windivert

package module
v0.0.0-...-4077f26 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 16, 2025 License: GPL-3.0 Imports: 24 Imported by: 0

README

go-WinDivert2

Go bindings for WinDivert 2.x

ChangeLogs

Thanks

Documentation

Index

Constants

View Source 
const (
	FlagDefault   uint64 = 0
	FlagSniff     uint64 = 1
	FlagDrop      uint64 = 2
	FlagDebug     uint64 = 4
	FlagRecvOnly  uint64 = 8
	FlagSendOnly  uint64 = 16
	FlagNoInstall uint64 = 32
	FlagFragments uint64 = 64
)

Flags for WinDivertOpen()

View Source 
const (
	PriorityDefault    = 0
	QueueLengthDefault = 512
	QueueLengthMin     = 32
	QueueLengthMax     = 16384
	QueueTimeDefault   = 2000
	QueueTimeMin       = 100
	QueueTimeMax       = 16000
	QueueSizeDefault   = 4194304
	QueueSizeMin       = 65535
	QueueSizeMax       = 33554432
)

Default values

View Source 
const (
	BatchMax = 0xff
	MTUMax   = 40 + 0xffff
)
View Source 
const (
	CtlCodeInitialize = CtlCode(0x921)
	CtlCodeStartup    = CtlCode(0x922)
	CtlCodeRecv       = CtlCode(0x923)
	CtlCodeSend       = CtlCode(0x924)
	CtlCodeSetParam   = CtlCode(0x925)
	CtlCodeGetParam   = CtlCode(0x926)
	CtlCodeShutdown   = CtlCode(0x927)
)
View Source 
const (
	FIN = 1 << 0
	SYN = 1 << 1
	RST = 1 << 2
	PSH = 1 << 3
	ACK = 1 << 4
	UGR = 1 << 5
	ECE = 1 << 6
	CWR = 1 << 7
)
View Source 
const (
	METHOD_BUFFERED   = 0
	METHOD_IN_DIRECT  = 1
	METHOD_OUT_DIRECT = 2
	METHOD_NEITHER    = 3
)
View Source 
const (
	FILE_READ_DATA  = 1
	FILE_WRITE_DATA = 2
)
View Source 
const (
	FILE_DEVICE_NETWORK             = 0x00000012
	FILE_DEVICE_NETWORK_BROWSER     = 0x00000013
	FILE_DEVICE_NETWORK_FILE_SYSTEM = 0x00000014
	FILE_DEVICE_NETWORK_REDIRECTOR  = 0x00000028
)

Variables

View Source 
var (
	ErrNoData          = windows.WSAEWOULDBLOCK
	ErrHostUnreachable = windows.WSAEHOSTUNREACH
)
View Source 
var (
	ErrNoData          = syscall.WSAEWOULDBLOCK
	ErrHostUnreachable = syscall.WSAEHOSTUNREACH
)
View Source 
var (
	// WinDivert is the DLL instance
	WinDivert = (*windows.DLL)(nil)
	// WinDivertOpen is the WinDivertOpen procedure
	WinDivertOpen = (*windows.Proc)(nil)
	// WinDivertSys is the path to WinDivert sys file
	WinDivertSys = ""
	// WinDivertDll is the path to WinDivert dll file
	WinDivertDll = ""
	// DeviceName is the WinDivert device name
	DeviceName = windows.StringToUTF16Ptr("WinDivert")
)
View Source 
var (
	// WinDivert is the DLL instance
	WinDivert = (*windows.DLL)(nil)
	// WinDivertOpen is the WinDivertOpen procedure
	WinDivertOpen = (*windows.Proc)(nil)
	// WinDivertSys is the path to WinDivert sys file
	WinDivertSys = ""
	// WinDivertDll is the path to WinDivert dll file
	WinDivertDll = ""
	// DeviceName is the WinDivert device name
	DeviceName = windows.StringToUTF16Ptr("WinDivert")
)
View Source 
var (
	IoCtlInitialize = CTL_CODE(FILE_DEVICE_NETWORK, 0x921, METHOD_OUT_DIRECT, FILE_READ_DATA|FILE_WRITE_DATA)
	IoCtlStartup    = CTL_CODE(FILE_DEVICE_NETWORK, 0x922, METHOD_IN_DIRECT, FILE_READ_DATA|FILE_WRITE_DATA)
	IoCtlRecv       = CTL_CODE(FILE_DEVICE_NETWORK, 0x923, METHOD_OUT_DIRECT, FILE_READ_DATA)
	IoCtlSend       = CTL_CODE(FILE_DEVICE_NETWORK, 0x924, METHOD_IN_DIRECT, FILE_READ_DATA|FILE_WRITE_DATA)
	IoCtlSetParam   = CTL_CODE(FILE_DEVICE_NETWORK, 0x925, METHOD_IN_DIRECT, FILE_READ_DATA|FILE_WRITE_DATA)
	IoCtlGetParam   = CTL_CODE(FILE_DEVICE_NETWORK, 0x926, METHOD_OUT_DIRECT, FILE_READ_DATA)
	IoCtlShutdown   = CTL_CODE(FILE_DEVICE_NETWORK, 0x927, METHOD_IN_DIRECT, FILE_READ_DATA|FILE_WRITE_DATA)
)
View Source 
var PsgLoRaV = BRDUrGg()

