WinPcap  4.1.2
Packet.h
Go to the documentation of this file.
1 /*
2  * Copyright (c) 1999 - 2005 NetGroup, Politecnico di Torino (Italy)
3  * Copyright (c) 2005 - 2010 CACE Technologies, Davis (California)
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  *
10  * 1. Redistributions of source code must retain the above copyright
11  * notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  * notice, this list of conditions and the following disclaimer in the
14  * documentation and/or other materials provided with the distribution.
15  * 3. Neither the name of the Politecnico di Torino, CACE Technologies
16  * nor the names of its contributors may be used to endorse or promote
17  * products derived from this software without specific prior written
18  * permission.
19  *
20  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
23  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
24  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
25  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
26  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
27  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
28  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
29  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
30  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31  *
32  */
33 
42 #ifndef __PACKET_INCLUDE______
43 #define __PACKET_INCLUDE______
44 
45 #if !defined(NDIS30) && !defined(NDIS50)
46 #error NDIS30 or NDIS50 should be defined
47 #endif
48 
49 #ifdef _X86_
50 #define NTKERNEL
51 #include "jitter.h"
52 #endif
53 
54 #ifdef HAVE_BUGGY_TME_SUPPORT
55 #ifndef _X86_
56 #error TME support is available only on x86 architectures
57 #endif // _X86_
58 #endif //HAVE_BUGGY_TME_SUPPORT
59 
60 
61 //
62 // Needed to disable a warning due to the #pragma prefast directives,
63 // that are ignored by the normal DDK compiler
64 //
65 #ifndef _PREFAST_
66 #pragma warning(disable:4068)
67 #endif
68 
69 #include "win_bpf.h"
70 
71 #define MAX_REQUESTS 32
72 
73 #define Packet_ALIGNMENT sizeof(int)
74 #define Packet_WORDALIGN(x) (((x)+(Packet_ALIGNMENT-1))&~(Packet_ALIGNMENT-1))
75 
76 
77 #define KERNEL_EVENT_NAMESPACE L"\\BaseNamedObjects\\"
78 
79 
80 // Working modes
81 #define MODE_CAPT 0x0
82 #define MODE_STAT 0x1
83 #define MODE_MON 0x2
84 #define MODE_DUMP 0x10
85 
86 
87 #define IMMEDIATE 1
88 
89 #define NDIS_FLAGS_SKIP_LOOPBACK_W2K 0x400
90 
91 // The following definitions are used to provide compatibility
92 // of the dump files with the ones of libpcap
93 #define TCPDUMP_MAGIC 0xa1b2c3d4
94 #define PCAP_VERSION_MAJOR 2
95 #define PCAP_VERSION_MINOR 4
96 
97 // Loopback behaviour definitions
98 #define NPF_DISABLE_LOOPBACK 1
99 #define NPF_ENABLE_LOOPBACK 2
100 
101 
107 {
108  UINT magic;
109  USHORT version_major;
110  USHORT version_minor;
111  UINT thiszone;
112  UINT sigfigs;
113  UINT snaplen;
114  UINT linktype;
115 };
116 
121 struct sf_pkthdr {
122  struct timeval ts;
123  UINT caplen;
124 
125 
126  UINT len;
127 };
128 
129 //
130 // NT4 DDK doesn't have C_ASSERT
131 //
132 #ifndef C_ASSERT
133 #define C_ASSERT(a)
134 #endif
135 
143 typedef struct _PACKET_OID_DATA {
144  ULONG Oid;
145 
146  ULONG Length;
147  UCHAR Data[1];
148 
149 }
151 
152 C_ASSERT(sizeof(PACKET_OID_DATA) == 12);
153 
163 typedef struct _INTERNAL_REQUEST {
164  LIST_ENTRY ListElement;
165 // PIRP Irp; ///< Irp that performed the request
166 // BOOLEAN Internal; ///< True if the request is for internal use of npf.sys. False if the request is performed by the user through an IOCTL.
