Komodia's Redirector FAQ

From Komodia
Jump to: navigation, search

General questions

Network app takes a few seconds to load

Question:

When our program is installed and not running, sometimes it causes an issue where when a first open any internet application there is a long delay of several seconds before it connects. Then it connects normally for as long as it is open

Answer:

The reason is that the service needs to start and it does takes a few seconds for it to start and the application to get its settings.

Resolution:

Make sure that you install the service with the /Auto flag (http://www.komodia.com/wiki/index.php?title=Komodia%27s_Redirector_installation_guide#Auto) , and also start the service just after you installed it.

What's hard excluded applications?

Question:

What's hard excluded applications and what's the difference from the soft excluded (the TCP panel with the applications/ports/ips)

Answer:

When the LSP loads it firsts checks a file to get the list of hard excluded applications, in case the application is in the excluded list then the LSP will bypass itself and although the DLL is loaded, it will not be inside the chain and in effect it is just as it weren't loaded.

The difference to the soft excluded is that in the soft excluded the LSP is loaded and active, just not redirecting. The LSP is in a state it can get new settings and be turned back on for a running application. In the hard excluded the LSP can't be turned on for a running application. If you changed the settings (for example removed the application from the hard excluded list) only new instances of that applications will get that setting.

What's hard included applications?

Question:

What's hard included applications and what's the difference from the soft included (the TCP panel with the applications/ports/ips)

Answer:

When the LSP loads it firsts checks a file to get the list of hard included applications, in case the application is in the included list then the LSP set itself to a loaded state even if this application is a service or a system critical process (which is excluded by default)

The difference to the soft include is that in the soft include is only performed if the LSP is loaded, which is not the case for services (this can be changed by a compile time flag) or system critical processes. But if you hard include those services/critical processes you would be able to perform soft include rules on them.

When a process is hard included it doesn't mean it will be intercepted, it will only be intercepted if the soft rules will apply to it.

IP of tunneled session

Question:

Can Redirector ensure the SSH tunnel to our server shows the outgoing connection the originators IP address when we connect from the server to the end destination?

Answer:

No, TCP/IP doesn't allow a machine to "spoof" the source IP of the session, this can't be done with any networking redirection technology and is not a limitation just of the Redirector.

It is possible when using a HTTP Proxy to add a HTTP field with the users' real IP, but only because the protocol supports it.

ICMP interception

Question:

Does the Redirector intercepts ping packets (ICMP)?

Answer:

No, it doesn't.

Support for socket I/O types

Question:

Does the Redirector supports all socket I/O types: select, WSAAsyncSelect, WSAEventSelect, Overlapped I/O, and IOCP.

Answer:

Yes it does.

OS Compatability

Question:

Which OS does the Redirector supports?

Answer:

Win2000 WinXP 32/64bit Windows 2003 32/64bit Windows Vista 32/64bit Windows7 32/64bit Windows 2008 32/64bit

Where to place the binaries

We recommend to place the binary at a folder like program files\your company name.

It seems that some feel the need to place them under System32. In that case there are some guidelines:

Don't place the LSP or LSP installer under system32, you must put it in other directory and let the LSP installer copy the LSP to its location. If you are under 64bit OS, you should place the files under SysWOW64 and not System32 If you have the SSL Digestor, make sure you place all the cert DLLs in the same directory as the Redirector itself

Log sizes

Question:

The SDK logs seems to grow, when does it stop?

Answer:

When the logs reaches 5MB it's reset and the log starts from zero again.

Difference between application exclude on the apps to intercept

Question:

What's the difference if I invert the apps to intercept and add apps to exclude on the left table, or specify them on the global apps to exclude on the right table.

Answer:

Because the rules are logical OR you may specify an app to exclude on the left table, but if it will satisfy another rule (say port 80) that port will be intercepted for that app, but if you specify the app in the right table, even if any rule applied, it will not be intercepted.

INI file locations

Question:

My application uses preconfigured ini files, where should I place them?

Answer:

On 32bit OS: The normal .ini and offline .ini goes under system32.

On 64bit OS:

  • If using 32bit build: The normal .ini goes under SysWOW64, and the offline .ini goes under both system32 and SysWOW64
  • If using 64bit build: The normal .ini goes under System32, and the offline .ini goes under both system32 and SysWOW64

What's the best method to control the Redirector rules?

