[cmihail] 52189: [AFD] See issue r52186 in trunk for more details. - Ros-diffs

11 Jun 2011

Author: cmihail
Date: Sat Jun 11 13:24:33 2011
New Revision: 52189
URL: http://svn.reactos.org/svn/reactos?rev=52189&view=rev
Log:
[AFD]
See issue r52186 in trunk for more details.
Modified:
    branches/GSoC_2011/TcpIpDriver/drivers/network/afd/afd/connect.c
    branches/GSoC_2011/TcpIpDriver/drivers/network/afd/afd/context.c
    branches/GSoC_2011/TcpIpDriver/drivers/network/afd/afd/info.c
    branches/GSoC_2011/TcpIpDriver/drivers/network/afd/afd/listen.c
    branches/GSoC_2011/TcpIpDriver/drivers/network/afd/afd/lock.c
    branches/GSoC_2011/TcpIpDriver/drivers/network/afd/afd/main.c
    branches/GSoC_2011/TcpIpDriver/drivers/network/afd/afd/read.c
    branches/GSoC_2011/TcpIpDriver/drivers/network/afd/afd/tdi.c
    branches/GSoC_2011/TcpIpDriver/drivers/network/afd/afd/write.c
    branches/GSoC_2011/TcpIpDriver/drivers/network/afd/include/afd.h
    branches/GSoC_2011/TcpIpDriver/drivers/network/tcpip/tcpip/fileobjs.c
    branches/GSoC_2011/TcpIpDriver/lib/drivers/ip/transport/tcp/event.c
Modified: branches/GSoC_2011/TcpIpDriver/drivers/network/afd/afd/connect.c
URL: http://svn.reactos.org/svn/reactos/branches/GSoC_2011/TcpIpDriver/drivers/ne...
==============================================================================

--- branches/GSoC_2011/TcpIpDriver/drivers/network/afd/afd/connect.c [iso-8859-1] (original)
+++ branches/GSoC_2011/TcpIpDriver/drivers/network/afd/afd/connect.c [iso-8859-1] Sat Jun 11 13:24:33 2011
@@ -43,10 +43,13 @@
 {
     PFILE_OBJECT FileObject = IrpSp->FileObject;
     PAFD_FCB FCB = FileObject->FsContext;
-    PVOID ConnectOptions = IrpSp->Parameters.DeviceIoControl.Type3InputBuffer;
+    PVOID ConnectOptions = LockRequest(Irp, IrpSp);
     UINT ConnectOptionsSize = IrpSp->Parameters.DeviceIoControl.InputBufferLength;
if (!SocketAcquireStateLock(FCB)) return LostSocket(Irp);
+    
+    if (!ConnectOptions)
+        return UnlockAndMaybeComplete(FCB, STATUS_NO_MEMORY, Irp, 0);
if (FCB->ConnectOptions)
     {
@@ -75,10 +78,13 @@
 {
     PFILE_OBJECT FileObject = IrpSp->FileObject;
     PAFD_FCB FCB = FileObject->FsContext;
-    PUINT ConnectOptionsSize = IrpSp->Parameters.DeviceIoControl.Type3InputBuffer;
+    PUINT ConnectOptionsSize = LockRequest(Irp, IrpSp);
     UINT BufferSize = IrpSp->Parameters.DeviceIoControl.InputBufferLength;
if (!SocketAcquireStateLock(FCB)) return LostSocket(Irp);
+    
+    if (!ConnectOptionsSize)
+        return UnlockAndMaybeComplete(FCB, STATUS_NO_MEMORY, Irp, 0);
if (BufferSize < sizeof(UINT))
         return UnlockAndMaybeComplete(FCB, STATUS_BUFFER_TOO_SMALL, Irp, 0);
@@ -129,10 +135,13 @@
 {
     PFILE_OBJECT FileObject = IrpSp->FileObject;
     PAFD_FCB FCB = FileObject->FsContext;
-    PVOID ConnectData = IrpSp->Parameters.DeviceIoControl.Type3InputBuffer;
+    PVOID ConnectData = LockRequest(Irp, IrpSp);
     UINT ConnectDataSize = IrpSp->Parameters.DeviceIoControl.InputBufferLength;
if (!SocketAcquireStateLock(FCB)) return LostSocket(Irp);
+    
+    if (!ConnectData)
+        return UnlockAndMaybeComplete(FCB, STATUS_NO_MEMORY, Irp, 0);
if (FCB->ConnectData)
     {
@@ -161,11 +170,14 @@
 {
     PFILE_OBJECT FileObject = IrpSp->FileObject;
     PAFD_FCB FCB = FileObject->FsContext;
-    PUINT ConnectDataSize = IrpSp->Parameters.DeviceIoControl.Type3InputBuffer;
+    PUINT ConnectDataSize = LockRequest(Irp, IrpSp);
     UINT BufferSize = IrpSp->Parameters.DeviceIoControl.InputBufferLength;
if (!SocketAcquireStateLock(FCB)) return LostSocket(Irp);
+    if (!ConnectDataSize)
+        return UnlockAndMaybeComplete(FCB, STATUS_NO_MEMORY, Irp, 0);
+    
     if (BufferSize < sizeof(UINT))
         return UnlockAndMaybeComplete(FCB, STATUS_BUFFER_TOO_SMALL, Irp, 0);
@@ -280,6 +292,7 @@
     AFD_DbgPrint(MID_TRACE,("Irp->IoStatus.Status = %x\n",
    		    Irp->IoStatus.Status));
+    ASSERT(FCB->ConnectIrp.InFlightRequest == Irp);
     FCB->ConnectIrp.InFlightRequest = NULL;
if( FCB->State == SOCKET_STATE_CLOSED )
Modified: branches/GSoC_2011/TcpIpDriver/drivers/network/afd/afd/context.c
URL: http://svn.reactos.org/svn/reactos/branches/GSoC_2011/TcpIpDriver/drivers/ne...
==============================================================================
--- branches/GSoC_2011/TcpIpDriver/drivers/network/afd/afd/context.c [iso-8859-1] (original)
+++ branches/GSoC_2011/TcpIpDriver/drivers/network/afd/afd/context.c [iso-8859-1] Sat Jun 11 13:24:33 2011
@@ -54,14 +54,18 @@
return UnlockAndMaybeComplete(FCB, STATUS_SUCCESS, Irp, sizeof(ULONG));
 }
-        
+
 NTSTATUS NTAPI
 AfdSetContext( PDEVICE_OBJECT DeviceObject, PIRP Irp,
           PIO_STACK_LOCATION IrpSp ) {
     PFILE_OBJECT FileObject = IrpSp->FileObject;
     PAFD_FCB FCB = FileObject->FsContext;
+    PVOID Context = LockRequest(Irp, IrpSp);
if( !SocketAcquireStateLock( FCB ) ) return LostSocket( Irp );
+    
+    if (!Context)
+        return UnlockAndMaybeComplete(FCB, STATUS_NO_MEMORY, Irp, 0);
if( FCB->Context ) {
    ExFreePool( FCB->Context );
@@ -76,7 +80,7 @@
     FCB->ContextSize = IrpSp->Parameters.DeviceIoControl.InputBufferLength;
RtlCopyMemory( FCB->Context,
-		   IrpSp->Parameters.DeviceIoControl.Type3InputBuffer,
+		   Context,
    	   FCB->ContextSize );
return UnlockAndMaybeComplete( FCB, STATUS_SUCCESS, Irp, 0 );
Modified: branches/GSoC_2011/TcpIpDriver/drivers/network/afd/afd/info.c
URL: http://svn.reactos.org/svn/reactos/branches/GSoC_2011/TcpIpDriver/drivers/ne...
