I'm looking to write a small program which will intercept network packets (on the local machine) and modify them before they go out on the network. I need to be able to modify the headers as well, not just the data.
I've already looked through several possibilities but am unsure which one is best to pursue. There are open source packet filters out there, but filtering only seems to be able to either allow or reject packets, not much else.
The other solution would be to write an NDIS intermediate driver, but writing drivers is a beyond me. Even the simple pass-thru example in the WinDDK is thousands of lines. I'm also not looking forward to having to constantly reinstall a driver and reboot to test my code.
I'd ideally like the program to be self contained, and not rely on the installation of 3rd party drivers/software/whatever.
So if you people could point me in the right direction, throw some helpful links my way, whatever, I'd appreciate it.
Depends what kind of packets do you want to filter/modify.
如果您正在进行应用程序级过滤,并且想使用HTTP或类似的数据包,那么最好的选择就是LSP.但是请注意,遵循此路径具有某些缺点.首先,MS似乎正试图摆脱这种技术,Windows 7徽标要求中的IIRC的一部分是您的产品中没有LSP",他们似乎正在推广 Windows过滤平台.其次,对于第3方LSP兼容性方面遇到的麻烦,您会感到非常惊讶.第三,非常虚拟LSP仍在2 KLOC附近:)
If you're after application-level filtering, and want to get your hands on HTTP or similar packets, your best bet would probably be an LSP. Note however, following this path has certain disadvantages. First MS seems to be trying to get rid of this technology, and IIRC a part of Windows 7 logo requirements is "no LSP in your product", they seem to be promoting the Windows Filtering Platform. Second, you'd be very surprised with how much trouble you're getting into in terms of 3rd party LSP compatibility. Third, a very dummy LSP is still around 2 KLOC :)
If you're after an IP level packet filtering you'd need to go for a driver.
Windows筛选平台为您提供两种情况下所需的功能.但是,它仅在Windows Vista和更高版本的产品上可用,因此那里没有XP.要考虑的另一件事是,WFP仅能够在用户域中允许/拒绝数据包,并且,如果您需要对其进行修改,则需要进入内核模式. (至少在当时情况是什么样的情况下,也许他们现在已经有所改善了.)
Windows Filtering Platform provides you with functionality needed in either case. However, it's only available on Windows Vista and later products, so no XP there. Another thing to take into consideration, WFP was only capable of allow/reject packets in user-land, and if you need to modify them, you'd need to go kernel-mode. (At least that what the situation was at the time it appeared, maybe they've improved something by now).