PInvoke PFCreateInterface C＃

Question

我試圖在C＃中針對數據包過濾應用程序調用PFCreateInterface。但是，pinvoke.net上的示例似乎沒有充分記錄。對於初學者來說，一旦調用了main中的StartPacketFilter（），我如何在不關閉應用程序的情況下以編程方式刪除數據包過濾器？另外，我對包字符串的格式也很困惑。 即時hostsToBlock[0] = "67.77.87.97,255.255.255.255,0"; //blocks all traffic on any port to/from 67.77.87.97

我將如何去阻止所有ips 6980的遠程端口？

的PInvoke的代碼如下：

/// <summary> 
/// IP packet filter management wrapper for Iphlpapi.dll (Win 2000/XP) 
/// </summary> 
/// 
public class IpPacketFilter 
{ 
    [DllImport("iphlpapi.dll", EntryPoint = "PfBindInterfaceToIPAddress")] 
    public static extern int PfBindInterfaceToIPAddress(
            IntPtr Interface_handle, 
            PFADDRESSTYPE pfatType, 
            ref int ip_address 
            ); 


    [DllImport("iphlpapi.dll", EntryPoint = "PfCreateInterface")] 
    public static extern int PfCreateInterface(
            int dwName, 
            PFFORWARD_ACTION inAction, 
            PFFORWARD_ACTION outAction, 
            bool UseLog, 
            bool MustBeUnique, 
            ref IntPtr ppInterface 
            ); 

    ////// 


    //// 

    [DllImport("iphlpapi.dll", EntryPoint = "PfAddFiltersToInterface")] 
    public static extern int PfAddFiltersToInterface(
            IntPtr interface_handle, 
            int cInFilters, 
            [MarshalAsAttribute(UnmanagedType.Struct)] 
            ref PPF_FILTER_DESCRIPTOR pfiltIn, 
            int cOutFilters, 
            [MarshalAsAttribute(UnmanagedType.Struct)] 
            ref PPF_FILTER_DESCRIPTOR pfiltOut, 
            [MarshalAsAttribute(UnmanagedType.Struct)] 
            ref PPF_FILTER_DESCRIPTOR pfHandle 
            ); 

} 


public unsafe struct PPF_FILTER_DESCRIPTOR 
{ 
    public FILTER_FLAGS dwFilterFlags; 
    public int dwRule; 
    public PFADDRESSTYPE pfatType; 

    public int* SrcAddr; 
    public int* SrcMask; 
    public int* DstAddr; 
    public int* DstMask; 

    public PROTOCOL dwProtocol; 
    public int fLateBound; 
    public int wSrcPort; 
    public int wDstPort; 
    public int wSrcPortHighRange; 
    public int wDstPortHighRange; 
} 
public enum PFFORWARD_ACTION : int 
{ 
    PF_ACTION_FORWARD = 0, 
    PF_ACTION_DROP 
} 

public enum PFADDRESSTYPE : int 
{ 
    PF_IPV4, 
    PF_IPV6 
} 
public enum PROTOCOL : int 
{ 
    ANY = 0x00, 
    ICMP = 0x01, 
    TCP = 0x06, 
    UDP = 0x11 
} 

public enum FILTER_FLAGS : int 
{ 
    FD_FLAGS = 0x1 
} 

類節目 {

internal const int FALSE = 0; 
internal const int TRUE = 1; 


static void Main(string[] args) 
{ 
    string[] hostsToBlock = new string[2]; 
    hostsToBlock[0] = "67.77.87.97,255.255.255.255,0"; //blocks all traffic on any port to/from 67.77.87.97 
    hostsToBlock[1] = "0.0.0.0,0.0.0.0,29000";  //blocks all traffic on port 29000, in and out 
    StartPacketFilter(hostsToBlock); 
} 

internal static int lIpFromString(string sIpAddress) 
{ 
    int lIp = 0; 
    try 
    { 
     string[] octets = sIpAddress.Split(new string[] { "." }, StringSplitOptions.None); 

     if (octets.Length != 4) 
      return 0; 

     for (int i = 0; i < 4; i++) 
      lIp |= (int.Parse(octets[i]) << (i * 8)); 
    } 
    catch { } 
    return lIp; 
} 

internal static string[] GetLocalIpAddresses() 
{ 
    IPHostEntry host = Dns.GetHostEntry(Dns.GetHostName()); 
    string[] localIpAddresses = new string[host.AddressList.Length]; 
    for (int i = 0; i < host.AddressList.Length; i++) 
    { 
     localIpAddresses[i] = host.AddressList[i].ToString(); 
    } 
    return localIpAddresses; 
} 

internal static bool StartPacketFilter(string[] hosts) 
{ 
    string[] localIpAddresses = GetLocalIpAddresses(); 
    if (localIpAddresses == null) 
     return false; 

    foreach (string localAddress in localIpAddresses) 
    { 
     int result; 
     IntPtr interfaceHandle = new IntPtr(); 

     //convert the string IP to an unsigned int for p/invoke 
     int lLocalIp = lIpFromString(localAddress); 

     //create a filter interface in the tcp/ip stack 
     result = IpPacketFilter.PfCreateInterface(0, PFFORWARD_ACTION.PF_ACTION_FORWARD, PFFORWARD_ACTION.PF_ACTION_FORWARD, false, true, ref interfaceHandle); 
     if (result != 0) 
      return false; 

     //bind interface to an ip address 
     result = IpPacketFilter.PfBindInterfaceToIPAddress(interfaceHandle, PFADDRESSTYPE.PF_IPV4, ref lLocalIp); 
     if (result != 0) 
      return false; 

     foreach (string targetHost in hosts) 
     { 
      IntPtr filterHandle = new IntPtr(); 
      string[] hostDetail = targetHost.Split(new string[] { "," }, StringSplitOptions.None); 
      if (hostDetail != null && hostDetail.Length == 3) 
      { 
       //build the filter structure 
       PPF_FILTER_DESCRIPTOR filter = new PPF_FILTER_DESCRIPTOR(); 
       filter.dwFilterFlags = FILTER_FLAGS.FD_FLAGS; 
       filter.dwRule = FALSE; 
       filter.pfatType = PFADDRESSTYPE.PF_IPV4; 
       filter.dwProtocol = PROTOCOL.TCP; 

       int iSrcAddr = lLocalIp; 
       int iSrcMask = lIpFromString("255.255.255.255"); 
       filter.wSrcPort = 0; 
       filter.wSrcPortHighRange = 0; 

       int iDstAddr = lIpFromString(hostDetail[0]); 
       int iDstMask = lIpFromString(hostDetail[1]); 
       filter.wDstPort = int.Parse(hostDetail[2]); 
       filter.wDstPortHighRange = int.Parse(hostDetail[2]); 

       unsafe 
       { 
        filter.SrcAddr = &iSrcAddr; 
        filter.DstAddr = &iDstAddr; 
        filter.SrcMask = &iSrcMask; 
        filter.DstMask = &iDstMask; 
       } 
       // add filter to interface (both inbound and outbound) 
       result = IpPacketFilter.PfAddFiltersToInterface(interfaceHandle, 1, ref filter, 1, ref filter, ref filter); 

       if (result != 0) 
        return false; 
      } 
     } 
    } 
    return true; 
} 

}

Answer 1

快速搜索後，我發現這一點：PfRemoveFiltersFromInterface。這似乎完全符合你的要求。