From 59562d852c112b410cd669349f2ec97a27d38a31 Mon Sep 17 00:00:00 2001 From: Vadim Kurland Date: Fri, 25 Feb 2011 20:40:04 -0800 Subject: [PATCH] see #87 tested parser on pix6, pix7 and asa8 configs, making sure it parses different interface configurations correctly --- doc/ChangeLog | 10 + src/libgui/PIXImporterRun.cpp | 17 +- src/parsers/PIXCfgLexer.cpp | 253 +++++++++++++------------ src/parsers/PIXCfgParser.cpp | 189 +++++++++--------- src/parsers/PIXCfgParser.hpp | 6 +- src/parsers/PIXCfgParserTokenTypes.hpp | 85 +++++---- src/parsers/PIXCfgParserTokenTypes.txt | 85 +++++---- src/parsers/pix.g | 47 +++-- 8 files changed, 368 insertions(+), 324 deletions(-) diff --git a/doc/ChangeLog b/doc/ChangeLog index beea8478c..d940f5dd9 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,3 +1,13 @@ +2011-02-25 vadim + + * parsers/pix.g (intf_address): see #87 "Import of PIX + configuration". Basic grammar that can parse host name, version, + interfaces, their names, labels, addresses, security levels and + few other things for PIX 6, 7 and ASA 8. PIX standby configuration + is not parsed (so we can't import cluster configuration at this + time). More work needs to be done to import named objects, object + groups, as well as policy and nat rules. + 2011-02-24 Vadim Kurland * FirewallInstaller.cpp (getGeneratedFileName): see #2047 "Inspect diff --git a/src/libgui/PIXImporterRun.cpp b/src/libgui/PIXImporterRun.cpp index 7437b29b4..460d2ade1 100644 --- a/src/libgui/PIXImporterRun.cpp +++ b/src/libgui/PIXImporterRun.cpp @@ -81,7 +81,22 @@ void PIXImporter::run() if (haveFirewallObject()) { if (countInterfaces()==0) err << noInterfacesErrorMessage(); - if (countRules()==0) err << noRulesErrorMessage(); +// if (countRules()==0) err << noRulesErrorMessage(); + if (countRules()==0) + { + // temporary error message, replace with the standard one when + // done + err << QObject::tr( + "\n\n" + "Import of PIX and ASA policy and NAT rules is not " + "implemented yet but is planned for fwbuilder v4.2.0 release. " + "Please watch nightly builds on " + "http://www.fwbuilder.org/nightly_builds/fwbuilder-4.2/current_build/ " + "if you are interested in this feature." + "\n\n" + ); + + } } else { err << parser_err; diff --git a/src/parsers/PIXCfgLexer.cpp b/src/parsers/PIXCfgLexer.cpp index 0b24b653a..890bf0aa2 100644 --- a/src/parsers/PIXCfgLexer.cpp +++ b/src/parsers/PIXCfgLexer.cpp @@ -47,19 +47,20 @@ PIXCfgLexer::PIXCfgLexer(const ANTLR_USE_NAMESPACE(antlr)LexerSharedInputState& void PIXCfgLexer::initLiterals() { literals["host"] = 28; - literals["setroute"] = 46; + literals["setroute"] = 54; literals["log"] = 31; literals["access-list"] = 16; literals["interface"] = 37; + literals["standby"] = 53; literals["remark"] = 42; literals["certificate"] = 9; - literals["exit"] = 51; + literals["exit"] = 49; literals["udp"] = 22; literals["tcp"] = 21; literals["controller"] = 36; literals["eq"] = 23; literals["ip"] = 5; - literals["access-group"] = 50; + literals["access-group"] = 48; literals["time-range"] = 35; literals["community-list"] = 7; literals["icmp"] = 20; @@ -67,16 +68,16 @@ void PIXCfgLexer::initLiterals() literals["Version"] = 12; literals["nameif"] = 40; literals["security-level"] = 39; - literals["secondary"] = 47; - literals["access"] = 49; + literals["secondary"] = 