onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-21 10:47:16 +01:00
Code Issues Releases Wiki Activity

* parsers/pix.g (icmp_top_level_command): see #2164 Implemented

Browse Source 
import of "ssh", "telnet" and "icmp" PIX/ASA commands. These
commands are imported as regular rules in the main Policy ruleset.
This commit is contained in:
Vadim Kurland 2011-03-25 19:31:06 -07:00
parent 5bfcc226cb
commit 60d0c4e308
12 changed files with 2107 additions and 1047 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
doc/ChangeLog
View File

@ -1,5 +1,9 @@
2011-03-25 vadim <vadim@netcitadel.com> 2011-03-25 vadim <vadim@netcitadel.com>
* parsers/pix.g (icmp_top_level_command): see #2164 Implemented
import of "ssh", "telnet" and "icmp" PIX/ASA commands. These
commands are imported as regular rules in the main Policy ruleset.
* PIXImporter.cpp (finalize): see #2277 "Create policy objects for * PIXImporter.cpp (finalize): see #2277 "Create policy objects for
ASA access-lists that are not applied in an access-group". Policy ASA access-lists that are not applied in an access-group". Policy
rule set will be created and populated with rules found in the rule set will be created and populated with rules found in the

20
src/import/Importer.cpp
View File

@ -534,8 +534,23 @@ void Importer::pushRule()
clear(); clear();
} }
void Importer::setSrcSelf()
{
src_a = "self";
}
void Importer::setDstSelf()
{
dst_a = "self";
}
FWObject* Importer::makeSrcObj() FWObject* Importer::makeSrcObj()
{ {
if (src_a == "self")
{
return getFirewallObject();
}
if ( (src_a=="" && src_nm=="") || if ( (src_a=="" && src_nm=="") ||
(src_a==InetAddr::getAny().toString() && (src_a==InetAddr::getAny().toString() &&
src_nm==InetAddr::getAny().toString())) src_nm==InetAddr::getAny().toString()))
@ -553,6 +568,11 @@ FWObject* Importer::makeSrcObj()
FWObject* Importer::makeDstObj() FWObject* Importer::makeDstObj()
{ {
if (dst_a == "self")
{
return getFirewallObject();
}
if ( (dst_a=="" && dst_nm=="") || if ( (dst_a=="" && dst_nm=="") ||
(dst_a==InetAddr::getAny().toString() && (dst_a==InetAddr::getAny().toString() &&
dst_nm==InetAddr::getAny().toString())) dst_nm==InetAddr::getAny().toString()))

4
src/import/Importer.h
View File

@ -220,6 +220,7 @@ public:
std::string tmp_nm; std::string tmp_nm;
std::string tmp_port_op; std::string tmp_port_op;
std::string tmp_port_spec; std::string tmp_port_spec;
std::string tmp_port_spec_2;
std::string tmp_range_1; std::string tmp_range_1;
std::string tmp_range_2; std::string tmp_range_2;
@ -245,6 +246,9 @@ public:
void SaveTmpPortToSrc(); void SaveTmpPortToSrc();
void SaveTmpPortToDst(); void SaveTmpPortToDst();
void setSrcSelf();
void setDstSelf();
virtual void clear(); virtual void clear();
Importer(libfwbuilder::FWObject *lib, Importer(libfwbuilder::FWObject *lib,

