Establish WFP object registry

author: Odd Stranne <odd@mullvad.net> 2019-03-13 14:15:08 +0100
committer: Odd Stranne <odd@mullvad.net> 2019-04-04 20:16:55 +0200
commit: e46844aa39ba9123f74e8776641deb5e5fbabcc6 (patch)
tree: 02bf5c892aa366c94cd00289d204d134e889bfff
parent: 7e1a1a280432886a08c17b13675256546c683983 (diff)
download: mullvadvpn-e46844aa39ba9123f74e8776641deb5e5fbabcc6.tar.xz
mullvadvpn-e46844aa39ba9123f74e8776641deb5e5fbabcc6.zip
9 files changed, 139 insertions, 16 deletions
diff --git a/windows/winfw/src/winfw/guidhash.h b/windows/winfw/src/winfw/guidhash.h
new file mode 100644
index 0000000000..6d730835a7
--- /dev/null
+++ b/windows/winfw/src/winfw/guidhash.h
@@ -0,0 +1,25 @@
+#pragma once
+
+#include <cstdint>
+#include <utility>
+#include <guiddef.h>
+
+// Specialize std::hash
+namespace std
+{
+
+template<>
+struct hash<GUID>
+{
+	size_t operator()(const GUID &guid) const noexcept
+	{
+		static_assert(sizeof(GUID) == (2 * sizeof(uint64_t)));
+
+		// MOV on x86 supports non-aligned access.
+		auto data = reinterpret_cast<const uint64_t *>(&guid);
+
+		return hash<uint64_t>()(data[0] ^ data[1]);
+	}
+};
+
+}
diff --git a/windows/winfw/src/winfw/mullvadguids.cpp b/windows/winfw/src/winfw/mullvadguids.cpp
index 8f717d329b..e68312957f 100644
--- a/windows/winfw/src/winfw/mullvadguids.cpp
+++ b/windows/winfw/src/winfw/mullvadguids.cpp
@@ -1,5 +1,82 @@
 #include "stdafx.h"
 #include "mullvadguids.h"
+#include <algorithm>
+#include <iterator>
+
+//static
+WfpObjectRegistry MullvadGuids::BuildRegistry()
+{
+	const auto detailedRegistry = DetailedRegistry();
+	using ValueType = decltype(detailedRegistry)::const_reference;
+
+	std::unordered_set<GUID> registry;
+
+	std::transform(detailedRegistry.begin(), detailedRegistry.end(), std::inserter(registry, registry.end()), [](ValueType value)
+	{
+		return value.second;
+	});
+
+	return registry;
+}
+
+//static
+DetailedWfpObjectRegistry MullvadGuids::BuildDetailedRegistry()
+{
+	std::multimap<WfpObjectType, GUID> registry;
+
+	registry.insert(std::make_pair(WfpObjectType::Provider, Provider()));
+	registry.insert(std::make_pair(WfpObjectType::Sublayer, SublayerWhitelist()));
+	registry.insert(std::make_pair(WfpObjectType::Sublayer, SublayerBlacklist()));
+	registry.insert(std::make_pair(WfpObjectType::Filter, FilterBlockAll_Outbound_Ipv4()));
+	registry.insert(std::make_pair(WfpObjectType::Filter, FilterBlockAll_Outbound_Ipv6()));
+	registry.insert(std::make_pair(WfpObjectType::Filter, FilterBlockAll_Inbound_Ipv4()));
+	registry.insert(std::make_pair(WfpObjectType::Filter, FilterBlockAll_Inbound_Ipv6()));
+	registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitLan_10_8()));
+	registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitLan_172_16_12()));
+	registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitLan_192_168_16()));
+	registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitLan_169_254_16()));
+	registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitLan_Multicast()));
+	registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitLan_Ipv6_fe80_10()));
+	registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitLan_Ipv6_Multicast()));
+	registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitLanService_10_8()));
+	registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitLanService_172_16_12()));
+	registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitLanService_192_168_16()));
+	registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitLanService_169_254_16()));
+	registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitLanService_Ipv6_fe80_10()));
+	registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitLoopback_Outbound_Ipv4()));
+	registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitLoopback_Outbound_Ipv6()));
+	registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitLoopback_Inbound_Ipv4()));
+	registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitLoopback_Inbound_Ipv6()));
+	registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitDhcpV4_Outbound_Request()));
+	registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitDhcpV6_Outbound_Request()));
+	registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitDhcpV4_Inbound_Response()));
+	registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitDhcpV6_Inbound_Response()));
+	registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitVpnRelay()));
+	registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitVpnTunnel_Outbound_Ipv4()));
+	registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitVpnTunnel_Outbound_Ipv6()));
+	registry.insert(std::make_pair(WfpObjectType::Filter, FilterRestrictDns_Outbound_Ipv4()));
+	registry.insert(std::make_pair(WfpObjectType::Filter, FilterRestrictDns_Outbound_Ipv6()));
+	registry.insert(std::make_pair(WfpObjectType::Filter, FilterRestrictDns_Outbound_Tunnel_Ipv4()));
+	registry.insert(std::make_pair(WfpObjectType::Filter, FilterRestrictDns_Outbound_Tunnel_Ipv6()));
+	registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitVpnTunnelService_Ipv4()));
+	registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitVpnTunnelService_Ipv6()));
+
+	return registry;
+}
+
+//static
+const WfpObjectRegistry &MullvadGuids::Registry()
+{
+	static auto registry = BuildRegistry();	// TODO: Thread safety.
+	return registry;
+}
+
+//static
+const DetailedWfpObjectRegistry &MullvadGuids::DetailedRegistry()
+{
+	static auto registry = BuildDetailedRegistry();	// TODO: Thread safety.
+	return registry;
+}
 
