Пример 1. реализации шлюза Cisco на BeanShell c управлением ssh

Материал из BiTel WiKi

(Различия между версиями)

Версия 05:54, 16 апреля 2010

Подключение абонентов по схеме "vlan-на-клиента", при этом используется оборудование D-Link - на уровне доступа свитчи DES-1228G, в ядре - DGS-3610-26G. Это шлюз уровня доступа

Команды шлюза

[DEFAULT]
 
[REMOVE]
no vlan {VID}
[/REMOVE]
 
[OPEN]
 
vlan {VID}
exit
vlan 100
subvlan {VID}
exit
vlan {VID}
subvlan-address-range {addr1} {addr2}
exit
 
ip access-list extended 101
<LOOP>
no deny ip host {A} any
no deny ip any host {A}
</LOOP>
exit
[/OPEN]
 
[CLOSE]
interface gigabitethernet 0/22
no ip access-group 101 in
exit
ip access-list extended 101
no permit ip any any
<LOOP>
deny ip host {A} any
deny ip any host {A}
</LOOP>
permit ip any any
exit
interface gigabitethernet 0/22
ip access-group 101 in
exit
[/CLOSE]
[/DEFAULT]

скрпит шлюза

import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.StringTokenizer;
 
import bitel.billing.common.module.ipn.IPNContractStatus;
import bitel.billing.server.ipn.GateWorker;
import bitel.billing.server.ipn.UserStatus;
import bitel.billing.server.ipn.bean.*;
import bitel.billing.server.util.DefaultServerSetup;
import bitel.billing.server.util.Utils;
import bitel.billing.server.util.telnet.OperationTimedoutException;
import bitel.billing.server.util.telnet.TelnetSession;
import ru.bitel.bgbilling.common.DefaultSetup;
import bitel.billing.common.IPUtils;
import bitel.billing.server.util.Utils;
import bitel.billing.server.util.telnet.OperationTimedoutException;
import bitel.billing.server.util.telnet.TelnetSession;
import ru.bitel.bgbilling.modules.ipn.common.bean.*;
import bitel.billing.server.util.telnet.ansi.TelnetAnsiSession;
 
//includeBGBS( "bgbs://ru.bitel.bgbilling.kernel.script.common.bean.ScriptLibrary/manad" ); 
 
protected void doSync()
{
		log.info( "start of cisco........................................................");
 
		host = gate.getHost();
		port = gate.getPort();
 
 
		DefaultServerSetup gateSetup = new DefaultServerSetup( gate.getConfig(), "\r\n" );        
 
		pswd = gate.getKeyword();		
		login = gateSetup.getStringValue( "login");
       timeout = gateSetup.getIntValue( "timeout", 0 );		
 
		result = new StringBuffer();
 
 
		if( log.isDebugEnabled() )
		{
		    log.debug( gate.getId() + " gate: " + host + ":" + port  + " login: " + login + " passwd: " + 		 pswd );
		}
 
 
 		log.debug("before connect");
		session = new TelnetAnsiSession( host, port);
       session.setTimeout( timeout );
		session.setLoginPromptSequence( ":" );						
		result.append( session.connect() );
		log.debug("after connect");
 
		result.append( session.doCommand( login ) );
		log.debug("after login");
		session.setLoginPromptSequence( "#" );
		result.append( session.doCommand( pswd ) );
		log.debug("after pswd");
 
		result.append( session.doCommand( "terminal length 0" ) );
		result.append( session.doCommand( "terminal width 0" ) );
 
		log.debug("after terminal");
 
		result.append( session.doCommand( "configure terminal" ) );
 
		log.debug( "execute commands" );
		doCommands( session, result, gateSetup );
 
		result.append( session.doCommand( "exit" ) );
		result.append( session.doCommand( "write memory" ) );
		session.doCommandAsync( "exit" );
 
 
		log.info("!!!!!!!!!!!start of log!!!!!!!!!!!!!!!!!!!!!");
		log.info( result );
		log.info("!!!!!!!!!!!!!!! end of log !!!!!!!!!!!!!!!!!");		
 
		log.debug( "ok" );
 
 
	log.info( "end of cisco........................................................");
 
