Feature/kext default action drop (#1747)

* [windows_kext] Make default action to drop * [windows_kext] Minor improvments
2024-11-25 14:03:35 +02:00
parent 38e9e342f7
commit fe070b4f56
5 changed files with 18 additions and 10 deletions
--- a/windows_kext/wdk/src/filter_engine/callout_data.rs
+++ b/windows_kext/wdk/src/filter_engine/callout_data.rs
@@ -161,24 +161,28 @@ impl<'a> CalloutData<'a> {
    pub fn action_permit(&mut self) {
        unsafe {
            (*self.classify_out).action_permit();
+            (*self.classify_out).clear_absorb_flag();
        }
    }

    pub fn action_continue(&mut self) {
        unsafe {
            (*self.classify_out).action_continue();
+            (*self.classify_out).clear_absorb_flag();
        }
    }

    pub fn action_block(&mut self) {
        unsafe {
            (*self.classify_out).action_block();
+            (*self.classify_out).clear_absorb_flag();
        }
    }

    pub fn action_none(&mut self) {
        unsafe {
            (*self.classify_out).set_none();
+            (*self.classify_out).clear_absorb_flag();
        }
    }

@@ -198,13 +202,6 @@ impl<'a> CalloutData<'a> {
        self.get_value_u32(flags_index) & FWP_CONDITION_FLAG_IS_REAUTHORIZE > 0
    }

-    pub fn parmit_and_absorb(&mut self) {
-        unsafe {
-            (*self.classify_out).action_permit();
-            (*self.classify_out).set_absorb();
-        }
-    }
-
    pub fn get_callout_id(&self) -> usize {
        self.callout_id
    }
--- a/windows_kext/wdk/src/filter_engine/classify.rs
+++ b/windows_kext/wdk/src/filter_engine/classify.rs
@@ -80,6 +80,11 @@ impl ClassifyOut {
        self.flags |= FWPS_CLASSIFY_OUT_FLAG_ABSORB;
    }

+    // Removes the absorb flag.
+    pub fn clear_absorb_flag(&mut self) {
+        self.flags &= !FWPS_CLASSIFY_OUT_FLAG_ABSORB;
+    }
+
    // Clear the write flag permission. Next filter in the chain will not change the action.
    pub fn clear_write_flag(&mut self) {
        self.rights &= !FWPS_RIGHT_ACTION_WRITE;
--- a/windows_kext/wdk/src/filter_engine/ffi.rs
+++ b/windows_kext/wdk/src/filter_engine/ffi.rs
@@ -62,7 +62,7 @@ pub(crate) fn register_sublayer(
        sublayer.displayData.name = name.as_ptr() as _;
        sublayer.displayData.description = description.as_ptr() as _;
        sublayer.flags = 0;
-        sublayer.weight = 0xFFFF;
+        sublayer.weight = 0xFFFF; // Set to Max value. Weight compared to other sublayers.

        let status = FwpmSubLayerAdd0(filter_engine_handle, &sublayer, core::ptr::null_mut());
        check_ntstatus(status as i32)?;