Implementing many kinds of network filtering applications is easier with NetFilter SDK and ProtocolFilters
NetFilter SDK is a framework for transparent filtering the data packets transmitted via network on Windows. This is a high performance proxy-less solution, compatible with antiviruses/firewalls/other network filters. Also it includes server side components, allowing to filter TCP/UDP on a gateway.
Key features:
● The solution allows filtering incoming/outgoing TCP connections and UDP datagrams in user mode application. It is possible to filter the specified subset of connections/datagrams, restricted by filtering rules. The outgoing TCP connections can be redirected to different address.
● The filtering is fully transparent, because the driver allows viewing and changing TCP/UDP data without redirecting the traffic to proxy and modifying the addresses. There are no conflicts with antiviruses, firewalls and other filters.
● The filtering driver operates on transport level, in front of TCP/IP stack. In effect it automatically supports all kinds of TCP/IP capable network adapters: Ethernet, Dial-up/DSL/Cable modems, wireless adapters including Wi-Fi and Bluetooth, virtual adapters like loopback or VPN.
● Both IPv6 and IPv4 are supported.
● The process context (as process identifier) is available for all network activity.
● The driver user level interface (API) is easy in use, but powerful. There is no need to deal with the packet headers (like in NDIS level packet filters) or complicated WinSock interfaces.
● There are no problems with the high-speed connections, because the driver operates on transport level, between the applications and TCP/IP stack. It is possible to control the speed of data transmission.
● TDI filter driver works similarly on 32-bit and 64-bit Windows operating systems starting from Windows NT. WFP filter driver works on Windows 7/8/2008/2012. On Windows 8 TDI level filters are disabled for Metro applications. WFP level driver filters all processes, including Metro applications running in AppContainers.
● The same API is used with both TDI and WFP drivers. It is possible to use 32-bit API with 32-bit or 64-bit driver.
● WFP driver allows filtering any IP based protocols (e.g. ICMP).
System requirements:
Windows
XP/2003/2008/2012/Vista/7/8/10, x86/x64.
NetFilter SDK is a framework for transparent filtering the data packets transmitted via network on Windows. This is a high performance proxy-less solution, compatible with antiviruses/firewalls/other network filters. Also it includes server side components, allowing to filter TCP/UDP on a gateway.
Key features:
● The library supports filtering outgoing HTTP, POP3, SMTP, SSL, FTP, NNTP, ICQ, XMPP and raw data.
● The protocol is detected automatically by analyzing the first packets. Unsupported protocols are bypassed automatically. It is possible to allow the library to classify all outgoing network traffic and filter only classified protocols.
● Proxy filter detects HTTPS, SOCKS v4/4a/5 proxies, including chained requests.
● HTTP filter decodes the transmitted requests and responses, and allows filtering plain de-chunked and uncompressed HTTP data. It is possible to bypass the filtering or block some request or response by analyzing the initial bytes of transmitted content.
● SSL filter decodes SSL v2/3 and TLS by generating a local certificate for each domain.
● The filters for POP3, SMTP and NNTP protocols allow filtering the incoming and outgoing mail and news messages.
● FTP protocol filter allows monitoring and modifying FTP commands, responses and transmitted data.
● ICQ filter classifies OSCAR protocol, allows monitoring/modifying/blocking chat messages, file transfers and other data.
● XMPP filter classifies Jabber protocol, allows monitoring/modifying/blocking chat messages, file transfers and other data.
● It is possible to filter the unclassified content as raw buffers.
● The filtering chain with protocol filters is created dynamically for each new connection. It is possible to apply different chains of filters with different filtering flags for the connections, after analyzing connection properties: process identifier, name and owner, local and remote addresses/ports.
System requirements:
Windows
XP/2003/2008/2012/Vista/7/8/10, x86/x64.
Linux, Mac OS
The solution allows filtering TCP connections and allow/block UDP datagrams in user mode applications. It is possible to filter the specified subset of connections/datagrams, restricted by filtering rules. The outgoing TCP connections can be redirected to different address.
Key features:
● The solution allows filtering TCP connections and allow/block UDP datagrams in user mode applications. It is possible to filter the specified subset of connections/datagrams, restricted by filtering rules. The outgoing TCP connections can be redirected to different address.
● On Linux the filtering uses iptables, on the top of TCP/IP stack. On Mac OS a kernel extension filters TCP/UDP traffic and redirects TCP to a local proxy. In effect it automatically supports all kinds of TCP/IP capable network adapters: Ethernet, Dial-up/DSL/Cable modems, wireless adapters including Wi-Fi and Bluetooth, virtual adapters like loopback or VPN.
● The process context (as process identifier) is available for TCP network activity.
● The API is easy in use, but powerful.
● It is possible to use the solution with ProtocolFilters to filter HTTP, SSL(TLS) and other high level protocols.
● On Linux it can be used on a router machine to filter the forwarded TCP traffic from all devices using the machine as a gateway.
System requirements:
Linux, Mac OS
© All Rights Reserved QAST Software Group