This page covers all challenges relating development of network interception product, some are shared across redirection technologies, some are specific to them.

LSP

Bugs in LSP sample

The default Microsoft sample everyone is using (including Komodia) and has built in bugs that must be fixed (just to clarify, Komodia had fixed all the bugs mentioned here):

Other challenges with LSP development

Also when developing your LSP you need to take care of the following issues:

If you decide to develop your own solution we recommend that you start with supporting Chrome, Safari and FF on Windows 7, because they will pose most problems. If you start on IE and after three months comes with a solution and then later struggle to make it work for the other browsers, you just wasted three months.

LSP conflicts and OS compatibility

There are LSP conflicts that will occur with other LSPs, so you need to make sure your installer knows how to deal with 3rd party LSP and put your LSP in the right place, some LSPs will require you to be first in the chain, some last, you can only know that after investigating those LSPs manualy, keep in mind that the default installer doesn’t support too much out of the box, you will need to add at least 5000 lines of code to make it support all the scenarios you want (layering before or after a provider, doing a provider bypass, layering over base providers only, supporting Windows in various languages)

Once you are done, you need to make sure your LSP works with Anti Viruses, you need to check 40 brands against 5 browsers across 20 flavors of Windows.

Komodia’s LSP solution

Our Komodia’s Redirector already have all of these solved, and each month we get at least one item new to add because of the speed which the software world change, overall it took us one and a half year to get something stable that works also outside of the VM.

NDIS

NDIS is a kernel driver and works on packets level, therefore most of the work must be done on packet parsing, and you will need to code these features:

Komodia’s solution

In Komodia’s Redirector we chose not to used NDIS mainly because of the limitation of LocalHost and VPN/3G, some products do use it for workstation but we believe it’s more of a server technology.

WFP

WFP can work either at packet level or stream level, which one to choose is up to your implementation, the challenges with WFP are:

Komodia’s solution

In Komodia’s Redirector we have an option to use WFP, it took us three months to develop it on top of our pre-existing solution and another three months to make it Windows 8 ready.

DLL injection

DLL injection is used when you don’t want to require the user to have admin privileges, the challenges with DLL injection are:

Komodia’s solution

In Komodia’s Redirector we use a LSP, we believe this is the way to go. Like previously said, the only situation where DLL injection is needed is that if you don’t want to require admin privileges.

HTTP Parsing

After you sorted out the redirection component you need to make sure you can read the HTTP traffic correctly, while parsing the data you need to make sure you can handle the following:

Komodia’s solution

In Komodia’s Redirector the component development and QA in the field took about six months, it’s a very complex component, but for our clients the API is very simple.

SSL decoding

If you want to inspect SSL traffic you need to know to decrypt SSL, the method is very complex to implement, we wrote a short article on how: SSL Decoding works.

Challenges when implementing this method are:

Komodia’s solution

In Komodia’s Redirector it’s the most complex component, overall with all the field QA and bugfixes it took one year to make the component stable as it is know.

Intercepting DNS

There are number of ways to do it, and it depends on your needs, basically there are a few ways to do it, the challenges are:

Komodia’s solution

In Komodia’s Redirector we have a DNS hijacking module, it is used mostly for anonymizing and it is using hooks to control the app DNS methods, you can read about how it works.

Field QA

What’s field QA, it doesn’t matter how much tests you’ll do in house, in the field you will have strange variations you couldn’t possibly think of, for example a system with: firewall, corporate firewall, AV solution and a proxy (just an example), you can’t cover all bases that’s why QA takes more then development because all of these field QA which is more common then you may thing.