Fix TEST simplification logic (again).

"ip.DstAddr >= 0.0.0.0" ---> "ip"
"ip.DstAddr <  0.0.0.0" ---> "false"

Previously, the latter simplified to "not ip".

CHANGELOG

@@ -51,3 +51,270 @@ WinDivert 1.1.5
 WinDivert 1.1.6
     - WinDivert now searches for the driver files in the application's
       directory (as opposed to the current directory).
+WinDivert 1.1.7
+    - Improved IPv6 support:
+     * Fixed incorrect IPV6 TCP/UDP checksum calculation in
+       WinDivertHelperCalcChecksums().
+     * WinDivert driver now calculates checksums for IPV6 packets.
+     * WinDivert can now handle IPV6 extension headers.
+     * Fixed WinDivertHelperParseIPv6Address().
+WinDivert 1.1.8
+    - Fix ip.TOS handling bug.
+    - Fix IPv6 comparison bug.
+WinDivert 1.2.0-rc
+    - The WinDivert filter language now supports C-style "(F1? F2: F3)"
+      expressions, where {F1,F2,F3} are themselves filter expressions.
+    - New WinDivert helper functions:
+      * WinDivertHelperCheckFilter() checks if a filter string is valid.
+      * WinDivertHelperEvalFilter() evaluates a filter on a packet.
+    - Some packets (specifically outbound or loopback packets) returned by
+      WinDivertRecv() or WinDivertRecvEx() are no longer required to have
+      correct checksums.  Absent checksum fields will be set to zero.  If need
+      be the checksums can be recovered by WinDivertHelperCalcChecksums().
+    - The WINDIVERT_FLAG_NO_CHECKSUM flag has been deprecated.
+    - The WinDivertHelperCalcChecksums() function now accepts a new
+      WINDIVERT_HELPER_NO_REPLACE flag, which indicates that non-zero checksum
+      fields should not be replaced.
+    - Support for the old WinDivert1.0 API has been removed.
+WinDivert 1.2.1
+    - Identical to WinDivert 1.2.0-rc.
+WinDivert 1.3.0
+    - Fix BSOD that sometimes occurs after abnormal user application exit.
+    - Fix BSOD that sometimes occurs when WinDivert is combined with other
+      callout drivers.
+    - WinDivertSend() has been optimized.  However, it may not detect as
+      many packet injection errors as it could before.
+WinDivert 1.4.0-rc
+    - Add a new WINDIVERT_PARAM_QUEUE_SIZE parameter that can be used to
+      control the maximum number of bytes used by the packet queue.
+    - Add a new WINDIVERT_FLAG_DEBUG flag that causes WinDivertSend() to
+      block until the packet exits the Windows TCP/IP stack.  This is slower
+      but provides better error messages, so is useful for debugging.
+    - Internally queued packets are now reinjected when WinDivertClose() is
+      called instead of being dropped.
+    - WINDIVERT_ADDRESS now includes a Timestamp field that indicates when
+      the packet was first captured by WinDivert.  The timestamp uses the
+      same clock as QueryPerformanceCounter().
+    - WINDIVERT_ADDRESS now includes a Loopback field that indicates whether
+      the packet is a loopback packet or not.
+    - The filter language has been extended to include a loopback field that
+      matches loopback packets.
+    - Loopback packets are now considered to be outbound-only.
+    - WINDIVERT_ADDRESS now includes an Impostor field which indicates that the
+      packet originated from another driver rather than from the network or
+      TCP/IP stack.
+    - WinDivertRecv() will eventually fail with ERROR_HOST_UNREACHABLE if
+      an impostor packet enters an infinite loop (see #41).
+    - The filter language has been extended to include an impostor field that 
+      matches impostor packets.
+    - WINDIVERT_ADDRESS now includes three new flags relating to checksums:
+      * PseudoIPChecksum
+      * PseudoTCPChecksum
+      * PseudoUDPChecksum
+      When set, these flags indicate that the corresponding packet uses
+      "pseudo" IP/TCP/UDP checksums instead of the default full checksums.
+      Pseudo checksums are cheaper to calculate, and can be used when the
+      network hardware supports checksum offloading.
+    - WinDivertHelperCalcChecksums() now takes an optional pointer to a
+      WINDIVERT_ADDRESS structure, and calculates pseudo checksums if the
+      corresponding Pseudo*Checksum flag is set.
+    - The WINDIVERT_HELPER_NO_REPLACE flag for WinDivertHelperCalcChecksums()
+      has been deprecated.  It is no longer necessary to calculate checksums
+      for unmodified packets.
+WinDivert 1.4.1
+    - Dual license WinDivert under LGPLv3 and GPLv2.
+WinDivert 1.4.2
+    - Add workaround for pseudo checksum issue (see #134).
+WinDivert 1.4.3
+    - WinDivert.dll no longer depends on MSVCRT*.dll.
+WinDivert 2.0.0-rc
+    - Add 3 new layers:
+      * WINDIVERT_LAYER_FLOW for tracking network "flow" events.
+      * WINDIVERT_LAYER_SOCKET for tracking "socket" events.
+      * WINDIVERT_LAYER_REFLECT for tracking WinDivert events.
+    - WINDIVERT_ADDRESS has been re-factored as follows:
+      * addr.Layer: The WINDIVERT_LAYER_* value for the handle.
+      * addr.Event: A WINDIVERT_EVENT_* value representing the event (see
+        below).
+      * addr.Sniffed: Indicates that the event was sniffed.
+      * addr.Outbound: Replaces addr.Direction.
+      * addr.IPv6: Indicates an IPv6 packet.
+      * addr.Network.IfIdx: Replaces addr.IfIdx.
+      * addr.Network.SubIfIdx: Replaces addr.SubIfIdx.
+      * addr.Flow.EndpointId: The endpoint ID of the flow.
+      * addr.Flow.ParentEndpointId: The parent endpoint ID of the flow.
+      * addr.Flow.ProcessId: The ID of process that created the flow.
+      * addr.Flow.LocalAddr: The flow's local address.
+      * addr.Flow.RemoteAddr: The flow's remote address.
+      * addr.Flow.LocalPort: The flow's local port.
+      * addr.Flow.RemotePort: The flow's remote port.
+      * addr.Flow.Protocol: The flow's protocol.
+      * addr.Socket.EndpointId: The endpoint ID of the operation.
+      * addr.Socket.ParentEndpointId: The parent endpoint ID of the operation.
+      * addr.Socket.ProcessId: The ID of process that created the socket.
+      * addr.Socket.LocalAddr: The socket's local address.
+      * addr.Socket.RemoteAddr: The socket's remote address.
+      * addr.Socket.LocalPort: The socket's local port.
+      * addr.Socket.RemotePort: The socket's remote port.
+      * addr.Socket.Protocol: The socket's protocol.
+      * addr.Reflect.ProcessId: The ID of process that created opened the
+        handle.
+      * addr.Reflect.Timestamp: The timestamp of the handle.
+      * addr.Reflect.Layer: The layer of the handle.
+      * addr.Reflect.Flags: The flags of the handle.
+      * addr.Reflect.Priority: The priority of the handle.
+    - The addr.Event field can take the following values:
+      * WINDIVERT_EVENT_NETWORK_PACKET: (NETWORK/NETWORK_FORWARD layers) a new
+        packet was diverted.
+      * WINDIVERT_EVENT_FLOW_ESTABLISHED: (FLOW layer) a new flow is
+        established.
+      * WINDIVERT_EVENT_FLOW_DELETED: (FLOW layer) an existing flow is
+        deleted.
+      * WINDIVERT_EVENT_SOCKET_BIND: (SOCKET layer) a socket bind()
+        operation occurred.
+      * WINDIVERT_EVENT_SOCKET_CONNECT: (SOCKET layer) a socket connect()
+        operation occurred.
+      * WINDIVERT_EVENT_SOCKET_LISTEN: (SOCKET layer) a socket listen()
+        operation occurred.
+      * WINDIVERT_EVENT_SOCKET_ACCEPT: (SOCKET layer) a socket accept()
+        operation occurred.
+      * WINDIVERT_EVENT_SOCKET_CLOSE: (SOCKET layer) a socket endpoint is
+        closed.
+      * WINDIVERT_EVENT_REFLECT_OPEN: (REFLECT layer) a WinDivertOpen()
+        operation occurred.
+      * WINDIVERT_EVENT_REFLECT_CLOSE: (REFLECT layer) a WinDivertClose()
+        operation occurred.
+    - The WinDivert filter language has been expanded with new fields:
+      * event: The event value.
+      * timestamp: The event timestamp.
+      * endpointId: (FLOW/SOCKET layers) the endpoint ID.
+      * parentEndpointId: (FLOW/SOCKET layers) the parent endpoint ID.
+      * processId: (FLOW/SOCKET/REFLECT layers) the process ID.
+      * localAddr: (NETWORK/NETWORK_FORWARD/FLOW/SOCKET layers) the local
+        address.
+      * localPort: (NETWORK/NETWORK_FORWARD/FLOW/SOCKET layers) the local
+        port.
+      * remoteAddr: (NETWORK/NETWORK_FORWARD/FLOW/SOCKET layers) the remote
+        address.
+      * remotePort: (NETWORK/NETWORK_FORWARD/FLOW/SOCKET layers) the remote
+        port.
+      * protocol: (NETWORK/NETWORK_FORWARD/FLOW/SOCKET layers) the protocol.
+      * priority: (REFLECT layer) the handle's priority.
+      * layer: (REFLECT layer) the handle's layer.
+      * random8: (NETWORK/NETWORK_FORWARD layers) an 8-bit pseudo random
+        number.
+      * random16: (NETWORK/NETWORK_FORWARD layers) a 16-bit pseudo random
+        number.
+      * random32: (NETWORK/NETWORK_FORWARD layers) a 32-bit pseudo random
+        number.
+      * length: (NETWORK/NETWORK_FORWARD layers) the packet length.
+      * zero: The value "0".
+    - The WinDivert filter language can now address packet/payload data for
+      the NETWORK/NETWORK_FORWARD layers:
+      * packet[i]: the ith packet byte.
+      * packet16[i]: the ith packet 16bit word.
+      * packet32[i]: the ith packet 32bit word.
+      * tcp.payload[i]: the ith TCP payload byte.
+      * tcp.payload16[i]: the ith TCP 16bit word.
+      * tcp.payload32[i]: the ith TCP 32bit word.
+      * udp.payload[i]: the ith UDP payload byte.
+      * udp.payload16[i]: the ith UDP 16bit word.
+      * udp.payload32[i]: the ith UDP 32bit word.
+      The index (i) can be:
+      * An ordinary integer representing word addressing.
+      * A 'b' decorated integer representing byte-level addressing.
+      Furthermore, the index can be:
+      * Positive, representing addressing from the start of the
+        packet/payload.
+      * Negative, representing addressing from the end of the packet/payload.
+    - The WinDivert filter language now supports several symbolic values:
+      * PACKET: (NETWORK/NETWORK_FORWARD layers) equal to
+        WINDIVERT_EVENT_NETWORK_PACKET
+      * ESTABLISHED: (FLOW layer) equal to WINDIVERT_EVENT_FLOW_ESTABLISHED.
+      * DELETED: (FLOW LAYER) equal to WINDIVERT_EVENT_FLOW_DELETED.
+      * BIND: (SOCKET layer) equal to WINDIVERT_EVENT_SOCKET_BIND.
+      * CONNECT: (SOCKET layer) equal to WINDIVERT_EVENT_SOCKET_CONNECT.
+      * LISTEN: (SOCKET layer) equal to WINDIVERT_EVENT_SOCKET_LISTEN.
+      * ACCEPT: (SOCKET layer) equal to WINDIVERT_EVENT_SOCKET_ACCEPT.
+        WINDIVERT_LAYER_NETWORK_FORWARD.
+      * CLOSE: (SOCKET layer) equal to WINDIVERT_EVENT_SOCKET_CLOSE.
+      * OPEN: (REFLECT layer) equal to WINDIVERT_EVENT_REFLECT_OPEN.
+      * CLOSE: (REFLECT layer) equal to WINDIVERT_EVENT_REFLECT_CLOSE.
+      * NETWORK: (REFLECT layer) equal to WINDIVERT_LAYER_NETWORK.
+      * NETWORK_FORWARD: (REFLECT layer) equal to
+      * FLOW: (REFLECT layer) equal to WINDIVERT_LAYER_FLOW.
+      * SOCKET: (REFLECT layer) equal to WINDIVERT_LAYER_SOCKET.
+      * REFLECT: (REFLECT layer) equal to WINDIVERT_LAYER_REFLECT.
+      * TRUE: equal to 1.
+      * FALSE: equal to 0.
+      * TCP: equal to IPPROTO_TCP (6).
+      * UDP: equal to IPPROTO_UDP (17).
+      * ICMP: equal to IPPROTO_ICMP (1).
+      * ICMPV6: equal to IPPROTO_ICMPV6 (58).
+    - WinDivertOpen() now supports several new flags:
+      * WINDIVERT_FLAG_RECV_ONLY/WINDIVERT_FLAG_READ_ONLY: The handle cannot
+        be used for send operations.
+      * WINDIVERT_FLAG_SEND_ONLY/WINDIVERT_FLAG_WRITE_ONLY: The handle cannot
+        be used for receive operations.
+      * WINDIVERT_FLAG_NO_INSTALL: If the WinDivert driver is not already
+        installed/loaded, then WinDivertOpen() will fail with an error.
+    - WinDivertRecvEx()/WinDivertSendEx() now support a "batch" mode that
+      allows more than one packet to be received/sent at once.  The number
+      of packets is determined by a new pAddrLen/addrLen parameter.
+    - Add a new WinDivertShutdown() function that supports the following
+      modes:
+      * WINDIVERT_SHUTDOWN_RECV: Disable the queuing new packets.
+      * WINDIVERT_SHUTDOWN_SEND: Disable the sending of new packets.
+      * WINDIVERT_SHUTDOWN_BOTH: Equivalent to
+        (WINDIVERT_SHUTDOWN_RECV | WINDIVERT_SHUTDOWN_SEND).
+    - Add new "read-only" WinDivert parameters:
+      * WINDIVERT_PARAM_VERSION_MAJOR: Driver version (major).
+      * WINDIVERT_PARAM_VERSION_MINOR: Driver version (minor).
+    - Add a new WinDivertHelperHashPacket() helper function that calculates
+      a 64bit hash value of a packet.
+    - Add new WinDivertHelperFormatIPv4Address() and
+      WinDivertHelperFormatIPv6Address() helper functions that format
+      IPv4 and IPv6 addresses respectively.
+    - Replace WinDivertHelperCheckFilter() with a new
+      WinDivertHelperCompileFilter() helper function.  The latter can also be
+      used to compile a human-readable filter string into a more compact
+      "object" format.  The object format can be used in place of the
+      human readable format for all WinDivert operations.
+    - Add a new WinDivertHelperFormatFilter() helper function that formats a
+      filter string into a normalized form.  It also can be used to
+      "de-compile" the object format into a human readable form.
+    - Add a new WinDivertHelperDecrementTTL() function that decrements the
+      ip.TTL/ipv6.HopLimit field of a packet.
+    - Add new WinDivertHelperNto*()/WinDivertHelperHton*() helper functions
+      for swapping from network to host byte ordering, and vice versa.
+    - WinDivertOpen() priorities now are ascending, meaning that higher
+      values correspond to higher priorities.
+    - The last two arguments for WinDivertRecv() and WinDivertSend() have been
+      swapped.
+WinDivert 2.0.1-rc
+    - Fix WFP callout install optimization bug.
+    - Fix WinDivertHelperNtohIpv6Address/WinDivertHelperHtonIpv6Address bug.
+    - Rename the following functions for consistency:
+      * WinDivertHelperNtohIpv6Address -> WinDivertHelperNtohIPv6Address
+      * WinDivertHelperHtonIpv6Address -> WinDivertHelperHtonIPv6Address
+WinDivert 2.1.0
+    - WinDivertOpen() now supports a new flag:
+      * WINDIVERT_FLAG_FRAGMENTS: If set, the handle will capture inbound IP
+        fragments, but not inbound reassembled IP packets.  Otherwise, if not
+        set (the default), the handle will capture inbound reassembled IP
+        packets, but not inbound IP fragments.  This flag only affects
+        inbound packets at the NETWORK layer.
+    - Filter fields inbound/outbound are now supported at the SOCKET layer.
+    - Fix BSOD caused by packets with missing or incomplete transport
+      headers (introduced in 2.0.0).
+    - Fix missing Flow.EndpointId and Flow.ParentEndpointId for IPv6 flows.
+WinDivert 2.2.0
+    - Implement new packet parser that correctly handles IP fragments.
+    - Add a new "fragment" filter field that matches IP fragments.
+    - (Un)Loading the WinDivert driver will cause a system event to be logged.
+WinDivert 2.2.1
+    - Fix potential driver deadlock on user-mode program crash.
+    - Fix filter language simplification bug.
+    - Fix Flow.EndpointId containing junk data.
+WinDivert 2.2.2
+    - Fix potential WinDivertClose() BSOD for WINDIVERT_LAYER_FLOW handles.

LICENSE

@@ -1,7 +1,13 @@
+WinDivert is dual-licensed under your choice of the GNU Lesser General Public
+License (LGPL) Version 3 or the GNU General Public License (GPL) Version 2.
+Copies of the LGPLv3, GPLv3 and GPLv2 are provided below.
+
+==============================================================================
+
                    GNU LESSER GENERAL PUBLIC LICENSE
                        Version 3, 29 June 2007
 
- Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
+ Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
  Everyone is permitted to copy and distribute verbatim copies
  of this license document, but changing it is not allowed.
 
@@ -164,12 +170,12 @@ apply, that proxy's public statement of acceptance of any version is
 permanent authorization for you to choose that version for the
 Library.
 
-------------------------------------------------------------------------------
+==============================================================================
 
                     GNU GENERAL PUBLIC LICENSE
                        Version 3, 29 June 2007
 
- Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
+ Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
  Everyone is permitted to copy and distribute verbatim copies
  of this license document, but changing it is not allowed.
 
@@ -785,3 +791,401 @@ reviewing courts shall apply local law that most closely approximates
 an absolute waiver of all civil liability in connection with the
 Program, unless a warranty or assumption of liability accompanies a
 copy of the Program in return for a fee.
+
+                     END OF TERMS AND CONDITIONS
+
+            How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+Also add information on how to contact you by electronic and paper mail.
+
+  If the program does terminal interaction, make it output a short
+notice like this when it starts in an interactive mode:
+
+    <program>  Copyright (C) <year>  <name of author>
+    This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, your program's commands
+might be different; for a GUI interface, you would use an "about box".
+
+  You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU GPL, see
+<https://www.gnu.org/licenses/>.
+
+  The GNU General Public License does not permit incorporating your program
+into proprietary programs.  If your program is a subroutine library, you
+may consider it more useful to permit linking proprietary applications with
+the library.  If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.  But first, please read
+<https://www.gnu.org/licenses/why-not-lgpl.html>.
+
+==============================================================================
+
+                    GNU GENERAL PUBLIC LICENSE
+                       Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+                            Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Lesser General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary.  To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+                    GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License.  The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language.  (Hereinafter, translation is included without limitation in
+the term "modification".)  Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+  1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+  2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License.  (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it.  For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable.  However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License.  Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+  5. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Program or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+  10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+                            NO WARRANTY
+
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+                     END OF TERMS AND CONDITIONS
+
+            How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License along
+    with this program; if not, write to the Free Software Foundation, Inc.,
+    51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+    Gnomovision version 69, Copyright (C) year name of author
+    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary.  Here is a sample; alter the names:
+
+  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+  `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+  <signature of Ty Coon>, 1 April 1989
+  Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs.  If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library.  If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.
+

README

@@ -1,51 +1,36 @@
-WinDivert 1.1: Windows Packet Divert
+WinDivert 2.2: Windows Packet Divert
 ====================================
 
 1. Introduction
 ---------------
 
-Windows Packet Divert (WinDivert) is a user-mode packet capture-and-divert
-package for Windows Vista, Windows 2008, Windows 7, and Windows 8.
+Windows Packet Divert (WinDivert) is a user-mode packet interception library
+for Windows 10, Windows 11, and Windows Server.
 
-With WinDivert developers can write user-mode programs that capture and
-modify or drop network packets sent to/from the Windows network stack.
-In summary, WinDivert can
+WinDivert enables user-mode capturing/modifying/dropping of network packets
+sent to/from the Windows network stack.  In summary, WinDivert can:
     - capture network packets
     - filter/drop network packets
     - sniff network packets
     - (re)inject network packets
     - modify network packets
+WinDivert can be used to implement user-mode packet filters, sniffers,
+firewalls, NATs, VPNs, IDSs, tunneling applications, etc..
 
-WinDivert can be used to implement user-mode packet filters, packet sniffers,
-firewalls, NAT, VPNs, tunneling applications, etc., etc..  If you
-need to intercept and modify packets, then WinDivert is for you.
-
-The features of WinDivert include:
+WinDivert supports the following features:
     - packet interception, sniffing, or dropping modes
     - support for loopback (localhost) traffic
     - full IPv6 support
     - network layer
-    - simple and powerful API
+    - simple yet powerful API
     - high-level filtering language
     - filter priorities
     - freely available under the terms of the GNU Lesser General Public
-      License (LGPL)
+      License (LGPLv3)
 
-For more information about WinDivert, see doc/divert.html
+For more information see doc/windivert.html
 
-2. Similar Packages
--------------------
-
-WinDivert is similar to divert sockets in FreeBSD/MacOS, NETLINK sockets in
-Linux, and some commercial packet capturing packages such as WinPkFilter for
-Windows.  The design of WinDivert is largely influenced by FreeBSD's divert
-sockets.
-
-WinDivert in packet-sniffing mode is similar to Winpcap.  Unlike Winpcap,
-WinDivert fully supports capturing loopback traffic.   Furthermore, WinDivert
-supports packet interception, which is not supported in Winpcap.
-
-3. Architecture
+2. Architecture
 ---------------
 
 The basic architecture of WinDivert is as follows:
@@ -70,70 +55,37 @@ The basic architecture of WinDivert is as follows:
               |               |
               +---------------+
 
-The WinDivert.sys driver is inserted below the Windows network stack.  The
-following then happens
+The WinDivert.sys driver is installed below the Windows network stack.  The
+following actions occur:
 
-(1) a new packet enters the network stack and is intercepted by WinDivert.sys
-(2a) if the packet matches a PROGRAM-defined filter, it is diverted.  The
-    PROGRAM reads the packet with a call to the WinDivertRecv() function.
-(2b) if the packet does not match the filter, the packet is permitted to
-    continue as normal.
-(3) PROGRAM either drops, modifies, or re-injects the packet.  If the
-    (modified) packet is re-injected, via a call to WinDivertSend(), it is
-    inserted back into the Windows network stack.
+(1) A new packet enters the network stack and is intercepted by WinDivert.sys
+(2a) If the packet matches the PROGRAM-defined filter, it is diverted.  The
+    PROGRAM can then read the packet using a call to WinDivertRecv().
+(2b) If the packet does not match the filter, the packet continues as normal.
+(3) PROGRAM either drops, modifies, or re-injects the packet.  PROGRAM can
+    re-inject the (modified) using a call to WinDivertSend().
 
-4. Building
------------
-
-(1) In a WinDDK build environment, run the command:
-
-    wddk-build.bat
-
-(2) [OPTIONAL Visual Studio 2012 support] In a VS2012 command prompt, run the
-    command:
-
-    msvc-build.bat
-
-(3) [OPTIONAL MinGW support] In Linux with MinGW a cross-compiler, run the
-    command:
-
-    sh mingw-build.sh
-
-For more detailed build instructions, see doc\windivert.html
-
-5. License
+3. License
 ----------
 
-This package is distributed under the GNU Lesser General Public License
-(LGPL) Version 3.  See LICENSE for more information.
+WinDivert is dual-licensed under your choice of the GNU Lesser General Public
+License (LGPL) Version 3 or the GNU General Public License (GPL) Version 2.
+See the LICENSE file for more information.
 
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU Lesser General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU Lesser General Public License for more details.
-
-You should have received a copy of the GNU Lesser General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>
-
-6. About
+4. About
 --------
 
 WinDivert was written by basil.
 
-For further information, or bug reports, please contact
+For further information, or bug reports, please contact:
 
-    basil AT reqrypt DOT org
+    basil@reqrypt.org
 
-The homepage for WinDivert is
+The homepage for WinDivert is:
 
-    http://reqrypt.org/windivert.html
+    https://reqrypt.org/windivert.html
 
-The source code for WinDivert is hosted by GitHub at
+The source code for WinDivert is hosted by GitHub at:
 
     https://github.com/basil00/Divert
 

VERSION

@@ -1 +1 @@
-1.1.6
+2.2.2

dirs

@@ -1,4 +1,2 @@
-DIRS= \
-     dll \
-     examples \
-     sys
+DIRS= \
+     sys

dll/Makefile

@@ -1 +0,0 @@
-!INCLUDE $(NTMAKEENV)\makefile.def

dll/sources

@@ -1,32 +0,0 @@
-# sources
-# (C) 2014, all rights reserved,
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU Lesser General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-TARGETNAME=WinDivert
-TARGETTYPE=DYNLINK
-TARGETPATH=..\install\WDDK
-TARGETLIBS=\
-    $(SDK_LIB_PATH)\advapi32.lib \
-    $(SDK_LIB_PATH)\setupapi.lib \
-    $(SDK_LIB_PATH)\user32.lib \
-    $(SDK_LIB_PATH)\kernel32.lib \
-    $(SDK_LIB_PATH)\ws2_32.lib
-C_DEFINES=/DWIN32 /D_WINDOWS /D_USRDLL /DUSE_STDAFX /DUNICODE /D_UNICODE
-DLLENTRY=WinDivertDllEntry
-DLLDEF=windivert.def
-USE_MSVCRT=1
-INCLUDES=$(DDK_INC_PATH);$(KMDF_INC_PATH)\$(KMDF_VER_PATH);..\include
-SOURCES=windivert.c
-

dll/windivert.def

@@ -1,25 +1,36 @@
 LIBRARY WinDivert
 EXPORTS
-    WinDivertDllEntry
     WinDivertOpen
     WinDivertRecv
     WinDivertRecvEx
     WinDivertSend
     WinDivertSendEx
+    WinDivertShutdown
     WinDivertClose
     WinDivertSetParam
     WinDivertGetParam
     WinDivertHelperCalcChecksums
+    WinDivertHelperDecrementTTL
+    WinDivertHelperHashPacket
     WinDivertHelperParsePacket
+    WinDivertHelperParseMACAddress
     WinDivertHelperParseIPv4Address
     WinDivertHelperParseIPv6Address
-    DivertOpen
-    DivertRecv
-    DivertSend
-    DivertClose
-    DivertSetParam
-    DivertGetParam
-    DivertHelperCalcChecksums
-    DivertHelperParsePacket
-    DivertHelperParseIPv4Address
-    DivertHelperParseIPv6Address
+    WinDivertHelperFormatMACAddress
+    WinDivertHelperFormatIPv4Address
+    WinDivertHelperFormatIPv6Address
+    WinDivertHelperCompileFilter
+    WinDivertHelperEvalFilter
+    WinDivertHelperFormatFilter
+    WinDivertHelperNtohs
+    WinDivertHelperHtons
+    WinDivertHelperNtohl
+    WinDivertHelperHtonl
+    WinDivertHelperNtohll
+    WinDivertHelperHtonll
+    WinDivertHelperNtohMACAddress
+    WinDivertHelperHtonMACAddress
+    WinDivertHelperNtohIPv6Address
+    WinDivertHelperHtonIPv6Address
+    WinDivertHelperNtohIpv6Address
+    WinDivertHelperHtonIpv6Address

dll/windivert.vcxproj

@@ -1,61 +1,84 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <ItemGroup Label="ProjectConfigurations">
-    <ProjectConfiguration Include="Release|x64">
-      <Configuration>Release</Configuration>
-      <Platform>x64</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="Debug|x64">
-      <Configuration>Debug</Configuration>
-      <Platform>x64</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="Release|Win32">
-      <Configuration>Release</Configuration>
-      <Platform>Win32</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="Debug|Win32">
-      <Configuration>Debug</Configuration>
-      <Platform>Win32</Platform>
-    </ProjectConfiguration>
-  </ItemGroup>
-  <PropertyGroup>
-    <ConfigurationType>DynamicLibrary</ConfigurationType>
-    <TARGETNAME>WinDivert</TARGETNAME>
-    <Configuration>Release</Configuration>
-  </PropertyGroup>
-  <ItemDefinitionGroup>
-    <ClCompile>
-      <AdditionalIncludeDirectories>..\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-    </ClCompile>
-    <Link>
-      <ModuleDefinitionFile>windivert.def</ModuleDefinitionFile>
-    </Link> 
-  </ItemDefinitionGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props"/>
-  <PropertyGroup Label="Configuration" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
-    <PlatformToolset>v110</PlatformToolset>
-  </PropertyGroup>
-  <PropertyGroup Label="Configuration" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
-    <PlatformToolset>v110</PlatformToolset>
-  </PropertyGroup>
-  <PropertyGroup Label="Configuration" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
-    <PlatformToolset>v110</PlatformToolset>
-  </PropertyGroup>
-  <PropertyGroup Label="Configuration" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
-    <PlatformToolset>v110</PlatformToolset>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)'=='Debug'">
-    <UseDebugLibraries>True</UseDebugLibraries>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)'=='Release'">
-    <UseDebugLibraries>False</UseDebugLibraries>
-  </PropertyGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props"/>
-  <ItemGroup>
-    <ClCompile Include="windivert.c"/>
-  </ItemGroup>
-  <ItemGroup>
-    <None Include="windivert.def"/>
-  </ItemGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets"/>
-</Project>
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+
+    windivert.vcxproj
+    (C) 2019, all rights reserved,
+    
+    This file is part of WinDivert.
+    
+    WinDivert is free software: you can redistribute it and/or modify it under
+    the terms of the GNU Lesser General Public License as published by the
+    Free Software Foundation, either version 3 of the License, or (at your
+    option) any later version.
+    
+    This program is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+    or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+    License for more details.
+    
+    You should have received a copy of the GNU Lesser General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+    
+    WinDivert is free software; you can redistribute it and/or modify it under
+    the terms of the GNU General Public License as published by the Free
+    Software Foundation; either version 2 of the License, or (at your option)
+    any later version.
+    
+    This program is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+    or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+    for more details.
+    
+    You should have received a copy of the GNU General Public License along
+    with this program; if not, write to the Free Software Foundation, Inc., 51
+    Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+    
+-->
+<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+ <ItemGroup Label="ProjectConfigurations">
+  <ProjectConfiguration Include="Release|Win32">
+   <Configuration>Release</Configuration>
+   <Platform>Win32</Platform>
+  </ProjectConfiguration>
+  <ProjectConfiguration Include="Release|x64">
+   <Configuration>Release</Configuration>
+   <Platform>x64</Platform>
+  </ProjectConfiguration>
+ </ItemGroup>
+ <ItemGroup>
+  <ClCompile Include="windivert.c">
+   <TreatWarningAsError>false</TreatWarningAsError>
+   <Optimization>MinSpace</Optimization>
+   <IntrinsicFunctions>true</IntrinsicFunctions>
+   <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+   <BufferSecurityCheck>false</BufferSecurityCheck>
+   <AdditionalIncludeDirectories>..\include</AdditionalIncludeDirectories>
+  </ClCompile>
+ </ItemGroup>
+ <PropertyGroup Label="Globals">
+  <RootNamespace>WinDivert</RootNamespace>
+  <ProjectName>WinDivert</ProjectName>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props"/>
+ <PropertyGroup Label="Configuration">
+  <PlatformToolset>v140</PlatformToolset>
+  <UseDebugLibraries>true</UseDebugLibraries>
+  <ConfigurationType>DynamicLibrary</ConfigurationType>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+ <ItemDefinitionGroup>
+  <ClCompile>
+   <WppEnabled>false</WppEnabled>
+   <PreprocessorDefinitions Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">WIN32;NDEBUG;_WINDOWS;_USRDLL;DLL_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+   <PreprocessorDefinitions Condition="'$(Configuration)|$(Platform)'=='Release|x64'">WIN32;NDEBUG;_WINDOWS;_USRDLL;DLL_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+  </ClCompile>
+  <Link>
+   <EntryPointSymbol>WinDivertDllEntry</EntryPointSymbol>
+   <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+   <IgnoreAllDefaultLibraries>true</IgnoreAllDefaultLibraries>
+   <ModuleDefinitionFile>windivert.def</ModuleDefinitionFile>
+   <ImportLibrary>WinDivert.lib</ImportLibrary>
+  </Link>
+ </ItemDefinitionGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+</Project>

