driver

package

v0.0.0-...-cd7ca46 Latest Latest Go to latest Published: Apr 24, 2024 License: Apache-2.0 Imports: 12 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/DataDog/datadog-agent

Documentation ¶

Rendered for windows/amd64

Index ¶

Constants
Variables
func ForceStop() error
func Init(*sysconfigtypes.Config) error
func IsNeeded() bool
func Start() error
func Stop() error
type ClassificationSettings
type ConnTupleType
type FilterAddress
type FilterDefinition
type FilterPacketHeader
type FlowStats
type Handle
- func NewHandle(flags uint32, handleType HandleType) (Handle, error)
type HandleType
type HttpConfigurationSettings
type HttpMethodType
type HttpStats
type HttpTransactionType
type PerFlowData
- func (f PerFlowData) TCPFlow() *TCPFlowData
- func (f PerFlowData) UDPFlow() *UDPFlowData
type RealDriverHandle
- func (dh *RealDriverHandle) CancelIoEx(ol *windows.Overlapped) error
- func (dh *RealDriverHandle) Close() error
- func (dh *RealDriverHandle) DeviceIoControl(ioControlCode uint32, inBuffer *byte, inBufferSize uint32, outBuffer *byte, ...) (err error)
- func (dh *RealDriverHandle) GetWindowsHandle() windows.Handle
- func (dh *RealDriverHandle) ReadFile(p []byte, bytesRead *uint32, ol *windows.Overlapped) error
- func (dh *RealDriverHandle) RefreshStats()
type Stats
type TCPFlowData
type TcpConnectionStatus
type TransportStats
type UDPFlowData

Constants ¶

View Source

const (
	GetStatsIOCTL             = 0x122004
	SetFlowFilterIOCTL        = 0x122010
	SetDataFilterIOCTL        = 0x12200c
	GetFlowsIOCTL             = 0x122014
	SetMaxOpenFlowsIOCTL      = 0x122024
	SetMaxClosedFlowsIOCTL    = 0x122028
	FlushPendingHttpTxnsIOCTL = 0x122020
	EnableHttpIOCTL           = 0x122030
	EnableClassifyIOCTL       = 0x122040
	SetClosedFlowsLimitIOCTL  = 0x12203c
	GetOpenFlowsIOCTL         = 0x122036
	GetClosedFlowsIOCTL       = 0x12203a
)

View Source

const (
	FlowDirectionMask     = 0x300
	FlowDirectionBits     = 0x8
	FlowDirectionInbound  = 0x1
	FlowDirectionOutbound = 0x2

	FlowClosedMask         = 0x10
	TCPFlowEstablishedMask = 0x20
)

View Source

const (
	DirectionInbound  = 0x0
	DirectionOutbound = 0x1
)

View Source

const (
	HttpTransactionTypeSize        = 0x50
	HttpSettingsTypeSize           = 0x14
	ClassificationSettingsTypeSize = 0x8
)

View Source

const (
	ClassificationUnclassified           = 0x0
	ClassificationClassified             = 0x1
	ClassificationUnableInsufficientData = 0x2
	ClassificationUnknown                = 0x3

	ClassificationRequestUnclassified = 0x0
	ClassificationRequestHTTPUnknown  = 0x1
	ClassificationRequestHTTPPost     = 0x2
	ClassificationRequestHTTPPut      = 0x3
	ClassificationRequestHTTPPatch    = 0x4
	ClassificationRequestHTTPGet      = 0x5
	ClassificationRequestHTTPHead     = 0x6
	ClassificationRequestHTTPOptions  = 0x7
	ClassificationRequestHTTPDelete   = 0x8
	ClassificationRequestHTTPLast     = 0x8

	ClassificationRequestHTTP2 = 0x9

	ClassificationRequestTLS  = 0xa
	ClassificationResponseTLS = 0x2

	ALPNProtocolHTTP2  = 0x1
	ALPNProtocolHTTP11 = 0x2

	ClassificationResponseUnclassified = 0x0
	ClassificationResponseHTTP         = 0x1
)

