kernel-wfp: Open and close a WFP engine

author Martin Willi <martin@revosec.ch>

Thu, 7 Nov 2013 14:50:46 +0000 (15:50 +0100)

committer Martin Willi <martin@revosec.ch>

Wed, 4 Jun 2014 14:32:06 +0000 (16:32 +0200)
author Martin Willi <martin@revosec.ch>
Thu, 7 Nov 2013 14:50:46 +0000 (15:50 +0100)
committer Martin Willi <martin@revosec.ch>
Wed, 4 Jun 2014 14:32:06 +0000 (16:32 +0200)
diff --git a/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c b/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c

index 35bf8cc8ab0158238f3b6b1d2aea374d7e0176db..dd80ea61768d45f2b48d90a320f3f470929a701a 100644 (file)
--- a/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c
+++ b/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c
@@ -13,6 +13,9 @@
   * for more details.
   */
  
+/* Windows 7, for some fwpmu.h functionality */
+#define _WIN32_WINNT 0x0601
+
  #include "kernel_wfp_ipsec.h"
  
  #include <daemon.h>
@@ -20,6 +23,10 @@
  #include <collections/array.h>
  #include <collections/hashtable.h>
  
+#include <fwpmtypes.h>
+#include <fwpmu.h>
+#undef interface
+
  typedef struct private_kernel_wfp_ipsec_t private_kernel_wfp_ipsec_t;
  
  struct private_kernel_wfp_ipsec_t {
@@ -48,6 +55,11 @@ struct private_kernel_wfp_ipsec_t {
          * Mutex for accessing entries
          */
         mutex_t *mutex;
+
+       /**
+        * WFP session handle
+        */
+       HANDLE handle;
  };
  
  /**
@@ -485,6 +497,10 @@ METHOD(kernel_ipsec_t, enable_udp_decap, bool,
  METHOD(kernel_ipsec_t, destroy, void,
         private_kernel_wfp_ipsec_t *this)
  {
+       if (this->handle)
+       {
+               FwpmEngineClose0(this->handle);
+       }
         this->entries->destroy(this->entries);
         this->sas->destroy(this->sas);
         this->mutex->destroy(this->mutex);
@@ -497,6 +513,13 @@ METHOD(kernel_ipsec_t, destroy, void,
  kernel_wfp_ipsec_t *kernel_wfp_ipsec_create()
  {
         private_kernel_wfp_ipsec_t *this;
+       DWORD res;
+       FWPM_SESSION0 session = {
+               .displayData = {
+                       .name = L"charon",
+                       .description = L"strongSwan IKE kernel-wfp backend",
+               },
+       };
  
         INIT(this,
                 .public = {
@@ -524,5 +547,14 @@ kernel_wfp_ipsec_t *kernel_wfp_ipsec_create()
                 .sas = hashtable_create((void*)hash_sa, (void*)equals_sa, 4),
         );
  
+       res = FwpmEngineOpen0(NULL, RPC_C_AUTHN_WINNT, NULL, &session,
+                                                 &this->handle);
+       if (res != ERROR_SUCCESS)
+       {
+               DBG1(DBG_KNL, "opening WFP engine failed: 0x%08x", res);
+               destroy(this);
+               return NULL;
+       }
+
         return &this->public;
-};
+}
author	Martin Willi <martin@revosec.ch>
	Thu, 7 Nov 2013 14:50:46 +0000 (15:50 +0100)
committer	Martin Willi <martin@revosec.ch>
	Wed, 4 Jun 2014 14:32:06 +0000 (16:32 +0200)