NTSTATUS
NdisprotWrite(
IN PDEVICE_OBJECT pDeviceObject,
IN PIRP pIrp
)
/*++
Routine Description:
Dispatch routine to handle IRP_MJ_WRITE.
Arguments:
pDeviceObject - pointer to our device object
pIrp - Pointer to request packet
Return Value:
NT status code.
--*/
{
PIO_STACK_LOCATION pIrpSp;
ULONG DataLength;
NTSTATUS NtStatus;
PNDISPROT_OPEN_CONTEXT pOpenContext;
PNET_BUFFER_LIST pNetBufferList;
PMDL pMdl;
NDISPROT_ETH_HEADER UNALIGNED *pEthHeader;
PVOID CancelId;
ULONG SendFlags = 0;
UNREFERENCED_PARAMETER(pDeviceObject);
pIrpSp = IoGetCurrentIrpStackLocation(pIrp);
pOpenContext = pIrpSp->FileObject->FsContext;
do
{
if (pOpenContext == NULL)
{
DEBUGP(DL_WARN, ("Write: FileObject %p not yet associated with a device\n",
pIrpSp->FileObject));
NtStatus = STATUS_INVALID_HANDLE;
break;
}
NPROT_STRUCT_ASSERT(pOpenContext, oc);
if (pIrp->MdlAddress == NULL)
{
DEBUGP(DL_FATAL, ("Write: NULL MDL address on IRP %p\n", pIrp));
NtStatus = STATUS_INVALID_PARAMETER;
break;
}
//
// Try to get a virtual address for the MDL.
//
pEthHeader = NULL;
NdisQueryMdl(pIrp->MdlAddress, &pEthHeader, &DataLength, NormalPagePriority);
if (pEthHeader == NULL)
{
DEBUGP(DL_FATAL, ("Write: MmGetSystemAddr failed for"
" IRP %p, MDL %p\n",
pIrp, pIrp->MdlAddress));
NtStatus = STATUS_INSUFFICIENT_RESOURCES;
break;
}
//
// Sanity-check the length.
//
if (DataLength < sizeof(NDISPROT_ETH_HEADER))
{
DEBUGP(DL_WARN, ("Write: too small to be a valid packet (%d bytes)\n",
DataLength));
NtStatus = STATUS_BUFFER_TOO_SMALL;
break;
}
if (DataLength > (pOpenContext->MaxFrameSize + sizeof(NDISPROT_ETH_HEADER)))
{
DEBUGP(DL_WARN, ("Write: Open %p: data length (%d)"
" larger than max frame size (%d)\n",
pOpenContext, DataLength, pOpenContext->MaxFrameSize));
NtStatus = STATUS_INVALID_BUFFER_SIZE;
break;
}
if (pEthHeader->EthType != Globals.EthType)
{
DEBUGP(DL_WARN, ("Write: Failing send with EthType %x\n",
pEthHeader->EthType));
NtStatus = STATUS_INVALID_PARAMETER;
break;
}
if (!NPROT_MEM_CMP(pEthHeader->SrcAddr, pOpenContext->CurrentAddress, NPROT_MAC_ADDR_LEN))
{
DEBUGP(DL_WARN, ("Write: Failing with invalid Source address"));
NtStatus = STATUS_INVALID_PARAMETER;
break;
}
NPROT_ACQUIRE_LOCK(&pOpenContext->Lock, FALSE);
if (!NPROT_TEST_FLAGS(pOpenContext->Flags, NPROTO_BIND_FLAGS, NPROTO_BIND_ACTIVE))
{
NPROT_RELEASE_LOCK(&pOpenContext->Lock, FALSE);
DEBUGP(DL_FATAL, ("Write: Open %p is not bound"
" or in low power state\n", pOpenContext));
NtStatus = STATUS_INVALID_HANDLE;
break;
}
if (pOpenContext->State != NdisprotRunning ||
pOpenContext->PowerState != NetDeviceStateD0)
{
NPROT_RELEASE_LOCK(&pOpenContext->Lock, FALSE);
DEBUGP(DL_INFO, ("Device is not ready.\n"));
NtStatus = STATUS_UNSUCCESSFUL;
break;
}
pMdl = pIrp->MdlAddress;
NPROT_ASSERT(pOpenContext->SendNetBufferListPool != NULL);
pNetBufferList = NdisAllocateNetBufferAndNetBufferList(
pOpenContext->SendNetBufferListPool,
sizeof(NPROT_SEND_NETBUFLIST_RSVD), //Request control offset delta
0, // back fill size
pMdl,
0, // Data offset
DataLength);
if (pNetBufferList == NULL)
{
NPROT_RELEASE_LOCK(&pOpenContext->Lock, FALSE);
DEBUGP(DL_FATAL, ("Write: open %p, failed to alloc send net buffer list\n",
pOpenContext));
NtStatus = STATUS_INSUFFICIENT_RESOURCES;
break;
}
pOpenContext->PendedSendCount++;
NPROT_REF_OPEN(pOpenContext); // pended send
IoMarkIrpPending(pIrp);
//
// Initialize the NetBufferList ref count. This NetBufferList will be freed
// when this count goes to zero.
//
NPROT_SEND_NBL_RSVD(pNetBufferList)->RefCount = 1;
//
// We set up a cancel ID on each send NetBufferList (which maps to a Write IRP),
// and save the NetBufferList pointer in the IRP. If the IRP gets cancelled, we use
// NdisCancelSendNetBufferLists() to cancel the NetBufferList.
//
CancelId = NPROT_GET_NEXT_CANCEL_ID();
NDIS_SET_NET_BUFFER_LIST_CANCEL_ID(pNetBufferList, CancelId);
pIrp->Tail.Overlay.DriverContext[0] = (PVOID)pOpenContext;
pIrp->Tail.Overlay.DriverContext[1] = (PVOID)pNetBufferList;
pIrp->Tail.Overlay.DriverContext[2] = CancelId;
NPROT_INSERT_TAIL_LIST(&pOpenContext->PendedWrites, &pIrp->Tail.Overlay.ListEntry);
IoSetCancelRoutine(pIrp, NdisprotCancelWrite);
NPROT_RELEASE_LOCK(&pOpenContext->Lock, FALSE);
//
// Set a back pointer from the packet to the IRP.
//
NPROT_IRP_FROM_SEND_NBL(pNetBufferList) = pIrp;
NtStatus = STATUS_PENDING;
#if SEND_DBG
{
PUCHAR pData;
pData = MmGetSystemAddressForMdlSafe(pMdl, NormalPagePriority);
NPROT_ASSERT(pEthHeader == pData);
DEBUGP(DL_VERY_LOUD,
("Write: MDL %p, MdlFlags %x, SystemAddr %p, %d bytes\n",
pIrp->MdlAddress, pIrp->MdlAddress->MdlFlags, pData, DataLength));
DEBUGPDUMP(DL_VERY_LOUD, pData, MIN(DataLength, 48));
}
#endif // SEND_DBG
pNetBufferList->SourceHandle = pOpenContext->BindingHandle;
ASSERT (NDIS_MDL_LINKAGE(pMdl) == NULL);
SendFlags |= NDIS_SEND_FLAGS_CHECK_FOR_LOOPBACK;
NdisSendNetBufferLists(
pOpenContext->BindingHandle,
pNetBufferList,
NDIS_DEFAULT_PORT_NUMBER,
SendFlags);
}
while (FALSE);
if (NtStatus != STATUS_PENDING)
{
pIrp->IoStatus.Status = NtStatus;
IoCompleteRequest(pIrp, IO_NO_INCREMENT);
}
return (NtStatus);
}
VOID
NdisProtEvtIoWrite(
IN WDFQUEUE Queue,
IN WDFREQUEST Request,
IN size_t Length
)
/*++
Routine Description:
Dispatch routine to handle Request_MJ_WRITE.
Arguments:
Queue - Default queue handle
Request - Handle to the read/write request
Lenght - Length of the data buffer associated with the request.
The default property of the queue is to not dispatch
zero lenght read & write requests to the driver and
complete is with status success. So we will never get
a zero length request.
