// // NetFilterSDK // Copyright (C) Vitaly Sidorov // All rights reserved. // // This file is a part of the NetFilter SDK. // The code and information is provided "as-is" without // warranty of any kind, either expressed or implied. // #ifndef _NFAPI_H #define _NFAPI_H #include #ifdef _NFAPI_STATIC_LIB #define NFAPI_API #else #ifdef NFAPI_EXPORTS #define NFAPI_API __declspec(dllexport) #else #define NFAPI_API __declspec(dllimport) #endif #endif // Flags for NF_UDP_OPTIONS.flags #define TDI_RECEIVE_BROADCAST 0x00000004 // received TSDU was broadcast. #define TDI_RECEIVE_MULTICAST 0x00000008 // received TSDU was multicast. #define TDI_RECEIVE_PARTIAL 0x00000010 // received TSDU is not fully presented. #define TDI_RECEIVE_NORMAL 0x00000020 // received TSDU is normal data #define TDI_RECEIVE_EXPEDITED 0x00000040 // received TSDU is expedited data #define TDI_RECEIVE_PEEK 0x00000080 // received TSDU is not released #define TDI_RECEIVE_NO_RESPONSE_EXP 0x00000100 // HINT: no back-traffic expected #define TDI_RECEIVE_COPY_LOOKAHEAD 0x00000200 // for kernel-mode indications #define TDI_RECEIVE_ENTIRE_MESSAGE 0x00000400 // opposite of RECEIVE_PARTIAL // (for kernel-mode indications) #define TDI_RECEIVE_AT_DISPATCH_LEVEL 0x00000800 // receive indication called // at dispatch level #define TDI_RECEIVE_CONTROL_INFO 0x00001000 // Control info is being passed up. #define TDI_RECEIVE_FORCE_INDICATION 0x00002000 // reindicate rejected data. #define TDI_RECEIVE_NO_PUSH 0x00004000 // complete only when full. typedef enum _NF_FLAGS { NFF_NONE = 0, NFF_DONT_DISABLE_TEREDO = 1, NFF_DONT_DISABLE_TCP_OFFLOADING = 2, NFF_DISABLE_AUTO_REGISTER = 4, NFF_DISABLE_AUTO_START = 8, } NF_FLAGS; #ifndef _C_API namespace nfapi { #define NFAPI_NS nfapi:: #define NFAPI_CC #else // _C_API #define NFAPI_CC __cdecl #define NFAPI_NS #ifdef __cplusplus extern "C" { #endif #endif // _C_API /** * Initializes the internal data structures and starts the filtering thread. * @param driverName The name of hooking driver, without ".sys" extension. * @param pHandler Pointer to event handling object **/ NFAPI_API NF_STATUS NFAPI_CC nf_init(const char * driverName, NF_EventHandler * pHandler); /** * Stops the filtering thread, breaks all filtered connections and closes * a connection with the hooking driver. **/ NFAPI_API void NFAPI_CC nf_free(); /** * Registers and starts a driver with specified name (without ".sys" extension) * @param driverName **/ NFAPI_API NF_STATUS NFAPI_CC nf_registerDriver(const char * driverName); /** * Registers and starts a driver with specified name (without ".sys" extension) and path to driver folder * @param driverName * @param driverPath **/ NFAPI_API NF_STATUS NFAPI_CC nf_registerDriverEx(const char * driverName, const char * driverPath); /** * Unregisters a driver with specified name (without ".sys" extension) * @param driverName **/ NFAPI_API NF_STATUS NFAPI_CC nf_unRegisterDriver(const char * driverName); // // TCP control routines // /** * Suspends or resumes indicating of sends and receives for specified connection. * @param id Connection identifier * @param suspended TRUE(1) for suspend, FALSE(0) for resume **/ NFAPI_API NF_STATUS NFAPI_CC nf_tcpSetConnectionState(ENDPOINT_ID id, int suspended); /** * Sends the buffer to remote server via specified connection. * @param id Connection identifier * @param buf Pointer to data buffer * @param len Buffer length **/ NFAPI_API NF_STATUS NFAPI_CC nf_tcpPostSend(ENDPOINT_ID id, const char * buf, int len); /** * Indicates the buffer to local process via specified connection. * @param id Unique connection identifier * @param buf Pointer to data