i’m writing some sort of firewall.
for now it’s just slightly modified passthru example from ddk.
my goal - block all traffic except one particular destination address, but i don’t know how to get destination from packet.
i understand that ndis intermediate driver below ip, so this destination info won’t be ip address.
but still, packet must contain some sort of target information, right ?
You should know ethernet packet and ip packet format . TCP/IP
illustrated vol1 is what you want.
2010/7/19 sergey pisarev : > Good day everyone ! > > i’m writing some sort of firewall. > for now it’s just slightly modified passthru example from ddk. > > my goal - block all traffic except one particular destination address, but i don’t know how to get destination from packet. > > i understand that ndis intermediate driver below ip, so this destination info won’t be ip address. > but still, packet must contain some sort of target information, right ? > — > NTDEV is sponsored by OSR > > For our schedule of WDF, WDM, debugging and other seminars visit: > http://www.osr.com/seminars > > To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer >
You should know ethernet packet and ip packet format . TCP/IP
illustrated vol1 is what you want.
2010/7/19 sergey pisarev : >> Good day everyone ! >> >> i’m writing some sort of firewall. >> for now it’s just slightly modified passthru example from ddk. >> >> my goal - block all traffic except one particular destination address, but i don’t know how to get destination from packet. >> >> i understand that ndis intermediate driver below ip, so this destination info won’t be ip address. >> but still, packet must contain some sort of target information, right ? >> — >> NTDEV is sponsored by OSR >> >> For our schedule of WDF, WDM, debugging and other seminars visit: >> http://www.osr.com/seminars >> >> To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer >> > > — > NTDEV is sponsored by OSR > > For our schedule of WDF, WDM, debugging and other seminars visit: > http://www.osr.com/seminars > > To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
From: “yushang” Sent: Monday, July 19, 2010 3:52 AM To: “Windows System Software Devs Interest List” Subject: Re: [ntdev] extract destination from NDIS_PACKET
> You should know ethernet packet and ip packet format . TCP/IP > illustrated vol1 is what you want. > > 2010/7/19 sergey pisarev : >> Good day everyone ! >> >> i’m writing some sort of firewall. >> for now it’s just slightly modified passthru example from ddk. >> >> my goal - block all traffic except one particular destination address, >> but i don’t know how to get destination from packet. >> >> i understand that ndis intermediate driver below ip, so this destination >> info won’t be ip address. >> but still, packet must contain some sort of target information, right ? >> — >> NTDEV is sponsored by OSR >> >> For our schedule of WDF, WDM, debugging and other seminars visit: >> http://www.osr.com/seminars >> >> To unsubscribe, visit the List Server section of OSR Online at >> http://www.osronline.com/page.cfm?name=ListServer >> > > — > NTDEV is sponsored by OSR > > For our schedule of WDF, WDM, debugging and other seminars visit: > http://www.osr.com/seminars > > To unsubscribe, visit the List Server section of OSR Online at > http://www.osronline.com/page.cfm?name=ListServer
From: “yushang” > Sent: Monday, July 19, 2010 3:52 AM > To: “Windows System Software Devs Interest List” > Subject: Re: [ntdev] extract destination from NDIS_PACKET > >> You should know ethernet packet and ip packet format . TCP/IP >> illustrated vol1 is what you want. >> >> 2010/7/19 sergey pisarev : >>> Good day everyone ! >>> >>> i’m writing some sort of firewall. >>> for now it’s just slightly modified passthru example from ddk. >>> >>> my goal - block all traffic except one particular destination address, but i don’t know how to get destination from packet. >>> >>> i understand that ndis intermediate driver below ip, so this destination info won’t be ip address. >>> but still, packet must contain some sort of target information, right ? >>> — >>> NTDEV is sponsored by OSR >>> >>> For our schedule of WDF, WDM, debugging and other seminars visit: >>> http://www.osr.com/seminars >>> >>> To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer >>> >> >> — >> NTDEV is sponsored by OSR >> >> For our schedule of WDF, WDM, debugging and other seminars visit: >> http://www.osr.com/seminars >> >> To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer > > > — > NTDEV is sponsored by OSR > > For our schedule of WDF, WDM, debugging and other seminars visit: http://www.osr.com/seminars > > To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
Write a Windows Filtering Platform driver as you will find in
\WinDDK<version>\src\network\general\trans, specify the layer, ALE/STREAM you and to filter, the IP address you want to permit and boom you’re done. Or, you don’t need a driver, simply follow msnfilter in the same path and do it in your application.
-----Original Message----- From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of sergey pisarev Sent: Monday, July 19, 2010 1:38 AM To: Windows System Software Devs Interest List Subject: [ntdev] extract destination from NDIS_PACKET
Good day everyone !
i’m writing some sort of firewall. for now it’s just slightly modified passthru example from ddk.
my goal - block all traffic except one particular destination address, but i don’t know how to get destination from packet.
i understand that ndis intermediate driver below ip, so this destination info won’t be ip address. but still, packet must contain some sort of target information, right ? — NTDEV is sponsored by OSR
WFP is great, but we need solution for pre-vista too
On Jul 19, 2010, at 6:03 PM, Gary G. Little wrote:
Write a Windows Filtering Platform driver as you will find in
\WinDDK<version>\src\network\general\trans, specify the layer, ALE/STREAM > you and to filter, the IP address you want to permit and boom you’re done. > Or, you don’t need a driver, simply follow msnfilter in the same path and do > it in your application. > > Gary G. Little > H (952) 223-1349 > C (952) 454-4629 > xxxxx@comcast.net > > -----Original Message----- > From: xxxxx@lists.osr.com > [mailto:xxxxx@lists.osr.com] On Behalf Of sergey pisarev > Sent: Monday, July 19, 2010 1:38 AM > To: Windows System Software Devs Interest List > Subject: [ntdev] extract destination from NDIS_PACKET > > Good day everyone ! > > i’m writing some sort of firewall. > for now it’s just slightly modified passthru example from ddk. > > my goal - block all traffic except one particular destination address, but i > don’t know how to get destination from packet. > > i understand that ndis intermediate driver below ip, so this destination > info won’t be ip address. > but still, packet must contain some sort of target information, right ? > — > NTDEV is sponsored by OSR > > For our schedule of WDF, WDM, debugging and other seminars visit: > http://www.osr.com/seminars > > To unsubscribe, visit the List Server section of OSR Online at > http://www.osronline.com/page.cfm?name=ListServer > > > — > NTDEV is sponsored by OSR > > For our schedule of WDF, WDM, debugging and other seminars visit: > http://www.osr.com/seminars > > To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
> my goal - block all traffic except one particular destination address,
Are you trying to implement IP tunnelling? In such case I would suggest investigating MUX, rather than filter, option…
but i don’t know how to get destination from packet.
WEll, I am afraid your chances are pretty slim then -NDIS is not-so-well-documented, so that writing NDIS drivers requires the ability to investigate things on your own…