All Apps and Add-ons

Error while using Add-on developed using add-on builder on ipv6

jshah24
Explorer

Hi all,
We have one add-on which is developed using add-on builder.
We have configured the input in add-on and getting below error in logs.

2019-02-07 19:37:33,760 ERROR pid=30575 tid=MainThread file=base_modinput.py:log_error:307 | Traceback (most recent call last):
  File "/opt/splunk/etc/apps/TA-xxx/bin/xxx/modinput_wrapper/base_modinput.py", line 113, in stream_events
    self.parse_input_args(input_definition)
  File "/opt/splunk/etc/apps/TA-xxx/bin/xxx/modinput_wrapper/base_modinput.py", line 152, in parse_input_args
    self._parse_input_args_from_global_config(inputs)
  File "/opt/splunk/etc/apps/TA-xxx/bin/xxx/modinput_wrapper/base_modinput.py", line 170, in _parse_input_args_from_global_config
    global_config = GlobalConfig(uri, session_key, global_schema)
  File "/opt/splunk/etc/apps/TA-xxx/bin/xxx/splunktaucclib/global_config/__init__.py", line 51, in __init__
    port=splunkd_info.port,
  File "/opt/splunk/etc/apps/TA-xxx/bin/xxx/solnlib/net_utils.py", line 129, in wrapper
    'Illegal argument: {}={}'.format(arg, value))
ValueError: Illegal argument: host=::1

I'm using Splunk version 7.2.0 which is a standalone instance.

/opt/splunk/system/local/server.conf

[sslConfig]
sslPassword = xxxxxxxxxxx

[general]
pass4SymmKey = xxxxxxxxx
listenOnIPv6 = yes
connectUsingIpVersion = 6-first

[lmpool:auto_generated_pool_download-trial]
description = auto_generated_pool_download-trial
quota = MAX
slaves = *
stack_id = download-trial

[lmpool:auto_generated_pool_forwarder]
description = auto_generated_pool_forwarder
quota = MAX
slaves = *
stack_id = forwarder

[lmpool:auto_generated_pool_free]
description = auto_generated_pool_free
quota = MAX
slaves = *
stack_id = free

/opt/splunk/system/local/web.conf

[settings]
listenOnIPv6 = yes

We have tried to debug this issue and it looks like the method is_valid_hostname() inside net_utils.py file is not able to parse ipv6 address. below is the code of that method.

def is_valid_hostname(hostname):
    '''Validate a host name.

    :param hostname: host name to validate.
    :type hostname: ``string``
    :returns: True if is valid else False
    :rtype: ``bool``
    '''

    if len(hostname) > 255:
        return False
    if hostname[-1:] == '.':
        hostname = hostname[:-1]
    allowed = re.compile('(?!-)[A-Z\d-]{1,63}(?<!-)$', re.IGNORECASE)
    return all(allowed.match(x) for x in hostname.split('.'))

Is this a known issue of solnlib library or add-on builder or Am I missing something?
Can anyone help me with any fix or any workaround?

chli_splunk
Splunk Employee
Splunk Employee

Good catch. You can add ":" in the regex to match the host name like this:

allowed = re.compile('(?!-)[A-Z\d-:
]{1,63}(?

0 Karma

dbs22897
Engager

I have tried with the regex change. But I see a limitation here that I can use only hostname as proxy and not IP address. While in case of IPV4 I can use any of the hostname and IP address.

0 Karma

jshah24
Explorer

I was facing the issue with the data inputs page and not the proxy but I guess this method should work.
"allowed_ipv6" regex will allow the IPv6 addresses. Can you please debug by adding logs here to know the exact problem.
You can also try the below code which I have implemented.

def is_valid_hostname(hostname):
    '''Validate a host name.

    :param hostname: host name to validate.
    :type hostname: ``string``
    :returns: True if is valid else False
    :rtype: ``bool``
    '''

    if len(hostname) > 255:
        return False
    if hostname[-1:] == '.':
        hostname = hostname[:-1]
    allowed = re.compile('(?!-)[A-Z\d:-]{1,63}(?<!-)$', re.IGNORECASE)
    return all(allowed.match(x) for x in hostname.split('.'))
0 Karma

jshah24
Explorer

Thank you for your answer.

You are right on adding ":" in the regex but ":" has to be anywhere before "-" otherwise it will be interpreted wrongly in python and will throw an error.

We have modified the method as per below.

def is_valid_hostname(hostname):
    '''Validate a host name.

    :param hostname: host name to validate.
    :type hostname: ``string``
    :returns: True if is valid else False
    :rtype: ``bool``
    '''

    if len(hostname) > 255:
        return False
    if hostname[-1:] == '.':
        hostname = hostname[:-1]
    allowed = re.compile('(?!-)[A-Z\d-]{1,63}(?<!-)$', re.IGNORECASE)
    allowed_ipv6 = re.compile('(?!-)[A-Z\d-]{0,63}(?<!-)$', re.IGNORECASE)
    return (all(allowed.match(x) for x in hostname.split('.')) or all(allowed_ipv6.match(x) for x in hostname.split(':')))

Also, I just want to make sure that is there anything else in the configuration side or anything that I need to take care of while doing this change?

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...