[Question] C# Wrapper Implementation

[wreighsantos]

Hi again, sorry for bugging you.

Since your Divert.Net is not yet compatible with 1.4.x, I'm planning to do my own wrapper. In your wrapper, you've used C++, am I right? Since the extensions are .cpp?

Now, because I'm not really familiar with C++, would there be problems if I will just use pure C#? Are there any reasons why you've chosen C++ for the wrapper or is it really necessary? Because I've seen PCapDotNet also using C++ for the core wrapper.

The reason I'm doing this is because I really need a wrapper for WinDivert 1.4.x for C#; making great use of your PInvoke.

[TechnikEmpire]

@wreighsantos Why are you using Divert.NET instead of this PInvoke class here? Makes no sense. All you need to do is modify a couple of IP/Proto headers to make this C# class compatible with 1.4.

[wreighsantos]

Ah, you got me wrong. Sorry. I just meant to take Divert.NET as comparison, since I need to create a wrapper (e.g., I need Packet class, Header class, etc). I was asking, why it was developed in C++ in Divert.NET?

The version compatibility is not the main issue, the issue is about creating a wrapper implementation, won't there be any problems if I will do it purely in C#? What I mean by wrapper here is like PCapDotNet for WinPCap.

Thank you!

To further express my intention, it is because I am migrating from WinPCap to WinDivert, so, to make my current code adjust to that, I really need a wrapper for it.

[TechnikEmpire]

The only drawback is that you have to enable unsafe code in c#. Unsafe code is a dumb concept here though because the c++/CLI wrapper is unsafe too.

You do not need to write a wrapper. Just use this class exactly like I already do in citadelcore.windows (it's a repo of mine, look it up).

Divert.NET is overcomplicated and it was my original attempt to use WinDivert inside of c#. Divert.NET is not a c++ project. It's a c++/CLI project, a huge difference. It's non-standard c++ that gets compiled into managed code (MSIL) and native code (assembly) in a single dll.

If you really absolutely need to make classes for everything, then just secretly reference the unsafe structures in this project as private members. You can compile an unsafe library in c# that when referenced from another project will NOT require the unsafe switch to be set.

[wreighsantos]

Oh I see, that's why. Thank you very much! Again, sorry for bugging. Much appreciated. :)

[TechnikEmpire]

No worries. :)

[wreighsantos]

@TechnikEmpire can you help me? How can I create a wrapper for creating a new Packet?

As I've seen in netfilter.c example, there is a struct for each message type, for example, for ICMP packet.

typedef struct
{
    WINDIVERT_IPHDR ip;
    WINDIVERT_ICMPHDR icmp;
    UINT8 data[];
} ICMPPACKET, *PICMPPACKET;

and then sent using WinDivertSend as a void* type. I've searched deeper and I assume that it is formatted byte per byte based from the struct? So e.g., ip and icmp were switched, it will fail, am I right?

If correct, then I just need a helper method for my Packet class that returns a struct which represents the Packet, but your PInvoke uses byte[] as the type of the packet, how can I send it that way? Should I overload the Send function so that it's packet parameter is void*? Any thoughts?

I've also thought of another way, but I'm not sure if it will work, here: https://github.com/basil00/Divert/issues/139

Thank you!

[TechnikEmpire]

You can't just create a structure, again. Packets are not so simple, otherwise both my projects and WinDivet would simply cast a pointer type and be done with it rather than having to actually parse.

Same problem with creation. You need a packet crafting library. In c/c++ we have projects like libtins and libcrafter. In c# land, the only packet crafting library I know of is Packet.Net.

See here: https://github.com/antmicro/Packet.Net/blob/master/Examples/ConstructingPackets/Main.cs

You build the packet type you want and then call the 'Bytes' property on it to get a byte array you can pass to WinDivert.

[TechnikEmpire]

From now on though you should take your questions to stack overflow because bug tickets aren't really for usage Q & A. I saw your post on WinDivet already because I subscribe. Whenever you're opening these tickets, everyone who watches the repos gets a notification. It'll start to annoy someone eventually.

[wreighsantos]

Ok, thank you, got it!