メイン   モジュール   デー タ構造   ファイルリスト   データフィールド   グローバル   関連ページ   注意事項   English

NPF structures and definitions
[NPF driver internals manual]


Data Structures

struct  __CPU_Private_Data
 Kernel buffer of each CPU. More...

struct  _DEVICE_EXTENSION
 Port device extension. More...

struct  _INTERNAL_REQUEST
 Stores an OID request. More...

struct  _OPEN_INSTANCE
 Contains the state of a running instance of the NPF driver. More...

struct  _PACKET_RESERVED
 Contains a NDIS packet. More...

struct  binary_stream
 A stream of X86 binary code. More...

struct  JIT_BPF_Filter
 Structure describing a x86 filtering program created by the jitter. More...

struct  packet_file_header
 Header of a libpcap dump file. More...

struct  PacketHeader
 Structure prepended to each packet in the kernel buffer pool. More...

struct  sf_pkthdr
 Header associated to a packet in the driver's buffer when the driver is in dump mode. Similar to the bpf_hdr structure, but simpler. More...


Defines

#define NTKERNEL
 Forces the compilation of the jitter with kernel calls.

#define MAX_REQUESTS   32
 Maximum number of simultaneous IOCTL requests.

#define Packet_ALIGNMENT   sizeof(int)
 Alignment macro. Defines the alignment size.

#define Packet_WORDALIGN(x)   (((x)+(Packet_ALIGNMENT-1))&~(Packet_ALIGNMENT-1))
#define BIOCSETBUFFERSIZE   9592
 IOCTL code: set kernel buffer size.

#define BIOCSETF   9030
 IOCTL code: set packet filtering program.

#define BIOCGSTATS   9031
 IOCTL code: get the capture stats.

#define BIOCSRTIMEOUT   7416
 IOCTL code: set the read timeout.

#define BIOCSMODE   7412
 IOCTL code: set working mode.

#define BIOCSWRITEREP   7413
 IOCTL code: set number of physical repetions of every packet written by the app.

#define BIOCSMINTOCOPY   7414
 IOCTL code: set minimum amount of data in the kernel buffer that unlocks a read call.

#define BIOCSETOID   2147483648
 IOCTL code: set an OID value.

#define BIOCQUERYOID   2147483652
 IOCTL code: get an OID value.

#define BIOCSETDUMPFILENAME   9029
 IOCTL code: set the name of a the file used by kernel dump mode.

#define BIOCGEVNAME   7415
 IOCTL code: get the name of the event that the driver signals when some data is present in the buffer.

#define BIOCSENDPACKETSNOSYNC   9032
 IOCTL code: Send a buffer containing multiple packets to the network, ignoring the timestamps.

#define BIOCSENDPACKETSSYNC   9033
 IOCTL code: Send a buffer containing multiple packets to the network, considering the timestamps.

#define BIOCSETDUMPLIMITS   9034
 IOCTL code: Set the dump file limits.

#define BIOCISDUMPENDED   7411
 IOCTL code: Get the status of the kernel dump process.

#define MODE_CAPT   0x0
 Capture working mode.

#define MODE_STAT   0x1
 Statistical working mode.

#define MODE_MON   0x2
 Kernel monitoring mode.

#define MODE_DUMP   0x10
 Kernel dump working mode.

#define IMMEDIATE   1
 Immediate timeout. Forces a read call to return immediately.

#define TCPDUMP_MAGIC   0xa1b2c3d4
 Libpcap magic number. Used by programs like tcpdump to recognize a driver's generated dump file.

#define PCAP_VERSION_MAJOR   2
 Major libpcap version of the dump file. Used by programs like tcpdump to recognize a driver's generated dump file.

#define PCAP_VERSION_MINOR   4
 Minor libpcap version of the dump file. Used by programs like tcpdump to recognize a driver's generated dump file.

#define RESERVED(_p)   ((PPACKET_RESERVED)((_p)->ProtocolReserved))
 Macro to obtain a NDIS_PACKET from a PACKET_RESERVED.

#define TRANSMIT_PACKETS   256
#define EXIT_SUCCESS(quantity)
 Macro used in the I/O routines to return the control to user-mode with a success status.

#define EXIT_FAILURE(quantity)
 Macro used in the I/O routines to return the control to user-mode with a failure status.

#define EAX   0
#define ECX   1
#define EDX   2
#define EBX   3
#define ESP   4
#define EBP   5
#define ESI   6
#define EDI   7
#define AX   0
#define CX   1
#define DX   2
#define BX   3
#define SP   4
#define BP   5
#define SI   6
#define DI   7
#define AL   0
#define CL   1
#define DL   2
#define BL   3
#define MOVid(r32, i32)   emitm(&stream, 11 << 4 | 1 << 3 | r32 & 0x7, 1); emitm(&stream, i32, 4);
 mov r32,i32

#define MOVrd(dr32, sr32)   emitm(&stream, 8 << 4 | 3 | 1 << 3, 1); emitm(&stream, 3 << 6 | (dr32 & 0x7) << 3 | sr32 & 0x7, 1);
 mov dr32,sr32

#define MOVodd(dr32, sr32, off)
 mov dr32,sr32[off]

#define MOVobd(dr32, sr32, or32)
 mov dr32,sr32[or32]

#define MOVobw(dr32, sr32, or32)
 mov dr16,sr32[or32]

#define MOVobb(dr8, sr32, or32)
 mov dr8,sr32[or32]

#define MOVomd(dr32, or32, sr32)
 mov [dr32][or32],sr32

#define BSWAP(dr32)
 bswap dr32

#define SWAP_AX()
 xchg al,ah

#define PUSH(r32)   emitm(&stream, 5 << 4 | 0 << 3 | r32 & 0x7, 1);
 push r32

#define POP(r32)   emitm(&stream, 5 << 4 | 1 << 3 | r32 & 0x7, 1);
 pop r32

#define RET()   emitm(&stream, 12 << 4 | 0 << 3 | 3, 1);
 ret

#define ADDrd(dr32, sr32)
 add dr32,sr32

#define ADD_EAXi(i32)
 add eax,i32

#define ADDid(r32, i32)
 add r32,i32

#define ADDib(r32, i8)
 add r32,i8

#define SUBrd(dr32, sr32)
 sub dr32,sr32

#define SUB_EAXi(i32)
 sub eax,i32

#define MULrd(r32)
 mul r32

#define DIVrd(r32)
 div r32

#define ANDib(r8, i8)
 and r8,i8

#define ANDid(r32, i32)
 and r32,i32

#define ANDrd(dr32, sr32)
 and dr32,sr32

#define ORrd(dr32, sr32)
 or dr32,sr32

#define ORid(r32, i32)
 or r32,i32

#define SHLib(r32, i8)
 shl r32,i8

#define SHL_CLrb(dr32)
 shl dr32,cl

#define SHRib(r32, i8)
 shr r32,i8

#define SHR_CLrb(dr32)
 shr dr32,cl

#define NEGd(r32)
 neg r32

#define CMPodd(dr32, sr32, off)
 cmp dr32,sr32[off]

#define CMPrd(dr32, sr32)
 cmp dr32,sr32

#define CMPid(dr32, i32)
 cmp dr32,i32

#define JNEb(off8)
 jne off32

#define JE(off32)
 je off32

#define JLE(off32)
 jle off32

#define JLEb(off8)
 jle off8

#define JA(off32)
 ja off32

#define JAE(off32)
 jae off32

#define JG(off32)
 jg off32

#define JGE(off32)
 jge off32

#define JMP(off32)
 jmp off32


Typedefs

typedef _INTERNAL_REQUEST INTERNAL_REQUEST
 Stores an OID request.

typedef _INTERNAL_REQUESTPINTERNAL_REQUEST
 Stores an OID request.

typedef _PACKET_RESERVED PACKET_RESERVED
 Contains a NDIS packet.

typedef _PACKET_RESERVEDPPACKET_RESERVED
 Contains a NDIS packet.

typedef _DEVICE_EXTENSION DEVICE_EXTENSION
 Port device extension.

typedef _DEVICE_EXTENSIONPDEVICE_EXTENSION
 Port device extension.

typedef __CPU_Private_Data CpuPrivateData
 Kernel buffer of each CPU.

typedef _OPEN_INSTANCE OPEN_INSTANCE
 Contains the state of a running instance of the NPF driver.

typedef _OPEN_INSTANCEPOPEN_INSTANCE
 Contains the state of a running instance of the NPF driver.

typedef binary_stream binary_stream
 A stream of X86 binary code.

typedef UINT(* BPF_filter_function )(binary_stream *, ULONG, UINT)
 Prototype of a filtering function created by the jitter.

typedef void(* emit_func )(binary_stream *stream, ULONG value, UINT n)
 Prototype of the emit functions.

typedef JIT_BPF_Filter JIT_BPF_Filter
 Structure describing a x86 filtering program created by the jitter.


Define Documentation

#define ADD_EAXi i32   
 

Value:

emitm(&stream, 0x05, 1);\
  emitm(&stream, i32, 4);
add eax,i32

Definition at line 163 of file jitter.h.

Referenced by BPFtoX86().

#define ADDib r32,
i8   
 

Value:

emitm(&stream, 0x83, 1);\
  emitm(&stream, 24 << 3 | r32, 1);\
  emitm(&stream, i8, 1);
add r32,i8

Definition at line 174 of file jitter.h.

Referenced by BPFtoX86().

#define ADDid r32,
i32   
 

Value:

emitm(&stream, 0x81, 1);\
  emitm(&stream, 24 << 3 | r32, 1);\
  emitm(&stream, i32, 4);
add r32,i32

Definition at line 168 of file jitter.h.

#define ADDrd dr32,
sr32   
 

Value:

emitm(&stream, 0x03, 1);\
  emitm(&stream, 3 << 6 | (dr32 & 0x7) << 3 | (sr32 & 0x7), 1);
add dr32,sr32

Definition at line 158 of file jitter.h.

Referenced by BPFtoX86().

#define AL   0
 

Definition at line 51 of file jitter.h.

#define ANDib r8,
i8   
 

Value:

emitm(&stream, 0x80, 1);\
  emitm(&stream, 7 << 5 | r8, 1);\
  emitm(&stream, i8, 1);
and r8,i8

Definition at line 200 of file jitter.h.

Referenced by BPFtoX86().

#define ANDid r32,
i32   
 

Value:

if (r32 == EAX){ \
  emitm(&stream, 0x25, 1);\
  emitm(&stream, i32, 4);}\
  else{ \
  emitm(&stream, 0x81, 1);\
  emitm(&stream, 7 << 5 | r32, 1);\
  emitm(&stream, i32, 4);}
and r32,i32

Definition at line 206 of file jitter.h.

Referenced by BPFtoX86().

#define ANDrd dr32,
sr32   
 

Value:

emitm(&stream, 0x23, 1);\
  emitm(&stream,  3 << 6 | (dr32 & 0x7) << 3 | sr32 & 0x7, 1);
and dr32,sr32

Definition at line 216 of file jitter.h.

Referenced by BPFtoX86().

#define AX   0
 

Definition at line 42 of file jitter.h.

#define BIOCGEVNAME   7415
 

IOCTL code: get the name of the event that the driver signals when some data is present in the buffer.

Command used by the application to retrieve the name of the global event associated with a NPF instance. The event is signaled by the driver when the kernel buffer contains enough data for a transfer.

Definition at line 138 of file Packet.h.

Referenced by NPF_IoControl().

#define BIOCGSTATS   9031
 

IOCTL code: get the capture stats.

This command returns to the application the number of packets received and the number of packets dropped by an instance of the driver.

Definition at line 76 of file Packet.h.

Referenced by NPF_IoControl().

#define BIOCISDUMPENDED   7411
 

IOCTL code: Get the status of the kernel dump process.

This command returns TRUE if the kernel dump is ended, i.e if one of the limits set with BIOCSETDUMPLIMITS (amount of bytes or number of packets) has been reached.

Definition at line 173 of file Packet.h.

Referenced by NPF_IoControl().

#define BIOCQUERYOID   2147483652
 

IOCTL code: get an OID value.

This IOCTL is used to perform an OID get operation on the NIC driver.

Definition at line 121 of file Packet.h.

Referenced by NPF_IoControl(), and NPF_RequestComplete().

#define BIOCSENDPACKETSNOSYNC   9032
 

IOCTL code: Send a buffer containing multiple packets to the network, ignoring the timestamps.

Command used to send a buffer of packets in a single system call. Every packet in the buffer is preceded by a sf_pkthdr structure. The timestamps of the packets are ignored, i.e. the packets are sent as fast as possible. The NPF_BufferedWrite() function is invoked to send the packets.

Definition at line 147 of file Packet.h.

Referenced by NPF_IoControl().

#define BIOCSENDPACKETSSYNC   9033
 

IOCTL code: Send a buffer containing multiple packets to the network, considering the timestamps.

Command used to send a buffer of packets in a single system call. Every packet in the buffer is preceded by a sf_pkthdr structure. The timestamps of the packets are used to synchronize the write, i.e. the packets are sent to the network respecting the intervals specified in the sf_pkthdr structure assiciated with each packet. NPF_BufferedWrite() function is invoked to send the packets.

Definition at line 157 of file Packet.h.

Referenced by NPF_IoControl().

#define BIOCSETBUFFERSIZE   9592
 

IOCTL code: set kernel buffer size.

This IOCTL is used to set a new size of the circular buffer associated with an instance of NPF. When a BIOCSETBUFFERSIZE command is received, the driver frees the old buffer, allocates the new one and resets all the parameters associated with the buffer in the OPEN_INSTANCE structure. The currently buffered packets are lost.

Definition at line 56 of file Packet.h.

Referenced by NPF_IoControl().

#define BIOCSETDUMPFILENAME   9029
 

IOCTL code: set the name of a the file used by kernel dump mode.

This command opens a file whose name is contained in the IOCTL buffer and associates it with current NPf instance. The dump thread uses it to copy the content of the circular buffer to file. If a file was already opened, the driver closes it before opening the new one.

Definition at line 130 of file Packet.h.

Referenced by NPF_IoControl().

#define BIOCSETDUMPLIMITS   9034
 

IOCTL code: Set the dump file limits.

This IOCTL sets the limits (maximum size and maximum number of packets) of the dump file created when the driver works in dump mode.

Definition at line 165 of file Packet.h.

Referenced by NPF_IoControl().

#define BIOCSETF   9030
 

IOCTL code: set packet filtering program.

This IOCTL sets a new packet filter in the driver. Before allocating any memory for the new filter, the bpf_validate() function is called to check the correctness of the filter. If this function returns TRUE, the filter is copied to the driver's memory, its address is stored in the bpfprogram field of the OPEN_INSTANCE structure associated with current instance of the driver, and the filter will be applied to every incoming packet. This command also empties the circular buffer used by current instance to store packets. This is done to avoid the presence in the buffer of packets that do not match the filter.

Definition at line 68 of file Packet.h.

Referenced by NPF_IoControl().

#define BIOCSETOID   2147483648
 

IOCTL code: set an OID value.

This IOCTL is used to perform an OID set operation on the NIC driver.

Definition at line 114 of file Packet.h.

Referenced by NPF_IoControl(), and NPF_RequestComplete().

#define BIOCSMINTOCOPY   7414
 

IOCTL code: set minimum amount of data in the kernel buffer that unlocks a read call.

This command sets the OPEN_INSTANCE::MinToCopy member.

Definition at line 107 of file Packet.h.

Referenced by NPF_IoControl().

#define BIOCSMODE   7412
 

IOCTL code: set working mode.

This IOCTL can be used to set the working mode of a NPF instance. The new mode, received by the driver in the buffer associated with the IOCTL command, can be MODE_CAPT for capture mode (the default), MODE_STAT for statistical mode or MODE_DUMP for dump mode.

Definition at line 92 of file Packet.h.

Referenced by NPF_IoControl().

#define BIOCSRTIMEOUT   7416
 

IOCTL code: set the read timeout.

This command sets the maximum timeout after which a read is released, also if no data packets were received.

Definition at line 83 of file Packet.h.

Referenced by NPF_IoControl().

#define BIOCSWRITEREP   7413
 

IOCTL code: set number of physical repetions of every packet written by the app.

Sets the number of times a single write call must be repeated. This command sets the OPEN_INSTANCE::Nwrites member, and is used to implement the 'multiple write' feature of the driver.

Definition at line 100 of file Packet.h.

Referenced by NPF_IoControl().

#define BL   3
 

Definition at line 54 of file jitter.h.

#define BP   5
 

Definition at line 47 of file jitter.h.

#define BSWAP dr32   
 

Value:

emitm(&stream, 0xf, 1); \
  emitm(&stream,  0x19 << 3 | dr32 , 1);
bswap dr32

Definition at line 136 of file jitter.h.

Referenced by BPFtoX86().

#define BX   3
 

Definition at line 45 of file jitter.h.

#define CL   1
 

Definition at line 52 of file jitter.h.

#define CMPid dr32,
i32   
 

Value:

if (dr32 == EAX){ \
  emitm(&stream, 0x3d, 1); \
  emitm(&stream,  i32, 4);} \
  else{ \
  emitm(&stream, 0x81, 1); \
  emitm(&stream,  0x1f << 3 | (dr32 & 0x7), 1);\
  emitm(&stream,  i32, 4);}
cmp dr32,i32

Definition at line 274 of file jitter.h.

Referenced by BPFtoX86().

#define CMPodd dr32,
sr32,
off   
 

Value:

emitm(&stream, 3 << 4 | 3 | 1 << 3, 1); \
  emitm(&stream,  1 << 6 | (dr32 & 0x7) << 3 | sr32 & 0x7, 1);\
  emitm(&stream,  off, 1);
cmp dr32,sr32[off]

Definition at line 263 of file jitter.h.

Referenced by BPFtoX86().

