macht der tdi_fw treiber das selbe wie
drvfltip.
in der readme von tdi_fw steht:
Zitat:
TdiFw now can use filter-hook driver in Win2k (XP, 2003) to get packets
and check them against state table.
"ipfilterdriver" driver must be started before "tdifw" service.
der drvfltip driver basiert ja auch auf den ipfilterdriver.
weil dann hab ich nämlich folgende probleme, wenn ich eine solche art von treiber nehme:
Zitat:
Result: Filter-Hook Driver isn't the best in nothing, but it hasn't bad characteristics. However why this method isn't used in commercial products?
The answer is simple. Although this driver hasn't bad characteristics it has a great disadvantage, too. As I mentioned this before, only one filter function can be installed each time. We can develop a great firewall, it can be downloaded and installed by thousands of users but if other applications use this filter (and installed the filter function before) our program won't do anything.
This method has another disadvantage not documented by Microsoft. Although
DDK documentation says that you can
access packet content in filter function, it's not real. You can
access packet content for received packets but for sent packets you can only read
IP and
TCP, UDP or ICMP header. I don't understand why...
Microsoft introduced another type of driver without this limitation in Windows XP: firewall-hook driver. Its installation is very similar, but Microsoft doesn't recommend its use because "it ran too high in the network stack". Maybe this driver will disappear in later Windows versions.