I want to write a personal firewall

Hello everyone,

I want to write a personal firewall on windows 9x/nt/2k/me. I want to
intercept tcp/ip packets with a filter driver. Because I want to deal with
ICMP packets by myself, so my filter must be placed lowly in network driver
stack. Maybe, it should be placed between tdi driver and ndis driver. Is
this a right way?
I need some reference about ndis and tdi, such as the name of device
created for upper and lower.
Thankyou very much!

best regards
lizhiwei
leezhiwei@263.net


You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

See the URL http: for a diagram
that illustrates some of the possibilities for implementing firewalls. There
are a variety of solutions.

However, there is no single solution that will work across all platforms.

TDI Filter
=======
A TDI Filter is a device driver that is logically “immediately above” the
ring-0 TCP/IP driver.

On Windows NT and Windows 2000 a TDI filter is a layered device driver
attached to “\Device\Tcp” and “\Device\Udp”.

On Windows 95 through Windows Me the ring-0 TCP/IP driver exports its
functionality as VxD services and other function pointer tables. On those
platforms a TDI filter is a VxD that “hooks” these services using the
Hook_Device_Service. See Windows 98 DDK for documentation about TDI on these
platforms. Also see the TDI FAQ at:

http:

for some additional information about TDI on Windows 9X.

NDIS Intermediate (IM) Driver
======================
A NDIS Intermediate Driver is a special type of NDIS driver that can be used
as a filter immediately below the ring-0 TCP/IP driver. They work OK on
Windows NT and Windows 2000. Although they can be made to work on Windows
98 and Windows Me, there are difficulties because of the lack of complete
documentation from Microsoft and the fact that the Microsoft Dialup Adapter
uses undocumented proprietary API that is difficult to filter.

NDIS Pseudo-Intermediate (PIM) Driver
==============================
This type of driver is similar to a NDIS Intermediate driver. However, it
operates by hooking certain functions exported by the NDIS wrapper.

This provides an effective and documented mechanism to filter packets
immediately below the ring-0 TCP/IP driver on the Windows 95 through Windows
Me platforms. It also works fine with the Dialup adapter.

Hope this helps.

Regards,

Thomas F. Divine

PCAUSA - Toolkits & Resources For Network Software Developers
NDIS Protocol - NDIS Intermediate - TDI Client
http: - http:

----- Original Message -----
From:
To: NT Developers Interest List
Sent: Saturday, February 17, 2001 9:00 PM
Subject: [ntdev] I want to write a personal firewall

>
> Hello everyone,
>
> I want to write a personal firewall on windows 9x/nt/2k/me. I want to
> intercept tcp/ip packets with a filter driver. Because I want to deal with
> ICMP packets by myself, so my filter must be placed lowly in network
driver
> stack. Maybe, it should be placed between tdi driver and ndis driver. Is
> this a right way?
> I need some reference about ndis and tdi, such as the name of device
> created for upper and lower.
> Thankyou very much!
>
> best regards
> lizhiwei
> leezhiwei@263.net
>
>
>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@pcausa.com
> To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com


You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com</http:></http:></http:></http:>