From janos at budapest.dante.org.uk Mon Jun 3 17:44:20 2002 From: janos at budapest.dante.org.uk (Janos Mohacsi) Date: Mon, 3 Jun 2002 18:44:20 +0100 (BST) Subject: modified Cisco addition patch for Rancid Message-ID: <20020603181410.I45383-200000@budapest.dante.org.uk> Dear All, I have created modified Cisco handler. It was annoying that to be able to see the configuration you should have the enable password. In the rancid the 'write term' command to display the currently running configuration on the terminal and then store in the database. We are using a 'hack' to remove this limitation: 1. The logged in user, that is collecting the configuration is runnuing on privilege level 2 e.g. : username privilege 2 password 2. We allow these users to execute show configuration: privilege exec level 2 show configuration This way we don't need the enable password. To support this changes I invented a new type of rancid command: 'mcrancid' and a corresponding config entry 'mcisco'. The patch is available in the attachment. I don't know in detail how the gnu automake was used, so some changes might happened. Feel free to comment and integrate to the next version of rancid. Best Regards, Janos Mohacsi -------------- next part -------------- diff -rcN rancid-2.2.1.orig/bin/Makefile.in rancid-2.2.1/bin/Makefile.in *** rancid-2.2.1.orig/bin/Makefile.in Fri May 3 00:08:05 2002 --- rancid-2.2.1/bin/Makefile.in Mon Jun 3 18:32:22 2002 *************** *** 123,130 **** CONFIG_HEADER = ../include/config.h CONFIG_CLEAN_FILES = alogin arancid blogin brancid cat5rancid clogin \ control_rancid create_cvs do-diffs elogin env erancid f10rancid flogin \ ! francid jlogin jrancid hlogin hrancid mrancid par rancid-fe rancid \ ! rename rrancid xrancid PROGRAMS = $(bin_PROGRAMS) --- 123,130 ---- CONFIG_HEADER = ../include/config.h CONFIG_CLEAN_FILES = alogin arancid blogin brancid cat5rancid clogin \ control_rancid create_cvs do-diffs elogin env erancid f10rancid flogin \ ! francid jlogin jrancid hlogin hrancid mrancid mcrancid par rancid-fe \ ! rancid rename rrancid xrancid PROGRAMS = $(bin_PROGRAMS) *************** *** 142,154 **** DIST_COMMON = Makefile.am Makefile.in alogin.in arancid.in blogin.in \ brancid.in cat5rancid.in clogin.in control_rancid.in create_cvs.in \ do-diffs.in elogin.in env.in erancid.in f10rancid.in flogin.in \ ! francid.in hlogin.in hrancid.in jlogin.in jrancid.in mrancid.in par.in \ ! rancid-fe.in rancid.in rename.in rrancid.in xrancid.in DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST) GZIP_ENV = --best SOURCES = $(hpfilter_SOURCES) OBJECTS = $(hpfilter_OBJECTS) --- 142,156 ---- DIST_COMMON = Makefile.am Makefile.in alogin.in arancid.in blogin.in \ brancid.in cat5rancid.in clogin.in control_rancid.in create_cvs.in \ do-diffs.in elogin.in env.in erancid.in f10rancid.in flogin.in \ ! francid.in hlogin.in hrancid.in jlogin.in jrancid.in mcrancid.in \ ! mrancid.in par.in rancid-fe.in rancid.in rename.in rrancid.in \ ! xrancid.in DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST) GZIP_ENV = --best + DEP_FILES = .deps/hpfilter.P SOURCES = $(hpfilter_SOURCES) OBJECTS = $(hpfilter_OBJECTS) *************** *** 156,164 **** .SUFFIXES: .SUFFIXES: .S .c .o .s $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) ! cd $(top_srcdir) && $(AUTOMAKE) --foreign --include-deps bin/Makefile ! Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status cd $(top_builddir) \ && CONFIG_FILES=$(subdir)/$@ CONFIG_HEADERS= $(SHELL) ./config.status --- 158,166 ---- .SUFFIXES: .SUFFIXES: .S .c .o .s $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) ! cd $(top_srcdir) && $(AUTOMAKE) --foreign bin/Makefile ! Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status $(BUILT_SOURCES) cd $(top_builddir) \ && CONFIG_FILES=$(subdir)/$@ CONFIG_HEADERS= $(SHELL) ./config.status *************** *** 202,207 **** --- 204,211 ---- cd $(top_builddir) && CONFIG_FILES=$(subdir)/$@ CONFIG_HEADERS= $(SHELL) ./config.status mrancid: $(top_builddir)/config.status mrancid.in cd $(top_builddir) && CONFIG_FILES=$(subdir)/$@ CONFIG_HEADERS= $(SHELL) ./config.status + mcrancid: $(top_builddir)/config.status mcrancid.in + cd $(top_builddir) && CONFIG_FILES=$(subdir)/$@ CONFIG_HEADERS= $(SHELL) ./config.status par: $(top_builddir)/config.status par.in cd $(top_builddir) && CONFIG_FILES=$(subdir)/$@ CONFIG_HEADERS= $(SHELL) ./config.status rancid-fe: $(top_builddir)/config.status rancid-fe.in *************** *** 240,248 **** rm -f $(DESTDIR)$(bindir)/`echo $$p|sed 's/$(EXEEXT)$$//'|sed '$(transform)'|sed 's/$$/$(EXEEXT)/'`; \ done - .c.o: - $(COMPILE) -c $< - .s.o: $(COMPILE) -c $< --- 244,249 ---- *************** *** 289,294 **** --- 290,300 ---- subdir = bin distdir: $(DISTFILES) + here=`cd $(top_builddir) && pwd`; \ + top_distdir=`cd $(top_distdir) && pwd`; \ + distdir=`cd $(distdir) && pwd`; \ + cd $(top_srcdir) \ + && $(AUTOMAKE) --include-deps --build-dir=$$here --srcdir-name=$(top_srcdir) --output-dir=$$top_distdir --foreign bin/Makefile @for file in $(DISTFILES); do \ d=$(srcdir); \ if test -d $$d/$$file; then \ *************** *** 299,306 **** || cp -p $$d/$$file $(distdir)/$$file || :; \ fi; \ done - hpfilter.o: hpfilter.c ../include/config.h ../include/version.h info-am: info: info-am dvi-am: --- 305,342 ---- || cp -p $$d/$$file $(distdir)/$$file || :; \ fi; \ done + DEPS_MAGIC := $(shell mkdir .deps > /dev/null 2>&1 || :) + + -include $(DEP_FILES) + + mostlyclean-depend: + + clean-depend: + + distclean-depend: + -rm -rf .deps + + maintainer-clean-depend: + + %.o: %.c + @echo '$(COMPILE) -c $<'; \ + $(COMPILE) -Wp,-MD,.deps/$(*F).pp -c $< + @-cp .deps/$(*F).pp .deps/$(*F).P; \ + tr ' ' '\012' < .deps/$(*F).pp \ + | sed -e 's/^\\$$//' -e '/^$$/ d' -e '/:$$/ d' -e 's/$$/ :/' \ + >> .deps/$(*F).P; \ + rm .deps/$(*F).pp + + %.lo: %.c + @echo '$(LTCOMPILE) -c $<'; \ + $(LTCOMPILE) -Wp,-MD,.deps/$(*F).pp -c $< + @-sed -e 's/^\([^:]*\)\.o[ ]*:/\1.lo \1.o :/' \ + < .deps/$(*F).pp > .deps/$(*F).P; \ + tr ' ' '\012' < .deps/$(*F).pp \ + | sed -e 's/^\\$$//' -e '/^$$/ d' -e '/:$$/ d' -e 's/$$/ :/' \ + >> .deps/$(*F).P; \ + rm -f .deps/$(*F).pp info-am: info: info-am dvi-am: *************** *** 338,360 **** maintainer-clean-generic: mostlyclean-am: mostlyclean-binPROGRAMS mostlyclean-compile \ ! mostlyclean-tags mostlyclean-generic mostlyclean: mostlyclean-am ! clean-am: clean-binPROGRAMS clean-compile clean-tags clean-generic \ ! mostlyclean-am clean: clean-am distclean-am: distclean-binPROGRAMS distclean-compile distclean-tags \ ! distclean-generic clean-am distclean: distclean-am maintainer-clean-am: maintainer-clean-binPROGRAMS \ maintainer-clean-compile maintainer-clean-tags \ ! maintainer-clean-generic distclean-am @echo "This command is intended for maintainers to use;" @echo "it deletes files that may require special tools to rebuild." --- 374,397 ---- maintainer-clean-generic: mostlyclean-am: mostlyclean-binPROGRAMS mostlyclean-compile \ ! mostlyclean-tags mostlyclean-depend mostlyclean-generic mostlyclean: mostlyclean-am ! clean-am: clean-binPROGRAMS clean-compile clean-tags clean-depend \ ! clean-generic mostlyclean-am clean: clean-am distclean-am: distclean-binPROGRAMS distclean-compile distclean-tags \ ! distclean-depend distclean-generic clean-am distclean: distclean-am maintainer-clean-am: maintainer-clean-binPROGRAMS \ maintainer-clean-compile maintainer-clean-tags \ ! maintainer-clean-depend maintainer-clean-generic \ ! distclean-am @echo "This command is intended for maintainers to use;" @echo "it deletes files that may require special tools to rebuild." *************** *** 364,375 **** maintainer-clean-binPROGRAMS uninstall-binPROGRAMS install-binPROGRAMS \ mostlyclean-compile distclean-compile clean-compile \ maintainer-clean-compile tags mostlyclean-tags distclean-tags \ ! clean-tags maintainer-clean-tags distdir info-am info dvi-am dvi check \ ! check-am installcheck-am installcheck install-exec-am install-exec \ ! install-data-am install-data install-am install uninstall-am uninstall \ ! all-redirect all-am all installdirs mostlyclean-generic \ ! distclean-generic clean-generic maintainer-clean-generic clean \ ! mostlyclean distclean maintainer-clean install: all --- 401,413 ---- maintainer-clean-binPROGRAMS uninstall-binPROGRAMS install-binPROGRAMS \ mostlyclean-compile distclean-compile clean-compile \ maintainer-clean-compile tags mostlyclean-tags distclean-tags \ ! clean-tags maintainer-clean-tags distdir mostlyclean-depend \ ! distclean-depend clean-depend maintainer-clean-depend info-am info \ ! dvi-am dvi check check-am installcheck-am installcheck install-exec-am \ ! install-exec install-data-am install-data install-am install \ ! uninstall-am uninstall all-redirect all-am all installdirs \ ! mostlyclean-generic distclean-generic clean-generic \ ! maintainer-clean-generic clean mostlyclean distclean maintainer-clean install: all diff -rcN rancid-2.2.1.orig/bin/mcrancid.in rancid-2.2.1/bin/mcrancid.in *** rancid-2.2.1.orig/bin/mcrancid.in Thu Jan 1 01:00:00 1970 --- rancid-2.2.1/bin/mcrancid.in Mon Jun 3 17:44:15 2002 *************** *** 0 **** --- 1,1251 ---- + #!