WinPcap 4.1.3
Packet.h
Go to the documentation of this file.
1/*
2 * Copyright (c) 1999 - 2005 NetGroup, Politecnico di Torino (Italy)
3 * Copyright (c) 2005 - 2010 CACE Technologies, Davis (California)
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the Politecnico di Torino, CACE Technologies
16 * nor the names of its contributors may be used to endorse or promote
17 * products derived from this software without specific prior written
18 * permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
23 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
24 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
25 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
26 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
27 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
28 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
29 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
30 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31 *
32 */
33
42#ifndef __PACKET_INCLUDE______
43#define __PACKET_INCLUDE______
44
45#if !defined(NDIS30) && !defined(NDIS50)
46#error NDIS30 or NDIS50 should be defined
47#endif
48
49#ifdef _X86_
50#define NTKERNEL
51#include "jitter.h"
52#endif
53
54#ifdef HAVE_BUGGY_TME_SUPPORT
55#ifndef _X86_
56#error TME support is available only on x86 architectures
57#endif // _X86_
58#endif //HAVE_BUGGY_TME_SUPPORT
59
60
61//
62// Needed to disable a warning due to the #pragma prefast directives,
63// that are ignored by the normal DDK compiler
64//
65#ifndef _PREFAST_
66#pragma warning(disable:4068)
67#endif
68
69#include "win_bpf.h"
70
71#define MAX_REQUESTS 32
72
73#define Packet_ALIGNMENT sizeof(int)
74#define Packet_WORDALIGN(x) (((x)+(Packet_ALIGNMENT-1))&~(Packet_ALIGNMENT-1))
76
77#define KERNEL_EVENT_NAMESPACE L"\\BaseNamedObjects\\"
78
79
80// Working modes
81#define MODE_CAPT 0x0
82#define MODE_STAT 0x1
83#define MODE_MON 0x2
84#define MODE_DUMP 0x10
85
86
87#define IMMEDIATE 1
88
89#define NDIS_FLAGS_SKIP_LOOPBACK_W2K 0x400
90
91// The following definitions are used to provide compatibility
92// of the dump files with the ones of libpcap
93#define TCPDUMP_MAGIC 0xa1b2c3d4
94#define PCAP_VERSION_MAJOR 2
95#define PCAP_VERSION_MINOR 4
96
97// Loopback behaviour definitions
98#define NPF_DISABLE_LOOPBACK 1
99#define NPF_ENABLE_LOOPBACK 2
100
107{
108 UINT magic;
111 UINT thiszone;
112 UINT sigfigs;
113 UINT snaplen;
114 UINT linktype;
115};
116
121struct sf_pkthdr {
122 struct timeval ts;
123 UINT caplen;
126 UINT len;
127};
128
129//
130// NT4 DDK doesn't have C_ASSERT
131//
132#ifndef C_ASSERT
133#define C_ASSERT(a)
134#endif
135
143typedef struct _PACKET_OID_DATA {
144 ULONG Oid;
146 ULONG Length;
147 UCHAR Data[1];
149}
151
153
163typedef struct _INTERNAL_REQUEST {
164 LIST_ENTRY ListElement;
165// PIRP Irp; ///< Irp that performed the request
166// BOOLEAN Internal; ///< True if the request is for internal use of npf.sys. False if the request is performed by the user through an IOCTL.
168 NDIS_REQUEST Request;
169 NDIS_STATUS RequestStatus;
170
172
180typedef struct _PACKET_RESERVED {
181 LIST_ENTRY ListElement;
182 PIRP Irp;
183 PMDL pMdl;
186 ULONG Cpu;
188
189#define RESERVED(_p) ((PPACKET_RESERVED)((_p)->ProtocolReserved))
190
196typedef struct _DEVICE_EXTENSION {
197 NDIS_STRING AdapterName;
201
207typedef struct __CPU_Private_Data
208{
209 ULONG P;
210 ULONG C;
211 ULONG Free;
212 PUCHAR Buffer;
213 ULONG Accepted;
217 ULONG Received;
221 ULONG Dropped;
225 NDIS_SPIN_LOCK BufferLock;
228 ULONG NewP;
229}
231
232
240typedef struct _OPEN_INSTANCE
241{
244 NDIS_HANDLE AdapterHandle;
245 UINT Medium;
247 NDIS_HANDLE PacketPool;
248 KSPIN_LOCK RequestSpinLock;
249 LIST_ENTRY RequestList;
250 LIST_ENTRY ResetIrpList;
253 PKEVENT ReadEvent;
254 PUCHAR bpfprogram;
259#ifdef _X86_
260 JIT_BPF_Filter *Filter;
262#endif //_X86_
265 LARGE_INTEGER TimeOut;
267
268 int mode;
269 LARGE_INTEGER Nbytes;
270 LARGE_INTEGER Npackets;
271 NDIS_SPIN_LOCK CountersLock;
272 UINT Nwrites;
275 NDIS_EVENT WriteEvent;
278 NDIS_SPIN_LOCK WriteLock;
279 NDIS_EVENT NdisRequestEvent;
281 NDIS_STATUS IOStatus;
283 PFILE_OBJECT DumpFileObject;
286 NDIS_EVENT DumpEvent;
287 LARGE_INTEGER DumpOffset;
288 UNICODE_STRING DumpFileName;
296#ifdef HAVE_BUGGY_TME_SUPPORT
297 MEM_TYPE mem_ex;
298 TME_CORE tme;
299#endif //HAVE_BUGGY_TME_SUPPORT
300
301 NDIS_SPIN_LOCK MachineLock;
304 //
305 // KAFFINITY is used as a bit mask for the affinity in the system. So on every supported OS is big enough for all the CPUs on the system (32 bits on x86, 64 on x64?).
306 // We use its size to compute the max number of CPUs.
307 //
308 CpuPrivateData CpuData[sizeof(KAFFINITY) * 8];
309 ULONG ReaderSN;
310 ULONG WriterSN;
312 ULONG Size;
314 NDIS_SPIN_LOCK AdapterHandleLock;
316
322 BOOLEAN ClosePending;
323 NDIS_SPIN_LOCK OpenInUseLock;
324}
326
328{
332};
333
342{
343 ULONG SN;
344 struct bpf_hdr header;
345};
346
347extern ULONG g_NCpu;
348extern NDIS_HANDLE g_NdisProtocolHandle;
349extern struct time_conv G_Start_Time; // from openclos.c
350extern UINT g_SendPacketFlags;
351
352#define TRANSMIT_PACKETS 256
354
355
357#define EXIT_SUCCESS(quantity) Irp->IoStatus.Information=quantity;\
358 Irp->IoStatus.Status = STATUS_SUCCESS;\
359 IoCompleteRequest(Irp, IO_NO_INCREMENT);\
360 return STATUS_SUCCESS;\
361
363#define EXIT_FAILURE(quantity) Irp->IoStatus.Information=quantity;\
364 Irp->IoStatus.Status = STATUS_UNSUCCESSFUL;\
365 IoCompleteRequest(Irp, IO_NO_INCREMENT);\
366 return STATUS_UNSUCCESSFUL;\
367
373/***************************/
374/* Prototypes */
375/***************************/
376
393NTSTATUS
395 IN PDRIVER_OBJECT DriverObject,
396 IN PUNICODE_STRING RegistryPath
397 );
398
408PWCHAR getAdaptersList(VOID);
409
416PKEY_VALUE_PARTIAL_INFORMATION getTcpBindings(VOID);
417
429 IN OUT PDRIVER_OBJECT adriverObjectP,
430 IN PUNICODE_STRING amacNameP
431 );
443NTSTATUS
445 IN PDEVICE_OBJECT DeviceObject,
446 IN PIRP Irp
447 );
448
458VOID
460 IN NDIS_HANDLE ProtocolBindingContext,
461 IN NDIS_STATUS Status,
462 IN NDIS_STATUS OpenErrorStatus
463 );
464
475NTSTATUS
477 IN PDEVICE_OBJECT DeviceObject,
478 IN PIRP Irp
479 );
480
481NTSTATUS
483 IN PDEVICE_OBJECT DeviceObject,
484 IN PIRP Irp
485 );
486
487
488
497VOID
499 IN NDIS_HANDLE ProtocolBindingContext,
500 IN NDIS_STATUS Status
