* newFirewallDialog.cpp (monitor): see #2126 Using snmp sysDescr

OID to guess version of the new firewall when it is created using snmp polling.
2026-03-20 18:27:16 +01:00 · 2011-02-21 16:34:29 -08:00 · 2011-02-21 16:34:29 -08:00 · 8ee59ebbf8
commit 8ee59ebbf8
parent cdbd1e35c3
6 changed files with 109 additions and 17 deletions
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@ -1,5 +1,9 @@
 2011-02-21  vadim  <vadim@netcitadel.com>

+	* newFirewallDialog.cpp (monitor): see #2126 Using snmp sysDescr
+	OID to guess version of the new firewall when it is created using
+	snmp polling.
+
 	* platform/pix.xml: see #1990 "Change default value for Cisco
 	ASA/PIX 7+ to generate outbound ACLs". Newly created PIX/ASA
 	firewall objects will now have "generate outbound acl" option
--- a/src/libfwbuilder/src/fwbuilder/snmp.cpp
+++ b/src/libfwbuilder/src/fwbuilder/snmp.cpp
@ -1842,9 +1842,13 @@ CrawlerFind::~CrawlerFind()
 {
 }

-void SNMP_interface_query::run_impl(Logger *logger,SyncFlag *stop_program) throw(FWException)
+void SNMP_interface_query::run_impl(Logger *logger, SyncFlag *stop_program)
+    throw(FWException)
 {
-    fetchInterfaces(logger,stop_program);
+    fetchSysInfo(logger, stop_program);
+    CHECK_STOP_AND_THROW_EXCEPTION;
+    
+    fetchInterfaces(logger, stop_program);
    
 #if 0
    // See #2084 this takes forever on decides with large routing
@ -1860,7 +1864,7 @@ void SNMP_interface_query::run_impl(Logger *logger,SyncFlag *stop_program) throw
    // We do not fail if this query does not succeed.
    try
    {
-        fetchRoutingTable(logger,stop_program);
+        fetchRoutingTable(logger, stop_program);
    } catch(FWException &ex)
    {
        *logger << "Error fetching routing table, external interface will not be detected.\n";
--- a/src/libgui/newFirewallDialog.cpp
+++ b/src/libgui/newFirewallDialog.cpp
@ -348,6 +348,15 @@ void newFirewallDialog::monitor()

    QString platform = readPlatform(m_dialog->platform);

+    guessOSAndPlatformFromSysDescr(q->getDescr().c_str(),
+                                   discovered_platform,
+                                   discovered_host_os,
+                                   discovered_version);
+
+    if (fwbdebug)
+        qDebug() << "Guessed version as " << discovered_version;
+
+
    map<int, InterfaceData>* intf = q->getInterfaces();
    map<int, InterfaceData>::iterator i;
    this->m_dialog->interfaceEditor1->clear();
@ -471,6 +480,7 @@ void newFirewallDialog::getInterfacesViaSNMP()
    m_dialog->snmpProgress->clear();

    if (q!=NULL) delete q;
+
    q = new SNMP_interface_query();
    q->init(addr.toString(), rcomm, SNMP_DEFAULT_RETRIES, SNMP_DEFAULT_TIMEOUT);

@ -1131,6 +1141,9 @@ void newFirewallDialog::finishClicked()
        o->setStr("host_OS", host_os);
        Resources::setDefaultTargetOptions(host_os , nfw);

+        if ( ! discovered_version.isEmpty())
+            o->setStr("version", discovered_version.toStdString());
+
 /* create interfaces */

        foreach(EditedInterfaceData iface,
--- a/src/libgui/newFirewallDialog.h
+++ b/src/libgui/newFirewallDialog.h
@ -44,7 +44,7 @@ namespace libfwbuilder {
    class Firewall;
    class Interface;
    class Logger;
-    class SNMP_interface_query;
+    class SNMPQuery;
 };

 class QTreeWidgetItem;
@ -55,21 +55,24 @@ class newFirewallDialog : public QDialog, public FakeWizard
 {
    Q_OBJECT;
    
-    Ui::newFirewallDialog_q            *m_dialog;
+    Ui::newFirewallDialog_q *m_dialog;

