documentation. Copyright (c) 2002-2005 Politecnico di Torino. Copyright (c) 2005-2009
CACE Technologies. All rights reserved.00001 /* 00002 * Copyright (c) 1999 - 2005 NetGroup, Politecnico di Torino (Italy) 00003 * Copyright (c) 2005 - 2007 CACE Technologies, Davis (California) 00004 * All rights reserved. 00005 * 00006 * Redistribution and use in source and binary forms, with or without 00007 * modification, are permitted provided that the following conditions 00008 * are met: 00009 * 00010 * 1. Redistributions of source code must retain the above copyright 00011 * notice, this list of conditions and the following disclaimer. 00012 * 2. Redistributions in binary form must reproduce the above copyright 00013 * notice, this list of conditions and the following disclaimer in the 00014 * documentation and/or other materials provided with the distribution. 00015 * 3. Neither the name of the Politecnico di Torino, CACE Technologies 00016 * nor the names of its contributors may be used to endorse or promote 00017 * products derived from this software without specific prior written 00018 * permission. 00019 * 00020 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 00021 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 00022 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 00023 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 00024 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 00025 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 00026 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 00027 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 00028 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 00029 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 00030 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 00031 * 00032 */ 00033 00042 #ifndef __PACKET_INCLUDE______ 00043 #define __PACKET_INCLUDE______ 00044 00045 #if !defined(NDIS30) && !defined(NDIS50) 00046 #error NDIS30 or NDIS50 should be defined 00047 #endif 00048 00049 #ifdef _X86_ 00050 #define NTKERNEL 00051 #include "jitter.h" 00052 #endif 00053 00054 #ifdef HAVE_BUGGY_TME_SUPPORT 00055 #ifndef _X86_ 00056 #error TME support is available only on x86 architectures 00057 #endif // _X86_ 00058 #endif //HAVE_BUGGY_TME_SUPPORT 00059 00060 00061 // 00062 // Needed to disable a warning due to the #pragma prefast directives, 00063 // that are ignored by the normal DDK compiler 00064 // 00065 #ifndef _PREFAST_ 00066 #pragma warning(disable:4068) 00067 #endif 00068 00069 #include "win_bpf.h" 00070 00071 #define MAX_REQUESTS 32 00072 00073 #define Packet_ALIGNMENT sizeof(int) 00074 #define Packet_WORDALIGN(x) (((x)+(Packet_ALIGNMENT-1))&~(Packet_ALIGNMENT-1)) 00075 00076 00077 #define KERNEL_EVENT_NAMESPACE L"\\BaseNamedObjects\\" 00078 00079 00080 // Working modes 00081 #define MODE_CAPT 0x0 00082 #define MODE_STAT 0x1 00083 #define MODE_MON 0x2 00084 #define MODE_DUMP 0x10 00085 00086 00087 #define IMMEDIATE 1 00088 00089 #define NDIS_FLAGS_SKIP_LOOPBACK_W2K 0x400 00090 00091 // The following definitions are used to provide compatibility 00092 // of the dump files with the ones of libpcap 00093 #define TCPDUMP_MAGIC 0xa1b2c3d4 00094 #define PCAP_VERSION_MAJOR 2 00095 #define PCAP_VERSION_MINOR 4 00096 00097 // Loopback behaviour definitions 00098 #define NPF_DISABLE_LOOPBACK 1 00099 #define NPF_ENABLE_LOOPBACK 2 00100 00101 00106 struct packet_file_header 00107 { 00108 UINT magic; 00109 USHORT version_major; 00110 USHORT version_minor; 00111 UINT thiszone; 00112 UINT sigfigs; 00113 UINT snaplen; 00114 UINT linktype; 00115 }; 00116 00121 struct sf_pkthdr { 00122 struct timeval ts; 00123 UINT caplen; 00124 00125 00126 UINT len; 00127 }; 00128 00129 // 00130 // NT4 DDK doesn't have C_ASSERT 00131 // 00132 #ifndef C_ASSERT 00133 #define C_ASSERT(a) 00134 #endif 00135 00143 typedef struct _PACKET_OID_DATA { 00144 ULONG Oid; 00145 00146 ULONG Length; 00147 UCHAR Data[1]; 00148 00149 } 00150 PACKET_OID_DATA, *PPACKET_OID_DATA; 00151 00152 C_ASSERT(sizeof(PACKET_OID_DATA) == 12); 00153 00163 typedef struct _INTERNAL_REQUEST { 00164 LIST_ENTRY ListElement; 00165 // PIRP Irp; ///< Irp that performed the request 00166 // BOOLEAN Internal; ///< True if the request is for internal use of npf.sys. False if the request is performed by the user through an IOCTL. 00167 NDIS_EVENT InternalRequestCompletedEvent; 00168 NDIS_REQUEST Request; 00169 NDIS_STATUS RequestStatus; 00170 00171 } INTERNAL_REQUEST, *PINTERNAL_REQUEST; 00172 00180 typedef struct _PACKET_RESERVED { 00181 LIST_ENTRY ListElement; 00182 PIRP Irp; 00183 PMDL pMdl; 00184 BOOLEAN FreeBufAfterWrite; 00185 00186 ULONG Cpu; 00187 } PACKET_RESERVED, *PPACKET_RESERVED; 00188 00189 #define RESERVED(_p) ((PPACKET_RESERVED)((_p)->ProtocolReserved)) 00190 00191 00196 typedef struct _DEVICE_EXTENSION { 00197 NDIS_STRING AdapterName; 00198 PWSTR ExportString; 00199 00200 } DEVICE_EXTENSION, *PDEVICE_EXTENSION; 00201 00207 typedef struct __CPU_Private_Data 00208 { 00209 ULONG P; 00210 ULONG C; 00211 ULONG Free; 00212 PUCHAR Buffer; 00213 ULONG Accepted; 00214 00215 00216 00217 ULONG Received; 00218 00219 00220 00221 ULONG Dropped; 00222 00223 00224 00225 NDIS_SPIN_LOCK BufferLock; 00226 PMDL TransferMdl1; 00227 PMDL TransferMdl2; 00228 ULONG NewP; 00229 } 00230 CpuPrivateData; 00231 00232 00240 typedef struct _OPEN_INSTANCE 00241 { 00242 PDEVICE_EXTENSION DeviceExtension; 00243 00244 NDIS_HANDLE AdapterHandle; 00245 UINT Medium; 00246 00247 NDIS_HANDLE PacketPool; 00248 KSPIN_LOCK RequestSpinLock; 00249 LIST_ENTRY RequestList; 00250 LIST_ENTRY ResetIrpList; 00251 INTERNAL_REQUEST Requests[MAX_REQUESTS]; 00252 PMDL BufferMdl; 00253 PKEVENT ReadEvent; 00254 PUCHAR bpfprogram; 00255 00256 00257 00258 00259 #ifdef _X86_ 00260 JIT_BPF_Filter *Filter; 00261 00262 #endif //_X86_ 00263 UINT MinToCopy; 00264 00265 LARGE_INTEGER TimeOut; 00266 00267 00268 int mode; 00269 LARGE_INTEGER Nbytes; 00270 LARGE_INTEGER Npackets; 00271 NDIS_SPIN_LOCK CountersLock; 00272 UINT Nwrites; 00273 00274 ULONG Multiple_Write_Counter; 00275 NDIS_EVENT WriteEvent; 00276 BOOLEAN WriteInProgress; 00277 00278 NDIS_SPIN_LOCK WriteLock; 00279 NDIS_EVENT NdisRequestEvent; 00280 BOOLEAN SkipSentPackets; 00281 NDIS_STATUS IOStatus; 00282 HANDLE DumpFileHandle; 00283 PFILE_OBJECT DumpFileObject; 00284 PKTHREAD DumpThreadObject; 00285 HANDLE DumpThreadHandle; 00286 NDIS_EVENT DumpEvent; 00287 LARGE_INTEGER DumpOffset; 00288 UNICODE_STRING DumpFileName; 00289 UINT MaxDumpBytes; 00290 00291 UINT MaxDumpPacks; 00292 00293 00294 BOOLEAN DumpLimitReached; 00295 00296 #ifdef HAVE_BUGGY_TME_SUPPORT 00297 MEM_TYPE mem_ex; 00298 TME_CORE tme; 00299 #endif //HAVE_BUGGY_TME_SUPPORT 00300 00301 NDIS_SPIN_LOCK MachineLock; 00302 UINT MaxFrameSize; 00303 00304 // 00305 // KAFFINITY is used as a bit mask for the affinity in the system. So on every supported OS is big enough for all the CPUs on the system (32 bits on x86, 64 on x64?). 00306 // We use its size to compute the max number of CPUs. 00307 // 00308 CpuPrivateData CpuData[sizeof(KAFFINITY) * 8]; 00309 ULONG ReaderSN; 00310 ULONG WriterSN; 00311 00312 ULONG Size; 00313 ULONG AdapterHandleUsageCounter; 00314 NDIS_SPIN_LOCK AdapterHandleLock; 00315 ULONG AdapterBindingStatus; 00316 00317 NDIS_EVENT NdisOpenCloseCompleteEvent; 00318 NDIS_EVENT NdisWriteCompleteEvent; 00319 NTSTATUS OpenCloseStatus; 00320 ULONG TransmitPendingPackets; 00321 } 00322 OPEN_INSTANCE, *POPEN_INSTANCE; 00323 00324 enum ADAPTER_BINDING_STATUS 00325 { 00326 ADAPTER_UNBOUND, 00327 ADAPTER_BOUND, 00328 ADAPTER_UNBINDING, 00329 }; 00330 00338 struct PacketHeader 00339 { 00340 ULONG SN; 00341 struct bpf_hdr header; 00342 }; 00343 00344 extern ULONG g_NCpu; 00345 extern NDIS_HANDLE g_NdisProtocolHandle; 00346 extern struct time_conv G_Start_Time; // from openclos.c 00347 extern UINT g_SendPacketFlags; 00348 00349 #define TRANSMIT_PACKETS 256 00350 00351 00352 00354 #define EXIT_SUCCESS(quantity) Irp->IoStatus.Information=quantity;\ 00355 Irp->IoStatus.Status = STATUS_SUCCESS;\ 00356 IoCompleteRequest(Irp, IO_NO_INCREMENT);\ 00357 return STATUS_SUCCESS;\ 00358 00360 #define EXIT_FAILURE(quantity) Irp->IoStatus.Information=quantity;\ 00361 Irp->IoStatus.Status = STATUS_UNSUCCESSFUL;\ 00362 IoCompleteRequest(Irp, IO_NO_INCREMENT);\ 00363 return STATUS_UNSUCCESSFUL;\ 00364 00365 00370 /***************************/ 00371 /* Prototypes */ 00372 /***************************/ 00373 00390 NTSTATUS 00391 DriverEntry( 00392 IN PDRIVER_OBJECT DriverObject, 00393 IN PUNICODE_STRING RegistryPath 00394 ); 00395 00405 PWCHAR getAdaptersList(VOID); 00406 00413 PKEY_VALUE_PARTIAL_INFORMATION getTcpBindings(VOID); 00414 00425 BOOLEAN NPF_CreateDevice( 00426 IN OUT PDRIVER_OBJECT adriverObjectP, 00427 IN PUNICODE_STRING amacNameP 00428 ); 00440 NTSTATUS 00441 NPF_Open( 00442 IN PDEVICE_OBJECT DeviceObject, 00443 IN PIRP Irp 00444 ); 00445 00455 VOID 00456 NPF_OpenAdapterComplete( 00457 IN NDIS_HANDLE ProtocolBindingContext, 00458 IN NDIS_STATUS Status, 00459 IN NDIS_STATUS OpenErrorStatus 00460 ); 00461 00472 NTSTATUS 00473 NPF_Cleanup( 00474 IN PDEVICE_OBJECT DeviceObject, 00475 IN PIRP Irp 00476 ); 00477 00478 NTSTATUS 00479 NPF_Close( 00480 IN PDEVICE_OBJECT DeviceObject, 00481 IN PIRP Irp 00482 ); 00483 00484 00485 00494 VOID 00495 NPF_CloseAdapterComplete( 00496 IN NDIS_HANDLE ProtocolBindingContext, 00497 IN NDIS_STATUS Status 00498 ); 00499 00522 NDIS_STATUS 00523 NPF_tap( 00524 IN NDIS_HANDLE ProtocolBindingContext, 00525 IN NDIS_HANDLE MacReceiveContext, 00526 IN PVOID HeaderBuffer, 00527 IN UINT HeaderBufferSize, 00528 IN PVOID LookAheadBuffer, 00529 IN UINT LookaheadBufferSize, 00530 IN UINT PacketSize 00531 ); 00532 00543 VOID 00544 NPF_TransferDataComplete( 00545 IN NDIS_HANDLE ProtocolBindingContext, 00546 IN PNDIS_PACKET Packet, 00547 IN NDIS_STATUS Status, 00548 IN UINT BytesTransferred 00549 ); 00550 00557 VOID 00558 NPF_ReceiveComplete(IN NDIS_HANDLE ProtocolBindingContext); 00559 00583 NTSTATUS 00584 NPF_IoControl( 00585 IN PDEVICE_OBJECT DeviceObject, 00586 IN PIRP Irp 00587 ); 00588 00589 VOID 00590 00600 NPF_RequestComplete( 00601 IN NDIS_HANDLE ProtocolBindingContext, 00602 IN PNDIS_REQUEST pRequest, 00603 IN NDIS_STATUS Status 00604 ); 00605 00618 NTSTATUS 00619 NPF_Write( 00620 IN PDEVICE_OBJECT DeviceObject, 00621 IN PIRP Irp 00622 ); 00623 00624 00644 INT NPF_BufferedWrite(IN PIRP Irp, 00645 IN PCHAR UserBuff, 00646 IN ULONG UserBuffSize, 00647 BOOLEAN sync); 00648 00656 VOID NPF_WaitEndOfBufferedWrite(POPEN_INSTANCE Open); 00657 00667 VOID 00668 NPF_SendComplete( 00669 IN NDIS_HANDLE ProtocolBindingContext, 00670 IN PNDIS_PACKET pPacket, 00671 IN NDIS_STATUS Status 00672 ); 00673 00683 VOID 00684 NPF_ResetComplete( 00685 IN NDIS_HANDLE ProtocolBindingContext, 00686 IN NDIS_STATUS Status 00687 ); 00688 00692 VOID 00693 NPF_Status( 00694 IN NDIS_HANDLE ProtocolBindingContext, 00695 IN NDIS_STATUS Status, 00696 IN PVOID StatusBuffer, 00697 IN UINT StatusBufferSize 00698 ); 00699 00700 00704 VOID 00705 NPF_StatusComplete(IN NDIS_HANDLE ProtocolBindingContext); 00706 00715 VOID 00716 NPF_Unload(IN PDRIVER_OBJECT DriverObject); 00717 00718 00737 NTSTATUS 00738 NPF_Read( 00739 IN PDEVICE_OBJECT DeviceObject, 00740 IN PIRP Irp 00741 ); 00742 00748 NTSTATUS 00749 NPF_ReadRegistry( 00750 IN PWSTR *MacDriverName, 00751 IN PWSTR *PacketDriverName, 00752 IN PUNICODE_STRING RegistryPath 00753 ); 00754 00761 NTSTATUS 00762 NPF_QueryRegistryRoutine( 00763 IN PWSTR ValueName, 00764 IN ULONG ValueType, 00765 IN PVOID ValueData, 00766 IN ULONG ValueLength, 00767 IN PVOID Context, 00768 IN PVOID EntryContext 00769 ); 00770 00776 VOID NPF_BindAdapter( 00777 OUT PNDIS_STATUS Status, 00778 IN NDIS_HANDLE BindContext, 00779 IN PNDIS_STRING DeviceName, 00780 IN PVOID SystemSpecific1, 00781 IN PVOID SystemSpecific2 00782 ); 00783 00795 VOID 00796 NPF_UnbindAdapter( 00797 OUT PNDIS_STATUS Status, 00798 IN NDIS_HANDLE ProtocolBindingContext, 00799 IN NDIS_HANDLE UnbindContext 00800 ); 00801 00802 00810 NTSTATUS NPF_OpenDumpFile(POPEN_INSTANCE Open , PUNICODE_STRING fileName, BOOLEAN append); 00811 00820 NTSTATUS NPF_StartDump(POPEN_INSTANCE Open); 00821 00829 VOID NPF_DumpThread(PVOID Open); 00830 00837 NTSTATUS NPF_SaveCurrentBuffer(POPEN_INSTANCE Open); 00838 00851 VOID NPF_WriteDumpFile(PFILE_OBJECT FileObject, 00852 PLARGE_INTEGER Offset, 00853 ULONG Length, 00854 PMDL Mdl, 00855 PIO_STATUS_BLOCK IoStatusBlock); 00856 00857 00858 00864 NTSTATUS NPF_CloseDumpFile(POPEN_INSTANCE Open); 00865 00866 VOID 00867 NPF_CloseOpenInstance(POPEN_INSTANCE pOpen); 00868 00869 BOOLEAN 00870 NPF_StartUsingBinding( 00871 IN POPEN_INSTANCE pOpen); 00872 00873 VOID 00874 NPF_StopUsingBinding( 00875 IN POPEN_INSTANCE pOpen); 00876 00877 VOID 00878 NPF_CloseBinding( 00879 IN POPEN_INSTANCE pOpen); 00880 00881 NTSTATUS 00882 NPF_GetDeviceMTU( 00883 IN POPEN_INSTANCE pOpen, 00884 IN PIRP pIrp, 00885 OUT PUINT pMtu); 00886 00891 UINT GetBuffOccupation(POPEN_INSTANCE Open); 00892 00904 #ifdef NDIS50 00905 NDIS_STATUS NPF_PowerChange(IN NDIS_HANDLE ProtocolBindingContext, IN PNET_PNP_EVENT pNetPnPEvent); 00906 #endif 00907 00908 // 00909 // Old registry based WinPcap names 00910 // 00912 // \brief Helper function to query a value from the global WinPcap registry key 00913 //*/ 00914 //VOID NPF_QueryWinpcapRegistryString(PWSTR SubKeyName, 00915 // WCHAR *Value, 00916 // UINT ValueLen, 00917 // WCHAR *DefaultValue); 00918 // 00919 00920 00929 #endif /*main ifndef/define*/
documentation. Copyright (c) 2002-2005 Politecnico di Torino. Copyright (c) 2005-2009
CACE Technologies. All rights reserved.