From 2e11bc22da3f321f737110cae1353828e122e965 Mon Sep 17 00:00:00 2001 From: Vadim Kurland Date: Tue, 17 May 2011 10:05:33 -0700 Subject: [PATCH 01/10] pf import: first draft of the grammar (still does nothing useful), importer class skeleton --- src/import/Importer.cpp | 62 + src/import/Importer.h | 4 + src/import/PFImporter.cpp | 313 +++ src/import/PFImporter.h | 82 + src/import/PFImporterRun.cpp | 144 ++ src/import/import.pro | 25 +- .../IC_PlatformWarningPage.cpp | 8 +- .../ImporterThread.cpp | 4 + src/parsers/PFCfgLexer.cpp | 1768 +++++++++++++++++ src/parsers/PFCfgLexer.hpp | 108 + src/parsers/PFCfgParser.cpp | 377 ++++ src/parsers/PFCfgParser.hpp | 125 ++ src/parsers/PFCfgParserTokenTypes.hpp | 104 + src/parsers/PFCfgParserTokenTypes.txt | 86 + src/parsers/parsers.pro | 7 +- src/parsers/pf.g | 359 ++++ 16 files changed, 3559 insertions(+), 17 deletions(-) create mode 100644 src/import/PFImporter.cpp create mode 100644 src/import/PFImporter.h create mode 100644 src/import/PFImporterRun.cpp create mode 100644 src/parsers/PFCfgLexer.cpp create mode 100644 src/parsers/PFCfgLexer.hpp create mode 100644 src/parsers/PFCfgParser.cpp create mode 100644 src/parsers/PFCfgParser.hpp create mode 100644 src/parsers/PFCfgParserTokenTypes.hpp create mode 100644 src/parsers/PFCfgParserTokenTypes.txt create mode 100644 src/parsers/pf.g diff --git a/src/import/Importer.cpp b/src/import/Importer.cpp index f6b8046d9..0bdc6b4ce 100644 --- a/src/import/Importer.cpp +++ b/src/import/Importer.cpp @@ -34,6 +34,10 @@ #include #include #include +#include + +#include "interfaceProperties.h" +#include "interfacePropertiesObjectFactory.h" #include "fwbuilder/Address.h" #include "fwbuilder/AddressRange.h" @@ -933,3 +937,61 @@ FWObject* Importer::commitObject(FWObject *obj) return obj; } +/* + * Rearrange vlan interfaces. Importer creates all interfaces as + * children of the firewall. Vlan interfaces should become + * subinterfaces of the corresponding physical interfaces. + */ +void Importer::rearrangeVlanInterfaces() +{ + std::auto_ptr int_prop( + interfacePropertiesObjectFactory::getInterfacePropertiesObject( + getFirewallObject())); + + list all_interface_objects = + getFirewallObject()->getByTypeDeep(Interface::TYPENAME); + list vlans; + list::iterator it; + for (it=all_interface_objects.begin(); it!=all_interface_objects.end(); ++it) + { + Interface *intf = Interface::cast(*it); + FWOptions *ifopt = intf->getOptionsObject(); + + if (int_prop->looksLikeVlanInterface(intf->getName().c_str()) && + ifopt->getStr("type")=="8021q") + { + qDebug() << "Found vlan interface" << intf->getName().c_str(); + vlans.push_back(intf); + } + } + + for (it=vlans.begin(); it!=vlans.end(); ++it) + { + Interface *vlan_intf = Interface::cast(*it); + + qDebug() << "VLAN " << vlan_intf->getName().c_str(); + + QString base_name; + int vlan_id; + int_prop->parseVlan(vlan_intf->getName().c_str(), &base_name, &vlan_id); + + qDebug() << "base name" << base_name; + + if ( ! base_name.isEmpty()) + { + getFirewallObject()->remove(vlan_intf, false); // do not delete + + list::iterator it2; + for (it2=all_interface_objects.begin(); it2!=all_interface_objects.end(); ++it2) + { + if (base_name == (*it2)->getName().c_str()) + { + (*it2)->add(vlan_intf, false); + break; + } + } + } + } + +} + diff --git a/src/import/Importer.h b/src/import/Importer.h index 344162517..9a5b74511 100644 --- a/src/import/Importer.h +++ b/src/import/Importer.h @@ -363,6 +363,10 @@ public: void addMessageToLog(const std::string &msg); void addMessageToLog(const QString &msg); + + + void rearrangeVlanInterfaces(); + }; #endif diff --git a/src/import/PFImporter.cpp b/src/import/PFImporter.cpp new file mode 100644 index 000000000..57d6e3236 --- /dev/null +++ b/src/import/PFImporter.cpp @@ -0,0 +1,313 @@ +/* + + Firewall Builder + + Copyright (C) 2011 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "../../config.h" + +#include "PFImporter.h" + +#include +#include +#include +#include + +#include "interfaceProperties.h" +#include "interfacePropertiesObjectFactory.h" + +#include "fwbuilder/FWObjectDatabase.h" +#include "fwbuilder/AddressRange.h" +#include "fwbuilder/Resources.h" +#include "fwbuilder/Network.h" +#include "fwbuilder/Address.h" +#include "fwbuilder/InetAddr.h" +#include "fwbuilder/IPService.h" +#include "fwbuilder/ICMPService.h" +#include "fwbuilder/TCPService.h" +#include "fwbuilder/UDPService.h" +#include "fwbuilder/Policy.h" +#include "fwbuilder/RuleElement.h" +#include "fwbuilder/Library.h" +#include "fwbuilder/TCPUDPService.h" + +#include "../libgui/platforms.h" + +#include +#include + +extern int fwbdebug; + +// TODO: this should move to some common library, together with +// getVersionsForPlatform() it uses. Currently these functions are +// defined in libgui/platforms.cpp + +extern QString findBestVersionMatch(const QString &platform, + const QString &discovered_version); + +using namespace std; +using namespace libfwbuilder; + + +PFImporter::PFImporter(FWObject *lib, + std::istringstream &input, + Logger *log, + const std::string &fwname) : + Importer(lib, "pf", input, log, fwname) +{ + setPlatform("pf"); + address_maker->setInvertedNetmasks(false); +} + +PFImporter::~PFImporter() +{ +} + +void PFImporter::clear() +{ + rule_type = NATRule::Unknown; + + Importer::clear(); +} + +void PFImporter::clearTempVars() +{ + Importer::clear(); +} + +FWObject* PFImporter::makeSrcObj() +{ + if (src_nm == "interface") + { + Interface *intf = getInterfaceByName(src_a); + if (intf) return intf; + reportError( + QString("Cannot find interface with label '%1'").arg(src_a.c_str())); + } + + return Importer::makeSrcObj(); +} + +FWObject* PFImporter::makeDstObj() +{ + if (dst_nm == "interface") + { + Interface *intf = getInterfaceByName(dst_a); + if (intf) return intf; + reportError( + QString("Cannot find interface with label '%1'").arg(dst_a.c_str())); + } + + return Importer::makeDstObj(); +} + +FWObject* PFImporter::makeSrvObj() +{ + return Importer::makeSrvObj(); +} + +void PFImporter::addLogging() +{ + PolicyRule *rule = PolicyRule::cast(current_rule); + FWOptions *ropt = rule->getOptionsObject(); + +/* + alerts Immediate action needed (severity=1) + critical Critical conditions (severity=2) + debugging Debugging messages (severity=7) + disable Disable log option on this ACL element, (no log at all) + emergencies System is unusable (severity=0) + errors Error conditions (severity=3) + inactive Keyword for disabling an ACL element + informational Informational messages (severity=6) + interval Configure log interval, default value is 300 sec + notifications Normal but significant conditions (severity=5) + warnings Warning conditions (severity=4) +*/ + QMap logging_levels; + + logging_levels["alerts"] = "alert"; + logging_levels["critical"] = "crit"; + logging_levels["debugging"] = "debug"; + logging_levels["emergencies"] = ""; + logging_levels["errors"] = "error"; + logging_levels["informational"] = "info"; + logging_levels["notifications"] = "notice"; + logging_levels["warnings"] = "warning"; + logging_levels["0"] = ""; + logging_levels["1"] = "alert"; + logging_levels["2"] = "crit"; + logging_levels["3"] = "error"; + logging_levels["4"] = "warning"; + logging_levels["5"] = "notice"; + logging_levels["6"] = "info"; + logging_levels["7"] = "debug"; + + // QStringList log_levels = getLogLevels("pix"); + + rule->setLogging(logging); + + QString log_level_qs = log_level.c_str(); + if ( ! log_level_qs.isEmpty()) + { + if (logging_levels.count(log_level_qs) != 0) + ropt->setStr("log_level", logging_levels[log_level_qs].toStdString()); + else + ropt->setStr("log_level", log_level); + + if (log_level_qs == "disable" || log_level_qs == "inactive") + ropt->setBool("disable_logging_for_this_rule", true); + } + + if ( ! log_interval.empty()) + { + bool ok = false; + int log_interval_int = QString(log_interval.c_str()).toInt(&ok); + if (ok) + ropt->setInt("log_interval", log_interval_int); + } +} + + +void PFImporter::pushRule() +{ + if (rule_type == NATRule::Unknown) + pushPolicyRule(); + else + pushNATRule(); + + assert(current_rule!=NULL); + + if (error_tracker->hasErrors()) + { + QStringList err = error_tracker->getErrors(); + addMessageToLog("Error: " + err.join("\n")); + markCurrentRuleBad(); + } + + current_rule = NULL; + rule_comment = ""; + + clear(); + +} + +void PFImporter::pushPolicyRule() +{ + assert(current_ruleset!=NULL); + assert(current_rule!=NULL); + // populate all elements of the rule + + addMessageToLog( + QString("filtering rule: action %1") + .arg(action.c_str())); + + PolicyRule *rule = PolicyRule::cast(current_rule); + + FWOptions *ropt = current_rule->getOptionsObject(); + assert(ropt!=NULL); + + if (action=="pass") + { + rule->setAction(PolicyRule::Accept); + ropt->setBool("stateless", false); + } + + if (action=="drop") + { + rule->setAction(PolicyRule::Deny); + ropt->setBool("stateless", true); + } + + rule->setDirection(PolicyRule::Both); + + addSrc(); + addDst(); + addSrv(); + + addLogging(); + + // then add it to the current ruleset + current_ruleset->ruleset->add(current_rule); + addStandardImportComment( + current_rule, QString::fromUtf8(rule_comment.c_str())); +} + +Firewall* PFImporter::finalize() +{ + // scan all UnidirectionalRuleSet objects, set interface and + // direction in all rules of corresponding RuleSet and merge all + // UnidirectionalRuleSet into one RuleSet object. Attach this + // object to the firewall. + + if (fwbdebug) qDebug("PFImporter::finalize()"); + + if (haveFirewallObject()) + { + Firewall *fw = Firewall::cast(getFirewallObject()); + + if (! discovered_platform.empty()) + { + QString pl = QString(discovered_platform.c_str()).toLower(); + + fw->setStr("platform", pl.toStdString()); + + string host_os = "openbsd"; + + if (! host_os.empty()) + { + fw->setStr("host_OS", host_os); + Resources::setDefaultTargetOptions(host_os , fw); + } + + string version = findBestVersionMatch( + pl, discovered_version.c_str()).toStdString(); + + if ( ! version.empty()) fw->setStr("version", version); + } + + rearrangeVlanInterfaces(); + + return fw; + } + else + { + return NULL; + } +} + +void PFImporter::pushNATRule() +{ +} + +Interface* PFImporter::getInterfaceByName(const string &name) +{ + map::iterator it; + for (it=all_interfaces.begin(); it!=all_interfaces.end(); ++it) + { + Interface *intf = it->second; + if (intf->getName() == name) + { + return intf; + } + } + return NULL; +} + diff --git a/src/import/PFImporter.h b/src/import/PFImporter.h new file mode 100644 index 000000000..b83f0a10c --- /dev/null +++ b/src/import/PFImporter.h @@ -0,0 +1,82 @@ +/* + + Firewall Builder + + Copyright (C) 2011 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + + +#ifndef _FWB_POLICY_IMPORTER_PF_H_ +#define _FWB_POLICY_IMPORTER_PF_H_ + +#include +#include +#include +#include +#include + +#include "IOSImporter.h" + +#include "fwbuilder/libfwbuilder-config.h" +#include "fwbuilder/Logger.h" +#include "fwbuilder/Rule.h" +#include "fwbuilder/NAT.h" + +#include + + +class PFImporter : public Importer +{ + +public: + + libfwbuilder::NATRule::NATRuleTypes rule_type; + + PFImporter(libfwbuilder::FWObject *lib, + std::istringstream &input, + libfwbuilder::Logger *log, + const std::string &fwname); + ~PFImporter(); + + virtual void clear(); + + void clearTempVars(); + + virtual void run(); + + void pushPolicyRule(); + void pushNATRule(); + void buildDNATRule(); + void buildSNATRule(); + virtual void pushRule(); + + // this method actually adds interfaces to the firewall object + // and does final clean up. + virtual libfwbuilder::Firewall* finalize(); + + virtual libfwbuilder::FWObject* makeSrcObj(); + virtual libfwbuilder::FWObject* makeDstObj(); + virtual libfwbuilder::FWObject* makeSrvObj(); + + virtual void addLogging(); + + libfwbuilder::Interface* getInterfaceByName(const std::string &name); +}; + +#endif diff --git a/src/import/PFImporterRun.cpp b/src/import/PFImporterRun.cpp new file mode 100644 index 000000000..8386512d2 --- /dev/null +++ b/src/import/PFImporterRun.cpp @@ -0,0 +1,144 @@ +/* + + Firewall Builder + + Copyright (C) 2011 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "../../config.h" + +#include "PFImporter.h" + +#include +#include +#include +#include + +#include +#include +#include + +#include + +#include "../parsers/PFCfgLexer.hpp" +#include "../parsers/PFCfgParser.hpp" + +extern int fwbdebug; + +using namespace std; + + +/* + * Only this module depends on PFCfgLexer and PFCfgParser, + * so only this file is recompiled when we change grammar + */ + +void PFImporter::run() +{ + QStringList err; + QString parser_err = QObject::tr("Parser error:"); + QString gen_err = QObject::tr("Error:"); + std::ostringstream parser_debug; + +/* Do a bit of preprocessing of the input to simplify crazy grammar. + * + * Do the following (will add more stuff here in the future): + * + * - fold lines split with '\' + * - find macro definitions and perform all macro sustitutions + */ + + QMap named_addresses; + QStringList whole_input; + + input.seekg (0, ios::beg); + char buf[8192]; + while (!input.eof()) + { + input.getline(buf, sizeof(buf)-1); + whole_input.append(QString(buf)); + } + + foreach(QString str, whole_input) + { + if (str.startsWith("name ")) + { + QStringList items = str.split(" "); + named_addresses[items[2]] = items[1]; + } + } + + QStringList normalized_input_buffer; + + foreach(QString str, whole_input) + { + if ( ! str.startsWith("name ")) + { + QMap::iterator it; + for (it=named_addresses.begin(); it!=named_addresses.end(); ++it) + { + QString re("\\b%1\\b"); + str.replace(QRegExp(re.arg(it.key())), it.value()); + } + } + + normalized_input_buffer.append(str); + } + + istringstream normalized_input( + normalized_input_buffer.join("\n").toStdString()); + + PFCfgLexer lexer(normalized_input); + PFCfgParser parser(lexer); + parser.importer = this; + if (fwbdebug) parser.dbg = &std::cerr; + else parser.dbg = &parser_debug; + + try + { + parser.cfgfile(); + } catch(ANTLR_USE_NAMESPACE(antlr)ANTLRException &e) + { + err << parser_err + " " + e.toString().c_str(); + } catch(ObjectMakerException &e) + { + err << gen_err + " " + e.toString(); + } catch(ImporterException &e) + { + err << gen_err + " " + e.toString(); + } catch(std::exception& e) + { + err << parser_err + " " + e.what(); + } + + if (haveFirewallObject()) + { + if (countInterfaces()==0) err << noInterfacesErrorMessage(); + if (countRules()==0) err << noRulesErrorMessage(); + } else + { + err << parser_err; + err << noFirewallErrorMessage(); + err << commonFailureErrorMessage(); + } + + if (!err.isEmpty()) + *logger << err.join("\n").toUtf8().constData(); +} + diff --git a/src/import/import.pro b/src/import/import.pro index 54dc3aace..11a9fca7a 100644 --- a/src/import/import.pro +++ b/src/import/import.pro @@ -20,18 +20,21 @@ SOURCES = QStringListOperators.cpp \ PIXImporter.cpp \ PIXImporterNat.cpp \ PIXImporterRun.cpp \ + PFImporter.cpp \ + PFImporterRun.cpp \ -HEADERS = QStringListOperators.h \ - PreImport.h \ - objectMaker.h \ - addressObjectMaker.h \ - serviceObjectMaker.h \ - getProtoByName.h \ - getServByName.h \ - Importer.h \ - IOSImporter.h \ - IPTImporter.h \ - PIXImporter.h \ +HEADERS = QStringListOperators.h \ + PreImport.h \ + objectMaker.h \ + addressObjectMaker.h \ + serviceObjectMaker.h \ + getProtoByName.h \ + getServByName.h \ + Importer.h \ + IOSImporter.h \ + IPTImporter.h \ + PIXImporter.h \ + PFImporter.h \ CONFIG += staticlib diff --git a/src/libgui/importFirewallConfigurationWizard/IC_PlatformWarningPage.cpp b/src/libgui/importFirewallConfigurationWizard/IC_PlatformWarningPage.cpp index 909f0f250..afb8ba689 100644 --- a/src/libgui/importFirewallConfigurationWizard/IC_PlatformWarningPage.cpp +++ b/src/libgui/importFirewallConfigurationWizard/IC_PlatformWarningPage.cpp @@ -180,12 +180,10 @@ void IC_PlatformWarningPage::initializePage() case PreImport::PF: m_dialog->platform->setText(tr("pf")); m_dialog->platformSpecificWarning->setText( - tr("Firewall Builder does not support import of PF " - "configurations at this time. Click the button below to " - "vote to have this feature added in a future release." + tr("Firewall Builder will support import PF " + "configuration from a pf.conf file." )); - platformOk = false; - m_dialog->voteForFeatureButton->show(); + platformOk = true; break; } diff --git a/src/libgui/importFirewallConfigurationWizard/ImporterThread.cpp b/src/libgui/importFirewallConfigurationWizard/ImporterThread.cpp index 1bd5e3ccd..6cd38fc0a 100644 --- a/src/libgui/importFirewallConfigurationWizard/ImporterThread.cpp +++ b/src/libgui/importFirewallConfigurationWizard/ImporterThread.cpp @@ -30,6 +30,7 @@ #include "IOSImporter.h" #include "IPTImporter.h" #include "PIXImporter.h" +#include "PFImporter.h" #include "objectMaker.h" #include @@ -92,6 +93,9 @@ void ImporterThread::run() if (platform == "pix" || platform == "fwsm") importer = new PIXImporter( lib, instream, logger, firewallName.toUtf8().constData()); + if (platform == "pf") importer = new PFImporter( + lib, instream, logger, firewallName.toUtf8().constData()); + if (importer) { diff --git a/src/parsers/PFCfgLexer.cpp b/src/parsers/PFCfgLexer.cpp new file mode 100644 index 000000000..c7eb522a3 --- /dev/null +++ b/src/parsers/PFCfgLexer.cpp @@ -0,0 +1,1768 @@ +/* $ANTLR 2.7.7 (20090306): "pf.g" -> "PFCfgLexer.cpp"$ */ +#line 42 "pf.g" + + // gets inserted before the antlr generated includes in the cpp + // file + +#line 8 "PFCfgLexer.cpp" +#include "PFCfgLexer.hpp" +#include +#include +#include +#include +#include +#include +#include + +#line 48 "pf.g" + + // gets inserted after the antlr generated includes in the cpp + // file +#include +#include + +#line 25 "PFCfgLexer.cpp" +#line 1 "pf.g" +#line 27 "PFCfgLexer.cpp" +PFCfgLexer::PFCfgLexer(ANTLR_USE_NAMESPACE(std)istream& in) + : ANTLR_USE_NAMESPACE(antlr)CharScanner(new ANTLR_USE_NAMESPACE(antlr)CharBuffer(in),true) +{ + initLiterals(); +} + +PFCfgLexer::PFCfgLexer(ANTLR_USE_NAMESPACE(antlr)InputBuffer& ib) + : ANTLR_USE_NAMESPACE(antlr)CharScanner(ib,true) +{ + initLiterals(); +} + +PFCfgLexer::PFCfgLexer(const ANTLR_USE_NAMESPACE(antlr)LexerSharedInputState& state) + : ANTLR_USE_NAMESPACE(antlr)CharScanner(state,true) +{ + initLiterals(); +} + +void PFCfgLexer::initLiterals() +{ + literals["host"] = 37; + literals["log"] = 40; + literals["ipinip"] = 28; + literals["icmp6"] = 19; + literals["pcp"] = 32; + literals["interface"] = 16; + literals["disable"] = 49; + literals["gre"] = 25; + literals["exit"] = 13; + literals["nos"] = 30; + literals["udp"] = 21; + literals["tcp"] = 20; + literals["pptp"] = 34; + literals["ospf"] = 31; + literals["ip"] = 17; + literals["no"] = 15; + literals["inactive"] = 50; + literals["esp"] = 24; + literals["igrp"] = 27; + literals["pass"] = 9; + literals["pim"] = 33; + literals["icmp"] = 18; + literals["emergencies"] = 44; + literals["igmp"] = 26; + literals["timeout"] = 7; + literals["range"] = 39; + literals["debugging"] = 43; + literals["drop"] = 10; + literals["eigrp"] = 23; + literals["errors"] = 45; + literals["ah"] = 22; + literals["snp"] = 36; + literals["ipsec"] = 29; + literals["warnings"] = 48; + literals["quit"] = 14; + literals["alerts"] = 41; + literals["any"] = 38; + literals["rip"] = 35; + literals["notifications"] = 47; + literals["critical"] = 42; + literals["informational"] = 46; +} + +ANTLR_USE_NAMESPACE(antlr)RefToken PFCfgLexer::nextToken() +{ + ANTLR_USE_NAMESPACE(antlr)RefToken theRetToken; + for (;;) { + ANTLR_USE_NAMESPACE(antlr)RefToken theRetToken; + int _ttype = ANTLR_USE_NAMESPACE(antlr)Token::INVALID_TYPE; + resetText(); + try { // for lexical and char stream error handling + switch ( LA(1)) { + case 0xa /* '\n' */ : + case 0xd /* '\r' */ : + { + mNEWLINE(true); + theRetToken=_returnToken; + break; + } + case 0x24 /* '$' */ : + case 0x30 /* '0' */ : + case 0x31 /* '1' */ : + case 0x32 /* '2' */ : + case 0x33 /* '3' */ : + case 0x34 /* '4' */ : + case 0x35 /* '5' */ : + case 0x36 /* '6' */ : + case 0x37 /* '7' */ : + case 0x38 /* '8' */ : + case 0x39 /* '9' */ : + case 0x41 /* 'A' */ : + case 0x42 /* 'B' */ : + case 0x43 /* 'C' */ : + case 0x44 /* 'D' */ : + case 0x45 /* 'E' */ : + case 0x46 /* 'F' */ : + case 0x47 /* 'G' */ : + case 0x48 /* 'H' */ : + case 0x49 /* 'I' */ : + case 0x4a /* 'J' */ : + case 0x4b /* 'K' */ : + case 0x4c /* 'L' */ : + case 0x4d /* 'M' */ : + case 0x4e /* 'N' */ : + case 0x4f /* 'O' */ : + case 0x50 /* 'P' */ : + case 0x51 /* 'Q' */ : + case 0x52 /* 'R' */ : + case 0x53 /* 'S' */ : + case 0x54 /* 'T' */ : + case 0x55 /* 'U' */ : + case 0x56 /* 'V' */ : + case 0x57 /* 'W' */ : + case 0x58 /* 'X' */ : + case 0x59 /* 'Y' */ : + case 0x5a /* 'Z' */ : + case 0x61 /* 'a' */ : + case 0x62 /* 'b' */ : + case 0x63 /* 'c' */ : + case 0x64 /* 'd' */ : + case 0x65 /* 'e' */ : + case 0x66 /* 'f' */ : + case 0x67 /* 'g' */ : + case 0x68 /* 'h' */ : + case 0x69 /* 'i' */ : + case 0x6a /* 'j' */ : + case 0x6b /* 'k' */ : + case 0x6c /* 'l' */ : + case 0x6d /* 'm' */ : + case 0x6e /* 'n' */ : + case 0x6f /* 'o' */ : + case 0x70 /* 'p' */ : + case 0x71 /* 'q' */ : + case 0x72 /* 'r' */ : + case 0x73 /* 's' */ : + case 0x74 /* 't' */ : + case 0x75 /* 'u' */ : + case 0x76 /* 'v' */ : + case 0x77 /* 'w' */ : + case 0x78 /* 'x' */ : + case 0x79 /* 'y' */ : + case 0x7a /* 'z' */ : + { + mNUMBER_ADDRESS_OR_WORD(true); + theRetToken=_returnToken; + break; + } + case 0x2e /* '.' */ : + { + mDOT(true); + theRetToken=_returnToken; + break; + } + case 0x22 /* '\"' */ : + { + mSTRING(true); + theRetToken=_returnToken; + break; + } + case 0x7c /* '|' */ : + { + mPIPE_CHAR(true); + theRetToken=_returnToken; + break; + } + case 0x23 /* '#' */ : + { + mNUMBER_SIGN(true); + theRetToken=_returnToken; + break; + } + case 0x25 /* '%' */ : + { + mPERCENT(true); + theRetToken=_returnToken; + break; + } + case 0x26 /* '&' */ : + { + mAMPERSAND(true); + theRetToken=_returnToken; + break; + } + case 0x27 /* '\'' */ : + { + mAPOSTROPHE(true); + theRetToken=_returnToken; + break; + } + case 0x28 /* '(' */ : + { + mOPENING_PAREN(true); + theRetToken=_returnToken; + break; + } + case 0x29 /* ')' */ : + { + mCLOSING_PAREN(true); + theRetToken=_returnToken; + break; + } + case 0x2a /* '*' */ : + { + mSTAR(true); + theRetToken=_returnToken; + break; + } + case 0x2b /* '+' */ : + { + mPLUS(true); + theRetToken=_returnToken; + break; + } + case 0x2c /* ',' */ : + { + mCOMMA(true); + theRetToken=_returnToken; + break; + } + case 0x2d /* '-' */ : + { + mMINUS(true); + theRetToken=_returnToken; + break; + } + case 0x2f /* '/' */ : + { + mSLASH(true); + theRetToken=_returnToken; + break; + } + case 0x3b /* ';' */ : + { + mSEMICOLON(true); + theRetToken=_returnToken; + break; + } + case 0x3c /* '<' */ : + { + mLESS_THAN(true); + theRetToken=_returnToken; + break; + } + case 0x3d /* '=' */ : + { + mEQUALS(true); + theRetToken=_returnToken; + break; + } + case 0x3e /* '>' */ : + { + mGREATER_THAN(true); + theRetToken=_returnToken; + break; + } + case 0x3f /* '?' */ : + { + mQUESTION(true); + theRetToken=_returnToken; + break; + } + case 0x40 /* '@' */ : + { + mCOMMERCIAL_AT(true); + theRetToken=_returnToken; + break; + } + case 0x5b /* '[' */ : + { + mOPENING_SQUARE(true); + theRetToken=_returnToken; + break; + } + case 0x5d /* ']' */ : + { + mCLOSING_SQUARE(true); + theRetToken=_returnToken; + break; + } + case 0x5e /* '^' */ : + { + mCARET(true); + theRetToken=_returnToken; + break; + } + case 0x5f /* '_' */ : + { + mUNDERLINE(true); + theRetToken=_returnToken; + break; + } + case 0x7b /* '{' */ : + { + mOPENING_BRACE(true); + theRetToken=_returnToken; + break; + } + case 0x7d /* '}' */ : + { + mCLOSING_BRACE(true); + theRetToken=_returnToken; + break; + } + case 0x7e /* '~' */ : + { + mTILDE(true); + theRetToken=_returnToken; + break; + } + default: + if ((LA(1) == 0x21 /* '!' */ ) && ((LA(2) >= 0x3 /* '\3' */ && LA(2) <= 0xff))) { + mLINE_COMMENT(true); + theRetToken=_returnToken; + } + else if ((LA(1) == 0x3a /* ':' */ ) && ((LA(2) >= 0x3 /* '\3' */ && LA(2) <= 0xff))) { + mCOLON_COMMENT(true); + theRetToken=_returnToken; + } + else if ((LA(1) == 0x3a /* ':' */ ) && (true)) { + mCOLON(true); + theRetToken=_returnToken; + } + else if ((_tokenSet_0.member(LA(1)))) { + mWhitespace(true); + theRetToken=_returnToken; + } + else if ((LA(1) == 0x21 /* '!' */ ) && (true)) { + mEXLAMATION(true); + theRetToken=_returnToken; + } + else { + if (LA(1)==EOF_CHAR) + { + uponEOF(); + _returnToken = makeToken(ANTLR_USE_NAMESPACE(antlr)Token::EOF_TYPE); + } + else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + } + } + if ( !_returnToken ) + goto tryAgain; // found SKIP token + + _ttype = _returnToken->getType(); + _ttype = testLiteralsTable(_ttype); + _returnToken->setType(_ttype); + return _returnToken; + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& e) { + throw ANTLR_USE_NAMESPACE(antlr)TokenStreamRecognitionException(e); + } + catch (ANTLR_USE_NAMESPACE(antlr)CharStreamIOException& csie) { + throw ANTLR_USE_NAMESPACE(antlr)TokenStreamIOException(csie.io); + } + catch (ANTLR_USE_NAMESPACE(antlr)CharStreamException& cse) { + throw ANTLR_USE_NAMESPACE(antlr)TokenStreamException(cse.getMessage()); + } +tryAgain:; + } +} + +void PFCfgLexer::mLINE_COMMENT(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); + _ttype = LINE_COMMENT; + ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; + + match("!"); + { // ( ... )* + for (;;) { + if ((_tokenSet_1.member(LA(1)))) { + { + match(_tokenSet_1); + } + } + else { + goto _loop16; + } + + } + _loop16:; + } // ( ... )* + mNEWLINE(false); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void PFCfgLexer::mNEWLINE(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); + _ttype = NEWLINE; + ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; + + { + if ((LA(1) == 0xd /* '\r' */ ) && (LA(2) == 0xa /* '\n' */ )) { + match("\r\n"); + } + else if ((LA(1) == 0xd /* '\r' */ ) && (true)) { + match('\r' /* charlit */ ); + } + else if ((LA(1) == 0xa /* '\n' */ )) { + match('\n' /* charlit */ ); + } + else { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn()); + } + + } + if ( inputState->guessing==0 ) { +#line 278 "pf.g" + newline(); +#line 440 "PFCfgLexer.cpp" + } + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void PFCfgLexer::mCOLON_COMMENT(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); + _ttype = COLON_COMMENT; + ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; + + mCOLON(false); + { // ( ... )* + for (;;) { + if ((_tokenSet_1.member(LA(1)))) { + { + match(_tokenSet_1); + } + } + else { + goto _loop20; + } + + } + _loop20:; + } // ( ... )* + mNEWLINE(false); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void PFCfgLexer::mCOLON(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); + _ttype = COLON; + ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; + + match(':' /* charlit */ ); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void PFCfgLexer::mWhitespace(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); + _ttype = Whitespace; + ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; + + { + switch ( LA(1)) { + case 0x3 /* '\3' */ : + case 0x4 /* '\4' */ : + case 0x5 /* '\5' */ : + case 0x6 /* '\6' */ : + case 0x7 /* '\7' */ : + case 0x8 /* '\10' */ : + { + matchRange('\3','\10'); + break; + } + case 0x9 /* '\t' */ : + { + match('\t' /* charlit */ ); + break; + } + case 0xb /* '\13' */ : + { + match('\13' /* charlit */ ); + break; + } + case 0xc /* '\14' */ : + { + match('\14' /* charlit */ ); + break; + } + case 0xe /* '\16' */ : + case 0xf /* '\17' */ : + case 0x10 /* '\20' */ : + case 0x11 /* '\21' */ : + case 0x12 /* '\22' */ : + case 0x13 /* '\23' */ : + case 0x14 /* '\24' */ : + case 0x15 /* '\25' */ : + case 0x16 /* '\26' */ : + case 0x17 /* '\27' */ : + case 0x18 /* '\30' */ : + case 0x19 /* '\31' */ : + case 0x1a /* '\32' */ : + case 0x1b /* '\33' */ : + case 0x1c /* '\34' */ : + case 0x1d /* '\35' */ : + case 0x1e /* '\36' */ : + case 0x1f /* '\37' */ : + { + matchRange('\16','\37'); + break; + } + case 0x20 /* ' ' */ : + { + match(' ' /* charlit */ ); + break; + } + default: + if (((LA(1) >= 0x7f && LA(1) <= 0xff))) { + matchRange('\177',static_cast('\377')); + } + else { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn()); + } + } + } + if ( inputState->guessing==0 ) { +#line 273 "pf.g" + _ttype = ANTLR_USE_NAMESPACE(antlr)Token::SKIP; +#line 564 "PFCfgLexer.cpp" + } + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void PFCfgLexer::mINT_CONST(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); + _ttype = INT_CONST; + ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; + + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void PFCfgLexer::mHEX_CONST(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); + _ttype = HEX_CONST; + ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; + + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void PFCfgLexer::mNUMBER(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); + _ttype = NUMBER; + ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; + + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void PFCfgLexer::mNEG_INT_CONST(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); + _ttype = NEG_INT_CONST; + ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; + + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void PFCfgLexer::mDIGIT(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); + _ttype = DIGIT; + ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; + + matchRange('0','9'); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void PFCfgLexer::mHEXDIGIT(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); + _ttype = HEXDIGIT; + ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; + + matchRange('a','f'); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); + _ttype = NUMBER_ADDRESS_OR_WORD; + ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; + + { + bool synPredMatched69 = false; + if (((_tokenSet_2.member(LA(1))) && (_tokenSet_3.member(LA(2))) && (true))) { + int _m69 = mark(); + synPredMatched69 = true; + inputState->guessing++; + try { + { + { // ( ... )+ + int _cnt68=0; + for (;;) { + switch ( LA(1)) { + case 0x61 /* 'a' */ : + case 0x62 /* 'b' */ : + case 0x63 /* 'c' */ : + case 0x64 /* 'd' */ : + case 0x65 /* 'e' */ : + case 0x66 /* 'f' */ : + { + matchRange('a','f'); + break; + } + case 0x30 /* '0' */ : + case 0x31 /* '1' */ : + case 0x32 /* '2' */ : + case 0x33 /* '3' */ : + case 0x34 /* '4' */ : + case 0x35 /* '5' */ : + case 0x36 /* '6' */ : + case 0x37 /* '7' */ : + case 0x38 /* '8' */ : + case 0x39 /* '9' */ : + { + matchRange('0','9'); + break; + } + default: + { + if ( _cnt68>=1 ) { goto _loop68; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + } + } + _cnt68++; + } + _loop68:; + } // ( ... )+ + mCOLON(false); + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { + synPredMatched69 = false; + } + rewind(_m69); + inputState->guessing--; + } + if ( synPredMatched69 ) { + { + { + { // ( ... )+ + int _cnt73=0; + for (;;) { + switch ( LA(1)) { + case 0x61 /* 'a' */ : + case 0x62 /* 'b' */ : + case 0x63 /* 'c' */ : + case 0x64 /* 'd' */ : + case 0x65 /* 'e' */ : + case 0x66 /* 'f' */ : + { + matchRange('a','f'); + break; + } + case 0x30 /* '0' */ : + case 0x31 /* '1' */ : + case 0x32 /* '2' */ : + case 0x33 /* '3' */ : + case 0x34 /* '4' */ : + case 0x35 /* '5' */ : + case 0x36 /* '6' */ : + case 0x37 /* '7' */ : + case 0x38 /* '8' */ : + case 0x39 /* '9' */ : + { + matchRange('0','9'); + break; + } + default: + { + if ( _cnt73>=1 ) { goto _loop73; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + } + } + _cnt73++; + } + _loop73:; + } // ( ... )+ + { // ( ... )+ + int _cnt77=0; + for (;;) { + if ((LA(1) == 0x3a /* ':' */ )) { + mCOLON(false); + { // ( ... )* + for (;;) { + switch ( LA(1)) { + case 0x61 /* 'a' */ : + case 0x62 /* 'b' */ : + case 0x63 /* 'c' */ : + case 0x64 /* 'd' */ : + case 0x65 /* 'e' */ : + case 0x66 /* 'f' */ : + { + matchRange('a','f'); + break; + } + case 0x30 /* '0' */ : + case 0x31 /* '1' */ : + case 0x32 /* '2' */ : + case 0x33 /* '3' */ : + case 0x34 /* '4' */ : + case 0x35 /* '5' */ : + case 0x36 /* '6' */ : + case 0x37 /* '7' */ : + case 0x38 /* '8' */ : + case 0x39 /* '9' */ : + { + matchRange('0','9'); + break; + } + default: + { + goto _loop76; + } + } + } + _loop76:; + } // ( ... )* + } + else { + if ( _cnt77>=1 ) { goto _loop77; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + } + + _cnt77++; + } + _loop77:; + } // ( ... )+ + } + if ( inputState->guessing==0 ) { +#line 319 "pf.g" + _ttype = IPV6; +#line 806 "PFCfgLexer.cpp" + } + } + } + else { + bool synPredMatched34 = false; + if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (true) && (true))) { + int _m34 = mark(); + synPredMatched34 = true; + inputState->guessing++; + try { + { + mDIGIT(false); + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { + synPredMatched34 = false; + } + rewind(_m34); + inputState->guessing--; + } + if ( synPredMatched34 ) { + { + bool synPredMatched43 = false; + if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (_tokenSet_4.member(LA(2))) && (_tokenSet_4.member(LA(3))))) { + int _m43 = mark(); + synPredMatched43 = true; + inputState->guessing++; + try { + { + { // ( ... )+ + int _cnt38=0; + for (;;) { + if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { + mDIGIT(false); + } + else { + if ( _cnt38>=1 ) { goto _loop38; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + } + + _cnt38++; + } + _loop38:; + } // ( ... )+ + mDOT(false); + { // ( ... )+ + int _cnt40=0; + for (;;) { + if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { + mDIGIT(false); + } + else { + if ( _cnt40>=1 ) { goto _loop40; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + } + + _cnt40++; + } + _loop40:; + } // ( ... )+ + mDOT(false); + { // ( ... )+ + int _cnt42=0; + for (;;) { + if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { + mDIGIT(false); + } + else { + if ( _cnt42>=1 ) { goto _loop42; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + } + + _cnt42++; + } + _loop42:; + } // ( ... )+ + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { + synPredMatched43 = false; + } + rewind(_m43); + inputState->guessing--; + } + if ( synPredMatched43 ) { + { + { // ( ... )+ + int _cnt46=0; + for (;;) { + if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { + mDIGIT(false); + } + else { + if ( _cnt46>=1 ) { goto _loop46; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + } + + _cnt46++; + } + _loop46:; + } // ( ... )+ + mDOT(false); + { // ( ... )+ + int _cnt48=0; + for (;;) { + if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { + mDIGIT(false); + } + else { + if ( _cnt48>=1 ) { goto _loop48; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + } + + _cnt48++; + } + _loop48:; + } // ( ... )+ + mDOT(false); + { // ( ... )+ + int _cnt50=0; + for (;;) { + if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { + mDIGIT(false); + } + else { + if ( _cnt50>=1 ) { goto _loop50; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + } + + _cnt50++; + } + _loop50:; + } // ( ... )+ + mDOT(false); + { // ( ... )+ + int _cnt52=0; + for (;;) { + if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { + mDIGIT(false); + } + else { + if ( _cnt52>=1 ) { goto _loop52; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + } + + _cnt52++; + } + _loop52:; + } // ( ... )+ + } + if ( inputState->guessing==0 ) { +#line 307 "pf.g" + _ttype = IPV4; +#line 953 "PFCfgLexer.cpp" + } + } + else { + bool synPredMatched58 = false; + if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (_tokenSet_4.member(LA(2))) && (_tokenSet_4.member(LA(3))))) { + int _m58 = mark(); + synPredMatched58 = true; + inputState->guessing++; + try { + { + { // ( ... )+ + int _cnt55=0; + for (;;) { + if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { + mDIGIT(false); + } + else { + if ( _cnt55>=1 ) { goto _loop55; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + } + + _cnt55++; + } + _loop55:; + } // ( ... )+ + mDOT(false); + { // ( ... )+ + int _cnt57=0; + for (;;) { + if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { + mDIGIT(false); + } + else { + if ( _cnt57>=1 ) { goto _loop57; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + } + + _cnt57++; + } + _loop57:; + } // ( ... )+ + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { + synPredMatched58 = false; + } + rewind(_m58); + inputState->guessing--; + } + if ( synPredMatched58 ) { + { + { // ( ... )+ + int _cnt61=0; + for (;;) { + if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { + mDIGIT(false); + } + else { + if ( _cnt61>=1 ) { goto _loop61; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + } + + _cnt61++; + } + _loop61:; + } // ( ... )+ + mDOT(false); + { // ( ... )+ + int _cnt63=0; + for (;;) { + if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { + mDIGIT(false); + } + else { + if ( _cnt63>=1 ) { goto _loop63; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + } + + _cnt63++; + } + _loop63:; + } // ( ... )+ + } + if ( inputState->guessing==0 ) { +#line 310 "pf.g" + _ttype = NUMBER; +#line 1036 "PFCfgLexer.cpp" + } + } + else if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (true) && (true)) { + { // ( ... )+ + int _cnt65=0; + for (;;) { + if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { + mDIGIT(false); + } + else { + if ( _cnt65>=1 ) { goto _loop65; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + } + + _cnt65++; + } + _loop65:; + } // ( ... )+ + if ( inputState->guessing==0 ) { +#line 312 "pf.g" + _ttype = INT_CONST; +#line 1057 "PFCfgLexer.cpp" + } + } + else { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn()); + } + } + } + } + else if ((_tokenSet_5.member(LA(1))) && (true) && (true)) { + { + switch ( LA(1)) { + case 0x61 /* 'a' */ : + case 0x62 /* 'b' */ : + case 0x63 /* 'c' */ : + case 0x64 /* 'd' */ : + case 0x65 /* 'e' */ : + case 0x66 /* 'f' */ : + case 0x67 /* 'g' */ : + case 0x68 /* 'h' */ : + case 0x69 /* 'i' */ : + case 0x6a /* 'j' */ : + case 0x6b /* 'k' */ : + case 0x6c /* 'l' */ : + case 0x6d /* 'm' */ : + case 0x6e /* 'n' */ : + case 0x6f /* 'o' */ : + case 0x70 /* 'p' */ : + case 0x71 /* 'q' */ : + case 0x72 /* 'r' */ : + case 0x73 /* 's' */ : + case 0x74 /* 't' */ : + case 0x75 /* 'u' */ : + case 0x76 /* 'v' */ : + case 0x77 /* 'w' */ : + case 0x78 /* 'x' */ : + case 0x79 /* 'y' */ : + case 0x7a /* 'z' */ : + { + matchRange('a','z'); + break; + } + case 0x41 /* 'A' */ : + case 0x42 /* 'B' */ : + case 0x43 /* 'C' */ : + case 0x44 /* 'D' */ : + case 0x45 /* 'E' */ : + case 0x46 /* 'F' */ : + case 0x47 /* 'G' */ : + case 0x48 /* 'H' */ : + case 0x49 /* 'I' */ : + case 0x4a /* 'J' */ : + case 0x4b /* 'K' */ : + case 0x4c /* 'L' */ : + case 0x4d /* 'M' */ : + case 0x4e /* 'N' */ : + case 0x4f /* 'O' */ : + case 0x50 /* 'P' */ : + case 0x51 /* 'Q' */ : + case 0x52 /* 'R' */ : + case 0x53 /* 'S' */ : + case 0x54 /* 'T' */ : + case 0x55 /* 'U' */ : + case 0x56 /* 'V' */ : + case 0x57 /* 'W' */ : + case 0x58 /* 'X' */ : + case 0x59 /* 'Y' */ : + case 0x5a /* 'Z' */ : + { + matchRange('A','Z'); + break; + } + case 0x24 /* '$' */ : + { + match('$' /* charlit */ ); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn()); + } + } + } + { // ( ... )* + for (;;) { + switch ( LA(1)) { + case 0x21 /* '!' */ : + case 0x22 /* '\"' */ : + case 0x23 /* '#' */ : + case 0x24 /* '$' */ : + case 0x25 /* '%' */ : + case 0x26 /* '&' */ : + case 0x27 /* '\'' */ : + { + matchRange('!','\''); + break; + } + case 0x2a /* '*' */ : + { + match('*' /* charlit */ ); + break; + } + case 0x2b /* '+' */ : + { + match('+' /* charlit */ ); + break; + } + case 0x2d /* '-' */ : + { + match('-' /* charlit */ ); + break; + } + case 0x2e /* '.' */ : + { + match('.' /* charlit */ ); + break; + } + case 0x2f /* '/' */ : + { + match('/' /* charlit */ ); + break; + } + case 0x30 /* '0' */ : + case 0x31 /* '1' */ : + case 0x32 /* '2' */ : + case 0x33 /* '3' */ : + case 0x34 /* '4' */ : + case 0x35 /* '5' */ : + case 0x36 /* '6' */ : + case 0x37 /* '7' */ : + case 0x38 /* '8' */ : + case 0x39 /* '9' */ : + { + matchRange('0','9'); + break; + } + case 0x3a /* ':' */ : + { + match(':' /* charlit */ ); + break; + } + case 0x3b /* ';' */ : + { + match(';' /* charlit */ ); + break; + } + case 0x3c /* '<' */ : + { + match('<' /* charlit */ ); + break; + } + case 0x3d /* '=' */ : + { + match('=' /* charlit */ ); + break; + } + case 0x3e /* '>' */ : + { + match('>' /* charlit */ ); + break; + } + case 0x3f /* '?' */ : + { + match('?' /* charlit */ ); + break; + } + case 0x40 /* '@' */ : + { + match('@' /* charlit */ ); + break; + } + case 0x41 /* 'A' */ : + case 0x42 /* 'B' */ : + case 0x43 /* 'C' */ : + case 0x44 /* 'D' */ : + case 0x45 /* 'E' */ : + case 0x46 /* 'F' */ : + case 0x47 /* 'G' */ : + case 0x48 /* 'H' */ : + case 0x49 /* 'I' */ : + case 0x4a /* 'J' */ : + case 0x4b /* 'K' */ : + case 0x4c /* 'L' */ : + case 0x4d /* 'M' */ : + case 0x4e /* 'N' */ : + case 0x4f /* 'O' */ : + case 0x50 /* 'P' */ : + case 0x51 /* 'Q' */ : + case 0x52 /* 'R' */ : + case 0x53 /* 'S' */ : + case 0x54 /* 'T' */ : + case 0x55 /* 'U' */ : + case 0x56 /* 'V' */ : + case 0x57 /* 'W' */ : + case 0x58 /* 'X' */ : + case 0x59 /* 'Y' */ : + case 0x5a /* 'Z' */ : + { + matchRange('A','Z'); + break; + } + case 0x5c /* '\\' */ : + { + match('\\' /* charlit */ ); + break; + } + case 0x5e /* '^' */ : + { + match('^' /* charlit */ ); + break; + } + case 0x5f /* '_' */ : + { + match('_' /* charlit */ ); + break; + } + case 0x60 /* '`' */ : + { + match('`' /* charlit */ ); + break; + } + case 0x61 /* 'a' */ : + case 0x62 /* 'b' */ : + case 0x63 /* 'c' */ : + case 0x64 /* 'd' */ : + case 0x65 /* 'e' */ : + case 0x66 /* 'f' */ : + case 0x67 /* 'g' */ : + case 0x68 /* 'h' */ : + case 0x69 /* 'i' */ : + case 0x6a /* 'j' */ : + case 0x6b /* 'k' */ : + case 0x6c /* 'l' */ : + case 0x6d /* 'm' */ : + case 0x6e /* 'n' */ : + case 0x6f /* 'o' */ : + case 0x70 /* 'p' */ : + case 0x71 /* 'q' */ : + case 0x72 /* 'r' */ : + case 0x73 /* 's' */ : + case 0x74 /* 't' */ : + case 0x75 /* 'u' */ : + case 0x76 /* 'v' */ : + case 0x77 /* 'w' */ : + case 0x78 /* 'x' */ : + case 0x79 /* 'y' */ : + case 0x7a /* 'z' */ : + { + matchRange('a','z'); + break; + } + default: + { + goto _loop80; + } + } + } + _loop80:; + } // ( ... )* + if ( inputState->guessing==0 ) { +#line 327 "pf.g" + _ttype = WORD; +#line 1319 "PFCfgLexer.cpp" + } + } + else { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn()); + } + } + } + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void PFCfgLexer::mDOT(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); + _ttype = DOT; + ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; + + match('.' /* charlit */ ); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void PFCfgLexer::mSTRING(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); + _ttype = STRING; + ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; + + match('\"' /* charlit */ ); + { // ( ... )* + for (;;) { + if ((_tokenSet_6.member(LA(1)))) { + matchNot('\"' /* charlit */ ); + } + else { + goto _loop83; + } + + } + _loop83:; + } // ( ... )* + match('\"' /* charlit */ ); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void PFCfgLexer::mPIPE_CHAR(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); + _ttype = PIPE_CHAR; + ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; + + match('|' /* charlit */ ); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void PFCfgLexer::mNUMBER_SIGN(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); + _ttype = NUMBER_SIGN; + ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; + + match('#' /* charlit */ ); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void PFCfgLexer::mPERCENT(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); + _ttype = PERCENT; + ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; + + match('%' /* charlit */ ); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void PFCfgLexer::mAMPERSAND(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); + _ttype = AMPERSAND; + ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; + + match('&' /* charlit */ ); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void PFCfgLexer::mAPOSTROPHE(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); + _ttype = APOSTROPHE; + ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; + + match('\'' /* charlit */ ); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void PFCfgLexer::mOPENING_PAREN(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); + _ttype = OPENING_PAREN; + ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; + + match('(' /* charlit */ ); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void PFCfgLexer::mCLOSING_PAREN(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); + _ttype = CLOSING_PAREN; + ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; + + match(')' /* charlit */ ); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void PFCfgLexer::mSTAR(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); + _ttype = STAR; + ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; + + match('*' /* charlit */ ); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void PFCfgLexer::mPLUS(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); + _ttype = PLUS; + ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; + + match('+' /* charlit */ ); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void PFCfgLexer::mCOMMA(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); + _ttype = COMMA; + ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; + + match(',' /* charlit */ ); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void PFCfgLexer::mMINUS(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); + _ttype = MINUS; + ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; + + match('-' /* charlit */ ); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void PFCfgLexer::mSLASH(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); + _ttype = SLASH; + ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; + + match('/' /* charlit */ ); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void PFCfgLexer::mSEMICOLON(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); + _ttype = SEMICOLON; + ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; + + match(';' /* charlit */ ); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void PFCfgLexer::mLESS_THAN(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); + _ttype = LESS_THAN; + ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; + + match('<' /* charlit */ ); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void PFCfgLexer::mEQUALS(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); + _ttype = EQUALS; + ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; + + match('=' /* charlit */ ); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void PFCfgLexer::mGREATER_THAN(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); + _ttype = GREATER_THAN; + ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; + + match('>' /* charlit */ ); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void PFCfgLexer::mQUESTION(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); + _ttype = QUESTION; + ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; + + match('?' /* charlit */ ); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void PFCfgLexer::mCOMMERCIAL_AT(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); + _ttype = COMMERCIAL_AT; + ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; + + match('@' /* charlit */ ); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void PFCfgLexer::mOPENING_SQUARE(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); + _ttype = OPENING_SQUARE; + ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; + + match('[' /* charlit */ ); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void PFCfgLexer::mCLOSING_SQUARE(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); + _ttype = CLOSING_SQUARE; + ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; + + match(']' /* charlit */ ); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void PFCfgLexer::mCARET(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); + _ttype = CARET; + ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; + + match('^' /* charlit */ ); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void PFCfgLexer::mUNDERLINE(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); + _ttype = UNDERLINE; + ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; + + match('_' /* charlit */ ); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void PFCfgLexer::mOPENING_BRACE(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); + _ttype = OPENING_BRACE; + ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; + + match('{' /* charlit */ ); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void PFCfgLexer::mCLOSING_BRACE(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); + _ttype = CLOSING_BRACE; + ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; + + match('}' /* charlit */ ); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void PFCfgLexer::mTILDE(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); + _ttype = TILDE; + ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; + + match('~' /* charlit */ ); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void PFCfgLexer::mEXLAMATION(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); + _ttype = EXLAMATION; + ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; + + match('!' /* charlit */ ); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + + +const unsigned long PFCfgLexer::_tokenSet_0_data_[] = { 4294958072UL, 1UL, 0UL, 2147483648UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// 0x3 0x4 0x5 0x6 0x7 0x8 0x9 0xb 0xc 0xe 0xf 0x10 0x11 0x12 0x13 0x14 +// 0x15 0x16 0x17 0x18 0x19 0x1a 0x1b 0x1c 0x1d 0x1e 0x1f +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgLexer::_tokenSet_0(_tokenSet_0_data_,16); +const unsigned long PFCfgLexer::_tokenSet_1_data_[] = { 4294958072UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// 0x3 0x4 0x5 0x6 0x7 0x8 0x9 0xb 0xc 0xe 0xf 0x10 0x11 0x12 0x13 0x14 +// 0x15 0x16 0x17 0x18 0x19 0x1a 0x1b 0x1c 0x1d 0x1e 0x1f ! \" # $ % +// & \' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ? @ A B C D E F G +// H I J K L M N O P Q R S T U V W +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgLexer::_tokenSet_1(_tokenSet_1_data_,16); +const unsigned long PFCfgLexer::_tokenSet_2_data_[] = { 0UL, 67043328UL, 0UL, 126UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// 0 1 2 3 4 5 6 7 8 9 +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgLexer::_tokenSet_2(_tokenSet_2_data_,10); +const unsigned long PFCfgLexer::_tokenSet_3_data_[] = { 0UL, 134152192UL, 0UL, 126UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// 0 1 2 3 4 5 6 7 8 9 : +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgLexer::_tokenSet_3(_tokenSet_3_data_,10); +const unsigned long PFCfgLexer::_tokenSet_4_data_[] = { 0UL, 67059712UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// . 0 1 2 3 4 5 6 7 8 9 +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgLexer::_tokenSet_4(_tokenSet_4_data_,10); +const unsigned long PFCfgLexer::_tokenSet_5_data_[] = { 0UL, 16UL, 134217726UL, 134217726UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// $ A B C D E F G H I J K L M N O P Q R S T U V W +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgLexer::_tokenSet_5(_tokenSet_5_data_,10); +const unsigned long PFCfgLexer::_tokenSet_6_data_[] = { 4294967288UL, 4294967291UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// 0x3 0x4 0x5 0x6 0x7 0x8 0x9 0xa 0xb 0xc 0xd 0xe 0xf 0x10 0x11 0x12 0x13 +// 0x14 0x15 0x16 0x17 0x18 0x19 0x1a 0x1b 0x1c 0x1d 0x1e 0x1f ! # $ +// % & \' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ? @ A B C D E F +// G H I J K L M N O P Q R S T U V W +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgLexer::_tokenSet_6(_tokenSet_6_data_,16); + diff --git a/src/parsers/PFCfgLexer.hpp b/src/parsers/PFCfgLexer.hpp new file mode 100644 index 000000000..f01f6233b --- /dev/null +++ b/src/parsers/PFCfgLexer.hpp @@ -0,0 +1,108 @@ +#ifndef INC_PFCfgLexer_hpp_ +#define INC_PFCfgLexer_hpp_ + +#line 25 "pf.g" + + // gets inserted before antlr generated includes in the header + // file +#include "PFImporter.h" + +#line 11 "PFCfgLexer.hpp" +#include +/* $ANTLR 2.7.7 (20090306): "pf.g" -> "PFCfgLexer.hpp"$ */ +#include +#include +#include +#include "PFCfgParserTokenTypes.hpp" +#include +#line 32 "pf.g" + + // gets inserted after antlr generated includes in the header file + // outside any generated namespace specifications + +#include + +class PFImporter; + +#line 28 "PFCfgLexer.hpp" +#line 56 "pf.g" + + // gets inserted after generated namespace specifications in the + // header file. But outside the generated class. + +#line 34 "PFCfgLexer.hpp" +class CUSTOM_API PFCfgLexer : public ANTLR_USE_NAMESPACE(antlr)CharScanner, public PFCfgParserTokenTypes +{ +#line 1 "pf.g" +#line 38 "PFCfgLexer.hpp" +private: + void initLiterals(); +public: + bool getCaseSensitiveLiterals() const + { + return true; + } +public: + PFCfgLexer(ANTLR_USE_NAMESPACE(std)istream& in); + PFCfgLexer(ANTLR_USE_NAMESPACE(antlr)InputBuffer& ib); + PFCfgLexer(const ANTLR_USE_NAMESPACE(antlr)LexerSharedInputState& state); + ANTLR_USE_NAMESPACE(antlr)RefToken nextToken(); + public: void mLINE_COMMENT(bool _createToken); + public: void mNEWLINE(bool _createToken); + public: void mCOLON_COMMENT(bool _createToken); + public: void mCOLON(bool _createToken); + public: void mWhitespace(bool _createToken); + protected: void mINT_CONST(bool _createToken); + protected: void mHEX_CONST(bool _createToken); + protected: void mNUMBER(bool _createToken); + protected: void mNEG_INT_CONST(bool _createToken); + protected: void mDIGIT(bool _createToken); + protected: void mHEXDIGIT(bool _createToken); + public: void mNUMBER_ADDRESS_OR_WORD(bool _createToken); + public: void mDOT(bool _createToken); + public: void mSTRING(bool _createToken); + public: void mPIPE_CHAR(bool _createToken); + public: void mNUMBER_SIGN(bool _createToken); + public: void mPERCENT(bool _createToken); + public: void mAMPERSAND(bool _createToken); + public: void mAPOSTROPHE(bool _createToken); + public: void mOPENING_PAREN(bool _createToken); + public: void mCLOSING_PAREN(bool _createToken); + public: void mSTAR(bool _createToken); + public: void mPLUS(bool _createToken); + public: void mCOMMA(bool _createToken); + public: void mMINUS(bool _createToken); + public: void mSLASH(bool _createToken); + public: void mSEMICOLON(bool _createToken); + public: void mLESS_THAN(bool _createToken); + public: void mEQUALS(bool _createToken); + public: void mGREATER_THAN(bool _createToken); + public: void mQUESTION(bool _createToken); + public: void mCOMMERCIAL_AT(bool _createToken); + public: void mOPENING_SQUARE(bool _createToken); + public: void mCLOSING_SQUARE(bool _createToken); + public: void mCARET(bool _createToken); + public: void mUNDERLINE(bool _createToken); + public: void mOPENING_BRACE(bool _createToken); + public: void mCLOSING_BRACE(bool _createToken); + public: void mTILDE(bool _createToken); + public: void mEXLAMATION(bool _createToken); +private: + + static const unsigned long _tokenSet_0_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_0; + static const unsigned long _tokenSet_1_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_1; + static const unsigned long _tokenSet_2_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_2; + static const unsigned long _tokenSet_3_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_3; + static const unsigned long _tokenSet_4_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_4; + static const unsigned long _tokenSet_5_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_5; + static const unsigned long _tokenSet_6_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_6; +}; + +#endif /*INC_PFCfgLexer_hpp_*/ diff --git a/src/parsers/PFCfgParser.cpp b/src/parsers/PFCfgParser.cpp new file mode 100644 index 000000000..11d75fcd4 --- /dev/null +++ b/src/parsers/PFCfgParser.cpp @@ -0,0 +1,377 @@ +/* $ANTLR 2.7.7 (20090306): "pf.g" -> "PFCfgParser.cpp"$ */ +#line 42 "pf.g" + + // gets inserted before the antlr generated includes in the cpp + // file + +#line 8 "PFCfgParser.cpp" +#include "PFCfgParser.hpp" +#include +#include +#include +#line 48 "pf.g" + + // gets inserted after the antlr generated includes in the cpp + // file +#include +#include + +#line 20 "PFCfgParser.cpp" +#line 1 "pf.g" +#line 22 "PFCfgParser.cpp" +PFCfgParser::PFCfgParser(ANTLR_USE_NAMESPACE(antlr)TokenBuffer& tokenBuf, int k) +: ANTLR_USE_NAMESPACE(antlr)LLkParser(tokenBuf,k) +{ +} + +PFCfgParser::PFCfgParser(ANTLR_USE_NAMESPACE(antlr)TokenBuffer& tokenBuf) +: ANTLR_USE_NAMESPACE(antlr)LLkParser(tokenBuf,2) +{ +} + +PFCfgParser::PFCfgParser(ANTLR_USE_NAMESPACE(antlr)TokenStream& lexer, int k) +: ANTLR_USE_NAMESPACE(antlr)LLkParser(lexer,k) +{ +} + +PFCfgParser::PFCfgParser(ANTLR_USE_NAMESPACE(antlr)TokenStream& lexer) +: ANTLR_USE_NAMESPACE(antlr)LLkParser(lexer,2) +{ +} + +PFCfgParser::PFCfgParser(const ANTLR_USE_NAMESPACE(antlr)ParserSharedInputState& state) +: ANTLR_USE_NAMESPACE(antlr)LLkParser(state,2) +{ +} + +void PFCfgParser::cfgfile() { + + try { // for error handling + { // ( ... )+ + int _cnt3=0; + for (;;) { + switch ( LA(1)) { + case LINE_COMMENT: + case COLON_COMMENT: + { + comment(); + break; + } + case PASS: + { + pass_command(); + break; + } + case DROP: + { + drop_command(); + break; + } + case TIMEOUT: + { + timeout_command(); + break; + } + case WORD: + { + unknown_command(); + break; + } + case NEWLINE: + { + match(NEWLINE); + break; + } + default: + { + if ( _cnt3>=1 ) { goto _loop3; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());} + } + } + _cnt3++; + } + _loop3:; + } // ( ... )+ + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_0); + } +} + +void PFCfgParser::comment() { + + try { // for error handling + { + switch ( LA(1)) { + case LINE_COMMENT: + { + match(LINE_COMMENT); + break; + } + case COLON_COMMENT: + { + match(COLON_COMMENT); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_1); + } +} + +void PFCfgParser::pass_command() { + + try { // for error handling + match(PASS); +#line 151 "pf.g" + + importer->setCurrentLineNumber(LT(0)->getLine()); + importer->newPolicyRule(); + importer->action = "pass"; + *dbg << LT(1)->getLine() << ":" << " pass "; + +#line 141 "PFCfgParser.cpp" + rule_extended(); + match(NEWLINE); +#line 158 "pf.g" + + importer->pushRule(); + +#line 148 "PFCfgParser.cpp" + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_1); + } +} + +void PFCfgParser::drop_command() { + + try { // for error handling + match(DROP); +#line 164 "pf.g" + + importer->setCurrentLineNumber(LT(0)->getLine()); + importer->newPolicyRule(); + importer->action = "drop"; + *dbg << LT(1)->getLine() << ":" << " drop "; + +#line 167 "PFCfgParser.cpp" + rule_extended(); + match(NEWLINE); +#line 171 "pf.g" + + importer->pushRule(); + +#line 174 "PFCfgParser.cpp" + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_1); + } +} + +void PFCfgParser::timeout_command() { + + try { // for error handling + match(TIMEOUT); +#line 134 "pf.g" + + consumeUntil(NEWLINE); + +#line 190 "PFCfgParser.cpp" + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_1); + } +} + +void PFCfgParser::unknown_command() { + + try { // for error handling + match(WORD); +#line 142 "pf.g" + + consumeUntil(NEWLINE); + +#line 206 "PFCfgParser.cpp" + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_1); + } +} + +void PFCfgParser::rule_extended() { + + try { // for error handling + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_2); + } +} + +void PFCfgParser::single_addr() { + ANTLR_USE_NAMESPACE(antlr)RefToken h = ANTLR_USE_NAMESPACE(antlr)nullToken; + ANTLR_USE_NAMESPACE(antlr)RefToken v6 = ANTLR_USE_NAMESPACE(antlr)nullToken; + + try { // for error handling + { + switch ( LA(1)) { + case IPV4: + { + h = LT(1); + match(IPV4); + break; + } + case IPV6: + { + v6 = LT(1); + match(IPV6); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } +#line 180 "pf.g" + + importer->setCurrentLineNumber(LT(0)->getLine()); + if (h) + { + importer->tmp_a = h->getText(); + importer->tmp_nm = "255.255.255.255"; + *dbg << importer->tmp_a << " "; + } + if (v6) + { + importer->addMessageToLog( + QString("Warning: IPv6 import is not supported. ")); + consumeUntil(NEWLINE); + } + +#line 265 "PFCfgParser.cpp" + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_0); + } +} + +void PFCfgParser::initializeASTFactory( ANTLR_USE_NAMESPACE(antlr)ASTFactory& ) +{ +} +const char* PFCfgParser::tokenNames[] = { + "<0>", + "EOF", + "<2>", + "NULL_TREE_LOOKAHEAD", + "NEWLINE", + "LINE_COMMENT", + "COLON_COMMENT", + "\"timeout\"", + "WORD", + "\"pass\"", + "\"drop\"", + "IPV4", + "IPV6", + "\"exit\"", + "\"quit\"", + "\"no\"", + "\"interface\"", + "\"ip\"", + "\"icmp\"", + "\"icmp6\"", + "\"tcp\"", + "\"udp\"", + "\"ah\"", + "\"eigrp\"", + "\"esp\"", + "\"gre\"", + "\"igmp\"", + "\"igrp\"", + "\"ipinip\"", + "\"ipsec\"", + "\"nos\"", + "\"ospf\"", + "\"pcp\"", + "\"pim\"", + "\"pptp\"", + "\"rip\"", + "\"snp\"", + "\"host\"", + "\"any\"", + "\"range\"", + "\"log\"", + "\"alerts\"", + "\"critical\"", + "\"debugging\"", + "\"emergencies\"", + "\"errors\"", + "\"informational\"", + "\"notifications\"", + "\"warnings\"", + "\"disable\"", + "\"inactive\"", + "Whitespace", + "INT_CONST", + "HEX_CONST", + "NUMBER", + "NEG_INT_CONST", + "DIGIT", + "HEXDIGIT", + "NUMBER_ADDRESS_OR_WORD", + "STRING", + "PIPE_CHAR", + "NUMBER_SIGN", + "PERCENT", + "AMPERSAND", + "APOSTROPHE", + "OPENING_PAREN", + "CLOSING_PAREN", + "STAR", + "PLUS", + "COMMA", + "MINUS", + "DOT", + "SLASH", + "COLON", + "SEMICOLON", + "LESS_THAN", + "EQUALS", + "GREATER_THAN", + "QUESTION", + "COMMERCIAL_AT", + "OPENING_SQUARE", + "CLOSING_SQUARE", + "CARET", + "UNDERLINE", + "OPENING_BRACE", + "CLOSING_BRACE", + "TILDE", + "EXLAMATION", + 0 +}; + +const unsigned long PFCfgParser::_tokenSet_0_data_[] = { 2UL, 0UL, 0UL, 0UL }; +// EOF +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_0(_tokenSet_0_data_,4); +const unsigned long PFCfgParser::_tokenSet_1_data_[] = { 2034UL, 0UL, 0UL, 0UL }; +// EOF NEWLINE LINE_COMMENT COLON_COMMENT "timeout" WORD "pass" "drop" +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_1(_tokenSet_1_data_,4); +const unsigned long PFCfgParser::_tokenSet_2_data_[] = { 16UL, 0UL, 0UL, 0UL }; +// NEWLINE +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_2(_tokenSet_2_data_,4); + + diff --git a/src/parsers/PFCfgParser.hpp b/src/parsers/PFCfgParser.hpp new file mode 100644 index 000000000..50554ab4d --- /dev/null +++ b/src/parsers/PFCfgParser.hpp @@ -0,0 +1,125 @@ +#ifndef INC_PFCfgParser_hpp_ +#define INC_PFCfgParser_hpp_ + +#line 25 "pf.g" + + // gets inserted before antlr generated includes in the header + // file +#include "PFImporter.h" + +#line 11 "PFCfgParser.hpp" +#include +/* $ANTLR 2.7.7 (20090306): "pf.g" -> "PFCfgParser.hpp"$ */ +#include +#include +#include "PFCfgParserTokenTypes.hpp" +#include + +#line 32 "pf.g" + + // gets inserted after antlr generated includes in the header file + // outside any generated namespace specifications + +#include + +class PFImporter; + +#line 28 "PFCfgParser.hpp" +#line 56 "pf.g" + + // gets inserted after generated namespace specifications in the + // header file. But outside the generated class. + +#line 34 "PFCfgParser.hpp" +class CUSTOM_API PFCfgParser : public ANTLR_USE_NAMESPACE(antlr)LLkParser, public PFCfgParserTokenTypes +{ +#line 81 "pf.g" + +// additional methods and members + + public: + + std::ostream *dbg; + PFImporter *importer; + + /// Parser error-reporting function can be overridden in subclass + virtual void reportError(const ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) + { + importer->addMessageToLog("Parser error: " + ex.toString()); + std::cerr << ex.toString() << std::endl; + } + + /// Parser error-reporting function can be overridden in subclass + virtual void reportError(const ANTLR_USE_NAMESPACE(std)string& s) + { + importer->addMessageToLog("Parser error: " + s); + std::cerr << s << std::endl; + } + + /// Parser warning-reporting function can be overridden in subclass + virtual void reportWarning(const ANTLR_USE_NAMESPACE(std)string& s) + { + importer->addMessageToLog("Parser warning: " + s); + std::cerr << s << std::endl; + } + +#line 38 "PFCfgParser.hpp" +public: + void initializeASTFactory( ANTLR_USE_NAMESPACE(antlr)ASTFactory& factory ); +protected: + PFCfgParser(ANTLR_USE_NAMESPACE(antlr)TokenBuffer& tokenBuf, int k); +public: + PFCfgParser(ANTLR_USE_NAMESPACE(antlr)TokenBuffer& tokenBuf); +protected: + PFCfgParser(ANTLR_USE_NAMESPACE(antlr)TokenStream& lexer, int k); +public: + PFCfgParser(ANTLR_USE_NAMESPACE(antlr)TokenStream& lexer); + PFCfgParser(const ANTLR_USE_NAMESPACE(antlr)ParserSharedInputState& state); + int getNumTokens() const + { + return PFCfgParser::NUM_TOKENS; + } + const char* getTokenName( int type ) const + { + if( type > getNumTokens() ) return 0; + return PFCfgParser::tokenNames[type]; + } + const char* const* getTokenNames() const + { + return PFCfgParser::tokenNames; + } + public: void cfgfile(); + public: void comment(); + public: void pass_command(); + public: void drop_command(); + public: void timeout_command(); + public: void unknown_command(); + public: void rule_extended(); + public: void single_addr(); +public: + ANTLR_USE_NAMESPACE(antlr)RefAST getAST() + { + return returnAST; + } + +protected: + ANTLR_USE_NAMESPACE(antlr)RefAST returnAST; +private: + static const char* tokenNames[]; +#ifndef NO_STATIC_CONSTS + static const int NUM_TOKENS = 88; +#else + enum { + NUM_TOKENS = 88 + }; +#endif + + static const unsigned long _tokenSet_0_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_0; + static const unsigned long _tokenSet_1_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_1; + static const unsigned long _tokenSet_2_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_2; +}; + +#endif /*INC_PFCfgParser_hpp_*/ diff --git a/src/parsers/PFCfgParserTokenTypes.hpp b/src/parsers/PFCfgParserTokenTypes.hpp new file mode 100644 index 000000000..4f42e6b4c --- /dev/null +++ b/src/parsers/PFCfgParserTokenTypes.hpp @@ -0,0 +1,104 @@ +#ifndef INC_PFCfgParserTokenTypes_hpp_ +#define INC_PFCfgParserTokenTypes_hpp_ + +/* $ANTLR 2.7.7 (20090306): "pf.g" -> "PFCfgParserTokenTypes.hpp"$ */ + +#ifndef CUSTOM_API +# define CUSTOM_API +#endif + +#ifdef __cplusplus +struct CUSTOM_API PFCfgParserTokenTypes { +#endif + enum { + EOF_ = 1, + NEWLINE = 4, + LINE_COMMENT = 5, + COLON_COMMENT = 6, + TIMEOUT = 7, + WORD = 8, + PASS = 9, + DROP = 10, + IPV4 = 11, + IPV6 = 12, + EXIT = 13, + QUIT = 14, + NO = 15, + INTRFACE = 16, + IP = 17, + ICMP = 18, + ICMP6 = 19, + TCP = 20, + UDP = 21, + AH = 22, + EIGRP = 23, + ESP = 24, + GRE = 25, + IGMP = 26, + IGRP = 27, + IPINIP = 28, + IPSEC = 29, + NOS = 30, + OSPF = 31, + PCP = 32, + PIM = 33, + PPTP = 34, + RIP = 35, + SNP = 36, + HOST = 37, + ANY = 38, + RANGE = 39, + LOG = 40, + LOG_LEVEL_ALERTS = 41, + LOG_LEVEL_CRITICAL = 42, + LOG_LEVEL_DEBUGGING = 43, + LOG_LEVEL_EMERGENCIES = 44, + LOG_LEVEL_ERRORS = 45, + LOG_LEVEL_INFORMATIONAL = 46, + LOG_LEVEL_NOTIFICATIONS = 47, + LOG_LEVEL_WARNINGS = 48, + LOG_LEVEL_DISABLE = 49, + LOG_LEVEL_INACTIVE = 50, + Whitespace = 51, + INT_CONST = 52, + HEX_CONST = 53, + NUMBER = 54, + NEG_INT_CONST = 55, + DIGIT = 56, + HEXDIGIT = 57, + NUMBER_ADDRESS_OR_WORD = 58, + STRING = 59, + PIPE_CHAR = 60, + NUMBER_SIGN = 61, + PERCENT = 62, + AMPERSAND = 63, + APOSTROPHE = 64, + OPENING_PAREN = 65, + CLOSING_PAREN = 66, + STAR = 67, + PLUS = 68, + COMMA = 69, + MINUS = 70, + DOT = 71, + SLASH = 72, + COLON = 73, + SEMICOLON = 74, + LESS_THAN = 75, + EQUALS = 76, + GREATER_THAN = 77, + QUESTION = 78, + COMMERCIAL_AT = 79, + OPENING_SQUARE = 80, + CLOSING_SQUARE = 81, + CARET = 82, + UNDERLINE = 83, + OPENING_BRACE = 84, + CLOSING_BRACE = 85, + TILDE = 86, + EXLAMATION = 87, + NULL_TREE_LOOKAHEAD = 3 + }; +#ifdef __cplusplus +}; +#endif +#endif /*INC_PFCfgParserTokenTypes_hpp_*/ diff --git a/src/parsers/PFCfgParserTokenTypes.txt b/src/parsers/PFCfgParserTokenTypes.txt new file mode 100644 index 000000000..f4f9610bb --- /dev/null +++ b/src/parsers/PFCfgParserTokenTypes.txt @@ -0,0 +1,86 @@ +// $ANTLR 2.7.7 (20090306): pf.g -> PFCfgParserTokenTypes.txt$ +PFCfgParser // output token vocab name +NEWLINE=4 +LINE_COMMENT=5 +COLON_COMMENT=6 +TIMEOUT="timeout"=7 +WORD=8 +PASS="pass"=9 +DROP="drop"=10 +IPV4=11 +IPV6=12 +EXIT="exit"=13 +QUIT="quit"=14 +NO="no"=15 +INTRFACE="interface"=16 +IP="ip"=17 +ICMP="icmp"=18 +ICMP6="icmp6"=19 +TCP="tcp"=20 +UDP="udp"=21 +AH="ah"=22 +EIGRP="eigrp"=23 +ESP="esp"=24 +GRE="gre"=25 +IGMP="igmp"=26 +IGRP="igrp"=27 +IPINIP="ipinip"=28 +IPSEC="ipsec"=29 +NOS="nos"=30 +OSPF="ospf"=31 +PCP="pcp"=32 +PIM="pim"=33 +PPTP="pptp"=34 +RIP="rip"=35 +SNP="snp"=36 +HOST="host"=37 +ANY="any"=38 +RANGE="range"=39 +LOG="log"=40 +LOG_LEVEL_ALERTS="alerts"=41 +LOG_LEVEL_CRITICAL="critical"=42 +LOG_LEVEL_DEBUGGING="debugging"=43 +LOG_LEVEL_EMERGENCIES="emergencies"=44 +LOG_LEVEL_ERRORS="errors"=45 +LOG_LEVEL_INFORMATIONAL="informational"=46 +LOG_LEVEL_NOTIFICATIONS="notifications"=47 +LOG_LEVEL_WARNINGS="warnings"=48 +LOG_LEVEL_DISABLE="disable"=49 +LOG_LEVEL_INACTIVE="inactive"=50 +Whitespace=51 +INT_CONST=52 +HEX_CONST=53 +NUMBER=54 +NEG_INT_CONST=55 +DIGIT=56 +HEXDIGIT=57 +NUMBER_ADDRESS_OR_WORD=58 +STRING=59 +PIPE_CHAR=60 +NUMBER_SIGN=61 +PERCENT=62 +AMPERSAND=63 +APOSTROPHE=64 +OPENING_PAREN=65 +CLOSING_PAREN=66 +STAR=67 +PLUS=68 +COMMA=69 +MINUS=70 +DOT=71 +SLASH=72 +COLON=73 +SEMICOLON=74 +LESS_THAN=75 +EQUALS=76 +GREATER_THAN=77 +QUESTION=78 +COMMERCIAL_AT=79 +OPENING_SQUARE=80 +CLOSING_SQUARE=81 +CARET=82 +UNDERLINE=83 +OPENING_BRACE=84 +CLOSING_BRACE=85 +TILDE=86 +EXLAMATION=87 diff --git a/src/parsers/parsers.pro b/src/parsers/parsers.pro index 42d2c16fc..c0642c44f 100644 --- a/src/parsers/parsers.pro +++ b/src/parsers/parsers.pro @@ -10,7 +10,9 @@ SOURCES = IOSCfgLexer.cpp \ IPTCfgLexer.cpp \ IPTCfgParser.cpp \ PIXCfgLexer.cpp \ - PIXCfgParser.cpp + PIXCfgParser.cpp \ + PFCfgLexer.cpp \ + PFCfgParser.cpp HEADERS = ../../config.h \ IOSCfgLexer.hpp \ @@ -22,6 +24,9 @@ HEADERS = ../../config.h \ PIXCfgLexer.hpp \ PIXCfgParser.hpp \ PIXCfgParserTokenTypes.hpp \ + PFCfgLexer.hpp \ + PFCfgParser.hpp \ + PFCfgParserTokenTypes.hpp \ CONFIG += staticlib diff --git a/src/parsers/pf.g b/src/parsers/pf.g new file mode 100644 index 000000000..5d531275d --- /dev/null +++ b/src/parsers/pf.g @@ -0,0 +1,359 @@ +/* + + Firewall Builder + + Copyright (C) 2011 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +header "pre_include_hpp" +{ + // gets inserted before antlr generated includes in the header + // file +#include "PFImporter.h" +} + +header "post_include_hpp" +{ + // gets inserted after antlr generated includes in the header file + // outside any generated namespace specifications + +#include + +class PFImporter; +} + +header "pre_include_cpp" +{ + // gets inserted before the antlr generated includes in the cpp + // file +} + +header "post_include_cpp" +{ + // gets inserted after the antlr generated includes in the cpp + // file +#include +#include +} + +header +{ + // gets inserted after generated namespace specifications in the + // header file. But outside the generated class. +} + +options +{ + language="Cpp"; +} + + +class PFCfgParser extends Parser; +options +{ + k = 2; + +// when default error handler is disabled, parser errors cause +// exception and terminate parsing process. We can catch the exception +// and make the error appear in importer log, but import process +// terminates which is not always optimal +// +// defaultErrorHandler = false; + +// see http://www.antlr2.org/doc/options.html +} +{ +// additional methods and members + + public: + + std::ostream *dbg; + PFImporter *importer; + + /// Parser error-reporting function can be overridden in subclass + virtual void reportError(const ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) + { + importer->addMessageToLog("Parser error: " + ex.toString()); + std::cerr << ex.toString() << std::endl; + } + + /// Parser error-reporting function can be overridden in subclass + virtual void reportError(const ANTLR_USE_NAMESPACE(std)string& s) + { + importer->addMessageToLog("Parser error: " + s); + std::cerr << s << std::endl; + } + + /// Parser warning-reporting function can be overridden in subclass + virtual void reportWarning(const ANTLR_USE_NAMESPACE(std)string& s) + { + importer->addMessageToLog("Parser warning: " + s); + std::cerr << s << std::endl; + } + +} + +cfgfile : + ( + comment + | + pass_command + | + drop_command + | + timeout_command + | + unknown_command + | + NEWLINE + )+ + ; + +//**************************************************************** +comment : LINE_COMMENT ; + + +//**************************************************************** +timeout_command : TIMEOUT + { + consumeUntil(NEWLINE); + } + ; + + +//**************************************************************** +unknown_command : WORD + { + consumeUntil(NEWLINE); + } + ; + + +//**************************************************************** + +pass_command: PASS + { + importer->setCurrentLineNumber(LT(0)->getLine()); + importer->newPolicyRule(); + importer->action = "pass"; + *dbg << LT(1)->getLine() << ":" << " pass "; + } + rule_extended NEWLINE + { + importer->pushRule(); + } + ; + +drop_command: DROP + { + importer->setCurrentLineNumber(LT(0)->getLine()); + importer->newPolicyRule(); + importer->action = "drop"; + *dbg << LT(1)->getLine() << ":" << " drop "; + } + rule_extended NEWLINE + { + importer->pushRule(); + } + ; + +rule_extended: + ; + +single_addr : (h:IPV4 | v6:IPV6) + { + importer->setCurrentLineNumber(LT(0)->getLine()); + if (h) + { + importer->tmp_a = h->getText(); + importer->tmp_nm = "255.255.255.255"; + *dbg << importer->tmp_a << " "; + } + if (v6) + { + importer->addMessageToLog( + QString("Warning: IPv6 import is not supported. ")); + consumeUntil(NEWLINE); + } + } + ; + +//**************************************************************** + +class PFCfgLexer extends Lexer; +options +{ + k = 3; + // ASCII only + charVocabulary = '\3'..'\377'; +} + +tokens +{ + EXIT = "exit"; + QUIT = "quit"; + + NO = "no"; + + INTRFACE = "interface"; + + PASS = "pass"; + DROP = "drop"; + +// protocols + + IP = "ip"; + ICMP = "icmp"; + ICMP6 = "icmp6"; + TCP = "tcp"; + UDP = "udp"; + + AH = "ah"; + EIGRP = "eigrp"; + ESP = "esp"; + GRE = "gre"; + IGMP = "igmp"; + IGRP = "igrp"; + IPINIP = "ipinip"; + IPSEC = "ipsec"; + NOS = "nos"; + OSPF = "ospf"; + PCP = "pcp"; + PIM = "pim"; + PPTP = "pptp"; + RIP = "rip"; + SNP = "snp"; + + HOST = "host"; + ANY = "any"; + + RANGE = "range"; + + LOG = "log"; + + LOG_LEVEL_ALERTS = "alerts"; + LOG_LEVEL_CRITICAL = "critical"; + LOG_LEVEL_DEBUGGING = "debugging"; + LOG_LEVEL_EMERGENCIES = "emergencies"; + LOG_LEVEL_ERRORS = "errors"; + LOG_LEVEL_INFORMATIONAL = "informational"; + LOG_LEVEL_NOTIFICATIONS = "notifications"; + LOG_LEVEL_WARNINGS = "warnings"; + LOG_LEVEL_DISABLE = "disable"; + LOG_LEVEL_INACTIVE = "inactive"; + + TIMEOUT = "timeout"; +} + +LINE_COMMENT : "#" (~('\r' | '\n'))* NEWLINE ; + +Whitespace : ( '\003'..'\010' | '\t' | '\013' | '\f' | '\016'.. '\037' | '\177'..'\377' | ' ' ) + { _ttype = ANTLR_USE_NAMESPACE(antlr)Token::SKIP; } ; + + +//COMMENT_START : '!' ; + +NEWLINE : ( "\r\n" | '\r' | '\n' ) { newline(); } ; + +protected +INT_CONST:; + +protected +HEX_CONST:; + +protected +NUMBER:; + +protected +NEG_INT_CONST:; + +protected +DIGIT : '0'..'9' ; + +protected +HEXDIGIT : 'a'..'f' ; + + + + +NUMBER_ADDRESS_OR_WORD : + ( + ( DIGIT ) => + ( + ( (DIGIT)+ DOT (DIGIT)+ DOT (DIGIT)+ ) => + ( (DIGIT)+ DOT (DIGIT)+ DOT (DIGIT)+ DOT (DIGIT)+ ) + { _ttype = IPV4; } + | + ( (DIGIT)+ DOT (DIGIT)+ )=> ( (DIGIT)+ DOT (DIGIT)+ ) + { _ttype = NUMBER; } + | + ( DIGIT )+ { _ttype = INT_CONST; } + ) + | + ( ( 'a'..'f' | '0'..'9' )+ COLON ) => + ( + ( ( 'a'..'f' | '0'..'9' )+ + ( COLON ( 'a'..'f' | '0'..'9' )* )+ ) + { _ttype = IPV6; } + ) + | +// making sure ',' '(' ')' are not part of WORD + ( 'a'..'z' | 'A'..'Z' | '$' ) + ( '!'..'\'' | '*' | '+' | '-' | '.' | '/' | '0'..'9' | ':' | + ';' | '<' | '=' | '>' | + '?' | '@' | 'A'..'Z' | '\\' | '^' | '_' | '`' | 'a'..'z' )* + { _ttype = WORD; } + ) + ; + +STRING : '"' (~'"')* '"'; + +PIPE_CHAR : '|'; +NUMBER_SIGN : '#' ; +// DOLLAR : '$' ; +PERCENT : '%' ; +AMPERSAND : '&' ; +APOSTROPHE : '\'' ; +OPENING_PAREN : '(' ; +CLOSING_PAREN : ')' ; +STAR : '*' ; +PLUS : '+' ; +COMMA : ',' ; +MINUS : '-' ; +DOT : '.' ; +SLASH : '/' ; + +COLON : ':' ; +SEMICOLON : ';' ; +LESS_THAN : '<' ; +EQUALS : '=' ; +GREATER_THAN : '>' ; +QUESTION : '?' ; +COMMERCIAL_AT : '@' ; + +OPENING_SQUARE : '[' ; +CLOSING_SQUARE : ']' ; +CARET : '^' ; +UNDERLINE : '_' ; + +OPENING_BRACE : '{' ; +CLOSING_BRACE : '}' ; +TILDE : '~' ; + +EXLAMATION : '!'; From 9be69950ebbeea479e645ef9460fd2829f2e3b51 Mon Sep 17 00:00:00 2001 From: Vadim Kurland Date: Sat, 21 May 2011 20:12:39 -0700 Subject: [PATCH 02/10] preprocessor for the pf.conf file: unfolging long lines and macro substitutions --- src/import/PFImporterRun.cpp | 48 ++++++++++++++++++++---------------- 1 file changed, 27 insertions(+), 21 deletions(-) diff --git a/src/import/PFImporterRun.cpp b/src/import/PFImporterRun.cpp index 8386512d2..217a4c03e 100644 --- a/src/import/PFImporterRun.cpp +++ b/src/import/PFImporterRun.cpp @@ -65,44 +65,50 @@ void PFImporter::run() */ QMap named_addresses; - QStringList whole_input; + QStringList whole_input_tmp; input.seekg (0, ios::beg); char buf[8192]; while (!input.eof()) { input.getline(buf, sizeof(buf)-1); - whole_input.append(QString(buf)); + whole_input_tmp.append(QString(buf)); } - foreach(QString str, whole_input) + QString whole_input = whole_input_tmp.join("\n"); + QRegExp line_continuation("\\\\\\s*\n"); + whole_input.replace(line_continuation, ""); + + QRegExp macro_definition("^\\s*(\\S+)\\s*=\\s*\"(.*)\"$"); + QMap macros; + + foreach(QString str, whole_input.split("\n")) { - if (str.startsWith("name ")) + if (macro_definition.indexIn(str) != -1) { - QStringList items = str.split(" "); - named_addresses[items[2]] = items[1]; + macros[macro_definition.cap(1)] = macro_definition.cap(2); } } - QStringList normalized_input_buffer; + if (fwbdebug) + qDebug() << "Macros defined in this file: " << macros; - foreach(QString str, whole_input) + QMapIterator it(macros); + while (it.hasNext()) { - if ( ! str.startsWith("name ")) - { - QMap::iterator it; - for (it=named_addresses.begin(); it!=named_addresses.end(); ++it) - { - QString re("\\b%1\\b"); - str.replace(QRegExp(re.arg(it.key())), it.value()); - } - } - - normalized_input_buffer.append(str); + it.next(); + QString macro_name = it.key(); + QString macro_value = it.value(); + whole_input.replace( "$" + macro_name, macro_value); } - istringstream normalized_input( - normalized_input_buffer.join("\n").toStdString()); + if (fwbdebug) + { + qDebug() << "pf.conf file after line unfolding and macro substitution:"; + qDebug() << whole_input; + } + + istringstream normalized_input(whole_input.toStdString()); PFCfgLexer lexer(normalized_input); PFCfgParser parser(lexer); From 12abcf9533972c7bae52ec35d4378c8346f3598c Mon Sep 17 00:00:00 2001 From: Vadim Kurland Date: Sun, 22 May 2011 23:17:05 -0700 Subject: [PATCH 03/10] minimal grammar to match "from" and "to", both addresses and ports --- src/import/PFImporter.cpp | 34 +- src/import/PFImporter.h | 24 + src/import/PFImporterRun.cpp | 39 +- src/parsers/PFCfgLexer.cpp | 782 +++++----- src/parsers/PFCfgLexer.hpp | 17 +- src/parsers/PFCfgParser.cpp | 2031 ++++++++++++++++++++++--- src/parsers/PFCfgParser.hpp | 83 +- src/parsers/PFCfgParserTokenTypes.hpp | 199 ++- src/parsers/PFCfgParserTokenTypes.txt | 199 ++- src/parsers/pf.g | 555 ++++++- 10 files changed, 3178 insertions(+), 785 deletions(-) diff --git a/src/import/PFImporter.cpp b/src/import/PFImporter.cpp index 57d6e3236..87ed0424f 100644 --- a/src/import/PFImporter.cpp +++ b/src/import/PFImporter.cpp @@ -83,6 +83,27 @@ PFImporter::~PFImporter() void PFImporter::clear() { rule_type = NATRule::Unknown; + quick = false; + + direction = ""; + iface = ""; + address_family = ""; + + proto_list.clear(); + src_group.clear(); + dst_group.clear(); + + src_neg = false; + dst_neg = false; + tmp_neg = false; + + tmp_port_def = ""; + src_port_group.clear(); + dst_port_group.clear(); + tmp_port_group.clear(); + + queue = ""; + state_op = ""; Importer::clear(); } @@ -211,7 +232,11 @@ void PFImporter::pushRule() void PFImporter::pushPolicyRule() { - assert(current_ruleset!=NULL); + if (current_ruleset == NULL) + { + newUnidirRuleSet("filter", libfwbuilder::Policy::TYPENAME ); + } + assert(current_rule!=NULL); // populate all elements of the rule @@ -238,6 +263,13 @@ void PFImporter::pushPolicyRule() rule->setDirection(PolicyRule::Both); + /* + * Protocols are in proto_list + * Source addresses are in src_group + * Destination addresses are in dst_group + */ + + addSrc(); addDst(); addSrv(); diff --git a/src/import/PFImporter.h b/src/import/PFImporter.h index b83f0a10c..c183106f5 100644 --- a/src/import/PFImporter.h +++ b/src/import/PFImporter.h @@ -46,6 +46,30 @@ class PFImporter : public Importer public: + std::string direction; + std::string iface; + std::string address_family; + bool quick; + bool src_neg; + bool dst_neg; + bool tmp_neg; + + std::list proto_list; + std::list > src_group; + std::list > dst_group; + std::list > tmp_group; + + // each item in the list is a vector of 2 or 3 strings + // Unary operations are represented by 2 strings, binary operations + // use 3 strings + std::string tmp_port_def; + std::list< std::vector > src_port_group; + std::list< std::vector > dst_port_group; + std::list< std::vector > tmp_port_group; + + std::string queue; + std::string state_op; + libfwbuilder::NATRule::NATRuleTypes rule_type; PFImporter(libfwbuilder::FWObject *lib, diff --git a/src/import/PFImporterRun.cpp b/src/import/PFImporterRun.cpp index 217a4c03e..98fe1e801 100644 --- a/src/import/PFImporterRun.cpp +++ b/src/import/PFImporterRun.cpp @@ -79,27 +79,48 @@ void PFImporter::run() QRegExp line_continuation("\\\\\\s*\n"); whole_input.replace(line_continuation, ""); - QRegExp macro_definition("^\\s*(\\S+)\\s*=\\s*\"(.*)\"$"); + QRegExp macro_definition_1("^\\s*(\\S+)\\s*=\\s*\"(.*)\"$"); + QRegExp macro_definition_2("^\\s*(\\S+)\\s*=\\s*([^\"]*)$"); // no quotes QMap macros; foreach(QString str, whole_input.split("\n")) { - if (macro_definition.indexIn(str) != -1) + if (macro_definition_1.indexIn(str) != -1) { - macros[macro_definition.cap(1)] = macro_definition.cap(2); + macros[macro_definition_1.cap(1)] = macro_definition_1.cap(2); + } + if (macro_definition_2.indexIn(str) != -1) + { + macros[macro_definition_2.cap(1)] = macro_definition_2.cap(2); } } if (fwbdebug) qDebug() << "Macros defined in this file: " << macros; - QMapIterator it(macros); - while (it.hasNext()) + // make several passes: sometimes macros can use other macros + int pass = 0; + while (1) { - it.next(); - QString macro_name = it.key(); - QString macro_value = it.value(); - whole_input.replace( "$" + macro_name, macro_value); + bool has_macros = false; + QMapIterator it(macros); + while (it.hasNext()) + { + it.next(); + QString macro_name = it.key(); + QString macro_value = it.value(); + if (whole_input.contains("$" + macro_name)) + { + has_macros = true; + whole_input.replace( "$" + macro_name, macro_value); + if (fwbdebug) + qDebug() << "Pass " << pass + << "Macro substitution: " + << macro_name << ":" << macro_value; + } + } + if (! has_macros) break; + pass++; } if (fwbdebug) diff --git a/src/parsers/PFCfgLexer.cpp b/src/parsers/PFCfgLexer.cpp index c7eb522a3..207084057 100644 --- a/src/parsers/PFCfgLexer.cpp +++ b/src/parsers/PFCfgLexer.cpp @@ -44,47 +44,79 @@ PFCfgLexer::PFCfgLexer(const ANTLR_USE_NAMESPACE(antlr)LexerSharedInputState& st void PFCfgLexer::initLiterals() { - literals["host"] = 37; - literals["log"] = 40; - literals["ipinip"] = 28; - literals["icmp6"] = 19; - literals["pcp"] = 32; - literals["interface"] = 16; - literals["disable"] = 49; - literals["gre"] = 25; - literals["exit"] = 13; - literals["nos"] = 30; - literals["udp"] = 21; - literals["tcp"] = 20; - literals["pptp"] = 34; - literals["ospf"] = 31; - literals["ip"] = 17; - literals["no"] = 15; - literals["inactive"] = 50; - literals["esp"] = 24; - literals["igrp"] = 27; - literals["pass"] = 9; - literals["pim"] = 33; - literals["icmp"] = 18; - literals["emergencies"] = 44; - literals["igmp"] = 26; - literals["timeout"] = 7; - literals["range"] = 39; - literals["debugging"] = 43; - literals["drop"] = 10; - literals["eigrp"] = 23; - literals["errors"] = 45; - literals["ah"] = 22; - literals["snp"] = 36; - literals["ipsec"] = 29; - literals["warnings"] = 48; - literals["quit"] = 14; - literals["alerts"] = 41; - literals["any"] = 38; - literals["rip"] = 35; - literals["notifications"] = 47; - literals["critical"] = 42; - literals["informational"] = 46; + literals["vrrp"] = 43; + literals["critical"] = 87; + literals["ospf"] = 41; + literals["rdp"] = 35; + literals["disable"] = 94; + literals["scrub"] = 11; + literals["ipsec"] = 77; + literals["inet"] = 27; + literals["pcp"] = 79; + literals["emergencies"] = 89; + literals["debugging"] = 88; + literals["snp"] = 83; + literals["timeout"] = 15; + literals["to"] = 24; + literals["isis"] = 45; + literals["pptp"] = 81; + literals["pass"] = 16; + literals["no"] = 56; + literals["from"] = 49; + literals["igrp"] = 76; + literals["pim"] = 80; + literals["rsvp"] = 36; + literals["nos"] = 78; + literals["quit"] = 73; + literals["->"] = 96; + literals["exit"] = 72; + literals["modulate"] = 58; + literals["nat"] = 12; + literals["range"] = 85; + literals["out"] = 19; + literals["queue"] = 9; + literals["gre"] = 37; + literals["set"] = 10; + literals["warnings"] = 93; + literals["ah"] = 39; + literals["host"] = 84; + literals["interface"] = 74; + literals["rip"] = 82; + literals["icmp6"] = 75; + literals["notifications"] = 92; + literals["synproxy"] = 59; + literals["!="] = 64; + literals["altq"] = 8; + literals["any"] = 50; + literals["esp"] = 38; + literals["alerts"] = 86; + literals["inet6"] = 28; + literals["inactive"] = 95; + literals["udp"] = 34; + literals["<>"] = 69; + literals["port"] = 63; + literals["ip"] = 30; + literals[">="] = 68; + literals["eigrp"] = 40; + literals["<="] = 66; + literals["errors"] = 90; + literals["ipip"] = 42; + literals["binat"] = 13; + literals["igmp"] = 32; + literals["><"] = 70; + literals["on"] = 26; + literals["state"] = 60; + literals["proto"] = 29; + literals["log"] = 20; + literals["rdr"] = 14; + literals["informational"] = 91; + literals["in"] = 18; + literals["keep"] = 57; + literals["block"] = 17; + literals["l2tp"] = 44; + literals["quick"] = 25; + literals["icmp"] = 31; + literals["tcp"] = 33; } ANTLR_USE_NAMESPACE(antlr)RefToken PFCfgLexer::nextToken() @@ -103,7 +135,6 @@ ANTLR_USE_NAMESPACE(antlr)RefToken PFCfgLexer::nextToken() theRetToken=_returnToken; break; } - case 0x24 /* '$' */ : case 0x30 /* '0' */ : case 0x31 /* '1' */ : case 0x32 /* '2' */ : @@ -177,6 +208,12 @@ ANTLR_USE_NAMESPACE(antlr)RefToken PFCfgLexer::nextToken() theRetToken=_returnToken; break; } + case 0x3a /* ':' */ : + { + mCOLON(true); + theRetToken=_returnToken; + break; + } case 0x22 /* '\"' */ : { mSTRING(true); @@ -189,12 +226,6 @@ ANTLR_USE_NAMESPACE(antlr)RefToken PFCfgLexer::nextToken() theRetToken=_returnToken; break; } - case 0x23 /* '#' */ : - { - mNUMBER_SIGN(true); - theRetToken=_returnToken; - break; - } case 0x25 /* '%' */ : { mPERCENT(true); @@ -213,18 +244,6 @@ ANTLR_USE_NAMESPACE(antlr)RefToken PFCfgLexer::nextToken() theRetToken=_returnToken; break; } - case 0x28 /* '(' */ : - { - mOPENING_PAREN(true); - theRetToken=_returnToken; - break; - } - case 0x29 /* ')' */ : - { - mCLOSING_PAREN(true); - theRetToken=_returnToken; - break; - } case 0x2a /* '*' */ : { mSTAR(true); @@ -261,21 +280,9 @@ ANTLR_USE_NAMESPACE(antlr)RefToken PFCfgLexer::nextToken() theRetToken=_returnToken; break; } - case 0x3c /* '<' */ : - { - mLESS_THAN(true); - theRetToken=_returnToken; - break; - } case 0x3d /* '=' */ : { - mEQUALS(true); - theRetToken=_returnToken; - break; - } - case 0x3e /* '>' */ : - { - mGREATER_THAN(true); + mEQUAL(true); theRetToken=_returnToken; break; } @@ -291,6 +298,18 @@ ANTLR_USE_NAMESPACE(antlr)RefToken PFCfgLexer::nextToken() theRetToken=_returnToken; break; } + case 0x28 /* '(' */ : + { + mOPENING_PAREN(true); + theRetToken=_returnToken; + break; + } + case 0x29 /* ')' */ : + { + mCLOSING_PAREN(true); + theRetToken=_returnToken; + break; + } case 0x5b /* '[' */ : { mOPENING_SQUARE(true); @@ -303,18 +322,6 @@ ANTLR_USE_NAMESPACE(antlr)RefToken PFCfgLexer::nextToken() theRetToken=_returnToken; break; } - case 0x5e /* '^' */ : - { - mCARET(true); - theRetToken=_returnToken; - break; - } - case 0x5f /* '_' */ : - { - mUNDERLINE(true); - theRetToken=_returnToken; - break; - } case 0x7b /* '{' */ : { mOPENING_BRACE(true); @@ -327,31 +334,53 @@ ANTLR_USE_NAMESPACE(antlr)RefToken PFCfgLexer::nextToken() theRetToken=_returnToken; break; } + case 0x5e /* '^' */ : + { + mCARET(true); + theRetToken=_returnToken; + break; + } + case 0x5f /* '_' */ : + { + mUNDERLINE(true); + theRetToken=_returnToken; + break; + } case 0x7e /* '~' */ : { mTILDE(true); theRetToken=_returnToken; break; } + case 0x21 /* '!' */ : + { + mEXLAMATION(true); + theRetToken=_returnToken; + break; + } + case 0x3c /* '<' */ : + { + mLESS_THAN(true); + theRetToken=_returnToken; + break; + } + case 0x3e /* '>' */ : + { + mGREATER_THAN(true); + theRetToken=_returnToken; + break; + } default: - if ((LA(1) == 0x21 /* '!' */ ) && ((LA(2) >= 0x3 /* '\3' */ && LA(2) <= 0xff))) { + if ((LA(1) == 0x23 /* '#' */ ) && ((LA(2) >= 0x3 /* '\3' */ && LA(2) <= 0xff))) { mLINE_COMMENT(true); theRetToken=_returnToken; } - else if ((LA(1) == 0x3a /* ':' */ ) && ((LA(2) >= 0x3 /* '\3' */ && LA(2) <= 0xff))) { - mCOLON_COMMENT(true); - theRetToken=_returnToken; - } - else if ((LA(1) == 0x3a /* ':' */ ) && (true)) { - mCOLON(true); - theRetToken=_returnToken; - } else if ((_tokenSet_0.member(LA(1)))) { mWhitespace(true); theRetToken=_returnToken; } - else if ((LA(1) == 0x21 /* '!' */ ) && (true)) { - mEXLAMATION(true); + else if ((LA(1) == 0x23 /* '#' */ ) && (true)) { + mNUMBER_SIGN(true); theRetToken=_returnToken; } else { @@ -385,11 +414,12 @@ tryAgain:; } void PFCfgLexer::mLINE_COMMENT(bool _createToken) { + Tracer traceInOut(this, "mLINE_COMMENT"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = LINE_COMMENT; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; - match("!"); + match("#"); { // ( ... )* for (;;) { if ((_tokenSet_1.member(LA(1)))) { @@ -398,11 +428,11 @@ void PFCfgLexer::mLINE_COMMENT(bool _createToken) { } } else { - goto _loop16; + goto _loop94; } } - _loop16:; + _loop94:; } // ( ... )* mNEWLINE(false); if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { @@ -414,6 +444,7 @@ void PFCfgLexer::mLINE_COMMENT(bool _createToken) { } void PFCfgLexer::mNEWLINE(bool _createToken) { + Tracer traceInOut(this, "mNEWLINE"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = NEWLINE; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; @@ -434,9 +465,9 @@ void PFCfgLexer::mNEWLINE(bool _createToken) { } if ( inputState->guessing==0 ) { -#line 278 "pf.g" +#line 750 "pf.g" newline(); -#line 440 "PFCfgLexer.cpp" +#line 471 "PFCfgLexer.cpp" } if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { _token = makeToken(_ttype); @@ -446,50 +477,8 @@ void PFCfgLexer::mNEWLINE(bool _createToken) { _saveIndex=0; } -void PFCfgLexer::mCOLON_COMMENT(bool _createToken) { - int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); - _ttype = COLON_COMMENT; - ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; - - mCOLON(false); - { // ( ... )* - for (;;) { - if ((_tokenSet_1.member(LA(1)))) { - { - match(_tokenSet_1); - } - } - else { - goto _loop20; - } - - } - _loop20:; - } // ( ... )* - mNEWLINE(false); - if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { - _token = makeToken(_ttype); - _token->setText(text.substr(_begin, text.length()-_begin)); - } - _returnToken = _token; - _saveIndex=0; -} - -void PFCfgLexer::mCOLON(bool _createToken) { - int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); - _ttype = COLON; - ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; - - match(':' /* charlit */ ); - if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { - _token = makeToken(_ttype); - _token->setText(text.substr(_begin, text.length()-_begin)); - } - _returnToken = _token; - _saveIndex=0; -} - void PFCfgLexer::mWhitespace(bool _createToken) { + Tracer traceInOut(this, "mWhitespace"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = Whitespace; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; @@ -558,9 +547,9 @@ void PFCfgLexer::mWhitespace(bool _createToken) { } } if ( inputState->guessing==0 ) { -#line 273 "pf.g" +#line 745 "pf.g" _ttype = ANTLR_USE_NAMESPACE(antlr)Token::SKIP; -#line 564 "PFCfgLexer.cpp" +#line 553 "PFCfgLexer.cpp" } if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { _token = makeToken(_ttype); @@ -571,6 +560,7 @@ void PFCfgLexer::mWhitespace(bool _createToken) { } void PFCfgLexer::mINT_CONST(bool _createToken) { + Tracer traceInOut(this, "mINT_CONST"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = INT_CONST; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; @@ -584,6 +574,7 @@ void PFCfgLexer::mINT_CONST(bool _createToken) { } void PFCfgLexer::mHEX_CONST(bool _createToken) { + Tracer traceInOut(this, "mHEX_CONST"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = HEX_CONST; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; @@ -597,6 +588,7 @@ void PFCfgLexer::mHEX_CONST(bool _createToken) { } void PFCfgLexer::mNUMBER(bool _createToken) { + Tracer traceInOut(this, "mNUMBER"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = NUMBER; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; @@ -610,6 +602,7 @@ void PFCfgLexer::mNUMBER(bool _createToken) { } void PFCfgLexer::mNEG_INT_CONST(bool _createToken) { + Tracer traceInOut(this, "mNEG_INT_CONST"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = NEG_INT_CONST; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; @@ -623,6 +616,7 @@ void PFCfgLexer::mNEG_INT_CONST(bool _createToken) { } void PFCfgLexer::mDIGIT(bool _createToken) { + Tracer traceInOut(this, "mDIGIT"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = DIGIT; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; @@ -637,6 +631,7 @@ void PFCfgLexer::mDIGIT(bool _createToken) { } void PFCfgLexer::mHEXDIGIT(bool _createToken) { + Tracer traceInOut(this, "mHEXDIGIT"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = HEXDIGIT; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; @@ -651,20 +646,21 @@ void PFCfgLexer::mHEXDIGIT(bool _createToken) { } void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { + Tracer traceInOut(this, "mNUMBER_ADDRESS_OR_WORD"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = NUMBER_ADDRESS_OR_WORD; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; { - bool synPredMatched69 = false; + bool synPredMatched143 = false; if (((_tokenSet_2.member(LA(1))) && (_tokenSet_3.member(LA(2))) && (true))) { - int _m69 = mark(); - synPredMatched69 = true; + int _m143 = mark(); + synPredMatched143 = true; inputState->guessing++; try { { { // ( ... )+ - int _cnt68=0; + int _cnt142=0; for (;;) { switch ( LA(1)) { case 0x61 /* 'a' */ : @@ -693,27 +689,27 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { } default: { - if ( _cnt68>=1 ) { goto _loop68; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt142>=1 ) { goto _loop142; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } } - _cnt68++; + _cnt142++; } - _loop68:; + _loop142:; } // ( ... )+ mCOLON(false); } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { - synPredMatched69 = false; + synPredMatched143 = false; } - rewind(_m69); + rewind(_m143); inputState->guessing--; } - if ( synPredMatched69 ) { + if ( synPredMatched143 ) { { { { // ( ... )+ - int _cnt73=0; + int _cnt147=0; for (;;) { switch ( LA(1)) { case 0x61 /* 'a' */ : @@ -742,15 +738,15 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { } default: { - if ( _cnt73>=1 ) { goto _loop73; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt147>=1 ) { goto _loop147; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } } - _cnt73++; + _cnt147++; } - _loop73:; + _loop147:; } // ( ... )+ { // ( ... )+ - int _cnt77=0; + int _cnt151=0; for (;;) { if ((LA(1) == 0x3a /* ':' */ )) { mCOLON(false); @@ -783,34 +779,34 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { } default: { - goto _loop76; + goto _loop150; } } } - _loop76:; + _loop150:; } // ( ... )* } else { - if ( _cnt77>=1 ) { goto _loop77; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt151>=1 ) { goto _loop151; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt77++; + _cnt151++; } - _loop77:; + _loop151:; } // ( ... )+ } if ( inputState->guessing==0 ) { -#line 319 "pf.g" +#line 793 "pf.g" _ttype = IPV6; -#line 806 "PFCfgLexer.cpp" +#line 802 "PFCfgLexer.cpp" } } } else { - bool synPredMatched34 = false; + bool synPredMatched108 = false; if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (true) && (true))) { - int _m34 = mark(); - synPredMatched34 = true; + int _m108 = mark(); + synPredMatched108 = true; inputState->guessing++; try { { @@ -818,242 +814,242 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { - synPredMatched34 = false; + synPredMatched108 = false; } - rewind(_m34); + rewind(_m108); inputState->guessing--; } - if ( synPredMatched34 ) { + if ( synPredMatched108 ) { { - bool synPredMatched43 = false; + bool synPredMatched117 = false; if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (_tokenSet_4.member(LA(2))) && (_tokenSet_4.member(LA(3))))) { - int _m43 = mark(); - synPredMatched43 = true; + int _m117 = mark(); + synPredMatched117 = true; inputState->guessing++; try { { { // ( ... )+ - int _cnt38=0; + int _cnt112=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt38>=1 ) { goto _loop38; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt112>=1 ) { goto _loop112; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt38++; + _cnt112++; } - _loop38:; + _loop112:; } // ( ... )+ mDOT(false); { // ( ... )+ - int _cnt40=0; + int _cnt114=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt40>=1 ) { goto _loop40; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt114>=1 ) { goto _loop114; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt40++; + _cnt114++; } - _loop40:; + _loop114:; } // ( ... )+ mDOT(false); { // ( ... )+ - int _cnt42=0; + int _cnt116=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt42>=1 ) { goto _loop42; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt116>=1 ) { goto _loop116; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt42++; + _cnt116++; } - _loop42:; + _loop116:; } // ( ... )+ } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { - synPredMatched43 = false; + synPredMatched117 = false; } - rewind(_m43); + rewind(_m117); inputState->guessing--; } - if ( synPredMatched43 ) { + if ( synPredMatched117 ) { { { // ( ... )+ - int _cnt46=0; + int _cnt120=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt46>=1 ) { goto _loop46; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt120>=1 ) { goto _loop120; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt46++; + _cnt120++; } - _loop46:; + _loop120:; } // ( ... )+ mDOT(false); { // ( ... )+ - int _cnt48=0; + int _cnt122=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt48>=1 ) { goto _loop48; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt122>=1 ) { goto _loop122; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt48++; + _cnt122++; } - _loop48:; + _loop122:; } // ( ... )+ mDOT(false); { // ( ... )+ - int _cnt50=0; + int _cnt124=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt50>=1 ) { goto _loop50; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt124>=1 ) { goto _loop124; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt50++; + _cnt124++; } - _loop50:; + _loop124:; } // ( ... )+ mDOT(false); { // ( ... )+ - int _cnt52=0; + int _cnt126=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt52>=1 ) { goto _loop52; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt126>=1 ) { goto _loop126; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt52++; + _cnt126++; } - _loop52:; + _loop126:; } // ( ... )+ } if ( inputState->guessing==0 ) { -#line 307 "pf.g" +#line 779 "pf.g" _ttype = IPV4; -#line 953 "PFCfgLexer.cpp" +#line 949 "PFCfgLexer.cpp" } } else { - bool synPredMatched58 = false; + bool synPredMatched132 = false; if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (_tokenSet_4.member(LA(2))) && (_tokenSet_4.member(LA(3))))) { - int _m58 = mark(); - synPredMatched58 = true; + int _m132 = mark(); + synPredMatched132 = true; inputState->guessing++; try { { { // ( ... )+ - int _cnt55=0; + int _cnt129=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt55>=1 ) { goto _loop55; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt129>=1 ) { goto _loop129; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt55++; + _cnt129++; } - _loop55:; + _loop129:; } // ( ... )+ mDOT(false); { // ( ... )+ - int _cnt57=0; + int _cnt131=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt57>=1 ) { goto _loop57; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt131>=1 ) { goto _loop131; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt57++; + _cnt131++; } - _loop57:; + _loop131:; } // ( ... )+ } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { - synPredMatched58 = false; + synPredMatched132 = false; } - rewind(_m58); + rewind(_m132); inputState->guessing--; } - if ( synPredMatched58 ) { + if ( synPredMatched132 ) { { { // ( ... )+ - int _cnt61=0; + int _cnt135=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt61>=1 ) { goto _loop61; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt135>=1 ) { goto _loop135; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt61++; + _cnt135++; } - _loop61:; + _loop135:; } // ( ... )+ mDOT(false); { // ( ... )+ - int _cnt63=0; + int _cnt137=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt63>=1 ) { goto _loop63; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt137>=1 ) { goto _loop137; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt63++; + _cnt137++; } - _loop63:; + _loop137:; } // ( ... )+ } if ( inputState->guessing==0 ) { -#line 310 "pf.g" +#line 782 "pf.g" _ttype = NUMBER; -#line 1036 "PFCfgLexer.cpp" +#line 1032 "PFCfgLexer.cpp" } } else if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (true) && (true)) { { // ( ... )+ - int _cnt65=0; + int _cnt139=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt65>=1 ) { goto _loop65; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt139>=1 ) { goto _loop139; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt65++; + _cnt139++; } - _loop65:; + _loop139:; } // ( ... )+ if ( inputState->guessing==0 ) { -#line 312 "pf.g" +#line 784 "pf.g" _ttype = INT_CONST; -#line 1057 "PFCfgLexer.cpp" +#line 1053 "PFCfgLexer.cpp" } } else { @@ -1125,11 +1121,6 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { matchRange('A','Z'); break; } - case 0x24 /* '$' */ : - { - match('$' /* charlit */ ); - break; - } default: { throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn()); @@ -1139,40 +1130,19 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { { // ( ... )* for (;;) { switch ( LA(1)) { - case 0x21 /* '!' */ : - case 0x22 /* '\"' */ : - case 0x23 /* '#' */ : case 0x24 /* '$' */ : + { + match('$' /* charlit */ ); + break; + } case 0x25 /* '%' */ : + { + match('%' /* charlit */ ); + break; + } case 0x26 /* '&' */ : - case 0x27 /* '\'' */ : { - matchRange('!','\''); - break; - } - case 0x2a /* '*' */ : - { - match('*' /* charlit */ ); - break; - } - case 0x2b /* '+' */ : - { - match('+' /* charlit */ ); - break; - } - case 0x2d /* '-' */ : - { - match('-' /* charlit */ ); - break; - } - case 0x2e /* '.' */ : - { - match('.' /* charlit */ ); - break; - } - case 0x2f /* '/' */ : - { - match('/' /* charlit */ ); + match('&' /* charlit */ ); break; } case 0x30 /* '0' */ : @@ -1189,31 +1159,11 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { matchRange('0','9'); break; } - case 0x3a /* ':' */ : - { - match(':' /* charlit */ ); - break; - } case 0x3b /* ';' */ : { match(';' /* charlit */ ); break; } - case 0x3c /* '<' */ : - { - match('<' /* charlit */ ); - break; - } - case 0x3d /* '=' */ : - { - match('=' /* charlit */ ); - break; - } - case 0x3e /* '>' */ : - { - match('>' /* charlit */ ); - break; - } case 0x3f /* '?' */ : { match('?' /* charlit */ ); @@ -1306,16 +1256,16 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { } default: { - goto _loop80; + goto _loop154; } } } - _loop80:; + _loop154:; } // ( ... )* if ( inputState->guessing==0 ) { -#line 327 "pf.g" +#line 801 "pf.g" _ttype = WORD; -#line 1319 "PFCfgLexer.cpp" +#line 1269 "PFCfgLexer.cpp" } } else { @@ -1332,6 +1282,7 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { } void PFCfgLexer::mDOT(bool _createToken) { + Tracer traceInOut(this, "mDOT"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = DOT; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; @@ -1345,7 +1296,23 @@ void PFCfgLexer::mDOT(bool _createToken) { _saveIndex=0; } +void PFCfgLexer::mCOLON(bool _createToken) { + Tracer traceInOut(this, "mCOLON"); + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); + _ttype = COLON; + ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; + + match(':' /* charlit */ ); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + void PFCfgLexer::mSTRING(bool _createToken) { + Tracer traceInOut(this, "mSTRING"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = STRING; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; @@ -1357,11 +1324,11 @@ void PFCfgLexer::mSTRING(bool _createToken) { matchNot('\"' /* charlit */ ); } else { - goto _loop83; + goto _loop157; } } - _loop83:; + _loop157:; } // ( ... )* match('\"' /* charlit */ ); if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { @@ -1373,6 +1340,7 @@ void PFCfgLexer::mSTRING(bool _createToken) { } void PFCfgLexer::mPIPE_CHAR(bool _createToken) { + Tracer traceInOut(this, "mPIPE_CHAR"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = PIPE_CHAR; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; @@ -1387,6 +1355,7 @@ void PFCfgLexer::mPIPE_CHAR(bool _createToken) { } void PFCfgLexer::mNUMBER_SIGN(bool _createToken) { + Tracer traceInOut(this, "mNUMBER_SIGN"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = NUMBER_SIGN; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; @@ -1401,6 +1370,7 @@ void PFCfgLexer::mNUMBER_SIGN(bool _createToken) { } void PFCfgLexer::mPERCENT(bool _createToken) { + Tracer traceInOut(this, "mPERCENT"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = PERCENT; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; @@ -1415,6 +1385,7 @@ void PFCfgLexer::mPERCENT(bool _createToken) { } void PFCfgLexer::mAMPERSAND(bool _createToken) { + Tracer traceInOut(this, "mAMPERSAND"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = AMPERSAND; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; @@ -1429,6 +1400,7 @@ void PFCfgLexer::mAMPERSAND(bool _createToken) { } void PFCfgLexer::mAPOSTROPHE(bool _createToken) { + Tracer traceInOut(this, "mAPOSTROPHE"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = APOSTROPHE; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; @@ -1442,35 +1414,8 @@ void PFCfgLexer::mAPOSTROPHE(bool _createToken) { _saveIndex=0; } -void PFCfgLexer::mOPENING_PAREN(bool _createToken) { - int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); - _ttype = OPENING_PAREN; - ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; - - match('(' /* charlit */ ); - if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { - _token = makeToken(_ttype); - _token->setText(text.substr(_begin, text.length()-_begin)); - } - _returnToken = _token; - _saveIndex=0; -} - -void PFCfgLexer::mCLOSING_PAREN(bool _createToken) { - int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); - _ttype = CLOSING_PAREN; - ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; - - match(')' /* charlit */ ); - if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { - _token = makeToken(_ttype); - _token->setText(text.substr(_begin, text.length()-_begin)); - } - _returnToken = _token; - _saveIndex=0; -} - void PFCfgLexer::mSTAR(bool _createToken) { + Tracer traceInOut(this, "mSTAR"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = STAR; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; @@ -1485,6 +1430,7 @@ void PFCfgLexer::mSTAR(bool _createToken) { } void PFCfgLexer::mPLUS(bool _createToken) { + Tracer traceInOut(this, "mPLUS"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = PLUS; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; @@ -1499,6 +1445,7 @@ void PFCfgLexer::mPLUS(bool _createToken) { } void PFCfgLexer::mCOMMA(bool _createToken) { + Tracer traceInOut(this, "mCOMMA"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = COMMA; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; @@ -1513,6 +1460,7 @@ void PFCfgLexer::mCOMMA(bool _createToken) { } void PFCfgLexer::mMINUS(bool _createToken) { + Tracer traceInOut(this, "mMINUS"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = MINUS; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; @@ -1527,6 +1475,7 @@ void PFCfgLexer::mMINUS(bool _createToken) { } void PFCfgLexer::mSLASH(bool _createToken) { + Tracer traceInOut(this, "mSLASH"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = SLASH; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; @@ -1541,6 +1490,7 @@ void PFCfgLexer::mSLASH(bool _createToken) { } void PFCfgLexer::mSEMICOLON(bool _createToken) { + Tracer traceInOut(this, "mSEMICOLON"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = SEMICOLON; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; @@ -1554,23 +1504,10 @@ void PFCfgLexer::mSEMICOLON(bool _createToken) { _saveIndex=0; } -void PFCfgLexer::mLESS_THAN(bool _createToken) { +void PFCfgLexer::mEQUAL(bool _createToken) { + Tracer traceInOut(this, "mEQUAL"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); - _ttype = LESS_THAN; - ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; - - match('<' /* charlit */ ); - if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { - _token = makeToken(_ttype); - _token->setText(text.substr(_begin, text.length()-_begin)); - } - _returnToken = _token; - _saveIndex=0; -} - -void PFCfgLexer::mEQUALS(bool _createToken) { - int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); - _ttype = EQUALS; + _ttype = EQUAL; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; match('=' /* charlit */ ); @@ -1582,21 +1519,8 @@ void PFCfgLexer::mEQUALS(bool _createToken) { _saveIndex=0; } -void PFCfgLexer::mGREATER_THAN(bool _createToken) { - int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); - _ttype = GREATER_THAN; - ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; - - match('>' /* charlit */ ); - if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { - _token = makeToken(_ttype); - _token->setText(text.substr(_begin, text.length()-_begin)); - } - _returnToken = _token; - _saveIndex=0; -} - void PFCfgLexer::mQUESTION(bool _createToken) { + Tracer traceInOut(this, "mQUESTION"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = QUESTION; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; @@ -1611,6 +1535,7 @@ void PFCfgLexer::mQUESTION(bool _createToken) { } void PFCfgLexer::mCOMMERCIAL_AT(bool _createToken) { + Tracer traceInOut(this, "mCOMMERCIAL_AT"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = COMMERCIAL_AT; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; @@ -1624,7 +1549,38 @@ void PFCfgLexer::mCOMMERCIAL_AT(bool _createToken) { _saveIndex=0; } +void PFCfgLexer::mOPENING_PAREN(bool _createToken) { + Tracer traceInOut(this, "mOPENING_PAREN"); + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); + _ttype = OPENING_PAREN; + ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; + + match('(' /* charlit */ ); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void PFCfgLexer::mCLOSING_PAREN(bool _createToken) { + Tracer traceInOut(this, "mCLOSING_PAREN"); + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); + _ttype = CLOSING_PAREN; + ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; + + match(')' /* charlit */ ); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + void PFCfgLexer::mOPENING_SQUARE(bool _createToken) { + Tracer traceInOut(this, "mOPENING_SQUARE"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = OPENING_SQUARE; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; @@ -1639,6 +1595,7 @@ void PFCfgLexer::mOPENING_SQUARE(bool _createToken) { } void PFCfgLexer::mCLOSING_SQUARE(bool _createToken) { + Tracer traceInOut(this, "mCLOSING_SQUARE"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = CLOSING_SQUARE; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; @@ -1652,35 +1609,8 @@ void PFCfgLexer::mCLOSING_SQUARE(bool _createToken) { _saveIndex=0; } -void PFCfgLexer::mCARET(bool _createToken) { - int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); - _ttype = CARET; - ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; - - match('^' /* charlit */ ); - if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { - _token = makeToken(_ttype); - _token->setText(text.substr(_begin, text.length()-_begin)); - } - _returnToken = _token; - _saveIndex=0; -} - -void PFCfgLexer::mUNDERLINE(bool _createToken) { - int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); - _ttype = UNDERLINE; - ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; - - match('_' /* charlit */ ); - if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { - _token = makeToken(_ttype); - _token->setText(text.substr(_begin, text.length()-_begin)); - } - _returnToken = _token; - _saveIndex=0; -} - void PFCfgLexer::mOPENING_BRACE(bool _createToken) { + Tracer traceInOut(this, "mOPENING_BRACE"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = OPENING_BRACE; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; @@ -1695,6 +1625,7 @@ void PFCfgLexer::mOPENING_BRACE(bool _createToken) { } void PFCfgLexer::mCLOSING_BRACE(bool _createToken) { + Tracer traceInOut(this, "mCLOSING_BRACE"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = CLOSING_BRACE; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; @@ -1708,7 +1639,38 @@ void PFCfgLexer::mCLOSING_BRACE(bool _createToken) { _saveIndex=0; } +void PFCfgLexer::mCARET(bool _createToken) { + Tracer traceInOut(this, "mCARET"); + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); + _ttype = CARET; + ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; + + match('^' /* charlit */ ); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void PFCfgLexer::mUNDERLINE(bool _createToken) { + Tracer traceInOut(this, "mUNDERLINE"); + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); + _ttype = UNDERLINE; + ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; + + match('_' /* charlit */ ); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + void PFCfgLexer::mTILDE(bool _createToken) { + Tracer traceInOut(this, "mTILDE"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = TILDE; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; @@ -1723,6 +1685,7 @@ void PFCfgLexer::mTILDE(bool _createToken) { } void PFCfgLexer::mEXLAMATION(bool _createToken) { + Tracer traceInOut(this, "mEXLAMATION"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = EXLAMATION; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; @@ -1736,6 +1699,36 @@ void PFCfgLexer::mEXLAMATION(bool _createToken) { _saveIndex=0; } +void PFCfgLexer::mLESS_THAN(bool _createToken) { + Tracer traceInOut(this, "mLESS_THAN"); + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); + _ttype = LESS_THAN; + ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; + + match('<' /* charlit */ ); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void PFCfgLexer::mGREATER_THAN(bool _createToken) { + Tracer traceInOut(this, "mGREATER_THAN"); + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); + _ttype = GREATER_THAN; + ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; + + match('>' /* charlit */ ); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + const unsigned long PFCfgLexer::_tokenSet_0_data_[] = { 4294958072UL, 1UL, 0UL, 2147483648UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // 0x3 0x4 0x5 0x6 0x7 0x8 0x9 0xb 0xc 0xe 0xf 0x10 0x11 0x12 0x13 0x14 @@ -1745,24 +1738,27 @@ const unsigned long PFCfgLexer::_tokenSet_1_data_[] = { 4294958072UL, 4294967295 // 0x3 0x4 0x5 0x6 0x7 0x8 0x9 0xb 0xc 0xe 0xf 0x10 0x11 0x12 0x13 0x14 // 0x15 0x16 0x17 0x18 0x19 0x1a 0x1b 0x1c 0x1d 0x1e 0x1f ! \" # $ % // & \' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ? @ A B C D E F G -// H I J K L M N O P Q R S T U V W +// H I J K L M N O P Q R S T U V W X Y Z [ 0x5c ] ^ _ ` a b c d e f g h +// i j k l m n o p q r s t u v w x y z const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgLexer::_tokenSet_1(_tokenSet_1_data_,16); const unsigned long PFCfgLexer::_tokenSet_2_data_[] = { 0UL, 67043328UL, 0UL, 126UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// 0 1 2 3 4 5 6 7 8 9 +// 0 1 2 3 4 5 6 7 8 9 a b c d e f const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgLexer::_tokenSet_2(_tokenSet_2_data_,10); const unsigned long PFCfgLexer::_tokenSet_3_data_[] = { 0UL, 134152192UL, 0UL, 126UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// 0 1 2 3 4 5 6 7 8 9 : +// 0 1 2 3 4 5 6 7 8 9 : a b c d e f const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgLexer::_tokenSet_3(_tokenSet_3_data_,10); const unsigned long PFCfgLexer::_tokenSet_4_data_[] = { 0UL, 67059712UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // . 0 1 2 3 4 5 6 7 8 9 const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgLexer::_tokenSet_4(_tokenSet_4_data_,10); -const unsigned long PFCfgLexer::_tokenSet_5_data_[] = { 0UL, 16UL, 134217726UL, 134217726UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// $ A B C D E F G H I J K L M N O P Q R S T U V W +const unsigned long PFCfgLexer::_tokenSet_5_data_[] = { 0UL, 0UL, 134217726UL, 134217726UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// A B C D E F G H I J K L M N O P Q R S T U V W X Y Z a b c d e f g h +// i j k l m n o p q r s t u v w x y z const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgLexer::_tokenSet_5(_tokenSet_5_data_,10); const unsigned long PFCfgLexer::_tokenSet_6_data_[] = { 4294967288UL, 4294967291UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // 0x3 0x4 0x5 0x6 0x7 0x8 0x9 0xa 0xb 0xc 0xd 0xe 0xf 0x10 0x11 0x12 0x13 // 0x14 0x15 0x16 0x17 0x18 0x19 0x1a 0x1b 0x1c 0x1d 0x1e 0x1f ! # $ // % & \' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ? @ A B C D E F -// G H I J K L M N O P Q R S T U V W +// G H I J K L M N O P Q R S T U V W X Y Z [ 0x5c ] ^ _ ` a b c d e f g +// h i j k l m n o p q r s t u v w x y z const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgLexer::_tokenSet_6(_tokenSet_6_data_,16); diff --git a/src/parsers/PFCfgLexer.hpp b/src/parsers/PFCfgLexer.hpp index f01f6233b..54056e54c 100644 --- a/src/parsers/PFCfgLexer.hpp +++ b/src/parsers/PFCfgLexer.hpp @@ -49,8 +49,6 @@ public: ANTLR_USE_NAMESPACE(antlr)RefToken nextToken(); public: void mLINE_COMMENT(bool _createToken); public: void mNEWLINE(bool _createToken); - public: void mCOLON_COMMENT(bool _createToken); - public: void mCOLON(bool _createToken); public: void mWhitespace(bool _createToken); protected: void mINT_CONST(bool _createToken); protected: void mHEX_CONST(bool _createToken); @@ -60,33 +58,34 @@ public: protected: void mHEXDIGIT(bool _createToken); public: void mNUMBER_ADDRESS_OR_WORD(bool _createToken); public: void mDOT(bool _createToken); + public: void mCOLON(bool _createToken); public: void mSTRING(bool _createToken); public: void mPIPE_CHAR(bool _createToken); public: void mNUMBER_SIGN(bool _createToken); public: void mPERCENT(bool _createToken); public: void mAMPERSAND(bool _createToken); public: void mAPOSTROPHE(bool _createToken); - public: void mOPENING_PAREN(bool _createToken); - public: void mCLOSING_PAREN(bool _createToken); public: void mSTAR(bool _createToken); public: void mPLUS(bool _createToken); public: void mCOMMA(bool _createToken); public: void mMINUS(bool _createToken); public: void mSLASH(bool _createToken); public: void mSEMICOLON(bool _createToken); - public: void mLESS_THAN(bool _createToken); - public: void mEQUALS(bool _createToken); - public: void mGREATER_THAN(bool _createToken); + public: void mEQUAL(bool _createToken); public: void mQUESTION(bool _createToken); public: void mCOMMERCIAL_AT(bool _createToken); + public: void mOPENING_PAREN(bool _createToken); + public: void mCLOSING_PAREN(bool _createToken); public: void mOPENING_SQUARE(bool _createToken); public: void mCLOSING_SQUARE(bool _createToken); - public: void mCARET(bool _createToken); - public: void mUNDERLINE(bool _createToken); public: void mOPENING_BRACE(bool _createToken); public: void mCLOSING_BRACE(bool _createToken); + public: void mCARET(bool _createToken); + public: void mUNDERLINE(bool _createToken); public: void mTILDE(bool _createToken); public: void mEXLAMATION(bool _createToken); + public: void mLESS_THAN(bool _createToken); + public: void mGREATER_THAN(bool _createToken); private: static const unsigned long _tokenSet_0_data_[]; diff --git a/src/parsers/PFCfgParser.cpp b/src/parsers/PFCfgParser.cpp index 11d75fcd4..8bef6bb53 100644 --- a/src/parsers/PFCfgParser.cpp +++ b/src/parsers/PFCfgParser.cpp @@ -45,26 +45,60 @@ PFCfgParser::PFCfgParser(const ANTLR_USE_NAMESPACE(antlr)ParserSharedInputState& } void PFCfgParser::cfgfile() { + Tracer traceInOut(this, "cfgfile"); try { // for error handling - { // ( ... )+ - int _cnt3=0; + { // ( ... )* for (;;) { switch ( LA(1)) { case LINE_COMMENT: - case COLON_COMMENT: { comment(); break; } + case ALTQ: + { + altq_command(); + break; + } + case QUEUE: + { + queue_command(); + break; + } + case SET: + { + set_command(); + break; + } + case SCRUB: + { + scrub_command(); + break; + } + case NAT: + { + nat_command(); + break; + } + case RDR: + { + rdr_command(); + break; + } + case BINAT: + { + binat_command(); + break; + } case PASS: { pass_command(); break; } - case DROP: + case BLOCK: { - drop_command(); + block_command(); break; } case TIMEOUT: @@ -72,25 +106,37 @@ void PFCfgParser::cfgfile() { timeout_command(); break; } - case WORD: - { - unknown_command(); - break; - } case NEWLINE: { match(NEWLINE); break; } default: - { - if ( _cnt3>=1 ) { goto _loop3; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());} + if ((LA(1) == WORD) && (LA(2) == EQUAL)) { + macro_definition(); + } + else if ((LA(1) == WORD) && (_tokenSet_0.member(LA(2)))) { + unknown_command(); + } + else { + goto _loop3; } } - _cnt3++; } _loop3:; - } // ( ... )+ + } // ( ... )* + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_1); + } +} + +void PFCfgParser::comment() { + Tracer traceInOut(this, "comment"); + + try { // for error handling + match(LINE_COMMENT); } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -98,19 +144,405 @@ void PFCfgParser::cfgfile() { } } -void PFCfgParser::comment() { +void PFCfgParser::macro_definition() { + Tracer traceInOut(this, "macro_definition"); try { // for error handling + match(WORD); + match(EQUAL); +#line 149 "pf.g" + + importer->clear(); + importer->setCurrentLineNumber(LT(0)->getLine()); + consumeUntil(NEWLINE); + +#line 160 "PFCfgParser.cpp" + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_0); + } +} + +void PFCfgParser::altq_command() { + Tracer traceInOut(this, "altq_command"); + + try { // for error handling + match(ALTQ); +#line 158 "pf.g" + + importer->clear(); + importer->setCurrentLineNumber(LT(0)->getLine()); + importer->addMessageToLog( + QString("Warning: import of 'altq' commands is not supported.")); + consumeUntil(NEWLINE); + +#line 181 "PFCfgParser.cpp" + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_0); + } +} + +void PFCfgParser::queue_command() { + Tracer traceInOut(this, "queue_command"); + + try { // for error handling + match(QUEUE); +#line 169 "pf.g" + + importer->clear(); + importer->setCurrentLineNumber(LT(0)->getLine()); + importer->addMessageToLog( + QString("Warning: import of 'queue' commands is not supported.")); + consumeUntil(NEWLINE); + +#line 202 "PFCfgParser.cpp" + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_0); + } +} + +void PFCfgParser::set_command() { + Tracer traceInOut(this, "set_command"); + + try { // for error handling + match(SET); +#line 180 "pf.g" + + importer->clear(); + importer->setCurrentLineNumber(LT(0)->getLine()); + importer->addMessageToLog( + QString("Warning: import of 'set' commands has not been implemented yet.")); + consumeUntil(NEWLINE); + +#line 223 "PFCfgParser.cpp" + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_0); + } +} + +void PFCfgParser::scrub_command() { + Tracer traceInOut(this, "scrub_command"); + + try { // for error handling + match(SCRUB); +#line 191 "pf.g" + + importer->clear(); + importer->setCurrentLineNumber(LT(0)->getLine()); + importer->addMessageToLog( + QString("Warning: import of 'scrub' commands has not been implemented yet.")); + consumeUntil(NEWLINE); + +#line 244 "PFCfgParser.cpp" + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_0); + } +} + +void PFCfgParser::nat_command() { + Tracer traceInOut(this, "nat_command"); + + try { // for error handling + match(NAT); +#line 202 "pf.g" + + importer->clear(); + importer->setCurrentLineNumber(LT(0)->getLine()); + importer->addMessageToLog( + QString("Warning: import of 'nat' commands has not been implemented yet.")); + consumeUntil(NEWLINE); + +#line 265 "PFCfgParser.cpp" + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_0); + } +} + +void PFCfgParser::rdr_command() { + Tracer traceInOut(this, "rdr_command"); + + try { // for error handling + match(RDR); +#line 224 "pf.g" + + importer->clear(); + importer->setCurrentLineNumber(LT(0)->getLine()); + importer->addMessageToLog( + QString("Warning: import of 'rdr' commands has not been implemented yet.")); + consumeUntil(NEWLINE); + +#line 286 "PFCfgParser.cpp" + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_0); + } +} + +void PFCfgParser::binat_command() { + Tracer traceInOut(this, "binat_command"); + + try { // for error handling + match(BINAT); +#line 213 "pf.g" + + importer->clear(); + importer->setCurrentLineNumber(LT(0)->getLine()); + importer->addMessageToLog( + QString("Warning: import of 'binat' commands is not supported.")); + consumeUntil(NEWLINE); + +#line 307 "PFCfgParser.cpp" + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_0); + } +} + +void PFCfgParser::pass_command() { + Tracer traceInOut(this, "pass_command"); + + try { // for error handling + match(PASS); +#line 258 "pf.g" + + importer->clear(); + importer->setCurrentLineNumber(LT(0)->getLine()); + importer->newPolicyRule(); + importer->action = "pass"; + *dbg << LT(1)->getLine() << ":" << " pass "; + +#line 328 "PFCfgParser.cpp" + rule_extended(); + match(NEWLINE); +#line 266 "pf.g" + + importer->setInterfaceAndDirectionForRuleSet( + "", importer->iface, importer->direction); + importer->pushRule(); + +#line 337 "PFCfgParser.cpp" + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_0); + } +} + +void PFCfgParser::block_command() { + Tracer traceInOut(this, "block_command"); + + try { // for error handling + match(BLOCK); +#line 274 "pf.g" + + importer->clear(); + importer->setCurrentLineNumber(LT(0)->getLine()); + importer->newPolicyRule(); + importer->action = "block"; + *dbg << LT(1)->getLine() << ":" << " block "; + +#line 358 "PFCfgParser.cpp" + rule_extended(); + match(NEWLINE); +#line 282 "pf.g" + + importer->setInterfaceAndDirectionForRuleSet( + "", importer->iface, importer->direction); + importer->pushRule(); + +#line 367 "PFCfgParser.cpp" + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_0); + } +} + +void PFCfgParser::timeout_command() { + Tracer traceInOut(this, "timeout_command"); + + try { // for error handling + match(TIMEOUT); +#line 235 "pf.g" + + importer->clear(); + importer->setCurrentLineNumber(LT(0)->getLine()); + importer->addMessageToLog( + QString("Warning: import of 'timeout' commands has not been implemented yet.")); + consumeUntil(NEWLINE); + +#line 388 "PFCfgParser.cpp" + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_0); + } +} + +void PFCfgParser::unknown_command() { + Tracer traceInOut(this, "unknown_command"); + + try { // for error handling + match(WORD); +#line 247 "pf.g" + + importer->clear(); + importer->setCurrentLineNumber(LT(0)->getLine()); + consumeUntil(NEWLINE); + +#line 407 "PFCfgParser.cpp" + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_0); + } +} + +void PFCfgParser::rule_extended() { + Tracer traceInOut(this, "rule_extended"); + + try { // for error handling + direction(); { switch ( LA(1)) { - case LINE_COMMENT: + case LOG: { - match(LINE_COMMENT); + logging(); break; } - case COLON_COMMENT: + case NEWLINE: + case ALL: + case TO: + case QUICK: + case ON: + case INET: + case INET6: + case PROTO: + case FROM: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + { + switch ( LA(1)) { + case QUICK: + { + quick(); + break; + } + case NEWLINE: + case ALL: + case TO: + case ON: + case INET: + case INET6: + case PROTO: + case FROM: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + { + switch ( LA(1)) { + case ON: + { + intrface(); + break; + } + case NEWLINE: + case ALL: + case TO: + case INET: + case INET6: + case PROTO: + case FROM: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + { + switch ( LA(1)) { + case ALL: + case TO: + case INET: + case INET6: + case PROTO: + case FROM: + { + { + switch ( LA(1)) { + case INET: + case INET6: + { + address_family(); + break; + } + case ALL: + case TO: + case PROTO: + case FROM: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + { + switch ( LA(1)) { + case PROTO: + { + protospec(); + break; + } + case ALL: + case TO: + case FROM: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + hosts(); + filteropts(); + break; + } + case NEWLINE: { - match(COLON_COMMENT); break; } default: @@ -119,100 +551,6 @@ void PFCfgParser::comment() { } } } - } - catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { - reportError(ex); - recover(ex,_tokenSet_1); - } -} - -void PFCfgParser::pass_command() { - - try { // for error handling - match(PASS); -#line 151 "pf.g" - - importer->setCurrentLineNumber(LT(0)->getLine()); - importer->newPolicyRule(); - importer->action = "pass"; - *dbg << LT(1)->getLine() << ":" << " pass "; - -#line 141 "PFCfgParser.cpp" - rule_extended(); - match(NEWLINE); -#line 158 "pf.g" - - importer->pushRule(); - -#line 148 "PFCfgParser.cpp" - } - catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { - reportError(ex); - recover(ex,_tokenSet_1); - } -} - -void PFCfgParser::drop_command() { - - try { // for error handling - match(DROP); -#line 164 "pf.g" - - importer->setCurrentLineNumber(LT(0)->getLine()); - importer->newPolicyRule(); - importer->action = "drop"; - *dbg << LT(1)->getLine() << ":" << " drop "; - -#line 167 "PFCfgParser.cpp" - rule_extended(); - match(NEWLINE); -#line 171 "pf.g" - - importer->pushRule(); - -#line 174 "PFCfgParser.cpp" - } - catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { - reportError(ex); - recover(ex,_tokenSet_1); - } -} - -void PFCfgParser::timeout_command() { - - try { // for error handling - match(TIMEOUT); -#line 134 "pf.g" - - consumeUntil(NEWLINE); - -#line 190 "PFCfgParser.cpp" - } - catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { - reportError(ex); - recover(ex,_tokenSet_1); - } -} - -void PFCfgParser::unknown_command() { - - try { // for error handling - match(WORD); -#line 142 "pf.g" - - consumeUntil(NEWLINE); - -#line 206 "PFCfgParser.cpp" - } - catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { - reportError(ex); - recover(ex,_tokenSet_1); - } -} - -void PFCfgParser::rule_extended() { - - try { // for error handling } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -220,23 +558,20 @@ void PFCfgParser::rule_extended() { } } -void PFCfgParser::single_addr() { - ANTLR_USE_NAMESPACE(antlr)RefToken h = ANTLR_USE_NAMESPACE(antlr)nullToken; - ANTLR_USE_NAMESPACE(antlr)RefToken v6 = ANTLR_USE_NAMESPACE(antlr)nullToken; +void PFCfgParser::direction() { + Tracer traceInOut(this, "direction"); try { // for error handling { switch ( LA(1)) { - case IPV4: + case IN: { - h = LT(1); - match(IPV4); + match(IN); break; } - case IPV6: + case OUT: { - v6 = LT(1); - match(IPV6); + match(OUT); break; } default: @@ -245,27 +580,1282 @@ void PFCfgParser::single_addr() { } } } -#line 180 "pf.g" +#line 303 "pf.g" - importer->setCurrentLineNumber(LT(0)->getLine()); - if (h) - { - importer->tmp_a = h->getText(); - importer->tmp_nm = "255.255.255.255"; - *dbg << importer->tmp_a << " "; - } - if (v6) - { - importer->addMessageToLog( - QString("Warning: IPv6 import is not supported. ")); - consumeUntil(NEWLINE); - } + importer->direction = LT(0)->getText(); -#line 265 "PFCfgParser.cpp" +#line 588 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_0); + recover(ex,_tokenSet_3); + } +} + +void PFCfgParser::logging() { + Tracer traceInOut(this, "logging"); + + try { // for error handling + match(LOG); + logopts(); +#line 309 "pf.g" + + importer->logging = true; + +#line 606 "PFCfgParser.cpp" + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_4); + } +} + +void PFCfgParser::quick() { + Tracer traceInOut(this, "quick"); + + try { // for error handling + match(QUICK); +#line 326 "pf.g" + + importer->quick = true; + +#line 623 "PFCfgParser.cpp" + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_5); + } +} + +void PFCfgParser::intrface() { + Tracer traceInOut(this, "intrface"); + + try { // for error handling + match(ON); + match(WORD); +#line 332 "pf.g" + + importer->iface = LT(0)->getText(); + importer->newInterface(importer->iface); + +#line 642 "PFCfgParser.cpp" + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_6); + } +} + +void PFCfgParser::address_family() { + Tracer traceInOut(this, "address_family"); + + try { // for error handling + switch ( LA(1)) { + case INET: + { + match(INET); + break; + } + case INET6: + { + match(INET6); +#line 339 "pf.g" + + importer->address_family = LT(0)->getText(); + +#line 667 "PFCfgParser.cpp" + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_7); + } +} + +void PFCfgParser::protospec() { + Tracer traceInOut(this, "protospec"); + + try { // for error handling + match(PROTO); + { + switch ( LA(1)) { + case IP: + case ICMP: + case IGMP: + case TCP: + case UDP: + case RDP: + case RSVP: + case GRE: + case ESP: + case AH: + case EIGRP: + case OSPF: + case IPIP: + case VRRP: + case L2TP: + case ISIS: + { + proto_name(); + break; + } + case INT_CONST: + { + proto_number(); + break; + } + case OPENING_BRACE: + { + proto_list(); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_8); + } +} + +void PFCfgParser::hosts() { + Tracer traceInOut(this, "hosts"); + + try { // for error handling + switch ( LA(1)) { + case ALL: + { + match(ALL); + break; + } + case TO: + case FROM: + { + { + { + switch ( LA(1)) { + case FROM: + { + match(FROM); + { + switch ( LA(1)) { + case WORD: + case OPENING_BRACE: + case ANY: + case SELF: + case EXCLAMATION: + case IPV4: + case IPV6: + { + src_hosts_part(); + break; + } + case TO: + case PORT: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + { + switch ( LA(1)) { + case PORT: + { + src_port_part(); + break; + } + case TO: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + break; + } + case TO: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + { + match(TO); + { + switch ( LA(1)) { + case WORD: + case OPENING_BRACE: + case ANY: + case SELF: + case EXCLAMATION: + case IPV4: + case IPV6: + { + dst_hosts_part(); + break; + } + case NEWLINE: + case QUEUE: + case COMMA: + case NO: + case KEEP: + case MODULATE: + case SYNPROXY: + case PORT: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + { + switch ( LA(1)) { + case PORT: + { + dst_port_part(); + break; + } + case NEWLINE: + case QUEUE: + case COMMA: + case NO: + case KEEP: + case MODULATE: + case SYNPROXY: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + } + } + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_9); + } +} + +void PFCfgParser::filteropts() { + Tracer traceInOut(this, "filteropts"); + + try { // for error handling + filteropt(); + { // ( ... )* + for (;;) { + if ((LA(1) == COMMA)) { + match(COMMA); + filteropt(); + } + else { + goto _loop65; + } + + } + _loop65:; + } // ( ... )* + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_2); + } +} + +void PFCfgParser::logopts() { + Tracer traceInOut(this, "logopts"); + + try { // for error handling + logopt(); + { // ( ... )* + for (;;) { + if ((LA(1) == COMMA)) { + match(COMMA); + logopt(); + } + else { + goto _loop29; + } + + } + _loop29:; + } // ( ... )* + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_4); + } +} + +void PFCfgParser::logopt() { + Tracer traceInOut(this, "logopt"); + + try { // for error handling + switch ( LA(1)) { + case ALL: + { + match(ALL); + break; + } + case USER: + { + match(USER); + break; + } + case TO: + { + match(TO); + match(WORD); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_10); + } +} + +void PFCfgParser::proto_name() { + Tracer traceInOut(this, "proto_name"); + + try { // for error handling + { + switch ( LA(1)) { + case IP: + { + match(IP); + break; + } + case ICMP: + { + match(ICMP); + break; + } + case IGMP: + { + match(IGMP); + break; + } + case TCP: + { + match(TCP); + break; + } + case UDP: + { + match(UDP); + break; + } + case RDP: + { + match(RDP); + break; + } + case RSVP: + { + match(RSVP); + break; + } + case GRE: + { + match(GRE); + break; + } + case ESP: + { + match(ESP); + break; + } + case AH: + { + match(AH); + break; + } + case EIGRP: + { + match(EIGRP); + break; + } + case OSPF: + { + match(OSPF); + break; + } + case IPIP: + { + match(IPIP); + break; + } + case VRRP: + { + match(VRRP); + break; + } + case L2TP: + { + match(L2TP); + break; + } + case ISIS: + { + match(ISIS); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } +#line 356 "pf.g" + + importer->proto_list.push_back(LT(0)->getText()); + +#line 1054 "PFCfgParser.cpp" + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_8); + } +} + +void PFCfgParser::proto_number() { + Tracer traceInOut(this, "proto_number"); + + try { // for error handling + match(INT_CONST); +#line 362 "pf.g" + + importer->proto_list.push_back(LT(0)->getText()); + +#line 1071 "PFCfgParser.cpp" + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_8); + } +} + +void PFCfgParser::proto_list() { + Tracer traceInOut(this, "proto_list"); + + try { // for error handling + match(OPENING_BRACE); + protospec(); + { // ( ... )* + for (;;) { + if ((LA(1) == COMMA)) { + match(COMMA); + protospec(); + } + else { + goto _loop41; + } + + } + _loop41:; + } // ( ... )* + match(CLOSING_BRACE); + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_8); + } +} + +void PFCfgParser::src_hosts_part() { + Tracer traceInOut(this, "src_hosts_part"); + + try { // for error handling + { + switch ( LA(1)) { + case ANY: + { + match(ANY); +#line 397 "pf.g" + + importer->tmp_group.push_back( + std::pair("0.0.0.0", "0.0.0.0")); + +#line 1120 "PFCfgParser.cpp" + break; + } + case SELF: + { + match(SELF); +#line 403 "pf.g" + + importer->tmp_group.push_back( + std::pair("self", "255.255.255.255")); + +#line 1131 "PFCfgParser.cpp" + break; + } + case WORD: + case EXCLAMATION: + case IPV4: + case IPV6: + { + host(); + break; + } + case OPENING_BRACE: + { + host_list(); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } +#line 412 "pf.g" + + importer->src_neg = importer->tmp_neg; + importer->src_group.splice(importer->src_group.begin(), + importer->tmp_group); + +#line 1159 "PFCfgParser.cpp" + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_11); + } +} + +void PFCfgParser::src_port_part() { + Tracer traceInOut(this, "src_port_part"); + + try { // for error handling + match(PORT); + { + if ((_tokenSet_12.member(LA(1))) && (LA(2) == WORD || LA(2) == TO || LA(2) == INT_CONST)) { + unary_op(); + } + else if ((LA(1) == WORD || LA(1) == INT_CONST) && ((LA(2) >= EXCEPT_RANGE && LA(2) <= COLON))) { + binary_op(); + } + else if ((LA(1) == OPENING_BRACE)) { + op_list(); + } + else { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + + } +#line 540 "pf.g" + + importer->src_port_group.splice(importer->src_port_group.begin(), + importer->tmp_port_group); + +#line 1192 "PFCfgParser.cpp" + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_13); + } +} + +void PFCfgParser::dst_hosts_part() { + Tracer traceInOut(this, "dst_hosts_part"); + + try { // for error handling + { + switch ( LA(1)) { + case ANY: + { + match(ANY); +#line 422 "pf.g" + + importer->tmp_group.push_back( + std::pair("0.0.0.0", "0.0.0.0")); + +#line 1214 "PFCfgParser.cpp" + break; + } + case SELF: + { + match(SELF); +#line 428 "pf.g" + + importer->tmp_group.push_back( + std::pair("self", "255.255.255.255")); + +#line 1225 "PFCfgParser.cpp" + break; + } + case WORD: + case EXCLAMATION: + case IPV4: + case IPV6: + { + host(); + break; + } + case OPENING_BRACE: + { + host_list(); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } +#line 437 "pf.g" + + importer->dst_neg = importer->tmp_neg; + importer->dst_group.splice(importer->src_group.begin(), + importer->tmp_group); + +#line 1253 "PFCfgParser.cpp" + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_14); + } +} + +void PFCfgParser::dst_port_part() { + Tracer traceInOut(this, "dst_port_part"); + + try { // for error handling + match(PORT); + { + if ((_tokenSet_12.member(LA(1))) && (_tokenSet_15.member(LA(2)))) { + unary_op(); + } + else if ((LA(1) == WORD || LA(1) == INT_CONST) && ((LA(2) >= EXCEPT_RANGE && LA(2) <= COLON))) { + binary_op(); + } + else if ((LA(1) == OPENING_BRACE)) { + op_list(); + } + else { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + + } +#line 548 "pf.g" + + importer->dst_port_group.splice(importer->dst_port_group.begin(), + importer->tmp_port_group); + +#line 1286 "PFCfgParser.cpp" + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_9); + } +} + +void PFCfgParser::host() { + Tracer traceInOut(this, "host"); + ANTLR_USE_NAMESPACE(antlr)RefToken h = ANTLR_USE_NAMESPACE(antlr)nullToken; + ANTLR_USE_NAMESPACE(antlr)RefToken v6 = ANTLR_USE_NAMESPACE(antlr)nullToken; + ANTLR_USE_NAMESPACE(antlr)RefToken nm = ANTLR_USE_NAMESPACE(antlr)nullToken; + ANTLR_USE_NAMESPACE(antlr)RefToken nm6 = ANTLR_USE_NAMESPACE(antlr)nullToken; + + try { // for error handling + { + switch ( LA(1)) { + case EXCLAMATION: + { + match(EXCLAMATION); +#line 448 "pf.g" + + importer->tmp_neg = true; + +#line 1311 "PFCfgParser.cpp" + break; + } + case WORD: + case IPV4: + case IPV6: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + { + switch ( LA(1)) { + case IPV4: + case IPV6: + { + { + switch ( LA(1)) { + case IPV4: + { + h = LT(1); + match(IPV4); + break; + } + case IPV6: + { + v6 = LT(1); + match(IPV6); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + { + switch ( LA(1)) { + case SLASH: + { + match(SLASH); + { + switch ( LA(1)) { + case IPV4: + { + nm = LT(1); + match(IPV4); + break; + } + case INT_CONST: + { + nm6 = LT(1); + match(INT_CONST); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + break; + } + case NEWLINE: + case QUEUE: + case COMMA: + case TO: + case CLOSING_BRACE: + case NO: + case KEEP: + case MODULATE: + case SYNPROXY: + case PORT: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } +#line 454 "pf.g" + + if (v6) + { + importer->addMessageToLog( + QString("Warning: IPv6 import is not supported. ")); + consumeUntil(NEWLINE); + } else + { + std::string addr = "0.0.0.0"; + std::string netm = "255.255.255.255"; + if (h) addr = h->getText(); + if (nm) netm = nm->getText(); + importer->tmp_group.push_back( + std::pair(addr, netm)); + } + +#line 1414 "PFCfgParser.cpp" + break; + } + case WORD: + { + match(WORD); +#line 472 "pf.g" + + // This should be an interface name + importer->tmp_group.push_back( + std::pair( + LT(0)->getText(), "255.255.255.255")); + +#line 1427 "PFCfgParser.cpp" + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_16); + } +} + +void PFCfgParser::host_list() { + Tracer traceInOut(this, "host_list"); + + try { // for error handling + match(OPENING_BRACE); + host(); + { // ( ... )* + for (;;) { + if ((LA(1) == COMMA)) { + match(COMMA); + host(); + } + else { + goto _loop62; + } + + } + _loop62:; + } // ( ... )* + match(CLOSING_BRACE); + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_17); + } +} + +void PFCfgParser::filteropt() { + Tracer traceInOut(this, "filteropt"); + + try { // for error handling + { + switch ( LA(1)) { + case NO: + case KEEP: + case MODULATE: + case SYNPROXY: + { + state(); + break; + } + case NEWLINE: + case QUEUE: + case COMMA: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + { + switch ( LA(1)) { + case QUEUE: + { + queue(); + break; + } + case NEWLINE: + case COMMA: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_18); + } +} + +void PFCfgParser::state() { + Tracer traceInOut(this, "state"); + + try { // for error handling + { + switch ( LA(1)) { + case NO: + { + match(NO); + break; + } + case KEEP: + { + match(KEEP); + break; + } + case MODULATE: + { + match(MODULATE); + break; + } + case SYNPROXY: + { + match(SYNPROXY); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } +#line 515 "pf.g" + + importer->state_op = LT(0)->getText(); + +#line 1557 "PFCfgParser.cpp" + match(STATE); + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_19); + } +} + +void PFCfgParser::queue() { + Tracer traceInOut(this, "queue"); + + try { // for error handling + match(QUEUE); + { + switch ( LA(1)) { + case WORD: + { + match(WORD); +#line 524 "pf.g" + importer->queue += LT(0)->getText(); +#line 1578 "PFCfgParser.cpp" + break; + } + case OPENING_PAREN: + { + match(OPENING_PAREN); +#line 526 "pf.g" + importer->queue += "("; +#line 1586 "PFCfgParser.cpp" + match(WORD); +#line 527 "pf.g" + importer->queue += LT(0)->getText(); +#line 1590 "PFCfgParser.cpp" + { // ( ... )* + for (;;) { + if ((LA(1) == COMMA)) { + match(COMMA); +#line 529 "pf.g" + importer->queue += ","; +#line 1597 "PFCfgParser.cpp" + match(WORD); +#line 530 "pf.g" + importer->queue += LT(0)->getText(); +#line 1601 "PFCfgParser.cpp" + } + else { + goto _loop74; + } + + } + _loop74:; + } // ( ... )* + match(CLOSING_PAREN); +#line 532 "pf.g" + importer->queue += ")"; +#line 1613 "PFCfgParser.cpp" + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_18); + } +} + +void PFCfgParser::unary_op() { + Tracer traceInOut(this, "unary_op"); + + try { // for error handling +#line 555 "pf.g" + + std::string op = "="; + +#line 1637 "PFCfgParser.cpp" + { + switch ( LA(1)) { + case EQUAL: + case NOT_EQUAL: + case LESS_THAN: + case LESS_OR_EQUAL_THAN: + case GREATER_THAN: + case GREATER_OR_EQUAL_THAN: + { + { + switch ( LA(1)) { + case EQUAL: + { + match(EQUAL); + break; + } + case NOT_EQUAL: + { + match(NOT_EQUAL); + break; + } + case LESS_THAN: + { + match(LESS_THAN); + break; + } + case LESS_OR_EQUAL_THAN: + { + match(LESS_OR_EQUAL_THAN); + break; + } + case GREATER_THAN: + { + match(GREATER_THAN); + break; + } + case GREATER_OR_EQUAL_THAN: + { + match(GREATER_OR_EQUAL_THAN); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } +#line 572 "pf.g" + + op = LT(0)->getText(); + +#line 1689 "PFCfgParser.cpp" + break; + } + case WORD: + case INT_CONST: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + port_def(); +#line 577 "pf.g" + + std::vector tuple; + tuple.push_back(op); + tuple.push_back(importer->tmp_port_def); + importer->tmp_port_group.push_back(tuple); + +#line 1711 "PFCfgParser.cpp" + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_20); + } +} + +void PFCfgParser::binary_op() { + Tracer traceInOut(this, "binary_op"); + + try { // for error handling +#line 586 "pf.g" + + std::string op; + std::string arg1; + std::vector tuple; + +#line 1729 "PFCfgParser.cpp" + port_def(); +#line 592 "pf.g" + + arg1 = importer->tmp_port_def; + +#line 1735 "PFCfgParser.cpp" + { + switch ( LA(1)) { + case EXCEPT_RANGE: + { + match(EXCEPT_RANGE); + break; + } + case INSIDE_RANGE: + { + match(INSIDE_RANGE); + break; + } + case COLON: + { + match(COLON); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } +#line 602 "pf.g" + + op = LT(0)->getText(); + +#line 1763 "PFCfgParser.cpp" + port_def(); +#line 606 "pf.g" + + tuple.push_back(op); + tuple.push_back(arg1); + tuple.push_back(importer->tmp_port_def); + importer->tmp_port_group.push_back(tuple); + +#line 1772 "PFCfgParser.cpp" + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_20); + } +} + +void PFCfgParser::op_list() { + Tracer traceInOut(this, "op_list"); + + try { // for error handling + match(OPENING_BRACE); + { + if ((_tokenSet_12.member(LA(1))) && (_tokenSet_21.member(LA(2)))) { + unary_op(); + } + else if ((LA(1) == WORD || LA(1) == INT_CONST) && ((LA(2) >= EXCEPT_RANGE && LA(2) <= COLON))) { + binary_op(); + } + else { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + + } + { // ( ... )* + for (;;) { + if ((LA(1) == COMMA)) { + match(COMMA); + { + if ((_tokenSet_12.member(LA(1))) && (_tokenSet_21.member(LA(2)))) { + unary_op(); + } + else if ((LA(1) == WORD || LA(1) == INT_CONST) && ((LA(2) >= EXCEPT_RANGE && LA(2) <= COLON))) { + binary_op(); + } + else { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + + } + } + else { + goto _loop90; + } + + } + _loop90:; + } // ( ... )* + match(CLOSING_BRACE); + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_22); + } +} + +void PFCfgParser::port_def() { + Tracer traceInOut(this, "port_def"); + + try { // for error handling + { + switch ( LA(1)) { + case WORD: + { + match(WORD); + break; + } + case INT_CONST: + { + match(INT_CONST); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } +#line 616 "pf.g" + + importer->tmp_port_def = LT(0)->getText(); + +#line 1855 "PFCfgParser.cpp" + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_23); } } @@ -279,41 +1869,86 @@ const char* PFCfgParser::tokenNames[] = { "NULL_TREE_LOOKAHEAD", "NEWLINE", "LINE_COMMENT", - "COLON_COMMENT", - "\"timeout\"", "WORD", + "EQUAL", + "\"altq\"", + "\"queue\"", + "\"set\"", + "\"scrub\"", + "\"nat\"", + "\"binat\"", + "\"rdr\"", + "\"timeout\"", "\"pass\"", - "\"drop\"", - "IPV4", - "IPV6", - "\"exit\"", - "\"quit\"", - "\"no\"", - "\"interface\"", + "\"block\"", + "\"in\"", + "\"out\"", + "\"log\"", + "COMMA", + "ALL", + "USER", + "\"to\"", + "\"quick\"", + "\"on\"", + "\"inet\"", + "\"inet6\"", + "\"proto\"", "\"ip\"", "\"icmp\"", - "\"icmp6\"", + "\"igmp\"", "\"tcp\"", "\"udp\"", + "\"rdp\"", + "\"rsvp\"", + "\"gre\"", + "\"esp\"", "\"ah\"", "\"eigrp\"", - "\"esp\"", - "\"gre\"", - "\"igmp\"", + "\"ospf\"", + "\"ipip\"", + "\"vrrp\"", + "\"l2tp\"", + "\"isis\"", + "INT_CONST", + "OPENING_BRACE", + "CLOSING_BRACE", + "\"from\"", + "\"any\"", + "SELF", + "EXCLAMATION", + "IPV4", + "IPV6", + "SLASH", + "\"no\"", + "\"keep\"", + "\"modulate\"", + "\"synproxy\"", + "\"state\"", + "OPENING_PAREN", + "CLOSING_PAREN", + "\"port\"", + "\"!