It has been almost 10 years since I added my first commit to the mmanon module in rsyslog. In the meantime, I have kept myself busy with various university projects, though these were not really visible. Now, I want to avoid becoming rusty in terms of developing software, so I am getting back into the rsyslog codebase.
The mmanon module seems like the logical place to start. I looked over the code and the GitHub issues, and I noticed two main things I want to address.
- Collision-Free Anonymization
While looking over the code, I realized something important about the random-consistent mode. This mode randomizes a configurable number of the least significant bits and keeps that replacement consistent. This means that any original IP will always be randomized to the same generated IP. However, currently there is no check to avoid duplicates. This means it is possible for two different original IPs to be mapped to the same anonymized IP. To fix this, I plan to add a random-consistent-unique mode. This will ensure that mappings remain unique. Since ensuring uniqueness requires collision checks and retries—which could negatively affect runtime performance—I want to implement this as a new, optional mode. This gives users the choice between raw speed and guaranteed uniqueness while not affecting any of the behavior expected of the current random-consistent mode.
- Subnet Exceptions
There is also an older issue from 2019 asking for the ability to not anonymize certain subnets. This is useful for users who need to anonymize public traffic but want to keep internal network logs transparent. This seems like a useful feature that I can contribute to.
For these changes, I plan to use a code agent. While the original code I wrote for mmanon was written long before the time of these tools, I am curious to gain some experience in using them. I am also curious to try them out on larger, established codebases. So, once again, mmanon seems like a good place to start. In addition to the features I described, I plan to run an AI review on the module. This way, I can see if it finds any logical flaws or optimizations I might have missed. It will be interesting to see how the code I wrote a decade ago holds up against modern automated scrutiny and if the review actually provides useful input.