}
 
protected void add()
{
 
}
 
 
private void doCommands( session, result, gateSetup) throws IOException, OperationTimedoutException
{		
	acl = gateSetup.getStringValue( "acl");
 
	vlanResult = getVlanResult( session );	
    log.info( "!!!!!!!!!!!!!!!!!!!!!!!!!!vlanResult!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" );	
	log.info( vlanResult );	
	log.info( "!!!!!!!!!!!!!!!!!!!!!!!!!!vlanResult!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" );	
 
	aclResult = getAclResult( session, acl );
 
	log.info( "!!!!!!!!!!!!!!!!!!!!!!!!!!aclResult!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" );	
	log.info( aclResult );	
	log.info( "!!!!!!!!!!!!!!!!!!!!!!!!!! end aclResult!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" );	
 
	for( UserStatus status : statusList )
	{
		VlanManager manager = new VlanManager(status.mid, con); 
		gateId  = gate.getId();
		//log.info("gateId=" + gateId);
		vid = manager.getVlan( gateId, status.contractId );
		//log.info("vid=" + vid);	
		log.debug( "status=" + status.status);	
 
 
		String addr1 = null;
		String addr2 = null;
 
   		date = new GregorianCalendar();
 
		AddressRangeManager man = new AddressRangeManager( con, mid );
   		addressList = man.getContractAddressRange( status.contractId , date, -1 );
   		if ( addressList.size() > 0 )
   		{
        	AddressRange range =  addressList.get(0);
			addr1 = IPUtils.convertIpToString( range.getAddr1() );
			addr2 = IPUtils.convertIpToString( range.getAddr2() );	
		}
		else
		{
			log.info( "empty adress on cid = " + status.contractId );
			continue;
		}
 
 
		rules = null;
		if (status.status == IPNContractStatus.STATUS_OPEN && (!vlanExists(vid, vlanResult) ||  isUserDenied( addr1, addr2, aclResult) ) )
		{ 
			rules = getOpenRules( status, vid, gateSetup, addr1, addr2, acl ); 
		} 			
		else if (status.status == IPNContractStatus.STATUS_REMOVED && ( vlanExists(vid, vlanResult) || isUserDenied( addr1, addr2,aclResult)  ) )
		{
			rules = getRemoveRules( status, vid, gateSetup, addr1, addr2, acl );	
		}
		//if closed and etc 
		else if ( status.status != IPNContractStatus.STATUS_OPEN && status.status != IPNContractStatus.STATUS_REMOVED &&  !isUserDenied( addr1, addr2, aclResult) )
		{
			rules = getCloseRules( status, vid, gateSetup, addr1, addr2, acl );
		}
 
		if (vid > 0 && rules != null )
		{
			for ( String rule : rules )
			{					
				//log.debug  ("command=" + rule );
				result.append(  session.doCommand( rule ) );				
			}
		}
 
	}		
 
}
 
getOpenRules( status, vid, gateSetup, addr1, addr2, acl )
{
   log.debug( "geting open rules..."); 
	return getRules( status, "\\[OPEN\\](.*)\\[/OPEN\\]", vid, gateSetup, addr1, addr2, acl );
}
 
getCloseRules( status, vid, gateSetup, addr1, addr2, acl )
{
   log.debug( "geting close rules...");  
	return getRules( status, "\\[CLOSE\\](.*)\\[/CLOSE\\]", vid, gateSetup, addr1, addr2, acl );
}
 
getRemoveRules( UserStatus status, vid, gateSetup, addr1, addr2, acl )
{    
   log.debug( "geting remove rules...");  
	return getRules( status, "\\[REMOVE\\](.*)\\[/REMOVE\\]", vid, gateSetup, addr1, addr2, acl );
}
 
getRules(  status, template, vid, gateSetup, addr1, addr2, acl )
{
	// пользовательское правило, без типа - то все оставляем как есть
	CiscoRule  ciscoRule = new CiscoRule ( status.rule.getRuleText() );
	rule = ciscoRule.getAddresses();
 
