| 基于封包截获技术的个人防火墙核心驱动技术 |
| |
| 引用本文: | 陈少辉,张艳宁,刘艳玲. 基于封包截获技术的个人防火墙核心驱动技术[J]. 计算机工程, 2007, 33(6): 123-125 |
| |
| 作者姓名: | 陈少辉 张艳宁 刘艳玲 |
| |
| 作者单位: | 西北工业大学计算机软件学院,西安,710065;西北工业大学计算机软件学院,西安,710065;西北工业大学计算机软件学院,西安,710065 |
| |
| 摘 要: | 针对多数防火墙防外不防内的致命缺点,提出了一种双重过滤设计方案:在内核模式下用TDI虚拟驱动接口挂接技术实现对通过传输层的数据封包截获,在应用模式下采用Winsock 2 SPI技术实现对基于Socket网络连接通信的服务截获,克服了单方面截获数据包的缺点。介绍了核心层虚拟驱动编程技术。
|
| 关 键 词: | 过滤驱动 IRP 分层 Winsock 2SPI 截获 |
| 文章编号: | 1000-3428(2007)06-0123-03 |
| 修稿时间: | 2006-03-26 |
Kernel Driver Technology of Double Filtering Personal Firewall |
| |
| CHEN Shaohui,ZHANG Yanning,LIU Yanling. Kernel Driver Technology of Double Filtering Personal Firewall[J]. Computer Engineering, 2007, 33(6): 123-125 |
| |
| Authors: | CHEN Shaohui ZHANG Yanning LIU Yanling |
| |
| Affiliation: | (Department of Computer and Software, Northwestern Polytechnical University, Xi’an 710065) |
| |
| Abstract: | The disadvantage of the function of the most firewall production is capturing the attack from the outer network not form the inner network. A new double filtering packet mechanism based on kernel and user mode scheme is presented and accomplished with the development of the personal firewall technology. In the kernel mode, the network driver program is developed to implement the raw net packet capturing through the TDI virtual driver interface technology. In the user mode, all program are developed to implement the services based on Socket capturing and filtering through the Winsock 2 SPI technology. Therefore, the shortcoming is overcomed during capturing packet only by kernel mode or user mode, and greatly improved the system security performance. |
| |
| Keywords: | Filtering driver Layered IRP Winsock 2 SPI Capture |
| 本文献已被 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机工程》浏览原始摘要信息 |
|
点击此处可从《计算机工程》下载免费的PDF全文 |