168  NDIS_REQUEST Request;
169  NDIS_STATUS RequestStatus;
170 
172 
180 typedef struct _PACKET_RESERVED {
181  LIST_ENTRY ListElement;
182  PIRP Irp;
183  PMDL pMdl;
185 
186  ULONG Cpu;
188 
189 #define RESERVED(_p) ((PPACKET_RESERVED)((_p)->ProtocolReserved))
190 
191 
196 typedef struct _DEVICE_EXTENSION {
197  NDIS_STRING AdapterName;
198  PWSTR ExportString;
199 
201 
207 typedef struct __CPU_Private_Data
208 {
209  ULONG P;
210  ULONG C;
211  ULONG Free;
212  PUCHAR Buffer;
213  ULONG Accepted;
214 
215 
216 
217  ULONG Received;
218 
219 
220 
221  ULONG Dropped;
222 
223 
224 
225  NDIS_SPIN_LOCK BufferLock;
228  ULONG NewP;
229 }
231 
232 
240 typedef struct _OPEN_INSTANCE
241 {
242  PDEVICE_EXTENSION DeviceExtension;
243 
244  NDIS_HANDLE AdapterHandle;
245  UINT Medium;
246 
247  NDIS_HANDLE PacketPool;
248  KSPIN_LOCK RequestSpinLock;
249  LIST_ENTRY RequestList;
250  LIST_ENTRY ResetIrpList;
252  PMDL BufferMdl;
253  PKEVENT ReadEvent;
254  PUCHAR bpfprogram;
255 
256 
257 
258 
259 #ifdef _X86_
260  JIT_BPF_Filter *Filter;
261 
262 #endif //_X86_
263  UINT MinToCopy;
264 
265  LARGE_INTEGER TimeOut;
266 
267 
268  int mode;
269  LARGE_INTEGER Nbytes;
270  LARGE_INTEGER Npackets;
271  NDIS_SPIN_LOCK CountersLock;
272  UINT Nwrites;
273 
275  NDIS_EVENT WriteEvent;
276  BOOLEAN WriteInProgress;
277 
278  NDIS_SPIN_LOCK WriteLock;
279  NDIS_EVENT NdisRequestEvent;
280  BOOLEAN SkipSentPackets;
281  NDIS_STATUS IOStatus;
282  HANDLE DumpFileHandle;
283  PFILE_OBJECT DumpFileObject;
284  PKTHREAD DumpThreadObject;
286  NDIS_EVENT DumpEvent;
287  LARGE_INTEGER DumpOffset;
288  UNICODE_STRING DumpFileName;
290 
292 
293 
295 
296 #ifdef HAVE_BUGGY_TME_SUPPORT
297  MEM_TYPE mem_ex;
298  TME_CORE tme;
299 #endif //HAVE_BUGGY_TME_SUPPORT
300 
301  NDIS_SPIN_LOCK MachineLock;
303 
304  //
305  // KAFFINITY is used as a bit mask for the affinity in the system. So on every supported OS is big enough for all the CPUs on the system (32 bits on x86, 64 on x64?).
306  // We use its size to compute the max number of CPUs.