	//log.info("rule=" + rule);
 
	//типизированное правило
	if( status.ruleType != null )
 
	{	
	    rule = generateRule( rule, status.gateType, status.ruleType, vid, status.contractId, gateSetup, addr1, addr2, acl );
	}
 
	//log.info("rule=" + rule);
 
 
 
	pattern = Pattern.compile( template, Pattern.DOTALL );
	m = pattern.matcher( rule );
	if (m.find())
	{
	    rule = m.group( 1 );
	}		
 
	rule.replaceAll( "\r", "" );
 
 
	parts  = rule.split( "\n" );
 
	result = new ArrayList();
	for ( String part : parts )
	{
		if ( !Utils.isEmptyString( part ))
		{
			result.add( part );
		}
	}
 
	return result;
}		
 
generateRule( addresses, gateType, ruleType, int vid, int cid, gateSetup, addr1, addr2, acl )
{		
 		 supervlan = gateSetup.getIntValue( "supervlan", 0 );
 
		 Map replacements = new HashMap();
 
        if ( addr1 != null && addr2 != null )
		 {
			replacements.put( "\\{addr1\\}", addr1 );
			replacements.put( "\\{addr2\\}", addr2 );
			replacements.put( "\\{SUPERVLAN\\}", String.valueOf( supervlan) );
			replacements.put( "\\{ACL\\}", acl );
		 }
 
    ruleText = ManadUtils.getRule( gateType, ruleType );
    if ( vid > 0)
    {
        replacements.put( "\\{VID\\}", String.valueOf( vid ) );
    }
    return ManadUtils.generateRule( ruleText, addresses, replacements, ruleType );		
}
 
private isUserDenied ( addr1, addr2, buffer)
{
	//эскейпируем точки в адресе
	String address1 = addr1.replace( ".", "\\." );
	String address2 = addr2.replace( ".", "\\." );
 
	return isUserDeniedForAddress( address1, buffer ) &&  isUserDeniedForAddress( address2, buffer );
}
 
private isUserDeniedForAddress ( address, buffer)
{
	//эскейпируем точки в адресе
	//String address = addr1.replace( ".", "\\." );
	//log.debug( "aaddr1=" + address );
	String template = ".*deny ip host\\s+" + address + "\\s+any.*$";
	//log.debug( "template=" + template );
	Pattern pattern = Pattern.compile( template, Pattern.DOTALL );
	Matcher m = pattern.matcher( buffer );
	boolean found = m.find();
	if ( found ) 
	{
		log.debug( "user2 denied" );
		return true;
	}
 
 
 
	pattern = Pattern.compile( ".*deny ip any host\\s" + address + "\\s.*$", Pattern.DOTALL );
	m = pattern.matcher( buffer );
	found = m.find();
	log.debug( found ? "user denied" :"user not denied" );	
 
 
	return found;
 
}
 
 
private vlanExists ( vlan, buffer)
{
	Pattern pattern = Pattern.compile( ".*" + vlan + "\\s+ON\\s+.*", Pattern.DOTALL );
	Matcher m = pattern.matcher( buffer );
	found = m.find();
	log.debug( found ? "vlan found" : "vlan not found" );
 
 
	return found;
}
 
private getVlanResult( session )
{
	return session.doCommand( "show supervlan"); 
}
 
private getAclResult( session, acl )
{
	return session.doCommand( "show access-lists " + acl ); 
}

Пример 1. реализации шлюза Cisco на BeanShell c управлением ssh

Материал из BiTel WiKi

Версия 05:54, 16 апреля 2010

Просмотры

Личные инструменты

Навигация

Поиск

Инструменты