1 package ArpHandler;
3 use Exporter;
4 @ISA = ("Exporter");
6 use strict;
7 use warnings;
8 use GOSA::GosaSupportDaemon;
9 use POSIX;
10 use Fcntl;
11 use Net::LDAP;
12 use Net::LDAP::LDIF;
13 use Net::LDAP::Entry;
14 use Net::DNS;
15 use Switch;
16 use Data::Dumper;
18 # Don't start if some of the modules are missing
19 my $start_service=1;
20 BEGIN{
21 unless(eval('use Socket qw(PF_INET SOCK_DGRAM inet_ntoa sockaddr_in)')) {
22 $start_service=0;
23 }
24 unless(eval('use POE qw(Component::Pcap Component::ArpWatch)')) {
25 $start_service=0;
26 }
27 }
29 END{}
31 my ($timeout, $mailto, $mailfrom, $user, $group);
32 my %daemon_children;
33 my ($ldap, $bind_phrase, $password, $ldap_base, $interface) ;
34 my $hosts_database={};
35 my $resolver=Net::DNS::Resolver->new;
37 $ldap_base = "dc=gonicus,dc=de" ;
38 $interface = "all";
40 sub get_module_info {
41 my @info = (undef,
42 undef,
43 undef,
44 undef,
45 "socket",
46 );
48 # Don't start if some of the modules are missing
49 if($start_service) {
50 eval {
51 $ldap = Net::LDAP->new("ldap.intranet.gonicus.de");
52 };
53 if ($@) {
54 &main::daemon_log("Could not connect to LDAP Server!\n$@", 1);
55 } else {
56 &main::daemon_log("Could not connect to LDAP Server!\n$@", 1);
58 }
60 # When interface is not configured (or 'all'), start arpwatch on all possible interfaces
61 if ((!defined($interface)) || $interface eq 'all') {
62 foreach my $device(&get_interfaces) {
63 # TODO: Need a better workaround for IPv4-to-IPv6 bridges
64 if($device =~ m/^sit\d+$/) {
65 next;
66 }
68 # If device has a valid mac address
69 if(not(&get_mac($device) eq "00:00:00:00:00:00")) {
70 &main::daemon_log("Starting ArpWatch on $device", 1);
71 POE::Session->create(
72 inline_states => {
73 _start => sub {
74 &start(@_,$device);
75 },
76 _stop => sub {
77 $_[KERNEL]->post( sprintf("arp_watch_$device") => 'shutdown' )
78 },
79 got_packet => \&got_packet,
80 },
81 );
82 }
83 }
84 } else {
85 foreach my $device(split(/[\s,]+/, $interface)) {
86 &main::daemon_log("Starting ArpWatch on $device", 1);
87 POE::Session->create(
88 inline_states => {
89 _start => sub {
90 &start(@_,$device);
91 },
92 _stop => sub {
93 $_[KERNEL]->post( sprintf("arp_watch_$device") => 'shutdown' )
94 },
95 got_packet => \&got_packet,
96 },
97 );
98 }
99 }
100 }
101 return \@info;
102 }
104 sub process_incoming_msg {
105 return 1;
106 }
108 sub start {
109 my $device = (exists($_[ARG0])?$_[ARG0]:'eth0');
110 POE::Component::ArpWatch->spawn(
111 Alias => sprintf("arp_watch_$device"),
112 Device => $device,
113 Dispatch => 'got_packet',
114 Session => $_[SESSION],
115 );
117 $_[KERNEL]->post( sprintf("arp_watch_$device") => 'run' );
118 }
120 sub got_packet {
121 my $packet = $_[ARG0];
123 if( $packet->{source_haddr} eq "00:00:00:00:00:00" ||
124 $packet->{source_haddr} eq "ff:ff:ff:ff:ff:ff" ||
125 $packet->{source_ipaddr} eq "0.0.0.0") {
126 return;
127 }
129 if(!exists($hosts_database->{$packet->{source_haddr}})) {
130 my $dnsresult= $resolver->search($packet->{source_ipaddr});
131 my $dnsname= (defined($dnsresult))?$dnsresult->{answer}[0]->{ptrdname}:$packet->{source_ipaddr};
132 my $ldap_result=&get_host_from_ldap($packet->{source_haddr});
133 if(exists($ldap_result->{dn})) {
134 $hosts_database->{$packet->{source_haddr}}=$ldap_result;
135 if(!exists($ldap_result->{ipHostNumber})) {
136 $hosts_database->{$packet->{source_haddr}}->{ipHostNumber}=$packet->{source_ipaddr};
137 } else {
138 if(!($ldap_result->{ipHostNumber} eq $packet->{source_ipaddr})) {
139 &main::daemon_log(
140 "Current IP Address ".$packet->{source_ipaddr}.
141 " of host ".$ldap_result->{dnsname}.
142 " differs from LDAP (".$ldap_result->{ipHostNumber}.")", 4);
143 }
144 }
145 $hosts_database->{$packet->{source_haddr}}->{dnsname}=$dnsname;
146 &main::daemon_log("Host was found in LDAP as ".$ldap_result->{dn}, 6);
147 } else {
148 $hosts_database->{$packet->{source_haddr}}={
149 macAddress => $packet->{source_haddr},
150 ipHostNumber => $packet->{source_ipaddr},
151 dnsname => $dnsname,
152 };
153 &main::daemon_log("Host was not found in LDAP (".($hosts_database->{$packet->{source_haddr}}->{dnsname}).")",6);
154 &main::daemon_log(
155 "New Host ".($hosts_database->{$packet->{source_haddr}}->{dnsname}).
156 ": ".$hosts_database->{$packet->{source_haddr}}->{ipHostNumber}.
157 "/".$hosts_database->{$packet->{source_haddr}}->{macAddress},4);
158 }
159 } else {
160 if(!($hosts_database->{$packet->{source_haddr}}->{ipHostNumber} eq $packet->{source_ipaddr})) {
161 &main::daemon_log(
162 "IP Address change of MAC ".$packet->{source_haddr}.
163 ": ".$hosts_database->{$packet->{source_haddr}}->{ipHostNumber}.
164 "->".$packet->{source_ipaddr}, 4);
165 $hosts_database->{$packet->{source_haddr}}->{ipHostNumber}= $packet->{source_ipaddr};
166 }
167 &main::daemon_log("Host already in cache (".($hosts_database->{$packet->{source_haddr}}->{dnsname}).")",6);
168 }
169 }
171 sub get_host_from_ldap {
172 my $mac=shift;
173 my $result={};
175 my $ldap_result= search_ldap_entry(
176 $ldap,
177 $ldap_base,
178 "(|(macAddress=$mac)(dhcpHWAddress=ethernet $mac))"
179 );
181 if($ldap_result->count==1) {
182 if(exists($ldap_result->{entries}[0]) &&
183 exists($ldap_result->{entries}[0]->{asn}->{objectName}) &&
184 exists($ldap_result->{entries}[0]->{asn}->{attributes})) {
186 for my $attribute(@{$ldap_result->{entries}[0]->{asn}->{attributes}}) {
187 if($attribute->{type} eq 'cn') {
188 $result->{cn} = $attribute->{vals}[0];
189 }
190 if($attribute->{type} eq 'macAddress') {
191 $result->{macAddress} = $attribute->{vals}[0];
192 }
193 if($attribute->{type} eq 'dhcpHWAddress') {
194 $result->{dhcpHWAddress} = $attribute->{vals}[0];
195 }
196 if($attribute->{type} eq 'ipHostNumber') {
197 $result->{ipHostNumber} = $attribute->{vals}[0];
198 }
199 }
200 }
201 $result->{dn} = $ldap_result->{entries}[0]->{asn}->{objectName};
202 }
204 return $result;
205 }
207 #=== FUNCTION ================================================================
208 # NAME: get_interfaces
209 # PARAMETERS: none
210 # RETURNS: (list of interfaces)
211 # DESCRIPTION: Uses proc fs (/proc/net/dev) to get list of interfaces.
