Unit OS A: Windows Networking Unit OS A: Windows Networking
A.1. Networking Components in Windows
A.1. Networking Components in Windows
Copyright Notice Copyright Notice
© 2000-2005 David A. Solomon and Mark Russinovich
© 2000-2005 David A. Solomon and Mark Russinovich
These materials are part of the
These materials are part of the Windows Operating Windows Operating System Internals Curriculum Development Kit,
System Internals Curriculum Development Kit, developed by David A. Solomon and Mark E.
developed by David A. Solomon and Mark E.
Russinovich with Andreas Polze Russinovich with Andreas Polze
Microsoft has licensed these materials from David Microsoft has licensed these materials from David Solomon Expert Seminars, Inc. for distribution to Solomon Expert Seminars, Inc. for distribution to academic organizations solely for use in academic academic organizations solely for use in academic environments (and not for commercial use)
environments (and not for commercial use)
Roadmap for Section A.1 Roadmap for Section A.1
General Concepts - Windows Networking General Concepts - Windows Networking
Domains & Active Directory Domains & Active Directory
The ISO/OSI Reference Model The ISO/OSI Reference Model
Networking APIs Networking APIs
Redirector/Server Operation Redirector/Server Operation
Transport Driver Interface (TDI) Transport Driver Interface (TDI)
Layered Network Services
Layered Network Services
Roots of Windows Networking Roots of Windows Networking
MS-DOS 3.1:
MS-DOS 3.1:
Added file-locking and record-locking to FAT file system Added file-locking and record-locking to FAT file system Product: Microsoft Networks (MS-NET; 1984)
Product: Microsoft Networks (MS-NET; 1984)
Uniform naming convention (UNC): NET USE X: \\SERVER\SHARE Uniform naming convention (UNC): NET USE X: \\SERVER\SHARE MS-NET established some traditions:
MS-NET established some traditions:
Redirector traps I/O requests destined to remote file, directory, printer Redirector traps I/O requests destined to remote file, directory, printer MS-NET redirector sends request to remote server
MS-NET redirector sends request to remote server NT networking supports multiple redirectors
NT networking supports multiple redirectors
Server Message Block protocol (introduced in MS-NET) Server Message Block protocol (introduced in MS-NET)
NetBIOS interface (API) to pass I/O requests in SMB format NetBIOS interface (API) to pass I/O requests in SMB format Network Server
Network Server
Accepts and handles SMB requests; peer-to-peer networking Accepts and handles SMB requests; peer-to-peer networking LAN Manager
LAN Manager
Network domains; share account/security info Network domains; share account/security info
Networking in Windows Networking in Windows
Design goals Design goals
Integral, application-transparent networking Integral, application-transparent networking
services services
Basic file and print sharing and using services Basic file and print sharing and using services
A platform for distributed applications A platform for distributed applications
Application-level inter-process communication (IPC) Application-level inter-process communication (IPC)
Windows should provide an expandable Windows should provide an expandable
platform for other network components
platform for other network components
Domains Domains
Allow a shared security database across a group of computers Allow a shared security database across a group of computers
Each domain controller has a copy Each domain controller has a copy
Member computers refer to the domain controllers for authentication Member computers refer to the domain controllers for authentication
Two styles:
Two styles:
Legacy NT 4 Domains Legacy NT 4 Domains
Security database stored in Registry SAM & SECURITY hives Security database stored in Registry SAM & SECURITY hives Limited support for relationships between domains
Limited support for relationships between domains Netlogon for authentication
Netlogon for authentication
Windows 2000 Active Directory-based Domains Windows 2000 Active Directory-based Domains
Security database stored in Active Directory Security database stored in Active Directory
Win2000/XP/2003 domains support forests – domain hierarchies – for Win2000/XP/2003 domains support forests – domain hierarchies – for better scaling in large organizations
better scaling in large organizations Kerberos authentication
Kerberos authentication
Active Directory
Active Directory
Active Directory Active Directory
Active Directory is the Windows implementation of Lightweight Active Directory is the Windows implementation of Lightweight Directory Access Protocol (LDAP) directory services
Directory Access Protocol (LDAP) directory services
Active Directory’s core is a database that stores objects Active Directory’s core is a database that stores objects
representing resources defined by applications in a Windows representing resources defined by applications in a Windows network
network
File is ntds.dit File is ntds.dit
Active Directory supports a number of APIs Active Directory supports a number of APIs
LDAP C API LDAP C API
Active Directory Service Interfaces (ADSI) COM interface Active Directory Service Interfaces (ADSI) COM interface Messaging API (MAPI)
Messaging API (MAPI)
Security Account Manager (SAM) APIs
Security Account Manager (SAM) APIs
Windows NT 4 networking APIs (Net APIs)
Windows NT 4 networking APIs (Net APIs)
OSI Reference Model OSI Reference Model
Computer network is an
Computer network is an interconnected collection of autonomous interconnected collection of autonomous computers
computers (Tanenbaum) (Tanenbaum)
Standardize and integrate networking software:
Standardize and integrate networking software:
International Standards Organization defined a software model for International Standards Organization defined a software model for sending messages between machines
sending messages between machines
Open Systems Interconnection (OSI) reference model Open Systems Interconnection (OSI) reference model
Idealized scheme Idealized scheme
Each layer on one machine assumes that it is „talking“ to the same Each layer on one machine assumes that it is „talking“ to the same layer on the other machine
layer on the other machine
Each layer provides services to higher layers and abstracts from Each layer provides services to higher layers and abstracts from implementation of services at lower layers
implementation of services at lower layers
OSI Reference Model (contd.) OSI Reference Model (contd.)
