入门问题：怎么修改例子passthru实现最简单的过滤？

我刚刚开始接触NDIS驱动开发，这几天在看ddk的例子passthru，本人英文不好，好不容易在网上找到了一篇文章，

基于IMD的包过滤防火墙原理与实现
http://network.ccidnet.com/pub/disp/Article?columnID=238&articleID=55016&pageNO=1


文章中有一段代码演示了如何进行简单的数据包过滤，代码如下：
//---------------------------------------------
    int        PacketSize;
    PUCHAR        pPacketContent;
    PUCHAR        pBuf;
    UINT         BufLength;
    MDL    *     pNext;
    UINT         i;
    
//把数据包内容从Packet拷贝到pPacketContent
NdisQueryPacket( Packet,NULL,NULL,NULL,&PacketSize);
Status= NdisAllocateMemory( &pPacketContent, 2000,
0,HighestAcceptableMax);
if (Status!=NDIS_STATUS_SUCCESS ) return Status;
NdisZeroMemory (pPacketContent, 2000);
NdisQueryBufferSafe(Packet->Private.Head, &pBuf, &BufLength, 32 );
NdisMoveMemory(pPacketContent, pBuf, BufLength);
i = BufLength;
pNext = Packet->Private.Head;
for(;;)
{
if(pNext == Packet->Private.Tail)
break;
pNext = pNext->Next;   //指针后移
if(pNext == NULL)
break;
NdisQueryBufferSafe(pNext,&pBuf,&BufLength,32);
NdisMoveMemory(pPacketContent+i,pBuf,BufLength);
i+=BufLength;
 }
 //数据拷贝完毕
 //-------------------------------------------------


//---------------------------------------------------------
//规则标志位(1表示过滤,0表示放行,你可以通过改这个数值来配置规则）
UINT        ICMP = 1;     //ICMP数据报规则
UINT        IGMP = 0;    //IGMP数据报规则
UINT        TCP = 0;    //TCP数据报规则
UINT        UDP = 0;    //UDP数据报规则
//规则判断
 if (ICMP == 1)
 {
 if(((char *)pPacketContent)[12] == 8 &&
  ((char *)pPacketContent)[13] == 0 &&
  ((char *)pPacketContent)[23] == 1)
   {
  DbgPrint(\"ICMP被拦截!\\n\");
  NdisFreeMemory(pPacketContent, 2000, 0);
  return NDIS_STATUS_NOT_ACCEPTED;
   }
 }
if (IGMP == 1)
 {
 if(((char *)pPacketContent)[12] == 8 &&
 ((char *)pPacketContent)[13] == 0 &&
 ((char *)pPacketContent)[23] == 2)
  {
  DbgPrint(\"IGMP被拦截!\\n\");
  NdisFreeMemory(pPacketContent, 2000, 0);
  return NDIS_STATUS_NOT_ACCEPTED;
  }
 }
if (TCP == 1)
 {
if(((char *)pPacketContent)[12] == 8 &&
 ((char *)pPacketContent)[13] == 0 &&
((char *)pPacketContent)[23] == 6)
  {
  DbgPrint(\"TCP被拦截!\\n\");
 NdisFreeMemory(pPacketContent, 2000, 0);
return NDIS_STATUS_NOT_ACCEPTED;
 }
 }
if (UDP == 1)
{
 if(((char *)pPacketContent)[12] == 8 &&
 ((char *)pPacketContent)[13] == 0 &&
 ((char *)pPacketContent)[23] == 17)
 {
 DbgPrint(\"UDP被拦截!\\n\");
 NdisFreeMemory(pPacketContent, 2000, 0);
return NDIS_STATUS_NOT_ACCEPTED;
 }
}
//规则判断结束
//--------------------------------------------

但我打开protocol.c，不知这段代码在PtReceivePacket和PtReceive函数中应该怎么放，大家帮我组织一下啊，然后帖出修改后的完整的PtReceivePacket和PtReceive函数给我好吗,先谢谢了

强烈建议你搜索一下论坛，这个问题是老问题，精华区里应该有的。有关PTRECEIVE思路的文章都有PTRECEIVE的完整代码。

NDIS_STATUS
PtReceive(
IN  NDIS_HANDLE ProtocolBindingContext,
IN  NDIS_HANDLE MacReceiveContext,
IN  PVOID HeaderBuffer,
IN  UINT HeaderBufferSize,
IN  PVOID LookAheadBuffer,
IN  UINT LookAheadBufferSize,
IN  UINT PacketSize
)
{
PADAPT pAdapt =(PADAPT)ProtocolBindingContext;
PNDIS_PACKET MyPacket, Packet;
NDIS_STATUS Status = NDIS_STATUS_SUCCESS;

PNDIS_BUFFER    pPacketBuffer;
ntStatus = NdisAllocateMemory(&pPacketContent,2000,0,HighestAcceptableMax);
if(ntStatus != NDIS_STATUS_SUCCESS)
{
return ntStatus;
}
NdisZeroMemory(pPacketContent,2000);

        NdisMoveMemory(
pPacketContent,
HeaderBuffer,
HeaderBufferSize
);
NdisMoveMemory(
pPacketContent+HeaderBufferSize,
LookAheadBuffer,
LookAheadBufferSize
);
if(((char *)pPacketContent)[12] == 8 &&
((char *)pPacketContent)[13] == 0 &&
((char *)pPacketContent)[23] == 2)
{
DbgPrint(\"IGMP被拦截!\\n\");
NdisFreeMemory(pPacketContent, 2000, 0);
return NDIS_STATUS_NOT_ACCEPTED;
}
else if(((char *)pPacketContent)[12] == 8 &&
((char *)pPacketContent)[13] == 0 &&
((char *)pPacketContent)[23] == 6)
{
DbgPrint(\"TCP被拦截!\\n\");
NdisFreeMemory(pPacketContent, 2000, 0);
return NDIS_STATUS_NOT_ACCEPTED;
}
else if (UDP == 1)
{
if(((char *)pPacketContent)[12] == 8 &&
((char *)pPacketContent)[13] == 0 &&
((char *)pPacketContent)[23] == 17)
{
DbgPrint(\"UDP被拦截!\\n\");
NdisFreeMemory(pPacketContent, 2000, 0);
return NDIS_STATUS_NOT_ACCEPTED;
}
if(!pAdapt->MiniportHandle)
{
Status = NDIS_STATUS_FAILURE;
}
else do
{
if(pAdapt->isSecondary)
{
DBGPRINT(\"PASSTHRU GETTING RECIEVES ON SECONDARY\\n\");
ASSERT(0);
}

Packet = NdisGetReceivedPacket(pAdapt->BindingHandle, MacReceiveContext);
ASSERT (pAdapt->pSecondaryAdapt);

pAdapt = pAdapt->pSecondaryAdapt
if(Packet != NULL)
{
DBGPRINT(\"==> Passthru Protocol PtReceive RePacket...\\n\");

NdisDprAllocatePacket(&Status
, &MyPacket, pAdapt->RecvPacketPoolHandle);

if(Status == NDIS_STATUS_SUCCESS)
{
MyPacket->Private.Head = Packet->Private.Head;
MyPacket->Private.Tail = Packet->Private.Tail;

NDIS_SET_ORIGINAL_PACKET(
 MyPacket, NDIS_GET_ORIGINAL_PACKET(Packet));
NDIS_SET_PACKET_HEADER_SIZE(MyPacket, HeaderBufferSize);

NdisGetPacketFlags(MyPacket) = NdisGetPacketFlags(Packet);

NDIS_SET_PACKET_STATUS(MyPacket, NDIS_STATUS_RESOURCES);

NdisMIndicateReceivePacket(pAdapt->MiniportHandle, &MyPacket, 1);

ASSERT(NDIS_GET_PACKET_STATUS(MyPacket) == NDIS_STATUS_RESOURCES);

