From 808d3fd5c6af6737223dc1e25a543600adaefddf Mon Sep 17 00:00:00 2001
From: Max Baker <>
Date: Fri, 7 May 2010 00:01:33 +0000
Subject: [PATCH] add PF Support
---
ChangeLog | 1 +
DeviceMatrix.txt | 10 ++
Info.pm | 1 +
Info/Layer3/Pf.pm | 294 ++++++++++++++++++++++++++++++++++++++++++++++
4 files changed, 306 insertions(+)
create mode 100644 Info/Layer3/Pf.pm
diff --git a/ChangeLog b/ChangeLog
index a3eabea3..f6ace254 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -7,6 +7,7 @@ version 2.02 ()
* Updated model lists in HP classes
+ [2980782] Added L3::CiscoFWSM for Cisco Firewall Services Modules
(Brian De Wolf)
+ + Added L3::Pf for FreeBSD PFSense Firewalls (max)
* Added specific functions for neighbor mgmt addresses to CDP class
* Implemented os_bin() method in CiscoStats
diff --git a/DeviceMatrix.txt b/DeviceMatrix.txt
index b022ac80..ee7c4a15 100644
--- a/DeviceMatrix.txt
+++ b/DeviceMatrix.txt
@@ -477,6 +477,16 @@ device-family: Alpine and Summit
device: Alpine 3808
device: Summit 7i, 48si
+#
+# FreeBSD
+#
+device-vendor: FreeBSD
+device-famly: Pf
+class: Layer3::Pf
+arpnip: yes
+cdp: no
+note: LLDP support might be available. See note in Layer3::Pf
+
#
# Foundry
#
diff --git a/Info.pm b/Info.pm
index 9ec95292..3da15a9c 100644
--- a/Info.pm
+++ b/Info.pm
@@ -1195,6 +1195,7 @@ sub device_type {
6486 => 'SNMP::Info::Layer3::AlcatelLucent',
6527 => 'SNMP::Info::Layer3::Timetra',
8072 => 'SNMP::Info::Layer3::NetSNMP',
+ 12325 => 'SNMP::Info::Layer3::Pf',
30065 => 'SNMP::Info::Layer3::Arista',
);
diff --git a/Info/Layer3/Pf.pm b/Info/Layer3/Pf.pm
new file mode 100644
index 00000000..a421696d
--- /dev/null
+++ b/Info/Layer3/Pf.pm
@@ -0,0 +1,294 @@
+# SNMP::Info::Layer3::Pf
+# $Id$
+#
+# Copyright (c) 2010 Max Baker
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# * Redistributions of source code must retain the above copyright notice,
+# this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+# * Neither the name of Pf Networks, Inc. nor the
+# names of its contributors may be used to endorse or promote products
+# derived from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+# LIABLE FOR # ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+
+package SNMP::Info::Layer3::Pf;
+
+use strict;
+use Exporter;
+
+use SNMP::Info::Layer3;
+use SNMP::Info::LLDP;
+
+@SNMP::Info::Layer3::Pf::ISA = qw/SNMP::Info::LLDP SNMP::Info::Layer3 Exporter/;
+@SNMP::Info::Layer3::Pf::EXPORT_OK = qw//;
+
+use vars qw/$VERSION %GLOBALS %MIBS %FUNCS %MUNGE/;
+
+$VERSION = '2.02-cvs';
+
+%MIBS = (
+ %SNMP::Info::Layer3::MIBS,
+ %SNMP::Info::LLDP::MIBS,
+ # Enterprise container where BEGEMOT-* lives
+ 'FOKUS-MIB' => 'fokus',
+ # MIBs used included in Layer3 and above:
+ # UDP-MIB
+ # TCP-MIB
+ # IF-MIB
+ #
+ # Stuff in these MIBs but not used for Netdisco yet for my test device:
+ #
+ #'BEGEMOT-SNMPD-MIB',
+ #'BEGEMOT-PF-MIB',
+ #'BEGEMOT-NETGRAPH-MIB',
+ #'BEGEMOT-MIB2-MIB',
+ #'BEGEMOT-HOSTRES-MIB',
+ # HOST-RESOURCES-MIB
+ # IP-FORWARD-MIB
+ #
+ # Nothing in these MIBs for my test device:
+ #
+ #'BEGEMOT-IP-MIB',
+ #'BEGEMOT-MIB',
+ #'BEGEMOT-BRIDGE-MIB',
+);
+
+%GLOBALS = (
+ %SNMP::Info::Layer3::GLOBALS,
+ %SNMP::Info::LLDP::GLOBALS,
+);
+
+%FUNCS = (
+ %SNMP::Info::Layer3::FUNCS,
+ %SNMP::Info::LLDP::FUNCS,
+);
+
+%MUNGE = (
+ %SNMP::Info::Layer3::MUNGE,
+ %SNMP::Info::LLDP::MUNGE,
+);
+
+sub vendor {
+ return 'FreeBSD';
+}
+
+sub model {
+ my $pf = shift;
+ my $descr = $pf->description() || '';
+ my $model = undef;
+ $model = $1 if ( $descr =~ /FreeBSD\s+(\S+)/ );
