user-mode, kernel-mode and firewalls
-
I'm writing some sort of firewall, using the hook driver from microsoft. I want to take the packet received up to the user mode ap to make the filtering there, cause that way, using user mode api i can know which process is holding a connection. I know this method will slow down the connection... but it's just an experiment :) Then... I'd like to know if for every packet there's a new instance of the driver, or they're queued. cause if they are queued the method above, would be slow AND i'll miss some packets :( Thank you in advance for your help
-
I'm writing some sort of firewall, using the hook driver from microsoft. I want to take the packet received up to the user mode ap to make the filtering there, cause that way, using user mode api i can know which process is holding a connection. I know this method will slow down the connection... but it's just an experiment :) Then... I'd like to know if for every packet there's a new instance of the driver, or they're queued. cause if they are queued the method above, would be slow AND i'll miss some packets :( Thank you in advance for your help
-
I wrote it... I'm using hook driver avalaible on win2k and above however... here is a link on what I mean :) http://msdn.microsoft.com/library/default.asp?url=/library/en-us/network/hh/network/firewall_5932d4d9-b61d-472d-8f27-c6a1d26ddc36.xml.asp[^]