Skip to content

Allow new documentation ranges in the validation of IPs #2529

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Apr 10, 2025
Merged

Allow new documentation ranges in the validation of IPs #2529

merged 3 commits into from
Apr 10, 2025

Conversation

mrodm
Copy link
Contributor

@mrodm mrodm commented Apr 9, 2025
edited
Loading

This PR adds the required ranges to the isDocumentation so they can be validated successfully in elastic-package tests.

If these ranges a test including for instance 3fff::1 would fail with this error:

[0] the IP "3fff::1" is not one of the allowed test IPs (see: https://github.com/elastic/elastic-package/blob/main/internal/fields/_static/allowed_geo_ips.txt)

But, that IP should be allowed since it is part of the documentation range 3fff::/20 (RFC9637)

How to test this PR locally

Test package apache now includes a log line including an IPv6 from range 3fff::/20:

cd test/packages/parallel/apache
elastic-package stack up -v -d
elastic-package test -v
elastic-package stack down -v

Relates #2476

@mrodm mrodm self-assigned this Apr 9, 2025
@mrodm mrodm marked this pull request as ready for review April 9, 2025 15:37
@mrodm mrodm requested a review from a team April 9, 2025 15:37
jsoriano
jsoriano approved these changes Apr 9, 2025
View reviewed changes
docs/howto/ingest_geoip.md Outdated
@@ -2,7 +2,19 @@

Elasticsearch provides default GeoIP databases that can be downloaded in runtime and which weights ~70 MB. This can be
a root cause of flakiness of package tests, so elastic-package embeds small samples of GeoIP databases, that can identify
accurately only few ranges of IP addresses included [here](../../internal/fields/_static/allowed_geo_ips.txt)
accurately only few ranges of IP addresses included [here](../../internal/fields/_static/allowed_geo_ips.txt).
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We want to eventually use documentation IP ranges only. I think we can remove the mention to allowed_geo_ips.txt in docs.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've updated this doc to remove that reference.
Could you check if that makes sense ? thanks!

mrodm
mrodm commented Apr 9, 2025
View reviewed changes
internal/fields/validate.go
Comment on lines +1285 to 1288
return len(ip) == net.IPv6len &&
(ip[0] == 32 && ip[1] == 1 && ip[2] == 13 && ip[3] == 184) ||
(ip[0] == 63 && ip[1] == 255 && ip[2] <= 15)
}
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Got these values from this code

package main

import (
	"fmt"
	"log"
	"net"
)
func main() {
	showBlocks("3fff:0000:0000:0000:0000:0000:0000:0000")
	showBlocks("3fff:0fff:ffff:ffff:ffff:ffff:ffff:ffff")
	fmt.Println()
	showBlocks("2001:0db8:0000:0000:0000:0000:0000:0000")
	showBlocks("2001:0db8:ffff:ffff:ffff:ffff:ffff:ffff")

}

func showBlocks(s string) {
	ip := net.ParseIP(s)
	if ip == nil {
		log.Fatalf("wrong ip: %s", s)
	}
	for i, k := range ip {
		fmt.Printf("ip[%d] == %d\n", i, k)
	}
}

@mrodm mrodm requested a review from jsoriano April 9, 2025 15:51
@elasticmachine
Copy link
Collaborator

💚 Build Succeeded

History

cc @mrodm

jsoriano
jsoriano approved these changes Apr 10, 2025
View reviewed changes
Copy link
Member

@jsoriano jsoriano left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@mrodm mrodm merged commit 8e3d6fe into elastic:main Apr 10, 2025
3 checks passed
@mrodm mrodm deleted the update_ranges_is_documentation branch April 10, 2025 17:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jsoriano jsoriano jsoriano approved these changes

Assignees

@mrodm mrodm

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mrodm @elasticmachine @jsoriano