internal static FirewallNetEvent Create(IFwNetEvent net_event)
{
switch (net_event.Type)
{
case FirewallNetEventType.IPsecKernelDrop:
return(new FirewallNetEventIPsecKernelDrop(net_event));
case FirewallNetEventType.ClassifyDrop:
return(new FirewallNetEventClassifyDrop(net_event));
case FirewallNetEventType.ClassifyAllow:
return(new FirewallNetEventClassifyAllow(net_event));
case FirewallNetEventType.CapabilityDrop:
return(new FirewallNetEventCapabilityDrop(net_event));
case FirewallNetEventType.CapabilityAllow:
return(new FirewallNetEventCapabilityAllow(net_event));
case FirewallNetEventType.IkeExtMmFailure:
return(new FirewallNetEventIkeExtMmFailure(net_event));
case FirewallNetEventType.IkeExtEmFailure:
return(new FirewallNetEventIkeExtEmFailure(net_event));
case FirewallNetEventType.IkeExtQmFailure:
return(new FirewallNetEventIkeExtQmFailure(net_event));
}
return(new FirewallNetEvent(net_event));
}
internal FirewallNetEventCapabilityAllow(IFwNetEvent net_event) : base(net_event)
{
var inner_event = net_event.Value.ReadStruct <FWPM_NET_EVENT_CAPABILITY_ALLOW0>();
NetworkCapabilityId = inner_event.networkCapabilityId;
FilterId = inner_event.filterId;
IsLoopback = inner_event.isLoopback;
}
internal FirewallNetEventIPsecKernelDrop(IFwNetEvent net_event) : base(net_event)
{
var inner_event = net_event.Value.ReadStruct <FWPM_NET_EVENT_IPSEC_KERNEL_DROP0>();
FailureStatus = inner_event.failureStatus;
Direction = inner_event.direction;
Spi = inner_event.spi;
FilterId = inner_event.filterId;
LayerId = inner_event.layerId;
}
internal FirewallNetEventClassifyAllow(IFwNetEvent net_event) : base(net_event)
{
var inner_event = net_event.Value.ReadStruct <FWPM_NET_EVENT_CLASSIFY_ALLOW0>();
FilterId = inner_event.filterId;
LayerId = inner_event.layerId;
ReauthReason = inner_event.reauthReason;
OriginalProfile = inner_event.originalProfile;
CurrentProfile = inner_event.currentProfile;
MsFwpDirection = inner_event.msFwpDirection;
IsLoopback = inner_event.isLoopback;
}
internal FirewallNetEventClassifyDrop(IFwNetEvent net_event) : base(net_event)
{
var inner_event = net_event.Value.ReadStruct <FWPM_NET_EVENT_CLASSIFY_DROP2>();
FilterId = inner_event.filterId;
LayerId = inner_event.layerId;
VSwitchId = inner_event.vSwitchId.ToGuid();
VSwitchSourcePort = inner_event.vSwitchSourcePort;
VSwitchDestinationPort = inner_event.vSwitchDestinationPort;
ReauthReason = inner_event.reauthReason;
OriginalProfile = inner_event.originalProfile;
CurrentProfile = inner_event.currentProfile;
MsFwpDirection = inner_event.msFwpDirection;
IsLoopback = inner_event.isLoopback;
}
private protected FirewallNetEvent(IFwNetEvent net_event)
{
Type = net_event.Type;
var header = net_event.Header;
Flags = header.flags;
Timestamp = new LargeInteger(header.timeStamp.ToInt64()).ToDateTime();
IPProtocol = (ProtocolType)header.ipProtocol;
LocalEndpoint = FirewallUtils.GetEndpoint(header.ipVersion, header.localAddrV4, header.localAddrV6, header.localPort);
RemoteEndpoint = FirewallUtils.GetEndpoint(header.ipVersion, header.remoteAddrV4, header.remoteAddrV6, header.remotePort);
ScopeId = header.scopeId;
AppId = Encoding.Unicode.GetString(header.appId.ToArray()).TrimEnd('\0');
UserId = Sid.Parse(header.userId, false).GetResultOrDefault();
AddressFamily = header.addressFamily;
PackageSid = Sid.Parse(header.packageSid, false).GetResultOrDefault();
}
internal FirewallNetEventIkeExtEmFailure(IFwNetEvent net_event) : base(net_event)
{
var ev = net_event.Value.ReadStruct <FWPM_NET_EVENT_IKEEXT_EM_FAILURE1>();
FailureErrorCode = ev.failureErrorCode;
FailurePoint = ev.failurePoint;
FailureFlags = ev.flags;
EmState = ev.emState;
SaRole = ev.saRole;
EmAuthMethod = ev.emAuthMethod;
EndCertHash = ev.endCertHash;
MmId = ev.mmId;
QmFilterId = ev.qmFilterId;
LocalPrincipalNameForAuth = ev.localPrincipalNameForAuth;
RemotePrincipalNameForAuth = ev.remotePrincipalNameForAuth;
LocalPrincipalGroupSids = ev.localPrincipalGroupSids.ReadStringArray(ev.numLocalPrincipalGroupSids)?.ToList().AsReadOnly();
RemotePrincipalGroupSids = ev.remotePrincipalGroupSids.ReadStringArray(ev.numRemotePrincipalGroupSids)?.ToList().AsReadOnly();
}
