From 8ee59ebbf896104d5f74d60737b72cb95d236d8b Mon Sep 17 00:00:00 2001 From: Vadim Kurland Date: Mon, 21 Feb 2011 16:34:29 -0800 Subject: [PATCH] * newFirewallDialog.cpp (monitor): see #2126 Using snmp sysDescr OID to guess version of the new firewall when it is created using snmp polling. --- doc/ChangeLog | 4 ++ src/libfwbuilder/src/fwbuilder/snmp.cpp | 10 ++-- src/libgui/newFirewallDialog.cpp | 13 +++++ src/libgui/newFirewallDialog.h | 31 ++++++------ src/libgui/platforms.cpp | 65 +++++++++++++++++++++++++ src/libgui/platforms.h | 3 ++ 6 files changed, 109 insertions(+), 17 deletions(-) diff --git a/doc/ChangeLog b/doc/ChangeLog index e04add07a..1a5449b65 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,5 +1,9 @@ 2011-02-21 vadim + * newFirewallDialog.cpp (monitor): see #2126 Using snmp sysDescr + OID to guess version of the new firewall when it is created using + snmp polling. + * platform/pix.xml: see #1990 "Change default value for Cisco ASA/PIX 7+ to generate outbound ACLs". Newly created PIX/ASA firewall objects will now have "generate outbound acl" option diff --git a/src/libfwbuilder/src/fwbuilder/snmp.cpp b/src/libfwbuilder/src/fwbuilder/snmp.cpp index 2f59ccc29..fe9f13cbe 100644 --- a/src/libfwbuilder/src/fwbuilder/snmp.cpp +++ b/src/libfwbuilder/src/fwbuilder/snmp.cpp @@ -1842,9 +1842,13 @@ CrawlerFind::~CrawlerFind() { } -void SNMP_interface_query::run_impl(Logger *logger,SyncFlag *stop_program) throw(FWException) +void SNMP_interface_query::run_impl(Logger *logger, SyncFlag *stop_program) + throw(FWException) { - fetchInterfaces(logger,stop_program); + fetchSysInfo(logger, stop_program); + CHECK_STOP_AND_THROW_EXCEPTION; + + fetchInterfaces(logger, stop_program); #if 0 // See #2084 this takes forever on decides with large routing @@ -1860,7 +1864,7 @@ void SNMP_interface_query::run_impl(Logger *logger,SyncFlag *stop_program) throw // We do not fail if this query does not succeed. try { - fetchRoutingTable(logger,stop_program); + fetchRoutingTable(logger, stop_program); } catch(FWException &ex) { *logger << "Error fetching routing table, external interface will not be detected.\n"; diff --git a/src/libgui/newFirewallDialog.cpp b/src/libgui/newFirewallDialog.cpp index 23890616e..a0cee3df6 100644 --- a/src/libgui/newFirewallDialog.cpp +++ b/src/libgui/newFirewallDialog.cpp @@ -348,6 +348,15 @@ void newFirewallDialog::monitor() QString platform = readPlatform(m_dialog->platform); + guessOSAndPlatformFromSysDescr(q->getDescr().c_str(), + discovered_platform, + discovered_host_os, + discovered_version); + + if (fwbdebug) + qDebug() << "Guessed version as " << discovered_version; + + map* intf = q->getInterfaces(); map::iterator i; this->m_dialog->interfaceEditor1->clear(); @@ -471,6 +480,7 @@ void newFirewallDialog::getInterfacesViaSNMP() m_dialog->snmpProgress->clear(); if (q!=NULL) delete q; + q = new SNMP_interface_query(); q->init(addr.toString(), rcomm, SNMP_DEFAULT_RETRIES, SNMP_DEFAULT_TIMEOUT); @@ -1131,6 +1141,9 @@ void newFirewallDialog::finishClicked() o->setStr("host_OS", host_os); Resources::setDefaultTargetOptions(host_os , nfw); + if ( ! discovered_version.isEmpty()) + o->setStr("version", discovered_version.toStdString()); + /* create interfaces */ foreach(EditedInterfaceData iface, diff --git a/src/libgui/newFirewallDialog.h b/src/libgui/newFirewallDialog.h index 1a11bb71d..41e941e7d 100644 --- a/src/libgui/newFirewallDialog.h +++ b/src/libgui/newFirewallDialog.h @@ -44,7 +44,7 @@ namespace libfwbuilder { class Firewall; class Interface; class Logger; - class SNMP_interface_query; + class SNMPQuery; }; class