Hi guys there,
I’m new to device driver development under winnt and win2000. I would like
to write a driver to hook TCPIP Packets (something like a personal
firewall). Which is the best way to do it? Writing a TCPIP Filter driver
(with an TDI upper end) or an NDIS intermediate driver or maybe something
else?
I appreciate your help…
thanks in advance
Johnny
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com
If you actually are interested in filtering packets on a per-packet basis,
then a NDIS Intermediate (IM) driver (immediately below the kernel-mode
TCP/IP driver) is the solution.
If you are interested in filtering TCP connections, stream data and UDP
datagrams, then a Transport Data Interface (TDI) filter (immediately above
the kernel TCP/IP driver) is the solution. At this point you filter
operations like “send”, “receive” and have a little more visibility as to
the higher-level process that is sending or receiving data.
You may actually need both kinds of filters to do a complete job.
See http:
Good luck,
Thomas F. Divine
PCAUSA - Toolkits & Resources For Network Software Developers
NDIS Protocol - NDIS Intermediate - TDI Client
http: - http:
----- Original Message -----
From: Johnny Habibi
To: NT Developers Interest List
Sent: Tuesday, April 24, 2001 6:48 PM
Subject: [ntdev] Filtering TCPIP Packets
> Hi guys there,
>
> I’m new to device driver development under winnt and win2000. I would like
> to write a driver to hook TCPIP Packets (something like a personal
> firewall). Which is the best way to do it? Writing a TCPIP Filter driver
> (with an TDI upper end) or an NDIS intermediate driver or maybe something
> else?
>
>
> I appreciate your help…
>
> thanks in advance
>
> Johnny
>
—
You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com</http:></http:></http:>
thanks thomas,
…will the approach with TCPIP Filtering (TDI upper end) also work under
win98 or winME??? (because of VxD)???
regards
Johnny
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com
----- Original Message -----
From: Johnny Habibi
To: NT Developers Interest List
Sent: Wednesday, April 25, 2001 7:48 AM
Subject: [ntdev] Re: Filtering TCPIP Packets
>
> thanks thomas,
>
> …will the approach with TCPIP Filtering (TDI upper end) also work under
> win98 or winME??? (because of VxD)???
>
Yes it will work on Windows 9X and Me. The logic is the same, but the
implementation is different.
Thomas F. Divine
PCAUSA - Toolkits & Resources For Network Software Developers
NDIS Protocol - NDIS Intermediate - TDI Client
http: - http:
—
You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com</http:></http:>
> firewall). Which is the best way to do it? Writing a TCPIP Filter driver
(with an TDI upper end) or an NDIS intermediate driver or maybe something
NDIS intermediate is a right way.
Your driver must install itself below the IP stack and above the NIC driver.
This is what NDIS IMs are for.
Max
You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com
Hi Max,
what about TCPIP Filter driver at TDI Level???
Thanks
Johnny
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Maxim S. Shatskih
Sent: Wednesday, April 25, 2001 3:28 PM
To: NT Developers Interest List
Subject: [ntdev] Re: Filtering TCPIP Packets
firewall). Which is the best way to do it? Writing a TCPIP Filter driver
(with an TDI upper end) or an NDIS intermediate driver or maybe something
NDIS intermediate is a right way.
Your driver must install itself below the IP stack and above the NIC driver.
This is what NDIS IMs are for.
Max
You are currently subscribed to ntdev as: xxxxx@yahoo.de
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com
> ----------
From: Maxim S. Shatskih[SMTP:xxxxx@storagecraft.com]
Reply To: NT Developers Interest List
Sent: Wednesday, April 25, 2001 3:27 PM
To: NT Developers Interest List
Subject: [ntdev] Re: Filtering TCPIP Packets
> firewall). Which is the best way to do it? Writing a TCPIP Filter driver
> (with an TDI upper end) or an NDIS intermediate driver or maybe
something
NDIS intermediate is a right way.
Your driver must install itself below the IP stack and above the NIC
driver.
This is what NDIS IMs are for.
Right, I also believe it is the best way for firewall. It can shield TCP
stack against all these malformed packets used for DOS attacks which usually
cause BSOD in tcpip.sys. Firewall must be written properly and resistant
against these attacks. Not easy game.
There is yet another possibility in w2k – IP filter driver. It is
documented some way and I think somebody here wrote an example. It can be
easier to implement (no problems with IP fragmentation) but because called
from tcpip.sys, it doesn’t have above mentioned property. I haven’t written
this type of driver so correct me if I’m wrong in some point.
Best regards,
Michal Vodicka
Veridicom
(RKK - Skytale)
[WWW: http://www.veridicom.com , http://www.skytale.com]
You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com