@PERLV_PATH@ + ## + ## + ## Copyright (C) 1997-2001 by Henry Kilmer. + ## All rights reserved. + ## + ## This software may be freely copied, modified and redistributed without + ## fee for non-commerical purposes provided that this copyright notice is + ## preserved intact on all copies and modified copies. + ## + ## There is no warranty or other guarantee of fitness of this software. + ## It is provided solely "as is". The author(s) disclaim(s) all + ## responsibility and liability with respect to this software's usage + ## or its effect upon hardware, computer systems, other software, or + ## anything else. + ## + ## + # + # RANCID - Really Awesome New Cisco confIg Differ + # + # usage: rancid [-d] [-l] [-f filename | $host] + # + use Getopt::Std; + getopts('dflm'); + $log = $opt_l; + $debug = $opt_d; + $file = $opt_f; + $host = $ARGV[0]; + $clean_run = 0; + $found_end = 0; + $timeo = 90; # clogin timeout in seconds + + my(%filter_pwds); # password filtering mode + + # This routine is used to print out the router configuration + sub ProcessHistory { + my($new_hist_tag,$new_command,$command_string, at string)=(@_); + if((($new_hist_tag ne $hist_tag) || ($new_command ne $command)) + && defined %history) { + print eval "$command \%history"; + undef %history; + } + if (($new_hist_tag) && ($new_command) && ($command_string)) { + if ($history{$command_string}) { + $history{$command_string} = "$history{$command_string}@string"; + } else { + $history{$command_string} = "@string"; + } + } elsif (($new_hist_tag) && ($new_command)) { + $history{++$#history} = "@string"; + } else { + print "@string"; + } + $hist_tag = $new_hist_tag; + $command = $new_command; + 1; + } + + sub numerically { $a <=> $b; } + + # This is a sort routing that will sort numerically on the + # keys of a hash as if it were a normal array. + sub keynsort { + local(%lines)=@_; + local($i) = 0; + local(@sorted_lines); + foreach $key (sort numerically keys(%lines)) { + $sorted_lines[$i] = $lines{$key}; + $i++; + } + @sorted_lines; + } + + # This is a sort routing that will sort on the + # keys of a hash as if it were a normal array. + sub keysort { + local(%lines)=@_; + local($i) = 0; + local(@sorted_lines); + foreach $key (sort keys(%lines)) { + $sorted_lines[$i] = $lines{$key}; + $i++; + } + @sorted_lines; + } + + # This is a sort routing that will sort on the + # values of a hash as if it were a normal array. + sub valsort{ + local(%lines)=@_; + local($i) = 0; + local(@sorted_lines); + foreach $key (sort values %lines) { + $sorted_lines[$i] = $key; + $i++; + } + @sorted_lines; + } + + # This is a numerical sort routing (ascending). + sub numsort { + local(%lines)=@_; + local($i) = 0; + local(@sorted_lines); + foreach $num (sort {$a <=> $b} keys %lines) { + $sorted_lines[$i] = $lines{$num}; + $i++; + } + @sorted_lines; + } + + # This is a sort routine that will sort on the + # ip address when the ip address is anywhere in + # the strings. + sub ipsort { + local(%lines)=@_; + local($i) = 0; + local(@sorted_lines); + foreach $addr (sort sortbyipaddr keys %lines) { + $sorted_lines[$i] = $lines{$addr}; + $i++; + } + @sorted_lines; + } + + # These two routines will sort based upon IP addresses + sub ipaddrval { + my(@a) = ($_[0] =~ m#^(\d+)\.(\d+)\.(\d+)\.(\d+)$#); + $a[3]+256*($a[2]+256*($a[1]+256*$a[0])); + } + sub sortbyipaddr { + &ipaddrval($a) <=> &ipaddrval($b); + } + + # This routine parses "show version" + sub ShowVersion { + print STDERR " In ShowVersion: $_" if ($debug); + + while () { + tr/\015//d; + study; + last if(/^$prompt/); + next if(/^(\s*|\s*$cmd\s*)$/); + return(-1) if (/command authorization failed/i); + if (/^Slave in slot (\d+) is running/) { + $slave = " Slave:"; + next; + } + /^Cisco Secure PIX /i && + ProcessHistory("COMMENTS","keysort","F1", "!Image: $_") && next; + /^IOS .* Software \(([A-Za-z-0-9]*)\), .*Version\s+(.*)$/ && + ProcessHistory("COMMENTS","keysort","F1", + "!Image:$slave Software: $1, $2\n") && next; + /^([A-Za-z-0-9_]*) Synced to mainline version: (.*)$/ && + ProcessHistory("COMMENTS","keysort","F2", + "!Image:$slave $1 Synced to mainline version: $2\n") && next; + /^Compiled (.*)$/ && + ProcessHistory("COMMENTS","keysort","F3", + "!Image:$slave Compiled: $1\n") && next; + /^ROM: (System )?Bootstrap.*(Version.*)$/ && + ProcessHistory("COMMENTS","keysort","G1", + "!ROM Bootstrap: $2\n") && next; + if (/^Hardware:\s+(.*), (.* RAM), CPU (.*)$/) { + ProcessHistory("COMMENTS","keysort","A1", + "!Chassis type: $1 - a PIX\n"); + ProcessHistory("COMMENTS","keysort","A2", + "!CPU: $3\n"); + ProcessHistory("COMMENTS","keysort","B1", "!Memory: $2\n"); + } + /^Serial Number:\s+(.*)$/ && + ProcessHistory("COMMENTS","keysort","C1", "!$_") && next; + /^Activation Key:\s+(.*)$/ && + ProcessHistory("COMMENTS","keysort","C2", "!$_") && next; + /^ROM: \d+ Bootstrap .*(Version.*)$/ && + ProcessHistory("COMMENTS","keysort","G2", + "!ROM Image: Bootstrap $1\n!\n") && next; + /^ROM: .*(Version.*)$/ && + ProcessHistory("COMMENTS","keysort","G3","!ROM Image: $1\n") && next; + /^BOOTFLASH: .*(Version.*)$/ && + ProcessHistory("COMMENTS","keysort","G4","!BOOTFLASH: $1\n") && next; + /^BOOTLDR: .*(Version.*)$/ && + ProcessHistory("COMMENTS","keysort","G4","!BOOTLDR: $1\n") && next; + /^System image file is "([^\"]*)", booted via (\S*)/ && + # removed the booted source due to + # CSCdk28131: cycling info in 'sh ver' + # ProcessHistory("COMMENTS","keysort","F4","!Image: booted via $2, $1\n") && + ProcessHistory("COMMENTS","keysort","F4","!Image: booted $1\n") && + next; + /^System image file is "([^\"]*)"$/ && + ProcessHistory("COMMENTS","keysort","F5","!Image: $1\n") && next; + if (/(\S+)\s+\((\S+)\)\s+processor.*with (\S+[kK]) bytes/) { + my($proc) = $1; + my($cpu) = $2; + my($mem) = $3; + my($device) = "router"; + if ( $1 eq "CSC") { + $type = "AGS"; + } elsif ( $1 eq "CSC4") { + $type = "AGS+"; + } elsif ( $1 eq "2511" || $1 eq "2524" || $1 eq "AS2511-RJ") { + $type = "2500"; + } elsif ( $1 =~ /261[01]/ || $1 =~ /262[01]/ ) { + $type = "2600"; + } elsif ( $1 eq "3620" || $1 eq "3640") { + $type = "3600"; + } elsif ( $1 eq "RSP7000") { + $type = "7500"; + } elsif ( $1 =~ /RSP\d/) { + $type = "7500"; + } elsif ( $1 eq "RP1") { + $type = "7000"; + } elsif ( $1 eq "RP") { + $type = "7000"; + } elsif ( $1 =~ /720[246]/) { + $type = "7200"; + } elsif ( $1 =~ /1200[48]\/GRP/ || $1 =~ /1201[26]\/GRP/) { + $type = "12000"; + } elsif ( $1 =~ /1201[26]-8R\/GRP/) { + $type = "12000"; + } elsif ( $1 =~ /WS-C29/) { + $type = "2900XL"; + $device = "switch"; + } elsif ( $1 =~ /WS-C35/) { + $type = "3500XL"; + $device = "switch"; + } elsif ( $1 =~ /6000/) { + $type = "6000"; + $device = "switch"; + } else { + $type = $1; + } + print STDERR "TYPE = $type\n" if ($debug); + ProcessHistory("COMMENTS","keysort","A1", + "!Chassis type:$slave $proc - a $type $device\n"); + ProcessHistory("COMMENTS","keysort","B1", + "!Memory:$slave main $mem\n"); + ProcessHistory("COMMENTS","keysort","A3","!CPU:$slave $cpu\n"); + next; + } + if (/(\S+) Silicon\s*Switch Processor/) { + if (!defined($C0)) { + $C0=1; ProcessHistory("COMMENTS","keysort","C0","!\n"); + } + ProcessHistory("COMMENTS","keysort","C2","!SSP: $1\n"); + $ssp = 1; + $sspmem = $1; + next; + } + /^(\d+[kK]) bytes of multibus/ && + ProcessHistory("COMMENTS","keysort","B2", + "!Memory: multibus $1\n") && next; + /^(\d+[kK]) bytes of non-volatile/ && + ProcessHistory("COMMENTS","keysort","B3", + "!Memory: nvram $1\n") && next; + /^(\d+[kK]) bytes of flash memory/ && + ProcessHistory("COMMENTS","keysort","B5","!Memory: flash $1\n") && + next; + /^(\d+[kK]) bytes of .*flash partition/ && + ProcessHistory("COMMENTS","keysort","B6", + "!Memory: flash partition $1\n") && next; + /^(\d+[kK]) bytes of Flash internal/ && + ProcessHistory("COMMENTS","keysort","B4", + "!Memory: bootflash $1\n") && next; + if(/^(\d+[kK]) bytes of (Flash|ATA)?.*PCMCIA .*(slot|disk) ?(\d)/i) { + ProcessHistory("COMMENTS","keysort","B7", + "!Memory: pcmcia $2 $3$4 $1\n"); + next; + } + if(/^WARNING/) { + if (!defined($I0)) { + $I0=1; + ProcessHistory("COMMENTS","keysort","I0","!\n"); + } + ProcessHistory("COMMENTS","keysort","I1","! $_"); + # The line after the WARNING is what to do about it. + $_ = ; tr/\015//d; + ProcessHistory("COMMENTS","keysort","I1","! $_"); + } + if (/^Configuration register is (.*)$/) { + $config_register=$1; + next; + } + } + return(0); + } + + # This routine parses "show install active" + sub ShowInstallActive { + print STDERR " In ShowInstallActive: $_" if ($debug); + + while () { + tr/\015//d; + last if (/^$prompt/); + next if (/^(\s*|\s*$cmd\s*)$/); + return(1) if /^\s*\^\s*$/; + return(1) if /(Invalid input detected|Type help or )/; + return(-1) if (/command authorization failed/i); + ProcessHistory("COMMENTS","keysort","F5","!Image: $_") && next; + } + return(0); + } + + # This routine parses "show env all" + sub ShowEnv { + # Skip if this is not a 7500, 7200, or 7000. + print STDERR " In ShowEnv: $_" if ($debug); + + while () { + tr/\015//d; + last if (/^$prompt/); + next if (/^(\s*|\s*$cmd\s*)$/); + #return(1) if ($type !~ /^7/); + return(-1) if (/command authorization failed/i); + if (!defined($E0)) { + $E0=1; + ProcessHistory("COMMENTS","keysort","E0","!\n"); + } + if (/^Arbiter type (\d), backplane type (\S+)/) { + if (!defined($C0)) { + $C0=1; ProcessHistory("COMMENTS","keysort","C0","!\n"); + } + ProcessHistory("COMMENTS","keysort","C1", + "!Enviromental Arbiter Type: $1\n"); + ProcessHistory("COMMENTS","keysort","A2", + "!Chassis type: $2 backplane\n"); + next; + } + /^\s*(Power [^:\n]+)$/ && + ProcessHistory("COMMENTS","keysort","E1","!Power: $1\n") && next; + /^\s*(Lower Power .*)/i && + ProcessHistory("COMMENTS","keysort","E2","!Power: $1\n") && next; + /^\s*(redundant .*)/i && + ProcessHistory("COMMENTS","keysort","E2","!Power: $1\n") && next; + } + ProcessHistory("COMMENTS","","","!\n"); + return(0); + } + + # This routine parses "show gsr chassis-info" for the gsr + # This will create arrays for hw info. + sub ShowGSR { + # Skip if this is not a 1200n. + print STDERR " In ShowGSR: $_" if ($debug); + + while () { + tr/\015//d; + last if (/^$prompt/); + next if (/^(\s*|\s*$cmd\s*)$/); + return(-1) if (/command authorization failed/i); + # return(1) if ($type !~ /^12[40]/); + /^$/ && next; + /^\s+Chassis: type (\S+) Fab Ver: (\S+)/ && + ProcessHistory("COMMENTS","keysort","D0","!\n") && + ProcessHistory("COMMENTS","keysort","D1", + "!GSR Chassis type: $1 Fab Ver: $2\n") && + next; + /^\s+Chassis S\/N: (.*)$/ && + ProcessHistory("COMMENTS","keysort","D2", + "!GSR Chassis S/N: $1\n") && + next; + /^\s+PCA: (\S+)\s*rev: (\S+)\s*dev: \S+\s*HW ver: (\S+)$/ && + ProcessHistory("COMMENTS","keysort","D3", + "!GSR Backplane PCA: $1, rev $2, ver $3\n") && + next; + /^\s+Backplane S\/N: (\S+)$/ && + ProcessHistory("COMMENTS","keysort","D4", + "!GSR Backplane S/N: $1\n") && + next; + } + ProcessHistory("COMMENTS","","","!\n"); + return(0); + } + + # This routine parses "show boot" + sub ShowBoot { + # Pick up boot variables if 7000/7200/7500/12000/2900/3500; + # otherwise pick up bootflash. + print STDERR " In ShowBoot: $_" if ($debug); + + while () { + tr/\015//d; + last if (/^$prompt/); + next if (/^(\s*|\s*$cmd\s*)$/); + return(1) if /^\s*\^\s*$/; + return(-1) if (/command authorization failed/i); + return(1) if /Ambiguous command/i; + return(1) if /(Invalid input detected|Type help or )/; + return(1) if /(Open device \S+ failed|Error opening \S+:)/; + next if /CONFGEN variable/; + if (!defined($H0)) { + $H0=1; ProcessHistory("COMMENTS","keysort","H0","!\n"); + } + if ($type !~ /^(12[04]|7)/) { + if ($type !~ /^(29|35)00/) { + ProcessHistory("COMMENTS","keysort","H2","!BootFlash: $_"); + } else { + ProcessHistory("COMMENTS","keysort","H1","!Variable: $_"); + } + } elsif (/variable/) { + ProcessHistory("COMMENTS","keysort","H1","!Variable: $_"); + } + } + ProcessHistory("COMMENTS","","","!\n"); + return(0); + } + + # This routine parses "show flash" + sub ShowFlash { + # skip if this is 7000, 7200, 7500, or 12000; else we end up with + # redundant data from dir /all slot0: + print STDERR " In ShowFlash: $_" if ($debug); + + while () { + tr/\015//d; + last if (/^$prompt/); + next if (/^(\s*|\s*$cmd\s*)$/); + return(1) if ($type =~ /^(12[40]|7)/); + return(-1) if (/command authorization failed/i); + return(1) if /^\s*\^\s*$/; + return(1) if /(Invalid input detected|Type help or )/; + ProcessHistory("FLASH","","","!Flash: $_"); + } + ProcessHistory("","","","!\n"); + return; + } + + # This routine parses "dir /all ((disk|slot)N|bootflash|nvram):" + sub DirSlotN { + # Skip if this is not a 3600, 7000, 7200, 7500, or 12000. + print STDERR " In DirSlotN: $_" if ($debug); + + my($dev) = (/\s([^\s]+):/); + + while () { + tr/\015//d; + last if (/^$prompt/); + next if (/^(\s*|\s*$cmd\s*)$/); + # return(1) if ($type !~ /^(12[40]|7|36)/); + return(1) if /^\s*\^\s*$/; + return(1) if /(Invalid input detected|Type help or )/; + return(1) if /No such device/i; + return(1) if /\%Error: No such file or directory/; + return(1) if /No space information available/; + return(-1) if /\%Error calling/; + return(-1) if /(: device being squeezed|ATA_Status time out)/i; # busy + return(-1) if (/command authorization failed/i); + return(1) if /(Open device \S+ failed|Error opening \S+:)/; + ProcessHistory("FLASH","","","!Flash: $dev: $_"); + } + ProcessHistory("","","","!\n"); + return(0); + } + + # This routine parses "show controllers" + sub ShowContAll { + # Skip if this is a 70[01]0, 7500, or 12000. + print STDERR " In ShowContAll: $_" if ($debug); + + while () { + tr/\015//d; + study; + last if (/^$prompt/); + next if (/^(\s*|\s*$cmd\s*)$/); + # return(1) if ($type =~ /^(12[40]|7[05])/); + return(-1) if (/command authorization failed/i); + if (/^Interface ([^ \n(]*)/) { $INT = "$1, "; next; } + /^(BRI unit \d)/ && + ProcessHistory("INT","","","!Interface: $1\n") && next; + /^LANCE unit \d, NIM/ && + ProcessHistory("INT","","","!Interface: $_") && next; + /^(LANCE unit \d)/ && + ProcessHistory("INT","","","!Interface: $1\n") && next; + /(Media Type is \S+),/ && + ProcessHistory("INT","","","!\t$1\n"); + if (/(M\dT[^ :]*:) show controller:$/) { + my($ctlr) = $1; + $_ = ; tr/\015//d; s/ subunit \d,//; + ProcessHistory("INT","","","!Interface: $ctlr $_"); + } + if (/^(\S+) : show controller:$/) { + my($ctlr) = $1; + $_ = ; tr/\015//d; s/ subunit \d,//; + ProcessHistory("INT","","","!Interface: $ctlr: $_"); + } + /^(HD unit \d), idb/ && + ProcessHistory("INT","","","!Interface: $1\n") && next; + /^HD unit \d, NIM/ && + ProcessHistory("INT","","","!Interface: $_") && next; + /^buffer size \d+ HD unit \d, (.*)/ && + ProcessHistory("INT","","","!\t$1\n") && next; + /^AM79970 / && ProcessHistory("INT","","","!Interface: $_") && next; + /^buffer size \d+ (Universal Serial: .*)/ && + ProcessHistory("INT","","","!\t$1\n") && next; + /^Hardware is (.*)/ && + ProcessHistory("INT","","","!Interface: $INT$1\n") && next; + /^(QUICC Serial unit \d),/ && + ProcessHistory("INT","","","!$1\n") && next; + /^QUICC Ethernet .*/ && + ProcessHistory("INT","","","!$_") && next; + /^DTE .*\.$/ && + ProcessHistory("INT","","","!\t$_") && next; + /^(cable type :.*),/ && + ProcessHistory("INT","","","!\t$1\n") && next; + /^(.* cable.*), received clockrate \d+$/ && + ProcessHistory("INT","","","!\t$1\n") && next; + /^.* cable.*$/ && + ProcessHistory("INT","","","!\t$_") && next; + } + return(0); + } + + # This routine parses "show controllers cbus" + # Some of this is printed out in ShowDiagbus. + sub ShowContCbus { + # Skip if this is not a 7000 or 7500. + print STDERR " In ShowContCbus: $_" if ($debug); + + while () { + tr/\015//d; + last if (/^$prompt/); + next if (/^(\s*|\s*$cmd\s*)$/); + #return(1) if ($type !~ /^7[05]0/); + return(-1) if (/command authorization failed/i); + if (/^\s*slot(\d+): ([^,]+), hw (\S+), sw (\S+), ccb/) { + $slot = $1; + $board{$slot} = $2; + $hwver{$slot} = $3; + $hwucode{$slot} = $4; + } elsif (/^\s*(\S+) (\d+), hardware version (\S+), microcode version (\S+)/) { + $slot = $2; + $board{$slot} = $1; + $hwver{$slot} = $3; + $hwucode{$slot} = $4; + } elsif (/(Microcode .*)/) { + $ucode{$slot} = $1; + } elsif (/(software loaded .*)/) { + $ucode{$slot} = $1; + } elsif (/(\d+) Kbytes of main memory, (\d+) Kbytes cache memory/) { + $hwmemd{$slot} = $1; + $hwmemc{$slot} = $2; + } elsif (/byte buffers/) { + chop; + s/^\s*//; + $hwbuf{$slot} = $_; + } elsif (/Interface (\d+) - (\S+ \S+),/) { + $interface = $1; + ProcessHistory("HW","","", + "!\n!Int $interface: in slot $slot, named $2\n"); next; + } elsif (/(\d+) buffer RX queue threshold, (\d+) buffer TX queue limit, buffer size (\d+)/) { + ProcessHistory("HW","","","!Int $interface: rxq $1, txq $2, bufsize $3\n"); + next; + } + } + return(0); + } + + # This routine parses "show diagbus" + # This will create arrarys for hw info. + sub ShowDiagbus { + # Skip if this is not a 7000, 70[01]0, or 7500. + print STDERR " In ShowDiagbus: $_" if ($debug); + + while () { + tr/\015//d; + study; + last if (/^$prompt/); + next if (/^(\s*|\s*$cmd\s*)$/); + #return(1) if ($type !~ /^7[05]/); + return(-1) if (/command authorization failed/i); + if (/^\s*Slot (\d+):/i) { + $slot = $1; + next; + } elsif (/^\s*Slot (\d+) \(virtual\):/i) { + $slot = $1; + next; + } elsif (/^\s*(.*Processor.*|.*controller|.*controler|.*Chassis Interface)(, FRU\s?:.*)?, HW rev (\S+), board revision (\S+)/i) { + $board = $1; + $hwver = $3; + $boardrev = $4; + if ($board =~ /Processor/) { + if ($board =~ /7000 Route\/Switch/) { + $board = "RSP7000"; + } elsif ($board =~ /Route\/Switch Processor (\d)/) { + $board = "RSP$1"; + } elsif ($board =~ /Route/) { + $board = "RP"; + } elsif ($board =~ /Silicon Switch/) { + $board = "SSP"; + } elsif ($board =~ /Switch/) { + $board = "SP"; + $board = "SSP $sspmem" if $ssp; + } elsif ($board =~ /ATM/) { + $board = "AIP"; + } + } elsif ($board =~ /(.*) controller/i) { + $board = $1; + } + # hwucode{$slot} defined in ShowContCbus + if (defined $hwucode{$slot}) { + ProcessHistory("SLOT","","","!\n!Slot $slot/$board: hvers $hwver rev $boardrev ucode $hwucode{$slot}\n"); + } else { + ProcessHistory("SLOT","","","!\n!Slot $slot/$board: hvers $hwver rev $boardrev\n"); + } + # These are also from the ShowContCbus + ProcessHistory("SLOT","","","!Slot $slot/$board: $ucode{$slot}\n") if (defined $ucode{$slot}); + ProcessHistory("SLOT","","","!Slot $slot/$board: memd $hwmemd{$slot}, cache $hwmemc{$slot}\n") + if ((defined $hwmemd{$slot}) && (defined $hwmemc{$slot})); + ProcessHistory("SLOT","","","!Slot $slot/$board: $hwbuf{$slot}\n") if (defined $hwbuf{$slot}); + next; + } + /Serial number: (\S+)\s*Part number: (\S+)/ && + ProcessHistory("SLOT","","", + "!Slot $slot/$board: part $2, serial $1\n") && + next; + /^\s*Controller Memory Size: (.*)$/ && + ProcessHistory("SLOT","","","!Slot $slot/$board: $1\n") && + next; + if (/PA Bay (\d) Information/) { + $pano = $1; + if ("PA" =~ /$board/) { + ($s,$c) = split(/\//,$board); + $board = "$s/$c/PA $pano"; + } else { + $board =~ s/\/PA \d//; + $board = "$board/PA $pano"; + } + next; + } + /\s+(.*) (IP|PA), (\d) ports?,( \S+,)? (FRU\s?: )?(\S+)/ && + ProcessHistory("SLOT","","","!Slot $slot/$board: type $6, $3 ports\n") && + next; + /\s+(.*) (IP|PA)( \(\S+\))?, (\d) ports?/ && + ProcessHistory("SLOT","","","!Slot $slot/$board: type $1$3, $4 ports\n") && + next; + /^\s*HW rev (\S+), Board revision (\S+)/ && + ProcessHistory("SLOT","","","!Slot $slot/$board: hvers $1 rev $2\n") && + next; + /Serial number: (\S+)\s*Part number: (\S+)/ && + ProcessHistory("SLOT","","","!Slot $slot/$board: part $2, serial $1\n") && next; + } + return(0); + } + + # This routine parses "show diag" for the gsr, 7200, 3600, 2600. + # This will create arrarys for hw info. + sub ShowDiag { + # Skip if this is not a 12000. + print STDERR " In ShowDiag: $_" if ($debug); + + while () { + tr/\015//d; + study; + last if (/^$prompt/); + next if (/^(\s*|\s*$cmd\s*)$/); + # return(1) if ($type !~ /^(12[40]|720|36|26)/); + return(-1) if (/command authorization failed/i); + /^$/ && next; + s/Port Packet Over SONET/POS/; + if (/^\s*SLOT\s+(\d+)\s+\((.*)\): (.*)/) { + $slot = $1; + ProcessHistory("SLOT","","","!\n"); + ProcessHistory("SLOT","keysort","A","!Slot $slot: $3\n"); + next; + } + if (/^\s+MAIN:\s* type \d+,\s+(.*)/) { + ProcessHistory("SLOT","keysort","AM","!Slot $slot/MAIN: part $1\n") && next; + } + if (/ Engine:\s+(.*)/) { + ProcessHistory("SLOT","keysort","AE","!Slot $slot/Engine: $1\n"); + } + if (/^\s+PCA:\s+(.*)/) { + local($part) = $1; + $_ = ; + /^\s+HW version (\S+)\s+S\/N (\S+)/ && + ProcessHistory("SLOT","keysort","C1","!Slot $slot/PCA: part $part, serial $2\n") && + ProcessHistory("SLOT","keysort","C2","!Slot $slot/PCA: hvers $1\n"); + next; + } + if (/^\s+MBUS: .*\)\s+(.*)/) { + local($tmp) = "!Slot $slot/MBUS: part $1"; + $_ = ; + /^\s+HW version (\S+)\s+S\/N (\S+)/ && + ProcessHistory("SLOT","keysort","MB1","$tmp, serial $2\n") && + ProcessHistory("SLOT","keysort","MB2","!Slot $slot/MBUS: hvers $1\n"); + next; + } + if (/^\s+MBUS Agent Software version (.*)/) { + ProcessHistory("SLOT","keysort","MB3","!Slot $slot/MBUS: software $1\n"); + next; + } + if (/^\s+ROM Monitor version (.*)/) { + ProcessHistory("SLOT","keysort","R","!Slot $slot/ROM Monitor: version $1\n"); + next; + } + if (/^\s+Fabric Downloader version used (.*)/) { + ProcessHistory("SLOT","keysort","Z","!Slot $slot/Fabric Downloader: version $1\n"); + next; + } + if (/^\s+DRAM size: (\d+)/) { + local($dram) = $1 / 1048576; + $_ = ; + if (/^\s+FrFab SDRAM size: (\d+)/) { + ProcessHistory("SLOT","keysort","MB4","!Slot $slot/MBUS: $dram Mbytes DRAM, " + . $1 / 1024 . " Kbytes SDRAM\n"); + } else { + ProcessHistory("SLOT","keysort","MB4","!Slot $slot/MBUS: $dram Mbytes DRAM\n"); + } + next; + } + # 7200 and 3600 stuff + if (/^(Slot)\s+(\d+(\/\d+)?):/ || /^\s+(WIC|VIC) Slot (\d):/) { + if ($1 eq "WIC") { + $WIC = "/$2"; + } elsif ($1 eq "VIC") { + $WIC = "/$2"; + } else { + $slot = $2; + undef($WIC); + } + $_ = ; tr/\015//d; + + # clean up hideous 7200 format to look more like 7500 output + s/Fast-ethernet on C7200 I\/O card/FE-IO/; + s/ with MII or RJ45/-TX/; + s/Fast-ethernet /100Base/; s/[)(]//g; + + ProcessHistory("SLOT","","","!\n"); + /\s+(.*) port adapter,?\s+(\d+)\s+/i && + ProcessHistory("SLOT","keysort","B","!Slot $slot: type $1, $2 ports\n"); + # I/O controller with no interfaces + /\s+(.*)\s+port adapter\s*$/i && + ProcessHistory("SLOT","keysort","B","!Slot $slot: type $1, 0 ports\n"); + /\s+(.*)\s+daughter card(.*)$/ && + ProcessHistory("SLOT","keysort","B","!Slot $slot$WIC: type $1$2\n"); + /\s+(FT1)$/ && + ProcessHistory("SLOT","keysort","B","!Slot $slot$WIC: type $1\n"); + next; + } + /revision\s+(\S+).