OSI seven layer model structure diagram implemented by Windows

Source: Internet
Author: User

Friends who are interested in network programming may have heard of the OSI seven layer model, and the next one is a diagram of the entire protocol implemented under Windows.

                 Implementation structure of the OSI seven layer model under Windows +-------------------------------+ |                  Ws2_32.dll |           +-------------------------------+ usermode |                  |           +-------------------------------+                  |                  Msafd.dll |   +-------------------------------+                          |                          System Call | |                File Operation |----------------------------------------------------------------------|                  |           +-------------------------------+                  |                  Afd.sys |         |                  \DEVICE\AFD | +-------------------------------+ Kernel Mode |                          File Operation |      |              IRP |                +----------------------------------------+              |      Tcpip.sys | (TDI layer)---Transport layer |       \device\tcp \DEVICE\UDP \device\rawip |   (Ndis Protocol)---network layer +----------------------------------------+ |                          Ndis Lib |                |                  |           +-------------------------------+                  |            K57xp32.sys |       (miniport)---link layer +-------------------------------+ |                                         Net Interface Card | ---physical layer +-------------------------------+

In simple terms, the implementation of Windows to the network part is divided into two parts, the user-state part and the kernel state part. The user-state part is the standard socket call, generally can be considered to have Ws2_32.dll and msafd.dll composition, Msafd.dll as a service provider, the main completion of the socket user layer code implementation, in the kernel-state socket implementation by Afd.sys Implementation, it mainly creates the device \device\afd to interact with the Msafd.dll to complete

Other operations such as the creation of sockets.

TCP/IP Protocol Transport Layer and Network layer implementation is completed in Tcpip.sys, it mainly completes two parts of the work, Transport layer implementation and Network layer implementation, in the transport layer to complete the TCP, UDP, RAWIP binding, connectivity and other functions, mainly to serve the afd.sys of the TDI command, Then go to the network layer, to complete the Routing and IP Packet composition, the network layer is equivalent to an Ndis protocol driver, generally speaking it will bind all the network card to listen and send IP packets.

Link layer on the author's computer is done by the K57xp32.sys driver, different network cards This driver may be different, it is equivalent to an NDIS miniport driver, and the NDIS protocol driver, is running in the NDIS library to create a running environment, mainly complete such as the composition of the intranet packet , operating the network card to send packets, and registering interrupts to receive packets and other information work.

The physical layer, of course, is implemented by the NIC hardware.

With the clear structure above, we have to develop some business will be very clear to know where it works, such as the TDI firewall, you can directly attach to the Tcpip.sys created several named Device objects, you can hear the Afd.sys sent down the TDI command, and then can intercept, some The socket creates, binds, sends and receives commands to complete the firewall's functionality. Of course, if others directly register a protocol driver, and then directly to the contract, then the firewall can not treat such operations to monitor, such as the direct sending ARP packets to the LAN, can cause attacks. But if your firewall is working on the top of the chain, that is, registering a middle-tier driver to complete the firewall, then you can intercept the operation I just assumed, so if an Ndis middle-tier driver completes the firewall function, it can have a greater scope of monitoring. For example, if you want to implement a virtual network card, then you can complete a Ndis small port driver, to allow other protocols to bind you, some applications can directly select the network card for data processing, you can do some special work.

In short, there are many flexible ideas, you can complete the multi-flexible function.

OSI seven layer model structure diagram implemented by Windows

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.