52 #define _snprintf StringCbPrintfA 66 static const char *StripPcapPrefix(
const char *pcap_dev)
68 return strchr(pcap_dev,
'{');
76 uint32_t Win32GetAdaptersAddresses(IP_ADAPTER_ADDRESSES **pif_info_list)
79 IP_ADAPTER_ADDRESSES *if_info_list;
82 err = GetAdaptersAddresses(AF_UNSPEC, 0, NULL, NULL, &size);
83 if (err != ERROR_BUFFER_OVERFLOW) {
86 if_info_list =
SCMalloc((
size_t)size);
87 if (if_info_list == NULL) {
88 return ERROR_NOT_ENOUGH_MEMORY;
90 err = GetAdaptersAddresses(AF_UNSPEC, 0, NULL, if_info_list, &size);
91 if (err != NO_ERROR) {
96 *pif_info_list = if_info_list;
100 uint32_t Win32FindAdapterAddresses(IP_ADAPTER_ADDRESSES *if_info_list,
101 const char *adapter_name,
102 IP_ADAPTER_ADDRESSES **pif_info)
104 DWORD ret = NO_ERROR;
105 adapter_name = StripPcapPrefix(adapter_name);
108 for (IP_ADAPTER_ADDRESSES *current = if_info_list; current != NULL;
109 current = current->Next) {
112 if (strncmp(adapter_name, current->AdapterName, strlen(adapter_name)) ==
120 if (*pif_info == NULL) {
121 ret = ERROR_NOT_FOUND;
127 #if NTDDI_VERSION < NTDDI_VISTA 129 int GetIfaceMTUWin32(
const char *pcap_dev) {
return 0; }
130 int GetGlobalMTUWin32(
void) {
return 0; }
132 int GetIfaceOffloadingWin32(
const char *ifname,
int csum,
int other)
135 "higher. Network offload interrogation not " 139 int DisableIfaceOffloadingWin32(
LiveDevice *ldev,
int csum,
int other)
142 "higher. Network offload interrogation not " 146 int RestoreIfaceOffloadingWin32(
LiveDevice *ldev)
149 "higher. Network offload interrogation not " 156 static HMODULE wmiutils_dll = NULL;
161 static HMODULE WmiUtils(
void)
163 if (wmiutils_dll == NULL) {
165 LoadLibraryA(
"C:\\Windows\\System32\\wbem\\wmiutils.dll");
174 static BSTR utob(uint64_t ui)
177 _ui64tow(ui, buf, 10);
178 return SysAllocString(buf);
187 const char *Win32GetErrorString(DWORD error_code, HMODULE ext_module)
189 char *error_string = NULL;
192 FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_IGNORE_INSERTS;
193 if (ext_module != NULL) {
194 flags |= FORMAT_MESSAGE_FROM_HMODULE;
196 flags |= FORMAT_MESSAGE_FROM_SYSTEM;
199 FormatMessageA(flags, ext_module, error_code, 0, (LPTSTR)&error_string, 0,
202 if (error_string == NULL) {
206 error_string[strlen(error_string) - 2] = 0;
215 static void _Win32HResultLog(
SCLogLevel level, HRESULT hr,
const char *file,
216 const char *
function,
const int line)
218 const char *err_str = Win32GetErrorString(hr, WmiUtils());
219 SCLog(level, file,
function, line,
"HRESULT: %s (0x%08" PRIx32
")", err_str,
221 LocalFree((LPVOID)err_str);
224 #define Win32HResultLogDebug(hr) \ 225 _Win32HResultLog(SC_LOG_DEBUG, (hr), __FILE__, __FUNCTION__, __LINE__) 227 #define Win32HResultLogDebug(hr) 233 #define WbemLogDebug(hr) (_WbemLogDebug)((hr), __FILE__, __FUNCTION__, __LINE__) 235 static void _WbemLogDebug(HRESULT hr,
const char *file,
const char *
function,
239 IErrorInfo *err_info;
240 BSTR err_description;
241 char *err_description_mb = NULL;
243 _Win32HResultLog(
SC_LOG_DEBUG, hr, file,
function, line);
245 GetErrorInfo(0, &err_info);
247 err_info->lpVtbl->GetDescription(err_info, &err_description))) {
252 err_description_mb =
SCMalloc(SysStringLen(err_description) + 1);
254 if (err_description_mb == NULL) {
260 err_description_mb[SysStringLen(err_description)] = 0;
261 wcstombs(err_description_mb, err_description,
262 SysStringLen(err_description));
269 SCFree(err_description_mb);
270 SysFreeString(err_description);
277 int GetIfaceMTUWin32(
const char *pcap_dev)
279 DWORD err = NO_ERROR;
283 IP_ADAPTER_ADDRESSES *if_info_list = NULL, *if_info = NULL;
284 err = Win32GetAdaptersAddresses(&if_info_list);
285 if (err != NO_ERROR) {
289 err = Win32FindAdapterAddresses(if_info_list, pcap_dev, &if_info);
290 if (err != NO_ERROR) {
301 const char *errbuf = Win32GetErrorString(err, WmiUtils());
303 "Failure when trying to get MTU via syscall for '%s': %s " 305 pcap_dev, errbuf, (uint32_t)err);
306 LocalFree((LPVOID)errbuf);