52; + literals["access"] = 47; literals["lt"] = 25; literals["range"] = 27; - literals["switchport"] = 48; + literals["switchport"] = 46; literals["log-input"] = 32; - literals["standard"] = 55; + literals["standard"] = 56; literals["gt"] = 24; literals["permit"] = 18; - literals["extended"] = 54; + literals["extended"] = 55; literals["address"] = 44; literals["established"] = 33; literals["dhcp"] = 45; @@ -406,11 +407,11 @@ void PIXCfgLexer::mLINE_COMMENT(bool _createToken) { } } else { - goto _loop89; + goto _loop87; } } - _loop89:; + _loop87:; } // ( ... )* mNEWLINE(false); if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { @@ -442,9 +443,9 @@ void PIXCfgLexer::mNEWLINE(bool _createToken) { } if ( inputState->guessing==0 ) { -#line 763 "pix.g" +#line 778 "pix.g" newline(); -#line 448 "PIXCfgLexer.cpp" +#line 449 "PIXCfgLexer.cpp" } if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { _token = makeToken(_ttype); @@ -468,11 +469,11 @@ void PIXCfgLexer::mCOLON_COMMENT(bool _createToken) { } } else { - goto _loop93; + goto _loop91; } } - _loop93:; + _loop91:; } // ( ... )* mNEWLINE(false); if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { @@ -566,9 +567,9 @@ void PIXCfgLexer::mWhitespace(bool _createToken) { } } if ( inputState->guessing==0 ) { -#line 758 "pix.g" +#line 773 "pix.g" _ttype = ANTLR_USE_NAMESPACE(antlr)Token::SKIP; -#line 572 "PIXCfgLexer.cpp" +#line 573 "PIXCfgLexer.cpp" } if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { _token = makeToken(_ttype); @@ -680,14 +681,29 @@ void PIXCfgLexer::mNUMBER(bool _createToken) { ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; { - bool synPredMatched112 = false; + bool synPredMatched110 = false; if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (_tokenSet_2.member(LA(2))) && (_tokenSet_2.member(LA(3))) && (_tokenSet_2.member(LA(4))) && (_tokenSet_2.member(LA(5))) && (_tokenSet_2.member(LA(6))) && (_tokenSet_2.member(LA(7))) && (true) && (true) && (true))) { - int _m112 = mark(); - synPredMatched112 = true; + int _m110 = mark(); + synPredMatched110 = true; inputState->guessing++; try { { { // ( ... )+ + int _cnt105=0; + for (;;) { + if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { + mDIGIT(false); + } + else { + if ( _cnt105>=1 ) { goto _loop105; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + } + + _cnt105++; + } + _loop105:; + } // ( ... )+ + mDOT(false); + { // ( ... )+ int _cnt107=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { @@ -716,32 +732,32 @@ void PIXCfgLexer::mNUMBER(bool _createToken) { } _loop109:; } // ( ... )+ - mDOT(false); - { // ( ... )+ - int _cnt111=0; - for (;;) { - if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { - mDIGIT(false); - } - else { - if ( _cnt111>=1 ) { goto _loop111; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} - } - - _cnt111++; - } - _loop111:; - } // ( ... )+ } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { - synPredMatched112 = false; + synPredMatched110 = false; } - rewind(_m112); + rewind(_m110); inputState->guessing--; } - if ( synPredMatched112 ) { + if ( synPredMatched110 ) { { { // ( ... )+ + int _cnt113=0; + for (;;) { + if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { + mDIGIT(false); + } + else { + if ( _cnt113>=1 ) { goto _loop113; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + } + + _cnt113++; + } + _loop113:; + } // ( ... )+ + mDOT(false); + { // ( ... )+ int _cnt115=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { @@ -785,37 +801,37 @@ void PIXCfgLexer::mNUMBER(bool _createToken) { } _loop119:; } // ( ... )+ - mDOT(false); - { // ( ... )+ - int _cnt121=0; - for (;;) { - if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { - mDIGIT(false); - } - else { - if ( _cnt121>=1 ) { goto _loop121; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} - } - - _cnt121++; - } - _loop121:; - } // ( ... )+ } if ( inputState->guessing==0 ) { -#line 783 "pix.g" +#line 798 "pix.g" _ttype = IPV4; -#line 808 "PIXCfgLexer.cpp" +#line 809 "PIXCfgLexer.cpp" } } else { - bool synPredMatched127 = false; + bool synPredMatched125 = false; if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (_tokenSet_2.member(LA(2))) && (_tokenSet_2.member(LA(3))) && (true) && (true) && (true) && (true) && (true) && (true) && (true))) { - int _m127 = mark(); - synPredMatched127 = true; + int _m125 = mark(); + synPredMatched125 = true; inputState->guessing++; try { { { // ( ... )+ + int _cnt122=0; + for (;;) { + if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { + mDIGIT(false); + } + else { + if ( _cnt122>=1 ) { goto _loop122; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + } + + _cnt122++; + } + _loop122:; + } // ( ... )+ + mDOT(false); + { // ( ... )+ int _cnt124=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { @@ -829,32 +845,32 @@ void PIXCfgLexer::mNUMBER(bool _createToken) { } _loop124:; } // ( ... )+ - mDOT(false); - { // ( ... )+ - int _cnt126=0; - for (;;) { - if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { - mDIGIT(false); - } - else { - if ( _cnt126>=1 ) { goto _loop126; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} - } - - _cnt126++; - } - _loop126:; - } // ( ... )+ } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { - synPredMatched127 = false; + synPredMatched125 = false; } - rewind(_m127); + rewind(_m125); inputState->guessing--; } - if ( synPredMatched127 ) { + if ( synPredMatched125 ) { { { // ( ... )+ + int _cnt128=0; + for (;;) { + if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { + mDIGIT(false); + } + else { + if ( _cnt128>=1 ) { goto _loop128; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + } + + _cnt128++; + } + _loop128:; + } // ( ... )+ + mDOT(false); + { // ( ... )+ int _cnt130=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { @@ -868,7 +884,34 @@ void PIXCfgLexer::mNUMBER(bool _createToken) { } _loop130:; } // ( ... )+ - mDOT(false); + } + } + else if ((LA(1) == 0x30 /* '0' */ ) && (LA(2) == 0x78 /* 'x' */ )) { + { + match('0' /* charlit */ ); + match('x' /* charlit */ ); + { // ( ... )+ + int _cnt135=0; + for (;;) { + if ((_tokenSet_3.member(LA(1)))) { + mHEXDIGIT(false); + } + else { + if ( _cnt135>=1 ) { goto _loop135; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + } + + _cnt135++; + } + _loop135:; + } // ( ... )+ + } + if ( inputState->guessing==0 ) { +#line 804 "pix.g" + _ttype = HEX_CONST; +#line 912 "PIXCfgLexer.cpp" + } + } + else if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true)) { { // ( ... )+ int _cnt132=0; for (;;) { @@ -883,52 +926,10 @@ void PIXCfgLexer::mNUMBER(bool _createToken) { } _loop132:; } // ( ... )+ - } - } - else