42 #ifndef __PACKET_INCLUDE______ 43 #define __PACKET_INCLUDE______ 45 #if !defined(NDIS30) && !defined(NDIS50) 46 #error NDIS30 or NDIS50 should be defined 54 #ifdef HAVE_BUGGY_TME_SUPPORT 56 #error TME support is available only on x86 architectures 58 #endif //HAVE_BUGGY_TME_SUPPORT 66 #pragma warning(disable:4068) 71 #define MAX_REQUESTS 32 73 #define Packet_ALIGNMENT sizeof(int) 74 #define Packet_WORDALIGN(x) (((x)+(Packet_ALIGNMENT-1))&~(Packet_ALIGNMENT-1)) 77 #define KERNEL_EVENT_NAMESPACE L"\\BaseNamedObjects\\" 84 #define MODE_DUMP 0x10 89 #define NDIS_FLAGS_SKIP_LOOPBACK_W2K 0x400 93 #define TCPDUMP_MAGIC 0xa1b2c3d4 94 #define PCAP_VERSION_MAJOR 2 95 #define PCAP_VERSION_MINOR 4 98 #define NPF_DISABLE_LOOPBACK 1 99 #define NPF_ENABLE_LOOPBACK 2 189 #define RESERVED(_p) ((PPACKET_RESERVED)((_p)->ProtocolReserved)) 295 #ifdef HAVE_BUGGY_TME_SUPPORT 299 #endif //HAVE_BUGGY_TME_SUPPORT 352 #define TRANSMIT_PACKETS 256 357 #define EXIT_SUCCESS(quantity) Irp->IoStatus.Information=quantity;\ 358 Irp->IoStatus.Status = STATUS_SUCCESS;\ 359 IoCompleteRequest(Irp, IO_NO_INCREMENT);\ 360 return STATUS_SUCCESS;\ 362 #define EXIT_FAILURE(quantity) Irp->IoStatus.Information=quantity;\ 364 Irp->IoStatus.Status = STATUS_UNSUCCESSFUL;\ 365 IoCompleteRequest(Irp, IO_NO_INCREMENT);\ 366 return STATUS_UNSUCCESSFUL;\ 395 IN PDRIVER_OBJECT DriverObject,
396 IN PUNICODE_STRING RegistryPath
429 IN OUT PDRIVER_OBJECT adriverObjectP,
430 IN PUNICODE_STRING amacNameP
445 IN PDEVICE_OBJECT DeviceObject,
460 IN NDIS_HANDLE ProtocolBindingContext,
461 IN NDIS_STATUS Status,
462 IN NDIS_STATUS OpenErrorStatus
477 IN PDEVICE_OBJECT DeviceObject,
483 IN PDEVICE_OBJECT DeviceObject,
499 IN NDIS_HANDLE ProtocolBindingContext,
500 IN NDIS_STATUS Status
527 IN NDIS_HANDLE ProtocolBindingContext,
528 IN NDIS_HANDLE MacReceiveContext,
529 IN PVOID HeaderBuffer,
530 IN UINT HeaderBufferSize,
531 IN PVOID LookAheadBuffer,
532 IN UINT LookaheadBufferSize,
548 IN NDIS_HANDLE ProtocolBindingContext,
549 IN PNDIS_PACKET Packet,
550 IN NDIS_STATUS Status,
551 IN UINT BytesTransferred
588 IN PDEVICE_OBJECT DeviceObject,
604 IN NDIS_HANDLE ProtocolBindingContext,
605 IN PNDIS_REQUEST pRequest,
606 IN NDIS_STATUS Status
623 IN PDEVICE_OBJECT DeviceObject,
649 IN ULONG UserBuffSize,
672 IN NDIS_HANDLE ProtocolBindingContext,
673 IN PNDIS_PACKET pPacket,
674 IN NDIS_STATUS Status
688 IN NDIS_HANDLE ProtocolBindingContext,
689 IN NDIS_STATUS Status
697 IN NDIS_HANDLE ProtocolBindingContext,
698 IN NDIS_STATUS Status,
699 IN PVOID StatusBuffer,
700 IN UINT StatusBufferSize
742 IN PDEVICE_OBJECT DeviceObject,
753 IN PWSTR *MacDriverName,
754 IN PWSTR *PacketDriverName,
755 IN PUNICODE_STRING RegistryPath
769 IN ULONG ValueLength,
771 IN PVOID EntryContext
780 OUT PNDIS_STATUS Status,
781 IN NDIS_HANDLE BindContext,
782 IN PNDIS_STRING DeviceName,
783 IN PVOID SystemSpecific1,
784 IN PVOID SystemSpecific2
800 OUT PNDIS_STATUS Status,
801 IN NDIS_HANDLE ProtocolBindingContext,
802 IN NDIS_HANDLE UnbindContext
855 PLARGE_INTEGER Offset,
858 PIO_STATUS_BLOCK IoStatusBlock);
917 NDIS_STATUS NPF_PowerChange(IN NDIS_HANDLE ProtocolBindingContext, IN PNET_PNP_EVENT pNetPnPEvent);
NTSTATUS NPF_OpenDumpFile(POPEN_INSTANCE Open, PUNICODE_STRING fileName, BOOLEAN append)
Creates the file that will receive the packets when the driver is in dump mode.
