|
Design and Implementation of Personal Fire-Bog'liq Design and Implementation of Personal Firewalls fo5.3
Design and Implementation of Personal Fire-
wall on Pocket PC
One important role of an intermediate driver is to pass
network packets between a protocol driver and a miniport
driver. So, it is a good place to filter network packets at an
imtermediate driver.
Writing an intermediate driver for Windows CE needs
the Windows CE Driver Development Kit (DDK). Win-
dows CE DDK is included in Windows CE Platform Builder
3.0. In our design, the underlying miniport is the NE2000
driver, and the upper protocol is TCP/IP. After the mini-
port driver loads, the intermediate driver loads and binds
to the network adapter. A protocol driver then sends down
requests to query the capabilities of the adapter. The in-
termediate driver simply passes these requests down to the
adapter, and send the responses back up to the protocol
driver.
Every NDIS driver must provide a function called Driv-
Library
Interface
(loader)
System
Operating
NDIS
Wrapper
NdisMInitialize−
LayeredMiniport
NdisIMRegister−
DriverEntry
1.
4. RegisterProtocol
3.
2.
Driver
Intermediate
Figure 5.
Register an Intermediate Driver
erEntry
. DriverEntry is called by the system to load the
driver, and is responsible for initializing the driver. The
DriverEntry builds the relationship between the intermedi-
ate driver and the NDIS library. The intermediate driver
performs two fundamental tasks in its DriverEntry func-
tion. One task is to call function NdisMInitializeWrapper
to tell the NDIS library that the driver is about to regester
itself. Another task is to register the intermediate driver’s
version number, then call function NdisIMRegisterLayered-
Miniport and NdisRegisterProtocol to register entry points
with the NDIS library. Figure 5 shows the procedure for
registering an intermediate driver and initializing the NDIS
library.
5.3.1
Filter Incoming Network Packets
When the network adapter receives an incoming packet, it
calls the intermediate driver to handle this packet. The in-
termediate driver then copies this packet into its own pre-
allocated packet, and send the new packet to a protocol
driver. As each packet contains its source IP address and
destination IP address in the header session, the intermedi-
ate driver can extract these two addresses from each packet
and perform filtering based on source and destination IP
addresses. In other words, the intermediate driver can fil-
ter incoming network packets before passing them up to the
protocol driver (shown in Figure 6). Figure 7 illustrates an
example of filtering incoming network traffic.
Miniport
Driver
Incoming
Packets
Filter
Packets
Outgoing
Driver
Miniport
Driver
Miniport
Intermediate
Driver
Protocol
Packets
Outgoing
Filter
Incoming
Packets
Driver
Protocol
Driver
Intermediate
Miniport
|
| |