From 4f811091f5ad8fc1b75821a93836df4cfeebb4b2 Mon Sep 17 00:00:00 2001 From: Vadim Kurland Date: Tue, 29 Mar 2011 23:07:50 -0700 Subject: [PATCH] split unit tests to keep all nat tests separate; first crack and pix grammar to import nat --- VERSION | 2 +- VERSION.h | 2 +- packaging/fwbuilder-static-qt.spec | 2 +- packaging/fwbuilder.control | 2 +- packaging/fwbuilder.spec | 2 +- src/import/PIXImporter.cpp | 36 +- src/import/PIXImporter.h | 29 + src/import/PIXImporterNat.cpp | 62 + src/import/import.pro | 7 +- src/parsers/PIXCfgLexer.cpp | 467 ++-- src/parsers/PIXCfgParser.cpp | 1991 +++++++++++------ src/parsers/PIXCfgParser.hpp | 32 +- src/parsers/PIXCfgParserTokenTypes.hpp | 302 +-- src/parsers/PIXCfgParserTokenTypes.txt | 302 +-- src/parsers/pix.g | 322 ++- .../ImporterTest/test_data/pix7-nat.test | 231 ++ .../PIXImporterTest/PIXImporterTest.cpp | 34 +- .../PIXImporterTest/test_data/asa8.3-acl.fwb | 6 +- .../test_data/asa8.3-acl.output | 4 +- .../PIXImporterTest/test_data/asa8.3-acl.test | 9 - .../PIXImporterTest/test_data/asa8.3-nat.test | 156 ++ .../PIXImporterTest/test_data/asa8.3.fwb | 124 +- .../PIXImporterTest/test_data/asa8.3.output | 8 +- .../PIXImporterTest/test_data/asa8.3.test | 18 - .../PIXImporterTest/test_data/pix6.fwb | 32 +- .../PIXImporterTest/test_data/pix6.output | 32 +- .../PIXImporterTest/test_data/pix7-nat.test | 214 ++ .../PIXImporterTest/test_data/pix7.fwb | 537 +++-- .../PIXImporterTest/test_data/pix7.output | 10 + .../PIXImporterTest/test_data/pix7.test | 3 - 30 files changed, 3368 insertions(+), 1610 deletions(-) create mode 100644 src/import/PIXImporterNat.cpp create mode 100644 src/unit_tests/ImporterTest/test_data/pix7-nat.test create mode 100755 src/unit_tests/PIXImporterTest/test_data/asa8.3-nat.test create mode 100644 src/unit_tests/PIXImporterTest/test_data/pix7-nat.test diff --git a/VERSION b/VERSION index ea27dfcd1..8a3d5707b 100644 --- a/VERSION +++ b/VERSION @@ -7,7 +7,7 @@ FWB_MICRO_VERSION=0 # build number is like "nano" version number. I am incrementing build # number during development cycle # -BUILD_NUM="3513" +BUILD_NUM="3514" VERSION="$FWB_MAJOR_VERSION.$FWB_MINOR_VERSION.$FWB_MICRO_VERSION.$BUILD_NUM" diff --git a/VERSION.h b/VERSION.h index b8fd93f05..89a8b7901 100644 --- a/VERSION.h +++ b/VERSION.h @@ -1,2 +1,2 @@ -#define VERSION "4.2.0.3513" +#define VERSION "4.2.0.3514" #define GENERATION "4.2" diff --git a/packaging/fwbuilder-static-qt.spec b/packaging/fwbuilder-static-qt.spec index 4911fef38..03e08e63c 100644 --- a/packaging/fwbuilder-static-qt.spec +++ b/packaging/fwbuilder-static-qt.spec @@ -3,7 +3,7 @@ %define name fwbuilder -%define version 4.2.0.3513 +%define version 4.2.0.3514 %define release 1 %if "%_vendor" == "MandrakeSoft" diff --git a/packaging/fwbuilder.control b/packaging/fwbuilder.control index c939d1421..4d354095e 100644 --- a/packaging/fwbuilder.control +++ b/packaging/fwbuilder.control @@ -4,6 +4,6 @@ Replaces: fwbuilder (<=4.1.1-1), fwbuilder-common, fwbuilder-bsd, fwbuilder-linu Priority: extra Section: checkinstall Maintainer: vadim@fwbuilder.org -Version: 4.2.0.3513-1 +Version: 4.2.0.3514-1 Depends: libqt4-gui (>= 4.3.0), libxml2, libxslt1.1, libsnmp | libsnmp15 Description: Firewall Builder GUI and policy compilers diff --git a/packaging/fwbuilder.spec b/packaging/fwbuilder.spec index df9440dc9..8d54ae42a 100644 --- a/packaging/fwbuilder.spec +++ b/packaging/fwbuilder.spec @@ -1,6 +1,6 @@ %define name fwbuilder -%define version 4.2.0.3513 +%define version 4.2.0.3514 %define release 1 %if "%_vendor" == "MandrakeSoft" diff --git a/src/import/PIXImporter.cpp b/src/import/PIXImporter.cpp index 3238ab85c..ea4df2d0a 100644 --- a/src/import/PIXImporter.cpp +++ b/src/import/PIXImporter.cpp @@ -6,8 +6,6 @@ Author: Vadim Kurland vadim@fwbuilder.org - $Id$ - This program is free software which we release under the GNU General Public License. You may redistribute and/or modify this program under the terms of that license as published by the Free Software Foundation; either @@ -101,6 +99,28 @@ void PIXImporter::clear() object_group_name = ""; object_group_comment = ""; object_group_service_protocol = ""; + + rule_type = NATRule::Unknown; + prenat_interface = ""; + postnat_interface = ""; + + real_a = ""; + real_nm = ""; + mapped_a = ""; + mapped_nm = ""; + real_addr_acl = ""; + mapped_port_spec = ""; + real_port_spec = ""; + static_max_conn = ""; + static_max_emb_conn = ""; + + nat_num = ""; + nat_a = ""; + nat_nm = ""; + nat_acl = ""; + global_pool_num = ""; + global_interface = ""; + } /* @@ -255,6 +275,18 @@ void PIXImporter::addLogging() } } + +void PIXImporter::pushRule() +{ +// assert(current_ruleset!=NULL); + if (current_rule==NULL) return; + + if (rule_type == NATRule::Unknown) + IOSImporter::pushRule(); + else + pushNATRule(); +} + /* * Rearrange vlan interfaces. Importer creates all interfaces as * children of the firewall. Vlan interfaces should become diff --git a/src/import/PIXImporter.h b/src/import/PIXImporter.h index 742f57c7b..1be1ec657 100644 --- a/src/import/PIXImporter.h +++ b/src/import/PIXImporter.h @@ -35,6 +35,8 @@ #include "fwbuilder/libfwbuilder-config.h" #include "fwbuilder/Logger.h" +#include "fwbuilder/Rule.h" +#include "fwbuilder/NAT.h" #include @@ -53,6 +55,29 @@ class PIXImporter : public IOSImporter libfwbuilder::FWObject *current_object_group; QMap named_objects_registry; + + // variables for the nat rules + libfwbuilder::NATRule::NATRuleTypes rule_type; + std::string prenat_interface; + std::string postnat_interface; + + std::string real_a; + std::string real_nm; + std::string mapped_a; + std::string mapped_nm; + std::string real_addr_acl; + std::string mapped_port_spec; + std::string real_port_spec; + std::string static_max_conn; + std::string static_max_emb_conn; + + std::string nat_num; + std::string nat_a; + std::string nat_nm; + std::string nat_acl; + + std::string global_pool_num; + std::string global_interface; PIXImporter(libfwbuilder::FWObject *lib, std::istringstream &input, @@ -65,6 +90,10 @@ class PIXImporter : public IOSImporter void clearTempVars(); virtual void run(); + + void pushPolicyRule(); + void pushNATRule(); + virtual void pushRule(); // this method actually adds interfaces to the firewall object // and does final clean up. diff --git a/src/import/PIXImporterNat.cpp b/src/import/PIXImporterNat.cpp new file mode 100644 index 000000000..cf5e9aefd --- /dev/null +++ b/src/import/PIXImporterNat.cpp @@ -0,0 +1,62 @@ +/* + + Firewall Builder + + Copyright (C) 2007 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "../../config.h" + +#include "PIXImporter.h" + +#include +#include +#include +#include + +#include "interfaceProperties.h" +#include "interfacePropertiesObjectFactory.h" + +#include "fwbuilder/FWObjectDatabase.h" +#include "fwbuilder/AddressRange.h" +#include "fwbuilder/Resources.h" +#include "fwbuilder/Network.h" +#include "fwbuilder/Address.h" +#include "fwbuilder/InetAddr.h" +#include "fwbuilder/IPService.h" +#include "fwbuilder/ICMPService.h" +#include "fwbuilder/TCPService.h" +#include "fwbuilder/UDPService.h" +#include "fwbuilder/Policy.h" +#include "fwbuilder/RuleElement.h" +#include "fwbuilder/Library.h" + +#include "../libgui/platforms.h" + +#include +#include + +extern int fwbdebug; + + + +void PIXImporter::pushNATRule() +{ + +} diff --git a/src/import/import.pro b/src/import/import.pro index 33e213459..8a0d3d91f 100644 --- a/src/import/import.pro +++ b/src/import/import.pro @@ -6,17 +6,18 @@ TEMPLATE = lib # SOURCES = QStringListOperators.cpp \ - objectMaker.cpp \ + objectMaker.cpp \ addressObjectMaker.cpp \ serviceObjectMaker.cpp \ getProtoByName.cpp \ - getServByName.cpp \ + getServByName.cpp \ Importer.cpp \ IOSImporter.cpp \ IOSImporterRun.cpp \ IPTImporter.cpp \ IPTImporterRun.cpp \ PIXImporter.cpp \ + PIXImporterNat.cpp \ PIXImporterRun.cpp \ HEADERS = QStringListOperators.h \ @@ -24,7 +25,7 @@ HEADERS = QStringListOperators.h \ addressObjectMaker.h \ serviceObjectMaker.h \ getProtoByName.h \ - getServByName.h \ + getServByName.h \ Importer.h \ IOSImporter.h \ IPTImporter.h \ diff --git a/src/parsers/PIXCfgLexer.cpp b/src/parsers/PIXCfgLexer.cpp index 6feb5f815..b03ca6057 100644 --- a/src/parsers/PIXCfgLexer.cpp +++ b/src/parsers/PIXCfgLexer.cpp @@ -44,136 +44,137 @@ PIXCfgLexer::PIXCfgLexer(const ANTLR_USE_NAMESPACE(antlr)LexerSharedInputState& void PIXCfgLexer::initLiterals() { - literals["full"] = 117; - literals["parameter-problem"] = 84; - literals["port-object"] = 52; - literals["notifications"] = 104; - literals["duplex"] = 123; - literals["no"] = 54; - literals["static"] = 143; + literals["full"] = 119; + literals["parameter-problem"] = 85; + literals["port-object"] = 53; + literals["notifications"] = 105; + literals["duplex"] = 125; + literals["no"] = 55; + literals["static"] = 147; literals["esp"] = 16; - literals["time-range"] = 110; + literals["time-range"] = 111; literals["gre"] = 17; - literals["timestamp-request"] = 91; - literals["echo"] = 71; - literals["speed"] = 122; - literals["warnings"] = 105; + literals["timestamp-request"] = 92; + literals["echo"] = 72; + literals["speed"] = 124; + literals["warnings"] = 106; literals["timeout"] = 8; literals["eigrp"] = 15; - literals["icmp-type"] = 49; - literals["permit"] = 64; - literals["remark"] = 139; + literals["icmp-type"] = 50; + literals["permit"] = 65; + literals["remark"] = 141; literals["network"] = 29; literals["igmp"] = 18; - literals["range"] = 33; - literals["destination"] = 42; - literals["setroute"] = 145; - literals["vlan"] = 121; - literals["debugging"] = 100; - literals["controller"] = 111; - literals["interface"] = 94; - literals["dhcp"] = 135; - literals["aui"] = 114; - literals["Version"] = 58; - literals["auto"] = 115; - literals["subnet"] = 34; - literals["time-exceeded"] = 89; - literals["shutdown"] = 133; - literals["group-object"] = 44; - literals["eq"] = 67; - literals["fragments"] = 109; - literals["unreachable"] = 93; - literals["delay"] = 126; + literals["range"] = 34; + literals["destination"] = 43; + literals["setroute"] = 152; + literals["vlan"] = 123; + literals["debugging"] = 101; + literals["controller"] = 112; + literals["interface"] = 95; + literals["dhcp"] = 137; + literals["aui"] = 116; + literals["Version"] = 59; + literals["auto"] = 117; + literals["subnet"] = 35; + literals["time-exceeded"] = 90; + literals["outside"] = 113; + literals["shutdown"] = 135; + literals["group-object"] = 45; + literals["eq"] = 68; + literals["fragments"] = 110; + literals["unreachable"] = 94; + literals["delay"] = 128; literals["ip"] = 6; - literals["security-level"] = 132; - literals["mobile-redirect"] = 83; + literals["security-level"] = 134; + literals["mobile-redirect"] = 84; literals["ospf"] = 23; literals["name"] = 10; - literals["errors"] = 102; - literals["mask-request"] = 82; - literals["PIX"] = 56; - literals["any"] = 95; - literals["ASA"] = 57; + literals["errors"] = 103; + literals["mask-request"] = 83; + literals["PIX"] = 57; + literals["any"] = 96; + literals["ASA"] = 58; literals["pptp"] = 26; - literals["redirect"] = 85; - literals["forward"] = 125; - literals["description"] = 31; - literals["timestamp-reply"] = 90; - literals["alerts"] = 98; - literals["lt"] = 69; - literals["bnc"] = 116; - literals["global"] = 142; + literals["redirect"] = 86; + literals["forward"] = 127; + literals["description"] = 32; + literals["timestamp-reply"] = 91; + literals["alerts"] = 99; + literals["lt"] = 70; + literals["bnc"] = 118; + literals["global"] = 146; literals["nos"] = 22; - literals["extended"] = 63; - literals["certificate"] = 55; - literals["service"] = 35; - literals["telnet"] = 74; - literals["udp"] = 40; - literals["hold-time"] = 127; - literals["baseT"] = 118; + literals["extended"] = 64; + literals["certificate"] = 56; + literals["service"] = 36; + literals["telnet"] = 75; + literals["udp"] = 41; + literals["hold-time"] = 129; + literals["baseT"] = 120; literals["ipinip"] = 20; - literals["standby"] = 136; - literals["crypto"] = 53; + literals["standby"] = 138; + literals["crypto"] = 54; literals["pim"] = 25; - literals["secondary"] = 144; - literals["emergencies"] = 101; - literals["disable"] = 106; - literals["mask-reply"] = 81; - literals["tcp"] = 39; - literals["tcp-udp"] = 50; - literals["source"] = 41; + literals["secondary"] = 151; + literals["emergencies"] = 102; + literals["disable"] = 107; + literals["mask-reply"] = 82; + literals["tcp"] = 40; + literals["tcp-udp"] = 51; + literals["source"] = 42; literals["names"] = 9; - literals["icmp"] = 36; - literals["log"] = 96; + literals["icmp"] = 37; + literals["log"] = 97; literals["snp"] = 27; - literals["mac-address"] = 129; - literals["established"] = 75; - literals["deny"] = 65; - literals["information-request"] = 80; - literals["ssh"] = 73; - literals["protocol-object"] = 47; - literals["gt"] = 68; + literals["mac-address"] = 131; + literals["established"] = 76; + literals["deny"] = 66; + literals["information-request"] = 81; + literals["ssh"] = 74; + literals["protocol-object"] = 48; + literals["gt"] = 69; literals["ah"] = 14; - literals["interval"] = 108; - literals["ddns"] = 124; - literals["ipv6"] = 128; - literals["rip"] = 72; - literals["baseTX"] = 119; - literals["access-group"] = 140; - literals["critical"] = 99; - literals["standard"] = 66; + literals["interval"] = 109; + literals["ddns"] = 126; + literals["ipv6"] = 130; + literals["rip"] = 73; + literals["baseTX"] = 121; + literals["access-group"] = 142; + literals["critical"] = 100; + literals["standard"] = 67; literals["quit"] = 5; literals["community-list"] = 7; - literals["network-object"] = 45; - literals["hostname"] = 60; - literals["information-reply"] = 79; - literals["icmp6"] = 38; - literals["switchport"] = 137; + literals["network-object"] = 46; + literals["hostname"] = 61; + literals["information-reply"] = 80; + literals["icmp6"] = 39; + literals["switchport"] = 139; literals["ipsec"] = 21; - literals["conversion-error"] = 77; - literals["host"] = 32; - literals["echo-reply"] = 78; - literals["nameif"] = 120; + literals["conversion-error"] = 78; + literals["host"] = 33; + literals["echo-reply"] = 79; + literals["nameif"] = 122; literals["pcp"] = 24; - literals["service-object"] = 51; + literals["service-object"] = 52; literals["nat"] = 30; - literals["access-list"] = 62; - literals["informational"] = 103; + literals["access-list"] = 63; + literals["informational"] = 104; literals["igrp"] = 19; - literals["traceroute"] = 92; - literals["address"] = 134; - literals["log-input"] = 97; - literals["router-advertisement"] = 86; - literals["router-solicitation"] = 87; - literals["access"] = 138; - literals["icmp-object"] = 48; - literals["source-quench"] = 88; - literals["protocol"] = 46; - literals["inactive"] = 107; - literals["multicast"] = 130; - literals["exit"] = 113; - literals["neq"] = 70; - literals["alternate-address"] = 76; + literals["traceroute"] = 93; + literals["address"] = 136; + literals["log-input"] = 98; + literals["router-advertisement"] = 87; + literals["router-solicitation"] = 88; + literals["access"] = 140; + literals["icmp-object"] = 49; + literals["source-quench"] = 89; + literals["protocol"] = 47; + literals["inactive"] = 108; + literals["multicast"] = 132; + literals["exit"] = 115; + literals["neq"] = 71; + literals["alternate-address"] = 77; } ANTLR_USE_NAMESPACE(antlr)RefToken PIXCfgLexer::nextToken() @@ -487,11 +488,11 @@ void PIXCfgLexer::mLINE_COMMENT(bool _createToken) { } } else { - goto _loop248; + goto _loop263; } } - _loop248:; + _loop263:; } // ( ... )* mNEWLINE(false); if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { @@ -523,9 +524,9 @@ void PIXCfgLexer::mNEWLINE(bool _createToken) { } if ( inputState->guessing==0 ) { -#line 2024 "pix.g" +#line 2228 "pix.g" newline(); -#line 529 "PIXCfgLexer.cpp" +#line 530 "PIXCfgLexer.cpp" } if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { _token = makeToken(_ttype); @@ -549,11 +550,11 @@ void PIXCfgLexer::mCOLON_COMMENT(bool _createToken) { } } else { - goto _loop252; + goto _loop267; } } - _loop252:; + _loop267:; } // ( ... )* mNEWLINE(false); if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { @@ -647,9 +648,9 @@ void PIXCfgLexer::mWhitespace(bool _createToken) { } } if ( inputState->guessing==0 ) { -#line 2019 "pix.g" +#line 2223 "pix.g" _ttype = ANTLR_USE_NAMESPACE(antlr)Token::SKIP; -#line 653 "PIXCfgLexer.cpp" +#line 654 "PIXCfgLexer.cpp" } if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { _token = makeToken(_ttype); @@ -771,10 +772,10 @@ void PIXCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; { - bool synPredMatched313 = false; + bool synPredMatched328 = false; if (((LA(1) == 0x6f /* 'o' */ ) && (LA(2) == 0x62 /* 'b' */ ) && (LA(3) == 0x6a /* 'j' */ ))) { - int _m313 = mark(); - synPredMatched313 = true; + int _m328 = mark(); + synPredMatched328 = true; inputState->guessing++; try { { @@ -783,12 +784,12 @@ void PIXCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { - synPredMatched313 = false; + synPredMatched328 = false; } - rewind(_m313); + rewind(_m328); inputState->guessing--; } - if ( synPredMatched313 ) { + if ( synPredMatched328 ) { { match("object"); { @@ -798,17 +799,17 @@ void PIXCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { match("oup"); } if ( inputState->guessing==0 ) { -#line 2076 "pix.g" +#line 2280 "pix.g" _ttype = OBJECT_GROUP; -#line 804 "PIXCfgLexer.cpp" +#line 805 "PIXCfgLexer.cpp" } } else { match(""); if ( inputState->guessing==0 ) { -#line 2078 "pix.g" +#line 2282 "pix.g" _ttype = OBJECT; -#line 812 "PIXCfgLexer.cpp" +#line 813 "PIXCfgLexer.cpp" } } @@ -816,15 +817,15 @@ void PIXCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { } } else { - bool synPredMatched303 = false; + bool synPredMatched318 = false; if (((_tokenSet_2.member(LA(1))) && (_tokenSet_3.member(LA(2))) && (true))) { - int _m303 = mark(); - synPredMatched303 = true; + int _m318 = mark(); + synPredMatched318 = true; inputState->guessing++; try { { { // ( ... )+ - int _cnt302=0; + int _cnt317=0; for (;;) { switch ( LA(1)) { case 0x61 /* 'a' */ : @@ -853,27 +854,27 @@ void PIXCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { } default: { - if ( _cnt302>=1 ) { goto _loop302; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt317>=1 ) { goto _loop317; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } } - _cnt302++; + _cnt317++; } - _loop302:; + _loop317:; } // ( ... )+ mCOLON(false); } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { - synPredMatched303 = false; + synPredMatched318 = false; } - rewind(_m303); + rewind(_m318); inputState->guessing--; } - if ( synPredMatched303 ) { + if ( synPredMatched318 ) { { { { // ( ... )+ - int _cnt307=0; + int _cnt322=0; for (;;) { switch ( LA(1)) { case 0x61 /* 'a' */ : @@ -902,15 +903,15 @@ void PIXCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { } default: { - if ( _cnt307>=1 ) { goto _loop307; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt322>=1 ) { goto _loop322; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } } - _cnt307++; + _cnt322++; } - _loop307:; + _loop322:; } // ( ... )+ { // ( ... )+ - int _cnt311=0; + int _cnt326=0; for (;;) { if ((LA(1) == 0x3a /* ':' */ )) { mCOLON(false); @@ -943,34 +944,34 @@ void PIXCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { } default: { - goto _loop310; + goto _loop325; } } } - _loop310:; + _loop325:; } // ( ... )* } else { - if ( _cnt311>=1 ) { goto _loop311; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt326>=1 ) { goto _loop326; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt311++; + _cnt326++; } - _loop311:; + _loop326:; } // ( ... )+ } if ( inputState->guessing==0 ) { -#line 2069 "pix.g" +#line 2273 "pix.g" _ttype = IPV6; -#line 966 "PIXCfgLexer.cpp" +#line 967 "PIXCfgLexer.cpp" } } } else { - bool synPredMatched268 = false; + bool synPredMatched283 = false; if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (true) && (true))) { - int _m268 = mark(); - synPredMatched268 = true; + int _m283 = mark(); + synPredMatched283 = true; inputState->guessing++; try { { @@ -978,242 +979,242 @@ void PIXCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { - synPredMatched268 = false; + synPredMatched283 = false; } - rewind(_m268); + rewind(_m283); inputState->guessing--; } - if ( synPredMatched268 ) { + if ( synPredMatched283 ) { { - bool synPredMatched277 = false; + bool synPredMatched292 = false; if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (_tokenSet_4.member(LA(2))) && (_tokenSet_4.member(LA(3))))) { - int _m277 = mark(); - synPredMatched277 = true; + int _m292 = mark(); + synPredMatched292 = true; inputState->guessing++; try { { { // ( ... )+ - int _cnt272=0; + int _cnt287=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt272>=1 ) { goto _loop272; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt287>=1 ) { goto _loop287; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt272++; + _cnt287++; } - _loop272:; + _loop287:; } // ( ... )+ mDOT(false); { // ( ... )+ - int _cnt274=0; + int _cnt289=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt274>=1 ) { goto _loop274; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt289>=1 ) { goto _loop289; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt274++; + _cnt289++; } - _loop274:; + _loop289:; } // ( ... )+ mDOT(false); { // ( ... )+ - int _cnt276=0; + int _cnt291=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt276>=1 ) { goto _loop276; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt291>=1 ) { goto _loop291; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt276++; + _cnt291++; } - _loop276:; + _loop291:; } // ( ... )+ } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { - synPredMatched277 = false; + synPredMatched292 = false; } - rewind(_m277); + rewind(_m292); inputState->guessing--; } - if ( synPredMatched277 ) { + if ( synPredMatched292 ) { { { // ( ... )+ - int _cnt280=0; + int _cnt295=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt280>=1 ) { goto _loop280; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt295>=1 ) { goto _loop295; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt280++; + _cnt295++; } - _loop280:; + _loop295:; } // ( ... )+ mDOT(false); { // ( ... )+ - int _cnt282=0; + int _cnt297=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt282>=1 ) { goto _loop282; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt297>=1 ) { goto _loop297; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt282++; + _cnt297++; } - _loop282:; + _loop297:; } // ( ... )+ mDOT(false); { // ( ... )+ - int _cnt284=0; + int _cnt299=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt284>=1 ) { goto _loop284; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt299>=1 ) { goto _loop299; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt284++; + _cnt299++; } - _loop284:; + _loop299:; } // ( ... )+ mDOT(false); { // ( ... )+ - int _cnt286=0; + int _cnt301=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt286>=1 ) { goto _loop286; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt301>=1 ) { goto _loop301; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt286++; + _cnt301++; } - _loop286:; + _loop301:; } // ( ... )+ } if ( inputState->guessing==0 ) { -#line 2057 "pix.g" +#line 2261 "pix.g" _ttype = IPV4; -#line 1113 "PIXCfgLexer.cpp" +#line 1114 "PIXCfgLexer.cpp" } } else { - bool synPredMatched292 = false; + bool synPredMatched307 = false; if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (_tokenSet_4.member(LA(2))) && (_tokenSet_4.member(LA(3))))) { - int _m292 = mark(); - synPredMatched292 = true; + int _m307 = mark(); + synPredMatched307 = true; inputState->guessing++; try { { { // ( ... )+ - int _cnt289=0; + int _cnt304=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt289>=1 ) { goto _loop289; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt304>=1 ) { goto _loop304; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt289++; + _cnt304++; } - _loop289:; + _loop304:; } // ( ... )+ mDOT(false); { // ( ... )+ - int _cnt291=0; + int _cnt306=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt291>=1 ) { goto _loop291; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt306>=1 ) { goto _loop306; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt291++; + _cnt306++; } - _loop291:; + _loop306:; } // ( ... )+ } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { - synPredMatched292 = false; + synPredMatched307 = false; } - rewind(_m292); + rewind(_m307); inputState->guessing--; } - if ( synPredMatched292 ) { + if ( synPredMatched307 ) { { { // ( ... )+ - int _cnt295=0; + int _cnt310=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt295>=1 ) { goto _loop295; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt310>=1 ) { goto _loop310; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt295++; + _cnt310++; } - _loop295:; + _loop310:; } // ( ... )+ mDOT(false); { // ( ... )+ - int _cnt297=0; + int _cnt312=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt297>=1 ) { goto _loop297; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt312>=1 ) { goto _loop312; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt297++; + _cnt312++; } - _loop297:; + _loop312:; } // ( ... )+ } if ( inputState->guessing==0 ) { -#line 2060 "pix.g" +#line 2264 "pix.g" _ttype = NUMBER; -#line 1196 "PIXCfgLexer.cpp" +#line 1197 "PIXCfgLexer.cpp" } } else if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (true) && (true)) { { // ( ... )+ - int _cnt299=0; + int _cnt314=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt299>=1 ) { goto _loop299; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt314>=1 ) { goto _loop314; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt299++; + _cnt314++; } - _loop299:; + _loop314:; } // ( ... )+ if ( inputState->guessing==0 ) { -#line 2062 "pix.g" +#line 2266 "pix.g" _ttype = INT_CONST; -#line 1217 "PIXCfgLexer.cpp" +#line 1218 "PIXCfgLexer.cpp" } } else { @@ -1306,8 +1307,10 @@ void PIXCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { case 0x25 /* '%' */ : case 0x26 /* '&' */ : case 0x27 /* '\'' */ : - case 0x28 /* '(' */ : - case 0x29 /* ')' */ : + { + matchRange('!','\''); + break; + } case 0x2a /* '*' */ : case 0x2b /* '+' */ : case 0x2c /* ',' */ : @@ -1315,7 +1318,7 @@ void PIXCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { case 0x2e /* '.' */ : case 0x2f /* '/' */ : { - matchRange('!','/'); + matchRange('*','/'); break; } case 0x30 /* '0' */ : @@ -1449,16 +1452,16 @@ void PIXCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { } default: { - goto _loop319; + goto _loop334; } } } - _loop319:; + _loop334:; } // ( ... )* if ( inputState->guessing==0 ) { -#line 2085 "pix.g" +#line 2289 "pix.g" _ttype = WORD; -#line 1462 "PIXCfgLexer.cpp" +#line 1465 "PIXCfgLexer.cpp" } } else { @@ -1500,11 +1503,11 @@ void PIXCfgLexer::mSTRING(bool _createToken) { matchNot('\"' /* charlit */ ); } else { - goto _loop322; + goto _loop337; } } - _loop322:; + _loop337:; } // ( ... )* match('\"' /* charlit */ ); if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { @@ -1886,7 +1889,7 @@ const unsigned long PIXCfgLexer::_tokenSet_0_data_[] = { 4294958072UL, 1UL, 0UL, // 0x82 0x83 0x84 0x85 0x86 0x87 0x88 0x89 0x8a 0x8b 0x8c 0x8d 0x8e 0x8f // 0x90 0x91 0x92 0x93 0x94 0x95 0x96 0x97 0x98 0x99 0x9a 0x9b 0x9c 0x9d // 0x9e 0x9f 0xa0 0xa1 0xa2 0xa3 0xa4 0xa5 0xa6 0xa7 0xa8 0xa9 0xaa 0xab -// 0xac 0xad 0xae 0xaf 0xb0 0xb1 0xb2 0xb3 +// 0xac 0xad 0xae 0xaf 0xb0 0xb1 0xb2 0xb3 0xb4 0xb5 0xb6 0xb7 const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgLexer::_tokenSet_0(_tokenSet_0_data_,16); const unsigned long PIXCfgLexer::_tokenSet_1_data_[] = { 4294958072UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // 0x3 0x4 0x5 0x6 0x7 0x8 0x9 0xb 0xc 0xe 0xf 0x10 0x11 0x12 0x13 0x14 @@ -1897,7 +1900,7 @@ const unsigned long PIXCfgLexer::_tokenSet_1_data_[] = { 4294958072UL, 429496729 // 0x84 0x85 0x86 0x87 0x88 0x89 0x8a 0x8b 0x8c 0x8d 0x8e 0x8f 0x90 0x91 // 0x92 0x93 0x94 0x95 0x96 0x97 0x98 0x99 0x9a 0x9b 0x9c 0x9d 0x9e 0x9f // 0xa0 0xa1 0xa2 0xa3 0xa4 0xa5 0xa6 0xa7 0xa8 0xa9 0xaa 0xab 0xac 0xad -// 0xae 0xaf 0xb0 0xb1 0xb2 0xb3 +// 0xae 0xaf 0xb0 0xb1 0xb2 0xb3 0xb4 0xb5 0xb6 0xb7 const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgLexer::_tokenSet_1(_tokenSet_1_data_,16); const unsigned long PIXCfgLexer::_tokenSet_2_data_[] = { 0UL, 67043328UL, 0UL, 126UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // 0 1 2 3 4 5 6 7 8 9 a b c d e f @@ -1921,6 +1924,6 @@ const unsigned long PIXCfgLexer::_tokenSet_6_data_[] = { 4294967288UL, 429496729 // 0x84 0x85 0x86 0x87 0x88 0x89 0x8a 0x8b 0x8c 0x8d 0x8e 0x8f 0x90 0x91 // 0x92 0x93 0x94 0x95 0x96 0x97 0x98 0x99 0x9a 0x9b 0x9c 0x9d 0x9e 0x9f // 0xa0 0xa1 0xa2 0xa3 0xa4 0xa5 0xa6 0xa7 0xa8 0xa9 0xaa 0xab 0xac 0xad -// 0xae 0xaf 0xb0 0xb1 0xb2 0xb3 +// 0xae 0xaf 0xb0 0xb1 0xb2 0xb3 0xb4 0xb5 0xb6 0xb7 const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgLexer::_tokenSet_6(_tokenSet_6_data_,16); diff --git a/src/parsers/PIXCfgParser.cpp b/src/parsers/PIXCfgParser.cpp index 8cde8301b..350710208 100644 --- a/src/parsers/PIXCfgParser.cpp +++ b/src/parsers/PIXCfgParser.cpp @@ -45,6 +45,7 @@ PIXCfgParser::PIXCfgParser(const ANTLR_USE_NAMESPACE(antlr)ParserSharedInputStat } void PIXCfgParser::cfgfile() { + Tracer traceInOut(this, "cfgfile"); try { // for error handling { // ( ... )+ @@ -103,6 +104,21 @@ void PIXCfgParser::cfgfile() { icmp_top_level_command(); break; } + case NAT: + { + nat_old_top_level_command(); + break; + } + case GLOBAL: + { + global_top_level_command(); + break; + } + case STATIC: + { + static_top_level_command(); + break; + } case ACCESS_GROUP: { access_group(); @@ -206,6 +222,7 @@ void PIXCfgParser::cfgfile() { } void PIXCfgParser::comment() { + Tracer traceInOut(this, "comment"); try { // for error handling { @@ -238,6 +255,7 @@ void PIXCfgParser::comment() { } void PIXCfgParser::version() { + Tracer traceInOut(this, "version"); try { // for error handling { @@ -261,14 +279,14 @@ void PIXCfgParser::version() { match(VERSION_WORD); match(NUMBER); if ( inputState->guessing==0 ) { -#line 830 "pix.g" +#line 824 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); importer->setDiscoveredVersion(LT(0)->getText()); *dbg << "VERSION " << LT(0)->getText() << std::endl; consumeUntil(NEWLINE); -#line 272 "PIXCfgParser.cpp" +#line 290 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -282,6 +300,7 @@ void PIXCfgParser::version() { } void PIXCfgParser::hostname() { + Tracer traceInOut(this, "hostname"); try { // for error handling match(HOSTNAME); @@ -304,7 +323,7 @@ void PIXCfgParser::hostname() { } } if ( inputState->guessing==0 ) { -#line 840 "pix.g" +#line 834 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); importer->setHostName( LT(0)->getText() ); @@ -312,7 +331,7 @@ void PIXCfgParser::hostname() { << "LT0=" << LT(0)->getText() << std::endl; -#line 316 "PIXCfgParser.cpp" +#line 335 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -326,6 +345,7 @@ void PIXCfgParser::hostname() { } void PIXCfgParser::community_list_command() { + Tracer traceInOut(this, "community_list_command"); try { // for error handling match(IP); @@ -335,7 +355,7 @@ void PIXCfgParser::community_list_command() { consumeUntil(NEWLINE); -#line 339 "PIXCfgParser.cpp" +#line 359 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -349,16 +369,17 @@ void PIXCfgParser::community_list_command() { } void PIXCfgParser::unknown_ip_command() { + Tracer traceInOut(this, "unknown_ip_command"); try { // for error handling match(IP); match(WORD); if ( inputState->guessing==0 ) { -#line 799 "pix.g" +#line 793 "pix.g" consumeUntil(NEWLINE); -#line 362 "PIXCfgParser.cpp" +#line 383 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -372,6 +393,7 @@ void PIXCfgParser::unknown_ip_command() { } void PIXCfgParser::intrface() { + Tracer traceInOut(this, "intrface"); try { // for error handling match(INTRFACE); @@ -399,28 +421,43 @@ void PIXCfgParser::intrface() { } void PIXCfgParser::nameif_top_level() { - ANTLR_USE_NAMESPACE(antlr)RefToken p_intf = ANTLR_USE_NAMESPACE(antlr)nullToken; - ANTLR_USE_NAMESPACE(antlr)RefToken intf_label = ANTLR_USE_NAMESPACE(antlr)nullToken; - ANTLR_USE_NAMESPACE(antlr)RefToken sec_level = ANTLR_USE_NAMESPACE(antlr)nullToken; + Tracer traceInOut(this, "nameif_top_level"); +#line 1387 "pix.g" + + std::string intf_name, intf_label, sec_level; + +#line 430 "PIXCfgParser.cpp" try { // for error handling match(NAMEIF); - p_intf = LT(1); - match(WORD); - intf_label = LT(1); - match(WORD); - sec_level = LT(1); match(WORD); if ( inputState->guessing==0 ) { -#line 1389 "pix.g" +#line 1392 "pix.g" + intf_name = LT(0)->getText(); +#line 438 "PIXCfgParser.cpp" + } + interface_label(); + if ( inputState->guessing==0 ) { +#line 1393 "pix.g" + intf_label = LT(0)->getText(); +#line 444 "PIXCfgParser.cpp" + } + match(WORD); + if ( inputState->guessing==0 ) { +#line 1394 "pix.g" + sec_level = LT(0)->getText(); +#line 450 "PIXCfgParser.cpp" + } + if ( inputState->guessing==0 ) { +#line 1395 "pix.g" - std::string label = (intf_label) ? intf_label->getText() : ""; - std::string seclevel = (sec_level) ? sec_level->getText() : ""; - importer->setInterfaceParametes(p_intf->getText(), label, seclevel); + importer->setInterfaceParametes(intf_name, intf_label, sec_level); *dbg << " NAMEIF: " - << p_intf->getText() << label << seclevel << std::endl; + << intf_name << " " + << intf_label << " " + << sec_level << std::endl; -#line 424 "PIXCfgParser.cpp" +#line 461 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -434,16 +471,17 @@ void PIXCfgParser::nameif_top_level() { } void PIXCfgParser::controller() { + Tracer traceInOut(this, "controller"); try { // for error handling match(CONTROLLER); if ( inputState->guessing==0 ) { -#line 1305 "pix.g" +#line 1299 "pix.g" importer->clearCurrentInterface(); consumeUntil(NEWLINE); -#line 447 "PIXCfgParser.cpp" +#line 485 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -457,6 +495,7 @@ void PIXCfgParser::controller() { } void PIXCfgParser::access_list_commands() { + Tracer traceInOut(this, "access_list_commands"); ANTLR_USE_NAMESPACE(antlr)RefToken name = ANTLR_USE_NAMESPACE(antlr)nullToken; try { // for error handling @@ -464,7 +503,7 @@ void PIXCfgParser::access_list_commands() { name = LT(1); match(WORD); if ( inputState->guessing==0 ) { -#line 852 "pix.g" +#line 846 "pix.g" importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); @@ -473,7 +512,7 @@ void PIXCfgParser::access_list_commands() { *dbg << name->getLine() << ":" << " ACL ext " << name->getText() << std::endl; -#line 477 "PIXCfgParser.cpp" +#line 516 "PIXCfgParser.cpp" } { switch ( LA(1)) { @@ -512,12 +551,12 @@ void PIXCfgParser::access_list_commands() { } } if ( inputState->guessing==0 ) { -#line 875 "pix.g" +#line 869 "pix.g" *dbg << LT(0)->getLine() << ":" << " ACL line end" << std::endl << std::endl; -#line 521 "PIXCfgParser.cpp" +#line 560 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -531,16 +570,16 @@ void PIXCfgParser::access_list_commands() { } void PIXCfgParser::ssh_command() { - ANTLR_USE_NAMESPACE(antlr)RefToken intf_label = ANTLR_USE_NAMESPACE(antlr)nullToken; + Tracer traceInOut(this, "ssh_command"); try { // for error handling match(SSH); if ( inputState->guessing==0 ) { -#line 1635 "pix.g" +#line 1634 "pix.g" importer->clear(); -#line 544 "PIXCfgParser.cpp" +#line 583 "PIXCfgParser.cpp" } { switch ( LA(1)) { @@ -562,19 +601,19 @@ void PIXCfgParser::ssh_command() { { hostaddr_expr(); if ( inputState->guessing==0 ) { -#line 1642 "pix.g" +#line 1641 "pix.g" importer->SaveTmpAddrToSrc(); -#line 570 "PIXCfgParser.cpp" +#line 609 "PIXCfgParser.cpp" } - intf_label = LT(1); - match(WORD); + interface_label(); } if ( inputState->guessing==0 ) { -#line 1647 "pix.g" +#line 1646 "pix.g" - std::string acl_name = "ssh_commands_" + intf_label->getText(); + std::string intf_label = LT(0)->getText(); + std::string acl_name = "ssh_commands_" + intf_label; importer->setCurrentLineNumber(LT(0)->getLine()); importer->newUnidirRuleSet(acl_name, libfwbuilder::Policy::TYPENAME ); importer->newPolicyRule(); @@ -584,11 +623,11 @@ void PIXCfgParser::ssh_command() { importer->dst_port_op = "eq"; importer->dst_port_spec = "ssh"; importer->setInterfaceAndDirectionForRuleSet( - acl_name, intf_label->getText(), "in" ); + acl_name, intf_label, "in" ); importer->pushRule(); *dbg << std::endl; -#line 592 "PIXCfgParser.cpp" +#line 631 "PIXCfgParser.cpp" } break; } @@ -610,7 +649,7 @@ void PIXCfgParser::ssh_command() { } void PIXCfgParser::telnet_command() { - ANTLR_USE_NAMESPACE(antlr)RefToken intf_label = ANTLR_USE_NAMESPACE(antlr)nullToken; + Tracer traceInOut(this, "telnet_command"); try { // for error handling match(TELNET); @@ -619,7 +658,7 @@ void PIXCfgParser::telnet_command() { importer->clear(); -#line 623 "PIXCfgParser.cpp" +#line 662 "PIXCfgParser.cpp" } { switch ( LA(1)) { @@ -645,15 +684,15 @@ void PIXCfgParser::telnet_command() { importer->SaveTmpAddrToSrc(); -#line 649 "PIXCfgParser.cpp" +#line 688 "PIXCfgParser.cpp" } - intf_label = LT(1); - match(WORD); + interface_label(); } if ( inputState->guessing==0 ) { #line 1678 "pix.g" - std::string acl_name = "telnet_commands_" + intf_label->getText(); + std::string intf_label = LT(0)->getText(); + std::string acl_name = "telnet_commands_" + intf_label; importer->setCurrentLineNumber(LT(0)->getLine()); importer->newUnidirRuleSet(acl_name, libfwbuilder::Policy::TYPENAME ); importer->newPolicyRule(); @@ -663,11 +702,11 @@ void PIXCfgParser::telnet_command() { importer->dst_port_op = "eq"; importer->dst_port_spec = "telnet"; importer->setInterfaceAndDirectionForRuleSet( - acl_name, intf_label->getText(), "in" ); + acl_name, intf_label, "in" ); importer->pushRule(); *dbg << std::endl; -#line 671 "PIXCfgParser.cpp" +#line 710 "PIXCfgParser.cpp" } break; } @@ -689,9 +728,9 @@ void PIXCfgParser::telnet_command() { } void PIXCfgParser::icmp_top_level_command() { + Tracer traceInOut(this, "icmp_top_level_command"); ANTLR_USE_NAMESPACE(antlr)RefToken permit = ANTLR_USE_NAMESPACE(antlr)nullToken; ANTLR_USE_NAMESPACE(antlr)RefToken deny = ANTLR_USE_NAMESPACE(antlr)nullToken; - ANTLR_USE_NAMESPACE(antlr)RefToken intf_label = ANTLR_USE_NAMESPACE(antlr)nullToken; try { // for error handling match(ICMP); @@ -702,11 +741,11 @@ void PIXCfgParser::icmp_top_level_command() { { match(UNREACHABLE); if ( inputState->guessing==0 ) { -#line 1706 "pix.g" +#line 1707 "pix.g" consumeUntil(NEWLINE); -#line 710 "PIXCfgParser.cpp" +#line 749 "PIXCfgParser.cpp" } } break; @@ -736,19 +775,19 @@ void PIXCfgParser::icmp_top_level_command() { } } if ( inputState->guessing==0 ) { -#line 1713 "pix.g" +#line 1714 "pix.g" importer->clear(); -#line 744 "PIXCfgParser.cpp" +#line 783 "PIXCfgParser.cpp" } hostaddr_expr(); if ( inputState->guessing==0 ) { -#line 1717 "pix.g" +#line 1718 "pix.g" importer->SaveTmpAddrToSrc(); -#line 752 "PIXCfgParser.cpp" +#line 791 "PIXCfgParser.cpp" } { switch ( LA(1)) { @@ -762,6 +801,7 @@ void PIXCfgParser::icmp_top_level_command() { break; } case WORD: + case OUTSIDE: { break; } @@ -771,12 +811,12 @@ void PIXCfgParser::icmp_top_level_command() { } } } - intf_label = LT(1); - match(WORD); + interface_label(); if ( inputState->guessing==0 ) { -#line 1722 "pix.g" +#line 1723 "pix.g" - std::string acl_name = "icmp_commands_" + intf_label->getText(); + std::string intf_label = LT(0)->getText(); + std::string acl_name = "icmp_commands_" + intf_label; importer->setCurrentLineNumber(LT(0)->getLine()); importer->newUnidirRuleSet(acl_name, libfwbuilder::Policy::TYPENAME ); importer->newPolicyRule(); @@ -785,10 +825,10 @@ void PIXCfgParser::icmp_top_level_command() { importer->setDstSelf(); importer->protocol = "icmp"; importer->setInterfaceAndDirectionForRuleSet( - acl_name, intf_label->getText(), "in" ); + acl_name, intf_label, "in" ); importer->pushRule(); -#line 792 "PIXCfgParser.cpp" +#line 832 "PIXCfgParser.cpp" } } break; @@ -810,10 +850,178 @@ void PIXCfgParser::icmp_top_level_command() { } } +void PIXCfgParser::nat_old_top_level_command() { + Tracer traceInOut(this, "nat_old_top_level_command"); + + try { // for error handling + match(NAT); + match(OPENING_PAREN); + interface_label(); + if ( inputState->guessing==0 ) { +#line 1809 "pix.g" + importer->prenat_interface = LT(0)->getText(); +#line 864 "PIXCfgParser.cpp" + } + match(CLOSING_PAREN); + if ( inputState->guessing==0 ) { +#line 1811 "pix.g" + + importer->clear(); + importer->setCurrentLineNumber(LT(0)->getLine()); + importer->newUnidirRuleSet("nat", libfwbuilder::NAT::TYPENAME ); + *dbg << " SNAT rule " << std::endl; + importer->rule_type = libfwbuilder::NATRule::SNAT; + + +#line 877 "PIXCfgParser.cpp" + } + match(INT_CONST); + if ( inputState->guessing==0 ) { +#line 1822 "pix.g" + + importer->nat_num = LT(0)->getText(); + +#line 885 "PIXCfgParser.cpp" + } + nat_addr_match(); + nat_command_last_parameters(); + match(NEWLINE); + if ( inputState->guessing==0 ) { +#line 1834 "pix.g" + + importer->pushNATRule(); + +#line 895 "PIXCfgParser.cpp" + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + if( inputState->guessing == 0 ) { + reportError(ex); + recover(ex,_tokenSet_1); + } else { + throw; + } + } +} + +void PIXCfgParser::global_top_level_command() { + Tracer traceInOut(this, "global_top_level_command"); + ANTLR_USE_NAMESPACE(antlr)RefToken num = ANTLR_USE_NAMESPACE(antlr)nullToken; + + try { // for error handling + match(GLOBAL); + match(OPENING_PAREN); + interface_label(); + if ( inputState->guessing==0 ) { +#line 1880 "pix.g" + importer->global_interface = LT(0)->getText(); +#line 919 "PIXCfgParser.cpp" + } + match(CLOSING_PAREN); + num = LT(1); + match(INT_CONST); + if ( inputState->guessing==0 ) { +#line 1882 "pix.g" + + importer->clear(); + importer->setCurrentLineNumber(LT(0)->getLine()); + importer->global_pool_num = num->getText(); + *dbg << " global address pool " + << importer->global_pool_num + << " " + << importer->global_interface + << std::endl; + +#line 936 "PIXCfgParser.cpp" + } + if ( inputState->guessing==0 ) { +#line 1892 "pix.g" + + consumeUntil(NEWLINE); + +#line 943 "PIXCfgParser.cpp" + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + if( inputState->guessing == 0 ) { + reportError(ex); + recover(ex,_tokenSet_1); + } else { + throw; + } + } +} + +void PIXCfgParser::static_top_level_command() { + Tracer traceInOut(this, "static_top_level_command"); + ANTLR_USE_NAMESPACE(antlr)RefToken prenat_intf = ANTLR_USE_NAMESPACE(antlr)nullToken; + ANTLR_USE_NAMESPACE(antlr)RefToken postnat_intf = ANTLR_USE_NAMESPACE(antlr)nullToken; + + try { // for error handling + match(STATIC); + match(OPENING_PAREN); + prenat_intf = LT(1); + match(WORD); + match(COMMA); + postnat_intf = LT(1); + match(WORD); + match(CLOSING_PAREN); + if ( inputState->guessing==0 ) { +#line 1900 "pix.g" + + importer->clear(); + importer->setCurrentLineNumber(LT(0)->getLine()); + importer->newUnidirRuleSet("nat", libfwbuilder::NAT::TYPENAME ); + *dbg << " DNAT rule " << std::endl; + importer->rule_type = libfwbuilder::NATRule::DNAT; + importer->prenat_interface = prenat_intf->getText(); + importer->postnat_interface = postnat_intf->getText(); + +#line 981 "PIXCfgParser.cpp" + } + { + switch ( LA(1)) { + case HOST: + case INTRFACE: + { + static_starts_with_hostaddr(); + break; + } + case TCP: + case UDP: + { + static_starts_with_tcp_udp(); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + match(NEWLINE); + if ( inputState->guessing==0 ) { +#line 1919 "pix.g" + + importer->pushNATRule(); + +#line 1009 "PIXCfgParser.cpp" + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + if( inputState->guessing == 0 ) { + reportError(ex); + recover(ex,_tokenSet_1); + } else { + throw; + } + } +} + void PIXCfgParser::access_group() { + Tracer traceInOut(this, "access_group"); ANTLR_USE_NAMESPACE(antlr)RefToken aclname = ANTLR_USE_NAMESPACE(antlr)nullToken; ANTLR_USE_NAMESPACE(antlr)RefToken dir = ANTLR_USE_NAMESPACE(antlr)nullToken; - ANTLR_USE_NAMESPACE(antlr)RefToken intf_label = ANTLR_USE_NAMESPACE(antlr)nullToken; try { // for error handling match(ACCESS_GROUP); @@ -822,22 +1030,22 @@ void PIXCfgParser::access_group() { dir = LT(1); match(WORD); match(INTRFACE); - intf_label = LT(1); - match(WORD); + interface_label(); if ( inputState->guessing==0 ) { -#line 1780 "pix.g" +#line 1782 "pix.g" + std::string intf_label = LT(0)->getText(); importer->setCurrentLineNumber(LT(0)->getLine()); importer->setInterfaceAndDirectionForRuleSet( aclname->getText(), - intf_label->getText(), + intf_label, dir->getText() ); *dbg << LT(1)->getLine() << ":" << " INTRFACE: ACL '" << aclname->getText() << "'" - << " " << intf_label->getText() + << " " << intf_label << " " << dir->getText() << std::endl; -#line 841 "PIXCfgParser.cpp" +#line 1049 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -851,6 +1059,7 @@ void PIXCfgParser::access_group() { } void PIXCfgParser::exit() { + Tracer traceInOut(this, "exit"); try { // for error handling match(EXIT); @@ -866,17 +1075,18 @@ void PIXCfgParser::exit() { } void PIXCfgParser::certificate() { + Tracer traceInOut(this, "certificate"); try { // for error handling match(CERTIFICATE); match(WORD); if ( inputState->guessing==0 ) { -#line 822 "pix.g" +#line 816 "pix.g" consumeUntil(NEWLINE); consumeUntil(QUIT); -#line 880 "PIXCfgParser.cpp" +#line 1090 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -890,6 +1100,7 @@ void PIXCfgParser::certificate() { } void PIXCfgParser::quit() { + Tracer traceInOut(this, "quit"); try { // for error handling match(QUIT); @@ -898,7 +1109,7 @@ void PIXCfgParser::quit() { consumeUntil(NEWLINE); -#line 902 "PIXCfgParser.cpp" +#line 1113 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -912,6 +1123,7 @@ void PIXCfgParser::quit() { } void PIXCfgParser::names_section() { + Tracer traceInOut(this, "names_section"); try { // for error handling match(NAMES); @@ -924,7 +1136,7 @@ void PIXCfgParser::names_section() { "Import of configuration that uses \"names\" " "is not supported at this time"); -#line 928 "PIXCfgParser.cpp" +#line 1140 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -938,6 +1150,7 @@ void PIXCfgParser::names_section() { } void PIXCfgParser::name_entry() { + Tracer traceInOut(this, "name_entry"); ANTLR_USE_NAMESPACE(antlr)RefToken a = ANTLR_USE_NAMESPACE(antlr)nullToken; ANTLR_USE_NAMESPACE(antlr)RefToken v6 = ANTLR_USE_NAMESPACE(antlr)nullToken; ANTLR_USE_NAMESPACE(antlr)RefToken n = ANTLR_USE_NAMESPACE(antlr)nullToken; @@ -983,7 +1196,7 @@ void PIXCfgParser::name_entry() { consumeUntil(NEWLINE); } -#line 987 "PIXCfgParser.cpp" +#line 1200 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -997,6 +1210,7 @@ void PIXCfgParser::name_entry() { } void PIXCfgParser::named_object_network() { + Tracer traceInOut(this, "named_object_network"); ANTLR_USE_NAMESPACE(antlr)RefToken name = ANTLR_USE_NAMESPACE(antlr)nullToken; try { // for error handling @@ -1014,17 +1228,31 @@ void PIXCfgParser::named_object_network() { *dbg << name->getLine() << ":" << " Named Object " << name->getText() << std::endl; -#line 1018 "PIXCfgParser.cpp" +#line 1232 "PIXCfgParser.cpp" } { // ( ... )* for (;;) { - if (((LA(1) >= NAT && LA(1) <= SUBNET))) { - named_object_network_parameters(); + switch ( LA(1)) { + case DESCRIPTION: + { + named_object_description(); + break; } + case HOST: + case RANGE: + case SUBNET: + { + named_object_network_parameters(); + break; + } + default: + if ((LA(1) == NAT) && (LA(2) == OPENING_PAREN)) { + named_object_nat(); + } else { goto _loop14; } - + } } _loop14:; } // ( ... )* @@ -1040,6 +1268,7 @@ void PIXCfgParser::named_object_network() { } void PIXCfgParser::named_object_service() { + Tracer traceInOut(this, "named_object_service"); ANTLR_USE_NAMESPACE(antlr)RefToken name = ANTLR_USE_NAMESPACE(antlr)nullToken; try { // for error handling @@ -1049,7 +1278,7 @@ void PIXCfgParser::named_object_service() { match(WORD); match(NEWLINE); if ( inputState->guessing==0 ) { -#line 360 "pix.g" +#line 354 "pix.g" importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); @@ -1057,7 +1286,7 @@ void PIXCfgParser::named_object_service() { *dbg << name->getLine() << ":" << " Named Object " << name->getText() << std::endl; -#line 1061 "PIXCfgParser.cpp" +#line 1290 "PIXCfgParser.cpp" } { // ( ... )* for (;;) { @@ -1083,6 +1312,7 @@ void PIXCfgParser::named_object_service() { } void PIXCfgParser::object_group_network() { + Tracer traceInOut(this, "object_group_network"); ANTLR_USE_NAMESPACE(antlr)RefToken name = ANTLR_USE_NAMESPACE(antlr)nullToken; try { // for error handling @@ -1092,7 +1322,7 @@ void PIXCfgParser::object_group_network() { match(WORD); match(NEWLINE); if ( inputState->guessing==0 ) { -#line 476 "pix.g" +#line 470 "pix.g" importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); @@ -1100,7 +1330,7 @@ void PIXCfgParser::object_group_network() { *dbg << name->getLine() << ":" << " Object Group " << name->getText() << std::endl; -#line 1104 "PIXCfgParser.cpp" +#line 1334 "PIXCfgParser.cpp" } { // ( ... )* for (;;) { @@ -1126,6 +1356,7 @@ void PIXCfgParser::object_group_network() { } void PIXCfgParser::object_group_service() { + Tracer traceInOut(this, "object_group_service"); ANTLR_USE_NAMESPACE(antlr)RefToken name = ANTLR_USE_NAMESPACE(antlr)nullToken; ANTLR_USE_NAMESPACE(antlr)RefToken tcp = ANTLR_USE_NAMESPACE(antlr)nullToken; ANTLR_USE_NAMESPACE(antlr)RefToken udp = ANTLR_USE_NAMESPACE(antlr)nullToken; @@ -1168,7 +1399,7 @@ void PIXCfgParser::object_group_service() { } match(NEWLINE); if ( inputState->guessing==0 ) { -#line 698 "pix.g" +#line 692 "pix.g" importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); @@ -1179,7 +1410,7 @@ void PIXCfgParser::object_group_service() { *dbg << name->getLine() << ":" << " Object Group " << name->getText() << std::endl; -#line 1183 "PIXCfgParser.cpp" +#line 1414 "PIXCfgParser.cpp" } { // ( ... )* for (;;) { @@ -1205,6 +1436,7 @@ void PIXCfgParser::object_group_service() { } void PIXCfgParser::object_group_protocol() { + Tracer traceInOut(this, "object_group_protocol"); ANTLR_USE_NAMESPACE(antlr)RefToken name = ANTLR_USE_NAMESPACE(antlr)nullToken; try { // for error handling @@ -1214,7 +1446,7 @@ void PIXCfgParser::object_group_protocol() { match(WORD); match(NEWLINE); if ( inputState->guessing==0 ) { -#line 574 "pix.g" +#line 568 "pix.g" importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); @@ -1222,7 +1454,7 @@ void PIXCfgParser::object_group_protocol() { *dbg << name->getLine() << ":" << " Object Group " << name->getText() << std::endl; -#line 1226 "PIXCfgParser.cpp" +#line 1458 "PIXCfgParser.cpp" } { // ( ... )+ int _cnt61=0; @@ -1250,6 +1482,7 @@ void PIXCfgParser::object_group_protocol() { } void PIXCfgParser::object_group_icmp_8_0() { + Tracer traceInOut(this, "object_group_icmp_8_0"); ANTLR_USE_NAMESPACE(antlr)RefToken name = ANTLR_USE_NAMESPACE(antlr)nullToken; try { // for error handling @@ -1259,7 +1492,7 @@ void PIXCfgParser::object_group_icmp_8_0() { match(WORD); match(NEWLINE); if ( inputState->guessing==0 ) { -#line 629 "pix.g" +#line 623 "pix.g" importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); @@ -1267,7 +1500,7 @@ void PIXCfgParser::object_group_icmp_8_0() { *dbg << name->getLine() << ":" << " Object Group " << name->getText() << std::endl; -#line 1271 "PIXCfgParser.cpp" +#line 1504 "PIXCfgParser.cpp" } { // ( ... )* for (;;) { @@ -1293,6 +1526,7 @@ void PIXCfgParser::object_group_icmp_8_0() { } void PIXCfgParser::object_group_icmp_8_3() { + Tracer traceInOut(this, "object_group_icmp_8_3"); ANTLR_USE_NAMESPACE(antlr)RefToken name = ANTLR_USE_NAMESPACE(antlr)nullToken; try { // for error handling @@ -1302,7 +1536,7 @@ void PIXCfgParser::object_group_icmp_8_3() { match(WORD); match(NEWLINE); if ( inputState->guessing==0 ) { -#line 642 "pix.g" +#line 636 "pix.g" importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); @@ -1310,7 +1544,7 @@ void PIXCfgParser::object_group_icmp_8_3() { *dbg << name->getLine() << ":" << " Object Group " << name->getText() << std::endl; -#line 1314 "PIXCfgParser.cpp" +#line 1548 "PIXCfgParser.cpp" } { // ( ... )* for (;;) { @@ -1336,15 +1570,16 @@ void PIXCfgParser::object_group_icmp_8_3() { } void PIXCfgParser::crypto() { + Tracer traceInOut(this, "crypto"); try { // for error handling match(CRYPTO); if ( inputState->guessing==0 ) { -#line 792 "pix.g" +#line 786 "pix.g" consumeUntil(NEWLINE); -#line 1348 "PIXCfgParser.cpp" +#line 1583 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1358,17 +1593,18 @@ void PIXCfgParser::crypto() { } void PIXCfgParser::no_commands() { + Tracer traceInOut(this, "no_commands"); try { // for error handling match(NO); if ( inputState->guessing==0 ) { -#line 813 "pix.g" +#line 807 "pix.g" *dbg << " TOP LEVEL \"NO\" COMMAND: " << LT(0)->getText() << std::endl; consumeUntil(NEWLINE); -#line 1372 "PIXCfgParser.cpp" +#line 1608 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1382,6 +1618,7 @@ void PIXCfgParser::no_commands() { } void PIXCfgParser::timeout_command() { + Tracer traceInOut(this, "timeout_command"); try { // for error handling match(TIMEOUT); @@ -1390,7 +1627,7 @@ void PIXCfgParser::timeout_command() { consumeUntil(NEWLINE); -#line 1394 "PIXCfgParser.cpp" +#line 1631 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1404,15 +1641,16 @@ void PIXCfgParser::timeout_command() { } void PIXCfgParser::unknown_command() { + Tracer traceInOut(this, "unknown_command"); try { // for error handling match(WORD); if ( inputState->guessing==0 ) { -#line 806 "pix.g" +#line 800 "pix.g" consumeUntil(NEWLINE); -#line 1416 "PIXCfgParser.cpp" +#line 1654 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1426,6 +1664,7 @@ void PIXCfgParser::unknown_command() { } void PIXCfgParser::ip_protocol_names() { + Tracer traceInOut(this, "ip_protocol_names"); try { // for error handling { @@ -1522,16 +1761,73 @@ void PIXCfgParser::ip_protocol_names() { } } +void PIXCfgParser::named_object_nat() { + Tracer traceInOut(this, "named_object_nat"); + + try { // for error handling + match(NAT); + match(OPENING_PAREN); + interface_label(); + if ( inputState->guessing==0 ) { +#line 278 "pix.g" + + importer->addMessageToLog( + "Parser warning: " + "Import of named objects with \"nat\" command " + "is not supported at this time"); + consumeUntil(NEWLINE); + +#line 1781 "PIXCfgParser.cpp" + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + if( inputState->guessing == 0 ) { + reportError(ex); + recover(ex,_tokenSet_7); + } else { + throw; + } + } +} + +void PIXCfgParser::named_object_description() { + Tracer traceInOut(this, "named_object_description"); + + try { // for error handling + match(DESCRIPTION); + if ( inputState->guessing==0 ) { +#line 288 "pix.g" + + importer->setCurrentLineNumber(LT(0)->getLine()); + *dbg << LT(1)->getLine() << ":"; + std::string descr; + while (LA(1) != ANTLR_USE_NAMESPACE(antlr)Token::EOF_TYPE && LA(1) != NEWLINE) + { + descr += LT(1)->getText() + " "; + consume(); + } + importer->setNamedObjectDescription(descr); + *dbg << " DESCRIPTION " << descr << std::endl; + +#line 1813 "PIXCfgParser.cpp" + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + if( inputState->guessing == 0 ) { + reportError(ex); + recover(ex,_tokenSet_7); + } else { + throw; + } + } +} + void PIXCfgParser::named_object_network_parameters() { + Tracer traceInOut(this, "named_object_network_parameters"); try { // for error handling { switch ( LA(1)) { - case NAT: - { - named_object_nat(); - break; - } case HOST: { host_addr(); @@ -1547,11 +1843,6 @@ void PIXCfgParser::named_object_network_parameters() { subnet_addr(); break; } - case DESCRIPTION: - { - named_object_description(); - break; - } default: { throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); @@ -1570,33 +1861,8 @@ void PIXCfgParser::named_object_network_parameters() { } } -void PIXCfgParser::named_object_nat() { - - try { // for error handling - match(NAT); - if ( inputState->guessing==0 ) { -#line 278 "pix.g" - - importer->addMessageToLog( - "Parser warning: " - "Import of named objects with \"nat\" command " - "is not supported at this time"); - consumeUntil(NEWLINE); - -#line 1587 "PIXCfgParser.cpp" - } - } - catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { - if( inputState->guessing == 0 ) { - reportError(ex); - recover(ex,_tokenSet_8); - } else { - throw; - } - } -} - void PIXCfgParser::host_addr() { + Tracer traceInOut(this, "host_addr"); ANTLR_USE_NAMESPACE(antlr)RefToken h = ANTLR_USE_NAMESPACE(antlr)nullToken; ANTLR_USE_NAMESPACE(antlr)RefToken v6 = ANTLR_USE_NAMESPACE(antlr)nullToken; @@ -1625,7 +1891,7 @@ void PIXCfgParser::host_addr() { } } if ( inputState->guessing==0 ) { -#line 309 "pix.g" +#line 303 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); if (h) @@ -1642,7 +1908,7 @@ void PIXCfgParser::host_addr() { consumeUntil(NEWLINE); } -#line 1646 "PIXCfgParser.cpp" +#line 1912 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1656,6 +1922,7 @@ void PIXCfgParser::host_addr() { } void PIXCfgParser::range_addr() { + Tracer traceInOut(this, "range_addr"); ANTLR_USE_NAMESPACE(antlr)RefToken r1 = ANTLR_USE_NAMESPACE(antlr)nullToken; ANTLR_USE_NAMESPACE(antlr)RefToken r2 = ANTLR_USE_NAMESPACE(antlr)nullToken; @@ -1668,7 +1935,7 @@ void PIXCfgParser::range_addr() { match(IPV4); } if ( inputState->guessing==0 ) { -#line 328 "pix.g" +#line 322 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); importer->tmp_range_1 = r1->getText(); @@ -1676,13 +1943,13 @@ void PIXCfgParser::range_addr() { importer->commitNamedAddressRangeObject(); *dbg << r1->getText() << "/" << r2->getText(); -#line 1680 "PIXCfgParser.cpp" +#line 1947 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -1690,6 +1957,7 @@ void PIXCfgParser::range_addr() { } void PIXCfgParser::subnet_addr() { + Tracer traceInOut(this, "subnet_addr"); ANTLR_USE_NAMESPACE(antlr)RefToken a = ANTLR_USE_NAMESPACE(antlr)nullToken; ANTLR_USE_NAMESPACE(antlr)RefToken nm = ANTLR_USE_NAMESPACE(antlr)nullToken; ANTLR_USE_NAMESPACE(antlr)RefToken v6 = ANTLR_USE_NAMESPACE(antlr)nullToken; @@ -1723,7 +1991,7 @@ void PIXCfgParser::subnet_addr() { } } if ( inputState->guessing==0 ) { -#line 338 "pix.g" +#line 332 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); if (a) @@ -1740,44 +2008,44 @@ void PIXCfgParser::subnet_addr() { consumeUntil(NEWLINE); } -#line 1744 "PIXCfgParser.cpp" +#line 2012 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } } } -void PIXCfgParser::named_object_description() { +void PIXCfgParser::interface_label() { + Tracer traceInOut(this, "interface_label"); try { // for error handling - match(DESCRIPTION); - if ( inputState->guessing==0 ) { -#line 288 "pix.g" - - importer->setCurrentLineNumber(LT(0)->getLine()); - *dbg << LT(1)->getLine() << ":"; - std::string descr; - while (LA(1) != ANTLR_USE_NAMESPACE(antlr)Token::EOF_TYPE && LA(1) != NEWLINE) - { - descr += LT(1)->getText() + " "; - consume(); - } - importer->setNamedObjectDescription(descr); - *dbg << " DESCRIPTION " << descr << std::endl; - -#line 1775 "PIXCfgParser.cpp" + switch ( LA(1)) { + case WORD: + { + match(WORD); + break; + } + case OUTSIDE: + { + match(OUTSIDE); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_10); } else { throw; } @@ -1785,6 +2053,7 @@ void PIXCfgParser::named_object_description() { } void PIXCfgParser::named_object_service_parameters() { + Tracer traceInOut(this, "named_object_service_parameters"); try { // for error handling { @@ -1797,7 +2066,7 @@ void PIXCfgParser::named_object_service_parameters() { else if ((LA(1) == SERVICE) && (LA(2) == TCP || LA(2) == UDP)) { service_tcp_udp(); } - else if ((LA(1) == SERVICE) && (_tokenSet_9.member(LA(2)))) { + else if ((LA(1) == SERVICE) && (_tokenSet_11.member(LA(2)))) { service_other(); } else if ((LA(1) == SERVICE) && (LA(2) == WORD)) { @@ -1816,7 +2085,7 @@ void PIXCfgParser::named_object_service_parameters() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_10); + recover(ex,_tokenSet_12); } else { throw; } @@ -1824,6 +2093,7 @@ void PIXCfgParser::named_object_service_parameters() { } void PIXCfgParser::service_icmp() { + Tracer traceInOut(this, "service_icmp"); ANTLR_USE_NAMESPACE(antlr)RefToken icmp_type = ANTLR_USE_NAMESPACE(antlr)nullToken; try { // for error handling @@ -1836,11 +2106,11 @@ void PIXCfgParser::service_icmp() { icmp_type = LT(1); match(INT_CONST); if ( inputState->guessing==0 ) { -#line 392 "pix.g" +#line 386 "pix.g" importer->icmp_type = LT(0)->getText(); -#line 1844 "PIXCfgParser.cpp" +#line 2114 "PIXCfgParser.cpp" } break; } @@ -1866,11 +2136,11 @@ void PIXCfgParser::service_icmp() { { icmp_names(); if ( inputState->guessing==0 ) { -#line 397 "pix.g" +#line 391 "pix.g" importer->icmp_spec = LT(0)->getText(); -#line 1874 "PIXCfgParser.cpp" +#line 2144 "PIXCfgParser.cpp" } break; } @@ -1881,19 +2151,19 @@ void PIXCfgParser::service_icmp() { } } if ( inputState->guessing==0 ) { -#line 401 "pix.g" +#line 395 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); importer->commitNamedICMPServiceObject(); *dbg << "NAMED OBJECT SERVICE ICMP " << LT(0)->getText() << " "; -#line 1891 "PIXCfgParser.cpp" +#line 2161 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -1901,6 +2171,7 @@ void PIXCfgParser::service_icmp() { } void PIXCfgParser::service_icmp6() { + Tracer traceInOut(this, "service_icmp6"); try { // for error handling match(SERVICE); @@ -1924,7 +2195,7 @@ void PIXCfgParser::service_icmp6() { } } if ( inputState->guessing==0 ) { -#line 409 "pix.g" +#line 403 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); importer->addMessageToLog("Parser warning: " @@ -1933,13 +2204,13 @@ void PIXCfgParser::service_icmp6() { *dbg << "NAMED OBJECT SERVICE ICMP6 " << LT(0)->getText() << " "; consumeUntil(NEWLINE); -#line 1937 "PIXCfgParser.cpp" +#line 2208 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -1947,6 +2218,7 @@ void PIXCfgParser::service_icmp6() { } void PIXCfgParser::service_tcp_udp() { + Tracer traceInOut(this, "service_tcp_udp"); try { // for error handling match(SERVICE); @@ -1969,12 +2241,12 @@ void PIXCfgParser::service_tcp_udp() { } } if ( inputState->guessing==0 ) { -#line 420 "pix.g" +#line 414 "pix.g" importer->protocol = LT(0)->getText(); *dbg << "NAMED OBJECT SERVICE " << LT(0)->getText() << " "; -#line 1978 "PIXCfgParser.cpp" +#line 2250 "PIXCfgParser.cpp" } { switch ( LA(1)) { @@ -2022,18 +2294,18 @@ void PIXCfgParser::service_tcp_udp() { } } if ( inputState->guessing==0 ) { -#line 426 "pix.g" +#line 420 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); importer->commitNamedTCPUDPServiceObject(); -#line 2031 "PIXCfgParser.cpp" +#line 2303 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -2041,6 +2313,7 @@ void PIXCfgParser::service_tcp_udp() { } void PIXCfgParser::service_other() { + Tracer traceInOut(this, "service_other"); try { // for error handling match(SERVICE); @@ -2077,20 +2350,20 @@ void PIXCfgParser::service_other() { } } if ( inputState->guessing==0 ) { -#line 445 "pix.g" +#line 439 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); importer->protocol = LT(0)->getText(); importer->commitNamedIPServiceObject(); *dbg << "NAMED OBJECT SERVICE " << LT(0)->getText() << " "; -#line 2088 "PIXCfgParser.cpp" +#line 2361 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -2098,12 +2371,13 @@ void PIXCfgParser::service_other() { } void PIXCfgParser::service_unknown() { + Tracer traceInOut(this, "service_unknown"); try { // for error handling match(SERVICE); match(WORD); if ( inputState->guessing==0 ) { -#line 460 "pix.g" +#line 454 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); importer->protocol = "ip"; @@ -2114,13 +2388,13 @@ void PIXCfgParser::service_unknown() { importer->addMessageToLog(err); *dbg << "UNKNOWN SERVICE " << LT(0)->getText() << " "; -#line 2118 "PIXCfgParser.cpp" +#line 2392 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -2128,6 +2402,7 @@ void PIXCfgParser::service_unknown() { } void PIXCfgParser::icmp_names() { + Tracer traceInOut(this, "icmp_names"); try { // for error handling { @@ -2237,7 +2512,7 @@ void PIXCfgParser::icmp_names() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_11); + recover(ex,_tokenSet_13); } else { throw; } @@ -2245,22 +2520,23 @@ void PIXCfgParser::icmp_names() { } void PIXCfgParser::src_port_spec() { + Tracer traceInOut(this, "src_port_spec"); try { // for error handling match(SOURCE); xoperator(); if ( inputState->guessing==0 ) { -#line 433 "pix.g" +#line 427 "pix.g" importer->SaveTmpPortToSrc(); -#line 2258 "PIXCfgParser.cpp" +#line 2534 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_12); + recover(ex,_tokenSet_14); } else { throw; } @@ -2268,6 +2544,7 @@ void PIXCfgParser::src_port_spec() { } void PIXCfgParser::dst_port_spec() { + Tracer traceInOut(this, "dst_port_spec"); try { // for error handling { @@ -2293,17 +2570,17 @@ void PIXCfgParser::dst_port_spec() { } xoperator(); if ( inputState->guessing==0 ) { -#line 439 "pix.g" +#line 433 "pix.g" importer->SaveTmpPortToDst(); -#line 2301 "PIXCfgParser.cpp" +#line 2578 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -2311,6 +2588,7 @@ void PIXCfgParser::dst_port_spec() { } void PIXCfgParser::xoperator() { + Tracer traceInOut(this, "xoperator"); try { // for error handling switch ( LA(1)) { @@ -2336,7 +2614,7 @@ void PIXCfgParser::xoperator() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_13); + recover(ex,_tokenSet_15); } else { throw; } @@ -2344,6 +2622,7 @@ void PIXCfgParser::xoperator() { } void PIXCfgParser::object_group_network_parameters() { + Tracer traceInOut(this, "object_group_network_parameters"); try { // for error handling { @@ -2374,7 +2653,7 @@ void PIXCfgParser::object_group_network_parameters() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_14); + recover(ex,_tokenSet_16); } else { throw; } @@ -2382,11 +2661,12 @@ void PIXCfgParser::object_group_network_parameters() { } void PIXCfgParser::object_group_description() { + Tracer traceInOut(this, "object_group_description"); try { // for error handling match(DESCRIPTION); if ( inputState->guessing==0 ) { -#line 500 "pix.g" +#line 494 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); *dbg << LT(1)->getLine() << ":"; @@ -2399,13 +2679,13 @@ void PIXCfgParser::object_group_description() { importer->setObjectGroupDescription(descr); *dbg << " DESCRIPTION " << descr << std::endl; -#line 2403 "PIXCfgParser.cpp" +#line 2683 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -2413,6 +2693,7 @@ void PIXCfgParser::object_group_description() { } void PIXCfgParser::group_object() { + Tracer traceInOut(this, "group_object"); ANTLR_USE_NAMESPACE(antlr)RefToken name = ANTLR_USE_NAMESPACE(antlr)nullToken; try { // for error handling @@ -2420,20 +2701,20 @@ void PIXCfgParser::group_object() { name = LT(1); match(WORD); if ( inputState->guessing==0 ) { -#line 515 "pix.g" +#line 509 "pix.g" importer->clearTempVars(); importer->setCurrentLineNumber(LT(0)->getLine()); importer->addNamedObjectToObjectGroup(name->getText()); *dbg << " GROUP MEMBER " << name->getLine() << std::endl; -#line 2431 "PIXCfgParser.cpp" +#line 2712 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -2441,6 +2722,7 @@ void PIXCfgParser::group_object() { } void PIXCfgParser::network_object() { + Tracer traceInOut(this, "network_object"); ANTLR_USE_NAMESPACE(antlr)RefToken a = ANTLR_USE_NAMESPACE(antlr)nullToken; ANTLR_USE_NAMESPACE(antlr)RefToken nm = ANTLR_USE_NAMESPACE(antlr)nullToken; ANTLR_USE_NAMESPACE(antlr)RefToken v6 = ANTLR_USE_NAMESPACE(antlr)nullToken; @@ -2451,12 +2733,12 @@ void PIXCfgParser::network_object() { try { // for error handling match(NETWORK_OBJECT); if ( inputState->guessing==0 ) { -#line 524 "pix.g" +#line 518 "pix.g" importer->clearTempVars(); importer->setCurrentLineNumber(LT(0)->getLine()); -#line 2460 "PIXCfgParser.cpp" +#line 2742 "PIXCfgParser.cpp" } { switch ( LA(1)) { @@ -2488,7 +2770,7 @@ void PIXCfgParser::network_object() { } } if ( inputState->guessing==0 ) { -#line 530 "pix.g" +#line 524 "pix.g" if (a) { @@ -2504,7 +2786,7 @@ void PIXCfgParser::network_object() { consumeUntil(NEWLINE); } -#line 2508 "PIXCfgParser.cpp" +#line 2790 "PIXCfgParser.cpp" } break; } @@ -2532,7 +2814,7 @@ void PIXCfgParser::network_object() { } } if ( inputState->guessing==0 ) { -#line 547 "pix.g" +#line 541 "pix.g" if (h) { @@ -2548,7 +2830,7 @@ void PIXCfgParser::network_object() { consumeUntil(NEWLINE); } -#line 2552 "PIXCfgParser.cpp" +#line 2834 "PIXCfgParser.cpp" } break; } @@ -2558,12 +2840,12 @@ void PIXCfgParser::network_object() { name = LT(1); match(WORD); if ( inputState->guessing==0 ) { -#line 564 "pix.g" +#line 558 "pix.g" importer->addNamedObjectToObjectGroup(name->getText()); *dbg << " GROUP MEMBER " << name->getLine() << std::endl; -#line 2567 "PIXCfgParser.cpp" +#line 2849 "PIXCfgParser.cpp" } break; } @@ -2577,7 +2859,7 @@ void PIXCfgParser::network_object() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -2585,6 +2867,7 @@ void PIXCfgParser::network_object() { } void PIXCfgParser::object_group_protocol_parameters() { + Tracer traceInOut(this, "object_group_protocol_parameters"); try { // for error handling { @@ -2615,7 +2898,7 @@ void PIXCfgParser::object_group_protocol_parameters() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_15); + recover(ex,_tokenSet_17); } else { throw; } @@ -2623,17 +2906,18 @@ void PIXCfgParser::object_group_protocol_parameters() { } void PIXCfgParser::protocol_object() { + Tracer traceInOut(this, "protocol_object"); ANTLR_USE_NAMESPACE(antlr)RefToken name = ANTLR_USE_NAMESPACE(antlr)nullToken; try { // for error handling match(PROTOCOL_OBJECT); if ( inputState->guessing==0 ) { -#line 598 "pix.g" +#line 592 "pix.g" importer->clearTempVars(); importer->setCurrentLineNumber(LT(0)->getLine()); -#line 2637 "PIXCfgParser.cpp" +#line 2921 "PIXCfgParser.cpp" } { switch ( LA(1)) { @@ -2705,14 +2989,14 @@ void PIXCfgParser::protocol_object() { } } if ( inputState->guessing==0 ) { -#line 604 "pix.g" +#line 598 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); importer->protocol = LT(0)->getText(); importer->addIPServiceToObjectGroup(); *dbg << " GROUP MEMBER " << LT(0)->getText() << " "; -#line 2716 "PIXCfgParser.cpp" +#line 3000 "PIXCfgParser.cpp" } break; } @@ -2720,13 +3004,13 @@ void PIXCfgParser::protocol_object() { { match(ICMP6); if ( inputState->guessing==0 ) { -#line 612 "pix.g" +#line 606 "pix.g" importer->addMessageToLog( "Parser warning: IPv6 import is not supported. "); consumeUntil(NEWLINE); -#line 2730 "PIXCfgParser.cpp" +#line 3014 "PIXCfgParser.cpp" } break; } @@ -2736,12 +3020,12 @@ void PIXCfgParser::protocol_object() { name = LT(1); match(WORD); if ( inputState->guessing==0 ) { -#line 619 "pix.g" +#line 613 "pix.g" importer->addNamedObjectToObjectGroup(name->getText()); *dbg << " GROUP MEMBER " << name->getLine() << std::endl; -#line 2745 "PIXCfgParser.cpp" +#line 3029 "PIXCfgParser.cpp" } break; } @@ -2755,7 +3039,7 @@ void PIXCfgParser::protocol_object() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -2763,6 +3047,7 @@ void PIXCfgParser::protocol_object() { } void PIXCfgParser::object_group_icmp_parameters() { + Tracer traceInOut(this, "object_group_icmp_parameters"); try { // for error handling { @@ -2793,7 +3078,7 @@ void PIXCfgParser::object_group_icmp_parameters() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_16); + recover(ex,_tokenSet_18); } else { throw; } @@ -2801,18 +3086,19 @@ void PIXCfgParser::object_group_icmp_parameters() { } void PIXCfgParser::icmp_object() { + Tracer traceInOut(this, "icmp_object"); ANTLR_USE_NAMESPACE(antlr)RefToken icmp_type = ANTLR_USE_NAMESPACE(antlr)nullToken; ANTLR_USE_NAMESPACE(antlr)RefToken name = ANTLR_USE_NAMESPACE(antlr)nullToken; try { // for error handling match(ICMP_OBJECT); if ( inputState->guessing==0 ) { -#line 666 "pix.g" +#line 660 "pix.g" importer->clearTempVars(); importer->setCurrentLineNumber(LT(0)->getLine()); -#line 2816 "PIXCfgParser.cpp" +#line 3102 "PIXCfgParser.cpp" } { switch ( LA(1)) { @@ -2844,11 +3130,11 @@ void PIXCfgParser::icmp_object() { icmp_type = LT(1); match(INT_CONST); if ( inputState->guessing==0 ) { -#line 673 "pix.g" +#line 667 "pix.g" importer->icmp_type = LT(0)->getText(); -#line 2852 "PIXCfgParser.cpp" +#line 3138 "PIXCfgParser.cpp" } break; } @@ -2874,11 +3160,11 @@ void PIXCfgParser::icmp_object() { { icmp_names(); if ( inputState->guessing==0 ) { -#line 678 "pix.g" +#line 672 "pix.g" importer->icmp_spec = LT(0)->getText(); -#line 2882 "PIXCfgParser.cpp" +#line 3168 "PIXCfgParser.cpp" } break; } @@ -2889,12 +3175,12 @@ void PIXCfgParser::icmp_object() { } } if ( inputState->guessing==0 ) { -#line 682 "pix.g" +#line 676 "pix.g" importer->addICMPServiceToObjectGroup(); *dbg << " SERVICE ICMP " << LT(0)->getText() << " "; -#line 2898 "PIXCfgParser.cpp" +#line 3184 "PIXCfgParser.cpp" } break; } @@ -2904,12 +3190,12 @@ void PIXCfgParser::icmp_object() { name = LT(1); match(WORD); if ( inputState->guessing==0 ) { -#line 688 "pix.g" +#line 682 "pix.g" importer->addNamedObjectToObjectGroup(name->getText()); *dbg << " GROUP MEMBER " << name->getLine() << std::endl; -#line 2913 "PIXCfgParser.cpp" +#line 3199 "PIXCfgParser.cpp" } break; } @@ -2923,7 +3209,7 @@ void PIXCfgParser::icmp_object() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -2931,6 +3217,7 @@ void PIXCfgParser::icmp_object() { } void PIXCfgParser::object_group_service_parameters() { + Tracer traceInOut(this, "object_group_service_parameters"); try { // for error handling { @@ -2966,7 +3253,7 @@ void PIXCfgParser::object_group_service_parameters() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_17); + recover(ex,_tokenSet_19); } else { throw; } @@ -2974,18 +3261,19 @@ void PIXCfgParser::object_group_service_parameters() { } void PIXCfgParser::service_object() { + Tracer traceInOut(this, "service_object"); ANTLR_USE_NAMESPACE(antlr)RefToken icmp_type = ANTLR_USE_NAMESPACE(antlr)nullToken; ANTLR_USE_NAMESPACE(antlr)RefToken name = ANTLR_USE_NAMESPACE(antlr)nullToken; try { // for error handling match(SERVICE_OBJECT); if ( inputState->guessing==0 ) { -#line 727 "pix.g" +#line 721 "pix.g" importer->clearTempVars(); importer->setCurrentLineNumber(LT(0)->getLine()); -#line 2989 "PIXCfgParser.cpp" +#line 3277 "PIXCfgParser.cpp" } { switch ( LA(1)) { @@ -3039,14 +3327,14 @@ void PIXCfgParser::service_object() { } } if ( inputState->guessing==0 ) { -#line 733 "pix.g" +#line 727 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); importer->protocol = LT(0)->getText(); importer->addIPServiceToObjectGroup(); *dbg << " GROUP MEMBER " << LT(0)->getText() << " "; -#line 3050 "PIXCfgParser.cpp" +#line 3338 "PIXCfgParser.cpp" } break; } @@ -3078,12 +3366,12 @@ void PIXCfgParser::service_object() { } } if ( inputState->guessing==0 ) { -#line 741 "pix.g" +#line 735 "pix.g" importer->protocol = LT(0)->getText(); *dbg << " SERVICE TCP/UDP" << LT(0)->getText() << " "; -#line 3087 "PIXCfgParser.cpp" +#line 3375 "PIXCfgParser.cpp" } { switch ( LA(1)) { @@ -3131,11 +3419,11 @@ void PIXCfgParser::service_object() { } } if ( inputState->guessing==0 ) { -#line 747 "pix.g" +#line 741 "pix.g" importer->addTCPUDPServiceToObjectGroup(); -#line 3139 "PIXCfgParser.cpp" +#line 3427 "PIXCfgParser.cpp" } break; } @@ -3149,11 +3437,11 @@ void PIXCfgParser::service_object() { icmp_type = LT(1); match(INT_CONST); if ( inputState->guessing==0 ) { -#line 754 "pix.g" +#line 748 "pix.g" importer->icmp_type = LT(0)->getText(); -#line 3157 "PIXCfgParser.cpp" +#line 3445 "PIXCfgParser.cpp" } break; } @@ -3179,11 +3467,11 @@ void PIXCfgParser::service_object() { { icmp_names(); if ( inputState->guessing==0 ) { -#line 759 "pix.g" +#line 753 "pix.g" importer->icmp_spec = LT(0)->getText(); -#line 3187 "PIXCfgParser.cpp" +#line 3475 "PIXCfgParser.cpp" } break; } @@ -3194,12 +3482,12 @@ void PIXCfgParser::service_object() { } } if ( inputState->guessing==0 ) { -#line 763 "pix.g" +#line 757 "pix.g" importer->addICMPServiceToObjectGroup(); *dbg << " SERVICE ICMP " << LT(0)->getText() << " "; -#line 3203 "PIXCfgParser.cpp" +#line 3491 "PIXCfgParser.cpp" } break; } @@ -3209,12 +3497,12 @@ void PIXCfgParser::service_object() { name = LT(1); match(WORD); if ( inputState->guessing==0 ) { -#line 769 "pix.g" +#line 763 "pix.g" importer->addNamedObjectToObjectGroup(name->getText()); *dbg << " GROUP MEMBER " << name->getLine() << std::endl; -#line 3218 "PIXCfgParser.cpp" +#line 3506 "PIXCfgParser.cpp" } break; } @@ -3228,7 +3516,7 @@ void PIXCfgParser::service_object() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -3236,18 +3524,19 @@ void PIXCfgParser::service_object() { } void PIXCfgParser::port_object() { -#line 776 "pix.g" + Tracer traceInOut(this, "port_object"); +#line 770 "pix.g" importer->tmp_port_spec = ""; importer->tmp_port_spec_2 = ""; -#line 3245 "PIXCfgParser.cpp" +#line 3534 "PIXCfgParser.cpp" try { // for error handling match(PORT_OBJECT); xoperator(); if ( inputState->guessing==0 ) { -#line 781 "pix.g" +#line 775 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); *dbg << " PORT OBJECT TCP/UDP " << LT(0)->getText() << " " << std::endl; @@ -3255,13 +3544,13 @@ void PIXCfgParser::port_object() { importer->addTCPUDPServiceToObjectGroup(); *dbg << std::endl; -#line 3259 "PIXCfgParser.cpp" +#line 3548 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -3269,6 +3558,7 @@ void PIXCfgParser::port_object() { } void PIXCfgParser::permit_extended() { + Tracer traceInOut(this, "permit_extended"); try { // for error handling { @@ -3290,23 +3580,23 @@ void PIXCfgParser::permit_extended() { } match(PERMIT); if ( inputState->guessing==0 ) { -#line 883 "pix.g" +#line 877 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); importer->newPolicyRule(); importer->action = "permit"; *dbg << LT(1)->getLine() << ":" << " permit "; -#line 3301 "PIXCfgParser.cpp" +#line 3591 "PIXCfgParser.cpp" } rule_extended(); match(NEWLINE); if ( inputState->guessing==0 ) { -#line 890 "pix.g" +#line 884 "pix.g" importer->pushRule(); -#line 3310 "PIXCfgParser.cpp" +#line 3600 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -3320,6 +3610,7 @@ void PIXCfgParser::permit_extended() { } void PIXCfgParser::deny_extended() { + Tracer traceInOut(this, "deny_extended"); try { // for error handling { @@ -3341,23 +3632,23 @@ void PIXCfgParser::deny_extended() { } match(DENY); if ( inputState->guessing==0 ) { -#line 896 "pix.g" +#line 890 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); importer->newPolicyRule(); importer->action = "deny"; *dbg << LT(1)->getLine() << ":" << " deny "; -#line 3352 "PIXCfgParser.cpp" +#line 3643 "PIXCfgParser.cpp" } rule_extended(); match(NEWLINE); if ( inputState->guessing==0 ) { -#line 903 "pix.g" +#line 897 "pix.g" importer->pushRule(); -#line 3361 "PIXCfgParser.cpp" +#line 3652 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -3371,28 +3662,29 @@ void PIXCfgParser::deny_extended() { } void PIXCfgParser::permit_standard() { + Tracer traceInOut(this, "permit_standard"); try { // for error handling match(STANDARD); match(PERMIT); if ( inputState->guessing==0 ) { -#line 909 "pix.g" +#line 903 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); importer->newPolicyRule(); importer->action = "permit"; *dbg << LT(1)->getLine() << ":" << " permit "; -#line 3387 "PIXCfgParser.cpp" +#line 3679 "PIXCfgParser.cpp" } rule_standard(); match(NEWLINE); if ( inputState->guessing==0 ) { -#line 916 "pix.g" +#line 910 "pix.g" importer->pushRule(); -#line 3396 "PIXCfgParser.cpp" +#line 3688 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -3406,28 +3698,29 @@ void PIXCfgParser::permit_standard() { } void PIXCfgParser::deny_standard() { + Tracer traceInOut(this, "deny_standard"); try { // for error handling match(STANDARD); match(DENY); if ( inputState->guessing==0 ) { -#line 922 "pix.g" +#line 916 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); importer->newPolicyRule(); importer->action = "deny"; *dbg << LT(1)->getLine() << ":" << " deny "; -#line 3422 "PIXCfgParser.cpp" +#line 3715 "PIXCfgParser.cpp" } rule_standard(); match(NEWLINE); if ( inputState->guessing==0 ) { -#line 929 "pix.g" +#line 923 "pix.g" importer->pushRule(); -#line 3431 "PIXCfgParser.cpp" +#line 3724 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -3441,11 +3734,12 @@ void PIXCfgParser::deny_standard() { } void PIXCfgParser::remark() { + Tracer traceInOut(this, "remark"); try { // for error handling match(REMARK); if ( inputState->guessing==0 ) { -#line 1762 "pix.g" +#line 1764 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); *dbg << LT(1)->getLine() << ":"; @@ -3459,7 +3753,7 @@ void PIXCfgParser::remark() { *dbg << " REMARK " << rem << std::endl; //consumeUntil(NEWLINE); -#line 3463 "PIXCfgParser.cpp" +#line 3757 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -3473,6 +3767,7 @@ void PIXCfgParser::remark() { } void PIXCfgParser::rule_extended() { + Tracer traceInOut(this, "rule_extended"); try { // for error handling { @@ -3499,15 +3794,15 @@ void PIXCfgParser::rule_extended() { ip_protocols(); hostaddr_expr(); if ( inputState->guessing==0 ) { -#line 954 "pix.g" +#line 948 "pix.g" importer->SaveTmpAddrToSrc(); *dbg << "(src) "; -#line 3505 "PIXCfgParser.cpp" +#line 3800 "PIXCfgParser.cpp" } hostaddr_expr(); if ( inputState->guessing==0 ) { -#line 955 "pix.g" +#line 949 "pix.g" importer->SaveTmpAddrToDst(); *dbg << "(dst) "; -#line 3511 "PIXCfgParser.cpp" +#line 3806 "PIXCfgParser.cpp" } { switch ( LA(1)) { @@ -3572,24 +3867,24 @@ void PIXCfgParser::rule_extended() { { match(ICMP); if ( inputState->guessing==0 ) { -#line 961 "pix.g" +#line 955 "pix.g" importer->protocol = LT(0)->getText(); *dbg << "protocol " << LT(0)->getText() << " "; -#line 3581 "PIXCfgParser.cpp" +#line 3876 "PIXCfgParser.cpp" } hostaddr_expr(); if ( inputState->guessing==0 ) { -#line 965 "pix.g" +#line 959 "pix.g" importer->SaveTmpAddrToSrc(); *dbg << "(src) "; -#line 3587 "PIXCfgParser.cpp" +#line 3882 "PIXCfgParser.cpp" } hostaddr_expr(); if ( inputState->guessing==0 ) { -#line 966 "pix.g" +#line 960 "pix.g" importer->SaveTmpAddrToDst(); *dbg << "(dst) "; -#line 3593 "PIXCfgParser.cpp" +#line 3888 "PIXCfgParser.cpp" } { switch ( LA(1)) { @@ -3703,17 +3998,17 @@ void PIXCfgParser::rule_extended() { } } if ( inputState->guessing==0 ) { -#line 974 "pix.g" +#line 968 "pix.g" *dbg << std::endl; -#line 3711 "PIXCfgParser.cpp" +#line 4006 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -3721,31 +4016,32 @@ void PIXCfgParser::rule_extended() { } void PIXCfgParser::rule_standard() { + Tracer traceInOut(this, "rule_standard"); try { // for error handling if ( inputState->guessing==0 ) { -#line 939 "pix.g" +#line 933 "pix.g" importer->tmp_a = "0.0.0.0"; importer->tmp_nm = "0.0.0.0"; importer->SaveTmpAddrToSrc(); -#line 3734 "PIXCfgParser.cpp" +#line 4030 "PIXCfgParser.cpp" } hostaddr_expr(); if ( inputState->guessing==0 ) { -#line 945 "pix.g" +#line 939 "pix.g" importer->SaveTmpAddrToDst(); *dbg << "(dst) " << std::endl; -#line 3743 "PIXCfgParser.cpp" +#line 4039 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -3753,7 +4049,7 @@ void PIXCfgParser::rule_standard() { } void PIXCfgParser::hostaddr_expr() { - ANTLR_USE_NAMESPACE(antlr)RefToken intf_name = ANTLR_USE_NAMESPACE(antlr)nullToken; + Tracer traceInOut(this, "hostaddr_expr"); ANTLR_USE_NAMESPACE(antlr)RefToken name = ANTLR_USE_NAMESPACE(antlr)nullToken; ANTLR_USE_NAMESPACE(antlr)RefToken h = ANTLR_USE_NAMESPACE(antlr)nullToken; ANTLR_USE_NAMESPACE(antlr)RefToken a = ANTLR_USE_NAMESPACE(antlr)nullToken; @@ -3764,16 +4060,15 @@ void PIXCfgParser::hostaddr_expr() { case INTRFACE: { match(INTRFACE); - intf_name = LT(1); - match(WORD); + interface_label(); if ( inputState->guessing==0 ) { -#line 1215 "pix.g" +#line 1209 "pix.g" - importer->tmp_a = intf_name->getText(); + importer->tmp_a = LT(0)->getText(); importer->tmp_nm = "interface"; - *dbg << "object " << intf_name->getText() << " "; + *dbg << "object " << LT(0)->getText() << " "; -#line 3777 "PIXCfgParser.cpp" +#line 4072 "PIXCfgParser.cpp" } break; } @@ -3803,13 +4098,13 @@ void PIXCfgParser::hostaddr_expr() { match(WORD); } if ( inputState->guessing==0 ) { -#line 1222 "pix.g" +#line 1216 "pix.g" importer->tmp_a = name->getText(); importer->tmp_nm = ""; *dbg << "object " << name->getText() << " "; -#line 3813 "PIXCfgParser.cpp" +#line 4108 "PIXCfgParser.cpp" } break; } @@ -3821,13 +4116,13 @@ void PIXCfgParser::hostaddr_expr() { match(IPV4); } if ( inputState->guessing==0 ) { -#line 1229 "pix.g" +#line 1223 "pix.g" importer->tmp_a = h->getText(); importer->tmp_nm = "255.255.255.255"; *dbg << h->getText() << "/255.255.255.255"; -#line 3831 "PIXCfgParser.cpp" +#line 4126 "PIXCfgParser.cpp" } break; } @@ -3840,13 +4135,13 @@ void PIXCfgParser::hostaddr_expr() { match(IPV4); } if ( inputState->guessing==0 ) { -#line 1236 "pix.g" +#line 1230 "pix.g" importer->tmp_a = a->getText(); importer->tmp_nm = m->getText(); *dbg << a->getText() << "/" << m->getText(); -#line 3850 "PIXCfgParser.cpp" +#line 4145 "PIXCfgParser.cpp" } break; } @@ -3854,13 +4149,13 @@ void PIXCfgParser::hostaddr_expr() { { match(ANY); if ( inputState->guessing==0 ) { -#line 1243 "pix.g" +#line 1237 "pix.g" importer->tmp_a = "0.0.0.0"; importer->tmp_nm = "0.0.0.0"; *dbg << "0.0.0.0/0.0.0.0"; -#line 3864 "PIXCfgParser.cpp" +#line 4159 "PIXCfgParser.cpp" } break; } @@ -3873,7 +4168,7 @@ void PIXCfgParser::hostaddr_expr() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_18); + recover(ex,_tokenSet_20); } else { throw; } @@ -3881,6 +4176,7 @@ void PIXCfgParser::hostaddr_expr() { } void PIXCfgParser::ip_protocols() { + Tracer traceInOut(this, "ip_protocols"); ANTLR_USE_NAMESPACE(antlr)RefToken name = ANTLR_USE_NAMESPACE(antlr)nullToken; try { // for error handling @@ -3936,12 +4232,12 @@ void PIXCfgParser::ip_protocols() { } } if ( inputState->guessing==0 ) { -#line 1162 "pix.g" +#line 1156 "pix.g" importer->protocol = LT(0)->getText(); *dbg << "protocol " << LT(0)->getText() << " "; -#line 3945 "PIXCfgParser.cpp" +#line 4241 "PIXCfgParser.cpp" } break; } @@ -3971,12 +4267,12 @@ void PIXCfgParser::ip_protocols() { match(WORD); } if ( inputState->guessing==0 ) { -#line 1168 "pix.g" +#line 1162 "pix.g" importer->protocol = name->getText(); *dbg << "protocol " << name->getText() << " "; -#line 3980 "PIXCfgParser.cpp" +#line 4276 "PIXCfgParser.cpp" } break; } @@ -3987,55 +4283,6 @@ void PIXCfgParser::ip_protocols() { } } } - catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { - if( inputState->guessing == 0 ) { - reportError(ex); - recover(ex,_tokenSet_19); - } else { - throw; - } - } -} - -void PIXCfgParser::time_range() { - ANTLR_USE_NAMESPACE(antlr)RefToken tr_name = ANTLR_USE_NAMESPACE(antlr)nullToken; - - try { // for error handling - match(TIME_RANGE); - tr_name = LT(1); - match(WORD); - if ( inputState->guessing==0 ) { -#line 1295 "pix.g" - - importer->time_range_name = tr_name->getText(); - *dbg << "time_range " << tr_name->getText() << " "; - -#line 4014 "PIXCfgParser.cpp" - } - } - catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { - if( inputState->guessing == 0 ) { - reportError(ex); - recover(ex,_tokenSet_20); - } else { - throw; - } - } -} - -void PIXCfgParser::fragments() { - - try { // for error handling - match(FRAGMENTS); - if ( inputState->guessing==0 ) { -#line 1288 "pix.g" - - importer->fragments = true; - *dbg << "fragments "; - -#line 4037 "PIXCfgParser.cpp" - } - } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); @@ -4046,7 +4293,59 @@ void PIXCfgParser::fragments() { } } +void PIXCfgParser::time_range() { + Tracer traceInOut(this, "time_range"); + ANTLR_USE_NAMESPACE(antlr)RefToken tr_name = ANTLR_USE_NAMESPACE(antlr)nullToken; + + try { // for error handling + match(TIME_RANGE); + tr_name = LT(1); + match(WORD); + if ( inputState->guessing==0 ) { +#line 1289 "pix.g" + + importer->time_range_name = tr_name->getText(); + *dbg << "time_range " << tr_name->getText() << " "; + +#line 4311 "PIXCfgParser.cpp" + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + if( inputState->guessing == 0 ) { + reportError(ex); + recover(ex,_tokenSet_22); + } else { + throw; + } + } +} + +void PIXCfgParser::fragments() { + Tracer traceInOut(this, "fragments"); + + try { // for error handling + match(FRAGMENTS); + if ( inputState->guessing==0 ) { +#line 1282 "pix.g" + + importer->fragments = true; + *dbg << "fragments "; + +#line 4335 "PIXCfgParser.cpp" + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + if( inputState->guessing == 0 ) { + reportError(ex); + recover(ex,_tokenSet_23); + } else { + throw; + } + } +} + void PIXCfgParser::log() { + Tracer traceInOut(this, "log"); try { // for error handling { @@ -4068,11 +4367,11 @@ void PIXCfgParser::log() { } } if ( inputState->guessing==0 ) { -#line 1254 "pix.g" +#line 1248 "pix.g" importer->logging = true; -#line 4076 "PIXCfgParser.cpp" +#line 4375 "PIXCfgParser.cpp" } { { @@ -4153,9 +4452,9 @@ void PIXCfgParser::log() { } } if ( inputState->guessing==0 ) { -#line 1271 "pix.g" +#line 1265 "pix.g" importer->log_level = LT(0)->getText(); -#line 4159 "PIXCfgParser.cpp" +#line 4458 "PIXCfgParser.cpp" } break; } @@ -4179,9 +4478,9 @@ void PIXCfgParser::log() { match(INT_CONST); } if ( inputState->guessing==0 ) { -#line 1276 "pix.g" +#line 1270 "pix.g" importer->log_interval = LT(0)->getText(); -#line 4185 "PIXCfgParser.cpp" +#line 4484 "PIXCfgParser.cpp" } break; } @@ -4197,20 +4496,20 @@ void PIXCfgParser::log() { } } if ( inputState->guessing==0 ) { -#line 1279 "pix.g" +#line 1273 "pix.g" // if (importer->log_level == "log") importer->log_level = ""; // if (importer->log_interval == "log") importer->log_interval = ""; *dbg << "logging level '" << importer->log_level << "' interval '" << importer->log_interval << "'"; -#line 4208 "PIXCfgParser.cpp" +#line 4507 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -4218,6 +4517,7 @@ void PIXCfgParser::log() { } void PIXCfgParser::icmp_spec() { + Tracer traceInOut(this, "icmp_spec"); ANTLR_USE_NAMESPACE(antlr)RefToken icmp_type = ANTLR_USE_NAMESPACE(antlr)nullToken; ANTLR_USE_NAMESPACE(antlr)RefToken icmp_code = ANTLR_USE_NAMESPACE(antlr)nullToken; @@ -4233,7 +4533,7 @@ void PIXCfgParser::icmp_spec() { match(INT_CONST); } if ( inputState->guessing==0 ) { -#line 1178 "pix.g" +#line 1172 "pix.g" importer->icmp_type = icmp_type->getText(); importer->icmp_code = icmp_code->getText(); @@ -4241,7 +4541,7 @@ void PIXCfgParser::icmp_spec() { *dbg << icmp_type->getText() << " " << icmp_code->getText() << " "; -#line 4245 "PIXCfgParser.cpp" +#line 4545 "PIXCfgParser.cpp" } break; } @@ -4267,12 +4567,12 @@ void PIXCfgParser::icmp_spec() { { icmp_names(); if ( inputState->guessing==0 ) { -#line 1187 "pix.g" +#line 1181 "pix.g" importer->icmp_spec = LT(0)->getText(); *dbg << LT(0)->getText() << " "; -#line 4276 "PIXCfgParser.cpp" +#line 4576 "PIXCfgParser.cpp" } break; } @@ -4286,7 +4586,7 @@ void PIXCfgParser::icmp_spec() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_11); + recover(ex,_tokenSet_13); } else { throw; } @@ -4294,6 +4594,7 @@ void PIXCfgParser::icmp_spec() { } void PIXCfgParser::tcp_udp_rule_extended() { + Tracer traceInOut(this, "tcp_udp_rule_extended"); ANTLR_USE_NAMESPACE(antlr)RefToken src_grp_name = ANTLR_USE_NAMESPACE(antlr)nullToken; ANTLR_USE_NAMESPACE(antlr)RefToken dst_addr_name = ANTLR_USE_NAMESPACE(antlr)nullToken; @@ -4317,22 +4618,22 @@ void PIXCfgParser::tcp_udp_rule_extended() { } } if ( inputState->guessing==0 ) { -#line 981 "pix.g" +#line 975 "pix.g" importer->protocol = LT(0)->getText(); *dbg << "protocol " << LT(0)->getText() << " "; -#line 4326 "PIXCfgParser.cpp" +#line 4627 "PIXCfgParser.cpp" } hostaddr_expr(); if ( inputState->guessing==0 ) { -#line 985 "pix.g" +#line 979 "pix.g" importer->SaveTmpAddrToSrc(); *dbg << "(src) "; -#line 4332 "PIXCfgParser.cpp" +#line 4633 "PIXCfgParser.cpp" } { bool synPredMatched123 = false; - if (((_tokenSet_19.member(LA(1))) && (_tokenSet_22.member(LA(2))))) { + if (((_tokenSet_21.member(LA(1))) && (_tokenSet_24.member(LA(2))))) { int _m123 = mark(); synPredMatched123 = true; inputState->guessing++; @@ -4354,34 +4655,34 @@ void PIXCfgParser::tcp_udp_rule_extended() { src_grp_name = LT(1); match(WORD); if ( inputState->guessing==0 ) { -#line 995 "pix.g" +#line 989 "pix.g" importer->src_port_spec = src_grp_name->getText(); *dbg << "src port spec: " << src_grp_name->getText() << std::endl; -#line 4364 "PIXCfgParser.cpp" +#line 4665 "PIXCfgParser.cpp" } hostaddr_expr_1(); if ( inputState->guessing==0 ) { -#line 1003 "pix.g" +#line 997 "pix.g" importer->SaveTmpAddrToDst(); *dbg << "(dst) "; -#line 4373 "PIXCfgParser.cpp" +#line 4674 "PIXCfgParser.cpp" } acl_tcp_udp_dst_port_spec(); } - else if ((_tokenSet_19.member(LA(1))) && (_tokenSet_22.member(LA(2)))) { + else if ((_tokenSet_21.member(LA(1))) && (_tokenSet_24.member(LA(2)))) { hostaddr_expr_2(); if ( inputState->guessing==0 ) { -#line 1012 "pix.g" +#line 1006 "pix.g" importer->SaveTmpAddrToDst(); *dbg << "(dst) "; -#line 4385 "PIXCfgParser.cpp" +#line 4686 "PIXCfgParser.cpp" } acl_tcp_udp_dst_port_spec(); } @@ -4396,10 +4697,10 @@ void PIXCfgParser::tcp_udp_rule_extended() { dst_addr_name = LT(1); match(WORD); { - if ((_tokenSet_23.member(LA(1))) && (_tokenSet_24.member(LA(2)))) { + if ((_tokenSet_25.member(LA(1))) && (_tokenSet_26.member(LA(2)))) { acl_xoperator_dst(); } - else if ((_tokenSet_25.member(LA(1))) && (_tokenSet_26.member(LA(2)))) { + else if ((_tokenSet_27.member(LA(1))) && (_tokenSet_28.member(LA(2)))) { } else { throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); @@ -4407,10 +4708,10 @@ void PIXCfgParser::tcp_udp_rule_extended() { } { - if ((LA(1) == ESTABLISHED) && (_tokenSet_25.member(LA(2)))) { + if ((LA(1) == ESTABLISHED) && (_tokenSet_27.member(LA(2)))) { established(); } - else if ((_tokenSet_25.member(LA(1))) && (_tokenSet_27.member(LA(2)))) { + else if ((_tokenSet_27.member(LA(1))) && (_tokenSet_29.member(LA(2)))) { } else { throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); @@ -4418,7 +4719,7 @@ void PIXCfgParser::tcp_udp_rule_extended() { } if ( inputState->guessing==0 ) { -#line 1021 "pix.g" +#line 1015 "pix.g" // looks like "object foo" at this point can only be dest addr. // (judging by cli prompts on 8.3) @@ -4427,11 +4728,11 @@ void PIXCfgParser::tcp_udp_rule_extended() { importer->SaveTmpAddrToDst(); *dbg << "dst addr object " << dst_addr_name->getText() << " "; -#line 4431 "PIXCfgParser.cpp" +#line 4732 "PIXCfgParser.cpp" } acl_tcp_udp_dst_port_spec(); } - else if ((_tokenSet_28.member(LA(1))) && (_tokenSet_29.member(LA(2)))) { + else if ((_tokenSet_30.member(LA(1))) && (_tokenSet_31.member(LA(2)))) { { switch ( LA(1)) { case RANGE: @@ -4442,11 +4743,11 @@ void PIXCfgParser::tcp_udp_rule_extended() { { xoperator(); if ( inputState->guessing==0 ) { -#line 1035 "pix.g" +#line 1029 "pix.g" importer->SaveTmpPortToSrc(); -#line 4450 "PIXCfgParser.cpp" +#line 4751 "PIXCfgParser.cpp" } break; } @@ -4467,9 +4768,9 @@ void PIXCfgParser::tcp_udp_rule_extended() { } hostaddr_expr_3(); if ( inputState->guessing==0 ) { -#line 1039 "pix.g" +#line 1033 "pix.g" importer->SaveTmpAddrToDst(); *dbg << "(dst) "; -#line 4473 "PIXCfgParser.cpp" +#line 4774 "PIXCfgParser.cpp" } acl_tcp_udp_dst_port_spec(); } @@ -4539,7 +4840,7 @@ void PIXCfgParser::tcp_udp_rule_extended() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -4547,6 +4848,7 @@ void PIXCfgParser::tcp_udp_rule_extended() { } void PIXCfgParser::hostaddr_expr_1() { + Tracer traceInOut(this, "hostaddr_expr_1"); try { // for error handling hostaddr_expr(); @@ -4554,7 +4856,7 @@ void PIXCfgParser::hostaddr_expr_1() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_25); + recover(ex,_tokenSet_27); } else { throw; } @@ -4562,6 +4864,7 @@ void PIXCfgParser::hostaddr_expr_1() { } void PIXCfgParser::acl_tcp_udp_dst_port_spec() { + Tracer traceInOut(this, "acl_tcp_udp_dst_port_spec"); ANTLR_USE_NAMESPACE(antlr)RefToken dst_port_group_name = ANTLR_USE_NAMESPACE(antlr)nullToken; ANTLR_USE_NAMESPACE(antlr)RefToken dst_port_obj_name = ANTLR_USE_NAMESPACE(antlr)nullToken; @@ -4575,13 +4878,13 @@ void PIXCfgParser::acl_tcp_udp_dst_port_spec() { dst_port_group_name = LT(1); match(WORD); if ( inputState->guessing==0 ) { -#line 1057 "pix.g" +#line 1051 "pix.g" importer->dst_port_spec = dst_port_group_name->getText(); *dbg << "dst port spec: " << dst_port_group_name->getText() << std::endl; -#line 4585 "PIXCfgParser.cpp" +#line 4888 "PIXCfgParser.cpp" } { switch ( LA(1)) { @@ -4613,13 +4916,13 @@ void PIXCfgParser::acl_tcp_udp_dst_port_spec() { dst_port_obj_name = LT(1); match(WORD); if ( inputState->guessing==0 ) { -#line 1067 "pix.g" +#line 1061 "pix.g" importer->dst_port_spec = dst_port_obj_name->getText(); *dbg << "dst addr object " << dst_port_obj_name->getText() << std::endl; -#line 4623 "PIXCfgParser.cpp" +#line 4926 "PIXCfgParser.cpp" } { switch ( LA(1)) { @@ -4715,7 +5018,7 @@ void PIXCfgParser::acl_tcp_udp_dst_port_spec() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_11); + recover(ex,_tokenSet_13); } else { throw; } @@ -4723,6 +5026,7 @@ void PIXCfgParser::acl_tcp_udp_dst_port_spec() { } void PIXCfgParser::hostaddr_expr_2() { + Tracer traceInOut(this, "hostaddr_expr_2"); try { // for error handling hostaddr_expr(); @@ -4730,7 +5034,7 @@ void PIXCfgParser::hostaddr_expr_2() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_25); + recover(ex,_tokenSet_27); } else { throw; } @@ -4738,21 +5042,22 @@ void PIXCfgParser::hostaddr_expr_2() { } void PIXCfgParser::acl_xoperator_dst() { + Tracer traceInOut(this, "acl_xoperator_dst"); try { // for error handling xoperator(); if ( inputState->guessing==0 ) { -#line 1082 "pix.g" +#line 1076 "pix.g" importer->SaveTmpPortToDst(); -#line 4750 "PIXCfgParser.cpp" +#line 5055 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_25); + recover(ex,_tokenSet_27); } else { throw; } @@ -4760,22 +5065,23 @@ void PIXCfgParser::acl_xoperator_dst() { } void PIXCfgParser::established() { + Tracer traceInOut(this, "established"); try { // for error handling match(ESTABLISHED); if ( inputState->guessing==0 ) { -#line 1151 "pix.g" +#line 1145 "pix.g" importer->established = true; *dbg << "established "; -#line 4773 "PIXCfgParser.cpp" +#line 5079 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_25); + recover(ex,_tokenSet_27); } else { throw; } @@ -4783,6 +5089,7 @@ void PIXCfgParser::established() { } void PIXCfgParser::hostaddr_expr_3() { + Tracer traceInOut(this, "hostaddr_expr_3"); try { // for error handling hostaddr_expr(); @@ -4790,7 +5097,7 @@ void PIXCfgParser::hostaddr_expr_3() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_25); + recover(ex,_tokenSet_27); } else { throw; } @@ -4798,6 +5105,7 @@ void PIXCfgParser::hostaddr_expr_3() { } void PIXCfgParser::single_port_op() { + Tracer traceInOut(this, "single_port_op"); try { // for error handling { @@ -4829,19 +5137,19 @@ void PIXCfgParser::single_port_op() { } } if ( inputState->guessing==0 ) { -#line 1092 "pix.g" +#line 1086 "pix.g" importer->tmp_port_op = LT(0)->getText(); *dbg << LT(0)->getText() << " "; -#line 4838 "PIXCfgParser.cpp" +#line 5146 "PIXCfgParser.cpp" } port_spec(); } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_13); + recover(ex,_tokenSet_15); } else { throw; } @@ -4849,23 +5157,24 @@ void PIXCfgParser::single_port_op() { } void PIXCfgParser::port_range() { + Tracer traceInOut(this, "port_range"); try { // for error handling match(RANGE); pair_of_ports_spec(); if ( inputState->guessing==0 ) { -#line 1107 "pix.g" +#line 1101 "pix.g" importer->tmp_port_op = "range"; *dbg << "range " << importer->tmp_port_spec; -#line 4863 "PIXCfgParser.cpp" +#line 5172 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_13); + recover(ex,_tokenSet_15); } else { throw; } @@ -4873,22 +5182,23 @@ void PIXCfgParser::port_range() { } void PIXCfgParser::port_spec() { + Tracer traceInOut(this, "port_spec"); try { // for error handling tcp_udp_port_spec(); if ( inputState->guessing==0 ) { -#line 1100 "pix.g" +#line 1094 "pix.g" importer->tmp_port_spec = std::string(" ") + importer->tmp_port_spec_2; *dbg << LT(0)->getText() << " " << importer->tmp_port_spec; -#line 4886 "PIXCfgParser.cpp" +#line 5196 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_13); + recover(ex,_tokenSet_15); } else { throw; } @@ -4896,6 +5206,7 @@ void PIXCfgParser::port_spec() { } void PIXCfgParser::tcp_udp_port_spec() { + Tracer traceInOut(this, "tcp_udp_port_spec"); try { // for error handling { @@ -4927,17 +5238,17 @@ void PIXCfgParser::tcp_udp_port_spec() { } } if ( inputState->guessing==0 ) { -#line 1131 "pix.g" +#line 1125 "pix.g" importer->tmp_port_spec_2 = LT(0)->getText(); -#line 4935 "PIXCfgParser.cpp" +#line 5246 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_30); + recover(ex,_tokenSet_32); } else { throw; } @@ -4945,37 +5256,38 @@ void PIXCfgParser::tcp_udp_port_spec() { } void PIXCfgParser::pair_of_ports_spec() { + Tracer traceInOut(this, "pair_of_ports_spec"); try { // for error handling if ( inputState->guessing==0 ) { -#line 1114 "pix.g" +#line 1108 "pix.g" importer->tmp_port_spec_2 = ""; -#line 4956 "PIXCfgParser.cpp" +#line 5268 "PIXCfgParser.cpp" } tcp_udp_port_spec(); if ( inputState->guessing==0 ) { -#line 1118 "pix.g" +#line 1112 "pix.g" importer->tmp_port_spec += importer->tmp_port_spec_2; -#line 4964 "PIXCfgParser.cpp" +#line 5276 "PIXCfgParser.cpp" } tcp_udp_port_spec(); if ( inputState->guessing==0 ) { -#line 1122 "pix.g" +#line 1116 "pix.g" importer->tmp_port_spec += " "; importer->tmp_port_spec += importer->tmp_port_spec_2; -#line 4973 "PIXCfgParser.cpp" +#line 5285 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_13); + recover(ex,_tokenSet_15); } else { throw; } @@ -4983,6 +5295,7 @@ void PIXCfgParser::pair_of_ports_spec() { } void PIXCfgParser::tcp_udp_port_names() { + Tracer traceInOut(this, "tcp_udp_port_names"); try { // for error handling { @@ -5027,7 +5340,7 @@ void PIXCfgParser::tcp_udp_port_names() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_30); + recover(ex,_tokenSet_32); } else { throw; } @@ -5035,6 +5348,7 @@ void PIXCfgParser::tcp_udp_port_names() { } void PIXCfgParser::interface_command_6() { + Tracer traceInOut(this, "interface_command_6"); ANTLR_USE_NAMESPACE(antlr)RefToken in = ANTLR_USE_NAMESPACE(antlr)nullToken; try { // for error handling @@ -5042,14 +5356,14 @@ void PIXCfgParser::interface_command_6() { match(WORD); pix6_interface_hw_speed(); if ( inputState->guessing==0 ) { -#line 1354 "pix.g" +#line 1353 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); importer->newInterface( in->getText() ); *dbg << in->getLine() << ":" << " INTRFACE: " << in->getText() << std::endl; -#line 5053 "PIXCfgParser.cpp" +#line 5367 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -5063,42 +5377,43 @@ void PIXCfgParser::interface_command_6() { } void PIXCfgParser::interface_command_7() { + Tracer traceInOut(this, "interface_command_7"); ANTLR_USE_NAMESPACE(antlr)RefToken in = ANTLR_USE_NAMESPACE(antlr)nullToken; -#line 1362 "pix.g" +#line 1361 "pix.g" bool have_interface_parameters = false; -#line 5070 "PIXCfgParser.cpp" +#line 5385 "PIXCfgParser.cpp" try { // for error handling in = LT(1); match(WORD); match(NEWLINE); if ( inputState->guessing==0 ) { -#line 1363 "pix.g" +#line 1362 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); importer->newInterface( in->getText() ); *dbg << in->getLine() << ":" << " INTRFACE: " << in->getText() << std::endl; -#line 5084 "PIXCfgParser.cpp" +#line 5399 "PIXCfgParser.cpp" } { { // ( ... )* for (;;) { - if ((_tokenSet_31.member(LA(1)))) { + if ((_tokenSet_33.member(LA(1)))) { interface_parameters(); if ( inputState->guessing==0 ) { -#line 1370 "pix.g" +#line 1369 "pix.g" have_interface_parameters = true; -#line 5094 "PIXCfgParser.cpp" +#line 5409 "PIXCfgParser.cpp" } } else { - goto _loop188; + goto _loop189; } } - _loop188:; + _loop189:; } // ( ... )* { switch ( LA(1)) { @@ -5119,7 +5434,7 @@ void PIXCfgParser::interface_command_7() { } } if ( inputState->guessing==0 ) { -#line 1372 "pix.g" +#line 1371 "pix.g" if ( ! have_interface_parameters ) { @@ -5128,7 +5443,7 @@ void PIXCfgParser::interface_command_7() { << " EMPTY INTERFACE " << std::endl; } -#line 5132 "PIXCfgParser.cpp" +#line 5447 "PIXCfgParser.cpp" } } } @@ -5143,6 +5458,7 @@ void PIXCfgParser::interface_command_7() { } void PIXCfgParser::pix6_interface_hw_speed() { + Tracer traceInOut(this, "pix6_interface_hw_speed"); try { // for error handling { @@ -5215,14 +5531,15 @@ void PIXCfgParser::pix6_interface_hw_speed() { } void PIXCfgParser::interface_parameters() { + Tracer traceInOut(this, "interface_parameters"); try { // for error handling if ( inputState->guessing==0 ) { -#line 1400 "pix.g" +#line 1406 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); -#line 5226 "PIXCfgParser.cpp" +#line 5543 "PIXCfgParser.cpp" } { switch ( LA(1)) { @@ -5295,7 +5612,7 @@ void PIXCfgParser::interface_parameters() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_32); + recover(ex,_tokenSet_34); } else { throw; } @@ -5303,6 +5620,7 @@ void PIXCfgParser::interface_parameters() { } void PIXCfgParser::intf_address() { + Tracer traceInOut(this, "intf_address"); try { // for error handling match(IP); @@ -5330,7 +5648,7 @@ void PIXCfgParser::intf_address() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -5338,6 +5656,7 @@ void PIXCfgParser::intf_address() { } void PIXCfgParser::vlan_interface() { + Tracer traceInOut(this, "vlan_interface"); ANTLR_USE_NAMESPACE(antlr)RefToken vlan_id = ANTLR_USE_NAMESPACE(antlr)nullToken; try { // for error handling @@ -5345,18 +5664,18 @@ void PIXCfgParser::vlan_interface() { vlan_id = LT(1); match(INT_CONST); if ( inputState->guessing==0 ) { -#line 1426 "pix.g" +#line 1432 "pix.g" importer->setInterfaceVlanId(vlan_id->getText()); *dbg << " VLAN: " << vlan_id->getText() << std::endl; -#line 