windowskext

package
v1.4.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 18, 2023 License: AGPL-3.0 Imports: 15 Imported by: 0

Documentation

Rendered for windows/amd64

Overview

Package windowskext provides network interception capabilities on windows via the Portmaster Kernel Extension.

Index

Constants

View Source
const (
	// VerdictRequestFlagFastTrackPermitted is set on packets that have been
	// already permitted by the kernel extension and the verdict request is only
	// informational.
	VerdictRequestFlagFastTrackPermitted = 1

	// VerdictRequestFlagSocketAuth indicates that the verdict request is for a
	// connection that was intercepted on an ALE layer instead of in the network
	// stack itself. Thus, no packet data is available.
	VerdictRequestFlagSocketAuth = 2

	// VerdictRequestFlagExpectSocketAuth indicates that the next verdict
	// requests is expected to be an informational socket auth request from
	// the ALE layer.
	VerdictRequestFlagExpectSocketAuth = 4
)
View Source
const (
	METHOD_BUFFERED   = 0
	METHOD_IN_DIRECT  = 1
	METHOD_OUT_DIRECT = 2
	METHOD_NEITHER    = 3

	SIOCTL_TYPE = 40000
)

Variables

View Source
var (
	ErrKextNotReady = errors.New("the windows kernel extension (driver) is not ready to accept commands")
	ErrNoPacketID   = errors.New("the packet has no ID, possibly because it was fast-tracked by the kernel extension")
)

Package errors

View Source
var (
	IOCTL_VERSION              = ctlCode(SIOCTL_TYPE, 0x800, METHOD_BUFFERED, windows.FILE_READ_DATA|windows.FILE_WRITE_DATA)
	IOCTL_SHUTDOWN_REQUEST     = ctlCode(SIOCTL_TYPE, 0x801, METHOD_BUFFERED, windows.FILE_READ_DATA|windows.FILE_WRITE_DATA)
	IOCTL_RECV_VERDICT_REQ     = ctlCode(SIOCTL_TYPE, 0x802, METHOD_BUFFERED, windows.FILE_READ_DATA|windows.FILE_WRITE_DATA)
	IOCTL_SET_VERDICT          = ctlCode(SIOCTL_TYPE, 0x803, METHOD_BUFFERED, windows.FILE_READ_DATA|windows.FILE_WRITE_DATA)
	IOCTL_GET_PAYLOAD          = ctlCode(SIOCTL_TYPE, 0x804, METHOD_BUFFERED, windows.FILE_READ_DATA|windows.FILE_WRITE_DATA)
	IOCTL_CLEAR_CACHE          = ctlCode(SIOCTL_TYPE, 0x805, METHOD_BUFFERED, windows.FILE_READ_DATA|windows.FILE_WRITE_DATA)
	IOCTL_UPDATE_VERDICT       = ctlCode(SIOCTL_TYPE, 0x806, METHOD_BUFFERED, windows.FILE_READ_DATA|windows.FILE_WRITE_DATA)
	IOCTL_GET_CONNECTIONS_STAT = ctlCode(SIOCTL_TYPE, 0x807, METHOD_BUFFERED, windows.FILE_READ_DATA|windows.FILE_WRITE_DATA)
)

Functions

func BandwidthStatsWorker added in v1.2.0

func BandwidthStatsWorker(ctx context.Context, collectInterval time.Duration, bandwidthUpdates chan *packet.BandwidthUpdate) error

func ClearCache added in v0.9.8

func ClearCache() error

func GetPayload

func GetPayload(packetID uint32, packetSize uint32) ([]byte, error)

GetPayload returns the payload of a packet.

func Handler

func Handler(ctx context.Context, packets chan packet.Packet)

Handler transforms received packets to the Packet interface.

func Init

func Init(path string) error

Init initializes the DLL and the Kext (Kernel Driver).

func SetVerdict

func SetVerdict(pkt *Packet, verdict network.Verdict) error

SetVerdict sets the verdict for a packet and/or connection.

