github.com/aporeto-inc/trireme-lib@v10.358.0+incompatible/utils/frontman/driver_windows.go (about) 1 // +build windows 2 3 package frontman 4 5 import ( 6 "syscall" 7 ) 8 9 // ABI represents the 'application binary interface' to the Frontman dll 10 type ABI interface { 11 FrontmanOpenShared() (uintptr, error) 12 GetDestInfo(driverHandle, socket, destInfo uintptr) (uintptr, error) 13 ApplyDestHandle(socket, destHandle uintptr) (uintptr, error) 14 FreeDestHandle(destHandle uintptr) (uintptr, error) 15 NewIpset(driverHandle, name, ipsetType, ipset uintptr) (uintptr, error) 16 GetIpset(driverHandle, name, ipset uintptr) (uintptr, error) 17 DestroyAllIpsets(driverHandle, prefix uintptr) (uintptr, error) 18 ListIpsets(driverHandle, ipsetNames, ipsetNamesSize, bytesReturned uintptr) (uintptr, error) 19 ListIpsetsDetail(driverHandle, format, ipsetNames, ipsetNamesSize, bytesReturned uintptr) (uintptr, error) 20 IpsetAdd(driverHandle, ipset, entry, timeout uintptr) (uintptr, error) 21 IpsetAddOption(driverHandle, ipset, entry, option, timeout uintptr) (uintptr, error) 22 IpsetDelete(driverHandle, ipset, entry uintptr) (uintptr, error) 23 IpsetDestroy(driverHandle, ipset uintptr) (uintptr, error) 24 IpsetFlush(driverHandle, ipset uintptr) (uintptr, error) 25 IpsetTest(driverHandle, ipset, entry uintptr) (uintptr, error) 26 PacketFilterStart(frontman, firewallName, receiveCallback, loggingCallback uintptr) (uintptr, error) 27 PacketFilterClose() (uintptr, error) 28 PacketFilterForward(info, packet uintptr) (uintptr, error) 29 AppendFilter(driverHandle, outbound, filterName, isGotoFilter uintptr) (uintptr, error) 30 InsertFilter(driverHandle, outbound, priority, filterName, isGotoFilter uintptr) (uintptr, error) 31 DestroyFilter(driverHandle, filterName uintptr) (uintptr, error) 32 EmptyFilter(driverHandle, filterName uintptr) (uintptr, error) 33 GetFilterList(driverHandle, outbound, buffer, bufferSize, bytesReturned uintptr) (uintptr, error) 34 AppendFilterCriteria(driverHandle, filterName, criteriaName, ruleSpec, ipsetRuleSpecs, ipsetRuleSpecCount uintptr) (uintptr, error) 35 DeleteFilterCriteria(driverHandle, filterName, criteriaName uintptr) (uintptr, error) 36 GetCriteriaList(driverHandle, format, criteriaList, criteriaListSize, bytesReturned uintptr) (uintptr, error) 37 } 38 39 type driver struct { 40 } 41 42 // Driver is actually the concrete calls into the Frontman dll, which call into the driver 43 var Driver = ABI(&driver{}) 44 45 func (d *driver) FrontmanOpenShared() (uintptr, error) { 46 ret, _, err := frontManOpenProc.Call() 47 if err == syscall.Errno(0) { 48 err = nil 49 } 50 return ret, err 51 } 52 53 func (d *driver) GetDestInfo(driverHandle, socket, destInfo uintptr) (uintptr, error) { 54 ret, _, err := getDestInfoProc.Call(driverHandle, socket, destInfo) 55 if err == syscall.Errno(0) { 56 err = nil 57 } 58 return ret, err 59 } 60 61 func (d *driver) ApplyDestHandle(socket, destHandle uintptr) (uintptr, error) { 62 ret, _, err := applyDestHandleProc.Call(socket, destHandle) 63 if err == syscall.Errno(0) { 64 err = nil 65 } 66 return ret, err 67 } 68 69 func (d *driver) FreeDestHandle(destHandle uintptr) (uintptr, error) { 70 