Open reardencode opened 6 years ago
Pinging @elastic/es-search-aggs
I tried to recreate this but get the following error instead:
DELETE test
PUT test
{
"mappings": {
"_doc": {
"properties": {
"ip": {
"type": "ip"
}
}
}
}
}
PUT test/_doc/1
{
"ip": "::ffff:127.12.0.1"
}
GET test/_search
{
"query": {
"term": {
"ip": "::ffff:0:0/96"
}
}
}
{
"error": {
"root_cause": [
{
"type": "query_shard_exception",
"reason": "failed to create query: {\n \"term\" : {\n \"ip\" : {\n \"value\" : \"::ffff:0:0/96\",\n \"boost\" : 1.0\n }\n }\n}",
"index_uuid": "qWVND_opRgCY6sJD-A89qg",
"index": "test"
}
],
"type": "search_phase_execution_exception",
"reason": "all shards failed",
"phase": "query",
"grouped": true,
"failed_shards": [
{
"shard": 0,
"index": "test",
"node": "aZoN5HS9QYGSeIqvSephCg",
"reason": {
"type": "query_shard_exception",
"reason": "failed to create query: {\n \"term\" : {\n \"ip\" : {\n \"value\" : \"::ffff:0:0/96\",\n \"boost\" : 1.0\n }\n }\n}",
"index_uuid": "qWVND_opRgCY6sJD-A89qg",
"index": "test",
"caused_by": {
"type": "illegal_argument_exception",
"reason": "CIDR notation is not allowed with IPv6-mapped IPv4 address [::ffff:0:0 as it introduces ambiguity as to whether the prefix length should be interpreted as a v4 prefix length or a v6 prefix length"
}
}
}
]
},
"status": 400
}
Can you clarify how you tested?
Ah, I've been testing with:
{
"query": {
"query_string": {
"query", "\"::ffff:0:0/96\""
}
}
}
I'm guessing (as is often the case) query_string is being lenient about errors and just silently not matching.
I guess I'm not seeing why Elasticsearch would properly analyze the input IPv4-mapped IPv6 address into an IPv4 address, but the not translate the IPv4-mapped IPv6 CIDR search to match against IPv4 addresses.
I'm guessing (as is often the case) query_string is being lenient about errors and just silently not matching.
The query_string
is not lenient y default but in your example we force the leniency because you didn't set a default field (default_field
). If you set default_field:ip
the query fails with the expected exception. It should also fail if you do "query": "ip:\"::ffff:0:0/96"
but unfortunately the leniency applies to the entire query and not only the non-fielded text. I think it needs to be improved, I'll open a new issue.
Pinging @elastic/es-search-relevance (Team:Search Relevance)
Elasticsearch version 6.2.2
Description of the problem including expected versus actual behavior: Unable to search IPv4-mapped IPv6 via CIDR.
In theory any IPv4 IP should match the IPv4-mapped IPv6 CIDR of
::ffff:0:0/96
Steps to reproduce:
::ffff:127.12.0.1
"::ffff:0:0/96"