Fix previous commit 8bda0af

Fix #294

Previous commit was incomplete.

CHANGELOG

@@ -308,3 +308,7 @@ WinDivert 2.1.0
     - Fix BSOD caused by packets with missing or incomplete transport
       headers (introduced in 2.0.0).
     - Fix missing Flow.EndpointId and Flow.ParentEndpointId for IPv6 flows.
+WinDivert 2.2.0
+    - Implement new packet parser that correctly handles IP fragments.
+    - Add a new "fragment" filter field that matches IP fragments.
+    - (Un)Loading the WinDivert driver will cause a system event to be logged.

README

@@ -1,4 +1,4 @@
-WinDivert 2.1: Windows Packet Divert
+WinDivert 2.2: Windows Packet Divert
 ====================================
 
 1. Introduction

VERSION

@@ -1 +1 @@
-2.1.0
+2.2.0

dll/windivert.c

@@ -43,7 +43,9 @@
 #include <stdio.h>
 #include <stdlib.h>
 
-#define WINDIVERTEXPORT
+#ifndef WINDIVERTEXPORT
+#define WINDIVERTEXPORT extern
+#endif
 #include "windivert.h"
 #include "windivert_device.h"
 
@@ -85,6 +87,8 @@ static UINT32 WinDivertDivTen128(UINT32 *a);
 #define UINT32_MAX      0xFFFFFFFF
 #endif
 
+#define IPPROTO_MH      135
+
 #ifdef _MSC_VER
 
 #pragma intrinsic(memcpy)
@@ -107,7 +111,22 @@ void *memset(void *dst, int c, size_t n)
     return dst;
 }
 
-#endif
+#define WINDIVERT_INLINE    __forceinline
+
+#else       /* _MSC_VER */
+
+#define WINDIVERT_INLINE    __attribute__((__always_inline__)) inline
+
+#endif      /* _MSC_VER */
+
+/*
+ * Filter interpreter config.
+ */
+static BOOL WinDivertGetData(const VOID *packet, UINT packet_len, INT min,
+    INT max, INT idx, PVOID data, UINT size);
+#define WINDIVERT_GET_DATA(packet, packet_len, min, max, index, data, size) \
+    WinDivertGetData((packet), (packet_len), (min), (max), (index), (data), \
+        (size))
 
 /*
  * Prototypes.
@@ -135,8 +154,7 @@ static HMODULE module = NULL;
 /*
  * Dll Entry
  */
-extern BOOL APIENTRY WinDivertDllEntry(HANDLE module0, DWORD reason,
-    LPVOID reserved)
+BOOL APIENTRY WinDivertDllEntry(HANDLE module0, DWORD reason, LPVOID reserved)
 {
     HANDLE event;
     switch (reason)
@@ -245,6 +263,33 @@ static BOOLEAN WinDivertGetDriverFileName(LPWSTR sys_str)
     return TRUE;
 }
 
+/*
+ * Register event log.  It is not an error if this function fails.
+ */
+static void WinDivertRegisterEventSource(const wchar_t *windivert_sys)
+{
+    HKEY key;
+    size_t len;
+    DWORD types = 7;
+
+    if (!WinDivertStrLen(windivert_sys, MAX_PATH, &len))
+    {
+        return;
+    }
+    if (RegCreateKeyExA(HKEY_LOCAL_MACHINE,
+            "System\\CurrentControlSet\\Services\\EventLog\\System\\WinDivert",
+            0, NULL, REG_OPTION_VOLATILE, KEY_SET_VALUE, NULL, &key, NULL)
+                != ERROR_SUCCESS)
+    {
+        return;
+    }
+    RegSetValueExW(key, L"EventMessageFile", 0, REG_SZ, (LPBYTE)windivert_sys,
+            (len + 1) * sizeof(wchar_t));
+    RegSetValueExA(key, "TypesSupported", 0, REG_DWORD, (LPBYTE)&types,
+            sizeof(types));
+    RegCloseKey(key);
+}
+
 /*
  * Install the WinDivert driver.
  */
@@ -306,6 +351,9 @@ static BOOLEAN WinDivertDriverInstall(VOID)
         goto WinDivertDriverInstallExit;
     }
 
+    // Register event logging:
+    WinDivertRegisterEventSource(windivert_sys);
+
 WinDivertDriverInstallExit:
 
     success = (service != NULL);
@@ -338,7 +386,7 @@ WinDivertDriverInstallExit:
     ReleaseMutex(mutex);
     CloseHandle(mutex);
     SetLastError(err);
-    
+
     return success;
 }
 
