[rancid] Watchguard xml file

'john heasley' heas at shrubbery.net
Wed Jul 3 17:40:48 UTC 2019 

Wed, Jul 03, 2019 at 04:18:25PM +0000, Wayne Eisenberg:
> If I run the export command manually, it just dumps the whole thing to the screen without any breaks or requests to 'hit space to continue' or things like that, so I don't *think* it's a page length type setting?
> 
> Actually, I just did another review and I'm thinking that it has something to do with the prompt definition. Just so we're looking at the same thing, the files are here: https://github.com/hillscott/rancid-watchguard. Forked from https://bitbucket.org/aquerubin/rancid-vyatta. 
> 
> In the xtmlogin file, it sets the prompt (line 436) to something I don't see. In this original state, xtmlogin never recognized it finished the login. When I changed that line to
> set prompt ">>|#"
> then xtmlogin completes successfully. (The prompt for this watchguard firewall is "WG#")
> 

> However, in the xtm.pm module, line 102 defines it again. 

i'm not familiar with this device, but redefining (or refining) the
prompt is normal.  the filter functions and login scripts begin with
something loose, and once it sees the prompt, it can be refined to be
more precise, and may later further refine it (eg: in run_commands) to
match the prompt when/if it changes in config or other modes that are
platform dependent.

> -----------
> while (/\s*($cmds_regexp)\s*$/) {
> 	    $cmd = $1;
> 	    $prompt = ">>";
               ^^^^^^^^^^^^ this is probably a mistake; should be part of
the while() regex.  I suspect it might be here because the author could
not make the regex below match correctly.

> 	    if (!defined($prompt)) {
> 		$prompt = ($_ =~ /^([^>]+>)/)[0];
> 		$prompt =~ s/([][}{)(\\])/\\$1/g;
> 		print STDERR ("PROMPT MATCH: $prompt\n") if ($debug);
> 	    }
> 	    print STDERR ("HIT COMMAND:$_") if ($debug);
> 	    if (! defined($commands{$cmd})) {
> 		print STDERR "$host: found unexpected command - \"$cmd\"\n";
> 		$clean_run = 0;
> 		last TOP;
> 	    }
> 	    $rval = &{$commands{$cmd}}($INPUT, $OUTPUT, $cmd);
> 	    delete($commands{$cmd});
> 	    if ($rval == -1) {
> 		$clean_run = 0;
> 		last TOP;
> 	    }
> 	}
> -----------
> Once you get to the sub ShowConfiguration section, on line 199 if it sees the prompt, end. Guess what? The "#" character is inside the config (there is some html code in one of the xml sections) and that is where the config ends.

seems that the prompt is ">>".

> -----------
> sub ShowConfiguration {
>     my($INPUT, $OUTPUT, $cmd) = @_;
>     my($lines) = 0;
>     my($snmp) = 0;
>     print STDERR "    In ShowConfiguration: $_" if ($debug);
>     # We don't care about password filtering as passwords are hashed
>     # So don't use this if you need it (or develop the functionality).
>     if ($filter_pwds >= 1){
>         print STDERR "WARNING: Password filtering isn't implemented yet!\n";
>         print STDERR "Either disable password filtering in rancid.conf";
>         print STDERR " or don't use this plugin.\n";
>     }
>     s/^[a-z]+@//;
>     ProcessHistory("","","","# $_");
>     while (<$INPUT>) {
> 	tr/\015//d;
> 	next if (/^\s*$/);
> 	# end of config - hopefully.
> 	# end-of-config tag.  appears to end with "\nPROMPT:~$".
> 	if (/$prompt/) {
> 	    $found_end++;
> 	    last;
> 	}
> -----------
> 
> So I'm thinking if I can figure out a different way to define the prompt to be more than just the # sign (at least in the xtm.pm), that should do the trick? Can you do something like $prompt = "#$" ?

its better to anchor it and have it be as complete as reasonable.  eg:
not #
not hostname#
but ^hostname#

look at ios.pm.
.
> Wayne
> 
> 
> 
> -----Original Message-----
> From: john heasley <heas at shrubbery.net> 
> Sent: Tuesday, July 02, 2019 7:48 PM
> To: Wayne Eisenberg <Wayne.Eisenberg at CarolinasIT.com>
> Cc: 'rancid-discuss at shrubbery.net' <rancid-discuss at shrubbery.net>
> Subject: Re: [rancid] Watchguard xml file
> 
> Sat, Jun 29, 2019 at 11:46:23AM +0000, Wayne Eisenberg:
> > Hi,
> > 
> > OK, so I can get into the firewall and pull the config with "export config to console". However, the config file is a very large xml file, this one is about 2MB in size. However, it seems like it only recorded the first 388KB of data. Is there a size limit on what rancid can process, or maybe there was a character in the xml that rancid didn't like and it just aborted processing it? How would I go about troubleshooting this?
> > 
> 
> there is no such limit.  I would suspect a PAGER is involved, causing the output to cease.
>

More information about the Rancid-discuss mailing list