eve: add ip version field

Adds the field `ip_v` (integer) to the common fields of EVE.
To facilitate searches based on IP version, for instance.

Task #7047

etc/schema.json

@@ -54,6 +54,10 @@
         "in_iface": {
             "type": "string"
         },
+        "ip_v": {
+            "type": "integer",
+            "description": "IP version of the packet or flow"
+        },
         "log_level": {
             "type": "string"
         },

src/output-json-flow.c

@@ -143,6 +143,13 @@ static SCJsonBuilder *CreateEveHeaderFromFlow(const Flow *f)
             break;
     }
 
+    /* ip version */
+    if (FLOW_IS_IPV4(f)) {
+        SCJbSetUint(jb, "ip_v", 4);
+    } else if (FLOW_IS_IPV6(f)) {
+        SCJbSetUint(jb, "ip_v", 6);
+    }
+
     if (SCProtoNameValid(f->proto)) {
         SCJbSetString(jb, "proto", known_proto[f->proto]);
     } else {

src/output-json.c

@@ -902,6 +902,13 @@ SCJsonBuilder *CreateEveHeader(const Packet *p, enum SCOutputJsonLogDirection di
         SCJbSetString(js, "proto", addr->proto);
     }
 
+    /* ip version */
+    if (PacketIsIPv4(p)) {
+        SCJbSetUint(js, "ip_v", 4);
+    } else if (PacketIsIPv6(p)) {
+        SCJbSetUint(js, "ip_v", 6);
+    }
+
     /* icmp */
     switch (p->proto) {
         case IPPROTO_ICMP: