A Layered Service Provider (LSP) is a feature of the WinSock 2 Service Provider Interface (SPI). LSP is a dll that which uses Winsock APIs to install itself into the TCP/IP stack. A Layered Service Provider can intercept and modify inbound and outbound network traffic. It allows processing of all the TCP/IP traffic taking place between the Internet and the applications that are accessing the Internet
Layered Service Provider can be used to perform these task in network path.
-Monitoring and filtering data
-Modifying data ( including cryptography)
-Redirection of data
-Redirection of URL ( proxy )
-Firewall
More Descriptive Detail:
Windows provides a standard API called Winsock which allows processes to communicate with each other on the same machine or across a network. Winsock 2 provides a Service Provider Interface (SPI) that allows inspection of all Winsock calls by third-party service providers thereby, and enables them to offer services to Winsock apps.
Using SPI, two types of service providers can be implemented: transport service providers and name space service providers. Here I'll skip any discussion about NameSpace Service Provider. A Transport providers provide data communication services, such as setting up connections, transferring data, error control, and many more. SPI allows two types of transport service providers—base and layered service providers. Base provider implements the actual details of a transport protocol like TCP/UDP/RAW/IPv4/6 and Layered Service Provider (LSPs) implement only higher-level communication functions and rely on an existing underlying base provider for the actual data communication with the other end process/machine.
Winsock 2 SPI allows LSP installation in layered form. LSPs are layered on top of BSPs. Winsock maintains a catalog of all the LSPs and BSPs which are installed on the system and how they are layered on top of each other.
Whenever a Winsock application makes a Winsock call, the system routes that call to the LSP installed on the top, now that LSP can perform its necessary tasks. It then, passes the request to the provider below itself. Ultimately that call reaches the base provider and gets handed over to the protocol drivers available on the system.
Layering ---
Winsock 2 API
-----------------------------------------------------------
WS2_32.dll
-----------------------------------------------------------
SPI
-----------------------------------------------------------
LSP__1
-----------------------------------------------------------
SPI
-----------------------------------------------------------
LSP__2
-----------------------------------------------------------
MSWSOCK.dll Other BSP
USER
===========================================
KERNAL
AFD.sys Other Transport