if ((LA(1) == 0x30 /* '0' */ ) && (LA(2) == 0x78 /* 'x' */ )) { - { - match('0' /* charlit */ ); - match('x' /* charlit */ ); - { // ( ... )+ - int _cnt137=0; - for (;;) { - if ((_tokenSet_3.member(LA(1)))) { - mHEXDIGIT(false); - } - else { - if ( _cnt137>=1 ) { goto _loop137; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} - } - - _cnt137++; - } - _loop137:; - } // ( ... )+ - } if ( inputState->guessing==0 ) { -#line 789 "pix.g" - _ttype = HEX_CONST; -#line 911 "PIXCfgLexer.cpp" - } - } - else if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true)) { - { // ( ... )+ - int _cnt134=0; - for (;;) { - if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { - mDIGIT(false); - } - else { - if ( _cnt134>=1 ) { goto _loop134; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} - } - - _cnt134++; - } - _loop134:; - } // ( ... )+ - if ( inputState->guessing==0 ) { -#line 787 "pix.g" +#line 802 "pix.g" _ttype = INT_CONST; -#line 932 "PIXCfgLexer.cpp" +#line 933 "PIXCfgLexer.cpp" } } else { @@ -1189,11 +1190,11 @@ void PIXCfgLexer::mWORD(bool _createToken) { } default: { - goto _loop141; + goto _loop139; } } } - _loop141:; + _loop139:; } // ( ... )* if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { _token = makeToken(_ttype); @@ -1215,11 +1216,11 @@ void PIXCfgLexer::mSTRING(bool _createToken) { matchNot('\"' /* charlit */ ); } else { - goto _loop144; + goto _loop142; } } - _loop144:; + _loop142:; } // ( ... )* match('\"' /* charlit */ ); if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { @@ -1589,7 +1590,7 @@ const unsigned long PIXCfgLexer::_tokenSet_1_data_[] = { 4294958072UL, 429496729 // 0x3 0x4 0x5 0x6 0x7 0x8 0x9 0xb 0xc 0xe 0xf 0x10 0x11 0x12 0x13 0x14 // 0x15 0x16 0x17 0x18 0x19 0x1a 0x1b 0x1c 0x1d 0x1e 0x1f ! \" # $ % // & \' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ? @ A B C D E F G -// H I J K L M N O P Q R S T U V W +// H I J K L M N O P Q R S T U V W X const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgLexer::_tokenSet_1(_tokenSet_1_data_,16); const unsigned long PIXCfgLexer::_tokenSet_2_data_[] = { 0UL, 67059712UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // . 0 1 2 3 4 5 6 7 8 9 @@ -1601,6 +1602,6 @@ const unsigned long PIXCfgLexer::_tokenSet_4_data_[] = { 4294967288UL, 429496729 // 0x3 0x4 0x5 0x6 0x7 0x8 0x9 0xa 0xb 0xc 0xd 0xe 0xf 0x10 0x11 0x12 0x13 // 0x14 0x15 0x16 0x17 0x18 0x19 0x1a 0x1b 0x1c 0x1d 0x1e 0x1f ! # $ // % & \' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ? @ A B C D E F -// G H I J K L M N O P Q R S T U V W +// G H I J K L M N O P Q R S T U V W X const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgLexer::_tokenSet_4(_tokenSet_4_data_,16); diff --git a/src/parsers/PIXCfgParser.cpp b/src/parsers/PIXCfgParser.cpp index 414677d7a..58de4fcce 100644 --- a/src/parsers/PIXCfgParser.cpp +++ b/src/parsers/PIXCfgParser.cpp @@ -1864,7 +1864,7 @@ void PIXCfgParser::switchport() { vlan_num = LT(1); match(WORD); if ( inputState->guessing==0 ) { -#line 620 "pix.g" +#line 634 "pix.g" #line 1871 "PIXCfgParser.cpp" @@ -1882,54 +1882,18 @@ void PIXCfgParser::switchport() { void PIXCfgParser::v6_ip_address() { Tracer traceInOut(this, "v6_ip_address"); - ANTLR_USE_NAMESPACE(antlr)RefToken lbl = ANTLR_USE_NAMESPACE(antlr)nullToken; - ANTLR_USE_NAMESPACE(antlr)RefToken dhcp = ANTLR_USE_NAMESPACE(antlr)nullToken; - ANTLR_USE_NAMESPACE(antlr)RefToken a = ANTLR_USE_NAMESPACE(antlr)nullToken; - ANTLR_USE_NAMESPACE(antlr)RefToken m = ANTLR_USE_NAMESPACE(antlr)nullToken; try { // for error handling - lbl = LT(1); - match(WORD); - { - switch ( LA(1)) { - case DHCP: - { - dhcp = LT(1); - match(DHCP); - break; + if ((LA(1) == WORD) && (LA(2) == DHCP)) { + v6_dhcp_address(); } - case IPV4: - { - { - a = LT(1); - match(IPV4); - m = LT(1); - match(IPV4); - } - break; + else if ((LA(1) == WORD) && (LA(2) == IPV4)) { + v6_static_address(); } - default: - { + else { throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); } - } - } - if ( inputState->guessing==0 ) { -#line 576 "pix.g" - - std::string label = lbl->getText(); - std::string addr; - if (a) addr = a->getText(); - if (dhcp) addr = dhcp->getText(); - std::string netm; - if (m) netm = m->getText(); - importer->addInterfaceAddress(label, addr, netm); - *dbg << LT(1)->getLine() << ":" - << " INTRFACE ADDRESS: " << addr << "/" << netm << std::endl; - -#line 1931 "PIXCfgParser.cpp" - } - match(NEWLINE); + } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { @@ -1972,6 +1936,79 @@ void PIXCfgParser::v7_ip_address() { } } +void PIXCfgParser::v6_dhcp_address() { + Tracer traceInOut(this, "v6_dhcp_address"); + ANTLR_USE_NAMESPACE(antlr)RefToken lbl = ANTLR_USE_NAMESPACE(antlr)nullToken; + ANTLR_USE_NAMESPACE(antlr)RefToken dhcp = ANTLR_USE_NAMESPACE(antlr)nullToken; + + try { // for error handling + lbl = LT(1); + match(WORD); + dhcp = LT(1); + match(DHCP); + if ( inputState->guessing==0 ) { +#line 578 "pix.g" + + std::string label = lbl->getText(); + std::string addr = dhcp->getText(); + importer->addInterfaceAddress(label, addr, ""); + *dbg << LT(1)->getLine() << ":" + << " INTRFACE ADDRESS: " << addr << std::endl; + // there can be some other parameters after "dhcp", such as "setroute", "retry" etc. + // which we do not support + consumeUntil(NEWLINE); + +#line 1962 "PIXCfgParser.cpp" + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + if( inputState->guessing == 0 ) { + reportError(ex); + recover(ex,_tokenSet_2); + } else { + throw; + } + } +} + +void PIXCfgParser::v6_static_address() { + Tracer traceInOut(this, "v6_static_address"); + ANTLR_USE_NAMESPACE(antlr)RefToken lbl = ANTLR_USE_NAMESPACE(antlr)nullToken; + ANTLR_USE_NAMESPACE(antlr)RefToken a = ANTLR_USE_NAMESPACE(antlr)nullToken; + ANTLR_USE_NAMESPACE(antlr)RefToken m = ANTLR_USE_NAMESPACE(antlr)nullToken; + + try { // for error handling + lbl = LT(1); + match(WORD); + a = LT(1); + match(IPV4); + m = LT(1); + match(IPV4); + if ( inputState->guessing==0 ) { +#line 591 "pix.g" + + std::string label = lbl->getText(); + std::string addr = a->getText(); + std::string netm = m->getText(); + importer->addInterfaceAddress(label, addr, netm); + *dbg << LT(1)->getLine() << ":" + << " INTRFACE ADDRESS: " << addr << "/" << netm << std::endl; + // in case there are some other parameters after address and netmask + consumeUntil(NEWLINE); + +#line 2000 "PIXCfgParser.cpp" + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + if( inputState->guessing == 0 ) { + reportError(ex); + recover(ex,_tokenSet_2); + } else { + throw; + } + } +} + void PIXCfgParser::v7_dhcp_address() { Tracer traceInOut(this, "v7_dhcp_address"); ANTLR_USE_NAMESPACE(antlr)RefToken