WinPcap: NPF 结构与定义
优质
小牛编辑
133浏览
2023-12-01
数据结构 | |
| struct | packet_file_header |
| Header of a libpcap dump file. More... | |
| struct | sf_pkthdr |
| Header associated to a packet in the driver's buffer when the driver is in dump mode. Similar to the bpf_hdr structure, but simpler. More... | |
| struct | _INTERNAL_REQUEST |
| Stores an OID request. More... | |
| struct | _PACKET_RESERVED |
| Contains a NDIS packet. More... | |
| struct | _DEVICE_EXTENSION |
| Port device extension. More... | |
| struct | __CPU_Private_Data |
| Kernel buffer of each CPU. More... | |
| struct | _OPEN_INSTANCE |
| Contains the state of a running instance of the NPF driver. More... | |
| struct | PacketHeader |
| Structure prepended to each packet in the kernel buffer pool. More... | |
定义 | |
| #define | MAX_REQUESTS32 |
| Maximum number of simultaneous IOCTL requests. | |
| #define | Packet_ALIGNMENTsizeof(int) |
| Alignment macro. Defines the alignment size. | |
| #define | Packet_WORDALIGN(x)(((x)+(Packet_ALIGNMENT-1))&~(Packet_ALIGNMENT-1)) |
| even multiple of Packet_ALIGNMENT. | |
| #define | KERNEL_EVENT_NAMESPACEL"\BaseNamedObjects\" |
| #define | BIOCSETBUFFERSIZE9592 |
| IOCTL code: set kernel buffer size. | |
| #define | BIOCSETF9030 |
| IOCTL code: set packet filtering program. | |
| #define | BIOCGSTATS9031 |
| IOCTL code: get the capture stats. | |
| #define | BIOCSRTIMEOUT7416 |
| IOCTL code: set the read timeout. | |
| #define | BIOCSMODE7412 |
| IOCTL code: set working mode. | |
| #define | BIOCSWRITEREP7413 |
| IOCTL code: set number of physical repetions of every packet written by the app. | |
| #define | BIOCSMINTOCOPY7414 |
| IOCTL code: set minimum amount of data in the kernel buffer that unlocks a read call. | |
| #define | BIOCSETOID2147483648 |
| IOCTL code: set an OID value. | |
| #define | BIOCQUERYOID2147483652 |
| IOCTL code: get an OID value. | |
| #define | BIOCSETDUMPFILENAME9029 |
| IOCTL code: set the name of a the file used by kernel dump mode. | |
| #define | BIOCGEVNAME7415 |
| IOCTL code: get the name of the event that the driver signals when some data is present in the buffer. | |
| #define | BIOCSENDPACKETSNOSYNC9032 |
| IOCTL code: Send a buffer containing multiple packets to the network, ignoring the timestamps. | |
| #define | BIOCSENDPACKETSSYNC9033 |
| IOCTL code: Send a buffer containing multiple packets to the network, considering the timestamps. | |
| #define | BIOCSETDUMPLIMITS9034 |
| IOCTL code: Set the dump file limits. | |
| #define | BIOCISDUMPENDED7411 |
| IOCTL code: Get the status of the kernel dump process. | |
| #define | BIOCISETLOBBEH7410 |
| IOCTL code: set the loopback behavior. | |
| #define | BIOCSETEVENTHANDLE7920 |
| This IOCTL passes the read event HANDLE allocated by the user (packet.dll) to kernel level. | |
| #define | MODE_CAPT0x0 |
| Capture working mode. | |
| #define | MODE_STAT0x1 |
| Statistical working mode. | |
| #define | MODE_MON0x2 |
| Kernel monitoring mode. | |
| #define | MODE_DUMP0x10 |
| Kernel dump working mode. | |
| #define | IMMEDIATE1 |
| Immediate timeout. Forces a read call to return immediately. | |
| #define | NDIS_FLAGS_SKIP_LOOPBACK_W2K0x400 |
| This is an undocumented flag for NdisSetPacketFlags() that allows to disable loopback reception. | |
| #define | TCPDUMP_MAGIC0xa1b2c3d4 |
| Libpcap magic number. Used by programs like tcpdump to recognize a driver's generated dump file. | |
| #define | PCAP_VERSION_MAJOR2 |
| Major libpcap version of the dump file. Used by programs like tcpdump to recognize a driver's generated dump file. | |
| #define | PCAP_VERSION_MINOR4 |
| Minor libpcap version of the dump file. Used by programs like tcpdump to recognize a driver's generated dump file. | |
| #define | NPF_DISABLE_LOOPBACK1 |
| Tells the driver to drop the packets sent by itself. This is usefult when building applications like bridges. | |
| #define | NPF_ENABLE_LOOPBACK2 |
| Tells the driver to capture the packets sent by itself. | |
| #define | RESERVED(_p)((PPACKET_RESERVED)((_p)->ProtocolReserved)) |
| Macro to obtain a NDIS_PACKET from a PACKET_RESERVED. | |
| #define | TRANSMIT_PACKETS256 |
| of packets that can be transmitted at the same time or with a single call to NdisSendPackets. | |
| #define | EXIT_SUCCESS(quantity) |
| Macro used in the I/O routines to return the control to user-mode with a success status. | |
| #define | EXIT_FAILURE(quantity) |
| Macro used in the I/O routines to return the control to user-mode with a failure status. | |
自定义类型 | |
| typedef _INTERNAL_REQUEST | INTERNAL_REQUEST |
| Stores an OID request. | |
| typedef _INTERNAL_REQUEST * | PINTERNAL_REQUEST |
| Stores an OID request. | |
| typedef _PACKET_RESERVED | PACKET_RESERVED |
| Contains a NDIS packet. | |
| typedef _PACKET_RESERVED * | PPACKET_RESERVED |
| Contains a NDIS packet. | |
| typedef _DEVICE_EXTENSION | DEVICE_EXTENSION |
| Port device extension. | |
| typedef _DEVICE_EXTENSION * | PDEVICE_EXTENSION |
| Port device extension. | |
| typedef __CPU_Private_Data | CpuPrivateData |
| Kernel buffer of each CPU. | |
| typedef _OPEN_INSTANCE | OPEN_INSTANCE |
| Contains the state of a running instance of the NPF driver. | |
| typedef _OPEN_INSTANCE * | POPEN_INSTANCE |
| Contains the state of a running instance of the NPF driver. | |
枚举 | |
| enum | ADAPTER_BINDING_STATUS { ADAPTER_UNBOUND, ADAPTER_BOUND, ADAPTER_UNBINDING } |
变量 | |
| ULONG | NCpu |