PcapPlusPlus  Next
WinDivertDevice.h
Go to the documentation of this file.
1 #pragma once
2 
3 #include <functional>
4 #include <tuple>
5 #include <unordered_map>
6 #include <atomic>
7 #include "Device.h"
8 
23 namespace pcpp
24 {
25  namespace internal
26  {
31  class IOverlappedWrapper
32  {
33  public:
38  struct WaitResult
39  {
42  enum class Status
43  {
44  Completed,
45  Timeout,
46  Failed
47  };
48 
49  Status status;
50  uint32_t errorCode = 0;
51  };
52 
57  struct OverlappedResult
58  {
61  enum class Status
62  {
63  Success,
64  Failed
65  };
66 
67  Status status;
68  uint32_t packetLen = 0;
69  uint32_t errorCode = 0;
70  };
71 
72  virtual WaitResult wait(uint32_t timeout) = 0;
73  virtual void reset() = 0;
74  virtual OverlappedResult getOverlappedResult() = 0;
75  virtual ~IOverlappedWrapper() = default;
76  };
77 
83  struct WinDivertAddress
84  {
85  bool isIPv6;
86  uint32_t interfaceIndex;
87  uint64_t timestamp;
88  };
89 
97  class IWinDivertHandle
98  {
99  public:
101  enum class WinDivertParam
102  {
103  QueueLength = 0,
104  QueueTime = 1,
105  QueueSize = 2,
106  VersionMajor = 3,
107  VersionMinor = 4
108  };
109 
111  static constexpr uint32_t SuccessResult = 0;
113  static constexpr uint32_t ErrorIoPending = 997;
114 
115  virtual ~IWinDivertHandle() = default;
116 
119  virtual uint32_t close() = 0;
120 
133  virtual uint32_t recvEx(uint8_t* buffer, uint32_t bufferLen, size_t addressesSize,
134  IOverlappedWrapper* overlapped) = 0;
135 
138  virtual std::vector<WinDivertAddress> recvExComplete() = 0;
139 
145  virtual uint32_t sendEx(uint8_t* buffer, uint32_t bufferLen, size_t addressesSize) = 0;
146 
149  virtual std::unique_ptr<IOverlappedWrapper> createOverlapped() = 0;
150 
155  virtual bool getParam(WinDivertParam param, uint64_t& value) = 0;
156 
161  virtual bool setParam(WinDivertParam param, uint64_t value) = 0;
162  };
163 
172  class IWinDivertDriver
173  {
174  public:
176  struct NetworkInterface
177  {
178  uint32_t index;
179  std::wstring name;
180  std::wstring description;
181  bool isLoopback;
182  bool isUp;
183  };
184 
191  virtual std::unique_ptr<IWinDivertHandle> open(const std::string& filter, int layer, int16_t priority,
192  uint64_t flags) = 0;
193 
196  virtual std::vector<NetworkInterface> getNetworkInterfaces() const = 0;
197 
198  virtual ~IWinDivertDriver() = default;
199  };
200  } // namespace internal
201 
209  class WinDivertRawPacket : public RawPacket
210  {
211  public:
212  WinDivertRawPacket(const uint8_t* pRawData, int rawDataLen, timespec timestamp, bool deleteRawDataAtDestructor,
213  LinkLayerType layerType, uint32_t interfaceIndex, uint64_t winDivertTimestamp)
214  : RawPacket(pRawData, rawDataLen, timestamp, deleteRawDataAtDestructor, layerType),
215  m_InterfaceIndex(interfaceIndex), m_WinDivertTimestamp(winDivertTimestamp)
216  {}
217 
218  ~WinDivertRawPacket() override = default;
219 
222  uint32_t getInterfaceIndex() const
223  {
224  return m_InterfaceIndex;
225  }
226 
229  uint64_t getWinDivertTimestamp() const
230  {
231  return m_WinDivertTimestamp;
232  }
233 
234  private:
235  uint32_t m_InterfaceIndex;
236  uint64_t m_WinDivertTimestamp;
237  };
238 
257  class WinDivertDevice : public IDevice
258  {
259  public:
262  struct ReceiveResult
263  {
266  enum class Status
267  {
268  Completed,
269  Timeout,
270  Failed
271  };
272 
273  Status status;
274  std::string error;
275  uint32_t errorCode = 0;
276  };
277 
280  struct SendResult
281  {
284  enum class Status
285  {
286  Completed,
287  Failed
288  };
289 
290  Status status;
291  size_t packetsSent;