==============================================================================
--- branches/GSoC_2011/TcpIpDriver/drivers/network/afd/afd/info.c [iso-8859-1] (original)
+++ branches/GSoC_2011/TcpIpDriver/drivers/network/afd/afd/info.c [iso-8859-1] Sat Jun 11 13:24:33 2011
@@ -17,7 +17,7 @@
 AfdGetInfo( PDEVICE_OBJECT DeviceObject, PIRP Irp,
        PIO_STACK_LOCATION IrpSp ) {
     NTSTATUS Status = STATUS_SUCCESS;
-    PAFD_INFO InfoReq = IrpSp->Parameters.DeviceIoControl.Type3InputBuffer;
+    PAFD_INFO InfoReq = LockRequest(Irp, IrpSp);
     PFILE_OBJECT FileObject = IrpSp->FileObject;
     PAFD_FCB FCB = FileObject->FsContext;
     PLIST_ENTRY CurrentEntry;
@@ -26,6 +26,9 @@
    		    InfoReq ? InfoReq->InformationClass : 0));
if( !SocketAcquireStateLock( FCB ) ) return LostSocket( Irp );
+    
+    if (!InfoReq)
+        return UnlockAndMaybeComplete(FCB, STATUS_NO_MEMORY, Irp, 0);
_SEH2_TRY {
    switch( InfoReq->InformationClass ) {
@@ -67,10 +70,6 @@
             CurrentEntry = CurrentEntry->Flink;
        }
-	    /* Count the send in progress */
-	    if (FCB->SendIrp.InFlightRequest)
-	        InfoReq->Information.Ulong++;
-
             break;
default:
@@ -93,11 +92,14 @@
 AfdSetInfo( PDEVICE_OBJECT DeviceObject, PIRP Irp,
             PIO_STACK_LOCATION IrpSp ) {
     NTSTATUS Status = STATUS_SUCCESS;
-    PAFD_INFO InfoReq = IrpSp->Parameters.DeviceIoControl.Type3InputBuffer;
+    PAFD_INFO InfoReq = LockRequest(Irp, IrpSp);
     PFILE_OBJECT FileObject = IrpSp->FileObject;
     PAFD_FCB FCB = FileObject->FsContext;
if (!SocketAcquireStateLock(FCB)) return LostSocket(Irp);
+    
+    if (!InfoReq)
+        return UnlockAndMaybeComplete(FCB, STATUS_NO_MEMORY, Irp, 0);
_SEH2_TRY {
       switch (InfoReq->InformationClass) {
Modified: branches/GSoC_2011/TcpIpDriver/drivers/network/afd/afd/listen.c
URL: http://svn.reactos.org/svn/reactos/branches/GSoC_2011/TcpIpDriver/drivers/ne...
==============================================================================
--- branches/GSoC_2011/TcpIpDriver/drivers/network/afd/afd/listen.c [iso-8859-1] (original)
+++ branches/GSoC_2011/TcpIpDriver/drivers/network/afd/afd/listen.c [iso-8859-1] Sat Jun 11 13:24:33 2011
@@ -122,9 +122,8 @@
     if ( !SocketAcquireStateLock( FCB ) )
         return STATUS_FILE_CLOSED;
+    ASSERT(FCB->ListenIrp.InFlightRequest == Irp);
     FCB->ListenIrp.InFlightRequest = NULL;
-
-    DbgPrint("[AFD, ListenComplete] FCB->State = 0x%x (should be 0x%x)\n", FCB->State, SOCKET_STATE_CLOSED);
if ( FCB->State == SOCKET_STATE_CLOSED )
     {
@@ -169,7 +168,7 @@
     DbgPrint("[AFD, ListenComplete] Completing listen request.\n");
     DbgPrint("[AFD, ListenComplete] IoStatus was %x\n", FCB->ListenIrp.Iosb.Status);
-    Qelt = ExAllocatePool( NonPagedPool, sizeof(*Qelt) );
+    Qelt = ExAllocatePool( NonPagedPool, sizeof(AFD_TDI_OBJECT_QELT) );//sizeof(*Qelt) );
     if( !Qelt )
     {
        Status = STATUS_NO_MEMORY;
Modified: branches/GSoC_2011/TcpIpDriver/drivers/network/afd/afd/lock.c
URL: http://svn.reactos.org/svn/reactos/branches/GSoC_2011/TcpIpDriver/drivers/ne...
==============================================================================
--- branches/GSoC_2011/TcpIpDriver/drivers/network/afd/afd/lock.c [iso-8859-1] (original)
+++ branches/GSoC_2011/TcpIpDriver/drivers/network/afd/afd/lock.c [iso-8859-1] Sat Jun 11 13:24:33 2011
@@ -13,49 +13,85 @@
 #include "debug.h"
 #include "pseh/pseh2.h"
+PVOID GetLockedData(PIRP Irp, PIO_STACK_LOCATION IrpSp)
+{
+    ASSERT(Irp->MdlAddress);
+    
+    return MmGetSystemAddressForMdlSafe(Irp->MdlAddress, NormalPagePriority);
+}
+
 /* Lock a method_neither request so it'll be available from DISPATCH_LEVEL */
 PVOID LockRequest( PIRP Irp, PIO_STACK_LOCATION IrpSp ) {
     BOOLEAN LockFailed = FALSE;
-
-    ASSERT(IrpSp->Parameters.DeviceIoControl.Type3InputBuffer);
-    ASSERT(IrpSp->Parameters.DeviceIoControl.InputBufferLength);
+    
     ASSERT(!Irp->MdlAddress);
-
-    Irp->MdlAddress =
-	IoAllocateMdl( IrpSp->Parameters.DeviceIoControl.Type3InputBuffer,
-		       IrpSp->Parameters.DeviceIoControl.InputBufferLength,
-		       FALSE,
-		       FALSE,
-		       NULL );
-    if( Irp->MdlAddress ) {
-	_SEH2_TRY {
-	    MmProbeAndLockPages( Irp->MdlAddress, Irp->RequestorMode, IoModifyAccess );
-	} _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) {
-	    LockFailed = TRUE;
-	} _SEH2_END;
-
-	if( LockFailed ) {
-	    IoFreeMdl( Irp->MdlAddress );
-	    Irp->MdlAddress = NULL;
-	    return NULL;
-	}
-
-	IrpSp->Parameters.DeviceIoControl.Type3InputBuffer =
-	    MmGetSystemAddressForMdlSafe( Irp->MdlAddress, NormalPagePriority );
-
-	if( !IrpSp->Parameters.DeviceIoControl.Type3InputBuffer ) {
-            MmUnlockPages( Irp->MdlAddress );
-	    IoFreeMdl( Irp->MdlAddress );
-	    Irp->MdlAddress = NULL;
-	    return NULL;
-	}
-
-	return IrpSp->Parameters.DeviceIoControl.Type3InputBuffer;
-    } else return NULL;
+    
+    switch (IrpSp->MajorFunction)
+    {
+        case IRP_MJ_DEVICE_CONTROL:
+        case IRP_MJ_INTERNAL_DEVICE_CONTROL:
+            ASSERT(IrpSp->Parameters.DeviceIoControl.Type3InputBuffer);
+            ASSERT(IrpSp->Parameters.DeviceIoControl.InputBufferLength);
+
+            
+            Irp->MdlAddress =
+            IoAllocateMdl( IrpSp->Parameters.DeviceIoControl.Type3InputBuffer,
+                          IrpSp->Parameters.DeviceIoControl.InputBufferLength,
+                          FALSE,
+                          FALSE,
+                          NULL );
+            if( Irp->MdlAddress ) {
+                _SEH2_TRY {
+                    MmProbeAndLockPages( Irp->MdlAddress, Irp->RequestorMode, IoModifyAccess );
+                } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) {
+                    LockFailed = TRUE;
+                } _SEH2_END;
+                
+                if( LockFailed ) {
+                    IoFreeMdl( Irp->MdlAddress );
+                    Irp->MdlAddress = NULL;
+                    return NULL;
+                }
+            } else return NULL;
+            break;
+            
+        case IRP_MJ_READ:
+        case IRP_MJ_WRITE:
+            ASSERT(Irp->UserBuffer);
+            
+            Irp->MdlAddress =
+            IoAllocateMdl(Irp->UserBuffer,
+                          (IrpSp->MajorFunction == IRP_MJ_READ) ?
+                                IrpSp->Parameters.Read.Length : IrpSp->Parameters.Write.Length,
+                          FALSE,
+                          FALSE,
+                          NULL );
+            if( Irp->MdlAddress ) {
+                _SEH2_TRY {
+                    MmProbeAndLockPages( Irp->MdlAddress, Irp->RequestorMode, IoModifyAccess );
+                } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) {
+                    LockFailed = TRUE;
+                } _SEH2_END;
+                
+                if( LockFailed ) {
+                    IoFreeMdl( Irp->MdlAddress );
+                    Irp->MdlAddress = NULL;
+                    return NULL;
+                }
+            } else return NULL;
+            break;
+            
+        default:
+            ASSERT(FALSE);
+            return NULL;
+    }
+    
+    return GetLockedData(Irp, IrpSp);
 }
VOID UnlockRequest( PIRP Irp, PIO_STACK_LOCATION IrpSp )
 {
+    ASSERT(Irp->MdlAddress);
     MmUnlockPages( Irp->MdlAddress );
     IoFreeMdl( Irp->MdlAddress );
     Irp->MdlAddress = NULL;
@@ -123,7 +159,7 @@
    	AFD_DbgPrint(MID_TRACE,("Probe and lock pages\n"));
    	_SEH2_TRY {
    	    MmProbeAndLockPages( MapBuf[i].Mdl, KernelMode,
-				         Write ? IoReadAccess : IoModifyAccess  );
+				         Write ? IoModifyAccess : IoReadAccess );
    	} _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) {
    	    LockFailed = TRUE;
    	} _SEH2_END;
Modified: branches/GSoC_2011/TcpIpDriver/drivers/network/afd/afd/main.c
URL: http://svn.reactos.org/svn/reactos/branches/GSoC_2011/TcpIpDriver/drivers/ne...
==============================================================================
--- branches/GSoC_2011/TcpIpDriver/drivers/network/afd/afd/main.c [iso-8859-1] (original)
+++ branches/GSoC_2011/TcpIpDriver/drivers/network/afd/afd/main.c [iso-8859-1] Sat Jun 11 13:24:33 2011
@@ -76,10 +76,13 @@
 {
     PFILE_OBJECT FileObject = IrpSp->FileObject;
     PAFD_FCB FCB = FileObject->FsContext;
-    PVOID DisconnectOptions = IrpSp->Parameters.DeviceIoControl.Type3InputBuffer;
+    PVOID DisconnectOptions = LockRequest(Irp, IrpSp);
     UINT DisconnectOptionsSize = IrpSp->Parameters.DeviceIoControl.InputBufferLength;
if (!SocketAcquireStateLock(FCB)) return LostSocket(Irp);
+    
+    if (!DisconnectOptions)
+        return UnlockAndMaybeComplete(FCB, STATUS_NO_MEMORY, Irp, 0);
if (FCB->DisconnectOptions)
     {
@@ -108,10 +111,13 @@
 {
     PFILE_OBJECT FileObject = IrpSp->FileObject;
     PAFD_FCB FCB = FileObject->FsContext;
-    PUINT DisconnectOptionsSize = IrpSp->Parameters.DeviceIoControl.Type3InputBuffer;
+    PUINT DisconnectOptionsSize = LockRequest(Irp, IrpSp);
     UINT BufferSize = IrpSp->Parameters.DeviceIoControl.InputBufferLength;
if (!SocketAcquireStateLock(FCB)) return LostSocket(Irp);
+    
+    if (!DisconnectOptionsSize)
+        return UnlockAndMaybeComplete(FCB, STATUS_NO_MEMORY, Irp, 0);
if (BufferSize < sizeof(UINT))
         return UnlockAndMaybeComplete(FCB, STATUS_BUFFER_TOO_SMALL, Irp, 0);
@@ -162,10 +168,13 @@
 {
     PFILE_OBJECT FileObject = IrpSp->FileObject;
     PAFD_FCB FCB = FileObject->FsContext;
-    PVOID DisconnectData = IrpSp->Parameters.DeviceIoControl.Type3InputBuffer;
+    PVOID DisconnectData = LockRequest(Irp, IrpSp);
     UINT DisconnectDataSize = IrpSp->Parameters.DeviceIoControl.InputBufferLength;
if (!SocketAcquireStateLock(FCB)) return LostSocket(Irp);
+    
+    if (!DisconnectData)
+        return UnlockAndMaybeComplete(FCB, STATUS_NO_MEMORY, Irp, 0);
if (FCB->DisconnectData)
     {
@@ -194,10 +203,13 @@
 {
     PFILE_OBJECT FileObject = IrpSp->FileObject;
     PAFD_FCB FCB = FileObject->FsContext;
-    PUINT DisconnectDataSize = IrpSp->Parameters.DeviceIoControl.Type3InputBuffer;
+    PUINT DisconnectDataSize = LockRequest(Irp, IrpSp);
     UINT BufferSize = IrpSp->Parameters.DeviceIoControl.InputBufferLength;
if (!SocketAcquireStateLock(FCB)) return LostSocket(Irp);
+    
+    if (!DisconnectDataSize)
+        return UnlockAndMaybeComplete(FCB, STATUS_NO_MEMORY, Irp, 0);
if (BufferSize < sizeof(UINT))
         return UnlockAndMaybeComplete(FCB, STATUS_BUFFER_TOO_SMALL, Irp, 0);
@@ -223,10 +235,13 @@
 {
     PFILE_OBJECT FileObject = IrpSp->FileObject;
     PAFD_FCB FCB = FileObject->FsContext;
-    PULONG HandleFlags = IrpSp->Parameters.DeviceIoControl.Type3InputBuffer;
+    PULONG HandleFlags = LockRequest(Irp, IrpSp);
     PAFD_TDI_HANDLE_DATA HandleData = Irp->UserBuffer;
if (!SocketAcquireStateLock(FCB)) return LostSocket(Irp);
+    
+    if (!HandleFlags)
+        return UnlockAndMaybeComplete(FCB, STATUS_NO_MEMORY, Irp, 0);
if (IrpSp->Parameters.DeviceIoControl.InputBufferLength < sizeof(ULONG) ||
         IrpSp->Parameters.DeviceIoControl.OutputBufferLength < sizeof(*HandleData))
@@ -368,7 +383,7 @@
     Irp->IoStatus.Status = Status;
     IoCompleteRequest( Irp, IO_NETWORK_INCREMENT );
-    DbgPrint("[AFD, AfdCreate] Leaving. Status = 0x%x\n");
+    DbgPrint("[AFD, AfdCreate] Leaving. Status = 0x%x\n", Status);
return Status;
 }
@@ -442,6 +457,7 @@
     InFlightRequest[2] = &FCB->SendIrp;
     InFlightRequest[3] = &FCB->ConnectIrp;
+    DbgPrint("[AFD, AfdCloseSocket] Canceling in flight requests (AFD -> tcpip)\n");
     /* Cancel our pending _In Flight_ IRPs
        That is IRPs from AFD -> tcpip*/
     for( i = 0; i < IN_FLIGHT_REQUESTS; i++ )
@@ -461,6 +477,8 @@
     ASSERT(IsListEmpty(&FCB->PendingIrpList[FUNCTION_RECV]));
     ASSERT(IsListEmpty(&FCB->PendingIrpList[FUNCTION_PREACCEPT]));
+    DbgPrint("[AFD, AfdCloseSocket] Closing all pending connections\n");
+
     while (!IsListEmpty(&FCB->PendingConnections))
     {
         QeltEntry = RemoveHeadList(&FCB->PendingConnections);
@@ -474,6 +492,8 @@
         ExFreePool(Qelt);
     }
+    DbgPrint("[AFD, AfdCloseSocket] Doing final cleanups\n");
+
     SocketStateUnlock( FCB );
if( FCB->EventSelect )
@@ -520,6 +540,8 @@
if( FCB->AddressFile.Object )
        ObDereferenceObject(FCB->AddressFile.Object);
+
+    DbgPrint("[AFD, AfdCloseSocket] Closing FCB->AddressFile.Handle\n");
if( FCB->AddressFile.Handle != INVALID_HANDLE_VALUE )
     {
@@ -527,7 +549,10 @@
         {
             DbgPrint("[AFD, AfdCloseSocket] INVALID ADDRESS FILE HANDLE VALUE: %x %x\n", FCB->AddressFile.Handle, FCB->AddressFile.Object);
         }
-    }
+        FCB->AddressFile.Handle = NULL;
+    }
+
+    DbgPrint("[AFD, AfdCloseSocket] Closing FCB->Connection.Handle\n");
if( FCB->Connection.Handle != INVALID_HANDLE_VALUE )
     {
@@ -535,10 +560,15 @@
         {
             DbgPrint("[AFD, AfdCloseSocket] INVALID CONNECTION HANDLE VALUE: %x %x\n", FCB->Connection.Handle, FCB->Connection.Object);
         }
-    }
+        FCB->Connection.Handle = NULL;
+    }
+
+    DbgPrint("[AFD, AfdCloseSocket] Freeing FCB->TdiDeviceName.Buffer\n");
if( FCB->TdiDeviceName.Buffer )
        ExFreePool(FCB->TdiDeviceName.Buffer);
+
+    DbgPrint("[AFD, AfdCloseSocket] Freeing FCB\n");
ExFreePool(FCB);
@@ -569,6 +599,12 @@
     if( !(DisReq = LockRequest( Irp, IrpSp )) )
    return UnlockAndMaybeComplete( FCB, STATUS_NO_MEMORY,
    			       Irp, 0 );
+    
+    if( DisReq->DisconnectType & AFD_DISCONNECT_SEND )
+	    Flags |= TDI_DISCONNECT_RELEASE;
+    if( DisReq->DisconnectType & AFD_DISCONNECT_RECV ||
+       DisReq->DisconnectType & AFD_DISCONNECT_ABORT )
+	    Flags |= TDI_DISCONNECT_ABORT;
if (!(FCB->Flags & AFD_ENDPOINT_CONNECTIONLESS))
     {
@@ -584,12 +620,6 @@
         if( !NT_SUCCESS(Status) )
        return UnlockAndMaybeComplete( FCB, Status,
    			           Irp, 0 );
-
-        if( DisReq->DisconnectType & AFD_DISCONNECT_SEND )
-	    Flags |= TDI_DISCONNECT_RELEASE;
-        if( DisReq->DisconnectType & AFD_DISCONNECT_RECV ||
-	    DisReq->DisconnectType & AFD_DISCONNECT_ABORT )
-	    Flags |= TDI_DISCONNECT_ABORT;
FCB->ConnectInfo->UserData = FCB->DisconnectData;
         FCB->ConnectInfo->UserDataLength = FCB->DisconnectDataSize;
@@ -626,12 +656,25 @@
ExFreePool( ConnectionReturnInfo );
-        FCB->PollState |= AFD_EVENT_DISCONNECT;
+        if (Flags & TDI_DISCONNECT_RELEASE)
+            FCB->PollState |= AFD_EVENT_DISCONNECT;
+        else
+            FCB->PollState |= AFD_EVENT_ABORT;
         FCB->PollStatus[FD_CLOSE_BIT] = STATUS_SUCCESS;
         PollReeval( FCB->DeviceExt, FCB->FileObject );
     }
     else
-        Status = STATUS_INVALID_PARAMETER;
+    {
+        if (!(Flags & TDI_DISCONNECT_RELEASE))
+        {
+            if (!FCB->RemoteAddress)
+                return UnlockAndMaybeComplete(FCB, STATUS_INVALID_PARAMETER, Irp, 0);
+        
+            ExFreePool(FCB->RemoteAddress);
+        
+            FCB->RemoteAddress = NULL;
+        }
+    }
return UnlockAndMaybeComplete( FCB, Status, Irp, 0 );
 }
@@ -820,7 +863,7 @@
 }
VOID
-CleanupPendingIrp(PIRP Irp, PIO_STACK_LOCATION IrpSp, PAFD_ACTIVE_POLL Poll)
+CleanupPendingIrp(PAFD_FCB FCB, PIRP Irp, PIO_STACK_LOCATION IrpSp, PAFD_ACTIVE_POLL Poll)
 {
     PAFD_RECV_INFO RecvReq;
     PAFD_SEND_INFO SendReq;
@@ -829,13 +872,14 @@
     if (IrpSp->Parameters.DeviceIoControl.IoControlCode == IOCTL_AFD_RECV ||
         IrpSp->MajorFunction == IRP_MJ_READ)
     {
-        RecvReq = IrpSp->Parameters.DeviceIoControl.Type3InputBuffer;
+        RecvReq = GetLockedData(Irp, IrpSp);
         UnlockBuffers(RecvReq->BufferArray, RecvReq->BufferCount, FALSE);
     }
-    else if (IrpSp->Parameters.DeviceIoControl.IoControlCode == IOCTL_AFD_SEND ||
-             IrpSp->MajorFunction == IRP_MJ_WRITE)
-    {
-        SendReq = IrpSp->Parameters.DeviceIoControl.Type3InputBuffer;
+    else if ((IrpSp->Parameters.DeviceIoControl.IoControlCode == IOCTL_AFD_SEND ||
+              IrpSp->MajorFunction == IRP_MJ_WRITE) &&
+             !(FCB->Flags & AFD_ENDPOINT_CONNECTIONLESS))
+    {
+        SendReq = GetLockedData(Irp, IrpSp);
         UnlockBuffers(SendReq->BufferArray, SendReq->BufferCount, FALSE);
     }
     else if (IrpSp->Parameters.DeviceIoControl.IoControlCode == IOCTL_AFD_SELECT)
@@ -915,7 +959,7 @@
if (Irp == Poll->Irp)
             {
-                CleanupPendingIrp(Irp, IrpSp, Poll);
+                CleanupPendingIrp(FCB, Irp, IrpSp, Poll);
                 KeReleaseSpinLock(&DeviceExt->Lock, OldIrql);
                 SocketStateUnlock(FCB);
                 return;
@@ -947,7 +991,7 @@
         if (CurrentIrp == Irp)
         {
             RemoveEntryList(CurrentEntry);
-            CleanupPendingIrp(Irp, IrpSp, NULL);
+            CleanupPendingIrp(FCB, Irp, IrpSp, NULL);
             UnlockAndMaybeComplete(FCB, STATUS_CANCELLED, Irp, 0);
             return;
         }
Modified: branches/GSoC_2011/TcpIpDriver/drivers/network/afd/afd/read.c
URL: http://svn.reactos.org/svn/reactos/branches/GSoC_2011/TcpIpDriver/drivers/ne...
==============================================================================
--- branches/GSoC_2011/TcpIpDriver/drivers/network/afd/afd/read.c [iso-8859-1] (original)
+++ branches/GSoC_2011/TcpIpDriver/drivers/network/afd/afd/read.c [iso-8859-1] Sat Jun 11 13:24:33 2011
@@ -32,7 +32,7 @@
       ( !NT_SUCCESS( Status ) ) )
    {
    	/* The socket has been closed */
-		FCB->PollState |= AFD_EVENT_DISCONNECT;
+		FCB->PollState |= AFD_EVENT_CLOSE;
    	FCB->PollStatus[FD_CLOSE_BIT] = Status;
    	
    	PollReeval( FCB->DeviceExt, FCB->FileObject );
@@ -43,7 +43,7 @@
     UINT BytesAvailable = FCB->Recv.Content - FCB->Recv.BytesUsed;
    
     return !BytesAvailable &&
-	(FCB->PollState & (AFD_EVENT_CLOSE | AFD_EVENT_DISCONNECT));
+	(FCB->PollState & (AFD_EVENT_CLOSE | AFD_EVENT_ABORT));
 }
static VOID RefillSocketBuffer( PAFD_FCB FCB ) {
@@ -60,20 +60,10 @@
    						 &FCB->ReceiveIrp.Iosb,
    						 ReceiveComplete,
    						 FCB );
-
-        if( Status == STATUS_SUCCESS && FCB->ReceiveIrp.Iosb.Information )
+        if (Status != STATUS_PENDING)
         {
-            FCB->Recv.Content = FCB->ReceiveIrp.Iosb.Information;
-            FCB->PollState |= AFD_EVENT_RECEIVE;
-            FCB->PollStatus[FD_READ_BIT] = STATUS_SUCCESS;
-			
-			PollReeval( FCB->DeviceExt, FCB->FileObject );
+            HandleEOFOnIrp(FCB, Status, FCB->ReceiveIrp.Iosb.Information);
         }
-		else
-		{
-			/* Check for EOF */
-			HandleEOFOnIrp(FCB, Status, FCB->ReceiveIrp.Iosb.Information);
-		}
    }
 }
@@ -166,7 +156,7 @@
             NextIrp =
    		CONTAINING_RECORD(NextIrpEntry, IRP, Tail.Overlay.ListEntry);
             NextIrpSp = IoGetCurrentIrpStackLocation( NextIrp );
-            RecvReq = NextIrpSp->Parameters.DeviceIoControl.Type3InputBuffer;
+            RecvReq = GetLockedData(NextIrp, NextIrpSp);
    		
             AFD_DbgPrint(MID_TRACE,("Completing recv %x (%d)\n", NextIrp,
                                     TotalBytesCopied));
@@ -196,7 +186,7 @@
    		NextIrp =
    		CONTAINING_RECORD(NextIrpEntry, IRP, Tail.Overlay.ListEntry);
    		NextIrpSp = IoGetCurrentIrpStackLocation( NextIrp );
-			RecvReq = NextIrpSp->Parameters.DeviceIoControl.Type3InputBuffer;
+			RecvReq = GetLockedData(NextIrp, NextIrpSp);
    		
    		AFD_DbgPrint(MID_TRACE,("RecvReq @ %x\n", RecvReq));
    		
@@ -226,7 +216,7 @@
    	}
     }
-    if( FCB->Recv.Content ) {
+    if( FCB->Recv.Content - FCB->Recv.BytesUsed ) {
    	FCB->PollState |= AFD_EVENT_RECEIVE;
         FCB->PollStatus[FD_READ_BIT] = STATUS_SUCCESS;
         PollReeval( FCB->DeviceExt, FCB->FileObject );
@@ -259,6 +249,7 @@
     if( !SocketAcquireStateLock( FCB ) )
         return STATUS_FILE_CLOSED;
+    ASSERT(FCB->ReceiveIrp.InFlightRequest == Irp);
     FCB->ReceiveIrp.InFlightRequest = NULL;
FCB->Recv.Content = Irp->IoStatus.Information;
@@ -271,7 +262,7 @@
           NextIrpEntry = RemoveHeadList(&FCB->PendingIrpList[FUNCTION_RECV]);
           NextIrp = CONTAINING_RECORD(NextIrpEntry, IRP, Tail.Overlay.ListEntry);
                NextIrpSp = IoGetCurrentIrpStackLocation(NextIrp);
-               RecvReq = NextIrpSp->Parameters.DeviceIoControl.Type3InputBuffer;
+               RecvReq = GetLockedData(NextIrp, NextIrpSp);
           NextIrp->IoStatus.Status = STATUS_FILE_CLOSED;
           NextIrp->IoStatus.Information = 0;
           UnlockBuffers(RecvReq->BufferArray, RecvReq->BufferCount, FALSE);
@@ -378,7 +369,7 @@
     NTSTATUS Status = STATUS_SUCCESS;
     PIO_STACK_LOCATION IrpSp = IoGetCurrentIrpStackLocation( Irp );
     PAFD_RECV_INFO RecvReq =
-		IrpSp->Parameters.DeviceIoControl.Type3InputBuffer;
+        GetLockedData(Irp, IrpSp);
     UINT BytesToCopy = 0, BytesAvailable = DatagramRecv->Len, AddrLen = 0;
     PAFD_MAPBUF Map;
@@ -438,26 +429,23 @@
    							Map[0].BufferAddress,
    							BytesToCopy));
-		/* OskitDumpBuffer
-		   ( FCB->Recv.Window + FCB->Recv.BytesUsed, BytesToCopy ); */
-
    	RtlCopyMemory( Map[0].BufferAddress,
-					   FCB->Recv.Window + FCB->Recv.BytesUsed,
+					   DatagramRecv->Buffer,
    				   BytesToCopy );
MmUnmapLockedPages( Map[0].BufferAddress, Map[0].Mdl );
*TotalBytesCopied = BytesToCopy;
-
-        if (!(RecvReq->TdiFlags & TDI_RECEIVE_PEEK)) {
-            FCB->Recv.BytesUsed = 0;
-        }
     }
Status = Irp->IoStatus.Status = STATUS_SUCCESS;
     Irp->IoStatus.Information = BytesToCopy;
-    ExFreePool( DatagramRecv->Address );
-    ExFreePool( DatagramRecv );
+    
+    if (!(RecvReq->TdiFlags & TDI_RECEIVE_PEEK))
+    {
+        ExFreePool( DatagramRecv->Address );
+        ExFreePool( DatagramRecv );
+    }
AFD_DbgPrint(MID_TRACE,("Done\n"));
@@ -484,6 +472,7 @@
     if( !SocketAcquireStateLock( FCB ) )
         return STATUS_FILE_CLOSED;
+    ASSERT(FCB->ReceiveIrp.InFlightRequest == Irp);
     FCB->ReceiveIrp.InFlightRequest = NULL;
if( FCB->State == SOCKET_STATE_CLOSED ) {
@@ -492,7 +481,7 @@
           NextIrpEntry = RemoveHeadList(&FCB->PendingIrpList[FUNCTION_RECV]);
           NextIrp = CONTAINING_RECORD(NextIrpEntry, IRP, Tail.Overlay.ListEntry);
           NextIrpSp = IoGetCurrentIrpStackLocation( NextIrp );
-	       RecvReq = NextIrpSp->Parameters.DeviceIoControl.Type3InputBuffer;
+           RecvReq = GetLockedData(NextIrp, NextIrpSp);
           NextIrp->IoStatus.Status = STATUS_FILE_CLOSED;
           NextIrp->IoStatus.Information = 0;
           UnlockBuffers(RecvReq->BufferArray, RecvReq->BufferCount, FALSE);
@@ -511,6 +500,12 @@
SocketStateUnlock( FCB );
    return STATUS_FILE_CLOSED;
+    }
+    
+    if (Irp->IoStatus.Status != STATUS_SUCCESS)
+    {
+        SocketStateUnlock(FCB);
+        return Irp->IoStatus.Status;
     }
DatagramRecv = ExAllocatePool( NonPagedPool, DGSize );
@@ -547,7 +542,7 @@
    	ListEntry = RemoveHeadList( &FCB->PendingIrpList[FUNCTION_RECV] );
    	NextIrp = CONTAINING_RECORD( ListEntry, IRP, Tail.Overlay.ListEntry );
    	NextIrpSp = IoGetCurrentIrpStackLocation( NextIrp );
-		RecvReq = NextIrpSp->Parameters.DeviceIoControl.Type3InputBuffer;
+		RecvReq = GetLockedData(NextIrp, NextIrpSp);
AFD_DbgPrint(MID_TRACE,("RecvReq: %x, DatagramRecv: %x\n",
    							RecvReq, DatagramRecv));
@@ -567,6 +562,11 @@
    		Status = SatisfyPacketRecvRequest
    			( FCB, NextIrp, DatagramRecv,
    			  (PUINT)&NextIrp->IoStatus.Information );
+            if (RecvReq->TdiFlags & TDI_RECEIVE_PEEK)
+            {
+                InsertHeadList(&FCB->DatagramList,
+                               &DatagramRecv->ListEntry);
+            }
    		AFD_DbgPrint(MID_TRACE,("Unlocking\n"));
    		UnlockBuffers( RecvReq->BufferArray, RecvReq->BufferCount, TRUE );
             if ( NextIrp->MdlAddress ) UnlockRequest( NextIrp, IoGetCurrentIrpStackLocation( NextIrp ) );
@@ -664,6 +664,12 @@
    		Status = SatisfyPacketRecvRequest
    			( FCB, Irp, DatagramRecv,
    			  (PUINT)&Irp->IoStatus.Information );
+            
+            if (RecvReq->TdiFlags & TDI_RECEIVE_PEEK)
+            {
+                InsertHeadList(&FCB->DatagramList,
+                               &DatagramRecv->ListEntry);
+            }
if( !IsListEmpty( &FCB->DatagramList ) ) {
    			FCB->PollState |= AFD_EVENT_RECEIVE;
Modified: branches/GSoC_2011/TcpIpDriver/drivers/network/afd/afd/tdi.c
URL: http://svn.reactos.org/svn/reactos/branches/GSoC_2011/TcpIpDriver/drivers/ne...
