I want to write a NDIS miniport driver, popped as a virtual adaptenter image description hereer(like the VMWare does). Its purpose is to forward packets to existing connected vpn internal IPs(adapters). There are may be many existing vpn connections. My driver forward packets to one of them by the different processes(The processes may be connecting to same IP so route table to distinguish different connections won't work).
Any hints or examples that I can reference?
Thanks.
NDIS drivers are low-level. They have no understanding of usermode processes; by the time the packets hit NDIS, all process context is gone. Since your problem statement seems to care deeply about usermode process identity, an NDIS driver might not be the appropriate solution for the problem.
It sounds like you can use WFP to direct traffic to the appropriate interface. WFP is essentially a giant rule engine: there are input rules (like "process name is 'notepad.exe'" or "user is 'bob'") and output actions (like "reroute all traffic to network interface 42"). If you are lucky enough to be able to represent your problem with the built-in rules and actions, you might not even need to write any kernel code at all. (Think of all the time you'll save!)
If for some reason you cannot use WFP (perhaps you need to target Windows XP), then you should investigate writing a Winsock LSP. LSPs plug into the socket code within the target process, and can do some level of traffic manipulation.
