technikempire / divert.net Goto Github PK

.NET Wrapper for WinDivert

License: MIT License

C++ 87.17% C 0.05% C# 12.78%

windivert packet-analyser packet-capture packet-sniffer packet-processing packet-generator packets packet

divert.net's Introduction

Notice

You may be interested in my other project, which is a simple PInvoke class for WinDivert. It does require unsafe code, but it's much less hassle than using this library. You can find it here on github.

Divert.Net

.NET Wrapper for WinDivert, available under the very permissive MIT License. It should be noted that the library that this project wraps, WinDivert, is licensed differently. Don't forget to respect the license of WinDivert.

Goals

Wrap WinDivert in a managed, easy to use CLR library.
Provide helpful extensions for commonly desired tasks, such as the ability to identify the process behind a packet flow.
Win?

The tests from WinDivert have been ported and all tests are passing. First release coming soon with an upload to nuget.

Before trying to build, there's a very small amount of configuration required, all of which is explained on the Wiki page.

divert.net's People

Contributors

Stargazers

Watchers

Forkers

huzeyfecoskun dason2u ming-hai endeffects santoshmenon mbpakalin get-git-backup doctorcode-org asdlei99

divert.net's Issues

Changing Destination IP address in the received packet

Hi admin,
Following is the scenario I am trying to do.

I have two machines one is an application machine (IP: 192.168.0.17) and other DB machine (IP: 192.168.0.173) (1433 port) (Both are windows 2012).
I have configured the application with correct db machine IP,it works(normal)
Now i have configured invalid DB machine IP (IP: 192.168.0.177) with the application(application wont work).

Under these assumptions I am trying to change the incorrect IP of the destination machine Using Driver.net and WinDivert

Able to do the following

Created a sample application( based on Windivert sample from @TechnikEmpire ) to receive the packets destined for the remote machine and I was able to change the incorrect IP with Correct IP?

How I can send the modified packet to the network, so the appliation works as expected?
Any helps how i can achieve this? I am new to Driver.net?

Looking forward for info....

MyCode:

class Program
{
static void Main(string[] args)
{

        bool running = true;

        Console.CancelKeyPress += delegate
        {
            running = false;
        };

        Diversion diversion;

        Diversion diversionforward;


        String filter = "outbound && tcp.DstPort == 1433";

        try
        {
            diversion = Diversion.Open(filter, DivertLayer.Network, -1000, 0);
        }
        catch (Exception e)
        {
            Console.WriteLine(e.Message);
            return;
        }

        if (!diversion.Handle.Valid)
        {
            Console.WriteLine("Failed to open divert handle with error {0}", System.Runtime.InteropServices.Marshal.GetLastWin32Error());
            return;
        }

        IPHeader ipHeader = new IPHeader();
        IPv6Header ipv6Header = new IPv6Header();
        ICMPHeader icmpHeader = new ICMPHeader();
        ICMPv6Header icmpv6Header = new ICMPv6Header();
        TCPHeader tcpHeader = new TCPHeader();
        UDPHeader udpHeader = new UDPHeader();

        Address address = new Address();

        byte[] buffer = new byte[65535];

        uint receiveLength = 0;
        uint sendLength = 0;

        string processName;

        uint pid = 0;

        while (running)
        {
            pid = 0;

            receiveLength = 0;
            sendLength = 0;

            if (!diversion.Receive(buffer, address, ref receiveLength))
            {
                Console.WriteLine("Failed to receive packet with error {0}", System.Runtime.InteropServices.Marshal.GetLastWin32Error());
                continue;
            }

            diversion.ParsePacket(buffer, receiveLength, ipHeader, ipv6Header, icmpHeader, icmpv6Header, tcpHeader, udpHeader);

            if (ipHeader.Valid && tcpHeader.Valid)
            {
                Diversion.GetPacketProcess(address, tcpHeader, ipHeader, ref pid, out processName);

                // FILTERING AREA STARTS*************************

                if (ipHeader.DestinationAddress.ToString().Contains("192.168.0.177"))
                {
                    diversionforward = Diversion.Open(filter, DivertLayer.NetworkForward, 0, 0);

                    if (tcpHeader.DestinationPort == 1433)
                    {
                        ipHeader.DestinationAddress = IPAddress.Parse("192.168.0.173"); //Ip of the local machine


                        if (address.Direction == DivertDirection.Outbound)
                        {
                            diversionforward.CalculateChecksums(buffer, receiveLength, 0);
                        }

                        diversionforward.SendAsync(buffer, receiveLength, address, ref sendLength);

                        diversionforward.Close();
                        continue;
                    }



                }
                // FILTERING AREA ENDS*************************


                if (address.Direction == DivertDirection.Outbound)
                {
                    diversion.CalculateChecksums(buffer, receiveLength, 0);
                }

                diversion.SendAsync(buffer, receiveLength, address, ref sendLength);
            }

            diversion.Close();
        }


    }
}

I have attached the sample project along with the issue
ConsoleApp1.zip

Improper conversion of IPV6 Addresses?

Possible improper conversion of IPV6 addresses in IPv6Header::DestinationAddress::get/set.

.net core

Hi !