*revision\s+(\S+)/ && + ProcessHistory("SLOT","keysort","C","!Slot $slot$WIC: hvers $1 rev $2\n") && + next; + /number\s+(\S+)\s+Part number\s+(\S+)/ && + ProcessHistory("SLOT","keysort","D","!Slot $slot$WIC: part $2, serial $1\n") && + next; + } + ProcessHistory("SLOT","","","!\n"); + return(0); + } + + # This routine parses "show module". + sub ShowModule { + print STDERR " In ShowModule: $_" if ($debug); + + my(@lines); + my($slot); + + while () { + tr/\015//d; + return if (/^\s*\^$/); + last if (/^$prompt/); + next if (/^(\s*|\s*$cmd\s*)$/); + return(-1) if (/command authorization failed/i); + + # match slot/card info line + if (/^ *(\d+)\s+(\d+)\s+(.*)\s+(\S+)\s+(\S+)\s*$/) { + $lines[$1] .= "!Slot $1: type $3, $2 ports\n!Slot $1: part $4, serial $5\n"; + $lines[$1] =~ s/\s+,/,/g; + } + # now match the Revs in the second paragraph of o/p and stick it in + # the array with the previous bits...grumble. + if (/^ *(\d+)\s+\S+\s+to\s+\S+\s+(\S+)\s+(\S*)\s+(\S+)(\s+\S+)?\s*$/) { + $lines[$1] .= "!Slot $1: hvers $2, firmware $3, sw $4\n"; + $lines[$1] =~ s/\s+,/,/g; + } + } + foreach $slot (@lines) { + next if ($slot =~ /^\s*$/); + ProcessHistory("Module","","","$slot!\n"); + } + + return(0); + } + + # This routine parses "show c7200" for the 7200 + # This will create arrays for hw info. + sub ShowC7200 { + # Skip if this is not a 7200. + print STDERR " In ShowC7200: $_" if ($debug); + + while () { + tr/\015//d; + last if (/^$prompt/); + next if (/^(\s*|\s*$cmd\s*)$/); + #return(1) if ($type !~ /^72/); + return(-1) if (/command authorization failed/i); + /^$/ && next; + if (/^(C7200 )?Midplane EEPROM:/) { + $_ = ; + /revision\s+(\S+).*revision\s+(\S+)/; + ProcessHistory("SLOT","","","!Slot Midplane: hvers $1 rev $2\n"); + $_ = ; + /number\s+(\S+)\s+Part number\s+(\S+)/; + ProcessHistory("SLOT","","","!Slot Midplane: part $2, serial $1\n!\n"); + next; + } + if (/C720\d(VXR)? CPU EEPROM:/) { + my ($hvers,$rev,$part,$serial); + # npe400s report their cpu eeprom info differently w/ 12.0.21S + while () { + /Hardware Revision\s+: (\S+)/ && ($hvers = $1) && next; + /Board Revision\s+: (\S+)/ && ($rev = $1) && next; + /Part Number\s+: (\S+)/ && ($part = $1) && next; + /Serial Number\s+: (\S+)/ && ($serial = $1) && next; + /revision\s+(\S+).*revision\s+(\S+)/ && + ($hvers = $1, $rev = $2) && next; + /number\s+(\S+)\s+Part number\s+(\S+)/ && + ($serial = $1, $part = $2) && next; + /^\s*$/ && last; + } + ProcessHistory("SLOT","","","!Slot CPU: hvers $hvers rev $rev\n"); + ProcessHistory("SLOT","","","!Slot CPU: part $part, serial $serial\n!\n"); + next; + } + } + return(0); + } + + # This routine parses "show vtp status" + sub ShowVTP { + print STDERR " In ShowVTP: $_" if ($debug); + + while () { + tr/\015//d; + last if (/^$prompt/); + next if (/^(\s*|\s*$cmd\s*)$/); + return(1) if /^\s*\^\s*$/; + return(1) if /(Invalid input detected|Type help or )/; + #return(1) if ($type !~ /^(2900XL|3500XL|6000)$/); + return(-1) if (/command authorization failed/i); + next if (/^Configuration last modified by/); + if (/^VTP Operating Mode\s+:\s+(Transparent|Server)/) { + $DO_SHOW_VLAN = 1; + } + ProcessHistory("COMMENTS","keysort","I0","!VTP: $_"); + } + ProcessHistory("COMMENTS","keysort","I0","!\n"); + return(0); + } + + # This routine parses "show vlan" + sub ShowVLAN { + print STDERR " In ShowVLAN: $_" if ($debug); + + ($_=,return(1)) if (!$DO_SHOW_VLAN); + + while () { + tr/\015//d; + last if (/^$prompt/); + next if (/^(\s*|\s*$cmd\s*)$/); + return(1) if /(Invalid input detected|Type help or )/; + #return(1) if ($type !~ /^(2900XL|3500XL|6000)$/); + return(-1) if (/command authorization failed/i); + ProcessHistory("COMMENTS","keysort","IO","!VLAN: $_"); + } + ProcessHistory("COMMENTS","keysort","IO","!\n"); + return(0); + } + + # This routine processes a "write term" + sub WriteTerm { + print STDERR " In WriteTerm: $_" if ($debug); + + while () { + tr/\015//d; + study; + last if(/^$prompt/); + return(-1) if (/command authorization failed/i); + # the pager can not be disabled per-session on the PIX + s/^<-+ More -+>\s*//; + /Non-Volatile memory is in use/ && return(-1); # NvRAM is locked + # skip the crap + if (/^(##+$|(Building|Current) configuration)/i) { + while () { + next if (/^Current configuration\s*:/i); + next if (/^:/); + next if (/^([%!].*|\s*)$/); + next if (/^ip add.*ipv4:/); # band-aid for 3620 12.0S + last; + } + if (defined($config_register)) { + ProcessHistory("","","","!\nconfig-register $config_register\n"); + } + tr/\015//d; + } + # some versions have other crap mixed in with the bits in the + # block above + /^! (Last configuration|NVRAM config last)/ && next; + + # Dog gone Cool matches to process the rest of the config + /^tftp-server flash / && next; # kill any tftp remains + /^ntp clock-period / && next; # kill ntp clock-period + /^ length / && next; # kill length on serial lines + /^ width / && next; # kill width on serial lines + /^ clockrate / && next; # kill clockrate on serial interfaces + if (/^(enable )?(password|passwd) / && $filter_pwds >= 1) { + ProcessHistory("ENABLE","","","!$1$2 \n"); + next; + } + if (/^(enable secret) / && $filter_pwds >= 2) { + ProcessHistory("ENABLE","","","!$1 \n"); + next; + } + if (/^username (\S+)(\s.*)? secret /) { + if ($filter_pwds >= 2) { + ProcessHistory("USER","keysort","$1","!username $1$2 secret \n"); + } else { + ProcessHistory("USER","keysort","$1","$_"); + } + next; + } + if (/^username (\S+)(\s.*)? password ((\d) \S+|\S+)/) { + if ($filter_pwds == 2) { + ProcessHistory("USER","keysort","$1","!username $1$2 password \n"); + } elsif ($filter_pwds == 1 && $4 ne "5"){ + ProcessHistory("USER","keysort","$1","!username $1$2 password \n"); + } else { + ProcessHistory("USER","keysort","$1","$_"); + } + next; + } + if (/^(\s*)password / && $filter_pwds >= 1) { + ProcessHistory("LINE-PASS","","","!$1password \n"); + next; + } + if (/^\s*neighbor (\S*) password / && $filter_pwds >= 1) { + ProcessHistory("","","","! neighbor $1 password \n"); + next; + } + if (/^(ppp .* password) 7 .*/ && $filter_pwds >= 1) { + ProcessHistory("","","","!$1 \n"); next; + } + if (/^(ip ftp password) / && $filter_pwds >= 1) { + ProcessHistory("","","","!$1 \n"); next; + } + if (/^( ip ospf authentication-key) / && $filter_pwds >= 1) { + ProcessHistory("","","","!$1 \n"); next; + } + # this is reversable, despite 'md5' in the cmd + if (/^( ip ospf message-digest-key \d+ md5) / && $filter_pwds >= 1) { + ProcessHistory("","","","!$1 \n"); next; + } + if (/^((crypto )?isakmp key) \S+ / && $filter_pwds >= 1) { + ProcessHistory("","","","!$1 $'"); next; + } + # i am told these are plain-text on the PIX + if (/^(vpdn username \S+ password)/ && $filter_pwds >= 1) { + ProcessHistory("","","","!$1 \n"); next; + } + /fair-queue individual-limit/ && next; + # sort ip explicit-paths. + if (/^ip explicit-path name (\S+)/) { + my($key) = $1; + my($expath) = $_; + while () { + tr/\015//d; + last if (/^$prompt/); + last if (/^$prompt/ || ! /^(ip explicit-path name |[ !])/); + if (/^ip explicit-path name (\S+)/) { + ProcessHistory("EXPATH","keysort","$key","$expath"); + $key = $1; + $expath = $_; + } else { + $expath .= $_; + } + } + ProcessHistory("EXPATH","keysort","$key","$expath"); + } + # sort route-maps + if (/^route-map (\S+)/) { + my($key) = $1; + my($routemap) = $_; + while () { + tr/\015//d; + last if (/^$prompt/ || ! /^(route-map |[ !])/); + if (/^route-map (\S+)/) { + ProcessHistory("ROUTEMAP","keysort","$key","$routemap"); + $key = $1; + $routemap = $_; + } else { + $routemap .= $_; + } + } + ProcessHistory("ROUTEMAP","keysort","$key","$routemap"); + } + # filter out any RCS/CVS tags to avoid confusing local CVS storage + s/\$(Revision|Id):/ $1:/; + # order access-lists + /^access-list\s+(\d\d?)\s+(\S+)\s+(\S+)/ && + ProcessHistory("ACL $1 $2","ipsort","$3","$_") && next; + # order extended access-lists + /^access-list\s+(\d\d\d)\s+(\S+)\s+ip\s+host\s+(\S+)/ && + ProcessHistory("EACL $1 $2","ipsort","$3","$_") && next; + /^access-list\s+(\d\d\d)\s+(\S+)\s+ip\s+(\d\S+)/ && + ProcessHistory("EACL $1 $2","ipsort","$3","$_") && next; + /^access-list\s+(\d\d\d)\s+(\S+)\s+ip\s+any/ && + ProcessHistory("EACL $1 $2","ipsort","0.0.0.0","$_") && next; + # order arp lists + /^arp\s+(\d+\.\d+\.\d+\.\d+)\s+/ && + ProcessHistory("ARP","ipsort","$1","$_") && next; + /^ip prefix-list\s+(\S+)\s+seq\s+(\d+)\s+(permit|deny)\s+(\d\S+)(\/.*)$/ && + ProcessHistory("PACL $1 $3","ipsort","$4","ip prefix-list $1 $3 $4$5\n") + && next; + # order logging statements + /^logging (\d+\.\d+\.\d+\.\d+)/ && + ProcessHistory("LOGGING","ipsort","$1","$_") && next; + # order/prune snmp-server host statements + # we only prune lines of the form + # snmp-server host a.b.c.d + if (/^snmp-server host (\d+\.\d+\.\d+\.\d+) /) { + if (defined($ENV{'NOCOMMSTR'})) { + my($ip) = $1; + my($line) = "snmp-server host $ip"; + my(@tokens) = split(' ', $'); + my($token); + while ($token = shift(@tokens)) { + if ($token eq 'version') { + $line .= " " . join(' ', ($token, shift(@tokens))); + } elsif ($token =~ /^(informs?|traps?|(no)?auth)$/) { + $line .= " " . $token; + } else { + $line = "!$line " . join(' ', ("", join(' ', at tokens))); + last; + } + } + ProcessHistory("SNMPSERVERHOST","ipsort","$ip","$line\n"); + } else { + ProcessHistory("SNMPSERVERHOST","ipsort","$1","$_"); + } + next; + } + if (/^(snmp-server community) (\S+)/) { + if (defined($ENV{'NOCOMMSTR'})) { + ProcessHistory("SNMPSERVERCOMM","keysort","$_","!$1 $'") && next; + } else { + ProcessHistory("SNMPSERVERCOMM","keysort","$_","$_") && next; + } + } + # order/prune tacacs/radius server statements + if (/^(tacacs-server|radius-server) key / && $filter_pwds >= 1) { + ProcessHistory("","","","!$1 key \n"); next; + } + # order clns host statements + /^clns host \S+ (\S+)/ && + ProcessHistory("CLNS","keysort","$1","$_") && next; + # order alias statements + /^alias / && ProcessHistory("ALIAS","keysort","$_","$_") && next; + # delete ntp auth password - this md5 is a reversable too + if (/^(ntp authentication-key \d+ md5) / && $filter_pwds >= 1) { + ProcessHistory("","","","!$1 \n"); next; + } + # order ntp peers/servers + if (/^ntp (server|peer) (\d+)\.(\d+)\.(\d+)\.(\d+)/) { + $sortkey = sprintf("$1 %03d%03d%03d%03d",$2,$3,$4,$5); + ProcessHistory("NTP","keysort",$sortkey,"$_"); + next; + } + # order ip host line statements + /^ip host line(\d+)/ && + ProcessHistory("IPHOST","numsort","$1","$_") && next; + # order ip nat source static statements + /^ip nat (\S+) source static (\S+)/ && + ProcessHistory("IP NAT $1","ipsort","$2","$_") && next; + # order atm map-list statements + /^\s+ip\s+(\d+\.\d+\.\d+\.