Merge branch 'nmap:master' into fix_nonadmin_npcaphelper

Author: conioh

Common/Packet32.h

@@ -372,11 +372,14 @@ struct _PACKET_OID_DATA
 	///< for a complete list of valid codes.
 	ULONG Length;				///< Length of the data field
 	_Field_size_full_(Length)
-	UCHAR Data[1];				///< variable-lenght field that contains the information passed to or received 
+	UCHAR Data[1];				///< variable-length field that contains the information passed to or received
 	///< from the adapter.
 }; 
 typedef struct _PACKET_OID_DATA PACKET_OID_DATA, * PPACKET_OID_DATA;
 
+#define PACKET_OID_DATA_LENGTH(_DataLength) \
+	(FIELD_OFFSET(PACKET_OID_DATA, Data) + _DataLength)
+
 #ifdef __cplusplus
 extern "C"
 {
@@ -420,7 +423,8 @@ extern "C"
 	_Success_(return) BOOLEAN PacketSetHwFilter(_In_ LPADAPTER AdapterObject, _In_ ULONG Filter);
 	_Success_(return) BOOLEAN PacketGetAdapterNames(_Out_writes_opt_(_Old_(*BufferSize)) PCHAR pStr, _Inout_ PULONG  BufferSize);
 	_Success_(return) BOOLEAN PacketGetNetInfoEx(_In_ PCCH AdapterName, _Out_writes_to_(_Old_(*NEntries),*NEntries) npf_if_addr* buffer, _Inout_ PLONG NEntries);
-	_Success_(return) BOOLEAN PacketRequest(_In_ LPADAPTER  AdapterObject, _In_ BOOLEAN Set, _Inout_ PPACKET_OID_DATA  OidData);
+	_Success_(return) BOOLEAN PacketRequest(_In_ LPADAPTER  AdapterObject, _In_ BOOLEAN Set, _Inout_updates_bytes_(PACKET_OID_DATA_LENGTH(OidData->Length)) PPACKET_OID_DATA  OidData);
+	_Success_(return) BOOLEAN PacketGetInfo(_In_opt_ LPADAPTER AdapterObject, _Inout_updates_bytes_(PACKET_OID_DATA_LENGTH(OidData->Length)) PPACKET_OID_DATA OidData);
 	HANDLE PacketGetReadEvent(_In_ LPADAPTER AdapterObject);
 	__declspec(deprecated("Kernel dump mode is not supported")) BOOLEAN PacketSetDumpName(LPADAPTER AdapterObject, void* name, int len);
 	__declspec(deprecated("Kernel dump mode is not supported")) BOOLEAN PacketSetDumpLimits(LPADAPTER AdapterObject, UINT maxfilesize, UINT maxnpacks);

packetWin7/Dll/Packet.def

@@ -39,4 +39,5 @@ EXPORTS
 		PacketSetLoopbackBehavior
 		PacketSetTimestampMode
 		PacketGetTimestampModes
+		PacketGetInfo
 		PacketGetAirPcapHandle

packetWin7/Dll/Packet32.cpp

@@ -927,7 +927,7 @@ static PCHAR WChar2SChar(_In_ LPCWCH string)
 BOOLEAN PacketSetMaxLookaheadsize (LPADAPTER AdapterObject)
 {
 	BOOLEAN    Status;
-	CHAR IoCtlBuffer[sizeof(PACKET_OID_DATA) + sizeof(ULONG) - 1] = { 0 };
+	CHAR IoCtlBuffer[PACKET_OID_DATA_LENGTH(sizeof(ULONG))] = { 0 };
 	PPACKET_OID_DATA  OidData = (PPACKET_OID_DATA)IoCtlBuffer;
 	DWORD err = ERROR_SUCCESS;
 
