-
Notifications
You must be signed in to change notification settings - Fork 104
/
Copy pathnfapi.h
411 lines (348 loc) · 11.3 KB
/
nfapi.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
//
// NetFilterSDK
// Copyright (C) 2009 Vitaly Sidorov
// All rights reserved.
//
// This file is a part of the NetFilter SDK.
// The code and information is provided "as-is" without
// warranty of any kind, either expressed or implied.
//
#define _C_API
#ifndef _NFAPI_H
#define _NFAPI_H
#include <winsock2.h>
#include <windows.h>
#include <stdio.h>
#include <stdlib.h>
//#include <ws2def.h>
#include "nfevents.h"
#ifdef _NFAPI_STATIC_LIB
#define NFAPI_API
#else
#ifdef NFAPI_EXPORTS
#define NFAPI_API __declspec(dllexport)
#else
#define NFAPI_API __declspec(dllimport)
#endif
#endif
// Flags for NF_UDP_OPTIONS.flags
#define TDI_RECEIVE_BROADCAST 0x00000004 // received TSDU was broadcast.
#define TDI_RECEIVE_MULTICAST 0x00000008 // received TSDU was multicast.
#define TDI_RECEIVE_PARTIAL 0x00000010 // received TSDU is not fully presented.
#define TDI_RECEIVE_NORMAL 0x00000020 // received TSDU is normal data
#define TDI_RECEIVE_EXPEDITED 0x00000040 // received TSDU is expedited data
#define TDI_RECEIVE_PEEK 0x00000080 // received TSDU is not released
#define TDI_RECEIVE_NO_RESPONSE_EXP 0x00000100 // HINT: no back-traffic expected
#define TDI_RECEIVE_COPY_LOOKAHEAD 0x00000200 // for kernel-mode indications
#define TDI_RECEIVE_ENTIRE_MESSAGE 0x00000400 // opposite of RECEIVE_PARTIAL
// (for kernel-mode indications)
#define TDI_RECEIVE_AT_DISPATCH_LEVEL 0x00000800 // receive indication called
// at dispatch level
#define TDI_RECEIVE_CONTROL_INFO 0x00001000 // Control info is being passed up.
#define TDI_RECEIVE_FORCE_INDICATION 0x00002000 // reindicate rejected data.
#define TDI_RECEIVE_NO_PUSH 0x00004000 // complete only when full.
typedef enum _NF_FLAGS
{
NFF_NONE = 0,
NFF_DONT_DISABLE_TEREDO = 1,
NFF_DONT_DISABLE_TCP_OFFLOADING = 2,
NFF_DONT_ADD_ANTIVIRUS_EXCEPTIONS = 4
} NF_FLAGS;
#ifndef _C_API
namespace nfapi
{
#define NFAPI_NS nfapi::
#define NFAPI_CC
#else // _C_API
#define NFAPI_CC __cdecl
#define NFAPI_NS
#ifdef __cplusplus
extern "C"
{
#endif
#endif // _C_API
/**
* Initializes the internal data structures and starts the filtering thread.
* @param driverName The name of hooking driver, without ".sys" extension.
* @param pHandler Pointer to event handling object
**/
NFAPI_API NF_STATUS NFAPI_CC nf_init(const char * driverName, NF_EventHandler * pHandler);
/**
* Stops the filtering thread, breaks all filtered connections and closes
* a connection with the hooking driver.
**/
NFAPI_API void NFAPI_CC
nf_free();
/**
* Registers and starts a driver with specified name (without ".sys" extension)
* @param driverName
**/
NFAPI_API NF_STATUS NFAPI_CC
nf_registerDriver(const char * driverName);
/**
* Unregisters a driver with specified name (without ".sys" extension)
* @param driverName
**/
NFAPI_API NF_STATUS NFAPI_CC
nf_unRegisterDriver(const char * driverName);
//
// TCP control routines
//
/**
* Suspends or resumes indicating of sends and receives for specified connection.
* @param id Connection identifier
* @param suspended TRUE(1) for suspend, FALSE(0) for resume
**/
NFAPI_API NF_STATUS NFAPI_CC
nf_tcpSetConnectionState(ENDPOINT_ID id, int suspended);
/**
* Sends the buffer to remote server via specified connection.
* @param id Connection identifier
* @param buf Pointer to data buffer
* @param len Buffer length
**/
NFAPI_API NF_STATUS NFAPI_CC
nf_tcpPostSend(ENDPOINT_ID id, const char * buf, int len);
/**
* Indicates the buffer to local process via specified connection.
* @param id Unique connection identifier
* @param buf Pointer to data buffer
* @param len Buffer length
**/
NFAPI_API NF_STATUS NFAPI_CC
nf_tcpPostReceive(ENDPOINT_ID id, const char * buf, int len);
/**
* Breaks the connection with given id.
