Is there an example for blocking ip traffic?

device driver

    Sponsored Links

    Next

  • 1. how to get the status of threads related to a driver
    Hi everyone, I am a new hand for driver devlopment. Now I face with a problem. I want to view the status of threads related to a driver. For example, are threads related to usbvideo driver runing or suspending (waiting for events). These information is very inportant for me to judge whether the thread related to driver occupy the cpu or not. Is there any way to make it possible? Does windbg provide the command to view it? Your help is very appriciated. Thanks.
  • 2. KMDF Buffered vs Direct IO
    I have a KMDF driver that sets the IO type to Direct and uses WdfRequestRetrieve(Output/Input)Buffer call inside EvtIoRead/EvtIoWrite to get a pointer to the request buffer. This works fine. However, if I switch the device IO type to Buffered, then the WdfRequestRetrieveX functions return SUCCESS status, yet set the buffer pointer to NULL. I don't see any explanation for this in the documentation, as these functions are supposed to work identically regardless for both Direct and Buffered IO type; furthermore, I imagine that a buffer retrieval problem would be indicated by the returned status. Any ideas?
  • 3. When and how does KeDelayExecutionThread get alerted?
    Hi all, The DDK documetation says: "If the value of Alertable is TRUE and one of the following conditions is present, the thread will be alerted: 1, If the origin of the alert is an internal, undocumented kernel-mode routine used to alert threads. 2, The origin of the alert is a user-mode APC, and the value of the WaitMode parameter is UserMode. In the first of these two cases, the thread's wait is satisfied with a completion status of STATUS_ALERTED; in the second case, it is satisfied with a completion status of STATUS_USER_APC." However, the parameters passed into KeDelayExecutionThread doesn't include any dispatcher object such as event, semaphore, mutex, etc. My question is: By which dispatcher object does current sleeping thread get alerted? Except by user APC. Thanks in advance.
  • 4. Responding to keystrokes on Windows Logon desktop
    Is there any way to listen for a keystroke/hotkey on the Windows Logon screen? I'd like to respond to a particular keystroke, run a program, then refresh the logon screen. No UI necessary. Is that possible to do without messing with msgina.dll? This would be for both XP and Vista.

Is there an example for blocking ip traffic?

Postby » Sun, 11 Sep 2005 18:49:41 GMT

Hi
I want to do a simple firewall, where I can block ip traffic,
I understand I need a tdi filter, is there any example in the
ddk, or can someone post an example?

thanks in advance.



Re: Is there an example for blocking ip traffic?

Postby Arkady Frenkel » Sun, 11 Sep 2005 23:09:13 GMT

You can use firewall interfaces in  user mode and f/w driver is IM itself
Arkady






Re: Is there an example for blocking ip traffic?

Postby Thomas F. Divine [DDK MVP] » Sun, 11 Sep 2005 23:50:19 GMT

Part 2of the "Extending the Passthru NDIS IM Driver Sample" series shows how 
an NDI Intermediate driver can be used to block IP traffic based on an IP 
address list. It is in the archives at the Windows Driver Developer's 
Digest. See:

    http://www.**--****.com/ 

Good luck,

Thomas F. Divine, Windows DDK MVP
 http://www.**--****.com/ 





Re: Is there an example for blocking ip traffic?

Postby » Mon, 12 Sep 2005 04:47:47 GMT

Thank you, this is great. !!



Re: Is there an example for blocking ip traffic?

Postby Vijay Visana » Tue, 13 Sep 2005 20:42:50 GMT

If you just want to block something then you can consider windows firewall 
hooking driver.
It is simpler than IM driver. IM driver will be good choice if you want more 
control. otherwise you can use this lighter version.
 http://www.**--****.com/ 






Re: Is there an example for blocking ip traffic?

Postby » Wed, 14 Sep 2005 01:11:01 GMT

Thank you !!!!!!!!!!!!!!!!!!!!!!!!!!



Re: Is there an example for blocking ip traffic?

Postby » Thu, 15 Sep 2005 06:53:27 GMT

Hi Vijay,
Do you happen to know if I can use this method to block only
certain processes, I am unable to figure out this aspect since
the only explanation of this is by O-Jsus and he has not mentioned
this?



Re: Is there an example for blocking ip traffic?

Postby » Thu, 15 Sep 2005 19:23:21 GMT

Ho do I block IP traffic only to a specific process ?



Re: Is there an example for blocking ip traffic?

Postby Jeff Henkels » Thu, 15 Sep 2005 20:59:55 GMT



In the fwhook callback, you can call PsGetCurrentProcessId() to identify the 
current process. Since the fwhook callback is effectively at the TDI layer, 
odds are pretty good that you're running in the context of the process 
generating the traffic.

Your driver should also have a PsSetCreateProcessNotifyRoutine callback that 
gets hit when a process is created or destroyed.  When a process is created, 
your callback will pass the process ID to a user-mode service which will 
look up whatever info you need about the process (e.g. owner, executable 
name/path), and then pass this info back down to the driver, which puts it 
into a queue or list.  This will speed things up a bit, especially if you 
can make the allow/deny decision based solely on process info (i.e. you 
don't need to consider protocol/address/port in your firewall ruleset)

Then when your fwhook callback is hit, you call PsGetCurrentProcessId and 
look up that process in your list and pass/drop the packet accordingly. 



Re: Is there an example for blocking ip traffic?

Postby » Thu, 15 Sep 2005 21:55:28 GMT

I have already done what you suggested, the process which is obtained is
always SERVICE.EXE   ??????????????????????????????? even though
I am using IExplore process to initiate the traffic.




Similar Threads:

1.IP Traffic Filter Driver


2.Ndislwf sample blocks network traffic on Windows Server 2008 64-bi

Hi
Does anyone tried to build and install Ndislwf sample on Windows Server 2008 
64-bit? It blocks all traffic and server become totally disconnected from the 
network.
The sample (NDIS 6 Sample LightWeight Filter) is totally unchanged from what 
it is in the DDK (6001.18002).
Can anyone tell me what's happening?

3.Unable to block traffic from VM Workstation (NDIS hook firewall)

Hi

I have developed firewall with NDIS hooking.
It's working fine, monitoring the traffic on machine.
I have installed VMWare workstation on my machine(Bridge mode).
I can access internet through VM workstation(Winxp sp2).
Firewall is not blocking the traffic from VM workstation.

So what could be the basic problem regarding this issue.
What I am missing? How can i block traffic to and from VM.

Thanks,


Devang

4.Personal Firewall blocks NDIS traffic

Hi,
I have an NDIS driver and I want to send some packets from my NDIS
driver to my winsock application.  However, personal firewalls block
these packets since they appear to come from outside the box.  Is
there any other way I can communicate information from my NDIS driver
to my application running in user land?

Thanks
Lyle

5.Unable to block traffic from/To VM with bridge mode (NDIS hook Driver)

Hi

I have developed firewall with NDIS hooking.
It's working fine, monitoring the traffic on machine.
I have installed VMWare workstation on my machine(Bridge mode).
I can access internet through VM workstation(Winxp sp2).
Firewall is not blocking the traffic from VM workstation.

So what could be the basic problem regarding this issue.
What I am missing? How can i block traffic to and from VM.

Thanks,

Devang

6. Blocking Ephemeral TCP/IP Port Range

7. Blocking out ARPs or a modem IP from ethernet driver

8. how to convert a dotted-decimal IP address into host internal IP address



Return to device driver

 

Who is online

Users browsing this forum: No registered users and 49 guest