BOOLEAN NPF_CreateDevice(IN OUT PDRIVER_OBJECT adriverObjectP, IN PUNICODE_STRING amacNameP)
Creates a device for a given MAC.
PMDL TransferMdl2
Second MDL used to map the portion of the buffer that will contain an incoming packet.
struct _PACKET_OID_DATA * PPACKET_OID_DATA
VOID NPF_StopUsingOpenInstance(IN POPEN_INSTANCE pOpen)
NDIS_SPIN_LOCK BufferLock
It protects the buffer associated with this CPU.
ULONG NewP
Used by NdisTransferData() (when we call NdisTransferData, p index must be updated only in the Transf...
Structure describing a x86 filtering program created by the jitter.
VOID NPF_Status(IN NDIS_HANDLE ProtocolBindingContext, IN NDIS_STATUS Status, IN PVOID StatusBuffer, IN UINT StatusBufferSize)
Callback for NDIS StatusHandler. Not used by NPF.
ULONG TransmitPendingPackets
Specifies the number of packets that are pending to be transmitted, i.e. have been submitted to NdisS...
BOOLEAN NPF_StartUsingBinding(IN POPEN_INSTANCE pOpen)
ULONG Size
Size of each kernel buffer contained in the CpuData field.
ULONG AdapterHandleUsageCounter
NDIS_SPIN_LOCK OpenInUseLock
struct _PACKET_OID_DATA PACKET_OID_DATA
Structure containing an OID request.
PDEVICE_EXTENSION DeviceExtension
struct timeval ts
time stamp
NTSTATUS NPF_IoControl(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp)
Handles the IOCTL calls.
LIST_ENTRY ListElement
Used to handle lists of packets.
INTERNAL_REQUEST Requests[MAX_REQUESTS]
Array of structures that wrap every single OID request.
BOOLEAN FreeBufAfterWrite
VOID NPF_SendComplete(IN NDIS_HANDLE ProtocolBindingContext, IN PNDIS_PACKET pPacket, IN NDIS_STATUS Status)
Ends a send operation.
VOID NPF_StopUsingBinding(IN POPEN_INSTANCE pOpen)
NTSTATUS NPF_Close(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp)
LIST_ENTRY ListElement
Used to handle lists of requests.
NDIS_SPIN_LOCK AdapterHandleLock
VOID NPF_WaitEndOfBufferedWrite(POPEN_INSTANCE Open)
Waits the completion of all the sends performed by NPF_BufferedWrite.
struct _INTERNAL_REQUEST INTERNAL_REQUEST
Stores an OID request.
Header associated to a packet in the driver's buffer when the driver is in dump mode....
PMDL BufferMdl
Pointer to a Memory descriptor list (MDL) that maps the circular buffer's memory.
LIST_ENTRY RequestList
List of pending OID requests.
BOOLEAN NPF_StartUsingOpenInstance(IN POPEN_INSTANCE pOpen)
LARGE_INTEGER Npackets
Number of packets accepted by the filter when this instance is in statistical mode.
NTSTATUS NPF_QueryRegistryRoutine(IN PWSTR ValueName, IN ULONG ValueType, IN PVOID ValueData, IN ULONG ValueLength, IN PVOID Context, IN PVOID EntryContext)
Function used by NPF_ReadRegistry() to quesry the registry keys associated woth NPF if the driver is ...
struct _INTERNAL_REQUEST * PINTERNAL_REQUEST
NDIS_EVENT NdisOpenCloseCompleteEvent
NDIS_HANDLE AdapterHandle
NDIS idetifier of the adapter used by this instance.
