netlib

package

v0.0.0-...-feb5578 Latest Latest Go to latest Published: Nov 29, 2024 License: MIT Imports: 8 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/wiresock/ndisapi-go

Links

Open Source Insights

Documentation ¶

Rendered for windows/amd64

Index ¶

Constants
func CancelMibChangeNotify2(handle windows.Handle) error
func GetExtendedTcpTable(tcpTable uintptr, size *uint32, order bool, addressFamily uint32, ...) error
func GetOwnerModuleFromTcpEntry(tcpEntry uintptr, infoClass TCPIP_OWNER_MODULE_INFO_CLASS, buffer uintptr, ...) error
func NotifyIpInterfaceChange(callback IPInterfaceChangeCallback, callerContext uintptr, ...) (windows.Handle, error)
type IPInterfaceChangeCallback
type IPSession
- func NewIPSession(localAddr net.IP, remoteAddr net.IP, localPort uint16, remotePort uint16) IPSession
- func (s IPSession) Equal(other IPSession) bool
- func (s IPSession) Hash() (uint64, error)
type MIB_TCPROW_OWNER_MODULE
type MIB_TCPTABLE_OWNER_MODULE
type MibNotificationType
type NetworkProcess
- func NewNetworkProcess(id uint32, name, path string) *NetworkProcess
type PMIB_TCPROW_OWNER_MODULE
type PMIB_TCPTABLE_OWNER_MODULE
type ProcessLookup
- func NewProcessLookup() (*ProcessLookup, error)
- func (pl *ProcessLookup) Actualize(tcp, udp bool) error
- func (pl *ProcessLookup) LookupProcessForTcp(session IPSession) (*NetworkProcess, error)
- func (pl *ProcessLookup) ResolveProcessForTcp(ipHeader *A.IPHeader, tcpHeader *A.TCPHeader) (*NetworkProcess, error)
type TCPIP_OWNER_MODULE_BASIC_INFO
type TCPIP_OWNER_MODULE_INFO_CLASS
type TCP_CONNECTION_OFFLOAD_STATE
type TCP_TABLE_CLASS

Constants ¶

View Source

const (
	FILTER_PACKET_PASS     = 0x00000001 // Pass packet if it matches the filter
	FILTER_PACKET_DROP     = 0x00000002 // Drop packet if it matches the filter
	FILTER_PACKET_REDIRECT = 0x00000003 // Redirect packet to WinpkFilter client application
	FILTER_PACKET_PASS_RDR = 0x00000004 // Redirect packet to WinpkFilter client application and pass over network (listen mode)
	FILTER_PACKET_DROP_RDR = 0x00000005 // Redirect packet to WinpkFilter client application and drop it, e.g. log but remove from the flow (listen mode)

	DATA_LINK_LAYER_VALID = 0x00000001 // Match packet against data link layer filter
	NETWORK_LAYER_VALID   = 0x00000002 // Match packet against network layer filter
	TRANSPORT_LAYER_VALID = 0x00000004 // Match packet against transport layer filter

	TCPUDP = 0x00000001
	ICMP   = 0x00000002

	IPV4 = 0x00000001
	IPV6 = 0x00000002

	ICMP_TYPE = 0x00000001
	ICMP_CODE = 0x00000002

	ETH_802_3 = 0x00000001

	ETH_802_3_SRC_ADDRESS  = 0x00000001
	ETH_802_3_DEST_ADDRESS = 0x00000002
	ETH_802_3_PROTOCOL     = 0x00000004

	IP_V4_FILTER_SRC_ADDRESS  = 0x00000001
	IP_V4_FILTER_DEST_ADDRESS = 0x00000002
	IP_V4_FILTER_PROTOCOL     = 0x00000004

	IP_V6_FILTER_SRC_ADDRESS  = 0x00000001
	IP_V6_FILTER_DEST_ADDRESS = 0x00000002
	IP_V6_FILTER_PROTOCOL     = 0x00000004

	TCPUDP_SRC_PORT  = 0x00000001
	TCPUDP_DEST_PORT = 0x00000002
	TCPUDP_TCP_FLAGS = 0x00000004

	TH_FIN = 0x01
	TH_SYN = 0x02
	TH_RST = 0x04
	TH_PSH = 0x08
	TH_ACK = 0x10
	TH_URG = 0x20
)

View Source

const ANY_SIZE = 1

View Source

const TCPIP_OWNING_MODULE_SIZE = 16

Variables ¶

This section is empty.

Functions ¶

func CancelMibChangeNotify2 ¶

func CancelMibChangeNotify2(handle windows.Handle) error

CancelMibChangeNotify2 cancels the network interface change notifications.

func GetExtendedTcpTable ¶

func GetExtendedTcpTable(tcpTable uintptr, size *uint32, order bool, addressFamily uint32, tableClass TCP_TABLE_CLASS, reserved uint32) error

func GetOwnerModuleFromTcpEntry ¶

func GetOwnerModuleFromTcpEntry(tcpEntry uintptr, infoClass TCPIP_OWNER_MODULE_INFO_CLASS, buffer uintptr, bufferSize *uint32) error

func NotifyIpInterfaceChange ¶

func NotifyIpInterfaceChange(callback IPInterfaceChangeCallback, callerContext uintptr, initialNotification bool) (windows.Handle, error)

NotifyIpInterfaceChange registers for network interface change notifications.

