frontman

package
v10.338.0+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 23, 2021 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Rendered for windows/amd64

Index

Constants

View Source
const (
	FilterActionContinue = iota
	FilterActionAllow
	FilterActionBlock
	FilterActionProxy
	FilterActionNfq
	FilterActionForceNfq
	FilterActionAllowOnce
	FilterActionGotoFilter
	FilterActionSetMark
)

See frontmanIO.h for #defines

View Source
const (
	BytesMatchStartIPHeader = iota + 1
	BytesMatchStartProtocolHeader
	BytesMatchStartPayload
)

See frontmanIO.h for #defines

View Source
const (
	ProcessMatchProcess  = iota + 1 // Match the process id
	ProcessMatchChildren            // Match the child processes
)

ProcessMatch constants

View Source
const (
	CriteriaListFormatString = iota + 1
	CriteriaListFormatJSON
)

See Filter_set.h

View Source
const (
	IpsetsDetailFormatString = iota + 1
	IpsetsDetailFormatJSON
)

See Ipset.h

View Source
const (
	MatchTypeMatch   = uint8(1)
	MatchTypeNoMatch = uint8(2)
)

See frontmanIO.h

View Source
const (
	IPVersionAny = uint8(0) // Rule is for Ipv4 or Ipv6
	IPVersion4   = uint8(1) // Rule is just for Ipv4
	IPVersion6   = uint8(2) // Rule is just for Ipv6
)

See frontmanIO.h

Variables

View Source
var Driver = ABI(&driver{})

Driver is actually the concrete calls into the Frontman dll, which call into the driver

View Source
var Wrapper = WrapDriver(&wrapper{
	driverHandle: uintptr(syscall.InvalidHandle),
	ruleCleaner:  newRuleCleanup(),
})

Wrapper is the driver/dll wrapper implementation

Functions

func WideCharPointerToString

func WideCharPointerToString(pszWide *uint16) string

WideCharPointerToString converts a pointer to a zero-terminated wide character string to a golang string

Types

type ABI

type ABI interface {
	FrontmanOpenShared() (uintptr, error)
	GetDestInfo(driverHandle, socket, destInfo uintptr) (uintptr, error)
	ApplyDestHandle(socket, destHandle uintptr) (uintptr, error)
	FreeDestHandle(destHandle uintptr) (uintptr, error)
	NewIpset(driverHandle, name, ipsetType, ipset uintptr) (uintptr, error)
	GetIpset(driverHandle, name, ipset uintptr) (uintptr, error)
	DestroyAllIpsets(driverHandle, prefix uintptr) (uintptr, error)
	ListIpsets(driverHandle, ipsetNames, ipsetNamesSize, bytesReturned uintptr) (uintptr, error)
	ListIpsetsDetail(driverHandle, format, ipsetNames, ipsetNamesSize, bytesReturned uintptr) (uintptr, error)
	IpsetAdd(driverHandle, ipset, entry, timeout uintptr) (uintptr, error)
	IpsetAddOption(driverHandle, ipset, entry, option, timeout uintptr) (uintptr, error)
	IpsetDelete(driverHandle, ipset, entry uintptr) (uintptr, error)
	IpsetDestroy(driverHandle, ipset uintptr) (uintptr, error)
	IpsetFlush(driverHandle, ipset uintptr) (uintptr, error)
	IpsetTest(driverHandle, ipset, entry uintptr) (uintptr, error)
	PacketFilterStart(frontman, firewallName, receiveCallback, loggingCallback uintptr) (uintptr, error)
	PacketFilterClose() (uintptr, error)
	PacketFilterForward(info, packet uintptr) (uintptr, error)
	AppendFilter(driverHandle, outbound, filterName, isGotoFilter uintptr) (uintptr, error)
	InsertFilter(driverHandle, outbound, priority, filterName, isGotoFilter uintptr) (uintptr, error)
	DestroyFilter(driverHandle, filterName uintptr) (uintptr, error)
	EmptyFilter(driverHandle, filterName uintptr) (uintptr, error)
	GetFilterList(driverHandle, outbound, buffer, bufferSize, bytesReturned uintptr) (uintptr, error)
	AppendFilterCriteria(driverHandle, filterName, criteriaName, ruleSpec, ipsetRuleSpecs, ipsetRuleSpecCount uintptr) (uintptr, error)
	DeleteFilterCriteria(driverHandle, filterName, criteriaName uintptr) (uintptr, error)
	GetCriteriaList(driverHandle, format, criteriaList, criteriaListSize, bytesReturned uintptr) (uintptr, error)
}

ABI represents the 'application binary interface' to the Frontman dll

type DestInfo

type DestInfo struct {
	IPAddr     *uint16 // WCHAR* IPAddress		Destination address allocated and will be free by FrontmanFreeDestHandle
	Port       uint16  // USHORT Port			Destination port
	Outbound   int32   // INT32 Outbound		Whether or not this is an outbound or inbound connection
	ProcessID  uint64  // UINT64 ProcessId		Process id.  Only available for outbound connections
	DestHandle uintptr // LPVOID DestHandle		Handle to memory that must be freed by called ProxyDestConnected when connection is established.
}

DestInfo mirrors frontman's DEST_INFO struct

type IcmpRange

type IcmpRange struct {
	IcmpTypeSpecified uint8
	IcmpType          uint8
	IcmpCodeSpecified uint8
	IcmpCodeLower     uint8
	IcmpCodeUpper     uint8
}