VOID NPF_StatusComplete(IN NDIS_HANDLE ProtocolBindingContext)
Callback for NDIS StatusCompleteHandler. Not used by NPF.
PFILE_OBJECT DumpFileObject
Pointer to the object of the file used in dump mode.
VOID NPF_Unload(IN PDRIVER_OBJECT DriverObject)
Function called by the OS when NPF is unloaded.
NDIS_SPIN_LOCK CountersLock
SpinLock that protects the statistical mode counters.
NTSTATUS NPF_CloseDumpFile(POPEN_INSTANCE Open)
Closes the dump file associated with an instance of the driver.
NTSTATUS NPF_Write(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp)
Writes a raw packet to the network.
PKEY_VALUE_PARTIAL_INFORMATION getTcpBindings(VOID)
Returns the MACs that bind to TCP/IP.
ULONG C
Zero-based index of the consumer in the buffer. It indicates the first free byte to be read.
NDIS_EVENT NdisRequestEvent
Event used to synchronize I/O requests with the callback structure of NDIS.
PMDL pMdl
MDL mapping the buffer of the packet.
Structure containing an OID request.
PKEVENT ReadEvent
Pointer to the event on which the read calls on this instance must wait.
VOID NPF_TransferDataComplete(IN NDIS_HANDLE ProtocolBindingContext, IN PNDIS_PACKET Packet, IN NDIS_STATUS Status, IN UINT BytesTransferred)
Ends the transfer of a packet.
VOID NPF_DumpThread(PVOID Open)
The dump thread.
VOID NPF_RequestComplete(IN NDIS_HANDLE ProtocolBindingContext, IN PNDIS_REQUEST pRequest, IN NDIS_STATUS Status)
Ends an OID request.
NDIS_HANDLE PacketPool
Pool of NDIS_PACKET structures used to transfer the packets from and to the NIC driver.
NTSTATUS NPF_SaveCurrentBuffer(POPEN_INSTANCE Open)
Saves the content of the packet buffer to the file associated with current instance.
ULONG Length
Length of the data field.
ULONG Multiple_Write_Counter
Counts the number of times a single write has already physically repeated.
UINT GetBuffOccupation(POPEN_INSTANCE Open)
Returns the amount of bytes present in the packet buffer.
INT NPF_BufferedWrite(IN PIRP Irp, IN PCHAR UserBuff, IN ULONG UserBuffSize, BOOLEAN sync)
Writes a buffer of raw packets to the network.
HANDLE DumpThreadHandle
Handle of the thread created by dump mode to asynchronously move the buffer to disk.
NDIS_SPIN_LOCK WriteLock
SpinLock that protects the WriteInProgress variable.
NDIS_EVENT DumpEvent
Event used to synchronize the dump thread with the tap when the instance is in dump mode.
VOID NPF_CloseBinding(IN POPEN_INSTANCE pOpen)
LARGE_INTEGER DumpOffset
Current offset in the dump file.
KSPIN_LOCK RequestSpinLock
SpinLock used to synchronize the OID requests.
PKTHREAD DumpThreadObject
Pointer to the object of the thread used in dump mode.
NTSTATUS NPF_StartDump(POPEN_INSTANCE Open)
Starts dump to file.
UNICODE_STRING DumpFileName
String containing the name of the dump file.
VOID NPF_UnbindAdapter(OUT PNDIS_STATUS Status, IN NDIS_HANDLE ProtocolBindingContext, IN NDIS_HANDLE UnbindContext)
Callback for NDIS UnbindAdapterHandler.
NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath)
The initialization routine of the driver.
VOID NPF_ReceiveComplete(IN NDIS_HANDLE ProtocolBindingContext)
Callback function that signals the end of a packet reception.
struct _OPEN_INSTANCE * POPEN_INSTANCE
VOID NPF_BindAdapter(OUT PNDIS_STATUS Status, IN NDIS_HANDLE BindContext, IN PNDIS_STRING DeviceName, IN PVOID SystemSpecific1, IN PVOID SystemSpecific2)
Callback for NDIS BindAdapterHandler. Not used by NPF.
BOOLEAN SkipSentPackets
True if this instance should not capture back the packets that it transmits.
ULONG ReaderSN
Sequence number of the next packet to be read from the pool of kernel buffers.
struct _DEVICE_EXTENSION DEVICE_EXTENSION
Port device extension.
NDIS_STRING AdapterName
Name of the adapter.
