[rancid] Cisco Banner Issue

heasley heas at shrubbery.net
Tue Apr 1 22:26:39 UTC 2014


Mon, Mar 31, 2014 at 09:34:33PM +0100, Alex DEKKER:
> On 31/03/14 04:57, heasley wrote:
> > develop a process to wait to see if
> > anything follows the # or >, which has its own set of pitfalls.
> 
> I [sitting in my armchair, not being the developer] think this idea has 
> some mileage. Would it be unreasonable to wait n seconds after a # to 
> determine that it's a prompt? Obviously if you do this then you'd have 
> to add a knob to tweak for those who are taking backups over satellite 
> links &c.
> 
> Perhaps you could be a bit cleverer - if a router is delivering 20 
> lines/sec of output, then you'll know within 0.5sec if it's finished, 
> although some seem to always be slow when delivering certain sections of 
> config. Pitfalls indeed!

Something like this could [mostly] work.

Index: clogin.in
===================================================================
--- clogin.in	(revision 2802)
+++ clogin.in	(working copy)
@@ -575,7 +575,21 @@
 				}
 	-re "$prompt"		{
 				  set prompt_match $expect_out(0,string);
-				  break;
+				  expect {
+					" "	{ exp_continue }
+					-re ".+" {
+						  unset prompt_match;
+						  break
+						}
+					timeout	{ set to 1;
+						  break
+						}
+				  }
+				  if {$to == 1} {
+					unset to;
+					break
+				  }
+				  exp_continue;
 				}
 	"Login invalid"		{
 				  send_user "\nError: Invalid login: $router\n";

but without constraining the timeout somehow, thats much to slow for my
patience.  it also doesnt deal with eof.

how to arrive at a reliable timeout is a another question.  what is too long
or short?  can the previous input rate simply be measured?  is the link
congested or is there routing instability producing massively variable
throughput?  maybe some would argue that last bit can be ignored; i think
that makes it unreliable and more difficult to support.

i am far more inclined to say dont do it (or have banners at all); the price
of admission.  or, if you must have #s in your banner, do not use autoenable,
so its looking for >s - which is also a poor solution, as it would be better
for clogin not to care about autoenable, so it would be looking for [>#] by
default.

i am however open to adding a cloginrc variable to constrain the prompt
match; eg: "^[ \n\r]+[#>]".  thereby, you could have whatever you wanted
in your banner as long as the first character of the line is a space - for
example.

and open to other suggestions or proving me wrong :)


More information about the Rancid-discuss mailing list