search

elastic / elasticsearch

Free and Open, Distributed, RESTful Search Engine
https://www.elastic.co/products/elasticsearch
Other
69.43k stars 24.57k forks source link

unable to CIDR match IPv4-mapped IPv6 #29288

Open reardencode opened 6 years ago

reardencode commented 6 years ago

Elasticsearch version 6.2.2

Description of the problem including expected versus actual behavior: Unable to search IPv4-mapped IPv6 via CIDR.

In theory any IPv4 IP should match the IPv4-mapped IPv6 CIDR of ::ffff:0:0/96

Steps to reproduce:

  1. Create an IP-type field mapping.
  2. Index a document with an IP like ::ffff:127.12.0.1
  3. Search with query_string "::ffff:0:0/96"
  4. See no matches.
elasticmachine commented 6 years ago

Pinging @elastic/es-search-aggs

jpountz commented 6 years ago

I tried to recreate this but get the following error instead:

DELETE test 

PUT test 
{
  "mappings": {
    "_doc": {
      "properties": {
        "ip": {
          "type": "ip"
        }
      }
    }
  }
}

PUT test/_doc/1
{
  "ip": "::ffff:127.12.0.1"
}

GET test/_search 
{
  "query": {
    "term": {
      "ip": "::ffff:0:0/96"
    }
  }
}
{
  "error": {
    "root_cause": [
      {
        "type": "query_shard_exception",
        "reason": "failed to create query: {\n  \"term\" : {\n    \"ip\" : {\n      \"value\" : \"::ffff:0:0/96\",\n      \"boost\" : 1.0\n    }\n  }\n}",
        "index_uuid": "qWVND_opRgCY6sJD-A89qg",
        "index": "test"
      }
    ],
    "type": "search_phase_execution_exception",
    "reason": "all shards failed",
    "phase": "query",
    "grouped": true,
    "failed_shards": [
      {
        "shard": 0,
        "index": "test",
        "node": "aZoN5HS9QYGSeIqvSephCg",
        "reason": {
          "type": "query_shard_exception",
          "reason": "failed to create query: {\n  \"term\" : {\n    \"ip\" : {\n      \"value\" : \"::ffff:0:0/96\",\n      \"boost\" : 1.0\n    }\n  }\n}",
          "index_uuid": "qWVND_opRgCY6sJD-A89qg",
          "index": "test",
          "caused_by": {
            "type": "illegal_argument_exception",
            "reason": "CIDR notation is not allowed with IPv6-mapped IPv4 address [::ffff:0:0 as it introduces ambiguity as to whether the prefix length should be interpreted as a v4 prefix length or a v6 prefix length"
          }
        }
      }
    ]
  },
  "status": 400
}

Can you clarify how you tested?

reardencode commented 6 years ago

Ah, I've been testing with:

{
  "query": {
    "query_string": {
      "query", "\"::ffff:0:0/96\""
    }
  }
}

I'm guessing (as is often the case) query_string is being lenient about errors and just silently not matching.

I guess I'm not seeing why Elasticsearch would properly analyze the input IPv4-mapped IPv6 address into an IPv4 address, but the not translate the IPv4-mapped IPv6 CIDR search to match against IPv4 addresses.

jimczi commented 6 years ago

I'm guessing (as is often the case) query_string is being lenient about errors and just silently not matching.

The query_string is not lenient y default but in your example we force the leniency because you didn't set a default field (default_field). If you set default_field:ip the query fails with the expected exception. It should also fail if you do "query": "ip:\"::ffff:0:0/96" but unfortunately the leniency applies to the entire query and not only the non-fielded text. I think it needs to be improved, I'll open a new issue.

elasticsearchmachine commented 1 month ago

Pinging @elastic/es-search-relevance (Team:Search Relevance)