Only get timesources that are needed

forkpool · Apr 13, 2023 · 1dc57fa · 1dc57fa
1 parent e0ddffb
commit 1dc57fa
Show file tree

Hide file tree

Showing 5 changed files with 91 additions and 15 deletions.
diff --git a/packetWin7/npf/npf/Openclos.c b/packetWin7/npf/npf/Openclos.c
@@ -626,6 +626,7 @@ NPF_StartUsingOpenInstance(
 				// Get the absolute value of the system boot time.
 				// This is used for timestamp conversion.
 				TIME_SYNCHRONIZE(&pOpen->start);
+				NPF_UpdateTimestampModeCounts(pOpen->pFiltMod, TIMESTAMPMODE_UNSET, pOpen->TimestampMode);
 
 				pOpen->OpenStatus = OpenRunning;
 			}
@@ -702,6 +703,10 @@ NPF_DemoteOpenStatus(
 
 	NT_ASSERT(NewState > OldState);
 	INFO_DBG("Open %p: %d -> %d\n", pOpen, OldState, NewState);
+	if (OldState >= OpenRunning)
+	{
+		NPF_UpdateTimestampModeCounts(pOpen->pFiltMod, pOpen->TimestampMode, TIMESTAMPMODE_UNSET);
+	}
 
 	return OldState;
 }
@@ -3335,3 +3340,48 @@ NDIS_STATUS NPF_DoInternalRequest(
 	TRACE_EXIT();
 	return Status;
 }
+
+	_Use_decl_annotations_
+VOID NPF_UpdateTimestampModeCounts(
+		PNPCAP_FILTER_MODULE pFiltMod,
+		ULONG newmode,
+		ULONG oldmode)
+{
+	if (pFiltMod == NULL || newmode == oldmode)
+		return;
+
+	switch (newmode)
+	{
+		case TIMESTAMPMODE_UNSET:
+			break;
+		case TIMESTAMPMODE_SINGLE_SYNCHRONIZATION:
+			InterlockedIncrement(&pFiltMod->nTimestampQPC);
+			break;
+		case TIMESTAMPMODE_QUERYSYSTEMTIME:
+			InterlockedIncrement(&pFiltMod->nTimestampQST);
+			break;
+		case TIMESTAMPMODE_QUERYSYSTEMTIME_PRECISE:
+			InterlockedIncrement(&pFiltMod->nTimestampQST_Precise);
+			break;
+		default:
+			NT_ASSERT(FALSE);
+			break;
+	}
+	switch (oldmode)
+	{
+		case TIMESTAMPMODE_UNSET:
+			break;
+		case TIMESTAMPMODE_SINGLE_SYNCHRONIZATION:
+			InterlockedDecrement(&pFiltMod->nTimestampQPC);
+			break;
+		case TIMESTAMPMODE_QUERYSYSTEMTIME:
+			InterlockedDecrement(&pFiltMod->nTimestampQST);
+			break;
+		case TIMESTAMPMODE_QUERYSYSTEMTIME_PRECISE:
+			InterlockedDecrement(&pFiltMod->nTimestampQST_Precise);
+			break;
+		default:
+			NT_ASSERT(FALSE);
+			break;
+	}
+}
diff --git a/packetWin7/npf/npf/Packet.c b/packetWin7/npf/npf/Packet.c
@@ -1814,7 +1814,7 @@ static NTSTATUS funcBIOCSTIMESTAMPMODE(_In_ POPEN_INSTANCE pOpen,
 	       _Out_ PULONG_PTR Info)
 {
 	static const ULONG uNeeded = sizeof(ULONG);
-	ULONG mode = 0;
+	ULONG mode = 0, oldmode = 0;
 
 	*Info = 0;
 	if (ulBufLen < uNeeded)
@@ -1835,8 +1835,13 @@ static NTSTATUS funcBIOCSTIMESTAMPMODE(_In_ POPEN_INSTANCE pOpen,
 		return STATUS_CANCELLED;
 	}
 