dll/windivert_hash.c

@@ -0,0 +1,233 @@
+/*
+ * windivert_hash.c
+ * (C) 2023, all rights reserved,
+ *
+ * This file is part of WinDivert.
+ *
+ * WinDivert is free software: you can redistribute it and/or modify it under
+ * the terms of the GNU Lesser General Public License as published by the
+ * Free Software Foundation, either version 3 of the License, or (at your
+ * option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * WinDivert is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ * 
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ * 
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc., 51
+ * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ *
+ * xxHash - Fast Hash algorithm
+ * Copyright (C) 2012-2016, Yann Collet
+ *
+ * BSD 2-Clause License (http://www.opensource.org/licenses/bsd-license.php)
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+/*
+ * This is a modified version of the 64bit xxHash algorithm:
+ * - The algorithm is seeded with packet data rather than the single 64bit
+ *   "seed" value.
+ * - The input sized is fixed to 32bytes (excluding the seed), so there is
+ *   only ever a single round.  As such, the algorithm has been specialized.
+ * - [ETHERNET] uses an additional "pseudo-round" for the ethernet header.
+ */
+
+#define WINDIVERT_ROTL64(x, r)  (((x) << (r)) | ((x) >> (64 - (r))))
+
+static const UINT64 WINDIVERT_PRIME64_1 = 11400714785074694791ull;
+static const UINT64 WINDIVERT_PRIME64_2 = 14029467366897019727ull;
+static const UINT64 WINDIVERT_PRIME64_3 = 1609587929392839161ull;
+static const UINT64 WINDIVERT_PRIME64_4 = 9650029242287828579ull;
+
+static UINT64 WinDivertXXH64Round(UINT64 acc, UINT64 input)
+{
+    acc += WINDIVERT_MUL64(input, WINDIVERT_PRIME64_2);
+    acc  = WINDIVERT_ROTL64(acc, 31);
+    acc  = WINDIVERT_MUL64(acc, WINDIVERT_PRIME64_1);
+    return acc;
+}
+
+static UINT64 WinDivertXXH64MergeRound(UINT64 acc, UINT64 val)
+{
+    val  = WinDivertXXH64Round(0, val);
+    acc ^= val;
+    acc  = WINDIVERT_MUL64(acc, WINDIVERT_PRIME64_1) + WINDIVERT_PRIME64_4;
+    return acc;
+}
+
+static UINT64 WinDivertXXH64Avalanche(UINT64 h64)
+{
+    h64 ^= h64 >> 33;
+    h64  = WINDIVERT_MUL64(h64, WINDIVERT_PRIME64_2);
+    h64 ^= h64 >> 29;
+    h64  = WINDIVERT_MUL64(h64, WINDIVERT_PRIME64_3);
+    h64 ^= h64 >> 32;
+    return h64;
+}
+
+/*
+ * WinDivert packet hash function.
+ */
+static UINT64 WinDivertHashPacket(
+    UINT64 seed,
+    const WINDIVERT_ETHHDR *eth_header,
+    const WINDIVERT_ARPHDR *arp_header,
+    const WINDIVERT_IPHDR *ip_header,
+    const WINDIVERT_IPV6HDR *ipv6_header,
+    const WINDIVERT_ICMPHDR *icmp_header,
+    const WINDIVERT_ICMPV6HDR *icmpv6_header,
+    const WINDIVERT_TCPHDR *tcp_header,
+    const WINDIVERT_UDPHDR *udp_header)
+{
+    UINT64 h64, v1, v2, v3, v4, v[4];
+    const UINT64 *data64;
+    const UINT32 *data32;
+    UINT i;
+    static const UINT64 padding64[] =               // SHA2 IV
+    {
+        0x428A2F9871374491ull, 0xB5C0FBCFE9B5DBA5ull, 0x3956C25B59F111F1ull,
+        0x923F82A4AB1C5ED5ull, 0xD807AA9812835B01ull, 0x243185BE550C7DC3ull,
+        0x72BE5D7480DEB1FEull, 0x9BDC06A7C19BF174ull, 0xE49B69C1EFBE4786ull,
+    };
+
+    // Set-up seed & data
+    v1 = seed ^ padding64[0];
+    if (ip_header != NULL)
+    {
+        data64 = (const UINT64 *)ip_header;
+        v2 = data64[0] ^ padding64[1];
+        v3 = data64[1] ^ padding64[2];
+        data32 = (const UINT32 *)ip_header;
+        v4 = (UINT64)data32[4] ^ padding64[3];
+        i = 0;
+    }
+    else if (ipv6_header != NULL)
+    {
+        data64 = (const UINT64 *)ipv6_header;
+        v2 = data64[0] ^ padding64[1];
+        v3 = data64[1] ^ padding64[2];
+        v4 = data64[2] ^ padding64[3];
+        v[0] = data64[3] ^ padding64[4];
+        v[1] = data64[4] ^ padding64[5];
+        i = 2;
+    }
+    else if (eth_header != NULL)
+    {
+        v2 = padding64[1];
+        v3 = padding64[2];
+        v4 = padding64[3];
+        i = 0;
+    }
+    else
+    {
+        return 0;
+    }
+
+    if (tcp_header != NULL)
+    {
+        data64 = (const UINT64 *)tcp_header;
+        v[i] = data64[0] ^ padding64[i+4]; i++;
+        v[i] = data64[1] ^ padding64[i+4]; i++;
+        data32 = (const UINT32 *)tcp_header;
+        if (i <= 3)
+        {
+            v[i] = (UINT64)data32[4] ^ padding64[i+4]; i++;
+        }
+        else
+        {
+            v2 ^= ((UINT64)data32[4] << 32);
+        }
+    }
+    else
+    {
+        if (udp_header != NULL)
+        {
+            data64 = (const UINT64 *)udp_header;
+            v[i] = data64[0] ^ padding64[i+4]; i++;
+        }
+        else if (icmp_header != NULL)
+        {
+            data64 = (const UINT64 *)icmp_header;
+            v[i] = data64[0] ^ padding64[i+4]; i++;
+        }
+        else if (icmpv6_header != NULL)
+        {
+            data64 = (const UINT64 *)icmpv6_header;
+            v[i] = data64[0] ^ padding64[i+4]; i++;
+        }
+    }
+
+    while (i <= 3)
+    {
+        v[i] = seed ^ padding64[i+4]; i++;
+    }
+
+    // Hash
+    v1 = WinDivertXXH64Round(v[0], v1);
+    v2 = WinDivertXXH64Round(v[1], v2);
+    v3 = WinDivertXXH64Round(v[2], v3);
+    v4 = WinDivertXXH64Round(v[3], v4);
+
+    // Ethernet-layer pseudo-round:
+    if (eth_header != NULL)
+    {
+        data64 = (const UINT64 *)eth_header->DstAddr;
+        v1 = WinDivertXXH64Round(v1, data64[0] & 0xFFFFFFFFFFFFull);
+        data64 = (const UINT64 *)eth_header->SrcAddr;
+        v2 = WinDivertXXH64Round(v2, data64[0]);
+        if (arp_header != NULL)
+        {
+            data64 = (const UINT64 *)arp_header;
+            v3 = WinDivertXXH64Round(v3, data64[0]);
+        }
+    }
+
+    h64 = WINDIVERT_ROTL64(v1, 1) + WINDIVERT_ROTL64(v2, 7) +
+          WINDIVERT_ROTL64(v3, 12) + WINDIVERT_ROTL64(v4, 18);
+    h64 = WinDivertXXH64MergeRound(h64, v1);
+    h64 = WinDivertXXH64MergeRound(h64, v2);
+    h64 = WinDivertXXH64MergeRound(h64, v3);
+    h64 = WinDivertXXH64MergeRound(h64, v4); 
+    h64 += 32;          // "length"
+    h64 = WinDivertXXH64Avalanche(h64);
+
+    return h64;
+}
+

examples/dirs

@@ -1,5 +0,0 @@
-DIRS= \
-     netdump \
-     netfilter \
-     passthru \
-     webfilter

examples/flowtrack/flowtrack.c

@@ -0,0 +1,321 @@
+/*
+ * flowtrack.c
+ * (C) 2019, all rights reserved,
+ *
+ * This file is part of WinDivert.
+ *
+ * WinDivert is free software: you can redistribute it and/or modify it under
+ * the terms of the GNU Lesser General Public License as published by the
+ * Free Software Foundation, either version 3 of the License, or (at your
+ * option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * WinDivert is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ * 
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ * 
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc., 51
+ * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+
+/*
+ * DESCRIPTION:
+ *
+ * usage: flowtrack.exe [filter]
+ */
+
+#include <winsock2.h>
+#include <windows.h>
+#include <psapi.h>
+#include <shlwapi.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "windivert.h"
+
+#define MAX_FLOWS           256
+#define INET6_ADDRSTRLEN    45
+
+/*
+ * Flow tracking.
+ */
+typedef struct FLOW
+{
+    WINDIVERT_ADDRESS addr;
+    struct FLOW *next;
+} FLOW, *PFLOW;
+
+static HANDLE lock;
+static PFLOW flows = NULL;
+
+/*
+ * Draw flows to console in a delayed loop.
+ *
+ * This function does minimal error checking.
+ */
+static DWORD draw(LPVOID arg)
+{
+    const COORD top_left  = {0, 0};
+    HANDLE process, console = GetStdHandle(STD_OUTPUT_HANDLE);
+    CONSOLE_SCREEN_BUFFER_INFO screen;
+    char path[MAX_PATH+1];
+    char addr_str[INET6_ADDRSTRLEN+1];
+    char *filename;
+    const char header[] = "PID        PROGRAM              PROT   FLOW";
+    DWORD rows, columns, written, fill_len, path_len, i;
+    PFLOW flow;
+    WINDIVERT_ADDRESS addrs[MAX_FLOWS], *addr;
+    UINT num_addrs;
+
+    while (TRUE)
+    {
+        GetConsoleScreenBufferInfo(console, &screen);
+        SetConsoleCursorPosition(console, top_left); 
+
+        rows = screen.srWindow.Bottom - screen.srWindow.Top + 1;
+        columns = screen.srWindow.Right - screen.srWindow.Left + 1;
+
+        // Copy a snapshot of the current flows:
+        WaitForSingleObject(lock, INFINITE);
+        flow = flows;
+        num_addrs = 0;
+        for (i = 0; flow != NULL && i < rows && i < MAX_FLOWS; i++)
+        {
+            memcpy(&addrs[i], &flow->addr, sizeof(addrs[i]));
+            num_addrs++;
+            flow = flow->next;
+        }
+        ReleaseMutex(lock);
+
+        // Print the flows:
+        SetConsoleTextAttribute(console, BACKGROUND_RED | BACKGROUND_GREEN |
+            BACKGROUND_BLUE);
+        WriteConsole(console, header, sizeof(header)-1, &written, NULL);
+        fill_len = columns - (sizeof(header)-1);
+        if (fill_len > 0)
+        {
+            COORD pos = {sizeof(header)-1, 0};
+            FillConsoleOutputCharacterA(console, ' ', fill_len, pos,
+                &written);
+            FillConsoleOutputAttribute(console,
+                BACKGROUND_RED | BACKGROUND_GREEN | BACKGROUND_BLUE,
+                fill_len, pos, &written);
+        }
+        putchar('\n');
+        SetConsoleTextAttribute(console,
+            FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE);
+        for (i = 0; i < num_addrs && i < rows-1; i++)
+        {
+            COORD pos = {0, i+1};
+            addr = &addrs[i];
+            FillConsoleOutputCharacterA(console, ' ', columns, pos, &written);
+            FillConsoleOutputAttribute(console,
+                FOREGROUND_GREEN | FOREGROUND_RED | FOREGROUND_BLUE,
+                columns, pos, &written);
+            SetConsoleCursorPosition(console, pos);
+            if (i == rows-2 && (i+1) < num_addrs)
+            {
+                fputs("...", stdout);
+                fflush(stdout);
+                continue;
+            }
+
+            printf("%-10d ", addr->Flow.ProcessId);
+
+            process = OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION, FALSE,
+                addr->Flow.ProcessId);
+            path_len = 0;
+            if (process != NULL)
+            {
+                path_len = GetProcessImageFileName(process, path, sizeof(path));
+                CloseHandle(process);
+            }
+            SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN);
+            if (path_len != 0)
+            {
+                filename = PathFindFileName(path);
+                printf("%-20.20s ", filename);
+            }
+            else if (addr->Flow.ProcessId == 4)
+            {
+                fputs("Windows              ", stdout);
+            }
+            else
+            {
+                fputs("???                  ", stdout);
+            }
+            SetConsoleTextAttribute(console,
+                FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE);
+            switch (addr->Flow.Protocol)
+            {
+                case IPPROTO_TCP:
+                    SetConsoleTextAttribute(console, FOREGROUND_GREEN);
+                    printf("TCP    ");
+                    break;
+                case IPPROTO_UDP:
+                    SetConsoleTextAttribute(console,
+                        FOREGROUND_RED | FOREGROUND_GREEN);
+                    printf("UDP    ");
+                    break;
+                case IPPROTO_ICMP:
+                    SetConsoleTextAttribute(console, FOREGROUND_RED);
+                    printf("ICMP   ");
+                    break;
+                case IPPROTO_ICMPV6:
+                    SetConsoleTextAttribute(console, FOREGROUND_RED);
+                    printf("ICMPV6 ");
+                    break;
+                default:
+                    printf("%-6u ", addr->Flow.Protocol);
+                    break;
+            }
+            SetConsoleTextAttribute(console,
+                FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE);
+            WinDivertHelperFormatIPv6Address(addr->Flow.LocalAddr, addr_str,
+                sizeof(addr_str));
+            printf("%s:%u %s ", addr_str, addr->Flow.LocalPort,
+                (addr->Outbound? "---->": "<----"));
+            WinDivertHelperFormatIPv6Address(addr->Flow.RemoteAddr, addr_str,
+                sizeof(addr_str));
+            printf("%s:%u", addr_str, addr->Flow.RemotePort);
+            fflush(stdout);
+        }
+        for (; i < rows-1; i++)
+        {
+            COORD pos = {0, i+1};
+            FillConsoleOutputCharacterA(console, ' ', columns, pos, &written);
+            FillConsoleOutputAttribute(console,
+                FOREGROUND_GREEN | FOREGROUND_RED | FOREGROUND_BLUE,
+                columns, pos, &written);
+        }
+
+        Sleep(1000);
+    }
+}
+
+/*
+ * Entry.
+ */
+int __cdecl main(int argc, char **argv)
+{
+    HANDLE handle, thread;
+    INT16 priority = 776;       // Arbitrary.
+    const char *filter = "true", *err_str;
+    UINT packet_len;
+    WINDIVERT_ADDRESS addr;
+    PFLOW flow, prev;
+
+    switch (argc)
+    {
+        case 1:
+            break;
+        case 2:
+            filter = argv[1];
+            break;
+        default:
+            fprintf(stderr, "usage: %s [filter]\n", argv[0]);
+            exit(EXIT_FAILURE);
+    }
+
+    // Open WinDivert FLOW handle:
+    handle = WinDivertOpen(filter, WINDIVERT_LAYER_FLOW, priority, 
+        WINDIVERT_FLAG_SNIFF | WINDIVERT_FLAG_RECV_ONLY);
+    if (handle == INVALID_HANDLE_VALUE)
+    {
+        if (GetLastError() == ERROR_INVALID_PARAMETER &&
+            !WinDivertHelperCompileFilter(filter, WINDIVERT_LAYER_FLOW,
+                NULL, 0, &err_str, NULL))
+        {
+            fprintf(stderr, "error: invalid filter \"%s\"\n", err_str);
+            exit(EXIT_FAILURE);
+        }
+        fprintf(stderr, "error: failed to open the WinDivert device (%d)\n",
+            GetLastError());
+        return EXIT_FAILURE;
+    }
+
+    // Spawn the draw() thread.
+    lock = CreateMutex(NULL, FALSE, NULL);
+    thread = CreateThread(NULL, 1, (LPTHREAD_START_ROUTINE)draw, NULL, 0,
+        NULL);
+    if (thread == NULL)
+    {
+        fprintf(stderr, "error: failed to create thread (%d)\n",
+            GetLastError());
+        return EXIT_FAILURE;
+    }
+    CloseHandle(thread);
+
+    // Main loop:
+    while (TRUE)
+    {
+        if (!WinDivertRecv(handle, NULL, 0, NULL, &addr))
+        {
+            fprintf(stderr, "failed to read packet (%d)\n", GetLastError());
+            continue;
+        }
+
+        switch (addr.Event)
+        {
+            case WINDIVERT_EVENT_FLOW_ESTABLISHED:
+
+                // Flow established:
+                flow = (PFLOW)malloc(sizeof(FLOW));
+                if (flow == NULL)
+                {
+                    fprintf(stderr, "error: failed to allocate memory\n");
+                    exit(EXIT_FAILURE);
+                }
+                memcpy(&flow->addr, &addr, sizeof(flow->addr));
+                WaitForSingleObject(lock, INFINITE);
+                flow->next = flows;
+                flows = flow;
+                ReleaseMutex(lock);
+                break;
+
+            case WINDIVERT_EVENT_FLOW_DELETED:
+
+                // Flow deleted:
+                prev = NULL;
+                WaitForSingleObject(lock, INFINITE);
+                flow = flows;
+                while (flow != NULL)
+                {
+                    if (memcmp(&addr.Flow, &flow->addr.Flow,
+                            sizeof(addr.Flow)) == 0)
+                    {
+                        if (prev != NULL)
+                        {
+                            prev->next = flow->next;
+                        }
+                        else
+                        {
+                            flows = flow->next;
+                        }
+                        break;
+                    }
+                    prev = flow;
+                    flow = flow->next;
+                }
+                ReleaseMutex(lock);
+                free(flow);
+        }
+    }
+
+    return 0;
+}
+

examples/flowtrack/flowtrack.vcxproj

@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+
+    flowtrack.vcxproj
+    (C) 2019, all rights reserved,
+    
+    This file is part of WinDivert.
+    
+    WinDivert is free software: you can redistribute it and/or modify it under
+    the terms of the GNU Lesser General Public License as published by the
+    Free Software Foundation, either version 3 of the License, or (at your
+    option) any later version.
+    
+    This program is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+    or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+    License for more details.
+    
+    You should have received a copy of the GNU Lesser General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+    
+    WinDivert is free software; you can redistribute it and/or modify it under
+    the terms of the GNU General Public License as published by the Free
+    Software Foundation; either version 2 of the License, or (at your option)
+    any later version.
+    
+    This program is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+    or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+    for more details.
+    
+    You should have received a copy of the GNU General Public License along
+    with this program; if not, write to the Free Software Foundation, Inc., 51
+    Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+    
+-->
+<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+ <ItemGroup Label="ProjectConfigurations">
+  <ProjectConfiguration Include="Release|Win32">
+   <Configuration>Release</Configuration>
+   <Platform>Win32</Platform>
+  </ProjectConfiguration>
+  <ProjectConfiguration Include="Release|x64">
+   <Configuration>Release</Configuration>
+   <Platform>x64</Platform>
+  </ProjectConfiguration>
+ </ItemGroup>
+ <ItemGroup>
+  <ClCompile Include="flowtrack.c">
+   <TreatWarningAsError>false</TreatWarningAsError>
+   <Optimization>MinSpace</Optimization>
+   <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+   <AdditionalIncludeDirectories>..\..\include</AdditionalIncludeDirectories>
+  </ClCompile>
+ </ItemGroup>
+ <PropertyGroup Label="Globals">
+  <RootNamespace>flowtrack</RootNamespace>
+  <ProjectName>flowtrack</ProjectName>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props"/>
+ <PropertyGroup Label="Configuration">
+  <PlatformToolset>v140</PlatformToolset>
+  <ConfigurationType>Application</ConfigurationType>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+ <ItemDefinitionGroup>
+  <Link>
+   <AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">..\..\install\MSVC\i386\WinDivert.lib;shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+   <AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Release|x64'">..\..\install\MSVC\amd64\WinDivert.lib;shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+  </Link>
+ </ItemDefinitionGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+</Project>

examples/netdump/Makefile

@@ -1 +0,0 @@
-!INCLUDE $(NTMAKEENV)\makefile.def

examples/netdump/netdump.c

@@ -1,19 +1,35 @@
 /*
  * netdump.c
- * (C) 2014, all rights reserved,
+ * (C) 2023, all rights reserved,
  *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
+ * This file is part of WinDivert.
  *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Lesser General Public License for more details.
+ * WinDivert is free software: you can redistribute it and/or modify it under
+ * the terms of the GNU Lesser General Public License as published by the
+ * Free Software Foundation, either version 3 of the License, or (at your
+ * option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+ * License for more details.
  *
  * You should have received a copy of the GNU Lesser General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * WinDivert is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ * 
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ * 
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc., 51
+ * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
  */
 
 /*
@@ -21,11 +37,10 @@
  * This is a simple traffic monitor.  It uses a WinDivert handle in SNIFF mode.
  * The SNIFF mode copies packets and does not block the original.
  *
- * usage: netdump.exe windivert-filter [priority]
+ * usage: netdump.exe windivert-filter [priority] [layer]
  *
  */
 
-#include <winsock2.h>
 #include <windows.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -33,7 +48,11 @@
 
 #include "windivert.h"
 
-#define MAXBUF  0xFFFF
+#define ntohs(x)            WinDivertHelperNtohs(x)
+#define ntohl(x)            WinDivertHelperNtohl(x)
+
+#define MAXBUF              WINDIVERT_MTU_MAX
+#define INET6_ADDRSTRLEN    45
 
 /*
  * Entry.
@@ -41,34 +60,70 @@
 int __cdecl main(int argc, char **argv)
 {
     HANDLE handle, console;
+    DWORD err;
     UINT i;
+    WINDIVERT_LAYER layer = WINDIVERT_LAYER_NETWORK;
     INT16 priority = 0;
     unsigned char packet[MAXBUF];
-    UINT packet_len;
+    UINT packet_len, arp_len;
     WINDIVERT_ADDRESS addr;
+    PWINDIVERT_ETHHDR eth_header;
+    PWINDIVERT_ARPHDR arp_header;
     PWINDIVERT_IPHDR ip_header;
     PWINDIVERT_IPV6HDR ipv6_header;
     PWINDIVERT_ICMPHDR icmp_header;
     PWINDIVERT_ICMPV6HDR icmpv6_header;
     PWINDIVERT_TCPHDR tcp_header;
     PWINDIVERT_UDPHDR udp_header;
+    UINT8 src_mac[6], dst_mac[6], *mac_ptr;
+    UINT32 src_addr[4], dst_addr[4], *ip_ptr;
+    UINT64 hash;
+    char src_str[INET6_ADDRSTRLEN+1], dst_str[INET6_ADDRSTRLEN+1];
+    const char *err_str;
+    LARGE_INTEGER base, freq;
+    double time_passed;
 
     // Check arguments.
     switch (argc)
     {
-        case 2:
-            break;
+        case 4:
+            if (strcmp(argv[3], "network") == 0)
+            {
+                layer = WINDIVERT_LAYER_NETWORK;
+            }
+            else if (strcmp(argv[3], "forward") == 0)
+            {
+                layer = WINDIVERT_LAYER_NETWORK_FORWARD;
+            }
+            else if (strcmp(argv[3], "ethernet") == 0)
+            {
+                layer = WINDIVERT_LAYER_ETHERNET;
+            }
+            else
+            {
+                goto usage;
+            }
+            // Fallthrough
         case 3:
             priority = (INT16)atoi(argv[2]);
+            // Fallthrough
+        case 2:
             break;
         default:
-            fprintf(stderr, "usage: %s windivert-filter [priority]\n",
+        usage:
+            fprintf(stderr, "usage: %s windivert-filter [priority] [layer]\n\n",
                 argv[0]);
+            fprintf(stderr, "where:\n");
+            fprintf(stderr, "\t- priority is an integer between "
+                "-30000..30000 (default = %d)\n", (int)priority);
+            fprintf(stderr, "\t- layer is one of ethernet/network/forward "
+                "(default = network)\n\n");
             fprintf(stderr, "examples:\n");
             fprintf(stderr, "\t%s true\n", argv[0]);
-            fprintf(stderr, "\t%s \"outbound and tcp.DstPort == 80\" 1000\n",
+            fprintf(stderr, "\t%s \"outbound and tcp.DstPort == 80\" 1000 "
+                "network\n", argv[0]);
+            fprintf(stderr, "\t%s \"inbound and tcp.Syn\" -400 ethernet\n",
                 argv[0]);
-            fprintf(stderr, "\t%s \"inbound and tcp.Syn\" -4000\n", argv[0]);
             exit(EXIT_FAILURE);
     }
 
@@ -76,105 +131,197 @@ int __cdecl main(int argc, char **argv)
     console = GetStdHandle(STD_OUTPUT_HANDLE);
 
     // Divert traffic matching the filter:
-    handle = WinDivertOpen(argv[1], WINDIVERT_LAYER_NETWORK, priority,
-        WINDIVERT_FLAG_SNIFF);
+    handle = WinDivertOpen(argv[1], layer, priority, WINDIVERT_FLAG_SNIFF);
     if (handle == INVALID_HANDLE_VALUE)
     {
-        if (GetLastError() == ERROR_INVALID_PARAMETER)
+        err = GetLastError();
+        if (err == ERROR_INVALID_PARAMETER &&
+            !WinDivertHelperCompileFilter(argv[1], layer, NULL, 0, &err_str,
+                NULL))
         {
-            fprintf(stderr, "error: filter syntax error\n");
+            fprintf(stderr, "error: invalid filter \"%s\"\n", err_str);
             exit(EXIT_FAILURE);
         }
         fprintf(stderr, "error: failed to open the WinDivert device (%d)\n",
-            GetLastError());
+            err);
         exit(EXIT_FAILURE);
     }
 
     // Max-out the packet queue:
-    if (!WinDivertSetParam(handle, WINDIVERT_PARAM_QUEUE_LEN, 8192))
+    if (!WinDivertSetParam(handle, WINDIVERT_PARAM_QUEUE_LENGTH, 
+            WINDIVERT_PARAM_QUEUE_LENGTH_MAX))
     {
         fprintf(stderr, "error: failed to set packet queue length (%d)\n",
             GetLastError());
         exit(EXIT_FAILURE);
     }
-    if (!WinDivertSetParam(handle, WINDIVERT_PARAM_QUEUE_TIME, 2048))
+    if (!WinDivertSetParam(handle, WINDIVERT_PARAM_QUEUE_TIME,
+            WINDIVERT_PARAM_QUEUE_TIME_MAX))
     {
         fprintf(stderr, "error: failed to set packet queue time (%d)\n",
             GetLastError());
         exit(EXIT_FAILURE);
     }
+    if (!WinDivertSetParam(handle, WINDIVERT_PARAM_QUEUE_SIZE,
+            WINDIVERT_PARAM_QUEUE_SIZE_MAX))
+    {
+        fprintf(stderr, "error: failed to set packet queue size (%d)\n",
+            GetLastError());
+        exit(EXIT_FAILURE);
+    }
+
+    // Set up timing:
+    QueryPerformanceFrequency(&freq);
+    QueryPerformanceCounter(&base);
 
     // Main loop:
     while (TRUE)
     {
         // Read a matching packet.
-        if (!WinDivertRecv(handle, packet, sizeof(packet), &addr, &packet_len))
+        if (!WinDivertRecv(handle, packet, sizeof(packet), &packet_len, &addr))
         {
             fprintf(stderr, "warning: failed to read packet (%d)\n",
                 GetLastError());
             continue;
         }
-       
+
         // Print info about the matching packet.
-        WinDivertHelperParsePacket(packet, packet_len, &ip_header,
-            &ipv6_header, &icmp_header, &icmpv6_header, &tcp_header,
-            &udp_header, NULL, NULL);
-        if (ip_header == NULL && ipv6_header == NULL)
-        {
-            fprintf(stderr, "warning: junk packet\n");
-        }
+        WinDivertHelperParsePacket(packet, packet_len, addr.Layer,
+            &eth_header, &arp_header, &ip_header, &ipv6_header, NULL,
+            &icmp_header, &icmpv6_header, &tcp_header, &udp_header, NULL,
+            NULL);
 
         // Dump packet info: 
         putchar('\n');
         SetConsoleTextAttribute(console, FOREGROUND_RED);
-        printf("Packet [Direction=%u IfIdx=%u SubIfIdx=%u]\n",
-            addr.Direction, addr.IfIdx, addr.SubIfIdx);
+        time_passed = (double)(addr.Timestamp - base.QuadPart) /
+            (double)freq.QuadPart;
+        hash = WinDivertHelperHashPacket(packet, packet_len, addr.Layer, 0);
+        if (eth_header != NULL)
+        {
+            printf("Packet [Timestamp=%.8g Length=%u Direction=%s IfIdx=%u "
+                "SubIfIdx=%u Hash=0x%.16llX]\n",
+                time_passed, packet_len, (addr.Outbound? "outbound": "inbound"),
+                addr.Ethernet.IfIdx, addr.Ethernet.SubIfIdx, hash);
+            WinDivertHelperNtohMACAddress(eth_header->SrcAddr, src_mac);
+            WinDivertHelperNtohMACAddress(eth_header->DstAddr, dst_mac);
+            WinDivertHelperFormatMACAddress(src_mac, src_str, sizeof(src_str));
+            WinDivertHelperFormatMACAddress(dst_mac, dst_str, sizeof(dst_str));
+            SetConsoleTextAttribute(console,
+                FOREGROUND_GREEN | FOREGROUND_BLUE);
+            printf("Ethernet [SrcAddr=%s DstAddr=%s Type=0x%.4X]\n",
+                src_str, dst_str, ntohs(eth_header->Type));
+            if (arp_header != NULL)
+            {
+                arp_len = packet_len - sizeof(WINDIVERT_ETHHDR);
+                SetConsoleTextAttribute(console,
+                    FOREGROUND_GREEN);
+                printf("ARP [Hardware=%u Protocol=%u HardLength=%u "
+                    "ProtLength=%u Opcode=%u",
+                    ntohs(arp_header->Hardware), ntohs(arp_header->Protocol),
+                    arp_header->HardLength, arp_header->ProtLength,
+                    ntohs(arp_header->Opcode));
+                mac_ptr = WINDIVERT_ARPHDR_GET_SRCMACADDR_PTR(arp_header,
+                    arp_len);
+                if (mac_ptr != NULL)
+                {
+                    WinDivertHelperNtohMACAddress(mac_ptr, src_mac);
+                    WinDivertHelperFormatMACAddress(src_mac, src_str,
+                        sizeof(src_str));
+                    printf(" SrcHardAddr=%s", src_str);
+                }
+                ip_ptr = WINDIVERT_ARPHDR_GET_SRCIPV4ADDR_PTR(arp_header,
+                    arp_len);
+                if (ip_ptr != NULL)
+                {
+                    WinDivertHelperFormatIPv4Address(ntohl(ip_ptr[0]),
+                        src_str, sizeof(src_str));
+                    printf(" SrcProtAddr=%s", src_str);
+                }
+                ip_ptr = WINDIVERT_ARPHDR_GET_SRCIPV6ADDR_PTR(arp_header,
+                    arp_len);
+                if (ip_ptr != NULL)
+                {
+                    WinDivertHelperNtohIPv6Address(ip_ptr, src_addr);
+                    WinDivertHelperFormatIPv6Address(src_addr, src_str,
+                        sizeof(src_str));
+                    printf(" SrcProtAddr=%s", src_str);
+                }
+                mac_ptr = WINDIVERT_ARPHDR_GET_DSTMACADDR_PTR(arp_header,
+                    arp_len);
+                if (mac_ptr != NULL)
+                {
+                    WinDivertHelperNtohMACAddress(mac_ptr, dst_mac);
+                    WinDivertHelperFormatMACAddress(dst_mac, dst_str,
+                        sizeof(dst_str));
+                    printf(" DstHardAddr=%s", dst_str);
+                }
+                ip_ptr = WINDIVERT_ARPHDR_GET_DSTIPV4ADDR_PTR(arp_header,
+                    arp_len);
+                if (ip_ptr != NULL)
+                {
+                    WinDivertHelperFormatIPv4Address(ntohl(ip_ptr[0]),
+                        dst_str, sizeof(dst_str));
+                    printf(" DstProtAddr=%s", dst_str);
+                }
+                ip_ptr = WINDIVERT_ARPHDR_GET_DSTIPV6ADDR_PTR(arp_header,
+                    arp_len);
+                if (ip_ptr != NULL)
+                {
+                    WinDivertHelperNtohIPv6Address(ip_ptr, dst_addr);
+                    WinDivertHelperFormatIPv6Address(dst_addr, dst_str,
+                        sizeof(dst_str));
+                    printf(" DstProtAddr=%s", dst_str);
+                }
+                printf("]\n");
+            }
+        }
+        else
+        {
+            printf("Packet [Timestamp=%.8g Length=%u Direction=%s IfIdx=%u "
+                "SubIfIdx=%u Loopback=%u Hash=0x%.16llX]\n",
+                time_passed, packet_len, (addr.Outbound? "outbound": "inbound"),
+                addr.Network.IfIdx, addr.Network.SubIfIdx, addr.Loopback,
+                hash);
+        }
         if (ip_header != NULL)
         {
-            UINT8 *src_addr = (UINT8 *)&ip_header->SrcAddr;
-            UINT8 *dst_addr = (UINT8 *)&ip_header->DstAddr;
+            WinDivertHelperFormatIPv4Address(ntohl(ip_header->SrcAddr),
+                src_str, sizeof(src_str));
+            WinDivertHelperFormatIPv4Address(ntohl(ip_header->DstAddr),
+                dst_str, sizeof(dst_str));
             SetConsoleTextAttribute(console,
                 FOREGROUND_GREEN | FOREGROUND_RED);
             printf("IPv4 [Version=%u HdrLength=%u TOS=%u Length=%u Id=0x%.4X "
                 "Reserved=%u DF=%u MF=%u FragOff=%u TTL=%u Protocol=%u "
-                "Checksum=0x%.4X SrcAddr=%u.%u.%u.%u DstAddr=%u.%u.%u.%u]\n",
+                "Checksum=0x%.4X SrcAddr=%s DstAddr=%s]\n",
                 ip_header->Version, ip_header->HdrLength,
                 ntohs(ip_header->TOS), ntohs(ip_header->Length),
                 ntohs(ip_header->Id), WINDIVERT_IPHDR_GET_RESERVED(ip_header),
                 WINDIVERT_IPHDR_GET_DF(ip_header),
                 WINDIVERT_IPHDR_GET_MF(ip_header),
                 ntohs(WINDIVERT_IPHDR_GET_FRAGOFF(ip_header)), ip_header->TTL,
-                ip_header->Protocol, ntohs(ip_header->Checksum),
-                src_addr[0], src_addr[1], src_addr[2], src_addr[3],
-                dst_addr[0], dst_addr[1], dst_addr[2], dst_addr[3]);
+                ip_header->Protocol, ntohs(ip_header->Checksum), src_str,
+                dst_str);
+
         }
         if (ipv6_header != NULL)
         {
-            UINT16 *src_addr = (UINT16 *)&ipv6_header->SrcAddr;
-            UINT16 *dst_addr = (UINT16 *)&ipv6_header->DstAddr;
+            WinDivertHelperNtohIPv6Address(ipv6_header->SrcAddr, src_addr);
+            WinDivertHelperNtohIPv6Address(ipv6_header->DstAddr, dst_addr);
+            WinDivertHelperFormatIPv6Address(src_addr, src_str,
+                sizeof(src_str));
+            WinDivertHelperFormatIPv6Address(dst_addr, dst_str,
+                sizeof(dst_str));
             SetConsoleTextAttribute(console,
                 FOREGROUND_GREEN | FOREGROUND_RED);
             printf("IPv6 [Version=%u TrafficClass=%u FlowLabel=%u Length=%u "
-                "NextHdr=%u HopLimit=%u SrcAddr=",
+                "NextHdr=%u HopLimit=%u SrcAddr=%s DstAddr=%s]\n",
                 ipv6_header->Version,
                 WINDIVERT_IPV6HDR_GET_TRAFFICCLASS(ipv6_header),
                 ntohl(WINDIVERT_IPV6HDR_GET_FLOWLABEL(ipv6_header)),
                 ntohs(ipv6_header->Length), ipv6_header->NextHdr,
-                ipv6_header->HopLimit);
-            for (i = 0; i < 8; i++)
-            {
-                printf("%x%c", ntohs(src_addr[i]), (i == 7? ' ': ':'));
-            } 
-            fputs("DstAddr=", stdout);
-            for (i = 0; i < 8; i++)
-            {
-                printf("%x", ntohs(dst_addr[i]));
-                if (i != 7)
-                {
-                    putchar(':');
-                }
-            }
-            fputs("]\n", stdout);
+                ipv6_header->HopLimit, src_str, dst_str);
         }
         if (icmp_header != NULL)
         {

