Commit Graph

461 Commits

Author SHA1 Message Date
Jason A. Donenfeld
1269f86c76 driver: use partial MDL for slicing ring, rather than NB's DataOffset
Providing the DataOffset member of the NBL allocation function or
setting that member in the NB header indicates to NDIS not only that the
data starts at that offset, but that there's that amount of space
*available for it to use as it wants* before that offset. This meant
that NDIS was allowed to scribble data before the packet.

This was bounded by the size of the ring, so there was never any risk of
memory corruption, and since the ring is shared by userspace as well as
the rest of the kernel, we've always taken care of reading from it
closely, checking all values, and erroring out on corruption of the
ring. So, if NDIS wrote before the first packet, this would wind up
corrupting the RingTail and Alertable fields of the ring. The receiver
thread would then notice this, error out, and set the RingHead to
MAXULONG on its way out the door, so that userspace can detect it. And
indeed wintun.dll then started returning EOF from its write function.

Mostly this was not an issue, because we're not expecting for data to be
pushed on the head of a packet on ingress. But WSL2's Hyper-V driver is
actually pushing an ethernet header onto the front of the packet before
passing it off to Linux. Practically speaking, this manifested itself in
the RingTail and Alertable fields having Linux's MAC address! And then
the adapter would be EOF'd. This was reported as happening after WSL2
sends the *first* packet, but not others, which makes sense, because it
has to be at the beginning in order to corrupt those fields.

This fixes the problem by simply using a new MDL for the span we want,
instead of using the misunderstood DataOffset field. In order to not
need to keep track of memory allocations, we allocate the MDL as part of
the NBL's context area. And in order to avoid additional mappings, we
use IoBuildPartialMdl, which returns an MDL_PARTIAL, which does not have
an additional mapping that needs to be freed or unmapped.

After making this change, WSL2 no longer appears to halt the adapter,
and all works well.

Fixes: be8d2cb ("Avoid allocating second MDL")
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-12-13 18:31:44 +01:00
Stefan Rinkes
dd33757718 driver: use localtime in inf2cat
Otherwise the build fails at odd hours of the day.

Signed-off-by: Stefan Rinkes <stefan.rinkes@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-12-02 15:03:48 +01:00
Jason A. Donenfeld
a3a1fa8931 api: delay load remaining dlls to work around forwarder gotchas
RtlGenRandom forwards to cryptbase.dll, which is not in KnownDlls.
Therefore it's not a good idea to link to advapi32.dll at link time. How
many other gotchas of unusual forwarded functions are there? I don't
really want to find out. Therefore, delay load everything else.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-11-27 14:52:03 +01:00
Simon Rozman
ecf70261da api: skip notifying driver when there are no receive packets yet
Signed-off-by: Simon Rozman <simon@rozman.si>
2020-11-27 14:52:03 +01:00
Jason A. Donenfeld
6af568d1e0 api: allow header to be mit
This doesn't change much, but it does make it mildly more convenient
plop this into mixed-use codebases.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-11-27 14:52:01 +01:00
Jason A. Donenfeld
a9f8b2b764 api: do not make dead gateway detection failures fatal
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-11-17 16:27:11 +01:00
Simon Rozman
f7c2ea4ded api: retry on ERROR_TRANSACTION_NOT_ACTIVE when disabling dead GW detect
There seems to be a race in the TCP/IP adapter registry key. Sometimes,
the adapter TCP/IP key is created, but setting the value
EnableDeadGWDetect fails with ERROR_TRANSACTION_NOT_ACTIVE.

Signed-off-by: Simon Rozman <simon@rozman.si>
2020-11-17 15:30:00 +01:00
Jason A. Donenfeld
c18dd0a216 api: remove useless line
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-11-17 12:46:53 +01:00
Jason A. Donenfeld
e73613ee24 api: remove return value from logger function
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-11-10 22:06:25 +01:00
Jason A. Donenfeld
87ef399d1c driver: do not allow compiler to reload PacketSize
In theory, the compiler could reload PacketSize after the bounds check
but before it's passed to NdisAllocateNetBufferAndNetBufferList. In
practice, it's not actually doing that, but better safe than sorry.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-11-09 22:23:26 +01:00
Jason A. Donenfeld
0f6296516a version: bump
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-11-09 15:34:38 +01:00
Jason A. Donenfeld
fc348f519b api: relax IsPoolMember estimation
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-11-09 15:34:38 +01:00
Jason A. Donenfeld
0d214d7254 api: do not call UpdateDriverForPlugAndPlayDevicesW
This seems to reset a number of device properties, and our update flow
seems to update old adapters without needing to call this.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-11-09 15:14:33 +01:00
Jason A. Donenfeld
8ec14e5f6d api: take pool mutex when deleting
This prevents us from racing with driver deletion. Mutexes are
recursive, so we shouldn't deadlock if called from Enum.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-11-09 13:15:57 +01:00
Jason A. Donenfeld
7c5233a80e api: account for adapter disappearing during deletion
This makes the race less fatal.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-11-09 13:11:07 +01:00
Jason A. Donenfeld
3dbaafd4ae api: manipulate process token if thread token didn't require impersonation
Otherwise rundll32.exe fails if we're already SYSTEM.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-11-07 15:04:33 +01:00
Simon Rozman
c581a9f6cd api: fix Function and Prefix logging order
Signed-off-by: Simon Rozman <simon@rozman.si>
2020-11-07 15:04:33 +01:00
Simon Rozman
b0ebb6d0ad api: fix LastError override
The LastError was overridden by the stdout reader thread exit code
masking the true reason why ExecuteRunDll32() failed and even worse: as
the thread exited gracefully, the true reason was overridden by
ERROR_SUCCESS and returning TRUE (success).