Return Value:
VOID
--*/
{
ULONG DataLength;
NTSTATUS NtStatus;
PNDISPROT_OPEN_CONTEXT pOpenContext;
PNET_BUFFER_LIST pNetBufferList;
NDISPROT_ETH_HEADER UNALIGNED *pEthHeader;
PVOID CancelId;
ULONG SendFlags = 0;
PMDL pMdl = NULL;
WDFFILEOBJECT fileObject;
PREQUEST_CONTEXT reqContext;
WDF_OBJECT_ATTRIBUTES attributes;
UNREFERENCED_PARAMETER(Queue);
fileObject = WdfRequestGetFileObject(Request);
pOpenContext = GetFileObjectContext(fileObject)->OpenContext;
do
{
//
// Create a context to track the length of transfer and NDIS packet
// associated with this request.
//
WDF_OBJECT_ATTRIBUTES_INIT_CONTEXT_TYPE(&attributes, REQUEST_CONTEXT);
NtStatus = WdfObjectAllocateContext(Request, &attributes, &reqContext);
if(!NT_SUCCESS(NtStatus)){
DEBUGP(DL_WARN, ("Write: WdfObjectAllocateContext failed: %x\n", NtStatus));
NtStatus = STATUS_INVALID_HANDLE;
break;
}
reqContext->Length = (ULONG) Length;
if (pOpenContext == NULL)
{
DEBUGP(DL_WARN, ("Write: FileObject %p not yet associated with a device\n",
fileObject));
NtStatus = STATUS_INVALID_HANDLE;
break;
}
NPROT_STRUCT_ASSERT(pOpenContext, oc);
NtStatus = WdfRequestRetrieveInputWdmMdl(Request, &pMdl);
if (!NT_SUCCESS(NtStatus))
{
DEBUGP(DL_FATAL, ("Write: WdfRequestRetrieveInputWdmMdl failed %x\n", NtStatus));
break;
}
//
// Try to get a virtual address for the MDL.
//
pEthHeader = MmGetSystemAddressForMdlSafe(pMdl, NormalPagePriority | MdlMappingNoExecute);
if (pEthHeader == NULL)
{
DEBUGP(DL_FATAL, ("Write: MmGetSystemAddr failed for"
" Request %p, MDL %p\n",
Request, pMdl));
NtStatus = STATUS_INSUFFICIENT_RESOURCES;
break;
}
//
// Sanity-check the length.
//
DataLength = MmGetMdlByteCount(pMdl);
if (DataLength < sizeof(NDISPROT_ETH_HEADER))
{
DEBUGP(DL_WARN, ("Write: too small to be a valid packet (%d bytes)\n",
DataLength));
NtStatus = STATUS_BUFFER_TOO_SMALL;
break;
}
if (DataLength > (pOpenContext->MaxFrameSize + sizeof(NDISPROT_ETH_HEADER)))
{
DEBUGP(DL_WARN, ("Write: Open %p: data length (%d)"
" larger than max frame size (%d)\n",
pOpenContext, DataLength, pOpenContext->MaxFrameSize));
NtStatus = STATUS_INVALID_BUFFER_SIZE;
break;
}
//
// To prevent applications from sending packets with spoofed
// mac address, we will do the following check to make sure the source
// address in the packet is same as the current MAC address of the NIC.
//
if ((WdfRequestGetRequestorMode(Request) == UserMode) &&
!NPROT_MEM_CMP(pEthHeader->SrcAddr, pOpenContext->CurrentAddress, NPROT_MAC_ADDR_LEN))
{
DEBUGP(DL_WARN, ("Write: Failing with invalid Source address"));
NtStatus = STATUS_INVALID_PARAMETER;
break;
}
NPROT_ACQUIRE_LOCK(&pOpenContext->Lock, FALSE);
if (!NPROT_TEST_FLAGS(pOpenContext->Flags, NPROTO_BIND_FLAGS, NPROTO_BIND_ACTIVE))
{
NPROT_RELEASE_LOCK(&pOpenContext->Lock, FALSE);
DEBUGP(DL_FATAL, ("Write: Open %p is not bound"
" or in low power state\n", pOpenContext));
NtStatus = STATUS_INVALID_HANDLE;
break;
}
if ((pOpenContext->State == NdisprotPaused)
|| (pOpenContext->State == NdisprotPausing))
{
NPROT_RELEASE_LOCK(&pOpenContext->Lock, FALSE);
DEBUGP(DL_INFO, ("Device is paused.\n"));
NtStatus = STATUS_UNSUCCESSFUL;
break;
}
NPROT_ASSERT(pOpenContext->SendNetBufferListPool != NULL);
pNetBufferList = NdisAllocateNetBufferAndNetBufferList(
pOpenContext->SendNetBufferListPool,
sizeof(NPROT_SEND_NETBUFLIST_RSVD), //Request control offset delta
0, // back fill size
pMdl,
0, // Data offset
DataLength);
if (pNetBufferList == NULL)
{
NPROT_RELEASE_LOCK(&pOpenContext->Lock, FALSE);
DEBUGP(DL_FATAL, ("Write: open %p, failed to alloc send net buffer list\n",
pOpenContext));
NtStatus = STATUS_INSUFFICIENT_RESOURCES;
break;
}
pOpenContext->PendedSendCount++;
NPROT_REF_OPEN(pOpenContext); // pended send
//
// Initialize the NetBufferList ref count. This NetBufferList will be freed
// when this count goes to zero.
