Ejemplo n.º 1
0
 // Ctor allows conversion from L4Packet to Connection.
 public Connection(IPV4_PACKET pkt)
 {
     Type         = new ConnectionType(pkt.protocol);
     _state       = new ConnectionState(TransmissionDirection.ONE_WAY);
     SrcHost      = new ConnectionAddress(pkt.source_address);
     DstHost      = new ConnectionAddress(pkt.destination_address);
     SrcPort      = pkt.source_port;
     DstPort      = pkt.destination_port;
     DstGeo       = new GeoData();
     _packetCount = 1;
     _dataSize    = pkt.payload_size;
     TimeStamp    = DateTime.Now;
     DstASN       = null;
     DstASNOrg    = "--";
 }
Ejemplo n.º 2
0
        public override bool Equals(Object obj)
        {
            // Check for null and compare run-time types.
            if (obj != null && obj is ConnectionAddress)
            {
                // Cast objest to usable current type.
                ConnectionAddress addr = obj as ConnectionAddress;

                if (Equals(this.Address, addr.Address))
                {
                    return(true);
                }
            }

            return(false);
        }
Ejemplo n.º 3
0
        // Used to ensure that a valid filter is constructed.
        static public bool TryParse(Argument argument, Modifyer modifyer, string value, out Filter filter)
        {
            // Set default value of filter incase parsing fails.
            filter = new Filter(Argument.NULL, Modifyer.NONE, string.Empty, string.Empty);
            // Create empty potential secondaryValue (may be used by some arguments).
            string secondaryValue = String.Empty;

            // Don't allow modifyers on arguments that don't use them.
            if (!(argument == Argument.HOST || argument == Argument.PORT) &&
                modifyer != Modifyer.NONE)
            {
                return(false);
            }

            // Validate host argument.
            if (argument == Argument.HOST)
            {
                // Check for an IP range.
                if (value.Split('-').Length == 2)
                {
                    // Split string based on '-' delimiter (represents a range).
                    secondaryValue = value.Split('-')[1];
                    value          = value.Split('-')[0];

                    // Check IP against regex before TryParse.
                    if (Regex.Match(secondaryValue, Filter.nonNumericAndDotRegex).Length > 0)
                    {
                        return(false);
                    }

                    // Make sure secondary IP is valid.
                    if (!IPAddress.TryParse(secondaryValue, out IPAddress _))
                    {
                        return(false);
                    }
                }

                // Check IP against regex before TryParse.
                if (Regex.Match(value, Filter.nonNumericAndDotRegex).Length > 0)
                {
                    return(false);
                }

                // Make sure primary IP is valid.
                if (!IPAddress.TryParse(value, out IPAddress _))
                {
                    return(false);
                }

                // Make sure range is sane.
                if (secondaryValue != string.Empty && ConnectionAddress.IPV4ToUint32(IPAddress.Parse(value))
                    >= ConnectionAddress.IPV4ToUint32(IPAddress.Parse(secondaryValue)))
                {
                    return(false);
                }
            }
            // Validate port argument.
            else if (argument == Argument.PORT)
            {
                // Check for a port range.
                if (value.Split('-').Length == 2)
                {
                    // Split string based on '-' delimiter (represents a range).
                    secondaryValue = value.Split('-')[1];
                    value          = value.Split('-')[0];

                    // Check Port against regex before TryParse.
                    if (Regex.Match(secondaryValue, Filter.nonNumericRegex).Length > 0)
                    {
                        return(false);
                    }

                    // Make sure we have a valid secondary port value.
                    if (!UInt16.TryParse(secondaryValue, out _))
                    {
                        return(false);
                    }
                }

                // Check Port against regex before TryParse.
                if (Regex.Match(value, Filter.nonNumericRegex).Length > 0)
                {
                    return(false);
                }

                // Make sure we have a valid primary port value.
                if (!UInt16.TryParse(value, out _))
                {
                    return(false);
                }

                // Make sure range is sane.
                if (secondaryValue != string.Empty && UInt16.Parse(value) >= UInt16.Parse(secondaryValue))
                {
                    return(false);
                }
            }
            else if (argument == Argument.ISO)
            {
                // ISO code should have at 2 or 5 chars.
                if (!(value.Length == 2 || value.Length == 5))
                {
                    return(false);
                }

                // Check string against regex before.
                if (Regex.Match(value, Filter.nonAlphaAndDashRegex).Length > 0)
                {
                    return(false);
                }
            }
            else if (argument == Argument.ASN)
            {
                // Check string against regex before.
                if (Regex.Match(value, Filter.nonAlphaNumericAndSeparatorsRegex).Length > 0)
                {
                    return(false);
                }
            }

            // Create new filter on successful parse.
            filter = new Filter(argument, modifyer, value, secondaryValue);
            return(true);
        }
Ejemplo n.º 4
0
        // Checks if a connection matches the filter.
        public bool IsMatch(Connection conn)
        {
            // If we have no filters, nothing can match.
            if (!(Filters.Count > 0))
            {
                return(false);
            }

            // Check all active filters against the connection.
            foreach (Filter filter in Filters)
            {
                // Drop through each possible filter type and run the matching argument test.
                if (filter.Argument == Argument.TCP && conn.Type.Protocol != L4_PROTOCOL.TCP)
                {
                    return(false);
                }
                else if (filter.Argument == Argument.UDP && conn.Type.Protocol != L4_PROTOCOL.UDP)
                {
                    return(false);
                }
                else if (filter.Argument == Argument.HOST)
                {
                    // Handle ANY matching host.
                    if (filter.Modifyer == Modifyer.NONE)
                    {
                        // Handle range based values.
                        if (filter.SecondaryValue != String.Empty)
                        {
                            UInt32 lowerRange = ConnectionAddress.IPV4ToUint32(IPAddress.Parse(filter.Value));
                            UInt32 upperRange = ConnectionAddress.IPV4ToUint32(IPAddress.Parse(filter.SecondaryValue));

                            if (!(conn.SrcHost.AddressValue() >= lowerRange && conn.SrcHost.AddressValue() <= upperRange) &&
                                !(conn.DstHost.AddressValue() >= lowerRange && conn.DstHost.AddressValue() <= upperRange))
                            {
                                return(false);
                            }
                        }
                        // Handle single value.
                        else if (!conn.SrcHost.Address.ToString().Equals(filter.Value) &&
                                 !conn.DstHost.Address.ToString().Equals(filter.Value))
                        {
                            return(false);
                        }
                    }
                    // Handle SRC matching host.
                    else if (filter.Modifyer == Modifyer.SRC)
                    {
                        // Handle range based values.
                        if (filter.SecondaryValue != String.Empty)
                        {
                            UInt32 lowerRange = ConnectionAddress.IPV4ToUint32(IPAddress.Parse(filter.Value));
                            UInt32 upperRange = ConnectionAddress.IPV4ToUint32(IPAddress.Parse(filter.SecondaryValue));

                            if (!(conn.SrcHost.AddressValue() >= lowerRange && conn.SrcHost.AddressValue() <= upperRange))
                            {
                                return(false);
                            }
                        }
                        // Handle single value.
                        else if (!conn.SrcHost.Address.ToString().Equals(filter.Value))
                        {
                            return(false);
                        }
                    }
                    // Handle DST matching host.
                    else if (filter.Modifyer == Modifyer.DST)
                    {
                        // Handle range based values.
                        if (filter.SecondaryValue != String.Empty)
                        {
                            UInt32 lowerRange = ConnectionAddress.IPV4ToUint32(IPAddress.Parse(filter.Value));
                            UInt32 upperRange = ConnectionAddress.IPV4ToUint32(IPAddress.Parse(filter.SecondaryValue));

                            if (!(conn.DstHost.AddressValue() >= lowerRange && conn.DstHost.AddressValue() <= upperRange))
                            {
                                return(false);
                            }
                        }
                        // Handle single value.
                        else if (!conn.DstHost.Address.ToString().Equals(filter.Value))
                        {
                            return(false);
                        }
                    }
                }
                else if (filter.Argument == Argument.PORT)
                {
                    // Handle ANY matching port.
                    if (filter.Modifyer == Modifyer.NONE)
                    {
                        // Handle range based values.
                        if (filter.SecondaryValue != String.Empty)
                        {
                            UInt16 lowerRange = UInt16.Parse(filter.Value);
                            UInt16 upperRange = UInt16.Parse(filter.SecondaryValue);

                            if (!(conn.SrcPort >= lowerRange && conn.SrcPort <= upperRange) &&
                                !(conn.DstPort >= lowerRange && conn.DstPort <= upperRange))
                            {
                                return(false);
                            }
                        }
                        // Handle single value.
                        else if (!conn.SrcPort.ToString().Equals(filter.Value) && !conn.DstPort.ToString().Equals(filter.Value))
                        {
                            return(false);
                        }
                    }
                    // Handle SRC matching port.
                    else if (filter.Modifyer == Modifyer.SRC)
                    {
                        // Handle range based values.
                        if (filter.SecondaryValue != String.Empty)
                        {
                            UInt16 lowerRange = UInt16.Parse(filter.Value);
                            UInt16 upperRange = UInt16.Parse(filter.SecondaryValue);

                            if (!(conn.SrcPort >= lowerRange && conn.SrcPort <= upperRange))
                            {
                                return(false);
                            }
                        }
                        // Handle single value.
                        else if (!conn.SrcPort.ToString().Equals(filter.Value))
                        {
                            return(false);
                        }
                    }
                    // Handle DST matching port.
                    else if (filter.Modifyer == Modifyer.DST)
                    {
                        // Handle range based values.
                        if (filter.SecondaryValue != String.Empty)
                        {
                            UInt16 lowerRange = UInt16.Parse(filter.Value);
                            UInt16 upperRange = UInt16.Parse(filter.SecondaryValue);

                            if (!(conn.DstPort >= lowerRange && conn.DstPort <= upperRange))
                            {
                                return(false);
                            }
                        }
                        // Handle single value.
                        else if (!conn.DstPort.ToString().Equals(filter.Value))
                        {
                            return(false);
                        }
                    }
                }
                else if (filter.Argument == Argument.ISO)
                {
                    if (!(Regex.Match(conn.DstGeo.ToString().ToLower(), filter.Value).Length > 0))
                    {
                        return(false);
                    }
                }
                else if (filter.Argument == Argument.ASN)
                {
                    if (!(Regex.Match(conn.DstASNOrg.ToLower(), filter.Value).Length > 0))
                    {
                        return(false);
                    }
                }
            }

            // No non-matches were found with active filters, so we must have a match.
            return(true);
        }