-    libfwbuilder::FWObject             *currentTemplate;
-    libfwbuilder::Firewall             *nfw;
-    bool                                snmpPollCompleted;
-    libfwbuilder::Logger               *logger;
-    libfwbuilder::SNMP_interface_query *q;
-    QTimer                             *timer;
-    libfwbuilder::FWObjectDatabase     *db;
-    libfwbuilder::FWObjectDatabase     *tmpldb;
-    libfwbuilder::FWObject             *parent;
+    libfwbuilder::FWObject *currentTemplate;
+    libfwbuilder::Firewall *nfw;
+    bool snmpPollCompleted;
+    libfwbuilder::Logger *logger;
+    libfwbuilder::SNMPQuery *q;
+    QTimer *timer;
+    libfwbuilder::FWObjectDatabase *db;
+    libfwbuilder::FWObjectDatabase *tmpldb;
+    libfwbuilder::FWObject *parent;
    std::map<QListWidgetItem*, libfwbuilder::FWObject*> templates;
-    bool                                unloadTemplatesLib;
-    bool                                getInterfacesBusy;
-
+    bool unloadTemplatesLib;
+    bool getInterfacesBusy;
+    QString discovered_platform;
+    QString discovered_host_os;
+    QString discovered_version;
+    
    std::list<std::string>              possible_inside_interface_labels;
    std::list<std::string>              possible_outside_interface_labels;
    std::list<std::string>              possible_dmz_interface_labels;
--- a/src/libgui/platforms.cpp
+++ b/src/libgui/platforms.cpp
@ -1191,4 +1191,69 @@ void guessSecurityLevel(const string&, InterfaceData *idata)
    if (idata->securityLevel==-1) idata->securityLevel = 0;
 }

+void guessOSAndPlatformFromSysDescr(
+    const QString &sysDescr, QString &platform, QString &hostOS, QString &version)
+{
+    QRegExp pix1("Cisco PIX Security Appliance Version ([0-9\\.]+)");
+    QRegExp pix2("Cisco Adaptive Security Appliance Version ([0-9\\.]+)");
+    QRegExp ios1("Cisco Internetwork Operating System Software .* Version ([0-9\\.]+)");
+
+    platform = "";
+    hostOS = "";
+    version = "";
+
+    if (fwbdebug)
+        qDebug() << "guessOSAndPlatformFromSysDescr:"
+                 << "sysdescr=" << sysDescr;
+
+    list<QStringPair> allowed_versions;
+    string version_from_sysdescr;
+
+    if (pix1.indexIn(sysDescr) > -1)
+    {
+        platform = "pix";
+        hostOS = "pix_os";
+        version_from_sysdescr = pix1.cap(1).toStdString();
+    }
+
+    if (pix2.indexIn(sysDescr) > -1)
+    {
+        platform = "pix";
+        hostOS = "pix_os";
+        version_from_sysdescr = pix2.cap(1).toStdString();
+    }
+
+    if (ios1.indexIn(sysDescr) > -1)
+    {
+        platform = "iosacl";
+        hostOS = "ios";
+        version_from_sysdescr = ios1.cap(1).toStdString();
+    }
+
+    if (fwbdebug)
+        qDebug() << "guessOSAndPlatformFromSysDescr:"
+                 << "platform=" << platform
+                 << "hostOS=" << hostOS
+                 << "version=" << version_from_sysdescr.c_str();
+
+    if ( ! platform.isEmpty())
+    {
+        getVersionsForPlatform(platform, allowed_versions);
+
+        if ( ! version_from_sysdescr.empty())
+        {
+            string version_fit;
+            list<QStringPair>::iterator it;
+            foreach (QStringPair p, allowed_versions)
+            {
+                string vers = p.first.toStdString();
+                if (XMLTools::version_compare(vers, version_from_sysdescr)>0) break;
+                version_fit = vers;
+            }
+            version = version_fit.c_str();
+        }
+    }
+}
+
+

--- a/src/libgui/platforms.h
+++ b/src/libgui/platforms.h
@ -184,6 +184,9 @@ QString readHostOS(QComboBox *hostOS);
 void setPlatform(QComboBox *platform, const QString &pl);
 void setHostOS(QComboBox *hostOS, const QString &platform, const QString &os);

+void guessOSAndPlatformFromSysDescr(const QString &sysDescr,
+                                    QString &platform, QString &hostOS, QString &version);
+
 /*
 * Internal: Auxiliary function that copies elements from the list returned by
 * Resources::getResourceStrList()  to the list of string pairs