divert

package module
v0.0.0-...-63ae0dd Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 19, 2022 License: GPL-3.0 Imports: 12 Imported by: 1

README

divert-go

Go bindings of WinDivert. Forked of imgk/divert-go with some functionality added to Handle and removed optional builds.

Documentation

Rendered for windows/amd64

Index

Constants

View Source 
const (
	StatusOpen     = 1
	StatusShutdown = 2
	StatusClosed   = 3
	StatusEnded    = 4
)
View Source 
const (
	PacketBufferSize   = 1500
	PacketChanCapacity = 256
)
View Source 
const (
	FlagDefault   = 0x0000
	FlagSniff     = 0x0001
	FlagDrop      = 0x0002
	FlagRecvOnly  = 0x0004
	FlagSendOnly  = 0x0008
	FlagNoInstall = 0x0010
	FlagFragments = 0x0020
)
View Source 
const (
	PriorityDefault    = 0
	PriorityHighest    = 3000
	PriorityLowest     = -3000
	QueueLengthDefault = 4096
	QueueLengthMin     = 32
	QueueLengthMax     = 16384
	QueueTimeDefault   = 2000
	QueueTimeMin       = 100
	QueueTimeMax       = 16000
	QueueSizeDefault   = 4194304
	QueueSizeMin       = 65535
	QueueSizeMax       = 33554432
)
View Source 
const (
	METHOD_IN_DIRECT  = 1
	METHOD_OUT_DIRECT = 2
)
View Source 
const (
	FILE_READ_DATA  = 1
	FILE_WRITE_DATA = 2
)
View Source 
const (
	// The driver files WinDivert32.sys or WinDivert64.sys were not found
	ErrFileNotFound = Error(windows.ERROR_FILE_NOT_FOUND)

	// The calling application does not have Administrator privileges
	ErrAccessDenied = Error(windows.ERROR_ACCESS_DENIED)

	// This indicates an invalid packet filter string, layer, priority, or flags
	ErrInvalidParameter = Error(windows.ERROR_INVALID_PARAMETER)

	// The WinDivert32.sys or WinDivert64.sys driver does not have a valid digital signature (see the driver signing requirements above)
	ErrInvalidImageHash = Error(windows.ERROR_INVALID_IMAGE_HASH)

	// An incompatible version of the WinDivert driver is currently loaded
	ErrDriverFailedPriorUnload = Error(windows.ERROR_DRIVER_FAILED_PRIOR_UNLOAD)

	// The handle was opened with the WINDIVERT_FLAG_NO_INSTALL flag and the WinDivert driver is not already installed
	ErrServiceDoseNotExist = Error(windows.ERROR_SERVICE_DOES_NOT_EXIST)

	// This error occurs for various reasons, including: the WinDivert driver is blocked by security software; or you are using a virtualization environment that does not support drivers
	ErrDriverBlocked = Error(windows.ERROR_DRIVER_BLOCKED)

	// The captured packet is larger than the pPacket buffer
	ErrInsufficientBuffer = Error(windows.ERROR_INSUFFICIENT_BUFFER)

	// The handle has been shutdown using WinDivertShutdown() and the packet queue is empty
	ErrNoData = Error(windows.ERROR_NO_DATA)

	// The error code ERROR_IO_PENDING indicates that the overlapped operation has been successfully initiated and that completion will be indicated at a later time
	ErrIOPending = Error(windows.ERROR_IO_PENDING)

	// This error occurs when an impostor packet (with pAddr->Impostor set to 1) is injected and the ip.TTL or ipv6.HopLimit field goes to zero. This is a defense of "last resort" against infinite loops caused by impostor packets
	ErrHostUnreachable = Error(windows.ERROR_HOST_UNREACHABLE)

	// This error occurs when the Base Filtering Engine service has been disabled
	ErrNotRegistered = Error(windows.EPT_S_NOT_REGISTERED)

	// The I/O operation has been aborted because of either a thread exit or an application request
	ErrOperationAborted = Error(windows.ERROR_OPERATION_ABORTED)

	// The handle is invalid
	ErrInvalidHandle = Error(windows.ERROR_INVALID_HANDLE)
)
View Source 
const FILE_DEVICE_NETWORK = 0x00000012

Variables

This section is empty.