@@ -403,8 +451,8 @@ static BOOL WinDivertIoControl(HANDLE handle, DWORD code,
 /*
  * Open a WinDivert handle.
  */
-extern HANDLE WinDivertOpen(const char *filter, WINDIVERT_LAYER layer,
-    INT16 priority, UINT64 flags)
+HANDLE WinDivertOpen(const char *filter, WINDIVERT_LAYER layer, INT16 priority,
+    UINT64 flags)
 {
     WINDIVERT_FILTER *object;
     UINT obj_len;
@@ -571,13 +619,13 @@ extern HANDLE WinDivertOpen(const char *filter, WINDIVERT_LAYER layer,
 /*
  * Receive a WinDivert packet.
  */
-extern BOOL WinDivertRecv(HANDLE handle, PVOID pPacket, UINT packetLen,
-    UINT *readLen, PWINDIVERT_ADDRESS addr)
+BOOL WinDivertRecv(HANDLE handle, PVOID pPacket, UINT packetLen, UINT *readLen,
+    PWINDIVERT_ADDRESS addr)
 {
     WINDIVERT_IOCTL ioctl;
     memset(&ioctl, 0, sizeof(ioctl));
-    ioctl.recv.addr = (UINT64)addr;
-    ioctl.recv.addr_len_ptr = (UINT64)NULL;
+    ioctl.recv.addr = (UINT64)(ULONG_PTR)addr;
+    ioctl.recv.addr_len_ptr = (UINT64)(ULONG_PTR)NULL;
     return WinDivertIoControl(handle, IOCTL_WINDIVERT_RECV, &ioctl,
         pPacket, packetLen, readLen);
 }
@@ -585,14 +633,14 @@ extern BOOL WinDivertRecv(HANDLE handle, PVOID pPacket, UINT packetLen,
 /*
  * Receive a WinDivert packet.
  */
-extern BOOL WinDivertRecvEx(HANDLE handle, PVOID pPacket, UINT packetLen,
+BOOL WinDivertRecvEx(HANDLE handle, PVOID pPacket, UINT packetLen,
     UINT *readLen, UINT64 flags, PWINDIVERT_ADDRESS addr, UINT *pAddrLen,
     LPOVERLAPPED overlapped)
 {
     WINDIVERT_IOCTL ioctl;
     memset(&ioctl, 0, sizeof(ioctl));
-    ioctl.recv.addr = (UINT64)addr;
-    ioctl.recv.addr_len_ptr = (UINT64)pAddrLen;
+    ioctl.recv.addr = (UINT64)(ULONG_PTR)addr;
+    ioctl.recv.addr_len_ptr = (UINT64)(ULONG_PTR)pAddrLen;
     if (flags != 0)
     {
         SetLastError(ERROR_INVALID_PARAMETER);
@@ -613,12 +661,12 @@ extern BOOL WinDivertRecvEx(HANDLE handle, PVOID pPacket, UINT packetLen,
 /*
  * Send a WinDivert packet.
  */
-extern BOOL WinDivertSend(HANDLE handle, const VOID *pPacket, UINT packetLen,
+BOOL WinDivertSend(HANDLE handle, const VOID *pPacket, UINT packetLen,
     UINT *writeLen, const WINDIVERT_ADDRESS *addr)
 {
     WINDIVERT_IOCTL ioctl;
     memset(&ioctl, 0, sizeof(ioctl));
-    ioctl.send.addr = (UINT64)addr;
+    ioctl.send.addr = (UINT64)(ULONG_PTR)addr;
     ioctl.send.addr_len = sizeof(WINDIVERT_ADDRESS);
     return WinDivertIoControl(handle, IOCTL_WINDIVERT_SEND, &ioctl,
         (PVOID)pPacket, packetLen, writeLen);
@@ -627,13 +675,13 @@ extern BOOL WinDivertSend(HANDLE handle, const VOID *pPacket, UINT packetLen,
 /*
  * Send a WinDivert packet.
  */
-extern BOOL WinDivertSendEx(HANDLE handle, const VOID *pPacket, UINT packetLen,
+BOOL WinDivertSendEx(HANDLE handle, const VOID *pPacket, UINT packetLen,
     UINT *writeLen, UINT64 flags, const WINDIVERT_ADDRESS *addr, UINT addrLen,
     LPOVERLAPPED overlapped)
 {
     WINDIVERT_IOCTL ioctl;
     memset(&ioctl, 0, sizeof(ioctl));
-    ioctl.send.addr = (UINT64)addr;
+    ioctl.send.addr = (UINT64)(ULONG_PTR)addr;
     ioctl.send.addr_len = addrLen;
     if (flags != 0)
     {
@@ -655,7 +703,7 @@ extern BOOL WinDivertSendEx(HANDLE handle, const VOID *pPacket, UINT packetLen,
 /*
  * Shutdown a WinDivert handle.
  */
-extern BOOL WinDivertShutdown(HANDLE handle, WINDIVERT_SHUTDOWN how)
+BOOL WinDivertShutdown(HANDLE handle, WINDIVERT_SHUTDOWN how)
 {
     WINDIVERT_IOCTL ioctl;
     memset(&ioctl, 0, sizeof(ioctl));
@@ -667,7 +715,7 @@ extern BOOL WinDivertShutdown(HANDLE handle, WINDIVERT_SHUTDOWN how)
 /*
  * Close a WinDivert handle.
  */
-extern BOOL WinDivertClose(HANDLE handle)
+BOOL WinDivertClose(HANDLE handle)
 {
     return CloseHandle(handle);
 }
@@ -675,8 +723,7 @@ extern BOOL WinDivertClose(HANDLE handle)
 /*
  * Set a WinDivert parameter.
  */
-extern BOOL WinDivertSetParam(HANDLE handle, WINDIVERT_PARAM param,
-    UINT64 value)
+BOOL WinDivertSetParam(HANDLE handle, WINDIVERT_PARAM param, UINT64 value)
 {
     WINDIVERT_IOCTL ioctl;
     memset(&ioctl, 0, sizeof(ioctl));
@@ -689,8 +736,7 @@ extern BOOL WinDivertSetParam(HANDLE handle, WINDIVERT_PARAM param,
 /*
  * Get a WinDivert parameter.
  */
-extern BOOL WinDivertGetParam(HANDLE handle, WINDIVERT_PARAM param,
-    UINT64 *pValue)
+BOOL WinDivertGetParam(HANDLE handle, WINDIVERT_PARAM param, UINT64 *pValue)
 {
     WINDIVERT_IOCTL ioctl;
     memset(&ioctl, 0, sizeof(ioctl));

dll/windivert_hash.c

@@ -104,35 +104,37 @@ static UINT64 WinDivertXXH64Avalanche(UINT64 h64)
 /*
  * WinDivert packet hash function.
  */
-static UINT64 WinDivertHashPacket(UINT64 seed, PWINDIVERT_IPHDR ip_header,
-    PWINDIVERT_IPV6HDR ipv6_header, PWINDIVERT_ICMPHDR icmp_header,
-    PWINDIVERT_ICMPV6HDR icmpv6_header, PWINDIVERT_TCPHDR tcp_header,
-    PWINDIVERT_UDPHDR udp_header)
+static UINT64 WinDivertHashPacket(UINT64 seed,
+    const WINDIVERT_IPHDR *ip_header, const WINDIVERT_IPV6HDR *ipv6_header,
+    const WINDIVERT_ICMPHDR *icmp_header,
+    const WINDIVERT_ICMPV6HDR *icmpv6_header,
+    const WINDIVERT_TCPHDR *tcp_header, const WINDIVERT_UDPHDR *udp_header)
 {
-	UINT64 h64, v1, v2, v3, v4, v[4], *data64;
-    UINT32 *data32;
+    UINT64 h64, v1, v2, v3, v4, v[4];
+    const UINT64 *data64;
+    const UINT32 *data32;
     UINT i;
     static const UINT64 padding64[] =               // SHA2 IV
     {
-		0x428A2F9871374491ull, 0xB5C0FBCFE9B5DBA5ull, 0x3956C25B59F111F1ull,
-		0x923F82A4AB1C5ED5ull, 0xD807AA9812835B01ull, 0x243185BE550C7DC3ull,
-		0x72BE5D7480DEB1FEull, 0x9BDC06A7C19BF174ull, 0xE49B69C1EFBE4786ull,
+        0x428A2F9871374491ull, 0xB5C0FBCFE9B5DBA5ull, 0x3956C25B59F111F1ull,
+        0x923F82A4AB1C5ED5ull, 0xD807AA9812835B01ull, 0x243185BE550C7DC3ull,
+        0x72BE5D7480DEB1FEull, 0x9BDC06A7C19BF174ull, 0xE49B69C1EFBE4786ull,
     };
 