212 #===============================================================================
213 sub get_interfaces {
214 my @result;
215 my $PROC_NET_DEV= ('/proc/net/dev');
217 open(PROC_NET_DEV, "<$PROC_NET_DEV")
218 or die "Could not open $PROC_NET_DEV";
220 my @ifs = <PROC_NET_DEV>;
222 close(PROC_NET_DEV);
224 # Eat first two line
225 shift @ifs;
226 shift @ifs;
228 chomp @ifs;
229 foreach my $line(@ifs) {
230 my $if= (split /:/, $line)[0];
231 $if =~ s/^\s+//;
232 push @result, $if;
233 }
235 return @result;
236 }
238 #=== FUNCTION ================================================================
239 # NAME: get_mac
240 # PARAMETERS: interface name (i.e. eth0)
241 # RETURNS: (mac address)
242 # DESCRIPTION: Uses ioctl to get mac address directly from system.
243 #===============================================================================
244 sub get_mac {
245 my $ifreq= shift;
246 my $result;
247 if ($ifreq && length($ifreq) > 0) {
248 if($ifreq eq "all") {
249 $result = "00:00:00:00:00:00";
250 } else {
251 my $SIOCGIFHWADDR= 0x8927; # man 2 ioctl_list
253 socket SOCKET, PF_INET, SOCK_DGRAM, getprotobyname('ip')
254 or die "socket: $!";
256 if(ioctl SOCKET, $SIOCGIFHWADDR, $ifreq) {
257 my ($if, $mac)= unpack 'h36 H12', $ifreq;
259 if (length($mac) > 0) {
260 $mac=~ m/^([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])$/;
261 $mac= sprintf("%s:%s:%s:%s:%s:%s", $1, $2, $3, $4, $5, $6);
262 $result = $mac;
263 }
264 }
265 }
266 }
267 return $result;
268 }
270 #=== FUNCTION ================================================================
271 # NAME: add_ldap_entry
272 # PURPOSE: adds an element to ldap-tree
273 # PARAMETERS:
274 # RETURNS: none
275 # DESCRIPTION: ????
276 # THROWS: no exceptions
277 # COMMENTS: none
278 # SEE ALSO: n/a
279 #===============================================================================
280 #sub add_ldap_entry {
281 # my ($ldap_tree, $ldap_base, $mac, $gotoSysStatus, $ip, $interface, $desc) = @_;
282 # my $dn = "cn=$mac,ou=incoming,$ldap_base";
283 # my $s_res = &search_ldap_entry($ldap_tree, $ldap_base, "(|(macAddress=$mac)(dhcpHWAddress=ethernet $mac))");
284 # my $c_res = $s_res->count;
285 # if($c_res == 1) {
286 # daemon_log("WARNING: macAddress $mac already in LDAP", 1);
287 # return;
288 # } elsif($c_res > 0) {
289 # daemon_log("ERROR: macAddress $mac exists $c_res times in LDAP", 1);
290 # return;
291 # }
292 #
293 # # create LDAP entry
294 # my $entry = Net::LDAP::Entry->new( $dn );
295 # $entry->dn($dn);
296 # $entry->add("objectClass" => "goHard");
297 # $entry->add("cn" => $mac);
298 # $entry->add("macAddress" => $mac);
299 # if(defined $gotoSysStatus) {$entry->add("gotoSysStatus" => $gotoSysStatus)}
300 # if(defined $ip) {$entry->add("ipHostNumber" => $ip) }
301 # #if(defined $interface) { }
302 # if(defined $desc) {$entry->add("description" => $desc) }
303 #
304 # # submit entry to LDAP
305 # my $result = $entry->update ($ldap_tree);
306 #
307 # # for $result->code constants please look at Net::LDAP::Constant
308 # my $log_time = localtime( time );
309 # if($result->code == 68) { # entry already exists
310 # daemon_log("WARNING: $log_time: $dn ".$result->error, 3);
311 # } elsif($result->code == 0) { # everything went fine
312 # daemon_log("$log_time: add entry $dn to ldap", 1);
313 # } else { # if any other error occur
314 # daemon_log("ERROR: $log_time: $dn, ".$result->code.", ".$result->error, 1);
315 # }
316 # return;
317 #}
320 #=== FUNCTION ================================================================
321 # NAME: change_ldap_entry
322 # PURPOSE: ????