==============================================================================
--- branches/GSoC_2011/TcpIpDriver/drivers/network/afd/afd/tdi.c [iso-8859-1] (original)
+++ branches/GSoC_2011/TcpIpDriver/drivers/network/afd/afd/tdi.c [iso-8859-1] Sat Jun 11 13:24:33 2011
@@ -334,11 +334,12 @@
    NTSTATUS Status;
AFD_DbgPrint(MAX_TRACE, ("Called\n"));
+    
+    ASSERT(*Irp == NULL);
if (!ConnectionObject)
     {
    	AFD_DbgPrint(MIN_TRACE, ("Bad connection object.\n"));
-		*Irp = NULL;
    	return STATUS_INVALID_PARAMETER;
    }
@@ -346,7 +347,6 @@
    if (!DeviceObject)
     {
         AFD_DbgPrint(MIN_TRACE, ("Bad device object.\n"));
-        *Irp = NULL;
         return STATUS_INVALID_PARAMETER;
    }
@@ -503,11 +503,12 @@
AFD_DbgPrint(MAX_TRACE, ("[AFD, TDIListen] Called\n"));
     DbgPrint("[AFD, TDIListen] Called\n");
+    
+    ASSERT(*Irp == NULL);
if (!ConnectionObject)
     {
    	AFD_DbgPrint(MIN_TRACE, ("Bad connection object.\n"));
-		*Irp = NULL;
    	return STATUS_INVALID_PARAMETER;
    }
@@ -515,7 +516,6 @@
    if (!DeviceObject)
     {
         AFD_DbgPrint(MIN_TRACE, ("Bad device object.\n"));
-        *Irp = NULL;
         return STATUS_INVALID_PARAMETER;
    }
@@ -914,17 +914,17 @@
     PDEVICE_OBJECT DeviceObject;
     NTSTATUS Status = STATUS_SUCCESS;
     PMDL Mdl;
+    
+    ASSERT(*Irp == NULL);
if (!TransportObject) {
    	AFD_DbgPrint(MIN_TRACE, ("Bad transport object.\n"));
-		*Irp = NULL;
    	return STATUS_INVALID_PARAMETER;
     }
DeviceObject = IoGetRelatedDeviceObject(TransportObject);
     if (!DeviceObject) {
         AFD_DbgPrint(MIN_TRACE, ("Bad device object.\n"));
-        *Irp = NULL;
         return STATUS_INVALID_PARAMETER;
     }
@@ -995,17 +995,17 @@
     NTSTATUS Status = STATUS_SUCCESS;
     PDEVICE_OBJECT DeviceObject;
     PMDL Mdl;
+    
+    ASSERT(*Irp == NULL);
if (!TransportObject) {
    	AFD_DbgPrint(MIN_TRACE, ("Bad transport object.\n"));
-		*Irp = NULL;
    	return STATUS_INVALID_PARAMETER;
     }
DeviceObject = IoGetRelatedDeviceObject(TransportObject);
     if (!DeviceObject) {
         AFD_DbgPrint(MIN_TRACE, ("Bad device object.\n"));
-        *Irp = NULL;
         return STATUS_INVALID_PARAMETER;
     }
@@ -1095,17 +1095,17 @@
     PDEVICE_OBJECT DeviceObject;
     NTSTATUS Status;
     PMDL Mdl;
+    
+    ASSERT(*Irp == NULL);
if (!TransportObject) {
    	AFD_DbgPrint(MIN_TRACE, ("Bad tranport object.\n"));
-		*Irp = NULL;
    	return STATUS_INVALID_PARAMETER;
     }
DeviceObject = IoGetRelatedDeviceObject(TransportObject);
     if (!DeviceObject) {
         AFD_DbgPrint(MIN_TRACE, ("Bad device object.\n"));
-        *Irp = NULL;
         return STATUS_INVALID_PARAMETER;
     }
@@ -1191,10 +1191,11 @@
     PDEVICE_OBJECT DeviceObject;
     NTSTATUS Status;
     PMDL Mdl;
+    
+    ASSERT(*Irp == NULL);
if (!TransportObject) {
    	AFD_DbgPrint(MIN_TRACE, ("Bad transport object.\n"));
-		*Irp = NULL;
    	return STATUS_INVALID_PARAMETER;
     }
@@ -1203,7 +1204,6 @@
     DeviceObject = IoGetRelatedDeviceObject(TransportObject);
     if (!DeviceObject) {
         AFD_DbgPrint(MIN_TRACE, ("Bad device object.\n"));
-        *Irp = NULL;
         return STATUS_INVALID_PARAMETER;
     }
Modified: branches/GSoC_2011/TcpIpDriver/drivers/network/afd/afd/write.c
URL: http://svn.reactos.org/svn/reactos/branches/GSoC_2011/TcpIpDriver/drivers/ne...
==============================================================================
--- branches/GSoC_2011/TcpIpDriver/drivers/network/afd/afd/write.c [iso-8859-1] (original)
+++ branches/GSoC_2011/TcpIpDriver/drivers/network/afd/afd/write.c [iso-8859-1] Sat Jun 11 13:24:33 2011
@@ -23,7 +23,7 @@
     PIO_STACK_LOCATION NextIrpSp;
     PAFD_SEND_INFO SendReq = NULL;
     PAFD_MAPBUF Map;
-    UINT TotalBytesCopied = 0, SpaceAvail, i, CopySize = 0;
+    UINT TotalBytesCopied = 0, SpaceAvail, i;
/*
      * The Irp parameter passed in is the IRP of the stream between AFD and
@@ -41,6 +41,7 @@
     if( !SocketAcquireStateLock( FCB ) )
         return STATUS_FILE_CLOSED;
+    ASSERT(FCB->SendIrp.InFlightRequest == Irp);
     FCB->SendIrp.InFlightRequest = NULL;
     /* Request is not in flight any longer */
@@ -50,7 +51,7 @@
           NextIrpEntry = RemoveHeadList(&FCB->PendingIrpList[FUNCTION_SEND]);
           NextIrp = CONTAINING_RECORD(NextIrpEntry, IRP, Tail.Overlay.ListEntry);
           NextIrpSp = IoGetCurrentIrpStackLocation( NextIrp );
-	       SendReq = NextIrpSp->Parameters.DeviceIoControl.Type3InputBuffer;
+           SendReq = GetLockedData(NextIrp, NextIrpSp);
           NextIrp->IoStatus.Status = STATUS_FILE_CLOSED;
           NextIrp->IoStatus.Information = 0;
           UnlockBuffers(SendReq->BufferArray, SendReq->BufferCount, FALSE);
@@ -71,7 +72,7 @@
    		NextIrp =
    			CONTAINING_RECORD(NextIrpEntry, IRP, Tail.Overlay.ListEntry);
    		NextIrpSp = IoGetCurrentIrpStackLocation( NextIrp );
-			SendReq = NextIrpSp->Parameters.DeviceIoControl.Type3InputBuffer;
+			SendReq = GetLockedData(NextIrp, NextIrpSp);
UnlockBuffers( SendReq->BufferArray,
    					   SendReq->BufferCount,
@@ -95,37 +96,60 @@
    			   FCB->Send.BytesUsed - Irp->IoStatus.Information );
     FCB->Send.BytesUsed -= Irp->IoStatus.Information;
-    if( !FCB->Send.BytesUsed &&
-		!IsListEmpty( &FCB->PendingIrpList[FUNCTION_SEND] ) ) {
+    while( !IsListEmpty( &FCB->PendingIrpList[FUNCTION_SEND] ) ) {
    	NextIrpEntry =
    		RemoveHeadList(&FCB->PendingIrpList[FUNCTION_SEND]);
    	NextIrp =
    		CONTAINING_RECORD(NextIrpEntry, IRP, Tail.Overlay.ListEntry);
    	NextIrpSp = IoGetCurrentIrpStackLocation( NextIrp );
-		SendReq = NextIrpSp->Parameters.DeviceIoControl.Type3InputBuffer;
+		SendReq = GetLockedData(NextIrp, NextIrpSp);
    	Map = (PAFD_MAPBUF)(SendReq->BufferArray + SendReq->BufferCount);
AFD_DbgPrint(MID_TRACE,("SendReq @ %x\n", SendReq));
SpaceAvail = FCB->Send.Size - FCB->Send.BytesUsed;
+        TotalBytesCopied = 0;
