7
fwpsLayer = dict( [ (long(val), key) for key, val in typeInfo( "FWPS_BUILTIN_LAYERS_" ).fields() ] )
8
fwpsDataType = dict( [ (long(val), key) for key, val in typeInfo( "FWP_DATA_TYPE_" ).fields() ] )
9
fwpDirection = dict( [ (long(val), key) for key, val in typeInfo( "FWP_DIRECTION_" ).fields() ] )
12
bb = loadBytes( blob.data, blob.size )
19
if i == 0: str += "\n"
22
str += "As string: " + loadWStr(blob.data )
27
def printArray16( array16 ):
28
return " ".join( [ "%02x"%v for v in array16.byteArray16 ] )
30
def printFwpsValue( value ):
32
"FWP_UINT8" : lambda : "%#x" % value.uint8,
33
"FWP_UINT16" : lambda : "%#x" % value.uint16,
34
"FWP_UINT32" : lambda : "%#x" % value.uint32,
35
"FWP_UINT64" : lambda : "%#x" % value.uint64.deref(),
36
"FWP_INT8" : lambda : "%#x" % value.int8,
37
"FWP_INT16" : lambda : "%#x" % value.int16,
38
"FWP_INT32" : lambda : "%#x" % value.int32,
39
"FWP_INT64" : lambda : "%#x" % value.int64.deref(),
40
"FWP_BYTE_BLOB_TYPE" : lambda : printBlob( value.byteBlob.deref() ),
41
"FWP_BYTE_ARRAY16_TYPE" : lambda : printArray16( value.byteArray16.deref() )
43
}.get( fwpsDataType[ value.field("type") ], lambda : "---" )()
45
def wfpFixedValues( addr ):
47
dprintln( "FWPS_INCOMING_VALUES0:" )
49
inFixedValue = typedVar( "FWPS_INCOMING_VALUES0_", addr )
51
dprintln( " Layer: " + fwpsLayer[ inFixedValue.layerId ] )
52
dprintln( " Value: %d" % inFixedValue.valueCount )
54
values = [ x.value for x in typedVarArray( int(inFixedValue.incomingValue), "FWPS_INCOMING_VALUE0_", inFixedValue.valueCount ) ]
56
layerName = fwpsLayer[ inFixedValue.layerId ]
58
discardRe = re.compile( '_DISCARD' )
59
layerName = discardRe.sub( '', layerName, 1 )
61
layerRe = re.compile( 'LAYER' )
62
fwpsFields = typeInfo( layerRe.sub( 'FIELDS', layerName, 1 ) + '_' ).fields()
64
for i in xrange( min(len(fwpsFields),len(values)) ):
65
dprintln( " " + fwpsFields[i][0] )
66
dprintln( " Type: " + fwpsDataType[ values[i].field("type") ] )
67
dprintln( " Value: " + printFwpsValue( values[i] ) )
69
def printDiscardReason( discardReason ):
72
def printBlobAsStr( blob ):
73
return loadWChars( blob.data, blob.size )
75
def printFwpsMetaValue( valueIndex, inMetaValues ):
78
0x00000001 : lambda x: printDiscardReason( x.discardMetadata ),
79
0x00000002 : lambda x: "%#x" % inMetaValues.flowHandle,
80
0x00000004 : lambda x: "%#x" % inMetaValues.ipHeaderSize,
81
0x00000008 : lambda x: printBlobAsStr( x.processPath.deref() ),
82
0x00000010 : lambda x: "%#lx" % inMetaValues.token,
83
0x00000020 : lambda x: "%#lx" % inMetaValues.processId,
84
0x00000040 : lambda x: "%#x" % inMetaValues.flags,
85
0x00000080 : lambda x: "%#lx" % inMetaValues.reserved,
86
0x00000100 : lambda x: "%#x" % inMetaValues.sourceInterfaceIndex,
87
0x00000200 : lambda x: "%#x" % inMetaValues.destinationInterfaceIndex,
88
0x00000400 : lambda x: "%#x" % inMetaValues.transportHeaderSize,
89
0x00000800 : lambda x: "%#x" % inMetaValues.compartmentId,
90
0x00001000 : lambda x: "id: %x offset: %x length: %x" % ( x.fragmentMetadata.fragmentIdentification, x.fragmentMetadata.fragmentOffset, x.fragmentMetadata.fragmentLength ),
91
