Encryption of selected packets using a NDIS miniport driver

OSR_Community_User · May 31, 2004, 12:17am

In order to examine a packet, and encrypt those that satisfy certain
conditions (that might be based on the header or the content), is it a
better approach to do everything in the driver or pass the packet to a Win32
app, do the processing and return the packet back? What would be the
implications on complication of implementation and on the network transfer
speed of the two approaches?

Shree

Maxim_S_Shatskih · May 31, 2004, 12:33am

Both are good.

For instance, the user-mode way is used by “natd” NAT implementation in
FreeBSD, and it works fine.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

----- Original Message -----
From: “Shreeniwas Sharma”
Newsgroups: ntdev
To: “Windows System Software Devs Interest List”
Sent: Monday, May 31, 2004 8:16 AM
Subject: [ntdev] Encryption of selected packets using a NDIS miniport driver

> In order to examine a packet, and encrypt those that satisfy certain
> conditions (that might be based on the header or the content), is it a
> better approach to do everything in the driver or pass the packet to a Win32
> app, do the processing and return the packet back? What would be the
> implications on complication of implementation and on the network transfer
> speed of the two approaches?
>
> Shree
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com

Thomas_F_Divine · May 31, 2004, 12:43am

There is a fairly significant and inconsistent latency when making
kernel-to-user and then user-to-kernel transitions necessary involve a Win32
application in the processing of each packet.

By all means develop an approach where most of the per-packet work is
performed in the kernel. Performance will suffer otherwise.

Get the user-mode application involved only when absolutely necessary.

Thomas F. Divine
http://www.pcausa.com

“Shreeniwas Sharma” wrote in message news:xxxxx@ntdev…
> In order to examine a packet, and encrypt those that satisfy certain
> conditions (that might be based on the header or the content), is it a
> better approach to do everything in the driver or pass the packet to a
Win32
> app, do the processing and return the packet back? What would be the
> implications on complication of implementation and on the network transfer
> speed of the two approaches?
>
> Shree
>
>
>