RushPacketFilter is more than just a firewall development kit for Windows. With RushPacketFilter you can make an application that inserts itself into the Windows network stream: custom firewall solution, internet connection sharing (NAT), IP shaper, VPN and many other low-level network solutions completely in user-mode using your favorite development environment: Visual C++, Delphi, Visual Basic, C++ Builder and etc.

 Using RushPacketFilter requires no experience in kernel mode programming on your behalf since RushPacketFilter provides you with powerful user level API. However, if you need to implement your solution (to achieve better performance) in kernel mode you can use well-documented raw IOCTL interface as well.

System requirements:

Windows 95, 98, ME, NT 4.0, 2000, XP, Vista, Server 2003, XP x64, Server 2003 x64, Vista x64*

Supported connection types:

RushPacketFilter supports Dial-Up connections (Analog modem, ISDN modem), Ethernet (LAN and WLAN) connections, Cable/DSL modem using DHCP or "PPP over Ethernet" (EnterNet, RasPPPoE, WinPoET).

Product features:

• The easiest way to develop and debug packet filtering/modifying communication applications such as firewalls, sniffers, internet connection sharing, VPN, etc.
• SMP safe.
• Full portability to all Windows platforms due to the common API.
• Operates on RAS/PPP adapters
• Complete source code for sample applications (projects for MS Visual C++, MS Visual Basic, Borland Delphi and C++ Builder) and wrapper API DLL is available. Source code for helper drivers supplied when you purchase Source Code License ONLY.
• Passive network listening and active filtering (with possible packet modification) modes
• Interface for sending RAW Ethernet packets to network interface (originated by MSTCP) or to MSTCP
• Supports MTU decrement (allows you to set system-wide MTU decrement). This option is required if you plan to add additional headers to IP packets (implement IP in IP packet tunneling, IPSEC based VPN and so on).
• Helper routines in ndisapi.dll for converting internal (NDIS level) network interface names to the user friendly ones (the names you see in Network connections properties)
• Helper drivers are based on NDIS-hooking technology. You can read more about this technology here. Windows x64 driver is based on NDIS intermediate driver.

Applicability \ Usage scope:

• User-mode firewall solutions. That’s right! RushPacketFilter allows implementing a firewall completely in user-mode. This is not recommended for high speed connections (over 100Mbit) since filtering network packets in user-mode decreases network performance up to 30-40%, but it is quite useful for dial-up, DSL or even 100MBit Ethernet connections.
• Kernel-mode firewall solutions. You can use RAW IOCTLs for calling helper driver from your kernel mode driver. This requires kernel-mode programming skills while eliminating performance degradation caused by redirecting packets from kernel mode to user mode and back.
• Internet Connection Sharing (Network Address Translation) that can be implemented both in user and kernel modes.
• VPN solution (IPSEC an example) that can also be implemented both in user and kernel modes.
• Packets tunneling. Example: packets captured from the network (or from MSTCP) delivered into the user mode and tunneled to the remote system inside SSL stream. Remote system can indicate them to MSTCP (or send over network) after extracting packets from the SSL stream. Classic approaches like ‘IP in IP’ can also be implemented.
• Packet sniffer. You can inspect all packets sent to (received from) MSTCP.
• IP shaping solutions (when you need to limit bandwidth for Internet users).
• Network traffic count solutions.
• Wireless Firewall Gateways.

x86 package includes samples for various 32 bit development environments (Microsoft Visual C++, Borland C++ Builder, Borland Delphi, Microsoft Visual Basic). Due to lack of native 64 bit development environments x64 samples are limited to Visual Studio 2005 ones. These samples also include sources for building these samples from command line using Microsoft Optimizing Compiler for AMD64 (available as a part of DDK). Important note, x64 driver can be called from native 64 bit code only (this limitation caused by structures used for application/driver data exchange). You still can use you favorite 32 bit development tools for making GUI but packet processing core code must be 64 bit (we are aware only about C/C++ 64 bit compilers at the moment). An example, you can develop packet filtering core as 64 bit NT service and create a GUI which runs in the separate 32 process. Also, you may need to rebuild NDISAPI.DLL because different x64 compilers may use different C++ names decoration.

Please note, that installed third-party firewall software may limit samples functionality.

RushPacketFilter Advanced Samples:

Since some of of RushPacketFilter customers are interested in the more functional samples than the basic ones we had started development of Advanced RushPacketFilter Samples series. All these samples binaries are released as freeware, but the source code is available to registered RushPacketFilter customers only. Currently available samples are:

• Internet Gateway - implements simple single threaded TCP and UDP dynamic NAT, what allows you to share the single Internet connection over your home network providing the major Internet services (e-mail, WWW and etc...). All registered RushPacketFilter customers can download the source code for this sample.
• Ethernet Bridge - implements MAC level bridging of TCPIP bound network interfaces. It can be used, an example, with OpenVPN in its bridging mode, especially with the server-end running on a Windows 2000 machine (which misses native bridging available since Windows XP) or just for bridging wireless and wired Ethernet when IP address space can't be divided into subnets. Only RushPacketFilter Source Code licensees are eligible for the source code for this application because it includes the source code for the RushPacketFilter kernel mode component.

Be first to comment this article

Only registered users can write comments.
Please login or register.