From e0354bc33038c601ddf3ae8228196b8bd61b81a7 Mon Sep 17 00:00:00 2001 From: Vadim Kurland Date: Fri, 18 Mar 2011 17:29:04 -0700 Subject: [PATCH] see #2247 better grammar to parse tcp/udp specs for pix < 8.3 where keyword "destination" does not appear in "show run" output --- src/parsers/PIXCfgLexer.cpp | 188 +++++++------- src/parsers/PIXCfgParser.cpp | 243 ++++++++++-------- src/parsers/pix.g | 2 +- .../ImporterTest/test_data/asa8.0.test | 114 ++++++++ 4 files changed, 351 insertions(+), 196 deletions(-) create mode 100644 src/unit_tests/ImporterTest/test_data/asa8.0.test diff --git a/src/parsers/PIXCfgLexer.cpp b/src/parsers/PIXCfgLexer.cpp index 2c99b5265..84fb4b945 100644 --- a/src/parsers/PIXCfgLexer.cpp +++ b/src/parsers/PIXCfgLexer.cpp @@ -444,11 +444,11 @@ void PIXCfgLexer::mLINE_COMMENT(bool _createToken) { } } else { - goto _loop178; + goto _loop179; } } - _loop178:; + _loop179:; } // ( ... )* mNEWLINE(false); if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { @@ -506,11 +506,11 @@ void PIXCfgLexer::mCOLON_COMMENT(bool _createToken) { } } else { - goto _loop182; + goto _loop183; } } - _loop182:; + _loop183:; } // ( ... )* mNEWLINE(false); if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { @@ -689,15 +689,15 @@ void PIXCfgLexer::mNUMBER(bool _createToken) { ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; { - bool synPredMatched230 = false; + bool synPredMatched231 = false; if (((_tokenSet_2.member(LA(1))) && (_tokenSet_3.member(LA(2))) && (true))) { - int _m230 = mark(); - synPredMatched230 = true; + int _m231 = mark(); + synPredMatched231 = true; inputState->guessing++; try { { { // ( ... )+ - int _cnt229=0; + int _cnt230=0; for (;;) { switch ( LA(1)) { case 0x61 /* 'a' */ : @@ -726,27 +726,27 @@ void PIXCfgLexer::mNUMBER(bool _createToken) { } default: { - if ( _cnt229>=1 ) { goto _loop229; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt230>=1 ) { goto _loop230; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } } - _cnt229++; + _cnt230++; } - _loop229:; + _loop230:; } // ( ... )+ mCOLON(false); } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { - synPredMatched230 = false; + synPredMatched231 = false; } - rewind(_m230); + rewind(_m231); inputState->guessing--; } - if ( synPredMatched230 ) { + if ( synPredMatched231 ) { { { { // ( ... )+ - int _cnt234=0; + int _cnt235=0; for (;;) { switch ( LA(1)) { case 0x61 /* 'a' */ : @@ -775,15 +775,15 @@ void PIXCfgLexer::mNUMBER(bool _createToken) { } default: { - if ( _cnt234>=1 ) { goto _loop234; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt235>=1 ) { goto _loop235; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } } - _cnt234++; + _cnt235++; } - _loop234:; + _loop235:; } // ( ... )+ { // ( ... )+ - int _cnt238=0; + int _cnt239=0; for (;;) { if ((LA(1) == 0x3a /* ':' */ )) { mCOLON(false); @@ -816,20 +816,20 @@ void PIXCfgLexer::mNUMBER(bool _createToken) { } default: { - goto _loop237; + goto _loop238; } } } - _loop237:; + _loop238:; } // ( ... )* } else { - if ( _cnt238>=1 ) { goto _loop238; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt239>=1 ) { goto _loop239; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt238++; + _cnt239++; } - _loop238:; + _loop239:; } // ( ... )+ } if ( inputState->guessing==0 ) { @@ -840,10 +840,10 @@ void PIXCfgLexer::mNUMBER(bool _createToken) { } } else { - bool synPredMatched195 = false; + bool synPredMatched196 = false; if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (true) && (true))) { - int _m195 = mark(); - synPredMatched195 = true; + int _m196 = mark(); + synPredMatched196 = true; inputState->guessing++; try { { @@ -851,132 +851,132 @@ void PIXCfgLexer::mNUMBER(bool _createToken) { } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { - synPredMatched195 = false; + synPredMatched196 = false; } - rewind(_m195); + rewind(_m196); inputState->guessing--; } - if ( synPredMatched195 ) { + if ( synPredMatched196 ) { { - bool synPredMatched204 = false; + bool synPredMatched205 = false; if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (_tokenSet_4.member(LA(2))) && (_tokenSet_4.member(LA(3))))) { - int _m204 = mark(); - synPredMatched204 = true; + int _m205 = mark(); + synPredMatched205 = true; inputState->guessing++; try { { { // ( ... )+ - int _cnt199=0; + int _cnt200=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt199>=1 ) { goto _loop199; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt200>=1 ) { goto _loop200; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt199++; + _cnt200++; } - _loop199:; + _loop200:; } // ( ... )+ mDOT(false); { // ( ... )+ - int _cnt201=0; + int _cnt202=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt201>=1 ) { goto _loop201; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt202>=1 ) { goto _loop202; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt201++; + _cnt202++; } - _loop201:; + _loop202:; } // ( ... )+ mDOT(false); { // ( ... )+ - int _cnt203=0; + int _cnt204=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt203>=1 ) { goto _loop203; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt204>=1 ) { goto _loop204; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt203++; + _cnt204++; } - _loop203:; + _loop204:; } // ( ... )+ } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { - synPredMatched204 = false; + synPredMatched205 = false; } - rewind(_m204); + rewind(_m205); inputState->guessing--; } - if ( synPredMatched204 ) { + if ( synPredMatched205 ) { { { // ( ... )+ - int _cnt207=0; + int _cnt208=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt207>=1 ) { goto _loop207; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt208>=1 ) { goto _loop208; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt207++; + _cnt208++; } - _loop207:; + _loop208:; } // ( ... )+ mDOT(false); { // ( ... )+ - int _cnt209=0; + int _cnt210=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt209>=1 ) { goto _loop209; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt210>=1 ) { goto _loop210; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt209++; + _cnt210++; } - _loop209:; + _loop210:; } // ( ... )+ mDOT(false); { // ( ... )+ - int _cnt211=0; + int _cnt212=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt211>=1 ) { goto _loop211; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt212>=1 ) { goto _loop212; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt211++; + _cnt212++; } - _loop211:; + _loop212:; } // ( ... )+ mDOT(false); { // ( ... )+ - int _cnt213=0; + int _cnt214=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt213>=1 ) { goto _loop213; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt214>=1 ) { goto _loop214; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt213++; + _cnt214++; } - _loop213:; + _loop214:; } // ( ... )+ } if ( inputState->guessing==0 ) { @@ -986,97 +986,97 @@ void PIXCfgLexer::mNUMBER(bool _createToken) { } } else { - bool synPredMatched219 = false; + bool synPredMatched220 = false; if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (_tokenSet_4.member(LA(2))) && (_tokenSet_4.member(LA(3))))) { - int _m219 = mark(); - synPredMatched219 = true; + int _m220 = mark(); + synPredMatched220 = true; inputState->guessing++; try { { { // ( ... )+ - int _cnt216=0; + int _cnt217=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt216>=1 ) { goto _loop216; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt217>=1 ) { goto _loop217; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt216++; + _cnt217++; } - _loop216:; + _loop217:; } // ( ... )+ mDOT(false); { // ( ... )+ - int _cnt218=0; + int _cnt219=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt218>=1 ) { goto _loop218; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt219>=1 ) { goto _loop219; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt218++; + _cnt219++; } - _loop218:; + _loop219:; } // ( ... )+ } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { - synPredMatched219 = false; + synPredMatched220 = false; } - rewind(_m219); + rewind(_m220); inputState->guessing--; } - if ( synPredMatched219 ) { + if ( synPredMatched220 ) { { { // ( ... )+ - int _cnt222=0; + int _cnt223=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt222>=1 ) { goto _loop222; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt223>=1 ) { goto _loop223; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt222++; + _cnt223++; } - _loop222:; + _loop223:; } // ( ... )+ mDOT(false); { // ( ... )+ - int _cnt224=0; + int _cnt225=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt224>=1 ) { goto _loop224; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt225>=1 ) { goto _loop225; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt224++; + _cnt225++; } - _loop224:; + _loop225:; } // ( ... )+ } } else if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (true) && (true)) { { // ( ... )+ - int _cnt226=0; + int _cnt227=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt226>=1 ) { goto _loop226; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt227>=1 ) { goto _loop227; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt226++; + _cnt227++; } - _loop226:; + _loop227:; } // ( ... )+ if ( inputState->guessing==0 ) { #line 1502 "pix.g" @@ -1317,11 +1317,11 @@ void PIXCfgLexer::mNUMBER(bool _createToken) { } default: { - goto _loop241; + goto _loop242; } } } - _loop241:; + _loop242:; } // ( ... )* if ( inputState->guessing==0 ) { #line 1515 "pix.g" @@ -1368,11 +1368,11 @@ void PIXCfgLexer::mSTRING(bool _createToken) { matchNot('\"' /* charlit */ ); } else { - goto _loop244; + goto _loop245; } } - _loop244:; + _loop245:; } // ( ... )* match('\"' /* charlit */ ); if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { diff --git a/src/parsers/PIXCfgParser.cpp b/src/parsers/PIXCfgParser.cpp index b1707d0df..334a8f8f1 100644 --- a/src/parsers/PIXCfgParser.cpp +++ b/src/parsers/PIXCfgParser.cpp @@ -456,18 +456,18 @@ void PIXCfgParser::intrface() { } } { // ( ... )+ - int _cnt145=0; + int _cnt146=0; for (;;) { if ((LA(1) == NEWLINE) && (_tokenSet_2.member(LA(2)))) { interface_parameters(); } else { - if ( _cnt145>=1 ) { goto _loop145; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());} + if ( _cnt146>=1 ) { goto _loop146; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());} } - _cnt145++; + _cnt146++; } - _loop145:; + _loop146:; } // ( ... )+ match(NEWLINE); match(LINE_COMMENT); @@ -822,18 +822,18 @@ void PIXCfgParser::object_group_network() { #line 823 "PIXCfgParser.cpp" } { // ( ... )+ - int _cnt47=0; + int _cnt48=0; for (;;) { if ((LA(1) == NEWLINE) && (LA(2) == DESCRIPTION || LA(2) == GROUP_OBJECT || LA(2) == NETWORK_OBJECT)) { object_group_network_parameters(); } else { - if ( _cnt47>=1 ) { goto _loop47; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());} + if ( _cnt48>=1 ) { goto _loop48; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());} } - _cnt47++; + _cnt48++; } - _loop47:; + _loop48:; } // ( ... )+ } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -867,18 +867,18 @@ void PIXCfgParser::object_group_service() { #line 868 "PIXCfgParser.cpp" } { // ( ... )+ - int _cnt75=0; + int _cnt76=0; for (;;) { if ((LA(1) == NEWLINE) && (LA(2) == DESCRIPTION || LA(2) == GROUP_OBJECT || LA(2) == SERVICE_OBJECT)) { object_group_service_parameters(); } else { - if ( _cnt75>=1 ) { goto _loop75; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());} + if ( _cnt76>=1 ) { goto _loop76; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());} } - _cnt75++; + _cnt76++; } - _loop75:; + _loop76:; } // ( ... )+ } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -912,18 +912,18 @@ void PIXCfgParser::object_group_protocol() { #line 913 "PIXCfgParser.cpp" } { // ( ... )+ - int _cnt59=0; + int _cnt60=0; for (;;) { if ((LA(1) == NEWLINE) && (LA(2) == DESCRIPTION || LA(2) == GROUP_OBJECT || LA(2) == PROTOCOL_OBJECT)) { object_group_protocol_parameters(); } else { - if ( _cnt59>=1 ) { goto _loop59; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());} + if ( _cnt60>=1 ) { goto _loop60; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());} } - _cnt59++; + _cnt60++; } - _loop59:; + _loop60:; } // ( ... )+ } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -957,18 +957,18 @@ void PIXCfgParser::object_group_icmp() { #line 958 "PIXCfgParser.cpp" } { // ( ... )+ - int _cnt67=0; + int _cnt68=0; for (;;) { if ((LA(1) == NEWLINE) && (LA(2) == DESCRIPTION || LA(2) == GROUP_OBJECT || LA(2) == ICMP_OBJECT)) { object_group_icmp_parameters(); } else { - if ( _cnt67>=1 ) { goto _loop67; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());} + if ( _cnt68>=1 ) { goto _loop68; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());} } - _cnt67++; + _cnt68++; } - _loop67:; + _loop68:; } // ( ... )+ } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1584,6 +1584,7 @@ void PIXCfgParser::service_tcp_udp() { case WORD: case IPV6: case OBJECT: + case RANGE: case DESTINATION: case OBJECT_GROUP: case CRYPTO: @@ -1592,6 +1593,10 @@ void PIXCfgParser::service_tcp_udp() { case ASA_WORD: case HOSTNAME: case ACCESS_LIST: + case P_EQ: + case P_GT: + case P_LT: + case P_NEQ: case CONTROLLER: case INTRFACE: case LINE_COMMENT: @@ -1608,7 +1613,12 @@ void PIXCfgParser::service_tcp_udp() { } { switch ( LA(1)) { + case RANGE: case DESTINATION: + case P_EQ: + case P_GT: + case P_LT: + case P_NEQ: { dst_port_spec(); break; @@ -1649,7 +1659,7 @@ void PIXCfgParser::service_tcp_udp() { importer->setCurrentLineNumber(LT(0)->getLine()); importer->commitNamedTCPUDPServiceObject(); -#line 1653 "PIXCfgParser.cpp" +#line 1663 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1707,7 +1717,7 @@ void PIXCfgParser::service_other() { importer->commitNamedIPServiceObject(); *dbg << "NAMED OBJECT SERVICE " << LT(0)->getText() << " "; -#line 1711 "PIXCfgParser.cpp" +#line 1721 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1731,7 +1741,7 @@ void PIXCfgParser::src_port_spec() { importer->SaveTmpPortToSrc(); -#line 1735 "PIXCfgParser.cpp" +#line 1745 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1748,14 +1758,34 @@ void PIXCfgParser::dst_port_spec() { Tracer traceInOut(this, "dst_port_spec"); try { // for error handling - match(DESTINATION); + { + switch ( LA(1)) { + case DESTINATION: + { + match(DESTINATION); + break; + } + case RANGE: + case P_EQ: + case P_GT: + case P_LT: + case P_NEQ: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } xoperator(); if ( inputState->guessing==0 ) { #line 378 "pix.g" importer->SaveTmpPortToDst(); -#line 1759 "PIXCfgParser.cpp" +#line 1789 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1860,7 +1890,7 @@ void PIXCfgParser::object_group_description() { importer->setObjectGroupDescription(descr); *dbg << " DESCRIPTION " << descr << std::endl; -#line 1864 "PIXCfgParser.cpp" +#line 1894 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1889,7 +1919,7 @@ void PIXCfgParser::group_object() { importer->addNamedObjectToObjectGroup(name->getText()); *dbg << " GROUP MEMBER " << name->getLine() << std::endl; -#line 1893 "PIXCfgParser.cpp" +#line 1923 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1919,7 +1949,7 @@ void PIXCfgParser::network_object() { importer->clearTempVars(); importer->setCurrentLineNumber(LT(0)->getLine()); -#line 1923 "PIXCfgParser.cpp" +#line 1953 "PIXCfgParser.cpp" } { switch ( LA(1)) { @@ -1967,7 +1997,7 @@ void PIXCfgParser::network_object() { consumeUntil(NEWLINE); } -#line 1971 "PIXCfgParser.cpp" +#line 2001 "PIXCfgParser.cpp" } break; } @@ -2011,7 +2041,7 @@ void PIXCfgParser::network_object() { consumeUntil(NEWLINE); } -#line 2015 "PIXCfgParser.cpp" +#line 2045 "PIXCfgParser.cpp" } break; } @@ -2026,7 +2056,7 @@ void PIXCfgParser::network_object() { importer->addNamedObjectToObjectGroup(name->getText()); *dbg << " GROUP MEMBER " << name->getLine() << std::endl; -#line 2030 "PIXCfgParser.cpp" +#line 2060 "PIXCfgParser.cpp" } break; } @@ -2098,7 +2128,7 @@ void PIXCfgParser::protocol_object() { importer->clearTempVars(); importer->setCurrentLineNumber(LT(0)->getLine()); -#line 2102 "PIXCfgParser.cpp" +#line 2132 "PIXCfgParser.cpp" } { switch ( LA(1)) { @@ -2159,7 +2189,7 @@ void PIXCfgParser::protocol_object() { importer->addIPServiceToObjectGroup(); *dbg << " GROUP MEMBER " << LT(0)->getText() << " "; -#line 2163 "PIXCfgParser.cpp" +#line 2193 "PIXCfgParser.cpp" } break; } @@ -2174,7 +2204,7 @@ void PIXCfgParser::protocol_object() { importer->addNamedObjectToObjectGroup(name->getText()); *dbg << " GROUP MEMBER " << name->getLine() << std::endl; -#line 2178 "PIXCfgParser.cpp" +#line 2208 "PIXCfgParser.cpp" } break; } @@ -2248,7 +2278,7 @@ void PIXCfgParser::icmp_object() { importer->clearTempVars(); importer->setCurrentLineNumber(LT(0)->getLine()); -#line 2252 "PIXCfgParser.cpp" +#line 2282 "PIXCfgParser.cpp" } { switch ( LA(1)) { @@ -2266,7 +2296,7 @@ void PIXCfgParser::icmp_object() { importer->icmp_type = LT(0)->getText(); -#line 2270 "PIXCfgParser.cpp" +#line 2300 "PIXCfgParser.cpp" } break; } @@ -2279,7 +2309,7 @@ void PIXCfgParser::icmp_object() { importer->icmp_spec = icmp_word->getText(); -#line 2283 "PIXCfgParser.cpp" +#line 2313 "PIXCfgParser.cpp" } break; } @@ -2295,7 +2325,7 @@ void PIXCfgParser::icmp_object() { importer->addICMPServiceToObjectGroup(); *dbg << " SERVICE ICMP " << LT(0)->getText() << " "; -#line 2299 "PIXCfgParser.cpp" +#line 2329 "PIXCfgParser.cpp" } break; } @@ -2310,7 +2340,7 @@ void PIXCfgParser::icmp_object() { importer->addNamedObjectToObjectGroup(name->getText()); *dbg << " GROUP MEMBER " << name->getLine() << std::endl; -#line 2314 "PIXCfgParser.cpp" +#line 2344 "PIXCfgParser.cpp" } break; } @@ -2384,7 +2414,7 @@ void PIXCfgParser::service_object() { importer->clearTempVars(); importer->setCurrentLineNumber(LT(0)->getLine()); -#line 2388 "PIXCfgParser.cpp" +#line 2418 "PIXCfgParser.cpp" } { switch ( LA(1)) { @@ -2445,7 +2475,7 @@ void PIXCfgParser::service_object() { importer->addIPServiceToObjectGroup(); *dbg << " GROUP MEMBER " << LT(0)->getText() << " "; -#line 2449 "PIXCfgParser.cpp" +#line 2479 "PIXCfgParser.cpp" } break; } @@ -2476,7 +2506,7 @@ void PIXCfgParser::service_object() { importer->protocol = LT(0)->getText(); *dbg << " SERVICE TCP/UDP" << LT(0)->getText() << " "; -#line 2480 "PIXCfgParser.cpp" +#line 2510 "PIXCfgParser.cpp" } { switch ( LA(1)) { @@ -2494,6 +2524,7 @@ void PIXCfgParser::service_object() { case WORD: case IPV6: case OBJECT: + case RANGE: case DESTINATION: case OBJECT_GROUP: case CRYPTO: @@ -2502,6 +2533,10 @@ void PIXCfgParser::service_object() { case ASA_WORD: case HOSTNAME: case ACCESS_LIST: + case P_EQ: + case P_GT: + case P_LT: + case P_NEQ: case CONTROLLER: case INTRFACE: case LINE_COMMENT: @@ -2518,7 +2553,12 @@ void PIXCfgParser::service_object() { } { switch ( LA(1)) { + case RANGE: case DESTINATION: + case P_EQ: + case P_GT: + case P_LT: + case P_NEQ: { dst_port_spec(); break; @@ -2558,7 +2598,7 @@ void PIXCfgParser::service_object() { importer->addTCPUDPServiceToObjectGroup(); -#line 2562 "PIXCfgParser.cpp" +#line 2602 "PIXCfgParser.cpp" } break; } @@ -2576,7 +2616,7 @@ void PIXCfgParser::service_object() { importer->icmp_type = LT(0)->getText(); -#line 2580 "PIXCfgParser.cpp" +#line 2620 "PIXCfgParser.cpp" } break; } @@ -2589,7 +2629,7 @@ void PIXCfgParser::service_object() { importer->icmp_spec = icmp_word->getText(); -#line 2593 "PIXCfgParser.cpp" +#line 2633 "PIXCfgParser.cpp" } break; } @@ -2605,7 +2645,7 @@ void PIXCfgParser::service_object() { importer->addICMPServiceToObjectGroup(); *dbg << " SERVICE ICMP " << LT(0)->getText() << " "; -#line 2609 "PIXCfgParser.cpp" +#line 2649 "PIXCfgParser.cpp" } break; } @@ -2620,7 +2660,7 @@ void PIXCfgParser::service_object() { importer->addNamedObjectToObjectGroup(name->getText()); *dbg << " GROUP MEMBER " << name->getLine() << std::endl; -#line 2624 "PIXCfgParser.cpp" +#line 2664 "PIXCfgParser.cpp" } break; } @@ -2654,7 +2694,7 @@ void PIXCfgParser::permit_ext() { importer->action = "permit"; *dbg << LT(1)->getLine() << ":" << " permit "; -#line 2658 "PIXCfgParser.cpp" +#line 2698 "PIXCfgParser.cpp" } rule_ext(); match(NEWLINE); @@ -2663,7 +2703,7 @@ void PIXCfgParser::permit_ext() { importer->pushRule(); -#line 2667 "PIXCfgParser.cpp" +#line 2707 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -2689,7 +2729,7 @@ void PIXCfgParser::deny_ext() { importer->action = "deny"; *dbg << LT(1)->getLine() << ":" << " deny "; -#line 2693 "PIXCfgParser.cpp" +#line 2733 "PIXCfgParser.cpp" } rule_ext(); match(NEWLINE); @@ -2698,7 +2738,7 @@ void PIXCfgParser::deny_ext() { importer->pushRule(); -#line 2702 "PIXCfgParser.cpp" +#line 2742 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -2731,7 +2771,7 @@ void PIXCfgParser::remark() { *dbg << " REMARK " << rem << std::endl; //consumeUntil(NEWLINE); -#line 2735 "PIXCfgParser.cpp" +#line 2775 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -2771,13 +2811,13 @@ void PIXCfgParser::rule_ext() { if ( inputState->guessing==0 ) { #line 803 "pix.g" importer->SaveTmpAddrToSrc(); *dbg << "(src) "; -#line 2775 "PIXCfgParser.cpp" +#line 2815 "PIXCfgParser.cpp" } hostaddr_ext(); if ( inputState->guessing==0 ) { #line 804 "pix.g" importer->SaveTmpAddrToDst(); *dbg << "(dst) "; -#line 2781 "PIXCfgParser.cpp" +#line 2821 "PIXCfgParser.cpp" } { switch ( LA(1)) { @@ -2847,19 +2887,19 @@ void PIXCfgParser::rule_ext() { importer->protocol = LT(0)->getText(); *dbg << "protocol " << LT(0)->getText() << " "; -#line 2851 "PIXCfgParser.cpp" +#line 2891 "PIXCfgParser.cpp" } hostaddr_ext(); if ( inputState->guessing==0 ) { #line 814 "pix.g" importer->SaveTmpAddrToSrc(); *dbg << "(src) "; -#line 2857 "PIXCfgParser.cpp" +#line 2897 "PIXCfgParser.cpp" } hostaddr_ext(); if ( inputState->guessing==0 ) { #line 815 "pix.g" importer->SaveTmpAddrToDst(); *dbg << "(dst) "; -#line 2863 "PIXCfgParser.cpp" +#line 2903 "PIXCfgParser.cpp" } { switch ( LA(1)) { @@ -2969,13 +3009,13 @@ void PIXCfgParser::rule_ext() { importer->protocol = LT(0)->getText(); *dbg << "protocol " << LT(0)->getText() << " "; -#line 2973 "PIXCfgParser.cpp" +#line 3013 "PIXCfgParser.cpp" } hostaddr_ext(); if ( inputState->guessing==0 ) { #line 826 "pix.g" importer->SaveTmpAddrToSrc(); *dbg << "(src) "; -#line 2979 "PIXCfgParser.cpp" +#line 3019 "PIXCfgParser.cpp" } { switch ( LA(1)) { @@ -2989,7 +3029,7 @@ void PIXCfgParser::rule_ext() { if ( inputState->guessing==0 ) { #line 827 "pix.g" importer->SaveTmpPortToSrc(); -#line 2993 "PIXCfgParser.cpp" +#line 3033 "PIXCfgParser.cpp" } break; } @@ -3009,7 +3049,7 @@ void PIXCfgParser::rule_ext() { if ( inputState->guessing==0 ) { #line 828 "pix.g" importer->SaveTmpAddrToDst(); *dbg << "(dst) "; -#line 3013 "PIXCfgParser.cpp" +#line 3053 "PIXCfgParser.cpp" } { switch ( LA(1)) { @@ -3023,7 +3063,7 @@ void PIXCfgParser::rule_ext() { if ( inputState->guessing==0 ) { #line 829 "pix.g" importer->SaveTmpPortToDst(); -#line 3027 "PIXCfgParser.cpp" +#line 3067 "PIXCfgParser.cpp" } break; } @@ -3133,7 +3173,7 @@ void PIXCfgParser::rule_ext() { *dbg << std::endl; -#line 3137 "PIXCfgParser.cpp" +#line 3177 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -3157,7 +3197,7 @@ void PIXCfgParser::ip_protocols() { importer->protocol = LT(0)->getText(); *dbg << "protocol " << LT(0)->getText() << " "; -#line 3161 "PIXCfgParser.cpp" +#line 3201 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -3192,7 +3232,7 @@ void PIXCfgParser::hostaddr_ext() { importer->tmp_nm = "255.255.255.255"; *dbg << h->getText() << "/255.255.255.255"; -#line 3196 "PIXCfgParser.cpp" +#line 3236 "PIXCfgParser.cpp" } break; } @@ -3211,7 +3251,7 @@ void PIXCfgParser::hostaddr_ext() { importer->tmp_nm = m->getText(); *dbg << a->getText() << "/" << m->getText(); -#line 3215 "PIXCfgParser.cpp" +#line 3255 "PIXCfgParser.cpp" } break; } @@ -3225,7 +3265,7 @@ void PIXCfgParser::hostaddr_ext() { importer->tmp_nm = "0.0.0.0"; *dbg << "0.0.0.0/0.0.0.0"; -#line 3229 "PIXCfgParser.cpp" +#line 3269 "PIXCfgParser.cpp" } break; } @@ -3259,7 +3299,7 @@ void PIXCfgParser::time_range() { importer->time_range_name = tr_name->getText(); *dbg << "time_range " << tr_name->getText() << " "; -#line 3263 "PIXCfgParser.cpp" +#line 3303 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -3283,7 +3323,7 @@ void PIXCfgParser::fragments() { importer->fragments = true; *dbg << "fragments "; -#line 3287 "PIXCfgParser.cpp" +#line 3327 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -3324,7 +3364,7 @@ void PIXCfgParser::log() { importer->logging = true; *dbg << "logging "; -#line 3328 "PIXCfgParser.cpp" +#line 3368 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -3363,7 +3403,7 @@ void PIXCfgParser::icmp_spec() { *dbg << icmp_type->getText() << " " << icmp_code->getText() << " "; -#line 3367 "PIXCfgParser.cpp" +#line 3407 "PIXCfgParser.cpp" } break; } @@ -3377,7 +3417,7 @@ void PIXCfgParser::icmp_spec() { importer->icmp_spec = icmp_word->getText(); *dbg << icmp_word->getText() << " "; -#line 3381 "PIXCfgParser.cpp" +#line 3421 "PIXCfgParser.cpp" } break; } @@ -3409,7 +3449,7 @@ void PIXCfgParser::established() { importer->established = true; *dbg << "established "; -#line 3413 "PIXCfgParser.cpp" +#line 3453 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -3460,7 +3500,7 @@ void PIXCfgParser::single_port_op() { importer->tmp_port_op = LT(0)->getText(); *dbg << LT(0)->getText() << " "; -#line 3464 "PIXCfgParser.cpp" +#line 3504 "PIXCfgParser.cpp" } port_spec(); } @@ -3486,7 +3526,7 @@ void PIXCfgParser::port_range() { importer->tmp_port_op = "range"; *dbg << "range "; -#line 3490 "PIXCfgParser.cpp" +#line 3530 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -3527,7 +3567,7 @@ void PIXCfgParser::port_spec() { importer->tmp_port_spec = (std::string(" ") + LT(0)->getText()); *dbg << LT(0)->getText() << " " << importer->tmp_port_spec; -#line 3531 "PIXCfgParser.cpp" +#line 3571 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -3599,7 +3639,7 @@ void PIXCfgParser::pair_of_ports_spec() { if (e2) importer->tmp_port_spec += e2->getText(); *dbg << "pair of ports: " << importer->tmp_port_spec; -#line 3603 "PIXCfgParser.cpp" +#line 3643 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -3631,7 +3671,7 @@ void PIXCfgParser::hostaddr_std() { importer->tmp_nm = "0.0.0.0"; *dbg << h->getText() << "/0.0.0.0"; -#line 3635 "PIXCfgParser.cpp" +#line 3675 "PIXCfgParser.cpp" } } else if ((LA(1) == IPV4) && (LA(2) == IPV4)) { @@ -3648,7 +3688,7 @@ void PIXCfgParser::hostaddr_std() { importer->tmp_nm = m->getText(); *dbg << a->getText() << "/" << m->getText(); -#line 3652 "PIXCfgParser.cpp" +#line 3692 "PIXCfgParser.cpp" } } else if ((LA(1) == ANY)) { @@ -3660,7 +3700,7 @@ void PIXCfgParser::hostaddr_std() { importer->tmp_nm = "0.0.0.0"; *dbg << "0.0.0.0/0.0.0.0"; -#line 3664 "PIXCfgParser.cpp" +#line 3704 "PIXCfgParser.cpp" } } else { @@ -3697,7 +3737,7 @@ void PIXCfgParser::interface_description() { *dbg << " DESCRIPTION " << descr << std::endl; //consumeUntil(NEWLINE); -#line 3701 "PIXCfgParser.cpp" +#line 3741 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -3720,7 +3760,7 @@ void PIXCfgParser::interface_parameters() { importer->setCurrentLineNumber(LT(0)->getLine()); -#line 3724 "PIXCfgParser.cpp" +#line 3764 "PIXCfgParser.cpp" } { switch ( LA(1)) { @@ -3849,7 +3889,7 @@ void PIXCfgParser::vlan_interface() { importer->setInterfaceVlanId(vlan_id->getText()); *dbg << " VLAN: " << vlan_id->getText() << std::endl; -#line 3853 "PIXCfgParser.cpp" +#line 3893 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -3876,7 +3916,7 @@ void PIXCfgParser::sec_level() { importer->setInterfaceSecurityLevel(sec_level->getText()); *dbg << "SEC_LEVEL: " << sec_level->getText() << std::endl; -#line 3880 "PIXCfgParser.cpp" +#line 3920 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -3930,7 +3970,7 @@ void PIXCfgParser::nameif() { *dbg << " NAMEIF: " << p_intf->getText() << label << seclevel << std::endl; -#line 3934 "PIXCfgParser.cpp" +#line 3974 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -3959,7 +3999,7 @@ void PIXCfgParser::switchport() { importer->addMessageToLog("Switch port vlan " + vlan_num->getText()); *dbg << "Switch port vlan " << vlan_num->getText() << std::endl; -#line 3963 "PIXCfgParser.cpp" +#line 4003 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -3984,7 +4024,7 @@ void PIXCfgParser::shutdown() { *dbg<< LT(1)->getLine() << ":" << " INTERFACE SHUTDOWN " << std::endl; -#line 3988 "PIXCfgParser.cpp" +#line 4028 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -4010,7 +4050,7 @@ void PIXCfgParser::interface_no_commands() { << LT(0)->getText() << std::endl; consumeUntil(NEWLINE); -#line 4014 "PIXCfgParser.cpp" +#line 4054 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -4112,7 +4152,7 @@ void PIXCfgParser::unsupported_interface_commands() { << LT(0)->getText() << std::endl; consumeUntil(NEWLINE); -#line 4116 "PIXCfgParser.cpp" +#line 4156 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -4203,7 +4243,7 @@ void PIXCfgParser::v6_dhcp_address() { // which we do not support consumeUntil(NEWLINE); -#line 4207 "PIXCfgParser.cpp" +#line 4247 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -4241,7 +4281,7 @@ void PIXCfgParser::v6_static_address() { // in case there are some other parameters after address and netmask consumeUntil(NEWLINE); -#line 4245 "PIXCfgParser.cpp" +#line 4285 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -4270,7 +4310,7 @@ void PIXCfgParser::v7_dhcp_address() { << " INTRFACE ADDRESS: " << addr << std::endl; consumeUntil(NEWLINE); -#line 4274 "PIXCfgParser.cpp" +#line 4314 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -4330,7 +4370,7 @@ void PIXCfgParser::v7_static_address() { } consumeUntil(NEWLINE); -#line 4334 "PIXCfgParser.cpp" +#line 4374 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -4371,7 +4411,7 @@ void PIXCfgParser::access_group_by_name() { << " " << intf_label->getText() << " " << dir->getText() << std::endl; -#line 4375 "PIXCfgParser.cpp" +#line 4415 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -4549,16 +4589,17 @@ const unsigned long PIXCfgParser::_tokenSet_4_data_[] = { 134209600UL, 16UL, 0UL // "ip" "ah" "eigrp" "esp" "gre" "igmp" "igrp" "ipinip" IPSEC "nos" "ospf" // "pcp" "pim" PPTP SNP INT_CONST const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_4(_tokenSet_4_data_,6); -const unsigned long PIXCfgParser::_tokenSet_5_data_[] = { 134224754UL, 87819776UL, 896UL, 6UL, 0UL, 0UL, 0UL, 0UL }; -// EOF NEWLINE "quit" "ip" "names" "name" WORD IPV6 "object" "destination" +const unsigned long PIXCfgParser::_tokenSet_5_data_[] = { 134224754UL, 3845916161UL, 897UL, 6UL, 0UL, 0UL, 0UL, 0UL }; +// EOF NEWLINE "quit" "ip" "names" "name" WORD IPV6 "object" "range" "destination" // "object-group" "crypto" "certificate" "PIX" "ASA" "hostname" "access-list" -// "controller" "interface" LINE_COMMENT "exit" COLON_COMMENT +// "eq" "gt" "lt" "neq" "controller" "interface" LINE_COMMENT "exit" COLON_COMMENT const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_5(_tokenSet_5_data_,8); -const unsigned long PIXCfgParser::_tokenSet_6_data_[] = { 2281709426UL, 87819776UL, 1022UL, 6UL, 0UL, 0UL, 0UL, 0UL }; +const unsigned long PIXCfgParser::_tokenSet_6_data_[] = { 2281709426UL, 