|
PcapPlusPlus
Next
|
|
PcapPlusPlus
Next
|
A device wrapper around the WinDivert driver for Windows. More...
#include <WinDivertDevice.h>
Classes | |
| struct | NetworkInterface |
| A Windows network interface entry returned by getNetworkInterfaces(). More... | |
| struct | ReceiveResult |
| Result object returned by receive operations. More... | |
| struct | SendResult |
| Result object returned by send operations. More... | |
| struct | WinDivertReceiveCallbackContext |
| Context object passed to ReceivePacketCallback. More... | |
| struct | WinDivertVersion |
| The WinDivert runtime version as reported by the driver. More... | |
Public Types | |
| enum class | QueueParam { QueueLength , QueueTime , QueueSize } |
| Queue tuning parameters supported by WinDivert. More... | |
| using | WinDivertRawPacketVector = PointerVector< WinDivertRawPacket > |
| Convenience alias for a vector of WinDivertRawPacket pointers with ownership semantics. | |
| using | ReceivePacketCallback = std::function< void(const WinDivertRawPacketVector &packetVec, const WinDivertReceiveCallbackContext &context)> |
| Callback invoked with a batch of received packets when using the callback receive API. The callback is called from the receiving loop until stopReceive() is invoked or an error/timeout occurs. More... | |
| using | QueueParams = std::unordered_map< QueueParam, uint64_t > |
| A map of QueueParam keys to their values. Units are per QueueParam description above. | |
Public Member Functions | |
| WinDivertDevice (std::unique_ptr< internal::IWinDivertDriver > driver=nullptr) | |
| Construct a WinDivertDevice. More... | |
| bool | open () override |
| Open the device with a default filter capturing both directions. More... | |
| bool | open (const std::string &filter) |
| Open the device with a custom WinDivert filter. More... | |
| void | close () override |
| Close the device and release the underlying WinDivert handle. | |
| bool | isOpened () const override |
| ReceiveResult | receivePackets (WinDivertRawPacketVector &packetVec, uint32_t timeout=5000, uint32_t maxPackets=0, uint8_t batchSize=64) |
| Receive packets into a vector owned by the caller. More... | |
| ReceiveResult | receivePackets (const ReceivePacketCallback &callback, uint32_t timeout=5000, uint8_t batchSize=64) |
| Receive packets using a callback invoked for each received batch. More... | |
| void | stopReceive () |
| Request to stop an ongoing receivePackets(callback, ...) loop. More... | |
| SendResult | sendPackets (const RawPacketVector &packetVec, uint8_t batchSize=64) const |
| Send a vector of raw packets in batches. More... | |
| QueueParams | getPacketQueueParams () const |
| Get the current WinDivert queue parameters. More... | |
| void | setPacketQueueParams (const QueueParams ¶ms) const |
| Set WinDivert queue parameters. More... | |
| WinDivertVersion | getVersion () const |
| Get the WinDivert runtime version loaded on the system. More... | |
| const NetworkInterface * | getNetworkInterface (uint32_t interfaceIndex) const |
| Get a pointer to a specific Windows network interface by index. More... | |
| std::vector< NetworkInterface > | getNetworkInterfaces () const |
| Enumerate Windows network interfaces. More... | |
A device wrapper around the WinDivert driver for Windows.
WinDivert is a kernel driver for packet interception and injection on Windows. WinDivertDevice opens a WinDivert handle on the WINDIVERT_LAYER_NETWORK layer using a filter and provides methods to receive and send packets in batches, query/set queue parameters, retrieve the WinDivert runtime version, and enumerate Windows network interfaces.
Notes:
For WinDivert filter syntax, layer semantics, timestamps and error codes please refer to the WinDivert documentation.
| using pcpp::WinDivertDevice::ReceivePacketCallback = std::function<void(const WinDivertRawPacketVector& packetVec, const WinDivertReceiveCallbackContext& context)> |
Callback invoked with a batch of received packets when using the callback receive API. The callback is called from the receiving loop until stopReceive() is invoked or an error/timeout occurs.
| [in] | packetVec | A list of the currently received batch of WinDivertRawPacket objects. |
| [in] | context | A context object providing the calling device and, potentially, other metadata. |
|
strong |
Queue tuning parameters supported by WinDivert.
These map to WinDivert queue configuration parameters:
| pcpp::WinDivertDevice::WinDivertDevice | ( | std::unique_ptr< internal::IWinDivertDriver > | driver = nullptr | ) |
Construct a WinDivertDevice.
| [in] | driver | Optional WinDivert driver implementation. Ownership is transferred to WinDivertDevice. Pass nullptr (the default) to use the built-in default driver implementation. |
| const NetworkInterface* pcpp::WinDivertDevice::getNetworkInterface | ( | uint32_t | interfaceIndex | ) | const |
Get a pointer to a specific Windows network interface by index.
| [in] | interfaceIndex | The Windows interface index. |
| std::vector<NetworkInterface> pcpp::WinDivertDevice::getNetworkInterfaces | ( | ) | const |
Enumerate Windows network interfaces.
| QueueParams pcpp::WinDivertDevice::getPacketQueueParams | ( | ) | const |
Get the current WinDivert queue parameters.
| WinDivertVersion pcpp::WinDivertDevice::getVersion | ( | ) | const |
Get the WinDivert runtime version loaded on the system.
|
inlineoverridevirtual |
Implements pcpp::IDevice.
|
overridevirtual |
Open the device with a default filter capturing both directions.
Implements pcpp::IDevice.
| bool pcpp::WinDivertDevice::open | ( | const std::string & | filter | ) |
Open the device with a custom WinDivert filter.
| [in] | filter | A WinDivert filter string (e.g. "ip and tcp.DstPort == 80"). |
| ReceiveResult pcpp::WinDivertDevice::receivePackets | ( | const ReceivePacketCallback & | callback, |
| uint32_t | timeout = 5000, |
||
| uint8_t | batchSize = 64 |
||
| ) |
Receive packets using a callback invoked for each received batch.
The method runs a receive loop and invokes callback with each batch. The loop ends when stopReceive() is called from another thread, on timeout, or if an error occurs. Packet memory is valid during the callback and is released when the callback returns.
| [in] | callback | A callback receiving a vector view of the current batch. |
| [in] | timeout | Receive timeout in milliseconds per wait cycle. Default is 5000ms. |
| [in] | batchSize | Number of packets to read per WinDivert call (must be > 0). Default is 64. |
| ReceiveResult pcpp::WinDivertDevice::receivePackets | ( | WinDivertRawPacketVector & | packetVec, |
| uint32_t | timeout = 5000, |
||
| uint32_t | maxPackets = 0, |
||
| uint8_t | batchSize = 64 |
||
| ) |
Receive packets into a vector owned by the caller.
This method receives up to maxPackets packets (0 means unlimited) in batches of batchSize. It returns when either enough packets were captured or timeout milliseconds elapsed without completion.
| [out] | packetVec | Destination vector for received packets. Each entry is a WinDivertRawPacket that owns its data. |
| [in] | timeout | Receive timeout in milliseconds. Use 0 with a positive maxPackets to wait until quota is reached. |
| [in] | maxPackets | Maximum packets to receive before returning. Use 0 for no limit (subject to timeout). |
| [in] | batchSize | Number of packets to read per WinDivert call (must be > 0). Default is 64. |
| SendResult pcpp::WinDivertDevice::sendPackets | ( | const RawPacketVector & | packetVec, |
| uint8_t | batchSize = 64 |
||
| ) | const |
Send a vector of raw packets in batches.
The method copies packet data into an internal buffer and calls WinDivert send in batches of batchSize.
| [in] | packetVec | A vector of raw packets to send. |
| [in] | batchSize | Number of packets to send per WinDivert call (must be > 0). Default is 64. |
| void pcpp::WinDivertDevice::setPacketQueueParams | ( | const QueueParams & | params | ) | const |
Set WinDivert queue parameters.
| [in] | params | A map of queue parameters to set. Absent keys are left unchanged. |
| void pcpp::WinDivertDevice::stopReceive | ( | ) |
Request to stop an ongoing receivePackets(callback, ...) loop.
1.9.1