SlideShare une entreprise Scribd logo

Windows Filtering Platform And Winsock Kernel

Télécharger en tant que PPT, PDF
H
Hardway Hou

WinHEC 05 Madhurima Pawar Program Manager Windows Networking mpawar @ microsoft.com Microsoft Corporation Eric Stenson Development Lead Windows Networking ericsten @ microsoft.com Microsoft Corporation

Technologie
1  sur  32
Windows Filtering Platform And Winsock Kernel: Next-Generation Kernel Networking APIs Madhurima Pawar Program Manager Windows Networking mpawar @ microsoft.com Microsoft Corporation Eric Stenson Development Lead Windows Networking ericsten @ microsoft.com Microsoft Corporation
Session Outline ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Session Goals ,[object Object],[object Object],[object Object],[object Object]
Windows Filtering Platform (WFP)
WFP Introduction ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
WFP Basics ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
WFP Architecture Base Filtering Engine Filtering Engine TDI, WSK NAT Firewall or other filter applications LH Firewall WFP APIs ALE Stream Layer TCP, UDP Transport Layer Network Layer NDIS Layer Forwarding Layer Packetprocessing path Callout APIs IDS callout Parental control Anti-virus Callout modules user kernel Provided by: Microsoft ISV OEM IHV
WFP Configuration ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Callout Drivers ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Case Study: Data Logging Callout ,[object Object],[object Object],[object Object],[object Object],[object Object]
Case Study: Data Logging Callout ,[object Object],[object Object],[object Object],[object Object]
Case Study: Data Logging Callout ,[object Object],[object Object]
Case Study: Data Logging Callout ,[object Object],[object Object]
Case Study: Data Logging Callout ,[object Object],[object Object]
Case Study: Data Logging Callout ,[object Object],[object Object]
Case Study: Data Logging Callout ,[object Object],[object Object]
Case Study: Data Logging Callout ,[object Object],[object Object]
Winsock Kernel (WSK)
WSK Goals ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Transport Driver Interface (TDI) Shortcomings ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
TDI Shortcomings ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
TDI Overview Kernel Mode Networking Client Apps Transport (TCP/IPv4) eviceCP eviceDP eviceAW Transport (TCP/IPv6) eviceCP6 eviceDP6 eviceAW6 Transport (3 rd Party) evicelt; proto> <proto> – Determined by 3 rd Party Transport Implementers I/O Manager TDI.SYS Provided by: Microsoft ISV IHV
Windows Codenamed “Longhorn” Stack Overview WFP WS2_32.DLL LSP #1 LSP #2 MSWSOCK.DLL AFD TDI Next Generation TCP/IP Stack NetBT 3 rd Party TDX Private WSK HTTP.SYS Winsock 1.0/2.x SPI SPI SPI Winsock Catalog User Kernel WSK LSP = Winsock Layered Service Provider
WSK Benefits ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
WSK Benefits ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
WSK Overview N etwork M odule R egistration (NMR) Winsock Kernel (WSK) Kernel Mode Networking Client Apps Transport (3 rd Party) Transport (TCP/IPv4) Transport (TCP/IPv6) ... I/O Manager Provided by: Microsoft ISV IHV
WSK Scenarios: Create Connection (TDI) // // Create AO // Build FILE_FULL_EA_INFORMATION (TA_ADDRESS) InitializeObjectAttributes (TDI Device Name) IoCreateFile( &AOHandle, MAXIMUM_ALLOWED, // DesiredAccess &object_attributes, &io_status_block, 0, // AllocationSize 0, // FileAttributes 0, // ShareAccess, FILE_CREATE, 0, // CreateOptions. ea_buffer, ea_length, CreateFileTypeNone, NULL, // ExtraCreateParameters create_options ); // // Create CO // Build FILE_FULL_EA_INFORMATION (TdiConnectionContext) InitializeObjectAttributes (TDI Device Name) IoCreateFile( &COHandle, MAXIMUM_ALLOWED, // DesiredAccess &object_attributes, &io_status_block, 0, // AllocationSize 0, // FileAttributes 0, // ShareAccess, FILE_CREATE, 0, // CreateOptions. ea_buffer, ea_length, CreateFileTypeNone, NULL, // ExtraCreateParameters create_options ); // // Associate CO to AO // Allocate IRP Get File and Device Object pointers from CO_FileHandle TdiBuildAssociateAddress(CO, AOHandle, CompletionRtn/Ctx) IoCallDriver(IRP) // // Issue connect when AssociateAddress request is completed. // Allocate IRP or reuse IRP from previous step TdiBuildConnect(CO, TA_ADDRESS, CompletionRtn/Ctx) IoCallDriver(IRP)
WSK Scenarios: Create Connection (WSK) // // Create and connect a WSK socket in one call // Allocate IRP IoSetCompletionRoutine(IRP, CompletionRtn/Ctx); WskProviderDispatch->WskSocketConnect( WskClient, SOCK_STREAM, IPPROTO_TCP, LocalAddress, // SOCKADDR RemoteAddress, // SOCKADDR 0, // Flags SocketCallbackContext, SocketCallbackDispatch, Process, Thread, SecurityDescriptor, IRP );
WSK Scenarios: WSK Socket Control // // Setting SO_RCVBUF socket option // ULONG rcvbufsize = 16384; Allocate IRP; IoSetCompletionRoutine(IRP, CompletionRtn/Ctx); WskSocketDispatch-> WskControlSocket ( WskSocket, WskSetOption, // RequestType: set, get, ioctl SO_RCVBUF, // OptionName SOL_SOCKET, // Level sizeof(rcvbufsize), // InputSize &rcvbufsize, // InputBuffer 0, // OutputSize NULL, // OutputBuffer NULL, // OutputSizeReturned IRP );
Call To Action ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Community Resources ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Additional Resources ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Recommandé