examples/netdump/netdump.vcxproj

@@ -1,58 +1,73 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <ItemGroup Label="ProjectConfigurations">
-    <ProjectConfiguration Include="Release|x64">
-      <Configuration>Release</Configuration>
-      <Platform>x64</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="Debug|x64">
-      <Configuration>Debug</Configuration>
-      <Platform>x64</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="Release|Win32">
-      <Configuration>Release</Configuration>
-      <Platform>Win32</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="Debug|Win32">
-      <Configuration>Debug</Configuration>
-      <Platform>Win32</Platform>
-    </ProjectConfiguration>
-  </ItemGroup>
-  <PropertyGroup>
-    <ConfigurationType>Application</ConfigurationType>
-    <TARGETNAME>netdump</TARGETNAME>
-    <Configuration>Release</Configuration>
-  </PropertyGroup>
-  <ItemDefinitionGroup>
-    <ClCompile>
-      <AdditionalIncludeDirectories>..\..\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-    </ClCompile>
-    <Link>
-      <AdditionalDependencies>ws2_32.lib;..\..\install\MSVC\WinDivert.lib</AdditionalDependencies>
-    </Link> 
-  </ItemDefinitionGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props"/>
-  <PropertyGroup Label="Configuration" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
-    <PlatformToolset>v110</PlatformToolset>
-  </PropertyGroup>
-  <PropertyGroup Label="Configuration" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
-    <PlatformToolset>v110</PlatformToolset>
-  </PropertyGroup>
-  <PropertyGroup Label="Configuration" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
-    <PlatformToolset>v110</PlatformToolset>
-  </PropertyGroup>
-  <PropertyGroup Label="Configuration" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
-    <PlatformToolset>v110</PlatformToolset>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)'=='Debug'">
-    <UseDebugLibraries>True</UseDebugLibraries>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)'=='Release'">
-    <UseDebugLibraries>False</UseDebugLibraries>
-  </PropertyGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props"/>
-  <ItemGroup>
-    <ClCompile Include="netdump.c"/>
-  </ItemGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets"/>
-</Project>
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+
+    netdump.vcxproj
+    (C) 2019, all rights reserved,
+    
+    This file is part of WinDivert.
+    
+    WinDivert is free software: you can redistribute it and/or modify it under
+    the terms of the GNU Lesser General Public License as published by the
+    Free Software Foundation, either version 3 of the License, or (at your
+    option) any later version.
+    
+    This program is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+    or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+    License for more details.
+    
+    You should have received a copy of the GNU Lesser General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+    
+    WinDivert is free software; you can redistribute it and/or modify it under
+    the terms of the GNU General Public License as published by the Free
+    Software Foundation; either version 2 of the License, or (at your option)
+    any later version.
+    
+    This program is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+    or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+    for more details.
+    
+    You should have received a copy of the GNU General Public License along
+    with this program; if not, write to the Free Software Foundation, Inc., 51
+    Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+    
+-->
+<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+ <ItemGroup Label="ProjectConfigurations">
+  <ProjectConfiguration Include="Release|Win32">
+   <Configuration>Release</Configuration>
+   <Platform>Win32</Platform>
+  </ProjectConfiguration>
+  <ProjectConfiguration Include="Release|x64">
+   <Configuration>Release</Configuration>
+   <Platform>x64</Platform>
+  </ProjectConfiguration>
+ </ItemGroup>
+ <ItemGroup>
+  <ClCompile Include="netdump.c">
+   <TreatWarningAsError>false</TreatWarningAsError>
+   <Optimization>MinSpace</Optimization>
+   <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+   <AdditionalIncludeDirectories>..\..\include</AdditionalIncludeDirectories>
+  </ClCompile>
+ </ItemGroup>
+ <PropertyGroup Label="Globals">
+  <RootNamespace>netdump</RootNamespace>
+  <ProjectName>netdump</ProjectName>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props"/>
+ <PropertyGroup Label="Configuration">
+  <PlatformToolset>v140</PlatformToolset>
+  <ConfigurationType>Application</ConfigurationType>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+ <ItemDefinitionGroup>
+  <Link>
+   <AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">..\..\install\MSVC\i386\WinDivert.lib;%(AdditionalDependencies)</AdditionalDependencies>
+   <AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Release|x64'">..\..\install\MSVC\amd64\WinDivert.lib;%(AdditionalDependencies)</AdditionalDependencies>
+  </Link>
+ </ItemDefinitionGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+</Project>

examples/netdump/sources

@@ -1,36 +0,0 @@
-# sources
-# (C) 2014, all rights reserved,
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU Lesser General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-!IF "$(_BUILDARCH)" == "x86"
-CPU=i386
-!ELSE
-CPU=$(_BUILDARCH)
-!ENDIF
-
-TARGETNAME=netdump
-TARGETTYPE=PROGRAM
-TARGETPATH=..\..\install\WDDK
-TARGETLIBS=\
-    $(SDK_LIB_PATH)\setupapi.lib \
-    $(SDK_LIB_PATH)\user32.lib \
-    $(SDK_LIB_PATH)\ws2_32.lib \
-    $(TARGETPATH)\$(CPU)\WinDivert.lib
-UMTYPE=console
-UMENTRY=main
-USE_MSVCRT=1
-INCLUDES=$(DDK_INC_PATH);$(KMDF_INC_PATH)\$(KMDF_VER_PATH);..\..\include
-SOURCES=netdump.c
-

examples/netfilter/Makefile

@@ -1 +0,0 @@
-!INCLUDE $(NTMAKEENV)\makefile.def

examples/netfilter/netfilter.c

@@ -1,19 +1,35 @@
 /*
  * netfilter.c
- * (C) 2014, all rights reserved,
+ * (C) 2023, all rights reserved,
  *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
+ * This file is part of WinDivert.
  *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Lesser General Public License for more details.
+ * WinDivert is free software: you can redistribute it and/or modify it under
+ * the terms of the GNU Lesser General Public License as published by the
+ * Free Software Foundation, either version 3 of the License, or (at your
+ * option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+ * License for more details.
  *
  * You should have received a copy of the GNU Lesser General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * WinDivert is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ * 
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ * 
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc., 51
+ * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
  */
 
 /*
@@ -31,7 +47,6 @@
  * This program is similar to Linux's iptables with the "-j REJECT" target.
  */
 
-#include <winsock2.h>
 #include <windows.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -39,7 +54,14 @@
 
 #include "windivert.h"
 
-#define MAXBUF  0xFFFF
+#define ntohs(x)            WinDivertHelperNtohs(x)
+#define ntohl(x)            WinDivertHelperNtohl(x)
+#define htons(x)            WinDivertHelperHtons(x)
+#define htonl(x)            WinDivertHelperHtonl(x)
+
+#define MAXBUF              WINDIVERT_MTU_MAX
+#define INET6_ADDRSTRLEN    45
+#define IPPROTO_ICMPV6      58
 
 /*
  * Pre-fabricated packets.
@@ -97,7 +119,10 @@ int __cdecl main(int argc, char **argv)
     PWINDIVERT_ICMPV6HDR icmpv6_header;
     PWINDIVERT_TCPHDR tcp_header;
     PWINDIVERT_UDPHDR udp_header;
+    UINT32 src_addr[4], dst_addr[4];
+    char src_str[INET6_ADDRSTRLEN+1], dst_str[INET6_ADDRSTRLEN+1];
     UINT payload_len;
+    const char *err_str;
     
     TCPPACKET reset0;
     PTCPPACKET reset = &reset0;
@@ -125,7 +150,7 @@ int __cdecl main(int argc, char **argv)
             fprintf(stderr, "\t%s true\n", argv[0]);
             fprintf(stderr, "\t%s \"outbound and tcp.DstPort == 80\" 1000\n",
                 argv[0]);
-            fprintf(stderr, "\t%s \"inbound and tcp.Syn\" -4000\n", argv[0]);
+            fprintf(stderr, "\t%s \"inbound and tcp.Syn\" -400\n", argv[0]);
             exit(EXIT_FAILURE);
     }
 
@@ -152,9 +177,11 @@ int __cdecl main(int argc, char **argv)
     handle = WinDivertOpen(argv[1], WINDIVERT_LAYER_NETWORK, priority, 0);
     if (handle == INVALID_HANDLE_VALUE)
     {
-        if (GetLastError() == ERROR_INVALID_PARAMETER)
+        if (GetLastError() == ERROR_INVALID_PARAMETER &&
+            !WinDivertHelperCompileFilter(argv[1], WINDIVERT_LAYER_NETWORK,
+                NULL, 0, &err_str, NULL))
         {
-            fprintf(stderr, "error: filter syntax error\n");
+            fprintf(stderr, "error: invalid filter \"%s\"\n", err_str);
             exit(EXIT_FAILURE);
         }
         fprintf(stderr, "error: failed to open the WinDivert device (%d)\n",
@@ -166,17 +193,17 @@ int __cdecl main(int argc, char **argv)
     while (TRUE)
     {
         // Read a matching packet.
-        if (!WinDivertRecv(handle, packet, sizeof(packet), &recv_addr,
-                &packet_len))
+        if (!WinDivertRecv(handle, packet, sizeof(packet), &packet_len,
+                &recv_addr))
         {
             fprintf(stderr, "warning: failed to read packet\n");
             continue;
         }
        
         // Print info about the matching packet.
-        WinDivertHelperParsePacket(packet, packet_len, &ip_header,
-            &ipv6_header, &icmp_header, &icmpv6_header, &tcp_header,
-            &udp_header, NULL, &payload_len);
+        WinDivertHelperParsePacket(packet, packet_len, recv_addr.Layer, NULL,
+            NULL, &ip_header, &ipv6_header, NULL, &icmp_header, &icmpv6_header,
+            &tcp_header, &udp_header, NULL, &payload_len);
         if (ip_header == NULL && ipv6_header == NULL)
         {
             continue;
@@ -189,28 +216,21 @@ int __cdecl main(int argc, char **argv)
             FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE);
         if (ip_header != NULL)
         {
-            UINT8 *src_addr = (UINT8 *)&ip_header->SrcAddr;
-            UINT8 *dst_addr = (UINT8 *)&ip_header->DstAddr;
-            printf("ip.SrcAddr=%u.%u.%u.%u ip.DstAddr=%u.%u.%u.%u ",
-                src_addr[0], src_addr[1], src_addr[2], src_addr[3],
-                dst_addr[0], dst_addr[1], dst_addr[2], dst_addr[3]);
+            WinDivertHelperFormatIPv4Address(ntohl(ip_header->SrcAddr),
+                src_str, sizeof(src_str));
+            WinDivertHelperFormatIPv4Address(ntohl(ip_header->DstAddr),
+                dst_str, sizeof(dst_str));
         }
         if (ipv6_header != NULL)
         {
-            UINT16 *src_addr = (UINT16 *)&ipv6_header->SrcAddr;
-            UINT16 *dst_addr = (UINT16 *)&ipv6_header->DstAddr;
-            fputs("ipv6.SrcAddr=", stdout);
-            for (i = 0; i < 8; i++)
-            {
-                printf("%x%c", ntohs(src_addr[i]), (i == 7? ' ': ':'));
-            } 
-            fputs(" ipv6.DstAddr=", stdout);
-            for (i = 0; i < 8; i++)
-            {
-                printf("%x%c", ntohs(dst_addr[i]), (i == 7? ' ': ':'));
-            }
-            putchar(' ');
+            WinDivertHelperNtohIPv6Address(ipv6_header->SrcAddr, src_addr);
+            WinDivertHelperNtohIPv6Address(ipv6_header->DstAddr, dst_addr);
+            WinDivertHelperFormatIPv6Address(src_addr, src_str,
+                sizeof(src_str));
+            WinDivertHelperFormatIPv6Address(dst_addr, dst_str,
+                sizeof(dst_str));
         }
+        printf("ip.SrcAddr=%s ip.DstAddr=%s ", src_str, dst_str);
         if (icmp_header != NULL)
         {
             printf("icmp.Type=%u icmp.Code=%u ",
@@ -267,13 +287,12 @@ int __cdecl main(int argc, char **argv)
                         htonl(ntohl(tcp_header->SeqNum) + 1):
                         htonl(ntohl(tcp_header->SeqNum) + payload_len));
 
-                WinDivertHelperCalcChecksums((PVOID)reset, sizeof(TCPPACKET),
-                    0);
-                
                 memcpy(&send_addr, &recv_addr, sizeof(send_addr));
-                send_addr.Direction = !recv_addr.Direction;
+                send_addr.Outbound = !recv_addr.Outbound;
+                WinDivertHelperCalcChecksums((PVOID)reset, sizeof(TCPPACKET),
+                    WINDIVERT_LAYER_NETWORK, &send_addr, 0);
                 if (!WinDivertSend(handle, (PVOID)reset, sizeof(TCPPACKET),
-                        &send_addr, NULL))
+                        NULL, &send_addr))
                 {
                     fprintf(stderr, "warning: failed to send TCP reset (%d)\n",
                         GetLastError());
@@ -295,13 +314,13 @@ int __cdecl main(int argc, char **argv)
                         htonl(ntohl(tcp_header->SeqNum) + 1):
                         htonl(ntohl(tcp_header->SeqNum) + payload_len));
 
-                WinDivertHelperCalcChecksums((PVOID)resetv6,
-                    sizeof(TCPV6PACKET), 0);
-                
                 memcpy(&send_addr, &recv_addr, sizeof(send_addr));
-                send_addr.Direction = !recv_addr.Direction;
+                send_addr.Outbound = !recv_addr.Outbound;
+                WinDivertHelperCalcChecksums((PVOID)resetv6,
+                    sizeof(TCPV6PACKET), WINDIVERT_LAYER_NETWORK, &send_addr,
+                    0);
                 if (!WinDivertSend(handle, (PVOID)resetv6, sizeof(TCPV6PACKET),
-                        &send_addr, NULL))
+                        NULL, &send_addr))
                 {
                     fprintf(stderr, "warning: failed to send TCP (IPV6) "
                         "reset (%d)\n", GetLastError());
@@ -322,12 +341,12 @@ int __cdecl main(int argc, char **argv)
                 dnr->ip.SrcAddr = ip_header->DstAddr;
                 dnr->ip.DstAddr = ip_header->SrcAddr;
                 
-                WinDivertHelperCalcChecksums((PVOID)dnr, icmp_length, 0);
-                
                 memcpy(&send_addr, &recv_addr, sizeof(send_addr));
-                send_addr.Direction = !recv_addr.Direction;
-                if (!WinDivertSend(handle, (PVOID)dnr, icmp_length, &send_addr,
-                    NULL))
+                send_addr.Outbound = !recv_addr.Outbound;
+                WinDivertHelperCalcChecksums((PVOID)dnr, icmp_length,
+                    WINDIVERT_LAYER_NETWORK, &send_addr, 0);
+                if (!WinDivertSend(handle, (PVOID)dnr, icmp_length, NULL,
+                        &send_addr))
                 {
                     fprintf(stderr, "warning: failed to send ICMP message "
                         "(%d)\n", GetLastError());
@@ -345,12 +364,12 @@ int __cdecl main(int argc, char **argv)
                 memcpy(dnrv6->ipv6.DstAddr, ipv6_header->SrcAddr,
                     sizeof(dnrv6->ipv6.DstAddr));
                 
-                WinDivertHelperCalcChecksums((PVOID)dnrv6, icmpv6_length, 0);
-
                 memcpy(&send_addr, &recv_addr, sizeof(send_addr));
-                send_addr.Direction = !recv_addr.Direction;
+                send_addr.Outbound = !recv_addr.Outbound;
+                WinDivertHelperCalcChecksums((PVOID)dnrv6, icmpv6_length,
+                    WINDIVERT_LAYER_NETWORK, &send_addr, 0);
                 if (!WinDivertSend(handle, (PVOID)dnrv6, icmpv6_length,
-                        &send_addr, NULL))
+                        NULL, &send_addr))
                 {
                     fprintf(stderr, "warning: failed to send ICMPv6 message "
                         "(%d)\n", GetLastError());

examples/netfilter/netfilter.vcxproj

@@ -1,58 +1,73 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <ItemGroup Label="ProjectConfigurations">
-    <ProjectConfiguration Include="Release|x64">
-      <Configuration>Release</Configuration>
-      <Platform>x64</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="Debug|x64">
-      <Configuration>Debug</Configuration>
-      <Platform>x64</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="Release|Win32">
-      <Configuration>Release</Configuration>
-      <Platform>Win32</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="Debug|Win32">
-      <Configuration>Debug</Configuration>
-      <Platform>Win32</Platform>
-    </ProjectConfiguration>
-  </ItemGroup>
-  <PropertyGroup>
-    <ConfigurationType>Application</ConfigurationType>
-    <TARGETNAME>netfilter</TARGETNAME>
-    <Configuration>Release</Configuration>
-  </PropertyGroup>
-  <ItemDefinitionGroup>
-    <ClCompile>
-      <AdditionalIncludeDirectories>..\..\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-    </ClCompile>
-    <Link>
-      <AdditionalDependencies>ws2_32.lib;..\..\install\MSVC\WinDivert.lib</AdditionalDependencies>
-    </Link> 
-  </ItemDefinitionGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props"/>
-  <PropertyGroup Label="Configuration" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
-    <PlatformToolset>v110</PlatformToolset>
-  </PropertyGroup>
-  <PropertyGroup Label="Configuration" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
-    <PlatformToolset>v110</PlatformToolset>
-  </PropertyGroup>
-  <PropertyGroup Label="Configuration" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
-    <PlatformToolset>v110</PlatformToolset>
-  </PropertyGroup>
-  <PropertyGroup Label="Configuration" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
-    <PlatformToolset>v110</PlatformToolset>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)'=='Debug'">
-    <UseDebugLibraries>True</UseDebugLibraries>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)'=='Release'">
-    <UseDebugLibraries>False</UseDebugLibraries>
-  </PropertyGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props"/>
-  <ItemGroup>
-    <ClCompile Include="netfilter.c"/>
-  </ItemGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets"/>
-</Project>
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+
+    netfilter.vcxproj
+    (C) 2019, all rights reserved,
+    
+    This file is part of WinDivert.
+    
+    WinDivert is free software: you can redistribute it and/or modify it under
+    the terms of the GNU Lesser General Public License as published by the
+    Free Software Foundation, either version 3 of the License, or (at your
+    option) any later version.
+    
+    This program is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+    or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+    License for more details.
+    
+    You should have received a copy of the GNU Lesser General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+    
+    WinDivert is free software; you can redistribute it and/or modify it under
+    the terms of the GNU General Public License as published by the Free
+    Software Foundation; either version 2 of the License, or (at your option)
+    any later version.
+    
+    This program is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+    or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+    for more details.
+    
+    You should have received a copy of the GNU General Public License along
+    with this program; if not, write to the Free Software Foundation, Inc., 51
+    Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+    
+-->
+<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+ <ItemGroup Label="ProjectConfigurations">
+  <ProjectConfiguration Include="Release|Win32">
+   <Configuration>Release</Configuration>
+   <Platform>Win32</Platform>
+  </ProjectConfiguration>
+  <ProjectConfiguration Include="Release|x64">
+   <Configuration>Release</Configuration>
+   <Platform>x64</Platform>
+  </ProjectConfiguration>
+ </ItemGroup>
+ <ItemGroup>
+  <ClCompile Include="netfilter.c">
+   <TreatWarningAsError>false</TreatWarningAsError>
+   <Optimization>MinSpace</Optimization>
+   <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+   <AdditionalIncludeDirectories>..\..\include</AdditionalIncludeDirectories>
+  </ClCompile>
+ </ItemGroup>
+ <PropertyGroup Label="Globals">
+  <RootNamespace>netfilter</RootNamespace>
+  <ProjectName>netfilter</ProjectName>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props"/>
+ <PropertyGroup Label="Configuration">
+  <PlatformToolset>v140</PlatformToolset>
+  <ConfigurationType>Application</ConfigurationType>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+ <ItemDefinitionGroup>
+  <Link>
+   <AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">..\..\install\MSVC\i386\WinDivert.lib;%(AdditionalDependencies)</AdditionalDependencies>
+   <AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Release|x64'">..\..\install\MSVC\amd64\WinDivert.lib;%(AdditionalDependencies)</AdditionalDependencies>
+  </Link>
+ </ItemDefinitionGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+</Project>

examples/netfilter/sources

@@ -1,36 +0,0 @@
-# sources
-# (C) 2014, all rights reserved,
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU Lesser General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-!IF "$(_BUILDARCH)" == "x86"
-CPU=i386
-!ELSE
-CPU=$(_BUILDARCH)
-!ENDIF
-
-TARGETNAME=netfilter
-TARGETTYPE=PROGRAM
-TARGETPATH=..\..\install\WDDK
-TARGETLIBS=\
-    $(SDK_LIB_PATH)\setupapi.lib \
-    $(SDK_LIB_PATH)\user32.lib \
-    $(SDK_LIB_PATH)\ws2_32.lib \
-    $(TARGETPATH)\$(CPU)\WinDivert.lib
-UMTYPE=console
-UMENTRY=main
-USE_MSVCRT=1
-INCLUDES=$(DDK_INC_PATH);$(KMDF_INC_PATH)\$(KMDF_VER_PATH);..\..\include
-SOURCES=netfilter.c
-

examples/passthru/Makefile

@@ -1 +0,0 @@
-!INCLUDE $(NTMAKEENV)\makefile.def

examples/passthru/passthru.c

@@ -1,19 +1,35 @@
 /*
  * passthru.c
- * (C) 2014, all rights reserved,
+ * (C) 2019, all rights reserved,
  *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
+ * This file is part of WinDivert.
  *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Lesser General Public License for more details.
+ * WinDivert is free software: you can redistribute it and/or modify it under
+ * the terms of the GNU Lesser General Public License as published by the
+ * Free Software Foundation, either version 3 of the License, or (at your
+ * option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+ * License for more details.
  *
  * You should have received a copy of the GNU Lesser General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * WinDivert is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ * 
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ * 
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc., 51
+ * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
  */
 
 /*
@@ -21,7 +37,8 @@
  * This program does nothing except divert packets and re-inject them.  This is
  * useful for performance testing.
  *
- * usage: netdump.exe windivert-filter num-threads
+ * usage: passthru.exe [windivert-filter] [num-threads] [batch-size] [priority]
+ *                     [layer]
  */
 
 #include <winsock2.h>
@@ -31,32 +48,162 @@
 
 #include "windivert.h"
 
-#define MAXBUF  0xFFFF
-
 static DWORD passthru(LPVOID arg);
 
+/*
+ * Options.
+ */
+static int threads           = 1;
+static int batch             = WINDIVERT_BATCH_MAX;
+static int priority          = 0;
+static WINDIVERT_LAYER layer = WINDIVERT_LAYER_NETWORK;
+static int size              = (0x10000 + 4096);
+
+/*
+ * Print usage and exit.
+ */
+static void usage(const char *prog)
+{
+    fprintf(stderr, "usage: %s [OPTIONS] filter-string\n\n", prog);
+    fprintf(stderr, "OPTIONS:\n");
+    fprintf(stderr, "\t--batch N\n");
+    fprintf(stderr, "\t\tSet the batch size to N (default=%u)\n",
+        WINDIVERT_BATCH_MAX);
+    fprintf(stderr, "\t--layer LAYER\n");
+    fprintf(stderr, "\t\tSet the filter layer to LAYER (default=network).\n");
+    fprintf(stderr, "\t\tValid values are {ethernet,network,forward}.\n");
+    fprintf(stderr, "\t--priority N\n");
+    fprintf(stderr, "\t\tSet the filter priority to N (default=0)\n");
+    fprintf(stderr, "\t--size N\n");
+    fprintf(stderr, "\t\tSet the buffer size to N (default=%u)\n",
+        (0x10000 + 4096));
+    fprintf(stderr, "\t--threads N\n");
+    fprintf(stderr, "\t\tSet the number of threads to be N (default=1)\n");
+    exit(EXIT_FAILURE);
+}
+
+/*
+ * Parse options.
+ */
+static const char *parse_options(int argc, char **argv)
+{
+    int i;
+    size_t n;
+    const char *filter = NULL, *opt, *arg;
+
+    for (i = 1; i < argc; i++)
+    {
+        opt = argv[i];
+        if (opt[0] != '-' || opt[1] != '-')
+        {
+            if (filter != NULL)
+            {
+                usage(argv[0]);
+            }
+            filter = opt;
+            continue;
+        }
+        opt += 2;
+        arg = strchr(opt, '=');
+        if (arg == NULL)
+        {
+            i++;
+            if (i >= argc)
+            {
+                usage(argv[0]);
+            }
+            arg = argv[i];
+            n = strlen(opt);
+        }
+        else
+        {
+            n = arg - opt;
+            arg++;
+        }
+        if (strncmp(opt, "threads", n) == 0)
+        {
+            threads = atoi(arg);
+        }
+        else if (strncmp(opt, "batch", n) == 0)
+        {
+            batch = atoi(arg);
+        }
+        else if (strncmp(opt, "priority", n) == 0)
+        {
+            priority = atoi(arg);
+        }
+        else if (strncmp(opt, "size", n) == 0)
+        {
+            size = atoi(arg);
+        }
+        else if (strncmp(opt, "layer", n) == 0)
+        {
+            if (strcmp(arg, "ethernet") == 0)
+            {
+                layer = WINDIVERT_LAYER_ETHERNET;
+            }
+            else if (strcmp(arg, "network") == 0)
+            {
+                layer = WINDIVERT_LAYER_NETWORK;
+            }
+            else if (strcmp(arg, "forward") == 0)
+            {
+                layer = WINDIVERT_LAYER_NETWORK_FORWARD;
+            }
+            else
+            {
+                usage(argv[0]);
+            }
+        }
+        else
+        {
+            usage(argv[0]);
+        }
+    }
+    return (filter == NULL? "true": filter);
+}
+
 /*
  * Entry.
  */
 int __cdecl main(int argc, char **argv)
 {
-    int num_threads, i;
+    const char *filter;
+    int i;
     HANDLE handle, thread;
 
-    if (argc != 3)
+    filter = parse_options(argc, argv);
+
+    if (threads < 1 || threads > 64)
     {
-        fprintf(stderr, "usage: %s filter num-threads\n", argv[0]);
+        fprintf(stderr, "error: number of threads must be within "
+            "the range 1..64, found %d\n", threads);
         exit(EXIT_FAILURE);
     }
-    num_threads = atoi(argv[2]);
-    if (num_threads < 1 || num_threads > 64)
+    if (batch < 1 || batch > WINDIVERT_BATCH_MAX)
     {
-        fprintf(stderr, "error: invalid number of threads\n");
+        fprintf(stderr, "error: batch size must be within the range 1..%u, "
+            "found %d\n", WINDIVERT_BATCH_MAX, batch);
+        exit(EXIT_FAILURE);
+    }
+    if (priority < WINDIVERT_PRIORITY_LOWEST ||
+        priority > WINDIVERT_PRIORITY_HIGHEST)
+    {
+        fprintf(stderr, "error: priority must be within the range %d..%d, "
+            "found %d\n", WINDIVERT_PRIORITY_LOWEST,
+            WINDIVERT_PRIORITY_HIGHEST, priority);
+        exit(EXIT_FAILURE);
+    }
+    if (size < 1 || size >= WINDIVERT_BATCH_MAX * WINDIVERT_MTU_MAX)
+    {
+        fprintf(stderr, "error: buffer size must be within the range 1..%d, "
+            "found %d\n", WINDIVERT_BATCH_MAX * WINDIVERT_MTU_MAX,
+            size);
         exit(EXIT_FAILURE);
     }
 
     // Divert traffic matching the filter:
-    handle = WinDivertOpen(argv[1], WINDIVERT_LAYER_NETWORK, 0, 0);
+    handle = WinDivertOpen(filter, layer, (INT16)priority, 0);
     if (handle == INVALID_HANDLE_VALUE)
     {
         if (GetLastError() == ERROR_INVALID_PARAMETER)
@@ -70,13 +217,13 @@ int __cdecl main(int argc, char **argv)
     }
 
     // Start the threads
-    for (i = 1; i < num_threads; i++)
+    for (i = 1; i < threads; i++)
     {
         thread = CreateThread(NULL, 1, (LPTHREAD_START_ROUTINE)passthru,
             (LPVOID)handle, 0, NULL);
         if (thread == NULL)
         {
-            fprintf(stderr, "error: failed to start passthru thread (%u)\n",
+            fprintf(stderr, "error: failed to start passthru thread (%d)\n",
                 GetLastError());
             exit(EXIT_FAILURE);
         }
@@ -84,31 +231,43 @@ int __cdecl main(int argc, char **argv)
 
     // Main thread:
     passthru((LPVOID)handle);
-
+    
     return 0;
 }
 
 // Passthru thread.
 static DWORD passthru(LPVOID arg)
 {
-    unsigned char packet[MAXBUF];
-    UINT packet_len;
-    WINDIVERT_ADDRESS addr;
+    UINT8 *packet;
+    UINT packet_len, addr_len;
+    WINDIVERT_ADDRESS *addr;
     HANDLE handle = (HANDLE)arg;
 