ret, _, err := freeDestHandleProc.Call(destHandle) 71 if err == syscall.Errno(0) { 72 err = nil 73 } 74 return ret, err 75 } 76 77 func (d *driver) NewIpset(driverHandle, name, ipsetType, ipset uintptr) (uintptr, error) { 78 ret, _, err := newIpsetProc.Call(driverHandle, name, ipsetType, ipset) 79 if err == syscall.Errno(0) { 80 err = nil 81 } 82 return ret, err 83 } 84 85 func (d *driver) GetIpset(driverHandle, name, ipset uintptr) (uintptr, error) { 86 ret, _, err := getIpsetProc.Call(driverHandle, name, ipset) 87 if err == syscall.Errno(0) { 88 err = nil 89 } 90 return ret, err 91 } 92 93 func (d *driver) DestroyAllIpsets(driverHandle, prefix uintptr) (uintptr, error) { 94 ret, _, err := destroyAllIpsetsProc.Call(driverHandle, prefix) 95 if err == syscall.Errno(0) { 96 err = nil 97 } 98 return ret, err 99 } 100 101 func (d *driver) ListIpsets(driverHandle, ipsetNames, ipsetNamesSize, bytesReturned uintptr) (uintptr, error) { 102 ret, _, err := listIpsetsProc.Call(driverHandle, ipsetNames, ipsetNamesSize, bytesReturned) 103 if err == syscall.Errno(0) { 104 err = nil 105 } 106 return ret, err 107 } 108 109 func (d *driver) ListIpsetsDetail(driverHandle, format, ipsetNames, ipsetNamesSize, bytesReturned uintptr) (uintptr, error) { 110 ret, _, err := listIpsetsDetailProc.Call(driverHandle, format, ipsetNames, ipsetNamesSize, bytesReturned) 111 if err == syscall.Errno(0) { 112 err = nil 113 } 114 return ret, err 115 } 116 117 func (d *driver) IpsetAdd(driverHandle, ipset, entry, timeout uintptr) (uintptr, error) { 118 ret, _, err := ipsetAddProc.Call(driverHandle, ipset, entry, timeout) 119 if err == syscall.Errno(0) { 120 err = nil 121 } 122 return ret, err 123 } 124 125 func (d *driver) IpsetAddOption(driverHandle, ipset, entry, option, timeout uintptr) (uintptr, error) { 126 ret, _, err := ipsetAddOptionProc.Call(driverHandle, ipset, entry, option, timeout) 127 if err == syscall.Errno(0) { 128 err = nil 129 } 130 return ret, err 131 } 132 133 func (d *driver) IpsetDelete(driverHandle, ipset, entry uintptr) (uintptr, error) { 134 ret, _, err := ipsetDeleteProc.Call(driverHandle, ipset, entry) 135 if err == syscall.Errno(0) { 136 err = nil 137 } 138 return ret, err 139 } 140 141 func (d *driver) IpsetDestroy(driverHandle, ipset uintptr) (uintptr, error) { 142 ret, _, err := ipsetDestroyProc.Call(driverHandle, ipset) 143 if err == syscall.Errno(0) { 144 err = nil 145 } 146 return ret, err 147 } 148 149 func (d *driver) IpsetFlush(driverHandle, ipset uintptr) (uintptr, error) { 150 ret, _, err := ipsetFlushProc.Call(driverHandle, ipset) 151 if err == syscall.Errno(0) { 152 err = nil 153 } 154 return ret, err 155 } 156 157 func (d *driver) IpsetTest(driverHandle, ipset, entry uintptr) (uintptr, error) { 158 ret, _, err := ipsetTestProc.Call(driverHandle, ipset, entry) 159 if err == syscall.Errno(0) { 160 err = nil 161 } 162 return ret, err 163 } 164 165 func (d *driver) PacketFilterStart(frontman, firewallName, receiveCallback, loggingCallback uintptr) (uintptr, error) { 166 ret, _, err := packetFilterStartProc.Call(frontman, firewallName, receiveCallback, loggingCallback) 167 if err == syscall.Errno(0) { 168 err = nil 169 } 170 return ret, err 