00001 /* 00002 * Copyright (c) 1999 - 2005 NetGroup, Politecnico di Torino (Italy) 00003 * Copyright (c) 2005 - 2006 CACE Technologies, Davis (California) 00004 * All rights reserved. 00005 * 00006 * Redistribution and use in source and binary forms, with or without 00007 * modification, are permitted provided that the following conditions 00008 * are met: 00009 * 00010 * 1. Redistributions of source code must retain the above copyright 00011 * notice, this list of conditions and the following disclaimer. 00012 * 2. Redistributions in binary form must reproduce the above copyright 00013 * notice, this list of conditions and the following disclaimer in the 00014 * documentation and/or other materials provided with the distribution. 00015 * 3. Neither the name of the Politecnico di Torino, CACE Technologies 00016 * nor the names of its contributors may be used to endorse or promote 00017 * products derived from this software without specific prior written 00018 * permission. 00019 * 00020 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 00021 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 00022 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 00023 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 00024 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 00025 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 00026 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 00027 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 00028 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 00029 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 00030 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 00031 * 00032 */ 00033 00042 #ifndef __PACKET_INCLUDE______ 00043 #define __PACKET_INCLUDE______ 00044 00045 #ifdef __NPF_x86__ 00046 #define NTKERNEL 00047 #include "jitter.h" 00048 #endif 00049 00050 00051 #include "win_bpf.h" 00052 00053 #define MAX_REQUESTS 32 00054 00055 #define Packet_ALIGNMENT sizeof(int) 00056 #define Packet_WORDALIGN(x) (((x)+(Packet_ALIGNMENT-1))&~(Packet_ALIGNMENT-1)) 00057 00058 00059 #define KERNEL_EVENT_NAMESPACE L"\\BaseNamedObjects\\" 00060 00061 /***************************/ 00062 /* IOCTLs */ 00063 /***************************/ 00064 00073 #define BIOCSETBUFFERSIZE 9592 00074 00085 #define BIOCSETF 9030 00086 00093 #define BIOCGSTATS 9031 00094 00100 #define BIOCSRTIMEOUT 7416 00101 00109 #define BIOCSMODE 7412 00110 00117 #define BIOCSWRITEREP 7413 00118 00124 #define BIOCSMINTOCOPY 7414 00125 00131 #define BIOCSETOID 2147483648 00132 00138 #define BIOCQUERYOID 2147483652 00139 00147 #define BIOCSETDUMPFILENAME 9029 00148 00155 #define BIOCGEVNAME 7415 00156 00164 #define BIOCSENDPACKETSNOSYNC 9032 00165 00174 #define BIOCSENDPACKETSSYNC 9033 00175 00182 #define BIOCSETDUMPLIMITS 9034 00183 00190 #define BIOCISDUMPENDED 7411 00191 00197 #define BIOCISETLOBBEH 7410 00198 00208 #define BIOCSETEVENTHANDLE 7920 00209 00210 // Working modes 00211 #define MODE_CAPT 0x0 00212 #define MODE_STAT 0x1 00213 #define MODE_MON 0x2 00214 #define MODE_DUMP 0x10 00215 00216 00217 #define IMMEDIATE 1 00218 00219 #define NDIS_FLAGS_SKIP_LOOPBACK_W2K 0x400 00220 00221 // The following definitions are used to provide compatibility 00222 // of the dump files with the ones of libpcap 00223 #define TCPDUMP_MAGIC 0xa1b2c3d4 00224 #define PCAP_VERSION_MAJOR 2 00225 #define PCAP_VERSION_MINOR 4 00226 00227 // Loopback behaviour definitions 00228 #define NPF_DISABLE_LOOPBACK 1 00229 #define NPF_ENABLE_LOOPBACK 2 00230 00231 00236 struct packet_file_header 00237 { 00238 UINT magic; 00239 USHORT version_major; 00240 USHORT version_minor; 00241 UINT thiszone; 00242 UINT sigfigs; 00243 UINT snaplen; 00244 UINT linktype; 00245 }; 00246 00251 struct sf_pkthdr { 00252 struct timeval ts; 00253 UINT caplen; 00254 00255 00256 UINT len; 00257 }; 00258 00268 typedef struct _INTERNAL_REQUEST { 00269 LIST_ENTRY ListElement; 00270 // PIRP Irp; ///< Irp that performed the request 00271 // BOOLEAN Internal; ///< True if the request is for internal use of npf.sys. False if the request is performed by the user through an IOCTL. 00272 NDIS_EVENT InternalRequestCompletedEvent; 00273 NDIS_REQUEST Request; 00274 NDIS_STATUS RequestStatus; 00275 00276 } INTERNAL_REQUEST, *PINTERNAL_REQUEST; 00277 00285 typedef struct _PACKET_RESERVED { 00286 LIST_ENTRY ListElement; 00287 PIRP Irp; 00288 PMDL pMdl; 00289 BOOLEAN FreeBufAfterWrite; 00290 00291 ULONG Cpu; 00292 } PACKET_RESERVED, *PPACKET_RESERVED; 00293 00294 #define RESERVED(_p) ((PPACKET_RESERVED)((_p)->ProtocolReserved)) 00295 00296 00301 typedef struct _DEVICE_EXTENSION { 00302 NDIS_HANDLE NdisProtocolHandle; 00303 NDIS_STRING AdapterName; 00304 PWSTR ExportString; 00305 00306 } DEVICE_EXTENSION, *PDEVICE_EXTENSION; 00307 00313 typedef struct __CPU_Private_Data 00314 { 00315 ULONG P; 00316 ULONG C; 00317 ULONG Free; 00318 PUCHAR Buffer; 00319 ULONG Accepted; 00320 00321 00322 00323 ULONG Received; 00324 00325 00326 00327 ULONG Dropped; 00328 00329 00330 00331 volatile ULONG Processing; 00332 PMDL TransferMdl1; 00333 PMDL TransferMdl2; 00334 ULONG NewP; 00335 } 00336 CpuPrivateData; 00337 00338 00346 typedef struct _OPEN_INSTANCE 00347 { 00348 PDEVICE_EXTENSION DeviceExtension; 00349 00350 NDIS_HANDLE AdapterHandle; 00351 UINT Medium; 00352 00353 NDIS_HANDLE PacketPool; 00354 KSPIN_LOCK RequestSpinLock; 00355 LIST_ENTRY RequestList; 00356 LIST_ENTRY ResetIrpList; 00357 INTERNAL_REQUEST Requests[MAX_REQUESTS]; 00358 PMDL BufferMdl; 00359 PKEVENT ReadEvent; 00360 PUCHAR bpfprogram; 00361 00362 00363 00364 00365 #ifdef __NPF_x86__ 00366 JIT_BPF_Filter *Filter; 00367 00368 #endif 00369 UINT MinToCopy; 00370 00371 LARGE_INTEGER TimeOut; 00372 00373 00374 int mode; 00375 LARGE_INTEGER Nbytes; 00376 LARGE_INTEGER Npackets; 00377 NDIS_SPIN_LOCK CountersLock; 00378 UINT Nwrites; 00379 00380 ULONG Multiple_Write_Counter; 00381 NDIS_EVENT WriteEvent; 00382 BOOLEAN WriteInProgress; 00383 00384 NDIS_SPIN_LOCK WriteLock; 00385 NDIS_EVENT NdisRequestEvent; 00386 BOOLEAN SkipSentPackets; 00387 NDIS_STATUS IOStatus; 00388 HANDLE DumpFileHandle; 00389 PFILE_OBJECT DumpFileObject; 00390 PKTHREAD DumpThreadObject; 00391 HANDLE DumpThreadHandle; 00392 NDIS_EVENT DumpEvent; 00393 LARGE_INTEGER DumpOffset; 00394 UNICODE_STRING DumpFileName; 00395 UINT MaxDumpBytes; 00396 00397 UINT MaxDumpPacks; 00398 00399 00400 BOOLEAN DumpLimitReached; 00401 00402 MEM_TYPE mem_ex; 00403 TME_CORE tme; 00404 NDIS_SPIN_LOCK MachineLock; 00405 UINT MaxFrameSize; 00406 00407 CpuPrivateData CpuData[32]; 00408 ULONG ReaderSN; 00409 ULONG WriterSN; 00410 00411 ULONG Size; 00412 ULONG SkipProcessing; 00413 00414 00415 00416 ULONG AdapterHandleUsageCounter; 00417 NDIS_SPIN_LOCK AdapterHandleLock; 00418 ULONG AdapterBindingStatus; 00419 00420 NDIS_EVENT NdisOpenCloseCompleteEvent; 00421 NDIS_EVENT NdisWriteCompleteEvent; 00422 NTSTATUS OpenCloseStatus; 00423 ULONG TransmitPendingPackets; 00424 } 00425 OPEN_INSTANCE, *POPEN_INSTANCE; 00426 00427 enum ADAPTER_BINDING_STATUS 00428 { 00429 ADAPTER_UNBOUND, 00430 ADAPTER_BOUND, 00431 ADAPTER_UNBINDING, 00432 }; 00433 00441 struct PacketHeader 00442 { 00443 ULONG SN; 00444 struct bpf_hdr header; 00445 }; 00446 00447 00448 #define TRANSMIT_PACKETS 256 00449 00450 00451 00453 #define EXIT_SUCCESS(quantity) Irp->IoStatus.Information=quantity;\ 00454 Irp->IoStatus.Status = STATUS_SUCCESS;\ 00455 IoCompleteRequest(Irp, IO_NO_INCREMENT);\ 00456 return STATUS_SUCCESS;\ 00457 00458 00459 #define EXIT_FAILURE(quantity) Irp->IoStatus.Information=quantity;\ 00460 Irp->IoStatus.Status = STATUS_UNSUCCESSFUL;\ 00461 IoCompleteRequest(Irp, IO_NO_INCREMENT);\ 00462 return STATUS_UNSUCCESSFUL;\ 00463 00464 00469 /***************************/ 00470 /* Prototypes */ 00471 /***************************/ 00472 00489 NTSTATUS 00490 DriverEntry( 00491 IN PDRIVER_OBJECT DriverObject, 00492 IN PUNICODE_STRING RegistryPath 00493 ); 00494 00504 PWCHAR getAdaptersList(VOID); 00505 00512 PKEY_VALUE_PARTIAL_INFORMATION getTcpBindings(VOID); 00513 00525 BOOLEAN createDevice( 00526 IN OUT PDRIVER_OBJECT adriverObjectP, 00527 IN PUNICODE_STRING amacNameP, 00528 NDIS_HANDLE aProtoHandle); 00529 00541 NTSTATUS 00542 NPF_Open( 00543 IN PDEVICE_OBJECT DeviceObject, 00544 IN PIRP Irp 00545 ); 00546 00556 VOID 00557 NPF_OpenAdapterComplete( 00558 IN NDIS_HANDLE ProtocolBindingContext, 00559 IN NDIS_STATUS Status, 00560 IN NDIS_STATUS OpenErrorStatus 00561 ); 00562 00573 NTSTATUS 00574 NPF_Cleanup( 00575 IN PDEVICE_OBJECT DeviceObject, 00576 IN PIRP Irp 00577 ); 00578 00579 NTSTATUS 00580 NPF_Close( 00581 IN PDEVICE_OBJECT DeviceObject, 00582 IN PIRP Irp 00583 ); 00584 00585 00586 00595 VOID 00596 NPF_CloseAdapterComplete( 00597 IN NDIS_HANDLE ProtocolBindingContext, 00598 IN NDIS_STATUS Status 00599 ); 00600 00623 NDIS_STATUS 00624 NPF_tap( 00625 IN NDIS_HANDLE ProtocolBindingContext, 00626 IN NDIS_HANDLE MacReceiveContext, 00627 IN PVOID HeaderBuffer, 00628 IN UINT HeaderBufferSize, 00629 IN PVOID LookAheadBuffer, 00630 IN UINT LookaheadBufferSize, 00631 IN UINT PacketSize 00632 ); 00633 00644 VOID 00645 NPF_TransferDataComplete( 00646 IN NDIS_HANDLE ProtocolBindingContext, 00647 IN PNDIS_PACKET Packet, 00648 IN NDIS_STATUS Status, 00649 IN UINT BytesTransferred 00650 ); 00651 00658 VOID 00659 NPF_ReceiveComplete(IN NDIS_HANDLE ProtocolBindingContext); 00660 00684 NTSTATUS 00685 NPF_IoControl( 00686 IN PDEVICE_OBJECT DeviceObject, 00687 IN PIRP Irp 00688 ); 00689 00690 VOID 00691 00701 NPF_RequestComplete( 00702 IN NDIS_HANDLE ProtocolBindingContext, 00703 IN PNDIS_REQUEST pRequest, 00704 IN NDIS_STATUS Status 00705 ); 00706 00719 NTSTATUS 00720 NPF_Write( 00721 IN PDEVICE_OBJECT DeviceObject, 00722 IN PIRP Irp 00723 ); 00724 00725 00745 INT NPF_BufferedWrite(IN PIRP Irp, 00746 IN PCHAR UserBuff, 00747 IN ULONG UserBuffSize, 00748 BOOLEAN sync); 00749 00757 VOID NPF_WaitEndOfBufferedWrite(POPEN_INSTANCE Open); 00758 00768 VOID 00769 NPF_SendComplete( 00770 IN NDIS_HANDLE ProtocolBindingContext, 00771 IN PNDIS_PACKET pPacket, 00772 IN NDIS_STATUS Status 00773 ); 00774 00784 VOID 00785 NPF_ResetComplete( 00786 IN NDIS_HANDLE ProtocolBindingContext, 00787 IN NDIS_STATUS Status 00788 ); 00789 00793 VOID 00794 NPF_Status( 00795 IN NDIS_HANDLE ProtocolBindingContext, 00796 IN NDIS_STATUS Status, 00797 IN PVOID StatusBuffer, 00798 IN UINT StatusBufferSize 00799 ); 00800 00801 00805 VOID 00806 NPF_StatusComplete(IN NDIS_HANDLE ProtocolBindingContext); 00807 00816 VOID 00817 NPF_Unload(IN PDRIVER_OBJECT DriverObject); 00818 00819 00838 NTSTATUS 00839 NPF_Read( 00840 IN PDEVICE_OBJECT DeviceObject, 00841 IN PIRP Irp 00842 ); 00843 00849 NTSTATUS 00850 NPF_ReadRegistry( 00851 IN PWSTR *MacDriverName, 00852 IN PWSTR *PacketDriverName, 00853 IN PUNICODE_STRING RegistryPath 00854 ); 00855 00862 NTSTATUS 00863 NPF_QueryRegistryRoutine( 00864 IN PWSTR ValueName, 00865 IN ULONG ValueType, 00866 IN PVOID ValueData, 00867 IN ULONG ValueLength, 00868 IN PVOID Context, 00869 IN PVOID EntryContext 00870 ); 00871 00877 VOID NPF_BindAdapter( 00878 OUT PNDIS_STATUS Status, 00879 IN NDIS_HANDLE BindContext, 00880 IN PNDIS_STRING DeviceName, 00881 IN PVOID SystemSpecific1, 00882 IN PVOID SystemSpecific2 00883 ); 00884 00896 VOID 00897 NPF_UnbindAdapter( 00898 OUT PNDIS_STATUS Status, 00899 IN NDIS_HANDLE ProtocolBindingContext, 00900 IN NDIS_HANDLE UnbindContext 00901 ); 00902 00903 00911 NTSTATUS NPF_OpenDumpFile(POPEN_INSTANCE Open , PUNICODE_STRING fileName, BOOLEAN append); 00912 00921 NTSTATUS NPF_StartDump(POPEN_INSTANCE Open); 00922 00930 VOID NPF_DumpThread(PVOID Open); 00931 00938 NTSTATUS NPF_SaveCurrentBuffer(POPEN_INSTANCE Open); 00939 00952 VOID NPF_WriteDumpFile(PFILE_OBJECT FileObject, 00953 PLARGE_INTEGER Offset, 00954 ULONG Length, 00955 PMDL Mdl, 00956 PIO_STATUS_BLOCK IoStatusBlock); 00957 00958 00959 00965 NTSTATUS NPF_CloseDumpFile(POPEN_INSTANCE Open); 00966 00967 VOID 00968 NPF_CloseOpenInstance(POPEN_INSTANCE pOpen); 00969 00970 BOOLEAN 00971 NPF_StartUsingBinding( 00972 IN POPEN_INSTANCE pOpen); 00973 00974 VOID 00975 NPF_StopUsingBinding( 00976 IN POPEN_INSTANCE pOpen); 00977 00978 VOID 00979 NPF_CloseBinding( 00980 IN POPEN_INSTANCE pOpen); 00981 00982 NTSTATUS 00983 NPF_GetDeviceMTU( 00984 IN POPEN_INSTANCE pOpen, 00985 IN PIRP pIrp, 00986 OUT PUINT pMtu); 00987 00992 UINT GetBuffOccupation(POPEN_INSTANCE Open); 00993 01005 #ifdef NDIS50 01006 NDIS_STATUS NPF_PowerChange(IN NDIS_HANDLE ProtocolBindingContext, IN PNET_PNP_EVENT pNetPnPEvent); 01007 #endif 01008 01009 // 01010 // Old registry based WinPcap names 01011 // 01013 // \brief Helper function to query a value from the global WinPcap registry key 01014 //*/ 01015 //VOID NPF_QueryWinpcapRegistryString(PWSTR SubKeyName, 01016 // WCHAR *Value, 01017 // UINT ValueLen, 01018 // WCHAR *DefaultValue); 01019 // 01020 01021 01030 #endif /*main ifndef/define*/
documentation. Copyright (c) 2002-2005 Politecnico di Torino. Copyright (c) 2005-2006
CACE Technologies. All rights reserved.