pub struct WfpEventSubscription { /* private fields */ }Expand description
WFP Event Subscription Handle
RAII wrapper for WFP event subscription. Automatically unsubscribes on drop. Events are delivered via an mpsc channel for thread-safe processing.
Implementations§
Source§impl WfpEventSubscription
impl WfpEventSubscription
Sourcepub fn new(engine: &WfpEngine) -> WfpResult<Self>
pub fn new(engine: &WfpEngine) -> WfpResult<Self>
Subscribe to WFP network events
Creates a new event subscription that monitors network events. Events are delivered via the returned receiver channel.
§Errors
Returns error if subscription fails (permissions, invalid engine, etc.)
Examples found in repository?
examples/live_demo.rs (line 58)
32fn main() -> WfpResult<()> {
33 println!("windows-wfp - Live WFP Demo");
34 println!("================================\n");
35
36 // Check for admin privileges
37 if !is_elevated() {
38 eprintln!("ERROR: This demo requires Administrator privileges!");
39 eprintln!(" Please run: cargo run --example live_demo --release");
40 eprintln!(" from an Administrator command prompt.\n");
41 std::process::exit(1);
42 }
43
44 println!("Running with Administrator privileges\n");
45
46 // Step 1: Initialize WFP Engine
47 println!("Step 1: Opening WFP Engine session...");
48 let engine = WfpEngine::new()?;
49 println!(" Engine session opened\n");
50
51 // Step 2: Register Provider & Sublayer
52 println!("Step 2: Registering WFP provider & sublayer...");
53 initialize_wfp(&engine)?;
54 println!(" Provider & sublayer registered\n");
55
56 // Step 3: Subscribe to network events
57 println!("Step 3: Subscribing to network events...");
58 let event_subscription = WfpEventSubscription::new(&engine)?;
59 println!(" Event subscription active\n");
60
61 // Step 4: Add blocking filter for curl.exe
62 println!("Step 4: Adding block filter for curl.exe...");
63 let curl_path = find_curl_path();
64 println!(" Target: {}", curl_path.display());
65
66 let block_rule = FilterRule::new("Block curl.exe", Direction::Outbound, Action::Block)
67 .with_weight(FilterWeight::UserBlock)
68 .with_app_path(curl_path.clone());
69
70 let filter_id = FilterBuilder::add_filter(&engine, &block_rule)?;
71 println!(" Filter added (ID: {})\n", filter_id);
72
73 // Step 5: Monitor events
74 println!("Step 5: Monitoring network events...");
75 println!(" Press Ctrl+C to stop\n");
76 println!("TIP: In another terminal, run:");
77 println!(" > curl https://google.com");
78 println!(" You should see the connection BLOCKED below!\n");
79 println!("===================================================\n");
80
81 let start_time = std::time::Instant::now();
82 let mut event_count = 0;
83
84 loop {
85 match event_subscription.try_recv() {
86 Ok(event) => {
87 event_count += 1;
88 print_event(&event, event_count);
89 }
90 Err(std::sync::mpsc::TryRecvError::Empty) => {
91 thread::sleep(Duration::from_millis(100));
92 }
93 Err(std::sync::mpsc::TryRecvError::Disconnected) => {
94 println!("\nEvent channel disconnected!");
95 break;
96 }
97 }
98
99 // Auto-stop after 60 seconds for demo
100 if start_time.elapsed() > Duration::from_secs(60) {
101 println!("\nDemo timeout (60s) - stopping...");
102 break;
103 }
104 }
105
106 // Cleanup
107 println!("\nCleaning up...");
108 FilterBuilder::delete_filter(&engine, filter_id)?;
109 println!(" Filter removed");
110 drop(event_subscription);
111 println!(" Event subscription closed");
112 drop(engine);
113 println!(" Engine session closed\n");
114
115 println!("Demo complete! {} events captured.", event_count);
116 Ok(())
117}Sourcepub fn try_recv(&self) -> Result<NetworkEvent, TryRecvError>
pub fn try_recv(&self) -> Result<NetworkEvent, TryRecvError>
Try to receive a network event (non-blocking)
Examples found in repository?