308 SCLogInfo(
"Found an MTU of %d for '%s'", mtu, pcap_dev);
317 int GetGlobalMTUWin32()
321 DWORD err = NO_ERROR;
322 IP_ADAPTER_ADDRESSES *if_info_list = NULL;
325 err = Win32GetAdaptersAddresses(&if_info_list);
326 if (err != NO_ERROR) {
331 IP_ADAPTER_ADDRESSES *if_info = NULL;
332 for (if_info = if_info_list; if_info != NULL; if_info = if_info->Next) {
334 if (if_info->Mtu == (uint32_t)-1) {
339 mtu = max(mtu, if_info->Mtu);
344 SCLogInfo(
"Found a global MTU of %" PRIu32, mtu);
350 const char *errbuf = NULL;
351 FormatMessageA(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM |
352 FORMAT_MESSAGE_IGNORE_INSERTS,
353 NULL, err, 0, (LPTSTR)&errbuf, 0, NULL);
357 "Failure when trying to get global MTU via syscall: %s (%" PRId32
359 errbuf, (uint32_t)err);
364 #define ReleaseObject(objptr) \ 366 if ((objptr) != NULL) { \ 367 (objptr)->lpVtbl->Release(objptr); \ 372 typedef enum Win32TcpOffloadFlags_ {
373 WIN32_TCP_OFFLOAD_FLAG_NONE = 0,
374 WIN32_TCP_OFFLOAD_FLAG_CSUM_IP4RX = 1,
375 WIN32_TCP_OFFLOAD_FLAG_CSUM_IP4TX = 1 << 1,
376 WIN32_TCP_OFFLOAD_FLAG_CSUM_IP6RX = 1 << 2,
377 WIN32_TCP_OFFLOAD_FLAG_CSUM_IP6TX = 1 << 3,
378 WIN32_TCP_OFFLOAD_FLAG_LSOV1_IP4 = 1 << 4,
379 WIN32_TCP_OFFLOAD_FLAG_LSOV2_IP4 = 1 << 5,
380 WIN32_TCP_OFFLOAD_FLAG_LSOV2_IP6 = 1 << 6,
383 WIN32_TCP_OFFLOAD_FLAG_CSUM = WIN32_TCP_OFFLOAD_FLAG_CSUM_IP4RX |
384 WIN32_TCP_OFFLOAD_FLAG_CSUM_IP4TX |
385 WIN32_TCP_OFFLOAD_FLAG_CSUM_IP6RX |
386 WIN32_TCP_OFFLOAD_FLAG_CSUM_IP6TX,
387 WIN32_TCP_OFFLOAD_FLAG_CSUM_IP4 = WIN32_TCP_OFFLOAD_FLAG_CSUM_IP4RX |
388 WIN32_TCP_OFFLOAD_FLAG_CSUM_IP4TX,
389 WIN32_TCP_OFFLOAD_FLAG_CSUM_IP6 = WIN32_TCP_OFFLOAD_FLAG_CSUM_IP6RX |
390 WIN32_TCP_OFFLOAD_FLAG_CSUM_IP6TX,
391 WIN32_TCP_OFFLOAD_FLAG_LSO = WIN32_TCP_OFFLOAD_FLAG_LSOV1_IP4 |
392 WIN32_TCP_OFFLOAD_FLAG_LSOV2_IP4 |
393 WIN32_TCP_OFFLOAD_FLAG_LSOV2_IP6,
394 } Win32TcpOffloadFlags;
396 typedef struct ComInstance_ {
397 IWbemLocator *locator;
398 IWbemServices *services;
404 static HRESULT ComInstanceInit(ComInstance *instance, LPCWSTR resource)
408 instance->locator = NULL;
409 instance->services = NULL;
411 BSTR resource_bstr = SysAllocString(resource);
412 if (resource_bstr == NULL) {
413 hr = HRESULT_FROM_WIN32(E_OUTOFMEMORY);
419 hr = CoInitializeEx(NULL, COINIT_MULTITHREADED);
426 "COM CoInitializeEx failed: 0x%" PRIx32, (uint32_t)hr);
429 hr = CoInitializeSecurity(
430 NULL, -1, NULL, NULL, RPC_C_AUTHN_LEVEL_DEFAULT,
431 RPC_C_IMP_LEVEL_IMPERSONATE, NULL, EOAC_NONE, NULL);
434 "COM CoInitializeSecurity failed: 0x%" PRIx32,
441 hr = CoCreateInstance(&CLSID_WbemLocator, NULL, CLSCTX_INPROC_SERVER,
442 &IID_IWbemLocator, (LPVOID *)&instance->locator);
448 hr = instance->locator->lpVtbl->ConnectServer(
449 instance->locator, resource_bstr, NULL, NULL, NULL, 0, NULL, NULL,
450 &instance->services);
458 SysFreeString(resource_bstr);
466 static void ComInstanceRelease(ComInstance *instance)
468 if (instance == NULL) {
471 ReleaseObject(instance->services);
472 ReleaseObject(instance->locator);
478 static HRESULT GetWbemClass(ComInstance *instance, LPCWSTR name,
479 IWbemClassObject **p_class)
481 HRESULT hr = WBEM_S_NO_ERROR;
482 BSTR name_bstr = NULL;
484 if (instance == NULL || name == NULL || p_class == NULL ||
486 hr = HRESULT_FROM_WIN32(E_INVALIDARG);
487 Win32HResultLogDebug(hr);
492 name_bstr = SysAllocString(name);
493 if (name_bstr == NULL) {
494 hr = HRESULT_FROM_WIN32(E_OUTOFMEMORY);
500 hr = instance->services->lpVtbl->GetObject(instance->services, name_bstr,
501 WBEM_FLAG_RETURN_WBEM_COMPLETE,
502 NULL, p_class, NULL);
511 SysFreeString(name_bstr);
519 static HRESULT GetWbemClassInstance(ComInstance *instance, LPCWSTR name,
520 IWbemClassObject **p_instance)
522 HRESULT hr = WBEM_S_NO_ERROR;
524 IWbemClassObject *
class = NULL;
526 hr = GetWbemClass(instance, name, &
class);
527 if (hr != WBEM_S_NO_ERROR) {
531 hr =
class->lpVtbl->SpawnInstance(
class, 0, p_instance);
532 if (hr != WBEM_S_NO_ERROR) {
