-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathNethelperAPI.pas
More file actions
390 lines (330 loc) · 17.5 KB
/
NethelperAPI.pas
File metadata and controls
390 lines (330 loc) · 17.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
unit NethelperAPI;
interface
const
//nfapi_module = 'nethelper.dll';
{ NF_STATUS }
NF_STATUS_SUCCESS = 0;
NF_STATUS_FAIL = -1;
NF_STATUS_INVALID_ENDPOINT_ID = -2;
NF_STATUS_NOT_INITIALIZED = -3;
NF_STATUS_IO_ERROR = -4;
{ NF_DIRECTION }
NF_D_IN = 1; // Incoming TCP connection or UDP packet
NF_D_OUT = 2; // Outgoing TCP connection or UDP packet
NF_D_BOTH = 3; // Any direction
{ NF_FILTERING_FLAG }
NF_ALLOW = 0; // Allow the activity without filtering transmitted packets
NF_BLOCK = 1; // Block the activity
NF_FILTER = 2; // Filter the transmitted packets
NF_SUSPENDED = 4; // Suspend receives from server and sends from client
NF_OFFLINE = 8; // Emulate establishing a TCP connection with remote server
NF_INDICATE_CONNECT_REQUESTS = 16; // Indicate outgoing connect requests to API
NF_DISABLE_REDIRECT_PROTECTION = 32; // Disable blocking indicating connect requests for outgoing connections of local proxies
NF_PEND_CONNECT_REQUEST = 64; // Pend outgoing connect request to complete it later using nf_complete(TCP|UDP)ConnectRequest
NF_FILTER_AS_IP_PACKETS = 128; // Indicate the traffic as IP packets via ipSend/ipReceive
NF_READONLY = 256; // Don't block the IP packets and indicate them to ipSend/ipReceive only for monitoring
NF_CONTROL_FLOW = 512; // Use the flow limit rules even without NF_FILTER flag
NF_REDIRECT = 1024; // Redirect the outgoing TCP connections to address specified in redirectTo
NF_BYPASS_IP_PACKETS = 2048; // Bypass the traffic as IP packets, when used with NF_FILTER_AS_IP_PACKETS flag
{ NF_FLAGS }
NFF_NONE = 0;
NFF_DONT_DISABLE_TEREDO = 1;
NFF_DONT_DISABLE_TCP_OFFLOADING = 2;
NFF_DISABLE_AUTO_REGISTER = 4;
NFF_DISABLE_AUTO_START = 8;
NF_MAX_ADDRESS_LENGTH = 28;
NF_MAX_IP_ADDRESS_LENGTH = 16;
AF_INET = 2; // internetwork: UDP, TCP, etc.
AF_INET6 = 23; // Internetwork Version 6
IPPROTO_TCP = 6; // TCP
IPPROTO_UDP = 17; // UDP
IPPROTO_ICMP = 1; // ICMP
{ NF_IP_FLAG }
NFIF_NONE = 0; // No flags
NFIF_READONLY = 1; // The packet was not blocked and indicated only for monitoring in read-only mode
// (see NF_READ_ONLY flags from NF_FILTERING_FLAG).
// Flags for NF_UDP_OPTIONS.flags
TDI_RECEIVE_BROADCAST = $00000004; // received TSDU was broadcast.
TDI_RECEIVE_MULTICAST = $00000008; // received TSDU was multicast.
TDI_RECEIVE_PARTIAL = $00000010; // received TSDU is not fully presented.
TDI_RECEIVE_NORMAL = $00000020; // received TSDU is normal data
TDI_RECEIVE_EXPEDITED = $00000040; // received TSDU is expedited data
TDI_RECEIVE_PEEK = $00000080; // received TSDU is not released
TDI_RECEIVE_NO_RESPONSE_EXP = $00000100; // HINT: no back-traffic expected
TDI_RECEIVE_COPY_LOOKAHEAD = $00000200; // for kernel-mode indications
TDI_RECEIVE_ENTIRE_MESSAGE = $00000400; // opposite of RECEIVE_PARTIAL
// (for kernel-mode indications)
TDI_RECEIVE_AT_DISPATCH_LEVEL = $00000800; // receive indication called
// at dispatch level
TDI_RECEIVE_CONTROL_INFO = $00001000; // Control info is being passed up.