323 # PARAMETERS: ????
324 # RETURNS: ????
325 # DESCRIPTION: ????
326 # THROWS: no exceptions
327 # COMMENTS: none
328 # SEE ALSO: n/a
329 #===============================================================================
330 #sub change_ldap_entry {
331 # my ($ldap_tree, $ldap_base, $mac, $gotoSysStatus ) = @_;
332 #
333 # # check if ldap_entry exists or not
334 # my $s_res = &search_ldap_entry($ldap_tree, $ldap_base, "(|(macAddress=$mac)(dhcpHWAddress=ethernet $mac))");
335 # my $c_res = $s_res->count;
336 # if($c_res == 0) {
337 # daemon_log("WARNING: macAddress $mac not in LDAP", 1);
338 # return;
339 # } elsif($c_res > 1) {
340 # daemon_log("ERROR: macAddress $mac exists $c_res times in LDAP", 1);
341 # return;
342 # }
343 #
344 # my $s_res_entry = $s_res->pop_entry();
345 # my $dn = $s_res_entry->dn();
346 # my $result = $ldap->modify( $dn, replace => {'gotoSysStatus' => $gotoSysStatus } );
347 #
348 # # for $result->code constants please look at Net::LDAP::Constant
349 # my $log_time = localtime( time );
350 # if($result->code == 32) { # entry doesnt exists
351 # &add_ldap_entry($mac, $gotoSysStatus);
352 # } elsif($result->code == 0) { # everything went fine
353 # daemon_log("$log_time: entry $dn changed successful", 1);
354 # } else { # if any other error occur
355 # daemon_log("ERROR: $log_time: $dn, ".$result->code.", ".$result->error, 1);
356 # }
357 #
358 # return;
359 #}
361 #=== FUNCTION ================================================================
362 # NAME: search_ldap_entry
363 # PURPOSE: ????
364 # PARAMETERS: [Net::LDAP] $ldap_tree - object of an ldap-tree
365 # string $sub_tree - dn of the subtree the search is performed
366 # string $search_string - either a string or a Net::LDAP::Filter object
367 # RETURNS: [Net::LDAP::Search] $msg - result object of the performed search
368 # DESCRIPTION: ????
369 # THROWS: no exceptions
370 # COMMENTS: none
371 # SEE ALSO: n/a
372 #===============================================================================
373 sub search_ldap_entry {
374 my ($ldap_tree, $sub_tree, $search_string) = @_;
375 my $msg = $ldap_tree->search( # perform a search
376 base => $sub_tree,
377 filter => $search_string,
378 ) or daemon_log("cannot perform search at ldap: $@", 1);
379 # if(defined $msg) {
380 # print $sub_tree."\t".$search_string."\t";
381 # print $msg->count."\n";
382 # foreach my $entry ($msg->entries) { $entry->dump; };
383 # }
385 return $msg;
386 }
390 #========= MAIN = main ========================================================
391 #daemon_log( "####### START DAEMON ######\n", 1 );
392 #&check_cmdline_param ;
393 #&check_pid;
394 #&open_fifo($fifo_path);
395 #
396 ## Just fork, if we"re not in foreground mode
397 #if( ! $foreground ) { $pid = fork(); }
398 #else { $pid = $$; }
399 #
400 ## Do something useful - put our PID into the pid_file
401 #if( 0 != $pid ) {
402 # open( LOCK_FILE, ">$pid_file" );
403 # print LOCK_FILE "$pid\n";
404 # close( LOCK_FILE );
405 # if( !$foreground ) { exit( 0 ) };
406 #}
407 #
408 #
409 #if( not -p $fifo_path ) { die "fifo file disappeared\n" }
410 #if($c_res == 1) {
411 # daemon_log("WARNING: macAddress $mac already in LDAP", 1);