543 typedef struct WbemMethod_ {
544 ComInstance *com_instance;
548 IWbemClassObject *in_params, *out_params;
554 static HRESULT GetWbemMethod(ComInstance *com_instance, LPCWSTR class_name,
555 LPCWSTR method_name, WbemMethod *method)
558 IWbemClassObject *
class = NULL;
560 method->com_instance = com_instance;
562 BSTR class_name_bstr = SysAllocString(class_name);
563 if (class_name_bstr == NULL) {
564 hr = HRESULT_FROM_WIN32(E_OUTOFMEMORY);
568 method->method_name = SysAllocString(method_name);
569 if (method->method_name == NULL) {
570 hr = HRESULT_FROM_WIN32(E_OUTOFMEMORY);
576 hr = GetWbemClass(com_instance, class_name, &
class);
577 if (hr != WBEM_S_NO_ERROR) {
582 hr =
class->lpVtbl->GetMethod(
class, method_name, 0, &method->in_params,
583 &method->out_params);
584 if (hr != WBEM_S_NO_ERROR) {
592 ReleaseObject(
class);
594 SysFreeString(class_name_bstr);
602 static void WbemMethodRelease(WbemMethod *method)
604 if (method == NULL) {
607 ReleaseObject(method->in_params);
608 ReleaseObject(method->out_params);
610 SysFreeString(method->method_name);
613 typedef struct WbemMethodCall_ {
618 IWbemClassObject *in_params;
624 static HRESULT GetWbemMethodCall(WbemMethod *method, LPCWSTR instance_path,
625 WbemMethodCall *call)
629 call->method = method;
630 call->instance_path = SysAllocString(instance_path);
631 if (call->instance_path == NULL) {
632 hr = HRESULT_FROM_WIN32(E_OUTOFMEMORY);
639 hr = method->in_params->lpVtbl->SpawnInstance(method->in_params, 0,
644 "WMI SpawnInstance failed on in_params: 0x%" PRIx32,
656 static void WbemMethodCallRelease(WbemMethodCall *call)
661 ReleaseObject(call->in_params);
663 SysFreeString(call->instance_path);
669 static HRESULT WbemMethodCallExec(WbemMethodCall *call,
670 IWbemClassObject **p_out_params)
674 hr = call->method->com_instance->services->lpVtbl->ExecMethod(
675 call->method->com_instance->services, call->instance_path,
676 call->method->method_name, 0, NULL, call->in_params, p_out_params,
678 if (hr != WBEM_S_NO_ERROR) {
680 SCLogDebug(
"WMI ExecMethod failed: 0x%" PRIx32, (uint32_t)hr);
691 static HRESULT WbemGetSubObject(IWbemClassObject *
object, LPCWSTR property_name,
692 IWbemClassObject **sub_object)
697 VariantInit(&out_var);
698 hr =
object->lpVtbl->Get(
object, property_name, 0, &out_var, NULL, NULL);
699 if (hr != WBEM_S_NO_ERROR) {
703 IUnknown *unknown = V_UNKNOWN(&out_var);
704 hr = unknown->lpVtbl->QueryInterface(unknown, &IID_IWbemClassObject,
705 (
void **)sub_object);
708 "WMI QueryInterface (IWbemClassObject) failed: 0x%" PRIx32,
714 VariantClear(&out_var);
721 static HRESULT GetEncapsulation(IWbemClassObject *
object, LPCWSTR category,
722 LPCWSTR subcategory, ULONG *encapsulation)
724 HRESULT hr = WBEM_S_NO_ERROR;
726 IWbemClassObject *category_object = NULL;
727 IWbemClassObject *subcategory_object = NULL;
730 VariantInit(&out_var);
733 hr = WbemGetSubObject(
object, category, &category_object);
734 if (hr != WBEM_S_NO_ERROR) {
739 hr = WbemGetSubObject(category_object, subcategory, &subcategory_object);
740 if (hr != WBEM_S_NO_ERROR) {
743 hr = subcategory_object->lpVtbl->Get(subcategory_object, L
"Encapsulation",
744 0, &out_var, NULL, NULL);
745 if (hr != WBEM_S_NO_ERROR) {
748 *encapsulation = V_UI4(&out_var);
751 VariantClear(&out_var);
752 ReleaseObject(subcategory_object);
753 ReleaseObject(category_object);
757 static HRESULT GetIUnknown(IWbemClassObject *
object, IUnknown **p_unknown)
759 HRESULT hr = WBEM_S_NO_ERROR;
761 if (
object == NULL || p_unknown == NULL || *p_unknown != NULL) {
762 hr = HRESULT_FROM_WIN32(E_INVALIDARG);
763 Win32HResultLogDebug(hr);
767 hr =
object->lpVtbl->QueryInterface(
object, &IID_IUnknown,
771 "WMI QueryInterface (IUnknown) failed: 0x%" PRIx32,
780 static HRESULT BuildNdisObjectHeader(ComInstance *instance, uint8_t
type,
781 uint8_t revision, uint16_t size,
782 IWbemClassObject **p_ndis_object_header)
784 HRESULT hr = WBEM_S_NO_ERROR;
786 if (instance == NULL || p_ndis_object_header == NULL ||
