hgf/qt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
qt/ledset/WpdPack_4_1_2/docs/html/group__internals.html
2022-08-25 18:43:03 +08:00

99 lines
5.2 KiB
HTML
Raw Blame History

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<title>WinPcap: WinPcap internals</title>
<link href="tabs.css" rel="stylesheet" type="text/css"/>
<link href="style.css" rel="stylesheet" type="text/css"/>
</head>
<body>
<!-- Generated by Doxygen 1.6.1 -->
<div class="navigation" id="top">
<div class="tabs">
<ul>
<li><a href="main.html"><span>Main&nbsp;Page</span></a></li>
<li><a href="pages.html"><span>Related&nbsp;Pages</span></a></li>
<li><a href="modules.html"><span>Modules</span></a></li>
<li><a href="annotated.html"><span>Data&nbsp;Structures</span></a></li>
<li><a href="files.html"><span>Files</span></a></li>
</ul>
</div>
</div>
<div class="contents">
<h1>WinPcap internals</h1><table border="0" cellpadding="0" cellspacing="0">
<tr><td colspan="2"><h2>Modules</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__NPF.html">NPF driver internals manual</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__compilation.html">How to compile WinPcap</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__packetapi.html">Packet.dll -- Packet Driver API</a></td></tr>
</table>
<hr/><a name="_details"></a><h2>Detailed Description</h2>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<meta name="GENERATOR" content="Microsoft FrontPage 6.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<title></title>
</head>
<body>
This portion of the manual describes the internal structure and interfaces of WinPcap,
starting from the lowest-level module. It is targeted at people that must extend
or modify this software, or to the ones interested in how it works. Therefore,
developers who just want to use WinPcap in their software don't need to read it.
<h2>WinPcap structure</h2>
<p>Quoted from the home page of winpcap:</p>
<p><i>WinPcap is an architecture for packet capture and network analysis for the
Win32 platforms. It includes a kernel-level packet filter, a
low-level dynamic link library (packet.dll), and a high-level and
system-independent library (wpcap.dll).</i></p>
<p>Why we use the term &quot;architecture&quot; rather than &quot;library&quot;? Because packet capture is a low level mechanism
that requires a strict interaction with the network adapter and with the
operating system, in particular with its networking implementation, so a simple
library is not sufficient.</p>
<p>The following figure shows the various components of WinPcap:</p>
<p align="center">
<img src="internals-arch.gif" width="280" height="355">
<p align="center">
<b>Main components of WinPcap.</b>
<p>First, a capture system needs to bypass the operating systems's protocol stack in order to access
the raw data transiting on the network. This requires a portion
running inside the kernel of OS, interacting directly with the network interface
drivers. This portion is very system dependent, and in
our solution it is realized as a device driver, called Netgroup Packet Filter (NPF);
we provide different versions of the driver for Windows 95, Windows 98, Windows ME,
Windows NT 4,
Windows 2000 and Windows XP. These drivers offer both basic features like packet capture
and injection, as well as more advanced ones like a programmable filtering system and a
monitoring engine. The first one can be used to restrict a capture session to a
subset of the network traffic (e.g. it is possible to capture only the ftp
traffic generated by a particular host), the second one provides a powerful but
simple to use mechanism to obtain statistics on the traffic (e.g. it is possible
to obtain the network load or the amount of data exchanged between two hosts).</p>
<p>Second, the capture system must export an interface that user-level
applications will use to take advantage of the features provided by the kernel
driver. WinPcap provides two different libraries: <i>packet.dll</i> and <i>wpcap.dll</i>.&nbsp;</p>
<p>
The first one offers a low-level API that can be used to directly access the
functions of the driver, with a programming interface independent from the
Microsoft OS.&nbsp;</p>
<p> The second one exports a more powerful set of high level capture
primitives that are compatible with libpcap, the well known Unix capture
library. These functions enable packet capture in a manner that is independent
of the
underlying network hardware and operating system.</p>
<p>Throughout this documentation we will refer to the <b>Packet Driver API </b>or
<b>packet.dll</b> as the first set of functions, whereas <b>wpcap</b>, <b>wpcap.dll</b> or <b>libpcap</b>
will refer to the to the second one.</p>
</body>
</html>
</div>
<hr>
<p align="right"><img border="0" src="winpcap_small.gif" align="absbottom" width="91" height="27">
documentation. Copyright (c) 2002-2005 Politecnico di Torino. Copyright (c) 2005-2009
CACE Technologies. All rights reserved.</p>
Reference in New Issue View Git Blame Copy Permalink