ProtocolReceivePacket這個函數花了不少時間研究,部分資料中提到這個函數可實作多包接收,但我認為它僅僅是可以接收完整資料包而已。理由有:
1.它的參數是PNDIS_PACKET,即單個資料包,而這個結構并沒有連結清單的特征。發送多個資料包的函數MiniportSendPackets,不僅函數名帶複數,參數也是PPNDIS_PACKET,明顯是一個資料包數組。從開發風格的同一性來看,ProtocolReceivePacket不太可能處理多包。
2.另一個函數ProtocolReceive并非接收單個資料包,參數是緩沖區位址,接收的是否單個資料包還需要在函數中進行判斷。相對來說,ProtocolReceivePacket處理完整的資料包,已經是提升了效率。
3.DDK幫助中有這麼2段話:
ProtocolReceivePacket processes receive indications made by underlying connectionless NIC driver(s) that call NdisMIndicateReceivePacket either with packet arrays because the underlying driver supports multipacket receive indications or with individual packets that have associated out-of-band information.
這段話咋一看好像是可以多包接收,但實際上所謂的“with packet arrays”是指NIC driver(s)調用NdisMIndicateReceivePacket時的參數,而NdisMIndicateReceivePacket的參數則是PPNDIS_PACKET,如同第1點所講的,帶有明顯的數組特征,有别于PNDIS_PACKET。
Packet
Specifies a pointer to a packet descriptor for the received net packet. NDIS extracted this pointer from an array of packet descriptor pointers that an underlying driver passed to NdisMIndicateReceivePacket.
結合之前那句話,這句話的意思應該是,Packet是NDIS從NdisMIndicateReceivePacket參數的packet數組中取出的某一個指針,而不是整個數組。
4.Passthru源代碼中的傳回值是0或1,而關于傳回值的解釋是,非0表示将調用NdisReturnPackets()的次數。
5.為此我還專門做過一個測試:在ProtocolReceivePacket中檢查Packet參數,過濾某個位址對本機的ICMP資料包,通過EtherPeek構造并以每次20個資料包的速度發送,發現所有資料包都通過ProtocolReceivePacket進行處理,并且所有該過濾的都過濾了。
![淺談---測試Native Windows Command與Native PowerShell Command哪個效率高[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)