Actions
Bug #6276
closedcommunity-id: Fix IPv6 address sorting not respecting byte order
Affected Versions:
Effort:
Difficulty:
Label:
Description
Reported by @AlyaGomaa on the pycommunityid project:
https://github.com/corelight/pycommunityid/issues/8
The following flow produces the wrong community id value:
```
"src_ip": "fe80:0000:0000:0000:00d2:4591:568e:c3d1",
"src_port": 5353,
"dest_ip": "ff02:0000:0000:0000:0000:0000:0000:00fb",
"dest_port": 5353,
"proto": "UDP",
```
Suricata 7.0.0 reports `1:JpepHprmBz0RFdlLGhEMO4jAPvA` while Zeek and pycommunityid report `1:Ij3wBn8AhEgwlNMz41h3vXi0yL8`.
It appears there's a bug in Suricata around sorting of IPv6 addresses - will open a PR.
Updated by Jason Ish over 1 year ago
- Status changed from New to In Review
- Label Needs backport to 6.0 added
PR for review: https://github.com/OISF/suricata/pull/9399
Updated by Philippe Antoine over 1 year ago
- Target version changed from TBD to 7.0.1
Updated by Jeff Lucovsky over 1 year ago
- Status changed from In Review to Resolved
Actions