none
Can I bypass TCP/IP processing by develop protocol driver? RRS feed

  • Question

  • Hi, I'm yonghyeok

    I am developing my own communication mechanism without passing TCP/IP processing.

    For this mechanism, I have to develop new network driver. 

    What I wonder is can I bypass TCP/IP processing by develop windows protocol driver and miniport driver?

    If can, How can I forward to windows socket function(related INET) to my protocol driver?

    Thank you.


    Wednesday, July 22, 2015 8:19 AM

Answers

  • Yes, you can still write your own protocol driver (usually referred to in the docs as a Transport Driver). If you implement the TDI (Transport Driver Interface) APIs on the upper edge, WinSock will be able seamlessly access your driver. The docs are here. You will not need to implement a miniport driver, because the lower edge of your protocol driver will be NDIS; so it will work with any miniport.

    I've written a few protocol drivers for clients, and it is a lot of work.

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    Wednesday, July 22, 2015 7:10 PM
    Moderator

All replies

  • Yes, you can still write your own protocol driver (usually referred to in the docs as a Transport Driver). If you implement the TDI (Transport Driver Interface) APIs on the upper edge, WinSock will be able seamlessly access your driver. The docs are here. You will not need to implement a miniport driver, because the lower edge of your protocol driver will be NDIS; so it will work with any miniport.

    I've written a few protocol drivers for clients, and it is a lot of work.

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    Wednesday, July 22, 2015 7:10 PM
    Moderator
  • Thank you for answer!

    Then, Can I get some example code (or templates) about TDI APIs?

    And how can I implement driver for WinSock will be able to seamlessly access my driver.

    Thank you.

    Thursday, July 23, 2015 5:18 AM
  • The TDI sample was removed from the WDK around the Vista time frame, because Microsoft has decided that TCP/IP has won the network protocol wars and the Windows network stack was re-written to be TCP/IP-centric. If you track down an old DDK (Device Driver Kit; the old name for the WDK), there is a sample with a TDI interface. In the current WDK there is a sample known as NDISPROT, which is an NDIS 6 protocol driver with an IRP interface on the upper edge (not TDI). NDISPROT allows sending and receiving raw Ethernet frames.

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    Thursday, July 23, 2015 5:25 PM
    Moderator