public void SetRule(){List<NF_RULE> rules = new List<NF_RULE>();//劫持53 DNS端口rules.AddRange(new NF_RULE[] {    //TCP 53    new NF_RULE    {        direction = (byte)NF_DIRECTION.NF_D_OUT,        filteringFlag = (uint)NF_FILTERING_FLAG.NF_INDICATE_CONNECT_REQUESTS,        protocol = (int)ProtocolType.Tcp,        remotePort = BinaryPrimitives.ReverseEndianness((ushort)53),        ip_family = (ushort)AddressFamily.InterNetwork    },    new NF_RULE    {        direction = (byte)NF_DIRECTION.NF_D_OUT,        filteringFlag = (uint)NF_FILTERING_FLAG.NF_INDICATE_CONNECT_REQUESTS,        protocol = (int)ProtocolType.Tcp,        remotePort = BinaryPrimitives.ReverseEndianness((ushort)53),        ip_family = (ushort)AddressFamily.InterNetworkV6    },     //UDP 53    new NF_RULE    {        direction = (byte)NF_DIRECTION.NF_D_OUT,        filteringFlag = (uint)NF_FILTERING_FLAG.NF_FILTER,        protocol = (int)ProtocolType.Udp,        remotePort = BinaryPrimitives.ReverseEndianness((ushort)53),        ip_family = (ushort)AddressFamily.InterNetwork    },    new NF_RULE    {        direction = (byte)NF_DIRECTION.NF_D_OUT,        filteringFlag = (uint)NF_FILTERING_FLAG.NF_FILTER,        protocol = (int)ProtocolType.Udp,        remotePort = BinaryPrimitives.ReverseEndianness((ushort)53),        ip_family = (ushort)AddressFamily.InterNetworkV6    }});//放行IPV6局域网段rules.AddRange(new NF_RULE[]{    //IPV6 环回 ::1/128    new NF_RULE    {        direction = (byte)NF_DIRECTION.NF_D_OUT,        filteringFlag = (uint)NF_FILTERING_FLAG.NF_ALLOW,        ip_family = (ushort)AddressFamily.InterNetworkV6,        remoteIpAddress = new byte[] { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1 },        remoteIpAddressMask = new byte[] { 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255 },    },    //IPV6 组播 FF00::/8    new NF_RULE    {        direction = (byte)NF_DIRECTION.NF_D_OUT,        filteringFlag = (uint)NF_FILTERING_FLAG.NF_ALLOW,        ip_family = (ushort)AddressFamily.InterNetworkV6,        remoteIpAddress = new byte[] { 255, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 },        remoteIpAddressMask = new byte[] { 255, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 },    },    //本地链路 FE80::/10    new NF_RULE    {        direction = (byte)NF_DIRECTION.NF_D_OUT,        filteringFlag = (uint)NF_FILTERING_FLAG.NF_ALLOW,        ip_family = (ushort)AddressFamily.InterNetworkV6,        remoteIpAddress = new byte[] { 0xFE, 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 },        remoteIpAddressMask = new byte[] { 255, 192, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 },    },    //本地站点 FEC0::/10    new NF_RULE    {        direction = (byte)NF_DIRECTION.NF_D_OUT,        filteringFlag = (uint)NF_FILTERING_FLAG.NF_ALLOW,        ip_family = (ushort)AddressFamily.InterNetworkV6,        remoteIpAddress = new byte[] { 0xFE, 0xC0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 },        remoteIpAddressMask = new byte[] { 255, 192, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 },    }});//放行ipv4局域网段List<string> intranetIpv4s = new List<string>() {    "10.0.0.0/8", "100.64.0.0/10",    "127.0.0.0/8", "169.254.0.0/16", "172.16.0.0/12",    "192.0.0.0/24", "192.0.2.0/24","192.88.99.0/24","192.168.0.0/16",    "198.18.0.0/15","198.51.100.0/24",    "203.0.113.0/24","224.0.0.0/4", "240.0.0.0/4","255.255.255.255/32"};foreach (string item in intranetIpv4s){    string[] arr = item.Split('/');    uint mask = BinaryPrimitives.ReverseEndianness(0xffffffff << (32 - byte.Parse(arr[1])));    rules.Add(new NF_RULE    {        filteringFlag = (uint)NF_FILTERING_FLAG.NF_ALLOW,        ip_family = (ushort)AddressFamily.InterNetwork,        remoteIpAddress = IPAddress.Parse(arr[0]).GetAddressBytes(),        remoteIpAddressMask = BitConverter.GetBytes(mask),    });}//劫持广域网段rules.AddRange(new List<NF_RULE> {     //TCP    new NF_RULE    {        direction = (byte)NF_DIRECTION.NF_D_OUT,        filteringFlag = (uint)NF_FILTERING_FLAG.NF_INDICATE_CONNECT_REQUESTS,        protocol = (int)ProtocolType.Tcp,        ip_family = (ushort)AddressFamily.InterNetwork    },    new NF_RULE    {        direction = (byte)NF_DIRECTION.NF_D_OUT,        filteringFlag = (uint)NF_FILTERING_FLAG.NF_INDICATE_CONNECT_REQUESTS,        protocol = (int)ProtocolType.Tcp,        ip_family = (ushort)AddressFamily.InterNetworkV6    },    //UDP     new NF_RULE    {        direction = (byte)NF_DIRECTION.NF_D_OUT,        filteringFlag = (uint)NF_FILTERING_FLAG.NF_FILTER,        protocol = (int)ProtocolType.Udp,        ip_family = (ushort)AddressFamily.InterNetwork    },    new NF_RULE    {        direction = (byte)NF_DIRECTION.NF_D_OUT,        filteringFlag = (uint)NF_FILTERING_FLAG.NF_FILTER,        protocol = (int)ProtocolType.Udp,        ip_family = (ushort)AddressFamily.InterNetworkV6    },});NFAPI.nf_setRules(rules.ToArray());}

//实现 NF_EventHandler 接口//实现public void udpCreated(ulong id, NF_UDP_CONN_INFO pConnInfo){    //不是需要代理的进程    if (xxx == false)    {        NFAPI.nf_udpDisableFiltering(pConnInfo.processId);        return;    }    //创建连接}public void udpSend(ulong id, nint remoteAddress, nint buf, int len, nint options, int optionsLen){    //是否有连接对象，没连接对象则直接发送数据，不代理    if (xxx == false)    {        NFAPI.nf_udpPostSend(id, remoteAddress, buf, len, options);        return;    }    //获取端口，方便判断是否是53 DNS协议    byte* p = (byte*)remoteAddress;    ushort port = (ushort)((*(p + 2) << 8 & 0xFF00) | *(p + 3));        //构建代理连接}public unsafe void tcpConnectRequest(ulong id, ref NF_TCP_CONN_INFO pConnInfo){    //不是需要代理的进程    if (xxx == false)    {        NFAPI.nf_tcpDisableFiltering(pConnInfo.processId);        return;    }    //更改目标地址到劫持服务器}

//一些定义string SystemDriver = $"{Environment.SystemDirectory}\\drivers\\netfilter2.sys";string NFDriver = "nfdriver.sys";string Name = "netfilter2";//检查文件版本private string GetFileVersion(string file)    {        if (File.Exists(file))            return FileVersionInfo.GetVersionInfo(file).FileVersion ?? "";        return "";    }//检查驱动private void CheckDriver(){    var binFileVersion = GetFileVersion(NFDriver);    var systemFileVersion = GetFileVersion(SystemDriver);    if (File.Exists(SystemDriver) == false)    {        InstallDriver();        return;    }    var reinstall = false;    if (Version.TryParse(binFileVersion, out var binResult) && Version.TryParse(systemFileVersion, out var systemResult))    {        if (binResult.CompareTo(systemResult) > 0)            reinstall = true;        else if (systemResult.Major != binResult.Major)            reinstall = true;    }    else    {        if (!systemFileVersion.Equals(binFileVersion))            reinstall = true;    }    if (!reinstall)        return;    UninstallDriver();    InstallDriver();}//注册驱动private void InstallDriver(){    if (!File.Exists(NFDriver))        throw new Exception("builtin driver files missing, can't install NF driver");    try    {        File.Copy(NFDriver, SystemDriver);    }    catch (Exception e)    {        throw new Exception($"Copy {Name}.sys failed\n{e.Message}");    }    // 注册驱动文件    if (NFAPI.nf_registerDriver(Name) == NF_STATUS.NF_STATUS_SUCCESS)    {        Console.WriteLine($"Install {Name} driver finished");    }    else    {        Console.WriteLine($"Register {Name} failed");    }}//删除驱动private bool UninstallDriver(){    if (File.Exists(SystemDriver) == false)        return true;    NFAPI.nf_unRegisterDriver(Name);    File.Delete(SystemDriver);    return true;}

//检查安装驱动CheckDriver();//给驱动获取进程权限NFAPI.nf_adjustProcessPriviledges();//初始化驱动NF_STATUS nF_STATUS = NFAPI.nf_init(Name, hijackEventHandler);if (nF_STATUS != NF_STATUS.NF_STATUS_SUCCESS){    throw new Exception($"{Name} start failed.{nF_STATUS}");}//设置规则SetRule();

NFAPI.nf_deleteRules();NFAPI.nf_free();