pmrfc3164: fix HOSTNAME parse for IPv6 address literals

Non-tech: IPv6 support in rfc3164 parsing so legacy pipelines keep
headers intact when devices send IPv6 addresses instead of DNS names.

Impact: user-visible bugfix; RFC3164 forwarding stays well-formed for
IPv6-only sources.

Before: an IPv6 literal in HOSTNAME broke parsing and misaligned the
forwarded header. After: valid IPv6 literals (optionally bracketed)
are accepted as HOSTNAME; TAG parsing remains in sync.

Technical: when normal hostname recognition fails, the parser scans
the next token up to space. If it contains a colon and validates via
inet_pton(AF_INET6), the token becomes HOSTNAME. Bracketed tokens are
accepted only when permit.squarebracketsinhostname is on. The parse
pointer advances past the token and any trailing space to preserve the
RFC3164 flow. Hostname size limits (CONF_HOSTNAME_MAXSIZE) remain.
A regression test (pmrfc3164-ipv6-hostname.sh) exercises both forms and
is added to tests/Makefile.am.

Fixes: rsyslog#3012

With the help of AI agents: Google Jules

Author: rgerhards

tests/Makefile.am

@@ -95,6 +95,7 @@ TESTS_DEFAULT = \
 	prop-programname-with-slashes.sh \
 	hostname-with-slash-pmrfc5424.sh \
 	hostname-with-slash-pmrfc3164.sh \
+	pmrfc3164-ipv6-hostname.sh \
 	hostname-with-slash-dflt-invld.sh \
 	func-substring-invld-startpos.sh \
 	func-substring-large-endpos.sh \
@@ -2733,34 +2734,60 @@ test_files = testbench.h runtime-dummy.c
 DISTCLEANFILES=rsyslog.pid
 
 distclean-local:
+
 	rm -rf .dep_cache .dep_wrk
 
 
 
 EXTRA_DIST += \
+
 	faketime_common.sh \
+
 	privdrop_common.sh \
+
 	rscript_compare-common.sh \
+
 	rscript_parse_time_get-ts.py \
+
 	queue-persist-drvr.sh \
+
 	daqueue-persist-drvr.sh \
+
 	snmptrapreceiverv2.py \
+
 	validate_json_shell.sh \
+
 	tls-check-for-certificate.sh \
+
 	set-envvars.in \
+
 	urlencode.py \
+
 	dns_srv_mock.py \
+
 	omrelp-keepalive.sh \
+
 	improg-simul.sh \
+
 	sndrcv_drvr.sh \
+
 	sndrcv_drvr_noexit.sh \
+
 	diag.sh \
+
 	testsuites/mmexternal-SegFault-mm-python.py \
+
 	testsuites/mmsnareparse/sample-custom-pattern.data \
+
 	testsuites/mmsnareparse/sample-windows2022-security.data \
+
 	testsuites/mmsnareparse/sample-windows2025-security.data \
+
 	testsuites/mmsnareparse/sample-events.data \
+
 	1.rstest 2.rstest 3.rstest err1.rstest \
+
+
 	testsuites/include-std1-omfile-action.conf \
 	testsuites/include-std2-omfile-action.conf \
 	tls-certs/ca-key.pem \

tests/pmrfc3164-ipv6-hostname.sh

@@ -0,0 +1,24 @@
+#!/bin/bash
+## Test RFC3164 parser accepts IPv6 literals as HOSTNAME.
+. ${srcdir:=.}/diag.sh init
+generate_conf
+add_conf '
+module(load="../plugins/imtcp/.libs/imtcp")
+input(type="imtcp" port="0" listenPortFileName="'$RSYSLOG_DYNNAME'.tcpflood_port" ruleset="customparser")
+parser(name="custom.rfc3164" type="pmrfc3164" permit.squarebracketsinhostname="on")
+template(name="outfmt" type="string" string="%hostname%\n")
+
+ruleset(name="customparser" parser="custom.rfc3164") {
+	action(type="omfile" template="outfmt" file="'$RSYSLOG_OUT_LOG'")
+}
+'
+startup
+tcpflood -m1 -M "\"<129>Mar 10 01:00:00 2001:db8::1 tag: msgnum:1\""
+tcpflood -m1 -M "\"<129>Mar 10 01:00:00 [2001:db8::2] tag: msgnum:2\""
+shutdown_when_empty
+wait_shutdown
+export EXPECTED='2001:db8::1
+[2001:db8::2]'
+cmp_exact
+
+exit_test

tools/pmrfc3164.c

@@ -32,6 +32,7 @@
 #include <errno.h>
 #include <ctype.h>
 #include <unistd.h>
+#include <arpa/inet.h>
 #include "syslogd.h"
 #include "conf.h"
 #include "syslogd-types.h"
@@ -63,6 +64,32 @@ DEFobjCurrIf(ruleset);
 /* static data */
 static int bParseHOSTNAMEandTAG; /* cache for the equally-named global param - performance enhancement */
 
+static sbool isIPv6HostnameToken(const uchar* token, const size_t token_len, const int permitSquareBrackets) {
+    struct in6_addr addr;
+    char addr_buf[INET6_ADDRSTRLEN];
+    const uchar* addr_start = token;
+    size_t addr_len = token_len;
+
+    if (token_len == 0 || token_len >= (sizeof(addr_buf) - 1)) {
+        return RSFALSE;
+    }
+
+    if (token[0] == '[' && token[token_len - 1] == ']') {
+        if (!permitSquareBrackets) {
+            return RSFALSE;
+        }
+        addr_start = token + 1;
+        addr_len = token_len - 2;
+        if (addr_len == 0 || addr_len >= (sizeof(addr_buf) - 1)) {
+            return RSFALSE;
+        }
+    }
+
+    memcpy(addr_buf, addr_start, addr_len);
+    addr_buf[addr_len] = '\0';
+    return (inet_pton(AF_INET6, addr_buf, &addr) == 1) ? RSTRUE : RSFALSE;
+}
+
 
 /* parser instance parameters */
 static struct cnfparamdescr parserpdescr[] = {
@@ -430,6 +457,7 @@ BEGINparse2
                 MsgSetHOSTNAME(pMsg, bufParseHOSTNAME, i);
             } else {
                 int isHostName = 0;
+                size_t ipv6HostLen = 0;
                 if (i > 0) {
                     if (bHadSBracket) {
                         if (p2parse[i] == ']') {
@@ -445,6 +473,26 @@ BEGINparse2
                     if (p2parse[i] != ' ') isHostName = 0;
                 }
 
+                if (!isHostName && lenMsg > 0) {
+                    for (ipv6HostLen = 0; ipv6HostLen < (size_t)lenMsg && p2parse[ipv6HostLen] != ' ' &&
+                                          ipv6HostLen < (CONF_HOSTNAME_MAXSIZE - 1);
+                         ++ipv6HostLen) {
+                    }
+                    if (ipv6HostLen > 0 && memchr(p2parse, ':', ipv6HostLen) != NULL &&
+                        isIPv6HostnameToken(p2parse, ipv6HostLen, pInst->bPermitSquareBracketsInHostname)) {
+                        memcpy(bufParseHOSTNAME, p2parse, ipv6HostLen);
+                        bufParseHOSTNAME[ipv6HostLen] = '\0';
+                        MsgSetHOSTNAME(pMsg, bufParseHOSTNAME, ipv6HostLen);
+                        if (ipv6HostLen < (size_t)lenMsg && p2parse[ipv6HostLen] == ' ') {
+                            p2parse += ipv6HostLen + 1;
+                            lenMsg -= (int)(ipv6HostLen + 1);
+                        } else {
+                            p2parse += ipv6HostLen;
+                            lenMsg -= (int)ipv6HostLen;
+                        }
+                    }
+                }
+
                 if (isHostName) {
                     /* we got a hostname! */
                     p2parse += i + 1; /* "eat" it (including SP delimiter) */