Пример #1
0
            public LogItem(Program.LogEntry entry, string name)
            {
                this.entry = entry;
                this.name  = name != null ? name : "[unknown progream]";

                this.IsLocal = NetFunc.IsLocalHost(entry.FwEvent.RemoteAddress);
                this.IsMulti = NetFunc.IsMultiCast(entry.FwEvent.RemoteAddress);
                this.IsLan   = FirewallRule.MatchAddress(entry.FwEvent.RemoteAddress, FirewallRule.AddrKeywordLocalSubnet);
            }
Пример #2
0
            public LogEntry(FirewallEvent Event, ProgramID progID)
            {
                guid    = Guid.NewGuid();
                FwEvent = Event;
                ProgID  = progID;

                if (NetFunc.IsLocalHost(FwEvent.RemoteAddress))
                {
                    Realm = Realms.LocalHost;
                }
                else if (NetFunc.IsMultiCast(FwEvent.RemoteAddress))
                {
                    Realm = Realms.MultiCast;
                }
                else if (FirewallManager.MatchAddress(FwEvent.RemoteAddress, FirewallRule.AddrKeywordLocalSubnet))
                {
                    Realm = Realms.LocalArea;
                }
                else
                {
                    Realm = Realms.Internet;
                }
            }
Пример #3
0
        public void GetHostName(int processId, IPAddress remoteAddress, object target, Action <object, string, NameSources> setter)
        {
            // sanity check
            if (remoteAddress.Equals(IPAddress.Any) || remoteAddress.Equals(IPAddress.IPv6Any))
            {
                return;
            }
            if (remoteAddress.Equals(IPAddress.Loopback) || remoteAddress.Equals(IPAddress.IPv6Loopback))
            {
                setter(target, "localhost", NameSources.ReverseDns);
                return;
            }
            if (NetFunc.IsMultiCast(remoteAddress))
            {
                setter(target, "multicast.arpa", NameSources.ReverseDns);
                return;
            }

            NameSources Await = NameSources.None;

            if (queryWatcher.IsActive())
            {
                string capturedName = FindMostRecentHost(queryWatcher.FindHostNames(processId, remoteAddress));
                if (capturedName == null)
                {
                    Await |= NameSources.CapturedQuery;
                }
                else
                {
                    setter(target, capturedName, NameSources.CapturedQuery);
                }
            }

            if (Await != NameSources.None)
            {
                string cachedName = FindMostRecentHost(dnsCacheMonitor.FindHostNames(remoteAddress));
                if (cachedName == null)
                {
                    Await |= NameSources.CachedQuery;
                }
                else
                {
                    setter(target, cachedName, NameSources.CachedQuery);
                }
            }

            int ReverseResolve = App.GetConfigInt("DnsInspector", "UseReverseDNS", 0);

            if (ReverseResolve == 2 || (ReverseResolve == 1 && (Await & NameSources.CachedQuery) != 0))
            {
                string resolvedName = FindMostRecentHost(hostNameResolver.ResolveHostNames(remoteAddress));
                if (resolvedName == null)
                {
                    Await |= NameSources.ReverseDns;
                }
                else
                {
                    setter(target, resolvedName, NameSources.ReverseDns);
                }
            }

            if (Await != NameSources.None)
            {
                HostObserveJob job = new HostObserveJob()
                {
                    target = new WeakReference(target), setter = setter, processId = processId, remoteAddress = remoteAddress, Await = Await, timeOut = DateTime.Now.AddSeconds(30)
                };
                ObserverJobs.Add(remoteAddress, job);
            }
        }
Пример #4
0
        public bool OnActivity(ProgramSet prog, Program program, Priv10Engine.FwEventArgs args)
        {
            ProgramControl item = null;

            if (!ProgramList.Items.TryGetValue(args.guid.ToString(), out item))
            {
                if (FirewallPage.DoFilter(CurFilter, prog))
                {
                    return(false);
                }

                item = ProgramList.AddItem(prog);

                args.update = false;
            }

            //Note: windows firewall doesn't block localhost acces so we ignore it
            //if (args.entry.State == Program.LogEntry.States.RuleError
            //  && args.entry.FwEvent.Action == FirewallRule.Actions.Allow
            //  && !NetFunc.IsLocalHost(args.entry.FwEvent.RemoteAddress))
            //    item.SetError(true);

            if ((chkNoLocal.IsChecked != true || (!NetFunc.IsLocalHost(args.entry.FwEvent.RemoteAddress) && !NetFunc.IsMultiCast(args.entry.FwEvent.RemoteAddress))) &&
                (chkNoLan.IsChecked != true || !FirewallRule.MatchAddress(args.entry.FwEvent.RemoteAddress, FirewallRule.AddrKeywordLocalSubnet)) &&
                args.entry.FwEvent.ProcessId != ProcFunc.CurID) // Note: When DNS proxy is nabled we are always very active, so ignore it
            {
                switch (args.entry.FwEvent.Action)
                {
                case FirewallRule.Actions.Allow: item.Flash(Colors.LightGreen); break;

                case FirewallRule.Actions.Block: item.Flash(Colors.LightPink); break;
                }
            }

            item.DoUpdate(prog);

            return(SortBy == Sorts.LastActivity);
        }