412 # return;
413 # } elsif($c_res > 0) {
414 # daemon_log("ERROR: macAddress $mac exists $c_res times in LDAP", 1);
415 # return;
416 # }
417 #
418 # # create LDAP entry
419 # my $entry = Net::LDAP::Entry->new( $dn );
420 # $entry->dn($dn);
421 # $entry->add("objectClass" => "goHard");
422 # $entry->add("cn" => $mac);
423 # $entry->add("macAddress" => $mac);
424 # if(defined $gotoSysStatus) {$entry->add("gotoSysStatus" => $gotoSysStatus)}
425 # if(defined $ip) {$entry->add("ipHostNumber" => $ip) }
426 # #if(defined $interface) { }
427 # if(defined $desc) {$entry->add("description" => $desc) }
428 #
429 # # submit entry to LDAP
430 # my $result = $entry->update ($ldap_tree);
431 #
432 # # for $result->code constants please look at Net::LDAP::Constant
433 # my $log_time = localtime( time );
434 # if($result->code == 68) { # entry already exists
435 # daemon_log("WARNING: $log_time: $dn ".$result->error, 3);
436 # } elsif($result->code == 0) { # everything went fine
437 # daemon_log("$log_time: add entry $dn to ldap", 1);
438 # } else { # if any other error occur
439 # daemon_log("ERROR: $log_time: $dn, ".$result->code.", ".$result->error, 1);
440 # }
441 # return;
442 #}
445 #=== FUNCTION ================================================================
446 # NAME: change_ldap_entry
447 # PURPOSE: ????
448 # PARAMETERS: ????
449 # RETURNS: ????
450 # DESCRIPTION: ????
451 # THROWS: no exceptions
452 # COMMENTS: none
453 # SEE ALSO: n/a
454 #===============================================================================
455 #sub change_ldap_entry {
456 # my ($ldap_tree, $ldap_base, $mac, $gotoSysStatus ) = @_;
457 #
458 # # check if ldap_entry exists or not
459 # my $s_res = &search_ldap_entry($ldap_tree, $ldap_base, "(|(macAddress=$mac)(dhcpHWAddress=ethernet $mac))");
460 # my $c_res = $s_res->count;
461 # if($c_res == 0) {
462 # daemon_log("WARNING: macAddress $mac not in LDAP", 1);
463 # return;
464 # } elsif($c_res > 1) {
465 # daemon_log("ERROR: macAddress $mac exists $c_res times in LDAP", 1);
466 # return;
467 # }
468 #
469 # my $s_res_entry = $s_res->pop_entry();
470 # my $dn = $s_res_entry->dn();
471 # my $result = $ldap->modify( $dn, replace => {'gotoSysStatus' => $gotoSysStatus } );
472 #
473 # # for $result->code constants please look at Net::LDAP::Constant
474 # my $log_time = localtime( time );
475 # if($result->code == 32) { # entry doesnt exists
476 # &add_ldap_entry($mac, $gotoSysStatus);
477 # } elsif($result->code == 0) { # everything went fine
478 # daemon_log("$log_time: entry $dn changed successful", 1);
479 # } else { # if any other error occur
480 # daemon_log("ERROR: $log_time: $dn, ".$result->code.", ".$result->error, 1);
481 # }
482 #
483 # return;
484 #}
486 #=== FUNCTION ================================================================
487 # NAME: search_ldap_entry
488 # PURPOSE: ????
489 # PARAMETERS: [Net::LDAP] $ldap_tree - object of an ldap-tree
490 # string $sub_tree - dn of the subtree the search is performed
491 # string $search_string - either a string or a Net::LDAP::Filter object
492 # RETURNS: [Net::LDAP::Search] $msg - result object of the performed search
493 # DESCRIPTION: ????