171 } 172 173 func (d *driver) PacketFilterClose() (uintptr, error) { 174 ret, _, err := packetFilterCloseProc.Call() 175 if err == syscall.Errno(0) { 176 err = nil 177 } 178 return ret, err 179 } 180 181 func (d *driver) PacketFilterForward(info, packet uintptr) (uintptr, error) { 182 ret, _, err := packetFilterForwardProc.Call(info, packet) 183 if err == syscall.Errno(0) { 184 err = nil 185 } 186 return ret, err 187 } 188 189 func (d *driver) AppendFilter(driverHandle, outbound, filterName, isGotoFilter uintptr) (uintptr, error) { 190 ret, _, err := appendFilterProc.Call(driverHandle, outbound, filterName, isGotoFilter) 191 if err == syscall.Errno(0) { 192 err = nil 193 } 194 return ret, err 195 } 196 197 func (d *driver) InsertFilter(driverHandle, outbound, priority, filterName, isGotoFilter uintptr) (uintptr, error) { 198 ret, _, err := insertFilterProc.Call(driverHandle, outbound, priority, filterName, isGotoFilter) 199 if err == syscall.Errno(0) { 200 err = nil 201 } 202 return ret, err 203 } 204 205 func (d *driver) DestroyFilter(driverHandle, filterName uintptr) (uintptr, error) { 206 ret, _, err := destroyFilterProc.Call(driverHandle, filterName) 207 if err == syscall.Errno(0) { 208 err = nil 209 } 210 return ret, err 211 } 212 213 func (d *driver) EmptyFilter(driverHandle, filterName uintptr) (uintptr, error) { 214 ret, _, err := emptyFilterProc.Call(driverHandle, filterName) 215 if err == syscall.Errno(0) { 216 err = nil 217 } 218 return ret, err 219 } 220 221 func (d *driver) GetFilterList(driverHandle, outbound, buffer, bufferSize, bytesReturned uintptr) (uintptr, error) { 222 ret, _, err := getFilterListProc.Call(driverHandle, outbound, buffer, bufferSize, bytesReturned) 223 if err == syscall.Errno(0) { 224 err = nil 225 } 226 return ret, err 227 } 228 229 func (d *driver) AppendFilterCriteria(driverHandle, filterName, criteriaName, ruleSpec, ipsetRuleSpecs, ipsetRuleSpecCount uintptr) (uintptr, error) { 230 ret, _, err := appendFilterCriteriaProc.Call(driverHandle, filterName, criteriaName, ruleSpec, ipsetRuleSpecs, ipsetRuleSpecCount) 231 if err == syscall.Errno(0) { 232 err = nil 233 } 234 return ret, err 235 } 236 237 func (d *driver) DeleteFilterCriteria(driverHandle, filterName, criteriaName uintptr) (uintptr, error) { 238 ret, _, err := deleteFilterCriteriaProc.Call(driverHandle, filterName, criteriaName) 239 if err == syscall.Errno(0) { 240 err = nil 241 } 242 return ret, err 243 } 244 245 func (d *driver) GetCriteriaList(driverHandle, format, criteriaList, criteriaListSize, bytesReturned uintptr) (uintptr, error) { 246 ret, _, err := getCriteriaListProc.Call(driverHandle, format, criteriaList, criteriaListSize, bytesReturned) 247 if err == syscall.Errno(0) { 248 err = nil 249 } 250 return ret, err 251 } 252 253 // Frontman.dll procs to be called from Go 254 var ( 255 driverDll = syscall.NewLazyDLL("Frontman.dll") 256 frontManOpenProc = driverDll.NewProc("FrontmanOpenShared") 257 258 // Frontman procs needed for app proxy. The pattern to follow is 259 // - call FrontmanGetDestInfo to get original ip/port 260 // - create new proxy socket 261 // - call FrontmanApplyDestHandle to update WFP redirect data 262 // - connect on the new proxy socket 263 // - free kernel data by calling FrontmanFreeDestHandle 264 getDestInfoProc = driverDll.NewProc("FrontmanGetDestInfo") 265 applyDestHandleProc = driverDll.NewProc("FrontmanApplyDestHandle") 266 freeDestHandleProc = driverDll.NewProc("FrontmanFreeDestHandle") 267 268 newIpsetProc = driverDll.NewProc("IpsetProvider_NewIpset") 269 getIpsetProc = driverDll.NewProc("IpsetProvider_GetIpset") 270 destroyAllIpsetsProc = driverDll.NewProc("IpsetProvider_DestroyAll") 271 listIpsetsProc = driverDll.NewProc("IpsetProvider_ListIPSets") 272 listIpsetsDetailProc = driverDll.NewProc("IpsetProvider_ListIPSetsDetail") 273 ipsetAddProc = driverDll.NewProc("Ipset_Add") 274 ipsetAddOptionProc = driverDll.NewProc("Ipset_AddOption") 275 ipsetDeleteProc = driverDll.NewProc("Ipset_Delete") 276 ipsetDestroyProc = driverDll.NewProc("Ipset_Destroy") 277 ipsetFlushProc = driverDll.NewProc("Ipset_Flush") 278 ipsetTestProc = driverDll.NewProc("Ipset_Test") 279 280 packetFilterStartProc = driverDll.NewProc("PacketFilterStart") 281 packetFilterCloseProc = driverDll.NewProc("PacketFilterClose") 282 packetFilterForwardProc = driverDll.NewProc("PacketFilterForwardPacket") 283 284 appendFilterProc = driverDll.NewProc("AppendFilter") 285 insertFilterProc = driverDll.NewProc("InsertFilter") 286 destroyFilterProc = driverDll.NewProc("DestroyFilter") 287 emptyFilterProc = driverDll.NewProc("EmptyFilter") 288 getFilterListProc = driverDll.NewProc("GetFilterList") 289 appendFilterCriteriaProc = driverDll.NewProc("AppendFilterCriteria") 290 deleteFilterCriteriaProc = driverDll.NewProc("DeleteFilterCriteria") 291 getCriteriaListProc = driverDll.NewProc("GetCriteriaList") 292 ) 293 294 // See frontmanIO.h for #defines 295 const ( 296 FilterActionContinue = iota 297 FilterActionAllow 298 FilterActionBlock 299 FilterActionProxy 300 FilterActionNfq 301 FilterActionForceNfq 302 FilterActionAllowOnce 303 FilterActionGotoFilter 304 FilterActionSetMark 305 ) 306 307 // See frontmanIO.h for #defines 308 const ( 309 BytesMatchStartIPHeader = iota + 1 310 BytesMatchStartProtocolHeader 311 BytesMatchStartPayload 312 ) 313 314 // ProcessMatch constants 315 const ( 316 ProcessMatchProcess = iota + 1 // Match the process id 317 ProcessMatchChildren // Match the child processes 318 ) 319 320 // See Filter_set.h 321 const ( 322 CriteriaListFormatString = iota + 1 323 CriteriaListFormatJSON 324 ) 325 326 // See Ipset.h 327 const ( 328 IpsetsDetailFormatString = iota + 1 329 IpsetsDetailFormatJSON 330 ) 331 332 // See frontmanIO.h 333 const ( 334 MatchTypeMatch = uint8(1) 335 MatchTypeNoMatch = uint8(2) 336 ) 337 338 // See frontmanIO.h 339 const ( 340 IPVersionAny = uint8(0) // Rule is for Ipv4 or Ipv6 341 IPVersion4 = uint8(1) // Rule is just for Ipv4 342 IPVersion6 = uint8(2) // Rule is just for Ipv6 343 ) 344 345 // DestInfo mirrors frontman's DEST_INFO struct 346 type DestInfo struct { 347 IPAddr *uint16 // WCHAR* IPAddress Destination address allocated and will be free by FrontmanFreeDestHandle 348 Port uint16 // USHORT Port Destination port 349 Outbound int32 // INT32 Outbound Whether or not this is an outbound or inbound connection 350 ProcessID uint64 // UINT64 ProcessId Process id. Only available for outbound connections 351 DestHandle uintptr // LPVOID DestHandle Handle to memory that must be freed by called ProxyDestConnected when connection is established. 