826e1db39d
* Add macsuck worker to collect various PortAccessEntity (NAC) attributes * Incorporate PAE feedback on #937 * missing Result/Device.pm column added * pae_is... columns instead of pae_capabilities * moved most code to Util/PortAccessEntity.pm so the update can be done in discover and macsuck * Refactor PAE attributes during discover as separate Plugin * PortAccessEntity: don't use device->dns in log string * Fix "Experimental keys on scalar is now forbidden" test failure * Revamp pae_control and add missing attribute - device.pae_control (text) is now device.pae_is_enabled (bool) - also store pae_authconfig_port_control (port mode auto/force(un)Auth) * Fix "Experimental keys on scalar is now forbidden" test failure - ... again because of botched merge - at least perlgolfed away a set of curly braces * Update PortAccessEntity.pm * Incorporate @ollyg PR feedback * allow actions without transport to run when there are also no creds * initial refactor for separate gather, process, store phases for macsuck * factor out the vlan sanity check * additional help with log of action workers * cleanup logic in check macsuck * refactor to make main phases only * some fixes * implement file slurp. amazingly the whole thing works * remove outdated noop from test * treat error as critical, use cancel to suppress further drivers * big refactor to share mac sanity code to both paths * fix inverted logic on vlan sanity filter * some code tidy * fix error in default value * fix for vlan 0 nodes input from cli * ensure imported MACs are IEEE format * add api endpoint, no useful return status yet * exit status if error from nodes PUT * suppress other networked workers when direct workers are active * better log showing worker * fix status recording to get first error or last done message * implement arpnip API PUT * avoid package redeclaration error * make sure write API methods require admin status * add doc for passing JSON data to arpnip and macsuck * update manifest * remove option to do jobs in web handler; all by queue now * use job entry timestamp for offline queued jobs * fix store username and IP on api PUT * never de-duplicate user-submitted jobs; never reset DeviceSkip for offline jobs * myworker no longer needed * make logic cleaner Co-authored-by: Christian Ramseyer <ramseyer@netnea.com>
201 lines
4.5 KiB
Perl
201 lines
4.5 KiB
Perl
package App::Netdisco::Util::Node;
|
|
|
|
use Dancer qw/:syntax :script/;
|
|
use Dancer::Plugin::DBIC 'schema';
|
|
|
|
use NetAddr::MAC;
|
|
use App::Netdisco::Util::Permission qw/check_acl_no check_acl_only/;
|
|
|
|
use base 'Exporter';
|
|
our @EXPORT = ();
|
|
our @EXPORT_OK = qw/
|
|
check_mac
|
|
is_nbtstatable
|
|
store_arp
|
|
/;
|
|
our %EXPORT_TAGS = (all => \@EXPORT_OK);
|
|
|
|
=head1 NAME
|
|
|
|
App::Netdisco::Util::Node
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
A set of helper subroutines to support parts of the Netdisco application.
|
|
|
|
There are no default exports, however the C<:all> tag will export all
|
|
subroutines.
|
|
|
|
=head1 EXPORT_OK
|
|
|
|
=head2 check_mac( $node, $device?, $port_macs? )
|
|
|
|
Given a MAC address, perform various sanity checks which need to be done
|
|
before writing an ARP/Neighbor entry to the database storage.
|
|
|
|
Returns false, and might log a debug level message, if the checks fail.
|
|
|
|
Returns a true value (the MAC address in IEEE format) if these checks pass:
|
|
|
|
=over 4
|
|
|
|
=item *
|
|
|
|
MAC address is well-formed (according to common formats)
|
|
|
|
=item *
|
|
|
|
MAC address is not all-zero, broadcast, CLIP, VRRP or HSRP
|
|
|
|
=back
|
|
|
|
Optionally pass a Device instance or IP to use in logging.
