Komodia's Redirector FAQ
- 1 General questions
- 1.1 Network app takes a few seconds to load
- 1.2 What's hard excluded applications?
- 1.3 What's hard included applications?
- 1.4 IP of tunneled session
- 1.5 ICMP interception
- 1.6 Support for socket I/O types
- 1.7 OS Compatability
- 1.8 Where to place the binaries
- 1.9 Log sizes
- 1.10 Difference between application exclude on the apps to intercept
- 1.11 INI file locations
- 1.12 What's the best method to control the Redirector rules?
- 2 Extending the Redirector
- 3 Licensing
- 4 Specific modules
- 5 32/64 bit
- 6 Programming questions
- 7 LSP
- 8 DLL framework
- 9 General LSP questions
Network app takes a few seconds to load
When our program is installed and not running, sometimes it causes an issue where when a first open any internet application there is a long delay of several seconds before it connects. Then it connects normally for as long as it is open
The reason is that the service needs to start and it does takes a few seconds for it to start and the application to get its settings.
Make sure that you install the service with the /Auto flag (http://www.komodia.com/wiki/index.php?title=Komodia%27s_Redirector_installation_guide#Auto) , and also start the service just after you installed it.
What's hard excluded applications?
What's hard excluded applications and what's the difference from the soft excluded (the TCP panel with the applications/ports/ips)
When the LSP loads it firsts checks a file to get the list of hard excluded applications, in case the application is in the excluded list then the LSP will bypass itself and although the DLL is loaded, it will not be inside the chain and in effect it is just as it weren't loaded.
The difference to the soft excluded is that in the soft excluded the LSP is loaded and active, just not redirecting. The LSP is in a state it can get new settings and be turned back on for a running application. In the hard excluded the LSP can't be turned on for a running application. If you changed the settings (for example removed the application from the hard excluded list) only new instances of that applications will get that setting.
What's hard included applications?
What's hard included applications and what's the difference from the soft included (the TCP panel with the applications/ports/ips)
When the LSP loads it firsts checks a file to get the list of hard included applications, in case the application is in the included list then the LSP set itself to a loaded state even if this application is a service or a system critical process (which is excluded by default)
The difference to the soft include is that in the soft include is only performed if the LSP is loaded, which is not the case for services (this can be changed by a compile time flag) or system critical processes. But if you hard include those services/critical processes you would be able to perform soft include rules on them.
When a process is hard included it doesn't mean it will be intercepted, it will only be intercepted if the soft rules will apply to it.
IP of tunneled session
Can Redirector ensure the SSH tunnel to our server shows the outgoing connection the originators IP address when we connect from the server to the end destination?
No, TCP/IP doesn't allow a machine to "spoof" the source IP of the session, this can't be done with any networking redirection technology and is not a limitation just of the Redirector.
It is possible when using a HTTP Proxy to add a HTTP field with the users' real IP, but only because the protocol supports it.
Does the Redirector intercepts ping packets (ICMP)?
No, it doesn't.
Support for socket I/O types
Does the Redirector supports all socket I/O types: select, WSAAsyncSelect, WSAEventSelect, Overlapped I/O, and IOCP.
Yes it does.
Which OS does the Redirector supports?
Win2000 WinXP 32/64bit Windows 2003 32/64bit Windows Vista 32/64bit Windows7 32/64bit Windows 2008 32/64bit
Where to place the binaries
We recommend to place the binary at a folder like program files\your company name.
It seems that some feel the need to place them under System32. In that case there are some guidelines:
Don't place the LSP or LSP installer under system32, you must put it in other directory and let the LSP installer copy the LSP to its location. If you are under 64bit OS, you should place the files under SysWOW64 and not System32 If you have the SSL Digestor, make sure you place all the cert DLLs in the same directory as the Redirector itself
The SDK logs seems to grow, when does it stop?
When the logs reaches 5MB it's reset and the log starts from zero again.
Difference between application exclude on the apps to intercept
What's the difference if I invert the apps to intercept and add apps to exclude on the left table, or specify them on the global apps to exclude on the right table.
