public LogItem(Program.LogEntry entry, string name) { this.entry = entry; this.name = name != null ? name : "[unknown progream]"; this.IsLocal = NetFunc.IsLocalHost(entry.FwEvent.RemoteAddress); this.IsMulti = NetFunc.IsMultiCast(entry.FwEvent.RemoteAddress); this.IsLan = FirewallRule.MatchAddress(entry.FwEvent.RemoteAddress, FirewallRule.AddrKeywordLocalSubnet); }
public LogEntry(FirewallEvent Event, ProgramID progID) { guid = Guid.NewGuid(); FwEvent = Event; ProgID = progID; if (NetFunc.IsLocalHost(FwEvent.RemoteAddress)) { Realm = Realms.LocalHost; } else if (NetFunc.IsMultiCast(FwEvent.RemoteAddress)) { Realm = Realms.MultiCast; } else if (FirewallManager.MatchAddress(FwEvent.RemoteAddress, FirewallRule.AddrKeywordLocalSubnet)) { Realm = Realms.LocalArea; } else { Realm = Realms.Internet; } }
public void GetHostName(int processId, IPAddress remoteAddress, object target, Action <object, string, NameSources> setter) { // sanity check if (remoteAddress.Equals(IPAddress.Any) || remoteAddress.Equals(IPAddress.IPv6Any)) { return; } if (remoteAddress.Equals(IPAddress.Loopback) || remoteAddress.Equals(IPAddress.IPv6Loopback)) { setter(target, "localhost", NameSources.ReverseDns); return; } if (NetFunc.IsMultiCast(remoteAddress)) { setter(target, "multicast.arpa", NameSources.ReverseDns); return; } NameSources Await = NameSources.None; if (queryWatcher.IsActive()) { string capturedName = FindMostRecentHost(queryWatcher.FindHostNames(processId, remoteAddress)); if (capturedName == null) { Await |= NameSources.CapturedQuery; } else { setter(target, capturedName, NameSources.CapturedQuery); } } if (Await != NameSources.None) { string cachedName = FindMostRecentHost(dnsCacheMonitor.FindHostNames(remoteAddress)); if (cachedName == null) { Await |= NameSources.CachedQuery; } else { setter(target, cachedName, NameSources.CachedQuery); } } int ReverseResolve = App.GetConfigInt("DnsInspector", "UseReverseDNS", 0); if (ReverseResolve == 2 || (ReverseResolve == 1 && (Await & NameSources.CachedQuery) != 0)) { string resolvedName = FindMostRecentHost(hostNameResolver.ResolveHostNames(remoteAddress)); if (resolvedName == null) { Await |= NameSources.ReverseDns; } else { setter(target, resolvedName, NameSources.ReverseDns); } } if (Await != NameSources.None) { HostObserveJob job = new HostObserveJob() { target = new WeakReference(target), setter = setter, processId = processId, remoteAddress = remoteAddress, Await = Await, timeOut = DateTime.Now.AddSeconds(30) }; ObserverJobs.Add(remoteAddress, job); } }
public bool OnActivity(ProgramSet prog, Program program, Priv10Engine.FwEventArgs args) { ProgramControl item = null; if (!ProgramList.Items.TryGetValue(args.guid.ToString(), out item)) { if (FirewallPage.DoFilter(CurFilter, prog)) { return(false); } item = ProgramList.AddItem(prog); args.update = false; } //Note: windows firewall doesn't block localhost acces so we ignore it //if (args.entry.State == Program.LogEntry.States.RuleError // && args.entry.FwEvent.Action == FirewallRule.Actions.Allow // && !NetFunc.IsLocalHost(args.entry.FwEvent.RemoteAddress)) // item.SetError(true); if ((chkNoLocal.IsChecked != true || (!NetFunc.IsLocalHost(args.entry.FwEvent.RemoteAddress) && !NetFunc.IsMultiCast(args.entry.FwEvent.RemoteAddress))) && (chkNoLan.IsChecked != true || !FirewallRule.MatchAddress(args.entry.FwEvent.RemoteAddress, FirewallRule.AddrKeywordLocalSubnet)) && args.entry.FwEvent.ProcessId != ProcFunc.CurID) // Note: When DNS proxy is nabled we are always very active, so ignore it { switch (args.entry.FwEvent.Action) { case FirewallRule.Actions.Allow: item.Flash(Colors.LightGreen); break; case FirewallRule.Actions.Block: item.Flash(Colors.LightPink); break; } } item.DoUpdate(prog); return(SortBy == Sorts.LastActivity); }