README
¶
divert-go
Go bindings of WinDivert. Forked of imgk/divert-go with some functionality added to Handle and removed optional builds.
Documentation
¶
Index ¶
- Constants
- func CalcChecksums(buffer []byte, address *Address, flags uint64) bool
- func GetVersionInfo() (ver string, err error)
- type Address
- func (a *Address) Ethernet() *Ethernet
- func (a *Address) Event() Event
- func (a *Address) Flow() *Flow
- func (a *Address) Layer() Layer
- func (a *Address) Length() uint32
- func (a *Address) Network() *Network
- func (a *Address) Reflect() *Reflect
- func (a *Address) SetEvent(event Event)
- func (a *Address) SetLayer(layer Layer)
- func (a *Address) SetLength(n uint32)
- func (a *Address) Socket() *Socket
- type CtlCode
- type Error
- type Ethernet
- type Event
- type Flow
- type Handle
- func (h *Handle) Close() error
- func (h *Handle) GetParam(p Param) (uint64, error)
- func (h *Handle) Packets() (chan *Packet, error)
- func (h *Handle) Recv(buffer []byte, address *Address) (uint, error)
- func (h *Handle) RecvEx(buffer []byte, address []Address) (uint, uint, error)
- func (h *Handle) Send(buffer []byte, address *Address) (uint, error)
- func (h *Handle) SendEx(buffer []byte, address []Address) (uint, error)
- func (h *Handle) SetParam(p Param, v uint64) error
- func (h *Handle) Shutdown(how Shutdown) error
- func (h *Handle) StopService() (err error)
- type IoCtl
- type Layer
- type Network
- type Packet
- type Param
- type Reflect
- type Shutdown
- type Socket
Constants ¶
const ( StatusOpen = 1 StatusShutdown = 2 StatusClosed = 3 StatusEnded = 4 )
const ( PacketBufferSize = 1500 PacketChanCapacity = 256 )
const ( FlagDefault = 0x0000 FlagSniff = 0x0001 FlagDrop = 0x0002 FlagRecvOnly = 0x0004 FlagSendOnly = 0x0008 FlagNoInstall = 0x0010 FlagFragments = 0x0020 )
const ( PriorityDefault = 0 PriorityHighest = 3000 PriorityLowest = -3000 QueueLengthDefault = 4096 QueueLengthMin = 32 QueueLengthMax = 16384 QueueTimeDefault = 2000 QueueTimeMin = 100 QueueTimeMax = 16000 QueueSizeDefault = 4194304 QueueSizeMin = 65535 QueueSizeMax = 33554432 )
const ( METHOD_IN_DIRECT = 1 METHOD_OUT_DIRECT = 2 )
const ( FILE_READ_DATA = 1 FILE_WRITE_DATA = 2 )
const ( // The driver files WinDivert32.sys or WinDivert64.sys were not found ErrFileNotFound = Error(windows.ERROR_FILE_NOT_FOUND) // The calling application does not have Administrator privileges ErrAccessDenied = Error(windows.ERROR_ACCESS_DENIED) // This indicates an invalid packet filter string, layer, priority, or flags ErrInvalidParameter = Error(windows.ERROR_INVALID_PARAMETER) // The WinDivert32.sys or WinDivert64.sys driver does not have a valid digital signature (see the driver signing requirements above) ErrInvalidImageHash = Error(windows.ERROR_INVALID_IMAGE_HASH) // An incompatible version of the WinDivert driver is currently loaded ErrDriverFailedPriorUnload = Error(windows.ERROR_DRIVER_FAILED_PRIOR_UNLOAD) // The handle was opened with the WINDIVERT_FLAG_NO_INSTALL flag and the WinDivert driver is not already installed ErrServiceDoseNotExist = Error(windows.ERROR_SERVICE_DOES_NOT_EXIST) // This error occurs for various reasons, including: the WinDivert driver is blocked by security software; or you are using a virtualization environment that does not support drivers ErrDriverBlocked = Error(windows.ERROR_DRIVER_BLOCKED) // The captured packet is larger than the pPacket buffer ErrInsufficientBuffer = Error(windows.ERROR_INSUFFICIENT_BUFFER) // The handle has been shutdown using WinDivertShutdown() and the packet queue is empty ErrNoData = Error(windows.ERROR_NO_DATA) // The error code ERROR_IO_PENDING indicates that the overlapped operation has been successfully initiated and that completion will be indicated at a later time ErrIOPending = Error(windows.ERROR_IO_PENDING) // This error occurs when an impostor packet (with pAddr->Impostor set to 1) is injected and the ip.TTL or ipv6.HopLimit field goes to zero. This is a defense of "last resort" against infinite loops caused by impostor packets ErrHostUnreachable = Error(windows.ERROR_HOST_UNREACHABLE) // This error occurs when the Base Filtering Engine service has been disabled ErrNotRegistered = Error(windows.EPT_S_NOT_REGISTERED) // The I/O operation has been aborted because of either a thread exit or an application request ErrOperationAborted = Error(windows.ERROR_OPERATION_ABORTED) // The handle is invalid ErrInvalidHandle = Error(windows.ERROR_INVALID_HANDLE) )
const FILE_DEVICE_NETWORK = 0x00000012
Variables ¶
This section is empty.