View Source

const FilterDefinitionSize = 0x98

View Source

const FilterPacketHeaderSize = 0x48

View Source

const (
	LayerTransport = 0x1
)

View Source

const PerFlowDataSize = 0xbc

View Source

const Signature = 0xddfd00000017

View Source

const StatsSize = 0x118

View Source

const (
	TcpStatusEstablished = 0x2
)

Variables ¶

View Source

var (
	//nolint:revive // TODO(WKIT) Fix revive linter
	// Buffer holding datadog driver filterapi (ddnpmapi) signature to ensure consistency with driver.
	DdAPIVersionBuf = makeDDAPIVersionBuffer(Signature)
)

View Source

var ErrDriverNotInitialized = errors.New("driver has not been initialized")

ErrDriverNotInitialized is returned when you attempt to use the driver without calling Init

View Source

var HandleTelemetry = struct {
	numFlowCollisions     telemetry.Gauge
	newFlowsSkippedMax    telemetry.Gauge
	closedFlowsSkippedMax telemetry.Gauge

	numFlowStructs           telemetry.Gauge
	peakNumFlowStructs       telemetry.Gauge
	numFlowClosedStructs     telemetry.Gauge
	peakNumFlowClosedStructs telemetry.Gauge

	openTableAdds      telemetry.Gauge
	openTableRemoves   telemetry.Gauge
	closedTableAdds    telemetry.Gauge
	closedTableRemoves telemetry.Gauge

	noHandleFlows             telemetry.Gauge
	noHandleFlowsPeak         telemetry.Gauge
	numFlowsMissedMaxNoHandle telemetry.Gauge
	numPacketsAfterClosed     telemetry.Gauge

	classifyNoDirection       telemetry.Gauge
	classifyMultipleRequest   telemetry.Gauge
	classifyMultipleResponse  telemetry.Gauge
	classifyResponseNoRequest telemetry.Gauge

	noStateAtAleAuthConnect     telemetry.Gauge
	noStateAtAleAuthRecv        telemetry.Gauge
	noStateAtAleflowEstablished telemetry.Gauge
	noStateAtAleEndpointClosure telemetry.Gauge
	noStateAtInboundTransport   telemetry.Gauge
	noStateAtOutboundTransport  telemetry.Gauge

	httpTxnsCaptured      telemetry.Gauge
	httpTxnsSkippedMax    telemetry.Gauge
	httpNdisNonContiguous telemetry.Gauge
	flowsIgnoredAsEtw     telemetry.Gauge
	httpTxnNoLatency      telemetry.Gauge
	httpTxnBatchedOnRead  telemetry.Gauge

	ReadPacketsSkipped *telemetry.StatGaugeWrapper
	readsRequested     telemetry.Gauge
	readsCompleted     telemetry.Gauge
	readsCancelled     telemetry.Gauge
}{
	telemetry.NewGauge(handleModuleName, "num_flow_collisions", []string{}, "Gauge measuring the number of flow collisions"),
	telemetry.NewGauge(handleModuleName, "new_flows_skipped_max", []string{}, "Gauge measuring the maximum number of new flows skipped"),
	telemetry.NewGauge(handleModuleName, "closed_flows_skipped_max", []string{}, "Gauge measuring the maximum number of closed flows skipped"),

	telemetry.NewGauge(handleModuleName, "num_flow_structs", []string{}, "Gauge measuring the number of flow structs"),
	telemetry.NewGauge(handleModuleName, "peak_num_flow_structs", []string{}, "Gauge measuring the peak number of flow structs"),
	telemetry.NewGauge(handleModuleName, "num_flow_closed_structs", []string{}, "Gauge measuring the number of closed flow structs"),
	telemetry.NewGauge(handleModuleName, "peak_num_flow_closed_structs", []string{}, "Gauge measuring the peak number of closed flow structs"),