#define CMPrd dr32,
sr32   
 

Value:

emitm(&stream, 0x3b, 1); \
  emitm(&stream,  3 << 6 | (dr32 & 0x7) << 3 | sr32 & 0x7, 1);
cmp dr32,sr32

Definition at line 269 of file jitter.h.

Referenced by BPFtoX86().

#define CX   1
 

Definition at line 43 of file jitter.h.

#define DI   7
 

Definition at line 49 of file jitter.h.

#define DIVrd r32   
 

Value:

emitm(&stream, 0xf7, 1);\
  emitm(&stream, 15 << 4 | (r32 & 0x7), 1);
div r32

Definition at line 195 of file jitter.h.

Referenced by BPFtoX86().

#define DL   2
 

Definition at line 53 of file jitter.h.

#define DX   2
 

Definition at line 44 of file jitter.h.

#define EAX   0
 

Definition at line 33 of file jitter.h.

#define EBP   5
 

Definition at line 38 of file jitter.h.

#define EBX   3
 

Definition at line 36 of file jitter.h.

#define ECX   1
 

Definition at line 34 of file jitter.h.

#define EDI   7
 

Definition at line 40 of file jitter.h.

#define EDX   2
 

Definition at line 35 of file jitter.h.

#define ESI   6
 

Definition at line 39 of file jitter.h.

#define ESP   4
 

Definition at line 37 of file jitter.h.

#define EXIT_FAILURE quantity   
 

Value:

Irp->IoStatus.Information=quantity;\
    Irp->IoStatus.Status = STATUS_UNSUCCESSFUL;\
    IoCompleteRequest(Irp, IO_NO_INCREMENT);\
    return STATUS_UNSUCCESSFUL;\
Macro used in the I/O routines to return the control to user-mode with a failure status.

Definition at line 404 of file Packet.h.

Referenced by NPF_IoControl(), NPF_Read(), and NPF_Write().

#define EXIT_SUCCESS quantity   
 

Value:

Irp->IoStatus.Information=quantity;\
    Irp->IoStatus.Status = STATUS_SUCCESS;\
    IoCompleteRequest(Irp, IO_NO_INCREMENT);\
    return STATUS_SUCCESS;\
Macro used in the I/O routines to return the control to user-mode with a success status.

Definition at line 398 of file Packet.h.

Referenced by NPF_IoControl(), and NPF_Read().

#define IMMEDIATE   1
 

Immediate timeout. Forces a read call to return immediately.

Definition at line 182 of file Packet.h.

Referenced by NPF_IoControl(), and NPF_Read().

#define JA off32   
 

Value:

emitm(&stream, 0x0f, 1);\
   emitm(&stream, 0x87, 1);\
   emitm(&stream, off32, 4);
ja off32

Definition at line 306 of file jitter.h.

Referenced by BPFtoX86().

#define JAE off32   
 

Value:

emitm(&stream, 0x0f, 1);\
   emitm(&stream, 0x83, 1);\
   emitm(&stream, off32, 4);
jae off32

Definition at line 312 of file jitter.h.

Referenced by BPFtoX86().

#define JE off32   
 

Value:

emitm(&stream, 0x0f, 1);\
   emitm(&stream, 0x84, 1);\
   emitm(&stream, off32, 4);
je off32

Definition at line 289 of file jitter.h.

Referenced by BPFtoX86().

#define JG off32   
 

Value:

emitm(&stream, 0x0f, 1);\
   emitm(&stream, 0x8f, 1);\
   emitm(&stream, off32, 4);
jg off32

Definition at line 318 of file jitter.h.

Referenced by BPFtoX86().

#define JGE off32   
 

Value:

emitm(&stream, 0x0f, 1);\
   emitm(&stream, 0x8d, 1);\
   emitm(&stream, off32, 4);
jge off32

Definition at line 324 of file jitter.h.

Referenced by BPFtoX86().

#define JLE off32   
 

Value:

emitm(&stream, 0x0f, 1);\
   emitm(&stream, 0x8e, 1);\
   emitm(&stream, off32, 4);
jle off32

Definition at line 295 of file jitter.h.

#define JLEb off8   
 

Value:

emitm(&stream, 0x7e, 1);\
   emitm(&stream, off8, 1);
jle off8

Definition at line 301 of file jitter.h.

Referenced by BPFtoX86().

#define JMP off32   
 

Value:

emitm(&stream, 0xe9, 1);\
   emitm(&stream, off32, 4);
jmp off32

Definition at line 330 of file jitter.h.

Referenced by BPFtoX86().

#define JNEb off8   
 

Value:

emitm(&stream, 0x75, 1);\
   emitm(&stream, off8, 1);
jne off32

Definition at line 284 of file jitter.h.

Referenced by BPFtoX86().

#define MAX_REQUESTS   32
 

Maximum number of simultaneous IOCTL requests.

Definition at line 39 of file Packet.h.

Referenced by NPF_Open().

#define MODE_CAPT   0x0
 

Capture working mode.

Definition at line 176 of file Packet.h.

Referenced by NPF_IoControl(), and NPF_Open().

#define MODE_DUMP   0x10
 

Kernel dump working mode.

Definition at line 179 of file Packet.h.

Referenced by NPF_Close(), NPF_IoControl(), NPF_Read(), NPF_tap(), NPF_TransferDataComplete(), and NPF_UnbindAdapter().

#define MODE_MON   0x2
 

Kernel monitoring mode.

Definition at line 178 of file Packet.h.

Referenced by NPF_IoControl(), NPF_Read(), and NPF_tap().

#define MODE_STAT   0x1
 

Statistical working mode.

Definition at line 177 of file Packet.h.

Referenced by NPF_IoControl(), NPF_Read(), and NPF_tap().

#define MOVid r32,
i32       emitm(&stream, 11 << 4 | 1 << 3 | r32 & 0x7, 1); emitm(&stream, i32, 4);
 

mov r32,i32

Definition at line 97 of file jitter.h.

Referenced by BPFtoX86().

#define MOVobb dr8,
sr32,
or32   
 

Value:

emitm(&stream, 0x8a, 1); \
  emitm(&stream,  (dr8 & 0x7) << 3 | 4 , 1);\
  emitm(&stream,  (or32 & 0x7) << 3 | (sr32 & 0x7) , 1);
mov dr8,sr32[or32]

Definition at line 124 of file jitter.h.

Referenced by BPFtoX86().

#define MOVobd dr32,
sr32,
or32   
 

Value:

emitm(&stream, 8 << 4 | 3 | 1 << 3, 1); \
  emitm(&stream,  (dr32 & 0x7) << 3 | 4 , 1);\
  emitm(&stream,  (or32 & 0x7) << 3 | (sr32 & 0x7) , 1);
mov dr32,sr32[or32]

Definition at line 111 of file jitter.h.

Referenced by BPFtoX86().

#define MOVobw dr32,
sr32,
or32   
 

Value:

emitm(&stream, 0x66, 1); \
  emitm(&stream, 8 << 4 | 3 | 1 << 3, 1); \
  emitm(&stream,  (dr32 & 0x7) << 3 | 4 , 1);\
  emitm(&stream,  (or32 & 0x7) << 3 | (sr32 & 0x7) , 1);
mov dr16,sr32[or32]

Definition at line 117 of file jitter.h.

Referenced by BPFtoX86().

#define MOVodd dr32,
sr32,
off   
 

Value:

emitm(&stream, 8 << 4 | 3 | 1 << 3, 1); \
  emitm(&stream,  1 << 6 | (dr32 & 0x7) << 3 | sr32 & 0x7, 1);\
  emitm(&stream,  off, 1);
mov dr32,sr32[off]

Definition at line 105 of file jitter.h.

Referenced by BPFtoX86().

#define MOVomd dr32,
or32,
sr32   
 

Value:

emitm(&stream, 0x89, 1); \
  emitm(&stream,  (sr32 & 0x7) << 3 | 4 , 1);\
  emitm(&stream,  (or32 & 0x7) << 3 | (dr32 & 0x7) , 1);
mov [dr32][or32],sr32

Definition at line 130 of file jitter.h.

Referenced by BPFtoX86().

#define MOVrd dr32,
sr32       emitm(&stream, 8 << 4 | 3 | 1 << 3, 1); emitm(&stream, 3 << 6 | (dr32 & 0x7) << 3 | sr32 & 0x7, 1);
 

mov dr32,sr32

Definition at line 101 of file jitter.h.

Referenced by BPFtoX86().

#define MULrd r32   
 

Value:

emitm(&stream, 0xf7, 1);\
  emitm(&stream, 7 << 5 | (r32 & 0x7), 1);
mul r32

Definition at line 190 of file jitter.h.

Referenced by BPFtoX86().

#define NEGd r32   
 

Value:

emitm(&stream, 0xf7, 1);\
  emitm(&stream,  27 << 3 | r32 & 0x7, 1);
neg r32

Definition at line 258 of file jitter.h.

Referenced by BPFtoX86().

#define NTKERNEL
 

Forces the compilation of the jitter with kernel calls.

Definition at line 33 of file Packet.h.

#define ORid r32,
i32   
 

Value:

if (r32 == EAX){ \
  emitm(&stream, 0x0d, 1);\
  emitm(&stream, i32, 4);}\
  else{ \
  emitm(&stream, 0x81, 1);\
  emitm(&stream, 25 << 3 | r32, 1);\
  emitm(&stream, i32, 4);}
or r32,i32

Definition at line 226 of file jitter.h.

Referenced by BPFtoX86().

#define ORrd dr32,
sr32   
 

Value:

emitm(&stream, 0x0b, 1);\
  emitm(&stream,  3 << 6 | (dr32 & 0x7) << 3 | sr32 & 0x7, 1);
or dr32,sr32

Definition at line 221 of file jitter.h.

Referenced by BPFtoX86().

#define Packet_ALIGNMENT   sizeof(int)
 

Alignment macro. Defines the alignment size.

Definition at line 41 of file Packet.h.

#define Packet_WORDALIGN      (((x)+(Packet_ALIGNMENT-1))&~(Packet_ALIGNMENT-1))
 

Alignment macro. Rounds up to the next even multiple of Packet_ALIGNMENT.

Definition at line 42 of file Packet.h.

#define PCAP_VERSION_MAJOR   2
 

Major libpcap version of the dump file. Used by programs like tcpdump to recognize a driver's generated dump file.

Definition at line 188 of file Packet.h.

Referenced by NPF_StartDump(), pcap_open_offline(), and sf_write_header().

#define PCAP_VERSION_MINOR   4
 

Minor libpcap version of the dump file. Used by programs like tcpdump to recognize a driver's generated dump file.

Definition at line 189 of file Packet.h.

Referenced by NPF_StartDump(), and sf_write_header().

#define POP r32       emitm(&stream, 5 << 4 | 1 << 3 | r32 & 0x7, 1);
 

pop r32

Definition at line 150 of file jitter.h.

Referenced by BPFtoX86().

#define PUSH r32       emitm(&stream, 5 << 4 | 0 << 3 | r32 & 0x7, 1);
 

push r32

Definition at line 146 of file jitter.h.

Referenced by BPFtoX86().

#define RESERVED _p       ((PPACKET_RESERVED)((_p)->ProtocolReserved))
 

Macro to obtain a NDIS_PACKET from a PACKET_RESERVED.

Definition at line 251 of file Packet.h.

Referenced by NPF_BufferedWrite(), NPF_SendComplete(), NPF_tap(), NPF_TransferDataComplete(), and NPF_Write().

 
#define RET      emitm(&stream, 12 << 4 | 0 << 3 | 3, 1);
 

ret

Definition at line 154 of file jitter.h.

Referenced by BPFtoX86().

#define SHL_CLrb dr32   
 

Value:

emitm(&stream, 0xd3, 1);\
  emitm(&stream,  7 << 5 | dr32 & 0x7, 1);
shl dr32,cl

Definition at line 242 of file jitter.h.

Referenced by BPFtoX86().

#define SHLib r32,
i8   
 

Value:

emitm(&stream, 0xc1, 1);\
  emitm(&stream, 7 << 5 | r32 & 0x7, 1);\
  emitm(&stream, i8, 1);
shl r32,i8

Definition at line 236 of file jitter.h.

Referenced by BPFtoX86().

#define SHR_CLrb dr32   
 

Value:

emitm(&stream, 0xd3, 1);\
  emitm(&stream,  29 << 3 | dr32 & 0x7, 1);
shr dr32,cl

Definition at line 253 of file jitter.h.

Referenced by BPFtoX86().

#define SHRib r32,
i8   
 

Value:

emitm(&stream, 0xc1, 1);\
  emitm(&stream, 29 << 3 | r32 & 0x7, 1);\
  emitm(&stream, i8, 1);
shr r32,i8

Definition at line 247 of file jitter.h.

Referenced by BPFtoX86().

#define SI   6
 

Definition at line 48 of file jitter.h.

#define SP   4
 

Definition at line 46 of file jitter.h.

#define SUB_EAXi i32   
 

Value:

emitm(&stream, 0x2d, 1);\
  emitm(&stream, i32, 4);
sub eax,i32

Definition at line 185 of file jitter.h.

Referenced by BPFtoX86().

#define SUBrd dr32,
sr32   
 

Value:

emitm(&stream, 0x2b, 1);\
  emitm(&stream, 3 << 6 | (dr32 & 0x7) << 3 | (sr32 & 0x7), 1);
sub dr32,sr32

Definition at line 180 of file jitter.h.

Referenced by BPFtoX86().

 
#define SWAP_AX  
 

Value:

emitm(&stream, 0x86, 1); \
  emitm(&stream,  0xc4 , 1);
xchg al,ah

Definition at line 141 of file jitter.h.

Referenced by BPFtoX86().

#define TCPDUMP_MAGIC   0xa1b2c3d4
 

Libpcap magic number. Used by programs like tcpdump to recognize a driver's generated dump file.

Definition at line 187 of file Packet.h.

Referenced by NPF_StartDump(), pcap_open_offline(), and sf_write_header().

#define TRANSMIT_PACKETS   256
 

Maximum number of packets in the transmit packet pool. This value is an upper bound to the number of packets that can be transmitted at the same time or with a single call to NdisSendPackets.

Definition at line 393 of file Packet.h.


Typedef Documentation

typedef struct binary_stream binary_stream
 

A stream of X86 binary code.

typedef UINT(* BPF_filter_function)( binary_stream *, ULONG, UINT)
 

Prototype of a filtering function created by the jitter.

The syntax and the meaning of the parameters is analogous to the one of bpf_filter(). Notice that the filter is not among the parameters, because it is hardwired in the function.

Definition at line 70 of file jitter.h.

Referenced by BPFtoX86().

typedef struct __CPU_Private_Data CpuPrivateData
 

Kernel buffer of each CPU.

Structure containing the kernel buffer (and other CPU related fields) used to capture packets.

typedef struct _DEVICE_EXTENSION DEVICE_EXTENSION
 

Port device extension.

Structure containing some data relative to every adapter on which NPF is bound.

typedef void(* emit_func)(binary_stream *stream, ULONG value, UINT n)
 

Prototype of the emit functions.

Different emit functions are used to create the reference table and to generate the actual filtering code. This allows to have simpler instruction macros. The first parameter is the stream that will receive the data. The secon one is a variable containing the data, the third one is the length, that can be 1,2 or 4 since it is possible to emit a byte, a short or a work at a time.

Definition at line 80 of file jitter.h.

typedef struct _INTERNAL_REQUEST INTERNAL_REQUEST
 

Stores an OID request.

This structure is used by the driver to perform OID query or set operations on the underlying NIC driver. The OID operations be performed usually only by network drivers, but NPF exports this mechanism to user-level applications through an IOCTL interface. The driver uses this structure to wrap a NDIS_REQUEST structure. This allows to handle correctly the callback structure of NdisRequest(), handling multiple requests and maintaining information about the IRPs to complete.

typedef struct JIT_BPF_Filter JIT_BPF_Filter
 

Structure describing a x86 filtering program created by the jitter.

Referenced by BPF_jitter().

typedef struct _OPEN_INSTANCE OPEN_INSTANCE
 

Contains the state of a running instance of the NPF driver.

This is the most important structure of NPF: it is used by almost all the functions of the driver. An _OPEN_INSTANCE structure is associated with every user-level session, allowing concurrent access to the driver.

typedef struct _PACKET_RESERVED PACKET_RESERVED
 

Contains a NDIS packet.

The driver uses this structure to wrap a NDIS_PACKET structure. This allows to handle correctly the callback structure of NdisTransferData(), handling multiple requests and maintaining information about the IRPs to complete.

typedef struct _DEVICE_EXTENSION * PDEVICE_EXTENSION
 

Port device extension.

Structure containing some data relative to every adapter on which NPF is bound.

typedef struct _INTERNAL_REQUEST * PINTERNAL_REQUEST
 

Stores an OID request.

This structure is used by the driver to perform OID query or set operations on the underlying NIC driver. The OID operations be performed usually only by network drivers, but NPF exports this mechanism to user-level applications through an IOCTL interface. The driver uses this structure to wrap a NDIS_REQUEST structure. This allows to handle correctly the callback structure of NdisRequest(), handling multiple requests and maintaining information about the IRPs to complete.

typedef struct _OPEN_INSTANCE * POPEN_INSTANCE
 

Contains the state of a running instance of the NPF driver.

This is the most important structure of NPF: it is used by almost all the functions of the driver. An _OPEN_INSTANCE structure is associated with every user-level session, allowing concurrent access to the driver.

typedef struct _PACKET_RESERVED * PPACKET_RESERVED
 

Contains a NDIS packet.

The driver uses this structure to wrap a NDIS_PACKET structure. This allows to handle correctly the callback structure of NdisTransferData(), handling multiple requests and maintaining information about the IRPs to complete.


documentation. Copyright (c)2002-2003 Politecnico di Torino.
2005 translated by Telebusiness,Inc.
 All rights reserved.