Skip to content

output/ipv6: Add per-output configuration option to shorten IPv6 IP addresses#14867

Closed
jlucovsky wants to merge 5 commits intoOISF:mainfrom
jlucovsky:7399/4
Closed

output/ipv6: Add per-output configuration option to shorten IPv6 IP addresses#14867
jlucovsky wants to merge 5 commits intoOISF:mainfrom
jlucovsky:7399/4

Conversation

@jlucovsky
Copy link
Contributor

@jlucovsky jlucovsky commented Feb 21, 2026

Continuation of #14819

Display IPv6 addresses in long (default) or shortened form per RFC-5952, based on the per-output configuration setting. Each of these outputs will display shortened IPv6 addresses when the per-output config setting ipv6-addr-shorten is yes.

  • EVE output
  • Fast output
  • Alert-debug output
  • Alert syslog output
  • tcp-data log output

Here's an example of an IPv6 address with its shortened value::

fe80:0000:0000:0000:020c:29ff:faf2:ab42
fe80::20c:29ff:faf2:ab42

Link to ticket: https://redmine.openinfosecfoundation.org/issues/7399

Describe changes:

  • Document configuration settings affecting IPv6 address display
  • Default settings in suricata.yaml.in
  • Utility function that generates shortened IPv6 addresses per RFC-5952
  • EVE modifications to honor config setting
  • Alert-debug/fast/syslog modifications to honor config setting.

Updates:

Provide values to any of the below to override the defaults.

  • To use a Suricata-Verify or Suricata-Update pull request,
    link to the pull request in the respective _BRANCH variable.
  • Leave unused overrides blank or remove.

SV_REPO=
SV_BRANCH=OISF/suricata-verify#2789
SU_REPO=
SU_BRANCH=

@jlucovsky
output/ipv6: Utility function to shorten IPv6 addrs
8f1e0d4 
Issue: 7399

Utility function to shorten IPv6 addresses per RFC-5952
@jlucovsky
output/eve: EVE output to use IPv6 shorten cfg
1164af0 
Issue: 7399

Determine the EVE IPv6 address display and use that when generating
external display representation.
@jlucovsky
output/log: ipv6-shorten member to file context
f85cf5d 
Issue: 7399

Add shorten ipv6 setting to file context.
@jlucovsky
output/log: IPv6 addr display per cfg
a84ce31 
When configured, display the short form of the IPv6 address.

Issue: 7399
@jlucovsky
doc/output: Document the IPv6 display behavior
ac3223e 
Issue: 7399

Document the IPv6 display behavior and how to display IPv6 addresses in
their shortened form (per RFC-5952).
@jlucovsky jlucovsky mentioned this pull request Feb 21, 2026
Closed
@suricata-qa
Copy link

suricata-qa commented Feb 21, 2026

Information: QA ran without warnings.

Pipeline = 29813

@jlucovsky jlucovsky mentioned this pull request Feb 22, 2026
Closed
@jlucovsky
Copy link
Contributor Author

jlucovsky commented Feb 22, 2026

Continued in #14871

@jlucovsky jlucovsky closed this Feb 22, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jasonish jasonish Awaiting requested review from jasonish jasonish is a code owner

@jufajardini jufajardini Awaiting requested review from jufajardini jufajardini is a code owner

@victorjulien victorjulien Awaiting requested review from victorjulien victorjulien is a code owner

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jlucovsky @suricata-qa