group__npf__code.html

Winpcap是一个强大的网络开发库

<p>
Creates a device for a given MAC. 
<p>
<dl compact><dt><b>Parameters:</b></dt><dd>
  <table border="0" cellspacing="2" cellpadding="0">
    <tr><td valign="top"></td><td valign="top"><em>adriverObjectP</em>&nbsp;</td><td>The driver object that will be associated with the device, i.e. the one of NPF. </td></tr>
    <tr><td valign="top"></td><td valign="top"><em>amacNameP</em>&nbsp;</td><td>The name of the network interface that the device will point. </td></tr>
  </table>
</dl>
<dl class="return" compact><dt><b>Returns:</b></dt><dd>If the function succeeds, the return value is nonzero.</dd></dl>
NPF creates a device for every valid network adapter. The new device points to the NPF driver, but contains information about the original device. In this way, when the user opens the new device, NPF will be able to determine the correct adapter to use. 
</div>
</div><p>
<a class="anchor" name="g1566082cef91cf79ba4a855e3f44ede9"></a><!-- doxytag: member="Packet.h::NPF_DumpThread" ref="g1566082cef91cf79ba4a855e3f44ede9" args="(PVOID Open)" -->
<div class="memitem">
<div class="memproto">
      <table class="memname">
        <tr>
          <td class="memname">VOID NPF_DumpThread           </td>
          <td>(</td>
          <td class="paramtype">PVOID&nbsp;</td>
          <td class="paramname"> <em>Open</em>          </td>
          <td>&nbsp;)&nbsp;</td>
          <td></td>
        </tr>
      </table>
</div>
<div class="memdoc">

<p>
The dump thread. 
<p>
<dl compact><dt><b>Parameters:</b></dt><dd>
  <table border="0" cellspacing="2" cellpadding="0">
    <tr><td valign="top"></td><td valign="top"><em>Open</em>&nbsp;</td><td>The NPF instance that creates the thread.</td></tr>
  </table>
</dl>
This function moves the content of the NPF kernel buffer to file. It runs in the user context, so at lower priority than the TAP. 
</div>
</div><p>
<a class="anchor" name="g8bad85679d2e8c57f7501052f9b07284"></a><!-- doxytag: member="Packet.h::NPF_GetDeviceMTU" ref="g8bad85679d2e8c57f7501052f9b07284" args="(IN POPEN_INSTANCE pOpen, IN PIRP pIrp, OUT PUINT pMtu)" -->
<div class="memitem">
<div class="memproto">
      <table class="memname">
        <tr>
          <td class="memname">NTSTATUS NPF_GetDeviceMTU           </td>
          <td>(</td>
          <td class="paramtype">IN <a class="el" href="struct__OPEN__INSTANCE.html">POPEN_INSTANCE</a>&nbsp;</td>
          <td class="paramname"> <em>pOpen</em>, </td>
        </tr>
        <tr>
          <td class="paramkey"></td>
          <td></td>
          <td class="paramtype">IN PIRP&nbsp;</td>
          <td class="paramname"> <em>pIrp</em>, </td>
        </tr>
        <tr>
          <td class="paramkey"></td>
          <td></td>
          <td class="paramtype">OUT PUINT&nbsp;</td>
          <td class="paramname"> <em>pMtu</em></td><td>&nbsp;</td>
        </tr>
        <tr>
          <td></td>
          <td>)</td>
          <td></td><td></td><td></td>
        </tr>
      </table>
</div>
<div class="memdoc">

<p>

</div>
</div><p>
<a class="anchor" name="gd8b208720b6e5149dabcd7fb058b16f7"></a><!-- doxytag: member="Packet.h::NPF_IoControl" ref="gd8b208720b6e5149dabcd7fb058b16f7" args="(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp)" -->
<div class="memitem">
<div class="memproto">
      <table class="memname">
        <tr>
          <td class="memname">NTSTATUS NPF_IoControl           </td>
          <td>(</td>
          <td class="paramtype">IN PDEVICE_OBJECT&nbsp;</td>
          <td class="paramname"> <em>DeviceObject</em>, </td>
        </tr>
        <tr>
          <td class="paramkey"></td>
          <td></td>
          <td class="paramtype">IN PIRP&nbsp;</td>
          <td class="paramname"> <em>Irp</em></td><td>&nbsp;</td>
        </tr>
        <tr>
          <td></td>
          <td>)</td>
          <td></td><td></td><td></td>
        </tr>
      </table>
</div>
<div class="memdoc">

<p>
Handles the IOCTL calls. 
<p>
<dl compact><dt><b>Parameters:</b></dt><dd>
  <table border="0" cellspacing="2" cellpadding="0">
    <tr><td valign="top"></td><td valign="top"><em>DeviceObject</em>&nbsp;</td><td>Pointer to the device object utilized by the user. </td></tr>
    <tr><td valign="top"></td><td valign="top"><em>Irp</em>&nbsp;</td><td>Pointer to the IRP containing the user request. </td></tr>
  </table>
</dl>
<dl class="return" compact><dt><b>Returns:</b></dt><dd>The status of the operation. See ntstatus.h in the DDK.</dd></dl>
Once the packet capture driver is opened it can be configured from user-level applications with IOCTL commands using the DeviceIoControl() system call. NPF_IoControl receives and serves all the IOCTL calls directed to NPF. The following commands are recognized:<ul>
<li><a class="el" href="group__NPF__ioctl.html#g71817d3a52bf0ec819934a5f688a172c" title="IOCTL code: set kernel buffer size.">BIOCSETBUFFERSIZE</a></li><li><a class="el" href="group__NPF__ioctl.html#gf85f500f68404076ac60ffe6e08818da" title="IOCTL code: set packet filtering program.">BIOCSETF</a></li><li><a class="el" href="group__NPF__ioctl.html#g8ae8be8faa281644d8be1cda38b826bd" title="IOCTL code: get the capture stats.">BIOCGSTATS</a></li><li><a class="el" href="group__NPF__ioctl.html#g327015c2b2e347212b571d1fa3aa2f54" title="IOCTL code: set the read timeout.">BIOCSRTIMEOUT</a></li><li><a class="el" href="group__NPF__ioctl.html#gd1012b82859d09864d246b1fa99d48d6" title="IOCTL code: set working mode.">BIOCSMODE</a></li><li><a class="el" href="group__NPF__ioctl.html#g1436997ce2947bbbe22b5400254438a1" title="IOCTL code: set number of physical repetions of every packet written by the app.">BIOCSWRITEREP</a></li><li><a class="el" href="group__NPF__ioctl.html#ga827e3441e3f84abc7df5e30fcee96d1" title="IOCTL code: set minimum amount of data in the kernel buffer that unlocks a read call...">BIOCSMINTOCOPY</a></li><li><a class="el" href="group__NPF__ioctl.html#gbf9a4779fd5281607510edc8b5d766dd" title="IOCTL code: set an OID value.">BIOCSETOID</a></li><li><a class="el" href="group__NPF__ioctl.html#g5a0ab3231052ff323817e288dab2f127" title="IOCTL code: get an OID value.">BIOCQUERYOID</a></li><li><a class="el" href="group__NPF__ioctl.html#gc8b51f8abae12f57a2ea8e8e4c0cd53c" title="IOCTL code: set the name of a the file used by kernel dump mode.">BIOCSETDUMPFILENAME</a></li><li><a class="el" href="group__NPF__ioctl.html#gdd9e03a96d297a33d7cee4d750c34eff" title="IOCTL code: get the name of the event that the driver signals when some data is present...">BIOCGEVNAME</a></li><li><a class="el" href="group__NPF__ioctl.html#gb4d41e91e460bb101ef8ddb622a8e010" title="IOCTL code: Send a buffer containing multiple packets to the network, considering...">BIOCSENDPACKETSSYNC</a></li><li><a class="el" href="group__NPF__ioctl.html#gc50830dc08762383dcb203a66e5c853d" title="IOCTL code: Send a buffer containing multiple packets to the network, ignoring the...">BIOCSENDPACKETSNOSYNC</a> </li></ul>

</div>
</div><p>
<a class="anchor" name="g82e557625e52fe4395bbe2e494fe8c4a"></a><!-- doxytag: member="Packet.h::NPF_Open" ref="g82e557625e52fe4395bbe2e494fe8c4a" args="(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp)" -->
<div class="memitem">
<div class="memproto">
      <table class="memname">
        <tr>
          <td class="memname">NTSTATUS NPF_Open           </td>
          <td>(</td>
          <td class="paramtype">IN PDEVICE_OBJECT&nbsp;</td>
          <td class="paramname"> <em>DeviceObject</em>, </td>
        </tr>
        <tr>
          <td class="paramkey"></td>
          <td></td>
          <td class="paramtype">IN PIRP&nbsp;</td>
          <td class="paramname"> <em>Irp</em></td><td>&nbsp;</td>
        </tr>
        <tr>
          <td></td>
          <td>)</td>
          <td></td><td></td><td></td>
        </tr>
      </table>
</div>
<div class="memdoc">

<p>
Opens a new instance of the driver. 
<p>
<dl compact><dt><b>Parameters:</b></dt><dd>
  <table border="0" cellspacing="2" cellpadding="0">
    <tr><td valign="top"></td><td valign="top"><em>DeviceObject</em>&nbsp;</td><td>Pointer to the device object utilized by the user. </td></tr>
    <tr><td valign="top"></td><td valign="top"><em>Irp</em>&nbsp;</td><td>Pointer to the IRP containing the user request. </td></tr>
  </table>
</dl>
<dl class="return" compact><dt><b>Returns:</b></dt><dd>The status of the operation. See ntstatus.h in the DDK.</dd></dl>
This function is called by the OS when a new instance of the driver is opened, i.e. when a user application performs a CreateFile on a device created by NPF. NPF_Open allocates and initializes variables, objects and buffers needed by the new instance, fills the OPEN_INSTANCE structure associated with it and opens the adapter with a call to NdisOpenAdapter. 
</div>
</div><p>
<a class="anchor" name="g155ae51be29c6d36f8109781b8f6e7b2"></a><!-- doxytag: member="Packet.h::NPF_OpenAdapterComplete" ref="g155ae51be29c6d36f8109781b8f6e7b2" args="(IN NDIS_HANDLE ProtocolBindingContext, IN NDIS_STATUS Status, IN NDIS_STATUS OpenErrorStatus)" -->
<div class="memitem">
<div class="memproto">
      <table class="memname">
        <tr>
          <td class="memname">VOID NPF_OpenAdapterComplete           </td>
          <td>(</td>
          <td class="paramtype">IN NDIS_HANDLE&nbsp;</td>
          <td class="paramname"> <em>ProtocolBindingContext</em>, </td>
        </tr>
        <tr>
          <td class="paramkey"></td>
          <td></td>
          <td class="paramtype">IN NDIS_STATUS&nbsp;</td>
          <td class="paramname"> <em>Status</em>, </td>
        </tr>
        <tr>
          <td class="paramkey"></td>
          <td></td>
          <td class="paramtype">IN NDIS_STATUS&nbsp;</td>
          <td class="paramname"> <em>OpenErrorStatus</em></td><td>&nbsp;</td>
        </tr>
        <tr>
          <td></td>
          <td>)</td>
          <td></td><td></td><td></td>
        </tr>
      </table>
</div>
<div class="memdoc">

<p>
Ends the opening of an adapter. 
<p>
<dl compact><dt><b>Parameters:</b></dt><dd>
  <table border="0" cellspacing="2" cellpadding="0">
    <tr><td valign="top"></td><td valign="top"><em>ProtocolBindingContext</em>&nbsp;</td><td>Context of the function. Contains a pointer to the OPEN_INSTANCE structure associated with the current instance. </td></tr>
    <tr><td valign="top"></td><td valign="top"><em>Status</em>&nbsp;</td><td>Status of the opening operation performed by NDIS. </td></tr>
    <tr><td valign="top"></td><td valign="top"><em>OpenErrorStatus</em>&nbsp;</td><td>not used by NPF.</td></tr>
  </table>
</dl>
Callback function associated with the NdisOpenAdapter() NDIS function. It is invoked by NDIS when the NIC driver has finished an open operation that was previously started by <a class="el" href="group__NPF__code.html#g82e557625e52fe4395bbe2e494fe8c4a" title="Opens a new instance of the driver.">NPF_Open()</a>. 
</div>
</div><p>
<a class="anchor" name="ge3d1118c72b474fe214517a65afdfe09"></a><!-- doxytag: member="Packet.h::NPF_OpenDumpFile" ref="ge3d1118c72b474fe214517a65afdfe09" args="(POPEN_INSTANCE Open, PUNICODE_STRING fileName, BOOLEAN append)" -->
<div class="memitem">
<div class="memproto">
      <table class="memname">
        <tr>
          <td class="memname">NTSTATUS NPF_OpenDumpFile           </td>
          <td>(</td>
          <td class="paramtype"><a class="el" href="struct__OPEN__INSTANCE.html">POPEN_INSTANCE</a>&nbsp;</td>
          <td class="paramname"> <em>Open</em>, </td>
        </tr>
        <tr>
          <td class="paramkey"></td>
          <td></td>
          <td class="paramtype">PUNICODE_STRING&nbsp;</td>
          <td class="paramname"> <em>fileName</em>, </td>
        </tr>
        <tr>
          <td class="paramkey"></td>
          <td></td>
          <td class="paramtype">BOOLEAN&nbsp;</td>
          <td class="paramname"> <em>append</em></td><td>&nbsp;</td>
        </tr>
        <tr>
          <td></td>
          <td>)</td>