Tuesday, March 29, 2005

Cisco Routers Run Tcl

This morning I was reading The State of the Scripting Universe by Lynn Greiner. That article features interviews with leaders in the development communities for Perl, PHP, Python, Ruby, and Tcl. The article pointed me towards a reference titled Dynamic Languages — ready for the next challenges, by design by David Ascher. While reading this second article I was surprised by this statement:

"Tcl is part of Cisco's IOS router operating system, and as such is included in all high-end Cisco routers and switches."

What's that? Tcl on my router? A quick Google for "tcl cisco ios" revealed two helpful resources: Cisco IOS Scripting with Tcl by Cisco and TCL'ing Your Cisco Router by Peter J. Welcher. Cisco's document revealed that Tcl 8.3.4 was introduced in Cisco IOS 12.3(2)T. Sure enough, it's on my Cisco router:

gill#sh ver
Cisco IOS Software, C2600 Software (C2600-ADVSECURITYK9-M),
Version 12.3(11)T3, RELEASE SOFTWARE (fc4)
...trucated...
gill#tclsh
gill(tcl)#puts "Hello world"
Hello world

gill(tcl)#exit

Peter Welcher's article expands on Cisco's document to show some of what can be done with Tcl on the Cisco router.

This absolutely blows my mind, and I can't believe I haven't heard of this before. I found a 2001 email mentioning the Tcl shell as "undocumented," although there is a reference in the Cisco IOS Configuration Guide Master Index, Release 12.1. Imagine what might be possible with this; you might be able to run arbitrary code -- Sguil even? -- on Cisco routers.

Speaking of Tcl, the newest versions of Salvatore Sanfilippo's Hping rely on the language. I reported on this last year. Salvatore has been working on a Tcl interpreter called The Jim Project, which he says "will likely merge with Hping." Salvatore is also writing a book on Tcl, some of which is online as TCLWISE: An introduction to the Tcl programming language.

11 comments:

jose nazario said...

i've been coding in Tcl for many years, starting in grad school. while i prefer python these days for a variety of projects and reasons, i still have my Tcl chops.

some time ago i released a much improve Tcl-pcap interface, "tcap": http://wiki.tcl.tk/tcap ... you can do all sorts of fun stuff with it, and even integrate it with Clif's Tcl-ized dnet to do full on packet capture and creation.

hope this helps. basically, using a scripting language to do network futzing is worth it. more readily reusable code and such, and no pesky pointers to worry about.

Richard Bejtlich said...

Thanks Jose. I haven't heard any more on a review copy of your book. If you have any details, please email me at taosecurity at gmail dot com.

Anonymous said...

Quite funny to read this ... :) I will try to quote from memory (apologies if I mis-quote) from a Nortel book, from the end of the 90s:

"The Bay Command Console (BCC) is running on BayRS, is an addition to the traditional Technician Interface (TI), and is based on the Tool Command Language (TCL) ..."

I have no intention of starting a Cisco-Nortel war (especially as I have been, myself, migrating the whole infrastructure to Cisco, from a Cabletron (switch) - Bay/Nortel (routers), in the last three years) ... so just take the above as pure informational.

Anonymous said...

there is a cisco undocumented project called "dotu".

i contributed the tclsh command to this project in 2000 after using the command myself for almost a year.

it was useful to be on console and do something such as:

for { set i 0 } { $i <= 24 } { incr i } {
puts "interface FastEthernet0/$i"
puts "no shutdown"
}

when you're on a wyse terminal and no access to gnu screen or anything to copy/paste, it was fairly useful. other than that, the only use i've thought about it is for writing some kind of nasty backdoor or worm against IOS.

Anonymous said...

also in the year 2000, there was an article in phrack issue 56 (line noise) by krnl.

http://phrack.org/show.php?p=56&a=3

the "dotu" project started about 4 months prior to krnl's article.



i am assuming that the undocumented commands coincided with the 11.2 source code release on efnet. i never saw this code, but i did a similar analysis with the 12.0t src code.

( cd src ; egrep PRIV_INTERNAL\|PRIV_UNSUPPORTED\|PRIV_USER_HIDDEN\|PRIV_HIDDEN \|PRIV_NONVGEN *.[ch] )

Tcl'er said...

Not only Tclsh is included in Cisco high level routers, but the their CLI part of the IOS is itself written in Tcl.

Hence, the new thing is that Cisco opened the access to the Tcl shell from the CLI. Tcl actually existed in Cisco routers since the early '90s.

Tcl.. simply the best ;-)

Anonymous said...

Does anyone have the article " TCL'ing Your Cisco Router". When I hit the hyperlink, I get a link-no-longer-exists message.

Thanks.

Richard Bejtlich said...

Try this.

Anonymous said...
This comment has been removed by a blog administrator.
Richard Bejtlich said...

Creating Backdoors in Cisco IOS using Tcl

dghnfgj said...
This comment has been removed by a blog administrator.