- cli_register_command(cli, NULL, "uptime", cmd_uptime, "Show uptime and bandwidth utilisation");
-
- c = cli_register_command(cli, NULL, "write", NULL, NULL);
- cli_register_command(cli, c, "memory", cmd_write_memory, "Save the running config to flash");
- cli_register_command(cli, c, "terminal", cmd_show_run, "Show the running config");
-
- cli_register_command(cli, NULL, "snoop", cmd_snoop, "Temporarily enable interception for a user");
- cli_register_command(cli, NULL, "throttle", cmd_throttle, "Temporarily enable throttling for a user");
-
- c = cli_register_command(cli, NULL, "no", NULL, NULL);
- cli_register_command(cli, c, "snoop", cmd_no_snoop, "Temporarily disable interception for a user");
- cli_register_command(cli, c, "throttle", cmd_no_throttle, "Temporarily disable throttling for a user");
- cli_register_command(cli, c, "debug", cmd_no_debug, "Turn off logging of a certain level of debugging");
-
- c = cli_register_command(cli, NULL, "drop", NULL, NULL);
- cli_register_command(cli, c, "user", cmd_drop_user, "Disconnect a user");
- cli_register_command(cli, c, "tunnel", cmd_drop_tunnel, "Disconnect a tunnel and all sessions on that tunnel");
- cli_register_command(cli, c, "session", cmd_drop_session, "Disconnect a session");
-
- cli_register_command(cli, NULL, "debug", cmd_debug, "Set the level of logging that is shown on the console");
-
- /*
- c = cli_register_command(cli, NULL, "watch", NULL, NULL);
- cli_register_command(cli, c, "session", cmd_watch_session, "Dump logs for a session");
- cli_register_command(cli, c, "tunnel", cmd_watch_tunnel, "Dump logs for a tunnel");
- */
-
- c = cli_register_command(cli, NULL, "load", NULL, NULL);
- cli_register_command(cli, c, "plugin", cmd_load_plugin, "Load a plugin");
-
- c = cli_register_command(cli, NULL, "remove", NULL, NULL);
- cli_register_command(cli, c, "plugin", cmd_remove_plugin, "Remove a plugin");
-
- cli_register_command(cli, NULL, "set", cmd_set, "Set a configuration variable");
-
- // Enable regular processing
- cli_regular(cli, regular_stuff);
-
- if (!(f = fopen(CLIUSERS, "r")))
- {
- log(0, 0, 0, 0, "WARNING! No users specified. Command-line access is open to all\n");
- }
- else
- {
- while (fgets(buf, 4096, f))
- {
- char *p;
- if (*buf == '#') continue;
- if ((p = strchr(buf, '\r'))) *p = 0;
- if ((p = strchr(buf, '\n'))) *p = 0;
- if (!*buf) continue;
- if (!(p = strchr((char *)buf, ':'))) continue;
- *p++ = 0;
- cli_allow_user(cli, buf, p);
- log(3, 0, 0, 0, "Allowing user %s to connect to the CLI\n", buf);
- }
- fclose(f);
- }
-
- memset(&addr, 0, sizeof(addr));
- clifd = socket(PF_INET, SOCK_STREAM, 6);
- setsockopt(clifd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on));
- {
- int flags;
- // Set cli fd as non-blocking
- flags = fcntl(clifd, F_GETFL, 0);
- fcntl(clifd, F_SETFL, flags | O_NONBLOCK);
- }
- addr.sin_family = AF_INET;
- addr.sin_port = htons(23);
- if (bind(clifd, (void *) &addr, sizeof(addr)) < 0)
- {
- log(0, 0, 0, 0, "Error listening on cli port 23: %s\n", strerror(errno));
- return;
- }
- listen(clifd, 10);
+ cli_register_command(cli, NULL, "uptime", cmd_uptime, PRIVILEGE_UNPRIVILEGED, MODE_EXEC, "Show uptime and bandwidth utilisation");
+
+ c = cli_register_command(cli, NULL, "write", NULL, PRIVILEGE_UNPRIVILEGED, MODE_EXEC, NULL);
+ cli_register_command(cli, c, "memory", cmd_write_memory, PRIVILEGE_PRIVILEGED, MODE_EXEC, "Save the running config to flash");
+ cli_register_command(cli, c, "terminal", cmd_show_run, PRIVILEGE_UNPRIVILEGED, MODE_EXEC, "Show the running config");
+
+ cli_register_command(cli, NULL, "snoop", cmd_snoop, PRIVILEGE_PRIVILEGED, MODE_EXEC, "Temporarily enable interception for a user");
+ cli_register_command(cli, NULL, "throttle", cmd_throttle, PRIVILEGE_PRIVILEGED, MODE_EXEC, "Temporarily enable throttling for a user");
+ cli_register_command(cli, NULL, "debug", cmd_debug, PRIVILEGE_UNPRIVILEGED, MODE_EXEC, "Set the level of logging that is shown on the console");
+
+#ifdef BGP
