Fix reading only the needed TCP/UDP header bytes (#1730)

* [windows_kext] Fix reading only the needed TCP/UDP header bytes

* [windows_kext] Disable debug mode

* [windows_kext] Block all fragment packets

* [windows_kext] Improve wording for compiler error

windows_kext/wdk/src/filter_engine/callout_data.rs

@@ -133,6 +133,10 @@ impl<'a> CalloutData<'a> {
         }
     }
 
+    pub fn is_fragment_data(&self) -> bool {
+        unsafe { (*self.metadata).is_fragment_data() }
+    }
+
     pub fn pend_operation(
         &mut self,
         packet_list: Option<TransportPacketList>,

windows_kext/wdk/src/filter_engine/metadata.rs

@@ -7,9 +7,9 @@ use windows_sys::Win32::{
     NetworkManagement::{
         IpHelper::IP_ADDRESS_PREFIX,
         WindowsFilteringPlatform::{
-            FWPS_METADATA_FIELD_COMPLETION_HANDLE, FWPS_METADATA_FIELD_PROCESS_ID,
-            FWPS_METADATA_FIELD_PROCESS_PATH, FWPS_METADATA_FIELD_REMOTE_SCOPE_ID,
-            FWPS_METADATA_FIELD_TRANSPORT_CONTROL_DATA,
+            FWPS_METADATA_FIELD_COMPLETION_HANDLE, FWPS_METADATA_FIELD_FRAGMENT_DATA,
+            FWPS_METADATA_FIELD_PROCESS_ID, FWPS_METADATA_FIELD_PROCESS_PATH,
+            FWPS_METADATA_FIELD_REMOTE_SCOPE_ID, FWPS_METADATA_FIELD_TRANSPORT_CONTROL_DATA,
             FWPS_METADATA_FIELD_TRANSPORT_ENDPOINT_HANDLE, FWP_BYTE_BLOB, FWP_DIRECTION,
         },
     },
@@ -137,6 +137,14 @@ impl FwpsIncomingMetadataValues {
         None
     }
 
+    pub(crate) fn is_fragment_data(&self) -> bool {
+        if self.has_field(FWPS_METADATA_FIELD_FRAGMENT_DATA) {
+            return self.fragment_metadata.fragment_offset != 0;
+        }
+
+        false
+    }
+
     pub(crate) unsafe fn get_control_data(&self) -> Option<NonNull<[u8]>> {
         if self.has_field(FWPS_METADATA_FIELD_TRANSPORT_CONTROL_DATA) {
             if self.control_data.is_null() || self.control_data_length == 0 {