Versions in this module Expand all Collapse all v0 v0.0.1 Jun 8, 2023 Changes in this version + var FieldALEAppID = FieldID + var FieldALEEffectiveName = FieldID + var FieldALENAPContext = FieldID + var FieldALEOriginalAppID = FieldID + var FieldALEPackageID = FieldID + var FieldALEPromiscuousMode = FieldID + var FieldALEReauthReason = FieldID + var FieldALERemoteMachineID = FieldID + var FieldALERemoteUserID = FieldID + var FieldALESecurityAttributeFqbnValue = FieldID + var FieldALESioFirewallSystemPort = FieldID + var FieldALEUserID = FieldID + var FieldArrivalInterfaceIndex = FieldID + var FieldArrivalInterfaceProfileID = FieldID + var FieldArrivalInterfaceType = FieldID + var FieldArrivalTunnelType = FieldID + var FieldAuthenticationType = FieldID + var FieldBitmapIPLocalAddress = FieldID + var FieldBitmapIPLocalPort = FieldID + var FieldBitmapIPRemoteAddress = FieldID + var FieldBitmapIPRemotePort = FieldID + var FieldBitmapIndexKey = FieldID + var FieldClientCertKeyLength = FieldID + var FieldClientCertOid = FieldID + var FieldClientToken = FieldID + var FieldCompartmentID = FieldID + var FieldCurrentProfileID = FieldID + var FieldDCOMAppID = FieldID + var FieldDestinationInterfaceIndex = FieldID + var FieldDestinationSubInterfaceIndex = FieldID + var FieldDirection = FieldID + var FieldEmbeddedLocalAddressType = FieldID + var FieldEmbeddedLocalPort = FieldID + var FieldEmbeddedProtocol = FieldID + var FieldEmbeddedRemoteAddress = FieldID + var FieldEmbeddedRemotePort = FieldID + var FieldEtherType = FieldID + var FieldFlags = FieldID + var FieldIPArrivalInterface = FieldID + var FieldIPDestinationAddress = FieldID + var FieldIPDestinationAddressType = FieldID + var FieldIPDestinationPort = FieldID + var FieldIPForwardInterface = FieldID + var FieldIPLocalAddress = FieldID + var FieldIPLocalAddressType = FieldID + var FieldIPLocalAddressV4 = FieldID + var FieldIPLocalAddressV6 = FieldID + var FieldIPLocalInterface = FieldID + var FieldIPLocalPort = FieldID + var FieldIPNexthopAddress = FieldID + var FieldIPNexthopInterface = FieldID + var FieldIPPhysicalArrivalInterface = FieldID + var FieldIPPhysicalNexthopInterface = FieldID + var FieldIPProtocol = FieldID + var FieldIPRemoteAddress = FieldID + var FieldIPRemoteAddressV4 = FieldID + var FieldIPRemoteAddressV6 = FieldID + var FieldIPRemotePort = FieldID + var FieldIPSecPolicyKey = FieldID + var FieldIPSecSecurityRealmID = FieldID + var FieldIPSourceAddress = FieldID + var FieldIPSourcePort = FieldID + var FieldImageName = FieldID + var FieldInterfaceIndex = FieldID + var FieldInterfaceMACAddress = FieldID + var FieldInterfaceQuarantineEpoch = FieldID + var FieldInterfaceType = FieldID + var FieldKMAuthNAPContext = FieldID + var FieldKMMode = FieldID + var FieldKMType = FieldID + var FieldL2Flags = FieldID + var FieldLocalInterfaceProfileID = FieldID + var FieldMACDestinationAddress = FieldID + var FieldMACDestinationAddressType = FieldID + var FieldMACLocalAddress = FieldID + var FieldMACLocalAddressType = FieldID + var FieldMACRemoteAddress = FieldID + var FieldMACRemoteAddressType = FieldID + var FieldMACSourceAddress = FieldID + var FieldMACSourceAddressType = FieldID + var FieldNdisMediaType = FieldID + var FieldNdisPhysicalMediaType = FieldID + var FieldNdisPort = FieldID + var FieldNetEventType = FieldID + var FieldNexthopInterfaceIndex = FieldID + var FieldNexthopInterfaceProfileID = FieldID + var FieldNexthopInterfaceType = FieldID + var FieldNexthopSubInterfaceIndex = FieldID + var FieldNexthopTunnelType = FieldID + var FieldOriginalICMPType = FieldID + var FieldOriginalProfileID = FieldID + var FieldPeerName = FieldID + var FieldPipe = FieldID + var FieldProcessWithRPCIfUUID = FieldID + var FieldQMMode = FieldID + var FieldRPCAuthLevel = FieldID + var FieldRPCAuthType = FieldID + var FieldRPCEPFlags = FieldID + var FieldRPCEPValue = FieldID + var FieldRPCIfFlag = FieldID + var FieldRPCIfUUID = FieldID + var FieldRPCIfVersion = FieldID + var FieldRPCProtocol = FieldID + var FieldRPCProxyAuthType = FieldID + var FieldRPCServerName = FieldID + var FieldRPCServerPort = FieldID + var FieldReauthorizeReason = FieldID + var FieldRemoteID = FieldID + var FieldRemoteUserToken = FieldID + var FieldReserved0 = FieldID + var FieldReserved1 = FieldID + var FieldReserved10 = FieldID + var FieldReserved11 = FieldID + var FieldReserved12 = FieldID + var FieldReserved13 = FieldID + var FieldReserved14 = FieldID + var FieldReserved15 = FieldID + var FieldReserved2 = FieldID + var FieldReserved3 = FieldID + var FieldReserved4 = FieldID + var FieldReserved5 = FieldID + var FieldReserved6 = FieldID + var FieldReserved7 = FieldID + var FieldReserved8 = FieldID + var FieldReserved9 = FieldID + var FieldSecEncryptAlgorithm = FieldID + var FieldSecKeySize = FieldID + var FieldSourceInterfaceIndex = FieldID + var FieldSourceSubInterfaceIndex = FieldID + var FieldSubInterfaceIndex = FieldID + var FieldTunnelType = FieldID + var FieldVLANID = FieldID + var FieldVSwitchDestinationInterfaceID = FieldID + var FieldVSwitchDestinationInterfaceType = FieldID + var FieldVSwitchDestinationVmID = FieldID + var FieldVSwitchID = FieldID + var FieldVSwitchNetworkType = FieldID + var FieldVSwitchSourceInterfaceID = FieldID + var FieldVSwitchSourceInterfaceType = FieldID + var FieldVSwitchSourceVmID = FieldID + var FieldVSwitchTenantNetworkID = FieldID + var LayerALEAuthConnectV4 = LayerID + var LayerALEAuthConnectV4Discard = LayerID + var LayerALEAuthConnectV6 = LayerID + var LayerALEAuthConnectV6Discard = LayerID + var LayerALEAuthListenV4 = LayerID + var LayerALEAuthListenV4Discard = LayerID + var LayerALEAuthListenV6 = LayerID + var LayerALEAuthListenV6Discard = LayerID + var LayerALEAuthRecvAcceptV4 = LayerID + var LayerALEAuthRecvAcceptV4Discard = LayerID + var LayerALEAuthRecvAcceptV6 = LayerID + var LayerALEAuthRecvAcceptV6Discard = LayerID + var LayerALEBindRedirectV4 = LayerID + var LayerALEBindRedirectV6 = LayerID + var LayerALEConnectRedirectV4 = LayerID + var LayerALEConnectRedirectV6 = LayerID + var LayerALEEndpointClosureV4 = LayerID + var LayerALEEndpointClosureV6 = LayerID + var LayerALEFlowEstablishedV4 = LayerID + var LayerALEFlowEstablishedV4Discard = LayerID + var LayerALEFlowEstablishedV6 = LayerID + var LayerALEFlowEstablishedV6Discard = LayerID + var LayerALEResourceAssignmentV4 = LayerID + var LayerALEResourceAssignmentV4Discard = LayerID + var LayerALEResourceAssignmentV6 = LayerID + var LayerALEResourceAssignmentV6Discard = LayerID + var LayerALEResourceReleaseV4 = LayerID + var LayerALEResourceReleaseV6 = LayerID + var LayerDatagramDataV4 = LayerID + var LayerDatagramDataV4Discard = LayerID + var LayerDatagramDataV6 = LayerID + var LayerDatagramDataV6Discard = LayerID + var LayerEgressVSwitchEthernet = LayerID + var LayerEgressVSwitchTransportV4 = LayerID + var LayerEgressVSwitchTransportV6 = LayerID + var LayerIKEExtV4 = LayerID + var LayerIKEExtV6 = LayerID + var LayerIPForwardV4 = LayerID + var LayerIPForwardV4Discard = LayerID + var LayerIPForwardV6 = LayerID + var LayerIPForwardV6Discard = LayerID + var LayerIPSecKMDemuxV4 = LayerID + var LayerIPSecKMDemuxV6 = LayerID + var LayerIPSecV4 = LayerID + var LayerIPSecV6 = LayerID + var LayerInboundICMPErrorV4 = LayerID + var LayerInboundICMPErrorV4Discard = LayerID + var LayerInboundICMPErrorV6 = LayerID + var LayerInboundICMPErrorV6Discard = LayerID + var LayerInboundIPPacketV4 = LayerID + var LayerInboundIPPacketV4Discard = LayerID + var LayerInboundIPPacketV6 = LayerID + var LayerInboundIPPacketV6Discard = LayerID + var LayerInboundMACFrameEthernet = LayerID + var LayerInboundMACFrameNative = LayerID + var LayerInboundMACFrameNativeFast = LayerID + var LayerInboundReserved2 = LayerID + var LayerInboundTransportFast = LayerID + var LayerInboundTransportV4 = LayerID + var LayerInboundTransportV4Discard = LayerID + var LayerInboundTransportV6 = LayerID + var LayerInboundTransportV6Discard = LayerID + var LayerIngressVSwitchEthernet = LayerID + var LayerIngressVSwitchTransportV4 = LayerID + var LayerIngressVSwitchTransportV6 = LayerID + var LayerKMAuthorization = LayerID + var LayerNameResolutionCacheV4 = LayerID + var LayerNameResolutionCacheV6 = LayerID + var LayerOutboundICMPErrorV4 = LayerID + var LayerOutboundICMPErrorV4Discard = LayerID + var LayerOutboundICMPErrorV6 = LayerID + var LayerOutboundICMPErrorV6Discard = LayerID + var LayerOutboundIPPacketV4 = LayerID + var LayerOutboundIPPacketV4Discard = LayerID + var LayerOutboundIPPacketV6 = LayerID + var LayerOutboundIPPacketV6Discard = LayerID + var LayerOutboundMACFrameEthernet = LayerID + var LayerOutboundMACFrameNative = LayerID + var LayerOutboundMACFrameNativeFast = LayerID + var LayerOutboundTransportFast = LayerID + var LayerOutboundTransportV4 = LayerID + var LayerOutboundTransportV4Discard = LayerID + var LayerOutboundTransportV6 = LayerID + var LayerOutboundTransportV6Discard = LayerID + var LayerRPCEPAdd = LayerID + var LayerRPCEPMap = LayerID + var LayerRPCProxyConn = LayerID + var LayerRPCProxyIf = LayerID + var LayerRPCUM = LayerID + var LayerStreamPacketV4 = LayerID + var LayerStreamPacketV6 = LayerID + var LayerStreamV4 = LayerID + var LayerStreamV4Discard = LayerID + var LayerStreamV6 = LayerID + var LayerStreamV6Discard = LayerID + func AppID(file string) (string, error) + type Action uint32 + const ActionBlock + const ActionCalloutInspection + const ActionCalloutTerminating + const ActionCalloutUnknown + const ActionPermit + func (i Action) String() string + type CalloutID windows.GUID + func (id *CalloutID) IsZero() bool + func (id CalloutID) String() string + type ConditionFlag uint32 + const ConditionFlagIsAuthFW + const ConditionFlagIsConnectionRedirected + const ConditionFlagIsFragmant + const ConditionFlagIsFragmantGroup + const ConditionFlagIsIPSecNATTReclassify + const ConditionFlagIsIPSecSecured + const ConditionFlagIsImplicitBind + const ConditionFlagIsInboundPassThru + const ConditionFlagIsLoopback + const ConditionFlagIsNameAppSpecified + const ConditionFlagIsOutboundPassThru + const ConditionFlagIsPromiscuous + const ConditionFlagIsRawEndpoint + const ConditionFlagIsReassembled + const ConditionFlagIsReauthorize + const ConditionFlagIsReclassify + const ConditionFlagIsRequiresALEClassify + const ConditionFlagIsWildcardBind + func (i ConditionFlag) String() string + type DropEvent struct + AppID string + FilterID uint64 + IPProtocol uint8 + LayerID uint16 + LocalAddr netip.AddrPort + RemoteAddr netip.AddrPort + Timestamp time.Time + type Field struct + ID FieldID + Type reflect.Type + type FieldID windows.GUID + func (id *FieldID) IsZero() bool + func (id FieldID) String() string + type IPProto uint8 + const IPProtoICMP + const IPProtoICMPV6 + const IPProtoTCP + const IPProtoUDP + func (i IPProto) String() string + type Layer struct + DefaultSublayer SublayerID + Description string + Fields []*Field + ID LayerID + KernelID uint16 + Name string + type LayerID windows.GUID + func (id *LayerID) IsZero() bool + func (id LayerID) String() string + type Match struct + Field FieldID + Op MatchType + Value interface{} + func (m Match) String() string + type MatchType uint32 + const MatchTypeEqual + const MatchTypeEqualCaseInsensitive + const MatchTypeFlagsAllSet + const MatchTypeFlagsAnySet + const MatchTypeFlagsNoneSet + const MatchTypeGreater + const MatchTypeGreaterOrEqual + const MatchTypeLess + const MatchTypeLessOrEqual + const MatchTypeNotEqual + const MatchTypeNotPrefix + const MatchTypePrefix + const MatchTypeRange + func (m MatchType) String() string + type Options struct + Description string + Dynamic bool + Name string + TransactionStartTimeout time.Duration + type Provider struct + Data []byte + Description string + Disabled bool + ID ProviderID + Name string + Persistent bool + ServiceName string + type ProviderID windows.GUID + func (id *ProviderID) IsZero() bool + func (id ProviderID) String() string + type Range struct + From interface{} + To interface{} + type Rule struct + Action Action + BootTime bool + Callout CalloutID + Conditions []*Match + Description string + Disabled bool + HardAction bool + ID RuleID + KernelID uint64 + Layer LayerID + Name string + PermitIfMissing bool + Persistent bool + Provider ProviderID + ProviderData []byte + Sublayer SublayerID + Weight uint64 + type RuleID windows.GUID + func (id *RuleID) IsZero() bool + func (id RuleID) String() string + type Session struct + func New(opts *Options) (*Session, error) + func (s *Session) AddProvider(p *Provider) error + func (s *Session) AddRule(r *Rule) error + func (s *Session) AddSublayer(sl *Sublayer) error + func (s *Session) Close() error + func (s *Session) DeleteProvider(id ProviderID) error + func (s *Session) DeleteRule(id RuleID) error + func (s *Session) DeleteSublayer(id SublayerID) error + func (s *Session) DropEvents() ([]*DropEvent, error) + func (s *Session) Layers() ([]*Layer, error) + func (s *Session) Providers() ([]*Provider, error) + func (s *Session) Rules() ([]*Rule, error) + func (s *Session) RulesForProvider(provider ProviderID, layer LayerID) ([]*Rule, error) + func (s *Session) Sublayers(providers ...ProviderID) ([]*Sublayer, error) + func (s *Session) TransactionAbort() error + func (s *Session) TransactionBegin() error + func (s *Session) TransactionCommit() error + type Sublayer struct + Description string + ID SublayerID + Name string + Persistent bool + Provider ProviderID + ProviderData []byte + Weight uint16 + type SublayerID windows.GUID + func (id *SublayerID) IsZero() bool + func (id SublayerID) String() string + type TokenAccessInformation struct + type TokenInformation struct