Wireshark mailing list archives

Re: Npcap 0.03 call for test

From: Yang Luo <hsluoyb () gmail com>
Date: Tue, 4 Aug 2015 10:11:34 +0800

Hi Pascal,

On Tue, Aug 4, 2015 at 5:19 AM, Pascal Quantin <pascal.quantin () gmail com>
wrote:



Hi Yang,

the page
https://msdn.microsoft.com/en-us/library/windows/hardware/ff549954%28v=vs.85%29.aspx
suggests that:
"Before the driver calls *NdisFOidRequest*, the driver must allocate an
*NDIS_OID_REQUEST*
<https://msdn.microsoft.com/en-us/library/windows/hardware/ff566710%28v=vs.85%29.aspx>
structure and transfer the request information to the new structure by
calling *NdisAllocateCloneOidRequest*
<https://msdn.microsoft.com/en-us/library/windows/hardware/ff560706%28v=vs.85%29.aspx>.
As an option, a filter driver can complete a request immediately without
forwarding the request."


This page is related to *FilterOidRequest* routine, in Npcap is the
*NPF_OidRequest* function in Openclos.c, in this function
*NdisAllocateCloneOidRequest* is called.

When looking at your code, you seem to use directly an array entry in
OPEN_INSTANCE structure (or at least that's the feeling it gives).
Something missed when porting the code from NDIS5 to NDIS6? This is
properly done in NPF_OidRequest() function.


In NPF_GetDeviceMTU or NPF_IoControl routine, Npcap will originate its own
OID requests, so no need to call *NdisAllocateCloneOidRequest* to "clone"
one. Actually in original WinPcap 4.1.3's source (
https://github.com/nmap/npcap/blob/c67abf6f8b62bda89cd98c5ecc582566323f4c91/packetNtx/driver/Openclos.c,
Line 645), you can see that I didn't change much code in that function
except the requesting function from *NdisRequest* to *NdisFOidRequest* (I
also noticed that the 2nd param in *NdisWaitEvent* call has been changed
from 0 to 1000, I don't know if this matters, and I can't test it). It
seems that I have a little clue about this, and whatever, a stable
reproduce way will be very helpful.


Cheers,
Yang

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Re: Npcap 0.03 call for test, (continued)
- - - Re: Npcap 0.03 call for test Tyson Key (Aug 01)
    - Re: Npcap 0.03 call for test Yang Luo (Aug 02)
    - Re: Npcap 0.03 call for test Yang Luo (Aug 03)
    - Re: Npcap 0.03 call for test Pascal Quantin (Aug 03)
    - Re: Npcap 0.03 call for test Yang Luo (Aug 03)
    - Re: Npcap 0.03 call for test Pascal Quantin (Aug 03)
    - Re: Npcap 0.03 call for test Jim Young (Aug 03)
    - Re: Npcap 0.03 call for test Yang Luo (Aug 03)
    - Re: Npcap 0.03 call for test Yang Luo (Aug 03)
    - Re: Npcap 0.03 call for test Pascal Quantin (Aug 03)
    - Re: Npcap 0.03 call for test Yang Luo (Aug 03)
    - Re: Npcap 0.03 call for test Jim Young (Aug 03)
    - Re: Npcap 0.03 call for test Yang Luo (Aug 05)
    - Re: Npcap 0.03 call for test Jim Young (Aug 06)
    - Re: Npcap 0.03 call for test Yang Luo (Aug 15)
    - Re: Npcap 0.03 call for test Pascal Quantin (Aug 06)
    - Re: Npcap 0.03 call for test Yang Luo (Aug 06)
    - Re: Npcap 0.03 call for test Pascal Quantin (Aug 06)
    - Re: Npcap 0.03 call for test Jim Young (Aug 06)
    - Re: Npcap 0.03 call for test Yang Luo (Aug 10)
    - Re: Npcap 0.03 call for test Jim Young (Aug 10)

(Thread continues...)