代码.rar_WFP流量转发_wfp_流量监控_流量监控系统_网络监控系统_fwpm_layer_stream

共155个文件

h：65个

cpp：52个

c：6个

版权申诉

流量监控

流量监控系统

网络监控系统

5星 · 超过95%的资源 140 浏览量 2022-07-14 11:11:20 上传评论 1 收藏 444KB RAR 举报

**正文** 在IT行业中，网络监控系统扮演着至关重要的角色，尤其在企业级网络管理中。"代码.rar_WFP流量转发_wfp_流量监控_流量监控系统_网络监控系统"这个压缩包文件聚焦于WFP（Windows Filtering Platform）流量转发和监控技术。WFP是微软Windows操作系统中的一个强大功能，它提供了对网络数据包的深度过滤和操作能力，为开发者提供了构建自定义网络监控和管理解决方案的基础。 **WFP流量转发**： WFP流量转发允许开发者创建驱动程序，这些驱动程序可以拦截并处理通过网络发送和接收的数据包。这使得系统管理员能够对网络流量进行精细化控制，例如，实现数据包的定向转发、负载均衡、或在特定条件下阻止某些流量。WFP流量转发不仅高效，而且因为其内核级别的操作，可以在不影响系统性能的情况下实现高吞吐量的数据处理。 **WFP流量监控**： WFP流量监控是WFP的一个关键应用，它使开发者能够编写应用程序来实时监测网络流量。这种监控可以帮助识别潜在的安全威胁、检测异常流量模式，以及优化网络资源的使用。通过WFP，你可以获取详细的网络统计信息，包括每个连接的带宽使用、数据包计数、错误报告等，这些信息对于网络故障排查和性能调优极其宝贵。 **流量监控系统**：流量监控系统是一类用于收集、分析和报告网络流量的应用程序。它们通常包括数据采集、数据分析和可视化组件。这些系统能够帮助管理员了解网络的行为，识别潜在的性能瓶颈、安全风险，甚至预测未来可能的网络问题。结合WFP技术，流量监控系统能够提供更细粒度的监控，从而提高网络安全性和效率。 **网络监控系统**：网络监控系统是企业IT基础设施的关键组成部分，负责全面监控网络设备、服务、应用和流量。它们通常包括报警机制，当网络出现异常时会触发警报，以便快速响应。此外，网络监控系统还支持性能基准设定，帮助管理员确定正常运行时间和性能指标，确保网络始终处于最佳状态。在这个压缩包中，"Housekeeper"和"net"两个文件可能是实现WFP流量监控系统的源代码或者相关工具。"Housekeeper"可能是指一个用于维护和管理网络流量的程序，而"net"可能包含了与网络相关的代码或配置文件。通过研究这些文件，开发者或系统管理员可以深入理解如何利用WFP实现高效的流量监控和转发。 WFP流量转发和监控技术是Windows环境中强大的网络管理工具，它们为企业提供了定制化网络策略的可能性，以确保网络的安全、稳定和高效运行。而这个压缩包则提供了一个实践这些技术的起点，对于学习和应用WFP的开发者来说，是一个宝贵的资源。