QTreeWidgetItem; @@ -55,21 +55,24 @@ class newFirewallDialog : public QDialog, public FakeWizard { Q_OBJECT; - Ui::newFirewallDialog_q *m_dialog; + Ui::newFirewallDialog_q *m_dialog; - libfwbuilder::FWObject *currentTemplate; - libfwbuilder::Firewall *nfw; - bool snmpPollCompleted; - libfwbuilder::Logger *logger; - libfwbuilder::SNMP_interface_query *q; - QTimer *timer; - libfwbuilder::FWObjectDatabase *db; - libfwbuilder::FWObjectDatabase *tmpldb; - libfwbuilder::FWObject *parent; + libfwbuilder::FWObject *currentTemplate; + libfwbuilder::Firewall *nfw; + bool snmpPollCompleted; + libfwbuilder::Logger *logger; + libfwbuilder::SNMPQuery *q; + QTimer *timer; + libfwbuilder::FWObjectDatabase *db; + libfwbuilder::FWObjectDatabase *tmpldb; + libfwbuilder::FWObject *parent; std::map templates; - bool unloadTemplatesLib; - bool getInterfacesBusy; - + bool unloadTemplatesLib; + bool getInterfacesBusy; + QString discovered_platform; + QString discovered_host_os; + QString discovered_version; + std::list possible_inside_interface_labels; std::list possible_outside_interface_labels; std::list possible_dmz_interface_labels; diff --git a/src/libgui/platforms.cpp b/src/libgui/platforms.cpp index f4ce0fad2..06774ffbe 100644 --- a/src/libgui/platforms.cpp +++ b/src/libgui/platforms.cpp @@ -1191,4 +1191,69 @@ void guessSecurityLevel(const string&, InterfaceData *idata) if (idata->securityLevel==-1) idata->securityLevel = 0; } +void guessOSAndPlatformFromSysDescr( + const QString &sysDescr, QString &platform, QString &hostOS, QString &version) +{ + QRegExp pix1("Cisco PIX Security Appliance Version ([0-9\\.]+)"); + QRegExp pix2("Cisco Adaptive Security Appliance Version ([0-9\\.]+)"); + QRegExp ios1("Cisco Internetwork Operating System Software .* Version ([0-9\\.]+)"); + + platform = ""; + hostOS = ""; + version = ""; + + if (fwbdebug) + qDebug() << "guessOSAndPlatformFromSysDescr:" + << "sysdescr=" << sysDescr; + + list allowed_versions; + string version_from_sysdescr; + + if (pix1.indexIn(sysDescr) > -1) + { + platform = "pix"; + hostOS = "pix_os"; + version_from_sysdescr = pix1.cap(1).toStdString(); + } + + if (pix2.indexIn(sysDescr) > -1) + { + platform = "pix"; + hostOS = "pix_os"; + version_from_sysdescr = pix2.cap(1).toStdString(); + } + + if (ios1.indexIn(sysDescr) > -1) + { + platform = "iosacl"; + hostOS = "ios"; + version_from_sysdescr = ios1.cap(1).toStdString(); + } + + if (fwbdebug) + qDebug() << "guessOSAndPlatformFromSysDescr:" + << "platform=" << platform + << "hostOS=" << hostOS + << "version=" << version_from_sysdescr.c_str(); + + if ( ! platform.isEmpty()) + { + getVersionsForPlatform(platform, allowed_versions); + + if ( ! version_from_sysdescr.empty()) + { + string version_fit; + list::iterator it; + foreach (QStringPair p, allowed_versions) + { + string vers = p.first.toStdString(); + if (XMLTools::version_compare(vers, version_from_sysdescr)>0) break; + version_fit = vers; + } + version = version_fit.c_str(); + } + } +} + + diff --git a/src/libgui/platforms.h b/src/libgui/platforms.h index 5e8786373..b2f737c86 100644 --- a/src/libgui/platforms.h +++ b/src/libgui/platforms.h @@ -184,6 +184,9 @@ QString readHostOS(QComboBox *hostOS); void setPlatform(QComboBox *platform, const QString &pl); void setHostOS(QComboBox *hostOS, const QString &platform, const QString &os); +void guessOSAndPlatformFromSysDescr(const QString &sysDescr, + QString &platform, QString &hostOS, QString &version); + /* * Internal: Auxiliary function that copies elements from the list returned by * Resources::getResourceStrList() to the list of string pairs