352 } 353 354 // PacketInfo mirrors frontman's FRONTMAN_PACKET_INFO struct 355 type PacketInfo struct { 356 Ipv4 uint8 357 Protocol uint8 358 Outbound uint8 359 Drop uint8 360 IgnoreFlow uint8 361 HandleLoopback uint8 // Not to be set by go code, but is for outbound loopback packets 362 NewPacket uint8 // Set to 1 if packet did not originate from the driver. 363 NoPidMatchOnFlow uint8 // Set to 1 to ignore process ID rule matches. 364 DropFlow uint8 365 SetMark uint8 366 Reserved [2]uint8 367 SetMarkValue uint32 368 LocalPort uint16 369 RemotePort uint16 370 LocalAddr [4]uint32 371 RemoteAddr [4]uint32 372 IfIdx uint32 373 SubIfIdx uint32 374 CompartmentID uint32 375 PacketSize uint32 376 Mark uint32 377 StartTimeReceivedFromNetwork uint64 378 StartTimeSentToUserLand uint64 379 } 380 381 // LogPacketInfo mirrors frontman's FRONTMAN_LOG_PACKET_INFO struct 382 type LogPacketInfo struct { 383 Ipv4 uint8 384 Protocol uint8 385 Outbound uint8 386 Reserved1 uint8 387 LocalPort uint16 388 RemotePort uint16 389 LocalAddr [4]uint32 390 RemoteAddr [4]uint32 391 PacketSize uint32 392 GroupID uint32 393 LogPrefix [64]uint16 394 } 395 396 // IpsetRuleSpec mirrors frontman's IPSET_RULE_SPEC struct 397 type IpsetRuleSpec struct { 398 NotIpset uint8 399 IpsetDstIP uint8 400 IpsetDstPort uint8 401 IpsetSrcIP uint8 402 IpsetSrcPort uint8 403 Reserved1 uint8 404 Reserved2 uint8 405 Reserved3 uint8 406 IpsetName uintptr // const wchar_t* 407 } 408 409 // PortRange mirrors frontman's PORT_RANGE struct 410 type PortRange struct { 411 PortStart uint16 412 PortEnd uint16 413 } 414 415 // IcmpRange mirrors frontman's ICMP_RANGE struct 416 type IcmpRange struct { 417 IcmpTypeSpecified uint8 418 IcmpType uint8 419 IcmpCodeSpecified uint8 420 IcmpCodeLower uint8 421 IcmpCodeUpper uint8 422 } 423 424 // RuleSpec mirrors frontman's RULE_SPEC struct 425 type RuleSpec struct { 426 Action uint8 427 Log uint8 428 Protocol uint8 429 ProtocolSpecified uint8 430 AleAuthConnect uint8 // not used by us 431 ProcessFlags uint8 // See frontmanIO.h bit mask PROCESS_MATCH_PROCESS and/or PROCESS_MATCH_CHILDREN 432 TCPFlags uint8 433 TCPFlagsMask uint8 434 TCPFlagsSpecified uint8 435 TCPOption uint8 436 TCPOptionSpecified uint8 437 CompartmentIDSpecified uint8 438 BytesNoMatch uint8 439 FlowMarkMatchType uint8 // MATCH_TYPE_MATCH = 1 MATCH_TYPE_NOMATCH = 2 440 IPVersionMatch uint8 // IP_VERSION_ANY, IP_VERSION_4, or IP_VERSION_6 441 Reserved uint8 442 FlowMark uint32 443 CompartmentID uint32 444 IcmpRanges *IcmpRange 445 IcmpRangeCount int32 446 ProxyPort uint16 447 BytesMatchStart int16 // See frontmanIO.h for BYTESMATCH defines. 448 BytesMatchOffset int32 449 BytesMatchSize int32 450 BytesMatch *byte 451 Mark uint32 452 GroupID uint32 453 SrcPortCount int32 454 DstPortCount int32 455 SrcPorts *PortRange 456 DstPorts *PortRange 457 LogPrefix uintptr // const wchar_t* 458 Application uintptr // const wchar_t* 459 ProcessID uint64 460 GotoFilterName uintptr // const wchar_t* 461 }