TDI guide

TDI on Windows 8

TDI can’t intercept Modern UI apps on Windows 8 (formerly known as Metro), you must use WFP to intercept Modern UI apps, you can read more here: TDI Windows 8.

TDI high level overview

TDI is a driver that is used to perform TCP/IP filtering and inspection, it works on either packets level or stream level and is able to modify, inject and drop packets.

When to use TDI?

TDI is mostly used for: Firewalls, and Parental control.

When not to use TDI?

Microsoft has announced that it might not support TDI for Windows 8.

TDI is driver based so it’s an advantage and a disadvantage, it depends on the needs of your software and your programming capabilities.

Komodia’s solution

In Komodia’s Redirector can save you time if you plan to develop an interception component for workstations, save you atleast one year of development time.

TDI detailed info

TDI is an acronym for Transport Driver Interface; a common interface used by drivers, like Windows 2000 server and redirector, in order to communicate with various NTPs (Network Transport Protocols). The major purpose of using the Transport Driver Interface is to have a standard API for the higher-edge of the Microsoft Windows Network Transport Protocol. Although TDI is specifically used for Windows 2000 or later versions, however, Windows 95 too had a version or variation of TDI; but it was meant only for the TCP/IP protocol. The major benefit of using TDI or the Transport Driver Interface is that by using TDI, services become independent of the network transport protocols. There is no driver for the Transport Driver Interface; unlike the NDIS. Hence it can be used to pass on messages within two layers of the network stack.

TDI is developed by Microsoft with the purpose of providing more functionality with flexibility as compared to the existing interfaces like the NetBIOS or the Winsock. In Windows 2000 and later versions, all the transport providers can have direct interface with the TDI or the Transport Driver Interface; hence allowing the Transport Driver Interface to offer a better and more consistent interface with the network transport protocols. The specification for the TDI (not included in this article) discusses all the functions and calling mechanisms that is used by the transport drivers and the Transport Driver Interface clients to communicate with each other.

One important note is that Microsoft plan to phase out support for TDI in the next OS.

What does TDI includes

The TDI specifically defines a kernel-mode network interface. This interface is visible to the upper level of all TPS (transport protocol stack). In every such protocol stack, all the protocol drivers that are at the highest level supports the TDI interface for all the higher level network clients in kernel-mode. The TDI interface includes:

Key features of TDI

There are various features of the Transport Driver Interface, however, some of the major features of TDI are mentioned below:

Operational information

Here is brief operational information about the Transport Driver Interface. For the purpose of ease-of-reading, the operational information about the TDI is divided into steps: