メイン   モジュール   デー タ構造   ファイルリスト   データフィールド   グローバル   関連ページ   注意事項   English

Packet.c File Reference

#include "stdarg.h"
#include "ntddk.h"
#include "ntiologc.h"
#include "ndis.h"
#include "ntddpack.h"
#include "debug.h"
#include "packet.h"
#include "win_bpf.h"
#include "win_bpf_filter_init.h"
#include "tme.h"

Go to the source code of this file.

Functions

NTSTATUS DriverEntry (IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath)
 The initialization routine of the driver.

PWCHAR getAdaptersList (void)
PKEY_VALUE_PARTIAL_INFORMATION getTcpBindings (void)
BOOLEAN createDevice (IN OUT PDRIVER_OBJECT adriverObjectP, IN PUNICODE_STRING amacNameP, NDIS_HANDLE aProtoHandle)
 Creates a device for a given MAC.

VOID NPF_Unload (IN PDRIVER_OBJECT DriverObject)
 Function called by the OS when NPF is unloaded.

NTSTATUS NPF_IoControl (IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp)
 Handles the IOCTL calls.

VOID NPF_RequestComplete (IN NDIS_HANDLE ProtocolBindingContext, IN PNDIS_REQUEST NdisRequest, IN NDIS_STATUS Status)
 Ends an OID request.

VOID NPF_Status (IN NDIS_HANDLE ProtocolBindingContext, IN NDIS_STATUS Status, IN PVOID StatusBuffer, IN UINT StatusBufferSize)
 Callback for NDIS StatusHandler. Not used by NPF.

VOID NPF_StatusComplete (IN NDIS_HANDLE ProtocolBindingContext)
 Callback for NDIS StatusCompleteHandler. Not used by NPF.

NTSTATUS NPF_ReadRegistry (IN PWSTR *MacDriverName, IN PWSTR *PacketDriverName, IN PUNICODE_STRING RegistryPath)
 Reads the registry keys associated woth NPF if the driver is manually installed via the control panel.

NTSTATUS NPF_QueryRegistryRoutine (IN PWSTR ValueName, IN ULONG ValueType, IN PVOID ValueData, IN ULONG ValueLength, IN PVOID Context, IN PVOID EntryContext)
 Function used by NPF_ReadRegistry() to quesry the registry keys associated woth NPF if the driver is manually installed via the control panel.


Variables

PDEVICE_EXTENSION GlobalDeviceExtension
NDIS_STRING NPF_Prefix = NDIS_STRING_CONST("NPF_")
NDIS_STRING devicePrefix = NDIS_STRING_CONST("\\Device\\")
NDIS_STRING symbolicLinkPrefix = NDIS_STRING_CONST("\\DosDevices\\")
NDIS_STRING tcpLinkageKeyName
NDIS_STRING AdapterListKey
NDIS_STRING bindValueName = NDIS_STRING_CONST("Bind")
WCHAR * bindP = NULL
 Global variable that points to the names of the bound adapters.

time_conv G_Start_Time
 Global start time. Used as an absolute reference for timestamp conversion.

NDIS_SPIN_LOCK Opened_Instances_Lock
ULONG NCpu


Function Documentation

BOOLEAN createDevice IN OUT PDRIVER_OBJECT    adriverObjectP,
IN PUNICODE_STRING    amacNameP,
NDIS_HANDLE    aProtoHandle
 

Creates a device for a given MAC.

Parameters:
adriverObjectP The driver object that will be associated with the device, i.e. the one of NPF.
amacNameP The name of the network interface that the device will point.
aProtoHandle NDIS protocol handle of NPF.
Returns:
If the function succeeds, the return value is nonzero.
NPF creates a device for every valid network adapter. The new device points to the NPF driver, but contains information about the original device. In this way, when the user opens the new device, NPF will be able to determine the correct adapter to use.

Definition at line 394 of file Packet.c.

References _DEVICE_EXTENSION::AdapterName, devicePrefix, _DEVICE_EXTENSION::ExportString, _DEVICE_EXTENSION::NdisProtocolHandle, NPF_Prefix, and symbolicLinkPrefix.

Referenced by DriverEntry().

NTSTATUS DriverEntry IN PDRIVER_OBJECT    DriverObject,
IN PUNICODE_STRING    RegistryPath
 

The initialization routine of the driver.

Parameters:
DriverObject The driver object of NPF created by the system.
RegistryPath The registry path containing the keys related to the driver.
Returns:
A string containing a list of network adapters.
DriverEntry is a mandatory function in a device driver. Like the main() of a user level program, it is called by the system when the driver is loaded in memory and started. Its purpose is to initialize the driver, performing all the allocations and the setup. In particular, DriverEntry registers all the driver's I/O callbacks, creates the devices, defines NPF as a protocol inside NDIS.

Definition at line 70 of file Packet.c.