+ return $model if defined $model;
+ return $pf->os_ver();
+}
+
+sub os {
+ return 'Pf';
+}
+
+sub os_ver {
+ my $pf = shift;
+ my $id = $pf->id();
+
+ my $os_ver = &SNMP::translateObj($id);
+ return $id unless defined $os_ver;
+
+ # From /usr/share/snmp/defs/tree.def on a Pf Machine
+ # (2 begemotSnmpdDefs
+ # (1 begemotSnmpdAgent
+ # (1 begemotSnmpdAgentFreeBSD OID op_dummy)
+ # We're leaving the 1.1 and trimming off up to the 2
+ $os_ver =~ s/fokus.1.1.2.//;
+ return $os_ver;
+}
+
+# Use LLDP
+sub hasCDP {
+ my $pf = shift;
+ return $pf->hasLLDP();
+}
+
+sub c_ip {
+ my $pf = shift;
+ my $partial = shift;
+ return $pf->lldp_ip($partial);
+}
+
+sub c_if {
+ my $pf = shift;
+ my $partial = shift;
+ return $pf->lldp_if($partial);
+}
+
+sub c_port {
+ my $pf = shift;
+ my $partial = shift;
+ return $pf->lldp_port($partial);
+}
+
+sub c_id {
+ my $pf = shift;
+ my $partial = shift;
+ return $pf->lldp_id($partial);
+}
+
+sub c_platform {
+ my $pf = shift;
+ my $partial = shift;
+ return $pf->lldp_rem_sysdesc($partial);
+}
+
+1;
+__END__
+
+=head1 NAME
+
+SNMP::Info::Layer3::Pf - SNMP Interface to FreeBSD-Based Firewalls using Pf /Pf Sense
+
+=head1 AUTHOR
+
+Max Baker
+
+=head1 SYNOPSIS
+
+
+ # Let SNMP::Info determine the correct subclass for you.
+ my $pf = new SNMP::Info(
+ AutoSpecify => 1,
+ Debug => 1,
+ # These arguments are passed directly to SNMP::Session
+ DestHost => 'myswitch',
+ Community => 'public',
+ Version => 2
+ )
+ or die "Can't connect to DestHost.\n";
+
+ my $class = $pf->class();
+ print "SNMP::Info determined this device to fall under subclass : $class\n";
+
+=head1 DESCRIPTION
+
+Subclass for Free-BSD PF-Based devices
+
+=head1 LLDP Support
+
+LLDP Support is included but untested in this Device Class. It is reported
+that the available CDP/LLDP modules for net-snmp don't work on FreeBSD (on
+which pfSense is based) as they assume certain Linux specific Ethernet
+structures. This problem is apparently solved on PF based firewall appliances
+by using the ladvd package, for which a port may be found here:
+L. I'm not sure if this module ties into
+Net-SNMP or not.
+
+=head2 Inherited Classes
+
+=over
+
+=item SNMP::Info::Layer3
+
+=item SNMP::Info::LLDP
+
+=back
+
+=head2 Required MIBs
+
+=over
+
+=item F
+
+=item Inherited Classes' MIBs
+
+See L for its own MIB requirements.
+
+See L for its own MIB requirements.
+
+=back
+
+=head1 GLOBALS
+
+These are methods that return scalar values from SNMP
+
+=over
+
+=item $pf->vendor()
+
+ Returns 'FreeBSD'
+
+=item $pf->hasCDP()
+
+ Returns whether LLDP is enabled.
+
+=item $pf->model()
+
+Grabs the os version from C
+
+=item $pf->os()
+
+Returns 'Pf'
+
+=item $pf->os_ver()
+
+Tries to reference $pf->id() to one of the product MIBs listed above.
+Will probably return a truncation of the default OID for pf-based systems
+C.
+
+=back
+
+=head2 Global Methods imported from SNMP::Info::Layer3
+
+See documentation in L for details.
+
+=head1 TABLE METHODS
+
+These are methods that return tables of information in the form of a reference
+to a hash.
+
+=over
+
+=item $pf->c_id()
+
+Returns LLDP information.
+
+=item $pf->c_if()
+
+Returns LLDP information.
+
+=item $pf->c_ip()
+
+Returns LLDP information.
+
+=item $pf->c_platform()
+
+Returns LLDP information.
+
+=item $pf->c_port()
+
+Returns LLDP information.
+
+=back
+
+=head2 Table Methods imported from SNMP::Info::Layer3
+
+See documentation in L for details.
+
+=head2 Table Methods imported from SNMP::Info::LLDP
+
+See documentation in L for details.
+
+=cut