451
src/parsers/PIXCfgLexer.cpp
View File

@ -44,102 +44,124 @@ PIXCfgLexer::PIXCfgLexer(const ANTLR_USE_NAMESPACE(antlr)LexerSharedInputState&
void PIXCfgLexer::initLiterals() void PIXCfgLexer::initLiterals()
{ {
literals["name"] = 9; literals["name"] = 10;
literals["names"] = 8; literals["names"] = 9;
literals["ospf"] = 22; literals["ospf"] = 23;
literals["established"] = 75; literals["established"] = 97;
literals["mac-address"] = 96; literals["mac-address"] = 118;
literals["nameif"] = 87; literals["nameif"] = 109;
literals["subnet"] = 33; literals["subnet"] = 34;
literals["ipsec"] = 20; literals["ipsec"] = 21;
literals["controller"] = 78; literals["controller"] = 100;
literals["pcp"] = 23; literals["pcp"] = 24;
literals["remark"] = 107; literals["access-list"] = 62;
literals["access-list"] = 61; literals["remark"] = 129;
literals["snp"] = 26; literals["telnet"] = 91;
literals["hostname"] = 59; literals["alternate-address"] = 67;
literals["hold-time"] = 94; literals["timestamp-reply"] = 82;
literals["tcp-udp"] = 49; literals["snp"] = 27;
literals["information-request"] = 72;
literals["hostname"] = 60;
literals["source-quench"] = 80;
literals["conversion-error"] = 68;
literals["timeout"] = 8;
literals["hold-time"] = 116;
literals["time-exceeded"] = 81;
literals["tcp-udp"] = 50;
literals["community-list"] = 7; literals["community-list"] = 7;
literals["permit"] = 63; literals["permit"] = 64;
literals["pptp"] = 25; literals["pptp"] = 26;
literals["interval"] = 74; literals["interval"] = 96;
literals["aui"] = 81; literals["parameter-problem"] = 76;
literals["security-level"] = 100; literals["aui"] = 103;
literals["no"] = 53; literals["ssh"] = 90;
literals["source"] = 40; literals["security-level"] = 122;
literals["igrp"] = 18; literals["no"] = 54;
literals["group-object"] = 43; literals["source"] = 41;
literals["pim"] = 24; literals["igrp"] = 19;
literals["nos"] = 21; literals["mobile-redirect"] = 75;
literals["ipinip"] = 19; literals["group-object"] = 44;
literals["pim"] = 25;
literals["nos"] = 22;
literals["ipinip"] = 20;
literals["quit"] = 5; literals["quit"] = 5;
literals["crypto"] = 52; literals["crypto"] = 53;
literals["protocol"] = 45; literals["protocol"] = 46;
literals["icmp-type"] = 48; literals["icmp-type"] = 49;
literals["PIX"] = 55; literals["PIX"] = 56;
literals["icmp-object"] = 47; literals["icmp-object"] = 48;
literals["exit"] = 80; literals["exit"] = 102;
literals["nat"] = 29; literals["nat"] = 30;
literals["range"] = 32; literals["range"] = 33;
literals["service-object"] = 50; literals["service-object"] = 51;
literals["gre"] = 16; literals["gre"] = 17;
literals["gt"] = 67; literals["information-reply"] = 71;
literals["ah"] = 13; literals["gt"] = 87;
literals["host"] = 31; literals["mask-reply"] = 73;
literals["baseTX"] = 86; literals["router-solicitation"] = 79;
literals["secondary"] = 110; literals["ah"] = 14;
literals["interface"] = 70; literals["host"] = 32;
literals["rip"] = 99; literals["mask-request"] = 74;
literals["protocol-object"] = 46; literals["baseTX"] = 108;
literals["icmp6"] = 37; literals["secondary"] = 132;
literals["standard"] = 65; literals["interface"] = 92;
literals["network"] = 28; literals["rip"] = 121;
literals["service"] = 34; literals["protocol-object"] = 47;
literals["vlan"] = 88; literals["icmp6"] = 38;
literals["access"] = 106; literals["standard"] = 66;
literals["bnc"] = 83; literals["network"] = 29;
literals["multicast"] = 97; literals["service"] = 35;
literals["any"] = 71; literals["access"] = 128;
literals["full"] = 84; literals["vlan"] = 110;
literals["dhcp"] = 103; literals["bnc"] = 105;
literals["speed"] = 89; literals["multicast"] = 119;
literals["deny"] = 64; literals["any"] = 93;
literals["neq"] = 69; literals["full"] = 106;
literals["esp"] = 15; literals["dhcp"] = 125;
literals["address"] = 102; literals["redirect"] = 77;
literals["network-object"] = 44; literals["speed"] = 111;
literals["shutdown"] = 101; literals["deny"] = 65;
literals["delay"] = 93; literals["neq"] = 89;
literals["auto"] = 82; literals["esp"] = 16;
literals["certificate"] = 54; literals["address"] = 124;
literals["udp"] = 39; literals["network-object"] = 45;
literals["fragments"] = 76; literals["shutdown"] = 123;
literals["eq"] = 66; literals["delay"] = 115;
literals["destination"] = 41; literals["auto"] = 104;
literals["duplex"] = 90; literals["echo-reply"] = 70;
literals["setroute"] = 111; literals["certificate"] = 55;
literals["baseT"] = 85; literals["router-advertisement"] = 78;
literals["udp"] = 40;
literals["fragments"] = 98;
literals["eq"] = 86;
literals["destination"] = 42;
literals["setroute"] = 133;
literals["duplex"] = 112;
literals["echo"] = 69;
literals["baseT"] = 107;
literals["ip"] = 6; literals["ip"] = 6;
literals["eigrp"] = 14; literals["eigrp"] = 15;
literals["log-input"] = 73; literals["log-input"] = 95;
literals["switchport"] = 105; literals["switchport"] = 127;
literals["description"] = 30; literals["timestamp-request"] = 83;
literals["extended"] = 62; literals["description"] = 31;
literals["igmp"] = 17; literals["extended"] = 63;
literals["access-group"] = 108; literals["igmp"] = 18;
literals["ddns"] = 91; literals["access-group"] = 130;
literals["Version"] = 57; literals["ddns"] = 113;
literals["log"] = 72; literals["Version"] = 58;
literals["forward"] = 92; literals["log"] = 94;
literals["ASA"] = 56; literals["forward"] = 114;
literals["lt"] = 68; literals["ASA"] = 57;
literals["ipv6"] = 95; literals["lt"] = 88;
literals["port-object"] = 51; literals["ipv6"] = 117;
literals["time-range"] = 77; literals["port-object"] = 52;
literals["standby"] = 104; literals["unreachable"] = 85;
literals["icmp"] = 35; literals["time-range"] = 99;
literals["tcp"] = 38; literals["standby"] = 126;
literals["icmp"] = 36;
literals["tcp"] = 39;
literals["traceroute"] = 84;
} }
ANTLR_USE_NAMESPACE(antlr)RefToken PIXCfgLexer::nextToken() ANTLR_USE_NAMESPACE(antlr)RefToken PIXCfgLexer::nextToken()
@ -453,11 +475,11 @@ void PIXCfgLexer::mLINE_COMMENT(bool _createToken) {
} }
} }
else { else {
goto _loop222; goto _loop240;
} }
} }
_loop222:; _loop240:;
} // ( ... )* } // ( ... )*
mNEWLINE(false); mNEWLINE(false);
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
@ -489,9 +511,9 @@ void PIXCfgLexer::mNEWLINE(bool _createToken) {
} }
if ( inputState->guessing==0 ) { if ( inputState->guessing==0 ) {
#line 1746 "pix.g" #line 1915 "pix.g"
newline(); newline();
#line 495 "PIXCfgLexer.cpp" #line 517 "PIXCfgLexer.cpp"
} }
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype); _token = makeToken(_ttype);
@ -515,11 +537,11 @@ void PIXCfgLexer::mCOLON_COMMENT(bool _createToken) {
} }
} }
else { else {
goto _loop226; goto _loop244;
} }
} }
_loop226:; _loop244:;
} // ( ... )* } // ( ... )*
mNEWLINE(false); mNEWLINE(false);
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
@ -613,9 +635,9 @@ void PIXCfgLexer::mWhitespace(bool _createToken) {
} }
} }
if ( inputState->guessing==0 ) { if ( inputState->guessing==0 ) {
#line 1741 "pix.g" #line 1910 "pix.g"
_ttype = ANTLR_USE_NAMESPACE(antlr)Token::SKIP; _ttype = ANTLR_USE_NAMESPACE(antlr)Token::SKIP;
#line 619 "PIXCfgLexer.cpp" #line 641 "PIXCfgLexer.cpp"
} }
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype); _token = makeToken(_ttype);
@ -737,10 +759,10 @@ void PIXCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
{ {
bool synPredMatched287 = false; bool synPredMatched305 = false;
if (((LA(1) == 0x6f /* 'o' */ ) && (LA(2) == 0x62 /* 'b' */ ) && (LA(3) == 0x6a /* 'j' */ ))) { if (((LA(1) == 0x6f /* 'o' */ ) && (LA(2) == 0x62 /* 'b' */ ) && (LA(3) == 0x6a /* 'j' */ ))) {
int _m287 = mark(); int _m305 = mark();
synPredMatched287 = true; synPredMatched305 = true;
inputState->guessing++; inputState->guessing++;
try { try {
{ {
@ -749,12 +771,12 @@ void PIXCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
} }
} }
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) {
synPredMatched287 = false; synPredMatched305 = false;
} }
rewind(_m287); rewind(_m305);
inputState->guessing--; inputState->guessing--;
} }
if ( synPredMatched287 ) { if ( synPredMatched305 ) {
{ {
match("object"); match("object");
{ {
@ -764,17 +786,17 @@ void PIXCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
match("oup"); match("oup");
} }
if ( inputState->guessing==0 ) { if ( inputState->guessing==0 ) {
#line 1798 "pix.g" #line 1967 "pix.g"
_ttype = OBJECT_GROUP; _ttype = OBJECT_GROUP;
#line 770 "PIXCfgLexer.cpp" #line 792 "PIXCfgLexer.cpp"
} }
} }
else { else {
match(""); match("");
if ( inputState->guessing==0 ) { if ( inputState->guessing==0 ) {
#line 1800 "pix.g" #line 1969 "pix.g"
_ttype = OBJECT; _ttype = OBJECT;
#line 778 "PIXCfgLexer.cpp" #line 800 "PIXCfgLexer.cpp"
} }
} }
@ -782,15 +804,15 @@ void PIXCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
} }
} }
else { else {
bool synPredMatched277 = false; bool synPredMatched295 = false;
if (((_tokenSet_2.member(LA(1))) && (_tokenSet_3.member(LA(2))) && (true))) { if (((_tokenSet_2.member(LA(1))) && (_tokenSet_3.member(LA(2))) && (true))) {
int _m277 = mark(); int _m295 = mark();
synPredMatched277 = true; synPredMatched295 = true;
inputState->guessing++; inputState->guessing++;
try { try {
{ {
{ // ( ... )+ { // ( ... )+
int _cnt276=0; int _cnt294=0;
for (;;) { for (;;) {
switch ( LA(1)) { switch ( LA(1)) {
case 0x61 /* 'a' */ : case 0x61 /* 'a' */ :
@ -819,27 +841,27 @@ void PIXCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
} }
default: default:
{ {
if ( _cnt276>=1 ) { goto _loop276; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} if ( _cnt294>=1 ) { goto _loop294; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
} }
} }
_cnt276++; _cnt294++;
} }
_loop276:; _loop294:;
} // ( ... )+ } // ( ... )+
mCOLON(false); mCOLON(false);
} }
} }
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) {
synPredMatched277 = false; synPredMatched295 = false;
} }
rewind(_m277); rewind(_m295);
inputState->guessing--; inputState->guessing--;
} }
if ( synPredMatched277 ) { if ( synPredMatched295 ) {
{ {
{ {
{ // ( ... )+ { // ( ... )+
int _cnt281=0; int _cnt299=0;
for (;;) { for (;;) {
switch ( LA(1)) { switch ( LA(1)) {
case 0x61 /* 'a' */ : case 0x61 /* 'a' */ :
@ -868,15 +890,15 @@ void PIXCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
} }
default: default:
{ {
if ( _cnt281>=1 ) { goto _loop281; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} if ( _cnt299>=1 ) { goto _loop299; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
} }
} }
_cnt281++; _cnt299++;
} }
_loop281:; _loop299:;
} // ( ... )+ } // ( ... )+
{ // ( ... )+ { // ( ... )+
int _cnt285=0; int _cnt303=0;
for (;;) { for (;;) {
if ((LA(1) == 0x3a /* ':' */ )) { if ((LA(1) == 0x3a /* ':' */ )) {
mCOLON(false); mCOLON(false);
@ -909,34 +931,34 @@ void PIXCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
} }
default: default:
{ {
goto _loop284; goto _loop302;
} }
} }
} }
_loop284:; _loop302:;
} // ( ... )* } // ( ... )*
} }
else { else {
if ( _cnt285>=1 ) { goto _loop285; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} if ( _cnt303>=1 ) { goto _loop303; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
} }
_cnt285++; _cnt303++;
} }
_loop285:; _loop303:;
} // ( ... )+ } // ( ... )+
} }
if ( inputState->guessing==0 ) { if ( inputState->guessing==0 ) {
#line 1791 "pix.g" #line 1960 "pix.g"
_ttype = IPV6; _ttype = IPV6;
#line 932 "PIXCfgLexer.cpp" #line 954 "PIXCfgLexer.cpp"
} }
} }
} }
else { else {
bool synPredMatched242 = false; bool synPredMatched260 = false;
if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (true) && (true))) { if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (true) && (true))) {
int _m242 = mark(); int _m260 = mark();
synPredMatched242 = true; synPredMatched260 = true;
inputState->guessing++; inputState->guessing++;
try { try {
{ {
@ -944,242 +966,242 @@ void PIXCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
} }
} }
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) {