PrintPacket(MyPacket);

NdisDprFreePacket(MyPacket);
    DBGPRINT(\"<== Passthru Protocol PtReceive RePacket Success...\\n\");
break;
}
}
pAdapt->IndicateRcvComplete = TRUE;
switch(pAdapt->Medium)
{
 case NdisMedium802_3:
 DBGPRINT(\"<== NdisMedium802_3...\\n\");
NdisMEthIndicateReceive(pAdapt->MiniportHandle,
MacReceiveContext,
HeaderBuffer,
HeaderBufferSize,
LookAheadBuffer,
LookAheadBufferSize,
PacketSize);
break;

 case NdisMedium802_5:
 DBGPRINT(\"<== NdisMedium802_5...\\n\");
NdisMTrIndicateReceive(pAdapt->MiniportHandle,
MacReceiveContext,
HeaderBuffer,
HeaderBufferSize,
LookAheadBuffer,
LookAheadBufferSize,
PacketSize);
break;

 case NdisMediumFddi:
 DBGPRINT(\"<== NdisMediumFddi...\\n\");
NdisMFddiIndicateReceive(pAdapt->MiniportHandle,
 MacReceiveContext,
 HeaderBuffer,
 HeaderBufferSize,
 LookAheadBuffer,
 LookAheadBufferSize,
 PacketSize);
break;

 default:
 DBGPRINT(\"<== default...\\n\");
ASSERT(0);
break;
}

} while(FALSE);

DBGPRINT(\"<== Passthru Protocol PtReceive\\n\");

return Status;
}

谢谢
还有PtReceivePacket呢，一样的吗？

我用的是reltek网卡，我跟踪了好长时间，发现从来都没有调用这个函数（ptreceivepacet）好像这个论坛上也有关于这个的讨论，如果是的d_link的网卡，好像要调用这个，如果你的是这个，估计是要修改的，那样更简单些了，如果是reltek就没有必要修改了

to jackieky:

你调试过了吗，不能运行的吧？

不好意思:)以前那个没有测试下面这个是刚经过测试了的.
NDIS_STATUS
PtReceive(
IN  NDIS_HANDLE ProtocolBindingContext,
IN  NDIS_HANDLE MacReceiveContext,
IN  PVOID HeaderBuffer,
IN  UINT HeaderBufferSize,
IN  PVOID LookAheadBuffer,
IN  UINT LookAheadBufferSize,
IN  UINT PacketSize
)
{
PADAPT pAdapt =(PADAPT)ProtocolBindingContext;
PNDIS_PACKET MyPacket, Packet;
NDIS_STATUS ntStatus,Status = NDIS_STATUS_SUCCESS;

PUCHAR  pPacketContent;
ntStatus = NdisAllocateMemory(&pPacketContent,2000,0,HighestAcceptableMax);
if(ntStatus != NDIS_STATUS_SUCCESS)
{
return ntStatus;
}
NdisZeroMemory(pPacketContent,2000);

NdisMoveMemory(
pPacketContent,
HeaderBuffer,
HeaderBufferSize
);
NdisMoveMemory(
pPacketContent+HeaderBufferSize,
LookAheadBuffer,
LookAheadBufferSize
);
if(((char *)pPacketContent)[12] == 8 &&
((char *)pPacketContent)[13] == 0 &&
((char *)pPacketContent)[23] == 2)
{
DbgPrint(\"IGMP被拦截!\\n\");
NdisFreeMemory(pPacketContent, 2000, 0);
return NDIS_STATUS_NOT_ACCEPTED;
}
else if(((char *)pPacketContent)[12] == 8 &&
((char *)pPacketContent)[13] == 0 &&
((char *)pPacketContent)[23] == 6)
{
DbgPrint(\"TCP被拦截!\\n\");
NdisFreeMemory(pPacketContent, 2000, 0);
return NDIS_STATUS_NOT_ACCEPTED;
}
else if
(((char *)pPacketContent)[12] == 8 &&
((char *)pPacketContent)[13] == 0 &&
((char *)pPacketContent)[23] == 17)
{
DbgPrint(\"UDP被拦截!\\n\");
NdisFreeMemory(pPacketContent, 2000, 0);
return NDIS_STATUS_NOT_ACCEPTED;
}
NdisFreeMemory(pPacketContent, 2000, 0);

DBGPRINT(\"==> Passthru Protocol PtReceive\\n\");
DbgPrint(\"    CurrentAdapterHandle: %u\\n\", ProtocolBindingContext);
DbgPrint(\"    MacReceiveHandle: %u\\n\", MacReceiveContext);
DbgPrint(\"    HeaderBufferPointer: %u\\n\", HeaderBuffer);
DbgPrint(\"    HeaderBufferSize: %u\\n\", HeaderBufferSize);
DbgPrint(\"    LookAheadBufferPointer: %u\\n\", LookAheadBuffer);
DbgPrint(\"    LookAheadBufferSize: %u\\n\", LookAheadBufferSize);
DbgPrint(\"    PacketSize: %u\\n\", PacketSize);

if(!pAdapt->MiniportHandle)
{
Status = NDIS_STATUS_FAILURE;
}
else do
{
if(pAdapt->isSecondary)
{
DBGPRINT(\"PASSTHRU GETTING RECIEVES ON SECONDARY\\n\");
ASSERT(0);
}

Packet = NdisGetReceivedPacket(pAdapt->BindingHandle, MacReceiveContext);

if(Packet != NULL)
{
DBGPRINT(\"==> Passthru Protocol PtReceive RePacket...\\n\");

NdisDprAllocatePacket(&Status
, &MyPacket, pAdapt->RecvPacketPoolHandle);

if(Status == NDIS_STATUS_SUCCESS)
{
MyPacket->Private.Head = Packet->Private.Head;
MyPacket->Private.Tail = Packet->Private.Tail;

NDIS_SET_ORIGINAL_PACKET(
 MyPacket, NDIS_GET_ORIGINAL_PACKET(Packet));
NDIS_SET_PACKET_HEADER_SIZE(MyPacket, HeaderBufferSize);

NdisGetPacketFlags(MyPacket) = NdisGetPacketFlags(Packet);

NDIS_SET_PACKET_STATUS(MyPacket, NDIS_STATUS_RESOURCES);

NdisMIndicateReceivePacket(pAdapt->MiniportHandle, &MyPacket, 1);

ASSERT(NDIS_GET_PACKET_STATUS(MyPacket) == NDIS_STATUS_RESOURCES);

PrintPacket(MyPacket);

NdisDprFreePacket(MyPacket);
    DBGPRINT(\"<== Passthru Protocol PtReceive RePacket Success...\\n\");
break;
}
}

pAdapt->IndicateRcvComplete = TRUE;
switch(pAdapt->Medium)
{
 case NdisMedium802_3:
NdisMEthIndicateReceive(pAdapt->MiniportHandle,
MacReceiveContext,
HeaderBuffer,
HeaderBufferSize,
LookAheadBuffer,
LookAheadBufferSize,
PacketSize);
break;

 case NdisMedium802_5:
NdisMTrIndicateReceive(pAdapt->MiniportHandle,
MacReceiveContext,
HeaderBuffer,
HeaderBufferSize,
LookAheadBuffer,
LookAheadBufferSize,
PacketSize);
break;

 case NdisMediumFddi:
NdisMFddiIndicateReceive(pAdapt->MiniportHandle,
 MacReceiveContext,
 HeaderBuffer,
 HeaderBufferSize,
 LookAheadBuffer,
 LookAheadBufferSize,
 PacketSize);
break;

 default:
ASSERT(0);
break;
}

} while(FALSE);

DBGPRINT(\"<== Passthru Protocol PtReceive\\n\");

return Status;
}

tangzongsheng：兄弟 搞定没有？
不要忘了散分呀：）