private async Task <bool> TryFindInRules(Device device, PacketDroppedEvent ev)
{
var client = new AgentApiClient();
try
{
var dtoRules = await client.GetRules(device.Address);
List <IRule> rules;
if (dtoRules.UfwResult != null)
{
rules = dtoRules.UfwResult.Select(rule => (IRule) new LinuxRuleAdapter(rule)).ToList();
}
else
{
rules = dtoRules.WindowsResult.Select(entry => (IRule) new WindowsRuleAdapter(entry)).ToList();
}
rules = rules.OrderBy(x => x.Direction).ToList();
HttpContext.Session.SetJson("rules", rules);
var matchingRule = rules.FirstOrDefault(x => x.Name == ev.FilterName);
if (matchingRule != null)
{
return(true);
}
return(false);
}
catch (Exception e)
{
return(false);
}
}
public void Post([FromBody] PacketDroppedEvent value)
{
var source = HttpContext.Connection.RemoteIpAddress.ToString();
Program.Callbacks.FirewallEvent(source, value);
}
public static async void EventOccured(TraceEvent eventData)
{
try
{
if (time != null)
{
if (DateTime.Now.Subtract(time) <= TimeSpan.FromSeconds(10))
{
return;
}
}
time = DateTime.Now;
var packetDroppedEvent = new PacketDroppedEvent();
packetDroppedEvent.Time = DateTimeOffset.Now;
var data = eventData.EventData();
ulong fid = 0;
uint direction = 0;
ushort layerId = 0;
int fidStart = 0;
int appIdEnd = FindEndOfAppNameString(data);
if (appIdEnd > 0)
{
fidStart = appIdEnd + 32;
fid = BitConverter.ToUInt64(data, fidStart);
layerId = BitConverter.ToUInt16(data, fidStart + 8);
}
packetDroppedEvent.FilterName = GetFilterName(fid);
if (packetDroppedEvent.FilterName.Contains("0x80320003"))
{
appIdEnd = FindEndOfAppNameString(data);
if (appIdEnd > 0)
{
fidStart = appIdEnd + 48;
fid = BitConverter.ToUInt64(data, fidStart);
layerId = BitConverter.ToUInt16(data, fidStart + 8);
packetDroppedEvent.FilterName = GetFilterName(fid);
}
}
// Local address
byte[] local = (byte[])eventData.PayloadByName("LocalAddress");
packetDroppedEvent.LocalAddress = GetAddress(local);
packetDroppedEvent.LocalPort = GetPort(local);
// Remote address
byte[] remote = (byte[])eventData.PayloadByName("RemoteAddress");
packetDroppedEvent.RemoteAddress = GetAddress(remote);
packetDroppedEvent.RemotePort = GetPort(remote);
ToastHelper.PopToast($"Event occured. Port: {packetDroppedEvent.LocalPort}. Address: {packetDroppedEvent.RemoteAddress}. FID: {packetDroppedEvent.FilterName}. LayerID: {layerId}. Direction: {direction}");
await SellyService.ApiClient.SendEvent(packetDroppedEvent);
}
catch (Exception ex)
{
ExceptionHelper.WriteFile(ex, "ETW callback");
}
}
