Wireshark-dev: Re: [Wireshark-dev] Npcap 0.03 call for test

From: Yang Luo <hsluoyb@xxxxxxxxx>
Date: Tue, 4 Aug 2015 10:11:34 +0800
Hi Pascal,

On Tue, Aug 4, 2015 at 5:19 AM, Pascal Quantin <pascal.quantin@xxxxxxxxx> wrote:

Hi Yang,

the page https://msdn.microsoft.com/en-us/library/windows/hardware/ff549954%28v=vs.85%29.aspx suggests that:
"Before the driver calls NdisFOidRequest, the driver must allocate an NDIS_OID_REQUEST structure and transfer the request information to the new structure by calling NdisAllocateCloneOidRequest. As an option, a filter driver can complete a request immediately without forwarding the request."

This page is related to FilterOidRequest routine, in Npcap is the NPF_OidRequest function in Openclos.c, in this function NdisAllocateCloneOidRequest is called.

When looking at your code, you seem to use directly an array entry in OPEN_INSTANCE structure (or at least that's the feeling it gives). Something missed when porting the code from NDIS5 to NDIS6? This is properly done in NPF_OidRequest() function.

In NPF_GetDeviceMTU or NPF_IoControl routine, Npcap will originate its own OID requests, so no need to call NdisAllocateCloneOidRequest to "clone" one. Actually in original WinPcap 4.1.3's source (https://github.com/nmap/npcap/blob/c67abf6f8b62bda89cd98c5ecc582566323f4c91/packetNtx/driver/Openclos.c, Line 645), you can see that I didn't change much code in that function except the requesting function from NdisRequest to NdisFOidRequest (I also noticed that the 2nd param in NdisWaitEvent call has been changed from 0 to 1000, I don't know if this matters, and I can't test it). It seems that I have a little clue about this, and whatever, a stable reproduce way will be very helpful.
