-
Notifications
You must be signed in to change notification settings - Fork 26
/
Copy pathtypes.go
319 lines (269 loc) · 7.05 KB
/
types.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
// Copyright (c) 2021 The Inet.Af AUTHORS. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package wf
import (
"golang.org/x/sys/windows"
)
//go:notinheap
type fwpmDisplayData0 struct {
Name *uint16
Description *uint16
}
type fwpmSession0Flags uint32
const fwpmSession0FlagDynamic = 1
//go:notinheap
type fwpmSession0 struct {
SessionKey windows.GUID
DisplayData fwpmDisplayData0
Flags fwpmSession0Flags
TxnWaitTimeoutMillis uint32
ProcessID uint32
SID *windows.SID
Username *uint16
KernelMode uint8
}
type authnService uint32
const (
authnServiceWinNT authnService = 0xa
authnServiceDefault authnService = 0xffffffff
)
//go:notinheap
type fwpmLayerEnumTemplate0 struct {
reserved uint64
}
//go:notinheap
type fwpmLayer0 struct {
LayerKey LayerID
DisplayData fwpmDisplayData0
Flags uint32
NumFields uint32
Fields *fwpmField0
DefaultSublayerKey SublayerID
LayerID uint16
}
type fwpmFieldType uint32
const (
fwpmFieldTypeRawData fwpmFieldType = iota // no special semantics
fwpmFieldTypeIPAddress // data is an IP address
fwpmFieldTypeFlags // data is a flag bitfield
)
type dataType uint32
const (
dataTypeEmpty dataType = 0
dataTypeUint8 dataType = 1
dataTypeUint16 dataType = 2
dataTypeUint32 dataType = 3
dataTypeUint64 dataType = 4
dataTypeByteArray16 dataType = 11
dataTypeByteBlob dataType = 12
dataTypeSID dataType = 13
dataTypeSecurityDescriptor dataType = 14
dataTypeTokenInformation dataType = 15
dataTypeTokenAccessInformation dataType = 16
dataTypeArray6 dataType = 18
dataTypeBitmapIndex dataType = 19
dataTypeV4AddrMask dataType = 256
dataTypeV6AddrMask dataType = 257
dataTypeRange dataType = 258
)
// Types not implemented, because WFP doesn't seem to use them.
// dataTypeInt8 dataType = 5
// dataTypeInt16 dataType = 6
// dataTypeInt32 dataType = 7
// dataTypeInt64 dataType = 8
// dataTypeFloat dataType = 9
// dataTypeDouble dataType = 10
// dataTypeUnicodeString dataType = 17
// dataTypeBitmapArray64 dataType = 20
//go:notinheap
type fwpmField0 struct {
FieldKey *FieldID
Type fwpmFieldType
DataType dataType
}
//go:notinheap
type fwpmSublayerEnumTemplate0 struct {
ProviderKey *windows.GUID
}
//go:notinheap
type fwpByteBlob struct {
Size uint32
Data *uint8
}
type fwpmSublayerFlags uint32
const fwpmSublayerFlagsPersistent fwpmSublayerFlags = 1
//go:notinheap
type fwpmSublayer0 struct {
SublayerKey SublayerID
DisplayData fwpmDisplayData0
Flags fwpmSublayerFlags
ProviderKey *windows.GUID
ProviderData fwpByteBlob
Weight uint16
}
type fwpmProviderFlags uint32
const (
fwpmProviderFlagsPersistent fwpmProviderFlags = 0x01
fwpmProviderFlagsDisabled fwpmProviderFlags = 0x10
)
//go:notinheap
type fwpmProvider0 struct {
ProviderKey ProviderID
DisplayData fwpmDisplayData0
Flags fwpmProviderFlags
ProviderData fwpByteBlob
ServiceName *uint16
}
//go:notinheap
type fwpValue0 struct {
Type dataType
Value uintptr // unioned value
}
type fwpmFilterFlags uint32
const (
fwpmFilterFlagsPersistent fwpmFilterFlags = 1 << iota
fwpmFilterFlagsBootTime
fwpmFilterFlagsHasProviderContext
fwpmFilterFlagsClearActionRight
fwpmFilterFlagsPermitIfCalloutUnregistered
fwpmFilterFlagsDisabled
fwpmFilterFlagsIndexed
)
//go:notinheap
type fwpmAction0 struct {
Type Action
GUID CalloutID
}
// fwpmFilter0 is the Go representation of FWPM_FILTER0,
// which stores the state associated with a filter.
// See https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ns-fwpmtypes-fwpm_filter0
//go:notinheap
type fwpmFilter0 struct {
FilterKey RuleID
DisplayData fwpmDisplayData0
Flags fwpmFilterFlags
ProviderKey *windows.GUID
ProviderData fwpByteBlob
LayerKey LayerID
SublayerKey SublayerID
Weight fwpValue0
NumFilterConditions uint32
FilterConditions *fwpmFilterCondition0
Action fwpmAction0
// Only one of RawContext/ProviderContextKey must be set.
RawContext uint64
ProviderContextKey windows.GUID
Reserved *windows.GUID
FilterID uint64
EffectiveWeight fwpValue0
}
//go:notinheap
type fwpConditionValue0 struct {
Type dataType
Value uintptr
}
//go:notinheap
type fwpmFilterCondition0 struct {
FieldKey FieldID
MatchType MatchType
Value fwpConditionValue0
}
//go:notinheap
type fwpV4AddrAndMask struct {
Addr, Mask uint32
}
//go:notinheap
type fwpV6AddrAndMask struct {
Addr [16]byte
PrefixLength uint8
}
//go:notinheap
type fwpmProviderContextEnumTemplate0 struct {
ProviderKey *ProviderID
ProviderContextType uint32
}
//go:notinheap
type fwpmFilterEnumTemplate0 struct {
ProviderKey *ProviderID
LayerKey windows.GUID
EnumType filterEnumType
Flags filterEnumFlags
ProviderContextTemplate *fwpmProviderContextEnumTemplate0 // TODO: wtf?
NumConditions uint32
Conditions *fwpmFilterCondition0
ActionMask uint32
CalloutKey *windows.GUID
}
//go:notinheap
type fwpRange0 struct {
From, To fwpValue0
}
type filterEnumType uint32
const (
filterEnumTypeFullyContained filterEnumType = iota
filterEnumTypeOverlapping
)
type filterEnumFlags uint32
const (
filterEnumFlagsBestTerminatingMatch filterEnumFlags = iota + 1
filterEnumFlagsSorted
filterEnumFlagsBootTimeOnly
filterEnumFlagsIncludeBootTime
filterEnumFlagsIncludeDisabled
)
type fwpIPVersion uint32
const (
fwpIPVersion4 fwpIPVersion = 0
fwpIPVersion6 fwpIPVersion = 1
)
//go:notinheap
type fwpmNetEventHeader1 struct {
Timestamp windows.Filetime
Flags uint32 // enum
IPVersion fwpIPVersion // enum
IPProtocol uint8
_ [3]byte
LocalAddr [16]byte
RemoteAddr [16]byte
LocalPort uint16
RemotePort uint16
ScopeID uint32
AppID fwpByteBlob
UserID *windows.SID
// Random reserved fields for an aborted attempt at including
// Ethernet frame information. Not used, but we have to pad out
// the struct appropriately.
_ struct {
reserved1 uint32
unused2 struct {
reserved2 [6]byte
reserved3 [6]byte
reserved4 uint32
reserved5 uint32
reserved6 uint16
reserved7 uint32
reserved8 uint32
reserved9 uint16
reserved10 uint64
}
}
}
//go:notinheap
type fwpmNetEventClassifyDrop1 struct {
FilterID uint64
LayerID uint16
ReauthReason uint32
OriginalProfile uint32
CurrentProfile uint32
Direction uint32
Loopback uint32
}
type fwpmNetEventType uint32
const fwpmNetEventClassifyDrop = 3
//go:notinheap
type fwpmNetEvent1 struct {
Header fwpmNetEventHeader1
Type fwpmNetEventType
Drop *fwpmNetEventClassifyDrop1
}