I want to know : Can we use Divert dot net with .net core ?
If we can, there is something special to do ?

Thank's.

TcpHeader.HeaderLength incorrect

DivertAsyncResult with send (and receive)

In the DivertTests the DivertAsyncResult is used, which works.
However, I cannot get DivertAsyncResult to work in the NetDump example, it keeps failing with error code 87 (invalid parameter).

I modified the Send with:

var divertAsyncResult = new DivertAsyncResult();
if (!diversion.SendAsync(buffer, receiveLength, address, ref sendLength, divertAsyncResult))
{
         if (!divertAsyncResult.NoError)
             Console.WriteLine(divertAsyncResult.ErrorCode);

         if (!divertAsyncResult.Get(250))
             Console.WriteLine(divertAsyncResult.ErrorCode);
 }

This is identical to the code from DivertTests but that's using a combination of different filters and divert handles. Am I doing something wrong or how can I adapt this?

What is interesting is that ReceiveAsync seems to work just fine.

Not working

Fehler C3861 "WinDivertHelperCheckFilter": Bezeichner wurde nicht gefunden. Divert.Net F:\Divert.Net-master\Divert.Net-master\src\Diversion.cpp 142
Fehler C3861 "WinDivertHelperEvalFilter": Bezeichner wurde nicht gefunden. Divert.Net F:\Divert.Net-master\Divert.Net-master\src\Diversion.cpp 178

I am not able to run the example at all, because of the missing Divert.Net DLL.
But I am also not able to compile the Divert.Net Dll from the project.

Use this as a TCP Proxy/Redirector

Can I use this package to create my TCP redirector (similar to a proxy and a load balancer) without worrying about SYN and ACK value calculations?

Cannot build in x86

I am getting linker errors in while building in x86.
x64 is working fine.

Visual studio 2015 Professional.

