Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

How does a NDIS intermediate driver work with respect to the TCP/IP stack?

32 views
Skip to first unread message

void.no....@gmail.com

unread,
Mar 3, 2007, 2:47:04 AM3/3/07
to
I'm running the CHX-I packet filter on Windows 2000, and I am looking
to get a better idea of how it works. I'm hoping you guys can help
me.

One of the CHX-I developers said the following about it:
"The central piece of this new architecture is the Chx IM driver,
which is an NDIS intermediate driver, placed between miniport drivers
(network interface drivers) and protocol drivers."

Can anyone tell me where the NDIS intermediate driver sits with
respect to the TCP/IP stack? Who intercepts incoming packets first --
the NDIS intermediate driver or the TCP/IP stack? If the NDIS
intermediate driver intercepts them first, then will it hand the
packets to the TCP/IP stack after processing them, or is the TCP/IP
stack out of the picture?

Anton Bassov

unread,
Mar 3, 2007, 3:38:00 AM3/3/07
to

> Can anyone tell me where the NDIS intermediate driver sits with
> respect to the TCP/IP stack?

TCPIP is a protocol driver. Therefore, NDIS IM is below TCPIP on the network
stack...

> Who intercepts incoming packets first --the NDIS intermediate driver
> or the TCP/IP stack?

As you must have understood, NDIS IM sees incoming packets first.....

> If the NDIS intermediate driver intercepts them first, then will it hand the
> packets to the TCP/IP stack after processing them, or is the TCP/IP
> stack out of the picture?

It depends on NDIS IM objectives......

It may choose to pass a packet to TCPIP as it is, or to modify (for example,
decrypt) it, or not to pass it up the stack at all...

Anton Bassov

Stephan Wolf [MVP]

unread,
Mar 3, 2007, 6:09:11 AM3/3/07
to
There are two types of NDIS intermediate (IM) drivers: Filter IM and
MUX IM. In your case, this is most probably a Filter IM.

A Filter IM sits between the network card driver (NDIS miniport) and
all protoccol drivers on top of the miniport. But the protocols think
they are still directly bound to the network card's miniport driver.
The protocols do not know that there is some Filter IM that sits
between them and the miniport.

The Filter IM sees all packets going back and forth between the
miniport and the protocols. The Filter IM can then choose to delete
packets, insert packets, or (copy and then) modify packets in any way
it wants.

Stephan
---
On Mar 3, 8:47 am, "void.no.spam....@gmail.com"

Maxim S. Shatskih

unread,
Mar 4, 2007, 4:54:58 PM3/4/07
to
> Can anyone tell me where the NDIS intermediate driver sits with
> respect to the TCP/IP stack?

Between TCP/IP and network card driver.

--
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
ma...@storagecraft.com
http://www.storagecraft.com

0 new messages