From 60d0c4e308add1964da4f5e71437eef0701eb974 Mon Sep 17 00:00:00 2001 From: Vadim Kurland Date: Fri, 25 Mar 2011 19:31:06 -0700 Subject: [PATCH] * parsers/pix.g (icmp_top_level_command): see #2164 Implemented import of "ssh", "telnet" and "icmp" PIX/ASA commands. These commands are imported as regular rules in the main Policy ruleset. --- doc/ChangeLog | 4 + src/import/Importer.cpp | 20 + src/import/Importer.h | 4 + src/parsers/PIXCfgLexer.cpp | 451 +++-- src/parsers/PIXCfgParser.cpp | 1749 ++++++++++++----- src/parsers/PIXCfgParser.hpp | 21 +- src/parsers/PIXCfgParserTokenTypes.hpp | 298 +-- src/parsers/PIXCfgParserTokenTypes.txt | 298 +-- src/parsers/pix.g | 279 ++- .../ImporterTest/test_data/asa8.0.test | 15 + .../ImporterTest/test_data/pix6.test | 13 +- .../ImporterTest/test_data/pix7.test | 2 + 12 files changed, 2107 insertions(+), 1047 deletions(-) diff --git a/doc/ChangeLog b/doc/ChangeLog index 27384ebad..6b1a1ca7f 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,5 +1,9 @@ 2011-03-25 vadim + * parsers/pix.g (icmp_top_level_command): see #2164 Implemented + import of "ssh", "telnet" and "icmp" PIX/ASA commands. These + commands are imported as regular rules in the main Policy ruleset. + * PIXImporter.cpp (finalize): see #2277 "Create policy objects for ASA access-lists that are not applied in an access-group". Policy rule set will be created and populated with rules found in the diff --git a/src/import/Importer.cpp b/src/import/Importer.cpp index 3216d2030..04ab89b91 100644 --- a/src/import/Importer.cpp +++ b/src/import/Importer.cpp @@ -534,8 +534,23 @@ void Importer::pushRule() clear(); } +void Importer::setSrcSelf() +{ + src_a = "self"; +} + +void Importer::setDstSelf() +{ + dst_a = "self"; +} + FWObject* Importer::makeSrcObj() { + if (src_a == "self") + { + return getFirewallObject(); + } + if ( (src_a=="" && src_nm=="") || (src_a==InetAddr::getAny().toString() && src_nm==InetAddr::getAny().toString())) @@ -553,6 +568,11 @@ FWObject* Importer::makeSrcObj() FWObject* Importer::makeDstObj() { + if (dst_a == "self") + { + return getFirewallObject(); + } + if ( (dst_a=="" && dst_nm=="") || (dst_a==InetAddr::getAny().toString() && dst_nm==InetAddr::getAny().toString())) diff --git a/src/import/Importer.h b/src/import/Importer.h index 95ea28339..4ef0762d2 100644 --- a/src/import/Importer.h +++ b/src/import/Importer.h @@ -220,6 +220,7 @@ public: std::string tmp_nm; std::string tmp_port_op; std::string tmp_port_spec; + std::string tmp_port_spec_2; std::string tmp_range_1; std::string tmp_range_2; @@ -245,6 +246,9 @@ public: void SaveTmpPortToSrc(); void SaveTmpPortToDst(); + void setSrcSelf(); + void setDstSelf(); + virtual void clear(); Importer(libfwbuilder::FWObject *lib, diff --git a/src/parsers/PIXCfgLexer.cpp b/src/parsers/PIXCfgLexer.cpp index 20be88cb8..2dc667425 100644 --- a/src/parsers/PIXCfgLexer.cpp +++ b/src/parsers/PIXCfgLexer.cpp @@ -44,102 +44,124 @@ PIXCfgLexer::PIXCfgLexer(const ANTLR_USE_NAMESPACE(antlr)LexerSharedInputState& void PIXCfgLexer::initLiterals() { - literals["name"] = 9; - literals["names"] = 8; - literals["ospf"] = 22; - literals["established"] = 75; - literals["mac-address"] = 96; - literals["nameif"] = 87; - literals["subnet"] = 33; - literals["ipsec"] = 20; - literals["controller"] = 78; - literals["pcp"] = 23; - literals["remark"] = 107; - literals["access-list"] = 61; - literals["snp"] = 26; - literals["hostname"] = 59; - literals["hold-time"] = 94; - literals["tcp-udp"] = 49; + literals["name"] = 10; + literals["names"] = 9; + literals["ospf"] = 23; + literals["established"] = 97; + literals["mac-address"] = 118; + literals["nameif"] = 109; + literals["subnet"] = 34; + literals["ipsec"] = 21; + literals["controller"] = 100; + literals["pcp"] = 24; + literals["access-list"] = 62; + literals["remark"] = 129; + literals["telnet"] = 91; + literals["alternate-address"] = 67; + literals["timestamp-reply"] = 82; + literals["snp"] = 27; + literals["information-request"] = 72; + literals["hostname"] = 60; + literals["source-quench"] = 80; + literals["conversion-error"] = 68; + literals["timeout"] = 8; + literals["hold-time"] = 116; + literals["time-exceeded"] = 81; + literals["tcp-udp"] = 50; literals["community-list"] = 7; - literals["permit"] = 63; - literals["pptp"] = 25; - literals["interval"] = 74; - literals["aui"] = 81; - literals["security-level"] = 100; - literals["no"] = 53; - literals["source"] = 40; - literals["igrp"] = 18; - literals["group-object"] = 43; - literals["pim"] = 24; - literals["nos"] = 21; - literals["ipinip"] = 19; + literals["permit"] = 64; + literals["pptp"] = 26; + literals["interval"] = 96; + literals["parameter-problem"] = 76; + literals["aui"] = 103; + literals["ssh"] = 90; + literals["security-level"] = 122; + literals["no"] = 54; + literals["source"] = 41; + literals["igrp"] = 19; + literals["mobile-redirect"] = 75; + literals["group-object"] = 44; + literals["pim"] = 25; + literals["nos"] = 22; + literals["ipinip"] = 20; literals["quit"] = 5; - literals["crypto"] = 52; - literals["protocol"] = 45; - literals["icmp-type"] = 48; - literals["PIX"] = 55; - literals["icmp-object"] = 47; - literals["exit"] = 80; - literals["nat"] = 29; - literals["range"] = 32; - literals["service-object"] = 50; - literals["gre"] = 16; - literals["gt"] = 67; - literals["ah"] = 13; - literals["host"] = 31; - literals["baseTX"] = 86; - literals["secondary"] = 110; - literals["interface"] = 70; - literals["rip"] = 99; - literals["protocol-object"] = 46; - literals["icmp6"] = 37; - literals["standard"] = 65; - literals["network"] = 28; - literals["service"] = 34; - literals["vlan"] = 88; - literals["access"] = 106; - literals["bnc"] = 83; - literals["multicast"] = 97; - literals["any"] = 71; - literals["full"] = 84; - literals["dhcp"] = 103; - literals["speed"] = 89; - literals["deny"] = 64; - literals["neq"] = 69; - literals["esp"] = 15; - literals["address"] = 102; - literals["network-object"] = 44; - literals["shutdown"] = 101; - literals["delay"] = 93; - literals["auto"] = 82; - literals["certificate"] = 54; - literals["udp"] = 39; - literals["fragments"] = 76; - literals["eq"] = 66; - literals["destination"] = 41; - literals["duplex"] = 90; - literals["setroute"] = 111; - literals["baseT"] = 85; + literals["crypto"] = 53; + literals["protocol"] = 46; + literals["icmp-type"] = 49; + literals["PIX"] = 56; + literals["icmp-object"] = 48; + literals["exit"] = 102; + literals["nat"] = 30; + literals["range"] = 33; + literals["service-object"] = 51; + literals["gre"] = 17; + literals["information-reply"] = 71; + literals["gt"] = 87; + literals["mask-reply"] = 73; + literals["router-solicitation"] = 79; + literals["ah"] = 14; + literals["host"] = 32; + literals["mask-request"] = 74; + literals["baseTX"] = 108; + literals["secondary"] = 132; + literals["interface"] = 92; + literals["rip"] = 121; + literals["protocol-object"] = 47; + literals["icmp6"] = 38; + literals["standard"] = 66; + literals["network"] = 29; + literals["service"] = 35; + literals["access"] = 128; + literals["vlan"] = 110; + literals["bnc"] = 105; + literals["multicast"] = 119; + literals["any"] = 93; + literals["full"] = 106; + literals["dhcp"] = 125; + literals["redirect"] = 77; + literals["speed"] = 111; + literals["deny"] = 65; + literals["neq"] = 89; + literals["esp"] = 16; + literals["address"] = 124; + literals["network-object"] = 45; + literals["shutdown"] = 123; + literals["delay"] = 115; + literals["auto"] = 104; + literals["echo-reply"] = 70; + literals["certificate"] = 55; + literals["router-advertisement"] = 78; + literals["udp"] = 40; + literals["fragments"] = 98; + literals["eq"] = 86; + literals["destination"] = 42; + literals["setroute"] = 133; + literals["duplex"] = 112; + literals["echo"] = 69; + literals["baseT"] = 107; literals["ip"] = 6; - literals["eigrp"] = 14; - literals["log-input"] = 73; - literals["switchport"] = 105; - literals["description"] = 30; - literals["extended"] = 62; - literals["igmp"] = 17; - literals["access-group"] = 108; - literals["ddns"] = 91; - literals["Version"] = 57; - literals["log"] = 72; - literals["forward"] = 92; - literals["ASA"] = 56; - literals["lt"] = 68; - literals["ipv6"] = 95; - literals["port-object"] = 51; - literals["time-range"] = 77; - literals["standby"] = 104; - literals["icmp"] = 35; - literals["tcp"] = 38; + literals["eigrp"] = 15; + literals["log-input"] = 95; + literals["switchport"] = 127; + literals["timestamp-request"] = 83; + literals["description"] = 31; + literals["extended"] = 63; + literals["igmp"] = 18; + literals["access-group"] = 130; + literals["ddns"] = 113; + literals["Version"] = 58; + literals["log"] = 94; + literals["forward"] = 114; + literals["ASA"] = 57; + literals["lt"] = 88; + literals["ipv6"] = 117; + literals["port-object"] = 52; + literals["unreachable"] = 85; + literals["time-range"] = 99; + literals["standby"] = 126; + literals["icmp"] = 36; + literals["tcp"] = 39; + literals["traceroute"] = 84; } ANTLR_USE_NAMESPACE(antlr)RefToken PIXCfgLexer::nextToken() @@ -453,11 +475,11 @@ void PIXCfgLexer::mLINE_COMMENT(bool _createToken) { } } else { - goto _loop222; + goto _loop240; } } - _loop222:; + _loop240:; } // ( ... )* mNEWLINE(false); if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { @@ -489,9 +511,9 @@ void PIXCfgLexer::mNEWLINE(bool _createToken) { } if ( inputState->guessing==0 ) { -#line 1746 "pix.g" +#line 1915 "pix.g" newline(); -#line 495 "PIXCfgLexer.cpp" +#line 517 "PIXCfgLexer.cpp" } if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { _token = makeToken(_ttype); @@ -515,11 +537,11 @@ void PIXCfgLexer::mCOLON_COMMENT(bool _createToken) { } } else { - goto _loop226; + goto _loop244; } } - _loop226:; + _loop244:; } // ( ... )* mNEWLINE(false); if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { @@ -613,9 +635,9 @@ void PIXCfgLexer::mWhitespace(bool _createToken) { } } if ( inputState->guessing==0 ) { -#line 1741 "pix.g" +#line 1910 "pix.g" _ttype = ANTLR_USE_NAMESPACE(antlr)Token::SKIP; -#line 619 "PIXCfgLexer.cpp" +#line 641 "PIXCfgLexer.cpp" } if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { _token = makeToken(_ttype); @@ -737,10 +759,10 @@ void PIXCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; { - bool synPredMatched287 = false; + bool synPredMatched305 = false; if (((LA(1) == 0x6f /* 'o' */ ) && (LA(2) == 0x62 /* 'b' */ ) && (LA(3) == 0x6a /* 'j' */ ))) { - int _m287 = mark(); - synPredMatched287 = true; + int _m305 = mark(); + synPredMatched305 = true; inputState->guessing++; try { { @@ -749,12 +771,12 @@ void PIXCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { - synPredMatched287 = false; + synPredMatched305 = false; } - rewind(_m287); + rewind(_m305); inputState->guessing--; } - if ( synPredMatched287 ) { + if ( synPredMatched305 ) { { match("object"); { @@ -764,17 +786,17 @@ void PIXCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { match("oup"); } if ( inputState->guessing==0 ) { -#line 1798 "pix.g" +#line 1967 "pix.g" _ttype = OBJECT_GROUP; -#line 770 "PIXCfgLexer.cpp" +#line 792 "PIXCfgLexer.cpp" } } else { match(""); if ( inputState->guessing==0 ) { -#line 1800 "pix.g" +#line 1969 "pix.g" _ttype = OBJECT; -#line 778 "PIXCfgLexer.cpp" +#line 800 "PIXCfgLexer.cpp" } } @@ -782,15 +804,15 @@ void PIXCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { } } else { - bool synPredMatched277 = false; + bool synPredMatched295 = false; if (((_tokenSet_2.member(LA(1))) && (_tokenSet_3.member(LA(2))) && (true))) { - int _m277 = mark(); - synPredMatched277 = true; + int _m295 = mark(); + synPredMatched295 = true; inputState->guessing++; try { { { // ( ... )+ - int _cnt276=0; + int _cnt294=0; for (;;) { switch ( LA(1)) { case 0x61 /* 'a' */ : @@ -819,27 +841,27 @@ void PIXCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { } default: { - if ( _cnt276>=1 ) { goto _loop276; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt294>=1 ) { goto _loop294; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } } - _cnt276++; + _cnt294++; } - _loop276:; + _loop294:; } // ( ... )+ mCOLON(false); } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { - synPredMatched277 = false; + synPredMatched295 = false; } - rewind(_m277); + rewind(_m295); inputState->guessing--; } - if ( synPredMatched277 ) { + if ( synPredMatched295 ) { { { { // ( ... )+ - int _cnt281=0; + int _cnt299=0; for (;;) { switch ( LA(1)) { case 0x61 /* 'a' */ : @@ -868,15 +890,15 @@ void PIXCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { } default: { - if ( _cnt281>=1 ) { goto _loop281; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt299>=1 ) { goto _loop299; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } } - _cnt281++; + _cnt299++; } - _loop281:; + _loop299:; } // ( ... )+ { // ( ... )+ - int _cnt285=0; + int _cnt303=0; for (;;) { if ((LA(1) == 0x3a /* ':' */ )) { mCOLON(false); @@ -909,34 +931,34 @@ void PIXCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { } default: { - goto _loop284; + goto _loop302; } } } - _loop284:; + _loop302:; } // ( ... )* } else { - if ( _cnt285>=1 ) { goto _loop285; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt303>=1 ) { goto _loop303; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt285++; + _cnt303++; } - _loop285:; + _loop303:; } // ( ... )+ } if ( inputState->guessing==0 ) { -#line 1791 "pix.g" +#line 1960 "pix.g" _ttype = IPV6; -#line 932 "PIXCfgLexer.cpp" +#line 954 "PIXCfgLexer.cpp" } } } else { - bool synPredMatched242 = false; + bool synPredMatched260 = false; if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (true) && (true))) { - int _m242 = mark(); - synPredMatched242 = true; + int _m260 = mark(); + synPredMatched260 = true; inputState->guessing++; try { { @@ -944,242 +966,242 @@ void PIXCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { - synPredMatched242 = false; + synPredMatched260 = false; } - rewind(_m242); + rewind(_m260); inputState->guessing--; } - if ( synPredMatched242 ) { + if ( synPredMatched260 ) { { - bool synPredMatched251 = false; + bool synPredMatched269 = false; if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (_tokenSet_4.member(LA(2))) && (_tokenSet_4.member(LA(3))))) { - int _m251 = mark(); - synPredMatched251 = true; + int _m269 = mark(); + synPredMatched269 = true; inputState->guessing++; try { { { // ( ... )+ - int _cnt246=0; + int _cnt264=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt246>=1 ) { goto _loop246; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt264>=1 ) { goto _loop264; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt246++; + _cnt264++; } - _loop246:; + _loop264:; } // ( ... )+ mDOT(false); { // ( ... )+ - int _cnt248=0; + int _cnt266=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt248>=1 ) { goto _loop248; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt266>=1 ) { goto _loop266; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt248++; + _cnt266++; } - _loop248:; + _loop266:; } // ( ... )+ mDOT(false); { // ( ... )+ - int _cnt250=0; + int _cnt268=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt250>=1 ) { goto _loop250; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt268>=1 ) { goto _loop268; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt250++; + _cnt268++; } - _loop250:; + _loop268:; } // ( ... )+ } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { - synPredMatched251 = false; + synPredMatched269 = false; } - rewind(_m251); + rewind(_m269); inputState->guessing--; } - if ( synPredMatched251 ) { + if ( synPredMatched269 ) { { { // ( ... )+ - int _cnt254=0; + int _cnt272=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt254>=1 ) { goto _loop254; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt272>=1 ) { goto _loop272; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt254++; + _cnt272++; } - _loop254:; + _loop272:; } // ( ... )+ mDOT(false); { // ( ... )+ - int _cnt256=0; + int _cnt274=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt256>=1 ) { goto _loop256; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt274>=1 ) { goto _loop274; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt256++; + _cnt274++; } - _loop256:; + _loop274:; } // ( ... )+ mDOT(false); { // ( ... )+ - int _cnt258=0; + int _cnt276=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt258>=1 ) { goto _loop258; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt276>=1 ) { goto _loop276; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt258++; + _cnt276++; } - _loop258:; + _loop276:; } // ( ... )+ mDOT(false); { // ( ... )+ - int _cnt260=0; + int _cnt278=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt260>=1 ) { goto _loop260; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt278>=1 ) { goto _loop278; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt260++; + _cnt278++; } - _loop260:; + _loop278:; } // ( ... )+ } if ( inputState->guessing==0 ) { -#line 1779 "pix.g" +#line 1948 "pix.g" _ttype = IPV4; -#line 1079 "PIXCfgLexer.cpp" +#line 1101 "PIXCfgLexer.cpp" } } else { - bool synPredMatched266 = false; + bool synPredMatched284 = false; if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (_tokenSet_4.member(LA(2))) && (_tokenSet_4.member(LA(3))))) { - int _m266 = mark(); - synPredMatched266 = true; + int _m284 = mark(); + synPredMatched284 = true; inputState->guessing++; try { { { // ( ... )+ - int _cnt263=0; + int _cnt281=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt263>=1 ) { goto _loop263; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt281>=1 ) { goto _loop281; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt263++; + _cnt281++; } - _loop263:; + _loop281:; } // ( ... )+ mDOT(false); { // ( ... )+ - int _cnt265=0; + int _cnt283=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt265>=1 ) { goto _loop265; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt283>=1 ) { goto _loop283; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt265++; + _cnt283++; } - _loop265:; + _loop283:; } // ( ... )+ } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { - synPredMatched266 = false; + synPredMatched284 = false; } - rewind(_m266); + rewind(_m284); inputState->guessing--; } - if ( synPredMatched266 ) { + if ( synPredMatched284 ) { { { // ( ... )+ - int _cnt269=0; + int _cnt287=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt269>=1 ) { goto _loop269; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt287>=1 ) { goto _loop287; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt269++; + _cnt287++; } - _loop269:; + _loop287:; } // ( ... )+ mDOT(false); { // ( ... )+ - int _cnt271=0; + int _cnt289=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt271>=1 ) { goto _loop271; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt289>=1 ) { goto _loop289; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt271++; + _cnt289++; } - _loop271:; + _loop289:; } // ( ... )+ } if ( inputState->guessing==0 ) { -#line 1782 "pix.g" +#line 1951 "pix.g" _ttype = NUMBER; -#line 1162 "PIXCfgLexer.cpp" +#line 1184 "PIXCfgLexer.cpp" } } else if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (true) && (true)) { { // ( ... )+ - int _cnt273=0; + int _cnt291=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt273>=1 ) { goto _loop273; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt291>=1 ) { goto _loop291; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt273++; + _cnt291++; } - _loop273:; + _loop291:; } // ( ... )+ if ( inputState->guessing==0 ) { -#line 1784 "pix.g" +#line 1953 "pix.g" _ttype = INT_CONST; -#line 1183 "PIXCfgLexer.cpp" +#line 1205 "PIXCfgLexer.cpp" } } else { @@ -1415,16 +1437,16 @@ void PIXCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { } default: { - goto _loop293; + goto _loop311; } } } - _loop293:; + _loop311:; } // ( ... )* if ( inputState->guessing==0 ) { -#line 1807 "pix.g" +#line 1976 "pix.g" _ttype = WORD; -#line 1428 "PIXCfgLexer.cpp" +#line 1450 "PIXCfgLexer.cpp" } } else { @@ -1466,11 +1488,11 @@ void PIXCfgLexer::mSTRING(bool _createToken) { matchNot('\"' /* charlit */ ); } else { - goto _loop296; + goto _loop314; } } - _loop296:; + _loop314:; } // ( ... )* match('\"' /* charlit */ ); if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { @@ -1850,7 +1872,8 @@ const unsigned long PIXCfgLexer::_tokenSet_0_data_[] = { 4294958072UL, 1UL, 0UL, // 0x3 0x4 0x5 0x6 0x7 0x8 0x9 0xb 0xc 0xe 0xf 0x10 0x11 0x12 0x13 0x14 // 0x15 0x16 0x17 0x18 0x19 0x1a 0x1b 0x1c 0x1d 0x1e 0x1f 0x7f 0x80 0x81 // 0x82 0x83 0x84 0x85 0x86 0x87 0x88 0x89 0x8a 0x8b 0x8c 0x8d 0x8e 0x8f -// 0x90 0x91 +// 0x90 0x91 0x92 0x93 0x94 0x95 0x96 0x97 0x98 0x99 0x9a 0x9b 0x9c 0x9d +// 0x9e 0x9f 0xa0 0xa1 0xa2 0xa3 0xa4 0xa5 0xa6 0xa7 const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgLexer::_tokenSet_0(_tokenSet_0_data_,16); const unsigned long PIXCfgLexer::_tokenSet_1_data_[] = { 4294958072UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // 0x3 0x4 0x5 0x6 0x7 0x8 0x9 0xb 0xc 0xe 0xf 0x10 0x11 0x12 0x13 0x14 @@ -1859,6 +1882,8 @@ const unsigned long PIXCfgLexer::_tokenSet_1_data_[] = { 4294958072UL, 429496729 // H I J K L M N O P Q R S T U V W X Y Z [ 0x5c ] ^ _ ` a b c d e f g h // i j k l m n o p q r s t u v w x y z { | } ~ 0x7f 0x80 0x81 0x82 0x83 // 0x84 0x85 0x86 0x87 0x88 0x89 0x8a 0x8b 0x8c 0x8d 0x8e 0x8f 0x90 0x91 +// 0x92 0x93 0x94 0x95 0x96 0x97 0x98 0x99 0x9a 0x9b 0x9c 0x9d 0x9e 0x9f +// 0xa0 0xa1 0xa2 0xa3 0xa4 0xa5 0xa6 0xa7 const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgLexer::_tokenSet_1(_tokenSet_1_data_,16); const unsigned long PIXCfgLexer::_tokenSet_2_data_[] = { 0UL, 67043328UL, 0UL, 126UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // 0 1 2 3 4 5 6 7 8 9 a b c d e f @@ -1880,5 +1905,7 @@ const unsigned long PIXCfgLexer::_tokenSet_6_data_[] = { 4294967288UL, 429496729 // G H I J K L M N O P Q R S T U V W X Y Z [ 0x5c ] ^ _ ` a b c d e f g // h i j k l m n o p q r s t u v w x y z { | } ~ 0x7f 0x80 0x81 0x82 0x83 // 0x84 0x85 0x86 0x87 0x88 0x89 0x8a 0x8b 0x8c 0x8d 0x8e 0x8f 0x90 0x91 +// 0x92 0x93 0x94 0x95 0x96 0x97 0x98 0x99 0x9a 0x9b 0x9c 0x9d 0x9e 0x9f +// 0xa0 0xa1 0xa2 0xa3 0xa4 0xa5 0xa6 0xa7 const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgLexer::_tokenSet_6(_tokenSet_6_data_,16); diff --git a/src/parsers/PIXCfgParser.cpp b/src/parsers/PIXCfgParser.cpp index bac2798cd..2edb6236f 100644 --- a/src/parsers/PIXCfgParser.cpp +++ b/src/parsers/PIXCfgParser.cpp @@ -45,6 +45,7 @@ PIXCfgParser::PIXCfgParser(const ANTLR_USE_NAMESPACE(antlr)ParserSharedInputStat } void PIXCfgParser::cfgfile() { + Tracer traceInOut(this, "cfgfile"); try { // for error handling { // ( ... )+ @@ -88,6 +89,21 @@ void PIXCfgParser::cfgfile() { access_list_commands(); break; } + case SSH: + { + ssh_command(); + break; + } + case TELNET: + { + telnet_command(); + break; + } + case ICMP: + { + icmp_top_level_command(); + break; + } case ACCESS_GROUP: { access_group(); @@ -128,6 +144,11 @@ void PIXCfgParser::cfgfile() { no_commands(); break; } + case TIMEOUT: + { + timeout_command(); + break; + } case WORD: { unknown_command(); @@ -186,6 +207,7 @@ void PIXCfgParser::cfgfile() { } void PIXCfgParser::comment() { + Tracer traceInOut(this, "comment"); try { // for error handling { @@ -218,6 +240,7 @@ void PIXCfgParser::comment() { } void PIXCfgParser::version() { + Tracer traceInOut(this, "version"); try { // for error handling { @@ -241,14 +264,14 @@ void PIXCfgParser::version() { match(VERSION_WORD); match(NUMBER); if ( inputState->guessing==0 ) { -#line 799 "pix.g" +#line 817 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); importer->setDiscoveredVersion(LT(0)->getText()); *dbg << "VERSION " << LT(0)->getText() << std::endl; consumeUntil(NEWLINE); -#line 252 "PIXCfgParser.cpp" +#line 275 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -262,6 +285,7 @@ void PIXCfgParser::version() { } void PIXCfgParser::hostname() { + Tracer traceInOut(this, "hostname"); try { // for error handling match(HOSTNAME); @@ -284,7 +308,7 @@ void PIXCfgParser::hostname() { } } if ( inputState->guessing==0 ) { -#line 809 "pix.g" +#line 827 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); importer->setHostName( LT(0)->getText() ); @@ -292,7 +316,7 @@ void PIXCfgParser::hostname() { << "LT0=" << LT(0)->getText() << std::endl; -#line 296 "PIXCfgParser.cpp" +#line 320 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -306,16 +330,17 @@ void PIXCfgParser::hostname() { } void PIXCfgParser::community_list_command() { + Tracer traceInOut(this, "community_list_command"); try { // for error handling match(IP); match(COMMUNITY_LIST); if ( inputState->guessing==0 ) { -#line 177 "pix.g" +#line 185 "pix.g" consumeUntil(NEWLINE); -#line 319 "PIXCfgParser.cpp" +#line 344 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -329,16 +354,17 @@ void PIXCfgParser::community_list_command() { } void PIXCfgParser::unknown_ip_command() { + Tracer traceInOut(this, "unknown_ip_command"); try { // for error handling match(IP); match(WORD); if ( inputState->guessing==0 ) { -#line 768 "pix.g" +#line 786 "pix.g" consumeUntil(NEWLINE); -#line 342 "PIXCfgParser.cpp" +#line 368 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -352,6 +378,7 @@ void PIXCfgParser::unknown_ip_command() { } void PIXCfgParser::intrface() { + Tracer traceInOut(this, "intrface"); try { // for error handling match(INTRFACE); @@ -379,6 +406,7 @@ void PIXCfgParser::intrface() { } void PIXCfgParser::nameif_top_level() { + Tracer traceInOut(this, "nameif_top_level"); ANTLR_USE_NAMESPACE(antlr)RefToken p_intf = ANTLR_USE_NAMESPACE(antlr)nullToken; ANTLR_USE_NAMESPACE(antlr)RefToken intf_label = ANTLR_USE_NAMESPACE(antlr)nullToken; ANTLR_USE_NAMESPACE(antlr)RefToken sec_level = ANTLR_USE_NAMESPACE(antlr)nullToken; @@ -392,7 +420,7 @@ void PIXCfgParser::nameif_top_level() { sec_level = LT(1); match(WORD); if ( inputState->guessing==0 ) { -#line 1287 "pix.g" +#line 1327 "pix.g" std::string label = (intf_label) ? intf_label->getText() : ""; std::string seclevel = (sec_level) ? sec_level->getText() : ""; @@ -400,7 +428,7 @@ void PIXCfgParser::nameif_top_level() { *dbg << " NAMEIF: " << p_intf->getText() << label << seclevel << std::endl; -#line 404 "PIXCfgParser.cpp" +#line 432 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -414,16 +442,17 @@ void PIXCfgParser::nameif_top_level() { } void PIXCfgParser::controller() { + Tracer traceInOut(this, "controller"); try { // for error handling match(CONTROLLER); if ( inputState->guessing==0 ) { -#line 1203 "pix.g" +#line 1243 "pix.g" importer->clearCurrentInterface(); consumeUntil(NEWLINE); -#line 427 "PIXCfgParser.cpp" +#line 456 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -437,6 +466,7 @@ void PIXCfgParser::controller() { } void PIXCfgParser::access_list_commands() { + Tracer traceInOut(this, "access_list_commands"); ANTLR_USE_NAMESPACE(antlr)RefToken name = ANTLR_USE_NAMESPACE(antlr)nullToken; try { // for error handling @@ -444,7 +474,7 @@ void PIXCfgParser::access_list_commands() { name = LT(1); match(WORD); if ( inputState->guessing==0 ) { -#line 821 "pix.g" +#line 839 "pix.g" importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); @@ -453,7 +483,7 @@ void PIXCfgParser::access_list_commands() { *dbg << name->getLine() << ":" << " ACL ext " << name->getText() << std::endl; -#line 457 "PIXCfgParser.cpp" +#line 487 "PIXCfgParser.cpp" } { switch ( LA(1)) { @@ -492,12 +522,269 @@ void PIXCfgParser::access_list_commands() { } } if ( inputState->guessing==0 ) { -#line 844 "pix.g" +#line 862 "pix.g" *dbg << LT(0)->getLine() << ":" << " ACL line end" << std::endl << std::endl; -#line 501 "PIXCfgParser.cpp" +#line 531 "PIXCfgParser.cpp" + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + if( inputState->guessing == 0 ) { + reportError(ex); + recover(ex,_tokenSet_1); + } else { + throw; + } + } +} + +void PIXCfgParser::ssh_command() { + Tracer traceInOut(this, "ssh_command"); + ANTLR_USE_NAMESPACE(antlr)RefToken intf_label = ANTLR_USE_NAMESPACE(antlr)nullToken; + + try { // for error handling + match(SSH); + { + switch ( LA(1)) { + case TIMEOUT: + { + { + match(TIMEOUT); + match(INT_CONST); + } + break; + } + case IPV4: + case OBJECT: + case HOST: + case OBJECT_GROUP: + case INTRFACE: + case ANY: + { + { + hostaddr_expr(); + intf_label = LT(1); + match(WORD); + } + if ( inputState->guessing==0 ) { +#line 1574 "pix.g" + + importer->clear(); + std::string acl_name = "ssh_commands_" + intf_label->getText(); + importer->setCurrentLineNumber(LT(0)->getLine()); + importer->newUnidirRuleSet(acl_name, libfwbuilder::Policy::TYPENAME ); + importer->newPolicyRule(); + importer->action = "permit"; + importer->SaveTmpAddrToDst(); + importer->setDstSelf(); + importer->protocol = "tcp"; + importer->dst_port_op = "eq"; + importer->dst_port_spec = "ssh"; + importer->setInterfaceAndDirectionForRuleSet( + acl_name, intf_label->getText(), "in" ); + importer->pushRule(); + +#line 590 "PIXCfgParser.cpp" + } + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + if( inputState->guessing == 0 ) { + reportError(ex); + recover(ex,_tokenSet_1); + } else { + throw; + } + } +} + +void PIXCfgParser::telnet_command() { + Tracer traceInOut(this, "telnet_command"); + ANTLR_USE_NAMESPACE(antlr)RefToken intf_label = ANTLR_USE_NAMESPACE(antlr)nullToken; + + try { // for error handling + match(TELNET); + { + switch ( LA(1)) { + case TIMEOUT: + { + { + match(TIMEOUT); + match(INT_CONST); + } + break; + } + case IPV4: + case OBJECT: + case HOST: + case OBJECT_GROUP: + case INTRFACE: + case ANY: + { + { + hostaddr_expr(); + intf_label = LT(1); + match(WORD); + } + if ( inputState->guessing==0 ) { +#line 1595 "pix.g" + + importer->clear(); + std::string acl_name = "telnet_commands_" + intf_label->getText(); + importer->setCurrentLineNumber(LT(0)->getLine()); + importer->newUnidirRuleSet(acl_name, libfwbuilder::Policy::TYPENAME ); + importer->newPolicyRule(); + importer->action = "permit"; + importer->SaveTmpAddrToDst(); + importer->setDstSelf(); + importer->protocol = "tcp"; + importer->dst_port_op = "eq"; + importer->dst_port_spec = "telnet"; + importer->setInterfaceAndDirectionForRuleSet( + acl_name, intf_label->getText(), "in" ); + importer->pushRule(); + +#line 657 "PIXCfgParser.cpp" + } + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + if( inputState->guessing == 0 ) { + reportError(ex); + recover(ex,_tokenSet_1); + } else { + throw; + } + } +} + +void PIXCfgParser::icmp_top_level_command() { + Tracer traceInOut(this, "icmp_top_level_command"); + ANTLR_USE_NAMESPACE(antlr)RefToken permit = ANTLR_USE_NAMESPACE(antlr)nullToken; + ANTLR_USE_NAMESPACE(antlr)RefToken deny = ANTLR_USE_NAMESPACE(antlr)nullToken; + ANTLR_USE_NAMESPACE(antlr)RefToken intf_label = ANTLR_USE_NAMESPACE(antlr)nullToken; + + try { // for error handling + match(ICMP); + { + switch ( LA(1)) { + case UNREACHABLE: + { + { + match(UNREACHABLE); + if ( inputState->guessing==0 ) { +#line 1624 "pix.g" + + consumeUntil(NEWLINE); + +#line 697 "PIXCfgParser.cpp" + } + } + break; + } + case PERMIT: + case DENY: + { + { + { + switch ( LA(1)) { + case PERMIT: + { + permit = LT(1); + match(PERMIT); + break; + } + case DENY: + { + deny = LT(1); + match(DENY); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + if ( inputState->guessing==0 ) { +#line 1631 "pix.g" + + importer->clear(); + +#line 731 "PIXCfgParser.cpp" + } + hostaddr_expr(); + if ( inputState->guessing==0 ) { +#line 1635 "pix.g" + + importer->SaveTmpAddrToSrc(); + +#line 739 "PIXCfgParser.cpp" + } + { + switch ( LA(1)) { + case INT_CONST: + case ECHO: + case ECHO_REPLY: + case TIME_EXCEEDED: + case UNREACHABLE: + { + icmp_types_for_icmp_command(); + break; + } + case WORD: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + intf_label = LT(1); + match(WORD); + if ( inputState->guessing==0 ) { +#line 1640 "pix.g" + + std::string acl_name = "icmp_commands_" + intf_label->getText(); + importer->setCurrentLineNumber(LT(0)->getLine()); + importer->newUnidirRuleSet(acl_name, libfwbuilder::Policy::TYPENAME ); + importer->newPolicyRule(); + if (permit) importer->action = "permit"; + if (deny) importer->action = "deny"; + importer->setDstSelf(); + importer->protocol = "icmp"; + importer->setInterfaceAndDirectionForRuleSet( + acl_name, intf_label->getText(), "in" ); + importer->pushRule(); + +#line 779 "PIXCfgParser.cpp" + } + } + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -511,6 +798,7 @@ void PIXCfgParser::access_list_commands() { } void PIXCfgParser::access_group() { + Tracer traceInOut(this, "access_group"); ANTLR_USE_NAMESPACE(antlr)RefToken aclname = ANTLR_USE_NAMESPACE(antlr)nullToken; ANTLR_USE_NAMESPACE(antlr)RefToken dir = ANTLR_USE_NAMESPACE(antlr)nullToken; ANTLR_USE_NAMESPACE(antlr)RefToken intf_label = ANTLR_USE_NAMESPACE(antlr)nullToken; @@ -525,7 +813,7 @@ void PIXCfgParser::access_group() { intf_label = LT(1); match(WORD); if ( inputState->guessing==0 ) { -#line 1553 "pix.g" +#line 1698 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); importer->setInterfaceAndDirectionForRuleSet( @@ -537,7 +825,7 @@ void PIXCfgParser::access_group() { << " " << intf_label->getText() << " " << dir->getText() << std::endl; -#line 541 "PIXCfgParser.cpp" +#line 829 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -551,6 +839,7 @@ void PIXCfgParser::access_group() { } void PIXCfgParser::exit() { + Tracer traceInOut(this, "exit"); try { // for error handling match(EXIT); @@ -566,17 +855,18 @@ void PIXCfgParser::exit() { } void PIXCfgParser::certificate() { + Tracer traceInOut(this, "certificate"); try { // for error handling match(CERTIFICATE); match(WORD); if ( inputState->guessing==0 ) { -#line 791 "pix.g" +#line 809 "pix.g" consumeUntil(NEWLINE); consumeUntil(QUIT); -#line 580 "PIXCfgParser.cpp" +#line 870 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -590,15 +880,16 @@ void PIXCfgParser::certificate() { } void PIXCfgParser::quit() { + Tracer traceInOut(this, "quit"); try { // for error handling match(QUIT); if ( inputState->guessing==0 ) { -#line 170 "pix.g" +#line 178 "pix.g" consumeUntil(NEWLINE); -#line 602 "PIXCfgParser.cpp" +#line 893 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -612,11 +903,12 @@ void PIXCfgParser::quit() { } void PIXCfgParser::names_section() { + Tracer traceInOut(this, "names_section"); try { // for error handling match(NAMES); if ( inputState->guessing==0 ) { -#line 184 "pix.g" +#line 199 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); importer->addMessageToLog( @@ -624,7 +916,7 @@ void PIXCfgParser::names_section() { "Import of configuration that uses \"names\" " "is not supported at this time"); -#line 628 "PIXCfgParser.cpp" +#line 920 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -638,6 +930,7 @@ void PIXCfgParser::names_section() { } void PIXCfgParser::name_entry() { + Tracer traceInOut(this, "name_entry"); ANTLR_USE_NAMESPACE(antlr)RefToken a = ANTLR_USE_NAMESPACE(antlr)nullToken; ANTLR_USE_NAMESPACE(antlr)RefToken v6 = ANTLR_USE_NAMESPACE(antlr)nullToken; ANTLR_USE_NAMESPACE(antlr)RefToken n = ANTLR_USE_NAMESPACE(antlr)nullToken; @@ -667,7 +960,7 @@ void PIXCfgParser::name_entry() { n = LT(1); match(WORD); if ( inputState->guessing==0 ) { -#line 194 "pix.g" +#line 209 "pix.g" if (a) { @@ -683,7 +976,7 @@ void PIXCfgParser::name_entry() { consumeUntil(NEWLINE); } -#line 687 "PIXCfgParser.cpp" +#line 980 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -697,6 +990,7 @@ void PIXCfgParser::name_entry() { } void PIXCfgParser::named_object_network() { + Tracer traceInOut(this, "named_object_network"); ANTLR_USE_NAMESPACE(antlr)RefToken name = ANTLR_USE_NAMESPACE(antlr)nullToken; try { // for error handling @@ -705,7 +999,7 @@ void PIXCfgParser::named_object_network() { name = LT(1); match(WORD); if ( inputState->guessing==0 ) { -#line 227 "pix.g" +#line 242 "pix.g" importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); @@ -713,7 +1007,7 @@ void PIXCfgParser::named_object_network() { *dbg << name->getLine() << ":" << " Named Object " << name->getText() << std::endl; -#line 717 "PIXCfgParser.cpp" +#line 1011 "PIXCfgParser.cpp" } { // ( ... )* for (;;) { @@ -722,11 +1016,11 @@ void PIXCfgParser::named_object_network() { named_object_network_parameters(); } else { - goto _loop13; + goto _loop14; } } - _loop13:; + _loop14:; } // ( ... )* } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -740,6 +1034,7 @@ void PIXCfgParser::named_object_network() { } void PIXCfgParser::named_object_service() { + Tracer traceInOut(this, "named_object_service"); ANTLR_USE_NAMESPACE(antlr)RefToken name = ANTLR_USE_NAMESPACE(antlr)nullToken; try { // for error handling @@ -748,7 +1043,7 @@ void PIXCfgParser::named_object_service() { name = LT(1); match(WORD); if ( inputState->guessing==0 ) { -#line 337 "pix.g" +#line 352 "pix.g" importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); @@ -756,7 +1051,7 @@ void PIXCfgParser::named_object_service() { *dbg << name->getLine() << ":" << " Named Object " << name->getText() << std::endl; -#line 760 "PIXCfgParser.cpp" +#line 1055 "PIXCfgParser.cpp" } { // ( ... )* for (;;) { @@ -765,11 +1060,11 @@ void PIXCfgParser::named_object_service() { named_object_service_parameters(); } else { - goto _loop29; + goto _loop30; } } - _loop29:; + _loop30:; } // ( ... )* } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -783,6 +1078,7 @@ void PIXCfgParser::named_object_service() { } void PIXCfgParser::object_group_network() { + Tracer traceInOut(this, "object_group_network"); ANTLR_USE_NAMESPACE(antlr)RefToken name = ANTLR_USE_NAMESPACE(antlr)nullToken; try { // for error handling @@ -791,7 +1087,7 @@ void PIXCfgParser::object_group_network() { name = LT(1); match(WORD); if ( inputState->guessing==0 ) { -#line 452 "pix.g" +#line 468 "pix.g" importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); @@ -799,21 +1095,21 @@ void PIXCfgParser::object_group_network() { *dbg << name->getLine() << ":" << " Object Group " << name->getText() << std::endl; -#line 803 "PIXCfgParser.cpp" +#line 1099 "PIXCfgParser.cpp" } { // ( ... )+ - int _cnt48=0; + int _cnt49=0; for (;;) { if ((LA(1) == NEWLINE) && (LA(2) == DESCRIPTION || LA(2) == GROUP_OBJECT || LA(2) == NETWORK_OBJECT)) { object_group_network_parameters(); } else { - if ( _cnt48>=1 ) { goto _loop48; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());} + if ( _cnt49>=1 ) { goto _loop49; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());} } - _cnt48++; + _cnt49++; } - _loop48:; + _loop49:; } // ( ... )+ } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -827,6 +1123,7 @@ void PIXCfgParser::object_group_network() { } void PIXCfgParser::object_group_service() { + Tracer traceInOut(this, "object_group_service"); ANTLR_USE_NAMESPACE(antlr)RefToken name = ANTLR_USE_NAMESPACE(antlr)nullToken; ANTLR_USE_NAMESPACE(antlr)RefToken tcp = ANTLR_USE_NAMESPACE(antlr)nullToken; ANTLR_USE_NAMESPACE(antlr)RefToken udp = ANTLR_USE_NAMESPACE(antlr)nullToken; @@ -868,7 +1165,7 @@ void PIXCfgParser::object_group_service() { } } if ( inputState->guessing==0 ) { -#line 673 "pix.g" +#line 690 "pix.g" importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); @@ -879,21 +1176,21 @@ void PIXCfgParser::object_group_service() { *dbg << name->getLine() << ":" << " Object Group " << name->getText() << std::endl; -#line 883 "PIXCfgParser.cpp" +#line 1180 "PIXCfgParser.cpp" } { // ( ... )+ - int _cnt80=0; + int _cnt81=0; for (;;) { if ((LA(1) == NEWLINE) && (_tokenSet_5.member(LA(2)))) { object_group_service_parameters(); } else { - if ( _cnt80>=1 ) { goto _loop80; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());} + if ( _cnt81>=1 ) { goto _loop81; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());} } - _cnt80++; + _cnt81++; } - _loop80:; + _loop81:; } // ( ... )+ } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -907,6 +1204,7 @@ void PIXCfgParser::object_group_service() { } void PIXCfgParser::object_group_protocol() { + Tracer traceInOut(this, "object_group_protocol"); ANTLR_USE_NAMESPACE(antlr)RefToken name = ANTLR_USE_NAMESPACE(antlr)nullToken; try { // for error handling @@ -915,7 +1213,7 @@ void PIXCfgParser::object_group_protocol() { name = LT(1); match(WORD); if ( inputState->guessing==0 ) { -#line 550 "pix.g" +#line 566 "pix.g" importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); @@ -923,21 +1221,21 @@ void PIXCfgParser::object_group_protocol() { *dbg << name->getLine() << ":" << " Object Group " << name->getText() << std::endl; -#line 927 "PIXCfgParser.cpp" +#line 1225 "PIXCfgParser.cpp" } { // ( ... )+ - int _cnt60=0; + int _cnt61=0; for (;;) { if ((LA(1) == NEWLINE) && (LA(2) == DESCRIPTION || LA(2) == GROUP_OBJECT || LA(2) == PROTOCOL_OBJECT)) { object_group_protocol_parameters(); } else { - if ( _cnt60>=1 ) { goto _loop60; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());} + if ( _cnt61>=1 ) { goto _loop61; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());} } - _cnt60++; + _cnt61++; } - _loop60:; + _loop61:; } // ( ... )+ } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -951,6 +1249,7 @@ void PIXCfgParser::object_group_protocol() { } void PIXCfgParser::object_group_icmp_8_0() { + Tracer traceInOut(this, "object_group_icmp_8_0"); ANTLR_USE_NAMESPACE(antlr)RefToken name = ANTLR_USE_NAMESPACE(antlr)nullToken; try { // for error handling @@ -959,7 +1258,7 @@ void PIXCfgParser::object_group_icmp_8_0() { name = LT(1); match(WORD); if ( inputState->guessing==0 ) { -#line 605 "pix.g" +#line 621 "pix.g" importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); @@ -967,7 +1266,7 @@ void PIXCfgParser::object_group_icmp_8_0() { *dbg << name->getLine() << ":" << " Object Group " << name->getText() << std::endl; -#line 971 "PIXCfgParser.cpp" +#line 1270 "PIXCfgParser.cpp" } { // ( ... )* for (;;) { @@ -975,11 +1274,11 @@ void PIXCfgParser::object_group_icmp_8_0() { object_group_icmp_parameters(); } else { - goto _loop68; + goto _loop69; } } - _loop68:; + _loop69:; } // ( ... )* } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -993,6 +1292,7 @@ void PIXCfgParser::object_group_icmp_8_0() { } void PIXCfgParser::object_group_icmp_8_3() { + Tracer traceInOut(this, "object_group_icmp_8_3"); ANTLR_USE_NAMESPACE(antlr)RefToken name = ANTLR_USE_NAMESPACE(antlr)nullToken; try { // for error handling @@ -1001,7 +1301,7 @@ void PIXCfgParser::object_group_icmp_8_3() { name = LT(1); match(WORD); if ( inputState->guessing==0 ) { -#line 618 "pix.g" +#line 634 "pix.g" importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); @@ -1009,7 +1309,7 @@ void PIXCfgParser::object_group_icmp_8_3() { *dbg << name->getLine() << ":" << " Object Group " << name->getText() << std::endl; -#line 1013 "PIXCfgParser.cpp" +#line 1313 "PIXCfgParser.cpp" } { // ( ... )* for (;;) { @@ -1017,11 +1317,11 @@ void PIXCfgParser::object_group_icmp_8_3() { object_group_icmp_parameters(); } else { - goto _loop71; + goto _loop72; } } - _loop71:; + _loop72:; } // ( ... )* } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1035,15 +1335,16 @@ void PIXCfgParser::object_group_icmp_8_3() { } void PIXCfgParser::crypto() { + Tracer traceInOut(this, "crypto"); try { // for error handling match(CRYPTO); if ( inputState->guessing==0 ) { -#line 761 "pix.g" +#line 779 "pix.g" consumeUntil(NEWLINE); -#line 1047 "PIXCfgParser.cpp" +#line 1348 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1057,17 +1358,41 @@ void PIXCfgParser::crypto() { } void PIXCfgParser::no_commands() { + Tracer traceInOut(this, "no_commands"); try { // for error handling match(NO); if ( inputState->guessing==0 ) { -#line 782 "pix.g" +#line 800 "pix.g" *dbg << " TOP LEVEL \"NO\" COMMAND: " << LT(0)->getText() << std::endl; consumeUntil(NEWLINE); -#line 1071 "PIXCfgParser.cpp" +#line 1373 "PIXCfgParser.cpp" + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + if( inputState->guessing == 0 ) { + reportError(ex); + recover(ex,_tokenSet_1); + } else { + throw; + } + } +} + +void PIXCfgParser::timeout_command() { + Tracer traceInOut(this, "timeout_command"); + + try { // for error handling + match(TIMEOUT); + if ( inputState->guessing==0 ) { +#line 192 "pix.g" + + consumeUntil(NEWLINE); + +#line 1396 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1081,15 +1406,16 @@ void PIXCfgParser::no_commands() { } void PIXCfgParser::unknown_command() { + Tracer traceInOut(this, "unknown_command"); try { // for error handling match(WORD); if ( inputState->guessing==0 ) { -#line 775 "pix.g" +#line 793 "pix.g" consumeUntil(NEWLINE); -#line 1093 "PIXCfgParser.cpp" +#line 1419 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1103,6 +1429,7 @@ void PIXCfgParser::unknown_command() { } void PIXCfgParser::ip_protocol_names() { + Tracer traceInOut(this, "ip_protocol_names"); try { // for error handling { @@ -1200,6 +1527,7 @@ void PIXCfgParser::ip_protocol_names() { } void PIXCfgParser::named_object_network_parameters() { + Tracer traceInOut(this, "named_object_network_parameters"); try { // for error handling { @@ -1247,11 +1575,12 @@ void PIXCfgParser::named_object_network_parameters() { } void PIXCfgParser::named_object_nat() { + Tracer traceInOut(this, "named_object_nat"); try { // for error handling match(NAT); if ( inputState->guessing==0 ) { -#line 255 "pix.g" +#line 270 "pix.g" importer->addMessageToLog( "Parser warning: " @@ -1259,7 +1588,7 @@ void PIXCfgParser::named_object_nat() { "is not supported at this time"); consumeUntil(NEWLINE); -#line 1263 "PIXCfgParser.cpp" +#line 1592 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1273,6 +1602,7 @@ void PIXCfgParser::named_object_nat() { } void PIXCfgParser::host_addr() { + Tracer traceInOut(this, "host_addr"); ANTLR_USE_NAMESPACE(antlr)RefToken h = ANTLR_USE_NAMESPACE(antlr)nullToken; ANTLR_USE_NAMESPACE(antlr)RefToken v6 = ANTLR_USE_NAMESPACE(antlr)nullToken; @@ -1301,7 +1631,7 @@ void PIXCfgParser::host_addr() { } } if ( inputState->guessing==0 ) { -#line 286 "pix.g" +#line 301 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); if (h) @@ -1318,7 +1648,7 @@ void PIXCfgParser::host_addr() { consumeUntil(NEWLINE); } -#line 1322 "PIXCfgParser.cpp" +#line 1652 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1332,6 +1662,7 @@ void PIXCfgParser::host_addr() { } void PIXCfgParser::range_addr() { + Tracer traceInOut(this, "range_addr"); ANTLR_USE_NAMESPACE(antlr)RefToken r1 = ANTLR_USE_NAMESPACE(antlr)nullToken; ANTLR_USE_NAMESPACE(antlr)RefToken r2 = ANTLR_USE_NAMESPACE(antlr)nullToken; @@ -1344,7 +1675,7 @@ void PIXCfgParser::range_addr() { match(IPV4); } if ( inputState->guessing==0 ) { -#line 305 "pix.g" +#line 320 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); importer->tmp_range_1 = r1->getText(); @@ -1352,7 +1683,7 @@ void PIXCfgParser::range_addr() { importer->commitNamedAddressRangeObject(); *dbg << r1->getText() << "/" << r2->getText(); -#line 1356 "PIXCfgParser.cpp" +#line 1687 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1366,6 +1697,7 @@ void PIXCfgParser::range_addr() { } void PIXCfgParser::subnet_addr() { + Tracer traceInOut(this, "subnet_addr"); ANTLR_USE_NAMESPACE(antlr)RefToken a = ANTLR_USE_NAMESPACE(antlr)nullToken; ANTLR_USE_NAMESPACE(antlr)RefToken nm = ANTLR_USE_NAMESPACE(antlr)nullToken; ANTLR_USE_NAMESPACE(antlr)RefToken v6 = ANTLR_USE_NAMESPACE(antlr)nullToken; @@ -1399,7 +1731,7 @@ void PIXCfgParser::subnet_addr() { } } if ( inputState->guessing==0 ) { -#line 315 "pix.g" +#line 330 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); if (a) @@ -1416,7 +1748,7 @@ void PIXCfgParser::subnet_addr() { consumeUntil(NEWLINE); } -#line 1420 "PIXCfgParser.cpp" +#line 1752 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1430,11 +1762,12 @@ void PIXCfgParser::subnet_addr() { } void PIXCfgParser::named_object_description() { + Tracer traceInOut(this, "named_object_description"); try { // for error handling match(DESCRIPTION); if ( inputState->guessing==0 ) { -#line 265 "pix.g" +#line 280 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); *dbg << LT(1)->getLine() << ":"; @@ -1447,7 +1780,7 @@ void PIXCfgParser::named_object_description() { importer->setNamedObjectDescription(descr); *dbg << " DESCRIPTION " << descr << std::endl; -#line 1451 "PIXCfgParser.cpp" +#line 1784 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1461,6 +1794,7 @@ void PIXCfgParser::named_object_description() { } void PIXCfgParser::named_object_service_parameters() { + Tracer traceInOut(this, "named_object_service_parameters"); try { // for error handling { @@ -1499,8 +1833,8 @@ void PIXCfgParser::named_object_service_parameters() { } void PIXCfgParser::service_icmp() { + Tracer traceInOut(this, "service_icmp"); ANTLR_USE_NAMESPACE(antlr)RefToken icmp_type = ANTLR_USE_NAMESPACE(antlr)nullToken; - ANTLR_USE_NAMESPACE(antlr)RefToken icmp_word = ANTLR_USE_NAMESPACE(antlr)nullToken; try { // for error handling match(SERVICE); @@ -1512,24 +1846,41 @@ void PIXCfgParser::service_icmp() { icmp_type = LT(1); match(INT_CONST); if ( inputState->guessing==0 ) { -#line 369 "pix.g" +#line 384 "pix.g" importer->icmp_type = LT(0)->getText(); -#line 1520 "PIXCfgParser.cpp" +#line 1854 "PIXCfgParser.cpp" } break; } - case WORD: + case ALTERNATE_ADDRESS: + case CONVERSION_ERROR: + case ECHO: + case ECHO_REPLY: + case INFORMATION_REPLY: + case INFORMATION_REQUEST: + case MASK_REPLY: + case MASK_REQUEST: + case MOBILE_REDIRECT: + case PARAMETER_PROBLEM: + case REDIRECT: + case ROUTER_ADVERTISEMENT: + case ROUTER_SOLICITATION: + case SOURCE_QUENCH: + case TIME_EXCEEDED: + case TIMESTAMP_REPLY: + case TIMESTAMP_REQUEST: + case TRACEROUTE: + case UNREACHABLE: { - icmp_word = LT(1); - match(WORD); + icmp_names(); if ( inputState->guessing==0 ) { -#line 373 "pix.g" +#line 389 "pix.g" - importer->icmp_spec = icmp_word->getText(); + importer->icmp_spec = LT(0)->getText(); -#line 1533 "PIXCfgParser.cpp" +#line 1884 "PIXCfgParser.cpp" } break; } @@ -1540,13 +1891,13 @@ void PIXCfgParser::service_icmp() { } } if ( inputState->guessing==0 ) { -#line 377 "pix.g" +#line 393 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); importer->commitNamedICMPServiceObject(); *dbg << "NAMED OBJECT SERVICE ICMP " << LT(0)->getText() << " "; -#line 1550 "PIXCfgParser.cpp" +#line 1901 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1560,6 +1911,7 @@ void PIXCfgParser::service_icmp() { } void PIXCfgParser::service_icmp6() { + Tracer traceInOut(this, "service_icmp6"); try { // for error handling match(SERVICE); @@ -1583,7 +1935,7 @@ void PIXCfgParser::service_icmp6() { } } if ( inputState->guessing==0 ) { -#line 385 "pix.g" +#line 401 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); importer->addMessageToLog("Parser warning: " @@ -1592,7 +1944,7 @@ void PIXCfgParser::service_icmp6() { *dbg << "NAMED OBJECT SERVICE ICMP6 " << LT(0)->getText() << " "; consumeUntil(NEWLINE); -#line 1596 "PIXCfgParser.cpp" +#line 1948 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1606,6 +1958,7 @@ void PIXCfgParser::service_icmp6() { } void PIXCfgParser::service_tcp_udp() { + Tracer traceInOut(this, "service_tcp_udp"); try { // for error handling match(SERVICE); @@ -1628,12 +1981,12 @@ void PIXCfgParser::service_tcp_udp() { } } if ( inputState->guessing==0 ) { -#line 396 "pix.g" +#line 412 "pix.g" importer->protocol = LT(0)->getText(); *dbg << "NAMED OBJECT SERVICE " << LT(0)->getText() << " "; -#line 1637 "PIXCfgParser.cpp" +#line 1990 "PIXCfgParser.cpp" } { switch ( LA(1)) { @@ -1646,11 +1999,13 @@ void PIXCfgParser::service_tcp_udp() { case NEWLINE: case QUIT: case IP: + case TIMEOUT: case NAMES: case NAME: case WORD: case OBJECT: case RANGE: + case ICMP: case DESTINATION: case OBJECT_GROUP: case CRYPTO: @@ -1664,6 +2019,8 @@ void PIXCfgParser::service_tcp_udp() { case P_GT: case P_LT: case P_NEQ: + case SSH: + case TELNET: case INTRFACE: case CONTROLLER: case LINE_COMMENT: @@ -1696,10 +2053,12 @@ void PIXCfgParser::service_tcp_udp() { case NEWLINE: case QUIT: case IP: + case TIMEOUT: case NAMES: case NAME: case WORD: case OBJECT: + case ICMP: case OBJECT_GROUP: case CRYPTO: case NO: @@ -1708,6 +2067,8 @@ void PIXCfgParser::service_tcp_udp() { case ASA_WORD: case HOSTNAME: case ACCESS_LIST: + case SSH: + case TELNET: case INTRFACE: case CONTROLLER: case LINE_COMMENT: @@ -1725,12 +2086,12 @@ void PIXCfgParser::service_tcp_udp() { } } if ( inputState->guessing==0 ) { -#line 402 "pix.g" +#line 418 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); importer->commitNamedTCPUDPServiceObject(); -#line 1734 "PIXCfgParser.cpp" +#line 2095 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1744,6 +2105,7 @@ void PIXCfgParser::service_tcp_udp() { } void PIXCfgParser::service_other() { + Tracer traceInOut(this, "service_other"); try { // for error handling match(SERVICE); @@ -1780,14 +2142,14 @@ void PIXCfgParser::service_other() { } } if ( inputState->guessing==0 ) { -#line 421 "pix.g" +#line 437 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); importer->protocol = LT(0)->getText(); importer->commitNamedIPServiceObject(); *dbg << "NAMED OBJECT SERVICE " << LT(0)->getText() << " "; -#line 1791 "PIXCfgParser.cpp" +#line 2153 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1801,12 +2163,13 @@ void PIXCfgParser::service_other() { } void PIXCfgParser::service_unknown() { + Tracer traceInOut(this, "service_unknown"); try { // for error handling match(SERVICE); match(WORD); if ( inputState->guessing==0 ) { -#line 436 "pix.g" +#line 452 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); importer->protocol = "ip"; @@ -1817,7 +2180,7 @@ void PIXCfgParser::service_unknown() { importer->addMessageToLog(err); *dbg << "UNKNOWN SERVICE " << LT(0)->getText() << " "; -#line 1821 "PIXCfgParser.cpp" +#line 2184 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1830,17 +2193,112 @@ void PIXCfgParser::service_unknown() { } } -void PIXCfgParser::src_port_spec() { +void PIXCfgParser::icmp_names() { + Tracer traceInOut(this, "icmp_names"); try { // for error handling - match(SOURCE); - xoperator(); - if ( inputState->guessing==0 ) { -#line 409 "pix.g" - - importer->SaveTmpPortToSrc(); - -#line 1844 "PIXCfgParser.cpp" + { + switch ( LA(1)) { + case ALTERNATE_ADDRESS: + { + match(ALTERNATE_ADDRESS); + break; + } + case CONVERSION_ERROR: + { + match(CONVERSION_ERROR); + break; + } + case ECHO: + { + match(ECHO); + break; + } + case ECHO_REPLY: + { + match(ECHO_REPLY); + break; + } + case INFORMATION_REPLY: + { + match(INFORMATION_REPLY); + break; + } + case INFORMATION_REQUEST: + { + match(INFORMATION_REQUEST); + break; + } + case MASK_REPLY: + { + match(MASK_REPLY); + break; + } + case MASK_REQUEST: + { + match(MASK_REQUEST); + break; + } + case MOBILE_REDIRECT: + { + match(MOBILE_REDIRECT); + break; + } + case PARAMETER_PROBLEM: + { + match(PARAMETER_PROBLEM); + break; + } + case REDIRECT: + { + match(REDIRECT); + break; + } + case ROUTER_ADVERTISEMENT: + { + match(ROUTER_ADVERTISEMENT); + break; + } + case ROUTER_SOLICITATION: + { + match(ROUTER_SOLICITATION); + break; + } + case SOURCE_QUENCH: + { + match(SOURCE_QUENCH); + break; + } + case TIME_EXCEEDED: + { + match(TIME_EXCEEDED); + break; + } + case TIMESTAMP_REPLY: + { + match(TIMESTAMP_REPLY); + break; + } + case TIMESTAMP_REQUEST: + { + match(TIMESTAMP_REQUEST); + break; + } + case TRACEROUTE: + { + match(TRACEROUTE); + break; + } + case UNREACHABLE: + { + match(UNREACHABLE); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1853,7 +2311,32 @@ void PIXCfgParser::src_port_spec() { } } +void PIXCfgParser::src_port_spec() { + Tracer traceInOut(this, "src_port_spec"); + + try { // for error handling + match(SOURCE); + xoperator(); + if ( inputState->guessing==0 ) { +#line 425 "pix.g" + + importer->SaveTmpPortToSrc(); + +#line 2326 "PIXCfgParser.cpp" + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + if( inputState->guessing == 0 ) { + reportError(ex); + recover(ex,_tokenSet_9); + } else { + throw; + } + } +} + void PIXCfgParser::dst_port_spec() { + Tracer traceInOut(this, "dst_port_spec"); try { // for error handling { @@ -1879,11 +2362,11 @@ void PIXCfgParser::dst_port_spec() { } xoperator(); if ( inputState->guessing==0 ) { -#line 415 "pix.g" +#line 431 "pix.g" importer->SaveTmpPortToDst(); -#line 1887 "PIXCfgParser.cpp" +#line 2370 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1897,6 +2380,7 @@ void PIXCfgParser::dst_port_spec() { } void PIXCfgParser::xoperator() { + Tracer traceInOut(this, "xoperator"); try { // for error handling switch ( LA(1)) { @@ -1922,7 +2406,7 @@ void PIXCfgParser::xoperator() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_9); + recover(ex,_tokenSet_10); } else { throw; } @@ -1930,6 +2414,7 @@ void PIXCfgParser::xoperator() { } void PIXCfgParser::object_group_network_parameters() { + Tracer traceInOut(this, "object_group_network_parameters"); try { // for error handling match(NEWLINE); @@ -1968,11 +2453,12 @@ void PIXCfgParser::object_group_network_parameters() { } void PIXCfgParser::object_group_description() { + Tracer traceInOut(this, "object_group_description"); try { // for error handling match(DESCRIPTION); if ( inputState->guessing==0 ) { -#line 476 "pix.g" +#line 492 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); *dbg << LT(1)->getLine() << ":"; @@ -1985,7 +2471,7 @@ void PIXCfgParser::object_group_description() { importer->setObjectGroupDescription(descr); *dbg << " DESCRIPTION " << descr << std::endl; -#line 1989 "PIXCfgParser.cpp" +#line 2475 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1999,6 +2485,7 @@ void PIXCfgParser::object_group_description() { } void PIXCfgParser::group_object() { + Tracer traceInOut(this, "group_object"); ANTLR_USE_NAMESPACE(antlr)RefToken name = ANTLR_USE_NAMESPACE(antlr)nullToken; try { // for error handling @@ -2006,14 +2493,14 @@ void PIXCfgParser::group_object() { name = LT(1); match(WORD); if ( inputState->guessing==0 ) { -#line 491 "pix.g" +#line 507 "pix.g" importer->clearTempVars(); importer->setCurrentLineNumber(LT(0)->getLine()); importer->addNamedObjectToObjectGroup(name->getText()); *dbg << " GROUP MEMBER " << name->getLine() << std::endl; -#line 2017 "PIXCfgParser.cpp" +#line 2504 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -2027,6 +2514,7 @@ void PIXCfgParser::group_object() { } void PIXCfgParser::network_object() { + Tracer traceInOut(this, "network_object"); ANTLR_USE_NAMESPACE(antlr)RefToken a = ANTLR_USE_NAMESPACE(antlr)nullToken; ANTLR_USE_NAMESPACE(antlr)RefToken nm = ANTLR_USE_NAMESPACE(antlr)nullToken; ANTLR_USE_NAMESPACE(antlr)RefToken v6 = ANTLR_USE_NAMESPACE(antlr)nullToken; @@ -2037,12 +2525,12 @@ void PIXCfgParser::network_object() { try { // for error handling match(NETWORK_OBJECT); if ( inputState->guessing==0 ) { -#line 500 "pix.g" +#line 516 "pix.g" importer->clearTempVars(); importer->setCurrentLineNumber(LT(0)->getLine()); -#line 2046 "PIXCfgParser.cpp" +#line 2534 "PIXCfgParser.cpp" } { switch ( LA(1)) { @@ -2074,7 +2562,7 @@ void PIXCfgParser::network_object() { } } if ( inputState->guessing==0 ) { -#line 506 "pix.g" +#line 522 "pix.g" if (a) { @@ -2090,7 +2578,7 @@ void PIXCfgParser::network_object() { consumeUntil(NEWLINE); } -#line 2094 "PIXCfgParser.cpp" +#line 2582 "PIXCfgParser.cpp" } break; } @@ -2118,7 +2606,7 @@ void PIXCfgParser::network_object() { } } if ( inputState->guessing==0 ) { -#line 523 "pix.g" +#line 539 "pix.g" if (h) { @@ -2134,7 +2622,7 @@ void