|
阅读:3140回复:1
ndisfilter的菜鸟问题
根据WDK6000的例子做的
VOID FilterSendNetBufferLists( IN NDIS_HANDLE FilterModuleContext, IN PNET_BUFFER_LIST NetBufferLists, IN NDIS_PORT_NUMBER PortNumber, IN ULONG SendFlags ) { PMS_FILTER pFilter = (PMS_FILTER)FilterModuleContext; NDIS_STATUS Status = NDIS_STATUS_SUCCESS; PNET_BUFFER_LIST CurrNbl; BOOLEAN DispatchLevel; //这里开始分析PNET_BUFFER_LIST指向的网络数据,并显示如何获得MAC地址 PNET_BUFFER_LIST pNetBufList,pNextNetBufList; PMDL pMdl; PNDISPROT_ETH_HEADER pEthHeader = NULL; PIP_HEADER pIPHeader=NULL; ULONG TotalLength,Offset,BufferLength; char srcip[16] = {'\0'}; char destip[16] = {'\0'}; pNetBufList = NetBufferLists; while (pNetBufList != NULL) { pNextNetBufList = NET_BUFFER_LIST_NEXT_NBL (pNetBufList); //得到当前和包相关的MDL,MDL里即MAC帧,详细的NET_BUFFER_LIST结构请参阅微软相关文档 pMdl = NET_BUFFER_CURRENT_MDL(NET_BUFFER_LIST_FIRST_NB(pNetBufList)); TotalLength = NET_BUFFER_DATA_LENGTH(NET_BUFFER_LIST_FIRST_NB(pNetBufList)); Offset = NET_BUFFER_CURRENT_MDL_OFFSET(NET_BUFFER_LIST_FIRST_NB(pNetBufList)); BufferLength = 0; do { ASSERT(pMdl != NULL); if (pMdl) { NdisQueryMdl( pMdl, &pEthHeader, &BufferLength, NormalPagePriority); } if (pEthHeader == NULL) { BufferLength = 0; break; } if (BufferLength == 0) { break; } ASSERT(BufferLength > Offset); BufferLength -= Offset; pEthHeader = (PNDISPROT_ETH_HEADER)((PUCHAR)pEthHeader + Offset); pIPHeader = (PIP_HEADER)((PUCHAR)pEthHeader +14); if(pEthHeader->EthType == 0x8 ) { DbgPrint("srcip:%x\n",ntohl(pIPHeader->iph_src)); DbgPrint("dstip:%x\n",ntohl(pIPHeader->iph_dest)); DbgPrint("\n"); if (BufferLength < sizeof(NDISPROT_ETH_HEADER)) { break; } } }while (FALSE); pNetBufList = pNextNetBufList; } DEBUGP(DL_TRACE, ("===>SendNetBufferList: NBL = %p.\n", NetBufferLists)); do { DispatchLevel = NDIS_TEST_SEND_AT_DISPATCH_LEVEL(SendFlags); if (pFilter->TrackSends) { FILTER_ACQUIRE_LOCK(&pFilter->Lock, DispatchLevel); CurrNbl = NetBufferLists; while (CurrNbl) { pFilter->OutstandingSends++; FILTER_LOG_SEND_REF(1, pFilter, CurrNbl, pFilter->OutstandingSends); CurrNbl = NET_BUFFER_LIST_NEXT_NBL(CurrNbl); } FILTER_RELEASE_LOCK(&pFilter->Lock, DispatchLevel); } // // If necessary, queue the NetBufferList in a local structure for later processing // NdisFSendNetBufferLists(pFilter->FilterHandle, NetBufferLists, PortNumber, SendFlags); } while (FALSE); DEBUGP(DL_TRACE, ("<===SendNetBufferList: Status = %8x.\n", Status)); } 前面是获取数据包的源地主和目的地址,如果我想过滤掉制定的IP,比如目标IP为192.168.1.1,就丢弃数据包,应该怎么处理 |
|
|
沙发#
发布于:2007-09-06 18:52
文档里写的很清楚
The filter driver can filter the data and send the filtered data to underlying drivers. For each NET_BUFFER structure submitted to FilterSendNetBufferLists, a filter driver can: 1、Pass the buffer on to the next underlying driver by calling the NdisFSendNetBufferLists function. The filter driver can modify the buffer contents before calling NdisFSendNetBufferLists. In this case NDIS calls the FilterSendNetBufferListsComplete function after the underlying drivers complete the send request. 2、Reject the buffer by calling the NdisFSendNetBufferListsComplete function. 3、Queue the buffer in a local data structure for later processing. 4、Copy the buffer and originate a send request with the copy. The send operation is similar to a filter-driver initiated send request. In this case, the driver must return the original buffer to the overlying driver by calling the NdisFSendNetBufferListsComplete function. 第二个就是你需要的 |
|
|