# of Qs about TDI

For those TDI dispatchers and TDI event handlers…

Are the following true?

  • tdi_connect for outgoing TCP packet
  • tdi_event_connect for incoming TCP packet
  • tdi_send datagram for outgoing UDP datagram
  • tdi_receive datagram for incoming UDP datagram

What are the uses or physical meaning of other TDI dispatchers amd event
handlers?

If I want to implement a TDI filter driver which block a certain process’s
internet access, I need to do so in which set of TDI dispatchers and TDI
event handlers? Only those 4 mentioned above?

You need to hook everything in TDI because TDI is so flexible. The
higher-level TDI client may use the function calls for
connecting/accept/send/receive or the event-based functionality or a
mixture.

Good luck,

Thomas F. Divine

PCAUSA - Tools & Resources For Network Software Developers
NDIS Protocol/Intermediate/Hooking - TDI Client/Filter
http: - http:

“Sherman” wrote in message news:xxxxx@ntdev…
>
> For those TDI dispatchers and TDI event handlers…
>
> Are the following true?
> - tdi_connect for outgoing TCP packet
> - tdi_event_connect for incoming TCP packet
> - tdi_send datagram for outgoing UDP datagram
> - tdi_receive datagram for incoming UDP datagram
>
> What are the uses or physical meaning of other TDI dispatchers amd event
> handlers?
>
> If I want to implement a TDI filter driver which block a certain process’s
> internet access, I need to do so in which set of TDI dispatchers and TDI
> event handlers? Only those 4 mentioned above?
>
></http:></http:>

> Are the following true?

  • tdi_connect for outgoing TCP packet

Yes, TDI_CONNECT forces TCPIP to send the outgoing SYN packet.

  • tdi_event_connect for incoming TCP packet

Yes, this event is called by TCPIP when incoming SYN arrives. The client must assemble the TDI_ACCEPT IRP, set a pre-created
connection file object to it, and return it from the event handler.
TDI_ACCEPT completion routine is called when the connection is fully established and the connection file object can be used for data
transfer.
This means - TCPIP maintains no listen backlog, it is a client’s job to maintain it.

  • tdi_send datagram for outgoing UDP datagram

TDI_SEND is for outgoing TCP information. It will be completed only when all ACKs will arrive for this portion of data. This
means - TCPIP maintains no SO_SNDBUF, the client must do this.
TDI_SEND_DATAGRAM is for outgoing UDP datagram.

  • tdi_receive datagram for incoming UDP datagram

Receive event handler is called when some data arrives. If BytesIndicated == BytesAvailable, just copy it to your buffer and return.
Otherwise, assemble a TDI_RECEIVE IRP and return it with STATUS_MORE_PROCESSING_REQUIRED from the event handler. IRP’s completion
routine will deliver the whole data portion to you.

What are the uses or physical meaning of other TDI dispatchers amd event
handlers?

TDI_DISCONNECT_RELEASE IRP forces TCPIP to send a FIN packet and to move the connection ESTABLISHED -> FIN_WAIT_1 or CLOSE_WAIT ->
LAST_ACK.
TDI_DISCONNECT_RELEASE event is called by TCPIP when an incoming FIN have arrived - on move ESTABLISHED -> CLOSE_WAIT or
FIN_WAIT_2 -> TIME_WAIT or FIN_WAIT_1 -> CLOSING.

If your client wants to implement graceful or lingering close of the connection - it must delay closing the connection file object
till FINs are both sent and received. Otherwise, the remote end will receive a RST and will consider the connection to be aborted.
TDI_DISCONNECT_ABORT event is called on RST packet arrival or on deadly timeout.

You can purchase our kernel socket library with source code to study TDI better, the source is rather well-commented.

Max