Functions

func CalcChecksums 

func CalcChecksums(buffer []byte, address *Address, flags uint64) bool

CalcChecksums is ...

func GetVersionInfo 

func GetVersionInfo() (ver string, err error)

GerVersionInfo is ...

Types

type Address 

type Address struct {
	Timestamp int64

	Flags uint8
	// contains filtered or unexported fields
}

Address is ...

func (*Address) Ethernet 

func (a *Address) Ethernet() *Ethernet

Ethernet is ...

func (*Address) Event 

func (a *Address) Event() Event

Event is ...

func (*Address) Flow 

func (a *Address) Flow() *Flow

Flow is ...

func (*Address) Layer 

func (a *Address) Layer() Layer

Layer is ...

func (*Address) Length 

func (a *Address) Length() uint32

Length is ...

func (*Address) Network 

func (a *Address) Network() *Network

Network is ...

func (*Address) Reflect 

func (a *Address) Reflect() *Reflect

Reflect is ...

func (*Address) SetEvent 

func (a *Address) SetEvent(event Event)

SetEvent is ...

func (*Address) SetLayer 

func (a *Address) SetLayer(layer Layer)

SetLayer is ...

func (*Address) SetLength 

func (a *Address) SetLength(n uint32)

SetLength is ...

func (*Address) Socket 

func (a *Address) Socket() *Socket

Socket is ...

type CtlCode 

type CtlCode uint32

func (CtlCode) String 

func (c CtlCode) String() string

type Error 

type Error windows.Errno

Error is ...

func (Error) Error 

func (e Error) Error() string

Error is ...

type Ethernet 

type Ethernet struct {
	InterfaceIndex    uint32
	SubInterfaceIndex uint32
	// contains filtered or unexported fields
}

Ethernet is ...

type Event 

type Event int
const (
	EventNetworkPacket   Event = 0
	EventFlowEstablished Event = 1
	EventFlowDeleted     Event = 2
	EventSocketBind      Event = 3
	EventSocketConnect   Event = 4
	EventSocketListen    Event = 5
	EventSocketAccept    Event = 6
	EventSocketClose     Event = 7
	EventReflectOpen     Event = 8
	EventReflectClose    Event = 9
)

func (Event) String 

func (e Event) String() string

type Flow 

type Flow struct {
	EndpointID       uint64
	ParentEndpointID uint64
	ProcessID        uint32
	LocalAddress     [16]uint8
	RemoteAddress    [16]uint8
	LocalPort        uint16
	RemotePort       uint16
	Protocol         uint8
	// contains filtered or unexported fields
}

Flow is ... The WINDIVERT_LAYER_FLOW layer captures information about network flow establishment/deletion events. Here, a flow represents either (1) a TCP connection, or (2) an implicit "flow" created by the first sent/received packet for non-TCP traffic, e.g., UDP. Old flows are deleted when the corresponding connection is closed (for TCP), or based on an activity timeout (non-TCP). Flow-related events can be captured, but not blocked nor injected. Process ID information is also available at this layer. Due to technical limitations, the WINDIVERT_LAYER_FLOW layer cannot capture flow events that occurred before the handle was opened.

type Handle 

type Handle struct {
	sync.Mutex
	windows.Handle

	Status uint16
	// contains filtered or unexported fields
}

Handle is ...

func Open 

func Open(filter string, layer Layer, priority int16, flags uint64) (h *Handle, err error)

Open is ...

func (*Handle) Close 

func (h *Handle) Close() error

Close is ...

func (*Handle) GetParam 

func (h *Handle) GetParam(p Param) (uint64, error)

GetParam is ...

func (*Handle) Packets 

func (h *Handle) Packets() (chan *Packet, error)

Packets is ...

func (*Handle) Recv 

func (h *Handle) Recv(buffer []byte, address *Address) (uint, error)

Recv is ...

func (*Handle) RecvEx 

func (h *Handle) RecvEx(buffer []byte, address []Address) (uint, uint, error)

RecvEx is ...

func (*Handle) Send 

func (h *Handle) Send(buffer []byte, address *Address) (uint, error)

Send is ...

