onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-19 01:37:17 +01:00
Code Issues Releases Wiki Activity

* parsers/pix.g (icmp_top_level_command): see #2164 Implemented

Browse Source 
import of "ssh", "telnet" and "icmp" PIX/ASA commands. These
commands are imported as regular rules in the main Policy ruleset.
This commit is contained in:
Vadim Kurland 2011-03-25 19:31:06 -07:00
parent 5bfcc226cb
commit 60d0c4e308
12 changed files with 2107 additions and 1047 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
doc/ChangeLog
View File

@ -1,5 +1,9 @@
2011-03-25 vadim <vadim@netcitadel.com>
* parsers/pix.g (icmp_top_level_command): see #2164 Implemented
import of "ssh", "telnet" and "icmp" PIX/ASA commands. These
commands are imported as regular rules in the main Policy ruleset.
* PIXImporter.cpp (finalize): see #2277 "Create policy objects for
ASA access-lists that are not applied in an access-group". Policy
rule set will be created and populated with rules found in the

20
src/import/Importer.cpp
View File

@ -534,8 +534,23 @@ void Importer::pushRule()
clear();
}
void Importer::setSrcSelf()
{
src_a = "self";
}
void Importer::setDstSelf()
{
dst_a = "self";
}
FWObject* Importer::makeSrcObj()
{
if (src_a == "self")
{
return getFirewallObject();
}
if ( (src_a=="" && src_nm=="") ||
(src_a==InetAddr::getAny().toString() &&
src_nm==InetAddr::getAny().toString()))
@ -553,6 +568,11 @@ FWObject* Importer::makeSrcObj()
FWObject* Importer::makeDstObj()
{
if (dst_a == "self")
{
return getFirewallObject();
}
if ( (dst_a=="" && dst_nm=="") ||
(dst_a==InetAddr::getAny().toString() &&
dst_nm==InetAddr::getAny().toString()))

4
src/import/Importer.h
View File

@ -220,6 +220,7 @@ public:
std::string tmp_nm;
std::string tmp_port_op;
std::string tmp_port_spec;
std::string tmp_port_spec_2;
std::string tmp_range_1;
std::string tmp_range_2;
@ -245,6 +246,9 @@ public:
void SaveTmpPortToSrc();
void SaveTmpPortToDst();
void setSrcSelf();
void setDstSelf();
virtual void clear();
Importer(libfwbuilder::FWObject *lib,

451
src/parsers/PIXCfgLexer.cpp
View File

@ -44,102 +44,124 @@ PIXCfgLexer::PIXCfgLexer(const ANTLR_USE_NAMESPACE(antlr)LexerSharedInputState&
void PIXCfgLexer::initLiterals()
{
literals["name"] = 9;
literals["names"] = 8;
literals["ospf"] = 22;
literals["established"] = 75;
literals["mac-address"] = 96;
literals["nameif"] = 87;
literals["subnet"] = 33;
literals["ipsec"] = 20;
literals["controller"] = 78;
literals["pcp"] = 23;
literals["remark"] = 107;
literals["access-list"] = 61;
literals["snp"] = 26;
literals["hostname"] = 59;
literals["hold-time"] = 94;
literals["tcp-udp"] = 49;
literals["name"] = 10;
literals["names"] = 9;
literals["ospf"] = 23;
literals["established"] = 97;
literals["mac-address"] = 118;
literals["nameif"] = 109;
literals["subnet"] = 34;
literals["ipsec"] = 21;
literals["controller"] = 100;
literals["pcp"] = 24;
literals["access-list"] = 62;
literals["remark"] = 129;
literals["telnet"] = 91;
literals["alternate-address"] = 67;
literals["timestamp-reply"] = 82;
literals["snp"] = 27;
literals["information-request"] = 72;
literals["hostname"] = 60;
literals["source-quench"] = 80;
literals["conversion-error"] = 68;
literals["timeout"] = 8;
literals["hold-time"] = 116;
literals["time-exceeded"] = 81;
literals["tcp-udp"] = 50;
literals["community-list"] = 7;
literals["permit"] = 63;
literals["pptp"] = 25;
literals["interval"] = 74;
literals["aui"] = 81;
literals["security-level"] = 100;
literals["no"] = 53;
literals["source"] = 40;
literals["igrp"] = 18;
literals["group-object"] = 43;
literals["pim"] = 24;
literals["nos"] = 21;
literals["ipinip"] = 19;
literals["permit"] = 64;
literals["pptp"] = 26;
literals["interval"] = 96;
literals["parameter-problem"] = 76;
literals["aui"] = 103;
literals["ssh"] = 90;
literals["security-level"] = 122;
literals["no"] = 54;
literals["source"] = 41;
literals["igrp"] = 19;
literals["mobile-redirect"] = 75;
literals["group-object"] = 44;
literals["pim"] = 25;
literals["nos"] = 22;
literals["ipinip"] = 20;
literals["quit"] = 5;
literals["crypto"] = 52;
literals["protocol"] = 45;
literals["icmp-type"] = 48;
literals["PIX"] = 55;
literals["icmp-object"] = 47;
literals["exit"] = 80;
literals["nat"] = 29;
literals["range"] = 32;
literals["service-object"] = 50;
literals["gre"] = 16;
literals["gt"] = 67;
literals["ah"] = 13;
literals["host"] = 31;
literals["baseTX"] = 86;
literals["secondary"] = 110;
literals["interface"] = 70;
literals["rip"] = 99;
literals["protocol-object"] = 46;
literals["icmp6"] = 37;
literals["standard"] = 65;
literals["network"] = 28;
literals["service"] = 34;
literals["vlan"] = 88;
literals["access"] = 106;
literals["bnc"] = 83;
literals["multicast"] = 97;
literals["any"] = 71;
literals["full"] = 84;
literals["dhcp"] = 103;
literals["speed"] = 89;
literals["deny"] = 64;
literals["neq"] = 69;
literals["esp"] = 15;
literals["address"] = 102;
literals["network-object"] = 44;
literals["shutdown"] = 101;
literals["delay"] = 93;
literals["auto"] = 82;
literals["certificate"] = 54;
literals["udp"] = 39;
literals["fragments"] = 76;
literals["eq"] = 66;
literals["destination"] = 41;
literals["duplex"] = 90;
literals["setroute"] = 111;
literals["baseT"] = 85;
literals["crypto"] = 53;
literals["protocol"] = 46;
literals["icmp-type"] = 49;
literals["PIX"] = 56;
literals["icmp-object"] = 48;
literals["exit"] = 102;
literals["nat"] = 30;
literals["range"] = 33;
literals["service-object"] = 51;
literals["gre"] = 17;
literals["information-reply"] = 71;
literals["gt"] = 87;
literals["mask-reply"] = 73;
literals["router-solicitation"] = 79;
literals["ah"] = 14;
literals["host"] = 32;
literals["mask-request"] = 74;
literals["baseTX"] = 108;
literals["secondary"] = 132;
literals["interface"] = 92;
literals["rip"] = 121;
literals["protocol-object"] = 47;
literals["icmp6"] = 38;
literals["standard"] = 66;
literals["network"] = 29;
literals["service"] = 35;
literals["access"] = 128;
literals["vlan"] = 110;
literals["bnc"] = 105;
literals["multicast"] = 119;
literals["any"] = 93;
literals["full"] = 106;
literals["dhcp"] = 125;
literals["redirect"] = 77;
literals["speed"] = 111;
literals["deny"] = 65;
literals["neq"] = 89;
literals["esp"] = 16;
literals["address"] = 124;
literals["network-object"] = 45;
literals["shutdown"] = 123;
literals["delay"] = 115;
literals["auto"] = 104;
literals["echo-reply"] = 70;
literals["certificate"] = 55;
literals["router-advertisement"] = 78;
literals["udp"] = 40;
literals["fragments"] = 98;
literals["eq"] = 86;
literals["destination"] = 42;
literals["setroute"] = 133;
literals["duplex"] = 112;
literals["echo"] = 69;
literals["baseT"] = 107;
literals["ip"] = 6;
literals["eigrp"] = 14;
literals["log-input"] = 73;
literals["switchport"] = 105;
literals["description"] = 30;
literals["extended"] = 62;
literals["igmp"] = 17;
literals["access-group"] = 108;
literals["ddns"] = 91;
literals["Version"] = 57;
literals["log"] = 72;
literals["forward"] = 92;
literals["ASA"] = 56;
literals["lt"] = 68;
literals["ipv6"] = 95;
literals["port-object"] = 51;
literals["time-range"] = 77;
literals["standby"] = 104;
literals["icmp"] = 35;
literals["tcp"] = 38;
literals["eigrp"] = 15;
literals["log-input"] = 95;
literals["switchport"] = 127;
literals["timestamp-request"] = 83;
literals["description"] = 31;
literals["extended"] = 63;
literals["igmp"] = 18;
literals["access-group"] = 130;
literals["ddns"] = 113;
literals["Version"] = 58;
literals["log"] = 94;
literals["forward"] = 114;
literals["ASA"] = 57;
literals["lt"] = 88;
literals["ipv6"] = 117;
literals["port-object"] = 52;
literals["unreachable"] = 85;
literals["time-range"] = 99;
literals["standby"] = 126;
literals["icmp"] = 36;
literals["tcp"] = 39;
literals["traceroute"] = 84;
}
ANTLR_USE_NAMESPACE(antlr)RefToken PIXCfgLexer::nextToken()
@ -453,11 +475,11 @@ void PIXCfgLexer::mLINE_COMMENT(bool _createToken) {
}
}
else {
goto _loop222;
goto _loop240;
}
}
_loop222:;
_loop240:;
} // ( ... )*
mNEWLINE(false);
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
@ -489,9 +511,9 @@ void PIXCfgLexer::mNEWLINE(bool _createToken) {
}
if ( inputState->guessing==0 ) {
#line 1746 "pix.g"
#line 1915 "pix.g"
newline();
#line 495 "PIXCfgLexer.cpp"
#line 517 "PIXCfgLexer.cpp"
}
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
@ -515,11 +537,11 @@ void PIXCfgLexer::mCOLON_COMMENT(bool _createToken) {
}
}
else {
goto _loop226;
goto _loop244;
}
}
_loop226:;
_loop244:;
} // ( ... )*
mNEWLINE(false);
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
@ -613,9 +635,9 @@ void PIXCfgLexer::mWhitespace(bool _createToken) {
}
}
if ( inputState->guessing==0 ) {
#line 1741 "pix.g"
#line 1910 "pix.g"
_ttype = ANTLR_USE_NAMESPACE(antlr)Token::SKIP;
#line 619 "PIXCfgLexer.cpp"
#line 641 "PIXCfgLexer.cpp"
}
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
@ -737,10 +759,10 @@ void PIXCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
{
bool synPredMatched287 = false;
bool synPredMatched305 = false;
if (((LA(1) == 0x6f /* 'o' */ ) && (LA(2) == 0x62 /* 'b' */ ) && (LA(3) == 0x6a /* 'j' */ ))) {
int _m287 = mark();
synPredMatched287 = true;
int _m305 = mark();
synPredMatched305 = true;
inputState->guessing++;
try {
{
@ -749,12 +771,12 @@ void PIXCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) {
synPredMatched287 = false;
synPredMatched305 = false;
}
rewind(_m287);
rewind(_m305);
inputState->guessing--;
}
if ( synPredMatched287 ) {
if ( synPredMatched305 ) {
{
match("object");
{
@ -764,17 +786,17 @@ void PIXCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
match("oup");
}
if ( inputState->guessing==0 ) {
#line 1798 "pix.g"
#line 1967 "pix.g"
_ttype = OBJECT_GROUP;
#line 770 "PIXCfgLexer.cpp"
#line 792 "PIXCfgLexer.cpp"
}
}
else {
match("");
if ( inputState->guessing==0 ) {
#line 1800 "pix.g"
#line 1969 "pix.g"
_ttype = OBJECT;
#line 778 "PIXCfgLexer.cpp"
#line 800 "PIXCfgLexer.cpp"
}
}
@ -782,15 +804,15 @@ void PIXCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
}
}
else {
bool synPredMatched277 = false;
bool synPredMatched295 = false;
if (((_tokenSet_2.member(LA(1))) && (_tokenSet_3.member(LA(2))) && (true))) {
int _m277 = mark();
synPredMatched277 = true;
int _m295 = mark();
synPredMatched295 = true;
inputState->guessing++;
try {
{
{ // ( ... )+
int _cnt276=0;
int _cnt294=0;
for (;;) {
switch ( LA(1)) {
case 0x61 /* 'a' */ :
@ -819,27 +841,27 @@ void PIXCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
}
default:
{
if ( _cnt276>=1 ) { goto _loop276; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
if ( _cnt294>=1 ) { goto _loop294; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
}
_cnt276++;
_cnt294++;
}
_loop276:;
_loop294:;
} // ( ... )+
mCOLON(false);
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) {
synPredMatched277 = false;
synPredMatched295 = false;
}
rewind(_m277);
rewind(_m295);
inputState->guessing--;
}
if ( synPredMatched277 ) {
if ( synPredMatched295 ) {
{
{
{ // ( ... )+
int _cnt281=0;
int _cnt299=0;
for (;;) {
switch ( LA(1)) {
case 0x61 /* 'a' */ :
@ -868,15 +890,15 @@ void PIXCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
}
default:
{
if ( _cnt281>=1 ) { goto _loop281; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
if ( _cnt299>=1 ) { goto _loop299; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
}
_cnt281++;
_cnt299++;
}
_loop281:;
_loop299:;
} // ( ... )+
{ // ( ... )+
int _cnt285=0;
int _cnt303=0;
for (;;) {
if ((LA(1) == 0x3a /* ':' */ )) {
mCOLON(false);
@ -909,34 +931,34 @@ void PIXCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
}
default:
{
goto _loop284;
goto _loop302;
}
}
}
_loop284:;
_loop302:;
} // ( ... )*
}
else {
if ( _cnt285>=1 ) { goto _loop285; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
if ( _cnt303>=1 ) { goto _loop303; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt285++;
_cnt303++;
}
_loop285:;
_loop303:;
} // ( ... )+
}
if ( inputState->guessing==0 ) {
#line 1791 "pix.g"
#line 1960 "pix.g"
_ttype = IPV6;
#line 932 "PIXCfgLexer.cpp"
#line 954 "PIXCfgLexer.cpp"
}
}
}
else {
bool synPredMatched242 = false;
bool synPredMatched260 = false;
if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (true) && (true))) {
int _m242 = mark();
synPredMatched242 = true;
int _m260 = mark();
synPredMatched260 = true;
inputState->guessing++;
try {
{
@ -944,242 +966,242 @@ void PIXCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) {
synPredMatched242 = false;
synPredMatched260 = false;
}
rewind(_m242);
rewind(_m260);
inputState->guessing--;
}
if ( synPredMatched242 ) {
if ( synPredMatched260 ) {
{
bool synPredMatched251 = false;
bool synPredMatched269 = false;
if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (_tokenSet_4.member(LA(2))) && (_tokenSet_4.member(LA(3))))) {
int _m251 = mark();
synPredMatched251 = true;
int _m269 = mark();
synPredMatched269 = true;
inputState->guessing++;
try {
{
{ // ( ... )+
int _cnt246=0;
int _cnt264=0;
for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mDIGIT(false);
}
else {
if ( _cnt246>=1 ) { goto _loop246; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
if ( _cnt264>=1 ) { goto _loop264; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt246++;
_cnt264++;
}
_loop246:;
_loop264:;
} // ( ... )+
mDOT(false);
{ // ( ... )+
int _cnt248=0;
int _cnt266=0;
for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mDIGIT(false);
}
else {
if ( _cnt248>=1 ) { goto _loop248; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
if ( _cnt266>=1 ) { goto _loop266; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt248++;
_cnt266++;
}
_loop248:;
_loop266:;
} // ( ... )+
mDOT(false);
{ // ( ... )+
int _cnt250=0;
int _cnt268=0;
for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mDIGIT(false);
}
else {
if ( _cnt250>=1 ) { goto _loop250; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
if ( _cnt268>=1 ) { goto _loop268; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt250++;
_cnt268++;
}
_loop250:;
_loop268:;
} // ( ... )+
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) {
synPredMatched251 = false;
synPredMatched269 = false;
}
rewind(_m251);
rewind(_m269);
inputState->guessing--;
}
if ( synPredMatched251 ) {
if ( synPredMatched269 ) {
{
{ // ( ... )+
int _cnt254=0;
int _cnt272=0;
for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mDIGIT(false);
}
else {
if ( _cnt254>=1 ) { goto _loop254; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
if ( _cnt272>=1 ) { goto _loop272; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt254++;
_cnt272++;
}
_loop254:;
_loop272:;
} // ( ... )+
mDOT(false);
{ // ( ... )+
int _cnt256=0;
int _cnt274=0;
for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mDIGIT(false);
}
else {
if ( _cnt256>=1 ) { goto _loop256; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
if ( _cnt274>=1 ) { goto _loop274; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt256++;
_cnt274++;
}
_loop256:;
_loop274:;
} // ( ... )+
mDOT(false);
{ // ( ... )+
int _cnt258=0;
int _cnt276=0;
for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mDIGIT(false);
}
else {
if ( _cnt258>=1 ) { goto _loop258; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
if ( _cnt276>=1 ) { goto _loop276; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt258++;
_cnt276++;
}
_loop258:;
_loop276:;
} // ( ... )+
mDOT(false);
{ // ( ... )+
int _cnt260=0;
int _cnt278=0;
for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mDIGIT(false);
}
else {
if ( _cnt260>=1 ) { goto _loop260; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
if ( _cnt278>=1 ) { goto _loop278; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt260++;
_cnt278++;
}
_loop260:;
_loop278:;
} // ( ... )+
}
if ( inputState->guessing==0 ) {
#line 1779 "pix.g"
#line 1948 "pix.g"
_ttype = IPV4;
#line 1079 "PIXCfgLexer.cpp"
#line 1101 "PIXCfgLexer.cpp"
}
}
else {
bool synPredMatched266 = false;
bool synPredMatched284 = false;
if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (_tokenSet_4.member(LA(2))) && (_tokenSet_4.member(LA(3))))) {
int _m266 = mark();
synPredMatched266 = true;
int _m284 = mark();
synPredMatched284 = true;
inputState->guessing++;
try {
{
{ // ( ... )+
int _cnt263=0;
int _cnt281=0;
for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mDIGIT(false);
}
else {
if ( _cnt263>=1 ) { goto _loop263; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
if ( _cnt281>=1 ) { goto _loop281; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt263++;
_cnt281++;
}
_loop263:;
_loop281:;
} // ( ... )+
mDOT(false);
{ // ( ... )+
int _cnt265=0;
int _cnt283=0;
for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mDIGIT(false);
}
else {
if ( _cnt265>=1 ) { goto _loop265; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
if ( _cnt283>=1 ) { goto _loop283; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt265++;
_cnt283++;
}
_loop265:;
_loop283:;
} // ( ... )+
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) {
synPredMatched266 = false;
synPredMatched284 = false;
}
rewind(_m266);
rewind(_m284);
inputState->guessing--;
}
if ( synPredMatched266 ) {
if ( synPredMatched284 ) {
{
{ // ( ... )+
int _cnt269=0;
int _cnt287=0;
for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mDIGIT(false);
}
else {
if ( _cnt269>=1 ) { goto _loop269; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
if ( _cnt287>=1 ) { goto _loop287; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt269++;
_cnt287++;
}
_loop269:;
_loop287:;
} // ( ... )+
mDOT(false);
{ // ( ... )+
int _cnt271=0;
int _cnt289=0;
for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mDIGIT(false);
}
else {
if ( _cnt271>=1 ) { goto _loop271; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
if ( _cnt289>=1 ) { goto _loop289; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt271++;
_cnt289++;
}
_loop271:;
_loop289:;
} // ( ... )+
}
if ( inputState->guessing==0 ) {
#line 1782 "pix.g"
#line 1951 "pix.g"
_ttype = NUMBER;
#line 1162 "PIXCfgLexer.cpp"
#line 1184 "PIXCfgLexer.cpp"
}
}
else if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (true) && (true)) {
{ // ( ... )+
int _cnt273=0;
int _cnt291=0;
for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mDIGIT(false);
}
else {
if ( _cnt273>=1 ) { goto _loop273; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
if ( _cnt291>=1 ) { goto _loop291; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt273++;
_cnt291++;
}
_loop273:;
_loop291:;
} // ( ... )+
if ( inputState->guessing==0 ) {
#line 1784 "pix.g"
#line 1953 "pix.g"
_ttype = INT_CONST;
#line 1183 "PIXCfgLexer.cpp"
#line 1205 "PIXCfgLexer.cpp"
}
}
else {
@ -1415,16 +1437,16 @@ void PIXCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
}
default:
{
goto _loop293;
goto _loop311;
}
}
}
_loop293:;
_loop311:;
} // ( ... )*
if ( inputState->guessing==0 ) {
#line 1807 "pix.g"
#line 1976 "pix.g"
_ttype = WORD;
#line 1428 "PIXCfgLexer.cpp"
#line 1450 "PIXCfgLexer.cpp"
}
}
else {
@ -1466,11 +1488,11 @@ void PIXCfgLexer::mSTRING(bool _createToken) {
matchNot('\"' /* charlit */ );
}
else {
goto _loop296;
goto _loop314;
}
}
_loop296:;
_loop314:;
} // ( ... )*
match('\"' /* charlit */ );
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
@ -1850,7 +1872,8 @@ const unsigned long PIXCfgLexer::_tokenSet_0_data_[] = { 4294958072UL, 1UL, 0UL,
// 0x3 0x4 0x5 0x6 0x7 0x8 0x9 0xb 0xc 0xe 0xf 0x10 0x11 0x12 0x13 0x14
// 0x15 0x16 0x17 0x18 0x19 0x1a 0x1b 0x1c 0x1d 0x1e 0x1f 0x7f 0x80 0x81
// 0x82 0x83 0x84 0x85 0x86 0x87 0x88 0x89 0x8a 0x8b 0x8c 0x8d 0x8e 0x8f
// 0x90 0x91
// 0x90 0x91 0x92 0x93 0x94 0x95 0x96 0x97 0x98 0x99 0x9a 0x9b 0x9c 0x9d
// 0x9e 0x9f 0xa0 0xa1 0xa2 0xa3 0xa4 0xa5 0xa6 0xa7
const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgLexer::_tokenSet_0(_tokenSet_0_data_,16);
const unsigned long PIXCfgLexer::_tokenSet_1_data_[] = { 4294958072UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL };
// 0x3 0x4 0x5 0x6 0x7 0x8 0x9 0xb 0xc 0xe 0xf 0x10 0x11 0x12 0x13 0x14
@ -1859,6 +1882,8 @@ const unsigned long PIXCfgLexer::_tokenSet_1_data_[] = { 4294958072UL, 429496729
// H I J K L M N O P Q R S T U V W X Y Z [ 0x5c ] ^ _ ` a b c d e f g h
// i j k l m n o p q r s t u v w x y z { | } ~ 0x7f 0x80 0x81 0x82 0x83
// 0x84 0x85 0x86 0x87 0x88 0x89 0x8a 0x8b 0x8c 0x8d 0x8e 0x8f 0x90 0x91
// 0x92 0x93 0x94 0x95 0x96 0x97 0x98 0x99 0x9a 0x9b 0x9c 0x9d 0x9e 0x9f
// 0xa0 0xa1 0xa2 0xa3 0xa4 0xa5 0xa6 0xa7
const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgLexer::_tokenSet_1(_tokenSet_1_data_,16);
const unsigned long PIXCfgLexer::_tokenSet_2_data_[] = { 0UL, 67043328UL, 0UL, 126UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL };
// 0 1 2 3 4 5 6 7 8 9 a b c d e f
@ -1880,5 +1905,7 @@ const unsigned long PIXCfgLexer::_tokenSet_6_data_[] = { 4294967288UL, 429496729
// G H I J K L M N O P Q R S T U V W X Y Z [ 0x5c ] ^ _ ` a b c d e f g
// h i j k l m n o p q r s t u v w x y z { | } ~ 0x7f 0x80 0x81 0x82 0x83
// 0x84 0x85 0x86 0x87 0x88 0x89 0x8a 0x8b 0x8c 0x8d 0x8e 0x8f 0x90 0x91
// 0x92 0x93 0x94 0x95 0x96 0x97 0x98 0x99 0x9a 0x9b 0x9c 0x9d 0x9e 0x9f
// 0xa0 0xa1 0xa2 0xa3 0xa4 0xa5 0xa6 0xa7
const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgLexer::_tokenSet_6(_tokenSet_6_data_,16);

