Filter Hook Example
The filter hook in this example is a simple filter hook that makes forward and drop decisions, based on certain packet properties. This example shows how the filter hook drops Transmission Control Protocol (TCP) packets and forwards packets from all other protocols.
If packets with specific IP addresses or TCP/UDP port numbers must be filtered, consider creating a user-mode application that uses the Packet Filtering API instead. The Packet Filtering API optimizes the system-supplied IP filter driver to process packets without the overhead that is associated with a filter-hook driver. For more information about the Packet Filtering API, see the Microsoft Windows SDK documentation.
#define PROT_TCP 6
typedef struct IPHeader {
UCHAR iph_verlen; // Version and length
UCHAR iph_tos; // Type of service
USHORT iph_length; // Total datagram length
USHORT iph_id; // Identification
USHORT iph_offset; // Flags, fragment offset
UCHAR iph_ttl; // Time to live
UCHAR iph_protocol; // Protocol
USHORT iph_xsum; // Header checksum
ULONG iph_src; // Source address
ULONG iph_dest; // Destination address
} IPHeader;
// Drop all TCP packets
PF_FORWARD_ACTION
DropTcpPackets(
unsigned char *PacketHeader,
unsigned char *Packet,
unsigned int PacketLength,
unsigned int RecvInterfaceIndex,
unsigned int SendInterfaceIndex,
IPAddr RecvLinkNextHop,
IPAddr SendLinkNextHop
)
{
if (((IPHeader *)PacketHeader)->iph_protocol == PROT_TCP)
{
return PF_DROP;
}
return PF_FORWARD;
}