问题描述
我当前的代码在这里,
filterConditions [conditionIndex] .fieldKey = FWPM_CONDITION_IP_REMOTE_ADDRESS;
//更改的代码已从FWP_MATCH_EQUAL设置为FWP_MATCH_NOT_EQUAL,
filterConditions [conditionIndex] .matchType = FWP_MATCH_NOT_EQUAL;
如果(IsEqualGUID(layerKey,& FWPM_LAYER_OUTBOUND_TRANSPORT_V4))
{
filterConditions [conditionIndex] .conditionValue.type = FWP_UINT32;
filterConditions [conditionIndex] .conditionValue.uint32 = *(UINT32 *)remoteAddr;
//我的代码
conditionIndex ++;
// 代码添加仅用于过滤tcp数据包
filterConditions [conditionIndex] .fieldKey = FWPM_CONDITION_IP_PROTOCOL;
//更改的代码已从FWP_MATCH_EQUAL设置为FWP_MATCH_NOT_EQUAL,
filterConditions [conditionIndex] .matchType = FWP_MATCH_EQUAL;
filterConditions [conditionIndex] .conditionValue.type = FWP_UINT8;
filterConditions [conditionIndex] .conditionValue.uint8 = 6;
//代码在这里结束
conditionIndex ++;
//这里过滤HTTP数据包
filterConditions [conditionIndex] .fieldKey = FWPM_CONDITION_IP_LOCAL_PORT;
filterConditions [conditionIndex] .matchType = FWP_MATCH_EQUAL;
filterConditions [conditionIndex] .conditionValue.type = FWP_UINT16;
filterConditions [conditionIndex] .conditionValue.uint16 = 80;
DbgPrint("添加了过滤器... !!");
//代码结束
}
conditionIndex ++;
}
===================
filterConditions[conditionIndex].fieldKey = FWPM_CONDITION_IP_REMOTE_ADDRESS;
// code changed was set to FWP_MATCH_NOT_EQUAL from FWP_MATCH_EQUAL,
filterConditions[conditionIndex].matchType = FWP_MATCH_NOT_EQUAL;
if (IsEqualGUID(layerKey, &FWPM_LAYER_OUTBOUND_TRANSPORT_V4))
{
filterConditions[conditionIndex].conditionValue.type = FWP_UINT32;
filterConditions[conditionIndex].conditionValue.uint32 = *(UINT32*)remoteAddr;
// my code
conditionIndex++;
// code added for the filter out the tcp packets only
filterConditions[conditionIndex].fieldKey = FWPM_CONDITION_IP_PROTOCOL;
// code changed was set to FWP_MATCH_NOT_EQUAL from FWP_MATCH_EQUAL,
filterConditions[conditionIndex].matchType = FWP_MATCH_EQUAL;
filterConditions[conditionIndex].conditionValue.type = FWP_UINT8;
filterConditions[conditionIndex].conditionValue.uint8 = 6;
// code ends here
conditionIndex++;
// here filtering the HTTP packets
filterConditions[conditionIndex].fieldKey = FWPM_CONDITION_IP_LOCAL_PORT;
filterConditions[conditionIndex].matchType = FWP_MATCH_EQUAL;
filterConditions[conditionIndex].conditionValue.type = FWP_UINT16;
filterConditions[conditionIndex].conditionValue.uint16 =80;
DbgPrint("Filter Added ...!!");
// code ends
}
conditionIndex++;
}
====================
此代码显示了来自TCP --HTTP ---端口80的数据包
this code is showing the packets from TCP --HTTP---at port 80
但是我需要过滤HTTP GET数据包数据包
but i need to filter the HTTP GET packets packets
推荐答案
http://msdn .microsoft.com/en-us/library/windows/hardware/ff570891(v = vs.85).aspx
(可选)您可以将过滤器保持在OUTBOUND_TRANSPORT,但仍需要让标注解析数据包的数据.这种方法的主要问题是您将需要知道如何确定GET部分何时完成 分布在多个数据包中.
Optionally you can keep your filter at OUTBOUND_TRANSPORT, but you still need to have the callout parse the data of the packet. The main issue with this approach is you will need to know how to determine when the GET portion is finished if it gets spread over multiple packets.
希望这会有所帮助,
这篇关于如何从TCP数据包中过滤HTTP获取数据包...的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!