see #2113 added pattern for ASA interface descriptions which is different from PIX interface descirptions

2026-03-23 11:47:24 +01:00 · 2011-02-21 11:33:25 -08:00 · 2011-02-21 11:33:25 -08:00 · 966533a672
commit 966533a672
parent 56f81407f1
8 changed files with 68 additions and 12 deletions
--- a/2
+++ b/2
@ -7,7 +7,7 @@ FWB_MICRO_VERSION=0
 # build number is like "nano" version number. I am incrementing build
 # number during development cycle
 #
-BUILD_NUM="3483"
+BUILD_NUM="3484"

 VERSION="$FWB_MAJOR_VERSION.$FWB_MINOR_VERSION.$FWB_MICRO_VERSION.$BUILD_NUM"

--- a/VERSION.h
+++ b/VERSION.h
@ -1,2 +1,2 @@
-#define VERSION      "4.2.0.3483"
+#define VERSION      "4.2.0.3484"
 #define GENERATION   "4.2"
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@ -1,3 +1,11 @@
+2011-02-21  vadim  <vadim@netcitadel.com>
+
+	* InterfaceData.cpp (guessLabel): fixes #2113 "ASA/PIX SNMP
+	discovery - assign default labels based on interface description".
+	Added pattern to match Cisco ASA interface description which is
+	different from Cisco PIX interface descriptions as returned via
+	snmp.
+
 2011-02-20  vadim  <vadim@netcitadel.com>

 	* BaseCompiler.cpp (getErrorsForRule): fixes #2124 "some error
--- a/packaging/fwbuilder-static-qt.spec
+++ b/packaging/fwbuilder-static-qt.spec
@ -3,7 +3,7 @@


 %define name    fwbuilder
-%define version 4.2.0.3483
+%define version 4.2.0.3484
 %define release 1

 %if "%_vendor" == "MandrakeSoft"
--- a/packaging/fwbuilder.control
+++ b/packaging/fwbuilder.control
@ -4,6 +4,6 @@ Replaces: fwbuilder (<=4.1.1-1), fwbuilder-common, fwbuilder-bsd, fwbuilder-linu
 Priority: extra
 Section: checkinstall
 Maintainer: vadim@fwbuilder.org
-Version: 4.2.0.3483-1
+Version: 4.2.0.3484-1
 Depends: libqt4-gui (>= 4.3.0), libxml2, libxslt1.1, libsnmp | libsnmp15
 Description: Firewall Builder GUI and policy compilers
--- a/packaging/fwbuilder.spec
+++ b/packaging/fwbuilder.spec
@ -1,6 +1,6 @@

 %define name    fwbuilder
-%define version 4.2.0.3483
+%define version 4.2.0.3484
 %define release 1

 %if "%_vendor" == "MandrakeSoft"
--- a/src/libfwbuilder/src/fwbuilder/InterfaceData.cpp
+++ b/src/libfwbuilder/src/fwbuilder/InterfaceData.cpp
@ -131,18 +131,23 @@ void InterfaceData::guessLabel(const string&)
 *  in PIX interfaces have names like "PIX Firewall 'inside' interface"
 *
 */
-    string pat1="PIX Firewall '";
-    string pat2="' interface";
+    string pat1 = "PIX Firewall '";
+    string pat2 = "Adaptive Security Appliance '";
+    string pat3 = "' interface";
    string::size_type p2;
-    if ( name.find(pat1)==0 && (p2=name.find(pat2))!=string::npos )
-        label=name.substr( pat1.size() , p2-pat1.size() );
+
+    if ( name.find(pat1)==0 && (p2=name.find(pat3))!=string::npos )
+        label = name.substr( pat1.size() , p2-pat1.size() );
+
+    if ( name.find(pat2)==0 && (p2=name.find(pat3))!=string::npos )
+        label = name.substr( pat2.size() , p2-pat2.size() );

    if (!isDyn &&
        !isUnnumbered &&
        !isBridgePort &&
        addr_mask.size()!=0 &&
        addr_mask.front()->getAddressPtr()->toString() == InetAddr::getLoopbackAddr().toString())
-        label="loopback";
+        label = "loopback";
 }

 void InterfaceData::guessSecurityLevel(const string&)
--- a/src/libgui/newFirewallDialog.cpp
+++ b/src/libgui/newFirewallDialog.cpp
@ -346,6 +346,8 @@ void newFirewallDialog::monitor()

    timer->stop();

+    QString platform = readPlatform(m_dialog->platform);
+
    map<int, InterfaceData>* intf = q->getInterfaces();
    map<int, InterfaceData>::iterator i;
    this->m_dialog->interfaceEditor1->clear();
@ -354,9 +356,50 @@ void newFirewallDialog::monitor()
    {
        InterfaceData* idata = &(i->second);

-        if ( idata->ostatus )
+        if (fwbdebug)
        {
-            idata->guessLabel(readPlatform(m_dialog->platform).toStdString());
+            qDebug() << "------------------------------------------------";
+            qDebug() << "id=" << idata->id.c_str();
+            qDebug() << "name=" << idata->name.c_str();
+            qDebug() << "snmp_type=" << idata->snmp_type;
+            qDebug() << "ostatus=" << idata->ostatus;
+            qDebug() << "mac_addr=" << idata->mac_addr.c_str();
+            qDebug() << "interface_type=" << idata->interface_type.c_str();
+            qDebug() << "";
+        }
+
+        /*
+         * some special treatment of discovered interfaces for Cisco ASA devices:
+         * if mac address is reported as 00:00:00:00:00:00 or
+         * 00:00:00:anything, this is usually some kind of internal special
+         * interface and we can skip it. Examples: "_internal_loopback",
+         * "Internal-Data0/1"
+         *
+         * This is different from how Linux reports mac address of a
+         * loopback because Linux snmpd returns empty string for the
+         * loopback mac address.
+         *
+         * The name of the interface reported by ASA is like this:
+         * "Adaptive Security Appliance 'Ethernet0/0' interface"
+         *
+         * Need to strip all thie verbose description
+         */ 
+
+        if (idata->ostatus)
+        {
+            idata->guessLabel(platform.toStdString());
+
+            if (platform == "pix" || platform == "fwsm")
+            {
+                if ( ! idata->mac_addr.empty() && idata->snmp_type == 1 &&
+                     idata->mac_addr.find("00:00:00")==0) continue;
+
+                QString name = idata->name.c_str();
+                name.replace("Adaptive Security Appliance '", "");
+                name.replace("' interface", "");
+                idata->name = name.toStdString();
+            }
+
            this->m_dialog->interfaceEditor1->addInterfaceFromData(idata);
        }
    }