Alexandr Stelnykovych
0fd3665ac0
Add PM_SPLIT_TUN_PORT (719) to fast_track_pm_packets so that redirected packets arriving at the local split-tunnel proxy are permitted immediately by the kext, matching the existing behaviour for the SPN port (717) and the DNS port (53). This prevents internal proxy connections from being reported to Portmaster and appearing in the connection monitor UI. Also simplify fast_track_pm_packets by removing the redundant match-on-direction branches, which were identical for Outbound and Inbound. Bump kext interface patch version to 2.1.1.0.
Portmaster Windows kext
Implementation of Safing's Portmaster Windows kernel extension in Rust.
Documentation
- Driver -> entry point.
- WDK -> Windows Driver Kit interface.
- Packet Path -> Detailed documentation of what happens to a packet when it enters the kernel extension.
- Release -> Guide how to do a release build.
- Windows Filtering Platform - MS -> The driver is build on top of WFP.
Building (For release)
Please refer to release/README.md for details about the release procedure.
Building (For testing and development)
The Windows Portmaster Kernel Extension is currently only developed and tested for the amd64 (64-bit) architecture.
Prerequirements:
- Visual Studio 2022
- Install C++ and Windows 11 SDK (22H2) components
- Add
link.exeandsigntoolin the PATH
- Windows Driver Kit
- Rust (Can be separate machine)
Setup Test Signing:
Not recommended for a work machine. Usually done on virtual machine dedicated for testing.
In order to test the driver on your machine, you will have to sign it (starting with Windows 10).
Create a new certificate for test signing:
# Open a *x64 Free Build Environment* console as Administrator.
# Run the MakeCert.exe tool to create a test certificate:
MakeCert -r -pe -ss PrivateCertStore -n "CN=DriverCertificate" DriverCertificate.cer
# Install the test certificate with CertMgr.exe:
CertMgr /add DriverCertificate.cer /s /r localMachine root
Enable Test Signing on the dev machine:
# Before you can load test-signed drivers, you must enable Windows test mode. To do this, run this command:
Bcdedit.exe -set TESTSIGNING ON
# Then, restart Windows. For more information, see The TESTSIGNING Boot Configuration Option.
Build driver:
cd driver
cargo build --release
Build also works on linux
Link and sign:
On a windows machine copy driver.lib from the project target directory (driver/target/x86_64-pc-windows-msvc/release/driver.lib) in the same folder as link-dev.ps1.
Run link-dev.ps1.
driver.sys should appear in the folder.
Sign the driver with the test certificate:
SignTool sign /v /s TestCertStoreName /n TestCertName driver.sys
Load and use the driver.