-
Notifications
You must be signed in to change notification settings - Fork 1
/
nfdriver.go
248 lines (218 loc) · 5.42 KB
/
nfdriver.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
package gonfapi
import (
"reflect"
"unsafe"
"golang.org/x/sys/windows"
)
// C enum and #define is 4Bytes
const (
TCP_PACKET_BUF_SIZE int32 = 8192
UDP_PACKET_BUF_SIZE int32 = 2 * 65536
)
type DataCode int32
const (
TCP_CONNECTED DataCode = iota
TCP_CLOSED
TCP_RECEIVE
TCP_SEND
TCP_CAN_RECEIVE
TCP_CAN_SEND
TCP_REQ_SUSPEND
TCP_REQ_RESUME
//UDP
UDP_CREATED
UDP_CLOSED
UDP_RECEIVE
UDP_SEND
UDP_CAN_RECEIVE
UDP_CAN_SEND
UDP_REQ_SUSPEND
UDP_REQ_RESUME
//REQ RULE
REQ_ADD_HEAD_RULE
REQ_ADD_TAIL_RULE
REQ_DELETE_RULES
//CONNECT
TCP_CONNECT_REQUEST
UDP_CONNECT_REQUEST
//other
TCP_DISABLE_USER_MODE_FILTERING
UDP_DISABLE_USER_MODE_FILTERING
REQ_SET_TCP_OPT
REQ_IS_PROXY
TCP_REINJECT
TCP_REMOVE_CLOSED
TCP_DEFERRED_DISCONNECT
IP_RECEIVE
IP_SEND
TCP_RECEIVE_PUSH
)
type DIRECTION int32
const (
D_IN DIRECTION = 1
D_OUT DIRECTION = 2
D_BOTH DIRECTION = 3
)
type FILTERING_FLAG uint32
const (
NF_ALLOW FILTERING_FLAG = 0 // Allow the activity without filtering transmitted packets
NF_BLOCK FILTERING_FLAG = 1 // Block the activity
NF_FILTER FILTERING_FLAG = 2 // Filter the transmitted packets
NF_SUSPENDED FILTERING_FLAG = 4 // Suspend receives from server and sends from client
NF_OFFLINE FILTERING_FLAG = 8 // Emulate establishing a TCP connection with remote server
NF_INDICATE_CONNECT_REQUESTS FILTERING_FLAG = 16 // Indicate outgoing connect requests to API
NF_DISABLE_REDIRECT_PROTECTION FILTERING_FLAG = 32 // Disable blocking indicating connect requests for outgoing connections of local proxies
NF_PEND_CONNECT_REQUEST FILTERING_FLAG = 64 // Pend outgoing connect request to complete it later using nf_complete(TCP|UDP)ConnectRequest
NF_FILTER_AS_IP_PACKETS FILTERING_FLAG = 128 // Indicate the traffic as IP packets via ipSend/ipReceive
NF_READONLY FILTERING_FLAG = 256 // Don't block the IP packets and indicate them to ipSend/ipReceive only for monitoring
NF_CONTROL_FLOW FILTERING_FLAG = 512
)
const (
MAX_ADDRESS_LENGTH = 28
MAX_IP_ADDRESS_LENGTH = 16
AF_INET = 2
AF_INET6 = 23
IPPROTO_UDP = 17
IPPROTO_TCP = 6
)
// NF_RULE
type NF_RULE struct {
Protocol INT32
ProcessId UINT32
Direction uint8
LocalPort UINT16
RemotePort UINT16
IpFamily INT16
LocalIpAddress IpAddress
LocalIpAddressMask IpAddress
RemoteIpAddress IpAddress
RemoteIpAddressMask IpAddress
FilteringFlag UINT32
}
// NF_PORT_RANGE
type NF_PORT_RANGE struct {
ValueLow UINT16
ValueHigh UINT16
}
//NF_RULE_EX
type NF_RULE_EX struct {
NF_RULE
processName [260]UINT16
LocalPortRange NF_PORT_RANGE
RemotePortRange NF_PORT_RANGE
RedirectTo SockaddrInx
LocalProxyProcessId UINT32
}
func (n *NF_RULE_EX) GetProcessName() string {
//dec := unicode.UTF16(unicode.LittleEndian, unicode.IgnoreBOM).NewDecoder()
return windows.UTF16ToString(*(*[]uint16)(unsafe.Pointer(&n.processName[0])))
}
func (n *NF_RULE_EX) SetProcessName(s string) {
//dec := unicode.UTF16(unicode.LittleEndian, unicode.IgnoreBOM).NewDecoder()
var si, _ = windows.UTF16FromString(s)
l := len(si)
sh := (*reflect.SliceHeader)(unsafe.Pointer(&si))
sh.Cap = l
sh.Len = l
copy(n.processName[:], *(*[]UINT16)(unsafe.Pointer(&sh)))
}
/**
* TCP connection properties UNALIGNED
**/
type NF_TCP_CONN_INFO struct {
FilteringFlag UINT32
ProcessId UINT32
Direction uint8
IpFamily UINT16
LocalAddress SockaddrInx
RemoteAddress SockaddrInx
}
/**
* UDP endpoint properties UNALIGNED
**/
type NF_UDP_CONN_INFO struct {
ProcessId UINT32
IpFamily UINT16
LocalAddress SockaddrInx
}
/**
* UDP TDI_CONNECT request properties UNALIGNED
**/
type NF_UDP_CONN_REQUEST struct {
FilteringFlag UINT32
ProcessId UINT32
IpFamily UINT16
LocalAddress SockaddrInx
RemoteAddress SockaddrInx
}
/**
* UDP options UNALIGNED
**/
type NF_UDP_OPTIONS struct {
Flags UINT32
OptionsLength INT32
Options [2048]byte //Options of variable size
}
func (op NF_UDP_OPTIONS) GetBytes() (data []byte) {
sh := (*reflect.SliceHeader)(unsafe.Pointer(&data))
l := 4 + 4 + op.OptionsLength.Get()
sh.Data = uintptr(unsafe.Pointer(&op))
sh.Len = int(l)
sh.Cap = int(l)
return
}
// IP
type NF_IP_FLAG uint32
const (
NFIF_NONE NF_IP_FLAG = iota
NFIF_READONLY
)
/**
* IP options
**/
type NF_IP_PACKET_OPTIONS struct {
IpFamily UINT16
IpHeaderSize UINT32
CompartmentId UINT32
InterfaceIndex UINT32
SubInterfaceIndex UINT32
Flags UINT32
}
type NF_DATA struct {
Code INT32
ID UINT64
BufferSize UINT32
Buffer byte
}
type NF_BUFFERS struct {
InBuf, InBufLen, OutBuf, OutBufLen uint64
}
type NF_READ_RESULT struct {
Length uint64
}
type NF_FLOWCTL_DATA struct {
InLimit, OutLimit UINT64
}
type NF_FLOWCTL_MODIFY_DATA struct {
FcHandle uint32
Data NF_FLOWCTL_DATA
}
type NF_FLOWCTL_STAT struct {
InBytes, OutBytes UINT64
}
type NF_FLOWCTL_SET_DATA struct {
EndpointId UINT64
FcHandle UINT32
}
type NF_BINDING_RULE struct {
Protocol INT32
ProcessId UINT32
ProcessName [260]UINT16
LocalPort UINT16
IpFamily UINT16
LocalIpAddress IpAddress
LocalIpAddressMask IpAddress
NewLocalIpAddress IpAddress
NewLocalPort UINT16
FilteringFlag UINT32
}