	telemetry.NewGauge(handleModuleName, "open_table_adds", []string{}, "Gauge measuring the number of additions to the open table"),
	telemetry.NewGauge(handleModuleName, "open_table_removes", []string{}, "Gauge measuring the number of removals from the open table"),
	telemetry.NewGauge(handleModuleName, "closed_table_adds", []string{}, "Gauge measuring the number of additions to the closed table"),
	telemetry.NewGauge(handleModuleName, "closed_table_removes", []string{}, "Gauge measuring the number of removals from the closed table"),

	telemetry.NewGauge(handleModuleName, "no_handle_flows", []string{}, "Gauge measuring the number of no handle flows"),
	telemetry.NewGauge(handleModuleName, "no_handle_flows_peak", []string{}, "Gauge measuring the peak number of no handle flows"),
	telemetry.NewGauge(handleModuleName, "num_flows_missed_max_no_handle", []string{}, "Gauge measuring the max number of no handle missed flows"),
	telemetry.NewGauge(handleModuleName, "num_packets_after_closed", []string{}, "Gauge measuring the number of packets after close"),

	telemetry.NewGauge(handleModuleName, "classify_no_direction", []string{}, "Gauge measuring the number of no direction flows"),
	telemetry.NewGauge(handleModuleName, "classify_multiple_request", []string{}, "Gauge measuring the number of multiple request flows"),
	telemetry.NewGauge(handleModuleName, "classify_multiple_response", []string{}, "Gauge measuring the number of multiple response flows"),
	telemetry.NewGauge(handleModuleName, "classify_response_no_request", []string{}, "Gauge measuring the number of no request flows"),

	telemetry.NewGauge(handleModuleName, "no_state_at_ale_auth_connect", []string{}, "Gauge measuring the number of no request flows"),
	telemetry.NewGauge(handleModuleName, "no_state_at_ale_auth_recv", []string{}, "Gauge measuring the number of no request flows"),
	telemetry.NewGauge(handleModuleName, "no_state_at_ale_flow_established", []string{}, "Gauge measuring the number of no request flows"),
	telemetry.NewGauge(handleModuleName, "no_state_at_ale_endpoint_closure", []string{}, "Gauge measuring the number of no request flows"),
	telemetry.NewGauge(handleModuleName, "no_state_at_inbound_transport", []string{}, "Gauge measuring the number of no request flows"),
	telemetry.NewGauge(handleModuleName, "no_state_at_outbound_transport", []string{}, "Gauge measuring the number of no request flows"),

	telemetry.NewGauge(handleModuleName, "http_txns_captured", []string{}, "Gauge measuring the number of http transactions captured"),
	telemetry.NewGauge(handleModuleName, "http_txns_skipped_max", []string{}, "Gauge measuring the max number of http transactions skipped"),
	telemetry.NewGauge(handleModuleName, "http_ndis_non_contiguous", []string{}, "Gauge measuring the number of non contiguous http ndis"),
	telemetry.NewGauge(handleModuleName, "flows_ignored_as_etw", []string{}, "Gauge measuring the number of flows ignored as etw"),
	telemetry.NewGauge(handleModuleName, "txn_zero_latency", []string{}, "Gauge measuring number of http transactions computed zero latency"),
	telemetry.NewGauge(handleModuleName, "txn_batched_on_read", []string{}, "Gauge measuring number of http transactions computed zero latency"),

	telemetry.NewStatGaugeWrapper(handleModuleName, "read_packets_skipped", []string{}, "Gauge measuring the number of read packets skipped"),
	telemetry.NewGauge(handleModuleName, "reads_requested", []string{}, "Gauge measuring the number of reads requested"),
	telemetry.NewGauge(handleModuleName, "reads_completed", []string{}, "Gauge measuring the number of reads completed"),
	telemetry.NewGauge(handleModuleName, "reads_cancelled", []string{}, "Gauge measuring the number of reads_cancelled"),
}