 //static
 const GUID &MullvadGuids::Provider()
diff --git a/windows/winfw/src/winfw/mullvadguids.h b/windows/winfw/src/winfw/mullvadguids.h
index 3b9e9bbecf..04cad0a6c8 100644
--- a/windows/winfw/src/winfw/mullvadguids.h
+++ b/windows/winfw/src/winfw/mullvadguids.h
@@ -1,10 +1,24 @@
 #pragma once
+
+#include "wfpobjecttype.h"
+#include "guidhash.h"
 #include <guiddef.h>
+#include <unordered_set>
+#include <map>
+
+using WfpObjectRegistry = std::unordered_set<GUID>;
+using DetailedWfpObjectRegistry = std::multimap<WfpObjectType, GUID>;
 
 class MullvadGuids
 {
+	static WfpObjectRegistry BuildRegistry();
+	static DetailedWfpObjectRegistry BuildDetailedRegistry();
+
 public:
 
+	static const WfpObjectRegistry &Registry();
+	static const DetailedWfpObjectRegistry &DetailedRegistry();
+
 	MullvadGuids() = delete;
 
 	static const GUID &Provider();
diff --git a/windows/winfw/src/winfw/sessioncontroller.cpp b/windows/winfw/src/winfw/sessioncontroller.cpp
index 2965233600..76106fe55d 100644
--- a/windows/winfw/src/winfw/sessioncontroller.cpp
+++ b/windows/winfw/src/winfw/sessioncontroller.cpp
@@ -1,5 +1,6 @@
 #include "stdafx.h"
 #include "sessioncontroller.h"
+#include "wfpobjecttype.h"
 #include "libwfp/objectinstaller.h"
 #include "libwfp/objectdeleter.h"
 #include "libwfp/transaction.h"
@@ -95,7 +96,7 @@ bool SessionController::addProvider(wfp::ProviderBuilder &providerBuilder)
 
 	if (status)
 	{
-		m_transactionRecords.emplace_back(SessionRecord(key, SessionRecord::ObjectType::Provider));
+		m_transactionRecords.emplace_back(SessionRecord(key, WfpObjectType::Provider));
 	}
 
 	return status;
@@ -114,7 +115,7 @@ bool SessionController::addSublayer(wfp::SublayerBuilder &sublayerBuilder)
 
 	if (status)
 	{
-		m_transactionRecords.emplace_back(SessionRecord(key, SessionRecord::ObjectType::Sublayer));
+		m_transactionRecords.emplace_back(SessionRecord(key, WfpObjectType::Sublayer));
 	}
 
 	return status;
diff --git a/windows/winfw/src/winfw/sessionrecord.cpp b/windows/winfw/src/winfw/sessionrecord.cpp
index ad11f4c013..f57b06afc1 100644
--- a/windows/winfw/src/winfw/sessionrecord.cpp
+++ b/windows/winfw/src/winfw/sessionrecord.cpp
@@ -12,7 +12,7 @@ std::atomic<uint32_t> g_keybase = 0;
 
 } // anonymous namespace
 
-SessionRecord::SessionRecord(const GUID &id, ObjectType type)
+SessionRecord::SessionRecord(const GUID &id, WfpObjectType type)
 	: m_type(type)
 	, m_id(id)
 	, m_key(g_keybase++)
@@ -20,7 +20,7 @@ SessionRecord::SessionRecord(const GUID &id, ObjectType type)
 }
 
