Hi,
"Ryan Russell" <[EMAIL PROTECTED]> writes:
> >I'm writing a firewall system for Windows for my graduation project.
> >The systems i cheked were mostly proxy/firewall gateways,
> >which are using WinSock and works on a veri high level with
> >port translation. I want my system to work on a lower level
> >and to check directly the incoming and outgoing ip or tcp
> >packets. ConSeal Firewall is something like that.
> >I red almost the whole WinSock documentation but
> >I didn't found the answer.
>
> You'll have to get the Device drivers Developer's Kit
> (DDK). Nowadays, the really means a subscription to
> MSDN. The cheapest way to get that is to pick up a
> copy of Visual C++ that includes a limited time subscription
> to MSDN. Student discounts on VC++ are usually pretty good.
Apart from the question whether you will really be happy with selecting
Windows (or any operating system where the source code is not available,
for that matter) as the platform, there are several alternatives.
You can implement a firewall at the WinSock layer by implementing a
``Layered Service Provider''; this is a mechanism to insert your code into
the transport provider mechanism. This was touched upon in the Microsoft
System Journal issue 5/99 (should be at
http://www.microsoft.com/msj/defaulttop.asp?page=/msj/0599/layeredservice/layeredservicetop.htm)
and is also briefly mentioned in ``Network Programming for Microsoft
Windows'' by Jim Ohlund and Anthony James.
Another possibility for you to consider is to write a filter driver that
attaches to the TDI (Transport-Device Independent). This gets you as close
to the bare metal as you will probably care for (below that is NDIS
territory, and any firewall I can think of should not have to mess with
individual bits).
You'll need an MSDN subscription in any case (for the DDK and the misc
other information); for the filter driver solution you'll also need a copy
of the IFS (Installable File System Kit) kit which you can get at
http://www.microsoft.com/hwdev/ntifskit/default.htm. (this has nothing to
do with installable file systems per se, it's just that NT uses file
objects for the dirty work at this level and the IFS kit happens to include
the necessary headers and other stuff you need). The IFS kit ain't cheap.
But unless you're prepared for a serious loss of hair, I would humbly
suggest that you look at other opportunities for implementing your own
firewall system. I'd recommend OpenBSD since
- it's free
- the source code has some semblance of sanity
- the implementation of ipf and ipnat is much neater than ipchains and
whatever the Linux folks got cooking this week.
- it's BSD!
The IP Filter stuff itself (available from
http://coombs.anu.edu.au/ipfilter/) is also available for other BSD
derivatives and Solaris, IRIX, and IRIX.
I'll stop now. Feel free to contact me for more information.
--
later,
Stephen
Fraunhofer-IGD | mailto:
Stephen Wolthusen | [EMAIL PROTECTED]
Rundeturmstr. 6 | [EMAIL PROTECTED]
64283 Darmstadt, GERMANY | [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