+    packet = (UINT8 *)malloc(size);
+    addr = (WINDIVERT_ADDRESS *)malloc(batch * sizeof(WINDIVERT_ADDRESS));
+    if (packet == NULL || addr == NULL)
+    {
+        fprintf(stderr, "error: failed to allocate buffer (%d)\n",
+            GetLastError());
+        exit(EXIT_FAILURE);
+    }
+
     // Main loop:
     while (TRUE)
     {
         // Read a matching packet.
-        if (!WinDivertRecv(handle, packet, sizeof(packet), &addr, &packet_len))
+        addr_len = batch * sizeof(WINDIVERT_ADDRESS);
+        if (!WinDivertRecvEx(handle, packet, size, &packet_len, 0,
+                addr, &addr_len, NULL))
         {
             fprintf(stderr, "warning: failed to read packet (%d)\n",
                 GetLastError());
             continue;
         }
-       
+
         // Re-inject the matching packet.
-        if (!WinDivertSend(handle, packet, packet_len, &addr, NULL))
+        if (!WinDivertSendEx(handle, packet, packet_len, NULL, 0, addr,
+                addr_len, NULL))
         {
             fprintf(stderr, "warning: failed to reinject packet (%d)\n",
                 GetLastError());

examples/passthru/passthru.vcxproj

@@ -1,58 +1,73 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <ItemGroup Label="ProjectConfigurations">
-    <ProjectConfiguration Include="Release|x64">
-      <Configuration>Release</Configuration>
-      <Platform>x64</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="Debug|x64">
-      <Configuration>Debug</Configuration>
-      <Platform>x64</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="Release|Win32">
-      <Configuration>Release</Configuration>
-      <Platform>Win32</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="Debug|Win32">
-      <Configuration>Debug</Configuration>
-      <Platform>Win32</Platform>
-    </ProjectConfiguration>
-  </ItemGroup>
-  <PropertyGroup>
-    <ConfigurationType>Application</ConfigurationType>
-    <TARGETNAME>passthru</TARGETNAME>
-    <Configuration>Release</Configuration>
-  </PropertyGroup>
-  <ItemDefinitionGroup>
-    <ClCompile>
-      <AdditionalIncludeDirectories>..\..\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-    </ClCompile>
-    <Link>
-      <AdditionalDependencies>ws2_32.lib;..\..\install\MSVC\WinDivert.lib</AdditionalDependencies>
-    </Link> 
-  </ItemDefinitionGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props"/>
-  <PropertyGroup Label="Configuration" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
-    <PlatformToolset>v110</PlatformToolset>
-  </PropertyGroup>
-  <PropertyGroup Label="Configuration" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
-    <PlatformToolset>v110</PlatformToolset>
-  </PropertyGroup>
-  <PropertyGroup Label="Configuration" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
-    <PlatformToolset>v110</PlatformToolset>
-  </PropertyGroup>
-  <PropertyGroup Label="Configuration" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
-    <PlatformToolset>v110</PlatformToolset>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)'=='Debug'">
-    <UseDebugLibraries>True</UseDebugLibraries>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)'=='Release'">
-    <UseDebugLibraries>False</UseDebugLibraries>
-  </PropertyGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props"/>
-  <ItemGroup>
-    <ClCompile Include="passthru.c"/>
-  </ItemGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets"/>
-</Project>
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+
+    passthru.vcxproj
+    (C) 2019, all rights reserved,
+    
+    This file is part of WinDivert.
+    
+    WinDivert is free software: you can redistribute it and/or modify it under
+    the terms of the GNU Lesser General Public License as published by the
+    Free Software Foundation, either version 3 of the License, or (at your
+    option) any later version.
+    
+    This program is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+    or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+    License for more details.
+    
+    You should have received a copy of the GNU Lesser General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+    
+    WinDivert is free software; you can redistribute it and/or modify it under
+    the terms of the GNU General Public License as published by the Free
+    Software Foundation; either version 2 of the License, or (at your option)
+    any later version.
+    
+    This program is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+    or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+    for more details.
+    
+    You should have received a copy of the GNU General Public License along
+    with this program; if not, write to the Free Software Foundation, Inc., 51
+    Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+    
+-->
+<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+ <ItemGroup Label="ProjectConfigurations">
+  <ProjectConfiguration Include="Release|Win32">
+   <Configuration>Release</Configuration>
+   <Platform>Win32</Platform>
+  </ProjectConfiguration>
+  <ProjectConfiguration Include="Release|x64">
+   <Configuration>Release</Configuration>
+   <Platform>x64</Platform>
+  </ProjectConfiguration>
+ </ItemGroup>
+ <ItemGroup>
+  <ClCompile Include="passthru.c">
+   <TreatWarningAsError>false</TreatWarningAsError>
+   <Optimization>MinSpace</Optimization>
+   <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+   <AdditionalIncludeDirectories>..\..\include</AdditionalIncludeDirectories>
+  </ClCompile>
+ </ItemGroup>
+ <PropertyGroup Label="Globals">
+  <RootNamespace>passthru</RootNamespace>
+  <ProjectName>passthru</ProjectName>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props"/>
+ <PropertyGroup Label="Configuration">
+  <PlatformToolset>v140</PlatformToolset>
+  <ConfigurationType>Application</ConfigurationType>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+ <ItemDefinitionGroup>
+  <Link>
+   <AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">..\..\install\MSVC\i386\WinDivert.lib;%(AdditionalDependencies)</AdditionalDependencies>
+   <AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Release|x64'">..\..\install\MSVC\amd64\WinDivert.lib;%(AdditionalDependencies)</AdditionalDependencies>
+  </Link>
+ </ItemDefinitionGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+</Project>

examples/passthru/sources

@@ -1,36 +0,0 @@
-# sources
-# (C) 2014, all rights reserved,
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU Lesser General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-!IF "$(_BUILDARCH)" == "x86"
-CPU=i386
-!ELSE
-CPU=$(_BUILDARCH)
-!ENDIF
-
-TARGETNAME=passthru
-TARGETTYPE=PROGRAM
-TARGETPATH=..\..\install\WDDK
-TARGETLIBS=\
-    $(SDK_LIB_PATH)\setupapi.lib \
-    $(SDK_LIB_PATH)\user32.lib \
-    $(SDK_LIB_PATH)\ws2_32.lib \
-    $(TARGETPATH)\$(CPU)\WinDivert.lib
-UMTYPE=console
-UMENTRY=main
-USE_MSVCRT=1
-INCLUDES=$(DDK_INC_PATH);$(KMDF_INC_PATH)\$(KMDF_VER_PATH);..\..\include
-SOURCES=passthru.c
-

examples/socketdump/socketdump.c

@@ -0,0 +1,247 @@
+/*
+ * socketdump.c
+ * (C) 2019, all rights reserved,
+ *
+ * This file is part of WinDivert.
+ *
+ * WinDivert is free software: you can redistribute it and/or modify it under
+ * the terms of the GNU Lesser General Public License as published by the
+ * Free Software Foundation, either version 3 of the License, or (at your
+ * option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * WinDivert is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ * 
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ * 
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc., 51
+ * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+
+/*
+ * DESCRIPTION:
+ *
+ * usage: socketdump.exe [filter]
+ *        socketdump.exe --block [filter]
+ */
+
+#include <winsock2.h>
+#include <windows.h>
+#include <psapi.h>
+#include <shlwapi.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "windivert.h"
+
+#define INET6_ADDRSTRLEN    45
+
+/*
+ * Entry.
+ */
+int __cdecl main(int argc, char **argv)
+{
+    HANDLE handle, process, console;
+    INT16 priority = 1121;          // Arbitrary.
+    const char *filter = "true", *err_str;
+    char path[MAX_PATH+1];
+    char local_str[INET6_ADDRSTRLEN+1], remote_str[INET6_ADDRSTRLEN+1];
+    char *filename;
+    DWORD path_len;
+    WINDIVERT_ADDRESS addr;
+    BOOL block = FALSE;
+
+    switch (argc)
+    {
+        case 1:
+            break;
+        case 2:
+            if (strcmp(argv[1], "--block") == 0)
+            {
+                block = TRUE;
+            }
+            else
+            {
+                filter = argv[1];
+            }
+            break;
+        case 3:
+            if (strcmp(argv[1], "--block") == 0)
+            {
+                block = TRUE;
+                filter = argv[2];
+                break;
+            }
+            // Fallthrough:
+        default:
+            fprintf(stderr, "usage: %s [filter]\n", argv[0]);
+            fprintf(stderr, "       %s --block [filter]\n", argv[0]);
+            exit(EXIT_FAILURE);
+    }
+
+    // Open WinDivert SOCKET handle:
+    handle = WinDivertOpen(filter, WINDIVERT_LAYER_SOCKET, priority, 
+        (block? 0: WINDIVERT_FLAG_SNIFF) | WINDIVERT_FLAG_RECV_ONLY);
+    if (handle == INVALID_HANDLE_VALUE)
+    {
+        if (GetLastError() == ERROR_INVALID_PARAMETER &&
+            !WinDivertHelperCompileFilter(filter, WINDIVERT_LAYER_SOCKET,
+                NULL, 0, &err_str, NULL))
+        {
+            fprintf(stderr, "error: invalid filter \"%s\"\n", err_str);
+            exit(EXIT_FAILURE);
+        }
+        fprintf(stderr, "error: failed to open the WinDivert device (%d)\n",
+            GetLastError());
+        return EXIT_FAILURE;
+    }
+
+    // Main loop:
+    console = GetStdHandle(STD_OUTPUT_HANDLE);
+    while (TRUE)
+    {
+        if (!WinDivertRecv(handle, NULL, 0, NULL, &addr))
+        {
+            fprintf(stderr, "failed to read packet (%d)\n", GetLastError());
+            continue;
+        }
+
+        switch (addr.Event)
+        {
+            case WINDIVERT_EVENT_SOCKET_BIND:
+                SetConsoleTextAttribute(console, FOREGROUND_GREEN);
+                printf("BIND");
+                break;
+            case WINDIVERT_EVENT_SOCKET_LISTEN:
+                SetConsoleTextAttribute(console, FOREGROUND_GREEN);
+                printf("LISTEN");
+                break;
+            case WINDIVERT_EVENT_SOCKET_CONNECT:
+                SetConsoleTextAttribute(console, FOREGROUND_GREEN);
+                printf("CONNECT");
+                break;
+            case WINDIVERT_EVENT_SOCKET_ACCEPT:
+                SetConsoleTextAttribute(console, FOREGROUND_GREEN);
+                printf("ACCEPT");
+                break;
+            case WINDIVERT_EVENT_SOCKET_CLOSE:
+                SetConsoleTextAttribute(console, FOREGROUND_RED);
+                printf("CLOSE");
+                break;
+            default:
+                SetConsoleTextAttribute(console, FOREGROUND_BLUE);
+                printf("???");
+                break;
+        }
+        SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN |
+            FOREGROUND_BLUE);
+
+        printf(" pid=");
+        SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN);
+        printf("%u", addr.Socket.ProcessId);
+        SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN |
+            FOREGROUND_BLUE);
+
+        printf(" program=");
+        process = OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION, FALSE,
+            addr.Socket.ProcessId);
+        path_len = 0;
+        if (process != NULL)
+        {
+            path_len = GetProcessImageFileName(process, path, sizeof(path));
+            CloseHandle(process);
+        }
+        SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN);
+        if (path_len != 0)
+        {
+            filename = PathFindFileName(path);
+            printf("%s", filename);
+        }
+        else if (addr.Socket.ProcessId == 4)
+        {
+            printf("Windows");
+        }
+        else
+        {
+            printf("???");
+        }
+        SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN |
+            FOREGROUND_BLUE);
+
+        printf(" endpoint=");
+        SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN);
+        printf("%lu", addr.Socket.EndpointId);
+        SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN |
+            FOREGROUND_BLUE);
+
+        printf(" parent=");
+        SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN);
+        printf("%lu", addr.Socket.ParentEndpointId);
+        SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN |
+            FOREGROUND_BLUE);
+
+        printf(" protocol=");
+        SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN);
+        switch (addr.Socket.Protocol)
+        {
+            case IPPROTO_TCP:
+                printf("TCP");
+                break;
+            case IPPROTO_UDP:
+                printf("UDP");
+                break;
+            case IPPROTO_ICMP:
+                printf("ICMP");
+                break;
+            case IPPROTO_ICMPV6:
+                printf("ICMPV6");
+                break;
+            default:
+                printf("%u", addr.Socket.Protocol);
+                break;
+        }
+        SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN |
+            FOREGROUND_BLUE);
+
+        WinDivertHelperFormatIPv6Address(addr.Socket.LocalAddr, local_str,
+            sizeof(local_str));
+        if (addr.Socket.LocalPort != 0 || strcmp(local_str, "::") != 0)
+        {
+            printf(" local=");
+            SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN);
+            printf("[%s]:%u", local_str, addr.Socket.LocalPort);
+            SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN |
+                FOREGROUND_BLUE);
+        }
+
+        WinDivertHelperFormatIPv6Address(addr.Socket.RemoteAddr, remote_str,
+            sizeof(remote_str));
+        if (addr.Socket.RemotePort != 0 || strcmp(remote_str, "::") != 0)
+        {
+            printf(" remote=");
+            SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN);
+            printf("[%s]:%u", remote_str, addr.Socket.RemotePort);
+            SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN |
+                FOREGROUND_BLUE);
+        }
+
+        putchar('\n');
+    }
+
+    return 0;
+}
+

examples/socketdump/socketdump.vcxproj

@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+
+    socketdump.vcxproj
+    (C) 2019, all rights reserved,
+    
+    This file is part of WinDivert.
+    
+    WinDivert is free software: you can redistribute it and/or modify it under
+    the terms of the GNU Lesser General Public License as published by the
+    Free Software Foundation, either version 3 of the License, or (at your
+    option) any later version.
+    
+    This program is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+    or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+    License for more details.
+    
+    You should have received a copy of the GNU Lesser General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+    
+    WinDivert is free software; you can redistribute it and/or modify it under
+    the terms of the GNU General Public License as published by the Free
+    Software Foundation; either version 2 of the License, or (at your option)
+    any later version.
+    
+    This program is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+    or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+    for more details.
+    
+    You should have received a copy of the GNU General Public License along
+    with this program; if not, write to the Free Software Foundation, Inc., 51
+    Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+    
+-->
+<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+ <ItemGroup Label="ProjectConfigurations">
+  <ProjectConfiguration Include="Release|Win32">
+   <Configuration>Release</Configuration>
+   <Platform>Win32</Platform>
+  </ProjectConfiguration>
+  <ProjectConfiguration Include="Release|x64">
+   <Configuration>Release</Configuration>
+   <Platform>x64</Platform>
+  </ProjectConfiguration>
+ </ItemGroup>
+ <ItemGroup>
+  <ClCompile Include="socketdump.c">
+   <TreatWarningAsError>false</TreatWarningAsError>
+   <Optimization>MinSpace</Optimization>
+   <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+   <AdditionalIncludeDirectories>..\..\include</AdditionalIncludeDirectories>
+  </ClCompile>
+ </ItemGroup>
+ <PropertyGroup Label="Globals">
+  <RootNamespace>socketdump</RootNamespace>
+  <ProjectName>socketdump</ProjectName>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props"/>
+ <PropertyGroup Label="Configuration">
+  <PlatformToolset>v140</PlatformToolset>
+  <ConfigurationType>Application</ConfigurationType>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+ <ItemDefinitionGroup>
+  <Link>
+   <AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">..\..\install\MSVC\i386\WinDivert.lib;shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+   <AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Release|x64'">..\..\install\MSVC\amd64\WinDivert.lib;shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+  </Link>
+ </ItemDefinitionGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+</Project>

examples/streamdump/streamdump.c

@@ -0,0 +1,462 @@
+/*
+ * streamdump.c
+ * (C) 2023, all rights reserved,
+ *
+ * This file is part of WinDivert.
+ *
+ * WinDivert is free software: you can redistribute it and/or modify it under
+ * the terms of the GNU Lesser General Public License as published by the
+ * Free Software Foundation, either version 3 of the License, or (at your
+ * option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * WinDivert is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ * 
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ * 
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc., 51
+ * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+
+/*
+ * DESCRIPTION:
+ *
+ * This program demonstrates how to handle streams using WinDivert.
+ *
+ * The program works by "reflecting" outbound TCP connections into inbound
+ * TCP connections that are handled by a simple proxy server.
+ *
+ * usage: streamdump.exe port
+ */
+
+#include <winsock2.h>
+#include <windows.h>
+#include <ctype.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "windivert.h"
+
+#define MAXBUF          WINDIVERT_MTU_MAX
+#define PROXY_PORT      34010
+#define ALT_PORT        43010
+#define MAX_LINE        65
+
+/*
+ * Proxy server configuration.
+ */
+typedef struct
+{
+    UINT16 proxy_port;
+    UINT16 alt_port;
+} PROXY_CONFIG, *PPROXY_CONFIG;
+
+typedef struct
+{
+    SOCKET s;
+    UINT16 alt_port;
+    struct in_addr dest;
+} PROXY_CONNECTION_CONFIG, *PPROXY_CONNECTION_CONFIG;
+
+typedef struct
+{
+    BOOL inbound;
+    SOCKET s;
+    SOCKET t;
+} PROXY_TRANSFER_CONFIG, *PPROXY_TRANSFER_CONFIG;
+
+/*
+ * Lock to sync output.
+ */
+static HANDLE lock;
+
+/*
+ * Prototypes.
+ */
+static DWORD proxy(LPVOID arg);
+static DWORD proxy_connection_handler(LPVOID arg);
+static DWORD proxy_transfer_handler(LPVOID arg);
+
+/*
+ * Error handling.
+ */
+static void message(const char *msg, ...)
+{
+    va_list args;
+    va_start(args, msg);
+    WaitForSingleObject(lock, INFINITE);
+    vfprintf(stderr, msg, args);
+    putc('\n', stderr);
+    ReleaseMutex(lock);
+    va_end(args);
+}
+#define error(msg, ...)                         \
+    do {                                        \
+        message("error: " msg, ## __VA_ARGS__); \
+        exit(EXIT_FAILURE);                     \
+    } while (FALSE)
+#define warning(msg, ...)                       \
+    message("warning: " msg, ## __VA_ARGS__)
+
+/*
+ * Entry.
+ */
+int __cdecl main(int argc, char **argv)
+{
+    HANDLE handle, thread;
+    UINT16 port, proxy_port, alt_port;
+    int r;
+    char filter[256];
+    INT16 priority = 123;       // Arbitrary.
+    PPROXY_CONFIG config;
+    unsigned char packet[MAXBUF];
+    UINT packet_len;
+    WINDIVERT_ADDRESS addr;
+    PWINDIVERT_IPHDR ip_header;
+    PWINDIVERT_TCPHDR tcp_header;
+    DWORD len;
+
+    // Init.
+    if (argc != 2)
+    {
+        fprintf(stderr, "usage: %s dest-port\n", argv[0]);
+        exit(EXIT_FAILURE);
+    }
+    port = (UINT16)atoi(argv[1]);
+    if (port < 0 || port > 0xFFFF)
+    {
+        fprintf(stderr, "error: invalid port number (%d)\n", port);
+        exit(EXIT_FAILURE);
+    }
+    proxy_port = (port == PROXY_PORT? PROXY_PORT+1: PROXY_PORT);
+    alt_port = (port == ALT_PORT? ALT_PORT+1: ALT_PORT);
+    lock = CreateMutex(NULL, FALSE, NULL);
+    if (lock == NULL)
+    {
+        fprintf(stderr, "error: failed to create mutex (%d)\n",
+            GetLastError());
+        exit(EXIT_FAILURE);
+    }
+
+    // Divert all traffic to/from `port', `proxy_port' and `alt_port'.
+    r = snprintf(filter, sizeof(filter),
+        "tcp and "
+        "(tcp.DstPort == %d or tcp.DstPort == %d or tcp.DstPort == %d or "
+         "tcp.SrcPort == %d or tcp.SrcPort == %d or tcp.SrcPort == %d)",
+        port, proxy_port, alt_port, port, proxy_port, alt_port);
+    if (r < 0 || r >= sizeof(filter))
+    {
+        error("failed to create filter string");
+    }
+    handle = WinDivertOpen(filter, WINDIVERT_LAYER_NETWORK, priority, 0);
+    if (handle == INVALID_HANDLE_VALUE)
+    {
+        error("failed to open the WinDivert device (%d)", GetLastError());
+    }
+
+    // Spawn proxy thread,
+    config = (PPROXY_CONFIG)malloc(sizeof(PROXY_CONFIG));
+    if (config == NULL)
+    {
+        error("failed to allocate memory");
+    }
+    config->proxy_port = proxy_port;
+    config->alt_port = alt_port;
+    thread = CreateThread(NULL, 1, (LPTHREAD_START_ROUTINE)proxy,
+        (LPVOID)config, 0, NULL);
+    if (thread == NULL)
+    {
+        error("failed to create thread (%d)", GetLastError());
+    }
+    CloseHandle(thread);
+
+    // Main loop:
+    while (TRUE)
+    {
+        if (!WinDivertRecv(handle, packet, sizeof(packet), &packet_len, &addr))
+        {
+            warning("failed to read packet (%d)", GetLastError());
+            continue;
+        }
+
+        WinDivertHelperParsePacket(packet, packet_len, addr.Layer, NULL, NULL,
+            &ip_header, NULL, NULL, NULL, NULL, &tcp_header, NULL, NULL, NULL);
+        if (ip_header == NULL || tcp_header == NULL)
+        {
+            warning("failed to parse packet (%d)", GetLastError());
+            continue;
+        }
+
+        if (addr.Outbound)
+        {
+            if (tcp_header->DstPort == htons(port))
+            {
+                // Reflect: PORT ---> PROXY
+                UINT32 dst_addr = ip_header->DstAddr;
+                tcp_header->DstPort = htons(proxy_port);
+                ip_header->DstAddr = ip_header->SrcAddr;
+                ip_header->SrcAddr = dst_addr;
+                addr.Outbound = FALSE;
+            }
+            else if (tcp_header->SrcPort == htons(proxy_port))
+            {
+                // Reflect: PROXY ---> PORT
+                UINT32 dst_addr = ip_header->DstAddr;
+                tcp_header->SrcPort = htons(port);
+                ip_header->DstAddr = ip_header->SrcAddr;
+                ip_header->SrcAddr = dst_addr;
+                addr.Outbound = FALSE;
+            }
+            else if (tcp_header->DstPort == htons(alt_port))
+            {
+                // Redirect: ALT ---> PORT
+                tcp_header->DstPort = htons(port);
+            }
+        }
+        else
+        {
+            if (tcp_header->SrcPort == htons(port))
+            {
+                // Redirect: PORT ---> ALT
+                tcp_header->SrcPort = htons(alt_port);
+            }
+        }
+
+        WinDivertHelperCalcChecksums(packet, packet_len, addr.Layer, &addr, 0);
+        if (!WinDivertSend(handle, packet, packet_len, NULL, &addr))
+        {
+            warning("failed to send packet (%d)", GetLastError());
+            continue;
+        }
+    }
+
+    return 0;
+}
+
+/*
+ * Proxy server thread.
+ */
+static DWORD proxy(LPVOID arg)
+{
+    PPROXY_CONFIG config = (PPROXY_CONFIG)arg;
+    UINT16 proxy_port = config->proxy_port;
+    UINT16 alt_port = config->alt_port;
+    int on = 1;
+    WSADATA wsa_data;
+    WORD wsa_version = MAKEWORD(2, 2);
+    struct sockaddr_in addr;
+    SOCKET s;
+    HANDLE thread;
+    
+    free(config);
+
+    if (WSAStartup(wsa_version, &wsa_data) != 0)
+    {
+        error("failed to start WSA (%d)", GetLastError());
+    }
+    
+    s = socket(AF_INET, SOCK_STREAM, 0);
+    if (s == INVALID_SOCKET)
+    {
+        error("failed to create socket (%d)", WSAGetLastError());
+    }
+
+    if (setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (const char*)&on, sizeof(int))
+            == SOCKET_ERROR)
+    {
+        error("failed to re-use address (%d)", GetLastError());
+    }
+
+    memset(&addr, 0, sizeof(addr));
+    addr.sin_family = AF_INET;
+    addr.sin_port = htons(proxy_port);
+    if (bind(s, (SOCKADDR *)&addr, sizeof(addr)) == SOCKET_ERROR)
+    {
+        error("failed to bind socket (%d)", WSAGetLastError());
+    }
+
+    if (listen(s, 16) == SOCKET_ERROR)
+    {
+        error("failed to listen socket (%d)", WSAGetLastError());
+    }
+
+    while (TRUE)
+    {
+        // Wait for a new connection.
+        PPROXY_CONNECTION_CONFIG config;
+        int size = sizeof(addr);
+        SOCKET t = accept(s, (SOCKADDR *)&addr, &size);
+        if (t == INVALID_SOCKET)
+        {
+            warning("failed to accept socket (%d)", WSAGetLastError());
+            continue;
+        }
+
+        // Spawn proxy connection handler thread.
+        config = (PPROXY_CONNECTION_CONFIG)
+            malloc(sizeof(PROXY_CONNECTION_CONFIG));
+        if (config == NULL)
+        {
+            error("failed to allocate memory");
+        }
+        config->s = t;
+        config->alt_port = alt_port;
+        config->dest = addr.sin_addr;
+        thread = CreateThread(NULL, 1,
+            (LPTHREAD_START_ROUTINE)proxy_connection_handler,
+            (LPVOID)config, 0, NULL);
+        if (thread == NULL)
+        {
+            warning("failed to create thread (%d)", GetLastError());
+            closesocket(t);
+            free(config);
+            continue;
+        }
+        CloseHandle(thread);
+    }
+}
+
+/*
+ * Proxy connection handler thread.
+ */
+static DWORD proxy_connection_handler(LPVOID arg)
+{
+    PPROXY_TRANSFER_CONFIG config1, config2;
+    HANDLE thread;
+    PPROXY_CONNECTION_CONFIG config = (PPROXY_CONNECTION_CONFIG)arg;
+    SOCKET s = config->s, t;
+    UINT16 alt_port = config->alt_port;
+    struct in_addr dest = config->dest;
+    struct sockaddr_in addr;
+    
+    free(config);
+
+    t = socket(AF_INET, SOCK_STREAM, 0);
+    if (t == INVALID_SOCKET)
+    {
+        warning("failed to create socket (%d)", WSAGetLastError());
+        closesocket(s);
+        return 0;
+    }
+
+    memset(&addr, 0, sizeof(addr));
+    addr.sin_family = AF_INET;
+    addr.sin_port = htons(alt_port);
+    addr.sin_addr = dest;
+    if (connect(t, (SOCKADDR *)&addr, sizeof(addr)) == SOCKET_ERROR)
+    {
+        warning("failed to connect socket (%d)", WSAGetLastError());
+        closesocket(s);
+        closesocket(t);
+        return 0;
+    }
+
+    config1 = (PPROXY_TRANSFER_CONFIG)malloc(sizeof(PROXY_TRANSFER_CONFIG));
+    config2 = (PPROXY_TRANSFER_CONFIG)malloc(sizeof(PROXY_TRANSFER_CONFIG));
+    if (config1 == NULL || config2 == NULL)
+    {
+        error("failed to allocate memory");
+    }
+    config1->inbound = FALSE;
+    config2->inbound = TRUE;
+    config2->t = config1->s = s;
+    config2->s = config1->t = t;
+    thread = CreateThread(NULL, 1,
+        (LPTHREAD_START_ROUTINE)proxy_transfer_handler, (LPVOID)config1, 0,
+        NULL);
+    if (thread == NULL)
+    {
+        warning("failed to create thread (%d)", GetLastError());
+        closesocket(s);
+        closesocket(t);
+        free(config1);
+        free(config2);
+        return 0;
+    }
+    proxy_transfer_handler((LPVOID)config2);
+    WaitForSingleObject(thread, INFINITE);
+    CloseHandle(thread);
+    closesocket(s);
+    closesocket(t);
+    return 0;
+}
+
+/*
+ * Handle the transfer of data from one socket to another.
+ */
+static DWORD proxy_transfer_handler(LPVOID arg)
+{
+    PPROXY_TRANSFER_CONFIG config = (PPROXY_TRANSFER_CONFIG)arg;
+    BOOL inbound = config->inbound;
+    SOCKET s = config->s, t = config->t;
+    char buf[8192];
+    int len, len2, i;
+    HANDLE console;
+
+    free(config);
+
+    while (TRUE)
+    {
+        // Read data from s.
+        len = recv(s, buf, sizeof(buf), 0);
+        if (len == SOCKET_ERROR)
+        {
+            warning("failed to recv from socket (%d)", WSAGetLastError());
+            shutdown(s, SD_BOTH);
+            shutdown(t, SD_BOTH);
+            return 0;
+        }
+        if (len == 0)
+        {
+            shutdown(s, SD_RECEIVE);
+            shutdown(t, SD_SEND);
+            return 0;
+        }
+
+        // Dump stream information to the screen.
+        console = GetStdHandle(STD_OUTPUT_HANDLE);
+        WaitForSingleObject(lock, INFINITE);
+        printf("[%.4d] ", len);
+        SetConsoleTextAttribute(console,
+            (inbound? FOREGROUND_RED: FOREGROUND_GREEN));
+        for (i = 0; i < len && i < MAX_LINE; i++)
+        {
+            putchar((isprint(buf[i])? buf[i]: '.'));
+        }
+        SetConsoleTextAttribute(console,
+            FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE);
+        printf("%s\n", (len > MAX_LINE? "...": ""));
+        ReleaseMutex(lock);
+
+        // Send data to t.
+        for (i = 0; i < len; )
+        {
+            len2 = send(t, buf+i, len-i, 0);
+            if (len2 == SOCKET_ERROR)
+            {
+                warning("failed to send to socket (%d)", WSAGetLastError());
+                shutdown(s, SD_BOTH);
+                shutdown(t, SD_BOTH);
+                return 0;
+            }
+            i += len2;
+        }
+    }
+
+    return 0;
+}
+

examples/streamdump/streamdump.vcxproj

@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+
+    streamdump.vcxproj
+    (C) 2019, all rights reserved,
+    
+    This file is part of WinDivert.
+    
+    WinDivert is free software: you can redistribute it and/or modify it under
+    the terms of the GNU Lesser General Public License as published by the
+    Free Software Foundation, either version 3 of the License, or (at your
+    option) any later version.
+    
+    This program is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+    or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+    License for more details.
+    
+    You should have received a copy of the GNU Lesser General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+    
+    WinDivert is free software; you can redistribute it and/or modify it under
+    the terms of the GNU General Public License as published by the Free
+    Software Foundation; either version 2 of the License, or (at your option)
+    any later version.
+    
+    This program is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+    or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+    for more details.
+    
+    You should have received a copy of the GNU General Public License along
+    with this program; if not, write to the Free Software Foundation, Inc., 51
+    Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+    
+-->
+<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+ <ItemGroup Label="ProjectConfigurations">
+  <ProjectConfiguration Include="Release|Win32">
+   <Configuration>Release</Configuration>
+   <Platform>Win32</Platform>
+  </ProjectConfiguration>
+  <ProjectConfiguration Include="Release|x64">
+   <Configuration>Release</Configuration>
+   <Platform>x64</Platform>
+  </ProjectConfiguration>
+ </ItemGroup>
+ <ItemGroup>
+  <ClCompile Include="streamdump.c">
+   <TreatWarningAsError>false</TreatWarningAsError>
+   <Optimization>MinSpace</Optimization>
+   <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+   <AdditionalIncludeDirectories>..\..\include</AdditionalIncludeDirectories>
+  </ClCompile>
+ </ItemGroup>
+ <PropertyGroup Label="Globals">
+  <RootNamespace>streamdump</RootNamespace>
+  <ProjectName>streamdump</ProjectName>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props"/>
+ <PropertyGroup Label="Configuration">
+  <PlatformToolset>v140</PlatformToolset>
+  <ConfigurationType>Application</ConfigurationType>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+ <ItemDefinitionGroup>
+  <Link>
+   <AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">..\..\install\MSVC\i386\WinDivert.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+   <AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Release|x64'">..\..\install\MSVC\amd64\WinDivert.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+  </Link>
+ </ItemDefinitionGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+</Project>

examples/webfilter/Makefile

@@ -1 +0,0 @@
-!INCLUDE $(NTMAKEENV)\makefile.def

examples/webfilter/sources

@@ -1,36 +0,0 @@
-# sources
-# (C) 2014, all rights reserved,
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU Lesser General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-!IF "$(_BUILDARCH)" == "x86"
-CPU=i386
-!ELSE
-CPU=$(_BUILDARCH)
-!ENDIF
-
-TARGETNAME=webfilter
-TARGETTYPE=PROGRAM
-TARGETPATH=..\..\install\WDDK
-TARGETLIBS=\
-    $(SDK_LIB_PATH)\setupapi.lib \
-    $(SDK_LIB_PATH)\user32.lib \
-    $(SDK_LIB_PATH)\ws2_32.lib \
-    $(TARGETPATH)\$(CPU)\WinDivert.lib
-UMTYPE=console
-UMENTRY=main
-USE_MSVCRT=1
-INCLUDES=$(DDK_INC_PATH);$(KMDF_INC_PATH)\$(KMDF_VER_PATH);..\..\include
-SOURCES=webfilter.c
-

examples/webfilter/webfilter.c

@@ -1,19 +1,35 @@
 /*
  * webfilter.c
- * (C) 2014, all rights reserved,
+ * (C) 2023, all rights reserved,
  *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
+ * This file is part of WinDivert.
  *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Lesser General Public License for more details.
+ * WinDivert is free software: you can redistribute it and/or modify it under
+ * the terms of the GNU Lesser General Public License as published by the
+ * Free Software Foundation, either version 3 of the License, or (at your
+ * option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+ * License for more details.
  *
  * You should have received a copy of the GNU Lesser General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * WinDivert is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ * 
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ * 
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc., 51
+ * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
  */
 
 /*
@@ -26,15 +42,19 @@
  * blockpage to the browser.
  */
 
-#include <winsock2.h>
 #include <windows.h>
 #include <stdio.h>
 #include <stdlib.h>
 
 #include "windivert.h"
 
-#define MAXBUF 0xFFFF
-#define MAXURL 4096
+#define ntohs(x)            WinDivertHelperNtohs(x)
+#define ntohl(x)            WinDivertHelperNtohl(x)
+#define htons(x)            WinDivertHelperHtons(x)
+#define htonl(x)            WinDivertHelperHtonl(x)
+
+#define MAXBUF              WINDIVERT_MTU_MAX
+#define MAXURL              4096
 
