庖丁解牛—winpcap源码彻底解密系列续集(11)
如何发送数据包:源码解析;
int pcap_sendpacket | ( | pcap_t * | p, | |
|
| u_char * | buf, | |
|
| int | size |
|
| ) |
|
|
|
Send a raw packet.
This function allows to send a raw packet to the network. p is the interface that will be used to send the packet, buf contains the data of the packet to send (including the various protocol headers), size is the dimension of the buffer pointed by buf, i.e. the size of the packet to send. The MAC CRC doesn't need to be included, because it is transparently calculated and added by the network interface driver. The return value is 0 if the packet is succesfully sent, -1 otherwise
在pcap.c文件找到pcap_sendpacket的源码:
/*
* API compatible with WinPcap's "send a packet" routine - returns -1
* on error, 0 otherwise.
*
* XXX - what if we get a short write?
*/
int
pcap_sendpacket(pcap_t *p, const u_char *buf, intsize)
{
if (p->inject_op(p,buf, size) == -1)
return (-1);
return (0);
}
其中inject_op是一个回调函数,实际上调用的是pcap_inject_win32,源码如下:
/* Send a packet to the network */
staticint
pcap_inject_win32(pcap_t *p, const void *buf, size_tsize){
LPPACKET PacketToSend;
PacketToSend=PacketAllocatePacket();
if (PacketToSend ==NULL)
{
snprintf(p->errbuf,PCAP_ERRBUF_SIZE, "send error: PacketAllocatePacket failed");
return -1;
}
PacketInitPacket(PacketToSend,(PVOID)buf,size);
if(PacketSendPacket(p->adapter,PacketToSend,TRUE) ==FALSE){
snprintf(p->errbuf,PCAP_ERRBUF_SIZE, "send error: PacketSendPacket failed");
PacketFreePacket(PacketToSend);
return -1;
}
PacketFreePacket(PacketToSend);
/*
* We assume it all got sent if "PacketSendPacket()" succeeded.
* "pcap_inject()" is expected to return the number of bytes
* sent.
*/
return size;
}
下面分别介绍PacketAllocatePacket、PacketInitPacket,PacketSendPacket,PacketFreePacket函数,源码如下:
/*!
\brief Allocates a _PACKET structure.
\return On succeess, the return value is the pointer to a _PACKET structure otherwise the
return value is NULL.
The structure returned will be passed to the PacketReceivePacket() function to receive the
packets from the driver.
\warning The Buffer field of the _PACKET structure is not set by this function.
The buffer \b must be allocated by the application, and associated to the PACKET structure
with a call to PacketInitPacket.
*/
LPPACKETPacketAllocatePacket(void)//分配包结构,即包描述符,但不分配包缓冲区
{
LPPACKET lpPacket;
TRACE_ENTER("PacketAllocatePacket");
lpPacket=(LPPACKET)GlobalAllocPtr(GMEM_MOVEABLE |GMEM_ZEROINIT,sizeof(PACKET));
if (lpPacket==NULL)
{
TRACE_PRINT("PacketAllocatePacket: GlobalAlloc Failed");
}
TRACE_EXIT("PacketAllocatePacket");
return lpPacket;
}
包描述符和包缓冲区关联的函数源码如下:
/*!
\brief Initializes a _PACKET structure.
\param lpPacket The structure to initialize.
\param Buffer A pointer to a user-allocated buffer that will contain the captured data.
\param Length the length of the buffer. This is the maximum buffer size that will be
transferred from the driver to the application using a single read.
\note the size of the buffer associated with the PACKET structure is a parameter that can sensibly
influence the performance of the capture process, since this buffer will contain the packets received
from the the driver. The driver is able to return several packets using a single read call
(see the PacketReceivePacket() function for details), and the number of packets transferable to the
application in a call is limited only by the size of the buffer associated with the PACKET structure
passed to PacketReceivePacket(). Therefore setting a big buffer with PacketInitPacket can noticeably
decrease the number of system calls, reducing the impcat of the capture process on the processor.
*/
VOIDPacketInitPacket(LPPACKETlpPacket,PVOID Buffer,UINT Length)
{
TRACE_ENTER("PacketInitPacket");
lpPacket->Buffer =Buffer;
lpPacket->Length =Length;
lpPacket->ulBytesReceived = 0;
lpPacket->bIoComplete =FALSE;
TRACE_EXIT("PacketInitPacket");
}
分配缓冲区后,就可以发送数据包了,源码如下:
/*!
\brief Sends one (or more) copies of a packet to the network.
\param AdapterObject Pointer to an _ADAPTER structure identifying the network adapter that will
send the packets.
\param lpPacket Pointer to a PACKET structure with the packet to send.
\param Sync This parameter is deprecated and will be ignored. It is present for compatibility with
older applications.
\return If the function succeeds, the return value is nonzero.
This function is used to send a raw packet to the network. 'Raw packet' means that the programmer
will have to include the protocol headers, since the packet is sent to the network 'as is'.
The CRC needs not to be calculated and put at the end of the packet, because it will be transparently
added by the network interface.
The behavior of this function is influenced by the PacketSetNumWrites() function. With PacketSetNumWrites(),
it is possible to change the number of times a single write must be repeated. The default is 1,
i.e. every call to PacketSendPacket() will correspond to one packet sent to the network. If this number is
greater than 1, for example 1000, every raw packet written by the application will be sent 1000 times on
the network. This feature mitigates the overhead of the context switches and therefore can be used to generate
high speed traffic. It is particularly useful for tools that test networks, routers, and servers and need
to obtain high network loads.
The optimized sending process is still limited to one packet at a time: for the moment it cannot be used
to send a buffer with multiple packets.
\note The ability to write multiple packets is currently present only in the Windows NTx version of the
packet driver. In Windows 95/98/ME it is emulated at user level in packet.dll. This means that an application
that uses the multiple write method will run in Windows 9x as well, but its performance will be very low
compared to the one of WindowsNTx.
*/
BOOLEANPacketSendPacket(LPADAPTERAdapterObject,LPPACKETlpPacket,BOOLEANSync)
{
DWORD BytesTransfered;
BOOLEAN Result;
TRACE_ENTER("PacketSendPacket");
UNUSED(Sync);
#ifdefHAVE_AIRPCAP_API
if(AdapterObject->Flags ==INFO_FLAG_AIRPCAP_CARD)
{
if(g_PAirpcapWrite)
{
Result = (BOOLEAN)g_PAirpcapWrite(AdapterObject->AirpcapAd,lpPacket->Buffer,lpPacket->Length);
TRACE_EXIT("PacketSetMinToCopy");
return Result;
}
else
{
TRACE_EXIT("PacketSetMinToCopy");
TRACE_PRINT("Transmission not supported with this version of AirPcap");
return FALSE;
}
}
#endif// HAVE_AIRPCAP_API
#ifdefHAVE_WANPACKET_API
if(AdapterObject->Flags == INFO_FLAG_NDISWAN_ADAPTER)
{
TRACE_PRINT("PacketSendPacket: packet sending not allowed on wan adapters");
TRACE_EXIT("PacketSendPacket");
return FALSE;
}
#endif// HAVE_WANPACKET_API
#ifdefHAVE_NPFIM_API
if(AdapterObject->Flags == INFO_FLAG_NPFIM_DEVICE)
{
TRACE_PRINT("PacketSendPacket: packet sending not allowed on NPFIM adapters");
TRACE_EXIT("PacketSendPacket");
return FALSE;
}
#endif//HAVE_NPFIM_API
if (AdapterObject->Flags ==INFO_FLAG_NDIS_ADAPTER)
{
Result = (BOOLEAN)WriteFile(AdapterObject->hFile,lpPacket->Buffer,lpPacket->Length,&BytesTransfered,NULL);
}
else
{
TRACE_PRINT1("Request to write on an unknown device type (%u)",AdapterObject->Flags);
Result = FALSE;
}
TRACE_EXIT("PacketSendPacket");
return Result;
}
发送完数据包后,就是释放缓冲区了(PacketFreePacket),源码如下:
/*!
\brief Frees a _PACKET structure.
\param lpPacket The structure to free.
\warning the user-allocated buffer associated with the _PACKET structure is not deallocated
by this function and \b must be explicitly deallocated by the programmer.
*/
VOIDPacketFreePacket(LPPACKETlpPacket)
{
TRACE_ENTER("PacketFreePacket");
GlobalFreePtr(lpPacket);
TRACE_EXIT("PacketFreePacket");
}