资源详情

资源评论

资源推荐

收起资源包目录

代码.rar_WFP流量转发_wfp_流量监控_流量监控系统_网络监控系统（155个子文件）

Housekeeper.aps 23KB

datamntr.c 37KB

hash.c 8KB

ctl.c 7KB

process.c 6KB

init.c 5KB

notify.c 4KB

net Package.vcxprojResolveAssemblyReference.cache 2KB

XUnzip.cpp 145KB

UIManager.cpp 111KB

UIRender.cpp 87KB

UIList.cpp 82KB

UIRichEdit.cpp 70KB

UIListEx.cpp 43KB

UIActiveX.cpp 37KB

UITreeView.cpp 35KB

UIControl.cpp 32KB

UIContainer.cpp 32KB

UICombo.cpp 32KB

UIMenu.cpp 28KB

UIScrollBar.cpp 28KB

MainFram.cpp 24KB

UIMarkup.cpp 22KB

Utils.cpp 20KB

UIEdit.cpp 19KB

UIWebBrowser.cpp 18KB

UIDlgBuilder.cpp 18KB

UIShadow.cpp 17KB

DragDropImpl.cpp 15KB

UIBase.cpp 14KB

UIColorPalette.cpp 12KB

UIHorizontalLayout.cpp 12KB

UIVerticalLayout.cpp 12KB

UIButton.cpp 11KB

WinImplBase.cpp 11KB

UIOption.cpp 9KB

UIGifAnim.cpp 9KB

UISlider.cpp 9KB

UIIPAddress.cpp 7KB

UILabel.cpp 7KB

UIDateTime.cpp 6KB

UIFlash.cpp 6KB

UITileLayout.cpp 6KB

ConnectWfp.cpp 5KB

UIResourceManager.cpp 5KB

RollTextUI.cpp 5KB

UIGifAnimEx.cpp 5KB

UIText.cpp 4KB

UIGroupBox.cpp 4KB

UIProgress.cpp 4KB

UITabLayout.cpp 4KB

UIAnimationTabLayout.cpp 4KB

UIAnimation.cpp 4KB

UIComboBox.cpp 3KB

ControlFactory.cpp 3KB

UILib.cpp 2KB

UIDelegate.cpp 2KB

UIChildLayout.cpp 1KB

main.cpp 883B

StdAfx.cpp 271B

DuiLib.vcxproj.filters 13KB

net.vcxproj.filters 2KB

Housekeeper.vcxproj.filters 2KB

net Package.vcxproj.filters 361B

stb_image.h 218KB

UIManager.h 16KB

UIList.h 14KB

UIDefine.h 12KB

UIMenu.h 8KB

UIListEx.h 8KB

DragDropImpl.h 8KB

UIControl.h 7KB

Utils.h 7KB

downloadmgr.h 6KB

UIRichEdit.h 6KB

UIWebBrowser.h 5KB

UIContainer.h 4KB

WebBrowserEventHandler.h 4KB

MainFram.h 4KB

UITreeView.h 4KB

UICombo.h 4KB

UIScrollBar.h 4KB

UIRender.h 4KB

UIBase.h 3KB

WinImplBase.h 3KB

UIlib.h 3KB

UIShadow.h 3KB

observer_impl_base.h 3KB

UIMarkup.h 3KB

ioctl.h 2KB

UIColorPalette.h 2KB

UIFlash.h 2KB

UIEdit.h 2KB

UIAnimation.h 2KB

UIDelegate.h 2KB

StdAfx.h 2KB

UIButton.h 2KB

UIOption.h 2KB

UIActiveX.h 2KB

datamntr.h 1KB

共 155 条

/*++ Copyright (c) Microsoft Corporation. All rights reserved Abstract: MSN monitor sample driver callout routines Environment: Kernel mode --*/ #include "ntddk.h" #include "ntstrsafe.h" #include "fwpmk.h" #pragma warning(push) #pragma warning(disable:4201) // unnamed struct/union #include "fwpsk.h" #pragma warning(pop) #include "ioctl.h" #include "datamntr.h" #include "ctl.h" #include "notify.h" #include "process.h" #define INITGUID #define TAG_NAME_NOTIFY 'oNnM' #include <guiddef.h> #include "mntrguid.h" PKEVENT g_eDataEven = NULL;//事件--绑定数据 HANDLE g_hBindProcessHandle;//句柄 PKEVENT g_eProcessEven = NULL;//事件--进程数据 HANDLE g_hProcessHandle;//句柄 #define NO_ERROR STATUS_SUCCESS #define MONITOR_FLOW_ESTABLISHED_CALLOUT_DESCRIPTION L"Data Monitor Flow Established Callout" #define MONITOR_FLOW_ESTABLISHED_CALLOUT_NAME L"Flow Established Callout" #define MONITOR_STREAM_CALLOUT_DESCRIPTION L"Data Monitor Stream Callout" #define MONITOR_STREAM_CALLOUT_NAME L"Stream Callout" // // Software Tracing Definitions // #define