def router(self): protocol = self.expect(Keyword) protocol_tag = taglib.tag("routing protocol", protocol.upper()) protocol_tag.implied_by(taglib.env_tags.device, self.lineNum) if protocol == "bgp": local_as = self.expect(Literal) local_as_tag = taglib.as_number_tag(local_as, "local AS") local_as_lineNum = self.lineNum local_as_tag.implies(taglib.as_number_tag(local_as), local_as_lineNum) self.skipTo(EndOfCommand) while True: if self.accept(Token.EndOfMode) is not None: return if self.accept(Whitespace) is not None: continue if self.accept(Comment) is not None: self.skipTo(EndOfCommand) continue try: op = self.accept(Operator) if op: pass cmd = self.expect(Keyword) if False: pass elif cmd == "neighbor-group": self.bgp_neighbor_group(self.expect(Literal)) elif cmd == "neighbor": peer = self.expect(Literal) peer_tag = taglib.ip_address_tag(peer, kind="%s peer" % protocol.upper()) peer_lineNum = self.lineNum address_tag = taglib.ip_address_tag(peer) peer_tag.implies(address_tag, self.lineNum) self.expect(EndOfCommand) self.bgp_neighbor(protocol_tag, peer, peer_tag, peer_lineNum, local_as, local_as_tag, local_as_lineNum) elif cmd == "vrf": self.expect(Literal) self.expect(EndOfCommand) else: self.skipTo(EndOfCommand) except UnexpectedToken: self.skipTo(EndOfCommand) elif protocol == "static": self.static() else: self.skipToEndOfMode()
def tag_addresses(family_elem): for address_elem in family_elem.xpath("address/name"): ifa_tag = taglib.ip_address_tag(address_elem.text, kind="interface address") ifa_tag.implied_by(unit_tag, address_elem.sourceline) t = taglib.ip_address_tag(address_elem.text) t.implied_by(ifa_tag, address_elem.sourceline) t.implies(taglib.ip_subnet_tag(address_elem.text), address_elem.sourceline)
def test_ip_address_tag(self): t = taglib.ip_address_tag("127.0.0.1") eq_(t.kind, "IPv4 address") eq_(t.name, "127.0.0.1") eq_(t.sort_name, "v4 7f000001") t = taglib.ip_address_tag("127.0.0.1", "interface address") eq_(t.kind, "interface address") eq_(t.name, "127.0.0.1") eq_(t.sort_name, "v4 7f000001")
def ip(self, if_tag=None, if_name=None, version=None): ra_line = None ra_suppress = False ra_prefix = [] if_prefix = [] cmd = self.expect(Keyword) if False: pass elif cmd == 'address': name = self.accept(String) ipaddress = self.accept(Literal) if ipaddress: self.accept(Punctuation) # allow detection of address/prefix length if name: ipaddress = IPy.intToIp(IPy.IP(ipaddress).int() | ipv6_general_prefixes[name].int(), 6) address = ipaddress + "/" + self.expect(Literal) if if_name: if version == 'IPv4': if_addrs4.setdefault(if_name, ipaddress) elif version == 'IPv6': if_addrs6.setdefault(if_name, ipaddress) ifaddr_tag = taglib.ip_address_tag(address, kind="interface address") address_tag = taglib.ip_address_tag(address) subnet_tag = taglib.ip_subnet_tag(address) ifaddr_tag.implied_by(if_tag, self.lineNum) address_tag.implied_by(ifaddr_tag, self.lineNum) subnet_tag.implied_by(address_tag, self.lineNum) if version: version_tag = taglib.tag("IP version", version) version_tag.implied_by(if_tag, self.lineNum) # add router advertisement by default on multi-access networks if version == 'IPv6': ipv6_addresses = True if re.search(r"eth|fddi|port-channel", if_tag.name, re.I): if_prefix.append(subnet_tag.name) ra_line = self.lineNum self.skipTo(EndOfCommand) elif cmd == 'cef': if not version: version = "IPv4" distributed = self.accept(Keyword) if distributed == "distributed": cef = " ".join((version, distributed)) else: cef = version t = taglib.tag("Cisco express forwarding", cef) t.implied_by(device_tag, self.lineNum) self.skipTo(EndOfCommand) elif cmd == 'domain name' or cmd == 'domain-name': t = taglib.tag("domain name", self.expect(String)) t.implied_by(taglib.env_tags.device, self.lineNum) self.expect(EndOfCommand) elif cmd == 'general-prefix': name = self.expect(String) ipaddress = self.expect(Literal) self.expect(Punctuation) address = ipaddress + "/" + self.expect(Literal) ipv6_general_prefixes[name] = IPy.IP(address) self.expect(EndOfCommand) elif cmd == 'helper-address': t = taglib.tag("BOOTP relay", self.expect(Literal)) t.implied_by(taglib.env_tags.device, self.lineNum) self.expect(EndOfCommand) elif cmd == 'http': nextCmd = self.expect(Keyword) if nextCmd == 'server': t = taglib.tag("service", "HTTP") t.implied_by(taglib.env_tags.device, self.lineNum) elif nextCmd == 'secure-server': t = taglib.tag("service", "HTTPS") t.implied_by(taglib.env_tags.device, self.lineNum) self.skipTo(EndOfCommand) elif cmd == 'name-server': t = taglib.tag("name server", self.expect(Literal)) t.implied_by(taglib.env_tags.device, self.lineNum) self.expect(EndOfCommand) elif cmd == 'nd': nextCmd = self.expect(Keyword) if nextCmd == 'prefix': ra_line = self.lineNum nd_prefix = None default_prefix = self.accept(Keyword) if not default_prefix: nd_prefix = self.expect(Literal) + self.expect(Punctuation) + self.expect(Literal) keyword = self.accept(Keyword) if keyword is None or not 'no-ad' in keyword: if nd_prefix: ra_prefix.append(nd_prefix) elif nextCmd == 'suppress-ra': ra_line = self.lineNum ra_suppress = True self.skipTo(EndOfCommand) elif cmd == 'scp': nextCmd = self.expect(Keyword) if nextCmd == 'server': nextCmd = self.expect(Keyword) if nextCmd == 'enable': t = taglib.tag("service", taglib.protocol_name(cmd)) t.implied_by(taglib.env_tags.device, self.lineNum) self.skipTo(EndOfCommand) elif cmd == 'ssh': if self.sshEnabled == False: t = taglib.tag("service", taglib.protocol_name(cmd)) t.implied_by(taglib.env_tags.device, self.lineNum) self.sshEnabled = True nextCmd = self.expect(Keyword) if nextCmd == 'version': version = self.expect(Literal) if version == '2': t = taglib.tag("service", taglib.protocol_name(cmd)) t.implied_by(taglib.env_tags.device, self.lineNum) t = taglib.tag("service", "SSHv2") t.implied_by(taglib.env_tags.device, self.lineNum) elif version == '1': t = taglib.tag("service", taglib.protocol_name(cmd)) t.implied_by(taglib.env_tags.device, self.lineNum) t = taglib.tag("service", "SSHv1") t.implied_by(taglib.env_tags.device, self.lineNum) self.skipTo(EndOfCommand) elif cmd == 'unicast-routing': ipv6_unicast_routing = self.lineNum self.expect(EndOfCommand) else: self.skipTo(EndOfCommand) return (ra_suppress, ra_line, if_prefix, ra_prefix)