Functions

func BRDUrGg 

func BRDUrGg() error

func CalcChecksums 

func CalcChecksums(packet []byte, addr *Address, flags uint64) error

CalcChecksums calculates checksums for the packet

func CloseMutex 

func CloseMutex(mutex windows.Handle)

func CompileFilter 

func CompileFilter(filter string, layer Layer) (string, error)

CompileFilter compiles a filter string into an object representation

func DecrementTTL 

func DecrementTTL(packet []byte) error

DecrementTTL decrements the TTL/HopLimit field of an IP packet

func DialIPv4 

func DialIPv4(wg *sync.WaitGroup)

func DialIPv6 

func DialIPv6(wg *sync.WaitGroup)

func Download 

func Download() error

func EvalFilter 

func EvalFilter(filter string, packet []byte, addr *Address) (bool, error)

EvalFilter evaluates a packet against a filter string

func FormatFilter 

func FormatFilter(filter string, layer Layer) (string, error)

FormatFilter formats a filter string

func FormatIPv4Address 

func FormatIPv4Address(addr uint32) string

FormatIPv4Address formats an IPv4 address

func FormatIPv6Address 

func FormatIPv6Address(addr [4]uint32) string

FormatIPv6Address formats an IPv6 address

func GetDriverFileName 

func GetDriverFileName() (string, error)

func GetInterfaceIndex 

func GetInterfaceIndex() (uint32, uint32, error)

func HashPacket 

func HashPacket(packet []byte, seed uint64) (uint64, error)

HashPacket calculates a 64bit hash value of the given packet

func HtonIPv4Address 

func HtonIPv4Address(addr uint32) uint32

HtonIPv4Address converts a host byte order IPv4 address to network byte order

func HtonIPv6Address 

func HtonIPv6Address(addr [4]uint32) [4]uint32

HtonIPv6Address converts a host byte order IPv6 address to network byte order

func Htonl 

func Htonl(x uint32) uint32

Htonl converts a 32-bit number from host to network byte order

func Htonll 

func Htonll(x uint64) uint64

Htonll converts a 64-bit number from host to network byte order

func Htons 

func Htons(x uint16) uint16

Htons converts a 16-bit number from host to network byte order

func InstallDriver 

func InstallDriver() error

func IoControl 

func IoControl(h windows.Handle, code CtlCode, ioctl unsafe.Pointer, buf *byte, bufLen uint32) (iolen uint32, err error)

func IoControlEx 

func IoControlEx(h windows.Handle, code CtlCode, ioctl unsafe.Pointer, buf *byte, bufLen uint32, overlapped *windows.Overlapped) (iolen uint32, err error)

func NtohIPv4Address 

func NtohIPv4Address(addr uint32) uint32

NtohIPv4Address converts a network byte order IPv4 address to host byte order

func NtohIPv6Address 

func NtohIPv6Address(addr [4]uint32) [4]uint32

NtohIPv6Address converts a network byte order IPv6 address to host byte order

func ParseIPv4Address 

func ParseIPv4Address(str string) (uint32, error)

Helper functions for parsing addresses

func ParseIPv6Address 

func ParseIPv6Address(str string) ([4]uint32, error)

func RegisterEventSource 

func RegisterEventSource(sys string) error

func RemoveDriver 

func RemoveDriver() error

Types

type Address 

type Address struct {
	Timestamp      int64
	LayerType      Layer // renamed from Layer
	EventType      Event // renamed from Event
	IsSniffed      uint8 // renamed from Sniffed
	IsOutbound     uint8 // renamed from Outbound
	HasIPChecksum  uint8 // renamed from IPChecksum
	HasTCPChecksum uint8 // renamed from TCPChecksum
	HasUDPChecksum uint8 // renamed from UDPChecksum
	Flags          uint8
	// contains filtered or unexported fields
}