synPredMatched242 = false; synPredMatched260 = false;
} }
rewind(_m242); rewind(_m260);
inputState->guessing--; inputState->guessing--;
} }
if ( synPredMatched242 ) { if ( synPredMatched260 ) {
{ {
bool synPredMatched251 = false; bool synPredMatched269 = false;
if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (_tokenSet_4.member(LA(2))) && (_tokenSet_4.member(LA(3))))) { if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (_tokenSet_4.member(LA(2))) && (_tokenSet_4.member(LA(3))))) {
int _m251 = mark(); int _m269 = mark();
synPredMatched251 = true; synPredMatched269 = true;
inputState->guessing++; inputState->guessing++;
try { try {
{ {
{ // ( ... )+ { // ( ... )+
int _cnt246=0; int _cnt264=0;
for (;;) { for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mDIGIT(false); mDIGIT(false);
} }
else { else {
if ( _cnt246>=1 ) { goto _loop246; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} if ( _cnt264>=1 ) { goto _loop264; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
} }
_cnt246++; _cnt264++;
} }
_loop246:; _loop264:;
} // ( ... )+ } // ( ... )+
mDOT(false); mDOT(false);
{ // ( ... )+ { // ( ... )+
int _cnt248=0; int _cnt266=0;
for (;;) { for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mDIGIT(false); mDIGIT(false);
} }
else { else {
if ( _cnt248>=1 ) { goto _loop248; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} if ( _cnt266>=1 ) { goto _loop266; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
} }
_cnt248++; _cnt266++;
} }
_loop248:; _loop266:;
} // ( ... )+ } // ( ... )+
mDOT(false); mDOT(false);
{ // ( ... )+ { // ( ... )+
int _cnt250=0; int _cnt268=0;
for (;;) { for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mDIGIT(false); mDIGIT(false);
} }
else { else {
if ( _cnt250>=1 ) { goto _loop250; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} if ( _cnt268>=1 ) { goto _loop268; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
} }
_cnt250++; _cnt268++;
} }
_loop250:; _loop268:;
} // ( ... )+ } // ( ... )+
} }
} }
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) {
synPredMatched251 = false; synPredMatched269 = false;
} }
rewind(_m251); rewind(_m269);
inputState->guessing--; inputState->guessing--;
} }
if ( synPredMatched251 ) { if ( synPredMatched269 ) {
{ {
{ // ( ... )+ { // ( ... )+
int _cnt254=0; int _cnt272=0;
for (;;) { for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mDIGIT(false); mDIGIT(false);
} }
else { else {
if ( _cnt254>=1 ) { goto _loop254; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} if ( _cnt272>=1 ) { goto _loop272; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
} }
_cnt254++; _cnt272++;
} }
_loop254:; _loop272:;
} // ( ... )+ } // ( ... )+
mDOT(false); mDOT(false);
{ // ( ... )+ { // ( ... )+
int _cnt256=0; int _cnt274=0;
for (;;) { for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mDIGIT(false); mDIGIT(false);
} }
else { else {
if ( _cnt256>=1 ) { goto _loop256; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} if ( _cnt274>=1 ) { goto _loop274; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
} }
_cnt256++; _cnt274++;
} }
_loop256:; _loop274:;
} // ( ... )+ } // ( ... )+
mDOT(false); mDOT(false);
{ // ( ... )+ { // ( ... )+
int _cnt258=0; int _cnt276=0;
for (;;) { for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mDIGIT(false); mDIGIT(false);
} }
else { else {
if ( _cnt258>=1 ) { goto _loop258; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} if ( _cnt276>=1 ) { goto _loop276; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
} }
_cnt258++; _cnt276++;
} }
_loop258:; _loop276:;
} // ( ... )+ } // ( ... )+
mDOT(false); mDOT(false);
{ // ( ... )+ { // ( ... )+
int _cnt260=0; int _cnt278=0;
for (;;) { for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mDIGIT(false); mDIGIT(false);
} }
else { else {
if ( _cnt260>=1 ) { goto _loop260; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} if ( _cnt278>=1 ) { goto _loop278; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
} }
_cnt260++; _cnt278++;
} }
_loop260:; _loop278:;
} // ( ... )+ } // ( ... )+
} }
if ( inputState->guessing==0 ) { if ( inputState->guessing==0 ) {
#line 1779 "pix.g" #line 1948 "pix.g"
_ttype = IPV4; _ttype = IPV4;
#line 1079 "PIXCfgLexer.cpp" #line 1101 "PIXCfgLexer.cpp"
} }
} }
else { else {
bool synPredMatched266 = false; bool synPredMatched284 = false;
if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (_tokenSet_4.member(LA(2))) && (_tokenSet_4.member(LA(3))))) { if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (_tokenSet_4.member(LA(2))) && (_tokenSet_4.member(LA(3))))) {
int _m266 = mark(); int _m284 = mark();
synPredMatched266 = true; synPredMatched284 = true;
inputState->guessing++; inputState->guessing++;
try { try {
{ {
{ // ( ... )+ { // ( ... )+
int _cnt263=0; int _cnt281=0;
for (;;) { for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mDIGIT(false); mDIGIT(false);
} }
else { else {
if ( _cnt263>=1 ) { goto _loop263; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} if ( _cnt281>=1 ) { goto _loop281; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
} }
_cnt263++; _cnt281++;
} }
_loop263:; _loop281:;
} // ( ... )+ } // ( ... )+
mDOT(false); mDOT(false);
{ // ( ... )+ { // ( ... )+
int _cnt265=0; int _cnt283=0;
for (;;) { for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mDIGIT(false); mDIGIT(false);
} }
else { else {
if ( _cnt265>=1 ) { goto _loop265; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} if ( _cnt283>=1 ) { goto _loop283; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
} }
_cnt265++; _cnt283++;
} }
_loop265:; _loop283:;
} // ( ... )+ } // ( ... )+
} }
} }
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) {
synPredMatched266 = false; synPredMatched284 = false;
} }
rewind(_m266); rewind(_m284);
inputState->guessing--; inputState->guessing--;
} }
if ( synPredMatched266 ) { if ( synPredMatched284 ) {
{ {
{ // ( ... )+ { // ( ... )+
int _cnt269=0; int _cnt287=0;
for (;;) { for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mDIGIT(false); mDIGIT(false);
} }
else { else {
if ( _cnt269>=1 ) { goto _loop269; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} if ( _cnt287>=1 ) { goto _loop287; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
} }
_cnt269++; _cnt287++;
} }
_loop269:; _loop287:;
} // ( ... )+ } // ( ... )+
mDOT(false); mDOT(false);
{ // ( ... )+ { // ( ... )+
int _cnt271=0; int _cnt289=0;
for (;;) { for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mDIGIT(false); mDIGIT(false);
} }
else { else {
if ( _cnt271>=1 ) { goto _loop271; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} if ( _cnt289>=1 ) { goto _loop289; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
} }
_cnt271++; _cnt289++;
} }
_loop271:; _loop289:;
} // ( ... )+ } // ( ... )+
} }
if ( inputState->guessing==0 ) { if ( inputState->guessing==0 ) {
#line 1782 "pix.g" #line 1951 "pix.g"
_ttype = NUMBER; _ttype = NUMBER;
#line 1162 "PIXCfgLexer.cpp" #line 1184 "PIXCfgLexer.cpp"
} }
} }
else if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (true) && (true)) { else if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (true) && (true)) {
{ // ( ... )+ { // ( ... )+
int _cnt273=0; int _cnt291=0;
for (;;) { for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mDIGIT(false); mDIGIT(false);
} }
else { else {
if ( _cnt273>=1 ) { goto _loop273; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} if ( _cnt291>=1 ) { goto _loop291; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
} }
_cnt273++; _cnt291++;
} }
_loop273:; _loop291:;
} // ( ... )+ } // ( ... )+
if ( inputState->guessing==0 ) { if ( inputState->guessing==0 ) {
#line 1784 "pix.g" #line 1953 "pix.g"
_ttype = INT_CONST; _ttype = INT_CONST;
#line 1183 "PIXCfgLexer.cpp" #line 1205 "PIXCfgLexer.cpp"
} }
} }
else { else {
@ -1415,16 +1437,16 @@ void PIXCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
} }
default: default:
{ {
goto _loop293; goto _loop311;
} }
} }
} }
_loop293:; _loop311:;
} // ( ... )* } // ( ... )*
if ( inputState->guessing==0 ) { if ( inputState->guessing==0 ) {
#line 1807 "pix.g" #line 1976 "pix.g"
_ttype = WORD; _ttype = WORD;
#line 1428 "PIXCfgLexer.cpp" #line 1450 "PIXCfgLexer.cpp"
} }
} }
else { else {
@ -1466,11 +1488,11 @@ void PIXCfgLexer::mSTRING(bool _createToken) {
matchNot('\"' /* charlit */ ); matchNot('\"' /* charlit */ );
} }
else { else {
goto _loop296; goto _loop314;
} }
} }
_loop296:; _loop314:;
} // ( ... )* } // ( ... )*
match('\"' /* charlit */ ); match('\"' /* charlit */ );
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
@ -1850,7 +1872,8 @@ const unsigned long PIXCfgLexer::_tokenSet_0_data_[] = { 4294958072UL, 1UL, 0UL,
// 0x3 0x4 0x5 0x6 0x7 0x8 0x9 0xb 0xc 0xe 0xf 0x10 0x11 0x12 0x13 0x14 // 0x3 0x4 0x5 0x6 0x7 0x8 0x9 0xb 0xc 0xe 0xf 0x10 0x11 0x12 0x13 0x14
// 0x15 0x16 0x17 0x18 0x19 0x1a 0x1b 0x1c 0x1d 0x1e 0x1f 0x7f 0x80 0x81 // 0x15 0x16 0x17 0x18 0x19 0x1a 0x1b 0x1c 0x1d 0x1e 0x1f 0x7f 0x80 0x81
// 0x82 0x83 0x84 0x85 0x86 0x87 0x88 0x89 0x8a 0x8b 0x8c 0x8d 0x8e 0x8f // 0x82 0x83 0x84 0x85 0x86 0x87 0x88 0x89 0x8a 0x8b 0x8c 0x8d 0x8e 0x8f
// 0x90 0x91 // 0x90 0x91 0x92 0x93 0x94 0x95 0x96 0x97 0x98 0x99 0x9a 0x9b 0x9c 0x9d
// 0x9e 0x9f 0xa0 0xa1 0xa2 0xa3 0xa4 0xa5 0xa6 0xa7
const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgLexer::_tokenSet_0(_tokenSet_0_data_,16); const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgLexer::_tokenSet_0(_tokenSet_0_data_,16);
const unsigned long PIXCfgLexer::_tokenSet_1_data_[] = { 4294958072UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; const unsigned long PIXCfgLexer::_tokenSet_1_data_[] = { 4294958072UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL };
// 0x3 0x4 0x5 0x6 0x7 0x8 0x9 0xb 0xc 0xe 0xf 0x10 0x11 0x12 0x13 0x14 // 0x3 0x4 0x5 0x6 0x7 0x8 0x9 0xb 0xc 0xe 0xf 0x10 0x11 0x12 0x13 0x14
@ -1859,6 +1882,8 @@ const unsigned long PIXCfgLexer::_tokenSet_1_data_[] = { 4294958072UL, 429496729
// H I J K L M N O P Q R S T U V W X Y Z [ 0x5c ] ^ _ ` a b c d e f g h // H I J K L M N O P Q R S T U V W X Y Z [ 0x5c ] ^ _ ` a b c d e f g h
// i j k l m n o p q r s t u v w x y z { | } ~ 0x7f 0x80 0x81 0x82 0x83 // i j k l m n o p q r s t u v w x y z { | } ~ 0x7f 0x80 0x81 0x82 0x83
// 0x84 0x85 0x86 0x87 0x88 0x89 0x8a 0x8b 0x8c 0x8d 0x8e 0x8f 0x90 0x91 // 0x84 0x85 0x86 0x87 0x88 0x89 0x8a 0x8b 0x8c 0x8d 0x8e 0x8f 0x90 0x91
// 0x92 0x93 0x94 0x95 0x96 0x97 0x98 0x99 0x9a 0x9b 0x9c 0x9d 0x9e 0x9f
// 0xa0 0xa1 0xa2 0xa3 0xa4 0xa5 0xa6 0xa7
const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgLexer::_tokenSet_1(_tokenSet_1_data_,16); const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgLexer::_tokenSet_1(_tokenSet_1_data_,16);
const unsigned long PIXCfgLexer::_tokenSet_2_data_[] = { 0UL, 67043328UL, 0UL, 126UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; const unsigned long PIXCfgLexer::_tokenSet_2_data_[] = { 0UL, 67043328UL, 0UL, 126UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL };
// 0 1 2 3 4 5 6 7 8 9 a b c d e f // 0 1 2 3 4 5 6 7 8 9 a b c d e f
@ -1880,5 +1905,7 @@ const unsigned long PIXCfgLexer::_tokenSet_6_data_[] = { 4294967288UL, 429496729
// G H I J K L M N O P Q R S T U V W X Y Z [ 0x5c ] ^ _ ` a b c d e f g // G H I J K L M N O P Q R S T U V W X Y Z [ 0x5c ] ^ _ ` a b c d e f g
// h i j k l m n o p q r s t u v w x y z { | } ~ 0x7f 0x80 0x81 0x82 0x83 // h i j k l m n o p q r s t u v w x y z { | } ~ 0x7f 0x80 0x81 0x82 0x83
// 0x84 0x85 0x86 0x87 0x88 0x89 0x8a 0x8b 0x8c 0x8d 0x8e 0x8f 0x90 0x91 // 0x84 0x85 0x86 0x87 0x88 0x89 0x8a 0x8b 0x8c 0x8d 0x8e 0x8f 0x90 0x91
// 0x92 0x93 0x94 0x95 0x96 0x97 0x98 0x99 0x9a 0x9b 0x9c 0x9d 0x9e 0x9f
// 0xa0 0xa1 0xa2 0xa3 0xa4 0xa5 0xa6 0xa7
const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgLexer::_tokenSet_6(_tokenSet_6_data_,16); const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgLexer::_tokenSet_6(_tokenSet_6_data_,16);