Application Presentation
Session Transport
Network Data Link
Physical
Application Presentation
Session Transport
Network Data Link
Physical Virtual
communication
Client Machine Server Machine
Transmission medium
Protocol stack
Layers in the OSI Model Layers in the OSI Model
Application layer (7) Application layer (7)
Information transfer between network apps.,Initiation of data Information transfer between network apps.,Initiation of data exchange
exchange
Security checks, identification of participating machines Security checks, identification of participating machines
Presentation layer (6) Presentation layer (6)
Data formatting, data compression, encoding, etc.
Data formatting, data compression, encoding, etc.
Session layer (5) Session layer (5)
Manages connection between cooperating applications Manages connection between cooperating applications
High-level synchronization and monitoring: who is talking/listening High-level synchronization and monitoring: who is talking/listening
Transport layer (4) Transport layer (4)
Divides messages into packets, assigns sequence numbers Divides messages into packets, assigns sequence numbers
Segmentation, assembly; hides changes in networking hardware
Segmentation, assembly; hides changes in networking hardware
Layers in the OSI Model (contd.) Layers in the OSI Model (contd.)
Network layer (3) Network layer (3)
Routing, congestion control, internetworking Routing, congestion control, internetworking
Highest layer, that understands network topology Highest layer, that understands network topology
(physical configuration of machines, type of cabling, bandwidth limits) (physical configuration of machines, type of cabling, bandwidth limits)
Data-link layer (2) Data-link layer (2)
Transmits low-level data frames, waits for acknowledgements Transmits low-level data frames, waits for acknowledgements Re-transmission of lost packets
Re-transmission of lost packets
Physical layer (1) Physical layer (1)
Passes bits to the network cable/physical transmission medium Passes bits to the network cable/physical transmission medium
OSI Model and Windows Networking OSI Model and Windows Networking
Application (7) Presentation (6) Session (5) Transport (4) Network (3) Data Link (2) Physical (1)
File I/O, Named Pipes, or Mailslots
Environment Subsystem Redirector
Ethernet, Token Ring,...
Provider Interface TDI
NetBIOS Windows Sockets
NDIS Environment and Drivers NDIS 5.0 Interface
TCP/IP NetBEUI
SMB protocol
Various transport protocols NDIS protocol
Server
Transmission medium
Client Machine Server Machine
Networking APIs Networking APIs
Windows I/O API Windows I/O API
Open, close, read, write with UNC names referring to remote files Open, close, read, write with UNC names referring to remote files
Windows network (WNet) API Windows network (WNet) API
Browse file systems via LAN Manager, NetWare, VINES, nfs,...
Browse file systems via LAN Manager, NetWare, VINES, nfs,...
Windows named pipe and mailslot APIs Windows named pipe and mailslot APIs
Message passing between apps., broadcasting Message passing between apps., broadcasting
NetBIOS API NetBIOS API
Backward compatibility for MS-DOS, 16-bit Windows, OS/2 apps.
Backward compatibility for MS-DOS, 16-bit Windows, OS/2 apps.
