在FWPM_LAYER_INGRESS_VSWITCH_TRANSPORT_V4层过滤数据 [英] filter data at FWPM_LAYER_INGRESS_VSWITCH_TRANSPORT_V4 layer

问题描述

我想根据特定关键字从Hyper-v上的虚拟机中过滤数据。是否可以？

I want to filter data from Virtual Machine on Hyper-v depending on specific keyword. Is it possible?

我可以通过从FWPM_LAYER_INGRESS_VSWITCH_TRANSPORT_V4层的callout函数返回FWP_ACTION_BLOCK来阻止来自VM的完整数据。

I could block complete data from VMs by just returning FWP_ACTION_BLOCK from the callout function at layer FWPM_LAYER_INGRESS_VSWITCH_TRANSPORT_V4.

推荐答案

指示的layerData是一个NET_BUFFER_LIST。 你会这样投出来的。 在INGRESS_VSWITCH_TRANSPORT_V {4 | 6}偏移量位于IP标头处。 这意味着如果您希望查看数据，那么您可以按照IP
标头的大小+运输标头的大小来推进NBL。 但要小心，数据包可能是IPsec或SSL加密的。

the layerData indicated is a NET_BUFFER_LIST.  you would cast it as such.  At INGRESS_VSWITCH_TRANSPORT_V{4 | 6} the offset is at the IP Header.  this means if you wish to see the data, then you would advance the NBL by the size of the IP Header + the size of the Transport Header.  Be wary though, that the packet may be IPsec or SSL encrypted.

你可以看看WFPSampler（ http://code.msdn.microsoft.com/Windows-Filtering-Platform-27553baa) 并查看如何完成（ClassifyFunctions_BasicPacketExamination.cpp）

you can look at the WFPSampler (http://code.msdn.microsoft.com/Windows-Filtering-Platform-27553baa) and see how this is done (ClassifyFunctions_BasicPacketExamination.cpp)

希望这有帮助

这篇关于在FWPM_LAYER_INGRESS_VSWITCH_TRANSPORT_V4层过滤数据的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！