494 # THROWS: no exceptions
495 # COMMENTS: none
496 # SEE ALSO: n/a
497 #===============================================================================
498 #sub search_ldap_entry {
499 # my ($ldap_tree, $sub_tree, $search_string) = @_;
500 # my $msg = $ldap_tree->search( # perform a search
501 # base => $sub_tree,
502 # filter => $search_string,
503 # ) or daemon_log("cannot perform search at ldap: $@", 1);
504 ## if(defined $msg) {
505 ## print $sub_tree."\t".$search_string."\t";
506 ## print $msg->count."\n";
507 ## foreach my $entry ($msg->entries) { $entry->dump; };
508 ## }
509 #
510 # return $msg;
511 #}
515 #========= MAIN = main ========================================================
516 #daemon_log( "####### START DAEMON ######\n", 1 );
517 #&check_cmdline_param ;
518 #&check_pid;
519 #&open_fifo($fifo_path);
520 #
521 ## Just fork, if we"re not in foreground mode
522 #if( ! $foreground ) { $pid = fork(); }
523 #else { $pid = $$; }
524 #
525 ## Do something useful - put our PID into the pid_file
526 #if( 0 != $pid ) {
527 # open( LOCK_FILE, ">$pid_file" );
528 # print LOCK_FILE "$pid\n";
529 # close( LOCK_FILE );
530 # if( !$foreground ) { exit( 0 ) };
531 #}
532 #
533 #
534 #if( not -p $fifo_path ) { die "fifo file disappeared\n" }
535 #sysopen(FIFO, $fifo_path, O_RDONLY) or die "can't read from $fifo_path: $!" ;
536 #
537 #while( 1 ) {
538 # # checke alle prozesse im hash daemon_children ob sie noch aktiv sind, wenn
539 # # nicht, dann entferne prozess aus hash
540 # while( (my $key, my $val) = each( %daemon_children) ) {
541 # my $status = waitpid( $key, &WNOHANG) ;
542 # if( $status == -1 ) {
543 # delete $daemon_children{$key} ;
544 # daemon_log("childprocess finished: $key", 3) ;
545 # }
546 # }
547 #
548 # # ist die max_process anzahl von prozesskindern erreicht, dann warte und
549 # # prüfe erneut, ob in der zwischenzeit prozesse fertig geworden sind
550 # if( keys( %daemon_children ) >= $max_process ) {
551 # sleep($max_process_timeout) ;
552 # next ;
553 # }
554 #
555 # my $msg = <FIFO>;
556 # if( not defined( $msg )) { next ; }
557 #
558 # chomp( $msg );
559 # if( length( $msg ) == 0 ) { next ; }
560 #
561 # my $forked_pid = fork();
562 ##=== PARENT = parent ==========================================================
563 # if ( $forked_pid != 0 ) {
564 # daemon_log("childprocess forked: $forked_pid", 3) ;
565 # $daemon_children{$forked_pid} = 0 ;
566 # }
567 ##=== CHILD = child ============================================================
568 # else {
569 # # parse the incoming message from arp, split the message and return
570 # # the values in an array. not defined values are set to "none"
571 # #my ($mac, $ip, $interface, $arp_sig, $desc) = &parse_input( $msg ) ;
572 # daemon_log( "childprocess read from arp: $fifo_path\nline: $msg", 3);
573 # my ($mac, $ip, $interface, $arp_sig, $desc) = split('\s', $msg, 5);
574 #
575 # # create connection to LDAP
576 # $#sysopen(FIFO, $fifo_path, O_RDONLY) or die "can't read from $fifo_path: $!" ;
577 #
578 #while( 1 ) {
579 # # checke alle prozesse im hash daemon_children ob sie noch aktiv sind, wenn
580 # # nicht, dann entferne prozess aus hash
581 # while( (my $key, my $val) = each( %daemon_children) ) {
582 # my $status = waitpid( $key, &WNOHANG) ;
583 # if( $status == -1 ) {
584 # delete $daemon_children{$key} ;
585 # daemon_log("childprocess finished: $key", 3) ;
586 # }
587 # }
588 #
589 # # ist die max_process anzahl von prozesskindern erreicht, dann warte und
590 # # prüfe erneut, ob in der zwischenzeit prozesse fertig geworden sind
591 # if( keys( %daemon_children ) >= $max_process ) {
592 # sleep($max_process_timeout) ;
593 # next ;
594 # }
595 #
596 # my $msg = <FIFO>;
597 # if( not defined( $msg )) { next ; }
598 #
599 # chomp( $msg );
600 # if( length( $msg ) == 0 ) { next ; }
601 #
602 # my $forked_pid = fork();
603 ##=== PARENT = parent ==========================================================
604 # if ( $forked_pid != 0 ) {
605 # daemon_log("childprocess forked: $forked_pid", 3) ;
606 # $daemon_children{$forked_pid} = 0 ;
607 # }
608 ##=== CHILD = child ============================================================
609 # else {
610 # # parse the incoming message from arp, split the message and return
611 # # the values in an array. not defined values are set to "none"
612 # #my ($mac, $ip, $interface, $arp_sig, $desc) = &parse_input( $msg ) ;
613 # daemon_log( "childprocess read from arp: $fifo_path\nline: $msg", 3);
614 # my ($mac, $ip, $interface, $arp_sig, $desc) = split('\s', $msg, 5);
615 #
616 # # create connection to LDAP
617 # $ldap = Net::LDAP->new( "localhost" ) or die "$@";
618 # $ldap->bind($bind_phrase,
619 # password => $password,
620 # ) ;
621 #
622 # switch($arp_sig) {
623 # case 0 {&change_ldap_entry($ldap, $ldap_base,
624 # $mac, "ip-changed",
625 # )}
626 # case 1 {&change_ldap_entry($ldap, $ldap_base,
627 # $mac, "mac-not-whitelisted",
628 # )}
629 # case 2 {&change_ldap_entry($ldap, $ldap_base,
630 # $mac, "mac-in-blacklist",
631 # )}
632 # case 3 {&add_ldap_entry($ldap, $ldap_base,
633 # $mac, "new-mac-address", $ip,
634 # $interface, $desc,
635 # )}
636 # case 4 {&change_ldap_entry($ldap, $ldap_base,
637 # $mac, "unauthorized-arp-request",
638 # )}
639 # case 5 {&change_ldap_entry($ldap, $ldap_base,
640 # $mac, "abusive-number-of-arp-requests",
641 # )}
642 # case 6 {&change_ldap_entry($ldap, $ldap_base,
643 # $mac, "ether-and-arp-mac-differs",
644 # )}
645 # case 7 {&change_ldap_entry($ldap, $ldap_base,
646 # $mac, "flood-detected",
647 # )}
648 # case 8 {&add_ldap_entry($ldap, $ldap_base,
649 # $mac, $ip, "new-system",
650 # )}
651 # case 9 {&change_ldap_entry($ldap, $ldap_base,
652 # $mac, "mac-changed",
653 # )}
654 # }
655 #
656 #
657 # ldap search
658 # my $base_phrase = "dc=gonicus,dc=de";
659 # my $filter_phrase = "cn=keinesorge";
660 # my $attrs_phrase = "cn macAdress";
661 # my $msg_search = $ldap->search( base => $base_phrase,
662 # filter => $filter_phrase,
663 # attrs => $attrs_phrase,
664 # );
665 # $msg_search->code && die $msg_search->error;
666 #
667 # my @entries = $msg_search->entries;
668 # my $max = $msg_search->count;
669 # print "anzahl der entries: $max\n";
670 # my $i;
671 # for ( $i = 0 ; $i < $max ; $i++ ) {
672 # my $entry = $msg_search->entry ( $i );
673 # foreach my $attr ( $entry->attributes ) {
674 # if( not $attr eq "cn") {
675 # next;
676 # }
677 # print join( "\n ", $attr, $entry->get_value( $attr ) ), "\n\n";
678 # }
679 # }
680 #
681 # # ldap add
682 #
683 #
684 # $ldap->unbind;
685 # exit;
686 # }
687 #
688 #}
690 1;