buffer * @param len Buffer length **/ NFAPI_API NF_STATUS NFAPI_CC nf_tcpPostReceive(ENDPOINT_ID id, const char * buf, int len); /** * Breaks the connection with given id. * @param id Connection identifier **/ NFAPI_API NF_STATUS NFAPI_CC nf_tcpClose(ENDPOINT_ID id); /** * Sets the timeout for TCP connections and returns old timeout. * @param timeout Timeout value in milliseconds. Specify zero value to disable timeouts. */ NFAPI_API unsigned long NFAPI_CC nf_setTCPTimeout(unsigned long timeout); /** * Disables indicating TCP packets to user mode for the specified endpoint * @param id Socket identifier */ NFAPI_API NF_STATUS NFAPI_CC nf_tcpDisableFiltering(ENDPOINT_ID id); // // UDP control routines // /** * Suspends or resumes indicating of sends and receives for specified socket. * @param id Socket identifier * @param suspended TRUE(1) for suspend, FALSE(0) for resume **/ NFAPI_API NF_STATUS NFAPI_CC nf_udpSetConnectionState(ENDPOINT_ID id, int suspended); /** * Sends the buffer to remote server via specified socket. * @param id Socket identifier * @param options UDP options * @param remoteAddress Destination address * @param buf Pointer to data buffer * @param len Buffer length **/ NFAPI_API NF_STATUS NFAPI_CC nf_udpPostSend(ENDPOINT_ID id, const unsigned char * remoteAddress, const char * buf, int len, PNF_UDP_OPTIONS options); /** * Indicates the buffer to local process via specified socket. * @param id Unique connection identifier * @param options UDP options * @param remoteAddress Source address * @param buf Pointer to data buffer * @param len Buffer length **/ NFAPI_API NF_STATUS NFAPI_CC nf_udpPostReceive(ENDPOINT_ID id, const unsigned char * remoteAddress, const char * buf, int len, PNF_UDP_OPTIONS options); /** * Disables indicating UDP packets to user mode for the specified endpoint * @param id Socket identifier */ NFAPI_API NF_STATUS NFAPI_CC nf_udpDisableFiltering(ENDPOINT_ID id); /** * Sends a packet to remote IP * @param buf Pointer to IP packet * @param len Buffer length * @param options IP options **/ NFAPI_API NF_STATUS NFAPI_CC nf_ipPostSend(const char * buf, int len, PNF_IP_PACKET_OPTIONS options); /** * Indicates a packet to TCP/IP stack * @param buf Pointer to IP packet * @param len Buffer length * @param options IP options **/ NFAPI_API NF_STATUS NFAPI_CC nf_ipPostReceive(const char * buf, int len, PNF_IP_PACKET_OPTIONS options); // // Filtering rules // /** * Add a rule to the head of rules list in driver. * @param pRule See NF_RULE * @param toHead TRUE (1) - add rule to list head, FALSE (0) - add rule to tail **/ NFAPI_API NF_STATUS NFAPI_CC nf_addRule(PNF_RULE pRule, int toHead); /** * Removes all rules from driver. **/ NFAPI_API NF_STATUS NFAPI_CC nf_deleteRules(); /** * Replace the rules in driver with the specified array. * @param pRules Array of NF_RULE structures * @param count Number of items in array **/ NFAPI_API NF_STATUS NFAPI_CC nf_setRules(PNF_RULE pRules, int count); /** * Add a rule to the head of rules list in driver. * @param pRule See NF_RULE_EX * @param toHead TRUE (1) - add rule to list head, FALSE (0) - add rule to tail **/ NFAPI_API NF_STATUS NFAPI_CC nf_addRuleEx(PNF_RULE_EX pRule, int toHead); /** * Replace the rules in driver with the specified array. * @param pRules Array of NF_RULE_EX structures * @param count Number of items in array **/ NFAPI_API NF_STATUS NFAPI_CC nf_setRulesEx(PNF_RULE_EX pRules, int count); // // Debug routine // NFAPI_API unsigned long NFAPI_CC nf_getConnCount(); NFAPI_API NF_STATUS NFAPI_CC nf_tcpSetSockOpt(ENDPOINT_ID id, int optname, const char* optval, int optlen); /** * Returns the process name