1749
src/parsers/PIXCfgParser.cpp
View File

File diff suppressed because it is too large Load Diff

21
src/parsers/PIXCfgParser.hpp
View File

@ -38,7 +38,7 @@ class CUSTOM_API PIXCfgParser : public ANTLR_USE_NAMESPACE(antlr)LLkParser, publ
// additional methods and members
public:
std::ostream *dbg;
PIXImporter *importer;
@ -98,6 +98,9 @@ public:
public: void nameif_top_level();
public: void controller();
public: void access_list_commands();
public: void ssh_command();
public: void telnet_command();
public: void icmp_top_level_command();
public: void access_group();
public: void exit();
public: void certificate();
@ -113,6 +116,7 @@ public:
public: void object_group_icmp_8_3();
public: void crypto();
public: void no_commands();
public: void timeout_command();
public: void unknown_command();
public: void ip_protocol_names();
public: void named_object_network_parameters();
@ -127,6 +131,7 @@ public:
public: void service_tcp_udp();
public: void service_other();
public: void service_unknown();
public: void icmp_names();
public: void src_port_spec();
public: void dst_port_spec();
public: void xoperator();
@ -164,6 +169,7 @@ public:
public: void single_port_op();
public: void port_range();
public: void port_spec();
public: void tcp_udp_port_spec();
public: void pair_of_ports_spec();
public: void interface_command_6();
public: void interface_command_7();
@ -184,6 +190,7 @@ public:
public: void v6_static_address();
public: void v7_dhcp_address();
public: void v7_static_address();
public: void icmp_types_for_icmp_command();
public:
ANTLR_USE_NAMESPACE(antlr)RefAST getAST()
{
@ -195,10 +202,10 @@ protected:
private:
static const char* tokenNames[];
#ifndef NO_STATIC_CONSTS
static const int NUM_TOKENS = 146;
static const int NUM_TOKENS = 168;
#else
enum {
NUM_TOKENS = 146
NUM_TOKENS = 168
};
#endif
@ -252,6 +259,14 @@ private:
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_23;
static const unsigned long _tokenSet_24_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_24;
static const unsigned long _tokenSet_25_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_25;
static const unsigned long _tokenSet_26_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_26;
static const unsigned long _tokenSet_27_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_27;
static const unsigned long _tokenSet_28_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_28;
};
#endif /*INC_PIXCfgParser_hpp_*/

298
src/parsers/PIXCfgParserTokenTypes.hpp
View File

@ -16,144 +16,166 @@ struct CUSTOM_API PIXCfgParserTokenTypes {
QUIT = 5,
IP = 6,
COMMUNITY_LIST = 7,
NAMES = 8,
NAME = 9,
IPV4 = 10,
IPV6 = 11,
WORD = 12,
AH = 13,
EIGRP = 14,
ESP = 15,
GRE = 16,
IGMP = 17,
IGRP = 18,
IPINIP = 19,
IPSEC = 20,
NOS = 21,
OSPF = 22,
PCP = 23,
PIM = 24,
PPTP = 25,
SNP = 26,
OBJECT = 27,
NETWORK = 28,
NAT = 29,
DESCRIPTION = 30,
HOST = 31,
RANGE = 32,
SUBNET = 33,
SERVICE = 34,
ICMP = 35,
INT_CONST = 36,
ICMP6 = 37,
TCP = 38,
UDP = 39,
SOURCE = 40,
DESTINATION = 41,
OBJECT_GROUP = 42,
GROUP_OBJECT = 43,
NETWORK_OBJECT = 44,
PROTOCOL = 45,
PROTOCOL_OBJECT = 46,
ICMP_OBJECT = 47,
ICMP_TYPE = 48,
TCP_UDP = 49,
SERVICE_OBJECT = 50,
PORT_OBJECT = 51,
CRYPTO = 52,
NO = 53,
CERTIFICATE = 54,
PIX_WORD = 55,
ASA_WORD = 56,
VERSION_WORD = 57,
NUMBER = 58,
HOSTNAME = 59,
STRING = 60,
ACCESS_LIST = 61,
EXTENDED = 62,
PERMIT = 63,
DENY = 64,
STANDARD = 65,
P_EQ = 66,
P_GT = 67,
P_LT = 68,
P_NEQ = 69,
INTRFACE = 70,
ANY = 71,
LOG = 72,
LOG_INPUT = 73,
INTERVAL = 74,
ESTABLISHED = 75,
FRAGMENTS = 76,
TIME_RANGE = 77,
CONTROLLER = 78,
LINE_COMMENT = 79,
EXIT = 80,
AUI = 81,
AUTO = 82,
BNC = 83,
FULL = 84,
BASET = 85,
BASETX = 86,
NAMEIF = 87,
VLAN = 88,
SPEED = 89,
DUPLEX = 90,
DDNS = 91,
FORWARD = 92,
DELAY = 93,
HOLD_TIME = 94,
IPV6_C = 95,
MAC_ADDRESS = 96,
MULTICAST = 97,
PPPOE = 98,
RIP = 99,
SEC_LEVEL = 100,
SHUTDOWN = 101,
ADDRESS = 102,
DHCP = 103,
STANDBY = 104,
SWITCHPORT = 105,
ACCESS = 106,
REMARK = 107,
ACCESS_GROUP = 108,
COLON_COMMENT = 109,
SECONDARY = 110,
SETROUTE = 111,
Whitespace = 112,
HEX_CONST = 113,
NEG_INT_CONST = 114,
DIGIT = 115,
HEXDIGIT = 116,
NUMBER_ADDRESS_OR_WORD = 117,
PIPE_CHAR = 118,
NUMBER_SIGN = 119,
PERCENT = 120,
AMPERSAND = 121,
APOSTROPHE = 122,
OPENING_PAREN = 123,
CLOSING_PAREN = 124,
STAR = 125,
PLUS = 126,
COMMA = 127,
MINUS = 128,
DOT = 129,
SLASH = 130,
COLON = 131,
SEMICOLON = 132,
LESS_THAN = 133,
EQUALS = 134,
GREATER_THAN = 135,
QUESTION = 136,
COMMERCIAL_AT = 137,
OPENING_SQUARE = 138,
CLOSING_SQUARE = 139,
CARET = 140,
UNDERLINE = 141,
OPENING_BRACE = 142,
CLOSING_BRACE = 143,
TILDE = 144,
EXLAMATION = 145,
TIMEOUT = 8,
NAMES = 9,
NAME = 10,
IPV4 = 11,
IPV6 = 12,
WORD = 13,
AH = 14,
EIGRP = 15,
ESP = 16,
GRE = 17,
IGMP = 18,
IGRP = 19,
IPINIP = 20,
IPSEC = 21,
NOS = 22,
OSPF = 23,
PCP = 24,
PIM = 25,
PPTP = 26,
SNP = 27,
OBJECT = 28,
NETWORK = 29,
NAT = 30,
DESCRIPTION = 31,
HOST = 32,
RANGE = 33,
SUBNET = 34,
SERVICE = 35,
ICMP = 36,
INT_CONST = 37,
ICMP6 = 38,
TCP = 39,
UDP = 40,
SOURCE = 41,
DESTINATION = 42,
OBJECT_GROUP = 43,
GROUP_OBJECT = 44,
NETWORK_OBJECT = 45,
PROTOCOL = 46,
PROTOCOL_OBJECT = 47,
ICMP_OBJECT = 48,
ICMP_TYPE = 49,
TCP_UDP = 50,
SERVICE_OBJECT = 51,
PORT_OBJECT = 52,
CRYPTO = 53,
NO = 54,
CERTIFICATE = 55,
PIX_WORD = 56,
ASA_WORD = 57,
VERSION_WORD = 58,
NUMBER = 59,
HOSTNAME = 60,
STRING = 61,
ACCESS_LIST = 62,
EXTENDED = 63,
PERMIT = 64,
DENY = 65,
STANDARD = 66,
ALTERNATE_ADDRESS = 67,
CONVERSION_ERROR = 68,
ECHO = 69,
ECHO_REPLY = 70,
INFORMATION_REPLY = 71,
INFORMATION_REQUEST = 72,
MASK_REPLY = 73,
MASK_REQUEST = 74,
MOBILE_REDIRECT = 75,
PARAMETER_PROBLEM = 76,
REDIRECT = 77,
ROUTER_ADVERTISEMENT = 78,
ROUTER_SOLICITATION = 79,
SOURCE_QUENCH = 80,
TIME_EXCEEDED = 81,
TIMESTAMP_REPLY = 82,
TIMESTAMP_REQUEST = 83,
TRACEROUTE = 84,
UNREACHABLE = 85,
P_EQ = 86,
P_GT = 87,
P_LT = 88,
P_NEQ = 89,
SSH = 90,
TELNET = 91,
INTRFACE = 92,
ANY = 93,
LOG = 94,
LOG_INPUT = 95,
INTERVAL = 96,
ESTABLISHED = 97,
FRAGMENTS = 98,
TIME_RANGE = 99,
CONTROLLER = 100,
LINE_COMMENT = 101,
EXIT = 102,
AUI = 103,
AUTO = 104,
BNC = 105,
FULL = 106,
BASET = 107,
BASETX = 108,
NAMEIF = 109,
VLAN = 110,
SPEED = 111,
DUPLEX = 112,
DDNS = 113,
FORWARD = 114,
DELAY = 115,
HOLD_TIME = 116,
IPV6_C = 117,
MAC_ADDRESS = 118,
MULTICAST = 119,
PPPOE = 120,
RIP = 121,
SEC_LEVEL = 122,
SHUTDOWN = 123,
ADDRESS = 124,
DHCP = 125,
STANDBY = 126,
SWITCHPORT = 127,
ACCESS = 128,
REMARK = 129,
ACCESS_GROUP = 130,
COLON_COMMENT = 131,
SECONDARY = 132,
SETROUTE = 133,
Whitespace = 134,
HEX_CONST = 135,
NEG_INT_CONST = 136,
DIGIT = 137,
HEXDIGIT = 138,
NUMBER_ADDRESS_OR_WORD = 139,
PIPE_CHAR = 140,
NUMBER_SIGN = 141,
PERCENT = 142,
AMPERSAND = 143,
APOSTROPHE = 144,
OPENING_PAREN = 145,
CLOSING_PAREN = 146,
STAR = 147,
PLUS = 148,
COMMA = 149,
MINUS = 150,
DOT = 151,
SLASH = 152,
COLON = 153,
SEMICOLON = 154,
LESS_THAN = 155,
EQUALS = 156,
GREATER_THAN = 157,
QUESTION = 158,
COMMERCIAL_AT = 159,
OPENING_SQUARE = 160,
CLOSING_SQUARE = 161,
CARET = 162,
UNDERLINE = 163,
OPENING_BRACE = 164,
CLOSING_BRACE = 165,
TILDE = 166,
EXLAMATION = 167,
NULL_TREE_LOOKAHEAD = 3
};
#ifdef __cplusplus

