[syslog-ng] [PATCH] anonymizing filter

[Wolfram Schlich]

* Micah Anderson <micah at riseup.net> [2007-12-04 16:41]:
> * Wolfram Schlich <lists at wolfram.schlich.org> [071204 06:05]:
> > * Micah Anderson <micah at riseup.net> [2007-11-30 20:04]:
> > [...]
> > > +  if (!g_ascii_strcasecmp(re, "ips"))
> > > +    re = "(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])([\\.\\-](25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])){3}";
> > 
> > Urgh, that's IPv4 only. Boo!! :-P
> 
> Same boo happened last time around and nobody could come up with a more
> elegant one than proposed:

:P

> It can get complex. Here is an example IPv6 regexp:
> (http://blogs.msdn.com/mpoulson/archive/2005/01/10/350037.aspx)
> > Const strIPv6Pattern as string =
> > "\A(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}\z"
> > Const strIPv6Pattern_HEXCompressed as string =
> > "\A((?:[0-9A-Fa-f]{1,4}(?::[0-9A-Fa-f]{1,4})*)?)::((?:[0-9A-Fa-f]{1,4}(?::[0-9A-Fa-f]{1,4})*)?)\z"
> > Const StrIPv6Pattern_6Hex4Dec as string =
> > "\A((?:[0-9A-Fa-f]{1,4}:){6,6})(25[0-5]|2[0-4]\d|[0-1]?\d?\d)(\.(25[0-5]|2[0-4]\d|[0-1]?\d?\d)){3}\z"
> > Const StrIPv6Pattern_Hex4DecCompressed as string =
> > "\A((?:[0-9A-Fa-f]{1,4}(?::[0-9A-Fa-f]{1,4})*)?)
> > ::((?:[0-9A-Fa-f]{1,4}:)*)(25[0-5]|2[0-4]\d|[0-1]?\d?\d)(\.(25[0-5]|2[0-4]\d|[0-1]?\d?\d)){3}\z"
> 
> The tricky part is that you can mix decimal IPv4 with hex IPv6,

How can that be?! Can you show me an example, please?

> and leave out multiple blocks of 0's, but not more than once.

Yeah. Nothing fancy :)

> Anyone have a more elegant expression?

As there are dozens ov IPv6 capable programs out there that are able
to parse IPv6 addresses from e.g. config files, it should be
relatively easy to get some impressions on how it could be done.

But anyway, I'm not really interested in your patch due to not being a
"generic message rewriting facility" currently, so don't spend time on
that IPv6 thingy just because I yelled :o)
-- 
Regards,
Wolfram Schlich <wschlich at gentoo.org>
Gentoo Linux * http://dev.gentoo.org/~wschlich/