Project

General

Profile

Actions
Copy link

Bug #6276

closed

community-id: Fix IPv6 address sorting not respecting byte order

Added by Arne Welzel 9 months ago. Updated 8 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Arne Welzel
Target version:
7.0.1
Affected Versions:
Effort:
Difficulty:
Label:

Description

Reported by @AlyaGomaa on the pycommunityid project:

https://github.com/corelight/pycommunityid/issues/8

The following flow produces the wrong community id value:
```
"src_ip": "fe80:0000:0000:0000:00d2:4591:568e:c3d1",
"src_port": 5353,
"dest_ip": "ff02:0000:0000:0000:0000:0000:0000:00fb",
"dest_port": 5353,
"proto": "UDP",
```

Suricata 7.0.0 reports `1:JpepHprmBz0RFdlLGhEMO4jAPvA` while Zeek and pycommunityid report `1:Ij3wBn8AhEgwlNMz41h3vXi0yL8`.

It appears there's a bug in Suricata around sorting of IPv6 addresses - will open a PR.

Subtasks 1 (0 open1 closed)

Bug #6285: community-id: Fix IPv6 address sorting not respecting byte order (6.0.x backport)ClosedJason IshActions
Actions
Copy link
 #1

Updated by Jason Ish 8 months ago

  • Status changed from New to In Review
  • Label Needs backport to 6.0 added
Actions
Copy link
 #2

Updated by Philippe Antoine 8 months ago

  • Target version changed from TBD to 7.0.1
Actions
Copy link
 #3

Updated by OISF Ticketbot 8 months ago

  • Subtask #6285 added
Actions
Copy link
 #4

Updated by OISF Ticketbot 8 months ago

  • Label deleted (Needs backport to 6.0)
Actions
Copy link
 #5

Updated by Jeff Lucovsky 8 months ago

  • Status changed from In Review to Resolved
Actions
Copy link
 #6

Updated by Jason Ish 8 months ago

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: Atom PDF