For example, the PassThru example shows a SetPacketEvent call but no way to understand how to use this event… or the various modes, or the “SendPacket” operations.
SetPacketEvent registers an event object within the driver. This event is signaled by driver when packet queue is non empty, by other words you have packets to read from the driver.
For your project you can be only interested in tunnel modes, because listen mode does not allow to drop or modify packets.
SendPacketXXX/SendPacketsXXX re-inject packets back into the network stack.
My goal is to create a Gateway service to examine combinations of several variables (all read from a file):
– Client IP Address (static or wildcard)
– Client MAC Address (static or wildcard)
– Destination IP Address (static or wildcard)
– Destination Port (static or wildcard)
The service must either drop the packet(s) or pass them along to the external interface.
Such simple functionality can be implemented on top of built-in WinpkFilter static filters. For the sample usage of these filters please refer FILTER.CPP (C++ Filter sample).
If you prefer to filter packets on your own then the basic start point for your application is PassThru sample. When you want to to drop the packet after examination just don’t call SendPacketXXX for this packet and continue the loop.