292  std::string error;
293  uint32_t errorCode = 0;
294  };
295 
298  struct WinDivertVersion
299  {
300  uint64_t major;
301  uint64_t minor;
302 
304  std::string toString() const
305  {
306  return std::to_string(major) + "." + std::to_string(minor);
307  }
308  };
309 
312  struct NetworkInterface
313  {
314  uint32_t index;
315  std::wstring name;
316  std::wstring description;
317  bool isLoopback;
318  bool isUp;
319  };
320 
328  enum class QueueParam
329  {
330  QueueLength,
331  QueueTime,
332  QueueSize
333  };
334 
337  using WinDivertRawPacketVector = PointerVector<WinDivertRawPacket>;
338 
341  struct WinDivertReceiveCallbackContext
342  {
343  WinDivertDevice* device = nullptr;
344  };
345 
351  using ReceivePacketCallback = std::function<void(const WinDivertRawPacketVector& packetVec,
352  const WinDivertReceiveCallbackContext& context)>;
355  using QueueParams = std::unordered_map<QueueParam, uint64_t>;
356 
362  WinDivertDevice(std::unique_ptr<internal::IWinDivertDriver> driver = nullptr);
363 
367  bool open() override;
368 
373  bool open(const std::string& filter);
374 
376  void close() override;
377 
378  bool isOpened() const override
379  {
380  return m_DeviceOpened;
381  }
382 
395  ReceiveResult receivePackets(WinDivertRawPacketVector& packetVec, uint32_t timeout = 5000,
396  uint32_t maxPackets = 0, uint8_t batchSize = 64);
397 
408  ReceiveResult receivePackets(const ReceivePacketCallback& callback, uint32_t timeout = 5000,
409  uint8_t batchSize = 64);
410 
413  void stopReceive();
414 
422  SendResult sendPackets(const RawPacketVector& packetVec, uint8_t batchSize = 64) const;
423 
426  QueueParams getPacketQueueParams() const;
427 
431  void setPacketQueueParams(const QueueParams& params) const;
432 
435  WinDivertVersion getVersion() const;
436 
441  const NetworkInterface* getNetworkInterface(uint32_t interfaceIndex) const;
442 
445  std::vector<NetworkInterface> getNetworkInterfaces() const;
446 
447  private:
448  std::unique_ptr<internal::IWinDivertDriver> m_Driver;
449  std::unique_ptr<internal::IWinDivertHandle> m_Handle;
450  std::atomic<bool> m_IsReceiving{ false };
451  mutable std::unordered_map<uint32_t, NetworkInterface> m_NetworkInterfaces;
452  mutable bool m_NetworkInterfacesInitialized = false;
453  bool m_DeviceOpened = false;
454 
455  struct ReceiveResultInternal : ReceiveResult
456  {
457  uint32_t capturedDataLength = 0;
458  std::vector<internal::WinDivertAddress> addresses;
459 
460  ReceiveResultInternal(Status status, const std::string& error = "", uint32_t errorCode = 0)
461  : ReceiveResult{ status, error, errorCode }
462  {}
463 
464  ReceiveResultInternal(uint32_t capturedDataLength, const std::vector<internal::WinDivertAddress>& addresses)
465  : ReceiveResult{ Status::Completed, "", 0 }, capturedDataLength(capturedDataLength),
466  addresses(addresses)
467  {}
468  };
469 
470  ReceiveResultInternal receivePacketsInternal(uint32_t timeout, uint8_t batchSize, std::vector<uint8_t>& buffer,
471  internal::IOverlappedWrapper* overlapped);
472  static std::tuple<LinkLayerType, uint16_t, timespec> getPacketInfo(uint8_t* buffer, uint32_t bufferLen,
473  const internal::WinDivertAddress& address);
474  void setNetworkInterfaces() const;
475  static std::string getErrorString(uint32_t errorCode);
476  };
477 } // namespace pcpp
pcpp::IDevice
Definition: Device.h:20
pcpp::PointerVector
Definition: PointerVector.h:50
pcpp::RawPacket
Definition: RawPacket.h:261
pcpp::RawPacket::RawPacket
RawPacket()=default
pcpp::WinDivertDevice
A device wrapper around the WinDivert driver for Windows.
Definition: WinDivertDevice.h:258
pcpp::WinDivertDevice::stopReceive
void stopReceive()
Request to stop an ongoing receivePackets(callback, ...) loop.
pcpp::WinDivertDevice::getNetworkInterface
const NetworkInterface * getNetworkInterface(uint32_t interfaceIndex) const
Get a pointer to a specific Windows network interface by index.
pcpp::WinDivertDevice::getNetworkInterfaces
std::vector< NetworkInterface > getNetworkInterfaces() const
Enumerate Windows network interfaces.
pcpp::WinDivertDevice::close
void close() override
Close the device and release the underlying WinDivert handle.
pcpp::WinDivertDevice::setPacketQueueParams
void setPacketQueueParams(const QueueParams &params) const
Set WinDivert queue parameters.
pcpp::WinDivertDevice::open
bool open(const std::string &filter)
Open the device with a custom WinDivert filter.
pcpp::WinDivertDevice::getPacketQueueParams
QueueParams getPacketQueueParams() const
Get the current WinDivert queue parameters.
pcpp::WinDivertDevice::getVersion
WinDivertVersion getVersion() const
Get the WinDivert runtime version loaded on the system.
pcpp::WinDivertDevice::QueueParam
QueueParam
Queue tuning parameters supported by WinDivert.
Definition: WinDivertDevice.h:329
pcpp::WinDivertDevice::QueueParam::QueueLength
@ QueueLength
Maximum number of packets in the packet queue (packets)
pcpp::WinDivertDevice::QueueParam::QueueSize
@ QueueSize
Maximum memory allocated for the queue (bytes)
pcpp::WinDivertDevice::QueueParam::QueueTime
@ QueueTime
Maximum residence time of packets in the queue (milliseconds)
pcpp::WinDivertDevice::receivePackets
ReceiveResult receivePackets(WinDivertRawPacketVector &packetVec, uint32_t timeout=5000, uint32_t maxPackets=0, uint8_t batchSize=64)
Receive packets into a vector owned by the caller.
pcpp::WinDivertDevice::open
bool open() override
Open the device with a default filter capturing both directions.
pcpp::WinDivertDevice::isOpened
bool isOpened() const override
Definition: WinDivertDevice.h:378
pcpp::WinDivertDevice::QueueParams
std::unordered_map< QueueParam, uint64_t > QueueParams
A map of QueueParam keys to their values. Units are per QueueParam description above.
Definition: WinDivertDevice.h:355
pcpp::WinDivertDevice::receivePackets
ReceiveResult receivePackets(const ReceivePacketCallback &callback, uint32_t timeout=5000, uint8_t batchSize=64)
Receive packets using a callback invoked for each received batch.
pcpp::WinDivertDevice::WinDivertDevice
WinDivertDevice(std::unique_ptr< internal::IWinDivertDriver > driver=nullptr)
Construct a WinDivertDevice.
pcpp::WinDivertDevice::sendPackets
SendResult sendPackets(const RawPacketVector &packetVec, uint8_t batchSize=64) const
Send a vector of raw packets in batches.
pcpp::WinDivertDevice::ReceivePacketCallback
std::function< void(const WinDivertRawPacketVector &packetVec, const WinDivertReceiveCallbackContext &context)> ReceivePacketCallback
Callback invoked with a batch of received packets when using the callback receive API....
Definition: WinDivertDevice.h:352
pcpp::WinDivertRawPacket
A RawPacket specialization used by WinDivertDevice.
Definition: WinDivertDevice.h:210
pcpp::WinDivertRawPacket::getInterfaceIndex
uint32_t getInterfaceIndex() const
Get the Windows interface index the packet was captured on.
Definition: WinDivertDevice.h:222
pcpp::WinDivertRawPacket::getWinDivertTimestamp
uint64_t getWinDivertTimestamp() const
Get the original WinDivert timestamp captured for this packet.
Definition: WinDivertDevice.h:229
pcpp::internal::IOverlappedWrapper
Abstract helper that wraps Windows OVERLAPPED I/O used by WinDivert operations.
Definition: WinDivertDevice.h:32
pcpp::internal::IWinDivertDriver
Factory and system-query abstraction used by WinDivertDevice.
Definition: WinDivertDevice.h:173
pcpp::internal::IWinDivertDriver::getNetworkInterfaces
virtual std::vector< NetworkInterface > getNetworkInterfaces() const =0
Enumerate Windows network interfaces relevant to WinDivert.
pcpp::internal::IWinDivertDriver::open
virtual std::unique_ptr< IWinDivertHandle > open(const std::string &filter, int layer, int16_t priority, uint64_t flags)=0
Open a WinDivert handle with the given filter and settings.
pcpp::internal::IWinDivertHandle
An abstract handle for interacting with the WinDivert device.
Definition: WinDivertDevice.h:98
pcpp::internal::IWinDivertHandle::close
virtual uint32_t close()=0
Close the underlying WinDivert handle.
pcpp::internal::IWinDivertHandle::ErrorIoPending
static constexpr uint32_t ErrorIoPending
Windows ERROR_IO_PENDING (997) reported when an async operation is in flight.
Definition: WinDivertDevice.h:113
pcpp::internal::IWinDivertHandle::recvEx
virtual uint32_t recvEx(uint8_t *buffer, uint32_t bufferLen, size_t addressesSize, IOverlappedWrapper *overlapped)=0
Begin or perform an overlapped receive of raw packet data.
pcpp::internal::IWinDivertHandle::createOverlapped
virtual std::unique_ptr< IOverlappedWrapper > createOverlapped()=0
Create a new overlapped wrapper bound to this handle.
pcpp::internal::IWinDivertHandle::SuccessResult
static constexpr uint32_t SuccessResult
Generic success code returned by most operations.
Definition: WinDivertDevice.h:111
pcpp::internal::IWinDivertHandle::recvExComplete
virtual std::vector< WinDivertAddress > recvExComplete()=0
Finalize a previous overlapped receive and fetch per-packet address metadata.
pcpp::internal::IWinDivertHandle::getParam
virtual bool getParam(WinDivertParam param, uint64_t &value)=0
Query a WinDivert runtime/queue parameter.
pcpp::internal::IWinDivertHandle::setParam
virtual bool setParam(WinDivertParam param, uint64_t value)=0
Set a WinDivert runtime/queue parameter.
pcpp::internal::IWinDivertHandle::sendEx
virtual uint32_t sendEx(uint8_t *buffer, uint32_t bufferLen, size_t addressesSize)=0
Send a batch of raw packets.
pcpp::internal::IWinDivertHandle::WinDivertParam
WinDivertParam
WinDivert runtime parameters that can be queried or configured.
Definition: WinDivertDevice.h:102
pcpp::internal::IWinDivertHandle::WinDivertParam::QueueLength
@ QueueLength
Maximum number of packets in the queue.
pcpp::internal::IWinDivertHandle::WinDivertParam::QueueSize
@ QueueSize
Maximum total queue size (bytes)
pcpp::internal::IWinDivertHandle::WinDivertParam::QueueTime
@ QueueTime
Maximum time (ms) a packet may stay in the queue.
pcpp
The main namespace for the PcapPlusPlus lib.
