Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cisco ASA "show vpn-sessiondb anyconnect" parser doesn't support IPv6 addresses #751

Closed
smfeldman opened this issue Jun 7, 2020 · 2 comments
Closed

Cisco ASA "show vpn-sessiondb anyconnect" parser doesn't support IPv6 addresses #751

smfeldman opened this issue Jun 7, 2020 · 2 comments

Comments

@smfeldman
Copy link
Contributor

ISSUE TYPE
  • Bug Report
TEMPLATE USING

(This is templates/cisco_asa_show_vpn-sessiondb_anyconnect.textfsm.)

Value Filldown,Required SESSION_TYPE (\S+)
Value USERNAME (\S+)
Value Required INDEX (\d+)
Value ASSIGNED_IP (\d+\.\d+\.\d+\.\d+)
Value PUBLIC_IP (\d+\.\d+\.\d+\.\d+)
Value PROTOCOL (.+?)
Value LICENSE (.+?)
Value ENCRYPTION (.+?)
Value HASHING (.+?)
Value BYTES_TX (\d+)
Value BYTES_RX (\d+)
Value GROUP_POLICY (\S+)
Value TUNNEL_GROUP (\S+)
Value LOGIN_TIME (\d+:\d+:\d+)
Value LOGIN_TIME_ZONE (\w+)
Value LOGIN_WEEKDAY (\w+)
Value LOGIN_MONTH (\w+)
Value LOGIN_DAY (\d+)
Value LOGIN_YEAR (\d+)
Value DURATION (.+?)
Value INACTIVITY (.+?)
Value VLAN_MAPPING (\S+)
Value VLAN (.+?)
Value AUDT_SESS_ID (.+?)
Value SECURITY_GRP (\S+)

Start
  ^Session\s+Type:\s+${SESSION_TYPE}$$ -> Connection

Connection
  ^\s*Username\s*:\s+${USERNAME}\s+Index\s+:\s*${INDEX}$$
  ^\s*Username\s*:\s+${USERNAME}$$
  ^\s*Index\s*:\s+${INDEX}$$
  ^\s*Assigned\s+IP\s*:\s+${ASSIGNED_IP}\s+Public\s*IP\s*:\s*${PUBLIC_IP}$$
  ^\s*Assigned\s+IP\s*:\s+${ASSIGNED_IP}$$
  ^\s*Public\s+IP\s*:\s+${PUBLIC_IP}$$
  ^\s*Protocol\s+:\s+${PROTOCOL}$$
  ^\s*License\s+:\s*${LICENSE}$$
  ^\s*Encryption\s+:\s*${ENCRYPTION}$$
  ^\s*Hashing\s+:\s*${HASHING}$$
  ^\s*Bytes\s+Tx\s+:\s+${BYTES_TX}\s+Bytes\s+Rx\s+:\s+${BYTES_RX}$$
  ^\s*Group\s+Policy\s+:\s+${GROUP_POLICY}\s+Tunnel\s+Group\s+:\s+${TUNNEL_GROUP}$$
  ^\s*Group\s+Policy\s+:\s+${GROUP_POLICY}$$
  ^\s*Tunnel\s+Group\s+:\s+${TUNNEL_GROUP}$$
  ^\s*Login\s+Time\s+:\s+${LOGIN_TIME}\s+${LOGIN_TIME_ZONE}\s+${LOGIN_WEEKDAY}\s+${LOGIN_MONTH}\s+${LOGIN_DAY}\s+${LOGIN_YEAR}$$
  ^\s*Duration\s+:\s+${DURATION}$$
  ^\s*Inactivity\s+:\s+${INACTIVITY}$$
  ^\s*VLAN\s+Mapping\s+:\s+${VLAN_MAPPING}\s+VLAN\s+:\s+${VLAN}$$
  ^\s*Audt\s+Sess\s+ID\s+:\s+${AUDT_SESS_ID}$$
  ^\s*Security\s+Grp\s+:\s+${SECURITY_GRP}\s*$$ -> Record
  ^\s*$$
  ^. -> Error
SAMPLE COMMAND OUTPUT
Session Type: AnyConnect
Username     : johndoe12              Index        : 38847
Assigned IP  : 10.10.123.123          Public IP    : 2001:db8:91::7
Assigned IPv6: 2001:DB8:1234:1::5678
Protocol     : AnyConnect-Parent SSL-Tunnel DTLS-Tunnel
License      : AnyConnect Premium
Encryption   : AnyConnect-Parent: (1)none  SSL-Tunnel: (1)AES-GCM-256  DTLS-Tunnel: (1)AES-GCM-256
Hashing      : AnyConnect-Parent: (1)none  SSL-Tunnel: (1)SHA384  DTLS-Tunnel: (1)SHA384
Bytes Tx     : 3145031268             Bytes Rx     : 58022385
Group Policy : RAVPN                  Tunnel Group : RAVPN
Login Time   : 01:13:32 UTC Fri Jun 5 2020
Duration     : 4h:55m:35s
Inactivity   : 0h:00m:00s
VLAN Mapping : N/A                    VLAN         : none
Audt Sess ID : 0a0edc05097bf0005ed99c3c
Security Grp : none
SUMMARY
STEPS TO REPRODUCE
Python 3.7.4 (default, Sep  7 2019, 18:29:04)
[Clang 10.0.0 (clang-1000.11.45.5)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> from ntc_templates.parse import parse_output
>>> from pprint import pprint
>>> with open("/tmp/cisco_asa_show_vpn-sessiondb_anyconnect_ipv6.raw", "r") as f:
...     data = f.read()
...
>>> pprint(parse_output(platform="cisco_asa", command="show vpn-sessiondb anyconnect", data=data))
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/Users/feldman/NetEng/asa-ip/ntc-templates/lib/ntc_templates/parse.py", line 35, in parse_output
    cli_table.ParseCmd(data, attrs)
  File "/Users/feldman/NetEng/asa-ip/venv/lib/python3.7/site-packages/textfsm/clitable.py", line 282, in ParseCmd
    self.table = self._ParseCmdItem(self.raw, template_file=template_files[0])
  File "/Users/feldman/NetEng/asa-ip/venv/lib/python3.7/site-packages/textfsm/clitable.py", line 315, in _ParseCmdItem
    for record in fsm.ParseText(cmd_input):
  File "/Users/feldman/NetEng/asa-ip/venv/lib/python3.7/site-packages/textfsm/parser.py", line 895, in ParseText
    self._CheckLine(line)
  File "/Users/feldman/NetEng/asa-ip/venv/lib/python3.7/site-packages/textfsm/parser.py", line 944, in _CheckLine
    if self._Operations(rule, line):
  File "/Users/feldman/NetEng/asa-ip/venv/lib/python3.7/site-packages/textfsm/parser.py", line 1025, in _Operations
    % (rule.line_num, line))
textfsm.parser.TextFSMError: State Error raised. Rule Line: 52. Input Line: Assigned IP  : 10.10.123.123          Public IP    : 2001:db8:91::7
>>>
EXPECTED RESULTS

It should have correctly parsed the IPv6 addresses.

ACTUAL RESULTS

See the error message above.
smfeldman pushed a commit to smfeldman/ntc-templates that referenced this issue Jun 7, 2020
fix networktocode#751 - IPv6 support for Cisco ASA 'show vpn-sessiond…
ea3d18a 
…b anyconnect'
@smfeldman
Copy link
Contributor Author

pull request #752

@smfeldman
Copy link
Contributor Author

PR was merged.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@smfeldman