/// <summary> /// Applies all known rules sequentially to the given frame, until a rule matches /// </summary> /// <param name="fInputFrame">The frame to analyze</param> protected override void HandleTraffic(Frame fInputFrame) { IP.IPFrame ipv4Frame = GetIPv4Frame(fInputFrame); UDP.UDPFrame udpFrame = GetUDPFrame(fInputFrame); TCP.TCPFrame tcpFrame = GetTCPFrame(fInputFrame); Ethernet.EthernetFrame ethFrame = GetEthernetFrame(fInputFrame); lock (tsrRules) { foreach (TrafficSplitterRule tsr in tsrRules) { if (tsr.IsMatch(fInputFrame, ethFrame, ipv4Frame, udpFrame, tcpFrame)) { if (tsr.Action == TrafficSplitterActions.SendToA) { NotifyA(fInputFrame); return; } else if (tsr.Action == TrafficSplitterActions.SendToB) { NotifyB(fInputFrame); return; } else if (tsr.Action == TrafficSplitterActions.Drop) { //Drop PushDroppedFrame(fInputFrame); return; } } } } NotifyA(fInputFrame); }
/// <summary> /// Analyzes the input frame for new information. /// </summary> /// <param name="fInputFrame">The frame to analyze</param> protected override void HandleTraffic(Frame fInputFrame) { ARPFrame arpFrame = GetARPFrame(fInputFrame); Ethernet.EthernetFrame ethFrame = GetEthernetFrame(fInputFrame); IP.IPFrame ipFrame = GetIPv4Frame(fInputFrame); if (arpFrame != null) { if (arpFrame.Operation == ARPOperation.Request) { ProcessAdresses(arpFrame.SourceIP, arpFrame.SourceMAC); } if (arpFrame.Operation == ARPOperation.Reply) { ProcessAdresses(arpFrame.SourceIP, arpFrame.SourceMAC); } } if (ethFrame != null && ipFrame != null) { ProcessAdresses(ipFrame.SourceAddress, null); ProcessAdresses(ipFrame.DestinationAddress, null); } }
/// <summary> /// Writes the given frame to the dump file /// </summary> /// <param name="fInputFrame">The frame to dump</param> protected override void HandleTraffic(Frame fInputFrame) { byte[] bData; if (bReadyToLog || bIsLiveLogging) { if (FrameTypes.IsIP(fInputFrame)) //IP hack { Ethernet.EthernetFrame ethFrame = new Ethernet.EthernetFrame(); if (((IP.IPFrame)fInputFrame).Version == 4) { ethFrame.EtherType = EtherType.IPv4; } else if (((IP.IPFrame)fInputFrame).Version == 6) { ethFrame.EtherType = EtherType.IPv6; } ethFrame.EncapsulatedFrame = fInputFrame; fInputFrame = ethFrame; } bData = fInputFrame.FrameBytes; if (bReadyToLog) { WritePacketHeader(fInputFrame, bw); bw.Write(bData); } if (bIsLiveLogging) { WritePacketHeader(fInputFrame, bwLiveCapture); bwLiveCapture.Write(bData); bwLiveCapture.Flush(); } iLogByteCount += bData.Length; } }
/// <summary> /// Tries to extract a DHCP frame from this frame and forwards it to the HandleDHCPFrame method /// </summary> /// <param name="fInputFrame">The frame to handle</param> protected override void HandleTraffic(Frame fInputFrame) { Ethernet.EthernetFrame ethFrame = GetEthernetFrame(fInputFrame); if (ethFrame == null || lSpoofedMACs.Contains(ethFrame.Source)) { return; //own frame. } if (bPause) { return; //Pausing. } base.HandleTraffic(fInputFrame); ARP.ARPFrame arpFrame = GetARPFrame(fInputFrame); TrafficDescriptionFrame tdf = (TrafficDescriptionFrame)GetFrameByType(fInputFrame, FrameTypes.TrafficDescriptionFrame); #region Reply to ARP Requests if (arpFrame != null && bAnswerARPRequests) { if (dictIPSpoofedMACs.ContainsKey(arpFrame.DestinationIP)) { ARP.ARPFrame newARPFrame = new eExNetworkLibrary.ARP.ARPFrame(); newARPFrame.SourceIP = arpFrame.DestinationIP; newARPFrame.SourceMAC = dictIPSpoofedMACs[arpFrame.DestinationIP]; newARPFrame.DestinationIP = arpFrame.SourceIP; newARPFrame.DestinationMAC = arpFrame.DestinationMAC; newARPFrame.HardwareAddressType = eExNetworkLibrary.HardwareAddressType.Ethernet; newARPFrame.Operation = eExNetworkLibrary.ARP.ARPOperation.Reply; newARPFrame.ProtocolAddressType = eExNetworkLibrary.EtherType.IPv4; Ethernet.EthernetFrame newEthframe = new eExNetworkLibrary.Ethernet.EthernetFrame(); newEthframe.Destination = arpFrame.SourceMAC; newEthframe.Source = dictIPSpoofedMACs[arpFrame.DestinationIP]; newEthframe.EtherType = eExNetworkLibrary.EtherType.ARP; newEthframe.EncapsulatedFrame = newARPFrame; TrafficDescriptionFrame newTDF = new TrafficDescriptionFrame(null, DateTime.Now); newTDF.EncapsulatedFrame = newEthframe; if (tdf != null && tdf.SourceInterface != null) { tdf.SourceInterface.Send(newTDF); } } } #endregion }
/// <summary> /// Checkes whether this rule matches a given frame. /// </summary> /// <param name="frame">The original frame</param> /// <param name="ethFrame">The Ethernet part of the frame</param> /// <param name="ipv4Frame">The IPv4 part of the frame</param> /// <param name="udpFrame">The UDP part of the frame</param> /// <param name="tcpFrame">The TCP part of the frame</param> /// <returns>A bool indicating whether this rule matches a given frame.</returns> public virtual bool IsMatch(Frame frame, Ethernet.EthernetFrame ethFrame, IP.IPFrame ipFrame, UDP.UDPFrame udpFrame, TCP.TCPFrame tcpFrame) { lock (lChildRules) { if (lChildRules.Count == 0) { return(true); //Nothing to validate } foreach (TrafficSplitterRule tsrRule in lChildRules) { if (tsrRule.IsMatch(frame, ethFrame, ipFrame, udpFrame, tcpFrame)) { return(true); } } } return(false); }