documentation. Copyright (c) 2002-2005 Politecnico di Torino. Copyright (c) 2005-2007
CACE Technologies. All rights reserved.00001 /* 00002 * Copyright (c) 1999 - 2005 NetGroup, Politecnico di Torino (Italy) 00003 * Copyright (c) 2005 - 2006 CACE Technologies, Davis (California) 00004 * All rights reserved. 00005 * 00006 * Redistribution and use in source and binary forms, with or without 00007 * modification, are permitted provided that the following conditions 00008 * are met: 00009 * 00010 * 1. Redistributions of source code must retain the above copyright 00011 * notice, this list of conditions and the following disclaimer. 00012 * 2. Redistributions in binary form must reproduce the above copyright 00013 * notice, this list of conditions and the following disclaimer in the 00014 * documentation and/or other materials provided with the distribution. 00015 * 3. Neither the name of the Politecnico di Torino, CACE Technologies 00016 * nor the names of its contributors may be used to endorse or promote 00017 * products derived from this software without specific prior written 00018 * permission. 00019 * 00020 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 00021 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 00022 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 00023 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 00024 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 00025 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 00026 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 00027 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 00028 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 00029 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 00030 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 00031 * 00032 */ 00033 00042 #ifndef __PACKET_INCLUDE______ 00043 #define __PACKET_INCLUDE______ 00044 00045 #ifdef _X86_ 00046 #define NTKERNEL 00047 #include "jitter.h" 00048 #endif 00049 00050 #ifdef HAVE_BUGGY_TME_SUPPORT 00051 #ifndef _X86_ 00052 #error TME support is available only on x86 architectures 00053 #endif // _X86_ 00054 #endif //HAVE_BUGGY_TME_SUPPORT 00055 00056 00057 // 00058 // Needed to disable a warning due to the #pragma prefast directives, 00059 // that are ignored by the normal DDK compiler 00060 // 00061 #ifndef _PREFAST_ 00062 #pragma warning(disable:4068) 00063 #endif 00064 00065 #include "win_bpf.h" 00066 00067 #define MAX_REQUESTS 32 00068 00069 #define Packet_ALIGNMENT sizeof(int) 00070 #define Packet_WORDALIGN(x) (((x)+(Packet_ALIGNMENT-1))&~(Packet_ALIGNMENT-1)) 00071 00072 00073 #define KERNEL_EVENT_NAMESPACE L"\\BaseNamedObjects\\" 00074 00075 /***************************/ 00076 /* IOCTLs */ 00077 /***************************/ 00078 00087 #define BIOCSETBUFFERSIZE 9592 00088 00099 #define BIOCSETF 9030 00100 00107 #define BIOCGSTATS 9031 00108 00114 #define BIOCSRTIMEOUT 7416 00115 00123 #define BIOCSMODE 7412 00124 00131 #define BIOCSWRITEREP 7413 00132 00138 #define BIOCSMINTOCOPY 7414 00139 00145 #define BIOCSETOID 2147483648 00146 00152 #define BIOCQUERYOID 2147483652 00153 00161 #define BIOCSETDUMPFILENAME 9029 00162 00169 #define BIOCGEVNAME 7415 00170 00178 #define BIOCSENDPACKETSNOSYNC 9032 00179 00188 #define BIOCSENDPACKETSSYNC 9033 00189 00196 #define BIOCSETDUMPLIMITS 9034 00197 00204 #define BIOCISDUMPENDED 7411 00205 00211 #define BIOCISETLOBBEH 7410 00212 00222 #define BIOCSETEVENTHANDLE 7920 00223 00224 // Working modes 00225 #define MODE_CAPT 0x0 00226 #define MODE_STAT 0x1 00227 #define MODE_MON 0x2 00228 #define MODE_DUMP 0x10 00229 00230 00231 #define IMMEDIATE 1 00232 00233 #define NDIS_FLAGS_SKIP_LOOPBACK_W2K 0x400 00234 00235 // The following definitions are used to provide compatibility 00236 // of the dump files with the ones of libpcap 00237 #define TCPDUMP_MAGIC 0xa1b2c3d4 00238 #define PCAP_VERSION_MAJOR 2 00239 #define PCAP_VERSION_MINOR 4 00240 00241 // Loopback behaviour definitions 00242 #define NPF_DISABLE_LOOPBACK 1 00243 #define NPF_ENABLE_LOOPBACK 2 00244 00245 00250 struct packet_file_header 00251 { 00252 UINT magic; 00253 USHORT version_major; 00254 USHORT version_minor; 00255 UINT thiszone; 00256 UINT sigfigs; 00257 UINT snaplen; 00258 UINT linktype; 00259 }; 00260 00265 struct sf_pkthdr { 00266 struct timeval ts; 00267 UINT caplen; 00268 00269 00270 UINT len; 00271 }; 00272 00282 typedef struct _INTERNAL_REQUEST { 00283 LIST_ENTRY ListElement; 00284 // PIRP Irp; ///< Irp that performed the request 00285 // BOOLEAN Internal; ///< True if the request is for internal use of npf.sys. False if the request is performed by the user through an IOCTL. 00286 NDIS_EVENT InternalRequestCompletedEvent; 00287 NDIS_REQUEST Request; 00288 NDIS_STATUS RequestStatus; 00289 00290 } INTERNAL_REQUEST, *PINTERNAL_REQUEST; 00291 00299 typedef struct _PACKET_RESERVED { 00300 LIST_ENTRY ListElement; 00301 PIRP Irp; 00302 PMDL pMdl; 00303 BOOLEAN FreeBufAfterWrite; 00304 00305 ULONG Cpu; 00306 } PACKET_RESERVED, *PPACKET_RESERVED; 00307 00308 #define RESERVED(_p) ((PPACKET_RESERVED)((_p)->ProtocolReserved)) 00309 00310 00315 typedef struct _DEVICE_EXTENSION { 00316 NDIS_HANDLE NdisProtocolHandle; 00317 NDIS_STRING AdapterName; 00318 PWSTR ExportString; 00319 00320 } DEVICE_EXTENSION, *PDEVICE_EXTENSION; 00321 00327 typedef struct __CPU_Private_Data 00328 { 00329 ULONG P; 00330 ULONG C; 00331 ULONG Free; 00332 PUCHAR Buffer; 00333 ULONG Accepted; 00334 00335 00336 00337 ULONG Received; 00338 00339 00340 00341 ULONG Dropped; 00342 00343 00344 00345 NDIS_SPIN_LOCK BufferLock; 00346 PMDL TransferMdl1; 00347 PMDL TransferMdl2; 00348 ULONG NewP; 00349 } 00350 CpuPrivateData; 00351 00352 00360 typedef struct _OPEN_INSTANCE 00361 { 00362 PDEVICE_EXTENSION DeviceExtension; 00363 00364 NDIS_HANDLE AdapterHandle; 00365 UINT Medium; 00366 00367 NDIS_HANDLE PacketPool; 00368 KSPIN_LOCK RequestSpinLock; 00369 LIST_ENTRY RequestList; 00370 LIST_ENTRY ResetIrpList; 00371 INTERNAL_REQUEST Requests[MAX_REQUESTS]; 00372 PMDL BufferMdl; 00373 PKEVENT ReadEvent; 00374 PUCHAR bpfprogram; 00375 00376 00377 00378 00379 #ifdef _X86_ 00380 JIT_BPF_Filter *Filter; 00381 00382 #endif //_X86_ 00383 UINT MinToCopy; 00384 00385 LARGE_INTEGER TimeOut; 00386 00387 00388 int mode; 00389 LARGE_INTEGER Nbytes; 00390 LARGE_INTEGER Npackets; 00391 NDIS_SPIN_LOCK CountersLock; 00392 UINT Nwrites; 00393 00394 ULONG Multiple_Write_Counter; 00395 NDIS_EVENT WriteEvent; 00396 BOOLEAN WriteInProgress; 00397 00398 NDIS_SPIN_LOCK WriteLock; 00399 NDIS_EVENT NdisRequestEvent; 00400 BOOLEAN SkipSentPackets; 00401 NDIS_STATUS IOStatus; 00402 HANDLE DumpFileHandle; 00403 PFILE_OBJECT DumpFileObject; 00404 PKTHREAD DumpThreadObject; 00405 HANDLE DumpThreadHandle; 00406 NDIS_EVENT DumpEvent; 00407 LARGE_INTEGER DumpOffset; 00408 UNICODE_STRING DumpFileName; 00409 UINT MaxDumpBytes; 00410 00411 UINT MaxDumpPacks; 00412 00413 00414 BOOLEAN DumpLimitReached; 00415 00416 MEM_TYPE mem_ex; 00417 TME_CORE tme; 00418 NDIS_SPIN_LOCK MachineLock; 00419 UINT MaxFrameSize; 00420 00421 CpuPrivateData CpuData[32]; 00422 ULONG ReaderSN; 00423 ULONG WriterSN; 00424 00425 ULONG Size; 00426 ULONG AdapterHandleUsageCounter; 00427 NDIS_SPIN_LOCK AdapterHandleLock; 00428 ULONG AdapterBindingStatus; 00429 00430 NDIS_EVENT NdisOpenCloseCompleteEvent; 00431 NDIS_EVENT NdisWriteCompleteEvent; 00432 NTSTATUS OpenCloseStatus; 00433 ULONG TransmitPendingPackets; 00434 } 00435 OPEN_INSTANCE, *POPEN_INSTANCE; 00436 00437 enum ADAPTER_BINDING_STATUS 00438 { 00439 ADAPTER_UNBOUND, 00440 ADAPTER_BOUND, 00441 ADAPTER_UNBINDING, 00442 }; 00443 00451 struct PacketHeader 00452 { 00453 ULONG SN; 00454 struct bpf_hdr header; 00455 }; 00456 00457 extern ULONG NCpu; 00458 00459 00460 #define TRANSMIT_PACKETS 256 00461 00462 00463 00465 #define EXIT_SUCCESS(quantity) Irp->IoStatus.Information=quantity;\ 00466 Irp->IoStatus.Status = STATUS_SUCCESS;\ 00467 IoCompleteRequest(Irp, IO_NO_INCREMENT);\ 00468 return STATUS_SUCCESS;\ 00469 00471 #define EXIT_FAILURE(quantity) Irp->IoStatus.Information=quantity;\ 00472 Irp->IoStatus.Status = STATUS_UNSUCCESSFUL;\ 00473 IoCompleteRequest(Irp, IO_NO_INCREMENT);\ 00474 return STATUS_UNSUCCESSFUL;\ 00475 00476 00481 /***************************/ 00482 /* Prototypes */ 00483 /***************************/ 00484 00501 NTSTATUS 00502 DriverEntry( 00503 IN PDRIVER_OBJECT DriverObject, 00504 IN PUNICODE_STRING RegistryPath 00505 ); 00506 00516 PWCHAR getAdaptersList(VOID); 00517 00524 PKEY_VALUE_PARTIAL_INFORMATION getTcpBindings(VOID); 00525 00537 BOOLEAN createDevice( 00538 IN OUT PDRIVER_OBJECT adriverObjectP, 00539 IN PUNICODE_STRING amacNameP, 00540 NDIS_HANDLE aProtoHandle); 00541 00553 NTSTATUS 00554 NPF_Open( 00555 IN PDEVICE_OBJECT DeviceObject, 00556 IN PIRP Irp 00557 ); 00558 00568 VOID 00569 NPF_OpenAdapterComplete( 00570 IN NDIS_HANDLE ProtocolBindingContext, 00571 IN NDIS_STATUS Status, 00572 IN NDIS_STATUS OpenErrorStatus 00573 ); 00574 00585 NTSTATUS 00586 NPF_Cleanup( 00587 IN PDEVICE_OBJECT DeviceObject, 00588 IN PIRP Irp 00589 ); 00590 00591 NTSTATUS 00592 NPF_Close( 00593 IN PDEVICE_OBJECT DeviceObject, 00594 IN PIRP Irp 00595 ); 00596 00597 00598 00607 VOID 00608 NPF_CloseAdapterComplete( 00609 IN NDIS_HANDLE ProtocolBindingContext, 00610 IN NDIS_STATUS Status 00611 ); 00612 00635 NDIS_STATUS 00636 NPF_tap( 00637 IN NDIS_HANDLE ProtocolBindingContext, 00638 IN NDIS_HANDLE MacReceiveContext, 00639 IN PVOID HeaderBuffer, 00640 IN UINT HeaderBufferSize, 00641 IN PVOID LookAheadBuffer, 00642 IN UINT LookaheadBufferSize, 00643 IN UINT PacketSize 00644 ); 00645 00656 VOID 00657 NPF_TransferDataComplete( 00658 IN NDIS_HANDLE ProtocolBindingContext, 00659 IN PNDIS_PACKET Packet, 00660 IN NDIS_STATUS Status, 00661 IN UINT BytesTransferred 00662 ); 00663 00670 VOID 00671 NPF_ReceiveComplete(IN NDIS_HANDLE ProtocolBindingContext); 00672 00696 NTSTATUS 00697 NPF_IoControl( 00698 IN PDEVICE_OBJECT DeviceObject, 00699 IN PIRP Irp 00700 ); 00701 00702 VOID 00703 00713 NPF_RequestComplete( 00714 IN NDIS_HANDLE ProtocolBindingContext, 00715 IN PNDIS_REQUEST pRequest, 00716 IN NDIS_STATUS Status 00717 ); 00718 00731 NTSTATUS 00732 NPF_Write( 00733 IN PDEVICE_OBJECT DeviceObject, 00734 IN PIRP Irp 00735 ); 00736 00737 00757 INT NPF_BufferedWrite(IN PIRP Irp, 00758 IN PCHAR UserBuff, 00759 IN ULONG UserBuffSize, 00760 BOOLEAN sync); 00761 00769 VOID NPF_WaitEndOfBufferedWrite(POPEN_INSTANCE Open); 00770 00780 VOID 00781 NPF_SendComplete( 00782 IN NDIS_HANDLE ProtocolBindingContext, 00783 IN PNDIS_PACKET pPacket, 00784 IN NDIS_STATUS Status 00785 ); 00786 00796 VOID 00797 NPF_ResetComplete( 00798 IN NDIS_HANDLE ProtocolBindingContext, 00799 IN NDIS_STATUS Status 00800 ); 00801 00805 VOID 00806 NPF_Status( 00807 IN NDIS_HANDLE ProtocolBindingContext, 00808 IN NDIS_STATUS Status, 00809 IN PVOID StatusBuffer, 00810 IN UINT StatusBufferSize 00811 ); 00812 00813 00817 VOID 00818 NPF_StatusComplete(IN NDIS_HANDLE ProtocolBindingContext); 00819 00828 VOID 00829 NPF_Unload(IN PDRIVER_OBJECT DriverObject); 00830 00831 00850 NTSTATUS 00851 NPF_Read( 00852 IN PDEVICE_OBJECT DeviceObject, 00853 IN PIRP Irp 00854 ); 00855 00861 NTSTATUS 00862 NPF_ReadRegistry( 00863 IN PWSTR *MacDriverName, 00864 IN PWSTR *PacketDriverName, 00865 IN PUNICODE_STRING RegistryPath 00866 ); 00867 00874 NTSTATUS 00875 NPF_QueryRegistryRoutine( 00876 IN PWSTR ValueName, 00877 IN ULONG ValueType, 00878 IN PVOID ValueData, 00879 IN ULONG ValueLength, 00880 IN PVOID Context, 00881 IN PVOID EntryContext 00882 ); 00883 00889 VOID NPF_BindAdapter( 00890 OUT PNDIS_STATUS Status, 00891 IN NDIS_HANDLE BindContext, 00892 IN PNDIS_STRING DeviceName, 00893 IN PVOID SystemSpecific1, 00894 IN PVOID SystemSpecific2 00895 ); 00896 00908 VOID 00909 NPF_UnbindAdapter( 00910 OUT PNDIS_STATUS Status, 00911 IN NDIS_HANDLE ProtocolBindingContext, 00912 IN NDIS_HANDLE UnbindContext 00913 ); 00914 00915 00923 NTSTATUS NPF_OpenDumpFile(POPEN_INSTANCE Open , PUNICODE_STRING fileName, BOOLEAN append); 00924 00933 NTSTATUS NPF_StartDump(POPEN_INSTANCE Open); 00934 00942 VOID NPF_DumpThread(PVOID Open); 00943 00950 NTSTATUS NPF_SaveCurrentBuffer(POPEN_INSTANCE Open); 00951 00964 VOID NPF_WriteDumpFile(PFILE_OBJECT FileObject, 00965 PLARGE_INTEGER Offset, 00966 ULONG Length, 00967 PMDL Mdl, 00968 PIO_STATUS_BLOCK IoStatusBlock); 00969 00970 00971 00977 NTSTATUS NPF_CloseDumpFile(POPEN_INSTANCE Open); 00978 00979 VOID 00980 NPF_CloseOpenInstance(POPEN_INSTANCE pOpen); 00981 00982 BOOLEAN 00983 NPF_StartUsingBinding( 00984 IN POPEN_INSTANCE pOpen); 00985 00986 VOID 00987 NPF_StopUsingBinding( 00988 IN POPEN_INSTANCE pOpen); 00989 00990 VOID 00991 NPF_CloseBinding( 00992 IN POPEN_INSTANCE pOpen); 00993 00994 NTSTATUS 00995 NPF_GetDeviceMTU( 00996 IN POPEN_INSTANCE pOpen, 00997 IN PIRP pIrp, 00998 OUT PUINT pMtu); 00999 01004 UINT GetBuffOccupation(POPEN_INSTANCE Open); 01005 01017 #ifdef NDIS50 01018 NDIS_STATUS NPF_PowerChange(IN NDIS_HANDLE ProtocolBindingContext, IN PNET_PNP_EVENT pNetPnPEvent); 01019 #endif 01020 01021 // 01022 // Old registry based WinPcap names 01023 // 01025 // \brief Helper function to query a value from the global WinPcap registry key 01026 //*/ 01027 //VOID NPF_QueryWinpcapRegistryString(PWSTR SubKeyName, 01028 // WCHAR *Value, 01029 // UINT ValueLen, 01030 // WCHAR *DefaultValue); 01031 // 01032 01033 01042 #endif /*main ifndef/define*/
documentation. Copyright (c) 2002-2005 Politecnico di Torino. Copyright (c) 2005-2007
CACE Technologies. All rights reserved.