Fix previous commit 8bda0af

Fix #294

Previous commit was incomplete.

CHANGELOG

@@ -127,3 +127,188 @@ WinDivert 1.4.2
     - Add workaround for pseudo checksum issue (see #134).
 WinDivert 1.4.3
     - WinDivert.dll no longer depends on MSVCRT*.dll.
+WinDivert 2.0.0-rc
+    - Add 3 new layers:
+      * WINDIVERT_LAYER_FLOW for tracking network "flow" events.
+      * WINDIVERT_LAYER_SOCKET for tracking "socket" events.
+      * WINDIVERT_LAYER_REFLECT for tracking WinDivert events.
+    - WINDIVERT_ADDRESS has been re-factored as follows:
+      * addr.Layer: The WINDIVERT_LAYER_* value for the handle.
+      * addr.Event: A WINDIVERT_EVENT_* value representing the event (see
+        below).
+      * addr.Sniffed: Indicates that the event was sniffed.
+      * addr.Outbound: Replaces addr.Direction.
+      * addr.IPv6: Indicates an IPv6 packet.
+      * addr.Network.IfIdx: Replaces addr.IfIdx.
+      * addr.Network.SubIfIdx: Replaces addr.SubIfIdx.
+      * addr.Flow.EndpointId: The endpoint ID of the flow.
+      * addr.Flow.ParentEndpointId: The parent endpoint ID of the flow.
+      * addr.Flow.ProcessId: The ID of process that created the flow.
+      * addr.Flow.LocalAddr: The flow's local address.
+      * addr.Flow.RemoteAddr: The flow's remote address.
+      * addr.Flow.LocalPort: The flow's local port.
+      * addr.Flow.RemotePort: The flow's remote port.
+      * addr.Flow.Protocol: The flow's protocol.
+      * addr.Socket.EndpointId: The endpoint ID of the operation.
+      * addr.Socket.ParentEndpointId: The parent endpoint ID of the operation.
+      * addr.Socket.ProcessId: The ID of process that created the socket.
+      * addr.Socket.LocalAddr: The socket's local address.
+      * addr.Socket.RemoteAddr: The socket's remote address.
+      * addr.Socket.LocalPort: The socket's local port.
+      * addr.Socket.RemotePort: The socket's remote port.
+      * addr.Socket.Protocol: The socket's protocol.
+      * addr.Reflect.ProcessId: The ID of process that created opened the
+        handle.
+      * addr.Reflect.Timestamp: The timestamp of the handle.
+      * addr.Reflect.Layer: The layer of the handle.
+      * addr.Reflect.Flags: The flags of the handle.
+      * addr.Reflect.Priority: The priority of the handle.
+    - The addr.Event field can take the following values:
+      * WINDIVERT_EVENT_NETWORK_PACKET: (NETWORK/NETWORK_FORWARD layers) a new
+        packet was diverted.
+      * WINDIVERT_EVENT_FLOW_ESTABLISHED: (FLOW layer) a new flow is
+        established.
+      * WINDIVERT_EVENT_FLOW_DELETED: (FLOW layer) an existing flow is
+        deleted.
+      * WINDIVERT_EVENT_SOCKET_BIND: (SOCKET layer) a socket bind()
+        operation occurred.
+      * WINDIVERT_EVENT_SOCKET_CONNECT: (SOCKET layer) a socket connect()
+        operation occurred.
+      * WINDIVERT_EVENT_SOCKET_LISTEN: (SOCKET layer) a socket listen()
+        operation occurred.
+      * WINDIVERT_EVENT_SOCKET_ACCEPT: (SOCKET layer) a socket accept()
+        operation occurred.
+      * WINDIVERT_EVENT_SOCKET_CLOSE: (SOCKET layer) a socket endpoint is
+        closed.
+      * WINDIVERT_EVENT_REFLECT_OPEN: (REFLECT layer) a WinDivertOpen()
+        operation occurred.
+      * WINDIVERT_EVENT_REFLECT_CLOSE: (REFLECT layer) a WinDivertClose()
+        operation occurred.
+    - The WinDivert filter language has been expanded with new fields:
+      * event: The event value.
+      * timestamp: The event timestamp.
+      * endpointId: (FLOW/SOCKET layers) the endpoint ID.
+      * parentEndpointId: (FLOW/SOCKET layers) the parent endpoint ID.
+      * processId: (FLOW/SOCKET/REFLECT layers) the process ID.
+      * localAddr: (NETWORK/NETWORK_FORWARD/FLOW/SOCKET layers) the local
+        address.
+      * localPort: (NETWORK/NETWORK_FORWARD/FLOW/SOCKET layers) the local
+        port.
+      * remoteAddr: (NETWORK/NETWORK_FORWARD/FLOW/SOCKET layers) the remote
+        address.
+      * remotePort: (NETWORK/NETWORK_FORWARD/FLOW/SOCKET layers) the remote
+        port.
+      * protocol: (NETWORK/NETWORK_FORWARD/FLOW/SOCKET layers) the protocol.
+      * priority: (REFLECT layer) the handle's priority.
+      * layer: (REFLECT layer) the handle's layer.
+      * random8: (NETWORK/NETWORK_FORWARD layers) an 8-bit pseudo random
+        number.
+      * random16: (NETWORK/NETWORK_FORWARD layers) a 16-bit pseudo random
+        number.
+      * random32: (NETWORK/NETWORK_FORWARD layers) a 32-bit pseudo random
+        number.
+      * length: (NETWORK/NETWORK_FORWARD layers) the packet length.
+      * zero: The value "0".
+    - The WinDivert filter language can now address packet/payload data for
+      the NETWORK/NETWORK_FORWARD layers:
+      * packet[i]: the ith packet byte.
+      * packet16[i]: the ith packet 16bit word.
+      * packet32[i]: the ith packet 32bit word.
+      * tcp.payload[i]: the ith TCP payload byte.
+      * tcp.payload16[i]: the ith TCP 16bit word.
+      * tcp.payload32[i]: the ith TCP 32bit word.
+      * udp.payload[i]: the ith UDP payload byte.
+      * udp.payload16[i]: the ith UDP 16bit word.
+      * udp.payload32[i]: the ith UDP 32bit word.
+      The index (i) can be:
+      * An ordinary integer representing word addressing.
+      * A 'b' decorated integer representing byte-level addressing.
+      Furthermore, the index can be:
+      * Positive, representing addressing from the start of the
+        packet/payload.
+      * Negative, representing addressing from the end of the packet/payload.
+    - The WinDivert filter language now supports several symbolic values:
+      * PACKET: (NETWORK/NETWORK_FORWARD layers) equal to
+        WINDIVERT_EVENT_NETWORK_PACKET
+      * ESTABLISHED: (FLOW layer) equal to WINDIVERT_EVENT_FLOW_ESTABLISHED.
+      * DELETED: (FLOW LAYER) equal to WINDIVERT_EVENT_FLOW_DELETED.
+      * BIND: (SOCKET layer) equal to WINDIVERT_EVENT_SOCKET_BIND.
+      * CONNECT: (SOCKET layer) equal to WINDIVERT_EVENT_SOCKET_CONNECT.
+      * LISTEN: (SOCKET layer) equal to WINDIVERT_EVENT_SOCKET_LISTEN.
+      * ACCEPT: (SOCKET layer) equal to WINDIVERT_EVENT_SOCKET_ACCEPT.
+        WINDIVERT_LAYER_NETWORK_FORWARD.
+      * CLOSE: (SOCKET layer) equal to WINDIVERT_EVENT_SOCKET_CLOSE.
+      * OPEN: (REFLECT layer) equal to WINDIVERT_EVENT_REFLECT_OPEN.
+      * CLOSE: (REFLECT layer) equal to WINDIVERT_EVENT_REFLECT_CLOSE.
+      * NETWORK: (REFLECT layer) equal to WINDIVERT_LAYER_NETWORK.
+      * NETWORK_FORWARD: (REFLECT layer) equal to
+      * FLOW: (REFLECT layer) equal to WINDIVERT_LAYER_FLOW.
+      * SOCKET: (REFLECT layer) equal to WINDIVERT_LAYER_SOCKET.
+      * REFLECT: (REFLECT layer) equal to WINDIVERT_LAYER_REFLECT.
+      * TRUE: equal to 1.
+      * FALSE: equal to 0.
+      * TCP: equal to IPPROTO_TCP (6).
+      * UDP: equal to IPPROTO_UDP (17).
+      * ICMP: equal to IPPROTO_ICMP (1).
+      * ICMPV6: equal to IPPROTO_ICMPV6 (58).
+    - WinDivertOpen() now supports several new flags:
+      * WINDIVERT_FLAG_RECV_ONLY/WINDIVERT_FLAG_READ_ONLY: The handle cannot
+        be used for send operations.
+      * WINDIVERT_FLAG_SEND_ONLY/WINDIVERT_FLAG_WRITE_ONLY: The handle cannot
+        be used for receive operations.
+      * WINDIVERT_FLAG_NO_INSTALL: If the WinDivert driver is not already
+        installed/loaded, then WinDivertOpen() will fail with an error.
+    - WinDivertRecvEx()/WinDivertSendEx() now support a "batch" mode that
+      allows more than one packet to be received/sent at once.  The number
+      of packets is determined by a new pAddrLen/addrLen parameter.
+    - Add a new WinDivertShutdown() function that supports the following
+      modes:
+      * WINDIVERT_SHUTDOWN_RECV: Disable the queuing new packets.
+      * WINDIVERT_SHUTDOWN_SEND: Disable the sending of new packets.
+      * WINDIVERT_SHUTDOWN_BOTH: Equivalent to
+        (WINDIVERT_SHUTDOWN_RECV | WINDIVERT_SHUTDOWN_SEND).
+    - Add new "read-only" WinDivert parameters:
+      * WINDIVERT_PARAM_VERSION_MAJOR: Driver version (major).
+      * WINDIVERT_PARAM_VERSION_MINOR: Driver version (minor).
+    - Add a new WinDivertHelperHashPacket() helper function that calculates
+      a 64bit hash value of a packet.
+    - Add new WinDivertHelperFormatIPv4Address() and
+      WinDivertHelperFormatIPv6Address() helper functions that format
+      IPv4 and IPv6 addresses respectively.
+    - Replace WinDivertHelperCheckFilter() with a new
+      WinDivertHelperCompileFilter() helper function.  The latter can also be
+      used to compile a human-readable filter string into a more compact
+      "object" format.  The object format can be used in place of the
+      human readable format for all WinDivert operations.
+    - Add a new WinDivertHelperFormatFilter() helper function that formats a
+      filter string into a normalized form.  It also can be used to
+      "de-compile" the object format into a human readable form.
+    - Add a new WinDivertHelperDecrementTTL() function that decrements the
+      ip.TTL/ipv6.HopLimit field of a packet.
+    - Add new WinDivertHelperNto*()/WinDivertHelperHton*() helper functions
+      for swapping from network to host byte ordering, and vice versa.
+    - WinDivertOpen() priorities now are ascending, meaning that higher
+      values correspond to higher priorities.
+    - The last two arguments for WinDivertRecv() and WinDivertSend() have been
+      swapped.
+WinDivert 2.0.1-rc
+    - Fix WFP callout install optimization bug.
+    - Fix WinDivertHelperNtohIpv6Address/WinDivertHelperHtonIpv6Address bug.
+    - Rename the following functions for consistency:
+      * WinDivertHelperNtohIpv6Address -> WinDivertHelperNtohIPv6Address
+      * WinDivertHelperHtonIpv6Address -> WinDivertHelperHtonIPv6Address
+WinDivert 2.1.0
+    - WinDivertOpen() now supports a new flag:
+      * WINDIVERT_FLAG_FRAGMENTS: If set, the handle will capture inbound IP
+        fragments, but not inbound reassembled IP packets.  Otherwise, if not
+        set (the default), the handle will capture inbound reassembled IP
+        packets, but not inbound IP fragments.  This flag only affects
+        inbound packets at the NETWORK layer.
+    - Filter fields inbound/outbound are now supported at the SOCKET layer.
+    - Fix BSOD caused by packets with missing or incomplete transport
+      headers (introduced in 2.0.0).
+    - Fix missing Flow.EndpointId and Flow.ParentEndpointId for IPv6 flows.
+WinDivert 2.2.0
+    - Implement new packet parser that correctly handles IP fragments.
+    - Add a new "fragment" filter field that matches IP fragments.
+    - (Un)Loading the WinDivert driver will cause a system event to be logged.

LICENSE

@@ -1,6 +1,6 @@
-WinDivert is dual-licensed, and is available under the GNU Lesser General
-Public License (LGPL) Version 3 or the GNU General Public License (GPL)
-Version 2.  Copies of the LGPLv3, GPLv3 and GPLv2 are provided below.
+WinDivert is dual-licensed under your choice of the GNU Lesser General Public
+License (LGPL) Version 3 or the GNU General Public License (GPL) Version 2.
+Copies of the LGPLv3, GPLv3 and GPLv2 are provided below.
 
 ==============================================================================
 

README

@@ -1,4 +1,4 @@
-WinDivert 1.4: Windows Packet Divert
+WinDivert 2.2: Windows Packet Divert
 ====================================
 
 1. Introduction

VERSION

@@ -1 +1 @@
-1.4.3
+2.2.0

dll/windivert.def

@@ -1,17 +1,32 @@
 LIBRARY WinDivert
 EXPORTS
-    WinDivertDllEntry
     WinDivertOpen
     WinDivertRecv
     WinDivertRecvEx
     WinDivertSend
     WinDivertSendEx
+    WinDivertShutdown
     WinDivertClose
     WinDivertSetParam
     WinDivertGetParam
     WinDivertHelperCalcChecksums
+    WinDivertHelperDecrementTTL
+    WinDivertHelperHashPacket
     WinDivertHelperParsePacket
     WinDivertHelperParseIPv4Address
     WinDivertHelperParseIPv6Address
-    WinDivertHelperCheckFilter
+    WinDivertHelperFormatIPv4Address
+    WinDivertHelperFormatIPv6Address
+    WinDivertHelperCompileFilter
     WinDivertHelperEvalFilter
+    WinDivertHelperFormatFilter
+    WinDivertHelperNtohs
+    WinDivertHelperHtons
+    WinDivertHelperNtohl
+    WinDivertHelperHtonl
+    WinDivertHelperNtohll
+    WinDivertHelperHtonll
+    WinDivertHelperNtohIPv6Address
+    WinDivertHelperHtonIPv6Address
+    WinDivertHelperNtohIpv6Address
+    WinDivertHelperHtonIpv6Address

dll/windivert.vcxproj

@@ -0,0 +1,84 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+
+    windivert.vcxproj
+    (C) 2019, all rights reserved,
+    
+    This file is part of WinDivert.
+    
+    WinDivert is free software: you can redistribute it and/or modify it under
+    the terms of the GNU Lesser General Public License as published by the
+    Free Software Foundation, either version 3 of the License, or (at your
+    option) any later version.
+    
+    This program is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+    or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+    License for more details.
+    
+    You should have received a copy of the GNU Lesser General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+    
+    WinDivert is free software; you can redistribute it and/or modify it under
+    the terms of the GNU General Public License as published by the Free
+    Software Foundation; either version 2 of the License, or (at your option)
+    any later version.
+    
+    This program is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+    or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+    for more details.
+    
+    You should have received a copy of the GNU General Public License along
+    with this program; if not, write to the Free Software Foundation, Inc., 51
+    Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+    
+-->
+<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+ <ItemGroup Label="ProjectConfigurations">
+  <ProjectConfiguration Include="Release|Win32">
+   <Configuration>Release</Configuration>
+   <Platform>Win32</Platform>
+  </ProjectConfiguration>
+  <ProjectConfiguration Include="Release|x64">
+   <Configuration>Release</Configuration>
+   <Platform>x64</Platform>
+  </ProjectConfiguration>
+ </ItemGroup>
+ <ItemGroup>
+  <ClCompile Include="windivert.c">
+   <TreatWarningAsError>false</TreatWarningAsError>
+   <Optimization>MinSpace</Optimization>
+   <IntrinsicFunctions>true</IntrinsicFunctions>
+   <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+   <BufferSecurityCheck>false</BufferSecurityCheck>
+   <AdditionalIncludeDirectories>..\include</AdditionalIncludeDirectories>
+  </ClCompile>
+ </ItemGroup>
+ <PropertyGroup Label="Globals">
+  <RootNamespace>WinDivert</RootNamespace>
+  <ProjectName>WinDivert</ProjectName>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props"/>
+ <PropertyGroup Label="Configuration">
+  <PlatformToolset>v140</PlatformToolset>
+  <UseDebugLibraries>true</UseDebugLibraries>
+  <ConfigurationType>DynamicLibrary</ConfigurationType>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+ <ItemDefinitionGroup>
+  <ClCompile>
+   <WppEnabled>false</WppEnabled>
+   <PreprocessorDefinitions Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">WIN32;NDEBUG;_WINDOWS;_USRDLL;DLL_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+   <PreprocessorDefinitions Condition="'$(Configuration)|$(Platform)'=='Release|x64'">WIN32;NDEBUG;_WINDOWS;_USRDLL;DLL_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+  </ClCompile>
+  <Link>
+   <EntryPointSymbol>WinDivertDllEntry</EntryPointSymbol>
+   <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+   <IgnoreAllDefaultLibraries>true</IgnoreAllDefaultLibraries>
+   <ModuleDefinitionFile>windivert.def</ModuleDefinitionFile>
+   <ImportLibrary>WinDivert.lib</ImportLibrary>
+  </Link>
+ </ItemDefinitionGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+</Project>

dll/windivert_hash.c

@@ -0,0 +1,203 @@
+/*
+ * windivert_hash.c
+ * (C) 2019, all rights reserved,
+ *
+ * This file is part of WinDivert.
+ *
+ * WinDivert is free software: you can redistribute it and/or modify it under
+ * the terms of the GNU Lesser General Public License as published by the
+ * Free Software Foundation, either version 3 of the License, or (at your
+ * option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * WinDivert is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ * 
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ * 
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc., 51
+ * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ *
+ * xxHash - Fast Hash algorithm
+ * Copyright (C) 2012-2016, Yann Collet
+ *
+ * BSD 2-Clause License (http://www.opensource.org/licenses/bsd-license.php)
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+/*
+ * This is a modified version of the 64bit xxHash algorithm:
+ * - The algorithm is seeded with packet data rather than the single 64bit
+ *   "seed" value.
+ * - The input sized is fixed to 32bytes (excluding the seed), so there is
+ *   only ever a single round.  As such, the algorithm has been specialized.
+ */
+
+#define WINDIVERT_ROTL64(x, r)  (((x) << (r)) | ((x) >> (64 - (r))))
+
+static const UINT64 WINDIVERT_PRIME64_1 = 11400714785074694791ull;
+static const UINT64 WINDIVERT_PRIME64_2 = 14029467366897019727ull;
+static const UINT64 WINDIVERT_PRIME64_3 = 1609587929392839161ull;
+static const UINT64 WINDIVERT_PRIME64_4 = 9650029242287828579ull;
+
+static UINT64 WinDivertXXH64Round(UINT64 acc, UINT64 input)
+{
+    acc += WINDIVERT_MUL64(input, WINDIVERT_PRIME64_2);
+    acc  = WINDIVERT_ROTL64(acc, 31);
+    acc  = WINDIVERT_MUL64(acc, WINDIVERT_PRIME64_1);
+    return acc;
+}
+
+static UINT64 WinDivertXXH64MergeRound(UINT64 acc, UINT64 val)
+{
+    val  = WinDivertXXH64Round(0, val);
+    acc ^= val;
+    acc  = WINDIVERT_MUL64(acc, WINDIVERT_PRIME64_1) + WINDIVERT_PRIME64_4;
+    return acc;
+}
+
+static UINT64 WinDivertXXH64Avalanche(UINT64 h64)
+{
+    h64 ^= h64 >> 33;
+    h64  = WINDIVERT_MUL64(h64, WINDIVERT_PRIME64_2);
+    h64 ^= h64 >> 29;
+    h64  = WINDIVERT_MUL64(h64, WINDIVERT_PRIME64_3);
+    h64 ^= h64 >> 32;
+    return h64;
+}
+
+/*
+ * WinDivert packet hash function.
+ */
+static UINT64 WinDivertHashPacket(UINT64 seed,
+    const WINDIVERT_IPHDR *ip_header, const WINDIVERT_IPV6HDR *ipv6_header,
+    const WINDIVERT_ICMPHDR *icmp_header,
+    const WINDIVERT_ICMPV6HDR *icmpv6_header,
+    const WINDIVERT_TCPHDR *tcp_header, const WINDIVERT_UDPHDR *udp_header)
+{
+    UINT64 h64, v1, v2, v3, v4, v[4];
+    const UINT64 *data64;
+    const UINT32 *data32;
+    UINT i;
+    static const UINT64 padding64[] =               // SHA2 IV
+    {
+        0x428A2F9871374491ull, 0xB5C0FBCFE9B5DBA5ull, 0x3956C25B59F111F1ull,
+        0x923F82A4AB1C5ED5ull, 0xD807AA9812835B01ull, 0x243185BE550C7DC3ull,
+        0x72BE5D7480DEB1FEull, 0x9BDC06A7C19BF174ull, 0xE49B69C1EFBE4786ull,
+    };
+
+    // Set-up seed & data
+    v1 = seed ^ padding64[0];
+    if (ip_header != NULL)
+    {
+        data64 = (const UINT64 *)ip_header;
+        v2 = data64[0] ^ padding64[1];
+        v3 = data64[1] ^ padding64[2];
+        data32 = (const UINT32 *)ip_header;
+        v4 = (UINT64)data32[4] ^ padding64[3];
+        i = 0;
+    }
+    else if (ipv6_header != NULL)
+    {
+        data64 = (const UINT64 *)ipv6_header;
+        v2 = data64[0] ^ padding64[1];
+        v3 = data64[1] ^ padding64[2];
+        v4 = data64[2] ^ padding64[3];
+        v[0] = data64[3] ^ padding64[4];
+        v[1] = data64[4] ^ padding64[5];
+        i = 2;
+    }
+    else
+        return 0;
+
+    if (tcp_header != NULL)
+    {
+        data64 = (const UINT64 *)tcp_header;
+        v[i] = data64[0] ^ padding64[i+4]; i++;
+        v[i] = data64[1] ^ padding64[i+4]; i++;
+        data32 = (const UINT32 *)tcp_header;
+        if (i <= 3)
+        {
+            v[i] = (UINT64)data32[4] ^ padding64[i+4]; i++;
+        }
+        else
+        {
+            v2 ^= ((UINT64)data32[4] << 32);
+        }
+    }
+    else
+    {
+        if (udp_header != NULL)
+        {
+            data64 = (const UINT64 *)udp_header;
+            v[i] = data64[0] ^ padding64[i+4]; i++;
+        }
+        else if (icmp_header != NULL)
+        {
+            data64 = (const UINT64 *)icmp_header;
+            v[i] = data64[0] ^ padding64[i+4]; i++;
+        }
+        else if (icmpv6_header != NULL)
+        {
+            data64 = (const UINT64 *)icmpv6_header;
+            v[i] = data64[0] ^ padding64[i+4]; i++;
+        }
+    }
+
+    while (i <= 3)
+    {
+        v[i] = seed ^ padding64[i+4]; i++;
+    }
+
+    // Hash
+    v1 = WinDivertXXH64Round(v[0], v1);
+    v2 = WinDivertXXH64Round(v[1], v2);
+    v3 = WinDivertXXH64Round(v[2], v3);
+    v4 = WinDivertXXH64Round(v[3], v4);
+    h64 = WINDIVERT_ROTL64(v1, 1) + WINDIVERT_ROTL64(v2, 7) +
+          WINDIVERT_ROTL64(v3, 12) + WINDIVERT_ROTL64(v4, 18);
+    h64 = WinDivertXXH64MergeRound(h64, v1);
+    h64 = WinDivertXXH64MergeRound(h64, v2);
+    h64 = WinDivertXXH64MergeRound(h64, v3);
+    h64 = WinDivertXXH64MergeRound(h64, v4); 
+    h64 += 32;          // "length"
+    h64 = WinDivertXXH64Avalanche(h64);
+
+    return h64;
+}
+

