First start with how you plan to quantify bandwidth. This may sound obvious, but remember that any quantity that is an average in time can be either a time space mean or a data space mean. Using the data space mean may simplify your implementation although it sounds unnatural
Second, think about what you will do if the application in question does not generate data at an even rate; at a rate less than your limit; or the bandwidth of the network is less than your limit. Again this may seem obvious (do nothing) but depending on your implementation these cases can be hard to detect and you want to minimize the impact of your software when it should be a NOOP
Third, think about what constitutes network traffic generated by a process. I mentioned this before, but it is important. Ignoring non-IP based protocols, you still have to handle network traffic directly generated by a process and network traffic indirectly generated by a process. Depending on the protocols used, and the way that an application uses the OS facilities, much or all of the network traffic generated by a process may fall into this indirect category. If a process opens a remote file via a UNC path, it may generate a significant amount of network traffic via the redirector without even linking to the Winsock library or making any socket calls.
Fourth, think about how the network protocols that you intend to limit operate. Presumably you are most interested in TCP and UDP based protocols as they constitute the majority of network protocols in use today. Understanding the behaviour of these protocols (especially TCP) is important because your software will be significantly more useful if it does something other than slow down applications without reducing network utilization ? which is what dropping arbitrary ingress packets will do
Once you have answers to these questions, you can start to look for solutions. The best solutions involve leveraging code that Microsoft has already written for you and simply configuring a policy or calling a UM API. If none of these work for you, then you probably need to write a 1:1 NDIS MUX driver. Such a driver would have an NDIS protocol lower edge and an NDIS virtual NIC upper edge and would work in conjunction with a UM hook DLL. This is not a small project, and no reasonable administrator would want this installed on their systems, so think hard before going down this road
Sent from Mailhttps: for Windows 10
From: xxxxx@gmail.commailto:xxxxx
Sent: May 29, 2016 12:21 PM
To: Windows System Software Devs Interest Listmailto:xxxxx
Subject: RE:[ntdev] is it possible to limit PROCESS network traffic with WFP?
I havn’t describe my question clearly.This is my fault.
additional info about my question is here:
1. My goal is to reduce the network usage. of course,the best way is use the router.
2. assume there is a process named ProcessA.EXE , it will upload files to servers and download files from server.
(forgive my poor english )
a: when ProcessA.EXE use socket function “send/wsasend” to send file data , I want to make sure the max bandwidth he can use is 1000KB/s. (I CALL this “upload speed”).
b: when ProcessA.EXE use socket function “recv/wsarecv” to receive the data from remote servers, I want to make sure the max bandwidth he can use is 5000KB/S. (I CALL this “download speed”).
I mean to restrict the bandwidth of a certain pocess. some Anti-Virus software has this ability.
the router can’t do this. so I think I need to develop a wfp or ndis drivers.
3.today , I found this : https://msdn.microsoft.com/en-us/library/windows/hardware/ff570891(v=vs.85).aspx
In section “Out-of-Band Stream Inspection” of this page , MS has written this:
"
WFP also supports stream data throttling for the incoming direction. If a callout cannot keep pace with the incoming data rate, it can return FWPS_STREAM_ACTION_DEFER to “pause” the stream. The stream can then be “resumed” by calling the FwpsStreamContinue0 function. Deferring a stream with this function causes the TCP/IP stack to stop ACK-processing incoming data. This causes the TCP sliding window to decrease toward 0.
"
It seems I can restrict the “download speed”( incoming data rate) of a certin process by “pause” a in-coming stream.
But also, I found nothing about how to “pause” a out-going stream(upload speed).
There is a SDK , it has what I want: http://www.netfiltersdk.com/nfsdk.html . (limits the bandwidth for a specified application)
but… it’s not open source and I really want to do it by myself.
—
NTDEV is sponsored by OSR
Visit the list online at: http:
MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers!
Details at http:
To unsubscribe, visit the List Server section of OSR Online at http:</http:></http:></http:></mailto:xxxxx></mailto:xxxxx></https:>