Types ¶

type IPInterfaceChangeCallback ¶

type IPInterfaceChangeCallback func(callerContext uintptr, row *windows.MibIpInterfaceRow, notificationType MibNotificationType) uintptr

type IPSession ¶

type IPSession struct {
	LocalAddr  net.IP
	LocalPort  uint16
	RemoteAddr net.IP
	RemotePort uint16
}

IPSession represents an IPv4 TCP/UDP session.

func NewIPSession ¶

func NewIPSession(localAddr net.IP, remoteAddr net.IP, localPort uint16, remotePort uint16) IPSession

NewIPSession constructs an object from provided local and remote IP addresses and ports.

func (IPSession) Equal ¶

func (s IPSession) Equal(other IPSession) bool

Equal checks if two IPSession objects are equal.

func (IPSession) Hash ¶

func (s IPSession) Hash() (uint64, error)

Hash generates a hash for the IPSession object.

type MIB_TCPROW_OWNER_MODULE ¶

type MIB_TCPROW_OWNER_MODULE struct {
	DwState           uint32
	DwLocalAddr       uint32
	DwLocalPort       uint32
	DwRemoteAddr      uint32
	DwRemotePort      uint32
	DwOwningPid       uint32
	LiCreateTimestamp uint64
	OwningModuleInfo  [TCPIP_OWNING_MODULE_SIZE]uint64
}

type MIB_TCPTABLE_OWNER_MODULE ¶

type MIB_TCPTABLE_OWNER_MODULE struct {
	DwNumEntries uint32
	Table        [ANY_SIZE]MIB_TCPROW_OWNER_MODULE
}

type MibNotificationType ¶

type MibNotificationType uint32

const (
	MibAddInstance         MibNotificationType = 0
	MibDeleteInstance      MibNotificationType = 1
	MibInitialNotification MibNotificationType = 2
)

type NetworkProcess ¶

type NetworkProcess struct {
	ID       uint32
	Name     string
	PathName string
}

NetworkProcess represents a networking application.

func NewNetworkProcess ¶

func NewNetworkProcess(id uint32, name, path string) *NetworkProcess

NewNetworkProcess constructs an object instance from provided process ID, name, and path.

type PMIB_TCPROW_OWNER_MODULE ¶

type PMIB_TCPROW_OWNER_MODULE *MIB_TCPROW_OWNER_MODULE

type PMIB_TCPTABLE_OWNER_MODULE ¶

type PMIB_TCPTABLE_OWNER_MODULE *MIB_TCPTABLE_OWNER_MODULE

type ProcessLookup ¶

type ProcessLookup struct {
	// contains filtered or unexported fields
}

ProcessLookup utilizes IP Helper API to match TCP network packets to local processes.

func NewProcessLookup ¶

func NewProcessLookup() (*ProcessLookup, error)

NewProcessLookup initializes the current state of TCP connections.

func (*ProcessLookup) Actualize ¶

func (pl *ProcessLookup) Actualize(tcp, udp bool) error

Actualize updates the TCP hash table.

func (*ProcessLookup) LookupProcessForTcp ¶

func (pl *ProcessLookup) LookupProcessForTcp(session IPSession) (*NetworkProcess, error)

LookupProcessForTcp searches for a process by provided TCP session information.

func (*ProcessLookup) ResolveProcessForTcp ¶

func (pl *ProcessLookup) ResolveProcessForTcp(ipHeader *A.IPHeader, tcpHeader *A.TCPHeader) (*NetworkProcess, error)

ResolveProcessForTcp resolves the process for a given TCP session.

type TCPIP_OWNER_MODULE_BASIC_INFO ¶

type TCPIP_OWNER_MODULE_BASIC_INFO struct {
	ModuleName *uint16
	ModulePath *uint16
}

type TCPIP_OWNER_MODULE_INFO_CLASS ¶

type TCPIP_OWNER_MODULE_INFO_CLASS int32

const (
	TCPIP_OWNER_MODULE_INFO_BASIC TCPIP_OWNER_MODULE_INFO_CLASS = iota
)

type TCP_CONNECTION_OFFLOAD_STATE ¶

type TCP_CONNECTION_OFFLOAD_STATE int32

const (
	TcpConnectionOffloadStateInHost TCP_CONNECTION_OFFLOAD_STATE = iota
	TcpConnectionOffloadStateOffloading
	TcpConnectionOffloadStateOffloaded
	TcpConnectionOffloadStateUploading
	TcpConnectionOffloadStateMax
)

type TCP_TABLE_CLASS ¶

type TCP_TABLE_CLASS int32

const (
	TCP_TABLE_BASIC_LISTENER TCP_TABLE_CLASS = iota
	TCP_TABLE_BASIC_CONNECTIONS
	TCP_TABLE_BASIC_ALL
	TCP_TABLE_OWNER_PID_LISTENER
	TCP_TABLE_OWNER_PID_CONNECTIONS
	TCP_TABLE_OWNER_PID_ALL
	TCP_TABLE_OWNER_MODULE_LISTENER
	TCP_TABLE_OWNER_MODULE_CONNECTIONS
	TCP_TABLE_OWNER_MODULE_ALL
)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL