| This paper mainly discusses the design and the implementation of the personal firewall based on Windows 2000 Operation System. According to my reference ,there are many schemes for the personal firewall technology and each has its own advantages and disadvantages. A new double filtering packet based on kernel and user mode scheme is presented in this paper with the development of the personal firewall technology:In the kernel mode,we develop the network driver program to implement the raw net packet capturing through the NDIS HOOK technology,and also we accomplish the net packet filtering according to the control canal rules,in the user mode, we develop the dll program to implement the services based on Socket capturing and filtering through the WinSock2 SPI technology,thereby we overcome the shortcoming during caputuring packet by kernel mode or user mode only,greatly improve the system security nature.During the development ,we adopt the soft design idea of the structure and modularize, therefore improve the transplantation and agility of the system. As a whole the system may compart three modules:NDIS drivers in the kernel mode, the dll program in the user mode and the user application program, adopting the share memory technology three modules realize the data share of the control canal rule, the encapsulation data and the network neiborhood name and so on ,so we can easily finis1' the packet authentication by the control canal rule, improve the filtering efficiency of the system.Whereas the current of firewall technology,the system has wide utily value and business value.This software is based on Windows 2000 Operating System, the programming language is chosen as Visual C++ 6.0 and Win2000 DDK.
|
PDF Full Text Request