def router(self): protocol = self.expect(Keyword) protocol_tag = taglib.tag("routing protocol", protocol.upper()) protocol_tag.implied_by(taglib.env_tags.device, self.lineNum) if protocol == "bgp": bgp_router_id = None bgp_router_id_lineNum = None local_as = self.expect(Literal) local_as_tag = taglib.as_number_tag(local_as, "local AS") local_as_lineNum = self.lineNum local_as_tag.implies(taglib.as_number_tag(local_as), local_as_lineNum) self.skipTo(EndOfCommand) while True: disable = False if self.accept(Whitespace) is None: for peer, peerdict in peer_dicts.items(): bgp_local_addr = None bgp_local_addr_lineNum = None peer_lineNum = peerdict.get("peer_lineNum", None) peer_group = peerdict.get("peer_group", None) if peer_group: peer_group_dict = peer_groups.get(peer_group, None) else: peer_group_dict = None peer_as = peerdict.get("peer_as", None) if peer_as is not None: peer_as_lineNum = peerdict.get("peer_as_lineNum", None) elif peer_group_dict: peer_as = peer_group_dict.get("peer_as", None); peer_as_lineNum = peer_group_dict.get("peer_as_lineNum", None) if peer_as is None: continue update_source = peerdict.get("update_source", None) update_source_lineNum = peerdict.get("update_source_lineNum", None) if update_source is None and peer_group_dict is not None: update_source = peer_group_dict.get("update_source", None) update_source_lineNum = peer_group_dict.get("update_source_lineNum", None) peer_ip = IPy.IP(peer) if update_source is None: if peer_ip.version() == 4 and bgp_router_id: bgp_local_addr = bgp_router_id bgp_local_addr_lineNum = bgp_router_id_lineNum else: update_source = 'Loopback0' update_source_lineNum = 0 if update_source is not None: bgp_local_addr_lineNum = update_source_lineNum if peer_ip.version() == 4: bgp_local_addr = if_addrs4.get(update_source) elif peer_ip.version() == 6: bgp_local_addr = if_addrs6.get(update_source) peer_tag = taglib.ip_address_tag(peer, kind="%s peer" % protocol.upper()) address_tag = taglib.ip_address_tag(peer) peer_tag.implies(address_tag, peer_lineNum) peer_as_tag = taglib.as_number_tag(peer_as, "remote AS") peer_as_tag.implies(taglib.as_number_tag(peer_as), peer_as_lineNum) if peer_as == local_as: peering_relationship = "iBGP" else: peering_relationship = "eBGP" peering_tag = taglib.tag("%s peering" % peering_relationship, "%s %s" % (device_tag.name, peer), sort_name="%s %s" % (device_tag.name, peer_tag.sort_name)) peering_tag.implies(protocol_tag, peer_lineNum) peering_tag.implied_by(device_tag, peer_lineNum) local_as_tag.implied_by(peering_tag, peer_lineNum) peer_as_tag.implied_by(peering_tag, peer_lineNum) if bgp_local_addr is not None: peer2_tag = taglib.ip_address_tag(bgp_local_addr, kind="%s peer" % protocol.upper()) address2_tag = taglib.ip_address_tag(bgp_local_addr) peer2_tag.implies(address2_tag, bgp_local_addr_lineNum) local_peer_tag = taglib.ip_address_tag(bgp_local_addr, kind="local %s peer" % protocol.upper()) local_peer_tag.implied_by(peering_tag, bgp_local_addr_lineNum) local_peer_tag.implies(peer2_tag, bgp_local_addr_lineNum) remote_peer_tag = taglib.ip_address_tag(peer, kind="remote %s peer" % protocol.upper()) remote_peer_tag.implied_by(peering_tag, peer_lineNum) remote_peer_tag.implies(peer_tag, peer_lineNum) return if self.accept(Comment) is not None: self.skipTo(EndOfCommand) continue try: op = self.accept(Operator) if op and op == "no": disable = True cmd = self.expect(Keyword) if cmd == "neighbor": peer_group = None peer = self.accept(Number) if peer is None: # if no address, then its probably a peer group peer_group = self.expect(String) peerdict = peer_groups.get(peer_group, None) if peerdict is None: peerdict = {} peer_groups[peer_group] = peerdict else: peerdict = peer_dicts.get(peer, None) if peerdict is None: peerdict = {} peerdict["peer"] = peer peerdict["peer_lineNum"] = self.lineNum peerdict["disable"] = disable peer_dicts[peer] = peerdict subcmd = self.expect(Keyword) if subcmd == "remote-as": peerdict["peer_as"] = self.expect(Literal) peerdict["peer_as_lineNum"] = self.lineNum elif subcmd == "peer-group": if peer is not None: peerdict["peer_group"] = self.accept(Literal) elif subcmd == "update-source": peerdict["update_source"] = self.expect(Literal) peerdict["update_source_lineNum"] = self.lineNum elif cmd == "bgp": subcmd = self.expect(Keyword) if subcmd == "router-id": bgp_router_id = self.accept(Literal) bgp_router_id_lineNum = self.lineNum else: self.skipTo(EndOfCommand) elif cmd == "router-id": bgp_router_id = self.accept(Literal) bgp_router_id_lineNum = self.lineNum self.skipTo(EndOfCommand) except UnexpectedToken: self.skipTo(EndOfCommand) self.skipTo(EndOfCommand)
def main(filename): lines = open(filename, 'rU') n = 0 for line in lines: n += 1 if re.match(r'Syntax error at token detail', line): lines.close() taglib.default_filename = filename = re.sub(r'-detail', '', filename) main(filename) return # time m = re.match(r'configure sntp-client (primary|secondary) (?:server )? "?([\w\d.-]+)"?( vr [\w\d.]+)?', line) if m: which, server, vr = m.groups() taglib.tag("NTP server", server).implied_by(taglib.env_tags.device, line=n) continue # dns m = re.match(r'configure dns-client add domain-suffix ([\w\d.-]+)', line) if m: server = m.group(1) taglib.tag("domain name", server).implied_by(taglib.env_tags.device, line=n) continue m = re.match(r'configure dns-client add (name-server )?([\w\d.-]+)( vr [\w\d.]+)?', line) if m: ignore, server, vr = m.groups() taglib.tag("name server", server).implied_by(taglib.env_tags.device, line=n) continue m = re.match(r'configure dns-client default-domain ([\w\d.-]+)', line) if m: server = m.group(1) taglib.tag("domain name", server).implied_by(taglib.env_tags.device, line=n) continue # radius m = re.match(r'configure radius (?:mgmt-access )?(primary|secondary) server ([\w\d.-]+)( [\d]+)? client-ip ([\w\d.-]+)( vr [\w\d.]+)?', line) if m: which, server, port, client, vr = m.groups() taglib.tag("RADIUS server", server).implied_by(taglib.env_tags.device, line=n) continue # tacacs+ m = re.match(r'configure tacacs (primary|secondary) server ([\w\d.-]+)( [\d]+)? client-ip ([\w\d.-]+)( vr [\w\d.]+)?', line) if m: which, server, port, client, vr = m.groups() taglib.tag("TACACS+ server", server).implied_by(taglib.env_tags.device, line=n) continue # interfaces m = re.match(r'create vlan "?([\w\d.-]+)"?', line) if m: vlan = m.group(1) vlanTag = taglib.tag("interface", "%s %s" % (taglib.env_tags.device.name, vlan)) vlanTag.implied_by(taglib.env_tags.snapshot, line=n) taglib.env_tags.device.implied_by(vlanTag, line=n) continue m = re.match(r'configure vlan "?([\w\d]+)"? tag ([\d]+)', line) if m: vlan, vlan_id = m.group(1), int(m.group(2)) vlan_tag = taglib.tag("interface", "%s %s" % (taglib.env_tags.device.name, vlan)) vlan_id_tag = taglib.tag("VLAN ID", vlan_id, sort_name="%05d" % vlan_id) vlan_tag.implied_by(taglib.env_tags.snapshot, line=n) vlan_tag.implies(taglib.env_tags.device, line=n) vlan_tag.implies(vlan_id_tag, line=n) continue m = re.match(r'config(?:ure)? vlan "?([\w\d]+)"? ipaddress ([\d.]+)\s+([\d.]+)\s+', line) if m: vlan, ipaddress, mask = m.groups() address = ipaddress + "/" + mask ifaddr_tag = taglib.ip_address_tag(address, "interface address") address_tag = taglib.ip_address_tag(address) subnet_tag = taglib.ip_subnet_tag(address) vlan_tag = taglib.tag("interface", "%s %s" % (taglib.env_tags.device.name, vlan)) vlan_tag.implied_by(taglib.env_tags.snapshot, line=n) vlan_tag.implies(taglib.env_tags.device, line=n) vlan_tag.implies(ifaddr_tag, line=n) ifaddr_tag.implies(address_tag, line=n) address_tag.implies(subnet_tag, line=n) continue m = re.match(r'configure "?