Bug #6276: community-id: Fix IPv6 address sorting not respecting byte order - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #6276

closed

community-id: Fix IPv6 address sorting not respecting byte order

Added by Arne Welzel over 1 year ago. Updated about 1 year ago.

Status:

Closed

Priority:

Normal

Assignee:

Arne Welzel

Target version:

7.0.1

Affected Versions:

Effort:

Difficulty:

Label:

Description

Reported by @AlyaGomaa on the pycommunityid project:

https://github.com/corelight/pycommunityid/issues/8

The following flow produces the wrong community id value:
```
"src_ip": "fe80:0000:0000:0000:00d2:4591:568e:c3d1",
"src_port": 5353,
"dest_ip": "ff02:0000:0000:0000:0000:0000:0000:00fb",
"dest_port": 5353,
"proto": "UDP",
```

Suricata 7.0.0 reports `1:JpepHprmBz0RFdlLGhEMO4jAPvA` while Zeek and pycommunityid report `1:Ij3wBn8AhEgwlNMz41h3vXi0yL8`.

It appears there's a bug in Suricata around sorting of IPv6 addresses - will open a PR.

Subtasks 1 (0 open — 1 closed)

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #6276

community-id: Fix IPv6 address sorting not respecting byte order

Updated by Jason Ish about 1 year ago

Updated by Philippe Antoine about 1 year ago

Updated by OISF Ticketbot about 1 year ago

Updated by OISF Ticketbot about 1 year ago

Updated by Jeff Lucovsky about 1 year ago

Updated by Jason Ish about 1 year ago