root
4b985bb7f0
Public Run(ctx, cfg) <-chan Result streams diagnostic events for the seven tests (tcp, greet, auth?, connect, udp, stun, api) wired through the SOCKS5 primitives, STUN codec, retry classification and RU hints. - Per-test attempt loop with running/passed/failed events, transient-only retries (per-attempt timeout treated as transient, parent ctx cancel as permanent), context-aware backoff sleep. - Connection lifecycle: tcpConn shared across greet/auth/connect (closed and redialed on retry); separate udpConn2 control channel for UDP ASSOCIATE kept alive for the duration of the stun test. - STUN-via-SOCKS5: builds 10-byte SOCKS5 UDP header + STUN binding request, decodes reply with ATYP-aware header strip (1/3/4). - runAPI plugs SOCKS5 dial into http.Transport.DialContext; passes on HTTP 200 OR 401. - Skip semantics: dependency-failed tests emit single skipped result; cancellation latches and propagates as cancelled-failed (current) + cancelled-skipped (remaining). - Defaults applied to a copy of cfg; UseAuth=false suppresses any "auth" result entirely. Tests: 10 TestRun_* covering happy/auth-rejected/all-rejected/ connect-refused/udp-unsupported/timeout-then-ok/cancelled-mid-flight/ defaults plus extractRawHex unit. Fake SOCKS5 proxy + UDP relay echoing synthetic STUN binding success responses; httptest stub for API splice. Combined coverage 84.3% (>=80% target). go test -race clean. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Drover-Go
Discord proxy / DPI bypass tool. Routes Discord traffic through a SOCKS5 proxy via kernel-level packet capture (WinDivert), bypassing the limitations of in-app proxy settings and surviving Discord auto-updates.
What it solves
Discord doesn't support proxies for voice/video traffic. Existing DLL-injection tools (drover, discord-voice-proxy) modify Discord.exe, which:
- triggers antivirus heuristics (unsigned DLL injecting into a popular app),
- breaks every time Discord auto-updates,
- doesn't proxy
Update.exeitself, so the updater fails when Discord servers are blocked.
Drover-Go uses WinDivert — a Microsoft-signed kernel driver — to capture packets at the network stack level. No modification of Discord, works for any Discord variant (Stable/Canary/PTB/Vesktop), survives auto-updates, minimal AV detection.
Status
Pre-alpha. See implementation plan for details.
How it works
Discord.exe (unmodified)
↓ TCP/UDP
WinDivert.sys (kernel filter)
↓ matched packets
drover.exe (Go)
├── TCP redirect to local SOCKS5 listener → SOCKS5 CONNECT → upstream proxy
└── UDP encapsulation (RFC 1928) → SOCKS5 UDP ASSOCIATE → upstream proxy
For UDP voice that's blocked even via SOCKS5 (DPI on the proxy's TCP control channel), drover-go injects a fake QUIC initial packet (à la zapret-discord-youtube) before forwarding — DPI sees "QUIC to Google" instead of Discord media.
Requirements
- Windows 10 1903+ or Windows 11 (x64). ARM64 not supported by WinDivert.
- Administrator privileges for first run (driver install).
- Upstream SOCKS5 proxy with UDP ASSOCIATE support (e.g.
mihomo,sing-box).
Install
Download the latest release from releases:
drover-vX.Y.Z-setup.exe— installer with Start Menu shortcut, registers in Apps & Features for clean uninstall.drover-vX.Y.Z-windows-amd64.zip— portable, just unzip and run.
Verify SHA256 against SHA256SUMS.txt in the same release.
License
MIT for our code. WinDivert (embedded) is LGPL-3.0.
Acknowledgements
- imgk/divert-go — Go bindings for WinDivert
- imgk/shadow — transparent proxy reference architecture
- runetfreedom/force-proxy — SOCKS5 UDP ASSOCIATE flow reference
- Flowseal/zapret-discord-youtube — fake QUIC payload
- basil00/WinDivert — kernel packet capture driver