IPv6 support for Sguil

[buzzdeee]

Work was done on OpenBSD, so I've some unrelated patches in use as well to make it integrate there as best as possible.

sguild server, sguil client, sensor scripts patched to handle IPv6 in addition to IPv4

• database schema updated to store IP addresses as varbinary(16)
  • access IP addresses with INET6_NTOA/INET6_ATON everywhere
  • no no database upgrade script
• sensors tested to be working:
  • suricata_agent: works well
  • snort_agent: retrieving logs from barnyard2 files, only IPv4, as I see it, it's a barnyard2 limitation
  • sancp_agent:
    • sancp itself doesn't support IPv6, but I used it with cxtracker for my testing
  • pads_agent:
    • pads itself doesn't support IPv6, but I used it with prads for my testing
  • pcap_agent: seems to do the trick
• autocat seems to work as well
  • however, my IPv6 patch made it require TCL 8.6
• what is not working IPv6 wise:
  • reverse DNS lookups of IPv6 in sguil client
    • it's not a problem in Sguil per-se, it's a limitation of tcllib, but should be easy to make it work: https://core.tcl-lang.org/tcllib/tktview?name=8168daf796
  • transcript generation relies on tcpflow, however, the version on OpenBSD is quite from the stone-age and doesn't support IPv6. A quick attempt to update it failed and I haven't yet bothered to look deeper into it.

Note: haven't looked at the ES integration part at all yet. However, have patches for the security-onion fork of Squert to add IPv6 support there as well.

[buzzdeee]

The reverse DNS for IPv6 problem will be gone with next tcllib version, seems my patch was integrated: https://core.tcl-lang.org/tcllib/tktview/8168daf796e4cc2a843f4d1a4f2f38e348197945