3845916161UL, 1023UL, 6UL, 0UL, 0UL, 0UL, 0UL }; // EOF NEWLINE "quit" "ip" "names" "name" IPV4 WORD IPV6 "object" "host" -// "destination" "object-group" "crypto" "certificate" "PIX" "ASA" "hostname" -// "access-list" "any" "log" "log-input" "established" "fragments" "time-range" -// "controller" "interface" LINE_COMMENT "exit" COLON_COMMENT +// "range" "destination" "object-group" "crypto" "certificate" "PIX" "ASA" +// "hostname" "access-list" "eq" "gt" "lt" "neq" "any" "log" "log-input" +// "established" "fragments" "time-range" "controller" "interface" LINE_COMMENT +// "exit" COLON_COMMENT const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_6(_tokenSet_6_data_,8); const unsigned long PIXCfgParser::_tokenSet_7_data_[] = { 16UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // NEWLINE diff --git a/src/parsers/pix.g b/src/parsers/pix.g index fc1e52b19..7def7054e 100644 --- a/src/parsers/pix.g +++ b/src/parsers/pix.g @@ -374,7 +374,7 @@ src_port_spec : SOURCE xoperator } ; -dst_port_spec : DESTINATION xoperator +dst_port_spec : ( DESTINATION )? xoperator { importer->SaveTmpPortToDst(); } diff --git a/src/unit_tests/ImporterTest/test_data/asa8.0.test b/src/unit_tests/ImporterTest/test_data/asa8.0.test new file mode 100644 index 000000000..12657466e --- /dev/null +++ b/src/unit_tests/ImporterTest/test_data/asa8.0.test @@ -0,0 +1,114 @@ +: Saved +: +PIX Version 8.0(3) +! +hostname pixfirewall +enable password XXXXXXXXXXXXXXXX encrypted +names +! +interface Ethernet0 + nameif inside + security-level 100 + ip address 192.168.2.221 255.255.255.0 +! +interface Ethernet1 + nameif outside + security-level 0 + ip address 192.0.2.221 255.255.255.0 +! +interface Ethernet2 + shutdown + no nameif + no security-level + no ip address +! +interface Ethernet3 + shutdown + no nameif + no security-level + no ip address +! +interface Ethernet4 + shutdown + no nameif + no security-level + no ip address +! +passwd YYYYYYYYYYYYYYYY encrypted +ftp mode passive +object-group network net-1 + description single network object-group + network-object 192.168.2.0 255.255.255.0 +object-group network net-2 + description multiple network-object objects + network-object 192.168.1.0 255.255.255.0 + network-object 192.168.2.0 255.255.255.0 + network-object 192.168.3.0 255.255.255.0 +object-group network host-1 + network-object host 192.168.1.5 +object-group network mixed-1 + description mix of objects network-objects host objects + network-object host 192.168.1.5 + network-object 172.16.0.0 255.255.0.0 + network-object host 172.16.15.12 + network-object 10.0.0.0 255.0.0.0 +object-group network host-2 + network-object host 172.16.15.1 + network-object host 172.16.15.2 +object-group service tcp-1 + service-object tcp eq www +object-group service mixed-service-1 + description mix of service tcp & udp objects + service-object tcp eq https + service-object udp eq dnsix + service-object tcp eq domain + service-object udp eq ntp +object-group service service-ranges + service-object tcp gt 1024 + service-object tcp range 1024 8080 + service-object udp eq www + service-object udp eq nfs + service-object udp lt 8080 + service-object udp gt 1024 + service-object udp range www 101 + service-object tcp lt 65535 +object-group icmp-type icmp-1 + icmp-object echo-reply +object-group icmp-type icmp-2 + description multiple icmp-objects + icmp-object 1 + icmp-object redirect + icmp-object router-advertisement +object-group icmp-type icmp-3 +object-group protocol protocol-1 + protocol-object ip + protocol-object igmp +pager lines 24 +mtu inside 1500 +mtu outside 1500 +icmp unreachable rate-limit 1 burst-size 1 +icmp permit any inside +no asdm history enable +arp timeout 14400 +timeout xlate 3:00:00 +timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 +timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 +timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 +timeout uauth 0:05:00 absolute +dynamic-access-policy-record DfltAccessPolicy +no snmp-server location +no snmp-server contact +snmp-server enable traps snmp authentication linkup linkdown coldstart +telnet 192.168.2.0 255.255.255.0 inside +telnet timeout 5 +ssh 192.168.2.0 255.255.255.0 inside +ssh timeout 5 +console timeout 0 +threat-detection basic-threat +threat-detection statistics access-list +username cisco password ZZZZZZZZZZZZZZZZ encrypted +! +! +prompt hostname context +Cryptochecksum:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx +: end