Filter Hook Example

The filter hook in this example is a simple filter hook that makes forward and drop decisions, based on certain packet properties. This example shows how the filter hook drops Transmission Control Protocol (TCP) packets and forwards packets from all other protocols.

If packets with specific IP addresses or TCP/UDP port numbers must be filtered, consider creating a user-mode application that uses the Packet Filtering API instead. The Packet Filtering API optimizes the system-supplied IP filter driver to process packets without the overhead that is associated with a filter-hook driver. For more information about the Packet Filtering API, see the Microsoft Windows SDK documentation.

#define PROT_TCP   6

typedef struct IPHeader {
  UCHAR  iph_verlen;  // Version and length 
  UCHAR  iph_tos;  // Type of service 
  USHORT  iph_length;  // Total datagram length 
  USHORT  iph_id;  // Identification 
  USHORT  iph_offset;  // Flags, fragment offset 
  UCHAR  iph_ttl;  // Time to live 
  UCHAR  iph_protocol;  // Protocol 
  USHORT  iph_xsum;  // Header checksum 
  ULONG  iph_src;  // Source address 
  ULONG  iph_dest;  // Destination address 
} IPHeader; 

// Drop all TCP packets

PF_FORWARD_ACTION 
DropTcpPackets(
        unsigned char   *PacketHeader,
        unsigned char   *Packet,
        unsigned int    PacketLength,
        unsigned int    RecvInterfaceIndex,
        unsigned int    SendInterfaceIndex,
        IPAddr          RecvLinkNextHop,
        IPAddr          SendLinkNextHop
        )
{
    if (((IPHeader *)PacketHeader)->iph_protocol == PROT_TCP)
    {
        return PF_DROP;
    }
    return PF_FORWARD;
}

 

 

Send comments about this topic to Microsoft