The Network Driver Interface Specification (NDIS) is an application programming interface (API) for network interface cards (NICs). It was jointly developed by Microsoft and 3Com Corporation and is mostly used in Microsoft Windows. However, the open-source NDISwrapper and Project Evil driver wrapper projects allow many NDIS-compliant NICs to be used with Linux, FreeBSD and NetBSD. magnussoft ZETA, a derivative of BeOS, supports a number of NDIS drivers.
The NDIS forms the Logical Link Control (LLC) sublayer, which is the upper sublayer of the OSI data link layer (layer 2). Therefore, the NDIS acts as the interface between the Media Access Control (MAC) sublayer, which is the lower sublayer of the data link layer, and the network layer (layer 3).
The NDIS is a library of functions often referred to as a “wrapper” that hides the underlying complexity of the NIC hardware and serves as a standard interface for level 3 network protocol drivers and hardware level MAC drivers. Another common LLC is the Open Data-Link Interface (ODI).
The NDIS versions supported by various Windows versions are as follows:
NDIS 2.0: MS-DOS, Windows for Workgroups 3.1, OS/2
NDIS 3.0: Windows for Workgroups 3.11
NDIS 3.1: Windows 95
NDIS 4.0: Windows 95 OSR2, NT 4.0, Windows CE 3.0
NDIS 5.0: Windows 98, 98 SE, Me, 2000
NDIS 5.1: Windows XP, Server 2003, Windows CE 4.x, 5.0, 6.0
NDIS 5.2: Windows Server 2003 SP2
NDIS 6.0: Windows Vista
NDIS 6.1: Windows Vista SP1, Server 2008, Windows Embedded Compact 7
NDIS 6.20: Windows 7, Server 2008 R2
NDIS 6.30: Windows 8, Windows Server 2012
NDIS 6.40: Windows 8.1, Windows Server 2012 R2
The traffic accepted by the NIC is controlled by an NDIS miniport Driver while various protocols, such as TCP/IP, are implemented by NDIS Protocol Drivers. A single miniport may be associated with one or more protocols. This means that traffic coming into the miniport may be received in parallel by several protocol drivers. For example, Winpcap adds a second protocol driver on the selected miniport in order to capture incoming packets. Furthermore, it is possible to simulate several virtual NICs by implementing virtual miniport drivers that send and receive traffic from a single physical NIC. One example of virtual miniport driver usage is to add virtual NICs, each with a different Virtual LAN. Due to the fact that implementations cannot assume that other drivers received the same buffers, one must treat the incoming buffers as read only and a driver that changes the packet content must allocate its own buffers.
Another driver type is NDIS Intermediate Driver. Intermediate drivers sit in-between the MAC and IP layers and can control all traffic being accepted by the NIC. In practice, intermediate drivers implement both miniport and protocol interfaces. The miniport driver and protocol driver actually communicate with the corresponding miniport and protocol interfaces that reside in the intermediate driver. This design enables adding several chained intermediate drivers between the miniport and protocol drivers. Therefore, driver vendors cannot assume that the interface that they send traffic to is implemented by the last driver in the chain. In order to write applications using NDIS one can use samples that accompany Microsoft’s Windows Driver Kit (WDK). The “PassThru” sample is a good starting point for intermediate drivers as it implements all the necessary details required in this driver type, but just passes the traffic through to the next driver in the chain.