 SessionRecord::SessionRecord(UINT64 id)
-	: m_type(ObjectType::Filter)
+	: m_type(WfpObjectType::Filter)
 	, m_filterId(id)
 	, m_key(g_keybase++)
 {
@@ -30,17 +30,17 @@ void SessionRecord::purge(wfp::FilterEngine &engine)
 {
 	switch (m_type)
 	{
-		case ObjectType::Provider:
+		case WfpObjectType::Provider:
 		{
 			wfp::ObjectDeleter::DeleteProvider(engine, m_id);
 			break;
 		}
-		case ObjectType::Sublayer:
+		case WfpObjectType::Sublayer:
 		{
 			wfp::ObjectDeleter::DeleteSublayer(engine, m_id);
 			break;
 		}
-		case ObjectType::Filter:
+		case WfpObjectType::Filter:
 		{
 			wfp::ObjectDeleter::DeleteFilter(engine, m_filterId);
 			break;
diff --git a/windows/winfw/src/winfw/sessionrecord.h b/windows/winfw/src/winfw/sessionrecord.h
index 8ad3be8c86..761a4c863f 100644
--- a/windows/winfw/src/winfw/sessionrecord.h
+++ b/windows/winfw/src/winfw/sessionrecord.h
@@ -1,6 +1,7 @@
 #pragma once
 
 #include "libwfp/filterengine.h"
+#include "wfpobjecttype.h"
 #include <guiddef.h>
 #include <windows.h>
 
@@ -8,14 +9,7 @@ class SessionRecord
 {
 public:
 
-	enum class ObjectType
-	{
-		Provider,
-		Sublayer,
-		Filter
-	};
-
-	SessionRecord(const GUID &id, ObjectType type);
+	SessionRecord(const GUID &id, WfpObjectType type);
 	SessionRecord(UINT64 id);
 
 	SessionRecord(const SessionRecord &) = default;
@@ -28,7 +22,7 @@ public:
 
 private:
 
-	ObjectType m_type;
+	WfpObjectType m_type;
 
 	GUID m_id;
 	UINT64 m_filterId;
diff --git a/windows/winfw/src/winfw/wfpobjecttype.h b/windows/winfw/src/winfw/wfpobjecttype.h
new file mode 100644
index 0000000000..0e31da2969
--- /dev/null
+++ b/windows/winfw/src/winfw/wfpobjecttype.h
@@ -0,0 +1,8 @@
+#pragma once
+
+enum class WfpObjectType
+{
+	Provider,
+	Sublayer,
+	Filter
+};
diff --git a/windows/winfw/src/winfw/winfw.vcxproj b/windows/winfw/src/winfw/winfw.vcxproj
index 7f6a919cd2..3f18edda98 100644
--- a/windows/winfw/src/winfw/winfw.vcxproj
+++ b/windows/winfw/src/winfw/winfw.vcxproj
@@ -43,9 +43,11 @@
     <ClCompile Include="winfw.cpp" />
   </ItemGroup>
   <ItemGroup>
+    <ClInclude Include="guidhash.h" />
     <ClInclude Include="iobjectinstaller.h" />
     <ClInclude Include="mullvadguids.h" />
     <ClInclude Include="mullvadobjects.h" />
+    <ClInclude Include="wfpobjecttype.h" />
     <ClInclude Include="rules\blockall.h" />
     <ClInclude Include="rules\ifirewallrule.h" />
     <ClInclude Include="rules\permitdhcp.h" />
diff --git a/windows/winfw/src/winfw/winfw.vcxproj.filters b/windows/winfw/src/winfw/winfw.vcxproj.filters
index a43d966614..1ff779e93b 100644
--- a/windows/winfw/src/winfw/winfw.vcxproj.filters
+++ b/windows/winfw/src/winfw/winfw.vcxproj.filters
@@ -77,6 +77,8 @@
     <ClInclude Include="rules\permitvpntunnelservice.h">
       <Filter>rules</Filter>
     </ClInclude>
+    <ClInclude Include="wfpobjecttype.h" />
+    <ClInclude Include="guidhash.h" />
   </ItemGroup>
   <ItemGroup>
     <Filter Include="rules">
author	Odd Stranne <odd@mullvad.net>	2019-03-13 14:15:08 +0100
committer	Odd Stranne <odd@mullvad.net>	2019-04-04 20:16:55 +0200
commit	e46844aa39ba9123f74e8776641deb5e5fbabcc6 (patch)
tree	02bf5c892aa366c94cd00289d204d134e889bfff
parent	7e1a1a280432886a08c17b13675256546c683983 (diff)
download	mullvadvpn-e46844aa39ba9123f74e8776641deb5e5fbabcc6.tar.xz mullvadvpn-e46844aa39ba9123f74e8776641deb5e5fbabcc6.zip