Because the rules are logical OR you may specify an app to exclude on the left table, but if it will satisfy another rule (say port 80) that port will be intercepted for that app, but if you specify the app in the right table, even if any rule applied, it will not be intercepted.
INI file locations
My application uses preconfigured ini files, where should I place them?
On 32bit OS: The normal .ini and offline .ini goes under system32.
On 64bit OS:
- If using 32bit build: The normal .ini goes under SysWOW64, and the offline .ini goes under both system32 and SysWOW64
- If using 64bit build: The normal .ini goes under System32, and the offline .ini goes under both system32 and SysWOW64
What's the best method to control the Redirector rules?
I want to know what is the best way to set the Redirector interception rules.
There are two ways to control the Redirector, if you plan to have static rules which will not change on the fly then you can set your rules once in the dev machine and then copy the generated ini files to their expected locations right before you install the proxy, you can read more about ini file locations here: Komodia's Redirector FAQ#INI file locations.
The other method is if you plan to have changes in runtime is to use the COM API.
Extending the Redirector
Adding traffic bytes counter
Would it be possible to use LSP or the proxy client to keep count of the aggregate data transferred between the proxy client and the Proxy server (I.e. keep track of the aggregate data volume that goes through the socksified socket connections for each App).
When using the DLL framework you get the bytes transfered under the mehotds DataBeforeSend and DataBeforeReceive and you can aggregate those values based on any statistics you want.
Another approach would be to use the statistics module which is located under "Statistics" in the PCController.
Should I use the COM API?
Should I use the COM API to control the redirection rules?
This is up to you, if you plan to change settings on the fly, then this is a good option, but if your rules are pre determined and you will not change them, you might consider copying the .ini file from the dev machine onto the target machines.
How to programatically load the DLL
How do I programatically load the DLL?
You have two ways:
Load the DLL via the COM API, more info can be found at: http://www.komodia.com/wiki/index.php?title=Komodia%27s_Redirector_API_Guide#Setting_a_DLL_to_load
Create a INI file upfront in your development machine and distribute it with your release, you can read more about it Komodia's Redirector FAQ#What.27s_the_best_method_to_control_the_Redirector_rules.3F
Returning a picture
I use the HTTP Parser, how can I return a picture when I'm at HTTPRequestBeforeSend.
You need to use the return code hrReturnHTMLAndHeader and put the header+data inside the buffer.
Our brand name is X but we co-partner with other companies to target their customer bases and it usually requires a custom branding for each sales opportunity. We could need that our license includes the ability to rebrand.
There are two options:
For each rebrand you pay a precentage (which is agreed on during the price quoting) of the version you rebranded. For example if you bought the source but rebranded just the binary, the precentage would be taken from the binary price. Buy a OEM license which has no rebranding limitations, naturally it's more expensive.
License time frame
For how long am I licensed when I purchase the SDK from you?
The license is perpetual (as long that there's no contract breach), but the support fees are annual. You can decide not to renew support but from experience in a term of 6-12 months some major change occur that requires an update and without it the SDK will not work on future software/OS/Service packs.
Do I need another license?
When is the case another license is needed?
If you release one product or number of products under your company name, you need only one license (you are still bound to the user count), but if you release a product under another companies' name you need an additional license.
For example: Your company is company A, and you release product X and Y under A, then it's one license, but if you release X or Y under company B (another company name) then you need an additional license.
I we want to only block MSN do we need this module?
No, this module is aimed to parse and change the content of MSN chat. If you want to block MSN this can be done at port or application level.
HTTP Parser methods not being called
The SDK is not calling the HTTP Parser methods (inside either the DLL framework or COM framework)
Make sure you have purchased the module, because these methods are only called when the module is inside included with the SDK.
How does the DNS hijacking works
How does the DNS hijacking modules work?
The module works by intercepting the DNS methods for each intercepted application and replaces the IPs with false IPs.
At the Redirector level number of things can happen:
If no proxy is set the Redirector will resolve the DNS itself. If a proxy is set (that support domain name), then the domain name will be used. If a DLL is set, the DLL can be able to resolve the address itself.
