public override PacketMainReturnType interiorMain(ref Packet in_packet) { LogEvent le; lock (padlock) { PacketStatus status = PacketStatus.UNDETERMINED; foreach (MacRule r in rules) { status = r.GetStatus(in_packet); if (status == PacketStatus.BLOCKED) { PacketMainReturnType pmr = PacketMainReturnType.Drop; if (r.GetLogMessage() != null) { pmr |= PacketMainReturnType.Log; le = new LogEvent(String.Format(r.GetLogMessage()), this); LogCenter.Instance.LogEvent(le); } if (r.notify) { pmr |= PacketMainReturnType.Popup; } return(pmr); } else if (status == PacketStatus.ALLOWED) { return(PacketMainReturnType.Allow); } } } return(PacketMainReturnType.Allow); }
// main routine public override PacketMainReturnType interiorMain(ref Packet in_packet) { LogEvent le; // if the packet is ICMPv4 if (in_packet.GetHighestLayer() == Protocol.ICMP) { ICMPPacket packet = (ICMPPacket)in_packet; // check if the packet is allowed and deny all is false if (isAllowed(packet.Type.ToString(), packet.Code.ToString(), 4) && !data.DenyIPv4) { return(PacketMainReturnType.Allow); } // else, log and drop it else { PacketMainReturnType pmr = PacketMainReturnType.Drop; if (data.Log) { pmr |= PacketMainReturnType.Log; le = new LogEvent(String.Format(multistring.GetString("ICMPv4 was dropped"), packet.SourceIP.ToString(), packet.DestIP.ToString()), this); le.PMR = PacketMainReturnType.Log | PacketMainReturnType.Drop; LogCenter.Instance.LogEvent(le); } return(pmr); } } // if the packet is ICMPv6 if (in_packet.GetHighestLayer() == Protocol.ICMPv6) { ICMPv6Packet packet = (ICMPv6Packet)in_packet; if ((isAllowed(packet.Type.ToString(), packet.Code.ToString(), 6) && !data.DenyIPv6) && isDeniedNDP(packet)) { return(PacketMainReturnType.Allow); } else { PacketMainReturnType pmr = PacketMainReturnType.Drop; if (data.Log) { pmr |= PacketMainReturnType.Log; le = new LogEvent(String.Format(multistring.GetString("ICMPv6 was dropped"), packet.SourceIP.ToString(), packet.DestIP.ToString()), this); le.PMR = PacketMainReturnType.Log | PacketMainReturnType.Drop; LogCenter.Instance.LogEvent(le); } return(pmr); } } return(PacketMainReturnType.Allow); }
public override PacketMainReturnType interiorMain(ref Packet in_packet) { if (in_packet.GetHighestLayer() == Protocol.ARP) { ARPPacket arpp = (ARPPacket)in_packet; if (arpp.isRequest && arpp.Outbound) { IPAddr ip = new IPAddr(arpp.ATargetIP.GetAddressBytes()); if (!requestedIPs.Contains(ip)) { requestedIPs.Add(ip); } } else if (!arpp.Outbound) { IPAddr ip = new IPAddr(arpp.ASenderIP.GetAddressBytes()); if (!arpp.isRequest) { if (requestedIPs.Contains(ip)) { lock (padlock) { if (data.arpCache.ContainsKey(new IPAddr(arpp.ASenderIP.GetAddressBytes()))) { if (!Utility.ByteArrayEq(data.arpCache[new IPAddr(arpp.ASenderIP.GetAddressBytes())].AddressBytes, arpp.ASenderMac)) { PacketMainReturnType pmr = 0; if (data.RectifyAttacks) { pmr = PacketMainReturnType.Edited; } else { pmr = PacketMainReturnType.Drop; } if (data.LogAttacks) { LogEvent le = new LogEvent(String.Format(multistring.GetString("Response does not equal cache"), new PhysicalAddress(arpp.ASenderMac).ToString(), arpp.ASenderIP.ToString()), this); le.PMR = PacketMainReturnType.Log | PacketMainReturnType.Popup; LogCenter.Instance.LogEvent(le); } if (data.RectifyAttacks) { arpp.ATargetIP = arpp.ASenderIP; arpp.ATargetMac = data.arpCache[new IPAddr(arpp.ATargetIP.GetAddressBytes())].AddressBytes; arpp.ASenderMac = this.Adapter.GetAdapterInformation().InterfaceInformation.GetPhysicalAddress().GetAddressBytes(); arpp.FromMac = arpp.ASenderMac; arpp.ToMac = arpp.ATargetMac; arpp.ASenderIP = Adapter.GetAdapterInformation().IPv4; arpp.Outbound = true; in_packet = arpp; } return(pmr); } else { requestedIPs.Remove(ip); } } else { data.arpCache[new IPAddr(arpp.ASenderIP.GetAddressBytes())] = new MACAddr(arpp.ASenderMac); if (UpdatedArpCache != null) { UpdatedArpCache(); } requestedIPs.Remove(ip); } } } else { lock (padlock) { if (data.arpCache.ContainsKey(new IPAddr(arpp.ASenderIP.GetAddressBytes()))) { if (!Utility.ByteArrayEq(data.arpCache[new IPAddr(arpp.ASenderIP.GetAddressBytes())].AddressBytes, arpp.ASenderMac)) { PacketMainReturnType pmra = 0; if (data.RectifyAttacks) { pmra = PacketMainReturnType.Edited; } else { pmra = PacketMainReturnType.Drop; } if (data.LogAttacks) { LogEvent le = new LogEvent(String.Format(multistring.GetString("Response does not equal cache"), new PhysicalAddress(arpp.ASenderMac).ToString(), arpp.ASenderIP.ToString()), this); le.PMR = PacketMainReturnType.Log | PacketMainReturnType.Popup; LogCenter.Instance.LogEvent(le); } if (data.RectifyAttacks) { arpp.ATargetIP = arpp.ASenderIP; arpp.ATargetMac = data.arpCache[new IPAddr(arpp.ATargetIP.GetAddressBytes())].AddressBytes; arpp.ASenderMac = this.Adapter.GetAdapterInformation().InterfaceInformation.GetPhysicalAddress().GetAddressBytes(); arpp.FromMac = arpp.ASenderMac; arpp.ToMac = arpp.ATargetMac; arpp.ASenderIP = Adapter.GetAdapterInformation().IPv4; arpp.Outbound = true; in_packet = arpp; } return(pmra); } } } PacketMainReturnType pmr = 0; pmr = PacketMainReturnType.Drop; if (data.LogUnsolic) { LogEvent le2 = new LogEvent(String.Format(multistring.GetString("Unsolicited"), new PhysicalAddress(arpp.ASenderMac).ToString(), arpp.ASenderIP.ToString()), this); le2.PMR = PacketMainReturnType.Log; } return(pmr); } } else { lock (padlock) { if (data.arpCache.ContainsKey(new IPAddr(arpp.ASenderIP.GetAddressBytes()))) { if (!Utility.ByteArrayEq(data.arpCache[new IPAddr(arpp.ASenderIP.GetAddressBytes())].AddressBytes, arpp.ASenderMac)) { PacketMainReturnType pmr = PacketMainReturnType.Drop; if (data.LogAttacks) { LogEvent le = new LogEvent(String.Format(multistring.GetString("Response does not equal cache"), new PhysicalAddress(arpp.ASenderMac).ToString(), arpp.ASenderIP.ToString()), this); le.PMR = PacketMainReturnType.Log | PacketMainReturnType.Popup; LogCenter.Instance.LogEvent(le); } return(pmr); } } } } return(0); } return(0); } return(0); }