Пример 1. реализации шлюза Cisco на BeanShell c управлением ssh
Материал из BiTel WiKi
Версия от 05:54, 16 апреля 2010; Stark (Обсуждение | вклад)
Подключение абонентов по схеме "vlan-на-клиента", при этом используется оборудование D-Link - на уровне доступа свитчи DES-1228G, в ядре - DGS-3610-26G. Это шлюз ядра(DGS-3610-26G).
Команды шлюза
[DEFAULT] [REMOVE] no vlan {VID} [/REMOVE] [OPEN] vlan {VID} exit vlan 100 subvlan {VID} exit vlan {VID} subvlan-address-range {addr1} {addr2} exit ip access-list extended 101 <LOOP> no deny ip host {A} any no deny ip any host {A} </LOOP> exit [/OPEN] [CLOSE] interface gigabitethernet 0/22 no ip access-group 101 in exit ip access-list extended 101 no permit ip any any <LOOP> deny ip host {A} any deny ip any host {A} </LOOP> permit ip any any exit interface gigabitethernet 0/22 ip access-group 101 in exit [/CLOSE] [/DEFAULT]
скрпит шлюза
import java.io.IOException; import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.regex.Matcher; import java.util.regex.Pattern; import java.util.StringTokenizer; import bitel.billing.common.module.ipn.IPNContractStatus; import bitel.billing.server.ipn.GateWorker; import bitel.billing.server.ipn.UserStatus; import bitel.billing.server.ipn.bean.*; import bitel.billing.server.util.DefaultServerSetup; import bitel.billing.server.util.Utils; import bitel.billing.server.util.telnet.OperationTimedoutException; import bitel.billing.server.util.telnet.TelnetSession; import ru.bitel.bgbilling.common.DefaultSetup; import bitel.billing.common.IPUtils; import bitel.billing.server.util.Utils; import bitel.billing.server.util.telnet.OperationTimedoutException; import bitel.billing.server.util.telnet.TelnetSession; import ru.bitel.bgbilling.modules.ipn.common.bean.*; import bitel.billing.server.util.telnet.ansi.TelnetAnsiSession; //includeBGBS( "bgbs://ru.bitel.bgbilling.kernel.script.common.bean.ScriptLibrary/manad" ); protected void doSync() { log.info( "start of cisco........................................................"); host = gate.getHost(); port = gate.getPort(); DefaultServerSetup gateSetup = new DefaultServerSetup( gate.getConfig(), "\r\n" ); pswd = gate.getKeyword(); login = gateSetup.getStringValue( "login"); timeout = gateSetup.getIntValue( "timeout", 0 ); result = new StringBuffer(); if( log.isDebugEnabled() ) { log.debug( gate.getId() + " gate: " + host + ":" + port + " login: " + login + " passwd: " + pswd ); } log.debug("before connect"); session = new TelnetAnsiSession( host, port); session.setTimeout( timeout ); session.setLoginPromptSequence( ":" ); result.append( session.connect() ); log.debug("after connect"); result.append( session.doCommand( login ) ); log.debug("after login"); session.setLoginPromptSequence( "#" ); result.append( session.doCommand( pswd ) ); log.debug("after pswd"); result.append( session.doCommand( "terminal length 0" ) ); result.append( session.doCommand( "terminal width 0" ) ); log.debug("after terminal"); result.append( session.doCommand( "configure terminal" ) ); log.debug( "execute commands" ); doCommands( session, result, gateSetup ); result.append( session.doCommand( "exit" ) ); result.append( session.doCommand( "write memory" ) ); session.doCommandAsync( "exit" ); log.info("!!!!!!!!!!!start of log!!!!!!!!!!!!!!!!!!!!!"); log.info( result ); log.info("!!!!!!!!!!!!!!! end of log !!!!!!!!!!!!!!!!!"); log.debug( "ok" ); log.info( "end of cisco........................................................"); } protected void add() { } private void doCommands( session, result, gateSetup) throws IOException, OperationTimedoutException { acl = gateSetup.getStringValue( "acl"); vlanResult = getVlanResult( session ); log.info( "!!!!!!!!!!!!!!!!!!!!!!!!!!vlanResult!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" ); log.info( vlanResult ); log.info( "!!!!!!!!!!!!!!!!!!!!!!!!!!vlanResult!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" ); aclResult = getAclResult( session, acl ); log.info( "!!!!!!!!!!!!!!!!!!!!!!!!!!aclResult!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" ); log.info( aclResult ); log.info( "!!!!!!!!!!!!!!!!!!!!!!!!!! end aclResult!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" ); for( UserStatus status : statusList ) { VlanManager manager = new VlanManager(status.mid, con); gateId = gate.getId(); //log.info("gateId=" + gateId); vid = manager.getVlan( gateId, status.contractId ); //log.info("vid=" + vid); log.debug( "status=" + status.status); String addr1 = null; String addr2 = null; date = new GregorianCalendar(); AddressRangeManager man = new AddressRangeManager( con, mid ); addressList = man.getContractAddressRange( status.contractId , date, -1 ); if ( addressList.size() > 0 ) { AddressRange range = addressList.get(0); addr1 = IPUtils.convertIpToString( range.getAddr1() ); addr2 = IPUtils.convertIpToString( range.getAddr2() ); } else { log.info( "empty adress on cid = " + status.contractId ); continue; } rules = null; if (status.status == IPNContractStatus.STATUS_OPEN && (!vlanExists(vid, vlanResult) || isUserDenied( addr1, addr2, aclResult) ) ) { rules = getOpenRules( status, vid, gateSetup, addr1, addr2, acl ); } else if (status.status == IPNContractStatus.STATUS_REMOVED && ( vlanExists(vid, vlanResult) || isUserDenied( addr1, addr2,aclResult) ) ) { rules = getRemoveRules( status, vid, gateSetup, addr1, addr2, acl ); } //if closed and etc else if ( status.status != IPNContractStatus.STATUS_OPEN && status.status != IPNContractStatus.STATUS_REMOVED && !isUserDenied( addr1, addr2, aclResult) ) { rules = getCloseRules( status, vid, gateSetup, addr1, addr2, acl ); } if (vid > 0 && rules != null ) { for ( String rule : rules ) { //log.debug ("command=" + rule ); result.append( session.doCommand( rule ) ); } } } } getOpenRules( status, vid, gateSetup, addr1, addr2, acl ) { log.debug( "geting open rules..."); return getRules( status, "\\[OPEN\\](.*)\\[/OPEN\\]", vid, gateSetup, addr1, addr2, acl ); } getCloseRules( status, vid, gateSetup, addr1, addr2, acl ) { log.debug( "geting close rules..."); return getRules( status, "\\[CLOSE\\](.*)\\[/CLOSE\\]", vid, gateSetup, addr1, addr2, acl ); } getRemoveRules( UserStatus status, vid, gateSetup, addr1, addr2, acl ) { log.debug( "geting remove rules..."); return getRules( status, "\\[REMOVE\\](.*)\\[/REMOVE\\]", vid, gateSetup, addr1, addr2, acl ); } getRules( status, template, vid, gateSetup, addr1, addr2, acl ) { // пользовательское правило, без типа - то все оставляем как есть CiscoRule ciscoRule = new CiscoRule ( status.rule.getRuleText() ); rule = ciscoRule.getAddresses(); //log.info("rule=" + rule); //типизированное правило if( status.ruleType != null ) { rule = generateRule( rule, status.gateType, status.ruleType, vid, status.contractId, gateSetup, addr1, addr2, acl ); } //log.info("rule=" + rule); pattern = Pattern.compile( template, Pattern.DOTALL ); m = pattern.matcher( rule ); if (m.find()) { rule = m.group( 1 ); } rule.replaceAll( "\r", "" ); parts = rule.split( "\n" ); result = new ArrayList(); for ( String part : parts ) { if ( !Utils.isEmptyString( part )) { result.add( part ); } } return result; } generateRule( addresses, gateType, ruleType, int vid, int cid, gateSetup, addr1, addr2, acl ) { supervlan = gateSetup.getIntValue( "supervlan", 0 ); Map replacements = new HashMap(); if ( addr1 != null && addr2 != null ) { replacements.put( "\\{addr1\\}", addr1 ); replacements.put( "\\{addr2\\}", addr2 ); replacements.put( "\\{SUPERVLAN\\}", String.valueOf( supervlan) ); replacements.put( "\\{ACL\\}", acl ); } ruleText = ManadUtils.getRule( gateType, ruleType ); if ( vid > 0) { replacements.put( "\\{VID\\}", String.valueOf( vid ) ); } return ManadUtils.generateRule( ruleText, addresses, replacements, ruleType ); } private isUserDenied ( addr1, addr2, buffer) { //эскейпируем точки в адресе String address1 = addr1.replace( ".", "\\." ); String address2 = addr2.replace( ".", "\\." ); return isUserDeniedForAddress( address1, buffer ) && isUserDeniedForAddress( address2, buffer ); } private isUserDeniedForAddress ( address, buffer) { //эскейпируем точки в адресе //String address = addr1.replace( ".", "\\." ); //log.debug( "aaddr1=" + address ); String template = ".*deny ip host\\s+" + address + "\\s+any.*$"; //log.debug( "template=" + template ); Pattern pattern = Pattern.compile( template, Pattern.DOTALL ); Matcher m = pattern.matcher( buffer ); boolean found = m.find(); if ( found ) { log.debug( "user2 denied" ); return true; } pattern = Pattern.compile( ".*deny ip any host\\s" + address + "\\s.*$", Pattern.DOTALL ); m = pattern.matcher( buffer ); found = m.find(); log.debug( found ? "user denied" :"user not denied" ); return found; } private vlanExists ( vlan, buffer) { Pattern pattern = Pattern.compile( ".*" + vlan + "\\s+ON\\s+.*", Pattern.DOTALL ); Matcher m = pattern.matcher( buffer ); found = m.find(); log.debug( found ? "vlan found" : "vlan not found" ); return found; } private getVlanResult( session ) { return session.doCommand( "show supervlan"); } private getAclResult( session, acl ) { return session.doCommand( "show access-lists " + acl ); }
