All Apps and Add-ons

Error while using Add-on developed using add-on builder on ipv6

jshah24
Explorer

Hi all,
We have one add-on which is developed using add-on builder.
We have configured the input in add-on and getting below error in logs.

2019-02-07 19:37:33,760 ERROR pid=30575 tid=MainThread file=base_modinput.py:log_error:307 | Traceback (most recent call last):
  File "/opt/splunk/etc/apps/TA-xxx/bin/xxx/modinput_wrapper/base_modinput.py", line 113, in stream_events
    self.parse_input_args(input_definition)
  File "/opt/splunk/etc/apps/TA-xxx/bin/xxx/modinput_wrapper/base_modinput.py", line 152, in parse_input_args
    self._parse_input_args_from_global_config(inputs)
  File "/opt/splunk/etc/apps/TA-xxx/bin/xxx/modinput_wrapper/base_modinput.py", line 170, in _parse_input_args_from_global_config
    global_config = GlobalConfig(uri, session_key, global_schema)
  File "/opt/splunk/etc/apps/TA-xxx/bin/xxx/splunktaucclib/global_config/__init__.py", line 51, in __init__
    port=splunkd_info.port,
  File "/opt/splunk/etc/apps/TA-xxx/bin/xxx/solnlib/net_utils.py", line 129, in wrapper
    'Illegal argument: {}={}'.format(arg, value))
ValueError: Illegal argument: host=::1

I'm using Splunk version 7.2.0 which is a standalone instance.

/opt/splunk/system/local/server.conf

[sslConfig]
sslPassword = xxxxxxxxxxx

[general]
pass4SymmKey = xxxxxxxxx
listenOnIPv6 = yes
connectUsingIpVersion = 6-first

[lmpool:auto_generated_pool_download-trial]
description = auto_generated_pool_download-trial
quota = MAX
slaves = *
stack_id = download-trial

[lmpool:auto_generated_pool_forwarder]
description = auto_generated_pool_forwarder
quota = MAX
slaves = *
stack_id = forwarder

[lmpool:auto_generated_pool_free]
description = auto_generated_pool_free
quota = MAX
slaves = *
stack_id = free

/opt/splunk/system/local/web.conf

[settings]
listenOnIPv6 = yes

We have tried to debug this issue and it looks like the method is_valid_hostname() inside net_utils.py file is not able to parse ipv6 address. below is the code of that method.

def is_valid_hostname(hostname):
    '''Validate a host name.

    :param hostname: host name to validate.
    :type hostname: ``string``
    :returns: True if is valid else False
    :rtype: ``bool``
    '''

    if len(hostname) > 255:
        return False
    if hostname[-1:] == '.':
        hostname = hostname[:-1]
    allowed = re.compile('(?!-)[A-Z\d-]{1,63}(?<!-)$', re.IGNORECASE)
    return all(allowed.match(x) for x in hostname.split('.'))

Is this a known issue of solnlib library or add-on builder or Am I missing something?
Can anyone help me with any fix or any workaround?

chli_splunk
Splunk Employee
Splunk Employee

Good catch. You can add ":" in the regex to match the host name like this:

allowed = re.compile('(?!-)[A-Z\d-:
]{1,63}(?

0 Karma

dbs22897
Engager

I have tried with the regex change. But I see a limitation here that I can use only hostname as proxy and not IP address. While in case of IPV4 I can use any of the hostname and IP address.

0 Karma

jshah24
Explorer

I was facing the issue with the data inputs page and not the proxy but I guess this method should work.
"allowed_ipv6" regex will allow the IPv6 addresses. Can you please debug by adding logs here to know the exact problem.
You can also try the below code which I have implemented.

def is_valid_hostname(hostname):
    '''Validate a host name.

    :param hostname: host name to validate.
    :type hostname: ``string``
    :returns: True if is valid else False
    :rtype: ``bool``
    '''

    if len(hostname) > 255:
        return False
    if hostname[-1:] == '.':
        hostname = hostname[:-1]
    allowed = re.compile('(?!-)[A-Z\d:-]{1,63}(?<!-)$', re.IGNORECASE)
    return all(allowed.match(x) for x in hostname.split('.'))
0 Karma

jshah24
Explorer

Thank you for your answer.

You are right on adding ":" in the regex but ":" has to be anywhere before "-" otherwise it will be interpreted wrongly in python and will throw an error.

We have modified the method as per below.

def is_valid_hostname(hostname):
    '''Validate a host name.

    :param hostname: host name to validate.
    :type hostname: ``string``
    :returns: True if is valid else False
    :rtype: ``bool``
    '''

    if len(hostname) > 255:
        return False
    if hostname[-1:] == '.':
        hostname = hostname[:-1]
    allowed = re.compile('(?!-)[A-Z\d-]{1,63}(?<!-)$', re.IGNORECASE)
    allowed_ipv6 = re.compile('(?!-)[A-Z\d-]{0,63}(?<!-)$', re.IGNORECASE)
    return (all(allowed.match(x) for x in hostname.split('.')) or all(allowed_ipv6.match(x) for x in hostname.split(':')))

Also, I just want to make sure that is there anything else in the configuration side or anything that I need to take care of while doing this change?

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...