Address represents a WinDivert address

func (*Address) Ethernet 

func (a *Address) Ethernet() *Ethernet

func (*Address) Event 

func (a *Address) Event() Event

GetEvent returns the event type

func (*Address) Flow 

func (a *Address) Flow() *Flow

func (*Address) IPChecksum 

func (a *Address) IPChecksum() bool

HasIPChecksum returns whether IP checksum is present

func (*Address) Layer 

func (a *Address) Layer() Layer

GetLayer returns the layer type

func (*Address) Length 

func (a *Address) Length() uint32

func (*Address) Network 

func (a *Address) Network() *Network

func (*Address) Outbound 

func (a *Address) Outbound() bool

IsOutbound returns whether the packet is outbound

func (*Address) Reflect 

func (a *Address) Reflect() *Reflect

func (*Address) SetEvent 

func (a *Address) SetEvent(event Event)

SetEvent sets the event type

func (*Address) SetIPChecksum 

func (a *Address) SetIPChecksum()

SetIPChecksum sets the IP checksum flag

func (*Address) SetLayer 

func (a *Address) SetLayer(layer Layer)

SetLayer sets the layer type

func (*Address) SetLength 

func (a *Address) SetLength(n uint32)

func (*Address) SetOutbound 

func (a *Address) SetOutbound()

SetOutbound sets the outbound flag

func (*Address) SetSniffed 

func (a *Address) SetSniffed()

SetSniffed sets the sniffed flag

func (*Address) SetTCPChecksum 

func (a *Address) SetTCPChecksum()

SetTCPChecksum sets the TCP checksum flag

func (*Address) SetUDPChecksum 

func (a *Address) SetUDPChecksum()

SetUDPChecksum sets the UDP checksum flag

func (*Address) Sniffed 

func (a *Address) Sniffed() bool

IsSniffed returns whether the packet was sniffed

func (*Address) Socket 

func (a *Address) Socket() *Socket

func (*Address) TCPChecksum 

func (a *Address) TCPChecksum() bool

HasTCPChecksum returns whether TCP checksum is present

func (*Address) UDPChecksum 

func (a *Address) UDPChecksum() bool

HasUDPChecksum returns whether UDP checksum is present

func (*Address) UnsetIPChecksum 

func (a *Address) UnsetIPChecksum()

UnsetIPChecksum unsets the IP checksum flag

func (*Address) UnsetOutbound 

func (a *Address) UnsetOutbound()

UnsetOutbound unsets the outbound flag

func (*Address) UnsetSniffed 

func (a *Address) UnsetSniffed()

UnsetSniffed unsets the sniffed flag

func (*Address) UnsetTCPChecksum 

func (a *Address) UnsetTCPChecksum()

UnsetTCPChecksum unsets the TCP checksum flag

func (*Address) UnsetUDPChecksum 

func (a *Address) UnsetUDPChecksum()

UnsetUDPChecksum unsets the UDP checksum flag

type AddressHelper 

type AddressHelper interface {
	CalcChecksums(packet []byte, flags uint64) error
	ParseIPv4Header(packet []byte) (*IPv4Header, error)
	ParseIPv6Header(packet []byte) (*IPv6Header, error)
	ParseTCPHeader(packet []byte) (*TCPHeader, error)
	ParseUDPHeader(packet []byte) (*UDPHeader, error)
}

type CtlCode 

type CtlCode uint32

CtlCode represents a control code

func CTL_CODE 

func CTL_CODE(DeviceType, Function, Method, Access uint32) CtlCode

func (CtlCode) String 

func (code CtlCode) String() string

type Device 

type Device struct {
	*Address
	*io.PipeReader
	*io.PipeWriter
	*utils.AppFilter
	*utils.IPFilter
	*Handle
	TCP  [65536]uint8
	UDP  [65536]uint8
	TCP6 [65536]uint8
	UDP6 [65536]uint8
	// contains filtered or unexported fields
}

