Filter hook driver one (Microsoft DDK document, flashsky translation)

zhaozj2021-02-08  310

This chapter describes the filter hook driver. One filter hook driver is a context handling or filtering the network package in an IP filter driver in the operating system, and the filter hook driver extends the function of the IP filter driver. The following topics describe some of the features of the filter hook driver, explain how to establish a filter hook and list a reference information that implements an input / output control code function related to a filter hook driver: 1.1 About the filter hook driver A filter hook driver is one The core mode driver used to filter the network package. The function of the IP filter driver provided by the filter hook driver extension system. A filter hook driver can only be installed on the system after 2000 and after it. Only one filter hook driver can be installed over the system and is used by IP filter driver. If a filter hook driver pointing to an extended hook pointer for an IP filter driver is empty, then he can only register yourself using the IP filter driver. Once a filter hook driver uses an IP filter driver to register ourselves, the IP filter extends to this IP filter extension hook, with this method, this IP filter driver ensures that you can only accept and use a single filter Hook driver.

1.2 Creating a filter hook driver A filter hook driver is built in the package filter API cannot satisfy the filtering network package. User Mode Application Use these API to create and manage the output and input filters provided in the IP filter driver. More API information View SDK. A filter hook driver is developed under the core mode driver. In addition, a filter hook driver completes a filter hook callback function and registering this callback function in the IP filter driver provided by the system. This callback function is considered as a Filter hook. This IP filter driver is used later using this filter hook to determine how to process the package to reach and output.

The following sections will explain how to create a filter hook driver 1.2.1 Creating a filter hook a filter hook is created when performing a function of a packetfilterextensionptr type. When a filter hook driver registers its own filter hook entity pointer in the IP filter driver provided by the system, this filter hook driver provides a symbolic address for his filter hook. Because a filter hook driver provides this address, not Name, this filter hook can choose any name. Of course, good procedural habits are the name of this filter hook with its basic feature. A filter hook gives a specific action to the package and the package, and he sends the IP filter driver to the filter hook to check how the package will be further processed and the specific information reached. After filtering the hook check package, he will use PF_Forward, PF_DROP, or PF_PASS to return to the IP filter driver how to process information: PF_forward specifies that the IP filter driver immediately returns the forward response to the IP stack. For local package, IP forwarding They went to the top. If the package target address is an external machine and the routing allows, IP routing them to correspond to the corresponding route. PF_DROP rules return the IP filter driver immediately returns the DROP response to the IP stack. IP will drop this package. PF_pass regulations to IP filtering The driver filtering this package and returns this result response to the IP stack. The IP filter driver handles this filter package determines how he is doing in the Packet Filtering API. Filter hook If he checks the bag who can't handle him but will allow The IP filter driver is filtered when the filter is filtered. This PASS response is returned.

转载请注明原文地址:https://www.9cbs.com/read-1505.html

New Post(0)