The linux networking architecture
The linux networking architectureThe linux networking architecture
The linux networking architecture
hugo lu
 
WiFi-integration into EPC
WiFi-integration into EPCWiFi-integration into EPC
WiFi-integration into EPC
Franz Edler
 
Palo Alto VM-100 Configuration Lab
Palo Alto VM-100 Configuration LabPalo Alto VM-100 Configuration Lab
Palo Alto VM-100 Configuration Lab
Mykhaylo Skrypka
 
Linux Networking Explained
Linux Networking ExplainedLinux Networking Explained
Linux Networking Explained
Thomas Graf
 
Basic Linux Internals
Basic Linux InternalsBasic Linux Internals
Basic Linux Internals
mukul bhardwaj
 
The TCP/IP Stack in the Linux Kernel
The TCP/IP Stack in the Linux KernelThe TCP/IP Stack in the Linux Kernel
The TCP/IP Stack in the Linux Kernel
Divye Kapoor
 
Xdp and ebpf_maps
Xdp and ebpf_mapsXdp and ebpf_maps
Xdp and ebpf_maps
lcplcp1
 
Linux Network Stack
Linux Network StackLinux Network Stack
Linux Network Stack
Adrien Mahieux
 

Recommandé

The linux networking architecture
The linux networking architectureThe linux networking architecture
The linux networking architecture
hugo lu
 
WiFi-integration into EPC
WiFi-integration into EPCWiFi-integration into EPC
WiFi-integration into EPC
Franz Edler
 
Palo Alto VM-100 Configuration Lab
Palo Alto VM-100 Configuration LabPalo Alto VM-100 Configuration Lab
Palo Alto VM-100 Configuration Lab
Mykhaylo Skrypka
 
Linux Networking Explained
Linux Networking ExplainedLinux Networking Explained
Linux Networking Explained
Thomas Graf
 
Basic Linux Internals
Basic Linux InternalsBasic Linux Internals
Basic Linux Internals
mukul bhardwaj
 
The TCP/IP Stack in the Linux Kernel
The TCP/IP Stack in the Linux KernelThe TCP/IP Stack in the Linux Kernel
The TCP/IP Stack in the Linux Kernel
Divye Kapoor
 
Xdp and ebpf_maps
Xdp and ebpf_mapsXdp and ebpf_maps
Xdp and ebpf_maps
lcplcp1
 
Linux Network Stack
Linux Network StackLinux Network Stack
Linux Network Stack
Adrien Mahieux
 
Ether channel fundamentals
Ether channel fundamentalsEther channel fundamentals
Ether channel fundamentals
Edgardo Scrimaglia
 
Embedded linux network device driver development
Embedded linux network device driver developmentEmbedded linux network device driver development
Embedded linux network device driver development
Amr Ali (ISTQB CTAL Full, CSM, ITIL Foundation)
 
Layer 3 redundancy hsrp
Layer 3 redundancy hsrpLayer 3 redundancy hsrp
Layer 3 redundancy hsrp
Edgardo Scrimaglia
 
3 palo alto ngfw architecture overview
3 palo alto ngfw architecture overview3 palo alto ngfw architecture overview
3 palo alto ngfw architecture overview
Mostafa El Lathy
 
오픈스택 멀티노드 설치 후기
오픈스택 멀티노드 설치 후기오픈스택 멀티노드 설치 후기
오픈스택 멀티노드 설치 후기
영우 김
 
Python for the Network Nerd
Python for the Network NerdPython for the Network Nerd
Python for the Network Nerd
Matt Bynum
 
Rootless Containers
Rootless ContainersRootless Containers
Rootless Containers
Akihiro Suda
 
Dave Gilbert - KVM and QEMU
Dave Gilbert - KVM and QEMUDave Gilbert - KVM and QEMU
Dave Gilbert - KVM and QEMU
Danny Abukalam
 
BPF Hardware Offload Deep Dive
BPF Hardware Offload Deep DiveBPF Hardware Offload Deep Dive
BPF Hardware Offload Deep Dive
Netronome
 
Dynamic Routing IGRP
Dynamic Routing IGRPDynamic Routing IGRP
Dynamic Routing IGRP
Kishore Kumar
 
Traffic Engineering Using Segment Routing
Traffic Engineering Using Segment Routing Traffic Engineering Using Segment Routing
Traffic Engineering Using Segment Routing
Cisco Canada
 
VPN - Virtual Private Network
VPN - Virtual Private NetworkVPN - Virtual Private Network
VPN - Virtual Private Network
Peter R. Egli
 
Cisco ASA Firewall Presentation - ZABTech center Hyderabad
Cisco ASA Firewall Presentation - ZABTech center HyderabadCisco ASA Firewall Presentation - ZABTech center Hyderabad
Cisco ASA Firewall Presentation - ZABTech center Hyderabad
MehtabRohela
 
DHCP
DHCPDHCP
DHCP
selvakumar_b1985
 
PhNOG Report APRICOT 2023
PhNOG Report APRICOT 2023PhNOG Report APRICOT 2023
PhNOG Report APRICOT 2023
APNIC
 
BPF - in-kernel virtual machine
BPF - in-kernel virtual machineBPF - in-kernel virtual machine
BPF - in-kernel virtual machine
Alexei Starovoitov
 
Accelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux KernelAccelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux Kernel
Thomas Graf
 
6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructor6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructor
Salem Trabelsi
 
Character Drivers
Character DriversCharacter Drivers
Character Drivers
Anil Kumar Pugalia
 
20 palo alto site to site
20 palo alto site to site20 palo alto site to site
20 palo alto site to site
Mostafa El Lathy
 
Introduction to ns3
Introduction to ns3Introduction to ns3
Introduction to ns3
Shahid Beheshti University
 
Windows Server 2008 for Developers - Part 2
Windows Server 2008 for Developers - Part 2Windows Server 2008 for Developers - Part 2
Windows Server 2008 for Developers - Part 2
ukdpe
 

Contenu connexe

Tendances

Dynamic Routing IGRP
Dynamic Routing IGRPDynamic Routing IGRP
Dynamic Routing IGRP
Kishore Kumar
 
VPN - Virtual Private Network
VPN - Virtual Private NetworkVPN - Virtual Private Network
VPN - Virtual Private Network
Peter R. Egli
 
Accelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux KernelAccelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux Kernel
Thomas Graf
 
6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructor6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructor
Salem Trabelsi
 

Tendances (20)

Ether channel fundamentals
Ether channel fundamentalsEther channel fundamentals
Ether channel fundamentals
 
Embedded linux network device driver development
Embedded linux network device driver developmentEmbedded linux network device driver development
Embedded linux network device driver development
 
Layer 3 redundancy hsrp
Layer 3 redundancy hsrpLayer 3 redundancy hsrp
Layer 3 redundancy hsrp
 