Windows Sockets API Windows Sockets API
16/32-bit UNIX-style standard interface for networking 16/32-bit UNIX-style standard interface for networking
Remote Procedure Call (RPC) facility Remote Procedure Call (RPC) facility
Compatible with Distributed Computing Environment (DCE) RPC
Compatible with Distributed Computing Environment (DCE) RPC
Networking APIs Networking APIs
Applications link with user- Applications link with user- mode DLLs that present the mode DLLs that present the networking API
networking API Example:
Example:
Winsock, WS2_32.DLL Winsock, WS2_32.DLL
Networking API DLLs often rely on kernel-mode drivers Networking API DLLs often rely on kernel-mode drivers (TDI clients) to interface to network protocol drivers
(TDI clients) to interface to network protocol drivers
The Winsock libraries maintain socket state information, but The Winsock libraries maintain socket state information, but also rely on an API driver, AFD, in kernel mode as a foundation also rely on an API driver, AFD, in kernel mode as a foundation Kernel-mode integration with I/O Manager allows file system Kernel-mode integration with I/O Manager allows file system APIs to also work for networking
APIs to also work for networking
Application
ReadFile
I/O Manager
Ws2_32.dll
AFD.SYS
User mode kernel mode
Named Pipes Named Pipes
Microsoft originally developed these APIs for OS/2 LAN Microsoft originally developed these APIs for OS/2 LAN Manager
Manager
Bi-directional, reliable connection-oriented Bi-directional, reliable connection-oriented communication
communication
Messaging mode for transmitting and receiving full messages Messaging mode for transmitting and receiving full messages
Fully implemented on Windows, only partially on Win9x Fully implemented on Windows, only partially on Win9x (only client support)
(only client support)
\\Server\Pipe\AppPipe
Server Application
Client Application
Named Pipe Instances Client Named Pipe Endpoint
Mail Slots Mail Slots
Like Named Pipes, are a LAN Manager API Like Named Pipes, are a LAN Manager API
Supports unidirectional, unreliable broadcast Supports unidirectional, unreliable broadcast
Fully implemented on Win9x Fully implemented on Win9x
\\Server1\Mailslot\AppSlot
Server Application
\\Server2\Mailslot\AppSlot
Server Application
\\*\Mailslot\AppSlot
Client
Application
Client Mailslot Endpoint
Winsock Winsock
Microsoft’s implementation of BSD Unix (Berkeley Microsoft’s implementation of BSD Unix (Berkeley Software Distribution) Sockets
Software Distribution) Sockets
BSD Sockets are the Internet API BSD Sockets are the Internet API
Used widely on UNIX Used widely on UNIX
Winsock consortium helps define Winsock API Winsock consortium helps define Winsock API
Reliable connection-oriented (streams) and unreliable Reliable connection-oriented (streams) and unreliable
connectionless (datagram) modes connectionless (datagram) modes
Listen Socket
Server Application
Client Socket
Client
Application
Accept
Connect
send, recv Listen
System Area Networks System Area Networks
System Area Networks (SAN) is a connection-oriented server interconnect System Area Networks (SAN) is a connection-oriented server interconnect
Not to be confused with Storage Area Networks (SAN) Not to be confused with Storage Area Networks (SAN)
Provides reliable, in-order delivery
Provides reliable, in-order delivery
Both network and bus semantics:Both network and bus semantics:
Messages Messages
Remote DMA (memory semantics) Remote DMA (memory semantics)
Segmentation/reassembly in hardware Segmentation/reassembly in hardware
Interconnect types include
Interconnect types include
InfiniBandInfiniBand Ethernet Ethernet
FiberChannel FiberChannel Proprietary Proprietary
Even shared memory Even shared memory
System Area Networks System Area Networks
Data Center
Web Tier Front End
(Web Servers) Business Logic Database Backend
High-Speed SAN Fabric Internet Traffic via
Standard WAN
System Area Networks System Area Networks
WinSock Direct (WSD) allows applications to get WinSock Direct (WSD) allows applications to get
performance benefits of SANs performance benefits of SANs
No application modification needed No application modification needed
Provides third generation task offload
Provides third generation task offload
System Area Networks System Area Networks
Socket App Winsock
TCP/IP WinSock Provider
TCP/IP Transport Driver
NDIS Miniport
NIC
Socket App Winsock
TCP/IP WinSock Provider
TCP/IP Transport Driver
SAN NDIS Miniport
Winsock Switch
SAN Winsock Provider
SAN Proxy Driver User Mode
Kernel Mode
NDIS WinSock
SPI
Traditional Model Winsock Direct Model
SAN Hardware
Private interface
Client-Side View of Network I/O Client-Side View of Network I/O
Application, Subsystem,
or DLL
User mode Kernel mode System Services
I/O Manager
Transport driver interface (TDI)
Redirector File System
Network Transport
Drivers
Windows Drivers
Windows I/O system service
Server-side View of Network I/O Server-side View of Network I/O
User mode Kernel mode
System Services
I/O Manager
Local File System
Driver
Network Transport
Drivers
Windows Drivers
Server
„File System“
Copy data into buffer
Call next driver
Issue I/O
Network I/O - the complete Picture Network I/O - the complete Picture
Client
Application Kernel32.Dll
User mode Kernel mode
Rdbss.Sys
Protocol Driver (TDI Server) Cache Manager
User mode Kernel mode
Server
File System Driver
Protocol Driver (TDI Server) Cache Manager
Local File System Driver
(NTFS, FAT)
Disk File Data
Ntdll.Dll
Routes to the Network Routes to the Network
Each API finds its way to the network through a different route Each API finds its way to the network through a different route
Windows API I/O routines call I/O system services;
Windows API I/O routines call I/O system services;
I/O manager sends IRPs to redirector I/O manager sends IRPs to redirector
Sockets API and NetBIOS API are DLLs, that call I/O services Sockets API and NetBIOS API are DLLs, that call I/O services
I/O manager sends IRPs to Sockets and NetBIOS drivers I/O manager sends IRPs to Sockets and NetBIOS drivers
Services – comparable to UNIX daemon processes Services – comparable to UNIX daemon processes
Service controller
Service controller
manages loading and starting of NT services manages loading and starting of NT services Services may export an API to support specific functions, e.g.:
Services may export an API to support specific functions, e.g.:
Administering built-in redirector (LAN Man
Administering built-in redirector (LAN Man WS service WS service , , Server service) Server service ) Sending alert messages (disk full) to logged-on users (
Sending alert messages (disk full) to logged-on users ( alerter service) alerter service ) Receiving messages (print job notification) from other systems
Receiving messages (print job notification) from other systems
( ( messenger service messenger service ) )
Sockets DLL
NetBIOS DLL
Routes to the Network (contd.) Routes to the Network (contd.)
