Windows Filtering Platform provides API to develop both Kernel mode and User mode network filter driver.
Is it possible to develop User mode Network filter driver on NDIS using Windows API?
Asked
Active
Viewed 409 times
2
Vadim Kotov
- 8,084
- 8
- 48
- 62
Avinash Kumar Ranjan
- 375
- 3
- 9
1 Answers
3
No.
Windows does not have the infrastructure to do NDIS-level filtering from within a usermode process. You can build it yourself: write an NDIS filter that forwards IOs to usermode, gracefully cope with timeouts and crashes, while making it both secure and fast. As I'm sure you can imagine, this is not a trivial task, and it's almost certainly easier to just build your solution entirely in a monolithic kernel driver.
This is a reasonable feature request! The NDIS team wants to have a usermode filtering model. However, our more immediate roadmap has a usermode NIC driver (NetAdapter). After that, we may be able to tackle usermode filtering. Unfortunately, that would be years away, so you probably can't just wait for us to get there.
Jeffrey Tippet
- 3,146
- 1
- 14
- 15
-
But NetAdapter rides on the WDF model. Won't the moving to it result in NDIS deprecation in the long term? – SomeWittyUsername Jun 05 '20 at 16:55
-
Yes or no, depending on you define "NDIS". The driver named NDIS.SYS will probably always be there behind the scenes, holding things together. But NIC drivers (and eventually, filter & protocol drivers) will probably consume fewer APIs named NdisXyz directly. Much like how WDF doesn't make the kernel or WDM obsolete. Already, we're gradually encouraging people to use fewer NDIS APIs (example: NdisCopyMemory -> RtlCopyMemory), which you could phrase as a gentle deprecation of small parts of NDIS. – Jeffrey Tippet Jun 06 '20 at 17:06