过滤VoIP / SIP活动的最佳方法是什么？ [英] What is the best way to filter VoIP/SIP activity?

问题描述

我是世界粮食计划署的新手。我已经阅读了在线文档和示例代码，但我不确定我对WFP的了解是否足以做出任何技术决定。

Hi, I am new to WFP area. I have read online document and sample code, but I am not sure if my knowledge about WFP is good enough to make any technical decisions yet.

我想做的是获得一个发生VoIP活动时的通知。例如，我想知道Skype或Lync呼叫何时到达。

What I would like to do is to get a notification when a VoIP activity has occurred. For example, I would like to know when Skype or Lync call has arrived.

监控VoIP / SIP活动的最佳方法是什么？我是否必须为此构建内核驱动程序？我的驱动程序应该过滤哪一层？

What is the best way to monitor VoIP/SIP activity? Do I have to build a kernel driver for this? Which layer should my driver to filter?

无需编写内核WFP标注驱动程序就可以实现我的目标吗？

Is there anyway to achieve my goal without writing a kernel WFP callout driver?

RTC（实时通信）框架怎么样？ ？我知道我可以使用RTC API编写类似Skype的应用程序，但我不确定RTC是否有能力监控SIP协议。

What about RTC (Real Time Communication) framework? I know that I can write a Skype like application using RTC APIs, but I am not sure if RTC has any capability to monitor SIP protocol.

谢谢，

zhong

推荐答案

WFP适用于所有TCP / IP堆栈过滤需求。

WFP is meant for all of your TCP/IP stack filtering needs.

静态过滤（无内核驱动程序）仅用于根据预定义条件阻塞/允许流量（即IPPACKET层公开本地和远程地址）。

Static filtering (no kernel driver) is only used to BLOCK / ALLOW traffic based on predefined conditions (i.e. IPPACKET layers expose the local and remote addresses).

为了做其他事情（检查，修改等），你需要一个内核标注驱动程序。

In order to do anything else (examine, modify, etc), then you need a kernel callout driver.

你可以使用WFP的审计（和允许过滤器）  ;要确定是否发生了Skype或Lync呼叫，但这不是很有效，我怀疑你想要什么。

You could use WFP's auditing (and allow filters) to find out if a Skype or Lync call has occurred, however this isn't very efficient, and I doubt what you are wanting.

我建议坐在ALE_AUTH_RECV_ACCEPT的呼出司机（来电）。 然后，callout可以根据连接执行您需要执行的任何操作（即将连接信息记录到安全日志中）。 如果你想监视
连接它的耐久性，那么你会坐在更多的层......

I would suggest a callout driver sitting at ALE_AUTH_RECV_ACCEPT (for incoming calls).  The callout can then do whatever you need it to do based on the connection (i.e. log the connection information to a security log).  If you want to monitor the connection for it's endurance, then you would sit at more layers...

我建议看一下
WFPSampler 。  （
BASIC_PACKET_EXAMINATION 场景可能是你最好的起点。）

I suggest taking a look at the WFPSampler.  (The BASIC_PACKET_EXAMINATION scenario is likely your best starting point).

希望这会有所帮助，

这篇关于过滤VoIP / SIP活动的最佳方法是什么？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！