\d+)\s+atm-vc/ && + ProcessHistory("ATM map-list","ipsort","$1","$_") && next; + # order ip rcmd lines + /^ip rcmd/ && ProcessHistory("RCMD","keysort","$_","$_") && next; + + # system controller + /^syscon address (\S*) (\S*)/ && + ProcessHistory("","","","!syscon address $1 \n") && + next; + if (/^syscon password (\S*)/ && $filter_pwds >= 1) { + ProcessHistory("","","","!syscon password \n"); + next; + } + + # catch anything that wasnt matched above. + ProcessHistory("","","","$_"); + # end of config. the ": " game is for the PIX + if (/^(: +)?end$/) { + $found_end = 1; + return(1); + } + } + return(0); + } + + # dummy function + sub DoNothing {print STDOUT;} + + # Main + %commands=( + 'show version' => "ShowVersion", + 'show install active' => "ShowInstallActive", + 'show env all' => "ShowEnv", + 'show gsr chassis' => "ShowGSR", + 'show boot' => "ShowBoot", + 'show bootvar' => "ShowBoot", + 'show variables boot' => "ShowBoot", + 'show flash' => "ShowFlash", + 'dir /all nvram:' => "DirSlotN", + 'dir /all bootflash:' => "DirSlotN", + 'dir /all slot0:' => "DirSlotN", + 'dir /all disk0:' => "DirSlotN", + 'dir /all slot1:' => "DirSlotN", + 'dir /all disk1:' => "DirSlotN", + 'dir /all slot2:' => "DirSlotN", + 'dir /all disk2:' => "DirSlotN", + "dir /all sup-bootflash:"=> "DirSlotN", # cat 6500-ios + "dir /all sup-microcode:"=> "DirSlotN", # cat 6500-ios + 'show controllers' => "ShowContAll", + 'show controllers cbus' => "ShowContCbus", + 'show diagbus' => "ShowDiagbus", + 'show diag' => "ShowDiag", + 'show module' => "ShowModule", # cat 6500-ios + 'show c7200' => "ShowC7200", + 'show vtp status' => "ShowVTP", + 'show vlan' => "ShowVLAN", + 'show config' => "WriteTerm" + ); + # keys() doesnt return things in the order entered and the order of the + # cmds is important (show version first and write term last). pita + @commands=( + "show version", + "show install active", + "show env all", + "show gsr chassis", + "show boot", + "show bootvar", + "show variables boot", + "show flash", + "dir /all nvram:", + "dir /all bootflash:", + "dir /all slot0:", + "dir /all disk0:", + "dir /all slot1:", + "dir /all disk1:", + "dir /all slot2:", + "dir /all disk2:", + "dir /all sup-bootflash:", + "dir /all sup-microcode:", + "show controllers", + "show controllers cbus", + "show diagbus", + "show diag", + "show module", + "show c7200", + "show vtp status", + "show vlan", + "show config" + ); + $cisco_cmds=join(";", at commands); + $cmds_regexp=join("|", at commands); + + open(OUTPUT,">$host.new") || die "Can't open $host.new for writing: $!\n"; + select(OUTPUT); + # make OUTPUT unbuffered if debugging + if ($debug) { $| = 1; } + + if ($file) { + print STDERR "opening file $host\n" if ($debug); + print STDOUT "opening file $host\n" if ($log); + open(INPUT,"<$host") || die "open failed for $host: $!\n"; + } else { + print STDERR "executing clogin -t $timeo -c\"$cisco_cmds\" $host\n" if ($debug); + print STDOUT "executing clogin -t $timeo -c\"$cisco_cmds\" $host\n" if ($log); + if (defined($ENV{NOPIPE})) { + system "clogin -t $timeo -c \"$cisco_cmds\" $host $host.raw 2>&1" || die "clogin failed for $host: $!\n"; + open(INPUT, "< $host.raw") || die "clogin failed for $host: $!\n"; + } else { + open(INPUT,"clogin -t $timeo -c \"$cisco_cmds\" $host ) { + tr/\015//d; + if (/\#\s?exit$/) { + $clean_run=1; + last; + } + if (/^Error:/) { + print STDOUT ("$host clogin error: $_"); + print STDERR ("$host clogin error: $_") if ($debug); + $clean_run=0; + last; + } + while (/#\s*($cmds_regexp)\s*$/) { + $cmd = $1; + if (!defined($prompt)) {$prompt = ($_ =~ /^([^#]+#)/)[0]; } + print STDERR ("HIT COMMAND:$_") if ($debug); + if (! defined($commands{$cmd})) { + print STDERR "$host: found unexpected command - \"$cmd\"\n"; + $clean_run = 0; + last TOP; + } + $rval = &{$commands{$cmd}}; + delete($commands{$cmd}); + if ($rval == -1) { + $clean_run = 0; + last TOP; + } + } + } + print STDOUT "Done $logincmd: $_\n" if ($log); + # Flush History + ProcessHistory("","","",""); + # Cleanup + close(INPUT); + close(OUTPUT); + + if (defined($ENV{NOPIPE})) { + unlink("$host.raw") if (! $debug); + } + + # check for completeness + if (scalar(%commands) || !$clean_run || !$found_end) { + if (scalar(%commands)) { + printf(STDOUT "$host: missed cmd(s): %s\n", join(',', keys(%commands))); + printf(STDERR "$host: missed cmd(s): %s\n", join(',', keys(%commands))) if ($debug); + } + if (!$clean_run || !$found_end) { + print STDOUT "$host: End of run not found\n"; + print STDERR "$host: End of run not found\n" if ($debug); + system("/usr/bin/tail -1 $host.new"); + } + unlink "$host.new" if (! $debug); + } diff -rcN rancid-2.2.1.orig/bin/rancid-fe.in rancid-2.2.1/bin/rancid-fe.in *** rancid-2.2.1.orig/bin/rancid-fe.in Fri Feb 15 18:35:56 2002 --- rancid-2.2.1/bin/rancid-fe.in Mon Jun 3 17:45:53 2002 *************** *** 29,34 **** --- 29,35 ---- elsif ($vendor =~ /^baynet$/i) { exec('brancid', $router); } elsif ($vendor =~ /^cat5$/i) { exec('cat5rancid', $router); } elsif ($vendor =~ /^cisco$/i) { exec('rancid', $router); } + elsif ($vendor =~ /^mcisco$/i) { exec('mcrancid', $router); } elsif ($vendor =~ /^extreme$/i) { exec('xrancid', $router); } elsif ($vendor =~ /^ezt3$/i) { exec('erancid', $router); } elsif ($vendor =~ /^force10$/i) { exec('f10rancid', $router); } diff -rcN rancid-2.2.1.orig/configure rancid-2.2.1/configure *** rancid-2.2.1.orig/configure Fri Feb 15 18:39:48 2002 --- rancid-2.2.1/configure Mon Jun 3 18:35:36 2002 *************** *** 2560,2566 **** # RD_BIN_PROGS are bin/ .in's that need to be installed with execute perms. RD_BIN_PROGS="cat5rancid control_rancid \ alogin arancid clogin create_cvs blogin brancid do-diffs elogin erancid \ ! f10rancid flogin francid jlogin jrancid hlogin hrancid mrancid par rancid-fe \ rancid rename rrancid xrancid" rd_cv_rd_bin_progs=$RD_BIN_PROGS --- 2560,2566 ---- # RD_BIN_PROGS are bin/ .in's that need to be installed with execute perms. RD_BIN_PROGS="cat5rancid control_rancid \ alogin arancid clogin create_cvs blogin brancid do-diffs elogin erancid \ ! f10rancid flogin francid jlogin jrancid hlogin hrancid mrancid mcrancid par rancid-fe \ rancid rename rrancid xrancid" rd_cv_rd_bin_progs=$RD_BIN_PROGS *************** *** 3107,3113 **** bin/clogin bin/control_rancid bin/create_cvs bin/do-diffs bin/elogin \ bin/env bin/erancid bin/f10rancid bin/flogin bin/francid bin/jlogin \ bin/jrancid bin/hlogin \ ! bin/hrancid bin/mrancid bin/par bin/rancid-fe bin/rancid bin/rename \ bin/rrancid bin/xrancid \ man/Makefile man/env.5 man/lg.conf.5 man/lg_intro.1 \ include/version.h \ --- 3107,3113 ---- bin/clogin bin/control_rancid bin/create_cvs bin/do-diffs bin/elogin \ bin/env bin/erancid bin/f10rancid bin/flogin bin/francid bin/jlogin \ bin/jrancid bin/hlogin \ ! bin/hrancid bin/mrancid bin/mcrancid bin/par bin/rancid-fe bin/rancid bin/rename \ bin/rrancid bin/xrancid \ man/Makefile man/env.5 man/lg.conf.5 man/lg_intro.1 \ include/version.h \ *************** *** 3237,3243 **** bin/clogin bin/control_rancid bin/create_cvs bin/do-diffs bin/elogin \ bin/env bin/erancid bin/f10rancid bin/flogin bin/francid bin/jlogin \ bin/jrancid bin/hlogin \ ! bin/hrancid bin/mrancid bin/par bin/rancid-fe bin/rancid bin/rename \ bin/rrancid bin/xrancid \ man/Makefile man/env.5 man/lg.conf.5 man/lg_intro.1 \ include/version.h \ --- 3237,3243 ---- bin/clogin bin/control_rancid bin/create_cvs bin/do-diffs bin/elogin \ bin/env bin/erancid bin/f10rancid bin/flogin bin/francid bin/jlogin \ bin/jrancid bin/hlogin \ ! bin/hrancid bin/mrancid bin/mcrancid bin/par bin/rancid-fe bin/rancid bin/rename \ bin/rrancid bin/xrancid \ man/Makefile man/env.5 man/lg.conf.5 man/lg_intro.1 \ include/version.h \ diff -rcN rancid-2.2.1.orig/configure.in rancid-2.2.1/configure.in *** rancid-2.2.1.orig/configure.in Fri Feb 15 18:39:40 2002 --- rancid-2.2.1/configure.in Mon Jun 3 17:42:56 2002 *************** *** 177,184 **** # RD_BIN_PROGS are bin/ .in's that need to be installed with execute perms. RD_BIN_PROGS="cat5rancid control_rancid \ alogin arancid clogin create_cvs blogin brancid do-diffs elogin erancid \ ! f10rancid flogin francid jlogin jrancid hlogin hrancid mrancid par rancid-fe \ ! rancid rename rrancid xrancid" AC_SUBST(RD_BIN_PROGS) rd_cv_rd_bin_progs=$RD_BIN_PROGS --- 177,184 ---- # RD_BIN_PROGS are bin/ .in's that need to be installed with execute perms. RD_BIN_PROGS="cat5rancid control_rancid \ alogin arancid clogin create_cvs blogin brancid do-diffs elogin erancid \ ! f10rancid flogin francid jlogin jrancid hlogin hrancid mcrancid mrancid \ ! par rancid-fe rancid rename rrancid xrancid" AC_SUBST(RD_BIN_PROGS) rd_cv_rd_bin_progs=$RD_BIN_PROGS *************** *** 237,244 **** bin/alogin bin/arancid bin/blogin bin/brancid bin/cat5rancid \ bin/clogin bin/control_rancid bin/create_cvs bin/do-diffs bin/elogin \ bin/env bin/erancid bin/f10rancid bin/flogin bin/francid bin/jlogin \ ! bin/jrancid bin/hlogin \ ! bin/hrancid bin/mrancid bin/par bin/rancid-fe bin/rancid bin/rename \ bin/rrancid bin/xrancid \ man/Makefile man/env.5 man/lg.conf.5 man/lg_intro.1 \ include/version.h \ --- 237,244 ---- bin/alogin bin/arancid bin/blogin bin/brancid bin/cat5rancid \ bin/clogin bin/control_rancid bin/create_cvs bin/do-diffs bin/elogin \ bin/env bin/erancid bin/f10rancid bin/flogin bin/francid bin/jlogin \ ! bin/jrancid bin/hlogin bin/hrancid bin/mrancid bin/mcrancid \ ! bin/par bin/rancid-fe bin/rancid bin/rename \ bin/rrancid bin/xrancid \ man/Makefile man/env.5 man/lg.conf.5 man/lg_intro.1 \ include/version.h \ diff -rcN rancid-2.2.1.orig/include/Makefile.in rancid-2.2.1/include/Makefile.in *** rancid-2.2.1.orig/include/Makefile.in Fri May 3 00:08:05 2002 --- rancid-2.2.1/include/Makefile.in Mon Jun 3 18:32:22 2002 *************** *** 115,123 **** all: all-redirect .SUFFIXES: $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) ! cd $(top_srcdir) && $(AUTOMAKE) --foreign --include-deps include/Makefile ! Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status cd $(top_builddir) \ && CONFIG_FILES=$(subdir)/$@ CONFIG_HEADERS= $(SHELL) ./config.status --- 115,123 ---- all: all-redirect .SUFFIXES: $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) ! cd $(top_srcdir) && $(AUTOMAKE) --foreign include/Makefile ! Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status $(BUILT_SOURCES) cd $(top_builddir) \ && CONFIG_FILES=$(subdir)/$@ CONFIG_HEADERS= $(SHELL) ./config.status *************** *** 178,183 **** --- 178,188 ---- subdir = include distdir: $(DISTFILES) + here=`cd $(top_builddir) && pwd`; \ + top_distdir=`cd $(top_distdir) && pwd`; \ + distdir=`cd $(distdir) && pwd`; \ + cd $(top_srcdir) \ + && $(AUTOMAKE) --include-deps --build-dir=$$here --srcdir-name=$(top_srcdir) --output-dir=$$top_distdir --foreign include/Makefile @for file in $(DISTFILES); do \ d=$(srcdir); \ if test -d $$d/$$file; then \ diff -rcN rancid-2.2.1.orig/include/config.h rancid-2.2.1/include/config.h *** rancid-2.2.1.orig/include/config.h Thu May 2 22:34:16 2002 --- rancid-2.2.1/include/config.h Thu Jan 1 01:00:00 1970 *************** *** 1,177 **** - /* include/config.h. Generated automatically by configure. */ - /* include/config.h.in. Generated automatically from configure.in by autoheader. */ - #ifndef CONFIG_H - #define CONFIG_H 1 - - - /* Define to empty if the keyword does not work. */ - /* #undef const */ - - /* Define if you have the ANSI # stringizing operator in cpp. */ - #define HAVE_STRINGIZE 1 - - /* Define as __inline if that's what the C compiler calls it. */ - /* #undef inline */ - - /* Define as the return type of signal handlers (int or void). */ - #define RETSIGTYPE void - - /* Define to `unsigned' if doesn't define. */ - /* #undef size_t */ - - /* Define if you have the ANSI C header files. */ - #define STDC_HEADERS 1 - - /* Define if you have the bcopy function. */ - #define HAVE_BCOPY 1 - - /* Define if you have the bzero function. */ - #define HAVE_BZERO 1 - - /* Define if you have the index function. */ - #define HAVE_INDEX 1 - - /* Define if you have the memcpy function. */ - #define HAVE_MEMCPY 1 - - /* Define if you have the memmove function. */ - #define HAVE_MEMMOVE 1 - - /* Define if you have the memset function. */ - #define HAVE_MEMSET 1 - - /* Define if you have the rindex function. */ - #define HAVE_RINDEX 1 - - /* Define if you have the strchr function. */ - #define HAVE_STRCHR 1 - - /* Define if you have the strerror function. */ - #define HAVE_STRERROR 1 - - /* Define if you have the strrchr function. */ - #define HAVE_STRRCHR 1 - - /* Define if you have the strrtok function. */ - /* #undef HAVE_STRRTOK */ - - /* Define if you have the strstr function. */ - #define HAVE_STRSTR 1 - - /* Define if you have the strtok function. */ - #define HAVE_STRTOK 1 - - /* Define if you have the header file. */ - #define HAVE_ERRNO_H 1 - - /* Define if you have the header file. */ - #define HAVE_FCNTL_H 1 - - /* Define if you have the header file. */ - #define HAVE_LIMITS_H 1 - - /* Define if you have the header file. */ - #define HAVE_MEMORY_H 1 - - /* Define if you have the header file. */ - /* #undef HAVE_SIGINFO_H */ - - /* Define if you have the header file. */ - #define HAVE_STRING_H 1 - - /* Define if you have the header file. */ - #define HAVE_STRINGS_H 1 - - /* Define if you have the header file. */ - #define HAVE_SYS_TYPES_H 1 - - /* Define if you have the header file. */ - #define HAVE_SYS_WAIT_H 1 - - /* Define if you have the header file. */ - #define HAVE_SYSEXITS_H 1 - - /* Define if you have the header file. */ - #define HAVE_UNISTD_H 1 - - /* Name of package */ - #define PACKAGE "rancid" - - /* Version number of package */ - #define VERSION "2.2.1" - - /* Define if compiler has function prototypes */ - #define PROTOTYPES 1 - - - #ifndef __P - # if STDC_HEADERS - # define __P(a) a - # else - # define __P(a) () - # endif - #endif - - #define BUF_SZ LINE_MAX /* (increments of) size of bufs */ - - #if HAVE_STDLIB_H - # include - #endif - - #if HAVE_UNISTD_H - # include - # include - #elif HAVE_SYS_TYPES_H - # include - #endif - - #if HAVE_ERRNO_H - # include - #endif - extern int errno; - - #if HAVE_STRING_H - # include - #endif - #if HAVE_STRINGS_H - # include - #endif - - #if ! HAVE_STRERROR - # define strerror(n) sys_errlist[n]; - #endif - - #if HAVE_SYS_WAIT_H - # include - #endif - #ifndef WEXITSTATUS - # define WEXITSTATUS(stat_val) ((unsigned)(stat_val) >> 8) - #endif - #ifndef WIFEXITED - # define WIFEXITED(stat_val) (((stat_val) & 255) == 0) - #endif - - #if HAVE_MEMSET - # define bzero(p,s) memset(p, 0, s) - # define bcopy(s,d,l) memcpy(d, s, l) - #endif - - #if HAVE_INDEX && ! HAVE_STRCHR - # define index(s,c) strchr(s,c) - #endif - - #if HAVE_SYSEXITS_H - # include - #else - /* missing sysexits.h */ - # define EX_OK 0 - # define EX_USAGE 64 /* command line usage error */ - # define EX_NOINPUT 66 /* cannot open input */ - # define EX_TEMPFAIL 75 /* temp failure */ - # define EX_OSERR 71 /* system error */ - # define EX_CANTCREAT 73 /* can't create (user) output file */ - # define EX_IOERR 74 /* input/output error */ - # define EX_CONFIG 78 /* configuration error */ - #endif - - #endif /* CONFIG_H */ --- 0 ---- diff -rcN rancid-2.2.1.orig/include/version.h rancid-2.2.1/include/version.h *** rancid-2.2.1.orig/include/version.h Thu May 2 22:34:16 2002 --- rancid-2.2.1/include/version.h Thu Jan 1 01:00:00 1970 *************** *** 1,9 **** - #ifndef VERSION_H - - #define VERSION_H - - /* pkg version */ - char package[] = "rancid"; - char version[] = "2.2.1"; - - #endif --- 0 ---- From Dmitri.Smirnov at roundheaven.com Mon Jun 3 21:12:16 2002 From: Dmitri.Smirnov at roundheaven.com (Dmitri Smirnov) Date: Mon, 3 Jun 2002 14:12:16 -0700 Subject: Problem with Catalyst switches Message-ID: <77F055FA968580429F4546414D8C10E705E329@s102.rhcci.com> Hello, need a help with RANCID (2.2.1) and Catalyst switches (65XX) . I've put 6 switches in a separate group. 'cat5rancid -d IP' is working fine for each of them. 'do-diffs' running by cron is usually unable to collect configs from 1 or 2 switches (random, 5,6 times). After multiple attempts I'm getting a configuration. Log file has: Trying to get all of the configs. ===================================== Getting missed routers: round 1. ===================================== Getting missed routers: round 2. ===================================== Getting missed routers: round 3. ===================================== Getting missed routers: round 4. ! XX.XX.1.7 clogin error: Error: TIMEOUT reached XX.XX.1.7: missed cmd(s): show boot,dir slot0:,dir bootflash:,dir slot1:,dir sup -bootflash:,show module,write term,show version,show flash,show port ifindex,dir sup-microcode: XX.XX.1.7: End of run not found Anyway I could troubleshoot the problem? Dmitri Smirnov, SSCP Security Team From AZhang at reliant.com Tue Jun 4 16:52:38 2002 From: AZhang at reliant.com (Zhang, Anchi) Date: Tue, 4 Jun 2002 11:52:38 -0500 Subject: Problem with Catalyst switches Message-ID: You don't happen to use ssh as your login method, do you? In my setup, Rancid has no problem using telnet but fails occasionally if it relies on ssh to reach cat5 devices. Anchi -----Original Message----- From: Dmitri Smirnov [mailto:Dmitri.Smirnov at roundheaven.com] Sent: Monday, June 03, 2002 4:12 PM To: rancid-discuss at shrubbery.net Subject: Problem with Catalyst switches Hello, need a help with RANCID (2.2.1) and Catalyst switches (65XX) . I've put 6 switches in a separate group. 'cat5rancid -d IP' is working fine for each of them. 'do-diffs' running by cron is usually unable to collect configs from 1 or 2 switches (random, 5,6 times). After multiple attempts I'm getting a configuration. Log file has: Trying to get all of the configs. ===================================== Getting missed routers: round 1. ===================================== Getting missed routers: round 2. ===================================== Getting missed routers: round 3. ===================================== Getting missed routers: round 4. ! XX.XX.1.7 clogin error: Error: TIMEOUT reached XX.XX.1.7: missed cmd(s): show boot,dir slot0:,dir bootflash:,dir slot1:,dir sup -bootflash:,show module,write term,show version,show flash,show port ifindex,dir sup-microcode: XX.XX.1.7: End of run not found Anyway I could troubleshoot the problem? Dmitri Smirnov, SSCP Security Team From Dmitri.Smirnov at roundheaven.com Tue Jun 4 17:02:01 2002 From: Dmitri.Smirnov at roundheaven.com (Dmitri Smirnov) Date: Tue, 4 Jun 2002 10:02:01 -0700 Subject: Problem with Catalyst switches Message-ID: <77F055FA968580429F4546414D8C10E705CCE2@s102.rhcci.com> Thank you Anchi, I'm using ssh as login method. Is it RANCID or CatOS problem? Is anyway to fix it without 'telnet'? Dmitri -----Original Message----- From: Zhang, Anchi [mailto:AZhang at reliant.com] Sent: Tuesday, June 04, 2002 9:53 AM To: Dmitri Smirnov; rancid-discuss at shrubbery.net Subject: RE: Problem with Catalyst switches You don't happen to use ssh as your login method, do you? In my setup, Rancid has no problem using telnet but fails occasionally if it relies on ssh to reach cat5 devices. Anchi -----Original Message----- From: Dmitri Smirnov [mailto:Dmitri.Smirnov at roundheaven.com] Sent: Monday, June 03, 2002 4:12 PM To: rancid-discuss at shrubbery.net Subject: Problem with Catalyst switches Hello, need a help with RANCID (2.2.1) and Catalyst switches (65XX) . I've put 6 switches in a separate group. 'cat5rancid -d IP' is working fine for each of them. 'do-diffs' running by cron is usually unable to collect configs from 1 or 2 switches (random, 5,6 times). After multiple attempts I'm getting a configuration. Log file has: Trying to get all of the configs. ===================================== Getting missed routers: round 1. ===================================== Getting missed routers: round 2. ===================================== Getting missed routers: round 3. ===================================== Getting missed routers: round 4. ! XX.XX.1.7 clogin error: Error: TIMEOUT reached XX.XX.1.7: missed cmd(s): show boot,dir slot0:,dir bootflash:,dir slot1:,dir sup -bootflash:,show module,write term,show version,show flash,show port ifindex,dir sup-microcode: XX.XX.1.7: End of run not found Anyway I could troubleshoot the problem? Dmitri Smirnov, SSCP Security Team From asp at partan.com Tue Jun 4 17:16:25 2002 From: asp at partan.com (Andrew Partan) Date: Tue, 4 Jun 2002 13:16:25 -0400 Subject: Problem with Catalyst switches In-Reply-To: <77F055FA968580429F4546414D8C10E705CCE2@s102.rhcci.com>; from Dmitri.Smirnov@roundheaven.com on Tue, Jun 04, 2002 at 10:02:01AM -0700 References: <77F055FA968580429F4546414D8C10E705CCE2@s102.rhcci.com> Message-ID: <20020604131625.A29244@partan.com> On Tue, Jun 04, 2002 at 10:02:01AM -0700, Dmitri Smirnov wrote: > I'm using ssh as login method. > Is it RANCID or CatOS problem? Is anyway to fix it without 'telnet'? There seems to be bugs in ciscos where sometimes ssh just does not work; unclear why. If I see ssh not work, it usually does not work for just one or two of the 5 tries that rancid does per run. --asp From koch at tiscali.net Thu Jun 6 10:33:33 2002 From: koch at tiscali.net (Alexander Koch) Date: Thu, 6 Jun 2002 12:33:33 +0200 Subject: nph and Apache 1.3... Message-ID: <20020606103333.GA18183@shekinah.ip.tiscali.net> Hello. As I read the Apache docs it is now no longer necessary to have the nph- prefix and all that, but simply that the script itself flushes all output to the server and that's it. Has anyone of you gotten the rancid looking glass to behave like a nph script? We have just a normal Apache here, no mod_perl or any such thing and just setting '$|=1' in Perl certainly does not do the trick. Now if anyone has an idea that would be most welcome as my 'web times' are long forgotten, not doing much apache stuff lately... TIA Alexander -- Alexander Koch / ako4-ripe Network Engineer, Tiscali International Network Robert-Bosch-Strasse 32, D-63303 Dreieich, Germany Phone +49 6103 916 480, Fax +49 6103 916 464 From janos at budapest.dante.org.uk Wed Jun 26 09:59:42 2002 From: janos at budapest.dante.org.uk (Janos Mohacsi) Date: Wed, 26 Jun 2002 10:59:42 +0100 (BST) Subject: paranoid patch for cisco routers :) Message-ID: <20020626105156.A81512-100000@budapest.dante.org.uk> Dear All, We are using IS-IS as an IGP and rancid did not remove the IS-IS password. Also if we set up FILTER_PWDS=ALL we would prefer removing the community strings... Here is my patch for this: *** mcrancid.orig Wed Jun 26 10:25:28 2002 --- mcrancid Wed Jun 26 10:43:20 2002 *************** *** 936,941 **** --- 936,949 ---- ProcessHistory("","","","! neighbor $1 password \n"); next; } + if (/^\s*isis password / && $filter_pwds >= 1){ + ProcessHistory("", "", "", "! isis password \n"); + next; + } + if (/^snmp-server community (\S*) (.