PIXCfgParser::network_object() { consumeUntil(NEWLINE); } -#line 2138 "PIXCfgParser.cpp" +#line 2626 "PIXCfgParser.cpp" } break; } @@ -2144,12 +2632,12 @@ void PIXCfgParser::network_object() { name = LT(1); match(WORD); if ( inputState->guessing==0 ) { -#line 540 "pix.g" +#line 556 "pix.g" importer->addNamedObjectToObjectGroup(name->getText()); *dbg << " GROUP MEMBER " << name->getLine() << std::endl; -#line 2153 "PIXCfgParser.cpp" +#line 2641 "PIXCfgParser.cpp" } break; } @@ -2171,6 +2659,7 @@ void PIXCfgParser::network_object() { } void PIXCfgParser::object_group_protocol_parameters() { + Tracer traceInOut(this, "object_group_protocol_parameters"); try { // for error handling match(NEWLINE); @@ -2209,17 +2698,18 @@ void PIXCfgParser::object_group_protocol_parameters() { } void PIXCfgParser::protocol_object() { + Tracer traceInOut(this, "protocol_object"); ANTLR_USE_NAMESPACE(antlr)RefToken name = ANTLR_USE_NAMESPACE(antlr)nullToken; try { // for error handling match(PROTOCOL_OBJECT); if ( inputState->guessing==0 ) { -#line 574 "pix.g" +#line 590 "pix.g" importer->clearTempVars(); importer->setCurrentLineNumber(LT(0)->getLine()); -#line 2223 "PIXCfgParser.cpp" +#line 2713 "PIXCfgParser.cpp" } { switch ( LA(1)) { @@ -2291,14 +2781,14 @@ void PIXCfgParser::protocol_object() { } } if ( inputState->guessing==0 ) { -#line 580 "pix.g" +#line 596 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); importer->protocol = LT(0)->getText(); importer->addIPServiceToObjectGroup(); *dbg << " GROUP MEMBER " << LT(0)->getText() << " "; -#line 2302 "PIXCfgParser.cpp" +#line 2792 "PIXCfgParser.cpp" } break; } @@ -2306,13 +2796,13 @@ void PIXCfgParser::protocol_object() { { match(ICMP6); if ( inputState->guessing==0 ) { -#line 588 "pix.g" +#line 604 "pix.g" importer->addMessageToLog( "Parser warning: IPv6 import is not supported. "); consumeUntil(NEWLINE); -#line 2316 "PIXCfgParser.cpp" +#line 2806 "PIXCfgParser.cpp" } break; } @@ -2322,12 +2812,12 @@ void PIXCfgParser::protocol_object() { name = LT(1); match(WORD); if ( inputState->guessing==0 ) { -#line 595 "pix.g" +#line 611 "pix.g" importer->addNamedObjectToObjectGroup(name->getText()); *dbg << " GROUP MEMBER " << name->getLine() << std::endl; -#line 2331 "PIXCfgParser.cpp" +#line 2821 "PIXCfgParser.cpp" } break; } @@ -2349,6 +2839,7 @@ void PIXCfgParser::protocol_object() { } void PIXCfgParser::object_group_icmp_parameters() { + Tracer traceInOut(this, "object_group_icmp_parameters"); try { // for error handling match(NEWLINE); @@ -2387,24 +2878,42 @@ void PIXCfgParser::object_group_icmp_parameters() { } void PIXCfgParser::icmp_object() { + Tracer traceInOut(this, "icmp_object"); ANTLR_USE_NAMESPACE(antlr)RefToken icmp_type = ANTLR_USE_NAMESPACE(antlr)nullToken; - ANTLR_USE_NAMESPACE(antlr)RefToken icmp_word = ANTLR_USE_NAMESPACE(antlr)nullToken; ANTLR_USE_NAMESPACE(antlr)RefToken name = ANTLR_USE_NAMESPACE(antlr)nullToken; try { // for error handling match(ICMP_OBJECT); if ( inputState->guessing==0 ) { -#line 642 "pix.g" +#line 658 "pix.g" importer->clearTempVars(); importer->setCurrentLineNumber(LT(0)->getLine()); -#line 2403 "PIXCfgParser.cpp" +#line 2894 "PIXCfgParser.cpp" } { switch ( LA(1)) { - case WORD: case INT_CONST: + case ALTERNATE_ADDRESS: + case CONVERSION_ERROR: + case ECHO: + case ECHO_REPLY: + case INFORMATION_REPLY: + case INFORMATION_REQUEST: + case MASK_REPLY: + case MASK_REQUEST: + case MOBILE_REDIRECT: + case PARAMETER_PROBLEM: + case REDIRECT: + case ROUTER_ADVERTISEMENT: + case ROUTER_SOLICITATION: + case SOURCE_QUENCH: + case TIME_EXCEEDED: + case TIMESTAMP_REPLY: + case TIMESTAMP_REQUEST: + case TRACEROUTE: + case UNREACHABLE: { { switch ( LA(1)) { @@ -2413,24 +2922,41 @@ void PIXCfgParser::icmp_object() { icmp_type = LT(1); match(INT_CONST); if ( inputState->guessing==0 ) { -#line 649 "pix.g" +#line 665 "pix.g" importer->icmp_type = LT(0)->getText(); -#line 2421 "PIXCfgParser.cpp" +#line 2930 "PIXCfgParser.cpp" } break; } - case WORD: + case ALTERNATE_ADDRESS: + case CONVERSION_ERROR: + case ECHO: + case ECHO_REPLY: + case INFORMATION_REPLY: + case INFORMATION_REQUEST: + case MASK_REPLY: + case MASK_REQUEST: + case MOBILE_REDIRECT: + case PARAMETER_PROBLEM: + case REDIRECT: + case ROUTER_ADVERTISEMENT: + case ROUTER_SOLICITATION: + case SOURCE_QUENCH: + case TIME_EXCEEDED: + case TIMESTAMP_REPLY: + case TIMESTAMP_REQUEST: + case TRACEROUTE: + case UNREACHABLE: { - icmp_word = LT(1); - match(WORD); + icmp_names(); if ( inputState->guessing==0 ) { -#line 653 "pix.g" +#line 670 "pix.g" - importer->icmp_spec = icmp_word->getText(); + importer->icmp_spec = LT(0)->getText(); -#line 2434 "PIXCfgParser.cpp" +#line 2960 "PIXCfgParser.cpp" } break; } @@ -2441,12 +2967,12 @@ void PIXCfgParser::icmp_object() { } } if ( inputState->guessing==0 ) { -#line 657 "pix.g" +#line 674 "pix.g" importer->addICMPServiceToObjectGroup(); *dbg << " SERVICE ICMP " << LT(0)->getText() << " "; -#line 2450 "PIXCfgParser.cpp" +#line 2976 "PIXCfgParser.cpp" } break; } @@ -2456,12 +2982,12 @@ void PIXCfgParser::icmp_object() { name = LT(1); match(WORD); if ( inputState->guessing==0 ) { -#line 663 "pix.g" +#line 680 "pix.g" importer->addNamedObjectToObjectGroup(name->getText()); *dbg << " GROUP MEMBER " << name->getLine() << std::endl; -#line 2465 "PIXCfgParser.cpp" +#line 2991 "PIXCfgParser.cpp" } break; } @@ -2483,6 +3009,7 @@ void PIXCfgParser::icmp_object() { } void PIXCfgParser::object_group_service_parameters() { + Tracer traceInOut(this, "object_group_service_parameters"); try { // for error handling match(NEWLINE); @@ -2526,19 +3053,19 @@ void PIXCfgParser::object_group_service_parameters() { } void PIXCfgParser::service_object() { + Tracer traceInOut(this, "service_object"); ANTLR_USE_NAMESPACE(antlr)RefToken icmp_type = ANTLR_USE_NAMESPACE(antlr)nullToken; - ANTLR_USE_NAMESPACE(antlr)RefToken icmp_word = ANTLR_USE_NAMESPACE(antlr)nullToken; ANTLR_USE_NAMESPACE(antlr)RefToken name = ANTLR_USE_NAMESPACE(antlr)nullToken; try { // for error handling match(SERVICE_OBJECT); if ( inputState->guessing==0 ) { -#line 702 "pix.g" +#line 719 "pix.g" importer->clearTempVars(); importer->setCurrentLineNumber(LT(0)->getLine()); -#line 2542 "PIXCfgParser.cpp" +#line 3069 "PIXCfgParser.cpp" } { switch ( LA(1)) { @@ -2592,14 +3119,14 @@ void PIXCfgParser::service_object() { } } if ( inputState->guessing==0 ) { -#line 708 "pix.g" +#line 725 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); importer->protocol = LT(0)->getText(); importer->addIPServiceToObjectGroup(); *dbg << " GROUP MEMBER " << LT(0)->getText() << " "; -#line 2603 "PIXCfgParser.cpp" +#line 3130 "PIXCfgParser.cpp" } break; } @@ -2631,12 +3158,12 @@ void PIXCfgParser::service_object() { } } if ( inputState->guessing==0 ) { -#line 716 "pix.g" +#line 733 "pix.g" importer->protocol = LT(0)->getText(); *dbg << " SERVICE TCP/UDP" << LT(0)->getText() << " "; -#line 2640 "PIXCfgParser.cpp" +#line 3167 "PIXCfgParser.cpp" } { switch ( LA(1)) { @@ -2649,11 +3176,13 @@ void PIXCfgParser::service_object() { case NEWLINE: case QUIT: case IP: + case TIMEOUT: case NAMES: case NAME: case WORD: case OBJECT: case RANGE: + case ICMP: case DESTINATION: case OBJECT_GROUP: case CRYPTO: @@ -2667,6 +3196,8 @@ void PIXCfgParser::service_object() { case P_GT: case P_LT: case P_NEQ: + case SSH: + case TELNET: case INTRFACE: case CONTROLLER: case LINE_COMMENT: @@ -2699,10 +3230,12 @@ void PIXCfgParser::service_object() { case NEWLINE: case QUIT: case IP: + case TIMEOUT: case NAMES: case NAME: case WORD: case OBJECT: + case ICMP: case OBJECT_GROUP: case CRYPTO: case NO: @@ -2711,6 +3244,8 @@ void PIXCfgParser::service_object() { case ASA_WORD: case HOSTNAME: case ACCESS_LIST: + case SSH: + case TELNET: case INTRFACE: case CONTROLLER: case LINE_COMMENT: @@ -2728,11 +3263,11 @@ void PIXCfgParser::service_object() { } } if ( inputState->guessing==0 ) { -#line 722 "pix.g" +#line 739 "pix.g" importer->addTCPUDPServiceToObjectGroup(); -#line 2736 "PIXCfgParser.cpp" +#line 3271 "PIXCfgParser.cpp" } break; } @@ -2746,24 +3281,41 @@ void PIXCfgParser::service_object() { icmp_type = LT(1); match(INT_CONST); if ( inputState->guessing==0 ) { -#line 729 "pix.g" +#line 746 "pix.g" importer->icmp_type = LT(0)->getText(); -#line 2754 "PIXCfgParser.cpp" +#line 3289 "PIXCfgParser.cpp" } break; } - case WORD: + case ALTERNATE_ADDRESS: + case CONVERSION_ERROR: + case ECHO: + case ECHO_REPLY: + case INFORMATION_REPLY: + case INFORMATION_REQUEST: + case MASK_REPLY: + case MASK_REQUEST: + case MOBILE_REDIRECT: + case PARAMETER_PROBLEM: + case REDIRECT: + case ROUTER_ADVERTISEMENT: + case ROUTER_SOLICITATION: + case SOURCE_QUENCH: + case TIME_EXCEEDED: + case TIMESTAMP_REPLY: + case TIMESTAMP_REQUEST: + case TRACEROUTE: + case UNREACHABLE: { - icmp_word = LT(1); - match(WORD); + icmp_names(); if ( inputState->guessing==0 ) { -#line 733 "pix.g" +#line 751 "pix.g" - importer->icmp_spec = icmp_word->getText(); + importer->icmp_spec = LT(0)->getText(); -#line 2767 "PIXCfgParser.cpp" +#line 3319 "PIXCfgParser.cpp" } break; } @@ -2774,12 +3326,12 @@ void PIXCfgParser::service_object() { } } if ( inputState->guessing==0 ) { -#line 737 "pix.g" +#line 755 "pix.g" importer->addICMPServiceToObjectGroup(); *dbg << " SERVICE ICMP " << LT(0)->getText() << " "; -#line 2783 "PIXCfgParser.cpp" +#line 3335 "PIXCfgParser.cpp" } break; } @@ -2789,12 +3341,12 @@ void PIXCfgParser::service_object() { name = LT(1); match(WORD); if ( inputState->guessing==0 ) { -#line 743 "pix.g" +#line 761 "pix.g" importer->addNamedObjectToObjectGroup(name->getText()); *dbg << " GROUP MEMBER " << name->getLine() << std::endl; -#line 2798 "PIXCfgParser.cpp" +#line 3350 "PIXCfgParser.cpp" } break; } @@ -2816,19 +3368,20 @@ void PIXCfgParser::service_object() { } void PIXCfgParser::port_object() { + Tracer traceInOut(this, "port_object"); try { // for error handling match(PORT_OBJECT); xoperator(); if ( inputState->guessing==0 ) { -#line 751 "pix.g" +#line 769 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); importer->SaveTmpPortToDst(); importer->addTCPUDPServiceToObjectGroup(); *dbg << " PORT OBJECT TCP/UDP" << LT(0)->getText() << " "; -#line 2832 "PIXCfgParser.cpp" +#line 3385 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -2842,6 +3395,7 @@ void PIXCfgParser::port_object() { } void PIXCfgParser::permit_extended() { + Tracer traceInOut(this, "permit_extended"); try { // for error handling { @@ -2863,23 +3417,23 @@ void PIXCfgParser::permit_extended() { } match(PERMIT); if ( inputState->guessing==0 ) { -#line 852 "pix.g" +#line 870 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); importer->newPolicyRule(); importer->action = "permit"; *dbg << LT(1)->getLine() << ":" << " permit "; -#line 2874 "PIXCfgParser.cpp" +#line 3428 "PIXCfgParser.cpp" } rule_extended(); match(NEWLINE); if ( inputState->guessing==0 ) { -#line 859 "pix.g" +#line 877 "pix.g" importer->pushRule(); -#line 2883 "PIXCfgParser.cpp" +#line 3437 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -2893,6 +3447,7 @@ void PIXCfgParser::permit_extended() { } void PIXCfgParser::deny_extended() { + Tracer traceInOut(this, "deny_extended"); try { // for error handling { @@ -2914,23 +3469,23 @@ void PIXCfgParser::deny_extended() { } match(DENY); if ( inputState->guessing==0 ) { -#line 865 "pix.g" +#line 883 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); importer->newPolicyRule(); importer->action = "deny"; *dbg << LT(1)->getLine() << ":" << " deny "; -#line 2925 "PIXCfgParser.cpp" +#line 3480 "PIXCfgParser.cpp" } rule_extended(); match(NEWLINE); if ( inputState->guessing==0 ) { -#line 872 "pix.g" +#line 890 "pix.g" importer->pushRule(); -#line 2934 "PIXCfgParser.cpp" +#line 3489 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -2944,28 +3499,29 @@ void PIXCfgParser::deny_extended() { } void PIXCfgParser::permit_standard() { + Tracer traceInOut(this, "permit_standard"); try { // for error handling match(STANDARD); match(PERMIT); if ( inputState->guessing==0 ) { -#line 878 "pix.g" +#line 896 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); importer->newPolicyRule(); importer->action = "permit"; *dbg << LT(1)->getLine() << ":" << " permit "; -#line 2960 "PIXCfgParser.cpp" +#line 3516 "PIXCfgParser.cpp" } rule_standard(); match(NEWLINE); if ( inputState->guessing==0 ) { -#line 885 "pix.g" +#line 903 "pix.g" importer->pushRule(); -#line 2969 "PIXCfgParser.cpp" +#line 3525 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -2979,28 +3535,29 @@ void PIXCfgParser::permit_standard() { } void PIXCfgParser::deny_standard() { + Tracer traceInOut(this, "deny_standard"); try { // for error handling match(STANDARD); match(DENY); if ( inputState->guessing==0 ) { -#line 891 "pix.g" +#line 909 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); importer->newPolicyRule(); importer->action = "deny"; *dbg << LT(1)->getLine() << ":" << " deny "; -#line 2995 "PIXCfgParser.cpp" +#line 3552 "PIXCfgParser.cpp" } rule_standard(); match(NEWLINE); if ( inputState->guessing==0 ) { -#line 898 "pix.g" +#line 916 "pix.g" importer->pushRule(); -#line 3004 "PIXCfgParser.cpp" +#line 3561 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -3014,11 +3571,12 @@ void PIXCfgParser::deny_standard() { } void PIXCfgParser::remark() { + Tracer traceInOut(this, "remark"); try { // for error handling match(REMARK); if ( inputState->guessing==0 ) { -#line 1535 "pix.g" +#line 1680 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); *dbg << LT(1)->getLine() << ":"; @@ -3032,7 +3590,7 @@ void PIXCfgParser::remark() { *dbg << " REMARK " << rem << std::endl; //consumeUntil(NEWLINE); -#line 3036 "PIXCfgParser.cpp" +#line 3594 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -3046,6 +3604,7 @@ void PIXCfgParser::remark() { } void PIXCfgParser::rule_extended() { + Tracer traceInOut(this, "rule_extended"); try { // for error handling { @@ -3072,15 +3631,15 @@ void PIXCfgParser::rule_extended() { ip_protocols(); hostaddr_expr(); if ( inputState->guessing==0 ) { -#line 923 "pix.g" +#line 941 "pix.g" importer->SaveTmpAddrToSrc(); *dbg << "(src) "; -#line 3078 "PIXCfgParser.cpp" +#line 3637 "PIXCfgParser.cpp" } hostaddr_expr(); if ( inputState->guessing==0 ) { -#line 924 "pix.g" +#line 942 "pix.g" importer->SaveTmpAddrToDst(); *dbg << "(dst) "; -#line 3084 "PIXCfgParser.cpp" +#line 3643 "PIXCfgParser.cpp" } { switch ( LA(1)) { @@ -3145,29 +3704,47 @@ void PIXCfgParser::rule_extended() { { match(ICMP); if ( inputState->guessing==0 ) { -#line 930 "pix.g" +#line 948 "pix.g" importer->protocol = LT(0)->getText(); *dbg << "protocol " << LT(0)->getText() << " "; -#line 3154 "PIXCfgParser.cpp" +#line 3713 "PIXCfgParser.cpp" } hostaddr_expr(); if ( inputState->guessing==0 ) { -#line 934 "pix.g" +#line 952 "pix.g" importer->SaveTmpAddrToSrc(); *dbg << "(src) "; -#line 3160 "PIXCfgParser.cpp" +#line 3719 "PIXCfgParser.cpp" } hostaddr_expr(); if ( inputState->guessing==0 ) { -#line 935 "pix.g" +#line 953 "pix.g" importer->SaveTmpAddrToDst(); *dbg << "(dst) "; -#line 3166 "PIXCfgParser.cpp" +#line 3725 "PIXCfgParser.cpp" } { switch ( LA(1)) { - case WORD: case INT_CONST: + case ALTERNATE_ADDRESS: + case CONVERSION_ERROR: + case ECHO: + case ECHO_REPLY: + case INFORMATION_REPLY: + case INFORMATION_REQUEST: + case MASK_REPLY: + case MASK_REQUEST: + case MOBILE_REDIRECT: + case PARAMETER_PROBLEM: + case REDIRECT: + case ROUTER_ADVERTISEMENT: + case ROUTER_SOLICITATION: + case SOURCE_QUENCH: + case TIME_EXCEEDED: + case TIMESTAMP_REPLY: + case TIMESTAMP_REQUEST: + case TRACEROUTE: + case UNREACHABLE: { icmp_spec(); break; @@ -3258,17 +3835,17 @@ void PIXCfgParser::rule_extended() { } } if ( inputState->guessing==0 ) { -#line 943 "pix.g" +#line 961 "pix.g" *dbg << std::endl; -#line 3266 "PIXCfgParser.cpp" +#line 3843 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_10); + recover(ex,_tokenSet_11); } else { throw; } @@ -3276,31 +3853,32 @@ void PIXCfgParser::rule_extended() { } void PIXCfgParser::rule_standard() { + Tracer traceInOut(this, "rule_standard"); try { // for error handling if ( inputState->guessing==0 ) { -#line 908 "pix.g" +#line 926 "pix.g" importer->tmp_a = "0.0.0.0"; importer->tmp_nm = "0.0.0.0"; importer->SaveTmpAddrToSrc(); -#line 3289 "PIXCfgParser.cpp" +#line 3867 "PIXCfgParser.cpp" } hostaddr_expr(); if ( inputState->guessing==0 ) { -#line 914 "pix.g" +#line 932 "pix.g" importer->SaveTmpAddrToDst(); *dbg << "(dst) " << std::endl; -#line 3298 "PIXCfgParser.cpp" +#line 3876 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_10); + recover(ex,_tokenSet_11); } else { throw; } @@ -3308,6 +3886,7 @@ void PIXCfgParser::rule_standard() { } void PIXCfgParser::hostaddr_expr() { + Tracer traceInOut(this, "hostaddr_expr"); ANTLR_USE_NAMESPACE(antlr)RefToken intf_name = ANTLR_USE_NAMESPACE(antlr)nullToken; ANTLR_USE_NAMESPACE(antlr)RefToken name = ANTLR_USE_NAMESPACE(antlr)nullToken; ANTLR_USE_NAMESPACE(antlr)RefToken h = ANTLR_USE_NAMESPACE(antlr)nullToken; @@ -3322,13 +3901,13 @@ void PIXCfgParser::hostaddr_expr() { intf_name = LT(1); match(WORD); if ( inputState->guessing==0 ) { -#line 1136 "pix.g" +#line 1176 "pix.g" importer->tmp_a = intf_name->getText(); importer->tmp_nm = "interface"; *dbg << "object " << intf_name->getText() << " "; -#line 3332 "PIXCfgParser.cpp" +#line 3911 "PIXCfgParser.cpp" } break; } @@ -3358,13 +3937,13 @@ void PIXCfgParser::hostaddr_expr() { match(WORD); } if ( inputState->guessing==0 ) { -#line 1143 "pix.g" +#line 1183 "pix.g" importer->tmp_a = name->getText(); importer->tmp_nm = ""; *dbg << "object " << name->getText() << " "; -#line 3368 "PIXCfgParser.cpp" +#line 3947 "PIXCfgParser.cpp" } break; } @@ -3376,13 +3955,13 @@ void PIXCfgParser::hostaddr_expr() { match(IPV4); } if ( inputState->guessing==0 ) { -#line 1150 "pix.g" +#line 1190 "pix.g" importer->tmp_a = h->getText(); importer->tmp_nm = "255.255.255.255"; *dbg << h->getText() << "/255.255.255.255"; -#line 3386 "PIXCfgParser.cpp" +#line 3965 "PIXCfgParser.cpp" } break; } @@ -3395,13 +3974,13 @@ void PIXCfgParser::hostaddr_expr() { match(IPV4); } if ( inputState->guessing==0 ) { -#line 1157 "pix.g" +#line 1197 "pix.g" importer->tmp_a = a->getText(); importer->tmp_nm = m->getText(); *dbg << a->getText() << "/" << m->getText(); -#line 3405 "PIXCfgParser.cpp" +#line 3984 "PIXCfgParser.cpp" } break; } @@ -3409,13 +3988,13 @@ void PIXCfgParser::hostaddr_expr() { { match(ANY); if ( inputState->guessing==0 ) { -#line 1164 "pix.g" +#line 1204 "pix.g" importer->tmp_a = "0.0.0.0"; importer->tmp_nm = "0.0.0.0"; *dbg << "0.0.0.0/0.0.0.0"; -#line 3419 "PIXCfgParser.cpp" +#line 3998 "PIXCfgParser.cpp" } break; } @@ -3428,7 +4007,7 @@ void PIXCfgParser::hostaddr_expr() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_11); + recover(ex,_tokenSet_12); } else { throw; } @@ -3436,6 +4015,7 @@ void PIXCfgParser::hostaddr_expr() { } void PIXCfgParser::ip_protocols() { + Tracer traceInOut(this, "ip_protocols"); ANTLR_USE_NAMESPACE(antlr)RefToken name = ANTLR_USE_NAMESPACE(antlr)nullToken; try { // for error handling @@ -3491,12 +4071,12 @@ void PIXCfgParser::ip_protocols() { } } if ( inputState->guessing==0 ) { -#line 1063 "pix.g" +#line 1081 "pix.g" importer->protocol = LT(0)->getText(); *dbg << "protocol " << LT(0)->getText() << " "; -#line 3500 "PIXCfgParser.cpp" +#line 4080 "PIXCfgParser.cpp" } break; } @@ -3526,12 +4106,12 @@ void PIXCfgParser::ip_protocols() { match(WORD); } if ( inputState->guessing==0 ) { -#line 1069 "pix.g" +#line 1087 "pix.g" importer->protocol = name->getText(); *dbg << "protocol " << name->getText() << " "; -#line 3535 "PIXCfgParser.cpp" +#line 4115 "PIXCfgParser.cpp" } break; } @@ -3542,32 +4122,6 @@ void PIXCfgParser::ip_protocols() { } } } - catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { - if( inputState->guessing == 0 ) { - reportError(ex); - recover(ex,_tokenSet_12); - } else { - throw; - } - } -} - -void PIXCfgParser::time_range() { - ANTLR_USE_NAMESPACE(antlr)RefToken tr_name = ANTLR_USE_NAMESPACE(antlr)nullToken; - - try { // for error handling - match(TIME_RANGE); - tr_name = LT(1); - match(WORD); - if ( inputState->guessing==0 ) { -#line 1193 "pix.g" - - importer->time_range_name = tr_name->getText(); - *dbg << "time_range " << tr_name->getText() << " "; - -#line 3569 "PIXCfgParser.cpp" - } - } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); @@ -3578,17 +4132,21 @@ void PIXCfgParser::time_range() { } } -void PIXCfgParser::fragments() { +void PIXCfgParser::time_range() { + Tracer traceInOut(this, "time_range"); + ANTLR_USE_NAMESPACE(antlr)RefToken tr_name = ANTLR_USE_NAMESPACE(antlr)nullToken; try { // for error handling - match(FRAGMENTS); + match(TIME_RANGE); + tr_name = LT(1); + match(WORD); if ( inputState->guessing==0 ) { -#line 1186 "pix.g" +#line 1233 "pix.g" - importer->fragments = true; - *dbg << "fragments "; + importer->time_range_name = tr_name->getText(); + *dbg << "time_range " << tr_name->getText() << " "; -#line 3592 "PIXCfgParser.cpp" +#line 4150 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -3601,7 +4159,32 @@ void PIXCfgParser::fragments() { } } +void PIXCfgParser::fragments() { + Tracer traceInOut(this, "fragments"); + + try { // for error handling + match(FRAGMENTS); + if ( inputState->guessing==0 ) { +#line 1226 "pix.g" + + importer->fragments = true; + *dbg << "fragments "; + +#line 4174 "PIXCfgParser.cpp" + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + if( inputState->guessing == 0 ) { + reportError(ex); + recover(ex,_tokenSet_15); + } else { + throw; + } + } +} + void PIXCfgParser::log() { + Tracer traceInOut(this, "log"); try { // for error handling { @@ -3676,18 +4259,18 @@ void PIXCfgParser::log() { } } if ( inputState->guessing==0 ) { -#line 1172 "pix.g" +#line 1212 "pix.g" importer->logging = true; *dbg << "logging "; -#line 3685 "PIXCfgParser.cpp" +#line 4268 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_10); + recover(ex,_tokenSet_11); } else { throw; } @@ -3695,9 +4278,9 @@ void PIXCfgParser::log() { } void PIXCfgParser::icmp_spec() { + Tracer traceInOut(this, "icmp_spec"); ANTLR_USE_NAMESPACE(antlr)RefToken icmp_type = ANTLR_USE_NAMESPACE(antlr)nullToken; ANTLR_USE_NAMESPACE(antlr)RefToken icmp_code = ANTLR_USE_NAMESPACE(antlr)nullToken; - ANTLR_USE_NAMESPACE(antlr)RefToken icmp_word = ANTLR_USE_NAMESPACE(antlr)nullToken; try { // for error handling { @@ -3711,7 +4294,7 @@ void PIXCfgParser::icmp_spec() { match(INT_CONST); } if ( inputState->guessing==0 ) { -#line 1079 "pix.g" +#line 1097 "pix.g" importer->icmp_type = icmp_type->getText(); importer->icmp_code = icmp_code->getText(); @@ -3719,21 +4302,38 @@ void PIXCfgParser::icmp_spec() { *dbg << icmp_type->getText() << " " << icmp_code->getText() << " "; -#line 3723 "PIXCfgParser.cpp" +#line 4306 "PIXCfgParser.cpp" } break; } - case WORD: + case ALTERNATE_ADDRESS: + case CONVERSION_ERROR: + case ECHO: + case ECHO_REPLY: + case INFORMATION_REPLY: + case INFORMATION_REQUEST: + case MASK_REPLY: + case MASK_REQUEST: + case MOBILE_REDIRECT: + case PARAMETER_PROBLEM: + case REDIRECT: + case ROUTER_ADVERTISEMENT: + case ROUTER_SOLICITATION: + case SOURCE_QUENCH: + case TIME_EXCEEDED: + case TIMESTAMP_REPLY: + case TIMESTAMP_REQUEST: + case TRACEROUTE: + case UNREACHABLE: { - icmp_word = LT(1); - match(WORD); + icmp_names(); if ( inputState->guessing==0 ) { -#line 1088 "pix.g" +#line 1106 "pix.g" - importer->icmp_spec = icmp_word->getText(); - *dbg << icmp_word->getText() << " "; + importer->icmp_spec = LT(0)->getText(); + *dbg << LT(0)->getText() << " "; -#line 3737 "PIXCfgParser.cpp" +#line 4337 "PIXCfgParser.cpp" } break; } @@ -3747,7 +4347,7 @@ void PIXCfgParser::icmp_spec() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_15); + recover(ex,_tokenSet_16); } else { throw; } @@ -3755,6 +4355,7 @@ void PIXCfgParser::icmp_spec() { } void PIXCfgParser::tcp_udp_rule_extended() { + Tracer traceInOut(this, "tcp_udp_rule_extended"); ANTLR_USE_NAMESPACE(antlr)RefToken src_grp_name = ANTLR_USE_NAMESPACE(antlr)nullToken; ANTLR_USE_NAMESPACE(antlr)RefToken dst_addr_name = ANTLR_USE_NAMESPACE(antlr)nullToken; @@ -3778,24 +4379,24 @@ void PIXCfgParser::tcp_udp_rule_extended() { } } if ( inputState->guessing==0 ) { -#line 950 "pix.g" +#line 968 "pix.g" importer->protocol = LT(0)->getText(); *dbg << "protocol " << LT(0)->getText() << " "; -#line 3787 "PIXCfgParser.cpp" +#line 4388 "PIXCfgParser.cpp" } hostaddr_expr(); if ( inputState->guessing==0 ) { -#line 954 "pix.g" +#line 972 "pix.g" importer->SaveTmpAddrToSrc(); *dbg << "(src) "; -#line 3793 "PIXCfgParser.cpp" +#line 4394 "PIXCfgParser.cpp" } { - bool synPredMatched122 = false; - if (((_tokenSet_12.member(LA(1))) && (_tokenSet_16.member(LA(2))))) { - int _m122 = mark(); - synPredMatched122 = true; + bool synPredMatched123 = false; + if (((_tokenSet_13.member(LA(1))) && (_tokenSet_17.member(LA(2))))) { + int _m123 = mark(); + synPredMatched123 = true; inputState->guessing++; try { { @@ -3803,46 +4404,46 @@ void PIXCfgParser::tcp_udp_rule_extended() { } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { - synPredMatched122 = false; + synPredMatched123 = false; } - rewind(_m122); + rewind(_m123); inputState->guessing--; } - if ( synPredMatched122 ) { + if ( synPredMatched123 ) { { if (((LA(1) == OBJECT_GROUP) && (LA(2) == WORD))&&( importer->isKnownServiceGroupName(LT(2)->getText()) )) { match(OBJECT_GROUP); src_grp_name = LT(1); match(WORD); if ( inputState->guessing==0 ) { -#line 964 "pix.g" +#line 982 "pix.g" importer->src_port_spec = src_grp_name->getText(); *dbg << "src port spec: " << src_grp_name->getText() << std::endl; -#line 3825 "PIXCfgParser.cpp" +#line 4426 "PIXCfgParser.cpp" } hostaddr_expr_1(); if ( inputState->guessing==0 ) { -#line 972 "pix.g" +#line 990 "pix.g" importer->SaveTmpAddrToDst(); *dbg << "(dst) "; -#line 3834 "PIXCfgParser.cpp" +#line 4435 "PIXCfgParser.cpp" } acl_tcp_udp_dst_port_spec(); } - else if ((_tokenSet_12.member(LA(1))) && (_tokenSet_16.member(LA(2)))) { + else if ((_tokenSet_13.member(LA(1))) && (_tokenSet_17.member(LA(2)))) { hostaddr_expr_2(); if ( inputState->guessing==0 ) { -#line 981 "pix.g" +#line 999 "pix.g" importer->SaveTmpAddrToDst(); *dbg << "(dst) "; -#line 3846 "PIXCfgParser.cpp" +#line 4447 "PIXCfgParser.cpp" } acl_tcp_udp_dst_port_spec(); } @@ -3857,10 +4458,10 @@ void PIXCfgParser::tcp_udp_rule_extended() { dst_addr_name = LT(1); match(WORD); { - if ((_tokenSet_17.member(LA(1))) && (LA(2) == WORD || LA(2) == INT_CONST)) { + if ((_tokenSet_18.member(LA(1))) && (_tokenSet_19.member(LA(2)))) { acl_xoperator_dst(); } - else if ((_tokenSet_18.member(LA(1))) && (_tokenSet_19.member(LA(2)))) { + else if ((_tokenSet_20.member(LA(1))) && (_tokenSet_21.member(LA(2)))) { } else { throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); @@ -3868,10 +4469,10 @@ void PIXCfgParser::tcp_udp_rule_extended() { } { - if ((LA(1) == ESTABLISHED) && (_tokenSet_18.member(LA(2)))) { + if ((LA(1) == ESTABLISHED) && (_tokenSet_20.member(LA(2)))) { established(); } - else if ((_tokenSet_18.member(LA(1))) && (_tokenSet_20.member(LA(2)))) { + else if ((_tokenSet_20.member(LA(1))) && (_tokenSet_22.member(LA(2)))) { } else { throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); @@ -3879,7 +4480,7 @@ void PIXCfgParser::tcp_udp_rule_extended() { } if ( inputState->guessing==0 ) { -#line 990 "pix.g" +#line 1008 "pix.g" // looks like "object foo" at this point can only be dest addr. // (judging by cli prompts on 8.3) @@ -3888,11 +4489,11 @@ void PIXCfgParser::tcp_udp_rule_extended() { importer->SaveTmpAddrToDst(); *dbg << "dst addr object " << dst_addr_name->getText() << " "; -#line 3892 "PIXCfgParser.cpp" +#line 4493 "PIXCfgParser.cpp" } acl_tcp_udp_dst_port_spec(); } - else if ((_tokenSet_21.member(LA(1))) && (_tokenSet_22.member(LA(2)))) { + else if ((_tokenSet_23.member(LA(1))) && (_tokenSet_24.member(LA(2)))) { { switch ( LA(1)) { case RANGE: @@ -3903,11 +4504,11 @@ void PIXCfgParser::tcp_udp_rule_extended() { { xoperator(); if ( inputState->guessing==0 ) { -#line 1004 "pix.g" +#line 1022 "pix.g" importer->SaveTmpPortToSrc(); -#line 3911 "PIXCfgParser.cpp" +#line 4512 "PIXCfgParser.cpp" } break; } @@ -3928,9 +4529,9 @@ void PIXCfgParser::tcp_udp_rule_extended() { } hostaddr_expr_3(); if ( inputState->guessing==0 ) { -#line 1008 "pix.g" +#line 1026 "pix.g" importer->SaveTmpAddrToDst(); *dbg << "(dst) "; -#line 3934 "PIXCfgParser.cpp" +#line 4535 "PIXCfgParser.cpp" } acl_tcp_udp_dst_port_spec(); } @@ -4000,7 +4601,7 @@ void PIXCfgParser::tcp_udp_rule_extended() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_10); + recover(ex,_tokenSet_11); } else { throw; } @@ -4008,6 +4609,7 @@ void PIXCfgParser::tcp_udp_rule_extended() { } void PIXCfgParser::hostaddr_expr_1() { + Tracer traceInOut(this, "hostaddr_expr_1"); try { // for error handling hostaddr_expr(); @@ -4015,7 +4617,7 @@ void PIXCfgParser::hostaddr_expr_1() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_18); + recover(ex,_tokenSet_20); } else { throw; } @@ -4023,6 +4625,7 @@ void PIXCfgParser::hostaddr_expr_1() { } void PIXCfgParser::acl_tcp_udp_dst_port_spec() { + Tracer traceInOut(this, "acl_tcp_udp_dst_port_spec"); ANTLR_USE_NAMESPACE(antlr)RefToken dst_port_group_name = ANTLR_USE_NAMESPACE(antlr)nullToken; ANTLR_USE_NAMESPACE(antlr)RefToken dst_port_obj_name = ANTLR_USE_NAMESPACE(antlr)nullToken; @@ -4036,13 +4639,13 @@ void PIXCfgParser::acl_tcp_udp_dst_port_spec() { dst_port_group_name = LT(1); match(WORD); if ( inputState->guessing==0 ) { -#line 1026 "pix.g" +#line 1044 "pix.g" importer->dst_port_spec = dst_port_group_name->getText(); *dbg << "dst port spec: " << dst_port_group_name->getText() << std::endl; -#line 4046 "PIXCfgParser.cpp" +#line 4649 "PIXCfgParser.cpp" } { switch ( LA(1)) { @@ -4074,13 +4677,13 @@ void PIXCfgParser::acl_tcp_udp_dst_port_spec() { dst_port_obj_name = LT(1); match(WORD); if ( inputState->guessing==0 ) { -#line 1036 "pix.g" +#line 1054 "pix.g" importer->dst_port_spec = dst_port_obj_name->getText(); *dbg << "dst addr object " << dst_port_obj_name->getText() << std::endl; -#line 4084 "PIXCfgParser.cpp" +#line 4687 "PIXCfgParser.cpp" } { switch ( LA(1)) { @@ -4176,7 +4779,7 @@ void PIXCfgParser::acl_tcp_udp_dst_port_spec() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_15); + recover(ex,_tokenSet_16); } else { throw; } @@ -4184,6 +4787,7 @@ void PIXCfgParser::acl_tcp_udp_dst_port_spec() { } void PIXCfgParser::hostaddr_expr_2() { + Tracer traceInOut(this, "hostaddr_expr_2"); try { // for error handling hostaddr_expr(); @@ -4191,7 +4795,7 @@ void PIXCfgParser::hostaddr_expr_2() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_18); + recover(ex,_tokenSet_20); } else { throw; } @@ -4199,21 +4803,22 @@ void PIXCfgParser::hostaddr_expr_2() { } void PIXCfgParser::acl_xoperator_dst() { + Tracer traceInOut(this, "acl_xoperator_dst"); try { // for error handling xoperator(); if ( inputState->guessing==0 ) { -#line 1051 "pix.g" +#line 1069 "pix.g" importer->SaveTmpPortToDst(); -#line 4211 "PIXCfgParser.cpp" +#line 4816 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_18); + recover(ex,_tokenSet_20); } else { throw; } @@ -4221,22 +4826,23 @@ void PIXCfgParser::acl_xoperator_dst() { } void PIXCfgParser::established() { + Tracer traceInOut(this, "established"); try { // for error handling match(ESTABLISHED); if ( inputState->guessing==0 ) { -#line 1179 "pix.g" +#line 1219 "pix.g" importer->established = true; *dbg << "established "; -#line 4234 "PIXCfgParser.cpp" +#line 4840 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_18); + recover(ex,_tokenSet_20); } else { throw; } @@ -4244,6 +4850,7 @@ void PIXCfgParser::established() { } void PIXCfgParser::hostaddr_expr_3() { + Tracer traceInOut(this, "hostaddr_expr_3"); try { // for error handling hostaddr_expr(); @@ -4251,7 +4858,7 @@ void PIXCfgParser::hostaddr_expr_3() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_18); + recover(ex,_tokenSet_20); } else { throw; } @@ -4259,6 +4866,7 @@ void PIXCfgParser::hostaddr_expr_3() { } void PIXCfgParser::single_port_op() { + Tracer traceInOut(this, "single_port_op"); try { // for error handling { @@ -4290,19 +4898,19 @@ void PIXCfgParser::single_port_op() { } } if ( inputState->guessing==0 ) { -#line 1096 "pix.g" +#line 1126 "pix.g" importer->tmp_port_op = LT(0)->getText(); *dbg << LT(0)->getText() << " "; -#line 4299 "PIXCfgParser.cpp" +#line 4907 "PIXCfgParser.cpp" } port_spec(); } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_9); + recover(ex,_tokenSet_10); } else { throw; } @@ -4310,23 +4918,24 @@ void PIXCfgParser::single_port_op() { } void PIXCfgParser::port_range() { + Tracer traceInOut(this, "port_range"); try { // for error handling match(RANGE); pair_of_ports_spec(); if ( inputState->guessing==0 ) { -#line 1111 "pix.g" +#line 1141 "pix.g" importer->tmp_port_op = "range"; *dbg << "range "; -#line 4324 "PIXCfgParser.cpp" +#line 4933 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_9); + recover(ex,_tokenSet_10); } else { throw; } @@ -4334,10 +4943,45 @@ void PIXCfgParser::port_range() { } void PIXCfgParser::port_spec() { + Tracer traceInOut(this, "port_spec"); + + try { // for error handling + tcp_udp_port_spec(); + if ( inputState->guessing==0 ) { +#line 1134 "pix.g" + + importer->tmp_port_spec = std::string(" ") + importer->tmp_port_spec_2; + *dbg << LT(0)->getText() << " " << importer->tmp_port_spec; + +#line 4957 "PIXCfgParser.cpp" + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + if( inputState->guessing == 0 ) { + reportError(ex); + recover(ex,_tokenSet_10); + } else { + throw; + } + } +} + +void PIXCfgParser::tcp_udp_port_spec() { + Tracer traceInOut(this, "tcp_udp_port_spec"); try { // for error handling { switch ( LA(1)) { + case SSH: + { + match(SSH); + break; + } + case TELNET: + { + match(TELNET); + break; + } case WORD: { match(WORD); @@ -4355,18 +4999,17 @@ void PIXCfgParser::port_spec() { } } if ( inputState->guessing==0 ) { -#line 1104 "pix.g" +#line 1163 "pix.g" - importer->tmp_port_spec = (std::string(" ") + LT(0)->getText()); - *dbg << LT(0)->getText() << " " << importer->tmp_port_spec; + importer->tmp_port_spec_2 = LT(0)->getText(); -#line 4364 "PIXCfgParser.cpp" +#line 5007 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_9); + recover(ex,_tokenSet_25); } else { throw; } @@ -4374,70 +5017,38 @@ void PIXCfgParser::port_spec() { } void PIXCfgParser::pair_of_ports_spec() { - ANTLR_USE_NAMESPACE(antlr)RefToken s1 = ANTLR_USE_NAMESPACE(antlr)nullToken; - ANTLR_USE_NAMESPACE(antlr)RefToken s2 = ANTLR_USE_NAMESPACE(antlr)nullToken; - ANTLR_USE_NAMESPACE(antlr)RefToken e1 = ANTLR_USE_NAMESPACE(antlr)nullToken; - ANTLR_USE_NAMESPACE(antlr)RefToken e2 = ANTLR_USE_NAMESPACE(antlr)nullToken; + Tracer traceInOut(this, "pair_of_ports_spec"); try { // for error handling - { - switch ( LA(1)) { - case WORD: - { - s1 = LT(1); - match(WORD); - break; - } - case INT_CONST: - { - s2 = LT(1); - match(INT_CONST); - break; - } - default: - { - throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); - } - } - } - { - switch ( LA(1)) { - case WORD: - { - e1 = LT(1); - match(WORD); - break; - } - case INT_CONST: - { - e2 = LT(1); - match(INT_CONST); - break; - } - default: - { - throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); - } - } - } if ( inputState->guessing==0 ) { -#line 1118 "pix.g" +#line 1148 "pix.g" + + importer->tmp_port_spec_2 = ""; + +#line 5029 "PIXCfgParser.cpp" + } + tcp_udp_port_spec(); + if ( inputState->guessing==0 ) { +#line 1152 "pix.g" + + importer->tmp_port_spec += importer->tmp_port_spec_2; + +#line 5037 "PIXCfgParser.cpp" + } + tcp_udp_port_spec(); + if ( inputState->guessing==0 ) { +#line 1156 "pix.g" - importer->tmp_port_spec = ""; - if (s1) importer->tmp_port_spec += s1->getText(); - if (s2) importer->tmp_port_spec += s2->getText(); importer->tmp_port_spec += " "; - if (e1) importer->tmp_port_spec += e1->getText(); - if (e2) importer->tmp_port_spec += e2->getText(); - *dbg << "pair of ports: " << importer->tmp_port_spec; + importer->tmp_port_spec += importer->tmp_port_spec_2; -#line 4435 "PIXCfgParser.cpp" +#line 5046 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_9); + recover(ex,_tokenSet_10); } else { throw; } @@ -4445,6 +5056,7 @@ void PIXCfgParser::pair_of_ports_spec() { } void PIXCfgParser::interface_command_6() { + Tracer traceInOut(this, "interface_command_6"); ANTLR_USE_NAMESPACE(antlr)RefToken in = ANTLR_USE_NAMESPACE(antlr)nullToken; try { // for error handling @@ -4452,14 +5064,14 @@ void PIXCfgParser::interface_command_6() { match(WORD); pix6_interface_hw_speed(); if ( inputState->guessing==0 ) { -#line 1252 "pix.g" +#line 1292 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); importer->newInterface( in->getText() ); *dbg << in->getLine() << ":" << " INTRFACE: " << in->getText() << std::endl; -#line 4463 "PIXCfgParser.cpp" +#line 5075 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -4473,42 +5085,43 @@ void PIXCfgParser::interface_command_6() { } void PIXCfgParser::interface_command_7() { + Tracer traceInOut(this, "interface_command_7"); ANTLR_USE_NAMESPACE(antlr)RefToken in = ANTLR_USE_NAMESPACE(antlr)nullToken; -#line 1260 "pix.g" +#line 1300 "pix.g" bool have_interface_parameters = false; -#line 4480 "PIXCfgParser.cpp" +#line 5093 "PIXCfgParser.cpp" try { // for error handling in = LT(1); match(WORD); match(NEWLINE); if ( inputState->guessing==0 ) { -#line 1261 "pix.g" +#line 1301 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); importer->newInterface( in->getText() ); *dbg << in->getLine() << ":" << " INTRFACE: " << in->getText() << std::endl; -#line 4494 "PIXCfgParser.cpp" +#line 5107 "PIXCfgParser.cpp" } { { // ( ... )* for (;;) { - if ((_tokenSet_23.member(LA(1)))) { + if ((_tokenSet_26.member(LA(1)))) { interface_parameters(); if ( inputState->guessing==0 ) { -#line 1268 "pix.g" +#line 1308 "pix.g" have_interface_parameters = true; -#line 4504 "PIXCfgParser.cpp" +#line 5117 "PIXCfgParser.cpp" } } else { - goto _loop182; + goto _loop184; } } - _loop182:; + _loop184:; } // ( ... )* { switch ( LA(1)) { @@ -4529,7 +5142,7 @@ void PIXCfgParser::interface_command_7() { } } if ( inputState->guessing==0 ) { -#line 1270 "pix.g" +#line 1310 "pix.g" if ( ! have_interface_parameters ) { @@ -4538,7 +5151,7 @@ void PIXCfgParser::interface_command_7() { << " EMPTY INTERFACE " << std::endl; } -#line 4542 "PIXCfgParser.cpp" +#line 5155 "PIXCfgParser.cpp" } } } @@ -4553,6 +5166,7 @@ void PIXCfgParser::interface_command_7() { } void PIXCfgParser::pix6_interface_hw_speed() { + Tracer traceInOut(this, "pix6_interface_hw_speed"); try { // for error handling { @@ -4625,14 +5239,15 @@ void PIXCfgParser::pix6_interface_hw_speed() { } void PIXCfgParser::interface_parameters() { + Tracer traceInOut(this, "interface_parameters"); try { // for error handling if ( inputState->guessing==0 ) { -#line 1298 "pix.g" +#line 1338 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); -#line 4636 "PIXCfgParser.cpp" +#line 5251 "PIXCfgParser.cpp" } { switch ( LA(1)) { @@ -4705,7 +5320,7 @@ void PIXCfgParser::interface_parameters() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_24); + recover(ex,_tokenSet_27); } else { throw; } @@ -4713,6 +5328,7 @@ void PIXCfgParser::interface_parameters() { } void PIXCfgParser::intf_address() { + Tracer traceInOut(this, "intf_address"); try { // for error handling match(IP); @@ -4740,7 +5356,7 @@ void PIXCfgParser::intf_address() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_10); + recover(ex,_tokenSet_11); } else { throw; } @@ -4748,6 +5364,7 @@ void PIXCfgParser::intf_address() { } void PIXCfgParser::vlan_interface() { + Tracer