Bitdefender Hypervisor Memory Introspection
intronet.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2020 Bitdefender
3  * SPDX-License-Identifier: Apache-2.0
4  */
5 #include "intronet.h"
6 #include "guests.h"
7 
8 
9 _Success_(return > 0)
10 DWORD
11 IntNetAddrToStr(
12  _In_ const INTRO_NET_AF Family,
13  _In_ const INTRONET_ADDRESS *Address,
14  _Out_writes_(INTRONET_MIN_BUFFER_SIZE) CHAR *String
15  )
27 {
28  DWORD written = 0;
29  int ret;
30  int rem = INTRONET_MIN_BUFFER_SIZE;
31 
32  if (NULL == Address || NULL == String)
33  {
34  return 0;
35  }
36 
37  if (introNetAfIpv4 == Family)
38  {
39  ret = snprintf(String, rem, "%d.%d.%d.%d",
40  Address->Ipv4[0], Address->Ipv4[1], Address->Ipv4[2], Address->Ipv4[3]);
41  if (ret < 0 || ret >= rem)
42  {
43  ERROR("[ERROR] snprintf error: %d, size %d\n", ret, rem);
44  return 0;
45  }
46 
47  written += ret;
48  rem -= ret;
49  }
50  else if (introNetAfIpv6 == Family)
51  {
52  CHAR *format = NULL;
53  BOOLEAN first = TRUE;
54  WORD toPrint = 0;
55 
56  ret = snprintf(String, rem, "[");
57  if (ret < 0 || ret >= rem)
58  {
59  ERROR("[ERROR] snprintf error: %d, size %d\n", ret, rem);
60  return ret;
61  }
62 
63  written += ret;
64  rem -= ret;
65 
66  // Iterate up to 14 since we don't want to print the last two BYTEs inside this loop.
67  for (DWORD i = 0; i < 14; i += 2)
68  {
69  toPrint = Address->Ipv6[i] << 8 | Address->Ipv6[i + 1];
70 
71  if (0 != toPrint)
72  {
73  format = first ? "%04x" : ":%04x";
74 
75  ret = snprintf(String + written, rem, format, toPrint);
76  if (ret < 0 || ret >= rem)
77  {
78  ERROR("[ERROR] snprintf error: %d, size %d\n", ret, rem);
79  return 0;
80  }
81 
82  written += ret;
83  rem -= ret;
84  }
85  else if (first)
86  {
87  ret = snprintf(String + written, rem, ":");
88  if (ret < 0 || ret >= rem)
89  {
90  ERROR("[ERROR] snprintf error: %d, size %d\n", ret, rem);
91  return 0;
92  }
93 
94  written += ret;
95  rem -= ret;
96  }
97 
98  first = FALSE;
99  }
100 
101  format = ":%x]";
102  toPrint = Address->Ipv6[14] << 8 | Address->Ipv6[15];
103 
104  ret = snprintf(String + written, rem, format, toPrint);
105  if (ret < 0 || ret >= rem)
106  {
107  ERROR("[ERROR] snprintf error: %d, size %d\n", ret, rem);
108  return 0;
109  }
110 
111  written += ret;
112  rem -= ret;
113  }
114 
115  return written;
116 }
117 
118 
119 static __forceinline INTRO_NET_STATE
120 IntNetConvertStateLix(
121  _In_ const LIX_SOCK_STATE State
122  )
131 {
132  switch (State)
133  {
134  case LIX_TCP_ESTABLISHED:
135  return introNetStateEstablished;
136  case LIX_TCP_SYN_SENT:
137  return introNetStateSynSent;
138  case LIX_TCP_SYN_RECV:
139  return introNetStateSynRecv;
140  case LIX_TCP_FIN_WAIT1:
141  return introNetStateFinWait;
142  case LIX_TCP_FIN_WAIT2:
143  return introNetStateFinWait2;
144  case LIX_TCP_TIME_WAIT:
145  return introNetStateTimeWait;
146  case LIX_TCP_CLOSE:
147  return introNetStateClosed;
148  case LIX_TCP_CLOSE_WAIT:
149  return introNetStateCloseWait;
150  case LIX_TCP_LAST_ACK:
151  return introNetStateLastAck;
152  case LIX_TCP_LISTEN:
153  return introNetStateListening;
154  case LIX_TCP_CLOSING:
155  return introNetStateClosing;
156  case LIX_TCP_NEW_SYN_RECV:
157  return introNetStateNewSynRecv;
158  default:
159  return introNetStateUnknown;
160  }
161 }
162 
163 
164 static __forceinline INTRO_NET_STATE
165 IntNetConvertStateWin(
166  _In_ const WIN_SOCK_STATE State
167  )
176 {
177  switch (State)
178  {
179  case WIN_TCP_CLOSED:
180  return introNetStateClosed;
181  case WIN_TCP_LISTENING:
182  return introNetStateListening;
183  case WIN_TCP_SYN_SENT:
184  return introNetStateSynSent;
185  case WIN_TCP_SYN_RECV:
186  return introNetStateSynRecv;
187  case WIN_TCP_ESTABLISHED:
188  return introNetStateEstablished;
189  case WIN_TCP_FIN_WAIT:
190  return introNetStateFinWait;
191  case WIN_TCP_FIN_WAIT2:
192  return introNetStateFinWait2;
193  case WIN_TCP_CLOSE_WAIT:
194  return introNetStateCloseWait;
195  case WIN_TCP_CLOSING:
196  return introNetStateClosing;
197  case WIN_TCP_LAST_ACK:
198  return introNetStateLastAck;
199  case WIN_TCP_TIME_WAIT:
200  return introNetStateTimeWait;
201  case WIN_TCP_DELETE_TCB:
202  return introNetStateDeleteTcb;
203  default:
204  return introNetStateUnknown;
205  }
206 }
207 
208 
209 INTRO_NET_STATE
210 IntNetConvertState(
211  _In_ const DWORD State
212  )
221 {
222  switch (gGuest.OSType)
223  {
224  case introGuestLinux:
225  return IntNetConvertStateLix(State);
226 
227  case introGuestWindows:
228  return IntNetConvertStateWin(State);
229 
230  default:
231  return introNetStateUnknown;
232  }
233 }
BOOLEAN
_Bool BOOLEAN
Definition: intro_types.h:58
_In_
#define _In_
Definition: intro_sal.h:21
introNetStateClosing
Definition: intro_types.h:322
WORD
uint16_t WORD
Definition: intro_types.h:48
_Success_
#define _Success_(expr)
Definition: intro_sal.h:47
introNetStateFinWait
Definition: intro_types.h:315
IntNetConvertStateLix
static INTRO_NET_STATE IntNetConvertStateLix(const LIX_SOCK_STATE State)
Converts a Linux specific connection state to an Introcore connection state.
Definition: intronet.c:120
INTRO_NET_STATE
enum _INTRO_NET_STATE INTRO_NET_STATE
Connection states.
WIN_SOCK_STATE
enum _WIN_SOCK_STATE WIN_SOCK_STATE
The states in which a Windows socket can be in.
ERROR
#define ERROR(fmt,...)
Definition: glue.h:62
introNetStateSynSent
Definition: intro_types.h:313
introNetAfIpv4
IPv4.
Definition: intro_types.h:300
_GUEST_STATE::OSType
INTRO_GUEST_TYPE OSType
The type of the guest.
Definition: guests.h:278
_Out_writes_
#define _Out_writes_(expr)
Definition: intro_sal.h:28
introNetStateFinWait2
Definition: intro_types.h:316
introNetStateListening
Definition: intro_types.h:321
INTRONET_MIN_BUFFER_SIZE
#define INTRONET_MIN_BUFFER_SIZE
The minimum buffer size needed for the textual representation of an IP address.
Definition: intronet.h:12
introNetStateDeleteTcb
Available only on Windows.
Definition: intro_types.h:324
IntNetConvertStateWin
static INTRO_NET_STATE IntNetConvertStateWin(const WIN_SOCK_STATE State)
Converts a Windows specific connection state to an Introcore connection state.
Definition: intronet.c:165
introGuestLinux
Linux.
Definition: intro_types.h:2044
introNetStateUnknown
Definition: intro_types.h:326
introNetStateLastAck
Definition: intro_types.h:320
TRUE
#define TRUE
Definition: intro_types.h:30
IntNetConvertState
INTRO_NET_STATE IntNetConvertState(const DWORD State)
Converts a guest connection state to an Introcore connection state.
Definition: intronet.c:210
introNetStateTimeWait
Definition: intro_types.h:317
introGuestWindows
Windows.
Definition: intro_types.h:2043
__forceinline
#define __forceinline
Definition: introtypes.h:61
DWORD
uint32_t DWORD
Definition: intro_types.h:49
IntNetAddrToStr
DWORD IntNetAddrToStr(const INTRO_NET_AF Family, const INTRONET_ADDRESS *Address, CHAR *String)
Converts an IP address to a string.
Definition: intronet.c:11
introNetStateSynRecv
Definition: intro_types.h:314
gGuest
GUEST_STATE gGuest
The current guest state.
Definition: guests.c:50
introNetStateCloseWait
Definition: intro_types.h:319
LIX_SOCK_STATE
enum _LIX_SOCK_STATE LIX_SOCK_STATE
introNetStateNewSynRecv
Available only on Linux.
Definition: intro_types.h:323
_INTRONET_ADDRESS
An IP address.
Definition: intronet.h:16
introNetStateEstablished
Definition: intro_types.h:312
INTRO_NET_AF
enum _INTRO_NET_AF INTRO_NET_AF
Address family.
introNetAfIpv6
IPv6.
Definition: intro_types.h:301
CHAR
char CHAR
Definition: intro_types.h:56
introNetStateClosed
Definition: intro_types.h:318
FALSE
#define FALSE
Definition: intro_types.h:34