298
src/parsers/PIXCfgParserTokenTypes.txt
View File

@ -4,141 +4,163 @@ NEWLINE=4
QUIT="quit"=5
IP="ip"=6
COMMUNITY_LIST="community-list"=7
NAMES="names"=8
NAME="name"=9
IPV4=10
IPV6=11
WORD=12
AH="ah"=13
EIGRP="eigrp"=14
ESP="esp"=15
GRE="gre"=16
IGMP="igmp"=17
IGRP="igrp"=18
IPINIP="ipinip"=19
IPSEC="ipsec"=20
NOS="nos"=21
OSPF="ospf"=22
PCP="pcp"=23
PIM="pim"=24
PPTP="pptp"=25
SNP="snp"=26
OBJECT=27
NETWORK="network"=28
NAT="nat"=29
DESCRIPTION="description"=30
HOST="host"=31
RANGE="range"=32
SUBNET="subnet"=33
SERVICE="service"=34
ICMP="icmp"=35
INT_CONST=36
ICMP6="icmp6"=37
TCP="tcp"=38
UDP="udp"=39
SOURCE="source"=40
DESTINATION="destination"=41
OBJECT_GROUP=42
GROUP_OBJECT="group-object"=43
NETWORK_OBJECT="network-object"=44
PROTOCOL="protocol"=45
PROTOCOL_OBJECT="protocol-object"=46
ICMP_OBJECT="icmp-object"=47
ICMP_TYPE="icmp-type"=48
TCP_UDP="tcp-udp"=49
SERVICE_OBJECT="service-object"=50
PORT_OBJECT="port-object"=51
CRYPTO="crypto"=52
NO="no"=53
CERTIFICATE="certificate"=54
PIX_WORD="PIX"=55
ASA_WORD="ASA"=56
VERSION_WORD="Version"=57
NUMBER=58
HOSTNAME="hostname"=59
STRING=60
ACCESS_LIST="access-list"=61
EXTENDED="extended"=62
PERMIT="permit"=63
DENY="deny"=64
STANDARD="standard"=65
P_EQ="eq"=66
P_GT="gt"=67
P_LT="lt"=68
P_NEQ="neq"=69
INTRFACE="interface"=70
ANY="any"=71
LOG="log"=72
LOG_INPUT="log-input"=73
INTERVAL="interval"=74
ESTABLISHED="established"=75
FRAGMENTS="fragments"=76
TIME_RANGE="time-range"=77
CONTROLLER="controller"=78
LINE_COMMENT=79
EXIT="exit"=80
AUI="aui"=81
AUTO="auto"=82
BNC="bnc"=83
FULL="full"=84
BASET="baseT"=85
BASETX="baseTX"=86
NAMEIF="nameif"=87
VLAN="vlan"=88
SPEED="speed"=89
DUPLEX="duplex"=90
DDNS="ddns"=91
FORWARD="forward"=92
DELAY="delay"=93
HOLD_TIME="hold-time"=94
IPV6_C="ipv6"=95
MAC_ADDRESS="mac-address"=96
MULTICAST="multicast"=97
PPPOE=98
RIP="rip"=99
SEC_LEVEL="security-level"=100
SHUTDOWN="shutdown"=101
ADDRESS="address"=102
DHCP="dhcp"=103
STANDBY="standby"=104
SWITCHPORT="switchport"=105
ACCESS="access"=106
REMARK="remark"=107
ACCESS_GROUP="access-group"=108
COLON_COMMENT=109
SECONDARY="secondary"=110
SETROUTE="setroute"=111
Whitespace=112
HEX_CONST=113
NEG_INT_CONST=114
DIGIT=115
HEXDIGIT=116
NUMBER_ADDRESS_OR_WORD=117
PIPE_CHAR=118
NUMBER_SIGN=119
PERCENT=120
AMPERSAND=121
APOSTROPHE=122
OPENING_PAREN=123
CLOSING_PAREN=124
STAR=125
PLUS=126
COMMA=127
MINUS=128
DOT=129
SLASH=130
COLON=131
SEMICOLON=132
LESS_THAN=133
EQUALS=134
GREATER_THAN=135
QUESTION=136
COMMERCIAL_AT=137
OPENING_SQUARE=138
CLOSING_SQUARE=139
CARET=140
UNDERLINE=141
OPENING_BRACE=142
CLOSING_BRACE=143
TILDE=144
EXLAMATION=145
TIMEOUT="timeout"=8
NAMES="names"=9
NAME="name"=10
IPV4=11
IPV6=12
WORD=13
AH="ah"=14
EIGRP="eigrp"=15
ESP="esp"=16
GRE="gre"=17
IGMP="igmp"=18
IGRP="igrp"=19
IPINIP="ipinip"=20
IPSEC="ipsec"=21
NOS="nos"=22
OSPF="ospf"=23
PCP="pcp"=24
PIM="pim"=25
PPTP="pptp"=26
SNP="snp"=27
OBJECT=28
NETWORK="network"=29
NAT="nat"=30
DESCRIPTION="description"=31
HOST="host"=32
RANGE="range"=33
SUBNET="subnet"=34
SERVICE="service"=35
ICMP="icmp"=36
INT_CONST=37
ICMP6="icmp6"=38
TCP="tcp"=39
UDP="udp"=40
SOURCE="source"=41
DESTINATION="destination"=42
OBJECT_GROUP=43
GROUP_OBJECT="group-object"=44
NETWORK_OBJECT="network-object"=45
PROTOCOL="protocol"=46
PROTOCOL_OBJECT="protocol-object"=47
ICMP_OBJECT="icmp-object"=48
ICMP_TYPE="icmp-type"=49
TCP_UDP="tcp-udp"=50
SERVICE_OBJECT="service-object"=51
PORT_OBJECT="port-object"=52
CRYPTO="crypto"=53
NO="no"=54
CERTIFICATE="certificate"=55
PIX_WORD="PIX"=56
ASA_WORD="ASA"=57
VERSION_WORD="Version"=58
NUMBER=59
HOSTNAME="hostname"=60
STRING=61
ACCESS_LIST="access-list"=62
EXTENDED="extended"=63
PERMIT="permit"=64
DENY="deny"=65
STANDARD="standard"=66
ALTERNATE_ADDRESS="alternate-address"=67
CONVERSION_ERROR="conversion-error"=68
ECHO="echo"=69
ECHO_REPLY="echo-reply"=70
INFORMATION_REPLY="information-reply"=71
INFORMATION_REQUEST="information-request"=72
MASK_REPLY="mask-reply"=73
MASK_REQUEST="mask-request"=74
MOBILE_REDIRECT="mobile-redirect"=75
PARAMETER_PROBLEM="parameter-problem"=76
REDIRECT="redirect"=77
ROUTER_ADVERTISEMENT="router-advertisement"=78
ROUTER_SOLICITATION="router-solicitation"=79
SOURCE_QUENCH="source-quench"=80
TIME_EXCEEDED="time-exceeded"=81
TIMESTAMP_REPLY="timestamp-reply"=82
TIMESTAMP_REQUEST="timestamp-request"=83
TRACEROUTE="traceroute"=84
UNREACHABLE="unreachable"=85
P_EQ="eq"=86
P_GT="gt"=87
P_LT="lt"=88
P_NEQ="neq"=89
SSH="ssh"=90
TELNET="telnet"=91
INTRFACE="interface"=92
ANY="any"=93
LOG="log"=94
LOG_INPUT="log-input"=95
INTERVAL="interval"=96
ESTABLISHED="established"=97
FRAGMENTS="fragments"=98
TIME_RANGE="time-range"=99
CONTROLLER="controller"=100
LINE_COMMENT=101
EXIT="exit"=102
AUI="aui"=103
AUTO="auto"=104
BNC="bnc"=105
FULL="full"=106
BASET="baseT"=107
BASETX="baseTX"=108
NAMEIF="nameif"=109
VLAN="vlan"=110
SPEED="speed"=111
DUPLEX="duplex"=112
DDNS="ddns"=113
FORWARD="forward"=114
DELAY="delay"=115
HOLD_TIME="hold-time"=116
IPV6_C="ipv6"=117
MAC_ADDRESS="mac-address"=118
MULTICAST="multicast"=119
PPPOE=120
RIP="rip"=121
SEC_LEVEL="security-level"=122
SHUTDOWN="shutdown"=123
ADDRESS="address"=124
DHCP="dhcp"=125
STANDBY="standby"=126
SWITCHPORT="switchport"=127
ACCESS="access"=128
REMARK="remark"=129
ACCESS_GROUP="access-group"=130
COLON_COMMENT=131
SECONDARY="secondary"=132
SETROUTE="setroute"=133
Whitespace=134
HEX_CONST=135
NEG_INT_CONST=136
DIGIT=137
HEXDIGIT=138
NUMBER_ADDRESS_OR_WORD=139
PIPE_CHAR=140
NUMBER_SIGN=141
PERCENT=142
AMPERSAND=143
APOSTROPHE=144
OPENING_PAREN=145
CLOSING_PAREN=146
STAR=147
PLUS=148
COMMA=149
MINUS=150
DOT=151
SLASH=152
COLON=153
SEMICOLON=154
LESS_THAN=155
EQUALS=156
GREATER_THAN=157
QUESTION=158
COMMERCIAL_AT=159
OPENING_SQUARE=160
CLOSING_SQUARE=161
CARET=162
UNDERLINE=163
OPENING_BRACE=164
CLOSING_BRACE=165
TILDE=166
EXLAMATION=167