1749
src/parsers/PIXCfgParser.cpp
View File

File diff suppressed because it is too large Load Diff

21
src/parsers/PIXCfgParser.hpp
View File

@ -38,7 +38,7 @@ class CUSTOM_API PIXCfgParser : public ANTLR_USE_NAMESPACE(antlr)LLkParser, publ
// additional methods and members // additional methods and members
public: public:
std::ostream *dbg; std::ostream *dbg;
PIXImporter *importer; PIXImporter *importer;
@ -98,6 +98,9 @@ public:
public: void nameif_top_level(); public: void nameif_top_level();
public: void controller(); public: void controller();
public: void access_list_commands(); public: void access_list_commands();
public: void ssh_command();
public: void telnet_command();
public: void icmp_top_level_command();
public: void access_group(); public: void access_group();
public: void exit(); public: void exit();
public: void certificate(); public: void certificate();
@ -113,6 +116,7 @@ public:
public: void object_group_icmp_8_3(); public: void object_group_icmp_8_3();
public: void crypto(); public: void crypto();
public: void no_commands(); public: void no_commands();
public: void timeout_command();
public: void unknown_command(); public: void unknown_command();
public: void ip_protocol_names(); public: void ip_protocol_names();
public: void named_object_network_parameters(); public: void named_object_network_parameters();
@ -127,6 +131,7 @@ public:
public: void service_tcp_udp(); public: void service_tcp_udp();
public: void service_other(); public: void service_other();
public: void service_unknown(); public: void service_unknown();
public: void icmp_names();
public: void src_port_spec(); public: void src_port_spec();
public: void dst_port_spec(); public: void dst_port_spec();
public: void xoperator(); public: void xoperator();
@ -164,6 +169,7 @@ public:
public: void single_port_op(); public: void single_port_op();
public: void port_range(); public: void port_range();
public: void port_spec(); public: void port_spec();
public: void tcp_udp_port_spec();
public: void pair_of_ports_spec(); public: void pair_of_ports_spec();
public: void interface_command_6(); public: void interface_command_6();
public: void interface_command_7(); public: void interface_command_7();
@ -184,6 +190,7 @@ public:
public: void v6_static_address(); public: void v6_static_address();
public: void v7_dhcp_address(); public: void v7_dhcp_address();
public: void v7_static_address(); public: void v7_static_address();
public: void icmp_types_for_icmp_command();
public: public:
ANTLR_USE_NAMESPACE(antlr)RefAST getAST() ANTLR_USE_NAMESPACE(antlr)RefAST getAST()
{ {
@ -195,10 +202,10 @@ protected:
private: private:
static const char* tokenNames[]; static const char* tokenNames[];
#ifndef NO_STATIC_CONSTS #ifndef NO_STATIC_CONSTS
static const int NUM_TOKENS = 146; static const int NUM_TOKENS = 168;
#else #else
enum { enum {
NUM_TOKENS = 146 NUM_TOKENS = 168
}; };
#endif #endif
@ -252,6 +259,14 @@ private:
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_23; static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_23;
static const unsigned long _tokenSet_24_data_[]; static const unsigned long _tokenSet_24_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_24; static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_24;
static const unsigned long _tokenSet_25_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_25;
static const unsigned long _tokenSet_26_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_26;
static const unsigned long _tokenSet_27_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_27;
static const unsigned long _tokenSet_28_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_28;
}; };
#endif /*INC_PIXCfgParser_hpp_*/ #endif /*INC_PIXCfgParser_hpp_*/

