I'm developing what is essentially a specialized firewall application. The solution needs to be 32 and 64-bit compatible. My company wants to keep the current program interface, which is written in C#.
What I need is this: a way to monitor and manipulate all network traffic on the system. My research has led me to believe that a NDIS (Network Driver Interface Specification) Intermediate driver is the way to go. If I can write this kind of driver in C#, great, but I'm not sure that's possible. At the very least, I need an interface in C# to a driver written in any language.
I found a great resource online for creating one in a series of articles entitled "Extending the Microsoft PassThru NDIS Intermediate Driver":
- Part 1 - Adding a DeviceIoControl Interface
- Part 2 - Two IP Address Blocking NDIS IM Drivers
- Part 3 - Supporting Windows XP 64-Bit Edition
However, it is dated (2003). Before I invest in reading and learning what it has to say, I want to make sure I'm not wasting my time.
Is there a better way to do this? Are there any open source projects or articles that explain the process better than the articles above? Am I even in the ballpark? Help please.
There's another page from the same author, titled Windows Network Data and Packet Filtering, which provides "a brief introduction to various techniques that can be used to filter network data and network packets on the Microsoft Windows platforms".
It mentions others options, e.g. "TDI flter driver" and "User-Mode Network Data Filtering", which may suit instead, depending on whether you really want to manipulate all the network traffic on the system.
来源:https://stackoverflow.com/questions/869947/ndis-intermediate-driver-interface-to-c-sharp