Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
data loss using cidr_match() in rule with IPv6 address vs IPv4 subnet #5405
The short version is: testing an IPv6 address against an IPv4 subnet with
I have a pipeline that tests an IP address (e.g. source address of an SSH login attempt) against various known IPv4 and IPv6 subnets. Think of something like this:
This works as expected if
Despite the message stating it's only a warning, the result is actually that the message being processed is lost and will not turn up in any stream, not even in
How to reproduce
Using the pipeline's simulator one can see that an exception is thrown when such a test happens. Here's how to reproduce that exception using the simulator:
 Rule content:
 Traceback from
The reverse situation (testing an IPv4 address against an IPv6 subnet) works just fine. All three test cases finish in the simulator if I use the following rule:
I can work around this problem with a crude "is the address IPv6?" test before the
An additional problem is the one of data loss due to the exception thrown. But that's most likely a completely separate issue, and I'll open a second issue for it.
The mentioned workaround should really not be necessary: the
An exception is thrown, and the message is lost.