//----------------------------------------------------------------------------
//
// Copyright (c) Intel Corporation, 2010 All Rights Reserved.
//
//----------------------------------------------------------------------------
using System;
using System.Collections;
using System.Collections.Generic;
using System.Collections.ObjectModel;
using System.Net;
using Intel.Manageability;
using Intel.Manageability.Exceptions;
using Intel.Manageability.SystemDefense;
namespace SystemDefenseSample
{
class SystemDefenseFunctionality
{
///
/// Create policies and add them to the Intel AMT instance
///
/// The Intel AMT instance
internal static void CreatePolicy(IAMTInstance amt)
{
Collection policies = new Collection();
Collection filters = new Collection();
// ----------------------
// Create Policy #1
// ----------------------
// Prepare filter list (create ipfilter for block ipv4 packets and ethernet filter for rarp packets)
IPFilter ipFilter = FilterFactory.CreateIPFilter("ipFilter", FilterType.Drop, FilterDirection.Both, true, IPVersion.IPv4);
EthernetFilter etherFilter = FilterFactory.CreateEthernetFilter("etherFilter", FilterType.StatisticsAndDrop, FilterDirection.Incoming, false, (ushort)EtherTypes.ETH_TYPE_RARP);
// Add the filters we just created to the filter list
filters.Add(ipFilter);
filters.Add(etherFilter);
// Create policy and pass the filters list as a parameter
policies.Add(new Policy("MyPolicy1", 10, 150, filters));
// ----------------------
// Create Policy #2
// ----------------------
filters.Clear();
// Preapare filter list (create ipfilter for block ipv4 packets and ethernet filter for rarp packets)
TCPFilter tcpFilter = FilterFactory.CreateTCPFilter("tcpFilter", FilterType.Pass, FilterDirection.Incoming,
true, IPVersion.IPv4, HeaderIPAddress.Destination,
new IPAddress(new byte[] { 10, 0, 0, 2 }),
new IPAddress(new byte[] { 255, 255, 255, 0 }),
HeaderPortAddresses.Both, 80, 90,
TCPFlag.ACK | TCPFlag.FIN, TCPFlag.PUSH | TCPFlag.RST);
UDPFilter udpFilter = FilterFactory.CreateUDPFilter("udpFilter", FilterType.StatisticsAndPass, FilterDirection.Outgoing,
true, IPVersion.IPv4, HeaderPortAddresses.Both, 80, 92);
// Add the filters we just created to the filter list
filters.Add(tcpFilter);
filters.Add(udpFilter);
// Create policy with default Tx and Rx filters and pass the filters list as a parameter
PolicyFilter pFilter = new PolicyFilter(true, true, true);
policies.Add(new Policy("MyPolicy2", 5, 300, filters, pFilter, pFilter, AntiSpoofingSupport.Count));
// -------------------------------------------
// Add the policies to the Intel AMT instance
// -------------------------------------------
try
{
amt.SystemDefense.PolicyStore.CreateOrUpdatePolicies(policies);
Console.WriteLine("Create policy completed successfully.");
}
catch (ManageabilityException ex)
{
Console.WriteLine("Create policy failed with exception: " + ex.Message);
}
}
///
/// Delete policy by name
///
/// The Intel AMT instance
internal static void DeletePolicy(IAMTInstance amt, string policyName)
{
try
{
amt.SystemDefense.PolicyStore.DeletePolicy(policyName);
Console.WriteLine("Delete policy completed successfully.");
}
catch (ManageabilityException ex)
{
Console.WriteLine("Delete policy failed with exception: " + ex.Message);
}
}
///
/// Delete all policies
///
/// The Intel AMT instance
internal static void DeleteAllPolicies(IAMTInstance amt)
{
try
{
amt.SystemDefense.PolicyStore.DeleteAllPolicies();
Console.WriteLine("Delete all policies completed successfully.");
}
catch (ManageabilityException ex)
{
Console.WriteLine("Delete policies failed with exception: " + ex.Message);
}
}
///
/// Get all the policies and display their capabilities
///
/// The Intel AMT instance
internal static void DisplayPolicies(IAMTInstance amt)
{
try
{
// Retrieve all policies
Collection policies = amt.SystemDefense.PolicyStore.GetAllPolicies();
Console.WriteLine("Policies");
Console.WriteLine("---------");
// Go over the policies and display their capabilities
IEnumerator policyEnumerator = policies.GetEnumerator();
while (policyEnumerator.MoveNext())
{
Console.WriteLine();
PrintPolicyCentent(policyEnumerator.Current as Policy);
}
}
catch (ManageabilityException ex)
{
Console.WriteLine("Display policies failed with exception: " + ex.Message);
}
}
///
/// Get all the policies and display their capabilities
///
/// The Intel AMT instance
internal static void EnablePolicy(IAMTInstance amt, string policyName)
{
try
{
// Get the interfaces supported by the machine
NetworkInterface supportedInterface = amt.SystemDefense.GetSupportedInterface();
// Enable the desired policy on the supported interface
amt.SystemDefense.PolicyStore.EnableUserPolicy(policyName, supportedInterface);
Console.WriteLine("Enable policy completed successfully.");
}
catch (ManageabilityException ex)
{
Console.WriteLine("Enabled policy failed with exception: " + ex.Message);
}
}
///
/// Display policy statistics for wired interface
///
/// The Intel AMT instance
internal static void DisplayStatistics(IAMTInstance amt)
{
// Get the supported interfaces
NetworkInterface supportedInterfaces = amt.SystemDefense.GetSupportedInterface();
if ((supportedInterfaces & NetworkInterface.Wired) != 0)
{
try
{
// As the statistics are per filter in the Intel AMT instance, the GetStatistics() function retrieves a dictionary
// of filter and its statistics.
Dictionary filtersStatistics = amt.SystemDefense.PolicyStore.GetStatistics(NetworkInterface.Wired);
// Go over the filters and display the statistics parameters for each filter
Console.WriteLine("\nWired statistics:");
Console.WriteLine("-------------------");
IEnumerator enumerator = filtersStatistics.GetEnumerator();
while (enumerator.MoveNext())
{
KeyValuePair statistics = (KeyValuePair)enumerator.Current ;
Console.WriteLine("Filter {0}:", ((Filter)statistics.Key).Name);
Console.WriteLine("\tActivation time: {0} ", ((PolicyStatistics)statistics.Value).ActivationTime);
Console.WriteLine("\tFilter matched: {0} ", ((PolicyStatistics)statistics.Value).FilterMatched);
Console.WriteLine("\tLast reset time: {0} ", ((PolicyStatistics)statistics.Value).LastResetTime);
Console.WriteLine("\tRead count: {0} ", ((PolicyStatistics)statistics.Value).ReadCount);
}
}
catch (ManageabilityException ex)
{
Console.WriteLine("Get Statistics failed with exception: " + ex.Message);
}
}
}
///
/// Display system defense capabilities
///
/// The Intel AMT instance
internal static void DisplayCapabalities(IAMTInstance amt)
{
// Display general system defense capabilities
GeneralSystemDefenseCapabilities generalCapabilities = amt.SystemDefense.GetGeneralCapabilities();
Console.WriteLine("\nGeneral capabilities:");
Console.WriteLine("Max Supported Filters: " + generalCapabilities.MaxSupportedFilters);
Console.WriteLine("Max Supported Policies: " + generalCapabilities.MaxSupportedPolicies);
// Display system defense capabilities for Wired
NetworkInterface supportedInterface = amt.SystemDefense.GetSupportedInterface();
if ((NetworkInterface.Wired & supportedInterface) != 0)
{
NetworkInterfaceSystemDefenseCapabilities capabilities = amt.SystemDefense.GetNetworkInterfaceCapabilities(NetworkInterface.Wired);
Console.WriteLine("\nWired Capabilities:");
Console.WriteLine("IPv4MaxTxFilters: " + capabilities.IPv4MaxTxFilters);
Console.WriteLine("IPv4MaxTxCounters: " + capabilities.IPv4MaxTxCounters);
Console.WriteLine("IPv4MaxRxFilters: " + capabilities.IPv4MaxRxFilters);
Console.WriteLine("IPv4MaxRxCounters: " + capabilities.IPv4MaxRxCounters);
Console.WriteLine("IPv4AntiSpoofingCapable: " + capabilities.IPv4AntiSpoofingCapable);
Console.WriteLine("IPv6MaxTxFilters: " + capabilities.IPv6MaxTxFilters);
Console.WriteLine("IPv6MaxTxCounters: " + capabilities.IPv6MaxTxCounters);
Console.WriteLine("IPv6MaxRxFilters: " + capabilities.IPv6MaxRxFilters);
Console.WriteLine("IPv6MaxRxCounters: " + capabilities.IPv6MaxRxCounters);
Console.WriteLine("IPv6AntiSpoofingCapable: " + capabilities.IPv6AntiSpoofingCapable);
Console.WriteLine("IPv6ToIPv4Ratio: " + capabilities.IPv6ToIPv4Ratio);
}
}
#region Helper Methods
private static void PrintPolicyCentent(Policy policy)
{
Console.WriteLine("Policy Name: {0} ", policy.Name);
Console.WriteLine("\tPrecedence: {0} ", policy.Precedence);
Console.WriteLine("\tantiSpoofingSupport: {0} ", policy.antiSpoofingSupport);
Console.WriteLine("\tTimeout: {0} ", policy.Timeout);
Console.WriteLine("\tTx filter:\n\t\tDefaultCount: {0}\n\t\tDefaultDrop: {1}\n\t\tDefaultMatchEvent: {2}", policy.TxFilter.DefaultCount, policy.TxFilter.DefaultDrop, policy.TxFilter.DefaultMatchEvent);
Console.WriteLine("\tRx filter:\n\t\tDefaultCount: {0}\n\t\tDefaultDrop: {1}\n\t\tDefaultMatchEvent: {2}", policy.RxFilter.DefaultCount, policy.RxFilter.DefaultDrop, policy.RxFilter.DefaultMatchEvent);
// Go over the filters and display their capabilities
IEnumerator filterEnumerator = policy.Filters.GetEnumerator();
while (filterEnumerator.MoveNext())
{
Filter curFilter = filterEnumerator.Current as Filter;
if (curFilter is IPFilter)
{
PrintIPFilter(curFilter as IPFilter);
}
else if (curFilter is EthernetFilter)
{
PrintEthernetFilter(curFilter as EthernetFilter);
}
}
}
private static void PrintEthernetFilter(EthernetFilter ethernetFilter)
{
Console.WriteLine("\tFilter Name: {0} ", ethernetFilter.Name);
Console.WriteLine("\t\tFilter Direction: {0}", ethernetFilter.Direction.ToString());
Console.WriteLine("\t\tCreate Event: {0}", ethernetFilter.CreateEvent);
Console.WriteLine("\t\tFilter Profile: {0}", ethernetFilter.Profile.ToString());
if (ethernetFilter.Profile == FilterType.RateLimit)
Console.WriteLine("\t\tEvents Per Second: {0}", ethernetFilter.EventsPerSecond);
Console.WriteLine("\t\tProtocol ID: {0}", ethernetFilter.ProtocolID);
}
private static void PrintIPFilter(IPFilter ipFilter)
{
Console.WriteLine("\tFilter Name: {0} ", ipFilter.Name);
Console.WriteLine("\t\tFilter Direction: {0}", ipFilter.Direction.ToString());
Console.WriteLine("\t\tCreate Event: {0}", ipFilter.CreateEvent);
Console.WriteLine("\t\tFilter Profile: {0}", ipFilter.Profile.ToString());
if (ipFilter.Profile == FilterType.RateLimit)
Console.WriteLine("\t\tEvents Per Second: {0}", ipFilter.EventsPerSecond);
Console.WriteLine("\t\tIP Version: {0}", ipFilter.IpVersion.ToString());
if (ipFilter.IPAddress != null)
{
Console.WriteLine("\t\tIP Header Address: {0}", ipFilter.IPHeaderAddress.ToString());
Console.WriteLine("\t\tIP Address: {0}", ipFilter.IPAddress.ToString());
}
if (ipFilter.IPMask != null)
Console.WriteLine("\t\tIP Mask: {0}", ipFilter.IPMask.ToString());
if (ipFilter is ProtocolFilter)
Console.WriteLine("\t\tProtocol ID: {0}", ((ProtocolFilter)ipFilter).ProtocolID);
else if (ipFilter is TCPFilter)
{
Console.WriteLine("\t\tProtocol: TCP");
if (((TCPFilter)ipFilter).PortFilterExists)
{
Console.WriteLine("\t\tHeader Port Address: {0}", ((TCPFilter)ipFilter).HeaderPortAddress);
Console.WriteLine("\t\tPort1: {0}", ((TCPFilter)ipFilter).Port1);
Console.WriteLine("\t\tPort2: {0}", ((TCPFilter)ipFilter).Port2);
}
Console.WriteLine("\t\tFlags On: {0}", ((TCPFilter)ipFilter).FlagsOn);
Console.WriteLine("\t\tFlags Off: {0}", ((TCPFilter)ipFilter).FlagsOff);
}
else if (ipFilter is UDPFilter)
{
Console.WriteLine("\t\tProtocol: UDP");
Console.WriteLine("\t\tHeader Port Address: {0}", ((UDPFilter)ipFilter).HeaderPortAddress);
Console.WriteLine("\t\tPort1: {0}", ((UDPFilter)ipFilter).Port1);
Console.WriteLine("\t\tPort2: {0}", ((UDPFilter)ipFilter).Port2);
}
}
#endregion
}
}