* @param id Connection identifier
**/
NFAPI_API NF_STATUS NFAPI_CC
nf_tcpClose(ENDPOINT_ID id);
/**
* Sets the timeout for TCP connections and returns old timeout.
* @param timeout Timeout value in milliseconds. Specify zero value to disable timeouts.
*/
NFAPI_API unsigned long NFAPI_CC
nf_setTCPTimeout(unsigned long timeout);
/**
* Disables indicating TCP packets to user mode for the specified endpoint
* @param id Socket identifier
*/
NFAPI_API NF_STATUS NFAPI_CC
nf_tcpDisableFiltering(ENDPOINT_ID id);
//
// UDP control routines
//
/**
* Suspends or resumes indicating of sends and receives for specified socket.
* @param id Socket identifier
* @param suspended TRUE(1) for suspend, FALSE(0) for resume
**/
NFAPI_API NF_STATUS NFAPI_CC
nf_udpSetConnectionState(ENDPOINT_ID id, int suspended);
/**
* Sends the buffer to remote server via specified socket.
* @param id Socket identifier
* @param options UDP options
* @param remoteAddress Destination address
* @param buf Pointer to data buffer
* @param len Buffer length
**/
NFAPI_API NF_STATUS NFAPI_CC
nf_udpPostSend(ENDPOINT_ID id, const unsigned char * remoteAddress, const char * buf, int len, PNF_UDP_OPTIONS options);
/**
* Indicates the buffer to local process via specified socket.
* @param id Unique connection identifier
* @param options UDP options
* @param remoteAddress Source address
* @param buf Pointer to data buffer
* @param len Buffer length
**/
NFAPI_API NF_STATUS NFAPI_CC
nf_udpPostReceive(ENDPOINT_ID id, const unsigned char * remoteAddress, const char * buf, int len, PNF_UDP_OPTIONS options);
/**
* Disables indicating UDP packets to user mode for the specified endpoint
* @param id Socket identifier
*/
NFAPI_API NF_STATUS NFAPI_CC
nf_udpDisableFiltering(ENDPOINT_ID id);
/**
* Sends a packet to remote IP
* @param buf Pointer to IP packet
* @param len Buffer length
* @param options IP options
**/
NFAPI_API NF_STATUS NFAPI_CC
nf_ipPostSend(const char * buf, int len, PNF_IP_PACKET_OPTIONS options);
/**
* Indicates a packet to TCP/IP stack
* @param buf Pointer to IP packet
* @param len Buffer length
* @param options IP options
**/
NFAPI_API NF_STATUS NFAPI_CC
nf_ipPostReceive(const char * buf, int len, PNF_IP_PACKET_OPTIONS options);
//
// Filtering rules
//
/**
* Add a rule to the head of rules list in driver.
* @param pRule See <tt>NF_RULE</tt>
* @param toHead TRUE (1) - add rule to list head, FALSE (0) - add rule to tail
**/
NFAPI_API NF_STATUS NFAPI_CC
nf_addRule(PNF_RULE pRule, int toHead);
/**
* Removes all rules from driver.
**/
NFAPI_API NF_STATUS NFAPI_CC
nf_deleteRules();
/**
* Replace the rules in driver with the specified array.
* @param pRules Array of <tt>NF_RULE</tt> structures
* @param count Number of items in array
**/
NFAPI_API NF_STATUS NFAPI_CC
nf_setRules(PNF_RULE pRules, int count);
/**
* Add a rule to the head of rules list in driver.
* @param pRule See <tt>NF_RULE_EX</tt>
* @param toHead TRUE (1) - add rule to list head, FALSE (0) - add rule to tail
**/
NFAPI_API NF_STATUS NFAPI_CC
nf_addRuleEx(PNF_RULE_EX pRule, int toHead);
/**
* Replace the rules in driver with the specified array.
* @param pRules Array of <tt>NF_RULE_EX</tt> structures
* @param count Number of items in array
**/
NFAPI_API NF_STATUS NFAPI_CC
nf_setRulesEx(PNF_RULE_EX pRules, int count);
//
// Debug routine
//
NFAPI_API unsigned long NFAPI_CC
nf_getConnCount();
NFAPI_API NF_STATUS NFAPI_CC
nf_tcpSetSockOpt(ENDPOINT_ID id, int optname, const char* optval, int optlen);
/**
* Returns the process name for given process id
* @param processId Process identifier
* @param buf Buffer
* @param len Buffer length
**/
NFAPI_API BOOL NFAPI_CC
nf_getProcessNameA(DWORD processId, char * buf, DWORD len);
NFAPI_API BOOL NFAPI_CC
nf_getProcessNameW(DWORD processId, wchar_t * buf, DWORD len);
#ifdef UNICODE
#define nf_getProcessName nf_getProcessNameW
#else
#define nf_getProcessName nf_getProcessNameA
#endif
NFAPI_API BOOL NFAPI_CC
nf_getProcessNameFromKernel(DWORD processId, wchar_t * buf, DWORD len);
/**
* Allows the current process to see the names of all processes in system
**/
NFAPI_API void NFAPI_CC
nf_adjustProcessPriviledges();
/**
* Returns TRUE if the specified process acts as a local proxy, accepting the redirected TCP connections.
