I am interested in programming a basic firewall that blocks packets according to user-defined rules.
我有兴趣编写一个基本防火墙,根据用户定义的规则阻止数据包。
Basically, I already programmed the part that deals with the rules and everything is okay, but now I'm supposed to implement the firewall itself (the hard part, I guess).
基本上,我已经编写了处理规则的部分,一切都没问题,但现在我应该实现防火墙本身(我猜这很难)。
I searched a lot, and found a couple of links full of details e.g this and this. The second (Windows Filtering Platform) seems most relevant, now, there doesn't seem to be any data about ACTUALLY getting started, the code snippets in the site (well, in this specific subject) don't explain the subject all too well.
我搜索了很多,发现了一些充满细节的链接,例如这个和这个。第二个(Windows过滤平台)似乎最相关,现在,似乎没有关于ACTUALLY入门的任何数据,网站中的代码片段(嗯,在这个特定的主题)并不能很好地解释这个主题。
I would like to know simply how to block a packet matching a certain rule, so that includes a couple of stages:
我想知道如何阻止匹配某个规则的数据包,因此包括几个阶段:
-
Listening for ANY incoming packets, all ports, IPs and protocols.
侦听任何传入数据包,所有端口,IP和协议。
-
Checking if the packet matches the certain rules.
检查数据包是否符合特定规则。
-
If it does match, let it through. If it doesn't, capture it and block it over there.
如果匹配,请通过。如果没有,捕获它并在那里阻止它。
Now, stage 2 is actually already programmed, I just need to match it according to stage 1 (what class/structure is used to represent the packet). I'm not sure about doing stage 1, and stage 3.
现在,第2阶段实际上已经编程,我只需要根据阶段1匹配它(用什么类/结构来表示数据包)。我不确定做第1阶段和阶段3。
First, how do I even listen to ALL of the connections in the computer?
首先,我如何监听计算机中的所有连接?
Second, how do I manage the packet I captured, letting it through OR blocking it.
其次,我如何管理我捕获的数据包,让它通过OR阻止它。
Help would be much appreciated. I mean raw WinAPI, but if there's a certain good API that works on windows (8, in specific) I'd be happy to test it.
非常感谢帮助。我的意思是原始的WinAPI,但如果有一个适用于Windows的特定API(8,具体而言),我很乐意测试它。
1 个解决方案
#1
1
Well, you're right - you've left the hard part to last :-)
嗯,你是对的 - 你已经离开了困难的部分:-)
You need to write a network driver to position itself in the network stack to intercept packets from the network card and then filter them. There are ways to get round this (eg using the packet injection functions) but they;re almost as hard as writing your own driver.
您需要编写一个网络驱动程序,将自己定位在网络堆栈中,以拦截来自网卡的数据包,然后对其进行过滤。有一些方法可以解决这个问题(例如使用数据包注入功能),但它们几乎与编写自己的驱动程序一样困难。
There are open source drivers you could look at - winpcap is the one most people are familiar with as it is the packet capture driver used by Wireshark.
你可以看一下开源驱动程序 - winpcap是大多数人都熟悉的,因为它是Wireshark使用的数据包捕获驱动程序。
#1
1
Well, you're right - you've left the hard part to last :-)
嗯,你是对的 - 你已经离开了困难的部分:-)
You need to write a network driver to position itself in the network stack to intercept packets from the network card and then filter them. There are ways to get round this (eg using the packet injection functions) but they;re almost as hard as writing your own driver.
您需要编写一个网络驱动程序,将自己定位在网络堆栈中,以拦截来自网卡的数据包,然后对其进行过滤。有一些方法可以解决这个问题(例如使用数据包注入功能),但它们几乎与编写自己的驱动程序一样困难。
There are open source drivers you could look at - winpcap is the one most people are familiar with as it is the packet capture driver used by Wireshark.
你可以看一下开源驱动程序 - winpcap是大多数人都熟悉的,因为它是Wireshark使用的数据包捕获驱动程序。