Functions ¶
func CalcChecksums ¶
CalcChecksums is ...
Types ¶
type Ethernet ¶
type Ethernet struct {
InterfaceIndex uint32
SubInterfaceIndex uint32
// contains filtered or unexported fields
}
Ethernet is ...
type Flow ¶
type Flow struct {
EndpointID uint64
ParentEndpointID uint64
ProcessID uint32
LocalAddress [16]uint8
RemoteAddress [16]uint8
LocalPort uint16
RemotePort uint16
Protocol uint8
// contains filtered or unexported fields
}
Flow is ... The WINDIVERT_LAYER_FLOW layer captures information about network flow establishment/deletion events. Here, a flow represents either (1) a TCP connection, or (2) an implicit "flow" created by the first sent/received packet for non-TCP traffic, e.g., UDP. Old flows are deleted when the corresponding connection is closed (for TCP), or based on an activity timeout (non-TCP). Flow-related events can be captured, but not blocked nor injected. Process ID information is also available at this layer. Due to technical limitations, the WINDIVERT_LAYER_FLOW layer cannot capture flow events that occurred before the handle was opened.
type Handle ¶
type Handle struct {
sync.Mutex
windows.Handle
Status uint16
// contains filtered or unexported fields
}
Handle is ...
type Network ¶
type Network struct {
InterfaceIndex uint32
SubInterfaceIndex uint32
// contains filtered or unexported fields
}
Network is ... The WINDIVERT_LAYER_NETWORK and WINDIVERT_LAYER_NETWORK_FORWARD layers allow the user application to capture/block/inject network packets passing to/from (and through) the local machine. Due to technical limitations, process ID information is not available at these layers.
type Reflect ¶
type Reflect struct {
TimeStamp int64
ProcessID uint32
Flags uint64
Priority int16
// contains filtered or unexported fields
}
Reflect is ... Finally, the WINDIVERT_LAYER_REFLECT layer can capture events relating to WinDivert itself, such as when another process opens a new WinDivert handle, or closes an old WinDivert handle. WinDivert events can be captured but not injected nor blocked. Process ID information (of the process responsible for opening the WinDivert handle) is available at this layer. This layer also returns data in the form of an "object" representation of the filter string used to open the handle. The object representation can be converted back into a human-readable filter string using the WinDivertHelperFormatFilter() function. This layer can also capture events that occurred before the handle was opened. This layer cannot capture events related to other WINDIVERT_LAYER_REFLECT-layer handles.
type Socket ¶
type Socket struct {
EndpointID uint64
ParentEndpointID uint64
ProcessID uint32
LocalAddress [16]uint8
RemoteAddress [16]uint8
LocalPort uint16
RemotePort uint16
Protocol uint8
// contains filtered or unexported fields
}
Socket is ... The WINDIVERT_LAYER_SOCKET layer can capture or block events corresponding to socket operations, such as bind(), connect(), listen(), etc., or the termination of socket operations, such as a TCP socket disconnection. Unlike the flow layer, most socket-related events can be blocked. However, it is not possible to inject new or modified socket events. Process ID information (of the process responsible for the socket operation) is available at this layer. Due to technical limitations, this layer cannot capture events that occurred before the handle was opened.
Source Files
Directories