0x00002000 : lambda x: "%#x" % x.pathMtu,
92
0x00004000 : lambda x: "%#lx" % x.completionHandle,
93
0x00008000 : lambda x: "%#lx" % x.transportEndpointHandle,
94
0x00010000 : lambda x: "Data: %#lx, Length: %#x" % ( x.controlData, x.controlDataLength ),
95
0x00020000 : lambda x: "Zone: %d Level: %d" % ( x.remoteScopeId.Zone, x.remoteScopeId.Level ),
96
0x00040000 : lambda x: fwpDirection[ x.packetDirection ],
97
}.get( valueIndex, lambda x: "" )( inMetaValues )
100
def wfpMetaValues( addr ):
102
dprintln( "FWPS_INCOMING_METADATA_VALUES0:" )
104
fwpsMetadataFields = {
105
0x00000001 : "FWPS_METADATA_FIELD_DISCARD_REASON",
106
0x00000002 : "FWPS_METADATA_FIELD_FLOW_HANDLE",
107
0x00000004 : "FWPS_METADATA_FIELD_IP_HEADER_SIZE",
108
0x00000008 : "FWPS_METADATA_FIELD_PROCESS_PATH",
109
0x00000010 : "FWPS_METADATA_FIELD_TOKEN",
110
0x00000020 : "FWPS_METADATA_FIELD_PROCESS_ID",
111
0x00000040 : "FWPS_METADATA_FIELD_SYSTEM_FLAGS",
112
0x00000080 : "FWPS_METADATA_FIELD_RESERVED",
113
0x00000100 : "FWPS_METADATA_FIELD_SOURCE_INTERFACE_INDEX",
114
0x00000200 : "FWPS_METADATA_FIELD_DESTINATION_INTERFACE_INDEX",
115
0x00000400 : "FWPS_METADATA_FIELD_TRANSPORT_HEADER_SIZE",
116
0x00000800 : "FWPS_METADATA_FIELD_COMPARTMENT_ID",
117
0x00001000 : "FWPS_METADATA_FIELD_FRAGMENT_DATA",
118
0x00002000 : "FWPS_METADATA_FIELD_PATH_MTU",
119
0x00004000 : "FWPS_METADATA_FIELD_COMPLETION_HANDLE",
120
0x00008000 : "FWPS_METADATA_FIELD_TRANSPORT_ENDPOINT_HANDLE",
121
0x00010000 : "FWPS_METADATA_FIELD_TRANSPORT_CONTROL_DATA",
122
0x00020000 : "FWPS_METADATA_FIELD_REMOTE_SCOPE_ID",
123
0x00040000 : "FWPS_METADATA_FIELD_PACKET_DIRECTION",
124
0x00080000 : "FWPS_METADATA_FIELD_PACKET_SYSTEM_CRITICAL",
125
0x00100000 : "FWPS_METADATA_FIELD_FORWARD_LAYER_OUTBOUND_PASS_THRU",
126
0x00200000 : "FWPS_METADATA_FIELD_FORWARD_LAYER_INBOUND_PASS_THRU",
127
0x00400000 : "FWPS_METADATA_FIELD_ALE_CLASSIFY_REQUIRED",
128
0x00800000 : "FWPS_METADATA_FIELD_TRANSPORT_HEADER_INCLUDE_HEADER",
129
0x01000000 : "FWPS_METADATA_FIELD_DESTINATION_PREFIX",
130
0x02000000 : "FWPS_METADATA_FIELD_ETHER_FRAME_LENGTH",
131
0x04000000 : "FWPS_METADATA_FIELD_PARENT_ENDPOINT_HANDLE",
132
0x08000000 : "FWPS_METADATA_FIELD_ICMP_ID_AND_SEQUENCE",
133
0x10000000 : "FWPS_METADATA_FIELD_LOCAL_REDIRECT_TARGET_PID",
134
0x20000000 : "FWPS_METADATA_FIELD_ORIGINAL_DESTINATION",
135
0x40000000 : "FWPS_METADATA_FIELD_REDIRECT_RECORD_HANDLE",
136
0x80000000 : "FWPS_METADATA_FIELD_SUB_PROCESS_TAG"
139
inMetaValues = typedVar( "FWPS_INCOMING_METADATA_VALUES0_", addr )
141
for i in ( 1 << i for i in range( 0, 32) ):
142
if inMetaValues.currentMetadataValues & i:
144
dprint( fwpsMetadataFields.get( i, "Unknown filed %#010x" % i ) + ": " )
145
dprint( printFwpsMetaValue( i, inMetaValues ) )
151
dprintln( "!py wfp /fixed addr")
152
dprintln( "!py wfp /meta addr" )
156
if not isKernelDebugging():
157
dprintln( "This script is for kernel debugging only" )
159
if len(sys.argv) < 2:
163
if sys.argv[1]=="/fixed":
164
wfpFixedValues( expr(sys.argv[2]) )
167
if sys.argv[1]=="/meta":
168
wfpMetaValues( expr(sys.argv[2]) )
173
if __name__ == "__main__":