More robust way to get a version info

The current way to get a version information is to open DCO device and make IOCTL call. This has a few issues: - If DCO device is already in use, an another app won't be to get the version, since the device is exclusive - With the multiple DCO devices there is a high chance that \\.\ovpn-dco device, which we use to get version information, is already in use. To open another device, we use via device interface enumeration, which requires a lot of boilerplate code to work. To make it easier for userspace to get the device version, create a non-exclusive control device \\.\ovpn-dco-ver which supports single IOCTL to get the version number. This device is created when the first network device is created and removed with the last network device. Bump version to 1.3.0. OpenVPN#75 Signed-off-by: Lev Stipakov <[email protected]>
lstipakov · Aug 12, 2024 · f4adb27 · f4adb27
1 parent ed455c4
commit f4adb27
Show file tree

Hide file tree

Showing 7 changed files with 224 additions and 38 deletions.
diff --git a/Driver.cpp b/Driver.cpp
@@ -26,6 +26,7 @@
 #include <wdfrequest.h>
 
 #include "bufferpool.h"
+#include "control.h"
 #include "driver.h"
 #include "trace.h"
 #include "peer.h"
@@ -49,13 +50,27 @@ OvpnEvtDriverUnload(_In_ WDFDRIVER driver)
 {
     UNREFERENCED_PARAMETER(driver);
 
+    LOG_ENTER();
+    LOG_EXIT();
+
     TraceLoggingUnregister(g_hOvpnEtwProvider);
 
     // tail call optimization incorrectly eliminates TraceLoggingUnregister() call
     // add __nop() to prevent TCO
     __nop();
 }
 
+EVT_WDF_OBJECT_CONTEXT_CLEANUP OvpnEvtDriverCleanup;
+
+_Use_decl_annotations_
+VOID OvpnEvtDriverCleanup(_In_ WDFOBJECT driver)
+{
+    UNREFERENCED_PARAMETER(driver);
+
+    LOG_ENTER();
+    LOG_EXIT();
+}
+
 EXTERN_C DRIVER_INITIALIZE DriverEntry;
 
 #ifdef ALLOC_PRAGMA
@@ -80,6 +95,7 @@ DriverEntry(_In_ PDRIVER_OBJECT driverObject, _In_ PUNICODE_STRING registryPath)
     WDF_OBJECT_ATTRIBUTES driverAttrs;
     WDF_OBJECT_ATTRIBUTES_INIT(&driverAttrs);
     WDF_OBJECT_ATTRIBUTES_SET_CONTEXT_TYPE(&driverAttrs, OVPN_DRIVER);
+    driverAttrs.EvtCleanupCallback = OvpnEvtDriverCleanup;
 
     WDF_DRIVER_CONFIG driverConfig;
     WDF_DRIVER_CONFIG_INIT(&driverConfig, OvpnEvtDeviceAdd);
@@ -212,26 +228,6 @@ OvpnEvtIoWrite(WDFQUEUE queue, WDFREQUEST request, size_t length)
     ExReleaseSpinLockShared(&device->SpinLock, kiqrl);
 }
 
-NTSTATUS
-OvpnGetVersion(WDFREQUEST request, _Out_ ULONG_PTR* bytesReturned)
-{
-    *bytesReturned = 0;
-
-    NTSTATUS status;
-    POVPN_VERSION version = NULL;
-    GOTO_IF_NOT_NT_SUCCESS(done, status, WdfRequestRetrieveOutputBuffer(request, sizeof(OVPN_VERSION), (PVOID*)&version, NULL));
-
-    version->Major = OVPN_DCO_VERSION_MAJOR;
-    version->Minor = OVPN_DCO_VERSION_MINOR;
-    version->Patch = OVPN_DCO_VERSION_PATCH;
-
-    *bytesReturned = sizeof(OVPN_VERSION);
-
-done:
-    return status;
-}
-
-
 EVT_WDF_IO_QUEUE_IO_DEVICE_CONTROL OvpnEvtIoDeviceControl;
 
 _Use_decl_annotations_
@@ -336,6 +332,16 @@ VOID OvpnEvtDeviceCleanup(WDFOBJECT obj) {
     device->Adapter = WDF_NO_HANDLE;
     ExReleaseSpinLockExclusive(&device->SpinLock, irql);
 