examples/flowtrack/flowtrack.c

@@ -0,0 +1,321 @@
+/*
+ * flowtrack.c
+ * (C) 2019, all rights reserved,
+ *
+ * This file is part of WinDivert.
+ *
+ * WinDivert is free software: you can redistribute it and/or modify it under
+ * the terms of the GNU Lesser General Public License as published by the
+ * Free Software Foundation, either version 3 of the License, or (at your
+ * option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * WinDivert is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ * 
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ * 
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc., 51
+ * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+
+/*
+ * DESCRIPTION:
+ *
+ * usage: flowtrack.exe [filter]
+ */
+
+#include <winsock2.h>
+#include <windows.h>
+#include <psapi.h>
+#include <shlwapi.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "windivert.h"
+
+#define MAX_FLOWS           256
+#define INET6_ADDRSTRLEN    45
+
+/*
+ * Flow tracking.
+ */
+typedef struct FLOW
+{
+    WINDIVERT_ADDRESS addr;
+    struct FLOW *next;
+} FLOW, *PFLOW;
+
+static HANDLE lock;
+static PFLOW flows = NULL;
+
+/*
+ * Draw flows to console in a delayed loop.
+ *
+ * This function does minimal error checking.
+ */
+static DWORD draw(LPVOID arg)
+{
+    const COORD top_left  = {0, 0};
+    HANDLE process, console = GetStdHandle(STD_OUTPUT_HANDLE);
+    CONSOLE_SCREEN_BUFFER_INFO screen;
+    char path[MAX_PATH+1];
+    char addr_str[INET6_ADDRSTRLEN+1];
+    char *filename;
+    const char header[] = "PID        PROGRAM              PROT   FLOW";
+    DWORD rows, columns, written, fill_len, path_len, i;
+    PFLOW flow;
+    WINDIVERT_ADDRESS addrs[MAX_FLOWS], *addr;
+    UINT num_addrs;
+
+    while (TRUE)
+    {
+        GetConsoleScreenBufferInfo(console, &screen);
+        SetConsoleCursorPosition(console, top_left); 
+
+        rows = screen.srWindow.Bottom - screen.srWindow.Top + 1;
+        columns = screen.srWindow.Right - screen.srWindow.Left + 1;
+
+        // Copy a snapshot of the current flows:
+        WaitForSingleObject(lock, INFINITE);
+        flow = flows;
+        num_addrs = 0;
+        for (i = 0; flow != NULL && i < rows && i < MAX_FLOWS; i++)
+        {
+            memcpy(&addrs[i], &flow->addr, sizeof(addrs[i]));
+            num_addrs++;
+            flow = flow->next;
+        }
+        ReleaseMutex(lock);
+
+        // Print the flows:
+        SetConsoleTextAttribute(console, BACKGROUND_RED | BACKGROUND_GREEN |
+            BACKGROUND_BLUE);
+        WriteConsole(console, header, sizeof(header)-1, &written, NULL);
+        fill_len = columns - (sizeof(header)-1);
+        if (fill_len > 0)
+        {
+            COORD pos = {sizeof(header)-1, 0};
+            FillConsoleOutputCharacterA(console, ' ', fill_len, pos,
+                &written);
+            FillConsoleOutputAttribute(console,
+                BACKGROUND_RED | BACKGROUND_GREEN | BACKGROUND_BLUE,
+                fill_len, pos, &written);
+        }
+        putchar('\n');
+        SetConsoleTextAttribute(console,
+            FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE);
+        for (i = 0; i < num_addrs && i < rows-1; i++)
+        {
+            COORD pos = {0, i+1};
+            addr = &addrs[i];
+            FillConsoleOutputCharacterA(console, ' ', columns, pos, &written);
+            FillConsoleOutputAttribute(console,
+                FOREGROUND_GREEN | FOREGROUND_RED | FOREGROUND_BLUE,
+                columns, pos, &written);
+            SetConsoleCursorPosition(console, pos);
+            if (i == rows-2 && (i+1) < num_addrs)
+            {
+                fputs("...", stdout);
+                fflush(stdout);
+                continue;
+            }
+
+            printf("%-10d ", addr->Flow.ProcessId);
+
+            process = OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION, FALSE,
+                addr->Flow.ProcessId);
+            path_len = 0;
+            if (process != NULL)
+            {
+                path_len = GetProcessImageFileName(process, path, sizeof(path));
+                CloseHandle(process);
+            }
+            SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN);
+            if (path_len != 0)
+            {
+                filename = PathFindFileName(path);
+                printf("%-20.20s ", filename);
+            }
+            else if (addr->Flow.ProcessId == 4)
+            {
+                fputs("Windows              ", stdout);
+            }
+            else
+            {
+                fputs("???                  ", stdout);
+            }
+            SetConsoleTextAttribute(console,
+                FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE);
+            switch (addr->Flow.Protocol)
+            {
+                case IPPROTO_TCP:
+                    SetConsoleTextAttribute(console, FOREGROUND_GREEN);
+                    printf("TCP    ");
+                    break;
+                case IPPROTO_UDP:
+                    SetConsoleTextAttribute(console,
+                        FOREGROUND_RED | FOREGROUND_GREEN);
+                    printf("UDP    ");
+                    break;
+                case IPPROTO_ICMP:
+                    SetConsoleTextAttribute(console, FOREGROUND_RED);
+                    printf("ICMP   ");
+                    break;
+                case IPPROTO_ICMPV6:
+                    SetConsoleTextAttribute(console, FOREGROUND_RED);
+                    printf("ICMPV6 ");
+                    break;
+                default:
+                    printf("%-6u ", addr->Flow.Protocol);
+                    break;
+            }
+            SetConsoleTextAttribute(console,
+                FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE);
+            WinDivertHelperFormatIPv6Address(addr->Flow.LocalAddr, addr_str,
+                sizeof(addr_str));
+            printf("%s:%u %s ", addr_str, addr->Flow.LocalPort,
+                (addr->Outbound? "---->": "<----"));
+            WinDivertHelperFormatIPv6Address(addr->Flow.RemoteAddr, addr_str,
+                sizeof(addr_str));
+            printf("%s:%u", addr_str, addr->Flow.RemotePort);
+            fflush(stdout);
+        }
+        for (; i < rows-1; i++)
+        {
+            COORD pos = {0, i+1};
+            FillConsoleOutputCharacterA(console, ' ', columns, pos, &written);
+            FillConsoleOutputAttribute(console,
+                FOREGROUND_GREEN | FOREGROUND_RED | FOREGROUND_BLUE,
+                columns, pos, &written);
+        }
+
+        Sleep(1000);
+    }
+}
+
+/*
+ * Entry.
+ */
+int __cdecl main(int argc, char **argv)
+{
+    HANDLE handle, thread;
+    INT16 priority = 776;       // Arbitrary.
+    const char *filter = "true", *err_str;
+    UINT packet_len;
+    WINDIVERT_ADDRESS addr;
+    PFLOW flow, prev;
+
+    switch (argc)
+    {
+        case 1:
+            break;
+        case 2:
+            filter = argv[1];
+            break;
+        default:
+            fprintf(stderr, "usage: %s [filter]\n", argv[0]);
+            exit(EXIT_FAILURE);
+    }
+
+    // Open WinDivert FLOW handle:
+    handle = WinDivertOpen(filter, WINDIVERT_LAYER_FLOW, priority, 
+        WINDIVERT_FLAG_SNIFF | WINDIVERT_FLAG_RECV_ONLY);
+    if (handle == INVALID_HANDLE_VALUE)
+    {
+        if (GetLastError() == ERROR_INVALID_PARAMETER &&
+            !WinDivertHelperCompileFilter(filter, WINDIVERT_LAYER_FLOW,
+                NULL, 0, &err_str, NULL))
+        {
+            fprintf(stderr, "error: invalid filter \"%s\"\n", err_str);
+            exit(EXIT_FAILURE);
+        }
+        fprintf(stderr, "error: failed to open the WinDivert device (%d)\n",
+            GetLastError());
+        return EXIT_FAILURE;
+    }
+
+    // Spawn the draw() thread.
+    lock = CreateMutex(NULL, FALSE, NULL);
+    thread = CreateThread(NULL, 1, (LPTHREAD_START_ROUTINE)draw, NULL, 0,
+        NULL);
+    if (thread == NULL)
+    {
+        fprintf(stderr, "error: failed to create thread (%d)\n",
+            GetLastError());
+        return EXIT_FAILURE;
+    }
+    CloseHandle(thread);
+
+    // Main loop:
+    while (TRUE)
+    {
+        if (!WinDivertRecv(handle, NULL, 0, NULL, &addr))
+        {
+            fprintf(stderr, "failed to read packet (%d)\n", GetLastError());
+            continue;
+        }
+
+        switch (addr.Event)
+        {
+            case WINDIVERT_EVENT_FLOW_ESTABLISHED:
+
+                // Flow established:
+                flow = (PFLOW)malloc(sizeof(FLOW));
+                if (flow == NULL)
+                {
+                    fprintf(stderr, "error: failed to allocate memory\n");
+                    exit(EXIT_FAILURE);
+                }
+                memcpy(&flow->addr, &addr, sizeof(flow->addr));
+                WaitForSingleObject(lock, INFINITE);
+                flow->next = flows;
+                flows = flow;
+                ReleaseMutex(lock);
+                break;
+
+            case WINDIVERT_EVENT_FLOW_DELETED:
+
+                // Flow deleted:
+                prev = NULL;
+                WaitForSingleObject(lock, INFINITE);
+                flow = flows;
+                while (flow != NULL)
+                {
+                    if (memcmp(&addr.Flow, &flow->addr.Flow,
+                            sizeof(addr.Flow)) == 0)
+                    {
+                        if (prev != NULL)
+                        {
+                            prev->next = flow->next;
+                        }
+                        else
+                        {
+                            flows = flow->next;
+                        }
+                        break;
+                    }
+                    prev = flow;
+                    flow = flow->next;
+                }
+                ReleaseMutex(lock);
+                free(flow);
+        }
+    }
+
+    return 0;
+}
+

examples/flowtrack/flowtrack.vcxproj

@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+
+    flowtrack.vcxproj
+    (C) 2019, all rights reserved,
+    
+    This file is part of WinDivert.
+    
+    WinDivert is free software: you can redistribute it and/or modify it under
+    the terms of the GNU Lesser General Public License as published by the
+    Free Software Foundation, either version 3 of the License, or (at your
+    option) any later version.
+    
+    This program is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+    or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+    License for more details.
+    
+    You should have received a copy of the GNU Lesser General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+    
+    WinDivert is free software; you can redistribute it and/or modify it under
+    the terms of the GNU General Public License as published by the Free
+    Software Foundation; either version 2 of the License, or (at your option)
+    any later version.
+    
+    This program is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+    or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+    for more details.
+    
+    You should have received a copy of the GNU General Public License along
+    with this program; if not, write to the Free Software Foundation, Inc., 51
+    Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+    
+-->
+<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+ <ItemGroup Label="ProjectConfigurations">
+  <ProjectConfiguration Include="Release|Win32">
+   <Configuration>Release</Configuration>
+   <Platform>Win32</Platform>
+  </ProjectConfiguration>
+  <ProjectConfiguration Include="Release|x64">
+   <Configuration>Release</Configuration>
+   <Platform>x64</Platform>
+  </ProjectConfiguration>
+ </ItemGroup>
+ <ItemGroup>
+  <ClCompile Include="flowtrack.c">
+   <TreatWarningAsError>false</TreatWarningAsError>
+   <Optimization>MinSpace</Optimization>
+   <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+   <AdditionalIncludeDirectories>..\..\include</AdditionalIncludeDirectories>
+  </ClCompile>
+ </ItemGroup>
+ <PropertyGroup Label="Globals">
+  <RootNamespace>flowtrack</RootNamespace>
+  <ProjectName>flowtrack</ProjectName>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props"/>
+ <PropertyGroup Label="Configuration">
+  <PlatformToolset>v140</PlatformToolset>
+  <ConfigurationType>Application</ConfigurationType>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+ <ItemDefinitionGroup>
+  <Link>
+   <AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">..\..\install\MSVC\i386\WinDivert.lib;shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+   <AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Release|x64'">..\..\install\MSVC\amd64\WinDivert.lib;shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+  </Link>
+ </ItemDefinitionGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+</Project>

examples/netdump/netdump.c

@@ -1,6 +1,6 @@
 /*
  * netdump.c
- * (C) 2018, all rights reserved,
+ * (C) 2019, all rights reserved,
  *
  * This file is part of WinDivert.
  *
@@ -41,7 +41,6 @@
  *
  */
 
-#include <winsock2.h>
 #include <windows.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -49,7 +48,11 @@
 
 #include "windivert.h"
 
-#define MAXBUF  0xFFFF
+#define ntohs(x)            WinDivertHelperNtohs(x)
+#define ntohl(x)            WinDivertHelperNtohl(x)
+
+#define MAXBUF              WINDIVERT_MTU_MAX
+#define INET6_ADDRSTRLEN    45
 
 /*
  * Entry.
@@ -68,6 +71,9 @@ int __cdecl main(int argc, char **argv)
     PWINDIVERT_ICMPV6HDR icmpv6_header;
     PWINDIVERT_TCPHDR tcp_header;
     PWINDIVERT_UDPHDR udp_header;
+    UINT32 src_addr[4], dst_addr[4];
+    UINT64 hash;
+    char src_str[INET6_ADDRSTRLEN+1], dst_str[INET6_ADDRSTRLEN+1];
     const char *err_str;
     LARGE_INTEGER base, freq;
     double time_passed;
@@ -96,12 +102,12 @@ int __cdecl main(int argc, char **argv)
 
     // Divert traffic matching the filter:
     handle = WinDivertOpen(argv[1], WINDIVERT_LAYER_NETWORK, priority,
-        WINDIVERT_FLAG_SNIFF);
+        WINDIVERT_FLAG_SNIFF | WINDIVERT_FLAG_FRAGMENTS);
     if (handle == INVALID_HANDLE_VALUE)
     {
         if (GetLastError() == ERROR_INVALID_PARAMETER &&
-            !WinDivertHelperCheckFilter(argv[1], WINDIVERT_LAYER_NETWORK,
-                &err_str, NULL))
+            !WinDivertHelperCompileFilter(argv[1], WINDIVERT_LAYER_NETWORK,
+                NULL, 0, &err_str, NULL))
         {
             fprintf(stderr, "error: invalid filter \"%s\"\n", err_str);
             exit(EXIT_FAILURE);
@@ -112,18 +118,27 @@ int __cdecl main(int argc, char **argv)
     }
 
     // Max-out the packet queue:
-    if (!WinDivertSetParam(handle, WINDIVERT_PARAM_QUEUE_LEN, 8192))
+    if (!WinDivertSetParam(handle, WINDIVERT_PARAM_QUEUE_LENGTH, 
+            WINDIVERT_PARAM_QUEUE_LENGTH_MAX))
     {
         fprintf(stderr, "error: failed to set packet queue length (%d)\n",
             GetLastError());
         exit(EXIT_FAILURE);
     }
-    if (!WinDivertSetParam(handle, WINDIVERT_PARAM_QUEUE_TIME, 2048))
+    if (!WinDivertSetParam(handle, WINDIVERT_PARAM_QUEUE_TIME,
+            WINDIVERT_PARAM_QUEUE_TIME_MAX))
     {
         fprintf(stderr, "error: failed to set packet queue time (%d)\n",
             GetLastError());
         exit(EXIT_FAILURE);
     }
+    if (!WinDivertSetParam(handle, WINDIVERT_PARAM_QUEUE_SIZE,
+            WINDIVERT_PARAM_QUEUE_SIZE_MAX))
+    {
+        fprintf(stderr, "error: failed to set packet queue size (%d)\n",
+            GetLastError());
+        exit(EXIT_FAILURE);
+    }
 
     // Set up timing:
     QueryPerformanceFrequency(&freq);
@@ -133,7 +148,7 @@ int __cdecl main(int argc, char **argv)
     while (TRUE)
     {
         // Read a matching packet.
-        if (!WinDivertRecv(handle, packet, sizeof(packet), &addr, &packet_len))
+        if (!WinDivertRecv(handle, packet, sizeof(packet), &packet_len, &addr))
         {
             fprintf(stderr, "warning: failed to read packet (%d)\n",
                 GetLastError());
@@ -141,9 +156,9 @@ int __cdecl main(int argc, char **argv)
         }
 
         // Print info about the matching packet.
-        WinDivertHelperParsePacket(packet, packet_len, &ip_header,
-            &ipv6_header, &icmp_header, &icmpv6_header, &tcp_header,
-            &udp_header, NULL, NULL);
+        WinDivertHelperParsePacket(packet, packet_len, &ip_header, &ipv6_header,
+            NULL, &icmp_header, &icmpv6_header, &tcp_header, &udp_header, NULL,
+            NULL, NULL, NULL);
         if (ip_header == NULL && ipv6_header == NULL)
         {
             fprintf(stderr, "warning: junk packet\n");
@@ -154,57 +169,49 @@ int __cdecl main(int argc, char **argv)
         SetConsoleTextAttribute(console, FOREGROUND_RED);
         time_passed = (double)(addr.Timestamp - base.QuadPart) /
             (double)freq.QuadPart;
+        hash = WinDivertHelperHashPacket(packet, packet_len, 0);
         printf("Packet [Timestamp=%.8g, Direction=%s IfIdx=%u SubIfIdx=%u "
-            "Loopback=%u]\n",
-            time_passed, (addr.Direction == WINDIVERT_DIRECTION_OUTBOUND?
-                "outbound": "inbound"), addr.IfIdx, addr.SubIfIdx,
-                addr.Loopback);
+            "Loopback=%u Hash=0x%.16llX]\n",
+            time_passed, (addr.Outbound?  "outbound": "inbound"),
+            addr.Network.IfIdx, addr.Network.SubIfIdx, addr.Loopback, hash);
         if (ip_header != NULL)
         {
-            UINT8 *src_addr = (UINT8 *)&ip_header->SrcAddr;
-            UINT8 *dst_addr = (UINT8 *)&ip_header->DstAddr;
+            WinDivertHelperFormatIPv4Address(ntohl(ip_header->SrcAddr),
+                src_str, sizeof(src_str));
+            WinDivertHelperFormatIPv4Address(ntohl(ip_header->DstAddr),
+                dst_str, sizeof(dst_str));
             SetConsoleTextAttribute(console,
                 FOREGROUND_GREEN | FOREGROUND_RED);
             printf("IPv4 [Version=%u HdrLength=%u TOS=%u Length=%u Id=0x%.4X "
                 "Reserved=%u DF=%u MF=%u FragOff=%u TTL=%u Protocol=%u "
-                "Checksum=0x%.4X SrcAddr=%u.%u.%u.%u DstAddr=%u.%u.%u.%u]\n",
+                "Checksum=0x%.4X SrcAddr=%s DstAddr=%s]\n",
                 ip_header->Version, ip_header->HdrLength,
                 ntohs(ip_header->TOS), ntohs(ip_header->Length),
                 ntohs(ip_header->Id), WINDIVERT_IPHDR_GET_RESERVED(ip_header),
                 WINDIVERT_IPHDR_GET_DF(ip_header),
                 WINDIVERT_IPHDR_GET_MF(ip_header),
                 ntohs(WINDIVERT_IPHDR_GET_FRAGOFF(ip_header)), ip_header->TTL,
-                ip_header->Protocol, ntohs(ip_header->Checksum),
-                src_addr[0], src_addr[1], src_addr[2], src_addr[3],
-                dst_addr[0], dst_addr[1], dst_addr[2], dst_addr[3]);
+                ip_header->Protocol, ntohs(ip_header->Checksum), src_str,
+                dst_str);
+
         }
         if (ipv6_header != NULL)
         {
-            UINT16 *src_addr = (UINT16 *)&ipv6_header->SrcAddr;
-            UINT16 *dst_addr = (UINT16 *)&ipv6_header->DstAddr;
+            WinDivertHelperNtohIPv6Address(ipv6_header->SrcAddr, src_addr);
+            WinDivertHelperNtohIPv6Address(ipv6_header->DstAddr, dst_addr);
+            WinDivertHelperFormatIPv6Address(src_addr, src_str,
+                sizeof(src_str));
+            WinDivertHelperFormatIPv6Address(dst_addr, dst_str,
+                sizeof(dst_str));
             SetConsoleTextAttribute(console,
                 FOREGROUND_GREEN | FOREGROUND_RED);
             printf("IPv6 [Version=%u TrafficClass=%u FlowLabel=%u Length=%u "
-                "NextHdr=%u HopLimit=%u SrcAddr=",
+                "NextHdr=%u HopLimit=%u SrcAddr=%s DstAddr=%s]\n",
                 ipv6_header->Version,
                 WINDIVERT_IPV6HDR_GET_TRAFFICCLASS(ipv6_header),
                 ntohl(WINDIVERT_IPV6HDR_GET_FLOWLABEL(ipv6_header)),
                 ntohs(ipv6_header->Length), ipv6_header->NextHdr,
-                ipv6_header->HopLimit);
-            for (i = 0; i < 8; i++)
-            {
-                printf("%x%c", ntohs(src_addr[i]), (i == 7? ' ': ':'));
-            } 
-            fputs("DstAddr=", stdout);
-            for (i = 0; i < 8; i++)
-            {
-                printf("%x", ntohs(dst_addr[i]));
-                if (i != 7)
-                {
-                    putchar(':');
-                }
-            }
-            fputs("]\n", stdout);
+                ipv6_header->HopLimit, src_str, dst_str);
         }
         if (icmp_header != NULL)
         {

examples/netdump/netdump.vcxproj

@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+
+    netdump.vcxproj
+    (C) 2019, all rights reserved,
+    
+    This file is part of WinDivert.
+    
+    WinDivert is free software: you can redistribute it and/or modify it under
+    the terms of the GNU Lesser General Public License as published by the
+    Free Software Foundation, either version 3 of the License, or (at your
+    option) any later version.
+    
+    This program is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+    or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+    License for more details.
+    
+    You should have received a copy of the GNU Lesser General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+    
+    WinDivert is free software; you can redistribute it and/or modify it under
+    the terms of the GNU General Public License as published by the Free
+    Software Foundation; either version 2 of the License, or (at your option)
+    any later version.
+    
+    This program is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+    or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+    for more details.
+    
+    You should have received a copy of the GNU General Public License along
+    with this program; if not, write to the Free Software Foundation, Inc., 51
+    Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+    
+-->
+<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+ <ItemGroup Label="ProjectConfigurations">
+  <ProjectConfiguration Include="Release|Win32">
+   <Configuration>Release</Configuration>
+   <Platform>Win32</Platform>
+  </ProjectConfiguration>
+  <ProjectConfiguration Include="Release|x64">
+   <Configuration>Release</Configuration>
+   <Platform>x64</Platform>
+  </ProjectConfiguration>
+ </ItemGroup>
+ <ItemGroup>
+  <ClCompile Include="netdump.c">
+   <TreatWarningAsError>false</TreatWarningAsError>
+   <Optimization>MinSpace</Optimization>
+   <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+   <AdditionalIncludeDirectories>..\..\include</AdditionalIncludeDirectories>
+  </ClCompile>
+ </ItemGroup>
+ <PropertyGroup Label="Globals">
+  <RootNamespace>netdump</RootNamespace>
+  <ProjectName>netdump</ProjectName>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props"/>
+ <PropertyGroup Label="Configuration">
+  <PlatformToolset>v140</PlatformToolset>
+  <ConfigurationType>Application</ConfigurationType>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+ <ItemDefinitionGroup>
+  <Link>
+   <AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">..\..\install\MSVC\i386\WinDivert.lib;%(AdditionalDependencies)</AdditionalDependencies>
+   <AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Release|x64'">..\..\install\MSVC\amd64\WinDivert.lib;%(AdditionalDependencies)</AdditionalDependencies>
+  </Link>
+ </ItemDefinitionGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+</Project>

examples/netfilter/netfilter.c

@@ -1,6 +1,6 @@
 /*
  * netfilter.c
- * (C) 2018, all rights reserved,
+ * (C) 2019, all rights reserved,
  *
  * This file is part of WinDivert.
  *
@@ -47,7 +47,6 @@
  * This program is similar to Linux's iptables with the "-j REJECT" target.
  */
 
-#include <winsock2.h>
 #include <windows.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -55,7 +54,14 @@
 
 #include "windivert.h"
 
