/*
利用操作系统提供的API编写防火墙.
该程序涉及到的API说明请访问微软的MSDN Library
代码在C++ Builder 5编译通过
如果您想和我交流请email:[email protected]
*/
#pragma hdrstop
#include "windows.h"
#include "Fltdefs.h"
// 需要加载"iphlpapi.lib"
//--------------------------------------------------------------------------- #pragma argsused
int main(int argc, char* argv[])
{
// 一个创建网络包过滤接口
INTERFACE_HANDLE hInterface;
PfCreateInterface(0,
PF_ACTION_DROP,//PF_ACTION_FORWARD,
PF_ACTION_DROP,//PF_ACTION_FORWARD,
FALSE,
TRUE,
&hInterface); // 绑定需要网络包过滤的IP地址
BYTE localIp[] = {192,168,0,2};
PfBindInterfaceToIPAddress(hInterface, PF_IPV4, localIp);
// 现在我们开始过滤HTTP协议的的接口
FILTER_HANDLE fHandle;
// 填充过滤包的规则结构
PF_FILTER_DESCRIPTOR inFilter;
inFilter.dwFilterFlags = FD_FLAGS_NOSYN; //一直添这个值
inFilter.dwRule = 0; //一直添这个值
inFilter.pfatType = PF_IPV4; //用 ipV4 地址
inFilter.SrcAddr = localIp; //设置本地IP地址
inFilter.SrcMask = "\xff\xff\xff\xff"; //设置本地子网掩码
inFilter.wSrcPort = FILTER_TCPUDP_PORT_ANY; //任意来源端口
inFilter.wSrcPortHighRange = FILTER_TCPUDP_PORT_ANY;
inFilter.DstAddr = 0; //任意目标地址
inFilter.DstMask = 0;
inFilter.wDstPort = 80; //目标端口 80(http 服务)
inFilter.wDstPortHighRange = 80;
inFilter.dwProtocol = FILTER_PROTO_TCP; // 过滤的协议
// 加入一个过滤接口
PfAddFiltersToInterface(hInterface, 1, &inFilter, 0, NULL, &fHandle);
// 请在这设置一个调试断点,然后看看你的IE是否不能访问WEB页. :)
// 移除过滤接口
PfRemoveFilterHandles(hInterface, 1, &fHandle);
PfUnBindInterface(hInterface);
PfDeleteInterface(hInterface);
return 0;
}
利用操作系统提供的API编写防火墙.
该程序涉及到的API说明请访问微软的MSDN Library
代码在C++ Builder 5编译通过
如果您想和我交流请email:[email protected]
*/
#pragma hdrstop
#include "windows.h"
#include "Fltdefs.h"
// 需要加载"iphlpapi.lib"
//--------------------------------------------------------------------------- #pragma argsused
int main(int argc, char* argv[])
{
// 一个创建网络包过滤接口
INTERFACE_HANDLE hInterface;
PfCreateInterface(0,
PF_ACTION_DROP,//PF_ACTION_FORWARD,
PF_ACTION_DROP,//PF_ACTION_FORWARD,
FALSE,
TRUE,
&hInterface); // 绑定需要网络包过滤的IP地址
BYTE localIp[] = {192,168,0,2};
PfBindInterfaceToIPAddress(hInterface, PF_IPV4, localIp);
// 现在我们开始过滤HTTP协议的的接口
FILTER_HANDLE fHandle;
// 填充过滤包的规则结构
PF_FILTER_DESCRIPTOR inFilter;
inFilter.dwFilterFlags = FD_FLAGS_NOSYN; //一直添这个值
inFilter.dwRule = 0; //一直添这个值
inFilter.pfatType = PF_IPV4; //用 ipV4 地址
inFilter.SrcAddr = localIp; //设置本地IP地址
inFilter.SrcMask = "\xff\xff\xff\xff"; //设置本地子网掩码
inFilter.wSrcPort = FILTER_TCPUDP_PORT_ANY; //任意来源端口
inFilter.wSrcPortHighRange = FILTER_TCPUDP_PORT_ANY;
inFilter.DstAddr = 0; //任意目标地址
inFilter.DstMask = 0;
inFilter.wDstPort = 80; //目标端口 80(http 服务)
inFilter.wDstPortHighRange = 80;
inFilter.dwProtocol = FILTER_PROTO_TCP; // 过滤的协议
// 加入一个过滤接口
PfAddFiltersToInterface(hInterface, 1, &inFilter, 0, NULL, &fHandle);
// 请在这设置一个调试断点,然后看看你的IE是否不能访问WEB页. :)
// 移除过滤接口
PfRemoveFilterHandles(hInterface, 1, &fHandle);
PfUnBindInterface(hInterface);
PfDeleteInterface(hInterface);
return 0;
}
Up
#define _FLTDEFS_H#if _MSC_VER > 1000
#pragma once
#endiftypedef PVOID FILTER_HANDLE, *PFILTER_HANDLE;
typedef PVOID INTERFACE_HANDLE, *PINTERFACE_HANDLE;#define PFEXPORT _declspec(dllexport)#ifdef __cplusplus
#define EXTERNCDECL EXTERN_C
#else
#define EXTERNCDECL
#endif#define PFAPIENTRY EXTERNCDECL DWORD PFEXPORT WINAPItypedef enum _GlobalFilter
{
GF_FRAGMENTS = 2, // check consistency of fragments
GF_STRONGHOST = 8, // check destination address of input frames
GF_FRAGCACHE = 9 // check fragments from cache
} GLOBAL_FILTER, *PGLOBAL_FILTER;typedef enum _PfForwardAction
{
PF_ACTION_FORWARD = 0,
PF_ACTION_DROP
} PFFORWARD_ACTION, *PPFFORWARD_ACTION;typedef enum _PfAddresType
{
PF_IPV4,
PF_IPV6
} PFADDRESSTYPE, *PPFADDRESSTYPE;//////////////////////////////////////////////////////////////////////////////
// //
// The constants that should be used to set up the FILTER_INFO_STRUCTURE //
// //
//////////////////////////////////////////////////////////////////////////////#define FILTER_PROTO(ProtoId) MAKELONG(MAKEWORD((ProtoId),0x00),0x00000)#define FILTER_PROTO_ANY FILTER_PROTO(0x00)
#define FILTER_PROTO_ICMP FILTER_PROTO(0x01)
#define FILTER_PROTO_TCP FILTER_PROTO(0x06)
#define FILTER_PROTO_UDP FILTER_PROTO(0x11)#define FILTER_TCPUDP_PORT_ANY (WORD)0x0000#define FILTER_ICMP_TYPE_ANY (BYTE)0xff
#define FILTER_ICMP_CODE_ANY (BYTE)0xfftypedef struct _PF_FILTER_DESCRIPTOR
{
DWORD dwFilterFlags; // see below
DWORD dwRule; // copied into the log when appropriate
PFADDRESSTYPE pfatType;
PBYTE SrcAddr;
PBYTE SrcMask;
PBYTE DstAddr;
PBYTE DstMask;
DWORD dwProtocol;
DWORD fLateBound;
WORD wSrcPort;
WORD wDstPort;
WORD wSrcPortHighRange;
WORD wDstPortHighRange;
}PF_FILTER_DESCRIPTOR, *PPF_FILTER_DESCRIPTOR;
//////////////////////////////////////////////////////////////////////////////
// //
// Structure for PfGetInterfaceStatistics //
// //
//////////////////////////////////////////////////////////////////////////////typedef struct _PF_FILTER_STATS
{
DWORD dwNumPacketsFiltered;
PF_FILTER_DESCRIPTOR info;
}PF_FILTER_STATS, *PPF_FILTER_STATS;typedef struct _PF_INTERFACE_STATS
{
PVOID pvDriverContext;
DWORD dwFlags; // none as yet (28-Sept-1997)
DWORD dwInDrops;
DWORD dwOutDrops;
PFFORWARD_ACTION eaInAction;
PFFORWARD_ACTION eaOutAction;
DWORD dwNumInFilters;
DWORD dwNumOutFilters;
DWORD dwFrag;
DWORD dwSpoof;
DWORD dwReserved1;
DWORD dwReserved2;
LARGE_INTEGER liSYN;
LARGE_INTEGER liTotalLogged;
DWORD dwLostLogEntries;
PF_FILTER_STATS FilterInfo[1];
} PF_INTERFACE_STATS, *PPF_INTERFACE_STATS;
//////////////////////////////////////////////////////////////////////////////
// //
// The number of bytes starting at SrcAddr. If you add something to the //
// structure make sure this remains valid //
// //
//////////////////////////////////////////////////////////////////////////////#define FILTERSIZE \
(sizeof(PF_FILTER_DESCRIPTOR) - \
(DWORD)(&((PPF_FILTER_DESCRIPTOR)0)->SrcAddr))
//////////////////////////////////////////////////////////////////////////////
// //
// Flags for PF_FILTER_DESCRIPTOR //
// //
////////////////////////////////////////////////////////////////////////////////
// Disallows incoming SYN
//#define FD_FLAGS_NOSYN 0x1//
// All legal flags
//#define FD_FLAGS_ALLFLAGS FD_FLAGS_NOSYN
//////////////////////////////////////////////////////////////////////////////
// //
// Late bound defs. Go in fLateBound in a PF_FILTER_DESCRIPTOR and //
// describe which other fields of the filter are affected by a //
// PfRebindFilters call. In general such filters are on WAN interfaces //
// where one or the other address may change as the connection is //
// reconnected. //
// The assumption is that such interfaces HAVE ONLY ONE ADDRESS. //
// //
//////////////////////////////////////////////////////////////////////////////
#define LB_SRC_ADDR_USE_SRCADDR_FLAG 0x00000001
#define LB_SRC_ADDR_USE_DSTADDR_FLAG 0x00000002
#define LB_DST_ADDR_USE_SRCADDR_FLAG 0x00000004
#define LB_DST_ADDR_USE_DSTADDR_FLAG 0x00000008
#define LB_SRC_MASK_LATE_FLAG 0x00000010
#define LB_DST_MASK_LATE_FLAG 0x00000020typedef struct _PF_LATEBIND_INFO
{
PBYTE SrcAddr;
PBYTE DstAddr;
PBYTE Mask;
}PF_LATEBIND_INFO, *PPF_LATEBIND_INFO;//////////////////////////////////////////////////////////////////////////////
// //
// The format of a logged frame and defs for it. //
// //
//////////////////////////////////////////////////////////////////////////////typedef enum _PfFrameType
{
PFFT_FILTER = 1, // a filter violation
PFFT_FRAG = 2, // bad fragment
PFFT_SPOOF = 3 // strong host failure
} PFFRAMETYPE, *PPFFRAMETYPE;typedef struct _pfLogFrame
{
LARGE_INTEGER Timestamp;
PFFRAMETYPE pfeTypeOfFrame;
DWORD dwTotalSizeUsed; // used to find the next frame
DWORD dwFilterRule; // from the filter
WORD wSizeOfAdditionalData;
WORD wSizeOfIpHeader;
DWORD dwInterfaceName; // the name of the interface
DWORD dwIPIndex;
BYTE bPacketData[1]; // the frame. wsizeOfIpHeader
// and wsizeOfAdditionalData
// describe this
} PFLOGFRAME, *PPFLOGFRAME;
// //
// Error codes. These extend the WIN32 errors by having errors specific to //
// these APIs. Besides these errors, the APIs may return any of the WIN32 //
// errors. //
// //
//////////////////////////////////////////////////////////////////////////////
#define ERROR_BASE 23000#define PFERROR_NO_PF_INTERFACE (ERROR_BASE + 0) // never returned.
