Suricata yaml IPv6 Range

Hi, I have a problem configuring ipv6 ranges in suricata yaml.
i am fine when i put ipv6 with subnet mask but when i put a ipv6 range i get error.

e.g TEST1,TEAM2,TEAM11 is working just fine but TEST12 gives me the error

14/4/2022 – 13:46:10 - - This is Suricata version 6.0.4 RELEASE running in SYSTEM mode
14/4/2022 – 13:46:14 - - [ERRCODE: SC_ERR_ADDRESS_ENGINE_GENERIC(89)] - address parsing error “2a07:1182:17:1::250-2a07:1182:17:1::254”
14/4/2022 – 13:46:14 - - [ERRCODE: SC_ERR_ADDRESS_ENGINE_GENERIC(89)] - Error parsing addresses
14/4/2022 – 13:46:14 - - [ERRCODE: SC_ERR_ADDRESS_ENGINE_GENERIC(89)] - Error parsing addresses
14/4/2022 – 13:46:14 - - [ERRCODE: SC_ERR_ADDRESS_ENGINE_GENERIC(89)] - failed to parse addresses

TEST1: “[100.99.17.0/24,2a07:1182:17:1007::/64]”
TEST2: “[10.17.11.0/25,2a07:1182:17:1002::/64]”
TEAM11: “[10.17.5.250-10.17.5.254,100.96.17.123-100.96.17.127,10.17.1.250-10.17.1.254,10.17.4.250-10.17.4.254,10.17.3.250-10.17.3.254,10.17.17.250-10.17.17.254,100.98.17.58-100.98.17.62,10.17.16.250-10.17.16.254,100.98.17.154-100.98.17.158,10.17.32.250-10.17.32.254,10.17.25.250-10.17.25.254,10.17.26.250-10.17.26.254,10.17.12.250-10.17.12.254,10.17.8.250-10.17.8.254,100.97.17.62,10.17.11.250-10.17.11.254,10.17.9.250-10.17.9.254,10.17.11.123-10.17.11.126]”
TEAM12: “[2a07:1182:17:1::250-2a07:1182:17:1::254,2a07:1182:17::250-2a07:1182:17::254,2a07:1182:17:2002::250-2a07:1182:17:2002::254,2a07:1182:17:2000::250-2a07:1182:17:2000::254,2a07:1182:17:2001::250-2a07:1182:17:2001::254,2a07:1182:17:4000::250-2a07:1182:17:4000::254,2a07:1182:17:4001::250-2a07:1182:17:4001::254,2a07:1182:17:1100::250-2a07:1182:17:1100::254,2a07:1182:17:1001::250-2a07:1182:17:1001::254,2a07:1182:17:1004::250-2a07:1182:17:1004::254,2a07:1182:17:1000::250-2a07:1182:17:1000::254,2a07:1182:17:1006::250-2a07:1182:17:1006::254,2a07:1182:17:1002::250-2a07:1182:17:1002::254]”

Without looking into the source code upfront I have one idea:

  • Try to avoid the shortened with “::” and test again.

Although we might just not have implemented proper parsing for IPv6 ranges, yet.