//
NPROT_SEND_NBL_RSVD(pNetBufferList)->RefCount = 1;
//
// We set up a cancel ID on each send NetBufferList (which maps to a Write IRP),
// and save the NetBufferList pointer in the IRP. If the IRP gets cancelled, we use
// NdisCancelSendNetBufferLists() to cancel the NetBufferList.
//
// Note that this sample code does not implement the cancellation logic. An actual
// driver may find value in implementing this.
//
CancelId = NPROT_GET_NEXT_CANCEL_ID();
NDIS_SET_NET_BUFFER_LIST_CANCEL_ID(pNetBufferList, CancelId);
reqContext->NetBufferList = (PVOID)pNetBufferList;
NPROT_RELEASE_LOCK(&pOpenContext->Lock, FALSE);
//
// Set a back pointer from the packet to the IRP.
//
NPROT_REQUEST_FROM_SEND_NBL(pNetBufferList) = Request;
NtStatus = STATUS_PENDING;
pNetBufferList->SourceHandle = pOpenContext->BindingHandle;
NPROT_ASSERT (pMdl->Next == NULL);
SendFlags |= NDIS_SEND_FLAGS_CHECK_FOR_LOOPBACK;
NdisSendNetBufferLists(
pOpenContext->BindingHandle,
pNetBufferList,
NDIS_DEFAULT_PORT_NUMBER,
SendFlags);
}
while (FALSE);
if (NtStatus != STATUS_PENDING)
{
WdfRequestComplete(Request, NtStatus);
}
return;
}
// Write procedure of the device
NTSTATUS SlDeviceWriteProc(DEVICE_OBJECT *device_object, IRP *irp)
{
SL_DEVICE *dev = *((SL_DEVICE **)device_object->DeviceExtension);
NTSTATUS ret = STATUS_UNSUCCESSFUL;
IO_STACK_LOCATION *irp_stack = IoGetCurrentIrpStackLocation(irp);
UINT ret_size = 0;
if (dev->IsBasicDevice == false)
{
// Adapter device
SL_FILE *f = irp_stack->FileObject->FsContext;
if (irp_stack->Parameters.Write.Length == SL_EXCHANGE_BUFFER_SIZE)
{
UCHAR *buf = irp->UserBuffer;
if (dev->Halting || dev->Adapter->Halt || buf == NULL)
{
// Halting
}
else
{
// Write the packet
MDL *mdl;
UINT num = SL_NUM_PACKET(buf);
mdl = IoAllocateMdl(buf, SL_EXCHANGE_BUFFER_SIZE, false, false, NULL);
if (mdl != NULL)
{
MmProbeAndLockPages(mdl, KernelMode, IoReadAccess);
}
ret = true;
ret_size = SL_EXCHANGE_BUFFER_SIZE;
if (num >= 1 && num <= SL_MAX_PACKET_EXCHANGE)
{
UINT i, j;
NET_BUFFER_LIST *nbl_head = NULL;
NET_BUFFER_LIST *nbl_tail = NULL;
UINT num_packets = 0;
NDIS_HANDLE adapter_handle = NULL;
SlLock(f->Adapter->Lock);
if (f->Adapter->NumPendingSendPackets <= SL_MAX_PACKET_QUEUED)
{
// Admit to send only if the number of packets being transmitted does not exceed the specified limit
adapter_handle = f->Adapter->AdapterHandle;
}
if (adapter_handle != NULL)
{
// Lock the file list which opens the same adapter
SlLockList(dev->FileList);
for (j = 0;j < SL_LIST_NUM(dev->FileList);j++)
{
SL_FILE *other = SL_LIST_DATA(dev->FileList, j);
if (other != f)
{
// Lock the receive queue of other file lists
SlLock(other->RecvLock);