307  //
308  CpuPrivateData CpuData[sizeof(KAFFINITY) * 8];
309  ULONG ReaderSN;
310  ULONG WriterSN;
311 
312  ULONG Size;
314  NDIS_SPIN_LOCK AdapterHandleLock;
316 
319  NTSTATUS OpenCloseStatus;
322  BOOLEAN ClosePending;
323  NDIS_SPIN_LOCK OpenInUseLock;
324 }
326 
328 {
332 };
333 
342 {
343  ULONG SN;
344  struct bpf_hdr header;
345 };
346 
347 extern ULONG g_NCpu;
348 extern NDIS_HANDLE g_NdisProtocolHandle;
349 extern struct time_conv G_Start_Time; // from openclos.c
350 extern UINT g_SendPacketFlags;
351 
352 #define TRANSMIT_PACKETS 256
353 
354 
355 
357 #define EXIT_SUCCESS(quantity) Irp->IoStatus.Information=quantity;\
358  Irp->IoStatus.Status = STATUS_SUCCESS;\
359  IoCompleteRequest(Irp, IO_NO_INCREMENT);\
360  return STATUS_SUCCESS;\
361 
362 
363 #define EXIT_FAILURE(quantity) Irp->IoStatus.Information=quantity;\
364  Irp->IoStatus.Status = STATUS_UNSUCCESSFUL;\
365  IoCompleteRequest(Irp, IO_NO_INCREMENT);\
366  return STATUS_UNSUCCESSFUL;\
367 
368 
373 /***************************/
374 /* Prototypes */
375 /***************************/
376 
393 NTSTATUS
395  IN PDRIVER_OBJECT DriverObject,
396  IN PUNICODE_STRING RegistryPath
397  );
398 
408 PWCHAR getAdaptersList(VOID);
409 
416 PKEY_VALUE_PARTIAL_INFORMATION getTcpBindings(VOID);
417 
428 BOOLEAN NPF_CreateDevice(
429  IN OUT PDRIVER_OBJECT adriverObjectP,
430  IN PUNICODE_STRING amacNameP
431  );
443 NTSTATUS
444 NPF_Open(
445  IN PDEVICE_OBJECT DeviceObject,
446  IN PIRP Irp
447  );
448 
458 VOID
460  IN NDIS_HANDLE ProtocolBindingContext,
461  IN NDIS_STATUS Status,
462  IN NDIS_STATUS OpenErrorStatus
463  );
464 
475 NTSTATUS
477  IN PDEVICE_OBJECT DeviceObject,
478  IN PIRP Irp
479  );
480 
481 NTSTATUS
482 NPF_Close(
483  IN PDEVICE_OBJECT DeviceObject,
484  IN PIRP Irp
485  );
486 
487 
488 
497 VOID
499  IN NDIS_HANDLE ProtocolBindingContext,
500  IN NDIS_STATUS Status
501  );
502 
525 NDIS_STATUS
526 NPF_tap(
527  IN NDIS_HANDLE ProtocolBindingContext,
528  IN NDIS_HANDLE MacReceiveContext,
529  IN PVOID HeaderBuffer,
530  IN UINT HeaderBufferSize,
531  IN PVOID LookAheadBuffer,
532  IN UINT LookaheadBufferSize,
533  IN UINT PacketSize
534  );
535 
546 VOID
548  IN NDIS_HANDLE ProtocolBindingContext,
549  IN PNDIS_PACKET Packet,
550  IN NDIS_STATUS Status,
551  IN UINT BytesTransferred
552  );
553 
560 VOID
561 NPF_ReceiveComplete(IN NDIS_HANDLE ProtocolBindingContext);
562 
586 NTSTATUS
588  IN PDEVICE_OBJECT DeviceObject,
589  IN PIRP Irp
590  );
591 
592 VOID
593 
604  IN NDIS_HANDLE ProtocolBindingContext,
605  IN PNDIS_REQUEST pRequest,
606  IN NDIS_STATUS Status
607  );
608 
621 NTSTATUS
622 NPF_Write(
623  IN PDEVICE_OBJECT DeviceObject,
624  IN PIRP Irp
625  );
626 
627 
647 INT NPF_BufferedWrite(IN PIRP Irp,
648  IN PCHAR UserBuff,
649  IN ULONG UserBuffSize,
650  BOOLEAN sync);
651 
659 VOID NPF_WaitEndOfBufferedWrite(POPEN_INSTANCE Open);
660 
670 VOID
672  IN NDIS_HANDLE ProtocolBindingContext,
673  IN PNDIS_PACKET pPacket,
674  IN NDIS_STATUS Status
675  );
676 
686 VOID
688  IN NDIS_HANDLE ProtocolBindingContext,
689  IN NDIS_STATUS Status
690  );
691 
695 VOID
696 NPF_Status(
697  IN NDIS_HANDLE ProtocolBindingContext,
698  IN NDIS_STATUS Status,
699  IN PVOID StatusBuffer,
700  IN UINT StatusBufferSize
701  );
702 
703 
707 VOID
708 NPF_StatusComplete(IN NDIS_HANDLE ProtocolBindingContext);
709 
718 VOID
719 NPF_Unload(IN PDRIVER_OBJECT DriverObject);
720 
721 
740 NTSTATUS
741 NPF_Read(
742  IN PDEVICE_OBJECT DeviceObject,
743  IN PIRP Irp
744  );
745 
751 NTSTATUS
753  IN PWSTR *MacDriverName,
754  IN PWSTR *PacketDriverName,
755  IN PUNICODE_STRING RegistryPath
756  );
757 
764 NTSTATUS
766  IN PWSTR ValueName,
767  IN ULONG ValueType,
768  IN PVOID ValueData,
769  IN ULONG ValueLength,
770  IN PVOID Context,
771  IN PVOID EntryContext
772  );
773 
779 VOID NPF_BindAdapter(
780  OUT PNDIS_STATUS Status,
781  IN NDIS_HANDLE BindContext,
782  IN PNDIS_STRING DeviceName,
783  IN PVOID SystemSpecific1,
784  IN PVOID SystemSpecific2
785  );
786 
798 VOID
800  OUT PNDIS_STATUS Status,
801  IN NDIS_HANDLE ProtocolBindingContext,
802  IN NDIS_HANDLE UnbindContext
803  );
804 
805 
813 NTSTATUS NPF_OpenDumpFile(POPEN_INSTANCE Open , PUNICODE_STRING fileName, BOOLEAN append);
814 
823 NTSTATUS NPF_StartDump(POPEN_INSTANCE Open);
824 
832 VOID NPF_DumpThread(PVOID Open);
833 
840 NTSTATUS NPF_SaveCurrentBuffer(POPEN_INSTANCE Open);
841 
854 VOID NPF_WriteDumpFile(PFILE_OBJECT FileObject,
855  PLARGE_INTEGER Offset,
856  ULONG Length,
857  PMDL Mdl,
858  PIO_STATUS_BLOCK IoStatusBlock);
859 
860 
861 
867 NTSTATUS NPF_CloseDumpFile(POPEN_INSTANCE Open);
868 
869 BOOLEAN
871  IN POPEN_INSTANCE pOpen);
872 
873 VOID
875  IN POPEN_INSTANCE pOpen);
876 
877 VOID
879  IN POPEN_INSTANCE pOpen);
880 
881 BOOLEAN
883  IN POPEN_INSTANCE pOpen);
884 
885 VOID
887  IN POPEN_INSTANCE pOpen);
888 
889 VOID
891  IN POPEN_INSTANCE pOpen);
892 
893 NTSTATUS
895  IN POPEN_INSTANCE pOpen,
896  IN PIRP pIrp,
897  OUT PUINT pMtu);
898 
903 UINT GetBuffOccupation(POPEN_INSTANCE Open);
904 
916 #ifdef NDIS50
917 NDIS_STATUS NPF_PowerChange(IN NDIS_HANDLE ProtocolBindingContext, IN PNET_PNP_EVENT pNetPnPEvent);
918 #endif
919 
920 //
921 // Old registry based WinPcap names
922 //
924 // \brief Helper function to query a value from the global WinPcap registry key
925 //*/
926 //VOID NPF_QueryWinpcapRegistryString(PWSTR SubKeyName,
927 // WCHAR *Value,
928 // UINT ValueLen,
929 // WCHAR *DefaultValue);
930 //
931 
932 
941 #endif /*main ifndef/define*/

documentation. Copyright (c) 2002-2005 Politecnico di Torino. Copyright (c) 2005-2009 CACE Technologies. All rights reserved.