/// <summary>
/// Applies all known rules sequentially to the given frame, until a rule matches
/// </summary>
/// <param name="fInputFrame">The frame to analyze</param>
protected override void HandleTraffic(Frame fInputFrame)
{
IP.IPFrame ipv4Frame = GetIPv4Frame(fInputFrame);
UDP.UDPFrame udpFrame = GetUDPFrame(fInputFrame);
TCP.TCPFrame tcpFrame = GetTCPFrame(fInputFrame);
Ethernet.EthernetFrame ethFrame = GetEthernetFrame(fInputFrame);
lock (tsrRules)
{
foreach (TrafficSplitterRule tsr in tsrRules)
{
if (tsr.IsMatch(fInputFrame, ethFrame, ipv4Frame, udpFrame, tcpFrame))
{
if (tsr.Action == TrafficSplitterActions.SendToA)
{
NotifyA(fInputFrame);
return;
}
else if (tsr.Action == TrafficSplitterActions.SendToB)
{
NotifyB(fInputFrame);
return;
}
else if (tsr.Action == TrafficSplitterActions.Drop)
{
//Drop
PushDroppedFrame(fInputFrame);
return;
}
}
}
}
NotifyA(fInputFrame);
}
/// <summary>
/// Analyzes the input frame for new information.
/// </summary>
/// <param name="fInputFrame">The frame to analyze</param>
protected override void HandleTraffic(Frame fInputFrame)
{
ARPFrame arpFrame = GetARPFrame(fInputFrame);
Ethernet.EthernetFrame ethFrame = GetEthernetFrame(fInputFrame);
IP.IPFrame ipFrame = GetIPv4Frame(fInputFrame);
if (arpFrame != null)
{
if (arpFrame.Operation == ARPOperation.Request)
{
ProcessAdresses(arpFrame.SourceIP, arpFrame.SourceMAC);
}
if (arpFrame.Operation == ARPOperation.Reply)
{
ProcessAdresses(arpFrame.SourceIP, arpFrame.SourceMAC);
}
}
if (ethFrame != null && ipFrame != null)
{
ProcessAdresses(ipFrame.SourceAddress, null);
ProcessAdresses(ipFrame.DestinationAddress, null);
}
}
/// <summary>
/// Writes the given frame to the dump file
/// </summary>
/// <param name="fInputFrame">The frame to dump</param>
protected override void HandleTraffic(Frame fInputFrame)
{
byte[] bData;
if (bReadyToLog || bIsLiveLogging)
{
if (FrameTypes.IsIP(fInputFrame)) //IP hack
{
Ethernet.EthernetFrame ethFrame = new Ethernet.EthernetFrame();
if (((IP.IPFrame)fInputFrame).Version == 4)
{
ethFrame.EtherType = EtherType.IPv4;
}
else if (((IP.IPFrame)fInputFrame).Version == 6)
{
ethFrame.EtherType = EtherType.IPv6;
}
ethFrame.EncapsulatedFrame = fInputFrame;
fInputFrame = ethFrame;
}
bData = fInputFrame.FrameBytes;
if (bReadyToLog)
{
WritePacketHeader(fInputFrame, bw);
bw.Write(bData);
}
if (bIsLiveLogging)
{
WritePacketHeader(fInputFrame, bwLiveCapture);
bwLiveCapture.Write(bData);
bwLiveCapture.Flush();
}
iLogByteCount += bData.Length;
}
}
/// <summary>
/// Tries to extract a DHCP frame from this frame and forwards it to the HandleDHCPFrame method
/// </summary>
/// <param name="fInputFrame">The frame to handle</param>
protected override void HandleTraffic(Frame fInputFrame)
{
Ethernet.EthernetFrame ethFrame = GetEthernetFrame(fInputFrame);
if (ethFrame == null || lSpoofedMACs.Contains(ethFrame.Source))
{
return; //own frame.
}
if (bPause)
{
return; //Pausing.
}
base.HandleTraffic(fInputFrame);
ARP.ARPFrame arpFrame = GetARPFrame(fInputFrame);
TrafficDescriptionFrame tdf = (TrafficDescriptionFrame)GetFrameByType(fInputFrame, FrameTypes.TrafficDescriptionFrame);
#region Reply to ARP Requests
if (arpFrame != null && bAnswerARPRequests)
{
if (dictIPSpoofedMACs.ContainsKey(arpFrame.DestinationIP))
{
ARP.ARPFrame newARPFrame = new eExNetworkLibrary.ARP.ARPFrame();
newARPFrame.SourceIP = arpFrame.DestinationIP;
newARPFrame.SourceMAC = dictIPSpoofedMACs[arpFrame.DestinationIP];
newARPFrame.DestinationIP = arpFrame.SourceIP;
newARPFrame.DestinationMAC = arpFrame.DestinationMAC;
newARPFrame.HardwareAddressType = eExNetworkLibrary.HardwareAddressType.Ethernet;
newARPFrame.Operation = eExNetworkLibrary.ARP.ARPOperation.Reply;
newARPFrame.ProtocolAddressType = eExNetworkLibrary.EtherType.IPv4;
Ethernet.EthernetFrame newEthframe = new eExNetworkLibrary.Ethernet.EthernetFrame();
newEthframe.Destination = arpFrame.SourceMAC;
newEthframe.Source = dictIPSpoofedMACs[arpFrame.DestinationIP];
newEthframe.EtherType = eExNetworkLibrary.EtherType.ARP;
newEthframe.EncapsulatedFrame = newARPFrame;
TrafficDescriptionFrame newTDF = new TrafficDescriptionFrame(null, DateTime.Now);
newTDF.EncapsulatedFrame = newEthframe;
if (tdf != null && tdf.SourceInterface != null)
{
tdf.SourceInterface.Send(newTDF);
}
}
}
#endregion
}
/// <summary>
/// Checkes whether this rule matches a given frame.
/// </summary>
/// <param name="frame">The original frame</param>
/// <param name="ethFrame">The Ethernet part of the frame</param>
/// <param name="ipv4Frame">The IPv4 part of the frame</param>
/// <param name="udpFrame">The UDP part of the frame</param>
/// <param name="tcpFrame">The TCP part of the frame</param>
/// <returns>A bool indicating whether this rule matches a given frame.</returns>
public virtual bool IsMatch(Frame frame, Ethernet.EthernetFrame ethFrame, IP.IPFrame ipFrame, UDP.UDPFrame udpFrame, TCP.TCPFrame tcpFrame)
{
lock (lChildRules)
{
if (lChildRules.Count == 0)
{
return(true); //Nothing to validate
}
foreach (TrafficSplitterRule tsrRule in lChildRules)
{
if (tsrRule.IsMatch(frame, ethFrame, ipFrame, udpFrame, tcpFrame))
{
return(true);
}
}
}
return(false);
}
