Documentation ¶
Index ¶
Constants ¶
const ( FilterActionContinue = iota FilterActionAllow FilterActionBlock FilterActionProxy FilterActionNfq FilterActionForceNfq FilterActionAllowOnce FilterActionGotoFilter FilterActionSetMark )
See frontmanIO.h for #defines
const ( BytesMatchStartIPHeader = iota + 1 BytesMatchStartProtocolHeader BytesMatchStartPayload )
See frontmanIO.h for #defines
const ( ProcessMatchProcess = iota + 1 // Match the process id ProcessMatchChildren // Match the child processes )
ProcessMatch constants
const ( CriteriaListFormatString = iota + 1 CriteriaListFormatJSON )
See Filter_set.h
const ( IpsetsDetailFormatString = iota + 1 IpsetsDetailFormatJSON )
See Ipset.h
const ( MatchTypeMatch = uint8(1) MatchTypeNoMatch = uint8(2) )
See frontmanIO.h
const ( IPVersionAny = uint8(0) // Rule is for Ipv4 or Ipv6 IPVersion4 = uint8(1) // Rule is just for Ipv4 IPVersion6 = uint8(2) // Rule is just for Ipv6 )
See frontmanIO.h
Variables ¶
var Driver = ABI(&driver{})
Driver is actually the concrete calls into the Frontman dll, which call into the driver
var Wrapper = WrapDriver(&wrapper{ driverHandle: uintptr(syscall.InvalidHandle), ruleCleaner: newRuleCleanup(), })
Wrapper is the driver/dll wrapper implementation
Functions ¶
func WideCharPointerToString ¶
WideCharPointerToString converts a pointer to a zero-terminated wide character string to a golang string
Types ¶
type ABI ¶
type ABI interface { GetDestInfo(driverHandle, socket, destInfo uintptr) (uintptr, error) ApplyDestHandle(socket, destHandle uintptr) (uintptr, error) FreeDestHandle(destHandle uintptr) (uintptr, error) NewIpset(driverHandle, name, ipsetType, ipset uintptr) (uintptr, error) GetIpset(driverHandle, name, ipset uintptr) (uintptr, error) DestroyAllIpsets(driverHandle, prefix uintptr) (uintptr, error) ListIpsets(driverHandle, ipsetNames, ipsetNamesSize, bytesReturned uintptr) (uintptr, error) ListIpsetsDetail(driverHandle, format, ipsetNames, ipsetNamesSize, bytesReturned uintptr) (uintptr, error) IpsetAdd(driverHandle, ipset, entry, timeout uintptr) (uintptr, error) IpsetAddOption(driverHandle, ipset, entry, option, timeout uintptr) (uintptr, error) IpsetDelete(driverHandle, ipset, entry uintptr) (uintptr, error) IpsetDestroy(driverHandle, ipset uintptr) (uintptr, error) IpsetFlush(driverHandle, ipset uintptr) (uintptr, error) IpsetTest(driverHandle, ipset, entry uintptr) (uintptr, error) PacketFilterStart(frontman, firewallName, receiveCallback, loggingCallback uintptr) (uintptr, error) PacketFilterClose() (uintptr, error) PacketFilterForward(info, packet uintptr) (uintptr, error) AppendFilter(driverHandle, outbound, filterName, isGotoFilter uintptr) (uintptr, error) InsertFilter(driverHandle, outbound, priority, filterName, isGotoFilter uintptr) (uintptr, error) DestroyFilter(driverHandle, filterName uintptr) (uintptr, error) EmptyFilter(driverHandle, filterName uintptr) (uintptr, error) GetFilterList(driverHandle, outbound, buffer, bufferSize, bytesReturned uintptr) (uintptr, error) AppendFilterCriteria(driverHandle, filterName, criteriaName, ruleSpec, ipsetRuleSpecs, ipsetRuleSpecCount uintptr) (uintptr, error) DeleteFilterCriteria(driverHandle, filterName, criteriaName uintptr) (uintptr, error) GetCriteriaList(driverHandle, format, criteriaList, criteriaListSize, bytesReturned uintptr) (uintptr, error) }
ABI represents the 'application binary interface' to the Frontman dll
type DestInfo ¶
type DestInfo struct { IPAddr *uint16 // WCHAR* IPAddress Destination address allocated and will be free by FrontmanFreeDestHandle Port uint16 // USHORT Port Destination port Outbound int32 // INT32 Outbound Whether or not this is an outbound or inbound connection ProcessID uint64 // UINT64 ProcessId Process id. Only available for outbound connections DestHandle uintptr // LPVOID DestHandle Handle to memory that must be freed by called ProxyDestConnected when connection is established. }
DestInfo mirrors frontman's DEST_INFO struct
type IcmpRange ¶