     // Set-up seed & data
     v1 = seed ^ padding64[0];
     if (ip_header != NULL)
     {
-        data64 = (UINT64 *)ip_header;
+        data64 = (const UINT64 *)ip_header;
         v2 = data64[0] ^ padding64[1];
         v3 = data64[1] ^ padding64[2];
-        data32 = (UINT32 *)ip_header;
+        data32 = (const UINT32 *)ip_header;
         v4 = (UINT64)data32[4] ^ padding64[3];
         i = 0;
     }
     else if (ipv6_header != NULL)
     {
-        data64 = (UINT64 *)ipv6_header;
+        data64 = (const UINT64 *)ipv6_header;
         v2 = data64[0] ^ padding64[1];
         v3 = data64[1] ^ padding64[2];
         v4 = data64[2] ^ padding64[3];
@@ -145,10 +147,10 @@ static UINT64 WinDivertHashPacket(UINT64 seed, PWINDIVERT_IPHDR ip_header,
 
     if (tcp_header != NULL)
     {
-        data64 = (UINT64 *)tcp_header;
+        data64 = (const UINT64 *)tcp_header;
         v[i] = data64[0] ^ padding64[i+4]; i++;
         v[i] = data64[1] ^ padding64[i+4]; i++;
-        data32 = (UINT32 *)tcp_header;
+        data32 = (const UINT32 *)tcp_header;
         if (i <= 3)
         {
             v[i] = (UINT64)data32[4] ^ padding64[i+4]; i++;
@@ -162,17 +164,17 @@ static UINT64 WinDivertHashPacket(UINT64 seed, PWINDIVERT_IPHDR ip_header,
     {
         if (udp_header != NULL)
         {
-            data64 = (UINT64 *)udp_header;
+            data64 = (const UINT64 *)udp_header;
             v[i] = data64[0] ^ padding64[i+4]; i++;
         }
         else if (icmp_header != NULL)
         {
-            data64 = (UINT64 *)icmp_header;
+            data64 = (const UINT64 *)icmp_header;
             v[i] = data64[0] ^ padding64[i+4]; i++;
         }
         else if (icmpv6_header != NULL)
         {
-            data64 = (UINT64 *)icmpv6_header;
+            data64 = (const UINT64 *)icmpv6_header;
             v[i] = data64[0] ^ padding64[i+4]; i++;
         }
     }
@@ -194,7 +196,7 @@ static UINT64 WinDivertHashPacket(UINT64 seed, PWINDIVERT_IPHDR ip_header,
     h64 = WinDivertXXH64MergeRound(h64, v3);
     h64 = WinDivertXXH64MergeRound(h64, v4); 
     h64 += 32;          // "length"
-	h64 = WinDivertXXH64Avalanche(h64);
+    h64 = WinDivertXXH64Avalanche(h64);
 
     return h64;
 }

doc/windivert.html

@@ -1,11 +1,11 @@
 <!doctype html>
 <html lang="en">
 <head>
-    <title>WinDivert 2.1 Documentation</title>
+    <title>WinDivert 2.2 Documentation</title>
     <meta charset="UTF-8"/>
 </head>
 <body>
-<h1>WinDivert 2.1: Windows Packet Divert</h1>
+<h1>WinDivert 2.2: Windows Packet Divert</h1>
 <h2>Table of Contents</h2>
 <ul>
 <li><a href="#introduction">1. Introduction</a></li>
@@ -2317,7 +2317,7 @@ to convert the result into network-byte-order.
 </p>
 </dd></dl>
 
-<a name="divert_helper_format_ipv4_address"><h3>6.11 WinDivertHelperParseIPv4Address</h3></a>
+<a name="divert_helper_format_ipv4_address"><h3>6.11 WinDivertHelperFormatIPv4Address</h3></a>
 <table border="1" cellpadding="5"><tr><td>
 <pre>
 BOOL <b>WinDivertHelperFormatIPv4Address</b>(
@@ -2751,6 +2751,7 @@ The possible fields are:
 <tr><td><code>subIfIdx</code></td><td>&#10004;</td><td>&#10004;</td><td></td><td></td><td></td><td>Sub-interface index</td></tr>
 <tr><td><code>loopback</code></td><td>&#10004;</td><td></td><td>&#10004;</td><td>&#10004;</td><td></td><td>Is loopback packet?</td></tr>
 <tr><td><code>impostor</code></td><td>&#10004;</td><td>&#10004;</td><td></td><td></td><td></td><td>Is impostor packet?</td></tr>
+<tr><td><code>fragment</code></td><td>&#10004;</td><td>&#10004;</td><td></td><td></td><td></td><td>Is IP fragment packet?</td></tr>
 <tr><td><code>endpointId</code></td><td></td><td></td><td>&#10004;</td><td>&#10004;</td><td></td><td>Endpoint ID</td></tr>
 <tr><td><code>parentEndpointId</code></td><td></td><td></td><td>&#10004;</td><td>&#10004;</td><td></td><td>Parent endpoint ID</td></tr>
 <tr><td><code>processId</code></td><td></td><td></td><td>&#10004;</td><td>&#10004;</td><td>&#10004;</td><td>Process ID</td></tr>

include/windivert.h

@@ -40,7 +40,7 @@
 #endif      /* WINDIVERT_KERNEL */
 
 #ifndef WINDIVERTEXPORT
-#define WINDIVERTEXPORT     __declspec(dllimport)
+#define WINDIVERTEXPORT     extern __declspec(dllimport)
 #endif      /* WINDIVERTEXPORT */
 