examples/live_demo.rs (line 85)
32fn main() -> WfpResult<()> {
33 println!("windows-wfp - Live WFP Demo");
34 println!("================================\n");
35
36 // Check for admin privileges
37 if !is_elevated() {
38 eprintln!("ERROR: This demo requires Administrator privileges!");
39 eprintln!(" Please run: cargo run --example live_demo --release");
40 eprintln!(" from an Administrator command prompt.\n");
41 std::process::exit(1);
42 }
43
44 println!("Running with Administrator privileges\n");
45
46 // Step 1: Initialize WFP Engine
47 println!("Step 1: Opening WFP Engine session...");
48 let engine = WfpEngine::new()?;
49 println!(" Engine session opened\n");
50
51 // Step 2: Register Provider & Sublayer
52 println!("Step 2: Registering WFP provider & sublayer...");
53 initialize_wfp(&engine)?;
54 println!(" Provider & sublayer registered\n");
55
56 // Step 3: Subscribe to network events
57 println!("Step 3: Subscribing to network events...");
58 let event_subscription = WfpEventSubscription::new(&engine)?;
59 println!(" Event subscription active\n");
60
61 // Step 4: Add blocking filter for curl.exe
62 println!("Step 4: Adding block filter for curl.exe...");
63 let curl_path = find_curl_path();
64 println!(" Target: {}", curl_path.display());
65
66 let block_rule = FilterRule::new("Block curl.exe", Direction::Outbound, Action::Block)
67 .with_weight(FilterWeight::UserBlock)
68 .with_app_path(curl_path.clone());
69
70 let filter_id = FilterBuilder::add_filter(&engine, &block_rule)?;
71 println!(" Filter added (ID: {})\n", filter_id);
72
73 // Step 5: Monitor events
74 println!("Step 5: Monitoring network events...");
75 println!(" Press Ctrl+C to stop\n");
76 println!("TIP: In another terminal, run:");
77 println!(" > curl https://google.com");
78 println!(" You should see the connection BLOCKED below!\n");
79 println!("===================================================\n");
80
81 let start_time = std::time::Instant::now();
82 let mut event_count = 0;
83
84 loop {
85 match event_subscription.try_recv() {
86 Ok(event) => {
87 event_count += 1;
88 print_event(&event, event_count);
89 }
90 Err(std::sync::mpsc::TryRecvError::Empty) => {
91 thread::sleep(Duration::from_millis(100));
92 }
93 Err(std::sync::mpsc::TryRecvError::Disconnected) => {
94 println!("\nEvent channel disconnected!");
95 break;
96 }
97 }
98
99 // Auto-stop after 60 seconds for demo
100 if start_time.elapsed() > Duration::from_secs(60) {
101 println!("\nDemo timeout (60s) - stopping...");
102 break;
103 }
104 }
105
106 // Cleanup
107 println!("\nCleaning up...");
108 FilterBuilder::delete_filter(&engine, filter_id)?;
109 println!(" Filter removed");
110 drop(event_subscription);
111 println!(" Event subscription closed");
112 drop(engine);
113 println!(" Engine session closed\n");
114
115 println!("Demo complete! {} events captured.", event_count);
116 Ok(())
117}Sourcepub fn recv(&self) -> Result<NetworkEvent, RecvError>
pub fn recv(&self) -> Result<NetworkEvent, RecvError>
Receive a network event (blocking)
Sourcepub fn iter(&self) -> Iter<'_, NetworkEvent>
pub fn iter(&self) -> Iter<'_, NetworkEvent>
Get an iterator over pending events
Trait Implementations§
Auto Trait Implementations§
impl Freeze for WfpEventSubscription
impl RefUnwindSafe for WfpEventSubscription
impl !Send for WfpEventSubscription
impl !Sync for WfpEventSubscription
impl Unpin for WfpEventSubscription
impl UnsafeUnpin for WfpEventSubscription
impl UnwindSafe for WfpEventSubscription
Blanket Implementations§
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more