Rust crate for interacting with the Windows Packet Filter driver.

Related tags

Command-line windows rust filter packet
Overview

NDISAPI-RS

Crates.io Documentation License

NDISAPI-RS is a Rust crate for interacting with the Windows Packet Filter driver. It provides an easy-to-use, safe, and efficient interface to efficiently filter (inspect and modify) raw network packets at the NDIS level of the network stack with minimal impact on network activity.

Windows Packet Filter (WinpkFilter) is a high-performance, lightweight packet filtering framework for Windows, enabling developers to efficiently inspect, modify, and control raw network packets at the NDIS level. With user-friendly APIs and support for various Windows versions, WinpkFilter simplifies network packet manipulation without requiring kernel-mode programming expertise.

Features

  • Enumerate network adapters
  • Query and set network adapter properties
  • Capture and analyze packets
  • Filter and modify packets
  • Send raw packets

Dependencies

Installation

Add the following to your Cargo.toml file:

[dependencies]
ndisapi-rs = "0.4.6"

Usage

Here's an example of how to enumerate network adapters and print their information:

use ndisapi_rs::{MacAddress, Ndisapi};

fn main() {
    let ndis = Ndisapi::new("NDISRD").expect("Failed to create NdisApi instance");

    let adapters = ndis
        .get_tcpip_bound_adapters_info()
        .expect("Failed to enumerate adapters");

    for adapter in adapters {
        println!("Adapter: {:?}", adapter.get_name());
        println!(
            "Description: {:?}",
            Ndisapi::get_friendly_adapter_name(adapter.get_name()).unwrap_or("Unknown".to_string())
        );
        println!(
            "MAC Address: {:?}",
            MacAddress::from_slice(adapter.get_hw_address()).unwrap_or_default()
        );
        println!("-------------------------------");
    }
}

For more examples and in-depth usage, check out the documentation.

Demo

Here is an example of how to run the listadapters example:

PS D:\firezone\ndisapi> cargo run --example listadapters
   Compiling ndisapi-rs v0.4.5 (D:\firezone\ndisapi)
    Finished dev [unoptimized + debuginfo] target(s) in 3.22s
     Running `target\debug\examples\listadapters.exe`
Detected Windows Packet Filter version 3.4.3
1. Local Area Connection* 10
        \DEVICE\{EDEE8C42-F604-4A7B-BFAA-6B110923217E}
         Medium: 0
         MAC: 9A:47:3D:60:26:9D
         MTU: 1500
         FilterFlags: FilterFlags(0x0)
Getting OID_GEN_CURRENT_PACKET_FILTER Error: Data error (cyclic redundancy check).
         OID_802_3_CURRENT_ADDRESS: 9A:47:3D:60:26:9D
2. vEthernet (Default Switch)
        \DEVICE\{6FE04972-B2B5-4F5C-97E6-B8518A017192}
         Medium: 0
         MAC: 00:15:5D:91:A3:15
         MTU: 1500
         FilterFlags: FilterFlags(0x0)
         OID_GEN_CURRENT_PACKET_FILTER: 0x0000000B
         OID_802_3_CURRENT_ADDRESS: 00:15:5D:91:A3:15
...

12. vEthernet (WLAN Virtual Switch)
        \DEVICE\{05F9267C-C548-4822-8535-9A57F1A99DB7}
         Medium: 0
         MAC: 18:47:3D:60:26:9D
         MTU: 1500
         FilterFlags: FilterFlags(0x0)
         OID_GEN_CURRENT_PACKET_FILTER: 0x0000000B
         OID_802_3_CURRENT_ADDRESS: 18:47:3D:60:26:9D

Following is the demonstration of the async-packthru example. For this scenario, we will assume that vEthernet (WLAN Virtual Switch) is the default internet connection

PS D:\firezone\ndisapi> cargo run --example async-packthru -- --interface-index 12
    Finished dev [unoptimized + debuginfo] target(s) in 0.11s
     Running `target\debug\examples\async-packthru.exe --interface-index 12`
Detected Windows Packet Filter version 3.4.3
Using interface \DEVICE\{05F9267C-C548-4822-8535-9A57F1A99DB7}
Press ENTER to exit
=======================================================================================================

Interface --> MSTCP (93 bytes)

  Ipv4 Address([142, 250, 102, 108]) => Address([192, 168, 3, 126])
   TCP 993 -> 54163
=======================================================================================================

MSTCP --> Interface (89 bytes)

  Ipv4 Address([192, 168, 3, 126]) => Address([142, 250, 102, 108])
   TCP 54163 -> 993
=======================================================================================================

Interface --> MSTCP (60 bytes)

  Ipv4 Address([142, 250, 102, 108]) => Address([192, 168, 3, 126])
   TCP 993 -> 54163
=======================================================================================================

Interface --> MSTCP (202 bytes)

  Ipv4 Address([192, 168, 3, 105]) => Address([224, 0, 0, 251])
   UDP 5353 -> 5353

Interface --> MSTCP (222 bytes)

  Ipv6 Address([254, 128, 0, 0, 0, 0, 0, 0, 18, 44, 107, 255, 254, 84, 37, 126]) => Address([255, 2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 251])
   UDP 5353 -> 5353
=======================================================================================================

Interface --> MSTCP (118 bytes)

  Ipv4 Address([142, 250, 102, 108]) => Address([192, 168, 3, 126])
   TCP 993 -> 54163
=======================================================================================================

MSTCP --> Interface (115 bytes)

  Ipv4 Address([192, 168, 3, 126]) => Address([142, 250, 102, 108])
   TCP 54163 -> 993
=======================================================================================================

Interface --> MSTCP (60 bytes)

  Ipv4 Address([142, 250, 102, 108]) => Address([192, 168, 3, 126])
   TCP 993 -> 54163
=======================================================================================================

MSTCP --> Interface (74 bytes)

  Ipv4 Address([192, 168, 3, 126]) => Address([158, 255, 51, 217])
   UDP 63616 -> 59999
=======================================================================================================

Interface --> MSTCP (80 bytes)

  Ipv4 Address([192, 168, 3, 105]) => Address([224, 0, 0, 251])
   UDP 5353 -> 5353

Interface --> MSTCP (100 bytes)

  Ipv6 Address([254, 128, 0, 0, 0, 0, 0, 0, 18, 44, 107, 255, 254, 84, 37, 126]) => Address([255, 2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 251])
   UDP 5353 -> 5353

Shutting down...

License

This project is licensed under the Apache License 2.0. See LICENSE for details.

You might also like...
Use Thunk to build your Rust program that runs on old Windows platforms, support Windows XP and more!

Use Thunk to build your Rust program that runs on old platforms. Thunk uses VC-LTL5 and YY-Thunks to build programs that support old platforms. So, ho

null 6 May 21, 2023
Switch windows of same app with alt + ` on windows pc.

Windows Switcher Switch windows of same app with alt + ` on windows pc. 250k single file executable downloaded from Github Release. No installation re

null 172 Dec 10, 2022
Check if the process is running inside Windows Subsystem for Linux (Bash on Windows)

is-wsl Check if the process is running inside Windows Subsystem for Linux (Bash on Windows) Inspired by sindresorhus/is-wsl and made for Rust lang. Ca

Sean Larkin 6 Jan 31, 2023
Windows Capture Simple Screen Capture for Windows 🔥

Windows Capture   Windows Capture is a highly efficient Rust library that enables you to effortlessly capture the screen using the Graphics Capture AP

null 3 Sep 24, 2023
Prototype for a CLI/Libary designed for interacting with NASA Open APIs with Rust.

Overview Voyager is a swiss army knife library for the NASA Open APIs. It is designed to bundle all the NASA APIs into a single package. Voyager can b

Ethan Gallucci 4 Aug 14, 2022
An expressive Rust library for interacting with a cache.

Amnesia An expressive Rust library for interacting with a Cache. Features Driver-Based Architecture: Easily switch between different caching strategie

Miguel Piedrafita 25 Dec 28, 2023
A command-line interface for interacting with the ChatGPT API from OpenAI
A command-line interface for interacting with the ChatGPT API from OpenAI

cligpt cligpt is a command-line interface for interacting with the ChatGPT API from OpenAI. With cligpt, you can quickly and easily generate text by s

Felipe S. S. Schneider 6 Apr 4, 2023
A fast, simple TUI for interacting with systemd services and their logs
A fast, simple TUI for interacting with systemd services and their logs

systemctl-tui A fast, simple TUI for interacting with systemd services and their logs. systemctl-tui can quickly browse service status and logs, and s

Reilly Wood 11 Sep 1, 2023
Solstice Flare - CLI Tool for interacting with Solana

🚧 WIP: This tool is in active development, and can experience breaking changes. For safety, it currently operates on Devnet by default Flare Flare is

Anthias Labs 4 Feb 26, 2024
Comments
  • about async and advice

    about async and advice

    1. does async refer to performing other tasks when no data is being read? and does it impact network performance?`
    2. i recommend using smoltcp instead of etherparse for better packet modification and analysis.
    opened by piz-ewing 3
  • Help : How do I read packets from EthMRequest?

    Help : How do I read packets from EthMRequest?

    It seems like currently the only public method to get packets is drain_success_packets() But it only returns iterator with success packets I cannot find where the packet_success value is getting assigned a value other than 0 Please correct me If Im wrong

    opened by RaghavRox 1
  • feat: add EthMRequest::<N>::from_iter method

    feat: add EthMRequest::::from_iter method

    This commit introduces a new method to the EthMRequest struct, allowing for construction from an iterator over &mut IntermediateBuffer. This adds more flexibility in creating EthMRequest instances.

    fix: correct behavior in EthMRequest::::set_packet method This commit fixes a bug in the set_packet method in the EthMRequest struct. These corrections ensure proper packet management and error handling in full buffer scenarios.

    opened by wiresock 0
  • Extend NDISAPI with Asynchronous Functionality

    Extend NDISAPI with Asynchronous Functionality

    This PR introduces asynchronous extensions to the NDISAPI. The primary aim of these extensions is to provide non-blocking I/O operations, enhancing the library's performance by leveraging Rust's async/await syntax and the futures library. In order to demonstrate the newly added async functionalities, two sample applications, async-packthru.rs and async-passthru.rs, have been included in this commit. These samples showcase the practical usage and benefits of the asynchronous extensions in real-world scenarios.

    opened by wiresock 0
Releases(0.4.6)

  • 0.4.6(Jun 14, 2023)

    Release Notes for NDISAPI-RS v0.4.6

    New Features

    • Improvements to EthMRequest Implementation:
      • Introduced drain and drain_success methods: These new methods offer the capability to drain either all packets, or only those that have been successfully read, respectively.
      • Replacement of consume method with the append method: The new append function can be used to consume the iterator returned by either drain or drain_success methods. This function facilitates the relocation of packets into the target EthMRequest instance, effectively replacing the functionality previously provided by the consume method.
    Source code(tar.gz)
    Source code(zip)

  • 0.4.5(Jun 7, 2023)

    Release Notes for NDISAPI-RS v0.4.5

    Service Release

    In this maintenance release, the crate "etherparse" has been replaced with the crate "smoltcp" for parsing packets in the examples.

    Source code(tar.gz)
    Source code(zip)

  • 0.4.4(Jun 5, 2023)

    Release Notes for NDISAPI-RS v0.4.4

    Service Release

    This is a maintenance service release that adds Debug trait for Version & NetworkAdapterInfo.

    Source code(tar.gz)
    Source code(zip)

  • 0.4.3(Jun 4, 2023)

    Release Notes for NDISAPI-RS v0.4.3

    New Features

    • Enhanced EthMRequest construction: A new method has been added to the EthMRequest struct, EthMRequest::<N>::from_iter. This new method allows for the construction of EthMRequest instances from an iterator over &mut IntermediateBuffer. This enhancement provides more flexibility in creating EthMRequest instances, particularly in situations where a collection of IntermediateBuffer instances is already available and needs to be efficiently transformed into a request.

    Bug Fixes

    • Fixed packet handling in EthMRequest::<N>::set_packet: A bug was fixed in the EthMRequest::<N>::set_packet method. The fix corrects the packet management and error handling in scenarios where the buffer is full. This ensures that the packet set operation behaves correctly under all conditions, providing more reliable and predictable behavior.

    Thank you for your continued support. As always, if you encounter any issues or have suggestions for improvements, please don't hesitate to contribute or open an issue. Your feedback is invaluable to us.

    Happy networking!

    Source code(tar.gz)
    Source code(zip)

  • 0.4.2(Jun 1, 2023)

    Release Notes for NDISAPI-RS v0.4.2

    • The implementation for EthMRequest has been significantly enhanced to increase its usability and flexibility. The changes improve packet handling and provide developers with more control over the request's lifecycle.
    • Along with the changes to EthMRequest, the packthru.rs demo has been updated to align with the new capabilities of the implementation.
    Source code(tar.gz)
    Source code(zip)

  • 0.4.1(May 28, 2023)

    Release Notes for NDISAPI-RS v0.4.1

    Service Release

    This is a maintenance service release that focuses on updating the crate documentation.

    Source code(tar.gz)
    Source code(zip)

  • 0.4.0(May 28, 2023)

    Release Notes for NDISAPI-RS v0.4.0

    New Features

    • Integration of 'netlib' helper library into the main project: In our continuous quest to enhance and simplify network interface management on Windows, we have made a strategic decision to integrate the 'netlib' helper library directly into the main ndisapi-rs project. The 'netlib' library is an ongoing development effort, aiming to provide an effective wrapper for specific native Windows APIs. This integration is expected to offer a more streamlined and simplified user experience.

      Initially, 'netlib' was intended to be released as a distinct crate. However, in our commitment to ensure seamless accessibility and ease of use, we decided to bring it directly within the ndisapi-rs crate. Please note that 'netlib' remains an ongoing project. We are committed to consistently expanding and improving it, with plans to incorporate additional helper classes in the future. Stay tuned for more updates in the upcoming releases.

    Source code(tar.gz)
    Source code(zip)

  • 0.3.3(May 27, 2023)

    Release Notes for NDISAPI-RS v0.3.3

    Service Release

    This is a maintenance service release. While it introduces no new features or functionality, it is vital for updating versioning information, documentation, and other ancillary details on crates.io. This release helps ensure our library is current and users have access to the latest and most accurate information.

    Source code(tar.gz)
    Source code(zip)

  • 0.3.0(May 27, 2023)

    Release Notes for NDISAPI-RS v0.3.0

    New Features

    • Asynchronous Extensions: In version 0.3.0, we've introduced a significant enhancement to the NDISAPI with the addition of asynchronous extensions. These extensions have been designed to provide non-blocking I/O operations. This major enhancement will greatly improve the library's overall performance by fully utilizing Rust's async/await syntax and the futures library.

    • Asynchronous Sample Applications: To better demonstrate the newly added asynchronous functionalities, we've included two new sample applications: async-packthru.rs and async-passthru.rs. These examples serve to showcase the practical usage and benefits of the asynchronous extensions in real-world scenarios.

    With the launch of version 0.3.0, we're excited to share these new features with our user community. We believe that these enhancements will greatly improve the usability and performance of our library, and we look forward to seeing how they are utilized. As always, we welcome and appreciate feedback and contributions from our community, as this helps guide our ongoing improvement and development efforts.

    Source code(tar.gz)
    Source code(zip)
Owner
Vadim Smirnov
Vadim Smirnov
GitHub https://www.ntkernel.com/windows-packet-filter/
A Windows virtual display driver written in Rust (works with VR, etc)

Virtual Display Driver This is a Windows driver made in Rust which creates a virtual desktop. It has many uses, such as: A private virtual desktop for

Cherry 28 Sep 19, 2023
Platform that enables Windows driver development in Rust. Developed by Surface.

windows-drivers-rs This repo is a collection of Rust crates that enable developers to develop Windows Drivers in Rust. It is the intention to support

Microsoft 1.1k Oct 11, 2023
A high-level, ergonomic crate for interacting with the UploadThing API

utapi-rs A high-level, ergonomic Rust crate for interacting with the Uploadthing API. Why? If you're using Rust and want to use Uploadthing for file u

Ivan Leon 4 Feb 2, 2024
A fast, simple and lightweight Bloom filter library for Python, fully implemented in Rust.

rBloom A fast, simple and lightweight Bloom filter library for Python, fully implemented in Rust. It's designed to be as pythonic as possible, mimicki

Kenan Hanke 91 Feb 4, 2023
The fastest bloom filter in Rust. No accuracy compromises. Use any hasher.

b100m-filter The fastest bloom filter in Rust. No accuracy compromises. Use any hasher. Usage # Cargo.toml [dependencies] b100m-filter = "0.3.0" use b

null 4 Nov 19, 2023
Alexander Mongus is a state-of-the-art filter to sneak amogus characters in pictures

A. Mongus Go to: http://www.lortex.org/amogu/ ??? This is a client-side, Webassembly-based filter to hide amongus characters in your images. Example:

Lucas Pluvinage 3 Apr 16, 2022
Yet Another Kalman Filter Implementation. As well as Lie Theory (Lie group and algebra) on SE(3). [no_std] is supported by default.

yakf - Yet Another Kalman Filter Yet Another Kalman Filter Implementation, as well as, Lie Theory (Lie group, algebra, vector) on SO(3), SE(3), SO(2),

null 7 Dec 1, 2022
Filter, Sort & Delete Duplicate Files Recursively

Deduplicator Find, Sort, Filter & Delete duplicate files Usage Usage: deduplicator [OPTIONS] [scan_dir_path] Arguments: [scan_dir_path] Run Dedupl

Sreedev Kodichath 108 Jan 27, 2023
A tool to filter sites in a FASTA-format whole-genome pseudo-alignment

Core-SNP-filter This is a tool to filter sites (i.e. columns) in a FASTA-format whole-genome pseudo-alignment based on: Whether the site contains vari

Ryan Wick 15 Apr 2, 2023
Windows-rs - Rust for Windows

Rust for Windows The windows crate lets you call any Windows API past, present, and future using code generated on the fly directly from the metadata

Microsoft 7.7k Dec 30, 2022