+ c = cli_register_command(cli, NULL, "suspend", NULL, PRIVILEGE_PRIVILEGED, MODE_EXEC, NULL);
+ cli_register_command(cli, c, "bgp", cmd_suspend_bgp, PRIVILEGE_PRIVILEGED, MODE_EXEC, "Withdraw routes from BGP neighbour");
+#endif /* BGP */
+
+ c = cli_register_command(cli, NULL, "no", NULL, PRIVILEGE_UNPRIVILEGED, MODE_EXEC, NULL);
+ cli_register_command(cli, c, "snoop", cmd_no_snoop, PRIVILEGE_PRIVILEGED, MODE_EXEC, "Temporarily disable interception for a user");
+ cli_register_command(cli, c, "throttle", cmd_no_throttle, PRIVILEGE_PRIVILEGED, MODE_EXEC, "Temporarily disable throttling for a user");
+ cli_register_command(cli, c, "debug", cmd_no_debug, PRIVILEGE_UNPRIVILEGED, MODE_EXEC, "Turn off logging of a certain level of debugging");
+
+#ifdef BGP
+ c2 = cli_register_command(cli, c, "suspend", NULL, PRIVILEGE_PRIVILEGED, MODE_EXEC, NULL);
+ cli_register_command(cli, c2, "bgp", cmd_no_suspend_bgp, PRIVILEGE_PRIVILEGED, MODE_EXEC, "Advertise routes to BGP neighbour");
+
+ c = cli_register_command(cli, NULL, "restart", NULL, PRIVILEGE_PRIVILEGED, MODE_EXEC, NULL);
+ cli_register_command(cli, c, "bgp", cmd_restart_bgp, PRIVILEGE_PRIVILEGED, MODE_EXEC, "Restart BGP");
+
+ c = cli_register_command(cli, NULL, "router", NULL, PRIVILEGE_PRIVILEGED, MODE_CONFIG, NULL);
+ cli_register_command(cli, c, "bgp", cmd_router_bgp, PRIVILEGE_PRIVILEGED, MODE_CONFIG, "Configure BGP");
+
+ cli_register_command(cli, NULL, "neighbour", cmd_router_bgp_neighbour, PRIVILEGE_PRIVILEGED, MODE_CONFIG_BGP, "Configure BGP neighbour");
+
+ c = cli_register_command(cli, NULL, "no", NULL, PRIVILEGE_PRIVILEGED, MODE_CONFIG_BGP, NULL);
+ cli_register_command(cli, c, "neighbour", cmd_router_bgp_no_neighbour, PRIVILEGE_PRIVILEGED, MODE_CONFIG_BGP, "Remove BGP neighbour");
+#endif /* BGP */
+
+ c = cli_register_command(cli, NULL, "drop", NULL, PRIVILEGE_PRIVILEGED, MODE_EXEC, NULL);
+ cli_register_command(cli, c, "user", cmd_drop_user, PRIVILEGE_PRIVILEGED, MODE_EXEC, "Disconnect a user");
+ cli_register_command(cli, c, "tunnel", cmd_drop_tunnel, PRIVILEGE_PRIVILEGED, MODE_EXEC, "Disconnect a tunnel and all sessions on that tunnel");
+ cli_register_command(cli, c, "session", cmd_drop_session, PRIVILEGE_PRIVILEGED, MODE_EXEC, "Disconnect a session");
+
+ c = cli_register_command(cli, NULL, "load", NULL, PRIVILEGE_PRIVILEGED, MODE_CONFIG, NULL);
+ cli_register_command(cli, c, "plugin", cmd_load_plugin, PRIVILEGE_PRIVILEGED, MODE_CONFIG, "Load a plugin");
+
+ c = cli_register_command(cli, NULL, "remove", NULL, PRIVILEGE_PRIVILEGED, MODE_CONFIG, NULL);
+ cli_register_command(cli, c, "plugin", cmd_remove_plugin, PRIVILEGE_PRIVILEGED, MODE_CONFIG, "Remove a plugin");
+
+ cli_register_command(cli, NULL, "set", cmd_set, PRIVILEGE_PRIVILEGED, MODE_CONFIG, "Set a configuration variable");
+
+ // Enable regular processing
+ cli_regular(cli, regular_stuff);
+
+ if (!(f = fopen(CLIUSERS, "r")))
+ {
+ LOG(0, 0, 0, 0, "WARNING! No users specified. Command-line access is open to all\n");
+ }
+ else
+ {
+ while (fgets(buf, 4096, f))
+ {
+ char *p;
+ if (*buf == '#') continue;
+ if ((p = strchr(buf, '\r'))) *p = 0;
+ if ((p = strchr(buf, '\n'))) *p = 0;
+ if (!*buf) continue;
+ if (!(p = strchr((char *)buf, ':'))) continue;
+ *p++ = 0;
+ if (!strcmp(buf, "enable"))
+ {
+ cli_allow_enable(cli, p);
+ LOG(3, 0, 0, 0, "Setting enable password\n");
+ }
+ else
+ {
+ cli_allow_user(cli, buf, p);
+ LOG(3, 0, 0, 0, "Allowing user %s to connect to the CLI\n", buf);
+ }
+ }
+ fclose(f);
+ }
+
+ memset(&addr, 0, sizeof(addr));
+ clifd = socket(PF_INET, SOCK_STREAM, 6);
+ setsockopt(clifd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on));
+ {
+ int flags;
+ // Set cli fd as non-blocking
+ flags = fcntl(clifd, F_GETFL, 0);
+ fcntl(clifd, F_SETFL, flags | O_NONBLOCK);
+ }
+ addr.sin_family = AF_INET;
+ addr.sin_port = htons(23);
+ if (bind(clifd, (void *) &addr, sizeof(addr)) < 0)
+ {
+ LOG(0, 0, 0, 0, "Error listening on cli port 23: %s\n", strerror(errno));
+ return;
+ }
+ listen(clifd, 10);