WinPcap: Packet.h File Reference

优质

小牛编辑

130浏览

2023-12-01

#include "win_bpf.h"

Go to the source code of this file.


Data Structures
struct	packet_file_header
	Header of a libpcap dump file. More...
struct	sf_pkthdr
	Header associated to a packet in the driver's buffer when the driver is in dump mode. Similar to the bpf_hdr structure, but simpler. More...
struct	_INTERNAL_REQUEST
	Stores an OID request. More...
struct	_PACKET_RESERVED
	Contains a NDIS packet. More...
struct	_DEVICE_EXTENSION
	Port device extension. More...
struct	__CPU_Private_Data
	Kernel buffer of each CPU. More...
struct	_OPEN_INSTANCE
	Contains the state of a running instance of the NPF driver. More...
struct	PacketHeader
	Structure prepended to each packet in the kernel buffer pool. More...
Defines
#define	MAX_REQUESTS32
	Maximum number of simultaneous IOCTL requests.
#define	Packet_ALIGNMENTsizeof(int)
	Alignment macro. Defines the alignment size.
#define	Packet_WORDALIGN(x)(((x)+(Packet_ALIGNMENT-1))&~(Packet_ALIGNMENT-1))
	even multiple of Packet_ALIGNMENT.
#define	KERNEL_EVENT_NAMESPACEL"\BaseNamedObjects\"
#define	BIOCSETBUFFERSIZE9592
	IOCTL code: set kernel buffer size.
#define	BIOCSETF9030
	IOCTL code: set packet filtering program.
#define	BIOCGSTATS9031
	IOCTL code: get the capture stats.
#define	BIOCSRTIMEOUT7416
	IOCTL code: set the read timeout.
#define	BIOCSMODE7412
	IOCTL code: set working mode.
#define	BIOCSWRITEREP7413
	IOCTL code: set number of physical repetions of every packet written by the app.
#define	BIOCSMINTOCOPY7414
	IOCTL code: set minimum amount of data in the kernel buffer that unlocks a read call.
#define	BIOCSETOID2147483648
	IOCTL code: set an OID value.
#define	BIOCQUERYOID2147483652
	IOCTL code: get an OID value.
#define	BIOCSETDUMPFILENAME9029
	IOCTL code: set the name of a the file used by kernel dump mode.
#define	BIOCGEVNAME7415
	IOCTL code: get the name of the event that the driver signals when some data is present in the buffer.
#define	BIOCSENDPACKETSNOSYNC9032
	IOCTL code: Send a buffer containing multiple packets to the network, ignoring the timestamps.
#define	BIOCSENDPACKETSSYNC9033
	IOCTL code: Send a buffer containing multiple packets to the network, considering the timestamps.
#define	BIOCSETDUMPLIMITS9034
	IOCTL code: Set the dump file limits.
#define	BIOCISDUMPENDED7411
	IOCTL code: Get the status of the kernel dump process.
#define	BIOCISETLOBBEH7410
	IOCTL code: set the loopback behavior.
#define	BIOCSETEVENTHANDLE7920
	This IOCTL passes the read event HANDLE allocated by the user (packet.dll) to kernel level.
#define	MODE_CAPT0x0
	Capture working mode.
#define	MODE_STAT0x1
	Statistical working mode.
#define	MODE_MON0x2
	Kernel monitoring mode.
#define	MODE_DUMP0x10
	Kernel dump working mode.
#define	IMMEDIATE1
	Immediate timeout. Forces a read call to return immediately.
#define	NDIS_FLAGS_SKIP_LOOPBACK_W2K0x400
	This is an undocumented flag for NdisSetPacketFlags() that allows to disable loopback reception.
#define	TCPDUMP_MAGIC0xa1b2c3d4
	Libpcap magic number. Used by programs like tcpdump to recognize a driver's generated dump file.
#define	PCAP_VERSION_MAJOR2
	Major libpcap version of the dump file. Used by programs like tcpdump to recognize a driver's generated dump file.
#define	PCAP_VERSION_MINOR4
