当前位置：文江博客话题详情

windows过滤平台。网络包装器？

发布于 2024-10-09 00:09:19 字数 87 浏览 5 评论 0原文

是否有适用于 Windows 过滤平台的 .NET 包装器？我希望使用 WFP 来观察我的 C# 应用程序中的应用程序级别网络流量观察。

谢谢！

收藏 0

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

评论（3）

等你爱我 2024-10-16 00:09:19

不，我不相信有，尽管很多人似乎都想要一个。我认为你必须退回到 Win32 API。

回复收藏 0 原文

过期情话 2024-10-16 00:09:19

我正在使用 P/Invoke Interop Assistant 为 WFP 编写自己的 .net 包装器。这是我用来让它工作的线程。

http://social. msdn.microsoft.com/Forums/en-US/wfp/thread/a65bf197-937b-401e-b15f-0e1c3decdb14/

回复收藏 0 原文

素年丶 2024-10-16 00:09:19

您可以使用 nuget 包 vanara.PInvoke 来执行此操作

看看他的 GitHub

实现可以受到单元测试的“启发”

[Test]
public void FwpmCalloutEnum0Test()
{
    FWPM_CALLOUT_ENUM_TEMPLATE0 template = new() { layerKey = FWPM_LAYER_DATAGRAM_DATA_V4 };
    using SafeCoTaskMemStruct<FWPM_CALLOUT_ENUM_TEMPLATE0> pTemplate = template;
    FWPM_CALLOUT_SUBSCRIPTION0 subscr = new()
    {
        flags = FWPM_SUBSCRIPTION_FLAG.FWPM_SUBSCRIPTION_FLAG_NOTIFY_ON_ADD,
        //sessionKey = Guid.NewGuid(),
        enumTemplate = pTemplate
    };
    var changed = 0;
    using var pchng = new PinnedObject(changed);

    static void callback(IntPtr context, in FWPM_CALLOUT_CHANGE0 change) { unsafe { *(int*)context = 1; } }
    Assert.That(FwpmCalloutSubscribeChanges0(fwpEngineHandle, subscr, callback, pchng, out HFWPCALLOUTCHANGE hChange), ResultIs.Successful);

    Assert.That(FwpmCalloutSubscriptionsGet0(fwpEngineHandle, out SafeFwpmArray<FWPM_CALLOUT_SUBSCRIPTION0> subs), ResultIs.Successful);
    Assert.That(subs.Count, Is.EqualTo(1));

    FWPM_DISPLAY_DATA0 dd = new() { name = "Datagram-Data Proxy Callout", description = "Datagram-Data Proxy Callout" };
    FWPM_CALLOUT0 callout = new() { calloutKey = Guid.NewGuid(), displayData = dd, applicableLayer = FWPM_LAYER_DATAGRAM_DATA_V4 };
    Assert.That(FwpmCalloutAdd0(fwpEngineHandle, callout, default, out var id), ResultIs.Successful);

    //System.Threading.Thread.SpinWait(200);
    //Assert.That(changed, Is.Not.Zero);
    Assert.That(FwpmCalloutUnsubscribeChanges0(fwpEngineHandle, hChange), ResultIs.Successful);

    Assert.That(FwpmCalloutGetById0(fwpEngineHandle, id, out SafeFwpmStruct<FWPM_CALLOUT0> byId), ResultIs.Successful);
    Assert.True(byId.Value.HasValue && byId.Value.Value.calloutId == id);
    Assert.That(FwpmCalloutGetByKey0(fwpEngineHandle, callout.calloutKey, out SafeFwpmStruct<FWPM_CALLOUT0> byKey), ResultIs.Successful);
    Assert.True(byKey.Value.HasValue && byKey.Value.Value.calloutId == id);
    Assert.That(FwpmCalloutGetSecurityInfoByKey0(fwpEngineHandle, callout.calloutKey,
        SECURITY_INFORMATION.OWNER_SECURITY_INFORMATION|SECURITY_INFORMATION.GROUP_SECURITY_INFORMATION|SECURITY_INFORMATION.DACL_SECURITY_INFORMATION,
        out PSID sOwn, out PSID sGrp, out PACL dacl, out PACL sacl, out SafeFwpmMem sd), ResultIs.Successful);
    Assert.True(!sOwn.IsNull && !sGrp.IsNull && !dacl.IsNull);
    Assert.True(sOwn.IsValidSid() && sGrp.IsValidSid() && dacl.IsValidAcl());

    Assert.That(FwpmCalloutDeleteById0(fwpEngineHandle, id), ResultIs.Successful);

    //-----------------------------------------
    // Get the events from enumeration
    Assert.That(FwpmCalloutEnum0(fwpEngineHandle, out SafeFwpmArray<FWPM_CALLOUT0> h), ResultIs.Successful);
    foreach (FWPM_CALLOUT0 e in h)
    {
        TestContext.WriteLine($"{e.calloutKey}=({e.flags})=========");
        TestContext.WriteLine($"{e.displayData.name ?? nullStr} ({e.displayData.description ?? nullStr})");
        TestContext.WriteLine($"Prov={GetNameOf(e.providerKey.Value.GetValueOrDefault()) ?? nullStr}; Layer={GetNameOf(e.applicableLayer)}");
    }
}

You can do this with the nuget package vanara.PInvoke

Have a look at his GitHub

Implementations can be "inspired" by the unit tests

[Test]
public void FwpmCalloutEnum0Test()
{
    FWPM_CALLOUT_ENUM_TEMPLATE0 template = new() { layerKey = FWPM_LAYER_DATAGRAM_DATA_V4 };
    using SafeCoTaskMemStruct<FWPM_CALLOUT_ENUM_TEMPLATE0> pTemplate = template;
    FWPM_CALLOUT_SUBSCRIPTION0 subscr = new()
    {
        flags = FWPM_SUBSCRIPTION_FLAG.FWPM_SUBSCRIPTION_FLAG_NOTIFY_ON_ADD,
        //sessionKey = Guid.NewGuid(),
        enumTemplate = pTemplate
    };
    var changed = 0;
    using var pchng = new PinnedObject(changed);

    static void callback(IntPtr context, in FWPM_CALLOUT_CHANGE0 change) { unsafe { *(int*)context = 1; } }
    Assert.That(FwpmCalloutSubscribeChanges0(fwpEngineHandle, subscr, callback, pchng, out HFWPCALLOUTCHANGE hChange), ResultIs.Successful);

    Assert.That(FwpmCalloutSubscriptionsGet0(fwpEngineHandle, out SafeFwpmArray<FWPM_CALLOUT_SUBSCRIPTION0> subs), ResultIs.Successful);
    Assert.That(subs.Count, Is.EqualTo(1));

    FWPM_DISPLAY_DATA0 dd = new() { name = "Datagram-Data Proxy Callout", description = "Datagram-Data Proxy Callout" };
    FWPM_CALLOUT0 callout = new() { calloutKey = Guid.NewGuid(), displayData = dd, applicableLayer = FWPM_LAYER_DATAGRAM_DATA_V4 };
    Assert.That(FwpmCalloutAdd0(fwpEngineHandle, callout, default, out var id), ResultIs.Successful);

    //System.Threading.Thread.SpinWait(200);
    //Assert.That(changed, Is.Not.Zero);
    Assert.That(FwpmCalloutUnsubscribeChanges0(fwpEngineHandle, hChange), ResultIs.Successful);

    Assert.That(FwpmCalloutGetById0(fwpEngineHandle, id, out SafeFwpmStruct<FWPM_CALLOUT0> byId), ResultIs.Successful);
    Assert.True(byId.Value.HasValue && byId.Value.Value.calloutId == id);
    Assert.That(FwpmCalloutGetByKey0(fwpEngineHandle, callout.calloutKey, out SafeFwpmStruct<FWPM_CALLOUT0> byKey), ResultIs.Successful);
    Assert.True(byKey.Value.HasValue && byKey.Value.Value.calloutId == id);
    Assert.That(FwpmCalloutGetSecurityInfoByKey0(fwpEngineHandle, callout.calloutKey,
        SECURITY_INFORMATION.OWNER_SECURITY_INFORMATION|SECURITY_INFORMATION.GROUP_SECURITY_INFORMATION|SECURITY_INFORMATION.DACL_SECURITY_INFORMATION,
        out PSID sOwn, out PSID sGrp, out PACL dacl, out PACL sacl, out SafeFwpmMem sd), ResultIs.Successful);
    Assert.True(!sOwn.IsNull && !sGrp.IsNull && !dacl.IsNull);
    Assert.True(sOwn.IsValidSid() && sGrp.IsValidSid() && dacl.IsValidAcl());

    Assert.That(FwpmCalloutDeleteById0(fwpEngineHandle, id), ResultIs.Successful);

    //-----------------------------------------
    // Get the events from enumeration
    Assert.That(FwpmCalloutEnum0(fwpEngineHandle, out SafeFwpmArray<FWPM_CALLOUT0> h), ResultIs.Successful);
    foreach (FWPM_CALLOUT0 e in h)
    {
        TestContext.WriteLine(quot;{e.calloutKey}=({e.flags})=========");
        TestContext.WriteLine(quot;{e.displayData.name ?? nullStr} ({e.displayData.description ?? nullStr})");
        TestContext.WriteLine(quot;Prov={GetNameOf(e.providerKey.Value.GetValueOrDefault()) ?? nullStr}; Layer={GetNameOf(e.applicableLayer)}");
    }
}

回复收藏 0 原文

~没有更多了~

关于作者

暂无简介

0 文章

0 评论

25 人气

关注发私信

相关话题

热门标签

操作系统程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端

推荐作者

苦中寻乐

文章 0 评论 0

lueluelue

文章 0 评论 0

嗼ふ静

文章 0 评论 0

王权女流氓

文章 0 评论 0

与花如笺

文章 0 评论 0

残酷

文章 0 评论 0

友情链接

我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的隐私政策了解更多相关信息。单击 接受 或继续使用网站，即表示您同意使用 Cookies 和您的相关数据。

原文