for given process id * @param processId Process identifier * @param buf Buffer * @param len Buffer length **/ NFAPI_API BOOL NFAPI_CC nf_getProcessNameA(DWORD processId, char * buf, DWORD len); NFAPI_API BOOL NFAPI_CC nf_getProcessNameW(DWORD processId, wchar_t * buf, DWORD len); #ifdef UNICODE #define nf_getProcessName nf_getProcessNameW #else #define nf_getProcessName nf_getProcessNameA #endif NFAPI_API BOOL NFAPI_CC nf_getProcessNameFromKernel(DWORD processId, wchar_t * buf, DWORD len); /** * Allows the current process to see the names of all processes in system **/ NFAPI_API void NFAPI_CC nf_adjustProcessPriviledges(); /** * Returns TRUE if the specified process acts as a local proxy, accepting the redirected TCP connections. **/ NFAPI_API BOOL NFAPI_CC nf_tcpIsProxy(DWORD processId); /** * Set the number of worker threads and initialization flags. * The function should be called before nf_init. * By default nThreads = 1 and flags = 0 * @param nThreads Number of worker threads for NF_EventHandler events * @param flags A combination of flags from NF_FLAGS **/ NFAPI_API void NFAPI_CC nf_setOptions(DWORD nThreads, DWORD flags); /** * Complete TCP connect request pended using flag NF_PEND_CONNECT_REQUEST. **/ NFAPI_API NF_STATUS NFAPI_CC nf_completeTCPConnectRequest(ENDPOINT_ID id, PNF_TCP_CONN_INFO pConnInfo); /** * Complete UDP connect request pended using flag NF_PEND_CONNECT_REQUEST. **/ NFAPI_API NF_STATUS NFAPI_CC nf_completeUDPConnectRequest(ENDPOINT_ID id, PNF_UDP_CONN_REQUEST pConnInfo); /** * Returns in pConnInfo the properties of TCP connection with specified id. **/ NFAPI_API NF_STATUS NFAPI_CC nf_getTCPConnInfo(ENDPOINT_ID id, PNF_TCP_CONN_INFO pConnInfo); /** * Returns in pConnInfo the properties of UDP socket with specified id. **/ NFAPI_API NF_STATUS NFAPI_CC nf_getUDPConnInfo(ENDPOINT_ID id, PNF_UDP_CONN_INFO pConnInfo); /** * Set the event handler for IP filtering events */ NFAPI_API void NFAPI_CC nf_setIPEventHandler(NF_IPEventHandler * pHandler); /** * Add flow control context */ NFAPI_API NF_STATUS NFAPI_CC nf_addFlowCtl(PNF_FLOWCTL_DATA pData, unsigned int * pFcHandle); /** * Delete flow control context */ NFAPI_API NF_STATUS NFAPI_CC nf_deleteFlowCtl(unsigned int fcHandle); /** * Associate flow control context with TCP connection */ NFAPI_API NF_STATUS NFAPI_CC nf_setTCPFlowCtl(ENDPOINT_ID id, unsigned int fcHandle); /** * Associate flow control context with UDP socket */ NFAPI_API NF_STATUS NFAPI_CC nf_setUDPFlowCtl(ENDPOINT_ID id, unsigned int fcHandle); /** * Modify flow control context limits */ NFAPI_API NF_STATUS NFAPI_CC nf_modifyFlowCtl(unsigned int fcHandle, PNF_FLOWCTL_DATA pData); /** * Get flow control context statistics as the numbers of in/out bytes */ NFAPI_API NF_STATUS NFAPI_CC nf_getFlowCtlStat(unsigned int fcHandle, PNF_FLOWCTL_STAT pStat); /** * Get TCP connection statistics as the numbers of in/out bytes. * The function can be called only from tcpClosed handler! */ NFAPI_API NF_STATUS NFAPI_CC nf_getTCPStat(ENDPOINT_ID id, PNF_FLOWCTL_STAT pStat); /** * Get UDP socket statistics as the numbers of in/out bytes. * The function can be called only from udpClosed handler! */ NFAPI_API NF_STATUS NFAPI_CC nf_getUDPStat(ENDPOINT_ID id, PNF_FLOWCTL_STAT pStat); /** * Add binding rule to driver */ NFAPI_API NF_STATUS NFAPI_CC nf_addBindingRule(PNF_BINDING_RULE pRule, int toHead); /** * Delete all binding rules from driver */ NFAPI_API NF_STATUS NFAPI_CC nf_deleteBindingRules(); /** * Returns the type of attached driver (DT_WFP, DT_TDI or DT_UNKNOWN) */ NFAPI_API unsigned long NFAPI_CC nf_getDriverType(); #ifdef __cplusplus } #endif #endif