internal static FirewallNetEvent Create(IFwNetEvent net_event) { switch (net_event.Type) { case FirewallNetEventType.IPsecKernelDrop: return(new FirewallNetEventIPsecKernelDrop(net_event)); case FirewallNetEventType.ClassifyDrop: return(new FirewallNetEventClassifyDrop(net_event)); case FirewallNetEventType.ClassifyAllow: return(new FirewallNetEventClassifyAllow(net_event)); case FirewallNetEventType.CapabilityDrop: return(new FirewallNetEventCapabilityDrop(net_event)); case FirewallNetEventType.CapabilityAllow: return(new FirewallNetEventCapabilityAllow(net_event)); case FirewallNetEventType.IkeExtMmFailure: return(new FirewallNetEventIkeExtMmFailure(net_event)); case FirewallNetEventType.IkeExtEmFailure: return(new FirewallNetEventIkeExtEmFailure(net_event)); case FirewallNetEventType.IkeExtQmFailure: return(new FirewallNetEventIkeExtQmFailure(net_event)); } return(new FirewallNetEvent(net_event)); }
internal FirewallNetEventCapabilityAllow(IFwNetEvent net_event) : base(net_event) { var inner_event = net_event.Value.ReadStruct <FWPM_NET_EVENT_CAPABILITY_ALLOW0>(); NetworkCapabilityId = inner_event.networkCapabilityId; FilterId = inner_event.filterId; IsLoopback = inner_event.isLoopback; }
internal FirewallNetEventIPsecKernelDrop(IFwNetEvent net_event) : base(net_event) { var inner_event = net_event.Value.ReadStruct <FWPM_NET_EVENT_IPSEC_KERNEL_DROP0>(); FailureStatus = inner_event.failureStatus; Direction = inner_event.direction; Spi = inner_event.spi; FilterId = inner_event.filterId; LayerId = inner_event.layerId; }
internal FirewallNetEventClassifyAllow(IFwNetEvent net_event) : base(net_event) { var inner_event = net_event.Value.ReadStruct <FWPM_NET_EVENT_CLASSIFY_ALLOW0>(); FilterId = inner_event.filterId; LayerId = inner_event.layerId; ReauthReason = inner_event.reauthReason; OriginalProfile = inner_event.originalProfile; CurrentProfile = inner_event.currentProfile; MsFwpDirection = inner_event.msFwpDirection; IsLoopback = inner_event.isLoopback; }
internal FirewallNetEventClassifyDrop(IFwNetEvent net_event) : base(net_event) { var inner_event = net_event.Value.ReadStruct <FWPM_NET_EVENT_CLASSIFY_DROP2>(); FilterId = inner_event.filterId; LayerId = inner_event.layerId; VSwitchId = inner_event.vSwitchId.ToGuid(); VSwitchSourcePort = inner_event.vSwitchSourcePort; VSwitchDestinationPort = inner_event.vSwitchDestinationPort; ReauthReason = inner_event.reauthReason; OriginalProfile = inner_event.originalProfile; CurrentProfile = inner_event.currentProfile; MsFwpDirection = inner_event.msFwpDirection; IsLoopback = inner_event.isLoopback; }
private protected FirewallNetEvent(IFwNetEvent net_event) { Type = net_event.Type; var header = net_event.Header; Flags = header.flags; Timestamp = new LargeInteger(header.timeStamp.ToInt64()).ToDateTime(); IPProtocol = (ProtocolType)header.ipProtocol; LocalEndpoint = FirewallUtils.GetEndpoint(header.ipVersion, header.localAddrV4, header.localAddrV6, header.localPort); RemoteEndpoint = FirewallUtils.GetEndpoint(header.ipVersion, header.remoteAddrV4, header.remoteAddrV6, header.remotePort); ScopeId = header.scopeId; AppId = Encoding.Unicode.GetString(header.appId.ToArray()).TrimEnd('\0'); UserId = Sid.Parse(header.userId, false).GetResultOrDefault(); AddressFamily = header.addressFamily; PackageSid = Sid.Parse(header.packageSid, false).GetResultOrDefault(); }
internal FirewallNetEventIkeExtEmFailure(IFwNetEvent net_event) : base(net_event) { var ev = net_event.Value.ReadStruct <FWPM_NET_EVENT_IKEEXT_EM_FAILURE1>(); FailureErrorCode = ev.failureErrorCode; FailurePoint = ev.failurePoint; FailureFlags = ev.flags; EmState = ev.emState; SaRole = ev.saRole; EmAuthMethod = ev.emAuthMethod; EndCertHash = ev.endCertHash; MmId = ev.mmId; QmFilterId = ev.qmFilterId; LocalPrincipalNameForAuth = ev.localPrincipalNameForAuth; RemotePrincipalNameForAuth = ev.remotePrincipalNameForAuth; LocalPrincipalGroupSids = ev.localPrincipalGroupSids.ReadStringArray(ev.numLocalPrincipalGroupSids)?.ToList().AsReadOnly(); RemotePrincipalGroupSids = ev.remotePrincipalGroupSids.ReadStringArray(ev.numRemotePrincipalGroupSids)?.ToList().AsReadOnly(); }