([\w\d]+)"? ipaddress ([a-fA-F\d:]+)/([\d]+)\s+', line) if m: vlan, ipaddress, mask = m.groups() address = ipaddress + "/" + mask ifaddr_tag = taglib.ip_address_tag(address, "interface address") address_tag = taglib.ip_address_tag(address) subnet_tag = taglib.ip_subnet_tag(address) vlan_tag = taglib.tag("interface", "%s %s" % (taglib.env_tags.device.name, vlan)) vlan_tag.implied_by(taglib.env_tags.snapshot, line=n) vlan_tag.implies(taglib.env_tags.device, line=n) vlan_tag.implies(ifaddr_tag, line=n) ifaddr_tag.implies(address_tag, line=n) address_tag.implies(subnet_tag, line=n) continue # dhcp/bootp m = re.match(r'configure bootprelay add ([\w\d.-]+)', line) if m: relay = m.group(1) taglib.tag("BOOTP relay", relay).implied_by(taglib.env_tags.device, line=n) continue # accounts m = re.match(r'create account (admin|user) "?([\w\d.-]+)"?\s+.*', line) if m: account = m.group(2) taglib.tag("user", account).implied_by(taglib.env_tags.device, line=n) continue m = re.match(r'configure account (admin|user).*', line) if m: account = m.group(1) taglib.tag("user", account).implied_by(taglib.env_tags.device, line=n) continue # protocols m = re.match(r'enable (bgp|igmp|MLD|msdp|rip|ripng)$', line) if m: protocolTag = taglib.tag("routing protocol", taglib.protocol_name(m.group(1))) protocolTag.implied_by(taglib.env_tags.device, line=n) continue m = re.match(r'enable (igmp|MLD) snooping.*', line) if m: protocol = m.group(1) protocolTag = taglib.tag("routing protocol", taglib.protocol_name(protocol)) protocolTag.implied_by(taglib.env_tags.device, line=n) continue m = re.match(r'configure DVMRP add vlan "?([\w\d.-]+)"?', line) if m: vlan = m.group(1) vlan_tag = taglib.tag("interface", "%s %s" % (taglib.env_tags.device.name, vlan)) taglib.tag("routing protocol", "DVMRP").implied_by(vlan_tag, n) continue m = re.match(r'configure ospf add vlan "?([\w\d.-]+)"? area ([\d.]+).*', line) if m: vlan, area = m.groups() vlan_tag = taglib.tag("interface", "%s %s" % (taglib.env_tags.device.name, vlan)) area_tag = taglib.tag("OSPF area", area) area_tag.implied_by(vlan_tag, line=n) area_tag.implies(taglib.tag("routing protocol", "OSPF"), line=n) continue m = re.match(r'configure ospf vlan ([\w\d.-]+) area ([\d.]+)', line) if m: vlan, area = m.groups() vlan_tag = taglib.tag("interface", "%s %s" % (taglib.env_tags.device.name, vlan)) area_tag = taglib.tag("OSPF area", area) area_tag.implied_by(vlan_tag, line=n) area_tag.implies(taglib.tag("routing protocol", "OSPF"), line=n) continue m = re.match(r'configure ospfv3 domain ([\w\d.-]+) add vlan ([\w\d.-]+) instance-id ([\d]+) area ([\d.]+)', line) if m: domain, vlan, instance, area = m.groups() vlan_tag = taglib.tag("interface", "%s %s" % (taglib.env_tags.device.name, vlan)) area_tag = taglib.tag("OSPFv3 area", area) area_tag.implied_by(vlan_tag, line=n) area_tag.implies(taglib.tag("routing protocol", "OSPFv3"), line=n) continue # services serviceLabelDict = {'ssh':'SSHv1', 'ssh1':'SSHv1', 'ssh2':'SSHv2', 'telnet':'TELNET', 'web':'HTTP'} m = re.match(r'enable (ssh2|telnet|web)( access-profile ([\w\d.-]+)( port ([\d]+))?)?', line) if m: service = m.group(1) taglib.tag("service", serviceLabelDict[service]).implied_by(taglib.env_tags.device, n) continue m = re.match(r'configure telnet( access-profile ([\w\d.-]+))?( port ([\d]+))?( vr ([\w\d.-]+))?', line) if m: taglib.tag("service", "TELNET").implied_by(taglib.env_tags.device, n) continue
def bgp_neighbor(self, protocol_tag, peer, peer_tag, peer_lineNum, top_local_as, top_local_as_tag, top_local_as_lineNum): local_as = top_local_as local_as_tag = top_local_as_tag local_as_lineNum = top_local_as_lineNum while True: if self.accept(Token.EndOfMode) is not None: if peer_as == local_as: peering_relationship = "iBGP" else: peering_relationship = "eBGP" peering_tag = taglib.tag("%s peering" % peering_relationship, "%s %s" % (device_tag.name, peer), sort_name="%s %s" % (device_tag.name, peer_tag.sort_name)) peering_tag.implies(protocol_tag, peer_lineNum) peering_tag.implied_by(device_tag, peer_lineNum) local_as_tag.implied_by(peering_tag, peer_lineNum) peer_as_tag.implied_by(peering_tag, peer_lineNum) remote_peer_tag = taglib.ip_address_tag(peer, kind="remote %s peer" % protocol_tag.name) remote_peer_tag.implied_by(peering_tag, peer_lineNum) remote_peer_tag.implies(peer_tag, peer_lineNum) return if self.accept(Whitespace) is not None: continue if self.accept(Comment) is not None: self.skipTo(EndOfCommand) continue try: op = self.accept(Operator) if op: pass cmd = self.expect(Keyword) if False: pass elif cmd == "local-as": local_as = self.expect(Literal) local_as_lineNum = self.lineNum local_as_tag = taglib.as_number_tag(local_as, "local AS") local_as_tag.implies(taglib.as_number_tag(local_as), local_as_lineNum) self.expect(EndOfCommand) elif cmd == "remote-as": peer_as = self.expect(Literal) peer_as_lineNum = self.lineNum peer_as_tag = taglib.as_number_tag(peer_as, "remote AS") peer_as_tag.implies(taglib.as_number_tag(peer_as), peer_as_lineNum) self.expect(EndOfCommand) elif cmd == "use": subcmd = self.expect(Keyword) if subcmd == "neighbor-group": group = self.expect(Literal) group_local_as = bgp_group_local_as.get(group, None) if group_local_as is not None: local_as = group_local_as local_as_lineNum = bgp_group_local_as_lineNum.get(group, None) local_as_tag = taglib.as_number_tag(local_as, "local AS") local_as_tag.implies(taglib.as_number_tag(local_as), local_as_lineNum) group_peer_as = bgp_group_remote_as.get(group, None) if group_peer_as is not None: peer_as = group_peer_as peer_as_lineNum = bgp_group_remote_as_lineNum.get(group, None) peer_as_tag = taglib.as_number_tag(peer_as, "remote AS") peer_as_tag.implies(taglib.as_number_tag(peer_as), peer_as_lineNum) self.skipTo(EndOfCommand) elif cmd == "address-family": self.bgp_neighbor_address_family() else: self.skipTo(EndOfCommand) except UnexpectedToken: self.skipTo(EndOfCommand)