Application Process Application
Process Windows
Subsystem
I/O API
Workstation Service Server
Service
User mode Kernel mode Built-in
Redirector
Windows Sockets
Driver
NetBIOS Driver
Network Transports Network
Server
NTFS CDFS
I/O Manager Network
File I/O Network browsing
WNet DLL
Application Process
Transport Driver Interface (TDI) User-space
Services
Built-in Networking Components Built-in Networking Components
Redirector and network server:
Redirector and network server:
Introduced with MS-NET (assembly lang.);
Introduced with MS-NET (assembly lang.);
completely re-written (C) for Windows NT/2000 completely re-written (C) for Windows NT/2000 Implemented as loadable file system drivers Implemented as loadable file system drivers
Can coexist with other vendor‘s redirectors and servers Can coexist with other vendor‘s redirectors and servers
Implemented as file system drivers, that means:
Implemented as file system drivers, that means:
Part of the Windows executive Part of the Windows executive
Access to I/O manager‘s driver interfaces Access to I/O manager‘s driver interfaces
Ability to call cache manager functions directly Ability to call cache manager functions directly
I/O manager‘s layered model reflects layering of network protocols I/O manager‘s layered model reflects layering of network protocols Redirector/server can be layered on top of any transport protocol Redirector/server can be layered on top of any transport protocol driver – modular components
driver – modular components
Redirector/Server Operation Redirector/Server Operation
Compatibility:
Compatibility:
Works with existing MS-NET & LAN Manager servers (MS-DOS, OS/2, Works with existing MS-NET & LAN Manager servers (MS-DOS, OS/2, Windows)
Windows)
Can access remote files, named pipes, printers Can access remote files, named pipes, printers Initialization:
Initialization:
Driver‘s init routine creates object
Driver‘s init routine creates object \Device\Redirector\Device\Redirector
Registers dispatch routines for driver operations (open, close, read,..) Registers dispatch routines for driver operations (open, close, read,..) Reliability:
Reliability:
Periodic reconnect to servers; mask transient faults, if possible Periodic reconnect to servers; mask transient faults, if possible Maintains tables of open files; reopens files on reconnect
Maintains tables of open files; reopens files on reconnect Asynchronous operation: (support for asynch. I/O)
Asynchronous operation: (support for asynch. I/O) Return immediately to user-space process Return immediately to user-space process
Employ thread in initial system process to wait for I/O completion Employ thread in initial system process to wait for I/O completion
Resolving a Network Filename Resolving a Network Filename
Extend the reach of local I/O to include remote resources Extend the reach of local I/O to include remote resources
All these resources are objects All these resources are objects
Object manager gets involved in opening files Object manager gets involved in opening files
1. User assigns drive letter NET USE T: \\TOOLSERV\TOOLS;
workstation service creates symbolic link 2. Windows app. opens file T:\editor.exe
3. Windows subsyst. Translates name to NT object
\DosDevices\T:\editor.exe; calls NT executive to open file
4. Object manager substitutes symbolic link to \Device\Redirector
\
DosDevices Device
Name Resolution (contd.) Name Resolution (contd.)
