driver

package
v0.0.0-...-c4caace Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 27, 2024 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Rendered for windows/amd64

Index

Constants

View Source 
const (
	GetStatsIOCTL      = 0x122004
	SetFlowFilterIOCTL = 0x122010
	SetDataFilterIOCTL = 0x12200c
	SetMaxFlowsIOCTL   = 0x122018
)
View Source 
const (
	FlowDirectionMask     = 0x300
	FlowDirectionBits     = 0x8
	FlowDirectionInbound  = 0x1
	FlowDirectionOutbound = 0x2

	FlowClosedMask         = 0x10
	TCPFlowEstablishedMask = 0x20
)
View Source 
const (
	DirectionInbound  = 0x0
	DirectionOutbound = 0x1
)
View Source 
const DriverStatsSize = 0x148
View Source 
const FilterDefinitionSize = 0x98
View Source 
const FilterPacketHeaderSize = 0x48
View Source 
const (
	LayerTransport = 0x1
)
View Source 
const PerFlowDataSize = 0x94
View Source 
const Signature = 0xddfd0000000a

Variables

This section is empty.

Functions

This section is empty.

Types

type DriverStats 

type DriverStats struct {
	FilterVersion uint64
	Total         Stats
	Handle        Stats
}

type FilterAddress 

type FilterAddress struct {
	Af         uint64
	V4_address [4]uint8
	V4_padding [4]uint8
	V6_address [16]uint8
	Mask       uint64
}

type FilterDefinition 

type FilterDefinition struct {
	FilterVersion  uint64
	Size           uint64
	FilterLayer    uint64
	Af             uint64
	LocalAddress   FilterAddress
	RemoteAddress  FilterAddress
	LocalPort      uint64
	RemotePort     uint64
	Protocol       uint64
	Direction      uint64
	InterfaceIndex uint64
}

type FilterPacketHeader 

type FilterPacketHeader struct {
	FilterVersion    uint64
	Sz               uint64
	SkippedSinceLast uint64
	FilterId         uint64
	Direction        uint64
	PktSize          uint64
	Af               uint64
	OwnerPid         uint64
	Timestamp        uint64
}

type FlowStats 

type FlowStats struct {
	Packets_observed              int64
	Packets_processed             int64
	Open_flows                    int64
	Total_flows                   int64
	Num_flow_searches             int64
	Num_flow_search_misses        int64
	Num_flow_collisions           int64
	Num_flow_structures           int64
	Peak_num_flow_structures      int64
	Num_flows_missed_max_exceeded int64
}

type Handle 

type Handle struct {
	windows.Handle
	// contains filtered or unexported fields
}

Handle struct stores the windows handle for the driver as well as information about what type of filter is set

func NewHandle 

func NewHandle(flags uint32, handleType HandleType) (*Handle, error)

NewHandle creates a new windows handle attached to the driver

func (*Handle) Close 

func (dh *Handle) Close() error

Close closes the underlying windows handle

func (*Handle) GetStatsForHandle 

func (dh *Handle) GetStatsForHandle() (map[string]int64, error)

GetStatsForHandle gets the relevant stats depending on the handle type

func (*Handle) SetDataFilters 

func (dh *Handle) SetDataFilters(filters []FilterDefinition) error

SetDataFilters installs the provided filters for data

func (*Handle) SetFlowFilters 

func (dh *Handle) SetFlowFilters(filters []FilterDefinition) error

SetFlowFilters installs the provided filters for flows

type HandleStats 

type HandleStats struct {
	Read_calls             int64
	Read_calls_outstanding int64
	Read_calls_completed   int64
	Read_calls_cancelled   int64
	Write_calls            int64
	Write_bytes            int64
	Ioctl_calls            int64
}

type HandleType 

type HandleType string

HandleType represents what type of data the windows handle created on the driver is intended to return. It implicitly implies if there are filters set for a handle 

const (
	// FlowHandle is keyed to return 5-tuples from the driver that represents a flow. Used with: (#define FILTER_LAYER_TRANSPORT ((uint64_t) 1)
	FlowHandle HandleType = "Flow"

	// DataHandle is keyed to return full packets from the driver. Used with: #define FILTER_LAYER_IPPACKET ((uint64_t) 0)
	DataHandle HandleType = "Data"

	// StatsHandle has no filter set and is used to pull total stats from the driver
	StatsHandle HandleType = "Stats"
)

type PerFlowData 

type PerFlowData struct {
	FlowHandle         uint64
	ProcessId          uint64
	AddressFamily      uint16
	Protocol           uint16
	Flags              uint32
	LocalAddress       [16]uint8
	RemoteAddress      [16]uint8
	PacketsOut         uint64
	MonotonicSentBytes uint64
	TransportBytesOut  uint64
	PacketsIn          uint64
	MonotonicRecvBytes uint64
	TransportBytesIn   uint64
	Timestamp          uint64
	LocalPort          uint16
	RemotePort         uint16
	U                  [32]byte
}

func (PerFlowData) TCPFlow 

func (f PerFlowData) TCPFlow() *TCPFlowData

TCPFlow returns the TCP-specific flow data

func (PerFlowData) UDPFlow 

func (f PerFlowData) UDPFlow() *UDPFlowData

UDPFlow returns the UDP-specific flow data

type Stats 

type Stats struct {
	Handle_stats    HandleStats
	Flow_stats      FlowStats
	Transport_stats TransportStats
}

type TCPFlowData 

type TCPFlowData struct {
	IRTT            uint64
	SRTT            uint64
	RttVariance     uint64
	RetransmitCount uint64
}

type TransportStats 

type TransportStats struct {
	Packets_processed    int64
	Read_packets_skipped int64
	Packets_reported     int64
}

type UDPFlowData 

type UDPFlowData struct {
	Reserved uint64
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.