Using Tdi+ndis to implement process network traffic throttling under Windows XP (design document)

Source: Internet
Author: User

The first step:
because the process information is not available in NDIS, you can get the information to the port
maintains a table locally on the TDI, storing the correspondence between processes and ports. (Getting process information and ports is not difficult, I've done it, just need to correlate)

Step Two:
NDIS uses functions to query the TDI for this process and port table, and then to limit the traffic information for a port (difficulty: Figuring out how TDI and NDIS communicate, because TDI and NDIS need to communicate)

Step Three:
How do I limit the traffic to a port? What's the principle? Using deferred processing or packet loss processing is a good choice.

What if the speed limit of the process network can be completed on the basis of the original TDI?
//////////////////////////Process Network speed limit overall design scheme//////////////////////////////////////
the technical points summarized are as follows:
TDI to drop uploads (i.e. send packets)
NDIS to drop the download (i.e. receive packets)

a problem is derived:
What is the difference between packet loss and delay? (Self test)
What is the difference between TDI drops and NDIS drop packets? (self-test with TDIFW and PassThru respectively)

The conclusion is:
for the sending packet, say:
in the case of NDIS can actually be sent successfully (function will return OK) during the re-error by the protocol guaranteed retransmission
for the receiving packet, say:
In the TDI layer, it's a transmission. If you receive the package in the TDI Layer drop protocol will not retransmit

Precautions :
TCP and UDP need to be handled separately, there is heartbeat packet mechanism and retransmission mechanism in TCP

the IP address information and port information, along with the process ID information, are transferred from the ALE layer to the TCP and UDP tiers for parsing.

1 Better IP connect get part
2\ parsing data in UDP
3\ parsing data in TCP
4\ block the code inside the process monitoring function, and add the last time.

IP address and port can be obtained in TCP
What is the difference between the IP address and the IP address that the two layers acquire under the port test?

Another idea is to use NDIS Hook + TDI to achieve the speed limit, which I also realized

Using Tdi+ndis to implement process network traffic throttling under Windows XP (design document)

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.