IcmpRange mirrors frontman's ICMP_RANGE struct

type IpsetRuleSpec

type IpsetRuleSpec struct {
	NotIpset     uint8
	IpsetDstIP   uint8
	IpsetDstPort uint8
	IpsetSrcIP   uint8
	IpsetSrcPort uint8
	Reserved1    uint8
	Reserved2    uint8
	Reserved3    uint8
	IpsetName    uintptr // const wchar_t*
}

IpsetRuleSpec mirrors frontman's IPSET_RULE_SPEC struct

type LogPacketInfo

type LogPacketInfo struct {
	Ipv4       uint8
	Protocol   uint8
	Outbound   uint8
	Reserved1  uint8
	LocalPort  uint16
	RemotePort uint16
	LocalAddr  [4]uint32
	RemoteAddr [4]uint32
	PacketSize uint32
	GroupID    uint32
	LogPrefix  [64]uint16
}

LogPacketInfo mirrors frontman's FRONTMAN_LOG_PACKET_INFO struct

type PacketInfo

type PacketInfo struct {
	Ipv4                         uint8
	Protocol                     uint8
	Outbound                     uint8
	Drop                         uint8
	IgnoreFlow                   uint8
	HandleLoopback               uint8 // Not to be set by go code, but is for outbound loopback packets
	NewPacket                    uint8 // Set to 1 if packet did not originate from the driver.
	NoPidMatchOnFlow             uint8 // Set to 1 to ignore process ID rule matches.
	DropFlow                     uint8
	SetMark                      uint8
	Reserved                     [2]uint8
	SetMarkValue                 uint32
	LocalPort                    uint16
	RemotePort                   uint16
	LocalAddr                    [4]uint32
	RemoteAddr                   [4]uint32
	IfIdx                        uint32
	SubIfIdx                     uint32
	CompartmentID                uint32
	PacketSize                   uint32
	Mark                         uint32
	StartTimeReceivedFromNetwork uint64
	StartTimeSentToUserLand      uint64
}

PacketInfo mirrors frontman's FRONTMAN_PACKET_INFO struct

type PortRange

type PortRange struct {
	PortStart uint16
	PortEnd   uint16
}

PortRange mirrors frontman's PORT_RANGE struct

type RuleSpec

type RuleSpec struct {
	Action                 uint8
	Log                    uint8
	Protocol               uint8
	ProtocolSpecified      uint8
	AleAuthConnect         uint8 // not used by us
	ProcessFlags           uint8 // See frontmanIO.h bit mask PROCESS_MATCH_PROCESS and/or PROCESS_MATCH_CHILDREN
	TCPFlags               uint8
	TCPFlagsMask           uint8
	TCPFlagsSpecified      uint8
	TCPOption              uint8
	TCPOptionSpecified     uint8
	CompartmentIDSpecified uint8
	BytesNoMatch           uint8
	FlowMarkMatchType      uint8 // MATCH_TYPE_MATCH = 1 MATCH_TYPE_NOMATCH = 2
	IPVersionMatch         uint8 // IP_VERSION_ANY, IP_VERSION_4, or IP_VERSION_6
	Reserved               uint8
	FlowMark               uint32
	CompartmentID          uint32
	IcmpRanges             *IcmpRange
	IcmpRangeCount         int32
	ProxyPort              uint16
	BytesMatchStart        int16 // See frontmanIO.h for BYTESMATCH defines.
	BytesMatchOffset       int32
	BytesMatchSize         int32
	BytesMatch             *byte
	Mark                   uint32
	GroupID                uint32
	SrcPortCount           int32
	DstPortCount           int32
	SrcPorts               *PortRange
	DstPorts               *PortRange
	LogPrefix              uintptr // const wchar_t*
	Application            uintptr // const wchar_t*
	ProcessID              uint64
	GotoFilterName         uintptr // const wchar_t*
}

RuleSpec mirrors frontman's RULE_SPEC struct

type WrapDriver

type WrapDriver interface {
	GetDestInfo(socket uintptr, destInfo *DestInfo) error
	ApplyDestHandle(socket, destHandle uintptr) error
	FreeDestHandle(destHandle uintptr) error
	NewIpset(name, ipsetType string) (uintptr, error)
	GetIpset(name string) (uintptr, error)
	DestroyAllIpsets(prefix string) error
	ListIpsets() ([]string, error)
	ListIpsetsDetail(format int) (string, error)
	IpsetAdd(ipsetHandle uintptr, entry string, timeout int) error
	IpsetAddOption(ipsetHandle uintptr, entry, option string, timeout int) error
	IpsetDelete(ipsetHandle uintptr, entry string) error
	IpsetDestroy(ipsetHandle uintptr, name string) error
	IpsetFlush(ipsetHandle uintptr) error
	IpsetTest(ipsetHandle uintptr, entry string) (bool, error)
	PacketFilterStart(firewallName string, receiveCallback, loggingCallback func(uintptr, uintptr) uintptr) error
	PacketFilterClose() error
	PacketFilterForward(info *PacketInfo, packetBytes []byte) error
	AppendFilter(outbound bool, filterName string, isGotoFilter bool) error
	InsertFilter(outbound bool, priority int, filterName string, isGotoFilter bool) error
	DestroyFilter(filterName string) error
	EmptyFilter(filterName string) error
	GetFilterList(outbound bool) ([]string, error)
	AppendFilterCriteria(filterName, criteriaName string, ruleSpec *RuleSpec, ipsetRuleSpecs []IpsetRuleSpec) error
	DeleteFilterCriteria(filterName, criteriaName string) error
	GetCriteriaList(format int) (string, error)
}

WrapDriver represents convenience wrapper methods for calling our Windows Frontman DLL

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL