/Divert

WinDivert: Windows Packet Divert

Primary LanguageCOtherNOASSERTION

WinDivert 1.4: Windows Packet Divert
====================================

1. Introduction
---------------

Windows Packet Divert (WinDivert) is a user-mode packet capture-and-divert
package for Windows Vista, Windows 2008, Windows 7, Windows 8 and Windows 10.

WinDivert allows user-mode programs to capture/modify/drop network packets
sent to/from the Windows network stack.
In summary, WinDivert can
    - capture network packets
    - filter/drop network packets
    - sniff network packets
    - (re)inject network packets
    - modify network packets
WinDivert can be used to implement user-mode packet filters, packet sniffers,
firewalls, NAT, VPNs, tunneling applications, etc., etc..

The features of WinDivert include:
    - packet interception, sniffing, or dropping modes
    - support for loopback (localhost) traffic
    - full IPv6 support
    - network layer
    - simple yet powerful API
    - high-level filtering language
    - filter priorities
    - freely available under the terms of the GNU Lesser General Public
      License (LGPL)

For more information about WinDivert, see doc/windivert.html

2. Similar Packages
-------------------

WinDivert is similar to divert sockets in FreeBSD/MacOS, NETLINK sockets in
Linux, and some commercial packet capturing packages such as WinPkFilter for
Windows.  The design of WinDivert is largely influenced by FreeBSD's divert
sockets.

WinDivert in packet-sniffing mode is similar to Winpcap.  Unlike Winpcap,
WinDivert fully supports capturing loopback traffic.   Furthermore, WinDivert
supports packet interception, which is not supported in Winpcap.

3. Architecture
---------------

The basic architecture of WinDivert is as follows:

                              +-----------------+
                              |                 |
                     +------->|    PROGRAM      |--------+
                     |        | (WinDivert.dll) |        |
                     |        +-----------------+        |
                     |                                   | (3) re-injected
                     | (2a) matching packet              |     packet
                     |                                   |
                     |                                   |
 [user mode]         |                                   |
 ....................|...................................|...................
 [kernel mode]       |                                   |
                     |                                   |
                     |                                   |
              +---------------+                          +----------------->
  (1) packet  |               | (2b) non-matching packet
 ------------>| WinDivert.sys |-------------------------------------------->
              |               |
              +---------------+

The WinDivert.sys driver is inserted below the Windows network stack.  The
following then happens

(1) a new packet enters the network stack and is intercepted by WinDivert.sys
(2a) if the packet matches a PROGRAM-defined filter, it is diverted.  The
    PROGRAM reads the packet with a call to the WinDivertRecv() function.
(2b) if the packet does not match the filter, the packet is permitted to
    continue as normal.
(3) PROGRAM either drops, modifies, or re-injects the packet.  If the
    (modified) packet is re-injected, via a call to WinDivertSend(), it is
    inserted back into the Windows network stack.

4. Building
-----------

(1) In a WinDDK build environment, run the command:

    wddk-build.bat

(2) [OPTIONAL Visual Studio 2012 support] In a VS2012 command prompt, run the
    command:

    msvc-build.bat

(3) [OPTIONAL MinGW support] In Linux with MinGW a cross-compiler, run the
    command:

    sh mingw-build.sh

For more detailed build instructions, see doc\windivert.html

5. License
----------

This package is distributed under the GNU Lesser General Public License
(LGPL) Version 3.  See LICENSE for more information.

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Lesser General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU Lesser General Public License for more details.

You should have received a copy of the GNU Lesser General Public License
along with this program.  If not, see <http://www.gnu.org/licenses/>

6. About
--------

WinDivert was written by basil.

For further information, or bug reports, please contact

    basil AT reqrypt DOT org

The homepage for WinDivert is

    https://reqrypt.org/windivert.html

The source code for WinDivert is hosted by GitHub at

    https://github.com/basil00/Divert