-	if (InterlockedExchange(&pOpen->TimestampMode, mode) != mode)
+	oldmode = InterlockedExchange(&pOpen->TimestampMode, mode);
+	if (oldmode != mode)
 	{
+		if (pOpen->OpenStatus >= OpenRunning)
+		{
+			NPF_UpdateTimestampModeCounts(pOpen->pFiltMod, mode, oldmode);
+		}
 		/* Reset buffer, since contents have differing timestamps */
 		NPF_ResetBufferContents(pOpen, TRUE);
 	}

diff --git a/packetWin7/npf/npf/Packet.h b/packetWin7/npf/npf/Packet.h
@@ -395,6 +395,10 @@ typedef struct _NPCAP_FILTER_MODULE
 	UINT HigherPacketFilterSet:1; // Have we correctly set HigherPacketFilter yet?
 	UINT Fragile:1; // Avoid OID set operations on these adapters
 
+	LONG nTimestampQPC; // Opens wanting TIMESTAMPMODE_SINGLE_SYNCHRONIZATION
+	LONG nTimestampQST; // Opens wanting TIMESTAMPMODE_QUERYSYSTEMTIME
+	LONG nTimestampQST_Precise; // Opens wanting TIMESTAMPMODE_QUERYSYSTEMTIME_PRECISE
+
 	ULONG SupportedPacketFilters;
 	ULONG					MyPacketFilter;
 	ULONG					HigherPacketFilter;
@@ -1272,6 +1276,11 @@ USHORT NPF_LookUpDataRateMappingTable(
 	       );
 #endif
 
+VOID NPF_UpdateTimestampModeCounts(
+		_Inout_opt_ PNPCAP_FILTER_MODULE pFiltMod,
+		_In_ ULONG newmode,
+		_In_ ULONG oldmode
+		);
 /**
  *  @}
  */

diff --git a/packetWin7/npf/npf/Read.c b/packetWin7/npf/npf/Read.c
@@ -403,10 +403,30 @@ NPF_DoTap(
 	NBLCopiesHead.Next = NULL;
 	PNPF_SRC_NB pSrcNB = NULL;
 	PSINGLE_LIST_ENTRY pNBCopiesEntry = NULL;
-	LARGE_INTEGER SystemTime, PerfCount;
+	LARGE_INTEGER SystemTime = { 0 }, PerfCount = { 0 };
+
+	/* Get relevant timestamps */
+	if (pFiltMod->nTimestampQPC == 0 && pFiltMod->nTimestampQST == 0 && pFiltMod->nTimestampQST_Precise == 0)
+	{
+		// No instances at OpenRunning
+		return;
+	}
+	// Any instances need performance counter?
+	if (pFiltMod->nTimestampQPC > 0)
+	{
+		PerfCount = KeQueryPerformanceCounter(NULL);
+	}
+	// Any instances need system time? All can use precise if any need it.
+	if (pFiltMod->nTimestampQST_Precise > 0)
+	{
+		BestQuerySystemTime(&SystemTime);
+	}
+	else if (pFiltMod->nTimestampQST > 0)
+	{
+		// If none need QST_Precise, we can make do with just QST
+		KeQuerySystemTime(&SystemTime);
+	}
 
-	// TODO: Keep track of which of these is needed and what precision
-	GET_TIMESTAMPS(&SystemTime, &PerfCount);
 	/* Lock the group */
 	// Read-only lock since list is not being modified.
 	NdisAcquireRWLockRead(pFiltMod->OpenInstancesLock, &lockState,

diff --git a/packetWin7/npf/npf/time_calls.h b/packetWin7/npf/npf/time_calls.h
@@ -114,6 +114,8 @@
 #define TIMESTAMPMODE_QUERYSYSTEMTIME_PRECISE 4
 #define /* DEPRECATED */ TIMESTAMPMODE_SYNCHRONIZATION_ON_CPU_NO_FIXUP 99
 
+#define TIMESTAMPMODE_UNSET ((ULONG) -1)
+
 extern LARGE_INTEGER TimeFreq;
 
 inline BOOLEAN NPF_TimestampModeSupported(_In_ ULONG mode)
@@ -256,14 +258,4 @@ inline void GET_TIME(
 	}
 }
 
-inline void GET_TIMESTAMPS(
-		_Out_opt_ PLARGE_INTEGER pSystemTime,
-		_Out_opt_ PLARGE_INTEGER pPerfCount)
-{
-	if (pSystemTime)
-		BestQuerySystemTime(pSystemTime);
-	if (pPerfCount)
-		*pPerfCount = KeQueryPerformanceCounter(NULL);
-}
-
 #endif /*_time_calls*/