501 );
502
525NDIS_STATUS
527 IN NDIS_HANDLE ProtocolBindingContext,
528 IN NDIS_HANDLE MacReceiveContext,
529 IN PVOID HeaderBuffer,
530 IN UINT HeaderBufferSize,
531 IN PVOID LookAheadBuffer,
532 IN UINT LookaheadBufferSize,
533 IN UINT PacketSize
534 );
535
546VOID
548 IN NDIS_HANDLE ProtocolBindingContext,
549 IN PNDIS_PACKET Packet,
550 IN NDIS_STATUS Status,
551 IN UINT BytesTransferred
552 );
553
560VOID
561NPF_ReceiveComplete(IN NDIS_HANDLE ProtocolBindingContext);
562
586NTSTATUS
588 IN PDEVICE_OBJECT DeviceObject,
589 IN PIRP Irp
590 );
591
592VOID
593
604 IN NDIS_HANDLE ProtocolBindingContext,
605 IN PNDIS_REQUEST pRequest,
606 IN NDIS_STATUS Status
607 );
608
621NTSTATUS
623 IN PDEVICE_OBJECT DeviceObject,
624 IN PIRP Irp
625 );
626
627
647INT NPF_BufferedWrite(IN PIRP Irp,
648 IN PCHAR UserBuff,
649 IN ULONG UserBuffSize,
650 BOOLEAN sync);
651
660
670VOID
672 IN NDIS_HANDLE ProtocolBindingContext,
673 IN PNDIS_PACKET pPacket,
674 IN NDIS_STATUS Status
675 );
676
686VOID
688 IN NDIS_HANDLE ProtocolBindingContext,
689 IN NDIS_STATUS Status
690 );
691
695VOID
697 IN NDIS_HANDLE ProtocolBindingContext,
698 IN NDIS_STATUS Status,
699 IN PVOID StatusBuffer,
700 IN UINT StatusBufferSize
701 );
702
703
707VOID
708NPF_StatusComplete(IN NDIS_HANDLE ProtocolBindingContext);
709
718VOID
719NPF_Unload(IN PDRIVER_OBJECT DriverObject);
720
721
740NTSTATUS
742 IN PDEVICE_OBJECT DeviceObject,
743 IN PIRP Irp
744 );
745
751NTSTATUS
753 IN PWSTR *MacDriverName,
754 IN PWSTR *PacketDriverName,
755 IN PUNICODE_STRING RegistryPath
756 );
757
764NTSTATUS
766 IN PWSTR ValueName,
767 IN ULONG ValueType,
768 IN PVOID ValueData,
769 IN ULONG ValueLength,
770 IN PVOID Context,
771 IN PVOID EntryContext
772 );
773
780 OUT PNDIS_STATUS Status,
781 IN NDIS_HANDLE BindContext,
782 IN PNDIS_STRING DeviceName,
783 IN PVOID SystemSpecific1,
784 IN PVOID SystemSpecific2
785 );
786
798VOID
800 OUT PNDIS_STATUS Status,
801 IN NDIS_HANDLE ProtocolBindingContext,
802 IN NDIS_HANDLE UnbindContext
803 );
804
805
813NTSTATUS NPF_OpenDumpFile(POPEN_INSTANCE Open , PUNICODE_STRING fileName, BOOLEAN append);
814
824
832VOID NPF_DumpThread(PVOID Open);
833
841
854VOID NPF_WriteDumpFile(PFILE_OBJECT FileObject,
855 PLARGE_INTEGER Offset,
856 ULONG Length,
857 PMDL Mdl,
858 PIO_STATUS_BLOCK IoStatusBlock);
859
860
861
868
869BOOLEAN
871 IN POPEN_INSTANCE pOpen);
872
873VOID
875 IN POPEN_INSTANCE pOpen);
876
877VOID
879 IN POPEN_INSTANCE pOpen);
880
881BOOLEAN
883 IN POPEN_INSTANCE pOpen);
884
885VOID
887 IN POPEN_INSTANCE pOpen);
888
889VOID
891 IN POPEN_INSTANCE pOpen);
892
893NTSTATUS
895 IN POPEN_INSTANCE pOpen,
896 IN PIRP pIrp,
897 OUT PUINT pMtu);
898
904
916#ifdef NDIS50
917NDIS_STATUS NPF_PowerChange(IN NDIS_HANDLE ProtocolBindingContext, IN PNET_PNP_EVENT pNetPnPEvent);
918#endif
919
920//
921// Old registry based WinPcap names
922//
924// \brief Helper function to query a value from the global WinPcap registry key
925//*/
926//VOID NPF_QueryWinpcapRegistryString(PWSTR SubKeyName,
927// WCHAR *Value,
928// UINT ValueLen,
929// WCHAR *DefaultValue);
930//
931
932
941#endif /*main ifndef/define*/
VOID NPF_TransferDataComplete(IN NDIS_HANDLE ProtocolBindingContext, IN PNDIS_PACKET Packet, IN NDIS_STATUS Status, IN UINT BytesTransferred)
Ends the transfer of a packet.
