diff --git a/lib/rackstash/filter/anonymize_ip_mask.rb b/lib/rackstash/filter/anonymize_ip_mask.rb index 97b6399..c5bb4a8 100644 --- a/lib/rackstash/filter/anonymize_ip_mask.rb +++ b/lib/rackstash/filter/anonymize_ip_mask.rb @@ -140,28 +140,22 @@ module Rackstash return nil end - native = ip.native - if native.ipv4? - masked = native.mask(32 - @ipv4_mask) - # Check whether the original IP address was an IPv4 address embedded - # into the IPv6 format. If the original IP was either an - # IPv4-compatible IPv6 addresses or an IPv4-mapped IPv6 addresses, we - # transform the resulting mapped IP address back into that format. - if ip.ipv6? - masked = if ip.ipv4_mapped? - masked.ipv4_mapped - else - # This is a bit awkward. Howeverm since Ruby 2.5.0 deprecated - # IPAddr#ipv4_compat, we have to do the transformation manually - # to avoid the associated warning. - IPAddr.new(masked, ::Socket::AF_INET6) - end - end - else - masked = native.mask(128 - @ipv6_mask) + if ip.ipv4? + masked_ip = ip.mask(32 - @ipv4_mask) + elsif ip.ipv4_mapped? || (ip.to_i >> 32) == 0 + # The `(ip.to_i >> 32) == 0` check above tests whether the IP appears + # to be an IPv4-compatible IPv6 addresses. We do this manually to + # avoid the deprecated `IPAddr#ipv4_compat?` method. We can perform a + # simplified check here since after masking, the regular IPv6 + # addresses '::' and '::1' will both be masked of as '::' anyways + # since we require to mask off at least one bit for both IPv4 and IPv6 + # addresses. + masked_ip = ip.mask(128 - @ipv4_mask) + elsif ip.ipv6? + masked_ip = ip.mask(128 - @ipv6_mask) end - masked.to_s.force_encoding(Encoding::UTF_8) + masked_ip.to_s.force_encoding(Encoding::UTF_8) end end