 /*
  * URL and blacklist representation.
@@ -160,6 +180,7 @@ int __cdecl main(int argc, char **argv)
     // Open the Divert device:
     handle = WinDivertOpen(
             "outbound && "              // Outbound traffic only
+            "!loopback && "             // No loopback traffic
             "ip && "                    // Only IPv4 supported
             "tcp.DstPort == 80 && "     // HTTP (port 80) only
             "tcp.PayloadLength > 0",    // TCP data packets only
@@ -176,19 +197,21 @@ int __cdecl main(int argc, char **argv)
     // Main loop:
     while (TRUE)
     {
-        if (!WinDivertRecv(handle, packet, sizeof(packet), &addr, &packet_len))
+        if (!WinDivertRecv(handle, packet, sizeof(packet), &packet_len, &addr))
         {
             fprintf(stderr, "warning: failed to read packet (%d)\n",
                 GetLastError());
             continue;
         }
 
-        if (!WinDivertHelperParsePacket(packet, packet_len, &ip_header, NULL,
-                NULL, NULL, &tcp_header, NULL, &payload, &payload_len) ||
+        WinDivertHelperParsePacket(packet, packet_len, addr.Layer, NULL, NULL,
+            &ip_header, NULL, NULL, NULL, NULL, &tcp_header, NULL, &payload,
+            &payload_len);
+        if (ip_header == NULL || tcp_header == NULL || payload == NULL ||
             !BlackListPayloadMatch(blacklist, payload, (UINT16)payload_len))
         {
             // Packet does not match the blacklist; simply reinject it.
-            if (!WinDivertSend(handle, packet, packet_len, &addr, NULL))
+            if (!WinDivertSend(handle, packet, packet_len, NULL, &addr))
             {
                 fprintf(stderr, "warning: failed to reinject packet (%d)\n",
                     GetLastError());
@@ -207,8 +230,9 @@ int __cdecl main(int argc, char **argv)
         reset->tcp.DstPort      = htons(80);
         reset->tcp.SeqNum       = tcp_header->SeqNum;
         reset->tcp.AckNum       = tcp_header->AckNum;
-        WinDivertHelperCalcChecksums((PVOID)reset, sizeof(PACKET), 0);
-        if (!WinDivertSend(handle, (PVOID)reset, sizeof(PACKET), &addr, NULL))
+        WinDivertHelperCalcChecksums((PVOID)reset, sizeof(PACKET),
+            addr.Layer, &addr, 0);
+        if (!WinDivertSend(handle, (PVOID)reset, sizeof(PACKET), NULL, &addr))
         {
             fprintf(stderr, "warning: failed to send reset packet (%d)\n",
                 GetLastError());
@@ -221,10 +245,11 @@ int __cdecl main(int argc, char **argv)
         blockpage->header.tcp.SeqNum       = tcp_header->AckNum;
         blockpage->header.tcp.AckNum       =
             htonl(ntohl(tcp_header->SeqNum) + payload_len);
-        WinDivertHelperCalcChecksums((PVOID)blockpage, blockpage_len, 0);
-        addr.Direction = !addr.Direction;     // Reverse direction.
-        if (!WinDivertSend(handle, (PVOID)blockpage, blockpage_len, &addr,
-                NULL))
+        addr.Outbound = !addr.Outbound;     // Reverse direction.
+        WinDivertHelperCalcChecksums((PVOID)blockpage, blockpage_len,
+            addr.Layer, &addr, 0);
+        if (!WinDivertSend(handle, (PVOID)blockpage, blockpage_len, NULL,
+                &addr))
         {
             fprintf(stderr, "warning: failed to send block page packet (%d)\n",
                 GetLastError());
@@ -240,8 +265,9 @@ int __cdecl main(int argc, char **argv)
             htonl(ntohl(tcp_header->AckNum) + sizeof(block_data) - 1); 
         finish->tcp.AckNum       =
             htonl(ntohl(tcp_header->SeqNum) + payload_len);
-        WinDivertHelperCalcChecksums((PVOID)finish, sizeof(PACKET), 0);
-        if (!WinDivertSend(handle, (PVOID)finish, sizeof(PACKET), &addr, NULL))
+        WinDivertHelperCalcChecksums((PVOID)finish, sizeof(PACKET),
+            addr.Layer, &addr, 0);
+        if (!WinDivertSend(handle, (PVOID)finish, sizeof(PACKET), NULL, &addr))
         {
             fprintf(stderr, "warning: failed to send finish packet (%d)\n",
                 GetLastError());

examples/webfilter/webfilter.vcxproj

@@ -1,58 +1,73 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <ItemGroup Label="ProjectConfigurations">
-    <ProjectConfiguration Include="Release|x64">
-      <Configuration>Release</Configuration>
-      <Platform>x64</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="Debug|x64">
-      <Configuration>Debug</Configuration>
-      <Platform>x64</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="Release|Win32">
-      <Configuration>Release</Configuration>
-      <Platform>Win32</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="Debug|Win32">
-      <Configuration>Debug</Configuration>
-      <Platform>Win32</Platform>
-    </ProjectConfiguration>
-  </ItemGroup>
-  <PropertyGroup>
-    <ConfigurationType>Application</ConfigurationType>
-    <TARGETNAME>webfilter</TARGETNAME>
-    <Configuration>Release</Configuration>
-  </PropertyGroup>
-  <ItemDefinitionGroup>
-    <ClCompile>
-      <AdditionalIncludeDirectories>..\..\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-    </ClCompile>
-    <Link>
-      <AdditionalDependencies>ws2_32.lib;..\..\install\MSVC\WinDivert.lib</AdditionalDependencies>
-    </Link> 
-  </ItemDefinitionGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props"/>
-  <PropertyGroup Label="Configuration" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
-    <PlatformToolset>v110</PlatformToolset>
-  </PropertyGroup>
-  <PropertyGroup Label="Configuration" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
-    <PlatformToolset>v110</PlatformToolset>
-  </PropertyGroup>
-  <PropertyGroup Label="Configuration" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
-    <PlatformToolset>v110</PlatformToolset>
-  </PropertyGroup>
-  <PropertyGroup Label="Configuration" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
-    <PlatformToolset>v110</PlatformToolset>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)'=='Debug'">
-    <UseDebugLibraries>True</UseDebugLibraries>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)'=='Release'">
-    <UseDebugLibraries>False</UseDebugLibraries>
-  </PropertyGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props"/>
-  <ItemGroup>
-    <ClCompile Include="webfilter.c"/>
-  </ItemGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets"/>
-</Project>
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+
+    webfilter.vcxproj
+    (C) 2019, all rights reserved,
+    
+    This file is part of WinDivert.
+    
+    WinDivert is free software: you can redistribute it and/or modify it under
+    the terms of the GNU Lesser General Public License as published by the
+    Free Software Foundation, either version 3 of the License, or (at your
+    option) any later version.
+    
+    This program is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+    or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+    License for more details.
+    
+    You should have received a copy of the GNU Lesser General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+    
+    WinDivert is free software; you can redistribute it and/or modify it under
+    the terms of the GNU General Public License as published by the Free
+    Software Foundation; either version 2 of the License, or (at your option)
+    any later version.
+    
+    This program is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+    or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+    for more details.
+    
+    You should have received a copy of the GNU General Public License along
+    with this program; if not, write to the Free Software Foundation, Inc., 51
+    Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+    
+-->
+<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+ <ItemGroup Label="ProjectConfigurations">
+  <ProjectConfiguration Include="Release|Win32">
+   <Configuration>Release</Configuration>
+   <Platform>Win32</Platform>
+  </ProjectConfiguration>
+  <ProjectConfiguration Include="Release|x64">
+   <Configuration>Release</Configuration>
+   <Platform>x64</Platform>
+  </ProjectConfiguration>
+ </ItemGroup>
+ <ItemGroup>
+  <ClCompile Include="webfilter.c">
+   <TreatWarningAsError>false</TreatWarningAsError>
+   <Optimization>MinSpace</Optimization>
+   <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+   <AdditionalIncludeDirectories>..\..\include</AdditionalIncludeDirectories>
+  </ClCompile>
+ </ItemGroup>
+ <PropertyGroup Label="Globals">
+  <RootNamespace>webfilter</RootNamespace>
+  <ProjectName>webfilter</ProjectName>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props"/>
+ <PropertyGroup Label="Configuration">
+  <PlatformToolset>v140</PlatformToolset>
+  <ConfigurationType>Application</ConfigurationType>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+ <ItemDefinitionGroup>
+  <Link>
+   <AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">..\..\install\MSVC\i386\WinDivert.lib;%(AdditionalDependencies)</AdditionalDependencies>
+   <AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Release|x64'">..\..\install\MSVC\amd64\WinDivert.lib;%(AdditionalDependencies)</AdditionalDependencies>
+  </Link>
+ </ItemDefinitionGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+</Project>

examples/windivertctl/windivertctl.c

@@ -0,0 +1,395 @@
+/*
+ * windivertctl.c
+ * (C) 2019, all rights reserved,
+ *
+ * This file is part of WinDivert.
+ *
+ * WinDivert is free software: you can redistribute it and/or modify it under
+ * the terms of the GNU Lesser General Public License as published by the
+ * Free Software Foundation, either version 3 of the License, or (at your
+ * option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * WinDivert is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ * 
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ * 
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc., 51
+ * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+
+/*
+ * DESCRIPTION:
+ *
+ * usage: windivertctl.exe list
+ */
+
+#include <winsock2.h>
+#include <windows.h>
+#include <psapi.h>
+#include <shlwapi.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "windivert.h"
+
+#define MAX_PACKET          0xFFFF
+#define MAX_FILTER_LEN      30000
+
+/*
+ * Modes.
+ */
+typedef enum
+{
+    LIST,
+    WATCH,
+    KILL,
+    UNINSTALL
+} MODE;
+
+/*
+ * Entry.
+ */
+int __cdecl main(int argc, char **argv)
+{
+    HANDLE handle, process, console, mutex;
+    INT16 priority = -333;      // Arbitrary.
+    UINT packet_len;
+    static UINT8 packet[MAX_PACKET];
+    static char path[MAX_PATH+1];
+    static char filter_str[MAX_FILTER_LEN];
+    DWORD path_len;
+    BOOL or;
+    WINDIVERT_ADDRESS addr;
+    ULONGLONG freq, start_count;
+    LARGE_INTEGER li;
+    MODE mode;
+    SC_HANDLE manager = NULL, service = NULL;
+    SERVICE_STATUS status;
+    const char *filter = "true";
+    const char *err_str = NULL;
+
+    if (argc != 2 && argc != 3)
+    {
+usage:
+        fprintf(stderr, "usage: %s (list|watch|kill) [filter]\n", argv[0]);
+        fprintf(stderr, "       %s uninstall\n", argv[0]);
+        exit(EXIT_FAILURE);
+    }
+    if (strcmp(argv[1], "list") == 0)
+    {
+        mode = LIST;
+    }
+    else if (strcmp(argv[1], "watch") == 0)
+    {
+        mode = WATCH;
+    }
+    else if (strcmp(argv[1], "kill") == 0)
+    {
+        mode = KILL;
+    }
+    else if (strcmp(argv[1], "uninstall") == 0)
+    {
+        if (argc != 2)
+        {
+            goto usage;
+        }
+        mode = UNINSTALL;
+    }
+    else
+    {
+        goto usage;
+    }
+    if (argc == 3)
+    {
+        filter = argv[2];
+    }
+
+    // Time management
+    QueryPerformanceFrequency(&li);
+    freq = li.QuadPart;
+    QueryPerformanceCounter(&li);
+    start_count = li.QuadPart;
+
+    // Open WinDivert REFLECT handle:
+    handle = WinDivertOpen(filter, WINDIVERT_LAYER_REFLECT, priority, 
+        WINDIVERT_FLAG_SNIFF | WINDIVERT_FLAG_RECV_ONLY |
+            (mode == WATCH? 0: WINDIVERT_FLAG_NO_INSTALL));
+    if (handle == INVALID_HANDLE_VALUE)
+    {
+        if (mode != WATCH && GetLastError() == ERROR_SERVICE_DOES_NOT_EXIST)
+        {
+            // WinDivert driver is not running, so no open handles.
+            return 0;
+        }
+        if (GetLastError() == ERROR_INVALID_PARAMETER &&
+            !WinDivertHelperCompileFilter(filter, WINDIVERT_LAYER_REFLECT,
+                NULL, 0, &err_str, NULL))
+        {
+            fprintf(stderr, "error: invalid filter \"%s\"\n", err_str);
+            exit(EXIT_FAILURE);
+        }
+        fprintf(stderr, "error: failed to open the WinDivert device (%d)\n",
+            GetLastError());
+        return EXIT_FAILURE;
+    }
+    if (mode != WATCH && !WinDivertShutdown(handle, WINDIVERT_SHUTDOWN_BOTH))
+    {
+        fprintf(stderr, "error: failed to shutdown WinDivert handle (%d)\n",
+            GetLastError());
+        return EXIT_FAILURE;
+    }
+    if (!WinDivertSetParam(handle, WINDIVERT_PARAM_QUEUE_LENGTH,
+            WINDIVERT_PARAM_QUEUE_LENGTH_MAX) ||
+        !WinDivertSetParam(handle, WINDIVERT_PARAM_QUEUE_SIZE,
+            WINDIVERT_PARAM_QUEUE_SIZE_MAX) ||
+        !WinDivertSetParam(handle, WINDIVERT_PARAM_QUEUE_TIME,
+            WINDIVERT_PARAM_QUEUE_TIME_MAX))
+    {
+        fprintf(stderr, "error: failed to set WinDivert handle params (%d)\n",
+            GetLastError());
+        return EXIT_FAILURE;
+    }
+
+    // Main loop:
+    console = GetStdHandle(STD_OUTPUT_HANDLE);
+    while (TRUE)
+    {
+        if (!WinDivertRecv(handle, packet, sizeof(packet), &packet_len, &addr))
+        {
+            if (mode != WATCH && GetLastError() == ERROR_NO_DATA)
+            {
+                break;
+            }
+            fprintf(stderr, "failed to receive event (%d)\n", GetLastError());
+            continue;
+        }
+
+        switch (addr.Event)
+        {
+            case WINDIVERT_EVENT_REFLECT_OPEN:
+                // Open handle:
+                if (mode == KILL || mode == UNINSTALL)
+                {
+                    SetConsoleTextAttribute(console, FOREGROUND_RED);
+                    fputs("KILL", stdout);
+                }
+                else
+                {
+                    SetConsoleTextAttribute(console, FOREGROUND_GREEN);
+                    fputs("OPEN", stdout);
+                }
+                break;
+
+            case WINDIVERT_EVENT_REFLECT_CLOSE:
+                // Close handle:
+                if (mode != WATCH)
+                {
+                    continue;
+                }
+                SetConsoleTextAttribute(console, FOREGROUND_RED);
+                fputs("CLOSE", stdout);
+                break;
+            
+            default:
+                fputs("???", stdout);
+                break;
+        }
+        process = OpenProcess(
+            PROCESS_QUERY_LIMITED_INFORMATION | PROCESS_TERMINATE,
+            FALSE, addr.Reflect.ProcessId);
+        SetConsoleTextAttribute(console,
+            FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE);
+        fputs(" time=", stdout);
+        SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN);
+        printf("%.3fs", (double)(addr.Reflect.Timestamp - (INT64)start_count) /
+            (double)freq);
+        SetConsoleTextAttribute(console,
+            FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE);
+        fputs(" pid=", stdout);
+        SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN);
+        printf("%u", addr.Reflect.ProcessId);
+        SetConsoleTextAttribute(console,
+            FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE);
+        fputs(" exe=", stdout);
+        path_len = 0;
+        if (process != NULL)
+        {
+            path_len = GetProcessImageFileName(process, path, sizeof(path));
+            if (mode == KILL || mode == UNINSTALL)
+            {
+                TerminateProcess(process, 0);
+            }
+            CloseHandle(process);
+        }
+        SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN);
+        printf("%s", (path_len != 0? path: "???"));
+        SetConsoleTextAttribute(console,
+            FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE);
+        fputs(" layer=", stdout);
+        SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN);
+        switch (addr.Reflect.Layer)
+        {
+            case WINDIVERT_LAYER_ETHERNET:
+                fputs("ETHERNET", stdout);
+                break;
+            case WINDIVERT_LAYER_NETWORK:
+                fputs("NETWORK", stdout);
+                break;
+            case WINDIVERT_LAYER_NETWORK_FORWARD:
+                fputs("FORWARD", stdout);
+                break;
+            case WINDIVERT_LAYER_FLOW:
+                fputs("FLOW", stdout);
+                break;
+            case WINDIVERT_LAYER_SOCKET:
+                fputs("SOCKET", stdout);
+                break;
+            case WINDIVERT_LAYER_REFLECT:
+                fputs("REFLECT", stdout);
+                break;
+            default:
+                fputs("???", stdout);
+                break;
+        }
+        SetConsoleTextAttribute(console,
+            FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE);
+        fputs(" flags=", stdout);
+        SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN);
+        if (addr.Reflect.Flags == 0)
+        {
+            fputs("0", stdout);
+        }
+        else
+        {
+            or = FALSE;
+            if ((addr.Reflect.Flags & WINDIVERT_FLAG_SNIFF) != 0)
+            {
+                fputs("SNIFF", stdout);
+                or = TRUE;
+            }
+            if ((addr.Reflect.Flags & WINDIVERT_FLAG_DROP) != 0)
+            {
+                printf("%sDROP", (or? "|": ""));
+                or = TRUE;
+            }
+            if ((addr.Reflect.Flags & WINDIVERT_FLAG_RECV_ONLY) != 0)
+            {
+                printf("%sRECV_ONLY", (or? "|": ""));
+                or = TRUE;
+            }
+            if ((addr.Reflect.Flags & WINDIVERT_FLAG_SEND_ONLY) != 0)
+            {
+                printf("%sSEND_ONLY", (or? "|": ""));
+                or = TRUE;
+            }
+            if ((addr.Reflect.Flags & WINDIVERT_FLAG_NO_INSTALL) != 0)
+            {
+                printf("%sNO_INSTALL", (or? "|": ""));
+                or = TRUE;
+            }
+        }
+        SetConsoleTextAttribute(console,
+            FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE);
+        fputs(" priority=", stdout);
+        SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN);
+        printf("%d", addr.Reflect.Priority);
+        SetConsoleTextAttribute(console,
+            FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE);
+        fputs(" filter=", stdout);
+        SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN);
+        if (WinDivertHelperFormatFilter((char *)packet, addr.Reflect.Layer,
+            filter_str, sizeof(filter_str)))
+        {
+            printf("\"%s\"", filter_str);
+        }
+        else
+        {
+            printf("\"%s\"", (char *)packet);
+        }
+        SetConsoleTextAttribute(console,
+            FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE);
+        putchar('\n');
+    }
+
+    if (!WinDivertClose(handle))
+    {
+        fprintf(stderr, "error: failed to close WinDivert handle (%d)\n",
+            GetLastError());
+        return EXIT_FAILURE;
+    }
+
+    if (mode == UNINSTALL)
+    {
+        // Stop & delete the WinDivert service:
+        mutex = CreateMutex(NULL, FALSE, "WinDivertDriverInstallMutex");
+        if (mutex == NULL)
+        {
+            fprintf(stderr, "error: failed to create WinDivert driver "
+                "install mutex (%d)\n", GetLastError());
+            return EXIT_FAILURE;
+        }
+        switch (WaitForSingleObject(mutex, INFINITE))
+        {
+            case WAIT_OBJECT_0: case WAIT_ABANDONED:
+                break;
+            default:
+                fprintf(stderr, "error: failed to acquire WinDivert driver "
+                    "install mutex (%d)\n", GetLastError());
+                return EXIT_FAILURE;
+        }
+        manager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
+        if (manager == NULL)
+        {
+            fprintf(stderr, "error: failed to open service manager (%d)\n",
+                GetLastError());
+            return EXIT_FAILURE;
+        }
+        service = OpenService(manager, "WinDivert", SERVICE_ALL_ACCESS);
+        if (service == NULL)
+        {
+            fprintf(stderr, "error: failed to open WinDivert service (%d)\n",
+                GetLastError());
+            return EXIT_FAILURE;
+        }
+        if (!ControlService(service, SERVICE_CONTROL_STOP, &status))
+        {
+            fprintf(stderr, "error: failed to stop WinDivert service (%d)\n",
+                GetLastError());
+            return EXIT_FAILURE;
+        }
+        if (status.dwCurrentState != SERVICE_STOPPED)
+        {
+            fprintf(stderr, "error: failed to stop WinDivert service");
+            return EXIT_FAILURE;
+        }
+        CloseServiceHandle(service);
+        CloseServiceHandle(manager);
+
+        SetConsoleTextAttribute(console, FOREGROUND_GREEN);
+        fputs("UNINSTALL", stdout);
+        SetConsoleTextAttribute(console,
+            FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE);
+        puts(" WinDivert");
+
+        ReleaseMutex(mutex);
+        CloseHandle(mutex);
+    }
+
+    return 0;
+}
+

examples/windivertctl/windivertctl.vcxproj

@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+
+    windivertctl.vcxproj
+    (C) 2019, all rights reserved,
+    
+    This file is part of WinDivert.
+    
+    WinDivert is free software: you can redistribute it and/or modify it under
+    the terms of the GNU Lesser General Public License as published by the
+    Free Software Foundation, either version 3 of the License, or (at your
+    option) any later version.
+    
+    This program is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+    or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+    License for more details.
+    
+    You should have received a copy of the GNU Lesser General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+    
+    WinDivert is free software; you can redistribute it and/or modify it under
+    the terms of the GNU General Public License as published by the Free
+    Software Foundation; either version 2 of the License, or (at your option)
+    any later version.
+    
+    This program is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+    or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+    for more details.
+    
+    You should have received a copy of the GNU General Public License along
+    with this program; if not, write to the Free Software Foundation, Inc., 51
+    Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+    
+-->
+<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+ <ItemGroup Label="ProjectConfigurations">
+  <ProjectConfiguration Include="Release|Win32">
+   <Configuration>Release</Configuration>
+   <Platform>Win32</Platform>
+  </ProjectConfiguration>
+  <ProjectConfiguration Include="Release|x64">
+   <Configuration>Release</Configuration>
+   <Platform>x64</Platform>
+  </ProjectConfiguration>
+ </ItemGroup>
+ <ItemGroup>
+  <ClCompile Include="windivertctl.c">
+   <TreatWarningAsError>false</TreatWarningAsError>
+   <Optimization>MinSpace</Optimization>
+   <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+   <AdditionalIncludeDirectories>..\..\include</AdditionalIncludeDirectories>
+  </ClCompile>
+ </ItemGroup>
+ <PropertyGroup Label="Globals">
+  <RootNamespace>windivertctl</RootNamespace>
+  <ProjectName>windivertctl</ProjectName>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props"/>
+ <PropertyGroup Label="Configuration">
+  <PlatformToolset>v140</PlatformToolset>
+  <ConfigurationType>Application</ConfigurationType>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+ <ItemDefinitionGroup>
+  <Link>
+   <AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">..\..\install\MSVC\i386\WinDivert.lib;%(AdditionalDependencies)</AdditionalDependencies>
+   <AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Release|x64'">..\..\install\MSVC\amd64\WinDivert.lib;%(AdditionalDependencies)</AdditionalDependencies>
+  </Link>
+ </ItemDefinitionGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+</Project>

include/windivert.h

@@ -1,19 +1,35 @@
 /*
  * windivert.h
- * (C) 2014, all rights reserved,
+ * (C) 2023, all rights reserved,
  *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
+ * This file is part of WinDivert.
  *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Lesser General Public License for more details.
+ * WinDivert is free software: you can redistribute it and/or modify it under
+ * the terms of the GNU Lesser General Public License as published by the
+ * Free Software Foundation, either version 3 of the License, or (at your
+ * option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+ * License for more details.
  *
  * You should have received a copy of the GNU Lesser General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * WinDivert is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ * 
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ * 
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc., 51
+ * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
  */
 
 #ifndef __WINDIVERT_H
@@ -24,11 +40,12 @@
 #endif      /* WINDIVERT_KERNEL */
 
 #ifndef WINDIVERTEXPORT
-#define WINDIVERTEXPORT     __declspec(dllimport)
+#define WINDIVERTEXPORT     extern __declspec(dllimport)
 #endif      /* WINDIVERTEXPORT */
 
 #ifdef __MINGW32__
 #define __in
+#define __in_opt
 #define __out
 #define __out_opt
 #define __inout
@@ -53,50 +70,177 @@ extern "C" {
 /****************************************************************************/
 
 /*
- * Divert address.
+ * WinDivert layers.
+ */
+typedef enum
+{
+    WINDIVERT_LAYER_NETWORK = 0,        /* Network layer. */
+    WINDIVERT_LAYER_NETWORK_FORWARD = 1,/* Network layer (forwarded packets) */
+    WINDIVERT_LAYER_FLOW = 2,           /* Flow layer. */
+    WINDIVERT_LAYER_SOCKET = 3,         /* Socket layer. */
+    WINDIVERT_LAYER_REFLECT = 4,        /* Reflect layer. */
+    WINDIVERT_LAYER_ETHERNET = 5,       /* Ethernet layer. */
+} WINDIVERT_LAYER, *PWINDIVERT_LAYER;
+
+/*
+ * WinDivert ETHERNET layer data.
  */
 typedef struct
 {
     UINT32 IfIdx;                       /* Packet's interface index. */
     UINT32 SubIfIdx;                    /* Packet's sub-interface index. */
-    UINT8  Direction;                   /* Packet's direction. */
+} WINDIVERT_DATA_ETHERNET, *PWINDIVERT_DATA_ETHERNET;
+
+/*
+ * WinDivert NETWORK and NETWORK_FORWARD layer data.
+ */
+typedef struct
+{
+    UINT32 IfIdx;                       /* Packet's interface index. */
+    UINT32 SubIfIdx;                    /* Packet's sub-interface index. */
+} WINDIVERT_DATA_NETWORK, *PWINDIVERT_DATA_NETWORK;
+
+/*
+ * WinDivert FLOW layer data.
+ */
+typedef struct
+{
+    UINT64 EndpointId;                  /* Endpoint ID. */
+    UINT64 ParentEndpointId;            /* Parent endpoint ID. */
+    UINT32 ProcessId;                   /* Process ID. */
+    UINT32 LocalAddr[4];                /* Local address. */
+    UINT32 RemoteAddr[4];               /* Remote address. */
+    UINT16 LocalPort;                   /* Local port. */
+    UINT16 RemotePort;                  /* Remote port. */
+    UINT8  Protocol;                    /* Protocol. */
+} WINDIVERT_DATA_FLOW, *PWINDIVERT_DATA_FLOW;
+
+/*
+ * WinDivert SOCKET layer data.
+ */
+typedef struct
+{
+    UINT64 EndpointId;                  /* Endpoint ID. */
+    UINT64 ParentEndpointId;            /* Parent Endpoint ID. */
+    UINT32 ProcessId;                   /* Process ID. */
+    UINT32 LocalAddr[4];                /* Local address. */
+    UINT32 RemoteAddr[4];               /* Remote address. */
+    UINT16 LocalPort;                   /* Local port. */
+    UINT16 RemotePort;                  /* Remote port. */
+    UINT8  Protocol;                    /* Protocol. */
+} WINDIVERT_DATA_SOCKET, *PWINDIVERT_DATA_SOCKET;
+
+/*
+ * WinDivert REFLECTION layer data.
+ */
+typedef struct
+{
+    INT64  Timestamp;                   /* Handle open time. */
+    UINT32 ProcessId;                   /* Handle process ID. */
+    WINDIVERT_LAYER Layer;              /* Handle layer. */
+    UINT64 Flags;                       /* Handle flags. */
+    INT16  Priority;                    /* Handle priority. */
+} WINDIVERT_DATA_REFLECT, *PWINDIVERT_DATA_REFLECT;
+
+/*
+ * WinDivert address.
+ */
+#ifdef _MSC_VER
+#pragma warning(push)
+#pragma warning(disable: 4201)
+#endif
+typedef struct
+{
+    INT64  Timestamp;                   /* Packet's timestamp. */
+    UINT32 Layer:8;                     /* Packet's layer. */
+    UINT32 Event:8;                     /* Packet event. */
+    UINT32 Sniffed:1;                   /* Packet was sniffed? */
+    UINT32 Outbound:1;                  /* Packet is outound? */
+    UINT32 Loopback:1;                  /* Packet is loopback? */
+    UINT32 Impostor:1;                  /* Packet is impostor? */
+    UINT32 IPv6:1;                      /* Packet is IPv6? */
+    UINT32 IPChecksum:1;                /* Packet has valid IPv4 checksum? */
+    UINT32 TCPChecksum:1;               /* Packet has valid TCP checksum? */
+    UINT32 UDPChecksum:1;               /* Packet has valid UDP checksum? */
+    UINT32 Reserved1:8;
+    UINT32 Reserved2:12;
+    UINT32 Length:20;                   /* Packet length. */
+    union
+    {
+        WINDIVERT_DATA_ETHERNET Ethernet;
+                                        /* Ethernet layer data. */
+        WINDIVERT_DATA_NETWORK Network; /* Network layer data. */
+        WINDIVERT_DATA_FLOW Flow;       /* Flow layer data. */
+        WINDIVERT_DATA_SOCKET Socket;   /* Socket layer data. */
+        WINDIVERT_DATA_REFLECT Reflect; /* Reflect layer data. */
+        UINT8 Reserved3[64];
+    };
 } WINDIVERT_ADDRESS, *PWINDIVERT_ADDRESS;
-
-#define WINDIVERT_DIRECTION_OUTBOUND    0
-#define WINDIVERT_DIRECTION_INBOUND     1
+#ifdef _MSC_VER
+#pragma warning(pop)
+#endif
 
 /*
- * Divert layers.
+ * WinDivert events.
  */
 typedef enum
 {
-    WINDIVERT_LAYER_NETWORK = 0,        /* Network layer. */
-    WINDIVERT_LAYER_NETWORK_FORWARD = 1 /* Network layer (forwarded packets) */
-} WINDIVERT_LAYER, *PWINDIVERT_LAYER;
+    WINDIVERT_EVENT_NETWORK_PACKET = 0, /* Network packet. */
+    WINDIVERT_EVENT_FLOW_ESTABLISHED = 1,
+                                        /* Flow established. */
+    WINDIVERT_EVENT_FLOW_DELETED = 2,   /* Flow deleted. */
+    WINDIVERT_EVENT_SOCKET_BIND = 3,    /* Socket bind. */
+    WINDIVERT_EVENT_SOCKET_CONNECT = 4, /* Socket connect. */
+    WINDIVERT_EVENT_SOCKET_LISTEN = 5,  /* Socket listen. */
+    WINDIVERT_EVENT_SOCKET_ACCEPT = 6,  /* Socket accept. */
+    WINDIVERT_EVENT_SOCKET_CLOSE = 7,   /* Socket close. */
+    WINDIVERT_EVENT_REFLECT_OPEN = 8,   /* WinDivert handle opened. */
+    WINDIVERT_EVENT_REFLECT_CLOSE = 9,  /* WinDivert handle closed. */
+    WINDIVERT_EVENT_ETHERNET_FRAME = 10,/* Ethernet frame. */
+} WINDIVERT_EVENT, *PWINDIVERT_EVENT;
 
 /*
- * Divert flags.
+ * WinDivert flags.
  */
-#define WINDIVERT_FLAG_SNIFF            1
-#define WINDIVERT_FLAG_DROP             2
-#define WINDIVERT_FLAG_NO_CHECKSUM      1024
+#define WINDIVERT_FLAG_SNIFF            0x0001
+#define WINDIVERT_FLAG_DROP             0x0002
+#define WINDIVERT_FLAG_RECV_ONLY        0x0004
+#define WINDIVERT_FLAG_READ_ONLY        WINDIVERT_FLAG_RECV_ONLY
+#define WINDIVERT_FLAG_SEND_ONLY        0x0008
+#define WINDIVERT_FLAG_WRITE_ONLY       WINDIVERT_FLAG_SEND_ONLY
+#define WINDIVERT_FLAG_NO_INSTALL       0x0010
+#define WINDIVERT_FLAG_FRAGMENTS        0x0020
 
 /*
- * Divert parameters.
+ * WinDivert parameters.
  */
 typedef enum
 {
-    WINDIVERT_PARAM_QUEUE_LEN  = 0,     /* Packet queue length. */
-    WINDIVERT_PARAM_QUEUE_TIME = 1      /* Packet queue time. */
+    WINDIVERT_PARAM_QUEUE_LENGTH = 0,   /* Packet queue length. */
+    WINDIVERT_PARAM_QUEUE_TIME = 1,     /* Packet queue time. */
+    WINDIVERT_PARAM_QUEUE_SIZE = 2,     /* Packet queue size. */
+    WINDIVERT_PARAM_VERSION_MAJOR = 3,  /* Driver version (major). */
+    WINDIVERT_PARAM_VERSION_MINOR = 4,  /* Driver version (minor). */
 } WINDIVERT_PARAM, *PWINDIVERT_PARAM;
-#define WINDIVERT_PARAM_MAX             WINDIVERT_PARAM_QUEUE_TIME
+#define WINDIVERT_PARAM_MAX             WINDIVERT_PARAM_VERSION_MINOR
+
+/*
+ * WinDivert shutdown parameter.
+ */
+typedef enum
+{
+    WINDIVERT_SHUTDOWN_RECV = 0x1,      /* Shutdown recv. */
+    WINDIVERT_SHUTDOWN_SEND = 0x2,      /* Shutdown send. */
+    WINDIVERT_SHUTDOWN_BOTH = 0x3,      /* Shutdown recv and send. */
+} WINDIVERT_SHUTDOWN, *PWINDIVERT_SHUTDOWN;
+#define WINDIVERT_SHUTDOWN_MAX          WINDIVERT_SHUTDOWN_BOTH
 
