Windows网络数据包修改 [英] Windows network packet modification

问题描述

我正在寻找编写一个小程序，该程序将拦截网络数据包(在本地计算机上)并在它们出入网络之前对其进行修改.我还需要能够修改标题，而不仅仅是数据.

I'm looking to write a small program which will intercept network packets (on the local machine) and modify them before they go out on the network. I need to be able to modify the headers as well, not just the data.

我已经研究了几种可能性，但是不确定哪种是最佳选择.那里有开源的数据包过滤器，但是过滤似乎只能允许或拒绝数据包，而不能过滤其他任何东西.

I've already looked through several possibilities but am unsure which one is best to pursue. There are open source packet filters out there, but filtering only seems to be able to either allow or reject packets, not much else.

另一种解决方案是编写NDIS中间驱动程序，但是编写驱动程序超出了我的范围.甚至WinDDK中简单的直通示例也有数千行.我也不希望被迫不断地重新安装驱动程序并重新启动以测试我的代码.

The other solution would be to write an NDIS intermediate driver, but writing drivers is a beyond me. Even the simple pass-thru example in the WinDDK is thousands of lines. I'm also not looking forward to having to constantly reinstall a driver and reboot to test my code.

理想情况下，我希望该程序独立存在，而不依赖于安装第三方驱动程序/软件/任何工具.

I'd ideally like the program to be self contained, and not rely on the installation of 3rd party drivers/software/whatever.

因此，如果您能向我指出正确的方向，请以我的方式抛出一些有用的链接，无论如何，我将不胜感激.

So if you people could point me in the right direction, throw some helpful links my way, whatever, I'd appreciate it.

推荐答案

取决于要过滤/修改的数据包类型.

Depends what kind of packets do you want to filter/modify.

如果您正在进行应用程序级过滤，并且想使用HTTP或类似的数据包，那么最好的选择就是LSP.但是请注意，遵循此路径具有某些缺点.首先，MS似乎正试图摆脱这种技术，Windows 7徽标要求中的IIRC的一部分是您的产品中没有LSP"，他们似乎正在推广

If you're after application-level filtering, and want to get your hands on HTTP or similar packets, your best bet would probably be an LSP. Note however, following this path has certain disadvantages. First MS seems to be trying to get rid of this technology, and IIRC a part of Windows 7 logo requirements is "no LSP in your product", they seem to be promoting the Windows Filtering Platform. Second, you'd be very surprised with how much trouble you're getting into in terms of 3rd party LSP compatibility. Third, a very dummy LSP is still around 2 KLOC :)

如果您要对IP级别的数据包进行过滤，则需要购买驱动程序.

If you're after an IP level packet filtering you'd need to go for a driver.

Windows筛选平台为您提供两种情况下所需的功能.但是，它仅在Windows Vista和更高版本的产品上可用，因此那里没有XP.要考虑的另一件事是，WFP仅能够在用户域中允许/拒绝数据包，并且，如果您需要对其进行修改，则需要进入内核模式. (至少在当时情况是什么样的情况下，也许他们现在已经有所改善了.)

Windows Filtering Platform provides you with functionality needed in either case. However, it's only available on Windows Vista and later products, so no XP there. Another thing to take into consideration, WFP was only capable of allow/reject packets in user-land, and if you need to modify them, you'd need to go kernel-mode. (At least that what the situation was at the time it appeared, maybe they've improved something by now).

这篇关于Windows网络数据包修改的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！