代码参考aoe 
#define htons(x) (USHORT)((((x) << 8) & 0xff00) | (((x) >> 8) & 0xff)) #define ntohs(x) (USHORT)((((x) << 8) & 0xff00) | (((x) >> 8) & 0xff)) #define AOEPROTOCOLID 0x88a2 VOID ProtocolTransferDataComplete(IN NDIS_HANDLE ProtocolBindingContext, IN PNDIS_PACKET Packet, IN NDIS_STATUS Status, IN UINT BytesTransferred) { PNDIS_BUFFER Buffer; UINT HeaderSize, DataSize; PUCHAR Data = NULL; PEH_HEADER Header = NULL; //通过包描述符的NDIS_BUFFER链表的表头取得包的剩余部分的NDIS_BUFFER描述符, 见ProtocolReceive函数 NdisUnchainBufferAtFront(Packet, &Buffer); if (Buffer != NULL) { //得到包的剩余部分的内存地址和大小 NdisQueryBuffer(Buffer, &Data, &DataSize); NdisFreeBuffer(Buffer); } else { DBGPRINT(("ProtocolTransferDataComplete Data (front) Buffer == NULL\\n")); } //通过包描述符的NDIS_BUFFER链表的表尾取得包的剩余部分的NDIS_BUFFER描述符, 见ProtocolReceive函数 NdisUnchainBufferAtBack(Packet, &Buffer); if (Buffer != NULL) { ////得到包头的内存地址和大小 NdisQueryBuffer(Buffer, &Header, &HeaderSize); NdisFreeBuffer(Buffer); } else { DBGPRINT(("ProtocolTransferDataComplete Header (back) Buffer == NULL\\n")); } if (Header != NULL && Data != NULL) { DBGPRINT(("完整包大小为%d", HeaderSize + DataSize)); } //AoEReply(Header->SourceMac, Header->DestinationMac, Data, DataSize); if (Header != NULL) ExFreePool(Header); if (Data != NULL) ExFreePool(Data); NdisFreePacket(Packet); } NDIS_STATUS ProtocolReceive(IN NDIS_HANDLE ProtocolBindingContext, IN NDIS_HANDLE MacReceiveContext, IN PVOID HeaderBuffer, IN UINT HeaderBufferSize, IN PVOID LookAheadBuffer, IN UINT LookaheadBufferSize, IN UINT PacketSize) { PADAPTER Context = (PADAPTER)ProtocolBindingContext; NDIS_STATUS Status; PNDIS_PACKET Packet; PNDIS_BUFFER Buffer; PEH_HEADER Header; PUCHAR HeaderCopy, Data; UINT BytesTransferred; DBGPRINT(("ProtocolReceive\\n")); if (HeaderBufferSize != sizeof(ETH_HEADER)) { DbgPrint("ProtocolReceive HeaderBufferSize %d != sizeof(HEADER) %d\\n"); return NDIS_STATUS_NOT_ACCEPTED; } Header = (PEH_HEADER)HeaderBuffer; /* if (ntohs(Header->EthType) != AOEPROTOCOLID) return NDIS_STATUS_NOT_ACCEPTED; */ if (LookaheadBufferSize == PacketSize) { //AoEReply(Header->SourceMac, Header->DestinationMac, LookAheadBuffer, PacketSize); return NDIS_STATUS_SUCCESS; } //不完整的包 DBGPRINT(("不完整的包")); //分配内存把包头保存包头 if ((HeaderCopy = (PUCHAR)ExAllocatePool(NonPagedPool, HeaderBufferSize)) == NULL) { DbgPrint("ProtocolReceive ExAllocatePool HeaderCopy\\n"); return NDIS_STATUS_NOT_ACCEPTED; } RtlCopyMemory(HeaderCopy, HeaderBuffer, HeaderBufferSize); //分配内存保存包的剩余部分 if ((Data = (PUCHAR)ExAllocatePool(NonPagedPool, PacketSize)) == NULL) { DbgPrint("ProtocolReceive ExAllocatePool HeaderData\\n"); ExFreePool(HeaderCopy); return NDIS_STATUS_NOT_ACCEPTED; } //分配一个包描述符 NdisAllocatePacket(&Status, &Packet, Context->RecvPacketPoolHandle); if (!NT_SUCCESS(Status)) { DBGPRINT(("ProtocolReceive NdisAllocatePacket", Status)); ExFreePool(Data); ExFreePool(HeaderCopy); return NDIS_STATUS_NOT_ACCEPTED; } //分配一个NDIS_BUFFER描述符,关联内存Data NdisAllocateBuffer(&Status, &Buffer, Context->RecvBufferPool, Data, PacketSize); if (!NT_SUCCESS(Status)) { DBGPRINT(("ProtocolReceive NdisAllocateBuffer (Data)", Status)); NdisFreePacket(Packet); ExFreePool(Data); ExFreePool(HeaderCopy); return NDIS_STATUS_NOT_ACCEPTED; } //即将这个NDIS_BUFFER放到包描述符的NDIS_BUFFER链表的表头 NdisChainBufferAtFront(Packet, Buffer); //在分配一个NDIS_BUFFER描述符,关联内存HeaderCopy NdisAllocateBuffer(&Status, &Buffer, Context->RecvBufferPool, HeaderCopy, PacketSize); if (!NT_SUCCESS(Status)) { DBGPRINT(("ProtocolReceive NdisAllocateBuffer (HeaderCopy)", Status)); NdisUnchainBufferAtFront(Packet, &Buffer); NdisFreeBuffer(Buffer); NdisFreePacket(Packet); ExFreePool(Data); ExFreePool(HeaderCopy); return NDIS_STATUS_NOT_ACCEPTED; } //将描述包头的NDIS_BUFFER放到包描述符的NDIS_BUFFER链表的尾节点 NdisChainBufferAtBack(Packet, Buffer); NdisTransferData(&Status, Context->BindingHandle, MacReceiveContext, 0, PacketSize, Packet, &BytesTransferred); if (Status != NDIS_STATUS_PENDING) ProtocolTransferDataComplete(ProtocolBindingContext, Packet, Status, BytesTransferred); return Status; }