298
src/parsers/PIXCfgParserTokenTypes.hpp
View File

@ -16,144 +16,166 @@ struct CUSTOM_API PIXCfgParserTokenTypes {
QUIT = 5, QUIT = 5,
IP = 6, IP = 6,
COMMUNITY_LIST = 7, COMMUNITY_LIST = 7,
NAMES = 8, TIMEOUT = 8,
NAME = 9, NAMES = 9,
IPV4 = 10, NAME = 10,
IPV6 = 11, IPV4 = 11,
WORD = 12, IPV6 = 12,
AH = 13, WORD = 13,
EIGRP = 14, AH = 14,
ESP = 15, EIGRP = 15,
GRE = 16, ESP = 16,
IGMP = 17, GRE = 17,
IGRP = 18, IGMP = 18,
IPINIP = 19, IGRP = 19,
IPSEC = 20, IPINIP = 20,
NOS = 21, IPSEC = 21,
OSPF = 22, NOS = 22,
PCP = 23, OSPF = 23,
PIM = 24, PCP = 24,
PPTP = 25, PIM = 25,
SNP = 26, PPTP = 26,
OBJECT = 27, SNP = 27,
NETWORK = 28, OBJECT = 28,
NAT = 29, NETWORK = 29,
DESCRIPTION = 30, NAT = 30,
HOST = 31, DESCRIPTION = 31,
RANGE = 32, HOST = 32,
SUBNET = 33, RANGE = 33,
SERVICE = 34, SUBNET = 34,
ICMP = 35, SERVICE = 35,
INT_CONST = 36, ICMP = 36,
ICMP6 = 37, INT_CONST = 37,
TCP = 38, ICMP6 = 38,
UDP = 39, TCP = 39,
SOURCE = 40, UDP = 40,
DESTINATION = 41, SOURCE = 41,
OBJECT_GROUP = 42, DESTINATION = 42,
GROUP_OBJECT = 43, OBJECT_GROUP = 43,
NETWORK_OBJECT = 44, GROUP_OBJECT = 44,
PROTOCOL = 45, NETWORK_OBJECT = 45,
PROTOCOL_OBJECT = 46, PROTOCOL = 46,
ICMP_OBJECT = 47, PROTOCOL_OBJECT = 47,
ICMP_TYPE = 48, ICMP_OBJECT = 48,
TCP_UDP = 49, ICMP_TYPE = 49,
SERVICE_OBJECT = 50, TCP_UDP = 50,
PORT_OBJECT = 51, SERVICE_OBJECT = 51,
CRYPTO = 52, PORT_OBJECT = 52,
NO = 53, CRYPTO = 53,
CERTIFICATE = 54, NO = 54,
PIX_WORD = 55, CERTIFICATE = 55,
ASA_WORD = 56, PIX_WORD = 56,
VERSION_WORD = 57, ASA_WORD = 57,
NUMBER = 58, VERSION_WORD = 58,
HOSTNAME = 59, NUMBER = 59,
STRING = 60, HOSTNAME = 60,
ACCESS_LIST = 61, STRING = 61,
EXTENDED = 62, ACCESS_LIST = 62,
PERMIT = 63, EXTENDED = 63,
DENY = 64, PERMIT = 64,
STANDARD = 65, DENY = 65,
P_EQ = 66, STANDARD = 66,
P_GT = 67, ALTERNATE_ADDRESS = 67,
P_LT = 68, CONVERSION_ERROR = 68,
P_NEQ = 69, ECHO = 69,
INTRFACE = 70, ECHO_REPLY = 70,
ANY = 71, INFORMATION_REPLY = 71,
LOG = 72, INFORMATION_REQUEST = 72,
LOG_INPUT = 73, MASK_REPLY = 73,
INTERVAL = 74, MASK_REQUEST = 74,
ESTABLISHED = 75, MOBILE_REDIRECT = 75,
FRAGMENTS = 76, PARAMETER_PROBLEM = 76,
TIME_RANGE = 77, REDIRECT = 77,
CONTROLLER = 78, ROUTER_ADVERTISEMENT = 78,
LINE_COMMENT = 79, ROUTER_SOLICITATION = 79,
EXIT = 80, SOURCE_QUENCH = 80,
AUI = 81, TIME_EXCEEDED = 81,
AUTO = 82, TIMESTAMP_REPLY = 82,
BNC = 83, TIMESTAMP_REQUEST = 83,
FULL = 84, TRACEROUTE = 84,
BASET = 85, UNREACHABLE = 85,
BASETX = 86, P_EQ = 86,
NAMEIF = 87, P_GT = 87,
VLAN = 88, P_LT = 88,
SPEED = 89, P_NEQ = 89,
DUPLEX = 90, SSH = 90,
DDNS = 91, TELNET = 91,
FORWARD = 92, INTRFACE = 92,
DELAY = 93, ANY = 93,
HOLD_TIME = 94, LOG = 94,
IPV6_C = 95, LOG_INPUT = 95,
MAC_ADDRESS = 96, INTERVAL = 96,
MULTICAST = 97, ESTABLISHED = 97,
PPPOE = 98, FRAGMENTS = 98,
RIP = 99, TIME_RANGE = 99,
SEC_LEVEL = 100, CONTROLLER = 100,
SHUTDOWN = 101, LINE_COMMENT = 101,
ADDRESS = 102, EXIT = 102,
DHCP = 103, AUI = 103,
STANDBY = 104, AUTO = 104,
SWITCHPORT = 105, BNC = 105,
ACCESS = 106, FULL = 106,
REMARK = 107, BASET = 107,
ACCESS_GROUP = 108, BASETX = 108,
COLON_COMMENT = 109, NAMEIF = 109,
SECONDARY = 110, VLAN = 110,
SETROUTE = 111, SPEED = 111,
Whitespace = 112, DUPLEX = 112,
HEX_CONST = 113, DDNS = 113,
NEG_INT_CONST = 114, FORWARD = 114,
DIGIT = 115, DELAY = 115,
HEXDIGIT = 116, HOLD_TIME = 116,
NUMBER_ADDRESS_OR_WORD = 117, IPV6_C = 117,
PIPE_CHAR = 118, MAC_ADDRESS = 118,
NUMBER_SIGN = 119, MULTICAST = 119,
PERCENT = 120, PPPOE = 120,
AMPERSAND = 121, RIP = 121,
APOSTROPHE = 122, SEC_LEVEL = 122,
OPENING_PAREN = 123, SHUTDOWN = 123,
CLOSING_PAREN = 124, ADDRESS = 124,
STAR = 125, DHCP = 125,
PLUS = 126, STANDBY = 126,
COMMA = 127, SWITCHPORT = 127,
MINUS = 128, ACCESS = 128,
DOT = 129, REMARK = 129,
SLASH = 130, ACCESS_GROUP = 130,
COLON = 131, COLON_COMMENT = 131,
SEMICOLON = 132, SECONDARY = 132,
LESS_THAN = 133, SETROUTE = 133,
EQUALS = 134, Whitespace = 134,
GREATER_THAN = 135, HEX_CONST = 135,
QUESTION = 136, NEG_INT_CONST = 136,
COMMERCIAL_AT = 137, DIGIT = 137,
OPENING_SQUARE = 138, HEXDIGIT = 138,
CLOSING_SQUARE = 139, NUMBER_ADDRESS_OR_WORD = 139,
CARET = 140, PIPE_CHAR = 140,
UNDERLINE = 141, NUMBER_SIGN = 141,
OPENING_BRACE = 142, PERCENT = 142,
CLOSING_BRACE = 143, AMPERSAND = 143,
TILDE = 144, APOSTROPHE = 144,
EXLAMATION = 145, OPENING_PAREN = 145,
CLOSING_PAREN = 146,
STAR = 147,
PLUS = 148,
COMMA = 149,
MINUS = 150,
DOT = 151,
SLASH = 152,
COLON = 153,
SEMICOLON = 154,
LESS_THAN = 155,
EQUALS = 156,
GREATER_THAN = 157,
QUESTION = 158,
COMMERCIAL_AT = 159,
OPENING_SQUARE = 160,
CLOSING_SQUARE = 161,
CARET = 162,
UNDERLINE = 163,
OPENING_BRACE = 164,
CLOSING_BRACE = 165,
TILDE = 166,
EXLAMATION = 167,
NULL_TREE_LOOKAHEAD = 3 NULL_TREE_LOOKAHEAD = 3
}; };
#ifdef __cplusplus #ifdef __cplusplus

298
src/parsers/PIXCfgParserTokenTypes.txt
View File

@ -4,141 +4,163 @@ NEWLINE=4
QUIT="quit"=5 QUIT="quit"=5
IP="ip"=6 IP="ip"=6
COMMUNITY_LIST="community-list"=7 COMMUNITY_LIST="community-list"=7
NAMES="names"=8 TIMEOUT="timeout"=8
NAME="name"=9 NAMES="names"=9
IPV4=10 NAME="name"=10
IPV6=11 IPV4=11
WORD=12 IPV6=12
AH="ah"=13 WORD=13
EIGRP="eigrp"=14 AH="ah"=14
ESP="esp"=15 EIGRP="eigrp"=15
GRE="gre"=16 ESP="esp"=16
IGMP="igmp"=17 GRE="gre"=17
IGRP="igrp"=18 IGMP="igmp"=18
IPINIP="ipinip"=19 IGRP="igrp"=19
IPSEC="ipsec"=20 IPINIP="ipinip"=20
NOS="nos"=21 IPSEC="ipsec"=21
OSPF="ospf"=22 NOS="nos"=22
PCP="pcp"=23 OSPF="ospf"=23
PIM="pim"=24 PCP="pcp"=24
PPTP="pptp"=25 PIM="pim"=25
SNP="snp"=26 PPTP="pptp"=26
OBJECT=27 SNP="snp"=27
NETWORK="network"=28 OBJECT=28
NAT="nat"=29 NETWORK="network"=29
DESCRIPTION="description"=30 NAT="nat"=30
HOST="host"=31 DESCRIPTION="description"=31
RANGE="range"=32 HOST="host"=32
SUBNET="subnet"=33 RANGE="range"=33
SERVICE="service"=34 SUBNET="subnet"=34
ICMP="icmp"=35 SERVICE="service"=35
INT_CONST=36 ICMP="icmp"=36
ICMP6="icmp6"=37 INT_CONST=37
TCP="tcp"=38 ICMP6="icmp6"=38
UDP="udp"=39 TCP="tcp"=39
SOURCE="source"=40 UDP="udp"=40
DESTINATION="destination"=41 SOURCE="source"=41
OBJECT_GROUP=42 DESTINATION="destination"=42
GROUP_OBJECT="group-object"=43 OBJECT_GROUP=43
NETWORK_OBJECT="network-object"=44 GROUP_OBJECT="group-object"=44
PROTOCOL="protocol"=45 NETWORK_OBJECT="network-object"=45
PROTOCOL_OBJECT="protocol-object"=46 PROTOCOL="protocol"=46
ICMP_OBJECT="icmp-object"=47 PROTOCOL_OBJECT="protocol-object"=47
ICMP_TYPE="icmp-type"=48 ICMP_OBJECT="icmp-object"=48
TCP_UDP="tcp-udp"=49 ICMP_TYPE="icmp-type"=49
SERVICE_OBJECT="service-object"=50 TCP_UDP="tcp-udp"=50
PORT_OBJECT="port-object"=51 SERVICE_OBJECT="service-object"=51
CRYPTO="crypto"=52 PORT_OBJECT="port-object"=52
NO="no"=53 CRYPTO="crypto"=53
CERTIFICATE="certificate"=54 NO="no"=54
PIX_WORD="PIX"=55 CERTIFICATE="certificate"=55
ASA_WORD="ASA"=56 PIX_WORD="PIX"=56
VERSION_WORD="Version"=57 ASA_WORD="ASA"=57
NUMBER=58 VERSION_WORD="Version"=58
HOSTNAME="hostname"=59 NUMBER=59
STRING=60 HOSTNAME="hostname"=60
ACCESS_LIST="access-list"=61 STRING=61
EXTENDED="extended"=62 ACCESS_LIST="access-list"=62
PERMIT="permit"=63 EXTENDED="extended"=63
DENY="deny"=64 PERMIT="permit"=64
STANDARD="standard"=65 DENY="deny"=65
P_EQ="eq"=66 STANDARD="standard"=66
P_GT="gt"=67 ALTERNATE_ADDRESS="alternate-address"=67
P_LT="lt"=68 CONVERSION_ERROR="conversion-error"=68
P_NEQ="neq"=69 ECHO="echo"=69
INTRFACE="interface"=70 ECHO_REPLY="echo-reply"=70
ANY="any"=71 INFORMATION_REPLY="information-reply"=71
LOG="log"=72 INFORMATION_REQUEST="information-request"=72
LOG_INPUT="log-input"=73 MASK_REPLY="mask-reply"=73
INTERVAL="interval"=74 MASK_REQUEST="mask-request"=74
ESTABLISHED="established"=75 MOBILE_REDIRECT="mobile-redirect"=75
FRAGMENTS="fragments"=76 PARAMETER_PROBLEM="parameter-problem"=76
TIME_RANGE="time-range"=77 REDIRECT="redirect"=77
CONTROLLER="controller"=78 ROUTER_ADVERTISEMENT="router-advertisement"=78
LINE_COMMENT=79 ROUTER_SOLICITATION="router-solicitation"=79
EXIT="exit"=80 SOURCE_QUENCH="source-quench"=80
AUI="aui"=81 TIME_EXCEEDED="time-exceeded"=81
AUTO="auto"=82 TIMESTAMP_REPLY="timestamp-reply"=82
BNC="bnc"=83 TIMESTAMP_REQUEST="timestamp-request"=83
FULL="full"=84 TRACEROUTE="traceroute"=84
BASET="baseT"=85 UNREACHABLE="unreachable"=85
BASETX="baseTX"=86 P_EQ="eq"=86
NAMEIF="nameif"=87 P_GT="gt"=87
VLAN="vlan"=88 P_LT="lt"=88
SPEED="speed"=89 P_NEQ="neq"=89
DUPLEX="duplex"=90 SSH="ssh"=90
DDNS="ddns"=91 TELNET="telnet"=91
FORWARD="forward"=92 INTRFACE="interface"=92
DELAY="delay"=93 ANY="any"=93
HOLD_TIME="hold-time"=94 LOG="log"=94
IPV6_C="ipv6"=95 LOG_INPUT="log-input"=95
MAC_ADDRESS="mac-address"=96 INTERVAL="interval"=96
MULTICAST="multicast"=97 ESTABLISHED="established"=97
PPPOE=98 FRAGMENTS="fragments"=98
RIP="rip"=99 TIME_RANGE="time-range"=99
SEC_LEVEL="security-level"=100 CONTROLLER="controller"=100
SHUTDOWN="shutdown"=101 LINE_COMMENT=101
ADDRESS="address"=102 EXIT="exit"=102
DHCP="dhcp"=103 AUI="aui"=103
STANDBY="standby"=104 AUTO="auto"=104
SWITCHPORT="switchport"=105 BNC="bnc"=105
ACCESS="access"=106 FULL="full"=106
REMARK="remark"=107 BASET="baseT"=107
ACCESS_GROUP="access-group"=108 BASETX="baseTX"=108
COLON_COMMENT=109 NAMEIF="nameif"=109
SECONDARY="secondary"=110 VLAN="vlan"=110
SETROUTE="setroute"=111 SPEED="speed"=111
Whitespace=112 DUPLEX="duplex"=112
HEX_CONST=113 DDNS="ddns"=113
NEG_INT_CONST=114 FORWARD="forward"=114
DIGIT=115 DELAY="delay"=115
HEXDIGIT=116 HOLD_TIME="hold-time"=116
NUMBER_ADDRESS_OR_WORD=117 IPV6_C="ipv6"=117
PIPE_CHAR=118 MAC_ADDRESS="mac-address"=118
NUMBER_SIGN=119 MULTICAST="multicast"=119
PERCENT=120 PPPOE=120
AMPERSAND=121 RIP="rip"=121
APOSTROPHE=122 SEC_LEVEL="security-level"=122
OPENING_PAREN=123 SHUTDOWN="shutdown"=123
CLOSING_PAREN=124 ADDRESS="address"=124
STAR=125 DHCP="dhcp"=125
PLUS=126 STANDBY="standby"=126
COMMA=127 SWITCHPORT="switchport"=127
MINUS=128 ACCESS="access"=128
DOT=129 REMARK="remark"=129
SLASH=130 ACCESS_GROUP="access-group"=130
COLON=131 COLON_COMMENT=131
SEMICOLON=132 SECONDARY="secondary"=132
LESS_THAN=133 SETROUTE="setroute"=133
EQUALS=134 Whitespace=134
GREATER_THAN=135 HEX_CONST=135
QUESTION=136 NEG_INT_CONST=136
COMMERCIAL_AT=137 DIGIT=137
OPENING_SQUARE=138 HEXDIGIT=138
CLOSING_SQUARE=139 NUMBER_ADDRESS_OR_WORD=139
CARET=140 PIPE_CHAR=140
UNDERLINE=141 NUMBER_SIGN=141
OPENING_BRACE=142 PERCENT=142
CLOSING_BRACE=143 AMPERSAND=143
TILDE=144 APOSTROPHE=144
EXLAMATION=145 OPENING_PAREN=145
CLOSING_PAREN=146
STAR=147
PLUS=148
COMMA=149
MINUS=150
DOT=151
SLASH=152
COLON=153
SEMICOLON=154
LESS_THAN=155
EQUALS=156
GREATER_THAN=157
QUESTION=158
COMMERCIAL_AT=159
OPENING_SQUARE=160
CLOSING_SQUARE=161
CARET=162
UNDERLINE=163
OPENING_BRACE=164
CLOSING_BRACE=165
TILDE=166
EXLAMATION=167