*)/ && $filter_pwds >=2) { + ProcessHistory("", "", "", "!snmp-server community $2\n"); + next; + } if (/^(ppp .* password) 7 .*/ && $filter_pwds >= 1) { ProcessHistory("","","","!$1 \n"); next; } This is for bin/mcrancid (for my previous patch), but the same applies for bin/rancid also. Best Regards, Janos Mohacsi From janos at budapest.dante.org.uk Wed Jun 26 20:59:04 2002 From: janos at budapest.dante.org.uk (Janos Mohacsi) Date: Wed, 26 Jun 2002 21:59:04 +0100 (BST) Subject: Multicast/IPv6 Looking glass patch for rancid Message-ID: <20020626213520.V86512-400000@budapest.dante.org.uk> Dear All, I created some extra commands for the rancid looking glass: Multicast looking glass + IPv6 looking glass In order to be configurable more flexible I modified the looking glass in several places: 1. The lg.conf is holding the commands that is displayed on the form display. You specify there what to display as command. If you comment one command, it won't be displayed on the form. This way much easier to disable certain functionality of looking glass. 2. I put the queries into different categories: interface, routing, debugging, multicast, ipv6. On the form display they are separated by horizontal ruler from each other. 3. I implemented several multicast looking glass commands. They are available for Cisco and Juniper. If somebody knows Foundry equivalents they can add it. 4. I implemented some ipv6 looking glass commands. They are tested only on Cisco, but some of them are available for Juniper also. 5. I added LG_STYLE to the confiuration ( and also to lgform.cgi and lg.cgi), to support style sheet for consistent web look. I attach the patches in three unified diff files. Any comment are welcome. Can you incorporate my patches into the next version of rancid? By the way when will be next version? Best Regards, Janos Mohacsi -------------- next part -------------- --- lg.cgi.orig Wed Jun 26 21:10:53 2002 +++ lg.cgi Wed Jun 26 21:29:03 2002 @@ -23,7 +23,7 @@ $me =~ s/.*\/(\S+)$/$1/; } -use CGI qw/:standard/; +use CGI qw/:standard escapeHTML/; use POSIX qw(strftime); use Sys::Syslog; use LockFile::Simple qw(lock trylock unlock); @@ -124,14 +124,14 @@ local(*CMD); if ($mfg =~ /foundry/i) { - $cmd = $foundryCmd{$type}; open(CMD, "sh -c \"flogin -f $cloginrc -c \'$cmd $arg\' $rtr\" 2>&1 |"); + $cmd = $foundryCmd{$type}; } elsif ($mfg =~ /juniper/i) { - $cmd = $juniperCmd{$type}; open(CMD, "sh -c \"jlogin -f $cloginrc -c \'$cmd $arg\' $rtr\" 2>&1 |"); + $cmd = $juniperCmd{$type}; } else { - $cmd = $ciscoCmd{$type}; open(CMD, "sh -c \"clogin -noenable -f $cloginrc -c \'$cmd $arg\' $rtr\" 2>&1 |"); + $cmd = $ciscoCmd{$type}; } while () { tr/\015//d; @@ -173,6 +173,7 @@ } # create the page and log the transaction... sub print_results { + my($mfg) = @_; my($cmd); @@ -180,8 +181,14 @@ dolog(LOG_INFO, sprintf("%s %s %s %s\n", $ENV{REMOTE_HOST}, $ENV{REMOTE_ADDR}, $ENV{REMOTE_USER}, "- - [$timestr] $type $router $arg")); + # print $query->header; - print $query->start_html("Looking Glass Results - $router"); + if ($LG_STYLE) { + print $query->start_html(-title => "LookingGlass Results - $router", + -style => {'src' => $LG_STYLE}); + } else { + print $query->start_html(-title =>"LookingGlass Results - $router"); + } $timestr = strftime("%a %b %e %H:%M:%S %Y %Z", gmtime); @@ -195,7 +202,6 @@ } else { $cmd = $ciscoCmd{$type}; } - print <

Looking Glass Results - $router @@ -205,9 +211,11 @@
Date: $timestr

- Query: $cmd -
+ Query: HEAD + print escapeHTML($cmdDisp{$type}); + print "Real Query: $cmd"; + print "
"; if ($arg) { print "Argument(s): $arg\n"; } print "

\n"; @@ -226,9 +234,9 @@ print < - END + print $LG_INFO; print $query->end_html; exit; @@ -270,22 +278,36 @@ $query = new CGI; +# TODO check HTTP_REFERER? + + + # get form data and validate $type = ($query->param('query'))[0]; $router_param = ($query->param('router'))[0]; $remote_user = $ENV{REMOTE_USER}; $arg = ($query->param('args'))[0]; +$arg =~ s/["'`]//g; # these are BS in any arg for any query # handle multiple args -$arg =~ s/["'`]//g; # these are BS in any arg for any query @arg = split(' ', $arg); # verify commands, arguments, etc. ($router, $mfg) = split(':', $router_param); -if (!defined($type) || !defined($router)) { +if (!defined($type) || !defined($router) || $router eq '' || !defined($mfg)) { $results[0] = "You must at least choose a Query and a router. Try buying a clue.\n"; &print_results($mfg); } +if ($arg !~ /^[-A-Za-z0-9|_\/ \.^\$]*$/) { + $results[0] = "Funny characters in argument; ignoring.\n"; + &print_results($mfg); +} +if (length($arg) >= 50) { + $results[0] = "Too long argument string; ignoring. \n"; + &print_results($mfg); +} + + # conversion of command "type" passed from lgform.cgi to the vendor's syntax. %ciscoCmd = ( #acl => "show access-list", @@ -294,7 +316,7 @@ damp => "show ip bgp dampened-paths", framerelay => "show frame-relay pvc", interface => "show interface", - intbrief => "show ip interface", # switch in {interface} + intbrief => "show ip interface", log => "show logging", mbgp => "show ip mbgp", mbgpsum => "show ip mbgp summary", @@ -307,7 +329,18 @@ prefix => "show ip bgp", prefixlist => "show ip prefix-list", summary => "show ip bgp summary", - trace => "traceroute" + trace => "traceroute", + pim_neighbor => "show ip pim neighbor", + pim_interface => "show ip pim interface", + pim_rp => "show ip pim rp mapping", + mforw => "show ip mroute", + msdp => "show ip msdp summary", + msdpsa => "show ip msdp sa-cache", + msess => "show ip sdr", + mrpf => "show ip rpf", + v6_interface => "show ipv6 interface", + v6_summary => "show bgp ipv6 summary", + v6_bgp => "show bgp ipv6", ); %foundryCmd = ( #acl => "show access-list", @@ -335,7 +368,7 @@ #aspath => "show ip as-path-access-list", #communitylist => "show ip community-list", damp => "show route damping suppressed terse table inet.0", - framerelay => "show frame-relay pvc", + #framerelay => "show frame-relay pvc", interface => "show interface", log => "show log messages", mbgp => "show route table inet.2 terse", @@ -349,7 +382,19 @@ prefix => "show route table inet.0", prefixlist => "show policy", summary => "show bgp summary", - trace => "traceroute" + trace => "traceroute", + pim_neighbor => "show pim neighbors", + pim_interface => "show pim interface", + pim_rp => "show pim rps", + pim_join => "show pim join", + mforw => "show multicast route extensive", + msdp => "show msdp", + msdpsa => "show msdp source-active", + msess => "show multicast sessions", + mrpf => "show multicast rpf", + v6_interface => "show interface", + v6_summary => "show bgp summary", + v6_route => "show route table inet6.0", ); %cmdDisp = ( #acl => "show access-list", @@ -373,7 +418,37 @@ trace => "traceroute" ); -# not all cmds/queries are implemented for junipers +#construct Display command from configuration +#empty out Command to Display +%cmdDisp=(); + +#fill separately with command types +#interface +while (($ckey,$cvalue)=each %i_qrtype) { + $cmdDisp{$ckey}=$cvalue; +} +#routing +while (($ckey,$cvalue)=each %r_qrtype) { + $cmdDisp{$ckey}=$cvalue; +} +#debug +while (($ckey,$cvalue)=each %d_qrtype) { + $cmdDisp{$ckey}=$cvalue; +} +#multicast +while (($ckey,$cvalue)=each %m_qrtype) { + $cmdDisp{$ckey}=$cvalue; +} + +#ipv6 +while (($ckey,$cvalue)=each %v6_qrtype) { + $cmdDisp{$ckey}=$cvalue; +} + + + + +# not all cmds/queries are implemented for junipers/foundrys/ciscos if ($mfg =~ /juniper/) { if (! defined($juniperCmd{$type})) { $results[0] = "$cmdDisp{$type} not implemented for junipers. sorry.\n"; @@ -387,21 +462,31 @@ } $cmd = $foundryCmd{$type}; } else { + if(! defined($ciscoCmd{$type})) { + $results[0] = "$cmdDisp{$type} not implemented for cisco. sorry.\n"; + &print_results($mfg); + } $cmd = $ciscoCmd{$type}; } -if ($type eq "prefix" || $type eq "mbgp" || $type eq "route" ) { +if ($type eq "prefix" || $type eq "mbgp" || $type eq "route") { if ($arg[0] !~ /^\d+\.\d+\.\d+\.\d+$/) { $results[0] = "The IP address \"$arg[0]\" is not valid and lacking an address would over-burden our router.\n"; &print_results($mfg); } elsif (defined($arg[1]) && $arg[1] !~ /^\d+\.\d+\.\d+\.\d+$/) { $results[0] = "The IP netmask \"$arg[1]\" is not valid.\n"; &print_results($mfg); - } + } if ($mfg =~ /juniper/i && defined($arg[1])) { $arg = $arg[0] . "/" . mask2len($arg[1]); } +} elsif ($type eq "v6_route" ){ + if ($arg[0] !~ /[0-9a-fA-F:]+$/) { + $results[0] ="The IPv6 address \"$arg[0]\" is not valid.\n"; + &print_results($mfg); + } + } elsif ($type eq "framerelay") { if ($mfg =~ /juniper/) { $results[0] = "Juniper does not have a show frame-relay pvc command. ". @@ -413,33 +498,33 @@ } else { undef($arg); } -} elsif ($type eq "interface") { - if ($mfg =~ /(cisco|foundry)/) { - if ($arg[0] !~ /^b[^ ]+[0-9]/i && $arg[0] =~ /^b/i) { +} elsif ($type eq "interface" || $type eq "v6_interface") { + if ($arg[1] =~ /[-\/0-9:.]+/) { + $arg = $arg[0] . " " . $arg[1]; + } else { + if ($arg[0] !~ /^b[^ ]+[0-9]/i && $arg[0] =~ /^b/i && $mfg =~ /(cisco|foundry)/i) { $type = "intbrief"; $arg = "brief"; } else { $arg = $arg[0]; } - } elsif ($mfg =~ /juniper/) { - my($optind) = 0; - # arg 0 may be an intf name or a display option, but there can - # only be 2 args - $arg = ""; - while ($optind <= $#arg && $optind < 2) { - $arg[$optind] =~ s/brief/terse/; - if ($arg[$optind] =~ /^([a-z0-9]{2}\-\d+\/\d+\/\d+(:\d+)?)