	Minor libpcap version of the dump file. Used by programs like tcpdump to recognize a driver's generated dump file.
#define	NPF_DISABLE_LOOPBACK1
	Tells the driver to drop the packets sent by itself. This is usefult when building applications like bridges.
#define	NPF_ENABLE_LOOPBACK2
	Tells the driver to capture the packets sent by itself.
#define	RESERVED(_p)((PPACKET_RESERVED)((_p)->ProtocolReserved))
	Macro to obtain a NDIS_PACKET from a PACKET_RESERVED.
#define	TRANSMIT_PACKETS256
	of packets that can be transmitted at the same time or with a single call to NdisSendPackets.
#define	EXIT_SUCCESS(quantity)
	Macro used in the I/O routines to return the control to user-mode with a success status.
#define	EXIT_FAILURE(quantity)
	Macro used in the I/O routines to return the control to user-mode with a failure status.
Typedefs
typedef _INTERNAL_REQUEST	INTERNAL_REQUEST
	Stores an OID request.
typedef _INTERNAL_REQUEST *	PINTERNAL_REQUEST
	Stores an OID request.
typedef _PACKET_RESERVED	PACKET_RESERVED
	Contains a NDIS packet.
typedef _PACKET_RESERVED *	PPACKET_RESERVED
	Contains a NDIS packet.
typedef _DEVICE_EXTENSION	DEVICE_EXTENSION
	Port device extension.
typedef _DEVICE_EXTENSION *	PDEVICE_EXTENSION
	Port device extension.
typedef __CPU_Private_Data	CpuPrivateData
	Kernel buffer of each CPU.
typedef _OPEN_INSTANCE	OPEN_INSTANCE
	Contains the state of a running instance of the NPF driver.
typedef _OPEN_INSTANCE *	POPEN_INSTANCE
	Contains the state of a running instance of the NPF driver.
Enumerations
enum	ADAPTER_BINDING_STATUS { ADAPTER_UNBOUND, ADAPTER_BOUND, ADAPTER_UNBINDING }
Functions
NTSTATUS	DriverEntry (IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath)
	The initialization routine of the driver.
PWCHAR	getAdaptersList (VOID)
	Returns the list of the MACs available on the system.
PKEY_VALUE_PARTIAL_INFORMATION	getTcpBindings (VOID)
	Returns the MACs that bind to TCP/IP.
BOOLEAN	createDevice (IN OUT PDRIVER_OBJECT adriverObjectP, IN PUNICODE_STRING amacNameP, NDIS_HANDLE aProtoHandle)
	Creates a device for a given MAC.
NTSTATUS	NPF_Open (IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp)
	Opens a new instance of the driver.
VOID	NPF_OpenAdapterComplete (IN NDIS_HANDLE ProtocolBindingContext, IN NDIS_STATUS Status, IN NDIS_STATUS OpenErrorStatus)
	Ends the opening of an adapter.
NTSTATUS	NPF_Cleanup (IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp)
	Closes an instance of the driver.
NTSTATUS	NPF_Close (IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp)
VOID	NPF_CloseAdapterComplete (IN NDIS_HANDLE ProtocolBindingContext, IN NDIS_STATUS Status)
	Ends the closing of an adapter.
NDIS_STATUS	NPF_tap (IN NDIS_HANDLE ProtocolBindingContext, IN NDIS_HANDLE MacReceiveContext, IN PVOID HeaderBuffer, IN UINT HeaderBufferSize, IN PVOID LookAheadBuffer, IN UINT LookaheadBufferSize, IN UINT PacketSize)
	Callback invoked by NDIS when a packet arrives from the network.
VOID	NPF_TransferDataComplete (IN NDIS_HANDLE ProtocolBindingContext, IN PNDIS_PACKET Packet, IN NDIS_STATUS Status, IN UINT BytesTransferred)
	Ends the transfer of a packet.
VOID	NPF_ReceiveComplete (IN NDIS_HANDLE ProtocolBindingContext)
	Callback function that signals the end of a packet reception.
NTSTATUS	NPF_IoControl (IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp)
	Handles the IOCTL calls.