Question:

I want to know what is the best way to set the Redirector interception rules.

Answer:

There are two ways to control the Redirector, if you plan to have static rules which will not change on the fly then you can set your rules once in the dev machine and then copy the generated ini files to their expected locations right before you install the proxy, you can read more about ini file locations here: Komodia's Redirector FAQ#INI file locations.

The other method is if you plan to have changes in runtime is to use the COM API.

Extending the Redirector

Adding traffic bytes counter

Question:

Would it be possible to use LSP or the proxy client to keep count of the aggregate data transferred between the proxy client and the Proxy server (I.e. keep track of the aggregate data volume that goes through the socksified socket connections for each App).

Answer:

When using the DLL framework you get the bytes transfered under the mehotds DataBeforeSend and DataBeforeReceive and you can aggregate those values based on any statistics you want.

Another approach would be to use the statistics module which is located under "Statistics" in the PCController.

Should I use the COM API?

Question:

Should I use the COM API to control the redirection rules?

Answer:

This is up to you, if you plan to change settings on the fly, then this is a good option, but if your rules are pre determined and you will not change them, you might consider copying the .ini file from the dev machine onto the target machines.

How to programatically load the DLL

Question:

How do I programatically load the DLL?

Answer:

You have two ways:

Load the DLL via the COM API, more info can be found at: http://www.komodia.com/wiki/index.php?title=Komodia%27s_Redirector_API_Guide#Setting_a_DLL_to_load

Create a INI file upfront in your development machine and distribute it with your release, you can read more about it Komodia's Redirector FAQ#What.27s_the_best_method_to_control_the_Redirector_rules.3F

Returning a picture

Question:

I use the HTTP Parser, how can I return a picture when I'm at HTTPRequestBeforeSend.

Answer:

You need to use the return code hrReturnHTMLAndHeader and put the header+data inside the buffer.

Licensing

Branding

Question:

Our brand name is X but we co-partner with other companies to target their customer bases and it usually requires a custom branding for each sales opportunity. We could need that our license includes the ability to rebrand.

Answer:

There are two options:

For each rebrand you pay a precentage (which is agreed on during the price quoting) of the version you rebranded. For example if you bought the source but rebranded just the binary, the precentage would be taken from the binary price. Buy a OEM license which has no rebranding limitations, naturally it's more expensive.

License time frame

Question:

For how long am I licensed when I purchase the SDK from you?

Answer:

The license is perpetual (as long that there's no contract breach), but the support fees are annual. You can decide not to renew support but from experience in a term of 6-12 months some major change occur that requires an update and without it the SDK will not work on future software/OS/Service packs.

Do I need another license?

Question:

When is the case another license is needed?

Answer:

If you release one product or number of products under your company name, you need only one license (you are still bound to the user count), but if you release a product under another companies' name you need an additional license.

For example: Your company is company A, and you release product X and Y under A, then it's one license, but if you release X or Y under company B (another company name) then you need an additional license.

Specific modules

Blocking MSN

Question:

I we want to only block MSN do we need this module?

Answer:

No, this module is aimed to parse and change the content of MSN chat. If you want to block MSN this can be done at port or application level.

HTTP Parser methods not being called

Question:

The SDK is not calling the HTTP Parser methods (inside either the DLL framework or COM framework)

Answer:

Make sure you have purchased the module, because these methods are only called when the module is inside included with the SDK.

How does the DNS hijacking works

Question:

How does the DNS hijacking modules work?

Answer:

The module works by intercepting the DNS methods for each intercepted application and replaces the IPs with false IPs.

At the Redirector level number of things can happen:

If no proxy is set the Redirector will resolve the DNS itself. If a proxy is set (that support domain name), then the domain name will be used. If a DLL is set, the DLL can be able to resolve the address itself.

32/64 bit

Does the SDK works on 64bit OS?

Question:

Does the SDK works on 64bit OS?

Answer:

Yes it does, the difference between 32bit and 64bit OS is that on the 64bit you need to also install a 64bit LSP to intercept the 64bit apps.

Programming questions

SQLite

Question:

I noticed that the filter has a SQLite3.dll file. Does it have the SQLite API built in? If so, I'd like to use it. ClientCustomizations. I tried including SQLite3.h in its various forms, but that didn't work. I also searched the Wiki and didn't find anything. I had just planned on adding the official source files from the SQLite home page, but if it's already built in, I might as well go that route.


So is it available, and if so, how can I get access to the API? Answer:

This DLL is a dependency for the cert installer, there's no direct access to it via the Redirector.

InstallDLL no longer produces .lib files

Question:

I notice that InstallDLL no longer produces a .lib file, is it by design?

Answer:

InstallDLL was modified so it will can be used with other languages then C++

Trying to remote debug the SDK hangs

Question:

When I try to remotely debug the SDK on a VM machine, the debugger hangs, how can this be resolved?

Answer:

The problem is that the interception rules is set to all processes, and when you break into the Redirector, you stall the debugger traffic (since it's intercepted). The solution is add the remote debugger (msvsmon.exe) into the hard excluded apps.+

LSP

Detecting LSP removal

Question:

How can I detect that my LSP has been removed?

Answer:

You can do it using number of ways:

1. RegisterLSP -p and analyze the output. 2. Use the DLL Register LSP to get the LSP list. 3. Use the COM LSP component to get the list.

Deleting your LSP only

Question:

Using "registerlsp -f" deletes all LSPs, how can I delete just my LSP.

Answer:

Use: registerlsp -q yourlspname

LSP log location

Question:

Where do I find the LSP log?

Answer:

The log is off by default, to turn it on follow these insturctions: http://www.komodia.com/wiki/index.php?title=Komodia%27s_Redirector_troubleshooting_guide#Enabling_LSP_log

Once the log is generated it will be under the user's %temp% and %temp%\low directory, with the name pcproxy.log

Uninstalling the LSP

Question:

If I uninstall the LSP, would the software that uses the LSP will stop to work?

Answer:

The applications will keep working with the LSP until they are closed, new instances will load without the LSP. The LSP is queued to be deleted at reboot.

Uninstalling then installing the LSP

Question:

The LSP is marked for deletion after uninstall on the next reboot, if I install it without a reboot, will the new LSP be deleted?

Answer:

The LSP is renamed before marked for deletion so the old LSP will be deleted and not the new one.

DLL framework

Modifying the HTML

Question:

I modified the HTML data, returned dhrModify but the content length was not modified.

Answer:

When using dhrModify, you are responsible to adjust the header as well. If you wish that the Redirector will adjust it, then you need to return dhrReturnHTML.

How can I return HTML+Header in HTTPRequestBeforeSend ==

Question:

How can I return HTML+Header using the return value "dhrReturnHTMLAndHeader" when I have only one pointer to modify?

Answer:

If you want to return both HTML+Header you put them both on the same pointer, this is different then HTTPRequestBeforeReceive in which you indeed have two pointers to modify.

MessageBox in the DLL

I've placed a mesagebox inside the DLL for debugging purposes, is it good?

Answer:

Because the service can't interact with the desktop (in XP you can set a flag to do it, but in Vista and above this flag has no effect) you will never see the message box and this will cause the service to hang and you will experience all sorts of problems, so don't put a message box inside the DLL.

General LSP questions

What is: LSP_INSPECTOR

Question:

What is LSP_INSPECTOR LSP?

Answer:

From Windows Vista and above there is a feature called LSP categories which allows the OS to know when to load or not to load your LSP, LSP_INSPECTOR is one of the types, this however doesn't change the code inside the LSP, only the way you register is with the OS.

Can I change the TCP/IP flags with LSP

Question:

I want to modify the IP and/or TCP packet flags, can I do it with LSP?

Answer:

With the LSP you can do all the manipulations that you can do with normal sockets, Winsock gives limited control over the header flags.

How does SetFileCompletionNotificationModes will affect the LSP

Question:

If an developer uses SetFileCompletionNotificationModes with parameter 1 or 3 which disabled completion port, will the application or LSP be affected?

Answer:

When a developer sets this flag, the app will not be able to receive any notifications from the LSP, the developer will have to work extensively to make overlaped sockets work when setting this flag.