WinPcap: Packet.h Source File
优质
小牛编辑
124浏览
2023-12-01
Go to the documentation of this file.
00001 /*
00002 * Copyright (c) 1999 - 2005 NetGroup, Politecnico di Torino (Italy)
00003 * Copyright (c) 2005 - 2006 CACE Technologies, Davis (California)
00004 * All rights reserved.
00005 *
00006 * Redistribution and use in source and binary forms, with or without
00007 * modification, are permitted provided that the following conditions
00008 * are met:
00009 *
00010 * 1. Redistributions of source code must retain the above copyright
00011 * notice, this list of conditions and the following disclaimer.
00012 * 2. Redistributions in binary form must reproduce the above copyright
00013 * notice, this list of conditions and the following disclaimer in the
00014 * documentation and/or other materials provided with the distribution.
00015 * 3. Neither the name of the Politecnico di Torino, CACE Technologies
00016 * nor the names of its contributors may be used to endorse or promote
00017 * products derived from this software without specific prior written
00018 * permission.
00019 *
00020 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
00021 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
00022 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
00023 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
00024 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
00025 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
00026 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
00027 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
00028 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
00029 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
00030 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
00031 *
00032 */
00033
00042 #ifndef __PACKET_INCLUDE______
00043 #define __PACKET_INCLUDE______
00044
00045 #ifdef __NPF_x86__
00046 #define NTKERNEL
00047 #include "jitter.h"
00048 #endif
00049
00050 //
00051 // Needed to disable a warning due to the #pragma prefast directives,
00052 // that are ignored by the normal DDK compiler
00053 //
00054 #ifndef _PREFAST_
00055 #pragma warning(disable:4068)
00056 #endif
00057
00058 #include "win_bpf.h"
00059
00060 #define MAX_REQUESTS 32
00061
00062 #define Packet_ALIGNMENT sizeof(int)
00063 #define Packet_WORDALIGN(x) (((x)+(Packet_ALIGNMENT-1))&~(Packet_ALIGNMENT-1))
00064
00065
00066 #define KERNEL_EVENT_NAMESPACE L"\BaseNamedObjects\"
00067
00068 /***************************/
00069 /* IOCTLs */
00070 /***************************/
00071
00080 #define BIOCSETBUFFERSIZE 9592
00081
00092 #define BIOCSETF 9030
00093
00100 #define BIOCGSTATS 9031
00101
00107 #define BIOCSRTIMEOUT 7416
00108
00116 #define BIOCSMODE 7412
00117
00124 #define BIOCSWRITEREP 7413
00125
00131 #define BIOCSMINTOCOPY 7414
00132
00138 #define BIOCSETOID 2147483648
00139
00145 #define BIOCQUERYOID 2147483652
00146
00154 #define BIOCSETDUMPFILENAME 9029
00155
00162 #define BIOCGEVNAME 7415
00163
00171 #define BIOCSENDPACKETSNOSYNC 9032
00172
00181 #define BIOCSENDPACKETSSYNC 9033
00182
00189 #define BIOCSETDUMPLIMITS 9034
00190
00197 #define BIOCISDUMPENDED 7411
00198
00204 #define BIOCISETLOBBEH 7410
00205
00215 #define BIOCSETEVENTHANDLE 7920
00216
00217 // Working modes
00218 #define MODE_CAPT 0x0
00219 #define MODE_STAT 0x1
00220 #define MODE_MON 0x2
00221 #define MODE_DUMP 0x10
00222
00223
00224 #define IMMEDIATE 1
00225
00226 #define NDIS_FLAGS_SKIP_LOOPBACK_W2K 0x400
00227
00228 // The following definitions are used to provide compatibility
00229 // of the dump files with the ones of libpcap
00230 #define TCPDUMP_MAGIC 0xa1b2c3d4
00231 #define PCAP_VERSION_MAJOR 2
00232 #define PCAP_VERSION_MINOR 4
00233
00234 // Loopback behaviour definitions
00235 #define NPF_DISABLE_LOOPBACK 1
00236 #define NPF_ENABLE_LOOPBACK 2
00237
00238
00243 struct packet_file_header
00244 {
00245 UINT magic;
00246 USHORT version_major;
00247 USHORT version_minor;
00248 UINT thiszone;
00249 UINT sigfigs;
00250 UINT snaplen;
00251 UINT linktype;
00252 };
00253
00258 struct sf_pkthdr {
00259 struct timeval ts;
00260 UINT caplen;
00261
00262
00263 UINT len;
00264 };
00265
00275 typedef struct _INTERNAL_REQUEST {
00276 LIST_ENTRY ListElement;
00277 // PIRP Irp; ///< Irp that performed the request
00278 // BOOLEAN Internal; ///< True if the request is for internal use of npf.sys. False if the request is performed by the user through an IOCTL.
00279 NDIS_EVENT InternalRequestCompletedEvent;
00280 NDIS_REQUEST Request;
00281 NDIS_STATUS RequestStatus;
00282
00283 } INTERNAL_REQUEST, *PINTERNAL_REQUEST;
00284
00292 typedef struct _PACKET_RESERVED {
00293 LIST_ENTRY ListElement;
00294 PIRP Irp;
00295 PMDL pMdl;
00296 BOOLEAN FreeBufAfterWrite;
00297
00298 ULONG Cpu;
00299 } PACKET_RESERVED, *PPACKET_RESERVED;
00300
00301 #define RESERVED(_p) ((PPACKET_RESERVED)((_p)->ProtocolReserved))
00302
00303
00308 typedef struct _DEVICE_EXTENSION {
00309 NDIS_HANDLE NdisProtocolHandle;
00310 NDIS_STRING AdapterName;
00311 PWSTR ExportString;
00312
00313 } DEVICE_EXTENSION, *PDEVICE_EXTENSION;
00314
00320 typedef struct __CPU_Private_Data
00321 {
00322 ULONG P;
00323 ULONG C;
00324 ULONG Free;
00325 PUCHAR Buffer;
00326 ULONG Accepted;
00327
00328
00329
00330 ULONG Received;
00331
00332
00333
00334 ULONG Dropped;
00335
00336
00337
00338 NDIS_SPIN_LOCK BufferLock;
00339 PMDL TransferMdl1;
00340 PMDL TransferMdl2;
00341 ULONG NewP;
00342 }
00343 CpuPrivateData;
00344
00345
00353 typedef struct _OPEN_INSTANCE
00354 {
00355 PDEVICE_EXTENSION DeviceExtension;
00356
00357 NDIS_HANDLE AdapterHandle;
00358 UINT Medium;
00359
00360 NDIS_HANDLE PacketPool;
00361 KSPIN_LOCK RequestSpinLock;
00362 LIST_ENTRY RequestList;
00363 LIST_ENTRY ResetIrpList;
00364 INTERNAL_REQUEST Requests[MAX_REQUESTS];
00365 PMDL BufferMdl;
00366 PKEVENT ReadEvent;
00367 PUCHAR bpfprogram;
00368
00369
00370
00371
00372 #ifdef __NPF_x86__
00373 JIT_BPF_Filter *Filter;
00374
00375 #endif
00376 UINT MinToCopy;
00377
00378 LARGE_INTEGER TimeOut;
00379
00380
00381 int mode;
00382 LARGE_INTEGER Nbytes;
00383 LARGE_INTEGER Npackets;
00384 NDIS_SPIN_LOCK CountersLock;
00385 UINT Nwrites;
00386
00387 ULONG Multiple_Write_Counter;
00388 NDIS_EVENT WriteEvent;
00389 BOOLEAN WriteInProgress;
00390
00391 NDIS_SPIN_LOCK WriteLock;
00392 NDIS_EVENT NdisRequestEvent;
00393 BOOLEAN SkipSentPackets;
00394 NDIS_STATUS IOStatus;
00395 HANDLE DumpFileHandle;
00396 PFILE_OBJECT DumpFileObject;
00397 PKTHREAD DumpThreadObject;
00398 HANDLE DumpThreadHandle;
00399 NDIS_EVENT DumpEvent;
00400 LARGE_INTEGER DumpOffset;
00401 UNICODE_STRING DumpFileName;
00402 UINT MaxDumpBytes;
00403
00404 UINT MaxDumpPacks;
00405
00406
00407 BOOLEAN DumpLimitReached;
00408
00409 MEM_TYPE mem_ex;
00410 TME_CORE tme;
00411 NDIS_SPIN_LOCK MachineLock;
00412 UINT MaxFrameSize;
00413
00414 CpuPrivateData CpuData[32];
00415 ULONG ReaderSN;
00416 ULONG WriterSN;
00417
00418 ULONG Size;
00419 ULONG AdapterHandleUsageCounter;
00420 NDIS_SPIN_LOCK AdapterHandleLock;
00421 ULONG AdapterBindingStatus;
00422
00423 NDIS_EVENT NdisOpenCloseCompleteEvent;
00424 NDIS_EVENT NdisWriteCompleteEvent;
00425 NTSTATUS OpenCloseStatus;
00426 ULONG TransmitPendingPackets;
00427 }
00428 OPEN_INSTANCE, *POPEN_INSTANCE;
00429
00430 enum ADAPTER_BINDING_STATUS
00431 {
00432 ADAPTER_UNBOUND,
00433 ADAPTER_BOUND,
00434 ADAPTER_UNBINDING,
00435 };
00436
00444 struct PacketHeader
00445 {
00446 ULONG SN;
00447 struct bpf_hdr header;
00448 };
00449
00450 extern ULONG NCpu;
00451
00452
00453 #define TRANSMIT_PACKETS 256
00454
00455
00456
00458 #define EXIT_SUCCESS(quantity) Irp->IoStatus.Information=quantity;
00459 Irp->IoStatus.Status = STATUS_SUCCESS;
00460 IoCompleteRequest(Irp, IO_NO_INCREMENT);
00461 return STATUS_SUCCESS;
00462
00464 #define EXIT_FAILURE(quantity) Irp->IoStatus.Information=quantity;
00465 Irp->IoStatus.Status = STATUS_UNSUCCESSFUL;
00466 IoCompleteRequest(Irp, IO_NO_INCREMENT);
00467 return STATUS_UNSUCCESSFUL;
00468
00469
00474 /***************************/
00475 /* Prototypes */
00476 /***************************/
00477
00494 NTSTATUS
00495 DriverEntry(
00496 IN PDRIVER_OBJECT DriverObject,
00497 IN PUNICODE_STRING RegistryPath
00498 );
00499
00509 PWCHAR getAdaptersList(VOID);
00510
00517 PKEY_VALUE_PARTIAL_INFORMATION getTcpBindings(VOID);
00518
00530 BOOLEAN createDevice(
00531 IN OUT PDRIVER_OBJECT adriverObjectP,
00532 IN PUNICODE_STRING amacNameP,
00533 NDIS_HANDLE aProtoHandle);
00534
00546 NTSTATUS
00547 NPF_Open(
00548 IN PDEVICE_OBJECT DeviceObject,
00549 IN PIRP Irp
00550 );
00551
00561 VOID
00562 NPF_OpenAdapterComplete(
00563 IN NDIS_HANDLE ProtocolBindingContext,
00564 IN NDIS_STATUS Status,
00565 IN NDIS_STATUS OpenErrorStatus
00566 );
00567
00578 NTSTATUS
00579 NPF_Cleanup(
00580 IN PDEVICE_OBJECT DeviceObject,
00581 IN PIRP Irp
00582 );
00583
00584 NTSTATUS
00585 NPF_Close(
00586 IN PDEVICE_OBJECT DeviceObject,
00587 IN PIRP Irp
00588 );
00589
00590
00591
00600 VOID
00601 NPF_CloseAdapterComplete(
00602 IN NDIS_HANDLE ProtocolBindingContext,
00603 IN NDIS_STATUS Status
00604 );
00605
00628 NDIS_STATUS
00629 NPF_tap(
00630 IN NDIS_HANDLE ProtocolBindingContext,
00631 IN NDIS_HANDLE MacReceiveContext,
00632 IN PVOID HeaderBuffer,
00633 IN UINT HeaderBufferSize,
00634 IN PVOID LookAheadBuffer,
00635 IN UINT LookaheadBufferSize,
00636 IN UINT PacketSize
00637 );
00638
00649 VOID
00650 NPF_TransferDataComplete(
00651 IN NDIS_HANDLE ProtocolBindingContext,
00652 IN PNDIS_PACKET Packet,
00653 IN NDIS_STATUS Status,
00654 IN UINT BytesTransferred
00655 );
00656
00663 VOID
00664 NPF_ReceiveComplete(IN NDIS_HANDLE ProtocolBindingContext);
00665
00689 NTSTATUS
00690 NPF_IoControl(
00691 IN PDEVICE_OBJECT DeviceObject,
00692 IN PIRP Irp
00693 );
00694
00695 VOID
00696
00706 NPF_RequestComplete(
00707 IN NDIS_HANDLE ProtocolBindingContext,
00708 IN PNDIS_REQUEST pRequest,
00709 IN NDIS_STATUS Status
00710 );
00711
00724 NTSTATUS
00725 NPF_Write(
00726 IN PDEVICE_OBJECT DeviceObject,
00727 IN PIRP Irp
00728 );
00729
00730
00750 INT NPF_BufferedWrite(IN PIRP Irp,
00751 IN PCHAR UserBuff,
00752 IN ULONG UserBuffSize,
00753 BOOLEAN sync);
00754
00762 VOID NPF_WaitEndOfBufferedWrite(POPEN_INSTANCE Open);
00763
00773 VOID
00774 NPF_SendComplete(
00775 IN NDIS_HANDLE ProtocolBindingContext,
00776 IN PNDIS_PACKET pPacket,
00777 IN NDIS_STATUS Status
00778 );
00779
00789 VOID
00790 NPF_ResetComplete(
00791 IN NDIS_HANDLE ProtocolBindingContext,
00792 IN NDIS_STATUS Status
00793 );
00794
00798 VOID
00799 NPF_Status(
00800 IN NDIS_HANDLE ProtocolBindingContext,
00801 IN NDIS_STATUS Status,
00802 IN PVOID StatusBuffer,
00803 IN UINT StatusBufferSize
00804 );
00805
00806
00810 VOID
00811 NPF_StatusComplete(IN NDIS_HANDLE ProtocolBindingContext);
00812
00821 VOID
00822 NPF_Unload(IN PDRIVER_OBJECT DriverObject);
00823
00824
00843 NTSTATUS
00844 NPF_Read(
00845 IN PDEVICE_OBJECT DeviceObject,
00846 IN PIRP Irp
00847 );
00848
00854 NTSTATUS
00855 NPF_ReadRegistry(
00856 IN PWSTR *MacDriverName,
00857 IN PWSTR *PacketDriverName,
00858 IN PUNICODE_STRING RegistryPath
00859 );
00860
00867 NTSTATUS
00868 NPF_QueryRegistryRoutine(
00869 IN PWSTR ValueName,
00870 IN ULONG ValueType,
00871 IN PVOID ValueData,
00872 IN ULONG ValueLength,
00873 IN PVOID Context,
00874 IN PVOID EntryContext
00875 );
00876
00882 VOID NPF_BindAdapter(
00883 OUT PNDIS_STATUS Status,
00884 IN NDIS_HANDLE BindContext,
00885 IN PNDIS_STRING DeviceName,
00886 IN PVOID SystemSpecific1,
00887 IN PVOID SystemSpecific2
00888 );
00889
00901 VOID
00902 NPF_UnbindAdapter(
00903 OUT PNDIS_STATUS Status,
00904 IN NDIS_HANDLE ProtocolBindingContext,
00905 IN NDIS_HANDLE UnbindContext
00906 );
00907
00908
00916 NTSTATUS NPF_OpenDumpFile(POPEN_INSTANCE Open , PUNICODE_STRING fileName, BOOLEAN append);
00917
00926 NTSTATUS NPF_StartDump(POPEN_INSTANCE Open);
00927
00935 VOID NPF_DumpThread(PVOID Open);
00936
00943 NTSTATUS NPF_SaveCurrentBuffer(POPEN_INSTANCE Open);
00944
00957 VOID NPF_WriteDumpFile(PFILE_OBJECT FileObject,
00958 PLARGE_INTEGER Offset,
00959 ULONG Length,
00960 PMDL Mdl,
00961 PIO_STATUS_BLOCK IoStatusBlock);
00962
00963
00964
00970 NTSTATUS NPF_CloseDumpFile(POPEN_INSTANCE Open);
00971
00972 VOID
00973 NPF_CloseOpenInstance(POPEN_INSTANCE pOpen);
00974
00975 BOOLEAN
00976 NPF_StartUsingBinding(
00977 IN POPEN_INSTANCE pOpen);
00978
00979 VOID
00980 NPF_StopUsingBinding(
00981 IN POPEN_INSTANCE pOpen);
00982
00983 VOID
00984 NPF_CloseBinding(
00985 IN POPEN_INSTANCE pOpen);
00986
00987 NTSTATUS
00988 NPF_GetDeviceMTU(
00989 IN POPEN_INSTANCE pOpen,
00990 IN PIRP pIrp,
00991 OUT PUINT pMtu);
00992
00997 UINT GetBuffOccupation(POPEN_INSTANCE Open);
00998
01010 #ifdef NDIS50
01011 NDIS_STATUS NPF_PowerChange(IN NDIS_HANDLE ProtocolBindingContext, IN PNET_PNP_EVENT pNetPnPEvent);
01012 #endif
01013
01014 //
01015 // Old registry based WinPcap names
01016 //
01018 // brief Helper function to query a value from the global WinPcap registry key
01019 //*/
01020 //VOID NPF_QueryWinpcapRegistryString(PWSTR SubKeyName,
01021 // WCHAR *Value,
01022 // UINT ValueLen,
01023 // WCHAR *DefaultValue);
01024 //
01025
01026
01035 #endif /*main ifndef/define*/