-#define MAXBUF  0xFFFF
+#define ntohs(x)            WinDivertHelperNtohs(x)
+#define ntohl(x)            WinDivertHelperNtohl(x)
+#define htons(x)            WinDivertHelperHtons(x)
+#define htonl(x)            WinDivertHelperHtonl(x)
+
+#define MAXBUF              WINDIVERT_MTU_MAX
+#define INET6_ADDRSTRLEN    45
+#define IPPROTO_ICMPV6      58
 
 /*
  * Pre-fabricated packets.
@@ -113,6 +119,8 @@ int __cdecl main(int argc, char **argv)
     PWINDIVERT_ICMPV6HDR icmpv6_header;
     PWINDIVERT_TCPHDR tcp_header;
     PWINDIVERT_UDPHDR udp_header;
+    UINT32 src_addr[4], dst_addr[4];
+    char src_str[INET6_ADDRSTRLEN+1], dst_str[INET6_ADDRSTRLEN+1];
     UINT payload_len;
     const char *err_str;
     
@@ -170,8 +178,8 @@ int __cdecl main(int argc, char **argv)
     if (handle == INVALID_HANDLE_VALUE)
     {
         if (GetLastError() == ERROR_INVALID_PARAMETER &&
-            !WinDivertHelperCheckFilter(argv[1], WINDIVERT_LAYER_NETWORK,
-                &err_str, NULL))
+            !WinDivertHelperCompileFilter(argv[1], WINDIVERT_LAYER_NETWORK,
+                NULL, 0, &err_str, NULL))
         {
             fprintf(stderr, "error: invalid filter \"%s\"\n", err_str);
             exit(EXIT_FAILURE);
@@ -185,17 +193,17 @@ int __cdecl main(int argc, char **argv)
     while (TRUE)
     {
         // Read a matching packet.
-        if (!WinDivertRecv(handle, packet, sizeof(packet), &recv_addr,
-                &packet_len))
+        if (!WinDivertRecv(handle, packet, sizeof(packet), &packet_len,
+                &recv_addr))
         {
             fprintf(stderr, "warning: failed to read packet\n");
             continue;
         }
        
         // Print info about the matching packet.
-        WinDivertHelperParsePacket(packet, packet_len, &ip_header,
-            &ipv6_header, &icmp_header, &icmpv6_header, &tcp_header,
-            &udp_header, NULL, &payload_len);
+        WinDivertHelperParsePacket(packet, packet_len, &ip_header, &ipv6_header,
+            NULL, &icmp_header, &icmpv6_header, &tcp_header, &udp_header, NULL,
+            &payload_len, NULL, NULL);
         if (ip_header == NULL && ipv6_header == NULL)
         {
             continue;
@@ -208,28 +216,21 @@ int __cdecl main(int argc, char **argv)
             FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE);
         if (ip_header != NULL)
         {
-            UINT8 *src_addr = (UINT8 *)&ip_header->SrcAddr;
-            UINT8 *dst_addr = (UINT8 *)&ip_header->DstAddr;
-            printf("ip.SrcAddr=%u.%u.%u.%u ip.DstAddr=%u.%u.%u.%u ",
-                src_addr[0], src_addr[1], src_addr[2], src_addr[3],
-                dst_addr[0], dst_addr[1], dst_addr[2], dst_addr[3]);
+            WinDivertHelperFormatIPv4Address(ntohl(ip_header->SrcAddr),
+                src_str, sizeof(src_str));
+            WinDivertHelperFormatIPv4Address(ntohl(ip_header->DstAddr),
+                dst_str, sizeof(dst_str));
         }
         if (ipv6_header != NULL)
         {
-            UINT16 *src_addr = (UINT16 *)&ipv6_header->SrcAddr;
-            UINT16 *dst_addr = (UINT16 *)&ipv6_header->DstAddr;
-            fputs("ipv6.SrcAddr=", stdout);
-            for (i = 0; i < 8; i++)
-            {
-                printf("%x%c", ntohs(src_addr[i]), (i == 7? ' ': ':'));
-            } 
-            fputs(" ipv6.DstAddr=", stdout);
-            for (i = 0; i < 8; i++)
-            {
-                printf("%x%c", ntohs(dst_addr[i]), (i == 7? ' ': ':'));
-            }
-            putchar(' ');
+            WinDivertHelperNtohIPv6Address(ipv6_header->SrcAddr, src_addr);
+            WinDivertHelperNtohIPv6Address(ipv6_header->DstAddr, dst_addr);
+            WinDivertHelperFormatIPv6Address(src_addr, src_str,
+                sizeof(src_str));
+            WinDivertHelperFormatIPv6Address(dst_addr, dst_str,
+                sizeof(dst_str));
         }
+        printf("ip.SrcAddr=%s ip.DstAddr=%s ", src_str, dst_str);
         if (icmp_header != NULL)
         {
             printf("icmp.Type=%u icmp.Code=%u ",
@@ -287,11 +288,11 @@ int __cdecl main(int argc, char **argv)
                         htonl(ntohl(tcp_header->SeqNum) + payload_len));
 
                 memcpy(&send_addr, &recv_addr, sizeof(send_addr));
-                send_addr.Direction = !recv_addr.Direction;
+                send_addr.Outbound = !recv_addr.Outbound;
                 WinDivertHelperCalcChecksums((PVOID)reset, sizeof(TCPPACKET),
                     &send_addr, 0);
                 if (!WinDivertSend(handle, (PVOID)reset, sizeof(TCPPACKET),
-                        &send_addr, NULL))
+                        NULL, &send_addr))
                 {
                     fprintf(stderr, "warning: failed to send TCP reset (%d)\n",
                         GetLastError());
@@ -314,11 +315,11 @@ int __cdecl main(int argc, char **argv)
                         htonl(ntohl(tcp_header->SeqNum) + payload_len));
 
                 memcpy(&send_addr, &recv_addr, sizeof(send_addr));
-                send_addr.Direction = !recv_addr.Direction;
+                send_addr.Outbound = !recv_addr.Outbound;
                 WinDivertHelperCalcChecksums((PVOID)resetv6,
                     sizeof(TCPV6PACKET), &send_addr, 0);
                 if (!WinDivertSend(handle, (PVOID)resetv6, sizeof(TCPV6PACKET),
-                        &send_addr, NULL))
+                        NULL, &send_addr))
                 {
                     fprintf(stderr, "warning: failed to send TCP (IPV6) "
                         "reset (%d)\n", GetLastError());
@@ -340,11 +341,11 @@ int __cdecl main(int argc, char **argv)
                 dnr->ip.DstAddr = ip_header->SrcAddr;
                 
                 memcpy(&send_addr, &recv_addr, sizeof(send_addr));
-                send_addr.Direction = !recv_addr.Direction;
+                send_addr.Outbound = !recv_addr.Outbound;
                 WinDivertHelperCalcChecksums((PVOID)dnr, icmp_length,
                     &send_addr, 0);
-                if (!WinDivertSend(handle, (PVOID)dnr, icmp_length, &send_addr,
-                    NULL))
+                if (!WinDivertSend(handle, (PVOID)dnr, icmp_length, NULL,
+                        &send_addr))
                 {
                     fprintf(stderr, "warning: failed to send ICMP message "
                         "(%d)\n", GetLastError());
@@ -363,11 +364,11 @@ int __cdecl main(int argc, char **argv)
                     sizeof(dnrv6->ipv6.DstAddr));
                 
                 memcpy(&send_addr, &recv_addr, sizeof(send_addr));
-                send_addr.Direction = !recv_addr.Direction;
+                send_addr.Outbound = !recv_addr.Outbound;
                 WinDivertHelperCalcChecksums((PVOID)dnrv6, icmpv6_length,
                     &send_addr, 0);
                 if (!WinDivertSend(handle, (PVOID)dnrv6, icmpv6_length,
-                        &send_addr, NULL))
+                        NULL, &send_addr))
                 {
                     fprintf(stderr, "warning: failed to send ICMPv6 message "
                         "(%d)\n", GetLastError());

examples/netfilter/netfilter.vcxproj

@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+
+    netfilter.vcxproj
+    (C) 2019, all rights reserved,
+    
+    This file is part of WinDivert.
+    
+    WinDivert is free software: you can redistribute it and/or modify it under
+    the terms of the GNU Lesser General Public License as published by the
+    Free Software Foundation, either version 3 of the License, or (at your
+    option) any later version.
+    
+    This program is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+    or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+    License for more details.
+    
+    You should have received a copy of the GNU Lesser General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+    
+    WinDivert is free software; you can redistribute it and/or modify it under
+    the terms of the GNU General Public License as published by the Free
+    Software Foundation; either version 2 of the License, or (at your option)
+    any later version.
+    
+    This program is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+    or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+    for more details.
+    
+    You should have received a copy of the GNU General Public License along
+    with this program; if not, write to the Free Software Foundation, Inc., 51
+    Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+    
+-->
+<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+ <ItemGroup Label="ProjectConfigurations">
+  <ProjectConfiguration Include="Release|Win32">
+   <Configuration>Release</Configuration>
+   <Platform>Win32</Platform>
+  </ProjectConfiguration>
+  <ProjectConfiguration Include="Release|x64">
+   <Configuration>Release</Configuration>
+   <Platform>x64</Platform>
+  </ProjectConfiguration>
+ </ItemGroup>
+ <ItemGroup>
+  <ClCompile Include="netfilter.c">
+   <TreatWarningAsError>false</TreatWarningAsError>
+   <Optimization>MinSpace</Optimization>
+   <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+   <AdditionalIncludeDirectories>..\..\include</AdditionalIncludeDirectories>
+  </ClCompile>
+ </ItemGroup>
+ <PropertyGroup Label="Globals">
+  <RootNamespace>netfilter</RootNamespace>
+  <ProjectName>netfilter</ProjectName>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props"/>
+ <PropertyGroup Label="Configuration">
+  <PlatformToolset>v140</PlatformToolset>
+  <ConfigurationType>Application</ConfigurationType>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+ <ItemDefinitionGroup>
+  <Link>
+   <AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">..\..\install\MSVC\i386\WinDivert.lib;%(AdditionalDependencies)</AdditionalDependencies>
+   <AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Release|x64'">..\..\install\MSVC\amd64\WinDivert.lib;%(AdditionalDependencies)</AdditionalDependencies>
+  </Link>
+ </ItemDefinitionGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+</Project>

examples/passthru/passthru.c

@@ -1,6 +1,6 @@
 /*
  * passthru.c
- * (C) 2018, all rights reserved,
+ * (C) 2019, all rights reserved,
  *
  * This file is part of WinDivert.
  *
@@ -37,7 +37,7 @@
  * This program does nothing except divert packets and re-inject them.  This is
  * useful for performance testing.
  *
- * usage: netdump.exe windivert-filter num-threads
+ * usage: passthru.exe [windivert-filter] [num-threads] [batch-size] [priority]
  */
 
 #include <winsock2.h>
@@ -47,7 +47,13 @@
 
 #include "windivert.h"
 
-#define MAXBUF  0xFFFF
+#define MTU 1500
+
+typedef struct
+{
+    HANDLE handle;
+    int batch;
+} CONFIG, *PCONFIG;
 
 static DWORD passthru(LPVOID arg);
 
@@ -56,27 +62,53 @@ static DWORD passthru(LPVOID arg);
  */
 int __cdecl main(int argc, char **argv)
 {
-    int num_threads, priority = 0, i;
+    const char *filter = "true";
+    int threads = 1, batch = 1, priority = 0;
+    int i;
     HANDLE handle, thread;
+    CONFIG config;
 
-    if (argc != 3 && argc != 4)
+    if (argc > 5)
     {
-        fprintf(stderr, "usage: %s filter num-threads [priority]\n", argv[0]);
+        fprintf(stderr, "usage: %s [filter] [num-threads] [batch-size] "
+            "[priority]\n", argv[0]);
         exit(EXIT_FAILURE);
     }
-    num_threads = atoi(argv[2]);
-    if (num_threads < 1 || num_threads > 64)
+    if (argc >= 2)
     {
-        fprintf(stderr, "error: invalid number of threads\n");
-        exit(EXIT_FAILURE);
+        filter = argv[1];
     }
-    if (argc == 4)
+    if (argc >= 3)
     {
-        priority = atoi(argv[3]);
+        threads = atoi(argv[2]);
+        if (threads < 1 || threads > 64)
+        {
+            fprintf(stderr, "error: invalid number of threads\n");
+            exit(EXIT_FAILURE);
+        }
+    }
+    if (argc >= 4)
+    {
+        batch = atoi(argv[3]);
+        if (batch <= 0 || batch > WINDIVERT_BATCH_MAX)
+        {
+            fprintf(stderr, "error: invalid batch size\n");
+            exit(EXIT_FAILURE);
+        }
+    }
+    if (argc >= 5)
+    {
+        priority = atoi(argv[4]);
+        if (priority < WINDIVERT_PRIORITY_LOWEST ||
+            priority > WINDIVERT_PRIORITY_HIGHEST)
+        {
+            fprintf(stderr, "error: invalid priority value\n");
+            exit(EXIT_FAILURE);
+        }
     }
 
     // Divert traffic matching the filter:
-    handle = WinDivertOpen(argv[1], WINDIVERT_LAYER_NETWORK, (INT16)priority,
+    handle = WinDivertOpen(filter, WINDIVERT_LAYER_NETWORK, (INT16)priority,
         0);
     if (handle == INVALID_HANDLE_VALUE)
     {
@@ -91,20 +123,22 @@ int __cdecl main(int argc, char **argv)
     }
 
     // Start the threads
-    for (i = 1; i < num_threads; i++)
+    config.handle = handle;
+    config.batch = batch;
+    for (i = 1; i < threads; i++)
     {
         thread = CreateThread(NULL, 1, (LPTHREAD_START_ROUTINE)passthru,
-            (LPVOID)handle, 0, NULL);
+            (LPVOID)&config, 0, NULL);
         if (thread == NULL)
         {
-            fprintf(stderr, "error: failed to start passthru thread (%u)\n",
+            fprintf(stderr, "error: failed to start passthru thread (%d)\n",
                 GetLastError());
             exit(EXIT_FAILURE);
         }
     }
 
     // Main thread:
-    passthru((LPVOID)handle);
+    passthru((LPVOID)&config);
 
     return 0;
 }
@@ -112,16 +146,35 @@ int __cdecl main(int argc, char **argv)
 // Passthru thread.
 static DWORD passthru(LPVOID arg)
 {
-    unsigned char packet[MAXBUF];
-    UINT packet_len;
-    WINDIVERT_ADDRESS addr;
-    HANDLE handle = (HANDLE)arg;
+    UINT8 *packet;
+    UINT packet_len, recv_len, addr_len;
+    WINDIVERT_ADDRESS *addr;
+    PCONFIG config = (PCONFIG)arg;
+    HANDLE handle;
+    int batch;
+
+    handle = config->handle;
+    batch = config->batch;
+
+    packet_len = batch * MTU;
+    packet_len =
+        (packet_len < WINDIVERT_MTU_MAX? WINDIVERT_MTU_MAX: packet_len);
+    packet = (UINT8 *)malloc(packet_len);
+    addr = (WINDIVERT_ADDRESS *)malloc(batch * sizeof(WINDIVERT_ADDRESS));
+    if (packet == NULL || addr == NULL)
+    {
+        fprintf(stderr, "error: failed to allocate buffer (%d)\n",
+            GetLastError());
+        exit(EXIT_FAILURE);
+    }
 
     // Main loop:
     while (TRUE)
     {
         // Read a matching packet.
-        if (!WinDivertRecv(handle, packet, sizeof(packet), &addr, &packet_len))
+        addr_len = batch * sizeof(WINDIVERT_ADDRESS);
+        if (!WinDivertRecvEx(handle, packet, packet_len, &recv_len, 0,
+                addr, &addr_len, NULL))
         {
             fprintf(stderr, "warning: failed to read packet (%d)\n",
                 GetLastError());
@@ -129,7 +182,8 @@ static DWORD passthru(LPVOID arg)
         }
 
         // Re-inject the matching packet.
-        if (!WinDivertSend(handle, packet, packet_len, &addr, NULL))
+        if (!WinDivertSendEx(handle, packet, recv_len, NULL, 0, addr,
+                addr_len, NULL))
         {
             fprintf(stderr, "warning: failed to reinject packet (%d)\n",
                 GetLastError());

examples/passthru/passthru.vcxproj

@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+
+    passthru.vcxproj
+    (C) 2019, all rights reserved,
+    
+    This file is part of WinDivert.
+    
+    WinDivert is free software: you can redistribute it and/or modify it under
+    the terms of the GNU Lesser General Public License as published by the
+    Free Software Foundation, either version 3 of the License, or (at your
+    option) any later version.
+    
+    This program is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+    or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+    License for more details.
+    
+    You should have received a copy of the GNU Lesser General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+    
+    WinDivert is free software; you can redistribute it and/or modify it under
+    the terms of the GNU General Public License as published by the Free
+    Software Foundation; either version 2 of the License, or (at your option)
+    any later version.
+    
+    This program is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+    or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+    for more details.
+    
+    You should have received a copy of the GNU General Public License along
+    with this program; if not, write to the Free Software Foundation, Inc., 51
+    Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+    
+-->
+<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+ <ItemGroup Label="ProjectConfigurations">
+  <ProjectConfiguration Include="Release|Win32">
+   <Configuration>Release</Configuration>
+   <Platform>Win32</Platform>
+  </ProjectConfiguration>
+  <ProjectConfiguration Include="Release|x64">
+   <Configuration>Release</Configuration>
+   <Platform>x64</Platform>
+  </ProjectConfiguration>
+ </ItemGroup>
+ <ItemGroup>
+  <ClCompile Include="passthru.c">
+   <TreatWarningAsError>false</TreatWarningAsError>
+   <Optimization>MinSpace</Optimization>
+   <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+   <AdditionalIncludeDirectories>..\..\include</AdditionalIncludeDirectories>
+  </ClCompile>
+ </ItemGroup>
+ <PropertyGroup Label="Globals">
+  <RootNamespace>passthru</RootNamespace>
+  <ProjectName>passthru</ProjectName>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props"/>
+ <PropertyGroup Label="Configuration">
+  <PlatformToolset>v140</PlatformToolset>
+  <ConfigurationType>Application</ConfigurationType>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+ <ItemDefinitionGroup>
+  <Link>
+   <AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">..\..\install\MSVC\i386\WinDivert.lib;%(AdditionalDependencies)</AdditionalDependencies>
+   <AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Release|x64'">..\..\install\MSVC\amd64\WinDivert.lib;%(AdditionalDependencies)</AdditionalDependencies>
+  </Link>
+ </ItemDefinitionGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+</Project>

examples/socketdump/socketdump.c

@@ -0,0 +1,247 @@
+/*
+ * socketdump.c
+ * (C) 2019, all rights reserved,
+ *
+ * This file is part of WinDivert.
+ *
+ * WinDivert is free software: you can redistribute it and/or modify it under
+ * the terms of the GNU Lesser General Public License as published by the
+ * Free Software Foundation, either version 3 of the License, or (at your
+ * option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * WinDivert is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ * 
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ * 
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc., 51
+ * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+
+/*
+ * DESCRIPTION:
+ *
+ * usage: socketdump.exe [filter]
+ *        socketdump.exe --block [filter]
+ */
+
+#include <winsock2.h>
+#include <windows.h>
+#include <psapi.h>
+#include <shlwapi.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "windivert.h"
+
+#define INET6_ADDRSTRLEN    45
+
+/*
+ * Entry.
+ */
+int __cdecl main(int argc, char **argv)
+{
+    HANDLE handle, process, console;
+    INT16 priority = 1121;          // Arbitrary.
+    const char *filter = "true", *err_str;
+    char path[MAX_PATH+1];
+    char local_str[INET6_ADDRSTRLEN+1], remote_str[INET6_ADDRSTRLEN+1];
+    char *filename;
+    DWORD path_len;
+    WINDIVERT_ADDRESS addr;
+    BOOL block = FALSE;
+
+    switch (argc)
+    {
+        case 1:
+            break;
+        case 2:
+            if (strcmp(argv[1], "--block") == 0)
+            {
+                block = TRUE;
+            }
+            else
+            {
+                filter = argv[1];
+            }
+            break;
+        case 3:
+            if (strcmp(argv[1], "--block") == 0)
+            {
+                block = TRUE;
+                filter = argv[2];
+                break;
+            }
+            // Fallthrough:
+        default:
+            fprintf(stderr, "usage: %s [filter]\n", argv[0]);
+            fprintf(stderr, "       %s --block [filter]\n", argv[0]);
+            exit(EXIT_FAILURE);
+    }
+
+    // Open WinDivert SOCKET handle:
+    handle = WinDivertOpen(filter, WINDIVERT_LAYER_SOCKET, priority, 
+        (block? 0: WINDIVERT_FLAG_SNIFF) | WINDIVERT_FLAG_RECV_ONLY);
+    if (handle == INVALID_HANDLE_VALUE)
+    {
+        if (GetLastError() == ERROR_INVALID_PARAMETER &&
+            !WinDivertHelperCompileFilter(filter, WINDIVERT_LAYER_SOCKET,
+                NULL, 0, &err_str, NULL))
+        {
+            fprintf(stderr, "error: invalid filter \"%s\"\n", err_str);
+            exit(EXIT_FAILURE);
+        }
+        fprintf(stderr, "error: failed to open the WinDivert device (%d)\n",
+            GetLastError());
+        return EXIT_FAILURE;
+    }
+
+    // Main loop:
+    console = GetStdHandle(STD_OUTPUT_HANDLE);
+    while (TRUE)
+    {
+        if (!WinDivertRecv(handle, NULL, 0, NULL, &addr))
+        {
+            fprintf(stderr, "failed to read packet (%d)\n", GetLastError());
+            continue;
+        }
+
+        switch (addr.Event)
+        {
+            case WINDIVERT_EVENT_SOCKET_BIND:
+                SetConsoleTextAttribute(console, FOREGROUND_GREEN);
+                printf("BIND");
+                break;
+            case WINDIVERT_EVENT_SOCKET_LISTEN:
+                SetConsoleTextAttribute(console, FOREGROUND_GREEN);
+                printf("LISTEN");
+                break;
+            case WINDIVERT_EVENT_SOCKET_CONNECT:
+                SetConsoleTextAttribute(console, FOREGROUND_GREEN);
+                printf("CONNECT");
+                break;
+            case WINDIVERT_EVENT_SOCKET_ACCEPT:
+                SetConsoleTextAttribute(console, FOREGROUND_GREEN);
+                printf("ACCEPT");
+                break;
+            case WINDIVERT_EVENT_SOCKET_CLOSE:
+                SetConsoleTextAttribute(console, FOREGROUND_RED);
+                printf("CLOSE");
+                break;
+            default:
+                SetConsoleTextAttribute(console, FOREGROUND_BLUE);
+                printf("???");
+                break;
+        }
+        SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN |
+            FOREGROUND_BLUE);
+
+        printf(" pid=");
+        SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN);
+        printf("%u", addr.Socket.ProcessId);
+        SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN |
+            FOREGROUND_BLUE);
+
+        printf(" program=");
+        process = OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION, FALSE,
+            addr.Socket.ProcessId);
+        path_len = 0;
+        if (process != NULL)
+        {
+            path_len = GetProcessImageFileName(process, path, sizeof(path));
+            CloseHandle(process);
+        }
+        SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN);
+        if (path_len != 0)
+        {
+            filename = PathFindFileName(path);
+            printf("%s", filename);
+        }
+        else if (addr.Socket.ProcessId == 4)
+        {
+            printf("Windows");
+        }
+        else
+        {
+            printf("???");
+        }
+        SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN |
+            FOREGROUND_BLUE);
+
+        printf(" endpoint=");
+        SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN);
+        printf("%lu", addr.Socket.EndpointId);
+        SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN |
+            FOREGROUND_BLUE);
+
+        printf(" parent=");
+        SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN);
+        printf("%lu", addr.Socket.ParentEndpointId);
+        SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN |
+            FOREGROUND_BLUE);
+
+        printf(" protocol=");
+        SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN);
+        switch (addr.Socket.Protocol)
+        {
+            case IPPROTO_TCP:
+                printf("TCP");
+                break;
+            case IPPROTO_UDP:
+                printf("UDP");
+                break;
+            case IPPROTO_ICMP:
+                printf("ICMP");
+                break;
+            case IPPROTO_ICMPV6:
+                printf("ICMPV6");
+                break;
+            default:
+                printf("%u", addr.Socket.Protocol);
+                break;
+        }
+        SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN |
+            FOREGROUND_BLUE);
+
+        WinDivertHelperFormatIPv6Address(addr.Socket.LocalAddr, local_str,
+            sizeof(local_str));
+        if (addr.Socket.LocalPort != 0 || strcmp(local_str, "::") != 0)
+        {
+            printf(" local=");
+            SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN);
+            printf("[%s]:%u", local_str, addr.Socket.LocalPort);
+            SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN |
+                FOREGROUND_BLUE);
+        }
+
+        WinDivertHelperFormatIPv6Address(addr.Socket.RemoteAddr, remote_str,
+            sizeof(remote_str));
+        if (addr.Socket.RemotePort != 0 || strcmp(remote_str, "::") != 0)
+        {
+            printf(" remote=");
+            SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN);
+            printf("[%s]:%u", remote_str, addr.Socket.RemotePort);
+            SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN |
+                FOREGROUND_BLUE);
+        }
+
+        putchar('\n');
+    }
+
+    return 0;
+}
+