787 *p_ndis_object_header != NULL) {
789 hr = HRESULT_FROM_WIN32(E_INVALIDARG);
790 Win32HResultLogDebug(hr);
795 hr = GetWbemClassInstance(instance, L
"MSNdis_ObjectHeader",
796 p_ndis_object_header);
797 if (hr != WBEM_S_NO_ERROR) {
801 VARIANT param_variant;
802 VariantInit(¶m_variant);
803 IWbemClassObject *ndis_object_header = *p_ndis_object_header;
806 V_VT(¶m_variant) = VT_UI1;
807 V_UI1(¶m_variant) =
type;
808 hr = ndis_object_header->lpVtbl->Put(ndis_object_header, L
"Type", 0,
810 VariantClear(¶m_variant);
811 if (hr != WBEM_S_NO_ERROR) {
816 V_VT(¶m_variant) = VT_UI1;
817 V_UI1(¶m_variant) = revision;
818 hr = ndis_object_header->lpVtbl->Put(ndis_object_header, L
"Revision", 0,
820 VariantClear(¶m_variant);
821 if (hr != WBEM_S_NO_ERROR) {
828 V_VT(¶m_variant) = VT_I4;
829 V_I4(¶m_variant) = size;
830 hr = ndis_object_header->lpVtbl->Put(ndis_object_header, L
"Size", 0,
832 VariantClear(¶m_variant);
833 if (hr != WBEM_S_NO_ERROR) {
842 static HRESULT BuildNdisWmiMethodHeader(ComInstance *instance,
843 uint64_t net_luid, uint32_t port_number,
844 uint64_t request_id, uint32_t timeout,
845 IWbemClassObject **p_ndis_method_header)
847 HRESULT hr = WBEM_S_NO_ERROR;
849 IWbemClassObject *ndis_object_header = NULL;
851 if (instance == NULL || p_ndis_method_header == NULL ||
852 *p_ndis_method_header != NULL) {
854 hr = HRESULT_FROM_WIN32(E_INVALIDARG);
855 Win32HResultLogDebug(hr);
860 hr = GetWbemClassInstance(instance, L
"MSNdis_WmiMethodHeader",
861 p_ndis_method_header);
862 if (hr != WBEM_S_NO_ERROR) {
866 VARIANT param_variant;
867 VariantInit(¶m_variant);
870 hr = BuildNdisObjectHeader(instance, NDIS_WMI_OBJECT_TYPE_METHOD,
871 NDIS_WMI_METHOD_HEADER_REVISION_1, 0xFFFF,
872 &ndis_object_header);
873 if (hr != WBEM_S_NO_ERROR) {
876 V_VT(¶m_variant) = VT_UNKNOWN;
877 V_UNKNOWN(¶m_variant) = NULL;
878 hr = GetIUnknown(ndis_object_header, &V_UNKNOWN(¶m_variant));
879 if (hr != WBEM_S_NO_ERROR) {
883 IWbemClassObject *ndis_method_header = *p_ndis_method_header;
886 hr = ndis_method_header->lpVtbl->Put(ndis_method_header, L
"Header", 0,
888 VariantClear(¶m_variant);
889 if (hr != WBEM_S_NO_ERROR) {
894 V_VT(¶m_variant) = VT_BSTR;
895 V_BSTR(¶m_variant) = utob(net_luid);
896 hr = ndis_method_header->lpVtbl->Put(ndis_method_header, L
"NetLuid", 0,
898 VariantClear(¶m_variant);
899 if (hr != WBEM_S_NO_ERROR) {
904 V_VT(¶m_variant) = VT_BSTR;
905 V_BSTR(¶m_variant) = utob((uint64_t)port_number);
906 hr = ndis_method_header->lpVtbl->Put(ndis_method_header, L
"PortNumber", 0,
908 VariantClear(¶m_variant);
909 if (hr != WBEM_S_NO_ERROR) {
914 V_VT(¶m_variant) = VT_BSTR;
915 V_BSTR(¶m_variant) = utob(request_id);
916 hr = ndis_method_header->lpVtbl->Put(ndis_method_header, L
"RequestId", 0,
918 VariantClear(¶m_variant);
919 if (hr != WBEM_S_NO_ERROR) {
924 V_VT(¶m_variant) = VT_BSTR;
925 V_BSTR(¶m_variant) = utob((uint64_t)timeout);
926 hr = ndis_method_header->lpVtbl->Put(ndis_method_header, L
"Timeout", 0,
928 VariantClear(¶m_variant);
929 if (hr != WBEM_S_NO_ERROR) {
934 V_VT(¶m_variant) = VT_BSTR;
935 V_BSTR(¶m_variant) = utob((uint64_t)0);
936 hr = ndis_method_header->lpVtbl->Put(ndis_method_header, L
"Padding", 0,
938 VariantClear(¶m_variant);
939 if (hr != WBEM_S_NO_ERROR) {
945 ReleaseObject(ndis_object_header);
953 static HRESULT GetNdisOffload(LPCWSTR if_description, uint32_t *offload_flags)
957 ComInstance instance = {};
958 WbemMethod method = {};
959 WbemMethodCall call = {};
961 IWbemClassObject *ndis_method_header = NULL;
962 IWbemClassObject *out_params = NULL;
963 IWbemClassObject *ndis_offload = NULL;
965 if (if_description == NULL) {
967 hr = HRESULT_FROM_WIN32(E_INVALIDARG);
971 LPCWSTR class_name = L
"MSNdis_TcpOffloadCurrentConfig";
972 LPCWSTR instance_name_fmt = L
"%s=\"%s\"";
973 size_t n_chars = wcslen(class_name) + wcslen(if_description) +
974 wcslen(instance_name_fmt);
975 LPWSTR instance_name =
SCMalloc((n_chars + 1) *
sizeof(
wchar_t));