 #ifdef __MINGW32__
@@ -226,7 +226,7 @@ typedef enum
 /*
  * Open a WinDivert handle.
  */
-extern WINDIVERTEXPORT HANDLE WinDivertOpen(
+WINDIVERTEXPORT HANDLE WinDivertOpen(
     __in        const char *filter,
     __in        WINDIVERT_LAYER layer,
     __in        INT16 priority,
@@ -235,7 +235,7 @@ extern WINDIVERTEXPORT HANDLE WinDivertOpen(
 /*
  * Receive (read) a packet from a WinDivert handle.
  */
-extern WINDIVERTEXPORT BOOL WinDivertRecv(
+WINDIVERTEXPORT BOOL WinDivertRecv(
     __in        HANDLE handle,
     __out_opt   VOID *pPacket,
     __in        UINT packetLen,
@@ -245,7 +245,7 @@ extern WINDIVERTEXPORT BOOL WinDivertRecv(
 /*
  * Receive (read) a packet from a WinDivert handle.
  */
-extern WINDIVERTEXPORT BOOL WinDivertRecvEx(
+WINDIVERTEXPORT BOOL WinDivertRecvEx(
     __in        HANDLE handle,
     __out_opt   VOID *pPacket,
     __in        UINT packetLen,
@@ -258,7 +258,7 @@ extern WINDIVERTEXPORT BOOL WinDivertRecvEx(
 /*
  * Send (write/inject) a packet to a WinDivert handle.
  */
-extern WINDIVERTEXPORT BOOL WinDivertSend(
+WINDIVERTEXPORT BOOL WinDivertSend(
     __in        HANDLE handle,
     __in        const VOID *pPacket,
     __in        UINT packetLen,
@@ -268,7 +268,7 @@ extern WINDIVERTEXPORT BOOL WinDivertSend(
 /*
  * Send (write/inject) a packet to a WinDivert handle.
  */
-extern WINDIVERTEXPORT BOOL WinDivertSendEx(
+WINDIVERTEXPORT BOOL WinDivertSendEx(
     __in        HANDLE handle,
     __in        const VOID *pPacket,
     __in        UINT packetLen,
@@ -281,20 +281,20 @@ extern WINDIVERTEXPORT BOOL WinDivertSendEx(
 /*
  * Shutdown a WinDivert handle.
  */
-extern WINDIVERTEXPORT BOOL WinDivertShutdown(
+WINDIVERTEXPORT BOOL WinDivertShutdown(
     __in        HANDLE handle,
     __in        WINDIVERT_SHUTDOWN how);
 
 /*
  * Close a WinDivert handle.
  */
-extern WINDIVERTEXPORT BOOL WinDivertClose(
+WINDIVERTEXPORT BOOL WinDivertClose(
     __in        HANDLE handle);
 
 /*
  * Set a WinDivert handle parameter.
  */
-extern WINDIVERTEXPORT BOOL WinDivertSetParam(
+WINDIVERTEXPORT BOOL WinDivertSetParam(
     __in        HANDLE handle,
     __in        WINDIVERT_PARAM param,
     __in        UINT64 value);
@@ -302,7 +302,7 @@ extern WINDIVERTEXPORT BOOL WinDivertSetParam(
 /*
  * Get a WinDivert handle parameter.
  */
-extern WINDIVERTEXPORT BOOL WinDivertGetParam(
+WINDIVERTEXPORT BOOL WinDivertGetParam(
     __in        HANDLE handle,
     __in        WINDIVERT_PARAM param,
     __out       UINT64 *pValue);
@@ -487,7 +487,7 @@ typedef struct
 /*
  * Hash a packet.
  */
-extern WINDIVERTEXPORT UINT64 WinDivertHelperHashPacket(
+WINDIVERTEXPORT UINT64 WinDivertHelperHashPacket(
     __in        const VOID *pPacket,
     __in        UINT packetLen,
     __in        UINT64 seed
@@ -499,7 +499,7 @@ extern WINDIVERTEXPORT UINT64 WinDivertHelperHashPacket(
 /*
  * Parse IPv4/IPv6/ICMP/ICMPv6/TCP/UDP headers from a raw packet.
  */
-extern WINDIVERTEXPORT BOOL WinDivertHelperParsePacket(
+WINDIVERTEXPORT BOOL WinDivertHelperParsePacket(
     __in        const VOID *pPacket,
     __in        UINT packetLen,
     __out_opt   PWINDIVERT_IPHDR *ppIpHdr,
@@ -517,21 +517,21 @@ extern WINDIVERTEXPORT BOOL WinDivertHelperParsePacket(
 /*
  * Parse an IPv4 address.
  */
-extern WINDIVERTEXPORT BOOL WinDivertHelperParseIPv4Address(
+WINDIVERTEXPORT BOOL WinDivertHelperParseIPv4Address(
     __in        const char *addrStr,
     __out_opt   UINT32 *pAddr);
 
 /*
  * Parse an IPv6 address.
  */
-extern WINDIVERTEXPORT BOOL WinDivertHelperParseIPv6Address(
+WINDIVERTEXPORT BOOL WinDivertHelperParseIPv6Address(
     __in        const char *addrStr,
     __out_opt   UINT32 *pAddr);
 
 /*
  * Format an IPv4 address.
  */
-extern WINDIVERTEXPORT BOOL WinDivertHelperFormatIPv4Address(
+WINDIVERTEXPORT BOOL WinDivertHelperFormatIPv4Address(
     __in        UINT32 addr,
     __out       char *buffer,
     __in        UINT bufLen);
@@ -539,7 +539,7 @@ extern WINDIVERTEXPORT BOOL WinDivertHelperFormatIPv4Address(
 /*
  * Format an IPv6 address.
  */
-extern WINDIVERTEXPORT BOOL WinDivertHelperFormatIPv6Address(
+WINDIVERTEXPORT BOOL WinDivertHelperFormatIPv6Address(
     __in        const UINT32 *pAddr,
     __out       char *buffer,
     __in        UINT bufLen);
@@ -547,7 +547,7 @@ extern WINDIVERTEXPORT BOOL WinDivertHelperFormatIPv6Address(
 /*
  * Calculate IPv4/IPv6/ICMP/ICMPv6/TCP/UDP checksums.
  */
-extern WINDIVERTEXPORT BOOL WinDivertHelperCalcChecksums(
+WINDIVERTEXPORT BOOL WinDivertHelperCalcChecksums(
     __inout     VOID *pPacket, 
     __in        UINT packetLen,
     __out_opt   WINDIVERT_ADDRESS *pAddr,
@@ -556,14 +556,14 @@ extern WINDIVERTEXPORT BOOL WinDivertHelperCalcChecksums(
 /*
  * Decrement the TTL/HopLimit.
  */
-extern WINDIVERTEXPORT BOOL WinDivertHelperDecrementTTL(
+WINDIVERTEXPORT BOOL WinDivertHelperDecrementTTL(
     __inout     VOID *pPacket,
     __in        UINT packetLen);
 
 /*
  * Compile the given filter string.
  */
-extern WINDIVERTEXPORT BOOL WinDivertHelperCompileFilter(
+WINDIVERTEXPORT BOOL WinDivertHelperCompileFilter(
     __in        const char *filter,
     __in        WINDIVERT_LAYER layer,
     __out_opt   char *object,
@@ -574,7 +574,7 @@ extern WINDIVERTEXPORT BOOL WinDivertHelperCompileFilter(
 /*
  * Evaluate the given filter string.
  */
-extern WINDIVERTEXPORT BOOL WinDivertHelperEvalFilter(
+WINDIVERTEXPORT BOOL WinDivertHelperEvalFilter(
     __in        const char *filter,
     __in        const VOID *pPacket,
     __in        UINT packetLen,
@@ -583,7 +583,7 @@ extern WINDIVERTEXPORT BOOL WinDivertHelperEvalFilter(
 /*
  * Format the given filter string.
  */
-extern WINDIVERTEXPORT BOOL WinDivertHelperFormatFilter(
+WINDIVERTEXPORT BOOL WinDivertHelperFormatFilter(
     __in        const char *filter,
     __in        WINDIVERT_LAYER layer,
     __out       char *buffer,
@@ -592,32 +592,32 @@ extern WINDIVERTEXPORT BOOL WinDivertHelperFormatFilter(
 /*
  * Byte ordering.
  */
-extern WINDIVERTEXPORT UINT16 WinDivertHelperNtohs(
+WINDIVERTEXPORT UINT16 WinDivertHelperNtohs(
     __in        UINT16 x);
-extern WINDIVERTEXPORT UINT16 WinDivertHelperHtons(
+WINDIVERTEXPORT UINT16 WinDivertHelperHtons(
     __in        UINT16 x);
-extern WINDIVERTEXPORT UINT32 WinDivertHelperNtohl(
+WINDIVERTEXPORT UINT32 WinDivertHelperNtohl(
     __in        UINT32 x);
-extern WINDIVERTEXPORT UINT32 WinDivertHelperHtonl(
+WINDIVERTEXPORT UINT32 WinDivertHelperHtonl(
     __in        UINT32 x);
-extern WINDIVERTEXPORT UINT64 WinDivertHelperNtohll(
+WINDIVERTEXPORT UINT64 WinDivertHelperNtohll(
     __in        UINT64 x);
-extern WINDIVERTEXPORT UINT64 WinDivertHelperHtonll(
+WINDIVERTEXPORT UINT64 WinDivertHelperHtonll(
     __in        UINT64 x);
-extern WINDIVERTEXPORT void WinDivertHelperNtohIPv6Address(
+WINDIVERTEXPORT void WinDivertHelperNtohIPv6Address(
     __in        const UINT *inAddr,
     __out       UINT *outAddr);
-extern WINDIVERTEXPORT void WinDivertHelperHtonIPv6Address(
+WINDIVERTEXPORT void WinDivertHelperHtonIPv6Address(
     __in        const UINT *inAddr,
     __out       UINT *outAddr);
 
 /*
  * Old names to be removed in the next version.
  */
-extern WINDIVERTEXPORT void WinDivertHelperNtohIpv6Address(
+WINDIVERTEXPORT void WinDivertHelperNtohIpv6Address(
     __in        const UINT *inAddr,
     __out       UINT *outAddr);
-extern WINDIVERTEXPORT void WinDivertHelperHtonIpv6Address(
+WINDIVERTEXPORT void WinDivertHelperHtonIpv6Address(
     __in        const UINT *inAddr,
     __out       UINT *outAddr);
 

include/windivert_device.h

@@ -38,14 +38,14 @@
 /*
  * NOTE: This is the low-level interface to the WinDivert device driver.
  *       This interface should not be used directly, instead use the high-level
- *       interface provided by the divert API.
+ *       interface provided by the WinDivert API.
  */
 
 #define WINDIVERT_KERNEL
 #include "windivert.h"
 
 #define WINDIVERT_VERSION_MAJOR                     2
-#define WINDIVERT_VERSION_MINOR                     1
+#define WINDIVERT_VERSION_MINOR                     2
 
 #define WINDIVERT_MAGIC_DLL                         0x4C4C447669645724ull
 #define WINDIVERT_MAGIC_SYS                         0x5359537669645723ull
@@ -149,8 +149,9 @@
 #define WINDIVERT_FILTER_FIELD_RANDOM8              82
 #define WINDIVERT_FILTER_FIELD_RANDOM16             83
 #define WINDIVERT_FILTER_FIELD_RANDOM32             84
+#define WINDIVERT_FILTER_FIELD_FRAGMENT             85
 #define WINDIVERT_FILTER_FIELD_MAX                  \
-    WINDIVERT_FILTER_FIELD_RANDOM32
+    WINDIVERT_FILTER_FIELD_FRAGMENT
 
 #define WINDIVERT_FILTER_TEST_EQ                    0
 #define WINDIVERT_FILTER_TEST_NEQ                   1

inf/windivert32.inf

@@ -4,7 +4,7 @@ Class = WFPCALLOUTS
 ClassGuid = {57465043-616C-6C6F-7574-5F636C617373}
 Provider = %Basil%
 CatalogFile = WinDivert32.Cat
-DriverVer = 08/08/2019,2.1.0
+DriverVer = 08/08/2019,2.2.0
 
 [SourceDisksNames]
 1 = %DiskName%

inf/windivert64.inf

@@ -4,7 +4,7 @@ Class = WFPCALLOUTS
 ClassGuid = {57465043-616C-6C6F-7574-5F636C617373}
 Provider = %Basil%
 CatalogFile = WinDivert64.Cat
-DriverVer = 08/08/2019,2.1.0
+DriverVer = 08/08/2019,2.2.0
 
 [SourceDisksNames]
 1 = %DiskName%

mingw-build.sh

@@ -41,7 +41,7 @@ ENVS="i686-w64-mingw32 x86_64-w64-mingw32"
 
 if [ "$1" = "debug" ]
 then
-    MSVCRT=-lmsvcrt
+    EXTRA_OPTS="-lmsvcrt -include stdio.h"
 fi 
 
 for ENV in $ENVS
@@ -66,7 +66,7 @@ do
     CC="$ENV-gcc"
     COPTS="-fno-ident -shared -Wall -Wno-pointer-to-int-cast -Os -Iinclude/ 
         -Wl,--enable-stdcall-fixup -Wl,--entry=${MANGLE}WinDivertDllEntry"
-    CLIBS="-lkernel32 -ladvapi32 $MSVCRT"
+    CLIBS="-lkernel32 -ladvapi32 $EXTRA_OPTS"
     STRIP="$ENV-strip"
     DLLTOOL="$ENV-dlltool"
     if [ -x "`which $CC`" ]

sys/windivert.rc

@@ -35,23 +35,25 @@
 #include <windows.h>
 #include <ntverp.h>
 
+#include "windivert_log.rc"
+
 #define VER_FILETYPE                VFT_DRV
 #define VER_FILESUBTYPE             VFT2_DRV_NETWORK
 #define VER_FILEDESCRIPTION_STR     \
-    "The WinDivert 2.0 driver " \
+    "The WinDivert 2.2 driver " \
     "[URL: https://reqrypt.org/windivert.html] " \
     "[Bitcoin: 1C5vZVSbizPeZ8ydTYhUfm4LA2cNwBfcYh]"
 #define VER_INTERNALNAME_STR        "WinDivert.sys"
 #define VER_ORIGINALFILENAME_STR    "WinDivert.sys"
-#define VER_PRODUCTVERSION          2.1
-#define VER_PRODUCTVERSION_STR      "2.1"
+#define VER_PRODUCTVERSION          2.2
+#define VER_PRODUCTVERSION_STR      "2.2"
 #define VER_COMPANYNAME_STR         "Basil"
 #define VER_LEGALCOPYRIGHT_YEARS    "2011-2019"
 #define VER_LEGALCOPYRIGHT_STR      \
     "Copyright \251 " VER_COMPANYNAME_STR " " VER_LEGALCOPYRIGHT_YEARS 
 #define VER_FILEVERSION             VER_PRODUCTVERSION
 #define VER_FILEVERSION_STR         VER_PRODUCTVERSION_STR
-#define VER_PRODUCTNAME_STR         "WinDivert 2.0 driver"
+#define VER_PRODUCTNAME_STR         "WinDivert 2.2 driver"
 
 #include "common.ver"
 

sys/windivert.vcxproj

@@ -45,11 +45,20 @@
    <Platform>x64</Platform>
   </ProjectConfiguration>
  </ItemGroup>
+ <ItemGroup>
+  <MessageCompile Include="windivert_log.mc">
+   <RCFilePath>.</RCFilePath>
+   <HeaderFilePath>.</HeaderFilePath>
+  </MessageCompile>
+ </ItemGroup>
+ <ItemGroup>
+  <ResourceCompile Include="windivert.rc" />
+ </ItemGroup>
  <ItemGroup>
   <ClCompile Include="windivert.c">
    <TreatWarningAsError>false</TreatWarningAsError>
    <Optimization>MaxSpeed</Optimization>
-   <AdditionalIncludeDirectories>..\include;..\dll</AdditionalIncludeDirectories>
+   <AdditionalIncludeDirectories>..\include;..\dll;.</AdditionalIncludeDirectories>
   </ClCompile>
  </ItemGroup>
  <PropertyGroup Label="Globals">

sys/windivert_log.mc

@@ -0,0 +1,59 @@
+;/*
+; * windivert_log.mc
+; * (C) 2019, all rights reserved,
+; *
+; * This file is part of WinDivert.
+; *
+; * WinDivert is free software: you can redistribute it and/or modify it under
+; * the terms of the GNU Lesser General Public License as published by the
+; * Free Software Foundation, either version 3 of the License, or (at your
+; * option) any later version.
+; *
+; * This program is distributed in the hope that it will be useful, but
+; * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+; * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+; * License for more details.
+; *
+; * You should have received a copy of the GNU Lesser General Public License
+; * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+; *
+; * WinDivert is free software; you can redistribute it and/or modify it under
+; * the terms of the GNU General Public License as published by the Free
+; * Software Foundation; either version 2 of the License, or (at your option)
+; * any later version.
+; * 
+; * This program is distributed in the hope that it will be useful, but
+; * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+; * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+; * for more details.
+; * 
+; * You should have received a copy of the GNU General Public License along
+; * with this program; if not, write to the Free Software Foundation, Inc., 51
+; * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+; */
+
+MessageIdTypedef=NTSTATUS
+
+SeverityNames = (
+    Success       = 0x0:STATUS_SEVERITY_SUCCESS
+    Informational = 0x1:STATUS_SEVERITY_INFORMATIONAL
+    Warning       = 0x2:STATUS_SEVERITY_WARNING
+    Error         = 0x3:STATUS_SEVERITY_ERROR
+)
+
+FacilityNames = (
+    System    = 0x0:FACILITY_SYSTEM
+    Runtime   = 0x2:FACILITY_RUNTIME
+    Stubs     = 0x3:FACILITY_STUBS
+    Io        = 0x4:FACILITY_IO_ERROR_CODE
+    WinDivert = 0x574:FACILITY_WINDIVERT
+)
+
+MessageId=0x312D
+Facility=WinDivert
+Severity=Informational
+SymbolicName=WINDIVERT_INFO_EVENT
+Language=English
+%2 %3 (processId=%4)
+.
+

test/test.c

@@ -1,6 +1,6 @@
 /*
  * test.c
- * (C) 2019, all rights reserved,
+ * (C) 2021, all rights reserved,
  *
  * This file is part of WinDivert.
  *
@@ -43,6 +43,7 @@
 #include "windivert.h"
 
 #define MAX_PACKET  2048
+#define MIN(a, b)   ((a) < (b)? (a): (b))
 