5354 "PIXCfgParser.cpp" +#line 5673 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -5364,6 +5683,7 @@ void PIXCfgParser::vlan_interface() { } void PIXCfgParser::sec_level() { + Tracer traceInOut(this, "sec_level"); ANTLR_USE_NAMESPACE(antlr)RefToken sec_level = ANTLR_USE_NAMESPACE(antlr)nullToken; try { // for error handling @@ -5371,18 +5691,18 @@ void PIXCfgParser::sec_level() { sec_level = LT(1); match(INT_CONST); if ( inputState->guessing==0 ) { -#line 1478 "pix.g" +#line 1484 "pix.g" importer->setInterfaceSecurityLevel(sec_level->getText()); *dbg << "SEC_LEVEL: " << sec_level->getText() << std::endl; -#line 5380 "PIXCfgParser.cpp" +#line 5700 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -5390,52 +5710,24 @@ void PIXCfgParser::sec_level() { } void PIXCfgParser::nameif() { - ANTLR_USE_NAMESPACE(antlr)RefToken p_intf = ANTLR_USE_NAMESPACE(antlr)nullToken; - ANTLR_USE_NAMESPACE(antlr)RefToken intf_label = ANTLR_USE_NAMESPACE(antlr)nullToken; - ANTLR_USE_NAMESPACE(antlr)RefToken sec_level = ANTLR_USE_NAMESPACE(antlr)nullToken; + Tracer traceInOut(this, "nameif"); try { // for error handling match(NAMEIF); - p_intf = LT(1); - match(WORD); - { - switch ( LA(1)) { - case WORD: - { - intf_label = LT(1); - match(WORD); - sec_level = LT(1); - match(WORD); - break; - } - case NEWLINE: - { - { - } - break; - } - default: - { - throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); - } - } - } + interface_label(); if ( inputState->guessing==0 ) { -#line 1501 "pix.g" +#line 1503 "pix.g" - std::string label = (intf_label) ? intf_label->getText() : ""; - std::string seclevel = (sec_level) ? sec_level->getText() : ""; - importer->setInterfaceParametes(p_intf->getText(), label, seclevel); - *dbg << " NAMEIF: " - << p_intf->getText() << label << seclevel << std::endl; + importer->setInterfaceParametes(LT(0)->getText(), "", ""); + *dbg << " NAMEIF: " << LT(0)->getText() << std::endl; -#line 5433 "PIXCfgParser.cpp" +#line 5725 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -5443,11 +5735,12 @@ void PIXCfgParser::nameif() { } void PIXCfgParser::interface_description() { + Tracer traceInOut(this, "interface_description"); try { // for error handling match(DESCRIPTION); if ( inputState->guessing==0 ) { -#line 1513 "pix.g" +#line 1512 "pix.g" *dbg << LT(1)->getLine() << ":"; std::string descr; @@ -5460,13 +5753,13 @@ void PIXCfgParser::interface_description() { *dbg << " DESCRIPTION " << descr << std::endl; //consumeUntil(NEWLINE); -#line 5464 "PIXCfgParser.cpp" +#line 5757 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -5474,6 +5767,7 @@ void PIXCfgParser::interface_description() { } void PIXCfgParser::switchport() { + Tracer traceInOut(this, "switchport"); ANTLR_USE_NAMESPACE(antlr)RefToken vlan_num = ANTLR_USE_NAMESPACE(antlr)nullToken; try { // for error handling @@ -5483,18 +5777,18 @@ void PIXCfgParser::switchport() { vlan_num = LT(1); match(INT_CONST); if ( inputState->guessing==0 ) { -#line 1625 "pix.g" +#line 1624 "pix.g" importer->addMessageToLog("Switch port vlan " + vlan_num->getText()); *dbg << "Switch port vlan " << vlan_num->getText() << std::endl; -#line 5492 "PIXCfgParser.cpp" +#line 5786 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -5502,23 +5796,24 @@ void PIXCfgParser::switchport() { } void PIXCfgParser::shutdown() { + Tracer traceInOut(this, "shutdown"); try { // for error handling match(SHUTDOWN); if ( inputState->guessing==0 ) { -#line 1528 "pix.g" +#line 1527 "pix.g" importer->ignoreCurrentInterface(); *dbg<< LT(1)->getLine() << ":" << " INTERFACE SHUTDOWN " << std::endl; -#line 5516 "PIXCfgParser.cpp" +#line 5811 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -5526,6 +5821,7 @@ void PIXCfgParser::shutdown() { } void PIXCfgParser::interface_no_commands() { + Tracer traceInOut(this, "interface_no_commands"); try { // for error handling match(NO); @@ -5558,19 +5854,19 @@ void PIXCfgParser::interface_no_commands() { } } if ( inputState->guessing==0 ) { -#line 1470 "pix.g" +#line 1476 "pix.g" *dbg << " INTERFACE \"NO\" COMMAND: " << LT(0)->getText() << std::endl; consumeUntil(NEWLINE); -#line 5568 "PIXCfgParser.cpp" +#line 5864 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -5578,6 +5874,7 @@ void PIXCfgParser::interface_no_commands() { } void PIXCfgParser::unsupported_interface_commands() { + Tracer traceInOut(this, "unsupported_interface_commands"); try { // for error handling { @@ -5659,19 +5956,19 @@ void PIXCfgParser::unsupported_interface_commands() { } } if ( inputState->guessing==0 ) { -#line 1462 "pix.g" +#line 1468 "pix.g" *dbg << " UNSUPPORTED INTERFACE COMMAND: " << LT(0)->getText() << std::endl; consumeUntil(NEWLINE); -#line 5669 "PIXCfgParser.cpp" +#line 5966 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -5679,6 +5976,7 @@ void PIXCfgParser::unsupported_interface_commands() { } void PIXCfgParser::v6_ip_address() { + Tracer traceInOut(this, "v6_ip_address"); try { // for error handling if ((LA(1) == WORD) && (LA(2) == DHCP)) { @@ -5695,7 +5993,7 @@ void PIXCfgParser::v6_ip_address() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -5703,6 +6001,7 @@ void PIXCfgParser::v6_ip_address() { } void PIXCfgParser::v7_ip_address() { + Tracer traceInOut(this, "v7_ip_address"); try { // for error handling switch ( LA(1)) { @@ -5725,7 +6024,7 @@ void PIXCfgParser::v7_ip_address() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -5733,6 +6032,7 @@ void PIXCfgParser::v7_ip_address() { } void PIXCfgParser::v6_dhcp_address() { + Tracer traceInOut(this, "v6_dhcp_address"); ANTLR_USE_NAMESPACE(antlr)RefToken lbl = ANTLR_USE_NAMESPACE(antlr)nullToken; ANTLR_USE_NAMESPACE(antlr)RefToken dhcp = ANTLR_USE_NAMESPACE(antlr)nullToken; @@ -5742,7 +6042,7 @@ void PIXCfgParser::v6_dhcp_address() { dhcp = LT(1); match(DHCP); if ( inputState->guessing==0 ) { -#line 1563 "pix.g" +#line 1562 "pix.g" std::string label = lbl->getText(); std::string addr = dhcp->getText(); @@ -5753,13 +6053,13 @@ void PIXCfgParser::v6_dhcp_address() { // which we do not support consumeUntil(NEWLINE); -#line 5757 "PIXCfgParser.cpp" +#line 6057 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -5767,6 +6067,7 @@ void PIXCfgParser::v6_dhcp_address() { } void PIXCfgParser::v6_static_address() { + Tracer traceInOut(this, "v6_static_address"); ANTLR_USE_NAMESPACE(antlr)RefToken lbl = ANTLR_USE_NAMESPACE(antlr)nullToken; ANTLR_USE_NAMESPACE(antlr)RefToken a = ANTLR_USE_NAMESPACE(antlr)nullToken; ANTLR_USE_NAMESPACE(antlr)RefToken m = ANTLR_USE_NAMESPACE(antlr)nullToken; @@ -5779,7 +6080,7 @@ void PIXCfgParser::v6_static_address() { m = LT(1); match(IPV4); if ( inputState->guessing==0 ) { -#line 1576 "pix.g" +#line 1575 "pix.g" std::string label = lbl->getText(); std::string addr = a->getText(); @@ -5790,13 +6091,13 @@ void PIXCfgParser::v6_static_address() { // in case there are some other parameters after address and netmask consumeUntil(NEWLINE); -#line 5794 "PIXCfgParser.cpp" +#line 6095 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -5804,13 +6105,14 @@ void PIXCfgParser::v6_static_address() { } void PIXCfgParser::v7_dhcp_address() { + Tracer traceInOut(this, "v7_dhcp_address"); ANTLR_USE_NAMESPACE(antlr)RefToken dhcp = ANTLR_USE_NAMESPACE(antlr)nullToken; try { // for error handling dhcp = LT(1); match(DHCP); if ( inputState->guessing==0 ) { -#line 1593 "pix.g" +#line 1592 "pix.g" std::string addr = dhcp->getText(); importer->addInterfaceAddress(addr, ""); @@ -5818,13 +6120,13 @@ void PIXCfgParser::v7_dhcp_address() { << " INTRFACE ADDRESS: " << addr << std::endl; consumeUntil(NEWLINE); -#line 5822 "PIXCfgParser.cpp" +#line 6124 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -5832,6 +6134,7 @@ void PIXCfgParser::v7_dhcp_address() { } void PIXCfgParser::v7_static_address() { + Tracer traceInOut(this, "v7_static_address"); ANTLR_USE_NAMESPACE(antlr)RefToken a = ANTLR_USE_NAMESPACE(antlr)nullToken; ANTLR_USE_NAMESPACE(antlr)RefToken m = ANTLR_USE_NAMESPACE(antlr)nullToken; ANTLR_USE_NAMESPACE(antlr)RefToken s = ANTLR_USE_NAMESPACE(antlr)nullToken; @@ -5860,7 +6163,7 @@ void PIXCfgParser::v7_static_address() { } } if ( inputState->guessing==0 ) { -#line 1604 "pix.g" +#line 1603 "pix.g" std::string addr = a->getText(); std::string netm = m->getText(); @@ -5877,13 +6180,13 @@ void PIXCfgParser::v7_static_address() { } consumeUntil(NEWLINE); -#line 5881 "PIXCfgParser.cpp" +#line 6184 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -5891,6 +6194,7 @@ void PIXCfgParser::v7_static_address() { } void PIXCfgParser::icmp_types_for_icmp_command() { + Tracer traceInOut(this, "icmp_types_for_icmp_command"); try { // for error handling switch ( LA(1)) { @@ -5898,13 +6202,13 @@ void PIXCfgParser::icmp_types_for_icmp_command() { { match(INT_CONST); if ( inputState->guessing==0 ) { -#line 1741 "pix.g" +#line 1743 "pix.g" importer->icmp_type = LT(0)->getText(); importer->icmp_code = "0"; importer->icmp_spec = ""; -#line 5908 "PIXCfgParser.cpp" +#line 6212 "PIXCfgParser.cpp" } break; } @@ -5942,13 +6246,13 @@ void PIXCfgParser::icmp_types_for_icmp_command() { } } if ( inputState->guessing==0 ) { -#line 1748 "pix.g" +#line 1750 "pix.g" importer->icmp_type = ""; importer->icmp_code = "0"; importer->icmp_spec = LT(0)->getText(); -#line 5952 "PIXCfgParser.cpp" +#line 6256 "PIXCfgParser.cpp" } break; } @@ -5961,29 +6265,165 @@ void PIXCfgParser::icmp_types_for_icmp_command() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_33); + recover(ex,_tokenSet_35); } else { throw; } } } -void PIXCfgParser::nat_old_top_level_command() { +void PIXCfgParser::nat_addr_match() { + Tracer traceInOut(this, "nat_addr_match"); + ANTLR_USE_NAMESPACE(antlr)RefToken acl_name = ANTLR_USE_NAMESPACE(antlr)nullToken; try { // for error handling - match(NAT); - if ( inputState->guessing==0 ) { -#line 1805 "pix.g" - - consumeUntil(NEWLINE); - -#line 5981 "PIXCfgParser.cpp" + { + switch ( LA(1)) { + case HOST: + { + host_addr(); + if ( inputState->guessing==0 ) { +#line 1842 "pix.g" + + importer->nat_a = importer->tmp_a; + importer->nat_nm = importer->tmp_nm; + +#line 6292 "PIXCfgParser.cpp" + } + break; + } + case ACCESS_LIST: + { + match(ACCESS_LIST); + acl_name = LT(1); + match(WORD); + if ( inputState->guessing==0 ) { +#line 1848 "pix.g" + + importer->nat_acl = acl_name->getText(); + +#line 6306 "PIXCfgParser.cpp" + } + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_0); + recover(ex,_tokenSet_36); + } else { + throw; + } + } +} + +void PIXCfgParser::nat_command_last_parameters() { + Tracer traceInOut(this, "nat_command_last_parameters"); + ANTLR_USE_NAMESPACE(antlr)RefToken max_conn = ANTLR_USE_NAMESPACE(antlr)nullToken; + ANTLR_USE_NAMESPACE(antlr)RefToken max_emb_conn = ANTLR_USE_NAMESPACE(antlr)nullToken; + + try { // for error handling + { + switch ( LA(1)) { + case DNS: + { + match(DNS); + break; + } + case INT_CONST: + case TCP: + case UDP: + case OUTSIDE: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + { + switch ( LA(1)) { + case OUTSIDE: + { + match(OUTSIDE); + break; + } + case INT_CONST: + case TCP: + case UDP: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + { + switch ( LA(1)) { + case TCP: + { + match(TCP); + break; + } + case UDP: + { + match(UDP); + break; + } + case INT_CONST: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + max_conn = LT(1); + match(INT_CONST); + { + switch ( LA(1)) { + case INT_CONST: + { + max_emb_conn = LT(1); + match(INT_CONST); + break; + } + case NEWLINE: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + if ( inputState->guessing==0 ) { +#line 1865 "pix.g" + + importer->static_max_conn = max_conn->getText(); + if (max_emb_conn) + importer->static_max_emb_conn = max_emb_conn->getText(); + +#line 6421 "PIXCfgParser.cpp" + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + if( inputState->guessing == 0 ) { + reportError(ex); + recover(ex,_tokenSet_9); } else { throw; } @@ -5991,15 +6431,16 @@ void PIXCfgParser::nat_old_top_level_command() { } void PIXCfgParser::nat_new_top_level_command() { + Tracer traceInOut(this, "nat_new_top_level_command"); try { // for error handling match(NAT); if ( inputState->guessing==0 ) { -#line 1811 "pix.g" +#line 1873 "pix.g" consumeUntil(NEWLINE); -#line 6003 "PIXCfgParser.cpp" +#line 6444 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -6012,44 +6453,282 @@ void PIXCfgParser::nat_new_top_level_command() { } } -void PIXCfgParser::global_top_level_command() { +void PIXCfgParser::static_starts_with_hostaddr() { + Tracer traceInOut(this, "static_starts_with_hostaddr"); try { // for error handling - match(GLOBAL); - if ( inputState->guessing==0 ) { -#line 1817 "pix.g" - - consumeUntil(NEWLINE); - -#line 6025 "PIXCfgParser.cpp" - } + static_mapped_addr_match(); + static_real_addr_match(); + static_command_common_last_parameters(); } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_0); + recover(ex,_tokenSet_9); } else { throw; } } } -void PIXCfgParser::static_top_level_command() { +void PIXCfgParser::static_starts_with_tcp_udp() { + Tracer traceInOut(this, "static_starts_with_tcp_udp"); try { // for error handling - match(STATIC); + { + switch ( LA(1)) { + case TCP: + { + match(TCP); + break; + } + case UDP: + { + match(UDP); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } if ( inputState->guessing==0 ) { -#line 1823 "pix.g" +#line 1967 "pix.g" - consumeUntil(NEWLINE); + importer->protocol = LT(0)->getText(); + *dbg << " SERVICE TCP/UDP" << LT(0)->getText() << " "; -#line 6047 "PIXCfgParser.cpp" +#line 6503 "PIXCfgParser.cpp" + } + static_mapped_addr_match(); + tcp_udp_port_spec(); + if ( inputState->guessing==0 ) { +#line 1981 "pix.g" + + importer->mapped_port_spec = importer->tmp_port_spec_2; + *dbg << "mapped port " << importer->mapped_port_spec; + +#line 6513 "PIXCfgParser.cpp" + } + static_real_addr_match(); + tcp_udp_port_spec(); + if ( inputState->guessing==0 ) { +#line 1996 "pix.g" + + importer->real_port_spec = importer->tmp_port_spec_2; + *dbg << "real port " << importer->real_port_spec; + +#line 6523 "PIXCfgParser.cpp" + } + static_command_common_last_parameters(); + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + if( inputState->guessing == 0 ) { + reportError(ex); + recover(ex,_tokenSet_9); + } else { + throw; + } + } +} + +void PIXCfgParser::static_mapped_addr_match() { + Tracer traceInOut(this, "static_mapped_addr_match"); + + try { // for error handling + { + switch ( LA(1)) { + case HOST: + { + host_addr(); + if ( inputState->guessing==0 ) { +#line 1938 "pix.g" + + importer->mapped_a = importer->tmp_a; + importer->mapped_nm = importer->tmp_nm; + +#line 6552 "PIXCfgParser.cpp" + } + break; + } + case INTRFACE: + { + match(INTRFACE); + if ( inputState->guessing==0 ) { +#line 1944 "pix.g" + + importer->mapped_a = "interface"; + importer->mapped_nm = ""; + +#line 6565 "PIXCfgParser.cpp" + } + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_0); + recover(ex,_tokenSet_37); + } else { + throw; + } + } +} + +void PIXCfgParser::static_real_addr_match() { + Tracer traceInOut(this, "static_real_addr_match"); + ANTLR_USE_NAMESPACE(antlr)RefToken acl_name = ANTLR_USE_NAMESPACE(antlr)nullToken; + + try { // for error handling + { + switch ( LA(1)) { + case HOST: + { + host_addr(); + if ( inputState->guessing==0 ) { +#line 1954 "pix.g" + + importer->real_a = importer->tmp_a; + importer->real_nm = importer->tmp_nm; + +#line 6602 "PIXCfgParser.cpp" + } + break; + } + case ACCESS_LIST: + { + match(ACCESS_LIST); + acl_name = LT(1); + match(WORD); + if ( inputState->guessing==0 ) { +#line 1960 "pix.g" + + importer->real_addr_acl = acl_name->getText(); + +#line 6616 "PIXCfgParser.cpp" + } + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + if( inputState->guessing == 0 ) { + reportError(ex); + recover(ex,_tokenSet_38); + } else { + throw; + } + } +} + +void PIXCfgParser::static_command_common_last_parameters() { + Tracer traceInOut(this, "static_command_common_last_parameters"); + ANTLR_USE_NAMESPACE(antlr)RefToken nm = ANTLR_USE_NAMESPACE(antlr)nullToken; + ANTLR_USE_NAMESPACE(antlr)RefToken max_conn = ANTLR_USE_NAMESPACE(antlr)nullToken; + ANTLR_USE_NAMESPACE(antlr)RefToken max_emb_conn = ANTLR_USE_NAMESPACE(antlr)nullToken; + + try { // for error handling + switch ( LA(1)) { + case NETMASK: + { + match(NETMASK); + nm = LT(1); + match(IPv4); + if ( inputState->guessing==0 ) { +#line 2012 "pix.g" + + importer->mapped_nm = nm->getText(); + +#line 6655 "PIXCfgParser.cpp" + } + break; + } + case TCP: + case UDP: + { + { + switch ( LA(1)) { + case TCP: + { + match(TCP); + break; + } + case UDP: + { + match(UDP); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + if ( inputState->guessing==0 ) { +#line 2017 "pix.g" + + // <0-65535> The maximum number of simultaneous tcp connections + + +#line 6686 "PIXCfgParser.cpp" + } + break; + } + case INT_CONST: + { + max_conn = LT(1); + match(INT_CONST); + { + switch ( LA(1)) { + case INT_CONST: + { + max_emb_conn = LT(1); + match(INT_CONST); + break; + } + case NEWLINE: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + if ( inputState->guessing==0 ) { +#line 2023 "pix.g" + + importer->static_max_conn = max_conn->getText(); + if (max_emb_conn) + importer->static_max_emb_conn = max_emb_conn->getText(); + +#line 6719 "PIXCfgParser.cpp" + } + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + if( inputState->guessing == 0 ) { + reportError(ex); + recover(ex,_tokenSet_9); } else { throw; } @@ -6091,6 +6770,7 @@ const char* PIXCfgParser::tokenNames[] = { "OBJECT", "\"network\"", "\"nat\"", + "OPENING_PAREN", "\"description\"", "\"host\"", "\"range\"", @@ -6172,6 +6852,7 @@ const char* PIXCfgParser::tokenNames[] = { "\"fragments\"", "\"time-range\"", "\"controller\"", + "\"outside\"", "LINE_COMMENT", "\"exit\"", "\"aui\"", @@ -6202,8 +6883,13 @@ const char* PIXCfgParser::tokenNames[] = { "\"remark\"", "\"access-group\"", "COLON_COMMENT", + "CLOSING_PAREN", + "DNS", "\"global\"", "\"static\"", + "COMMA", + "NETMASK", + "IPv4", "\"secondary\"", "\"setroute\"", "Whitespace", @@ -6217,11 +6903,8 @@ const char* PIXCfgParser::tokenNames[] = { "PERCENT", "AMPERSAND", "APOSTROPHE", - "OPENING_PAREN", - "CLOSING_PAREN", "STAR", "PLUS", - "COMMA", "MINUS", "DOT", "SLASH", @@ -6246,162 +6929,192 @@ const char* PIXCfgParser::tokenNames[] = { const unsigned long PIXCfgParser::_tokenSet_0_data_[] = { 2UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // EOF const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_0(_tokenSet_0_data_,6); -const unsigned long PIXCfgParser::_tokenSet_1_data_[] = { 268445554UL, 1407191056UL, 1073743360UL, 17006592UL, 12288UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// EOF NEWLINE "quit" "ip" "timeout" "names" "name" WORD OBJECT "icmp" +const unsigned long PIXCfgParser::_tokenSet_1_data_[] = { 1342187378UL, 2814382112UL, 2147486720UL, 67960832UL, 835584UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// EOF NEWLINE "quit" "ip" "timeout" "names" "name" WORD OBJECT "nat" "icmp" // OBJECT_GROUP "crypto" "no" "certificate" "PIX" "ASA" "hostname" "access-list" // "ssh" "telnet" "interface" "controller" LINE_COMMENT "exit" "nameif" -// "access-group" COLON_COMMENT +// "access-group" COLON_COMMENT "global" "static" const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_1(_tokenSet_1_data_,12); -const unsigned long PIXCfgParser::_tokenSet_2_data_[] = { 0UL, 32UL, 0UL, 1835008UL, 0UL, 0UL, 0UL, 0UL }; +const unsigned long PIXCfgParser::_tokenSet_2_data_[] = { 0UL, 64UL, 0UL, 7340032UL, 0UL, 0UL, 0UL, 0UL }; // INT_CONST "aui" "auto" "bnc" const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_2(_tokenSet_2_data_,8); -const unsigned long PIXCfgParser::_tokenSet_3_data_[] = { 536854592UL, 2512UL, 1UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +const unsigned long PIXCfgParser::_tokenSet_3_data_[] = { 536854592UL, 5024UL, 2UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // "ip" "ah" "eigrp" "esp" "gre" "igmp" "igrp" "ipinip" "ipsec" "nos" "ospf" // "pcp" "pim" "pptp" "snp" OBJECT "icmp" "icmp6" "tcp" "udp" OBJECT_GROUP // "permit" const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_3(_tokenSet_3_data_,8); -const unsigned long PIXCfgParser::_tokenSet_4_data_[] = { 536854592UL, 2512UL, 2UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +const unsigned long PIXCfgParser::_tokenSet_4_data_[] = { 536854592UL, 5024UL, 4UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // "ip" "ah" "eigrp" "esp" "gre" "igmp" "igrp" "ipinip" "ipsec" "nos" "ospf" // "pcp" "pim" "pptp" "snp" OBJECT "icmp" "icmp6" "tcp" "udp" OBJECT_GROUP // "deny" const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_4(_tokenSet_4_data_,8); -const unsigned long PIXCfgParser::_tokenSet_5_data_[] = { 2147483648UL, 1576960UL, 0UL, 0UL, 0UL, 0UL }; +const unsigned long PIXCfgParser::_tokenSet_5_data_[] = { 0UL, 3153921UL, 0UL, 0UL, 0UL, 0UL }; // "description" "group-object" "service-object" "port-object" const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_5(_tokenSet_5_data_,6); -const unsigned long PIXCfgParser::_tokenSet_6_data_[] = { 268437520UL, 2049UL, 3221225472UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +const unsigned long PIXCfgParser::_tokenSet_6_data_[] = { 268437520UL, 4098UL, 2147483648UL, 1UL, 0UL, 0UL, 0UL, 0UL }; // NEWLINE IPV4 OBJECT "host" OBJECT_GROUP "interface" "any" const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_6(_tokenSet_6_data_,8); -const unsigned long PIXCfgParser::_tokenSet_7_data_[] = { 3489671026UL, 1407191063UL, 1073743360UL, 17006592UL, 12288UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +const unsigned long PIXCfgParser::_tokenSet_7_data_[] = { 1342187378UL, 2814382127UL, 2147486720UL, 67960832UL, 835584UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // EOF NEWLINE "quit" "ip" "timeout" "names" "name" WORD OBJECT "nat" "description" // "host" "range" "subnet" "icmp" OBJECT_GROUP "crypto" "no" "certificate" // "PIX" "ASA" "hostname" "access-list" "ssh" "telnet" "interface" "controller" -// LINE_COMMENT "exit" "nameif" "access-group" COLON_COMMENT +// LINE_COMMENT "exit" "nameif" "access-group" COLON_COMMENT "global" "static" const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_7(_tokenSet_7_data_,12); -const unsigned long PIXCfgParser::_tokenSet_8_data_[] = { 16UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +const unsigned long PIXCfgParser::_tokenSet_8_data_[] = { 67117072UL, 2684355394UL, 3840UL, 131072UL, 2228224UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE WORD "pptp" "host" INT_CONST "tcp" "udp" "hostname" "access-list" +// "echo" "rip" "ssh" "telnet" "outside" DNS NETMASK +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_8(_tokenSet_8_data_,12); +const unsigned long PIXCfgParser::_tokenSet_9_data_[] = { 16UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // NEWLINE -const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_8(_tokenSet_8_data_,6); -const unsigned long PIXCfgParser::_tokenSet_9_data_[] = { 268419136UL, 32UL, 0UL, 0UL, 0UL, 0UL }; +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_9(_tokenSet_9_data_,6); +const unsigned long PIXCfgParser::_tokenSet_10_data_[] = { 1342189426UL, 2814382191UL, 4294966768UL, 68141063UL, 901120UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// EOF NEWLINE "quit" "ip" "timeout" "names" "name" IPV4 WORD OBJECT "nat" +// "description" "host" "range" "subnet" "icmp" INT_CONST OBJECT_GROUP +// "crypto" "no" "certificate" "PIX" "ASA" "hostname" "access-list" "eq" +// "gt" "lt" "neq" "echo" "ssh" "telnet" "established" "alternate-address" +// "conversion-error" "echo-reply" "information-reply" "information-request" +// "mask-reply" "mask-request" "mobile-redirect" "parameter-problem" "redirect" +// "router-advertisement" "router-solicitation" "source-quench" "time-exceeded" +// "timestamp-reply" "timestamp-request" "traceroute" "unreachable" "interface" +// "any" "log" "log-input" "fragments" "time-range" "controller" "outside" +// LINE_COMMENT "exit" "nameif" "access-group" COLON_COMMENT CLOSING_PAREN +// "global" "static" +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_10(_tokenSet_10_data_,12); +const unsigned long PIXCfgParser::_tokenSet_11_data_[] = { 268419136UL, 64UL, 0UL, 0UL, 0UL, 0UL }; // "ip" "ah" "eigrp" "esp" "gre" "igmp" "igrp" "ipinip" "ipsec" "nos" "ospf" // "pcp" "pim" "pptp" "snp" INT_CONST -const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_9(_tokenSet_9_data_,6); -const unsigned long PIXCfgParser::_tokenSet_10_data_[] = { 2415929202UL, 1407191064UL, 1073743360UL, 17006592UL, 12288UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// EOF NEWLINE "quit" "ip" "timeout" "names" "name" WORD OBJECT "description" +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_11(_tokenSet_11_data_,6); +const unsigned long PIXCfgParser::_tokenSet_12_data_[] = { 1342187378UL, 2814382129UL, 2147486720UL, 67960832UL, 835584UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// EOF NEWLINE "quit" "ip" "timeout" "names" "name" WORD OBJECT "nat" "description" // "service" "icmp" OBJECT_GROUP "crypto" "no" "certificate" "PIX" "ASA" // "hostname" "access-list" "ssh" "telnet" "interface" "controller" LINE_COMMENT -// "exit" "nameif" "access-group" COLON_COMMENT -const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_10(_tokenSet_10_data_,12); -const unsigned long PIXCfgParser::_tokenSet_11_data_[] = { 16UL, 0UL, 0UL, 24579UL, 0UL, 0UL, 0UL, 0UL }; +// "exit" "nameif" "access-group" COLON_COMMENT "global" "static" +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_12(_tokenSet_12_data_,12); +const unsigned long PIXCfgParser::_tokenSet_13_data_[] = { 16UL, 0UL, 0UL, 49158UL, 0UL, 0UL, 0UL, 0UL }; // NEWLINE "log" "log-input" "fragments" "time-range" -const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_11(_tokenSet_11_data_,8); -const unsigned long PIXCfgParser::_tokenSet_12_data_[] = { 16UL, 1026UL, 120UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_13(_tokenSet_13_data_,8); +const unsigned long PIXCfgParser::_tokenSet_14_data_[] = { 16UL, 2052UL, 240UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // NEWLINE "range" "destination" "eq" "gt" "lt" "neq" -const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_12(_tokenSet_12_data_,8); -const unsigned long PIXCfgParser::_tokenSet_13_data_[] = { 268437520UL, 3075UL, 3221227640UL, 24579UL, 0UL, 0UL, 0UL, 0UL }; +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_14(_tokenSet_14_data_,8); +const unsigned long