examples/socketdump/socketdump.vcxproj

@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+
+    socketdump.vcxproj
+    (C) 2019, all rights reserved,
+    
+    This file is part of WinDivert.
+    
+    WinDivert is free software: you can redistribute it and/or modify it under
+    the terms of the GNU Lesser General Public License as published by the
+    Free Software Foundation, either version 3 of the License, or (at your
+    option) any later version.
+    
+    This program is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+    or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+    License for more details.
+    
+    You should have received a copy of the GNU Lesser General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+    
+    WinDivert is free software; you can redistribute it and/or modify it under
+    the terms of the GNU General Public License as published by the Free
+    Software Foundation; either version 2 of the License, or (at your option)
+    any later version.
+    
+    This program is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+    or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+    for more details.
+    
+    You should have received a copy of the GNU General Public License along
+    with this program; if not, write to the Free Software Foundation, Inc., 51
+    Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+    
+-->
+<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+ <ItemGroup Label="ProjectConfigurations">
+  <ProjectConfiguration Include="Release|Win32">
+   <Configuration>Release</Configuration>
+   <Platform>Win32</Platform>
+  </ProjectConfiguration>
+  <ProjectConfiguration Include="Release|x64">
+   <Configuration>Release</Configuration>
+   <Platform>x64</Platform>
+  </ProjectConfiguration>
+ </ItemGroup>
+ <ItemGroup>
+  <ClCompile Include="socketdump.c">
+   <TreatWarningAsError>false</TreatWarningAsError>
+   <Optimization>MinSpace</Optimization>
+   <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+   <AdditionalIncludeDirectories>..\..\include</AdditionalIncludeDirectories>
+  </ClCompile>
+ </ItemGroup>
+ <PropertyGroup Label="Globals">
+  <RootNamespace>socketdump</RootNamespace>
+  <ProjectName>socketdump</ProjectName>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props"/>
+ <PropertyGroup Label="Configuration">
+  <PlatformToolset>v140</PlatformToolset>
+  <ConfigurationType>Application</ConfigurationType>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+ <ItemDefinitionGroup>
+  <Link>
+   <AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">..\..\install\MSVC\i386\WinDivert.lib;shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+   <AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Release|x64'">..\..\install\MSVC\amd64\WinDivert.lib;shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+  </Link>
+ </ItemDefinitionGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+</Project>

examples/streamdump/streamdump.c

@@ -1,6 +1,6 @@
 /*
  * streamdump.c
- * (C) 2018, all rights reserved,
+ * (C) 2019, all rights reserved,
  *
  * This file is part of WinDivert.
  *
@@ -40,8 +40,6 @@
  * The program works by "reflecting" outbound TCP connections into inbound
  * TCP connections that are handled by a simple proxy server.
  *
- * This program also demonstrates WinDivert asynchronous I/O.
- *
  * usage: streamdump.exe port
  */
 
@@ -53,7 +51,7 @@
 
 #include "windivert.h"
 
-#define MAXBUF          0xFFFF
+#define MAXBUF          WINDIVERT_MTU_MAX
 #define PROXY_PORT      34010
 #define ALT_PORT        43010
 #define MAX_LINE        65
@@ -114,24 +112,6 @@ static void message(const char *msg, ...)
 #define warning(msg, ...)                       \
     message("warning: " msg, ## __VA_ARGS__)
 
-/*
- * Cleanup completed I/O requests.
- */
-static void cleanup(HANDLE ioport, OVERLAPPED *ignore)
-{
-    OVERLAPPED *overlapped;
-    DWORD iolen;
-    ULONG_PTR iokey = 0;
-
-    while (GetQueuedCompletionStatus(ioport, &iolen, &iokey, &overlapped, 0))
-    {
-        if (overlapped != ignore)
-        {
-            free(overlapped);
-        }
-    }
-}
-
 /*
  * Entry.
  */
@@ -148,9 +128,6 @@ int __cdecl main(int argc, char **argv)
     WINDIVERT_ADDRESS addr;
     PWINDIVERT_IPHDR ip_header;
     PWINDIVERT_TCPHDR tcp_header;
-    OVERLAPPED *poverlapped;
-    OVERLAPPED overlapped;
-    HANDLE ioport, event;
     DWORD len;
 
     // Init.
@@ -174,16 +151,6 @@ int __cdecl main(int argc, char **argv)
             GetLastError());
         exit(EXIT_FAILURE);
     }
-    ioport = CreateIoCompletionPort(INVALID_HANDLE_VALUE, NULL, 0, 0);
-    if (ioport == NULL)
-    {
-        error("failed to create I/O completion port (%d)", GetLastError());
-    }
-    event = CreateEvent(NULL, FALSE, FALSE, NULL);
-    if (event == NULL)
-    {
-        error("failed to create event (%d)", GetLastError());
-    }
 
     // Divert all traffic to/from `port', `proxy_port' and `alt_port'.
     r = snprintf(filter, sizeof(filter),
@@ -200,10 +167,6 @@ int __cdecl main(int argc, char **argv)
     {
         error("failed to open the WinDivert device (%d)", GetLastError());
     }
-    if (CreateIoCompletionPort(handle, ioport, 0, 0) == NULL)
-    {
-        error("failed to associate I/O completion port (%d)", GetLastError());
-    }
 
     // Spawn proxy thread,
     config = (PPROXY_CONFIG)malloc(sizeof(PROXY_CONFIG));
@@ -224,89 +187,57 @@ int __cdecl main(int argc, char **argv)
     // Main loop:
     while (TRUE)
     {
-        memset(&overlapped, 0, sizeof(overlapped));
-        ResetEvent(event);
-        overlapped.hEvent = event;
-        if (!WinDivertRecvEx(handle, packet, sizeof(packet), 0, &addr,
-                &packet_len, &overlapped))
+        if (!WinDivertRecv(handle, packet, sizeof(packet), &packet_len, &addr))
         {
-            if (GetLastError() != ERROR_IO_PENDING)
-            {
-read_failed:
-                warning("failed to read packet (%d)", GetLastError());
-                continue;
-            }
-
-            // Timeout = 1s
-            while (WaitForSingleObject(event, 1000) == WAIT_TIMEOUT)
-            {
-                cleanup(ioport, &overlapped);
-            }
-            if (!GetOverlappedResult(handle, &overlapped, &len, FALSE))
-            {
-                goto read_failed;
-            }
-            packet_len = len;
+            warning("failed to read packet (%d)", GetLastError());
+            continue;
         }
-        cleanup(ioport, &overlapped);
 
-        if (!WinDivertHelperParsePacket(packet, packet_len, &ip_header, NULL,
-                NULL, NULL, &tcp_header, NULL, NULL, NULL))
+        WinDivertHelperParsePacket(packet, packet_len, &ip_header, NULL, NULL,
+            NULL, NULL, &tcp_header, NULL, NULL, NULL, NULL, NULL);
+        if (ip_header == NULL || tcp_header == NULL)
         {
             warning("failed to parse packet (%d)", GetLastError());
             continue;
         }
 
-        switch (addr.Direction)
+        if (addr.Outbound)
         {
-            case WINDIVERT_DIRECTION_OUTBOUND:
-                if (tcp_header->DstPort == htons(port))
-                {
-                    // Reflect: PORT ---> PROXY
-                    UINT32 dst_addr = ip_header->DstAddr;
-                    tcp_header->DstPort = htons(proxy_port);
-                    ip_header->DstAddr = ip_header->SrcAddr;
-                    ip_header->SrcAddr = dst_addr;
-                    addr.Direction = WINDIVERT_DIRECTION_INBOUND;
-                }
-                else if (tcp_header->SrcPort == htons(proxy_port))
-                {
-                    // Reflect: PROXY ---> PORT
-                    UINT32 dst_addr = ip_header->DstAddr;
-                    tcp_header->SrcPort = htons(port);
-                    ip_header->DstAddr = ip_header->SrcAddr;
-                    ip_header->SrcAddr = dst_addr;
-                    addr.Direction = WINDIVERT_DIRECTION_INBOUND;
-                }
-                else if (tcp_header->DstPort == htons(alt_port))
-                {
-                    // Redirect: ALT ---> PORT
-                    tcp_header->DstPort = htons(port);
-                }
-                break;
-            
-            case WINDIVERT_DIRECTION_INBOUND:
-                if (tcp_header->SrcPort == htons(port))
-                {
-                    // Redirect: PORT ---> ALT
-                    tcp_header->SrcPort = htons(alt_port);
-                }
-                break;
+            if (tcp_header->DstPort == htons(port))
+            {
+                // Reflect: PORT ---> PROXY
+                UINT32 dst_addr = ip_header->DstAddr;
+                tcp_header->DstPort = htons(proxy_port);
+                ip_header->DstAddr = ip_header->SrcAddr;
+                ip_header->SrcAddr = dst_addr;
+                addr.Outbound = FALSE;
+            }
+            else if (tcp_header->SrcPort == htons(proxy_port))
+            {
+                // Reflect: PROXY ---> PORT
+                UINT32 dst_addr = ip_header->DstAddr;
+                tcp_header->SrcPort = htons(port);
+                ip_header->DstAddr = ip_header->SrcAddr;
+                ip_header->SrcAddr = dst_addr;
+                addr.Outbound = FALSE;
+            }
+            else if (tcp_header->DstPort == htons(alt_port))
+            {
+                // Redirect: ALT ---> PORT
+                tcp_header->DstPort = htons(port);
+            }
+        }
+        else
+        {
+            if (tcp_header->SrcPort == htons(port))
+            {
+                // Redirect: PORT ---> ALT
+                tcp_header->SrcPort = htons(alt_port);
+            }
         }
 
         WinDivertHelperCalcChecksums(packet, packet_len, &addr, 0);
-        poverlapped = (OVERLAPPED *)malloc(sizeof(OVERLAPPED));
-        if (poverlapped == NULL)
-        {
-            error("failed to allocate memory");
-        }
-        memset(poverlapped, 0, sizeof(OVERLAPPED));
-        if (WinDivertSendEx(handle, packet, packet_len, 0, &addr, NULL,
-                poverlapped))
-        {
-            continue;
-        }
-        if (GetLastError() != ERROR_IO_PENDING)
+        if (!WinDivertSend(handle, packet, packet_len, NULL, &addr))
         {
             warning("failed to send packet (%d)", GetLastError());
             continue;

examples/streamdump/streamdump.vcxproj

@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+
+    streamdump.vcxproj
+    (C) 2019, all rights reserved,
+    
+    This file is part of WinDivert.
+    
+    WinDivert is free software: you can redistribute it and/or modify it under
+    the terms of the GNU Lesser General Public License as published by the
+    Free Software Foundation, either version 3 of the License, or (at your
+    option) any later version.
+    
+    This program is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+    or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+    License for more details.
+    
+    You should have received a copy of the GNU Lesser General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+    
+    WinDivert is free software; you can redistribute it and/or modify it under
+    the terms of the GNU General Public License as published by the Free
+    Software Foundation; either version 2 of the License, or (at your option)
+    any later version.
+    
+    This program is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+    or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+    for more details.
+    
+    You should have received a copy of the GNU General Public License along
+    with this program; if not, write to the Free Software Foundation, Inc., 51
+    Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+    
+-->
+<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+ <ItemGroup Label="ProjectConfigurations">
+  <ProjectConfiguration Include="Release|Win32">
+   <Configuration>Release</Configuration>
+   <Platform>Win32</Platform>
+  </ProjectConfiguration>
+  <ProjectConfiguration Include="Release|x64">
+   <Configuration>Release</Configuration>
+   <Platform>x64</Platform>
+  </ProjectConfiguration>
+ </ItemGroup>
+ <ItemGroup>
+  <ClCompile Include="streamdump.c">
+   <TreatWarningAsError>false</TreatWarningAsError>
+   <Optimization>MinSpace</Optimization>
+   <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+   <AdditionalIncludeDirectories>..\..\include</AdditionalIncludeDirectories>
+  </ClCompile>
+ </ItemGroup>
+ <PropertyGroup Label="Globals">
+  <RootNamespace>streamdump</RootNamespace>
+  <ProjectName>streamdump</ProjectName>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props"/>
+ <PropertyGroup Label="Configuration">
+  <PlatformToolset>v140</PlatformToolset>
+  <ConfigurationType>Application</ConfigurationType>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+ <ItemDefinitionGroup>
+  <Link>
+   <AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">..\..\install\MSVC\i386\WinDivert.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+   <AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Release|x64'">..\..\install\MSVC\amd64\WinDivert.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+  </Link>
+ </ItemDefinitionGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+</Project>

examples/webfilter/webfilter.c

@@ -1,6 +1,6 @@
 /*
  * webfilter.c
- * (C) 2018, all rights reserved,
+ * (C) 2019, all rights reserved,
  *
  * This file is part of WinDivert.
  *
@@ -42,15 +42,19 @@
  * blockpage to the browser.
  */
 
-#include <winsock2.h>
 #include <windows.h>
 #include <stdio.h>
 #include <stdlib.h>
 
 #include "windivert.h"
 
-#define MAXBUF 0xFFFF
-#define MAXURL 4096
+#define ntohs(x)            WinDivertHelperNtohs(x)
+#define ntohl(x)            WinDivertHelperNtohl(x)
+#define htons(x)            WinDivertHelperHtons(x)
+#define htonl(x)            WinDivertHelperHtonl(x)
+
+#define MAXBUF              WINDIVERT_MTU_MAX
+#define MAXURL              4096
 
 /*
  * URL and blacklist representation.
@@ -193,19 +197,21 @@ int __cdecl main(int argc, char **argv)
     // Main loop:
     while (TRUE)
     {
-        if (!WinDivertRecv(handle, packet, sizeof(packet), &addr, &packet_len))
+        if (!WinDivertRecv(handle, packet, sizeof(packet), &packet_len, &addr))
         {
             fprintf(stderr, "warning: failed to read packet (%d)\n",
                 GetLastError());
             continue;
         }
 
-        if (!WinDivertHelperParsePacket(packet, packet_len, &ip_header, NULL,
-                NULL, NULL, &tcp_header, NULL, &payload, &payload_len) ||
+        WinDivertHelperParsePacket(packet, packet_len, &ip_header, NULL,
+            NULL, NULL, NULL, &tcp_header, NULL, &payload, &payload_len,
+            NULL, NULL);
+        if (ip_header == NULL || tcp_header == NULL || payload == NULL ||
             !BlackListPayloadMatch(blacklist, payload, (UINT16)payload_len))
         {
             // Packet does not match the blacklist; simply reinject it.
-            if (!WinDivertSend(handle, packet, packet_len, &addr, NULL))
+            if (!WinDivertSend(handle, packet, packet_len, NULL, &addr))
             {
                 fprintf(stderr, "warning: failed to reinject packet (%d)\n",
                     GetLastError());
@@ -225,7 +231,7 @@ int __cdecl main(int argc, char **argv)
         reset->tcp.SeqNum       = tcp_header->SeqNum;
         reset->tcp.AckNum       = tcp_header->AckNum;
         WinDivertHelperCalcChecksums((PVOID)reset, sizeof(PACKET), &addr, 0);
-        if (!WinDivertSend(handle, (PVOID)reset, sizeof(PACKET), &addr, NULL))
+        if (!WinDivertSend(handle, (PVOID)reset, sizeof(PACKET), NULL, &addr))
         {
             fprintf(stderr, "warning: failed to send reset packet (%d)\n",
                 GetLastError());
@@ -238,10 +244,10 @@ int __cdecl main(int argc, char **argv)
         blockpage->header.tcp.SeqNum       = tcp_header->AckNum;
         blockpage->header.tcp.AckNum       =
             htonl(ntohl(tcp_header->SeqNum) + payload_len);
-        addr.Direction = !addr.Direction;     // Reverse direction.
+        addr.Outbound = !addr.Outbound;     // Reverse direction.
         WinDivertHelperCalcChecksums((PVOID)blockpage, blockpage_len, &addr, 0);
-        if (!WinDivertSend(handle, (PVOID)blockpage, blockpage_len, &addr,
-                NULL))
+        if (!WinDivertSend(handle, (PVOID)blockpage, blockpage_len, NULL,
+                &addr))
         {
             fprintf(stderr, "warning: failed to send block page packet (%d)\n",
                 GetLastError());
@@ -258,7 +264,7 @@ int __cdecl main(int argc, char **argv)
         finish->tcp.AckNum       =
             htonl(ntohl(tcp_header->SeqNum) + payload_len);
         WinDivertHelperCalcChecksums((PVOID)finish, sizeof(PACKET), &addr, 0);
-        if (!WinDivertSend(handle, (PVOID)finish, sizeof(PACKET), &addr, NULL))
+        if (!WinDivertSend(handle, (PVOID)finish, sizeof(PACKET), NULL, &addr))
         {
             fprintf(stderr, "warning: failed to send finish packet (%d)\n",
                 GetLastError());

examples/webfilter/webfilter.vcxproj

@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+
+    webfilter.vcxproj
+    (C) 2019, all rights reserved,
+    
+    This file is part of WinDivert.
+    
+    WinDivert is free software: you can redistribute it and/or modify it under
+    the terms of the GNU Lesser General Public License as published by the
+    Free Software Foundation, either version 3 of the License, or (at your
+    option) any later version.
+    
+    This program is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+    or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+    License for more details.
+    
+    You should have received a copy of the GNU Lesser General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+    
+    WinDivert is free software; you can redistribute it and/or modify it under
+    the terms of the GNU General Public License as published by the Free
+    Software Foundation; either version 2 of the License, or (at your option)
+    any later version.
+    
+    This program is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+    or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+    for more details.
+    
+    You should have received a copy of the GNU General Public License along
+    with this program; if not, write to the Free Software Foundation, Inc., 51
+    Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+    
+-->
+<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+ <ItemGroup Label="ProjectConfigurations">
+  <ProjectConfiguration Include="Release|Win32">
+   <Configuration>Release</Configuration>
+   <Platform>Win32</Platform>
+  </ProjectConfiguration>
+  <ProjectConfiguration Include="Release|x64">
+   <Configuration>Release</Configuration>
+   <Platform>x64</Platform>
+  </ProjectConfiguration>
+ </ItemGroup>
+ <ItemGroup>
+  <ClCompile Include="webfilter.c">
+   <TreatWarningAsError>false</TreatWarningAsError>
+   <Optimization>MinSpace</Optimization>
+   <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+   <AdditionalIncludeDirectories>..\..\include</AdditionalIncludeDirectories>
+  </ClCompile>
+ </ItemGroup>
+ <PropertyGroup Label="Globals">
+  <RootNamespace>webfilter</RootNamespace>
+  <ProjectName>webfilter</ProjectName>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props"/>
+ <PropertyGroup Label="Configuration">
+  <PlatformToolset>v140</PlatformToolset>
+  <ConfigurationType>Application</ConfigurationType>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+ <ItemDefinitionGroup>
+  <Link>
+   <AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">..\..\install\MSVC\i386\WinDivert.lib;%(AdditionalDependencies)</AdditionalDependencies>
+   <AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Release|x64'">..\..\install\MSVC\amd64\WinDivert.lib;%(AdditionalDependencies)</AdditionalDependencies>
+  </Link>
+ </ItemDefinitionGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+</Project>

