internal FirewallProvider(FWPM_PROVIDER0 provider, FirewallEngine engine, Func <SecurityInformation, bool, NtResult <SecurityDescriptor> > get_sd)
: base(provider.providerKey, provider.displayData, new NamedGuidDictionary(), engine, get_sd)
{
ServiceName = provider.serviceName ?? string.Empty;
Flags = provider.flags;
ProviderData = provider.providerData.ToArray();
}
internal FirewallCallout(FWPM_CALLOUT0 callout, FirewallEngine engine, Func <SecurityInformation, bool, NtResult <SecurityDescriptor> > get_sd)
: base(callout.calloutKey, callout.displayData, NamedGuidDictionary.CalloutGuids.Value, engine, get_sd)
{
Flags = callout.flags;
ProviderData = callout.providerData.ToArray();
ProviderKey = FirewallUtils.ReadGuid(callout.providerKey) ?? Guid.Empty;
ApplicableLayer = callout.applicableLayer;
CalloutId = callout.calloutId;
}
internal FirewallSubLayer(FWPM_SUBLAYER0 sublayer, FirewallEngine engine, Func <SecurityInformation, bool, NtResult <SecurityDescriptor> > get_sd)
: base(sublayer.subLayerKey, sublayer.displayData, NamedGuidDictionary.SublayerGuids.Value, engine, get_sd)
{
if (sublayer.providerKey != IntPtr.Zero)
{
ProviderKey = new Guid(NtProcess.Current.ReadMemory(sublayer.providerKey.ToInt64(), 16));
}
ProviderData = sublayer.providerData.ToArray();
Flags = sublayer.flags;
Weight = sublayer.weight;
}
private protected FirewallObject(Guid key, FWPM_DISPLAY_DATA0 display_data, NamedGuidDictionary key_to_name, FirewallEngine engine,
Func<SecurityInformation, bool, NtResult<SecurityDescriptor>> get_sd)
{
Key = key;
Name = display_data.name ?? string.Empty;
Description = display_data.description ?? string.Empty;
KeyName = key_to_name.GetName(key);
_engine = engine;
_get_sd = get_sd;
_get_sd_default = new Lazy<SecurityDescriptor>(() => ((INtObjectSecurity)this).GetSecurityDescriptor(SecurityInformation.Owner
| SecurityInformation.Group | SecurityInformation.Dacl));
}
internal FirewallLayer(FWPM_LAYER0 layer, FirewallEngine engine, Func <SecurityInformation, bool, NtResult <SecurityDescriptor> > get_sd)
: base(layer.layerKey, layer.displayData, NamedGuidDictionary.LayerGuids.Value, engine, get_sd)
{
Flags = layer.flags;
DefaultSubLayerKey = layer.defaultSubLayerKey;
LayerId = layer.layerId;
List <FirewallField> fields = new List <FirewallField>();
if (layer.numFields > 0 && layer.field != IntPtr.Zero)
{
var buffer = new SafeHGlobalBuffer(layer.field, 1, false);
buffer.Initialize <FWPM_FIELD0>((uint)layer.numFields);
fields.AddRange(buffer.ReadArray <FWPM_FIELD0>(0, layer.numFields).Select(f => new FirewallField(f)));
}
Fields = fields.AsReadOnly();
}
internal FirewallFilter(FWPM_FILTER0 filter, FirewallEngine engine, Func <SecurityInformation, bool, NtResult <SecurityDescriptor> > get_sd)
: base(filter.filterKey, filter.displayData, new NamedGuidDictionary(), engine, get_sd)
{
ActionType = filter.action.type;
if (ActionType.HasFlag(FirewallActionType.Callout))
{
CalloutKey = filter.action.action.calloutKey;
CalloutKeyName = NamedGuidDictionary.CalloutGuids.Value.GetName(CalloutKey);
}
else
{
FilterType = filter.action.action.filterType;
}
LayerKey = filter.layerKey;
LayerKeyName = NamedGuidDictionary.LayerGuids.Value.GetName(LayerKey);
SubLayerKey = filter.subLayerKey;
SubLayerKeyName = NamedGuidDictionary.SubLayerGuids.Value.GetName(SubLayerKey);
Flags = filter.flags;
List <FirewallFilterCondition> conditions = new List <FirewallFilterCondition>();
if (filter.numFilterConditions > 0)
{
var conds = new SafeHGlobalBuffer(filter.filterCondition, 1, false);
conds.Initialize <FWPM_FILTER_CONDITION0>((uint)filter.numFilterConditions);
conditions.AddRange(conds.ReadArray <FWPM_FILTER_CONDITION0>(0, filter.numFilterConditions).Select(c => new FirewallFilterCondition(c)));
}
Conditions = conditions.AsReadOnly();
Weight = new FirewallValue(filter.weight, Guid.Empty);
EffectiveWeight = new FirewallValue(filter.effectiveWeight, Guid.Empty);
if (filter.providerKey != IntPtr.Zero)
{
ProviderKey = filter.providerKey.ReadGuid() ?? Guid.Empty;
}
ProviderData = filter.providerData.ToArray();
FilterId = filter.filterId;
}
private FirewallNetEventListener(FirewallEngine engine)
{
_engine = engine;
_queue = new BlockingCollection <FirewallNetEvent>();
}
