Приветствую,
ниже идёт описание на английском, в двух словах, нужен NDIS 5 драйвер, который не будет делать ничего, кроме того, что задействует сам NDIS 5, зарегистрирует нужные коллбеки в ядре, сможет заполнить указанные внизу структуры и вовремя вызвать сопутствующие методы. Нужно разрешать или запрещать соединения/пакеты в зависимости от возвращаемого значения и следить за разрешёнными соединениями, фиксируя время начала и окончания, сколько байтов было передано в обоих направлениях, идентификатор и имя процесса и данные самого соединения. Нужно учитывать, было ли это состоявшееся соединение или лишь предпринятое.
Вознаграждение: $600
Просьба внимательно отнестись к
Acceptance criteria.
Спасибо.
Job description
Implement a Windows 2003/XP NDIS 5 driver that:
— can permit or deny TCP, UDP and ICMP connections according to a certain criteria
— can track connections and capture their start and end times and payload statistics (total bytes-in and bytes-out)
Skill requirements
— Solid programming background using C and/or C++ languages
— Experience developing NDIS 5 kernel drivers for Windows
— Microsoft toolsets: WDK, Visual Studio
— Driver troubleshooting and debugging skills
Prerequisites
Consider following code blocks:
typedef enum _packet_direction {
packet_direction_outbound,
packet_direction_inbound
} packet_direction;
typedef struct _Network_packet {
int64_t process_id;
packet_direction direction;
uint32_t src_ip;
uint32_t dst_ip;
uint16_t src_port;
uint16_t port;
uint16_t proto;
bool discarded;
} Network_packet;
— fully and precisely initialise Network_packet structure and call policy_classify function (below). Please note that direction and discardedmembers are as important as others.
— discarded — means connection was attempted but not established. WFP, which came to replace NDIS, has layers for discarded traffic, FWPM_LAYER_INBOUND_TRANSPORT_V4_DISCARD and FWPM_LAYER_OUTBOUND_TRANSPORT_V4_DISCARD, you need to figure out such functionality in NDIS 5. In WFP, you register your call-backs for layers you need and that gives idea about packet direction.
typedef enum _firewall_action {
firewall_action_permit,
firewall_action_deny
} firewall_action;
firewall_action policy_classify(const Network_packet* packet)
{
switch (packet->proto) {
case IPPROTO_TCP:
return firewall_action_permit;
case IPPROTO_UDP:
case IPPROTO_ICMP:
retutn firewall_action_deny;
default:
return firewall_action_deny;
}
}
— Interpret action returned by policy_classify function accordingly and make NDIS 5 engine block and permit connection. For example, we can assume that policy_classify will block all non-TCP traffic and allow TCP only.
— When connections are closed driver must populate Connection_info structure which includes original packet and extra fields describing connection times and byte stats.
typedef struct _Connection_info {
struct Network_packet packet;
int64_t bytes_in;
int64_t bytes_out;
int64_t time_start;
int64_t time_end;
wchar_t process_name[64];
} Connection_info;
— process_nameis name of the process that sends or receives the packet
— when connection is created/started Connection_info instance is allocated, time_start (current UTC time in milliseconds) and process_name values are assigned
— while tracking the connection driver must maintain bytes_in and bytes_out values
— when connection is closed driver set time_end value using system time milliseconds (UTC)
void connection_add(struct Connection_info* conn_info)
{
assert(conn_info!= NULL);
}
Acceptance criteria
We will only accept your work if the driver complies the following requirements:
— compiles with Visual Studio 2019 or WDK 7.1 toolset
— has comprehensive step-by-step guide about how to build and deploy the driver
— populates Network_packet fully and properly using NDIS structures
— considers policy_classify return value to permit or deny connections
— tracks connections and calls connection_add with properly populated Connection_info structure (original packet, start and end times, bytes in, bytes out and process name)
— clear and well-commented code structure that contains references to online documentation about used APIs and data structures
