| 基于封包截获技术的个人防火墙核心驱动技术 |
| |
| 引用本文: | 陈少辉,张艳宁,刘艳玲. 基于封包截获技术的个人防火墙核心驱动技术[J]. 世界科技研究与发展, 2006, 28(2): 66-71 |
| |
| 作者姓名: | 陈少辉 张艳宁 刘艳玲 |
| |
| 作者单位: | 西北工业大学 西安710065 |
| |
| 摘 要: | 针对市面上多数防火墙防外不防内的致命缺点,研制有效的个人防火墙很有必要。为此提出了一种基于内核模式和用户模式的双重个人防火墙过滤设计方案在内核模式下利用TDI虚拟驱动接口挂接技术实现对通过传输层的原始数据封包进行截获,在应用模式下采用Winsock2SPI技术开发DLL程序实现对基于Socket网络连接通信的服务截获和过滤,克服了单方面从用户模式或核心模式截获数据包的缺点。着重介绍核心层虚拟驱动编程模块所涉及的编程技术。
|
| 关 键 词: | 过滤驱动 IRP分层 Winsock 2 SPI 截获 |
The Kernel Driver Technology of the Double Filtering Personal Firewall |
| |
| CHEN Shaohui ZHANG Yanning LIU Yanling. The Kernel Driver Technology of the Double Filtering Personal Firewall[J]. World Sci-tech R & D, 2006, 28(2): 66-71 |
| |
| Authors: | CHEN Shaohui ZHANG Yanning LIU Yanling |
| |
| Abstract: | The disadvantage of the function of the most firewall production in the market is capturing the attack from the outer network not form the inner network. They are based on below hypotheses,which the inner network is safe and reliable,and all the threats are from the outer network. Thus,it is difficult to realize the secure communication between the host computers in the LAN of enterprise and Internet user. A new double filtering packet mechanism based on kernel and user mode scheme is presented and accomplished with the development of the personal firewall technology. In the kernel mode,The network driver program is developed to implement the raw net packet capturing through the TDI virtual driver interface technology,and also The net packet filtering is accomplished according to the control canal rules. In the user mode,All program are developed to implement the services based on Socket capturing and filtering through the Winsock 2 SPI technology. Therefore,The shortcoming is overcomed during capturing packet only by kernel mode or user mode,and greatly improved the system security performance. |
| |
| Keywords: | filtering driver layered IRP Winsock 2 SPI capture |
| 本文献已被 CNKI 等数据库收录! |
|