Definition: AssertionUtils.h:19
pcpp::LinkLayerType
LinkLayerType
An enum describing all known link layer type. Taken from: http://www.tcpdump.org/linktypes....
Definition: RawPacket.h:22
pcpp::WinDivertDevice::NetworkInterface
A Windows network interface entry returned by getNetworkInterfaces().
Definition: WinDivertDevice.h:313
pcpp::WinDivertDevice::NetworkInterface::index
uint32_t index
Interface index as provided by Windows.
Definition: WinDivertDevice.h:314
pcpp::WinDivertDevice::NetworkInterface::description
std::wstring description
Human-readable description from the OS.
Definition: WinDivertDevice.h:316
pcpp::WinDivertDevice::NetworkInterface::isUp
bool isUp
True when the interface operational status is up.
Definition: WinDivertDevice.h:318
pcpp::WinDivertDevice::NetworkInterface::name
std::wstring name
Interface name (GUID or friendly/system name)
Definition: WinDivertDevice.h:315
pcpp::WinDivertDevice::NetworkInterface::isLoopback
bool isLoopback
True if the interface type is software loopback.
Definition: WinDivertDevice.h:317
pcpp::WinDivertDevice::ReceiveResult
Result object returned by receive operations.
Definition: WinDivertDevice.h:263
pcpp::WinDivertDevice::ReceiveResult::status
Status status
Operation status (Completed/Timeout/Failed)
Definition: WinDivertDevice.h:273
pcpp::WinDivertDevice::ReceiveResult::Status
Status
Status codes for receive operations.
Definition: WinDivertDevice.h:267
pcpp::WinDivertDevice::ReceiveResult::Status::Completed
@ Completed
Receive completed successfully.
pcpp::WinDivertDevice::ReceiveResult::Status::Timeout
@ Timeout
Receive timed out before completing the requested operation.
pcpp::WinDivertDevice::ReceiveResult::Status::Failed
@ Failed
Receive failed due to an error (see error and errorCode)
pcpp::WinDivertDevice::ReceiveResult::errorCode
uint32_t errorCode
Platform-specific error code associated with the failure (0 if none)
Definition: WinDivertDevice.h:275
pcpp::WinDivertDevice::ReceiveResult::error
std::string error
Error message when status is Failed; empty otherwise.
Definition: WinDivertDevice.h:274
pcpp::WinDivertDevice::SendResult
Result object returned by send operations.
Definition: WinDivertDevice.h:281
pcpp::WinDivertDevice::SendResult::Status
Status
Status codes for send operations.
Definition: WinDivertDevice.h:285
pcpp::WinDivertDevice::SendResult::Status::Completed
@ Completed
Send operation completed successfully.
pcpp::WinDivertDevice::SendResult::Status::Failed
@ Failed
Send operation failed (see error and errorCode)
pcpp::WinDivertDevice::SendResult::errorCode
uint32_t errorCode
Platform-specific error code associated with the failure (0 if none)
Definition: WinDivertDevice.h:293
pcpp::WinDivertDevice::SendResult::error
std::string error
Error message when status is Failed; empty otherwise.
Definition: WinDivertDevice.h:292
pcpp::WinDivertDevice::SendResult::packetsSent
size_t packetsSent
Number of packets successfully sent when status is Completed.
Definition: WinDivertDevice.h:291
pcpp::WinDivertDevice::SendResult::status
Status status
Operation status (Completed/Failed)
Definition: WinDivertDevice.h:290
pcpp::WinDivertDevice::WinDivertReceiveCallbackContext
Context object passed to ReceivePacketCallback.
Definition: WinDivertDevice.h:342
pcpp::WinDivertDevice::WinDivertReceiveCallbackContext::device
WinDivertDevice * device
The device that owns the receive loop (may be null)
Definition: WinDivertDevice.h:343
pcpp::WinDivertDevice::WinDivertVersion
The WinDivert runtime version as reported by the driver.