 #ifndef WINDIVERT_KERNEL
 
 /*
  * Open a WinDivert handle.
  */
-extern WINDIVERTEXPORT HANDLE WinDivertOpen(
+WINDIVERTEXPORT HANDLE WinDivertOpen(
     __in        const char *filter,
     __in        WINDIVERT_LAYER layer,
     __in        INT16 priority,
@@ -105,57 +249,66 @@ extern WINDIVERTEXPORT HANDLE WinDivertOpen(
 /*
  * Receive (read) a packet from a WinDivert handle.
  */
-extern WINDIVERTEXPORT BOOL WinDivertRecv(
+WINDIVERTEXPORT BOOL WinDivertRecv(
     __in        HANDLE handle,
-    __out       PVOID pPacket,
+    __out_opt   VOID *pPacket,
     __in        UINT packetLen,
-    __out_opt   PWINDIVERT_ADDRESS pAddr,
-    __out_opt   UINT *readLen);
+    __out_opt   UINT *pRecvLen,
+    __out_opt   WINDIVERT_ADDRESS *pAddr);
 
 /*
  * Receive (read) a packet from a WinDivert handle.
  */
-extern WINDIVERTEXPORT BOOL WinDivertRecvEx(
+WINDIVERTEXPORT BOOL WinDivertRecvEx(
     __in        HANDLE handle,
-    __out       PVOID pPacket,
+    __out_opt   VOID *pPacket,
     __in        UINT packetLen,
+    __out_opt   UINT *pRecvLen,
     __in        UINT64 flags,
-    __out_opt   PWINDIVERT_ADDRESS pAddr,
-    __out_opt   UINT *readLen,
+    __out       WINDIVERT_ADDRESS *pAddr,
+    __inout_opt UINT *pAddrLen,
     __inout_opt LPOVERLAPPED lpOverlapped);
 
 /*
  * Send (write/inject) a packet to a WinDivert handle.
  */
-extern WINDIVERTEXPORT BOOL WinDivertSend(
+WINDIVERTEXPORT BOOL WinDivertSend(
     __in        HANDLE handle,
-    __in        PVOID pPacket,
+    __in        const VOID *pPacket,
     __in        UINT packetLen,
-    __in        PWINDIVERT_ADDRESS pAddr,
-    __out_opt   UINT *writeLen);
+    __out_opt   UINT *pSendLen,
+    __in        const WINDIVERT_ADDRESS *pAddr);
 
 /*
  * Send (write/inject) a packet to a WinDivert handle.
  */
-extern WINDIVERTEXPORT BOOL WinDivertSendEx(
+WINDIVERTEXPORT BOOL WinDivertSendEx(
     __in        HANDLE handle,
-    __in        PVOID pPacket,
+    __in        const VOID *pPacket,
     __in        UINT packetLen,
+    __out_opt   UINT *pSendLen,
     __in        UINT64 flags,
-    __in        PWINDIVERT_ADDRESS pAddr,
-    __out_opt   UINT *writeLen,
+    __in        const WINDIVERT_ADDRESS *pAddr,
+    __in        UINT addrLen,
     __inout_opt LPOVERLAPPED lpOverlapped);
 
+/*
+ * Shutdown a WinDivert handle.
+ */
+WINDIVERTEXPORT BOOL WinDivertShutdown(
+    __in        HANDLE handle,
+    __in        WINDIVERT_SHUTDOWN how);
+
 /*
  * Close a WinDivert handle.
  */
-extern WINDIVERTEXPORT BOOL WinDivertClose(
+WINDIVERTEXPORT BOOL WinDivertClose(
     __in        HANDLE handle);
 
 /*
  * Set a WinDivert handle parameter.
  */
-extern WINDIVERTEXPORT BOOL WinDivertSetParam(
+WINDIVERTEXPORT BOOL WinDivertSetParam(
     __in        HANDLE handle,
     __in        WINDIVERT_PARAM param,
     __in        UINT64 value);
@@ -163,19 +316,105 @@ extern WINDIVERTEXPORT BOOL WinDivertSetParam(
 /*
  * Get a WinDivert handle parameter.
  */
-extern WINDIVERTEXPORT BOOL WinDivertGetParam(
+WINDIVERTEXPORT BOOL WinDivertGetParam(
     __in        HANDLE handle,
     __in        WINDIVERT_PARAM param,
     __out       UINT64 *pValue);
 
+#endif      /* WINDIVERT_KERNEL */
+
+/*
+ * WinDivert constants.
+ */
+#define WINDIVERT_PRIORITY_HIGHEST              30000
+#define WINDIVERT_PRIORITY_LOWEST               (-WINDIVERT_PRIORITY_HIGHEST)
+#define WINDIVERT_PARAM_QUEUE_LENGTH_DEFAULT    4096
+#define WINDIVERT_PARAM_QUEUE_LENGTH_MIN        32
+#define WINDIVERT_PARAM_QUEUE_LENGTH_MAX        16384
+#define WINDIVERT_PARAM_QUEUE_TIME_DEFAULT      2000        /* 2s */
+#define WINDIVERT_PARAM_QUEUE_TIME_MIN          100         /* 100ms */
+#define WINDIVERT_PARAM_QUEUE_TIME_MAX          16000       /* 16s */
+#define WINDIVERT_PARAM_QUEUE_SIZE_DEFAULT      4194304     /* 4MB */
+#define WINDIVERT_PARAM_QUEUE_SIZE_MIN          65535       /* 64KB */
+#define WINDIVERT_PARAM_QUEUE_SIZE_MAX          33554432    /* 32MB */
+#define WINDIVERT_BATCH_MAX                     0xFF        /* 255 */
+#define WINDIVERT_MTU_MAX                       (40 + 0xFFFF)
+
 /****************************************************************************/
 /* WINDIVERT HELPER API                                                     */
 /****************************************************************************/
 
+#ifdef _MSC_VER
+#pragma warning(push)
+#pragma warning(disable: 4214)
+#endif
+
 /*
- * IPv4/IPv6/ICMP/ICMPv6/TCP/UDP header definitions.
+ * Ethernet/ARP/IPv4/IPv6/ICMP/ICMPv6/TCP/UDP header definitions.
  */
 typedef struct
+{
+    UINT8 DstAddr[6];
+    UINT8 SrcAddr[6];
+    UINT16 Type;
+} WINDIVERT_ETHHDR, *PWINDIVERT_ETHHDR;
+
+typedef struct
+{
+    UINT16 Hardware;
+    UINT16 Protocol;
+    UINT8 HardLength;
+    UINT8 ProtLength;
+    UINT16 Opcode;
+} WINDIVERT_ARPHDR, *PWINDIVERT_ARPHDR;
+
+#define WINDIVERT_ARPHDR_VALIDATE(hdr, len)                 \
+    ((hdr) != NULL &&                                       \
+     (len) >= sizeof(WINDIVERT_ARPHDR) &&                   \
+     (len) >= sizeof(WINDIVERT_ARPHDR) +                    \
+        2 * (hdr)->HardLength + 2 * (hdr)->ProtLength  &&   \
+     (hdr)->Hardware == 0x0100 &&                           \
+     (hdr)->HardLength == 6 &&                              \
+     (((hdr)->Protocol == 0x0008 &&                         \
+       (hdr)->ProtLength == 4) ||                           \
+      ((hdr)->Protocol == 0xDD86 &&                         \
+       (hdr)->ProtLength == 16)))
+
+#define WINDIVERT_ARPHDR_GET_SRCHARDADDR_OFFSET(hdr)        \
+    (sizeof(WINDIVERT_ARPHDR))
+#define WINDIVERT_ARPHDR_GET_SRCPROTADDR_OFFSET(hdr)        \
+    (sizeof(WINDIVERT_ARPHDR)+(hdr)->HardLength)
+#define WINDIVERT_ARPHDR_GET_DSTHARDADDR_OFFSET(hdr)        \
+    (sizeof(WINDIVERT_ARPHDR)+(hdr)->HardLength+(hdr)->ProtLength)
+#define WINDIVERT_ARPHDR_GET_DSTPROTADDR_OFFSET(hdr)        \
+    (sizeof(WINDIVERT_ARPHDR)+2*(hdr)->HardLength+(hdr)->ProtLength)
+
+#define WINDIVERT_ARPHDR_GET_SRCMACADDR_PTR(hdr, len)       \
+    (!WINDIVERT_ARPHDR_VALIDATE(hdr, len) ||                \
+        (hdr)->Hardware != 0x0100? NULL:                    \
+    (((UINT8 *)(hdr))+WINDIVERT_ARPHDR_GET_SRCHARDADDR_OFFSET(hdr)))
+#define WINDIVERT_ARPHDR_GET_SRCIPV4ADDR_PTR(hdr, len)      \
+    (!WINDIVERT_ARPHDR_VALIDATE(hdr, len) ||                \
+        (hdr)->Protocol != 0x0008? NULL:                    \
+    ((UINT32 *)(((UINT8 *)(hdr))+WINDIVERT_ARPHDR_GET_SRCPROTADDR_OFFSET(hdr))))
+#define WINDIVERT_ARPHDR_GET_SRCIPV6ADDR_PTR(hdr, len)      \
+    (!WINDIVERT_ARPHDR_VALIDATE(hdr, len) ||                \
+        (hdr)->Protocol != 0xDD86? NULL:                    \
+    ((UINT32 *)(((UINT8 *)(hdr))+WINDIVERT_ARPHDR_GET_SRCPROTADDR_OFFSET(hdr))))
+#define WINDIVERT_ARPHDR_GET_DSTMACADDR_PTR(hdr, len)       \
+    (!WINDIVERT_ARPHDR_VALIDATE(hdr, len) ||                \
+        (hdr)->Hardware != 0x0100? NULL:                    \
+    (((UINT8 *)(hdr))+WINDIVERT_ARPHDR_GET_DSTHARDADDR_OFFSET(hdr)))
+#define WINDIVERT_ARPHDR_GET_DSTIPV4ADDR_PTR(hdr, len)      \
+    (!WINDIVERT_ARPHDR_VALIDATE(hdr, len) ||                \
+        (hdr)->Protocol != 0x0008? NULL:                    \
+    ((UINT32 *)(((UINT8 *)(hdr))+WINDIVERT_ARPHDR_GET_DSTPROTADDR_OFFSET(hdr))))
+#define WINDIVERT_ARPHDR_GET_DSTIPV6ADDR_PTR(hdr, len)      \
+    (!WINDIVERT_ARPHDR_VALIDATE(hdr, len) ||                \
+        (hdr)->Protocol != 0xDD86? NULL:                    \
+    ((UINT32 *)(((UINT8 *)(hdr))+WINDIVERT_ARPHDR_GET_DSTPROTADDR_OFFSET(hdr))))
+
+typedef struct
 {
     UINT8  HdrLength:4;
     UINT8  Version:4;
@@ -306,8 +545,12 @@ typedef struct
     UINT16 Checksum;
 } WINDIVERT_UDPHDR, *PWINDIVERT_UDPHDR;
 
+#ifdef _MSC_VER
+#pragma warning(pop)
+#endif
+
 /*
- * Flags for DivertHelperCalcChecksums()
+ * Flags for WinDivertHelperCalcChecksums()
  */
 #define WINDIVERT_HELPER_NO_IP_CHECKSUM                     1
 #define WINDIVERT_HELPER_NO_ICMP_CHECKSUM                   2
@@ -315,14 +558,33 @@ typedef struct
 #define WINDIVERT_HELPER_NO_TCP_CHECKSUM                    8
 #define WINDIVERT_HELPER_NO_UDP_CHECKSUM                    16
 
+#ifndef WINDIVERT_KERNEL
+
+/*
+ * Hash a packet.
+ */
+WINDIVERTEXPORT UINT64 WinDivertHelperHashPacket(
+    __in        const VOID *pPacket,
+    __in        UINT packetLen,
+    __in        WINDIVERT_LAYER layer,
+    __in        UINT64 seed
+#ifdef __cplusplus
+                = 0
+#endif
+);
+
 /*
  * Parse IPv4/IPv6/ICMP/ICMPv6/TCP/UDP headers from a raw packet.
  */
-extern WINDIVERTEXPORT BOOL WinDivertHelperParsePacket(
-    __in        PVOID pPacket,
+WINDIVERTEXPORT BOOL WinDivertHelperParsePacket(
+    __in        const VOID *pPacket,
     __in        UINT packetLen,
+    __in        WINDIVERT_LAYER layer,
+    __out_opt   PWINDIVERT_ETHHDR *ppEthHdr,
+    __out_opt   PWINDIVERT_ARPHDR *ppArpHdr,
     __out_opt   PWINDIVERT_IPHDR *ppIpHdr,
     __out_opt   PWINDIVERT_IPV6HDR *ppIpv6Hdr,
+    __out_opt   UINT8 *pProtocol,
     __out_opt   PWINDIVERT_ICMPHDR *ppIcmpHdr,
     __out_opt   PWINDIVERT_ICMPV6HDR *ppIcmpv6Hdr,
     __out_opt   PWINDIVERT_TCPHDR *ppTcpHdr,
@@ -330,112 +592,136 @@ extern WINDIVERTEXPORT BOOL WinDivertHelperParsePacket(
     __out_opt   PVOID *ppData,
     __out_opt   UINT *pDataLen);
 
+/*
+ * Parse a MAC address.
+ */
+WINDIVERTEXPORT BOOL WinDivertHelperParseMACAddress(
+    __in        const char *addrStr,
+    __out_opt   UINT8 *pAddr);
+
 /*
  * Parse an IPv4 address.
  */
-extern WINDIVERTEXPORT BOOL WinDivertHelperParseIPv4Address(
+WINDIVERTEXPORT BOOL WinDivertHelperParseIPv4Address(
     __in        const char *addrStr,
     __out_opt   UINT32 *pAddr);
 
 /*
  * Parse an IPv6 address.
  */
-extern WINDIVERTEXPORT BOOL WinDivertHelperParseIPv6Address(
+WINDIVERTEXPORT BOOL WinDivertHelperParseIPv6Address(
     __in        const char *addrStr,
     __out_opt   UINT32 *pAddr);
 
+/*
+ * Format a MAC address.
+ */
+WINDIVERTEXPORT BOOL WinDivertHelperFormatMACAddress(
+    __in        const UINT8 *pAddr,
+    __out       char *buffer,
+    __in        UINT bufLen);
+
+/*
+ * Format an IPv4 address.
+ */
+WINDIVERTEXPORT BOOL WinDivertHelperFormatIPv4Address(
+    __in        UINT32 addr,
+    __out       char *buffer,
+    __in        UINT bufLen);
+
+/*
+ * Format an IPv6 address.
+ */
+WINDIVERTEXPORT BOOL WinDivertHelperFormatIPv6Address(
+    __in        const UINT32 *pAddr,
+    __out       char *buffer,
+    __in        UINT bufLen);
+
 /*
  * Calculate IPv4/IPv6/ICMP/ICMPv6/TCP/UDP checksums.
  */
-extern WINDIVERTEXPORT UINT WinDivertHelperCalcChecksums(
-    __inout     PVOID pPacket, 
+WINDIVERTEXPORT BOOL WinDivertHelperCalcChecksums(
+    __inout     VOID *pPacket, 
     __in        UINT packetLen,
+    __in        WINDIVERT_LAYER layer,
+    __out_opt   WINDIVERT_ADDRESS *pAddr,
     __in        UINT64 flags);
 
-
-/****************************************************************************/
-/* WINDIVERT LEGACY API                                                     */
-/****************************************************************************/
-
 /*
- * Deprecated API:
+ * Decrement the TTL/HopLimit.
  */
-typedef WINDIVERT_ADDRESS DIVERT_ADDRESS;
-typedef PWINDIVERT_ADDRESS PDIVERT_ADDRESS;
-#define DIVERT_DIRECTION_OUTBOUND           WINDIVERT_DIRECTION_OUTBOUND
-#define DIVERT_DIRECTION_INBOUND            WINDIVERT_DIRECTION_INBOUND
-typedef WINDIVERT_LAYER DIVERT_LAYER;
-typedef PWINDIVERT_LAYER PDIVERT_LAYER;
-#define DIVERT_FLAG_SNIFF                   WINDIVERT_FLAG_SNIFF
-#define DIVERT_FLAG_DROP                    WINDIVERT_FLAG_DROP
-typedef WINDIVERT_PARAM DIVERT_PARAM;
-typedef PWINDIVERT_PARAM PDIVERT_PARAM;
-typedef WINDIVERT_IPHDR DIVERT_IPHDR;
-typedef PWINDIVERT_IPHDR PDIVERT_IPHDR;
-typedef WINDIVERT_IPV6HDR DIVERT_IPV6HDR;
-typedef PWINDIVERT_IPV6HDR PDIVERT_IPV6HDR;
-typedef WINDIVERT_ICMPHDR DIVERT_ICMPHDR;
-typedef PWINDIVERT_ICMPHDR PDIVERT_ICMPHDR;
-typedef WINDIVERT_ICMPV6HDR DIVERT_ICMPV6HDR;
-typedef PWINDIVERT_ICMPV6HDR PDIVERT_ICMPV6HDR;
-typedef WINDIVERT_TCPHDR DIVERT_TCPHDR;
-typedef PWINDIVERT_TCPHDR PDIVERT_TCPHDR;
-typedef WINDIVERT_UDPHDR DIVERT_UDPHDR;
-typedef PWINDIVERT_UDPHDR PDIVERT_UDPHDR;
-#define DIVERT_HELPER_NO_IP_CHECKSUM        WINDIVERT_HELPER_NO_IP_CHECKSUM
-#define DIVERT_HELPER_NO_ICMP_CHECKSUM      WINDIVERT_HELPER_NO_ICMP_CHECKSUM
-#define DIVERT_HELPER_NO_ICMPV6_CHECKSUM    WINDIVERT_HELPER_NO_ICMPV6_CHECKSUM
-#define DIVERT_HELPER_NO_TCP_CHECKSUM       WINDIVERT_HELPER_NO_TCP_CHECKSUM
-#define DIVERT_HELPER_NO_UDP_CHECKSUM       WINDIVERT_HELPER_NO_UDP_CHECKSUM
+WINDIVERTEXPORT BOOL WinDivertHelperDecrementTTL(
+    __inout     VOID *pPacket,
+    __in        UINT packetLen,
+    __in        WINDIVERT_LAYER layer);
 
-extern WINDIVERTEXPORT HANDLE DivertOpen(
+/*
+ * Compile the given filter string.
+ */
+WINDIVERTEXPORT BOOL WinDivertHelperCompileFilter(
     __in        const char *filter,
-    __in        DIVERT_LAYER layer,
-    __in        INT16 priority,
-    __in        UINT64 flags);
-extern WINDIVERTEXPORT BOOL DivertRecv(
-    __in        HANDLE handle,
-    __out       PVOID pPacket,
+    __in        WINDIVERT_LAYER layer,
+    __out_opt   char *object,
+    __in        UINT objLen,
+    __out_opt   const char **errorStr,
+    __out_opt   UINT *errorPos);
+
+/*
+ * Evaluate the given filter string.
+ */
+WINDIVERTEXPORT BOOL WinDivertHelperEvalFilter(
+    __in        const char *filter,
+    __in        const VOID *pPacket,
     __in        UINT packetLen,
-    __out_opt   PDIVERT_ADDRESS pAddr,
-    __out_opt   UINT *readLen);
-extern WINDIVERTEXPORT BOOL DivertSend(
-    __in        HANDLE handle,
-    __in        PVOID pPacket,
-    __in        UINT packetLen,
-    __in        PDIVERT_ADDRESS pAddr,
-    __out_opt   UINT *writeLen);
-extern WINDIVERTEXPORT BOOL DivertClose(
-    __in        HANDLE handle);
-extern WINDIVERTEXPORT BOOL DivertSetParam(
-    __in        HANDLE handle,
-    __in        DIVERT_PARAM param,
-    __in        UINT64 value);
-extern WINDIVERTEXPORT BOOL DivertGetParam(
-    __in        HANDLE handle,
-    __in        DIVERT_PARAM param,
-    __out       UINT64 *pValue);
-extern WINDIVERTEXPORT BOOL DivertHelperParsePacket(
-    __in        PVOID pPacket,
-    __in        UINT packetLen,
-    __out_opt   PDIVERT_IPHDR *ppIpHdr,
-    __out_opt   PDIVERT_IPV6HDR *ppIpv6Hdr,
-    __out_opt   PDIVERT_ICMPHDR *ppIcmpHdr,
-    __out_opt   PDIVERT_ICMPV6HDR *ppIcmpv6Hdr,
-    __out_opt   PDIVERT_TCPHDR *ppTcpHdr,
-    __out_opt   PDIVERT_UDPHDR *ppUdpHdr,
-    __out_opt   PVOID *ppData,
-    __out_opt   UINT *pDataLen);
-extern WINDIVERTEXPORT BOOL DivertHelperParseIPv4Address(
-    __in        const char *addrStr,
-    __out_opt   UINT32 *pAddr);
-extern WINDIVERTEXPORT BOOL DivertHelperParseIPv6Address(
-    __in        const char *addrStr,
-    __out_opt   UINT32 *pAddr);
-extern WINDIVERTEXPORT UINT DivertHelperCalcChecksums(
-    __inout     PVOID pPacket,
-    __in        UINT packetLen,
-    __in        UINT64 flags);
+    __in        WINDIVERT_LAYER layer,
+    __in        const WINDIVERT_ADDRESS *pAddr);
+
+/*
+ * Format the given filter string.
+ */
+WINDIVERTEXPORT BOOL WinDivertHelperFormatFilter(
+    __in        const char *filter,
+    __in        WINDIVERT_LAYER layer,
+    __out       char *buffer,
+    __in        UINT bufLen);
+
+/*
+ * Byte ordering.
+ */
+WINDIVERTEXPORT UINT16 WinDivertHelperNtohs(
+    __in        UINT16 x);
+WINDIVERTEXPORT UINT16 WinDivertHelperHtons(
+    __in        UINT16 x);
+WINDIVERTEXPORT UINT32 WinDivertHelperNtohl(
+    __in        UINT32 x);
+WINDIVERTEXPORT UINT32 WinDivertHelperHtonl(
+    __in        UINT32 x);
+WINDIVERTEXPORT UINT64 WinDivertHelperNtohll(
+    __in        UINT64 x);
+WINDIVERTEXPORT UINT64 WinDivertHelperHtonll(
+    __in        UINT64 x);
+WINDIVERTEXPORT void WinDivertHelperNtohMACAddress(
+    __in        const UINT8 *inAddr,
+    __out       UINT8 *outAddr);
+WINDIVERTEXPORT void WinDivertHelperHtonMACAddress(
+    __in        const UINT8 *inAddr,
+    __out       UINT8 *outAddr);
+WINDIVERTEXPORT void WinDivertHelperNtohIPv6Address(
+    __in        const UINT *inAddr,
+    __out       UINT *outAddr);
+WINDIVERTEXPORT void WinDivertHelperHtonIPv6Address(
+    __in        const UINT *inAddr,
+    __out       UINT *outAddr);
+
+/*
+ * Old names to be removed in the next version.
+ */
+WINDIVERTEXPORT void WinDivertHelperNtohIpv6Address(
+    __in        const UINT *inAddr,
+    __out       UINT *outAddr);
+WINDIVERTEXPORT void WinDivertHelperHtonIpv6Address(
+    __in        const UINT *inAddr,
+    __out       UINT *outAddr);
 
 #endif      /* WINDIVERT_KERNEL */
 

include/windivert_device.h

@@ -1,35 +1,54 @@
 /*
  * windivert_device.h
- * (C) 2014, all rights reserved,
+ * (C) 2023, all rights reserved,
  *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
+ * This file is part of WinDivert.
  *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Lesser General Public License for more details.
+ * WinDivert is free software: you can redistribute it and/or modify it under
+ * the terms of the GNU Lesser General Public License as published by the
+ * Free Software Foundation, either version 3 of the License, or (at your
+ * option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+ * License for more details.
  *
  * You should have received a copy of the GNU Lesser General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * WinDivert is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ * 
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ * 
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc., 51
+ * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
  */
 
 #ifndef __WINDIVERT_DEVICE_H
 #define __WINDIVERT_DEVICE_H
 
 /*
- * NOTE: This is the low-level interface to the divert device driver.
+ * NOTE: This is the low-level interface to the WinDivert device driver.
  *       This interface should not be used directly, instead use the high-level
- *       interface provided by the divert API.
+ *       interface provided by the WinDivert API.
  */
 
 #define WINDIVERT_KERNEL
 #include "windivert.h"
 
-#define WINDIVERT_VERSION                           1
-#define WINDIVERT_VERSION_MINOR                     1
+#define WINDIVERT_VERSION_MAJOR                     3
+#define WINDIVERT_VERSION_MINOR                     0
+
+#define WINDIVERT_MAGIC_DLL                         0x4C4C447669645724ull
+#define WINDIVERT_MAGIC_SYS                         0x5359537669645723ull
 
 #define WINDIVERT_STR2(s)                           #s
 #define WINDIVERT_STR(s)                            WINDIVERT_STR2(s)
@@ -37,14 +56,13 @@
 #define WINDIVERT_LSTR(s)                           WINDIVERT_LSTR2(s)
 
 #define WINDIVERT_VERSION_LSTR                                              \
-    WINDIVERT_LSTR(WINDIVERT_VERSION) L"."                                  \
+    WINDIVERT_LSTR(WINDIVERT_VERSION_MAJOR) L"."                            \
         WINDIVERT_LSTR(WINDIVERT_VERSION_MINOR)
 
 #define WINDIVERT_DEVICE_NAME                                               \
-    L"WinDivert" WINDIVERT_VERSION_LSTR
-
-#define WINDIVERT_IOCTL_VERSION                     3
-#define WINDIVERT_IOCTL_MAGIC                       0xE8D3
+    L"WinDivert"
+#define WINDIVERT_LAYER_NAME                                                \
+    WINDIVERT_DEVICE_NAME WINDIVERT_VERSION_LSTR
 
 #define WINDIVERT_FILTER_FIELD_ZERO                 0
 #define WINDIVERT_FILTER_FIELD_INBOUND              1
@@ -104,8 +122,49 @@
 #define WINDIVERT_FILTER_FIELD_UDP_LENGTH           55
 #define WINDIVERT_FILTER_FIELD_UDP_CHECKSUM         56
 #define WINDIVERT_FILTER_FIELD_UDP_PAYLOADLENGTH    57
+#define WINDIVERT_FILTER_FIELD_LOOPBACK             58
+#define WINDIVERT_FILTER_FIELD_IMPOSTOR             59
+#define WINDIVERT_FILTER_FIELD_PROCESSID            60
+#define WINDIVERT_FILTER_FIELD_LOCALADDR            61
+#define WINDIVERT_FILTER_FIELD_REMOTEADDR           62
+#define WINDIVERT_FILTER_FIELD_LOCALPORT            63
+#define WINDIVERT_FILTER_FIELD_REMOTEPORT           64
+#define WINDIVERT_FILTER_FIELD_PROTOCOL             65
+#define WINDIVERT_FILTER_FIELD_ENDPOINTID           66
+#define WINDIVERT_FILTER_FIELD_PARENTENDPOINTID     67
+#define WINDIVERT_FILTER_FIELD_LAYER                68
+#define WINDIVERT_FILTER_FIELD_PRIORITY             69
+#define WINDIVERT_FILTER_FIELD_EVENT                70
+#define WINDIVERT_FILTER_FIELD_PACKET               71
+#define WINDIVERT_FILTER_FIELD_PACKET16             72
+#define WINDIVERT_FILTER_FIELD_PACKET32             73
+#define WINDIVERT_FILTER_FIELD_TCP_PAYLOAD          74
+#define WINDIVERT_FILTER_FIELD_TCP_PAYLOAD16        75
+#define WINDIVERT_FILTER_FIELD_TCP_PAYLOAD32        76
+#define WINDIVERT_FILTER_FIELD_UDP_PAYLOAD          77
+#define WINDIVERT_FILTER_FIELD_UDP_PAYLOAD16        78
+#define WINDIVERT_FILTER_FIELD_UDP_PAYLOAD32        79
+#define WINDIVERT_FILTER_FIELD_LENGTH               80
+#define WINDIVERT_FILTER_FIELD_TIMESTAMP            81
+#define WINDIVERT_FILTER_FIELD_RANDOM8              82
+#define WINDIVERT_FILTER_FIELD_RANDOM16             83
+#define WINDIVERT_FILTER_FIELD_RANDOM32             84
+#define WINDIVERT_FILTER_FIELD_FRAGMENT             85
+#define WINDIVERT_FILTER_FIELD_ETH_DST_ADDR         86
+#define WINDIVERT_FILTER_FIELD_ETH_SRC_ADDR         87
+#define WINDIVERT_FILTER_FIELD_ETH_TYPE             88
+#define WINDIVERT_FILTER_FIELD_ARP                  89
+#define WINDIVERT_FILTER_FIELD_ARP_HARDWARE         90
+#define WINDIVERT_FILTER_FIELD_ARP_PROTOCOL         91
+#define WINDIVERT_FILTER_FIELD_ARP_HARD_LENGTH      92
+#define WINDIVERT_FILTER_FIELD_ARP_PROT_LENGTH      93
+#define WINDIVERT_FILTER_FIELD_ARP_OPCODE           94
+#define WINDIVERT_FILTER_FIELD_ARP_SRC_HARD_ADDR    95
+#define WINDIVERT_FILTER_FIELD_ARP_SRC_PROT_ADDR    96
+#define WINDIVERT_FILTER_FIELD_ARP_DST_HARD_ADDR    97
+#define WINDIVERT_FILTER_FIELD_ARP_DST_PROT_ADDR    98
 #define WINDIVERT_FILTER_FIELD_MAX                  \
-    WINDIVERT_FILTER_FIELD_UDP_PAYLOADLENGTH
+    WINDIVERT_FILTER_FIELD_ARP_DST_PROT_ADDR
 
 #define WINDIVERT_FILTER_TEST_EQ                    0
 #define WINDIVERT_FILTER_TEST_NEQ                   1
@@ -115,94 +174,165 @@
 #define WINDIVERT_FILTER_TEST_GEQ                   5
 #define WINDIVERT_FILTER_TEST_MAX                   WINDIVERT_FILTER_TEST_GEQ
 
-#define WINDIVERT_FILTER_MAXLEN                     128
+#define WINDIVERT_FILTER_MAXLEN                     256
 
-#define WINDIVERT_FILTER_RESULT_ACCEPT              (WINDIVERT_FILTER_MAXLEN+1)
-#define WINDIVERT_FILTER_RESULT_REJECT              (WINDIVERT_FILTER_MAXLEN+2)
+#define WINDIVERT_FILTER_RESULT_ACCEPT              0x7FFE
+#define WINDIVERT_FILTER_RESULT_REJECT              0x7FFF
 
 /*
  * WinDivert layers.
  */
-#define WINDIVERT_LAYER_DEFAULT                     WINDIVERT_LAYER_NETWORK
-#define WINDIVERT_LAYER_MAX                                                 \
-    WINDIVERT_LAYER_NETWORK_FORWARD
+#define WINDIVERT_LAYER_MAX                         WINDIVERT_LAYER_REFLECT
+
+/*
+ * WinDivert events.
+ */
+#define WINDIVERT_EVENT_MAX                         \
+    WINDIVERT_EVENT_REFLECT_CLOSE
 