func Start

func Start() error

Start intercepting.

func StartBandwithConsoleLogger added in v1.2.0

func StartBandwithConsoleLogger()

func Stop

func Stop() error

Stop intercepting.

func UpdateVerdict added in v1.0.1

func UpdateVerdict(conn *network.Connection) error

Types

type ConnectionStat added in v1.2.0

type ConnectionStat struct {
	// contains filtered or unexported fields
}

func GetConnectionsStats added in v1.2.0

func GetConnectionsStats() ([]ConnectionStat, error)

type KextService added in v1.0.1

type KextService struct {
	// contains filtered or unexported fields
}

type Key added in v1.2.0

type Key struct {
	// contains filtered or unexported fields
}

type Packet

type Packet struct {
	packet.Base
	// contains filtered or unexported fields
}

Packet represents an IP packet.

func (*Packet) Accept

func (pkt *Packet) Accept() error

Accept accepts the packet.

func (*Packet) Block

func (pkt *Packet) Block() error

Block blocks the packet.

func (*Packet) Drop

func (pkt *Packet) Drop() error

Drop drops the packet.

func (*Packet) ExpectInfo added in v1.2.0

func (pkt *Packet) ExpectInfo() bool

ExpectInfo returns whether the next packet is expected to be informational only.

func (*Packet) FastTrackedByIntegration added in v0.6.12

func (pkt *Packet) FastTrackedByIntegration() bool

FastTrackedByIntegration returns whether the packet has been fast-track accepted by the OS integration.

func (*Packet) InfoOnly added in v1.2.0

func (pkt *Packet) InfoOnly() bool

InfoOnly returns whether the packet is informational only and does not represent an actual packet.

func (*Packet) LoadPacketData added in v0.6.9

func (pkt *Packet) LoadPacketData() error

GetPayload returns the full raw packet.

func (*Packet) PermanentAccept

func (pkt *Packet) PermanentAccept() error

PermanentAccept permanently accepts connection (and the current packet).

func (*Packet) PermanentBlock

func (pkt *Packet) PermanentBlock() error

PermanentBlock permanently blocks connection (and the current packet).

func (*Packet) PermanentDrop

func (pkt *Packet) PermanentDrop() error

PermanentDrop permanently drops connection (and the current packet).

func (*Packet) RerouteToNameserver

func (pkt *Packet) RerouteToNameserver() error

RerouteToNameserver permanently reroutes the connection to the local nameserver (and the current packet).

func (*Packet) RerouteToTunnel

func (pkt *Packet) RerouteToTunnel() error

RerouteToTunnel permanently reroutes the connection to the local tunnel entrypoint (and the current packet).

type Rxtxdata added in v1.2.0

type Rxtxdata struct {
	// contains filtered or unexported fields
}

type VerdictInfo added in v1.0.1

type VerdictInfo struct {
	// contains filtered or unexported fields
}

Do not change the order of the members! The structure is used to communicate with the kernel extension.

type VerdictRequest

type VerdictRequest struct {
	// contains filtered or unexported fields
}

Do not change the order of the members! The structure is used to communicate with the kernel extension. VerdictRequest is the request structure from the Kext.

func RecvVerdictRequest

func RecvVerdictRequest() (*VerdictRequest, error)

RecvVerdictRequest waits for the next verdict request from the kext. If a timeout is reached, both *VerdictRequest and error will be nil.

type VerdictUpdateInfo added in v1.0.1

type VerdictUpdateInfo struct {
	// contains filtered or unexported fields
}

Do not change the order of the members! The structure to communicate with the kernel extension.

type VersionInfo added in v1.0.1

type VersionInfo struct {
	// contains filtered or unexported fields
}

func GetVersion added in v1.0.1

func GetVersion() (*VersionInfo, error)

func (*VersionInfo) String added in v1.0.1

func (v *VersionInfo) String() string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL