From 68bc1ec26355b32af598f5b8f348ebb5570d3eb6 Mon Sep 17 00:00:00 2001 From: Vadim Kurland Date: Thu, 26 May 2011 18:45:05 -0700 Subject: [PATCH] see #2394 populating policy rules with services --- src/import/PFImporter.cpp | 255 +++++++++++++++-- src/import/PFImporter.h | 50 +++- src/import/objectMaker.cpp | 95 +++++- src/import/objectMaker.h | 7 + src/parsers/PFCfgLexer.cpp | 168 +++++------ src/parsers/PFCfgParser.cpp | 556 +++++++++++++++++++----------------- src/parsers/PFCfgParser.hpp | 12 + src/parsers/pf.g | 19 +- 8 files changed, 785 insertions(+), 377 deletions(-) diff --git a/src/import/PFImporter.cpp b/src/import/PFImporter.cpp index 6aaff2f19..437e2ea97 100644 --- a/src/import/PFImporter.cpp +++ b/src/import/PFImporter.cpp @@ -33,21 +33,22 @@ #include "interfaceProperties.h" #include "interfacePropertiesObjectFactory.h" -#include "fwbuilder/FWObjectDatabase.h" +#include "fwbuilder/Address.h" #include "fwbuilder/AddressRange.h" #include "fwbuilder/AddressTable.h" -#include "fwbuilder/Resources.h" -#include "fwbuilder/Network.h" -#include "fwbuilder/Address.h" -#include "fwbuilder/InetAddr.h" -#include "fwbuilder/IPService.h" +#include "fwbuilder/FWObjectDatabase.h" #include "fwbuilder/ICMPService.h" -#include "fwbuilder/TCPService.h" -#include "fwbuilder/UDPService.h" -#include "fwbuilder/Policy.h" -#include "fwbuilder/RuleElement.h" +#include "fwbuilder/IPService.h" +#include "fwbuilder/InetAddr.h" #include "fwbuilder/Library.h" +#include "fwbuilder/Network.h" +#include "fwbuilder/Policy.h" +#include "fwbuilder/Resources.h" +#include "fwbuilder/RuleElement.h" +#include "fwbuilder/TCPService.h" #include "fwbuilder/TCPUDPService.h" +#include "fwbuilder/TagService.h" +#include "fwbuilder/UDPService.h" #include "../libgui/platforms.h" @@ -114,6 +115,7 @@ void PFImporter::clear() flags_mask = ""; tag = ""; tagged = ""; + tagged_neg = false; route_type = UNKNOWN; route_group.clear(); @@ -157,12 +159,215 @@ void PFImporter::addSrv() PolicyRule *rule = PolicyRule::cast(current_rule); RuleElement *re = rule->getSrv(); - // list::iterator it; - // for (it=dst_group.begin(); it!=dst_group.end(); ++it) - // { - // FWObject *obj = makeAddressObj(*it); - // if (obj) re->addRef(obj); - // } + list::iterator it; + for (it=proto_list.begin(); it!=proto_list.end(); ++it) + { + // TODO: need better interface to Importer::makeSrvObj() + // function and other functions that it uses. + protocol = *it; + if (protocol == "icmp") + { + list::iterator i1; + for (i1=icmp_type_code_group.begin(); + i1!=icmp_type_code_group.end(); ++i1) + { + IcmpSpec is = *i1; + ObjectSignature sig(error_tracker); + sig.type_name = ICMPService::TYPENAME; + + if ( ! is.icmp_type_name.empty()) + { + sig.setIcmpFromName(is.icmp_type_name.c_str()); + } else + { + sig.setIcmpType(is.icmp_type_int.c_str()); + } + + if ( ! is.icmp_code_name.empty()) + { + sig.setIcmpCodeFromName(is.icmp_code_name.c_str()); + } else + { + sig.setIcmpCode(is.icmp_code_int.c_str()); + } + + FWObject *s = service_maker->createObject(sig); + if (s) re->addRef(s); + } + } + + if (protocol == "tcp" || protocol == "udp") + { + // TODO: deal with cases where both source and destination + // ports are matched. + // See PIXImporter::fixServiceObjectUsedForBothSrcAndDstPorts() + + if (src_port_group.size() == 0 && dst_port_group.size() == 0) + { + // protocol has been defined but not ports to match + ObjectSignature sig(error_tracker); + + if (protocol == "tcp") + sig.type_name = TCPService::TYPENAME; + else + sig.type_name = UDPService::TYPENAME; + + re->addRef(commitObject(service_maker->createObject(sig))); + + } else + { + list::iterator psi; + + for (psi=src_port_group.begin(); + psi!=src_port_group.end(); ++psi) + { + PortSpec ps = *psi; + ObjectSignature sig(error_tracker); + QString port_spec = + QString("%1 %2") + .arg(ps.port1.c_str()).arg(ps.port2.c_str()); + + buildTCPUDPObjectSingature( + &sig, + ps.port_op.c_str(), + port_spec, + true, + protocol.c_str(), + flags_check.c_str(), + flags_mask.c_str()); + + re->addRef( + commitObject(service_maker->createObject(sig))); + } + + for (psi=dst_port_group.begin(); + psi!=dst_port_group.end(); ++psi) + { + PortSpec ps = *psi; + ObjectSignature sig(error_tracker); + QString port_spec = + QString("%1 %2") + .arg(ps.port1.c_str()).arg(ps.port2.c_str()); + + buildTCPUDPObjectSingature( + &sig, + ps.port_op.c_str(), + port_spec, + false, + protocol.c_str(), + flags_check.c_str(), + flags_mask.c_str()); + + re->addRef( + commitObject(service_maker->createObject(sig))); + } + } + } + } + + if (! tagged.empty()) + { + ObjectSignature sig(error_tracker); + sig.type_name = TagService::TYPENAME; + sig.tag = tagged.c_str(); + re->addRef( commitObject(service_maker->createObject(sig)) ); + if (tagged_neg) re->setNeg(true); + tagged = ""; + } + +} + +bool PFImporter::buildTCPUDPObjectSingature(ObjectSignature *sig, + const QString &port_op, + const QString &port_spec, + bool source, + const QString &protocol, + const QString &flags_check, + const QString &flags_mask) +{ + if (protocol == "tcp") + sig->type_name = TCPService::TYPENAME; + else + sig->type_name = UDPService::TYPENAME; + + bool range_inclusive = false; + QString port_op_cisco_style; + + // map port operations from PF to Cisco-like + + if (port_op == "=") port_op_cisco_style = "eq"; + if (port_op == "<=") port_op_cisco_style = "lt"; + if (port_op == ">=") port_op_cisco_style = "gt"; + + if (port_op == "<") + { + range_inclusive = false; + port_op_cisco_style = "lt"; + } + + if (port_op == ">") + { + range_inclusive = false; + port_op_cisco_style = "gt"; + } + + if (port_op == "><") + { + range_inclusive = false; + port_op_cisco_style = "range"; + } + + if (port_op == ":") + { + range_inclusive = true; + port_op_cisco_style = "range"; + } + + if (port_op == "<>") + { + addMessageToLog( + QObject::tr("Error: 'except ranges' ('<>') for port numbers " + "are not supported yet.")); + return false; + } + + sig->port_range_inclusive = range_inclusive; + if (source) + sig->setSrcPortRangeFromPortOp(port_op_cisco_style, + port_spec, protocol); + else + sig->setDstPortRangeFromPortOp(port_op_cisco_style, + port_spec, protocol); + + if (protocol == "tcp") + { + convertTcpFlags(sig->flags_comp, flags_check); + convertTcpFlags(sig->flags_mask, flags_mask); + } + + return true; +} + +void PFImporter::convertTcpFlags(QList &flags_list, + const QString &flags_str) +{ + for (int i=0; isetBool("stateless", true); + if (state_op == "modulate") ropt->setBool("pf_modulate_state", true); + if (state_op == "keep") ropt->setBool("stateless", false); + if (state_op == "synproxy") ropt->setBool("pf_synproxy", false); /* * Set tagging rule option using variable tag */ + if ( ! tag.empty()) + { + ObjectSignature sig(error_tracker); + sig.type_name = TagService::TYPENAME; + sig.tag = tag.c_str(); + FWObject *tobj = commitObject(service_maker->createObject(sig)); + rule->setTagging(tobj != NULL); + rule->setTagObject(tobj); + } /* * Set queueing rule option using variable queue */ - - + if (! queue.empty()) ropt->setStr("pf_classify_str", queue); /* * Protocols are in proto_list diff --git a/src/import/PFImporter.h b/src/import/PFImporter.h index cc092f89a..31e94f3bb 100644 --- a/src/import/PFImporter.h +++ b/src/import/PFImporter.h @@ -119,6 +119,40 @@ public: { port1 = s1; port2 = s2; port_op = s3; } }; +class IcmpSpec +{ +public: + std::string icmp_type_name; + std::string icmp_type_int; + std::string icmp_code_name; + std::string icmp_code_int; + + IcmpSpec() + { + icmp_type_name = ""; + icmp_type_int = ""; + icmp_code_name = ""; + icmp_code_int = ""; + } + + IcmpSpec(const IcmpSpec &other) + { + icmp_type_name = other.icmp_type_name; + icmp_type_int = other.icmp_type_int; + icmp_code_name = other.icmp_code_name; + icmp_code_int = other.icmp_code_int; + } + + IcmpSpec(const std::string s1, const std::string s2, + const std::string s3, const std::string s4) + { + icmp_type_name = s1; + icmp_type_int = s2; + icmp_code_name = s3; + icmp_code_int = s4; + } +}; + class RouteSpec { @@ -179,7 +213,7 @@ public: std::list< PortSpec > dst_port_group; std::list< PortSpec > tmp_port_group; - std::list icmp_type_code_group; + std::list< IcmpSpec > icmp_type_code_group; route_op_type route_type; std::list route_group; @@ -189,7 +223,10 @@ public: std::string logopts; std::string flags_check; std::string flags_mask; + std::string tag; + + bool tagged_neg; std::string tagged; libfwbuilder::NATRule::NATRuleTypes rule_type; @@ -229,6 +266,17 @@ public: void newAddressTableObject(const std::string &name, const std::string &file); void newAddressTableObject(const std::string &name, std::list &addresses); + + + bool buildTCPUDPObjectSingature(ObjectSignature *sig, + const QString &port_op, + const QString &port_spec, + bool source, + const QString &protocol, + const QString &flags_check, + const QString &flags_mask); + + void convertTcpFlags(QList &flags_list, const QString &flags_str); }; #endif diff --git a/src/import/objectMaker.cpp b/src/import/objectMaker.cpp index 1ae27e171..542737c73 100644 --- a/src/import/objectMaker.cpp +++ b/src/import/objectMaker.cpp @@ -70,6 +70,7 @@ using namespace std; QMap > ObjectSignature::icmp_names; +QMap ObjectSignature::icmp_code_names; void ObjectMakerErrorTracker::registerError(const QString &msg) @@ -252,6 +253,75 @@ ObjectSignature::ObjectSignature(const ObjectSignature &other) icmp_names["address-mask-reply"] = QPair(18,0); } + +/* + ICMP codes defined in "man 4 icmp". These are used by PF + + Num Abbrev. Type Description + 0 net-unr unreach Network unreachable + 1 host-unr unreach Host unreachable + 2 proto-unr unreach Protocol unreachable + 3 port-unr unreach Port unreachable + 4 needfrag unreach Fragmentation needed but DF bit set + 5 srcfail unreach Source routing failed + 6 net-unk unreach Network unknown + 7 host-unk unreach Host unknown + 8 isolate unreach Host isolated + 9 net-prohib unreach Network administratively prohibited + 10 host-prohib unreach Host administratively prohibited + 11 net-tos unreach Invalid TOS for network + 12 host-tos unreach Invalid TOS for host + 13 filter-prohib unreach Prohibited access + 14 host-preced unreach Precedence violation + 15 cutoff-preced unreac Precedence cutoff + 0 redir-net redir Shorter route for network + 1 redir-host redir Shorter route for host + 2 redir-tos-net redir Shorter route for TOS and network + 3 redir-tos-host redir Shorter route for TOS and host + 0 normal-adv routeradv Normal advertisement + 16 common-adv routeradv Selective advertisement + 0 transit timex Time exceeded in transit + 1 reassemb timex Time exceeded in reassembly + 0 badhead paramprob Invalid option pointer + 1 optmiss paramprob Missing option + 2 badlen paramprob Invalid length + 1 unknown-ind photuris Unknown security index + 2 auth-fail photuris Authentication failed + 3 decrypt-fail photuris Decryption failed +*/ + if (icmp_code_names.size() == 0) + { + icmp_code_names["net-unr"] = 0; + icmp_code_names["host-unr"] = 1; + icmp_code_names["proto-unr"] = 2; + icmp_code_names["port-unr"] = 3; + icmp_code_names["needfrag"] = 4; + icmp_code_names["srcfail"] = 5; + icmp_code_names["net-unk"] = 6; + icmp_code_names["host-unk"] = 7; + icmp_code_names["isolate"] = 8; + icmp_code_names["net-prohib"] = 9; + icmp_code_names["host-prohib"] = 10; + icmp_code_names["net-tos"] = 11; + icmp_code_names["host-tos"] = 12; + icmp_code_names["filter-prohib"] = 13; + icmp_code_names["host-preced"] = 14; + icmp_code_names["cutoff-preced"] = 15; + icmp_code_names["redir-net"] = 0; + icmp_code_names["redir-host"] = 1; + icmp_code_names["redir-tos-net"] = 2; + icmp_code_names["redir-tos-host"] = 3; + icmp_code_names["normal-adv"] = 0; + icmp_code_names["common-adv"] = 16; + icmp_code_names["transit"] = 0; + icmp_code_names["reassemb"] = 1; + icmp_code_names["badhead"] = 0; + icmp_code_names["optmiss"] = 1; + icmp_code_names["badlen"] = 2; + icmp_code_names["unknown-ind"] = 1; + icmp_code_names["auth-fail"] = 2; + icmp_code_names["decrypt-fail"] = 3; + } } void ObjectSignature::setAddress(const QString &s) @@ -322,7 +392,6 @@ void ObjectSignature::setProtocol(const QString &s) if (protocol == -1) { protocol = 0; -// throw ObjectMakerException( error_tracker->registerError( QString("Protocol '%1' is unknown").arg(s)); } @@ -337,9 +406,18 @@ void ObjectSignature::setIcmpFromName(const QString &s) icmp_type = p.first; icmp_code = p.second; } else -// throw ObjectMakerException( error_tracker->registerError( - QString("ICMP service name '%1' is unknown").arg(s)); + QString("ICMP type name '%1' is unknown").arg(s)); +} + +void ObjectSignature::setIcmpCodeFromName(const QString &s) +{ + if (icmp_code_names.count(s) > 0) + { + icmp_code = icmp_code_names[s]; + } else + error_tracker->registerError( + QString("ICMP code name '%1' is unknown").arg(s)); } void ObjectSignature::setIcmpType(const QString &s) @@ -353,7 +431,6 @@ void ObjectSignature::setIcmpType(const QString &s) { // could not convert icmp_type = -1; -// throw ObjectMakerException( error_tracker->registerError( QString("ICMP type '%1' is unusable").arg(s)); } @@ -465,6 +542,11 @@ void ObjectSignature::setSrcPortRangeFromPortOp(const QString &port_op, { if (portop == "lt") src_port_range_end--; if (portop == "gt") src_port_range_start++; + if (portop == "range") + { + src_port_range_end--; + src_port_range_start++; + } } } @@ -510,6 +592,11 @@ void ObjectSignature::setDstPortRangeFromPortOp(const QString &port_op, { if (portop == "lt") dst_port_range_end--; if (portop == "gt") dst_port_range_start++; + if (portop == "range") + { + dst_port_range_end--; + dst_port_range_start++; + } } } diff --git a/src/import/objectMaker.h b/src/import/objectMaker.h index 72c6885e9..c97ff0a2b 100644 --- a/src/import/objectMaker.h +++ b/src/import/objectMaker.h @@ -89,6 +89,7 @@ public: class ObjectSignature : public libfwbuilder::Dispatch { static QMap > icmp_names; + static QMap icmp_code_names; public: ObjectSignature(ObjectMakerErrorTracker *error_tracker); @@ -155,8 +156,14 @@ public: void setAddressRangeStart(const QString &s); void setAddressRangeEnd(const QString &s); void setProtocol(const QString &s); + + // set icmp type from string void setIcmpFromName(const QString &s); + // set icmp code from string + void setIcmpCodeFromName(const QString &s); + // set icmp type from string that reads a number void setIcmpType(const QString &s); + // set icmp code from string that reads a number void setIcmpCode(const QString &s); int portFromString(const QString &port_spec, const QString &proto, diff --git a/src/parsers/PFCfgLexer.cpp b/src/parsers/PFCfgLexer.cpp index e8a8e8a61..c6646bd4b 100644 --- a/src/parsers/PFCfgLexer.cpp +++ b/src/parsers/PFCfgLexer.cpp @@ -438,11 +438,11 @@ void PFCfgLexer::mLINE_COMMENT(bool _createToken) { } } else { - goto _loop151; + goto _loop152; } } - _loop151:; + _loop152:; } // ( ... )* mNEWLINE(false); if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { @@ -474,7 +474,7 @@ void PFCfgLexer::mNEWLINE(bool _createToken) { } if ( inputState->guessing==0 ) { -#line 1021 "pf.g" +#line 1030 "pf.g" newline(); #line 480 "PFCfgLexer.cpp" } @@ -555,7 +555,7 @@ void PFCfgLexer::mWhitespace(bool _createToken) { } } if ( inputState->guessing==0 ) { -#line 1016 "pf.g" +#line 1025 "pf.g" _ttype = ANTLR_USE_NAMESPACE(antlr)Token::SKIP; #line 561 "PFCfgLexer.cpp" } @@ -742,10 +742,10 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { _ttype = NUMBER_ADDRESS_OR_WORD; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; - bool synPredMatched176 = false; + bool synPredMatched177 = false; if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (_tokenSet_2.member(LA(2))) && (_tokenSet_2.member(LA(3))))) { - int _m176 = mark(); - synPredMatched176 = true; + int _m177 = mark(); + synPredMatched177 = true; inputState->guessing++; try { { @@ -756,12 +756,12 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { - synPredMatched176 = false; + synPredMatched177 = false; } - rewind(_m176); + rewind(_m177); inputState->guessing--; } - if ( synPredMatched176 ) { + if ( synPredMatched177 ) { { mNUM_3DIGIT(false); match('.' /* charlit */ ); @@ -772,99 +772,99 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { mNUM_3DIGIT(false); } if ( inputState->guessing==0 ) { -#line 1058 "pf.g" +#line 1067 "pf.g" _ttype = IPV4; #line 778 "PFCfgLexer.cpp" } } else { - bool synPredMatched183 = false; + bool synPredMatched184 = false; if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (_tokenSet_2.member(LA(2))) && (_tokenSet_2.member(LA(3))))) { - int _m183 = mark(); - synPredMatched183 = true; + int _m184 = mark(); + synPredMatched184 = true; inputState->guessing++; try { { { // ( ... )+ - int _cnt180=0; + int _cnt181=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt180>=1 ) { goto _loop180; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt181>=1 ) { goto _loop181; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt180++; + _cnt181++; } - _loop180:; + _loop181:; } // ( ... )+ match('.' /* charlit */ ); { // ( ... )+ - int _cnt182=0; + int _cnt183=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt182>=1 ) { goto _loop182; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt183>=1 ) { goto _loop183; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt182++; + _cnt183++; } - _loop182:; + _loop183:; } // ( ... )+ } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { - synPredMatched183 = false; + synPredMatched184 = false; } - rewind(_m183); + rewind(_m184); inputState->guessing--; } - if ( synPredMatched183 ) { + if ( synPredMatched184 ) { { { // ( ... )+ - int _cnt186=0; + int _cnt187=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt186>=1 ) { goto _loop186; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt187>=1 ) { goto _loop187; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt186++; + _cnt187++; } - _loop186:; + _loop187:; } // ( ... )+ match('.' /* charlit */ ); { // ( ... )+ - int _cnt188=0; + int _cnt189=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt188>=1 ) { goto _loop188; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt189>=1 ) { goto _loop189; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt188++; + _cnt189++; } - _loop188:; + _loop189:; } // ( ... )+ } if ( inputState->guessing==0 ) { -#line 1061 "pf.g" +#line 1070 "pf.g" _ttype = NUMBER; #line 861 "PFCfgLexer.cpp" } } else { - bool synPredMatched207 = false; + bool synPredMatched208 = false; if (((LA(1) == 0x3a /* ':' */ ) && (LA(2) == 0x3a /* ':' */ ) && ((LA(3) >= 0x30 /* '0' */ && LA(3) <= 0x39 /* '9' */ )))) { - int _m207 = mark(); - synPredMatched207 = true; + int _m208 = mark(); + synPredMatched208 = true; inputState->guessing++; try { { @@ -874,12 +874,12 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { - synPredMatched207 = false; + synPredMatched208 = false; } - rewind(_m207); + rewind(_m208); inputState->guessing--; } - if ( synPredMatched207 ) { + if ( synPredMatched208 ) { match(':' /* charlit */ ); match(':' /* charlit */ ); mNUM_HEX_4DIGIT(false); @@ -890,23 +890,23 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { mNUM_HEX_4DIGIT(false); } else { - goto _loop209; + goto _loop210; } } - _loop209:; + _loop210:; } // ( ... )* if ( inputState->guessing==0 ) { -#line 1084 "pf.g" +#line 1093 "pf.g" _ttype = IPV6; #line 903 "PFCfgLexer.cpp" } } else { - bool synPredMatched192 = false; + bool synPredMatched193 = false; if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && ((LA(2) >= 0x61 /* 'a' */ && LA(2) <= 0x66 /* 'f' */ )))) { - int _m192 = mark(); - synPredMatched192 = true; + int _m193 = mark(); + synPredMatched193 = true; inputState->guessing++; try { { @@ -915,60 +915,60 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { - synPredMatched192 = false; + synPredMatched193 = false; } - rewind(_m192); + rewind(_m193); inputState->guessing--; } - if ( synPredMatched192 ) { + if ( synPredMatched193 ) { { - bool synPredMatched197 = false; + bool synPredMatched198 = false; if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && ((LA(2) >= 0x61 /* 'a' */ && LA(2) <= 0x66 /* 'f' */ )) && ((LA(3) >= 0x30 /* '0' */ && LA(3) <= 0x3a /* ':' */ )))) { - int _m197 = mark(); - synPredMatched197 = true; + int _m198 = mark(); + synPredMatched198 = true; inputState->guessing++; try { { { // ( ... )+ - int _cnt196=0; + int _cnt197=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mNUM_HEX_4DIGIT(false); match(':' /* charlit */ ); } else { - if ( _cnt196>=1 ) { goto _loop196; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt197>=1 ) { goto _loop197; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt196++; + _cnt197++; } - _loop196:; + _loop197:; } // ( ... )+ match(':' /* charlit */ ); } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { - synPredMatched197 = false; + synPredMatched198 = false; } - rewind(_m197); + rewind(_m198); inputState->guessing--; } - if ( synPredMatched197 ) { + if ( synPredMatched198 ) { { { // ( ... )+ - int _cnt200=0; + int _cnt201=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mNUM_HEX_4DIGIT(false); match(':' /* charlit */ ); } else { - if ( _cnt200>=1 ) { goto _loop200; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt201>=1 ) { goto _loop201; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt200++; + _cnt201++; } - _loop200:; + _loop201:; } // ( ... )+ match(':' /* charlit */ ); { @@ -981,11 +981,11 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { mNUM_HEX_4DIGIT(false); } else { - goto _loop203; + goto _loop204; } } - _loop203:; + _loop204:; } // ( ... )* } else { @@ -994,7 +994,7 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { } } if ( inputState->guessing==0 ) { -#line 1075 "pf.g" +#line 1084 "pf.g" _ttype = IPV6; #line 1000 "PFCfgLexer.cpp" } @@ -1002,22 +1002,22 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { else if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && ((LA(2) >= 0x61 /* 'a' */ && LA(2) <= 0x66 /* 'f' */ )) && ((LA(3) >= 0x30 /* '0' */ && LA(3) <= 0x3a /* ':' */ ))) { mNUM_HEX_4DIGIT(false); { // ( ... )+ - int _cnt205=0; + int _cnt206=0; for (;;) { if ((LA(1) == 0x3a /* ':' */ )) { match(':' /* charlit */ ); mNUM_HEX_4DIGIT(false); } else { - if ( _cnt205>=1 ) { goto _loop205; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt206>=1 ) { goto _loop206; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt205++; + _cnt206++; } - _loop205:; + _loop206:; } // ( ... )+ if ( inputState->guessing==0 ) { -#line 1078 "pf.g" +#line 1087 "pf.g" _ttype = IPV6; #line 1023 "PFCfgLexer.cpp" } @@ -1028,7 +1028,7 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { } if ( inputState->guessing==0 ) { -#line 1080 "pf.g" +#line 1089 "pf.g" _ttype = IPV6; #line 1034 "PFCfgLexer.cpp" } @@ -1037,28 +1037,28 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { match(':' /* charlit */ ); match(':' /* charlit */ ); if ( inputState->guessing==0 ) { -#line 1087 "pf.g" +#line 1096 "pf.g" _ttype = IPV6; #line 1043 "PFCfgLexer.cpp" } } else if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (true) && (true)) { { // ( ... )+ - int _cnt190=0; + int _cnt191=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt190>=1 ) { goto _loop190; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt191>=1 ) { goto _loop191; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt190++; + _cnt191++; } - _loop190:; + _loop191:; } // ( ... )+ if ( inputState->guessing==0 ) { -#line 1066 "pf.g" +#line 1075 "pf.g" _ttype = INT_CONST; #line 1064 "PFCfgLexer.cpp" } @@ -1066,7 +1066,7 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { else if ((LA(1) == 0x3a /* ':' */ ) && (true)) { match(':' /* charlit */ ); if ( inputState->guessing==0 ) { -#line 1090 "pf.g" +#line 1099 "pf.g" _ttype = COLON; #line 1072 "PFCfgLexer.cpp" } @@ -1279,14 +1279,14 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { } default: { - goto _loop212; + goto _loop213; } } } - _loop212:; + _loop213:; } // ( ... )* if ( inputState->guessing==0 ) { -#line 1102 "pf.g" +#line 1111 "pf.g" _ttype = WORD; #line 1292 "PFCfgLexer.cpp" } @@ -1316,11 +1316,11 @@ void PFCfgLexer::mSTRING(bool _createToken) { matchNot('\"' /* charlit */ ); } else { - goto _loop215; + goto _loop216; } } - _loop215:; + _loop216:; } // ( ... )* match('\"' /* charlit */ ); if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { diff --git a/src/parsers/PFCfgParser.cpp b/src/parsers/PFCfgParser.cpp index bebadf05a..6d3f51171 100644 --- a/src/parsers/PFCfgParser.cpp +++ b/src/parsers/PFCfgParser.cpp @@ -731,6 +731,7 @@ void PFCfgParser::rule_extended() { } case NEWLINE: case QUEUE: + case EXLAMATION: case LOG: case ALL: case TO: @@ -770,6 +771,7 @@ void PFCfgParser::rule_extended() { } case NEWLINE: case QUEUE: + case EXLAMATION: case ALL: case TO: case QUICK: @@ -808,6 +810,7 @@ void PFCfgParser::rule_extended() { } case NEWLINE: case QUEUE: + case EXLAMATION: case ALL: case TO: case ON: @@ -845,6 +848,7 @@ void PFCfgParser::rule_extended() { } case NEWLINE: case QUEUE: + case EXLAMATION: case ALL: case TO: case INET: @@ -882,6 +886,7 @@ void PFCfgParser::rule_extended() { } case NEWLINE: case QUEUE: + case EXLAMATION: case ALL: case TO: case INET: @@ -917,6 +922,7 @@ void PFCfgParser::rule_extended() { } case NEWLINE: case QUEUE: + case EXLAMATION: case ALL: case TO: case PROTO: @@ -949,6 +955,7 @@ void PFCfgParser::rule_extended() { } case NEWLINE: case QUEUE: + case EXLAMATION: case ALL: case TO: case FROM: @@ -985,6 +992,7 @@ void PFCfgParser::rule_extended() { { switch ( LA(1)) { case QUEUE: + case EXLAMATION: case FLAGS: case ICMP_TYPE: case ICMP6_TYPE: @@ -1042,7 +1050,7 @@ void PFCfgParser::direction() { importer->direction = LT(0)->getText(); -#line 1046 "PFCfgParser.cpp" +#line 1054 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -1064,6 +1072,7 @@ void PFCfgParser::logging() { } case NEWLINE: case QUEUE: + case EXLAMATION: case ALL: case TO: case QUICK: @@ -1097,7 +1106,7 @@ void PFCfgParser::logging() { importer->logging = true; -#line 1101 "PFCfgParser.cpp" +#line 1110 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -1114,7 +1123,7 @@ void PFCfgParser::quick() { importer->quick = true; -#line 1118 "PFCfgParser.cpp" +#line 1127 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -1197,7 +1206,7 @@ void PFCfgParser::address_family() { importer->address_family = LT(0)->getText(); -#line 1201 "PFCfgParser.cpp" +#line 1210 "PFCfgParser.cpp" break; } default: @@ -1240,11 +1249,12 @@ void PFCfgParser::hosts() { importer->dst_group.push_back( AddressSpec(AddressSpec::ANY, false, "0.0.0.0", "0.0.0.0")); -#line 1244 "PFCfgParser.cpp" +#line 1253 "PFCfgParser.cpp" break; } case NEWLINE: case QUEUE: + case EXLAMATION: case TO: case FROM: case FLAGS: @@ -1267,6 +1277,7 @@ void PFCfgParser::hosts() { } case NEWLINE: case QUEUE: + case EXLAMATION: case TO: case FLAGS: case ICMP_TYPE: @@ -1296,6 +1307,7 @@ void PFCfgParser::hosts() { } case NEWLINE: case QUEUE: + case EXLAMATION: case FLAGS: case ICMP_TYPE: case ICMP6_TYPE: @@ -1345,6 +1357,7 @@ void PFCfgParser::filteropts() { break; } case QUEUE: + case EXLAMATION: case FLAGS: case ICMP_TYPE: case ICMP6_TYPE: @@ -1392,7 +1405,7 @@ void PFCfgParser::logopts() { match(COMMA); #line 399 "pf.g" importer->logopts += ","; -#line 1396 "PFCfgParser.cpp" +#line 1409 "PFCfgParser.cpp" logopt(); } else { @@ -1433,7 +1446,7 @@ void PFCfgParser::logopt() { importer->logopts += LT(0)->getText(); -#line 1437 "PFCfgParser.cpp" +#line 1450 "PFCfgParser.cpp" break; } default: @@ -1452,7 +1465,7 @@ void PFCfgParser::ifspec() { Tracer traceInOut(this, "ifspec"); #line 420 "pf.g" InterfaceSpec is; -#line 1456 "PFCfgParser.cpp" +#line 1469 "PFCfgParser.cpp" try { // for error handling { @@ -1462,7 +1475,7 @@ void PFCfgParser::ifspec() { match(EXLAMATION); #line 421 "pf.g" is.neg = true; -#line 1466 "PFCfgParser.cpp" +#line 1479 "PFCfgParser.cpp" break; } case WORD: @@ -1482,7 +1495,7 @@ void PFCfgParser::ifspec() { importer->iface_group.push_back(is); importer->newInterface(is.name); -#line 1486 "PFCfgParser.cpp" +#line 1499 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -1679,7 +1692,7 @@ void PFCfgParser::proto_name() { importer->proto_list.push_back(LT(0)->getText()); -#line 1683 "PFCfgParser.cpp" +#line 1696 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -1696,7 +1709,7 @@ void PFCfgParser::proto_number() { importer->proto_list.push_back(LT(0)->getText()); -#line 1700 "PFCfgParser.cpp" +#line 1713 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -1770,43 +1783,15 @@ void PFCfgParser::hosts_from() { try { // for error handling match(FROM); { - switch ( LA(1)) { - case WORD: - case LESS_THAN: - case OPENING_BRACE: - case EXLAMATION: - case SELF: - case IPV4: - case URPF_FAILED: - case ANY: - case NO_ROUTE: - case IPV6: - { + if ((_tokenSet_20.member(LA(1))) && (_tokenSet_21.member(LA(2)))) { src_hosts_part(); - break; } - case NEWLINE: - case QUEUE: - case TO: - case FLAGS: - case ICMP_TYPE: - case ICMP6_TYPE: - case TAGGED: - case TAG: - case NO: - case KEEP: - case MODULATE: - case SYNPROXY: - case LABEL: - case PORT: - { - break; + else if ((_tokenSet_22.member(LA(1))) && (_tokenSet_23.member(LA(2)))) { } - default: - { + else { throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); } - } + } { switch ( LA(1)) { @@ -1817,6 +1802,7 @@ void PFCfgParser::hosts_from() { } case NEWLINE: case QUEUE: + case EXLAMATION: case TO: case FLAGS: case ICMP_TYPE: @@ -1840,7 +1826,7 @@ void PFCfgParser::hosts_from() { } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_20); + recover(ex,_tokenSet_24); } } @@ -1850,41 +1836,15 @@ void PFCfgParser::hosts_to() { try { // for error handling match(TO); { - switch ( LA(1)) { - case WORD: - case LESS_THAN: - case OPENING_BRACE: - case EXLAMATION: - case SELF: - case IPV4: - case ANY: - case NO_ROUTE: - case IPV6: - { + if ((_tokenSet_25.member(LA(1))) && (_tokenSet_26.member(LA(2)))) { dst_hosts_part(); - break; } - case NEWLINE: - case QUEUE: - case FLAGS: - case ICMP_TYPE: - case ICMP6_TYPE: - case TAGGED: - case TAG: - case NO: - case KEEP: - case MODULATE: - case SYNPROXY: - case LABEL: - case PORT: - { - break; + else if ((_tokenSet_27.member(LA(1))) && (_tokenSet_28.member(LA(2)))) { } - default: - { + else { throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); } - } + } { switch ( LA(1)) { @@ -1895,6 +1855,7 @@ void PFCfgParser::hosts_to() { } case NEWLINE: case QUEUE: + case EXLAMATION: case FLAGS: case ICMP_TYPE: case ICMP6_TYPE: @@ -1949,7 +1910,7 @@ void PFCfgParser::src_hosts_part() { AddressSpec(AddressSpec::SPECIAL_ADDRESS, false, "urpf-failed", "")); -#line 1953 "PFCfgParser.cpp" +#line 1914 "PFCfgParser.cpp" break; } default: @@ -1964,11 +1925,11 @@ void PFCfgParser::src_hosts_part() { importer->src_group.splice(importer->src_group.begin(), importer->tmp_group); -#line 1968 "PFCfgParser.cpp" +#line 1929 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_21); + recover(ex,_tokenSet_22); } } @@ -2000,16 +1961,16 @@ void PFCfgParser::src_port_part() { } } } -#line 800 "pf.g" +#line 809 "pf.g" importer->src_port_group.splice(importer->src_port_group.begin(), importer->tmp_port_group); -#line 2009 "PFCfgParser.cpp" +#line 1970 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_20); + recover(ex,_tokenSet_24); } } @@ -2024,11 +1985,11 @@ void PFCfgParser::dst_hosts_part() { importer->dst_group.splice(importer->dst_group.begin(), importer->tmp_group); -#line 2028 "PFCfgParser.cpp" +#line 1989 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_22); + recover(ex,_tokenSet_27); } } @@ -2060,12 +2021,12 @@ void PFCfgParser::dst_port_part() { } } } -#line 808 "pf.g" +#line 817 "pf.g" importer->dst_port_group.splice(importer->dst_port_group.begin(), importer->tmp_port_group); -#line 2069 "PFCfgParser.cpp" +#line 2030 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -2086,7 +2047,7 @@ void PFCfgParser::common_hosts_part() { importer->tmp_group.push_back( AddressSpec(AddressSpec::ANY, false, "0.0.0.0", "0.0.0.0")); -#line 2090 "PFCfgParser.cpp" +#line 2051 "PFCfgParser.cpp" break; } case NO_ROUTE: @@ -2097,7 +2058,7 @@ void PFCfgParser::common_hosts_part() { importer->tmp_group.push_back( AddressSpec(AddressSpec::SPECIAL_ADDRESS, false, "no-route", "")); -#line 2101 "PFCfgParser.cpp" +#line 2062 "PFCfgParser.cpp" break; } case WORD: @@ -2123,7 +2084,7 @@ void PFCfgParser::common_hosts_part() { } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_21); + recover(ex,_tokenSet_22); } } @@ -2132,7 +2093,7 @@ void PFCfgParser::host() { ANTLR_USE_NAMESPACE(antlr)RefToken tn = ANTLR_USE_NAMESPACE(antlr)nullToken; #line 548 "pf.g" AddressSpec as; -#line 2136 "PFCfgParser.cpp" +#line 2097 "PFCfgParser.cpp" try { // for error handling { @@ -2142,7 +2103,7 @@ void PFCfgParser::host() { match(EXLAMATION); #line 549 "pf.g" as.neg = true; -#line 2146 "PFCfgParser.cpp" +#line 2107 "PFCfgParser.cpp" break; } case WORD: @@ -2170,7 +2131,7 @@ void PFCfgParser::host() { as.at = AddressSpec::INTERFACE_NAME; as.address = LT(0)->getText(); -#line 2174 "PFCfgParser.cpp" +#line 2135 "PFCfgParser.cpp" break; } case SELF: @@ -2181,7 +2142,7 @@ void PFCfgParser::host() { as.at = AddressSpec::SPECIAL_ADDRESS; as.address = "self"; -#line 2185 "PFCfgParser.cpp" +#line 2146 "PFCfgParser.cpp" break; } case IPV6: @@ -2193,7 +2154,7 @@ void PFCfgParser::host() { QString("Error: IPv6 import is not supported. ")); consumeUntil(NEWLINE); -#line 2197 "PFCfgParser.cpp" +#line 2158 "PFCfgParser.cpp" break; } case IPV4: @@ -2204,7 +2165,7 @@ void PFCfgParser::host() { as.at = AddressSpec::HOST_ADDRESS; as.address = LT(0)->getText(); -#line 2208 "PFCfgParser.cpp" +#line 2169 "PFCfgParser.cpp" { switch ( LA(1)) { case SLASH: @@ -2214,7 +2175,7 @@ void PFCfgParser::host() { as.at = AddressSpec::NETWORK_ADDRESS; -#line 2218 "PFCfgParser.cpp" +#line 2179 "PFCfgParser.cpp" { switch ( LA(1)) { case IPV4: @@ -2237,13 +2198,14 @@ void PFCfgParser::host() { as.netmask = LT(0)->getText(); -#line 2241 "PFCfgParser.cpp" +#line 2202 "PFCfgParser.cpp" break; } case NEWLINE: case QUEUE: case COMMA: case CLOSING_BRACE: + case EXLAMATION: case TO: case FLAGS: case ICMP_TYPE: @@ -2278,7 +2240,7 @@ void PFCfgParser::host() { as.at = AddressSpec::TABLE; as.address = tn->getText(); -#line 2282 "PFCfgParser.cpp" +#line 2244 "PFCfgParser.cpp" break; } default: @@ -2291,11 +2253,11 @@ void PFCfgParser::host() { importer->tmp_group.push_back(as); -#line 2295 "PFCfgParser.cpp" +#line 2257 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_23); + recover(ex,_tokenSet_29); } } @@ -2322,7 +2284,7 @@ void PFCfgParser::host_list() { } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_21); + recover(ex,_tokenSet_22); } } @@ -2353,7 +2315,7 @@ void PFCfgParser::route_to() { importer->route_type = PFImporter::ROUTE_TO; -#line 2357 "PFCfgParser.cpp" +#line 2319 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -2388,7 +2350,7 @@ void PFCfgParser::reply_to() { importer->route_type = PFImporter::REPLY_TO; -#line 2392 "PFCfgParser.cpp" +#line 2354 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -2404,14 +2366,14 @@ void PFCfgParser::routehost() { ANTLR_USE_NAMESPACE(antlr)RefToken nm6 = ANTLR_USE_NAMESPACE(antlr)nullToken; #line 627 "pf.g" RouteSpec rs; -#line 2408 "PFCfgParser.cpp" +#line 2370 "PFCfgParser.cpp" try { // for error handling match(OPENING_PAREN); match(WORD); #line 629 "pf.g" rs.iface = LT(0)->getText(); -#line 2415 "PFCfgParser.cpp" +#line 2377 "PFCfgParser.cpp" { switch ( LA(1)) { case IPV4: @@ -2483,12 +2445,12 @@ void PFCfgParser::routehost() { importer->route_group.push_back(rs); } -#line 2487 "PFCfgParser.cpp" +#line 2449 "PFCfgParser.cpp" match(CLOSING_PAREN); } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_24); + recover(ex,_tokenSet_30); } } @@ -2555,6 +2517,7 @@ void PFCfgParser::filteropt() { icmp6_type(); break; } + case EXLAMATION: case TAGGED: { tagged(); @@ -2591,7 +2554,7 @@ void PFCfgParser::filteropt() { } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_25); + recover(ex,_tokenSet_31); } } @@ -2612,7 +2575,7 @@ void PFCfgParser::tcp_flags() { importer->flags_check = "any"; importer->flags_mask = "all"; -#line 2616 "PFCfgParser.cpp" +#line 2579 "PFCfgParser.cpp" break; } case WORD: @@ -2648,6 +2611,7 @@ void PFCfgParser::tcp_flags() { case NEWLINE: case QUEUE: case COMMA: + case EXLAMATION: case FLAGS: case ICMP_TYPE: case ICMP6_TYPE: @@ -2678,7 +2642,7 @@ void PFCfgParser::tcp_flags() { else importer->flags_mask = "all"; -#line 2682 "PFCfgParser.cpp" +#line 2646 "PFCfgParser.cpp" break; } default: @@ -2690,7 +2654,7 @@ void PFCfgParser::tcp_flags() { } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_25); + recover(ex,_tokenSet_31); } } @@ -2721,7 +2685,7 @@ void PFCfgParser::icmp_type() { } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_25); + recover(ex,_tokenSet_31); } } @@ -2730,17 +2694,17 @@ void PFCfgParser::icmp6_type() { try { // for error handling match(ICMP6_TYPE); -#line 740 "pf.g" +#line 748 "pf.g" importer->addMessageToLog( QString("Error: ICMP6 import is not supported. ")); consumeUntil(NEWLINE); -#line 2740 "PFCfgParser.cpp" +#line 2704 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_25); + recover(ex,_tokenSet_31); } } @@ -2748,17 +2712,37 @@ void PFCfgParser::tagged() { Tracer traceInOut(this, "tagged"); try { // for error handling + { + switch ( LA(1)) { + case EXLAMATION: + { + match(EXLAMATION); +#line 756 "pf.g" + importer->tagged_neg = true; +#line 2723 "PFCfgParser.cpp" + break; + } + case TAGGED: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } match(TAGGED); match(WORD); -#line 749 "pf.g" +#line 758 "pf.g" importer->tagged = LT(0)->getText(); -#line 2758 "PFCfgParser.cpp" +#line 2742 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_25); + recover(ex,_tokenSet_31); } } @@ -2768,15 +2752,15 @@ void PFCfgParser::tag_clause() { try { // for error handling match(TAG); match(WORD); -#line 756 "pf.g" +#line 765 "pf.g" importer->tag = LT(0)->getText(); -#line 2776 "PFCfgParser.cpp" +#line 2760 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_25); + recover(ex,_tokenSet_31); } } @@ -2812,16 +2796,16 @@ void PFCfgParser::state() { } } } -#line 771 "pf.g" +#line 780 "pf.g" importer->state_op = LT(0)->getText(); -#line 2820 "PFCfgParser.cpp" +#line 2804 "PFCfgParser.cpp" match(STATE); } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_25); + recover(ex,_tokenSet_31); } } @@ -2835,36 +2819,36 @@ void PFCfgParser::queue() { case WORD: { match(WORD); -#line 780 "pf.g" +#line 789 "pf.g" importer->queue += LT(0)->getText(); -#line 2841 "PFCfgParser.cpp" +#line 2825 "PFCfgParser.cpp" break; } case OPENING_PAREN: { match(OPENING_PAREN); match(WORD); -#line 783 "pf.g" +#line 792 "pf.g" importer->queue += LT(0)->getText(); -#line 2850 "PFCfgParser.cpp" +#line 2834 "PFCfgParser.cpp" { // ( ... )* for (;;) { if ((LA(1) == COMMA)) { match(COMMA); -#line 785 "pf.g" +#line 794 "pf.g" importer->queue += ","; -#line 2857 "PFCfgParser.cpp" +#line 2841 "PFCfgParser.cpp" match(WORD); -#line 786 "pf.g" +#line 795 "pf.g" importer->queue += LT(0)->getText(); -#line 2861 "PFCfgParser.cpp" +#line 2845 "PFCfgParser.cpp" } else { - goto _loop130; + goto _loop131; } } - _loop130:; + _loop131:; } // ( ... )* match(CLOSING_PAREN); break; @@ -2878,7 +2862,7 @@ void PFCfgParser::queue() { } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_25); + recover(ex,_tokenSet_31); } } @@ -2891,15 +2875,15 @@ void PFCfgParser::label() { } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_25); + recover(ex,_tokenSet_31); } } void PFCfgParser::icmp_type_code() { Tracer traceInOut(this, "icmp_type_code"); #line 716 "pf.g" - std::string icmp_type, icmp_code; -#line 2903 "PFCfgParser.cpp" + IcmpSpec is; +#line 2887 "PFCfgParser.cpp" try { // for error handling { @@ -2907,11 +2891,17 @@ void PFCfgParser::icmp_type_code() { case WORD: { match(WORD); +#line 718 "pf.g" + is.icmp_type_name = LT(0)->getText(); +#line 2897 "PFCfgParser.cpp" break; } case INT_CONST: { match(INT_CONST); +#line 720 "pf.g" + is.icmp_type_int = LT(0)->getText(); +#line 2905 "PFCfgParser.cpp" break; } default: @@ -2920,9 +2910,6 @@ void PFCfgParser::icmp_type_code() { } } } -#line 717 "pf.g" - icmp_type = LT(0)->getText(); -#line 2926 "PFCfgParser.cpp" { switch ( LA(1)) { case ICMP_CODE: @@ -2933,11 +2920,17 @@ void PFCfgParser::icmp_type_code() { case WORD: { match(WORD); +#line 725 "pf.g" + is.icmp_code_name = LT(0)->getText(); +#line 2926 "PFCfgParser.cpp" break; } case INT_CONST: { match(INT_CONST); +#line 727 "pf.g" + is.icmp_code_int = LT(0)->getText(); +#line 2934 "PFCfgParser.cpp" break; } default: @@ -2946,9 +2939,6 @@ void PFCfgParser::icmp_type_code() { } } } -#line 719 "pf.g" - icmp_code = LT(0)->getText(); -#line 2952 "PFCfgParser.cpp" break; } case NEWLINE: @@ -2956,6 +2946,7 @@ void PFCfgParser::icmp_type_code() { case QUEUE: case COMMA: case CLOSING_BRACE: + case EXLAMATION: case INT_CONST: case FLAGS: case ICMP_TYPE: @@ -2976,16 +2967,15 @@ void PFCfgParser::icmp_type_code() { } } } -#line 721 "pf.g" +#line 730 "pf.g" - importer->icmp_type_code_group.push_back( - str_tuple(icmp_type, icmp_code)); + importer->icmp_type_code_group.push_back(is); -#line 2985 "PFCfgParser.cpp" +#line 2975 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_26); + recover(ex,_tokenSet_32); } } @@ -3029,15 +3019,15 @@ void PFCfgParser::icmp_list() { } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_25); + recover(ex,_tokenSet_31); } } void PFCfgParser::port_op() { Tracer traceInOut(this, "port_op"); -#line 840 "pf.g" +#line 849 "pf.g" PortSpec ps; -#line 3041 "PFCfgParser.cpp" +#line 3031 "PFCfgParser.cpp" try { // for error handling { @@ -3048,41 +3038,41 @@ void PFCfgParser::port_op() { case EXLAMATION: { unary_port_op(); -#line 842 "pf.g" +#line 851 "pf.g" ps.port_op = importer->tmp_port_op; -#line 3054 "PFCfgParser.cpp" +#line 3044 "PFCfgParser.cpp" port_def(); -#line 844 "pf.g" +#line 853 "pf.g" ps.port1 = importer->tmp_port_def; ps.port2 = importer->tmp_port_def; -#line 3061 "PFCfgParser.cpp" +#line 3051 "PFCfgParser.cpp" break; } case WORD: case INT_CONST: { port_def(); -#line 850 "pf.g" +#line 859 "pf.g" ps.port1 = importer->tmp_port_def; ps.port2 = ps.port1; ps.port_op = "="; -#line 3074 "PFCfgParser.cpp" +#line 3064 "PFCfgParser.cpp" { - if ((LA(1) == LESS_THAN || LA(1) == GREATER_THAN || LA(1) == COLON) && (_tokenSet_27.member(LA(2)))) { + if ((LA(1) == LESS_THAN || LA(1) == GREATER_THAN || LA(1) == COLON) && (_tokenSet_33.member(LA(2)))) { binary_port_op(); -#line 856 "pf.g" +#line 865 "pf.g" ps.port_op = importer->tmp_port_op; -#line 3080 "PFCfgParser.cpp" +#line 3070 "PFCfgParser.cpp" port_def(); -#line 857 "pf.g" +#line 866 "pf.g" ps.port2 = LT(0)->getText(); -#line 3084 "PFCfgParser.cpp" +#line 3074 "PFCfgParser.cpp" } - else if ((_tokenSet_28.member(LA(1))) && (_tokenSet_29.member(LA(2)))) { + else if ((_tokenSet_34.member(LA(1))) && (_tokenSet_35.member(LA(2)))) { } else { throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); @@ -3097,15 +3087,15 @@ void PFCfgParser::port_op() { } } } -#line 860 "pf.g" +#line 869 "pf.g" importer->tmp_port_group.push_back(ps); -#line 3105 "PFCfgParser.cpp" +#line 3095 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_28); + recover(ex,_tokenSet_34); } } @@ -3117,7 +3107,7 @@ void PFCfgParser::port_op_list() { port_op(); { // ( ... )* for (;;) { - if ((_tokenSet_30.member(LA(1)))) { + if ((_tokenSet_36.member(LA(1)))) { { switch ( LA(1)) { case COMMA: @@ -3143,17 +3133,17 @@ void PFCfgParser::port_op_list() { port_op(); } else { - goto _loop147; + goto _loop148; } } - _loop147:; + _loop148:; } // ( ... )* match(CLOSING_BRACE); } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_20); + recover(ex,_tokenSet_24); } } @@ -3166,46 +3156,46 @@ void PFCfgParser::unary_port_op() { case EQUAL: { match(EQUAL); -#line 816 "pf.g" +#line 825 "pf.g" importer->tmp_port_op = "="; -#line 3172 "PFCfgParser.cpp" +#line 3162 "PFCfgParser.cpp" break; } case EXLAMATION: { match(EXLAMATION); match(EQUAL); -#line 818 "pf.g" +#line 827 "pf.g" importer->tmp_port_op = "!="; -#line 3181 "PFCfgParser.cpp" +#line 3171 "PFCfgParser.cpp" break; } default: if ((LA(1) == LESS_THAN) && (LA(2) == WORD || LA(2) == INT_CONST)) { match(LESS_THAN); -#line 820 "pf.g" +#line 829 "pf.g" importer->tmp_port_op = "<"; -#line 3189 "PFCfgParser.cpp" +#line 3179 "PFCfgParser.cpp" } else if ((LA(1) == LESS_THAN) && (LA(2) == EQUAL)) { match(LESS_THAN); match(EQUAL); -#line 822 "pf.g" +#line 831 "pf.g" importer->tmp_port_op = "<="; -#line 3196 "PFCfgParser.cpp" +#line 3186 "PFCfgParser.cpp" } else if ((LA(1) == GREATER_THAN) && (LA(2) == WORD || LA(2) == INT_CONST)) { match(GREATER_THAN); -#line 824 "pf.g" +#line 833 "pf.g" importer->tmp_port_op = ">"; -#line 3202 "PFCfgParser.cpp" +#line 3192 "PFCfgParser.cpp" } else if ((LA(1) == GREATER_THAN) && (LA(2) == EQUAL)) { match(GREATER_THAN); match(EQUAL); -#line 826 "pf.g" +#line 835 "pf.g" importer->tmp_port_op = ">="; -#line 3209 "PFCfgParser.cpp" +#line 3199 "PFCfgParser.cpp" } else { throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); @@ -3215,7 +3205,7 @@ void PFCfgParser::unary_port_op() { } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_31); + recover(ex,_tokenSet_37); } } @@ -3229,26 +3219,26 @@ void PFCfgParser::binary_port_op() { { match(LESS_THAN); match(GREATER_THAN); -#line 832 "pf.g" +#line 841 "pf.g" importer->tmp_port_op = "<>"; -#line 3235 "PFCfgParser.cpp" +#line 3225 "PFCfgParser.cpp" break; } case GREATER_THAN: { match(GREATER_THAN); match(LESS_THAN); -#line 834 "pf.g" +#line 843 "pf.g" importer->tmp_port_op = "><"; -#line 3244 "PFCfgParser.cpp" +#line 3234 "PFCfgParser.cpp" break; } case COLON: { match(COLON); -#line 836 "pf.g" +#line 845 "pf.g" importer->tmp_port_op = ":"; -#line 3252 "PFCfgParser.cpp" +#line 3242 "PFCfgParser.cpp" break; } default: @@ -3260,7 +3250,7 @@ void PFCfgParser::binary_port_op() { } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_31); + recover(ex,_tokenSet_37); } } @@ -3277,11 +3267,11 @@ void PFCfgParser::port_def() { case INT_CONST: { match(INT_CONST); -#line 867 "pf.g" +#line 876 "pf.g" importer->tmp_port_def = LT(0)->getText(); -#line 3285 "PFCfgParser.cpp" +#line 3275 "PFCfgParser.cpp" break; } default: @@ -3292,7 +3282,7 @@ void PFCfgParser::port_def() { } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_32); + recover(ex,_tokenSet_38); } } @@ -3453,9 +3443,9 @@ const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_2(_tokenSet_2_data const unsigned long PFCfgParser::_tokenSet_3_data_[] = { 130023488UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // WORD COMMA CLOSING_BRACE EXLAMATION "self" IPV4 const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_3(_tokenSet_3_data_,6); -const unsigned long PFCfgParser::_tokenSet_4_data_[] = { 1040UL, 1280UL, 392577UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// NEWLINE "queue" "all" "to" "from" "flags" "icmp-type" "icmp6-type" "tagged" -// "tag" "no" "keep" "modulate" "synproxy" "label" +const unsigned long PFCfgParser::_tokenSet_4_data_[] = { 16778256UL, 1280UL, 392577UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE "queue" EXLAMATION "all" "to" "from" "flags" "icmp-type" "icmp6-type" +// "tagged" "tag" "no" "keep" "modulate" "synproxy" "label" const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_4(_tokenSet_4_data_,8); const unsigned long PFCfgParser::_tokenSet_5_data_[] = { 4285562738UL, 1095UL, 1047966UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // EOF NEWLINE LINE_COMMENT WORD "antispoof" "altq" "queue" "set" "scrub" @@ -3464,50 +3454,52 @@ const unsigned long PFCfgParser::_tokenSet_5_data_[] = { 4285562738UL, 1095UL, 1 // "to" "urpf-failed" "any" "no-route" IPV6 "flags" "icmp-type" "icmp6-type" // "tagged" "tag" "no" "keep" "modulate" "synproxy" "state" "label" "port" const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_5(_tokenSet_5_data_,8); -const unsigned long PFCfgParser::_tokenSet_6_data_[] = { 1040UL, 0UL, 392576UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// NEWLINE "queue" "flags" "icmp-type" "icmp6-type" "tagged" "tag" "no" -// "keep" "modulate" "synproxy" "label" +const unsigned long PFCfgParser::_tokenSet_6_data_[] = { 16778256UL, 0UL, 392576UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE "queue" EXLAMATION "flags" "icmp-type" "icmp6-type" "tagged" +// "tag" "no" "keep" "modulate" "synproxy" "label" const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_6(_tokenSet_6_data_,8); -const unsigned long PFCfgParser::_tokenSet_7_data_[] = { 4168105842UL, 71UL, 523652UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +const unsigned long PFCfgParser::_tokenSet_7_data_[] = { 4184883058UL, 71UL, 523652UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // EOF NEWLINE LINE_COMMENT WORD "antispoof" "altq" "queue" "set" "scrub" -// "table" STRING OPENING_BRACE COMMA SLASH INT_CONST "nat" "binat" "rdr" -// "timeout" "pass" "block" OPENING_PAREN "any" "flags" "icmp-type" "icmp6-type" -// "tagged" "tag" "no" "keep" "modulate" "synproxy" "state" "label" +// "table" STRING OPENING_BRACE COMMA EXLAMATION SLASH INT_CONST "nat" +// "binat" "rdr" "timeout" "pass" "block" OPENING_PAREN "any" "flags" "icmp-type" +// "icmp6-type" "tagged" "tag" "no" "keep" "modulate" "synproxy" "state" +// "label" const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_7(_tokenSet_7_data_,8); const unsigned long PFCfgParser::_tokenSet_8_data_[] = { 16UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // NEWLINE const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_8(_tokenSet_8_data_,6); -const unsigned long PFCfgParser::_tokenSet_9_data_[] = { 1040UL, 64800UL, 392673UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// NEWLINE "queue" "log" "all" "to" "quick" "on" "inet" "inet6" "proto" +const unsigned long PFCfgParser::_tokenSet_9_data_[] = { 16778256UL, 64800UL, 392673UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE "queue" EXLAMATION "log" "all" "to" "quick" "on" "inet" "inet6" +// "proto" "from" "route-to" "reply-to" "flags" "icmp-type" "icmp6-type" +// "tagged" "tag" "no" "keep" "modulate" "synproxy" "label" +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_9(_tokenSet_9_data_,8); +const unsigned long PFCfgParser::_tokenSet_10_data_[] = { 16778256UL, 64768UL, 392673UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE "queue" EXLAMATION "all" "to" "quick" "on" "inet" "inet6" "proto" // "from" "route-to" "reply-to" "flags" "icmp-type" "icmp6-type" "tagged" // "tag" "no" "keep" "modulate" "synproxy" "label" -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_9(_tokenSet_9_data_,8); -const unsigned long PFCfgParser::_tokenSet_10_data_[] = { 1040UL, 64768UL, 392673UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// NEWLINE "queue" "all" "to" "quick" "on" "inet" "inet6" "proto" "from" +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_10(_tokenSet_10_data_,8); +const unsigned long PFCfgParser::_tokenSet_11_data_[] = { 16778256UL, 62720UL, 392673UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE "queue" EXLAMATION "all" "to" "on" "inet" "inet6" "proto" "from" // "route-to" "reply-to" "flags" "icmp-type" "icmp6-type" "tagged" "tag" // "no" "keep" "modulate" "synproxy" "label" -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_10(_tokenSet_10_data_,8); -const unsigned long PFCfgParser::_tokenSet_11_data_[] = { 1040UL, 62720UL, 392673UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// NEWLINE "queue" "all" "to" "on" "inet" "inet6" "proto" "from" "route-to" -// "reply-to" "flags" "icmp-type" "icmp6-type" "tagged" "tag" "no" "keep" -// "modulate" "synproxy" "label" const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_11(_tokenSet_11_data_,8); -const unsigned long PFCfgParser::_tokenSet_12_data_[] = { 1040UL, 58624UL, 392673UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// NEWLINE "queue" "all" "to" "inet" "inet6" "proto" "from" "route-to" -// "reply-to" "flags" "icmp-type" "icmp6-type" "tagged" "tag" "no" "keep" -// "modulate" "synproxy" "label" +const unsigned long PFCfgParser::_tokenSet_12_data_[] = { 16778256UL, 58624UL, 392673UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE "queue" EXLAMATION "all" "to" "inet" "inet6" "proto" "from" +// "route-to" "reply-to" "flags" "icmp-type" "icmp6-type" "tagged" "tag" +// "no" "keep" "modulate" "synproxy" "label" const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_12(_tokenSet_12_data_,8); -const unsigned long PFCfgParser::_tokenSet_13_data_[] = { 1040UL, 58624UL, 392577UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// NEWLINE "queue" "all" "to" "inet" "inet6" "proto" "from" "flags" "icmp-type" -// "icmp6-type" "tagged" "tag" "no" "keep" "modulate" "synproxy" "label" +const unsigned long PFCfgParser::_tokenSet_13_data_[] = { 16778256UL, 58624UL, 392577UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE "queue" EXLAMATION "all" "to" "inet" "inet6" "proto" "from" +// "flags" "icmp-type" "icmp6-type" "tagged" "tag" "no" "keep" "modulate" +// "synproxy" "label" const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_13(_tokenSet_13_data_,8); -const unsigned long PFCfgParser::_tokenSet_14_data_[] = { 1040UL, 34048UL, 392577UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// NEWLINE "queue" "all" "to" "proto" "from" "flags" "icmp-type" "icmp6-type" -// "tagged" "tag" "no" "keep" "modulate" "synproxy" "label" +const unsigned long PFCfgParser::_tokenSet_14_data_[] = { 16778256UL, 34048UL, 392577UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE "queue" EXLAMATION "all" "to" "proto" "from" "flags" "icmp-type" +// "icmp6-type" "tagged" "tag" "no" "keep" "modulate" "synproxy" "label" const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_14(_tokenSet_14_data_,8); -const unsigned long PFCfgParser::_tokenSet_15_data_[] = { 4195328UL, 0UL, 392576UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// "queue" COMMA "flags" "icmp-type" "icmp6-type" "tagged" "tag" "no" "keep" -// "modulate" "synproxy" "label" +const unsigned long PFCfgParser::_tokenSet_15_data_[] = { 20972544UL, 0UL, 392576UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// "queue" COMMA EXLAMATION "flags" "icmp-type" "icmp6-type" "tagged" "tag" +// "no" "keep" "modulate" "synproxy" "label" const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_15(_tokenSet_15_data_,8); const unsigned long PFCfgParser::_tokenSet_16_data_[] = { 4194304UL, 128UL, 0UL, 0UL, 0UL, 0UL }; // COMMA CLOSING_PAREN @@ -3517,71 +3509,105 @@ const unsigned long PFCfgParser::_tokenSet_17_data_[] = { 29361232UL, 58624UL, 3 // "inet6" "proto" "from" "route-to" "reply-to" "flags" "icmp-type" "icmp6-type" // "tagged" "tag" "no" "keep" "modulate" "synproxy" "label" const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_17(_tokenSet_17_data_,8); -const unsigned long PFCfgParser::_tokenSet_18_data_[] = { 283116560UL, 4294903040UL, 392577UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// NEWLINE "queue" OPENING_BRACE COMMA CLOSING_BRACE INT_CONST "all" "to" -// "ip" "icmp" "igmp" "tcp" "udp" "rdp" "rsvp" "gre" "esp" "ah" "eigrp" -// "ospf" "ipip" "vrrp" "l2tp" "isis" "from" "flags" "icmp-type" "icmp6-type" -// "tagged" "tag" "no" "keep" "modulate" "synproxy" "label" +const unsigned long PFCfgParser::_tokenSet_18_data_[] = { 299893776UL, 4294903040UL, 392577UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE "queue" OPENING_BRACE COMMA CLOSING_BRACE EXLAMATION INT_CONST +// "all" "to" "ip" "icmp" "igmp" "tcp" "udp" "rdp" "rsvp" "gre" "esp" "ah" +// "eigrp" "ospf" "ipip" "vrrp" "l2tp" "isis" "from" "flags" "icmp-type" +// "icmp6-type" "tagged" "tag" "no" "keep" "modulate" "synproxy" "label" const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_18(_tokenSet_18_data_,8); const unsigned long PFCfgParser::_tokenSet_19_data_[] = { 274726912UL, 4294901760UL, 0UL, 0UL, 0UL, 0UL }; // OPENING_BRACE COMMA INT_CONST "ip" "icmp" "igmp" "tcp" "udp" "rdp" "rsvp" // "gre" "esp" "ah" "eigrp" "ospf" "ipip" "vrrp" "l2tp" "isis" const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_19(_tokenSet_19_data_,6); -const unsigned long PFCfgParser::_tokenSet_20_data_[] = { 1040UL, 1024UL, 392576UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// NEWLINE "queue" "to" "flags" "icmp-type" "icmp6-type" "tagged" "tag" -// "no" "keep" "modulate" "synproxy" "label" +const unsigned long PFCfgParser::_tokenSet_20_data_[] = { 119554112UL, 0UL, 30UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// WORD LESS_THAN OPENING_BRACE EXLAMATION "self" IPV4 "urpf-failed" "any" +// "no-route" IPV6 const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_20(_tokenSet_20_data_,8); -const unsigned long PFCfgParser::_tokenSet_21_data_[] = { 1040UL, 1024UL, 916864UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// NEWLINE "queue" "to" "flags" "icmp-type" "icmp6-type" "tagged" "tag" -// "no" "keep" "modulate" "synproxy" "label" "port" +const unsigned long PFCfgParser::_tokenSet_21_data_[] = { 251675728UL, 1024UL, 916880UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE WORD "queue" LESS_THAN EXLAMATION "self" IPV4 SLASH "to" IPV6 +// "flags" "icmp-type" "icmp6-type" "tagged" "tag" "no" "keep" "modulate" +// "synproxy" "label" "port" const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_21(_tokenSet_21_data_,8); -const unsigned long PFCfgParser::_tokenSet_22_data_[] = { 1040UL, 0UL, 916864UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// NEWLINE "queue" "flags" "icmp-type" "icmp6-type" "tagged" "tag" "no" -// "keep" "modulate" "synproxy" "label" "port" +const unsigned long PFCfgParser::_tokenSet_22_data_[] = { 16778256UL, 1024UL, 916864UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE "queue" EXLAMATION "to" "flags" "icmp-type" "icmp6-type" "tagged" +// "tag" "no" "keep" "modulate" "synproxy" "label" "port" const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_22(_tokenSet_22_data_,8); -const unsigned long PFCfgParser::_tokenSet_23_data_[] = { 12583952UL, 1024UL, 916864UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// NEWLINE "queue" COMMA CLOSING_BRACE "to" "flags" "icmp-type" "icmp6-type" -// "tagged" "tag" "no" "keep" "modulate" "synproxy" "label" "port" +const unsigned long PFCfgParser::_tokenSet_23_data_[] = { 4285595634UL, 71UL, 1047964UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// EOF NEWLINE LINE_COMMENT WORD EQUAL "antispoof" "altq" "queue" "set" +// "scrub" "table" LESS_THAN GREATER_THAN STRING OPENING_BRACE COMMA EXLAMATION +// "self" IPV4 SLASH INT_CONST "nat" "binat" "rdr" "timeout" "pass" "block" +// OPENING_PAREN "any" "no-route" IPV6 "flags" "icmp-type" "icmp6-type" +// "tagged" "tag" "no" "keep" "modulate" "synproxy" "state" "label" "port" const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_23(_tokenSet_23_data_,8); -const unsigned long PFCfgParser::_tokenSet_24_data_[] = { 12583952UL, 58688UL, 392577UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// NEWLINE "queue" COMMA CLOSING_BRACE OPENING_PAREN "all" "to" "inet" -// "inet6" "proto" "from" "flags" "icmp-type" "icmp6-type" "tagged" "tag" -// "no" "keep" "modulate" "synproxy" "label" +const unsigned long PFCfgParser::_tokenSet_24_data_[] = { 16778256UL, 1024UL, 392576UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE "queue" EXLAMATION "to" "flags" "icmp-type" "icmp6-type" "tagged" +// "tag" "no" "keep" "modulate" "synproxy" "label" const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_24(_tokenSet_24_data_,8); -const unsigned long PFCfgParser::_tokenSet_25_data_[] = { 4195344UL, 0UL, 392576UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// NEWLINE "queue" COMMA "flags" "icmp-type" "icmp6-type" "tagged" "tag" -// "no" "keep" "modulate" "synproxy" "label" +const