def ip(self, if_tag=None, version=None, active=True): ra_line = None ra_suppress = False ra_prefix = [] if_prefix = [] cmd = self.expect(Keyword) if False: pass elif cmd == 'address': name = self.accept(String) ipaddress = self.accept(Literal) if ipaddress: self.accept( Punctuation) # allow detection of address/prefix length if name: ipaddress = IPy.intToIp( IPy.IP(ipaddress).int() | ipv6_general_prefixes[name].int(), 6) address = ipaddress + "/" + self.expect(Literal) if active: ifaddr_tag = taglib.ip_address_tag( address, kind="interface address") address_tag = taglib.ip_address_tag(address) subnet_tag = taglib.ip_subnet_tag(address) ifaddr_tag.implied_by(if_tag, self.lineNum) address_tag.implied_by(ifaddr_tag, self.lineNum) subnet_tag.implied_by(address_tag, self.lineNum) if version: version_tag = taglib.tag("IP version", version) version_tag.implied_by(if_tag, self.lineNum) # add router advertisement by default on multi-access networks if version == 'IPv6' and re.search( r"eth|srp", if_tag.name, re.I): if_prefix.append(subnet_tag.name) ra_line = self.lineNum self.skipTo(EndOfCommand) elif cmd == 'general-prefix': name = self.expect(String) ipaddress = self.expect(Literal) self.expect(Punctuation) address = ipaddress + "/" + self.expect(Literal) ipv6_general_prefixes[name] = IPy.IP(address) self.expect(EndOfCommand) elif cmd == 'helper-address': if self.accept(Keyword): self.expect(Literal) t = taglib.tag("BOOTP relay", self.expect(Literal)) t.implied_by(taglib.env_tags.device, self.lineNum) self.expect(EndOfCommand) elif cmd == 'http': nextCmd = self.expect(Keyword) if nextCmd == 'server': t = taglib.tag("service", "HTTP") t.implied_by(taglib.env_tags.device, self.lineNum) elif nextCmd == 'secure-server': t = taglib.tag("service", "HTTPS") t.implied_by(taglib.env_tags.device, self.lineNum) self.skipTo(EndOfCommand) elif cmd == 'nd': nextCmd = self.expect(Keyword) if nextCmd == 'prefix': nd_prefix = None default_prefix = self.accept(Keyword) if not default_prefix: nd_prefix = self.expect(Literal) + self.expect( Punctuation) + self.expect(Literal) keyword = self.accept(Keyword) if keyword is None or not 'no-ad' in keyword: if nd_prefix: ra_prefix.append(nd_prefix) elif nextCmd == 'suppress-ra': ra_suppress = True self.skipTo(EndOfCommand) elif cmd == 'scp': nextCmd = self.expect(Keyword) if nextCmd == 'server': nextCmd = self.expect(Keyword) if nextCmd == 'enable': t = taglib.tag("service", taglib.protocol_name(cmd)) t.implied_by(taglib.env_tags.device, self.lineNum) self.skipTo(EndOfCommand) else: self.skipTo(EndOfCommand) return (ra_suppress, ra_line, if_prefix, ra_prefix)
def tag_protocols(top): protocol = "BGP" routing_options_local_as_list = top.xpath( "routing-options/autonomous-system/as-number") routing_options_router_id_list = top.xpath("routing-options/router-id") protocol_elem_list = top.xpath("protocols/%s" % protocol.lower()) if protocol_elem_list: protocol_elem = protocol_elem_list[0] protocol_tag = taglib.tag("routing protocol", protocol) protocol_tag.used(protocol_elem.sourceline) for group_elem in protocol_elem.xpath("group"): name_elem = group_elem.xpath("name")[0] group_tag = taglib.tag("%s group" % protocol, "%s %s" % (device_tag.name, name_elem.text)) group_tag.implied_by(device_tag, name_elem.sourceline) for peer_name_elem in group_elem.xpath("neighbor/name"): local_address_elem_list = peer_name_elem.xpath( "ancestor::*/local-address") if local_address_elem_list: local_address_elem = local_address_elem_list[0] elif routing_options_router_id_list: local_address_elem = routing_options_router_id_list[0] local_elem_list = peer_name_elem.xpath( "ancestor::*/local-as/as-number") if local_elem_list: local_elem = local_elem_list[0] elif routing_options_local_as_list: local_elem = routing_options_local_as_list[0] if local_elem is not None: localasn_tag = taglib.as_number_tag( local_elem.text, "local AS") localasn_tag.implies(taglib.as_number_tag(local_elem.text), local_elem.sourceline) asn_elem_list = peer_name_elem.xpath("ancestor::*/peer-as") if asn_elem_list: asn_elem = asn_elem_list[0] else: asn_elem = local_elem asn_tag = taglib.as_number_tag(asn_elem.text, kind="remote AS") asn_tag.implies(taglib.as_number_tag(asn_elem.text), asn_elem.sourceline) if asn_elem.text == local_elem.text: peering_relationship = "iBGP" else: peering_relationship = "eBGP" address_tag = taglib.ip_address_tag(peer_name_elem.text) peering_tag = taglib.tag( "%s peering" % peering_relationship, "%s %s" % (device_tag.name, peer_name_elem.text), sort_name="%s %s" % (device_tag.name, address_tag.sort_name)) peering_tag.implies(protocol_tag, peer_name_elem.sourceline) peering_tag.implied_by(device_tag, peer_name_elem.sourceline) peering_tag.implied_by(group_tag, peer_name_elem.sourceline) asn_tag.implied_by(peering_tag, asn_elem.sourceline) localasn_tag.implied_by(peering_tag, local_elem.sourceline) peer_tag = taglib.ip_address_tag(peer_name_elem.text, kind="%s peer" % protocol) peer_tag.implies(address_tag, peer_name_elem.sourceline) if local_address_elem is not None: peer2_tag = taglib.ip_address_tag(local_address_elem.text, kind="%s peer" % protocol.upper()) address2_tag = taglib.ip_address_tag( local_address_elem.text) peer2_tag.implies(address2_tag, local_address_elem.sourceline) local_peer_tag = taglib.ip_address_tag( local_address_elem.text, kind="local %s peer" % protocol) local_peer_tag.implied_by(peering_tag, local_address_elem.sourceline) local_peer_tag.implies(peer2_tag, peer_name_elem.sourceline) remote_peer_tag = taglib.ip_address_tag(peer_name_elem.text, kind="remote %s peer" % protocol) remote_peer_tag.implied_by(peering_tag, peer_name_elem.sourceline) remote_peer_tag.implies(peer_tag, peer_name_elem.sourceline) protocol = "MSDP" protocol_elem_list = top.xpath("protocols/%s" % protocol.lower()) if protocol_elem_list: protocol_elem = protocol_elem_list[0] protocol_tag = taglib.tag("routing protocol", protocol) protocol_tag.used(protocol_elem.sourceline) for group_elem in protocol_elem.xpath("group"): name_elem = group_elem.xpath("name")[0] group_tag = taglib.tag("%s group" % protocol, "%s %s" % (device_tag.name, name_elem.text)) group_tag.implied_by(device_tag, name_elem.sourceline) for peer_name_elem in group_elem.xpath("peer/name"): peer_tag = taglib.tag("%s peer" % protocol, peer_name_elem.text) address_tag = taglib.ip_address_tag(peer_name_elem.text) peer_tag.implies(address_tag, peer_name_elem.sourceline) peer_tag.implied_by(group_tag, peer_name_elem.sourceline) peer_tag.implies(protocol_tag, peer_name_elem.sourceline) ospf_version_dict = {'ospf': 'OSPF', 'ospf3': 'OSPFv3'} for protocol_key, protocol in ospf_version_dict.items(): protocol_elem_list = top.xpath("protocols/%s" % protocol_key) if not protocol_elem_list: continue protocol_elem = protocol_elem_list[0] protocol_tag = taglib.tag("routing protocol", protocol) protocol_tag.used(protocol_elem.sourceline) for area_elem in protocol_elem.xpath("area"): name_elem = area_elem.xpath("name")[0] area_tag = taglib.tag("%s area" % protocol, name_elem.text) area_tag.implies(protocol_tag, name_elem.sourceline) for interface_name_elem in area_elem.xpath("interface/name"): if interface_name_elem.text == "all": interface_tags = all_interface_tags else: interface_tags = [ taglib.tag( "interface", "%s %s" % (device_tag.name, interface_name_elem.text)) ] for t in interface_tags: t.implies(area_tag, interface_name_elem.sourceline) protocol = "PIM" protocol_elem_list = top.xpath("protocols/%s" % protocol.lower()) if protocol_elem_list: protocol_elem = protocol_elem_list[0] protocol_tag = taglib.tag("routing protocol", protocol) protocol_tag.used(protocol_elem.sourceline) for interface_name_elem in protocol_elem.xpath("interface/name"): if interface_name_elem.text == "all": interface_tags = all_interface_tags else: interface_tags = [ taglib.tag( "interface", "%s %s" % (device_tag.name, interface_name_elem.text)) ] for t in interface_tags: t.implies(protocol_tag, interface_name_elem.sourceline) for protocol in ("RIP", "RIPng"): protocol_elem_list = top.xpath("protocols/%s" % protocol.lower()) if not protocol_elem_list: continue protocol_elem = protocol_elem_list[0] protocol_tag = taglib.tag("routing protocol", protocol) protocol_tag.used(protocol_elem.sourceline) for group_elem in protocol_elem.xpath("group"): name_elem = group_elem.xpath("name")[0] group_tag = taglib.tag("%s group" % protocol, name_elem.text) group_tag.implies(protocol_tag, name_elem.sourceline) for interface_name_elem in group_elem.xpath("neighbor/name"): if interface_name_elem.text == "all": interface_tags = all_interface_tags else: interface_tags = [ taglib.tag( "interface", "%s %s" % (device_tag.name, interface_name_elem.text)) ] for t in interface_tags: t.implies(group_tag, interface_name_elem.sourceline) protocol = "router-advertisement" protocol_elem_list = top.xpath("protocols/%s" % protocol.lower()) if protocol_elem_list: protocol_elem = protocol_elem_list[0] protocol_tag = taglib.tag("routing protocol", protocol) protocol_tag.used(protocol_elem.sourceline) for interface_elem in protocol_elem.xpath("interface"): interface_name_elem = interface_elem.xpath("name")[0] if interface_name_elem.text == "all": interface_tags = all_interface_tags else: interface_tags = [ taglib.tag( "interface", "%s %s" % (device_tag.name, interface_name_elem.text)) ] for t in interface_tags: ratag = taglib.tag( "ND router advertisement server", "%s %s" % (device_tag.name, interface_name_elem.text)) ratag.implied_by(t, interface_name_elem.sourceline) for prefix_name_elem in interface_elem.xpath("prefix/name"): ratag.implies(taglib.ip_subnet_tag(prefix_name_elem.text), prefix_name_elem.sourceline)
def main(filename): lines = open(filename, 'rU') n = 0 ssh_version = None ssh_enable = False for line in lines: n += 1 # hostname m = re.match(r'set hostname ([\w\d.-]+)', line) if m: host = m.group(1) taglib.tag("hostname", host).implied_by(taglib.env_tags.device, line=n) continue # time m = re.match(r'set ntp server( backup\d)? "?([\w\d.-]+)"?', line) if m: server = m.group(2) if not server == '0.0.0.0': taglib.tag("NTP server", server).implied_by(taglib.env_tags.device, line=n) continue # dns m = re.match(r'set domain ([\w\d.-]+)', line) if m: domain = m.group(1) taglib.tag("domain name", domain).implied_by(taglib.env_tags.device, line=n) continue m = re.match(r'set dns host dns\d ([\w\d.-]+)', line) if m: server = m.group(1) taglib.tag("name server", server).implied_by(taglib.env_tags.device, line=n) continue m = re.match(r'set xauth ([\w\d.-]+) dns\d ([\w\d.-]+)', line) if m: server = m.group(2) taglib.tag("name server", server).implied_by(taglib.env_tags.device, line=n) continue m = re.match(r'set l2tp dns\d ([\w\d.-]+)', line) if m: server = m.group(1) taglib.tag("name server", server).implied_by(taglib.env_tags.device, line=n) continue # interfaces m = re.match( r'set interface ([\w\d]+) ip ([\d.]+)/([\d.]+)( secondary)?', line) if m: name, ipaddress, plen, secondary = m.groups() address = ipaddress + "/" + plen ifaddr_tag = taglib.ip_address_tag(address, "interface address") address_tag = taglib.ip_address_tag(address) subnet_tag = taglib.ip_subnet_tag(address) name_tag = taglib.tag( "interface", "%s %s" % (taglib.env_tags.device.name, name)) name_tag.implied_by(taglib.env_tags.snapshot, line=n) name_tag.implies(taglib.env_tags.device, line=n) name_tag.implies(ifaddr_tag, line=n) ifaddr_tag.implies(address_tag, line=n) address_tag.implies(subnet_tag, line=n) continue # accounts m = re.match(r'set admin user "?([\w\d.-]+)"?\s+.*', line) if m: account = m.group(1) taglib.tag("user", account).implied_by(taglib.env_tags.device, line=n) continue # services m = re.match(r'set ssh version ([\w\d]+)', line) if m: ssh_version = m.group(1) ssh_version_line = n continue m = re.match(r'set ssh enable', line) if m: ssh_enable = True taglib.tag("service", 'SSH').implied_by(taglib.env_tags.device, n) continue m = re.match(r'set scp enable', line) if m: taglib.tag("service", 'SCP').implied_by(taglib.env_tags.device, n) continue # post parse phase if ssh_enable: if ssh_version: taglib.tag("service", 'SSH' + ssh_version).implied_by(taglib.env_tags.device, ssh_version_line)
def main(filename): lines = open(filename, 'rU') n = 0 for line in lines: n += 1 if re.match(r'Syntax error at token detail', line): lines.close() taglib.default_filename = filename = re.sub(r'-detail', '', filename) main(filename) return # time m = re.match(r'set ntp server "?([\w\d.-]+)"?( key [\d]+)?', line) if m: server, key = m.groups() taglib.tag("NTP server", server).implied_by(taglib.env_tags.device, line=n) continue # dns m = re.match(r'set ip dns domain ([\w\d.-]+)', line) if m: domain = m.group(1) taglib.tag("domain name", domain).implied_by(taglib.env_tags.device, line=n) continue m = re.match(r'set ip dns server ([\w\d.-]+)', line) if m: server = m.group(1) taglib.tag("name server", server).implied_by(taglib.env_tags.device, line=n) continue # radius m = re.match(r'set radius server ([\w\d.-]+)\s+auth-port ([\d]+)( acct-port [\d]+)?( primary)?', line) if m: server, port, acct, which = m.groups() taglib.tag("RADIUS server", server).implied_by(taglib.env_tags.device, line=n) continue # tacacs+ m = re.match(r'set tacacs server ([\w\d.-]+)( primary)?', line) if m: server, which = m.groups() taglib.tag("TACACS+ server", server).implied_by(taglib.env_tags.device, line=n) continue # interfaces m = re.match(r'set interface "?([\w\d]+)"? ([\d]+)\s+([\d.]+)/([\d.]+)\s+([\d.]+)', line) if m: vlan, vlan, ipaddress, mask, broadcast = m.groups() address = ipaddress + "/" + mask ifaddr_tag = taglib.ip_address_tag(address, "interface address") address_tag = taglib.ip_address_tag(address) subnet_tag = taglib.ip_subnet_tag(address) vlan_tag = taglib.tag("interface", "%s %s" % (taglib.env_tags.device.name, vlan)) vlan_tag.implied_by(taglib.env_tags.snapshot, line=n) vlan_tag.implies(taglib.env_tags.device, line=n) vlan_tag.implies(ifaddr_tag, line=n) ifaddr_tag.implies(address_tag, line=n) address_tag.implies(subnet_tag, line=n) continue # accounts m = re.match(r'set localuser user "?([\w\d.-]+)"?\s+.*', line) if m: account = m.group(1) taglib.tag("user", account).implied_by(taglib.env_tags.device, line=n) continue # services m = re.match(r'set ip http server enable', line) if m: taglib.tag("service", 'HTTP').implied_by(taglib.env_tags.device, n) continue