279
src/parsers/pix.g
View File

@ -1,4 +1,4 @@
/*
/*
Firewall Builder
@ -15,7 +15,7 @@
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
To get a copy of the GNU General Public License, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
@ -82,7 +82,7 @@ options
// additional methods and members
public:
std::ostream *dbg;
PIXImporter *importer;
@ -119,7 +119,7 @@ cfgfile :
|
community_list_command
|
unknown_ip_command
unknown_ip_command
|
intrface
|
@ -128,6 +128,12 @@ cfgfile :
controller
|
access_list_commands
|
ssh_command
|
telnet_command
|
icmp_top_level_command
|
access_group
|
@ -158,6 +164,8 @@ cfgfile :
crypto
|
no_commands
|
timeout_command
|
unknown_command
|
@ -173,7 +181,14 @@ quit : QUIT
;
//****************************************************************
community_list_command : IP COMMUNITY_LIST
community_list_command : IP COMMUNITY_LIST
{
consumeUntil(NEWLINE);
}
;
//****************************************************************
timeout_command : TIMEOUT
{
consumeUntil(NEWLINE);
}
@ -237,7 +252,7 @@ named_object_network : OBJECT NETWORK name:WORD
)*
;
named_object_network_parameters :
named_object_network_parameters :
(
named_object_nat
|
@ -246,7 +261,7 @@ named_object_network_parameters :
range_addr
|
subnet_addr
|
|
named_object_description
)
;
@ -361,7 +376,7 @@ named_object_service_parameters :
|
named_object_description
)
;
;
service_icmp : SERVICE ICMP
(
@ -369,9 +384,10 @@ service_icmp : SERVICE ICMP
{
importer->icmp_type = LT(0)->getText();
}
| icmp_word:WORD
|
icmp_names
{
importer->icmp_spec = icmp_word->getText();
importer->icmp_spec = LT(0)->getText();
}
)
{
@ -461,7 +477,7 @@ object_group_network : OBJECT_GROUP NETWORK name:WORD
)+
;
object_group_network_parameters :
object_group_network_parameters :
NEWLINE
(
object_group_description
@ -559,7 +575,7 @@ object_group_protocol : OBJECT_GROUP PROTOCOL name:WORD
)+
;
object_group_protocol_parameters :
object_group_protocol_parameters :
NEWLINE
(
object_group_description
@ -627,7 +643,7 @@ object_group_icmp_8_3 : OBJECT_GROUP ICMP_TYPE name:WORD
)*
;
object_group_icmp_parameters :
object_group_icmp_parameters :
NEWLINE
(
object_group_description
@ -649,9 +665,10 @@ icmp_object : ICMP_OBJECT
{
importer->icmp_type = LT(0)->getText();
}
| icmp_word:WORD
|
icmp_names
{
importer->icmp_spec = icmp_word->getText();
importer->icmp_spec = LT(0)->getText();
}
)
{
@ -685,7 +702,7 @@ object_group_service : OBJECT_GROUP SERVICE name:WORD ( tcp:TCP | udp:UDP | tcpu
)+
;
object_group_service_parameters :
object_group_service_parameters :
NEWLINE
(
object_group_description
@ -729,9 +746,10 @@ service_object : SERVICE_OBJECT
{
importer->icmp_type = LT(0)->getText();
}
| icmp_word:WORD
|
icmp_names
{
importer->icmp_spec = icmp_word->getText();
importer->icmp_spec = LT(0)->getText();
}
)
{
@ -764,21 +782,21 @@ crypto : CRYPTO
;
//****************************************************************
unknown_ip_command : IP WORD
unknown_ip_command : IP WORD
{
consumeUntil(NEWLINE);
}
;
//****************************************************************
unknown_command : WORD
unknown_command : WORD
{
consumeUntil(NEWLINE);
}
;
//****************************************************************
no_commands : NO
no_commands : NO
{
*dbg << " TOP LEVEL \"NO\" COMMAND: "
<< LT(0)->getText() << std::endl;
@ -787,7 +805,7 @@ no_commands : NO
;
//****************************************************************
certificate : CERTIFICATE WORD
certificate : CERTIFICATE WORD
{
consumeUntil(NEWLINE);
consumeUntil(QUIT);
@ -817,7 +835,7 @@ hostname : HOSTNAME ( STRING | WORD )
//****************************************************************
access_list_commands : ACCESS_LIST name:WORD
access_list_commands : ACCESS_LIST name:WORD
{
importer->clear();
importer->setCurrentLineNumber(LT(0)->getLine());
@ -848,7 +866,7 @@ access_list_commands : ACCESS_LIST name:WORD
;
//****************************************************************
permit_extended: ( EXTENDED )? PERMIT
permit_extended: ( EXTENDED )? PERMIT
{
importer->setCurrentLineNumber(LT(0)->getLine());
importer->newPolicyRule();
@ -874,7 +892,7 @@ deny_extended: ( EXTENDED )? DENY
}
;
permit_standard: STANDARD PERMIT
permit_standard: STANDARD PERMIT
{
importer->setCurrentLineNumber(LT(0)->getLine());
importer->newPolicyRule();
@ -904,7 +922,7 @@ deny_standard: STANDARD DENY
// the difference between standard and extended acls should be in these rules
// standard acl only matches destination address
rule_standard :
rule_standard :
{
importer->tmp_a = "0.0.0.0";
importer->tmp_nm = "0.0.0.0";
@ -917,7 +935,7 @@ rule_standard :
}
;
rule_extended :
rule_extended :
(
ip_protocols
hostaddr_expr { importer->SaveTmpAddrToSrc(); *dbg << "(src) "; }
@ -945,7 +963,7 @@ rule_extended :
}
;
tcp_udp_rule_extended :
tcp_udp_rule_extended :
( TCP | UDP )
{
importer->protocol = LT(0)->getText();
@ -986,7 +1004,7 @@ tcp_udp_rule_extended :
)
|
// not "object-group" keyword after src address spec.
OBJECT dst_addr_name:WORD (acl_xoperator_dst)? (established)?
OBJECT dst_addr_name:WORD (acl_xoperator_dst)? (established)?
{
// looks like "object foo" at this point can only be dest addr.
// (judging by cli prompts on 8.3)
@ -1015,7 +1033,7 @@ tcp_udp_rule_extended :
//****************************************************************
acl_tcp_udp_dst_port_spec :
acl_tcp_udp_dst_port_spec :
(
// destination port spec. Can be blank, a named
// object, object-group or inline
@ -1028,7 +1046,7 @@ acl_tcp_udp_dst_port_spec :
*dbg << "dst port spec: "
<< dst_port_group_name->getText() << std::endl;
}
(established)?
(established)?
)
|
// not "object-group"
@ -1038,12 +1056,12 @@ acl_tcp_udp_dst_port_spec :
*dbg << "dst addr object " << dst_port_obj_name->getText()
<< std::endl;
}
(established)?
(established)?
|
// if not object-group and object, then it can optionally
// be regular inline port spec
(acl_xoperator_dst)?
(established)?
(established)?
)
;
@ -1084,14 +1102,26 @@ icmp_spec :
<< icmp_code->getText() << " ";
}
|
icmp_word:WORD
icmp_names
{
importer->icmp_spec = icmp_word->getText();
*dbg << icmp_word->getText() << " ";
importer->icmp_spec = LT(0)->getText();
*dbg << LT(0)->getText() << " ";
}
)
;
icmp_names :
(
ALTERNATE_ADDRESS | CONVERSION_ERROR | ECHO |
ECHO_REPLY | INFORMATION_REPLY | INFORMATION_REQUEST |
MASK_REPLY | MASK_REQUEST | MOBILE_REDIRECT |
PARAMETER_PROBLEM | REDIRECT | ROUTER_ADVERTISEMENT |
ROUTER_SOLICITATION | SOURCE_QUENCH | TIME_EXCEEDED |
TIMESTAMP_REPLY | TIMESTAMP_REQUEST | TRACEROUTE |
UNREACHABLE
)
;
single_port_op : (P_EQ | P_GT | P_LT | P_NEQ )
{
importer->tmp_port_op = LT(0)->getText();
@ -1100,9 +1130,9 @@ single_port_op : (P_EQ | P_GT | P_LT | P_NEQ )
port_spec
;
port_spec : (WORD|INT_CONST)
port_spec : tcp_udp_port_spec
{
importer->tmp_port_spec = (std::string(" ") + LT(0)->getText());
importer->tmp_port_spec = std::string(" ") + importer->tmp_port_spec_2;
*dbg << LT(0)->getText() << " " << importer->tmp_port_spec;
}
;
@ -1114,18 +1144,28 @@ port_range : RANGE pair_of_ports_spec
}
;
pair_of_ports_spec : (s1:WORD|s2:INT_CONST) (e1:WORD|e2:INT_CONST)
pair_of_ports_spec :
{
importer->tmp_port_spec_2 = "";
}
tcp_udp_port_spec
{
importer->tmp_port_spec += importer->tmp_port_spec_2;
}
tcp_udp_port_spec
{
importer->tmp_port_spec = "";
if (s1) importer->tmp_port_spec += s1->getText();
if (s2) importer->tmp_port_spec += s2->getText();
importer->tmp_port_spec += " ";
if (e1) importer->tmp_port_spec += e1->getText();
if (e2) importer->tmp_port_spec += e2->getText();
*dbg << "pair of ports: " << importer->tmp_port_spec;
importer->tmp_port_spec += importer->tmp_port_spec_2;
}
;
tcp_udp_port_spec : (SSH | TELNET | WORD | INT_CONST)
{
importer->tmp_port_spec_2 = LT(0)->getText();
}
;
// using these to help with debugging
hostaddr_expr_1 : hostaddr_expr ;
hostaddr_expr_2 : hostaddr_expr ;
@ -1152,14 +1192,14 @@ hostaddr_expr :
importer->tmp_nm = "255.255.255.255";
*dbg << h->getText() << "/255.255.255.255";
}
|
|
(a:IPV4 m:IPV4)
{
importer->tmp_a = a->getText();
importer->tmp_nm = m->getText();
*dbg << a->getText() << "/" << m->getText();
}
|
|
ANY
{
importer->tmp_a = "0.0.0.0";
@ -1293,7 +1333,7 @@ nameif_top_level : NAMEIF p_intf:WORD intf_label:WORD sec_level:WORD
}
;
interface_parameters :
{
importer->setCurrentLineNumber(LT(0)->getLine());
@ -1327,7 +1367,7 @@ vlan_interface : VLAN vlan_id:INT_CONST
}
;
unsupported_interface_commands :
unsupported_interface_commands :
(
SPEED
|
@ -1391,7 +1431,7 @@ sec_level : SEC_LEVEL sec_level:INT_CONST
// context in the grammar, function setInterfaceParametes() can locate
// right interface using its first parameter.
//
nameif : NAMEIF p_intf:WORD
nameif : NAMEIF p_intf:WORD
(
( WORD ) => intf_label:WORD sec_level:WORD |
( )
@ -1444,13 +1484,13 @@ shutdown : SHUTDOWN
// vlan 101
// nameif outside
// security-level 0
// ip address 192.0.2.253 255.255.255.0
// ip address 192.0.2.253 255.255.255.0
// !
//
// interface Vlan1
// nameif inside
// security-level 100
// ip address dhcp setroute
// ip address dhcp setroute
// !
intf_address : IP ADDRESS (v6_ip_address | v7_ip_address) ;
@ -1526,6 +1566,111 @@ switchport : SWITCHPORT ACCESS VLAN vlan_num:INT_CONST
}
;
//****************************************************************
// pretend ssh commands are rules in access lists with names
// "ssh_commands_" + interface_label
ssh_command : SSH ( ( TIMEOUT INT_CONST ) |
( hostaddr_expr intf_label:WORD )
{
importer->clear();
std::string acl_name = "ssh_commands_" + intf_label->getText();
importer->setCurrentLineNumber(LT(0)->getLine());
importer->newUnidirRuleSet(acl_name, libfwbuilder::Policy::TYPENAME );
importer->newPolicyRule();
importer->action = "permit";
importer->SaveTmpAddrToDst();
importer->setDstSelf();
importer->protocol = "tcp";
importer->dst_port_op = "eq";
importer->dst_port_spec = "ssh";
importer->setInterfaceAndDirectionForRuleSet(
acl_name, intf_label->getText(), "in" );
importer->pushRule();
}
)
;
telnet_command : TELNET ( ( TIMEOUT INT_CONST ) |
( hostaddr_expr intf_label:WORD )
{
importer->clear();
std::string acl_name = "telnet_commands_" + intf_label->getText();
importer->setCurrentLineNumber(LT(0)->getLine());
importer->newUnidirRuleSet(acl_name, libfwbuilder::Policy::TYPENAME );
importer->newPolicyRule();
importer->action = "permit";
importer->SaveTmpAddrToDst();
importer->setDstSelf();
importer->protocol = "tcp";
importer->dst_port_op = "eq";
importer->dst_port_spec = "telnet";
importer->setInterfaceAndDirectionForRuleSet(
acl_name, intf_label->getText(), "in" );
importer->pushRule();
}
)
;
// icmp command is non-determenistic syntactically because WORD can be
// used as a name of icmp type or as interface label. I am going to
// define all icmp types as tokens in icmp_types_for_icmp_command
// Looks like "icmp" command accepts limited set of icmp type names
// and can accept numeric code.
//
icmp_top_level_command : ICMP
(
( UNREACHABLE
{
consumeUntil(NEWLINE);
}
)
|
(
(permit:PERMIT | deny:DENY)
{
importer->clear();
}
hostaddr_expr
{
importer->SaveTmpAddrToSrc();
}
( icmp_types_for_icmp_command )?
intf_label:WORD
{
std::string acl_name = "icmp_commands_" + intf_label->getText();
importer->setCurrentLineNumber(LT(0)->getLine());
importer->newUnidirRuleSet(acl_name, libfwbuilder::Policy::TYPENAME );
importer->newPolicyRule();
if (permit) importer->action = "permit";
if (deny) importer->action = "deny";
importer->setDstSelf();
importer->protocol = "icmp";
importer->setInterfaceAndDirectionForRuleSet(
acl_name, intf_label->getText(), "in" );
importer->pushRule();
}
)
)
;
icmp_types_for_icmp_command :
INT_CONST
{
importer->icmp_type = LT(0)->getText();
importer->icmp_code = "0";
importer->icmp_spec = "";
}
|
(ECHO | ECHO_REPLY | TIME_EXCEEDED | UNREACHABLE)
{
importer->icmp_type = "";
importer->icmp_code = "0";
importer->icmp_spec = LT(0)->getText();
}
;
//****************************************************************
// remark. According to the Cisco docs, can only be used
@ -1604,7 +1749,7 @@ tokens
HOSTNAME = "hostname";
CERTIFICATE = "certificate";
INTRFACE = "interface";
CONTROLLER = "controller";
DESCRIPTION = "description";
@ -1719,6 +1864,8 @@ tokens
NAT = "nat";
SSH = "ssh";
TELNET = "telnet";
AUI = "aui";
AUTO = "auto";
@ -1727,6 +1874,28 @@ tokens
FULL = "full";
BASETX = "baseTX";
TIMEOUT = "timeout";
ALTERNATE_ADDRESS = "alternate-address";
CONVERSION_ERROR = "conversion-error";
ECHO = "echo";
ECHO_REPLY = "echo-reply";
INFORMATION_REPLY = "information-reply";
INFORMATION_REQUEST = "information-request";
MASK_REPLY = "mask-reply";
MASK_REQUEST = "mask-request";
MOBILE_REDIRECT = "mobile-redirect";
PARAMETER_PROBLEM = "parameter-problem";
REDIRECT = "redirect";
ROUTER_ADVERTISEMENT = "router-advertisement";
ROUTER_SOLICITATION = "router-solicitation";
SOURCE_QUENCH = "source-quench";
TIME_EXCEEDED = "time-exceeded";
TIMESTAMP_REPLY = "timestamp-reply";
TIMESTAMP_REQUEST = "timestamp-request";
TRACEROUTE = "traceroute";
UNREACHABLE = "unreachable";
}
LINE_COMMENT : "!" (~('\r' | '\n'))* NEWLINE ;
@ -1770,7 +1939,7 @@ protected
OBJECT_GROUP :;
NUMBER_ADDRESS_OR_WORD :
NUMBER_ADDRESS_OR_WORD :
(
( DIGIT ) =>
(
@ -1793,7 +1962,7 @@ NUMBER_ADDRESS_OR_WORD :
|
("obj" "ect") =>
(
"object"
"object"
(
("-gr" "oup") { _ttype = OBJECT_GROUP; }
|