@@ -2918,13 +2918,13 @@ _Success_(return == ERROR_SUCCESS)
 static DWORD PacketRequestHelper(
 		_In_ HANDLE hAdapter,
 		_In_ BOOLEAN Set,
-		_In_ PPACKET_OID_DATA OidData)
+		_Inout_updates_bytes_(PACKET_OID_DATA_LENGTH(OidData->Length)) PPACKET_OID_DATA OidData)
 {
 	DWORD BytesReturned = 0;
 	DWORD err = ERROR_SUCCESS;
 	if(!DeviceIoControl(hAdapter, (DWORD) (Set ? BIOCSETOID : BIOCQUERYOID),
-                           OidData, sizeof(PACKET_OID_DATA) - 1 + OidData->Length,
-			   OidData, sizeof(PACKET_OID_DATA) - 1 + OidData->Length,
+                           OidData, PACKET_OID_DATA_LENGTH(OidData->Length),
+			   OidData, PACKET_OID_DATA_LENGTH(OidData->Length),
 			   &BytesReturned, NULL))
 	{
 		err = GetLastError();
@@ -2991,7 +2991,7 @@ BOOLEAN PacketSetHwFilter(LPADAPTER  AdapterObject,ULONG Filter)
 {
     BOOLEAN    Status;
     DWORD err = ERROR_SUCCESS;
-	CHAR IoCtlBuffer[sizeof(PACKET_OID_DATA) + sizeof(ULONG) - 1] = { 0 };
+    CHAR IoCtlBuffer[PACKET_OID_DATA_LENGTH(sizeof(ULONG))] = { 0 };
     PPACKET_OID_DATA  OidData = (PPACKET_OID_DATA) IoCtlBuffer;
 
 	TRACE_ENTER();
@@ -3454,7 +3454,7 @@ _Use_decl_annotations_
 BOOLEAN PacketGetNetType(LPADAPTER AdapterObject, NetType *type)
 {
 	DWORD err = ERROR_SUCCESS;
-	CHAR IoCtlBuffer[sizeof(PACKET_OID_DATA)+sizeof(NDIS_LINK_SPEED)] = {0};
+	CHAR IoCtlBuffer[PACKET_OID_DATA_LENGTH(sizeof(NDIS_LINK_SPEED))] = {0};
 
 	TRACE_ENTER();
 	if (type == NULL) {
@@ -3569,7 +3569,7 @@ int PacketIsMonitorModeSupported(PCCH AdapterName)
 {
 	HANDLE hAdapter;
 	PCHAR AdapterID = NULL;
-	CHAR IoCtlBuffer[sizeof(PACKET_OID_DATA) + sizeof(DOT11_OPERATION_MODE_CAPABILITY) - 1] = { 0 };
+	CHAR IoCtlBuffer[PACKET_OID_DATA_LENGTH(sizeof(DOT11_OPERATION_MODE_CAPABILITY))] = { 0 };
 	PPACKET_OID_DATA  OidData = (PPACKET_OID_DATA)IoCtlBuffer;
 	PDOT11_OPERATION_MODE_CAPABILITY pOperationModeCapability;
 	int mode;
@@ -3641,7 +3641,7 @@ int PacketSetMonitorMode(PCCH AdapterName, int mode)
 	DWORD dwResult = ERROR_INVALID_DATA;
 	PCHAR AdapterID = NULL;
 	HANDLE hAdapter = INVALID_HANDLE_VALUE;
-	CHAR IoCtlBuffer[sizeof(PACKET_OID_DATA) + sizeof(DOT11_CURRENT_OPERATION_MODE) - 1] = { 0 };
+	CHAR IoCtlBuffer[PACKET_OID_DATA_LENGTH(sizeof(DOT11_CURRENT_OPERATION_MODE))] = { 0 };
 	PPACKET_OID_DATA  OidData = (PPACKET_OID_DATA)IoCtlBuffer;
 	PDOT11_CURRENT_OPERATION_MODE pOpMode = (PDOT11_CURRENT_OPERATION_MODE)OidData->Data;
 