def ip(self, if_tag=None, version=None, active=True): ra_line = None ra_suppress = False ra_prefix = [] if_prefix = [] cmd = self.expect(Keyword) if False: pass elif cmd == 'address': name = self.accept(String) ipaddress = self.accept(Literal) if ipaddress: self.accept(Punctuation) # allow detection of address/prefix length if name: ipaddress = IPy.intToIp(IPy.IP(ipaddress).int() | ipv6_general_prefixes[name].int(), 6) address = ipaddress + "/" + self.expect(Literal) if active: ifaddr_tag = taglib.ip_address_tag(address, kind="interface address") address_tag = taglib.ip_address_tag(address) subnet_tag = taglib.ip_subnet_tag(address) ifaddr_tag.implied_by(if_tag, self.lineNum) address_tag.implied_by(ifaddr_tag, self.lineNum) subnet_tag.implied_by(address_tag, self.lineNum) if version: version_tag = taglib.tag("IP version", version) version_tag.implied_by(if_tag, self.lineNum) # add router advertisement by default on multi-access networks if version == 'IPv6' and re.search(r"eth|srp", if_tag.name, re.I): if_prefix.append(subnet_tag.name) ra_line = self.lineNum self.skipTo(EndOfCommand) elif cmd == 'general-prefix': name = self.expect(String) ipaddress = self.expect(Literal) self.expect(Punctuation) address = ipaddress + "/" + self.expect(Literal) ipv6_general_prefixes[name] = IPy.IP(address) self.expect(EndOfCommand) elif cmd == 'helper-address': if self.accept(Keyword): self.expect(Literal) t = taglib.tag("BOOTP relay", self.expect(Literal)) t.implied_by(taglib.env_tags.device, self.lineNum) self.expect(EndOfCommand) elif cmd == 'http': nextCmd = self.expect(Keyword) if nextCmd == 'server': t = taglib.tag("service", "HTTP") t.implied_by(taglib.env_tags.device, self.lineNum) elif nextCmd == 'secure-server': t = taglib.tag("service", "HTTPS") t.implied_by(taglib.env_tags.device, self.lineNum) self.skipTo(EndOfCommand) elif cmd == 'nd': nextCmd = self.expect(Keyword) if nextCmd == 'prefix': nd_prefix = None default_prefix = self.accept(Keyword) if not default_prefix: nd_prefix = self.expect(Literal) + self.expect(Punctuation) + self.expect(Literal) keyword = self.accept(Keyword) if keyword is None or not 'no-ad' in keyword: if nd_prefix: ra_prefix.append(nd_prefix) elif nextCmd == 'suppress-ra': ra_suppress = True self.skipTo(EndOfCommand) elif cmd == 'scp': nextCmd = self.expect(Keyword) if nextCmd == 'server': nextCmd = self.expect(Keyword) if nextCmd == 'enable': t = taglib.tag("service", taglib.protocol_name(cmd)) t.implied_by(taglib.env_tags.device, self.lineNum) self.skipTo(EndOfCommand) else: self.skipTo(EndOfCommand) return (ra_suppress, ra_line, if_prefix, ra_prefix)
def bgp_neighbor(self, protocol_tag, peer, peer_tag, peer_lineNum, top_local_as, top_local_as_tag, top_local_as_lineNum): local_as = top_local_as local_as_tag = top_local_as_tag local_as_lineNum = top_local_as_lineNum while True: if self.accept(Token.EndOfMode) is not None: if peer_as == local_as: peering_relationship = "iBGP" else: peering_relationship = "eBGP" peering_tag = taglib.tag("%s peering" % peering_relationship, "%s %s" % (device_tag.name, peer), sort_name="%s %s" % (device_tag.name, peer_tag.sort_name)) peering_tag.implies(protocol_tag, peer_lineNum) peering_tag.implied_by(device_tag, peer_lineNum) local_as_tag.implied_by(peering_tag, peer_lineNum) peer_as_tag.implied_by(peering_tag, peer_lineNum) remote_peer_tag = taglib.ip_address_tag(peer, kind="remote %s peer" % protocol_tag.name) remote_peer_tag.implied_by(peering_tag, peer_lineNum) remote_peer_tag.implies(peer_tag, peer_lineNum) return if self.accept(Whitespace) is not None: continue if self.accept(Comment) is not None: self.skipTo(EndOfCommand) continue try: op = self.accept(Operator) if op: pass cmd = self.expect(Keyword) if False: pass elif cmd == "local-as": local_as = self.expect(Literal) local_as_lineNum = self.lineNum local_as_tag = taglib.as_number_tag(local_as, "local AS") local_as_tag.implies(taglib.as_number_tag(local_as), local_as_lineNum) self.expect(EndOfCommand) elif cmd == "remote-as": peer_as = self.expect(Literal) peer_as_lineNum = self.lineNum peer_as_tag = taglib.as_number_tag(peer_as, "remote AS") peer_as_tag.implies(taglib.as_number_tag(peer_as), peer_as_lineNum) self.expect(EndOfCommand) elif cmd == "use": subcmd = self.expect(Keyword) if subcmd == "neighbor-group": group = self.expect(Literal) group_local_as = bgp_group_local_as.get(group, None) if group_local_as is not None: local_as = group_local_as local_as_lineNum = bgp_group_local_as_lineNum.get( group, None) local_as_tag = taglib.as_number_tag( local_as, "local AS") local_as_tag.implies( taglib.as_number_tag(local_as), local_as_lineNum) group_peer_as = bgp_group_remote_as.get(group, None) if group_peer_as is not None: peer_as = group_peer_as peer_as_lineNum = bgp_group_remote_as_lineNum.get( group, None) peer_as_tag = taglib.as_number_tag( peer_as, "remote AS") peer_as_tag.implies(taglib.as_number_tag(peer_as), peer_as_lineNum) self.skipTo(EndOfCommand) elif cmd == "address-family": self.bgp_neighbor_address_family() else: self.skipTo(EndOfCommand) except UnexpectedToken: self.skipTo(EndOfCommand)
def main(filename): lines = open(filename, 'rU') n = 0 for line in lines: n += 1 if re.match(r'Syntax error at token detail', line): lines.close() taglib.default_filename = filename = re.sub( r'-detail', '', filename) main(filename) return # time m = re.match( r'configure sntp-client (primary|secondary) (?:server )? "?([\w\d.-]+)"?( vr [\w\d.]+)?', line) if m: which, server, vr = m.groups() taglib.tag("NTP server", server).implied_by(taglib.env_tags.device, line=n) continue # dns m = re.match(r'configure dns-client add domain-suffix ([\w\d.-]+)', line) if m: server = m.group(1) taglib.tag("domain name", server).implied_by(taglib.env_tags.device, line=n) continue m = re.match( r'configure dns-client add (name-server )?([\w\d.-]+)( vr [\w\d.]+)?', line) if m: ignore, server, vr = m.groups() taglib.tag("name server", server).implied_by(taglib.env_tags.device, line=n) continue m = re.match(r'configure dns-client default-domain ([\w\d.-]+)', line) if m: server = m.group(1) taglib.tag("domain name", server).implied_by(taglib.env_tags.device, line=n) continue # radius m = re.match( r'configure radius (?:mgmt-access )?(primary|secondary) server ([\w\d.-]+)( [\d]+)? client-ip ([\w\d.-]+)( vr [\w\d.]+)?', line) if m: which, server, port, client, vr = m.groups() taglib.tag("RADIUS server", server).implied_by(taglib.env_tags.device, line=n) continue # tacacs+ m = re.match( r'configure tacacs (primary|secondary) server ([\w\d.-]+)( [\d]+)? client-ip ([\w\d.-]+)( vr [\w\d.]+)?', line) if m: which, server, port, client, vr = m.groups() taglib.tag("TACACS+ server", server).implied_by(taglib.env_tags.device, line=n) continue # interfaces m = re.match(r'create vlan "?([\w\d.-]+)"?', line) if m: vlan = m.group(1) vlanTag = taglib.tag("interface", "%s %s" % (taglib.env_tags.device.name, vlan)) vlanTag.implied_by(taglib.env_tags.snapshot, line=n) taglib.env_tags.device.implied_by(vlanTag, line=n) continue m = re.match(r'configure vlan "?