func (*Handle) SendEx 

func (h *Handle) SendEx(buffer []byte, address []Address) (uint, error)

SendEx is ...

func (*Handle) SetParam 

func (h *Handle) SetParam(p Param, v uint64) error

SetParam is ...

func (*Handle) Shutdown 

func (h *Handle) Shutdown(how Shutdown) error

Shutdown is ...

func (*Handle) StopService 

func (h *Handle) StopService() (err error)

Stop Service is ...

type IoCtl 

type IoCtl struct {
	B1, B2, B3, B4 uint32
}

type Layer 

type Layer int
const (
	LayerNetwork        Layer = 0
	LayerNetworkForward Layer = 1
	LayerFlow           Layer = 2
	LayerSocket         Layer = 3
	LayerReflect        Layer = 4
)

func (Layer) String 

func (l Layer) String() string

type Network 

type Network struct {
	InterfaceIndex    uint32
	SubInterfaceIndex uint32
	// contains filtered or unexported fields
}

Network is ... The WINDIVERT_LAYER_NETWORK and WINDIVERT_LAYER_NETWORK_FORWARD layers allow the user application to capture/block/inject network packets passing to/from (and through) the local machine. Due to technical limitations, process ID information is not available at these layers.

type Packet 

type Packet struct {
	Raw   []byte
	Addr  *Address
	IpHdr header.IPHeader
}

func NewPacket 

func NewPacket(buff []byte, addr *Address) *Packet

func (*Packet) DstIP 

func (p *Packet) DstIP() net.IP

Shortcut for IpHdr.DstIP()

func (*Packet) SetDstIP 

func (p *Packet) SetDstIP(ip net.IP)

Shortcut for IpHdr.SetDstIP()

func (*Packet) SetSrcIP 

func (p *Packet) SetSrcIP(ip net.IP)

Shortcut for IpHdr.SetSrcIP()

func (*Packet) SrcIP 

func (p *Packet) SrcIP() net.IP

Shortcut for IpHdr.SrcIP()

func (*Packet) String 

func (p *Packet) String() string

type Param 

type Param int
const (
	QueueLength  Param = 0
	QueueTime    Param = 1
	QueueSize    Param = 2
	VersionMajor Param = 3
	VersionMinor Param = 4
)

func (Param) String 

func (p Param) String() string

type Reflect 

type Reflect struct {
	TimeStamp int64
	ProcessID uint32

	Flags    uint64
	Priority int16
	// contains filtered or unexported fields
}

Reflect is ... Finally, the WINDIVERT_LAYER_REFLECT layer can capture events relating to WinDivert itself, such as when another process opens a new WinDivert handle, or closes an old WinDivert handle. WinDivert events can be captured but not injected nor blocked. Process ID information (of the process responsible for opening the WinDivert handle) is available at this layer. This layer also returns data in the form of an "object" representation of the filter string used to open the handle. The object representation can be converted back into a human-readable filter string using the WinDivertHelperFormatFilter() function. This layer can also capture events that occurred before the handle was opened. This layer cannot capture events related to other WINDIVERT_LAYER_REFLECT-layer handles.

func (*Reflect) Layer 

func (r *Reflect) Layer() Layer

Layer is ...

type Shutdown 

type Shutdown int
const (
	ShutdownRecv Shutdown = 0
	ShutdownSend Shutdown = 1
	ShutdownBoth Shutdown = 2
)

func (Shutdown) String 

func (s Shutdown) String() string

type Socket 

type Socket struct {
	EndpointID       uint64
	ParentEndpointID uint64
	ProcessID        uint32
	LocalAddress     [16]uint8
	RemoteAddress    [16]uint8
	LocalPort        uint16
	RemotePort       uint16
	Protocol         uint8
	// contains filtered or unexported fields
}

Socket is ... The WINDIVERT_LAYER_SOCKET layer can capture or block events corresponding to socket operations, such as bind(), connect(), listen(), etc., or the termination of socket operations, such as a TCP socket disconnection. Unlike the flow layer, most socket-related events can be blocked. However, it is not possible to inject new or modified socket events. Process ID information (of the process responsible for the socket operation) is available at this layer. Due to technical limitations, this layer cannot capture events that occurred before the handle was opened.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.