如何在TCP入站层提取数据包? [英] How to extract packet at TCP inbound layer?
问题描述
我是第一次开发WFP驱动程序。高级体系结构是:具有IP过滤器的协议TCP应用于TCP入站和出站层。 过滤器在Out界面正常工作正常,但我在In bound层遇到问题。
如果我的wfp驱动程序收到SYN + ACK TCP数据包,那么NET_BUFFER_DATA_LENGTH总会返回0。
这是正确的行为吗?
我认为应该在NET_BFFER_LIST的每个传入NetBuffer上完成撤退。
克隆NetBufferList并为每个克隆NetBufferList的NetBuffer调用以下代码。
代码片段为:
char pBuffer [ 1500] ="";
  status = NdisRetreatNetBufferDataStart(
pClonedNetBuffer,
(pPendedPkt - > IpHeaderSize + pPendedPkt-> TransportHeaderSize),
0,
NULL
);
pktLen =(pPendedPkt-> IpHeaderSize + pPendedPkt-> TransportHeaderSize);
  pDst =(PUCHAR)pBuffer;
  pSrc = NdisGetDataBuffer(pNetBuffer,pktLen pDst,1,0);
if(pSrc == NULL)
      {
          NdisAdvanceNetBufferDataStart(pClonedNetBuffer,
(pPendedPkt-> IpHeaderSize + pPendedPkt-> TransportHeaderSize),
FALSE,
0
);
         返回0;
          }
      if(pSrc!= pDst)
          {
          RtlCopyMemory((PUINT8)pBuffer,pSrc,pktLen);
          } b $ b
我希望,pBuffer应该有完整的完整IP包,但我从来没有得到它。
<你能告诉我在哪里做错了吗?
问候,
Anand Choubey
我得到了解决方案。应该在克隆网络缓冲区列表之前完成撤退。
您能解释为什么在克隆之前应该进行撤退吗?
问候,
Anand Choubey
Hi,
I am developing WFP driver first time. High level architecture is: Protocol TCP with IP filter is applied at TCP Inbound and Outbound layers. Filter is working fine at Out bound layer fine but I am facing issue at In bound layer.
If my wfp driver receives SYN+ACK TCP packet then NET_BUFFER_DATA_LENGTH always returns 0.
Is it right behaviour?
I figure out Retreat should be done on every incoming NetBuffer of NET_BFFER_LIST.
NetBufferList is cloned and calling following piece of code for each NetBuffer of Cloned NetBufferList.
Code snippet is:
char pBuffer[1500] = "";
status = NdisRetreatNetBufferDataStart(
pClonedNetBuffer,
(pPendedPkt->IpHeaderSize + pPendedPkt->TransportHeaderSize),
0,
NULL
);
pDst = (PUCHAR)pBuffer;
pSrc = NdisGetDataBuffer(pNetBuffer, pktLen pDst, 1, 0);
if (pSrc == NULL)
{
NdisAdvanceNetBufferDataStart(pClonedNetBuffer,
(pPendedPkt->IpHeaderSize + pPendedPkt->TransportHeaderSize),
FALSE,
0
);
return 0;
}
if (pSrc != pDst)
{
RtlCopyMemory((PUINT8)pBuffer, pSrc, pktLen);
}
I expect, pBuffer should have complete complete IP packet but I never get it.
Could you please let me know where I am doing wrong?
Regards,
Anand Choubey
Hi,
I got the solution. Retreat should be done before cloning the net buffer list.
Could you please explain why retreat should be done before cloning?
Regards,
Anand Choubey
这篇关于如何在TCP入站层提取数据包?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!