庖丁解牛---winpcap原始碼徹底解密系列續集(10)
設定讀超時:
PacketSetReadTimeout(p->adapter, p->md.timeout);
BOOLEAN PacketSetReadTimeout(LPADAPTER AdapterObject,int timeout)
{
BOOLEAN Result;
TRACE_ENTER("PacketSetReadTimeout");
AdapterObject->ReadTimeOut = timeout;
#ifdef HAVE_WANPACKET_API
if (AdapterObject->Flags == INFO_FLAG_NDISWAN_ADAPTER)
{
Result = WanPacketSetReadTimeout(AdapterObject->pWanAdapter,timeout);
TRACE_EXIT("PacketSetReadTimeout");
return Result;
}
#endif // HAVE_WANPACKET_API
#ifdef HAVE_NPFIM_API
if (AdapterObject->Flags == INFO_FLAG_NPFIM_DEVICE)
{
//
// convert the timestamps to Windows like format (0 = immediate, -1(INFINITE) = infinite)
//
if (timeout == -1) timeout = 0;
else if (timeout == 0) timeout = INFINITE;
Result = (BOOLEAN)g_NpfImHandlers.NpfImSetReadTimeout(AdapterObject->NpfImHandle, timeout);
TRACE_EXIT("PacketSetReadTimeout");
return Result;
}
#endif // HAVE_NPFIM_API
#ifdef HAVE_AIRPCAP_API
//
// Timeout with AirPcap is handled at user level
//
if(AdapterObject->Flags == INFO_FLAG_AIRPCAP_CARD)
{
TRACE_EXIT("PacketSetReadTimeout");
return TRUE;
}
#endif // HAVE_AIRPCAP_API
#ifdef HAVE_DAG_API
// Under DAG, we simply store the timeout value and then
if(AdapterObject->Flags & INFO_FLAG_DAG_CARD)
{
if(timeout == -1)
{
// tell DAG card to return immediately
AdapterObject->DagReadTimeout.tv_sec = 0;
AdapterObject->DagReadTimeout.tv_usec = 0;
}
else
{
if(timeout == 0)
{
// tell the DAG card to wait forvever
AdapterObject->DagReadTimeout.tv_sec = -1;
AdapterObject->DagReadTimeout.tv_usec = -1;
}
else
{
// Set the timeout for the DAG card
AdapterObject->DagReadTimeout.tv_sec = timeout / 1000;
AdapterObject->DagReadTimeout.tv_usec = (timeout * 1000) % 1000000;
}
}
TRACE_EXIT("PacketSetReadTimeout");
return TRUE;
}
#endif // HAVE_DAG_API
if(AdapterObject->Flags == INFO_FLAG_NDIS_ADAPTER)
{
Result = TRUE;
}
else
{
//
// if we are here, it's an unsupported ADAPTER type!
//
TRACE_PRINT1("Request to set read timeout on an unknown device type (%u)", AdapterObject->Flags);
Result = FALSE;
}
TRACE_EXIT("PacketSetReadTimeout");
return Result;
}
從原始碼看,發現設定讀超時,根本沒有像設定核心緩衝一樣,將它通過DeviceIoControl傳遞,就是說設定超時,就在應用程式就停止了,沒有往下傳遞,但是我在npf中,又發現了與讀超時有關的程式碼:
#define BIOCSRTIMEOUT 7416
case BIOCSRTIMEOUT: //set the timeout on the read calls
TRACE_MESSAGE(PACKET_DEBUG_LOUD, "BIOCSRTIMEOUT");
if(IrpSp->Parameters.DeviceIoControl.InputBufferLength < sizeof(ULONG))
{
SET_FAILURE_BUFFER_SMALL();
break;
}
timeout = *((PULONG)Irp->AssociatedIrp.SystemBuffer);
if(timeout == (ULONG)-1)
Open->TimeOut.QuadPart=(LONGLONG)IMMEDIATE;
else
{
Open->TimeOut.QuadPart = (LONGLONG)timeout;
Open->TimeOut.QuadPart *= 10000;
Open->TimeOut.QuadPart = -Open->TimeOut.QuadPart;
}
TRACE_MESSAGE1(PACKET_DEBUG_LOUD, "Read timeout set to %I64d",Open->TimeOut.QuadPart);
SET_RESULT_SUCCESS(0);
break;
NPF_Read讀函式中也有:
Occupation=0;
for(i=0;i<g_NCpu;i++)
Occupation += (Open->Size - Open->CpuData[i].Free);
//See if the buffer is full enough to be copied
if( Occupation <= Open->MinToCopy*g_NCpu || Open->mode & MODE_DUMP )
{
if (Open->ReadEvent != NULL)
{
//wait until some packets arrive or the timeout expires
if(Open->TimeOut.QuadPart != (LONGLONG)IMMEDIATE)
KeWaitForSingleObject(Open->ReadEvent,
UserRequest,
KernelMode,
TRUE,
(Open->TimeOut.QuadPart == (LONGLONG)0)? NULL: &(Open->TimeOut));
KeClearEvent(Open->ReadEvent);
}
那麼驅動中的這個超時是怎麼傳遞進去的呢,詫異!我搜了BIOCSRTIMEOUT,在npf.sys中packetNtx\driver裡面有,我在wpcap和packet兩個庫裡面都沒有!詫異!有誰知道的指點下,windows xp下面應該使用的是packetNtx下的驅動吧!