public void ComplexFiltersTests() { Assert.AreEqual("inbound and ((tcp.SrcPort == 80) or (tcp.SrcPort == 443))", DivertFilterStringBuilder.MakeFilter(x => x.Inbound && ((x.Tcp.SrcPort == 80) || x.Tcp.SrcPort == 443))); //maybe optimize ()? Assert.AreEqual("inbound and (((tcp.SrcPort == 80) or (tcp.SrcPort == 443)) or (tcp.SrcPort == 81))", DivertFilterStringBuilder.MakeFilter(x => x.Inbound && ((x.Tcp.SrcPort == 80) || x.Tcp.SrcPort == 443 || x.Tcp.SrcPort == 81))); }
private static WinDivertHandle OpenHandle(byte[] ruleBuffer, FilterDefinition filter, WinDivertLayer layer, short priority, WinDivertFlag flags) { LibraryMode mode = GetSafeLibraryMode(); if (filter._stringValue != null) { int count = Encoding.ASCII.GetBytes(filter._stringValue, 0, filter._stringValue.Length, ruleBuffer, 0); } else { DivertFilterStringBuilder.WriteFilter(ruleBuffer, filter._filterExpression); } switch (mode) { case LibraryMode.Standard: //var rule=DivertFilterStringBuilder.MakeFilter(filter); //IntPtr rawHandle = Interop.NativeMethods.WinDivert.WinDivertOpen(rule, layer,priority,flags); IntPtr rawHandle = Interop.NativeMethods.WinDivert.WinDivertOpen(ruleBuffer, layer, priority, flags); WinDivertLibHandle wh = rawHandle; if (wh.IsInvalid) { var error = NativeMethods.Kernel32.GetLastError(); switch (error) { case 2: throw new Exception("Driver WinDivert32.sys or WinDivert64.sys is not found"); case 5: throw new UnauthorizedAccessException("Need Admin"); case 87: throw new ArgumentException("filter expression is invalid", nameof(filter)); case 577: throw new UnauthorizedAccessException("Driver signature verification failed"); case 654: throw new InvalidOperationException("An incompatible version of the WinDivert driver is currently loaded"); case 1060: throw new InvalidOperationException("The handle was opened with the WINDIVERT_FLAG_NO_INSTALL flag and the WinDivert driver is not already installed."); case 1275: throw new UnauthorizedAccessException("Driver is blocked by other software"); case 1753: throw new InvalidOperationException("Base Filtering Engine service has been disabled"); } } return(wh); case LibraryMode.ManagedOnly: default: throw new InvalidOperationException(); } }
public void SimpleFiltersTest() { Assert.AreEqual("inbound", DivertFilterStringBuilder.MakeFilter(x => x.Inbound)); Assert.AreEqual("outbound", DivertFilterStringBuilder.MakeFilter(x => x.Outbound)); Assert.AreEqual("tcp", DivertFilterStringBuilder.MakeFilter(x => x.IsTcp)); Assert.AreEqual("udp", DivertFilterStringBuilder.MakeFilter(x => x.IsUdp)); Assert.AreEqual("tcp.SrcPort == 80", DivertFilterStringBuilder.MakeFilter(x => (x.Tcp.SrcPort == 80))); Assert.AreEqual("not tcp", DivertFilterStringBuilder.MakeFilter(x => !x.IsTcp)); }
public void FiltersWithConstantsTest() { IPAddress ip = IPAddress.Parse("8.8.8.8"); Assert.AreEqual("(inbound and (ip.SrcAddr == 8.8.8.8)) or (outbound and (ip.DstAddr == 8.8.8.8))", DivertFilterStringBuilder.MakeFilter(x => (x.Inbound && (x.Ip.SrcAddr == IPAddress.Parse("8.8.8.8"))) || (x.Outbound && (x.Ip.DstAddr == IPAddress.Parse("8.8.8.8"))))); Assert.AreEqual("(inbound and (ip.SrcAddr == 8.8.8.8)) or (outbound and (ip.DstAddr == 8.8.8.8))", DivertFilterStringBuilder.MakeFilter(x => (x.Inbound && (x.Ip.SrcAddr == ip)) || (x.Outbound && (x.Ip.DstAddr == ip)))); }