如何在TCP入站层提取数据包? [英] How to extract packet at TCP inbound layer?

查看:216
本文介绍了如何在TCP入站层提取数据包?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述


我是第一次开发WFP驱动程序。高级体系结构是:具有IP过滤器的协议TCP应用于TCP入站和出站层。  过滤器在Out界面正常工作正常,但我在In bound层遇到问题。 


如果我的wfp驱动程序收到SYN + ACK TCP数据包,那么NET_BUFFER_DATA_LENGTH总会返回0。


这是正确的行为吗?


我认为应该在NET_BFFER_LIST的每个传入NetBuffer上完成撤退。


克隆NetBufferList并为每个克隆NetBufferList的NetBuffer调用以下代码。


代码片段为:


char  pBuffer [ 1500] ="";


      status = NdisRetreatNetBufferDataStart(

       pClonedNetBuffer,

      (pPendedPkt - > IpHeaderSize + pPendedPkt-> TransportHeaderSize),

       0,

        NULL

      );


  pktLen =(pPendedPkt-> IpHeaderSize + pPendedPkt-> TransportHeaderSize);

    pDst =(PUCHAR)pBuffer;

    pSrc = NdisGetDataBuffer(pNetBuffer,pktLen pDst,1,0);

  if(pSrc == NULL)

        {

            NdisAdvanceNetBufferDataStart(pClonedNetBuffer,

        (pPendedPkt-> IpHeaderSize + pPendedPkt-> TransportHeaderSize),

         FALSE,

         0

        );

           返回0;

            }


        if(pSrc!= pDst)

            {

            RtlCopyMemory((PUINT8)pBuffer,pSrc,pktLen);

            } b $ b


我希望,pBuffer应该有完整的完整IP包,但我从来没有得到它。


<你能告诉我在哪里做错了吗?


问候,


Anand Choubey

解决方案


我得到了解决方案。应该在克隆网络缓冲区列表之前完成撤退。


您能解释为什么在克隆之前应该进行撤退吗?


问候,


Anand Choubey



Hi,

I am developing WFP driver first time. High level architecture is: Protocol TCP with IP filter is applied at TCP Inbound and Outbound layers.  Filter is working fine at Out bound layer fine but I am facing issue at In bound layer. 

If my wfp driver  receives SYN+ACK TCP packet then NET_BUFFER_DATA_LENGTH always returns 0.

Is it right behaviour?

I figure out Retreat should be done on every incoming NetBuffer of NET_BFFER_LIST.

NetBufferList is cloned and calling following piece of code for each NetBuffer of Cloned NetBufferList.

Code snippet is:

char pBuffer[1500] = "";

     status = NdisRetreatNetBufferDataStart(
            pClonedNetBuffer,
            (pPendedPkt->IpHeaderSize + pPendedPkt->TransportHeaderSize),
            0,
            NULL
            );

  pktLen = (pPendedPkt->IpHeaderSize + pPendedPkt->TransportHeaderSize);
    pDst = (PUCHAR)pBuffer;
    pSrc = NdisGetDataBuffer(pNetBuffer, pktLen pDst, 1, 0);
  if (pSrc == NULL)
        {
            NdisAdvanceNetBufferDataStart(pClonedNetBuffer,
                (pPendedPkt->IpHeaderSize + pPendedPkt->TransportHeaderSize),
                FALSE,
                0
                );
            return 0;
            }

        if (pSrc != pDst)
            {
            RtlCopyMemory((PUINT8)pBuffer, pSrc, pktLen);
            }

I expect, pBuffer should have complete complete IP packet but I never get it.

Could you please let me know where I am doing wrong?

Regards,

Anand Choubey

解决方案

Hi,

I got the solution. Retreat should be done before cloning the net buffer list.

Could you please explain why retreat should be done before cloning?

Regards,

Anand Choubey


这篇关于如何在TCP入站层提取数据包?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发语言最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