 /*
  * WinDivert flags.
  */
 #define WINDIVERT_FLAGS_ALL                                                 \
-    (WINDIVERT_FLAG_SNIFF | WINDIVERT_FLAG_DROP |                           \
-     WINDIVERT_FLAG_NO_CHECKSUM)
+    (WINDIVERT_FLAG_SNIFF | WINDIVERT_FLAG_DROP | WINDIVERT_FLAG_RECV_ONLY |\
+        WINDIVERT_FLAG_SEND_ONLY | WINDIVERT_FLAG_NO_INSTALL |              \
+        WINDIVERT_FLAG_FRAGMENTS)
 #define WINDIVERT_FLAGS_EXCLUDE(flags, flag1, flag2)                        \
     (((flags) & ((flag1) | (flag2))) != ((flag1) | (flag2)))
 #define WINDIVERT_FLAGS_VALID(flags)                                        \
     ((((flags) & ~WINDIVERT_FLAGS_ALL) == 0) &&                             \
      WINDIVERT_FLAGS_EXCLUDE(flags, WINDIVERT_FLAG_SNIFF,                   \
-        WINDIVERT_FLAG_DROP))
+        WINDIVERT_FLAG_DROP) &&                                             \
+     WINDIVERT_FLAGS_EXCLUDE(flags, WINDIVERT_FLAG_RECV_ONLY,               \
+        WINDIVERT_FLAG_SEND_ONLY))
+
+/*
+ * WinDivert filter flags.
+ */
+#define WINDIVERT_FILTER_FLAG_INBOUND               0x0000000000000010ull
+#define WINDIVERT_FILTER_FLAG_OUTBOUND              0x0000000000000020ull
+#define WINDIVERT_FILTER_FLAG_IP                    0x0000000000000040ull
+#define WINDIVERT_FILTER_FLAG_IPV6                  0x0000000000000080ull
+#define WINDIVERT_FILTER_FLAG_EVENT_FLOW_DELETED    0x0000000000000100ull
+#define WINDIVERT_FILTER_FLAG_EVENT_SOCKET_BIND     0x0000000000000200ull
+#define WINDIVERT_FILTER_FLAG_EVENT_SOCKET_CONNECT  0x0000000000000400ull
+#define WINDIVERT_FILTER_FLAG_EVENT_SOCKET_LISTEN   0x0000000000000800ull
+#define WINDIVERT_FILTER_FLAG_EVENT_SOCKET_ACCEPT   0x0000000000001000ull
+#define WINDIVERT_FILTER_FLAG_EVENT_SOCKET_CLOSE    0x0000000000002000ull
+
+#define WINDIVERT_FILTER_FLAGS_ALL                                          \
+    (WINDIVERT_FILTER_FLAG_INBOUND |                                        \
+        WINDIVERT_FILTER_FLAG_OUTBOUND |                                    \
+        WINDIVERT_FILTER_FLAG_IP |                                          \
+        WINDIVERT_FILTER_FLAG_IPV6 |                                        \
+        WINDIVERT_FILTER_FLAG_EVENT_FLOW_DELETED |                          \
+        WINDIVERT_FILTER_FLAG_EVENT_SOCKET_BIND |                           \
+        WINDIVERT_FILTER_FLAG_EVENT_SOCKET_CONNECT |                        \
+        WINDIVERT_FILTER_FLAG_EVENT_SOCKET_LISTEN |                         \
+        WINDIVERT_FILTER_FLAG_EVENT_SOCKET_ACCEPT |                         \
+        WINDIVERT_FILTER_FLAG_EVENT_SOCKET_CLOSE)
+
 /*
  * WinDivert priorities.
  */
-#define WINDIVERT_PRIORITY(priority16)                                      \
-    ((UINT32)((INT32)(priority16) + 0x7FFF + 1))
-#define WINDIVERT_PRIORITY_DEFAULT                  WINDIVERT_PRIORITY(0)
-#define WINDIVERT_PRIORITY_MAX                      WINDIVERT_PRIORITY(1000)
-#define WINDIVERT_PRIORITY_MIN                      WINDIVERT_PRIORITY(-1000)
+#define WINDIVERT_PRIORITY_MAX                      WINDIVERT_PRIORITY_HIGHEST
+#define WINDIVERT_PRIORITY_MIN                      WINDIVERT_PRIORITY_LOWEST
 
 /*
- * WinDivert parameters.
+ * WinDivert timestamps.
  */
-#define WINDIVERT_PARAM_QUEUE_LEN_DEFAULT           1024
-#define WINDIVERT_PARAM_QUEUE_LEN_MIN               1
-#define WINDIVERT_PARAM_QUEUE_LEN_MAX               8192
-#define WINDIVERT_PARAM_QUEUE_TIME_DEFAULT          512
-#define WINDIVERT_PARAM_QUEUE_TIME_MIN              128
-#define WINDIVERT_PARAM_QUEUE_TIME_MAX              2048
+#define WINDIVERT_TIMESTAMP_MAX                     0x7FFFFFFFFFFFFFFFull
 
 /*
  * WinDivert message definitions.
  */
 #pragma pack(push, 1)
-struct windivert_ioctl_s
+typedef union
 {
-    UINT16 magic;                   // WINDIVERT_IOCTL_MAGIC
-    UINT8  version;                 // WINDIVERT_IOCTL_VERSION
-    UINT8  arg8;                    // 8-bit argument
-    UINT64 arg;                     // 64-bit argument
-};
-typedef struct windivert_ioctl_s *windivert_ioctl_t;
+    struct
+    {
+        UINT64 addr;                // WINDIVERT_ADDRESS pointer.
+        UINT64 addr_len_ptr;        // sizeof(addr) pointer.
+    } recv;
+    struct
+    {
+        UINT64 addr;                // WINDIVERT_ADDRESS pointer.
+        UINT64 addr_len;            // sizeof(addr).
+    } send;
+    struct
+    {
+        UINT32 layer;               // Handle layer.
+        UINT32 priority;            // Handle priority.
+        UINT64 flags;               // Handle flags.
+    } initialize;
+    struct
+    {
+        UINT64 flags;               // Filter flags.
+    } startup;
+    struct
+    {
+        UINT32 how;                 // WINDIVERT_SHUTDOWN_*
+    } shutdown;
+    struct
+    {
+        UINT32 param;               // WINDIVERT_PARAM_*
+    } get_param;
+    struct
+    {
+        UINT64 val;                 // Value pointer.
+        UINT32 param;               // WINDIVERT_PARAM_*
+    } set_param;
+} WINDIVERT_IOCTL, *PWINDIVERT_IOCTL;
 
 /*
- * WinDivert IOCTL structures.
+ * WinDivert initialization structure.
  */
-struct windivert_ioctl_filter_s
+typedef struct
 {
-    UINT8  field;                   // WINDIVERT_FILTER_FIELD_IP_*
-    UINT8  test;                    // WINDIVERT_FILTER_TEST_*
-    UINT16 success;                 // Success continuation.
-    UINT16 failure;                 // Fail continuation.
+    UINT64 magic;                   // Magic number (in/out).
+    UINT32 major;                   // Driver major version (in/out).
+    UINT32 minor;                   // Driver minor version (in/out).
+    UINT32 bits;                    // 32 or 64 (in/out).
+    UINT32 reserved32[3];
+    UINT64 reserved64[4];
+} WINDIVERT_VERSION, *PWINDIVERT_VERSION;
+
+/*
+ * WinDivert filter structure.
+ */
+typedef struct
+{
+    UINT32 field:11;                // WINDIVERT_FILTER_FIELD_*
+    UINT32 test:5;                  // WINDIVERT_FILTER_TEST_*
+    UINT32 success:16;              // Success continuation.
+    UINT32 failure:16;              // Fail continuation.
+    UINT32 neg:1;                   // Argument negative?
+    UINT32 reserved:15;
     UINT32 arg[4];                  // Argument.
-};
-typedef struct windivert_ioctl_filter_s *windivert_ioctl_filter_t;
+} WINDIVERT_FILTER, *PWINDIVERT_FILTER;
 #pragma pack(pop)
 
 /*
  * IOCTL codes.
  */
+#define IOCTL_WINDIVERT_INITIALIZE                                          \
+    CTL_CODE(FILE_DEVICE_NETWORK, 0x921, METHOD_OUT_DIRECT, FILE_READ_DATA |\
+        FILE_WRITE_DATA)
+#define IOCTL_WINDIVERT_STARTUP                                             \
+    CTL_CODE(FILE_DEVICE_NETWORK, 0x922, METHOD_IN_DIRECT, FILE_READ_DATA | \
+        FILE_WRITE_DATA)
 #define IOCTL_WINDIVERT_RECV                                                \
-    CTL_CODE(FILE_DEVICE_NETWORK, 0x908, METHOD_OUT_DIRECT, FILE_ANY_ACCESS)
+    CTL_CODE(FILE_DEVICE_NETWORK, 0x923, METHOD_OUT_DIRECT, FILE_READ_DATA)
 #define IOCTL_WINDIVERT_SEND                                                \
-    CTL_CODE(FILE_DEVICE_NETWORK, 0x909, METHOD_IN_DIRECT, FILE_ANY_ACCESS)
-#define IOCTL_WINDIVERT_START_FILTER                                        \
-    CTL_CODE(FILE_DEVICE_NETWORK, 0x90A, METHOD_IN_DIRECT, FILE_ANY_ACCESS)
-#define IOCTL_WINDIVERT_SET_LAYER                                           \
-    CTL_CODE(FILE_DEVICE_NETWORK, 0x90B, METHOD_IN_DIRECT, FILE_ANY_ACCESS)
-#define IOCTL_WINDIVERT_SET_PRIORITY                                        \
-    CTL_CODE(FILE_DEVICE_NETWORK, 0x90C, METHOD_IN_DIRECT, FILE_ANY_ACCESS)
-#define IOCTL_WINDIVERT_SET_FLAGS                                           \
-    CTL_CODE(FILE_DEVICE_NETWORK, 0x90D, METHOD_IN_DIRECT, FILE_ANY_ACCESS)
+    CTL_CODE(FILE_DEVICE_NETWORK, 0x924, METHOD_IN_DIRECT, FILE_READ_DATA | \
+        FILE_WRITE_DATA)
 #define IOCTL_WINDIVERT_SET_PARAM                                           \
-    CTL_CODE(FILE_DEVICE_NETWORK, 0x90E, METHOD_IN_DIRECT, FILE_ANY_ACCESS)
+    CTL_CODE(FILE_DEVICE_NETWORK, 0x925, METHOD_IN_DIRECT, FILE_READ_DATA | \
+        FILE_WRITE_DATA)
 #define IOCTL_WINDIVERT_GET_PARAM                                           \
-    CTL_CODE(FILE_DEVICE_NETWORK, 0x90F, METHOD_OUT_DIRECT, FILE_ANY_ACCESS)
+    CTL_CODE(FILE_DEVICE_NETWORK, 0x926, METHOD_OUT_DIRECT, FILE_READ_DATA)
+#define IOCTL_WINDIVERT_SHUTDOWN                                            \
+    CTL_CODE(FILE_DEVICE_NETWORK, 0x927, METHOD_IN_DIRECT, FILE_READ_DATA | \
+        FILE_WRITE_DATA)
 
 #endif      /* __WINDIVERT_DEVICE_H */

inf/windivert32.inf

@@ -0,0 +1,42 @@
+[Version]
+Signature = "$Windows NT$"
+Class = WFPCALLOUTS
+ClassGuid = {57465043-616C-6C6F-7574-5F636C617373}
+Provider = %Basil%
+CatalogFile = WinDivert32.Cat
+DriverVer = 01/09/2022,2.2.2
+
+[SourceDisksNames]
+1 = %DiskName%
+
+[SourceDisksFiles]
+WinDivert32.sys = 1
+
+[DestinationDirs]
+DefaultDestDir = 12 ; %windir%\system32\drivers
+WinDivertCalloutDriver.DriverFiles = 12 ; %windir%\system32\drivers
+
+[DefaultInstall]
+OptionDesc = %Description%
+CopyFiles = WinDivertCalloutDriver.DriverFiles
+
+[DefaultInstall.Services]
+AddService = %ServiceName%,,WinDivertCalloutDriver.Service
+
+[WinDivertCalloutDriver.DriverFiles]
+WinDivert32.sys,,,0x00000040 ; COPYFLG_OVERWRITE_OLDER_ONLY
+
+[WinDivertCalloutDriver.Service]
+DisplayName = %ServiceName%
+Description = %ServiceDesc%
+ServiceType = 1  ; SERVICE_KERNEL_DRIVER
+StartType = 0    ; SERVICE_BOOT_START
+ErrorControl = 1 ; SERVICE_ERROR_NORMAL
+ServiceBinary = %12%\WinDivert32.sys
+
+[Strings]
+Basil = "Basil"
+DiskName = "WinDivert Installation Disk"
+Description = "WinDivert Driver"
+ServiceName = "WinDivert"
+ServiceDesc = "WinDivert Driver"

inf/windivert64.inf

@@ -0,0 +1,42 @@
+[Version]
+Signature = "$Windows NT$"
+Class = WFPCALLOUTS
+ClassGuid = {57465043-616C-6C6F-7574-5F636C617373}
+Provider = %Basil%
+CatalogFile = WinDivert64.Cat
+DriverVer = 01/09/2022,2.2.2
+
+[SourceDisksNames]
+1 = %DiskName%
+
+[SourceDisksFiles]
+WinDivert64.sys = 1
+
+[DestinationDirs]
+DefaultDestDir = 12 ; %windir%\system32\drivers
+WinDivertCalloutDriver.DriverFiles = 12 ; %windir%\system32\drivers
+
+[DefaultInstall]
+OptionDesc = %Description%
+CopyFiles = WinDivertCalloutDriver.DriverFiles
+
+[DefaultInstall.Services]
+AddService = %ServiceName%,,WinDivertCalloutDriver.Service
+
+[WinDivertCalloutDriver.DriverFiles]
+WinDivert64.sys,,,0x00000040 ; COPYFLG_OVERWRITE_OLDER_ONLY
+
+[WinDivertCalloutDriver.Service]
+DisplayName = %ServiceName%
+Description = %ServiceDesc%
+ServiceType = 1  ; SERVICE_KERNEL_DRIVER
+StartType = 0    ; SERVICE_BOOT_START
+ErrorControl = 1 ; SERVICE_ERROR_NORMAL
+ServiceBinary = %12%\WinDivert64.sys
+
+[Strings]
+Basil = "Basil"
+DiskName = "WinDivert Installation Disk"
+Description = "WinDivert Driver"
+ServiceName = "WinDivert"
+ServiceDesc = "WinDivert Driver"

mingw-build.sh

@@ -1,28 +1,49 @@
 #!/bin/bash
 #
 # mingw-build.sh
-# (C) 2014, all rights reserved,
+# (C) 2019, all rights reserved,
 #
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU Lesser General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
+# This file is part of WinDivert.
 #
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU Lesser General Public License for more details.
+# WinDivert is free software: you can redistribute it and/or modify it under
+# the terms of the GNU Lesser General Public License as published by the
+# Free Software Foundation, either version 3 of the License, or (at your
+# option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+# License for more details.
 #
 # You should have received a copy of the GNU Lesser General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+# WinDivert is free software; you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free
+# Software Foundation; either version 2 of the License, or (at your option)
+# any later version.
+# 
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+# for more details.
+# 
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc., 51
+# Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
 
 # Script for MinGW/Linux cross compilation.
-# NOTE: run wddk-build.bat before this script.
+# NOTE: run msvc-build.bat before this script.
 
 set -e
 
 ENVS="i686-w64-mingw32 x86_64-w64-mingw32"
 
+if [ "$1" = "debug" ]
+then
+    EXTRA_OPTS="-lmsvcrt -include stdio.h"
+fi 
+
 for ENV in $ENVS
 do
     if [ $ENV = "i686-w64-mingw32" ]
@@ -35,18 +56,19 @@ do
         BITS=64
         MANGLE=
     fi
-    if [ ! -d install/WDDK/$CPU ]
+    HAVE_SYS=yes
+    if [ ! -d install/MSVC/$CPU ]
     then
-        echo "WARNING: missing WDDK build; run wddk-build.bat first"
-        echo "SKIP WDDK-$CPU"
-        continue
+        echo "WARNING: missing MSVC build; run msvc-build.bat first"
+        HAVE_SYS=no
     fi
-    echo "BUILD WDDK-$CPU"
+    echo "BUILD MINGW-$CPU"
     CC="$ENV-gcc"
-    COPTS="-shared -Wall -Wno-pointer-to-int-cast -O2 -Iinclude/ 
+    COPTS="-fno-ident -shared -Wall -Wno-pointer-to-int-cast -Os -Iinclude/ 
         -Wl,--enable-stdcall-fixup -Wl,--entry=${MANGLE}WinDivertDllEntry"
-    CLIBS="-lgcc -lmsvcrt -lkernel32 -ladvapi32"
+    CLIBS="-lkernel32 -ladvapi32 $EXTRA_OPTS"
     STRIP="$ENV-strip"
+    DLLTOOL="$ENV-dlltool"
     if [ -x "`which $CC`" ]
     then
         echo "\tmake install/MINGW/$CPU..."
@@ -56,24 +78,51 @@ do
         $CC $COPTS -o "install/MINGW/$CPU/WinDivert.dll" \
             dll/windivert.o dll/windivert.def -nostdlib $CLIBS
         $STRIP "install/MINGW/$CPU/WinDivert.dll"
+        echo "\tbuild install/MINGW/$CPU/WinDivert.lib..."
+        $DLLTOOL --dllname install/MINGW/$CPU/WinDivert.dll \
+            --def dll/windivert.def \
+            --output-lib install/MINGW/$CPU/WinDivert.lib 2>/dev/null
         echo "\tbuild install/MINGW/$CPU/netdump.exe..."
         $CC -s -O2 -Iinclude/ examples/netdump/netdump.c \
-            -o "install/MINGW/$CPU/netdump.exe" -lWinDivert -lws2_32 \
+            -o "install/MINGW/$CPU/netdump.exe" -lWinDivert \
             -L"install/MINGW/$CPU/"
         echo "\tbuild install/MINGW/$CPU/netfilter.exe..."
         $CC -s -O2 -Iinclude/ examples/netfilter/netfilter.c \
-            -o "install/MINGW/$CPU/netfilter.exe" -lWinDivert -lws2_32 \
+            -o "install/MINGW/$CPU/netfilter.exe" -lWinDivert \
             -L"install/MINGW/$CPU/"
         echo "\tbuild install/MINGW/$CPU/passthru.exe..."
         $CC -s -O2 -Iinclude/ examples/passthru/passthru.c \
-            -o "install/MINGW/$CPU/passthru.exe" -lWinDivert -lws2_32 \
+            -o "install/MINGW/$CPU/passthru.exe" -lWinDivert \
             -L"install/MINGW/$CPU/"
         echo "\tbuild install/MINGW/$CPU/webfilter.exe..."
         $CC -s -O2 -Iinclude/ examples/webfilter/webfilter.c \
-            -o "install/MINGW/$CPU/webfilter.exe" -lWinDivert -lws2_32 \
-             -L"install/MINGW/$CPU/"
-        echo "\tcopy install/MINGW/$CPU/WinDivert$BITS.sys..."
-        cp install/WDDK/$CPU/WinDivert$BITS.sys install/MINGW/$CPU
+            -o "install/MINGW/$CPU/webfilter.exe" -lWinDivert \
+            -L"install/MINGW/$CPU/"
+        echo "\tbuild install/MINGW/$CPU/streamdump.exe..."
+        $CC -s -O2 -Iinclude/ examples/streamdump/streamdump.c \
+            -o "install/MINGW/$CPU/streamdump.exe" -lWinDivert -lws2_32 \
+            -L"install/MINGW/$CPU/"
+        echo "\tbuild install/MINGW/$CPU/flowtrack.exe..."
+        $CC -s -O2 -Iinclude/ examples/flowtrack/flowtrack.c \
+            -o "install/MINGW/$CPU/flowtrack.exe" -lWinDivert -lpsapi \
+            -lshlwapi -L"install/MINGW/$CPU/"
+        echo "\tbuild install/MINGW/$CPU/windivertctl.exe..."
+        $CC -s -O2 -Iinclude/ examples/windivertctl/windivertctl.c \
+            -o "install/MINGW/$CPU/windivertctl.exe" -lWinDivert \
+            -lpsapi -lshlwapi -L"install/MINGW/$CPU/"
+        echo "\tbuild install/MINGW/$CPU/socketdump.exe..."
+        $CC -s -O2 -Iinclude/ examples/socketdump/socketdump.c \
+            -o "install/MINGW/$CPU/socketdump.exe" -lWinDivert \
+            -lpsapi -lshlwapi -L"install/MINGW/$CPU/"
+        echo "\tbuild install/MINGW/$CPU/test.exe..."
+        $CC -s -O2 -Iinclude/ test/test.c \
+            -o "install/MINGW/$CPU/test.exe" -lWinDivert \
+            -L"install/MINGW/$CPU/"
+        if [ $HAVE_SYS = yes ]
+        then
+            echo "\tcopy install/MINGW/$CPU/WinDivert$BITS.sys..."
+            cp install/MSVC/$CPU/WinDivert$BITS.sys install/MINGW/$CPU
+        fi
     else
         echo "WARNING: $CC not found"
     fi

msvc-build.bat

@@ -1,87 +1,150 @@
 :: msvc-build.bat
-:: (C) 2014, all rights reserved,
+:: (C) 2019, all rights reserved,
 ::
-:: This program is free software: you can redistribute it and/or modify
-:: it under the terms of the GNU Lesser General Public License as published by
-:: the Free Software Foundation, either version 3 of the License, or
-:: (at your option) any later version.
+:: This file is part of WinDivert.
 ::
-:: This program is distributed in the hope that it will be useful,
-:: but WITHOUT ANY WARRANTY; without even the implied warranty of
-:: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-:: GNU Lesser General Public License for more details.
+:: WinDivert is free software: you can redistribute it and/or modify it under
+:: the terms of the GNU Lesser General Public License as published by the
+:: Free Software Foundation, either version 3 of the License, or (at your
+:: option) any later version.
+::
+:: This program is distributed in the hope that it will be useful, but
+:: WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+:: or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+:: License for more details.
 ::
 :: You should have received a copy of the GNU Lesser General Public License
 :: along with this program.  If not, see <http://www.gnu.org/licenses/>.
 ::
-:: Script for MSVC (Microsoft Visual Studio 2012) compilation.
-:: NOTE: run wddk-build.bat before this script.
+:: WinDivert is free software; you can redistribute it and/or modify it under
+:: the terms of the GNU General Public License as published by the Free
+:: Software Foundation; either version 2 of the License, or (at your option)
+:: any later version.
+:: 
+:: This program is distributed in the hope that it will be useful, but
+:: WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+:: or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+:: for more details.
+:: 
+:: You should have received a copy of the GNU General Public License along
+:: with this program; if not, write to the Free Software Foundation, Inc., 51
+:: Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
 
 @echo off
 
-:: Determine target CPU.
+msbuild sys\windivert.vcxproj ^
+    /p:Configuration=Release ^
+    /p:platform=Win32 ^
+    /p:SignMode=Off ^
+    /p:OutDir=..\install\MSVC\i386\ ^
+    /p:AssemblyName=WinDivert32
 
-cl 2>&1 | findstr "x86" > NUL
+msbuild sys\windivert.vcxproj ^
+    /p:Configuration=Release ^
+    /p:platform=x64 ^
+    /p:SignMode=Off ^
+    /p:OutDir=..\install\MSVC\amd64\ ^
+    /p:AssemblyName=WinDivert64
 
-if %ERRORLEVEL% == 0 (
-    set TARGET=i386
-    set PLATFORM=Win32
-    set BITS=32
-) ELSE (
-    set TARGET=amd64
-    set PLATFORM=x64
-    set BITS=64
-)
+msbuild dll\windivert.vcxproj ^
+    /p:Configuration=Release ^
+    /p:platform=Win32 ^
+    /p:OutDir=..\install\MSVC\i386\
+move dll\WinDivert.lib install\MSVC\i386\.
 
-set WDDK_INSTALL=install\WDDK\%TARGET%\
-set MSVC_INSTALL=install\MSVC\%TARGET%\
+msbuild dll\windivert.vcxproj ^
+    /p:Configuration=Release ^
+    /p:platform=x64 ^
+    /p:OutDir=..\install\MSVC\amd64\
+move dll\WinDivert.lib install\MSVC\amd64\.
 
-if not exist %WDDK_INSTALL% (
-    echo ERROR: Missing WDDK build; run wddk-build.bat first
-    exit /B
-)
-mkdir %MSVC_INSTALL%
+msbuild examples\flowtrack\flowtrack.vcxproj ^
+    /p:Configuration=Release ^
+    /p:Platform=Win32 ^
+    /p:OutDir=..\..\install\MSVC\i386\
 
-:: Build WinDivert.dll
-cd dll
-msbuild /p:Platform=%PLATFORM% /p:OutDir=build\
-copy /Y build\WinDivert.dll ..\%MSVC_INSTALL%
-copy /Y build\WinDivert.lib ..\%MSVC_INSTALL%
-copy /Y build\WinDivert.lib ..\%MSVC_INSTALL%..
-rd /s /q build\
-cd ..
+msbuild examples\flowtrack\flowtrack.vcxproj ^
+    /p:Configuration=Release ^
+    /p:Platform=x64 ^
+    /p:OutDir=..\..\install\MSVC\amd64\
 
-:: Build netdump
-cd examples\netdump
-msbuild /p:Platform=%PLATFORM% /p:OutDir=build\
-copy /Y build\netdump.exe ..\..\%MSVC_INSTALL%
-rd /s /q build\
-cd ..\..
+msbuild examples\netdump\netdump.vcxproj ^
+    /p:Configuration=Release ^
+    /p:Platform=Win32 ^
+    /p:OutDir=..\..\install\MSVC\i386\
 
-:: Build netfilter
-cd examples\netfilter
-msbuild /p:Platform=%PLATFORM% /p:OutDir=build\
-copy /Y build\netfilter.exe ..\..\%MSVC_INSTALL%
-rd /s /q build\
-cd ..\..
+msbuild examples\netdump\netdump.vcxproj ^
+    /p:Configuration=Release ^
+    /p:Platform=x64 ^
+    /p:OutDir=..\..\install\MSVC\amd64\
 
-:: Build passthru
-cd examples\passthru
-msbuild /p:Platform=%PLATFORM% /p:OutDir=build\
-copy /Y build\passthru.exe ..\..\%MSVC_INSTALL%
-rd /s /q build\
-cd ..\..
+msbuild examples\netfilter\netfilter.vcxproj ^
+    /p:Configuration=Release ^
+    /p:Platform=Win32 ^
+    /p:OutDir=..\..\install\MSVC\i386\
 
-:: Build webfilter
-cd examples\webfilter
-msbuild /p:Platform=%PLATFORM% /p:OutDir=build\
-copy /Y build\webfilter.exe ..\..\%MSVC_INSTALL%
-rd /s /q build\
-cd ..\..
+msbuild examples\netfilter\netfilter.vcxproj ^
+    /p:Configuration=Release ^
+    /p:Platform=x64 ^
+    /p:OutDir=..\..\install\MSVC\amd64\
 
-:: Copy files
-copy /Y %WDDK_INSTALL%\WinDivert%BITS%.sys %MSVC_INSTALL%
+msbuild examples\passthru\passthru.vcxproj ^
+    /p:Configuration=Release ^
+    /p:Platform=Win32 ^
+    /p:OutDir=..\..\install\MSVC\i386\
 
-:: Clean-up
-del %MSVC_INSTALL%..\WinDivert.lib
+msbuild examples\passthru\passthru.vcxproj ^
+    /p:Configuration=Release ^
+    /p:Platform=x64 ^
+    /p:OutDir=..\..\install\MSVC\amd64\
+
+msbuild examples\socketdump\socketdump.vcxproj ^
+    /p:Configuration=Release ^
+    /p:Platform=Win32 ^
+    /p:OutDir=..\..\install\MSVC\i386\
+
+msbuild examples\socketdump\socketdump.vcxproj ^
+    /p:Configuration=Release ^
+    /p:Platform=x64 ^
+    /p:OutDir=..\..\install\MSVC\amd64\
+
+msbuild examples\streamdump\streamdump.vcxproj ^
+    /p:Configuration=Release ^
+    /p:Platform=Win32 ^
+    /p:OutDir=..\..\install\MSVC\i386\
+
+msbuild examples\streamdump\streamdump.vcxproj ^
+    /p:Configuration=Release ^
+    /p:Platform=x64 ^
+    /p:OutDir=..\..\install\MSVC\amd64\
+
+msbuild examples\webfilter\webfilter.vcxproj ^
+    /p:Configuration=Release ^
+    /p:Platform=Win32 ^
+    /p:OutDir=..\..\install\MSVC\i386\
+
+msbuild examples\webfilter\webfilter.vcxproj ^
+    /p:Configuration=Release ^
+    /p:Platform=x64 ^
+    /p:OutDir=..\..\install\MSVC\amd64\
+
+msbuild examples\windivertctl\windivertctl.vcxproj ^
+    /p:Configuration=Release ^
+    /p:Platform=Win32 ^
+    /p:OutDir=..\..\install\MSVC\i386\
+
+msbuild examples\windivertctl\windivertctl.vcxproj ^
+    /p:Configuration=Release ^
+    /p:Platform=x64 ^
+    /p:OutDir=..\..\install\MSVC\amd64\
+
+msbuild test\test.vcxproj ^
+    /p:Configuration=Release ^
+    /p:Platform=Win32 ^
+    /p:OutDir=..\install\MSVC\i386\
+
+msbuild test\test.vcxproj ^
+    /p:Configuration=Release ^
+    /p:Platform=x64 ^
+    /p:OutDir=..\install\MSVC\amd64\
 

release-build.sh

@@ -1,122 +1,165 @@
 #!/bin/bash
 #
-# (C) 2014, all rights reserved,
+# release-build.sh
+# (C) 2019, all rights reserved,
 #
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU Lesser General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
+# This file is part of WinDivert.
 #
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU Lesser General Public License for more details.
+# WinDivert is free software: you can redistribute it and/or modify it under
+# the terms of the GNU Lesser General Public License as published by the
+# Free Software Foundation, either version 3 of the License, or (at your
+# option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+# License for more details.
 #
 # You should have received a copy of the GNU Lesser General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
+#
+# WinDivert is free software; you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free
+# Software Foundation; either version 2 of the License, or (at your option)
+# any later version.
+# 
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+# for more details.
+# 
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc., 51
+# Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+#
 # Script for building WinDivert binary packages.  This script assumes the
 # binaries are already built and are in the install/ subdirectory.
 
 set -e
 
+LABEL=
+if [ $# -ge 1 ]
+then
+    LABEL="-$1"
+fi
+
+TARGET=MINGW
+
+WINDIVERT32_SYS=install/$TARGET/i386/WinDivert32.sys
+if [ $# -ge 2 ]
+then
+    WINDIVERT32_SYS=$2
+fi
+
+WINDIVERT64_SYS=install/$TARGET/amd64/WinDivert64.sys
+if [ $# -ge 3 ]
+then
+    WINDIVERT64_SYS=$3
+fi
+
 VERSION=`cat ./VERSION`
 NAME=WinDivert-$VERSION
 
