locked
get packet data size WFP RRS feed

  • Question

  • Need to add a new feature to an existing WFP driver, to count all bytes sent/received over TCP/UDP.

    New to WFP, just wanted to share my plan to get feedback.

    - register and add callouts for FWPM_LAYER_OUTBOUND_TRANSPORT_V4/6,
      FWPM_LAYER_INBOUND_TRANSPORT_V4/6

    - add filters for the same layers with action==FWP_ACTION_CALLOUT_INSPECTION

    - in the classification callback, the 'layerData' parameter
    is a pointer to the NET_BUFFER_LIST.  Iterate over the linked
    list of NET_BUFFER_LISTs, and inside each NET_BUFFER_LIST iterate
    over NET_BUFFER structs and use NET_BUFFER_DATA_LENGTH to calculate
    the total byte count

    Does it look good?

    Thanks in advance

    Friday, April 24, 2015 8:17 PM

All replies

  • Hello,

    I'm currently trying to do the same thing. I would like to know a way to count bytes received over TCP, in order to provide network statistics such as TCP bytes per second received.

    Thanks, Matias.

    Monday, July 20, 2015 4:47 PM