|
阅读:1790回复:1
TDI过滤驱动源码tdifw接收数据重复问题
我用的是开源tdi防火墙tdifw-1.4.4。
没有改动什么地方,就是在tdi_event_chained_receive中加了打印接收数据包的信息: NTSTATUS tdi_event_chained_receive( IN PVOID TdiEventContext, IN CONNECTION_CONTEXT ConnectionContext, IN ULONG ReceiveFlags, IN ULONG ReceiveLength, IN ULONG StartingOffset, IN PMDL Tsdu, IN PVOID TsduDescriptor) { TDI_EVENT_CONTEXT *ctx = (TDI_EVENT_CONTEXT *)TdiEventContext; PFILE_OBJECT connobj = ot_find_conn_ctx(ctx->fileobj, ConnectionContext); NTSTATUS status = STATUS_SUCCESS; PCHAR packet_buffer = Tsdu->StartVa; //数据包起始地址 ULONG packet_count = Tsdu->ByteCount; //数据包总长度 packet_count -= 54; //减去以太头IP头TCP头部 if (packet_count <= 0) return status; packet_buffer += 54; //跳过以太头IP头TCP头部 KdPrint(("[++++] tdi_event_chained_receive ReceiveLength: %d Tsdu->ByteCount: %d\n", ReceiveLength, Tsdu->ByteCount)); //打印出网络数据包的前五个字节 KdPrint(("[++++] %02x %02x %02x %02x %02x \n", packet_buffer[0], packet_buffer[1], packet_buffer[2], packet_buffer[3], packet_buffer[4])); 用POP3进行接收测试,发现有相邻的两个数据包内容是一样的,但是他们的长度是不同的。输出如下: [++++] tdi_event_chained_receive ReceiveLength: 1460 Tsdu->ByteCount: 1514 [++++] 2b 4f 4b 20 31 [++++] tdi_event_chained_receive ReceiveLength: 1460 Tsdu->ByteCount: 1514 [++++] 2b 4f 4b 20 31 [++++] tdi_event_chained_receive ReceiveLength: 552 Tsdu->ByteCount: 606 [++++] 72 43 42 37 5a [++++] tdi_event_chained_receive ReceiveLength: 1460 Tsdu->ByteCount: 1514 [++++] 72 43 42 37 5a [++++] tdi_event_chained_receive ReceiveLength: 1460 Tsdu->ByteCount: 1514 [++++] 6b 4c 69 44 71 [++++] tdi_event_chained_receive ReceiveLength: 552 Tsdu->ByteCount: 606 [++++] 6b 4c 69 44 71 这些长度跟我用Wireshark捕获的包长度是一致的,但是内容却不对。为什么相邻的数据包内容会一样呢? PS:这里的输出为了方便我只输出前面的五个字节,我也试过把每个接收数据包导出为文件,相邻的文件内容是一样的。 |
|
|
沙发#
发布于:2011-10-04 16:13
debug中看各个变量的值,发现要取另外一个变量的值才能得到正确的数据包:
packet_buffer = Tsdu->MappedSystemVa; //就是这里! 不是原来的StartVa packet_buffer += StartingOffset; 感谢诸位! |
|