From 525e6051f950bfb9bc1337945762d2f9f003688f Mon Sep 17 00:00:00 2001
From: jmwample <jack.wampler@colorado.edu>
Date: Wed, 8 Dec 2021 11:18:34 -0700
Subject: [PATCH] Apply fixes for #114 liveness collisions

This fix attempts to address two contributing factors to a relatively
large number of live phantoms seen in a multi-station deployment.
* refactor, simplify, and add test for detector filter list checks in detector
* add EnableV{4,6} check before continuing with a liveness scan for IPv{4,6}
---
 application/main.go   | 11 ++++++++-
 src/process_packet.rs | 53 +++++++++++++++++++++----------------------
 2 files changed, 36 insertions(+), 28 deletions(-)

diff --git a/application/main.go b/application/main.go
index de7ef11a..8815cd1c 100644
--- a/application/main.go
+++ b/application/main.go
@@ -237,10 +237,19 @@ func get_zmq_updates(connectAddr string, regManager *cj.RegistrationManager, con
 				}
 
 				if !reg.PreScanned() {
+
+					// Do not run a liveness scan for a registration for ip
+					// versions that are not enabled in config.
+					if reg.DarkDecoy.To4() != nil && !conf.EnableIPv4 {
+						continue
+					} else if reg.DarkDecoy.To4() == nil && !conf.EnableIPv6 {
+						continue
+					}
+
 					// New registration received over channel that requires liveness scan for the phantom
 					liveness, response := regManager.PhantomIsLive(reg.DarkDecoy.String(), 443)
 
-					if liveness == true {
+					if liveness {
 						logger.Printf("Dropping registration %v -- live phantom: %v\n", reg.IDString(), response)
 						if response.Error() == lt.CACHED_PHANTOM_MSG {
 							cj.Stat().AddLivenessCached()
diff --git a/src/process_packet.rs b/src/process_packet.rs
index d56ba87a..8d3a86b2 100644
--- a/src/process_packet.rs
+++ b/src/process_packet.rs
@@ -207,22 +207,17 @@ impl PerCoreGlobal {
         let dd_flow = FlowNoSrcPort::from_flow(&flow);
         if self.flow_tracker.is_phantom_session(&dd_flow) {
             // Handle packet destined for registered IP
-            match self.filter_station_traffic(flow.src_ip.to_string()) {
-                // traffic was sent by another station, likely liveness testing.
-                None => {}
-
+            if !self.is_station_traffic(flow.src_ip.to_string()) {
                 // Non station traffic, forward to application to handle
-                Some(_) => {
-                    if (tcp_flags & TcpFlags::SYN) != 0 && (tcp_flags & TcpFlags::ACK) == 0 {
-                        debug!("Connection for registered Phantom {}", flow);
-                    }
-                    // Update expire time if necessary
-                    self.flow_tracker.update_phantom_flow(&dd_flow);
-                    // Forward packet...
-                    self.forward_pkt(&ip_pkt);
-                    // TODO: if it was RST or FIN, close things
-                    return;
+                if (tcp_flags & TcpFlags::SYN) != 0 && (tcp_flags & TcpFlags::ACK) == 0 {
+                    debug!("Connection for registered Phantom {}", flow);
                 }
+                // Update expire time if necessary
+                self.flow_tracker.update_phantom_flow(&dd_flow);
+                // Forward packet...
+                self.forward_pkt(&ip_pkt);
+                // TODO: if it was RST or FIN, close things
+                return;
             }
         }
 
@@ -354,23 +349,23 @@ impl PerCoreGlobal {
     /// # Examples
     ///
     /// ```compile_fail
-    /// let flow_src_station = String::from("192.122.200.231");
-    /// let flow_src_client = String::from("128.138.89.172");
+    /// # extern crate rust_dark_decoy;
+    /// # use rust_dark_decoy::PerCoreGlobal;
+    /// # fn main() {
+    /// # ::std::env::set_var("CJ_STATION_CONFIG", "./application/config.toml");
+    /// let s = crate::PerCoreGlobal{};
+    /// let flow_src_station = String::from("10.0.0.1");
+    /// let flow_src_client = String::from("172.16.0.1");
     ///
-    /// let station = filter_station_traffic(flow_src_station);
-    /// let client = filter_station_traffic(flow_src_client);
+    /// let station = s.is_station_traffic(flow_src_station);
+    /// let client = s.is_station_traffic(flow_src_client);
     ///
     /// assert_eq!(None, station);
     /// assert_eq!(Some(()), client);
+    /// # }
     /// ```
-    fn filter_station_traffic(&mut self, src: String) -> Option<()> {
-        for addr in self.filter_list.iter() {
-            if src == *addr {
-                return None;
-            }
-        }
-
-        Some(())
+    fn is_station_traffic(&mut self, src: String) -> bool {
+        self.filter_list.contains(&src)
     }
 } // impl PerCoreGlobal
 
@@ -382,7 +377,7 @@ mod tests {
     use StationConfig;
 
     #[test]
-    fn test_filter_station_traffic() {
+    fn test_is_station_traffic() {
         env::set_var("CJ_STATION_CONFIG", "./application/config.toml");
 
         // --
@@ -399,5 +394,9 @@ mod tests {
         for net in nets.iter() {
             println!("{}", net);
         }
+
+        assert_eq!(true, nets.contains(&String::from("127.0.0.1")));
+        assert_eq!(true, nets.contains(&String::from("::1")));
+        assert_eq!(false, nets.contains(&String::from("127.0.0.2")))
     }
 }