# HG changeset patch
# User Matthew Wild <mwild1@gmail.com>
# Date 1678820379 0
# Node ID f3123cbbd8947a5183a567cfa83e8ecc0663266e
# Parent  d9577083c5f5de3b3d4134f748d2ebbedd88ed01
mod_audit: Allow disabling IP logging, or limiting it to a prefix

diff -r d9577083c5f5 -r f3123cbbd894 mod_audit/mod_audit.lua
--- a/mod_audit/mod_audit.lua	Tue Mar 14 17:48:44 2023 +0000
+++ b/mod_audit/mod_audit.lua	Tue Mar 14 18:59:39 2023 +0000
@@ -3,7 +3,12 @@
 local audit_log_limit = module:get_option_number("audit_log_limit", 10000);
 local cleanup_after = module:get_option_string("audit_log_expires_after", "2w");
 
+local attach_ips = module:get_option_boolean("audit_log_ips", true);
+local attach_ipv4_prefix = module:get_option_number("audit_log_ipv4_prefix", nil);
+local attach_ipv6_prefix = module:get_option_number("audit_log_ipv6_prefix", nil);
+
 local time_now = os.time;
+local ip = require "util.ip";
 local st = require "util.stanza";
 local moduleapi = require "core.moduleapi";
 
@@ -23,6 +28,17 @@
 
 setmetatable(stores, { __index = get_store });
 
+local function get_ip_network(ip_addr)
+	local _ip = ip.new_ip(ip_addr);
+	local proto = _ip.proto;
+	local network;
+	if proto == "IPv4" and attach_ipv4_prefix then
+		network = ip.truncate(_ip, attach_ipv4_prefix).normal.."/"..attach_ipv4_prefix;
+	elseif proto == "IPv6" and attach_ipv6_prefix then
+		network = ip.truncate(_ip, attach_ipv6_prefix).normal.."/"..attach_ipv6_prefix;
+	end
+	return network;
+end
 
 local function session_extra(session)
 	local attr = {
@@ -35,8 +51,12 @@
 		attr.type = session.type;
 	end
 	local stanza = st.stanza("session", attr);
-	if session.ip then
-		stanza:text_tag("remote-ip", session.ip);
+	if attach_ips and session.ip then
+		local remote_ip, network = session.ip;
+		if attach_ipv4_prefix or attach_ipv6_prefix then
+			network = get_ip_network(remote_ip);
+		end
+		stanza:text_tag("remote-ip", network or remote_ip);
 	end
 	if session.client_id then
 		stanza:text_tag("client", session.client_id);