logstash-plugins · ldormoy · Oct 2, 2019 · Oct 2, 2019 · May 14, 2021 · Oct 25, 2021
diff --git a/docs/index.asciidoc b/docs/index.asciidoc
@@ -44,7 +44,7 @@ This plugin supports the following configuration options plus the <<plugins-{typ
 | <<plugins-{type}s-{plugin}-concatenate_sources>> |<<boolean,boolean>>|No
 | <<plugins-{type}s-{plugin}-concatenate_all_fields>> |<<boolean,boolean>>|No
 | <<plugins-{type}s-{plugin}-key>> |<<string,string>>|No
-| <<plugins-{type}s-{plugin}-method>> |<<string,string>>, one of `["SHA1", "SHA256", "SHA384", "SHA512", "MD5", "MURMUR3", "IPV4_NETWORK", "UUID", "PUNCTUATION"]`|Yes
+| <<plugins-{type}s-{plugin}-method>> |<<string,string>>, one of `["SHA1", "SHA256", "SHA384", "SHA512", "MD5", "MURMUR3", "IPV4_NETWORK", "IPV6_NETWORK", "UUID", "PUNCTUATION"]`|Yes
 | <<plugins-{type}s-{plugin}-source>> |<<array,array>>|No
 | <<plugins-{type}s-{plugin}-target>> |<<string,string>>|No
 |=======================================================================
@@ -95,14 +95,14 @@ source fields given.
   * Value type is <<string,string>>
   * There is no default value for this setting.
 
-When used with the `IPV4_NETWORK` method fill in the subnet prefix length.
+When used with the `IPV4_NETWORK` or `IPV6_NETWORK` method fill in the subnet prefix length.
 With other methods, optionally fill in the HMAC key.
 
 [id="plugins-{type}s-{plugin}-method"]
 ===== `method` 
 
   * This is a required setting.
-  * Value can be any of: `SHA1`, `SHA256`, `SHA384`, `SHA512`, `MD5`, `MURMUR3`, `IPV4_NETWORK`, `UUID`, `PUNCTUATION`
+  * Value can be any of: `SHA1`, `SHA256`, `SHA384`, `SHA512`, `MD5`, `MURMUR3`, `IPV4_NETWORK`, `IPV6_NETWORK`, `UUID`, `PUNCTUATION`
   * Default value is `"SHA1"`
 
 The fingerprint method to use.
@@ -119,6 +119,11 @@ the hash value will be the masked-out address using the number of bits
 specified in the `key` option. For example, with "1.2.3.4" as the input
 and `key` set to 16, the hash becomes "1.2.0.0".
 
+If set to `IPV6_NETWORK` the input data needs to be a IPv6 address and
+the hash value will be the masked-out address using the number of bits
+specified in the `key` option. For example, with "2001:db8:85a3::8a2e:370:7334" as the input
+and `key` set to 112, the hash becomes "2001:db8:85a3::8a2e:370:0".
+
 If set to `PUNCTUATION`, all non-punctuation characters will be removed
 from the input string.
 

diff --git a/lib/logstash/filters/fingerprint.rb b/lib/logstash/filters/fingerprint.rb
@@ -33,7 +33,7 @@ class LogStash::Filters::Fingerprint < LogStash::Filters::Base
   # Any current contents of that field will be overwritten.
   config :target, :validate => :string, :default => 'fingerprint'
 
-  # When used with the `IPV4_NETWORK` method fill in the subnet prefix length.
+  # When used with the `IPV4_NETWORK` or `IPV6_NETWORK` method fill in the subnet prefix length.
   # With other methods, optionally fill in the HMAC key.
   config :key, :validate => :string
 
@@ -55,13 +55,18 @@ class LogStash::Filters::Fingerprint < LogStash::Filters::Base
   # specified in the `key` option. For example, with "1.2.3.4" as the input
   # and `key` set to 16, the hash becomes "1.2.0.0".
   #
+  # If set to `IPV6_NETWORK` the input data needs to be a IPv6 address and
+  # the hash value will be the masked-out address using the number of bits
+  # specified in the `key` option. For example, with "2001:db8:85a3::8a2e:370:7334" as the input
+  # and `key` set to 112, the hash becomes "2001:db8:85a3::8a2e:370:0".
+  #
   # If set to `PUNCTUATION`, all non-punctuation characters will be removed
   # from the input string.
   #
   # If set to `UUID`, a
   # https://en.wikipedia.org/wiki/Universally_unique_identifier[UUID] will
   # be generated. The result will be random and thus not a consistent hash.
-  config :method, :validate => ['SHA1', 'SHA256', 'SHA384', 'SHA512', 'MD5', "MURMUR3", "IPV4_NETWORK", "UUID", "PUNCTUATION"], :required => true, :default => 'SHA1'
+  config :method, :validate => ['SHA1', 'SHA256', 'SHA384', 'SHA512', 'MD5', "MURMUR3", "IPV4_NETWORK", "IPV6_NETWORK", "UUID", "PUNCTUATION"], :required => true, :default => 'SHA1'
 
   # When set to `true` and `method` isn't `UUID` or `PUNCTUATION`, the
   # plugin concatenates the names and values of all fields given in the
@@ -92,6 +97,16 @@ def register
         )
       end
       class << self; alias_method :fingerprint, :fingerprint_ipv4_network; end
+    when :IPV6_NETWORK
+      if @key.nil?
+        raise LogStash::ConfigurationError, I18n.t(
+          "logstash.runner.configuration.invalid_plugin_register",
+          :plugin => "filter",
+          :type => "fingerprint",
+          :error => "Key value is empty. please fill in a subnet prefix length"
+        )
+      end
+      class << self; alias_method :fingerprint, :fingerprint_ipv6_network; end
     when :MURMUR3
       class << self; alias_method :fingerprint, :fingerprint_murmur3; end
     when :UUID
@@ -151,6 +166,11 @@ def fingerprint_ipv4_network(ip_string)
     IPAddr.new(ip_string).mask(@key.to_i).to_s.force_encoding(Encoding::UTF_8)
   end
 
+  def fingerprint_ipv6_network(ip_string)
+    # in JRuby 1.7.11 outputs as US-ASCII
+    IPAddr.new(ip_string).mask(@key.to_i).to_s.force_encoding(Encoding::UTF_8)
+  end
+
   def fingerprint_openssl(data)
     # since OpenSSL::Digest instances aren't thread safe, we must ensure that
     # each pipeline worker thread gets its own instance.

diff --git a/spec/filters/fingerprint_spec.rb b/spec/filters/fingerprint_spec.rb
@@ -20,6 +20,22 @@
     end
   end
 
+  describe "fingerprint ipaddress with IPV6_NETWORK method" do
+    config <<-CONFIG
+      filter {
+        fingerprint {
+          source => ["clientip"]
+          method => "IPV6_NETWORK"
+          key => 112
+        }
+      }
+    CONFIG
+
+    sample("clientip" => "2001:db8:85a3::8a2e:370:7334") do
+      insist { subject.get("fingerprint") } == "2001:db8:85a3::8a2e:370:0"
+    end
+  end
+
   describe "fingerprint string with MURMUR3 method" do
     config <<-CONFIG
       filter {