—
—

              
package App::Netdisco::SSHCollector::Platform::ASA;
HideShow 27 lines of Pod
=head1 NAME
App::Netdisco::SSHCollector::Platform::ASA
=head1 DESCRIPTION
Collect IPv4 ARP and IPv6 neighbor entries from Cisco ASA devices.
You will need the following configuration for the user to automatically enter
C<enable> status after login:
 aaa authorization exec LOCAL auto-enable
To use an C<enable> password separate from the login password, add an
C<enable_password> under C<device_auth> tag in your configuration file:
 device_auth:
   - tag: sshasa
     driver: cli
     platform: ASA
     only: '192.0.2.1'
     username: oliver
     password: letmein
     enable_password: myenablepass
=cut
use strict;
use warnings;
use Dancer ':script';
use Expect;
use Moo;
HideShow 15 lines of Pod
=head1 PUBLIC METHODS
=over 4
=item B<arpnip($host, $ssh)>
Retrieve ARP and neighbor entries from device. C<$host> is the hostname or IP
address of the device. C<$ssh> is a Net::OpenSSH connection to the device.
Returns a list of hashrefs in the format C<{ mac =E<gt> MACADDR, ip =E<gt> IPADDR }>.
=back
=cut
sub arpnip {
    my ($self, $hostlabel, $ssh, $args) = @_;
    debug "$hostlabel $$ arpnip()";
    my ($pty, $pid) = $ssh->open2pty;
    unless ($pty) {
        debug "unable to run remote command [$hostlabel] " . $ssh->error;
        return ();
    }
    my $expect = Expect->init($pty);
    my ($pos, $error, $match, $before, $after);
    my $prompt;
    if ($args->{enable_password}) {
       $prompt = qr/>/;
       ($pos, $error, $match, $before, $after) = $expect->expect(10, -re, $prompt);
       $expect->send("enable\n");
       $prompt = qr/Password:/;
       ($pos, $error, $match, $before, $after) = $expect->expect(10, -re, $prompt);
       $expect->send( $args->{enable_password} ."\n" );
    }
    $prompt = qr/#\s*$/;
    ($pos, $error, $match, $before, $after) = $expect->expect(10, -re, $prompt);
    $expect->send("terminal pager 2147483647\n");
    ($pos, $error, $match, $before, $after) = $expect->expect(5, -re, $prompt);
    $expect->send("show names\n");
    ($pos, $error, $match, $before, $after) = $expect->expect(60, -re, $prompt);
    my @names = split(m/\n/, $before);
    $expect->send("show arp\n");
    ($pos, $error, $match, $before, $after) = $expect->expect(60, -re, $prompt);
    my @lines = split(m/\n/, $before);
    my @arpentries = ();
    # ifname 192.0.2.1 0011.2233.4455 123
    my $linereg = qr/[A-z0-9\-\.]+\s([A-z0-9\-\.]+)\s
                     ([0-9a-fA-F]{4}\.[0-9a-fA-F]{4}\.[0-9a-fA-F]{4})/x;
    foreach my $line (@lines) {
        if ($line =~ $linereg) {
            my ($ip, $mac) = ($1, $2);
            if ($ip !~ m/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$/) {
                foreach my $name (@names) {
                    if ($name =~ qr/name\s([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})\s([\w-]*)/x) {
                        if ($ip eq $2) {
                            $ip = $1;
                        }
                    }
                }
            }
            if ($ip =~ m/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$/) {
                push @arpentries, { mac => $mac, ip => $ip };
            }
        }
    }
    # start ipv6
    $expect->send("show ipv6 neighbor\n");
    ($pos, $error, $match, $before, $after) = $expect->expect(60, -re, $prompt);
    @lines = split(m/\n/, $before);
    # IPv6 age MAC state ifname
    $linereg = qr/([0-9a-fA-F\:]+)\s+[0-9]+\s
                     ([0-9a-fA-F]{4}\.[0-9a-fA-F]{4}\.[0-9a-fA-F]{4})/x;
    foreach my $line (@lines) {
        if ($line =~ $linereg) {
            my ($ip, $mac) = ($1, $2);
            push @arpentries, { mac => $mac, ip => $ip };
        }
    }
    # end ipv6
    $expect->send("exit\n");
    $expect->soft_close();
    return @arpentries;
}
1;