Telemetry

Functions ¶

func ForceStop ¶

func ForceStop() error

ForceStop forcefully stops the driver without concern to current usage

func Init ¶

func Init(*sysconfigtypes.Config) error

Init configures the driver and will disable it if closed source is not allowed

func IsNeeded ¶

func IsNeeded() bool

IsNeeded will return if one or more users have called Start and not called Stop yet

func Start ¶

func Start() error

Start will start the driver if this is the first user

func Stop ¶

func Stop() error

Stop will stop the driver if this is the last user

Types ¶

type ClassificationSettings ¶

type ClassificationSettings struct {
	Enabled uint64
}

type ConnTupleType ¶

type ConnTupleType struct {
	LocalAddr  [16]byte
	RemoteAddr [16]byte
	LocalPort  uint16
	RemotePort uint16
	Family     uint16
	Pad        uint16
}

type FilterAddress ¶

type FilterAddress struct {
	Af         uint64
	V4_address [4]uint8
	V4_padding [4]uint8
	V6_address [16]uint8
	Mask       uint64
}

type FilterDefinition ¶

type FilterDefinition struct {
	FilterVersion  uint64
	Size           uint64
	FilterLayer    uint64
	Af             uint64
	LocalAddress   FilterAddress
	RemoteAddress  FilterAddress
	LocalPort      uint64
	RemotePort     uint64
	Protocol       uint64
	Direction      uint64
	InterfaceIndex uint64
}

type FilterPacketHeader ¶

type FilterPacketHeader struct {
	FilterVersion    uint64
	Sz               uint64
	SkippedSinceLast uint64
	FilterId         uint64
	Direction        uint64
	PktSize          uint64
	Af               uint64
	OwnerPid         uint64
	Timestamp        uint64
}

type FlowStats ¶

type FlowStats struct {
	Num_flow_collisions                      int64
	Num_flow_alloc_skipped_max_open_exceeded int64
	Num_flow_closed_dropped_max_exceeded     int64
	Num_flow_structures                      int64
	Peak_num_flow_structures                 int64
	Num_flow_closed_structures               int64
	Peak_num_flow_closed_structures          int64
	Open_table_adds                          int64
	Open_table_removes                       int64
	Closed_table_adds                        int64
	Closed_table_removes                     int64
	Num_flows_no_handle                      int64
	Peak_num_flows_no_handle                 int64
	Num_flows_missed_max_no_handle_exceeded  int64
	Num_packets_after_flow_closed            int64
	Classify_with_no_direction               int64
	Classify_multiple_request                int64
	Classify_multiple_response               int64
	Classify_response_no_request             int64
	No_state_at_ale_auth_connect             int64
	No_state_at_ale_auth_recv                int64
	No_state_at_ale_flow_established         int64
	No_state_at_ale_endpoint_closure         int64
	No_state_at_inbound_transport            int64
	No_state_at_outbound_transport           int64
}

type Handle ¶

type Handle interface {
	ReadFile(p []byte, bytesRead *uint32, ol *windows.Overlapped) error
	DeviceIoControl(ioControlCode uint32, inBuffer *byte, inBufferSize uint32, outBuffer *byte, outBufferSize uint32, bytesReturned *uint32, overlapped *windows.Overlapped) (err error)
	CancelIoEx(ol *windows.Overlapped) error
	Close() error
	GetWindowsHandle() windows.Handle
	RefreshStats()
}

func NewHandle ¶

func NewHandle(flags uint32, handleType HandleType) (Handle, error)

NewHandle creates a new windows handle attached to the driver

type HandleType ¶

type HandleType string

HandleType represents what type of data the windows handle created on the driver is intended to return. It implicitly implies if there are filters set for a handle

const (
	// FlowHandle is keyed to return 5-tuples from the driver that represents a flow. Used with: (#define FILTER_LAYER_TRANSPORT ((uint64_t) 1)
	FlowHandle HandleType = "Flow"

	// DataHandle is keyed to return full packets from the driver. Used with: #define FILTER_LAYER_IPPACKET ((uint64_t) 0)
	DataHandle HandleType = "Data"