+    // delete control device if there are no devices left
+    POVPN_DRIVER driverCtx = OvpnGetDriverContext(WdfGetDriver());
+    LONG deviceCount = InterlockedDecrement(&driverCtx->DeviceCount);
+    LOG_INFO("Device count", TraceLoggingValue(deviceCount, "deviceCount"));
+    if ((deviceCount == 0) && (driverCtx->ControlDevice != NULL)) {
+        LOG_INFO("Delete control device");
+        WdfObjectDelete(driverCtx->ControlDevice);
+        driverCtx->ControlDevice = NULL;
+    }
+
     LOG_EXIT();
 }
 
@@ -433,6 +439,17 @@ OvpnEvtDeviceAdd(WDFDRIVER wdfDriver, PWDFDEVICE_INIT deviceInit) {
     WDFDEVICE wdfDevice;
     GOTO_IF_NOT_NT_SUCCESS(done, status, WdfDeviceCreate(&deviceInit, &objAttributes, &wdfDevice));
 
+    POVPN_DRIVER driverCtx = OvpnGetDriverContext(WdfGetDriver());
+    InterlockedIncrement(&driverCtx->DeviceCount);
+
+    LOG_INFO("Device count", TraceLoggingValue(driverCtx->DeviceCount, "count"));
+
+    if (driverCtx->DeviceCount == 1)
+    {
+        // create non-exclusive control device to get the version information
+        GOTO_IF_NOT_NT_SUCCESS(done, status, OvpnCreateControlDevice(wdfDriver));
+    }
+
     // this will fail if one device has already been created but that's ok, since
     // openvpn2/3 accesses devices via Device Interface GUID, and symlink is used only by test client.
     LOG_IF_NOT_NT_SUCCESS(WdfDeviceCreateSymbolicLink(wdfDevice, &symLink));

diff --git a/Driver.h b/Driver.h
@@ -47,6 +47,8 @@ EVT_WDF_IO_QUEUE_IO_DEVICE_CONTROL OvpnEvtIoDeviceControl;
 typedef struct _OVPN_DRIVER {
     WSK_PROVIDER_NPI WskProviderNpi;
     WSK_REGISTRATION WskRegistration;
+    WDFDEVICE ControlDevice;
+    LONG DeviceCount;
 } OVPN_DRIVER, * POVPN_DRIVER;
 WDF_DECLARE_CONTEXT_TYPE_WITH_NAME(OVPN_DRIVER, OvpnGetDriverContext)
 

diff --git a/PropertySheet.props b/PropertySheet.props
@@ -3,8 +3,8 @@
   <ImportGroup Label="PropertySheets" />
   <PropertyGroup Label="UserMacros">
     <OVPN_DCO_VERSION_MAJOR>1</OVPN_DCO_VERSION_MAJOR>
-    <OVPN_DCO_VERSION_MINOR>2</OVPN_DCO_VERSION_MINOR>
-    <OVPN_DCO_VERSION_PATCH>1</OVPN_DCO_VERSION_PATCH>
+    <OVPN_DCO_VERSION_MINOR>3</OVPN_DCO_VERSION_MINOR>
+    <OVPN_DCO_VERSION_PATCH>0</OVPN_DCO_VERSION_PATCH>
   </PropertyGroup>
   <PropertyGroup />
   <ItemDefinitionGroup>