unsigned long PFCfgParser::_tokenSet_25_data_[] = { 119554112UL, 0UL, 28UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// WORD LESS_THAN OPENING_BRACE EXLAMATION "self" IPV4 "any" "no-route" +// IPV6 const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_25(_tokenSet_25_data_,8); -const unsigned long PFCfgParser::_tokenSet_26_data_[] = { 281019472UL, 0UL, 392576UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// NEWLINE WORD "queue" COMMA CLOSING_BRACE INT_CONST "flags" "icmp-type" -// "icmp6-type" "tagged" "tag" "no" "keep" "modulate" "synproxy" "label" +const unsigned long PFCfgParser::_tokenSet_26_data_[] = { 251675728UL, 0UL, 916880UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE WORD "queue" LESS_THAN EXLAMATION "self" IPV4 SLASH IPV6 "flags" +// "icmp-type" "icmp6-type" "tagged" "tag" "no" "keep" "modulate" "synproxy" +// "label" "port" const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_26(_tokenSet_26_data_,8); -const unsigned long PFCfgParser::_tokenSet_27_data_[] = { 268484672UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +const unsigned long PFCfgParser::_tokenSet_27_data_[] = { 16778256UL, 0UL, 916864UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE "queue" EXLAMATION "flags" "icmp-type" "icmp6-type" "tagged" +// "tag" "no" "keep" "modulate" "synproxy" "label" "port" +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_27(_tokenSet_27_data_,8); +const unsigned long PFCfgParser::_tokenSet_28_data_[] = { 4184932338UL, 71UL, 523652UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// EOF NEWLINE LINE_COMMENT WORD EQUAL "antispoof" "altq" "queue" "set" +// "scrub" "table" LESS_THAN GREATER_THAN STRING OPENING_BRACE COMMA EXLAMATION +// SLASH INT_CONST "nat" "binat" "rdr" "timeout" "pass" "block" OPENING_PAREN +// "any" "flags" "icmp-type" "icmp6-type" "tagged" "tag" "no" "keep" "modulate" +// "synproxy" "state" "label" +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_28(_tokenSet_28_data_,8); +const unsigned long PFCfgParser::_tokenSet_29_data_[] = { 29361168UL, 1024UL, 916864UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE "queue" COMMA CLOSING_BRACE EXLAMATION "to" "flags" "icmp-type" +// "icmp6-type" "tagged" "tag" "no" "keep" "modulate" "synproxy" "label" +// "port" +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_29(_tokenSet_29_data_,8); +const unsigned long PFCfgParser::_tokenSet_30_data_[] = { 29361168UL, 58688UL, 392577UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE "queue" COMMA CLOSING_BRACE EXLAMATION OPENING_PAREN "all" "to" +// "inet" "inet6" "proto" "from" "flags" "icmp-type" "icmp6-type" "tagged" +// "tag" "no" "keep" "modulate" "synproxy" "label" +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_30(_tokenSet_30_data_,8); +const unsigned long PFCfgParser::_tokenSet_31_data_[] = { 20972560UL, 0UL, 392576UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE "queue" COMMA EXLAMATION "flags" "icmp-type" "icmp6-type" "tagged" +// "tag" "no" "keep" "modulate" "synproxy" "label" +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_31(_tokenSet_31_data_,8); +const unsigned long PFCfgParser::_tokenSet_32_data_[] = { 297796688UL, 0UL, 392576UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE WORD "queue" COMMA CLOSING_BRACE EXLAMATION INT_CONST "flags" +// "icmp-type" "icmp6-type" "tagged" "tag" "no" "keep" "modulate" "synproxy" +// "label" +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_32(_tokenSet_32_data_,8); +const unsigned long PFCfgParser::_tokenSet_33_data_[] = { 268484672UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // WORD LESS_THAN GREATER_THAN INT_CONST -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_27(_tokenSet_27_data_,6); -const unsigned long PFCfgParser::_tokenSet_28_data_[] = { 297845968UL, 1024UL, 392576UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_33(_tokenSet_33_data_,6); +const unsigned long PFCfgParser::_tokenSet_34_data_[] = { 297845968UL, 1024UL, 392576UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // NEWLINE WORD EQUAL "queue" LESS_THAN GREATER_THAN COMMA CLOSING_BRACE // EXLAMATION INT_CONST "to" "flags" "icmp-type" "icmp6-type" "tagged" // "tag" "no" "keep" "modulate" "synproxy" "label" -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_28(_tokenSet_28_data_,8); -const unsigned long PFCfgParser::_tokenSet_29_data_[] = { 4293984242UL, 1095UL, 2096540UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_34(_tokenSet_34_data_,8); +const unsigned long PFCfgParser::_tokenSet_35_data_[] = { 4293984242UL, 1095UL, 2096540UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // EOF NEWLINE LINE_COMMENT WORD EQUAL "antispoof" "altq" "queue" "set" // "scrub" "table" LESS_THAN GREATER_THAN STRING OPENING_BRACE COMMA CLOSING_BRACE // EXLAMATION "self" IPV4 SLASH INT_CONST "nat" "binat" "rdr" "timeout" // "pass" "block" OPENING_PAREN "to" "any" "no-route" IPV6 "flags" "icmp-type" // "icmp6-type" "tagged" "tag" "no" "keep" "modulate" "synproxy" "state" // "label" "port" COLON -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_29(_tokenSet_29_data_,8); -const unsigned long PFCfgParser::_tokenSet_30_data_[] = { 289456320UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_35(_tokenSet_35_data_,8); +const unsigned long PFCfgParser::_tokenSet_36_data_[] = { 289456320UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // WORD EQUAL LESS_THAN GREATER_THAN COMMA EXLAMATION INT_CONST -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_30(_tokenSet_30_data_,6); -const unsigned long PFCfgParser::_tokenSet_31_data_[] = { 268435520UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_36(_tokenSet_36_data_,6); +const unsigned long PFCfgParser::_tokenSet_37_data_[] = { 268435520UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // WORD INT_CONST -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_31(_tokenSet_31_data_,6); -const unsigned long PFCfgParser::_tokenSet_32_data_[] = { 297845968UL, 1024UL, 1441152UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_37(_tokenSet_37_data_,6); +const unsigned long PFCfgParser::_tokenSet_38_data_[] = { 297845968UL, 1024UL, 1441152UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // NEWLINE WORD EQUAL "queue" LESS_THAN GREATER_THAN COMMA CLOSING_BRACE // EXLAMATION INT_CONST "to" "flags" "icmp-type" "icmp6-type" "tagged" // "tag" "no" "keep" "modulate" "synproxy" "label" COLON -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_32(_tokenSet_32_data_,8); +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_38(_tokenSet_38_data_,8); diff --git a/src/parsers/PFCfgParser.hpp b/src/parsers/PFCfgParser.hpp index a3ac5a9f6..14097c1f7 100644 --- a/src/parsers/PFCfgParser.hpp +++ b/src/parsers/PFCfgParser.hpp @@ -236,6 +236,18 @@ private: static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_31; static const unsigned long _tokenSet_32_data_[]; static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_32; + static const unsigned long _tokenSet_33_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_33; + static const unsigned long _tokenSet_34_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_34; + static const unsigned long _tokenSet_35_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_35; + static const unsigned long _tokenSet_36_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_36; + static const unsigned long _tokenSet_37_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_37; + static const unsigned long _tokenSet_38_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_38; }; #endif /*INC_PFCfgParser_hpp_*/ diff --git a/src/parsers/pf.g b/src/parsers/pf.g index eee2d6de8..98e7728e8 100644 --- a/src/parsers/pf.g +++ b/src/parsers/pf.g @@ -713,14 +713,22 @@ icmp_type : ) ; -icmp_type_code { std::string icmp_type, icmp_code; } : - ( WORD | INT_CONST ) { icmp_type = LT(0)->getText(); } +icmp_type_code { IcmpSpec is; } : + ( + WORD { is.icmp_type_name = LT(0)->getText(); } + | + INT_CONST { is.icmp_type_int = LT(0)->getText(); } + ) ( - ICMP_CODE ( WORD | INT_CONST ) { icmp_code = LT(0)->getText(); } + ICMP_CODE + ( + WORD { is.icmp_code_name = LT(0)->getText(); } + | + INT_CONST { is.icmp_code_int = LT(0)->getText(); } + ) )? { - importer->icmp_type_code_group.push_back( - str_tuple(icmp_type, icmp_code)); + importer->icmp_type_code_group.push_back(is); } ; @@ -745,6 +753,7 @@ icmp6_type : ; tagged : + ( EXLAMATION { importer->tagged_neg = true; } )? TAGGED WORD { importer->tagged = LT(0)->getText();