@@ -3713,7 +3713,7 @@ int PacketGetMonitorMode(PCCH AdapterName)
 	int mode;
 	HANDLE hAdapter = INVALID_HANDLE_VALUE;
 	DWORD dwResult = ERROR_INVALID_DATA;
-	CHAR IoCtlBuffer[sizeof(PACKET_OID_DATA) + sizeof(DOT11_CURRENT_OPERATION_MODE) - 1] = { 0 };
+	CHAR IoCtlBuffer[PACKET_OID_DATA_LENGTH(sizeof(DOT11_CURRENT_OPERATION_MODE))] = { 0 };
 	PPACKET_OID_DATA  OidData = (PPACKET_OID_DATA)IoCtlBuffer;
 	PDOT11_CURRENT_OPERATION_MODE pOperationMode = (PDOT11_CURRENT_OPERATION_MODE)OidData->Data;
 	PCHAR AdapterID = NULL;
@@ -3792,4 +3792,50 @@ PAirpcapHandle PacketGetAirPcapHandle(LPADAPTER AdapterObject)
 	return handle;
 }
 
+_Use_decl_annotations_
+BOOLEAN PacketGetInfo(
+		LPADAPTER AdapterObject,
+		PPACKET_OID_DATA OidData)
+{
+	HANDLE hAdapter = INVALID_HANDLE_VALUE;
+	BOOLEAN bCloseAdapter = FALSE;
+	DWORD BytesReturned = 0;
+	DWORD err = ERROR_SUCCESS;
+	TRACE_ENTER();
+
+	if (AdapterObject == NULL) {
+		hAdapter = PacketGetAdapterHandle("", 0);
+		bCloseAdapter = TRUE;
+	}
+	else if(AdapterObject->Flags & INFO_FLAG_MASK_NOT_NPF)
+	{
+		TRACE_PRINT("PacketRequest not supported on non-NPF adapters.");
+		TRACE_EXIT();
+		SetLastError(ERROR_NOT_SUPPORTED);
+		return FALSE;
+	}
+	else {
+		hAdapter = AdapterObject->hFile;
+	}
+
+	if(!DeviceIoControl(hAdapter, BIOCGETINFO,
+                           OidData, PACKET_OID_DATA_LENGTH(OidData->Length),
+			   OidData, PACKET_OID_DATA_LENGTH(OidData->Length),
+			   &BytesReturned, NULL))
+	{
+		err = GetLastError();
+	}
+	TRACE_PRINT3("PacketGetInfo: ID = 0x%.08x, Length = %d, ErrCode = 0x%.08x",
+			OidData->Oid,
+			OidData->Length,
+			err);
+
+	if (bCloseAdapter) {
+		CloseHandle(hAdapter);
+	}
+	TRACE_EXIT();
+	SetLastError(err);
+	return (err == ERROR_SUCCESS);
+}
+
 /* @} */

packetWin7/npf/npf/Openclos.c

@@ -163,7 +163,7 @@ NPF_GetFilterModuleByAdapterName(
 _Must_inspect_result_
 _Success_(return != NULL)
 __drv_allocatesMem(mem)
-POPEN_INSTANCE
+__declspec(restrict) POPEN_INSTANCE
 NPF_CreateOpenObject(
 	_In_ NDIS_HANDLE NdisHandle
 	);

packetWin7/npf/npf/Packet.c

@@ -1950,6 +1950,87 @@ static NTSTATUS funcBIOCGETPIDS(_In_ POPEN_INSTANCE pOpen,
 	return STATUS_SUCCESS;
 }
 
+_Must_inspect_result_
+static NTSTATUS funcBIOCGETINFO(_In_ POPEN_INSTANCE pOpen,
+	       _Inout_updates_bytes_(ulBufLenIn) PPACKET_OID_DATA OidData,
+	       _In_ ULONG ulBufLenIn,
+	       _In_ ULONG ulBufLenOut,
+	       _Out_ PULONG_PTR Info)
+{
+	NTSTATUS Status = STATUS_UNSUCCESSFUL;
+	PSINGLE_LIST_ENTRY Curr = NULL;
+	PNPCAP_FILTER_MODULE pFiltMod = NULL;
+	ULONG ulTmp = 0;
+
+	*Info = 0;
+	// NDIS OID requests use the same buffer for in/out, so the caller must supply the same size buffers, too.
+	if (ulBufLenIn != ulBufLenOut ||
+			ulBufLenIn < sizeof(PACKET_OID_DATA) || // check before dereferencing OidData
+			ulBufLenIn < (FIELD_OFFSET(PACKET_OID_DATA, Data) + OidData->Length) ||
+			OidData->Length < sizeof(ULONG)
+		)
+	{
+		return STATUS_BUFFER_TOO_SMALL;
+	}
+
+	// Now Length is at least sizeof(ULONG)
+	INFO_DBG("BIOCGETINFO: ID=%08lx, Length=%08lx\n", OidData->Oid, OidData->Length);
+
+	switch (OidData->Oid) {
+		case NPF_GETINFO_VERSION:
+			*((PULONG)OidData->Data) = 
+				((WINPCAP_MINOR & 0xff) << 24) |
+				((WINPCAP_REV & 0xff) << 16) |
+				((WINPCAP_BUILD & 0xffff));
+			OidData->Length = sizeof(ULONG);
+			*Info = FIELD_OFFSET(PACKET_OID_DATA, Data) + sizeof(ULONG);
+			Status = STATUS_SUCCESS;
+			break;
+
+		case NPF_GETINFO_CONFIG:
+			ulTmp = (0
+#ifdef NPCAP_OEM
+					| NPF_CONFIG_OEM
+#endif
+#ifndef NPCAP_READ_ONLY
+					| NPF_CONFIG_INJECT
+#endif
+				);
+			if (g_pDriverExtension->bAdminOnlyMode)
+				ulTmp |= NPF_CONFIG_ADMINONLY;
+			if (g_pDriverExtension->bDltNullMode)
+				ulTmp |= NPF_CONFIG_DLTNULL;
+#ifdef HAVE_DOT11_SUPPORT
+			if (g_pDriverExtension->bDot11SupportMode)
+				ulTmp |= NPF_CONFIG_WIFI;
+#endif
+#ifdef HAVE_WFP_LOOPBACK_SUPPORT
+			if (g_pDriverExtension->bLoopbackSupportMode)
+				ulTmp |= NPF_CONFIG_LOOPBACK;
+#endif
+			if (g_pDriverExtension->bTestMode)
+				ulTmp |= NPF_CONFIG_TESTMODE;
+
+			*((PULONG)OidData->Data) = ulTmp;
+			OidData->Length = sizeof(ULONG);
+			*Info = FIELD_OFFSET(PACKET_OID_DATA, Data) + sizeof(ULONG);
+			Status = STATUS_SUCCESS;
+			break;
+
+		case NPF_GETINFO_BPFEXT:
+			*((PULONG)OidData->Data) = SKF_AD_MAX;
+			OidData->Length = sizeof(ULONG);
+			*Info = FIELD_OFFSET(PACKET_OID_DATA, Data) + sizeof(ULONG);
+			Status = STATUS_SUCCESS;
+			break;
+
+		default:
+			Status = STATUS_INVALID_DEVICE_REQUEST;
+			break;
+	}
+	return Status;
+}
+
 _Use_decl_annotations_
 NTSTATUS
 NPF_IoControl(
@@ -2063,6 +2144,9 @@ NPF_IoControl(
 		case BIOCGTIMESTAMPMODES:
 			Status = funcBIOCGTIMESTAMPMODES(Open, pBuf, OutputBufferLength, &Information);
 			break;
+		case BIOCGETINFO:
+			Status = funcBIOCGETINFO(Open, pBuf, InputBufferLength, OutputBufferLength, &Information);
+			break;
 
 #if DBG
 		/* Deprecated codes */

packetWin7/npf/npf/Packet.h

@@ -461,18 +461,25 @@ typedef struct _OPEN_INSTANCE
 }
 OPEN_INSTANCE, *POPEN_INSTANCE;
 