WPP_CONTROL_GUIDS \ WPP_DEFINE_CONTROL_GUID(MsnMntrMonitor,(dd65554d, 9925, 49d1, 83b6, 46125feb4207), \ WPP_DEFINE_BIT(TRACE_FLOW_ESTABLISHED) \ WPP_DEFINE_BIT(TRACE_STATE_CHANGE) \ WPP_DEFINE_BIT(TRACE_LAYER_NOTIFY) ) #include "datamntr.tmh" #define TAG_NAME_CALLOUT 'CnoM' #define TAG_NAME_BINDDATA 'BinM' UINT32 g_uFlowEstablishedId = 0; UINT32 g_uStreamId = 0; LIST_ENTRY g_lFlowContextList; //数据流链表，用于存放数据在层直接传播 KSPIN_LOCK g_kFlowContextListLock;//线程锁 LIST_ENTRY g_lBindDataToProcessList; //存放数据，将进程，端口，流量等绑定在一起 KSPIN_LOCK g_kBindDataListLock;//绑定数据线程锁 UINT64 g_uEstablishedFilter = 0; //Filer层的 ID UINT64 g_uStreamFilter = 0; // Filer 层Stream ID HANDLE g_hEngineHandle = NULL; //WFP句柄 //UINT32 g_uAleRecvAcceptCalloutId = 0; //UINT64 g_uAleConnectFilterId = 0; NTSTATUS MonitorCoFlowEstablishedNotifyV4( IN FWPS_CALLOUT_NOTIFY_TYPE notifyType, IN const GUID* filterKey, IN const FWPS_FILTER* filter); NTSTATUS MonitorCoStreamNotifyV4( IN FWPS_CALLOUT_NOTIFY_TYPE notifyType, IN const GUID* filterKey, IN const FWPS_FILTER* filter); VOID MonitorCoStreamFlowDeletion( IN UINT16 layerId, IN UINT32 calloutId, IN UINT64 flowContext); #if(NTDDI_VERSION >= NTDDI_WIN7) NTSTATUS MonitorCoFlowEstablishedCalloutV4( IN const FWPS_INCOMING_VALUES* inFixedValues, IN const FWPS_INCOMING_METADATA_VALUES* inMetaValues, IN VOID* packet, IN const void* classifyContext, IN const FWPS_FILTER* filter, IN UINT64 flowContext, OUT FWPS_CLASSIFY_OUT* classifyOut); #else if(NTDDI_VERSION < NTDDI_WIN7) NTSTATUS MonitorCoFlowEstablishedCalloutV4( IN const FWPS_INCOMING_VALUES* inFixedValues, IN const FWPS_INCOMING_METADATA_VALUES* inMetaValues, IN VOID* packet, IN const FWPS_FILTER* filter, IN UINT64 flowContext, OUT FWPS_CLASSIFY_OUT* classifyOut); #endif #if(NTDDI_VERSION >= NTDDI_WIN7) NTSTATUS MonitorCoStreamCalloutV4( IN const FWPS_INCOMING_VALUES* inFixedValues, IN const FWPS_INCOMING_METADATA_VALUES* inMetaValues, IN VOID* packet, IN const void* classifyContext, IN const FWPS_FILTER* filter, IN UINT64 flowContext, OUT FWPS_CLASSIFY_OUT* classifyOut); #else if(NTDDI_VERSION < NTDDI_WIN7) NTSTATUS MonitorCoStreamCalloutV4( IN const FWPS_INCOMING_VALUES* inFixedValues, IN const FWPS_INCOMING_METADATA_VALUES* inMetaValues, IN VOID* packet, IN const FWPS_FILTER* filter, IN UINT64 flowContext, OUT FWPS_CLASSIFY_OUT* classifyOut); #endif DWORD MonitorAppRemoveCallouts() /*++ Routine Description: Sets the kernel callout ID's through the MSN monitor device Arguments: [in] HANDLE monitorDevice - MSN Monitor device [in] CALLOUTS* callouts - Callout structure with ID's set [in] DWORD size - Size of the callout structure. Return Value: NO_ERROR or a specific DeviceIoControl result. --*/ { DWORD result = 0; DbgPrint("Starting Transaction for Removing callouts\n"); // result = FwpmTransactionBegin(g_hEngineHandle, 0); // if (NO_ERROR != result) // { // goto abort; // } //DbgPrint("Successfully started the Transaction\n"); if (0 == g_hEngineHandle)//句柄为空，退出 goto cleanup; result = FwpmFilterDeleteById(g_hEngineHandle, g_uEstablishedFilter); //result = FwpmFilterDeleteByKey(g_hEngineHandle, &FWPM_LAYER_ALE_FLOW_ESTABLISHED_V4); if (NO_ERROR != result) { goto abort;//DATA_MONITOR_SUBLAYER } g_uEstablishedFilter = 0; DbgPrint("Deleting Stream Filter\n"); result = FwpmFilterDeleteById(g_hEngineHandle, g_uStreamFilter); if (NO_ERROR != result) { goto abort; } g_uStreamFilter = 0; DbgPrint("Deleting Stream SubLayer\n"); result = FwpmSubLayerDeleteByKey(g_hEngineHandle, &DATA_MONITOR_SUBLAYER); if (NO_ERROR != result) { goto abort; } DbgPrint("Deleting Flow Established callout\n"); result = FwpmCalloutDeleteByKey(g_hEngineHandle, &DATA_MONITOR_FLOW_ESTABLISHED_CALLOUT_V4); if (NO_ERROR != result) { goto abort; } DbgPrint("Successfully Deleted Flow Established callout\n"); DbgPrint("Deleting Stream callout\n"); result = FwpmCalloutDeleteByKey(g_hEngineHandle, &DATA_MONITOR_STREAM_CALLOUT_V4); if (NO_ERROR != result) { goto abort; } DbgPrint("Successfully Deleted Stream callout\n"); DbgPrint("FwpsCalloutUnregisterById FlowEstablishedId\n"); result = FwpsCalloutUnregisterById(g_uFlowEstablishedId); if (NO_ERROR != result) { goto abort; } g_uFlowEstablishedId = 0; DbgPrint("FwpsCalloutUnregisterById StreamId\n"); result = FwpsCalloutUnregisterById(g_uStreamId); if (NO_ERROR != result) { goto abort; } g_uStreamId = 0; goto cleanup; abort: //DbgPrint("Aborting Transaction\n"); //result = FwpmTransactionAbort(engineHandle); //if (NO_ERROR == result) { // DbgPrint("Successfully Aborted Transaction.\n"); } cleanup: if (g_hEngineHandle) { FwpmEngineClose(g_hEngineHandle); } return result; } DWORD MonitorAppAddCallouts() /*++ Routine Description: Adds the callouts during installation Arguments: [in] HANDLE engineHandle - Engine handle. Return Value: NO_ERROR or a specific FWP result. --*/ { FWPM_CALLOUT callout; DWORD result; FWPM_DISPLAY_DATA displayData; DbgPrint("Successfully started the Transaction\n"); RtlZeroMemory(&callout, sizeof(FWPM_CALLOUT)); displayData.description = MONITOR_FLOW_ESTABLISHED_CALLOUT_DESCRIPTION; displayData.name = MONITOR_FLOW_ESTABLISHED_CALLOUT_NAME; callout.calloutKey = DATA_MONITOR_FLOW_ESTABLISHED_CALLOUT_V4; callout.displayData = displayData; callout.applicableLayer = FWPM_LAYER_ALE_FLOW_ESTABLISHED_V4; //callout.flags = FWPM_CALLOUT_FLAG_PERSISTENT; // Make this a persistent callout. DbgPrint("Adding Persistent Flow Established callout through the Filtering Engine\n"); result = FwpmCalloutAdd(g_hEngineHandle, &callout, NULL, NULL); if (NO_ERROR != result) { DbgPrint("Aborting Transaction %x\n", result); goto abort; } DbgPrint("Successfully Added Persistent Flow Established callout.\n"); RtlZeroMemory(&callout, sizeof(FWPM_CALLOUT)); displayData.description = MONITOR_STREAM_CALLOUT_DESCRIPTION; displayData.name = MONITOR_STREAM_CALLOUT_DESCRIPTION; callout.calloutKey = DATA_MONITOR_STREAM_CALLOUT_V4; callout.displayData = displayData; callout.applicableLayer = FWPM_LAYER_STREAM_V4; //callout.flags = FWPM_CALLOUT_FLAG_PERSISTENT; // Make this a persistent callout. DbgPrint("Adding Persistent Stream callout through the Filtering Engine\n"); result = FwpmCalloutAdd(g_hEng