976 if (instance_name == NULL) {
978 "Failed to allocate buffer for instance path");
981 instance_name[n_chars] = 0;
982 hr = StringCchPrintfW(instance_name, n_chars, instance_name_fmt, class_name,
986 "Failed to format WMI class instance name: 0x%" PRIx32,
991 LPCWSTR method_name = L
"WmiQueryCurrentOffloadConfig";
994 hr = ComInstanceInit(&instance, L
"ROOT\\WMI");
1000 hr = GetWbemMethod(&instance, class_name, method_name, &method);
1006 hr = GetWbemMethodCall(&method, instance_name, &call);
1013 VARIANT param_variant;
1014 VariantInit(¶m_variant);
1017 hr = BuildNdisWmiMethodHeader(&instance, 0, 0, 0, 5, &ndis_method_header);
1018 if (hr != WBEM_S_NO_ERROR) {
1021 V_VT(¶m_variant) = VT_UNKNOWN;
1022 V_UNKNOWN(¶m_variant) = NULL;
1023 hr = GetIUnknown(ndis_method_header, &V_UNKNOWN(¶m_variant));
1024 if (hr != WBEM_S_NO_ERROR) {
1029 hr = call.in_params->lpVtbl->Put(call.in_params, L
"Header", 0,
1031 VariantClear(¶m_variant);
1032 if (hr != WBEM_S_NO_ERROR) {
1038 hr = WbemMethodCallExec(&call, &out_params);
1040 size_t if_description_len = wcslen(if_description);
1041 char *if_description_ansi =
SCMalloc(if_description_len + 1);
1042 if (if_description_ansi == NULL) {
1044 "Failed to allocate buffer for interface description");
1047 if_description_ansi[if_description_len] = 0;
1048 wcstombs(if_description_ansi, if_description, if_description_len);
1049 SCLogInfo(
"Obtaining offload state failed, device \"%s\" may not " 1050 "support offload. Error: 0x%" PRIx32,
1051 if_description_ansi, (uint32_t)hr);
1052 SCFree(if_description_ansi);
1053 Win32HResultLogDebug(hr);
1058 hr = WbemGetSubObject(out_params, L
"Offload", &ndis_offload);
1059 if (hr != WBEM_S_NO_ERROR) {
1062 ULONG encapsulation = 0;
1065 hr = GetEncapsulation(ndis_offload, L
"Checksum", L
"IPv4Receive",
1067 if (hr != WBEM_S_NO_ERROR) {
1071 if (encapsulation != 0) {
1072 *offload_flags |= WIN32_TCP_OFFLOAD_FLAG_CSUM_IP4RX;
1074 hr = GetEncapsulation(ndis_offload, L
"Checksum", L
"IPv4Transmit",
1076 if (hr != WBEM_S_NO_ERROR) {
1080 if (encapsulation != 0) {
1081 *offload_flags |= WIN32_TCP_OFFLOAD_FLAG_CSUM_IP4TX;
1083 hr = GetEncapsulation(ndis_offload, L
"Checksum", L
"IPv6Receive",
1085 if (hr != WBEM_S_NO_ERROR) {
1089 if (encapsulation != 0) {
1090 *offload_flags |= WIN32_TCP_OFFLOAD_FLAG_CSUM_IP6RX;
1092 hr = GetEncapsulation(ndis_offload, L
"Checksum", L
"IPv6Transmit",
1094 if (hr != WBEM_S_NO_ERROR) {
1098 if (encapsulation != 0) {
1099 *offload_flags |= WIN32_TCP_OFFLOAD_FLAG_CSUM_IP6TX;
1103 hr = GetEncapsulation(ndis_offload, L
"LsoV1", L
"WmiIPv4", &encapsulation);
1104 if (hr != WBEM_S_NO_ERROR) {
1108 if (encapsulation != 0) {
1109 *offload_flags |= WIN32_TCP_OFFLOAD_FLAG_LSOV1_IP4;
1113 hr = GetEncapsulation(ndis_offload, L
"LsoV2", L
"WmiIPv4", &encapsulation);
1114 if (hr != WBEM_S_NO_ERROR) {
1118 if (encapsulation != 0) {
1119 *offload_flags |= WIN32_TCP_OFFLOAD_FLAG_LSOV2_IP4;
1121 hr = GetEncapsulation(ndis_offload, L
"LsoV2", L
"WmiIPv6", &encapsulation);
1122 if (hr != WBEM_S_NO_ERROR) {
1126 if (encapsulation != 0) {
1127 *offload_flags |= WIN32_TCP_OFFLOAD_FLAG_LSOV2_IP6;
1131 ReleaseObject(ndis_method_header);
1132 ReleaseObject(ndis_offload);
1133 ReleaseObject(out_params);
1135 WbemMethodCallRelease(&call);
1136 WbemMethodRelease(&method);
1137 ComInstanceRelease(&instance);
1142 int GetIfaceOffloadingWin32(
const char *pcap_dev,
int csum,
int other)
1144 SCLogDebug(
"Querying offloading for device %s", pcap_dev);
1146 DWORD err = NO_ERROR;
1148 uint32_t offload_flags = 0;
1151 IP_ADAPTER_ADDRESSES *if_info_list = NULL, *if_info = NULL;
1152 err = Win32GetAdaptersAddresses(&if_info_list);
1153 if (err != NO_ERROR) {
1157 err = Win32FindAdapterAddresses(if_info_list, pcap_dev, &if_info);
1158 if (err != NO_ERROR) {
1162 LPWSTR if_description = if_info->Description;
1165 err = GetNdisOffload(if_description, &offload_flags);
1169 }
else if (offload_flags != 0) {
1171 if ((offload_flags & WIN32_TCP_OFFLOAD_FLAG_CSUM) != 0) {
1176 if ((offload_flags & WIN32_TCP_OFFLOAD_FLAG_LSO) != 0) {
1183 SCLogPerf(
"NIC offloading on %s: Checksum IPv4 Rx: %d Tx: %d IPv6 " 1184 "Rx: %d Tx: %d LSOv1 IPv4: %d LSOv2 IPv4: %d IPv6: %d",
1186 (offload_flags & WIN32_TCP_OFFLOAD_FLAG_CSUM_IP4RX) != 0,
1187 (offload_flags & WIN32_TCP_OFFLOAD_FLAG_CSUM_IP4TX) != 0,
1188 (offload_flags & WIN32_TCP_OFFLOAD_FLAG_CSUM_IP6RX) != 0,
1189 (offload_flags & WIN32_TCP_OFFLOAD_FLAG_CSUM_IP6TX) != 0,
1190 (offload_flags & WIN32_TCP_OFFLOAD_FLAG_LSOV1_IP4) != 0,
1191 (offload_flags & WIN32_TCP_OFFLOAD_FLAG_LSOV2_IP4) != 0,
1192 (offload_flags & WIN32_TCP_OFFLOAD_FLAG_LSOV2_IP6) != 0);
1195 "NIC offloading on %s: Checksum IPv4 Rx: %d Tx: %d IPv6 " 1196 "Rx: %d Tx: %d LSOv1 IPv4: %d LSOv2 IPv4: %d IPv6: %d",
1198 (offload_flags & WIN32_TCP_OFFLOAD_FLAG_CSUM_IP4RX) != 0,
1199 (offload_flags & WIN32_TCP_OFFLOAD_FLAG_CSUM_IP4TX) != 0,
1200 (offload_flags & WIN32_TCP_OFFLOAD_FLAG_CSUM_IP6RX) != 0,
1201 (offload_flags & WIN32_TCP_OFFLOAD_FLAG_CSUM_IP6TX) != 0,
1202 (offload_flags & WIN32_TCP_OFFLOAD_FLAG_LSOV1_IP4) != 0,
1203 (offload_flags & WIN32_TCP_OFFLOAD_FLAG_LSOV2_IP4) != 0,
1204 (offload_flags & WIN32_TCP_OFFLOAD_FLAG_LSOV2_IP6) != 0);
1209 const char *err_str = Win32GetErrorString(err, WmiUtils());
1211 "Failure when trying to get feature via syscall for '%s': " 1212 "%s (0x%08" PRIx32
")",
1213 pcap_dev, err_str, (uint32_t)err);
1214 LocalFree((LPVOID)err_str);
1223 BuildNdisTcpOffloadParameters(ComInstance *instance, uint32_t offload_flags,
1225 IWbemClassObject **p_ndis_tcp_offload_parameters)
1227 HRESULT hr = WBEM_S_NO_ERROR;
1229 IWbemClassObject *ndis_object_header = NULL;
1231 if (instance == NULL || p_ndis_tcp_offload_parameters == NULL ||
1232 *p_ndis_tcp_offload_parameters != NULL) {
1234 hr = HRESULT_FROM_WIN32(E_INVALIDARG);
1235 Win32HResultLogDebug(hr);
1240 hr = GetWbemClassInstance(instance, L
"MSNdis_TcpOffloadParameters",
1241 p_ndis_tcp_offload_parameters);
1242 if (hr != WBEM_S_NO_ERROR) {
1246 VARIANT param_variant;
1247 VariantInit(¶m_variant);
1250 hr = BuildNdisObjectHeader(instance, NDIS_OBJECT_TYPE_DEFAULT,
1251 NDIS_OFFLOAD_PARAMETERS_REVISION_1,
1252 NDIS_SIZEOF_OFFLOAD_PARAMETERS_REVISION_1,
1253 &ndis_object_header);
1254 if (hr != WBEM_S_NO_ERROR) {
1257 V_VT(¶m_variant) = VT_UNKNOWN;
1258 V_UNKNOWN(¶m_variant) = NULL;
1259 hr = GetIUnknown(ndis_object_header, &V_UNKNOWN(¶m_variant));
1260 if (hr != WBEM_S_NO_ERROR) {
1264 IWbemClassObject *ndis_tcp_offload_parameters =
1265 *p_ndis_tcp_offload_parameters;
1268 hr = ndis_tcp_offload_parameters->lpVtbl->Put(
1269 ndis_tcp_offload_parameters, L
"Header", 0, ¶m_variant, 0);
1270 VariantClear(¶m_variant);
1271 if (hr != WBEM_S_NO_ERROR) {
1272 Win32HResultLogDebug(hr);
1277 V_VT(¶m_variant) = VT_BSTR;
1278 V_BSTR(¶m_variant) = utob(NDIS_OFFLOAD_PARAMETERS_NO_CHANGE);
1279 if (!enable && (offload_flags & WIN32_TCP_OFFLOAD_FLAG_CSUM_IP4) != 0) {
1281 V_BSTR(¶m_variant) = utob(NDIS_OFFLOAD_PARAMETERS_TX_RX_DISABLED);
1282 }
else if ((offload_flags & WIN32_TCP_OFFLOAD_FLAG_CSUM_IP4) ==
1283 WIN32_TCP_OFFLOAD_FLAG_CSUM_IP4) {
1285 V_BSTR(¶m_variant) = utob(NDIS_OFFLOAD_PARAMETERS_TX_RX_ENABLED);
1286 }
else if ((offload_flags & WIN32_TCP_OFFLOAD_FLAG_CSUM_IP4RX) != 0) {
1288 V_BSTR(¶m_variant) =
1289 utob(NDIS_OFFLOAD_PARAMETERS_RX_ENABLED_TX_DISABLED);
1290 }
else if ((offload_flags & WIN32_TCP_OFFLOAD_FLAG_CSUM_IP4TX) != 0) {
1292 V_BSTR(¶m_variant) =
1293 utob(NDIS_OFFLOAD_PARAMETERS_TX_ENABLED_RX_DISABLED);
1295 hr = ndis_tcp_offload_parameters->lpVtbl->Put(
1296 ndis_tcp_offload_parameters, L
"IPv4Checksum", 0, ¶m_variant, 0);
1297 if (hr != WBEM_S_NO_ERROR) {
1301 hr = ndis_tcp_offload_parameters->lpVtbl->Put(ndis_tcp_offload_parameters,
1302 L
"TCPIPv4Checksum", 0,
1304 if (hr != WBEM_S_NO_ERROR) {
1308 hr = ndis_tcp_offload_parameters->lpVtbl->Put(ndis_tcp_offload_parameters,
1309 L
"UDPIPv4Checksum", 0,
1311 if (hr != WBEM_S_NO_ERROR) {
1315 VariantClear(¶m_variant);
1318 V_VT(¶m_variant) = VT_BSTR;
1319 V_BSTR(¶m_variant) = utob(NDIS_OFFLOAD_PARAMETERS_NO_CHANGE);
1320 if (!enable && (offload_flags & WIN32_TCP_OFFLOAD_FLAG_CSUM_IP6) != 0) {
1322 V_BSTR(¶m_variant) = utob(NDIS_OFFLOAD_PARAMETERS_TX_RX_DISABLED);
1323 }
else if ((offload_flags & WIN32_TCP_OFFLOAD_FLAG_CSUM_IP6) ==
1324 WIN32_TCP_OFFLOAD_FLAG_CSUM_IP6) {
1326 V_BSTR(¶m_variant) = utob(NDIS_OFFLOAD_PARAMETERS_TX_RX_ENABLED);
1327 }
else if ((offload_flags & WIN32_TCP_OFFLOAD_FLAG_CSUM_IP6RX) != 0) {
1329 V_BSTR(¶m_variant) =
1330 utob(NDIS_OFFLOAD_PARAMETERS_RX_ENABLED_TX_DISABLED);
1331 }
else if ((offload_flags & WIN32_TCP_OFFLOAD_FLAG_CSUM_IP6TX) != 0) {
1333 V_BSTR(¶m_variant) =
1334 utob(NDIS_OFFLOAD_PARAMETERS_TX_ENABLED_RX_DISABLED);
1336 hr = ndis_tcp_offload_parameters->lpVtbl->Put(ndis_tcp_offload_parameters,
1337 L
"TCPIPv6Checksum", 0,
1339 if (hr != WBEM_S_NO_ERROR) {
1343 hr = ndis_tcp_offload_parameters->lpVtbl->Put(ndis_tcp_offload_parameters,
1344 L
"UDPIPv6Checksum", 0,
1346 if (hr != WBEM_S_NO_ERROR) {
1350 VariantClear(¶m_variant);
1353 V_VT(¶m_variant) = VT_BSTR;
1354 V_BSTR(¶m_variant) = utob(NDIS_OFFLOAD_PARAMETERS_NO_CHANGE);
1355 if ((offload_flags & WIN32_TCP_OFFLOAD_FLAG_LSOV1_IP4) != 0) {
1357 V_BSTR(¶m_variant) =
1358 utob(NDIS_OFFLOAD_PARAMETERS_LSOV1_ENABLED);
1360 V_BSTR(¶m_variant) =
1361 utob(NDIS_OFFLOAD_PARAMETERS_LSOV1_DISABLED);
1364 hr = ndis_tcp_offload_parameters->lpVtbl->Put(
1365 ndis_tcp_offload_parameters, L
"LsoV1", 0, ¶m_variant, 0);
1366 if (hr != WBEM_S_NO_ERROR) {
1370 VariantClear(¶m_variant);
1373 V_VT(¶m_variant) = VT_BSTR;
1374 V_BSTR(¶m_variant) = utob(NDIS_OFFLOAD_PARAMETERS_NO_CHANGE);
1375 if ((offload_flags & WIN32_TCP_OFFLOAD_FLAG_LSOV2_IP4) != 0) {
1377 V_BSTR(¶m_variant) =
1378 utob(NDIS_OFFLOAD_PARAMETERS_LSOV2_ENABLED);
1380 V_BSTR(¶m_variant) =
1381 utob(NDIS_OFFLOAD_PARAMETERS_LSOV2_DISABLED);
1384 hr = ndis_tcp_offload_parameters->lpVtbl->Put(
1385 ndis_tcp_offload_parameters, L
"LsoV2IPv4", 0, ¶m_variant, 0);
1386 if (hr != WBEM_S_NO_ERROR) {
1390 VariantClear(¶m_variant);
1393 V_VT(¶m_variant) = VT_BSTR;
1394 V_BSTR(¶m_variant) = utob(NDIS_OFFLOAD_PARAMETERS_NO_CHANGE);
1395 if ((offload_flags & WIN32_TCP_OFFLOAD_FLAG_LSOV2_IP6) != 0) {
1397 V_BSTR(¶m_variant) =
1398 utob(NDIS_OFFLOAD_PARAMETERS_LSOV2_ENABLED);
1400 V_BSTR(¶m_variant) =
1401 utob(NDIS_OFFLOAD_PARAMETERS_LSOV2_DISABLED);
1404 hr = ndis_tcp_offload_parameters->lpVtbl->Put(
1405 ndis_tcp_offload_parameters, L
"LsoV2IPv6", 0, ¶m_variant, 0);
1406 if (hr != WBEM_S_NO_ERROR) {
1410 VariantClear(¶m_variant);
1413 V_VT(¶m_variant) = VT_BSTR;
1414 V_BSTR(¶m_variant) = utob(NDIS_OFFLOAD_PARAMETERS_NO_CHANGE);
1415 hr = ndis_tcp_offload_parameters->lpVtbl->Put(
1416 ndis_tcp_offload_parameters, L
"IPSec", 0, ¶m_variant, 0);
1417 if (hr != WBEM_S_NO_ERROR) {
1421 hr = ndis_tcp_offload_parameters->lpVtbl->Put(ndis_tcp_offload_parameters,
1422 L
"TcpConnectionIPv4", 0,
1424 if (hr != WBEM_S_NO_ERROR) {
1428 hr = ndis_tcp_offload_parameters->lpVtbl->Put(ndis_tcp_offload_parameters,
1429 L
"TcpConnectionIPv6", 0,
1431 if (hr != WBEM_S_NO_ERROR) {
1435 hr = ndis_tcp_offload_parameters->lpVtbl->Put(
1436 ndis_tcp_offload_parameters, L
"Flags", 0, ¶m_variant, 0);
1437 if (hr != WBEM_S_NO_ERROR) {
1444 VariantClear(¶m_variant);
1449 static HRESULT SetNdisOffload(LPCWSTR if_description, uint32_t offload_flags,
1454 ComInstance instance = {};
1455 WbemMethod method = {};
1456 WbemMethodCall call = {};
1459 IWbemClassObject *ndis_method_header = NULL;
1461 IWbemClassObject *ndis_tcp_offload_parameters = NULL;
1463 if (if_description == NULL) {
1465 return E_INVALIDARG;
1468 LPCWSTR class_name = L
"MSNdis_SetTcpOffloadParameters";
1469 LPCWSTR instance_name_fmt = L
"%s=\"%s\"";
1470 size_t n_chars = wcslen(class_name) + wcslen(if_description) +
1471 wcslen(instance_name_fmt);
1472 LPWSTR instance_name =
SCMalloc((n_chars + 1) *
sizeof(
wchar_t));