References bindP, createDevice(), getAdaptersList(), getTcpBindings(), NCpu, NPF_BindAdapter(), NPF_Close(), NPF_CloseAdapterComplete(), NPF_IoControl(), NPF_Open(), NPF_OpenAdapterComplete(), NPF_Read(), NPF_ReceiveComplete(), NPF_RequestComplete(), NPF_ResetComplete(), NPF_SendComplete(), NPF_Status(), NPF_StatusComplete(), NPF_tap(), NPF_TransferDataComplete(), NPF_UnbindAdapter(), NPF_Unload(), and NPF_Write().

PWCHAR getAdaptersList void   
 

Definition at line 195 of file Packet.c.

References tcpLinkageKeyName.

Referenced by DriverEntry().

PKEY_VALUE_PARTIAL_INFORMATION getTcpBindings void   
 

Definition at line 322 of file Packet.c.

References tcpLinkageKeyName.

Referenced by DriverEntry().

NTSTATUS NPF_IoControl IN PDEVICE_OBJECT    DeviceObject,
IN PIRP    Irp
 

Handles the IOCTL calls.

Parameters:
DeviceObject Pointer to the device object utilized by the user.
Irp Pointer to the IRP containing the user request.
Returns:
The status of the operation. See ntstatus.h in the DDK.
Once the packet capture driver is opened it can be configured from user-level applications with IOCTL commands using the DeviceIoControl() system call. NPF_IoControl receives and serves all the IOCTL calls directed to NPF. The following commands are recognized:

Definition at line 549 of file Packet.c.

References __CPU_Private_Data::Accepted, _OPEN_INSTANCE::AdapterHandle, BIOCGEVNAME, BIOCGSTATS, BIOCISDUMPENDED, BIOCQUERYOID, BIOCSENDPACKETSNOSYNC, BIOCSENDPACKETSSYNC, BIOCSETBUFFERSIZE, BIOCSETDUMPFILENAME, BIOCSETDUMPLIMITS, BIOCSETF, BIOCSETOID, BIOCSMINTOCOPY, BIOCSMODE, BIOCSRTIMEOUT, BIOCSWRITEREP, BPF_Destroy_JIT_Filter(), BPF_jitter(), BPF_SEPARATION, bpf_validate(), _OPEN_INSTANCE::bpfprogram, __CPU_Private_Data::Buffer, __CPU_Private_Data::C, _OPEN_INSTANCE::CountersLock, _OPEN_INSTANCE::CpuData, __CPU_Private_Data::Dropped, _OPEN_INSTANCE::DumpFileHandle, _OPEN_INSTANCE::DumpFileName, _OPEN_INSTANCE::DumpLimitReached, EXIT_FAILURE, EXIT_SUCCESS, _OPEN_INSTANCE::Filter, __CPU_Private_Data::Free, IMMEDIATE, _INTERNAL_REQUEST::Internal, IOCTL_PROTOCOL_RESET, _OPEN_INSTANCE::IOEvent, _OPEN_INSTANCE::IOStatus, _INTERNAL_REQUEST::Irp, _OPEN_INSTANCE::MaxDumpBytes, _OPEN_INSTANCE::MaxDumpPacks, _OPEN_INSTANCE::mem_ex, _OPEN_INSTANCE::MinToCopy, _OPEN_INSTANCE::mode, MODE_CAPT, MODE_DUMP, MODE_MON, MODE_STAT, _OPEN_INSTANCE::Nbytes, NCpu, _OPEN_INSTANCE::Npackets, NPF_BufferedWrite(), NPF_CloseDumpFile(), NPF_OpenDumpFile(), NPF_RequestComplete(), NPF_ResetComplete(), NPF_StartDump(), _OPEN_INSTANCE::Nwrites, __CPU_Private_Data::P, PPACKET_OID_DATA, __CPU_Private_Data::Processing, _OPEN_INSTANCE::ReaderSN, _OPEN_INSTANCE::ReadEventName, __CPU_Private_Data::Received, _INTERNAL_REQUEST::Request, _OPEN_INSTANCE::RequestList, _OPEN_INSTANCE::RequestSpinLock, _OPEN_INSTANCE::ResetIrpList, _OPEN_INSTANCE::Size, _OPEN_INSTANCE::SkipProcessing, _OPEN_INSTANCE::TimeOut, _OPEN_INSTANCE::tme, and _OPEN_INSTANCE::WriterSN.

Referenced by DriverEntry().

NTSTATUS NPF_QueryRegistryRoutine IN PWSTR    ValueName,
IN ULONG    ValueType,
IN PVOID    ValueData,
IN ULONG    ValueLength,
IN PVOID    Context,
IN PVOID    EntryContext
 

Function used by NPF_ReadRegistry() to quesry the registry keys associated woth NPF if the driver is manually installed via the control panel.

Normally not used in recent versions of NPF.

Definition at line 1343 of file Packet.c.

Referenced by NPF_ReadRegistry().