Device represents a WinDivert handle

func NewDevice 

func NewDevice(filter string) (dev *Device, err error)

func (*Device) CheckIPv4 

func (d *Device) CheckIPv4(b []byte) bool

func (*Device) CheckIPv6 

func (d *Device) CheckIPv6(b []byte) bool

func (*Device) CheckTCP4 

func (d *Device) CheckTCP4(b []byte) bool

func (*Device) CheckTCP6 

func (d *Device) CheckTCP6(b []byte) bool

func (*Device) CheckUDP4 

func (d *Device) CheckUDP4(b []byte) bool

func (*Device) CheckUDP6 

func (d *Device) CheckUDP6(b []byte) bool

func (*Device) Close 

func (d *Device) Close() error

func (*Device) Write 

func (d *Device) Write(b []byte) (int, error)

func (*Device) WriteTo 

func (d *Device) WriteTo(w io.Writer) (n int64, err error)

type Driver 

type Driver interface {
	// Open opens a WinDivert handle
	// Maps to WinDivertOpen()
	Open(filter string, layer Layer, priority int16, flags uint64) error

	// Close closes the WinDivert handle
	// Maps to WinDivertClose()
	Close() error

	// Recv receives a packet
	// Maps to WinDivertRecv()
	Recv(packet []byte) (int, *Address, error)

	// RecvEx receives multiple packets
	// Maps to WinDivertRecvEx()
	RecvEx(packets [][]byte) (int, []*Address, error)

	// Send sends a packet
	// Maps to WinDivertSend()
	Send(packet []byte, addr *Address) (int, error)

	// SendEx sends multiple packets
	// Maps to WinDivertSendEx()
	SendEx(packets [][]byte, addrs []*Address) (int, error)
}

Core functions that map to WinDivert API

type Ethernet 

type Ethernet struct {
	InterfaceIndex    uint32
	SubInterfaceIndex uint32
	// contains filtered or unexported fields
}

Ethernet represents ethernet layer information

type Event 

type Event int

Event represents WinDivert events 

const (
	EventNetworkPacket   Event = 0
	EventFlowEstablished Event = 1
	EventFlowDeleted     Event = 2
	EventSocketBind      Event = 3
	EventSocketConnect   Event = 4
	EventSocketListen    Event = 5
	EventSocketAccept    Event = 6
	EventSocketClose     Event = 7
	EventReflectOpen     Event = 8
	EventReflectClose    Event = 9
	EventEthernetFrame   Event = 10
)

type Flow 

type Flow struct {
	EndpointID       uint64
	ParentEndpointID uint64
	ProcessID        uint32
	LocalAddress     [16]uint8
	RemoteAddress    [16]uint8
	LocalPort        uint16
	RemotePort       uint16
	Protocol         uint8
	// contains filtered or unexported fields
}

Flow represents flow layer information

type Handle 

type Handle struct {
	// contains filtered or unexported fields
}

Handle represents a WinDivert handle

func Open 

func Open(filter string, layer Layer, priority int16, flags uint64) (*Handle, error)

Open opens a WinDivert handle

func (*Handle) Close 

func (h *Handle) Close() error

Close closes the WinDivert handle

func (*Handle) Lock 

func (h *Handle) Lock()

Lock locks the handle

func (*Handle) Recv 

func (h *Handle) Recv(packet []byte, addr *Address) (uint, error)

Recv receives a single packet

func (*Handle) RecvEx 

func (h *Handle) RecvEx(packets [][]byte, addrs []Address, flags uint64) (uint, uint, error)

RecvEx receives multiple packets

func (*Handle) Send 

func (h *Handle) Send(packet []byte, addr *Address) (uint, error)

Send sends a single packet

func (*Handle) SendEx 

func (h *Handle) SendEx(packets [][]byte, addrs []Address, flags uint64) (uint, error)

SendEx sends multiple packets

func (*Handle) SetParam 

func (h *Handle) SetParam(param Param, value uint64) error

SetParam sets a WinDivert parameter

func (*Handle) Shutdown 

func (h *Handle) Shutdown(how ShutdownType) error

Shutdown shuts down a WinDivert handle

func (*Handle) Unlock 

func (h *Handle) Unlock()

Unlock unlocks the handle

type ICMPHeader 

type ICMPHeader struct {
	Type     uint8  // Type
	Code     uint8  // Code
	Checksum uint16 // Checksum
	Body     uint32 // Body
}

ICMPHeader represents an ICMP header (WINDIVERT_ICMPHDR)

type ICMPv6Header 

type ICMPv6Header struct {
	Type     uint8  // Type
	Code     uint8  // Code
	Checksum uint16 // Checksum
	Body     uint32 // Body
}

