
#include <guiddef.h>
#pragma comment(lib, "fwpuclnt.lib")
// a4124528-12d6-4da5-a9ee-897a46966dfa
DEFINE_GUID(
CONFIGURE_TIMEOUT_PROVIDER_CONTEXT,
0xa4124528,
0x12d6,
0x4da5,
0xa9, 0xee, 0x89, 0x7a, 0x46, 0x96, 0x6d, 0xfa
);
#define EXIT_ON_ERROR(fnName) \
if (result != ERROR_SUCCESS) \
{ \
printf(#fnName " = 0x%08X\n", result); \
goto CLEANUP; \
}
DWORD ConfigureALEFlowTimeouts(
__in HANDLE engineHandle)
{
DWORD result = ERROR_SUCCESS;
FWPM_PROVIDER_CONTEXT0 configureTimeouts;
FWPM_CLASSIFY_OPTIONS0 options;
FWPM_CLASSIFY_OPTION0 option[2];
FWPM_FILTER0 filter;
FWPM_FILTER_CONDITION0 filterConditions[1];
// Start Transaction.
result = FwpmTransactionBegin0(engineHandle, 0);
EXIT_ON_ERROR(FwpmTransactionBegin0);
RtlZeroMemory(&option, sizeof(option));
option[0].type = FWP_CLASSIFY_OPTION_MCAST_BCAST_LIFETIME;
option[0].value.type = FWP_UINT32;
option[0].value.uint32 = 10; // 10 seconds
option[1].type = FWP_CLASSIFY_OPTION_UNICAST_LIFETIME;
option[1].value.type = FWP_UINT32;
option[1].value.uint32 = 90; // 1.5 minutes
RtlZeroMemory(&options, sizeof(FWPM_CLASSIFY_OPTIONS0));
options.numOptions = 2;
options.options = option;
RtlZeroMemory(&configureTimeouts, sizeof(FWPM_PROVIDER_CONTEXT0));
configureTimeouts.providerContextKey = CONFIGURE_TIMEOUT_PROVIDER_CONTEXT;
configureTimeouts.type = FWPM_CLASSIFY_OPTIONS_CONTEXT;
configureTimeouts.displayData.name = L"Classify Options";
configureTimeouts.displayData.description = L"Sets options ALE connect layers";
configureTimeouts.classifyOptions = &options;
// Add Provider Context for V4 connections.
result = FwpmProviderContextAdd0(engineHandle, &configureTimeouts, NULL, NULL);
EXIT_ON_ERROR(FwpmProviderContextAdd0);
RtlZeroMemory(&filter, sizeof(FWPM_FILTER0));
filter.layerKey = FWPM_LAYER_ALE_AUTH_CONNECT_V4;
filter.displayData.name = L"Implement Configure Timeouts for V4";
filter.displayData.description = L"Sets up flow for traffic that we are interested in.";
filter.action.type = FWP_ACTION_CALLOUT_INSPECTION;
filter.action.calloutKey = FWPM_CALLOUT_SET_OPTIONS_AUTH_CONNECT_LAYER_V4;
filter.subLayerKey = FWPM_SUBLAYER_INSPECTION;
filter.weight.type = FWP_EMPTY; // auto-weight
filter.flags = FWPM_FILTER_FLAG_HAS_PROVIDER_CONTEXT;
filter.providerContextKey = CONFIGURE_TIMEOUT_PROVIDER_CONTEXT;
filter.filterCondition = filterConditions;
filter.numFilterConditions = 1;
RtlZeroMemory(filterConditions, sizeof(filterConditions));
// Enable filter for UDP traffic.
filterConditions[0].fieldKey = FWPM_CONDITION_IP_PROTOCOL;
filterConditions[0].matchType = FWP_MATCH_EQUAL;
filterConditions[0].conditionValue.type = FWP_UINT8;
filterConditions[0].conditionValue.uint8 = IPPROTO_UDP;
// Add Connect V4 Configure Timeouts filter.
result = FwpmFilterAdd0(engineHandle, &filter, NULL, NULL);
EXIT_ON_ERROR(FwpmFilterAdd0);
// Commit transaction.
result = FwpmTransactionCommit0(engineHandle);
if (ERROR_SUCCESS == result)
{
printf("Successfully Committed Transaction\n");
}
goto CLEANUP;
CLEANUP:
return result;
}
DWORD wmain(int argc,
wchar_t* argv[])
{
UNREFERENCED_PARAMETER(argc);
UNREFERENCED_PARAMETER(argv);
HANDLE engineHandle = 0;
// Use dynamic sessions for efficiency and safety:
// - All objects associated with the dynamic session are deleted with one call.
// - Filtering policy objects are deleted even when the application crashes.
FWPM_SESSION0 session;
memset(&session, 0, sizeof(session));
session.flags = FWPM_SESSION_FLAG_DYNAMIC;
DWORD result = FwpmEngineOpen0(NULL, RPC_C_AUTHN_WINNT, NULL, &session, &engineHandle);
if (ERROR_SUCCESS == result)
{
result = ConfigureALEFlowTimeouts(engineHandle);
}
if (result != ERROR_SUCCESS)
{
printf("Error: %x\n", result);
}
return result;
}
Zugehörige Themen