|
|
|
|
NDIS
Filter Driver
Sample Collection
|
 | Packet Redirection - Where the NDIS filter driver observes and redirects (routes) packets to an application or different network destination. | ||||
| Packet Monitoring - Where the NDIS filter driver observes and records data as it is exchanged between the transport and the miniport. | ||||
| Encryption - Where the NDIS filter driver is used to encrypt and decrypt data as it is exchanged between the transport and the miniport. | ||||
| Packet Filtering - The ability to intercept and
possibly alter the flow of packets between the higher-level transport and lower-level NIC
drivers.
| ||||
| Packet Impairment - Where the NDIS filter driver is used to impair packets (e.g., drop, delay, etc.) for testing purposes. |
The collection includes the sample drivers described on this page plus additional samples as they are provided. The sample drivers can be licensed to developers to be use as a starting point for their own development or simply for educational purposes. The sample drivers are intended to illustrate current Windows NDIS filtering technologies including:
| NDIS 5 Intermediate (IM) Filter Drivers (Windows XP) |
| NDIS 6 Lightweight Filter (LWF) Drivers (Windows Vista and higher) |
| Common API transparently supporting NDIS 5 and NDIS 6 drivers. |
| Driver builds using current Windows Driver Kits (WDKs). |
| Application build using current application development tools (Visual Studio 2008) |
| Improved documentation |
It is PCAUSA' intention to provide a series of NDIS filter samples with each focusing on different filtering functions.
PCAUSA sample driver products are provided with a one-time royalty-free license that is intended to allow customers to derive their own products using all or parts of the samples.
The royalty-free license applies strictly to the distribution of product in binary (executable) form. There are quite naturally restrictions on distribution of sample source code. In addition, the one-time fee includes a limited period of free technical support and product updates.
The NDIS filter samples that are currently available include:
| IP Packet Redirector - Conceptually this driver provides a way to insert a user-mode application into the Windows network stack for IPv4 and ARP packet filtering. |
| NDIS Interface Impairment Generator - This sample illustrates techniques for dropping and delaying packets and for editing IP header data in a NDIS 6 LWF. |
| Watch This Space... - Samples illustrating tunneling and encryption are under development!!! |
Conceptually the IP Packet Redirector is simple. It provides a way to insert a user-mode application into the Windows network “stack” in a way that allows it to examine and modify each IP packet being sent or received by the Windows host. This sort of driver can ne described as a "NDIS tap". The concept is illustrated in below:
Figure 1 - IP Packet Redirector Conceptual Block Diagram
Using the IP Packet redirector all IPv4 and ARP filtering is performed in the comfort and safety of a user-mode application. Network packets are represented as simple "flat" byte arrays that include each packet's Ethernet header and payload. Packet I/O is performed using normal Win32 ReadFile and WriteFile APIs.
The primary limitation of the IP Redirector is bandwidth. The process of looping incoming and outgoing packets through user-mode consumes processor resources. What has been found is that the IP Redirector can be very effectively used to filter lower-bandwidth interfaces. For example, on 10Mbps links the process of looping all inbound and all outbound IPv4 and ARP packets through a user-mode application imposes only small additions to processor loads and no noticeable degradation in throughput.
This means that the IP Redirection approach may be appropriate for use in filtering/optimizing on WAN links such as satellite links, 4G and DSL.
Use of the user-mode IP Redirection technique on server platform high-performance interfaces (RSS, Chimney Offload, etc) would not be appropriate.
[More
Information on the IPRedir NDIS Filter Driver Sample...]
| Random Packet Drop on Send and Receive Paths |
| Send and Receive Packet Delay in 1 millisecond (approximate...) Increments |
In addition the generator is capable of editing the IP header TTL (IPv4) or hop limit (IPv6) fields on outgoing packets:
| Set TTL to Specified Value |
| Decrement TTL by Specified Value |
This tool may be useful to some as-is. In addition, it may be a point of departure for developing custom products.
Use of the impairment generator on server platform high-performance interfaces (RSS, Chimney Offload, etc) would not be appropriate.
[More Information on the NDIS Interface
Impairment Generator Filter Driver Sample...]
11/11/09
|
PCAUSA Home ·
Privacy Statement ·
Products ·
Ordering ·
Support ·
Utilities ·
Resources
|