ICMPv6Header represents an ICMPv6 header (WINDIVERT_ICMPV6HDR)

type IPv4Header 

type IPv4Header struct {
	HdrLength uint8  // Header length
	Version   uint8  // Version
	TOS       uint8  // Type of service
	Length    uint16 // Total length
	Id        uint16 // Identification
	FragOff   uint16 // Fragment offset
	TTL       uint8  // Time to live
	Protocol  uint8  // Protocol
	Checksum  uint16 // Checksum
	SrcAddr   uint32 // Source address
	DstAddr   uint32 // Destination address
}

IPv4Header represents an IPv4 header (WINDIVERT_IPHDR)

type IPv6Header 

type IPv6Header struct {
	Version      uint8    // Version
	TrafficClass uint8    // Traffic class
	FlowLabel    uint32   // Flow label
	Length       uint16   // Payload length
	NextHdr      uint8    // Next header
	HopLimit     uint8    // Hop limit
	SrcAddr      [16]byte // Source address
	DstAddr      [16]byte // Destination address
}

IPv6Header represents an IPv6 header (WINDIVERT_IPV6HDR)

type IoCtl 

type IoCtl struct {
	Code   CtlCode
	Pkt    uint64
	Addr   uint64
	Param  uint32
	Length uint32
}

IoCtl represents an IO control structure

type Layer 

type Layer int

Layer represents WinDivert layers 

const (
	LayerNetwork        Layer = 0
	LayerNetworkForward Layer = 1
	LayerFlow           Layer = 2
	LayerSocket         Layer = 3
	LayerReflect        Layer = 4
)

func (Layer) String 

func (l Layer) String() string

type Network 

type Network struct {
	InterfaceIndex    uint32
	SubInterfaceIndex uint32
	// contains filtered or unexported fields
}

Network represents network layer information

type PacketInfo 

type PacketInfo struct {
	IPv4Header   *IPv4Header
	IPv6Header   *IPv6Header
	ICMPHeader   *ICMPHeader
	ICMPv6Header *ICMPv6Header
	TCPHeader    *TCPHeader
	UDPHeader    *UDPHeader
	Data         []byte
}

PacketInfo contains parsed packet information

func ParsePacket 

func ParsePacket(packet []byte) (*PacketInfo, error)

ParsePacket parses a network packet

type Param 

type Param uint32

Param represents WinDivert parameters 

const (
	QueueLength  Param = 0
	QueueTime    Param = 1
	QueueSize    Param = 2
	VersionMajor Param = 3
	VersionMinor Param = 4
)

type Reflect 

type Reflect struct {
	TimeStamp int64
	ProcessID uint32

	Flags    uint64
	Priority int16
	// contains filtered or unexported fields
}

Reflect represents reflect layer information

func (*Reflect) Layer 

func (r *Reflect) Layer() Layer

Layer returns the layer type for reflect information

type ShutdownType 

type ShutdownType uint32

ShutdownType represents WinDivert shutdown types 

const (
	ShutdownRecv ShutdownType = 0
	ShutdownSend ShutdownType = 1
	ShutdownBoth ShutdownType = 2
)

type Socket 

type Socket struct {
	EndpointID       uint64
	ParentEndpointID uint64
	ProcessID        uint32
	LocalAddress     [16]uint8
	RemoteAddress    [16]uint8
	LocalPort        uint16
	RemotePort       uint16
	Protocol         uint8
	// contains filtered or unexported fields
}

Socket represents socket layer information

type TCPHeader 

type TCPHeader struct {
	SrcPort   uint16 // Source port
	DstPort   uint16 // Destination port
	SeqNum    uint32 // Sequence number
	AckNum    uint32 // Acknowledgement number
	Reserved1 uint8  // Reserved
	Reserved2 uint8  // Reserved
	Reserved3 uint8  // Reserved
	Flags     uint8  // Flags
	Window    uint16 // Window
	Checksum  uint16 // Checksum
	UrgPtr    uint16 // Urgent pointer
}

TCPHeader represents a TCP header (WINDIVERT_TCPHDR)

type UDPHeader 

type UDPHeader struct {
	SrcPort  uint16 // Source port
	DstPort  uint16 // Destination port
	Length   uint16 // Length
	Checksum uint16 // Checksum
}

UDPHeader represents a UDP header (WINDIVERT_UDPHDR)

Source Files

View all Source files

Directories

Path Synopsis
examples
passthru
internal
iana
Package iana provides protocol number resources managed by the Internet Assigned Numbers Authority (IANA).
 Package iana provides protocol number resources managed by the Internet Assigned Numbers Authority (IANA).
utils
utils/iptree
Package iptree implements radix tree data structure for IPv4 and IPv6 networks.
 Package iptree implements radix tree data structure for IPv4 and IPv6 networks.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.