|
|
|
|
NDIS 5 Intermediate
and NDIS 6 Lightweight
|
 | Packet Redirection
- Where the NDIS filter driver observes and
redirects (routes) packets to an application or different network
destination. | ||||
| Packet Monitoring
- Where the NDIS filter driver observes and records data as it
is exchanged between the transport and the miniport. | ||||
| Encryption -
Where the NDIS filter driver is used to encrypt and decrypt
data as it is exchanged between the transport and the miniport. | ||||
| Packet Filtering - The ability to intercept and
possibly alter the flow of packets between the higher-level transport and lower-level NIC
drivers.
|
In June, 2003 PCAUSA released the NDIS 5 Intermediate Driver Samples For Windows 2000, Windows XP and Windows Server 2003. These NDIS 5 filter driver samples have served PCAUSA customers well for a long time.
The PCAUSA NDIS filter driver samples described on this page extend the original sample to support the current Windows platform technologies including:
| NDIS 5 Intermediate (IM) Filter Drivers (Windows XP) |
| NDIS 6 Lightweight Filter (LWF) Drivers (Windows Vista and higher) |
| Common API transparently supporting NDIS 5 and NDIS 6 drivers. |
| Driver builds using current Windows Driver Kits (WDKs). |
| Application build using current application development tools (Visual Studio 2008) |
| Improved documentation |
It is PCAUSA' intention to provide a series of NDIS filter samples with each focusing on different filtering functions. Each sample is a separate PCAUSA product and the samples are licensed intellectual property of PCAUSA.
PCAUSA sample driver products are provided with a one-time royalty-free license that is intended to allow customers to derive their own products using all or parts of the samples.
The royalty-free license applies strictly to the distribution of product in binary (executable) form. There are quite naturally restrictions on distribution of sample source code. In addition, the one-time fee includes a limited period of free technical support and product updates.
The NDIS filter samples that are currently available include:
| IP Packet Redirector - Conceptually this driver provides a way to insert a user-mode application into the Windows network stack for IPv4 and ARP packet filtering. |
| NDIS Interface Impairment Generator - This sample illustrates techniques for dropping and delaying packets and for editing IP header data in a NDIS 6 LWF. |
| Watch This Space... - Samples illustrating tunneling and encryption are under development!!! |
Conceptually the IP Packet Redirector is simple. It provides a way to insert a user-mode application into the Windows network “stack” in a way that allows it to examine and modify each IP packet being sent or received by the Windows host. This sort of driver can ne described as a "NDIS tap". The concept is illustrated in below:
Figure 1 - IP Packet Redirector Conceptual Block Diagram
Using the IP Packet redirector all IPv4 and ARP filtering is performed in the comfort and safety of a user-mode application. Network packets are represented as simple "flat" byte arrays that include each packet's Ethernet header and payload. Packet I/O is performed using normal Win32 ReadFile and WriteFile APIs.
The primary limitation of the IP Redirector is bandwidth. The process of looping incoming and outgoing packets through user-mode consumes processor resources. What has been found is that the IP Redirector can be very effectively used to filter lower-bandwidth interfaces. For example, on 10Mbps links the process of looping all inbound and all outbound IPv4 and ARP packets through a user-mode application imposes only small additions to processor loads and no noticeable degradation in throughput.
This means that the IP Redirection approach may be appropriate for use in filtering/optimizing on WAN links such as satellite links, 4G and DSL.
Use of the user-mode IP Redirection technique on server platform high-performance interfaces (RSS, Chimney Offload, etc) would not be appropriate.
[More
Information on the IPRedir NDIS Filter Driver Sample...]
| Random Packet Drop on Send and Receive Paths |
| Send and Receive Packet Delay in 1 millisecond (approximate...) Increments |
In addition the generator is capable of editing the IP header TTL (IPv4) or hop limit (IPv6) fields on outgoing packets:
| Set TTL to Specified Value |
| Decrement TTL by Specified Value |
This tool may be useful to some as-is. In addition, it may be a point of departure for developing custom products.
Use of the impairment generator on server platform high-performance interfaces (RSS, Chimney Offload, etc) would not be appropriate.
This is currently a Vista and later sample only. A NDIS 5 driver for pre-Vista platforms is not provided.
[More Information on the NDIS Interface
Impairment Generator Filter Driver Sample...]
11/11/09
|
PCAUSA Home ·
Privacy Statement ·
Products ·
Ordering ·
Support ·
Utilities ·
Resources
|
