过滤VoIP / SIP活动的最佳方法是什么? [英] What is the best way to filter VoIP/SIP activity?
问题描述
我是世界粮食计划署的新手。我已经阅读了在线文档和示例代码,但我不确定我对WFP的了解是否足以做出任何技术决定。
Hi, I am new to WFP area. I have read online document and sample code, but I am not sure if my knowledge about WFP is good enough to make any technical decisions yet.
我想做的是获得一个发生VoIP活动时的通知。例如,我想知道Skype或Lync呼叫何时到达。
What I would like to do is to get a notification when a VoIP activity has occurred. For example, I would like to know when Skype or Lync call has arrived.
监控VoIP / SIP活动的最佳方法是什么?我是否必须为此构建内核驱动程序?我的驱动程序应该过滤哪一层?
What is the best way to monitor VoIP/SIP activity? Do I have to build a kernel driver for this? Which layer should my driver to filter?
无需编写内核WFP标注驱动程序就可以实现我的目标吗?
Is there anyway to achieve my goal without writing a kernel WFP callout driver?
RTC(实时通信)框架怎么样? ?我知道我可以使用RTC API编写类似Skype的应用程序,但我不确定RTC是否有能力监控SIP协议。
What about RTC (Real Time Communication) framework? I know that I can write a Skype like application using RTC APIs, but I am not sure if RTC has any capability to monitor SIP protocol.
谢谢,
zhong
推荐答案
WFP适用于所有TCP / IP堆栈过滤需求。
WFP is meant for all of your TCP/IP stack filtering needs.
静态过滤(无内核驱动程序)仅用于根据预定义条件阻塞/允许流量(即IPPACKET层公开本地和远程地址)。
Static filtering (no kernel driver) is only used to BLOCK / ALLOW traffic based on predefined conditions (i.e. IPPACKET layers expose the local and remote addresses).
为了做其他事情(检查,修改等),你需要一个内核标注驱动程序。
In order to do anything else (examine, modify, etc), then you need a kernel callout driver.
你可以使用WFP的审计(和允许过滤器)  ;要确定是否发生了Skype或Lync呼叫,但这不是很有效,我怀疑你想要什么。
You could use WFP's auditing (and allow filters) to find out if a Skype or Lync call has occurred, however this isn't very efficient, and I doubt what you are wanting.
我建议坐在ALE_AUTH_RECV_ACCEPT的呼出司机(来电)。 然后,callout可以根据连接执行您需要执行的任何操作(即将连接信息记录到安全日志中)。 如果你想监视
连接它的耐久性,那么你会坐在更多的层......
I would suggest a callout driver sitting at ALE_AUTH_RECV_ACCEPT (for incoming calls). The callout can then do whatever you need it to do based on the connection (i.e. log the connection information to a security log). If you want to monitor the connection for it's endurance, then you would sit at more layers...
我建议看一下
WFPSampler 。 (
BASIC_PACKET_EXAMINATION 场景可能是你最好的起点。)
I suggest taking a look at the WFPSampler. (The BASIC_PACKET_EXAMINATION scenario is likely your best starting point).
希望这会有所帮助,
这篇关于过滤VoIP / SIP活动的最佳方法是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!