**/
NFAPI_API BOOL NFAPI_CC
nf_tcpIsProxy(DWORD processId);
/**
* Set the number of worker threads and initialization flags.
* The function should be called before nf_init.
* By default nThreads = 1 and flags = 0
* @param nThreads Number of worker threads for NF_EventHandler events
* @param flags A combination of flags from <tt>NF_FLAGS</tt>
**/
NFAPI_API void NFAPI_CC
nf_setOptions(DWORD nThreads, DWORD flags);
/**
* Complete TCP connect request pended using flag NF_PEND_CONNECT_REQUEST.
**/
NFAPI_API NF_STATUS NFAPI_CC
nf_completeTCPConnectRequest(ENDPOINT_ID id, PNF_TCP_CONN_INFO pConnInfo);
/**
* Complete UDP connect request pended using flag NF_PEND_CONNECT_REQUEST.
**/
NFAPI_API NF_STATUS NFAPI_CC
nf_completeUDPConnectRequest(ENDPOINT_ID id, PNF_UDP_CONN_REQUEST pConnInfo);
/**
* Returns in pConnInfo the properties of TCP connection with specified id.
**/
NFAPI_API NF_STATUS NFAPI_CC
nf_getTCPConnInfo(ENDPOINT_ID id, PNF_TCP_CONN_INFO pConnInfo);
/**
* Returns in pConnInfo the properties of UDP socket with specified id.
**/
NFAPI_API NF_STATUS NFAPI_CC
nf_getUDPConnInfo(ENDPOINT_ID id, PNF_UDP_CONN_INFO pConnInfo);
/**
* Set the event handler for IP filtering events
*/
NFAPI_API void NFAPI_CC
nf_setIPEventHandler(NF_IPEventHandler * pHandler);
/**
* Add flow control context
*/
NFAPI_API NF_STATUS NFAPI_CC
nf_addFlowCtl(PNF_FLOWCTL_DATA pData, unsigned int * pFcHandle);
/**
* Delete flow control context
*/
NFAPI_API NF_STATUS NFAPI_CC
nf_deleteFlowCtl(unsigned int fcHandle);
/**
* Associate flow control context with TCP connection
*/
NFAPI_API NF_STATUS NFAPI_CC
nf_setTCPFlowCtl(ENDPOINT_ID id, unsigned int fcHandle);
/**
* Associate flow control context with UDP socket
*/
NFAPI_API NF_STATUS NFAPI_CC
nf_setUDPFlowCtl(ENDPOINT_ID id, unsigned int fcHandle);
/**
* Modify flow control context limits
*/
NFAPI_API NF_STATUS NFAPI_CC
nf_modifyFlowCtl(unsigned int fcHandle, PNF_FLOWCTL_DATA pData);
/**
* Get flow control context statistics as the numbers of in/out bytes
*/
NFAPI_API NF_STATUS NFAPI_CC
nf_getFlowCtlStat(unsigned int fcHandle, PNF_FLOWCTL_STAT pStat);
/**
* Get TCP connection statistics as the numbers of in/out bytes.
* The function can be called only from tcpClosed handler!
*/
NFAPI_API NF_STATUS NFAPI_CC
nf_getTCPStat(ENDPOINT_ID id, PNF_FLOWCTL_STAT pStat);
/**
* Get UDP socket statistics as the numbers of in/out bytes.
* The function can be called only from udpClosed handler!
*/
NFAPI_API NF_STATUS NFAPI_CC
nf_getUDPStat(ENDPOINT_ID id, PNF_FLOWCTL_STAT pStat);
/**
* Add binding rule to driver
*/
NFAPI_API NF_STATUS NFAPI_CC
nf_addBindingRule(PNF_BINDING_RULE pRule, int toHead);
/**
* Delete all binding rules from driver
*/
NFAPI_API NF_STATUS NFAPI_CC
nf_deleteBindingRules();
/**
* Returns the type of attached driver (DT_WFP, DT_TDI or DT_UNKNOWN)
*/
NFAPI_API unsigned long NFAPI_CC
nf_getDriverType();
#ifdef __cplusplus
}
#endif
#endif