Definition: WinDivertDevice.h:299
pcpp::WinDivertDevice::WinDivertVersion::toString
std::string toString() const
Convert to "major.minor" string representation.
Definition: WinDivertDevice.h:304
pcpp::WinDivertDevice::WinDivertVersion::major
uint64_t major
Major version number reported by WinDivert.
Definition: WinDivertDevice.h:300
pcpp::WinDivertDevice::WinDivertVersion::minor
uint64_t minor
Minor version number reported by WinDivert.
Definition: WinDivertDevice.h:301
pcpp::internal::IOverlappedWrapper::OverlappedResult
Result of completing an OVERLAPPED I/O operation.
Definition: WinDivertDevice.h:58
pcpp::internal::IOverlappedWrapper::OverlappedResult::Status
Status
Status codes for overlapped result.
Definition: WinDivertDevice.h:62
pcpp::internal::IOverlappedWrapper::OverlappedResult::status
Status status
Completion status.
Definition: WinDivertDevice.h:67
pcpp::internal::IOverlappedWrapper::OverlappedResult::errorCode
uint32_t errorCode
Windows error code (when relevant)
Definition: WinDivertDevice.h:69
pcpp::internal::IOverlappedWrapper::OverlappedResult::packetLen
uint32_t packetLen
Number of bytes read/written (when applicable)
Definition: WinDivertDevice.h:68
pcpp::internal::IOverlappedWrapper::WaitResult
Result of waiting on an OVERLAPPED I/O operation.
Definition: WinDivertDevice.h:39
pcpp::internal::IOverlappedWrapper::WaitResult::errorCode
uint32_t errorCode
Windows error code (when relevant)
Definition: WinDivertDevice.h:50
pcpp::internal::IOverlappedWrapper::WaitResult::Status
Status
Status codes for wait result.
Definition: WinDivertDevice.h:43
pcpp::internal::IOverlappedWrapper::WaitResult::Status::Timeout
@ Timeout
The wait timed out before completion.
pcpp::internal::IOverlappedWrapper::WaitResult::status
Status status
Final wait status.
Definition: WinDivertDevice.h:49
pcpp::internal::IWinDivertDriver::NetworkInterface
Information about a Windows network interface as reported by WinDivert/Windows APIs.
Definition: WinDivertDevice.h:177
pcpp::internal::IWinDivertDriver::NetworkInterface::isUp
bool isUp
True when the interface operational status is up.
Definition: WinDivertDevice.h:182
pcpp::internal::IWinDivertDriver::NetworkInterface::description
std::wstring description
Human-readable description from the OS.
Definition: WinDivertDevice.h:180
pcpp::internal::IWinDivertDriver::NetworkInterface::name
std::wstring name
Interface name (GUID or friendly/system name)
Definition: WinDivertDevice.h:179
pcpp::internal::IWinDivertDriver::NetworkInterface::isLoopback
bool isLoopback
True if the interface type is software loopback.
Definition: WinDivertDevice.h:181
pcpp::internal::IWinDivertDriver::NetworkInterface::index
uint32_t index
Interface index as provided by Windows.
Definition: WinDivertDevice.h:178
pcpp::internal::WinDivertAddress
Minimal address/metadata returned by WinDivert for a captured packet.
Definition: WinDivertDevice.h:84
pcpp::internal::WinDivertAddress::isIPv6
bool isIPv6
True if the packet is IPv6, false for IPv4.
Definition: WinDivertDevice.h:85
pcpp::internal::WinDivertAddress::interfaceIndex
uint32_t interfaceIndex
Windows network interface index.
Definition: WinDivertDevice.h:86
pcpp::internal::WinDivertAddress::timestamp
uint64_t timestamp
WinDivert timestamp associated with the packet.
Definition: WinDivertDevice.h:87