Skip to content

output/ipv6: Add configuration option to shorten IPv6 IP addresses #14636

Closed
jlucovsky wants to merge 2 commits intoOISF:mainfrom
jlucovsky:7399.v2/8
Closed

output/ipv6: Add configuration option to shorten IPv6 IP addresses #14636
jlucovsky wants to merge 2 commits intoOISF:mainfrom
jlucovsky:7399.v2/8

Conversation

@jlucovsky
Copy link
Contributor

@jlucovsky jlucovsky commented Jan 16, 2026

Continuation of #14458

Add a configuration option for outputting shortened IPv6 addresses per RFC-5952

The configuration option:
logging.ipv6-addr-shorten has a default value of no.

When set to yes, IPv6 addresses will be shortened everywhere they are output. E.g., the IPv6 address fe80:0000:0000:0000:020c:29ff:faf2:ab42 will be output as fe80::20c:29ff:faf2:ab42

Link to ticket: https://redmine.openinfosecfoundation.org/issues/7399

Describe changes:

  • Add a configuration variable for choosing shortened IPv6 IP addresses
  • Add Rust logic to create a shortened IPv6 address
  • Document changes and usage.

Updates:

  • Address Clippy issues
  • Renamed Rust function to conform to API-naming standard
  • Eliminated extra copy in Rust function
  • s-v test updates.
  • Removed commented-out line from Rust module; added copyright
  • Misc doc updates.
  • Rearranged copyright notice
  • Updated s-v test cases with min-version
  • Formatted with rustfmt
  • Added test cases
  • Changed return for detection of success/failure.
  • Fixed issue handling return value.
  • Rust updates to use MSRV-compatible from
  • Removed mention of ipv6 shorten config from upgrade doc.

Provide values to any of the below to override the defaults.

  • To use a Suricata-Verify or Suricata-Update pull request,
    link to the pull request in the respective _BRANCH variable.
  • Leave unused overrides blank or remove.

SV_REPO=
SV_BRANCH=OISF/suricata-verify#2789
SU_REPO=
SU_BRANCH=

@jlucovsky
output/ipv6: Use short ipv6 when configured
4028369 
Issue: 7399

Use shortened IPv6 addresses in all output when configured.

IPv6 addresses are shortened per RFC5952

By default, IPv6 addresses are never shortened; set
logging.ipv6-addr-shorten=yes to shorten.

Added Rust utility function to create shortened IPv6 address.
@jlucovsky
doc/ipv6: Config variable for shortened IPv6 addr
7c7f989 
Document the configuration variable logging.ipv6-addr-shorten

Issue: 7399
@jlucovsky jlucovsky mentioned this pull request Jan 16, 2026
Closed
@codecov
Copy link

codecov bot commented Jan 16, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 99.14530% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 82.11%. Comparing base (56c1552) to head (7c7f989).
⚠️ Report is 79 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #14636      +/-   ##
==========================================
+ Coverage   82.10%   82.11%   +0.01%     
==========================================
  Files        1015     1016       +1     
  Lines      262771   262888     +117     
==========================================
+ Hits       215752   215881     +129     
+ Misses      47019    47007      -12
Flag Coverage Δ
fuzzcorpus 60.17% <8.82%> (-0.02%) ⬇️
livemode 18.69% <5.88%> (-0.01%) ⬇️
pcap 44.54% <8.82%> (-0.03%) ⬇️
suricata-verify 65.03% <94.11%> (-0.01%) ⬇️
unittests 59.28% <94.87%> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@suricata-qa
Copy link

suricata-qa commented Jan 16, 2026

Information: QA ran without warnings.

Pipeline = 29157

catenacyber
catenacyber reviewed Jan 23, 2026
View reviewed changes
Copy link
Contributor

@catenacyber catenacyber left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the work,

CI : ✅
Code : looking
Commits segmentation : I would squash them, but ok...
Commit messages : 🟡 it is not logging.ipv6-addr-shorten anymore but the commit message says it is
Git ID set : looks fine for me
CLA : you already contributed
Doc update : good
Redmine ticket : ok
Rustfmt : good
Tests : 🟡 there are some unanswered questions/comments on the SV PR
Dependencies added: none

catenacyber
catenacyber reviewed Jan 23, 2026
View reviewed changes
rust/src/utils/ip_addr.rs
let bytes = std::slice::from_raw_parts(addr, 16);

let mut fixed = [0u8; 16];
fixed.copy_from_slice(bytes);
Copy link
Contributor

@catenacyber catenacyber Jan 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jasonish do we need the copy ? Can we not use the addr pointer and cast it to a 16-byte array ? (instead of a slice)

catenacyber
catenacyber reviewed Jan 23, 2026
View reviewed changes
rust/src/utils/ip_addr.rs
return 0;
}

// Copy string + NULL termination
Copy link
Contributor

@catenacyber catenacyber Jan 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This does not do NULL-termination, does it ?
It relies on the caller having nulled the buffer before, right ?

catenacyber
catenacyber reviewed Jan 23, 2026
View reviewed changes
rust/src/utils/ip_addr.rs

// Sufficient room?
if ipv6_str.len() + 1 > out_len {
return 0;
Copy link
Contributor

@catenacyber catenacyber Jan 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

add a debug valdation as this should never happen ?

Copy link
Contributor Author

@jlucovsky jlucovsky Feb 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

will do.

@jlucovsky jlucovsky mentioned this pull request Feb 8, 2026
Open
@jlucovsky
Copy link
Contributor Author

jlucovsky commented Feb 8, 2026

Continued in #14770

@jlucovsky jlucovsky closed this Feb 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@catenacyber catenacyber catenacyber left review comments

@jasonish jasonish Awaiting requested review from jasonish jasonish is a code owner

@jufajardini jufajardini Awaiting requested review from jufajardini jufajardini is a code owner

@victorjulien victorjulien Awaiting requested review from victorjulien victorjulien is a code owner

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jlucovsky @suricata-qa @catenacyber