Hello list, On 09.07.2016 21:11, Selva Nair wrote: > > On Sat, Jul 9, 2016 at 12:16 PM, Noel Kuntze <[email protected] > <mailto:[email protected]>> wrote: > > The changed source code compiles successfully, however I do not know if > the behaviour is correct, as I do not have a code signing certificate or EV > certificate > > that I could sign the driver with. > > > You can test it with a test signature on a machine booted with TESTSIGNING > boot config option: > > bcdedit.exe -set TESTSIGNING ON > > For more info see > https://msdn.microsoft.com/en-ca/library/windows/hardware/ff553484(v=vs.85).aspx > > <https://msdn.microsoft.com/en-ca/library/windows/hardware/ff553484%28v=vs.85%29.aspx> > > Selva
I tested the changes (they work as intended) and pruned them into one single diff. There's no commit message in it, because I produced it with `git diff` and don't want to break the diff accidently. The miniscule changes of whitespaces that were produced by whatever software are gone, so it's less noisy. The fixes for my own progbramming errors are also pruned into this fix. The instructions in Selva's link weren't enough to convince windows to trust the driver. I had to also enable debug mode and I signed it with one of my own certificates. The patch is attached. -- Mit freundlichen Grüßen/Kind Regards, Noel Kuntze GPG Key ID: 0x63EC6658 Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
diff --git a/src/adapter.c b/src/adapter.c
index 2883b79..fd575f9 100644
--- a/src/adapter.c
+++ b/src/adapter.c
@@ -222,6 +222,9 @@ tapReadConfiguration(
Adapter->MediaStateAlwaysConnected = FALSE;
Adapter->LogicalMediaState = FALSE;
Adapter->AllowNonAdmin = FALSE;
+ // source check can not be set in the registry yet. This has to be set each
+ // time the adapter is opened.
+ Adapter->m_source_check = TRUE;
//
// Open the registry for this adapter to read advanced
// configuration parameters stored by the INF file.
diff --git a/src/adapter.h b/src/adapter.h
index 2f09d12..70a394d 100644
--- a/src/adapter.h
+++ b/src/adapter.h
@@ -4,6 +4,7 @@
*
* This code was inspired by the CIPE-Win32 driver by Damion K. Wilson.
*
+ * Copyright (C) 2016 Noel Kuntze <[email protected]>
* This source code is Copyright (C) 2002-2014 OpenVPN Technologies, Inc.,
* and is released under the GPL version 2 (see below).
*
@@ -251,6 +252,10 @@ typedef struct _TAP_ADAPTER_CONTEXT
BOOLEAN m_CalledAdapterFreeResources;
BOOLEAN m_RegisteredAdapterShutdownHandler;
+ // This variable is initialised as TRUE. If it is set to FALSE, the adapter does
+ // not check the source IP field of the ARP requests it receives on the adapter.
+ BOOLEAN m_source_check;
+
} TAP_ADAPTER_CONTEXT, *PTAP_ADAPTER_CONTEXT;
FORCEINLINE
diff --git a/src/device.c b/src/device.c
index 2b7ba9b..85897b6 100644
--- a/src/device.c
+++ b/src/device.c
@@ -4,6 +4,7 @@
*
* This code was inspired by the CIPE-Win32 driver by Damion K. Wilson.
*
+ * Copyright (C) 2016 Noel Kuntze <[email protected]>
* This source code is Copyright (C) 2002-2014 OpenVPN Technologies, Inc.,
* and is released under the GPL version 2 (see below).
*
@@ -692,7 +693,20 @@ Return Value:
}
}
break;
-
+ case TAP_WIN_IOCTL_CONFIG_SET_SRC_CHECK:
+ {
+ if (inBufLength >= sizeof(ULONG))
+ {
+ adapter->m_source_check = (BOOLEAN) ((PULONG) (Irp->AssociatedIrp.SystemBuffer))[0];
+ Irp->IoStatus.Information = 1;
+ }
+ else
+ {
+ NOTE_ERROR();
+ Irp->IoStatus.Status = ntStatus = STATUS_INVALID_PARAMETER;
+ }
+ }
+ break;
default:
//
diff --git a/src/tap-windows.h b/src/tap-windows.h
index d546a5b..0809c2e 100644
--- a/src/tap-windows.h
+++ b/src/tap-windows.h
@@ -4,6 +4,7 @@
*
* This code was inspired by the CIPE-Win32 driver by Damion K. Wilson.
*
+ * Copyright (C) 2016 Noel Kuntze <[email protected]>
* This source code is Copyright (C) 2002-2014 OpenVPN Technologies, Inc.,
* and is released under the GPL version 2 (see below).
*
@@ -49,7 +50,7 @@
/* obsoletes TAP_WIN_IOCTL_CONFIG_POINT_TO_POINT */
#define TAP_WIN_IOCTL_CONFIG_TUN TAP_WIN_CONTROL_CODE (10, METHOD_BUFFERED)
-
+#define TAP_WIN_IOCTL_CONFIG_SET_SRC_CHECK TAP_WIN_CONTROL_CODE (11, METHOD_BUFFERED)
/*
* =================
* Registry keys
diff --git a/src/txpath.c b/src/txpath.c
index f627934..8af5f21 100644
--- a/src/txpath.c
+++ b/src/txpath.c
@@ -4,6 +4,7 @@
*
* This code was inspired by the CIPE-Win32 driver by Damion K. Wilson.
*
+ * Copyright (C) 2016 Noel Kuntze <[email protected]>
* This source code is Copyright (C) 2002-2014 OpenVPN Technologies, Inc.,
* and is released under the GPL version 2 (see below).
*
@@ -216,6 +217,15 @@ ProcessARP(
//-----------------------------------------------
// Is this the kind of packet we are looking for?
//-----------------------------------------------
+ BOOLEAN source_check = FALSE;
+ if (Adapter->m_source_check)
+ {
+ source_check = (src->m_ARP_IP_Source == adapter_ip);
+ }
+ else
+ {
+ source_check = TRUE;
+ }
if (src->m_Proto == htons (NDIS_ETH_TYPE_ARP)
&& MAC_EQUAL (src->m_MAC_Source, Adapter->PermanentAddress)
&& MAC_EQUAL (src->m_ARP_MAC_Source, Adapter->PermanentAddress)
@@ -225,7 +235,7 @@ ProcessARP(
&& src->m_MAC_AddressSize == sizeof (MACADDR)
&& src->m_PROTO_AddressType == htons (NDIS_ETH_TYPE_IPV4)
&& src->m_PROTO_AddressSize == sizeof (IPADDR)
- && src->m_ARP_IP_Source == adapter_ip
+ && source_check
&& (src->m_ARP_IP_Destination & ip_netmask) == ip_network
&& src->m_ARP_IP_Destination != adapter_ip)
{
signature.asc
Description: OpenPGP digital signature