/i) { - $arg .= " $1"; - } elsif ($arg[$optind] =~ /^det/i) { - $arg .= " detail"; - } elsif ($arg[$optind] =~ /^ter/i) { - $arg .= " terse"; - } elsif ($arg[$optind] =~ /^ext/i) { - $arg .= " extensive"; - } - $optind += 1; + } +} elsif ($type eq "pim_interface") { +if ($mfg =~ /cisco/i) { + if ($arg[1] =~ /[-\/0-9:.]+/) { + $arg = $arg[0] . " " . $arg[1]; + } else { + if ($arg[0] !~ /^b[^ ]+[0-9]/i && $arg[0] =~ /^b/i ) { + $type = "intbrief"; + $arg = "brief"; + } else { + $arg = $arg[0]; } } +} else { + $arg=undef; +} +} elsif ($type eq "log") { } elsif ($type eq "log") { if ($arg[0] =~ /^\s*\|?$/) { shift(@arg); @@ -458,7 +543,7 @@ } } elsif ($type eq "ping" || $type eq "trace") { if ($arg[0] !~ /^\d+\.\d+\.\d+\.\d+$/) { - if ($arg[0] !~ /^[A-Za-z0-9._-]+$/) { + if ($arg[0] !~ /([A-Za-z0-9-]*.)*[A-Za-z0-9-]*.[A-Za-z0-9-]*/) { $results[0] = "That argument ($arg[0]) is not valid.\n"; &print_results($mfg); } @@ -510,13 +595,17 @@ } else { $arg =~ s/[\$^]/ /g; } - $arg = "\"$arg\""; + $arg = "\\\"$arg\\\""; } # escape any ()s $arg =~ s/([\(\)])/\\$1/g; + #dolog(LOG_INFO, sprintf("TEST: %s\n", + # "- - [$timestr] $type $router $arg")); + # + } elsif ($type eq "neighbor") { if ($arg[0] !~ /^\d+\.\d+\.\d+\.\d+$/) { - if ($arg[0] !~ /([A-Za-z0-9-]*.)*[A-Za-z0-9-]*.(com|edu|net|org)/) { + if ($arg[0] !~ /([A-Za-z0-9-]*.)*[A-Za-z0-9-]*.[A-Za-z0-9-]*/) { $results[0] = "That argument ($arg[0]) is not valid.\n"; &print_results($mfg); } @@ -553,7 +642,7 @@ } } elsif ($type eq "mneighbor") { if ($arg[0] !~ /^\d+\.\d+\.\d+\.\d+$/) { - if ($arg[0] !~ /([A-Za-z0-9-]*.)*[A-Za-z0-9-]*.(com|edu|net|org)/) { + if ($arg[0] !~ /([A-Za-z0-9-]*.)*[A-Za-z0-9-]*.[A-Za-z0-9-]*/) { $results[0] = "That argument ($arg[0]) is not valid.\n"; &print_results($mfg); } @@ -582,12 +671,56 @@ } } } -} elsif ($type eq "damp" || $type eq "summary" || $type eq "mbgpsum") { +} elsif ($type eq "pim_neighbor") { + if ( ($arg[0] eq 'detail') && ($mfg =~ /juniper/)) { + $arg = $arg[0]; + } else { + undef ($arg); + } + +} elsif ($type eq "pim_rp") { + if ( ($arg[0] eq 'detail') && ($mfg =~ /juniper/)) { + $arg = $arg[0]; + } else { + undef ($arg); + } + +} elsif ($type eq "mforw") { + if ($arg[0] eq 'active') { + $arg= $arg[0]; + } else{ + undef ($arg); + } + +} elsif ($type eq "pim_join") { + if ($arg[0] !~ /^\d+\.\d+\.\d+\.\d+$/) { + $results[0] = "The Group address \"$arg[0]\" is not valid and lacking an address would over-burden our router.\n"; + &print_results($mfg); + } else { + $arg= $arg[0]; + } + +} elsif ($type eq "msess") { + if ( $arg[0] eq 'detail' ) { + $arg = $arg[0]; + } else { + undef ($arg); + } + +} elsif ($type eq "mrpf") { + if ($arg[0] !~ /^\d+\.\d+\.\d+\.\d+$/) { + $results[0] = "The IP address \"$arg[0]\" is not valid. You have the specify IP address to Reverse Path Forwarding Test.\n"; + &print_results($mfg); + } else { + $arg= $arg[0]; + } + +} elsif ($type eq "damp" || $type eq "summary" || $type eq "mbgpsum" || $type eq "msdp" || $type eq "msdpsa" || $type eq "v6_summary") { undef($arg); } # cache the following -if ($type eq "summary" || $type eq "mbgpsu" || $type eq "damp" || $type eq "log") { +if ($type eq "summary" || $type eq "mbgpsu" || $type eq "damp" || $type eq "log" || $type eq "msdpsa" || $type eq "msess" || $type eq "mforw" || $type eq "v6_summary" ) { if (!$arg) { # cache requests with no addr/argument local(*CACHE); -------------- next part -------------- --- lgform.cgi.orig Wed Jun 26 21:11:14 2002 +++ lgform.cgi Wed Jun 26 21:31:05 2002 @@ -126,9 +126,13 @@ $query = new CGI; print $query->header; -print $query->start_html("LookingGlass form"); -print ""; +if ($LG_STYLE) { + print $query->start_html(-title =>"LookingGlass form", + -style => {'src' => $LG_STYLE}); +} else { + print $query->start_html(-title =>"LookingGlass from"); +} # add the company image, LG_IMAGE print $LG_IMAGE; @@ -141,46 +145,57 @@ HEAD # start table, etc here +print $query->startform( -action => '/cgi-bin/lg/lg.cgi', - method => 'POST'); + print <
- +
DOTABLE # available query types here -print < - + + +
Query: -
show frame-relay pvc [DLCI]
-
show interface <interface>
-
show ip bgp <prefix> [netmask]
-
show ip bgp neighbor <IP_addr>
-
show ip bgp regex <reg_exp>
-
show ip bgp summary
-
show ip bgp dampened-paths
-
show ip prefix-list <list_name>
-
show ip route <prefix> [netmask]
-
show route-map <map_name>
-
show ip mbgp <prefix> [netmask]
-
show ip mbgp summary
-
show logging [ | <match_string>]
-
ping <IP_addr | FQDN>
-
traceroute <IP_addr | FQDN>
+print < +
Query:Router:
+ +TABLEHEAD + +print $query->radio_group (-name => 'query', -values => \%i_qrtype, + -default => '-', -linebreak => 'true'); + +print $query->hr; + +print $query->radio_group (-name => 'query', -values => \%r_qrtype, + -default => '-', -linebreak => 'true'); + +print $query->hr; + +print $query->radio_group (-name => 'query', -values => \%d_qrtype, + -default => '-', -linebreak => 'true'); + +print $query->hr; + + +print $query->radio_group (-name => 'query', -values => \%m_qrtype, + -default => '-', -linebreak => 'true'); + +print $query->hr; + +print $query->radio_group (-name => 'query', -values => \%v6_qrtype, + -default => '-', -linebreak => 'true'); -

Argument(s):

+print $query->hr; + +print <Argument(s):

- Router: -
QTYPES -#
sh ip as-path-access-list <list_number>
-#
sh access-list <list_number>
-#
sh ip community-list <list_number>
-#
sh ip route-map <map_name>
- # read routers table and create the scrolling list readrouters(); print $query->scrolling_list(-name => 'router', @@ -188,22 +203,27 @@ -size => 20, -labels => \%rtrlabels); + + # end print <
-

+ +TAIL + +print $query->submit(-name => 'submit', -value =>'Submit'); +print $query->reset; +print $query->endform; + +print <
Looking Glass notes -TAIL -print < -$LG_INFO - -TAIL +TAIL2 + +print $LG_INFO; print $query->end_html; -------------- next part -------------- --- lg.conf.orig Wed Jun 26 13:21:56 2002 +++ lg.conf Wed Jun 26 21:09:53 2002 @@ -41,6 +41,10 @@ # #$LG_INFO="For support, contact webmaster"; # +# LG_STYLE define style sheet to be used for format HTML +# +#$LG_STYLE="http://www.your.site/style/style.css"; +# # # LG_LOG is either a FQPN (fully qualified path name) or the syslog # facility to use for logging. if not defined, the LG @@ -103,3 +107,51 @@ # $LG_STRIP=1; # +###### +#looking glass commands +#interfaces queries +#$i_qrtype{'framerelay'}="Show Frame-Relay PVC [DLCI]"; +$i_qrtype{'interface'}="Show Interface Parameters [interface]"; +#routing queries +$r_qrtype{'prefix'}="Show BGP Prefix [netmask]"; +$r_qrtype{'neighbor'}="Show BGP Neighbor "; +$r_qrtype{'regex'}="Show BGP AS-PATH/Regex "; +$r_qrtype{'summary'}="Show BGP Peering Status"; +$r_qrtype{'damp'}="Show BGP Dampened Paths"; +#$r_qrtype{'prefixlist'}="Show Routing Policy Terms "; +$r_qrtype{'route'}="Show IP Route [netmask]"; +#$r_qrtype{'routemap'}="Show Routing Policy Actions "; +#debug queries +#$d_qrtype{'log'}="Show Logs [ | ]"; +$d_qrtype{'ping'}="Ping "; +$d_qrtype{'trace'}="Traceroute "; +#multicast queries +$m_qrtype{'mbgp'}="Show Multicast Route (MBGP) [netmask]"; +$m_qrtype{'mbgpsum'}="Show MBGP Peering Status"; +#show ip pim neighbor/show pim neighbors +$m_qrtype{'pim_neighbor'}="Show PIM Neighbors [detail]"; +#show ip pim interface/show pim interface +$m_qrtype{'pim_interface'}="Show PIM Interfaces"; +#show ip pim rp mapping/show pim rps +$m_qrtype{'pim_rp'}="Show PIM Rendez-vous Points [detail]"; +#???/show pim join (extensive) +$m_qrtype{'pim_join'}="Show PIM Join [group_address]"; +#show ip mroute/show multicast route [active] +$m_qrtype{'mforw'}="Show Multicast Forwarding Table [active]"; +#show ip msdp summary/show msdp +$m_qrtype{'msdp'}="Show MSDP Peering Status"; +#show ip msdp sa cache/show msdp source-active +$m_qrtype{'msdpsa'}="Show MSDP Source Active Table"; +#show ip sdr|show multicast sessions +$m_qrtype{'msess'}="Show Multicast SDR sessions [detail]"; +#show ip rpf [address] /show multicast rpf [address] +$m_qrtype{'mrpf'}="Test Multicast RPF

"; +#IPv6 commands +#show ipv6 interface / show interface +$v6_qrtype{'v6_interface'}="Show IPv6 interface parameters [interface]"; +#show bgp ipv6 summary / show bgp summary +$v6_qrtype{'v6_summary'}="Show IPv6 BGP Summary"; +#show ipv6 route / show route table inet6.0 +$v6_qrtype{'v6_route'}="Show IPv6 Routes "; +#show bgp ipv6 / ??? +#$v6_qrtype{'v6_bgp'}="Show IPv6 BGP table"; From heas at shrubbery.net Fri Jun 28 22:47:33 2002 From: heas at shrubbery.net (john heasley) Date: Fri, 28 Jun 2002 15:47:33 -0700 Subject: paranoid patch for cisco routers :) In-Reply-To: <20020626105156.A81512-100000@budapest.dante.org.uk>; from janos@budapest.dante.org.uk on Wed, Jun 26, 2002 at 10:59:42AM +0100 References: <20020626105156.A81512-100000@budapest.dante.org.uk> Message-ID: <20020628154733.U3591@shrubbery.net> Wed, Jun 26, 2002 at 10:59:42AM +0100, Janos Mohacsi: > > Dear All, > We are using IS-IS as an IGP and rancid did not remove the IS-IS > password. Also if we set up FILTER_PWDS=ALL we would prefer removing the > community strings... sorry for the delay in response...get to things as fast as i can. some other folks have sent some fixes as well...getting to those. of course, thanks to all who use, comment, and/or contribute to rancid! isis pwds definitely should be filtered, esp as they appear to be completely clear-text in the IOS i checked. i also found area-password and domain-password under router isis. the snmp-sever community, however, is already handled, though by a separate knob. please see NOCOMMSTR variable of env(5). i will add a note to that effect in the manpage. i am committing this (after i test): Index: rancid.in =================================================================== RCS file: /home/rancid/.CVS/rancid/bin/rancid.in,v retrieving revision 1.113 diff -c -r1.113 rancid.in *** rancid.in 2002/05/09 21:22:14 1.113 --- rancid.in 2002/06/28 22:35:12 *************** *** 945,950 **** --- 945,958 ---- if (/^( ip ospf authentication-key) / && $filter_pwds >= 1) { ProcessHistory("","","","!$1 \n"); next; } + # isis passwords appear to be completely plain-text + if (/^\s+isis password (\S+)( .*)?/ && $filter_pwds >= 1) { + ProcessHistory("","","","!$1 $2\n"); next; + } + if (/^\s+(domain-password|area-password) (\S+)( .*)?/ + && $filter_pwds >= 1) { + ProcessHistory("","","","!$1 $2\n"); next; + } # this is reversable, despite 'md5' in the cmd if (/^( ip ospf message-digest-key \d+ md5) / && $filter_pwds >= 1) { ProcessHistory("","","","!$1 \n"); next;