+/* Packet metadata that is the same for every NET_BUFFER in the NET_BUFFER_LIST
+ * and that we need until all related captures are retrieved. */
 typedef struct _NPF_NBL_COPY
 {
 	SINGLE_LIST_ENTRY NBCopiesHead;
 	SINGLE_LIST_ENTRY NBLCopyEntry;
 	LARGE_INTEGER PerfCount;
 	LARGE_INTEGER SystemTime;
+	NDIS_NET_BUFFER_LIST_8021Q_INFO qInfo;
 #ifdef HAVE_DOT11_SUPPORT
 	PUCHAR Dot11RadiotapHeader;
 #endif
 	LONG refcount;
 } NPF_NBL_COPY, *PNPF_NBL_COPY;
 
+
+/* Packet data and metadata that is unique to each packet, but common to every
+ * capture of that packet, and which we need to keep until all related captures
+ * are retrieved. */
 typedef struct _NPF_NB_COPIES
 {
 	PNPF_NBL_COPY pNBLCopy;
@@ -482,12 +489,16 @@ typedef struct _NPF_NB_COPIES
 	PUCHAR Buffer; // packet data
 } NPF_NB_COPIES, *PNPF_NB_COPIES;
 
+/* Packet metadata that we only need prior to putting the NPF_CAP_DATA in the
+ * queue. Only lives as long as the call to NPF_DoTap. */
 typedef struct _NPF_SRC_NB
 {
 	SINGLE_LIST_ENTRY CopiesEntry;
 	PNPF_NB_COPIES pNBCopy;
 	PNET_BUFFER pNetBuffer; // source NET_BUFFER
 	ULONG ulDesired; // How much data we want from the packet
+	BOOLEAN bVlanHeaderInPacket:1; // Is there a 802.1q VLAN header in the packet data?
+	BOOLEAN bVlanHeaderAdded:1; // Was a VLAN header added to the pNBCopy, increasing size by 4 bytes?
 } NPF_SRC_NB, *PNPF_SRC_NB;
 
 // so we can use the same lookaside list for all these things
@@ -519,11 +530,13 @@ NPF_CAP_DATA, *PNPF_CAP_DATA;
 #define NPF_CAP_SIZE(_CapLen) (sizeof(struct bpf_hdr) + _CapLen)
 
 #ifdef HAVE_DOT11_SUPPORT
-#define NPF_CAP_OBJ_SIZE(_P, _R) NPF_CAP_SIZE( \
+#define NPF_CAP_RADIOTAP(_P) ((_P)->pNBCopy->pNBLCopy->Dot11RadiotapHeader)
+#define NPF_CAP_RADIOTAP_SIZE(_R) ((_R) != NULL ? ((PIEEE80211_RADIOTAP_HEADER)(_R))->it_len : 0)
+#define NPF_CAP_OBJ_SIZE(_P) NPF_CAP_SIZE( \
 		(_P)->ulCaplen \
-		+ (_R != NULL ? _R->it_len : 0))
+		+ NPF_CAP_RADIOTAP_SIZE(NPF_CAP_RADIOTAP(_P)))
 #else
-#define NPF_CAP_OBJ_SIZE(_P, _N) NPF_CAP_SIZE((_P)->ulCaplen)
+#define NPF_CAP_OBJ_SIZE(_P) NPF_CAP_SIZE((_P)->ulCaplen)
 #endif
 
 _When_(AcquireLock == FALSE, _Requires_lock_held_(Open->BufferLock))
@@ -1180,7 +1193,7 @@ NPF_GetLoopbackFilterModule();
   This function is used to create a filter module context object
 */
 _Ret_maybenull_
-PNPCAP_FILTER_MODULE
+__declspec(restrict) PNPCAP_FILTER_MODULE
 NPF_CreateFilterModule(
 	_In_ NDIS_HANDLE NdisFilterHandle,
 	_In_ PNDIS_STRING AdapterName