279
src/parsers/pix.g
View File

@ -1,4 +1,4 @@
/* /*
Firewall Builder Firewall Builder
@ -15,7 +15,7 @@
but WITHOUT ANY WARRANTY; without even the implied warranty of but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details. GNU General Public License for more details.
To get a copy of the GNU General Public License, write to the Free Software To get a copy of the GNU General Public License, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
@ -82,7 +82,7 @@ options
// additional methods and members // additional methods and members
public: public:
std::ostream *dbg; std::ostream *dbg;
PIXImporter *importer; PIXImporter *importer;
@ -119,7 +119,7 @@ cfgfile :
| |
community_list_command community_list_command
| |
unknown_ip_command unknown_ip_command
| |
intrface intrface
| |
@ -128,6 +128,12 @@ cfgfile :
controller controller
| |
access_list_commands access_list_commands
|
ssh_command
|
telnet_command
|
icmp_top_level_command
| |
access_group access_group
| |
@ -158,6 +164,8 @@ cfgfile :
crypto crypto
| |
no_commands no_commands
|
timeout_command
| |
unknown_command unknown_command
| |
@ -173,7 +181,14 @@ quit : QUIT
; ;
//**************************************************************** //****************************************************************
community_list_command : IP COMMUNITY_LIST community_list_command : IP COMMUNITY_LIST
{
consumeUntil(NEWLINE);
}
;
//****************************************************************
timeout_command : TIMEOUT
{ {
consumeUntil(NEWLINE); consumeUntil(NEWLINE);
} }
@ -237,7 +252,7 @@ named_object_network : OBJECT NETWORK name:WORD
)* )*
; ;
named_object_network_parameters : named_object_network_parameters :
( (
named_object_nat named_object_nat
| |
@ -246,7 +261,7 @@ named_object_network_parameters :
range_addr range_addr
| |
subnet_addr subnet_addr
| |
named_object_description named_object_description
) )
; ;
@ -361,7 +376,7 @@ named_object_service_parameters :
| |
named_object_description named_object_description
) )
; ;
service_icmp : SERVICE ICMP service_icmp : SERVICE ICMP
( (
@ -369,9 +384,10 @@ service_icmp : SERVICE ICMP
{ {
importer->icmp_type = LT(0)->getText(); importer->icmp_type = LT(0)->getText();
} }
| icmp_word:WORD |
icmp_names
{ {
importer->icmp_spec = icmp_word->getText(); importer->icmp_spec = LT(0)->getText();
} }
) )
{ {
@ -461,7 +477,7 @@ object_group_network : OBJECT_GROUP NETWORK name:WORD
)+ )+
; ;
object_group_network_parameters : object_group_network_parameters :
NEWLINE NEWLINE
( (
object_group_description object_group_description
@ -559,7 +575,7 @@ object_group_protocol : OBJECT_GROUP PROTOCOL name:WORD
)+ )+
; ;
object_group_protocol_parameters : object_group_protocol_parameters :
NEWLINE NEWLINE
( (
object_group_description object_group_description
@ -627,7 +643,7 @@ object_group_icmp_8_3 : OBJECT_GROUP ICMP_TYPE name:WORD
)* )*
; ;
object_group_icmp_parameters : object_group_icmp_parameters :
NEWLINE NEWLINE
( (
object_group_description object_group_description
@ -649,9 +665,10 @@ icmp_object : ICMP_OBJECT
{ {
importer->icmp_type = LT(0)->getText(); importer->icmp_type = LT(0)->getText();
} }
| icmp_word:WORD |
icmp_names
{ {
importer->icmp_spec = icmp_word->getText(); importer->icmp_spec = LT(0)->getText();
} }
) )
{ {
@ -685,7 +702,7 @@ object_group_service : OBJECT_GROUP SERVICE name:WORD ( tcp:TCP | udp:UDP | tcpu
)+ )+
; ;
object_group_service_parameters : object_group_service_parameters :
NEWLINE NEWLINE
( (
object_group_description object_group_description
@ -729,9 +746,10 @@ service_object : SERVICE_OBJECT
{ {
importer->icmp_type = LT(0)->getText(); importer->icmp_type = LT(0)->getText();
} }
| icmp_word:WORD |
icmp_names
{ {
importer->icmp_spec = icmp_word->getText(); importer->icmp_spec = LT(0)->getText();
} }
) )
{ {
@ -764,21 +782,21 @@ crypto : CRYPTO
; ;
//**************************************************************** //****************************************************************
unknown_ip_command : IP WORD unknown_ip_command : IP WORD
{ {
consumeUntil(NEWLINE); consumeUntil(NEWLINE);
} }
; ;
//**************************************************************** //****************************************************************
unknown_command : WORD unknown_command : WORD
{ {
consumeUntil(NEWLINE); consumeUntil(NEWLINE);
} }
; ;
//**************************************************************** //****************************************************************
no_commands : NO no_commands : NO
{ {
*dbg << " TOP LEVEL \"NO\" COMMAND: " *dbg << " TOP LEVEL \"NO\" COMMAND: "
<< LT(0)->getText() << std::endl; << LT(0)->getText() << std::endl;
@ -787,7 +805,7 @@ no_commands : NO
; ;
//**************************************************************** //****************************************************************
certificate : CERTIFICATE WORD certificate : CERTIFICATE WORD
{ {
consumeUntil(NEWLINE); consumeUntil(NEWLINE);
consumeUntil(QUIT); consumeUntil(QUIT);
@ -817,7 +835,7 @@ hostname : HOSTNAME ( STRING | WORD )
//**************************************************************** //****************************************************************
access_list_commands : ACCESS_LIST name:WORD access_list_commands : ACCESS_LIST name:WORD
{ {
importer->clear(); importer->clear();
importer->setCurrentLineNumber(LT(0)->getLine()); importer->setCurrentLineNumber(LT(0)->getLine());
@ -848,7 +866,7 @@ access_list_commands : ACCESS_LIST name:WORD
; ;
//**************************************************************** //****************************************************************
permit_extended: ( EXTENDED )? PERMIT permit_extended: ( EXTENDED )? PERMIT
{ {
importer->setCurrentLineNumber(LT(0)->getLine()); importer->setCurrentLineNumber(LT(0)->getLine());
importer->newPolicyRule(); importer->newPolicyRule();
@ -874,7 +892,7 @@ deny_extended: ( EXTENDED )? DENY
} }
; ;
permit_standard: STANDARD PERMIT permit_standard: STANDARD PERMIT
{ {
importer->setCurrentLineNumber(LT(0)->getLine()); importer->setCurrentLineNumber(LT(0)->getLine());
importer->newPolicyRule(); importer->newPolicyRule();
@ -904,7 +922,7 @@ deny_standard: STANDARD DENY
// the difference between standard and extended acls should be in these rules // the difference between standard and extended acls should be in these rules
// standard acl only matches destination address // standard acl only matches destination address
rule_standard : rule_standard :
{ {
importer->tmp_a = "0.0.0.0"; importer->tmp_a = "0.0.0.0";
importer->tmp_nm = "0.0.0.0"; importer->tmp_nm = "0.0.0.0";
@ -917,7 +935,7 @@ rule_standard :
} }
; ;
rule_extended : rule_extended :
( (
ip_protocols ip_protocols
hostaddr_expr { importer->SaveTmpAddrToSrc(); *dbg << "(src) "; } hostaddr_expr { importer->SaveTmpAddrToSrc(); *dbg << "(src) "; }
@ -945,7 +963,7 @@ rule_extended :
} }
; ;
tcp_udp_rule_extended : tcp_udp_rule_extended :
( TCP | UDP ) ( TCP | UDP )
{ {
importer->protocol = LT(0)->getText(); importer->protocol = LT(0)->getText();
@ -986,7 +1004,7 @@ tcp_udp_rule_extended :
) )
| |
// not "object-group" keyword after src address spec. // not "object-group" keyword after src address spec.
OBJECT dst_addr_name:WORD (acl_xoperator_dst)? (established)? OBJECT dst_addr_name:WORD (acl_xoperator_dst)? (established)?
{ {
// looks like "object foo" at this point can only be dest addr. // looks like "object foo" at this point can only be dest addr.
// (judging by cli prompts on 8.3) // (judging by cli prompts on 8.3)
@ -1015,7 +1033,7 @@ tcp_udp_rule_extended :
//**************************************************************** //****************************************************************
acl_tcp_udp_dst_port_spec : acl_tcp_udp_dst_port_spec :
( (
// destination port spec. Can be blank, a named // destination port spec. Can be blank, a named
// object, object-group or inline // object, object-group or inline
@ -1028,7 +1046,7 @@ acl_tcp_udp_dst_port_spec :
*dbg << "dst port spec: " *dbg << "dst port spec: "
<< dst_port_group_name->getText() << std::endl; << dst_port_group_name->getText() << std::endl;
} }
(established)? (established)?
) )
| |
// not "object-group" // not "object-group"
@ -1038,12 +1056,12 @@ acl_tcp_udp_dst_port_spec :
*dbg << "dst addr object " << dst_port_obj_name->getText() *dbg << "dst addr object " << dst_port_obj_name->getText()
<< std::endl; << std::endl;
} }
(established)? (established)?
| |
// if not object-group and object, then it can optionally // if not object-group and object, then it can optionally
// be regular inline port spec // be regular inline port spec
(acl_xoperator_dst)? (acl_xoperator_dst)?
(established)? (established)?
) )
; ;
@ -1084,14 +1102,26 @@ icmp_spec :
<< icmp_code->getText() << " "; << icmp_code->getText() << " ";
} }
| |
icmp_word:WORD icmp_names
{ {
importer->icmp_spec = icmp_word->getText(); importer->icmp_spec = LT(0)->getText();
*dbg << icmp_word->getText() << " "; *dbg << LT(0)->getText() << " ";
} }
) )
; ;
icmp_names :
(
ALTERNATE_ADDRESS | CONVERSION_ERROR | ECHO |
ECHO_REPLY | INFORMATION_REPLY | INFORMATION_REQUEST |
MASK_REPLY | MASK_REQUEST | MOBILE_REDIRECT |
PARAMETER_PROBLEM | REDIRECT | ROUTER_ADVERTISEMENT |
ROUTER_SOLICITATION | SOURCE_QUENCH | TIME_EXCEEDED |
TIMESTAMP_REPLY | TIMESTAMP_REQUEST | TRACEROUTE |
UNREACHABLE
)
;
single_port_op : (P_EQ | P_GT | P_LT | P_NEQ ) single_port_op : (P_EQ | P_GT | P_LT | P_NEQ )
{ {
importer->tmp_port_op = LT(0)->getText(); importer->tmp_port_op = LT(0)->getText();
@ -1100,9 +1130,9 @@ single_port_op : (P_EQ | P_GT | P_LT | P_NEQ )
port_spec port_spec
; ;
port_spec : (WORD|INT_CONST) port_spec : tcp_udp_port_spec
{ {
importer->tmp_port_spec = (std::string(" ") + LT(0)->getText()); importer->tmp_port_spec = std::string(" ") + importer->tmp_port_spec_2;
*dbg << LT(0)->getText() << " " << importer->tmp_port_spec; *dbg << LT(0)->getText() << " " << importer->tmp_port_spec;
} }
; ;
@ -1114,18 +1144,28 @@ port_range : RANGE pair_of_ports_spec
} }
; ;
pair_of_ports_spec : (s1:WORD|s2:INT_CONST) (e1:WORD|e2:INT_CONST) pair_of_ports_spec :
{
importer->tmp_port_spec_2 = "";
}
tcp_udp_port_spec
{
importer->tmp_port_spec += importer->tmp_port_spec_2;
}
tcp_udp_port_spec
{ {
importer->tmp_port_spec = "";
if (s1) importer->tmp_port_spec += s1->getText();
if (s2) importer->tmp_port_spec += s2->getText();
importer->tmp_port_spec += " "; importer->tmp_port_spec += " ";
if (e1) importer->tmp_port_spec += e1->getText(); importer->tmp_port_spec += importer->tmp_port_spec_2;
if (e2) importer->tmp_port_spec += e2->getText();
*dbg << "pair of ports: " << importer->tmp_port_spec;
} }
; ;
tcp_udp_port_spec : (SSH | TELNET | WORD | INT_CONST)
{
importer->tmp_port_spec_2 = LT(0)->getText();
}
;
// using these to help with debugging // using these to help with debugging
hostaddr_expr_1 : hostaddr_expr ; hostaddr_expr_1 : hostaddr_expr ;
hostaddr_expr_2 : hostaddr_expr ; hostaddr_expr_2 : hostaddr_expr ;
@ -1152,14 +1192,14 @@ hostaddr_expr :
importer->tmp_nm = "255.255.255.255"; importer->tmp_nm = "255.255.255.255";
*dbg << h->getText() << "/255.255.255.255"; *dbg << h->getText() << "/255.255.255.255";
} }
| |
(a:IPV4 m:IPV4) (a:IPV4 m:IPV4)
{ {
importer->tmp_a = a->getText(); importer->tmp_a = a->getText();
importer->tmp_nm = m->getText(); importer->tmp_nm = m->getText();
*dbg << a->getText() << "/" << m->getText(); *dbg << a->getText() << "/" << m->getText();
} }
| |
ANY ANY
{ {
importer->tmp_a = "0.0.0.0"; importer->tmp_a = "0.0.0.0";
@ -1293,7 +1333,7 @@ nameif_top_level : NAMEIF p_intf:WORD intf_label:WORD sec_level:WORD
} }
; ;
interface_parameters : interface_parameters :
{ {
importer->setCurrentLineNumber(LT(0)->getLine()); importer->setCurrentLineNumber(LT(0)->getLine());
@ -1327,7 +1367,7 @@ vlan_interface : VLAN vlan_id:INT_CONST
} }
; ;
unsupported_interface_commands : unsupported_interface_commands :
( (
SPEED SPEED
| |
@ -1391,7 +1431,7 @@ sec_level : SEC_LEVEL sec_level:INT_CONST
// context in the grammar, function setInterfaceParametes() can locate // context in the grammar, function setInterfaceParametes() can locate
// right interface using its first parameter. // right interface using its first parameter.
// //
nameif : NAMEIF p_intf:WORD nameif : NAMEIF p_intf:WORD
( (
( WORD ) => intf_label:WORD sec_level:WORD | ( WORD ) => intf_label:WORD sec_level:WORD |
( ) ( )
@ -1444,13 +1484,13 @@ shutdown : SHUTDOWN
// vlan 101 // vlan 101
// nameif outside // nameif outside
// security-level 0 // security-level 0
// ip address 192.0.2.253 255.255.255.0 // ip address 192.0.2.253 255.255.255.0
// ! // !
// //
// interface Vlan1 // interface Vlan1
// nameif inside // nameif inside
// security-level 100 // security-level 100
// ip address dhcp setroute // ip address dhcp setroute
// ! // !
intf_address : IP ADDRESS (v6_ip_address | v7_ip_address) ; intf_address : IP ADDRESS (v6_ip_address | v7_ip_address) ;
@ -1526,6 +1566,111 @@ switchport : SWITCHPORT ACCESS VLAN vlan_num:INT_CONST
} }
; ;
//****************************************************************
// pretend ssh commands are rules in access lists with names
// "ssh_commands_" + interface_label
ssh_command : SSH ( ( TIMEOUT INT_CONST ) |
( hostaddr_expr intf_label:WORD )
{
importer->clear();
std::string acl_name = "ssh_commands_" + intf_label->getText();
importer->setCurrentLineNumber(LT(0)->getLine());
importer->newUnidirRuleSet(acl_name, libfwbuilder::Policy::TYPENAME );
importer->newPolicyRule();
importer->action = "permit";
importer->SaveTmpAddrToDst();
importer->setDstSelf();
importer->protocol = "tcp";
importer->dst_port_op = "eq";
importer->dst_port_spec = "ssh";
importer->setInterfaceAndDirectionForRuleSet(
acl_name, intf_label->getText(), "in" );
importer->pushRule();
}
)
;
telnet_command : TELNET ( ( TIMEOUT INT_CONST ) |
( hostaddr_expr intf_label:WORD )
{
importer->clear();
std::string acl_name = "telnet_commands_" + intf_label->getText();
importer->setCurrentLineNumber(LT(0)->getLine());
importer->newUnidirRuleSet(acl_name, libfwbuilder::Policy::TYPENAME );
importer->newPolicyRule();
importer->action = "permit";
importer->SaveTmpAddrToDst();
importer->setDstSelf();
importer->protocol = "tcp";
importer->dst_port_op = "eq";
importer->dst_port_spec = "telnet";
importer->setInterfaceAndDirectionForRuleSet(
acl_name, intf_label->getText(), "in" );
importer->pushRule();
}
)
;
// icmp command is non-determenistic syntactically because WORD can be
// used as a name of icmp type or as interface label. I am going to
// define all icmp types as tokens in icmp_types_for_icmp_command
// Looks like "icmp" command accepts limited set of icmp type names
// and can accept numeric code.
//
icmp_top_level_command : ICMP
(
( UNREACHABLE
{
consumeUntil(NEWLINE);
}
)
|
(
(permit:PERMIT | deny:DENY)
{
importer->clear();
}
hostaddr_expr
{
importer->SaveTmpAddrToSrc();
}
( icmp_types_for_icmp_command )?
intf_label:WORD
{
std::string acl_name = "icmp_commands_" + intf_label->getText();
importer->setCurrentLineNumber(LT(0)->getLine());
importer->newUnidirRuleSet(acl_name, libfwbuilder::Policy::TYPENAME );
importer->newPolicyRule();
if (permit) importer->action = "permit";
if (deny) importer->action = "deny";
importer->setDstSelf();
importer->protocol = "icmp";
importer->setInterfaceAndDirectionForRuleSet(
acl_name, intf_label->getText(), "in" );
importer->pushRule();
}
)
)
;
icmp_types_for_icmp_command :
INT_CONST
{
importer->icmp_type = LT(0)->getText();
importer->icmp_code = "0";
importer->icmp_spec = "";
}
|
(ECHO | ECHO_REPLY | TIME_EXCEEDED | UNREACHABLE)
{
importer->icmp_type = "";
importer->icmp_code = "0";
importer->icmp_spec = LT(0)->getText();
}
;
//**************************************************************** //****************************************************************
// remark. According to the Cisco docs, can only be used // remark. According to the Cisco docs, can only be used
@ -1604,7 +1749,7 @@ tokens
HOSTNAME = "hostname"; HOSTNAME = "hostname";
CERTIFICATE = "certificate"; CERTIFICATE = "certificate";
INTRFACE = "interface"; INTRFACE = "interface";
CONTROLLER = "controller"; CONTROLLER = "controller";
DESCRIPTION = "description"; DESCRIPTION = "description";
@ -1719,6 +1864,8 @@ tokens
NAT = "nat"; NAT = "nat";
SSH = "ssh";
TELNET = "telnet";
AUI = "aui"; AUI = "aui";
AUTO = "auto"; AUTO = "auto";
@ -1727,6 +1874,28 @@ tokens
FULL = "full"; FULL = "full";
BASETX = "baseTX"; BASETX = "baseTX";
TIMEOUT = "timeout";
ALTERNATE_ADDRESS = "alternate-address";
CONVERSION_ERROR = "conversion-error";
ECHO = "echo";
ECHO_REPLY = "echo-reply";
INFORMATION_REPLY = "information-reply";
INFORMATION_REQUEST = "information-request";
MASK_REPLY = "mask-reply";
MASK_REQUEST = "mask-request";
MOBILE_REDIRECT = "mobile-redirect";
PARAMETER_PROBLEM = "parameter-problem";
REDIRECT = "redirect";
ROUTER_ADVERTISEMENT = "router-advertisement";
ROUTER_SOLICITATION = "router-solicitation";
SOURCE_QUENCH = "source-quench";
TIME_EXCEEDED = "time-exceeded";
TIMESTAMP_REPLY = "timestamp-reply";
TIMESTAMP_REQUEST = "timestamp-request";
TRACEROUTE = "traceroute";
UNREACHABLE = "unreachable";
} }
LINE_COMMENT : "!" (~('\r' | '\n'))* NEWLINE ; LINE_COMMENT : "!" (~('\r' | '\n'))* NEWLINE ;
@ -1770,7 +1939,7 @@ protected
OBJECT_GROUP :; OBJECT_GROUP :;
NUMBER_ADDRESS_OR_WORD : NUMBER_ADDRESS_OR_WORD :
( (
( DIGIT ) => ( DIGIT ) =>
( (
@ -1793,7 +1962,7 @@ NUMBER_ADDRESS_OR_WORD :
| |
("obj" "ect") => ("obj" "ect") =>
( (
"object" "object"
( (
("-gr" "oup") { _ttype = OBJECT_GROUP; } ("-gr" "oup") { _ttype = OBJECT_GROUP; }
| |