	// StatsHandle has no filter set and is used to pull total stats from the driver
	StatsHandle HandleType = "Stats"
)

type HttpConfigurationSettings ¶

type HttpConfigurationSettings struct {
	MaxTransactions        uint64
	NotificationThreshold  uint64
	MaxRequestFragment     uint16
	EnableAutoETWExclusion uint16
}

type HttpMethodType ¶

type HttpMethodType uint32

type HttpStats ¶

type HttpStats struct {
	Txns_captured              int64
	Txns_skipped_max_exceeded  int64
	Ndis_buffer_non_contiguous int64
	Flows_ignored_as_etw       int64
	Txn_zero_latency           int64
	Txn_batched_on_read        int64
}

type HttpTransactionType ¶

type HttpTransactionType struct {
	RequestStarted     uint64
	ResponseLastSeen   uint64
	Tup                ConnTupleType
	RequestMethod      uint32
	ResponseStatusCode uint16
	MaxRequestFragment uint16
	SzRequestFragment  uint16
	Pad                [6]uint8
	RequestFragment    *uint8
}

type PerFlowData ¶

type PerFlowData struct {
	FlowHandle               uint64
	FlowCookie               uint64
	ProcessId                uint64
	AddressFamily            uint16
	Protocol                 uint16
	Flags                    uint32
	LocalAddress             [16]uint8
	RemoteAddress            [16]uint8
	PacketsOut               uint64
	MonotonicSentBytes       uint64
	TransportBytesOut        uint64
	PacketsIn                uint64
	MonotonicRecvBytes       uint64
	TransportBytesIn         uint64
	Timestamp                uint64
	LocalPort                uint16
	RemotePort               uint16
	ClassificationStatus     uint16
	ClassifyRequest          uint16
	ClassifyResponse         uint16
	HttpUpgradeToH2Requested uint8
	HttpUpgradeToH2Accepted  uint8
	Tls_versions_offered     uint16
	Tls_version_chosen       uint16
	Tls_alpn_requested       uint64
	Tls_alpn_chosen          uint64
	Protocol_u               [36]byte
}

func (PerFlowData) TCPFlow ¶

func (f PerFlowData) TCPFlow() *TCPFlowData

TCPFlow returns the TCP-specific flow data

func (PerFlowData) UDPFlow ¶

func (f PerFlowData) UDPFlow() *UDPFlowData

UDPFlow returns the UDP-specific flow data

type RealDriverHandle ¶

type RealDriverHandle struct {
	Handle windows.Handle
	// contains filtered or unexported fields
}

Handle struct stores the windows handle for the driver as well as information about what type of filter is set

func (*RealDriverHandle) CancelIoEx ¶

func (dh *RealDriverHandle) CancelIoEx(ol *windows.Overlapped) error

func (*RealDriverHandle) Close ¶

func (dh *RealDriverHandle) Close() error

Close closes the underlying windows handle

func (*RealDriverHandle) DeviceIoControl ¶

func (dh *RealDriverHandle) DeviceIoControl(ioControlCode uint32, inBuffer *byte, inBufferSize uint32, outBuffer *byte, outBufferSize uint32, bytesReturned *uint32, overlapped *windows.Overlapped) (err error)

func (*RealDriverHandle) GetWindowsHandle ¶

func (dh *RealDriverHandle) GetWindowsHandle() windows.Handle

func (*RealDriverHandle) ReadFile ¶

func (dh *RealDriverHandle) ReadFile(p []byte, bytesRead *uint32, ol *windows.Overlapped) error

func (*RealDriverHandle) RefreshStats ¶

func (dh *RealDriverHandle) RefreshStats()

RefreshStats refreshes the relevant stats depending on the handle type

type Stats ¶

type Stats struct {
	Flow_stats      FlowStats
	Transport_stats TransportStats
	Http_stats      HttpStats
}

type TCPFlowData ¶

type TCPFlowData struct {
	IRTT             uint64
	SRTT             uint64
	RttVariance      uint64
	RetransmitCount  uint64
	ConnectionStatus uint32
}

type TcpConnectionStatus ¶

type TcpConnectionStatus uint32

type TransportStats ¶

type TransportStats struct {
	Packets_skipped int64
	Calls_requested int64
	Calls_completed int64
	Calls_cancelled int64
}

type UDPFlowData ¶

type UDPFlowData struct {
	Reserved uint64
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL