Packet.h File Reference

#include "win_bpf.h"

Go to the source code of this file.

Data Structures

struct  packet_file_header
 Header of a libpcap dump file. More...
struct  sf_pkthdr
 Header associated to a packet in the driver's buffer when the driver is in dump mode. Similar to the bpf_hdr structure, but simpler. More...
struct  _INTERNAL_REQUEST
 Stores an OID request. More...
struct  _PACKET_RESERVED
 Contains a NDIS packet. More...
struct  _DEVICE_EXTENSION
 Port device extension. More...
struct  __CPU_Private_Data
 Kernel buffer of each CPU. More...
struct  _OPEN_INSTANCE
 Contains the state of a running instance of the NPF driver. More...
struct  PacketHeader
 Structure prepended to each packet in the kernel buffer pool. More...

Defines

#define MAX_REQUESTS   32
 Maximum number of simultaneous IOCTL requests.
#define Packet_ALIGNMENT   sizeof(int)
 Alignment macro. Defines the alignment size.
#define Packet_WORDALIGN(x)   (((x)+(Packet_ALIGNMENT-1))&~(Packet_ALIGNMENT-1))
 even multiple of Packet_ALIGNMENT.
#define KERNEL_EVENT_NAMESPACE   L"\\BaseNamedObjects\\"
#define BIOCSETBUFFERSIZE   9592
 IOCTL code: set kernel buffer size.
#define BIOCSETF   9030
 IOCTL code: set packet filtering program.
#define BIOCGSTATS   9031
 IOCTL code: get the capture stats.
#define BIOCSRTIMEOUT   7416
 IOCTL code: set the read timeout.
#define BIOCSMODE   7412
 IOCTL code: set working mode.
#define BIOCSWRITEREP   7413
 IOCTL code: set number of physical repetions of every packet written by the app.
#define BIOCSMINTOCOPY   7414
 IOCTL code: set minimum amount of data in the kernel buffer that unlocks a read call.
#define BIOCSETOID   2147483648
 IOCTL code: set an OID value.
#define BIOCQUERYOID   2147483652
 IOCTL code: get an OID value.
#define BIOCSETDUMPFILENAME   9029
 IOCTL code: set the name of a the file used by kernel dump mode.
#define BIOCGEVNAME   7415
 IOCTL code: get the name of the event that the driver signals when some data is present in the buffer.
#define BIOCSENDPACKETSNOSYNC   9032
 IOCTL code: Send a buffer containing multiple packets to the network, ignoring the timestamps.
#define BIOCSENDPACKETSSYNC   9033
 IOCTL code: Send a buffer containing multiple packets to the network, considering the timestamps.
#define BIOCSETDUMPLIMITS   9034
 IOCTL code: Set the dump file limits.
#define BIOCISDUMPENDED   7411
 IOCTL code: Get the status of the kernel dump process.
#define BIOCISETLOBBEH   7410
 IOCTL code: set the loopback behavior.
#define BIOCSETEVENTHANDLE   7920
 This IOCTL passes the read event HANDLE allocated by the user (packet.dll) to kernel level.
#define MODE_CAPT   0x0
 Capture working mode.
#define MODE_STAT   0x1
 Statistical working mode.
#define MODE_MON   0x2
 Kernel monitoring mode.
#define MODE_DUMP   0x10
 Kernel dump working mode.
#define IMMEDIATE   1
 Immediate timeout. Forces a read call to return immediately.
#define NDIS_FLAGS_SKIP_LOOPBACK_W2K   0x400
 This is an undocumented flag for NdisSetPacketFlags() that allows to disable loopback reception.
#define TCPDUMP_MAGIC   0xa1b2c3d4
 Libpcap magic number. Used by programs like tcpdump to recognize a driver's generated dump file.
#define PCAP_VERSION_MAJOR   2
 Major libpcap version of the dump file. Used by programs like tcpdump to recognize a driver's generated dump file.
#define PCAP_VERSION_MINOR   4
 Minor libpcap version of the dump file. Used by programs like tcpdump to recognize a driver's generated dump file.
#define NPF_DISABLE_LOOPBACK   1
 Tells the driver to drop the packets sent by itself. This is usefult when building applications like bridges.
#define NPF_ENABLE_LOOPBACK   2
 Tells the driver to capture the packets sent by itself.
#define RESERVED(_p)   ((PPACKET_RESERVED)((_p)->ProtocolReserved))
 Macro to obtain a NDIS_PACKET from a PACKET_RESERVED.
#define TRANSMIT_PACKETS   256
 of packets that can be transmitted at the same time or with a single call to NdisSendPackets.
#define EXIT_SUCCESS(quantity)
 Macro used in the I/O routines to return the control to user-mode with a success status.
#define EXIT_FAILURE(quantity)
 Macro used in the I/O routines to return the control to user-mode with a failure status.

Typedefs

typedef _INTERNAL_REQUEST INTERNAL_REQUEST
 Stores an OID request.
typedef _INTERNAL_REQUESTPINTERNAL_REQUEST
 Stores an OID request.
typedef _PACKET_RESERVED PACKET_RESERVED
 Contains a NDIS packet.
typedef _PACKET_RESERVEDPPACKET_RESERVED
 Contains a NDIS packet.
typedef _DEVICE_EXTENSION DEVICE_EXTENSION
 Port device extension.
typedef _DEVICE_EXTENSIONPDEVICE_EXTENSION
 Port device extension.
typedef __CPU_Private_Data CpuPrivateData
 Kernel buffer of each CPU.
typedef _OPEN_INSTANCE OPEN_INSTANCE
 Contains the state of a running instance of the NPF driver.
typedef _OPEN_INSTANCEPOPEN_INSTANCE
 Contains the state of a running instance of the NPF driver.

Enumerations

enum  ADAPTER_BINDING_STATUS { ADAPTER_UNBOUND, ADAPTER_BOUND, ADAPTER_UNBINDING }

Functions

NTSTATUS DriverEntry (IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath)
 The initialization routine of the driver.
PWCHAR getAdaptersList (VOID)
 Returns the list of the MACs available on the system.
PKEY_VALUE_PARTIAL_INFORMATION getTcpBindings (VOID)
 Returns the MACs that bind to TCP/IP.
BOOLEAN createDevice (IN OUT PDRIVER_OBJECT adriverObjectP, IN PUNICODE_STRING amacNameP, NDIS_HANDLE aProtoHandle)
 Creates a device for a given MAC.
NTSTATUS NPF_Open (IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp)
 Opens a new instance of the driver.
VOID NPF_OpenAdapterComplete (IN NDIS_HANDLE ProtocolBindingContext, IN NDIS_STATUS Status, IN NDIS_STATUS OpenErrorStatus)
 Ends the opening of an adapter.
NTSTATUS NPF_Cleanup (IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp)
 Closes an instance of the driver.
NTSTATUS NPF_Close (IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp)
VOID NPF_CloseAdapterComplete (IN NDIS_HANDLE ProtocolBindingContext, IN NDIS_STATUS Status)
 Ends the closing of an adapter.
NDIS_STATUS NPF_tap (IN NDIS_HANDLE ProtocolBindingContext, IN NDIS_HANDLE MacReceiveContext, IN PVOID HeaderBuffer, IN UINT HeaderBufferSize, IN PVOID LookAheadBuffer, IN UINT LookaheadBufferSize, IN UINT PacketSize)
 Callback invoked by NDIS when a packet arrives from the network.
VOID NPF_TransferDataComplete (IN NDIS_HANDLE ProtocolBindingContext, IN PNDIS_PACKET Packet, IN NDIS_STATUS Status, IN UINT BytesTransferred)
 Ends the transfer of a packet.
VOID NPF_ReceiveComplete (IN NDIS_HANDLE ProtocolBindingContext)
 Callback function that signals the end of a packet reception.
NTSTATUS NPF_IoControl (IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp)
 Handles the IOCTL calls.
VOID NPF_RequestComplete (IN NDIS_HANDLE ProtocolBindingContext, IN PNDIS_REQUEST pRequest, IN NDIS_STATUS Status)
 Ends an OID request.
NTSTATUS NPF_Write (IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp)
 Writes a raw packet to the network.
INT NPF_BufferedWrite (IN PIRP Irp, IN PCHAR UserBuff, IN ULONG UserBuffSize, BOOLEAN sync)
 Writes a buffer of raw packets to the network.
VOID NPF_WaitEndOfBufferedWrite (POPEN_INSTANCE Open)
 Waits the completion of all the sends performed by NPF_BufferedWrite.
VOID NPF_SendComplete (IN NDIS_HANDLE ProtocolBindingContext, IN PNDIS_PACKET pPacket, IN NDIS_STATUS Status)
 Ends a send operation.
VOID NPF_ResetComplete (IN NDIS_HANDLE ProtocolBindingContext, IN NDIS_STATUS Status)
 Ends a reset of the adapter.
VOID NPF_Status (IN NDIS_HANDLE ProtocolBindingContext, IN NDIS_STATUS Status, IN PVOID StatusBuffer, IN UINT StatusBufferSize)
 Callback for NDIS StatusHandler. Not used by NPF.
VOID NPF_StatusComplete (IN NDIS_HANDLE ProtocolBindingContext)
 Callback for NDIS StatusCompleteHandler. Not used by NPF.
VOID NPF_Unload (IN PDRIVER_OBJECT DriverObject)
 Function called by the OS when NPF is unloaded.
NTSTATUS NPF_Read (IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp)
 Function that serves the user's reads.
NTSTATUS NPF_ReadRegistry (IN PWSTR *MacDriverName, IN PWSTR *PacketDriverName, IN PUNICODE_STRING RegistryPath)
 Reads the registry keys associated woth NPF if the driver is manually installed via the control panel.
NTSTATUS NPF_QueryRegistryRoutine (IN PWSTR ValueName, IN ULONG ValueType, IN PVOID ValueData, IN ULONG ValueLength, IN PVOID Context, IN PVOID EntryContext)
 Function used by NPF_ReadRegistry() to quesry the registry keys associated woth NPF if the driver is manually installed via the control panel.
VOID NPF_BindAdapter (OUT PNDIS_STATUS Status, IN NDIS_HANDLE BindContext, IN PNDIS_STRING DeviceName, IN PVOID SystemSpecific1, IN PVOID SystemSpecific2)
 Callback for NDIS BindAdapterHandler. Not used by NPF.
VOID NPF_UnbindAdapter (OUT PNDIS_STATUS Status, IN NDIS_HANDLE ProtocolBindingContext, IN NDIS_HANDLE UnbindContext)
 Callback for NDIS UnbindAdapterHandler.
NTSTATUS NPF_OpenDumpFile (POPEN_INSTANCE Open, PUNICODE_STRING fileName, BOOLEAN append)
 Creates the file that will receive the packets when the driver is in dump mode.
NTSTATUS NPF_StartDump (POPEN_INSTANCE Open)
 Starts dump to file.
VOID NPF_DumpThread (PVOID Open)
 The dump thread.
NTSTATUS NPF_SaveCurrentBuffer (POPEN_INSTANCE Open)
 Saves the content of the packet buffer to the file associated with current instance.
VOID NPF_WriteDumpFile (PFILE_OBJECT FileObject, PLARGE_INTEGER Offset, ULONG Length, PMDL Mdl, PIO_STATUS_BLOCK IoStatusBlock)
 Writes a block of packets on the dump file.
NTSTATUS NPF_CloseDumpFile (POPEN_INSTANCE Open)
 Closes the dump file associated with an instance of the driver.
VOID NPF_CloseOpenInstance (POPEN_INSTANCE pOpen)
BOOLEAN NPF_StartUsingBinding (IN POPEN_INSTANCE pOpen)
VOID NPF_StopUsingBinding (IN POPEN_INSTANCE pOpen)
VOID NPF_CloseBinding (IN POPEN_INSTANCE pOpen)
NTSTATUS NPF_GetDeviceMTU (IN POPEN_INSTANCE pOpen, IN PIRP pIrp, OUT PUINT pMtu)
UINT GetBuffOccupation (POPEN_INSTANCE Open)
 Returns the amount of bytes present in the packet buffer.

Variables

ULONG NCpu


documentation. Copyright (c) 2002-2005 Politecnico di Torino. Copyright (c) 2005-2007 CACE Technologies. All rights reserved.