From e261a06a09329a5305e81b409de7be2c70c06fed Mon Sep 17 00:00:00 2001
From: Pavel Valach <pavel.valach@cesnet.cz>
Date: Thu, 10 Aug 2023 15:47:08 +0200
Subject: [PATCH] dionaea/log_wardenfiler.py: Add option of static target IPv4
 or IPv6

---
 dionaea/log_wardenfiler.py           | 16 ++++++++++++++--
 dionaea/log_wardenfiler.yaml.example |  2 ++
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/dionaea/log_wardenfiler.py b/dionaea/log_wardenfiler.py
index da70d1d..bd60dd3 100644
--- a/dionaea/log_wardenfiler.py
+++ b/dionaea/log_wardenfiler.py
@@ -128,6 +128,10 @@ class LogWardenfilerHandler(ihandler):
             self.nat_host = self._config.get('nat_host')
         if 'nat_port' in self._config:
             self.nat_port = self._config.get('nat_port')
+        if 'reported_ipv4' in self._config:
+            self.reported_ipv4 = self._config.get('reported_ipv4')
+        if 'reported_ipv6' in self._config:
+            self.reported_ipv6 = self._config.get('reported_ipv6')
         if 'anon_mask_4' in self._config:
             self.anon_mask_4 = self._config.get('anon_mask_4')
         if 'anon_mask_6' in self._config:
@@ -278,7 +282,13 @@ class LogWardenfilerHandler(ihandler):
             if dst_ip.startswith("::ffff:"):
                 dst_ip = dst_ip[7:]
 
-            if self.resolve_nat:
+            af = "IP4" if not ':' in src_ip else "IP6"
+
+            # Test for static IP to report as attack target
+            if af == "IP4" and self.reported_ipv4:
+                dst_ip = self.reported_ipv4
+            # Resolve NAT if instructed
+            elif af == "IP4" and self.resolve_nat:
                 s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
                 s.connect((self.nat_host, self.nat_port))
                 s.sendall((','.join((src_ip, str(con.local.port))).encode("utf-8")))
@@ -289,8 +299,10 @@ class LogWardenfilerHandler(ihandler):
                 else:
                     logger.warn("no translation for %s:%s" % (src_ip, con.local.port))
                     return()
+            elif af == "IP6" and self.reported_ipv6:
+                dst_ip = self.reported_ipv6
 
-            af = "IP4" if not ':' in src_ip else "IP6"
+            
             anon = (self.anon_mask_4 < 32) and (not ':' in  dst_ip) or (self.anon_mask_6 < 128)
             if anon:
                 dst_ip = [(
diff --git a/dionaea/log_wardenfiler.yaml.example b/dionaea/log_wardenfiler.yaml.example
index 3d96b51..2a7dfd4 100644
--- a/dionaea/log_wardenfiler.yaml.example
+++ b/dionaea/log_wardenfiler.yaml.example
@@ -4,6 +4,8 @@
     resolve_nat: no
     # nat_host: "gateway"
     # nat_port: 1456
+    # reported_ipv4: "198.51.100.42"
+    # reported_ipv6: "2001:db8:cafe:beef::42"
     # anon_mask_4: 24
     # anon_mask_6: 64
     aggr_win: 300
-- 
GitLab