type IcmpRange struct { IcmpTypeSpecified uint8 IcmpType uint8 IcmpCodeSpecified uint8 IcmpCodeLower uint8 IcmpCodeUpper uint8 }
IcmpRange mirrors frontman's ICMP_RANGE struct
type IpsetRuleSpec ¶
type IpsetRuleSpec struct { NotIpset uint8 IpsetDstIP uint8 IpsetDstPort uint8 IpsetSrcIP uint8 IpsetSrcPort uint8 Reserved1 uint8 Reserved2 uint8 Reserved3 uint8 IpsetName uintptr // const wchar_t* }
IpsetRuleSpec mirrors frontman's IPSET_RULE_SPEC struct
type LogPacketInfo ¶
type LogPacketInfo struct { Ipv4 uint8 Protocol uint8 Outbound uint8 Reserved1 uint8 LocalPort uint16 RemotePort uint16 LocalAddr [4]uint32 RemoteAddr [4]uint32 PacketSize uint32 GroupID uint32 LogPrefix [64]uint16 }
LogPacketInfo mirrors frontman's FRONTMAN_LOG_PACKET_INFO struct
type PacketInfo ¶
type PacketInfo struct { Ipv4 uint8 Protocol uint8 Outbound uint8 Drop uint8 IgnoreFlow uint8 HandleLoopback uint8 // Not to be set by go code, but is for outbound loopback packets NewPacket uint8 // Set to 1 if packet did not originate from the driver. NoPidMatchOnFlow uint8 // Set to 1 to ignore process ID rule matches. DropFlow uint8 SetMark uint8 Reserved [2]uint8 SetMarkValue uint32 LocalPort uint16 RemotePort uint16 LocalAddr [4]uint32 RemoteAddr [4]uint32 IfIdx uint32 SubIfIdx uint32 CompartmentID uint32 PacketSize uint32 Mark uint32 StartTimeReceivedFromNetwork uint64 StartTimeSentToUserLand uint64 }
PacketInfo mirrors frontman's FRONTMAN_PACKET_INFO struct
type RuleSpec ¶
type RuleSpec struct { Action uint8 Log uint8 Protocol uint8 ProtocolSpecified uint8 AleAuthConnect uint8 // not used by us ProcessFlags uint8 // See frontmanIO.h bit mask PROCESS_MATCH_PROCESS and/or PROCESS_MATCH_CHILDREN TCPFlags uint8 TCPFlagsMask uint8 TCPFlagsSpecified uint8 TCPOption uint8 TCPOptionSpecified uint8 CompartmentIDSpecified uint8 BytesNoMatch uint8 FlowMarkMatchType uint8 // MATCH_TYPE_MATCH = 1 MATCH_TYPE_NOMATCH = 2 IPVersionMatch uint8 // IP_VERSION_ANY, IP_VERSION_4, or IP_VERSION_6 Reserved uint8 FlowMark uint32 CompartmentID uint32 IcmpRanges *IcmpRange IcmpRangeCount int32 ProxyPort uint16 BytesMatchStart int16 // See frontmanIO.h for BYTESMATCH defines. BytesMatchOffset int32 BytesMatchSize int32 BytesMatch *byte Mark uint32 GroupID uint32 SrcPortCount int32 DstPortCount int32 SrcPorts *PortRange DstPorts *PortRange LogPrefix uintptr // const wchar_t* Application uintptr // const wchar_t* ProcessID uint64 GotoFilterName uintptr // const wchar_t* }
RuleSpec mirrors frontman's RULE_SPEC struct
type WrapDriver ¶
type WrapDriver interface { GetDestInfo(socket uintptr, destInfo *DestInfo) error ApplyDestHandle(socket, destHandle uintptr) error FreeDestHandle(destHandle uintptr) error NewIpset(name, ipsetType string) (uintptr, error) GetIpset(name string) (uintptr, error) DestroyAllIpsets(prefix string) error ListIpsets() ([]string, error) ListIpsetsDetail(format int) (string, error) IpsetAdd(ipsetHandle uintptr, entry string, timeout int) error IpsetAddOption(ipsetHandle uintptr, entry, option string, timeout int) error IpsetDelete(ipsetHandle uintptr, entry string) error IpsetDestroy(ipsetHandle uintptr, name string) error IpsetFlush(ipsetHandle uintptr) error IpsetTest(ipsetHandle uintptr, entry string) (bool, error) PacketFilterStart(firewallName string, receiveCallback, loggingCallback func(uintptr, uintptr) uintptr) error PacketFilterClose() error PacketFilterForward(info *PacketInfo, packetBytes []byte) error AppendFilter(outbound bool, filterName string, isGotoFilter bool) error InsertFilter(outbound bool, priority int, filterName string, isGotoFilter bool) error DestroyFilter(filterName string) error EmptyFilter(filterName string) error GetFilterList(outbound bool) ([]string, error) AppendFilterCriteria(filterName, criteriaName string, ruleSpec *RuleSpec, ipsetRuleSpecs []IpsetRuleSpec) error DeleteFilterCriteria(filterName, criteriaName string) error GetCriteriaList(format int) (string, error) }
WrapDriver represents convenience wrapper methods for calling our Windows Frontman DLL