Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IPv6 addresses not supported by source cache #2208

Closed
syntaxerr66 opened this issue Sep 27, 2023 · 3 comments
Closed

IPv6 addresses not supported by source cache #2208

syntaxerr66 opened this issue Sep 27, 2023 · 3 comments
Assignees
@mstopa-splunk

Comments

@syntaxerr66
Copy link

Was the issue replicated by support?
No

What is the sc4s version ?
3.4.3

Is there a pcap available?
No

Is the issue related to the environment of the customer or Software related issue?
Software-related

Is it related to Data loss, please explain ?
Protocol? Hardware specs?
No

Last chance index/Fallback index?
Configured as sc4s_default

Is the issue related to local customization?
No

Do we have all the default indexes created?
Yes

Describe the bug
The parser_source_cache.py script fails when a source address uses IPv6. The parser is using inet_aton and inet_ntoa, which only supports ipv4.

File in question: https://github.com/splunk/splunk-connect-for-syslog/blob/main/package/etc/pylib/parser_source_cache.py
Problem sections:
def ip2int(addr):
return struct.unpack("!I", socket.inet_aton(addr))[0]

def int2ip(addr):
return socket.inet_ntoa(struct.pack("!I", addr))

Errors from syslog-ng:

    • syslog-ng 415 - [meta sequenceId="5274567"]!! Traceback (most recent call last):\x0a!! File "/etc/syslog-ng/pylib/parser_source_cache.py", line 44, in parse\x0a ip_int = ip2int(ipaddr)\x0a ^^^^^^^^^^^^^^\x0a!! File "/etc/syslog-ng/pylib/parser_source_cache.py", line 22, in ip2int\x0a return struct.unpack("!I", socket.inet_aton(addr))[0]\x0a ^^^^^^^^^^^^^^^^^^^^^^\x0a!! OSError: illegal IP address string passed to inet_aton\x0a;
    • syslog-ng 415 - [meta sequenceId="5252513"]!! Traceback (most recent call last):\x0a!! File "/etc/syslog-ng/pylib/parser_source_cache.py", line 79, in send\x0a ip_int = ip2int(ipaddr)\x0a ^^^^^^^^^^^^^^\x0a!! File "/etc/syslog-ng/pylib/parser_source_cache.py", line 22, in ip2int\x0a return struct.unpack("!I", socket.inet_aton(addr))[0]\x0a

To Reproduce
Steps to reproduce the behavior:

  1. Enable debug logging on the container via 'syslog-ng-ctl debug --set=on' to see the error logs
  2. Send logs via ipv6 to SC4S destination - the address being used for this was ::ffff:10.10.10.10
  3. Exceptions are generated and sent to splunk with the traceback showing the errors
@syntaxerr66
Copy link
Author

Any update on this?

@mstopa-splunk mstopa-splunk self-assigned this Nov 23, 2023
@mstopa-splunk
Copy link
Contributor

Hi @syntaxerr66 I'm for the delay, this issue is finally on the top of the list and I am currently working on it

@mstopa-splunk mstopa-splunk mentioned this issue Nov 27, 2023
Merged
@mstopa-splunk
Copy link
Contributor

solved in v3.12.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mstopa-splunk mstopa-splunk

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@syntaxerr66 @mstopa-splunk