Click here to Skip to main content
15,886,059 members
Search within:


Articles / Desktop Programming / MFC
 

Developing Firewalls for Windows 2000/XP

Rate me:
Please Sign up or sign in to vote.
4.86/5 (158 votes)
3 Nov 2003CPOL9 min read 1.1M   26.4K   491  
An article about developing Firewalls for Windows 2000/XP
 
// testDrvDlg.cpp : implementation file
//

#include "stdafx.h"
#include "testDrv.h"
#include "winioctl.h"
#include "testDrvDlg.h"

#include "sockUtil.h"

#ifdef _DEBUG
#define new DEBUG_NEW
#undef THIS_FILE
static char THIS_FILE[] = __FILE__;
#endif

/////////////////////////////////////////////////////////////////////////////
// CAboutDlg dialog used for App About

class CAboutDlg : public CDialog
{
public:
	CAboutDlg();

// Dialog Data
	//{{AFX_DATA(CAboutDlg)
	enum { IDD = IDD_ABOUTBOX };
	//}}AFX_DATA

	// ClassWizard generated virtual function overrides
	//{{AFX_VIRTUAL(CAboutDlg)
	protected:
	virtual void DoDataExchange(CDataExchange* pDX);    // DDX/DDV support
	//}}AFX_VIRTUAL

// Implementation
protected:
	//{{AFX_MSG(CAboutDlg)
	//}}AFX_MSG
	DECLARE_MESSAGE_MAP()
};

CAboutDlg::CAboutDlg() : CDialog(CAboutDlg::IDD)
{
	//{{AFX_DATA_INIT(CAboutDlg)
	//}}AFX_DATA_INIT
}

void CAboutDlg::DoDataExchange(CDataExchange* pDX)
{
	CDialog::DoDataExchange(pDX);
	//{{AFX_DATA_MAP(CAboutDlg)
	//}}AFX_DATA_MAP
}

BEGIN_MESSAGE_MAP(CAboutDlg, CDialog)
	//{{AFX_MSG_MAP(CAboutDlg)
		// No message handlers
	//}}AFX_MSG_MAP
END_MESSAGE_MAP()

/////////////////////////////////////////////////////////////////////////////
// CTestDrvDlg dialog

CTestDrvDlg::CTestDrvDlg(CWnd* pParent /*=NULL*/)
	: CDialog(CTestDrvDlg::IDD, pParent)
{
	//{{AFX_DATA_INIT(CTestDrvDlg)
		// NOTE: the ClassWizard will add member initialization here
	//}}AFX_DATA_INIT
	// Note that LoadIcon does not require a subsequent DestroyIcon in Win32
	m_hIcon = AfxGetApp()->LoadIcon(IDR_MAINFRAME);
}

void CTestDrvDlg::DoDataExchange(CDataExchange* pDX)
{
	CDialog::DoDataExchange(pDX);
	//{{AFX_DATA_MAP(CTestDrvDlg)
	DDX_Control(pDX, IDC_BUTTON2, m_bStop);
	DDX_Control(pDX, IDC_BUTTON1, m_bStart);
	//}}AFX_DATA_MAP
}

BEGIN_MESSAGE_MAP(CTestDrvDlg, CDialog)
	//{{AFX_MSG_MAP(CTestDrvDlg)
	ON_WM_SYSCOMMAND()
	ON_WM_PAINT()
	ON_WM_QUERYDRAGICON()
	ON_BN_CLICKED(IDC_BUTTON1, OnStart)
	ON_BN_CLICKED(IDC_BUTTON2, OnStop)
	//}}AFX_MSG_MAP
END_MESSAGE_MAP()

/////////////////////////////////////////////////////////////////////////////
// CTestDrvDlg message handlers

BOOL CTestDrvDlg::OnInitDialog()
{
	CDialog::OnInitDialog();

	// Add "About..." menu item to system menu.

	// IDM_ABOUTBOX must be in the system command range.
	ASSERT((IDM_ABOUTBOX & 0xFFF0) == IDM_ABOUTBOX);
	ASSERT(IDM_ABOUTBOX < 0xF000);

	CMenu* pSysMenu = GetSystemMenu(FALSE);
	if (pSysMenu != NULL)
	{
		CString strAboutMenu;
		strAboutMenu.LoadString(IDS_ABOUTBOX);
		if (!strAboutMenu.IsEmpty())
		{
			pSysMenu->AppendMenu(MF_SEPARATOR);
			pSysMenu->AppendMenu(MF_STRING, IDM_ABOUTBOX, strAboutMenu);
		}
	}

	// Set the icon for this dialog.  The framework does this automatically
	//  when the application's main window is not a dialog
	SetIcon(m_hIcon, TRUE);			// Set big icon
	SetIcon(m_hIcon, FALSE);		// Set small icon
	
	//we load the IPFilter Driver
	filterDriver.LoadDriver("IpFilterDriver", "System32\\Drivers\\IpFltDrv.sys", NULL, TRUE);

	//we don't deregister the driver at destructor
	filterDriver.SetRemovable(FALSE);

	//we load the Filter-Hook Driver
	ipFltDrv.LoadDriver("DrvFltIp", NULL, NULL, TRUE);
	
	return TRUE;  // return TRUE  unless you set the focus to a control
}

void CTestDrvDlg::OnSysCommand(UINT nID, LPARAM lParam)
{
	if ((nID & 0xFFF0) == IDM_ABOUTBOX)
	{
		CAboutDlg dlgAbout;
		dlgAbout.DoModal();
	}
	else
	{
		CDialog::OnSysCommand(nID, lParam);
	}
}

// If you add a minimize button to your dialog, you will need the code below
//  to draw the icon.  For MFC applications using the document/view model,
//  this is automatically done for you by the framework.

void CTestDrvDlg::OnPaint() 
{
	if (IsIconic())
	{
		CPaintDC dc(this); // device context for painting

		SendMessage(WM_ICONERASEBKGND, (WPARAM) dc.GetSafeHdc(), 0);

		// Center icon in client rectangle
		int cxIcon = GetSystemMetrics(SM_CXICON);
		int cyIcon = GetSystemMetrics(SM_CYICON);
		CRect rect;
		GetClientRect(&rect);
		int x = (rect.Width() - cxIcon + 1) / 2;
		int y = (rect.Height() - cyIcon + 1) / 2;

		// Draw the icon
		dc.DrawIcon(x, y, m_hIcon);
	}
	else
	{
		CDialog::OnPaint();
	}
}

// The system calls this to obtain the cursor to display while the user drags
//  the minimized window.
HCURSOR CTestDrvDlg::OnQueryDragIcon()
{
	return (HCURSOR) m_hIcon;
}


BOOL CTestDrvDlg::AddFilter(IPFilter pf)
{
	//we send the rule to the driver
	DWORD result = ipFltDrv.WriteIo(ADD_FILTER, &pf, sizeof(pf));

	if (result != DRV_SUCCESS) 
	{
		AfxMessageBox("DeviceIoControl ADD_IP_HOOK");

		return FALSE;
	}

	else
		return TRUE;
}

void CTestDrvDlg::OnStart() 
{
	DWORD result;

	//first i send one rule, for example, not permit icmp traffic	
	IPFilter pf;

	pf.protocol = 1;			//ICMP protocol
	pf.destinationIp = 0;		//all destinations
	pf.sourceIp = 0;			//all sources
	pf.destinationMask = 0;
	pf.sourceMask = 0;
	pf.destinationPort = 0;		//all ports. As protocol isnt tcp neither udp, we can pass other values
	pf.sourcePort = 0;			//all ports. As protocol isnt tcp neither udp, we can pass other values
	pf.drop = TRUE;				//drop all this traffic

	result = AddFilter(pf);		//send the rule


	//second, other rule. Web traffic is not allowed in this server
	pf.protocol = 6;									//TCP protocol
	pf.destinationIp = inet_addr("127.0.0.1");			//127.0.0.1, this host
	pf.sourceIp = 0;									//all sources
	pf.destinationMask = inet_addr("255.255.255.255");	//source address mask
	pf.sourceMask = 0;									//destination address mask
	pf.destinationPort = htons(80);						//all ports. As protocol isnt tcp neither udp, we can pass other values
	pf.sourcePort = 0;									//all ports. As protocol isnt tcp neither udp, we can pass other values
	pf.drop = TRUE;										//drop all this traffic

	result = AddFilter(pf);		//send the rule


	// then i start to filter
	if(ipFltDrv.WriteIo(START_IP_HOOK, NULL, 0) != DRV_ERROR_IO)
	{
		m_bStart.EnableWindow(FALSE);
		m_bStop.EnableWindow(TRUE);
	}
}

void CTestDrvDlg::OnStop() 
{
	//stop the driver and clear rules
	if(ipFltDrv.WriteIo(STOP_IP_HOOK, NULL, 0) != DRV_ERROR_IO)
	{
		m_bStart.EnableWindow(TRUE);
		m_bStop.EnableWindow(FALSE);
	}
	ipFltDrv.WriteIo(CLEAR_FILTER, NULL, 0);
}

By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.

If a file you wish to view isn't highlighted, and is a text file (not binary), please let us know and we'll add colourisation support for it.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


Written By
Jesus Oliva
Chief Technology Officer
Spain Spain
To summarize: learn, learn, learn... and then try to remember something I.... I don't Know what i have to remember...

http://www.olivacorner.com

Comments and Discussions

Permalink
Advertise
Privacy
Cookies
Terms of Use
Layout: fixed | fluid

Posted 20 Dec 2002

Article Copyright 2002 by Jesus Oliva
Everything else Copyright © CodeProject, 1999-2024

Web01 2.8:2024-04-02:1