private async Task <bool> TryFindInRules(Device device, PacketDroppedEvent ev) { var client = new AgentApiClient(); try { var dtoRules = await client.GetRules(device.Address); List <IRule> rules; if (dtoRules.UfwResult != null) { rules = dtoRules.UfwResult.Select(rule => (IRule) new LinuxRuleAdapter(rule)).ToList(); } else { rules = dtoRules.WindowsResult.Select(entry => (IRule) new WindowsRuleAdapter(entry)).ToList(); } rules = rules.OrderBy(x => x.Direction).ToList(); HttpContext.Session.SetJson("rules", rules); var matchingRule = rules.FirstOrDefault(x => x.Name == ev.FilterName); if (matchingRule != null) { return(true); } return(false); } catch (Exception e) { return(false); } }
public void Post([FromBody] PacketDroppedEvent value) { var source = HttpContext.Connection.RemoteIpAddress.ToString(); Program.Callbacks.FirewallEvent(source, value); }
public static async void EventOccured(TraceEvent eventData) { try { if (time != null) { if (DateTime.Now.Subtract(time) <= TimeSpan.FromSeconds(10)) { return; } } time = DateTime.Now; var packetDroppedEvent = new PacketDroppedEvent(); packetDroppedEvent.Time = DateTimeOffset.Now; var data = eventData.EventData(); ulong fid = 0; uint direction = 0; ushort layerId = 0; int fidStart = 0; int appIdEnd = FindEndOfAppNameString(data); if (appIdEnd > 0) { fidStart = appIdEnd + 32; fid = BitConverter.ToUInt64(data, fidStart); layerId = BitConverter.ToUInt16(data, fidStart + 8); } packetDroppedEvent.FilterName = GetFilterName(fid); if (packetDroppedEvent.FilterName.Contains("0x80320003")) { appIdEnd = FindEndOfAppNameString(data); if (appIdEnd > 0) { fidStart = appIdEnd + 48; fid = BitConverter.ToUInt64(data, fidStart); layerId = BitConverter.ToUInt16(data, fidStart + 8); packetDroppedEvent.FilterName = GetFilterName(fid); } } // Local address byte[] local = (byte[])eventData.PayloadByName("LocalAddress"); packetDroppedEvent.LocalAddress = GetAddress(local); packetDroppedEvent.LocalPort = GetPort(local); // Remote address byte[] remote = (byte[])eventData.PayloadByName("RemoteAddress"); packetDroppedEvent.RemoteAddress = GetAddress(remote); packetDroppedEvent.RemotePort = GetPort(remote); ToastHelper.PopToast($"Event occured. Port: {packetDroppedEvent.LocalPort}. Address: {packetDroppedEvent.RemoteAddress}. FID: {packetDroppedEvent.FilterName}. LayerID: {layerId}. Direction: {direction}"); await SellyService.ApiClient.SendEvent(packetDroppedEvent); } catch (Exception ex) { ExceptionHelper.WriteFile(ex, "ETW callback"); } }