1>------ Build started: Project: Divert.Net, Configuration: Release x86 Win32 ------
1>Diversion.obj : error LNK2028: unresolved token (0A000491) "extern "C" int __cdecl WinDivertSetParam(void *,enum WINDIVERT_PARAM,unsigned __int64)" (?WinDivertSetParam@@$$J0YAHPAXW4WINDIVERT_PARAM@@_K@Z) referenced in function "public: bool __clrcall Divert::Net::Diversion::SetParam(enum Divert::Net::DivertParam,unsigned __int64)" (?SetParam@Diversion@Net@Divert@@$$FQ$AAM_NW4DivertParam@23@_K@Z)
1>Diversion.obj : error LNK2028: unresolved token (0A0004C3) "extern "C" int __cdecl WinDivertHelperCheckFilter(char const *,enum WINDIVERT_LAYER,char const * *,unsigned int *)" (?WinDivertHelperCheckFilter@@$$J0YAHPBDW4WINDIVERT_LAYER@@PAPBDPAI@Z) referenced in function "public: static bool __clrcall Divert::Net::Diversion::ValidateFilter(class System::String ^,enum Divert::Net::DivertLayer,class System::String ^ %)" (?ValidateFilter@Diversion@Net@Divert@@$$FSM_NP$AAVString@System@@W4DivertLayer@23@A$CAP$AAV45@@z)
1>Diversion.obj : error LNK2028: unresolved token (0A0004C6) "extern "C" int __cdecl WinDivertRecv(void *,void *,unsigned int,struct WINDIVERT_ADDRESS *,unsigned int *)" (?WinDivertRecv@@$$J0YAHPAX0IPAUWINDIVERT_ADDRESS@@pai@Z) referenced in function "public: bool __clrcall Divert::Net::Diversion::Receive(cli::array^,class Divert::Net::Address ^,unsigned int %)" (?Receive@Diversion@Net@Divert@@$$FQ$AAM_NP$01AEP$AAVAddress@23@A$CAI@Z)
1>Diversion.obj : error LNK2028: unresolved token (0A0004F4) "extern "C" void * __cdecl WinDivertOpen(char const *,enum WINDIVERT_LAYER,short,unsigned __int64)" (?WinDivertOpen@@$$J0YAPAXPBDW4WINDIVERT_LAYER@@F_K@Z) referenced in function "public: static class Divert::Net::Diversion ^ __clrcall Divert::Net::Diversion::Open(class System::String ^,enum Divert::Net::DivertLayer,short,enum Divert::Net::FilterFlags)" (?Open@Diversion@Net@Divert@@$$FSMP$AAV123@P$AAVString@System@@W4DivertLayer@23@FW4FilterFlags@23@@z)
1>Diversion.obj : error LNK2028: unresolved token (0A0004F9) "extern "C" unsigned int __cdecl WinDivertHelperCalcChecksums(void *,unsigned int,unsigned __int64)" (?WinDivertHelperCalcChecksums@@$$J0YAIPAXI_K@Z) referenced in function "public: unsigned int __clrcall Divert::Net::Diversion::CalculateChecksums(cli::array^,unsigned int,enum Divert::Net::ChecksumCalculationFlags)" (?CalculateChecksums@Diversion@Net@Divert@@$$FQ$AAMIP$01AEIW4ChecksumCalculationFlags@23@@z)
1>Diversion.obj : error LNK2028: unresolved token (0A000510) "extern "C" int __cdecl WinDivertSend(void *,void *,unsigned int,struct WINDIVERT_ADDRESS *,unsigned int *)" (?WinDivertSend@@$$J0YAHPAX0IPAUWINDIVERT_ADDRESS@@pai@Z) referenced in function "public: bool __clrcall Divert::Net::Diversion::Send(cli::array^,unsigned int,class Divert::Net::Address ^,unsigned int %)" (?Send@Diversion@Net@Divert@@$$FQ$AAM_NP$01AEIP$AAVAddress@23@A$CAI@Z)
1>Diversion.obj : error LNK2028: unresolved token (0A000511) "extern "C" int __cdecl WinDivertHelperParsePacket(void *,unsigned int,struct WINDIVERT_IPHDR * *,struct WINDIVERT_IPV6HDR * *,struct WINDIVERT_ICMPHDR * *,struct WINDIVERT_ICMPV6HDR * *,struct WINDIVERT_TCPHDR * *,struct WINDIVERT_UDPHDR * *,void * *,unsigned int *)" (?WinDivertHelperParsePacket@@$$J0YAHPAXIPAPAUWINDIVERT_IPHDR@@PAPAUWINDIVERT_IPV6HDR@@PAPAUWINDIVERT_ICMPHDR@@PAPAUWINDIVERT_ICMPV6HDR@@PAPAUWINDIVERT_TCPHDR@@PAPAUWINDIVERT_UDPHDR@@PAPAXPAI@Z) referenced in function "public: bool __clrcall Divert::Net::Diversion::ParsePacket(cli::array^,unsigned int,class Divert::Net::IPHeader ^,class Divert::Net::IPv6Header ^,class Divert::Net::ICMPHeader ^,class Divert::Net::ICMPv6Header ^,class Divert::Net::TCPHeader ^,class Divert::Net::UDPHeader ^)" (?ParsePacket@Diversion@Net@Divert@@$$FQ$AAM_NP$01AEIP$AAVIPHeader@23@P$AAVIPv6Header@23@P$AAVICMPHeader@23@P$AAVICMPv6Header@23@P$AAVTCPHeader@23@P$AAVUDPHeader@23@@z)
1>Diversion.obj : error LNK2028: unresolved token (0A00054D) "extern "C" int __cdecl WinDivertGetParam(void *,enum WINDIVERT_PARAM,unsigned __int64 *)" (?WinDivertGetParam@@$$J0YAHPAXW4WINDIVERT_PARAM@@PA_K@Z) referenced in function "public: bool __clrcall Divert::Net::Diversion::GetParam(enum Divert::Net::DivertParam,unsigned __int64 %)" (?GetParam@Diversion@Net@Divert@@$$FQ$AAM_NW4DivertParam@23@A$CA_K@Z)
1>Diversion.obj : error LNK2028: unresolved token (0A00059E) "extern "C" int __cdecl WinDivertSendEx(void *,void *,unsigned int,unsigned __int64,struct WINDIVERT_ADDRESS *,unsigned int *,struct _OVERLAPPED *)" (?WinDivertSendEx@@$$J0YAHPAX0I_KPAUWINDIVERT_ADDRESS@@PAIPAU_OVERLAPPED@@@z) referenced in function "public: bool __clrcall Divert::Net::Diversion::SendAsync(cli::array^,unsigned int,class Divert::Net::Address ^,unsigned int %,class Divert::Net::DivertAsyncResult ^)" (?SendAsync@Diversion@Net@Divert@@$$FQ$AAM_NP$01AEIP$AAVAddress@23@A$CAIP$AAVDivertAsyncResult@23@@z)
1>Diversion.obj : error LNK2028: unresolved token (0A0005AE) "extern "C" int __cdecl WinDivertHelperEvalFilter(char const *,enum WINDIVERT_LAYER,void *,unsigned int,struct WINDIVERT_ADDRESS *)" (?WinDivertHelperEvalFilter@@$$J0YAHPBDW4WINDIVERT_LAYER@@PAXIPAUWINDIVERT_ADDRESS@@@z) referenced in function "public: static bool __clrcall Divert::Net::Diversion::EvaluateFilter(class System::String ^,enum Divert::Net::DivertLayer,cli::array^,unsigned int,class Divert::Net::Address ^)" (?EvaluateFilter@Diversion@Net@Divert@@$$FSM_NP$AAVString@System@@W4DivertLayer@23@P$01AEIP$AAVAddress@23@@z)
1>Diversion.obj : error LNK2028: unresolved token (0A0005B3) "extern "C" int __cdecl WinDivertRecvEx(void *,void *,unsigned int,unsigned __int64,struct WINDIVERT_ADDRESS *,unsigned int *,struct _OVERLAPPED *)" (?WinDivertRecvEx@@$$J0YAHPAX0I_KPAUWINDIVERT_ADDRESS@@PAIPAU_OVERLAPPED@@@z) referenced in function "public: bool __clrcall Divert::Net::Diversion::ReceiveAsync(cli::array^,class Divert::Net::Address ^,unsigned int %,class Divert::Net::DivertAsyncResult ^)" (?ReceiveAsync@Diversion@Net@Divert@@$$FQ$AAM_NP$01AEP$AAVAddress@23@A$CAIP$AAVDivertAsyncResult@23@@z)
1>DivertHandle.obj : error LNK2028: unresolved token (0A00003C) "extern "C" int __cdecl WinDivertClose(void *)" (?WinDivertClose@@$$J0YAHPAX@Z) referenced in function "public: bool __clrcall Divert::Net::DivertHandle::Close(void)" (?Close@DivertHandle@Net@Divert@@$$FQ$AAM_NXZ)
1>Diversion.obj : error LNK2019: unresolved external symbol "extern "C" int __cdecl WinDivertHelperCheckFilter(char const *,enum WINDIVERT_LAYER,char const * *,unsigned int *)" (?WinDivertHelperCheckFilter@@$$J0YAHPBDW4WINDIVERT_LAYER@@PAPBDPAI@Z) referenced in function "public: static bool __clrcall Divert::Net::Diversion::ValidateFilter(class System::String ^,enum Divert::Net::DivertLayer,class System::String ^ %)" (?ValidateFilter@Diversion@Net@Divert@@$$FSM_NP$AAVString@System@@W4DivertLayer@23@A$CAP$AAV45@@z)
1>Diversion.obj : error LNK2019: unresolved external symbol "extern "C" int __cdecl WinDivertHelperEvalFilter(char const *,enum WINDIVERT_LAYER,void *,unsigned int,struct WINDIVERT_ADDRESS *)" (?WinDivertHelperEvalFilter@@$$J0YAHPBDW4WINDIVERT_LAYER@@PAXIPAUWINDIVERT_ADDRESS@@@z) referenced in function "public: static bool __clrcall Divert::Net::Diversion::EvaluateFilter(class System::String ^,enum Divert::Net::DivertLayer,cli::array^,unsigned int,class Divert::Net::Address ^)" (?EvaluateFilter@Diversion@Net@Divert@@$$FSM_NP$AAVString@System@@W4DivertLayer@23@P$01AEIP$AAVAddress@23@@z)
1>Diversion.obj : error LNK2019: unresolved external symbol "extern "C" int __cdecl WinDivertRecv(void *,void *,unsigned int,struct WINDIVERT_ADDRESS *,unsigned int *)" (?WinDivertRecv@@$$J0YAHPAX0IPAUWINDIVERT_ADDRESS@@pai@Z) referenced in function "public: bool __clrcall Divert::Net::Diversion::Receive(cli::array^,class Divert::Net::Address ^,unsigned int %)" (?Receive@Diversion@Net@Divert@@$$FQ$AAM_NP$01AEP$AAVAddress@23@A$CAI@Z)
1>Diversion.obj : error LNK2019: unresolved external symbol "extern "C" int __cdecl WinDivertRecvEx(void *,void *,unsigned int,unsigned __int64,struct WINDIVERT_ADDRESS *,unsigned int *,struct _OVERLAPPED *)" (?WinDivertRecvEx@@$$J0YAHPAX0I_KPAUWINDIVERT_ADDRESS@@PAIPAU_OVERLAPPED@@@z) referenced in function "public: bool __clrcall Divert::Net::Diversion::ReceiveAsync(cli::array^,class Divert::Net::Address ^,unsigned int %,class Divert::Net::DivertAsyncResult ^)" (?ReceiveAsync@Diversion@Net@Divert@@$$FQ$AAM_NP$01AEP$AAVAddress@23@A$CAIP$AAVDivertAsyncResult@23@@z)
1>Diversion.obj : error LNK2019: unresolved external symbol "extern "C" int __cdecl WinDivertSend(void *,void *,unsigned int,struct WINDIVERT_ADDRESS *,unsigned int *)" (?WinDivertSend@@$$J0YAHPAX0IPAUWINDIVERT_ADDRESS@@pai@Z) referenced in function "public: bool __clrcall Divert::Net::Diversion::Send(cli::array^,unsigned int,class Divert::Net::Address ^,unsigned int %)" (?Send@Diversion@Net@Divert@@$$FQ$AAM_NP$01AEIP$AAVAddress@23@A$CAI@Z)
1>Diversion.obj : error LNK2019: unresolved external symbol "extern "C" int __cdecl WinDivertSendEx(void *,void *,unsigned int,unsigned __int64,struct WINDIVERT_ADDRESS *,unsigned int *,struct _OVERLAPPED *)" (?WinDivertSendEx@@$$J0YAHPAX0I_KPAUWINDIVERT_ADDRESS@@PAIPAU_OVERLAPPED@@@z) referenced in function "public: bool __clrcall Divert::Net::Diversion::SendAsync(cli::array^,unsigned int,class Divert::Net::Address ^,unsigned int %,class Divert::Net::DivertAsyncResult ^)" (?SendAsync@Diversion@Net@Divert@@$$FQ$AAM_NP$01AEIP$AAVAddress@23@A$CAIP$AAVDivertAsyncResult@23@@z)
1>Diversion.obj : error LNK2019: unresolved external symbol "extern "C" int __cdecl WinDivertSetParam(void *,enum WINDIVERT_PARAM,unsigned __int64)" (?WinDivertSetParam@@$$J0YAHPAXW4WINDIVERT_PARAM@@_K@Z) referenced in function "public: bool __clrcall Divert::Net::Diversion::SetParam(enum Divert::Net::DivertParam,unsigned __int64)" (?SetParam@Diversion@Net@Divert@@$$FQ$AAM_NW4DivertParam@23@_K@Z)
1>Diversion.obj : error LNK2019: unresolved external symbol "extern "C" int __cdecl WinDivertGetParam(void *,enum WINDIVERT_PARAM,unsigned __int64 *)" (?WinDivertGetParam@@$$J0YAHPAXW4WINDIVERT_PARAM@@PA_K@Z) referenced in function "public: bool __clrcall Divert::Net::Diversion::GetParam(enum Divert::Net::DivertParam,unsigned __int64 %)" (?GetParam@Diversion@Net@Divert@@$$FQ$AAM_NW4DivertParam@23@A$CA_K@Z)
1>Diversion.obj : error LNK2019: unresolved external symbol "extern "C" int __cdecl WinDivertHelperParsePacket(void *,unsigned int,struct WINDIVERT_IPHDR * *,struct WINDIVERT_IPV6HDR * *,struct WINDIVERT_ICMPHDR * *,struct WINDIVERT_ICMPV6HDR * *,struct WINDIVERT_TCPHDR * *,struct WINDIVERT_UDPHDR * *,void * *,unsigned int *)" (?WinDivertHelperParsePacket@@$$J0YAHPAXIPAPAUWINDIVERT_IPHDR@@PAPAUWINDIVERT_IPV6HDR@@PAPAUWINDIVERT_ICMPHDR@@PAPAUWINDIVERT_ICMPV6HDR@@PAPAUWINDIVERT_TCPHDR@@PAPAUWINDIVERT_UDPHDR@@PAPAXPAI@Z) referenced in function "public: bool __clrcall Divert::Net::Diversion::ParsePacket(cli::array^,unsigned int,class Divert::Net::IPHeader ^,class Divert::Net::IPv6Header ^,class Divert::Net::ICMPHeader ^,class Divert::Net::ICMPv6Header ^,class Divert::Net::TCPHeader ^,class Divert::Net::UDPHeader ^)" (?ParsePacket@Diversion@Net@Divert@@$$FQ$AAM_NP$01AEIP$AAVIPHeader@23@P$AAVIPv6Header@23@P$AAVICMPHeader@23@P$AAVICMPv6Header@23@P$AAVTCPHeader@23@P$AAVUDPHeader@23@@z)
1>Diversion.obj : error LNK2019: unresolved external symbol "extern "C" unsigned int __cdecl WinDivertHelperCalcChecksums(void *,unsigned int,unsigned __int64)" (?WinDivertHelperCalcChecksums@@$$J0YAIPAXI_K@Z) referenced in function "public: unsigned int __clrcall Divert::Net::Diversion::CalculateChecksums(cli::array^,unsigned int,enum Divert::Net::ChecksumCalculationFlags)" (?CalculateChecksums@Diversion@Net@Divert@@$$FQ$AAMIP$01AEIW4ChecksumCalculationFlags@23@@z)
1>Diversion.obj : error LNK2019: unresolved external symbol "extern "C" void * __cdecl WinDivertOpen(char const *,enum WINDIVERT_LAYER,short,unsigned __int64)" (?WinDivertOpen@@$$J0YAPAXPBDW4WINDIVERT_LAYER@@F_K@Z) referenced in function "public: static class Divert::Net::Diversion ^ __clrcall Divert::Net::Diversion::Open(class System::String ^,enum Divert::Net::DivertLayer,short,enum Divert::Net::FilterFlags)" (?Open@Diversion@Net@Divert@@$$FSMP$AAV123@P$AAVString@System@@W4DivertLayer@23@FW4FilterFlags@23@@z)
1>DivertHandle.obj : error LNK2019: unresolved external symbol "extern "C" int __cdecl WinDivertClose(void *)" (?WinDivertClose@@$$J0YAHPAX@Z) referenced in function "public: bool __clrcall Divert::Net::DivertHandle::Close(void)" (?Close@DivertHandle@Net@Divert@@$$FQ$AAM_NXZ)
1>D:\DivertNet\Divert.Net-master\ide\Divert.Net\Divert.Net......\build\Release x86\Divert.Net.dll : fatal error LNK1120: 24 unresolved externals
========== Build: 0 succeeded, 1 failed, 0 up-to-date, 0 skipped ==========

