public override PacketMainReturnType interiorMain(ref Packet in_packet)
{
LogEvent le;
lock (padlock)
{
PacketStatus status = PacketStatus.UNDETERMINED;
foreach (MacRule r in rules)
{
status = r.GetStatus(in_packet);
if (status == PacketStatus.BLOCKED)
{
PacketMainReturnType pmr = PacketMainReturnType.Drop;
if (r.GetLogMessage() != null)
{
pmr |= PacketMainReturnType.Log;
le = new LogEvent(String.Format(r.GetLogMessage()), this);
LogCenter.Instance.LogEvent(le);
}
if (r.notify)
{
pmr |= PacketMainReturnType.Popup;
}
return(pmr);
}
else if (status == PacketStatus.ALLOWED)
{
return(PacketMainReturnType.Allow);
}
}
}
return(PacketMainReturnType.Allow);
}
// main routine
public override PacketMainReturnType interiorMain(ref Packet in_packet)
{
LogEvent le;
// if the packet is ICMPv4
if (in_packet.GetHighestLayer() == Protocol.ICMP)
{
ICMPPacket packet = (ICMPPacket)in_packet;
// check if the packet is allowed and deny all is false
if (isAllowed(packet.Type.ToString(), packet.Code.ToString(), 4) &&
!data.DenyIPv4)
{
return(PacketMainReturnType.Allow);
}
// else, log and drop it
else
{
PacketMainReturnType pmr = PacketMainReturnType.Drop;
if (data.Log)
{
pmr |= PacketMainReturnType.Log;
le = new LogEvent(String.Format(multistring.GetString("ICMPv4 was dropped"), packet.SourceIP.ToString(), packet.DestIP.ToString()), this);
le.PMR = PacketMainReturnType.Log | PacketMainReturnType.Drop;
LogCenter.Instance.LogEvent(le);
}
return(pmr);
}
}
// if the packet is ICMPv6
if (in_packet.GetHighestLayer() == Protocol.ICMPv6)
{
ICMPv6Packet packet = (ICMPv6Packet)in_packet;
if ((isAllowed(packet.Type.ToString(), packet.Code.ToString(), 6) &&
!data.DenyIPv6) && isDeniedNDP(packet))
{
return(PacketMainReturnType.Allow);
}
else
{
PacketMainReturnType pmr = PacketMainReturnType.Drop;
if (data.Log)
{
pmr |= PacketMainReturnType.Log;
le = new LogEvent(String.Format(multistring.GetString("ICMPv6 was dropped"), packet.SourceIP.ToString(), packet.DestIP.ToString()), this);
le.PMR = PacketMainReturnType.Log | PacketMainReturnType.Drop;
LogCenter.Instance.LogEvent(le);
}
return(pmr);
}
}
return(PacketMainReturnType.Allow);
}
public override PacketMainReturnType interiorMain(ref Packet in_packet)
{
if (in_packet.GetHighestLayer() == Protocol.ARP)
{
ARPPacket arpp = (ARPPacket)in_packet;
if (arpp.isRequest && arpp.Outbound)
{
IPAddr ip = new IPAddr(arpp.ATargetIP.GetAddressBytes());
if (!requestedIPs.Contains(ip))
{
requestedIPs.Add(ip);
}
}
else if (!arpp.Outbound)
{
IPAddr ip = new IPAddr(arpp.ASenderIP.GetAddressBytes());
if (!arpp.isRequest)
{
if (requestedIPs.Contains(ip))
{
lock (padlock)
{
if (data.arpCache.ContainsKey(new IPAddr(arpp.ASenderIP.GetAddressBytes())))
{
if (!Utility.ByteArrayEq(data.arpCache[new IPAddr(arpp.ASenderIP.GetAddressBytes())].AddressBytes, arpp.ASenderMac))
{
PacketMainReturnType pmr = 0;
if (data.RectifyAttacks)
{
pmr = PacketMainReturnType.Edited;
}
else
{
pmr = PacketMainReturnType.Drop;
}
if (data.LogAttacks)
{
LogEvent le = new LogEvent(String.Format(multistring.GetString("Response does not equal cache"), new PhysicalAddress(arpp.ASenderMac).ToString(), arpp.ASenderIP.ToString()), this);
le.PMR = PacketMainReturnType.Log | PacketMainReturnType.Popup;
LogCenter.Instance.LogEvent(le);
}
if (data.RectifyAttacks)
{
arpp.ATargetIP = arpp.ASenderIP;
arpp.ATargetMac = data.arpCache[new IPAddr(arpp.ATargetIP.GetAddressBytes())].AddressBytes;
arpp.ASenderMac = this.Adapter.GetAdapterInformation().InterfaceInformation.GetPhysicalAddress().GetAddressBytes();
arpp.FromMac = arpp.ASenderMac;
arpp.ToMac = arpp.ATargetMac;
arpp.ASenderIP = Adapter.GetAdapterInformation().IPv4;
arpp.Outbound = true;
in_packet = arpp;
}
return(pmr);
}
else
{
requestedIPs.Remove(ip);
}
}
else
{
data.arpCache[new IPAddr(arpp.ASenderIP.GetAddressBytes())] = new MACAddr(arpp.ASenderMac);
if (UpdatedArpCache != null)
{
UpdatedArpCache();
}
requestedIPs.Remove(ip);
}
}
}
else
{
lock (padlock)
{
if (data.arpCache.ContainsKey(new IPAddr(arpp.ASenderIP.GetAddressBytes())))
{
if (!Utility.ByteArrayEq(data.arpCache[new IPAddr(arpp.ASenderIP.GetAddressBytes())].AddressBytes, arpp.ASenderMac))
{
PacketMainReturnType pmra = 0;
if (data.RectifyAttacks)
{
pmra = PacketMainReturnType.Edited;
}
else
{
pmra = PacketMainReturnType.Drop;
}
if (data.LogAttacks)
{
LogEvent le = new LogEvent(String.Format(multistring.GetString("Response does not equal cache"), new PhysicalAddress(arpp.ASenderMac).ToString(), arpp.ASenderIP.ToString()), this);
le.PMR = PacketMainReturnType.Log | PacketMainReturnType.Popup;
LogCenter.Instance.LogEvent(le);
}
if (data.RectifyAttacks)
{
arpp.ATargetIP = arpp.ASenderIP;
arpp.ATargetMac = data.arpCache[new IPAddr(arpp.ATargetIP.GetAddressBytes())].AddressBytes;
arpp.ASenderMac = this.Adapter.GetAdapterInformation().InterfaceInformation.GetPhysicalAddress().GetAddressBytes();
arpp.FromMac = arpp.ASenderMac;
arpp.ToMac = arpp.ATargetMac;
arpp.ASenderIP = Adapter.GetAdapterInformation().IPv4;
arpp.Outbound = true;
in_packet = arpp;
}
return(pmra);
}
}
}
PacketMainReturnType pmr = 0;
pmr = PacketMainReturnType.Drop;
if (data.LogUnsolic)
{
LogEvent le2 = new LogEvent(String.Format(multistring.GetString("Unsolicited"), new PhysicalAddress(arpp.ASenderMac).ToString(), arpp.ASenderIP.ToString()), this);
le2.PMR = PacketMainReturnType.Log;
}
return(pmr);
}
}
else
{
lock (padlock)
{
if (data.arpCache.ContainsKey(new IPAddr(arpp.ASenderIP.GetAddressBytes())))
{
if (!Utility.ByteArrayEq(data.arpCache[new IPAddr(arpp.ASenderIP.GetAddressBytes())].AddressBytes, arpp.ASenderMac))
{
PacketMainReturnType pmr = PacketMainReturnType.Drop;
if (data.LogAttacks)
{
LogEvent le = new LogEvent(String.Format(multistring.GetString("Response does not equal cache"), new PhysicalAddress(arpp.ASenderMac).ToString(), arpp.ASenderIP.ToString()), this);
le.PMR = PacketMainReturnType.Log | PacketMainReturnType.Popup;
LogCenter.Instance.LogEvent(le);
}
return(pmr);
}
}
}
}
return(0);
}
return(0);
}
return(0);
}