VOID	NPF_RequestComplete (IN NDIS_HANDLE ProtocolBindingContext, IN PNDIS_REQUEST pRequest, IN NDIS_STATUS Status)
	Ends an OID request.
NTSTATUS	NPF_Write (IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp)
	Writes a raw packet to the network.
INT	NPF_BufferedWrite (IN PIRP Irp, IN PCHAR UserBuff, IN ULONG UserBuffSize, BOOLEAN sync)
	Writes a buffer of raw packets to the network.
VOID	NPF_WaitEndOfBufferedWrite (POPEN_INSTANCE Open)
	Waits the completion of all the sends performed by NPF_BufferedWrite.
VOID	NPF_SendComplete (IN NDIS_HANDLE ProtocolBindingContext, IN PNDIS_PACKET pPacket, IN NDIS_STATUS Status)
	Ends a send operation.
VOID	NPF_ResetComplete (IN NDIS_HANDLE ProtocolBindingContext, IN NDIS_STATUS Status)
	Ends a reset of the adapter.
VOID	NPF_Status (IN NDIS_HANDLE ProtocolBindingContext, IN NDIS_STATUS Status, IN PVOID StatusBuffer, IN UINT StatusBufferSize)
	Callback for NDIS StatusHandler. Not used by NPF.
VOID	NPF_StatusComplete (IN NDIS_HANDLE ProtocolBindingContext)
	Callback for NDIS StatusCompleteHandler. Not used by NPF.
VOID	NPF_Unload (IN PDRIVER_OBJECT DriverObject)
	Function called by the OS when NPF is unloaded.
NTSTATUS	NPF_Read (IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp)
	Function that serves the user's reads.
NTSTATUS	NPF_ReadRegistry (IN PWSTR MacDriverName, IN PWSTR PacketDriverName, IN PUNICODE_STRING RegistryPath)
	Reads the registry keys associated woth NPF if the driver is manually installed via the control panel.
NTSTATUS	NPF_QueryRegistryRoutine (IN PWSTR ValueName, IN ULONG ValueType, IN PVOID ValueData, IN ULONG ValueLength, IN PVOID Context, IN PVOID EntryContext)
	Function used by NPF_ReadRegistry() to quesry the registry keys associated woth NPF if the driver is manually installed via the control panel.
VOID	NPF_BindAdapter (OUT PNDIS_STATUS Status, IN NDIS_HANDLE BindContext, IN PNDIS_STRING DeviceName, IN PVOID SystemSpecific1, IN PVOID SystemSpecific2)
	Callback for NDIS BindAdapterHandler. Not used by NPF.
VOID	NPF_UnbindAdapter (OUT PNDIS_STATUS Status, IN NDIS_HANDLE ProtocolBindingContext, IN NDIS_HANDLE UnbindContext)
	Callback for NDIS UnbindAdapterHandler.
NTSTATUS	NPF_OpenDumpFile (POPEN_INSTANCE Open, PUNICODE_STRING fileName, BOOLEAN append)
	Creates the file that will receive the packets when the driver is in dump mode.
NTSTATUS	NPF_StartDump (POPEN_INSTANCE Open)
	Starts dump to file.
VOID	NPF_DumpThread (PVOID Open)
	The dump thread.
NTSTATUS	NPF_SaveCurrentBuffer (POPEN_INSTANCE Open)
	Saves the content of the packet buffer to the file associated with current instance.
VOID	NPF_WriteDumpFile (PFILE_OBJECT FileObject, PLARGE_INTEGER Offset, ULONG Length, PMDL Mdl, PIO_STATUS_BLOCK IoStatusBlock)
	Writes a block of packets on the dump file.
NTSTATUS	NPF_CloseDumpFile (POPEN_INSTANCE Open)
	Closes the dump file associated with an instance of the driver.
VOID	NPF_CloseOpenInstance (POPEN_INSTANCE pOpen)
BOOLEAN	NPF_StartUsingBinding (IN POPEN_INSTANCE pOpen)
VOID	NPF_StopUsingBinding (IN POPEN_INSTANCE pOpen)
VOID	NPF_CloseBinding (IN POPEN_INSTANCE pOpen)
NTSTATUS	NPF_GetDeviceMTU (IN POPEN_INSTANCE pOpen, IN PIRP pIrp, OUT PUINT pMtu)
UINT	GetBuffOccupation (POPEN_INSTANCE Open)
	Returns the amount of bytes present in the packet buffer.
Variables
ULONG	NCpu

WinPcap: Packet.h File Reference

Data Structures

Defines

Typedefs

Enumerations

Functions

Variables