Strauss
Sun Feb 08 19:10:53 CST 2004
Thanks, but since it's a personal project, I don't have budget to
this... :-)
Steve Jackowski wrote:
> Strauss,
>
> You might want to take a look at our DNE product
> (
http://www.deterministicnetworks.com/Products/dne.asp).
> It is an intermediate driver framework that lets you
> develop plugin drivers. These plugins can set filters to
> see selected (or all) incoming or outgoing packets from
> any protocol stack or device driver, including WAN
> interfaces through NDIS WAN. Our cusotmers (and we
> internally) have used DNE to devleop firewalls, IPSEC
> clients, measurement probes, NAT, proxies, load
> balancers, QoS, secure multicast, transparent
> bridges, 'sniffers', and much more.
>
> It runs cross platform on all Windows systems (95, 98,
> ME, NT, 2K, XP, W2K3, as well as CE.net, PocketPC 2003,
> Linux, Solaris, etc) and provides a consistent API (via
> IOCTL or packet insertion/capture) to user space. A
> plugin written for one system will run on all others (a
> recompile is necessary between families e.g. between
> Windows and Linux). Also, your plugin runs under our
> digital signature so you don't have to go through the
> WHQL process for your IM.
>
> It comes with virtual LAN (with DHCP spoofing) and WAN
> adapters to facilitate things like tunneling and device
> spoofing. If you have specific RAS issues, let me know
> the detail and I may have some suggestions. As Brian
> points out, building a WAN miniport shim is non-trivial,
> but depending on what you need to do, we may have some
> suggestions.
>
> If monitoring is all you need, depending on the level of
> detail, I suspect DNE with a simple plugin (possibly one
> we already have in our other products) may be sufficient.
>
>
> Steve
>
>>-----Original Message-----
>>Hi!
>>
>> I want to develop a TCP/IP filter. The requisites
>
> are:
>
>>
>> - I don't need to view/change raw or ethernet
>
> packets
>
>> - I need to reject incoming/outgoing connections
>
> based on IP/port
>
>> - I need to deal with RAS.
>> - It would be good if I could modify data, but I
>
> don't need it now.
>
>>
>> I have been reading lot of stuff about the
>
> pros/cons of NDIS IM driver
>
>>and TDI filter drivers. That's my conclusion, please
>
> correct me if my
>
>>assumptions are wrong:
>>
>> - NDIS IM will filter interfaces/adapters. So,
>
> I'll need to attach to
>
>>all adapters, and monitor new adapters (RAS?). I'll also
>
> need to deal
>
>>with packet data and raw IP.
>> - To develop a NDIS IM, common kernel development
>
> skills and layered
>
>>driver knowledge is not enough, since NDIS use other
>>functions/interfaces. But, there's a sample in DDK and
>
> some pages about
>
>>how to deal with RAS adapters.
>> - A TDI filter is a common layered (legacy)
>
> driver, like File System
>
>>Filters. And hooking TCP and UDP device objects I'll
>
> hook all TCP/IP
>
>>traffic. If I know how to attach to a device object and
>
> how to deal with
>
>>IRPs I'll not have (big) problems.
>>
>> What's the best option, considering I have NT
>
> FileSystem development
>
>>background? I think what I need is a low level LSP, not
>
> a packet analyzer.
>
>> I hope I made my self clear.
>>
>>
>>Regards,
>>
>>
>>Strauss
>>.
>>