15
src/unit_tests/ImporterTest/test_data/asa8.0.test
View File

@ -105,7 +105,22 @@ pager lines 24
mtu inside 1500 mtu inside 1500
mtu outside 1500 mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1 icmp unreachable rate-limit 1 burst-size 1
icmp permit any echo outside
icmp permit any 111 outside
icmp permit any time-exceeded outside
icmp permit any echo-reply outside
icmp permit any unreachable outside
icmp permit any outside
icmp permit host 10.1.1.202 time-exceeded inside
icmp permit host 10.1.1.202 echo-reply inside
icmp permit host 10.1.1.202 unreachable inside
icmp permit any echo inside
icmp permit any time-exceeded inside
icmp permit any echo-reply inside
icmp permit any unreachable inside
icmp permit any inside icmp permit any inside
icmp permit 10.1.1.0 255.255.255.0 inside
no asdm history enable no asdm history enable
arp timeout 14400 arp timeout 14400
timeout xlate 3:00:00 timeout xlate 3:00:00

13
src/unit_tests/ImporterTest/test_data/pix6.test
View File

@ -138,6 +138,7 @@ logging device-id ipaddress inside
logging host inside 10.1.1.10 logging host inside 10.1.1.10
logging host inside 10.1.1.40 format emblem logging host inside 10.1.1.40 format emblem
icmp permit any echo outside icmp permit any echo outside
icmp permit any 111 outside
icmp permit any time-exceeded outside icmp permit any time-exceeded outside
icmp permit any echo-reply outside icmp permit any echo-reply outside
icmp permit any unreachable outside icmp permit any unreachable outside
@ -151,6 +152,13 @@ icmp permit any echo-reply inside
icmp permit any unreachable inside icmp permit any unreachable inside
icmp permit any inside icmp permit any inside
icmp permit 10.1.1.0 255.255.255.0 inside icmp permit 10.1.1.0 255.255.255.0 inside
telnet 10.1.1.0 255.255.255.0 inside
telnet timeout 5
ssh 10.1.1.30 255.255.255.255 inside
ssh 10.1.1.0 255.255.255.0 inside
ssh timeout 5
mtu outside 1500 mtu outside 1500
mtu inside 1500 mtu inside 1500
ip address outside dhcp setroute retry 10 ip address outside dhcp setroute retry 10
@ -224,11 +232,6 @@ isakmp policy 10 encryption 3des
isakmp policy 10 hash sha isakmp policy 10 hash sha
isakmp policy 10 group 2 isakmp policy 10 group 2
isakmp policy 10 lifetime 86400 isakmp policy 10 lifetime 86400
telnet 10.1.1.0 255.255.255.0 inside
telnet timeout 5
ssh 10.1.1.30 255.255.255.255 inside
ssh 10.1.1.0 255.255.255.0 inside
ssh timeout 5
console timeout 0 console timeout 0
username foo password AAAAAAAAAAAAAAAA encrypted privilege 15 username foo password AAAAAAAAAAAAAAAA encrypted privilege 15
terminal width 256 terminal width 256

2
src/unit_tests/ImporterTest/test_data/pix7.test
View File

@ -165,6 +165,8 @@ tunnel-group 192.0.2.254 ipsec-attributes
telnet timeout 5 telnet timeout 5
ssh scopy enable ssh scopy enable
ssh 10.1.1.0 255.255.255.0 inside ssh 10.1.1.0 255.255.255.0 inside
ssh 10.1.2.0 255.255.255.0 inside
ssh 192.0.2.100 255.255.255.255 outside
ssh timeout 20 ssh timeout 20
console timeout 0 console timeout 0
! !