windowskext

package
v1.6.10 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 15, 2024 License: GPL-3.0 Imports: 15 Imported by: 0

Documentation

Rendered for windows/amd64

Overview

Package windowskext provides network interception capabilities on windows via the Portmaster Kernel Extension.

Index

Constants

View Source
const (
	// VerdictRequestFlagFastTrackPermitted is set on packets that have been
	// already permitted by the kernel extension and the verdict request is only
	// informational.
	VerdictRequestFlagFastTrackPermitted = 1

	// VerdictRequestFlagSocketAuth indicates that the verdict request is for a
	// connection that was intercepted on an ALE layer instead of in the network
	// stack itself. Thus, no packet data is available.
	VerdictRequestFlagSocketAuth = 2

	// VerdictRequestFlagExpectSocketAuth indicates that the next verdict
	// requests is expected to be an informational socket auth request from
	// the ALE layer.
	VerdictRequestFlagExpectSocketAuth = 4
)
View Source
const (
	METHOD_BUFFERED   = 0
	METHOD_IN_DIRECT  = 1
	METHOD_OUT_DIRECT = 2
	METHOD_NEITHER    = 3

	SIOCTL_TYPE = 40000
)

Variables

View Source
var (
	ErrKextNotReady = errors.New("the windows kernel extension (driver) is not ready to accept commands")
	ErrNoPacketID   = errors.New("the packet has no ID, possibly because it was fast-tracked by the kernel extension")
)

Package errors

View Source
var (
	IOCTL_VERSION              = ctlCode(SIOCTL_TYPE, 0x800, METHOD_BUFFERED, windows.FILE_READ_DATA|windows.FILE_WRITE_DATA)
	IOCTL_SHUTDOWN_REQUEST     = ctlCode(SIOCTL_TYPE, 0x801, METHOD_BUFFERED, windows.FILE_READ_DATA|windows.FILE_WRITE_DATA)
	IOCTL_RECV_VERDICT_REQ     = ctlCode(SIOCTL_TYPE, 0x802, METHOD_BUFFERED, windows.FILE_READ_DATA|windows.FILE_WRITE_DATA)
	IOCTL_SET_VERDICT          = ctlCode(SIOCTL_TYPE, 0x803, METHOD_BUFFERED, windows.FILE_READ_DATA|windows.FILE_WRITE_DATA)
	IOCTL_GET_PAYLOAD          = ctlCode(SIOCTL_TYPE, 0x804, METHOD_BUFFERED, windows.FILE_READ_DATA|windows.FILE_WRITE_DATA)
	IOCTL_CLEAR_CACHE          = ctlCode(SIOCTL_TYPE, 0x805, METHOD_BUFFERED, windows.FILE_READ_DATA|windows.FILE_WRITE_DATA)
	IOCTL_UPDATE_VERDICT       = ctlCode(SIOCTL_TYPE, 0x806, METHOD_BUFFERED, windows.FILE_READ_DATA|windows.FILE_WRITE_DATA)
	IOCTL_GET_CONNECTIONS_STAT = ctlCode(SIOCTL_TYPE, 0x807, METHOD_BUFFERED, windows.FILE_READ_DATA|windows.FILE_WRITE_DATA)
)

Functions

func BandwidthStatsWorker

func BandwidthStatsWorker(ctx context.Context, collectInterval time.Duration, bandwidthUpdates chan *packet.BandwidthUpdate) error

func ClearCache

func ClearCache() error

func GetPayload

func GetPayload(packetID uint32, packetSize uint32) ([]byte, error)

GetPayload returns the payload of a packet.

func Handler

func Handler(ctx context.Context, packets chan packet.Packet)

Handler transforms received packets to the Packet interface.

func Init

func Init(path string) error

Init initializes the DLL and the Kext (Kernel Driver).

func SetVerdict

func SetVerdict(pkt *Packet, verdict network.Verdict) error

SetVerdict sets the verdict for a packet and/or connection.

func Start

func Start() error

Start intercepting.

func StartBandwithConsoleLogger

func StartBandwithConsoleLogger()

func Stop

func Stop() error

Stop intercepting.

func UpdateVerdict

func UpdateVerdict(conn *network.Connection) error

Types

type ConnectionStat

type ConnectionStat struct {
	// contains filtered or unexported fields
}

func GetConnectionsStats

func GetConnectionsStats() ([]ConnectionStat, error)

type KextService

type KextService struct {
	// contains filtered or unexported fields
}

type Key

type Key struct {
	// contains filtered or unexported fields
}

type Packet

type Packet struct {
	packet.Base
	// contains filtered or unexported fields
}

Packet represents an IP packet.

func (*Packet) Accept

func (pkt *Packet) Accept() error

Accept accepts the packet.

func (*Packet) Block

func (pkt *Packet) Block() error

Block blocks the packet.

func (*Packet) Drop

func (pkt *Packet) Drop() error

Drop drops the packet.

func (*Packet) ExpectInfo

func (pkt *Packet) ExpectInfo() bool

ExpectInfo returns whether the next packet is expected to be informational only.

func (*Packet) FastTrackedByIntegration

func (pkt *Packet) FastTrackedByIntegration() bool

FastTrackedByIntegration returns whether the packet has been fast-track accepted by the OS integration.

func (*Packet) InfoOnly

func (pkt *Packet) InfoOnly() bool

InfoOnly returns whether the packet is informational only and does not represent an actual packet.

func (*Packet) LoadPacketData

func (pkt *Packet) LoadPacketData() error

GetPayload returns the full raw packet.

func (*Packet) PermanentAccept

func (pkt *Packet) PermanentAccept() error

PermanentAccept permanently accepts connection (and the current packet).

func (*Packet) PermanentBlock

func (pkt *Packet) PermanentBlock() error

PermanentBlock permanently blocks connection (and the current packet).

func (*Packet) PermanentDrop

func (pkt *Packet) PermanentDrop() error

PermanentDrop permanently drops connection (and the current packet).

func (*Packet) RerouteToNameserver

func (pkt *Packet) RerouteToNameserver() error

RerouteToNameserver permanently reroutes the connection to the local nameserver (and the current packet).

func (*Packet) RerouteToTunnel

func (pkt *Packet) RerouteToTunnel() error

RerouteToTunnel permanently reroutes the connection to the local tunnel entrypoint (and the current packet).

type Rxtxdata

type Rxtxdata struct {
	// contains filtered or unexported fields
}

type VerdictInfo

type VerdictInfo struct {
	// contains filtered or unexported fields
}

Do not change the order of the members! The structure is used to communicate with the kernel extension.

type VerdictRequest

type VerdictRequest struct {
	// contains filtered or unexported fields
}

Do not change the order of the members! The structure is used to communicate with the kernel extension. VerdictRequest is the request structure from the Kext.

func RecvVerdictRequest

func RecvVerdictRequest() (*VerdictRequest, error)

RecvVerdictRequest waits for the next verdict request from the kext. If a timeout is reached, both *VerdictRequest and error will be nil.

type VerdictUpdateInfo

type VerdictUpdateInfo struct {
	// contains filtered or unexported fields
}

Do not change the order of the members! The structure to communicate with the kernel extension.

type VersionInfo

type VersionInfo struct {
	// contains filtered or unexported fields
}

func GetVersion

func GetVersion() (*VersionInfo, error)

func (*VersionInfo) String

func (v *VersionInfo) String() string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL