#!/usr/bin/perl # IBM(c) 2007 EPL license http://www.eclipse.org/legal/epl-v10.html package xCAT::MacMap; use xCAT::Table; use xCAT::Utils; use xCAT::MsgUtils; use IO::Select; use IO::Handle; use Sys::Syslog; use Data::Dumper; use SNMP; my %cisco_vlans; #Special hash structure to reflect discovered VLANS on Cisco equip #use IF-MIB (1.3.6.1.2.1.2) for all switches # 1.3.6.1.2.1.31.1.1 - ifXtable # 1.3.6.1.2.1.31.1.1.1.1.N = name - ifName #Using BRIDGE-MIB for most switches( 1.3.6.1.2.1.17 ) # 1.3.6.1.2.1.17.1.4 - dot1dBasePortTable # 1.3.6.1.2.1.17.1.4.1.1.X = N - dot1dBasePort # 1.3.6.1.2.1.17.4.3 - dot1dTpFdbTable #FAILS on FORCE10, # #If particular result fails, fallback to Q-BRIDGE-MIB for Force10 (1.3.6.1.2.1.17.7) # 1.3.6.1.2.1.17.7.1.2.2 - dot1qTpFdbTable sub namesmatch { =pod MacMap attempts to do it's best to determine whether or not a particular SNMP description of a port matches the user specified value in the configuration. Generally, if the configuration consists of non-stacked switches without line cards, the user should only need to specify the port number without any characters or / characters. If the configuration contains line cards or stacked switches, use of that particular switch's appropriate / syntax in generally called for. The exception being stacked SMC 8848 switches, in which all ports are still single numbers, and the ports on the second switch begin at 57. If difficulty is encountered, or a switch is attempted with a format that doesn't match any existing rule, it is recommended to use snmpwalk on the switch with the .1.3.6.1.2.1.31.1.1.1.1 OID, and have the switch table port value match exactly the format suggested by that OID. =cut my $namepercfg = shift; my $namepersnmp = shift; if ($namepercfg eq $namepersnmp) { return 1; # They matched perfectly } #Begin guessing, first off, all tested scenarios have likely correct guesses ending #in the cfg string, with some non-numeric prefix before it. unless ($namepersnmp =~ /[^0123456789]$namepercfg\z/) { #Most common case, won't match at all return 0; } #3com convention, contributed by Aaron Knister if ( $namepersnmp =~ /^RMON Port (0?)(\d+) on unit \d+/ ) { if ( $2 =~ $namepercfg ) { return 1; } } #stop contemplating vlan, Nu, and console interfaces if (($namepersnmp =~ /vl/i) or ($namepersnmp =~ /Nu/) or ($namepersnmp =~ /onsole/)) { return 0; } #broken up for code readablitiy, don't check port channel numbers or CPU #have to distinguish betweer Port and Po and PortChannel if (($namepersnmp !~ /Port #/) and ($namepersnmp !~ /Port\d/) and ($namepersnmp =~ /Po/) or ($namepersnmp =~ /LAG/) or ($namepersnmp =~ /CPU/)) { return 0; } #don't contemplate ManagementEthernet if (($namepersnmp =~ /Management/)) { return 0; } #The blacklist approach has been exhausted. For now, assuming that means good, #if something ambiguous happens, the whitelist would have been: #'Port','Port #','/' (if namepercfg has no /, then / would be...), #'Gi','Te','GigabitEthernet','TenGigabitEthernet' return 1; } sub new { my $self = {}; my $proto = shift; my $class = ref($proto) || $proto; bless ($self, $class); return $self; } sub find_mac { # This function is given a mac address, checks for given mac address # and returns undef if unable to find the node, and the nodename otherwise my $self = shift; my $mac = shift; my $cachedonly = shift; # For now HARDCODE (TODO, configurable?) a cache as stale after five minutes # Also, if things are changed in the config, our cache could be wrong, # invalidate on switch table write? if ($self->{mactable}->{lc($mac)} and ($self->{timestamp} > (time() - 300))) { my $reftbl = 0; foreach (keys %{$self->{mactable}}) { if ((lc($mac) ne $_) and ($self->{mactable}->{lc($mac)} eq $self->{mactable}->{$_})) { #$reftbl = 1; #Delete *possibly* stale data, without being heavy handed.. delete $self->{mactable}->{$_}; } } unless ($reftbl) { return $self->{mactable}->{lc($mac)};} } #If requesting a cache only check or the cache is a mere 20 seconds old #don't bother querying switches if ($cachedonly or ($self->{timestamp} > (time() - 20))) { return undef; } $self->refresh_table; #not cached or stale cache, refresh if ($self->{mactable}->{lc($mac)}) { return $self->{mactable}->{lc($mac)}; } return undef; } sub refresh_table { my $self = shift; my $curswitch; $self->{mactable}={}; $self->{switchtab} = xCAT::Table->new('switch', -create => 1); $self->{switchestab} = xCAT::Table->new('switches', -create => 1); my @switchentries=$self->{switchestab}->getAllAttribs(qw(switch snmpversion username password privacy auth)); $self->{switchparmhash}={}; my $community = "public"; $self->{sitetab} = xCAT::Table->new('site'); my $tmp = $self->{sitetab}->getAttribs({key=>'snmpc'},'value'); if ($tmp and $tmp->{value}) { $community = $tmp->{value} } else { #Would warn here.. } foreach (@switchentries) { $curswitch=$_->{switch}; $self->{switchparmhash}->{$curswitch}=$_; if ($_->{snmpversion}) { if ($_->{snmpversion} =~ /3/) { #clean up to accept things like v3 or ver3 or 3, whatever. $self->{switchparmhash}->{$curswitch}->{snmpversion}=3; unless ($_->{auth}) { $self->{switchparmhash}->{$curswitch}->{auth}='md5'; #Default to md5 auth if not specified but using v3 } } elsif ($_->{snmpversion} =~ /2/) { $self->{switchparmhash}->{$curswitch}->{snmpversion}=2; } else { $self->{switchparmhash}->{$curswitch}->{snmpversion}=1; #Default to lowest common denominator, snmpv1 } } unless (defined $_->{password}) { #if no password set, inherit the community $self->{switchparmhash}->{$curswitch}->{password}=$community; } } my %checked_pairs; my @entries = $self->{switchtab}->getAllNodeAttribs(['node','port','switch']); #Build hash of switch port names per switch $self->{switches} = {}; foreach $entry (@entries) { if (defined($entry->{switch}) and $entry->{switch} ne "" and defined($entry->{port}) and $entry->{port} ne "") { $self->{switches}->{$entry->{switch}}->{$entry->{port}}=$entry->{node}; } else { xCAT::MsgUtils->message("S","xCAT Table error:".$entry->{node}."Has missing or invalid switch.switch and/or switch.port fields"); } } my $children = 0; my $inputs = new IO::Select; $SIG{CHLD}= sub { while(waitpid(-1,WNOHANG) > 0) { $children-- } }; foreach $entry (@entries) { if ($checked_pairs{$entry->{switch}}) { next; } $checked_pairs{$entry->{switch}}=1; pipe my $child,my $parent; $child->autoflush(1); $parent->autoflush(1); $children++; $cpid = xCAT::Utils->xfork; unless (defined $cpid) { die "Cannot fork" }; if ($cpid == 0) { close($child); $self->refresh_switch($parent,$community,$entry->{switch}); exit(0); } close($parent); $inputs->add($child); } while($children) { $self->handle_output($inputs); } while ($self->handle_output($inputs)) {}; #Drain the pipes $self->{timestamp}=time; } sub handle_output { my $self = shift; my $inputs = shift; my @readied = $inputs->can_read(1); my $rc = @readied; my $ready; foreach $ready (@readied) { my $line = <$ready>; unless ($line) { $inputs->remove($ready); close($ready); next; } $line =~ m/^([^|]*)\|(.*)/; $self->{mactable}->{$1}=$2; } return $rc; } sub walkoid { my $session = shift; my $oid = shift; my $retmap = undef; my $varbind = new SNMP::Varbind([$oid,'']); $session->getnext($varbind); if ($session->{ErrorStr}) { xCAT::MsgUtils->message("S","Error communicating with ".$session->{DestHost}.": ".$session->{ErrorStr}); return undef; } my $count=0; while ($varbind->[0] =~ /^$oid\.?(.*)/) { $count++; if ($1) { $retmap->{$1.".".$varbind->[1]}=$varbind->[2]; #If $1 is set, means key should } else { $retmap->{$varbind->[1]}=$varbind->[2]; #If $1 is set, means key should } $session->getnext($varbind); } return $retmap; } sub refresh_switch { my $self = shift; my $output = shift; my $community = shift; my $switch = shift; my $snmpver='1'; my $swent; $swent = $self->{switchparmhash}->{$switch}; if ($swent) { $snmpver=$swent->{snmpversion}; $community=$swent->{password}; } if ($snmpver ne '3') { $session = new SNMP::Session( DestHost => $switch, Version => $snmpver, Community => $community, UseNumeric => 1 ); } else { #we have snmp3 if ($swent->{privacy}) { $session = new SNMP::Session( DestHost => $switch, SecName => $swent->{username}, AuthProto => uc($swent->{auth}), AuthPass => $community, SecLevel => 'authPriv', PrivProto => uc($swent->{privacy}), PrivPass => $community, Version => $snmpver, UseNumeric => 1 ); } else { $session = new SNMP::Session( DestHost => $switch, SecName => $swent->{username}, AuthProto => uc($swent->{auth}), AuthPass => $community, SecLevel => 'authNoPriv', Version => $snmpver, UseNumeric => 1 ); } } #if ($error) { die $error; } unless ($session) { xCAT::MsgUtils->message("S","Failed to communicate with $switch"); return; } my $namemap = walkoid($session,'.1.3.6.1.2.1.31.1.1.1.1'); if ($namemap) { my $ifnamesupport=0; #Assume broken ifnamesupport until proven good... (Nortel switch) foreach (keys %{$namemap}) { if ($namemap->{$_}) { $ifnamesupport=1; last; } } unless ($ifnamesupport) { $namemap=0; } } unless ($namemap) { #Failback to ifDescr. ifDescr is close, but not perfect on some switches $namemap = walkoid($session,'.1.3.6.1.2.1.2.2.1.2'); } unless ($namemap) { return; } #Above is valid without community string indexing, on cisco, we need it on the next one and onward my $iftovlanmap = walkoid($session,'.1.3.6.1.4.1.9.9.68.1.2.2.1.2'); my %vlans_to_check; if (defined($iftovlanmap)) { #We have a cisco, the intelligent thing is to do SNMP gets on the ports # that we can verify are populated per switch table my $portid; foreach $portid (keys %{$namemap}) { my $portname; my $switchport = $namemap->{$portid}; foreach $portname (keys %{$self->{switches}->{$switch}}) { unless (namesmatch($portname,$switchport)) { next } $vlans_to_check{"".$iftovlanmap->{$portid}} = 1; #cast to string, may not be needed } } } else { $vlans_to_check{'NA'}=1; } my $vlan; foreach $vlan (sort keys %vlans_to_check) { #Sort, because if numbers, we want 1 first unless ($vlan eq 'NA' or $vlan eq '1') { #don't subject users to the context pain unless needed if ($snmpver ne '3') { $session = new SNMP::Session( DestHost => $switch, Version => $snmpver, Community => $community."@".$vlan, UseNumeric => 1 ); } else { #Cisco and snmpv3 with non-default vlan, user will have to do lots of configuration to grant context access if ($swent->{privacy}) { $session = new SNMP::Session( DestHost => $switch, SecName => $swent->{username}, AuthProto => uc($swent->{auth}), AuthPass => $community, SecLevel => 'authPriv', PrivProto => uc($swent->{privacy}), PrivPass => $community, Version => $snmpver, Context => "vlan-".$vlan, UseNumeric => 1 ); } else { $session = new SNMP::Session( DestHost => $switch, SecName => $swent->{username}, AuthProto => uc($swent->{auth}), AuthPass => $community, SecLevel => 'authNoPriv', Version => $snmpver, Context => "vlan-".$vlan, UseNumeric => 1 ); } } } unless ($session) { return; } my $bridgetoifmap = walkoid($session,'.1.3.6.1.2.1.17.1.4.1.2'); # Good for all switches # my $mactoindexmap = walkoid($session,'.1.3.6.1.2.1.17.4.3.1.2'); my $mactoindexmap = walkoid($session,'.1.3.6.1.2.1.17.7.1.2.2.1.2'); unless (defined($mactoindexmap)) { #if no qbridge defined, try bridge mib, probably cisco #$mactoindexmap = walkoid($session,'.1.3.6.1.2.1.17.7.1.2.2.1.2'); $mactoindexmap = walkoid($session,'.1.3.6.1.2.1.17.4.3.1.2'); } #Ok, time to process the data foreach my $oid (keys %$namemap) { #$oid =~ m/1.3.6.1.2.1.31.1.1.1.1.(.*)/; my $ifindex = $oid; my $portname; my $switchport = $namemap->{$oid}; foreach $portname (keys %{$self->{switches}->{$switch}}) { # a little redundant, but # computationally trivial unless (namesmatch($portname,$switchport)) { next } #if still running, we have match foreach my $boid (keys %$bridgetoifmap) { unless ($bridgetoifmap->{$boid} == $ifindex) { next; } my $bridgeport = $boid; foreach (keys %$mactoindexmap) { if ($mactoindexmap->{$_} == $bridgeport) { my @tmp = split /\./, $_; my @mac = @tmp[-6 .. -1]; printf $output "%02x:%02x:%02x:%02x:%02x:%02x|%s\n",@mac,$self->{switches}->{$switch}->{$portname}; } } } } } } } 1;