-for TARGET in WDDK MSVC MINGW
-do
-    if [ ! -d "install/$TARGET" ]
+echo "BUILD $NAME$LABEL"
+INSTALL=install/$NAME$LABEL
+echo "\tmake $INSTALL..."
+rm -rf $INSTALL
+mkdir -p $INSTALL
+echo "\tcopy $INSTALL/README..."
+cp README $INSTALL
+echo "\tcopy $INSTALL/CHANGELOG..."
+cp CHANGELOG $INSTALL
+echo "\tcopy $INSTALL/LICENSE..."
+cp LICENSE $INSTALL
+echo "\tcopy $INSTALL/VERSION..."
+cp VERSION $INSTALL
+echo "\tmake $INSTALL/include..."
+mkdir -p $INSTALL/include
+echo "\tcopy $INSTALL/include/windivert.h..."
+cp include/windivert.h $INSTALL/include
+echo "\tmake $INSTALL/doc..."
+mkdir -p $INSTALL/doc
+echo "\tcopy $INSTALL/doc/WinDivert.html..."
+cp doc/windivert.html $INSTALL/doc/WinDivert.html
+echo "\tmake $INSTALL/x86..."
+mkdir -p $INSTALL/x86
+echo "\tcopy $INSTALL/x86/WinDivert32.sys..."
+cp "$WINDIVERT32_SYS" $INSTALL/x86
+if ! grep "DigiCert High Assurance EV Root" $INSTALL/x86/WinDivert32.sys \
+    2>&1 >/dev/null
+then
+    echo "\t\033[33mWARNING\033[0m: unsigned WinDivert32.sys..."
+fi
+if [ -e "$WINDIVERT64_SYS" ]
+then
+    echo "\tcopy $INSTALL/x64/WinDivert64.sys..."
+    cp "$WINDIVERT64_SYS" $INSTALL/x86
+fi
+echo "\tcopy $INSTALL/x86/WinDivert.lib..."
+cp install/$TARGET/i386/WinDivert.lib $INSTALL/x86
+echo "\tcopy $INSTALL/x86/WinDivert.dll..."
+cp install/$TARGET/i386/WinDivert.dll $INSTALL/x86
+echo "\tcopy $INSTALL/x86/netdump.exe..."
+cp install/$TARGET/i386/netdump.exe $INSTALL/x86
+echo "\tcopy $INSTALL/x86/netfilter.exe..."
+cp install/$TARGET/i386/netfilter.exe $INSTALL/x86
+echo "\tcopy $INSTALL/x86/passtru.exe..."
+cp install/$TARGET/i386/passthru.exe $INSTALL/x86
+echo "\tcopy $INSTALL/x86/webfilter.exe..."
+cp install/$TARGET/i386/webfilter.exe $INSTALL/x86
+echo "\tcopy $INSTALL/x86/streamdump.exe..."
+cp install/$TARGET/i386/streamdump.exe $INSTALL/x86
+echo "\tcopy $INSTALL/x86/flowtrack.exe..."
+cp install/$TARGET/i386/flowtrack.exe $INSTALL/x86
+echo "\tcopy $INSTALL/x86/socketdump.exe..."
+cp install/$TARGET/i386/socketdump.exe $INSTALL/x86
+echo "\tcopy $INSTALL/x86/windivertctl.exe..."
+cp install/$TARGET/i386/windivertctl.exe $INSTALL/x86
+echo "\tcopy $INSTALL/x86/test.exe..."
+cp install/$TARGET/i386/test.exe $INSTALL/x86
+if [ -d "install/$TARGET/amd64" ]
+then
+    echo "\tmake $INSTALL/amd64..."
+    mkdir -p $INSTALL/x64
+    echo "\tcopy $INSTALL/amd64/WinDivert64.sys..."
+    cp "$WINDIVERT64_SYS" $INSTALL/x64
+    if ! grep "DigiCert High Assurance EV Root" \
+        $INSTALL/x64/WinDivert64.sys 2>&1 >/dev/null
     then
-        echo "SKIP $NAME-$TARGET"
-        continue
+        echo "\t\033[33mWARNING\033[0m: unsigned WinDivert64.sys..."
     fi
-    echo "BUILD $NAME-$TARGET"
-    INSTALL=install/$NAME-$TARGET
-    echo "\tmake $INSTALL..."
-    mkdir -p $INSTALL
-    echo "\tcopy $INSTALL/README..."
-    cp README $INSTALL
-    echo "\tcopy $INSTALL/CHANGELOG..."
-    cp CHANGELOG $INSTALL
-    echo "\tcopy $INSTALL/LICENSE..."
-    cp LICENSE $INSTALL
-    echo "\tcopy $INSTALL/VERSION..."
-    cp VERSION $INSTALL
-    echo "\tmake $INSTALL/include..."
-    mkdir -p $INSTALL/include
-    echo "\tcopy $INSTALL/include/windivert.h..."
-    cp include/windivert.h $INSTALL/include
-    echo "\tmake $INSTALL/doc..."
-    mkdir -p $INSTALL/doc
-    echo "\tcopy $INSTALL/doc/WinDivert.html..."
-    cp doc/windivert.html $INSTALL/doc/WinDivert.html
-    echo "\tmake $INSTALL/x86..."
-    mkdir -p $INSTALL/x86
-    echo "\tcopy $INSTALL/x86/WinDivert32.sys..."
-    cp install/$TARGET/i386/WinDivert32.sys $INSTALL/x86
-    if ! grep "DigiCert High Assurance EV Root" $INSTALL/x86/WinDivert32.sys \
-        2>&1 >/dev/null
-    then
-        echo "\t\033[33mWARNING\033[0m: unsigned WinDivert32.sys..."
-    fi
-    if [ $TARGET != MINGW ]
-    then
-        echo "\tcopy $INSTALL/x86/WinDivert.lib..."
-        cp install/$TARGET/i386/WinDivert.lib $INSTALL/x86
-    fi
-    echo "\tcopy $INSTALL/x86/WinDivert.dll..."
-    cp install/$TARGET/i386/WinDivert.dll $INSTALL/x86
-    echo "\tcopy $INSTALL/x86/netdump.exe..."
-    cp install/$TARGET/i386/netdump.exe $INSTALL/x86
-    echo "\tcopy $INSTALL/x86/netfilter.exe..."
-    cp install/$TARGET/i386/netfilter.exe $INSTALL/x86
-    echo "\tcopy $INSTALL/x86/passtru.exe..."
-    cp install/$TARGET/i386/passthru.exe $INSTALL/x86
-    echo "\tcopy $INSTALL/x86/webfilter.exe..."
-    cp install/$TARGET/i386/webfilter.exe $INSTALL/x86
-    if [ -d "install/$TARGET/amd64" ]
-    then
-        echo "\tmake $INSTALL/amd64..."
-        mkdir -p $INSTALL/amd64
-        echo "\tcopy $INSTALL/amd64/WinDivert64.sys..."
-        cp install/$TARGET/amd64/WinDivert64.sys $INSTALL/amd64
-        if ! grep "DigiCert High Assurance EV Root" \
-            $INSTALL/amd64/WinDivert64.sys 2>&1 >/dev/null
-        then
-            echo -e "\t\033[33mWARNING\033[0m: unsigned WinDivert64.sys..."
-        fi
-        if [ $TARGET != MINGW ]
-        then
-            echo "\tcopy $INSTALL/amd64/WinDivert.lib..."
-            cp install/$TARGET/amd64/WinDivert.lib $INSTALL/amd64
-        fi
-        echo "\tcopy $INSTALL/amd64/WinDivert.dll..."
-        cp install/$TARGET/amd64/WinDivert.dll $INSTALL/amd64
-        echo "\tcopy $INSTALL/amd64/netdump.exe..."
-        cp install/$TARGET/amd64/netdump.exe $INSTALL/amd64
-        echo "\tcopy $INSTALL/amd64/netfilter.exe..."
-        cp install/$TARGET/amd64/netfilter.exe $INSTALL/amd64
-        echo "\tcopy $INSTALL/amd64/passtru.exe..."
-        cp install/$TARGET/amd64/passthru.exe $INSTALL/amd64
-        echo "\tcopy $INSTALL/amd64/webfilter.exe..."
-        cp install/$TARGET/amd64/webfilter.exe $INSTALL/amd64
-    else
-        echo "\tWARNING: skipping missing AMD64 build..."
-    fi
-    PACKAGE=$NAME-$TARGET.tar.gz
-    echo "\tbuilding $PACKAGE..."
-    (
-        cd install;
-        tar cvz --owner root --group root -f $PACKAGE $NAME-$TARGET > /dev/null
-    )
-    PACKAGE=$NAME-$TARGET.zip
-    echo "\tbuilding $PACKAGE..."
-    (
-        cd install;
-        zip -r $PACKAGE $NAME-$TARGET > /dev/null
-    )
-    echo -n "\tclean $INSTALL..."
-    rm -rf $INSTALL
-    echo "DONE"
-done
+    echo "\tcopy $INSTALL/x64/WinDivert.lib..."
+    cp install/$TARGET/amd64/WinDivert.lib $INSTALL/x64
+    echo "\tcopy $INSTALL/x64/WinDivert.dll..."
+    cp install/$TARGET/amd64/WinDivert.dll $INSTALL/x64
+    echo "\tcopy $INSTALL/x64/netdump.exe..."
+    cp install/$TARGET/amd64/netdump.exe $INSTALL/x64
+    echo "\tcopy $INSTALL/x64/netfilter.exe..."
+    cp install/$TARGET/amd64/netfilter.exe $INSTALL/x64
+    echo "\tcopy $INSTALL/x64/passtru.exe..."
+    cp install/$TARGET/amd64/passthru.exe $INSTALL/x64
+    echo "\tcopy $INSTALL/x64/webfilter.exe..."
+    cp install/$TARGET/amd64/webfilter.exe $INSTALL/x64
+    echo "\tcopy $INSTALL/x64/streamdump.exe..."
+    cp install/$TARGET/amd64/streamdump.exe $INSTALL/x64
+    echo "\tcopy $INSTALL/x64/flowtrack.exe..."
+    cp install/$TARGET/amd64/flowtrack.exe $INSTALL/x64
+    echo "\tcopy $INSTALL/x64/socketdump.exe..."
+    cp install/$TARGET/amd64/socketdump.exe $INSTALL/x64
+    echo "\tcopy $INSTALL/x64/windivertctl.exe..."
+    cp install/$TARGET/amd64/windivertctl.exe $INSTALL/x64
+    echo "\tcopy $INSTALL/x64/test.exe..."
+    cp install/$TARGET/amd64/test.exe $INSTALL/x64
+else
+    echo "\tWARNING: skipping missing AMD64 build..."
+fi
+PACKAGE=$NAME$LABEL.zip
+echo "\tbuilding $PACKAGE..."
+(
+    cd install;
+    zip -r $PACKAGE $NAME$LABEL > /dev/null
+)
+echo -n "\tclean $INSTALL..."
+rm -rf $INSTALL
+echo "DONE"
 

sys/sources

@@ -1,18 +1,3 @@
-# sources
-# (C) 2014, all rights reserved,
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU Lesser General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 !IF "$(_BUILDARCH)" == "x86"
 CPU=i386
@@ -34,6 +19,6 @@ NTTARGETFILES=
 KMDF_VERSION_MAJOR=1
 C_DEFINES=$(C_DEFINES) -DBINARY_COMPATIBLE=0 -DNT -DUNICODE -D_UNICODE \
     -DNDIS60 -DNDIS_SUPPORT_NDIS60
-INCLUDES=$(DDK_INC_PATH);..\include
+INCLUDES=$(DDK_INC_PATH);..\include;..\dll
 SOURCES=windivert.rc windivert.c
 

sys/windivert.inf

@@ -1,9 +0,0 @@
-[Version]
-Signature="$WINDOWS NT$"
-
-[windivert.NT.Wdf]
-KmdfService = windivert, windivert_WdfSection
-
-[windivert_WdfSection]
-KmdfLibraryVersion = 1.9
-

sys/windivert.rc

@@ -1,40 +1,59 @@
 /*
  * windivert.rc
- * (C) 2014, all rights reserved,
+ * (C) 2022, all rights reserved,
  *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
+ * This file is part of WinDivert.
  *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Lesser General Public License for more details.
+ * WinDivert is free software: you can redistribute it and/or modify it under
+ * the terms of the GNU Lesser General Public License as published by the
+ * Free Software Foundation, either version 3 of the License, or (at your
+ * option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+ * License for more details.
  *
  * You should have received a copy of the GNU Lesser General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * WinDivert is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ * 
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ * 
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc., 51
+ * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
  */
 
 #include <windows.h>
 #include <ntverp.h>
 
+#include "windivert_log.rc"
+
 #define VER_FILETYPE                VFT_DRV
 #define VER_FILESUBTYPE             VFT2_DRV_NETWORK
 #define VER_FILEDESCRIPTION_STR     \
-    "WinDivert network packet capture and (re)injection driver"
-    " (http://reqrypt.org/windivert.html)"
+    "The WinDivert 2.2 driver " \
+    "[URL: https://reqrypt.org/windivert.html] " \
+    "[Bitcoin: 1C5vZVSbizPeZ8ydTYhUfm4LA2cNwBfcYh]"
 #define VER_INTERNALNAME_STR        "WinDivert.sys"
 #define VER_ORIGINALFILENAME_STR    "WinDivert.sys"
-#define VER_PRODUCTVERSION          1.1.6
-#define VER_PRODUCTVERSION_STR      "1.1.6"
-#define VER_COMPANYNAME_STR         "Basil's Projects"
-#define VER_LEGALCOPYRIGHT_YEARS    "2011-2014"
+#define VER_PRODUCTVERSION          2.2
+#define VER_PRODUCTVERSION_STR      "2.2"
+#define VER_COMPANYNAME_STR         "Basil"
+#define VER_LEGALCOPYRIGHT_YEARS    "2011-2022"
 #define VER_LEGALCOPYRIGHT_STR      \
     "Copyright \251 " VER_COMPANYNAME_STR " " VER_LEGALCOPYRIGHT_YEARS 
 #define VER_FILEVERSION             VER_PRODUCTVERSION
 #define VER_FILEVERSION_STR         VER_PRODUCTVERSION_STR
-#define VER_PRODUCTNAME_STR         "WinDivert driver"
+#define VER_PRODUCTNAME_STR         "WinDivert 2.2 driver"
 
 #include "common.ver"
 

sys/windivert.vcxproj

@@ -0,0 +1,93 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+
+    windivert.vcxproj
+    (C) 2019, all rights reserved,
+    
+    This file is part of WinDivert.
+    
+    WinDivert is free software: you can redistribute it and/or modify it under
+    the terms of the GNU Lesser General Public License as published by the
+    Free Software Foundation, either version 3 of the License, or (at your
+    option) any later version.
+    
+    This program is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+    or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+    License for more details.
+    
+    You should have received a copy of the GNU Lesser General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+    
+    WinDivert is free software; you can redistribute it and/or modify it under
+    the terms of the GNU General Public License as published by the Free
+    Software Foundation; either version 2 of the License, or (at your option)
+    any later version.
+    
+    This program is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+    or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+    for more details.
+    
+    You should have received a copy of the GNU General Public License along
+    with this program; if not, write to the Free Software Foundation, Inc., 51
+    Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+    
+-->
+<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+ <ItemGroup Label="ProjectConfigurations">
+  <ProjectConfiguration Include="Release|Win32">
+   <Configuration>Release</Configuration>
+   <Platform>Win32</Platform>
+  </ProjectConfiguration>
+  <ProjectConfiguration Include="Release|x64">
+   <Configuration>Release</Configuration>
+   <Platform>x64</Platform>
+  </ProjectConfiguration>
+ </ItemGroup>
+ <ItemGroup>
+  <MessageCompile Include="windivert_log.mc">
+   <RCFilePath>.</RCFilePath>
+   <HeaderFilePath>.</HeaderFilePath>
+  </MessageCompile>
+ </ItemGroup>
+ <ItemGroup>
+  <ResourceCompile Include="windivert.rc" />
+ </ItemGroup>
+ <ItemGroup>
+  <ClCompile Include="windivert.c">
+   <TreatWarningAsError>false</TreatWarningAsError>
+   <Optimization>MaxSpeed</Optimization>
+   <AdditionalIncludeDirectories>..\include;..\dll;.</AdditionalIncludeDirectories>
+  </ClCompile>
+ </ItemGroup>
+ <PropertyGroup Label="Globals">
+  <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
+  <MinimumVisualStudioVersion>12.0</MinimumVisualStudioVersion>
+  <RootNamespace>WinDivert</RootNamespace>
+  <ProjectName>WinDivert</ProjectName>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props"/>
+ <PropertyGroup Label="Configuration">
+  <TargetVersion>Windows8</TargetVersion>
+  <UseDebugLibraries>true</UseDebugLibraries>
+  <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
+  <ConfigurationType>Driver</ConfigurationType>
+  <DriverType>KMDF</DriverType>
+  <DriverTargetPlatform>Desktop</DriverTargetPlatform>
+  <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
+  <EnableInf2cat>false</EnableInf2cat>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+ <ItemDefinitionGroup>
+  <ClCompile>
+   <WppEnabled>false</WppEnabled>
+   <PreprocessorDefinitions Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">_X86_=1;i386=1;STD_CALL;%(PreprocessorDefinitions);NDIS60;UNICODE;_UNICODE;NDIS_SUPPORT_NDIS60;NT;BINARY_COMPATIBLE=0</PreprocessorDefinitions>
+   <PreprocessorDefinitions Condition="'$(Configuration)|$(Platform)'=='Release|x64'">_WIN64;_AMD64_;AMD64;%(PreprocessorDefinitions);NDIS60;UNICODE;_UNICODE;NDIS_SUPPORT_NDIS60;NT;BINARY_COMPATIBLE=0</PreprocessorDefinitions>
+  </ClCompile>
+  <Link>
+   <AdditionalDependencies>%(AdditionalDependencies);$(KernelBufferOverflowLib);$(DDK_LIB_PATH)ntoskrnl.lib;$(DDK_LIB_PATH)hal.lib;$(DDK_LIB_PATH)wmilib.lib;$(KMDF_LIB_PATH)$(KMDF_VER_PATH)\WdfLdr.lib;$(KMDF_LIB_PATH)$(KMDF_VER_PATH)\WdfDriverEntry.lib;$(DDK_LIB_PATH)\wdmsec.lib;$(DDK_LIB_PATH)\ndis.lib;$(DDK_LIB_PATH)\fwpkclnt.lib;$(SDK_LIB_PATH)\uuid.lib</AdditionalDependencies>
+  </Link>
+ </ItemDefinitionGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+</Project>

sys/windivert_log.mc

@@ -0,0 +1,59 @@
+;/*
+; * windivert_log.mc
+; * (C) 2019, all rights reserved,
+; *
+; * This file is part of WinDivert.
+; *
+; * WinDivert is free software: you can redistribute it and/or modify it under
+; * the terms of the GNU Lesser General Public License as published by the
+; * Free Software Foundation, either version 3 of the License, or (at your
+; * option) any later version.
+; *
+; * This program is distributed in the hope that it will be useful, but
+; * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+; * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+; * License for more details.
+; *
+; * You should have received a copy of the GNU Lesser General Public License
+; * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+; *
+; * WinDivert is free software; you can redistribute it and/or modify it under
+; * the terms of the GNU General Public License as published by the Free
+; * Software Foundation; either version 2 of the License, or (at your option)
+; * any later version.
+; * 
+; * This program is distributed in the hope that it will be useful, but
+; * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+; * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+; * for more details.
+; * 
+; * You should have received a copy of the GNU General Public License along
+; * with this program; if not, write to the Free Software Foundation, Inc., 51
+; * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+; */
+
+MessageIdTypedef=NTSTATUS
+
+SeverityNames = (
+    Success       = 0x0:STATUS_SEVERITY_SUCCESS
+    Informational = 0x1:STATUS_SEVERITY_INFORMATIONAL
+    Warning       = 0x2:STATUS_SEVERITY_WARNING
+    Error         = 0x3:STATUS_SEVERITY_ERROR
+)
+
+FacilityNames = (
+    System    = 0x0:FACILITY_SYSTEM
+    Runtime   = 0x2:FACILITY_RUNTIME
+    Stubs     = 0x3:FACILITY_STUBS
+    Io        = 0x4:FACILITY_IO_ERROR_CODE
+    WinDivert = 0x574:FACILITY_WINDIVERT
+)
+
+MessageId=0x312D
+Facility=WinDivert
+Severity=Informational
+SymbolicName=WINDIVERT_INFO_EVENT
+Language=English
+%2 %3 (processId=%4)
+.
+

test/build.sh

@@ -0,0 +1,45 @@
+#!/bin/bash
+#
+# build.sh
+# (C) 2019, all rights reserved,
+#
+# This file is part of WinDivert.
+#
+# WinDivert is free software: you can redistribute it and/or modify it under
+# the terms of the GNU Lesser General Public License as published by the
+# Free Software Foundation, either version 3 of the License, or (at your
+# option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+# License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+# WinDivert is free software; you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free
+# Software Foundation; either version 2 of the License, or (at your option)
+# any later version.
+# 
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+# for more details.
+# 
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc., 51
+# Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+#
+# Script for MinGW/Linux cross compilation.
+# NOTE: run wddk-build.bat before this script.
+
+CC=i686-w64-mingw32-gcc
+$CC -fno-ident -s -O2 -I../include/ test.c \
+    -o ../install/MINGW/i386/test.exe -lWinDivert -L"../install/MINGW/i386/" 
+
+CC=x86_64-w64-mingw32-gcc
+$CC -fno-ident -s -O2 -I../include/ test.c -o ../install/MINGW/amd64/test.exe \
+    -lWinDivert -L"../install/MINGW/amd64/"
+

test/test.vcxproj

@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+
+    test.vcxproj
+    (C) 2019, all rights reserved,
+    
+    This file is part of WinDivert.
+    
+    WinDivert is free software: you can redistribute it and/or modify it under
+    the terms of the GNU Lesser General Public License as published by the
+    Free Software Foundation, either version 3 of the License, or (at your
+    option) any later version.
+    
+    This program is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+    or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+    License for more details.
+    
+    You should have received a copy of the GNU Lesser General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+    
+    WinDivert is free software; you can redistribute it and/or modify it under
+    the terms of the GNU General Public License as published by the Free
+    Software Foundation; either version 2 of the License, or (at your option)
+    any later version.
+    
+    This program is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+    or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+    for more details.
+    
+    You should have received a copy of the GNU General Public License along
+    with this program; if not, write to the Free Software Foundation, Inc., 51
+    Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+    
+-->
+<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+ <ItemGroup Label="ProjectConfigurations">
+  <ProjectConfiguration Include="Release|Win32">
+   <Configuration>Release</Configuration>
+   <Platform>Win32</Platform>
+  </ProjectConfiguration>
+  <ProjectConfiguration Include="Release|x64">
+   <Configuration>Release</Configuration>
+   <Platform>x64</Platform>
+  </ProjectConfiguration>
+ </ItemGroup>
+ <ItemGroup>
+  <ClCompile Include="test.c">
+   <TreatWarningAsError>false</TreatWarningAsError>
+   <Optimization>MinSpace</Optimization>
+   <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+   <AdditionalIncludeDirectories>..\include</AdditionalIncludeDirectories>
+  </ClCompile>
+ </ItemGroup>
+ <PropertyGroup Label="Globals">
+  <RootNamespace>test</RootNamespace>
+  <ProjectName>test</ProjectName>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props"/>
+ <PropertyGroup Label="Configuration">
+  <PlatformToolset>v140</PlatformToolset>
+  <ConfigurationType>Application</ConfigurationType>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+ <ItemDefinitionGroup>
+  <Link>
+   <AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">..\install\MSVC\i386\WinDivert.lib;%(AdditionalDependencies)</AdditionalDependencies>
+   <AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Release|x64'">..\install\MSVC\amd64\WinDivert.lib;%(AdditionalDependencies)</AdditionalDependencies>
+  </Link>
+ </ItemDefinitionGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+</Project>

test/test_data.c

@@ -0,0 +1,236 @@
+/*
+ * test_data.c
+ * (C) 2019, all rights reserved,
+ *
+ * This file is part of WinDivert.
+ *
+ * WinDivert is free software: you can redistribute it and/or modify it under
+ * the terms of the GNU Lesser General Public License as published by the
+ * Free Software Foundation, either version 3 of the License, or (at your
+ * option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * WinDivert is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ * 
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ * 
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc., 51
+ * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+
+// IPV4 ICMP ECHO REQUEST
+static const unsigned char echo_request[] =
+{
+    0x45, 0x00, 0x00, 0x54, 0x12, 0x34, 0x40, 0x00,
+    0x40, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x01,
+    0x08, 0x08, 0x08, 0x08, 0x08, 0x00, 0x3c, 0xd2,
+    0x0d, 0x56, 0x00, 0x01, 0x8b, 0xa6, 0x60, 0x54,
+    0x00, 0x00, 0x00, 0x00, 0xf9, 0x08, 0x0a, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x10, 0x11, 0x12, 0x13,
+    0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b,
+    0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23,
+    0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b,
+    0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33,
+    0x34, 0x35, 0x36, 0x37
+};
+
+// IPV4 TCP HTTP GET REQUEST
+static const unsigned char http_request[] =
+{
+    0x45, 0x00, 0x02, 0x09, 0x48, 0x2d, 0x40, 0x00,
+    0x40, 0x06, 0x00, 0x00, 0x0a, 0x0a, 0x0a, 0x0a,
+    0x5d, 0xb8, 0xd8, 0x77, 0xa3, 0x1a, 0x00, 0x50,
+    0x53, 0x38, 0xcc, 0xc2, 0x56, 0x37, 0xb3, 0x55,
+    0x80, 0x18, 0x00, 0x73, 0x02, 0xa4, 0x00, 0x00,
+    0x01, 0x01, 0x08, 0x0a, 0x00, 0x2c, 0x85, 0x1b,
+    0x1b, 0x7f, 0x3a, 0x71, 0x47, 0x45, 0x54, 0x20,
+    0x2f, 0x20, 0x48, 0x54, 0x54, 0x50, 0x2f, 0x31,
+    0x2e, 0x31, 0x0d, 0x0a, 0x48, 0x6f, 0x73, 0x74,
+    0x3a, 0x20, 0x77, 0x77, 0x77, 0x2e, 0x65, 0x78,
+    0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f,
+    0x6d, 0x0d, 0x0a, 0x43, 0x6f, 0x6e, 0x6e, 0x65,
+    0x63, 0x74, 0x69, 0x6f, 0x6e, 0x3a, 0x20, 0x6b,
+    0x65, 0x65, 0x70, 0x2d, 0x61, 0x6c, 0x69, 0x76,
+    0x65, 0x0d, 0x0a, 0x43, 0x61, 0x63, 0x68, 0x65,
+    0x2d, 0x43, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c,
+    0x3a, 0x20, 0x6d, 0x61, 0x78, 0x2d, 0x61, 0x67,
+    0x65, 0x3d, 0x30, 0x0d, 0x0a, 0x41, 0x63, 0x63,
+    0x65, 0x70, 0x74, 0x3a, 0x20, 0x74, 0x65, 0x78,
+    0x74, 0x2f, 0x68, 0x74, 0x6d, 0x6c, 0x2c, 0x61,
+    0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69,
+    0x6f, 0x6e, 0x2f, 0x78, 0x68, 0x74, 0x6d, 0x6c,
+    0x2b, 0x78, 0x6d, 0x6c, 0x2c, 0x61, 0x70, 0x70,
+    0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+    0x2f, 0x78, 0x6d, 0x6c, 0x3b, 0x71, 0x3d, 0x30,
+    0x2e, 0x39, 0x2c, 0x69, 0x6d, 0x61, 0x67, 0x65,
+    0x2f, 0x77, 0x65, 0x62, 0x70, 0x2c, 0x2a, 0x2f,
+    0x2a, 0x3b, 0x71, 0x3d, 0x30, 0x2e, 0x38, 0x0d,
+    0x0a, 0x55, 0x73, 0x65, 0x72, 0x2d, 0x41, 0x67,
+    0x65, 0x6e, 0x74, 0x3a, 0x20, 0x58, 0x58, 0x58,
+    0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58,
+    0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58,
+    0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58,
+    0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58,
+    0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58,
+    0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58,
+    0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58,
+    0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58,
+    0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58,
+    0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58,
+    0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58,
+    0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58,
+    0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58,
+    0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58,
+    0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58,
+    0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58,
+    0x58, 0x58, 0x0d, 0x0a, 0x41, 0x63, 0x63, 0x65,
+    0x70, 0x74, 0x2d, 0x45, 0x6e, 0x63, 0x6f, 0x64,
+    0x69, 0x6e, 0x67, 0x3a, 0x20, 0x67, 0x7a, 0x69,
+    0x70, 0x2c, 0x64, 0x65, 0x66, 0x6c, 0x61, 0x74,
+    0x65, 0x2c, 0x73, 0x64, 0x63, 0x68, 0x0d, 0x0a,
+    0x41, 0x63, 0x63, 0x65, 0x70, 0x74, 0x2d, 0x4c,
+    0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x3a,
+    0x20, 0x65, 0x6e, 0x2d, 0x55, 0x53, 0x2c, 0x65,
+    0x6e, 0x3b, 0x71, 0x3d, 0x30, 0x2e, 0x38, 0x0d,
+    0x0a, 0x49, 0x66, 0x2d, 0x4e, 0x6f, 0x6e, 0x65,
+    0x2d, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x3a, 0x20,
+    0x22, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33,
+    0x33, 0x33, 0x22, 0x0d, 0x0a, 0x49, 0x66, 0x2d,
+    0x4d, 0x6f, 0x64, 0x69, 0x66, 0x69, 0x65, 0x64,
+    0x2d, 0x53, 0x69, 0x6e, 0x63, 0x65, 0x3a, 0x20,
+    0x46, 0x72, 0x69, 0x2c, 0x20, 0x30, 0x33, 0x20,
+    0x41, 0x75, 0x67, 0x20, 0x32, 0x30, 0x31, 0x34,
+    0x20, 0x31, 0x33, 0x3a, 0x33, 0x33, 0x3a, 0x33,
+    0x33, 0x20, 0x47, 0x4d, 0x54, 0x0d, 0x0a, 0x0d,
+    0x0a 
+};
+
+// IPV4 DNS REQUEST
+static const unsigned char dns_request[] =
+{
+    0x45, 0x00, 0x00, 0x39, 0x20, 0x90, 0x00, 0x00,
+    0x49, 0x11, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x01,
+    0x08, 0x08, 0x04, 0x04, 0xe0, 0x45, 0x00, 0x35,
+    0x00, 0x25, 0x22, 0xa7, 0x17, 0x08, 0x01, 0x00,
+    0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x07, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65,
+    0x03, 0x63, 0x6f, 0x6d, 0x00, 0x00, 0x01, 0x00,
+    0x01
+};
+
+// IPV6 TCP SYN
+static const unsigned char ipv6_tcp_syn[] =
+{
+    0x60, 0x00, 0x00, 0x00, 0x00, 0x28, 0x06, 0x40,
+    0x12, 0x34, 0x56, 0x78, 0x00, 0x01, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0xaa, 0xbb, 0xcc, 0xdd,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+    0xc3, 0x7e, 0x00, 0x17, 0xe1, 0xd7, 0xc8, 0xaa,
+    0x00, 0x00, 0x00, 0x00, 0xa0, 0x02, 0xaa, 0xaa,
+    0xc3, 0x5e, 0x00, 0x00, 0x02, 0x04, 0xff, 0xc4,
+    0x04, 0x02, 0x08, 0x0a, 0xff, 0xff, 0x91, 0x86,
+    0x00, 0x00, 0x00, 0x00, 0x01, 0x03, 0x03, 0x07            
+};
+
+// IPV6 ICMPV6 ECHO REPLY
+static const unsigned char ipv6_echo_reply[] =
+{
+    0x60, 0x00, 0x00, 0x00, 0x00, 0x40, 0x3a, 0x1f,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+    0x81, 0x00, 0x6e, 0xd6, 0x10, 0x72, 0x00, 0x03,
+    0xa4, 0xd5, 0x69, 0x54, 0x00, 0x00, 0x00, 0x00,
+    0xab, 0x75, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+    0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
+    0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+    0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
+    0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
+};
+
+// IPV6 EXTENSION HEADERS UDP 
+static const unsigned char ipv6_exthdrs_udp[] =
+{
+    0x60, 0x00, 0x00, 0x00, 0x00, 0x2d, 0x00, 0x64,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+    0x3c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x3c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x11, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x12, 0x34, 0xaa, 0xaa, 0x00, 0x15, 0xef, 0xf4,
+    0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x57, 0x6f,
+    0x72, 0x6c, 0x64, 0x21, 0x01
+};
+
+// IPV4 FRAGMENT #0
+static const unsigned char ipv4_fragment_0[] =
+{
+    0x45, 0x00, 0x00, 0x1C, 0x12, 0x34, 0x20, 0x00,
+    0x40, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x01,
+    0x08, 0x08, 0x08, 0x08, 0x08, 0x00, 0x3c, 0xd2,
+    0x0d, 0x56, 0x00, 0x01
+};
+
+// IPV4 FRAGMENT #1
+static const unsigned char ipv4_fragment_1[] =
+{
+    0x45, 0x00, 0x00, 0x4C, 0x12, 0x34, 0x00, 0x01,
+    0x40, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x01,
+    0x08, 0x08, 0x08, 0x08, 0x8b, 0xa6, 0x60, 0x54,
+    0x00, 0x00, 0x00, 0x00, 0xf9, 0x08, 0x0a, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x10, 0x11, 0x12, 0x13,
+    0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b,
+    0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23,
+    0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b,
+    0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33,
+    0x34, 0x35, 0x36, 0x37
+};
+
+// IPV6 FRAGMENT #0
+static const unsigned char ipv6_fragment_0[] =
+{
+    0x60, 0x00, 0x00, 0x00, 0x00, 0x20, 0x2c, 0x1f,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+    0x3a, 0x00, 0x00, 0x01, 0xc7, 0xf6, 0xce, 0x53,
+    0x81, 0x00, 0x6e, 0xd6, 0x10, 0x72, 0x00, 0x03,
+    0xa4, 0xd5, 0x69, 0x54, 0x00, 0x00, 0x00, 0x00,
+    0xab, 0x75, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+};
+
+// IPV6 FRAGMENT #1
+static const unsigned char ipv6_fragment_1[] =
+{
+    0x60, 0x00, 0x00, 0x00, 0x00, 0x30, 0x2c, 0x1f,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+    0x3a, 0x00, 0x00, 0x18, 0xc7, 0xf6, 0xce, 0x53,
+    0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+    0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
+    0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+    0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
+    0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
+};

wddk-build.bat

@@ -1,19 +1,35 @@
 :: wddk-build.bat
-:: (C) 2014, all rights reserved,
+:: (C) 2019, all rights reserved,
 ::
-:: This program is free software: you can redistribute it and/or modify
-:: it under the terms of the GNU Lesser General Public License as published by
-:: the Free Software Foundation, either version 3 of the License, or
-:: (at your option) any later version.
+:: This file is part of WinDivert.
 ::
-:: This program is distributed in the hope that it will be useful,
-:: but WITHOUT ANY WARRANTY; without even the implied warranty of
-:: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-:: GNU Lesser General Public License for more details.
+:: WinDivert is free software: you can redistribute it and/or modify it under
+:: the terms of the GNU Lesser General Public License as published by the
+:: Free Software Foundation, either version 3 of the License, or (at your
+:: option) any later version.
+::
+:: This program is distributed in the hope that it will be useful, but
+:: WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+:: or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+:: License for more details.
 ::
 :: You should have received a copy of the GNU Lesser General Public License
 :: along with this program.  If not, see <http://www.gnu.org/licenses/>.
 ::
+:: WinDivert is free software; you can redistribute it and/or modify it under
+:: the terms of the GNU General Public License as published by the Free
+:: Software Foundation; either version 2 of the License, or (at your option)
+:: any later version.
+:: 
+:: This program is distributed in the hope that it will be useful, but
+:: WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+:: or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+:: for more details.
+:: 
+:: You should have received a copy of the GNU General Public License along
+:: with this program; if not, write to the Free Software Foundation, Inc., 51
+:: Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+::
 :: Script for WDDK compilation.
 :: NOTE: Use this script to build the driver