1473 if (instance_name == NULL) {
1475 "Failed to allocate buffer for instance path");
1478 instance_name[n_chars] = 0;
1479 hr = StringCchPrintfW(instance_name, n_chars, instance_name_fmt, class_name,
1483 "Failed to format WMI class instance name: 0x%" PRIx32,
1489 LPCWSTR method_name = L
"WmiSetTcpOffloadParameters";
1492 hr = ComInstanceInit(&instance, L
"ROOT\\WMI");
1498 hr = GetWbemMethod(&instance, class_name, method_name, &method);
1504 hr = GetWbemMethodCall(&method, instance_name, &call);
1511 VARIANT param_variant;
1512 VariantInit(¶m_variant);
1515 hr = BuildNdisWmiMethodHeader(&instance, 0, 0, 0, 5, &ndis_method_header);
1516 if (hr != WBEM_S_NO_ERROR) {
1520 V_VT(¶m_variant) = VT_UNKNOWN;
1521 V_UNKNOWN(¶m_variant) = NULL;
1522 hr = GetIUnknown(ndis_method_header, &V_UNKNOWN(¶m_variant));
1523 if (hr != WBEM_S_NO_ERROR) {
1526 hr = call.in_params->lpVtbl->Put(call.in_params, L
"MethodHeader", 0,
1528 VariantClear(¶m_variant);
1529 if (hr != WBEM_S_NO_ERROR) {
1530 Win32HResultLogDebug(hr);
1535 hr = BuildNdisTcpOffloadParameters(&instance, offload_flags, enable,
1536 &ndis_tcp_offload_parameters);
1537 if (hr != WBEM_S_NO_ERROR) {
1541 V_VT(¶m_variant) = VT_UNKNOWN;
1542 V_UNKNOWN(¶m_variant) = NULL;
1543 hr = GetIUnknown(ndis_tcp_offload_parameters, &V_UNKNOWN(¶m_variant));
1544 if (hr != WBEM_S_NO_ERROR) {
1547 hr = call.in_params->lpVtbl->Put(call.in_params, L
"TcpOffloadParameters", 0,
1549 VariantClear(¶m_variant);
1550 if (hr != WBEM_S_NO_ERROR) {
1551 Win32HResultLogDebug(hr);
1556 hr = WbemMethodCallExec(&call, NULL);
1558 Win32HResultLogDebug(hr);
1563 ReleaseObject(ndis_tcp_offload_parameters);
1564 ReleaseObject(ndis_method_header);
1566 WbemMethodCallRelease(&call);
1567 WbemMethodRelease(&method);
1568 ComInstanceRelease(&instance);
1573 int DisableIfaceOffloadingWin32(
LiveDevice *ldev,
int csum,
int other)
1575 SCLogDebug(
"Disabling offloading for device %s", ldev->
dev);
1578 DWORD err = NO_ERROR;
1579 uint32_t offload_flags = 0;
1586 IP_ADAPTER_ADDRESSES *if_info_list = NULL, *if_info = NULL;
1587 err = Win32GetAdaptersAddresses(&if_info_list);
1588 if (err != NO_ERROR) {
1592 err = Win32FindAdapterAddresses(if_info_list, ldev->
dev, &if_info);
1593 if (err != NO_ERROR) {
1597 LPWSTR if_description = if_info->Description;
1599 err = GetNdisOffload(if_description, &offload_flags);
1606 offload_flags &= ~WIN32_TCP_OFFLOAD_FLAG_CSUM;
1609 offload_flags &= ~WIN32_TCP_OFFLOAD_FLAG_LSO;
1612 err = SetNdisOffload(if_description, offload_flags, 0);
1624 int RestoreIfaceOffloadingWin32(
LiveDevice *ldev)
1629 DWORD err = NO_ERROR;
1636 IP_ADAPTER_ADDRESSES *if_info_list = NULL, *if_info = NULL;
1637 err = Win32GetAdaptersAddresses(&if_info_list);
1638 if (err != NO_ERROR) {
1642 err = Win32FindAdapterAddresses(if_info_list, ldev->
dev, &if_info);
1643 if (err != NO_ERROR) {
1647 LPWSTR if_description = if_info->Description;
1649 err = SetNdisOffload(if_description, ldev->
offload_orig, 1);
1664 static int Win32TestStripPcapPrefix(
void)
1668 const char *name1 =
"\\Device\\NPF_{D4A32435-1BA7-4008-93A6-1518AA4BBD9B}";
1669 const char *expect_name1 =
"{D4A32435-1BA7-4008-93A6-1518AA4BBD9B}";
1671 const char *name2 =
"{D4A32435-1BA7-4008-93A6-1518AA4BBD9B}";
1672 const char *expect_name2 =
"{D4A32435-1BA7-4008-93A6-1518AA4BBD9B}";
1674 result &= (strncmp(expect_name1, StripPcapPrefix(name1),
1675 strlen(expect_name1)) == 0);
1677 result &= (strncmp(expect_name2, StripPcapPrefix(name2),
1678 strlen(expect_name2)) == 0);
1684 void Win32SyscallRegisterTests()
1687 UtRegisterTest(
"Win32TestStripPcapPrefix", Win32TestStripPcapPrefix);
SCLogLevel
The various log levels NOTE: when adding new level, don't forget to update SCLogMapLogLevelToSyslogLe...
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
#define SCLogWarning(err_code,...)
Macro used to log WARNING messages.
#define SCLog(x, file, func, line,...)
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
1.8.11 
