From 2c8b4008adfc587f91a7bf6c73f7abeb3f867258 Mon Sep 17 00:00:00 2001 From: 0x90-n Date: Thu, 11 Jul 2024 13:05:53 -0600 Subject: [PATCH 1/2] applying phantom ipv4 address from the reg response --- pkg/station/lib/registration_ingest.go | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/pkg/station/lib/registration_ingest.go b/pkg/station/lib/registration_ingest.go index 35845ca1..e16c079e 100644 --- a/pkg/station/lib/registration_ingest.go +++ b/pkg/station/lib/registration_ingest.go @@ -1,6 +1,7 @@ package lib import ( + "encoding/binary" "bytes" "context" "errors" @@ -418,6 +419,10 @@ func (rm *RegistrationManager) NewRegistrationC2SWrapper(c2sw *pb.C2SWrapper, in // If a C2SWrapper has a registration response at this stage EITHER auth was disabled OR it was // signed by a registration server and has overrides that should be applied var dstPort = -1 + + // Used to apply IPv4 overrides from the registration response + var ipv4Override net.IP + if rr := c2sw.GetRegistrationResponse(); rr != nil { if rr.DstPort != nil { dstPort = int(rr.GetDstPort()) @@ -429,7 +434,13 @@ func (rm *RegistrationManager) NewRegistrationC2SWrapper(c2sw *pb.C2SWrapper, in c2s.TransportParams = rr.GetTransportParams() } - // TODO: future, apply the ip addresses from the Registration response (rr.IPv4Addr, rr.IPv6Addr) + // apply the ip addresses from the registration response, if the Ipv4Addr is not empty + if rr.Ipv4Addr != nil && *rr.Ipv4Addr != 0 { + ipv4Bytes := make([]byte, 4) + binary.BigEndian.PutUint32(ipv4Bytes, *rr.Ipv4Addr) + ipv4Override = net.IP(ipv4Bytes) + } + } reg, err := rm.NewRegistration(c2s, &conjureKeys, includeV6, ®Src) @@ -437,6 +448,11 @@ func (rm *RegistrationManager) NewRegistrationC2SWrapper(c2sw *pb.C2SWrapper, in return nil, fmt.Errorf("failed to build registration: %w", err) } + if ipv4Override != nil { + // If the Ipv4Addr from the registration response is not empty, use it to override the IPv4 that the station derived + reg.PhantomIp = ipv4Override + } + clientAddr := net.IP(c2sw.GetRegistrationAddress()) if reg.PhantomIp.To4() != nil && clientAddr.To4() == nil { From 8926272cdb5944fa05b4b4f78a1164b847ff1c52 Mon Sep 17 00:00:00 2001 From: 0x90-n Date: Thu, 11 Jul 2024 15:22:23 -0600 Subject: [PATCH 2/2] fix to include v6 --- pkg/station/lib/registration_ingest.go | 28 +++++++++++++++++--------- 1 file changed, 18 insertions(+), 10 deletions(-) diff --git a/pkg/station/lib/registration_ingest.go b/pkg/station/lib/registration_ingest.go index e16c079e..09cbab0c 100644 --- a/pkg/station/lib/registration_ingest.go +++ b/pkg/station/lib/registration_ingest.go @@ -420,8 +420,8 @@ func (rm *RegistrationManager) NewRegistrationC2SWrapper(c2sw *pb.C2SWrapper, in // signed by a registration server and has overrides that should be applied var dstPort = -1 - // Used to apply IPv4 overrides from the registration response - var ipv4Override net.IP + // Used to apply phantom IP overrides from the registration response + var ipOverride net.IP if rr := c2sw.GetRegistrationResponse(); rr != nil { if rr.DstPort != nil { @@ -433,12 +433,19 @@ func (rm *RegistrationManager) NewRegistrationC2SWrapper(c2sw *pb.C2SWrapper, in if rr.GetTransportParams() != nil && !c2s.GetDisableRegistrarOverrides() { c2s.TransportParams = rr.GetTransportParams() } + if !includeV6 { + // apply the ipv4 address from the registration response, if rr.Ipv4Addr is not empty + if rr.Ipv4Addr != nil && *rr.Ipv4Addr != 0 { + ipv4Bytes := make([]byte, 4) + binary.BigEndian.PutUint32(ipv4Bytes, *rr.Ipv4Addr) + ipOverride = net.IP(ipv4Bytes) + } + } else { + // apply the ipv6 address from the registration response, if rr.Ipv6Addr is not empty + if rr.Ipv6Addr != nil { + ipOverride = net.IP(rr.Ipv6Addr) + } - // apply the ip addresses from the registration response, if the Ipv4Addr is not empty - if rr.Ipv4Addr != nil && *rr.Ipv4Addr != 0 { - ipv4Bytes := make([]byte, 4) - binary.BigEndian.PutUint32(ipv4Bytes, *rr.Ipv4Addr) - ipv4Override = net.IP(ipv4Bytes) } } @@ -448,9 +455,10 @@ func (rm *RegistrationManager) NewRegistrationC2SWrapper(c2sw *pb.C2SWrapper, in return nil, fmt.Errorf("failed to build registration: %w", err) } - if ipv4Override != nil { - // If the Ipv4Addr from the registration response is not empty, use it to override the IPv4 that the station derived - reg.PhantomIp = ipv4Override + if ipOverride != nil { + // If the ipOverride (which is populated by Ipv4Addr or Ipv6Addr from the registration response) + // is not empty, use it to override the phantom IP that the station derived + reg.PhantomIp = ipOverride } clientAddr := net.IP(c2sw.GetRegistrationAddress())