3 palo alto ngfw architecture overview
3 palo alto ngfw architecture overview3 palo alto ngfw architecture overview
3 palo alto ngfw architecture overview
 
오픈스택 멀티노드 설치 후기
오픈스택 멀티노드 설치 후기오픈스택 멀티노드 설치 후기
오픈스택 멀티노드 설치 후기
 
Python for the Network Nerd
Python for the Network NerdPython for the Network Nerd
Python for the Network Nerd
 
Rootless Containers
Rootless ContainersRootless Containers
Rootless Containers
 
Dave Gilbert - KVM and QEMU
Dave Gilbert - KVM and QEMUDave Gilbert - KVM and QEMU
Dave Gilbert - KVM and QEMU
 
BPF Hardware Offload Deep Dive
BPF Hardware Offload Deep DiveBPF Hardware Offload Deep Dive
BPF Hardware Offload Deep Dive
 
Dynamic Routing IGRP
Dynamic Routing IGRPDynamic Routing IGRP
Dynamic Routing IGRP
 
Traffic Engineering Using Segment Routing
Traffic Engineering Using Segment Routing Traffic Engineering Using Segment Routing
Traffic Engineering Using Segment Routing
 
VPN - Virtual Private Network
VPN - Virtual Private NetworkVPN - Virtual Private Network
VPN - Virtual Private Network
 
Cisco ASA Firewall Presentation - ZABTech center Hyderabad
Cisco ASA Firewall Presentation - ZABTech center HyderabadCisco ASA Firewall Presentation - ZABTech center Hyderabad
Cisco ASA Firewall Presentation - ZABTech center Hyderabad
 
DHCP
DHCPDHCP
DHCP
 
PhNOG Report APRICOT 2023
PhNOG Report APRICOT 2023PhNOG Report APRICOT 2023
PhNOG Report APRICOT 2023
 
BPF - in-kernel virtual machine
BPF - in-kernel virtual machineBPF - in-kernel virtual machine
BPF - in-kernel virtual machine
 
Accelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux KernelAccelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux Kernel
 
6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructor6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructor
 
Character Drivers
Character DriversCharacter Drivers
Character Drivers
 
20 palo alto site to site
20 palo alto site to site20 palo alto site to site
20 palo alto site to site
 

Similaire à Windows Filtering Platform And Winsock Kernel

Leveraging the strength of OSGi to deliver a convergent IoT Ecosystem - O Log...
Leveraging the strength of OSGi to deliver a convergent IoT Ecosystem - O Log...Leveraging the strength of OSGi to deliver a convergent IoT Ecosystem - O Log...
Leveraging the strength of OSGi to deliver a convergent IoT Ecosystem - O Log...
mfrancis
 
Infrastructure as Code in your CD pipelines - London Microsoft DevOps 0423
Infrastructure as Code in your CD pipelines - London Microsoft DevOps 0423Infrastructure as Code in your CD pipelines - London Microsoft DevOps 0423
Infrastructure as Code in your CD pipelines - London Microsoft DevOps 0423
Giulio Vian
 
Addmi 03-addm prerequisites
Addmi 03-addm prerequisitesAddmi 03-addm prerequisites
Addmi 03-addm prerequisites
odanyboy
 
Web Template Mechanisms in SOC Verification - DVCon.pdf
Web Template Mechanisms in SOC Verification - DVCon.pdfWeb Template Mechanisms in SOC Verification - DVCon.pdf
Web Template Mechanisms in SOC Verification - DVCon.pdf
SamHoney6
 
eMagic-Data Center Management System
eMagic-Data Center Management SystemeMagic-Data Center Management System
eMagic-Data Center Management System
Sandesh Sonar
 

Similaire à Windows Filtering Platform And Winsock Kernel (20)

Introduction to ns3
Introduction to ns3Introduction to ns3
Introduction to ns3
 
Windows Server 2008 for Developers - Part 2
Windows Server 2008 for Developers - Part 2Windows Server 2008 for Developers - Part 2
Windows Server 2008 for Developers - Part 2
 
Inside forti os-v524-r5
Inside forti os-v524-r5Inside forti os-v524-r5
Inside forti os-v524-r5
 
Inside forti os-v524-r5
Inside forti os-v524-r5Inside forti os-v524-r5
Inside forti os-v524-r5
 
Harbour IT & VMware - vForum 2010 Wrap
Harbour IT & VMware - vForum 2010 WrapHarbour IT & VMware - vForum 2010 Wrap
Harbour IT & VMware - vForum 2010 Wrap
 
Leveraging the strength of OSGi to deliver a convergent IoT Ecosystem - O Log...
Leveraging the strength of OSGi to deliver a convergent IoT Ecosystem - O Log...Leveraging the strength of OSGi to deliver a convergent IoT Ecosystem - O Log...
Leveraging the strength of OSGi to deliver a convergent IoT Ecosystem - O Log...
 
Ixia presentation
Ixia presentationIxia presentation
Ixia presentation
 
Aruba OS 6.4 Command Line Interface Reference Guide
Aruba OS 6.4 Command Line Interface Reference GuideAruba OS 6.4 Command Line Interface Reference Guide
Aruba OS 6.4 Command Line Interface Reference Guide
 
Provisioning the IoT
Provisioning the IoTProvisioning the IoT
Provisioning the IoT
 
PDC Highlights
PDC HighlightsPDC Highlights
PDC Highlights
 
Cloud to hybrid edge cloud evolution Jun112020.pptx
Cloud to hybrid edge cloud evolution Jun112020.pptxCloud to hybrid edge cloud evolution Jun112020.pptx
Cloud to hybrid edge cloud evolution Jun112020.pptx
 
OpenShift Taiwan Vol.1 Technology Overview
OpenShift Taiwan Vol.1 Technology OverviewOpenShift Taiwan Vol.1 Technology Overview
OpenShift Taiwan Vol.1 Technology Overview
 
Building and Managing your Virtual Datacenter using PowerShell DSC - Florin L...
Building and Managing your Virtual Datacenter using PowerShell DSC - Florin L...Building and Managing your Virtual Datacenter using PowerShell DSC - Florin L...
Building and Managing your Virtual Datacenter using PowerShell DSC - Florin L...
 
Infrastructure as Code in your CD pipelines - London Microsoft DevOps 0423
Infrastructure as Code in your CD pipelines - London Microsoft DevOps 0423Infrastructure as Code in your CD pipelines - London Microsoft DevOps 0423
Infrastructure as Code in your CD pipelines - London Microsoft DevOps 0423
 
Wireshark Inroduction Li In
Wireshark Inroduction Li InWireshark Inroduction Li In
Wireshark Inroduction Li In
 
NFA - Middle East Workshop
NFA - Middle East WorkshopNFA - Middle East Workshop
NFA - Middle East Workshop
 
Addmi 03-addm prerequisites
Addmi 03-addm prerequisitesAddmi 03-addm prerequisites
Addmi 03-addm prerequisites
 
Java Profiling
Java ProfilingJava Profiling
Java Profiling
 
Web Template Mechanisms in SOC Verification - DVCon.pdf
Web Template Mechanisms in SOC Verification - DVCon.pdfWeb Template Mechanisms in SOC Verification - DVCon.pdf
Web Template Mechanisms in SOC Verification - DVCon.pdf
 
eMagic-Data Center Management System
eMagic-Data Center Management SystemeMagic-Data Center Management System
eMagic-Data Center Management System
 

Plus de Hardway Hou

迎接云计算大时代 - EasyStack 联合创始人兼CTO 刘国辉
迎接云计算大时代 - EasyStack 联合创始人兼CTO 刘国辉迎接云计算大时代 - EasyStack 联合创始人兼CTO 刘国辉
迎接云计算大时代 - EasyStack 联合创始人兼CTO 刘国辉
Hardway Hou
 

Plus de Hardway Hou (20)

商业计划书-翰鹏-201604
商业计划书-翰鹏-201604 商业计划书-翰鹏-201604
商业计划书-翰鹏-201604
 
Tiktok抖音,今日头条-商务合作方案
Tiktok抖音,今日头条-商务合作方案Tiktok抖音,今日头条-商务合作方案
Tiktok抖音,今日头条-商务合作方案
 
跳过私有云建设的“坑” 私有云建设经验教训以及IBM PMC2.0 简介
跳过私有云建设的“坑” 私有云建设经验教训以及IBM PMC2.0 简介跳过私有云建设的“坑” 私有云建设经验教训以及IBM PMC2.0 简介
跳过私有云建设的“坑” 私有云建设经验教训以及IBM PMC2.0 简介
 
混合云安全创新实践应用
混合云安全创新实践应用混合云安全创新实践应用
混合云安全创新实践应用
 
根据早期多云之旅获得的经验总结
根据早期多云之旅获得的经验总结根据早期多云之旅获得的经验总结
根据早期多云之旅获得的经验总结
 
好孩子企业互联网化--转型战略及系统架构
好孩子企业互联网化--转型战略及系统架构好孩子企业互联网化--转型战略及系统架构
好孩子企业互联网化--转型战略及系统架构
 
Trends and Practices of Cloud
Trends and Practices of CloudTrends and Practices of Cloud
Trends and Practices of Cloud
 
OpenStack Swift的性能调优
OpenStack Swift的性能调优OpenStack Swift的性能调优
OpenStack Swift的性能调优
 
Penetration testing the cloud - vlad gostom
Penetration testing the cloud - vlad gostomPenetration testing the cloud - vlad gostom
Penetration testing the cloud - vlad gostom
 
Lessons Learned from an early Multi-Cloud journey
Lessons Learned from an early Multi-Cloud journeyLessons Learned from an early Multi-Cloud journey
Lessons Learned from an early Multi-Cloud journey
 
How To Build A Stable And Robust Base For a “Cloud”
How To Build A Stable And Robust Base For a “Cloud”How To Build A Stable And Robust Base For a “Cloud”
How To Build A Stable And Robust Base For a “Cloud”
 
量子云:高性能云计算在影视行业应用
量子云:高性能云计算在影视行业应用量子云:高性能云计算在影视行业应用
量子云:高性能云计算在影视行业应用
 
迎接云计算大时代 - EasyStack 联合创始人兼CTO 刘国辉
迎接云计算大时代 - EasyStack 联合创始人兼CTO 刘国辉迎接云计算大时代 - EasyStack 联合创始人兼CTO 刘国辉
迎接云计算大时代 - EasyStack 联合创始人兼CTO 刘国辉
 
连接CONNECTION - 用连接突破数据中心时空限制
连接CONNECTION - 用连接突破数据中心时空限制连接CONNECTION - 用连接突破数据中心时空限制
连接CONNECTION - 用连接突破数据中心时空限制
 
浅谈架构升级
浅谈架构升级浅谈架构升级
浅谈架构升级
 
泛数据时代给各行业所带来的变革与机遇
泛数据时代给各行业所带来的变革与机遇泛数据时代给各行业所带来的变革与机遇
泛数据时代给各行业所带来的变革与机遇
 
数据让机器更智能
数据让机器更智能数据让机器更智能
数据让机器更智能
 
慧数据,联未来 -- 助力企业客户构建数据服务生态
慧数据,联未来 -- 助力企业客户构建数据服务生态慧数据,联未来 -- 助力企业客户构建数据服务生态
慧数据,联未来 -- 助力企业客户构建数据服务生态
 
构建企业私有云、开启服务新里程——基于Dcos的PAAS实践
构建企业私有云、开启服务新里程——基于Dcos的PAAS实践构建企业私有云、开启服务新里程——基于Dcos的PAAS实践
构建企业私有云、开启服务新里程——基于Dcos的PAAS实践
 
应用开发利器 IBM Bluemix平台云介绍
应用开发利器 IBM Bluemix平台云介绍应用开发利器 IBM Bluemix平台云介绍
应用开发利器 IBM Bluemix平台云介绍
 

Dernier

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 

Dernier (20)

Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 

Windows Filtering Platform And Winsock Kernel

  • 1. Windows Filtering Platform And Winsock Kernel: Next-Generation Kernel Networking APIs Madhurima Pawar Program Manager Windows Networking mpawar @ microsoft.com Microsoft Corporation Eric Stenson Development Lead Windows Networking ericsten @ microsoft.com Microsoft Corporation
  • 2.
  • 3.
  • 5.
  • 6.
  • 7. WFP Architecture Base Filtering Engine Filtering Engine TDI, WSK NAT Firewall or other filter applications LH Firewall WFP APIs ALE Stream Layer TCP, UDP Transport Layer Network Layer NDIS Layer Forwarding Layer Packetprocessing path Callout APIs IDS callout Parental control Anti-virus Callout modules user kernel Provided by: Microsoft ISV OEM IHV
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 19.
  • 20.
  • 21.
  • 22. TDI Overview Kernel Mode Networking Client Apps Transport (TCP/IPv4) eviceCP eviceDP eviceAW Transport (TCP/IPv6) eviceCP6 eviceDP6 eviceAW6 Transport (3 rd Party) evicelt; proto> <proto> – Determined by 3 rd Party Transport Implementers I/O Manager TDI.SYS Provided by: Microsoft ISV IHV
  • 23. Windows Codenamed “Longhorn” Stack Overview WFP WS2_32.DLL LSP #1 LSP #2 MSWSOCK.DLL AFD TDI Next Generation TCP/IP Stack NetBT 3 rd Party TDX Private WSK HTTP.SYS Winsock 1.0/2.x SPI SPI SPI Winsock Catalog User Kernel WSK LSP = Winsock Layered Service Provider
  • 24.
  • 25.
  • 26. WSK Overview N etwork M odule R egistration (NMR) Winsock Kernel (WSK) Kernel Mode Networking Client Apps Transport (3 rd Party) Transport (TCP/IPv4) Transport (TCP/IPv6) ... I/O Manager Provided by: Microsoft ISV IHV
  • 27. WSK Scenarios: Create Connection (TDI) // // Create AO // Build FILE_FULL_EA_INFORMATION (TA_ADDRESS) InitializeObjectAttributes (TDI Device Name) IoCreateFile( &AOHandle, MAXIMUM_ALLOWED, // DesiredAccess &object_attributes, &io_status_block, 0, // AllocationSize 0, // FileAttributes 0, // ShareAccess, FILE_CREATE, 0, // CreateOptions. ea_buffer, ea_length, CreateFileTypeNone, NULL, // ExtraCreateParameters create_options ); // // Create CO // Build FILE_FULL_EA_INFORMATION (TdiConnectionContext) InitializeObjectAttributes (TDI Device Name) IoCreateFile( &COHandle, MAXIMUM_ALLOWED, // DesiredAccess &object_attributes, &io_status_block, 0, // AllocationSize 0, // FileAttributes 0, // ShareAccess, FILE_CREATE, 0, // CreateOptions. ea_buffer, ea_length, CreateFileTypeNone, NULL, // ExtraCreateParameters create_options ); // // Associate CO to AO // Allocate IRP Get File and Device Object pointers from CO_FileHandle TdiBuildAssociateAddress(CO, AOHandle, CompletionRtn/Ctx) IoCallDriver(IRP) // // Issue connect when AssociateAddress request is completed. // Allocate IRP or reuse IRP from previous step TdiBuildConnect(CO, TA_ADDRESS, CompletionRtn/Ctx) IoCallDriver(IRP)
  • 28. WSK Scenarios: Create Connection (WSK) // // Create and connect a WSK socket in one call // Allocate IRP IoSetCompletionRoutine(IRP, CompletionRtn/Ctx); WskProviderDispatch->WskSocketConnect( WskClient, SOCK_STREAM, IPPROTO_TCP, LocalAddress, // SOCKADDR RemoteAddress, // SOCKADDR 0, // Flags SocketCallbackContext, SocketCallbackDispatch, Process, Thread, SecurityDescriptor, IRP );
  • 29. WSK Scenarios: WSK Socket Control // // Setting SO_RCVBUF socket option // ULONG rcvbufsize = 16384; Allocate IRP; IoSetCompletionRoutine(IRP, CompletionRtn/Ctx); WskSocketDispatch-> WskControlSocket ( WskSocket, WskSetOption, // RequestType: set, get, ioctl SO_RCVBUF, // OptionName SOL_SOCKET, // Level sizeof(rcvbufsize), // InputSize &rcvbufsize, // InputBuffer 0, // OutputSize NULL, // OutputBuffer NULL, // OutputSizeReturned IRP );
  • 30.
  • 31.
  • 32.