PIXCfgParser::_tokenSet_15_data_[] = { 268437520UL, 6150UL, 2147487984UL, 49159UL, 0UL, 0UL, 0UL, 0UL }; // NEWLINE IPV4 OBJECT "host" "range" "destination" OBJECT_GROUP "eq" "gt" // "lt" "neq" "established" "interface" "any" "log" "log-input" "fragments" // "time-range" -const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_13(_tokenSet_13_data_,8); -const unsigned long PIXCfgParser::_tokenSet_14_data_[] = { 2415929202UL, 1407203344UL, 1073743360UL, 17006592UL, 12288UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// EOF NEWLINE "quit" "ip" "timeout" "names" "name" WORD OBJECT "description" +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_15(_tokenSet_15_data_,8); +const unsigned long PIXCfgParser::_tokenSet_16_data_[] = { 1342187378UL, 2814406689UL, 2147486720UL, 67960832UL, 835584UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// EOF NEWLINE "quit" "ip" "timeout" "names" "name" WORD OBJECT "nat" "description" // "icmp" OBJECT_GROUP "group-object" "network-object" "crypto" "no" "certificate" // "PIX" "ASA" "hostname" "access-list" "ssh" "telnet" "interface" "controller" -// LINE_COMMENT "exit" "nameif" "access-group" COLON_COMMENT -const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_14(_tokenSet_14_data_,12); -const unsigned long PIXCfgParser::_tokenSet_15_data_[] = { 2415929202UL, 1407227920UL, 1073743360UL, 17006592UL, 12288UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// EOF NEWLINE "quit" "ip" "timeout" "names" "name" WORD OBJECT "description" +// LINE_COMMENT "exit" "nameif" "access-group" COLON_COMMENT "global" "static" +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_16(_tokenSet_16_data_,12); +const unsigned long PIXCfgParser::_tokenSet_17_data_[] = { 1342187378UL, 2814455841UL, 2147486720UL, 67960832UL, 835584UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// EOF NEWLINE "quit" "ip" "timeout" "names" "name" WORD OBJECT "nat" "description" // "icmp" OBJECT_GROUP "group-object" "protocol-object" "crypto" "no" "certificate" // "PIX" "ASA" "hostname" "access-list" "ssh" "telnet" "interface" "controller" -// LINE_COMMENT "exit" "nameif" "access-group" COLON_COMMENT -const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_15(_tokenSet_15_data_,12); -const unsigned long PIXCfgParser::_tokenSet_16_data_[] = { 2415929202UL, 1407260688UL, 1073743360UL, 17006592UL, 12288UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// EOF NEWLINE "quit" "ip" "timeout" "names" "name" WORD OBJECT "description" +// LINE_COMMENT "exit" "nameif" "access-group" COLON_COMMENT "global" "static" +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_17(_tokenSet_17_data_,12); +const unsigned long PIXCfgParser::_tokenSet_18_data_[] = { 1342187378UL, 2814521377UL, 2147486720UL, 67960832UL, 835584UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// EOF NEWLINE "quit" "ip" "timeout" "names" "name" WORD OBJECT "nat" "description" // "icmp" OBJECT_GROUP "group-object" "icmp-object" "crypto" "no" "certificate" // "PIX" "ASA" "hostname" "access-list" "ssh" "telnet" "interface" "controller" -// LINE_COMMENT "exit" "nameif" "access-group" COLON_COMMENT -const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_16(_tokenSet_16_data_,12); -const unsigned long PIXCfgParser::_tokenSet_17_data_[] = { 2415929202UL, 1408768016UL, 1073743360UL, 17006592UL, 12288UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// EOF NEWLINE "quit" "ip" "timeout" "names" "name" WORD OBJECT "description" +// LINE_COMMENT "exit" "nameif" "access-group" COLON_COMMENT "global" "static" +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_18(_tokenSet_18_data_,12); +const unsigned long PIXCfgParser::_tokenSet_19_data_[] = { 1342187378UL, 2817536033UL, 2147486720UL, 67960832UL, 835584UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// EOF NEWLINE "quit" "ip" "timeout" "names" "name" WORD OBJECT "nat" "description" // "icmp" OBJECT_GROUP "group-object" "service-object" "port-object" "crypto" // "no" "certificate" "PIX" "ASA" "hostname" "access-list" "ssh" "telnet" // "interface" "controller" LINE_COMMENT "exit" "nameif" "access-group" -// COLON_COMMENT -const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_17(_tokenSet_17_data_,12); -const unsigned long PIXCfgParser::_tokenSet_18_data_[] = { 268445712UL, 2083UL, 4294965496UL, 24579UL, 0UL, 0UL, 0UL, 0UL }; +// COLON_COMMENT "global" "static" +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_19(_tokenSet_19_data_,12); +const unsigned long PIXCfgParser::_tokenSet_20_data_[] = { 268445712UL, 4166UL, 4294963696UL, 180231UL, 0UL, 0UL, 0UL, 0UL }; // NEWLINE IPV4 WORD OBJECT "host" "range" INT_CONST OBJECT_GROUP "eq" // "gt" "lt" "neq" "echo" "established" "alternate-address" "conversion-error" // "echo-reply" "information-reply" "information-request" "mask-reply" // "mask-request" "mobile-redirect" "parameter-problem" "redirect" "router-advertisement" // "router-solicitation" "source-quench" "time-exceeded" "timestamp-reply" // "timestamp-request" "traceroute" "unreachable" "interface" "any" "log" -// "log-input" "fragments" "time-range" -const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_18(_tokenSet_18_data_,8); -const unsigned long PIXCfgParser::_tokenSet_19_data_[] = { 268437504UL, 2049UL, 3221225472UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// IPV4 OBJECT "host" OBJECT_GROUP "interface" "any" -const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_19(_tokenSet_19_data_,8); -const unsigned long PIXCfgParser::_tokenSet_20_data_[] = { 16UL, 0UL, 0UL, 8195UL, 0UL, 0UL, 0UL, 0UL }; -// NEWLINE "log" "log-input" "fragments" +// "log-input" "fragments" "time-range" "outside" const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_20(_tokenSet_20_data_,8); -const unsigned long PIXCfgParser::_tokenSet_21_data_[] = { 16UL, 0UL, 0UL, 3UL, 0UL, 0UL, 0UL, 0UL }; -// NEWLINE "log" "log-input" +const unsigned long PIXCfgParser::_tokenSet_21_data_[] = { 268437504UL, 4098UL, 2147483648UL, 1UL, 0UL, 0UL, 0UL, 0UL }; +// IPV4 OBJECT "host" OBJECT_GROUP "interface" "any" const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_21(_tokenSet_21_data_,8); -const unsigned long PIXCfgParser::_tokenSet_22_data_[] = { 268445712UL, 2050UL, 2168UL, 24579UL, 0UL, 0UL, 0UL, 0UL }; -// NEWLINE IPV4 WORD OBJECT "range" OBJECT_GROUP "eq" "gt" "lt" "neq" "established" -// "log" "log-input" "fragments" "time-range" +const unsigned long PIXCfgParser::_tokenSet_22_data_[] = { 16UL, 0UL, 0UL, 16390UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE "log" "log-input" "fragments" const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_22(_tokenSet_22_data_,8); -const unsigned long PIXCfgParser::_tokenSet_23_data_[] = { 0UL, 2UL, 120UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// "range" "eq" "gt" "lt" "neq" +const unsigned long PIXCfgParser::_tokenSet_23_data_[] = { 16UL, 0UL, 0UL, 6UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE "log" "log-input" const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_23(_tokenSet_23_data_,8); -const unsigned long PIXCfgParser::_tokenSet_24_data_[] = { 67117056UL, 268435488UL, 1920UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// WORD "pptp" INT_CONST "hostname" "echo" "rip" "ssh" "telnet" +const unsigned long PIXCfgParser::_tokenSet_24_data_[] = { 268445712UL, 4100UL, 4336UL, 180230UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE IPV4 WORD OBJECT "range" OBJECT_GROUP "eq" "gt" "lt" "neq" "established" +// "log" "log-input" "fragments" "time-range" "outside" const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_24(_tokenSet_24_data_,8); -const unsigned long PIXCfgParser::_tokenSet_25_data_[] = { 268435472UL, 2050UL, 2168UL, 24579UL, 0UL, 0UL, 0UL, 0UL }; +const unsigned long PIXCfgParser::_tokenSet_25_data_[] = { 0UL, 4UL, 240UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// "range" "eq" "gt" "lt" "neq" +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_25(_tokenSet_25_data_,8); +const unsigned long PIXCfgParser::_tokenSet_26_data_[] = { 67117056UL, 536870976UL, 3840UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// WORD "pptp" INT_CONST "hostname" "echo" "rip" "ssh" "telnet" +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_26(_tokenSet_26_data_,8); +const unsigned long PIXCfgParser::_tokenSet_27_data_[] = { 268435472UL, 4100UL, 4336UL, 49158UL, 0UL, 0UL, 0UL, 0UL }; // NEWLINE OBJECT "range" OBJECT_GROUP "eq" "gt" "lt" "neq" "established" // "log" "log-input" "fragments" "time-range" -const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_25(_tokenSet_25_data_,8); -const unsigned long PIXCfgParser::_tokenSet_26_data_[] = { 335554418UL, 1407191090UL, 1073745912UL, 17039359UL, 12288UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_27(_tokenSet_27_data_,8); +const unsigned long PIXCfgParser::_tokenSet_28_data_[] = { 1409296242UL, 2814382180UL, 2147491824UL, 68026366UL, 835584UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // EOF NEWLINE "quit" "ip" "timeout" "names" "name" WORD "pptp" OBJECT -// "range" "icmp" INT_CONST OBJECT_GROUP "crypto" "no" "certificate" "PIX" -// "ASA" "hostname" "access-list" "eq" "gt" "lt" "neq" "echo" "rip" "ssh" -// "telnet" "established" "interface" "log" "log-input" "alerts" "critical" -// "debugging" "emergencies" "errors" "informational" "notifications" "warnings" -// "disable" "inactive" "interval" "fragments" "time-range" "controller" -// LINE_COMMENT "exit" "nameif" "access-group" COLON_COMMENT -const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_26(_tokenSet_26_data_,12); -const unsigned long PIXCfgParser::_tokenSet_27_data_[] = { 335554418UL, 1407191088UL, 1073743744UL, 17039359UL, 12288UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// "nat" "range" "icmp" INT_CONST OBJECT_GROUP "crypto" "no" "certificate" +// "PIX" "ASA" "hostname" "access-list" "eq" "gt" "lt" "neq" "echo" "rip" +// "ssh" "telnet" "established" "interface" "log" "log-input" "alerts" +// "critical" "debugging" "emergencies" "errors" "informational" "notifications" +// "warnings" "disable" "inactive" "interval" "fragments" "time-range" +// "controller" LINE_COMMENT "exit" "nameif" "access-group" COLON_COMMENT +// "global" "static" +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_28(_tokenSet_28_data_,12); +const unsigned long PIXCfgParser::_tokenSet_29_data_[] = { 1409296242UL, 2814382176UL, 2147487488UL, 68026366UL, 835584UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // EOF NEWLINE "quit" "ip" "timeout" "names" "name" WORD "pptp" OBJECT -// "icmp" INT_CONST OBJECT_GROUP "crypto" "no" "certificate" "PIX" "ASA" -// "hostname" "access-list" "echo" "rip" "ssh" "telnet" "interface" "log" -// "log-input" "alerts" "critical" "debugging" "emergencies" "errors" "informational" -// "notifications" "warnings" "disable" "inactive" "interval" "fragments" -// "time-range" "controller" LINE_COMMENT "exit" "nameif" "access-group" -// COLON_COMMENT -const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_27(_tokenSet_27_data_,12); -const unsigned long PIXCfgParser::_tokenSet_28_data_[] = { 268437504UL, 2051UL, 3221225592UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// "nat" "icmp" INT_CONST OBJECT_GROUP "crypto" "no" "certificate" "PIX" +// "ASA" "hostname" "access-list" "echo" "rip" "ssh" "telnet" "interface" +// "log" "log-input" "alerts" "critical" "debugging" "emergencies" "errors" +// "informational" "notifications" "warnings" "disable" "inactive" "interval" +// "fragments" "time-range" "controller" LINE_COMMENT "exit" "nameif" "access-group" +// COLON_COMMENT "global" "static" +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_29(_tokenSet_29_data_,12); +const unsigned long PIXCfgParser::_tokenSet_30_data_[] = { 268437504UL, 4102UL, 2147483888UL, 1UL, 0UL, 0UL, 0UL, 0UL }; // IPV4 OBJECT "host" "range" OBJECT_GROUP "eq" "gt" "lt" "neq" "interface" // "any" -const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_28(_tokenSet_28_data_,8); -const unsigned long PIXCfgParser::_tokenSet_29_data_[] = { 335554576UL, 268437538UL, 4088UL, 24579UL, 0UL, 0UL, 0UL, 0UL }; +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_30(_tokenSet_30_data_,8); +const unsigned long PIXCfgParser::_tokenSet_31_data_[] = { 335554576UL, 536875076UL, 8176UL, 180230UL, 0UL, 0UL, 0UL, 0UL }; // NEWLINE IPV4 WORD "pptp" OBJECT "range" INT_CONST OBJECT_GROUP "hostname" // "eq" "gt" "lt" "neq" "echo" "rip" "ssh" "telnet" "established" "log" -// "log-input" "fragments" "time-range" -const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_29(_tokenSet_29_data_,8); -const unsigned long PIXCfgParser::_tokenSet_30_data_[] = { 335554576UL, 268438563UL, 3221229560UL, 24579UL, 0UL, 0UL, 0UL, 0UL }; -// NEWLINE IPV4 WORD "pptp" OBJECT "host" "range" INT_CONST "destination" -// OBJECT_GROUP "hostname" "eq" "gt" "lt" "neq" "echo" "rip" "ssh" "telnet" -// "established" "interface" "any" "log" "log-input" "fragments" "time-range" -const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_30(_tokenSet_30_data_,8); -const unsigned long PIXCfgParser::_tokenSet_31_data_[] = { 2189688896UL, 4194304UL, 256UL, 4278190080UL, 575UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// "log-input" "fragments" "time-range" "outside" +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_31(_tokenSet_31_data_,8); +const unsigned long PIXCfgParser::_tokenSet_32_data_[] = { 335554576UL, 2684361542UL, 2147491824UL, 49159UL, 2097152UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE IPV4 WORD "pptp" OBJECT "host" "range" INT_CONST "tcp" "udp" +// "destination" OBJECT_GROUP "hostname" "access-list" "eq" "gt" "lt" "neq" +// "echo" "rip" "ssh" "telnet" "established" "interface" "any" "log" "log-input" +// "fragments" "time-range" NETMASK +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_32(_tokenSet_32_data_,12); +const unsigned long PIXCfgParser::_tokenSet_33_data_[] = { 42205248UL, 8388609UL, 512UL, 4227858432UL, 2303UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // "ip" "igmp" "ospf" "pim" "description" "no" "rip" "nameif" "vlan" "speed" // "duplex" "ddns" "forward" "delay" "hold-time" "ipv6" "mac-address" "multicast" // PPPOE "security-level" "shutdown" "switchport" -const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_31(_tokenSet_31_data_,12); -const unsigned long PIXCfgParser::_tokenSet_32_data_[] = { 2189688896UL, 4194304UL, 256UL, 4278386688UL, 575UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_33(_tokenSet_33_data_,12); +const unsigned long PIXCfgParser::_tokenSet_34_data_[] = { 42205248UL, 8388609UL, 512UL, 4228644864UL, 2303UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // "ip" "igmp" "ospf" "pim" "description" "no" "rip" LINE_COMMENT "exit" // "nameif" "vlan" "speed" "duplex" "ddns" "forward" "delay" "hold-time" // "ipv6" "mac-address" "multicast" PPPOE "security-level" "shutdown" "switchport" -const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_32(_tokenSet_32_data_,12); -const unsigned long PIXCfgParser::_tokenSet_33_data_[] = { 8192UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// WORD -const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_33(_tokenSet_33_data_,6); +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_34(_tokenSet_34_data_,12); +const unsigned long PIXCfgParser::_tokenSet_35_data_[] = { 8192UL, 0UL, 0UL, 131072UL, 0UL, 0UL, 0UL, 0UL }; +// WORD "outside" +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_35(_tokenSet_35_data_,8); +const unsigned long PIXCfgParser::_tokenSet_36_data_[] = { 0UL, 832UL, 0UL, 131072UL, 131072UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// INT_CONST "tcp" "udp" "outside" DNS +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_36(_tokenSet_36_data_,12); +const unsigned long PIXCfgParser::_tokenSet_37_data_[] = { 67117056UL, 2684354626UL, 3840UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// WORD "pptp" "host" INT_CONST "hostname" "access-list" "echo" "rip" "ssh" +// "telnet" +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_37(_tokenSet_37_data_,8); +const unsigned long PIXCfgParser::_tokenSet_38_data_[] = { 67117056UL, 536871744UL, 3840UL, 0UL, 2097152UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// WORD "pptp" INT_CONST "tcp" "udp" "hostname" "echo" "rip" "ssh" "telnet" +// NETMASK +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_38(_tokenSet_38_data_,12); diff --git a/src/parsers/PIXCfgParser.hpp b/src/parsers/PIXCfgParser.hpp index a61b42f51..347f5f01d 100644 --- a/src/parsers/PIXCfgParser.hpp +++ b/src/parsers/PIXCfgParser.hpp @@ -101,6 +101,9 @@ public: public: void ssh_command(); public: void telnet_command(); public: void icmp_top_level_command(); + public: void nat_old_top_level_command(); + public: void global_top_level_command(); + public: void static_top_level_command(); public: void access_group(); public: void exit(); public: void certificate(); @@ -119,12 +122,13 @@ public: public: void timeout_command(); public: void unknown_command(); public: void ip_protocol_names(); - public: void named_object_network_parameters(); public: void named_object_nat(); + public: void named_object_description(); + public: void named_object_network_parameters(); public: void host_addr(); public: void range_addr(); public: void subnet_addr(); - public: void named_object_description(); + public: void interface_label(); public: void named_object_service_parameters(); public: void service_icmp(); public: void service_icmp6(); @@ -192,10 +196,14 @@ public: public: void v7_dhcp_address(); public: void v7_static_address(); public: void icmp_types_for_icmp_command(); - public: void nat_old_top_level_command(); + public: void nat_addr_match(); + public: void nat_command_last_parameters(); public: void nat_new_top_level_command(); - public: void global_top_level_command(); - public: void static_top_level_command(); + public: void static_starts_with_hostaddr(); + public: void static_starts_with_tcp_udp(); + public: void static_mapped_addr_match(); + public: void static_real_addr_match(); + public: void static_command_common_last_parameters(); public: ANTLR_USE_NAMESPACE(antlr)RefAST getAST() { @@ -207,10 +215,10 @@ protected: private: static const char* tokenNames[]; #ifndef NO_STATIC_CONSTS - static const int NUM_TOKENS = 180; + static const int NUM_TOKENS = 184; #else enum { - NUM_TOKENS = 180 + NUM_TOKENS = 184 }; #endif @@ -282,6 +290,16 @@ private: static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_32; static const unsigned long _tokenSet_33_data_[]; static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_33; + static const unsigned long _tokenSet_34_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_34; + static const unsigned long _tokenSet_35_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_35; + static const unsigned long _tokenSet_36_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_36; + static const unsigned long _tokenSet_37_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_37; + static const unsigned long _tokenSet_38_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_38; }; #endif /*INC_PIXCfgParser_hpp_*/ diff --git a/src/parsers/PIXCfgParserTokenTypes.hpp b/src/parsers/PIXCfgParserTokenTypes.hpp index bbc0b85ab..9b4f6e7fb 100644 --- a/src/parsers/PIXCfgParserTokenTypes.hpp +++ b/src/parsers/PIXCfgParserTokenTypes.hpp @@ -39,155 +39,159 @@ struct CUSTOM_API PIXCfgParserTokenTypes { OBJECT = 28, NETWORK = 29, NAT = 30, - DESCRIPTION = 31, - HOST = 32, - RANGE = 33, - SUBNET = 34, - SERVICE = 35, - ICMP = 36, - INT_CONST = 37, - ICMP6 = 38, - TCP = 39, - UDP = 40, - SOURCE = 41, - DESTINATION = 42, - OBJECT_GROUP = 43, - GROUP_OBJECT = 44, - NETWORK_OBJECT = 45, - PROTOCOL = 46, - PROTOCOL_OBJECT = 47, - ICMP_OBJECT = 48, - ICMP_TYPE = 49, - TCP_UDP = 50, - SERVICE_OBJECT = 51, - PORT_OBJECT = 52, - CRYPTO = 53, - NO = 54, - CERTIFICATE = 55, - PIX_WORD = 56, - ASA_WORD = 57, - VERSION_WORD = 58, - NUMBER = 59, - HOSTNAME = 60, - STRING = 61, - ACCESS_LIST = 62, - EXTENDED = 63, - PERMIT = 64, - DENY = 65, - STANDARD = 66, - P_EQ = 67, - P_GT = 68, - P_LT = 69, - P_NEQ = 70, - ECHO = 71, - RIP = 72, - SSH = 73, - TELNET = 74, - ESTABLISHED = 75, - ALTERNATE_ADDRESS = 76, - CONVERSION_ERROR = 77, - ECHO_REPLY = 78, - INFORMATION_REPLY = 79, - INFORMATION_REQUEST = 80, - MASK_REPLY = 81, - MASK_REQUEST = 82, - MOBILE_REDIRECT = 83, - PARAMETER_PROBLEM = 84, - REDIRECT = 85, - ROUTER_ADVERTISEMENT = 86, - ROUTER_SOLICITATION = 87, - SOURCE_QUENCH = 88, - TIME_EXCEEDED = 89, - TIMESTAMP_REPLY = 90, - TIMESTAMP_REQUEST = 91, - TRACEROUTE = 92, - UNREACHABLE = 93, - INTRFACE = 94, - ANY = 95, - LOG = 96, - LOG_INPUT = 97, - LOG_LEVEL_ALERTS = 98, - LOG_LEVEL_CRITICAL = 99, - LOG_LEVEL_DEBUGGING = 100, - LOG_LEVEL_EMERGENCIES = 101, - LOG_LEVEL_ERRORS = 102, - LOG_LEVEL_INFORMATIONAL = 103, - LOG_LEVEL_NOTIFICATIONS = 104, - LOG_LEVEL_WARNINGS = 105, - LOG_LEVEL_DISABLE = 106, - LOG_LEVEL_INACTIVE = 107, - INTERVAL = 108, - FRAGMENTS = 109, - TIME_RANGE = 110, - CONTROLLER = 111, - LINE_COMMENT = 112, - EXIT = 113, - AUI = 114, - AUTO = 115, - BNC = 116, - FULL = 117, - BASET = 118, - BASETX = 119, - NAMEIF = 120, - VLAN = 121, - SPEED = 122, - DUPLEX = 123, - DDNS = 124, - FORWARD = 125, - DELAY = 126, - HOLD_TIME = 127, - IPV6_C = 128, - MAC_ADDRESS = 129, - MULTICAST = 130, - PPPOE = 131, - SEC_LEVEL = 132, - SHUTDOWN = 133, - ADDRESS = 134, - DHCP = 135, - STANDBY = 136, - SWITCHPORT = 137, - ACCESS = 138, - REMARK = 139, - ACCESS_GROUP = 140, - COLON_COMMENT = 141, - GLOBAL = 142, - STATIC = 143, - SECONDARY = 144, - SETROUTE = 145, - Whitespace = 146, - HEX_CONST = 147, - NEG_INT_CONST = 148, - DIGIT = 149, - HEXDIGIT = 150, - NUMBER_ADDRESS_OR_WORD = 151, - PIPE_CHAR = 152, - NUMBER_SIGN = 153, - PERCENT = 154, - AMPERSAND = 155, - APOSTROPHE = 156, - OPENING_PAREN = 157, - CLOSING_PAREN = 158, - STAR = 159, - PLUS = 160, - COMMA = 161, - MINUS = 162, - DOT = 163, - SLASH = 164, - COLON = 165, - SEMICOLON = 166, - LESS_THAN = 167, - EQUALS = 168, - GREATER_THAN = 169, - QUESTION = 170, - COMMERCIAL_AT = 171, - OPENING_SQUARE = 172, - CLOSING_SQUARE = 173, - CARET = 174, - UNDERLINE = 175, - OPENING_BRACE = 176, - CLOSING_BRACE = 177, - TILDE = 178, - EXLAMATION = 179, + OPENING_PAREN = 31, + DESCRIPTION = 32, + HOST = 33, + RANGE = 34, + SUBNET = 35, + SERVICE = 36, + ICMP = 37, + INT_CONST = 38, + ICMP6 = 39, + TCP = 40, + UDP = 41, + SOURCE = 42, + DESTINATION = 43, + OBJECT_GROUP = 44, + GROUP_OBJECT = 45, + NETWORK_OBJECT = 46, + PROTOCOL = 47, + PROTOCOL_OBJECT = 48, + ICMP_OBJECT = 49, + ICMP_TYPE = 50, + TCP_UDP = 51, + SERVICE_OBJECT = 52, + PORT_OBJECT = 53, + CRYPTO = 54, + NO = 55, + CERTIFICATE = 56, + PIX_WORD = 57, + ASA_WORD = 58, + VERSION_WORD = 59, + NUMBER = 60, + HOSTNAME = 61, + STRING = 62, + ACCESS_LIST = 63, + EXTENDED = 64, + PERMIT = 65, + DENY = 66, + STANDARD = 67, + P_EQ = 68, + P_GT = 69, + P_LT = 70, + P_NEQ = 71, + ECHO = 72, + RIP = 73, + SSH = 74, + TELNET = 75, + ESTABLISHED = 76, + ALTERNATE_ADDRESS = 77, + CONVERSION_ERROR = 78, + ECHO_REPLY = 79, + INFORMATION_REPLY = 80, + INFORMATION_REQUEST = 81, + MASK_REPLY = 82, + MASK_REQUEST = 83, + MOBILE_REDIRECT = 84, + PARAMETER_PROBLEM = 85, + REDIRECT = 86, + ROUTER_ADVERTISEMENT = 87, + ROUTER_SOLICITATION = 88, + SOURCE_QUENCH = 89, + TIME_EXCEEDED = 90, + TIMESTAMP_REPLY = 91, + TIMESTAMP_REQUEST = 92, + TRACEROUTE = 93, + UNREACHABLE = 94, + INTRFACE = 95, + ANY = 96, + LOG = 97, + LOG_INPUT = 98, + LOG_LEVEL_ALERTS = 99, + LOG_LEVEL_CRITICAL = 100, + LOG_LEVEL_DEBUGGING = 101, + LOG_LEVEL_EMERGENCIES = 102, + LOG_LEVEL_ERRORS = 103, + LOG_LEVEL_INFORMATIONAL = 104, + LOG_LEVEL_NOTIFICATIONS = 105, + LOG_LEVEL_WARNINGS = 106, + LOG_LEVEL_DISABLE = 107, + LOG_LEVEL_INACTIVE = 108, + INTERVAL = 109, + FRAGMENTS = 110, + TIME_RANGE = 111, + CONTROLLER = 112, + OUTSIDE = 113, + LINE_COMMENT = 114, + EXIT = 115, + AUI = 116, + AUTO = 117, + BNC = 118, + FULL = 119, + BASET = 120, + BASETX = 121, + NAMEIF = 122, + VLAN = 123, + SPEED = 124, + DUPLEX = 125, + DDNS = 126, + FORWARD = 127, + DELAY = 128, + HOLD_TIME = 129, + IPV6_C = 130, + MAC_ADDRESS = 131, + MULTICAST = 132, + PPPOE = 133, + SEC_LEVEL = 134, + SHUTDOWN = 135, + ADDRESS = 136, + DHCP = 137, + STANDBY = 138, + SWITCHPORT = 139, + ACCESS = 140, + REMARK = 141, + ACCESS_GROUP = 142, + COLON_COMMENT = 143, + CLOSING_PAREN = 144, + DNS = 145, + GLOBAL = 146, + STATIC = 147, + COMMA = 148, + NETMASK = 149, + IPv4 = 150, + SECONDARY = 151, + SETROUTE = 152, + Whitespace = 153, + HEX_CONST = 154, + NEG_INT_CONST = 155, + DIGIT = 156, + HEXDIGIT = 157, + NUMBER_ADDRESS_OR_WORD = 158, + PIPE_CHAR = 159, + NUMBER_SIGN = 160, + PERCENT = 161, + AMPERSAND = 162, + APOSTROPHE = 163, + STAR = 164, + PLUS = 165, + MINUS = 166, + DOT = 167, + SLASH = 168, + COLON = 169, + SEMICOLON = 170, + LESS_THAN = 171, + EQUALS = 172, + GREATER_THAN = 173, + QUESTION = 174, + COMMERCIAL_AT = 175, + OPENING_SQUARE = 176, + CLOSING_SQUARE = 177, + CARET = 178, + UNDERLINE = 179, + OPENING_BRACE = 180, + CLOSING_BRACE = 181, + TILDE = 182, + EXLAMATION = 183, NULL_TREE_LOOKAHEAD = 3 }; #ifdef __cplusplus diff --git a/src/parsers/PIXCfgParserTokenTypes.txt b/src/parsers/PIXCfgParserTokenTypes.txt index 848382d8a..f9f9a9d41 100644 --- a/src/parsers/PIXCfgParserTokenTypes.txt +++ b/src/parsers/PIXCfgParserTokenTypes.txt @@ -27,152 +27,156 @@ SNP="snp"=27 OBJECT=28 NETWORK="network"=29 NAT="nat"=30 -DESCRIPTION="description"=31 -HOST="host"=32 -RANGE="range"=33 -SUBNET="subnet"=34 -SERVICE="service"=35 -ICMP="icmp"=36 -INT_CONST=37 -ICMP6="icmp6"=38 -TCP="tcp"=39 -UDP="udp"=40 -SOURCE="source"=41 -DESTINATION="destination"=42 -OBJECT_GROUP=43 -GROUP_OBJECT="group-object"=44 -NETWORK_OBJECT="network-object"=45 -PROTOCOL="protocol"=46 -PROTOCOL_OBJECT="protocol-object"=47 -ICMP_OBJECT="icmp-object"=48 -ICMP_TYPE="icmp-type"=49 -TCP_UDP="tcp-udp"=50 -SERVICE_OBJECT="service-object"=51 -PORT_OBJECT="port-object"=52 -CRYPTO="crypto"=53 -NO="no"=54 -CERTIFICATE="certificate"=55 -PIX_WORD="PIX"=56 -ASA_WORD="ASA"=57 -VERSION_WORD="Version"=58 -NUMBER=59 -HOSTNAME="hostname"=60 -STRING=61 -ACCESS_LIST="access-list"=62 -EXTENDED="extended"=63 -PERMIT="permit"=64 -DENY="deny"=65 -STANDARD="standard"=66 -P_EQ="eq"=67 -P_GT="gt"=68 -P_LT="lt"=69 -P_NEQ="neq"=70 -ECHO="echo"=71 -RIP="rip"=72 -SSH="ssh"=73 -TELNET="telnet"=74 -ESTABLISHED="established"=75 -ALTERNATE_ADDRESS="alternate-address"=76 -CONVERSION_ERROR="conversion-error"=77 -ECHO_REPLY="echo-reply"=78 -INFORMATION_REPLY="information-reply"=79 -INFORMATION_REQUEST="information-request"=80 -MASK_REPLY="mask-reply"=81 -MASK_REQUEST="mask-request"=82 -MOBILE_REDIRECT="mobile-redirect"=83 -PARAMETER_PROBLEM="parameter-problem"=84 -REDIRECT="redirect"=85 -ROUTER_ADVERTISEMENT="router-advertisement"=86 -ROUTER_SOLICITATION="router-solicitation"=87 -SOURCE_QUENCH="source-quench"=88 -TIME_EXCEEDED="time-exceeded"=89 -TIMESTAMP_REPLY="timestamp-reply"=90 -TIMESTAMP_REQUEST="timestamp-request"=91 -TRACEROUTE="traceroute"=92 -UNREACHABLE="unreachable"=93 -INTRFACE="interface"=94 -ANY="any"=95 -LOG="log"=96 -LOG_INPUT="log-input"=97 -LOG_LEVEL_ALERTS="alerts"=98 -LOG_LEVEL_CRITICAL="critical"=99 -LOG_LEVEL_DEBUGGING="debugging"=100 -LOG_LEVEL_EMERGENCIES="emergencies"=101 -LOG_LEVEL_ERRORS="errors"=102 -LOG_LEVEL_INFORMATIONAL="informational"=103 -LOG_LEVEL_NOTIFICATIONS="notifications"=104 -LOG_LEVEL_WARNINGS="warnings"=105 -LOG_LEVEL_DISABLE="disable"=106 -LOG_LEVEL_INACTIVE="inactive"=107 -INTERVAL="interval"=108 -FRAGMENTS="fragments"=109 -TIME_RANGE="time-range"=110 -CONTROLLER="controller"=111 -LINE_COMMENT=112 -EXIT="exit"=113 -AUI="aui"=114 -AUTO="auto"=115 -BNC="bnc"=116 -FULL="full"=117 -BASET="baseT"=118 -BASETX="baseTX"=119 -NAMEIF="nameif"=120 -VLAN="vlan"=121 -SPEED="speed"=122 -DUPLEX="duplex"=123 -DDNS="ddns"=124 -FORWARD="forward"=125 -DELAY="delay"=126 -HOLD_TIME="hold-time"=127 -IPV6_C="ipv6"=128 -MAC_ADDRESS="mac-address"=129 -MULTICAST="multicast"=130 -PPPOE=131 -SEC_LEVEL="security-level"=132 -SHUTDOWN="shutdown"=133 -ADDRESS="address"=134 -DHCP="dhcp"=135 -STANDBY="standby"=136 -SWITCHPORT="switchport"=137 -ACCESS="access"=138 -REMARK="remark"=139 -ACCESS_GROUP="access-group"=140 -COLON_COMMENT=141 -GLOBAL="global"=142 -STATIC="static"=143 -SECONDARY="secondary"=144 -SETROUTE="setroute"=145 -Whitespace=146 -HEX_CONST=147 -NEG_INT_CONST=148 -DIGIT=149 -HEXDIGIT=150 -NUMBER_ADDRESS_OR_WORD=151 -PIPE_CHAR=152 -NUMBER_SIGN=153 -PERCENT=154 -AMPERSAND=155 -APOSTROPHE=156 -OPENING_PAREN=157 -CLOSING_PAREN=158 -STAR=159 -PLUS=160 -COMMA=161 -MINUS=162 -DOT=163 -SLASH=164 -COLON=165 -SEMICOLON=166 -LESS_THAN=167 -EQUALS=168 -GREATER_THAN=169 -QUESTION=170 -COMMERCIAL_AT=171 -OPENING_SQUARE=172 -CLOSING_SQUARE=173 -CARET=174 -UNDERLINE=175 -OPENING_BRACE=176 -CLOSING_BRACE=177 -TILDE=178 -EXLAMATION=179 +OPENING_PAREN=31 +DESCRIPTION="description"=32 +HOST="host"=33 +RANGE="range"=34 +SUBNET="subnet"=35 +SERVICE="service"=36 +ICMP="icmp"=37 +INT_CONST=38 +ICMP6="icmp6"=39 +TCP="tcp"=40 +UDP="udp"=41 +SOURCE="source"=42 +DESTINATION="destination"=43 +OBJECT_GROUP=44 +GROUP_OBJECT="group-object"=45 +NETWORK_OBJECT="network-object"=46 +PROTOCOL="protocol"=47 +PROTOCOL_OBJECT="protocol-object"=48 +ICMP_OBJECT="icmp-object"=49 +ICMP_TYPE="icmp-type"=50 +TCP_UDP="tcp-udp"=51 +SERVICE_OBJECT="service-object"=52 +PORT_OBJECT="port-object"=53 +CRYPTO="crypto"=54 +NO="no"=55 +CERTIFICATE="certificate"=56 +PIX_WORD="PIX"=57 +ASA_WORD="ASA"=58 +VERSION_WORD="Version"=59 +NUMBER=60 +HOSTNAME="hostname"=61 +STRING=62 +ACCESS_LIST="access-list"=63 +EXTENDED="extended"=64 +PERMIT="permit"=65 +DENY="deny"=66 +STANDARD="standard"=67 +P_EQ="eq"=68 +P_GT="gt"=69 +P_LT="lt"=70 +P_NEQ="neq"=71 +ECHO="echo"=72 +RIP="rip"=73 +SSH="ssh"=74 +TELNET="telnet"=75 +ESTABLISHED="established"=76 +ALTERNATE_ADDRESS="alternate-address"=77 +CONVERSION_ERROR="conversion-error"=78 +ECHO_REPLY="echo-reply"=79 +INFORMATION_REPLY="information-reply"=80 +INFORMATION_REQUEST="information-request"=81 +MASK_REPLY="mask-reply"=82 +MASK_REQUEST="mask-request"=83 +MOBILE_REDIRECT="mobile-redirect"=84 +PARAMETER_PROBLEM="parameter-problem"=85 +REDIRECT="redirect"=86 +ROUTER_ADVERTISEMENT="router-advertisement"=87 +ROUTER_SOLICITATION="router-solicitation"=88 +SOURCE_QUENCH="source-quench"=89 +TIME_EXCEEDED="time-exceeded"=90 +TIMESTAMP_REPLY="timestamp-reply"=91 +TIMESTAMP_REQUEST="timestamp-request"=92 +TRACEROUTE="traceroute"=93 +UNREACHABLE="unreachable"=94 +INTRFACE="interface"=95 +ANY="any"=96 +LOG="log"=97 +LOG_INPUT="log-input"=98 +LOG_LEVEL_ALERTS="alerts"=99 +LOG_LEVEL_CRITICAL="critical"=100 +LOG_LEVEL_DEBUGGING="debugging"=101 +LOG_LEVEL_EMERGENCIES="emergencies"=102 +LOG_LEVEL_ERRORS="errors"=103 +LOG_LEVEL_INFORMATIONAL="informational"=104 +LOG_LEVEL_NOTIFICATIONS="notifications"=105 +LOG_LEVEL_WARNINGS="warnings"=106 +LOG_LEVEL_DISABLE="disable"=107 +LOG_LEVEL_INACTIVE="inactive"=108 +INTERVAL="interval"=109 +FRAGMENTS="fragments"=110 +TIME_RANGE="time-range"=111 +CONTROLLER="controller"=112 +OUTSIDE="outside"=113 +LINE_COMMENT=114 +EXIT="exit"=115 +AUI="aui"=116 +AUTO="auto"=117 +BNC="bnc"=118 +FULL="full"=119 +BASET="baseT"=120 +BASETX="baseTX"=121 +NAMEIF="nameif"=122 +VLAN="vlan"=123 +SPEED="speed"=124 +DUPLEX="duplex"=125 +DDNS="ddns"=126 +FORWARD="forward"=127 +DELAY="delay"=128 +HOLD_TIME="hold-time"=129 +IPV6_C="ipv6"=130 +MAC_ADDRESS="mac-address"=131 +MULTICAST="multicast"=132 +PPPOE=133 +SEC_LEVEL="security-level"=134 +SHUTDOWN="shutdown"=135 +ADDRESS="address"=136 +DHCP="dhcp"=137 +STANDBY="standby"=138 +SWITCHPORT="switchport"=139 +ACCESS="access"=140 +REMARK="remark"=141 +ACCESS_GROUP="access-group"=142 +COLON_COMMENT=143 +CLOSING_PAREN=144 +DNS=145 +GLOBAL="global"=146 +STATIC="static"=147 +COMMA=148 +NETMASK=149 +IPv4=150 +SECONDARY="secondary"=151 +SETROUTE="setroute"=152 +Whitespace=153 +HEX_CONST=154 +NEG_INT_CONST=155 +DIGIT=156 +HEXDIGIT=157 +NUMBER_ADDRESS_OR_WORD=158 +PIPE_CHAR=159 +NUMBER_SIGN=160 +PERCENT=161 +AMPERSAND=162 +APOSTROPHE=163 +STAR=164 +PLUS=165 +MINUS=166 +DOT=167 +SLASH=168 +COLON=169 +SEMICOLON=170 +LESS_THAN=171 +EQUALS=172 +GREATER_THAN=173 +QUESTION=174 +COMMERCIAL_AT=175 +OPENING_SQUARE=176 +CLOSING_SQUARE=177 +CARET=178 +UNDERLINE=179 +OPENING_BRACE=180 +CLOSING_BRACE=181 +TILDE=182 +EXLAMATION=183 diff --git a/src/parsers/pix.g b/src/parsers/pix.g index eb8237a2b..59dc56906 100644 --- a/src/parsers/pix.g +++ b/src/parsers/pix.g @@ -135,14 +135,14 @@ cfgfile : | icmp_top_level_command | -// nat_old_top_level_command -// | + nat_old_top_level_command + | // nat_new_top_level_command // | -// global_top_level_command -// | -// static_top_level_command -// | + global_top_level_command + | + static_top_level_command + | access_group | exit @@ -255,26 +255,26 @@ named_object_network : OBJECT NETWORK name:WORD NEWLINE << " Named Object " << name->getText() << std::endl; } ( + named_object_nat + | + named_object_description + | named_object_network_parameters )* ; named_object_network_parameters : ( - named_object_nat - | host_addr | range_addr | subnet_addr - | - named_object_description ) NEWLINE ; -named_object_nat : NAT +named_object_nat : NAT OPENING_PAREN interface_label { importer->addMessageToLog( "Parser warning: " @@ -284,7 +284,7 @@ named_object_nat : NAT } ; -named_object_description : DESCRIPTION +named_object_description : DESCRIPTION { importer->setCurrentLineNumber(LT(0)->getLine()); *dbg << LT(1)->getLine() << ":"; @@ -299,12 +299,6 @@ named_object_description : DESCRIPTION } ; -// construct such as "host 2001:0db8:85a3:0000:0000:8a2e:0370:7334" does not -// parse but the parser should not fail catastrophically and should continue -// working with input stream. This grammar splits words on ":" boundary and -// so the ipv6 address appears as token INT_CONST (2001), then a word that -// starts with ':'. -// host_addr : (HOST (h:IPV4 | v6:IPV6)) { importer->setCurrentLineNumber(LT(0)->getLine()); @@ -1211,11 +1205,11 @@ hostaddr_expr_2 : hostaddr_expr ; hostaddr_expr_3 : hostaddr_expr ; hostaddr_expr : - INTRFACE intf_name:WORD + INTRFACE interface_label { - importer->tmp_a = intf_name->getText(); + importer->tmp_a = LT(0)->getText(); importer->tmp_nm = "interface"; - *dbg << "object " << intf_name->getText() << " "; + *dbg << "object " << LT(0)->getText() << " "; } | ( ( OBJECT | OBJECT_GROUP ) name:WORD ) @@ -1350,6 +1344,11 @@ controller : CONTROLLER intrface : INTRFACE ( interface_command_6 | interface_command_7 ) ; +// unfortunately word "outside" is used as a keyword in nat commands +// and is also common interface label +interface_label : WORD | OUTSIDE + ; + interface_command_6 : in:WORD pix6_interface_hw_speed // pix 6 { importer->setCurrentLineNumber(LT(0)->getLine()); @@ -1383,15 +1382,22 @@ interface_command_7 {bool have_interface_parameters = false;} : in:WORD NEWLINE pix6_interface_hw_speed : ( AUI | AUTO | BNC | ( INT_CONST ( FULL | BASET | BASETX | AUTO ) ) ) - ; + ; -nameif_top_level : NAMEIF p_intf:WORD intf_label:WORD sec_level:WORD +nameif_top_level { - std::string label = (intf_label) ? intf_label->getText() : ""; - std::string seclevel = (sec_level) ? sec_level->getText() : ""; - importer->setInterfaceParametes(p_intf->getText(), label, seclevel); + std::string intf_name, intf_label, sec_level; + } : + NAMEIF + WORD { intf_name = LT(0)->getText(); } + interface_label { intf_label = LT(0)->getText(); } + WORD { sec_level = LT(0)->getText(); } + { + importer->setInterfaceParametes(intf_name, intf_label, sec_level); *dbg << " NAMEIF: " - << p_intf->getText() << label << seclevel << std::endl; + << intf_name << " " + << intf_label << " " + << sec_level << std::endl; } ; @@ -1493,17 +1499,10 @@ sec_level : SEC_LEVEL sec_level:INT_CONST // context in the grammar, function setInterfaceParametes() can locate // right interface using its first parameter. // -nameif : NAMEIF p_intf:WORD - ( - ( WORD ) => intf_label:WORD sec_level:WORD | - ( ) - ) +nameif : NAMEIF interface_label { - std::string label = (intf_label) ? intf_label->getText() : ""; - std::string seclevel = (sec_level) ? sec_level->getText() : ""; - importer->setInterfaceParametes(p_intf->getText(), label, seclevel); - *dbg << " NAMEIF: " - << p_intf->getText() << label << seclevel << std::endl; + importer->setInterfaceParametes(LT(0)->getText(), "", ""); + *dbg << " NAMEIF: " << LT(0)->getText() << std::endl; } ; @@ -1642,10 +1641,11 @@ ssh_command : SSH { importer->SaveTmpAddrToSrc(); } - intf_label:WORD + interface_label ) { - std::string acl_name = "ssh_commands_" + intf_label->getText(); + std::string intf_label = LT(0)->getText(); + std::string acl_name = "ssh_commands_" + intf_label; importer->setCurrentLineNumber(LT(0)->getLine()); importer->newUnidirRuleSet(acl_name, libfwbuilder::Policy::TYPENAME ); importer->newPolicyRule(); @@ -1655,7 +1655,7 @@ ssh_command : SSH importer->dst_port_op = "eq"; importer->dst_port_spec = "ssh"; importer->setInterfaceAndDirectionForRuleSet( - acl_name, intf_label->getText(), "in" ); + acl_name, intf_label, "in" ); importer->pushRule(); *dbg << std::endl; } @@ -1673,10 +1673,11 @@ telnet_command : TELNET { importer->SaveTmpAddrToSrc(); } - intf_label:WORD + interface_label ) { - std::string acl_name = "telnet_commands_" + intf_label->getText(); + std::string intf_label = LT(0)->getText(); + std::string acl_name = "telnet_commands_" + intf_label; importer->setCurrentLineNumber(LT(0)->getLine()); importer->newUnidirRuleSet(acl_name, libfwbuilder::Policy::TYPENAME ); importer->newPolicyRule(); @@ -1686,7 +1687,7 @@ telnet_command : TELNET importer->dst_port_op = "eq"; importer->dst_port_spec = "telnet"; importer->setInterfaceAndDirectionForRuleSet( - acl_name, intf_label->getText(), "in" ); + acl_name, intf_label, "in" ); importer->pushRule(); *dbg << std::endl; } @@ -1718,9 +1719,10 @@ icmp_top_level_command : ICMP importer->SaveTmpAddrToSrc(); } ( icmp_types_for_icmp_command )? - intf_label:WORD + interface_label { - std::string acl_name = "icmp_commands_" + intf_label->getText(); + std::string intf_label = LT(0)->getText(); + std::string acl_name = "icmp_commands_" + intf_label; importer->setCurrentLineNumber(LT(0)->getLine()); importer->newUnidirRuleSet(acl_name, libfwbuilder::Policy::TYPENAME ); importer->newPolicyRule(); @@ -1729,7 +1731,7 @@ icmp_top_level_command : ICMP importer->setDstSelf(); importer->protocol = "icmp"; importer->setInterfaceAndDirectionForRuleSet( - acl_name, intf_label->getText(), "in" ); + acl_name, intf_label, "in" ); importer->pushRule(); } ) @@ -1776,16 +1778,17 @@ remark : REMARK //**************************************************************** -access_group : ACCESS_GROUP aclname:WORD dir:WORD INTRFACE intf_label:WORD +access_group : ACCESS_GROUP aclname:WORD dir:WORD INTRFACE interface_label { + std::string intf_label = LT(0)->getText(); importer->setCurrentLineNumber(LT(0)->getLine()); importer->setInterfaceAndDirectionForRuleSet( aclname->getText(), - intf_label->getText(), + intf_label, dir->getText() ); *dbg << LT(1)->getLine() << ":" << " INTRFACE: ACL '" << aclname->getText() << "'" - << " " << intf_label->getText() + << " " << intf_label << " " << dir->getText() << std::endl; } ; @@ -1801,10 +1804,69 @@ comment : (LINE_COMMENT | COLON_COMMENT) ; //**************************************************************** // NAT commands -nat_old_top_level_command : NAT - { - consumeUntil(NEWLINE); - } +nat_old_top_level_command : + NAT OPENING_PAREN + interface_label { importer->prenat_interface = LT(0)->getText(); } + CLOSING_PAREN + { + importer->clear(); + importer->setCurrentLineNumber(LT(0)->getLine()); + importer->newUnidirRuleSet("nat", libfwbuilder::NAT::TYPENAME ); + *dbg << " SNAT rule " << std::endl; + importer->rule_type = libfwbuilder::NATRule::SNAT; + + } + + // <0-2147483647> The of this group of hosts/networks. + INT_CONST + { + importer->nat_num = LT(0)->getText(); + } + + // Hostname or A.B.C.D The hosts/networks in this group + // access-list Specify access-list name after this keyword + + nat_addr_match + + nat_command_last_parameters + + NEWLINE + { + importer->pushNATRule(); + } + ; + +nat_addr_match : + ( + host_addr // real + { + importer->nat_a = importer->tmp_a; + importer->nat_nm = importer->tmp_nm; + } + | + ACCESS_LIST acl_name:WORD + { + importer->nat_acl = acl_name->getText(); + } + ) + ; + +nat_command_last_parameters : + // <0-65535> The maximum number of simultaneous TCP connections + // dns Rewrite DNS address record + // norandomseq Disable TCP sequence number randomization + // outside Enable Outside NAT + // tcp Configure TCP specific parameters + // udp Configure UDP specific parameters + (DNS)? + (OUTSIDE)? + (TCP | UDP)? + max_conn:INT_CONST (max_emb_conn:INT_CONST)? + { + importer->static_max_conn = max_conn->getText(); + if (max_emb_conn) + importer->static_max_emb_conn = max_emb_conn->getText(); + } ; nat_new_top_level_command : NAT @@ -1813,18 +1875,157 @@ nat_new_top_level_command : NAT } ; -global_top_level_command : GLOBAL +global_top_level_command : + GLOBAL OPENING_PAREN + interface_label { importer->global_interface = LT(0)->getText(); } + CLOSING_PAREN num:INT_CONST + { + importer->clear(); + importer->setCurrentLineNumber(LT(0)->getLine()); + importer->global_pool_num = num->getText(); + *dbg << " global address pool " + << importer->global_pool_num + << " " + << importer->global_interface + << std::endl; + } { consumeUntil(NEWLINE); } ; -static_top_level_command : STATIC - { - consumeUntil(NEWLINE); - } +static_top_level_command : + STATIC OPENING_PAREN prenat_intf:WORD + COMMA postnat_intf:WORD CLOSING_PAREN + { + importer->clear(); + importer->setCurrentLineNumber(LT(0)->getLine()); + importer->newUnidirRuleSet("nat", libfwbuilder::NAT::TYPENAME ); + *dbg << " DNAT rule " << std::endl; + importer->rule_type = libfwbuilder::NATRule::DNAT; + importer->prenat_interface = prenat_intf->getText(); + importer->postnat_interface = postnat_intf->getText(); + } + // Hostname or A.B.C.D Global or mapped address + // interface Global address overload from interface + // tcp TCP to be used as transport protocol + // udp UDP to be used as transport protocol + ( + static_starts_with_hostaddr + | + static_starts_with_tcp_udp + ) + NEWLINE + { + importer->pushNATRule(); + } ; +static_starts_with_hostaddr : + static_mapped_addr_match + + // Hostname or A.B.C.D Real IP address of the host or hosts + // access-list Configure access-list name after this keyw + + static_real_addr_match + + static_command_common_last_parameters + ; + +static_mapped_addr_match : + ( + host_addr + { + importer->mapped_a = importer->tmp_a; + importer->mapped_nm = importer->tmp_nm; + } + | + INTRFACE + { + importer->mapped_a = "interface"; + importer->mapped_nm = ""; + } + ) + ; + +static_real_addr_match : + ( + host_addr // real + { + importer->real_a = importer->tmp_a; + importer->real_nm = importer->tmp_nm; + } + | + ACCESS_LIST acl_name:WORD + { + importer->real_addr_acl = acl_name->getText(); + } + ) + ; + +static_starts_with_tcp_udp : ( TCP | UDP ) + { + importer->protocol = LT(0)->getText(); + *dbg << " SERVICE TCP/UDP" << LT(0)->getText() << " "; + } + // Hostname or A.B.C.D Global or mapped address + // interface Global address overload from interface + + static_mapped_addr_match + + // <0-65535> Enter port number (0 - 65535) + // aol + // bgp + // chargen + tcp_udp_port_spec + { + importer->mapped_port_spec = importer->tmp_port_spec_2; + *dbg << "mapped port " << importer->mapped_port_spec; + } + + // Hostname or A.B.C.D Real IP address of the host or hosts + // access-list Configure access-list name after this keyword + + static_real_addr_match + + // <0-65535> Enter port number (0 - 65535) + // aol + // bgp + // chargen + tcp_udp_port_spec + { + importer->real_port_spec = importer->tmp_port_spec_2; + *dbg << "real port " << importer->real_port_spec; + } + + static_command_common_last_parameters + ; + +static_command_common_last_parameters : + // <0-65535> The maximum number of simultaneous tcp connections + // dns Use the created xlate to rewrite DNS address record + // netmask Configure Netmask to apply to IP addresses + // norandomseq Disable TCP sequence number randomization + // tcp Configure TCP specific parameters + // udp Configure UDP specific parameters + NETMASK nm:IPv4 + { + importer->mapped_nm = nm->getText(); + } + | + (TCP | UDP) + { + // <0-65535> The maximum number of simultaneous tcp connections + + } + | + max_conn:INT_CONST (max_emb_conn:INT_CONST)? + { + importer->static_max_conn = max_conn->getText(); + if (max_emb_conn) + importer->static_max_emb_conn = max_emb_conn->getText(); + } + ; //**************************************************************** @@ -1863,6 +2064,8 @@ tokens INTERVAL = "interval"; + OUTSIDE = "outside"; + VLAN = "vlan"; SWITCHPORT = "switchport"; ACCESS = "access"; @@ -1922,6 +2125,7 @@ tokens RANGE = "range"; + LOG = "log"; LOG_INPUT = "log-input"; @@ -2080,7 +2284,7 @@ NUMBER_ADDRESS_OR_WORD : ) | ( 'a'..'z' | 'A'..'Z' | '$' ) - ( '!'..'/' | '0'..'9' | ':' | ';' | '<' | '=' | '>' | + ( '!'..'\'' | '*'..'/' | '0'..'9' | ':' | ';' | '<' | '=' | '>' | '?' | '@' | 'A'..'Z' | '\\' | '^' | '_' | '`' | 'a'..'z' )* { _ttype = WORD; } ) diff --git a/src/unit_tests/ImporterTest/test_data/pix7-nat.test b/src/unit_tests/ImporterTest/test_data/pix7-nat.test new file mode 100644 index 000000000..367e09910 --- /dev/null +++ b/src/unit_tests/ImporterTest/test_data/pix7-nat.test @@ -0,0 +1,231 @@ +: Saved +: +PIX Version 7.2(1) +! +terminal width 511 +hostname pix1 +domain-name some-domain.org +enable password XXXXXXXXXXXXXXXX encrypted +names +name 1.2.3.4 gw +name 192.168.3.0 fake_network +name 192.168.4.1 inside_ip +! +dns-guard +! +interface Ethernet0 + no nameif + no security-level + no ip address +! +interface Ethernet0.101 + vlan 101 + nameif outside + security-level 0 + ip address 192.0.2.253 255.255.255.0 +! +interface Ethernet0.102 + vlan 102 + nameif dmz102 + security-level 20 + ip address 10.0.0.253 255.255.255.0 standby 10.0.0.254 +! +interface Ethernet1 + speed 100 + duplex full + nameif inside + security-level 100 + ip address 10.1.1.206 255.255.255.0 +! +interface Ethernet2 + description LAN/STATE Failover Interface + speed 10 +! +interface Ethernet3 + shutdown + no nameif + no security-level + no ip address +! +interface Ethernet4 + shutdown + no nameif + no security-level + no ip address +! +interface Ethernet5 + shutdown + no nameif + no security-level + no ip address +! +interface Ethernet6 +! +passwd MMMMMMMMMMMMMMMM encrypted +boot system flash:/pix721.bin +ftp mode passive +clock timezone PDT -7 +dns server-group DefaultDNS + domain-name some-domain.org +object-group network outside.id12051X6282.src.net.0 + network-object host 10.1.1.206 + network-object host 10.1.1.207 +object-group network outside.id12051X6282.src.net.1 + network-object host 172.17.1.253 + network-object host 172.17.1.254 + network-object host 192.0.2.253 + network-object host 192.0.2.254 +object-group network outside.id12051X6282.src.net.2 + network-object host 10.0.0.253 + network-object host 10.0.0.254 +access-list outside_in extended deny ip object-group outside.id12051X6282.src.net.0 any log warnings +access-list outside_in extended deny ip object-group outside.id12051X6282.src.net.1 any log warnings +access-list outside_in extended deny ip object-group outside.id12051X6282.src.net.2 any log warnings +access-list outside_in extended deny ip 10.1.1.0 255.255.255.0 any log warnings +access-list inside_out extended permit udp object-group outside.id12051X6282.src.net.0 10.1.1.0 255.255.255.0 eq domain log warnings +access-list inside_out extended permit udp object-group outside.id12051X6282.src.net.1 10.1.1.0 255.255.255.0 eq domain log warnings +access-list inside_out extended permit udp object-group outside.id12051X6282.src.net.2 10.1.1.0 255.255.255.0 eq domain log warnings +access-list inside_out extended permit ip 10.1.1.0 255.255.255.0 any +access-list inside_out extended deny ip any any log warnings +access-list inside_in extended deny ip any object-group outside.id12051X6282.src.net.0 log warnings +access-list inside_in extended deny ip any object-group outside.id12051X6282.src.net.1 log warnings +access-list inside_in extended deny ip any object-group outside.id12051X6282.src.net.2 log warnings +access-list inside_in extended permit ip 10.1.1.0 255.255.255.0 any +access-list inside_in extended deny ip any any log warnings +access-list id12251X6282.0 extended permit ip 10.1.1.0 255.255.255.0 any + +access-list id3DB0F94E.0 permit tcp host 192.168.1.10 eq 25 any + +access-list id3DB0F924.0 permit ip 192.168.2.0 255.255.255.0 any +access-list id3DB0F924.0 permit ip 192.168.3.0 255.255.255.0 any + +pager lines 24 +logging enable +logging emblem +logging trap debugging +logging history informational +logging facility 16 +logging queue 10 +logging device-id ipaddress inside +logging host inside 192.168.240.20 +logging host inside 10.1.1.40 format emblem +logging class config buffered debugging +mtu outside 1500 +mtu dmz102 1500 +mtu inside 1500 +failover +failover lan unit primary +failover lan interface failover Ethernet2 +failover lan enable +failover key ***** +failover link failover Ethernet2 +failover interface ip failover 172.17.1.253 255.255.255.252 standby 172.17.1.254 +no asdm history enable +arp timeout 14400 + +nat-control + +global (outside) 1 interface +global (outside) 1 22.22.22.0 netmask 255.255.255.0 +global (outside) 1 22.22.22.21-22.22.22.25 netmask 255.255.255.0 +nat (inside) 1 access-list id12251X6282.0 + +nat (dmz102) 1 access-list id3DB0F924.0 0 0 + +static (inside,outside) tcp interface 25 access-list id3DB0F94E.0 0 0 + +static (inside,dmz102) 192.168.1.0 192.168.1.0 netmask 255.255.255.0 +static (inside,dmz102) 192.168.1.10 192.168.1.10 netmask 255.255.255.255 +static (inside,outside) 192.168.1.10 192.168.1.10 netmask 255.255.255.255 + + +access-group outside_in in interface outside +access-group inside_in in interface inside +access-group inside_out out interface inside + +route inside 192.168.10.0 255.255.255.0 10.1.1.254 1 +route inside 10.1.2.0 255.255.255.0 10.1.1.201 1 +timeout xlate 3:00:00 +timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 +timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 +timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 +timeout uauth 2:00:00 absolute +aaa-server TACACS+ protocol tacacs+ +aaa-server RADIUS protocol radius +username fwbtest password AAAAAAAAAAAAAAAA encrypted privilege 15 +aaa authentication ssh console LOCAL +snmp-server host inside 10.1.1.180 community public +snmp-server host inside 10.1.1.30 community public +snmp-server host inside 10.1.1.40 poll community public version 2c +no snmp-server location +no snmp-server contact +snmp-server community public +crypto ipsec transform-set spde esp-des esp-sha-hmac +crypto map spdemap 21 set peer 192.0.2.254 +crypto map spdemap 21 set transform-set spde +crypto isakmp identity address +crypto isakmp policy 21 + authentication pre-share + encryption des + hash sha + group 1 + lifetime 3600 +crypto isakmp policy 65535 + authentication pre-share + encryption 3des + hash sha + group 2 + lifetime 86400 +tunnel-group 192.0.2.254 type ipsec-l2l +tunnel-group 192.0.2.254 ipsec-attributes + pre-shared-key * +telnet timeout 5 +ssh scopy enable +ssh 10.1.1.0 255.255.255.0 inside +ssh 10.1.2.0 255.255.255.0 inside +ssh 192.0.2.100 255.255.255.255 outside +ssh timeout 20 +console timeout 0 +! +class-map custom_h323_h225_inspection + match port tcp range h323 1721 +class-map custom_http_inspection + match port tcp range www 88 +class-map inspection_default + match default-inspection-traffic +! +! +policy-map type inspect dns migrated_dns_map_1 + parameters + message-length maximum 512 +policy-map global_policy + class inspection_default + inspect dns migrated_dns_map_1 + inspect ftp + inspect h323 h225 + inspect h323 ras + inspect http + inspect netbios + inspect rsh + inspect rtsp + inspect skinny + inspect sqlnet + inspect sunrpc + inspect tftp + inspect sip + inspect xdmcp + inspect ctiqbe + inspect icmp + inspect ils + inspect mgcp + inspect esmtp + class custom_h323_h225_inspection + inspect h323 h225 + class custom_http_inspection + inspect http +! +service-policy global_policy global +prompt hostname context +Cryptochecksum:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx +: end + diff --git a/src/unit_tests/PIXImporterTest/PIXImporterTest.cpp b/src/unit_tests/PIXImporterTest/PIXImporterTest.cpp index 6ac74619a..4fa35b81e 100644 --- a/src/unit_tests/PIXImporterTest/PIXImporterTest.cpp +++ b/src/unit_tests/PIXImporterTest/PIXImporterTest.cpp @@ -117,8 +117,10 @@ void PIXImporterTest::compareResults(QueueLogger* logger, CPPUNIT_ASSERT_MESSAGE( QString( - "Sizes of the generated importer output and test files are different. " - "Expected: %1 (%2) Obtained: %3 (%4)") + "Sizes of the generated importer output and test files are different.