|
|
|
|
Optionally pass a cached set of Device port MAC addresses as the third
|
|
argument, in which case an additional check is added:
|
|
|
|
=over 4
|
|
|
|
=item *
|
|
|
|
MAC address does not belong to an interface on any known Device
|
|
|
|
=back
|
|
|
|
=cut
|
|
|
|
sub check_mac {
|
|
my ($node, $device, $port_macs) = @_;
|
|
return 0 if !$node;
|
|
|
|
my $mac = NetAddr::MAC->new(mac => ($node || ''));
|
|
my $devip = ($device ? (ref $device ? $device->ip : $device) : '');
|
|
$port_macs ||= {};
|
|
|
|
# incomplete MAC addresses (BayRS frame relay DLCI, etc)
|
|
if (!defined $mac or $mac->errstr) {
|
|
debug sprintf ' [%s] check_mac - mac [%s] malformed - skipping',
|
|
$devip, $node;
|
|
return 0;
|
|
}
|
|
else {
|
|
# lower case, hex, colon delimited, 8-bit groups
|
|
$node = lc $mac->as_ieee;
|
|
}
|
|
|
|
# broadcast MAC addresses
|
|
return 0 if $mac->is_broadcast;
|
|
|
|
# all-zero MAC addresses
|
|
return 0 if $node eq '00:00:00:00:00:00';
|
|
|
|
# CLIP
|
|
return 0 if $node eq '00:00:00:00:00:01';
|
|
|
|
# multicast
|
|
if ($mac->is_multicast and not $mac->is_msnlb) {
|
|
debug sprintf ' [%s] check_mac - multicast mac [%s] - skipping',
|
|
$devip, $node;
|
|
return 0;
|
|
}
|
|
|
|
# VRRP
|
|
if ($mac->is_vrrp) {
|
|
debug sprintf ' [%s] check_mac - VRRP mac [%s] - skipping',
|
|
$devip, $node;
|
|
return 0;
|
|
}
|
|
|
|
# HSRP
|
|
if ($mac->is_hsrp or $mac->is_hsrp2) {
|
|
debug sprintf ' [%s] check_mac - HSRP mac [%s] - skipping',
|
|
$devip, $node;
|
|
return 0;
|
|
}
|
|
|
|
# device's own MACs
|
|
if ($port_macs and exists $port_macs->{$node}) {
|
|
debug sprintf ' [%s] check_mac - mac [%s] is device port - skipping',
|
|
$devip, $node;
|
|
return 0;
|
|
}
|
|
|
|
return $node;
|
|
}
|
|
|
|
=head2 is_nbtstatable( $ip )
|
|
|
|
Given an IP address, returns C<true> if Netdisco on this host is permitted by
|
|
the local configuration to nbtstat the node.
|
|
|
|
The configuration items C<nbtstat_no> and C<nbtstat_only> are checked
|
|
against the given IP.
|
|
|
|
Returns false if the host is not permitted to nbtstat the target node.
|
|
|
|
=cut
|
|
|
|
sub is_nbtstatable {
|
|
my $ip = shift;
|
|
|
|
return if check_acl_no($ip, 'nbtstat_no');
|
|
|
|
return unless check_acl_only($ip, 'nbtstat_only');
|
|
|
|
return 1;
|
|
}
|
|
|
|
=head2 store_arp( \%host, $now? )
|
|
|
|
Stores a new entry to the C<node_ip> table with the given MAC, IP (v4 or v6)
|
|
and DNS host name. Host details are provided in a Hash ref:
|
|
|
|
{
|
|
ip => '192.0.2.1',
|
|
node => '00:11:22:33:44:55',
|
|
dns => 'myhost.example.com',
|
|
}
|
|
|
|
The C<dns> entry is optional. The update will mark old entries for this IP as
|
|
no longer C<active>.
|
|
|
|
Optionally a literal string can be passed in the second argument for the
|
|
C<time_last> timestamp, otherwise the current timestamp (C<now()>) is used.
|
|
|
|
=cut
|
|
|
|
sub store_arp {
|
|
my ($hash_ref, $now) = @_;
|
|
$now ||= 'now()';
|
|
my $ip = $hash_ref->{'ip'};
|
|
my $mac = NetAddr::MAC->new(mac => ($hash_ref->{'node'} || $hash_ref->{'mac'} || ''));
|
|
my $name = $hash_ref->{'dns'};
|
|
|
|
return if !defined $mac or $mac->errstr;
|
|
|
|
debug sprintf 'store_arp - mac %s ip %s', $mac->as_ieee, $ip;
|
|
|
|
schema(vars->{'tenant'})->txn_do(sub {
|
|
my $current = schema(vars->{'tenant'})->resultset('NodeIp')
|
|
->search(
|
|
{ ip => $ip, -bool => 'active'},
|
|
{ columns => [qw/mac ip/] })->update({active => \'false'});
|
|
|
|
schema(vars->{'tenant'})->resultset('NodeIp')
|
|
->update_or_create(
|
|
{
|
|
mac => $mac->as_ieee,
|
|
ip => $ip,
|
|
dns => $name,
|
|
active => \'true',
|
|
time_last => \$now,
|
|
},
|
|
{
|
|
key => 'primary',
|
|
for => 'update',
|
|
});
|
|
});
|
|
}
|
|
|
|
1;
|