other->SetEventFlag = false;
}
}
for (i = 0;i < num;i++)
{
UINT packet_size = SL_SIZE_OF_PACKET(buf, i);
UCHAR *packet_buf;
NET_BUFFER_LIST *nbl = NULL;
bool ok = false;
if (packet_size > SL_MAX_PACKET_SIZE)
{
packet_size = SL_MAX_PACKET_SIZE;
}
else if (packet_size < SL_PACKET_HEADER_SIZE)
{
packet_size = SL_PACKET_HEADER_SIZE;
}
packet_buf = (UCHAR *)SL_ADDR_OF_PACKET(buf, i);
for (j = 0;j < SL_LIST_NUM(dev->FileList);j++)
{
SL_FILE *other = SL_LIST_DATA(dev->FileList, j);
if (other != f)
{
// Insert into the receive queue of the other file lists
if (other->NumRecvPackets < SL_MAX_PACKET_QUEUED)
{
SL_PACKET *q = SlMalloc(sizeof(SL_PACKET));
SlCopy(q->Data, packet_buf, packet_size);
q->Size = packet_size;
q->Next = NULL;
if (other->RecvPacketHead == NULL)
{
other->RecvPacketHead = q;
}
else
{
other->RecvPacketTail->Next = q;
}
other->RecvPacketTail = q;
other->NumRecvPackets++;
other->SetEventFlag = true;
}
}
}
// Allocate a new NET_BUFFER_LIST
if (f->NetBufferListPool != NULL)
{
nbl = NdisAllocateNetBufferList(f->NetBufferListPool, 16, 0);
if (nbl != NULL)
{
nbl->SourceHandle = adapter_handle;
}
}
if (nbl != NULL)
{
// Get the NET_BUFFER from the NET_BUFFER_LIST
NET_BUFFER *nb = NET_BUFFER_LIST_FIRST_NB(nbl);
NET_BUFFER_LIST_NEXT_NBL(nbl) = NULL;
if (nb != NULL && OK(NdisRetreatNetBufferDataStart(nb, packet_size, 0, NULL)))
{
// Buffer copy
UCHAR *dst = NdisGetDataBuffer(nb, packet_size, NULL, 1, 0);
if (dst != NULL)
{
SlCopy(dst, packet_buf, packet_size);
ok = true;
}
else
{
NdisAdvanceNetBufferDataStart(nb, packet_size, false, NULL);
}
}
}
if (ok == false)
{
if (nbl != NULL)
{
NdisFreeNetBufferList(nbl);
}
}
else
{
if (nbl_head == NULL)
{
nbl_head = nbl;
}
if (nbl_tail != NULL)
{
NET_BUFFER_LIST_NEXT_NBL(nbl_tail) = nbl;
}
nbl_tail = nbl;
*((void **)NET_BUFFER_LIST_CONTEXT_DATA_START(nbl)) = f;
num_packets++;
}
}
for (j = 0;j < SL_LIST_NUM(dev->FileList);j++)
{
SL_FILE *other = SL_LIST_DATA(dev->FileList, j);
if (other != f)
{
// Release the receive queue of other file lists
SlUnlock(other->RecvLock);
// Set an event
if (other->SetEventFlag)
{
SlSet(other->Event);
}
}
}
SlUnlockList(dev->FileList);
if (nbl_head != NULL)
{
InterlockedExchangeAdd(&f->NumSendingPacketets, num_packets);
InterlockedExchangeAdd(&f->Adapter->NumPendingSendPackets, num_packets);
SlUnlock(f->Adapter->Lock);
NdisSendNetBufferLists(adapter_handle, nbl_head, 0, 0);
}
else
{
SlUnlock(f->Adapter->Lock);
}
}
else
{
SlUnlock(f->Adapter->Lock);
}
}
if (mdl != NULL)
{
MmUnlockPages(mdl);
IoFreeMdl(mdl);
}
}
}
}
irp->IoStatus.Information = ret_size;
irp->IoStatus.Status = ret;
IoCompleteRequest(irp, IO_NO_INCREMENT);
return ret;
}