([\w\d]+)"? tag ([\d]+)', line) if m: vlan, vlan_id = m.group(1), int(m.group(2)) vlan_tag = taglib.tag( "interface", "%s %s" % (taglib.env_tags.device.name, vlan)) vlan_id_tag = taglib.tag("VLAN ID", vlan_id, sort_name="%05d" % vlan_id) vlan_tag.implied_by(taglib.env_tags.snapshot, line=n) vlan_tag.implies(taglib.env_tags.device, line=n) vlan_tag.implies(vlan_id_tag, line=n) continue m = re.match( r'config(?:ure)? vlan "?([\w\d]+)"? ipaddress ([\d.]+)\s+([\d.]+)\s+', line) if m: vlan, ipaddress, mask = m.groups() address = ipaddress + "/" + mask ifaddr_tag = taglib.ip_address_tag(address, "interface address") address_tag = taglib.ip_address_tag(address) subnet_tag = taglib.ip_subnet_tag(address) vlan_tag = taglib.tag( "interface", "%s %s" % (taglib.env_tags.device.name, vlan)) vlan_tag.implied_by(taglib.env_tags.snapshot, line=n) vlan_tag.implies(taglib.env_tags.device, line=n) vlan_tag.implies(ifaddr_tag, line=n) ifaddr_tag.implies(address_tag, line=n) address_tag.implies(subnet_tag, line=n) continue m = re.match( r'configure "?([\w\d]+)"? ipaddress ([a-fA-F\d:]+)/([\d]+)\s+', line) if m: vlan, ipaddress, mask = m.groups() address = ipaddress + "/" + mask ifaddr_tag = taglib.ip_address_tag(address, "interface address") address_tag = taglib.ip_address_tag(address) subnet_tag = taglib.ip_subnet_tag(address) vlan_tag = taglib.tag( "interface", "%s %s" % (taglib.env_tags.device.name, vlan)) vlan_tag.implied_by(taglib.env_tags.snapshot, line=n) vlan_tag.implies(taglib.env_tags.device, line=n) vlan_tag.implies(ifaddr_tag, line=n) ifaddr_tag.implies(address_tag, line=n) address_tag.implies(subnet_tag, line=n) continue # dhcp/bootp m = re.match(r'configure bootprelay add ([\w\d.-]+)', line) if m: relay = m.group(1) taglib.tag("BOOTP relay", relay).implied_by(taglib.env_tags.device, line=n) continue # accounts m = re.match(r'create account (admin|user) "?([\w\d.-]+)"?\s+.*', line) if m: account = m.group(2) taglib.tag("user", account).implied_by(taglib.env_tags.device, line=n) continue m = re.match(r'configure account (admin|user).*', line) if m: account = m.group(1) taglib.tag("user", account).implied_by(taglib.env_tags.device, line=n) continue # protocols m = re.match(r'enable (bgp|igmp|MLD|msdp|rip|ripng)$', line) if m: protocolTag = taglib.tag("routing protocol", taglib.protocol_name(m.group(1))) protocolTag.implied_by(taglib.env_tags.device, line=n) continue m = re.match(r'enable (igmp|MLD) snooping.*', line) if m: protocol = m.group(1) protocolTag = taglib.tag("routing protocol", taglib.protocol_name(protocol)) protocolTag.implied_by(taglib.env_tags.device, line=n) continue m = re.match(r'configure DVMRP add vlan "?([\w\d.-]+)"?', line) if m: vlan = m.group(1) vlan_tag = taglib.tag( "interface", "%s %s" % (taglib.env_tags.device.name, vlan)) taglib.tag("routing protocol", "DVMRP").implied_by(vlan_tag, n) continue m = re.match( r'configure ospf add vlan "?([\w\d.-]+)"? area ([\d.]+).*', line) if m: vlan, area = m.groups() vlan_tag = taglib.tag( "interface", "%s %s" % (taglib.env_tags.device.name, vlan)) area_tag = taglib.tag("OSPF area", area) area_tag.implied_by(vlan_tag, line=n) area_tag.implies(taglib.tag("routing protocol", "OSPF"), line=n) continue m = re.match(r'configure ospf vlan ([\w\d.-]+) area ([\d.]+)', line) if m: vlan, area = m.groups() vlan_tag = taglib.tag( "interface", "%s %s" % (taglib.env_tags.device.name, vlan)) area_tag = taglib.tag("OSPF area", area) area_tag.implied_by(vlan_tag, line=n) area_tag.implies(taglib.tag("routing protocol", "OSPF"), line=n) continue m = re.match( r'configure ospfv3 domain ([\w\d.-]+) add vlan ([\w\d.-]+) instance-id ([\d]+) area ([\d.]+)', line) if m: domain, vlan, instance, area = m.groups() vlan_tag = taglib.tag( "interface", "%s %s" % (taglib.env_tags.device.name, vlan)) area_tag = taglib.tag("OSPFv3 area", area) area_tag.implied_by(vlan_tag, line=n) area_tag.implies(taglib.tag("routing protocol", "OSPFv3"), line=n) continue # services serviceLabelDict = { 'ssh': 'SSHv1', 'ssh1': 'SSHv1', 'ssh2': 'SSHv2', 'telnet': 'TELNET', 'web': 'HTTP' } m = re.match( r'enable (ssh2|telnet|web)( access-profile ([\w\d.-]+)( port ([\d]+))?)?', line) if m: service = m.group(1) taglib.tag("service", serviceLabelDict[service]).implied_by( taglib.env_tags.device, n) continue m = re.match( r'configure telnet( access-profile ([\w\d.-]+))?( port ([\d]+))?( vr ([\w\d.-]+))?', line) if m: taglib.tag("service", "TELNET").implied_by(taglib.env_tags.device, n) continue
def main(filename): lines = open(filename, 'rU') n = 0 ssh_version = None ssh_enable = False for line in lines: n += 1 # hostname m = re.match(r'set hostname ([\w\d.-]+)', line) if m: host = m.group(1) taglib.tag("hostname", host).implied_by(taglib.env_tags.device, line=n) continue # time m = re.match(r'set ntp server( backup\d)? "?([\w\d.-]+)"?', line) if m: server = m.group(2) if not server == '0.0.0.0': taglib.tag("NTP server", server).implied_by(taglib.env_tags.device, line=n) continue # dns m = re.match(r'set domain ([\w\d.-]+)', line) if m: domain = m.group(1) taglib.tag("domain name", domain).implied_by(taglib.env_tags.device, line=n) continue m = re.match(r'set dns host dns\d ([\w\d.-]+)', line) if m: server = m.group(1) taglib.tag("name server", server).implied_by(taglib.env_tags.device, line=n) continue m = re.match(r'set xauth ([\w\d.-]+) dns\d ([\w\d.-]+)', line) if m: server = m.group(2) taglib.tag("name server", server).implied_by(taglib.env_tags.device, line=n) continue m = re.match(r'set l2tp dns\d ([\w\d.-]+)', line) if m: server = m.group(1) taglib.tag("name server", server).implied_by(taglib.env_tags.device, line=n) continue # interfaces m = re.match(r'set interface ([\w\d]+) ip ([\d.]+)/([\d.]+)( secondary)?', line) if m: name, ipaddress, plen, secondary = m.groups() address = ipaddress + "/" + plen ifaddr_tag = taglib.ip_address_tag(address, "interface address") address_tag = taglib.ip_address_tag(address) subnet_tag = taglib.ip_subnet_tag(address) name_tag = taglib.tag("interface", "%s %s" % (taglib.env_tags.device.name, name)) name_tag.implied_by(taglib.env_tags.snapshot, line=n) name_tag.implies(taglib.env_tags.device, line=n) name_tag.implies(ifaddr_tag, line=n) ifaddr_tag.implies(address_tag, line=n) address_tag.implies(subnet_tag, line=n) continue # accounts m = re.match(r'set admin user "?([\w\d.-]+)"?\s+.*', line) if m: account = m.group(1) taglib.tag("user", account).implied_by(taglib.env_tags.device, line=n) continue # services m = re.match(r'set ssh version ([\w\d]+)', line) if m: ssh_version = m.group(1) ssh_version_line = n continue m = re.match(r'set ssh enable', line) if m: ssh_enable = True taglib.tag("service", 'SSH').implied_by(taglib.env_tags.device, n) continue m = re.match(r'set scp enable', line) if m: taglib.tag("service", 'SCP').implied_by(taglib.env_tags.device, n) continue # post parse phase if ssh_enable: if ssh_version: taglib.tag("service", 'SSH' + ssh_version).implied_by(taglib.env_tags.device, ssh_version_line)