for( i = 0; i < SendReq->BufferCount; i++ ) {
+            if (SpaceAvail < SendReq->BufferArray[i].len)
+            {
+                InsertHeadList(&FCB->PendingIrpList[FUNCTION_SEND],
+                               &NextIrp->Tail.Overlay.ListEntry);
+                NextIrp = NULL;
+                break;
+            }
    		Map[i].BufferAddress =
    			MmMapLockedPages( Map[i].Mdl, KernelMode );
-			CopySize = MIN( SpaceAvail,
-							SendReq->BufferArray[i].len );
-
    		RtlCopyMemory( FCB->Send.Window + FCB->Send.BytesUsed,
    					   Map[i].BufferAddress,
-						   CopySize );
+						   SendReq->BufferArray[i].len );
MmUnmapLockedPages( Map[i].BufferAddress, Map[i].Mdl );
-			FCB->Send.BytesUsed += CopySize;
-			TotalBytesCopied += CopySize;
-			SpaceAvail -= CopySize;
+			TotalBytesCopied += SendReq->BufferArray[i].len;
+			SpaceAvail -= SendReq->BufferArray[i].len;
    	}
+
+        if (NextIrp != NULL)
+        {
+            FCB->Send.BytesUsed += TotalBytesCopied;
+
+            NextIrp->IoStatus.Status = STATUS_SUCCESS;
+            NextIrp->IoStatus.Information = TotalBytesCopied;
+
+            (void)IoSetCancelRoutine(NextIrp, NULL);
+
+            UnlockBuffers( SendReq->BufferArray,
+                           SendReq->BufferCount,
+                           FALSE );
+
+            if (NextIrp->MdlAddress) UnlockRequest(NextIrp, NextIrpSp);
+
+            IoCompleteRequest(NextIrp, IO_NETWORK_INCREMENT);
+        }
+        else
+            break;
     }
/* Some data is still waiting */
@@ -146,22 +170,6 @@
    	PollReeval( FCB->DeviceExt, FCB->FileObject );
     }
-    if( TotalBytesCopied > 0 ) {
-		UnlockBuffers( SendReq->BufferArray, SendReq->BufferCount, FALSE );
-
-		if( Status == STATUS_PENDING )
-			Status = STATUS_SUCCESS;
-
-		AFD_DbgPrint(MID_TRACE,("Dismissing request: %x\n", Status));
-
-		return UnlockAndMaybeComplete( FCB, Status, NextIrp, TotalBytesCopied );
-    } else if( NextIrp ) {
-		AFD_DbgPrint(MID_TRACE,("Could not do any more with Irp %x\n",
-								NextIrp));
-		InsertHeadList( &FCB->PendingIrpList[FUNCTION_SEND],
-						&NextIrp->Tail.Overlay.ListEntry );
-    }
-
     SocketStateUnlock( FCB );
return STATUS_SUCCESS;
@@ -182,6 +190,7 @@
     if( !SocketAcquireStateLock( FCB ) )
         return STATUS_FILE_CLOSED;
+    ASSERT(FCB->SendIrp.InFlightRequest == Irp);
     FCB->SendIrp.InFlightRequest = NULL;
     /* Request is not in flight any longer */
@@ -220,8 +229,8 @@
     PAFD_FCB FCB = FileObject->FsContext;
     PAFD_SEND_INFO SendReq;
    ULONG Information;
-    UINT TotalBytesCopied = 0, i, CopySize = 0,
-		SpaceAvail = 0, TotalBytesEncountered = 0;
+    UINT TotalBytesCopied = 0, i, SpaceAvail = 0;
+    BOOLEAN NoSpace = FALSE;
AFD_DbgPrint(MID_TRACE,("Called on %x\n", FCB));
@@ -309,76 +318,87 @@
     AFD_DbgPrint(MID_TRACE,("FCB->Send.BytesUsed = %d\n",
    						FCB->Send.BytesUsed));
-    if( !FCB->Send.BytesUsed ) {
-		SpaceAvail = FCB->Send.Size - FCB->Send.BytesUsed;
-
-		AFD_DbgPrint(MID_TRACE,("We can accept %d bytes\n",
-								SpaceAvail));
-
-		for( i = 0; FCB->Send.BytesUsed < FCB->Send.Size &&
-				 i < SendReq->BufferCount; i++ ) {
-			CopySize = MIN( SpaceAvail,
-							SendReq->BufferArray[i].len );
-
-			TotalBytesEncountered += SendReq->BufferArray[i].len;
-
-			AFD_DbgPrint(MID_TRACE,("Copying Buffer %d, %x:%d to %x\n",
-									i,
-									SendReq->BufferArray[i].buf,
-									CopySize,
-									FCB->Send.Window + FCB->Send.BytesUsed));
-
-			RtlCopyMemory( FCB->Send.Window + FCB->Send.BytesUsed,
-						   SendReq->BufferArray[i].buf,
-						   CopySize );
-
-			FCB->Send.BytesUsed += CopySize;
-			TotalBytesCopied += CopySize;
-			SpaceAvail -= CopySize;
-		}
-
-		if( TotalBytesEncountered == 0 ) {
-			UnlockBuffers( SendReq->BufferArray, SendReq->BufferCount, FALSE );
-
-			AFD_DbgPrint(MID_TRACE,("Empty send\n"));
-			return UnlockAndMaybeComplete
-				( FCB, Status, Irp, TotalBytesCopied );
-		}
-
-		AFD_DbgPrint(MID_TRACE,("Completed %d bytes\n", TotalBytesCopied));
-
-		if( TotalBytesCopied > 0 ) {
-			UnlockBuffers( SendReq->BufferArray, SendReq->BufferCount, FALSE );
-
-			Status = TdiSend( &FCB->SendIrp.InFlightRequest,
-							  FCB->Connection.Object,
-							  0,
-							  FCB->Send.Window,
-							  FCB->Send.BytesUsed,
-							  &FCB->SendIrp.Iosb,
-							  SendComplete,
-							  FCB );
-
-			if( Status == STATUS_PENDING )
-				Status = STATUS_SUCCESS;
-
-			AFD_DbgPrint(MID_TRACE,("Dismissing request: %x (%d)\n",
-									Status, TotalBytesCopied));
-
-			return UnlockAndMaybeComplete
-				( FCB, Status, Irp, TotalBytesCopied );
-		}
-    }
-
-    if( SendReq->AfdFlags & AFD_IMMEDIATE ) {
-		AFD_DbgPrint(MID_TRACE,("Nonblocking\n"));
-		UnlockBuffers( SendReq->BufferArray, SendReq->BufferCount, FALSE );
-		return UnlockAndMaybeComplete
+    SpaceAvail = FCB->Send.Size - FCB->Send.BytesUsed;
+        
+    AFD_DbgPrint(MID_TRACE,("We can accept %d bytes\n",
+                            SpaceAvail));
+    
+    for( i = 0; FCB->Send.BytesUsed < FCB->Send.Size &&
+        i < SendReq->BufferCount; i++ ) {
+        
+        if (SpaceAvail < SendReq->BufferArray[i].len)
+        {
+            if (FCB->Send.BytesUsed + TotalBytesCopied + 
+                SendReq->BufferArray[i].len > FCB->Send.Size)
+            {
+                UnlockBuffers( SendReq->BufferArray, SendReq->BufferCount, FALSE );
+                
+                return UnlockAndMaybeComplete(FCB, STATUS_BUFFER_OVERFLOW, Irp, 0);
+            }
+            NoSpace = TRUE;
+            break;
+        }
+        
+        AFD_DbgPrint(MID_TRACE,("Copying Buffer %d, %x:%d to %x\n",
+                                i,
+                                SendReq->BufferArray[i].buf,
+                                SendReq->BufferArray[i].len,
+                                FCB->Send.Window + FCB->Send.BytesUsed));
+        
+        RtlCopyMemory( FCB->Send.Window + FCB->Send.BytesUsed,
+                      SendReq->BufferArray[i].buf,
+                      SendReq->BufferArray[i].len );
+        
+        TotalBytesCopied += SendReq->BufferArray[i].len;
+        SpaceAvail -= SendReq->BufferArray[i].len;
+    }
+    
+    if( TotalBytesCopied == 0 ) {
+        AFD_DbgPrint(MID_TRACE,("Empty send\n"));
+        UnlockBuffers( SendReq->BufferArray, SendReq->BufferCount, FALSE );
+        return UnlockAndMaybeComplete
+        ( FCB, STATUS_SUCCESS, Irp, TotalBytesCopied );
+    }
+    
+    if (!NoSpace)
+    {
+        UnlockBuffers( SendReq->BufferArray, SendReq->BufferCount, FALSE );
+        FCB->Send.BytesUsed += TotalBytesCopied;
+        AFD_DbgPrint(MID_TRACE,("Completed %d bytes\n", TotalBytesCopied));
+    }
+    else
+    {
+        if( SendReq->AfdFlags & AFD_IMMEDIATE ) {
+            AFD_DbgPrint(MID_TRACE,("Nonblocking\n"));
+            UnlockBuffers( SendReq->BufferArray, SendReq->BufferCount, FALSE );
+            return UnlockAndMaybeComplete
    		( FCB, STATUS_CANT_WAIT, Irp, 0 );
-    } else {
-		AFD_DbgPrint(MID_TRACE,("Queuing request\n"));
-		return LeaveIrpUntilLater( FCB, Irp, FUNCTION_SEND );
-    }
+        } else {
+            AFD_DbgPrint(MID_TRACE,("Queuing request\n"));
+            return LeaveIrpUntilLater( FCB, Irp, FUNCTION_SEND );
+        }
+    }
+        
+    if (!FCB->SendIrp.InFlightRequest)
+    {
+        Status = TdiSend( &FCB->SendIrp.InFlightRequest,
+                         FCB->Connection.Object,
+                         0,
+                         FCB->Send.Window,
+                         FCB->Send.BytesUsed,
+                         &FCB->SendIrp.Iosb,
+                         SendComplete,
+                         FCB );
+        
+        if( Status == STATUS_PENDING )
+            Status = STATUS_SUCCESS;
+        
+        AFD_DbgPrint(MID_TRACE,("Dismissing request: %x (%d)\n",
+                                Status, TotalBytesCopied));
+    }
+    
+    return UnlockAndMaybeComplete
+    ( FCB, Status, Irp, TotalBytesCopied );
 }
NTSTATUS NTAPI
@@ -396,12 +416,32 @@
     if( !SocketAcquireStateLock( FCB ) ) return LostSocket( Irp );
/* Check that the socket is bound */
-    if( FCB->State != SOCKET_STATE_BOUND )
+    if( FCB->State != SOCKET_STATE_BOUND &&
+        FCB->State != SOCKET_STATE_CREATED)
    	return UnlockAndMaybeComplete
    		( FCB, STATUS_INVALID_PARAMETER, Irp, 0 );
     if( !(SendReq = LockRequest( Irp, IrpSp )) )
    	return UnlockAndMaybeComplete
    		( FCB, STATUS_NO_MEMORY, Irp, 0 );
+    
+    if (FCB->State == SOCKET_STATE_CREATED)
+    {
+        if( FCB->LocalAddress ) ExFreePool( FCB->LocalAddress );
+        FCB->LocalAddress =
+        TaBuildNullTransportAddress( ((PTRANSPORT_ADDRESS)SendReq->TdiConnection.RemoteAddress)->
+                                      Address[0].AddressType );
+        
+        if( FCB->LocalAddress ) {
+            Status = WarmSocketForBind( FCB );
+            
+            if( NT_SUCCESS(Status) )
+                FCB->State = SOCKET_STATE_BOUND;
+            else
+                return UnlockAndMaybeComplete( FCB, Status, Irp, 0 );
+        } else
+            return UnlockAndMaybeComplete
+            ( FCB, STATUS_NO_MEMORY, Irp, 0 );
+    }
SendReq->BufferArray = LockBuffers( SendReq->BufferArray,
                                         SendReq->BufferCount,
Modified: branches/GSoC_2011/TcpIpDriver/drivers/network/afd/include/afd.h
URL: http://svn.reactos.org/svn/reactos/branches/GSoC_2011/TcpIpDriver/drivers/ne...
==============================================================================
--- branches/GSoC_2011/TcpIpDriver/drivers/network/afd/include/afd.h [iso-8859-1] (original)
+++ branches/GSoC_2011/TcpIpDriver/drivers/network/afd/include/afd.h [iso-8859-1] Sat Jun 11 13:24:33 2011
@@ -300,6 +300,7 @@
 VOID UnlockHandles( PAFD_HANDLE HandleArray, UINT HandleCount );
 PVOID LockRequest( PIRP Irp, PIO_STACK_LOCATION IrpSp );
 VOID UnlockRequest( PIRP Irp, PIO_STACK_LOCATION IrpSp );
+PVOID GetLockedData( PIRP Irp, PIO_STACK_LOCATION IrpSp );
/* main.c */
Modified: branches/GSoC_2011/TcpIpDriver/drivers/network/tcpip/tcpip/fileobjs.c
URL: http://svn.reactos.org/svn/reactos/branches/GSoC_2011/TcpIpDriver/drivers/ne...
==============================================================================
--- branches/GSoC_2011/TcpIpDriver/drivers/network/tcpip/tcpip/fileobjs.c [iso-8859-1] (original)
+++ branches/GSoC_2011/TcpIpDriver/drivers/network/tcpip/tcpip/fileobjs.c [iso-8859-1] Sat Jun 11 13:24:33 2011
@@ -392,9 +392,9 @@
       TCPClose( AddrFile->Listener );
   }
+  DereferenceObject(AddrFile);
+
   UnlockObject(AddrFile, OldIrql);
-
-  DereferenceObject(AddrFile);
TI_DbgPrint(MAX_TRACE, ("Leaving.\n"));
   DbgPrint("[TCPIP, FileCloseAddress] Leaving\n");
Modified: branches/GSoC_2011/TcpIpDriver/lib/drivers/ip/transport/tcp/event.c
URL: http://svn.reactos.org/svn/reactos/branches/GSoC_2011/TcpIpDriver/lib/driver...
==============================================================================
--- branches/GSoC_2011/TcpIpDriver/lib/drivers/ip/transport/tcp/event.c [iso-8859-1] (original)
+++ branches/GSoC_2011/TcpIpDriver/lib/drivers/ip/transport/tcp/event.c [iso-8859-1] Sat Jun 11 13:24:33 2011
@@ -41,7 +41,8 @@
DbgPrint("Flushing recv/all with status: 0x%x\n", Status);
-    while ((Entry = ExInterlockedRemoveHeadList(&Connection->ReceiveRequest, &Connection->Lock))) {
+    while ((Entry = ExInterlockedRemoveHeadList(&Connection->ReceiveRequest, &Connection->Lock)))
+    {
         Bucket = CONTAINING_RECORD( Entry, TDI_BUCKET, Entry );
TI_DbgPrint(DEBUG_TCP,
@@ -58,7 +59,8 @@
         ExFreePoolWithTag(Bucket, TDI_BUCKET_TAG);
     }
-    if (Status == STATUS_SUCCESS) Status = STATUS_FILE_CLOSED;
+    if (Status == STATUS_SUCCESS)
+        Status = STATUS_FILE_CLOSED;
while ((Entry = ExInterlockedRemoveHeadList(&Connection->ListenRequest, &Connection->Lock)))
     {

    