1#! /bin/perl 2## 3## Read BGPd logfile and lookup RR's whois database. 4## 5## Copyright (c) 1997 Kunihiro Ishiguro 6## 7use Socket; 8 9## Configuration variables 10$whois_host = "whois.jpix.ad.jp"; 11 12#$logfile = "/usr/local/sbin/logfile" 13$logfile = shift || die "Please specify filename"; 14 15## mail routine 16{ 17 local ($prefix, $origin); 18 19 open (LOG, $logfile) || die "can't open $logfile"; 20 21 $index = ''; 22 while ($index) { 23 $index = <LOG>; 24 if ($index =~ /[bgpd]/) { 25 break; 26 } 27 } 28 29 while (<LOG>) { 30 if (/([\d\.\/]+)\s+([\d\.]+)\s+(\d+)\s+(\d+)\s+([\d ]+)\s+[ie\?]/) { 31 $prefix = $1; 32 $nexthop = $2; 33 $med = $3; 34 $dummy = $4; 35 $aspath = $5; 36 ($origin) = ($aspath =~ /([\d]+)$/); 37 38 print "$nexthop [$origin] $prefix $aspath "; 39 40 $ret = &whois_check ($prefix, $origin); 41 if ($ret == 0) { 42 print "Check OK\n"; 43 } elsif ($ret == 1){ 44 print "AS orgin mismatch\n"; 45 } else { 46 print "prefix doesn't exist \n"; 47 } 48 } 49 } 50} 51 52sub whois_check 53{ 54 local ($prefix, $origin) = @_; 55 local ($rr_prefix, $rr_origin) = (); 56 local (@result); 57 58 $origin = "AS" . $origin; 59 60 @result = &whois ($prefix); 61 62 $prefix_match = 0; 63 foreach (@result) { 64 if (/^route:.*\s([\d\.\/]+)$/) { 65 $rr_prefix = $1; 66 } 67 if (/^origin:.*\s(AS[\d]+)$/) { 68 $rr_origin = $1; 69 70 if ($prefix eq $rr_prefix and $origin eq $rr_origin) { 71 return 0; 72 } elsif ($prefix eq $rr_prefix) { 73 $prefix_match = 1; 74 } 75 } 76 } 77# alarm_mail ($prefix, $origin, @result); 78 if ($prefix_match) { 79 return 1; 80 } else { 81 return 2; 82 } 83} 84 85## get port of whois 86sub get_whois_port 87{ 88 local ($name, $aliases, $port, $proto) = getservbyname ("whois", "tcp"); 89 return ($port, $proto); 90} 91 92## whois lookup 93sub whois 94{ 95 local ($query) = @_; 96 local ($port, $proto) = &get_whois_port; 97 local (@result); 98 99 if ($whois_host=~ /^\s*\d+\.\d+\.\d+\.\d+\s*$/) { 100 $address = pack ("C4",split(/\./,$host)); 101 } else { 102 $address = (gethostbyname ($whois_host))[4]; 103 } 104 105 socket (SOCKET, PF_INET, SOCK_STREAM, $proto); 106 107 if (connect (SOCKET, sockaddr_in ($port, $address))) { 108 local ($oldhandle) = select (SOCKET); 109 $| = 1; 110 select($oldhandle); 111 112 print SOCKET "$query\r\n"; 113 114 @result = <SOCKET>; 115 return @result; 116 } 117} 118 119## 120sub alarm_mail 121{ 122 local ($prefix, $origin, @result) = @_; 123 124 open (MAIL, "|$mailer -t $mail_address") || die "can't open $mailer"; 125 126 print MAIL "From: root\@rr1.jpix.ad.jp\n"; 127 print MAIL "Subject: RR $origin $prefix\n"; 128 print MAIL "MIME-Version: 1.0\n"; 129 print MAIL "Content-Type: text/plain; charset=us-ascii \n\n"; 130 print MAIL "RR Lookup Error Report\n"; 131 print MAIL "======================\n"; 132 print MAIL "Announced route : $prefix from $origin\n\n"; 133 print MAIL "@result"; 134 close MAIL; 135} 136