Documentation
¶
Overview ¶
Package windivert provides a pure-Go binding to the WinDivert kernel driver on Windows (amd64 and 386). User-mode WinDivert calls are reimplemented in Go; only the signed kernel driver is embedded as an asset, since SCM-installed drivers must live on disk and their Authenticode signature forbids modification.
Administrator is required for the first Open in a process so SCM can load the driver. Upstream: https://github.com/basil00/WinDivert v2.2.2, redistributed under its LGPL v3 option; see assets/LICENSE.txt.
Index ¶
Constants ¶
const ( PriorityHighest int16 = 30000 PriorityLowest int16 = -30000 )
const AssetVersion = "2.2.2"
const MTUMax = 40 + 0xFFFF
MTUMax is WINDIVERT_MTU_MAX from windivert.h (40 + 0xFFFF). Suitable as a single-packet receive buffer size.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Address ¶
Address mirrors WINDIVERT_ADDRESS from windivert.h (80 bytes, little-endian on both amd64 and 386):
0: INT64 Timestamp 8: UINT32 bitfield: Layer:8 | Event:8 | flags | Reserved1:8 12: UINT32 Reserved2 16: 64 bytes union (WINDIVERT_DATA_NETWORK / FLOW / SOCKET / REFLECT)
func (*Address) SetIPChecksum ¶
func (*Address) SetTCPChecksum ¶
type Filter ¶
type Filter struct {
// contains filtered or unexported fields
}
Filter is a typed specification of packets to capture. It replaces WinDivert's filter string language.
Zero value = "reject all" (match nothing), suitable for send-only handles.
type Flag ¶
type Flag uint64
const ( // FlagSniff opens a passive observer: the driver copies matching packets // to userspace without removing them from the network stack. Send is not // required (and not allowed) on a sniffing handle. FlagSniff Flag = 0x0001 // FlagSendOnly opens a write-only injection handle; Recv is not allowed. FlagSendOnly Flag = 0x0008 )
Source Files