Backend is implemented by per-OS packet interception providers. Semantics: - Open installs filter rules (iptables / WinDivert filter / pf) and prepares the userspace packet queue. - Close cleans up all side effects (removes rules, unloads drivers). - Packets returns a channel of observed packets in
| 22 | // the configured filter scope. Backends call Verdict on each delivered |
| 23 | // packet exactly once. |
| 24 | type Backend interface { |
| 25 | // Open installs the filter rules and starts packet interception. The |
| 26 | // returned error indicates a fatal setup failure (missing driver, |
| 27 | // insufficient privileges, rule conflict). |
| 28 | Open(ctx context.Context, scope Scope) error |
| 29 | |
| 30 | // Packets returns the stream of intercepted packets. The channel is |
| 31 | // closed when the backend is stopped. |
| 32 | Packets() <-chan Packet |
| 33 | |
| 34 | // Inject emits a raw IP packet onto the wire, bypassing the filter. |
| 35 | // Used to send the spoofed ClientHello. |
| 36 | Inject(p []byte, dir Direction) error |
| 37 | |
| 38 | // Close tears down rules and stops interception. Safe to call multiple |
| 39 | // times. |
| 40 | Close() error |
| 41 | } |
| 42 | |
| 43 | // Scope narrows packet interception to a specific 5-tuple family. |
| 44 | // Backends translate this into their native filter language. |
no outgoing calls
no test coverage detected