Friends who are interested in network programming may have heard of the OSI seven layer model, and the next one is a diagram of the entire protocol implemented under Windows.
Implementation structure of the OSI seven layer model under Windows +-------------------------------+ | Ws2_32.dll | +-------------------------------+ usermode | | +-------------------------------+ | Msafd.dll | +-------------------------------+ | System Call | | File Operation |----------------------------------------------------------------------| | +-------------------------------+ | Afd.sys | | \DEVICE\AFD | +-------------------------------+ Kernel Mode | File Operation | | IRP | +----------------------------------------+ | Tcpip.sys | (TDI layer)---Transport layer | \device\tcp \DEVICE\UDP \device\rawip | (Ndis Protocol)---network layer +----------------------------------------+ | Ndis Lib | | | +-------------------------------+ | K57xp32.sys | (miniport)---link layer +-------------------------------+ | Net Interface Card | ---physical layer +-------------------------------+
Other operations such as the creation of sockets.
TCP/IP Protocol Transport Layer and Network layer implementation is completed in Tcpip.sys, it mainly completes two parts of the work, Transport layer implementation and Network layer implementation, in the transport layer to complete the TCP, UDP, RAWIP binding, connectivity and other functions, mainly to serve the afd.sys of the TDI command, Then go to the network layer, to complete the Routing and IP Packet composition, the network layer is equivalent to an Ndis protocol driver, generally speaking it will bind all the network card to listen and send IP packets.
Link layer on the author's computer is done by the K57xp32.sys driver, different network cards This driver may be different, it is equivalent to an NDIS miniport driver, and the NDIS protocol driver, is running in the NDIS library to create a running environment, mainly complete such as the composition of the intranet packet , operating the network card to send packets, and registering interrupts to receive packets and other information work.
The physical layer, of course, is implemented by the NIC hardware.
With the clear structure above, we have to develop some business will be very clear to know where it works, such as the TDI firewall, you can directly attach to the Tcpip.sys created several named Device objects, you can hear the Afd.sys sent down the TDI command, and then can intercept, some The socket creates, binds, sends and receives commands to complete the firewall's functionality. Of course, if others directly register a protocol driver, and then directly to the contract, then the firewall can not treat such operations to monitor, such as the direct sending ARP packets to the LAN, can cause attacks. But if your firewall is working on the top of the chain, that is, registering a middle-tier driver to complete the firewall, then you can intercept the operation I just assumed, so if an Ndis middle-tier driver completes the firewall function, it can have a greater scope of monitoring. For example, if you want to implement a virtual network card, then you can complete a Ndis small port driver, to allow other protocols to bind you, some applications can directly select the network card for data processing, you can do some special work.
In short, there are many flexible ideas, you can complete the multi-flexible function.
OSI seven layer model structure diagram implemented by Windows
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
