diff options
| author | Jake Hunsaker <jhunsake@redhat.com> | 2022-11-03 10:51:40 -0400 |
|---|---|---|
| committer | Jake Hunsaker <jhunsake@redhat.com> | 2022-11-30 13:25:53 -0500 |
| commit | d70f0a18d5dc632021e3aa5a84e60d4171772a48 (patch) | |
| tree | 7dbbb82634e15141d029b01b575c1cab5586bbf3 /man | |
| parent | 54f3e7e0279029cfe980dd92baf64def7bb7cb36 (diff) | |
| download | sos-d70f0a18d5dc632021e3aa5a84e60d4171772a48.tar.gz | |
[cleaner,ipv6] Add support for IPv6 obfuscation
This commit adds a new parser and accompanying map for obfuscating IPv6
addresses.
This new parser will attempt to capture valid IPv6 networks and
addresses, and produce a mostly-randomized obfuscated pair. Due to the
multiple formats an IPv6 address can take, some identifiers are
necessary to preserve relevant information while still obfuscating
actual addresses and networks.
For example, global unicast addresses that have more than one defined
hextet (greater than /16 prefix) will always generate an obfuscated
address starting with `534f` (or 'so', continuing the style of our mac
address handling that uses 'sos' as an identifier). Addresses with a /16
prefix or less, will start with simply '53'. Private addresses, which
start with `fd` will generate an obfuscated address starting with
`fd53`, so that the contextual understanding that it is a private
network/address can remain. Link-local addresses which start with
`fe80::` will remain that way, only having the device hextets obfuscated
- again, keeping the contextual information that it is a link-local
interface intact, as otherwise these obfuscations may confuse end
users reviewing an sos report for problems.
Note that the address `::1` and `::/0` are explicitly skipped and never
obfuscated, for the same reasons given above.
Additionally, this parser/map will write data to the default map (and
any per-run private maps) differently than previous parsers. Rather than
simply dumping the obfuscation pairs into the map, it is broken up via
network, with hosts belonging to that network nested inside those
network entries (still being json-formatted). Users will also note that
the ipv6 entries in the map also have a `version` key, which is intended
to be used for handling future updates to the parser/map when upgrading
from an older sos version to a newer one. This may or may not be carried
over to future updates to other parsers.
Closes: #3008
Related: RHBZ#2134906
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
Diffstat (limited to 'man')
| -rw-r--r-- | man/en/sos-clean.1 | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/man/en/sos-clean.1 b/man/en/sos-clean.1 index 7fd2df08..e8506eeb 100644 --- a/man/en/sos-clean.1 +++ b/man/en/sos-clean.1 @@ -60,8 +60,8 @@ Note that using this option is very likely to leave sensitive information in pla the target archive, so only use this option when absolutely necessary or you have complete trust in the party/parties that may handle the generated report. -Valid values for this option are currently: \fBhostname\fR, \fBip\fR, \fBmac\fR, \fBkeyword\fR, -and \fBusername\fR. +Valid values for this option are currently: \fBhostname\fR, \fBip\fR, \fBipv6\fR, +\fBmac\fR, \fBkeyword\fR, and \fBusername\fR. .TP .B \-\-keywords KEYWORDS Provide a comma-delimited list of keywords to scrub in addition to the default parsers. |