1#! /bin/perl
2##
3## Read BGPd logfile and lookup RR's whois database.
4##
5##   Copyright (c) 1997 Kunihiro Ishiguro
6##
7use Socket;
8
9## Configuration variables
10$whois_host = "whois.jpix.ad.jp";
11
12#$logfile = "/usr/local/sbin/logfile"
13$logfile = shift || die "Please specify filename";
14
15## mail routine
16{
17    local ($prefix, $origin);
18
19    open (LOG, $logfile) || die "can't open $logfile";
20
21    $index = '';
22    while ($index) {
23	$index = <LOG>;
24	if ($index =~ /[bgpd]/) {
25	    break;
26	}
27    }
28
29    while (<LOG>) {
30	if (/([\d\.\/]+)\s+([\d\.]+)\s+(\d+)\s+(\d+)\s+([\d ]+)\s+[ie\?]/) {
31	    $prefix = $1;
32	    $nexthop = $2;
33	    $med = $3;
34	    $dummy = $4;
35	    $aspath = $5;
36	    ($origin) = ($aspath =~ /([\d]+)$/);
37
38	    print "$nexthop [$origin] $prefix $aspath ";
39
40	    $ret = &whois_check ($prefix, $origin);
41	    if ($ret == 0) {
42		print "Check OK\n";
43	    } elsif ($ret == 1){
44		print "AS orgin mismatch\n";
45	    } else {
46		print "prefix doesn't exist \n";
47	    }
48	}
49    }
50}
51
52sub whois_check
53{
54    local ($prefix, $origin) = @_;
55    local ($rr_prefix, $rr_origin) = ();
56    local (@result);
57
58    $origin = "AS" . $origin;
59
60    @result = &whois ($prefix);
61
62    $prefix_match = 0;
63    foreach (@result) {
64        if (/^route:.*\s([\d\.\/]+)$/) {
65            $rr_prefix = $1;
66        }
67        if (/^origin:.*\s(AS[\d]+)$/) {
68            $rr_origin = $1;
69
70            if ($prefix eq $rr_prefix and $origin eq $rr_origin) {
71                return 0;
72            } elsif ($prefix eq $rr_prefix) {
73		$prefix_match = 1;
74	    }
75        }
76    }
77#    alarm_mail ($prefix, $origin, @result);
78    if ($prefix_match) {
79	return 1;
80    } else {
81	return 2;
82    }
83}
84
85## get port of whois
86sub get_whois_port
87{
88    local ($name, $aliases, $port, $proto) = getservbyname ("whois", "tcp");
89    return ($port, $proto);
90}
91
92## whois lookup
93sub whois
94{
95    local ($query) = @_;
96    local ($port, $proto) = &get_whois_port;
97    local (@result);
98
99    if ($whois_host=~ /^\s*\d+\.\d+\.\d+\.\d+\s*$/) {
100       $address = pack ("C4",split(/\./,$host));
101    } else {
102       $address = (gethostbyname ($whois_host))[4];
103    }
104
105    socket (SOCKET, PF_INET, SOCK_STREAM, $proto);
106
107    if (connect (SOCKET, sockaddr_in ($port, $address))) {
108        local ($oldhandle) = select (SOCKET);
109        $| = 1;
110        select($oldhandle);
111
112        print SOCKET "$query\r\n";
113
114        @result = <SOCKET>;
115        return @result;
116    }
117}
118
119##
120sub alarm_mail
121{
122    local ($prefix, $origin, @result) = @_;
123
124    open (MAIL, "|$mailer -t $mail_address") || die "can't open $mailer";
125
126    print MAIL "From: root\@rr1.jpix.ad.jp\n";
127    print MAIL "Subject: RR $origin $prefix\n";
128    print MAIL "MIME-Version: 1.0\n";
129    print MAIL "Content-Type: text/plain; charset=us-ascii \n\n";
130    print MAIL "RR Lookup Error Report\n";
131    print MAIL "======================\n";
132    print MAIL "Announced route : $prefix from $origin\n\n";
133    print MAIL "@result";
134    close MAIL;
135}
136