注意事項   English

---

Packet.dll エクスポーテッド関数と変数
[パケットドライバ API 開発マニュアル]

関数
PCHAR	PacketGetVersion ()
	dll形式で文字列を返す
BOOLEAN	PacketGetNetType (LPADAPTER AdapterObject, NetType *type)
	アダプタのMAC型に関する情報を返す
BOOL	PacketStopDriver ()
	WinPcapデバイスドライバを止めて領域を解放する
LPADAPTER	PacketOpenAdapter (LPTSTR AdapterName)
	アダプタをオープンする
VOID	PacketCloseAdapter (LPADAPTER lpAdapter)
	アダプタをクローズする
LPPACKET	PacketAllocatePacket (void)
	_PACKET 構造体を割り振る
VOID	PacketFreePacket (LPPACKET lpPacket)
	_PACKET 構造体を開放する
VOID	PacketInitPacket (LPPACKET lpPacket, PVOID Buffer, UINT Length)
	_PACKET 構造体を初期化する
BOOLEAN	PacketReceivePacket (LPADAPTER AdapterObject, LPPACKET lpPacket, BOOLEAN Sync)
	NPFドライバからデータ(パケットまたは統計値)を読み込む
BOOLEAN	PacketSendPacket (LPADAPTER AdapterObject, LPPACKET pPacket, BOOLEAN Sync)
	ネットワークに一つの(またはそれ以上の)パケットのコピーを送信する
INT	PacketSendPackets (LPADAPTER AdapterObject, PVOID PacketBuff, ULONG Size, BOOLEAN Sync)
	ネットワークにパケットのバッファを送信する
BOOLEAN	PacketSetMinToCopy (LPADAPTER AdapterObject, int nbytes)
	読み込みで受け取られる最小のデータ量を特定する
BOOLEAN	PacketSetMode (LPADAPTER AdapterObject, int mode)
	アダプタのワーキングモードをセットする
BOOLEAN	PacketSetDumpName (LPADAPTER AdapterObject, void *name, int len)
	アダプタがダンプモードの時にパケットを受け取るファイル名をセットする
BOOLEAN	PacketSetDumpLimits (LPADAPTER AdapterObject, UINT maxfilesize, UINT maxnpacks)
	ダンプモードの上限をセットする
BOOLEAN	PacketIsDumpEnded (LPADAPTER AdapterObject, BOOLEAN sync)
	カーネルダンププロセスの状態を返す。すなわち、 PacketSetDumpLimits() で設定した上限のうちの一つに到達したかどうかを返す。
HANDLE	PacketGetReadEvent (LPADAPTER AdapterObject)
	アダプタ上のリード呼び出しに関連した通知イベントを返す
BOOLEAN	PacketSetNumWrites (LPADAPTER AdapterObject, int nwrites)
	PacketSendPacket() で書かれたシングルパケットのネットワーク上で繰り返される回数をセットする
BOOLEAN	PacketSetReadTimeout (LPADAPTER AdapterObject, int timeout)
	アダプタ上のリードが返すタイムアウトをセットする
BOOLEAN	PacketSetBuff (LPADAPTER AdapterObject, int dim)
	キャプチャに関連したカーネルレベルのバッファサイズをセットする
BOOLEAN	PacketSetBpf (LPADAPTER AdapterObject, struct bpf_program *fp)
	カーネルレベルのパケットフィルタをセットする
BOOLEAN	PacketGetStats (LPADAPTER AdapterObject, struct bpf_stat *s)
	現在のキャプチャセッションについての二つの統計値を返す
BOOLEAN	PacketGetStatsEx (LPADAPTER AdapterObject, struct bpf_stat *s)
	現在のキャプチャセッションの統計値を返す。 PacketGetStats() の拡張バージョン
BOOLEAN	PacketRequest (LPADAPTER AdapterObject, BOOLEAN Set, PPACKET_OID_DATA OidData)
	ネットワークカードドライバの内部変数上の query/set オペレーションを実行する
BOOLEAN	PacketSetHwFilter (LPADAPTER AdapterObject, ULONG Filter)
	入ってくるパケットにハードウェアフィルタをセットする
BOOLEAN	PacketGetAdapterNames (PTSTR pStr, PULONG BufferSize)
	利用可能なネットワークアダプタリストとその詳細を回収する
BOOLEAN	PacketGetNetInfoEx (LPTSTR AdapterName, npf_if_addr *buffer, PLONG NEntries)
	Returns comprehensive information the addresses of an adapter.
BOOLEAN	PacketGetNetInfo (LPTSTR AdapterName, PULONG netp, PULONG maskp)
	アダプタのネットマスクとIPアドレスを返す
Variables
char	PacketLibraryVersion [] = "3.0 alpha3"
	現在の packet.dll バージョン。直接取得されるか、  PacketGetVersion() 関数を通して取得される

---

関数資料

LPPACKET PacketAllocatePacket (  void    )

_PACKET 構造体を割り振ります。 戻り値: 成功した場合の戻り値は _PACKET 構造体へのポインタで、それ以外はNULL。 返された構造体は、ドライバからのパケットを受け取るために PacketReceivePacket() 関数へ渡されます。 注意: _PACKET 構造体のバッファフィールドは、この関数ではセットされません。バッファはアプリケーションによって割り振られなければならず、 PacketInitPacket 呼び出しで  PACKET 構造体に関連付けられなければなりません。 ファイル Packet32.c　 の 686　 行目の定義 参照 ODS. 参考 main(), pcap_open_live(), pcap_sendpacket()

VOID PacketCloseAdapter (  LPADAPTER    lpAdapter )

アダプタをクローズします。 引数: lpAdapter  クローズするアダプタのポインタです。 PacketCloseAdapter は与えられたアダプタをクローズして、関連付けられた ADAPTER 構造体を解放します。 ファイル Packet32.c の 666　 行目の定義 参考 _ADAPTER::hFile, _ADAPTER::ReadEvent. 右より参照 main(), PacketGetAdapterNames(), pcap_close(), pcap_open_live().

VOID PacketFreePacket (  LPPACKET    lpPacket )

_PACKET 構造体を解放します。 引数: lpPacket  解放する構造体 注意: _PACKET 構造体に関連付けられたユーザー割り当てのバッファは、この関数では割り当て解除はされません。プログラマが明示的に割り当て解除をしなくてはなりませ ん。 ファイル Packet32.cの 707　 行目の定義 右より参照 main(), pcap_sendpacket().

BOOLEAN PacketGetAdapterNames (  PTSTR    pStr, PULONG    BufferSize )

利用可能なアダプタリストとその詳細を回収します。 引数: pStr  アダプタ名を含むユーザー割り当ての文字列 BufferSize   pStrによって指されるバッファ長 戻り値: 成功した時の戻り値は、非ゼロです。 通常、この関数はドライバとのやり取りに最初に使用される関数です。It returns the names of the adapters installed on the system and supported by WinPcap. After the names of the adapters, pStr contains a string that describes each of them. Warning: the result of this function is obtained querying the registry, therefore the format of the result in Windows NTx is different from the one in Windows 9x. Windows 9x uses the ASCII encoding method to store a string, while Windows NTx uses UNICODE. After a call to PacketGetAdapterNames in Windows 95x, pStr contains, in succession: a variable number of ASCII strings, each with the names of an adapter, separated by a "" a double "" a number of ASCII strings, each with the description of an adapter, separated by a "". The number of descriptions is the same of the one of names. The fisrt description corresponds to the first name, and so on. a double "". In Windows NTx, pStr contains: the names of the adapters, in UNICODE format, separated by a single UNICODE "" (i.e. 2 ASCII ""), a double UNICODE "", followed by the descriptions of the adapters, in ASCII format, separated by a single ASCII "" . The string is terminated by a double ASCII "". a variable number of UNICODE strings, each with the names of an adapter, separated by a UNICODE "" a double UNICODE "" a number of ASCII strings, each with the description of an adapter, separated by an ASCII "". a double ASCII "". Definition at line 1353 of file Packet32.c. References ODS, ODSEx, PacketCloseAdapter(), PacketOpenAdapter(), PacketRequest(), and PPACKET_OID_DATA. Referenced by main().

BOOLEAN PacketGetNetInfo (  LPTSTR    AdapterName, PULONG    netp, PULONG    maskp )

Returns the IP address and the netmask of an adapter. Parameters: AdapterName  String that contain _ADAPTER structure. netp  Pointer to a variable that will receive the IP address of the adapter. maskp  Pointer to a variable that will receive the netmask of the adapter. Returns: If the function succeeds, the return value is nonzero. Note: this function is obsolete and is maintained for backward compatibility. Use PacketGetNetInfoEx() instead. Definition at line 1936 of file Packet32.c. References inet_addrU(), maskp, netp, and SChar2WChar().

BOOLEAN PacketGetNetInfoEx (  LPTSTR    AdapterName, npf_if_addr *    buffer, PLONG    NEntries )

Returns comprehensive information the addresses of an adapter. Parameters: AdapterName  String that contain _ADAPTER structure. buffer  A user allocated array of npf_if_addr that will be filled by the function. NEntries  Size of the array (in npf_if_addr). Returns: If the function succeeds, the return value is nonzero. This function grabs from the registry information like the IP addresses, the netmasks and the broadcast addresses of an interface. The buffer passed by the user is filled with npf_if_addr structures, each of which contains the data for a single address. If the buffer is full, the reaming addresses are dropeed, therefore set its dimension to sizeof(npf_if_addr) if you want only the first address. Definition at line 1690 of file Packet32.c. References inet_addrU(), and SChar2WChar().

BOOLEAN PacketGetNetType (  LPADAPTER    AdapterObject, NetType *    type )

Returns information about the MAC type of an adapter. Parameters: AdapterObject  The adapter on which information is needed. type  Pointer to a NetType structure that will be filled by the function. Returns: If the function succeeds, the return value is nonzero, otherwise the return value is zero. This function return the link layer technology and the speed (in bps) of an opened adapter. The LinkType field of the type parameter can have one of the following values: NdisMedium802_3: Ethernet (802.3) NdisMediumWan: WAN NdisMedium802_5: Token Ring (802.5) NdisMediumFddi: FDDI NdisMediumAtm: ATM NdisMediumArcnet878_2: ARCNET (878.2) Definition at line 369 of file Packet32.c. References NetType::LinkSpeed, NetType::LinkType, ODS, ODSEx, PacketRequest(), and PPACKET_OID_DATA. Referenced by pcap_open_live().

HANDLE PacketGetReadEvent (  LPADAPTER    AdapterObject )

Returns the notification event associated with the read calls on an adapter. Parameters: AdapterObject  Pointer to an _ADAPTER structure. Returns: The handle of the event that the driver signals when some data is available in the kernel buffer. The event returned by this function is signaled by the driver if: The adapter pointed by AdapterObject is in capture mode and an amount of data greater or equal than the one set with the PacketSetMinToCopy() function is received from the network. the adapter pointed by AdapterObject is in capture mode, no data has been received from the network but the the timeout set with the PacketSetReadTimeout() function has elapsed. the adapter pointed by AdapterObject is in statics mode and the the timeout set with the PacketSetReadTimeout() function has elapsed. This means that a new statistic sample is available. In every case, a call to PacketReceivePacket() will return immediately. The event can be passed to standard Win32 functions (like WaitForSingleObject or WaitForMultipleObjects) to wait until the driver's buffer contains some data. It is particularly useful in GUI applications that need to wait concurrently on several events. Definition at line 1100 of file Packet32.c. References _ADAPTER::ReadEvent. Referenced by pcap_getevent().

BOOLEAN PacketGetStats (  LPADAPTER    AdapterObject, struct bpf_stat *    s )

Returns a couple of statistic values about the current capture session. Parameters: AdapterObject  Pointer to an _ADAPTER structure. s  Pointer to a user provided bpf_stat structure that will be filled by the function. Returns: If the function succeeds, the return value is nonzero. With this function, the programmer can know the value of two internal variables of the driver: the number of packets that have been received by the adapter AdapterObject, starting at the time in which it was opened with PacketOpenAdapter. the number of packets that have been dropped by the driver. A packet is dropped when the kernel buffer associated with the adapter is full. Definition at line 1202 of file Packet32.c. References bpf_stat::bs_drop, bpf_stat::bs_recv, and _ADAPTER::hFile. Referenced by main(), and pcap_stats().

BOOLEAN PacketGetStatsEx (  LPADAPTER    AdapterObject, struct bpf_stat *    s )

Returns statistic values about the current capture session. Enhanced version of PacketGetStats(). Parameters: AdapterObject  Pointer to an _ADAPTER structure. s  Pointer to a user provided bpf_stat structure that will be filled by the function. Returns: If the function succeeds, the return value is nonzero. With this function, the programmer can retireve the sname values provided by PacketGetStats(), plus: the number of drops by interface (not yet supported, always 0). the number of packets that reached the application, i.e that were accepted by the kernel filter and that fitted in the kernel buffer. Definition at line 1236 of file Packet32.c. References bpf_stat::bs_capt, bpf_stat::bs_drop, bpf_stat::bs_recv, _ADAPTER::hFile, and bpf_stat::ps_ifdrop. Referenced by pcap_stats_ex().

PCHAR PacketGetVersion (    )

Returns a string with the dll version. Returns: A char pointer to the version of the library. Definition at line 349 of file Packet32.c. References PacketLibraryVersion. Referenced by main().

VOID PacketInitPacket (  LPPACKET    lpPacket, PVOID    Buffer, UINT    Length )

Initializes a _PACKET structure. Parameters: lpPacket  The structure to initialize. Buffer  A pointer to a user-allocated buffer that will contain the captured data. Length  the length of the buffer. This is the maximum buffer size that will be transferred from the driver to the application using a single read. Note: the size of the buffer associated with the PACKET structure is a parameter that can sensibly influence the performance of the capture process, since this buffer will contain the packets received from the the driver. The driver is able to return several packets using a single read call (see the PacketReceivePacket() function for details), and the number of packets transferable to the application in a call is limited only by the size of the buffer associated with the PACKET structure passed to PacketReceivePacket(). Therefore setting a big buffer with PacketInitPacket can noticeably decrease the number of system calls, reducing the impcat of the capture process on the processor. Definition at line 729 of file Packet32.c. References _PACKET::bIoComplete, _PACKET::Buffer, _PACKET::Length, and _PACKET::ulBytesReceived. Referenced by main(), pcap_open_live(), pcap_sendpacket(), and pcap_setuserbuffer().

BOOLEAN PacketIsDumpEnded (  LPADAPTER    AdapterObject, BOOLEAN    sync )

Returns the status of the kernel dump process, i.e. tells if one of the limits defined with PacketSetDumpLimits() was reached. Parameters: AdapterObject  Pointer to an _ADAPTER structure. sync  if TRUE, the function blocks until the dump is finished, otherwise it returns immediately. Returns: TRUE if the dump is ended, FALSE otherwise. PacketIsDumpEnded() informs the user about the limits that were set with a previous call to PacketSetDumpLimits(). Warning: If no calls to PacketSetDumpLimits() were performed or if the dump process has no limits (i.e. if the arguments of the last call to PacketSetDumpLimits() were both 0), setting sync to TRUE will block the application on this call forever. Definition at line 1058 of file Packet32.c. References _ADAPTER::hFile, and _ADAPTER::ReadEvent. Referenced by pcap_live_dump_ended().

LPADAPTER PacketOpenAdapter (  LPTSTR    AdapterName )

Opens an adapter. Parameters: AdapterName  A string containing the name of the device to open. Use the PacketGetAdapterNames() function to retrieve the list of available devices. Returns: If the function succeeds, the return value is the pointer to a properly initialized ADAPTER object, otherwise the return value is NULL. This function tries to load and start the packet driver at the first invocation. In this way, the management of the driver is transparent to the application, that simply needs to open an adapter to start WinPcap. Note: the Windows 95 version of the NPF driver works with the ASCII string format, while the Windows NT version works with UNICODE. Therefore, AdapterName should be an ASCII string in Windows 95, and a UNICODE string in Windows NT. This difference is not a problem if the string pointed by AdapterName was obtained through the PacketGetAdapterNames function, because it returns the names of the adapters in the proper format. Problems can arise in Windows NT when the string is obtained from ANSI C functions like scanf, because they use the ASCII format. Since this could be a relevant problem during the porting of command-line applications from UNIX, we included in the Windows NT version of PacketOpenAdapter the ability to detect ASCII strings and convert them to UNICODE before sending them to the device driver. Therefore PacketOpenAdapter in Windows NT accepts both the ASCII and the UNICODE format. If a ASCII string is received, it is converted to UNICODE by PACKET.DLL before being passed to the driver. Definition at line 468 of file Packet32.c. References _ADAPTER::hFile, _ADAPTER::NumWrites, ODS, ODSEx, PacketInstallDriver(), PacketSetMaxLookaheadsize(), PacketSetReadEvt(), SChar2WChar(), scmHandle, srvHandle, and _ADAPTER::SymbolicLink. Referenced by main(), PacketGetAdapterNames(), and pcap_open_live().

BOOLEAN PacketReceivePacket (  LPADAPTER    AdapterObject, LPPACKET    lpPacket, BOOLEAN    Sync )

Read data (packets or statistics) from the NPF driver. Parameters: AdapterObject  Pointer to an _ADAPTER structure identifying the network adapter from which the data is received. lpPacket  Pointer to a PACKET structure that will contain the data. Sync  This parameter is deprecated and will be ignored. It is present for compatibility with older applications. Returns: If the function succeeds, the return value is nonzero. The data received with this function can be a group of packets or a static on the network traffic, depending on the working mode of the driver. The working mode can be set with the PacketSetMode() function. Give a look at that function if you are interested in the format used to return statistics values, here only the normal capture mode will be described. The number of packets received with this function is variable. It depends on the number of packets currently stored in the driver’s buffer, on the size of these packets and on the size of the buffer associated to the lpPacket parameter. The following figure shows the format used by the driver to pass packets to the application. method used to encode the packets Packets are stored in the buffer associated with the lpPacket _PACKET structure. The Length field of that structure is updated with the amount of data copied in the buffer. Each packet has a header consisting in a bpf_hdr structure that defines its length and contains its timestamp. A padding field is used to word-align the data in the buffer (to speed up the access to the packets). The bh_datalen and bh_hdrlen fields of the bpf_hdr structures should be used to extract the packets from the buffer. Examples can be seen either in the TestApp sample application (see the Packet.dll samples page) provided in the developer's pack, or in the pcap_read() function of wpcap. Definition at line 768 of file Packet32.c. References _PACKET::Buffer, _ADAPTER::hFile, _PACKET::Length, _ADAPTER::ReadEvent, _ADAPTER::ReadTimeOut, and _PACKET::ulBytesReceived. Referenced by main(), and pcap_read().

BOOLEAN PacketRequest (  LPADAPTER    AdapterObject, BOOLEAN    Set, PPACKET_OID_DATA    OidData )

Performs a query/set operation on an internal variable of the network card driver. Parameters: AdapterObject  Pointer to an _ADAPTER structure. Set  Determines if the operation is a set (Set=TRUE) or a query (Set=FALSE). OidData  A pointer to a _PACKET_OID_DATA structure that contains or receives the data. Returns: If the function succeeds, the return value is nonzero. Note: not all the network adapters implement all the query/set functions. There is a set of mandatory OID functions that is granted to be present on all the adapters, and a set of facultative functions, not provided by all the cards (see the Microsoft DDKs to see which functions are mandatory). If you use a facultative function, be careful to enclose it in an if statement to check the result. Definition at line 1271 of file Packet32.c. References _ADAPTER::hFile, and ODSEx. Referenced by PacketGetAdapterNames(), PacketGetNetType(), PacketSetHwFilter(), and PacketSetMaxLookaheadsize().

BOOLEAN PacketSendPacket (  LPADAPTER    AdapterObject, LPPACKET    lpPacket, BOOLEAN    Sync )

Sends one (or more) copies of a packet to the network. Parameters: AdapterObject  Pointer to an _ADAPTER structure identifying the network adapter that will send the packets. lpPacket  Pointer to a PACKET structure with the packet to send. Sync  This parameter is deprecated and will be ignored. It is present for compatibility with older applications. Returns: If the function succeeds, the return value is nonzero. This function is used to send a raw packet to the network. 'Raw packet' means that the programmer will have to include the protocol headers, since the packet is sent to the network 'as is'. The CRC needs not to be calculated and put at the end of the packet, because it will be transparently added by the network interface. The behavior of this function is influenced by the PacketSetNumWrites() function. With PacketSetNumWrites(), it is possible to change the number of times a single write must be repeated. The default is 1, i.e. every call to PacketSendPacket() will correspond to one packet sent to the network. If this number is greater than 1, for example 1000, every raw packet written by the application will be sent 1000 times on the network. This feature mitigates the overhead of the context switches and therefore can be used to generate high speed traffic. It is particularly useful for tools that test networks, routers, and servers and need to obtain high network loads. The optimized sending process is still limited to one packet at a time: for the moment it cannot be used to send a buffer with multiple packets. Note: The ability to write multiple packets is currently present only in the Windows NTx version of the packet driver. In Windows 95/98/ME it is emulated at user level in packet.dll. This means that an application that uses the multiple write method will run in Windows 9x as well, but its performance will be very low compared to the one of WindowsNTx. Definition at line 809 of file Packet32.c. References _PACKET::Buffer, _ADAPTER::hFile, and _PACKET::Length. Referenced by main(), and pcap_sendpacket().

INT PacketSendPackets (  LPADAPTER    AdapterObject, PVOID    PacketBuff, ULONG    Size, BOOLEAN    Sync )

Sends a buffer of packets to the network. Parameters: AdapterObject  Pointer to an _ADAPTER structure identifying the network adapter that will send the packets. PacketBuff  Pointer to buffer with the packets to send. Size  Size of the buffer pointed by the PacketBuff argument. Sync  if TRUE, the packets are sent respecting the timestamps. If FALSE, the packets are sent as fast as possible Returns: The amount of bytes actually sent. If the return value is smaller than the Size parameter, an error occurred during the send. The error can be caused by a driver/adapter problem or by an inconsistent/bogus packet buffer. This function is used to send a buffer of raw packets to the network. The buffer can contain an arbitrary number of raw packets, each of which preceded by a dump_bpf_hdr structure. The dump_bpf_hdr is the same used by WinPcap and libpcap to store the packets in a file, therefore sending a capture file is straightforward. 'Raw packets' means that the sending application will have to include the protocol headers, since every packet is sent to the network 'as is'. The CRC of the packets needs not to be calculated, because it will be transparently added by the network interface. Note: Using this function if more efficient than issuing a series of PacketSendPacket(), because the packets are buffered in the kernel driver, so the number of context switches is reduced. When Sync is set to TRUE, the packets are synchronized in the kerenl with a high precision timestamp. This requires a remarkable amount of CPU, but allows to send the packets with a precision of some microseconds (depending on the precision of the performance counter of the machine). Such a precision cannot be reached sending the packets separately with PacketSendPacket(). Definition at line 845 of file Packet32.c. References _ADAPTER::hFile, and ODS. Referenced by pcap_sendqueue_transmit().

BOOLEAN PacketSetBpf (  LPADAPTER    AdapterObject, struct bpf_program *    fp )

Sets a kernel-level packet filter. Parameters: AdapterObject  Pointer to an _ADAPTER structure. fp  Pointer to a filtering program that will be associated with this capture or monitoring instance and that will be executed on every incoming packet. Returns: This function returns TRUE if the filter is set successfully, FALSE if an error occurs or if the filter program is not accepted after a safeness check by the driver. The driver performs the check in order to avoid system crashes due to buggy or malicious filters, and it rejects non conformat filters. This function associates a new BPF filter to the adapter AdapterObject. The filter, pointed by fp, is a set of bpf_insn instructions. A filter can be automatically created by using the pcap_compile() function of wpcap. This function converts a human readable text expression with the syntax of WinDump (see the manual of WinDump at http://netgroup.polito.it/windump for details) into a BPF program. If your program doesn't link wpcap, but you need to know the code of a particular filter, you can launch WinDump with the -d or -dd or -ddd flags to obtain the pseudocode. Definition at line 1183 of file Packet32.c. References bpf_program::bf_insns, bpf_program::bf_len, and _ADAPTER::hFile. Referenced by pcap_setfilter().

BOOLEAN PacketSetBuff (  LPADAPTER    AdapterObject, int    dim )

Sets the size of the kernel-level buffer associated with a capture. Parameters: AdapterObject  Pointer to an _ADAPTER structure. dim  New size of the buffer, in kilobytes. Returns: The function returns TRUE if successfully completed, FALSE if there is not enough memory to allocate the new buffer. When a new dimension is set, the data in the old buffer is discarded and the packets stored in it are lost. Note: the dimension of the kernel buffer affects heavily the performances of the capture process. An adequate buffer in the driver is able to keep the packets while the application is busy, compensating the delays of the application and avoiding the loss of packets during bursts or high network activity. The buffer size is set to 0 when an instance of the driver is opened: the programmer should remember to set it to a proper value. As an example, wpcap sets the buffer size to 1MB at the beginning of a capture. Definition at line 1157 of file Packet32.c. References _ADAPTER::hFile. Referenced by main(), pcap_open_live(), and pcap_setbuff().

BOOLEAN PacketSetDumpLimits (  LPADAPTER    AdapterObject, UINT    maxfilesize, UINT    maxnpacks )

Set the dump mode limits. Parameters: AdapterObject  Pointer to an _ADAPTER structure. maxfilesize  The maximum dimension of the dump file, in bytes. 0 means no limit. maxnpacks  The maximum number of packets contained in the dump file. 0 means no limit. Returns: If the function succeeds, the return value is nonzero. This function sets the limits after which the NPF driver stops to save the packets to file when an adapter is in dump mode. This allows to limit the dump file to a precise number of bytes or packets, avoiding that very long dumps fill the disk space. If both maxfilesize and maxnpacks are set, the dump is stopped when the first of the two is reached. Note: When a limit is reached, the dump is stopped, but the file remains opened. In order to flush correctly the data and access the file consistently, you need to close the adapter with PacketCloseAdapter(). Definition at line 1027 of file Packet32.c. References _ADAPTER::hFile. Referenced by pcap_live_dump().

BOOLEAN PacketSetDumpName (  LPADAPTER    AdapterObject, void *    name, int    len )

Sets the name of the file that will receive the packet when the adapter is in dump mode. Parameters: AdapterObject  Pointer to an _ADAPTER structure. name  the file name, in ASCII or UNICODE. len  the length of the buffer containing the name, in bytes. Returns: If the function succeeds, the return value is nonzero. This function defines the file name that the driver will open to store the packets on disk when it works in dump mode. The adapter must be in dump mode, i.e. PacketSetMode() should have been called previously with mode = PACKET_MODE_DUMP. otherwise this function will fail. If PacketSetDumpName was already invoked on the adapter pointed by AdapterObject, the driver closes the old file and opens the new one. Definition at line 980 of file Packet32.c. References _ADAPTER::hFile, and SChar2WChar(). Referenced by pcap_live_dump().

BOOLEAN PacketSetHwFilter (  LPADAPTER    AdapterObject, ULONG    Filter )

Sets a hardware filter on the incoming packets. Parameters: AdapterObject  Pointer to an _ADAPTER structure. Filter  The identifier of the filter. Returns: If the function succeeds, the return value is nonzero. The filter defined with this filter is evaluated by the network card, at a level that is under the NPF device driver. Here is a list of the most useful hardware filters (A complete list can be found in ntddndis.h): NDIS_PACKET_TYPE_PROMISCUOUS: sets promiscuous mode. Every incoming packet is accepted by the adapter. NDIS_PACKET_TYPE_DIRECTED: only packets directed to the workstation's adapter are accepted. NDIS_PACKET_TYPE_BROADCAST: only broadcast packets are accepted. NDIS_PACKET_TYPE_MULTICAST: only multicast packets belonging to groups of which this adapter is a member are accepted. NDIS_PACKET_TYPE_ALL_MULTICAST: every multicast packet is accepted. NDIS_PACKET_TYPE_ALL_LOCAL: all local packets, i.e. NDIS_PACKET_TYPE_DIRECTED + NDIS_PACKET_TYPE_BROADCAST + NDIS_PACKET_TYPE_MULTICAST Definition at line 1305 of file Packet32.c. References ODS, PacketRequest(), and PPACKET_OID_DATA. Referenced by main(), and pcap_open_live().

BOOLEAN PacketSetMinToCopy (  LPADAPTER    AdapterObject, int    nbytes )

Defines the minimum amount of data that will be received in a read. Parameters: AdapterObject  Pointer to an _ADAPTER structure nbytes  the minimum amount of data in the kernel buffer that will cause the driver to release a read on this adapter. Returns: If the function succeeds, the return value is nonzero. In presence of a large value for nbytes, the kernel waits for the arrival of several packets before copying the data to the user. This guarantees a low number of system calls, i.e. lower processor usage, i.e. better performance, which is a good setting for applications like sniffers. Vice versa, a small value means that the kernel will copy the packets as soon as the application is ready to receive them. This is suggested for real time applications (like, for example, a bridge) that need the better responsiveness from the kernel. note: this function has effect only in Windows NTx. The driver for Windows 9x doesn't offer this possibility, therefore PacketSetMinToCopy is implemented under these systems only for compatibility. Definition at line 917 of file Packet32.c. References _ADAPTER::hFile. Referenced by pcap_open_live(), and pcap_setmintocopy().

BOOLEAN PacketSetMode (  LPADAPTER    AdapterObject, int    mode )

Sets the working mode of an adapter. Parameters: AdapterObject  Pointer to an _ADAPTER structure. mode  The new working mode of the adapter. Returns: If the function succeeds, the return value is nonzero. The device driver of WinPcap has 4 working modes: Capture mode (mode = PACKET_MODE_CAPT): normal capture mode. The packets transiting on the wire are copied to the application when PacketReceivePacket() is called. This is the default working mode of an adapter. Statistical mode (mode = PACKET_MODE_STAT): programmable statistical mode. PacketReceivePacket() returns, at precise intervals, statics values on the network traffic. The interval between the statistic samples is by default 1 second but it can be set to any other value (with a 1 ms precision) with the PacketSetReadTimeout() function. The data returned by PacketReceivePacket() when the adapter is in statistical mode is shown in the following figure: data structure returned by statistical mode Two 64-bit counters are provided: the number of packets and the amount of bytes that satisfy a filter previously set with PacketSetBPF(). If no filter has been set, all the packets are counted. The counters are encapsulated in a bpf_hdr structure, so that they will be parsed correctly by wpcap. Statistical mode has a very low impact on system performance compared to capture mode. Dump mode (mode = PACKET_MODE_DUMP): the packets are dumped to disk by the driver, in libpcap format. This method is much faster than saving the packets after having captured them. No data is returned by PacketReceivePacket(). If the application sets a filter with PacketSetBPF(), only the packets that satisfy this filter are dumped to disk. Statitical Dump mode (mode = PACKET_MODE_STAT_DUMP): the packets are dumped to disk by the driver, in libpcap format, like in dump mode. PacketReceivePacket() returns, at precise intervals, statics values on the network traffic and on the amount of data saved to file, in a way similar to statistical mode. The data returned by PacketReceivePacket() when the adapter is in statistical dump mode is shown in the following figure: data structure returned by statistical dump mode Three 64-bit counters are provided: the number of packets accepted, the amount of bytes accepted and the effective amount of data (including headers) dumped to file. If no filter has been set, all the packets are dumped to disk. The counters are encapsulated in a bpf_hdr structure, so that they will be parsed correctly by wpcap. Look at the NetMeter example in the WinPcap developer's pack to see how to use statistics mode. Definition at line 959 of file Packet32.c. References _ADAPTER::hFile. Referenced by pcap_live_dump(), and pcap_setmode().

BOOLEAN PacketSetNumWrites (  LPADAPTER    AdapterObject, int    nwrites )

Sets the number of times a single packet written with PacketSendPacket() will be repeated on the network. Parameters: AdapterObject  Pointer to an _ADAPTER structure. nwrites  Number of copies of a packet that will be physically sent by the interface. Returns: If the function succeeds, the return value is nonzero. See PacketSendPacket() for details. Definition at line 1113 of file Packet32.c. References _ADAPTER::hFile. Referenced by main().

BOOLEAN PacketSetReadTimeout (  LPADAPTER    AdapterObject, int    timeout )

Sets the timeout after which a read on an adapter returns. Parameters: AdapterObject  Pointer to an _ADAPTER structure. timeout  indicates the timeout, in milliseconds, after which a call to PacketReceivePacket() on the adapter pointed by AdapterObject will be released, also if no packets have been captured by the driver. Setting timeout to 0 means no timeout, i.e. PacketReceivePacket() never returns if no packet arrives. A timeout of -1 causes PacketReceivePacket() to always return immediately. Returns: If the function succeeds, the return value is nonzero. Note: This function works also if the adapter is working in statistics mode, and can be used to set the time interval between two statistic reports. Definition at line 1131 of file Packet32.c. References _ADAPTER::hFile, and _ADAPTER::ReadTimeOut. Referenced by main(), pcap_open_live(), and pcap_setnonblock().

BOOL PacketStopDriver (    )

Stops and unloads the WinPcap device driver. Returns: If the function succeeds, the return value is nonzero, otherwise it is zero. This function can be used to unload the driver from memory when the application no more needs it. Note that the driver is physically stopped and unloaded only when all the files on its devices are closed, i.e. when all the applications that use WinPcap close all their adapters. Definition at line 407 of file Packet32.c. References scmHandle.

---

Variable Documentation

char PacketLibraryVersion[] = "3.0 alpha3"

Current packet.dll Version. It can be retrieved directly or through the PacketGetVersion() function. Definition at line 343 of file Packet32.c. Referenced by PacketGetVersion().

---

documentation. Copyright (c)2002-2003 Politecnico di Torino.
2005 translated by Telebusiness,Inc.
 All rights reserved.