examples/windivertctl/windivertctl.c

@@ -0,0 +1,392 @@
+/*
+ * windivertctl.c
+ * (C) 2019, all rights reserved,
+ *
+ * This file is part of WinDivert.
+ *
+ * WinDivert is free software: you can redistribute it and/or modify it under
+ * the terms of the GNU Lesser General Public License as published by the
+ * Free Software Foundation, either version 3 of the License, or (at your
+ * option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * WinDivert is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ * 
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ * 
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc., 51
+ * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+
+/*
+ * DESCRIPTION:
+ *
+ * usage: windivertctl.exe list
+ */
+
+#include <winsock2.h>
+#include <windows.h>
+#include <psapi.h>
+#include <shlwapi.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "windivert.h"
+
+#define MAX_PACKET          0xFFFF
+#define MAX_FILTER_LEN      30000
+
+/*
+ * Modes.
+ */
+typedef enum
+{
+    LIST,
+    WATCH,
+    KILL,
+    UNINSTALL
+} MODE;
+
+/*
+ * Entry.
+ */
+int __cdecl main(int argc, char **argv)
+{
+    HANDLE handle, process, console, mutex;
+    INT16 priority = -333;      // Arbitrary.
+    UINT packet_len;
+    static UINT8 packet[MAX_PACKET];
+    static char path[MAX_PATH+1];
+    static char filter_str[MAX_FILTER_LEN];
+    DWORD path_len;
+    BOOL or;
+    WINDIVERT_ADDRESS addr;
+    ULONGLONG freq, start_count;
+    LARGE_INTEGER li;
+    MODE mode;
+    SC_HANDLE manager = NULL, service = NULL;
+    SERVICE_STATUS status;
+    const char *filter = "true";
+    const char *err_str = NULL;
+
+    if (argc != 2 && argc != 3)
+    {
+usage:
+        fprintf(stderr, "usage: %s (list|watch|kill) [filter]\n", argv[0]);
+        fprintf(stderr, "       %s uninstall\n", argv[0]);
+        exit(EXIT_FAILURE);
+    }
+    if (strcmp(argv[1], "list") == 0)
+    {
+        mode = LIST;
+    }
+    else if (strcmp(argv[1], "watch") == 0)
+    {
+        mode = WATCH;
+    }
+    else if (strcmp(argv[1], "kill") == 0)
+    {
+        mode = KILL;
+    }
+    else if (strcmp(argv[1], "uninstall") == 0)
+    {
+        if (argc != 2)
+        {
+            goto usage;
+        }
+        mode = UNINSTALL;
+    }
+    else
+    {
+        goto usage;
+    }
+    if (argc == 3)
+    {
+        filter = argv[2];
+    }
+
+    // Time management
+    QueryPerformanceFrequency(&li);
+    freq = li.QuadPart;
+    QueryPerformanceCounter(&li);
+    start_count = li.QuadPart;
+
+    // Open WinDivert REFLECT handle:
+    handle = WinDivertOpen(filter, WINDIVERT_LAYER_REFLECT, priority, 
+        WINDIVERT_FLAG_SNIFF | WINDIVERT_FLAG_RECV_ONLY |
+            (mode == WATCH? 0: WINDIVERT_FLAG_NO_INSTALL));
+    if (handle == INVALID_HANDLE_VALUE)
+    {
+        if (mode != WATCH && GetLastError() == ERROR_SERVICE_DOES_NOT_EXIST)
+        {
+            // WinDivert driver is not running, so no open handles.
+            return 0;
+        }
+        if (GetLastError() == ERROR_INVALID_PARAMETER &&
+            !WinDivertHelperCompileFilter(filter, WINDIVERT_LAYER_REFLECT,
+                NULL, 0, &err_str, NULL))
+        {
+            fprintf(stderr, "error: invalid filter \"%s\"\n", err_str);
+            exit(EXIT_FAILURE);
+        }
+        fprintf(stderr, "error: failed to open the WinDivert device (%d)\n",
+            GetLastError());
+        return EXIT_FAILURE;
+    }
+    if (mode != WATCH && !WinDivertShutdown(handle, WINDIVERT_SHUTDOWN_BOTH))
+    {
+        fprintf(stderr, "error: failed to shutdown WinDivert handle (%d)\n",
+            GetLastError());
+        return EXIT_FAILURE;
+    }
+    if (!WinDivertSetParam(handle, WINDIVERT_PARAM_QUEUE_LENGTH,
+            WINDIVERT_PARAM_QUEUE_LENGTH_MAX) ||
+        !WinDivertSetParam(handle, WINDIVERT_PARAM_QUEUE_SIZE,
+            WINDIVERT_PARAM_QUEUE_SIZE_MAX) ||
+        !WinDivertSetParam(handle, WINDIVERT_PARAM_QUEUE_TIME,
+            WINDIVERT_PARAM_QUEUE_TIME_MAX))
+    {
+        fprintf(stderr, "error: failed to set WinDivert handle params (%d)\n",
+            GetLastError());
+        return EXIT_FAILURE;
+    }
+
+    // Main loop:
+    console = GetStdHandle(STD_OUTPUT_HANDLE);
+    while (TRUE)
+    {
+        if (!WinDivertRecv(handle, packet, sizeof(packet), &packet_len, &addr))
+        {
+            if (mode != WATCH && GetLastError() == ERROR_NO_DATA)
+            {
+                break;
+            }
+            fprintf(stderr, "failed to receive event (%d)\n", GetLastError());
+            continue;
+        }
+
+        switch (addr.Event)
+        {
+            case WINDIVERT_EVENT_REFLECT_OPEN:
+                // Open handle:
+                if (mode == KILL || mode == UNINSTALL)
+                {
+                    SetConsoleTextAttribute(console, FOREGROUND_RED);
+                    fputs("KILL", stdout);
+                }
+                else
+                {
+                    SetConsoleTextAttribute(console, FOREGROUND_GREEN);
+                    fputs("OPEN", stdout);
+                }
+                break;
+
+            case WINDIVERT_EVENT_REFLECT_CLOSE:
+                // Close handle:
+                if (mode != WATCH)
+                {
+                    continue;
+                }
+                SetConsoleTextAttribute(console, FOREGROUND_RED);
+                fputs("CLOSE", stdout);
+                break;
+            
+            default:
+                fputs("???", stdout);
+                break;
+        }
+        process = OpenProcess(
+            PROCESS_QUERY_LIMITED_INFORMATION | PROCESS_TERMINATE,
+            FALSE, addr.Reflect.ProcessId);
+        SetConsoleTextAttribute(console,
+            FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE);
+        fputs(" time=", stdout);
+        SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN);
+        printf("%.3fs", (double)(addr.Reflect.Timestamp - (INT64)start_count) /
+            (double)freq);
+        SetConsoleTextAttribute(console,
+            FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE);
+        fputs(" pid=", stdout);
+        SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN);
+        printf("%u", addr.Reflect.ProcessId);
+        SetConsoleTextAttribute(console,
+            FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE);
+        fputs(" exe=", stdout);
+        path_len = 0;
+        if (process != NULL)
+        {
+            path_len = GetProcessImageFileName(process, path, sizeof(path));
+            if (mode == KILL || mode == UNINSTALL)
+            {
+                TerminateProcess(process, 0);
+            }
+            CloseHandle(process);
+        }
+        SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN);
+        printf("%s", (path_len != 0? path: "???"));
+        SetConsoleTextAttribute(console,
+            FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE);
+        fputs(" layer=", stdout);
+        SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN);
+        switch (addr.Reflect.Layer)
+        {
+            case WINDIVERT_LAYER_NETWORK:
+                fputs("NETWORK", stdout);
+                break;
+            case WINDIVERT_LAYER_NETWORK_FORWARD:
+                fputs("NETWORK_FORWARD", stdout);
+                break;
+            case WINDIVERT_LAYER_FLOW:
+                fputs("FLOW", stdout);
+                break;
+            case WINDIVERT_LAYER_SOCKET:
+                fputs("SOCKET", stdout);
+                break;
+            case WINDIVERT_LAYER_REFLECT:
+                fputs("REFLECT", stdout);
+                break;
+            default:
+                fputs("???", stdout);
+                break;
+        }
+        SetConsoleTextAttribute(console,
+            FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE);
+        fputs(" flags=", stdout);
+        SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN);
+        if (addr.Reflect.Flags == 0)
+        {
+            fputs("0", stdout);
+        }
+        else
+        {
+            or = FALSE;
+            if ((addr.Reflect.Flags & WINDIVERT_FLAG_SNIFF) != 0)
+            {
+                fputs("SNIFF", stdout);
+                or = TRUE;
+            }
+            if ((addr.Reflect.Flags & WINDIVERT_FLAG_DROP) != 0)
+            {
+                printf("%sDROP", (or? "|": ""));
+                or = TRUE;
+            }
+            if ((addr.Reflect.Flags & WINDIVERT_FLAG_RECV_ONLY) != 0)
+            {
+                printf("%sRECV_ONLY", (or? "|": ""));
+                or = TRUE;
+            }
+            if ((addr.Reflect.Flags & WINDIVERT_FLAG_SEND_ONLY) != 0)
+            {
+                printf("%sSEND_ONLY", (or? "|": ""));
+                or = TRUE;
+            }
+            if ((addr.Reflect.Flags & WINDIVERT_FLAG_NO_INSTALL) != 0)
+            {
+                printf("%sNO_INSTALL", (or? "|": ""));
+                or = TRUE;
+            }
+        }
+        SetConsoleTextAttribute(console,
+            FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE);
+        fputs(" priority=", stdout);
+        SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN);
+        printf("%d", addr.Reflect.Priority);
+        SetConsoleTextAttribute(console,
+            FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE);
+        fputs(" filter=", stdout);
+        SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN);
+        if (WinDivertHelperFormatFilter((char *)packet, addr.Reflect.Layer,
+            filter_str, sizeof(filter_str)))
+        {
+            printf("\"%s\"", filter_str);
+        }
+        else
+        {
+            printf("\"%s\"", (char *)packet);
+        }
+        SetConsoleTextAttribute(console,
+            FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE);
+        putchar('\n');
+    }
+
+    if (!WinDivertClose(handle))
+    {
+        fprintf(stderr, "error: failed to close WinDivert handle (%d)\n",
+            GetLastError());
+        return EXIT_FAILURE;
+    }
+
+    if (mode == UNINSTALL)
+    {
+        // Stop & delete the WinDivert service:
+        mutex = CreateMutex(NULL, FALSE, "WinDivertDriverInstallMutex");
+        if (mutex == NULL)
+        {
+            fprintf(stderr, "error: failed to create WinDivert driver "
+                "install mutex (%d)\n", GetLastError());
+            return EXIT_FAILURE;
+        }
+        switch (WaitForSingleObject(mutex, INFINITE))
+        {
+            case WAIT_OBJECT_0: case WAIT_ABANDONED:
+                break;
+            default:
+                fprintf(stderr, "error: failed to acquire WinDivert driver "
+                    "install mutex (%d)\n", GetLastError());
+                return EXIT_FAILURE;
+        }
+        manager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
+        if (manager == NULL)
+        {
+            fprintf(stderr, "error: failed to open service manager (%d)\n",
+                GetLastError());
+            return EXIT_FAILURE;
+        }
+        service = OpenService(manager, "WinDivert", SERVICE_ALL_ACCESS);
+        if (service == NULL)
+        {
+            fprintf(stderr, "error: failed to open WinDivert service (%d)\n",
+                GetLastError());
+            return EXIT_FAILURE;
+        }
+        if (!ControlService(service, SERVICE_CONTROL_STOP, &status))
+        {
+            fprintf(stderr, "error: failed to stop WinDivert service (%d)\n",
+                GetLastError());
+            return EXIT_FAILURE;
+        }
+        if (status.dwCurrentState != SERVICE_STOPPED)
+        {
+            fprintf(stderr, "error: failed to stop WinDivert service");
+            return EXIT_FAILURE;
+        }
+        CloseServiceHandle(service);
+        CloseServiceHandle(manager);
+
+        SetConsoleTextAttribute(console, FOREGROUND_GREEN);
+        fputs("UNINSTALL", stdout);
+        SetConsoleTextAttribute(console,
+            FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE);
+        puts(" WinDivert");
+
+        ReleaseMutex(mutex);
+        CloseHandle(mutex);
+    }
+
+    return 0;
+}
+

examples/windivertctl/windivertctl.vcxproj

@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+
+    windivertctl.vcxproj
+    (C) 2019, all rights reserved,
+    
+    This file is part of WinDivert.
+    
+    WinDivert is free software: you can redistribute it and/or modify it under
+    the terms of the GNU Lesser General Public License as published by the
+    Free Software Foundation, either version 3 of the License, or (at your
+    option) any later version.
+    
+    This program is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+    or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+    License for more details.
+    
+    You should have received a copy of the GNU Lesser General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+    
+    WinDivert is free software; you can redistribute it and/or modify it under
+    the terms of the GNU General Public License as published by the Free
+    Software Foundation; either version 2 of the License, or (at your option)
+    any later version.
+    
+    This program is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+    or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+    for more details.
+    
+    You should have received a copy of the GNU General Public License along
+    with this program; if not, write to the Free Software Foundation, Inc., 51
+    Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+    
+-->
+<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+ <ItemGroup Label="ProjectConfigurations">
+  <ProjectConfiguration Include="Release|Win32">
+   <Configuration>Release</Configuration>
+   <Platform>Win32</Platform>
+  </ProjectConfiguration>
+  <ProjectConfiguration Include="Release|x64">
+   <Configuration>Release</Configuration>
+   <Platform>x64</Platform>
+  </ProjectConfiguration>
+ </ItemGroup>
+ <ItemGroup>
+  <ClCompile Include="windivertctl.c">
+   <TreatWarningAsError>false</TreatWarningAsError>
+   <Optimization>MinSpace</Optimization>
+   <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+   <AdditionalIncludeDirectories>..\..\include</AdditionalIncludeDirectories>
+  </ClCompile>
+ </ItemGroup>
+ <PropertyGroup Label="Globals">
+  <RootNamespace>windivertctl</RootNamespace>
+  <ProjectName>windivertctl</ProjectName>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props"/>
+ <PropertyGroup Label="Configuration">
+  <PlatformToolset>v140</PlatformToolset>
+  <ConfigurationType>Application</ConfigurationType>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+ <ItemDefinitionGroup>
+  <Link>
+   <AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">..\..\install\MSVC\i386\WinDivert.lib;%(AdditionalDependencies)</AdditionalDependencies>
+   <AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Release|x64'">..\..\install\MSVC\amd64\WinDivert.lib;%(AdditionalDependencies)</AdditionalDependencies>
+  </Link>
+ </ItemDefinitionGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+</Project>

include/windivert.h

@@ -1,6 +1,6 @@
 /*
  * windivert.h
- * (C) 2018, all rights reserved,
+ * (C) 2019, all rights reserved,
  *
  * This file is part of WinDivert.
  *
@@ -40,7 +40,7 @@
 #endif      /* WINDIVERT_KERNEL */
 
 #ifndef WINDIVERTEXPORT
-#define WINDIVERTEXPORT     __declspec(dllimport)
+#define WINDIVERTEXPORT     extern __declspec(dllimport)
 #endif      /* WINDIVERTEXPORT */
 
 #ifdef __MINGW32__
@@ -70,58 +70,163 @@ extern "C" {
 /****************************************************************************/
 
 /*
- * Divert address.
- */
-typedef struct
-{
-    INT64  Timestamp;                   /* Packet's timestamp. */
-    UINT32 IfIdx;                       /* Packet's interface index. */
-    UINT32 SubIfIdx;                    /* Packet's sub-interface index. */
-    UINT8  Direction:1;                 /* Packet's direction. */
-    UINT8  Loopback:1;                  /* Packet is loopback? */
-    UINT8  Impostor:1;                  /* Packet is impostor? */
-    UINT8  PseudoIPChecksum:1;          /* Packet has pseudo IPv4 checksum? */
-    UINT8  PseudoTCPChecksum:1;         /* Packet has pseudo TCP checksum? */
-    UINT8  PseudoUDPChecksum:1;         /* Packet has pseudo UDP checksum? */
-    UINT8  Reserved:2;
-} WINDIVERT_ADDRESS, *PWINDIVERT_ADDRESS;
-
-#define WINDIVERT_DIRECTION_OUTBOUND    0
-#define WINDIVERT_DIRECTION_INBOUND     1
-
-/*
- * Divert layers.
+ * WinDivert layers.
  */
 typedef enum
 {
     WINDIVERT_LAYER_NETWORK = 0,        /* Network layer. */
-    WINDIVERT_LAYER_NETWORK_FORWARD = 1 /* Network layer (forwarded packets) */
+    WINDIVERT_LAYER_NETWORK_FORWARD = 1,/* Network layer (forwarded packets) */
+    WINDIVERT_LAYER_FLOW = 2,           /* Flow layer. */
+    WINDIVERT_LAYER_SOCKET = 3,         /* Socket layer. */
+    WINDIVERT_LAYER_REFLECT = 4,        /* Reflect layer. */
 } WINDIVERT_LAYER, *PWINDIVERT_LAYER;
 
 /*
- * Divert flags.
+ * WinDivert NETWORK and NETWORK_FORWARD layer data.
  */
-#define WINDIVERT_FLAG_SNIFF            1
-#define WINDIVERT_FLAG_DROP             2
-#define WINDIVERT_FLAG_DEBUG            4
+typedef struct
+{
+    UINT32 IfIdx;                       /* Packet's interface index. */
+    UINT32 SubIfIdx;                    /* Packet's sub-interface index. */
+} WINDIVERT_DATA_NETWORK, *PWINDIVERT_DATA_NETWORK;
 
 /*
- * Divert parameters.
+ * WinDivert FLOW layer data.
+ */
+typedef struct
+{
+    UINT64 EndpointId;                  /* Endpoint ID. */
+    UINT64 ParentEndpointId;            /* Parent endpoint ID. */
+    UINT32 ProcessId;                   /* Process ID. */
+    UINT32 LocalAddr[4];                /* Local address. */
+    UINT32 RemoteAddr[4];               /* Remote address. */
+    UINT16 LocalPort;                   /* Local port. */
+    UINT16 RemotePort;                  /* Remote port. */
+    UINT8  Protocol;                    /* Protocol. */
+} WINDIVERT_DATA_FLOW, *PWINDIVERT_DATA_FLOW;
+
+/*
+ * WinDivert SOCKET layer data.
+ */
+typedef struct
+{
+    UINT64 EndpointId;                  /* Endpoint ID. */
+    UINT64 ParentEndpointId;            /* Parent Endpoint ID. */
+    UINT32 ProcessId;                   /* Process ID. */
+    UINT32 LocalAddr[4];                /* Local address. */
+    UINT32 RemoteAddr[4];               /* Remote address. */
+    UINT16 LocalPort;                   /* Local port. */
+    UINT16 RemotePort;                  /* Remote port. */
+    UINT8  Protocol;                    /* Protocol. */
+} WINDIVERT_DATA_SOCKET, *PWINDIVERT_DATA_SOCKET;
+
+/*
+ * WinDivert REFLECTION layer data.
+ */
+typedef struct
+{
+    INT64  Timestamp;                   /* Handle open time. */
+    UINT32 ProcessId;                   /* Handle process ID. */
+    WINDIVERT_LAYER Layer;              /* Handle layer. */
+    UINT64 Flags;                       /* Handle flags. */
+    INT16  Priority;                    /* Handle priority. */
+} WINDIVERT_DATA_REFLECT, *PWINDIVERT_DATA_REFLECT;
+
+/*
+ * WinDivert address.
+ */
+#ifdef _MSC_VER
+#pragma warning(push)
+#pragma warning(disable: 4201)
+#endif
+typedef struct
+{
+    INT64  Timestamp;                   /* Packet's timestamp. */
+    UINT32 Layer:8;                     /* Packet's layer. */
+    UINT32 Event:8;                     /* Packet event. */
+    UINT32 Sniffed:1;                   /* Packet was sniffed? */
+    UINT32 Outbound:1;                  /* Packet is outound? */
+    UINT32 Loopback:1;                  /* Packet is loopback? */
+    UINT32 Impostor:1;                  /* Packet is impostor? */
+    UINT32 IPv6:1;                      /* Packet is IPv6? */
+    UINT32 IPChecksum:1;                /* Packet has valid IPv4 checksum? */
+    UINT32 TCPChecksum:1;               /* Packet has valid TCP checksum? */
+    UINT32 UDPChecksum:1;               /* Packet has valid UDP checksum? */
+    UINT32 Reserved1:8;
+    UINT32 Reserved2;
+    union
+    {
+        WINDIVERT_DATA_NETWORK Network; /* Network layer data. */
+        WINDIVERT_DATA_FLOW Flow;       /* Flow layer data. */
+        WINDIVERT_DATA_SOCKET Socket;   /* Socket layer data. */
+        WINDIVERT_DATA_REFLECT Reflect; /* Reflect layer data. */
+        UINT8 Reserved3[64];
+    };
+} WINDIVERT_ADDRESS, *PWINDIVERT_ADDRESS;
+#ifdef _MSC_VER
+#pragma warning(pop)
+#endif
+
+/*
+ * WinDivert events.
  */
 typedef enum
 {
-    WINDIVERT_PARAM_QUEUE_LEN  = 0,     /* Packet queue length. */
+    WINDIVERT_EVENT_NETWORK_PACKET = 0, /* Network packet. */
+    WINDIVERT_EVENT_FLOW_ESTABLISHED = 1,
+                                        /* Flow established. */
+    WINDIVERT_EVENT_FLOW_DELETED = 2,   /* Flow deleted. */
+    WINDIVERT_EVENT_SOCKET_BIND = 3,    /* Socket bind. */
+    WINDIVERT_EVENT_SOCKET_CONNECT = 4, /* Socket connect. */
+    WINDIVERT_EVENT_SOCKET_LISTEN = 5,  /* Socket listen. */
+    WINDIVERT_EVENT_SOCKET_ACCEPT = 6,  /* Socket accept. */
+    WINDIVERT_EVENT_SOCKET_CLOSE = 7,   /* Socket close. */
+    WINDIVERT_EVENT_REFLECT_OPEN = 8,   /* WinDivert handle opened. */
+    WINDIVERT_EVENT_REFLECT_CLOSE = 9,  /* WinDivert handle closed. */
+} WINDIVERT_EVENT, *PWINDIVERT_EVENT;
+
+/*
+ * WinDivert flags.
+ */
+#define WINDIVERT_FLAG_SNIFF            0x0001
+#define WINDIVERT_FLAG_DROP             0x0002
+#define WINDIVERT_FLAG_RECV_ONLY        0x0004
+#define WINDIVERT_FLAG_READ_ONLY        WINDIVERT_FLAG_RECV_ONLY
+#define WINDIVERT_FLAG_SEND_ONLY        0x0008
+#define WINDIVERT_FLAG_WRITE_ONLY       WINDIVERT_FLAG_SEND_ONLY
+#define WINDIVERT_FLAG_NO_INSTALL       0x0010
+#define WINDIVERT_FLAG_FRAGMENTS        0x0020
+
+/*
+ * WinDivert parameters.
+ */
+typedef enum
+{
+    WINDIVERT_PARAM_QUEUE_LENGTH = 0,   /* Packet queue length. */
     WINDIVERT_PARAM_QUEUE_TIME = 1,     /* Packet queue time. */
-    WINDIVERT_PARAM_QUEUE_SIZE = 2      /* Packet queue size. */
+    WINDIVERT_PARAM_QUEUE_SIZE = 2,     /* Packet queue size. */
+    WINDIVERT_PARAM_VERSION_MAJOR = 3,  /* Driver version (major). */
+    WINDIVERT_PARAM_VERSION_MINOR = 4,  /* Driver version (minor). */
 } WINDIVERT_PARAM, *PWINDIVERT_PARAM;
-#define WINDIVERT_PARAM_MAX             WINDIVERT_PARAM_QUEUE_SIZE
+#define WINDIVERT_PARAM_MAX             WINDIVERT_PARAM_VERSION_MINOR
+
+/*
+ * WinDivert shutdown parameter.
+ */
+typedef enum
+{
+    WINDIVERT_SHUTDOWN_RECV = 0x1,      /* Shutdown recv. */
+    WINDIVERT_SHUTDOWN_SEND = 0x2,      /* Shutdown send. */
+    WINDIVERT_SHUTDOWN_BOTH = 0x3,      /* Shutdown recv and send. */
+} WINDIVERT_SHUTDOWN, *PWINDIVERT_SHUTDOWN;
+#define WINDIVERT_SHUTDOWN_MAX          WINDIVERT_SHUTDOWN_BOTH
 
 #ifndef WINDIVERT_KERNEL
 
 /*
  * Open a WinDivert handle.
  */
-extern WINDIVERTEXPORT HANDLE WinDivertOpen(
+WINDIVERTEXPORT HANDLE WinDivertOpen(
     __in        const char *filter,
     __in        WINDIVERT_LAYER layer,
     __in        INT16 priority,
@@ -130,57 +235,66 @@ extern WINDIVERTEXPORT HANDLE WinDivertOpen(
 /*
  * Receive (read) a packet from a WinDivert handle.
  */
-extern WINDIVERTEXPORT BOOL WinDivertRecv(
+WINDIVERTEXPORT BOOL WinDivertRecv(
     __in        HANDLE handle,
-    __out       PVOID pPacket,
+    __out_opt   VOID *pPacket,
     __in        UINT packetLen,
-    __out_opt   PWINDIVERT_ADDRESS pAddr,
-    __out_opt   UINT *readLen);
+    __out_opt   UINT *pRecvLen,
+    __out_opt   WINDIVERT_ADDRESS *pAddr);
 
 /*
  * Receive (read) a packet from a WinDivert handle.
  */
-extern WINDIVERTEXPORT BOOL WinDivertRecvEx(
+WINDIVERTEXPORT BOOL WinDivertRecvEx(
     __in        HANDLE handle,
-    __out       PVOID pPacket,
+    __out_opt   VOID *pPacket,
     __in        UINT packetLen,
+    __out_opt   UINT *pRecvLen,
     __in        UINT64 flags,
-    __out_opt   PWINDIVERT_ADDRESS pAddr,
-    __out_opt   UINT *readLen,
+    __out       WINDIVERT_ADDRESS *pAddr,
+    __inout_opt UINT *pAddrLen,
     __inout_opt LPOVERLAPPED lpOverlapped);
 
 /*
  * Send (write/inject) a packet to a WinDivert handle.
  */
-extern WINDIVERTEXPORT BOOL WinDivertSend(
+WINDIVERTEXPORT BOOL WinDivertSend(
     __in        HANDLE handle,
-    __in        PVOID pPacket,
+    __in        const VOID *pPacket,
     __in        UINT packetLen,
-    __in        PWINDIVERT_ADDRESS pAddr,
-    __out_opt   UINT *writeLen);
+    __out_opt   UINT *pSendLen,
+    __in        const WINDIVERT_ADDRESS *pAddr);
 
 /*
  * Send (write/inject) a packet to a WinDivert handle.
  */
-extern WINDIVERTEXPORT BOOL WinDivertSendEx(
+WINDIVERTEXPORT BOOL WinDivertSendEx(
     __in        HANDLE handle,
-    __in        PVOID pPacket,
+    __in        const VOID *pPacket,
     __in        UINT packetLen,
+    __out_opt   UINT *pSendLen,
     __in        UINT64 flags,
-    __in        PWINDIVERT_ADDRESS pAddr,
-    __out_opt   UINT *writeLen,
+    __in        const WINDIVERT_ADDRESS *pAddr,
+    __in        UINT addrLen,
     __inout_opt LPOVERLAPPED lpOverlapped);
 
+/*
+ * Shutdown a WinDivert handle.
+ */
+WINDIVERTEXPORT BOOL WinDivertShutdown(
+    __in        HANDLE handle,
+    __in        WINDIVERT_SHUTDOWN how);
+
 /*
  * Close a WinDivert handle.
  */
-extern WINDIVERTEXPORT BOOL WinDivertClose(
+WINDIVERTEXPORT BOOL WinDivertClose(
     __in        HANDLE handle);
 