15
src/unit_tests/ImporterTest/test_data/asa8.0.test
View File

@ -105,7 +105,22 @@ pager lines 24
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
icmp permit any echo outside
icmp permit any 111 outside
icmp permit any time-exceeded outside
icmp permit any echo-reply outside
icmp permit any unreachable outside
icmp permit any outside
icmp permit host 10.1.1.202 time-exceeded inside
icmp permit host 10.1.1.202 echo-reply inside
icmp permit host 10.1.1.202 unreachable inside
icmp permit any echo inside
icmp permit any time-exceeded inside
icmp permit any echo-reply inside
icmp permit any unreachable inside
icmp permit any inside
icmp permit 10.1.1.0 255.255.255.0 inside
no asdm history enable
arp timeout 14400
timeout xlate 3:00:00

13
src/unit_tests/ImporterTest/test_data/pix6.test
View File

@ -138,6 +138,7 @@ logging device-id ipaddress inside
logging host inside 10.1.1.10
logging host inside 10.1.1.40 format emblem
icmp permit any echo outside
icmp permit any 111 outside
icmp permit any time-exceeded outside
icmp permit any echo-reply outside
icmp permit any unreachable outside
@ -151,6 +152,13 @@ icmp permit any echo-reply inside
icmp permit any unreachable inside
icmp permit any inside
icmp permit 10.1.1.0 255.255.255.0 inside
telnet 10.1.1.0 255.255.255.0 inside
telnet timeout 5
ssh 10.1.1.30 255.255.255.255 inside
ssh 10.1.1.0 255.255.255.0 inside
ssh timeout 5
mtu outside 1500
mtu inside 1500
ip address outside dhcp setroute retry 10
@ -224,11 +232,6 @@ isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
telnet 10.1.1.0 255.255.255.0 inside
telnet timeout 5
ssh 10.1.1.30 255.255.255.255 inside
ssh 10.1.1.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
username foo password AAAAAAAAAAAAAAAA encrypted privilege 15
terminal width 256

2
src/unit_tests/ImporterTest/test_data/pix7.test
View File

@ -165,6 +165,8 @@ tunnel-group 192.0.2.254 ipsec-attributes
telnet timeout 5
ssh scopy enable
ssh 10.1.1.0 255.255.255.0 inside
ssh 10.1.2.0 255.255.255.0 inside
ssh 192.0.2.100 255.255.255.255 outside
ssh timeout 20
console timeout 0
!