NTSTATUS NPF_ReadRegistry IN PWSTR *    MacDriverName,
IN PWSTR *    PacketDriverName,
IN PUNICODE_STRING    RegistryPath
 

Reads the registry keys associated woth NPF if the driver is manually installed via the control panel.

Normally not used in recent versions of NPF.

Definition at line 1246 of file Packet.c.

References NPF_QueryRegistryRoutine().

VOID NPF_RequestComplete IN NDIS_HANDLE    ProtocolBindingContext,
IN PNDIS_REQUEST    pRequest,
IN NDIS_STATUS    Status
 

Ends an OID request.

Parameters:
ProtocolBindingContext Context of the function. Contains a pointer to the OPEN_INSTANCE structure associated with the current instance.
pRequest Pointer to the completed OID request.
Status Status of the operation.
Callback function associated with the NdisRequest() NDIS function. It is invoked by NDIS when the NIC driver has finished an OID request operation that was previously started by NPF_IoControl().

Definition at line 1128 of file Packet.c.

References BIOCQUERYOID, BIOCSETOID, _INTERNAL_REQUEST::Internal, _OPEN_INSTANCE::IOEvent, _OPEN_INSTANCE::IOStatus, _INTERNAL_REQUEST::Irp, _INTERNAL_REQUEST::ListElement, _OPEN_INSTANCE::MaxFrameSize, PPACKET_OID_DATA, _INTERNAL_REQUEST::Request, _OPEN_INSTANCE::RequestList, and _OPEN_INSTANCE::RequestSpinLock.

Referenced by DriverEntry(), NPF_IoControl(), and NPF_OpenAdapterComplete().

VOID NPF_Status IN NDIS_HANDLE    ProtocolBindingContext,
IN NDIS_STATUS    Status,
IN PVOID    StatusBuffer,
IN UINT    StatusBufferSize
 

Callback for NDIS StatusHandler. Not used by NPF.

Definition at line 1213 of file Packet.c.

Referenced by DriverEntry().

VOID NPF_StatusComplete IN NDIS_HANDLE    ProtocolBindingContext
 

Callback for NDIS StatusCompleteHandler. Not used by NPF.

Definition at line 1231 of file Packet.c.

Referenced by DriverEntry().

VOID NPF_Unload IN PDRIVER_OBJECT    DriverObject
 

Function called by the OS when NPF is unloaded.

Parameters:
DriverObject The driver object of NPF created by the system.
This is the last function executed when the driver is unloaded from the system. It frees global resources, delete the devices and deregisters the protocol. The driver can be unloaded by the user stopping the NPF service (from control panel or with a console 'net stop npf').

Definition at line 495 of file Packet.c.

References _DEVICE_EXTENSION::AdapterName, _DEVICE_EXTENSION::ExportString, and _DEVICE_EXTENSION::NdisProtocolHandle.

Referenced by DriverEntry().


Variable Documentation

NDIS_STRING AdapterListKey
 

Initial value:

 NDIS_STRING_CONST("\\Registry\\Machine\\System"
                                L"\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002BE10318}")

Definition at line 52 of file Packet.c.

WCHAR* bindP = NULL
 

Global variable that points to the names of the bound adapters.

Definition at line 58 of file Packet.c.

Referenced by DriverEntry().

NDIS_STRING bindValueName = NDIS_STRING_CONST("Bind")
 

Definition at line 54 of file Packet.c.

NDIS_STRING devicePrefix = NDIS_STRING_CONST("\\Device\\")
 

Definition at line 48 of file Packet.c.

Referenced by createDevice().

struct time_conv G_Start_Time
 

Global start time. Used as an absolute reference for timestamp conversion.

Definition at line 60 of file Packet.c.

PDEVICE_EXTENSION GlobalDeviceExtension
 

Definition at line 42 of file Packet.c.

ULONG NCpu
 

Definition at line 64 of file Packet.c.

Referenced by DriverEntry(), NPF_IoControl(), NPF_Read(), and NPF_tap().

NDIS_STRING NPF_Prefix = NDIS_STRING_CONST("NPF_")
 

Definition at line 47 of file Packet.c.

Referenced by createDevice().

NDIS_SPIN_LOCK Opened_Instances_Lock
 

Definition at line 62 of file Packet.c.

NDIS_STRING symbolicLinkPrefix = NDIS_STRING_CONST("\\DosDevices\\")
 

Definition at line 49 of file Packet.c.

Referenced by createDevice().

NDIS_STRING tcpLinkageKeyName
 

Initial value:

 NDIS_STRING_CONST("\\Registry\\Machine\\System"
                                L"\\CurrentControlSet\\Services\\Tcpip\\Linkage")

Definition at line 50 of file Packet.c.

Referenced by getAdaptersList(), and getTcpBindings().


documentation. Copyright (c)2002-2003 Politecnico di Torino.
2005 translated by Telebusiness,Inc.
 All rights reserved.