00001 /* 00002 * Copyright (c) 1999 - 2005 NetGroup, Politecnico di Torino (Italy) 00003 * Copyright (c) 2005 - 2007 CACE Technologies, Davis (California) 00004 * All rights reserved. 00005 * 00006 * Redistribution and use in source and binary forms, with or without 00007 * modification, are permitted provided that the following conditions 00008 * are met: 00009 * 00010 * 1. Redistributions of source code must retain the above copyright 00011 * notice, this list of conditions and the following disclaimer. 00012 * 2. Redistributions in binary form must reproduce the above copyright 00013 * notice, this list of conditions and the following disclaimer in the 00014 * documentation and/or other materials provided with the distribution. 00015 * 3. Neither the name of the Politecnico di Torino, CACE Technologies 00016 * nor the names of its contributors may be used to endorse or promote 00017 * products derived from this software without specific prior written 00018 * permission. 00019 * 00020 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 00021 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 00022 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 00023 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 00024 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 00025 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 00026 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 00027 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 00028 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 00029 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 00030 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 00031 * 00032 */ 00033 00042 #ifndef __PACKET_INCLUDE______ 00043 #define __PACKET_INCLUDE______ 00044 00045 #ifdef _X86_ 00046 #define NTKERNEL 00047 #include "jitter.h" 00048 #endif 00049 00050 #ifdef HAVE_BUGGY_TME_SUPPORT 00051 #ifndef _X86_ 00052 #error TME support is available only on x86 architectures 00053 #endif // _X86_ 00054 #endif //HAVE_BUGGY_TME_SUPPORT 00055 00056 00057 // 00058 // Needed to disable a warning due to the #pragma prefast directives, 00059 // that are ignored by the normal DDK compiler 00060 // 00061 #ifndef _PREFAST_ 00062 #pragma warning(disable:4068) 00063 #endif 00064 00065 #include "win_bpf.h" 00066 00067 #define MAX_REQUESTS 32 00068 00069 #define Packet_ALIGNMENT sizeof(int) 00070 #define Packet_WORDALIGN(x) (((x)+(Packet_ALIGNMENT-1))&~(Packet_ALIGNMENT-1)) 00071 00072 00073 #define KERNEL_EVENT_NAMESPACE L"\\BaseNamedObjects\\" 00074 00075 00076 // Working modes 00077 #define MODE_CAPT 0x0 00078 #define MODE_STAT 0x1 00079 #define MODE_MON 0x2 00080 #define MODE_DUMP 0x10 00081 00082 00083 #define IMMEDIATE 1 00084 00085 #define NDIS_FLAGS_SKIP_LOOPBACK_W2K 0x400 00086 00087 // The following definitions are used to provide compatibility 00088 // of the dump files with the ones of libpcap 00089 #define TCPDUMP_MAGIC 0xa1b2c3d4 00090 #define PCAP_VERSION_MAJOR 2 00091 #define PCAP_VERSION_MINOR 4 00092 00093 // Loopback behaviour definitions 00094 #define NPF_DISABLE_LOOPBACK 1 00095 #define NPF_ENABLE_LOOPBACK 2 00096 00097 00102 struct packet_file_header 00103 { 00104 UINT magic; 00105 USHORT version_major; 00106 USHORT version_minor; 00107 UINT thiszone; 00108 UINT sigfigs; 00109 UINT snaplen; 00110 UINT linktype; 00111 }; 00112 00117 struct sf_pkthdr { 00118 struct timeval ts; 00119 UINT caplen; 00120 00121 00122 UINT len; 00123 }; 00124 00125 // 00126 // NT4 DDK doesn't have C_ASSERT 00127 // 00128 #ifndef C_ASSERT 00129 #define C_ASSERT(a) 00130 #endif 00131 00139 typedef struct _PACKET_OID_DATA { 00140 ULONG Oid; 00141 00142 ULONG Length; 00143 UCHAR Data[1]; 00144 00145 } 00146 PACKET_OID_DATA, *PPACKET_OID_DATA; 00147 00148 C_ASSERT(sizeof(PACKET_OID_DATA) == 12); 00149 00159 typedef struct _INTERNAL_REQUEST { 00160 LIST_ENTRY ListElement; 00161 // PIRP Irp; ///< Irp that performed the request 00162 // BOOLEAN Internal; ///< True if the request is for internal use of npf.sys. False if the request is performed by the user through an IOCTL. 00163 NDIS_EVENT InternalRequestCompletedEvent; 00164 NDIS_REQUEST Request; 00165 NDIS_STATUS RequestStatus; 00166 00167 } INTERNAL_REQUEST, *PINTERNAL_REQUEST; 00168 00176 typedef struct _PACKET_RESERVED { 00177 LIST_ENTRY ListElement; 00178 PIRP Irp; 00179 PMDL pMdl; 00180 BOOLEAN FreeBufAfterWrite; 00181 00182 ULONG Cpu; 00183 } PACKET_RESERVED, *PPACKET_RESERVED; 00184 00185 #define RESERVED(_p) ((PPACKET_RESERVED)((_p)->ProtocolReserved)) 00186 00187 00192 typedef struct _DEVICE_EXTENSION { 00193 NDIS_STRING AdapterName; 00194 PWSTR ExportString; 00195 00196 } DEVICE_EXTENSION, *PDEVICE_EXTENSION; 00197 00203 typedef struct __CPU_Private_Data 00204 { 00205 ULONG P; 00206 ULONG C; 00207 ULONG Free; 00208 PUCHAR Buffer; 00209 ULONG Accepted; 00210 00211 00212 00213 ULONG Received; 00214 00215 00216 00217 ULONG Dropped; 00218 00219 00220 00221 NDIS_SPIN_LOCK BufferLock; 00222 PMDL TransferMdl1; 00223 PMDL TransferMdl2; 00224 ULONG NewP; 00225 } 00226 CpuPrivateData; 00227 00228 00236 typedef struct _OPEN_INSTANCE 00237 { 00238 PDEVICE_EXTENSION DeviceExtension; 00239 00240 NDIS_HANDLE AdapterHandle; 00241 UINT Medium; 00242 00243 NDIS_HANDLE PacketPool; 00244 KSPIN_LOCK RequestSpinLock; 00245 LIST_ENTRY RequestList; 00246 LIST_ENTRY ResetIrpList; 00247 INTERNAL_REQUEST Requests[MAX_REQUESTS]; 00248 PMDL BufferMdl; 00249 PKEVENT ReadEvent; 00250 PUCHAR bpfprogram; 00251 00252 00253 00254 00255 #ifdef _X86_ 00256 JIT_BPF_Filter *Filter; 00257 00258 #endif //_X86_ 00259 UINT MinToCopy; 00260 00261 LARGE_INTEGER TimeOut; 00262 00263 00264 int mode; 00265 LARGE_INTEGER Nbytes; 00266 LARGE_INTEGER Npackets; 00267 NDIS_SPIN_LOCK CountersLock; 00268 UINT Nwrites; 00269 00270 ULONG Multiple_Write_Counter; 00271 NDIS_EVENT WriteEvent; 00272 BOOLEAN WriteInProgress; 00273 00274 NDIS_SPIN_LOCK WriteLock; 00275 NDIS_EVENT NdisRequestEvent; 00276 BOOLEAN SkipSentPackets; 00277 NDIS_STATUS IOStatus; 00278 HANDLE DumpFileHandle; 00279 PFILE_OBJECT DumpFileObject; 00280 PKTHREAD DumpThreadObject; 00281 HANDLE DumpThreadHandle; 00282 NDIS_EVENT DumpEvent; 00283 LARGE_INTEGER DumpOffset; 00284 UNICODE_STRING DumpFileName; 00285 UINT MaxDumpBytes; 00286 00287 UINT MaxDumpPacks; 00288 00289 00290 BOOLEAN DumpLimitReached; 00291 00292 #ifdef HAVE_BUGGY_TME_SUPPORT 00293 MEM_TYPE mem_ex; 00294 TME_CORE tme; 00295 #endif //HAVE_BUGGY_TME_SUPPORT 00296 00297 NDIS_SPIN_LOCK MachineLock; 00298 UINT MaxFrameSize; 00299 00300 // 00301 // KAFFINITY is used as a bit mask for the affinity in the system. So on every supported OS is big enough for all the CPUs on the system (32 bits on x86, 64 on x64?). 00302 // We use its size to compute the max number of CPUs. 00303 // 00304 CpuPrivateData CpuData[sizeof(KAFFINITY) * 8]; 00305 ULONG ReaderSN; 00306 ULONG WriterSN; 00307 00308 ULONG Size; 00309 ULONG AdapterHandleUsageCounter; 00310 NDIS_SPIN_LOCK AdapterHandleLock; 00311 ULONG AdapterBindingStatus; 00312 00313 NDIS_EVENT NdisOpenCloseCompleteEvent; 00314 NDIS_EVENT NdisWriteCompleteEvent; 00315 NTSTATUS OpenCloseStatus; 00316 ULONG TransmitPendingPackets; 00317 } 00318 OPEN_INSTANCE, *POPEN_INSTANCE; 00319 00320 enum ADAPTER_BINDING_STATUS 00321 { 00322 ADAPTER_UNBOUND, 00323 ADAPTER_BOUND, 00324 ADAPTER_UNBINDING, 00325 }; 00326 00334 struct PacketHeader 00335 { 00336 ULONG SN; 00337 struct bpf_hdr header; 00338 }; 00339 00340 extern ULONG g_NCpu; 00341 extern NDIS_HANDLE g_NdisProtocolHandle; 00342 extern struct time_conv G_Start_Time; // from openclos.c 00343 extern UINT g_SendPacketFlags; 00344 00345 #define TRANSMIT_PACKETS 256 00346 00347 00348 00350 #define EXIT_SUCCESS(quantity) Irp->IoStatus.Information=quantity;\ 00351 Irp->IoStatus.Status = STATUS_SUCCESS;\ 00352 IoCompleteRequest(Irp, IO_NO_INCREMENT);\ 00353 return STATUS_SUCCESS;\ 00354 00356 #define EXIT_FAILURE(quantity) Irp->IoStatus.Information=quantity;\ 00357 Irp->IoStatus.Status = STATUS_UNSUCCESSFUL;\ 00358 IoCompleteRequest(Irp, IO_NO_INCREMENT);\ 00359 return STATUS_UNSUCCESSFUL;\ 00360 00361 00366 /***************************/ 00367 /* Prototypes */ 00368 /***************************/ 00369 00386 NTSTATUS 00387 DriverEntry( 00388 IN PDRIVER_OBJECT DriverObject, 00389 IN PUNICODE_STRING RegistryPath 00390 ); 00391 00401 PWCHAR getAdaptersList(VOID); 00402 00409 PKEY_VALUE_PARTIAL_INFORMATION getTcpBindings(VOID); 00410 00421 BOOLEAN NPF_CreateDevice( 00422 IN OUT PDRIVER_OBJECT adriverObjectP, 00423 IN PUNICODE_STRING amacNameP 00424 ); 00436 NTSTATUS 00437 NPF_Open( 00438 IN PDEVICE_OBJECT DeviceObject, 00439 IN PIRP Irp 00440 ); 00441 00451 VOID 00452 NPF_OpenAdapterComplete( 00453 IN NDIS_HANDLE ProtocolBindingContext, 00454 IN NDIS_STATUS Status, 00455 IN NDIS_STATUS OpenErrorStatus 00456 ); 00457 00468 NTSTATUS 00469 NPF_Cleanup( 00470 IN PDEVICE_OBJECT DeviceObject, 00471 IN PIRP Irp 00472 ); 00473 00474 NTSTATUS 00475 NPF_Close( 00476 IN PDEVICE_OBJECT DeviceObject, 00477 IN PIRP Irp 00478 ); 00479 00480 00481 00490 VOID 00491 NPF_CloseAdapterComplete( 00492 IN NDIS_HANDLE ProtocolBindingContext, 00493 IN NDIS_STATUS Status 00494 ); 00495 00518 NDIS_STATUS 00519 NPF_tap( 00520 IN NDIS_HANDLE ProtocolBindingContext, 00521 IN NDIS_HANDLE MacReceiveContext, 00522 IN PVOID HeaderBuffer, 00523 IN UINT HeaderBufferSize, 00524 IN PVOID LookAheadBuffer, 00525 IN UINT LookaheadBufferSize, 00526 IN UINT PacketSize 00527 ); 00528 00539 VOID 00540 NPF_TransferDataComplete( 00541 IN NDIS_HANDLE ProtocolBindingContext, 00542 IN PNDIS_PACKET Packet, 00543 IN NDIS_STATUS Status, 00544 IN UINT BytesTransferred 00545 ); 00546 00553 VOID 00554 NPF_ReceiveComplete(IN NDIS_HANDLE ProtocolBindingContext); 00555 00579 NTSTATUS 00580 NPF_IoControl( 00581 IN PDEVICE_OBJECT DeviceObject, 00582 IN PIRP Irp 00583 ); 00584 00585 VOID 00586 00596 NPF_RequestComplete( 00597 IN NDIS_HANDLE ProtocolBindingContext, 00598 IN PNDIS_REQUEST pRequest, 00599 IN NDIS_STATUS Status 00600 ); 00601 00614 NTSTATUS 00615 NPF_Write( 00616 IN PDEVICE_OBJECT DeviceObject, 00617 IN PIRP Irp 00618 ); 00619 00620 00640 INT NPF_BufferedWrite(IN PIRP Irp, 00641 IN PCHAR UserBuff, 00642 IN ULONG UserBuffSize, 00643 BOOLEAN sync); 00644 00652 VOID NPF_WaitEndOfBufferedWrite(POPEN_INSTANCE Open); 00653 00663 VOID 00664 NPF_SendComplete( 00665 IN NDIS_HANDLE ProtocolBindingContext, 00666 IN PNDIS_PACKET pPacket, 00667 IN NDIS_STATUS Status 00668 ); 00669 00679 VOID 00680 NPF_ResetComplete( 00681 IN NDIS_HANDLE ProtocolBindingContext, 00682 IN NDIS_STATUS Status 00683 ); 00684 00688 VOID 00689 NPF_Status( 00690 IN NDIS_HANDLE ProtocolBindingContext, 00691 IN NDIS_STATUS Status, 00692 IN PVOID StatusBuffer, 00693 IN UINT StatusBufferSize 00694 ); 00695 00696 00700 VOID 00701 NPF_StatusComplete(IN NDIS_HANDLE ProtocolBindingContext); 00702 00711 VOID 00712 NPF_Unload(IN PDRIVER_OBJECT DriverObject); 00713 00714 00733 NTSTATUS 00734 NPF_Read( 00735 IN PDEVICE_OBJECT DeviceObject, 00736 IN PIRP Irp 00737 ); 00738 00744 NTSTATUS 00745 NPF_ReadRegistry( 00746 IN PWSTR *MacDriverName, 00747 IN PWSTR *PacketDriverName, 00748 IN PUNICODE_STRING RegistryPath 00749 ); 00750 00757 NTSTATUS 00758 NPF_QueryRegistryRoutine( 00759 IN PWSTR ValueName, 00760 IN ULONG ValueType, 00761 IN PVOID ValueData, 00762 IN ULONG ValueLength, 00763 IN PVOID Context, 00764 IN PVOID EntryContext 00765 ); 00766 00772 VOID NPF_BindAdapter( 00773 OUT PNDIS_STATUS Status, 00774 IN NDIS_HANDLE BindContext, 00775 IN PNDIS_STRING DeviceName, 00776 IN PVOID SystemSpecific1, 00777 IN PVOID SystemSpecific2 00778 ); 00779 00791 VOID 00792 NPF_UnbindAdapter( 00793 OUT PNDIS_STATUS Status, 00794 IN NDIS_HANDLE ProtocolBindingContext, 00795 IN NDIS_HANDLE UnbindContext 00796 ); 00797 00798 00806 NTSTATUS NPF_OpenDumpFile(POPEN_INSTANCE Open , PUNICODE_STRING fileName, BOOLEAN append); 00807 00816 NTSTATUS NPF_StartDump(POPEN_INSTANCE Open); 00817 00825 VOID NPF_DumpThread(PVOID Open); 00826 00833 NTSTATUS NPF_SaveCurrentBuffer(POPEN_INSTANCE Open); 00834 00847 VOID NPF_WriteDumpFile(PFILE_OBJECT FileObject, 00848 PLARGE_INTEGER Offset, 00849 ULONG Length, 00850 PMDL Mdl, 00851 PIO_STATUS_BLOCK IoStatusBlock); 00852 00853 00854 00860 NTSTATUS NPF_CloseDumpFile(POPEN_INSTANCE Open); 00861 00862 VOID 00863 NPF_CloseOpenInstance(POPEN_INSTANCE pOpen); 00864 00865 BOOLEAN 00866 NPF_StartUsingBinding( 00867 IN POPEN_INSTANCE pOpen); 00868 00869 VOID 00870 NPF_StopUsingBinding( 00871 IN POPEN_INSTANCE pOpen); 00872 00873 VOID 00874 NPF_CloseBinding( 00875 IN POPEN_INSTANCE pOpen); 00876 00877 NTSTATUS 00878 NPF_GetDeviceMTU( 00879 IN POPEN_INSTANCE pOpen, 00880 IN PIRP pIrp, 00881 OUT PUINT pMtu); 00882 00887 UINT GetBuffOccupation(POPEN_INSTANCE Open); 00888 00900 #ifdef NDIS50 00901 NDIS_STATUS NPF_PowerChange(IN NDIS_HANDLE ProtocolBindingContext, IN PNET_PNP_EVENT pNetPnPEvent); 00902 #endif 00903 00904 // 00905 // Old registry based WinPcap names 00906 // 00908 // \brief Helper function to query a value from the global WinPcap registry key 00909 //*/ 00910 //VOID NPF_QueryWinpcapRegistryString(PWSTR SubKeyName, 00911 // WCHAR *Value, 00912 // UINT ValueLen, 00913 // WCHAR *DefaultValue); 00914 // 00915 00916 00925 #endif /*main ifndef/define*/
documentation. Copyright (c) 2002-2005 Politecnico di Torino. Copyright (c) 2005-2008 CACE Technologies. All rights reserved.