首先安装一个接口;
然后把该接口绑定到一个ip地址;
接着定义一个PF_FILTER_DESCRIPTOR结构,并在其中设置访问规则;
然后把过滤器添加到前面的接口;
实施拦截;
移除过滤器;
取消绑定接口;
删除接口;
具体实现的结构体:
HRESULT CreateInterface(
LPGUID pguidInterface,
BSTR bstrName,
LONG* pUserData,
LPUNKNOWN* ppInterface
);
DWORD PfBindInterfaceToIPAddress(
INTERFACE_HANDLE pInterface,
PFADDRESSTYPE pfatType,
PBYTE IPAddress
);
DWORD PfAddFiltersToInterface(
INTERFACE_HANDLE ih,
DWORD cInFilters,
PPF_FILTER_DESCRIPTOR pfiltIn,
DWORD cOutFilters,
PPF_FILTER_DESCRIPTOR pfiltOut,
PFILTER_HANDLE pfHandle
);
还有一个重要的结构体用来填充访问规则的,类似于ip安全策略中的设置源ip源端口掩码以及各种要拦截的协议等.其具体如下:
typedef struct _PF_FILTER_DESCRIPTOR {
DWORD dwFilterFlags;
DWORD dwRule;
PFADDRESSTYPE pfatType;
PBYTE SrcAddr;
PBYTE SrcMask;
PBYTE DstAddr;
PBYTE DstMask;
DWORD dwProtocol;
DWORD fLateBound;
WORD wSrcPort;
WORD wDstPort;
WORD wSrcPortHighRange;
WORD wDstPortHighRange;
} PF_FILTER_DESCRIPTOR, *PPF_FILTER_DESCRIPTOR;