dhcp = ANTLR_USE_NAMESPACE(antlr)nullToken; @@ -1979,34 +2016,17 @@ void PIXCfgParser::v7_dhcp_address() { try { // for error handling dhcp = LT(1); match(DHCP); - { - switch ( LA(1)) { - case SETROUTE: - { - match(SETROUTE); - break; - } - case NEWLINE: - { - break; - } - default: - { - throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); - } - } - } if ( inputState->guessing==0 ) { -#line 593 "pix.g" +#line 608 "pix.g" std::string addr = dhcp->getText(); importer->addInterfaceAddress(addr, ""); *dbg << LT(1)->getLine() << ":" << " INTRFACE ADDRESS: " << addr << std::endl; + consumeUntil(NEWLINE); -#line 2008 "PIXCfgParser.cpp" +#line 2029 "PIXCfgParser.cpp" } - match(NEWLINE); } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { @@ -2022,48 +2042,26 @@ void PIXCfgParser::v7_static_address() { Tracer traceInOut(this, "v7_static_address"); ANTLR_USE_NAMESPACE(antlr)RefToken a = ANTLR_USE_NAMESPACE(antlr)nullToken; ANTLR_USE_NAMESPACE(antlr)RefToken m = ANTLR_USE_NAMESPACE(antlr)nullToken; - ANTLR_USE_NAMESPACE(antlr)RefToken s = ANTLR_USE_NAMESPACE(antlr)nullToken; try { // for error handling a = LT(1); match(IPV4); m = LT(1); match(IPV4); - { - switch ( LA(1)) { - case SECONDARY: - { - s = LT(1); - match(SECONDARY); - break; - } - case NEWLINE: - { - break; - } - default: - { - throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); - } - } - } if ( inputState->guessing==0 ) { -#line 603 "pix.g" +#line 619 "pix.g" std::string addr = a->getText(); std::string netm = m->getText(); importer->addInterfaceAddress(addr, netm); *dbg << LT(1)->getLine() << ":" << " INTRFACE ADDRESS: " << addr << "/" << netm << std::endl; - if (s) - { - *dbg << s->getText(); - } - *dbg << std::endl; + // there can be other parameters after address/netmask pair, such as "standby" + // We do not parse them yet. + consumeUntil(NEWLINE); -#line 2065 "PIXCfgParser.cpp" +#line 2064 "PIXCfgParser.cpp" } - match(NEWLINE); } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { @@ -2091,7 +2089,7 @@ void PIXCfgParser::access_group_by_name() { intf_label = LT(1); match(WORD); if ( inputState->guessing==0 ) { -#line 627 "pix.g" +#line 641 "pix.g" importer->setInterfaceAndDirectionForRuleSet( acln->getText(), @@ -2102,7 +2100,7 @@ void PIXCfgParser::access_group_by_name() { << " " << intf_label->getText() << " " << dir->getText() << std::endl; -#line 2106 "PIXCfgParser.cpp" +#line 2104 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -2165,14 +2163,15 @@ const char* PIXCfgParser::tokenNames[] = { "\"shutdown\"", "\"address\"", "\"dhcp\"", - "\"setroute\"", - "\"secondary\"", "\"switchport\"", "\"access\"", "\"access-group\"", "\"exit\"", "LINE_COMMENT", "COLON_COMMENT", + "\"secondary\"", + "\"standby\"", + "\"setroute\"", "\"extended\"", "\"standard\"", "Whitespace", @@ -2213,7 +2212,7 @@ const char* PIXCfgParser::tokenNames[] = { const unsigned long PIXCfgParser::_tokenSet_0_data_[] = { 2UL, 0UL, 0UL, 0UL }; // EOF const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_0(_tokenSet_0_data_,4); -const unsigned long PIXCfgParser::_tokenSet_1_data_[] = { 85874UL, 3673072UL, 0UL, 0UL }; +const unsigned long PIXCfgParser::_tokenSet_1_data_[] = { 85874UL, 920560UL, 0UL, 0UL }; // EOF NEWLINE "ip" "quit" WORD "certificate" "PIX" "ASA" "hostname" "access-list" // "controller" "interface" "vlan" "security-level" "nameif" "description" // "shutdown" "exit" LINE_COMMENT COLON_COMMENT diff --git a/src/parsers/PIXCfgParser.hpp b/src/parsers/PIXCfgParser.hpp index 48ba2479a..ea66cdc76 100644 --- a/src/parsers/PIXCfgParser.hpp +++ b/src/parsers/PIXCfgParser.hpp @@ -105,6 +105,8 @@ public: public: void switchport(); public: void v6_ip_address(); public: void v7_ip_address(); + public: void v6_dhcp_address(); + public: void v6_static_address(); public: void v7_dhcp_address(); public: void v7_static_address(); public: void access_group_by_name(); @@ -119,10 +121,10 @@ protected: private: static const char* tokenNames[]; #ifndef NO_STATIC_CONSTS - static const int NUM_TOKENS = 88; + static const int NUM_TOKENS = 89; #else enum { - NUM_TOKENS = 88 + NUM_TOKENS = 89 }; #endif diff --git a/src/parsers/PIXCfgParserTokenTypes.hpp b/src/parsers/PIXCfgParserTokenTypes.hpp index c24ef7829..01a7fa9a1 100644 --- a/src/parsers/PIXCfgParserTokenTypes.hpp +++ b/src/parsers/PIXCfgParserTokenTypes.hpp @@ -54,48 +54,49 @@ struct CUSTOM_API PIXCfgParserTokenTypes { SHUTDOWN = 43, ADDRESS = 44, DHCP = 45, - SETROUTE = 46, - SECONDARY = 47, - SWITCHPORT = 48, - ACCESS = 49, - ACCESS_GROUP = 50, - EXIT = 51, - LINE_COMMENT = 52, - COLON_COMMENT = 53, - EXTENDED = 54, - STANDARD = 55, - Whitespace = 56, - HEX_CONST = 57, - NEG_INT_CONST = 58, - DIGIT = 59, - HEXDIGIT = 60, - PIPE_CHAR = 61, - NUMBER_SIGN = 62, - PERCENT = 63, - AMPERSAND = 64, - APOSTROPHE = 65, - OPENING_PAREN = 66, - CLOSING_PAREN = 67, - STAR = 68, - PLUS = 69, - COMMA = 70, - MINUS = 71, - DOT = 72, - SLASH = 73, - COLON = 74, - SEMICOLON = 75, - LESS_THAN = 76, - EQUALS = 77, - GREATER_THAN = 78, - QUESTION = 79, - COMMERCIAL_AT = 80, - OPENING_SQUARE = 81, - CLOSING_SQUARE = 82, - CARET = 83, - UNDERLINE = 84, - OPENING_BRACE = 85, - CLOSING_BRACE = 86, - TILDE = 87, + SWITCHPORT = 46, + ACCESS = 47, + ACCESS_GROUP = 48, + EXIT = 49, + LINE_COMMENT = 50, + COLON_COMMENT = 51, + SECONDARY = 52, + STANDBY = 53, + SETROUTE = 54, + EXTENDED = 55, + STANDARD = 56, + Whitespace = 57, + HEX_CONST = 58, + NEG_INT_CONST = 59, + DIGIT = 60, + HEXDIGIT = 61, + PIPE_CHAR = 62, + NUMBER_SIGN = 63, + PERCENT = 64, + AMPERSAND = 65, + APOSTROPHE = 66, + OPENING_PAREN = 67, + CLOSING_PAREN = 68, + STAR = 69, + PLUS = 70, + COMMA = 71, + MINUS = 72, + DOT = 73, + SLASH = 74, + COLON = 75, + SEMICOLON = 76, + LESS_THAN = 77, + EQUALS = 78, + GREATER_THAN = 79, + QUESTION = 80, + COMMERCIAL_AT = 81, + OPENING_SQUARE = 82, + CLOSING_SQUARE = 83, + CARET = 84, + UNDERLINE = 85, + OPENING_BRACE = 86, + CLOSING_BRACE = 87, + TILDE = 88, NULL_TREE_LOOKAHEAD = 3 }; #ifdef __cplusplus diff --git a/src/parsers/PIXCfgParserTokenTypes.txt b/src/parsers/PIXCfgParserTokenTypes.txt index cd100f653..1114c5590 100644 --- a/src/parsers/PIXCfgParserTokenTypes.txt +++ b/src/parsers/PIXCfgParserTokenTypes.txt @@ -42,45 +42,46 @@ REMARK="remark"=42 SHUTDOWN="shutdown"=43 ADDRESS="address"=44 DHCP="dhcp"=45 -SETROUTE="setroute"=46 -SECONDARY="secondary"=47 -SWITCHPORT="switchport"=48 -ACCESS="access"=49 -ACCESS_GROUP="access-group"=50 -EXIT="exit"=51 -LINE_COMMENT=52 -COLON_COMMENT=53 -EXTENDED="extended"=54 -STANDARD="standard"=55 -Whitespace=56 -HEX_CONST=57 -NEG_INT_CONST=58 -DIGIT=59 -HEXDIGIT=60 -PIPE_CHAR=61 -NUMBER_SIGN=62 -PERCENT=63 -AMPERSAND=64 -APOSTROPHE=65 -OPENING_PAREN=66 -CLOSING_PAREN=67 -STAR=68 -PLUS=69 -COMMA=70 -MINUS=71 -DOT=72 -SLASH=73 -COLON=74 -SEMICOLON=75 -LESS_THAN=76 -EQUALS=77 -GREATER_THAN=78 -QUESTION=79 -COMMERCIAL_AT=80 -OPENING_SQUARE=81 -CLOSING_SQUARE=82 -CARET=83 -UNDERLINE=84 -OPENING_BRACE=85 -CLOSING_BRACE=86 -TILDE=87 +SWITCHPORT="switchport"=46 +ACCESS="access"=47 +ACCESS_GROUP="access-group"=48 +EXIT="exit"=49 +LINE_COMMENT=50 +COLON_COMMENT=51 +SECONDARY="secondary"=52 +STANDBY="standby"=53 +SETROUTE="setroute"=54 +EXTENDED="extended"=55 +STANDARD="standard"=56 +Whitespace=57 +HEX_CONST=58 +NEG_INT_CONST=59 +DIGIT=60 +HEXDIGIT=61 +PIPE_CHAR=62 +NUMBER_SIGN=63 +PERCENT=64 +AMPERSAND=65 +APOSTROPHE=66 +OPENING_PAREN=67 +CLOSING_PAREN=68 +STAR=69 +PLUS=70 +COMMA=71 +MINUS=72 +DOT=73 +SLASH=74 +COLON=75 +SEMICOLON=76 +LESS_THAN=77 +EQUALS=78 +GREATER_THAN=79 +QUESTION=80 +COMMERCIAL_AT=81 +OPENING_SQUARE=82 +CLOSING_SQUARE=83 +CARET=84 +UNDERLINE=85 +OPENING_BRACE=86 +CLOSING_BRACE=87 +TILDE=88 diff --git a/src/parsers/pix.g b/src/parsers/pix.g index 9d74a15d1..51e2fd08d 100644 --- a/src/parsers/pix.g +++ b/src/parsers/pix.g @@ -572,47 +572,61 @@ interface_known_commands : intf_address : ADDRESS (v6_ip_address | v7_ip_address) ; -v6_ip_address : lbl:WORD (dhcp:DHCP | (a:IPV4 m:IPV4)) +v6_ip_address : v6_dhcp_address | v6_static_address; + +v6_dhcp_address : lbl:WORD dhcp:DHCP { std::string label = lbl->getText(); - std::string addr; - if (a) addr = a->getText(); - if (dhcp) addr = dhcp->getText(); - std::string netm; - if (m) netm = m->getText(); + std::string addr = dhcp->getText(); + importer->addInterfaceAddress(label, addr, ""); + *dbg << LT(1)->getLine() << ":" + << " INTRFACE ADDRESS: " << addr << std::endl; +// there can be some other parameters after "dhcp", such as "setroute", "retry" etc. +// which we do not support + consumeUntil(NEWLINE); + } + ; + +v6_static_address : lbl:WORD a:IPV4 m:IPV4 + { + std::string label = lbl->getText(); + std::string addr = a->getText(); + std::string netm = m->getText(); importer->addInterfaceAddress(label, addr, netm); *dbg << LT(1)->getLine() << ":" << " INTRFACE ADDRESS: " << addr << "/" << netm << std::endl; +// in case there are some other parameters after address and netmask + consumeUntil(NEWLINE); } - NEWLINE ; + + v7_ip_address : v7_dhcp_address | v7_static_address; -v7_dhcp_address : dhcp:DHCP (SETROUTE) ? +v7_dhcp_address : dhcp:DHCP { std::string addr = dhcp->getText(); importer->addInterfaceAddress(addr, ""); *dbg << LT(1)->getLine() << ":" << " INTRFACE ADDRESS: " << addr << std::endl; + consumeUntil(NEWLINE); } - NEWLINE +// NEWLINE ; -v7_static_address : a:IPV4 m:IPV4 (s:SECONDARY)? +v7_static_address : a:IPV4 m:IPV4 { std::string addr = a->getText(); std::string netm = m->getText(); importer->addInterfaceAddress(addr, netm); *dbg << LT(1)->getLine() << ":" << " INTRFACE ADDRESS: " << addr << "/" << netm << std::endl; - if (s) - { - *dbg << s->getText(); - } - *dbg << std::endl; +// there can be other parameters after address/netmask pair, such as "standby" +// We do not parse them yet. + consumeUntil(NEWLINE); } - NEWLINE +// NEWLINE ; @@ -693,6 +707,7 @@ tokens ADDRESS = "address"; SECONDARY = "secondary"; + STANDBY = "standby"; COMMUNITY_LIST = "community-list";