internal IPsecSecurityAssociation(IPSEC_SA_DETAILS1 details, Func <FWPM_FILTER0, FirewallFilter> get_filter)
{
Direction = details.saDirection;
LocalEndpoint = FirewallUtils.GetEndpoint(details.traffic.ipVersion,
details.traffic.localAddrV4, details.traffic.localAddrV6, details.traffic.localPort);
RemoteEndpoint = FirewallUtils.GetEndpoint(details.traffic.ipVersion,
details.traffic.remoteAddrV4, details.traffic.remoteAddrV6, details.traffic.remotePort);
IpProtocol = (ProtocolType)details.traffic.ipProtocol;
LocalIfLuid = details.traffic.localIfLuid;
RealIfProfileId = details.traffic.realIfProfileId;
TrafficType = details.traffic.trafficType;
TrafficTypeId = details.traffic.trafficTypeId;
if (details.transportFilter != IntPtr.Zero)
{
TransportFilter = get_filter(details.transportFilter.ReadStruct <FWPM_FILTER0>());
}
Bundle = new IPsecSecurityAssociationBundle(details.saBundle);
var virt_if = details.virtualIfTunnelInfo.ReadStruct <IPSEC_VIRTUAL_IF_TUNNEL_INFO0>();
VirtualIfTunnelId = virt_if.virtualIfTunnelId;
TrafficSelectorId = virt_if.trafficSelectorId;
if (details.ipVersion == FirewallIpVersion.V4)
{
var udp_enc = details.udpEncapsulation.ReadStruct <IPSEC_V4_UDP_ENCAPSULATION0>();
LocalUdpEncapPort = udp_enc.localUdpEncapPort;
RemoteUdpEncapPort = udp_enc.remoteUdpEncapPort;
}
}
internal FirewallField(FWPM_FIELD0 field)
{
Key = FirewallUtils.ReadGuid(field.fieldKey) ?? Guid.Empty;
KeyName = NamedGuidDictionary.ConditionGuids.Value.GetName(Key);
Type = field.type;
DataType = field.dataType;
}
internal IkeSecurityAssociation(IKEEXT_SA_DETAILS1 sa_details)
{
Id = sa_details.saId;
KeyModuleType = sa_details.keyModuleType;
LocalAddress = FirewallUtils.GetAddress(sa_details.ikeTraffic.ipVersion, sa_details.ikeTraffic.localAddress);
RemoteAddress = FirewallUtils.GetAddress(sa_details.ikeTraffic.ipVersion, sa_details.ikeTraffic.remoteAddress);
InitiatorCookie = sa_details.cookiePair.initiator;
ResponderCookie = sa_details.cookiePair.responder;
IkePolicyKey = sa_details.ikePolicyKey;
VirtualIfTunnelId = sa_details.virtualIfTunnelId;
CorrelationKey = sa_details.correlationKey.ToArray();
CipherAlgorithm = sa_details.ikeProposal.cipherAlgorithm.algoIdentifier;
KeyLength = sa_details.ikeProposal.cipherAlgorithm.keyLen;
Rounds = sa_details.ikeProposal.cipherAlgorithm.rounds;
IntegrityAlgorithm = sa_details.ikeProposal.integrityAlgorithm.algoIdentifier;
MaxLifetime = sa_details.ikeProposal.maxLifetimeSeconds;
DiffieHellmanGroup = sa_details.ikeProposal.dhGroup;
QuickModeLimit = sa_details.ikeProposal.quickModeLimit;
List <IkeCredentialPair> credentials = new List <IkeCredentialPair>();
if (sa_details.ikeCredentials.numCredentials > 0)
{
SafeHGlobalBuffer buf = new SafeHGlobalBuffer(sa_details.ikeCredentials.credentials, 1, false);
buf.Initialize <IKEEXT_CREDENTIAL_PAIR1>((uint)sa_details.ikeCredentials.numCredentials);
var arr = buf.ReadArray <IKEEXT_CREDENTIAL_PAIR1>(0, sa_details.ikeCredentials.numCredentials);
credentials.AddRange(arr.Select(c => new IkeCredentialPair(c)));
}
Credentials = credentials.AsReadOnly();
}
internal FirewallCallout(FWPM_CALLOUT0 callout, FirewallEngine engine, Func <SecurityInformation, bool, NtResult <SecurityDescriptor> > get_sd)
: base(callout.calloutKey, callout.displayData, NamedGuidDictionary.CalloutGuids.Value, engine, get_sd)
{
Flags = callout.flags;
ProviderData = callout.providerData.ToArray();
ProviderKey = FirewallUtils.ReadGuid(callout.providerKey) ?? Guid.Empty;
ApplicableLayer = callout.applicableLayer;
CalloutId = callout.calloutId;
}
public override IEnumerable <NtType> CreateTypes()
{
return(new NtType[] {
new NtType(FirewallUtils.FIREWALL_NT_TYPE_NAME, FirewallUtils.GetGenericMapping(),
typeof(FirewallAccessRights), typeof(FirewallAccessRights),
MandatoryLabelPolicy.NoWriteUp),
new NtType(FirewallUtils.FIREWALL_FILTER_NT_TYPE_NAME, FirewallUtils.GetFilterGenericMapping(),
typeof(FirewallFilterAccessRights), typeof(FirewallFilterAccessRights),
MandatoryLabelPolicy.NoWriteUp)
});
}
internal FirewallAleEndpoint(FWPS_ALE_ENDPOINT_PROPERTIES0 ep)
{
EndpointId = ep.endpointId;
LocalEndpoint = FirewallUtils.GetEndpoint(ep.ipVersion, ep.localAddress, ep.localPort);
RemoteEndpoint = FirewallUtils.GetEndpoint(ep.ipVersion, ep.remoteAddress, ep.remotePort);
IpProtocol = (ProtocolType)ep.ipProtocol;
LocalTokenModifiedId = new Luid(ep.localTokenModifiedId);
MmSaId = ep.mmSaId;
QmSaId = ep.qmSaId;
IPsecStatus = ep.ipsecStatus;
Flags = ep.flags;
AppId = Encoding.Unicode.GetString(ep.appId.ToArray()).TrimEnd('\0');
}
private protected FirewallNetEvent(IFwNetEvent net_event)
{
Type = net_event.Type;
var header = net_event.Header;
Flags = header.flags;
Timestamp = new LargeInteger(header.timeStamp.ToInt64()).ToDateTime();
IPProtocol = (ProtocolType)header.ipProtocol;
LocalEndpoint = FirewallUtils.GetEndpoint(header.ipVersion, header.localAddrV4, header.localAddrV6, header.localPort);
RemoteEndpoint = FirewallUtils.GetEndpoint(header.ipVersion, header.remoteAddrV4, header.remoteAddrV6, header.remotePort);
ScopeId = header.scopeId;
AppId = Encoding.Unicode.GetString(header.appId.ToArray()).TrimEnd('\0');
UserId = Sid.Parse(header.userId, false).GetResultOrDefault();
AddressFamily = header.addressFamily;
PackageSid = Sid.Parse(header.packageSid, false).GetResultOrDefault();
}
/// <summary>
/// Constructor.
/// </summary>
/// <param name="ale_layer">The ALE layer type..</param>
public FirewallFilterEnumTemplate(FirewallAleLayer ale_layer)
: this(FirewallUtils.GetLayerGuidForAleLayer(ale_layer))
{
}
/// <summary>
/// Add an executable filename condition.
/// </summary>
/// <param name="match_type">The match type for the condition.</param>
/// <param name="filename">The path to the file to use.</param>
public void AddFilename(FirewallMatchType match_type, string filename)
{
AddAppId(match_type, FirewallUtils.GetAppIdFromFileName(filename));
}