traceInOut(this, "vlan_interface"); ANTLR_USE_NAMESPACE(antlr)RefToken vlan_id = ANTLR_USE_NAMESPACE(antlr)nullToken; try { // for error handling @@ -4755,18 +5372,18 @@ void PIXCfgParser::vlan_interface() { vlan_id = LT(1); match(INT_CONST); if ( inputState->guessing==0 ) { -#line 1324 "pix.g" +#line 1364 "pix.g" importer->setInterfaceVlanId(vlan_id->getText()); *dbg << " VLAN: " << vlan_id->getText() << std::endl; -#line 4764 "PIXCfgParser.cpp" +#line 5381 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_10); + recover(ex,_tokenSet_11); } else { throw; } @@ -4774,6 +5391,7 @@ void PIXCfgParser::vlan_interface() { } void PIXCfgParser::sec_level() { + Tracer traceInOut(this, "sec_level"); ANTLR_USE_NAMESPACE(antlr)RefToken sec_level = ANTLR_USE_NAMESPACE(antlr)nullToken; try { // for error handling @@ -4781,18 +5399,18 @@ void PIXCfgParser::sec_level() { sec_level = LT(1); match(INT_CONST); if ( inputState->guessing==0 ) { -#line 1376 "pix.g" +#line 1416 "pix.g" importer->setInterfaceSecurityLevel(sec_level->getText()); *dbg << "SEC_LEVEL: " << sec_level->getText() << std::endl; -#line 4790 "PIXCfgParser.cpp" +#line 5408 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_10); + recover(ex,_tokenSet_11); } else { throw; } @@ -4800,6 +5418,7 @@ void PIXCfgParser::sec_level() { } void PIXCfgParser::nameif() { + Tracer traceInOut(this, "nameif"); ANTLR_USE_NAMESPACE(antlr)RefToken p_intf = ANTLR_USE_NAMESPACE(antlr)nullToken; ANTLR_USE_NAMESPACE(antlr)RefToken intf_label = ANTLR_USE_NAMESPACE(antlr)nullToken; ANTLR_USE_NAMESPACE(antlr)RefToken sec_level = ANTLR_USE_NAMESPACE(antlr)nullToken; @@ -4831,7 +5450,7 @@ void PIXCfgParser::nameif() { } } if ( inputState->guessing==0 ) { -#line 1399 "pix.g" +#line 1439 "pix.g" std::string label = (intf_label) ? intf_label->getText() : ""; std::string seclevel = (sec_level) ? sec_level->getText() : ""; @@ -4839,13 +5458,13 @@ void PIXCfgParser::nameif() { *dbg << " NAMEIF: " << p_intf->getText() << label << seclevel << std::endl; -#line 4843 "PIXCfgParser.cpp" +#line 5462 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_10); + recover(ex,_tokenSet_11); } else { throw; } @@ -4853,11 +5472,12 @@ void PIXCfgParser::nameif() { } void PIXCfgParser::interface_description() { + Tracer traceInOut(this, "interface_description"); try { // for error handling match(DESCRIPTION); if ( inputState->guessing==0 ) { -#line 1411 "pix.g" +#line 1451 "pix.g" *dbg << LT(1)->getLine() << ":"; std::string descr; @@ -4870,13 +5490,13 @@ void PIXCfgParser::interface_description() { *dbg << " DESCRIPTION " << descr << std::endl; //consumeUntil(NEWLINE); -#line 4874 "PIXCfgParser.cpp" +#line 5494 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_10); + recover(ex,_tokenSet_11); } else { throw; } @@ -4884,6 +5504,7 @@ void PIXCfgParser::interface_description() { } void PIXCfgParser::switchport() { + Tracer traceInOut(this, "switchport"); ANTLR_USE_NAMESPACE(antlr)RefToken vlan_num = ANTLR_USE_NAMESPACE(antlr)nullToken; try { // for error handling @@ -4893,18 +5514,18 @@ void PIXCfgParser::switchport() { vlan_num = LT(1); match(INT_CONST); if ( inputState->guessing==0 ) { -#line 1523 "pix.g" +#line 1563 "pix.g" importer->addMessageToLog("Switch port vlan " + vlan_num->getText()); *dbg << "Switch port vlan " << vlan_num->getText() << std::endl; -#line 4902 "PIXCfgParser.cpp" +#line 5523 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_10); + recover(ex,_tokenSet_11); } else { throw; } @@ -4912,23 +5533,24 @@ void PIXCfgParser::switchport() { } void PIXCfgParser::shutdown() { + Tracer traceInOut(this, "shutdown"); try { // for error handling match(SHUTDOWN); if ( inputState->guessing==0 ) { -#line 1426 "pix.g" +#line 1466 "pix.g" importer->ignoreCurrentInterface(); *dbg<< LT(1)->getLine() << ":" << " INTERFACE SHUTDOWN " << std::endl; -#line 4926 "PIXCfgParser.cpp" +#line 5548 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_10); + recover(ex,_tokenSet_11); } else { throw; } @@ -4936,6 +5558,7 @@ void PIXCfgParser::shutdown() { } void PIXCfgParser::interface_no_commands() { + Tracer traceInOut(this, "interface_no_commands"); try { // for error handling match(NO); @@ -4968,19 +5591,19 @@ void PIXCfgParser::interface_no_commands() { } } if ( inputState->guessing==0 ) { -#line 1368 "pix.g" +#line 1408 "pix.g" *dbg << " INTERFACE \"NO\" COMMAND: " << LT(0)->getText() << std::endl; consumeUntil(NEWLINE); -#line 4978 "PIXCfgParser.cpp" +#line 5601 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_10); + recover(ex,_tokenSet_11); } else { throw; } @@ -4988,6 +5611,7 @@ void PIXCfgParser::interface_no_commands() { } void PIXCfgParser::unsupported_interface_commands() { + Tracer traceInOut(this, "unsupported_interface_commands"); try { // for error handling { @@ -5069,19 +5693,19 @@ void PIXCfgParser::unsupported_interface_commands() { } } if ( inputState->guessing==0 ) { -#line 1360 "pix.g" +#line 1400 "pix.g" *dbg << " UNSUPPORTED INTERFACE COMMAND: " << LT(0)->getText() << std::endl; consumeUntil(NEWLINE); -#line 5079 "PIXCfgParser.cpp" +#line 5703 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_10); + recover(ex,_tokenSet_11); } else { throw; } @@ -5089,6 +5713,7 @@ void PIXCfgParser::unsupported_interface_commands() { } void PIXCfgParser::v6_ip_address() { + Tracer traceInOut(this, "v6_ip_address"); try { // for error handling if ((LA(1) == WORD) && (LA(2) == DHCP)) { @@ -5105,7 +5730,7 @@ void PIXCfgParser::v6_ip_address() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_10); + recover(ex,_tokenSet_11); } else { throw; } @@ -5113,6 +5738,7 @@ void PIXCfgParser::v6_ip_address() { } void PIXCfgParser::v7_ip_address() { + Tracer traceInOut(this, "v7_ip_address"); try { // for error handling switch ( LA(1)) { @@ -5135,7 +5761,7 @@ void PIXCfgParser::v7_ip_address() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_10); + recover(ex,_tokenSet_11); } else { throw; } @@ -5143,6 +5769,7 @@ void PIXCfgParser::v7_ip_address() { } void PIXCfgParser::v6_dhcp_address() { + Tracer traceInOut(this, "v6_dhcp_address"); ANTLR_USE_NAMESPACE(antlr)RefToken lbl = ANTLR_USE_NAMESPACE(antlr)nullToken; ANTLR_USE_NAMESPACE(antlr)RefToken dhcp = ANTLR_USE_NAMESPACE(antlr)nullToken; @@ -5152,7 +5779,7 @@ void PIXCfgParser::v6_dhcp_address() { dhcp = LT(1); match(DHCP); if ( inputState->guessing==0 ) { -#line 1461 "pix.g" +#line 1501 "pix.g" std::string label = lbl->getText(); std::string addr = dhcp->getText(); @@ -5163,13 +5790,13 @@ void PIXCfgParser::v6_dhcp_address() { // which we do not support consumeUntil(NEWLINE); -#line 5167 "PIXCfgParser.cpp" +#line 5794 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_10); + recover(ex,_tokenSet_11); } else { throw; } @@ -5177,6 +5804,7 @@ void PIXCfgParser::v6_dhcp_address() { } void PIXCfgParser::v6_static_address() { + Tracer traceInOut(this, "v6_static_address"); ANTLR_USE_NAMESPACE(antlr)RefToken lbl = ANTLR_USE_NAMESPACE(antlr)nullToken; ANTLR_USE_NAMESPACE(antlr)RefToken a = ANTLR_USE_NAMESPACE(antlr)nullToken; ANTLR_USE_NAMESPACE(antlr)RefToken m = ANTLR_USE_NAMESPACE(antlr)nullToken; @@ -5189,7 +5817,7 @@ void PIXCfgParser::v6_static_address() { m = LT(1); match(IPV4); if ( inputState->guessing==0 ) { -#line 1474 "pix.g" +#line 1514 "pix.g" std::string label = lbl->getText(); std::string addr = a->getText(); @@ -5200,13 +5828,13 @@ void PIXCfgParser::v6_static_address() { // in case there are some other parameters after address and netmask consumeUntil(NEWLINE); -#line 5204 "PIXCfgParser.cpp" +#line 5832 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_10); + recover(ex,_tokenSet_11); } else { throw; } @@ -5214,13 +5842,14 @@ void PIXCfgParser::v6_static_address() { } void PIXCfgParser::v7_dhcp_address() { + Tracer traceInOut(this, "v7_dhcp_address"); ANTLR_USE_NAMESPACE(antlr)RefToken dhcp = ANTLR_USE_NAMESPACE(antlr)nullToken; try { // for error handling dhcp = LT(1); match(DHCP); if ( inputState->guessing==0 ) { -#line 1491 "pix.g" +#line 1531 "pix.g" std::string addr = dhcp->getText(); importer->addInterfaceAddress(addr, ""); @@ -5228,13 +5857,13 @@ void PIXCfgParser::v7_dhcp_address() { << " INTRFACE ADDRESS: " << addr << std::endl; consumeUntil(NEWLINE); -#line 5232 "PIXCfgParser.cpp" +#line 5861 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_10); + recover(ex,_tokenSet_11); } else { throw; } @@ -5242,6 +5871,7 @@ void PIXCfgParser::v7_dhcp_address() { } void PIXCfgParser::v7_static_address() { + Tracer traceInOut(this, "v7_static_address"); ANTLR_USE_NAMESPACE(antlr)RefToken a = ANTLR_USE_NAMESPACE(antlr)nullToken; ANTLR_USE_NAMESPACE(antlr)RefToken m = ANTLR_USE_NAMESPACE(antlr)nullToken; ANTLR_USE_NAMESPACE(antlr)RefToken s = ANTLR_USE_NAMESPACE(antlr)nullToken; @@ -5270,7 +5900,7 @@ void PIXCfgParser::v7_static_address() { } } if ( inputState->guessing==0 ) { -#line 1502 "pix.g" +#line 1542 "pix.g" std::string addr = a->getText(); std::string netm = m->getText(); @@ -5287,13 +5917,92 @@ void PIXCfgParser::v7_static_address() { } consumeUntil(NEWLINE); -#line 5291 "PIXCfgParser.cpp" +#line 5921 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_10); + recover(ex,_tokenSet_11); + } else { + throw; + } + } +} + +void PIXCfgParser::icmp_types_for_icmp_command() { + Tracer traceInOut(this, "icmp_types_for_icmp_command"); + + try { // for error handling + switch ( LA(1)) { + case INT_CONST: + { + match(INT_CONST); + if ( inputState->guessing==0 ) { +#line 1659 "pix.g" + + importer->icmp_type = LT(0)->getText(); + importer->icmp_code = "0"; + importer->icmp_spec = ""; + +#line 5949 "PIXCfgParser.cpp" + } + break; + } + case ECHO: + case ECHO_REPLY: + case TIME_EXCEEDED: + case UNREACHABLE: + { + { + switch ( LA(1)) { + case ECHO: + { + match(ECHO); + break; + } + case ECHO_REPLY: + { + match(ECHO_REPLY); + break; + } + case TIME_EXCEEDED: + { + match(TIME_EXCEEDED); + break; + } + case UNREACHABLE: + { + match(UNREACHABLE); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + if ( inputState->guessing==0 ) { +#line 1666 "pix.g" + + importer->icmp_type = ""; + importer->icmp_code = "0"; + importer->icmp_spec = LT(0)->getText(); + +#line 5993 "PIXCfgParser.cpp" + } + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + if( inputState->guessing == 0 ) { + reportError(ex); + recover(ex,_tokenSet_28); } else { throw; } @@ -5312,6 +6021,7 @@ const char* PIXCfgParser::tokenNames[] = { "\"quit\"", "\"ip\"", "\"community-list\"", + "\"timeout\"", "\"names\"", "\"name\"", "IPV4", @@ -5370,10 +6080,31 @@ const char* PIXCfgParser::tokenNames[] = { "\"permit\"", "\"deny\"", "\"standard\"", + "\"alternate-address\"", + "\"conversion-error\"", + "\"echo\"", + "\"echo-reply\"", + "\"information-reply\"", + "\"information-request\"", + "\"mask-reply\"", + "\"mask-request\"", + "\"mobile-redirect\"", + "\"parameter-problem\"", + "\"redirect\"", + "\"router-advertisement\"", + "\"router-solicitation\"", + "\"source-quench\"", + "\"time-exceeded\"", + "\"timestamp-reply\"", + "\"timestamp-request\"", + "\"traceroute\"", + "\"unreachable\"", "\"eq\"", "\"gt\"", "\"lt\"", "\"neq\"", + "\"ssh\"", + "\"telnet\"", "\"interface\"", "\"any\"", "\"log\"", @@ -5456,110 +6187,136 @@ const char* PIXCfgParser::tokenNames[] = { const unsigned long PIXCfgParser::_tokenSet_0_data_[] = { 2UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // EOF const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_0(_tokenSet_0_data_,6); -const unsigned long PIXCfgParser::_tokenSet_1_data_[] = { 134222706UL, 703595520UL, 8503360UL, 12288UL, 0UL, 0UL, 0UL, 0UL }; -// EOF NEWLINE "quit" "ip" "names" "name" WORD OBJECT OBJECT_GROUP "crypto" -// "no" "certificate" "PIX" "ASA" "hostname" "access-list" "interface" -// "controller" LINE_COMMENT "exit" "nameif" "access-group" COLON_COMMENT -const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_1(_tokenSet_1_data_,8); -const unsigned long PIXCfgParser::_tokenSet_2_data_[] = { 0UL, 16UL, 917504UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +const unsigned long PIXCfgParser::_tokenSet_1_data_[] = { 268445554UL, 1407191056UL, 469762048UL, 8304UL, 12UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// EOF NEWLINE "quit" "ip" "timeout" "names" "name" WORD OBJECT "icmp" +// OBJECT_GROUP "crypto" "no" "certificate" "PIX" "ASA" "hostname" "access-list" +// "ssh" "telnet" "interface" "controller" LINE_COMMENT "exit" "nameif" +// "access-group" COLON_COMMENT +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_1(_tokenSet_1_data_,12); +const unsigned long PIXCfgParser::_tokenSet_2_data_[] = { 0UL, 32UL, 0UL, 896UL, 0UL, 0UL, 0UL, 0UL }; // INT_CONST "aui" "auto" "bnc" const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_2(_tokenSet_2_data_,8); -const unsigned long PIXCfgParser::_tokenSet_3_data_[] = { 268427328UL, 2147484904UL, 0UL, 0UL, 0UL, 0UL }; +const unsigned long PIXCfgParser::_tokenSet_3_data_[] = { 536854592UL, 2512UL, 1UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // "ip" "ah" "eigrp" "esp" "gre" "igmp" "igrp" "ipinip" "ipsec" "nos" "ospf" // "pcp" "pim" "pptp" "snp" OBJECT "icmp" "icmp6" "tcp" "udp" OBJECT_GROUP // "permit" -const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_3(_tokenSet_3_data_,6); -const unsigned long PIXCfgParser::_tokenSet_4_data_[] = { 268427328UL, 1256UL, 1UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_3(_tokenSet_3_data_,8); +const unsigned long PIXCfgParser::_tokenSet_4_data_[] = { 536854592UL, 2512UL, 2UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // "ip" "ah" "eigrp" "esp" "gre" "igmp" "igrp" "ipinip" "ipsec" "nos" "ospf" // "pcp" "pim" "pptp" "snp" OBJECT "icmp" "icmp6" "tcp" "udp" OBJECT_GROUP // "deny" const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_4(_tokenSet_4_data_,8); -const unsigned long PIXCfgParser::_tokenSet_5_data_[] = { 1073741824UL, 788480UL, 0UL, 0UL, 0UL, 0UL }; +const unsigned long PIXCfgParser::_tokenSet_5_data_[] = { 2147483648UL, 1576960UL, 0UL, 0UL, 0UL, 0UL }; // "description" "group-object" "service-object" "port-object" const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_5(_tokenSet_5_data_,6); -const unsigned long PIXCfgParser::_tokenSet_6_data_[] = { 2281707378UL, 703595520UL, 8503488UL, 12288UL, 0UL, 0UL, 0UL, 0UL }; -// EOF NEWLINE "quit" "ip" "names" "name" IPV4 WORD OBJECT "host" OBJECT_GROUP -// "crypto" "no" "certificate" "PIX" "ASA" "hostname" "access-list" "interface" -// "any" "controller" LINE_COMMENT "exit" "nameif" "access-group" COLON_COMMENT -const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_6(_tokenSet_6_data_,8); -const unsigned long PIXCfgParser::_tokenSet_7_data_[] = { 134209600UL, 16UL, 0UL, 0UL, 0UL, 0UL }; +const unsigned long PIXCfgParser::_tokenSet_6_data_[] = { 268447602UL, 1407191057UL, 1006632960UL, 8304UL, 12UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// EOF NEWLINE "quit" "ip" "timeout" "names" "name" IPV4 WORD OBJECT "host" +// "icmp" OBJECT_GROUP "crypto" "no" "certificate" "PIX" "ASA" "hostname" +// "access-list" "ssh" "telnet" "interface" "any" "controller" LINE_COMMENT +// "exit" "nameif" "access-group" COLON_COMMENT +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_6(_tokenSet_6_data_,12); +const unsigned long PIXCfgParser::_tokenSet_7_data_[] = { 268419136UL, 32UL, 0UL, 0UL, 0UL, 0UL }; // "ip" "ah" "eigrp" "esp" "gre" "igmp" "igrp" "ipinip" "ipsec" "nos" "ospf" // "pcp" "pim" "pptp" "snp" INT_CONST const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_7(_tokenSet_7_data_,6); -const unsigned long PIXCfgParser::_tokenSet_8_data_[] = { 134222706UL, 703596033UL, 8503420UL, 12288UL, 0UL, 0UL, 0UL, 0UL }; -// EOF NEWLINE "quit" "ip" "names" "name" WORD OBJECT "range" "destination" +const unsigned long PIXCfgParser::_tokenSet_8_data_[] = { 268445554UL, 1407191056UL, 3690987520UL, 8316UL, 12UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// EOF NEWLINE "quit" "ip" "timeout" "names" "name" WORD OBJECT "icmp" // OBJECT_GROUP "crypto" "no" "certificate" "PIX" "ASA" "hostname" "access-list" -// "eq" "gt" "lt" "neq" "interface" "controller" LINE_COMMENT "exit" "nameif" -// "access-group" COLON_COMMENT -const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_8(_tokenSet_8_data_,8); -const unsigned long PIXCfgParser::_tokenSet_9_data_[] = { 2281707378UL, 703596033UL, 8518652UL, 12288UL, 0UL, 0UL, 0UL, 0UL }; -// EOF NEWLINE "quit" "ip" "names" "name" IPV4 WORD OBJECT "host" "range" -// "destination" OBJECT_GROUP "crypto" "no" "certificate" "PIX" "ASA" "hostname" -// "access-list" "eq" "gt" "lt" "neq" "interface" "any" "log" "log-input" -// "established" "fragments" "time-range" "controller" LINE_COMMENT "exit" -// "nameif" "access-group" COLON_COMMENT -const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_9(_tokenSet_9_data_,8); -const unsigned long PIXCfgParser::_tokenSet_10_data_[] = { 16UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// "ssh" "telnet" "interface" "log" "log-input" "fragments" "time-range" +// "controller" LINE_COMMENT "exit" "nameif" "access-group" COLON_COMMENT +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_8(_tokenSet_8_data_,12); +const unsigned long PIXCfgParser::_tokenSet_9_data_[] = { 268445554UL, 1407192082UL, 532676608UL, 8304UL, 12UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// EOF NEWLINE "quit" "ip" "timeout" "names" "name" WORD OBJECT "range" +// "icmp" "destination" OBJECT_GROUP "crypto" "no" "certificate" "PIX" +// "ASA" "hostname" "access-list" "eq" "gt" "lt" "neq" "ssh" "telnet" "interface" +// "controller" LINE_COMMENT "exit" "nameif" "access-group" COLON_COMMENT +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_9(_tokenSet_9_data_,12); +const unsigned long PIXCfgParser::_tokenSet_10_data_[] = { 268447602UL, 1407192083UL, 4290772992UL, 8318UL, 12UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// EOF NEWLINE "quit" "ip" "timeout" "names" "name" IPV4 WORD OBJECT "host" +// "range" "icmp" "destination" OBJECT_GROUP "crypto" "no" "certificate" +// "PIX" "ASA" "hostname" "access-list" "eq" "gt" "lt" "neq" "ssh" "telnet" +// "interface" "any" "log" "log-input" "established" "fragments" "time-range" +// "controller" LINE_COMMENT "exit" "nameif" "access-group" COLON_COMMENT +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_10(_tokenSet_10_data_,12); +const unsigned long PIXCfgParser::_tokenSet_11_data_[] = { 16UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // NEWLINE -const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_10(_tokenSet_10_data_,6); -const unsigned long PIXCfgParser::_tokenSet_11_data_[] = { 2281706512UL, 1041UL, 15356UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// NEWLINE IPV4 WORD OBJECT "host" "range" INT_CONST OBJECT_GROUP "eq" +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_11(_tokenSet_11_data_,6); +const unsigned long PIXCfgParser::_tokenSet_12_data_[] = { 268445712UL, 2083UL, 4093640696UL, 14UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE IPV4 WORD OBJECT "host" "range" INT_CONST OBJECT_GROUP "alternate-address" +// "conversion-error" "echo" "echo-reply" "information-reply" "information-request" +// "mask-reply" "mask-request" "mobile-redirect" "parameter-problem" "redirect" +// "router-advertisement" "router-solicitation" "source-quench" "time-exceeded" +// "timestamp-reply" "timestamp-request" "traceroute" "unreachable" "eq" // "gt" "lt" "neq" "interface" "any" "log" "log-input" "established" "fragments" // "time-range" -const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_11(_tokenSet_11_data_,8); -const unsigned long PIXCfgParser::_tokenSet_12_data_[] = { 2281702400UL, 1024UL, 192UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// IPV4 OBJECT "host" OBJECT_GROUP "interface" "any" const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_12(_tokenSet_12_data_,8); -const