摘要
基于内容的IP包过滤技术涉及到操作系统的内核态技术。通过对比用户态及内核态的特征,分析了Windows内核态的网络编程接口,采用了WDM的驱动程序模式体系及NDIS的层次架构。遵循IRP(I/O request packet)规范,实现了具有Miniport和Protocol层的中间驱动程序,并透明钩挂,截取、分析IP包。具体给出了Windows 200X系统中实现IP包过滤的编程技术方案。
The technology of packet filter based on IP content is related to the kernel-mode of Window operation system. By comparing the characteristic ofuser-mode and kemel-mode, analyzing the network programming interface ofWindow kemel, adopting the Windows driver model (WDM) and the architecture complying with the network driver interface specification (NDIS), the intermediate driver with miniport and protocol interface is realized according to the I/O request packet (IRP) protocol. It is transparently hooked, which intercept and analyze the IP packet. The programming solution of implementing IP packet filter is provided in WDM model of windows 200x system.
出处
《计算机工程与设计》
CSCD
北大核心
2007年第22期5425-5427,共3页
Computer Engineering and Design
