TDI Filter - Its Many Functions
http://www.webmarktools.net/articles/1609/1/TDI-Filter---Its-Many-Functions/Page1.html
Troy Truman
Troy Truman is an online publisher providing great tips on friendly search engine website. To learn more about this topic, visit http://www.NetPointMarketing.com today! By Troy Truman
Published on 02/10/2010
TDI filter works within or above TCP/IP driver in kernel mode. This type of network filtering does not touch on the lower NDIS level. Read on to find out more!
TDI filter works within or above TCP/IP driver in kernel mode. This type of network filtering does not touch on the lower NDIS level. There are several situations where transport driver interface is the only viable module that can be used in monitoring traffic between server and client within a network. This type of interface has been widely used before the introduction of Windows Vista. Back then, the only way to implement a filtering system on a transport level is by inserting TDI above the TCP/IP kernel driver. But as Vista became available, new architecture for kernel mode networking came into town. TDI performance in these new interfaces has been significantly deprecated, giving way to transport level filtering being done via Windows Filtering Platform (WFP).
Even so, TDI filter will still be supported for retroactive compatibility. There are programs that have been written to bridge the gap between transport level filtering specifications before and after the introduction of Windows Vista. This is made possible by using a set of WFP and transport driver interface with the same functionalities that can support user mode applications that span across Windows 2000 and Windows Server 2008. This new filter architecture or interface aims to sustain networking technology that has long been used in filtering implementation.
Always remember that TDI filter has a direct effect on the performance of the network. The more transport protocols are put into place, the more broadcast traffic you get in your network. And this can drag down the overall performance of the network applications. That's because networks are designed to broadcast on all protocols with the goal of ensuring that all protocols will get messages. So, if you want enhanced performance, you can try to minimize the number of protocols that needed to be broadcasted and filtered.
If you need more control than what the TDI filter can offer when filtering, you can choose to write a drive interface that can directly communicate with NDIS or TDI. But right now, one of the better options is to use an LSP or a layered service provider. This dynamic link library or DLL application can be inserted into the stack, allowing it to inspect and alter data automatically. A layered service provider can intercept both outbound and inbound network traffic. It can process all traffic in TCP/IP that occurs between network applications and the Internet. No wonder the newer Winsock network programming interface comes with LSPs.
Even so, TDI filter will still be supported for retroactive compatibility. There are programs that have been written to bridge the gap between transport level filtering specifications before and after the introduction of Windows Vista. This is made possible by using a set of WFP and transport driver interface with the same functionalities that can support user mode applications that span across Windows 2000 and Windows Server 2008. This new filter architecture or interface aims to sustain networking technology that has long been used in filtering implementation.
Always remember that TDI filter has a direct effect on the performance of the network. The more transport protocols are put into place, the more broadcast traffic you get in your network. And this can drag down the overall performance of the network applications. That's because networks are designed to broadcast on all protocols with the goal of ensuring that all protocols will get messages. So, if you want enhanced performance, you can try to minimize the number of protocols that needed to be broadcasted and filtered.
If you need more control than what the TDI filter can offer when filtering, you can choose to write a drive interface that can directly communicate with NDIS or TDI. But right now, one of the better options is to use an LSP or a layered service provider. This dynamic link library or DLL application can be inserted into the stack, allowing it to inspect and alter data automatically. A layered service provider can intercept both outbound and inbound network traffic. It can process all traffic in TCP/IP that occurs between network applications and the Internet. No wonder the newer Winsock network programming interface comes with LSPs.