The Perl and Raku Conference 2025: Greenville, South Carolina - June 27-29 Learn more

OLIVER / App-Netdisco-2.083000 / lib / App / Netdisco / SSHCollector / Platform / ASAContext.pm 

            

              
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167

              
package App::Netdisco::SSHCollector::Platform::ASAContext;
=head1 NAME
App::Netdisco::SSHCollector::Platform::ASAContext
=head1 DESCRIPTION
Collect IPv4 ARP and IPv6 neighbor entries from Cisco ASA devices.
You will need the following configuration for the user to automatically enter
C<enable> status after login:
aaa authorization exec LOCAL auto-enable
To use an C<enable> password seaparate from the login password, add an
C<enable_password> under C<device_auth> in your configuration file:
device_auth:
    - tag: sshasa
      driver: cli
      platform: ASAContext
      only: '192.0.2.1'
      username: oliver
      password: letmein
      enable_password: myenablepass
=cut
use strict;
use warnings;
use Dancer ':script';
use Expect;
use Moo;
=head1 PUBLIC METHODS
=over 4
=item B<arpnip($host, $ssh)>
Retrieve ARP and neighbor entries from device. C<$host> is the hostname or IP
address of the device. C<$ssh> is a Net::OpenSSH connection to the device.
Returns a list of hashrefs in the format C<{ mac =E<gt> MACADDR, ip =E<gt> IPADDR }>.
This was kindly created by @haught and mentioned in https://github.com/netdisco/netdisco/issues/754 
as being a context-aware version of ASA.pm.
The code is imported from https://github.com/haught/netdisco/blob/ASAContext/lib/App/Netdisco/SSHCollector/Platform/ASAContext.pm.
However this version did not have some ASA.pm improvements added in dc9feb747f..b58a62f300, 
so we tried to merge all of this in here. However we lack the ability to try it, so we also 
left in place the original ASA.pm which is confirmed to work.
=back
=cut
sub arpnip {
    my ($self, $hostlabel, $ssh, $args) = @_;
    debug "$hostlabel $$ arpnip()";
    my ($pty, $pid) = $ssh->open2pty;
    unless ($pty) {
        debug "unable to run remote command [$hostlabel] " . $ssh->error;
        return ();
    }
    my $expect = Expect->init($pty);
    my ($pos, $error, $match, $before, $after);
    my $prompt;
    if ($args->{enable_password}) {
        $prompt = qr/>/;
        ($pos, $error, $match, $before, $after) = $expect->expect(10, -re, $prompt);
        $expect->send("enable\n");
        $prompt = qr/Password:/;
        ($pos, $error, $match, $before, $after) = $expect->expect(10, -re, $prompt);
        $expect->send( $args->{enable_password} ."\n" );
    }
    $prompt = qr/#\s*$/;
    ($pos, $error, $match, $before, $after) = $expect->expect(10, -re, $prompt);
    $expect->send("terminal pager 2147483647\n");
    ($pos, $error, $match, $before, $after) = $expect->expect(5, -re, $prompt);
    $expect->send("changeto system\n");
    ($pos, $error, $match, $before, $after) = $expect->expect(10, -re, $prompt);
    $expect->send("show run | include ^context\n");
    ($pos, $error, $match, $before, $after) = $expect->expect(60, -re, $prompt);
    my @contexts = split(m/\n/, $before);
    my @arpentries = ();
    for (my $i = 1; $i < scalar @contexts; $i++) {
        $contexts[$i] =~ s/context //;
        debug "$hostlabel/$contexts[$i]";
        $expect->send("changeto context $contexts[$i]\n");
        ($pos, $error, $match, $before, $after) = $expect->expect(10, -re, $prompt);
        $expect->send("show names\n");
        ($pos, $error, $match, $before, $after) = $expect->expect(60, -re, $prompt);
        my @names = split(m/\n/, $before);
        $expect->send("terminal pager 2147483647\n");
        ($pos, $error, $match, $before, $after) = $expect->expect(5, -re, $prompt);
        $expect->send("show arp\n");
        ($pos, $error, $match, $before, $after) = $expect->expect(60, -re, $prompt);
        my @lines = split(m/\n/, $before);
        # ifname 192.0.2.1 0011.2233.4455 123
        my $linereg = qr/[A-z0-9\-\.]+\s([A-z0-9\-\.]+)\s
            ([0-9a-fA-F]{4}\.[0-9a-fA-F]{4}\.[0-9a-fA-F]{4})/x;
        foreach my $line(@lines) {
            if ($line =~ $linereg) {
                my ($ip, $mac) = ($1, $2);
                if ($ip !~ m/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$/) {
                    foreach my $name (@names) {
                        if ($name =~ qr/name\s([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})\s([\w-]*)/x) {
                            if ($ip eq $2) {
                                $ip = $1;
                            }
                        }
                    }
                }
                if ($ip =~ m/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$/) {
                    push @arpentries, { mac => $mac, ip => $ip };
                }
            }
        }
        # start ipv6
        $expect->send("show ipv6 neighbor\n");
        ($pos, $error, $match, $before, $after) = $expect->expect(60, -re, $prompt);
        @lines = split(m/\n/, $before);
        # IPv6 age MAC state ifname
        $linereg = qr/([0-9a-fA-F\:]+)\s+[0-9]+\s
            ([0-9a-fA-F]{4}\.[0-9a-fA-F]{4}\.[0-9a-fA-F]{4})/x;
        foreach my $line (@lines) {
            if ($line =~ $linereg) {
                my ($ip, $mac) = ($1, $2);
                push @arpentries, { mac => $mac, ip => $ip };
            }
        }
        # end ipv6
    }
    $expect->send("exit\n");
    $expect->soft_close();
    return @arpentries;
}
1;