public override void OnRecoveryLoad(XmlElement root)
{
XmlElement nodeDhcp = Utils.XmlGetFirstElementByTagName(root, "DhcpSwitch");
if (nodeDhcp != null)
{
foreach (XmlElement nodeEntry in nodeDhcp.ChildNodes)
{
NetworkManagerDhcpEntry entry = new NetworkManagerDhcpEntry();
entry.ReadXML(nodeEntry);
m_listOldDhcp.Add(entry);
}
}
XmlElement nodeDns = Utils.XmlGetFirstElementByTagName(root, "DnsSwitch");
if (nodeDns != null)
{
foreach (XmlElement nodeEntry in nodeDns.ChildNodes)
{
NetworkManagerDnsEntry entry = new NetworkManagerDnsEntry();
entry.ReadXML(nodeEntry);
m_listOldDns.Add(entry);
}
}
if (Utils.XmlExistsAttribute(root, "IpV6"))
{
m_oldIpV6 = Conversions.ToUInt32(Utils.XmlGetAttributeInt64(root, "IpV6", 0), 0);
}
SwitchToStaticRestore();
base.OnRecoveryLoad(root);
}
public override void OnRecoveryLoad(XmlElement root)
{
XmlElement nodeDhcp = Utils.XmlGetFirstElementByTagName(root, "DhcpSwitch");
if (nodeDhcp != null)
{
foreach (XmlElement nodeEntry in nodeDhcp.ChildNodes)
{
NetworkManagerDhcpEntry entry = new NetworkManagerDhcpEntry();
entry.ReadXML(nodeEntry);
m_listOldDhcp.Add(entry);
}
}
XmlElement nodeDns = Utils.XmlGetFirstElementByTagName(root, "DnsSwitch");
if (nodeDns != null)
{
foreach (XmlElement nodeEntry in nodeDns.ChildNodes)
{
NetworkManagerDnsEntry entry = new NetworkManagerDnsEntry();
entry.ReadXML(nodeEntry);
m_listOldDns.Add(entry);
}
}
if (Utils.XmlExistsAttribute(root, "IpV6"))
{
m_oldIpV6 = Conversions.ToUInt32(Utils.XmlGetAttributeInt64(root, "IpV6", 0), 0);
}
SwitchToStaticRestore();
base.OnRecoveryLoad(root);
}
public override bool OnDnsSwitchDo(string dns)
{
string[] dnsArray = dns.Split(',');
if ((Engine.Instance.Storage.GetBool("windows.dns.lock")) && (IsVistaOrNewer()) && (Engine.Instance.Storage.GetBool("windows.wfp")))
{
// This is not required yet, but will be required in Eddie 3.
{
XmlDocument xmlDocRule = new XmlDocument();
XmlElement xmlRule = xmlDocRule.CreateElement("rule");
xmlRule.SetAttribute("name", "Dns - Allow port 53 of OpenVPN");
xmlRule.SetAttribute("layer", "all");
xmlRule.SetAttribute("action", "permit");
XmlElement XmlIf1 = xmlDocRule.CreateElement("if");
xmlRule.AppendChild(XmlIf1);
XmlIf1.SetAttribute("field", "ip_remote_port");
XmlIf1.SetAttribute("match", "equal");
XmlIf1.SetAttribute("port", "53");
XmlElement XmlIf2 = xmlDocRule.CreateElement("if");
xmlRule.AppendChild(XmlIf2);
XmlIf2.SetAttribute("field", "ale_app_id");
XmlIf2.SetAttribute("match", "equal");
XmlIf2.SetAttribute("path", Software.OpenVpnPath);
Wfp.AddItem("dns_permit_openvpn", xmlRule);
}
{
// TOFIX: Missing IPv6 equivalent. Must be done in future when IPv6 support is well tested.
// Remember: May fail at WFP side with a "Unknown interface" because network interface with IPv6 disabled have Ipv6IfIndex == 0.