def tag_protocols(top): protocol = "BGP" routing_options_local_as_list = top.xpath("routing-options/autonomous-system/as-number") routing_options_router_id_list = top.xpath("routing-options/router-id") protocol_elem_list = top.xpath("protocols/%s" % protocol.lower()) if protocol_elem_list: protocol_elem = protocol_elem_list[0] protocol_tag = taglib.tag("routing protocol", protocol) protocol_tag.used(protocol_elem.sourceline) for group_elem in protocol_elem.xpath("group"): name_elem = group_elem.xpath("name")[0] group_tag = taglib.tag("%s group" % protocol, "%s %s" % (device_tag.name, name_elem.text)) group_tag.implied_by(device_tag, name_elem.sourceline) for peer_name_elem in group_elem.xpath("neighbor/name"): local_address_elem_list = peer_name_elem.xpath("ancestor::*/local-address") if local_address_elem_list: local_address_elem = local_address_elem_list[0] elif routing_options_router_id_list: local_address_elem = routing_options_router_id_list[0] local_elem_list = peer_name_elem.xpath("ancestor::*/local-as/as-number") if local_elem_list: local_elem = local_elem_list[0] elif routing_options_local_as_list: local_elem = routing_options_local_as_list[0] if local_elem is not None: localasn_tag = taglib.as_number_tag(local_elem.text, "local AS") localasn_tag.implies(taglib.as_number_tag(local_elem.text), local_elem.sourceline) asn_elem_list = peer_name_elem.xpath("ancestor::*/peer-as") if asn_elem_list: asn_elem = asn_elem_list[0] else: asn_elem = local_elem asn_tag = taglib.as_number_tag(asn_elem.text, kind="remote AS") asn_tag.implies(taglib.as_number_tag(asn_elem.text), asn_elem.sourceline) if asn_elem.text == local_elem.text: peering_relationship = "iBGP" else: peering_relationship = "eBGP" address_tag = taglib.ip_address_tag(peer_name_elem.text) peering_tag = taglib.tag("%s peering" % peering_relationship, "%s %s" % (device_tag.name, peer_name_elem.text), sort_name="%s %s" % (device_tag.name, address_tag.sort_name)) peering_tag.implies(protocol_tag, peer_name_elem.sourceline) peering_tag.implied_by(device_tag, peer_name_elem.sourceline) peering_tag.implied_by(group_tag, peer_name_elem.sourceline) asn_tag.implied_by(peering_tag, asn_elem.sourceline) localasn_tag.implied_by(peering_tag, local_elem.sourceline) peer_tag = taglib.ip_address_tag(peer_name_elem.text, kind="%s peer" % protocol) peer_tag.implies(address_tag, peer_name_elem.sourceline) if local_address_elem is not None: peer2_tag = taglib.ip_address_tag(local_address_elem.text, kind="%s peer" % protocol.upper()) address2_tag = taglib.ip_address_tag(local_address_elem.text) peer2_tag.implies(address2_tag, local_address_elem.sourceline) local_peer_tag = taglib.ip_address_tag(local_address_elem.text, kind="local %s peer" % protocol) local_peer_tag.implied_by(peering_tag, local_address_elem.sourceline) local_peer_tag.implies(peer2_tag, peer_name_elem.sourceline) remote_peer_tag = taglib.ip_address_tag(peer_name_elem.text, kind="remote %s peer" % protocol) remote_peer_tag.implied_by(peering_tag, peer_name_elem.sourceline) remote_peer_tag.implies(peer_tag, peer_name_elem.sourceline) protocol = "MSDP" protocol_elem_list = top.xpath("protocols/%s" % protocol.lower()) if protocol_elem_list: protocol_elem = protocol_elem_list[0] protocol_tag = taglib.tag("routing protocol", protocol) protocol_tag.used(protocol_elem.sourceline) for group_elem in protocol_elem.xpath("group"): name_elem = group_elem.xpath("name")[0] group_tag = taglib.tag("%s group" % protocol, "%s %s" % (device_tag.name, name_elem.text)) group_tag.implied_by(device_tag, name_elem.sourceline) for peer_name_elem in group_elem.xpath("peer/name"): peer_tag = taglib.tag("%s peer" % protocol, peer_name_elem.text) address_tag = taglib.ip_address_tag(peer_name_elem.text) peer_tag.implies(address_tag, peer_name_elem.sourceline) peer_tag.implied_by(group_tag, peer_name_elem.sourceline) peer_tag.implies(protocol_tag, peer_name_elem.sourceline) ospf_version_dict = {'ospf':'OSPF', 'ospf3':'OSPFv3'} for protocol_key, protocol in ospf_version_dict.items(): protocol_elem_list = top.xpath("protocols/%s" % protocol_key) if not protocol_elem_list: continue protocol_elem = protocol_elem_list[0] protocol_tag = taglib.tag("routing protocol", protocol) protocol_tag.used(protocol_elem.sourceline) for area_elem in protocol_elem.xpath("area"): name_elem = area_elem.xpath("name")[0] area_tag = taglib.tag("%s area" % protocol, name_elem.text) area_tag.implies(protocol_tag, name_elem.sourceline) for interface_name_elem in area_elem.xpath("interface/name"): if interface_name_elem.text == "all": interface_tags = all_interface_tags else: interface_tags = [ taglib.tag("interface", "%s %s" % (device_tag.name, interface_name_elem.text))] for t in interface_tags: t.implies(area_tag, interface_name_elem.sourceline) protocol = "PIM" protocol_elem_list = top.xpath("protocols/%s" % protocol.lower()) if protocol_elem_list: protocol_elem = protocol_elem_list[0] protocol_tag = taglib.tag("routing protocol", protocol) protocol_tag.used(protocol_elem.sourceline) for interface_name_elem in protocol_elem.xpath("interface/name"): if interface_name_elem.text == "all": interface_tags = all_interface_tags else: interface_tags = [ taglib.tag("interface", "%s %s" % (device_tag.name, interface_name_elem.text))] for t in interface_tags: t.implies(protocol_tag, interface_name_elem.sourceline) for protocol in ("RIP", "RIPng"): protocol_elem_list = top.xpath("protocols/%s" % protocol.lower()) if not protocol_elem_list: continue protocol_elem = protocol_elem_list[0] protocol_tag = taglib.tag("routing protocol", protocol) protocol_tag.used(protocol_elem.sourceline) for group_elem in protocol_elem.xpath("group"): name_elem = group_elem.xpath("name")[0] group_tag = taglib.tag("%s group" % protocol,name_elem.text) group_tag.implies(protocol_tag, name_elem.sourceline) for interface_name_elem in group_elem.xpath("neighbor/name"): if interface_name_elem.text == "all": interface_tags = all_interface_tags else: interface_tags = [ taglib.tag("interface", "%s %s" % (device_tag.name, interface_name_elem.text))] for t in interface_tags: t.implies(group_tag, interface_name_elem.sourceline) protocol = "router-advertisement" protocol_elem_list = top.xpath("protocols/%s" % protocol.lower()) if protocol_elem_list: protocol_elem = protocol_elem_list[0] protocol_tag = taglib.tag("routing protocol", protocol) protocol_tag.used(protocol_elem.sourceline) for interface_elem in protocol_elem.xpath("interface"): interface_name_elem = interface_elem.xpath("name")[0] if interface_name_elem.text == "all": interface_tags = all_interface_tags else: interface_tags = [ taglib.tag("interface", "%s %s" % (device_tag.name, interface_name_elem.text))] for t in interface_tags: ratag = taglib.tag("ND router advertisement server", "%s %s" % (device_tag.name, interface_name_elem.text)) ratag.implied_by(t, interface_name_elem.sourceline); for prefix_name_elem in interface_elem.xpath("prefix/name"): ratag.implies(taglib.ip_subnet_tag(prefix_name_elem.text), prefix_name_elem.sourceline)