Using API
The network hooking driver must be installed on target system as described in
Installation topic.
API library has two interfaces for using from C++ and C code, switched by defining
the symbol _C_API. It is possible to link with API code statically or use it as
a DLL. The correspondent project configurations are described in
Configurations section. Use DLL with C interface in Delphi, CBuilder and
other environments that support linking with DLLs. Use nfapinet wrapper over
C++ API from .NET code.
By default the driver allows all network activity and bypasses the data packets
without filtering. It notifies API about creating and closing TCP connections and
UDP sockets, but doesn't allow filtering the transmitted data. The client application
must create one or more rules using the driver API to specify what network activity
must be filtered. For example it is possible to create a rule with all zeros except
filteringFlag set to NF_FILTER, and the driver will indicate the transmitted data
for all TCP connections and UDP sockets.
The driver breaks all filtered TCP connections and returns back to "bypass all" mode after expected or unexpected close of the attached process.
Only one process can use the driver API at the same time. It is possible to register additional instances of the driver with different names in case if several processes must be able to filter the network activity on the same system. See
Installation section for details.
Usage scenarios
C++:
- Implement the methods of
NF_EventHandler
by defining a class derived from this interface.
- Initialize API with a call to
nf_srv_init, specifying
the driver name and the pointer to an object of class derived from NF_EventHandler.
- Add the filtering rules using
nf_srv_addRule.
- Handle API notifications in overridden NF_EventHandler methods. The library calls
these methods from a separate thread, so synchronization is required in case if the
same data are simultaneously accessed from the other threads. It is possible to
save the copies of indicated data buffers and send the filtered data back to destination
from any thread later.
- To remove the rules from driver and disable filtering new connections call
nf_srv_deleteRules. The library continues indicating events for active TCP connections
in this case until they close, because the filtering flag is assigned when a connection
is establishing, and remains active during the connection lifetime.
- Call
nf_srv_free to detach from driver.
Sample code: samples\PassThrough
C:
- Define the symbol _C_API before including nfsrvapi.h and link with the correspondent
build of nfsrvapi.lib. Also it is possible to load the library nfsrvapi.dll dynamically
and use the exported functions via GetProcAddress.
- For C projects NF_EventHandler is defined as a structure with the pointers to
event handler functions.
Everything else is the same as for C++.
Sample code: samples\PassThrough_c
Delphi, CBuilder:
- Include nfsrvapi.pas from samples\Delphi\include folder.
- Fill the structure NF_EventHandler with the pointers to event handler functions
and pass the pointer to nf_srv_init.
Everything else is the same as for C++.
Sample code: samples\Delphi\SrvPassThrough
.Net:
- Add a reference to class library nfsrvapinet from samples\CSharp\nfsrvapinet. This is
a managed wrapper over C++ API that exports the managed analogue of nfapi interface.
- Implement NF_EventHandler interface and use the static functions of NFSRVAPI class
to filter the network data.
Sample code: samples\CSharp\SrvPassThrough