XmlDocument xmlDocRule = new XmlDocument();
XmlElement xmlRule = xmlDocRule.CreateElement("rule");
xmlRule.SetAttribute("name", "Dns - Allow port 53 on TAP - IPv4");
xmlRule.SetAttribute("layer", "ipv4");
xmlRule.SetAttribute("action", "permit");
XmlElement XmlIf1 = xmlDocRule.CreateElement("if");
xmlRule.AppendChild(XmlIf1);
XmlIf1.SetAttribute("field", "ip_remote_port");
XmlIf1.SetAttribute("match", "equal");
XmlIf1.SetAttribute("port", "53");
XmlElement XmlIf2 = xmlDocRule.CreateElement("if");
xmlRule.AppendChild(XmlIf2);
XmlIf2.SetAttribute("field", "ip_local_interface");
XmlIf2.SetAttribute("match", "equal");
XmlIf2.SetAttribute("interface", Engine.Instance.ConnectedVpnInterfaceId);
Wfp.AddItem("dns_permit_tap", xmlRule);
}
{
XmlDocument xmlDocRule = new XmlDocument();
XmlElement xmlRule = xmlDocRule.CreateElement("rule");
xmlRule.SetAttribute("name", "Dns - Block port 53");
xmlRule.SetAttribute("layer", "all");
xmlRule.SetAttribute("action", "block");
XmlElement XmlIf1 = xmlDocRule.CreateElement("if");
xmlRule.AppendChild(XmlIf1);
XmlIf1.SetAttribute("field", "ip_remote_port");
XmlIf1.SetAttribute("match", "equal");
XmlIf1.SetAttribute("port", "53");
Wfp.AddItem("dns_block_all", xmlRule);
}
Engine.Instance.Logs.Log(LogType.Verbose, Messages.DnsLockActivatedWpf);
}
string mode = Engine.Instance.Storage.GetLower("dns.mode");
if (mode == "auto")
{
try
{
ManagementClass objMC = new ManagementClass("Win32_NetworkAdapterConfiguration");
ManagementObjectCollection objMOC = objMC.GetInstances();
foreach (ManagementObject objMO in objMOC)
{
/*
* if (!((bool)objMO["IPEnabled"]))
* continue;
*/
string guid = objMO["SettingID"] as string;
bool skip = true;
if ((Engine.Instance.Storage.GetBool("windows.dns.lock")) && (Engine.Instance.Storage.GetBool("windows.dns.force_all_interfaces")))
{
skip = false;
}
if (guid == Engine.Instance.ConnectedVpnInterfaceId)
{
skip = false;
}
if (skip == false)
{
bool ipEnabled = (bool)objMO["IPEnabled"];
NetworkManagerDnsEntry entry = new NetworkManagerDnsEntry();
entry.Guid = guid;
entry.Description = objMO["Description"] as string;
entry.Dns = objMO["DNSServerSearchOrder"] as string[];
entry.AutoDns = ((Registry.GetValue("HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\" + entry.Guid, "NameServer", "") as string) == "");
if (entry.Dns == null)
{
continue;
}
if (entry.AutoDns == false) // Added 2.11
{
if (String.Join(",", entry.Dns) == dns)
{
continue;
}
}
//string descFrom = (entry.AutoDns ? "Automatic" : String.Join(",", detectedDns));
string descFrom = (entry.AutoDns ? "automatic":"manual") + " (" + String.Join(",", entry.Dns) + ")";
Engine.Instance.Logs.Log(LogType.Verbose, Messages.Format(Messages.NetworkAdapterDnsDone, entry.Description, descFrom, dns));
ManagementBaseObject objSetDNSServerSearchOrder = objMO.GetMethodParameters("SetDNSServerSearchOrder");
objSetDNSServerSearchOrder["DNSServerSearchOrder"] = dnsArray;
objMO.InvokeMethod("SetDNSServerSearchOrder", objSetDNSServerSearchOrder, null);
m_listOldDns.Add(entry);
}
}
}
catch (Exception e)
{
Engine.Instance.Logs.Log(e);
}
Recovery.Save();
}
base.OnDnsSwitchDo(dns);
return(true);
}
public override bool OnDnsSwitchDo(string dns)
{
string[] dnsArray = dns.Split(',');
if ((Engine.Instance.Storage.GetBool("windows.dns.lock")) && (IsVistaOrNewer()) && (Engine.Instance.Storage.GetBool("windows.wfp.enable")))
{
// Order is important! IPv6 block use weight 3000, DNS-Lock 2000, WFP 1000. All within a parent filter of max priority.
// Otherwise the netlock allow-private rule can allow DNS outside the tunnel in some configuration.
{
XmlDocument xmlDocRule = new XmlDocument();
XmlElement xmlRule = xmlDocRule.CreateElement("rule");
xmlRule.SetAttribute("name", "Dns - Block port 53");
xmlRule.SetAttribute("layer", "all");
xmlRule.SetAttribute("action", "block");
xmlRule.SetAttribute("weight", "2000");
XmlElement XmlIf1 = xmlDocRule.CreateElement("if");
xmlRule.AppendChild(XmlIf1);
XmlIf1.SetAttribute("field", "ip_remote_port");
XmlIf1.SetAttribute("match", "equal");
XmlIf1.SetAttribute("port", "53");
Wfp.AddItem("dns_block_all", xmlRule);
}
// This is not required yet, but will be required in Eddie 3.
{
XmlDocument xmlDocRule = new XmlDocument();
XmlElement xmlRule = xmlDocRule.CreateElement("rule");
xmlRule.SetAttribute("name", "Dns - Allow port 53 of OpenVPN");
xmlRule.SetAttribute("layer", "all");
xmlRule.SetAttribute("action", "permit");
xmlRule.SetAttribute("weight", "2000");
XmlElement XmlIf1 = xmlDocRule.CreateElement("if");
xmlRule.AppendChild(XmlIf1);
XmlIf1.SetAttribute("field", "ip_remote_port");
XmlIf1.SetAttribute("match", "equal");
XmlIf1.SetAttribute("port", "53");
XmlElement XmlIf2 = xmlDocRule.CreateElement("if");
xmlRule.AppendChild(XmlIf2);
XmlIf2.SetAttribute("field", "ale_app_id");
XmlIf2.SetAttribute("match", "equal");
XmlIf2.SetAttribute("path", Software.OpenVpnPath);
Wfp.AddItem("dns_permit_openvpn", xmlRule);
}
{
// TOFIX: Missing IPv6 equivalent. Must be done in future when IPv6 support is well tested.
// Remember: May fail at WFP side with a "Unknown interface" because network interface with IPv6 disabled have Ipv6IfIndex == 0.
XmlDocument xmlDocRule = new XmlDocument();
XmlElement xmlRule = xmlDocRule.CreateElement("rule");
xmlRule.SetAttribute("name", "Dns - Allow port 53 on TAP - IPv4");
xmlRule.SetAttribute("layer", "ipv4");
xmlRule.SetAttribute("action", "permit");
xmlRule.SetAttribute("weight", "2000");
XmlElement XmlIf1 = xmlDocRule.CreateElement("if");
xmlRule.AppendChild(XmlIf1);
XmlIf1.SetAttribute("field", "ip_remote_port");
XmlIf1.SetAttribute("match", "equal");
XmlIf1.SetAttribute("port", "53");
XmlElement XmlIf2 = xmlDocRule.CreateElement("if");
xmlRule.AppendChild(XmlIf2);
XmlIf2.SetAttribute("field", "ip_local_interface");
XmlIf2.SetAttribute("match", "equal");
XmlIf2.SetAttribute("interface", Engine.Instance.ConnectedVpnInterfaceId);
Wfp.AddItem("dns_permit_tap", xmlRule);
}
Engine.Instance.Logs.Log(LogType.Verbose, Messages.DnsLockActivatedWpf);
}
string mode = Engine.Instance.Storage.GetLower("dns.mode");
if (mode == "auto")
{
try
{
ManagementClass objMC = new ManagementClass("Win32_NetworkAdapterConfiguration");
ManagementObjectCollection objMOC = objMC.GetInstances();
foreach (ManagementObject objMO in objMOC)
{
/*
if (!((bool)objMO["IPEnabled"]))
continue;
*/
string guid = objMO["SettingID"] as string;
bool skip = true;
if((Engine.Instance.Storage.GetBool("windows.dns.lock")) && (Engine.Instance.Storage.GetBool("windows.dns.force_all_interfaces")) )
skip = false;
if (guid == Engine.Instance.ConnectedVpnInterfaceId)
skip = false;
if (skip == false)
{
bool ipEnabled = (bool)objMO["IPEnabled"];
NetworkManagerDnsEntry entry = new NetworkManagerDnsEntry();
entry.Guid = guid;
entry.Description = objMO["Description"] as string;
entry.Dns = objMO["DNSServerSearchOrder"] as string[];
entry.AutoDns = ((Registry.GetValue("HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\" + entry.Guid, "NameServer", "") as string) == "");
if (entry.Dns == null)
{
continue;
}
if (entry.AutoDns == false) // Added 2.11
{
if (String.Join(",", entry.Dns) == dns)
{
continue;
}
}
//string descFrom = (entry.AutoDns ? "Automatic" : String.Join(",", detectedDns));
string descFrom = (entry.AutoDns ? "automatic":"manual") + " (" + String.Join(",", entry.Dns) + ")";
Engine.Instance.Logs.Log(LogType.Verbose, MessagesFormatter.Format(Messages.NetworkAdapterDnsDone, entry.Description, descFrom, dns));
ManagementBaseObject objSetDNSServerSearchOrder = objMO.GetMethodParameters("SetDNSServerSearchOrder");
objSetDNSServerSearchOrder["DNSServerSearchOrder"] = dnsArray;
objMO.InvokeMethod("SetDNSServerSearchOrder", objSetDNSServerSearchOrder, null);
m_listOldDns.Add(entry);
}
}
}
catch (Exception e)
{
Engine.Instance.Logs.Log(e);
}
Recovery.Save();
}
base.OnDnsSwitchDo(dns);
return true;
}
