The hidden wealth of IOS Tcl

Another undocumented (and thus very probably unsupported) Tcl-on-IOS detail: numerous Tcl packages are bundled with IOS and available in the tmpsys:lib/tcl directory (the tmpsys: is a virtual file system mapped to a part of the IOS image).

The list of Tcl packages seems to be pretty stable; 12.2SRC and 12.4T have the same contents of the tmpsys:lib/tcl directory.

router#dir tmpsys:lib/tcl
Directory of tmpsys:lib/tcl/

   13  -r--       19226                    <no date>  auto.tcl
   23  -r--        2549                    <no date>  base.tcl
   25  -r--        7655                    <no date>  cli_lib.tcl
   26  -r--        2589                    <no date>  context_lib.tcl
    3  drw-           0                    <no date>  eem_scripts
   28  -r--         185                    <no date>  email_template_cfg.tm
   29  -r--         147                    <no date>  email_template_chs.tm
   30  -r--         154                    <no date>  email_template_cmd.tm
   31  -r--         156                    <no date>  email_template_dmp.tm
   32  -r--         144                    <no date>  email_template_sl.tm
   33  -r--         325                    <no date>  email_template_sm.tm
   34  -r--         135                    <no date>  email_template_wd.tm
   14  -r--        9135                    <no date>  history.tcl
   15  -r--       23558                    <no date>  http.tcl
   19  -r--       17725                    <no date>  init.tcl
   21  -r--        6932                    <no date>  ldAout.tcl
   24  -r--       33266                    <no date>  optparse.tcl
   16  -r--       19415                    <no date>  package.tcl
   20  -r--        1014                    <no date>  parray.tcl
   17  -r--       32649                    <no date>  safe.tcl
   27  -r--       10367                    <no date>  smtp_lib.tcl
   22  -r--       13659                    <no date>  tclIndex
   18  -r--        4499                    <no date>  word.tcl

For whatever weird incomprehensible reason, these packages are not made available to the Tclsh interpreter started from the command line. For example, if you want to use the HTTP package, you cannot execute the package require http command like you would in any normal Tcl environment, but have to use the source "tmpsys:lib/tcl/http.tcl" command.

If you want to safeguard against a potential change-of-mind of IOS Tclsh developers, use this construct:

if {[catch {package require http}]} { source "tmpsys:lib/tcl/http.tcl" }

5 comments:

  1. I can run a simple tcl command at the command prompt such as:
    3825-r01(tcl)#exec "sho run" | redirect tftp://192.168.10.20/data1
    I'd like to copy a tcl script containing this command into the router's flash and have it run every day at
    say 6AM. This should be simple but I can't find any posts about it.

    ReplyDelete
  2. Put your command in a file and copy it to the routers flash. You can create it in Notepad and copy using FTP/TFTP. Or there's a nifty trick on this site to write it directly via TCL...

    As far as scheduling, you can register an EEM Applet which will trigger on a timer

    event manager applet BackupRunning
    event timer cron name BackupRunning cron-entry "0 23 * * 6"
    action 1 cli command "enable"
    action 2 cli command "tclsh flash:BackupRunning.tcl"

    Note - In my limited but painful experience, AAA will kill you with TCL. So if you using AAA you're on your own with automating it... :-)

    IOS v15 does have a new option when you register the applet to specify authorization bypass that may solve my AAA woes, but I haven't had a chance to test it out.

    event manager applet BackupRunning authorization bypass

    ReplyDelete
  3. Thanks, Bryan! BTW, this is how you solve the AAA problem:

    http://blog.ioshints.info/2007/05/command-authorization-fails-with-eem.html

    There was also a bug where AAA authorization would fail under weird circumstances. I know a bug report was filed, I'm not sure whether it was fixed or when.

    ReplyDelete
  4. Ivan -

    Ah, curses you are right... :-) I had tried that and it didn't work at first so I moved on to trying to bypass AAA in other ways. I've revisited and determined that I needed both the cli username and the action "enable" to work (I didn't have that originally). Thank you very much for prompting the fresh look!

    There was a bug with 12.4(22)T where TCL would only send a null username to AAA. That was fixed in 12.4(22)T2.

    Here's my script and EEM config if it is helpful to anyone else. This is to backup flash on a CME router.

    - Bryan

    flash:CopyFlash.tcl
    ------------------------------------
    proc get_dir {} {
    set dir_flash [ exec "dir flash:\n" ]
    foreach result $dir_flash {
    #Match words ending in .xxx, exclude .bin
    if [regexp -nocase {(\S+\.\w+[^bin]$)} $result] {
    lappend dir_out $result
    }
    }
    return $dir_out
    }

    #Replace ftp user/pass and server IP as appropriate
    foreach f [get_dir] {
    puts "$f"
    typeahead "\n"; exec "copy $f ftp://cmehi-1-a:cmehi-1-a@172.27.1.8\n"
    }

    EEM Config:
    -------------------------------------
    event manager session cli username "cmnq981"

    event manager applet CopyFlash
    event timer cron name CopyFlash cron-entry "0 23 * * 6" maxrun 1800
    action 1 cli command "enable"
    action 2 cli command "tclsh flash:CopyFlash.tcl"

    ReplyDelete
  5. One reason these packages are not available from Tclsh is because they are in the tmpsys file system which is controlled, managed and owned by the EEM development team at Cisco. The Tcl development team can't rely on the packages and libraries always being there since they don't own them. So they are not available to Tclsh as auto-loaded packages. At one point in time these packages were stored in the system file system but later they were moved. Such a change would have caused issues with Tclsh if they were still looking for them in system.

    ReplyDelete

You don't have to log in to post a comment, but please do provide your real name/URL. Anonymous comments might get deleted.

Ivan Pepelnjak, CCIE#1354, is the chief technology advisor for NIL Data Communications. He has been designing and implementing large-scale data communications networks as well as teaching and writing books about advanced technologies since 1990. See his full profile, contact him or follow @ioshints on Twitter.