output/ipv6: Add per-output configuration option to shorten IPv6 IP addresses#14871
output/ipv6: Add per-output configuration option to shorten IPv6 IP addresses#14871
Conversation
Issue: 7399 Utility function to shorten IPv6 addresses per RFC-5952
Issue: 7399 Determine the EVE IPv6 address display and use that when generating external display representation.
Issue: 7399 Add shorten ipv6 setting to file context.
When configured, display the short form of the IPv6 address. Issue: 7399
Issue: 7399 Document the IPv6 display behavior and how to display IPv6 addresses in their shortened form (per RFC-5952).
jlucovsky
requested review from
a team,
jasonish,
jufajardini and
victorjulien
as code owners
|
Information: QA ran without warnings. Pipeline = 29826 |
| filename: fast.log | ||
| append: yes | ||
| # Shorten IPv6 addresses per RFC5952 as they are added to the fast log. The default is no. | ||
| # ipv6-addr-shorten: no |
There was a problem hiding this comment.
Whats common lingo here? Compressed address format? Shortened format?
There was a problem hiding this comment.
Oh, and here its called canonical: https://datatracker.ietf.org/doc/html/rfc5952#section-4
There was a problem hiding this comment.
@jasonish Is the suggestion to s/shorten/canonicalize/ everywhere?
There was a problem hiding this comment.
More a question of what's commonly used in other tooling. And following along.
There was a problem hiding this comment.
Understood; should we make changes based on your findings?
There was a problem hiding this comment.
I'm seeing "compressed" format used a lot. But given that most tools seem to use this compressed format by default, I see "expanded" format used more as a toggle setting :)
My preference would be a setting named compress-ipv6 or something like that? But would like to know if anyone else agrees.
3 participants
Continuation of #14867
Display IPv6 addresses in long (default) or shortened form per RFC-5952, based on the per-output configuration setting. Each of these outputs will display shortened IPv6 addresses when the per-output config setting
ipv6-addr-shortenisyes.Here's an example of an IPv6 address with its shortened value::
fe80:0000:0000:0000:020c:29ff:faf2:ab42fe80::20c:29ff:faf2:ab42Link to ticket: https://redmine.openinfosecfoundation.org/issues/7399
Describe changes:
Updates:
Provide values to any of the below to override the defaults.
link to the pull request in the respective
_BRANCHvariable.SV_REPO=
SV_BRANCH=OISF/suricata-verify#2789
SU_REPO=
SU_BRANCH=