[Snort-devel] Snort IPv6 database schema

Edward Fjellskål edwardfjellskaal at ...2499...
Tue Nov 2 13:25:58 EDT 2010


On 11/02/2010 12:42 PM, Yun Zheng Hu wrote:
> Hello,
> 
> IPv6 is becoming more and more important nowadays. Although Snort
> supports it, full support for IPv6 alert/log outputting to a database
> is still lacking.
> This is because the current [1] Snort database schema (v107) does not
> yet support IPv6 headers. Maybe just add a new table "ip6hdr"?
> 
> So, is there any timeframe on when this will be added/supported? Maybe
> just add a new table "ip6hdr" ?
> When official support for ipv6 is added to the schema then spooler
> programs such as Barnyard could easily add support for it's database
> plugins as well.
> 
> [1] http://cvs.snort.org/viewcvs.cgi/snort/schemas/create_mysql?rev=1.6&content-type=text/vnd.viewcvs-markup
> 
> Regards,
> Yun

Hi,

Regards to that, I search the Internet a year back ago, but did
not find any solution to implement IPv6 in MySQL.
As long as MySQL dont add it to engine, we are out of real luck...
PGSQL has IPv6 support default :)

But I did find this blog post, which I sanitized, tested, and now
uses for putting IPv6 into MySQL.
http://oierud.name/bliki/IPv6AdressesAndMysql.html
The blog post is actually from a friend of mine, so I did have the
chance to chat with him in person about it.
This way was the only sain way I found back then.

I don't know if MySQL in newer versions supports IPv6, but enlighten me
if it does :)

Here is an example of the use with perl:
http://github.com/gamelinux/cxtracker/blob/master/bin/cxtracker2db.pl
http://github.com/gamelinux/cxtracker/blob/master/doc/INSTALL

E

> 
> ------------------------------------------------------------------------------
> Nokia and AT&T present the 2010 Calling All Innovators-North America contest
> Create new apps & games for the Nokia N8 for consumers in  U.S. and Canada
> $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing
> Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store 
> http://p.sf.net/sfu/nokia-dev2dev
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel





More information about the Snort-devel mailing list