Improve geolocation and other descriptions of the IPAddress (#38)

Co-authored-by: Raymond Fowkes <REFowkes@frontier.com>

Author: rayfo

src/NetBlame/Auxiliary/GeoLocation.cs

@@ -29,18 +29,62 @@ enum XmlName
 			bitfAll = bitfCountry | bitfRegion | bitfCity | bitfStatus
 		};
 
-		
+
+		/*
+			IPv4 CIDR (Classless Inter-Domain Routing)
+			https://datatracker.ietf.org/doc/html/rfc1918
+			10.*.*.*      // 24-bit block / class A
+			172.16-31.*.* // 20-bit block / class B
+			192.168.*.*   // 16-bit block / class C
+		*/
+		static bool IsIPv4CIDR(IPAddress ipAddr)
+		{
+			if (ipAddr.IsIPv4MappedToIPv6)
+				ipAddr = ipAddr.MapToIPv4();
+			else if (ipAddr.AddressFamily != System.Net.Sockets.AddressFamily.InterNetwork)
+				return false;
+
+			#pragma warning disable 0618 // obsolete: IPAddress.Address
+			uint address = (uint)ipAddr.Address;
+			#pragma warning restore 0618
+
+			// 10.*.*.*
+			if ((byte)address == 10)
+				return true;
+
+			// 192.168.*.*  ie.  C0.A8.*.*
+			if ((ushort)address == 0xA8C0)
+				return true;
+
+			// 172.16-31.*.*  ie.  AC.10-1F.*.*  ie.  0x10AC <= address <= 0x1FAC
+			if ((byte)address == 0xAC && (ushort)(address - 0x10AC) <= 0x0F00)
+				return true;
+
+			// none of the above
+			return false;
+		}
+
+
+		/*
+			Return a string representing the geolocation of this IPAddress.
+			Check first for special ranges representing LocalHost or a Local/Private Network.
+			Then contact geoplugin.com to get a geo-location string.
+		*/
 		public static string GetGeoLocation(IPAddress ipAddr)
 		{
 			if (ipAddr == null)
 				return string.Empty;
 
-			string strIpAddr = ipAddr.ToString();
-
-			if (strIpAddr.Equals(DNSClient.DNSTable.strAddrLocalHost))
+			if (IPAddress.IsLoopback(ipAddr))
 				return DNSClient.DNSTable.strLocalHost;
 
-			string strRequest = strGetXmlService + strIpAddr;
+			if (IsIPv4CIDR(ipAddr) || ipAddr.IsIPv6UniqueLocal || ipAddr.IsIPv6SiteLocal || ipAddr.IsIPv6LinkLocal)
+				return "Local/Private Network";
+
+			if (ipAddr.IsIPv6Multicast)
+				return "Multicast";
+
+			string strRequest = strGetXmlService + ipAddr.ToString();
 
 			try
 			{

src/NetBlame/Auxiliary/NetUtil.cs

@@ -84,8 +84,8 @@ public static void BreakWhen(bool c)
 		public static uint BitFromI(uint i) => (uint)1 << ((int)i - 1); // i: 1-based
 
 		// https://github.com/dotnet/runtime/issues/58378
-		static AddressFamily AF_HYPERV = (AddressFamily)34;
-		static AddressFamily AF_VSOCK = (AddressFamily)40;
+		public static AddressFamily AF_HYPERV = (AddressFamily)34;
+		public static AddressFamily AF_VSOCK = (AddressFamily)40;
 
 		static readonly IPEndPoint ipEndPointv4 = new IPEndPoint(0, 0);
 		static readonly IPEndPoint ipEndPointv6 = new IPEndPoint(IPAddress.IPv6Any, 0);
@@ -110,6 +110,7 @@ public static IPEndPoint NewEndPoint(in SocketAddress socket)
 			// AF_HYPERV & AF_VSOCK:
 			// https://learn.microsoft.com/en-us/virtualization/hyper-v-on-windows/user-guide/make-integration-service#bind-to-a-hyper-v-socket
 			// https://man7.org/linux/man-pages/man7/vsock.7.html
+			// https://github.com/search?q=repo%3Amicrosoft%2FWSL2-Linux-Kernel+AF_HYPERV
 
 			if (socket.Family == AF_HYPERV && socket.Size >= 20)
 			{
@@ -128,6 +129,18 @@ public static IPEndPoint NewEndPoint(in SocketAddress socket)
 				return (IPEndPoint)ipEndPointv6.Create(sa);
 			}
 
+			if (socket.Family == AF_HYPERV && socket.Size >= 16)
+			{
+				// Create an IpV6 socket and copy the data to the IpV6 address, and that's the best we can do.
+
+				SocketAddress sa = new SocketAddress(AddressFamily.InterNetworkV6, 64);
+
+				for (int i = 0; i < 12; ++i) { sa[i+12] = socket[i+4]; }
+				sa[3] = (byte)AF_HYPERV; // port = HyperV tag, big-endian
+
+				return (IPEndPoint)ipEndPointv6.Create(sa);
+			}
+
 			if (socket.Family == AF_VSOCK && socket.Size >= 12)
 			{
 				// Copy the svm_port and the svm_cid to the IPv6 address, and that's the best we can do.
@@ -235,6 +248,15 @@ static public string ServiceFromPort(int port)
 		{
 			switch (port)
 			{
+			case 20:
+			case 21:
+				return "FTP";
+			case 22:
+				return "SSH/SCP/SFTP";
+			case 23:
+				return "TELNET";
+			case 25:
+				return "SMTP";
 			case 53:
 				return "DNS";
 			case 80:
@@ -243,17 +265,38 @@ static public string ServiceFromPort(int port)
 				return "HTTP";
 			case 88:
 				return "Kerberos";
+			case 110:
+				return "POP3";
+			case 119:
+				return "NNTP";
+			case 123:
+				return "NTP";
 			case 135:
 				return "DCE/DHCP/DNS/WINS/DCOM";
-			case portLDAP:
+			case 137:
+				return "NetBIOS";
+			case 143:
+				return "IMAP";
+			case portLDAP: // 389
 				return "LDAP";
 			case 443:
 			case 8443:
 				return "HTTPS";
 			case 445:
 				return "AD/SMB";
+			case 465:
+				return "SMTPS";
+			case 563:
+				return "NNTPS";
 			case 636:
 				return "LDAPs";
+			case 989:
+			case 990:
+				return "FTPS";
+			case 993:
+				return "IMAPS";
+			case 995:
+				return "POP3S";
 			case 1433:
 				return "MSSQL";
 			case 2555:
@@ -264,6 +307,10 @@ static public string ServiceFromPort(int port)
 				return "LDAPs/AD";
 			case 3389:
 				return "TS/RDP";
+			case 5353:
+				return "UDP";
+			case 5355:
+				return "LLMNR";
 			case 5985:
 				return "CIM/DMTF";
 			case 7680:

src/NetBlame/Providers/WinsockAFD.cs

@@ -42,6 +42,8 @@ public enum IPPROTO : byte
 		UDP           = 17, // (datagram socket)
 		IDP           = 22,
 		RDP           = 27,
+		HyperV        = 34, // pseudo: AF_HYPERV
+		VSock         = 40, // pseudo: AF_VSOCK
 		IPV6          = 41, // IPv6 header
 		ROUTING       = 43, // IPv6 Routing header
 		FRAGMENT      = 44, // IPv6 fragmentation header
@@ -503,6 +505,10 @@ public void Dispatch(in IGenericEvent evt)
 					AssertImportant((cxn.ipProtocol==IPPROTO.TCP || cxn.ipProtocol==IPPROTO.ICMP) == (cxn.socktype==SOCKTYPE.SOCK_STREAM));
 					AssertImportant((cxn.ipProtocol==IPPROTO.UDP) == (cxn.socktype==SOCKTYPE.SOCK_DGRAM));
 
+					var family = (System.Net.Sockets.AddressFamily)evt.GetUInt32("AddressFamily");
+					if (family == AF_HYPERV) cxn.ipProtocol = IPPROTO.HyperV;
+					else if (family == AF_VSOCK) cxn.ipProtocol = IPPROTO.VSock;
+
 					cxn.xlink.GetLink(evt.ThreadId, cxn.timeCreate, in allTables.threadTable);
 					this.Add(cxn);
 				}