过滤样本以重定向数据包 [英] Filter sample to redirect packet

问题描述

大家好，

Hello everyone,

我是开发驱动程序的新手，我想修改示例NDIS过滤器驱动程序，以便它将传入的数据包重定向到另一个IP.

I'm new to developping drivers and I wanted to modify the Sample NDIS filter driver so that it redirects incomming packet to a different IP.

现在我真的不太了解IP在NET_BUFFER中的位置，但是在另一个线程中，我发现了这一点:

Now I don't really understand where the IP is located in the NET_BUFFER, but in another thread I found this:

在INBOUND_IPPACKET处-

At INBOUND_IPPACKET --

按inMetaValues的大小撤消原始NBL/NB-> ipHeaderSize

Retreat oiginal NBL/NB by size of inMetaValues->ipHeaderSize

推荐答案

我建议使用WFP，并在FWPM_LAYER_INBOUND_IPPACKET层.这个概念是相同的，除了WFP保证(在大多数情况下)您在NBL中所处的位置.即在INBOUND_IPPACKET，您就是 传输标题的开始.这意味着您需要缩小IPHeader的大小.对于WFP，在当前层，您需要克隆NBL，修改克隆并注入它.

I'd recommend using WFP, and perform your redirection at the FWPM_LAYER_INBOUND_IPPACKET layers.  The concept is the same, except WFP makes guarantees (in most cases) where in the NBL you are at.  i.e. at INBOUND_IPPACKET, you are are the start of the Transport Header.  This means you need to retreat the size of the IPHeader.  For WFP, at the current layers, you need to clone the NBL, modify the clone, and inject it.

WFP提供了一个丰富的仲裁模型，该模型允许多个网络安全厂商相互配合. WFP还提供了用于重新计算校验和的API.

http://msdn.microsoft.com/en-us/library/aa366510 (v = VS.85).aspx

WFP offers a rich arbitration model which allows multiple network security vendors to coincide with one another.  WFP supplies an API for re-calculating the checksums as well.

http://msdn.microsoft.com/en-us/library/aa366510(v=VS.85).aspx

数据包修改示例:
    http://msdn.microsoft.com/zh-cn/library/ff571070(VS.85).aspx

Packet Modification Sample:
     http://msdn.microsoft.com/en-us/library/ff571070(VS.85).aspx

希望这会有所帮助，

这篇关于过滤样本以重定向数据包的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！