From e7b289c39910a67f08dccac59e4ac60051cff858 Mon Sep 17 00:00:00 2001
From: Brian de Wolf <>
Date: Wed, 28 Apr 2010 17:08:32 +0000
Subject: [PATCH] Add L3::CiscoFWSM for Cisco Firewall Services Modules.

---
 ChangeLog                |   2 +
 DeviceMatrix.txt         |   6 +-
 Info.pm                  |   8 +-
 Info/Layer3.pm           |  14 ++-
 Info/Layer3/CiscoFWSM.pm | 223 +++++++++++++++++++++++++++++++++++++++
 5 files changed, 250 insertions(+), 3 deletions(-)
 create mode 100644 Info/Layer3/CiscoFWSM.pm

diff --git a/ChangeLog b/ChangeLog
index 02c4d185..932239bd 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,8 @@ version 2.02 ()
     + Support for older HP switch models moved to new L2::HP4000 class
     + Fix VLAN changing in L2::HP and L2::HP4000 classes
     * Updated model lists in HP classes
+    + [2980782] Added L3::CiscoFWSM for Cisco Firewall Services Modules
+      (Brian De Wolf)
 
 version 2.01 (06/12/09)
     + Added CiscoStpExtensions Class (Carlos Vicente)
diff --git a/DeviceMatrix.txt b/DeviceMatrix.txt
index 88eaeed8..b022ac80 100644
--- a/DeviceMatrix.txt
+++ b/DeviceMatrix.txt
@@ -398,7 +398,11 @@ device-family: Firewall
 class: Layer3::Cisco
 device: PIX Security Appliance
 device: Adaptive Security Applicance
-device: Firewall Services Moduels (FWSM)
+
+device: Firewall Services Modules (FWSM)
+note: !Arpnip only available for 4.x software releases.
+class: Layer3::CiscoFWSM
+arpnip: yes
 
 #
 # Cyclades
diff --git a/Info.pm b/Info.pm
index 3721281d..0cb6b1ff 100644
--- a/Info.pm
+++ b/Info.pm
@@ -641,6 +641,12 @@ This is a simple wrapper around Layer3 for IOS devices.  It adds on CiscoVTP.
 
 See documentation in L<SNMP::Info::Layer3::Cisco> for details.
 
+=item SNMP::Info::Layer3::CiscoFWSM
+
+Subclass for Cisco Firewall Services Modules.
+
+See documentation in L<SNMP::Info::Layer3::CiscoFWSM> for details.
+
 =item SNMP::Info::Layer3::Contivity
 
 Subclass for Nortel Contivity/VPN Routers.  
@@ -1422,7 +1428,7 @@ sub device_type {
             if ( $desc =~ /Cisco Adaptive Security Appliance/i );
 
         # Cisco FWSM
-        $objtype = 'SNMP::Info::Layer3::Cisco'
+        $objtype = 'SNMP::Info::Layer3::CiscoFWSM'
             if ( $desc =~ /Cisco Firewall Services Module/i );
 
     }
diff --git a/Info/Layer3.pm b/Info/Layer3.pm
index ece9808f..2a620f80 100644
--- a/Info/Layer3.pm
+++ b/Info/Layer3.pm
@@ -47,7 +47,7 @@ use SNMP::Info::PowerEthernet;
 
 use vars qw/$VERSION %GLOBALS %FUNCS %MIBS %MUNGE/;
 
-$VERSION = '2.01';
+$VERSION = '2.02-cvs';
 
 %MIBS = (
     %SNMP::Info::MIBS,
@@ -120,6 +120,17 @@ $VERSION = '2.01';
     'bgp_peer_in_upd'         => 'bgpPeerInUpdates',
     'bgp_peer_out_tot_msgs'   => 'bgpPeerOutTotalMessages',
     'bgp_peer_out_upd'        => 'bgpPeerOutUpdates',
+
+    # IP-MIB Net to Physical Table (ARP Cache)
+    'n2p_index' => 'ipNetToPhysicalIfIndex',
+    'n2p_naddrt' => 'ipNetToPhysicalNetAddressType',
+    'n2p_naddr' => 'ipNetToPhysicalNetAddress',
+    'n2p_paddr' => 'ipNetToPhysicalPhysAddress',
+    'n2p_lastupdate' => 'ipNetToPhysicalLastUpdated',
+    'n2p_ptype' => 'ipNetToPhysicalType',
+    'n2p_pstate' => 'ipNetToPhysicalState',
+    'n2p_pstatus' => 'ipNetToPhysicalRowStatus',
+
 );
 
 %MUNGE = (
@@ -132,6 +143,7 @@ $VERSION = '2.01';
     %SNMP::Info::PowerEthernet::MUNGE,
     'old_at_paddr' => \&SNMP::Info::munge_mac,
     'at_paddr'     => \&SNMP::Info::munge_mac,
+    'n2p_paddr' => \&SNMP::Info::munge_mac,
 );
 
 # Method OverRides
diff --git a/Info/Layer3/CiscoFWSM.pm b/Info/Layer3/CiscoFWSM.pm
new file mode 100644
index 00000000..d833dd92
--- /dev/null
+++ b/Info/Layer3/CiscoFWSM.pm
@@ -0,0 +1,223 @@
+# SNMP::Info::Layer3::CiscoFWSM
+# $Id$
+#
+# Copyright (c) 2010 Brian De Wolf
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+#     * Redistributions of source code must retain the above copyright notice,
+#       this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above copyright
+#       notice, this list of conditions and the following disclaimer in the
+#       documentation and/or other materials provided with the distribution.
+#     * Neither the name of the University of California, Santa Cruz nor the
+#       names of its contributors may be used to endorse or promote products
+#       derived from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+# LIABLE FOR # ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+
+package SNMP::Info::Layer3::CiscoFWSM;
+
+use strict;
+use Exporter;
+use SNMP::Info::Layer3::Cisco;
+
+@SNMP::Info::Layer3::CiscoFWSM::ISA = qw/SNMP::Info::Layer3::Cisco
+    Exporter/;
+@SNMP::Info::Layer3::CiscoFWSM::EXPORT_OK = qw//;
+
+use vars qw/$VERSION %GLOBALS %MIBS %FUNCS %MUNGE/;
+
+$VERSION = '2.02-cvs';
+
+%MIBS = (
+    %SNMP::Info::Layer3::Cisco::MIBS,
+);
+
+%GLOBALS = (
+    %SNMP::Info::Layer3::Cisco::GLOBALS,
+);
+
+%FUNCS = (
+    %SNMP::Info::Layer3::Cisco::FUNCS,
+
+);
+
+%MUNGE = (
+    %SNMP::Info::Layer3::Cisco::MUNGE,
+);
+
+
+# For FWSMs, the ipNetToPhysicalPhysAddress table appears to be of the form:
+# $ifindex.$inetaddresstype.$proto.$ip_address -> $mac_address
+#
+# Using the output of ipNetToPhysicalPhysAddress, we can emulate the other
+# functions.
+#
+# This doesn't really line up to what at_* return, so we munge it
+
+sub at_paddr {
+    my ($fwsm)    = shift;
+    my ($partial)  = shift;
+
+    my $paddrs = $fwsm->n2p_paddr($partial);
+    my $n_paddrs = {};
+    
+    foreach my $key (keys %$paddrs) {
+        my $paddr = $paddrs->{$key};
+        my @parts = split /\./, $key;
+	my ($ifindex, $addrtype, $proto) = splice @parts, 0, 3;
+	my $ip = join ".", @parts;
+
+	next if($proto != 4); # at_paddr doesn't support non-IPv4
+
+        $n_paddrs->{"$ifindex.$ip"} = $paddr;
+    }
+    return $n_paddrs;
+}
+
+sub at_netaddr {
+    my ($fwsm)    = shift;
+    my ($partial)  = shift;
+
+    my $paddrs = $fwsm->n2p_paddr($partial);
+
+    my $netaddrs = {};
+    
+    foreach my $key (keys %$paddrs) {
+        my $paddr = $paddrs->{$key};
+        my @parts = split /\./, $key;
+	my ($ifindex, $addrtype, $proto) = splice @parts, 0, 3;
+	my $ip = join ".", @parts;
+
+	next if($proto != 4); # at_netaddr doesn't support non-IPv4
+
+        $netaddrs->{"$ifindex.$ip"} = $ip;
+    }
+    return $netaddrs;
+}
+
+sub at_ifaddr {
+    my ($fwsm)    = shift;
+    my ($partial)  = shift;
+
+    my $paddrs = $fwsm->n2p_paddr($partial);
+
+    my $ifaddrs = {};
+    
+    foreach my $key (keys %$paddrs) {
+        my $paddr = $paddrs->{$key};
+        my @parts = split /\./, $key;
+	my ($ifindex, $addrtype, $proto) = splice @parts, 0, 3;
+	my $ip = join ".", @parts;
+
+	next if($proto != 4); # at_ifaddr doesn't support non-IPv4
+
+        $ifaddrs->{"$ifindex.$ip"} = $ip;
+    }
+    return $ifaddrs;
+}
+
+1;
+__END__
+
+=head1 NAME
+
+SNMP::Info::Layer3::CiscoFWSM - SNMP Interface to Firewall Services Modules for
+features not covered elsewhere.
+
+=head1 AUTHOR
+
+Brian De Wolf
+
+=head1 SYNOPSIS
+
+ # Let SNMP::Info determine the correct subclass for you. 
+ my $fwsm = new SNMP::Info(
+                        AutoSpecify => 1,
+                        Debug       => 1,
+                        # These arguments are passed directly to SNMP::Session
+                        DestHost    => 'myswitch',
+                        Community   => 'public',
+                        Version     => 2
+                        ) 
+    or die "Can't connect to DestHost.\n";
+
+ my $class      = $fwsm->class();
+ print "SNMP::Info determined this device to fall under subclass : $class\n";
+
+=head1 DESCRIPTION
+
+Subclass for Cisco Firewall Services Modules
+
+=head2 Inherited Classes
+
+=over
+
+=item SNMP::Info::Layer3::Cisco
+
+=back
+
+=head2 Required MIBs
+
+=over
+
+=item Inherited Classes' MIBs
+
+See L<SNMP::Info::Layer3::Cisco/"Required MIBs"> for its own MIB requirements.
+
+=back
+
+=head1 GLOBALS
+
+=head2 Global Methods imported from SNMP::Info::Layer3::Cisco
+
+See documentation in L<SNMP::Info::Layer3::Cisco/"GLOBALS"> for details.
+
+=head1 TABLE METHODS
+
+These are methods that return tables of information in the form of a reference
+to a hash.
+
+=over
+
+=back
+
+=head2 Overrides
+
+=over
+
+=item $fwsm->at_paddr()
+
+This function derives the at_paddr information from the n2p_paddr() table as
+the MIB to provide that information isn't supported on FWSMs.
+
+=item $fwsm->at_netaddr()
+
+This function derives the at_netaddr information from the n2p_paddr() table as
+the MIB to provide that information isn't supported on FWSMs.
+
+=item $fwsm->at_ifaddr()
+
+This function derives the at_ifaddr information from the n2p_paddr() table as
+the MIB to provide that information isn't supported on FWSMs.
+
+=back
+
+=head2 Table Methods imported from SNMP::Info::Layer3::Cisco
+
+See documentation in L<SNMP::Info::Layer3::Cisco/"TABLE METHODS"> for details.
+
+=cut