diff --git a/control.cpp b/control.cpp
@@ -0,0 +1,128 @@
+/*
+ *  ovpn-dco-win OpenVPN protocol accelerator for Windows
+ *
+ *  Copyright (C) 2024- OpenVPN Inc <[email protected]>
+ *
+ *  Author:	Lev Stipakov <[email protected]>
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License version 2
+ *  as published by the Free Software Foundation.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License along
+ *  with this program; if not, write to the Free Software Foundation, Inc.,
+ *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include "control.h"
+#include "Driver.h"
+#include "uapi\ovpn-dco.h"
+#include "trace.h"
+
+_Use_decl_annotations_
+NTSTATUS
+OvpnGetVersion(WDFREQUEST request, ULONG_PTR* bytesReturned)
+{
+    LOG_ENTER();
+
+    *bytesReturned = 0;
+
+    NTSTATUS status;
+    POVPN_VERSION version = NULL;
+    GOTO_IF_NOT_NT_SUCCESS(done, status, WdfRequestRetrieveOutputBuffer(request, sizeof(OVPN_VERSION), (PVOID*)&version, NULL));
+
+    version->Major = OVPN_DCO_VERSION_MAJOR;
+    version->Minor = OVPN_DCO_VERSION_MINOR;
+    version->Patch = OVPN_DCO_VERSION_PATCH;
+
+    LOG_INFO("Version", TraceLoggingValue(version->Major, "Major"), TraceLoggingValue(version->Minor, "Minor"), TraceLoggingValue(version->Patch, "Patch"));
+
+    *bytesReturned = sizeof(OVPN_VERSION);
+
+done:
+    LOG_EXIT();
+
+    return status;
+}
+
+EVT_WDF_IO_QUEUE_IO_DEVICE_CONTROL OvpnEvtControlDeviceIOControl;
+
+VOID
+OvpnEvtControlDeviceIOControl(WDFQUEUE queue, WDFREQUEST request, size_t outputBufferLength, size_t inputBufferLength, ULONG ioControlCode)
+{
+    UNREFERENCED_PARAMETER(queue);
+    UNREFERENCED_PARAMETER(inputBufferLength);
+    UNREFERENCED_PARAMETER(outputBufferLength);
+
+    NTSTATUS status = STATUS_SUCCESS;
+    ULONG_PTR bytesReturned = 0;
+
+    switch (ioControlCode)
+    {
+    case OVPN_IOCTL_GET_VERSION:
+        status = OvpnGetVersion(request, &bytesReturned);
+        break;
+
+    default:
+        status = STATUS_INVALID_DEVICE_REQUEST;
+        break;
+    }
+
+    WdfRequestCompleteWithInformation(request, status, bytesReturned);
+}
+
+NTSTATUS
+OvpnCreateControlDevice(WDFDRIVER wdfDriver)
+{
+    LOG_ENTER();
+
+    DECLARE_CONST_UNICODE_STRING(symLink, L"\\DosDevices\\ovpn-dco-ver"); // this will be used by CreateFile
+    DECLARE_CONST_UNICODE_STRING(deviceName, L"\\Device\\ovpn-dco-ver"); // this is required tp create symlink
+
+    // allocate control device initialization structure
+    PWDFDEVICE_INIT deviceInit = WdfControlDeviceInitAllocate(wdfDriver, &SDDL_DEVOBJ_SYS_ALL_ADM_RWX_WORLD_R_RES_R);
+    if (deviceInit == NULL)
+    {
+        return STATUS_INSUFFICIENT_RESOURCES;
+    }
+
+    // create the control device
+    WDF_OBJECT_ATTRIBUTES deviceAttributes;
+    WDF_OBJECT_ATTRIBUTES_INIT(&deviceAttributes);
+    WDFDEVICE controlDevice;
+    NTSTATUS status;
+
+    GOTO_IF_NOT_NT_SUCCESS(done, status, WdfDeviceInitAssignName(deviceInit, &deviceName));
+    GOTO_IF_NOT_NT_SUCCESS(done, status, WdfDeviceCreate(&deviceInit, &deviceAttributes, &controlDevice));
+
+    POVPN_DRIVER driverCtx = OvpnGetDriverContext(WdfGetDriver());
+    driverCtx->ControlDevice = controlDevice;
+
+    // symlink for control device
+    GOTO_IF_NOT_NT_SUCCESS(done, status, WdfDeviceCreateSymbolicLink(controlDevice, &symLink));
+
+    // queue to handle IO
+    WDF_IO_QUEUE_CONFIG queueConfig;
+    WDF_IO_QUEUE_CONFIG_INIT_DEFAULT_QUEUE(&queueConfig, WdfIoQueueDispatchParallel);
+    queueConfig.EvtIoDeviceControl = OvpnEvtControlDeviceIOControl;
+    WDFQUEUE queue;
+    GOTO_IF_NOT_NT_SUCCESS(done, status, WdfIoQueueCreate(controlDevice, &queueConfig, WDF_NO_OBJECT_ATTRIBUTES, &queue));
+
+    // Complete the control device initialization
+    WdfControlFinishInitializing(controlDevice);
+
+ done:
+    if (deviceInit)
+    {
+        WdfDeviceInitFree(deviceInit);
+    }
+
+    LOG_EXIT();
+
+    return status;
+}
diff --git a/control.h b/control.h
@@ -0,0 +1,31 @@
+/*
+ *  ovpn-dco-win OpenVPN protocol accelerator for Windows
+ *
+ *  Copyright (C) 2024- OpenVPN Inc <[email protected]>
+ *
+ *  Author:	Lev Stipakov <[email protected]>
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License version 2
+ *  as published by the Free Software Foundation.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License along
+ *  with this program; if not, write to the Free Software Foundation, Inc.,
+ *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#pragma once
+
+#include <ntddk.h>
+#include <wdf.h>
+
+NTSTATUS
+OvpnGetVersion(WDFREQUEST request, _Out_ ULONG_PTR* bytesReturned);
+
+NTSTATUS
+OvpnCreateControlDevice(WDFDRIVER wdfDriver);