\n" + "Expected: %1 (%2)\n" + "Obtained: %3 (%4)\n" + "diff -u %1 %3 | less -S") .arg(expected_result_file_name).arg(expected_result.size()) .arg(obtained_result_file_name).arg(obtained_result.size()).toStdString(), expected_result.size() == obtained_result.size()); @@ -154,7 +156,9 @@ void PIXImporterTest::compareFwbFiles(QString expected_result_file_name, // because they are always going to be different QString err("Sizes of the generated .fwb and test files are different: \n" - "expected: %1 (%2) obtained: %3 (%4)"); + "Expected: %1 (%2)\n" + "Obtained: %3 (%4)\n" + "diff -u %1 %3 | less -S"); CPPUNIT_ASSERT_MESSAGE( err @@ -205,8 +209,8 @@ void PIXImporterTest::PIX_6_Test() db->setPredictableIds(); db->saveFile("pix6.fwb"); - compareFwbFiles("test_data/pix6.fwb", "pix6.fwb"); compareResults(logger, "test_data/pix6.output", "pix6.output"); + compareFwbFiles("test_data/pix6.fwb", "pix6.fwb"); } void PIXImporterTest::PIX_7_Test() @@ -222,8 +226,8 @@ void PIXImporterTest::PIX_7_Test() db->setPredictableIds(); db->saveFile("pix7.fwb"); - compareFwbFiles("test_data/pix7.fwb", "pix7.fwb"); compareResults(logger, "test_data/pix7.output", "pix7.output"); + compareFwbFiles("test_data/pix7.fwb", "pix7.fwb"); } void PIXImporterTest::ASA_8_0_Test() @@ -239,8 +243,8 @@ void PIXImporterTest::ASA_8_0_Test() db->setPredictableIds(); db->saveFile("asa8.0.fwb"); - compareFwbFiles("test_data/asa8.0.fwb", "asa8.0.fwb"); compareResults(logger, "test_data/asa8.0.output", "asa8.0.output"); + compareFwbFiles("test_data/asa8.0.fwb", "asa8.0.fwb"); } void PIXImporterTest::ASA_8_3_Test() @@ -256,8 +260,8 @@ void PIXImporterTest::ASA_8_3_Test() db->setPredictableIds(); db->saveFile("asa8.3.fwb"); - compareFwbFiles("test_data/asa8.3.fwb", "asa8.3.fwb"); compareResults(logger, "test_data/asa8.3.output", "asa8.3.output"); + compareFwbFiles("test_data/asa8.3.fwb", "asa8.3.fwb"); } void PIXImporterTest::ObjectsAndGroupsTest() @@ -274,8 +278,11 @@ void PIXImporterTest::ObjectsAndGroupsTest() db->setPredictableIds(); db->saveFile("asa8.3-objects-and-groups.fwb"); - compareFwbFiles("test_data/asa8.3-objects-and-groups.fwb", "asa8.3-objects-and-groups.fwb"); - compareResults(logger, "test_data/asa8.3-objects-and-groups.output", "asa8.3-objects-and-groups.output"); + compareResults(logger, + "test_data/asa8.3-objects-and-groups.output", + "asa8.3-objects-and-groups.output"); + compareFwbFiles("test_data/asa8.3-objects-and-groups.fwb", + "asa8.3-objects-and-groups.fwb"); } void PIXImporterTest::ACLObjectsAndGroupsTest() @@ -291,8 +298,11 @@ void PIXImporterTest::ACLObjectsAndGroupsTest() db->setPredictableIds(); db->saveFile("asa8.3-acl-object-groups.fwb"); - compareFwbFiles("test_data/asa8.3-acl-object-groups.fwb", "asa8.3-acl-object-groups.fwb"); - compareResults(logger, "test_data/asa8.3-acl-object-groups.output", "asa8.3-acl-object-groups.output"); + compareResults(logger, + "test_data/asa8.3-acl-object-groups.output", + "asa8.3-acl-object-groups.output"); + compareFwbFiles("test_data/asa8.3-acl-object-groups.fwb", + "asa8.3-acl-object-groups.fwb"); } void PIXImporterTest::ACLTest() @@ -308,7 +318,7 @@ void PIXImporterTest::ACLTest() db->setPredictableIds(); db->saveFile("asa8.3-acl.fwb"); - compareFwbFiles("test_data/asa8.3-acl.fwb", "asa8.3-acl.fwb"); compareResults(logger, "test_data/asa8.3-acl.output", "asa8.3-acl.output"); + compareFwbFiles("test_data/asa8.3-acl.fwb", "asa8.3-acl.fwb"); } diff --git a/src/unit_tests/PIXImporterTest/test_data/asa8.3-acl.fwb b/src/unit_tests/PIXImporterTest/test_data/asa8.3-acl.fwb index c31bb1e8b..2203b6dfe 100644 --- a/src/unit_tests/PIXImporterTest/test_data/asa8.3-acl.fwb +++ b/src/unit_tests/PIXImporterTest/test_data/asa8.3-acl.fwb @@ -1,6 +1,6 @@ - + @@ -544,7 +544,7 @@ - + @@ -964,7 +964,7 @@ - + diff --git a/src/unit_tests/PIXImporterTest/test_data/asa8.3-acl.output b/src/unit_tests/PIXImporterTest/test_data/asa8.3-acl.output index 0d4af9aa2..5d2182b08 100644 --- a/src/unit_tests/PIXImporterTest/test_data/asa8.3-acl.output +++ b/src/unit_tests/PIXImporterTest/test_data/asa8.3-acl.output @@ -11,7 +11,7 @@ Interface address: dhcp/ New interface: Ethernet0/0 Interface comment: Switch port 0 / 0 Named object (service) http.0Named object (service) https.0Named object (address) server-1.0Named object (address) Internal_net.0Named object (address) external_net.0Object Group (service) id5102X14531.srv.tcp.0Named object (service) ip2Object Group (protocol) pg1Object Group (network) src-network-group-1Object Group (network) dst-network-group-1Ruleset: inside_in -Rule comment: 0 ( global) +Rule comment: 0 ( global ) Ruleset: inside_in Ruleset: inside_in Ruleset: inside_in @@ -34,7 +34,7 @@ Ruleset: inside_in Ruleset: inside_in Ruleset: inside_in Ruleset: inside_in -Rule comment: 3 ( global) +Rule comment: 3 ( global ) Ruleset: inside_in Ruleset: inside_in Ruleset: inside_in diff --git a/src/unit_tests/PIXImporterTest/test_data/asa8.3-acl.test b/src/unit_tests/PIXImporterTest/test_data/asa8.3-acl.test index 26fc7da06..f79497c00 100755 --- a/src/unit_tests/PIXImporterTest/test_data/asa8.3-acl.test +++ b/src/unit_tests/PIXImporterTest/test_data/asa8.3-acl.test @@ -226,12 +226,3 @@ access-group inside_out out interface inside access-group outside_in in interface outside access-group outside_out out interface outside - -! -! Rule 0 (NAT) -nat (inside,outside) source dynamic Internal_net.0 interface description "0 (NAT)" -! -! Rule 1 (NAT) -nat (outside,inside) source static any any destination static interface server-1.0 service http.0 http.0 description "1 (NAT)" -nat (outside,inside) source static any any destination static interface server-1.0 service https.0 https.0 description "1 (NAT)" - diff --git a/src/unit_tests/PIXImporterTest/test_data/asa8.3-nat.test b/src/unit_tests/PIXImporterTest/test_data/asa8.3-nat.test new file mode 100755 index 000000000..0dbaa8ae5 --- /dev/null +++ b/src/unit_tests/PIXImporterTest/test_data/asa8.3-nat.test @@ -0,0 +1,156 @@ +: Saved +: +ASA Version 8.3(2) +! +hostname asa5505 + + +interface Vlan1 + nameif inside + security-level 100 + ip address 192.168.1.1 255.255.255.0 +exit + +interface Vlan2 + nameif outside + security-level 0 + ip address dhcp setroute +exit + +interface Ethernet0/0 + description Switch port 0/0 +exit + + +no logging buffered +no logging console +no logging timestamp +no logging on + + +timeout xlate 0:0:0 +timeout conn 0:0:0 +timeout udp 0:0:0 +timeout sunrpc 0:0:0 +timeout h323 0:0:0 +timeout sip 0:0:0 +timeout sip_media 0:0:0 +timeout half-closed 0:0:0 +timeout uauth 0:0:0 + + +clear config ssh +aaa authentication ssh console LOCAL + +clear config snmp-server +no snmp-server enable traps + +clear config ntp + + +no service resetinbound +no service resetoutside +no sysopt connection timewait +no sysopt nodnsalias inbound +no sysopt nodnsalias outbound + + +class-map inspection_default + match default-inspection-traffic + +policy-map global_policy + class inspection_default + +service-policy global_policy global + + + +clear xlate +clear config nat +clear config access-list +clear config icmp +clear config telnet +clear config object-group +clear config object + + +object service http.0 + service tcp destination eq 80 +exit + +object service https.0 + service tcp destination eq 443 +exit + +object network server-1.0 + host 192.168.1.100 +exit + +object network Internal_net.0 + subnet 192.168.1.0 255.255.255.0 +exit + +object network external_net.0 + subnet 192.0.2.0 255.255.255.0 + +object-group service id5102X14531.srv.tcp.0 tcp + port-object eq 80 + port-object eq 443 +exit + +object service ip2 + service eigrp + +object-group protocol pg1 + protocol-object 111 + protocol-object ah + protocol-object ip + protocol-object eigrp + +object-group network src-network-group-1 + network-object 192.168.1.0 255.255.255.0 + network-object 192.168.2.0 255.255.255.0 + +object-group network dst-network-group-1 + network-object object external_net.0 + + +object-group network outside.id178211X29963.osrc.net.0 + network-object object internal_subnet_1 + network-object object internal_subnet_2 +! +object-group network outside.id21353X4994.osrc.net.0 + network-object object internal_subnet_1 + network-object object Internal_net + network-object object internal_subnet_2 +! +object-group network outside.id77971X5929.osrc.net.1 + network-object object internal_subnet_1 + network-object object internal_subnet_2 + +!################ +! + +access-list outside_in extended deny ip any any log + + +! access-group statements + +access-group outside_in in interface outside + + +! +! Rule 0 (NAT) +nat (inside,outside) source dynamic Internal_net.0 interface description "0 (NAT)" +! +! Rule 1 (NAT) +nat (outside,inside) source static any any destination static interface server-1.0 service http.0 http.0 description "1 (NAT)" +nat (outside,inside) source static any any destination static interface server-1.0 service https.0 https.0 description "1 (NAT)" + + +nat (inside,outside) source dynamic outside.id178211X29963.osrc.net.0 firewall90:FastEthernet1:ip-1 service smtp smtp +nat (inside,outside) source dynamic outside.id21353X4994.osrc.net.0 firewall90:FastEthernet1:ip-1 service smtp smtp +nat (outside,inside) source static any any destination static interface hostA:eth0 service http squid +nat (inside,outside) source dynamic outside.id77971X5929.osrc.net.0 outside.id77971X5929.tsrc.net.0 interface destination static outside.id77971X5929.odst.net.0 outside.id77971X5929.odst.net.0 service smtp smtp +nat (inside,outside) source dynamic outside.id77971X5929.osrc.net.0 outside.id77971X5929.tsrc.net.1 interface destination static outside.id77971X5929.odst.net.0 outside.id77971X5929.odst.net.0 service smtps smtps + diff --git a/src/unit_tests/PIXImporterTest/test_data/asa8.3.fwb b/src/unit_tests/PIXImporterTest/test_data/asa8.3.fwb index 484e80d2b..8e7bcffbc 100644 --- a/src/unit_tests/PIXImporterTest/test_data/asa8.3.fwb +++ b/src/unit_tests/PIXImporterTest/test_data/asa8.3.fwb @@ -1,6 +1,6 @@ - + @@ -436,51 +436,81 @@ - - - - - - - - - - - - - - + + + + + + + + - - - - - - - + - - - - - + + + + + - - - - - + + + + + + + - - - + + + - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - + + @@ -488,7 +518,7 @@ - + @@ -502,20 +532,20 @@ - + - + - - + + - + - + @@ -536,7 +566,7 @@ - - + + diff --git a/src/unit_tests/PIXImporterTest/test_data/asa8.3.output b/src/unit_tests/PIXImporterTest/test_data/asa8.3.output index 8c3f25400..dfc528aa9 100644 --- a/src/unit_tests/PIXImporterTest/test_data/asa8.3.output +++ b/src/unit_tests/PIXImporterTest/test_data/asa8.3.output @@ -33,4 +33,10 @@ New interface: Ethernet0/6 Warning: interface Ethernet0/6 was not imported because it is in "shutdown" mode New interface: Ethernet0/7 Warning: interface Ethernet0/7 was not imported because it is in "shutdown" mode -Named object (address) internal_subnet_1Named object (address) internal_subnet_2Named object (address) Internal_netNamed object (address) hostA:eth0Object Group (network) outside.id178211X29963.osrc.net.0Object Group (network) outside.id21353X4994.osrc.net.0Object Group (network) outside.id77971X5929.osrc.net.1Ruleset: outside_acl_in +Named object (address) internal_subnet_1Named object (address) internal_subnet_2Named object (address) Internal_netNamed object (address) hostA:eth0Ruleset: outside_acl_in +Parser error: line 91:5: unexpected token: scopy +Ruleset: ssh_commands_inside +Interface Vlan1 ruleset ssh_commands_inside direction 'in' +Ruleset: ssh_commands_inside +Interface Vlan1 ruleset ssh_commands_inside direction 'in' +Parser error: line 95:5: unexpected token: version diff --git a/src/unit_tests/PIXImporterTest/test_data/asa8.3.test b/src/unit_tests/PIXImporterTest/test_data/asa8.3.test index e185a5efc..79af89f99 100755 --- a/src/unit_tests/PIXImporterTest/test_data/asa8.3.test +++ b/src/unit_tests/PIXImporterTest/test_data/asa8.3.test @@ -61,19 +61,6 @@ object network Internal_net object network hostA:eth0 host 192.168.1.10 -object-group network outside.id178211X29963.osrc.net.0 - network-object object internal_subnet_1 - network-object object internal_subnet_2 -! -object-group network outside.id21353X4994.osrc.net.0 - network-object object internal_subnet_1 - network-object object Internal_net - network-object object internal_subnet_2 -! -object-group network outside.id77971X5929.osrc.net.1 - network-object object internal_subnet_1 - network-object object internal_subnet_2 - access-list outside_acl_in extended deny ip any any log pager lines 24 @@ -85,11 +72,6 @@ mtu outside 1500 icmp unreachable rate-limit 1 burst-size 1 no asdm history enable arp timeout 14400 -nat (inside,outside) source dynamic outside.id178211X29963.osrc.net.0 firewall90:FastEthernet1:ip-1 service smtp smtp -nat (inside,outside) source dynamic outside.id21353X4994.osrc.net.0 firewall90:FastEthernet1:ip-1 service smtp smtp -nat (outside,inside) source static any any destination static interface hostA:eth0 service http squid -nat (inside,outside) source dynamic outside.id77971X5929.osrc.net.0 outside.id77971X5929.tsrc.net.0 interface destination static outside.id77971X5929.odst.net.0 outside.id77971X5929.odst.net.0 service smtp smtp -nat (inside,outside) source dynamic outside.id77971X5929.osrc.net.0 outside.id77971X5929.tsrc.net.1 interface destination static outside.id77971X5929.odst.net.0 outside.id77971X5929.odst.net.0 service smtps smtps timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 diff --git a/src/unit_tests/PIXImporterTest/test_data/pix6.fwb b/src/unit_tests/PIXImporterTest/test_data/pix6.fwb index 2f247fd92..86b8eb86e 100644 --- a/src/unit_tests/PIXImporterTest/test_data/pix6.fwb +++ b/src/unit_tests/PIXImporterTest/test_data/pix6.fwb @@ -1,6 +1,6 @@ - + @@ -880,7 +880,7 @@ - + @@ -920,7 +920,7 @@ - + @@ -940,7 +940,7 @@ - + @@ -960,7 +960,7 @@ - + @@ -980,7 +980,7 @@ - + @@ -1020,7 +1020,7 @@ - + @@ -1040,7 +1040,7 @@ - + @@ -1061,7 +1061,7 @@ - + @@ -1103,7 +1103,7 @@ - + @@ -1123,7 +1123,7 @@ - + @@ -1143,7 +1143,7 @@ - + @@ -1163,7 +1163,7 @@ - + @@ -1203,7 +1203,7 @@ - + @@ -1243,7 +1243,7 @@ - + @@ -1283,7 +1283,7 @@ - + diff --git a/src/unit_tests/PIXImporterTest/test_data/pix6.output b/src/unit_tests/PIXImporterTest/test_data/pix6.output index f7899d473..67e1288de 100644 --- a/src/unit_tests/PIXImporterTest/test_data/pix6.output +++ b/src/unit_tests/PIXImporterTest/test_data/pix6.output @@ -6,14 +6,14 @@ Interface parameters: ethernet1 inside security100 Host name: guardian Parser warning: "names" section detected. Import of configuration that uses "names" is not supported at this time Object Group (icmp) inside.id12349X2458.srv.icmp.0Object Group (icmp) outside.id12363X2458.srv.icmp.0Object Group (service) outside.id12376X2458.srv.udp.0Object Group (service) outside.id12438X2458.srv.tcp.0Object Group (service) outside.id12466X2458.srv.tcp.0Ruleset: outside_acl_in -Rule comment: 0 ( ethernet0) +Rule comment: 0 ( ethernet0 ) Ruleset: outside_acl_in Ruleset: outside_acl_in Ruleset: outside_acl_in -Rule comment: 3 ( global) +Rule comment: 3 ( global ) Ruleset: outside_acl_in Ruleset: outside_acl_in -Rule comment: 4 ( global) +Rule comment: 4 ( global ) Ruleset: outside_acl_in Rule comment: fw uses DHCP Ruleset: outside_acl_in @@ -21,13 +21,13 @@ Rule comment: plus many DHCP requests Ruleset: outside_acl_in Rule comment: from cable modem Ruleset: outside_acl_in -Rule comment: 6 ( global) +Rule comment: 6 ( global ) Ruleset: outside_acl_in Ruleset: outside_acl_in -Rule comment: 7 ( global) +Rule comment: 7 ( global ) Ruleset: outside_acl_in Ruleset: outside_acl_in -Rule comment: 10 ( global) +Rule comment: 10 ( global ) Ruleset: outside_acl_in Rule comment: using swatch to automatically Ruleset: outside_acl_in @@ -37,40 +37,40 @@ Rule comment: need to limit Ruleset: outside_acl_in Ruleset: outside_acl_in Ruleset: outside_acl_in -Rule comment: 11 ( global) +Rule comment: 11 ( global ) Ruleset: outside_acl_in Ruleset: outside_acl_in Ruleset: outside_acl_in -Rule comment: 17 ( global) +Rule comment: 17 ( global ) Ruleset: outside_acl_in Ruleset: outside_acl_in Ruleset: outside_acl_in -Rule comment: 19 ( global) +Rule comment: 19 ( global ) Ruleset: outside_acl_in Rule comment: ' catch all' rule Ruleset: outside_acl_in Ruleset: inside_acl_in -Rule comment: 1 ( global) +Rule comment: 1 ( global ) Ruleset: inside_acl_in Ruleset: inside_acl_in Ruleset: inside_acl_in -Rule comment: 5 ( global) +Rule comment: 5 ( global ) Ruleset: inside_acl_in Ruleset: inside_acl_in -Rule comment: 6 ( global) +Rule comment: 6 ( global ) Ruleset: inside_acl_in Ruleset: inside_acl_in -Rule comment: 7 ( global) +Rule comment: 7 ( global ) Ruleset: inside_acl_in Ruleset: inside_acl_in -Rule comment: 17 ( global) +Rule comment: 17 ( global ) Ruleset: inside_acl_in Ruleset: inside_acl_in Ruleset: inside_acl_in -Rule comment: 18 ( global) +Rule comment: 18 ( global ) Ruleset: inside_acl_in Ruleset: inside_acl_in -Rule comment: 19 ( global) +Rule comment: 19 ( global ) Ruleset: inside_acl_in Rule comment: ' catch all' rule Ruleset: inside_acl_in diff --git a/src/unit_tests/PIXImporterTest/test_data/pix7-nat.test b/src/unit_tests/PIXImporterTest/test_data/pix7-nat.test new file mode 100644 index 000000000..0841f0a99 --- /dev/null +++ b/src/unit_tests/PIXImporterTest/test_data/pix7-nat.test @@ -0,0 +1,214 @@ +: Saved +: +PIX Version 7.2(1) +! +terminal width 511 +hostname pix1 +domain-name some-domain.org +enable password XXXXXXXXXXXXXXXX encrypted +names +name 1.2.3.4 gw +name 192.168.3.0 fake_network +name 192.168.4.1 inside_ip +! +dns-guard +! +interface Ethernet0 + no nameif + no security-level + no ip address +! +interface Ethernet0.101 + vlan 101 + nameif outside + security-level 0 + ip address 192.0.2.253 255.255.255.0 +! +interface Ethernet0.102 + vlan 102 + nameif dmz20 + security-level 20 + ip address 10.0.0.253 255.255.255.0 standby 10.0.0.254 +! +interface Ethernet1 + speed 100 + duplex full + nameif inside + security-level 100 + ip address 10.1.1.206 255.255.255.0 +! +interface Ethernet2 + description LAN/STATE Failover Interface + speed 10 +! +interface Ethernet3 + shutdown + no nameif + no security-level + no ip address +! +interface Ethernet4 + shutdown + no nameif + no security-level + no ip address +! +interface Ethernet5 + shutdown + no nameif + no security-level + no ip address +! +interface Ethernet6 +! +passwd MMMMMMMMMMMMMMMM encrypted +boot system flash:/pix721.bin +ftp mode passive +clock timezone PDT -7 +dns server-group DefaultDNS + domain-name some-domain.org +object-group network outside.id12051X6282.src.net.0 + network-object host 10.1.1.206 + network-object host 10.1.1.207 +object-group network outside.id12051X6282.src.net.1 + network-object host 172.17.1.253 + network-object host 172.17.1.254 + network-object host 192.0.2.253 + network-object host 192.0.2.254 +object-group network outside.id12051X6282.src.net.2 + network-object host 10.0.0.253 + network-object host 10.0.0.254 +access-list outside_in extended deny ip object-group outside.id12051X6282.src.net.0 any log warnings +access-list outside_in extended deny ip object-group outside.id12051X6282.src.net.1 any log warnings +access-list outside_in extended deny ip object-group outside.id12051X6282.src.net.2 any log warnings +access-list outside_in extended deny ip 10.1.1.0 255.255.255.0 any log warnings +access-list inside_out extended permit udp object-group outside.id12051X6282.src.net.0 10.1.1.0 255.255.255.0 eq domain log warnings +access-list inside_out extended permit udp object-group outside.id12051X6282.src.net.1 10.1.1.0 255.255.255.0 eq domain log warnings +access-list inside_out extended permit udp object-group outside.id12051X6282.src.net.2 10.1.1.0 255.255.255.0 eq domain log warnings +access-list inside_out extended permit ip 10.1.1.0 255.255.255.0 any +access-list inside_out extended deny ip any any log warnings +access-list inside_in extended deny ip any object-group outside.id12051X6282.src.net.0 log warnings +access-list inside_in extended deny ip any object-group outside.id12051X6282.src.net.1 log warnings +access-list inside_in extended deny ip any object-group outside.id12051X6282.src.net.2 log warnings +access-list inside_in extended permit ip 10.1.1.0 255.255.255.0 any +access-list inside_in extended deny ip any any log warnings +access-list id12251X6282.0 extended permit ip 10.1.1.0 255.255.255.0 any + +access-group inside_in in interface inside +access-group outside_in in interface outside + +pager lines 24 +logging enable +logging emblem +logging trap debugging +logging history informational +logging facility 16 +logging queue 10 +logging device-id ipaddress inside +logging host inside 192.168.240.20 +logging host inside 10.1.1.40 format emblem +logging class config buffered debugging +mtu outside 1500 +mtu dmz20 1500 +mtu inside 1500 +failover +failover lan unit primary +failover lan interface failover Ethernet2 +failover lan enable +failover key ***** +failover link failover Ethernet2 +failover interface ip failover 172.17.1.253 255.255.255.252 standby 172.17.1.254 +no asdm history enable +arp timeout 14400 +nat-control +global (outside) 1 interface +nat (inside) 1 access-list id12251X6282.0 +access-group outside_in in interface outside +access-group inside_in in interface inside +access-group inside_out out interface inside +route inside 192.168.10.0 255.255.255.0 10.1.1.254 1 +route inside 10.1.2.0 255.255.255.0 10.1.1.201 1 +timeout xlate 3:00:00 +timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 +timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 +timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 +timeout uauth 2:00:00 absolute +aaa-server TACACS+ protocol tacacs+ +aaa-server RADIUS protocol radius +username fwbtest password AAAAAAAAAAAAAAAA encrypted privilege 15 +aaa authentication ssh console LOCAL +snmp-server host inside 10.1.1.180 community public +snmp-server host inside 10.1.1.30 community public +snmp-server host inside 10.1.1.40 poll community public version 2c +no snmp-server location +no snmp-server contact +snmp-server community public +crypto ipsec transform-set spde esp-des esp-sha-hmac +crypto map spdemap 21 set peer 192.0.2.254 +crypto map spdemap 21 set transform-set spde +crypto isakmp identity address +crypto isakmp policy 21 + authentication pre-share + encryption des + hash sha + group 1 + lifetime 3600 +crypto isakmp policy 65535 + authentication pre-share + encryption 3des + hash sha + group 2 + lifetime 86400 +tunnel-group 192.0.2.254 type ipsec-l2l +tunnel-group 192.0.2.254 ipsec-attributes + pre-shared-key * +telnet timeout 5 +ssh scopy enable +ssh 10.1.1.0 255.255.255.0 inside +ssh 10.1.2.0 255.255.255.0 inside +ssh 192.0.2.100 255.255.255.255 outside +ssh timeout 20 +console timeout 0 +! +class-map custom_h323_h225_inspection + match port tcp range h323 1721 +class-map custom_http_inspection + match port tcp range www 88 +class-map inspection_default + match default-inspection-traffic +! +! +policy-map type inspect dns migrated_dns_map_1 + parameters + message-length maximum 512 +policy-map global_policy + class inspection_default + inspect dns migrated_dns_map_1 + inspect ftp + inspect h323 h225 + inspect h323 ras + inspect http + inspect netbios + inspect rsh + inspect rtsp + inspect skinny + inspect sqlnet + inspect sunrpc + inspect tftp + inspect sip + inspect xdmcp + inspect ctiqbe + inspect icmp + inspect ils + inspect mgcp + inspect esmtp + class custom_h323_h225_inspection + inspect h323 h225 + class custom_http_inspection + inspect http +! +service-policy global_policy global +prompt hostname context +Cryptochecksum:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx +: end + diff --git a/src/unit_tests/PIXImporterTest/test_data/pix7.fwb b/src/unit_tests/PIXImporterTest/test_data/pix7.fwb index 5933bb7ca..4e6c5086d 100644 --- a/src/unit_tests/PIXImporterTest/test_data/pix7.fwb +++ b/src/unit_tests/PIXImporterTest/test_data/pix7.fwb @@ -1,6 +1,6 @@ - + @@ -440,126 +440,67 @@ + - - - - + + + + - + - + - - - + + + + - + - - - - - + + + + + - - - + + - - - + + + + + + - - - + + + - - + + - + - + - + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + @@ -568,18 +509,58 @@ - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - + - + - + @@ -589,18 +570,18 @@ - + - + - + - + - + @@ -610,18 +591,18 @@ - + - + - + - + - + @@ -631,18 +612,38 @@ - + - + - + - + + + + + + + + + + + + + + + + + + + + + @@ -652,18 +653,185 @@ - + - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - + - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -675,16 +843,16 @@ - - + + - + - + @@ -698,138 +866,31 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + - + - - + + - - + + - - + + - + @@ -850,7 +911,7 @@ - - + + diff --git a/src/unit_tests/PIXImporterTest/test_data/pix7.output b/src/unit_tests/PIXImporterTest/test_data/pix7.output index 1dabf4cdd..dfe34d154 100644 --- a/src/unit_tests/PIXImporterTest/test_data/pix7.output +++ b/src/unit_tests/PIXImporterTest/test_data/pix7.output @@ -45,3 +45,13 @@ Ruleset: inside_in Ruleset: id12251X6282.0 Interface Ethernet1 ruleset inside_in direction 'in' Interface Ethernet0.101 ruleset outside_in direction 'in' +Interface Ethernet0.101 ruleset outside_in direction 'in' +Interface Ethernet1 ruleset inside_in direction 'in' +Interface Ethernet1 ruleset inside_out direction 'out' +Parser error: line 163:5: unexpected token: scopy +Ruleset: ssh_commands_inside +Interface Ethernet1 ruleset ssh_commands_inside direction 'in' +Ruleset: ssh_commands_inside +Interface Ethernet1 ruleset ssh_commands_inside direction 'in' +Ruleset: ssh_commands_outside +Interface Ethernet0.101 ruleset ssh_commands_outside direction 'in' diff --git a/src/unit_tests/PIXImporterTest/test_data/pix7.test b/src/unit_tests/PIXImporterTest/test_data/pix7.test index 0841f0a99..6defe1558 100644 --- a/src/unit_tests/PIXImporterTest/test_data/pix7.test +++ b/src/unit_tests/PIXImporterTest/test_data/pix7.test @@ -120,9 +120,6 @@ failover link failover Ethernet2 failover interface ip failover 172.17.1.253 255.255.255.252 standby 172.17.1.254 no asdm history enable arp timeout 14400 -nat-control -global (outside) 1 interface -nat (inside) 1 access-list id12251X6282.0 access-group outside_in in interface outside access-group inside_in in interface inside access-group inside_out out interface inside