package.nuspec does not include assemblies.

nuget pack is not including any of the project assemblies.

@TechnikEmpire P.S. Hoping to see this make it's way to nuget.org

DivertIpv6Header missing `Length` property

Title says it all.

I can't run example

Hi,
I download as zip and open NetDump.sln on VS2012. I got a warning : "The referenced component 'Divert.Net' could not be found." and of course related "... does not exists in the current context."

Is Divert.Net dll? How can i add or how can fix this problem?

Adding data to payload

Hi,

Thank you very much for this great binding!

I succeeded in modifying the payload content without touching the length of the incoming buffer, but cannot "add" extra content to it.

Is it possible to do this? This is my actual code based on netdump example

class Program
    {
        static void Main(string[] args)
        {
            Diversion diversion = Diversion.Open("true", DivertLayer.Network, 100, 0);

            IPHeader ipHeader = new IPHeader();
            IPv6Header ipv6Header = new IPv6Header();
            ICMPHeader icmpHeader = new ICMPHeader();
            ICMPv6Header icmpv6Header = new ICMPv6Header();
            TCPHeader tcpHeader = new TCPHeader();
            UDPHeader udpHeader = new UDPHeader();

            Address address = new Address();

            byte[] buffer = new byte[65535];
            byte[] newbuffer = new byte[1];

            uint receiveLength = 0;
            uint sendLength = 0;

            string processName;
            bool added = false;

            uint pid = 0;

            Console.WriteLine("Starting...");

            while (true)
            {
                added = false;
                pid = 0;

                receiveLength = 0;
                sendLength = 0;

                if (!diversion.Receive(buffer, address, ref receiveLength))
                {
                    Console.WriteLine("Failed to receive packet with error {0}", System.Runtime.InteropServices.Marshal.GetLastWin32Error());
                    continue;
                }

                diversion.ParsePacket(buffer, receiveLength, ipHeader, ipv6Header, icmpHeader, icmpv6Header, tcpHeader, udpHeader);

                if (ipHeader.Valid && tcpHeader.Valid)
                {
                    Diversion.GetPacketProcess(address, tcpHeader, ipHeader, ref pid, out processName);

                    string processexecutable = processName.Substring(processName.LastIndexOf('\\')+1);

                    if (processexecutable == "client.exe" && address.Direction == DivertDirection.Inbound)
                    {                        
                        string recibido = Encoding.UTF8.GetString(buffer);

                        Console.WriteLine("Adding");
                        added = true;

                        //Adding new data
                        buffer[receiveLength + 1] = 72;
                        buffer[receiveLength + 2] = 79;
                        buffer[receiveLength + 3] = 76;
                        buffer[receiveLength + 4] = 65;

                        //Creating new buffer
                        newbuffer = new byte[receiveLength + 4];

                        Array.Copy(buffer, newbuffer, receiveLength + 4);

                        //Modifying existing data (OK)
                        //buffer[296] = 72;
                    }                    
                }

                if (!added)
                {
                    diversion.CalculateChecksums(buffer, receiveLength, 0);
                    diversion.SendAsync(buffer, receiveLength, address, ref sendLength);
                }
                else
                {
                    diversion.CalculateChecksums(newbuffer, Convert.ToUInt32(newbuffer.Length), 0);

                    if (!diversion.SendAsync(newbuffer, Convert.ToUInt32(newbuffer.Length), address, ref sendLength))
                        Console.WriteLine("FAILED!");
                }                                  
            }

            diversion.Close();
        }
    }

I would very much appreciate if you can point me in the right direction regarding this issue.

Issue with trying NetDump sample

Hello!

I already used WinDivert in C++ and Python and I wanted to try your Divert.Net, sadly I having issues using it. I am not really familiar with wrappers so it's possible I miss something really obvious, please help me if you can.

For example I wanted to try out your NetDump example but after opening the solution in VS2015 it can't find the already added by default Divert.Net reference (yellow triangle) and having issues with "using Divert.Net;" too, missing a using directive or an assembly reference.

I've read the wiki of Divert.Net and as the wiki says I created the necessary directory structure in the root directory of the NetDump example.

The root directory of my project:

The deps\windivert:

The deps\windivert\x64:

The deps\windivert\x86:

Should I make any other changes in VS2015 too? I am thinking about things which are not written in the wiki because they are too obvious, but not for me.

Thank you in advance!

Compiling for x86 causes unknown external symbol errors

When selecting "Debug x86" drop the drop-down, it kicks out errors:

I have followed the Wiki closely and funnily enough the 64-bit build succeeds, but the 32bit fails with the external symbols.

Sequence numbers and ip header lengths incorrect

Hi.

First off, thanks for the library!

It is quite possible that I have done something incorrect in my code, but I am not being returned correct sequence numbers or packet lengths. I have not fully verified other values at this point.

My program is a simple modification of the example program, which writes sequence numbers and lengths for packets arriving from a target host:port. While running the program I simultaneously ran WireShark for validation.

Upon running a simple request from the host I received the following dump. You will note that the packets (third column) are not in sequence.

Handle to WinDivert1.2 driver successfully opened in packet sniffing mode.
Reporting packets coming from a secure server (SSL)...
37 SEQ <2563662208>: 159.203.26.198:443->192.168.1.2 13312
40 SEQ <2580439424>: 159.203.26.198:443->192.168.1.2 5125
41 SEQ <2245222784>: 159.203.26.198:443->192.168.1.2 5125
42 SEQ <1910006144>: 159.203.26.198:443->192.168.1.2 21763
45 SEQ <2665177472>: 159.203.26.198:443->192.168.1.2 25344
47 SEQ <3655033216>: 159.203.26.198:443->192.168.1.2 5125
48 SEQ <3319816576>: 159.203.26.198:443->192.168.1.2 5125
49 SEQ <2984599936>: 159.203.26.198:443->192.168.1.2 5125
51 SEQ <2649383296>: 159.203.26.198:443->192.168.1.2 5125
52 SEQ <2314166656>: 159.203.26.198:443->192.168.1.2 5125
53 SEQ <1978950016>: 159.203.26.198:443->192.168.1.2 5125
54 SEQ <1643733376>: 159.203.26.198:443->192.168.1.2 42243
55 SEQ <3741081984>: 159.203.26.198:443->192.168.1.2 5125
57 SEQ <3389088384>: 159.203.26.198:443->192.168.1.2 5125
58 SEQ <3053871744>: 159.203.26.198:443->192.168.1.2 5125
60 SEQ <2718655104>: 159.203.26.198:443->192.168.1.2 5125
61 SEQ <2383438464>: 159.203.26.198:443->192.168.1.2 45570
77 SEQ <420700800>: 159.203.26.198:443->192.168.1.2 10240
78 SEQ <420700800>: 159.203.26.198:443->192.168.1.2 10240

Here is the screenshot from WireShark.

You can see that the packet numbers (first column in each case) follow the same pattern, though the numbers are mildly different. You will also see that both tools report the same number of packets.

The highlighted blue line (Transmission Control Protocol) shows the initial packet sequence number is 2153893528, which is completely different from that reported by the sample program. The packet lengths are similarly completely different (column 6 in WireShark, final column in sample program).

Any thoughts?

Thanks for the help.

The sample program source is here:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using Divert.Net;

namespace NetDump
{
    class Program
    {
        static void Main(string[] args)
        {
            Console.WindowWidth = Console.LargestWindowWidth;
            bool running = true;

            Console.CancelKeyPress += delegate {running = false;};

            Diversion diversion;
            string filter = "true";

            try { diversion = Diversion.Open(filter, DivertLayer.Network, 100, FilterFlags.Sniff); }
            catch(Exception e) { Console.WriteLine(e.Message); return; }

            if(!diversion.Handle.Valid)
            {
                Console.WriteLine("Failed to open divert handle with error {0}", System.Runtime.InteropServices.Marshal.GetLastWin32Error());
                return;
            }
            else
            {
                Console.WriteLine("Handle to WinDivert1.2 driver successfully opened in packet sniffing mode.");
                Console.WriteLine("Reporting packets coming from a secure server (SSL)...");
            }

            IPHeader ipHeader = new IPHeader();
            IPv6Header ipv6Header = new IPv6Header();
            ICMPHeader icmpHeader = new ICMPHeader();
            ICMPv6Header icmpv6Header = new ICMPv6Header();
            TCPHeader tcpHeader = new TCPHeader();
            UDPHeader udpHeader = new UDPHeader();

            Address address = new Address();
            byte[] buffer = new byte[65535];

            int count = 0;
            while (running)
            {
                count++;
                uint receiveLength = 0;

                if (!diversion.Receive(buffer, address, ref receiveLength))
                {
                    Console.WriteLine("Failed to receive packet with error {0}", System.Runtime.InteropServices.Marshal.GetLastWin32Error());
                    continue;
                }

                diversion.ParsePacket(buffer, receiveLength, ipHeader, ipv6Header, icmpHeader, icmpv6Header, tcpHeader, udpHeader);

                if (ipHeader.Valid && tcpHeader.Valid)
                {
                    string src = ipHeader.SourceAddress.ToString();
                    string dst = ipHeader.DestinationAddress.ToString();
                    long length = ipHeader.Length;
                    uint seq = tcpHeader.SequenceNumber;
                    ushort port = tcpHeader.SourcePort;

                    if (src == "159.203.26.198" && port == 443)
                    {
                        Console.WriteLine("{0} SEQ <{1}>: {2}:{3}->{4} {5}", count, seq, src, port, dst, length);
                        Console.WriteLine("");
                    }
                }
            }

            diversion.Close();
        }
    }
}

GetPacketProcess needs to check the address, not just the port.

The methods for getting the process attached to a packet or packet flow needs to do more than simply check for a matching port number. Since the TCP/UDP tables could be populated with records like 127.0.0.1:80, and also 192.168.0.254:80, we need more than a simple port check. We'll definitely get incorrect results checking only the port. We therefore require an additional parameter taking an IP Address, so that interface address + port can be considered to get accurate results.

IPV6 address comparison for resolving process is wrong

The code to compare addresses vs the TCP6 table is both wrong and overly complex.

compatible with WinDivert Version 1.4.0 release candidate

At least the method "WinDivertHelperCalcChecksums" is not compatible with WinDivert Version 1.4.0 release candidate

Dropping Packets Error Code 6?

Hello Jesse, I am trying to use Divert.Net to create a simple packet latency simulator, could you explain why the packets are being randomly dropped?