#define PFERROR_NO_FILTERS_GIVEN (ERROR_BASE + 1)
#define PFERROR_BUFFER_TOO_SMALL (ERROR_BASE + 2)
#define ERROR_IPV6_NOT_IMPLEMENTED (ERROR_BASE + 3)
//////////////////////////////////////////////////////////////////////////////
// //
// The API prototypes //
// //
//////////////////////////////////////////////////////////////////////////////PFAPIENTRY
PfCreateInterface(
DWORD dwName,
PFFORWARD_ACTION inAction,
PFFORWARD_ACTION outAction,
BOOL bUseLog,
BOOL bMustBeUnique,
INTERFACE_HANDLE *ppInterface
);PFAPIENTRY
PfDeleteInterface(
INTERFACE_HANDLE pInterface
);PFAPIENTRY
PfAddFiltersToInterface(
INTERFACE_HANDLE ih,
DWORD cInFilters,
PPF_FILTER_DESCRIPTOR pfiltIn,
DWORD cOutFilters,
PPF_FILTER_DESCRIPTOR pfiltOut,
PFILTER_HANDLE pfHandle
);PFAPIENTRY
PfRemoveFiltersFromInterface(
INTERFACE_HANDLE ih,
DWORD cInFilters,
PPF_FILTER_DESCRIPTOR pfiltIn,
DWORD cOutFilters,
PPF_FILTER_DESCRIPTOR pfiltOut
);PFAPIENTRY
PfRemoveFilterHandles(
INTERFACE_HANDLE pInterface,
DWORD cFilters,
PFILTER_HANDLE pvHandles
);
PFAPIENTRY
PfUnBindInterface(
INTERFACE_HANDLE pInterface
);PFAPIENTRY
PfBindInterfaceToIndex(
INTERFACE_HANDLE pInterface,
DWORD dwIndex,
PFADDRESSTYPE pfatLinkType,
PBYTE LinkIPAddress
);PFAPIENTRY
PfBindInterfaceToIPAddress(
INTERFACE_HANDLE pInterface,
PFADDRESSTYPE pfatType,
PBYTE IPAddress
);PFAPIENTRY
PfRebindFilters(
INTERFACE_HANDLE pInterface,
PPF_LATEBIND_INFO pLateBindInfo
);PFAPIENTRY
PfAddGlobalFilterToInterface(
INTERFACE_HANDLE pInterface,
GLOBAL_FILTER gfFilter
);PFAPIENTRY
PfRemoveGlobalFilterFromInterface(
INTERFACE_HANDLE pInterface,
GLOBAL_FILTER gfFilter
);
//////////////////////////////////////////////////////////////////////////////
// //
// Log APIs. Note that there is at most one log and it must be created //
// before any interface needing it is created. There is no way to set a //
// log onto an existing interface. The log can be applied to any or all of //
// the interfaces. //
// //
//////////////////////////////////////////////////////////////////////////////PFAPIENTRY
PfMakeLog(
HANDLE hEvent
);//
// Provide a buffer, and notification parameters, and get back
// the old buffer and status.
//PFAPIENTRY
PfSetLogBuffer(
PBYTE pbBuffer,
DWORD dwSize,
DWORD dwThreshold,
DWORD dwEntries,
PDWORD pdwLoggedEntries,
PDWORD pdwLostEntries,
PDWORD pdwSizeUsed
);//
// Doing this will disable the log on any of the interfaces. But if
// an interface was created with the log, the actual log will not be
// completely deleted until that interface is deleted. This is a small
// point, but it might explain a mystery or two.