TDI_RECEIVE_FORCE_INDICATION = $00002000; // reindicate rejected data.
TDI_RECEIVE_NO_PUSH = $00004000; // complete only when full.
// Driver types
DT_UNKNOWN = 0;
DT_TDI = 1;
DT_WFP = 2;
type
ENDPOINT_ID = Int64;
NF_RULE = packed record
protocol : integer; // IPPROTO_TCP or IPPROTO_UDP
processId : Longword; // Process identifier
direction : byte; // See NF_DIRECTION
localPort : word; // Local port
remotePort : word; // Remote port
ip_family : word; // AF_INET for IPv4 and AF_INET6 for IPv6
// Local IP (or network if localIpAddressMask is not zero)
localIpAddress : array [0..NF_MAX_IP_ADDRESS_LENGTH-1] of byte;
// Local IP mask
localIpAddressMask : array [0..NF_MAX_IP_ADDRESS_LENGTH-1] of byte;
// Remote IP (or network if remoteIpAddressMask is not zero)
remoteIpAddress : array [0..NF_MAX_IP_ADDRESS_LENGTH-1] of byte;
// Remote IP mask
remoteIpAddressMask : array [0..NF_MAX_IP_ADDRESS_LENGTH-1] of byte;
filteringFlag : Longword; // See NF_FILTERING_FLAG
end;
NF_PORT_RANGE = packed record
valueLow : word;
valueHigh : word;
end;
NF_RULE_EX = packed record
protocol : integer; // IPPROTO_TCP or IPPROTO_UDP
processId : Longword; // Process identifier
direction : byte; // See NF_DIRECTION
localPort : word; // Local port
remotePort : word; // Remote port
ip_family : word; // AF_INET for IPv4 and AF_INET6 for IPv6
// Local IP (or network if localIpAddressMask is not zero)
localIpAddress : array [0..NF_MAX_IP_ADDRESS_LENGTH-1] of byte;
// Local IP mask
localIpAddressMask : array [0..NF_MAX_IP_ADDRESS_LENGTH-1] of byte;
// Remote IP (or network if remoteIpAddressMask is not zero)
remoteIpAddress : array [0..NF_MAX_IP_ADDRESS_LENGTH-1] of byte;
// Remote IP mask
remoteIpAddressMask : array [0..NF_MAX_IP_ADDRESS_LENGTH-1] of byte;
filteringFlag : Longword; // See NF_FILTERING_FLAG
// Tail part of the process path
processName : array [0..259] of WideChar;
localPortRange : NF_PORT_RANGE;
remotePortRange : NF_PORT_RANGE;
// Remote address for redirection as sockaddr_in for IPv4 and sockaddr_in6 for IPv6
redirectTo : array [0..NF_MAX_ADDRESS_LENGTH-1] of byte;
// Process identifier of a local proxy
localProxyProcessId : Longword;
end;
NF_TCP_CONN_INFO = packed record
filteringFlag : Longword; // See NF_FILTERING_FLAG
processId : Longword; // Process identifier
direction : byte; // See NF_DIRECTION
ip_family : word; // AF_INET for IPv4 and AF_INET6 for IPv6
// Local address as sockaddr_in for IPv4 and sockaddr_in6 for IPv6
localAddress : array [0..NF_MAX_ADDRESS_LENGTH-1] of byte;
// Remote address as sockaddr_in for IPv4 and sockaddr_in6 for IPv6
remoteAddress : array [0..NF_MAX_ADDRESS_LENGTH-1] of byte;
end;
NF_UDP_CONN_INFO = packed record
processId : Longword; // Process identifier
ip_family : word; // AF_INET for IPv4 and AF_INET6 for IPv6
// Local address as sockaddr_in for IPv4 and sockaddr_in6 for IPv6
localAddress : array [0..NF_MAX_ADDRESS_LENGTH-1] of byte;
end;
NF_UDP_OPTIONS = packed record
flags : Longword; // UDP flags
optionsLength : Longword; // Length of options
options : byte; // Array of optionsLength size
end;
NF_UDP_CONN_REQUEST = packed record
filteringFlag : Longword; // See NF_FILTERING_FLAG
processId : Longword; // Process identifier
ip_family : word; // AF_INET for IPv4 and AF_INET6 for IPv6
// Local address as sockaddr_in for IPv4 and sockaddr_in6 for IPv6
localAddress : array [0..NF_MAX_ADDRESS_LENGTH-1] of byte;
// Remote address as sockaddr_in for IPv4 and sockaddr_in6 for IPv6
remoteAddress : array [0..NF_MAX_ADDRESS_LENGTH-1] of byte;
end;
NF_IP_PACKET_OPTIONS = packed record
ip_family : word; // AF_INET for IPv4 and AF_INET6 for IPv6
ipHeaderSize : Longword; // Size in bytes of IP header
compartmentId : Longword; // Network routing compartment identifier (can be zero)
interfaceIndex : Longword; // Index of the interface on which the original packet data was received (irrelevant to outgoing packets)
subInterfaceIndex : Longword; // Index of the subinterface on which the original packet data was received (irrelevant to outgoing packets)
flags : Longword; // Can be a combination of flags from NF_IP_FLAG
end;
NF_FLOWCTL_DATA = packed record
inLimit : Int64;
outLimit : Int64;
end;
NF_FLOWCTL_MODIFY_DATA = packed record
fcHandle : Longword;
data : NF_FLOWCTL_DATA;
end;
NF_FLOWCTL_STAT = packed record
inBytes : Int64;
outBytes : Int64;
end;
NF_FLOWCTL_SET_DATA = packed record
endpointId : ENDPOINT_ID;
fcHandle : Longword;
end;
NF_BINDING_RULE = packed record
protocol : Longword; // IPPROTO_TCP or IPPROTO_UDP
processId : Longword; // Process identifier
// Tail part of the process path
processName : array [0..260] of WideChar;
// Local port
localPort : word;
// AF_INET for IPv4 and AF_INET6 for IPv6
ip_family : word;
// Local IP (or network if localIpAddressMask is not zero)
localIpAddress : array [0..NF_MAX_IP_ADDRESS_LENGTH-1] of byte;
// Local IP mask
localIpAddressMask : array [0..NF_MAX_IP_ADDRESS_LENGTH-1] of byte;
// Redirect bind request to this IP
newLocalIpAddress : array [0..NF_MAX_IP_ADDRESS_LENGTH-1] of byte;
// Redirect bind request to this port, if it is not zero
newLocalPort : word;
// See NF_FILTERING_FLAG, NF_ALLOW to bypass or NF_FILTER to redirect
filteringFlag : Longword;
end;
NF_EventHandler = packed record
threadStart : procedure(); cdecl;
threadEnd : procedure(); cdecl;
tcpConnectRequest : procedure(id : ENDPOINT_ID; var pConnInfo : NF_TCP_CONN_INFO); cdecl;
tcpConnected : procedure(id : ENDPOINT_ID; var pConnInfo : NF_TCP_CONN_INFO); cdecl;
tcpClosed : procedure(id : ENDPOINT_ID; var pConnInfo : NF_TCP_CONN_INFO); cdecl;
tcpReceive : procedure(id : ENDPOINT_ID; buf : PAnsiChar; len : integer); cdecl;
tcpSend : procedure(id : ENDPOINT_ID; buf : PAnsiChar; len : integer); cdecl;
tcpCanReceive : procedure(id : ENDPOINT_ID); cdecl;
tcpCanSend : procedure(id : ENDPOINT_ID); cdecl;
udpCreated : procedure(id : ENDPOINT_ID; var pConnInfo : NF_UDP_CONN_INFO); cdecl;
udpConnectRequest : procedure(id : ENDPOINT_ID; var pConnReq : NF_UDP_CONN_REQUEST); cdecl;
udpClosed : procedure(id : ENDPOINT_ID; var pConnInfo : NF_UDP_CONN_INFO); cdecl;
udpReceive : procedure(id : ENDPOINT_ID; remoteAddress : PAnsiChar; buf : PAnsiChar; len : integer; options : pointer); cdecl;
udpSend : procedure(id : ENDPOINT_ID; remoteAddress : PAnsiChar; buf : PAnsiChar; len : integer; options : pointer); cdecl;
udpCanReceive : procedure(id : ENDPOINT_ID); cdecl;
udpCanSend : procedure(id : ENDPOINT_ID); cdecl;
end;
NF_IPEventHandler = packed record
ipReceive : procedure(buf : PAnsiChar; len : integer; var options : NF_IP_PACKET_OPTIONS); cdecl;
ipSend : procedure(buf : PAnsiChar; len : integer; var options : NF_IP_PACKET_OPTIONS); cdecl;
end;
// function nf_init(driverName : PAnsiChar; var pHandler : NF_EventHandler) : integer; cdecl; external nfapi_module;
// procedure nf_free(); cdecl; external nfapi_module;
//
// function nf_registerDriver(driverName : PAnsiChar): integer; cdecl; external nfapi_module;
// function nf_registerDriverEx(driverName : PAnsiChar; driverPath : PAnsiChar): integer; cdecl; external nfapi_module;
// function nf_unRegisterDriver(driverName : PAnsiChar): integer; cdecl; external nfapi_module;
//
// function nf_tcpSetConnectionState(id : ENDPOINT_ID; suspended : integer): integer; cdecl; external nfapi_module;
// function nf_tcpPostSend(id : ENDPOINT_ID; buf : PAnsiChar; len : Longword): integer; cdecl; external nfapi_module;
// function nf_tcpPostReceive(id : ENDPOINT_ID; buf : PAnsiChar; len : Longword): integer; cdecl; external nfapi_module;
// function nf_tcpClose(id : ENDPOINT_ID): integer; cdecl; external nfapi_module;
//
// function nf_udpSetConnectionState(id : ENDPOINT_ID; suspended : integer): integer; cdecl; external nfapi_module;
// function nf_udpPostSend(id : ENDPOINT_ID; remoteAddress : PAnsiChar; buf : PAnsiChar; len : Longword; options : pointer): integer; cdecl; external nfapi_module;
// function nf_udpPostReceive(id : ENDPOINT_ID; remoteAddress : PAnsiChar; buf : PAnsiChar; len : Longword; options : pointer): integer; cdecl; external nfapi_module;
//
// function nf_ipPostSend(buf : PAnsiChar; len : Longword; var options : NF_IP_PACKET_OPTIONS): integer; cdecl; external nfapi_module;
// function nf_ipPostReceive(buf : PAnsiChar; len : Longword; var options : NF_IP_PACKET_OPTIONS): integer; cdecl; external nfapi_module;
//
// function nf_addRule(var rule : NF_RULE; toHead : integer): integer; cdecl; external nfapi_module;
// function nf_deleteRules(): integer; cdecl; external nfapi_module;
// function nf_setRules(rules : pointer; count : integer): integer; cdecl; external nfapi_module;
//
// function nf_addRuleEx(var rule : NF_RULE_EX; toHead : integer): integer; cdecl; external nfapi_module;
// function nf_setRulesEx(rules : pointer; count : integer): integer; cdecl; external nfapi_module;
//
// function nf_setTCPTimeout(timeout : Longword): integer; cdecl; external nfapi_module;
//
// function nf_tcpDisableFiltering(id : ENDPOINT_ID): integer; cdecl; external nfapi_module;
// function nf_udpDisableFiltering(id : ENDPOINT_ID): integer; cdecl; external nfapi_module;
//
// function nf_tcpSetSockOpt(id : ENDPOINT_ID; optname : integer; optval : pointer; optlen : integer): integer; cdecl; external nfapi_module;
//
// procedure nf_setIPEventHandler(var pHandler : NF_IPEventHandler); cdecl; external nfapi_module;
//
// // Helper routines
//
// // Allow access from current process to the processes of other users
// procedure nf_adjustProcessPriviledges(); cdecl; external nfapi_module;
//
// // Returns the full name of a process with given processId (Ansi version)
// function nf_getProcessNameA(processId : Longword; buf : PAnsiChar; len : integer) : boolean; cdecl; external nfapi_module;
//
// // Returns the full name of a process with given processId (Unicode version)
// function nf_getProcessNameW(processId : Longword; buf : PWideChar; len : integer) : boolean; cdecl; external nfapi_module;
//
// // Returns the full name of a process with given processId (Unicode version).
// // Doesn't require administrative privileges.
// function nf_getProcessNameFromKernel(processId : Longword; buf : PWideChar; len : integer) : boolean; cdecl; external nfapi_module;
//
// // Returns TRUE if the specified process acts as a local proxy, accepting the redirected TCP connections.
// function nf_tcpIsProxy(processId : Longword) : integer; cdecl; external nfapi_module;
//
// {
// * Set the number of worker threads and initialization flags.
// * The function should be called before nf_init.
// * By default nThreads = 1 and flags = 0
// * @param nThreads Number of worker threads for NF_EventHandler events
// * @param flags A combination of flags from <tt>NF_FLAGS</tt>
// }
// procedure nf_setOptions(nThreads : Longword; flags : Longword); cdecl; external nfapi_module;
//
// { Complete TCP connect request pended using flag NF_PEND_CONNECT_REQUEST. }
// function nf_completeTCPConnectRequest(id : ENDPOINT_ID; var pConnInfo : NF_TCP_CONN_INFO): integer; cdecl; external nfapi_module;
//
// { Complete UDP connect request pended using flag NF_PEND_CONNECT_REQUEST. }
// function nf_completeUDPConnectRequest(id : ENDPOINT_ID; var pConnInfo : NF_UDP_CONN_REQUEST): integer; cdecl; external nfapi_module;
//
// { Returns in pConnInfo the properties of TCP connection with specified id. }
// function nf_getTCPConnInfo(id : ENDPOINT_ID; var pConnInfo : NF_TCP_CONN_INFO): integer; cdecl; external nfapi_module;
//
// { Returns in pConnInfo the properties of UDP socket with specified id. }
// function nf_getUDPConnInfo(id : ENDPOINT_ID; var pConnInfo : NF_UDP_CONN_INFO): integer; cdecl; external nfapi_module;
//
//
// { Add flow control context }
// function nf_addFlowCtl(var pData : NF_FLOWCTL_DATA; var pFcHandle : Longword): integer; cdecl; external nfapi_module;
//
// { Delete flow control context }
// function nf_deleteFlowCtl(fcHandle : Longword): integer; cdecl; external nfapi_module;
//
// { Associate flow control context with TCP connection }
// function nf_setTCPFlowCtl(id : ENDPOINT_ID; fcHandle : Longword): integer; cdecl; external nfapi_module;
//
// { Associate flow control context with UDP socket }
// function nf_setUDPFlowCtl(id : ENDPOINT_ID; fcHandle : Longword): integer; cdecl; external nfapi_module;
//
// { Modify flow control context limits }
// function nf_modifyFlowCtl(fcHandle : Longword; var pData : NF_FLOWCTL_DATA): integer; cdecl; external nfapi_module;
//
// { Get flow control context statistics as the numbers of in/out bytes }
// function nf_getFlowCtlStat(fcHandle : Longword; var pStat : NF_FLOWCTL_STAT): integer; cdecl; external nfapi_module;
//
// {
// Get TCP connection statistics as the numbers of in/out bytes.
// The function can be called only from tcpClosed handler!
// }
// function nf_getTCPStat(id : ENDPOINT_ID; var pStat : NF_FLOWCTL_STAT): integer; cdecl; external nfapi_module;
//
// {
// Get UDP socket statistics as the numbers of in/out bytes.
// The function can be called only from udpClosed handler!
// }
// function nf_getUDPStat(id : ENDPOINT_ID; var pStat : NF_FLOWCTL_STAT): integer; cdecl; external nfapi_module;
//
// {
// Add binding rule to driver
// }
// function nf_addBindingRule(var pRule : NF_BINDING_RULE; toHead : integer) : integer; cdecl; external nfapi_module;
//
// {
// Delete all binding rules from driver
// }
// function nf_deleteBindingRules : integer; cdecl; external nfapi_module;
//
// {
// Returns the type of attached driver (DT_WFP, DT_TDI or DT_UNKNOWN)
// }
// function nf_getDriverType : integer; cdecl; external nfapi_module;
implementation
end.