Does the SDK works on 64bit OS?
Does the SDK works on 64bit OS?
Yes it does, the difference between 32bit and 64bit OS is that on the 64bit you need to also install a 64bit LSP to intercept the 64bit apps.
I noticed that the filter has a SQLite3.dll file. Does it have the SQLite API built in? If so, I'd like to use it. ClientCustomizations. I tried including SQLite3.h in its various forms, but that didn't work. I also searched the Wiki and didn't find anything. I had just planned on adding the official source files from the SQLite home page, but if it's already built in, I might as well go that route.
So is it available, and if so, how can I get access to the API? Answer:
This DLL is a dependency for the cert installer, there's no direct access to it via the Redirector.
InstallDLL no longer produces .lib files
I notice that InstallDLL no longer produces a .lib file, is it by design?
InstallDLL was modified so it will can be used with other languages then C++
Trying to remote debug the SDK hangs
When I try to remotely debug the SDK on a VM machine, the debugger hangs, how can this be resolved?
The problem is that the interception rules is set to all processes, and when you break into the Redirector, you stall the debugger traffic (since it's intercepted). The solution is add the remote debugger (msvsmon.exe) into the hard excluded apps.+
Detecting LSP removal
How can I detect that my LSP has been removed?
You can do it using number of ways:
1. RegisterLSP -p and analyze the output. 2. Use the DLL Register LSP to get the LSP list. 3. Use the COM LSP component to get the list.
Deleting your LSP only
Using "registerlsp -f" deletes all LSPs, how can I delete just my LSP.
Use: registerlsp -q yourlspname
LSP log location
Where do I find the LSP log?
The log is off by default, to turn it on follow these insturctions: http://www.komodia.com/wiki/index.php?title=Komodia%27s_Redirector_troubleshooting_guide#Enabling_LSP_log
Once the log is generated it will be under the user's %temp% and %temp%\low directory, with the name pcproxy.log
Uninstalling the LSP
If I uninstall the LSP, would the software that uses the LSP will stop to work?
The applications will keep working with the LSP until they are closed, new instances will load without the LSP. The LSP is queued to be deleted at reboot.
Uninstalling then installing the LSP
The LSP is marked for deletion after uninstall on the next reboot, if I install it without a reboot, will the new LSP be deleted?
The LSP is renamed before marked for deletion so the old LSP will be deleted and not the new one.
Modifying the HTML
I modified the HTML data, returned dhrModify but the content length was not modified.
When using dhrModify, you are responsible to adjust the header as well. If you wish that the Redirector will adjust it, then you need to return dhrReturnHTML.
How can I return HTML+Header in HTTPRequestBeforeSend ==
How can I return HTML+Header using the return value "dhrReturnHTMLAndHeader" when I have only one pointer to modify?
If you want to return both HTML+Header you put them both on the same pointer, this is different then HTTPRequestBeforeReceive in which you indeed have two pointers to modify.
MessageBox in the DLL
I've placed a mesagebox inside the DLL for debugging purposes, is it good?
Because the service can't interact with the desktop (in XP you can set a flag to do it, but in Vista and above this flag has no effect) you will never see the message box and this will cause the service to hang and you will experience all sorts of problems, so don't put a message box inside the DLL.
General LSP questions
What is: LSP_INSPECTOR
What is LSP_INSPECTOR LSP?
From Windows Vista and above there is a feature called LSP categories which allows the OS to know when to load or not to load your LSP, LSP_INSPECTOR is one of the types, this however doesn't change the code inside the LSP, only the way you register is with the OS.
Can I change the TCP/IP flags with LSP
I want to modify the IP and/or TCP packet flags, can I do it with LSP?
With the LSP you can do all the manipulations that you can do with normal sockets, Winsock gives limited control over the header flags.
How does SetFileCompletionNotificationModes will affect the LSP
If an developer uses SetFileCompletionNotificationModes with parameter 1 or 3 which disabled completion port, will the application or LSP be affected?
When a developer sets this flag, the app will not be able to receive any notifications from the LSP, the developer will have to work extensively to make overlaped sockets work when setting this flag.