WinPcap: Packet.h Source File
优质
小牛编辑
139浏览
2023-12-01
Go to the documentation of this file.
00001 /* 00002 * Copyright (c) 1999 - 2005 NetGroup, Politecnico di Torino (Italy) 00003 * Copyright (c) 2005 - 2006 CACE Technologies, Davis (California) 00004 * All rights reserved. 00005 * 00006 * Redistribution and use in source and binary forms, with or without 00007 * modification, are permitted provided that the following conditions 00008 * are met: 00009 * 00010 * 1. Redistributions of source code must retain the above copyright 00011 * notice, this list of conditions and the following disclaimer. 00012 * 2. Redistributions in binary form must reproduce the above copyright 00013 * notice, this list of conditions and the following disclaimer in the 00014 * documentation and/or other materials provided with the distribution. 00015 * 3. Neither the name of the Politecnico di Torino, CACE Technologies 00016 * nor the names of its contributors may be used to endorse or promote 00017 * products derived from this software without specific prior written 00018 * permission. 00019 * 00020 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 00021 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 00022 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 00023 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 00024 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 00025 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 00026 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 00027 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 00028 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 00029 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 00030 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 00031 * 00032 */ 00033 00042 #ifndef __PACKET_INCLUDE______ 00043 #define __PACKET_INCLUDE______ 00044 00045 #ifdef __NPF_x86__ 00046 #define NTKERNEL 00047 #include "jitter.h" 00048 #endif 00049 00050 // 00051 // Needed to disable a warning due to the #pragma prefast directives, 00052 // that are ignored by the normal DDK compiler 00053 // 00054 #ifndef _PREFAST_ 00055 #pragma warning(disable:4068) 00056 #endif 00057 00058 #include "win_bpf.h" 00059 00060 #define MAX_REQUESTS 32 00061 00062 #define Packet_ALIGNMENT sizeof(int) 00063 #define Packet_WORDALIGN(x) (((x)+(Packet_ALIGNMENT-1))&~(Packet_ALIGNMENT-1)) 00064 00065 00066 #define KERNEL_EVENT_NAMESPACE L"\BaseNamedObjects\" 00067 00068 /***************************/ 00069 /* IOCTLs */ 00070 /***************************/ 00071 00080 #define BIOCSETBUFFERSIZE 9592 00081 00092 #define BIOCSETF 9030 00093 00100 #define BIOCGSTATS 9031 00101 00107 #define BIOCSRTIMEOUT 7416 00108 00116 #define BIOCSMODE 7412 00117 00124 #define BIOCSWRITEREP 7413 00125 00131 #define BIOCSMINTOCOPY 7414 00132 00138 #define BIOCSETOID 2147483648 00139 00145 #define BIOCQUERYOID 2147483652 00146 00154 #define BIOCSETDUMPFILENAME 9029 00155 00162 #define BIOCGEVNAME 7415 00163 00171 #define BIOCSENDPACKETSNOSYNC 9032 00172 00181 #define BIOCSENDPACKETSSYNC 9033 00182 00189 #define BIOCSETDUMPLIMITS 9034 00190 00197 #define BIOCISDUMPENDED 7411 00198 00204 #define BIOCISETLOBBEH 7410 00205 00215 #define BIOCSETEVENTHANDLE 7920 00216 00217 // Working modes 00218 #define MODE_CAPT 0x0 00219 #define MODE_STAT 0x1 00220 #define MODE_MON 0x2 00221 #define MODE_DUMP 0x10 00222 00223 00224 #define IMMEDIATE 1 00225 00226 #define NDIS_FLAGS_SKIP_LOOPBACK_W2K 0x400 00227 00228 // The following definitions are used to provide compatibility 00229 // of the dump files with the ones of libpcap 00230 #define TCPDUMP_MAGIC 0xa1b2c3d4 00231 #define PCAP_VERSION_MAJOR 2 00232 #define PCAP_VERSION_MINOR 4 00233 00234 // Loopback behaviour definitions 00235 #define NPF_DISABLE_LOOPBACK 1 00236 #define NPF_ENABLE_LOOPBACK 2 00237 00238 00243 struct packet_file_header 00244 { 00245 UINT magic; 00246 USHORT version_major; 00247 USHORT version_minor; 00248 UINT thiszone; 00249 UINT sigfigs; 00250 UINT snaplen; 00251 UINT linktype; 00252 }; 00253 00258 struct sf_pkthdr { 00259 struct timeval ts; 00260 UINT caplen; 00261 00262 00263 UINT len; 00264 }; 00265 00275 typedef struct _INTERNAL_REQUEST { 00276 LIST_ENTRY ListElement; 00277 // PIRP Irp; ///< Irp that performed the request 00278 // BOOLEAN Internal; ///< True if the request is for internal use of npf.sys. False if the request is performed by the user through an IOCTL. 00279 NDIS_EVENT InternalRequestCompletedEvent; 00280 NDIS_REQUEST Request; 00281 NDIS_STATUS RequestStatus; 00282 00283 } INTERNAL_REQUEST, *PINTERNAL_REQUEST; 00284 00292 typedef struct _PACKET_RESERVED { 00293 LIST_ENTRY ListElement; 00294 PIRP Irp; 00295 PMDL pMdl; 00296 BOOLEAN FreeBufAfterWrite; 00297 00298 ULONG Cpu; 00299 } PACKET_RESERVED, *PPACKET_RESERVED; 00300 00301 #define RESERVED(_p) ((PPACKET_RESERVED)((_p)->ProtocolReserved)) 00302 00303 00308 typedef struct _DEVICE_EXTENSION { 00309 NDIS_HANDLE NdisProtocolHandle; 00310 NDIS_STRING AdapterName; 00311 PWSTR ExportString; 00312 00313 } DEVICE_EXTENSION, *PDEVICE_EXTENSION; 00314 00320 typedef struct __CPU_Private_Data 00321 { 00322 ULONG P; 00323 ULONG C; 00324 ULONG Free; 00325 PUCHAR Buffer; 00326 ULONG Accepted; 00327 00328 00329 00330 ULONG Received; 00331 00332 00333 00334 ULONG Dropped; 00335 00336 00337 00338 NDIS_SPIN_LOCK BufferLock; 00339 PMDL TransferMdl1; 00340 PMDL TransferMdl2; 00341 ULONG NewP; 00342 } 00343 CpuPrivateData; 00344 00345 00353 typedef struct _OPEN_INSTANCE 00354 { 00355 PDEVICE_EXTENSION DeviceExtension; 00356 00357 NDIS_HANDLE AdapterHandle; 00358 UINT Medium; 00359 00360 NDIS_HANDLE PacketPool; 00361 KSPIN_LOCK RequestSpinLock; 00362 LIST_ENTRY RequestList; 00363 LIST_ENTRY ResetIrpList; 00364 INTERNAL_REQUEST Requests[MAX_REQUESTS]; 00365 PMDL BufferMdl; 00366 PKEVENT ReadEvent; 00367 PUCHAR bpfprogram; 00368 00369 00370 00371 00372 #ifdef __NPF_x86__ 00373 JIT_BPF_Filter *Filter; 00374 00375 #endif 00376 UINT MinToCopy; 00377 00378 LARGE_INTEGER TimeOut; 00379 00380 00381 int mode; 00382 LARGE_INTEGER Nbytes; 00383 LARGE_INTEGER Npackets; 00384 NDIS_SPIN_LOCK CountersLock; 00385 UINT Nwrites; 00386 00387 ULONG Multiple_Write_Counter; 00388 NDIS_EVENT WriteEvent; 00389 BOOLEAN WriteInProgress; 00390 00391 NDIS_SPIN_LOCK WriteLock; 00392 NDIS_EVENT NdisRequestEvent; 00393 BOOLEAN SkipSentPackets; 00394 NDIS_STATUS IOStatus; 00395 HANDLE DumpFileHandle; 00396 PFILE_OBJECT DumpFileObject; 00397 PKTHREAD DumpThreadObject; 00398 HANDLE DumpThreadHandle; 00399 NDIS_EVENT DumpEvent; 00400 LARGE_INTEGER DumpOffset; 00401 UNICODE_STRING DumpFileName; 00402 UINT MaxDumpBytes; 00403 00404 UINT MaxDumpPacks; 00405 00406 00407 BOOLEAN DumpLimitReached; 00408 00409 MEM_TYPE mem_ex; 00410 TME_CORE tme; 00411 NDIS_SPIN_LOCK MachineLock; 00412 UINT MaxFrameSize; 00413 00414 CpuPrivateData CpuData[32]; 00415 ULONG ReaderSN; 00416 ULONG WriterSN; 00417 00418 ULONG Size; 00419 ULONG AdapterHandleUsageCounter; 00420 NDIS_SPIN_LOCK AdapterHandleLock; 00421 ULONG AdapterBindingStatus; 00422 00423 NDIS_EVENT NdisOpenCloseCompleteEvent; 00424 NDIS_EVENT NdisWriteCompleteEvent; 00425 NTSTATUS OpenCloseStatus; 00426 ULONG TransmitPendingPackets; 00427 } 00428 OPEN_INSTANCE, *POPEN_INSTANCE; 00429 00430 enum ADAPTER_BINDING_STATUS 00431 { 00432 ADAPTER_UNBOUND, 00433 ADAPTER_BOUND, 00434 ADAPTER_UNBINDING, 00435 }; 00436 00444 struct PacketHeader 00445 { 00446 ULONG SN; 00447 struct bpf_hdr header; 00448 }; 00449 00450 extern ULONG NCpu; 00451 00452 00453 #define TRANSMIT_PACKETS 256 00454 00455 00456 00458 #define EXIT_SUCCESS(quantity) Irp->IoStatus.Information=quantity; 00459 Irp->IoStatus.Status = STATUS_SUCCESS; 00460 IoCompleteRequest(Irp, IO_NO_INCREMENT); 00461 return STATUS_SUCCESS; 00462 00464 #define EXIT_FAILURE(quantity) Irp->IoStatus.Information=quantity; 00465 Irp->IoStatus.Status = STATUS_UNSUCCESSFUL; 00466 IoCompleteRequest(Irp, IO_NO_INCREMENT); 00467 return STATUS_UNSUCCESSFUL; 00468 00469 00474 /***************************/ 00475 /* Prototypes */ 00476 /***************************/ 00477 00494 NTSTATUS 00495 DriverEntry( 00496 IN PDRIVER_OBJECT DriverObject, 00497 IN PUNICODE_STRING RegistryPath 00498 ); 00499 00509 PWCHAR getAdaptersList(VOID); 00510 00517 PKEY_VALUE_PARTIAL_INFORMATION getTcpBindings(VOID); 00518 00530 BOOLEAN createDevice( 00531 IN OUT PDRIVER_OBJECT adriverObjectP, 00532 IN PUNICODE_STRING amacNameP, 00533 NDIS_HANDLE aProtoHandle); 00534 00546 NTSTATUS 00547 NPF_Open( 00548 IN PDEVICE_OBJECT DeviceObject, 00549 IN PIRP Irp 00550 ); 00551 00561 VOID 00562 NPF_OpenAdapterComplete( 00563 IN NDIS_HANDLE ProtocolBindingContext, 00564 IN NDIS_STATUS Status, 00565 IN NDIS_STATUS OpenErrorStatus 00566 ); 00567 00578 NTSTATUS 00579 NPF_Cleanup( 00580 IN PDEVICE_OBJECT DeviceObject, 00581 IN PIRP Irp 00582 ); 00583 00584 NTSTATUS 00585 NPF_Close( 00586 IN PDEVICE_OBJECT DeviceObject, 00587 IN PIRP Irp 00588 ); 00589 00590 00591 00600 VOID 00601 NPF_CloseAdapterComplete( 00602 IN NDIS_HANDLE ProtocolBindingContext, 00603 IN NDIS_STATUS Status 00604 ); 00605 00628 NDIS_STATUS 00629 NPF_tap( 00630 IN NDIS_HANDLE ProtocolBindingContext, 00631 IN NDIS_HANDLE MacReceiveContext, 00632 IN PVOID HeaderBuffer, 00633 IN UINT HeaderBufferSize, 00634 IN PVOID LookAheadBuffer, 00635 IN UINT LookaheadBufferSize, 00636 IN UINT PacketSize 00637 ); 00638 00649 VOID 00650 NPF_TransferDataComplete( 00651 IN NDIS_HANDLE ProtocolBindingContext, 00652 IN PNDIS_PACKET Packet, 00653 IN NDIS_STATUS Status, 00654 IN UINT BytesTransferred 00655 ); 00656 00663 VOID 00664 NPF_ReceiveComplete(IN NDIS_HANDLE ProtocolBindingContext); 00665 00689 NTSTATUS 00690 NPF_IoControl( 00691 IN PDEVICE_OBJECT DeviceObject, 00692 IN PIRP Irp 00693 ); 00694 00695 VOID 00696 00706 NPF_RequestComplete( 00707 IN NDIS_HANDLE ProtocolBindingContext, 00708 IN PNDIS_REQUEST pRequest, 00709 IN NDIS_STATUS Status 00710 ); 00711 00724 NTSTATUS 00725 NPF_Write( 00726 IN PDEVICE_OBJECT DeviceObject, 00727 IN PIRP Irp 00728 ); 00729 00730 00750 INT NPF_BufferedWrite(IN PIRP Irp, 00751 IN PCHAR UserBuff, 00752 IN ULONG UserBuffSize, 00753 BOOLEAN sync); 00754 00762 VOID NPF_WaitEndOfBufferedWrite(POPEN_INSTANCE Open); 00763 00773 VOID 00774 NPF_SendComplete( 00775 IN NDIS_HANDLE ProtocolBindingContext, 00776 IN PNDIS_PACKET pPacket, 00777 IN NDIS_STATUS Status 00778 ); 00779 00789 VOID 00790 NPF_ResetComplete( 00791 IN NDIS_HANDLE ProtocolBindingContext, 00792 IN NDIS_STATUS Status 00793 ); 00794 00798 VOID 00799 NPF_Status( 00800 IN NDIS_HANDLE ProtocolBindingContext, 00801 IN NDIS_STATUS Status, 00802 IN PVOID StatusBuffer, 00803 IN UINT StatusBufferSize 00804 ); 00805 00806 00810 VOID 00811 NPF_StatusComplete(IN NDIS_HANDLE ProtocolBindingContext); 00812 00821 VOID 00822 NPF_Unload(IN PDRIVER_OBJECT DriverObject); 00823 00824 00843 NTSTATUS 00844 NPF_Read( 00845 IN PDEVICE_OBJECT DeviceObject, 00846 IN PIRP Irp 00847 ); 00848 00854 NTSTATUS 00855 NPF_ReadRegistry( 00856 IN PWSTR *MacDriverName, 00857 IN PWSTR *PacketDriverName, 00858 IN PUNICODE_STRING RegistryPath 00859 ); 00860 00867 NTSTATUS 00868 NPF_QueryRegistryRoutine( 00869 IN PWSTR ValueName, 00870 IN ULONG ValueType, 00871 IN PVOID ValueData, 00872 IN ULONG ValueLength, 00873 IN PVOID Context, 00874 IN PVOID EntryContext 00875 ); 00876 00882 VOID NPF_BindAdapter( 00883 OUT PNDIS_STATUS Status, 00884 IN NDIS_HANDLE BindContext, 00885 IN PNDIS_STRING DeviceName, 00886 IN PVOID SystemSpecific1, 00887 IN PVOID SystemSpecific2 00888 ); 00889 00901 VOID 00902 NPF_UnbindAdapter( 00903 OUT PNDIS_STATUS Status, 00904 IN NDIS_HANDLE ProtocolBindingContext, 00905 IN NDIS_HANDLE UnbindContext 00906 ); 00907 00908 00916 NTSTATUS NPF_OpenDumpFile(POPEN_INSTANCE Open , PUNICODE_STRING fileName, BOOLEAN append); 00917 00926 NTSTATUS NPF_StartDump(POPEN_INSTANCE Open); 00927 00935 VOID NPF_DumpThread(PVOID Open); 00936 00943 NTSTATUS NPF_SaveCurrentBuffer(POPEN_INSTANCE Open); 00944 00957 VOID NPF_WriteDumpFile(PFILE_OBJECT FileObject, 00958 PLARGE_INTEGER Offset, 00959 ULONG Length, 00960 PMDL Mdl, 00961 PIO_STATUS_BLOCK IoStatusBlock); 00962 00963 00964 00970 NTSTATUS NPF_CloseDumpFile(POPEN_INSTANCE Open); 00971 00972 VOID 00973 NPF_CloseOpenInstance(POPEN_INSTANCE pOpen); 00974 00975 BOOLEAN 00976 NPF_StartUsingBinding( 00977 IN POPEN_INSTANCE pOpen); 00978 00979 VOID 00980 NPF_StopUsingBinding( 00981 IN POPEN_INSTANCE pOpen); 00982 00983 VOID 00984 NPF_CloseBinding( 00985 IN POPEN_INSTANCE pOpen); 00986 00987 NTSTATUS 00988 NPF_GetDeviceMTU( 00989 IN POPEN_INSTANCE pOpen, 00990 IN PIRP pIrp, 00991 OUT PUINT pMtu); 00992 00997 UINT GetBuffOccupation(POPEN_INSTANCE Open); 00998 01010 #ifdef NDIS50 01011 NDIS_STATUS NPF_PowerChange(IN NDIS_HANDLE ProtocolBindingContext, IN PNET_PNP_EVENT pNetPnPEvent); 01012 #endif 01013 01014 // 01015 // Old registry based WinPcap names 01016 // 01018 // brief Helper function to query a value from the global WinPcap registry key 01019 //*/ 01020 //VOID NPF_QueryWinpcapRegistryString(PWSTR SubKeyName, 01021 // WCHAR *Value, 01022 // UINT ValueLen, 01023 // WCHAR *DefaultValue); 01024 // 01025 01026 01035 #endif /*main ifndef/define*/