//PFAPIENTRY
PfDeleteLog(
VOID
);
//////////////////////////////////////////////////////////////////////////////
// //
// Get statistics. Note pdwBufferSize in an IN/OUT parameter. If //
// ERROR_INSUFFICIENT_BUFFER is returned, the common statistics are //
// available and the correct byte count is in *pdwBufferSize. If only the //
// interface statistics are needed, provide a buffer of size //
// PF_INTERFACE_STATS only. //
// If the filter descriptions are also needed, then supply a large buffer, //
// or use the returned count from the first call to allocate a buffer of //
// sufficient size. Note that for a shared interface, this second call may //
// fail with ERROR_INSUFFICIENT_BUFFER. This can happen if the other //
// sharers add filters in the interim. This should not happen for a UNIQUE //
// interface. //
// //
//////////////////////////////////////////////////////////////////////////////
PFAPIENTRY
PfGetInterfaceStatistics(
INTERFACE_HANDLE pInterface,
PPF_INTERFACE_STATS ppfStats,
PDWORD pdwBufferSize,
BOOL fResetCounters
);
//////////////////////////////////////////////////////////////////////////////
// //
// Test a packet. //
// This call will evaluate the packet against the given interfaces //
// and return the filtering action. //
// //
//////////////////////////////////////////////////////////////////////////////PFAPIENTRY
PfTestPacket(
INTERFACE_HANDLE pInInterface OPTIONAL,
INTERFACE_HANDLE pOutInterface OPTIONAL,
DWORD cBytes,
PBYTE pbPacket,
PPFFORWARD_ACTION ppAction
);
#endif
////////////////////////////////////////////////////////////////////////////////
//
// Delphi conversion of fltdefs.h for use with the IPHLPAPI.DLL
//
////////////////////////////////////////////////////////////////////////////////
interfaceuses
Windows;const
IPHLPAPI = 'IPHLPAPI.DLL';// Byte array
type
TByteArray = Array [0..Pred(MaxInt)] of Byte;
PByteArray = ^TByteArray;// Data types
type
FILTER_HANDLE = Pointer;
PFILTER_HANDLE = ^FILTER_HANDLE;
INTERFACE_HANDLE = Pointer;
PINTERFACE_HANDLE = ^INTERFACE_HANDLE;// GlobalFilter enumeration
const
GF_FRAGMENTS = 2;
GF_STRONGHOST = 8;
GF_FRAGCACHE = 9;type
GLOBAL_FILTER = Integer;
PGLOBAL_FILTER = ^GLOBAL_FILTER;// PFAddressType enumeration
const
PF_IPV4 = 0;
PF_IPV6 = 1;type
PFADDRESSTYPE = Integer;
PPFADDRESSTYPE = ^PFADDRESSTYPE;// PFForwardAction enumeration
const
PF_ACTION_FORWARD = 0;
PF_ACTION_DROP = 1;type
PFFORWARD_ACTION = Integer;
PPFFORWARD_ACTION = ^PPFFORWARD_ACTION;// PFFrameType enumeration
const
PFFT_FILTER = 1;
PFFT_FRAG = 2;
PFFT_SPOOF = 3;type
PFFRAMETYPE = Integer;
PPFFRAMETYPE = ^PFFRAMETYPE;type
_PF_FILTER_DESCRIPTOR = packed record
dwFilterFlags: DWORD;
dwRule: DWORD;
pfatType: PFADDRESSTYPE;
SrcAddr: PByteArray;
SrcMask: PByteArray;
DstAddr: PByteArray;
DstMask: PByteArray;
dwProtocol: DWORD;
fLateBound: DWORD;
wSrcPort: Word;
wDstPort: Word;
wSrcPortHighRange: Word;
wDstPortHighRange: Word;
end;
PF_FILTER_DESCRIPTOR = _PF_FILTER_DESCRIPTOR;
PPF_FILTER_DESCRIPTOR = ^PF_FILTER_DESCRIPTOR;type
_PF_FILTER_STATS = packed record
dwNumPacketsFiltered:DWORD;
info: PF_FILTER_DESCRIPTOR;
end;
PF_FILTER_STATS = _PF_FILTER_STATS;
PPF_FILTER_STATS = ^PF_FILTER_STATS;type
_PF_INTERFACE_STATS = packed record
pvDriverContext: Pointer;
dwFlags: DWORD;
dwInDrops: DWORD;
dwOutDrops: DWORD;
eaInAction: PFFORWARD_ACTION;
eaOutAction: PFFORWARD_ACTION;
dwNumInFilters: DWORD;
dwNumOutFilters: DWORD;
dwFrag: DWORD;
dwSpoof: DWORD;
dwReserved1: DWORD;
dwReserved2: DWORD;
liSyn: LARGE_INTEGER;
liTotalLogged: LARGE_INTEGER;
dwLostLogEntries: DWORD;
FilterInfo: Array [0..0] of PF_FILTER_STATS;
end;
PF_INTERFACE_STATS = _PF_INTERFACE_STATS;
PPF_INTERFACE_STATS = ^PF_INTERFACE_STATS;type
_PF_LATEBIND_INFO = packed record
SrcAddr: PByteArray;
DstAddr: PByteArray;
Mask: PByteArray;
end;
PF_LATEBIND_INFO = _PF_LATEBIND_INFO;
PPF_LATEBIND_INFO = ^PF_LATEBIND_INFO;type
_PFLOGFRAME = packed record
Timestamp: LARGE_INTEGER;
pfeTypeOfFrame: PFFRAMETYPE;
dwTotalSizeUsed: DWORD;
dwFilterRule: DWORD;
wSizeOfAdditionalData:Word;
wSizeOfIpHeader: Word;
dwInterfaceName: DWORD;
dwIPIndex: DWORD;
bPacketData: Array [0..0] of Byte;
end;
PFLOGFRAME = _PFLOGFRAME;
PPFLOGFRAME = ^PFLOGFRAME;const
FILTER_PROTO_ANY = $00;
FILTER_PROTO_ICMP = $01;
FILTER_PROTO_TCP = $06;
FILTER_PROTO_UDP = $11;
FILTER_TCPUDP_PORT_ANY = $00;const
FILTER_ICMP_TYPE_ANY = $FF;
FILTER_ICMP_CODE_ANY = $FF;const
FD_FLAGS_NOSYN = $01;
FD_FLAGS_ALLFLAGS = FD_FLAGS_NOSYN;const
LB_SRC_ADDR_USE_SRCADDR_FLAG = $00000001;
LB_SRC_ADDR_USE_DSTADDR_FLAG = $00000002;
LB_DST_ADDR_USE_SRCADDR_FLAG = $00000004;
LB_DST_ADDR_USE_DSTADDR_FLAG = $00000008;
LB_SRC_MASK_LATE_FLAG = $00000010;
LB_DST_MASK_LATE_FLAG = $00000020;const
ERROR_BASE = 23000;
PFERROR_NO_PF_INTERFACE = (ERROR_BASE + 0); // never returned.
PFERROR_NO_FILTERS_GIVEN = (ERROR_BASE + 1);
PFERROR_BUFFER_TOO_SMALL = (ERROR_BASE + 2);
ERROR_IPV6_NOT_IMPLEMENTED = (ERROR_BASE + 3);////////////////////////////////////////////////////////////////////////////////
//
// Filter functions exported by IPHLPAPI
//
////////////////////////////////////////////////////////////////////////////////
function PfCreateInterface(
dwName: DWORD;
inAction: PFFORWARD_ACTION;
outAction: PFFORWARD_ACTION;
bUseLog: BOOL;
bMustBeUnique: BOOL;
var ppInterface: INTERFACE_HANDLE): DWORD;
stdcall; external IPHLPAPI name '_PfCreateInterface@24';function PfDeleteInterface(
pInterface: INTERFACE_HANDLE): DWORD;
stdcall; external IPHLPAPI name '_PfDeleteInterface@4';function PfAddFiltersToInterface(
ih: INTERFACE_HANDLE;
cInFilters: DWORD;
pfiltIn: PPF_FILTER_DESCRIPTOR;
cOutFilters: DWORD;
pfiltOut: PPF_FILTER_DESCRIPTOR;
pfHandle: PFILTER_HANDLE): DWORD;
stdcall; external IPHLPAPI name '_PfAddFiltersToInterface@24';function PfRemoveFiltersFromInterface(
ih: INTERFACE_HANDLE;
cInFilters: DWORD;
pfiltIn: PPF_FILTER_DESCRIPTOR;
cOutFilters: DWORD;
pfiltOut: PPF_FILTER_DESCRIPTOR): DWORD;
stdcall; external IPHLPAPI name '_PfRemoveFiltersFromInterface@20';function PfRemoveFilterHandles(
pInterface: INTERFACE_HANDLE;
cFilters: DWORD;
pvHandles: PFILTER_HANDLE): DWORD;
stdcall; external IPHLPAPI name '_PfRemoveFilterHandles@12';function PfUnBindInterface(
pInterface: INTERFACE_HANDLE): DWORD;
stdcall; external IPHLPAPI name '_PfUnBindInterface@4';function PfBindInterfaceToIndex(
pInterface: INTERFACE_HANDLE;
dwIndex: DWORD;
pfatLinkType: PFADDRESSTYPE;
LinkIPAddress: PByteArray): DWORD;
stdcall; external IPHLPAPI name '_PfBindInterfaceToIndex@16';function PfBindInterfaceToIPAddress(
pInterface: INTERFACE_HANDLE;
pfatLinkType: PFADDRESSTYPE;
IPAddress: PByteArray): DWORD;
stdcall; external IPHLPAPI name '_PfBindInterfaceToIPAddress@12';function PfRebindFilters(
pInterface: INTERFACE_HANDLE;
pLateBindInfo: PPF_LATEBIND_INFO): DWORD;
stdcall; external IPHLPAPI name '_PfRebindFilters@8';function PfAddGlobalFilterToInterface(
pInterface: INTERFACE_HANDLE;
gfFilter: GLOBAL_FILTER): DWORD;
stdcall; external IPHLPAPI name '_PfAddGlobalFilterToInterface@8';function PfRemoveGlobalFilterFromInterface(
pInterface: INTERFACE_HANDLE;
gfFilter: GLOBAL_FILTER): DWORD;
stdcall; external IPHLPAPI name '_PfRemoveGlobalFilterFromInterface@8';
//
// Log APIs. Note that there is at most one log and it must be created
// before any interface needing it is created. There is no way to set a
// log onto an existing interface. The log can be applied to any or all of
// the interfaces.
//
///////////////////////////////////////////////////////////////////////
function PfMakeLog(
hEvent: THandle): DWORD;
stdcall; external IPHLPAPI name '_PfMakeLog@4';function PfSetLogBuffer(
pbBuffer: PByteArray;
dwSize: DWORD;
dwThreshold: DWORD;
dwEntries: DWORD;
pdwLoggedEntries: PDWORD;
pdwLostEntries: PDWORD;
pdwSizeUsed: PDWORD): DWORD;
stdcall; external IPHLPAPI name '_PfSetLogBuffer@28';function PfDeleteLog(
): DWORD;
stdcall; external IPHLPAPI name '_PfDeleteLog@0';////////////////////////////////////////////////////////////////////////////////
//
// Get statistics. Note pdwBufferSize in an IN/OUT parameter. If
// ERROR_INSUFFICIENT_BUFFER is returned, the common statistics are
// available and the correct byte count is in *pdwBufferSize. If only the
// interface statistics are needed, provide a buffer of size
// PF_INTERFACE_STATS only. If the filter descriptions are also needed,
// then supply a large buffer, or use the returned count from the first call
// to allocate a buffer of sufficient size. Note that for a shared interface,
// this second call may fail with ERROR_INSUFFICIENT_BUFFER. This can happen
// if the other sharers add filters in the interim. This should not happen for
// a UNIQUE interface.
//
////////////////////////////////////////////////////////////////////////////////
function PfGetInterfaceStatistics(
pInterface: INTERFACE_HANDLE;
ppfStats: PPF_INTERFACE_STATS;
pdwBufferSize: PDWORD;
fResetCounters: BOOL): DWORD;
stdcall; external IPHLPAPI name '_PfGetInterfaceStatistics@16';////////////////////////////////////////////////////////////////////////////////
//
// Test a packet. This call will evaluate the packet against the given
// interfaces and return the filtering action.
//
////////////////////////////////////////////////////////////////////////////////
function PfTestPacket(
pInInterface: INTERFACE_HANDLE;
pOutInterface: INTERFACE_HANDLE;
cBytes: DWORD;
pbPacket: PByteArray;
ppAction: PPFFORWARD_ACTION): DWORD;
stdcall; external IPHLPAPI name '_PfTestPacket@20';implementationend.
(********)
//uses winsock, fltdefs;
procedure main();
const
localIp : array[0..3] of BYTE = (192,168,0,2);
FILTER_TCPUDP_PORT_ANY : WORD = $0000;
FD_FLAGS_NOSYN = $1;
var
hInterface : INTERFACE_HANDLE;
fHandle : FILTER_HANDLE;
inFilter : PF_FILTER_DESCRIPTOR;
FILTER_PROTO_TCP : DWORD;
dwSrcMask : DWORD;
begin
FILTER_PROTO_TCP := MAKELONG(MAKEWORD(($06),$00),$00000);
dwSrcMask := $FFFFFFFF; PfCreateInterface(0,
PF_ACTION_DROP,//PF_ACTION_FORWARD,
PF_ACTION_DROP,//PF_ACTION_FORWARD,
FALSE,
TRUE,
hInterface); PfBindInterfaceToIPAddress(hInterface, PF_IPV4, @localIp); inFilter.dwFilterFlags := FD_FLAGS_NOSYN;
inFilter.dwRule := 0;
inFilter.pfatType := PF_IPV4;
inFilter.SrcAddr := @localIp;
inFilter.SrcMask := @dwSrcMask;
inFilter.wSrcPort := FILTER_TCPUDP_PORT_ANY;
inFilter.wSrcPortHighRange := FILTER_TCPUDP_PORT_ANY;
inFilter.DstAddr := nil;
inFilter.DstMask := nil;
inFilter.wDstPort := 80;
inFilter.wDstPortHighRange := 80;
inFilter.dwProtocol := FILTER_PROTO_TCP;
PfAddFiltersToInterface(hInterface, 1, @inFilter, 0, nil, @fHandle);
PfRemoveFilterHandles(hInterface, 1, @fHandle);
PfUnBindInterface(hInterface);
PfDeleteInterface(hInterface);
end;
D版的也有了,代码翻译啊
下面这段不就是了?
////////////////////////////////////////////////////////////////////////////////
//
// Test a packet. This call will evaluate the packet against the given
// interfaces and return the filtering action.
//
////////////////////////////////////////////////////////////////////////////////
function PfTestPacket(
pInInterface: INTERFACE_HANDLE;
pOutInterface: INTERFACE_HANDLE;
cBytes: DWORD;
pbPacket: PByteArray;
ppAction: PPFFORWARD_ACTION): DWORD;
stdcall; external IPHLPAPI name '_PfTestPacket@20';implementationend.
(********)
//uses winsock, fltdefs;
procedure main();
const
localIp : array[0..3] of BYTE = (192,168,0,2);
FILTER_TCPUDP_PORT_ANY : WORD = $0000;
FD_FLAGS_NOSYN = $1;
var
hInterface : INTERFACE_HANDLE;
fHandle : FILTER_HANDLE;
inFilter : PF_FILTER_DESCRIPTOR;
FILTER_PROTO_TCP : DWORD;
dwSrcMask : DWORD;
begin
FILTER_PROTO_TCP := MAKELONG(MAKEWORD(($06),$00),$00000);
dwSrcMask := $FFFFFFFF; PfCreateInterface(0,
PF_ACTION_DROP,//PF_ACTION_FORWARD,
PF_ACTION_DROP,//PF_ACTION_FORWARD,
FALSE,
TRUE,
hInterface); PfBindInterfaceToIPAddress(hInterface, PF_IPV4, @localIp); inFilter.dwFilterFlags := FD_FLAGS_NOSYN;
inFilter.dwRule := 0;
inFilter.pfatType := PF_IPV4;
inFilter.SrcAddr := @localIp;
inFilter.SrcMask := @dwSrcMask;
inFilter.wSrcPort := FILTER_TCPUDP_PORT_ANY;
inFilter.wSrcPortHighRange := FILTER_TCPUDP_PORT_ANY;
inFilter.DstAddr := nil;
inFilter.DstMask := nil;
inFilter.wDstPort := 80;
inFilter.wDstPortHighRange := 80;
inFilter.dwProtocol := FILTER_PROTO_TCP;
PfAddFiltersToInterface(hInterface, 1, @inFilter, 0, nil, @fHandle);
PfRemoveFilterHandles(hInterface, 1, @fHandle);
PfUnBindInterface(hInterface);
PfDeleteInterface(hInterface);
end;