Device objects:
Device objects:
Launching point into an object namespace that is not controlled by the NT object Launching point into an object namespace that is not controlled by the NT object manager
manager
Object manager calls parse method associated with the device object Object manager calls parse method associated with the device object In our case:
In our case:
Method is an I/O manager routine that calls redirector Method is an I/O manager routine that calls redirector Redirector builds SMBs (Server Message Blocks) Redirector builds SMBs (Server Message Blocks)
Remote SMB server opens file \editor.exe on \\TOOLSERV\TOOLS Remote SMB server opens file \editor.exe on \\TOOLSERV\TOOLS Locally:
Locally:
NT object manager creates local file object to represent opened file NT object manager creates local file object to represent opened file Returns object handle to caller; subsequent op. go directly to redirector Returns object handle to caller; subsequent op. go directly to redirector Remote object namespace:
Remote object namespace:
Contains \Device\Server; used to manage the server by name Contains \Device\Server; used to manage the server by name Not used when server receives request
Not used when server receives request
Open Architecture Open Architecture
Redirector, network server, transport drivers can be loaded/unloaded dynamically Redirector, network server, transport drivers can be loaded/unloaded dynamically
A variety of such components can coexist A variety of such components can coexist Windows supports multiple networks:
Windows supports multiple networks:
Access to file systems for resource connection, network browsing, and for Access to file systems for resource connection, network browsing, and for remote file and device I/O through common Windows WNet API
remote file and device I/O through common Windows WNet API
Multiple network transport protocol drivers can be loaded simultaneously;
Multiple network transport protocol drivers can be loaded simultaneously;
redirectors access them through common interface redirectors access them through common interface
Supplies interface and environment (NDIS 3.0) for network card drivers to Supplies interface and environment (NDIS 3.0) for network card drivers to access NT transport drivers
access NT transport drivers Access to remote files systems via:
Access to remote files systems via:
Multiple provider router
Multiple provider router (MPR) – a DLL which determines which network to (MPR) – a DLL which determines which network to access when an app uses Windows WNet API
access when an app uses Windows WNet API
Multiple UNC provider (MUP) – a driver that determines which network to Multiple UNC provider (MUP) – a driver that determines which network to access when an app uses Windows I/O API to open remote files
access when an app uses Windows I/O API to open remote files
System Services
Multiple Provider Multiple Provider
Router (MPR) Router (MPR)
Built-In WNet Provider DLL
User mode Kernel mode Built-in
Redirector File System
Alternative Redirector File System Network Transports
I/O Manager
Network browsing
WNet DLL
Application Process
Alternative Redirector File System Transport Driver Interface (TDI)
Multiple Provider Router (MPR) DLL
WNet Provider DLLs (Novell, Banyan, ...) Provider Interface RPC
Workstation Service
System Services
Multiple UNC Provider (MUP) Multiple UNC Provider (MUP)
Windows Subsystem
I/O API
Built-in Redirector File System I/O Manager
Network File I/O
Multiple UNC Provider Router
Built-in Redirector File System Alternative Redirector File Systems Transport Driver Interface (TDI)
User mode Kernel mode
MUP driver is activated when
app first attempts to open remote file/device using an UNC name (instead of redirected drive letter)
I/O manager opens file with prefix
\Device\Mup\server\sharename
MUP driver receives request and
sends IRPs asynchronously to
Transport Driver Interface Transport Driver Interface
Transport protocols are implemented as drivers Transport protocols are implemented as drivers
Windows provides a single programming interface for redirectors and other Windows provides a single programming interface for redirectors and other high-level network drivers
high-level network drivers
Transport Driver Interface – TDI – allows redirectors and servers to remain Transport Driver Interface – TDI – allows redirectors and servers to remain independent from transports
independent from transports
A single version of a redirector or server can use any available transport A single version of a redirector or server can use any available transport mechanism
mechanism
TDI is asynchronous, TDI is asynchronous,
Implements generic addressing mechanism Implements generic addressing mechanism Variety of services and libraries
Variety of services and libraries
TDI Clients TDI Clients
Transport Device Interface (TDI) clients:
Transport Device Interface (TDI) clients:
Support network interfaces Support network interfaces
Show up as file systems – have some characteristics of file systems Show up as file systems – have some characteristics of file systems
TDI is a kernel-mode interface TDI is a kernel-mode interface
The TDI interface is a convention for IRP device I/O commands and The TDI interface is a convention for IRP device I/O commands and formatting IRP buffers
formatting IRP buffers
A single interface allows a client use the same interface semantics to A single interface allows a client use the same interface semantics to communicate with multiple TDI protocol drivers
communicate with multiple TDI protocol drivers Example TDI clients:
Example TDI clients:
AFD – Winsock TDI client
AFD – Winsock TDI client
MSFS – MailSlot TDI client
MSFS – MailSlot TDI client
NPFS – Named Pipe TDI client
NPFS – Named Pipe TDI client
System Services
Transport Driver Interface (contd.) Transport Driver Interface (contd.)
I/O Manager
Network Server or Redirector
NetBEUI TCP/IP IPX/SPX
...
Transport Driver Interface (TDI)
Network Card Drivers NDIS interface NDIS:
Network driver
interface specification
TDI - The bigger Picture TDI - The bigger Picture
AFD File System Driver
WS2_32.Dll Application
User mode Kernel mode
NtReadFile, NtWriteFile,
NtCreateFile, NtDeviceIoControlFile
TCP/IP Mswsock.Dll
TDI IRPs
TDI
\Device\Afd
IPX/SPX
Protocol Drivers
NetBEUI Wshtcpip.Dll …
SPI
Service Providers
…
Ntdll.Dll
TDI Transports TDI Transports
API providers rely on TDI Transports (also called API providers rely on TDI Transports (also called transport protocol drivers) in kernel mode to take transport protocol drivers) in kernel mode to take
API requests and translate them into low-level API requests and translate them into low-level
network protocol requests for transmission network protocol requests for transmission
across the network
across the network
Transports supported by TDI Transports supported by TDI
NetBEUI transport NetBEUI transport
NetBIOS Extended User Interface – LAN transport protocol NetBIOS Extended User Interface – LAN transport protocol
developed by IBM to operate underneath the NetBIOS developed by IBM to operate underneath the NetBIOS
interface interface
TCP/IP transport TCP/IP transport
Transmission Control Protocol/Internet Protocol – wide-area Transmission Control Protocol/Internet Protocol – wide-area protocol developed for U.S. DoD to connect heterogeneous protocol developed for U.S. DoD to connect heterogeneous
(UNIX) systems (UNIX) systems IPX/SPX transport IPX/SPX transport
Internet Packet Exchange/Sequenced Packet Exchange – Internet Packet Exchange/Sequenced Packet Exchange –
protocols used by Novell‘s NetWare (connectionless comm.) protocols used by Novell‘s NetWare (connectionless comm.) AppleTalk transport
AppleTalk transport
TDI operation TDI operation
1. 1. Client allocates/formats an address open Client allocates/formats an address open TDI IRP TDI IRP
TDI returns file object known as address object TDI returns file object known as address object Equivalent to winsock bind() function
Equivalent to winsock bind() function
2. 2. Client allocates/formats Client allocates/formats connection open connection open TDI IRP TDI IRP
TDI returns
TDI returns connection object connection object (equiv. to socket())(equiv. to socket())
3. 3. Client issues Client issues associate address associate address TDI IRP TDI IRP
This associates connection object to the address object This associates connection object to the address object
4. 4. TDI client issues TDI client issues listen TDI IRP and listen TDI IRP and accept accept TDI IRP TDI IRP
Equivalent to winsock listen() and accept() Equivalent to winsock listen() and accept()
5. 5. Other TDI client issues connect Other TDI client issues connect TDI IRP TDI IRP
Specifying connection object as parameter Specifying connection object as parameter Equivalent to winsock connect()
Equivalent to winsock connect()
TDI operation (contd.) TDI operation (contd.)
TDI also supports connectionless protocols (UDP) TDI also supports connectionless protocols (UDP) TDI supports registering
TDI supports registering event callbacks event callbacks
Functions directly invoked by TDI (event notification) Functions directly invoked by TDI (event notification) No need to pre-allocate resources (buffers)
No need to pre-allocate resources (buffers)
TDI uses NDIS 5 interface to talk to drivers TDI uses NDIS 5 interface to talk to drivers
Network Driver Interface Specification (Microsoft/3Com spec., 1989) Network Driver Interface Specification (Microsoft/3Com spec., 1989) NDIS hides IRP mechanism from network driver:
NDIS hides IRP mechanism from network driver:
same driver may work for Windows 2000/XP/ME same driver may work for Windows 2000/XP/ME
NDIS 4 did serialization of requests on driver level (MP scalability ??) NDIS 4 did serialization of requests on driver level (MP scalability ??) NDIS 5 allows driver to specify concurrency constraints
NDIS 5 allows driver to specify concurrency constraints
NDIS Miniport Drivers NDIS Miniport Drivers
NDIS drivers are also called NDIS NDIS drivers are also called NDIS Miniport drivers
Miniport drivers
Microsoft supplies the NDIS port Microsoft supplies the NDIS port driver
driver
The miniport interface hides the The miniport interface hides the
specifics of the Windows I/O model, specifics of the Windows I/O model, which allows miniport drivers function which allows miniport drivers function on Win9x as well
on Win9x as well
NDIS processes own I/O request NDIS processes own I/O request packets, NDIS packets
packets, NDIS packets
NDIS Intermediate Driver NDIS Intermediate Driver
Lie between the NDIS miniport driver and the TDI Lie between the NDIS miniport driver and the TDI transport driver
transport driver
Can add functionality such as load-balancing and quality Can add functionality such as load-balancing and quality of service
of service Examples:
Examples:
Windows 2000 QOS packet classifying driver Windows 2000 QOS packet classifying driver
Network Monitor driver
Network Monitor driver
NDIS 5 Features NDIS 5 Features
Report whether network medium is active Report whether network medium is active
TCP/IP uses this information to reevaluate DHCP addressing info.
TCP/IP uses this information to reevaluate DHCP addressing info.
TCP/IP task offloading TCP/IP task offloading
Packet checksums or IPsec can be handled at network adaptor level Packet checksums or IPsec can be handled at network adaptor level
Fast packet forwarding Fast packet forwarding
Network adaptor may perform routing (without delivering them to Network adaptor may perform routing (without delivering them to CPU) CPU)
Wake-on-LAN Wake-on-LAN
Connection-oriented NDIS Connection-oriented NDIS
Manage connection-oriented media such as Asynchronous Transfer Manage connection-oriented media such as Asynchronous Transfer Mode (ATM) devices
Mode (ATM) devices
Microsoft TCP/IP - Overview Microsoft TCP/IP - Overview
Core protocol elements, services, and the interfaces Core protocol elements, services, and the interfaces between them.
between them.
Transport Driver Interface (TDI) and Network Device Transport Driver Interface (TDI) and Network Device Interface (NDIS) are public
Interface (NDIS) are public
specifications are available from Microsoft.
specifications are available from Microsoft.
A number of higher level interfaces available to user- A number of higher level interfaces available to user- mode applications.
mode applications.
The two most commonly used are Windows Sockets and The two most commonly used are Windows Sockets and
NetBIOS.
NetBIOS.
TCP/IP Implementation in TCP/IP Implementation in
Windows Windows
Support for Standard Features Support for Standard Features
Ability to bind to multiple network cards with different media types Ability to bind to multiple network cards with different media types Logical multi-homing
Logical multi-homing
Internal IP routing capability Internal IP routing capability IGMP (IP Multicasting) support IGMP (IP Multicasting) support Duplicate IP address detection Duplicate IP address detection Multiple default gateways Multiple default gateways Dead gateway detection Dead gateway detection
Automatic Path Maximum Transmission Unit (PMTU) discovery Automatic Path Maximum Transmission Unit (PMTU) discovery Performance Enhancements
Performance Enhancements
Greatly reduced broadcast traffic Greatly reduced broadcast traffic
Shorter code paths/reduced CPU utilization Shorter code paths/reduced CPU utilization Self-tuning features
Self-tuning features
TCP/IP in Windows (contd.) TCP/IP in Windows (contd.)
Services Available Services Available
Dynamic Host Configuration Protocol (DHCP) client and server Dynamic Host Configuration Protocol (DHCP) client and server Windows Internet Name Service (WINS), a NetBIOS name server Windows Internet Name Service (WINS), a NetBIOS name server Domain Name Server (DNS) (added in Windows NT 4.0)
Domain Name Server (DNS) (added in Windows NT 4.0)
Point-to-Point Tunneling Protocol (PPTP) used for virtual private remote Point-to-Point Tunneling Protocol (PPTP) used for virtual private remote networks
networks
Dial-up (PPP/SLIP) support Dial-up (PPP/SLIP) support TCP/IP network printing (lpr/lpd) TCP/IP network printing (lpr/lpd) SNMP agent
SNMP agent
Wide Area Network (WAN) browsing support Wide Area Network (WAN) browsing support
High-performance Microsoft Internet Information Server High-performance Microsoft Internet Information Server
Basic TCP/IP connectivity utilities, including: finger, FTP, rcp, rexec, rsh, Basic TCP/IP connectivity utilities, including: finger, FTP, rcp, rexec, rsh, Telnet, and tftp
Telnet, and tftp
Server software for simple network protocols, including: Character Generator, Server software for simple network protocols, including: Character Generator, Daytime, Discard, Echo, and Quote of the Day
Daytime, Discard, Echo, and Quote of the Day
TCP/IP management and diagnostic tools, including: arp, hostname, ipconfig, TCP/IP management and diagnostic tools, including: arp, hostname, ipconfig, lpq, nbtstat, netstat, ping, route, and tracert
lpq, nbtstat, netstat, ping, route, and tracert
Windows Sockets 2 in Windows Windows Sockets 2 in Windows
Windows Sockets 2 Features Windows Sockets 2 Features
Access to protocols other than TCP/IP Access to protocols other than TCP/IP
Windows Sockets 2 allows an application to use the familiar socket Windows Sockets 2 allows an application to use the familiar socket interface to achieve simultaneous access to a number of installed interface to achieve simultaneous access to a number of installed transport protocols
transport protocols
Overlapped I/O with scatter/gather Overlapped I/O with scatter/gather
Windows Sockets 2 incorporates the overlapped paradigm for Windows Sockets 2 incorporates the overlapped paradigm for socket I/O and incorporates scatter/gather capabilities as well, socket I/O and incorporates scatter/gather capabilities as well, following the model established in Windows environments
following the model established in Windows environments
Protocol-independent name resolution facilities Protocol-independent name resolution facilities : :
Windows Sockets 2 includes a standardized set of functions for Windows Sockets 2 includes a standardized set of functions for querying and working with the myriad of name resolution domains querying and working with the myriad of name resolution domains that exist today (for example DNS, SAP, and X.500)
that exist today (for example DNS, SAP, and X.500)
Windows Sockets 2 (contd.) Windows Sockets 2 (contd.)