 /*
  * Set a WinDivert handle parameter.
  */
-extern WINDIVERTEXPORT BOOL WinDivertSetParam(
+WINDIVERTEXPORT BOOL WinDivertSetParam(
     __in        HANDLE handle,
     __in        WINDIVERT_PARAM param,
     __in        UINT64 value);
@@ -188,17 +302,39 @@ extern WINDIVERTEXPORT BOOL WinDivertSetParam(
 /*
  * Get a WinDivert handle parameter.
  */
-extern WINDIVERTEXPORT BOOL WinDivertGetParam(
+WINDIVERTEXPORT BOOL WinDivertGetParam(
     __in        HANDLE handle,
     __in        WINDIVERT_PARAM param,
     __out       UINT64 *pValue);
 
 #endif      /* WINDIVERT_KERNEL */
 
+/*
+ * WinDivert constants.
+ */
+#define WINDIVERT_PRIORITY_HIGHEST              30000
+#define WINDIVERT_PRIORITY_LOWEST               (-WINDIVERT_PRIORITY_HIGHEST)
+#define WINDIVERT_PARAM_QUEUE_LENGTH_DEFAULT    4096
+#define WINDIVERT_PARAM_QUEUE_LENGTH_MIN        32
+#define WINDIVERT_PARAM_QUEUE_LENGTH_MAX        16384
+#define WINDIVERT_PARAM_QUEUE_TIME_DEFAULT      2000        /* 2s */
+#define WINDIVERT_PARAM_QUEUE_TIME_MIN          100         /* 100ms */
+#define WINDIVERT_PARAM_QUEUE_TIME_MAX          16000       /* 16s */
+#define WINDIVERT_PARAM_QUEUE_SIZE_DEFAULT      4194304     /* 4MB */
+#define WINDIVERT_PARAM_QUEUE_SIZE_MIN          65535       /* 64KB */
+#define WINDIVERT_PARAM_QUEUE_SIZE_MAX          33554432    /* 32MB */
+#define WINDIVERT_BATCH_MAX                     0xFF        /* 255 */
+#define WINDIVERT_MTU_MAX                       (40 + 0xFFFF)
+
 /****************************************************************************/
 /* WINDIVERT HELPER API                                                     */
 /****************************************************************************/
 
+#ifdef _MSC_VER
+#pragma warning(push)
+#pragma warning(disable: 4214)
+#endif
+
 /*
  * IPv4/IPv6/ICMP/ICMPv6/TCP/UDP header definitions.
  */
@@ -333,7 +469,9 @@ typedef struct
     UINT16 Checksum;
 } WINDIVERT_UDPHDR, *PWINDIVERT_UDPHDR;
 
-#ifndef WINDIVERT_KERNEL
+#ifdef _MSC_VER
+#pragma warning(pop)
+#endif
 
 /*
  * Flags for WinDivertHelperCalcChecksums()
@@ -344,62 +482,144 @@ typedef struct
 #define WINDIVERT_HELPER_NO_TCP_CHECKSUM                    8
 #define WINDIVERT_HELPER_NO_UDP_CHECKSUM                    16
 
+#ifndef WINDIVERT_KERNEL
+
+/*
+ * Hash a packet.
+ */
+WINDIVERTEXPORT UINT64 WinDivertHelperHashPacket(
+    __in        const VOID *pPacket,
+    __in        UINT packetLen,
+    __in        UINT64 seed
+#ifdef __cplusplus
+                = 0
+#endif
+);
+
 /*
  * Parse IPv4/IPv6/ICMP/ICMPv6/TCP/UDP headers from a raw packet.
  */
-extern WINDIVERTEXPORT BOOL WinDivertHelperParsePacket(
-    __in        PVOID pPacket,
+WINDIVERTEXPORT BOOL WinDivertHelperParsePacket(
+    __in        const VOID *pPacket,
     __in        UINT packetLen,
     __out_opt   PWINDIVERT_IPHDR *ppIpHdr,
     __out_opt   PWINDIVERT_IPV6HDR *ppIpv6Hdr,
+    __out_opt   UINT8 *pProtocol,
     __out_opt   PWINDIVERT_ICMPHDR *ppIcmpHdr,
     __out_opt   PWINDIVERT_ICMPV6HDR *ppIcmpv6Hdr,
     __out_opt   PWINDIVERT_TCPHDR *ppTcpHdr,
     __out_opt   PWINDIVERT_UDPHDR *ppUdpHdr,
     __out_opt   PVOID *ppData,
-    __out_opt   UINT *pDataLen);
+    __out_opt   UINT *pDataLen,
+    __out_opt   PVOID *ppNext,
+    __out_opt   UINT *pNextLen);
 
 /*
  * Parse an IPv4 address.
  */
-extern WINDIVERTEXPORT BOOL WinDivertHelperParseIPv4Address(
+WINDIVERTEXPORT BOOL WinDivertHelperParseIPv4Address(
     __in        const char *addrStr,
     __out_opt   UINT32 *pAddr);
 
 /*
  * Parse an IPv6 address.
  */
-extern WINDIVERTEXPORT BOOL WinDivertHelperParseIPv6Address(
+WINDIVERTEXPORT BOOL WinDivertHelperParseIPv6Address(
     __in        const char *addrStr,
     __out_opt   UINT32 *pAddr);
 
+/*
+ * Format an IPv4 address.
+ */
+WINDIVERTEXPORT BOOL WinDivertHelperFormatIPv4Address(
+    __in        UINT32 addr,
+    __out       char *buffer,
+    __in        UINT bufLen);
+
+/*
+ * Format an IPv6 address.
+ */
+WINDIVERTEXPORT BOOL WinDivertHelperFormatIPv6Address(
+    __in        const UINT32 *pAddr,
+    __out       char *buffer,
+    __in        UINT bufLen);
+
 /*
  * Calculate IPv4/IPv6/ICMP/ICMPv6/TCP/UDP checksums.
  */
-extern WINDIVERTEXPORT UINT WinDivertHelperCalcChecksums(
-    __inout     PVOID pPacket, 
+WINDIVERTEXPORT BOOL WinDivertHelperCalcChecksums(
+    __inout     VOID *pPacket, 
     __in        UINT packetLen,
-    __in_opt    PWINDIVERT_ADDRESS pAddr,
+    __out_opt   WINDIVERT_ADDRESS *pAddr,
     __in        UINT64 flags);
 
 /*
- * Check the given filter string.
+ * Decrement the TTL/HopLimit.
  */
-extern WINDIVERTEXPORT BOOL WinDivertHelperCheckFilter(
+WINDIVERTEXPORT BOOL WinDivertHelperDecrementTTL(
+    __inout     VOID *pPacket,
+    __in        UINT packetLen);
+
+/*
+ * Compile the given filter string.
+ */
+WINDIVERTEXPORT BOOL WinDivertHelperCompileFilter(
     __in        const char *filter,
     __in        WINDIVERT_LAYER layer,
+    __out_opt   char *object,
+    __in        UINT objLen,
     __out_opt   const char **errorStr,
     __out_opt   UINT *errorPos);
 
 /*
  * Evaluate the given filter string.
  */
-extern WINDIVERTEXPORT BOOL WinDivertHelperEvalFilter(
+WINDIVERTEXPORT BOOL WinDivertHelperEvalFilter(
+    __in        const char *filter,
+    __in        const VOID *pPacket,
+    __in        UINT packetLen,
+    __in        const WINDIVERT_ADDRESS *pAddr);
+
+/*
+ * Format the given filter string.
+ */
+WINDIVERTEXPORT BOOL WinDivertHelperFormatFilter(
     __in        const char *filter,
     __in        WINDIVERT_LAYER layer,
-    __in        PVOID pPacket,
-    __in        UINT packetLen,
-    __in        PWINDIVERT_ADDRESS pAddr);
+    __out       char *buffer,
+    __in        UINT bufLen);
+
+/*
+ * Byte ordering.
+ */
+WINDIVERTEXPORT UINT16 WinDivertHelperNtohs(
+    __in        UINT16 x);
+WINDIVERTEXPORT UINT16 WinDivertHelperHtons(
+    __in        UINT16 x);
+WINDIVERTEXPORT UINT32 WinDivertHelperNtohl(
+    __in        UINT32 x);
+WINDIVERTEXPORT UINT32 WinDivertHelperHtonl(
+    __in        UINT32 x);
+WINDIVERTEXPORT UINT64 WinDivertHelperNtohll(
+    __in        UINT64 x);
+WINDIVERTEXPORT UINT64 WinDivertHelperHtonll(
+    __in        UINT64 x);
+WINDIVERTEXPORT void WinDivertHelperNtohIPv6Address(
+    __in        const UINT *inAddr,
+    __out       UINT *outAddr);
+WINDIVERTEXPORT void WinDivertHelperHtonIPv6Address(
+    __in        const UINT *inAddr,
+    __out       UINT *outAddr);
+
+/*
+ * Old names to be removed in the next version.
+ */
+WINDIVERTEXPORT void WinDivertHelperNtohIpv6Address(
+    __in        const UINT *inAddr,
+    __out       UINT *outAddr);
+WINDIVERTEXPORT void WinDivertHelperHtonIpv6Address(
+    __in        const UINT *inAddr,
+    __out       UINT *outAddr);
 
 #endif      /* WINDIVERT_KERNEL */
 

include/windivert_device.h

@@ -1,6 +1,6 @@
 /*
  * windivert_device.h
- * (C) 2018, all rights reserved,
+ * (C) 2019, all rights reserved,
  *
  * This file is part of WinDivert.
  *
@@ -38,14 +38,17 @@
 /*
  * NOTE: This is the low-level interface to the WinDivert device driver.
  *       This interface should not be used directly, instead use the high-level
- *       interface provided by the divert API.
+ *       interface provided by the WinDivert API.
  */
 
 #define WINDIVERT_KERNEL
 #include "windivert.h"
 
-#define WINDIVERT_VERSION                           1
-#define WINDIVERT_VERSION_MINOR                     4
+#define WINDIVERT_VERSION_MAJOR                     2
+#define WINDIVERT_VERSION_MINOR                     2
+
+#define WINDIVERT_MAGIC_DLL                         0x4C4C447669645724ull
+#define WINDIVERT_MAGIC_SYS                         0x5359537669645723ull
 
 #define WINDIVERT_STR2(s)                           #s
 #define WINDIVERT_STR(s)                            WINDIVERT_STR2(s)
@@ -53,14 +56,13 @@
 #define WINDIVERT_LSTR(s)                           WINDIVERT_LSTR2(s)
 
 #define WINDIVERT_VERSION_LSTR                                              \
-    WINDIVERT_LSTR(WINDIVERT_VERSION) L"."                                  \
+    WINDIVERT_LSTR(WINDIVERT_VERSION_MAJOR) L"."                            \
         WINDIVERT_LSTR(WINDIVERT_VERSION_MINOR)
 
 #define WINDIVERT_DEVICE_NAME                                               \
-    L"WinDivert" WINDIVERT_VERSION_LSTR
-
-#define WINDIVERT_IOCTL_VERSION                     6
-#define WINDIVERT_IOCTL_MAGIC                       0xA2BF
+    L"WinDivert"
+#define WINDIVERT_LAYER_NAME                                                \
+    WINDIVERT_DEVICE_NAME WINDIVERT_VERSION_LSTR
 
 #define WINDIVERT_FILTER_FIELD_ZERO                 0
 #define WINDIVERT_FILTER_FIELD_INBOUND              1
@@ -122,8 +124,34 @@
 #define WINDIVERT_FILTER_FIELD_UDP_PAYLOADLENGTH    57
 #define WINDIVERT_FILTER_FIELD_LOOPBACK             58
 #define WINDIVERT_FILTER_FIELD_IMPOSTOR             59
+#define WINDIVERT_FILTER_FIELD_PROCESSID            60
+#define WINDIVERT_FILTER_FIELD_LOCALADDR            61
+#define WINDIVERT_FILTER_FIELD_REMOTEADDR           62
+#define WINDIVERT_FILTER_FIELD_LOCALPORT            63
+#define WINDIVERT_FILTER_FIELD_REMOTEPORT           64
+#define WINDIVERT_FILTER_FIELD_PROTOCOL             65
+#define WINDIVERT_FILTER_FIELD_ENDPOINTID           66
+#define WINDIVERT_FILTER_FIELD_PARENTENDPOINTID     67
+#define WINDIVERT_FILTER_FIELD_LAYER                68
+#define WINDIVERT_FILTER_FIELD_PRIORITY             69
+#define WINDIVERT_FILTER_FIELD_EVENT                70
+#define WINDIVERT_FILTER_FIELD_PACKET               71
+#define WINDIVERT_FILTER_FIELD_PACKET16             72
+#define WINDIVERT_FILTER_FIELD_PACKET32             73
+#define WINDIVERT_FILTER_FIELD_TCP_PAYLOAD          74
+#define WINDIVERT_FILTER_FIELD_TCP_PAYLOAD16        75
+#define WINDIVERT_FILTER_FIELD_TCP_PAYLOAD32        76
+#define WINDIVERT_FILTER_FIELD_UDP_PAYLOAD          77
+#define WINDIVERT_FILTER_FIELD_UDP_PAYLOAD16        78
+#define WINDIVERT_FILTER_FIELD_UDP_PAYLOAD32        79
+#define WINDIVERT_FILTER_FIELD_LENGTH               80
+#define WINDIVERT_FILTER_FIELD_TIMESTAMP            81
+#define WINDIVERT_FILTER_FIELD_RANDOM8              82
+#define WINDIVERT_FILTER_FIELD_RANDOM16             83
+#define WINDIVERT_FILTER_FIELD_RANDOM32             84
+#define WINDIVERT_FILTER_FIELD_FRAGMENT             85
 #define WINDIVERT_FILTER_FIELD_MAX                  \
-    WINDIVERT_FILTER_FIELD_IMPOSTOR
+    WINDIVERT_FILTER_FIELD_FRAGMENT
 
 #define WINDIVERT_FILTER_TEST_EQ                    0
 #define WINDIVERT_FILTER_TEST_NEQ                   1
@@ -133,97 +161,165 @@
 #define WINDIVERT_FILTER_TEST_GEQ                   5
 #define WINDIVERT_FILTER_TEST_MAX                   WINDIVERT_FILTER_TEST_GEQ
 
-#define WINDIVERT_FILTER_MAXLEN                     128
+#define WINDIVERT_FILTER_MAXLEN                     256
 
-#define WINDIVERT_FILTER_RESULT_ACCEPT              (WINDIVERT_FILTER_MAXLEN+1)
-#define WINDIVERT_FILTER_RESULT_REJECT              (WINDIVERT_FILTER_MAXLEN+2)
+#define WINDIVERT_FILTER_RESULT_ACCEPT              0x7FFE
+#define WINDIVERT_FILTER_RESULT_REJECT              0x7FFF
 
 /*
  * WinDivert layers.
  */
-#define WINDIVERT_LAYER_DEFAULT                     WINDIVERT_LAYER_NETWORK
-#define WINDIVERT_LAYER_MAX                                                 \
-    WINDIVERT_LAYER_NETWORK_FORWARD
+#define WINDIVERT_LAYER_MAX                         WINDIVERT_LAYER_REFLECT
+
+/*
+ * WinDivert events.
+ */
+#define WINDIVERT_EVENT_MAX                         \
+    WINDIVERT_EVENT_REFLECT_CLOSE
 
 /*
  * WinDivert flags.
  */
 #define WINDIVERT_FLAGS_ALL                                                 \
-    (WINDIVERT_FLAG_SNIFF | WINDIVERT_FLAG_DROP | WINDIVERT_FLAG_DEBUG)
+    (WINDIVERT_FLAG_SNIFF | WINDIVERT_FLAG_DROP | WINDIVERT_FLAG_RECV_ONLY |\
+        WINDIVERT_FLAG_SEND_ONLY | WINDIVERT_FLAG_NO_INSTALL |              \
+        WINDIVERT_FLAG_FRAGMENTS)
 #define WINDIVERT_FLAGS_EXCLUDE(flags, flag1, flag2)                        \
     (((flags) & ((flag1) | (flag2))) != ((flag1) | (flag2)))
 #define WINDIVERT_FLAGS_VALID(flags)                                        \
     ((((flags) & ~WINDIVERT_FLAGS_ALL) == 0) &&                             \
      WINDIVERT_FLAGS_EXCLUDE(flags, WINDIVERT_FLAG_SNIFF,                   \
-        WINDIVERT_FLAG_DROP))
+        WINDIVERT_FLAG_DROP) &&                                             \
+     WINDIVERT_FLAGS_EXCLUDE(flags, WINDIVERT_FLAG_RECV_ONLY,               \
+        WINDIVERT_FLAG_SEND_ONLY))
+
+/*
+ * WinDivert filter flags.
+ */
+#define WINDIVERT_FILTER_FLAG_INBOUND               0x0000000000000010ull
+#define WINDIVERT_FILTER_FLAG_OUTBOUND              0x0000000000000020ull
+#define WINDIVERT_FILTER_FLAG_IP                    0x0000000000000040ull
+#define WINDIVERT_FILTER_FLAG_IPV6                  0x0000000000000080ull
+#define WINDIVERT_FILTER_FLAG_EVENT_FLOW_DELETED    0x0000000000000100ull
+#define WINDIVERT_FILTER_FLAG_EVENT_SOCKET_BIND     0x0000000000000200ull
+#define WINDIVERT_FILTER_FLAG_EVENT_SOCKET_CONNECT  0x0000000000000400ull
+#define WINDIVERT_FILTER_FLAG_EVENT_SOCKET_LISTEN   0x0000000000000800ull
+#define WINDIVERT_FILTER_FLAG_EVENT_SOCKET_ACCEPT   0x0000000000001000ull
+#define WINDIVERT_FILTER_FLAG_EVENT_SOCKET_CLOSE    0x0000000000002000ull
+
+#define WINDIVERT_FILTER_FLAGS_ALL                                          \
+    (WINDIVERT_FILTER_FLAG_INBOUND |                                        \
+        WINDIVERT_FILTER_FLAG_OUTBOUND |                                    \
+        WINDIVERT_FILTER_FLAG_IP |                                          \
+        WINDIVERT_FILTER_FLAG_IPV6 |                                        \
+        WINDIVERT_FILTER_FLAG_EVENT_FLOW_DELETED |                          \
+        WINDIVERT_FILTER_FLAG_EVENT_SOCKET_BIND |                           \
+        WINDIVERT_FILTER_FLAG_EVENT_SOCKET_CONNECT |                        \
+        WINDIVERT_FILTER_FLAG_EVENT_SOCKET_LISTEN |                         \
+        WINDIVERT_FILTER_FLAG_EVENT_SOCKET_ACCEPT |                         \
+        WINDIVERT_FILTER_FLAG_EVENT_SOCKET_CLOSE)
 
 /*
  * WinDivert priorities.
  */
-#define WINDIVERT_PRIORITY(priority16)                                      \
-    ((UINT32)((INT32)(priority16) + 0x7FFF + 1))
-#define WINDIVERT_PRIORITY_DEFAULT                  WINDIVERT_PRIORITY(0)
-#define WINDIVERT_PRIORITY_MAX                      WINDIVERT_PRIORITY(1000)
-#define WINDIVERT_PRIORITY_MIN                      WINDIVERT_PRIORITY(-1000)
+#define WINDIVERT_PRIORITY_MAX                      WINDIVERT_PRIORITY_HIGHEST
+#define WINDIVERT_PRIORITY_MIN                      WINDIVERT_PRIORITY_LOWEST
 
 /*
- * WinDivert parameters.
+ * WinDivert timestamps.
  */
-#define WINDIVERT_PARAM_QUEUE_LEN_DEFAULT           2048
-#define WINDIVERT_PARAM_QUEUE_LEN_MIN               16
-#define WINDIVERT_PARAM_QUEUE_LEN_MAX               16384
-#define WINDIVERT_PARAM_QUEUE_TIME_DEFAULT          1000        // 1s
-#define WINDIVERT_PARAM_QUEUE_TIME_MIN              20          // 20ms
-#define WINDIVERT_PARAM_QUEUE_TIME_MAX              8000        // 8s
-#define WINDIVERT_PARAM_QUEUE_SIZE_MIN              65535       // 64KB
-#define WINDIVERT_PARAM_QUEUE_SIZE_MAX              33554432    // 32MB
-#define WINDIVERT_PARAM_QUEUE_SIZE_DEFAULT          4194304     // 4MB
+#define WINDIVERT_TIMESTAMP_MAX                     0x7FFFFFFFFFFFFFFFull
 
 /*
  * WinDivert message definitions.
  */
 #pragma pack(push, 1)
-struct windivert_ioctl_s
+typedef union
 {
-    UINT16 magic;                   // WINDIVERT_IOCTL_MAGIC
-    UINT8  version;                 // WINDIVERT_IOCTL_VERSION
-    UINT8  arg8;                    // 8-bit argument
-    UINT64 arg;                     // 64-bit argument
-};
-typedef struct windivert_ioctl_s *windivert_ioctl_t;
+    struct
+    {
+        UINT64 addr;                // WINDIVERT_ADDRESS pointer.
+        UINT64 addr_len_ptr;        // sizeof(addr) pointer.
+    } recv;
+    struct
+    {
+        UINT64 addr;                // WINDIVERT_ADDRESS pointer.
+        UINT64 addr_len;            // sizeof(addr).
+    } send;
+    struct
+    {
+        UINT32 layer;               // Handle layer.
+        UINT32 priority;            // Handle priority.
+        UINT64 flags;               // Handle flags.
+    } initialize;
+    struct
+    {
+        UINT64 flags;               // Filter flags.
+    } startup;
+    struct
+    {
+        UINT32 how;                 // WINDIVERT_SHUTDOWN_*
+    } shutdown;
+    struct
+    {
+        UINT32 param;               // WINDIVERT_PARAM_*
+    } get_param;
+    struct
+    {
+        UINT64 val;                 // Value pointer.
+        UINT32 param;               // WINDIVERT_PARAM_*
+    } set_param;
+} WINDIVERT_IOCTL, *PWINDIVERT_IOCTL;
 
 /*
- * WinDivert IOCTL structures.
+ * WinDivert initialization structure.
  */
-struct windivert_ioctl_filter_s
+typedef struct
 {
-    UINT8  field;                   // WINDIVERT_FILTER_FIELD_IP_*
-    UINT8  test;                    // WINDIVERT_FILTER_TEST_*
-    UINT16 success;                 // Success continuation.
-    UINT16 failure;                 // Fail continuation.
+    UINT64 magic;                   // Magic number (in/out).
+    UINT32 major;                   // Driver major version (in/out).
+    UINT32 minor;                   // Driver minor version (in/out).
+    UINT32 bits;                    // 32 or 64 (in/out).
+    UINT32 reserved32[3];
+    UINT64 reserved64[4];
+} WINDIVERT_VERSION, *PWINDIVERT_VERSION;
+
+/*
+ * WinDivert filter structure.
+ */
+typedef struct
+{
+    UINT32 field:11;                // WINDIVERT_FILTER_FIELD_*
+    UINT32 test:5;                  // WINDIVERT_FILTER_TEST_*
+    UINT32 success:16;              // Success continuation.
+    UINT32 failure:16;              // Fail continuation.
+    UINT32 neg:1;                   // Argument negative?
+    UINT32 reserved:15;
     UINT32 arg[4];                  // Argument.
-};
-typedef struct windivert_ioctl_filter_s *windivert_ioctl_filter_t;
+} WINDIVERT_FILTER, *PWINDIVERT_FILTER;
 #pragma pack(pop)
 
 /*
  * IOCTL codes.
  */
+#define IOCTL_WINDIVERT_INITIALIZE                                          \
+    CTL_CODE(FILE_DEVICE_NETWORK, 0x921, METHOD_OUT_DIRECT, FILE_READ_DATA |\
+        FILE_WRITE_DATA)
+#define IOCTL_WINDIVERT_STARTUP                                             \
+    CTL_CODE(FILE_DEVICE_NETWORK, 0x922, METHOD_IN_DIRECT, FILE_READ_DATA | \
+        FILE_WRITE_DATA)
 #define IOCTL_WINDIVERT_RECV                                                \
-    CTL_CODE(FILE_DEVICE_NETWORK, 0x908, METHOD_OUT_DIRECT, FILE_ANY_ACCESS)
+    CTL_CODE(FILE_DEVICE_NETWORK, 0x923, METHOD_OUT_DIRECT, FILE_READ_DATA)
 #define IOCTL_WINDIVERT_SEND                                                \
-    CTL_CODE(FILE_DEVICE_NETWORK, 0x909, METHOD_IN_DIRECT, FILE_ANY_ACCESS)
-#define IOCTL_WINDIVERT_START_FILTER                                        \
-    CTL_CODE(FILE_DEVICE_NETWORK, 0x90A, METHOD_IN_DIRECT, FILE_ANY_ACCESS)
-#define IOCTL_WINDIVERT_SET_LAYER                                           \
-    CTL_CODE(FILE_DEVICE_NETWORK, 0x90B, METHOD_IN_DIRECT, FILE_ANY_ACCESS)
-#define IOCTL_WINDIVERT_SET_PRIORITY                                        \
-    CTL_CODE(FILE_DEVICE_NETWORK, 0x90C, METHOD_IN_DIRECT, FILE_ANY_ACCESS)
-#define IOCTL_WINDIVERT_SET_FLAGS                                           \
-    CTL_CODE(FILE_DEVICE_NETWORK, 0x90D, METHOD_IN_DIRECT, FILE_ANY_ACCESS)
+    CTL_CODE(FILE_DEVICE_NETWORK, 0x924, METHOD_IN_DIRECT, FILE_READ_DATA | \
+        FILE_WRITE_DATA)
 #define IOCTL_WINDIVERT_SET_PARAM                                           \
-    CTL_CODE(FILE_DEVICE_NETWORK, 0x90E, METHOD_IN_DIRECT, FILE_ANY_ACCESS)
+    CTL_CODE(FILE_DEVICE_NETWORK, 0x925, METHOD_IN_DIRECT, FILE_READ_DATA | \
+        FILE_WRITE_DATA)
 #define IOCTL_WINDIVERT_GET_PARAM                                           \
-    CTL_CODE(FILE_DEVICE_NETWORK, 0x90F, METHOD_OUT_DIRECT, FILE_ANY_ACCESS)
+    CTL_CODE(FILE_DEVICE_NETWORK, 0x926, METHOD_OUT_DIRECT, FILE_READ_DATA)
+#define IOCTL_WINDIVERT_SHUTDOWN                                            \
+    CTL_CODE(FILE_DEVICE_NETWORK, 0x927, METHOD_IN_DIRECT, FILE_READ_DATA | \
+        FILE_WRITE_DATA)
 
 #endif      /* __WINDIVERT_DEVICE_H */

inf/windivert32.inf

@@ -4,7 +4,7 @@ Class = WFPCALLOUTS
 ClassGuid = {57465043-616C-6C6F-7574-5F636C617373}
 Provider = %Basil%
 CatalogFile = WinDivert32.Cat
-DriverVer = 10/22/2017,1.4.0
+DriverVer = 08/08/2019,2.2.0
 
 [SourceDisksNames]
 1 = %DiskName%
@@ -23,12 +23,6 @@ CopyFiles = WinDivertCalloutDriver.DriverFiles
 [DefaultInstall.Services]
 AddService = %ServiceName%,,WinDivertCalloutDriver.Service
 
-[DefaultUninstall]
-DelFiles = WinDivertCalloutDriver.DriverFiles
-
-[DefaultUninstall.Services]
-DelService = WinDivertCalloutDriver,0x200 ; SPSVCINST_STOPSERVICE
-
 [WinDivertCalloutDriver.DriverFiles]
 WinDivert32.sys,,,0x00000040 ; COPYFLG_OVERWRITE_OLDER_ONLY
 
@@ -41,8 +35,8 @@ ErrorControl = 1 ; SERVICE_ERROR_NORMAL
 ServiceBinary = %12%\WinDivert32.sys
 
 [Strings]
-%Basil% = "Basil"
-%DiskName% = "WinDivert Installation Disk"
-%Description% = "WinDivert Driver"
-%ServiceName% = "WinDivert"
-%ServiceDesc% = "WinDivert Driver"
+Basil = "Basil"
+DiskName = "WinDivert Installation Disk"
+Description = "WinDivert Driver"
+ServiceName = "WinDivert"
+ServiceDesc = "WinDivert Driver"

inf/windivert64.inf

@@ -4,7 +4,7 @@ Class = WFPCALLOUTS
 ClassGuid = {57465043-616C-6C6F-7574-5F636C617373}
 Provider = %Basil%
 CatalogFile = WinDivert64.Cat
-DriverVer = 10/22/2017,1.4.0
+DriverVer = 08/08/2019,2.2.0
 
 [SourceDisksNames]
 1 = %DiskName%
@@ -23,12 +23,6 @@ CopyFiles = WinDivertCalloutDriver.DriverFiles
 [DefaultInstall.Services]
 AddService = %ServiceName%,,WinDivertCalloutDriver.Service
 
-[DefaultUninstall]
-DelFiles = WinDivertCalloutDriver.DriverFiles
-
-[DefaultUninstall.Services]
-DelService = WinDivertCalloutDriver,0x200 ; SPSVCINST_STOPSERVICE
-
 [WinDivertCalloutDriver.DriverFiles]
 WinDivert64.sys,,,0x00000040 ; COPYFLG_OVERWRITE_OLDER_ONLY
 
@@ -41,8 +35,8 @@ ErrorControl = 1 ; SERVICE_ERROR_NORMAL
 ServiceBinary = %12%\WinDivert64.sys
 
 [Strings]
-%Basil% = "Basil"
-%DiskName% = "WinDivert Installation Disk"
-%Description% = "WinDivert Driver"
-%ServiceName% = "WinDivert"
-%ServiceDesc% = "WinDivert Driver"
+Basil = "Basil"
+DiskName = "WinDivert Installation Disk"
+Description = "WinDivert Driver"
+ServiceName = "WinDivert"
+ServiceDesc = "WinDivert Driver"

mingw-build.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 #
 # mingw-build.sh
-# (C) 2018, all rights reserved,
+# (C) 2019, all rights reserved,
 #
 # This file is part of WinDivert.
 #
@@ -33,12 +33,17 @@
 # Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
 
 # Script for MinGW/Linux cross compilation.
-# NOTE: run wddk-build.bat before this script.
+# NOTE: run msvc-build.bat before this script.
 
 set -e
 
 ENVS="i686-w64-mingw32 x86_64-w64-mingw32"
 
+if [ "$1" = "debug" ]
+then
+    EXTRA_OPTS="-lmsvcrt -include stdio.h"
+fi 
+
 for ENV in $ENVS
 do
     if [ $ENV = "i686-w64-mingw32" ]
@@ -51,17 +56,17 @@ do
         BITS=64
         MANGLE=
     fi
-    if [ ! -d install/WDDK/$CPU ]
+    HAVE_SYS=yes
+    if [ ! -d install/MSVC/$CPU ]
     then
-        echo "WARNING: missing WDDK build; run wddk-build.bat first"
-        echo "SKIP MINGW-$CPU"
-        continue
+        echo "WARNING: missing MSVC build; run msvc-build.bat first"
+        HAVE_SYS=no
     fi
     echo "BUILD MINGW-$CPU"
     CC="$ENV-gcc"
-    COPTS="-shared -Wall -Wno-pointer-to-int-cast -O2 -Iinclude/ 
+    COPTS="-fno-ident -shared -Wall -Wno-pointer-to-int-cast -Os -Iinclude/ 
         -Wl,--enable-stdcall-fixup -Wl,--entry=${MANGLE}WinDivertDllEntry"
-    CLIBS="-lgcc -lkernel32 -ladvapi32"
+    CLIBS="-lkernel32 -ladvapi32 $EXTRA_OPTS"
     STRIP="$ENV-strip"
     DLLTOOL="$ENV-dlltool"
     if [ -x "`which $CC`" ]
@@ -79,26 +84,45 @@ do
             --output-lib install/MINGW/$CPU/WinDivert.lib 2>/dev/null
         echo "\tbuild install/MINGW/$CPU/netdump.exe..."
         $CC -s -O2 -Iinclude/ examples/netdump/netdump.c \
-            -o "install/MINGW/$CPU/netdump.exe" -lWinDivert -lws2_32 \
+            -o "install/MINGW/$CPU/netdump.exe" -lWinDivert \
             -L"install/MINGW/$CPU/"
         echo "\tbuild install/MINGW/$CPU/netfilter.exe..."
         $CC -s -O2 -Iinclude/ examples/netfilter/netfilter.c \
-            -o "install/MINGW/$CPU/netfilter.exe" -lWinDivert -lws2_32 \
+            -o "install/MINGW/$CPU/netfilter.exe" -lWinDivert \
             -L"install/MINGW/$CPU/"
         echo "\tbuild install/MINGW/$CPU/passthru.exe..."
         $CC -s -O2 -Iinclude/ examples/passthru/passthru.c \
-            -o "install/MINGW/$CPU/passthru.exe" -lWinDivert -lws2_32 \
+            -o "install/MINGW/$CPU/passthru.exe" -lWinDivert \
             -L"install/MINGW/$CPU/"
         echo "\tbuild install/MINGW/$CPU/webfilter.exe..."
         $CC -s -O2 -Iinclude/ examples/webfilter/webfilter.c \
-            -o "install/MINGW/$CPU/webfilter.exe" -lWinDivert -lws2_32 \
+            -o "install/MINGW/$CPU/webfilter.exe" -lWinDivert \
             -L"install/MINGW/$CPU/"
         echo "\tbuild install/MINGW/$CPU/streamdump.exe..."
         $CC -s -O2 -Iinclude/ examples/streamdump/streamdump.c \
             -o "install/MINGW/$CPU/streamdump.exe" -lWinDivert -lws2_32 \
             -L"install/MINGW/$CPU/"
-        echo "\tcopy install/MINGW/$CPU/WinDivert$BITS.sys..."
-        cp install/WDDK/$CPU/WinDivert$BITS.sys install/MINGW/$CPU
+        echo "\tbuild install/MINGW/$CPU/flowtrack.exe..."
+        $CC -s -O2 -Iinclude/ examples/flowtrack/flowtrack.c \
+            -o "install/MINGW/$CPU/flowtrack.exe" -lWinDivert -lpsapi \
+            -lshlwapi -L"install/MINGW/$CPU/"
+        echo "\tbuild install/MINGW/$CPU/windivertctl.exe..."
+        $CC -s -O2 -Iinclude/ examples/windivertctl/windivertctl.c \
+            -o "install/MINGW/$CPU/windivertctl.exe" -lWinDivert \
+            -lpsapi -lshlwapi -L"install/MINGW/$CPU/"
+        echo "\tbuild install/MINGW/$CPU/socketdump.exe..."
+        $CC -s -O2 -Iinclude/ examples/socketdump/socketdump.c \
+            -o "install/MINGW/$CPU/socketdump.exe" -lWinDivert \
+            -lpsapi -lshlwapi -L"install/MINGW/$CPU/"
+        echo "\tbuild install/MINGW/$CPU/test.exe..."
+        $CC -s -O2 -Iinclude/ test/test.c \
+            -o "install/MINGW/$CPU/test.exe" -lWinDivert \
+            -L"install/MINGW/$CPU/"
+        if [ $HAVE_SYS = yes ]
+        then
+            echo "\tcopy install/MINGW/$CPU/WinDivert$BITS.sys..."
+            cp install/MSVC/$CPU/WinDivert$BITS.sys install/MINGW/$CPU
+        fi
     else
         echo "WARNING: $CC not found"
     fi

msvc-build.bat

@@ -0,0 +1,150 @@
+:: msvc-build.bat
+:: (C) 2019, all rights reserved,
+::
+:: This file is part of WinDivert.
+::
+:: WinDivert is free software: you can redistribute it and/or modify it under
+:: the terms of the GNU Lesser General Public License as published by the
+:: Free Software Foundation, either version 3 of the License, or (at your
+:: option) any later version.
+::
+:: This program is distributed in the hope that it will be useful, but
+:: WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+:: or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+:: License for more details.
+::
+:: You should have received a copy of the GNU Lesser General Public License
+:: along with this program.  If not, see <http://www.gnu.org/licenses/>.
+::
+:: WinDivert is free software; you can redistribute it and/or modify it under
+:: the terms of the GNU General Public License as published by the Free
+:: Software Foundation; either version 2 of the License, or (at your option)
+:: any later version.
+:: 
+:: This program is distributed in the hope that it will be useful, but
+:: WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+:: or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+:: for more details.
+:: 
+:: You should have received a copy of the GNU General Public License along
+:: with this program; if not, write to the Free Software Foundation, Inc., 51
+:: Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+@echo off
+
+msbuild sys\windivert.vcxproj ^
+    /p:Configuration=Release ^
+    /p:platform=Win32 ^
+    /p:SignMode=Off ^
+    /p:OutDir=..\install\MSVC\i386\ ^
+    /p:AssemblyName=WinDivert32
+
+msbuild sys\windivert.vcxproj ^
+    /p:Configuration=Release ^
+    /p:platform=x64 ^
+    /p:SignMode=Off ^
+    /p:OutDir=..\install\MSVC\amd64\ ^
+    /p:AssemblyName=WinDivert64
+
+msbuild dll\windivert.vcxproj ^
+    /p:Configuration=Release ^
+    /p:platform=Win32 ^
+    /p:OutDir=..\install\MSVC\i386\
+move dll\WinDivert.lib install\MSVC\i386\.
+
+msbuild dll\windivert.vcxproj ^
+    /p:Configuration=Release ^
+    /p:platform=x64 ^
+    /p:OutDir=..\install\MSVC\amd64\
+move dll\WinDivert.lib install\MSVC\amd64\.
+
+msbuild examples\flowtrack\flowtrack.vcxproj ^
+    /p:Configuration=Release ^
+    /p:Platform=Win32 ^
+    /p:OutDir=..\..\install\MSVC\i386\
+
+msbuild examples\flowtrack\flowtrack.vcxproj ^
+    /p:Configuration=Release ^
+    /p:Platform=x64 ^
+    /p:OutDir=..\..\install\MSVC\amd64\
+
+msbuild examples\netdump\netdump.vcxproj ^
+    /p:Configuration=Release ^
+    /p:Platform=Win32 ^
+    /p:OutDir=..\..\install\MSVC\i386\
+
+msbuild examples\netdump\netdump.vcxproj ^
+    /p:Configuration=Release ^
+    /p:Platform=x64 ^
+    /p:OutDir=..\..\install\MSVC\amd64\
+
+msbuild examples\netfilter\netfilter.vcxproj ^
+    /p:Configuration=Release ^
+    /p:Platform=Win32 ^
+    /p:OutDir=..\..\install\MSVC\i386\
+
+msbuild examples\netfilter\netfilter.vcxproj ^
+    /p:Configuration=Release ^
+    /p:Platform=x64 ^
+    /p:OutDir=..\..\install\MSVC\amd64\
+
+msbuild examples\passthru\passthru.vcxproj ^
+    /p:Configuration=Release ^
+    /p:Platform=Win32 ^
+    /p:OutDir=..\..\install\MSVC\i386\
+
+msbuild examples\passthru\passthru.vcxproj ^
+    /p:Configuration=Release ^
+    /p:Platform=x64 ^
+    /p:OutDir=..\..\install\MSVC\amd64\
+
+msbuild examples\socketdump\socketdump.vcxproj ^
+    /p:Configuration=Release ^
+    /p:Platform=Win32 ^
+    /p:OutDir=..\..\install\MSVC\i386\
+
+msbuild examples\socketdump\socketdump.vcxproj ^
+    /p:Configuration=Release ^
+    /p:Platform=x64 ^
+    /p:OutDir=..\..\install\MSVC\amd64\
+
+msbuild examples\streamdump\streamdump.vcxproj ^
+    /p:Configuration=Release ^
+    /p:Platform=Win32 ^
+    /p:OutDir=..\..\install\MSVC\i386\
+
+msbuild examples\streamdump\streamdump.vcxproj ^
+    /p:Configuration=Release ^
+    /p:Platform=x64 ^
+    /p:OutDir=..\..\install\MSVC\amd64\
+
+msbuild examples\webfilter\webfilter.vcxproj ^
+    /p:Configuration=Release ^
+    /p:Platform=Win32 ^
+    /p:OutDir=..\..\install\MSVC\i386\
+
+msbuild examples\webfilter\webfilter.vcxproj ^
+    /p:Configuration=Release ^
+    /p:Platform=x64 ^
+    /p:OutDir=..\..\install\MSVC\amd64\
+
+msbuild examples\windivertctl\windivertctl.vcxproj ^
+    /p:Configuration=Release ^
+    /p:Platform=Win32 ^
+    /p:OutDir=..\..\install\MSVC\i386\
+
+msbuild examples\windivertctl\windivertctl.vcxproj ^
+    /p:Configuration=Release ^
+    /p:Platform=x64 ^
+    /p:OutDir=..\..\install\MSVC\amd64\
+
+msbuild test\test.vcxproj ^
+    /p:Configuration=Release ^
+    /p:Platform=Win32 ^
+    /p:OutDir=..\install\MSVC\i386\
+
+msbuild test\test.vcxproj ^
+    /p:Configuration=Release ^
+    /p:Platform=x64 ^
+    /p:OutDir=..\install\MSVC\amd64\
+

release-build.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 #
 # release-build.sh
-# (C) 2018, all rights reserved,
+# (C) 2019, all rights reserved,
 #
 # This file is part of WinDivert.
 #
@@ -37,95 +37,129 @@
 
 set -e
 
+LABEL=
+if [ $# -ge 1 ]
+then
+    LABEL="-$1"
+fi
+
+TARGET=MINGW
+
+WINDIVERT32_SYS=install/$TARGET/i386/WinDivert32.sys
+if [ $# -ge 2 ]
+then
+    WINDIVERT32_SYS=$2
+fi
+
+WINDIVERT64_SYS=install/$TARGET/amd64/WinDivert64.sys
+if [ $# -ge 3 ]
+then
+    WINDIVERT64_SYS=$3
+fi
+
 VERSION=`cat ./VERSION`
 NAME=WinDivert-$VERSION
 
-for TARGET in MINGW
-do
-    if [ ! -d "install/$TARGET" ]
+echo "BUILD $NAME$LABEL"
+INSTALL=install/$NAME$LABEL
+echo "\tmake $INSTALL..."
+rm -rf $INSTALL
+mkdir -p $INSTALL
+echo "\tcopy $INSTALL/README..."
+cp README $INSTALL
+echo "\tcopy $INSTALL/CHANGELOG..."
+cp CHANGELOG $INSTALL
+echo "\tcopy $INSTALL/LICENSE..."
+cp LICENSE $INSTALL
+echo "\tcopy $INSTALL/VERSION..."
+cp VERSION $INSTALL
+echo "\tmake $INSTALL/include..."
+mkdir -p $INSTALL/include
+echo "\tcopy $INSTALL/include/windivert.h..."
+cp include/windivert.h $INSTALL/include
+echo "\tmake $INSTALL/doc..."
+mkdir -p $INSTALL/doc
+echo "\tcopy $INSTALL/doc/WinDivert.html..."
+cp doc/windivert.html $INSTALL/doc/WinDivert.html
+echo "\tmake $INSTALL/x86..."
+mkdir -p $INSTALL/x86
+echo "\tcopy $INSTALL/x86/WinDivert32.sys..."
+cp "$WINDIVERT32_SYS" $INSTALL/x86
+if ! grep "DigiCert High Assurance EV Root" $INSTALL/x86/WinDivert32.sys \
+    2>&1 >/dev/null
+then
+    echo "\t\033[33mWARNING\033[0m: unsigned WinDivert32.sys..."
+fi
+if [ -e "$WINDIVERT64_SYS" ]
+then
+    echo "\tcopy $INSTALL/x64/WinDivert64.sys..."
+    cp "$WINDIVERT64_SYS" $INSTALL/x86
+fi
+echo "\tcopy $INSTALL/x86/WinDivert.lib..."
+cp install/$TARGET/i386/WinDivert.lib $INSTALL/x86
+echo "\tcopy $INSTALL/x86/WinDivert.dll..."
+cp install/$TARGET/i386/WinDivert.dll $INSTALL/x86
+echo "\tcopy $INSTALL/x86/netdump.exe..."
+cp install/$TARGET/i386/netdump.exe $INSTALL/x86
+echo "\tcopy $INSTALL/x86/netfilter.exe..."
+cp install/$TARGET/i386/netfilter.exe $INSTALL/x86
+echo "\tcopy $INSTALL/x86/passtru.exe..."
+cp install/$TARGET/i386/passthru.exe $INSTALL/x86
+echo "\tcopy $INSTALL/x86/webfilter.exe..."
+cp install/$TARGET/i386/webfilter.exe $INSTALL/x86
+echo "\tcopy $INSTALL/x86/streamdump.exe..."
+cp install/$TARGET/i386/streamdump.exe $INSTALL/x86
+echo "\tcopy $INSTALL/x86/flowtrack.exe..."
+cp install/$TARGET/i386/flowtrack.exe $INSTALL/x86
+echo "\tcopy $INSTALL/x86/socketdump.exe..."
+cp install/$TARGET/i386/socketdump.exe $INSTALL/x86
+echo "\tcopy $INSTALL/x86/windivertctl.exe..."
+cp install/$TARGET/i386/windivertctl.exe $INSTALL/x86
+echo "\tcopy $INSTALL/x86/test.exe..."
+cp install/$TARGET/i386/test.exe $INSTALL/x86
+if [ -d "install/$TARGET/amd64" ]
+then
+    echo "\tmake $INSTALL/amd64..."
+    mkdir -p $INSTALL/x64
+    echo "\tcopy $INSTALL/amd64/WinDivert64.sys..."
+    cp "$WINDIVERT64_SYS" $INSTALL/x64
+    if ! grep "DigiCert High Assurance EV Root" \
+        $INSTALL/x64/WinDivert64.sys 2>&1 >/dev/null
     then
-        echo "SKIP $NAME-$TARGET"
-        continue
+        echo "\t\033[33mWARNING\033[0m: unsigned WinDivert64.sys..."
     fi
-    echo "BUILD $NAME"
-    INSTALL=install/$NAME
-    echo "\tmake $INSTALL..."
-    mkdir -p $INSTALL
-    echo "\tcopy $INSTALL/README..."
-    cp README $INSTALL
-    echo "\tcopy $INSTALL/CHANGELOG..."
-    cp CHANGELOG $INSTALL
-    echo "\tcopy $INSTALL/LICENSE..."
-    cp LICENSE $INSTALL
-    echo "\tcopy $INSTALL/VERSION..."
-    cp VERSION $INSTALL
-    echo "\tmake $INSTALL/include..."
-    mkdir -p $INSTALL/include
-    echo "\tcopy $INSTALL/include/windivert.h..."
-    cp include/windivert.h $INSTALL/include
-    echo "\tmake $INSTALL/doc..."
-    mkdir -p $INSTALL/doc
-    echo "\tcopy $INSTALL/doc/WinDivert.html..."
-    cp doc/windivert.html $INSTALL/doc/WinDivert.html
-    echo "\tmake $INSTALL/x86..."
-    mkdir -p $INSTALL/x86
-    echo "\tcopy $INSTALL/x86/WinDivert32.sys..."
-    cp install/$TARGET/i386/WinDivert32.sys $INSTALL/x86
-    if ! grep "DigiCert High Assurance EV Root" $INSTALL/x86/WinDivert32.sys \
-        2>&1 >/dev/null
-    then
-        echo "\t\033[33mWARNING\033[0m: unsigned WinDivert32.sys..."
-    fi
-    echo "\tcopy $INSTALL/x86/WinDivert.lib..."
-    cp install/$TARGET/i386/WinDivert.lib $INSTALL/x86
-    echo "\tcopy $INSTALL/x86/WinDivert.dll..."
-    cp install/$TARGET/i386/WinDivert.dll $INSTALL/x86
-    echo "\tcopy $INSTALL/x86/netdump.exe..."
-    cp install/$TARGET/i386/netdump.exe $INSTALL/x86
-    echo "\tcopy $INSTALL/x86/netfilter.exe..."
-    cp install/$TARGET/i386/netfilter.exe $INSTALL/x86
-    echo "\tcopy $INSTALL/x86/passtru.exe..."
-    cp install/$TARGET/i386/passthru.exe $INSTALL/x86
-    echo "\tcopy $INSTALL/x86/webfilter.exe..."
-    cp install/$TARGET/i386/webfilter.exe $INSTALL/x86
-    echo "\tcopy $INSTALL/x86/streamdump.exe..."
-    cp install/$TARGET/i386/streamdump.exe $INSTALL/x86
-    if [ -d "install/$TARGET/amd64" ]
-    then
-        echo "\tmake $INSTALL/amd64..."
-        mkdir -p $INSTALL/amd64
-        echo "\tcopy $INSTALL/amd64/WinDivert64.sys..."
-        cp install/$TARGET/amd64/WinDivert64.sys $INSTALL/amd64
-        if ! grep "DigiCert High Assurance EV Root" \
-            $INSTALL/amd64/WinDivert64.sys 2>&1 >/dev/null
-        then
-            echo -e "\t\033[33mWARNING\033[0m: unsigned WinDivert64.sys..."
-        fi
-        echo "\tcopy $INSTALL/amd64/WinDivert.lib..."
-        cp install/$TARGET/amd64/WinDivert.lib $INSTALL/amd64
-        echo "\tcopy $INSTALL/amd64/WinDivert.dll..."
-        cp install/$TARGET/amd64/WinDivert.dll $INSTALL/amd64
-        echo "\tcopy $INSTALL/amd64/netdump.exe..."
-        cp install/$TARGET/amd64/netdump.exe $INSTALL/amd64
-        echo "\tcopy $INSTALL/amd64/netfilter.exe..."
-        cp install/$TARGET/amd64/netfilter.exe $INSTALL/amd64
-        echo "\tcopy $INSTALL/amd64/passtru.exe..."
-        cp install/$TARGET/amd64/passthru.exe $INSTALL/amd64
-        echo "\tcopy $INSTALL/amd64/webfilter.exe..."
-        cp install/$TARGET/amd64/webfilter.exe $INSTALL/amd64
-        echo "\tcopy $INSTALL/amd64/streamdump.exe..."
-        cp install/$TARGET/amd64/streamdump.exe $INSTALL/amd64
-    else
-        echo "\tWARNING: skipping missing AMD64 build..."
-    fi
-    PACKAGE=$NAME.zip
-    echo "\tbuilding $PACKAGE..."
-    (
-        cd install;
-        zip -r $PACKAGE $NAME > /dev/null
-    )
-    echo -n "\tclean $INSTALL..."
-    rm -rf $INSTALL
-    echo "DONE"
-done
+    echo "\tcopy $INSTALL/x64/WinDivert.lib..."
+    cp install/$TARGET/amd64/WinDivert.lib $INSTALL/x64
+    echo "\tcopy $INSTALL/x64/WinDivert.dll..."
+    cp install/$TARGET/amd64/WinDivert.dll $INSTALL/x64
+    echo "\tcopy $INSTALL/x64/netdump.exe..."
+    cp install/$TARGET/amd64/netdump.exe $INSTALL/x64
+    echo "\tcopy $INSTALL/x64/netfilter.exe..."
+    cp install/$TARGET/amd64/netfilter.exe $INSTALL/x64
+    echo "\tcopy $INSTALL/x64/passtru.exe..."
+    cp install/$TARGET/amd64/passthru.exe $INSTALL/x64
+    echo "\tcopy $INSTALL/x64/webfilter.exe..."
+    cp install/$TARGET/amd64/webfilter.exe $INSTALL/x64
+    echo "\tcopy $INSTALL/x64/streamdump.exe..."
+    cp install/$TARGET/amd64/streamdump.exe $INSTALL/x64
+    echo "\tcopy $INSTALL/x64/flowtrack.exe..."
+    cp install/$TARGET/amd64/flowtrack.exe $INSTALL/x64
+    echo "\tcopy $INSTALL/x64/socketdump.exe..."
+    cp install/$TARGET/amd64/socketdump.exe $INSTALL/x64
+    echo "\tcopy $INSTALL/x64/windivertctl.exe..."
+    cp install/$TARGET/amd64/windivertctl.exe $INSTALL/x64
+    echo "\tcopy $INSTALL/x64/test.exe..."
+    cp install/$TARGET/amd64/test.exe $INSTALL/x64
+else
+    echo "\tWARNING: skipping missing AMD64 build..."
+fi
+PACKAGE=$NAME$LABEL.zip
+echo "\tbuilding $PACKAGE..."
+(
+    cd install;
+    zip -r $PACKAGE $NAME$LABEL > /dev/null
+)
+echo -n "\tclean $INSTALL..."
+rm -rf $INSTALL
+echo "DONE"
 

sys/sources

@@ -19,6 +19,6 @@ NTTARGETFILES=
 KMDF_VERSION_MAJOR=1
 C_DEFINES=$(C_DEFINES) -DBINARY_COMPATIBLE=0 -DNT -DUNICODE -D_UNICODE \
     -DNDIS60 -DNDIS_SUPPORT_NDIS60
-INCLUDES=$(DDK_INC_PATH);..\include
+INCLUDES=$(DDK_INC_PATH);..\include;..\dll
 SOURCES=windivert.rc windivert.c
 

sys/windivert.rc

@@ -1,6 +1,6 @@
 /*
  * windivert.rc
- * (C) 2018, all rights reserved,
+ * (C) 2019, all rights reserved,
  *
  * This file is part of WinDivert.
  *
@@ -35,23 +35,25 @@
 #include <windows.h>
 #include <ntverp.h>
 
+#include "windivert_log.rc"
+
 #define VER_FILETYPE                VFT_DRV
 #define VER_FILESUBTYPE             VFT2_DRV_NETWORK
 #define VER_FILEDESCRIPTION_STR     \
-    "The WinDivert driver " \
+    "The WinDivert 2.2 driver " \
     "[URL: https://reqrypt.org/windivert.html] " \
     "[Bitcoin: 1C5vZVSbizPeZ8ydTYhUfm4LA2cNwBfcYh]"
 #define VER_INTERNALNAME_STR        "WinDivert.sys"
 #define VER_ORIGINALFILENAME_STR    "WinDivert.sys"
-#define VER_PRODUCTVERSION          1.4
-#define VER_PRODUCTVERSION_STR      "1.4"
-#define VER_COMPANYNAME_STR         "Basil's Projects"
-#define VER_LEGALCOPYRIGHT_YEARS    "2011-2017"
+#define VER_PRODUCTVERSION          2.2
+#define VER_PRODUCTVERSION_STR      "2.2"
+#define VER_COMPANYNAME_STR         "Basil"
+#define VER_LEGALCOPYRIGHT_YEARS    "2011-2019"
 #define VER_LEGALCOPYRIGHT_STR      \
     "Copyright \251 " VER_COMPANYNAME_STR " " VER_LEGALCOPYRIGHT_YEARS 
 #define VER_FILEVERSION             VER_PRODUCTVERSION
 #define VER_FILEVERSION_STR         VER_PRODUCTVERSION_STR
-#define VER_PRODUCTNAME_STR         "WinDivert 1.4 driver"
+#define VER_PRODUCTNAME_STR         "WinDivert 2.2 driver"
 
 #include "common.ver"
 

sys/windivert.vcxproj

@@ -0,0 +1,93 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+
+    windivert.vcxproj
+    (C) 2019, all rights reserved,
+    
+    This file is part of WinDivert.
+    
+    WinDivert is free software: you can redistribute it and/or modify it under
+    the terms of the GNU Lesser General Public License as published by the
+    Free Software Foundation, either version 3 of the License, or (at your
+    option) any later version.
+    
+    This program is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+    or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+    License for more details.
+    
+    You should have received a copy of the GNU Lesser General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+    
+    WinDivert is free software; you can redistribute it and/or modify it under
+    the terms of the GNU General Public License as published by the Free
+    Software Foundation; either version 2 of the License, or (at your option)
+    any later version.
+    
+    This program is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+    or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+    for more details.
+    
+    You should have received a copy of the GNU General Public License along
+    with this program; if not, write to the Free Software Foundation, Inc., 51
+    Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+    
+-->
+<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+ <ItemGroup Label="ProjectConfigurations">
+  <ProjectConfiguration Include="Release|Win32">
+   <Configuration>Release</Configuration>
+   <Platform>Win32</Platform>
+  </ProjectConfiguration>
+  <ProjectConfiguration Include="Release|x64">
+   <Configuration>Release</Configuration>
+   <Platform>x64</Platform>
+  </ProjectConfiguration>
+ </ItemGroup>
+ <ItemGroup>
+  <MessageCompile Include="windivert_log.mc">
+   <RCFilePath>.</RCFilePath>
+   <HeaderFilePath>.</HeaderFilePath>
+  </MessageCompile>
+ </ItemGroup>
+ <ItemGroup>
+  <ResourceCompile Include="windivert.rc" />
+ </ItemGroup>
+ <ItemGroup>
+  <ClCompile Include="windivert.c">
+   <TreatWarningAsError>false</TreatWarningAsError>
+   <Optimization>MaxSpeed</Optimization>
+   <AdditionalIncludeDirectories>..\include;..\dll;.</AdditionalIncludeDirectories>
+  </ClCompile>
+ </ItemGroup>
+ <PropertyGroup Label="Globals">
+  <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
+  <MinimumVisualStudioVersion>12.0</MinimumVisualStudioVersion>
+  <RootNamespace>WinDivert</RootNamespace>
+  <ProjectName>WinDivert</ProjectName>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props"/>
+ <PropertyGroup Label="Configuration">
+  <TargetVersion>Windows7</TargetVersion>
+  <UseDebugLibraries>true</UseDebugLibraries>
+  <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
+  <ConfigurationType>Driver</ConfigurationType>
+  <DriverType>KMDF</DriverType>
+  <DriverTargetPlatform>Desktop</DriverTargetPlatform>
+  <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
+  <EnableInf2cat>false</EnableInf2cat>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+ <ItemDefinitionGroup>
+  <ClCompile>
+   <WppEnabled>false</WppEnabled>
+   <PreprocessorDefinitions Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">_X86_=1;i386=1;STD_CALL;%(PreprocessorDefinitions);NDIS60;UNICODE;_UNICODE;NDIS_SUPPORT_NDIS60;NT;BINARY_COMPATIBLE=0</PreprocessorDefinitions>
+   <PreprocessorDefinitions Condition="'$(Configuration)|$(Platform)'=='Release|x64'">_WIN64;_AMD64_;AMD64;%(PreprocessorDefinitions);NDIS60;UNICODE;_UNICODE;NDIS_SUPPORT_NDIS60;NT;BINARY_COMPATIBLE=0</PreprocessorDefinitions>
+  </ClCompile>
+  <Link>
+   <AdditionalDependencies>%(AdditionalDependencies);$(KernelBufferOverflowLib);$(DDK_LIB_PATH)ntoskrnl.lib;$(DDK_LIB_PATH)hal.lib;$(DDK_LIB_PATH)wmilib.lib;$(KMDF_LIB_PATH)$(KMDF_VER_PATH)\WdfLdr.lib;$(KMDF_LIB_PATH)$(KMDF_VER_PATH)\WdfDriverEntry.lib;$(DDK_LIB_PATH)\wdmsec.lib;$(DDK_LIB_PATH)\ndis.lib;$(DDK_LIB_PATH)\fwpkclnt.lib;$(SDK_LIB_PATH)\uuid.lib</AdditionalDependencies>
+  </Link>
+ </ItemDefinitionGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+</Project>

sys/windivert_log.mc

@@ -0,0 +1,59 @@
+;/*
+; * windivert_log.mc
+; * (C) 2019, all rights reserved,
+; *
+; * This file is part of WinDivert.
+; *
+; * WinDivert is free software: you can redistribute it and/or modify it under
+; * the terms of the GNU Lesser General Public License as published by the
+; * Free Software Foundation, either version 3 of the License, or (at your
+; * option) any later version.
+; *
+; * This program is distributed in the hope that it will be useful, but
+; * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+; * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+; * License for more details.
+; *
+; * You should have received a copy of the GNU Lesser General Public License
+; * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+; *
+; * WinDivert is free software; you can redistribute it and/or modify it under
+; * the terms of the GNU General Public License as published by the Free
+; * Software Foundation; either version 2 of the License, or (at your option)
+; * any later version.
+; * 
+; * This program is distributed in the hope that it will be useful, but
+; * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+; * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+; * for more details.
+; * 
+; * You should have received a copy of the GNU General Public License along
+; * with this program; if not, write to the Free Software Foundation, Inc., 51
+; * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+; */
+
+MessageIdTypedef=NTSTATUS
+
+SeverityNames = (
+    Success       = 0x0:STATUS_SEVERITY_SUCCESS
+    Informational = 0x1:STATUS_SEVERITY_INFORMATIONAL
+    Warning       = 0x2:STATUS_SEVERITY_WARNING
+    Error         = 0x3:STATUS_SEVERITY_ERROR
+)
+
+FacilityNames = (
+    System    = 0x0:FACILITY_SYSTEM
+    Runtime   = 0x2:FACILITY_RUNTIME
+    Stubs     = 0x3:FACILITY_STUBS
+    Io        = 0x4:FACILITY_IO_ERROR_CODE
+    WinDivert = 0x574:FACILITY_WINDIVERT
+)
+
+MessageId=0x312D
+Facility=WinDivert
+Severity=Informational
+SymbolicName=WINDIVERT_INFO_EVENT
+Language=English
+%2 %3 (processId=%4)
+.
+

test/build.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 #
 # build.sh
-# (C) 2018, all rights reserved,
+# (C) 2019, all rights reserved,
 #
 # This file is part of WinDivert.
 #
@@ -35,8 +35,11 @@
 # Script for MinGW/Linux cross compilation.
 # NOTE: run wddk-build.bat before this script.
 
+CC=i686-w64-mingw32-gcc
+$CC -fno-ident -s -O2 -I../include/ test.c \
+    -o ../install/MINGW/i386/test.exe -lWinDivert -L"../install/MINGW/i386/" 
+
 CC=x86_64-w64-mingw32-gcc
-
-$CC -s -O2 -I../include/ test.c -o test.exe -lWinDivert \
-    -L"../install/MINGW/amd64/"
+$CC -fno-ident -s -O2 -I../include/ test.c -o ../install/MINGW/amd64/test.exe \
+    -lWinDivert -L"../install/MINGW/amd64/"
 

test/test.vcxproj

@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+
+    test.vcxproj
+    (C) 2019, all rights reserved,
+    
+    This file is part of WinDivert.
+    
+    WinDivert is free software: you can redistribute it and/or modify it under
+    the terms of the GNU Lesser General Public License as published by the
+    Free Software Foundation, either version 3 of the License, or (at your
+    option) any later version.
+    
+    This program is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+    or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+    License for more details.
+    
+    You should have received a copy of the GNU Lesser General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+    
+    WinDivert is free software; you can redistribute it and/or modify it under
+    the terms of the GNU General Public License as published by the Free
+    Software Foundation; either version 2 of the License, or (at your option)
+    any later version.
+    
+    This program is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+    or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+    for more details.
+    
+    You should have received a copy of the GNU General Public License along
+    with this program; if not, write to the Free Software Foundation, Inc., 51
+    Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+    
+-->
+<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+ <ItemGroup Label="ProjectConfigurations">
+  <ProjectConfiguration Include="Release|Win32">
+   <Configuration>Release</Configuration>
+   <Platform>Win32</Platform>
+  </ProjectConfiguration>
+  <ProjectConfiguration Include="Release|x64">
+   <Configuration>Release</Configuration>
+   <Platform>x64</Platform>
+  </ProjectConfiguration>
+ </ItemGroup>
+ <ItemGroup>
+  <ClCompile Include="test.c">
+   <TreatWarningAsError>false</TreatWarningAsError>
+   <Optimization>MinSpace</Optimization>
+   <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+   <AdditionalIncludeDirectories>..\include</AdditionalIncludeDirectories>
+  </ClCompile>
+ </ItemGroup>
+ <PropertyGroup Label="Globals">
+  <RootNamespace>test</RootNamespace>
+  <ProjectName>test</ProjectName>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props"/>
+ <PropertyGroup Label="Configuration">
+  <PlatformToolset>v140</PlatformToolset>
+  <ConfigurationType>Application</ConfigurationType>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+ <ItemDefinitionGroup>
+  <Link>
+   <AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">..\install\MSVC\i386\WinDivert.lib;%(AdditionalDependencies)</AdditionalDependencies>
+   <AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Release|x64'">..\install\MSVC\amd64\WinDivert.lib;%(AdditionalDependencies)</AdditionalDependencies>
+  </Link>
+ </ItemDefinitionGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+</Project>

test/test_data.c

@@ -1,6 +1,6 @@
 /*
  * test_data.c
- * (C) 2018, all rights reserved,
+ * (C) 2019, all rights reserved,
  *
  * This file is part of WinDivert.
  *
@@ -33,11 +33,11 @@
  */
 
 // IPV4 ICMP ECHO REQUEST
-static unsigned char echo_request[] =
+static const unsigned char echo_request[] =
 {
     0x45, 0x00, 0x00, 0x54, 0x12, 0x34, 0x40, 0x00,
     0x40, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x01,
-    0x08, 0x08, 0x08, 0x08, 0x08, 0x00, 0x00, 0x00,
+    0x08, 0x08, 0x08, 0x08, 0x08, 0x00, 0x3c, 0xd2,
     0x0d, 0x56, 0x00, 0x01, 0x8b, 0xa6, 0x60, 0x54,
     0x00, 0x00, 0x00, 0x00, 0xf9, 0x08, 0x0a, 0x00,
     0x00, 0x00, 0x00, 0x00, 0x10, 0x11, 0x12, 0x13,
@@ -49,13 +49,13 @@ static unsigned char echo_request[] =
 };
 
 // IPV4 TCP HTTP GET REQUEST
-static unsigned char http_request[] =
+static const unsigned char http_request[] =
 {
     0x45, 0x00, 0x02, 0x09, 0x48, 0x2d, 0x40, 0x00,
     0x40, 0x06, 0x00, 0x00, 0x0a, 0x0a, 0x0a, 0x0a,
     0x5d, 0xb8, 0xd8, 0x77, 0xa3, 0x1a, 0x00, 0x50,
     0x53, 0x38, 0xcc, 0xc2, 0x56, 0x37, 0xb3, 0x55,
-    0x80, 0x18, 0x00, 0x73, 0x00, 0x00, 0x00, 0x00,
+    0x80, 0x18, 0x00, 0x73, 0x02, 0xa4, 0x00, 0x00,
     0x01, 0x01, 0x08, 0x0a, 0x00, 0x2c, 0x85, 0x1b,
     0x1b, 0x7f, 0x3a, 0x71, 0x47, 0x45, 0x54, 0x20,
     0x2f, 0x20, 0x48, 0x54, 0x54, 0x50, 0x2f, 0x31,
@@ -120,12 +120,12 @@ static unsigned char http_request[] =
 };
 
 // IPV4 DNS REQUEST
-static unsigned char dns_request[] =
+static const unsigned char dns_request[] =
 {
     0x45, 0x00, 0x00, 0x39, 0x20, 0x90, 0x00, 0x00,
     0x49, 0x11, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x01,
     0x08, 0x08, 0x04, 0x04, 0xe0, 0x45, 0x00, 0x35,
-    0x00, 0x25, 0x00, 0x00, 0x17, 0x08, 0x01, 0x00,
+    0x00, 0x25, 0x22, 0xa7, 0x17, 0x08, 0x01, 0x00,
     0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
     0x07, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65,
     0x03, 0x63, 0x6f, 0x6d, 0x00, 0x00, 0x01, 0x00,
@@ -133,7 +133,7 @@ static unsigned char dns_request[] =
 };
 
 // IPV6 TCP SYN
-static unsigned char ipv6_tcp_syn[] =
+static const unsigned char ipv6_tcp_syn[] =
 {
     0x60, 0x00, 0x00, 0x00, 0x00, 0x28, 0x06, 0x40,
     0x12, 0x34, 0x56, 0x78, 0x00, 0x01, 0x00, 0x00,
@@ -142,20 +142,20 @@ static unsigned char ipv6_tcp_syn[] =
     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
     0xc3, 0x7e, 0x00, 0x17, 0xe1, 0xd7, 0xc8, 0xaa,
     0x00, 0x00, 0x00, 0x00, 0xa0, 0x02, 0xaa, 0xaa,
-    0x00, 0x00, 0x00, 0x00, 0x02, 0x04, 0xff, 0xc4,
+    0xc3, 0x5e, 0x00, 0x00, 0x02, 0x04, 0xff, 0xc4,
     0x04, 0x02, 0x08, 0x0a, 0xff, 0xff, 0x91, 0x86,
     0x00, 0x00, 0x00, 0x00, 0x01, 0x03, 0x03, 0x07            
 };
 
 // IPV6 ICMPV6 ECHO REPLY
-static unsigned char ipv6_echo_reply[] =
+static const unsigned char ipv6_echo_reply[] =
 {
     0x60, 0x00, 0x00, 0x00, 0x00, 0x40, 0x3a, 0x1f,
     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
-    0x81, 0x00, 0x00, 0x00, 0x10, 0x72, 0x00, 0x03,
+    0x81, 0x00, 0x6e, 0xd6, 0x10, 0x72, 0x00, 0x03,
     0xa4, 0xd5, 0x69, 0x54, 0x00, 0x00, 0x00, 0x00,
     0xab, 0x75, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
     0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
@@ -166,7 +166,7 @@ static unsigned char ipv6_echo_reply[] =
 };
 
 // IPV6 EXTENSION HEADERS UDP 
-static unsigned char ipv6_exthdrs_udp[] =
+static const unsigned char ipv6_exthdrs_udp[] =
 {
     0x60, 0x00, 0x00, 0x00, 0x00, 0x2d, 0x00, 0x64,
     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -176,8 +176,61 @@ static unsigned char ipv6_exthdrs_udp[] =
     0x3c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
     0x3c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
     0x11, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-    0x12, 0x34, 0xaa, 0xaa, 0x00, 0x15, 0x00, 0x00,
+    0x12, 0x34, 0xaa, 0xaa, 0x00, 0x15, 0xef, 0xf4,
     0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x57, 0x6f,
     0x72, 0x6c, 0x64, 0x21, 0x01
 };
 
+// IPV4 FRAGMENT #0
+static const unsigned char ipv4_fragment_0[] =
+{
+    0x45, 0x00, 0x00, 0x1C, 0x12, 0x34, 0x20, 0x00,
+    0x40, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x01,
+    0x08, 0x08, 0x08, 0x08, 0x08, 0x00, 0x3c, 0xd2,
+    0x0d, 0x56, 0x00, 0x01
+};
+
+// IPV4 FRAGMENT #1
+static const unsigned char ipv4_fragment_1[] =
+{
+    0x45, 0x00, 0x00, 0x4C, 0x12, 0x34, 0x00, 0x01,
+    0x40, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x01,
+    0x08, 0x08, 0x08, 0x08, 0x8b, 0xa6, 0x60, 0x54,
+    0x00, 0x00, 0x00, 0x00, 0xf9, 0x08, 0x0a, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x10, 0x11, 0x12, 0x13,
+    0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b,
+    0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23,
+    0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b,
+    0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33,
+    0x34, 0x35, 0x36, 0x37
+};
+
+// IPV6 FRAGMENT #0
+static const unsigned char ipv6_fragment_0[] =
+{
+    0x60, 0x00, 0x00, 0x00, 0x00, 0x20, 0x2c, 0x1f,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+    0x3a, 0x00, 0x00, 0x01, 0xc7, 0xf6, 0xce, 0x53,
+    0x81, 0x00, 0x6e, 0xd6, 0x10, 0x72, 0x00, 0x03,
+    0xa4, 0xd5, 0x69, 0x54, 0x00, 0x00, 0x00, 0x00,
+    0xab, 0x75, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+};
+
+// IPV6 FRAGMENT #1
+static const unsigned char ipv6_fragment_1[] =
+{
+    0x60, 0x00, 0x00, 0x00, 0x00, 0x30, 0x2c, 0x1f,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+    0x3a, 0x00, 0x00, 0x18, 0xc7, 0xf6, 0xce, 0x53,
+    0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+    0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
+    0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+    0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
+    0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
+};

wddk-build.bat

@@ -1,5 +1,5 @@
 :: wddk-build.bat
-:: (C) 2018, all rights reserved,
+:: (C) 2019, all rights reserved,
 ::
 :: This file is part of WinDivert.
 ::