Signed-off-by: Simon Rozman <simon@rozman.si>
2020-11-07 15:04:33 +01:00
Jason A. Donenfeld
3f843c9aab proj: use less scary caps for zip license file
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-11-06 10:44:32 +01:00
Jason A. Donenfeld
ed0465b8a7 api: avoid loading version.dll if not used
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-11-06 10:25:15 +01:00
Simon Rozman
a00c8ca685 driver: move to subfolder
Signed-off-by: Simon Rozman <simon@rozman.si>
2020-11-06 07:29:47 +01:00
Jason A. Donenfeld
c891e84259 api: include arm64 in amd64
ARM64 will still run AMD64 apps.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-11-05 16:58:43 +01:00
Jason A. Donenfeld
9f3d466791 api: remove WintunOpenAdapterDeviceObject
Discourage use of kernel interface, which gives us more flexibility if
we ever want to change it.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-11-05 16:58:43 +01:00
Jason A. Donenfeld
1e00f310ec example: raise to 4MiB
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-11-05 16:58:43 +01:00
Jason A. Donenfeld
82c41bdb4b api: rearrange wintun.h to have better grouping and improve docs
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-11-05 16:58:43 +01:00
Jason A. Donenfeld
1285b8f528 api: rename WintunGetAdapter to WintunOpenAdapter
"Create" and "Open" natural names for these.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-11-05 16:58:43 +01:00
Jason A. Donenfeld
e9e790605a api: rename ReceiveRelease to ReleaseReceivePacket
This makes the API parallel:
Wintun*Allocate*SendPacket -> WintunSendPacket
WintunReceivePacket -> Wintun*Release*ReceivePacket

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-11-05 16:58:43 +01:00
Jason A. Donenfeld
6afbb300b9 README: improve code example
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-11-05 16:58:43 +01:00
Jason A. Donenfeld
b7f5ee9a4e api: move InititalizeWintun to top to be easier to find
It's the primary function we want people copy and pasting.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-11-05 16:58:43 +01:00
Jason A. Donenfeld
8861fdc316 api: add cfgmgr32.dll to delayed load list
It's in the registry but not in the NT object key.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-11-05 16:58:43 +01:00
Jason A. Donenfeld
e458b4a8a4 wintun: simplify vcxproj
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-11-05 16:58:43 +01:00
Jason A. Donenfeld
f2b4363f1c vs: cause example to be default selected run project
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-11-05 11:09:44 +01:00
Jason A. Donenfeld
f342cc6903 .gitignore: simplify build dir match
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-11-05 11:06:53 +01:00
Simon Rozman
abbf658211 api: fix typo in ring-management function prototype declarations
Signed-off-by: Simon Rozman <simon@rozman.si>
2020-11-05 08:36:28 +01:00
Jason A. Donenfeld
317a91bcbe README: add reference and describe info
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-11-04 21:37:33 +01:00
Jason A. Donenfeld
3158b553c4 api: document enum argument properly
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-11-04 21:22:47 +01:00
Jason A. Donenfeld
fc27d8ccd2 api: document log enum
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-11-04 21:22:47 +01:00
Jason A. Donenfeld
65dee05229 api: remove enum name for logger level
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-11-04 21:22:47 +01:00
Jason A. Donenfeld
2b4e164d69 api: document adapter handle return value properly
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-11-04 16:19:53 +01:00
Jason A. Donenfeld
c26b16e06f api: CALLBACK_FUNC -> CALLBACK
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-11-04 16:46:24 +01:00
Simon Rozman
b8401ad25b api: upgrade nci.lib and wintun-inf.h building
The additional build steps performed are now attached to the build
process using BeforeTargets/AfterTargets.

Signed-off-by: Simon Rozman <simon@rozman.si>
2020-11-04 16:44:01 +01:00
Jason A. Donenfeld
dc99f96da7 api: rename GetVersion to GetRunningDriverVersion
This makes our intentions a lot more clear, and in case we ever add
other version functions, makes the forward path simpler.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-11-04 14:53:39 +01:00
Jason A. Donenfeld
e2ffd0b3b3 example: account for buffer being drained too slowly
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-11-04 14:50:03 +01:00
Jason A. Donenfeld
5d1efa847f api: use a logging alloc function
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-11-04 13:21:43 +01:00
Jason A. Donenfeld
9c349273f5 api: concatenate function name at runtime
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-11-04 13:21:43 +01:00
Simon Rozman
0a51e26730 api: include the rundll32 helpers the MSVC-typical way
Signed-off-by: Simon Rozman <simon@rozman.si>
2020-11-04 13:21:42 +01:00
Simon Rozman
552821f59a api: translate NTSTATUS to Win32 error codes
Signed-off-by: Simon Rozman <simon@rozman.si>
2020-11-04 13:21:42 +01:00
Simon Rozman
f657e6fd27 api: use GetLastError() to report failures like standard Win32
Signed-off-by: Simon Rozman <simon@rozman.si>
2020-11-04 13:21:42 +01:00
Jason A. Donenfeld
5ad7d10589 example: account for adapter reuse
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-11-03 18:42:43 +01:00
Jason A. Donenfeld
ed78f86783 wintun: upset everybody by doing multiplication via string concatenation
Because we can.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-11-03 18:37:40 +01:00