ProtocolFilters is a library that classifies data packets provided on input, detects high-level protocols and allows filtering the classified objects. It is designed to work with NetFilter SDK API, but also can be used for parsing and filtering the network packets obtained from other sources. The library has a simple API, which can be used from C/C++/.NET/Delphi code.
- The library supports filtering outgoing HTTP, POP3, SMTP, SSL, FTP, NNTP, ICQ, XMPP and raw data.
- The protocol is detected automatically by analyzing the first packets. Unsupported protocols are bypassed automatically. It is possible to allow the library to classify all outgoing network traffic and filter only classified protocols.
- Proxy filter detects HTTPS, SOCKS v4/4a/5 proxies, including chained requests.
- HTTP filter decodes the transmitted requests and responses, and allows filtering plain de-chunked and uncompressed HTTP data. It is possible to bypass the filtering or block some request or response by analyzing the initial bytes of transmitted content.
- SSL filter decodes SSL v2/3 and TLS by generating a local certificate for each domain.
- The filters for POP3, SMTP and NNTP protocols allow filtering the incoming and outgoing mail and news messages.
- FTP protocol filter allows monitoring and modifying FTP commands, responses and
- ICQ filter classifies OSCAR protocol, allows monitoring/modifying/blocking chat
messages, file transfers and other data.
- XMPP filter allows monitoring/modifying/blocking Jabber commands and responses.
- It is possible to filter the unclassified content as raw buffers.
- The filtering chain with protocol filters is created dynamically for each new connection. It is possible to apply different chains of filters with different filtering flags for the connections, after analyzing connection properties: process identifier, name and owner, local and remote addresses/ports.