Protocol-independent multicast and multipoint Protocol-independent multicast and multipoint : :
Windows Sockets 2 applications discover what type of multipoint or Windows Sockets 2 applications discover what type of multipoint or
multicast capabilities a transport provides and use these facilities in a multicast capabilities a transport provides and use these facilities in a
generic manner.
generic manner.
Quality of service Quality of service
Window Sockets 2 establishes conventions applications use to Window Sockets 2 establishes conventions applications use to
negotiate required service levels for parameters such as bandwidth and negotiate required service levels for parameters such as bandwidth and
latency. Other QOS-related enhancements include mechanisms for latency. Other QOS-related enhancements include mechanisms for
network-specific QOS extensions.
network-specific QOS extensions.
Other frequently requested extensions Other frequently requested extensions
Windows Sockets 2 incorporates shared sockets and conditional Windows Sockets 2 incorporates shared sockets and conditional
acceptance; exchange of user data at connection setup/teardown time;
acceptance; exchange of user data at connection setup/teardown time;
and protocol-specific extension mechanisms.
and protocol-specific extension mechanisms.
RPC RPC
Remote procedure call (RPC) is a network programming standard Remote procedure call (RPC) is a network programming standard originally developed in the early 1980s
originally developed in the early 1980s
The Open Software Foundation (now the Open Group) made RPC The Open Software Foundation (now the Open Group) made RPC part of the Distributed Computing Environment (DCE)
part of the Distributed Computing Environment (DCE)
Although there is a second RPC standard, SunRPC, the Microsoft Although there is a second RPC standard, SunRPC, the Microsoft RPC implementation is compatible with the OSF/DCE standard RPC implementation is compatible with the OSF/DCE standard
RPC builds on other networking APIs, such as named pipes or RPC builds on other networking APIs, such as named pipes or Winsock, to provide an alternate programming model that in some Winsock, to provide an alternate programming model that in some sense hides the details of networking programming from an
sense hides the details of networking programming from an application developer
application developer
An RPC compiler generates networking code that application An RPC compiler generates networking code that application executes as network-transparent functions
executes as network-transparent functions Examples of applications that use RPC:
Examples of applications that use RPC:
Remote Registry service
Remote Registry service
RPC RPC
Networking APIs Networking APIs
(summary) (summary)
Named Pipes and Mailslots Named Pipes and Mailslots Windows Sockets (winsock) Windows Sockets (winsock)
Extensible API on Windows (via service provider interface – SPI) Extensible API on Windows (via service provider interface – SPI) Transport service providers: TCP/IP, NetBEUI,
Transport service providers: TCP/IP, NetBEUI,
AppleTalk, IPX/SPX, ATM, IrDA (Infrared Data Association) AppleTalk, IPX/SPX, ATM, IrDA (Infrared Data Association) Namespace service providers: DNS, Active Directory, IPX/SPX Namespace service providers: DNS, Active Directory, IPX/SPX Remote Procedure Call (DCE RPC)
Remote Procedure Call (DCE RPC)
Common Internet File System (CIFS – SMB) Common Internet File System (CIFS – SMB) Network Basic Input/Output System (NetBIOS) Network Basic Input/Output System (NetBIOS) Telephony API
Telephony API
TAPI 2.2 for C Apps, TAPI 3.0 for COM Apps TAPI 2.2 for C Apps, TAPI 3.0 for COM Apps Component Object Model – COM+
Component Object Model – COM+
Message Queuing Message Queuing
Layered Network Services Layered Network Services
Remote Access Remote Access
Dial-up remote access via Telco-infrastructure Dial-up remote access via Telco-infrastructure Virtual private network (VPN):
Virtual private network (VPN):
virtual point-to-point connection via IP network (Internet) virtual point-to-point connection via IP network (Internet) Active Directory: Windows impl. of LDAP
Active Directory: Windows impl. of LDAP (Lightweight Directory Access Protocol) (Lightweight Directory Access Protocol)
LDAP C language API LDAP C language API
Active Directory Service Interfaces (ADSI) – COM Interface to AD Active Directory Service Interfaces (ADSI) – COM Interface to AD Messaging API (MAPI) – compatibility with Exchange/Outlook Messaging API (MAPI) – compatibility with Exchange/Outlook Security Account Manager (SAM) APIs interface with auth.
Security Account Manager (SAM) APIs interface with auth.
packages packages
MSVl_0 (\Winnt\System32\Msvl_0.dll – legacy LanManager auth.) MSVl_0 (\Winnt\System32\Msvl_0.dll – legacy LanManager auth.) Kerberos (\Winnt\System32\Kdcsvc.dll – Kerberos auth.)
Kerberos (\Winnt\System32\Kdcsvc.dll – Kerberos auth.)