Re: NDIS/Networking Newbie
- From: "Stephan Wolf [MVP]" <stewo68@xxxxxxxxxxx>
- Date: 19 Mar 2007 03:03:51 -0700
Not sure whether an NDIS Filter (so called "intermediate" = IM) driver
is the right approach for you. AFAIK, process context is not available
at driver (i.e. kernel-mode) level. Also, a TDI solution might serve
you better, but I am not a TDI expert after all.
Some thoughts on NDIS:
First note that each Windows version/variant usually introduces some
NDIS features, which is reflected by an incremented NDIS version
number. For a short overview, see here:
http://msdn.microsoft.com/library/
Win32 and COM Development> Windows Driver Kit
> Device and Driver Technologies
> Network
> Design Guide
> Introduction to Network Drivers
> Network Driver Programming Considerations
> NDIS Versions in Network Drivers
[Currently, this URL points there, but unfortunately MS is either
unwilling or unable to provide stable URLs for MSDN library contents:
http://msdn2.microsoft.com/en-us/library/aa938306.aspx]
Although MS propagates NDIS 6 should be used for Vista, this
unfortunately also means this NDIS driver will not run on any previous
Windows version/variant.
Thus, you might want to consider writing an NDIS 5 driver, because it
will run on all of Windows 2000, XP, 2003, and Vista (and even on
Windows 98/ME).
1. Should I be writing a filter driver similar to passthru?
An NDIS Filter intermediate (IM) driver implements a 1:1 relation
between a protocol and a network adapter (=miniport) driver. It thus
usually only "filters" the packet flow between some protocol and some
adapter. A MUX IMs can implement other relations as well, i.e. 1:n, n:
1, and even n:n. Packets can be redirected from/to any protocols and
adapters in any way. A MUX IM however requires a more complex design
and implementation (e.g., a so-called Notify Object user-mode program
is usually also required).
2. Is it possible to capture process context for each outbound packet or is
the process context arbitrary?
Not sure but AFAIK you will not be able to get any originating process
context information at driver level. I might be wrong here.
3. The WDK and DDK docs hint that passthru may not be suitable for a
production driver. Is there anything significant missing from it?
Well, passthru simply does "nothing". Many people have used it as a
starting point for their production IM drivers.
HTH, Stephan
---
On Mar 19, 10:29 am, "Carl Woodward" <pppooiiiu...@xxxxxxxxxxxxxx>
wrote:
Dear all,
I am just beginning to start looking at NDIS and Networking and am
reasonably comfortable with the principles but am constantly confusing
myself and have found some of the NDIS documentation too technical. I guess
what I am looking for is an overview. Are there any resources on the
Internet that I can look at?
My first goal is to write a filter driver that captures all network activity
and the process context for the network request. I am principly interested
in TCP/IP connections but being able to filter all network traffic for all
adapters is my ultimate goal. My target platforms are XP, 2K3 and Vista.
Just to make sure that I am not wasting a vast amount of time, I am hoping
NDIS experts on here can set me straight on a few questions:
1. Should I be writing a filter driver similar to passthru?
2. Is it possible to capture process context for each outbound packet or is
the process context arbitrary?
3. The WDK and DDK docs hint that passthru may not be suitable for a
production driver. Is there anything significant missing from it?
Many thanks for any responses!
Carl
.
- Follow-Ups:
- Re: NDIS/Networking Newbie
- From: Carl Woodward
- Re: NDIS/Networking Newbie
- References:
- NDIS/Networking Newbie
- From: Carl Woodward
- NDIS/Networking Newbie
- Prev by Date: NDIS/Networking Newbie
- Next by Date: Re: Vista bug in safe-removal of CardBus
- Previous by thread: NDIS/Networking Newbie
- Next by thread: Re: NDIS/Networking Newbie
- Index(es):
Relevant Pages
|
