933323d5f9
Add a new verdict (value 8) for routing connections through the split tunnel. This prepares the infrastructure for the upcoming split-tunneling feature without implementing the full feature yet. Changes: - Define VerdictRerouteToSplitTun in network/status.go with String() and Verb() - Add RerouteToSplitTun() to the Packet interface and InfoPacket stub - Implement RerouteToSplitTun() for windowskext (v1) and windowskext2 (v2) packets - Map VerdictRerouteToSplitTun to KextVerdict 11 in kextinterface and kext2 - Handle the verdict in packet_handler.go dispatch, connection.go, api.go, metrics.go and nameserver.go - Add VerdictRerouteToSplitTun = 8 to Angular Verdict enum and update stats counting, filter queries and verdict CSS class (WIP) Note: Linux (nfq) implementation not updated yet. Therefore Linux build will fail. |
||
|---|---|---|
| .. | ||
| c_helper | ||
| driver | ||
| kextinterface | ||
| protocol | ||
| release | ||
| test | ||
| wdk | ||
| .gitignore | ||
| Cargo.lock | ||
| link-dev.ps1 | ||
| PacketFlow.md | ||
| PortmasterKext64.inf | ||
| README.md | ||
| test_protocol.sh | ||
Portmaster Windows kext
Implementation of Safing's Portmaster Windows kernel extension in Rust.
Documentation
- Driver -> entry point.
- WDK -> Windows Driver Kit interface.
- Packet Path -> Detailed documentation of what happens to a packet when it enters the kernel extension.
- Release -> Guide how to do a release build.
- Windows Filtering Platform - MS -> The driver is build on top of WFP.
Building (For release)
Please refer to release/README.md for details about the release procedure.
Building (For testing and development)
The Windows Portmaster Kernel Extension is currently only developed and tested for the amd64 (64-bit) architecture.
Prerequirements:
- Visual Studio 2022
- Install C++ and Windows 11 SDK (22H2) components
- Add
link.exeandsigntoolin the PATH
- Windows Driver Kit
- Rust (Can be separate machine)
Setup Test Signing:
Not recommended for a work machine. Usually done on virtual machine dedicated for testing.
In order to test the driver on your machine, you will have to sign it (starting with Windows 10).
Create a new certificate for test signing:
# Open a *x64 Free Build Environment* console as Administrator.
# Run the MakeCert.exe tool to create a test certificate:
MakeCert -r -pe -ss PrivateCertStore -n "CN=DriverCertificate" DriverCertificate.cer
# Install the test certificate with CertMgr.exe:
CertMgr /add DriverCertificate.cer /s /r localMachine root
Enable Test Signing on the dev machine:
# Before you can load test-signed drivers, you must enable Windows test mode. To do this, run this command:
Bcdedit.exe -set TESTSIGNING ON
# Then, restart Windows. For more information, see The TESTSIGNING Boot Configuration Option.
Build driver:
cd driver
cargo build --release
Build also works on linux
Link and sign:
On a windows machine copy driver.lib from the project target directory (driver/target/x86_64-pc-windows-msvc/release/driver.lib) in the same folder as link-dev.ps1.
Run link-dev.ps1.
driver.sys should appear in the folder.
Sign the driver with the test certificate:
SignTool sign /v /s TestCertStoreName /n TestCertName driver.sys
Load and use the driver.