unsigned long PIXCfgParser::_tokenSet_13_data_[] = { 16UL, 0UL, 4864UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// NEWLINE "log" "log-input" "fragments" +const unsigned long PIXCfgParser::_tokenSet_13_data_[] = { 268437504UL, 2049UL, 805306368UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// IPV4 OBJECT "host" OBJECT_GROUP "interface" "any" const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_13(_tokenSet_13_data_,8); -const unsigned long PIXCfgParser::_tokenSet_14_data_[] = { 16UL, 0UL, 768UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// NEWLINE "log" "log-input" +const unsigned long PIXCfgParser::_tokenSet_14_data_[] = { 16UL, 0UL, 3221225472UL, 4UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE "log" "log-input" "fragments" const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_14(_tokenSet_14_data_,8); -const unsigned long PIXCfgParser::_tokenSet_15_data_[] = { 16UL, 0UL, 13056UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// NEWLINE "log" "log-input" "fragments" "time-range" +const unsigned long PIXCfgParser::_tokenSet_15_data_[] = { 16UL, 0UL, 3221225472UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE "log" "log-input" const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_15(_tokenSet_15_data_,8); -const unsigned long PIXCfgParser::_tokenSet_16_data_[] = { 134222864UL, 1025UL, 15164UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +const unsigned long PIXCfgParser::_tokenSet_16_data_[] = { 16UL, 0UL, 3221225472UL, 12UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE "log" "log-input" "fragments" "time-range" +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_16(_tokenSet_16_data_,8); +const unsigned long PIXCfgParser::_tokenSet_17_data_[] = { 268445712UL, 2050UL, 3284140032UL, 14UL, 0UL, 0UL, 0UL, 0UL }; // NEWLINE IPV4 WORD OBJECT "range" OBJECT_GROUP "eq" "gt" "lt" "neq" "log" // "log-input" "established" "fragments" "time-range" -const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_16(_tokenSet_16_data_,8); -const unsigned long PIXCfgParser::_tokenSet_17_data_[] = { 0UL, 1UL, 60UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// "range" "eq" "gt" "lt" "neq" const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_17(_tokenSet_17_data_,8); -const unsigned long PIXCfgParser::_tokenSet_18_data_[] = { 134217744UL, 1025UL, 15164UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +const unsigned long PIXCfgParser::_tokenSet_18_data_[] = { 0UL, 2UL, 62914560UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// "range" "eq" "gt" "lt" "neq" +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_18(_tokenSet_18_data_,8); +const unsigned long PIXCfgParser::_tokenSet_19_data_[] = { 8192UL, 32UL, 201326592UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// WORD INT_CONST "ssh" "telnet" +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_19(_tokenSet_19_data_,8); +const unsigned long PIXCfgParser::_tokenSet_20_data_[] = { 268435472UL, 2050UL, 3284140032UL, 14UL, 0UL, 0UL, 0UL, 0UL }; // NEWLINE OBJECT "range" OBJECT_GROUP "eq" "gt" "lt" "neq" "log" "log-input" // "established" "fragments" "time-range" -const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_18(_tokenSet_18_data_,8); -const unsigned long PIXCfgParser::_tokenSet_19_data_[] = { 134222706UL, 703595537UL, 8518524UL, 12288UL, 0UL, 0UL, 0UL, 0UL }; -// EOF NEWLINE "quit" "ip" "names" "name" WORD OBJECT "range" INT_CONST -// OBJECT_GROUP "crypto" "no" "certificate" "PIX" "ASA" "hostname" "access-list" -// "eq" "gt" "lt" "neq" "interface" "log" "log-input" "established" "fragments" +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_20(_tokenSet_20_data_,8); +const unsigned long PIXCfgParser::_tokenSet_21_data_[] = { 268445554UL, 1407191090UL, 3753902080UL, 8318UL, 12UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// EOF NEWLINE "quit" "ip" "timeout" "names" "name" WORD OBJECT "range" +// "icmp" INT_CONST OBJECT_GROUP "crypto" "no" "certificate" "PIX" "ASA" +// "hostname" "access-list" "eq" "gt" "lt" "neq" "ssh" "telnet" "interface" +// "log" "log-input" "established" "fragments" "time-range" "controller" +// LINE_COMMENT "exit" "nameif" "access-group" COLON_COMMENT +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_21(_tokenSet_21_data_,12); +const unsigned long PIXCfgParser::_tokenSet_22_data_[] = { 268445554UL, 1407191088UL, 3690987520UL, 8316UL, 12UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// EOF NEWLINE "quit" "ip" "timeout" "names" "name" WORD OBJECT "icmp" +// INT_CONST OBJECT_GROUP "crypto" "no" "certificate" "PIX" "ASA" "hostname" +// "access-list" "ssh" "telnet" "interface" "log" "log-input" "fragments" // "time-range" "controller" LINE_COMMENT "exit" "nameif" "access-group" // COLON_COMMENT -const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_19(_tokenSet_19_data_,8); -const unsigned long PIXCfgParser::_tokenSet_20_data_[] = { 134222706UL, 703595536UL, 8516416UL, 12288UL, 0UL, 0UL, 0UL, 0UL }; -// EOF NEWLINE "quit" "ip" "names" "name" WORD OBJECT INT_CONST OBJECT_GROUP -// "crypto" "no" "certificate" "PIX" "ASA" "hostname" "access-list" "interface" -// "log" "log-input" "fragments" "time-range" "controller" LINE_COMMENT -// "exit" "nameif" "access-group" COLON_COMMENT -const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_20(_tokenSet_20_data_,8); -const unsigned long PIXCfgParser::_tokenSet_21_data_[] = { 2281702400UL, 1025UL, 252UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_22(_tokenSet_22_data_,12); +const unsigned long PIXCfgParser::_tokenSet_23_data_[] = { 268437504UL, 2051UL, 868220928UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // IPV4 OBJECT "host" "range" OBJECT_GROUP "eq" "gt" "lt" "neq" "interface" // "any" -const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_21(_tokenSet_21_data_,8); -const unsigned long PIXCfgParser::_tokenSet_22_data_[] = { 134222864UL, 1041UL, 15164UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_23(_tokenSet_23_data_,8); +const unsigned long PIXCfgParser::_tokenSet_24_data_[] = { 268445712UL, 2082UL, 3485466624UL, 14UL, 0UL, 0UL, 0UL, 0UL }; // NEWLINE IPV4 WORD OBJECT "range" INT_CONST OBJECT_GROUP "eq" "gt" "lt" -// "neq" "log" "log-input" "established" "fragments" "time-range" -const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_22(_tokenSet_22_data_,8); -const unsigned long PIXCfgParser::_tokenSet_23_data_[] = { 1094844480UL, 2097152UL, 4286578688UL, 575UL, 0UL, 0UL, 0UL, 0UL }; +// "neq" "ssh" "telnet" "log" "log-input" "established" "fragments" "time-range" +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_24(_tokenSet_24_data_,8); +const unsigned long PIXCfgParser::_tokenSet_25_data_[] = { 268447602UL, 1407192115UL, 4290772992UL, 8318UL, 12UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// EOF NEWLINE "quit" "ip" "timeout" "names" "name" IPV4 WORD OBJECT "host" +// "range" "icmp" INT_CONST "destination" OBJECT_GROUP "crypto" "no" "certificate" +// "PIX" "ASA" "hostname" "access-list" "eq" "gt" "lt" "neq" "ssh" "telnet" +// "interface" "any" "log" "log-input" "established" "fragments" "time-range" +// "controller" LINE_COMMENT "exit" "nameif" "access-group" COLON_COMMENT +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_25(_tokenSet_25_data_,12); +const unsigned long PIXCfgParser::_tokenSet_26_data_[] = { 2189688896UL, 4194304UL, 0UL, 2415910912UL, 0UL, 0UL, 0UL, 0UL }; // "ip" "igmp" "ospf" "pim" "description" "no" "nameif" "vlan" "speed" // "duplex" "ddns" "forward" "delay" "hold-time" "ipv6" "mac-address" "multicast" // PPPOE "rip" "security-level" "shutdown" "switchport" -const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_23(_tokenSet_23_data_,8); -const unsigned long PIXCfgParser::_tokenSet_24_data_[] = { 1094844480UL, 2097152UL, 4286676992UL, 575UL, 0UL, 0UL, 0UL, 0UL }; +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_26(_tokenSet_26_data_,8); +const unsigned long PIXCfgParser::_tokenSet_27_data_[] = { 2189688896UL, 4194304UL, 0UL, 2415911008UL, 0UL, 0UL, 0UL, 0UL }; // "ip" "igmp" "ospf" "pim" "description" "no" LINE_COMMENT "exit" "nameif" // "vlan" "speed" "duplex" "ddns" "forward" "delay" "hold-time" "ipv6" // "mac-address" "multicast" PPPOE "rip" "security-level" "shutdown" "switchport" -const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_24(_tokenSet_24_data_,8); +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_27(_tokenSet_27_data_,8); +const unsigned long PIXCfgParser::_tokenSet_28_data_[] = { 8192UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// WORD +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_28(_tokenSet_28_data_,6); diff --git a/src/parsers/PIXCfgParser.hpp b/src/parsers/PIXCfgParser.hpp index 1b8304cbd..d9741b707 100644 --- a/src/parsers/PIXCfgParser.hpp +++ b/src/parsers/PIXCfgParser.hpp @@ -38,7 +38,7 @@ class CUSTOM_API PIXCfgParser : public ANTLR_USE_NAMESPACE(antlr)LLkParser, publ // additional methods and members public: - + std::ostream *dbg; PIXImporter *importer; @@ -98,6 +98,9 @@ public: public: void nameif_top_level(); public: void controller(); public: void access_list_commands(); + public: void ssh_command(); + public: void telnet_command(); + public: void icmp_top_level_command(); public: void access_group(); public: void exit(); public: void certificate(); @@ -113,6 +116,7 @@ public: public: void object_group_icmp_8_3(); public: void crypto(); public: void no_commands(); + public: void timeout_command(); public: void unknown_command(); public: void ip_protocol_names(); public: void named_object_network_parameters(); @@ -127,6 +131,7 @@ public: public: void service_tcp_udp(); public: void service_other(); public: void service_unknown(); + public: void icmp_names(); public: void src_port_spec(); public: void dst_port_spec(); public: void xoperator(); @@ -164,6 +169,7 @@ public: public: void single_port_op(); public: void port_range(); public: void port_spec(); + public: void tcp_udp_port_spec(); public: void pair_of_ports_spec(); public: void interface_command_6(); public: void interface_command_7(); @@ -184,6 +190,7 @@ public: public: void v6_static_address(); public: void v7_dhcp_address(); public: void v7_static_address(); + public: void icmp_types_for_icmp_command(); public: ANTLR_USE_NAMESPACE(antlr)RefAST getAST() { @@ -195,10 +202,10 @@ protected: private: static const char* tokenNames[]; #ifndef NO_STATIC_CONSTS - static const int NUM_TOKENS = 146; + static const int NUM_TOKENS = 168; #else enum { - NUM_TOKENS = 146 + NUM_TOKENS = 168 }; #endif @@ -252,6 +259,14 @@ private: static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_23; static const unsigned long _tokenSet_24_data_[]; static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_24; + static const unsigned long _tokenSet_25_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_25; + static const unsigned long _tokenSet_26_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_26; + static const unsigned long _tokenSet_27_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_27; + static const unsigned long _tokenSet_28_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_28; }; #endif /*INC_PIXCfgParser_hpp_*/ diff --git a/src/parsers/PIXCfgParserTokenTypes.hpp b/src/parsers/PIXCfgParserTokenTypes.hpp index 6a0b59fea..7da25c2c1 100644 --- a/src/parsers/PIXCfgParserTokenTypes.hpp +++ b/src/parsers/PIXCfgParserTokenTypes.hpp @@ -16,144 +16,166 @@ struct CUSTOM_API PIXCfgParserTokenTypes { QUIT = 5, IP = 6, COMMUNITY_LIST = 7, - NAMES = 8, - NAME = 9, - IPV4 = 10, - IPV6 = 11, - WORD = 12, - AH = 13, - EIGRP = 14, - ESP = 15, - GRE = 16, - IGMP = 17, - IGRP = 18, - IPINIP = 19, - IPSEC = 20, - NOS = 21, - OSPF = 22, - PCP = 23, - PIM = 24, - PPTP = 25, - SNP = 26, - OBJECT = 27, - NETWORK = 28, - NAT = 29, - DESCRIPTION = 30, - HOST = 31, - RANGE = 32, - SUBNET = 33, - SERVICE = 34, - ICMP = 35, - INT_CONST = 36, - ICMP6 = 37, - TCP = 38, - UDP = 39, - SOURCE = 40, - DESTINATION = 41, - OBJECT_GROUP = 42, - GROUP_OBJECT = 43, - NETWORK_OBJECT = 44, - PROTOCOL = 45, - PROTOCOL_OBJECT = 46, - ICMP_OBJECT = 47, - ICMP_TYPE = 48, - TCP_UDP = 49, - SERVICE_OBJECT = 50, - PORT_OBJECT = 51, - CRYPTO = 52, - NO = 53, - CERTIFICATE = 54, - PIX_WORD = 55, - ASA_WORD = 56, - VERSION_WORD = 57, - NUMBER = 58, - HOSTNAME = 59, - STRING = 60, - ACCESS_LIST = 61, - EXTENDED = 62, - PERMIT = 63, - DENY = 64, - STANDARD = 65, - P_EQ = 66, - P_GT = 67, - P_LT = 68, - P_NEQ = 69, - INTRFACE = 70, - ANY = 71, - LOG = 72, - LOG_INPUT = 73, - INTERVAL = 74, - ESTABLISHED = 75, - FRAGMENTS = 76, - TIME_RANGE = 77, - CONTROLLER = 78, - LINE_COMMENT = 79, - EXIT = 80, - AUI = 81, - AUTO = 82, - BNC = 83, - FULL = 84, - BASET = 85, - BASETX = 86, - NAMEIF = 87, - VLAN = 88, - SPEED = 89, - DUPLEX = 90, - DDNS = 91, - FORWARD = 92, - DELAY = 93, - HOLD_TIME = 94, - IPV6_C = 95, - MAC_ADDRESS = 96, - MULTICAST = 97, - PPPOE = 98, - RIP = 99, - SEC_LEVEL = 100, - SHUTDOWN = 101, - ADDRESS = 102, - DHCP = 103, - STANDBY = 104, - SWITCHPORT = 105, - ACCESS = 106, - REMARK = 107, - ACCESS_GROUP = 108, - COLON_COMMENT = 109, - SECONDARY = 110, - SETROUTE = 111, - Whitespace = 112, - HEX_CONST = 113, - NEG_INT_CONST = 114, - DIGIT = 115, - HEXDIGIT = 116, - NUMBER_ADDRESS_OR_WORD = 117, - PIPE_CHAR = 118, - NUMBER_SIGN = 119, - PERCENT = 120, - AMPERSAND = 121, - APOSTROPHE = 122, - OPENING_PAREN = 123, - CLOSING_PAREN = 124, - STAR = 125, - PLUS = 126, - COMMA = 127, - MINUS = 128, - DOT = 129, - SLASH = 130, - COLON = 131, - SEMICOLON = 132, - LESS_THAN = 133, - EQUALS = 134, - GREATER_THAN = 135, - QUESTION = 136, - COMMERCIAL_AT = 137, - OPENING_SQUARE = 138, - CLOSING_SQUARE = 139, - CARET = 140, - UNDERLINE = 141, - OPENING_BRACE = 142, - CLOSING_BRACE = 143, - TILDE = 144, - EXLAMATION = 145, + TIMEOUT = 8, + NAMES = 9, + NAME = 10, + IPV4 = 11, + IPV6 = 12, + WORD = 13, + AH = 14, + EIGRP = 15, + ESP = 16, + GRE = 17, + IGMP = 18, + IGRP = 19, + IPINIP = 20, + IPSEC = 21, + NOS = 22, + OSPF = 23, + PCP = 24, + PIM = 25, + PPTP = 26, + SNP = 27, + OBJECT = 28, + NETWORK = 29, + NAT = 30, + DESCRIPTION = 31, + HOST = 32, + RANGE = 33, + SUBNET = 34, + SERVICE = 35, + ICMP = 36, + INT_CONST = 37, + ICMP6 = 38, + TCP = 39, + UDP = 40, + SOURCE = 41, + DESTINATION = 42, + OBJECT_GROUP = 43, + GROUP_OBJECT = 44, + NETWORK_OBJECT = 45, + PROTOCOL = 46, + PROTOCOL_OBJECT = 47, + ICMP_OBJECT = 48, + ICMP_TYPE = 49, + TCP_UDP = 50, + SERVICE_OBJECT = 51, + PORT_OBJECT = 52, + CRYPTO = 53, + NO = 54, + CERTIFICATE = 55, + PIX_WORD = 56, + ASA_WORD = 57, + VERSION_WORD = 58, + NUMBER = 59, + HOSTNAME = 60, + STRING = 61, + ACCESS_LIST = 62, + EXTENDED = 63, + PERMIT = 64, + DENY = 65, + STANDARD = 66, + ALTERNATE_ADDRESS = 67, + CONVERSION_ERROR = 68, + ECHO = 69, + ECHO_REPLY = 70, + INFORMATION_REPLY = 71, + INFORMATION_REQUEST = 72, + MASK_REPLY = 73, + MASK_REQUEST = 74, + MOBILE_REDIRECT = 75, + PARAMETER_PROBLEM = 76, + REDIRECT = 77, + ROUTER_ADVERTISEMENT = 78, + ROUTER_SOLICITATION = 79, + SOURCE_QUENCH = 80, + TIME_EXCEEDED = 81, + TIMESTAMP_REPLY = 82, + TIMESTAMP_REQUEST = 83, + TRACEROUTE = 84, + UNREACHABLE = 85, + P_EQ = 86, + P_GT = 87, + P_LT = 88, + P_NEQ = 89, + SSH = 90, + TELNET = 91, + INTRFACE = 92, + ANY = 93, + LOG = 94, + LOG_INPUT = 95, + INTERVAL = 96, + ESTABLISHED = 97, + FRAGMENTS = 98, + TIME_RANGE = 99, + CONTROLLER = 100, + LINE_COMMENT = 101, + EXIT = 102, + AUI = 103, + AUTO = 104, + BNC = 105, + FULL = 106, + BASET = 107, + BASETX = 108, + NAMEIF = 109, + VLAN = 110, + SPEED = 111, + DUPLEX = 112, + DDNS = 113, + FORWARD = 114, + DELAY = 115, + HOLD_TIME = 116, + IPV6_C = 117, + MAC_ADDRESS = 118, + MULTICAST = 119, + PPPOE = 120, + RIP = 121, + SEC_LEVEL = 122, + SHUTDOWN = 123, + ADDRESS = 124, + DHCP = 125, + STANDBY = 126, + SWITCHPORT = 127, + ACCESS = 128, + REMARK = 129, + ACCESS_GROUP = 130, + COLON_COMMENT = 131, + SECONDARY = 132, + SETROUTE = 133, + Whitespace = 134, + HEX_CONST = 135, + NEG_INT_CONST = 136, + DIGIT = 137, + HEXDIGIT = 138, + NUMBER_ADDRESS_OR_WORD = 139, + PIPE_CHAR = 140, + NUMBER_SIGN = 141, + PERCENT = 142, + AMPERSAND = 143, + APOSTROPHE = 144, + OPENING_PAREN = 145, + CLOSING_PAREN = 146, + STAR = 147, + PLUS = 148, + COMMA = 149, + MINUS = 150, + DOT = 151, + SLASH = 152, + COLON = 153, + SEMICOLON = 154, + LESS_THAN = 155, + EQUALS = 156, + GREATER_THAN = 157, + QUESTION = 158, + COMMERCIAL_AT = 159, + OPENING_SQUARE = 160, + CLOSING_SQUARE = 161, + CARET = 162, + UNDERLINE = 163, + OPENING_BRACE = 164, + CLOSING_BRACE = 165, + TILDE = 166, + EXLAMATION = 167, NULL_TREE_LOOKAHEAD = 3 }; #ifdef __cplusplus diff --git a/src/parsers/PIXCfgParserTokenTypes.txt b/src/parsers/PIXCfgParserTokenTypes.txt index 9bd1a5e2a..87ad420aa 100644 --- a/src/parsers/PIXCfgParserTokenTypes.txt +++ b/src/parsers/PIXCfgParserTokenTypes.txt @@ -4,141 +4,163 @@ NEWLINE=4 QUIT="quit"=5 IP="ip"=6 COMMUNITY_LIST="community-list"=7 -NAMES="names"=8 -NAME="name"=9 -IPV4=10 -IPV6=11 -WORD=12 -AH="ah"=13 -EIGRP="eigrp"=14 -ESP="esp"=15 -GRE="gre"=16 -IGMP="igmp"=17 -IGRP="igrp"=18 -IPINIP="ipinip"=19 -IPSEC="ipsec"=20 -NOS="nos"=21 -OSPF="ospf"=22 -PCP="pcp"=23 -PIM="pim"=24 -PPTP="pptp"=25 -SNP="snp"=26 -OBJECT=27 -NETWORK="network"=28 -NAT="nat"=29 -DESCRIPTION="description"=30 -HOST="host"=31 -RANGE="range"=32 -SUBNET="subnet"=33 -SERVICE="service"=34 -ICMP="icmp"=35 -INT_CONST=36 -ICMP6="icmp6"=37 -TCP="tcp"=38 -UDP="udp"=39 -SOURCE="source"=40 -DESTINATION="destination"=41 -OBJECT_GROUP=42 -GROUP_OBJECT="group-object"=43 -NETWORK_OBJECT="network-object"=44 -PROTOCOL="protocol"=45 -PROTOCOL_OBJECT="protocol-object"=46 -ICMP_OBJECT="icmp-object"=47 -ICMP_TYPE="icmp-type"=48 -TCP_UDP="tcp-udp"=49 -SERVICE_OBJECT="service-object"=50 -PORT_OBJECT="port-object"=51 -CRYPTO="crypto"=52 -NO="no"=53 -CERTIFICATE="certificate"=54 -PIX_WORD="PIX"=55 -ASA_WORD="ASA"=56 -VERSION_WORD="Version"=57 -NUMBER=58 -HOSTNAME="hostname"=59 -STRING=60 -ACCESS_LIST="access-list"=61 -EXTENDED="extended"=62 -PERMIT="permit"=63 -DENY="deny"=64 -STANDARD="standard"=65 -P_EQ="eq"=66 -P_GT="gt"=67 -P_LT="lt"=68 -P_NEQ="neq"=69 -INTRFACE="interface"=70 -ANY="any"=71 -LOG="log"=72 -LOG_INPUT="log-input"=73 -INTERVAL="interval"=74 -ESTABLISHED="established"=75 -FRAGMENTS="fragments"=76 -TIME_RANGE="time-range"=77 -CONTROLLER="controller"=78 -LINE_COMMENT=79 -EXIT="exit"=80 -AUI="aui"=81 -AUTO="auto"=82 -BNC="bnc"=83 -FULL="full"=84 -BASET="baseT"=85 -BASETX="baseTX"=86 -NAMEIF="nameif"=87 -VLAN="vlan"=88 -SPEED="speed"=89 -DUPLEX="duplex"=90 -DDNS="ddns"=91 -FORWARD="forward"=92 -DELAY="delay"=93 -HOLD_TIME="hold-time"=94 -IPV6_C="ipv6"=95 -MAC_ADDRESS="mac-address"=96 -MULTICAST="multicast"=97 -PPPOE=98 -RIP="rip"=99 -SEC_LEVEL="security-level"=100 -SHUTDOWN="shutdown"=101 -ADDRESS="address"=102 -DHCP="dhcp"=103 -STANDBY="standby"=104 -SWITCHPORT="switchport"=105 -ACCESS="access"=106 -REMARK="remark"=107 -ACCESS_GROUP="access-group"=108 -COLON_COMMENT=109 -SECONDARY="secondary"=110 -SETROUTE="setroute"=111 -Whitespace=112 -HEX_CONST=113 -NEG_INT_CONST=114 -DIGIT=115 -HEXDIGIT=116 -NUMBER_ADDRESS_OR_WORD=117 -PIPE_CHAR=118 -NUMBER_SIGN=119 -PERCENT=120 -AMPERSAND=121 -APOSTROPHE=122 -OPENING_PAREN=123 -CLOSING_PAREN=124 -STAR=125 -PLUS=126 -COMMA=127 -MINUS=128 -DOT=129 -SLASH=130 -COLON=131 -SEMICOLON=132 -LESS_THAN=133 -EQUALS=134 -GREATER_THAN=135 -QUESTION=136 -COMMERCIAL_AT=137 -OPENING_SQUARE=138 -CLOSING_SQUARE=139 -CARET=140 -UNDERLINE=141 -OPENING_BRACE=142 -CLOSING_BRACE=143 -TILDE=144 -EXLAMATION=145 +TIMEOUT="timeout"=8 +NAMES="names"=9 +NAME="name"=10 +IPV4=11 +IPV6=12 +WORD=13 +AH="ah"=14 +EIGRP="eigrp"=15 +ESP="esp"=16 +GRE="gre"=17 +IGMP="igmp"=18 +IGRP="igrp"=19 +IPINIP="ipinip"=20 +IPSEC="ipsec"=21 +NOS="nos"=22 +OSPF="ospf"=23 +PCP="pcp"=24 +PIM="pim"=25 +PPTP="pptp"=26 +SNP="snp"=27 +OBJECT=28 +NETWORK="network"=29 +NAT="nat"=30 +DESCRIPTION="description"=31 +HOST="host"=32 +RANGE="range"=33 +SUBNET="subnet"=34 +SERVICE="service"=35 +ICMP="icmp"=36 +INT_CONST=37 +ICMP6="icmp6"=38 +TCP="tcp"=39 +UDP="udp"=40 +SOURCE="source"=41 +DESTINATION="destination"=42 +OBJECT_GROUP=43 +GROUP_OBJECT="group-object"=44 +NETWORK_OBJECT="network-object"=45 +PROTOCOL="protocol"=46 +PROTOCOL_OBJECT="protocol-object"=47 +ICMP_OBJECT="icmp-object"=48 +ICMP_TYPE="icmp-type"=49 +TCP_UDP="tcp-udp"=50 +SERVICE_OBJECT="service-object"=51 +PORT_OBJECT="port-object"=52 +CRYPTO="crypto"=53 +NO="no"=54 +CERTIFICATE="certificate"=55 +PIX_WORD="PIX"=56 +ASA_WORD="ASA"=57 +VERSION_WORD="Version"=58 +NUMBER=59 +HOSTNAME="hostname"=60 +STRING=61 +ACCESS_LIST="access-list"=62 +EXTENDED="extended"=63 +PERMIT="permit"=64 +DENY="deny"=65 +STANDARD="standard"=66 +ALTERNATE_ADDRESS="alternate-address"=67 +CONVERSION_ERROR="conversion-error"=68 +ECHO="echo"=69 +ECHO_REPLY="echo-reply"=70 +INFORMATION_REPLY="information-reply"=71 +INFORMATION_REQUEST="information-request"=72 +MASK_REPLY="mask-reply"=73 +MASK_REQUEST="mask-request"=74 +MOBILE_REDIRECT="mobile-redirect"=75 +PARAMETER_PROBLEM="parameter-problem"=76 +REDIRECT="redirect"=77 +ROUTER_ADVERTISEMENT="router-advertisement"=78 +ROUTER_SOLICITATION="router-solicitation"=79 +SOURCE_QUENCH="source-quench"=80 +TIME_EXCEEDED="time-exceeded"=81 +TIMESTAMP_REPLY="timestamp-reply"=82 +TIMESTAMP_REQUEST="timestamp-request"=83 +TRACEROUTE="traceroute"=84 +UNREACHABLE="unreachable"=85 +P_EQ="eq"=86 +P_GT="gt"=87 +P_LT="lt"=88 +P_NEQ="neq"=89 +SSH="ssh"=90 +TELNET="telnet"=91 +INTRFACE="interface"=92 +ANY="any"=93 +LOG="log"=94 +LOG_INPUT="log-input"=95 +INTERVAL="interval"=96 +ESTABLISHED="established"=97 +FRAGMENTS="fragments"=98 +TIME_RANGE="time-range"=99 +CONTROLLER="controller"=100 +LINE_COMMENT=101 +EXIT="exit"=102 +AUI="aui"=103 +AUTO="auto"=104 +BNC="bnc"=105 +FULL="full"=106 +BASET="baseT"=107 +BASETX="baseTX"=108 +NAMEIF="nameif"=109 +VLAN="vlan"=110 +SPEED="speed"=111 +DUPLEX="duplex"=112 +DDNS="ddns"=113 +FORWARD="forward"=114 +DELAY="delay"=115 +HOLD_TIME="hold-time"=116 +IPV6_C="ipv6"=117 +MAC_ADDRESS="mac-address"=118 +MULTICAST="multicast"=119 +PPPOE=120 +RIP="rip"=121 +SEC_LEVEL="security-level"=122 +SHUTDOWN="shutdown"=123 +ADDRESS="address"=124 +DHCP="dhcp"=125 +STANDBY="standby"=126 +SWITCHPORT="switchport"=127 +ACCESS="access"=128 +REMARK="remark"=129 +ACCESS_GROUP="access-group"=130 +COLON_COMMENT=131 +SECONDARY="secondary"=132 +SETROUTE="setroute"=133 +Whitespace=134 +HEX_CONST=135 +NEG_INT_CONST=136 +DIGIT=137 +HEXDIGIT=138 +NUMBER_ADDRESS_OR_WORD=139 +PIPE_CHAR=140 +NUMBER_SIGN=141 +PERCENT=142 +AMPERSAND=143 +APOSTROPHE=144 +OPENING_PAREN=145 +CLOSING_PAREN=146 +STAR=147 +PLUS=148 +COMMA=149 +MINUS=150 +DOT=151 +SLASH=152 +COLON=153 +SEMICOLON=154 +LESS_THAN=155 +EQUALS=156 +GREATER_THAN=157 +QUESTION=158 +COMMERCIAL_AT=159 +OPENING_SQUARE=160 +CLOSING_SQUARE=161 +CARET=162 +UNDERLINE=163 +OPENING_BRACE=164 +CLOSING_BRACE=165 +TILDE=166 +EXLAMATION=167 diff --git a/src/parsers/pix.g b/src/parsers/pix.g index eb7a7e139..e18fabf12 100644 --- a/src/parsers/pix.g +++ b/src/parsers/pix.g @@ -1,4 +1,4 @@ -/* +/* Firewall Builder @@ -15,7 +15,7 @@ but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + To get a copy of the GNU General Public License, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA @@ -82,7 +82,7 @@ options // additional methods and members public: - + std::ostream *dbg; PIXImporter *importer; @@ -119,7 +119,7 @@ cfgfile : | community_list_command | - unknown_ip_command + unknown_ip_command | intrface | @@ -128,6 +128,12 @@ cfgfile : controller | access_list_commands + | + ssh_command + | + telnet_command + | + icmp_top_level_command | access_group | @@ -158,6 +164,8 @@ cfgfile : crypto | no_commands + | + timeout_command | unknown_command | @@ -173,7 +181,14 @@ quit : QUIT ; //**************************************************************** -community_list_command : IP COMMUNITY_LIST +community_list_command : IP COMMUNITY_LIST + { + consumeUntil(NEWLINE); + } + ; + +//**************************************************************** +timeout_command : TIMEOUT { consumeUntil(NEWLINE); } @@ -237,7 +252,7 @@ named_object_network : OBJECT NETWORK name:WORD )* ; -named_object_network_parameters : +named_object_network_parameters : ( named_object_nat | @@ -246,7 +261,7 @@ named_object_network_parameters : range_addr | subnet_addr - | + | named_object_description ) ; @@ -361,7 +376,7 @@ named_object_service_parameters : | named_object_description ) - ; + ; service_icmp : SERVICE ICMP ( @@ -369,9 +384,10 @@ service_icmp : SERVICE ICMP { importer->icmp_type = LT(0)->getText(); } - | icmp_word:WORD + | + icmp_names { - importer->icmp_spec = icmp_word->getText(); + importer->icmp_spec = LT(0)->getText(); } ) { @@ -461,7 +477,7 @@ object_group_network : OBJECT_GROUP NETWORK name:WORD )+ ; -object_group_network_parameters : +object_group_network_parameters : NEWLINE ( object_group_description @@ -559,7 +575,7 @@ object_group_protocol : OBJECT_GROUP PROTOCOL name:WORD )+ ; -object_group_protocol_parameters : +object_group_protocol_parameters : NEWLINE ( object_group_description @@ -627,7 +643,7 @@ object_group_icmp_8_3 : OBJECT_GROUP ICMP_TYPE name:WORD )* ; -object_group_icmp_parameters : +object_group_icmp_parameters : NEWLINE ( object_group_description @@ -649,9 +665,10 @@ icmp_object : ICMP_OBJECT { importer->icmp_type = LT(0)->getText(); } - | icmp_word:WORD + | + icmp_names { - importer->icmp_spec = icmp_word->getText(); + importer->icmp_spec = LT(0)->getText(); } ) { @@ -685,7 +702,7 @@ object_group_service : OBJECT_GROUP SERVICE name:WORD ( tcp:TCP | udp:UDP | tcpu )+ ; -object_group_service_parameters : +object_group_service_parameters : NEWLINE ( object_group_description @@ -729,9 +746,10 @@ service_object : SERVICE_OBJECT { importer->icmp_type = LT(0)->getText(); } - | icmp_word:WORD + | + icmp_names { - importer->icmp_spec = icmp_word->getText(); + importer->icmp_spec = LT(0)->getText(); } ) { @@ -764,21 +782,21 @@ crypto : CRYPTO ; //**************************************************************** -unknown_ip_command : IP WORD +unknown_ip_command : IP WORD { consumeUntil(NEWLINE); } ; //**************************************************************** -unknown_command : WORD +unknown_command : WORD { consumeUntil(NEWLINE); } ; //**************************************************************** -no_commands : NO +no_commands : NO { *dbg << " TOP LEVEL \"NO\" COMMAND: " << LT(0)->getText() << std::endl; @@ -787,7 +805,7 @@ no_commands : NO ; //**************************************************************** -certificate : CERTIFICATE WORD +certificate : CERTIFICATE WORD { consumeUntil(NEWLINE); consumeUntil(QUIT); @@ -817,7 +835,7 @@ hostname : HOSTNAME ( STRING | WORD ) //**************************************************************** -access_list_commands : ACCESS_LIST name:WORD +access_list_commands : ACCESS_LIST name:WORD { importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); @@ -848,7 +866,7 @@ access_list_commands : ACCESS_LIST name:WORD ; //**************************************************************** -permit_extended: ( EXTENDED )? PERMIT +permit_extended: ( EXTENDED )? PERMIT { importer->setCurrentLineNumber(LT(0)->getLine()); importer->newPolicyRule(); @@ -874,7 +892,7 @@ deny_extended: ( EXTENDED )? DENY } ; -permit_standard: STANDARD PERMIT +permit_standard: STANDARD PERMIT { importer->setCurrentLineNumber(LT(0)->getLine()); importer->newPolicyRule(); @@ -904,7 +922,7 @@ deny_standard: STANDARD DENY // the difference between standard and extended acls should be in these rules // standard acl only matches destination address -rule_standard : +rule_standard : { importer->tmp_a = "0.0.0.0"; importer->tmp_nm = "0.0.0.0"; @@ -917,7 +935,7 @@ rule_standard : } ; -rule_extended : +rule_extended : ( ip_protocols hostaddr_expr { importer->SaveTmpAddrToSrc(); *dbg << "(src) "; } @@ -945,7 +963,7 @@ rule_extended : } ; -tcp_udp_rule_extended : +tcp_udp_rule_extended : ( TCP | UDP ) { importer->protocol = LT(0)->getText(); @@ -986,7 +1004,7 @@ tcp_udp_rule_extended : ) | // not "object-group" keyword after src address spec. - OBJECT dst_addr_name:WORD (acl_xoperator_dst)? (established)? + OBJECT dst_addr_name:WORD (acl_xoperator_dst)? (established)? { // looks like "object foo" at this point can only be dest addr. // (judging by cli prompts on 8.3) @@ -1015,7 +1033,7 @@ tcp_udp_rule_extended : //**************************************************************** -acl_tcp_udp_dst_port_spec : +acl_tcp_udp_dst_port_spec : ( // destination port spec. Can be blank, a named // object, object-group or inline @@ -1028,7 +1046,7 @@ acl_tcp_udp_dst_port_spec : *dbg << "dst port spec: " << dst_port_group_name->getText() << std::endl; } - (established)? + (established)? ) | // not "object-group" @@ -1038,12 +1056,12 @@ acl_tcp_udp_dst_port_spec : *dbg << "dst addr object " << dst_port_obj_name->getText() << std::endl; } - (established)? + (established)? | // if not object-group and object, then it can optionally // be regular inline port spec (acl_xoperator_dst)? - (established)? + (established)? ) ; @@ -1084,14 +1102,26 @@ icmp_spec : << icmp_code->getText() << " "; } | - icmp_word:WORD + icmp_names { - importer->icmp_spec = icmp_word->getText(); - *dbg << icmp_word->getText() << " "; + importer->icmp_spec = LT(0)->getText(); + *dbg << LT(0)->getText() << " "; } ) ; +icmp_names : + ( + ALTERNATE_ADDRESS | CONVERSION_ERROR | ECHO | + ECHO_REPLY | INFORMATION_REPLY | INFORMATION_REQUEST | + MASK_REPLY | MASK_REQUEST | MOBILE_REDIRECT | + PARAMETER_PROBLEM | REDIRECT | ROUTER_ADVERTISEMENT | + ROUTER_SOLICITATION | SOURCE_QUENCH | TIME_EXCEEDED | + TIMESTAMP_REPLY | TIMESTAMP_REQUEST | TRACEROUTE | + UNREACHABLE + ) + ; + single_port_op : (P_EQ | P_GT | P_LT | P_NEQ ) { importer->tmp_port_op = LT(0)->getText(); @@ -1100,9 +1130,9 @@ single_port_op : (P_EQ | P_GT | P_LT | P_NEQ ) port_spec ; -port_spec : (WORD|INT_CONST) +port_spec : tcp_udp_port_spec { - importer->tmp_port_spec = (std::string(" ") + LT(0)->getText()); + importer->tmp_port_spec = std::string(" ") + importer->tmp_port_spec_2; *dbg << LT(0)->getText() << " " << importer->tmp_port_spec; } ; @@ -1114,18 +1144,28 @@ port_range : RANGE pair_of_ports_spec } ; -pair_of_ports_spec : (s1:WORD|s2:INT_CONST) (e1:WORD|e2:INT_CONST) +pair_of_ports_spec : + { + importer->tmp_port_spec_2 = ""; + } + tcp_udp_port_spec + { + importer->tmp_port_spec += importer->tmp_port_spec_2; + } + tcp_udp_port_spec { - importer->tmp_port_spec = ""; - if (s1) importer->tmp_port_spec += s1->getText(); - if (s2) importer->tmp_port_spec += s2->getText(); importer->tmp_port_spec += " "; - if (e1) importer->tmp_port_spec += e1->getText(); - if (e2) importer->tmp_port_spec += e2->getText(); - *dbg << "pair of ports: " << importer->tmp_port_spec; + importer->tmp_port_spec += importer->tmp_port_spec_2; } ; +tcp_udp_port_spec : (SSH | TELNET | WORD | INT_CONST) + { + importer->tmp_port_spec_2 = LT(0)->getText(); + } + ; + + // using these to help with debugging hostaddr_expr_1 : hostaddr_expr ; hostaddr_expr_2 : hostaddr_expr ; @@ -1152,14 +1192,14 @@ hostaddr_expr : importer->tmp_nm = "255.255.255.255"; *dbg << h->getText() << "/255.255.255.255"; } - | + | (a:IPV4 m:IPV4) { importer->tmp_a = a->getText(); importer->tmp_nm = m->getText(); *dbg << a->getText() << "/" << m->getText(); } - | + | ANY { importer->tmp_a = "0.0.0.0"; @@ -1293,7 +1333,7 @@ nameif_top_level : NAMEIF p_intf:WORD intf_label:WORD sec_level:WORD } ; - + interface_parameters : { importer->setCurrentLineNumber(LT(0)->getLine()); @@ -1327,7 +1367,7 @@ vlan_interface : VLAN vlan_id:INT_CONST } ; -unsupported_interface_commands : +unsupported_interface_commands : ( SPEED | @@ -1391,7 +1431,7 @@ sec_level : SEC_LEVEL sec_level:INT_CONST // context in the grammar, function setInterfaceParametes() can locate // right interface using its first parameter. // -nameif : NAMEIF p_intf:WORD +nameif : NAMEIF p_intf:WORD ( ( WORD ) => intf_label:WORD sec_level:WORD | ( ) @@ -1444,13 +1484,13 @@ shutdown : SHUTDOWN // vlan 101 // nameif outside // security-level 0 -// ip address 192.0.2.253 255.255.255.0 +// ip address 192.0.2.253 255.255.255.0 // ! // // interface Vlan1 // nameif inside // security-level 100 -// ip address dhcp setroute +// ip address dhcp setroute // ! intf_address : IP ADDRESS (v6_ip_address | v7_ip_address) ; @@ -1526,6 +1566,111 @@ switchport : SWITCHPORT ACCESS VLAN vlan_num:INT_CONST } ; +//**************************************************************** +// pretend ssh commands are rules in access lists with names +// "ssh_commands_" + interface_label +ssh_command : SSH ( ( TIMEOUT INT_CONST ) | + ( hostaddr_expr intf_label:WORD ) + { + importer->clear(); + std::string acl_name = "ssh_commands_" + intf_label->getText(); + importer->setCurrentLineNumber(LT(0)->getLine()); + importer->newUnidirRuleSet(acl_name, libfwbuilder::Policy::TYPENAME ); + importer->newPolicyRule(); + importer->action = "permit"; + importer->SaveTmpAddrToDst(); + importer->setDstSelf(); + importer->protocol = "tcp"; + importer->dst_port_op = "eq"; + importer->dst_port_spec = "ssh"; + importer->setInterfaceAndDirectionForRuleSet( + acl_name, intf_label->getText(), "in" ); + importer->pushRule(); + } + ) + ; + +telnet_command : TELNET ( ( TIMEOUT INT_CONST ) | + ( hostaddr_expr intf_label:WORD ) + { + importer->clear(); + std::string acl_name = "telnet_commands_" + intf_label->getText(); + importer->setCurrentLineNumber(LT(0)->getLine()); + importer->newUnidirRuleSet(acl_name, libfwbuilder::Policy::TYPENAME ); + importer->newPolicyRule(); + importer->action = "permit"; + importer->SaveTmpAddrToDst(); + importer->setDstSelf(); + importer->protocol = "tcp"; + importer->dst_port_op = "eq"; + importer->dst_port_spec = "telnet"; + importer->setInterfaceAndDirectionForRuleSet( + acl_name, intf_label->getText(), "in" ); + importer->pushRule(); + } + ) + ; + + +// icmp command is non-determenistic syntactically because WORD can be +// used as a name of icmp type or as interface label. I am going to +// define all icmp types as tokens in icmp_types_for_icmp_command +// Looks like "icmp" command accepts limited set of icmp type names +// and can accept numeric code. +// +icmp_top_level_command : ICMP + ( + ( UNREACHABLE + { + consumeUntil(NEWLINE); + } + ) + | + ( + (permit:PERMIT | deny:DENY) + { + importer->clear(); + } + hostaddr_expr + { + importer->SaveTmpAddrToSrc(); + } + ( icmp_types_for_icmp_command )? + intf_label:WORD + { + std::string acl_name = "icmp_commands_" + intf_label->getText(); + importer->setCurrentLineNumber(LT(0)->getLine()); + importer->newUnidirRuleSet(acl_name, libfwbuilder::Policy::TYPENAME ); + importer->newPolicyRule(); + if (permit) importer->action = "permit"; + if (deny) importer->action = "deny"; + importer->setDstSelf(); + importer->protocol = "icmp"; + importer->setInterfaceAndDirectionForRuleSet( + acl_name, intf_label->getText(), "in" ); + importer->pushRule(); + } + ) + ) + ; + +icmp_types_for_icmp_command : + INT_CONST + { + importer->icmp_type = LT(0)->getText(); + importer->icmp_code = "0"; + importer->icmp_spec = ""; + } + | + (ECHO | ECHO_REPLY | TIME_EXCEEDED | UNREACHABLE) + { + importer->icmp_type = ""; + importer->icmp_code = "0"; + importer->icmp_spec = LT(0)->getText(); + } + + ; + //**************************************************************** // remark. According to the Cisco docs, can only be used @@ -1604,7 +1749,7 @@ tokens HOSTNAME = "hostname"; CERTIFICATE = "certificate"; - + INTRFACE = "interface"; CONTROLLER = "controller"; DESCRIPTION = "description"; @@ -1719,6 +1864,8 @@ tokens NAT = "nat"; + SSH = "ssh"; + TELNET = "telnet"; AUI = "aui"; AUTO = "auto"; @@ -1727,6 +1874,28 @@ tokens FULL = "full"; BASETX = "baseTX"; + TIMEOUT = "timeout"; + + ALTERNATE_ADDRESS = "alternate-address"; + CONVERSION_ERROR = "conversion-error"; + ECHO = "echo"; + ECHO_REPLY = "echo-reply"; + INFORMATION_REPLY = "information-reply"; + INFORMATION_REQUEST = "information-request"; + MASK_REPLY = "mask-reply"; + MASK_REQUEST = "mask-request"; + MOBILE_REDIRECT = "mobile-redirect"; + PARAMETER_PROBLEM = "parameter-problem"; + REDIRECT = "redirect"; + ROUTER_ADVERTISEMENT = "router-advertisement"; + ROUTER_SOLICITATION = "router-solicitation"; + SOURCE_QUENCH = "source-quench"; + TIME_EXCEEDED = "time-exceeded"; + TIMESTAMP_REPLY = "timestamp-reply"; + TIMESTAMP_REQUEST = "timestamp-request"; + TRACEROUTE = "traceroute"; + UNREACHABLE = "unreachable"; + } LINE_COMMENT : "!" (~('\r' | '\n'))* NEWLINE ; @@ -1770,7 +1939,7 @@ protected OBJECT_GROUP :; -NUMBER_ADDRESS_OR_WORD : +NUMBER_ADDRESS_OR_WORD : ( ( DIGIT ) => ( @@ -1793,7 +1962,7 @@ NUMBER_ADDRESS_OR_WORD : | ("obj" "ect") => ( - "object" + "object" ( ("-gr" "oup") { _ttype = OBJECT_GROUP; } | diff --git a/src/unit_tests/ImporterTest/test_data/asa8.0.test b/src/unit_tests/ImporterTest/test_data/asa8.0.test index bd0e53725..ffc864810 100644 --- a/src/unit_tests/ImporterTest/test_data/asa8.0.test +++ b/src/unit_tests/ImporterTest/test_data/asa8.0.test @@ -105,7 +105,22 @@ pager lines 24 mtu inside 1500 mtu outside 1500 icmp unreachable rate-limit 1 burst-size 1 +icmp permit any echo outside +icmp permit any 111 outside +icmp permit any time-exceeded outside +icmp permit any echo-reply outside +icmp permit any unreachable outside +icmp permit any outside +icmp permit host 10.1.1.202 time-exceeded inside +icmp permit host 10.1.1.202 echo-reply inside +icmp permit host 10.1.1.202 unreachable inside +icmp permit any echo inside +icmp permit any time-exceeded inside +icmp permit any echo-reply inside +icmp permit any unreachable inside icmp permit any inside +icmp permit 10.1.1.0 255.255.255.0 inside + no asdm history enable arp timeout 14400 timeout xlate 3:00:00 diff --git a/src/unit_tests/ImporterTest/test_data/pix6.test b/src/unit_tests/ImporterTest/test_data/pix6.test index 92bce5e38..2e3686fe5 100755 --- a/src/unit_tests/ImporterTest/test_data/pix6.test +++ b/src/unit_tests/ImporterTest/test_data/pix6.test @@ -138,6 +138,7 @@ logging device-id ipaddress inside logging host inside 10.1.1.10 logging host inside 10.1.1.40 format emblem icmp permit any echo outside +icmp permit any 111 outside icmp permit any time-exceeded outside icmp permit any echo-reply outside icmp permit any unreachable outside @@ -151,6 +152,13 @@ icmp permit any echo-reply inside icmp permit any unreachable inside icmp permit any inside icmp permit 10.1.1.0 255.255.255.0 inside + +telnet 10.1.1.0 255.255.255.0 inside +telnet timeout 5 +ssh 10.1.1.30 255.255.255.255 inside +ssh 10.1.1.0 255.255.255.0 inside +ssh timeout 5 + mtu outside 1500 mtu inside 1500 ip address outside dhcp setroute retry 10 @@ -224,11 +232,6 @@ isakmp policy 10 encryption 3des isakmp policy 10 hash sha isakmp policy 10 group 2 isakmp policy 10 lifetime 86400 -telnet 10.1.1.0 255.255.255.0 inside -telnet timeout 5 -ssh 10.1.1.30 255.255.255.255 inside -ssh 10.1.1.0 255.255.255.0 inside -ssh timeout 5 console timeout 0 username foo password AAAAAAAAAAAAAAAA encrypted privilege 15 terminal width 256 diff --git a/src/unit_tests/ImporterTest/test_data/pix7.test b/src/unit_tests/ImporterTest/test_data/pix7.test index 1b788cf7c..0841f0a99 100644 --- a/src/unit_tests/ImporterTest/test_data/pix7.test +++ b/src/unit_tests/ImporterTest/test_data/pix7.test @@ -165,6 +165,8 @@ tunnel-group 192.0.2.254 ipsec-attributes telnet timeout 5 ssh scopy enable ssh 10.1.1.0 255.255.255.0 inside +ssh 10.1.2.0 255.255.255.0 inside +ssh 192.0.2.100 255.255.255.255 outside ssh timeout 20 console timeout 0 !