public void PacketDispatcher(PcapDotNet.Packets.Packet packet)
{
Common.PacketData pdata = new Common.PacketData(packet);
if (!NetworkFirewall.TestIncoming(pdata))
{
return;
}
Task.Run(() =>
{
switch (pdata.Type)
{
case PacketType.Arp:
Arp.OnReceivePacket(pdata);
break;
case PacketType.Icmp:
Icmp.OnReceivePacket(pdata);
break;
case PacketType.Dns:
Dns.OnReceivePacket(pdata);
break;
case PacketType.Tcp:
Tcp.OnReceivePacket(pdata);
break;
case PacketType.Http:
Tcp.OnReceivePacket(pdata);
break;
}
});
}
public override void OnReceivePacket(Common.PacketData pdata)
{
var ip = pdata.Packet.Ethernet.IpV4;
var tcp = ip.Tcp;
var destPort = tcp.DestinationPort;
var destIp = new Common.IPv4Address(ip.Destination.ToString());
Sessions[destPort].AddPacketToQueue(pdata);
}
public void AddPacketToQueue(Common.PacketData pdata)
{
if (Queue.Count == 0)
{
HandlePacket(pdata);
}
else
{
Queue.Enqueue(pdata);
}
}
public override bool TestOutgoing(Common.PacketData pdata)
{
if (ServiceRules.ContainsKey(pdata.Type))
{
bool result = ServiceRules[pdata.Type].AllowOutgoing;
LogPacket(result, false, pdata.Type);
return(result);
}
else
{
LogPacket(DefaultResultOutgoing, false, pdata.Type);
return(DefaultResultOutgoing);
}
}
public void HandlePacket(Common.PacketData pdata)
{
var ip = pdata.Packet.Ethernet.IpV4;
var tcp = ip.Tcp;
if (State == TcpState.SYN_SENT)
{
if (tcp.IsSynchronize && tcp.IsAcknowledgment)
{
// BAM. SYN-ACK received, TCP handshake complete after we send
// this ACK
State = TcpState.ESTABLISHED;
AcknowledgementNumber = tcp.SequenceNumber + 1;
SequenceNumber++;
SendAck();
}
else
{
// BAD. Nothing to do here, becuase they are stupid.
}
}
else if (State == TcpState.ESTABLISHED)
{
if (tcp.PayloadLength != 0)
{
AcknowledgementNumber += (uint)tcp.PayloadLength;
PacketReceived(pdata);
SendAck();
}
if (tcp.IsFin)
{
CloseConnection();
}
}
if (Queue.Count != 0)
{
Common.PacketData p = null;
Queue.TryDequeue(out p);
if (p != null)
{
HandlePacket(p);
}
}
}
public override void OnReceivePacket(Common.PacketData pdata)
{
var packet = pdata.Packet;
var fromIP = new Common.IPv4Address(packet.Ethernet.IpV4.Source.ToString());
var toIP = new Common.IPv4Address(packet.Ethernet.IpV4.Destination.ToString());
var ipv4 = packet.Ethernet.IpV4;
var icmp = ipv4.Icmp;
// Is this an echo request to our IP?
if (icmp.MessageType == PcapDotNet.Packets.Icmp.IcmpMessageType.Echo && toIP.AsString == _client.Configuration.IpAddress.AsString)
{
SendIcmpReplyPacket(packet);
}
else if (icmp.MessageType == IcmpMessageType.EchoReply && CurrentPings.ContainsKey((packet.Ethernet.IpV4.Icmp as IcmpEchoReplyDatagram).Identifier))
{
var reply = packet.Ethernet.IpV4.Icmp as IcmpEchoReplyDatagram;
var request = CurrentPings[reply.Identifier];
PingResult result = new PingResult(packet, pdata.TimeStamp, request);
result.Bytes = request.Bytes;
request.Callback(result);
}
else if (icmp.MessageType == IcmpMessageType.TimeExceeded)
{
var reply = packet.Ethernet.IpV4.Icmp as IcmpTimeExceededDatagram;
var replyEcho = reply.IpV4.Icmp as IcmpEchoDatagram;
var request = CurrentPings[replyEcho.Identifier];
PingResult result = new PingResult(PingResultType.TtlExpired);
result.RespondingHost = fromIP;
result.Response = (int)(DateTime.Now - request.TimeStamp).TotalMilliseconds;
request.Callback(result);
}
else if (icmp.MessageType == IcmpMessageType.DestinationUnreachable)
{
var reply = packet.Ethernet.IpV4.Icmp as IcmpDestinationUnreachableDatagram;
var replyEcho = reply.IpV4.Icmp as IcmpDestinationUnreachableDatagram;
//var request = CurrentPings[replyEcho.Identifier];
//PingResult result = new PingResult(PingResultType.DestinationHostUnreachable);
//result.RespondingHost = fromIP;
//result.Response = (int)(DateTime.Now - request.TimeStamp).TotalMilliseconds;
//request.Callback(result);
}
}
public override void OnReceivePacket(Common.PacketData pdata)
{
var packet = pdata.Packet;
var arp = packet.Ethernet.Arp;
var senderMac = new Common.MacAddress(arp.SenderHardwareAddress.ToArray());
var destMac = new Common.MacAddress(arp.TargetHardwareAddress.ToArray());
