00001 /* 00002 * Copyright (c) 1999 - 2005 NetGroup, Politecnico di Torino (Italy) 00003 * Copyright (c) 2005 - 2006 CACE Technologies, Davis (California) 00004 * All rights reserved. 00005 * 00006 * Redistribution and use in source and binary forms, with or without 00007 * modification, are permitted provided that the following conditions 00008 * are met: 00009 * 00010 * 1. Redistributions of source code must retain the above copyright 00011 * notice, this list of conditions and the following disclaimer. 00012 * 2. Redistributions in binary form must reproduce the above copyright 00013 * notice, this list of conditions and the following disclaimer in the 00014 * documentation and/or other materials provided with the distribution. 00015 * 3. Neither the name of the Politecnico di Torino, CACE Technologies 00016 * nor the names of its contributors may be used to endorse or promote 00017 * products derived from this software without specific prior written 00018 * permission. 00019 * 00020 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 00021 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 00022 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 00023 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 00024 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 00025 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 00026 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 00027 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 00028 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 00029 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 00030 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 00031 * 00032 */ 00033 00042 #ifndef __PACKET_INCLUDE______ 00043 #define __PACKET_INCLUDE______ 00044 00045 #ifdef __NPF_x86__ 00046 #define NTKERNEL 00047 #include "jitter.h" 00048 #endif 00049 00050 00051 #include "win_bpf.h" 00052 00053 #define MAX_REQUESTS 32 00054 00055 #define Packet_ALIGNMENT sizeof(int) 00056 #define Packet_WORDALIGN(x) (((x)+(Packet_ALIGNMENT-1))&~(Packet_ALIGNMENT-1)) 00057 00058 00059 #define KERNEL_EVENT_NAMESPACE L"\\BaseNamedObjects\\" 00060 00061 /***************************/ 00062 /* IOCTLs */ 00063 /***************************/ 00064 00073 #define BIOCSETBUFFERSIZE 9592 00074 00085 #define BIOCSETF 9030 00086 00093 #define BIOCGSTATS 9031 00094 00100 #define BIOCSRTIMEOUT 7416 00101 00109 #define BIOCSMODE 7412 00110 00117 #define BIOCSWRITEREP 7413 00118 00124 #define BIOCSMINTOCOPY 7414 00125 00131 #define BIOCSETOID 2147483648 00132 00138 #define BIOCQUERYOID 2147483652 00139 00147 #define BIOCSETDUMPFILENAME 9029 00148 00155 #define BIOCGEVNAME 7415 00156 00164 #define BIOCSENDPACKETSNOSYNC 9032 00165 00174 #define BIOCSENDPACKETSSYNC 9033 00175 00182 #define BIOCSETDUMPLIMITS 9034 00183 00190 #define BIOCISDUMPENDED 7411 00191 00197 #define BIOCISETLOBBEH 7410 00198 00208 #define BIOCSETEVENTHANDLE 7920 00209 00210 // Working modes 00211 #define MODE_CAPT 0x0 00212 #define MODE_STAT 0x1 00213 #define MODE_MON 0x2 00214 #define MODE_DUMP 0x10 00215 00216 00217 #define IMMEDIATE 1 00218 00219 #define NDIS_FLAGS_SKIP_LOOPBACK_W2K 0x400 00220 00221 // The following definitions are used to provide compatibility 