    Thread receiving;
    Thread sending;
    Diversion diversion;

    public struct packet
    {
        public Address address;
        public byte[] buffer;
        public uint receiveLength;
        public uint sendLength;
        public DateTime dt;
    }

    packet rp = new packet();
    packet sp = new packet();
    Queue pq = new Queue();

    public int pc = 0; //packet count

    public void run()
    {
        rp.address = new Address();
        rp.buffer = new byte[65535];
        rp.receiveLength = 0;
        rp.sendLength = 0;
        rp.dt = DateTime.Now;

        while (true)
        {
            if (!diversion.Receive(rp.buffer, rp.address, ref rp.receiveLength))
            {
                 continue;
            }
            else
            {
                rp.dt = DateTime.Now.AddTicks(1000000); //adds timestamp + 100ms
                pq.Enqueue(rp); //adds packet to queue
                pc++;
           }
       }
    }

    public void send()
    {
        while (true)
        {
            if (pc > 0)
            {
                sp = (packet)pq.Peek(); //gets first packet in the queue
                if (sp.dt <= DateTime.Now) //checks if packet arrival time is <= than current time
                {
                    //diversion.SendAsync(sp.buffer, sp.receiveLength, sp.address, ref sp.sendLength);
                    if (!diversion.Send(sp.buffer, sp.receiveLength, sp.address, ref sp.sendLength))
                    {
                        try
                        {
                            Invoke(new Action(() => { richTextBox1.AppendText(System.Runtime.InteropServices.Marshal.GetLastWin32Error().ToString() + "\n"); }));
                        }
                        catch { }
                        pq.Dequeue();
                        pc--;
                    }
                    else
                    {
                        pq.Dequeue();
                        pc--;
                    }
                }
            }
        }
    }

    private void button1_Click(object sender, EventArgs e)
    {
        diversion = Diversion.Open("outbound", DivertLayer.Network, 100, 0);

        receiving = new Thread(run);
        receiving.Start();

        sending = new Thread(send);
        sending.Start();
    }

    private void button2_Click(object sender, EventArgs e)
    {
        sending.Abort();
        receiving.Abort();
        if(pq.Count > 0)
        {
            pq.Clear();
        }
        diversion.Close();
    }`

This is using Windows Forms and I have compiled Divert.Net to x64.

Side note: I am a beginner with this, but if you could advise it would be appreciated.

THATS WHAT I LOOKING FOR !!!!! TY MAN!

There are no any other .net wrappers for WFP. And this project was hard to find. TY MAN!

Re-inject a packet from forward layer to local machine

First I would like to thank you for this awesome .Net binding.

I would like to capture a tcp packet at the forwarding layer and then re-inject it with the local machine as the destination while changing also the destination port, So I've opened two windivert handles one for the network layer and one for the forwarding layer, the packets are captured on the forwarding layer but it seems they are not injected properly (I've a tcp listener on the new destination port and it is not receiving the packets nor wireshark is capturing it)

I've modified the sample coming with Divert.net by opening another windivert handle using the following code:

     networkDiversion = Diversion.Open("tcp", DivertLayer.Network, 0, 0);

And modified the open arguments for the sample to the following:

     diversion = Diversion.Open(filter, DivertLayer.NetworkForward, -1000, 0);

And on the main loop which handles the forwarding packet I've added this code:

                    if (tcpHeader.DestinationPort == 80)
                    {
                        ipHeader.DestinationAddress = IPAddress.Parse("192.168.1.5"); //Ip of the local machine
                        tcpHeader.DestinationPort = 87;
                        address.Direction = DivertDirection.Inbound;
                        networkDiversion.CalculateChecksums(buffer, receiveLength, 0);
                        networkDiversion.Send(buffer, receiveLength, address, ref sendLength);
                        continue;
                    }

So is there something wrong i'm doing?

Btw DestinationPort property of the tcp header has an issue and always sets the port to zero, it is missing a casting to short:

        void TCPHeader::DestinationPort::set(uint16_t value)
        {
            if (m_tcpHeader != nullptr)
            {
                m_tcpHeader->DstPort = System::Net::IPAddress::HostToNetworkOrder((short)value);
            }
        }

Thanks

DivertAsync receive problem

Hi there,

Not sure if I'm doing this right but I tried the following:

while (!signalCancel)
{
	DivertAsyncResult asyncReceive = new DivertAsyncResult();
	bool got_packet = filter.ReceiveAsync(raw_packet, addr, ref raw_packet_len, asyncReceive);
	while (!got_packet)
		got_packet = asyncReceive.Get(1000);
        //do stuff...

Which seems to work for a while but then I get a SEHException (External component has thrown an exception) from here:

bool DivertHandle::Close()
{
	if (Valid)
	{
		if (m_fromWinDivert)
		{
			return WinDivertClose(m_handle) == 1;
		}
		else
		{
			return CloseHandle(m_handle) != 0;   //     <= crashes here
		}				
	}
	else
	{
		return false;
	}
}

I'll try and trace out exactly which Divert.NET call throws the exception... just wondering why DivertHandle.Close() is getting called?!

Hopefully it's a case of "you're doing it wrong!" :)

Regards,

Andy

For GetPacketProcess, change PMIB pointer params to pointer-to-pointer.

Since we free the PMIB pointers in associated methods, need to change those params to pointer-to-pointer and have the methods set the pPMIB to nullptr after freeing, to avoid potential double frees.