var senderIp = new Common.IPv4Address(arp.SenderProtocolAddress.ToArray());
var destIp = new Common.IPv4Address(arp.TargetProtocolAddress.ToArray());
// We can cache their MAC and IP
if (AcceptGratuitousReplies || destMac.AsString != Common.MacAddress.Broadcast.AsString)
{
ArpCache.AddOrUpdate(senderIp.AsString, new ArpCacheEntry()
{
Mac = senderMac,
Ip = senderIp,
Type = ArpEntryType.Dynamic,
Expiration = GetNextExpirationTime(),
}, (str, myarp) => myarp);
if (arp.Operation == ArpOperation.Reply)
{
TryFireArpReplyReceied(senderIp, senderMac);
}
// Fire the Cache Changed event
TryFireArpCacheChanged();
}
// If it is a request for our IP, respond
if (arp.Operation == ArpOperation.Request && destIp.AsString == _client.Configuration.IpAddress.AsString)
{
// Send Reply Packet
SendArpReplyPacket(senderIp);
}
}
public abstract void OnReceivePacket(Common.PacketData packet);
public override void OnReceivePacket(Common.PacketData packet)
{
var udp = packet.Packet.Ethernet.IpV4.Udp;
ushort destPort = udp.DestinationPort;
var dns = udp.Dns;
string domain = "";
try
{
if (dns.Answers[0].DnsType == DnsType.Ptr)
{
domain = dns.Queries[0].DomainName.ToString();
}
else
{
domain = dns.Answers[0].DomainName.ToString();
}
}
catch
{
return;
}
domain = domain.Trim('.').ToLower();
string hashVal = domain + ":" + destPort.ToString();
Dictionary <string, DnsEntry> temp = new Dictionary <string, DnsEntry>();
if (PendingRequests.Contains(hashVal))
{
PendingRequests.Remove(hashVal);
foreach (DnsDataResourceRecord record in dns.Answers)
{
if (record.DnsType == DnsType.Ns)
{
string nsvalue = (record.Data as DnsResourceDataDomainName).Data.ToString().ToLower().Trim('.');
string domainname = record.DomainName.ToString().Trim('.');
if (temp.ContainsKey(domainname))
{
((NSRecord)temp[domainname]).Nameservers.Add(nsvalue);
}
else
{
temp.Add(domainname, new NSRecord(domain, record.Ttl, nsvalue));
}
}
else if (record.DnsType == DnsType.Ptr)
{
string newdata = (record.Data as DnsResourceDataDomainName).Data.ToString().ToLower().Trim('.');
string domainname = record.DomainName.ToString().Trim('.');
domainname = domainname.Remove(domainname.Length - 13, 13);
domainname = (new Common.IPv4Address(new Common.IPv4Address(domainname).AsReverseString).AsString);
if (temp.ContainsKey(domainname))
{
((PTRRecord)temp[domainname]).Domain = newdata;
}
else
{
temp.Add(domainname, new PTRRecord(newdata, record.Ttl, new Common.IPv4Address(domainname)));
}
}
else if (record.DnsType == DnsType.A)
{
string ipvalue = (record.Data as DnsResourceDataIpV4).Data.ToString().ToLower().Trim('.');
string domainname = record.DomainName.ToString().Trim('.');
if (temp.ContainsKey(domainname))
{
((ARecord)temp[domainname]).IPs.Add(new Common.IPv4Address(ipvalue));
}
else
{
temp.Add(domainname, new ARecord(domain, record.Ttl, new Common.IPv4Address(ipvalue)));
}
}
else if (record.DnsType == DnsType.MailExchange)
{
var mx = (record.Data as DnsResourceDataMailExchange);
string host = mx.MailExchangeHost.ToString();
int level = mx.Preference;
string domainname = record.DomainName.ToString().Trim('.');
if (temp.ContainsKey(domainname))
{
((MXRecord)temp[domainname]).MailHosts.Add(new MXRecordRow(domainname, level, record.Ttl));
}
else
{
temp.Add(domainname, new MXRecord(record.DomainName.ToString().Trim('.'), record.Ttl, new MXRecordRow(host, level, record.Ttl)));
}
}
else if (record.DnsType == DnsType.CName)
{
var cnam = (record.Data as DnsResourceDataDomainName).Data.ToString().Trim('.');
string cnamdomain = record.DomainName.ToString().Trim('.');
if (temp.ContainsKey(cnamdomain))
{
((CNAMERecord)temp[cnamdomain]).AliasTarget = cnam;
}
else
{
temp.Add(cnamdomain, new CNAMERecord(cnamdomain, record.Ttl, cnam));
}
}
}
}
foreach (KeyValuePair <string, DnsEntry> pair in temp)
{
DnsCache.AddOrUpdate(pair.Key + " " + pair.Value.Type.ToString(), pair.Value, (a, b) => b);
}
}
public abstract override void OnReceivePacket(Common.PacketData pdata);
public abstract bool TestOutgoing(Common.PacketData pdata);
public abstract bool TestIncoming(Common.PacketData pdata);