00222 // of the dump files with the ones of libpcap 00223 #define TCPDUMP_MAGIC 0xa1b2c3d4 00224 #define PCAP_VERSION_MAJOR 2 00225 #define PCAP_VERSION_MINOR 4 00226 00227 // Loopback behaviour definitions 00228 #define NPF_DISABLE_LOOPBACK 1 00229 #define NPF_ENABLE_LOOPBACK 2 00230 00231 00236 struct packet_file_header 00237 { 00238 UINT magic; 00239 USHORT version_major; 00240 USHORT version_minor; 00241 UINT thiszone; 00242 UINT sigfigs; 00243 UINT snaplen; 00244 UINT linktype; 00245 }; 00246 00251 struct sf_pkthdr { 00252 struct timeval ts; 00253 UINT caplen; 00254 00255 00256 UINT len; 00257 }; 00258 00268 typedef struct _INTERNAL_REQUEST { 00269 LIST_ENTRY ListElement; 00270 // PIRP Irp; ///< Irp that performed the request 00271 // BOOLEAN Internal; ///< True if the request is for internal use of npf.sys. False if the request is performed by the user through an IOCTL. 00272 NDIS_EVENT InternalRequestCompletedEvent; 00273 NDIS_REQUEST Request; 00274 NDIS_STATUS RequestStatus; 00275 00276 } INTERNAL_REQUEST, *PINTERNAL_REQUEST; 00277 00285 typedef struct _PACKET_RESERVED { 00286 LIST_ENTRY ListElement; 00287 PIRP Irp; 00288 PMDL pMdl; 00289 BOOLEAN FreeBufAfterWrite; 00290 00291 ULONG Cpu; 00292 } PACKET_RESERVED, *PPACKET_RESERVED; 00293 00294 #define RESERVED(_p) ((PPACKET_RESERVED)((_p)->ProtocolReserved)) 00295 00296 00301 typedef struct _DEVICE_EXTENSION { 00302 NDIS_HANDLE NdisProtocolHandle; 00303 NDIS_STRING AdapterName; 00304 PWSTR ExportString; 00305 00306 } DEVICE_EXTENSION, *PDEVICE_EXTENSION; 00307 00313 typedef struct __CPU_Private_Data 00314 { 00315 ULONG P; 00316 ULONG C; 00317 ULONG Free; 00318 PUCHAR Buffer; 00319 ULONG Accepted; 00320 00321 00322 00323 ULONG Received; 00324 00325 00326 00327 ULONG Dropped; 00328 00329 00330 00331 volatile ULONG Processing; 00332 PMDL TransferMdl1; 00333 PMDL TransferMdl2; 00334 ULONG NewP; 00335 } 00336 CpuPrivateData; 00337 00338 00346 typedef struct _OPEN_INSTANCE 00347 { 00348 PDEVICE_EXTENSION DeviceExtension; 00349 00350 NDIS_HANDLE AdapterHandle; 00351 UINT Medium; 00352 00353 NDIS_HANDLE PacketPool; 00354 KSPIN_LOCK RequestSpinLock; 00355 LIST_ENTRY RequestList; 00356 LIST_ENTRY ResetIrpList; 00357 INTERNAL_REQUEST Requests[MAX_REQUESTS]; 00358 PMDL BufferMdl; 00359 PKEVENT ReadEvent; 00360 PUCHAR bpfprogram; 00361 00362 00363 00364 00365 #ifdef __NPF_x86__ 00366 JIT_BPF_Filter *Filter; 00367 00368 #endif 00369 UINT MinToCopy; 00370 00371 LARGE_INTEGER TimeOut; 00372 00373 00374 int mode; 00375 LARGE_INTEGER Nbytes; 00376 LARGE_INTEGER Npackets; 00377 NDIS_SPIN_LOCK CountersLock; 00378 UINT Nwrites; 00379 00380 ULONG Multiple_Write_Counter; 00381 NDIS_EVENT WriteEvent; 00382 BOOLEAN WriteInProgress; 00383 00384 NDIS_SPIN_LOCK WriteLock; 00385 NDIS_EVENT NdisRequestEvent; 00386 BOOLEAN SkipSentPackets; 00387 NDIS_STATUS IOStatus; 00388 HANDLE DumpFileHandle; 00389 PFILE_OBJECT DumpFileObject; 00390 PKTHREAD DumpThreadObject; 00391 HANDLE DumpThreadHandle; 00392 NDIS_EVENT DumpEvent; 00393 LARGE_INTEGER DumpOffset; 00394 UNICODE_STRING DumpFileName; 00395 UINT MaxDumpBytes; 00396 00397 UINT MaxDumpPacks; 00398 00399 00400 BOOLEAN DumpLimitReached; 00401 00402 MEM_TYPE mem_ex; 00403 TME_CORE tme; 00404 NDIS_SPIN_LOCK MachineLock; 00405 UINT MaxFrameSize; 00406 00407 CpuPrivateData CpuData[32]; 00408 ULONG ReaderSN; 00409 ULONG WriterSN; 00410 00411 ULONG Size; 00412 ULONG SkipProcessing; 00413 00414 00415 00416 ULONG AdapterHandleUsageCounter; 00417 NDIS_SPIN_LOCK AdapterHandleLock; 00418 ULONG AdapterBindingStatus; 00419 00420 NDIS_EVENT NdisOpenCloseCompleteEvent; 00421 NTSTATUS OpenCloseStatus; 00422 } 00423 OPEN_INSTANCE, *POPEN_INSTANCE; 00424 00425 enum ADAPTER_BINDING_STATUS 00426 { 00427 ADAPTER_UNBOUND, 00428 ADAPTER_BOUND, 00429 ADAPTER_UNBINDING, 00430 }; 00431 00439 struct PacketHeader 00440 { 00441 ULONG SN; 00442 struct bpf_hdr header; 00443 }; 00444 00445 00446 #define TRANSMIT_PACKETS 256 00447 00448 00449 00451 #define EXIT_SUCCESS(quantity) Irp->IoStatus.Information=quantity;\ 00452 Irp->IoStatus.Status = STATUS_SUCCESS;\ 00453 IoCompleteRequest(Irp, IO_NO_INCREMENT);\ 00454 return STATUS_SUCCESS;\ 00455 00456 00457 #define EXIT_FAILURE(quantity) Irp->IoStatus.Information=quantity;\ 00458 Irp->IoStatus.Status = STATUS_UNSUCCESSFUL;\ 00459 IoCompleteRequest(Irp, IO_NO_INCREMENT);\ 00460 return STATUS_UNSUCCESSFUL;\ 00461 00462 00467 /***************************/ 00468 /* Prototypes */ 00469 /***************************/ 00470 00487 NTSTATUS 00488 DriverEntry( 00489 IN PDRIVER_OBJECT DriverObject, 00490 IN PUNICODE_STRING RegistryPath 00491 ); 00492 00502 PWCHAR getAdaptersList(VOID); 00503 00510 PKEY_VALUE_PARTIAL_INFORMATION getTcpBindings(VOID); 00511 00523 BOOLEAN createDevice( 00524 IN OUT PDRIVER_OBJECT adriverObjectP, 00525 IN PUNICODE_STRING amacNameP, 00526 NDIS_HANDLE aProtoHandle); 00527 00539 NTSTATUS 00540 NPF_Open( 00541 IN PDEVICE_OBJECT DeviceObject, 00542 IN PIRP Irp 00543 ); 00544 00554 VOID 00555 NPF_OpenAdapterComplete( 00556 IN NDIS_HANDLE ProtocolBindingContext, 00557 IN NDIS_STATUS Status, 00558 IN NDIS_STATUS OpenErrorStatus 00559 ); 00560 00571 NTSTATUS 00572 NPF_Cleanup( 00573 IN PDEVICE_OBJECT DeviceObject, 00574 IN PIRP Irp 00575 ); 00576 00577 NTSTATUS 00578 NPF_Close( 00579 IN PDEVICE_OBJECT DeviceObject, 00580 IN PIRP Irp 00581 ); 00582 00583 00584 00593 VOID 00594 NPF_CloseAdapterComplete( 00595 IN NDIS_HANDLE ProtocolBindingContext, 00596 IN NDIS_STATUS Status 00597 ); 00598 00621 NDIS_STATUS 00622 NPF_tap( 00623 IN NDIS_HANDLE ProtocolBindingContext, 00624 IN NDIS_HANDLE MacReceiveContext, 00625 IN PVOID HeaderBuffer, 00626 IN UINT HeaderBufferSize, 00627 IN PVOID LookAheadBuffer, 00628 IN UINT LookaheadBufferSize, 00629 IN UINT PacketSize 00630 ); 00631 00642 VOID 00643 NPF_TransferDataComplete( 00644 IN NDIS_HANDLE ProtocolBindingContext, 00645 IN PNDIS_PACKET Packet, 00646 IN NDIS_STATUS Status, 00647 IN UINT BytesTransferred 00648 ); 00649 00656 VOID 00657 NPF_ReceiveComplete(IN NDIS_HANDLE ProtocolBindingContext); 00658 00682 NTSTATUS 00683 NPF_IoControl( 00684 IN PDEVICE_OBJECT DeviceObject, 00685 IN PIRP Irp 00686 ); 00687 00688 VOID 00689 00699 NPF_RequestComplete( 00700 IN NDIS_HANDLE ProtocolBindingContext, 00701 IN PNDIS_REQUEST pRequest, 00702 IN NDIS_STATUS Status 00703 ); 00704 00717 NTSTATUS 00718 NPF_Write( 00719 IN PDEVICE_OBJECT DeviceObject, 00720 IN PIRP Irp 00721 ); 00722 00723 00743 INT NPF_BufferedWrite(IN