Hi every one…
-In what layer does the Filter hook driver works…
-Can i use it to filter each packets sent and received… including non
visible (to TDI client driver) ICMP packets.
-what are the Advantages and Disadvantages of using Win2k filter Hooks
-what is the problem with firewall hooks.
thanks in advance.
Hi Hazeem,
see inlines.
Good Luck
From: “Hazem K”
>Reply-To: “NT Developers Interest List”
>To: “NT Developers Interest List”
>Subject: [ntdev] Questions About win2k filter Hook
>Date: Sat, 3 May 2003 03:52:47 -0400
>
>Hi every one…
>
>-In what layer does the Filter hook driver works…
[yogi]The filter-hook driver reference documents the callback function that is implemented by a filter-hook driver and the I/O control (IOCTL) that the filter-hook driver uses to register such a callback function. The filter-hook driver’s callback function is also known as a filter hook. The Internet Protocol (IP) filter driver that is supplied with the system uses a filter hook to determine whether to either forward or drop incoming and outgoing packets.
A filter-hook driver supplies the symbolic address of its filter hook to register the filter hook’s entry point with the system-supplied IP filter driver. The filter hook is defined by the PacketFilterExtensionPtr data type. Because a filter-hook driver supplies the address, and not the name, of its filter hook entry point, driver developers are free to name the filter hook whatever they wish.
>-Can i use it to filter each packets sent and received… including non-visible (to TDI client driver) ICMP packets.
[yogi] yes, you can because it is at very lower level as in the IP.
>-what are the Advantages and Disadvantages of using Win2k filter Hooks
>-what is the problem with firewall hooks.
[yogi] For which fire-wall u are talkin abt TDI or Intermediate?
>
>thanks in advance.
>
>—
>You are currently subscribed to ntdev as: xxxxx@hotmail.com
>To unsubscribe send a blank email to xxxxx@lists.osr.com
IIFA Awards. Vote now. Celebrate Indian cinema
Thanks alot yogi…
I was asking what are the advantages and disadvanteges on using
Filter-Hook driver instead of a NDIS(im) or a TDI-Client driver for
building a personal firewall programm,
and also I read that Microsoft don´t recomend its use (Filter-hooks)
because “it ran too high in the network stack”.!
whats the meaning of that?
also in the online 2000 DDK it was written:
“To provide firewall functionality on Windows XP and later, you should
create an NDIS intermediate miniport driver to manage packets sent and
received across a firewall.” so why?
thanks in advance.
xxxxx@popmail.com
> ----------
From: xxxxx@popmail.com[SMTP:xxxxx@popmail.com]
Reply To: xxxxx@lists.osr.com
Sent: Saturday, May 03, 2003 10:29 PM
To: xxxxx@lists.osr.com
Subject: [ntdev] Re: Questions About win2k filter Hookand also I read that Microsoft don?t recomend its use (Filter-hooks)
because “it ran too high in the network stack”.!
whats the meaning of that?
One of firewall purposes is to protect TCPIP driver from attacks. You can’t
if you’re called from TcpIp driver as in filter hooks case. Also, I’m not
sure if encryption i.e. change whole packet contents and size is even
possible there. Note for example IPSEC encryption always extends packet
size.
also in the online 2000 DDK it was written:
“To provide firewall functionality on Windows XP and later, you should
create an NDIS intermediate miniport driver to manage packets sent and
received across a firewall.” so why?
I don’t know too much about filter hooks to answer but in this case I would
trust recomendation.
Best regards,
Michal Vodicka
STMicroelectronics Design and Application s.r.o.
[michal.vodicka@st.com, http:://www.st.com]