VOID NPF_OpenAdapterComplete(IN NDIS_HANDLE ProtocolBindingContext, IN NDIS_STATUS Status, IN NDIS_STATUS OpenErrorStatus)
Ends the opening of an adapter.
VOID NPF_DumpThread(PVOID Open)
The dump thread.
NTSTATUS NPF_ReadRegistry(IN PWSTR *MacDriverName, IN PWSTR *PacketDriverName, IN PUNICODE_STRING RegistryPath)
Reads the registry keys associated woth NPF if the driver is manually installed via the control panel...
VOID NPF_Status(IN NDIS_HANDLE ProtocolBindingContext, IN NDIS_STATUS Status, IN PVOID StatusBuffer, IN UINT StatusBufferSize)
Callback for NDIS StatusHandler. Not used by NPF.
VOID NPF_CloseAdapterComplete(IN NDIS_HANDLE ProtocolBindingContext, IN NDIS_STATUS Status)
Ends the closing of an adapter.
VOID NPF_ResetComplete(IN NDIS_HANDLE ProtocolBindingContext, IN NDIS_STATUS Status)
Ends a reset of the adapter.
VOID NPF_RequestComplete(IN NDIS_HANDLE ProtocolBindingContext, IN PNDIS_REQUEST pRequest, IN NDIS_STATUS Status)
Ends an OID request.
BOOLEAN NPF_StartUsingOpenInstance(IN POPEN_INSTANCE pOpen)
VOID NPF_UnbindAdapter(OUT PNDIS_STATUS Status, IN NDIS_HANDLE ProtocolBindingContext, IN NDIS_HANDLE UnbindContext)
Callback for NDIS UnbindAdapterHandler.
VOID NPF_WriteDumpFile(PFILE_OBJECT FileObject, PLARGE_INTEGER Offset, ULONG Length, PMDL Mdl, PIO_STATUS_BLOCK IoStatusBlock)
Writes a block of packets on the dump file.
NTSTATUS NPF_Write(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp)
Writes a raw packet to the network.
BOOLEAN NPF_CreateDevice(IN OUT PDRIVER_OBJECT adriverObjectP, IN PUNICODE_STRING amacNameP)
Creates a device for a given MAC.
VOID NPF_Unload(IN PDRIVER_OBJECT DriverObject)
Function called by the OS when NPF is unloaded.
BOOLEAN NPF_StartUsingBinding(IN POPEN_INSTANCE pOpen)
NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath)
The initialization routine of the driver.
VOID NPF_StopUsingOpenInstance(IN POPEN_INSTANCE pOpen)
VOID NPF_StatusComplete(IN NDIS_HANDLE ProtocolBindingContext)
Callback for NDIS StatusCompleteHandler. Not used by NPF.
VOID NPF_CloseBinding(IN POPEN_INSTANCE pOpen)
NTSTATUS NPF_Read(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp)
Function that serves the user's reads.
NTSTATUS NPF_Open(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp)
Opens a new instance of the driver.
NTSTATUS NPF_QueryRegistryRoutine(IN PWSTR ValueName, IN ULONG ValueType, IN PVOID ValueData, IN ULONG ValueLength, IN PVOID Context, IN PVOID EntryContext)
Function used by NPF_ReadRegistry() to quesry the registry keys associated woth NPF if the driver is ...
VOID NPF_WaitEndOfBufferedWrite(POPEN_INSTANCE Open)
Waits the completion of all the sends performed by NPF_BufferedWrite.
NTSTATUS NPF_GetDeviceMTU(IN POPEN_INSTANCE pOpen, IN PIRP pIrp, OUT PUINT pMtu)
NDIS_STATUS NPF_tap(IN NDIS_HANDLE ProtocolBindingContext, IN NDIS_HANDLE MacReceiveContext, IN PVOID HeaderBuffer, IN UINT HeaderBufferSize, IN PVOID LookAheadBuffer, IN UINT LookaheadBufferSize, IN UINT PacketSize)
Callback invoked by NDIS when a packet arrives from the network.
VOID NPF_CloseOpenInstance(IN POPEN_INSTANCE pOpen)
VOID NPF_BindAdapter(OUT PNDIS_STATUS Status, IN NDIS_HANDLE BindContext, IN PNDIS_STRING DeviceName, IN PVOID SystemSpecific1, IN PVOID SystemSpecific2)
Callback for NDIS BindAdapterHandler. Not used by NPF.
INT NPF_BufferedWrite(IN PIRP Irp, IN PCHAR UserBuff, IN ULONG UserBuffSize, BOOLEAN sync)
Writes a buffer of raw packets to the network.
NTSTATUS NPF_CloseDumpFile(POPEN_INSTANCE Open)
Closes the dump file associated with an instance of the driver.
VOID NPF_StopUsingBinding(IN POPEN_INSTANCE pOpen)
PKEY_VALUE_PARTIAL_INFORMATION getTcpBindings(VOID)
Returns the MACs that bind to TCP/IP.
NTSTATUS NPF_IoControl(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp)
Handles the IOCTL calls.
UINT GetBuffOccupation(POPEN_INSTANCE Open)
Returns the amount of bytes present in the packet buffer.
NTSTATUS NPF_OpenDumpFile(POPEN_INSTANCE Open, PUNICODE_STRING fileName, BOOLEAN append)
Creates the file that will receive the packets when the driver is in dump mode.
VOID NPF_ReceiveComplete(IN NDIS_HANDLE ProtocolBindingContext)
Callback function that signals the end of a packet reception.
VOID NPF_SendComplete(IN NDIS_HANDLE ProtocolBindingContext, IN PNDIS_PACKET pPacket, IN NDIS_STATUS Status)
Ends a send operation.
NTSTATUS NPF_StartDump(POPEN_INSTANCE Open)
Starts dump to file.
NTSTATUS NPF_Close(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp)
NTSTATUS NPF_Cleanup(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp)
Closes an instance of the driver.
PWCHAR getAdaptersList(VOID)
Returns the list of the MACs available on the system.
NTSTATUS NPF_SaveCurrentBuffer(POPEN_INSTANCE Open)
Saves the content of the packet buffer to the file associated with current instance.
struct _DEVICE_EXTENSION DEVICE_EXTENSION
Port device extension.
struct _PACKET_RESERVED * PPACKET_RESERVED
struct _OPEN_INSTANCE OPEN_INSTANCE
Contains the state of a running instance of the NPF driver.
struct _INTERNAL_REQUEST * PINTERNAL_REQUEST
NDIS_HANDLE g_NdisProtocolHandle
#define C_ASSERT(a)
Definition: Packet.h:133
struct time_conv G_Start_Time
#define MAX_REQUESTS
Maximum number of simultaneous IOCTL requests.
Definition: Packet.h:71
struct _PACKET_RESERVED PACKET_RESERVED
Contains a NDIS packet.
ULONG g_NCpu
struct __CPU_Private_Data CpuPrivateData
Kernel buffer of each CPU.
ADAPTER_BINDING_STATUS
Definition: Packet.h:328
UINT g_SendPacketFlags
struct _DEVICE_EXTENSION * PDEVICE_EXTENSION
struct _OPEN_INSTANCE * POPEN_INSTANCE
struct _PACKET_OID_DATA * PPACKET_OID_DATA
struct _INTERNAL_REQUEST INTERNAL_REQUEST
Stores an OID request.
struct _PACKET_OID_DATA PACKET_OID_DATA
Structure containing an OID request.
@ ADAPTER_BOUND
Definition: Packet.h:330
@ ADAPTER_UNBOUND
Definition: Packet.h:329
@ ADAPTER_UNBINDING
Definition: Packet.h:331
Structure describing a x86 filtering program created by the jitter.
Definition: jitter.h:95
Structure prepended to each packet in the kernel buffer pool.
Definition: Packet.h:342
struct bpf_hdr header
bpf header, created by the tap, and copied unmodified to user level programs.
Definition: Packet.h:344
ULONG SN
Sequence number of the packet.
Definition: Packet.h:343
Port device extension.
Definition: Packet.h:196
PWSTR ExportString
Definition: Packet.h:198
NDIS_STRING AdapterName
Name of the adapter.
Definition: Packet.h:197
Stores an OID request.
Definition: Packet.h:163
NDIS_STATUS RequestStatus
Definition: Packet.h:169
LIST_ENTRY ListElement
Used to handle lists of requests.
Definition: Packet.h:164
NDIS_REQUEST Request
The structure with the actual request, that will be passed to NdisRequest().
Definition: Packet.h:168
NDIS_EVENT InternalRequestCompletedEvent
Definition: Packet.h:167
Contains the state of a running instance of the NPF driver.
Definition: Packet.h:241
PMDL BufferMdl
Pointer to a Memory descriptor list (MDL) that maps the circular buffer's memory.
Definition: Packet.h:252
LARGE_INTEGER DumpOffset
Current offset in the dump file.
Definition: Packet.h:287
PFILE_OBJECT DumpFileObject
Pointer to the object of the file used in dump mode.
Definition: Packet.h:283
CpuPrivateData CpuData[sizeof(KAFFINITY) *8]
Pool of kernel buffer structures, one for each CPU.
Definition: Packet.h:308
NDIS_EVENT DumpEvent
Event used to synchronize the dump thread with the tap when the instance is in dump mode.
Definition: Packet.h:286
LIST_ENTRY ResetIrpList
List of pending adapter reset requests.
Definition: Packet.h:250
ULONG Size
Size of each kernel buffer contained in the CpuData field.
Definition: Packet.h:312
int mode
Working mode of the driver. See PacketSetMode() for details.
Definition: Packet.h:268
UINT MinToCopy
Definition: Packet.h:263
PUCHAR bpfprogram
Definition: Packet.h:254
ULONG TransmitPendingPackets
Specifies the number of packets that are pending to be transmitted, i.e. have been submitted to NdisS...
Definition: Packet.h:320
UINT MaxDumpPacks
Definition: Packet.h:291
BOOLEAN SkipSentPackets
True if this instance should not capture back the packets that it transmits.
Definition: Packet.h:280
NDIS_SPIN_LOCK WriteLock
SpinLock that protects the WriteInProgress variable.
Definition: Packet.h:278
NDIS_EVENT WriteEvent
Event used to synchronize the multiple write process.
Definition: Packet.h:275
NDIS_SPIN_LOCK OpenInUseLock
Definition: Packet.h:323
LARGE_INTEGER Npackets
Number of packets accepted by the filter when this instance is in statistical mode.
Definition: Packet.h:270
NDIS_EVENT NdisOpenCloseCompleteEvent
Definition: Packet.h:317
BOOLEAN DumpLimitReached
Definition: Packet.h:294
PKEVENT ReadEvent
Pointer to the event on which the read calls on this instance must wait.
Definition: Packet.h:253
ULONG AdapterHandleUsageCounter
Definition: Packet.h:313
NDIS_SPIN_LOCK CountersLock
SpinLock that protects the statistical mode counters.
Definition: Packet.h:271
LIST_ENTRY RequestList
List of pending OID requests.
Definition: Packet.h:249
ULONG ReaderSN
Sequence number of the next packet to be read from the pool of kernel buffers.
Definition: Packet.h:309
LARGE_INTEGER Nbytes
Amount of bytes accepted by the filter when this instance is in statistical mode.
Definition: Packet.h:269
INTERNAL_REQUEST Requests[MAX_REQUESTS]
Array of structures that wrap every single OID request.
Definition: Packet.h:251
NDIS_HANDLE AdapterHandle
NDIS idetifier of the adapter used by this instance.
Definition: Packet.h:244
LARGE_INTEGER TimeOut
Definition: Packet.h:265
ULONG AdapterBindingStatus
Specifies if NPF is still bound to the adapter used by this instance, it's unbinding or it's not boun...
Definition: Packet.h:315
PDEVICE_EXTENSION DeviceExtension
Definition: Packet.h:242
ULONG Multiple_Write_Counter
Counts the number of times a single write has already physically repeated.
Definition: Packet.h:274
NDIS_HANDLE PacketPool
Pool of NDIS_PACKET structures used to transfer the packets from and to the NIC driver.
Definition: Packet.h:247
KSPIN_LOCK RequestSpinLock
SpinLock used to synchronize the OID requests.
Definition: Packet.h:248
UINT MaxFrameSize
Definition: Packet.h:302
UINT MaxDumpBytes
Definition: Packet.h:289
UNICODE_STRING DumpFileName
String containing the name of the dump file.
Definition: Packet.h:288
ULONG NumPendingIrps
Definition: Packet.h:321
NDIS_SPIN_LOCK AdapterHandleLock
Definition: Packet.h:314
BOOLEAN ClosePending
Definition: Packet.h:322
NDIS_EVENT NdisWriteCompleteEvent
Event that is signalled when all the packets have been successfully sent by NdisSend (and corresponfi...
Definition: Packet.h:318
NTSTATUS OpenCloseStatus
Definition: Packet.h:319
ULONG WriterSN
Definition: Packet.h:310
NDIS_STATUS IOStatus
Maintains the status of and OID request call, that will be passed to the application.
Definition: Packet.h:281
PKTHREAD DumpThreadObject
Pointer to the object of the thread used in dump mode.
Definition: Packet.h:284
NDIS_EVENT NdisRequestEvent
Event used to synchronize I/O requests with the callback structure of NDIS.
Definition: Packet.h:279
UINT Medium
Definition: Packet.h:245
UINT Nwrites
Definition: Packet.h:272
BOOLEAN WriteInProgress
Definition: Packet.h:276
HANDLE DumpThreadHandle
Handle of the thread created by dump mode to asynchronously move the buffer to disk.
Definition: Packet.h:285
NDIS_SPIN_LOCK MachineLock
SpinLock that protects the BPF filter and the TME engine, if in use.
Definition: Packet.h:301
HANDLE DumpFileHandle
Handle of the file used in dump mode.
Definition: Packet.h:282
Structure containing an OID request.
Definition: Packet.h:143
UCHAR Data[1]
Definition: Packet.h:147
ULONG Length
Length of the data field.
Definition: Packet.h:146
Contains a NDIS packet.
Definition: Packet.h:180
PMDL pMdl
MDL mapping the buffer of the packet.
Definition: Packet.h:183
PIRP Irp
Irp that performed the request.
Definition: Packet.h:182
LIST_ENTRY ListElement
Used to handle lists of packets.
Definition: Packet.h:181
ULONG Cpu
The CPU on which the packet was pulled out of the linked list of free packets.
Definition: Packet.h:186
BOOLEAN FreeBufAfterWrite
Definition: Packet.h:184
Kernel buffer of each CPU.
Definition: Packet.h:208
PMDL TransferMdl2
Second MDL used to map the portion of the buffer that will contain an incoming packet.
Definition: Packet.h:227
ULONG C
Zero-based index of the consumer in the buffer. It indicates the first free byte to be read.
Definition: Packet.h:210
ULONG NewP
Used by NdisTransferData() (when we call NdisTransferData, p index must be updated only in the Transf...
Definition: Packet.h:228
NDIS_SPIN_LOCK BufferLock
It protects the buffer associated with this CPU.
Definition: Packet.h:225
PUCHAR Buffer
Pointer to the kernel buffer used to capture packets.
Definition: Packet.h:212
ULONG P
Zero-based index of the producer in the buffer. It indicates the first free byte to be written.
Definition: Packet.h:209
PMDL TransferMdl1
MDL used to map the portion of the buffer that will contain an incoming packet.
Definition: Packet.h:226
ULONG Free
Number of the free bytes in the buffer.
Definition: Packet.h:211
Header of a libpcap dump file.
Definition: Packet.h:107
USHORT version_minor
Libpcap minor version.
Definition: Packet.h:110
USHORT version_major
Libpcap major version.
Definition: Packet.h:109
UINT snaplen
Length of the max saved portion of each packet.
Definition: Packet.h:113
UINT sigfigs
Accuracy of timestamps.
Definition: Packet.h:112
UINT thiszone
Gmt to local correction.
Definition: Packet.h:111
UINT linktype
Data link type (DLT_*). See win_bpf.h for details.
Definition: Packet.h:114
UINT magic
Libpcap magic number.
Definition: Packet.h:108
Header associated to a packet in the driver's buffer when the driver is in dump mode....
Definition: Packet.h:121
struct timeval ts
time stamp
Definition: Packet.h:122
UINT len
Length of the original packet (off wire).
Definition: Packet.h:126
UINT caplen
Definition: Packet.h:123

documentation. Copyright (c) 2002-2005 Politecnico di Torino. Copyright (c) 2005-2010 CACE Technologies. Copyright (c) 2010-2013 Riverbed Technology. All rights reserved.