-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy pathllssh
executable file
·133 lines (115 loc) · 4.81 KB
/
llssh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
#!/usr/bin/python
# llssh (part of ossobv/vcutil) // wdoekes/2024 // Public Domain
#
# Helper script to ssh to (otherwise unconfigured) link-local IPv6 peers
# from Cumulus switches.
#
# Steps:
# - the peer must have lldpd running so we can get the mac-address
# - we ask our lldpd for mac address on the interface
# - we calculate the link-local IPv6 address
# - we construct the right 'ip vrf exec ... ssh link-local-address' invocation
#
# Usage:
# llssh iface [ssh_options] [command [arguments]]
# (where iface is the network interface/port)
#
# Example:
# llssh swp12 -l myuser echo 'hi from $(hostname)'
#
# Notes:
# - This script is in python because of the non-trivial (for (ba)sh) MAC
# to IPv6 LL address conversion.
# - The script assumes that the user has "lldpcli" access; it may need
# to be in the adm group for that. We might also amend this with options
# to pass the IPv6 address or MAC on the command line directly.
#
import sys
from json import loads
from os import environ, execve
from subprocess import CalledProcessError, check_output
from unittest import TestCase, main as unittest_main
def lldpcli_show_neighbors():
"""
Run 'lldpcli show neighbors -f json0'
Previously we would do -f json, but json0 seems to provide the same
output on several different systems.
"""
try:
output = check_output(['lldpcli', 'show', 'neighbors', '-f', 'json0'])
except (CalledProcessError, FileNotFoundError):
output = check_output([
'sudo', 'lldpcli', 'show', 'neighbors', '-f', 'json0'])
output = output.decode('utf-8', 'replace')
return output
def mac_from_lldpcli(lldpcli_show_neighbors_js, iface):
"""
Extract the mac address from the lldpcli show neighbors output
lldpcli sh ne -f json0 | jq -r '
.lldp[] | .interface[] | select(.name == "%s") | .port[0].id[] |
select(.type == "mac") | .value'
"""
data = loads(lldpcli_show_neighbors_js)
for lldp in data['lldp']:
for interface in lldp['interface']:
if interface['name'] == iface:
for port in interface['port']:
for id_ in port['id']:
if id_['type'] == 'mac':
return id_['value']
raise ValueError('not found')
def link_local_v6_from_mac(mac):
"""
Translate mac address to standard link local IP
This way we only need lldpd on the other end: we can get the mac
address and calculate what the link-local IP will be.
"""
mac_as_ints = [int(x, 16) for x in mac.split(':')]
ip6addr = 'fe80::%02x%02x:%02xff:fe%02x:%02x%02x' % tuple(
[mac_as_ints[0] ^ 2] + mac_as_ints[1:])
return ip6addr
class MiscTests(TestCase):
def test_mac_from_lldpcli(self):
iface = 'swp41'
mac = 'c0:ff:ee:be:ee:ff'
input_ = '''{"lldp":[{"interface":[{"name":"swp41","via":"LLDP",
"rid":"52","age":"158 days, 21:57:30","chassis":[{"id":[{"type":
"mac","value":"c0:ff:ee:be:ee:ff"}],"name":[{"value":
"natgw.dr.osso.nl"}],"descr":[{"value":"Ubuntu 20.04.3"}],
"mgmt-ip":[{"value":"10.20.30.1"},{"value":
"fe80::c0ff:eeba:beb0:0b1e"}],"capability":[{"type":"Bridge",
"enabled":false},{"type":"Router","enabled":true},{"type":"Wlan",
"enabled":false},{"type":"Station","enabled":false}]}],"port":
[{"id":[{"type":"mac","value":"c0:ff:ee:be:ee:ff"}],"descr":
[{"value":"enp1s0"}],"ttl":[{"value":"120"}]}]}]}]}'''
self.assertEqual(mac, mac_from_lldpcli(input_, iface))
def test_link_local_v6_from_mac(self):
mac = 'c0:ff:ee:be:ee:ff'
ip6addr = 'fe80::c2ff:eeff:febe:eeff'
self.assertEqual(ip6addr, link_local_v6_from_mac(mac))
def main():
iface = sys.argv[1] # "swp12"
assert all(ch in 'abcdefghijklmnopqrstuvwxyz0123456789' for ch in iface), (
iface)
# Get the mac address from LLDP, using lldpcli and fetching the AC from
# the selected port/interface.
hwaddr = mac_from_lldpcli(lldpcli_show_neighbors(), iface)
# Turn hardware address into LL v6 address.
ip6addr = link_local_v6_from_mac(hwaddr)
# Add interface (older-python compatible for older systems).
dstaddr = '%s%%%s' % (ip6addr, iface) # "fe80::1%swp12"
# On Cumulus switches, we must select the correct VRF or we get the
# 'mgmt' VRF. Using 'default' works. This also works on other modern
# systems. You can add '-l myusername' and other command line
# options as appropriate.
execve(
'/sbin/ip',
['ip', 'vrf', 'exec', 'default',
'ssh', '-oStrictHostKeychecking=no', '-oUserKnownHostsFile=/dev/null',
dstaddr] + sys.argv[2:],
environ)
if __name__ == '__main__':
if environ.get('RUNTESTS', '') not in ('', '0'):
unittest_main()
else:
main()