 /*
  * Packet data.
@@ -112,6 +113,30 @@ static const struct packet pkt_ipv6_exthdrs_udp =
     sizeof(ipv6_exthdrs_udp),
     "ipv6_exthdrs_udp"
 };
+static const struct packet pkt_ipv4_fragment_0 =
+{
+    ipv4_fragment_0,
+    sizeof(ipv4_fragment_0),
+    "ipv4_fragemnt_0"
+};
+static const struct packet pkt_ipv4_fragment_1 =
+{
+    ipv4_fragment_1,
+    sizeof(ipv4_fragment_1),
+    "ipv4_fragment_1"
+};
+static const struct packet pkt_ipv6_fragment_0 =
+{
+    ipv6_fragment_0,
+    sizeof(ipv6_fragment_0),
+    "ipv6_fragment_0"
+};
+static const struct packet pkt_ipv6_fragment_1 =
+{
+    ipv6_fragment_1,
+    sizeof(ipv6_fragment_1),
+    "ipv6_fragment_1"
+};
 static const struct test tests[] =
 {
     {"event = PACKET",                         &pkt_echo_request, TRUE},
@@ -167,6 +192,7 @@ static const struct test tests[] =
                                                &pkt_echo_request, TRUE},
     {"(tcp? tcp.DstPort == 80: true) and (udp? udp.DstPort == 80: true)",
                                                &pkt_echo_request, TRUE},
+    {"fragment",                               &pkt_echo_request, FALSE},
     {"ip and ip and ip and ip and ip and "     // Max filter length:
      "ip and ip and ip and ip and ip and "
      "ip and ip and ip and ip and ip and "
@@ -309,6 +335,9 @@ static const struct test tests[] =
     {"localAddr == 10.0.0.1 && remoteAddr == 8.8.8.8 && localPort == 8 && "
      "remotePort == 0 && protocol == 1",       &pkt_echo_request, TRUE},
     {"packet[0] == 0x45",                      &pkt_echo_request, TRUE},
+    {"ip.MF or ip.FragOff != 0",               &pkt_echo_request, FALSE},
+    {"icmp.Body != 123 || icmp.Body == 123",   &pkt_echo_request, TRUE},
+    {"length == 84 && ip.Length == 84",        &pkt_echo_request, TRUE},
     {"tcp",                                    &pkt_http_request, TRUE},
     {"protocol == TCP",                        &pkt_http_request, TRUE},
     {"outbound and tcp and tcp.DstPort == 80", &pkt_http_request, TRUE},
@@ -603,6 +632,7 @@ static const struct test tests[] =
     {"localAddr == 10.0.0.1 && remoteAddr == 8.8.4.4 && "
      "localPort == 57413 && remotePort == 53 && protocol == 17",
                                                &pkt_dns_request, TRUE},
+    {"ipv6.DstAddr >= ::",                     &pkt_dns_request, FALSE},
     {"ipv6",                                   &pkt_ipv6_tcp_syn, TRUE},
     {"ip",                                     &pkt_ipv6_tcp_syn, FALSE},
     {"tcp.Syn",                                &pkt_ipv6_tcp_syn, TRUE},
@@ -720,9 +750,11 @@ static const struct test tests[] =
     {"icmpv6.Body == 0x10720003",              &pkt_ipv6_echo_reply, TRUE},
     {"ipv6.DstAddr >= 1000",                   &pkt_ipv6_echo_reply, FALSE},
     {"ipv6.DstAddr <= 1",                      &pkt_ipv6_echo_reply, TRUE},
+    {"length == 104 && ipv6.Length == 64",     &pkt_ipv6_echo_reply, TRUE},
     {"ip and !loopback and (outbound? tcp.DstPort == 80 or"
      " tcp.DstPort == 443 or udp.DstPort == 53 :"
      " icmp.Type == 11 and icmp.Code == 0)",   &pkt_ipv6_echo_reply, FALSE},
+    {"fragment",                               &pkt_ipv6_echo_reply, FALSE},
     {"random8 < 128",                          &pkt_ipv6_echo_reply, TRUE},
     {"(random8 < 128? random16 < 0x8000: random32 < 0x80000000)",
                                                &pkt_ipv6_echo_reply, TRUE},
@@ -784,6 +816,7 @@ static const struct test tests[] =
     {"ipv6.SrcAddr != abcd::1",                &pkt_ipv6_exthdrs_udp, TRUE},
     {"ipv6.SrcAddr >= abcd::1",                &pkt_ipv6_exthdrs_udp, FALSE},
     {"ipv6.SrcAddr > abcd::1",                 &pkt_ipv6_exthdrs_udp, FALSE},
+    {"ipv6.DstAddr >= ::",                     &pkt_ipv6_exthdrs_udp, TRUE},
     {"timestamp > -1",                         &pkt_ipv6_exthdrs_udp, TRUE},
     {"udp.SrcPort == 4660 and udp.DstPort == 43690",
                                                &pkt_ipv6_exthdrs_udp, TRUE},
@@ -855,12 +888,51 @@ static const struct test tests[] =
                                                &pkt_ipv6_exthdrs_udp, FALSE},
     {"localAddr == ::1 and remoteAddr == 1 and localPort == 4660 and "
      "remotePort == 43690 and protocol == 17", &pkt_ipv6_exthdrs_udp, TRUE},
+    {"fragment",                               &pkt_ipv4_fragment_0, TRUE},
+    {"ip.MF or ip.FragOff != 0",               &pkt_ipv4_fragment_0, TRUE},
+    {"icmp",                                   &pkt_ipv4_fragment_0, TRUE},
+    {"icmp.Body != 123 || icmp.Body == 123",   &pkt_ipv4_fragment_0, TRUE},
+    {"length == 84 || ip.Length == 84",        &pkt_ipv4_fragment_0, FALSE},
+    {"ip.HdrLength == 5 and ip.TOS == 0 and ip.Length == 28 and "
+     "ip.Id == 0x1234 and ip.FragOff == 0 and ip.MF == 1 and ip.DF == 0 and "
+     "ip.TTL == 64 and ip.Protocol == 1 and ip.SrcAddr == 0xFFFF0A000001 and "
+     "ip.DstAddr == 0xFFFF08080808 and icmp.Type == 8 and icmp.Code == 0 and "
+     "icmp.Body == 0x0D560001",                &pkt_ipv4_fragment_0, TRUE},
+    {"fragment",                               &pkt_ipv4_fragment_1, TRUE},
+    {"ip.MF or ip.FragOff != 0",               &pkt_ipv4_fragment_1, TRUE},
+    {"icmp",                                   &pkt_ipv4_fragment_1, FALSE},
+    {"icmp.Body != 123 || icmp.Body == 123",   &pkt_ipv4_fragment_1, FALSE},
+    {"length == 84 || ip.Length == 84",        &pkt_ipv4_fragment_1, FALSE},
+    {"ip.HdrLength == 5 and ip.TOS == 0 and ip.Length == 76 and "
+     "ip.Id == 0x1234 and ip.FragOff == 1 and ip.MF == 0 and ip.DF == 0 and "
+     "ip.TTL == 64 and ip.Protocol == 1 and ip.SrcAddr == 0xFFFF0A000001 and "
+     "ip.DstAddr == 0xFFFF08080808",           &pkt_ipv4_fragment_1, TRUE},
+    {"fragment",                               &pkt_ipv6_fragment_0, TRUE},
+    {"icmpv6",                                 &pkt_ipv6_fragment_0, TRUE},
+    {"length == 104 || ipv6.Length == 64",     &pkt_ipv6_fragment_0, FALSE},
+    {"ipv6.TrafficClass == 0x00000000 and ipv6.FlowLabel == 0x0000 and "
+     "ipv6.Length == 32 and ipv6.NextHdr == 44 and ipv6.HopLimit == 31 and "
+     "ipv6.SrcAddr == 0:0:0:0:0:0:0:1 and ipv6.DstAddr == 0:0:0:0:0:0:0:1 and "
+     "icmpv6.Type == 129 and icmpv6.Code == 0 and icmpv6.Body == 0x10720003",
+                                               &pkt_ipv6_fragment_0, TRUE},
+    {"fragment",                               &pkt_ipv6_fragment_1, TRUE},
+    {"icmpv6",                                 &pkt_ipv6_fragment_1, FALSE},
+    {"length == 104 || ipv6.Length == 64",     &pkt_ipv6_fragment_1, FALSE},
+    {"ipv6.TrafficClass == 0x00000000 and ipv6.FlowLabel == 0x0000 and "
+     "ipv6.Length == 48 and ipv6.NextHdr == 44 and ipv6.HopLimit == 31 and "
+     "ipv6.SrcAddr == 0:0:0:0:0:0:0:1 and ipv6.DstAddr == 0:0:0:0:0:0:0:1",
+                                               &pkt_ipv6_fragment_1, TRUE},
 };
 
+/*
+ * Test range.
+ */
+static size_t lo = 0, hi = UINT_MAX;
+
 /*
  * Main.
  */
-int main(void)
+int main(int argc, char **argv)
 {
     HANDLE upper_handle, lower_handle;
     HANDLE console, monitor;
@@ -869,6 +941,25 @@ int main(void)
     LARGE_INTEGER freq;
     UINT64 diff;
     size_t i;
+    size_t num_tests = sizeof(tests) / sizeof(struct test), passed_tests;
+
+    switch (argc)
+    {
+        case 1:
+            break;
+        case 3:
+            lo = atoi(argv[1]);
+            hi = atoi(argv[2]);
+            if (hi >= lo)
+            {
+                break;
+            }
+            // Fallthrough
+        default:
+            fprintf(stderr, "usage: %s [low high]\n", argv[0]);
+            exit(EXIT_FAILURE);
+    }
+    hi = MIN(num_tests, hi);
 
     // Open handles to:
     // (1) stop normal traffic from interacting with the tests; and
@@ -902,8 +993,8 @@ int main(void)
     Sleep(150);
 
     // Run tests:
-    size_t num_tests = sizeof(tests) / sizeof(struct test), passed_tests = 0;
-    for (i = 0; i < num_tests; i++)
+    passed_tests = 0;
+    for (i = lo; i < num_tests && i <= hi; i++)
     {
         const char *filter = tests[i].filter;
         const char *packet = tests[i].packet->packet;
@@ -961,10 +1052,10 @@ int main(void)
     }
 
     printf("\npassed = %.2f%%\n",
-        ((double)passed_tests / (double)num_tests) * 100.0);
+        ((double)passed_tests / (double)(hi - lo)) * 100.0);
 
     first = TRUE;
-    for (i = 0; i < num_tests; i++)
+    for (i = lo; i < num_tests && i <= hi; i++)
     {
         const char *filter = tests[i].filter;
         char *name = tests[i].packet->name;
@@ -1274,7 +1365,7 @@ static DWORD monitor_worker(LPVOID arg)
     }
 
     size_t num_tests = sizeof(tests) / sizeof(struct test);
-    for (i = 0; i < num_tests; i++)
+    for (i = lo; i < num_tests && i <= hi; i++)
     {
         // (1) Read the reflected filter:
         WinDivertHelperCompileFilter(tests[i].filter, WINDIVERT_LAYER_NETWORK,

test/test_data.c

@@ -181,3 +181,56 @@ static const unsigned char ipv6_exthdrs_udp[] =
     0x72, 0x6c, 0x64, 0x21, 0x01
 };
 
+// IPV4 FRAGMENT #0
+static const unsigned char ipv4_fragment_0[] =
+{
+    0x45, 0x00, 0x00, 0x1C, 0x12, 0x34, 0x20, 0x00,
+    0x40, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x01,
+    0x08, 0x08, 0x08, 0x08, 0x08, 0x00, 0x3c, 0xd2,
+    0x0d, 0x56, 0x00, 0x01
+};
+
+// IPV4 FRAGMENT #1
+static const unsigned char ipv4_fragment_1[] =
+{
+    0x45, 0x00, 0x00, 0x4C, 0x12, 0x34, 0x00, 0x01,
+    0x40, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x01,
+    0x08, 0x08, 0x08, 0x08, 0x8b, 0xa6, 0x60, 0x54,
+    0x00, 0x00, 0x00, 0x00, 0xf9, 0x08, 0x0a, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x10, 0x11, 0x12, 0x13,
+    0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b,
+    0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23,
+    0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b,
+    0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33,
+    0x34, 0x35, 0x36, 0x37
+};
+
+// IPV6 FRAGMENT #0
+static const unsigned char ipv6_fragment_0[] =
+{
+    0x60, 0x00, 0x00, 0x00, 0x00, 0x20, 0x2c, 0x1f,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+    0x3a, 0x00, 0x00, 0x01, 0xc7, 0xf6, 0xce, 0x53,
+    0x81, 0x00, 0x6e, 0xd6, 0x10, 0x72, 0x00, 0x03,
+    0xa4, 0xd5, 0x69, 0x54, 0x00, 0x00, 0x00, 0x00,
+    0xab, 0x75, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+};
+
+// IPV6 FRAGMENT #1
+static const unsigned char ipv6_fragment_1[] =
+{
+    0x60, 0x00, 0x00, 0x00, 0x00, 0x30, 0x2c, 0x1f,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+    0x3a, 0x00, 0x00, 0x18, 0xc7, 0xf6, 0xce, 0x53,
+    0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+    0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
+    0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+    0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
+    0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
+};