Move classification bit fiddling to enable reuse

2026-05-17 08:16:00 +03:00 · 2021-05-24 13:48:08 +02:00
parent eed015cd6e
commit 797717650e
6 changed files with 87 additions and 47 deletions
--- a/src/firewall/callouts.cpp
+++ b/src/firewall/callouts.cpp
@@ -5,6 +5,7 @@
 #include "pending.h"
 #include "callouts.h"
 #include "logging.h"
+#include "classify.h"
 #include "../util.h"

 #include "../trace.h"
@@ -22,49 +23,6 @@ namespace firewall
 namespace
 {

-void
-ClassificationReset
-(
-	FWPS_CLASSIFY_OUT0 *ClassifyOut
-)
-{
-	//
-	// According to documentation, FwpsAcquireWritableLayerDataPointer0() will update the
-	// `actionType` and `rights` fields with poorly chosen values:
-	//
-	// ```
-	// classifyOut->actionType = FWP_ACTION_BLOCK
-	// classifyOut->rights &= ~FWPS_RIGHT_ACTION_WRITE
-	// ```
-	//
-	// However, in practice it seems to not make any changes to those fields.
-	// But if it did we'd want to ensure the fields have sane values.
-	//
-
-	ClassifyOut->actionType = FWP_ACTION_CONTINUE;
-	ClassifyOut->rights |= FWPS_RIGHT_ACTION_WRITE;
-}
-
-void
-ClassificationApplyHardPermit
-(
-	FWPS_CLASSIFY_OUT0 *ClassifyOut
-)
-{
-	ClassifyOut->actionType = FWP_ACTION_PERMIT;
-	ClassifyOut->rights &= ~FWPS_RIGHT_ACTION_WRITE;
-}
-
-void
-ClassificationApplyHardBlock
-(
-	FWPS_CLASSIFY_OUT0 *ClassifyOut
-)
-{
-	ClassifyOut->actionType = FWP_ACTION_BLOCK;
-	ClassifyOut->rights &= ~FWPS_RIGHT_ACTION_WRITE;
-}
-
 //
 // NotifyFilterAttach()
 //
--- a/src/firewall/classify.cpp
+++ b/src/firewall/classify.cpp
@@ -0,0 +1,49 @@
+#include "classify.h"
+
+namespace firewall
+{
+
+void
+ClassificationReset
+(
+	FWPS_CLASSIFY_OUT0 *ClassifyOut
+)
+{
+	//
+	// According to documentation, FwpsAcquireWritableLayerDataPointer0() will update the
+	// `actionType` and `rights` fields with poorly chosen values:
+	//
+	// ```
+	// classifyOut->actionType = FWP_ACTION_BLOCK
+	// classifyOut->rights &= ~FWPS_RIGHT_ACTION_WRITE
+	// ```
+	//
+	// However, in practice it seems to not make any changes to those fields.
+	// But if it did we'd want to ensure the fields have sane values.
+	//
+
+	ClassifyOut->actionType = FWP_ACTION_CONTINUE;
+	ClassifyOut->rights |= FWPS_RIGHT_ACTION_WRITE;
+}
+
+void
+ClassificationApplyHardPermit
+(
+	FWPS_CLASSIFY_OUT0 *ClassifyOut
+)
+{
+	ClassifyOut->actionType = FWP_ACTION_PERMIT;
+	ClassifyOut->rights &= ~FWPS_RIGHT_ACTION_WRITE;
+}
+
+void
+ClassificationApplyHardBlock
+(
+	FWPS_CLASSIFY_OUT0 *ClassifyOut
+)
+{
+	ClassifyOut->actionType = FWP_ACTION_BLOCK;
+	ClassifyOut->rights &= ~FWPS_RIGHT_ACTION_WRITE;
+}
+
+} // namespace firewall
--- a/src/firewall/classify.h
+++ b/src/firewall/classify.h
@@ -0,0 +1,27 @@
+#pragma once
+
+#include "wfp.h"
+
+namespace firewall
+{
+
+void
+ClassificationReset
+(
+	FWPS_CLASSIFY_OUT0 *ClassifyOut
+);
+
+void
+ClassificationApplyHardPermit
+(
+	FWPS_CLASSIFY_OUT0 *ClassifyOut
+)
+;
+
+void
+ClassificationApplyHardBlock
+(
+	FWPS_CLASSIFY_OUT0 *ClassifyOut
+);
+
+} // namespace firewall
--- a/src/firewall/pending.cpp
+++ b/src/firewall/pending.cpp
@@ -1,4 +1,5 @@
 #include "pending.h"
+#include "classify.h"
 #include "../util.h"

 #include "../trace.h"
@@ -166,10 +167,7 @@ FailRequest
        }
    };

-    // TODO: replace with call to reusable function.
-    ClassifyOut->actionType = FWP_ACTION_PERMIT;
-    ClassifyOut->rights &= ~FWPS_RIGHT_ACTION_WRITE;
-
+    ClassificationApplyHardPermit(ClassifyOut);
    FwpsApplyModifiedLayerData0(ClassifyHandle, requestData, 0);

    return STATUS_SUCCESS;
--- a/src/mullvad-split-tunnel.vcxproj
+++ b/src/mullvad-split-tunnel.vcxproj
@@ -205,6 +205,7 @@
    <ClCompile Include="eventing\eventing.cpp" />
    <ClCompile Include="firewall\appfilters.cpp" />
    <ClCompile Include="firewall\callouts.cpp" />
+    <ClCompile Include="firewall\classify.cpp" />
    <ClCompile Include="firewall\filters.cpp" />
    <ClCompile Include="firewall\firewall.cpp" />
    <ClCompile Include="firewall\logging.cpp" />
@@ -237,6 +238,7 @@
    <ClInclude Include="eventing\eventing.h" />
    <ClInclude Include="firewall\appfilters.h" />
    <ClInclude Include="firewall\callouts.h" />
+    <ClInclude Include="firewall\classify.h" />
    <ClInclude Include="firewall\constants.h" />
    <ClInclude Include="firewall\context.h" />
    <ClInclude Include="firewall\filters.h" />
--- a/src/mullvad-split-tunnel.vcxproj.filters
+++ b/src/mullvad-split-tunnel.vcxproj.filters
@@ -48,6 +48,9 @@
    <ClCompile Include="firewall\pending.cpp">
      <Filter>firewall</Filter>
    </ClCompile>
+    <ClCompile Include="firewall\classify.cpp">
+      <Filter>firewall</Filter>
+    </ClCompile>
  </ItemGroup>
  <ItemGroup>
    <Inf Include="mullvad-split-tunnel.inf" />
@@ -153,6 +156,9 @@
    <ClInclude Include="firewall\pending.h">
      <Filter>firewall</Filter>
    </ClInclude>
+    <ClInclude Include="firewall\classify.h">
+      <Filter>firewall</Filter>
+    </ClInclude>
  </ItemGroup>
  <ItemGroup>
    <Filter Include="firewall">