WinDivert 1.4: Windows Packet Divert ==================================== 1. Introduction --------------- Windows Packet Divert (WinDivert) is a user-mode packet capture-and-divert package for Windows Vista, Windows 2008, Windows 7, Windows 8 and Windows 10. WinDivert allows user-mode programs to capture/modify/drop network packets sent to/from the Windows network stack. In summary, WinDivert can - capture network packets - filter/drop network packets - sniff network packets - (re)inject network packets - modify network packets WinDivert can be used to implement user-mode packet filters, packet sniffers, firewalls, NAT, VPNs, tunneling applications, etc., etc.. The features of WinDivert include: - packet interception, sniffing, or dropping modes - support for loopback (localhost) traffic - full IPv6 support - network layer - simple yet powerful API - high-level filtering language - filter priorities - freely available under the terms of the GNU Lesser General Public License (LGPL) For more information about WinDivert, see doc/windivert.html 2. Similar Packages ------------------- WinDivert is similar to divert sockets in FreeBSD/MacOS, NETLINK sockets in Linux, and some commercial packet capturing packages such as WinPkFilter for Windows. The design of WinDivert is largely influenced by FreeBSD's divert sockets. WinDivert in packet-sniffing mode is similar to Winpcap. Unlike Winpcap, WinDivert fully supports capturing loopback traffic. Furthermore, WinDivert supports packet interception, which is not supported in Winpcap. 3. Architecture --------------- The basic architecture of WinDivert is as follows: +-----------------+ | | +------->| PROGRAM |--------+ | | (WinDivert.dll) | | | +-----------------+ | | | (3) re-injected | (2a) matching packet | packet | | | | [user mode] | | ....................|...................................|................... [kernel mode] | | | | | | +---------------+ +-----------------> (1) packet | | (2b) non-matching packet ------------>| WinDivert.sys |--------------------------------------------> | | +---------------+ The WinDivert.sys driver is inserted below the Windows network stack. The following then happens (1) a new packet enters the network stack and is intercepted by WinDivert.sys (2a) if the packet matches a PROGRAM-defined filter, it is diverted. The PROGRAM reads the packet with a call to the WinDivertRecv() function. (2b) if the packet does not match the filter, the packet is permitted to continue as normal. (3) PROGRAM either drops, modifies, or re-injects the packet. If the (modified) packet is re-injected, via a call to WinDivertSend(), it is inserted back into the Windows network stack. 4. Building ----------- (1) In a WinDDK build environment, run the command: wddk-build.bat (2) [OPTIONAL Visual Studio 2012 support] In a VS2012 command prompt, run the command: msvc-build.bat (3) [OPTIONAL MinGW support] In Linux with MinGW a cross-compiler, run the command: sh mingw-build.sh For more detailed build instructions, see doc\windivert.html 5. License ---------- This package is distributed under the GNU Lesser General Public License (LGPL) Version 3. See LICENSE for more information. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this program. If not, see <http://www.gnu.org/licenses/> 6. About -------- WinDivert was written by basil. For further information, or bug reports, please contact basil AT reqrypt DOT org The homepage for WinDivert is https://reqrypt.org/windivert.html The source code for WinDivert is hosted by GitHub at https://github.com/basil00/Divert