From 275a533843b6ed18ff2208663cc04d0ec60910c2 Mon Sep 17 00:00:00 2001 From: Moe Kraus Date: Wed, 10 Apr 2013 18:26:31 +0200 Subject: [PATCH] added subclass for Cisco ASA firewalls which filters bad mac addresses in b_mac method --- DeviceMatrix.txt | 4 + Info.pm | 10 +- Info/Layer3/CiscoASA.pm | 231 ++++++++++++++++++++++++++++++++++++++++ 3 files changed, 243 insertions(+), 2 deletions(-) create mode 100644 Info/Layer3/CiscoASA.pm diff --git a/DeviceMatrix.txt b/DeviceMatrix.txt index 29795c7c..12081c54 100644 --- a/DeviceMatrix.txt +++ b/DeviceMatrix.txt @@ -381,6 +381,10 @@ class: Layer3::Altiga device: VPN3000 note: The Cisco 3000 device can return duplicate interface names, while Netdisco expects unique interface names. To ensure unique device names I append numbers only when an interface name would not be unique without one. Interfaces with unique names keep their ifDescr name. +device: ASA +note: The Cisco ASA is the successor of the PIX which was bought from Altiga Networks. +Class: Layer3::CiscoASA + device-family: 1000 duplex: no ver: 1 diff --git a/Info.pm b/Info.pm index 482ccd41..0eca6bc5 100644 --- a/Info.pm +++ b/Info.pm @@ -690,6 +690,12 @@ This is a simple wrapper around Layer3 for IOS devices. It adds on CiscoVTP. See documentation in L for details. +=item SNMP::Info::Layer3::CiscoASA + +Subclass for Cisco Adaptive Security Appliances. + +See documentation in L for details. + =item SNMP::Info::Layer3::CiscoFWSM Subclass for Cisco Firewall Services Modules. @@ -1657,8 +1663,8 @@ sub device_type { $objtype = 'SNMP::Info::Layer3::Cisco' if ( $desc =~ /Cisco PIX Security Appliance/i ); - # Cisco ASA - $objtype = 'SNMP::Info::Layer3::Cisco' + # Cisco ASA, older version which doesn't report layer 3 functionality + $objtype = 'SNMP::Info::Layer3::CiscoASA' if ( $desc =~ /Cisco Adaptive Security Appliance/i ); # HP Virtual Connect blade switches diff --git a/Info/Layer3/CiscoASA.pm b/Info/Layer3/CiscoASA.pm new file mode 100644 index 00000000..acbbbcd2 --- /dev/null +++ b/Info/Layer3/CiscoASA.pm @@ -0,0 +1,231 @@ +# SNMP::Info::Layer3::CiscoASA +# $Id$ +# +# Copyright (c) 2013 Moe Kraus +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are met: +# +# * Redistributions of source code must retain the above copyright notice, +# this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# * Neither the name of the University of California, Santa Cruz nor the +# names of its contributors may be used to endorse or promote products +# derived from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE +# LIABLE FOR +# ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. + +package SNMP::Info::Layer3::CiscoASA; + +use strict; +use Exporter; +use SNMP::Info::CiscoVTP; +use SNMP::Info::CDP; +use SNMP::Info::CiscoStats; +use SNMP::Info::CiscoImage; +use SNMP::Info::CiscoRTT; +use SNMP::Info::CiscoQOS; +use SNMP::Info::CiscoConfig; +use SNMP::Info::CiscoPower; +use SNMP::Info::Layer3; +use SNMP::Info::Layer3::Cisco; + +@SNMP::Info::Layer3::ASA::ISA = qw/SNMP::Info::CiscoVTP SNMP::Info::CDP + SNMP::Info::CiscoStats SNMP::Info::CiscoImage + SNMP::Info::CiscoRTT SNMP::Info::CiscoQOS + SNMP::Info::CiscoConfig SNMP::Info::CiscoPower + SNMP::Info::Layer3::Cisco + SNMP::Info::Layer3 + Exporter/; +@SNMP::Info::Layer3::ASA::EXPORT_OK = qw//; + +use vars qw/$VERSION %GLOBALS %MIBS %FUNCS %MUNGE/; + +$VERSION = '2.11'; + +%MIBS = ( + %SNMP::Info::Layer3::Cisco::MIBS, +); + +%GLOBALS = ( + %SNMP::Info::Layer3::Cisco::GLOBALS, +); + +%FUNCS = ( + %SNMP::Info::Layer3::Cisco::FUNCS, + 'mac_table' => 'ifPhysAddress', +); + +%MUNGE = ( + %SNMP::Info::Layer3::Cisco::MUNGE, + 'mac_table' => \&SNMP::Info::munge_mac, ); + +sub b_mac { + my ($asa) = shift; + my $macs = $asa->mac_table(); + my @macs; + # gather physical addresses + foreach my $i ( keys %$macs ) { + my $mac = $macs->{$i}; + # don't catch the bad macs with zeroed OUI + if ( $mac !~ m/(0{1,2}:){3}/ ) { + push( @macs, $mac); + } + @macs = sort( @macs ); + } + # return the least mac + return @macs[0]; +} + +1; +__END__ + +=head1 NAME + +SNMP::Info::Layer3::CiscoASA - Cisco Adaptive Security Appliance + +=head1 AUTHOR + +Moe Kraus + +=head1 SYNOPSIS + + # Let SNMP::Info determine the correct subclass for you. + my $cisco = new SNMP::Info( + AutoSpecify => 1, + Debug => 1, + # These arguments are passed directly to SNMP::Session + DestHost => 'myswitch', + Community => 'public', + Version => 2 + ) + or die "Can't connect to DestHost.\n"; + + my $class = $asa->class(); + print "SNMP::Info determined this device to fall under subclass: $class\n"; + +=head1 DESCRIPTION + +Subclass for Cisco ASAs + +=head2 Inherited Classes + +=over + +=item SNMP::Info::Layer3::Cisco + +=back + +=head2 Required MIBs + +=over + +=item F + +=item Inherited Classes' MIBs + +See L for its own MIB requirements. + +=back + +=head1 GLOBALS + +These are methods that return scalar value from SNMP + +=over + +=item $asa->b_mac() + + Returns base mac. + Overrides base mac function in Layer3. + +=back + +=head2 Global Methods imported from SNMP::Info::CiscoVTP + +See documentation in L for details. + +=head2 Globals imported from SNMP::Info::CDP + +See documentation in L for details. + +=head2 Globals imported from SNMP::Info::CiscoStats + +See documentation in L for details. + +=head2 Globals imported from SNMP::Info::CiscoImage + +See documentation in L for details. + +=head2 Globals imported from SNMP::Info::CiscoRTT + +See documentation in L for details. + +=head2 Globals imported from SNMP::Info::CiscoQOS + +See documentation in L for details. + +=head2 Globals imported from SNMP::Info::CiscoConfig + +See documentation in L for details. + +=head2 Globals imported from SNMP::Info::CiscoPower + +See documentation in L for details. + +=head2 Globals imported from SNMP::Info::Layer3 + +See documentation in L for details. + +=head2 Globals imported from SNMP::Info::Layer3::Cisco + +See documentation in L for details. + +=head1 TABLE METHODS + +These are methods that return tables of information in the form of a +reference to a hash. + +=head2 Table Methods imported from SNMP::Info::CiscoVTP + +See documentation in L for details. + +=head2 Table Methods imported from SNMP::Info::CDP + +See documentation in L for details. + +=head2 Table Methods imported from SNMP::Info::CiscoStats + +See documentation in L for details. + +=head2 Table Methods imported from SNMP::Info::CiscoImage + +See documentation in L for details. + +=head2 Table Methods imported from SNMP::Info::CiscoRTT + +See documentation in L for details. + +=head2 Table Methods imported from SNMP::Info::CiscoQOS + +See documentation in L for details. + +=head2 Table Methods imported from SNMP::Info::Layer3::Cisco + +See documentation in L for details. + +=cut