forked from basil00/WinDivert
-
Notifications
You must be signed in to change notification settings - Fork 0
WinDivert: Windows Packet Divert
License
ghelmer/Divert
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
WinDivert 1.4: Windows Packet Divert
====================================
1. Introduction
---------------
Windows Packet Divert (WinDivert) is a user-mode packet capture-and-divert
package for Windows Vista, Windows 2008, Windows 7, Windows 8 and Windows 10.
WinDivert allows user-mode programs to capture/modify/drop network packets
sent to/from the Windows network stack.
In summary, WinDivert can
- capture network packets
- filter/drop network packets
- sniff network packets
- (re)inject network packets
- modify network packets
WinDivert can be used to implement user-mode packet filters, packet sniffers,
firewalls, NAT, VPNs, tunneling applications, etc., etc..
The features of WinDivert include:
- packet interception, sniffing, or dropping modes
- support for loopback (localhost) traffic
- full IPv6 support
- network layer
- simple yet powerful API
- high-level filtering language
- filter priorities
- freely available under the terms of the GNU Lesser General Public
License (LGPL)
For more information about WinDivert, see doc/windivert.html
2. Similar Packages
-------------------
WinDivert is similar to divert sockets in FreeBSD/MacOS, NETLINK sockets in
Linux, and some commercial packet capturing packages such as WinPkFilter for
Windows. The design of WinDivert is largely influenced by FreeBSD's divert
sockets.
WinDivert in packet-sniffing mode is similar to Winpcap. Unlike Winpcap,
WinDivert fully supports capturing loopback traffic. Furthermore, WinDivert
supports packet interception, which is not supported in Winpcap.
3. Architecture
---------------
The basic architecture of WinDivert is as follows:
+-----------------+
| |
+------->| PROGRAM |--------+
| | (WinDivert.dll) | |
| +-----------------+ |
| | (3) re-injected
| (2a) matching packet | packet
| |
| |
[user mode] | |
....................|...................................|...................
[kernel mode] | |
| |
| |
+---------------+ +----------------->
(1) packet | | (2b) non-matching packet
------------>| WinDivert.sys |-------------------------------------------->
| |
+---------------+
The WinDivert.sys driver is inserted below the Windows network stack. The
following then happens
(1) a new packet enters the network stack and is intercepted by WinDivert.sys
(2a) if the packet matches a PROGRAM-defined filter, it is diverted. The
PROGRAM reads the packet with a call to the WinDivertRecv() function.
(2b) if the packet does not match the filter, the packet is permitted to
continue as normal.
(3) PROGRAM either drops, modifies, or re-injects the packet. If the
(modified) packet is re-injected, via a call to WinDivertSend(), it is
inserted back into the Windows network stack.
4. Building
-----------
(1) In a WinDDK build environment, run the command:
wddk-build.bat
(2) [OPTIONAL Visual Studio 2012 support] In a VS2012 command prompt, run the
command:
msvc-build.bat
(3) [OPTIONAL MinGW support] In Linux with MinGW a cross-compiler, run the
command:
sh mingw-build.sh
For more detailed build instructions, see doc\windivert.html
5. License
----------
WinDivert is dual-licensed, and is available under the GNU Lesser General
Public License (LGPL) Version 3 or the GNU General Public License (GPL)
Version 2. See the LICENSE file for more information.
6. About
--------
WinDivert was written by basil.
For further information, or bug reports, please contact
basil AT reqrypt DOT org
The homepage for WinDivert is
https://reqrypt.org/windivert.html
The source code for WinDivert is hosted by GitHub at
https://github.com/basil00/Divert
About
WinDivert: Windows Packet Divert
Resources
License
Stars
Watchers
Forks
Packages 0
No packages published
Languages
- C 94.7%
- Shell 3.6%
- Batchfile 1.6%
- Makefile 0.1%