VOID NPF_ResetComplete(IN NDIS_HANDLE ProtocolBindingContext, IN NDIS_STATUS Status)
Ends a reset of the adapter.
PUCHAR Buffer
Pointer to the kernel buffer used to capture packets.
Kernel buffer of each CPU.
UINT len
Length of the original packet (off wire).
NDIS_EVENT WriteEvent
Event used to synchronize the multiple write process.
VOID NPF_CloseAdapterComplete(IN NDIS_HANDLE ProtocolBindingContext, IN NDIS_STATUS Status)
Ends the closing of an adapter.
PIRP Irp
Irp that performed the request.
NDIS_HANDLE g_NdisProtocolHandle
struct __CPU_Private_Data CpuPrivateData
Kernel buffer of each CPU.
HANDLE DumpFileHandle
Handle of the file used in dump mode.
NDIS_EVENT NdisWriteCompleteEvent
Event that is signalled when all the packets have been successfully sent by NdisSend (and corresponfi...
NDIS_STATUS IOStatus
Maintains the status of and OID request call, that will be passed to the application.
LIST_ENTRY ResetIrpList
List of pending adapter reset requests.
NDIS_REQUEST Request
The structure with the actual request, that will be passed to NdisRequest().
ULONG Free
Number of the free bytes in the buffer.
NDIS_EVENT InternalRequestCompletedEvent
NDIS_SPIN_LOCK MachineLock
SpinLock that protects the BPF filter and the TME engine, if in use.
Contains the state of a running instance of the NPF driver.
LARGE_INTEGER Nbytes
Amount of bytes accepted by the filter when this instance is in statistical mode.
int mode
Working mode of the driver. See PacketSetMode() for details.
NTSTATUS NPF_Open(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp)
Opens a new instance of the driver.
ULONG AdapterBindingStatus
Specifies if NPF is still bound to the adapter used by this instance, it's unbinding or it's not boun...
NTSTATUS NPF_Cleanup(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp)
Closes an instance of the driver.
struct time_conv G_Start_Time
VOID NPF_CloseOpenInstance(IN POPEN_INSTANCE pOpen)
struct _PACKET_RESERVED * PPACKET_RESERVED
NDIS_STATUS RequestStatus
VOID NPF_OpenAdapterComplete(IN NDIS_HANDLE ProtocolBindingContext, IN NDIS_STATUS Status, IN NDIS_STATUS OpenErrorStatus)
Ends the opening of an adapter.
CpuPrivateData CpuData[sizeof(KAFFINITY) *8]
Pool of kernel buffer structures, one for each CPU.
ULONG Cpu
The CPU on which the packet was pulled out of the linked list of free packets.
NTSTATUS NPF_GetDeviceMTU(IN POPEN_INSTANCE pOpen, IN PIRP pIrp, OUT PUINT pMtu)
ULONG P
Zero-based index of the producer in the buffer. It indicates the first free byte to be written.
struct _OPEN_INSTANCE OPEN_INSTANCE
Contains the state of a running instance of the NPF driver.
PMDL TransferMdl1
MDL used to map the portion of the buffer that will contain an incoming packet.
NTSTATUS NPF_Read(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp)
Function that serves the user's reads.
#define MAX_REQUESTS
Maximum number of simultaneous IOCTL requests.
struct _DEVICE_EXTENSION * PDEVICE_EXTENSION
VOID NPF_WriteDumpFile(PFILE_OBJECT FileObject, PLARGE_INTEGER Offset, ULONG Length, PMDL Mdl, PIO_STATUS_BLOCK IoStatusBlock)
Writes a block of packets on the dump file.
NDIS_STATUS NPF_tap(IN NDIS_HANDLE ProtocolBindingContext, IN NDIS_HANDLE MacReceiveContext, IN PVOID HeaderBuffer, IN UINT HeaderBufferSize, IN PVOID LookAheadBuffer, IN UINT LookaheadBufferSize, IN UINT PacketSize)
Callback invoked by NDIS when a packet arrives from the network.
NTSTATUS NPF_ReadRegistry(IN PWSTR *MacDriverName, IN PWSTR *PacketDriverName, IN PUNICODE_STRING RegistryPath)
Reads the registry keys associated woth NPF if the driver is manually installed via the control panel...
struct _PACKET_RESERVED PACKET_RESERVED
Contains a NDIS packet.
PWCHAR getAdaptersList(VOID)
Returns the list of the MACs available on the system.