WinPcap  4.1.3
Data Structures | Macros | Typedefs | Enumerations | Functions | Variables
Packet.h File Reference
#include "win_bpf.h"

Go to the source code of this file.

Data Structures

struct  packet_file_header
 Header of a libpcap dump file. More...
 
struct  sf_pkthdr
 Header associated to a packet in the driver's buffer when the driver is in dump mode. Similar to the bpf_hdr structure, but simpler. More...
 
struct  _PACKET_OID_DATA
 Structure containing an OID request. More...
 
struct  _INTERNAL_REQUEST
 Stores an OID request. More...
 
struct  _PACKET_RESERVED
 Contains a NDIS packet. More...
 
struct  _DEVICE_EXTENSION
 Port device extension. More...
 
struct  __CPU_Private_Data
 Kernel buffer of each CPU. More...
 
struct  _OPEN_INSTANCE
 Contains the state of a running instance of the NPF driver. More...
 
struct  PacketHeader
 Structure prepended to each packet in the kernel buffer pool. More...
 

Macros

#define MAX_REQUESTS   32
 Maximum number of simultaneous IOCTL requests. More...
 
#define Packet_ALIGNMENT   sizeof(int)
 Alignment macro. Defines the alignment size. More...
 
#define Packet_WORDALIGN(x)   (((x)+(Packet_ALIGNMENT-1))&~(Packet_ALIGNMENT-1))
 even multiple of Packet_ALIGNMENT. More...
 
#define KERNEL_EVENT_NAMESPACE   L"\\BaseNamedObjects\\"
 
#define MODE_CAPT   0x0
 Capture working mode. More...
 
#define MODE_STAT   0x1
 Statistical working mode. More...
 
#define MODE_MON   0x2
 Kernel monitoring mode. More...
 
#define MODE_DUMP   0x10
 Kernel dump working mode. More...
 
#define IMMEDIATE   1
 Immediate timeout. Forces a read call to return immediately. More...
 
#define NDIS_FLAGS_SKIP_LOOPBACK_W2K   0x400
 This is an undocumented flag for NdisSetPacketFlags() that allows to disable loopback reception. More...
 
#define TCPDUMP_MAGIC   0xa1b2c3d4
 Libpcap magic number. Used by programs like tcpdump to recognize a driver's generated dump file. More...
 
#define PCAP_VERSION_MAJOR   2
 Major libpcap version of the dump file. Used by programs like tcpdump to recognize a driver's generated dump file. More...
 
#define PCAP_VERSION_MINOR   4
 Minor libpcap version of the dump file. Used by programs like tcpdump to recognize a driver's generated dump file. More...
 
#define NPF_DISABLE_LOOPBACK   1
 Tells the driver to drop the packets sent by itself. This is usefult when building applications like bridges. More...
 
#define NPF_ENABLE_LOOPBACK   2
 Tells the driver to capture the packets sent by itself. More...
 
#define C_ASSERT(a)
 
#define RESERVED(_p)   ((PPACKET_RESERVED)((_p)->ProtocolReserved))
 Macro to obtain a NDIS_PACKET from a PACKET_RESERVED. More...
 
#define TRANSMIT_PACKETS   256
 of packets that can be transmitted at the same time or with a single call to NdisSendPackets. More...
 
#define EXIT_SUCCESS(quantity)
 Macro used in the I/O routines to return the control to user-mode with a success status. More...
 
#define EXIT_FAILURE(quantity)
 Macro used in the I/O routines to return the control to user-mode with a failure status. More...
 

Typedefs

typedef struct _PACKET_OID_DATA PACKET_OID_DATA
 Structure containing an OID request. More...
 
typedef struct _PACKET_OID_DATAPPACKET_OID_DATA
 
typedef struct _INTERNAL_REQUEST INTERNAL_REQUEST
 Stores an OID request. More...
 
typedef struct _INTERNAL_REQUESTPINTERNAL_REQUEST
 
typedef struct _PACKET_RESERVED PACKET_RESERVED
 Contains a NDIS packet. More...
 
typedef struct _PACKET_RESERVEDPPACKET_RESERVED
 
typedef struct _DEVICE_EXTENSION DEVICE_EXTENSION
 Port device extension. More...
 
typedef struct _DEVICE_EXTENSIONPDEVICE_EXTENSION
 
typedef struct __CPU_Private_Data CpuPrivateData
 Kernel buffer of each CPU. More...
 
typedef struct _OPEN_INSTANCE OPEN_INSTANCE
 Contains the state of a running instance of the NPF driver. More...
 
typedef struct _OPEN_INSTANCEPOPEN_INSTANCE
 

Enumerations

enum  ADAPTER_BINDING_STATUS { ADAPTER_UNBOUND, ADAPTER_BOUND, ADAPTER_UNBINDING }
 

Functions

 C_ASSERT (sizeof(PACKET_OID_DATA)==12)
 
NTSTATUS DriverEntry (IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath)
 The initialization routine of the driver. More...
 
PWCHAR getAdaptersList (VOID)
 Returns the list of the MACs available on the system. More...
 
PKEY_VALUE_PARTIAL_INFORMATION getTcpBindings (VOID)
 Returns the MACs that bind to TCP/IP. More...
 
BOOLEAN NPF_CreateDevice (IN OUT PDRIVER_OBJECT adriverObjectP, IN PUNICODE_STRING amacNameP)
 Creates a device for a given MAC. More...
 
NTSTATUS NPF_Open (IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp)
 Opens a new instance of the driver. More...
 
VOID NPF_OpenAdapterComplete (IN NDIS_HANDLE ProtocolBindingContext, IN NDIS_STATUS Status, IN NDIS_STATUS OpenErrorStatus)
 Ends the opening of an adapter. More...
 
NTSTATUS NPF_Cleanup (IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp)
 Closes an instance of the driver. More...
 
NTSTATUS NPF_Close (IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp)
 
VOID NPF_CloseAdapterComplete (IN NDIS_HANDLE ProtocolBindingContext, IN NDIS_STATUS Status)
 Ends the closing of an adapter. More...
 
NDIS_STATUS NPF_tap (IN NDIS_HANDLE ProtocolBindingContext, IN NDIS_HANDLE MacReceiveContext, IN PVOID HeaderBuffer, IN UINT HeaderBufferSize, IN PVOID LookAheadBuffer, IN UINT LookaheadBufferSize, IN UINT PacketSize)
 Callback invoked by NDIS when a packet arrives from the network. More...
 
VOID NPF_TransferDataComplete (IN NDIS_HANDLE ProtocolBindingContext, IN PNDIS_PACKET Packet, IN NDIS_STATUS Status, IN UINT BytesTransferred)
 Ends the transfer of a packet. More...
 
VOID NPF_ReceiveComplete (IN NDIS_HANDLE ProtocolBindingContext)
 Callback function that signals the end of a packet reception. More...
 
NTSTATUS NPF_IoControl (IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp)
 Handles the IOCTL calls. More...
 
VOID NPF_RequestComplete (IN NDIS_HANDLE ProtocolBindingContext, IN PNDIS_REQUEST pRequest, IN NDIS_STATUS Status)
 Ends an OID request. More...
 
NTSTATUS NPF_Write (IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp)
 Writes a raw packet to the network. More...
 
INT NPF_BufferedWrite (IN PIRP Irp, IN PCHAR UserBuff, IN ULONG UserBuffSize, BOOLEAN sync)
 Writes a buffer of raw packets to the network. More...
 
VOID NPF_WaitEndOfBufferedWrite (POPEN_INSTANCE Open)
 Waits the completion of all the sends performed by NPF_BufferedWrite. More...
 
VOID NPF_SendComplete (IN NDIS_HANDLE ProtocolBindingContext, IN PNDIS_PACKET pPacket, IN NDIS_STATUS Status)
 Ends a send operation. More...
 
VOID NPF_ResetComplete (IN NDIS_HANDLE ProtocolBindingContext, IN NDIS_STATUS Status)
 Ends a reset of the adapter. More...
 
VOID NPF_Status (IN NDIS_HANDLE ProtocolBindingContext, IN NDIS_STATUS Status, IN PVOID StatusBuffer, IN UINT StatusBufferSize)
 Callback for NDIS StatusHandler. Not used by NPF. More...
 
VOID NPF_StatusComplete (IN NDIS_HANDLE ProtocolBindingContext)
 Callback for NDIS StatusCompleteHandler. Not used by NPF. More...
 
VOID NPF_Unload (IN PDRIVER_OBJECT DriverObject)
 Function called by the OS when NPF is unloaded. More...
 
NTSTATUS NPF_Read (IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp)
 Function that serves the user's reads. More...
 
NTSTATUS NPF_ReadRegistry (IN PWSTR *MacDriverName, IN PWSTR *PacketDriverName, IN PUNICODE_STRING RegistryPath)
 Reads the registry keys associated woth NPF if the driver is manually installed via the control panel. More...
 
NTSTATUS NPF_QueryRegistryRoutine (IN PWSTR ValueName, IN ULONG ValueType, IN PVOID ValueData, IN ULONG ValueLength, IN PVOID Context, IN PVOID EntryContext)
 Function used by NPF_ReadRegistry() to quesry the registry keys associated woth NPF if the driver is manually installed via the control panel. More...
 
VOID NPF_BindAdapter (OUT PNDIS_STATUS Status, IN NDIS_HANDLE BindContext, IN PNDIS_STRING DeviceName, IN PVOID SystemSpecific1, IN PVOID SystemSpecific2)
 Callback for NDIS BindAdapterHandler. Not used by NPF. More...
 
VOID NPF_UnbindAdapter (OUT PNDIS_STATUS Status, IN NDIS_HANDLE ProtocolBindingContext, IN NDIS_HANDLE UnbindContext)
 Callback for NDIS UnbindAdapterHandler. More...
 
NTSTATUS NPF_OpenDumpFile (POPEN_INSTANCE Open, PUNICODE_STRING fileName, BOOLEAN append)
 Creates the file that will receive the packets when the driver is in dump mode. More...
 
NTSTATUS NPF_StartDump (POPEN_INSTANCE Open)
 Starts dump to file. More...
 
VOID NPF_DumpThread (PVOID Open)
 The dump thread. More...
 
NTSTATUS NPF_SaveCurrentBuffer (POPEN_INSTANCE Open)
 Saves the content of the packet buffer to the file associated with current instance. More...
 
VOID NPF_WriteDumpFile (PFILE_OBJECT FileObject, PLARGE_INTEGER Offset, ULONG Length, PMDL Mdl, PIO_STATUS_BLOCK IoStatusBlock)
 Writes a block of packets on the dump file. More...
 
NTSTATUS NPF_CloseDumpFile (POPEN_INSTANCE Open)
 Closes the dump file associated with an instance of the driver. More...
 
BOOLEAN NPF_StartUsingBinding (IN POPEN_INSTANCE pOpen)
 
VOID NPF_StopUsingBinding (IN POPEN_INSTANCE pOpen)
 
VOID NPF_CloseBinding (IN POPEN_INSTANCE pOpen)
 
BOOLEAN NPF_StartUsingOpenInstance (IN POPEN_INSTANCE pOpen)
 
VOID NPF_StopUsingOpenInstance (IN POPEN_INSTANCE pOpen)
 
VOID NPF_CloseOpenInstance (IN POPEN_INSTANCE pOpen)
 
NTSTATUS NPF_GetDeviceMTU (IN POPEN_INSTANCE pOpen, IN PIRP pIrp, OUT PUINT pMtu)
 
UINT GetBuffOccupation (POPEN_INSTANCE Open)
 Returns the amount of bytes present in the packet buffer. More...
 

Variables

ULONG g_NCpu
 
NDIS_HANDLE g_NdisProtocolHandle
 
struct time_conv G_Start_Time
 
UINT g_SendPacketFlags
 

documentation. Copyright (c) 2002-2005 Politecnico di Torino. Copyright (c) 2005-2010 CACE Technologies. Copyright (c) 2010-2013 Riverbed Technology. All rights reserved.