Enhancement idea: cancel-safe IRP queueing #553
Description
Npcap currently allows all IRPs to be handled concurrently, necessitating a lot of individual spinlocks and interlocked operations. Additionally, IRPs that result in sending packets (IRP_MJ_WRITE as well as IRP_MJ_DEVICE_CONTROL with code BIOCSENDPACKETSNOSYNC) are limited to sequential processing with the WriteInProgress flag which causes writes that come in while another is processing to be rejected with STATUS_DEVICE_BUSY. Read IRPs, on the other hand, could conceivably be issued by threads on 2 separate processors which would result in captured packets being dealt to each semi-randomly, where neither one gets a sequential set of packets.
I believe we could resolve these issues by using IRP queuing so that IRPs that contend for resources are processed sequentially, and others can be processed immediately. The IoCsq* functions provide an easy-to-use cancel-safe IRP queue which would give us further benefit of allowing user code to cancel IRPs when needed. I haven't tested to confirm, but this might resolve most of the "can't stop the driver because someone is using it" issues we run into in installation.