Windows过滤平台按IP删除数据包 [英] Windows Filtering Platform Dropping Packets By IP
本文介绍了Windows过滤平台按IP删除数据包的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
目前,我已经使用C ++通过Winsocks捕获了分组网卡
所以,我想根据目标IP地址使用C ++丢弃数据包
Currently, I have captured packet network card using C++ by Winsocks
So ,I want to drop packets using C ++ based on the destination IP address
我如何使用 Windows过滤平台 drop
packet?
帮助我
How can i use Windows Filtering Platform drop
packet ?
help me
推荐答案
我建议初学者阅读世界粮食计划署文件:
I suggest for starters reading over the WFP documentation:
SDK:
http://msdn.microsoft.com/en-us/library/aa366510(VS.85).aspx
DDK:
http://msdn.microsoft.com/en-us/library/ff571067 .aspx
这是一段(用户模式)代码,可以帮助您入门:
Here's a piece of (user-mode) code to get you started:
#include <windows.h> /// Include\UM#include <stdio.h> /// Inc\CRT#include <wchar.h> /// Inc\CRT#include <fwpmu.h> /// Include\UMstatic const GUID CONTOSO_PROVIDER = { /* 746E6F43-736F-5F6F-5072-6F7669646572 */ 0x746E6F43, 0x736F, 0x5F6F, {0x50, 0x72, 0x6F, 0x76, 0x69, 0x64, 0x65, 0x72}};static const GUID CONTOSO_SUBLAYER = { /* 746E6F43-736F-5F6F-5375-626C61796572 */ 0x746E6F43, 0x736F, 0x5F6F, {0x53, 0x75, 0x62, 0x6C, 0x61, 0x79, 0x65, 0x72}};int __cdecl wmain(__in const int argumentCount, __in_ecount(argumentCount) PCWSTR pArguments[]){ UNREFERENCED_PARAMETER(argumentCount); UNREFERENCED_PARAMETER(pArguments); UINT32 status = NO_ERROR; HANDLE engineHandle = 0; status = FwpmEngineOpen(0, RPC_C_AUTHN_WINNT, 0, 0, &engineHandle); if(engineHandle) { FWPM_PROVIDER provider = {0}; FWPM_SUBLAYER subLayer = {0}; FWPM_FILTER_CONDITION filterCondition = {0}; FWPM_FILTER filter = {0}; provider.providerKey = CONTOSO_PROVIDER; provider.displayData.name = L"Contoso"; subLayer.subLayerKey = CONTOSO_SUBLAYER; subLayer.displayData.name = L"Contoso's sublayer"; subLayer.providerKey = &(provider.providerKey); subLayer.weight = 0x7FFF; filterCondition.fieldKey = FWPM_CONDITION_IP_REMOTE_PORT; filterCondition.matchType = FWP_MATCH_EQUAL; filterCondition.conditionValue.type = FWP_UINT16; filterCondition.conditionValue.uint16 = 80; filter.displayData.name = L"Blocks connect attempts to IPv4 Port 80"; filter.providerKey = &(provider.providerKey); filter.layerKey = FWPM_LAYER_ALE_AUTH_CONNECT_V4; filter.numFilterConditions = 1; filter.filterCondition = &filterCondition; filter.action.type = FWP_ACTION_BLOCK; status = FwpmTransactionBegin(engineHandle, 0); if(status != NO_ERROR) { wprintf(L"FwpmProviderAdd() [status: %#x]", status); goto EXIT; } status = FwpmProviderAdd(engineHandle, &provider, 0); if(status != NO_ERROR) { wprintf(L"FwpmProviderAdd() [status: %#x]", status); goto EXIT; } status = FwpmSubLayerAdd(engineHandle, &subLayer, 0); if(status != NO_ERROR) { wprintf(L"FwpmSubLayerAdd() [status: %#x]", status); goto EXIT; } status = FwpmFilterAdd(engineHandle, &filter, 0, &(filter.filterId)); if(status != NO_ERROR) { wprintf(L"FwpmFilterAdd() [status: %#x]", status); goto EXIT; } status = FwpmTransactionCommit(engineHandle); if(status == NO_ERROR) { wprintf(L"Hit Any Key To Exit"); _getwch(); } EXIT: if(status != NO_ERROR) FwpmTransactionAbort(engineHandle); else { FwpmFilterDeleteById(engineHandle, filter.filterId); FwpmSubLayerDeleteByKey(engineHandle, &(subLayer.subLayerKey)); FwpmProviderDeleteByKey(engineHandle, &(provider.providerKey)); } FwpmEngineClose(engineHandle); } else wprintf(L"FwpmEngineOpen() [status: %#x]", status); return status;}
希望这会有所帮助,
这篇关于Windows过滤平台按IP删除数据包的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文