PIRP Irp, 00744 IN PCHAR UserBuff, 00745 IN ULONG UserBuffSize, 00746 BOOLEAN sync); 00747 00755 VOID NPF_WaitEndOfBufferedWrite(POPEN_INSTANCE Open); 00756 00766 VOID 00767 NPF_SendComplete( 00768 IN NDIS_HANDLE ProtocolBindingContext, 00769 IN PNDIS_PACKET pPacket, 00770 IN NDIS_STATUS Status 00771 ); 00772 00782 VOID 00783 NPF_ResetComplete( 00784 IN NDIS_HANDLE ProtocolBindingContext, 00785 IN NDIS_STATUS Status 00786 ); 00787 00791 VOID 00792 NPF_Status( 00793 IN NDIS_HANDLE ProtocolBindingContext, 00794 IN NDIS_STATUS Status, 00795 IN PVOID StatusBuffer, 00796 IN UINT StatusBufferSize 00797 ); 00798 00799 00803 VOID 00804 NPF_StatusComplete(IN NDIS_HANDLE ProtocolBindingContext); 00805 00814 VOID 00815 NPF_Unload(IN PDRIVER_OBJECT DriverObject); 00816 00817 00836 NTSTATUS 00837 NPF_Read( 00838 IN PDEVICE_OBJECT DeviceObject, 00839 IN PIRP Irp 00840 ); 00841 00847 NTSTATUS 00848 NPF_ReadRegistry( 00849 IN PWSTR *MacDriverName, 00850 IN PWSTR *PacketDriverName, 00851 IN PUNICODE_STRING RegistryPath 00852 ); 00853 00860 NTSTATUS 00861 NPF_QueryRegistryRoutine( 00862 IN PWSTR ValueName, 00863 IN ULONG ValueType, 00864 IN PVOID ValueData, 00865 IN ULONG ValueLength, 00866 IN PVOID Context, 00867 IN PVOID EntryContext 00868 ); 00869 00875 VOID NPF_BindAdapter( 00876 OUT PNDIS_STATUS Status, 00877 IN NDIS_HANDLE BindContext, 00878 IN PNDIS_STRING DeviceName, 00879 IN PVOID SystemSpecific1, 00880 IN PVOID SystemSpecific2 00881 ); 00882 00894 VOID 00895 NPF_UnbindAdapter( 00896 OUT PNDIS_STATUS Status, 00897 IN NDIS_HANDLE ProtocolBindingContext, 00898 IN NDIS_HANDLE UnbindContext 00899 ); 00900 00901 00909 NTSTATUS NPF_OpenDumpFile(POPEN_INSTANCE Open , PUNICODE_STRING fileName, BOOLEAN append); 00910 00919 NTSTATUS NPF_StartDump(POPEN_INSTANCE Open); 00920 00928 VOID NPF_DumpThread(PVOID Open); 00929 00936 NTSTATUS NPF_SaveCurrentBuffer(POPEN_INSTANCE Open); 00937 00950 VOID NPF_WriteDumpFile(PFILE_OBJECT FileObject, 00951 PLARGE_INTEGER Offset, 00952 ULONG Length, 00953 PMDL Mdl, 00954 PIO_STATUS_BLOCK IoStatusBlock); 00955 00956 00957 00963 NTSTATUS NPF_CloseDumpFile(POPEN_INSTANCE Open); 00964 00965 VOID 00966 NPF_CloseOpenInstance(POPEN_INSTANCE pOpen); 00967 00968 BOOLEAN 00969 NPF_StartUsingBinding( 00970 IN POPEN_INSTANCE pOpen); 00971 00972 VOID 00973 NPF_StopUsingBinding( 00974 IN POPEN_INSTANCE pOpen); 00975 00976 VOID 00977 NPF_CloseBinding( 00978 IN POPEN_INSTANCE pOpen); 00979 00980 NTSTATUS 00981 NPF_GetDeviceMTU( 00982 IN POPEN_INSTANCE pOpen, 00983 IN PIRP pIrp, 00984 OUT PUINT pMtu); 00985 00990 UINT GetBuffOccupation(POPEN_INSTANCE Open); 00991 01003 #ifdef NDIS50 01004 NDIS_STATUS NPF_PowerChange(IN NDIS_HANDLE ProtocolBindingContext, IN PNET_PNP_EVENT pNetPnPEvent); 01005 #endif 01006 01007 // 01008 // Old registry based WinPcap names 01009 // 01011 // \brief Helper function to query a value from the global WinPcap registry key 01012 //*/ 01013 //VOID NPF_QueryWinpcapRegistryString(PWSTR SubKeyName, 01014 // WCHAR *Value, 01015 // UINT ValueLen, 01016 // WCHAR *DefaultValue); 01017 // 01018 01019 01028 #endif /*main ifndef/define*/
documentation. Copyright (c) 2002-2005 Politecnico di Torino. Copyright (c) 2005-2006
CACE Technologies. All rights reserved.