drover-go/cmd/drover/debugflow_windows.go

//go:build windows

package main

import (
	"context"
	"log"
	"time"

	"git.okcu.io/root/drover-go/internal/divert"
)

// runDebugFlow opens a WinDivert FLOW handle with the broadest possible
// filter ("tcp") and logs every flow-establish/delete event for up to
// 30 seconds. This is the simplest possible test that the FLOW layer
// is delivering events to our handle.
//
// If we see events here but our process-targeted handle in `proxy`
// stays silent, the bug is in our processId filter clause. If we see
// nothing here, the FLOW layer is broken on this machine.
func runDebugFlow(parent context.Context) error {
	if _, err := divert.InstallDriver(); err != nil {
		return err
	}

	ctx, cancel := context.WithTimeout(parent, 30*time.Second)
	defer cancel()

	log.Printf("debug-flow: opening FLOW handle with filter \"true\" (capture all flows)")
	h, err := divert.OpenFlow("true")
	if err != nil {
		log.Printf("debug-flow: OpenFlow failed: %v", err)
		return err
	}
	defer h.Close()
	log.Printf("debug-flow: handle open, listening for 30s")

	go func() {
		<-ctx.Done()
		_ = h.Close() // unblock RecvFlow
	}()

	count := 0
	for {
		ev, err := h.RecvFlow()
		if err != nil {
			if ctx.Err() != nil {
				log.Printf("debug-flow: done — captured %d events in 30s", count)
				return nil
			}
			log.Printf("debug-flow: RecvFlow err: %v", err)
			return err
		}
		count++
		log.Printf("debug-flow: event #%d est=%v pid=%d proto=%d %v:%d → %v:%d  rawLocal=%x  rawRemote=%x",
			count, ev.Established, ev.ProcessID, ev.Protocol,
			ev.SrcAddr, ev.SrcPort, ev.DstAddr, ev.DstPort,
			ev.LocalRaw, ev.RemoteRaw)
		if count >= 20 {
			log.Printf("debug-flow: hit 20-event cap, stopping")
			return nil
		}
	}
}