NDIS or TDI for packet redirection to a local proxy

StackOverflow https://stackoverflow.com/questions/2785059

  •  03-10-2019
  •  | 
  •  

Question

I need to develop a transparent filter to redirect outgoing HTTP packets to a local proxy, to do transparent content filtering.

Which is the best technology to do it, TDI or NDIS IM?

My main constraint is to avoid conflicts with antivirus software, which also do some kind of packet redirection to inspect HTTP content (I don't know whether antivirus programs use TDI, NDIS IM, or both).

Rather than writing the driver myself, actually, I'm also considering two commercial SDKs for packet filtering/modification: one uses a TDI driver while the other uses a NDIS IM driver, so that's the origin of my question (I was only aware of NDIS IM, before looking at the two SDKs).

Was it helpful?

Solution

NDIS IM gives you access to packets.

If you're redirecting to a proxy you probably are doing this at the connection (TCP) level, in which case this would be a lot of work at NDIS IM level, since you'd need to implement a full TCP stack to deal with retries, sequencing etc.

So I would look more into TDI or WFP (depending on target OS).

Most AV I know of use LSP for this as well, which is a winsock filtering layer. So TDI would be well below this, and also capture apps that don't use windows sockets for TCP/IP (such as explorer, SMB clients etc).

OTHER TIPS

I found this software to do this. His software usae NDIS IM

http://www.softperfect.com/products/bandwidth/

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top