NDIS 5/6 intermediate filter driver

StackOverflow https://stackoverflow.com/questions/8833914

  •  15-04-2021
  •  | 
  •  

Question

Background: I need to create an NDIS filter intermediate driver. This driver will pass all traffic while collecting metadata (primarily timing information). The driver will export this information to a user application by inserting its own packets containing the metadata and passing them up the stack.

My question is regarding NDIS versions. Eventually, I will have to write a driver for both Windows XP and 7. However at the moment, I will only be implementing one of these as a proof of concept/prototype. I know that in NDIS 6 they split the filter functionality out from generic intermediate drivers into a separate driver type (lightweight filter) in order to simplify the creation of filter drivers. Microsoft provides examples of passthrough filter drivers in the DDK for both NDIS 5 and 6. I've been looking at these examples and the NDIS 6 LWF only looks somewhat simpler (although admittedly, I'm still new to Windows driver development).

All other things equal, it would be better to support Win XP first (larger installed base, easier access to test machines, etc). However, if NDIS 6 lightweight filters would make for faster/easier development, I might be better off implementing the Win 7 driver first.

In short: In your experience has NDIS 6 noticeably simplified filter driver development compared to NDIS 5?

Thanks for any input.

Was it helpful?

Solution

Yes, from the implementation aspect, NDIS 6.0 filter driver is easier then NDIS 5.x IM driver, but not much.

The major differences are the hook interfaces and data encapsulation: NDIS_PACKET vs NET_BUFFER_LIST. But it is not difficult to convert them to your private network data descriptor. You can use the WDK sample code(passthru and filter) for the hook part, then design your internal common interface to handle the private network data descriptor for both IM and LWF driver.

OTHER TIPS

If you just want to modify the WDK sample drivers, then perhaps the NDIS 5 IM is not too much work. I'm not familiar with NDIS 6 LWF drivers so can't comment.

Alternatively use a user-mode package such as WinDivert or WinPktFilter to create a proof-of-concept prototype. This might be easier than driver development. Disclosure: I authored WinDivert

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top