fix(runner): reject mismatched IPv4 session addresses

[linkdata]

Summary

• reject IPv6 address bytes when dnstap marks the socket family as IPv4
• leave IPv4 session fields nil instead of converting mismatched bytes
• add a focused newSession regression test

Tests

• go test ./pkg/runner ./...

[coderabbitai]

Warning

Rate limit exceeded

@linkdata has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 59 minutes and 45 seconds before requesting another review.

To keep reviews running without waiting, you can enable usage-based add-on for your organization. This allows additional reviews beyond the hourly cap. Account admins can enable it under billing.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 1d20b920-8fd8-4df9-8a22-9bf70414e668

📥 Commits

Reviewing files that changed from the base of the PR and between b615285 and 6561c08.

📒 Files selected for processing (2)

• pkg/runner/partial_dnstap_test.go
• pkg/runner/runner.go

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Review rate limit: 0/1 reviews remaining, refill in 59 minutes and 45 seconds.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[linkdata]

Additional context from comment files

These notes were split from the local markdown comment files and attached here because they describe this PR's change.

Mismatched IPv4 Session Address Safety

• Bug: Session creation trusted SocketFamily_INET enough to call netip.Addr.As4() on the raw address bytes without first proving the parsed address was IPv4.
• Impact: A malformed dnstap message with IPv4 socket family metadata but IPv6-sized address bytes could panic the minimiser while building session output.
• Fix: IPv4 address conversion now unmapps IPv4-mapped addresses and returns an error for non-IPv4 parsed addresses instead of panicking.
• Reasoning: Socket family metadata is external input; mismatches should omit the affected session IP field and log the conversion error, not crash processing.
• Tests: Added session coverage for SocketFamily_INET paired with IPv6 query address bytes.