=\"", + "LESS_THAN", + "\"<=\"", + "GREATER_THAN", + "\">=\"", + "\"<>\"", + "\"><\"", + "COLON", + "\"exit\"", + "\"quit\"", + "\"interface\"", + "\"icmp6\"", "\"igrp\"", - "\"ipinip\"", "\"ipsec\"", "\"nos\"", - "\"ospf\"", "\"pcp\"", "\"pim\"", "\"pptp\"", "\"rip\"", "\"snp\"", "\"host\"", - "\"any\"", "\"range\"", - "\"log\"", "\"alerts\"", "\"critical\"", "\"debugging\"", @@ -324,8 +1959,8 @@ const char* PFCfgParser::tokenNames[] = { "\"warnings\"", "\"disable\"", "\"inactive\"", + "\"->\"", "Whitespace", - "INT_CONST", "HEX_CONST", "NUMBER", "NEG_INT_CONST", @@ -338,40 +1973,96 @@ const char* PFCfgParser::tokenNames[] = { "PERCENT", "AMPERSAND", "APOSTROPHE", - "OPENING_PAREN", - "CLOSING_PAREN", "STAR", "PLUS", - "COMMA", "MINUS", "DOT", - "SLASH", - "COLON", "SEMICOLON", - "LESS_THAN", - "EQUALS", - "GREATER_THAN", "QUESTION", "COMMERCIAL_AT", "OPENING_SQUARE", "CLOSING_SQUARE", "CARET", "UNDERLINE", - "OPENING_BRACE", - "CLOSING_BRACE", "TILDE", "EXLAMATION", 0 }; -const unsigned long PFCfgParser::_tokenSet_0_data_[] = { 2UL, 0UL, 0UL, 0UL }; -// EOF +const unsigned long PFCfgParser::_tokenSet_0_data_[] = { 262002UL, 0UL, 0UL, 0UL }; +// EOF NEWLINE LINE_COMMENT WORD "altq" "queue" "set" "scrub" "nat" "binat" +// "rdr" "timeout" "pass" "block" const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_0(_tokenSet_0_data_,4); -const unsigned long PFCfgParser::_tokenSet_1_data_[] = { 2034UL, 0UL, 0UL, 0UL }; -// EOF NEWLINE LINE_COMMENT COLON_COMMENT "timeout" WORD "pass" "drop" +const unsigned long PFCfgParser::_tokenSet_1_data_[] = { 2UL, 0UL, 0UL, 0UL }; +// EOF const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_1(_tokenSet_1_data_,4); const unsigned long PFCfgParser::_tokenSet_2_data_[] = { 16UL, 0UL, 0UL, 0UL }; // NEWLINE const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_2(_tokenSet_2_data_,4); +const unsigned long PFCfgParser::_tokenSet_3_data_[] = { 1062207504UL, 131072UL, 0UL, 0UL }; +// NEWLINE "log" ALL "to" "quick" "on" "inet" "inet6" "proto" "from" +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_3(_tokenSet_3_data_,4); +const unsigned long PFCfgParser::_tokenSet_4_data_[] = { 1061158928UL, 131072UL, 0UL, 0UL }; +// NEWLINE ALL "to" "quick" "on" "inet" "inet6" "proto" "from" +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_4(_tokenSet_4_data_,4); +const unsigned long PFCfgParser::_tokenSet_5_data_[] = { 1027604496UL, 131072UL, 0UL, 0UL }; +// NEWLINE ALL "to" "on" "inet" "inet6" "proto" "from" +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_5(_tokenSet_5_data_,4); +const unsigned long PFCfgParser::_tokenSet_6_data_[] = { 960495632UL, 131072UL, 0UL, 0UL }; +// NEWLINE ALL "to" "inet" "inet6" "proto" "from" +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_6(_tokenSet_6_data_,4); +const unsigned long PFCfgParser::_tokenSet_7_data_[] = { 557842432UL, 131072UL, 0UL, 0UL }; +// ALL "to" "proto" "from" +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_7(_tokenSet_7_data_,4); +const unsigned long PFCfgParser::_tokenSet_8_data_[] = { 23068672UL, 196608UL, 0UL, 0UL }; +// COMMA ALL "to" CLOSING_BRACE "from" +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_8(_tokenSet_8_data_,4); +const unsigned long PFCfgParser::_tokenSet_9_data_[] = { 2097680UL, 251658240UL, 0UL, 0UL }; +// NEWLINE "queue" COMMA "no" "keep" "modulate" "synproxy" +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_9(_tokenSet_9_data_,4); +const unsigned long PFCfgParser::_tokenSet_10_data_[] = { 1063256080UL, 131072UL, 0UL, 0UL }; +// NEWLINE COMMA ALL "to" "quick" "on" "inet" "inet6" "proto" "from" +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_10(_tokenSet_10_data_,4); +const unsigned long PFCfgParser::_tokenSet_11_data_[] = { 16777216UL, 2147483648UL, 0UL, 0UL }; +// "to" "port" +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_11(_tokenSet_11_data_,4); +const unsigned long PFCfgParser::_tokenSet_12_data_[] = { 192UL, 16384UL, 31UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// WORD EQUAL INT_CONST "!=" LESS_THAN "<=" GREATER_THAN ">=" +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_12(_tokenSet_12_data_,8); +const unsigned long PFCfgParser::_tokenSet_13_data_[] = { 16777216UL, 0UL, 0UL, 0UL }; +// "to" +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_13(_tokenSet_13_data_,4); +const unsigned long PFCfgParser::_tokenSet_14_data_[] = { 2097680UL, 2399141888UL, 0UL, 0UL }; +// NEWLINE "queue" COMMA "no" "keep" "modulate" "synproxy" "port" +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_14(_tokenSet_14_data_,4); +const unsigned long PFCfgParser::_tokenSet_15_data_[] = { 2097744UL, 251674624UL, 0UL, 0UL }; +// NEWLINE WORD "queue" COMMA INT_CONST "no" "keep" "modulate" "synproxy" +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_15(_tokenSet_15_data_,4); +const unsigned long PFCfgParser::_tokenSet_16_data_[] = { 18874896UL, 2399207424UL, 0UL, 0UL }; +// NEWLINE "queue" COMMA "to" CLOSING_BRACE "no" "keep" "modulate" "synproxy" +// "port" +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_16(_tokenSet_16_data_,4); +const unsigned long PFCfgParser::_tokenSet_17_data_[] = { 18874896UL, 2399141888UL, 0UL, 0UL }; +// NEWLINE "queue" COMMA "to" "no" "keep" "modulate" "synproxy" "port" +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_17(_tokenSet_17_data_,4); +const unsigned long PFCfgParser::_tokenSet_18_data_[] = { 2097168UL, 0UL, 0UL, 0UL }; +// NEWLINE COMMA +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_18(_tokenSet_18_data_,4); +const unsigned long PFCfgParser::_tokenSet_19_data_[] = { 2097680UL, 0UL, 0UL, 0UL }; +// NEWLINE "queue" COMMA +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_19(_tokenSet_19_data_,4); +const unsigned long PFCfgParser::_tokenSet_20_data_[] = { 18874896UL, 251723776UL, 0UL, 0UL }; +// NEWLINE "queue" COMMA "to" CLOSING_BRACE "no" "keep" "modulate" "synproxy" +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_20(_tokenSet_20_data_,4); +const unsigned long PFCfgParser::_tokenSet_21_data_[] = { 2097216UL, 81920UL, 0UL, 0UL }; +// WORD COMMA INT_CONST CLOSING_BRACE +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_21(_tokenSet_21_data_,4); +const unsigned long PFCfgParser::_tokenSet_22_data_[] = { 18874896UL, 251658240UL, 0UL, 0UL }; +// NEWLINE "queue" COMMA "to" "no" "keep" "modulate" "synproxy" +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_22(_tokenSet_22_data_,4); +const unsigned long PFCfgParser::_tokenSet_23_data_[] = { 18874896UL, 251723776UL, 224UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE "queue" COMMA "to" CLOSING_BRACE "no" "keep" "modulate" "synproxy" +// "<>" "><" COLON +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_23(_tokenSet_23_data_,8); diff --git a/src/parsers/PFCfgParser.hpp b/src/parsers/PFCfgParser.hpp index 50554ab4d..cff783db5 100644 --- a/src/parsers/PFCfgParser.hpp +++ b/src/parsers/PFCfgParser.hpp @@ -90,12 +90,45 @@ public: } public: void cfgfile(); public: void comment(); + public: void macro_definition(); + public: void altq_command(); + public: void queue_command(); + public: void set_command(); + public: void scrub_command(); + public: void nat_command(); + public: void rdr_command(); + public: void binat_command(); public: void pass_command(); - public: void drop_command(); + public: void block_command(); public: void timeout_command(); public: void unknown_command(); public: void rule_extended(); - public: void single_addr(); + public: void direction(); + public: void logging(); + public: void quick(); + public: void intrface(); + public: void address_family(); + public: void protospec(); + public: void hosts(); + public: void filteropts(); + public: void logopts(); + public: void logopt(); + public: void proto_name(); + public: void proto_number(); + public: void proto_list(); + public: void src_hosts_part(); + public: void src_port_part(); + public: void dst_hosts_part(); + public: void dst_port_part(); + public: void host(); + public: void host_list(); + public: void filteropt(); + public: void state(); + public: void queue(); + public: void unary_op(); + public: void binary_op(); + public: void op_list(); + public: void port_def(); public: ANTLR_USE_NAMESPACE(antlr)RefAST getAST() { @@ -107,10 +140,10 @@ protected: private: static const char* tokenNames[]; #ifndef NO_STATIC_CONSTS - static const int NUM_TOKENS = 88; + static const int NUM_TOKENS = 123; #else enum { - NUM_TOKENS = 88 + NUM_TOKENS = 123 }; #endif @@ -120,6 +153,48 @@ private: static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_1; static const unsigned long _tokenSet_2_data_[]; static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_2; + static const unsigned long _tokenSet_3_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_3; + static const unsigned long _tokenSet_4_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_4; + static const unsigned long _tokenSet_5_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_5; + static const unsigned long _tokenSet_6_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_6; + static const unsigned long _tokenSet_7_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_7; + static const unsigned long _tokenSet_8_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_8; + static const unsigned long _tokenSet_9_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_9; + static const unsigned long _tokenSet_10_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_10; + static const unsigned long _tokenSet_11_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_11; + static const unsigned long _tokenSet_12_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_12; + static const unsigned long _tokenSet_13_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_13; + static const unsigned long _tokenSet_14_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_14; + static const unsigned long _tokenSet_15_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_15; + static const unsigned long _tokenSet_16_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_16; + static const unsigned long _tokenSet_17_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_17; + static const unsigned long _tokenSet_18_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_18; + static const unsigned long _tokenSet_19_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_19; + static const unsigned long _tokenSet_20_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_20; + static const unsigned long _tokenSet_21_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_21; + static const unsigned long _tokenSet_22_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_22; + static const unsigned long _tokenSet_23_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_23; }; #endif /*INC_PFCfgParser_hpp_*/ diff --git a/src/parsers/PFCfgParserTokenTypes.hpp b/src/parsers/PFCfgParserTokenTypes.hpp index 4f42e6b4c..7265ad8b6 100644 --- a/src/parsers/PFCfgParserTokenTypes.hpp +++ b/src/parsers/PFCfgParserTokenTypes.hpp @@ -14,88 +14,123 @@ struct CUSTOM_API PFCfgParserTokenTypes { EOF_ = 1, NEWLINE = 4, LINE_COMMENT = 5, - COLON_COMMENT = 6, - TIMEOUT = 7, - WORD = 8, - PASS = 9, - DROP = 10, - IPV4 = 11, - IPV6 = 12, - EXIT = 13, - QUIT = 14, - NO = 15, - INTRFACE = 16, - IP = 17, - ICMP = 18, - ICMP6 = 19, - TCP = 20, - UDP = 21, - AH = 22, - EIGRP = 23, - ESP = 24, - GRE = 25, - IGMP = 26, - IGRP = 27, - IPINIP = 28, - IPSEC = 29, - NOS = 30, - OSPF = 31, - PCP = 32, - PIM = 33, - PPTP = 34, - RIP = 35, - SNP = 36, - HOST = 37, - ANY = 38, - RANGE = 39, - LOG = 40, - LOG_LEVEL_ALERTS = 41, - LOG_LEVEL_CRITICAL = 42, - LOG_LEVEL_DEBUGGING = 43, - LOG_LEVEL_EMERGENCIES = 44, - LOG_LEVEL_ERRORS = 45, - LOG_LEVEL_INFORMATIONAL = 46, - LOG_LEVEL_NOTIFICATIONS = 47, - LOG_LEVEL_WARNINGS = 48, - LOG_LEVEL_DISABLE = 49, - LOG_LEVEL_INACTIVE = 50, - Whitespace = 51, - INT_CONST = 52, - HEX_CONST = 53, - NUMBER = 54, - NEG_INT_CONST = 55, - DIGIT = 56, - HEXDIGIT = 57, - NUMBER_ADDRESS_OR_WORD = 58, - STRING = 59, - PIPE_CHAR = 60, - NUMBER_SIGN = 61, - PERCENT = 62, - AMPERSAND = 63, - APOSTROPHE = 64, - OPENING_PAREN = 65, - CLOSING_PAREN = 66, - STAR = 67, - PLUS = 68, - COMMA = 69, - MINUS = 70, - DOT = 71, - SLASH = 72, - COLON = 73, - SEMICOLON = 74, - LESS_THAN = 75, - EQUALS = 76, - GREATER_THAN = 77, - QUESTION = 78, - COMMERCIAL_AT = 79, - OPENING_SQUARE = 80, - CLOSING_SQUARE = 81, - CARET = 82, - UNDERLINE = 83, - OPENING_BRACE = 84, - CLOSING_BRACE = 85, - TILDE = 86, - EXLAMATION = 87, + WORD = 6, + EQUAL = 7, + ALTQ = 8, + QUEUE = 9, + SET = 10, + SCRUB = 11, + NAT = 12, + BINAT = 13, + RDR = 14, + TIMEOUT = 15, + PASS = 16, + BLOCK = 17, + IN = 18, + OUT = 19, + LOG = 20, + COMMA = 21, + ALL = 22, + USER = 23, + TO = 24, + QUICK = 25, + ON = 26, + INET = 27, + INET6 = 28, + PROTO = 29, + IP = 30, + ICMP = 31, + IGMP = 32, + TCP = 33, + UDP = 34, + RDP = 35, + RSVP = 36, + GRE = 37, + ESP = 38, + AH = 39, + EIGRP = 40, + OSPF = 41, + IPIP = 42, + VRRP = 43, + L2TP = 44, + ISIS = 45, + INT_CONST = 46, + OPENING_BRACE = 47, + CLOSING_BRACE = 48, + FROM = 49, + ANY = 50, + SELF = 51, + EXCLAMATION = 52, + IPV4 = 53, + IPV6 = 54, + SLASH = 55, + NO = 56, + KEEP = 57, + MODULATE = 58, + SYNPROXY = 59, + STATE = 60, + OPENING_PAREN = 61, + CLOSING_PAREN = 62, + PORT = 63, + NOT_EQUAL = 64, + LESS_THAN = 65, + LESS_OR_EQUAL_THAN = 66, + GREATER_THAN = 67, + GREATER_OR_EQUAL_THAN = 68, + EXCEPT_RANGE = 69, + INSIDE_RANGE = 70, + COLON = 71, + EXIT = 72, + QUIT = 73, + INTRFACE = 74, + ICMP6 = 75, + IGRP = 76, + IPSEC = 77, + NOS = 78, + PCP = 79, + PIM = 80, + PPTP = 81, + RIP = 82, + SNP = 83, + HOST = 84, + RANGE = 85, + LOG_LEVEL_ALERTS = 86, + LOG_LEVEL_CRITICAL = 87, + LOG_LEVEL_DEBUGGING = 88, + LOG_LEVEL_EMERGENCIES = 89, + LOG_LEVEL_ERRORS = 90, + LOG_LEVEL_INFORMATIONAL = 91, + LOG_LEVEL_NOTIFICATIONS = 92, + LOG_LEVEL_WARNINGS = 93, + LOG_LEVEL_DISABLE = 94, + LOG_LEVEL_INACTIVE = 95, + TRANSLATE_TO = 96, + Whitespace = 97, + HEX_CONST = 98, + NUMBER = 99, + NEG_INT_CONST = 100, + DIGIT = 101, + HEXDIGIT = 102, + NUMBER_ADDRESS_OR_WORD = 103, + STRING = 104, + PIPE_CHAR = 105, + NUMBER_SIGN = 106, + PERCENT = 107, + AMPERSAND = 108, + APOSTROPHE = 109, + STAR = 110, + PLUS = 111, + MINUS = 112, + DOT = 113, + SEMICOLON = 114, + QUESTION = 115, + COMMERCIAL_AT = 116, + OPENING_SQUARE = 117, + CLOSING_SQUARE = 118, + CARET = 119, + UNDERLINE = 120, + TILDE = 121, + EXLAMATION = 122, NULL_TREE_LOOKAHEAD = 3 }; #ifdef __cplusplus diff --git a/src/parsers/PFCfgParserTokenTypes.txt b/src/parsers/PFCfgParserTokenTypes.txt index f4f9610bb..4f365b53f 100644 --- a/src/parsers/PFCfgParserTokenTypes.txt +++ b/src/parsers/PFCfgParserTokenTypes.txt @@ -2,85 +2,120 @@ PFCfgParser // output token vocab name NEWLINE=4 LINE_COMMENT=5 -COLON_COMMENT=6 -TIMEOUT="timeout"=7 -WORD=8 -PASS="pass"=9 -DROP="drop"=10 -IPV4=11 -IPV6=12 -EXIT="exit"=13 -QUIT="quit"=14 -NO="no"=15 -INTRFACE="interface"=16 -IP="ip"=17 -ICMP="icmp"=18 -ICMP6="icmp6"=19 -TCP="tcp"=20 -UDP="udp"=21 -AH="ah"=22 -EIGRP="eigrp"=23 -ESP="esp"=24 -GRE="gre"=25 -IGMP="igmp"=26 -IGRP="igrp"=27 -IPINIP="ipinip"=28 -IPSEC="ipsec"=29 -NOS="nos"=30 -OSPF="ospf"=31 -PCP="pcp"=32 -PIM="pim"=33 -PPTP="pptp"=34 -RIP="rip"=35 -SNP="snp"=36 -HOST="host"=37 -ANY="any"=38 -RANGE="range"=39 -LOG="log"=40 -LOG_LEVEL_ALERTS="alerts"=41 -LOG_LEVEL_CRITICAL="critical"=42 -LOG_LEVEL_DEBUGGING="debugging"=43 -LOG_LEVEL_EMERGENCIES="emergencies"=44 -LOG_LEVEL_ERRORS="errors"=45 -LOG_LEVEL_INFORMATIONAL="informational"=46 -LOG_LEVEL_NOTIFICATIONS="notifications"=47 -LOG_LEVEL_WARNINGS="warnings"=48 -LOG_LEVEL_DISABLE="disable"=49 -LOG_LEVEL_INACTIVE="inactive"=50 -Whitespace=51 -INT_CONST=52 -HEX_CONST=53 -NUMBER=54 -NEG_INT_CONST=55 -DIGIT=56 -HEXDIGIT=57 -NUMBER_ADDRESS_OR_WORD=58 -STRING=59 -PIPE_CHAR=60 -NUMBER_SIGN=61 -PERCENT=62 -AMPERSAND=63 -APOSTROPHE=64 -OPENING_PAREN=65 -CLOSING_PAREN=66 -STAR=67 -PLUS=68 -COMMA=69 -MINUS=70 -DOT=71 -SLASH=72 -COLON=73 -SEMICOLON=74 -LESS_THAN=75 -EQUALS=76 -GREATER_THAN=77 -QUESTION=78 -COMMERCIAL_AT=79 -OPENING_SQUARE=80 -CLOSING_SQUARE=81 -CARET=82 -UNDERLINE=83 -OPENING_BRACE=84 -CLOSING_BRACE=85 -TILDE=86 -EXLAMATION=87 +WORD=6 +EQUAL=7 +ALTQ="altq"=8 +QUEUE="queue"=9 +SET="set"=10 +SCRUB="scrub"=11 +NAT="nat"=12 +BINAT="binat"=13 +RDR="rdr"=14 +TIMEOUT="timeout"=15 +PASS="pass"=16 +BLOCK="block"=17 +IN="in"=18 +OUT="out"=19 +LOG="log"=20 +COMMA=21 +ALL=22 +USER=23 +TO="to"=24 +QUICK="quick"=25 +ON="on"=26 +INET="inet"=27 +INET6="inet6"=28 +PROTO="proto"=29 +IP="ip"=30 +ICMP="icmp"=31 +IGMP="igmp"=32 +TCP="tcp"=33 +UDP="udp"=34 +RDP="rdp"=35 +RSVP="rsvp"=36 +GRE="gre"=37 +ESP="esp"=38 +AH="ah"=39 +EIGRP="eigrp"=40 +OSPF="ospf"=41 +IPIP="ipip"=42 +VRRP="vrrp"=43 +L2TP="l2tp"=44 +ISIS="isis"=45 +INT_CONST=46 +OPENING_BRACE=47 +CLOSING_BRACE=48 +FROM="from"=49 +ANY="any"=50 +SELF=51 +EXCLAMATION=52 +IPV4=53 +IPV6=54 +SLASH=55 +NO="no"=56 +KEEP="keep"=57 +MODULATE="modulate"=58 +SYNPROXY="synproxy"=59 +STATE="state"=60 +OPENING_PAREN=61 +CLOSING_PAREN=62 +PORT="port"=63 +NOT_EQUAL="!="=64 +LESS_THAN=65 +LESS_OR_EQUAL_THAN="<="=66 +GREATER_THAN=67 +GREATER_OR_EQUAL_THAN=">="=68 +EXCEPT_RANGE="<>"=69 +INSIDE_RANGE="><"=70 +COLON=71 +EXIT="exit"=72 +QUIT="quit"=73 +INTRFACE="interface"=74 +ICMP6="icmp6"=75 +IGRP="igrp"=76 +IPSEC="ipsec"=77 +NOS="nos"=78 +PCP="pcp"=79 +PIM="pim"=80 +PPTP="pptp"=81 +RIP="rip"=82 +SNP="snp"=83 +HOST="host"=84 +RANGE="range"=85 +LOG_LEVEL_ALERTS="alerts"=86 +LOG_LEVEL_CRITICAL="critical"=87 +LOG_LEVEL_DEBUGGING="debugging"=88 +LOG_LEVEL_EMERGENCIES="emergencies"=89 +LOG_LEVEL_ERRORS="errors"=90 +LOG_LEVEL_INFORMATIONAL="informational"=91 +LOG_LEVEL_NOTIFICATIONS="notifications"=92 +LOG_LEVEL_WARNINGS="warnings"=93 +LOG_LEVEL_DISABLE="disable"=94 +LOG_LEVEL_INACTIVE="inactive"=95 +TRANSLATE_TO="->"=96 +Whitespace=97 +HEX_CONST=98 +NUMBER=99 +NEG_INT_CONST=100 +DIGIT=101 +HEXDIGIT=102 +NUMBER_ADDRESS_OR_WORD=103 +STRING=104 +PIPE_CHAR=105 +NUMBER_SIGN=106 +PERCENT=107 +AMPERSAND=108 +APOSTROPHE=109 +STAR=110 +PLUS=111 +MINUS=112 +DOT=113 +SEMICOLON=114 +QUESTION=115 +COMMERCIAL_AT=116 +OPENING_SQUARE=117 +CLOSING_SQUARE=118 +CARET=119 +UNDERLINE=120 +TILDE=121 +EXLAMATION=122 diff --git a/src/parsers/pf.g b/src/parsers/pf.g index 5d531275d..4cb55bd75 100644 --- a/src/parsers/pf.g +++ b/src/parsers/pf.g @@ -112,26 +112,131 @@ options cfgfile : ( comment + | + macro_definition + | + altq_command + | + queue_command + | + set_command + | + scrub_command + | + nat_command + | + rdr_command + | + binat_command | pass_command | - drop_command + block_command | timeout_command | unknown_command | NEWLINE - )+ + )* ; //**************************************************************** comment : LINE_COMMENT ; +//**************************************************************** +macro_definition : WORD EQUAL + { + importer->clear(); + importer->setCurrentLineNumber(LT(0)->getLine()); + consumeUntil(NEWLINE); + } + ; + +//**************************************************************** +altq_command : ALTQ + { + importer->clear(); + importer->setCurrentLineNumber(LT(0)->getLine()); + importer->addMessageToLog( + QString("Warning: import of 'altq' commands is not supported.")); + consumeUntil(NEWLINE); + } + ; + +//**************************************************************** +queue_command : QUEUE + { + importer->clear(); + importer->setCurrentLineNumber(LT(0)->getLine()); + importer->addMessageToLog( + QString("Warning: import of 'queue' commands is not supported.")); + consumeUntil(NEWLINE); + } + ; + +//**************************************************************** +set_command : SET + { + importer->clear(); + importer->setCurrentLineNumber(LT(0)->getLine()); + importer->addMessageToLog( + QString("Warning: import of 'set' commands has not been implemented yet.")); + consumeUntil(NEWLINE); + } + ; + +//**************************************************************** +scrub_command : SCRUB + { + importer->clear(); + importer->setCurrentLineNumber(LT(0)->getLine()); + importer->addMessageToLog( + QString("Warning: import of 'scrub' commands has not been implemented yet.")); + consumeUntil(NEWLINE); + } + ; + +//**************************************************************** +nat_command : NAT + { + importer->clear(); + importer->setCurrentLineNumber(LT(0)->getLine()); + importer->addMessageToLog( + QString("Warning: import of 'nat' commands has not been implemented yet.")); + consumeUntil(NEWLINE); + } + ; + +//**************************************************************** +binat_command : BINAT + { + importer->clear(); + importer->setCurrentLineNumber(LT(0)->getLine()); + importer->addMessageToLog( + QString("Warning: import of 'binat' commands is not supported.")); + consumeUntil(NEWLINE); + } + ; + +//**************************************************************** +rdr_command : RDR + { + importer->clear(); + importer->setCurrentLineNumber(LT(0)->getLine()); + importer->addMessageToLog( + QString("Warning: import of 'rdr' commands has not been implemented yet.")); + consumeUntil(NEWLINE); + } + ; //**************************************************************** timeout_command : TIMEOUT { + importer->clear(); + importer->setCurrentLineNumber(LT(0)->getLine()); + importer->addMessageToLog( + QString("Warning: import of 'timeout' commands has not been implemented yet.")); consumeUntil(NEWLINE); } ; @@ -140,6 +245,8 @@ timeout_command : TIMEOUT //**************************************************************** unknown_command : WORD { + importer->clear(); + importer->setCurrentLineNumber(LT(0)->getLine()); consumeUntil(NEWLINE); } ; @@ -149,6 +256,7 @@ unknown_command : WORD pass_command: PASS { + importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); importer->newPolicyRule(); importer->action = "pass"; @@ -156,44 +264,372 @@ pass_command: PASS } rule_extended NEWLINE { + importer->setInterfaceAndDirectionForRuleSet( + "", importer->iface, importer->direction); importer->pushRule(); } ; -drop_command: DROP +block_command: BLOCK { + importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); importer->newPolicyRule(); - importer->action = "drop"; - *dbg << LT(1)->getLine() << ":" << " drop "; + importer->action = "block"; + *dbg << LT(1)->getLine() << ":" << " block "; } rule_extended NEWLINE { + importer->setInterfaceAndDirectionForRuleSet( + "", importer->iface, importer->direction); importer->pushRule(); } ; -rule_extended: +rule_extended: + direction + (logging)? + (quick)? + (intrface)? + ( + (address_family)? + (protospec)? + hosts + filteropts + )? ; -single_addr : (h:IPV4 | v6:IPV6) +direction: (IN | OUT) { - importer->setCurrentLineNumber(LT(0)->getLine()); - if (h) - { - importer->tmp_a = h->getText(); - importer->tmp_nm = "255.255.255.255"; - *dbg << importer->tmp_a << " "; - } - if (v6) - { - importer->addMessageToLog( - QString("Warning: IPv6 import is not supported. ")); - consumeUntil(NEWLINE); - } + importer->direction = LT(0)->getText(); } ; +logging: LOG logopts + { + importer->logging = true; + } + ; + +logopts: + logopt + ( + COMMA + logopt + )* + ; + +logopt: ALL | USER | TO WORD + ; + +quick: QUICK + { + importer->quick = true; + } + ; + +intrface: ON WORD + { + importer->iface = LT(0)->getText(); + importer->newInterface(importer->iface); + } + ; + +address_family: INET | INET6 + { + importer->address_family = LT(0)->getText(); + } + ; + +protospec: PROTO + ( + proto_name + | + proto_number + | + proto_list + ) + ; + +proto_name: (IP | ICMP | IGMP | TCP | UDP | RDP | RSVP | GRE | ESP | AH | + EIGRP | OSPF | IPIP | VRRP | L2TP | ISIS ) + { + importer->proto_list.push_back(LT(0)->getText()); + } + ; + +proto_number: INT_CONST + { + importer->proto_list.push_back(LT(0)->getText()); + } + ; + +proto_list: + OPENING_BRACE + protospec + ( + COMMA + protospec + )* + CLOSING_BRACE + ; + +hosts: + ALL + | + ( + ( + FROM + ( src_hosts_part )? + ( src_port_part )? + )? + ( + TO + ( dst_hosts_part )? + ( dst_port_part )? + ) + ) + ; + +src_hosts_part: + ( + ANY + { + importer->tmp_group.push_back( + std::pair("0.0.0.0", "0.0.0.0")); + } + | + SELF + { + importer->tmp_group.push_back( + std::pair("self", "255.255.255.255")); + } + | + host + | + host_list + ) + { + importer->src_neg = importer->tmp_neg; + importer->src_group.splice(importer->src_group.begin(), + importer->tmp_group); + } + ; + +dst_hosts_part: + ( + ANY + { + importer->tmp_group.push_back( + std::pair("0.0.0.0", "0.0.0.0")); + } + | + SELF + { + importer->tmp_group.push_back( + std::pair("self", "255.255.255.255")); + } + | + host + | + host_list + ) + { + importer->dst_neg = importer->tmp_neg; + importer->dst_group.splice(importer->src_group.begin(), + importer->tmp_group); + } + + ; + +host : + ( + EXCLAMATION + { + importer->tmp_neg = true; + } + )? + ( + (h:IPV4 | v6:IPV6) (SLASH (nm:IPV4 | nm6:INT_CONST))? + { + if (v6) + { + importer->addMessageToLog( + QString("Warning: IPv6 import is not supported. ")); + consumeUntil(NEWLINE); + } else + { + std::string addr = "0.0.0.0"; + std::string netm = "255.255.255.255"; + if (h) addr = h->getText(); + if (nm) netm = nm->getText(); + importer->tmp_group.push_back( + std::pair(addr, netm)); + } + } + | + WORD + { + // This should be an interface name + importer->tmp_group.push_back( + std::pair( + LT(0)->getText(), "255.255.255.255")); + } + // Add table matching here + ) + ; + +host_list : + OPENING_BRACE + host + ( + COMMA + host + )* + CLOSING_BRACE + ; + +filteropts: + filteropt + ( + COMMA + filteropt + )* + ; + +filteropt: + (state)? + (queue)? + ; + +state: + ( + NO + | + KEEP + | + MODULATE + | + SYNPROXY + ) + { + importer->state_op = LT(0)->getText(); + } + STATE + ; + +queue: + QUEUE + ( + WORD { importer->queue += LT(0)->getText(); } + | + OPENING_PAREN { importer->queue += "("; } + WORD { importer->queue += LT(0)->getText(); } + ( + COMMA { importer->queue += ","; } + WORD { importer->queue += LT(0)->getText(); } + )* + CLOSING_PAREN { importer->queue += ")"; } + ) + ; + +//**************************************************************** + +src_port_part : + PORT ( unary_op | binary_op | op_list ) + { + importer->src_port_group.splice(importer->src_port_group.begin(), + importer->tmp_port_group); + } + ; + +dst_port_part : + PORT ( unary_op | binary_op | op_list ) + { + importer->dst_port_group.splice(importer->dst_port_group.begin(), + importer->tmp_port_group); + } + ; + +unary_op : + { + std::string op = "="; + } + ( + ( + EQUAL + | + NOT_EQUAL + | + LESS_THAN + | + LESS_OR_EQUAL_THAN + | + GREATER_THAN + | + GREATER_OR_EQUAL_THAN + ) + { + op = LT(0)->getText(); + } + )? + port_def + { + std::vector tuple; + tuple.push_back(op); + tuple.push_back(importer->tmp_port_def); + importer->tmp_port_group.push_back(tuple); + } + ; + +binary_op : + { + std::string op; + std::string arg1; + std::vector tuple; + } + port_def + { + arg1 = importer->tmp_port_def; + } + ( + EXCEPT_RANGE + | + INSIDE_RANGE + | + COLON + ) + { + op = LT(0)->getText(); + } + port_def + { + tuple.push_back(op); + tuple.push_back(arg1); + tuple.push_back(importer->tmp_port_def); + importer->tmp_port_group.push_back(tuple); + } + ; + +port_def : + ( WORD | INT_CONST ) + { + importer->tmp_port_def = LT(0)->getText(); + } + ; + +op_list : + OPENING_BRACE + ( unary_op | binary_op ) + ( + COMMA + ( unary_op | binary_op ) + )* + CLOSING_BRACE + ; + + + //**************************************************************** class PFCfgLexer extends Lexer; @@ -214,7 +650,21 @@ tokens INTRFACE = "interface"; PASS = "pass"; - DROP = "drop"; + BLOCK = "block"; + + QUICK = "quick"; + + IN = "in"; + OUT = "out"; + + ON = "on"; + PROTO = "proto"; + + FROM = "from"; + TO = "to"; + + INET = "inet"; + INET6 = "inet6"; // protocols @@ -230,7 +680,7 @@ tokens GRE = "gre"; IGMP = "igmp"; IGRP = "igrp"; - IPINIP = "ipinip"; + IPIP = "ipip"; IPSEC = "ipsec"; NOS = "nos"; OSPF = "ospf"; @@ -239,9 +689,15 @@ tokens PPTP = "pptp"; RIP = "rip"; SNP = "snp"; + RDP = "rdp"; + RSVP = "rsvp"; + VRRP = "vrrp"; + L2TP = "l2tp"; + ISIS = "isis"; HOST = "host"; ANY = "any"; + PORT = "port"; RANGE = "range"; @@ -259,6 +715,28 @@ tokens LOG_LEVEL_INACTIVE = "inactive"; TIMEOUT = "timeout"; + + ALTQ = "altq"; + SET = "set"; + SCRUB = "scrub"; + NAT = "nat"; + RDR = "rdr"; + BINAT = "binat"; + + QUEUE = "queue"; + + NOT_EQUAL = "!=" ; + LESS_OR_EQUAL_THAN = "<=" ; + GREATER_OR_EQUAL_THAN = ">=" ; + EXCEPT_RANGE = "<>"; + INSIDE_RANGE = "><"; + + TRANSLATE_TO = "->"; + + STATE = "state"; + KEEP = "keep"; + MODULATE = "modulate"; + SYNPROXY = "synproxy"; } LINE_COMMENT : "#" (~('\r' | '\n'))* NEWLINE ; @@ -308,15 +786,17 @@ NUMBER_ADDRESS_OR_WORD : | ( ( 'a'..'f' | '0'..'9' )+ COLON ) => ( - ( ( 'a'..'f' | '0'..'9' )+ - ( COLON ( 'a'..'f' | '0'..'9' )* )+ ) + ( + ( 'a'..'f' | '0'..'9' )+ + ( COLON ( 'a'..'f' | '0'..'9' )* )+ + ) { _ttype = IPV6; } ) | -// making sure ',' '(' ')' are not part of WORD - ( 'a'..'z' | 'A'..'Z' | '$' ) - ( '!'..'\'' | '*' | '+' | '-' | '.' | '/' | '0'..'9' | ':' | - ';' | '<' | '=' | '>' | +// making sure ',' '(' ')' '=' '<' '>' '-' '+' are not part of WORD +// do not start WORD with '$' since we expand macros in PFImporterRun using regex. + ( 'a'..'z' | 'A'..'Z' ) + ( '$' | '%' | '&' | '0'..'9' | ';' | '?' | '@' | 'A'..'Z' | '\\' | '^' | '_' | '`' | 'a'..'z' )* { _ttype = WORD; } ) @@ -330,8 +810,6 @@ NUMBER_SIGN : '#' ; PERCENT : '%' ; AMPERSAND : '&' ; APOSTROPHE : '\'' ; -OPENING_PAREN : '(' ; -CLOSING_PAREN : ')' ; STAR : '*' ; PLUS : '+' ; COMMA : ',' ; @@ -341,19 +819,26 @@ SLASH : '/' ; COLON : ':' ; SEMICOLON : ';' ; -LESS_THAN : '<' ; -EQUALS : '=' ; -GREATER_THAN : '>' ; +EQUAL : '=' ; + QUESTION : '?' ; COMMERCIAL_AT : '@' ; +OPENING_PAREN : '(' ; +CLOSING_PAREN : ')' ; + OPENING_SQUARE : '[' ; CLOSING_SQUARE : ']' ; -CARET : '^' ; -UNDERLINE : '_' ; OPENING_BRACE : '{' ; CLOSING_BRACE : '}' ; + +CARET : '^' ; +UNDERLINE : '_' ; + TILDE : '~' ; EXLAMATION : '!'; + +LESS_THAN : '<' ; +GREATER_THAN : '>' ; From db8ae42ad18aaa6b1d77c8aa0f89822e42a1209e Mon Sep 17 00:00:00 2001 From: Vadim Kurland Date: Mon, 23 May 2011 19:03:49 -0700 Subject: [PATCH 04/10] grammar matches port ranges; better grammar for ipv6 --- src/parsers/PFCfgLexer.cpp | 1450 +++++++++++++------------ src/parsers/PFCfgLexer.hpp | 14 +- src/parsers/PFCfgParser.cpp | 368 ++++--- src/parsers/PFCfgParser.hpp | 9 +- src/parsers/PFCfgParserTokenTypes.hpp | 236 ++-- src/parsers/PFCfgParserTokenTypes.txt | 236 ++-- src/parsers/pf.g | 111 +- 7 files changed, 1274 insertions(+), 1150 deletions(-) diff --git a/src/parsers/PFCfgLexer.cpp b/src/parsers/PFCfgLexer.cpp index 207084057..f059a6151 100644 --- a/src/parsers/PFCfgLexer.cpp +++ b/src/parsers/PFCfgLexer.cpp @@ -1,4 +1,4 @@ -/* $ANTLR 2.7.7 (20090306): "pf.g" -> "PFCfgLexer.cpp"$ */ +/* $ANTLR 2.7.7 (20100319): "pf.g" -> "PFCfgLexer.cpp"$ */ #line 42 "pf.g" // gets inserted before the antlr generated includes in the cpp @@ -44,79 +44,80 @@ PFCfgLexer::PFCfgLexer(const ANTLR_USE_NAMESPACE(antlr)LexerSharedInputState& st void PFCfgLexer::initLiterals() { - literals["vrrp"] = 43; - literals["critical"] = 87; - literals["ospf"] = 41; - literals["rdp"] = 35; - literals["disable"] = 94; - literals["scrub"] = 11; - literals["ipsec"] = 77; - literals["inet"] = 27; - literals["pcp"] = 79; - literals["emergencies"] = 89; - literals["debugging"] = 88; - literals["snp"] = 83; - literals["timeout"] = 15; - literals["to"] = 24; - literals["isis"] = 45; - literals["pptp"] = 81; - literals["pass"] = 16; - literals["no"] = 56; - literals["from"] = 49; - literals["igrp"] = 76; - literals["pim"] = 80; - literals["rsvp"] = 36; - literals["nos"] = 78; - literals["quit"] = 73; - literals["->"] = 96; - literals["exit"] = 72; - literals["modulate"] = 58; - literals["nat"] = 12; - literals["range"] = 85; - literals["out"] = 19; - literals["queue"] = 9; - literals["gre"] = 37; - literals["set"] = 10; - literals["warnings"] = 93; - literals["ah"] = 39; - literals["host"] = 84; - literals["interface"] = 74; - literals["rip"] = 82; - literals["icmp6"] = 75; - literals["notifications"] = 92; - literals["synproxy"] = 59; - literals["!="] = 64; - literals["altq"] = 8; - literals["any"] = 50; - literals["esp"] = 38; - literals["alerts"] = 86; - literals["inet6"] = 28; - literals["inactive"] = 95; - literals["udp"] = 34; - literals["<>"] = 69; - literals["port"] = 63; - literals["ip"] = 30; - literals[">="] = 68; - literals["eigrp"] = 40; - literals["<="] = 66; - literals["errors"] = 90; - literals["ipip"] = 42; - literals["binat"] = 13; - literals["igmp"] = 32; - literals["><"] = 70; - literals["on"] = 26; - literals["state"] = 60; - literals["proto"] = 29; - literals["log"] = 20; - literals["rdr"] = 14; - literals["informational"] = 91; - literals["in"] = 18; - literals["keep"] = 57; - literals["block"] = 17; - literals["l2tp"] = 44; - literals["quick"] = 25; - literals["icmp"] = 31; - literals["tcp"] = 33; + literals["vrrp"] = 44; + literals["critical"] = 89; + literals["ospf"] = 42; + literals["rdp"] = 36; + literals["disable"] = 96; + literals["scrub"] = 12; + literals["ipsec"] = 79; + literals["inet"] = 28; + literals["pcp"] = 81; + literals["emergencies"] = 91; + literals["debugging"] = 90; + literals["snp"] = 85; + literals["timeout"] = 16; + literals["to"] = 25; + literals["isis"] = 46; + literals["pptp"] = 83; + literals["pass"] = 17; + literals["no"] = 57; + literals["from"] = 50; + literals["igrp"] = 78; + literals["pim"] = 82; + literals["rsvp"] = 37; + literals["nos"] = 80; + literals["quit"] = 75; + literals["->"] = 98; + literals["exit"] = 74; + literals["modulate"] = 59; + literals["nat"] = 13; + literals["range"] = 87; + literals["out"] = 20; + literals["queue"] = 10; + literals["gre"] = 38; + literals["set"] = 11; + literals["warnings"] = 95; + literals["ah"] = 40; + literals["host"] = 86; + literals["interface"] = 76; + literals["rip"] = 84; + literals["icmp6"] = 77; + literals["notifications"] = 94; + literals["synproxy"] = 60; + literals["!="] = 65; + literals["altq"] = 9; + literals["any"] = 51; + literals["esp"] = 39; + literals["alerts"] = 88; + literals["inet6"] = 29; + literals["inactive"] = 97; + literals["udp"] = 35; + literals["<>"] = 70; + literals["port"] = 64; + literals["ip"] = 31; + literals[">="] = 69; + literals["eigrp"] = 41; + literals["<="] = 67; + literals["errors"] = 92; + literals["ipip"] = 43; + literals["antispoof"] = 8; + literals["binat"] = 14; + literals["igmp"] = 33; + literals["><"] = 71; + literals["on"] = 27; + literals["state"] = 61; + literals["proto"] = 30; + literals["log"] = 21; + literals["rdr"] = 15; + literals["informational"] = 93; + literals["in"] = 19; + literals["keep"] = 58; + literals["block"] = 18; + literals["l2tp"] = 45; + literals["quick"] = 26; + literals["icmp"] = 32; + literals["tcp"] = 34; } ANTLR_USE_NAMESPACE(antlr)RefToken PFCfgLexer::nextToken() @@ -145,6 +146,7 @@ ANTLR_USE_NAMESPACE(antlr)RefToken PFCfgLexer::nextToken() case 0x37 /* '7' */ : case 0x38 /* '8' */ : case 0x39 /* '9' */ : + case 0x3a /* ':' */ : case 0x41 /* 'A' */ : case 0x42 /* 'B' */ : case 0x43 /* 'C' */ : @@ -202,18 +204,6 @@ ANTLR_USE_NAMESPACE(antlr)RefToken PFCfgLexer::nextToken() theRetToken=_returnToken; break; } - case 0x2e /* '.' */ : - { - mDOT(true); - theRetToken=_returnToken; - break; - } - case 0x3a /* ':' */ : - { - mCOLON(true); - theRetToken=_returnToken; - break; - } case 0x22 /* '\"' */ : { mSTRING(true); @@ -268,6 +258,12 @@ ANTLR_USE_NAMESPACE(antlr)RefToken PFCfgLexer::nextToken() theRetToken=_returnToken; break; } + case 0x2e /* '.' */ : + { + mDOT(true); + theRetToken=_returnToken; + break; + } case 0x2f /* '/' */ : { mSLASH(true); @@ -414,7 +410,6 @@ tryAgain:; } void PFCfgLexer::mLINE_COMMENT(bool _createToken) { - Tracer traceInOut(this, "mLINE_COMMENT"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = LINE_COMMENT; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; @@ -428,11 +423,11 @@ void PFCfgLexer::mLINE_COMMENT(bool _createToken) { } } else { - goto _loop94; + goto _loop95; } } - _loop94:; + _loop95:; } // ( ... )* mNEWLINE(false); if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { @@ -444,7 +439,6 @@ void PFCfgLexer::mLINE_COMMENT(bool _createToken) { } void PFCfgLexer::mNEWLINE(bool _createToken) { - Tracer traceInOut(this, "mNEWLINE"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = NEWLINE; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; @@ -465,9 +459,9 @@ void PFCfgLexer::mNEWLINE(bool _createToken) { } if ( inputState->guessing==0 ) { -#line 750 "pf.g" +#line 765 "pf.g" newline(); -#line 471 "PFCfgLexer.cpp" +#line 465 "PFCfgLexer.cpp" } if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { _token = makeToken(_ttype); @@ -478,7 +472,6 @@ void PFCfgLexer::mNEWLINE(bool _createToken) { } void PFCfgLexer::mWhitespace(bool _createToken) { - Tracer traceInOut(this, "mWhitespace"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = Whitespace; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; @@ -547,9 +540,9 @@ void PFCfgLexer::mWhitespace(bool _createToken) { } } if ( inputState->guessing==0 ) { -#line 745 "pf.g" +#line 760 "pf.g" _ttype = ANTLR_USE_NAMESPACE(antlr)Token::SKIP; -#line 553 "PFCfgLexer.cpp" +#line 546 "PFCfgLexer.cpp" } if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { _token = makeToken(_ttype); @@ -560,7 +553,6 @@ void PFCfgLexer::mWhitespace(bool _createToken) { } void PFCfgLexer::mINT_CONST(bool _createToken) { - Tracer traceInOut(this, "mINT_CONST"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = INT_CONST; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; @@ -574,7 +566,6 @@ void PFCfgLexer::mINT_CONST(bool _createToken) { } void PFCfgLexer::mHEX_CONST(bool _createToken) { - Tracer traceInOut(this, "mHEX_CONST"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = HEX_CONST; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; @@ -588,7 +579,6 @@ void PFCfgLexer::mHEX_CONST(bool _createToken) { } void PFCfgLexer::mNUMBER(bool _createToken) { - Tracer traceInOut(this, "mNUMBER"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = NUMBER; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; @@ -602,7 +592,6 @@ void PFCfgLexer::mNUMBER(bool _createToken) { } void PFCfgLexer::mNEG_INT_CONST(bool _createToken) { - Tracer traceInOut(this, "mNEG_INT_CONST"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = NEG_INT_CONST; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; @@ -615,8 +604,35 @@ void PFCfgLexer::mNEG_INT_CONST(bool _createToken) { _saveIndex=0; } +void PFCfgLexer::mCOLON(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); + _ttype = COLON; + ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; + + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void PFCfgLexer::mHEX_DIGIT(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); + _ttype = HEX_DIGIT; + ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; + + matchRange('0','9'); + matchRange('a','f'); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + void PFCfgLexer::mDIGIT(bool _createToken) { - Tracer traceInOut(this, "mDIGIT"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = DIGIT; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; @@ -630,13 +646,74 @@ void PFCfgLexer::mDIGIT(bool _createToken) { _saveIndex=0; } -void PFCfgLexer::mHEXDIGIT(bool _createToken) { - Tracer traceInOut(this, "mHEXDIGIT"); +void PFCfgLexer::mNUM_3DIGIT(bool _createToken) { int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); - _ttype = HEXDIGIT; + _ttype = NUM_3DIGIT; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; - matchRange('a','f'); + { + matchRange('1','9'); + } + { + if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { + { + matchRange('0','9'); + } + { + if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { + matchRange('0','9'); + } + else { + } + + } + } + else { + } + + } + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + +void PFCfgLexer::mNUM_HEX_4DIGIT(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); + _ttype = NUM_HEX_4DIGIT; + ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; + + mHEX_DIGIT(false); + { + if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { + { + mHEX_DIGIT(false); + } + { + if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { + { + mHEX_DIGIT(false); + } + { + if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { + mHEX_DIGIT(false); + } + else { + } + + } + } + else { + } + + } + } + else { + } + + } if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { _token = makeToken(_ttype); _token->setText(text.substr(_begin, text.length()-_begin)); @@ -646,272 +723,53 @@ void PFCfgLexer::mHEXDIGIT(bool _createToken) { } void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { - Tracer traceInOut(this, "mNUMBER_ADDRESS_OR_WORD"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = NUMBER_ADDRESS_OR_WORD; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; - { - bool synPredMatched143 = false; - if (((_tokenSet_2.member(LA(1))) && (_tokenSet_3.member(LA(2))) && (true))) { - int _m143 = mark(); - synPredMatched143 = true; + bool synPredMatched120 = false; + if ((((LA(1) >= 0x31 /* '1' */ && LA(1) <= 0x39 /* '9' */ )) && (_tokenSet_2.member(LA(2))) && (_tokenSet_2.member(LA(3))))) { + int _m120 = mark(); + synPredMatched120 = true; inputState->guessing++; try { { - { // ( ... )+ - int _cnt142=0; - for (;;) { - switch ( LA(1)) { - case 0x61 /* 'a' */ : - case 0x62 /* 'b' */ : - case 0x63 /* 'c' */ : - case 0x64 /* 'd' */ : - case 0x65 /* 'e' */ : - case 0x66 /* 'f' */ : - { - matchRange('a','f'); - break; - } - case 0x30 /* '0' */ : - case 0x31 /* '1' */ : - case 0x32 /* '2' */ : - case 0x33 /* '3' */ : - case 0x34 /* '4' */ : - case 0x35 /* '5' */ : - case 0x36 /* '6' */ : - case 0x37 /* '7' */ : - case 0x38 /* '8' */ : - case 0x39 /* '9' */ : - { - matchRange('0','9'); - break; - } - default: - { - if ( _cnt142>=1 ) { goto _loop142; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} - } - } - _cnt142++; - } - _loop142:; - } // ( ... )+ - mCOLON(false); + mNUM_3DIGIT(false); + match('.' /* charlit */ ); + mNUM_3DIGIT(false); + match('.' /* charlit */ ); } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { - synPredMatched143 = false; + synPredMatched120 = false; } - rewind(_m143); + rewind(_m120); inputState->guessing--; } - if ( synPredMatched143 ) { + if ( synPredMatched120 ) { { - { - { // ( ... )+ - int _cnt147=0; - for (;;) { - switch ( LA(1)) { - case 0x61 /* 'a' */ : - case 0x62 /* 'b' */ : - case 0x63 /* 'c' */ : - case 0x64 /* 'd' */ : - case 0x65 /* 'e' */ : - case 0x66 /* 'f' */ : - { - matchRange('a','f'); - break; - } - case 0x30 /* '0' */ : - case 0x31 /* '1' */ : - case 0x32 /* '2' */ : - case 0x33 /* '3' */ : - case 0x34 /* '4' */ : - case 0x35 /* '5' */ : - case 0x36 /* '6' */ : - case 0x37 /* '7' */ : - case 0x38 /* '8' */ : - case 0x39 /* '9' */ : - { - matchRange('0','9'); - break; - } - default: - { - if ( _cnt147>=1 ) { goto _loop147; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} - } - } - _cnt147++; - } - _loop147:; - } // ( ... )+ - { // ( ... )+ - int _cnt151=0; - for (;;) { - if ((LA(1) == 0x3a /* ':' */ )) { - mCOLON(false); - { // ( ... )* - for (;;) { - switch ( LA(1)) { - case 0x61 /* 'a' */ : - case 0x62 /* 'b' */ : - case 0x63 /* 'c' */ : - case 0x64 /* 'd' */ : - case 0x65 /* 'e' */ : - case 0x66 /* 'f' */ : - { - matchRange('a','f'); - break; - } - case 0x30 /* '0' */ : - case 0x31 /* '1' */ : - case 0x32 /* '2' */ : - case 0x33 /* '3' */ : - case 0x34 /* '4' */ : - case 0x35 /* '5' */ : - case 0x36 /* '6' */ : - case 0x37 /* '7' */ : - case 0x38 /* '8' */ : - case 0x39 /* '9' */ : - { - matchRange('0','9'); - break; - } - default: - { - goto _loop150; - } - } - } - _loop150:; - } // ( ... )* - } - else { - if ( _cnt151>=1 ) { goto _loop151; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} - } - - _cnt151++; - } - _loop151:; - } // ( ... )+ + mNUM_3DIGIT(false); + match('.' /* charlit */ ); + mNUM_3DIGIT(false); + match('.' /* charlit */ ); + mNUM_3DIGIT(false); + match('.' /* charlit */ ); + mNUM_3DIGIT(false); } if ( inputState->guessing==0 ) { -#line 793 "pf.g" - _ttype = IPV6; -#line 802 "PFCfgLexer.cpp" - } +#line 802 "pf.g" + _ttype = IPV4; +#line 763 "PFCfgLexer.cpp" } } else { - bool synPredMatched108 = false; - if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (true) && (true))) { - int _m108 = mark(); - synPredMatched108 = true; + bool synPredMatched127 = false; + if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (_tokenSet_2.member(LA(2))) && (_tokenSet_2.member(LA(3))))) { + int _m127 = mark(); + synPredMatched127 = true; inputState->guessing++; try { { - mDIGIT(false); - } - } - catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { - synPredMatched108 = false; - } - rewind(_m108); - inputState->guessing--; - } - if ( synPredMatched108 ) { - { - bool synPredMatched117 = false; - if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (_tokenSet_4.member(LA(2))) && (_tokenSet_4.member(LA(3))))) { - int _m117 = mark(); - synPredMatched117 = true; - inputState->guessing++; - try { - { - { // ( ... )+ - int _cnt112=0; - for (;;) { - if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { - mDIGIT(false); - } - else { - if ( _cnt112>=1 ) { goto _loop112; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} - } - - _cnt112++; - } - _loop112:; - } // ( ... )+ - mDOT(false); - { // ( ... )+ - int _cnt114=0; - for (;;) { - if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { - mDIGIT(false); - } - else { - if ( _cnt114>=1 ) { goto _loop114; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} - } - - _cnt114++; - } - _loop114:; - } // ( ... )+ - mDOT(false); - { // ( ... )+ - int _cnt116=0; - for (;;) { - if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { - mDIGIT(false); - } - else { - if ( _cnt116>=1 ) { goto _loop116; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} - } - - _cnt116++; - } - _loop116:; - } // ( ... )+ - } - } - catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { - synPredMatched117 = false; - } - rewind(_m117); - inputState->guessing--; - } - if ( synPredMatched117 ) { - { - { // ( ... )+ - int _cnt120=0; - for (;;) { - if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { - mDIGIT(false); - } - else { - if ( _cnt120>=1 ) { goto _loop120; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} - } - - _cnt120++; - } - _loop120:; - } // ( ... )+ - mDOT(false); - { // ( ... )+ - int _cnt122=0; - for (;;) { - if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { - mDIGIT(false); - } - else { - if ( _cnt122>=1 ) { goto _loop122; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} - } - - _cnt122++; - } - _loop122:; - } // ( ... )+ - mDOT(false); { // ( ... )+ int _cnt124=0; for (;;) { @@ -926,7 +784,7 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { } _loop124:; } // ( ... )+ - mDOT(false); + match('.' /* charlit */ ); { // ( ... )+ int _cnt126=0; for (;;) { @@ -942,58 +800,58 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { _loop126:; } // ( ... )+ } - if ( inputState->guessing==0 ) { -#line 779 "pf.g" - _ttype = IPV4; -#line 949 "PFCfgLexer.cpp" - } } - else { - bool synPredMatched132 = false; - if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (_tokenSet_4.member(LA(2))) && (_tokenSet_4.member(LA(3))))) { - int _m132 = mark(); - synPredMatched132 = true; - inputState->guessing++; - try { - { - { // ( ... )+ - int _cnt129=0; - for (;;) { - if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { - mDIGIT(false); - } - else { - if ( _cnt129>=1 ) { goto _loop129; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} - } - - _cnt129++; - } - _loop129:; - } // ( ... )+ - mDOT(false); - { // ( ... )+ - int _cnt131=0; - for (;;) { - if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { - mDIGIT(false); - } - else { - if ( _cnt131>=1 ) { goto _loop131; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} - } - - _cnt131++; - } - _loop131:; - } // ( ... )+ - } - } - catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { - synPredMatched132 = false; - } - rewind(_m132); - inputState->guessing--; + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { + synPredMatched127 = false; + } + rewind(_m127); + inputState->guessing--; + } + if ( synPredMatched127 ) { + { + { // ( ... )+ + int _cnt130=0; + for (;;) { + if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { + mDIGIT(false); } - if ( synPredMatched132 ) { + else { + if ( _cnt130>=1 ) { goto _loop130; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + } + + _cnt130++; + } + _loop130:; + } // ( ... )+ + match('.' /* charlit */ ); + { // ( ... )+ + int _cnt132=0; + for (;;) { + if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { + mDIGIT(false); + } + else { + if ( _cnt132>=1 ) { goto _loop132; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + } + + _cnt132++; + } + _loop132:; + } // ( ... )+ + } + if ( inputState->guessing==0 ) { +#line 805 "pf.g" + _ttype = NUMBER; +#line 846 "PFCfgLexer.cpp" + } + } + else { + bool synPredMatched138 = false; + if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && ((LA(2) >= 0x30 /* '0' */ && LA(2) <= 0x3a /* ':' */ )) && ((LA(3) >= 0x30 /* '0' */ && LA(3) <= 0x3a /* ':' */ )))) { + int _m138 = mark(); + synPredMatched138 = true; + inputState->guessing++; + try { { { // ( ... )+ int _cnt135=0; @@ -1009,7 +867,7 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { } _loop135:; } // ( ... )+ - mDOT(false); + match(':' /* charlit */ ); { // ( ... )+ int _cnt137=0; for (;;) { @@ -1025,284 +883,477 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { _loop137:; } // ( ... )+ } - if ( inputState->guessing==0 ) { -#line 782 "pf.g" - _ttype = NUMBER; -#line 1032 "PFCfgLexer.cpp" - } } - else if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (true) && (true)) { - { // ( ... )+ - int _cnt139=0; + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { + synPredMatched138 = false; + } + rewind(_m138); + inputState->guessing--; + } + if ( synPredMatched138 ) { + { + { // ( ... )+ + int _cnt141=0; + for (;;) { + if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { + mDIGIT(false); + } + else { + if ( _cnt141>=1 ) { goto _loop141; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + } + + _cnt141++; + } + _loop141:; + } // ( ... )+ + match(':' /* charlit */ ); + { // ( ... )+ + int _cnt143=0; + for (;;) { + if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { + mDIGIT(false); + } + else { + if ( _cnt143>=1 ) { goto _loop143; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + } + + _cnt143++; + } + _loop143:; + } // ( ... )+ + } + if ( inputState->guessing==0 ) { +#line 808 "pf.g" + _ttype = PORT_RANGE; +#line 929 "PFCfgLexer.cpp" + } + } + else { + bool synPredMatched162 = false; + if (((LA(1) == 0x3a /* ':' */ ) && (LA(2) == 0x3a /* ':' */ ) && ((LA(3) >= 0x30 /* '0' */ && LA(3) <= 0x39 /* '9' */ )))) { + int _m162 = mark(); + synPredMatched162 = true; + inputState->guessing++; + try { + { + match(':' /* charlit */ ); + match(':' /* charlit */ ); + mNUM_HEX_4DIGIT(false); + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { + synPredMatched162 = false; + } + rewind(_m162); + inputState->guessing--; + } + if ( synPredMatched162 ) { + match(':' /* charlit */ ); + match(':' /* charlit */ ); + mNUM_HEX_4DIGIT(false); + { // ( ... )* for (;;) { - if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { - mDIGIT(false); + if ((LA(1) == 0x3a /* ':' */ )) { + match(':' /* charlit */ ); + mNUM_HEX_4DIGIT(false); } else { - if ( _cnt139>=1 ) { goto _loop139; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + goto _loop164; } - _cnt139++; } - _loop139:; - } // ( ... )+ + _loop164:; + } // ( ... )* if ( inputState->guessing==0 ) { -#line 784 "pf.g" - _ttype = INT_CONST; -#line 1053 "PFCfgLexer.cpp" +#line 828 "pf.g" + _ttype = IPV6; +#line 971 "PFCfgLexer.cpp" } } - else { - throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn()); - } - } - } - } - else if ((_tokenSet_5.member(LA(1))) && (true) && (true)) { - { - switch ( LA(1)) { - case 0x61 /* 'a' */ : - case 0x62 /* 'b' */ : - case 0x63 /* 'c' */ : - case 0x64 /* 'd' */ : - case 0x65 /* 'e' */ : - case 0x66 /* 'f' */ : - case 0x67 /* 'g' */ : - case 0x68 /* 'h' */ : - case 0x69 /* 'i' */ : - case 0x6a /* 'j' */ : - case 0x6b /* 'k' */ : - case 0x6c /* 'l' */ : - case 0x6d /* 'm' */ : - case 0x6e /* 'n' */ : - case 0x6f /* 'o' */ : - case 0x70 /* 'p' */ : - case 0x71 /* 'q' */ : - case 0x72 /* 'r' */ : - case 0x73 /* 's' */ : - case 0x74 /* 't' */ : - case 0x75 /* 'u' */ : - case 0x76 /* 'v' */ : - case 0x77 /* 'w' */ : - case 0x78 /* 'x' */ : - case 0x79 /* 'y' */ : - case 0x7a /* 'z' */ : - { - matchRange('a','z'); - break; - } - case 0x41 /* 'A' */ : - case 0x42 /* 'B' */ : - case 0x43 /* 'C' */ : - case 0x44 /* 'D' */ : - case 0x45 /* 'E' */ : - case 0x46 /* 'F' */ : - case 0x47 /* 'G' */ : - case 0x48 /* 'H' */ : - case 0x49 /* 'I' */ : - case 0x4a /* 'J' */ : - case 0x4b /* 'K' */ : - case 0x4c /* 'L' */ : - case 0x4d /* 'M' */ : - case 0x4e /* 'N' */ : - case 0x4f /* 'O' */ : - case 0x50 /* 'P' */ : - case 0x51 /* 'Q' */ : - case 0x52 /* 'R' */ : - case 0x53 /* 'S' */ : - case 0x54 /* 'T' */ : - case 0x55 /* 'U' */ : - case 0x56 /* 'V' */ : - case 0x57 /* 'W' */ : - case 0x58 /* 'X' */ : - case 0x59 /* 'Y' */ : - case 0x5a /* 'Z' */ : - { - matchRange('A','Z'); - break; - } - default: - { - throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn()); - } - } - } - { // ( ... )* - for (;;) { - switch ( LA(1)) { - case 0x24 /* '$' */ : - { - match('$' /* charlit */ ); - break; - } - case 0x25 /* '%' */ : - { - match('%' /* charlit */ ); - break; - } - case 0x26 /* '&' */ : - { - match('&' /* charlit */ ); - break; - } - case 0x30 /* '0' */ : - case 0x31 /* '1' */ : - case 0x32 /* '2' */ : - case 0x33 /* '3' */ : - case 0x34 /* '4' */ : - case 0x35 /* '5' */ : - case 0x36 /* '6' */ : - case 0x37 /* '7' */ : - case 0x38 /* '8' */ : - case 0x39 /* '9' */ : - { - matchRange('0','9'); - break; - } - case 0x3b /* ';' */ : - { - match(';' /* charlit */ ); - break; - } - case 0x3f /* '?' */ : - { - match('?' /* charlit */ ); - break; - } - case 0x40 /* '@' */ : - { - match('@' /* charlit */ ); - break; - } - case 0x41 /* 'A' */ : - case 0x42 /* 'B' */ : - case 0x43 /* 'C' */ : - case 0x44 /* 'D' */ : - case 0x45 /* 'E' */ : - case 0x46 /* 'F' */ : - case 0x47 /* 'G' */ : - case 0x48 /* 'H' */ : - case 0x49 /* 'I' */ : - case 0x4a /* 'J' */ : - case 0x4b /* 'K' */ : - case 0x4c /* 'L' */ : - case 0x4d /* 'M' */ : - case 0x4e /* 'N' */ : - case 0x4f /* 'O' */ : - case 0x50 /* 'P' */ : - case 0x51 /* 'Q' */ : - case 0x52 /* 'R' */ : - case 0x53 /* 'S' */ : - case 0x54 /* 'T' */ : - case 0x55 /* 'U' */ : - case 0x56 /* 'V' */ : - case 0x57 /* 'W' */ : - case 0x58 /* 'X' */ : - case 0x59 /* 'Y' */ : - case 0x5a /* 'Z' */ : - { - matchRange('A','Z'); - break; - } - case 0x5c /* '\\' */ : - { - match('\\' /* charlit */ ); - break; - } - case 0x5e /* '^' */ : - { - match('^' /* charlit */ ); - break; - } - case 0x5f /* '_' */ : - { - match('_' /* charlit */ ); - break; - } - case 0x60 /* '`' */ : - { - match('`' /* charlit */ ); - break; - } - case 0x61 /* 'a' */ : - case 0x62 /* 'b' */ : - case 0x63 /* 'c' */ : - case 0x64 /* 'd' */ : - case 0x65 /* 'e' */ : - case 0x66 /* 'f' */ : - case 0x67 /* 'g' */ : - case 0x68 /* 'h' */ : - case 0x69 /* 'i' */ : - case 0x6a /* 'j' */ : - case 0x6b /* 'k' */ : - case 0x6c /* 'l' */ : - case 0x6d /* 'm' */ : - case 0x6e /* 'n' */ : - case 0x6f /* 'o' */ : - case 0x70 /* 'p' */ : - case 0x71 /* 'q' */ : - case 0x72 /* 'r' */ : - case 0x73 /* 's' */ : - case 0x74 /* 't' */ : - case 0x75 /* 'u' */ : - case 0x76 /* 'v' */ : - case 0x77 /* 'w' */ : - case 0x78 /* 'x' */ : - case 0x79 /* 'y' */ : - case 0x7a /* 'z' */ : - { - matchRange('a','z'); - break; - } - default: - { - goto _loop154; - } - } - } - _loop154:; - } // ( ... )* - if ( inputState->guessing==0 ) { -#line 801 "pf.g" - _ttype = WORD; -#line 1269 "PFCfgLexer.cpp" - } - } + else { + bool synPredMatched147 = false; + if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && ((LA(2) >= 0x61 /* 'a' */ && LA(2) <= 0x66 /* 'f' */ )))) { + int _m147 = mark(); + synPredMatched147 = true; + inputState->guessing++; + try { + { + mNUM_HEX_4DIGIT(false); + match(':' /* charlit */ ); + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { + synPredMatched147 = false; + } + rewind(_m147); + inputState->guessing--; + } + if ( synPredMatched147 ) { + { + bool synPredMatched152 = false; + if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && ((LA(2) >= 0x61 /* 'a' */ && LA(2) <= 0x66 /* 'f' */ )) && ((LA(3) >= 0x30 /* '0' */ && LA(3) <= 0x3a /* ':' */ )))) { + int _m152 = mark(); + synPredMatched152 = true; + inputState->guessing++; + try { + { + { // ( ... )+ + int _cnt151=0; + for (;;) { + if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { + mNUM_HEX_4DIGIT(false); + match(':' /* charlit */ ); + } + else { + if ( _cnt151>=1 ) { goto _loop151; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + } + + _cnt151++; + } + _loop151:; + } // ( ... )+ + match(':' /* charlit */ ); + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { + synPredMatched152 = false; + } + rewind(_m152); + inputState->guessing--; + } + if ( synPredMatched152 ) { + { + { // ( ... )+ + int _cnt155=0; + for (;;) { + if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { + mNUM_HEX_4DIGIT(false); + match(':' /* charlit */ ); + } + else { + if ( _cnt155>=1 ) { goto _loop155; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + } + + _cnt155++; + } + _loop155:; + } // ( ... )+ + match(':' /* charlit */ ); + { + if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { + mNUM_HEX_4DIGIT(false); + { // ( ... )* + for (;;) { + if ((LA(1) == 0x3a /* ':' */ )) { + match(':' /* charlit */ ); + mNUM_HEX_4DIGIT(false); + } + else { + goto _loop158; + } + + } + _loop158:; + } // ( ... )* + } + else { + } + + } + } + if ( inputState->guessing==0 ) { +#line 819 "pf.g" + _ttype = IPV6; +#line 1068 "PFCfgLexer.cpp" + } + } + else if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && ((LA(2) >= 0x61 /* 'a' */ && LA(2) <= 0x66 /* 'f' */ )) && ((LA(3) >= 0x30 /* '0' */ && LA(3) <= 0x3a /* ':' */ ))) { + mNUM_HEX_4DIGIT(false); + { // ( ... )+ + int _cnt160=0; + for (;;) { + if ((LA(1) == 0x3a /* ':' */ )) { + match(':' /* charlit */ ); + mNUM_HEX_4DIGIT(false); + } + else { + if ( _cnt160>=1 ) { goto _loop160; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + } + + _cnt160++; + } + _loop160:; + } // ( ... )+ + if ( inputState->guessing==0 ) { +#line 822 "pf.g" + _ttype = IPV6; +#line 1091 "PFCfgLexer.cpp" + } + } + else { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn()); + } + + } + if ( inputState->guessing==0 ) { +#line 824 "pf.g" + _ttype = IPV6; +#line 1102 "PFCfgLexer.cpp" + } + } + else if ((LA(1) == 0x3a /* ':' */ ) && (LA(2) == 0x3a /* ':' */ ) && (true)) { + match(':' /* charlit */ ); + match(':' /* charlit */ ); + if ( inputState->guessing==0 ) { +#line 831 "pf.g" + _ttype = IPV6; +#line 1111 "PFCfgLexer.cpp" + } + } + else if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (true) && (true)) { + { // ( ... )+ + int _cnt145=0; + for (;;) { + if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { + mDIGIT(false); + } + else { + if ( _cnt145>=1 ) { goto _loop145; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + } + + _cnt145++; + } + _loop145:; + } // ( ... )+ + if ( inputState->guessing==0 ) { +#line 810 "pf.g" + _ttype = INT_CONST; +#line 1132 "PFCfgLexer.cpp" + } + } + else if ((LA(1) == 0x3a /* ':' */ ) && (true)) { + match(':' /* charlit */ ); + if ( inputState->guessing==0 ) { +#line 834 "pf.g" + _ttype = COLON; +#line 1140 "PFCfgLexer.cpp" + } + } + else if ((_tokenSet_3.member(LA(1)))) { + { + switch ( LA(1)) { + case 0x61 /* 'a' */ : + case 0x62 /* 'b' */ : + case 0x63 /* 'c' */ : + case 0x64 /* 'd' */ : + case 0x65 /* 'e' */ : + case 0x66 /* 'f' */ : + case 0x67 /* 'g' */ : + case 0x68 /* 'h' */ : + case 0x69 /* 'i' */ : + case 0x6a /* 'j' */ : + case 0x6b /* 'k' */ : + case 0x6c /* 'l' */ : + case 0x6d /* 'm' */ : + case 0x6e /* 'n' */ : + case 0x6f /* 'o' */ : + case 0x70 /* 'p' */ : + case 0x71 /* 'q' */ : + case 0x72 /* 'r' */ : + case 0x73 /* 's' */ : + case 0x74 /* 't' */ : + case 0x75 /* 'u' */ : + case 0x76 /* 'v' */ : + case 0x77 /* 'w' */ : + case 0x78 /* 'x' */ : + case 0x79 /* 'y' */ : + case 0x7a /* 'z' */ : + { + matchRange('a','z'); + break; + } + case 0x41 /* 'A' */ : + case 0x42 /* 'B' */ : + case 0x43 /* 'C' */ : + case 0x44 /* 'D' */ : + case 0x45 /* 'E' */ : + case 0x46 /* 'F' */ : + case 0x47 /* 'G' */ : + case 0x48 /* 'H' */ : + case 0x49 /* 'I' */ : + case 0x4a /* 'J' */ : + case 0x4b /* 'K' */ : + case 0x4c /* 'L' */ : + case 0x4d /* 'M' */ : + case 0x4e /* 'N' */ : + case 0x4f /* 'O' */ : + case 0x50 /* 'P' */ : + case 0x51 /* 'Q' */ : + case 0x52 /* 'R' */ : + case 0x53 /* 'S' */ : + case 0x54 /* 'T' */ : + case 0x55 /* 'U' */ : + case 0x56 /* 'V' */ : + case 0x57 /* 'W' */ : + case 0x58 /* 'X' */ : + case 0x59 /* 'Y' */ : + case 0x5a /* 'Z' */ : + { + matchRange('A','Z'); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn()); + } + } + } + { // ( ... )* + for (;;) { + switch ( LA(1)) { + case 0x24 /* '$' */ : + { + match('$' /* charlit */ ); + break; + } + case 0x25 /* '%' */ : + { + match('%' /* charlit */ ); + break; + } + case 0x26 /* '&' */ : + { + match('&' /* charlit */ ); + break; + } + case 0x30 /* '0' */ : + case 0x31 /* '1' */ : + case 0x32 /* '2' */ : + case 0x33 /* '3' */ : + case 0x34 /* '4' */ : + case 0x35 /* '5' */ : + case 0x36 /* '6' */ : + case 0x37 /* '7' */ : + case 0x38 /* '8' */ : + case 0x39 /* '9' */ : + { + matchRange('0','9'); + break; + } + case 0x3b /* ';' */ : + { + match(';' /* charlit */ ); + break; + } + case 0x3f /* '?' */ : + { + match('?' /* charlit */ ); + break; + } + case 0x40 /* '@' */ : + { + match('@' /* charlit */ ); + break; + } + case 0x41 /* 'A' */ : + case 0x42 /* 'B' */ : + case 0x43 /* 'C' */ : + case 0x44 /* 'D' */ : + case 0x45 /* 'E' */ : + case 0x46 /* 'F' */ : + case 0x47 /* 'G' */ : + case 0x48 /* 'H' */ : + case 0x49 /* 'I' */ : + case 0x4a /* 'J' */ : + case 0x4b /* 'K' */ : + case 0x4c /* 'L' */ : + case 0x4d /* 'M' */ : + case 0x4e /* 'N' */ : + case 0x4f /* 'O' */ : + case 0x50 /* 'P' */ : + case 0x51 /* 'Q' */ : + case 0x52 /* 'R' */ : + case 0x53 /* 'S' */ : + case 0x54 /* 'T' */ : + case 0x55 /* 'U' */ : + case 0x56 /* 'V' */ : + case 0x57 /* 'W' */ : + case 0x58 /* 'X' */ : + case 0x59 /* 'Y' */ : + case 0x5a /* 'Z' */ : + { + matchRange('A','Z'); + break; + } + case 0x5c /* '\\' */ : + { + match('\\' /* charlit */ ); + break; + } + case 0x5e /* '^' */ : + { + match('^' /* charlit */ ); + break; + } + case 0x5f /* '_' */ : + { + match('_' /* charlit */ ); + break; + } + case 0x60 /* '`' */ : + { + match('`' /* charlit */ ); + break; + } + case 0x61 /* 'a' */ : + case 0x62 /* 'b' */ : + case 0x63 /* 'c' */ : + case 0x64 /* 'd' */ : + case 0x65 /* 'e' */ : + case 0x66 /* 'f' */ : + case 0x67 /* 'g' */ : + case 0x68 /* 'h' */ : + case 0x69 /* 'i' */ : + case 0x6a /* 'j' */ : + case 0x6b /* 'k' */ : + case 0x6c /* 'l' */ : + case 0x6d /* 'm' */ : + case 0x6e /* 'n' */ : + case 0x6f /* 'o' */ : + case 0x70 /* 'p' */ : + case 0x71 /* 'q' */ : + case 0x72 /* 'r' */ : + case 0x73 /* 's' */ : + case 0x74 /* 't' */ : + case 0x75 /* 'u' */ : + case 0x76 /* 'v' */ : + case 0x77 /* 'w' */ : + case 0x78 /* 'x' */ : + case 0x79 /* 'y' */ : + case 0x7a /* 'z' */ : + { + matchRange('a','z'); + break; + } + default: + { + goto _loop167; + } + } + } + _loop167:; + } // ( ... )* + if ( inputState->guessing==0 ) { +#line 845 "pf.g" + _ttype = WORD; +#line 1350 "PFCfgLexer.cpp" + } + } else { throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn()); } - } - } - if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { - _token = makeToken(_ttype); - _token->setText(text.substr(_begin, text.length()-_begin)); - } - _returnToken = _token; - _saveIndex=0; -} - -void PFCfgLexer::mDOT(bool _createToken) { - Tracer traceInOut(this, "mDOT"); - int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); - _ttype = DOT; - ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; - - match('.' /* charlit */ ); - if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { - _token = makeToken(_ttype); - _token->setText(text.substr(_begin, text.length()-_begin)); - } - _returnToken = _token; - _saveIndex=0; -} - -void PFCfgLexer::mCOLON(bool _createToken) { - Tracer traceInOut(this, "mCOLON"); - int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); - _ttype = COLON; - ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; - - match(':' /* charlit */ ); + }}}} + _ttype = testLiteralsTable(_ttype); if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { _token = makeToken(_ttype); _token->setText(text.substr(_begin, text.length()-_begin)); @@ -1312,7 +1363,6 @@ void PFCfgLexer::mCOLON(bool _createToken) { } void PFCfgLexer::mSTRING(bool _createToken) { - Tracer traceInOut(this, "mSTRING"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = STRING; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; @@ -1320,15 +1370,15 @@ void PFCfgLexer::mSTRING(bool _createToken) { match('\"' /* charlit */ ); { // ( ... )* for (;;) { - if ((_tokenSet_6.member(LA(1)))) { + if ((_tokenSet_4.member(LA(1)))) { matchNot('\"' /* charlit */ ); } else { - goto _loop157; + goto _loop170; } } - _loop157:; + _loop170:; } // ( ... )* match('\"' /* charlit */ ); if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { @@ -1340,7 +1390,6 @@ void PFCfgLexer::mSTRING(bool _createToken) { } void PFCfgLexer::mPIPE_CHAR(bool _createToken) { - Tracer traceInOut(this, "mPIPE_CHAR"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = PIPE_CHAR; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; @@ -1355,7 +1404,6 @@ void PFCfgLexer::mPIPE_CHAR(bool _createToken) { } void PFCfgLexer::mNUMBER_SIGN(bool _createToken) { - Tracer traceInOut(this, "mNUMBER_SIGN"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = NUMBER_SIGN; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; @@ -1370,7 +1418,6 @@ void PFCfgLexer::mNUMBER_SIGN(bool _createToken) { } void PFCfgLexer::mPERCENT(bool _createToken) { - Tracer traceInOut(this, "mPERCENT"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = PERCENT; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; @@ -1385,7 +1432,6 @@ void PFCfgLexer::mPERCENT(bool _createToken) { } void PFCfgLexer::mAMPERSAND(bool _createToken) { - Tracer traceInOut(this, "mAMPERSAND"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = AMPERSAND; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; @@ -1400,7 +1446,6 @@ void PFCfgLexer::mAMPERSAND(bool _createToken) { } void PFCfgLexer::mAPOSTROPHE(bool _createToken) { - Tracer traceInOut(this, "mAPOSTROPHE"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = APOSTROPHE; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; @@ -1415,7 +1460,6 @@ void PFCfgLexer::mAPOSTROPHE(bool _createToken) { } void PFCfgLexer::mSTAR(bool _createToken) { - Tracer traceInOut(this, "mSTAR"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = STAR; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; @@ -1430,7 +1474,6 @@ void PFCfgLexer::mSTAR(bool _createToken) { } void PFCfgLexer::mPLUS(bool _createToken) { - Tracer traceInOut(this, "mPLUS"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = PLUS; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; @@ -1445,7 +1488,6 @@ void PFCfgLexer::mPLUS(bool _createToken) { } void PFCfgLexer::mCOMMA(bool _createToken) { - Tracer traceInOut(this, "mCOMMA"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = COMMA; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; @@ -1460,7 +1502,6 @@ void PFCfgLexer::mCOMMA(bool _createToken) { } void PFCfgLexer::mMINUS(bool _createToken) { - Tracer traceInOut(this, "mMINUS"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = MINUS; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; @@ -1474,8 +1515,21 @@ void PFCfgLexer::mMINUS(bool _createToken) { _saveIndex=0; } +void PFCfgLexer::mDOT(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); + _ttype = DOT; + ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; + + match('.' /* charlit */ ); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + void PFCfgLexer::mSLASH(bool _createToken) { - Tracer traceInOut(this, "mSLASH"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = SLASH; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; @@ -1490,7 +1544,6 @@ void PFCfgLexer::mSLASH(bool _createToken) { } void PFCfgLexer::mSEMICOLON(bool _createToken) { - Tracer traceInOut(this, "mSEMICOLON"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = SEMICOLON; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; @@ -1505,7 +1558,6 @@ void PFCfgLexer::mSEMICOLON(bool _createToken) { } void PFCfgLexer::mEQUAL(bool _createToken) { - Tracer traceInOut(this, "mEQUAL"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = EQUAL; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; @@ -1520,7 +1572,6 @@ void PFCfgLexer::mEQUAL(bool _createToken) { } void PFCfgLexer::mQUESTION(bool _createToken) { - Tracer traceInOut(this, "mQUESTION"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = QUESTION; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; @@ -1535,7 +1586,6 @@ void PFCfgLexer::mQUESTION(bool _createToken) { } void PFCfgLexer::mCOMMERCIAL_AT(bool _createToken) { - Tracer traceInOut(this, "mCOMMERCIAL_AT"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = COMMERCIAL_AT; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; @@ -1550,7 +1600,6 @@ void PFCfgLexer::mCOMMERCIAL_AT(bool _createToken) { } void PFCfgLexer::mOPENING_PAREN(bool _createToken) { - Tracer traceInOut(this, "mOPENING_PAREN"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = OPENING_PAREN; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; @@ -1565,7 +1614,6 @@ void PFCfgLexer::mOPENING_PAREN(bool _createToken) { } void PFCfgLexer::mCLOSING_PAREN(bool _createToken) { - Tracer traceInOut(this, "mCLOSING_PAREN"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = CLOSING_PAREN; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; @@ -1580,7 +1628,6 @@ void PFCfgLexer::mCLOSING_PAREN(bool _createToken) { } void PFCfgLexer::mOPENING_SQUARE(bool _createToken) { - Tracer traceInOut(this, "mOPENING_SQUARE"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = OPENING_SQUARE; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; @@ -1595,7 +1642,6 @@ void PFCfgLexer::mOPENING_SQUARE(bool _createToken) { } void PFCfgLexer::mCLOSING_SQUARE(bool _createToken) { - Tracer traceInOut(this, "mCLOSING_SQUARE"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = CLOSING_SQUARE; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; @@ -1610,7 +1656,6 @@ void PFCfgLexer::mCLOSING_SQUARE(bool _createToken) { } void PFCfgLexer::mOPENING_BRACE(bool _createToken) { - Tracer traceInOut(this, "mOPENING_BRACE"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = OPENING_BRACE; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; @@ -1625,7 +1670,6 @@ void PFCfgLexer::mOPENING_BRACE(bool _createToken) { } void PFCfgLexer::mCLOSING_BRACE(bool _createToken) { - Tracer traceInOut(this, "mCLOSING_BRACE"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = CLOSING_BRACE; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; @@ -1640,7 +1684,6 @@ void PFCfgLexer::mCLOSING_BRACE(bool _createToken) { } void PFCfgLexer::mCARET(bool _createToken) { - Tracer traceInOut(this, "mCARET"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = CARET; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; @@ -1655,7 +1698,6 @@ void PFCfgLexer::mCARET(bool _createToken) { } void PFCfgLexer::mUNDERLINE(bool _createToken) { - Tracer traceInOut(this, "mUNDERLINE"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = UNDERLINE; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; @@ -1670,7 +1712,6 @@ void PFCfgLexer::mUNDERLINE(bool _createToken) { } void PFCfgLexer::mTILDE(bool _createToken) { - Tracer traceInOut(this, "mTILDE"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = TILDE; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; @@ -1685,7 +1726,6 @@ void PFCfgLexer::mTILDE(bool _createToken) { } void PFCfgLexer::mEXLAMATION(bool _createToken) { - Tracer traceInOut(this, "mEXLAMATION"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = EXLAMATION; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; @@ -1700,7 +1740,6 @@ void PFCfgLexer::mEXLAMATION(bool _createToken) { } void PFCfgLexer::mLESS_THAN(bool _createToken) { - Tracer traceInOut(this, "mLESS_THAN"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = LESS_THAN; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; @@ -1715,7 +1754,6 @@ void PFCfgLexer::mLESS_THAN(bool _createToken) { } void PFCfgLexer::mGREATER_THAN(bool _createToken) { - Tracer traceInOut(this, "mGREATER_THAN"); int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); _ttype = GREATER_THAN; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; @@ -1739,26 +1777,20 @@ const unsigned long PFCfgLexer::_tokenSet_1_data_[] = { 4294958072UL, 4294967295 // 0x15 0x16 0x17 0x18 0x19 0x1a 0x1b 0x1c 0x1d 0x1e 0x1f ! \" # $ % // & \' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ? @ A B C D E F G // H I J K L M N O P Q R S T U V W X Y Z [ 0x5c ] ^ _ ` a b c d e f g h -// i j k l m n o p q r s t u v w x y z +// i j k l m n o p q r s t u v w x y z { | } ~ const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgLexer::_tokenSet_1(_tokenSet_1_data_,16); -const unsigned long PFCfgLexer::_tokenSet_2_data_[] = { 0UL, 67043328UL, 0UL, 126UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// 0 1 2 3 4 5 6 7 8 9 a b c d e f -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgLexer::_tokenSet_2(_tokenSet_2_data_,10); -const unsigned long PFCfgLexer::_tokenSet_3_data_[] = { 0UL, 134152192UL, 0UL, 126UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// 0 1 2 3 4 5 6 7 8 9 : a b c d e f -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgLexer::_tokenSet_3(_tokenSet_3_data_,10); -const unsigned long PFCfgLexer::_tokenSet_4_data_[] = { 0UL, 67059712UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +const unsigned long PFCfgLexer::_tokenSet_2_data_[] = { 0UL, 67059712UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // . 0 1 2 3 4 5 6 7 8 9 -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgLexer::_tokenSet_4(_tokenSet_4_data_,10); -const unsigned long PFCfgLexer::_tokenSet_5_data_[] = { 0UL, 0UL, 134217726UL, 134217726UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgLexer::_tokenSet_2(_tokenSet_2_data_,10); +const unsigned long PFCfgLexer::_tokenSet_3_data_[] = { 0UL, 0UL, 134217726UL, 134217726UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // A B C D E F G H I J K L M N O P Q R S T U V W X Y Z a b c d e f g h // i j k l m n o p q r s t u v w x y z -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgLexer::_tokenSet_5(_tokenSet_5_data_,10); -const unsigned long PFCfgLexer::_tokenSet_6_data_[] = { 4294967288UL, 4294967291UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgLexer::_tokenSet_3(_tokenSet_3_data_,10); +const unsigned long PFCfgLexer::_tokenSet_4_data_[] = { 4294967288UL, 4294967291UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // 0x3 0x4 0x5 0x6 0x7 0x8 0x9 0xa 0xb 0xc 0xd 0xe 0xf 0x10 0x11 0x12 0x13 // 0x14 0x15 0x16 0x17 0x18 0x19 0x1a 0x1b 0x1c 0x1d 0x1e 0x1f ! # $ // % & \' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ? @ A B C D E F // G H I J K L M N O P Q R S T U V W X Y Z [ 0x5c ] ^ _ ` a b c d e f g -// h i j k l m n o p q r s t u v w x y z -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgLexer::_tokenSet_6(_tokenSet_6_data_,16); +// h i j k l m n o p q r s t u v w x y z { | } ~ +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgLexer::_tokenSet_4(_tokenSet_4_data_,16); diff --git a/src/parsers/PFCfgLexer.hpp b/src/parsers/PFCfgLexer.hpp index 54056e54c..ecc5fb57e 100644 --- a/src/parsers/PFCfgLexer.hpp +++ b/src/parsers/PFCfgLexer.hpp @@ -9,7 +9,7 @@ #line 11 "PFCfgLexer.hpp" #include -/* $ANTLR 2.7.7 (20090306): "pf.g" -> "PFCfgLexer.hpp"$ */ +/* $ANTLR 2.7.7 (20100319): "pf.g" -> "PFCfgLexer.hpp"$ */ #include #include #include @@ -54,11 +54,12 @@ public: protected: void mHEX_CONST(bool _createToken); protected: void mNUMBER(bool _createToken); protected: void mNEG_INT_CONST(bool _createToken); + protected: void mCOLON(bool _createToken); + protected: void mHEX_DIGIT(bool _createToken); protected: void mDIGIT(bool _createToken); - protected: void mHEXDIGIT(bool _createToken); + protected: void mNUM_3DIGIT(bool _createToken); + protected: void mNUM_HEX_4DIGIT(bool _createToken); public: void mNUMBER_ADDRESS_OR_WORD(bool _createToken); - public: void mDOT(bool _createToken); - public: void mCOLON(bool _createToken); public: void mSTRING(bool _createToken); public: void mPIPE_CHAR(bool _createToken); public: void mNUMBER_SIGN(bool _createToken); @@ -69,6 +70,7 @@ public: public: void mPLUS(bool _createToken); public: void mCOMMA(bool _createToken); public: void mMINUS(bool _createToken); + public: void mDOT(bool _createToken); public: void mSLASH(bool _createToken); public: void mSEMICOLON(bool _createToken); public: void mEQUAL(bool _createToken); @@ -98,10 +100,6 @@ private: static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_3; static const unsigned long _tokenSet_4_data_[]; static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_4; - static const unsigned long _tokenSet_5_data_[]; - static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_5; - static const unsigned long _tokenSet_6_data_[]; - static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_6; }; #endif /*INC_PFCfgLexer_hpp_*/ diff --git a/src/parsers/PFCfgParser.cpp b/src/parsers/PFCfgParser.cpp index 8bef6bb53..9d887fd92 100644 --- a/src/parsers/PFCfgParser.cpp +++ b/src/parsers/PFCfgParser.cpp @@ -1,4 +1,4 @@ -/* $ANTLR 2.7.7 (20090306): "pf.g" -> "PFCfgParser.cpp"$ */ +/* $ANTLR 2.7.7 (20100319): "pf.g" -> "PFCfgParser.cpp"$ */ #line 42 "pf.g" // gets inserted before the antlr generated includes in the cpp @@ -61,6 +61,11 @@ void PFCfgParser::cfgfile() { altq_command(); break; } + case ANTISPOOF: + { + antispoof_command(); + break; + } case QUEUE: { queue_command(); @@ -150,13 +155,13 @@ void PFCfgParser::macro_definition() { try { // for error handling match(WORD); match(EQUAL); -#line 149 "pf.g" +#line 151 "pf.g" importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); consumeUntil(NEWLINE); -#line 160 "PFCfgParser.cpp" +#line 165 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -169,7 +174,7 @@ void PFCfgParser::altq_command() { try { // for error handling match(ALTQ); -#line 158 "pf.g" +#line 171 "pf.g" importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); @@ -177,7 +182,28 @@ void PFCfgParser::altq_command() { QString("Warning: import of 'altq' commands is not supported.")); consumeUntil(NEWLINE); -#line 181 "PFCfgParser.cpp" +#line 186 "PFCfgParser.cpp" + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_0); + } +} + +void PFCfgParser::antispoof_command() { + Tracer traceInOut(this, "antispoof_command"); + + try { // for error handling + match(ANTISPOOF); +#line 160 "pf.g" + + importer->clear(); + importer->setCurrentLineNumber(LT(0)->getLine()); + importer->addMessageToLog( + QString("Warning: import of 'antispoof' commands has not been implemented yet.")); + consumeUntil(NEWLINE); + +#line 207 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -190,7 +216,7 @@ void PFCfgParser::queue_command() { try { // for error handling match(QUEUE); -#line 169 "pf.g" +#line 182 "pf.g" importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); @@ -198,7 +224,7 @@ void PFCfgParser::queue_command() { QString("Warning: import of 'queue' commands is not supported.")); consumeUntil(NEWLINE); -#line 202 "PFCfgParser.cpp" +#line 228 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -211,7 +237,7 @@ void PFCfgParser::set_command() { try { // for error handling match(SET); -#line 180 "pf.g" +#line 193 "pf.g" importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); @@ -219,7 +245,7 @@ void PFCfgParser::set_command() { QString("Warning: import of 'set' commands has not been implemented yet.")); consumeUntil(NEWLINE); -#line 223 "PFCfgParser.cpp" +#line 249 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -232,7 +258,7 @@ void PFCfgParser::scrub_command() { try { // for error handling match(SCRUB); -#line 191 "pf.g" +#line 204 "pf.g" importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); @@ -240,7 +266,7 @@ void PFCfgParser::scrub_command() { QString("Warning: import of 'scrub' commands has not been implemented yet.")); consumeUntil(NEWLINE); -#line 244 "PFCfgParser.cpp" +#line 270 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -253,7 +279,7 @@ void PFCfgParser::nat_command() { try { // for error handling match(NAT); -#line 202 "pf.g" +#line 215 "pf.g" importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); @@ -261,7 +287,7 @@ void PFCfgParser::nat_command() { QString("Warning: import of 'nat' commands has not been implemented yet.")); consumeUntil(NEWLINE); -#line 265 "PFCfgParser.cpp" +#line 291 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -274,7 +300,7 @@ void PFCfgParser::rdr_command() { try { // for error handling match(RDR); -#line 224 "pf.g" +#line 237 "pf.g" importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); @@ -282,7 +308,7 @@ void PFCfgParser::rdr_command() { QString("Warning: import of 'rdr' commands has not been implemented yet.")); consumeUntil(NEWLINE); -#line 286 "PFCfgParser.cpp" +#line 312 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -295,7 +321,7 @@ void PFCfgParser::binat_command() { try { // for error handling match(BINAT); -#line 213 "pf.g" +#line 226 "pf.g" importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); @@ -303,7 +329,7 @@ void PFCfgParser::binat_command() { QString("Warning: import of 'binat' commands is not supported.")); consumeUntil(NEWLINE); -#line 307 "PFCfgParser.cpp" +#line 333 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -316,7 +342,7 @@ void PFCfgParser::pass_command() { try { // for error handling match(PASS); -#line 258 "pf.g" +#line 271 "pf.g" importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); @@ -324,16 +350,16 @@ void PFCfgParser::pass_command() { importer->action = "pass"; *dbg << LT(1)->getLine() << ":" << " pass "; -#line 328 "PFCfgParser.cpp" +#line 354 "PFCfgParser.cpp" rule_extended(); match(NEWLINE); -#line 266 "pf.g" +#line 279 "pf.g" importer->setInterfaceAndDirectionForRuleSet( "", importer->iface, importer->direction); importer->pushRule(); -#line 337 "PFCfgParser.cpp" +#line 363 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -346,7 +372,7 @@ void PFCfgParser::block_command() { try { // for error handling match(BLOCK); -#line 274 "pf.g" +#line 287 "pf.g" importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); @@ -354,16 +380,16 @@ void PFCfgParser::block_command() { importer->action = "block"; *dbg << LT(1)->getLine() << ":" << " block "; -#line 358 "PFCfgParser.cpp" +#line 384 "PFCfgParser.cpp" rule_extended(); match(NEWLINE); -#line 282 "pf.g" +#line 295 "pf.g" importer->setInterfaceAndDirectionForRuleSet( "", importer->iface, importer->direction); importer->pushRule(); -#line 367 "PFCfgParser.cpp" +#line 393 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -376,7 +402,7 @@ void PFCfgParser::timeout_command() { try { // for error handling match(TIMEOUT); -#line 235 "pf.g" +#line 248 "pf.g" importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); @@ -384,7 +410,7 @@ void PFCfgParser::timeout_command() { QString("Warning: import of 'timeout' commands has not been implemented yet.")); consumeUntil(NEWLINE); -#line 388 "PFCfgParser.cpp" +#line 414 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -397,13 +423,13 @@ void PFCfgParser::unknown_command() { try { // for error handling match(WORD); -#line 247 "pf.g" +#line 260 "pf.g" importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); consumeUntil(NEWLINE); -#line 407 "PFCfgParser.cpp" +#line 433 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -580,11 +606,11 @@ void PFCfgParser::direction() { } } } -#line 303 "pf.g" +#line 316 "pf.g" importer->direction = LT(0)->getText(); -#line 588 "PFCfgParser.cpp" +#line 614 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -598,11 +624,11 @@ void PFCfgParser::logging() { try { // for error handling match(LOG); logopts(); -#line 309 "pf.g" +#line 322 "pf.g" importer->logging = true; -#line 606 "PFCfgParser.cpp" +#line 632 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -615,11 +641,11 @@ void PFCfgParser::quick() { try { // for error handling match(QUICK); -#line 326 "pf.g" +#line 339 "pf.g" importer->quick = true; -#line 623 "PFCfgParser.cpp" +#line 649 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -633,12 +659,12 @@ void PFCfgParser::intrface() { try { // for error handling match(ON); match(WORD); -#line 332 "pf.g" +#line 345 "pf.g" importer->iface = LT(0)->getText(); importer->newInterface(importer->iface); -#line 642 "PFCfgParser.cpp" +#line 668 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -659,11 +685,11 @@ void PFCfgParser::address_family() { case INET6: { match(INET6); -#line 339 "pf.g" +#line 352 "pf.g" importer->address_family = LT(0)->getText(); -#line 667 "PFCfgParser.cpp" +#line 693 "PFCfgParser.cpp" break; } default: @@ -883,11 +909,11 @@ void PFCfgParser::filteropts() { filteropt(); } else { - goto _loop65; + goto _loop66; } } - _loop65:; + _loop66:; } // ( ... )* } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -908,11 +934,11 @@ void PFCfgParser::logopts() { logopt(); } else { - goto _loop29; + goto _loop30; } } - _loop29:; + _loop30:; } // ( ... )* } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1046,11 +1072,11 @@ void PFCfgParser::proto_name() { } } } -#line 356 "pf.g" +#line 369 "pf.g" importer->proto_list.push_back(LT(0)->getText()); -#line 1054 "PFCfgParser.cpp" +#line 1080 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -1063,11 +1089,11 @@ void PFCfgParser::proto_number() { try { // for error handling match(INT_CONST); -#line 362 "pf.g" +#line 375 "pf.g" importer->proto_list.push_back(LT(0)->getText()); -#line 1071 "PFCfgParser.cpp" +#line 1097 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -1088,11 +1114,11 @@ void PFCfgParser::proto_list() { protospec(); } else { - goto _loop41; + goto _loop42; } } - _loop41:; + _loop42:; } // ( ... )* match(CLOSING_BRACE); } @@ -1111,23 +1137,23 @@ void PFCfgParser::src_hosts_part() { case ANY: { match(ANY); -#line 397 "pf.g" +#line 410 "pf.g" importer->tmp_group.push_back( std::pair("0.0.0.0", "0.0.0.0")); -#line 1120 "PFCfgParser.cpp" +#line 1146 "PFCfgParser.cpp" break; } case SELF: { match(SELF); -#line 403 "pf.g" +#line 416 "pf.g" importer->tmp_group.push_back( std::pair("self", "255.255.255.255")); -#line 1131 "PFCfgParser.cpp" +#line 1157 "PFCfgParser.cpp" break; } case WORD: @@ -1149,13 +1175,13 @@ void PFCfgParser::src_hosts_part() { } } } -#line 412 "pf.g" +#line 425 "pf.g" importer->src_neg = importer->tmp_neg; importer->src_group.splice(importer->src_group.begin(), importer->tmp_group); -#line 1159 "PFCfgParser.cpp" +#line 1185 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -1169,10 +1195,10 @@ void PFCfgParser::src_port_part() { try { // for error handling match(PORT); { - if ((_tokenSet_12.member(LA(1))) && (LA(2) == WORD || LA(2) == TO || LA(2) == INT_CONST)) { + if ((_tokenSet_12.member(LA(1))) && (_tokenSet_13.member(LA(2)))) { unary_op(); } - else if ((LA(1) == WORD || LA(1) == INT_CONST) && ((LA(2) >= EXCEPT_RANGE && LA(2) <= COLON))) { + else if ((LA(1) == WORD || LA(1) == INT_CONST || LA(1) == PORT_RANGE) && ((LA(2) >= EXCEPT_RANGE && LA(2) <= COLON))) { binary_op(); } else if ((LA(1) == OPENING_BRACE)) { @@ -1183,16 +1209,16 @@ void PFCfgParser::src_port_part() { } } -#line 540 "pf.g" +#line 553 "pf.g" importer->src_port_group.splice(importer->src_port_group.begin(), importer->tmp_port_group); -#line 1192 "PFCfgParser.cpp" +#line 1218 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_13); + recover(ex,_tokenSet_14); } } @@ -1205,23 +1231,23 @@ void PFCfgParser::dst_hosts_part() { case ANY: { match(ANY); -#line 422 "pf.g" +#line 435 "pf.g" importer->tmp_group.push_back( std::pair("0.0.0.0", "0.0.0.0")); -#line 1214 "PFCfgParser.cpp" +#line 1240 "PFCfgParser.cpp" break; } case SELF: { match(SELF); -#line 428 "pf.g" +#line 441 "pf.g" importer->tmp_group.push_back( std::pair("self", "255.255.255.255")); -#line 1225 "PFCfgParser.cpp" +#line 1251 "PFCfgParser.cpp" break; } case WORD: @@ -1243,17 +1269,17 @@ void PFCfgParser::dst_hosts_part() { } } } -#line 437 "pf.g" +#line 450 "pf.g" importer->dst_neg = importer->tmp_neg; importer->dst_group.splice(importer->src_group.begin(), importer->tmp_group); -#line 1253 "PFCfgParser.cpp" +#line 1279 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_14); + recover(ex,_tokenSet_15); } } @@ -1263,10 +1289,10 @@ void PFCfgParser::dst_port_part() { try { // for error handling match(PORT); { - if ((_tokenSet_12.member(LA(1))) && (_tokenSet_15.member(LA(2)))) { + if ((_tokenSet_12.member(LA(1))) && (_tokenSet_16.member(LA(2)))) { unary_op(); } - else if ((LA(1) == WORD || LA(1) == INT_CONST) && ((LA(2) >= EXCEPT_RANGE && LA(2) <= COLON))) { + else if ((LA(1) == WORD || LA(1) == INT_CONST || LA(1) == PORT_RANGE) && ((LA(2) >= EXCEPT_RANGE && LA(2) <= COLON))) { binary_op(); } else if ((LA(1) == OPENING_BRACE)) { @@ -1277,12 +1303,12 @@ void PFCfgParser::dst_port_part() { } } -#line 548 "pf.g" +#line 561 "pf.g" importer->dst_port_group.splice(importer->dst_port_group.begin(), importer->tmp_port_group); -#line 1286 "PFCfgParser.cpp" +#line 1312 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -1303,11 +1329,11 @@ void PFCfgParser::host() { case EXCLAMATION: { match(EXCLAMATION); -#line 448 "pf.g" +#line 461 "pf.g" importer->tmp_neg = true; -#line 1311 "PFCfgParser.cpp" +#line 1337 "PFCfgParser.cpp" break; } case WORD: @@ -1393,7 +1419,7 @@ void PFCfgParser::host() { } } } -#line 454 "pf.g" +#line 467 "pf.g" if (v6) { @@ -1410,20 +1436,20 @@ void PFCfgParser::host() { std::pair(addr, netm)); } -#line 1414 "PFCfgParser.cpp" +#line 1440 "PFCfgParser.cpp" break; } case WORD: { match(WORD); -#line 472 "pf.g" +#line 485 "pf.g" // This should be an interface name importer->tmp_group.push_back( std::pair( LT(0)->getText(), "255.255.255.255")); -#line 1427 "PFCfgParser.cpp" +#line 1453 "PFCfgParser.cpp" break; } default: @@ -1435,7 +1461,7 @@ void PFCfgParser::host() { } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_16); + recover(ex,_tokenSet_17); } } @@ -1452,17 +1478,17 @@ void PFCfgParser::host_list() { host(); } else { - goto _loop62; + goto _loop63; } } - _loop62:; + _loop63:; } // ( ... )* match(CLOSING_BRACE); } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_17); + recover(ex,_tokenSet_18); } } @@ -1513,7 +1539,7 @@ void PFCfgParser::filteropt() { } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_18); + recover(ex,_tokenSet_19); } } @@ -1549,16 +1575,16 @@ void PFCfgParser::state() { } } } -#line 515 "pf.g" +#line 528 "pf.g" importer->state_op = LT(0)->getText(); -#line 1557 "PFCfgParser.cpp" +#line 1583 "PFCfgParser.cpp" match(STATE); } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_19); + recover(ex,_tokenSet_20); } } @@ -1572,44 +1598,44 @@ void PFCfgParser::queue() { case WORD: { match(WORD); -#line 524 "pf.g" +#line 537 "pf.g" importer->queue += LT(0)->getText(); -#line 1578 "PFCfgParser.cpp" +#line 1604 "PFCfgParser.cpp" break; } case OPENING_PAREN: { match(OPENING_PAREN); -#line 526 "pf.g" +#line 539 "pf.g" importer->queue += "("; -#line 1586 "PFCfgParser.cpp" +#line 1612 "PFCfgParser.cpp" match(WORD); -#line 527 "pf.g" +#line 540 "pf.g" importer->queue += LT(0)->getText(); -#line 1590 "PFCfgParser.cpp" +#line 1616 "PFCfgParser.cpp" { // ( ... )* for (;;) { if ((LA(1) == COMMA)) { match(COMMA); -#line 529 "pf.g" +#line 542 "pf.g" importer->queue += ","; -#line 1597 "PFCfgParser.cpp" +#line 1623 "PFCfgParser.cpp" match(WORD); -#line 530 "pf.g" +#line 543 "pf.g" importer->queue += LT(0)->getText(); -#line 1601 "PFCfgParser.cpp" +#line 1627 "PFCfgParser.cpp" } else { - goto _loop74; + goto _loop75; } } - _loop74:; + _loop75:; } // ( ... )* match(CLOSING_PAREN); -#line 532 "pf.g" +#line 545 "pf.g" importer->queue += ")"; -#line 1613 "PFCfgParser.cpp" +#line 1639 "PFCfgParser.cpp" break; } default: @@ -1621,7 +1647,7 @@ void PFCfgParser::queue() { } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_18); + recover(ex,_tokenSet_19); } } @@ -1629,11 +1655,11 @@ void PFCfgParser::unary_op() { Tracer traceInOut(this, "unary_op"); try { // for error handling -#line 555 "pf.g" +#line 568 "pf.g" std::string op = "="; -#line 1637 "PFCfgParser.cpp" +#line 1663 "PFCfgParser.cpp" { switch ( LA(1)) { case EQUAL: @@ -1681,15 +1707,16 @@ void PFCfgParser::unary_op() { } } } -#line 572 "pf.g" +#line 585 "pf.g" op = LT(0)->getText(); -#line 1689 "PFCfgParser.cpp" +#line 1715 "PFCfgParser.cpp" break; } case WORD: case INT_CONST: + case PORT_RANGE: { break; } @@ -1700,18 +1727,18 @@ void PFCfgParser::unary_op() { } } port_def(); -#line 577 "pf.g" +#line 590 "pf.g" std::vector tuple; tuple.push_back(op); tuple.push_back(importer->tmp_port_def); importer->tmp_port_group.push_back(tuple); -#line 1711 "PFCfgParser.cpp" +#line 1738 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_20); + recover(ex,_tokenSet_21); } } @@ -1719,19 +1746,19 @@ void PFCfgParser::binary_op() { Tracer traceInOut(this, "binary_op"); try { // for error handling -#line 586 "pf.g" +#line 599 "pf.g" std::string op; std::string arg1; std::vector tuple; -#line 1729 "PFCfgParser.cpp" +#line 1756 "PFCfgParser.cpp" port_def(); -#line 592 "pf.g" +#line 605 "pf.g" arg1 = importer->tmp_port_def; -#line 1735 "PFCfgParser.cpp" +#line 1762 "PFCfgParser.cpp" { switch ( LA(1)) { case EXCEPT_RANGE: @@ -1755,24 +1782,24 @@ void PFCfgParser::binary_op() { } } } -#line 602 "pf.g" +#line 615 "pf.g" op = LT(0)->getText(); -#line 1763 "PFCfgParser.cpp" +#line 1790 "PFCfgParser.cpp" port_def(); -#line 606 "pf.g" +#line 619 "pf.g" tuple.push_back(op); tuple.push_back(arg1); tuple.push_back(importer->tmp_port_def); importer->tmp_port_group.push_back(tuple); -#line 1772 "PFCfgParser.cpp" +#line 1799 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_20); + recover(ex,_tokenSet_21); } } @@ -1782,10 +1809,10 @@ void PFCfgParser::op_list() { try { // for error handling match(OPENING_BRACE); { - if ((_tokenSet_12.member(LA(1))) && (_tokenSet_21.member(LA(2)))) { + if ((_tokenSet_12.member(LA(1))) && (_tokenSet_22.member(LA(2)))) { unary_op(); } - else if ((LA(1) == WORD || LA(1) == INT_CONST) && ((LA(2) >= EXCEPT_RANGE && LA(2) <= COLON))) { + else if ((LA(1) == WORD || LA(1) == INT_CONST || LA(1) == PORT_RANGE) && ((LA(2) >= EXCEPT_RANGE && LA(2) <= COLON))) { binary_op(); } else { @@ -1798,10 +1825,10 @@ void PFCfgParser::op_list() { if ((LA(1) == COMMA)) { match(COMMA); { - if ((_tokenSet_12.member(LA(1))) && (_tokenSet_21.member(LA(2)))) { + if ((_tokenSet_12.member(LA(1))) && (_tokenSet_22.member(LA(2)))) { unary_op(); } - else if ((LA(1) == WORD || LA(1) == INT_CONST) && ((LA(2) >= EXCEPT_RANGE && LA(2) <= COLON))) { + else if ((LA(1) == WORD || LA(1) == INT_CONST || LA(1) == PORT_RANGE) && ((LA(2) >= EXCEPT_RANGE && LA(2) <= COLON))) { binary_op(); } else { @@ -1811,17 +1838,17 @@ void PFCfgParser::op_list() { } } else { - goto _loop90; + goto _loop91; } } - _loop90:; + _loop91:; } // ( ... )* match(CLOSING_BRACE); } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_22); + recover(ex,_tokenSet_23); } } @@ -1841,21 +1868,26 @@ void PFCfgParser::port_def() { match(INT_CONST); break; } + case PORT_RANGE: + { + match(PORT_RANGE); + break; + } default: { throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); } } } -#line 616 "pf.g" +#line 629 "pf.g" importer->tmp_port_def = LT(0)->getText(); -#line 1855 "PFCfgParser.cpp" +#line 1887 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_23); + recover(ex,_tokenSet_24); } } @@ -1871,6 +1903,7 @@ const char* PFCfgParser::tokenNames[] = { "LINE_COMMENT", "WORD", "EQUAL", + "\"antispoof\"", "\"altq\"", "\"queue\"", "\"set\"", @@ -1935,6 +1968,7 @@ const char* PFCfgParser::tokenNames[] = { "\"<>\"", "\"><\"", "COLON", + "PORT_RANGE", "\"exit\"", "\"quit\"", "\"interface\"", @@ -1964,8 +1998,10 @@ const char* PFCfgParser::tokenNames[] = { "HEX_CONST", "NUMBER", "NEG_INT_CONST", + "HEX_DIGIT", "DIGIT", - "HEXDIGIT", + "NUM_3DIGIT", + "NUM_HEX_4DIGIT", "NUMBER_ADDRESS_OR_WORD", "STRING", "PIPE_CHAR", @@ -1989,9 +2025,9 @@ const char* PFCfgParser::tokenNames[] = { 0 }; -const unsigned long PFCfgParser::_tokenSet_0_data_[] = { 262002UL, 0UL, 0UL, 0UL }; -// EOF NEWLINE LINE_COMMENT WORD "altq" "queue" "set" "scrub" "nat" "binat" -// "rdr" "timeout" "pass" "block" +const unsigned long PFCfgParser::_tokenSet_0_data_[] = { 524146UL, 0UL, 0UL, 0UL }; +// EOF NEWLINE LINE_COMMENT WORD "antispoof" "altq" "queue" "set" "scrub" +// "nat" "binat" "rdr" "timeout" "pass" "block" const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_0(_tokenSet_0_data_,4); const unsigned long PFCfgParser::_tokenSet_1_data_[] = { 2UL, 0UL, 0UL, 0UL }; // EOF @@ -1999,70 +2035,74 @@ const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_1(_tokenSet_1_data const unsigned long PFCfgParser::_tokenSet_2_data_[] = { 16UL, 0UL, 0UL, 0UL }; // NEWLINE const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_2(_tokenSet_2_data_,4); -const unsigned long PFCfgParser::_tokenSet_3_data_[] = { 1062207504UL, 131072UL, 0UL, 0UL }; +const unsigned long PFCfgParser::_tokenSet_3_data_[] = { 2124414992UL, 262144UL, 0UL, 0UL }; // NEWLINE "log" ALL "to" "quick" "on" "inet" "inet6" "proto" "from" const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_3(_tokenSet_3_data_,4); -const unsigned long PFCfgParser::_tokenSet_4_data_[] = { 1061158928UL, 131072UL, 0UL, 0UL }; +const unsigned long PFCfgParser::_tokenSet_4_data_[] = { 2122317840UL, 262144UL, 0UL, 0UL }; // NEWLINE ALL "to" "quick" "on" "inet" "inet6" "proto" "from" const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_4(_tokenSet_4_data_,4); -const unsigned long PFCfgParser::_tokenSet_5_data_[] = { 1027604496UL, 131072UL, 0UL, 0UL }; +const unsigned long PFCfgParser::_tokenSet_5_data_[] = { 2055208976UL, 262144UL, 0UL, 0UL }; // NEWLINE ALL "to" "on" "inet" "inet6" "proto" "from" const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_5(_tokenSet_5_data_,4); -const unsigned long PFCfgParser::_tokenSet_6_data_[] = { 960495632UL, 131072UL, 0UL, 0UL }; +const unsigned long PFCfgParser::_tokenSet_6_data_[] = { 1920991248UL, 262144UL, 0UL, 0UL }; // NEWLINE ALL "to" "inet" "inet6" "proto" "from" const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_6(_tokenSet_6_data_,4); -const unsigned long PFCfgParser::_tokenSet_7_data_[] = { 557842432UL, 131072UL, 0UL, 0UL }; +const unsigned long PFCfgParser::_tokenSet_7_data_[] = { 1115684864UL, 262144UL, 0UL, 0UL }; // ALL "to" "proto" "from" const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_7(_tokenSet_7_data_,4); -const unsigned long PFCfgParser::_tokenSet_8_data_[] = { 23068672UL, 196608UL, 0UL, 0UL }; +const unsigned long PFCfgParser::_tokenSet_8_data_[] = { 46137344UL, 393216UL, 0UL, 0UL }; // COMMA ALL "to" CLOSING_BRACE "from" const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_8(_tokenSet_8_data_,4); -const unsigned long PFCfgParser::_tokenSet_9_data_[] = { 2097680UL, 251658240UL, 0UL, 0UL }; +const unsigned long PFCfgParser::_tokenSet_9_data_[] = { 4195344UL, 503316480UL, 0UL, 0UL }; // NEWLINE "queue" COMMA "no" "keep" "modulate" "synproxy" const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_9(_tokenSet_9_data_,4); -const unsigned long PFCfgParser::_tokenSet_10_data_[] = { 1063256080UL, 131072UL, 0UL, 0UL }; +const unsigned long PFCfgParser::_tokenSet_10_data_[] = { 2126512144UL, 262144UL, 0UL, 0UL }; // NEWLINE COMMA ALL "to" "quick" "on" "inet" "inet6" "proto" "from" const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_10(_tokenSet_10_data_,4); -const unsigned long PFCfgParser::_tokenSet_11_data_[] = { 16777216UL, 2147483648UL, 0UL, 0UL }; +const unsigned long PFCfgParser::_tokenSet_11_data_[] = { 33554432UL, 0UL, 1UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // "to" "port" -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_11(_tokenSet_11_data_,4); -const unsigned long PFCfgParser::_tokenSet_12_data_[] = { 192UL, 16384UL, 31UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// WORD EQUAL INT_CONST "!=" LESS_THAN "<=" GREATER_THAN ">=" +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_11(_tokenSet_11_data_,8); +const unsigned long PFCfgParser::_tokenSet_12_data_[] = { 192UL, 32768UL, 574UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// WORD EQUAL INT_CONST "!=" LESS_THAN "<=" GREATER_THAN ">=" PORT_RANGE const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_12(_tokenSet_12_data_,8); -const unsigned long PFCfgParser::_tokenSet_13_data_[] = { 16777216UL, 0UL, 0UL, 0UL }; +const unsigned long PFCfgParser::_tokenSet_13_data_[] = { 33554496UL, 32768UL, 512UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// WORD "to" INT_CONST PORT_RANGE +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_13(_tokenSet_13_data_,8); +const unsigned long PFCfgParser::_tokenSet_14_data_[] = { 33554432UL, 0UL, 0UL, 0UL }; // "to" -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_13(_tokenSet_13_data_,4); -const unsigned long PFCfgParser::_tokenSet_14_data_[] = { 2097680UL, 2399141888UL, 0UL, 0UL }; -// NEWLINE "queue" COMMA "no" "keep" "modulate" "synproxy" "port" const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_14(_tokenSet_14_data_,4); -const unsigned long PFCfgParser::_tokenSet_15_data_[] = { 2097744UL, 251674624UL, 0UL, 0UL }; +const unsigned long PFCfgParser::_tokenSet_15_data_[] = { 4195344UL, 503316480UL, 1UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE "queue" COMMA "no" "keep" "modulate" "synproxy" "port" +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_15(_tokenSet_15_data_,8); +const unsigned long PFCfgParser::_tokenSet_16_data_[] = { 4195408UL, 503349248UL, 512UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // NEWLINE WORD "queue" COMMA INT_CONST "no" "keep" "modulate" "synproxy" -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_15(_tokenSet_15_data_,4); -const unsigned long PFCfgParser::_tokenSet_16_data_[] = { 18874896UL, 2399207424UL, 0UL, 0UL }; +// PORT_RANGE +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_16(_tokenSet_16_data_,8); +const unsigned long PFCfgParser::_tokenSet_17_data_[] = { 37749776UL, 503447552UL, 1UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // NEWLINE "queue" COMMA "to" CLOSING_BRACE "no" "keep" "modulate" "synproxy" // "port" -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_16(_tokenSet_16_data_,4); -const unsigned long PFCfgParser::_tokenSet_17_data_[] = { 18874896UL, 2399141888UL, 0UL, 0UL }; +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_17(_tokenSet_17_data_,8); +const unsigned long PFCfgParser::_tokenSet_18_data_[] = { 37749776UL, 503316480UL, 1UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // NEWLINE "queue" COMMA "to" "no" "keep" "modulate" "synproxy" "port" -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_17(_tokenSet_17_data_,4); -const unsigned long PFCfgParser::_tokenSet_18_data_[] = { 2097168UL, 0UL, 0UL, 0UL }; +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_18(_tokenSet_18_data_,8); +const unsigned long PFCfgParser::_tokenSet_19_data_[] = { 4194320UL, 0UL, 0UL, 0UL }; // NEWLINE COMMA -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_18(_tokenSet_18_data_,4); -const unsigned long PFCfgParser::_tokenSet_19_data_[] = { 2097680UL, 0UL, 0UL, 0UL }; -// NEWLINE "queue" COMMA const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_19(_tokenSet_19_data_,4); -const unsigned long PFCfgParser::_tokenSet_20_data_[] = { 18874896UL, 251723776UL, 0UL, 0UL }; -// NEWLINE "queue" COMMA "to" CLOSING_BRACE "no" "keep" "modulate" "synproxy" +const unsigned long PFCfgParser::_tokenSet_20_data_[] = { 4195344UL, 0UL, 0UL, 0UL }; +// NEWLINE "queue" COMMA const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_20(_tokenSet_20_data_,4); -const unsigned long PFCfgParser::_tokenSet_21_data_[] = { 2097216UL, 81920UL, 0UL, 0UL }; -// WORD COMMA INT_CONST CLOSING_BRACE +const unsigned long PFCfgParser::_tokenSet_21_data_[] = { 37749776UL, 503447552UL, 0UL, 0UL }; +// NEWLINE "queue" COMMA "to" CLOSING_BRACE "no" "keep" "modulate" "synproxy" const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_21(_tokenSet_21_data_,4); -const unsigned long PFCfgParser::_tokenSet_22_data_[] = { 18874896UL, 251658240UL, 0UL, 0UL }; +const unsigned long PFCfgParser::_tokenSet_22_data_[] = { 4194368UL, 163840UL, 512UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// WORD COMMA INT_CONST CLOSING_BRACE PORT_RANGE +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_22(_tokenSet_22_data_,8); +const unsigned long PFCfgParser::_tokenSet_23_data_[] = { 37749776UL, 503316480UL, 0UL, 0UL }; // NEWLINE "queue" COMMA "to" "no" "keep" "modulate" "synproxy" -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_22(_tokenSet_22_data_,4); -const unsigned long PFCfgParser::_tokenSet_23_data_[] = { 18874896UL, 251723776UL, 224UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_23(_tokenSet_23_data_,4); +const unsigned long PFCfgParser::_tokenSet_24_data_[] = { 37749776UL, 503447552UL, 448UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // NEWLINE "queue" COMMA "to" CLOSING_BRACE "no" "keep" "modulate" "synproxy" // "<>" "><" COLON -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_23(_tokenSet_23_data_,8); +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_24(_tokenSet_24_data_,8); diff --git a/src/parsers/PFCfgParser.hpp b/src/parsers/PFCfgParser.hpp index cff783db5..577520493 100644 --- a/src/parsers/PFCfgParser.hpp +++ b/src/parsers/PFCfgParser.hpp @@ -9,7 +9,7 @@ #line 11 "PFCfgParser.hpp" #include -/* $ANTLR 2.7.7 (20090306): "pf.g" -> "PFCfgParser.hpp"$ */ +/* $ANTLR 2.7.7 (20100319): "pf.g" -> "PFCfgParser.hpp"$ */ #include #include #include "PFCfgParserTokenTypes.hpp" @@ -92,6 +92,7 @@ public: public: void comment(); public: void macro_definition(); public: void altq_command(); + public: void antispoof_command(); public: void queue_command(); public: void set_command(); public: void scrub_command(); @@ -140,10 +141,10 @@ protected: private: static const char* tokenNames[]; #ifndef NO_STATIC_CONSTS - static const int NUM_TOKENS = 123; + static const int NUM_TOKENS = 127; #else enum { - NUM_TOKENS = 123 + NUM_TOKENS = 127 }; #endif @@ -195,6 +196,8 @@ private: static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_22; static const unsigned long _tokenSet_23_data_[]; static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_23; + static const unsigned long _tokenSet_24_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_24; }; #endif /*INC_PFCfgParser_hpp_*/ diff --git a/src/parsers/PFCfgParserTokenTypes.hpp b/src/parsers/PFCfgParserTokenTypes.hpp index 7265ad8b6..82536c2cc 100644 --- a/src/parsers/PFCfgParserTokenTypes.hpp +++ b/src/parsers/PFCfgParserTokenTypes.hpp @@ -1,7 +1,7 @@ #ifndef INC_PFCfgParserTokenTypes_hpp_ #define INC_PFCfgParserTokenTypes_hpp_ -/* $ANTLR 2.7.7 (20090306): "pf.g" -> "PFCfgParserTokenTypes.hpp"$ */ +/* $ANTLR 2.7.7 (20100319): "pf.g" -> "PFCfgParserTokenTypes.hpp"$ */ #ifndef CUSTOM_API # define CUSTOM_API @@ -16,121 +16,125 @@ struct CUSTOM_API PFCfgParserTokenTypes { LINE_COMMENT = 5, WORD = 6, EQUAL = 7, - ALTQ = 8, - QUEUE = 9, - SET = 10, - SCRUB = 11, - NAT = 12, - BINAT = 13, - RDR = 14, - TIMEOUT = 15, - PASS = 16, - BLOCK = 17, - IN = 18, - OUT = 19, - LOG = 20, - COMMA = 21, - ALL = 22, - USER = 23, - TO = 24, - QUICK = 25, - ON = 26, - INET = 27, - INET6 = 28, - PROTO = 29, - IP = 30, - ICMP = 31, - IGMP = 32, - TCP = 33, - UDP = 34, - RDP = 35, - RSVP = 36, - GRE = 37, - ESP = 38, - AH = 39, - EIGRP = 40, - OSPF = 41, - IPIP = 42, - VRRP = 43, - L2TP = 44, - ISIS = 45, - INT_CONST = 46, - OPENING_BRACE = 47, - CLOSING_BRACE = 48, - FROM = 49, - ANY = 50, - SELF = 51, - EXCLAMATION = 52, - IPV4 = 53, - IPV6 = 54, - SLASH = 55, - NO = 56, - KEEP = 57, - MODULATE = 58, - SYNPROXY = 59, - STATE = 60, - OPENING_PAREN = 61, - CLOSING_PAREN = 62, - PORT = 63, - NOT_EQUAL = 64, - LESS_THAN = 65, - LESS_OR_EQUAL_THAN = 66, - GREATER_THAN = 67, - GREATER_OR_EQUAL_THAN = 68, - EXCEPT_RANGE = 69, - INSIDE_RANGE = 70, - COLON = 71, - EXIT = 72, - QUIT = 73, - INTRFACE = 74, - ICMP6 = 75, - IGRP = 76, - IPSEC = 77, - NOS = 78, - PCP = 79, - PIM = 80, - PPTP = 81, - RIP = 82, - SNP = 83, - HOST = 84, - RANGE = 85, - LOG_LEVEL_ALERTS = 86, - LOG_LEVEL_CRITICAL = 87, - LOG_LEVEL_DEBUGGING = 88, - LOG_LEVEL_EMERGENCIES = 89, - LOG_LEVEL_ERRORS = 90, - LOG_LEVEL_INFORMATIONAL = 91, - LOG_LEVEL_NOTIFICATIONS = 92, - LOG_LEVEL_WARNINGS = 93, - LOG_LEVEL_DISABLE = 94, - LOG_LEVEL_INACTIVE = 95, - TRANSLATE_TO = 96, - Whitespace = 97, - HEX_CONST = 98, - NUMBER = 99, - NEG_INT_CONST = 100, - DIGIT = 101, - HEXDIGIT = 102, - NUMBER_ADDRESS_OR_WORD = 103, - STRING = 104, - PIPE_CHAR = 105, - NUMBER_SIGN = 106, - PERCENT = 107, - AMPERSAND = 108, - APOSTROPHE = 109, - STAR = 110, - PLUS = 111, - MINUS = 112, - DOT = 113, - SEMICOLON = 114, - QUESTION = 115, - COMMERCIAL_AT = 116, - OPENING_SQUARE = 117, - CLOSING_SQUARE = 118, - CARET = 119, - UNDERLINE = 120, - TILDE = 121, - EXLAMATION = 122, + ANTISPOOF = 8, + ALTQ = 9, + QUEUE = 10, + SET = 11, + SCRUB = 12, + NAT = 13, + BINAT = 14, + RDR = 15, + TIMEOUT = 16, + PASS = 17, + BLOCK = 18, + IN = 19, + OUT = 20, + LOG = 21, + COMMA = 22, + ALL = 23, + USER = 24, + TO = 25, + QUICK = 26, + ON = 27, + INET = 28, + INET6 = 29, + PROTO = 30, + IP = 31, + ICMP = 32, + IGMP = 33, + TCP = 34, + UDP = 35, + RDP = 36, + RSVP = 37, + GRE = 38, + ESP = 39, + AH = 40, + EIGRP = 41, + OSPF = 42, + IPIP = 43, + VRRP = 44, + L2TP = 45, + ISIS = 46, + INT_CONST = 47, + OPENING_BRACE = 48, + CLOSING_BRACE = 49, + FROM = 50, + ANY = 51, + SELF = 52, + EXCLAMATION = 53, + IPV4 = 54, + IPV6 = 55, + SLASH = 56, + NO = 57, + KEEP = 58, + MODULATE = 59, + SYNPROXY = 60, + STATE = 61, + OPENING_PAREN = 62, + CLOSING_PAREN = 63, + PORT = 64, + NOT_EQUAL = 65, + LESS_THAN = 66, + LESS_OR_EQUAL_THAN = 67, + GREATER_THAN = 68, + GREATER_OR_EQUAL_THAN = 69, + EXCEPT_RANGE = 70, + INSIDE_RANGE = 71, + COLON = 72, + PORT_RANGE = 73, + EXIT = 74, + QUIT = 75, + INTRFACE = 76, + ICMP6 = 77, + IGRP = 78, + IPSEC = 79, + NOS = 80, + PCP = 81, + PIM = 82, + PPTP = 83, + RIP = 84, + SNP = 85, + HOST = 86, + RANGE = 87, + LOG_LEVEL_ALERTS = 88, + LOG_LEVEL_CRITICAL = 89, + LOG_LEVEL_DEBUGGING = 90, + LOG_LEVEL_EMERGENCIES = 91, + LOG_LEVEL_ERRORS = 92, + LOG_LEVEL_INFORMATIONAL = 93, + LOG_LEVEL_NOTIFICATIONS = 94, + LOG_LEVEL_WARNINGS = 95, + LOG_LEVEL_DISABLE = 96, + LOG_LEVEL_INACTIVE = 97, + TRANSLATE_TO = 98, + Whitespace = 99, + HEX_CONST = 100, + NUMBER = 101, + NEG_INT_CONST = 102, + HEX_DIGIT = 103, + DIGIT = 104, + NUM_3DIGIT = 105, + NUM_HEX_4DIGIT = 106, + NUMBER_ADDRESS_OR_WORD = 107, + STRING = 108, + PIPE_CHAR = 109, + NUMBER_SIGN = 110, + PERCENT = 111, + AMPERSAND = 112, + APOSTROPHE = 113, + STAR = 114, + PLUS = 115, + MINUS = 116, + DOT = 117, + SEMICOLON = 118, + QUESTION = 119, + COMMERCIAL_AT = 120, + OPENING_SQUARE = 121, + CLOSING_SQUARE = 122, + CARET = 123, + UNDERLINE = 124, + TILDE = 125, + EXLAMATION = 126, NULL_TREE_LOOKAHEAD = 3 }; #ifdef __cplusplus diff --git a/src/parsers/PFCfgParserTokenTypes.txt b/src/parsers/PFCfgParserTokenTypes.txt index 4f365b53f..3ed0839b0 100644 --- a/src/parsers/PFCfgParserTokenTypes.txt +++ b/src/parsers/PFCfgParserTokenTypes.txt @@ -1,121 +1,125 @@ -// $ANTLR 2.7.7 (20090306): pf.g -> PFCfgParserTokenTypes.txt$ +// $ANTLR 2.7.7 (20100319): pf.g -> PFCfgParserTokenTypes.txt$ PFCfgParser // output token vocab name NEWLINE=4 LINE_COMMENT=5 WORD=6 EQUAL=7 -ALTQ="altq"=8 -QUEUE="queue"=9 -SET="set"=10 -SCRUB="scrub"=11 -NAT="nat"=12 -BINAT="binat"=13 -RDR="rdr"=14 -TIMEOUT="timeout"=15 -PASS="pass"=16 -BLOCK="block"=17 -IN="in"=18 -OUT="out"=19 -LOG="log"=20 -COMMA=21 -ALL=22 -USER=23 -TO="to"=24 -QUICK="quick"=25 -ON="on"=26 -INET="inet"=27 -INET6="inet6"=28 -PROTO="proto"=29 -IP="ip"=30 -ICMP="icmp"=31 -IGMP="igmp"=32 -TCP="tcp"=33 -UDP="udp"=34 -RDP="rdp"=35 -RSVP="rsvp"=36 -GRE="gre"=37 -ESP="esp"=38 -AH="ah"=39 -EIGRP="eigrp"=40 -OSPF="ospf"=41 -IPIP="ipip"=42 -VRRP="vrrp"=43 -L2TP="l2tp"=44 -ISIS="isis"=45 -INT_CONST=46 -OPENING_BRACE=47 -CLOSING_BRACE=48 -FROM="from"=49 -ANY="any"=50 -SELF=51 -EXCLAMATION=52 -IPV4=53 -IPV6=54 -SLASH=55 -NO="no"=56 -KEEP="keep"=57 -MODULATE="modulate"=58 -SYNPROXY="synproxy"=59 -STATE="state"=60 -OPENING_PAREN=61 -CLOSING_PAREN=62 -PORT="port"=63 -NOT_EQUAL="!="=64 -LESS_THAN=65 -LESS_OR_EQUAL_THAN="<="=66 -GREATER_THAN=67 -GREATER_OR_EQUAL_THAN=">="=68 -EXCEPT_RANGE="<>"=69 -INSIDE_RANGE="><"=70 -COLON=71 -EXIT="exit"=72 -QUIT="quit"=73 -INTRFACE="interface"=74 -ICMP6="icmp6"=75 -IGRP="igrp"=76 -IPSEC="ipsec"=77 -NOS="nos"=78 -PCP="pcp"=79 -PIM="pim"=80 -PPTP="pptp"=81 -RIP="rip"=82 -SNP="snp"=83 -HOST="host"=84 -RANGE="range"=85 -LOG_LEVEL_ALERTS="alerts"=86 -LOG_LEVEL_CRITICAL="critical"=87 -LOG_LEVEL_DEBUGGING="debugging"=88 -LOG_LEVEL_EMERGENCIES="emergencies"=89 -LOG_LEVEL_ERRORS="errors"=90 -LOG_LEVEL_INFORMATIONAL="informational"=91 -LOG_LEVEL_NOTIFICATIONS="notifications"=92 -LOG_LEVEL_WARNINGS="warnings"=93 -LOG_LEVEL_DISABLE="disable"=94 -LOG_LEVEL_INACTIVE="inactive"=95 -TRANSLATE_TO="->"=96 -Whitespace=97 -HEX_CONST=98 -NUMBER=99 -NEG_INT_CONST=100 -DIGIT=101 -HEXDIGIT=102 -NUMBER_ADDRESS_OR_WORD=103 -STRING=104 -PIPE_CHAR=105 -NUMBER_SIGN=106 -PERCENT=107 -AMPERSAND=108 -APOSTROPHE=109 -STAR=110 -PLUS=111 -MINUS=112 -DOT=113 -SEMICOLON=114 -QUESTION=115 -COMMERCIAL_AT=116 -OPENING_SQUARE=117 -CLOSING_SQUARE=118 -CARET=119 -UNDERLINE=120 -TILDE=121 -EXLAMATION=122 +ANTISPOOF="antispoof"=8 +ALTQ="altq"=9 +QUEUE="queue"=10 +SET="set"=11 +SCRUB="scrub"=12 +NAT="nat"=13 +BINAT="binat"=14 +RDR="rdr"=15 +TIMEOUT="timeout"=16 +PASS="pass"=17 +BLOCK="block"=18 +IN="in"=19 +OUT="out"=20 +LOG="log"=21 +COMMA=22 +ALL=23 +USER=24 +TO="to"=25 +QUICK="quick"=26 +ON="on"=27 +INET="inet"=28 +INET6="inet6"=29 +PROTO="proto"=30 +IP="ip"=31 +ICMP="icmp"=32 +IGMP="igmp"=33 +TCP="tcp"=34 +UDP="udp"=35 +RDP="rdp"=36 +RSVP="rsvp"=37 +GRE="gre"=38 +ESP="esp"=39 +AH="ah"=40 +EIGRP="eigrp"=41 +OSPF="ospf"=42 +IPIP="ipip"=43 +VRRP="vrrp"=44 +L2TP="l2tp"=45 +ISIS="isis"=46 +INT_CONST=47 +OPENING_BRACE=48 +CLOSING_BRACE=49 +FROM="from"=50 +ANY="any"=51 +SELF=52 +EXCLAMATION=53 +IPV4=54 +IPV6=55 +SLASH=56 +NO="no"=57 +KEEP="keep"=58 +MODULATE="modulate"=59 +SYNPROXY="synproxy"=60 +STATE="state"=61 +OPENING_PAREN=62 +CLOSING_PAREN=63 +PORT="port"=64 +NOT_EQUAL="!="=65 +LESS_THAN=66 +LESS_OR_EQUAL_THAN="<="=67 +GREATER_THAN=68 +GREATER_OR_EQUAL_THAN=">="=69 +EXCEPT_RANGE="<>"=70 +INSIDE_RANGE="><"=71 +COLON=72 +PORT_RANGE=73 +EXIT="exit"=74 +QUIT="quit"=75 +INTRFACE="interface"=76 +ICMP6="icmp6"=77 +IGRP="igrp"=78 +IPSEC="ipsec"=79 +NOS="nos"=80 +PCP="pcp"=81 +PIM="pim"=82 +PPTP="pptp"=83 +RIP="rip"=84 +SNP="snp"=85 +HOST="host"=86 +RANGE="range"=87 +LOG_LEVEL_ALERTS="alerts"=88 +LOG_LEVEL_CRITICAL="critical"=89 +LOG_LEVEL_DEBUGGING="debugging"=90 +LOG_LEVEL_EMERGENCIES="emergencies"=91 +LOG_LEVEL_ERRORS="errors"=92 +LOG_LEVEL_INFORMATIONAL="informational"=93 +LOG_LEVEL_NOTIFICATIONS="notifications"=94 +LOG_LEVEL_WARNINGS="warnings"=95 +LOG_LEVEL_DISABLE="disable"=96 +LOG_LEVEL_INACTIVE="inactive"=97 +TRANSLATE_TO="->"=98 +Whitespace=99 +HEX_CONST=100 +NUMBER=101 +NEG_INT_CONST=102 +HEX_DIGIT=103 +DIGIT=104 +NUM_3DIGIT=105 +NUM_HEX_4DIGIT=106 +NUMBER_ADDRESS_OR_WORD=107 +STRING=108 +PIPE_CHAR=109 +NUMBER_SIGN=110 +PERCENT=111 +AMPERSAND=112 +APOSTROPHE=113 +STAR=114 +PLUS=115 +MINUS=116 +DOT=117 +SEMICOLON=118 +QUESTION=119 +COMMERCIAL_AT=120 +OPENING_SQUARE=121 +CLOSING_SQUARE=122 +CARET=123 +UNDERLINE=124 +TILDE=125 +EXLAMATION=126 diff --git a/src/parsers/pf.g b/src/parsers/pf.g index 4cb55bd75..050d74986 100644 --- a/src/parsers/pf.g +++ b/src/parsers/pf.g @@ -116,6 +116,8 @@ cfgfile : macro_definition | altq_command + | + antispoof_command | queue_command | @@ -153,6 +155,17 @@ macro_definition : WORD EQUAL } ; +//**************************************************************** +antispoof_command : ANTISPOOF + { + importer->clear(); + importer->setCurrentLineNumber(LT(0)->getLine()); + importer->addMessageToLog( + QString("Warning: import of 'antispoof' commands has not been implemented yet.")); + consumeUntil(NEWLINE); + } + ; + //**************************************************************** altq_command : ALTQ { @@ -612,7 +625,7 @@ binary_op : ; port_def : - ( WORD | INT_CONST ) + ( WORD | INT_CONST | PORT_RANGE ) { importer->tmp_port_def = LT(0)->getText(); } @@ -717,6 +730,8 @@ tokens TIMEOUT = "timeout"; ALTQ = "altq"; + ANTISPOOF = "antispoof"; + SET = "set"; SCRUB = "scrub"; NAT = "nat"; @@ -742,7 +757,7 @@ tokens LINE_COMMENT : "#" (~('\r' | '\n'))* NEWLINE ; Whitespace : ( '\003'..'\010' | '\t' | '\013' | '\f' | '\016'.. '\037' | '\177'..'\377' | ' ' ) - { _ttype = ANTLR_USE_NAMESPACE(antlr)Token::SKIP; } ; + { $setType(ANTLR_USE_NAMESPACE(antlr)Token::SKIP); } ; //COMMENT_START : '!' ; @@ -761,45 +776,73 @@ NUMBER:; protected NEG_INT_CONST:; +protected +COLON : ; + +protected +HEX_DIGIT : '0'..'9' 'a'..'f' ; + protected DIGIT : '0'..'9' ; protected -HEXDIGIT : 'a'..'f' ; +NUM_3DIGIT: ('1'..'9') (('0'..'9') ('0'..'9')?)? ; + +protected +NUM_HEX_4DIGIT: HEX_DIGIT ((HEX_DIGIT) ((HEX_DIGIT) (HEX_DIGIT)?)?)? ; +NUMBER_ADDRESS_OR_WORD +options { + testLiterals = true; +} + : + ( NUM_3DIGIT '.' NUM_3DIGIT '.' ) => + (NUM_3DIGIT '.' NUM_3DIGIT '.' NUM_3DIGIT '.' NUM_3DIGIT) + { $setType(IPV4); } + | + ( (DIGIT)+ '.' (DIGIT)+ )=> ( (DIGIT)+ '.' (DIGIT)+ ) + { $setType(NUMBER); } + | + ( (DIGIT)+ ':' (DIGIT)+ )=> ( (DIGIT)+ ':' (DIGIT)+ ) + { $setType(PORT_RANGE); } + | + ( DIGIT )+ { $setType(INT_CONST); } + // IPv6 RULE + | (NUM_HEX_4DIGIT ':')=> + ( + ((NUM_HEX_4DIGIT ':')+ ':')=> + ( + (NUM_HEX_4DIGIT ':')+ ':' + (NUM_HEX_4DIGIT (':' NUM_HEX_4DIGIT)*)? + ) { $setType(IPV6); } -NUMBER_ADDRESS_OR_WORD : - ( - ( DIGIT ) => - ( - ( (DIGIT)+ DOT (DIGIT)+ DOT (DIGIT)+ ) => - ( (DIGIT)+ DOT (DIGIT)+ DOT (DIGIT)+ DOT (DIGIT)+ ) - { _ttype = IPV4; } - | - ( (DIGIT)+ DOT (DIGIT)+ )=> ( (DIGIT)+ DOT (DIGIT)+ ) - { _ttype = NUMBER; } - | - ( DIGIT )+ { _ttype = INT_CONST; } - ) - | - ( ( 'a'..'f' | '0'..'9' )+ COLON ) => - ( - ( - ( 'a'..'f' | '0'..'9' )+ - ( COLON ( 'a'..'f' | '0'..'9' )* )+ - ) - { _ttype = IPV6; } - ) - | -// making sure ',' '(' ')' '=' '<' '>' '-' '+' are not part of WORD -// do not start WORD with '$' since we expand macros in PFImporterRun using regex. - ( 'a'..'z' | 'A'..'Z' ) - ( '$' | '%' | '&' | '0'..'9' | ';' | - '?' | '@' | 'A'..'Z' | '\\' | '^' | '_' | '`' | 'a'..'z' )* - { _ttype = WORD; } - ) + | NUM_HEX_4DIGIT (':' NUM_HEX_4DIGIT)+ + { $setType(IPV6); } + + ) { $setType(IPV6); } + + | (':' ':' NUM_HEX_4DIGIT)=> + ':' ':' NUM_HEX_4DIGIT (':' NUM_HEX_4DIGIT)* + { $setType(IPV6); } + + | ':' ':' + { $setType(IPV6); } + + | ':' + { $setType(COLON); } + + | + +// making sure ',' '(' ')' '=' '<' '>' '-' '+' are not part of WORD do +// not start WORD with '$' since we expand macros in PFImporterRun +// using regex. + + ( 'a'..'z' | 'A'..'Z' ) + ( '$' | '%' | '&' | '0'..'9' | ';' | + '?' | '@' | 'A'..'Z' | '\\' | '^' | '_' | '`' | 'a'..'z' )* + { $setType(WORD); } ; STRING : '"' (~'"')* '"'; @@ -817,7 +860,7 @@ MINUS : '-' ; DOT : '.' ; SLASH : '/' ; -COLON : ':' ; +// COLON : ':' ; SEMICOLON : ';' ; EQUAL : '=' ; From 439f8240ba72c916dc094a4a2aea86c62d2fce4d Mon Sep 17 00:00:00 2001 From: Vadim Kurland Date: Tue, 24 May 2011 23:01:41 -0700 Subject: [PATCH 05/10] see #2394 checking pf.conf file before import to determine if it is designed in the style not using keyword "quick". We can not import config like that --- src/import/PreImport.cpp | 132 ++++++++++++++++++ src/import/PreImport.h | 11 +- .../IC_PlatformWarningPage.cpp | 25 +++- 3 files changed, 163 insertions(+), 5 deletions(-) diff --git a/src/import/PreImport.cpp b/src/import/PreImport.cpp index c8b9fa2f8..992f9c5b6 100644 --- a/src/import/PreImport.cpp +++ b/src/import/PreImport.cpp @@ -25,6 +25,38 @@ #include +#include + +using namespace std; + + +class matchPFDirectionIn : public matchPFDirection +{ +public: + virtual bool operator()(const QString &str) + { + return str.contains(" in "); + } +}; + +class matchPFDirectionOut : public matchPFDirection +{ +public: + virtual bool operator()(const QString &str) + { + return str.contains(" out "); + } +}; + +class matchPFDirectionBoth : public matchPFDirection +{ +public: + virtual bool operator()(const QString &str) + { + return ! str.contains(" in ") && ! str.contains(" out "); + } +}; + void PreImport::scan() { @@ -131,6 +163,105 @@ void PreImport::scan() } } } + + /* + * fwbuilder generates PF configuration that always uses "quick" + * keyword to make the first matching rule stop processing. A lot + * of existing pf.conf files use the other model where PF commands + * do not use this keyword, so that all rules inspect the packet + * and the last matching rule makes the decision. Fwbuilder can + * not generate PF configuration in this style and can not import + * it. We look for "block" command without "quick" parameter to + * determine if the configuration offered for import is written in + * this style. + + * We refuse to import policies that have "block" line with no + * "quick" word, unless there are other command(s) with "quick" + * after it. We should do this comparison keeping direction in + * mind because it is possible to have "block in all" and then + * "pass out quick something". It looks like a style with "block + * all" at the top used to set up default policy is quite + * popular. Configuration written in this style has "block all + * log" at the top (or in the middle), followed by a bunch of + * specific "pass quick" rules. We can import this if "block all + * log" is the last rule, but not if it is followed by some pass + * rules with no "quick". + */ + + if (platform == PF) + { + matchPFDirectionIn dir_in; + matchPFDirectionOut dir_out; + matchPFDirectionBoth dir_both; + + if (isReversePFConfigurationStyle(dir_in) || + isReversePFConfigurationStyle(dir_out) || + isReversePFConfigurationStyle(dir_both)) + { + platform = PF_REVERSE; + } + } +} + +bool PreImport::isReversePFConfigurationStyle(matchPFDirection &dir_op) +{ + bool has_block_no_quick = false; + bool has_command_with_quick_after_block = false; + bool has_command_with_no_quick_after_block = false; + QRegExp cont("\\\\\\s*\n"); + QString line; + QStringListIterator it(*buffer); + while (it.hasNext()) + { + // first, unfold lines ending with "\" + line = it.next(); + int cont_idx; + while ( (cont_idx = cont.indexIn(line)) > -1 && it.hasNext()) + { + line.insert(cont_idx, it.next()); + } + + line = line.trimmed(); + + if (line.startsWith("#")) continue; + if (line.isEmpty()) continue; + + if ( ! dir_op(line)) continue; + + if (line.contains(" quick")) + { + // check if after the line with "block" and no "quick" + // comes a line with action "pass" and "quick" word. + // This is a mixed-style policy and we can try to + // import it. + + if (has_block_no_quick && + (line.startsWith("pass ") || line.startsWith("block "))) + { + has_command_with_quick_after_block = true; + continue; + } + + } else + { + // check if this is a line with action "block" and no + // "quick" word + if (line.startsWith("block ")) + { + has_block_no_quick = true; + continue; + } + + if (has_block_no_quick) + { + has_command_with_no_quick_after_block = true; + break; + } + } + } + + return (has_block_no_quick && has_command_with_no_quick_after_block && + ! has_command_with_quick_after_block); } QString PreImport::getPlatformAsString() @@ -161,6 +292,7 @@ QString PreImport::getPlatformAsString() break; case PreImport::PF: + case PreImport::PF_REVERSE: platform_string = "pf"; break; } diff --git a/src/import/PreImport.h b/src/import/PreImport.h index 6517487e9..2b91c83c1 100644 --- a/src/import/PreImport.h +++ b/src/import/PreImport.h @@ -30,12 +30,16 @@ #include +class matchPFDirection +{ +public: + virtual bool operator()(const QString&) {return false;} +}; + /* * This class scans firewall configuration and tries to guess platform * and some other parameters */ - - class PreImport { const QStringList *buffer; @@ -43,7 +47,7 @@ class PreImport public: enum Platforms { UNKNOWN, IPTABLES, IPTABLES_WITH_COUNTERS, - PF, IOSACL, PIX, FWSM } ; + PF, PF_REVERSE, IOSACL, PIX, FWSM } ; private: @@ -55,6 +59,7 @@ public: void scan(); enum Platforms getPlatform() { return platform; } QString getPlatformAsString(); + bool isReversePFConfigurationStyle(matchPFDirection &dir_op); }; #endif diff --git a/src/libgui/importFirewallConfigurationWizard/IC_PlatformWarningPage.cpp b/src/libgui/importFirewallConfigurationWizard/IC_PlatformWarningPage.cpp index afb8ba689..4bfc17eff 100644 --- a/src/libgui/importFirewallConfigurationWizard/IC_PlatformWarningPage.cpp +++ b/src/libgui/importFirewallConfigurationWizard/IC_PlatformWarningPage.cpp @@ -180,11 +180,32 @@ void IC_PlatformWarningPage::initializePage() case PreImport::PF: m_dialog->platform->setText(tr("pf")); m_dialog->platformSpecificWarning->setText( - tr("Firewall Builder will support import PF " - "configuration from a pf.conf file." + tr("Firewall Builder supports import PF " + "configuration from a pf.conf file. Tables will be imported " + "as object groups and their names will be preserved. " + "Macros are expanded in place and not imported as " + "objects. Import of anchors is not supported at this time." )); platformOk = true; break; + + case PreImport::PF_REVERSE: + m_dialog->platform->setText(tr("pf")); + m_dialog->platformSpecificWarning->setText( + tr( + "

This appears to be PF configuration designed " + "without use of the \"quick\" keyword, where " + "the packet is evaluated by all filtering rules in " + "sequential order and the last matching rule decides " + "what action is to be taken. Firewall Builder uses " + "different rule model, where the first matching rule " + "is always final and makes the decision on the action. " + "This means Firewall Builder can only import PF " + "configuration written using \"quick\" " + "keywords.

" + )); + platformOk = false; + break; } QString platform_string = pi.getPlatformAsString(); From ea9c28fda10b0ffb7d0f032c4719874cea687124 Mon Sep 17 00:00:00 2001 From: Vadim Kurland Date: Wed, 25 May 2011 18:57:38 -0700 Subject: [PATCH 06/10] See #2394 grammar can parse most of the sample pf.conf files, including important ones --- VERSION | 2 +- VERSION.h | 2 +- packaging/fwbuilder-static-qt.spec | 2 +- packaging/fwbuilder.control | 2 +- packaging/fwbuilder.spec | 2 +- src/import/IPTImporter.h | 2 - src/import/Importer.h | 3 + src/import/PFImporter.cpp | 23 +- src/import/PFImporter.h | 137 +- src/parsers/PFCfgLexer.cpp | 1014 +++++---- src/parsers/PFCfgLexer.hpp | 1 + src/parsers/PFCfgParser.cpp | 2761 ++++++++++++++++++------- src/parsers/PFCfgParser.hpp | 43 +- src/parsers/PFCfgParserTokenTypes.hpp | 234 ++- src/parsers/PFCfgParserTokenTypes.txt | 234 ++- src/parsers/pf.g | 531 +++-- 16 files changed, 3276 insertions(+), 1717 deletions(-) diff --git a/VERSION b/VERSION index 88a58f763..75b79a56d 100644 --- a/VERSION +++ b/VERSION @@ -7,7 +7,7 @@ FWB_MICRO_VERSION=0 # build number is like "nano" version number. I am incrementing build # number during development cycle # -BUILD_NUM="3544" +BUILD_NUM="3546" VERSION="$FWB_MAJOR_VERSION.$FWB_MINOR_VERSION.$FWB_MICRO_VERSION.$BUILD_NUM" diff --git a/VERSION.h b/VERSION.h index 8965f5512..fd6fc5669 100644 --- a/VERSION.h +++ b/VERSION.h @@ -1,2 +1,2 @@ -#define VERSION "4.3.0.3544" +#define VERSION "4.3.0.3546" #define GENERATION "4.3" diff --git a/packaging/fwbuilder-static-qt.spec b/packaging/fwbuilder-static-qt.spec index b7b3f2899..eb8926a14 100644 --- a/packaging/fwbuilder-static-qt.spec +++ b/packaging/fwbuilder-static-qt.spec @@ -3,7 +3,7 @@ %define name fwbuilder -%define version 4.3.0.3544 +%define version 4.3.0.3546 %define release 1 %if "%_vendor" == "MandrakeSoft" diff --git a/packaging/fwbuilder.control b/packaging/fwbuilder.control index 70231ebcb..2f198f267 100644 --- a/packaging/fwbuilder.control +++ b/packaging/fwbuilder.control @@ -4,6 +4,6 @@ Replaces: fwbuilder (<=4.1.1-1), fwbuilder-common, fwbuilder-bsd, fwbuilder-linu Priority: extra Section: checkinstall Maintainer: vadim@fwbuilder.org -Version: 4.3.0.3544-1 +Version: 4.3.0.3546-1 Depends: libqt4-gui (>= 4.3.0), libxml2, libxslt1.1, libsnmp | libsnmp15 Description: Firewall Builder GUI and policy compilers diff --git a/packaging/fwbuilder.spec b/packaging/fwbuilder.spec index 3bc20f0d6..6ff33090d 100644 --- a/packaging/fwbuilder.spec +++ b/packaging/fwbuilder.spec @@ -1,6 +1,6 @@ %define name fwbuilder -%define version 4.3.0.3544 +%define version 4.3.0.3546 %define release 1 %if "%_vendor" == "MandrakeSoft" diff --git a/src/import/IPTImporter.h b/src/import/IPTImporter.h index 77cce1d57..c3a2ca952 100644 --- a/src/import/IPTImporter.h +++ b/src/import/IPTImporter.h @@ -43,8 +43,6 @@ #include -typedef std::pair str_tuple; - class IPTImporter : public Importer { diff --git a/src/import/Importer.h b/src/import/Importer.h index 9a5b74511..f0345fef8 100644 --- a/src/import/Importer.h +++ b/src/import/Importer.h @@ -43,6 +43,9 @@ #include +typedef std::pair str_tuple; +typedef std::vector str_vector; + class Importer; diff --git a/src/import/PFImporter.cpp b/src/import/PFImporter.cpp index 87ed0424f..660665849 100644 --- a/src/import/PFImporter.cpp +++ b/src/import/PFImporter.cpp @@ -86,9 +86,9 @@ void PFImporter::clear() quick = false; direction = ""; - iface = ""; address_family = ""; + iface_group.clear(); proto_list.clear(); src_group.clear(); dst_group.clear(); @@ -98,12 +98,23 @@ void PFImporter::clear() tmp_neg = false; tmp_port_def = ""; + tmp_port_op = ""; src_port_group.clear(); dst_port_group.clear(); tmp_port_group.clear(); + icmp_type_code_group.clear(); + queue = ""; state_op = ""; + logopts = ""; + flags_check = ""; + flags_mask = ""; + tag = ""; + tagged = ""; + + route_type = UNKNOWN; + route_group.clear(); Importer::clear(); } @@ -240,6 +251,16 @@ void PFImporter::pushPolicyRule() assert(current_rule!=NULL); // populate all elements of the rule + // Note that standard function + // setInterfaceAndDirectionForRuleSet() assumes there is only one + // interface, but here we can have a group. Information about + // interfaces (even if there is only one) is stored in the list + // iface_group + // + // importer->setInterfaceAndDirectionForRuleSet( + // "", importer->iface, importer->direction); + + addMessageToLog( QString("filtering rule: action %1") .arg(action.c_str())); diff --git a/src/import/PFImporter.h b/src/import/PFImporter.h index c183106f5..7bcbaa6a3 100644 --- a/src/import/PFImporter.h +++ b/src/import/PFImporter.h @@ -41,34 +41,151 @@ #include +class InterfaceSpec +{ +public: + + bool neg; + std::string name; + + InterfaceSpec() + { neg = false; name = ""; } + + InterfaceSpec(const InterfaceSpec &other) + { + neg = other.neg; + name = other.name; + } + + InterfaceSpec(bool _neg, const std::string _name) + { neg = _neg; name = _name; } +}; + + + +class AddressSpec +{ +public: + + typedef enum { + UNKNOWN, + ANY, + HOST_ADDRESS, + NETWORK_ADDRESS, + SPECIAL_ADDRESS, + INTERFACE_NAME, + TABLE } address_type; + + address_type at; + std::string address; + std::string netmask; + + AddressSpec() + { at = UNKNOWN; address = ""; netmask = ""; } + + AddressSpec(const AddressSpec &other) + { + at = other.at; + address = other.address; + netmask = other.netmask; + } + + AddressSpec(address_type _at, const std::string _addr, const std::string _nm) + { at = _at; address = _addr; netmask = _nm; } +}; + + +class PortSpec +{ +public: + std::string port1; + std::string port2; + std::string port_op; + + PortSpec() + { port1 = ""; port2 = ""; port_op = ""; } + + PortSpec(const PortSpec &other) + { + port1 = other.port1; + port2 = other.port2; + port_op = other.port_op; + } + + PortSpec(const std::string s1, const std::string s2, const std::string s3) + { port1 = s1; port2 = s2; port_op = s3; } +}; + + +class RouteSpec +{ +public: + + std::string iface; + std::string address; + std::string netmask; + + RouteSpec() + { iface = ""; address = ""; netmask = ""; } + + RouteSpec(const RouteSpec &other) + { + iface = other.iface; + address = other.address; + netmask = other.netmask; + } + + RouteSpec(const std::string _iface, + const std::string _addr, const std::string _nm) + { iface = _iface; address = _addr; netmask = _nm; } +}; + + + + class PFImporter : public Importer { public: + typedef enum { + UNKNOWN, + ROUTE_TO, + REPLY_TO, + DUP_TO} route_op_type; + std::string direction; - std::string iface; std::string address_family; bool quick; bool src_neg; bool dst_neg; bool tmp_neg; + + std::list iface_group; std::list proto_list; - std::list > src_group; - std::list > dst_group; - std::list > tmp_group; + std::list< AddressSpec > src_group; + std::list< AddressSpec > dst_group; + std::list< AddressSpec > tmp_group; - // each item in the list is a vector of 2 or 3 strings - // Unary operations are represented by 2 strings, binary operations - // use 3 strings + std::string tmp_port_op; std::string tmp_port_def; - std::list< std::vector > src_port_group; - std::list< std::vector > dst_port_group; - std::list< std::vector > tmp_port_group; + std::list< PortSpec > src_port_group; + std::list< PortSpec > dst_port_group; + std::list< PortSpec > tmp_port_group; + + std::list icmp_type_code_group; + + route_op_type route_type; + std::list route_group; std::string queue; std::string state_op; + std::string logopts; + std::string flags_check; + std::string flags_mask; + std::string tag; + std::string tagged; libfwbuilder::NATRule::NATRuleTypes rule_type; diff --git a/src/parsers/PFCfgLexer.cpp b/src/parsers/PFCfgLexer.cpp index f059a6151..e758ea60d 100644 --- a/src/parsers/PFCfgLexer.cpp +++ b/src/parsers/PFCfgLexer.cpp @@ -44,80 +44,90 @@ PFCfgLexer::PFCfgLexer(const ANTLR_USE_NAMESPACE(antlr)LexerSharedInputState& st void PFCfgLexer::initLiterals() { - literals["vrrp"] = 44; - literals["critical"] = 89; - literals["ospf"] = 42; - literals["rdp"] = 36; - literals["disable"] = 96; + literals["vrrp"] = 50; + literals["critical"] = 96; + literals["ospf"] = 48; + literals["rdp"] = 42; + literals["disable"] = 103; literals["scrub"] = 12; - literals["ipsec"] = 79; - literals["inet"] = 28; - literals["pcp"] = 81; - literals["emergencies"] = 91; - literals["debugging"] = 90; - literals["snp"] = 85; - literals["timeout"] = 16; - literals["to"] = 25; - literals["isis"] = 46; - literals["pptp"] = 83; - literals["pass"] = 17; - literals["no"] = 57; - literals["from"] = 50; - literals["igrp"] = 78; - literals["pim"] = 82; - literals["rsvp"] = 37; - literals["nos"] = 80; - literals["quit"] = 75; - literals["->"] = 98; - literals["exit"] = 74; - literals["modulate"] = 59; - literals["nat"] = 13; - literals["range"] = 87; - literals["out"] = 20; + literals["ipsec"] = 86; + literals["inet"] = 34; + literals["pcp"] = 88; + literals["emergencies"] = 98; + literals["debugging"] = 97; + literals["snp"] = 92; + literals["timeout"] = 17; + literals["to"] = 28; + literals["flags"] = 66; + literals["isis"] = 52; + literals["icmp6-type"] = 69; + literals["pptp"] = 90; + literals["pass"] = 18; + literals["no"] = 72; + literals["from"] = 54; + literals["igrp"] = 85; + literals["pim"] = 89; + literals["tagged"] = 70; + literals["rsvp"] = 43; + literals["route-to"] = 64; + literals["nos"] = 87; + literals["quit"] = 82; + literals["->"] = 105; + literals["icmp-type"] = 67; + literals["exit"] = 81; + literals["modulate"] = 74; + literals["nat"] = 14; + literals["range"] = 94; + literals["urpf-failed"] = 55; + literals["out"] = 21; literals["queue"] = 10; - literals["gre"] = 38; + literals["gre"] = 44; literals["set"] = 11; - literals["warnings"] = 95; - literals["ah"] = 40; - literals["host"] = 86; - literals["interface"] = 76; - literals["rip"] = 84; - literals["icmp6"] = 77; - literals["notifications"] = 94; - literals["synproxy"] = 60; - literals["!="] = 65; + literals["warnings"] = 102; + literals["ah"] = 46; + literals["host"] = 93; + literals["interface"] = 83; + literals["rip"] = 91; + literals["icmp6"] = 84; + literals["notifications"] = 101; + literals["synproxy"] = 75; literals["altq"] = 9; - literals["any"] = 51; - literals["esp"] = 39; - literals["alerts"] = 88; - literals["inet6"] = 29; - literals["inactive"] = 97; - literals["udp"] = 35; - literals["<>"] = 70; - literals["port"] = 64; - literals["ip"] = 31; - literals[">="] = 69; - literals["eigrp"] = 41; - literals["<="] = 67; - literals["errors"] = 92; - literals["ipip"] = 43; + literals["any"] = 56; + literals["esp"] = 45; + literals["alerts"] = 95; + literals["all"] = 26; + literals["inet6"] = 35; + literals["inactive"] = 104; + literals["label"] = 77; + literals["udp"] = 41; + literals["no-route"] = 58; + literals["reply-to"] = 65; + literals["tag"] = 71; + literals["port"] = 79; + literals["code"] = 68; + literals["ip"] = 37; + literals["table"] = 13; + literals["eigrp"] = 47; + literals["errors"] = 99; + literals["ipip"] = 49; literals["antispoof"] = 8; - literals["binat"] = 14; - literals["igmp"] = 33; - literals["><"] = 71; - literals["on"] = 27; - literals["state"] = 61; - literals["proto"] = 30; - literals["log"] = 21; - literals["rdr"] = 15; - literals["informational"] = 93; - literals["in"] = 19; - literals["keep"] = 58; - literals["block"] = 18; - literals["l2tp"] = 45; - literals["quick"] = 26; - literals["icmp"] = 32; - literals["tcp"] = 34; + literals["binat"] = 15; + literals["igmp"] = 39; + literals["on"] = 30; + literals["state"] = 76; + literals["proto"] = 36; + literals["log"] = 22; + literals["rdr"] = 16; + literals["informational"] = 100; + literals["in"] = 20; + literals["self"] = 57; + literals["keep"] = 73; + literals["block"] = 19; + literals["l2tp"] = 51; + literals["quick"] = 29; + literals["user"] = 27; + literals["icmp"] = 38; + literals["tcp"] = 40; } ANTLR_USE_NAMESPACE(antlr)RefToken PFCfgLexer::nextToken() @@ -204,12 +214,6 @@ ANTLR_USE_NAMESPACE(antlr)RefToken PFCfgLexer::nextToken() theRetToken=_returnToken; break; } - case 0x22 /* '\"' */ : - { - mSTRING(true); - theRetToken=_returnToken; - break; - } case 0x7c /* '|' */ : { mPIPE_CHAR(true); @@ -371,6 +375,10 @@ ANTLR_USE_NAMESPACE(antlr)RefToken PFCfgLexer::nextToken() mLINE_COMMENT(true); theRetToken=_returnToken; } + else if ((LA(1) == 0x22 /* '\"' */ ) && ((LA(2) >= 0x3 /* '\3' */ && LA(2) <= 0xff))) { + mSTRING(true); + theRetToken=_returnToken; + } else if ((_tokenSet_0.member(LA(1)))) { mWhitespace(true); theRetToken=_returnToken; @@ -379,6 +387,10 @@ ANTLR_USE_NAMESPACE(antlr)RefToken PFCfgLexer::nextToken() mNUMBER_SIGN(true); theRetToken=_returnToken; } + else if ((LA(1) == 0x22 /* '\"' */ ) && (true)) { + mDOUBLE_QUOTE(true); + theRetToken=_returnToken; + } else { if (LA(1)==EOF_CHAR) { @@ -423,11 +435,11 @@ void PFCfgLexer::mLINE_COMMENT(bool _createToken) { } } else { - goto _loop95; + goto _loop140; } } - _loop95:; + _loop140:; } // ( ... )* mNEWLINE(false); if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { @@ -459,9 +471,9 @@ void PFCfgLexer::mNEWLINE(bool _createToken) { } if ( inputState->guessing==0 ) { -#line 765 "pf.g" +#line 958 "pf.g" newline(); -#line 465 "PFCfgLexer.cpp" +#line 477 "PFCfgLexer.cpp" } if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { _token = makeToken(_ttype); @@ -540,9 +552,9 @@ void PFCfgLexer::mWhitespace(bool _createToken) { } } if ( inputState->guessing==0 ) { -#line 760 "pf.g" +#line 953 "pf.g" _ttype = ANTLR_USE_NAMESPACE(antlr)Token::SKIP; -#line 546 "PFCfgLexer.cpp" +#line 558 "PFCfgLexer.cpp" } if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { _token = makeToken(_ttype); @@ -652,7 +664,7 @@ void PFCfgLexer::mNUM_3DIGIT(bool _createToken) { ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; { - matchRange('1','9'); + matchRange('0','9'); } { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { @@ -727,10 +739,10 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { _ttype = NUMBER_ADDRESS_OR_WORD; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; - bool synPredMatched120 = false; - if ((((LA(1) >= 0x31 /* '1' */ && LA(1) <= 0x39 /* '9' */ )) && (_tokenSet_2.member(LA(2))) && (_tokenSet_2.member(LA(3))))) { - int _m120 = mark(); - synPredMatched120 = true; + bool synPredMatched165 = false; + if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (_tokenSet_2.member(LA(2))) && (_tokenSet_2.member(LA(3))))) { + int _m165 = mark(); + synPredMatched165 = true; inputState->guessing++; try { { @@ -741,12 +753,12 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { - synPredMatched120 = false; + synPredMatched165 = false; } - rewind(_m120); + rewind(_m165); inputState->guessing--; } - if ( synPredMatched120 ) { + if ( synPredMatched165 ) { { mNUM_3DIGIT(false); match('.' /* charlit */ ); @@ -757,419 +769,429 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { mNUM_3DIGIT(false); } if ( inputState->guessing==0 ) { -#line 802 "pf.g" +#line 995 "pf.g" _ttype = IPV4; -#line 763 "PFCfgLexer.cpp" +#line 775 "PFCfgLexer.cpp" } } else { - bool synPredMatched127 = false; + bool synPredMatched172 = false; if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (_tokenSet_2.member(LA(2))) && (_tokenSet_2.member(LA(3))))) { - int _m127 = mark(); - synPredMatched127 = true; + int _m172 = mark(); + synPredMatched172 = true; inputState->guessing++; try { { { // ( ... )+ - int _cnt124=0; + int _cnt169=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt124>=1 ) { goto _loop124; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt169>=1 ) { goto _loop169; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt124++; + _cnt169++; } - _loop124:; + _loop169:; } // ( ... )+ match('.' /* charlit */ ); { // ( ... )+ - int _cnt126=0; + int _cnt171=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt126>=1 ) { goto _loop126; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt171>=1 ) { goto _loop171; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt126++; + _cnt171++; } - _loop126:; + _loop171:; } // ( ... )+ } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { - synPredMatched127 = false; + synPredMatched172 = false; } - rewind(_m127); + rewind(_m172); inputState->guessing--; } - if ( synPredMatched127 ) { + if ( synPredMatched172 ) { { { // ( ... )+ - int _cnt130=0; + int _cnt175=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt130>=1 ) { goto _loop130; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt175>=1 ) { goto _loop175; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt130++; + _cnt175++; } - _loop130:; + _loop175:; } // ( ... )+ match('.' /* charlit */ ); { // ( ... )+ - int _cnt132=0; + int _cnt177=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt132>=1 ) { goto _loop132; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt177>=1 ) { goto _loop177; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt132++; + _cnt177++; } - _loop132:; + _loop177:; } // ( ... )+ } if ( inputState->guessing==0 ) { -#line 805 "pf.g" +#line 998 "pf.g" _ttype = NUMBER; -#line 846 "PFCfgLexer.cpp" +#line 858 "PFCfgLexer.cpp" } } else { - bool synPredMatched138 = false; - if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && ((LA(2) >= 0x30 /* '0' */ && LA(2) <= 0x3a /* ':' */ )) && ((LA(3) >= 0x30 /* '0' */ && LA(3) <= 0x3a /* ':' */ )))) { - int _m138 = mark(); - synPredMatched138 = true; + bool synPredMatched196 = false; + if (((LA(1) == 0x3a /* ':' */ ) && (LA(2) == 0x3a /* ':' */ ) && ((LA(3) >= 0x30 /* '0' */ && LA(3) <= 0x39 /* '9' */ )))) { + int _m196 = mark(); + synPredMatched196 = true; inputState->guessing++; try { { - { // ( ... )+ - int _cnt135=0; - for (;;) { - if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { - mDIGIT(false); - } - else { - if ( _cnt135>=1 ) { goto _loop135; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} - } - - _cnt135++; - } - _loop135:; - } // ( ... )+ - match(':' /* charlit */ ); - { // ( ... )+ - int _cnt137=0; - for (;;) { - if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { - mDIGIT(false); - } - else { - if ( _cnt137>=1 ) { goto _loop137; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} - } - - _cnt137++; - } - _loop137:; - } // ( ... )+ - } - } - catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { - synPredMatched138 = false; - } - rewind(_m138); - inputState->guessing--; - } - if ( synPredMatched138 ) { - { - { // ( ... )+ - int _cnt141=0; - for (;;) { - if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { - mDIGIT(false); - } - else { - if ( _cnt141>=1 ) { goto _loop141; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} - } - - _cnt141++; - } - _loop141:; - } // ( ... )+ - match(':' /* charlit */ ); - { // ( ... )+ - int _cnt143=0; - for (;;) { - if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { - mDIGIT(false); - } - else { - if ( _cnt143>=1 ) { goto _loop143; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} - } - - _cnt143++; - } - _loop143:; - } // ( ... )+ - } - if ( inputState->guessing==0 ) { -#line 808 "pf.g" - _ttype = PORT_RANGE; -#line 929 "PFCfgLexer.cpp" - } - } - else { - bool synPredMatched162 = false; - if (((LA(1) == 0x3a /* ':' */ ) && (LA(2) == 0x3a /* ':' */ ) && ((LA(3) >= 0x30 /* '0' */ && LA(3) <= 0x39 /* '9' */ )))) { - int _m162 = mark(); - synPredMatched162 = true; - inputState->guessing++; - try { - { - match(':' /* charlit */ ); - match(':' /* charlit */ ); - mNUM_HEX_4DIGIT(false); - } - } - catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { - synPredMatched162 = false; - } - rewind(_m162); - inputState->guessing--; - } - if ( synPredMatched162 ) { match(':' /* charlit */ ); match(':' /* charlit */ ); mNUM_HEX_4DIGIT(false); - { // ( ... )* - for (;;) { - if ((LA(1) == 0x3a /* ':' */ )) { - match(':' /* charlit */ ); - mNUM_HEX_4DIGIT(false); - } - else { - goto _loop164; - } - - } - _loop164:; - } // ( ... )* - if ( inputState->guessing==0 ) { -#line 828 "pf.g" - _ttype = IPV6; -#line 971 "PFCfgLexer.cpp" } } - else { - bool synPredMatched147 = false; - if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && ((LA(2) >= 0x61 /* 'a' */ && LA(2) <= 0x66 /* 'f' */ )))) { - int _m147 = mark(); - synPredMatched147 = true; + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { + synPredMatched196 = false; + } + rewind(_m196); + inputState->guessing--; + } + if ( synPredMatched196 ) { + match(':' /* charlit */ ); + match(':' /* charlit */ ); + mNUM_HEX_4DIGIT(false); + { // ( ... )* + for (;;) { + if ((LA(1) == 0x3a /* ':' */ )) { + match(':' /* charlit */ ); + mNUM_HEX_4DIGIT(false); + } + else { + goto _loop198; + } + + } + _loop198:; + } // ( ... )* + if ( inputState->guessing==0 ) { +#line 1021 "pf.g" + _ttype = IPV6; +#line 900 "PFCfgLexer.cpp" + } + } + else { + bool synPredMatched181 = false; + if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && ((LA(2) >= 0x61 /* 'a' */ && LA(2) <= 0x66 /* 'f' */ )))) { + int _m181 = mark(); + synPredMatched181 = true; + inputState->guessing++; + try { + { + mNUM_HEX_4DIGIT(false); + match(':' /* charlit */ ); + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { + synPredMatched181 = false; + } + rewind(_m181); + inputState->guessing--; + } + if ( synPredMatched181 ) { + { + bool synPredMatched186 = false; + if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && ((LA(2) >= 0x61 /* 'a' */ && LA(2) <= 0x66 /* 'f' */ )) && ((LA(3) >= 0x30 /* '0' */ && LA(3) <= 0x3a /* ':' */ )))) { + int _m186 = mark(); + synPredMatched186 = true; inputState->guessing++; try { - { - mNUM_HEX_4DIGIT(false); - match(':' /* charlit */ ); - } - } - catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { - synPredMatched147 = false; - } - rewind(_m147); - inputState->guessing--; - } - if ( synPredMatched147 ) { - { - bool synPredMatched152 = false; - if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && ((LA(2) >= 0x61 /* 'a' */ && LA(2) <= 0x66 /* 'f' */ )) && ((LA(3) >= 0x30 /* '0' */ && LA(3) <= 0x3a /* ':' */ )))) { - int _m152 = mark(); - synPredMatched152 = true; - inputState->guessing++; - try { - { - { // ( ... )+ - int _cnt151=0; - for (;;) { - if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { - mNUM_HEX_4DIGIT(false); - match(':' /* charlit */ ); - } - else { - if ( _cnt151>=1 ) { goto _loop151; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} - } - - _cnt151++; - } - _loop151:; - } // ( ... )+ - match(':' /* charlit */ ); - } - } - catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { - synPredMatched152 = false; - } - rewind(_m152); - inputState->guessing--; - } - if ( synPredMatched152 ) { { { // ( ... )+ - int _cnt155=0; + int _cnt185=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mNUM_HEX_4DIGIT(false); match(':' /* charlit */ ); } else { - if ( _cnt155>=1 ) { goto _loop155; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt185>=1 ) { goto _loop185; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt155++; + _cnt185++; } - _loop155:; + _loop185:; } // ( ... )+ match(':' /* charlit */ ); - { - if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { - mNUM_HEX_4DIGIT(false); - { // ( ... )* - for (;;) { - if ((LA(1) == 0x3a /* ':' */ )) { - match(':' /* charlit */ ); - mNUM_HEX_4DIGIT(false); - } - else { - goto _loop158; - } - - } - _loop158:; - } // ( ... )* - } - else { - } - - } - } - if ( inputState->guessing==0 ) { -#line 819 "pf.g" - _ttype = IPV6; -#line 1068 "PFCfgLexer.cpp" } } - else if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && ((LA(2) >= 0x61 /* 'a' */ && LA(2) <= 0x66 /* 'f' */ )) && ((LA(3) >= 0x30 /* '0' */ && LA(3) <= 0x3a /* ':' */ ))) { + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { + synPredMatched186 = false; + } + rewind(_m186); + inputState->guessing--; + } + if ( synPredMatched186 ) { + { + { // ( ... )+ + int _cnt189=0; + for (;;) { + if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { + mNUM_HEX_4DIGIT(false); + match(':' /* charlit */ ); + } + else { + if ( _cnt189>=1 ) { goto _loop189; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + } + + _cnt189++; + } + _loop189:; + } // ( ... )+ + match(':' /* charlit */ ); + { + if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mNUM_HEX_4DIGIT(false); - { // ( ... )+ - int _cnt160=0; + { // ( ... )* for (;;) { if ((LA(1) == 0x3a /* ':' */ )) { match(':' /* charlit */ ); mNUM_HEX_4DIGIT(false); } else { - if ( _cnt160>=1 ) { goto _loop160; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + goto _loop192; } - _cnt160++; - } - _loop160:; - } // ( ... )+ - if ( inputState->guessing==0 ) { -#line 822 "pf.g" - _ttype = IPV6; -#line 1091 "PFCfgLexer.cpp" } + _loop192:; + } // ( ... )* } else { - throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn()); } + } } if ( inputState->guessing==0 ) { -#line 824 "pf.g" +#line 1012 "pf.g" _ttype = IPV6; -#line 1102 "PFCfgLexer.cpp" +#line 997 "PFCfgLexer.cpp" } } - else if ((LA(1) == 0x3a /* ':' */ ) && (LA(2) == 0x3a /* ':' */ ) && (true)) { - match(':' /* charlit */ ); - match(':' /* charlit */ ); - if ( inputState->guessing==0 ) { -#line 831 "pf.g" - _ttype = IPV6; -#line 1111 "PFCfgLexer.cpp" - } - } - else if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (true) && (true)) { + else if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && ((LA(2) >= 0x61 /* 'a' */ && LA(2) <= 0x66 /* 'f' */ )) && ((LA(3) >= 0x30 /* '0' */ && LA(3) <= 0x3a /* ':' */ ))) { + mNUM_HEX_4DIGIT(false); { // ( ... )+ - int _cnt145=0; + int _cnt194=0; for (;;) { - if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { - mDIGIT(false); + if ((LA(1) == 0x3a /* ':' */ )) { + match(':' /* charlit */ ); + mNUM_HEX_4DIGIT(false); } else { - if ( _cnt145>=1 ) { goto _loop145; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt194>=1 ) { goto _loop194; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt145++; + _cnt194++; } - _loop145:; + _loop194:; } // ( ... )+ if ( inputState->guessing==0 ) { -#line 810 "pf.g" - _ttype = INT_CONST; -#line 1132 "PFCfgLexer.cpp" +#line 1015 "pf.g" + _ttype = IPV6; +#line 1020 "PFCfgLexer.cpp" } } - else if ((LA(1) == 0x3a /* ':' */ ) && (true)) { - match(':' /* charlit */ ); - if ( inputState->guessing==0 ) { -#line 834 "pf.g" - _ttype = COLON; -#line 1140 "PFCfgLexer.cpp" - } + else { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn()); } - else if ((_tokenSet_3.member(LA(1)))) { - { + + } + if ( inputState->guessing==0 ) { +#line 1017 "pf.g" + _ttype = IPV6; +#line 1031 "PFCfgLexer.cpp" + } + } + else if ((LA(1) == 0x3a /* ':' */ ) && (LA(2) == 0x3a /* ':' */ ) && (true)) { + match(':' /* charlit */ ); + match(':' /* charlit */ ); + if ( inputState->guessing==0 ) { +#line 1024 "pf.g" + _ttype = IPV6; +#line 1040 "PFCfgLexer.cpp" + } + } + else if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (true) && (true)) { + { // ( ... )+ + int _cnt179=0; + for (;;) { + if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { + mDIGIT(false); + } + else { + if ( _cnt179>=1 ) { goto _loop179; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + } + + _cnt179++; + } + _loop179:; + } // ( ... )+ + if ( inputState->guessing==0 ) { +#line 1003 "pf.g" + _ttype = INT_CONST; +#line 1061 "PFCfgLexer.cpp" + } + } + else if ((LA(1) == 0x3a /* ':' */ ) && (true)) { + match(':' /* charlit */ ); + if ( inputState->guessing==0 ) { +#line 1027 "pf.g" + _ttype = COLON; +#line 1069 "PFCfgLexer.cpp" + } + } + else if ((_tokenSet_3.member(LA(1)))) { + { + switch ( LA(1)) { + case 0x61 /* 'a' */ : + case 0x62 /* 'b' */ : + case 0x63 /* 'c' */ : + case 0x64 /* 'd' */ : + case 0x65 /* 'e' */ : + case 0x66 /* 'f' */ : + case 0x67 /* 'g' */ : + case 0x68 /* 'h' */ : + case 0x69 /* 'i' */ : + case 0x6a /* 'j' */ : + case 0x6b /* 'k' */ : + case 0x6c /* 'l' */ : + case 0x6d /* 'm' */ : + case 0x6e /* 'n' */ : + case 0x6f /* 'o' */ : + case 0x70 /* 'p' */ : + case 0x71 /* 'q' */ : + case 0x72 /* 'r' */ : + case 0x73 /* 's' */ : + case 0x74 /* 't' */ : + case 0x75 /* 'u' */ : + case 0x76 /* 'v' */ : + case 0x77 /* 'w' */ : + case 0x78 /* 'x' */ : + case 0x79 /* 'y' */ : + case 0x7a /* 'z' */ : + { + matchRange('a','z'); + break; + } + case 0x41 /* 'A' */ : + case 0x42 /* 'B' */ : + case 0x43 /* 'C' */ : + case 0x44 /* 'D' */ : + case 0x45 /* 'E' */ : + case 0x46 /* 'F' */ : + case 0x47 /* 'G' */ : + case 0x48 /* 'H' */ : + case 0x49 /* 'I' */ : + case 0x4a /* 'J' */ : + case 0x4b /* 'K' */ : + case 0x4c /* 'L' */ : + case 0x4d /* 'M' */ : + case 0x4e /* 'N' */ : + case 0x4f /* 'O' */ : + case 0x50 /* 'P' */ : + case 0x51 /* 'Q' */ : + case 0x52 /* 'R' */ : + case 0x53 /* 'S' */ : + case 0x54 /* 'T' */ : + case 0x55 /* 'U' */ : + case 0x56 /* 'V' */ : + case 0x57 /* 'W' */ : + case 0x58 /* 'X' */ : + case 0x59 /* 'Y' */ : + case 0x5a /* 'Z' */ : + { + matchRange('A','Z'); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn()); + } + } + } + { // ( ... )* + for (;;) { switch ( LA(1)) { - case 0x61 /* 'a' */ : - case 0x62 /* 'b' */ : - case 0x63 /* 'c' */ : - case 0x64 /* 'd' */ : - case 0x65 /* 'e' */ : - case 0x66 /* 'f' */ : - case 0x67 /* 'g' */ : - case 0x68 /* 'h' */ : - case 0x69 /* 'i' */ : - case 0x6a /* 'j' */ : - case 0x6b /* 'k' */ : - case 0x6c /* 'l' */ : - case 0x6d /* 'm' */ : - case 0x6e /* 'n' */ : - case 0x6f /* 'o' */ : - case 0x70 /* 'p' */ : - case 0x71 /* 'q' */ : - case 0x72 /* 'r' */ : - case 0x73 /* 's' */ : - case 0x74 /* 't' */ : - case 0x75 /* 'u' */ : - case 0x76 /* 'v' */ : - case 0x77 /* 'w' */ : - case 0x78 /* 'x' */ : - case 0x79 /* 'y' */ : - case 0x7a /* 'z' */ : + case 0x22 /* '\"' */ : { - matchRange('a','z'); + match('\"' /* charlit */ ); + break; + } + case 0x24 /* '$' */ : + { + match('$' /* charlit */ ); + break; + } + case 0x25 /* '%' */ : + { + match('%' /* charlit */ ); + break; + } + case 0x26 /* '&' */ : + { + match('&' /* charlit */ ); + break; + } + case 0x2d /* '-' */ : + { + match('-' /* charlit */ ); + break; + } + case 0x30 /* '0' */ : + case 0x31 /* '1' */ : + case 0x32 /* '2' */ : + case 0x33 /* '3' */ : + case 0x34 /* '4' */ : + case 0x35 /* '5' */ : + case 0x36 /* '6' */ : + case 0x37 /* '7' */ : + case 0x38 /* '8' */ : + case 0x39 /* '9' */ : + { + matchRange('0','9'); + break; + } + case 0x3b /* ';' */ : + { + match(';' /* charlit */ ); + break; + } + case 0x3f /* '?' */ : + { + match('?' /* charlit */ ); + break; + } + case 0x40 /* '@' */ : + { + match('@' /* charlit */ ); break; } case 0x41 /* 'A' */ : @@ -1202,157 +1224,74 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { matchRange('A','Z'); break; } + case 0x5c /* '\\' */ : + { + match('\\' /* charlit */ ); + break; + } + case 0x5e /* '^' */ : + { + match('^' /* charlit */ ); + break; + } + case 0x5f /* '_' */ : + { + match('_' /* charlit */ ); + break; + } + case 0x60 /* '`' */ : + { + match('`' /* charlit */ ); + break; + } + case 0x61 /* 'a' */ : + case 0x62 /* 'b' */ : + case 0x63 /* 'c' */ : + case 0x64 /* 'd' */ : + case 0x65 /* 'e' */ : + case 0x66 /* 'f' */ : + case 0x67 /* 'g' */ : + case 0x68 /* 'h' */ : + case 0x69 /* 'i' */ : + case 0x6a /* 'j' */ : + case 0x6b /* 'k' */ : + case 0x6c /* 'l' */ : + case 0x6d /* 'm' */ : + case 0x6e /* 'n' */ : + case 0x6f /* 'o' */ : + case 0x70 /* 'p' */ : + case 0x71 /* 'q' */ : + case 0x72 /* 'r' */ : + case 0x73 /* 's' */ : + case 0x74 /* 't' */ : + case 0x75 /* 'u' */ : + case 0x76 /* 'v' */ : + case 0x77 /* 'w' */ : + case 0x78 /* 'x' */ : + case 0x79 /* 'y' */ : + case 0x7a /* 'z' */ : + { + matchRange('a','z'); + break; + } default: { - throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn()); + goto _loop201; } } - } - { // ( ... )* - for (;;) { - switch ( LA(1)) { - case 0x24 /* '$' */ : - { - match('$' /* charlit */ ); - break; - } - case 0x25 /* '%' */ : - { - match('%' /* charlit */ ); - break; - } - case 0x26 /* '&' */ : - { - match('&' /* charlit */ ); - break; - } - case 0x30 /* '0' */ : - case 0x31 /* '1' */ : - case 0x32 /* '2' */ : - case 0x33 /* '3' */ : - case 0x34 /* '4' */ : - case 0x35 /* '5' */ : - case 0x36 /* '6' */ : - case 0x37 /* '7' */ : - case 0x38 /* '8' */ : - case 0x39 /* '9' */ : - { - matchRange('0','9'); - break; - } - case 0x3b /* ';' */ : - { - match(';' /* charlit */ ); - break; - } - case 0x3f /* '?' */ : - { - match('?' /* charlit */ ); - break; - } - case 0x40 /* '@' */ : - { - match('@' /* charlit */ ); - break; - } - case 0x41 /* 'A' */ : - case 0x42 /* 'B' */ : - case 0x43 /* 'C' */ : - case 0x44 /* 'D' */ : - case 0x45 /* 'E' */ : - case 0x46 /* 'F' */ : - case 0x47 /* 'G' */ : - case 0x48 /* 'H' */ : - case 0x49 /* 'I' */ : - case 0x4a /* 'J' */ : - case 0x4b /* 'K' */ : - case 0x4c /* 'L' */ : - case 0x4d /* 'M' */ : - case 0x4e /* 'N' */ : - case 0x4f /* 'O' */ : - case 0x50 /* 'P' */ : - case 0x51 /* 'Q' */ : - case 0x52 /* 'R' */ : - case 0x53 /* 'S' */ : - case 0x54 /* 'T' */ : - case 0x55 /* 'U' */ : - case 0x56 /* 'V' */ : - case 0x57 /* 'W' */ : - case 0x58 /* 'X' */ : - case 0x59 /* 'Y' */ : - case 0x5a /* 'Z' */ : - { - matchRange('A','Z'); - break; - } - case 0x5c /* '\\' */ : - { - match('\\' /* charlit */ ); - break; - } - case 0x5e /* '^' */ : - { - match('^' /* charlit */ ); - break; - } - case 0x5f /* '_' */ : - { - match('_' /* charlit */ ); - break; - } - case 0x60 /* '`' */ : - { - match('`' /* charlit */ ); - break; - } - case 0x61 /* 'a' */ : - case 0x62 /* 'b' */ : - case 0x63 /* 'c' */ : - case 0x64 /* 'd' */ : - case 0x65 /* 'e' */ : - case 0x66 /* 'f' */ : - case 0x67 /* 'g' */ : - case 0x68 /* 'h' */ : - case 0x69 /* 'i' */ : - case 0x6a /* 'j' */ : - case 0x6b /* 'k' */ : - case 0x6c /* 'l' */ : - case 0x6d /* 'm' */ : - case 0x6e /* 'n' */ : - case 0x6f /* 'o' */ : - case 0x70 /* 'p' */ : - case 0x71 /* 'q' */ : - case 0x72 /* 'r' */ : - case 0x73 /* 's' */ : - case 0x74 /* 't' */ : - case 0x75 /* 'u' */ : - case 0x76 /* 'v' */ : - case 0x77 /* 'w' */ : - case 0x78 /* 'x' */ : - case 0x79 /* 'y' */ : - case 0x7a /* 'z' */ : - { - matchRange('a','z'); - break; - } - default: - { - goto _loop167; - } - } - } - _loop167:; - } // ( ... )* - if ( inputState->guessing==0 ) { -#line 845 "pf.g" - _ttype = WORD; -#line 1350 "PFCfgLexer.cpp" - } } + _loop201:; + } // ( ... )* + if ( inputState->guessing==0 ) { +#line 1039 "pf.g" + _ttype = WORD; +#line 1289 "PFCfgLexer.cpp" + } + } else { throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn()); } - }}}} + }}} _ttype = testLiteralsTable(_ttype); if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { _token = makeToken(_ttype); @@ -1374,11 +1313,11 @@ void PFCfgLexer::mSTRING(bool _createToken) { matchNot('\"' /* charlit */ ); } else { - goto _loop170; + goto _loop204; } } - _loop170:; + _loop204:; } // ( ... )* match('\"' /* charlit */ ); if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { @@ -1767,17 +1706,33 @@ void PFCfgLexer::mGREATER_THAN(bool _createToken) { _saveIndex=0; } +void PFCfgLexer::mDOUBLE_QUOTE(bool _createToken) { + int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length(); + _ttype = DOUBLE_QUOTE; + ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; + + match('\"' /* charlit */ ); + if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { + _token = makeToken(_ttype); + _token->setText(text.substr(_begin, text.length()-_begin)); + } + _returnToken = _token; + _saveIndex=0; +} + const unsigned long PFCfgLexer::_tokenSet_0_data_[] = { 4294958072UL, 1UL, 0UL, 2147483648UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // 0x3 0x4 0x5 0x6 0x7 0x8 0x9 0xb 0xc 0xe 0xf 0x10 0x11 0x12 0x13 0x14 -// 0x15 0x16 0x17 0x18 0x19 0x1a 0x1b 0x1c 0x1d 0x1e 0x1f +// 0x15 0x16 0x17 0x18 0x19 0x1a 0x1b 0x1c 0x1d 0x1e 0x1f 0x7f 0x80 0x81 +// 0x82 0x83 0x84 const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgLexer::_tokenSet_0(_tokenSet_0_data_,16); const unsigned long PFCfgLexer::_tokenSet_1_data_[] = { 4294958072UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // 0x3 0x4 0x5 0x6 0x7 0x8 0x9 0xb 0xc 0xe 0xf 0x10 0x11 0x12 0x13 0x14 // 0x15 0x16 0x17 0x18 0x19 0x1a 0x1b 0x1c 0x1d 0x1e 0x1f ! \" # $ % // & \' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ? @ A B C D E F G // H I J K L M N O P Q R S T U V W X Y Z [ 0x5c ] ^ _ ` a b c d e f g h -// i j k l m n o p q r s t u v w x y z { | } ~ +// i j k l m n o p q r s t u v w x y z { | } ~ 0x7f 0x80 0x81 0x82 0x83 +// 0x84 const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgLexer::_tokenSet_1(_tokenSet_1_data_,16); const unsigned long PFCfgLexer::_tokenSet_2_data_[] = { 0UL, 67059712UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // . 0 1 2 3 4 5 6 7 8 9 @@ -1791,6 +1746,7 @@ const unsigned long PFCfgLexer::_tokenSet_4_data_[] = { 4294967288UL, 4294967291 // 0x14 0x15 0x16 0x17 0x18 0x19 0x1a 0x1b 0x1c 0x1d 0x1e 0x1f ! # $ // % & \' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ? @ A B C D E F // G H I J K L M N O P Q R S T U V W X Y Z [ 0x5c ] ^ _ ` a b c d e f g -// h i j k l m n o p q r s t u v w x y z { | } ~ +// h i j k l m n o p q r s t u v w x y z { | } ~ 0x7f 0x80 0x81 0x82 0x83 +// 0x84 const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgLexer::_tokenSet_4(_tokenSet_4_data_,16); diff --git a/src/parsers/PFCfgLexer.hpp b/src/parsers/PFCfgLexer.hpp index ecc5fb57e..884935613 100644 --- a/src/parsers/PFCfgLexer.hpp +++ b/src/parsers/PFCfgLexer.hpp @@ -88,6 +88,7 @@ public: public: void mEXLAMATION(bool _createToken); public: void mLESS_THAN(bool _createToken); public: void mGREATER_THAN(bool _createToken); + public: void mDOUBLE_QUOTE(bool _createToken); private: static const unsigned long _tokenSet_0_data_[]; diff --git a/src/parsers/PFCfgParser.cpp b/src/parsers/PFCfgParser.cpp index 9d887fd92..11dcdb9ff 100644 --- a/src/parsers/PFCfgParser.cpp +++ b/src/parsers/PFCfgParser.cpp @@ -81,6 +81,11 @@ void PFCfgParser::cfgfile() { scrub_command(); break; } + case TABLE: + { + table_command(); + break; + } case NAT: { nat_command(); @@ -155,13 +160,13 @@ void PFCfgParser::macro_definition() { try { // for error handling match(WORD); match(EQUAL); -#line 151 "pf.g" +#line 153 "pf.g" importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); consumeUntil(NEWLINE); -#line 165 "PFCfgParser.cpp" +#line 170 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -174,15 +179,15 @@ void PFCfgParser::altq_command() { try { // for error handling match(ALTQ); -#line 171 "pf.g" +#line 173 "pf.g" importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); importer->addMessageToLog( - QString("Warning: import of 'altq' commands is not supported.")); + QString("Error: import of 'altq' commands is not supported.")); consumeUntil(NEWLINE); -#line 186 "PFCfgParser.cpp" +#line 191 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -195,7 +200,7 @@ void PFCfgParser::antispoof_command() { try { // for error handling match(ANTISPOOF); -#line 160 "pf.g" +#line 162 "pf.g" importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); @@ -203,7 +208,7 @@ void PFCfgParser::antispoof_command() { QString("Warning: import of 'antispoof' commands has not been implemented yet.")); consumeUntil(NEWLINE); -#line 207 "PFCfgParser.cpp" +#line 212 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -216,15 +221,15 @@ void PFCfgParser::queue_command() { try { // for error handling match(QUEUE); -#line 182 "pf.g" +#line 184 "pf.g" importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); importer->addMessageToLog( - QString("Warning: import of 'queue' commands is not supported.")); + QString("Error: import of 'queue' commands is not supported.")); consumeUntil(NEWLINE); -#line 228 "PFCfgParser.cpp" +#line 233 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -237,7 +242,7 @@ void PFCfgParser::set_command() { try { // for error handling match(SET); -#line 193 "pf.g" +#line 195 "pf.g" importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); @@ -245,7 +250,7 @@ void PFCfgParser::set_command() { QString("Warning: import of 'set' commands has not been implemented yet.")); consumeUntil(NEWLINE); -#line 249 "PFCfgParser.cpp" +#line 254 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -258,7 +263,7 @@ void PFCfgParser::scrub_command() { try { // for error handling match(SCRUB); -#line 204 "pf.g" +#line 206 "pf.g" importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); @@ -266,7 +271,28 @@ void PFCfgParser::scrub_command() { QString("Warning: import of 'scrub' commands has not been implemented yet.")); consumeUntil(NEWLINE); -#line 270 "PFCfgParser.cpp" +#line 275 "PFCfgParser.cpp" + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_0); + } +} + +void PFCfgParser::table_command() { + Tracer traceInOut(this, "table_command"); + + try { // for error handling + match(TABLE); +#line 217 "pf.g" + + importer->clear(); + importer->setCurrentLineNumber(LT(0)->getLine()); + importer->addMessageToLog( + QString("Warning: import of 'table' commands has not been implemented yet.")); + consumeUntil(NEWLINE); + +#line 296 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -279,7 +305,7 @@ void PFCfgParser::nat_command() { try { // for error handling match(NAT); -#line 215 "pf.g" +#line 228 "pf.g" importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); @@ -287,7 +313,7 @@ void PFCfgParser::nat_command() { QString("Warning: import of 'nat' commands has not been implemented yet.")); consumeUntil(NEWLINE); -#line 291 "PFCfgParser.cpp" +#line 317 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -300,7 +326,7 @@ void PFCfgParser::rdr_command() { try { // for error handling match(RDR); -#line 237 "pf.g" +#line 250 "pf.g" importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); @@ -308,7 +334,7 @@ void PFCfgParser::rdr_command() { QString("Warning: import of 'rdr' commands has not been implemented yet.")); consumeUntil(NEWLINE); -#line 312 "PFCfgParser.cpp" +#line 338 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -321,15 +347,15 @@ void PFCfgParser::binat_command() { try { // for error handling match(BINAT); -#line 226 "pf.g" +#line 239 "pf.g" importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); importer->addMessageToLog( - QString("Warning: import of 'binat' commands is not supported.")); + QString("Error: import of 'binat' commands is not supported.")); consumeUntil(NEWLINE); -#line 333 "PFCfgParser.cpp" +#line 359 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -342,7 +368,7 @@ void PFCfgParser::pass_command() { try { // for error handling match(PASS); -#line 271 "pf.g" +#line 284 "pf.g" importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); @@ -350,16 +376,14 @@ void PFCfgParser::pass_command() { importer->action = "pass"; *dbg << LT(1)->getLine() << ":" << " pass "; -#line 354 "PFCfgParser.cpp" +#line 380 "PFCfgParser.cpp" rule_extended(); match(NEWLINE); -#line 279 "pf.g" +#line 292 "pf.g" - importer->setInterfaceAndDirectionForRuleSet( - "", importer->iface, importer->direction); importer->pushRule(); -#line 363 "PFCfgParser.cpp" +#line 387 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -372,7 +396,7 @@ void PFCfgParser::block_command() { try { // for error handling match(BLOCK); -#line 287 "pf.g" +#line 298 "pf.g" importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); @@ -380,16 +404,14 @@ void PFCfgParser::block_command() { importer->action = "block"; *dbg << LT(1)->getLine() << ":" << " block "; -#line 384 "PFCfgParser.cpp" +#line 408 "PFCfgParser.cpp" rule_extended(); match(NEWLINE); -#line 295 "pf.g" +#line 306 "pf.g" - importer->setInterfaceAndDirectionForRuleSet( - "", importer->iface, importer->direction); importer->pushRule(); -#line 393 "PFCfgParser.cpp" +#line 415 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -402,7 +424,7 @@ void PFCfgParser::timeout_command() { try { // for error handling match(TIMEOUT); -#line 248 "pf.g" +#line 261 "pf.g" importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); @@ -410,7 +432,7 @@ void PFCfgParser::timeout_command() { QString("Warning: import of 'timeout' commands has not been implemented yet.")); consumeUntil(NEWLINE); -#line 414 "PFCfgParser.cpp" +#line 436 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -423,13 +445,13 @@ void PFCfgParser::unknown_command() { try { // for error handling match(WORD); -#line 260 "pf.g" +#line 273 "pf.g" importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); consumeUntil(NEWLINE); -#line 433 "PFCfgParser.cpp" +#line 455 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -441,15 +463,17 @@ void PFCfgParser::rule_extended() { Tracer traceInOut(this, "rule_extended"); try { // for error handling - direction(); { switch ( LA(1)) { - case LOG: + case IN: + case OUT: { - logging(); + direction(); break; } case NEWLINE: + case QUEUE: + case LOG: case ALL: case TO: case QUICK: @@ -458,6 +482,56 @@ void PFCfgParser::rule_extended() { case INET6: case PROTO: case FROM: + case ROUTE_TO: + case REPLY_TO: + case FLAGS: + case ICMP_TYPE: + case ICMP6_TYPE: + case TAGGED: + case TAG: + case NO: + case KEEP: + case MODULATE: + case SYNPROXY: + case LABEL: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + { + switch ( LA(1)) { + case LOG: + { + logging(); + break; + } + case NEWLINE: + case QUEUE: + case ALL: + case TO: + case QUICK: + case ON: + case INET: + case INET6: + case PROTO: + case FROM: + case ROUTE_TO: + case REPLY_TO: + case FLAGS: + case ICMP_TYPE: + case ICMP6_TYPE: + case TAGGED: + case TAG: + case NO: + case KEEP: + case MODULATE: + case SYNPROXY: + case LABEL: { break; } @@ -475,6 +549,7 @@ void PFCfgParser::rule_extended() { break; } case NEWLINE: + case QUEUE: case ALL: case TO: case ON: @@ -482,6 +557,18 @@ void PFCfgParser::rule_extended() { case INET6: case PROTO: case FROM: + case ROUTE_TO: + case REPLY_TO: + case FLAGS: + case ICMP_TYPE: + case ICMP6_TYPE: + case TAGGED: + case TAG: + case NO: + case KEEP: + case MODULATE: + case SYNPROXY: + case LABEL: { break; } @@ -499,12 +586,25 @@ void PFCfgParser::rule_extended() { break; } case NEWLINE: + case QUEUE: case ALL: case TO: case INET: case INET6: case PROTO: case FROM: + case ROUTE_TO: + case REPLY_TO: + case FLAGS: + case ICMP_TYPE: + case ICMP6_TYPE: + case TAGGED: + case TAG: + case NO: + case KEEP: + case MODULATE: + case SYNPROXY: + case LABEL: { break; } @@ -516,54 +616,128 @@ void PFCfgParser::rule_extended() { } { switch ( LA(1)) { + case ROUTE_TO: + case REPLY_TO: + { + route(); + break; + } + case NEWLINE: + case QUEUE: case ALL: case TO: case INET: case INET6: case PROTO: case FROM: + case FLAGS: + case ICMP_TYPE: + case ICMP6_TYPE: + case TAGGED: + case TAG: + case NO: + case KEEP: + case MODULATE: + case SYNPROXY: + case LABEL: { - { - switch ( LA(1)) { - case INET: - case INET6: - { - address_family(); - break; - } - case ALL: - case TO: - case PROTO: - case FROM: - { - break; - } - default: - { - throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); - } - } - } - { - switch ( LA(1)) { - case PROTO: - { - protospec(); - break; - } - case ALL: - case TO: - case FROM: - { - break; - } - default: - { - throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); - } - } - } + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + { + switch ( LA(1)) { + case INET: + case INET6: + { + address_family(); + break; + } + case NEWLINE: + case QUEUE: + case ALL: + case TO: + case PROTO: + case FROM: + case FLAGS: + case ICMP_TYPE: + case ICMP6_TYPE: + case TAGGED: + case TAG: + case NO: + case KEEP: + case MODULATE: + case SYNPROXY: + case LABEL: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + { + switch ( LA(1)) { + case PROTO: + { + protospec(); + break; + } + case NEWLINE: + case QUEUE: + case ALL: + case TO: + case FROM: + case FLAGS: + case ICMP_TYPE: + case ICMP6_TYPE: + case TAGGED: + case TAG: + case NO: + case KEEP: + case MODULATE: + case SYNPROXY: + case LABEL: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + { + if ((_tokenSet_2.member(LA(1))) && (_tokenSet_3.member(LA(2)))) { hosts(); + } + else if ((_tokenSet_4.member(LA(1))) && (_tokenSet_5.member(LA(2)))) { + } + else { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + + } + { + switch ( LA(1)) { + case QUEUE: + case FLAGS: + case ICMP_TYPE: + case ICMP6_TYPE: + case TAGGED: + case TAG: + case NO: + case KEEP: + case MODULATE: + case SYNPROXY: + case LABEL: + { filteropts(); break; } @@ -580,7 +754,7 @@ void PFCfgParser::rule_extended() { } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_2); + recover(ex,_tokenSet_6); } } @@ -606,15 +780,15 @@ void PFCfgParser::direction() { } } } -#line 316 "pf.g" +#line 324 "pf.g" importer->direction = LT(0)->getText(); -#line 614 "PFCfgParser.cpp" +#line 788 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_3); + recover(ex,_tokenSet_7); } } @@ -623,16 +797,53 @@ void PFCfgParser::logging() { try { // for error handling match(LOG); - logopts(); -#line 322 "pf.g" + { + switch ( LA(1)) { + case OPENING_PAREN: + { + logopts(); + break; + } + case NEWLINE: + case QUEUE: + case ALL: + case TO: + case QUICK: + case ON: + case INET: + case INET6: + case PROTO: + case FROM: + case ROUTE_TO: + case REPLY_TO: + case FLAGS: + case ICMP_TYPE: + case ICMP6_TYPE: + case TAGGED: + case TAG: + case NO: + case KEEP: + case MODULATE: + case SYNPROXY: + case LABEL: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } +#line 331 "pf.g" importer->logging = true; -#line 632 "PFCfgParser.cpp" +#line 843 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_4); + recover(ex,_tokenSet_8); } } @@ -641,15 +852,15 @@ void PFCfgParser::quick() { try { // for error handling match(QUICK); -#line 339 "pf.g" +#line 353 "pf.g" importer->quick = true; -#line 649 "PFCfgParser.cpp" +#line 860 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_5); + recover(ex,_tokenSet_9); } } @@ -658,17 +869,56 @@ void PFCfgParser::intrface() { try { // for error handling match(ON); - match(WORD); -#line 345 "pf.g" - - importer->iface = LT(0)->getText(); - importer->newInterface(importer->iface); - -#line 668 "PFCfgParser.cpp" + { + switch ( LA(1)) { + case WORD: + case EXLAMATION: + { + ifspec(); + break; + } + case OPENING_BRACE: + { + interface_list(); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_6); + recover(ex,_tokenSet_10); + } +} + +void PFCfgParser::route() { + Tracer traceInOut(this, "route"); + + try { // for error handling + switch ( LA(1)) { + case ROUTE_TO: + { + route_to(); + break; + } + case REPLY_TO: + { + reply_to(); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_11); } } @@ -685,11 +935,11 @@ void PFCfgParser::address_family() { case INET6: { match(INET6); -#line 352 "pf.g" +#line 383 "pf.g" importer->address_family = LT(0)->getText(); -#line 693 "PFCfgParser.cpp" +#line 943 "PFCfgParser.cpp" break; } default: @@ -700,7 +950,7 @@ void PFCfgParser::address_family() { } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_7); + recover(ex,_tokenSet_12); } } @@ -709,6 +959,327 @@ void PFCfgParser::protospec() { try { // for error handling match(PROTO); + proto_def(); + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_2); + } +} + +void PFCfgParser::hosts() { + Tracer traceInOut(this, "hosts"); + + try { // for error handling + switch ( LA(1)) { + case ALL: + { + match(ALL); +#line 426 "pf.g" + + importer->src_group.push_back( + AddressSpec(AddressSpec::ANY, "0.0.0.0", "0.0.0.0")); + importer->dst_group.push_back( + AddressSpec(AddressSpec::ANY, "0.0.0.0", "0.0.0.0")); + +#line 986 "PFCfgParser.cpp" + break; + } + case NEWLINE: + case QUEUE: + case TO: + case FROM: + case FLAGS: + case ICMP_TYPE: + case ICMP6_TYPE: + case TAGGED: + case TAG: + case NO: + case KEEP: + case MODULATE: + case SYNPROXY: + case LABEL: + { + { + switch ( LA(1)) { + case FROM: + { + hosts_from(); + break; + } + case NEWLINE: + case QUEUE: + case TO: + case FLAGS: + case ICMP_TYPE: + case ICMP6_TYPE: + case TAGGED: + case TAG: + case NO: + case KEEP: + case MODULATE: + case SYNPROXY: + case LABEL: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + { + switch ( LA(1)) { + case TO: + { + hosts_to(); + break; + } + case NEWLINE: + case QUEUE: + case FLAGS: + case ICMP_TYPE: + case ICMP6_TYPE: + case TAGGED: + case TAG: + case NO: + case KEEP: + case MODULATE: + case SYNPROXY: + case LABEL: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_4); + } +} + +void PFCfgParser::filteropts() { + Tracer traceInOut(this, "filteropts"); + + try { // for error handling + filteropt(); + { // ( ... )* + for (;;) { + if ((_tokenSet_13.member(LA(1)))) { + { + switch ( LA(1)) { + case COMMA: + { + match(COMMA); + break; + } + case QUEUE: + case FLAGS: + case ICMP_TYPE: + case ICMP6_TYPE: + case TAGGED: + case TAG: + case NO: + case KEEP: + case MODULATE: + case SYNPROXY: + case LABEL: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + filteropt(); + } + else { + goto _loop95; + } + + } + _loop95:; + } // ( ... )* + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_6); + } +} + +void PFCfgParser::logopts() { + Tracer traceInOut(this, "logopts"); + + try { // for error handling + match(OPENING_PAREN); + logopt(); + { // ( ... )* + for (;;) { + if ((LA(1) == COMMA)) { + match(COMMA); +#line 340 "pf.g" + importer->logopts += ","; +#line 1138 "PFCfgParser.cpp" + logopt(); + } + else { + goto _loop35; + } + + } + _loop35:; + } // ( ... )* + match(CLOSING_PAREN); + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_8); + } +} + +void PFCfgParser::logopt() { + Tracer traceInOut(this, "logopt"); + + try { // for error handling + switch ( LA(1)) { + case ALL: + { + match(ALL); + break; + } + case USER: + { + match(USER); + break; + } + case TO: + { + match(TO); + match(WORD); +#line 347 "pf.g" + + importer->logopts += LT(0)->getText(); + +#line 1179 "PFCfgParser.cpp" + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_14); + } +} + +void PFCfgParser::ifspec() { + Tracer traceInOut(this, "ifspec"); +#line 361 "pf.g" + InterfaceSpec is; +#line 1198 "PFCfgParser.cpp" + + try { // for error handling + { + switch ( LA(1)) { + case EXLAMATION: + { + match(EXLAMATION); +#line 362 "pf.g" + is.neg = true; +#line 1208 "PFCfgParser.cpp" + break; + } + case WORD: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + match(WORD); +#line 364 "pf.g" + + is.name = LT(0)->getText(); + importer->iface_group.push_back(is); + importer->newInterface(is.name); + +#line 1228 "PFCfgParser.cpp" + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_15); + } +} + +void PFCfgParser::interface_list() { + Tracer traceInOut(this, "interface_list"); + + try { // for error handling + match(OPENING_BRACE); + ifspec(); + { // ( ... )* + for (;;) { + if ((LA(1) == WORD || LA(1) == COMMA || LA(1) == EXLAMATION)) { + { + switch ( LA(1)) { + case COMMA: + { + match(COMMA); + break; + } + case WORD: + case EXLAMATION: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + ifspec(); + } + else { + goto _loop45; + } + + } + _loop45:; + } // ( ... )* + match(CLOSING_BRACE); + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_10); + } +} + +void PFCfgParser::proto_def() { + Tracer traceInOut(this, "proto_def"); + + try { // for error handling { switch ( LA(1)) { case IP: @@ -750,233 +1321,7 @@ void PFCfgParser::protospec() { } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_8); - } -} - -void PFCfgParser::hosts() { - Tracer traceInOut(this, "hosts"); - - try { // for error handling - switch ( LA(1)) { - case ALL: - { - match(ALL); - break; - } - case TO: - case FROM: - { - { - { - switch ( LA(1)) { - case FROM: - { - match(FROM); - { - switch ( LA(1)) { - case WORD: - case OPENING_BRACE: - case ANY: - case SELF: - case EXCLAMATION: - case IPV4: - case IPV6: - { - src_hosts_part(); - break; - } - case TO: - case PORT: - { - break; - } - default: - { - throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); - } - } - } - { - switch ( LA(1)) { - case PORT: - { - src_port_part(); - break; - } - case TO: - { - break; - } - default: - { - throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); - } - } - } - break; - } - case TO: - { - break; - } - default: - { - throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); - } - } - } - { - match(TO); - { - switch ( LA(1)) { - case WORD: - case OPENING_BRACE: - case ANY: - case SELF: - case EXCLAMATION: - case IPV4: - case IPV6: - { - dst_hosts_part(); - break; - } - case NEWLINE: - case QUEUE: - case COMMA: - case NO: - case KEEP: - case MODULATE: - case SYNPROXY: - case PORT: - { - break; - } - default: - { - throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); - } - } - } - { - switch ( LA(1)) { - case PORT: - { - dst_port_part(); - break; - } - case NEWLINE: - case QUEUE: - case COMMA: - case NO: - case KEEP: - case MODULATE: - case SYNPROXY: - { - break; - } - default: - { - throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); - } - } - } - } - } - break; - } - default: - { - throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); - } - } - } - catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { - reportError(ex); - recover(ex,_tokenSet_9); - } -} - -void PFCfgParser::filteropts() { - Tracer traceInOut(this, "filteropts"); - - try { // for error handling - filteropt(); - { // ( ... )* - for (;;) { - if ((LA(1) == COMMA)) { - match(COMMA); - filteropt(); - } - else { - goto _loop66; - } - - } - _loop66:; - } // ( ... )* - } - catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { - reportError(ex); - recover(ex,_tokenSet_2); - } -} - -void PFCfgParser::logopts() { - Tracer traceInOut(this, "logopts"); - - try { // for error handling - logopt(); - { // ( ... )* - for (;;) { - if ((LA(1) == COMMA)) { - match(COMMA); - logopt(); - } - else { - goto _loop30; - } - - } - _loop30:; - } // ( ... )* - } - catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { - reportError(ex); - recover(ex,_tokenSet_4); - } -} - -void PFCfgParser::logopt() { - Tracer traceInOut(this, "logopt"); - - try { // for error handling - switch ( LA(1)) { - case ALL: - { - match(ALL); - break; - } - case USER: - { - match(USER); - break; - } - case TO: - { - match(TO); - match(WORD); - break; - } - default: - { - throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); - } - } - } - catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { - reportError(ex); - recover(ex,_tokenSet_10); + recover(ex,_tokenSet_16); } } @@ -1072,15 +1417,15 @@ void PFCfgParser::proto_name() { } } } -#line 369 "pf.g" +#line 403 "pf.g" importer->proto_list.push_back(LT(0)->getText()); -#line 1080 "PFCfgParser.cpp" +#line 1425 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_16); } } @@ -1089,15 +1434,15 @@ void PFCfgParser::proto_number() { try { // for error handling match(INT_CONST); -#line 375 "pf.g" +#line 409 "pf.g" importer->proto_list.push_back(LT(0)->getText()); -#line 1097 "PFCfgParser.cpp" +#line 1442 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_16); } } @@ -1106,25 +1451,215 @@ void PFCfgParser::proto_list() { try { // for error handling match(OPENING_BRACE); - protospec(); + proto_def(); { // ( ... )* for (;;) { - if ((LA(1) == COMMA)) { - match(COMMA); - protospec(); + if ((_tokenSet_17.member(LA(1)))) { + { + switch ( LA(1)) { + case COMMA: + { + match(COMMA); + break; + } + case OPENING_BRACE: + case IP: + case ICMP: + case IGMP: + case TCP: + case UDP: + case RDP: + case RSVP: + case GRE: + case ESP: + case AH: + case EIGRP: + case OSPF: + case IPIP: + case VRRP: + case L2TP: + case ISIS: + case INT_CONST: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + proto_def(); } else { - goto _loop42; + goto _loop56; } } - _loop42:; + _loop56:; } // ( ... )* match(CLOSING_BRACE); } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_16); + } +} + +void PFCfgParser::hosts_from() { + Tracer traceInOut(this, "hosts_from"); + + try { // for error handling + match(FROM); + { + switch ( LA(1)) { + case WORD: + case EXLAMATION: + case OPENING_BRACE: + case URPF_FAILED: + case ANY: + case SELF: + case NO_ROUTE: + case IPV4: + case IPV6: + case LESS_THAN: + { + src_hosts_part(); + break; + } + case NEWLINE: + case QUEUE: + case TO: + case FLAGS: + case ICMP_TYPE: + case ICMP6_TYPE: + case TAGGED: + case TAG: + case NO: + case KEEP: + case MODULATE: + case SYNPROXY: + case LABEL: + case PORT: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + { + switch ( LA(1)) { + case PORT: + { + src_port_part(); + break; + } + case NEWLINE: + case QUEUE: + case TO: + case FLAGS: + case ICMP_TYPE: + case ICMP6_TYPE: + case TAGGED: + case TAG: + case NO: + case KEEP: + case MODULATE: + case SYNPROXY: + case LABEL: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_18); + } +} + +void PFCfgParser::hosts_to() { + Tracer traceInOut(this, "hosts_to"); + + try { // for error handling + match(TO); + { + switch ( LA(1)) { + case WORD: + case EXLAMATION: + case OPENING_BRACE: + case ANY: + case SELF: + case NO_ROUTE: + case IPV4: + case IPV6: + case LESS_THAN: + { + dst_hosts_part(); + break; + } + case NEWLINE: + case QUEUE: + case FLAGS: + case ICMP_TYPE: + case ICMP6_TYPE: + case TAGGED: + case TAG: + case NO: + case KEEP: + case MODULATE: + case SYNPROXY: + case LABEL: + case PORT: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + { + switch ( LA(1)) { + case PORT: + { + dst_port_part(); + break; + } + case NEWLINE: + case QUEUE: + case FLAGS: + case ICMP_TYPE: + case ICMP6_TYPE: + case TAGGED: + case TAG: + case NO: + case KEEP: + case MODULATE: + case SYNPROXY: + case LABEL: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_4); } } @@ -1134,39 +1669,29 @@ void PFCfgParser::src_hosts_part() { try { // for error handling { switch ( LA(1)) { - case ANY: - { - match(ANY); -#line 410 "pf.g" - - importer->tmp_group.push_back( - std::pair("0.0.0.0", "0.0.0.0")); - -#line 1146 "PFCfgParser.cpp" - break; - } - case SELF: - { - match(SELF); -#line 416 "pf.g" - - importer->tmp_group.push_back( - std::pair("self", "255.255.255.255")); - -#line 1157 "PFCfgParser.cpp" - break; - } case WORD: - case EXCLAMATION: + case EXLAMATION: + case OPENING_BRACE: + case ANY: + case SELF: + case NO_ROUTE: case IPV4: case IPV6: + case LESS_THAN: { - host(); + common_hosts_part(); break; } - case OPENING_BRACE: + case URPF_FAILED: { - host_list(); + match(URPF_FAILED); +#line 449 "pf.g" + + importer->tmp_group.push_back( + AddressSpec(AddressSpec::SPECIAL_ADDRESS, + "urpf-failed", "")); + +#line 1695 "PFCfgParser.cpp" break; } default: @@ -1175,17 +1700,17 @@ void PFCfgParser::src_hosts_part() { } } } -#line 425 "pf.g" +#line 455 "pf.g" importer->src_neg = importer->tmp_neg; importer->src_group.splice(importer->src_group.begin(), importer->tmp_group); -#line 1185 "PFCfgParser.cpp" +#line 1710 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_11); + recover(ex,_tokenSet_19); } } @@ -1195,30 +1720,38 @@ void PFCfgParser::src_port_part() { try { // for error handling match(PORT); { - if ((_tokenSet_12.member(LA(1))) && (_tokenSet_13.member(LA(2)))) { - unary_op(); + switch ( LA(1)) { + case WORD: + case EQUAL: + case EXLAMATION: + case INT_CONST: + case LESS_THAN: + case GREATER_THAN: + { + port_op(); + break; } - else if ((LA(1) == WORD || LA(1) == INT_CONST || LA(1) == PORT_RANGE) && ((LA(2) >= EXCEPT_RANGE && LA(2) <= COLON))) { - binary_op(); + case OPENING_BRACE: + { + port_op_list(); + break; } - else if ((LA(1) == OPENING_BRACE)) { - op_list(); - } - else { + default: + { throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); } - } -#line 553 "pf.g" + } +#line 740 "pf.g" importer->src_port_group.splice(importer->src_port_group.begin(), importer->tmp_port_group); -#line 1218 "PFCfgParser.cpp" +#line 1751 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_14); + recover(ex,_tokenSet_18); } } @@ -1226,34 +1759,105 @@ void PFCfgParser::dst_hosts_part() { Tracer traceInOut(this, "dst_hosts_part"); try { // for error handling + common_hosts_part(); +#line 464 "pf.g" + + importer->dst_neg = importer->tmp_neg; + importer->dst_group.splice(importer->dst_group.begin(), + importer->tmp_group); + +#line 1770 "PFCfgParser.cpp" + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_20); + } +} + +void PFCfgParser::dst_port_part() { + Tracer traceInOut(this, "dst_port_part"); + + try { // for error handling + match(PORT); { + switch ( LA(1)) { + case WORD: + case EQUAL: + case EXLAMATION: + case INT_CONST: + case LESS_THAN: + case GREATER_THAN: + { + port_op(); + break; + } + case OPENING_BRACE: + { + port_op_list(); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } +#line 748 "pf.g" + + importer->dst_port_group.splice(importer->dst_port_group.begin(), + importer->tmp_port_group); + +#line 1811 "PFCfgParser.cpp" + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_4); + } +} + +void PFCfgParser::common_hosts_part() { + Tracer traceInOut(this, "common_hosts_part"); + + try { // for error handling switch ( LA(1)) { case ANY: { match(ANY); -#line 435 "pf.g" +#line 473 "pf.g" importer->tmp_group.push_back( - std::pair("0.0.0.0", "0.0.0.0")); + AddressSpec(AddressSpec::ANY, "0.0.0.0", "0.0.0.0")); -#line 1240 "PFCfgParser.cpp" +#line 1832 "PFCfgParser.cpp" break; } case SELF: { match(SELF); -#line 441 "pf.g" +#line 479 "pf.g" importer->tmp_group.push_back( - std::pair("self", "255.255.255.255")); + AddressSpec(AddressSpec::SPECIAL_ADDRESS, "self", "")); -#line 1251 "PFCfgParser.cpp" +#line 1843 "PFCfgParser.cpp" + break; + } + case NO_ROUTE: + { + match(NO_ROUTE); +#line 485 "pf.g" + + importer->tmp_group.push_back( + AddressSpec(AddressSpec::SPECIAL_ADDRESS, "no-route", "")); + +#line 1854 "PFCfgParser.cpp" break; } case WORD: - case EXCLAMATION: + case EXLAMATION: case IPV4: case IPV6: + case LESS_THAN: { host(); break; @@ -1268,51 +1872,10 @@ void PFCfgParser::dst_hosts_part() { throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); } } - } -#line 450 "pf.g" - - importer->dst_neg = importer->tmp_neg; - importer->dst_group.splice(importer->src_group.begin(), - importer->tmp_group); - -#line 1279 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_15); - } -} - -void PFCfgParser::dst_port_part() { - Tracer traceInOut(this, "dst_port_part"); - - try { // for error handling - match(PORT); - { - if ((_tokenSet_12.member(LA(1))) && (_tokenSet_16.member(LA(2)))) { - unary_op(); - } - else if ((LA(1) == WORD || LA(1) == INT_CONST || LA(1) == PORT_RANGE) && ((LA(2) >= EXCEPT_RANGE && LA(2) <= COLON))) { - binary_op(); - } - else if ((LA(1) == OPENING_BRACE)) { - op_list(); - } - else { - throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); - } - - } -#line 561 "pf.g" - - importer->dst_port_group.splice(importer->dst_port_group.begin(), - importer->tmp_port_group); - -#line 1312 "PFCfgParser.cpp" - } - catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { - reportError(ex); - recover(ex,_tokenSet_9); + recover(ex,_tokenSet_19); } } @@ -1322,23 +1885,25 @@ void PFCfgParser::host() { ANTLR_USE_NAMESPACE(antlr)RefToken v6 = ANTLR_USE_NAMESPACE(antlr)nullToken; ANTLR_USE_NAMESPACE(antlr)RefToken nm = ANTLR_USE_NAMESPACE(antlr)nullToken; ANTLR_USE_NAMESPACE(antlr)RefToken nm6 = ANTLR_USE_NAMESPACE(antlr)nullToken; + ANTLR_USE_NAMESPACE(antlr)RefToken tn = ANTLR_USE_NAMESPACE(antlr)nullToken; try { // for error handling { switch ( LA(1)) { - case EXCLAMATION: + case EXLAMATION: { - match(EXCLAMATION); -#line 461 "pf.g" + match(EXLAMATION); +#line 498 "pf.g" importer->tmp_neg = true; -#line 1337 "PFCfgParser.cpp" +#line 1901 "PFCfgParser.cpp" break; } case WORD: case IPV4: case IPV6: + case LESS_THAN: { break; } @@ -1405,10 +1970,16 @@ void PFCfgParser::host() { case COMMA: case TO: case CLOSING_BRACE: + case FLAGS: + case ICMP_TYPE: + case ICMP6_TYPE: + case TAGGED: + case TAG: case NO: case KEEP: case MODULATE: case SYNPROXY: + case LABEL: case PORT: { break; @@ -1419,12 +1990,12 @@ void PFCfgParser::host() { } } } -#line 467 "pf.g" +#line 504 "pf.g" if (v6) { importer->addMessageToLog( - QString("Warning: IPv6 import is not supported. ")); + QString("Error: IPv6 import is not supported. ")); consumeUntil(NEWLINE); } else { @@ -1433,23 +2004,38 @@ void PFCfgParser::host() { if (h) addr = h->getText(); if (nm) netm = nm->getText(); importer->tmp_group.push_back( - std::pair(addr, netm)); + AddressSpec(AddressSpec::NETWORK_ADDRESS, + addr, netm)); } -#line 1440 "PFCfgParser.cpp" +#line 2012 "PFCfgParser.cpp" break; } case WORD: { match(WORD); -#line 485 "pf.g" +#line 523 "pf.g" // This should be an interface name importer->tmp_group.push_back( - std::pair( - LT(0)->getText(), "255.255.255.255")); + AddressSpec(AddressSpec::INTERFACE_NAME, + LT(0)->getText(), "")); -#line 1453 "PFCfgParser.cpp" +#line 2025 "PFCfgParser.cpp" + break; + } + case LESS_THAN: + { + match(LESS_THAN); + tn = LT(1); + match(WORD); + match(GREATER_THAN); +#line 531 "pf.g" + + importer->tmp_group.push_back( + AddressSpec(AddressSpec::TABLE, tn->getText(), "")); + +#line 2039 "PFCfgParser.cpp" break; } default: @@ -1461,7 +2047,7 @@ void PFCfgParser::host() { } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_17); + recover(ex,_tokenSet_21); } } @@ -1478,17 +2064,226 @@ void PFCfgParser::host_list() { host(); } else { - goto _loop63; + goto _loop78; } } - _loop63:; + _loop78:; } // ( ... )* match(CLOSING_BRACE); } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_18); + recover(ex,_tokenSet_19); + } +} + +void PFCfgParser::route_to() { + Tracer traceInOut(this, "route_to"); + + try { // for error handling + match(ROUTE_TO); + { + switch ( LA(1)) { + case OPENING_PAREN: + { + routehost(); + break; + } + case OPENING_BRACE: + { + routehost_list(); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } +#line 555 "pf.g" + + importer->route_type = PFImporter::ROUTE_TO; + +#line 2109 "PFCfgParser.cpp" + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_11); + } +} + +void PFCfgParser::reply_to() { + Tracer traceInOut(this, "reply_to"); + + try { // for error handling + match(REPLY_TO); + { + switch ( LA(1)) { + case OPENING_PAREN: + { + routehost(); + break; + } + case OPENING_BRACE: + { + routehost_list(); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } +#line 562 "pf.g" + + importer->route_type = PFImporter::REPLY_TO; + +#line 2144 "PFCfgParser.cpp" + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_11); + } +} + +void PFCfgParser::routehost() { + Tracer traceInOut(this, "routehost"); + ANTLR_USE_NAMESPACE(antlr)RefToken h = ANTLR_USE_NAMESPACE(antlr)nullToken; + ANTLR_USE_NAMESPACE(antlr)RefToken v6 = ANTLR_USE_NAMESPACE(antlr)nullToken; + ANTLR_USE_NAMESPACE(antlr)RefToken nm = ANTLR_USE_NAMESPACE(antlr)nullToken; + ANTLR_USE_NAMESPACE(antlr)RefToken nm6 = ANTLR_USE_NAMESPACE(antlr)nullToken; +#line 567 "pf.g" + RouteSpec rs; +#line 2160 "PFCfgParser.cpp" + + try { // for error handling + match(OPENING_PAREN); + match(WORD); +#line 569 "pf.g" + rs.iface = LT(0)->getText(); +#line 2167 "PFCfgParser.cpp" + { + switch ( LA(1)) { + case IPV4: + { + h = LT(1); + match(IPV4); + break; + } + case IPV6: + { + v6 = LT(1); + match(IPV6); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + { + switch ( LA(1)) { + case SLASH: + { + match(SLASH); + { + switch ( LA(1)) { + case IPV4: + { + nm = LT(1); + match(IPV4); + break; + } + case INT_CONST: + { + nm6 = LT(1); + match(INT_CONST); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + break; + } + case CLOSING_PAREN: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } +#line 571 "pf.g" + + if (v6) + { + importer->addMessageToLog( + QString("Error: IPv6 import is not supported. ")); + consumeUntil(NEWLINE); + } else + { + if (h) rs.address = h->getText(); + if (nm) rs.netmask = nm->getText(); + importer->route_group.push_back(rs); + } + +#line 2239 "PFCfgParser.cpp" + match(CLOSING_PAREN); + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_22); + } +} + +void PFCfgParser::routehost_list() { + Tracer traceInOut(this, "routehost_list"); + + try { // for error handling + match(OPENING_BRACE); + routehost(); + { // ( ... )* + for (;;) { + if ((LA(1) == OPENING_PAREN || LA(1) == COMMA)) { + { + switch ( LA(1)) { + case COMMA: + { + match(COMMA); + break; + } + case OPENING_PAREN: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + routehost(); + } + else { + goto _loop91; + } + + } + _loop91:; + } // ( ... )* + match(CLOSING_BRACE); + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_11); } } @@ -1496,8 +2291,32 @@ void PFCfgParser::filteropt() { Tracer traceInOut(this, "filteropt"); try { // for error handling - { switch ( LA(1)) { + case FLAGS: + { + tcp_flags(); + break; + } + case ICMP_TYPE: + { + icmp_type(); + break; + } + case ICMP6_TYPE: + { + icmp6_type(); + break; + } + case TAGGED: + { + tagged(); + break; + } + case TAG: + { + tag_clause(); + break; + } case NO: case KEEP: case MODULATE: @@ -1506,10 +2325,14 @@ void PFCfgParser::filteropt() { state(); break; } - case NEWLINE: case QUEUE: - case COMMA: { + queue(); + break; + } + case LABEL: + { + label(); break; } default: @@ -1517,17 +2340,97 @@ void PFCfgParser::filteropt() { throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); } } - } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_23); + } +} + +void PFCfgParser::tcp_flags() { + Tracer traceInOut(this, "tcp_flags"); + ANTLR_USE_NAMESPACE(antlr)RefToken check = ANTLR_USE_NAMESPACE(antlr)nullToken; + ANTLR_USE_NAMESPACE(antlr)RefToken mask = ANTLR_USE_NAMESPACE(antlr)nullToken; + + try { // for error handling + match(FLAGS); { switch ( LA(1)) { - case QUEUE: + case ANY: { - queue(); + match(ANY); +#line 628 "pf.g" + + importer->flags_check = "any"; + importer->flags_mask = "all"; + +#line 2368 "PFCfgParser.cpp" break; } - case NEWLINE: - case COMMA: + case WORD: + case SLASH: { + { + switch ( LA(1)) { + case WORD: + { + check = LT(1); + match(WORD); + break; + } + case SLASH: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + match(SLASH); + { + switch ( LA(1)) { + case WORD: + { + mask = LT(1); + match(WORD); + break; + } + case NEWLINE: + case QUEUE: + case COMMA: + case FLAGS: + case ICMP_TYPE: + case ICMP6_TYPE: + case TAGGED: + case TAG: + case NO: + case KEEP: + case MODULATE: + case SYNPROXY: + case LABEL: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } +#line 634 "pf.g" + + if (check) + importer->flags_check = check->getText(); + else + importer->flags_check = "any"; + if (mask) + importer->flags_mask = mask->getText(); + else + importer->flags_mask = "all"; + +#line 2434 "PFCfgParser.cpp" break; } default: @@ -1539,7 +2442,93 @@ void PFCfgParser::filteropt() { } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_19); + recover(ex,_tokenSet_23); + } +} + +void PFCfgParser::icmp_type() { + Tracer traceInOut(this, "icmp_type"); + + try { // for error handling + match(ICMP_TYPE); + { + switch ( LA(1)) { + case WORD: + case INT_CONST: + { + icmp_type_code(); + break; + } + case OPENING_BRACE: + { + icmp_list(); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_23); + } +} + +void PFCfgParser::icmp6_type() { + Tracer traceInOut(this, "icmp6_type"); + + try { // for error handling + match(ICMP6_TYPE); +#line 680 "pf.g" + + importer->addMessageToLog( + QString("Error: ICMP6 import is not supported. ")); + consumeUntil(NEWLINE); + +#line 2492 "PFCfgParser.cpp" + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_23); + } +} + +void PFCfgParser::tagged() { + Tracer traceInOut(this, "tagged"); + + try { // for error handling + match(TAGGED); + match(WORD); +#line 689 "pf.g" + + importer->tagged = LT(0)->getText(); + +#line 2510 "PFCfgParser.cpp" + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_23); + } +} + +void PFCfgParser::tag_clause() { + Tracer traceInOut(this, "tag_clause"); + + try { // for error handling + match(TAG); + match(WORD); +#line 696 "pf.g" + + importer->tag = LT(0)->getText(); + +#line 2528 "PFCfgParser.cpp" + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_23); } } @@ -1575,16 +2564,16 @@ void PFCfgParser::state() { } } } -#line 528 "pf.g" +#line 711 "pf.g" importer->state_op = LT(0)->getText(); -#line 1583 "PFCfgParser.cpp" +#line 2572 "PFCfgParser.cpp" match(STATE); } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_20); + recover(ex,_tokenSet_23); } } @@ -1598,44 +2587,38 @@ void PFCfgParser::queue() { case WORD: { match(WORD); -#line 537 "pf.g" +#line 720 "pf.g" importer->queue += LT(0)->getText(); -#line 1604 "PFCfgParser.cpp" +#line 2593 "PFCfgParser.cpp" break; } case OPENING_PAREN: { match(OPENING_PAREN); -#line 539 "pf.g" - importer->queue += "("; -#line 1612 "PFCfgParser.cpp" match(WORD); -#line 540 "pf.g" +#line 723 "pf.g" importer->queue += LT(0)->getText(); -#line 1616 "PFCfgParser.cpp" +#line 2602 "PFCfgParser.cpp" { // ( ... )* for (;;) { if ((LA(1) == COMMA)) { match(COMMA); -#line 542 "pf.g" +#line 725 "pf.g" importer->queue += ","; -#line 1623 "PFCfgParser.cpp" +#line 2609 "PFCfgParser.cpp" match(WORD); -#line 543 "pf.g" +#line 726 "pf.g" importer->queue += LT(0)->getText(); -#line 1627 "PFCfgParser.cpp" +#line 2613 "PFCfgParser.cpp" } else { - goto _loop75; + goto _loop119; } } - _loop75:; + _loop119:; } // ( ... )* match(CLOSING_PAREN); -#line 545 "pf.g" - importer->queue += ")"; -#line 1639 "PFCfgParser.cpp" break; } default: @@ -1645,215 +2628,30 @@ void PFCfgParser::queue() { } } } - catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { - reportError(ex); - recover(ex,_tokenSet_19); - } -} - -void PFCfgParser::unary_op() { - Tracer traceInOut(this, "unary_op"); - - try { // for error handling -#line 568 "pf.g" - - std::string op = "="; - -#line 1663 "PFCfgParser.cpp" - { - switch ( LA(1)) { - case EQUAL: - case NOT_EQUAL: - case LESS_THAN: - case LESS_OR_EQUAL_THAN: - case GREATER_THAN: - case GREATER_OR_EQUAL_THAN: - { - { - switch ( LA(1)) { - case EQUAL: - { - match(EQUAL); - break; - } - case NOT_EQUAL: - { - match(NOT_EQUAL); - break; - } - case LESS_THAN: - { - match(LESS_THAN); - break; - } - case LESS_OR_EQUAL_THAN: - { - match(LESS_OR_EQUAL_THAN); - break; - } - case GREATER_THAN: - { - match(GREATER_THAN); - break; - } - case GREATER_OR_EQUAL_THAN: - { - match(GREATER_OR_EQUAL_THAN); - break; - } - default: - { - throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); - } - } - } -#line 585 "pf.g" - - op = LT(0)->getText(); - -#line 1715 "PFCfgParser.cpp" - break; - } - case WORD: - case INT_CONST: - case PORT_RANGE: - { - break; - } - default: - { - throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); - } - } - } - port_def(); -#line 590 "pf.g" - - std::vector tuple; - tuple.push_back(op); - tuple.push_back(importer->tmp_port_def); - importer->tmp_port_group.push_back(tuple); - -#line 1738 "PFCfgParser.cpp" - } - catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { - reportError(ex); - recover(ex,_tokenSet_21); - } -} - -void PFCfgParser::binary_op() { - Tracer traceInOut(this, "binary_op"); - - try { // for error handling -#line 599 "pf.g" - - std::string op; - std::string arg1; - std::vector tuple; - -#line 1756 "PFCfgParser.cpp" - port_def(); -#line 605 "pf.g" - - arg1 = importer->tmp_port_def; - -#line 1762 "PFCfgParser.cpp" - { - switch ( LA(1)) { - case EXCEPT_RANGE: - { - match(EXCEPT_RANGE); - break; - } - case INSIDE_RANGE: - { - match(INSIDE_RANGE); - break; - } - case COLON: - { - match(COLON); - break; - } - default: - { - throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); - } - } - } -#line 615 "pf.g" - - op = LT(0)->getText(); - -#line 1790 "PFCfgParser.cpp" - port_def(); -#line 619 "pf.g" - - tuple.push_back(op); - tuple.push_back(arg1); - tuple.push_back(importer->tmp_port_def); - importer->tmp_port_group.push_back(tuple); - -#line 1799 "PFCfgParser.cpp" - } - catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { - reportError(ex); - recover(ex,_tokenSet_21); - } -} - -void PFCfgParser::op_list() { - Tracer traceInOut(this, "op_list"); - - try { // for error handling - match(OPENING_BRACE); - { - if ((_tokenSet_12.member(LA(1))) && (_tokenSet_22.member(LA(2)))) { - unary_op(); - } - else if ((LA(1) == WORD || LA(1) == INT_CONST || LA(1) == PORT_RANGE) && ((LA(2) >= EXCEPT_RANGE && LA(2) <= COLON))) { - binary_op(); - } - else { - throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); - } - - } - { // ( ... )* - for (;;) { - if ((LA(1) == COMMA)) { - match(COMMA); - { - if ((_tokenSet_12.member(LA(1))) && (_tokenSet_22.member(LA(2)))) { - unary_op(); - } - else if ((LA(1) == WORD || LA(1) == INT_CONST || LA(1) == PORT_RANGE) && ((LA(2) >= EXCEPT_RANGE && LA(2) <= COLON))) { - binary_op(); - } - else { - throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); - } - - } - } - else { - goto _loop91; - } - - } - _loop91:; - } // ( ... )* - match(CLOSING_BRACE); - } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); recover(ex,_tokenSet_23); } } -void PFCfgParser::port_def() { - Tracer traceInOut(this, "port_def"); +void PFCfgParser::label() { + Tracer traceInOut(this, "label"); + + try { // for error handling + match(LABEL); + match(STRING); + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_23); + } +} + +void PFCfgParser::icmp_type_code() { + Tracer traceInOut(this, "icmp_type_code"); +#line 656 "pf.g" + std::string icmp_type, icmp_code; +#line 2655 "PFCfgParser.cpp" try { // for error handling { @@ -1868,9 +2666,60 @@ void PFCfgParser::port_def() { match(INT_CONST); break; } - case PORT_RANGE: + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } +#line 657 "pf.g" + icmp_type = LT(0)->getText(); +#line 2678 "PFCfgParser.cpp" + { + switch ( LA(1)) { + case ICMP_CODE: + { + match(ICMP_CODE); + { + switch ( LA(1)) { + case WORD: + { + match(WORD); + break; + } + case INT_CONST: + { + match(INT_CONST); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } +#line 659 "pf.g" + icmp_code = LT(0)->getText(); +#line 2704 "PFCfgParser.cpp" + break; + } + case NEWLINE: + case WORD: + case QUEUE: + case COMMA: + case CLOSING_BRACE: + case INT_CONST: + case FLAGS: + case ICMP_TYPE: + case ICMP6_TYPE: + case TAGGED: + case TAG: + case NO: + case KEEP: + case MODULATE: + case SYNPROXY: + case LABEL: { - match(PORT_RANGE); break; } default: @@ -1879,11 +2728,12 @@ void PFCfgParser::port_def() { } } } -#line 629 "pf.g" +#line 661 "pf.g" - importer->tmp_port_def = LT(0)->getText(); + importer->icmp_type_code_group.push_back( + str_tuple(icmp_type, icmp_code)); -#line 1887 "PFCfgParser.cpp" +#line 2737 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -1891,6 +2741,313 @@ void PFCfgParser::port_def() { } } +void PFCfgParser::icmp_list() { + Tracer traceInOut(this, "icmp_list"); + + try { // for error handling + match(OPENING_BRACE); + icmp_type_code(); + { // ( ... )* + for (;;) { + if ((LA(1) == WORD || LA(1) == COMMA || LA(1) == INT_CONST)) { + { + switch ( LA(1)) { + case COMMA: + { + match(COMMA); + break; + } + case WORD: + case INT_CONST: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + icmp_type_code(); + } + else { + goto _loop110; + } + + } + _loop110:; + } // ( ... )* + match(CLOSING_BRACE); + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_23); + } +} + +void PFCfgParser::port_op() { + Tracer traceInOut(this, "port_op"); +#line 780 "pf.g" + PortSpec ps; +#line 2793 "PFCfgParser.cpp" + + try { // for error handling + { + switch ( LA(1)) { + case EQUAL: + case EXLAMATION: + case LESS_THAN: + case GREATER_THAN: + { + unary_port_op(); +#line 782 "pf.g" + ps.port_op = importer->tmp_port_op; +#line 2806 "PFCfgParser.cpp" + port_def(); +#line 784 "pf.g" + + ps.port1 = importer->tmp_port_def; + ps.port2 = importer->tmp_port_def; + +#line 2813 "PFCfgParser.cpp" + break; + } + case WORD: + case INT_CONST: + { + port_def(); +#line 790 "pf.g" + + ps.port1 = importer->tmp_port_def; + ps.port2 = ps.port1; + ps.port_op = "="; + +#line 2826 "PFCfgParser.cpp" + { + if ((LA(1) == LESS_THAN || LA(1) == GREATER_THAN || LA(1) == COLON) && (_tokenSet_25.member(LA(2)))) { + binary_port_op(); +#line 796 "pf.g" + ps.port_op = importer->tmp_port_op; +#line 2832 "PFCfgParser.cpp" + port_def(); +#line 797 "pf.g" + ps.port2 = LT(0)->getText(); +#line 2836 "PFCfgParser.cpp" + } + else if ((_tokenSet_26.member(LA(1))) && (_tokenSet_27.member(LA(2)))) { + } + else { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + + } + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } +#line 800 "pf.g" + + importer->tmp_port_group.push_back(ps); + +#line 2857 "PFCfgParser.cpp" + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_26); + } +} + +void PFCfgParser::port_op_list() { + Tracer traceInOut(this, "port_op_list"); + + try { // for error handling + match(OPENING_BRACE); + port_op(); + { // ( ... )* + for (;;) { + if ((_tokenSet_28.member(LA(1)))) { + { + switch ( LA(1)) { + case COMMA: + { + match(COMMA); + break; + } + case WORD: + case EQUAL: + case EXLAMATION: + case INT_CONST: + case LESS_THAN: + case GREATER_THAN: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + port_op(); + } + else { + goto _loop136; + } + + } + _loop136:; + } // ( ... )* + match(CLOSING_BRACE); + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_18); + } +} + +void PFCfgParser::unary_port_op() { + Tracer traceInOut(this, "unary_port_op"); + + try { // for error handling + { + switch ( LA(1)) { + case EQUAL: + { + match(EQUAL); +#line 756 "pf.g" + importer->tmp_port_op = "="; +#line 2924 "PFCfgParser.cpp" + break; + } + case EXLAMATION: + { + match(EXLAMATION); + match(EQUAL); +#line 758 "pf.g" + importer->tmp_port_op = "!="; +#line 2933 "PFCfgParser.cpp" + break; + } + default: + if ((LA(1) == LESS_THAN) && (LA(2) == WORD || LA(2) == INT_CONST)) { + match(LESS_THAN); +#line 760 "pf.g" + importer->tmp_port_op = "<"; +#line 2941 "PFCfgParser.cpp" + } + else if ((LA(1) == LESS_THAN) && (LA(2) == EQUAL)) { + match(LESS_THAN); + match(EQUAL); +#line 762 "pf.g" + importer->tmp_port_op = "<="; +#line 2948 "PFCfgParser.cpp" + } + else if ((LA(1) == GREATER_THAN) && (LA(2) == WORD || LA(2) == INT_CONST)) { + match(GREATER_THAN); +#line 764 "pf.g" + importer->tmp_port_op = ">"; +#line 2954 "PFCfgParser.cpp" + } + else if ((LA(1) == GREATER_THAN) && (LA(2) == EQUAL)) { + match(GREATER_THAN); + match(EQUAL); +#line 766 "pf.g" + importer->tmp_port_op = ">="; +#line 2961 "PFCfgParser.cpp" + } + else { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_29); + } +} + +void PFCfgParser::binary_port_op() { + Tracer traceInOut(this, "binary_port_op"); + + try { // for error handling + { + switch ( LA(1)) { + case LESS_THAN: + { + match(LESS_THAN); + match(GREATER_THAN); +#line 772 "pf.g" + importer->tmp_port_op = "<>"; +#line 2987 "PFCfgParser.cpp" + break; + } + case GREATER_THAN: + { + match(GREATER_THAN); + match(LESS_THAN); +#line 774 "pf.g" + importer->tmp_port_op = "><"; +#line 2996 "PFCfgParser.cpp" + break; + } + case COLON: + { + match(COLON); +#line 776 "pf.g" + importer->tmp_port_op = ":"; +#line 3004 "PFCfgParser.cpp" + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_29); + } +} + +void PFCfgParser::port_def() { + Tracer traceInOut(this, "port_def"); + + try { // for error handling + switch ( LA(1)) { + case WORD: + { + match(WORD); + break; + } + case INT_CONST: + { + match(INT_CONST); +#line 807 "pf.g" + + importer->tmp_port_def = LT(0)->getText(); + +#line 3037 "PFCfgParser.cpp" + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_30); + } +} + void PFCfgParser::initializeASTFactory( ANTLR_USE_NAMESPACE(antlr)ASTFactory& ) { } @@ -1908,6 +3065,7 @@ const char* PFCfgParser::tokenNames[] = { "\"queue\"", "\"set\"", "\"scrub\"", + "\"table\"", "\"nat\"", "\"binat\"", "\"rdr\"", @@ -1917,12 +3075,17 @@ const char* PFCfgParser::tokenNames[] = { "\"in\"", "\"out\"", "\"log\"", + "OPENING_PAREN", "COMMA", - "ALL", - "USER", + "CLOSING_PAREN", + "\"all\"", + "\"user\"", "\"to\"", "\"quick\"", "\"on\"", + "EXLAMATION", + "OPENING_BRACE", + "CLOSING_BRACE", "\"inet\"", "\"inet6\"", "\"proto\"", @@ -1943,32 +3106,33 @@ const char* PFCfgParser::tokenNames[] = { "\"l2tp\"", "\"isis\"", "INT_CONST", - "OPENING_BRACE", - "CLOSING_BRACE", "\"from\"", + "\"urpf-failed\"", "\"any\"", - "SELF", - "EXCLAMATION", + "\"self\"", + "\"no-route\"", "IPV4", "IPV6", "SLASH", + "LESS_THAN", + "GREATER_THAN", + "\"route-to\"", + "\"reply-to\"", + "\"flags\"", + "\"icmp-type\"", + "\"code\"", + "\"icmp6-type\"", + "\"tagged\"", + "\"tag\"", "\"no\"", "\"keep\"", "\"modulate\"", "\"synproxy\"", "\"state\"", - "OPENING_PAREN", - "CLOSING_PAREN", + "\"label\"", + "STRING", "\"port\"", - "\"!=\"", - "LESS_THAN", - "\"<=\"", - "GREATER_THAN", - "\">=\"", - "\"<>\"", - "\"><\"", "COLON", - "PORT_RANGE", "\"exit\"", "\"quit\"", "\"interface\"", @@ -2003,7 +3167,6 @@ const char* PFCfgParser::tokenNames[] = { "NUM_3DIGIT", "NUM_HEX_4DIGIT", "NUMBER_ADDRESS_OR_WORD", - "STRING", "PIPE_CHAR", "NUMBER_SIGN", "PERCENT", @@ -2021,88 +3184,146 @@ const char* PFCfgParser::tokenNames[] = { "CARET", "UNDERLINE", "TILDE", - "EXLAMATION", + "DOUBLE_QUOTE", 0 }; -const unsigned long PFCfgParser::_tokenSet_0_data_[] = { 524146UL, 0UL, 0UL, 0UL }; +const unsigned long PFCfgParser::_tokenSet_0_data_[] = { 1048434UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // EOF NEWLINE LINE_COMMENT WORD "antispoof" "altq" "queue" "set" "scrub" -// "nat" "binat" "rdr" "timeout" "pass" "block" -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_0(_tokenSet_0_data_,4); -const unsigned long PFCfgParser::_tokenSet_1_data_[] = { 2UL, 0UL, 0UL, 0UL }; +// "table" "nat" "binat" "rdr" "timeout" "pass" "block" +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_0(_tokenSet_0_data_,6); +const unsigned long PFCfgParser::_tokenSet_1_data_[] = { 2UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // EOF -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_1(_tokenSet_1_data_,4); -const unsigned long PFCfgParser::_tokenSet_2_data_[] = { 16UL, 0UL, 0UL, 0UL }; +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_1(_tokenSet_1_data_,6); +const unsigned long PFCfgParser::_tokenSet_2_data_[] = { 335545360UL, 4194304UL, 12268UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE "queue" "all" "to" "from" "flags" "icmp-type" "icmp6-type" "tagged" +// "tag" "no" "keep" "modulate" "synproxy" "label" +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_2(_tokenSet_2_data_,8); +const unsigned long PFCfgParser::_tokenSet_3_data_[] = { 2442133362UL, 2141192193UL, 65516UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// EOF NEWLINE LINE_COMMENT WORD "antispoof" "altq" "queue" "set" "scrub" +// "table" "nat" "binat" "rdr" "timeout" "pass" "block" OPENING_PAREN COMMA +// "to" EXLAMATION OPENING_BRACE INT_CONST "urpf-failed" "any" "self" "no-route" +// IPV4 IPV6 SLASH LESS_THAN "flags" "icmp-type" "icmp6-type" "tagged" +// "tag" "no" "keep" "modulate" "synproxy" "state" "label" STRING "port" +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_3(_tokenSet_3_data_,8); +const unsigned long PFCfgParser::_tokenSet_4_data_[] = { 1040UL, 0UL, 12268UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE "queue" "flags" "icmp-type" "icmp6-type" "tagged" "tag" "no" +// "keep" "modulate" "synproxy" "label" +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_4(_tokenSet_4_data_,8); +const unsigned long PFCfgParser::_tokenSet_5_data_[] = { 26214258UL, 555745281UL, 32748UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// EOF NEWLINE LINE_COMMENT WORD "antispoof" "altq" "queue" "set" "scrub" +// "table" "nat" "binat" "rdr" "timeout" "pass" "block" OPENING_PAREN COMMA +// OPENING_BRACE INT_CONST "any" SLASH "flags" "icmp-type" "icmp6-type" +// "tagged" "tag" "no" "keep" "modulate" "synproxy" "state" "label" STRING +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_5(_tokenSet_5_data_,8); +const unsigned long PFCfgParser::_tokenSet_6_data_[] = { 16UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // NEWLINE -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_2(_tokenSet_2_data_,4); -const unsigned long PFCfgParser::_tokenSet_3_data_[] = { 2124414992UL, 262144UL, 0UL, 0UL }; -// NEWLINE "log" ALL "to" "quick" "on" "inet" "inet6" "proto" "from" -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_3(_tokenSet_3_data_,4); -const unsigned long PFCfgParser::_tokenSet_4_data_[] = { 2122317840UL, 262144UL, 0UL, 0UL }; -// NEWLINE ALL "to" "quick" "on" "inet" "inet6" "proto" "from" -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_4(_tokenSet_4_data_,4); -const unsigned long PFCfgParser::_tokenSet_5_data_[] = { 2055208976UL, 262144UL, 0UL, 0UL }; -// NEWLINE ALL "to" "on" "inet" "inet6" "proto" "from" -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_5(_tokenSet_5_data_,4); -const unsigned long PFCfgParser::_tokenSet_6_data_[] = { 1920991248UL, 262144UL, 0UL, 0UL }; -// NEWLINE ALL "to" "inet" "inet6" "proto" "from" -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_6(_tokenSet_6_data_,4); -const unsigned long PFCfgParser::_tokenSet_7_data_[] = { 1115684864UL, 262144UL, 0UL, 0UL }; -// ALL "to" "proto" "from" -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_7(_tokenSet_7_data_,4); -const unsigned long PFCfgParser::_tokenSet_8_data_[] = { 46137344UL, 393216UL, 0UL, 0UL }; -// COMMA ALL "to" CLOSING_BRACE "from" -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_8(_tokenSet_8_data_,4); -const unsigned long PFCfgParser::_tokenSet_9_data_[] = { 4195344UL, 503316480UL, 0UL, 0UL }; -// NEWLINE "queue" COMMA "no" "keep" "modulate" "synproxy" -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_9(_tokenSet_9_data_,4); -const unsigned long PFCfgParser::_tokenSet_10_data_[] = { 2126512144UL, 262144UL, 0UL, 0UL }; -// NEWLINE COMMA ALL "to" "quick" "on" "inet" "inet6" "proto" "from" -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_10(_tokenSet_10_data_,4); -const unsigned long PFCfgParser::_tokenSet_11_data_[] = { 33554432UL, 0UL, 1UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// "to" "port" +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_6(_tokenSet_6_data_,6); +const unsigned long PFCfgParser::_tokenSet_7_data_[] = { 1950352400UL, 4194332UL, 12271UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE "queue" "log" "all" "to" "quick" "on" "inet" "inet6" "proto" +// "from" "route-to" "reply-to" "flags" "icmp-type" "icmp6-type" "tagged" +// "tag" "no" "keep" "modulate" "synproxy" "label" +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_7(_tokenSet_7_data_,8); +const unsigned long PFCfgParser::_tokenSet_8_data_[] = { 1946158096UL, 4194332UL, 12271UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE "queue" "all" "to" "quick" "on" "inet" "inet6" "proto" "from" +// "route-to" "reply-to" "flags" "icmp-type" "icmp6-type" "tagged" "tag" +// "no" "keep" "modulate" "synproxy" "label" +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_8(_tokenSet_8_data_,8); +const unsigned long PFCfgParser::_tokenSet_9_data_[] = { 1409287184UL, 4194332UL, 12271UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE "queue" "all" "to" "on" "inet" "inet6" "proto" "from" "route-to" +// "reply-to" "flags" "icmp-type" "icmp6-type" "tagged" "tag" "no" "keep" +// "modulate" "synproxy" "label" +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_9(_tokenSet_9_data_,8); +const unsigned long PFCfgParser::_tokenSet_10_data_[] = { 335545360UL, 4194332UL, 12271UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE "queue" "all" "to" "inet" "inet6" "proto" "from" "route-to" +// "reply-to" "flags" "icmp-type" "icmp6-type" "tagged" "tag" "no" "keep" +// "modulate" "synproxy" "label" +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_10(_tokenSet_10_data_,8); +const unsigned long PFCfgParser::_tokenSet_11_data_[] = { 335545360UL, 4194332UL, 12268UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE "queue" "all" "to" "inet" "inet6" "proto" "from" "flags" "icmp-type" +// "icmp6-type" "tagged" "tag" "no" "keep" "modulate" "synproxy" "label" const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_11(_tokenSet_11_data_,8); -const unsigned long PFCfgParser::_tokenSet_12_data_[] = { 192UL, 32768UL, 574UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// WORD EQUAL INT_CONST "!=" LESS_THAN "<=" GREATER_THAN ">=" PORT_RANGE +const unsigned long PFCfgParser::_tokenSet_12_data_[] = { 335545360UL, 4194320UL, 12268UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE "queue" "all" "to" "proto" "from" "flags" "icmp-type" "icmp6-type" +// "tagged" "tag" "no" "keep" "modulate" "synproxy" "label" const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_12(_tokenSet_12_data_,8); -const unsigned long PFCfgParser::_tokenSet_13_data_[] = { 33554496UL, 32768UL, 512UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// WORD "to" INT_CONST PORT_RANGE +const unsigned long PFCfgParser::_tokenSet_13_data_[] = { 16778240UL, 0UL, 12268UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// "queue" COMMA "flags" "icmp-type" "icmp6-type" "tagged" "tag" "no" "keep" +// "modulate" "synproxy" "label" const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_13(_tokenSet_13_data_,8); -const unsigned long PFCfgParser::_tokenSet_14_data_[] = { 33554432UL, 0UL, 0UL, 0UL }; -// "to" -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_14(_tokenSet_14_data_,4); -const unsigned long PFCfgParser::_tokenSet_15_data_[] = { 4195344UL, 503316480UL, 1UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// NEWLINE "queue" COMMA "no" "keep" "modulate" "synproxy" "port" +const unsigned long PFCfgParser::_tokenSet_14_data_[] = { 50331648UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// COMMA CLOSING_PAREN +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_14(_tokenSet_14_data_,6); +const unsigned long PFCfgParser::_tokenSet_15_data_[] = { 2499806288UL, 4194334UL, 12271UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE WORD "queue" COMMA "all" "to" EXLAMATION CLOSING_BRACE "inet" +// "inet6" "proto" "from" "route-to" "reply-to" "flags" "icmp-type" "icmp6-type" +// "tagged" "tag" "no" "keep" "modulate" "synproxy" "label" const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_15(_tokenSet_15_data_,8); -const unsigned long PFCfgParser::_tokenSet_16_data_[] = { 4195408UL, 503349248UL, 512UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// NEWLINE WORD "queue" COMMA INT_CONST "no" "keep" "modulate" "synproxy" -// PORT_RANGE +const unsigned long PFCfgParser::_tokenSet_16_data_[] = { 352322576UL, 8388579UL, 12268UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE "queue" COMMA "all" "to" OPENING_BRACE CLOSING_BRACE "ip" "icmp" +// "igmp" "tcp" "udp" "rdp" "rsvp" "gre" "esp" "ah" "eigrp" "ospf" "ipip" +// "vrrp" "l2tp" "isis" INT_CONST "from" "flags" "icmp-type" "icmp6-type" +// "tagged" "tag" "no" "keep" "modulate" "synproxy" "label" const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_16(_tokenSet_16_data_,8); -const unsigned long PFCfgParser::_tokenSet_17_data_[] = { 37749776UL, 503447552UL, 1UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// NEWLINE "queue" COMMA "to" CLOSING_BRACE "no" "keep" "modulate" "synproxy" -// "port" -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_17(_tokenSet_17_data_,8); -const unsigned long PFCfgParser::_tokenSet_18_data_[] = { 37749776UL, 503316480UL, 1UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// NEWLINE "queue" COMMA "to" "no" "keep" "modulate" "synproxy" "port" +const unsigned long PFCfgParser::_tokenSet_17_data_[] = { 16777216UL, 4194273UL, 0UL, 0UL, 0UL, 0UL }; +// COMMA OPENING_BRACE "ip" "icmp" "igmp" "tcp" "udp" "rdp" "rsvp" "gre" +// "esp" "ah" "eigrp" "ospf" "ipip" "vrrp" "l2tp" "isis" INT_CONST +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_17(_tokenSet_17_data_,6); +const unsigned long PFCfgParser::_tokenSet_18_data_[] = { 268436496UL, 0UL, 12268UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE "queue" "to" "flags" "icmp-type" "icmp6-type" "tagged" "tag" +// "no" "keep" "modulate" "synproxy" "label" const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_18(_tokenSet_18_data_,8); -const unsigned long PFCfgParser::_tokenSet_19_data_[] = { 4194320UL, 0UL, 0UL, 0UL }; -// NEWLINE COMMA -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_19(_tokenSet_19_data_,4); -const unsigned long PFCfgParser::_tokenSet_20_data_[] = { 4195344UL, 0UL, 0UL, 0UL }; -// NEWLINE "queue" COMMA -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_20(_tokenSet_20_data_,4); -const unsigned long PFCfgParser::_tokenSet_21_data_[] = { 37749776UL, 503447552UL, 0UL, 0UL }; -// NEWLINE "queue" COMMA "to" CLOSING_BRACE "no" "keep" "modulate" "synproxy" -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_21(_tokenSet_21_data_,4); -const unsigned long PFCfgParser::_tokenSet_22_data_[] = { 4194368UL, 163840UL, 512UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// WORD COMMA INT_CONST CLOSING_BRACE PORT_RANGE +const unsigned long PFCfgParser::_tokenSet_19_data_[] = { 268436496UL, 0UL, 45036UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE "queue" "to" "flags" "icmp-type" "icmp6-type" "tagged" "tag" +// "no" "keep" "modulate" "synproxy" "label" "port" +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_19(_tokenSet_19_data_,8); +const unsigned long PFCfgParser::_tokenSet_20_data_[] = { 1040UL, 0UL, 45036UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE "queue" "flags" "icmp-type" "icmp6-type" "tagged" "tag" "no" +// "keep" "modulate" "synproxy" "label" "port" +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_20(_tokenSet_20_data_,8); +const unsigned long PFCfgParser::_tokenSet_21_data_[] = { 285213712UL, 2UL, 45036UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE "queue" COMMA "to" CLOSING_BRACE "flags" "icmp-type" "icmp6-type" +// "tagged" "tag" "no" "keep" "modulate" "synproxy" "label" "port" +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_21(_tokenSet_21_data_,8); +const unsigned long PFCfgParser::_tokenSet_22_data_[] = { 360711184UL, 4194334UL, 12268UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE "queue" OPENING_PAREN COMMA "all" "to" CLOSING_BRACE "inet" +// "inet6" "proto" "from" "flags" "icmp-type" "icmp6-type" "tagged" "tag" +// "no" "keep" "modulate" "synproxy" "label" const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_22(_tokenSet_22_data_,8); -const unsigned long PFCfgParser::_tokenSet_23_data_[] = { 37749776UL, 503316480UL, 0UL, 0UL }; -// NEWLINE "queue" COMMA "to" "no" "keep" "modulate" "synproxy" -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_23(_tokenSet_23_data_,4); -const unsigned long PFCfgParser::_tokenSet_24_data_[] = { 37749776UL, 503447552UL, 448UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// NEWLINE "queue" COMMA "to" CLOSING_BRACE "no" "keep" "modulate" "synproxy" -// "<>" "><" COLON +const unsigned long PFCfgParser::_tokenSet_23_data_[] = { 16778256UL, 0UL, 12268UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE "queue" COMMA "flags" "icmp-type" "icmp6-type" "tagged" "tag" +// "no" "keep" "modulate" "synproxy" "label" +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_23(_tokenSet_23_data_,8); +const unsigned long PFCfgParser::_tokenSet_24_data_[] = { 16778320UL, 2097154UL, 12268UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE WORD "queue" COMMA CLOSING_BRACE INT_CONST "flags" "icmp-type" +// "icmp6-type" "tagged" "tag" "no" "keep" "modulate" "synproxy" "label" const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_24(_tokenSet_24_data_,8); +const unsigned long PFCfgParser::_tokenSet_25_data_[] = { 64UL, 3223322624UL, 0UL, 0UL, 0UL, 0UL }; +// WORD INT_CONST LESS_THAN GREATER_THAN +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_25(_tokenSet_25_data_,6); +const unsigned long PFCfgParser::_tokenSet_26_data_[] = { 2432697552UL, 3223322626UL, 12268UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE WORD EQUAL "queue" COMMA "to" EXLAMATION CLOSING_BRACE INT_CONST +// LESS_THAN GREATER_THAN "flags" "icmp-type" "icmp6-type" "tagged" "tag" +// "no" "keep" "modulate" "synproxy" "label" +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_26(_tokenSet_26_data_,8); +const unsigned long PFCfgParser::_tokenSet_27_data_[] = { 2442133490UL, 4280287235UL, 131052UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// EOF NEWLINE LINE_COMMENT WORD EQUAL "antispoof" "altq" "queue" "set" +// "scrub" "table" "nat" "binat" "rdr" "timeout" "pass" "block" OPENING_PAREN +// COMMA "to" EXLAMATION OPENING_BRACE CLOSING_BRACE INT_CONST "any" "self" +// "no-route" IPV4 IPV6 SLASH LESS_THAN GREATER_THAN "flags" "icmp-type" +// "icmp6-type" "tagged" "tag" "no" "keep" "modulate" "synproxy" "state" +// "label" STRING "port" COLON +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_27(_tokenSet_27_data_,8); +const unsigned long PFCfgParser::_tokenSet_28_data_[] = { 2164261056UL, 3223322624UL, 0UL, 0UL, 0UL, 0UL }; +// WORD EQUAL COMMA EXLAMATION INT_CONST LESS_THAN GREATER_THAN +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_28(_tokenSet_28_data_,6); +const unsigned long PFCfgParser::_tokenSet_29_data_[] = { 64UL, 2097152UL, 0UL, 0UL, 0UL, 0UL }; +// WORD INT_CONST +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_29(_tokenSet_29_data_,6); +const unsigned long PFCfgParser::_tokenSet_30_data_[] = { 2432697552UL, 3223322626UL, 77804UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE WORD EQUAL "queue" COMMA "to" EXLAMATION CLOSING_BRACE INT_CONST +// LESS_THAN GREATER_THAN "flags" "icmp-type" "icmp6-type" "tagged" "tag" +// "no" "keep" "modulate" "synproxy" "label" COLON +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_30(_tokenSet_30_data_,8); diff --git a/src/parsers/PFCfgParser.hpp b/src/parsers/PFCfgParser.hpp index 577520493..901169a0e 100644 --- a/src/parsers/PFCfgParser.hpp +++ b/src/parsers/PFCfgParser.hpp @@ -96,6 +96,7 @@ public: public: void queue_command(); public: void set_command(); public: void scrub_command(); + public: void table_command(); public: void nat_command(); public: void rdr_command(); public: void binat_command(); @@ -108,27 +109,47 @@ public: public: void logging(); public: void quick(); public: void intrface(); + public: void route(); public: void address_family(); public: void protospec(); public: void hosts(); public: void filteropts(); public: void logopts(); public: void logopt(); + public: void ifspec(); + public: void interface_list(); + public: void proto_def(); public: void proto_name(); public: void proto_number(); public: void proto_list(); + public: void hosts_from(); + public: void hosts_to(); public: void src_hosts_part(); public: void src_port_part(); public: void dst_hosts_part(); public: void dst_port_part(); + public: void common_hosts_part(); public: void host(); public: void host_list(); + public: void route_to(); + public: void reply_to(); + public: void routehost(); + public: void routehost_list(); public: void filteropt(); + public: void tcp_flags(); + public: void icmp_type(); + public: void icmp6_type(); + public: void tagged(); + public: void tag_clause(); public: void state(); public: void queue(); - public: void unary_op(); - public: void binary_op(); - public: void op_list(); + public: void label(); + public: void icmp_type_code(); + public: void icmp_list(); + public: void port_op(); + public: void port_op_list(); + public: void unary_port_op(); + public: void binary_port_op(); public: void port_def(); public: ANTLR_USE_NAMESPACE(antlr)RefAST getAST() @@ -141,10 +162,10 @@ protected: private: static const char* tokenNames[]; #ifndef NO_STATIC_CONSTS - static const int NUM_TOKENS = 127; + static const int NUM_TOKENS = 133; #else enum { - NUM_TOKENS = 127 + NUM_TOKENS = 133 }; #endif @@ -198,6 +219,18 @@ private: static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_23; static const unsigned long _tokenSet_24_data_[]; static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_24; + static const unsigned long _tokenSet_25_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_25; + static const unsigned long _tokenSet_26_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_26; + static const unsigned long _tokenSet_27_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_27; + static const unsigned long _tokenSet_28_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_28; + static const unsigned long _tokenSet_29_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_29; + static const unsigned long _tokenSet_30_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_30; }; #endif /*INC_PFCfgParser_hpp_*/ diff --git a/src/parsers/PFCfgParserTokenTypes.hpp b/src/parsers/PFCfgParserTokenTypes.hpp index 82536c2cc..7d5e66589 100644 --- a/src/parsers/PFCfgParserTokenTypes.hpp +++ b/src/parsers/PFCfgParserTokenTypes.hpp @@ -21,120 +21,126 @@ struct CUSTOM_API PFCfgParserTokenTypes { QUEUE = 10, SET = 11, SCRUB = 12, - NAT = 13, - BINAT = 14, - RDR = 15, - TIMEOUT = 16, - PASS = 17, - BLOCK = 18, - IN = 19, - OUT = 20, - LOG = 21, - COMMA = 22, - ALL = 23, - USER = 24, - TO = 25, - QUICK = 26, - ON = 27, - INET = 28, - INET6 = 29, - PROTO = 30, - IP = 31, - ICMP = 32, - IGMP = 33, - TCP = 34, - UDP = 35, - RDP = 36, - RSVP = 37, - GRE = 38, - ESP = 39, - AH = 40, - EIGRP = 41, - OSPF = 42, - IPIP = 43, - VRRP = 44, - L2TP = 45, - ISIS = 46, - INT_CONST = 47, - OPENING_BRACE = 48, - CLOSING_BRACE = 49, - FROM = 50, - ANY = 51, - SELF = 52, - EXCLAMATION = 53, - IPV4 = 54, - IPV6 = 55, - SLASH = 56, - NO = 57, - KEEP = 58, - MODULATE = 59, - SYNPROXY = 60, - STATE = 61, - OPENING_PAREN = 62, - CLOSING_PAREN = 63, - PORT = 64, - NOT_EQUAL = 65, - LESS_THAN = 66, - LESS_OR_EQUAL_THAN = 67, - GREATER_THAN = 68, - GREATER_OR_EQUAL_THAN = 69, - EXCEPT_RANGE = 70, - INSIDE_RANGE = 71, - COLON = 72, - PORT_RANGE = 73, - EXIT = 74, - QUIT = 75, - INTRFACE = 76, - ICMP6 = 77, - IGRP = 78, - IPSEC = 79, - NOS = 80, - PCP = 81, - PIM = 82, - PPTP = 83, - RIP = 84, - SNP = 85, - HOST = 86, - RANGE = 87, - LOG_LEVEL_ALERTS = 88, - LOG_LEVEL_CRITICAL = 89, - LOG_LEVEL_DEBUGGING = 90, - LOG_LEVEL_EMERGENCIES = 91, - LOG_LEVEL_ERRORS = 92, - LOG_LEVEL_INFORMATIONAL = 93, - LOG_LEVEL_NOTIFICATIONS = 94, - LOG_LEVEL_WARNINGS = 95, - LOG_LEVEL_DISABLE = 96, - LOG_LEVEL_INACTIVE = 97, - TRANSLATE_TO = 98, - Whitespace = 99, - HEX_CONST = 100, - NUMBER = 101, - NEG_INT_CONST = 102, - HEX_DIGIT = 103, - DIGIT = 104, - NUM_3DIGIT = 105, - NUM_HEX_4DIGIT = 106, - NUMBER_ADDRESS_OR_WORD = 107, - STRING = 108, - PIPE_CHAR = 109, - NUMBER_SIGN = 110, - PERCENT = 111, - AMPERSAND = 112, - APOSTROPHE = 113, - STAR = 114, - PLUS = 115, - MINUS = 116, - DOT = 117, - SEMICOLON = 118, - QUESTION = 119, - COMMERCIAL_AT = 120, - OPENING_SQUARE = 121, - CLOSING_SQUARE = 122, - CARET = 123, - UNDERLINE = 124, - TILDE = 125, - EXLAMATION = 126, + TABLE = 13, + NAT = 14, + BINAT = 15, + RDR = 16, + TIMEOUT = 17, + PASS = 18, + BLOCK = 19, + IN = 20, + OUT = 21, + LOG = 22, + OPENING_PAREN = 23, + COMMA = 24, + CLOSING_PAREN = 25, + ALL = 26, + USER = 27, + TO = 28, + QUICK = 29, + ON = 30, + EXLAMATION = 31, + OPENING_BRACE = 32, + CLOSING_BRACE = 33, + INET = 34, + INET6 = 35, + PROTO = 36, + IP = 37, + ICMP = 38, + IGMP = 39, + TCP = 40, + UDP = 41, + RDP = 42, + RSVP = 43, + GRE = 44, + ESP = 45, + AH = 46, + EIGRP = 47, + OSPF = 48, + IPIP = 49, + VRRP = 50, + L2TP = 51, + ISIS = 52, + INT_CONST = 53, + FROM = 54, + URPF_FAILED = 55, + ANY = 56, + SELF = 57, + NO_ROUTE = 58, + IPV4 = 59, + IPV6 = 60, + SLASH = 61, + LESS_THAN = 62, + GREATER_THAN = 63, + ROUTE_TO = 64, + REPLY_TO = 65, + FLAGS = 66, + ICMP_TYPE = 67, + ICMP_CODE = 68, + ICMP6_TYPE = 69, + TAGGED = 70, + TAG = 71, + NO = 72, + KEEP = 73, + MODULATE = 74, + SYNPROXY = 75, + STATE = 76, + LABEL = 77, + STRING = 78, + PORT = 79, + COLON = 80, + EXIT = 81, + QUIT = 82, + INTRFACE = 83, + ICMP6 = 84, + IGRP = 85, + IPSEC = 86, + NOS = 87, + PCP = 88, + PIM = 89, + PPTP = 90, + RIP = 91, + SNP = 92, + HOST = 93, + RANGE = 94, + LOG_LEVEL_ALERTS = 95, + LOG_LEVEL_CRITICAL = 96, + LOG_LEVEL_DEBUGGING = 97, + LOG_LEVEL_EMERGENCIES = 98, + LOG_LEVEL_ERRORS = 99, + LOG_LEVEL_INFORMATIONAL = 100, + LOG_LEVEL_NOTIFICATIONS = 101, + LOG_LEVEL_WARNINGS = 102, + LOG_LEVEL_DISABLE = 103, + LOG_LEVEL_INACTIVE = 104, + TRANSLATE_TO = 105, + Whitespace = 106, + HEX_CONST = 107, + NUMBER = 108, + NEG_INT_CONST = 109, + HEX_DIGIT = 110, + DIGIT = 111, + NUM_3DIGIT = 112, + NUM_HEX_4DIGIT = 113, + NUMBER_ADDRESS_OR_WORD = 114, + PIPE_CHAR = 115, + NUMBER_SIGN = 116, + PERCENT = 117, + AMPERSAND = 118, + APOSTROPHE = 119, + STAR = 120, + PLUS = 121, + MINUS = 122, + DOT = 123, + SEMICOLON = 124, + QUESTION = 125, + COMMERCIAL_AT = 126, + OPENING_SQUARE = 127, + CLOSING_SQUARE = 128, + CARET = 129, + UNDERLINE = 130, + TILDE = 131, + DOUBLE_QUOTE = 132, NULL_TREE_LOOKAHEAD = 3 }; #ifdef __cplusplus diff --git a/src/parsers/PFCfgParserTokenTypes.txt b/src/parsers/PFCfgParserTokenTypes.txt index 3ed0839b0..8eca30dec 100644 --- a/src/parsers/PFCfgParserTokenTypes.txt +++ b/src/parsers/PFCfgParserTokenTypes.txt @@ -9,117 +9,123 @@ ALTQ="altq"=9 QUEUE="queue"=10 SET="set"=11 SCRUB="scrub"=12 -NAT="nat"=13 -BINAT="binat"=14 -RDR="rdr"=15 -TIMEOUT="timeout"=16 -PASS="pass"=17 -BLOCK="block"=18 -IN="in"=19 -OUT="out"=20 -LOG="log"=21 -COMMA=22 -ALL=23 -USER=24 -TO="to"=25 -QUICK="quick"=26 -ON="on"=27 -INET="inet"=28 -INET6="inet6"=29 -PROTO="proto"=30 -IP="ip"=31 -ICMP="icmp"=32 -IGMP="igmp"=33 -TCP="tcp"=34 -UDP="udp"=35 -RDP="rdp"=36 -RSVP="rsvp"=37 -GRE="gre"=38 -ESP="esp"=39 -AH="ah"=40 -EIGRP="eigrp"=41 -OSPF="ospf"=42 -IPIP="ipip"=43 -VRRP="vrrp"=44 -L2TP="l2tp"=45 -ISIS="isis"=46 -INT_CONST=47 -OPENING_BRACE=48 -CLOSING_BRACE=49 -FROM="from"=50 -ANY="any"=51 -SELF=52 -EXCLAMATION=53 -IPV4=54 -IPV6=55 -SLASH=56 -NO="no"=57 -KEEP="keep"=58 -MODULATE="modulate"=59 -SYNPROXY="synproxy"=60 -STATE="state"=61 -OPENING_PAREN=62 -CLOSING_PAREN=63 -PORT="port"=64 -NOT_EQUAL="!="=65 -LESS_THAN=66 -LESS_OR_EQUAL_THAN="<="=67 -GREATER_THAN=68 -GREATER_OR_EQUAL_THAN=">="=69 -EXCEPT_RANGE="<>"=70 -INSIDE_RANGE="><"=71 -COLON=72 -PORT_RANGE=73 -EXIT="exit"=74 -QUIT="quit"=75 -INTRFACE="interface"=76 -ICMP6="icmp6"=77 -IGRP="igrp"=78 -IPSEC="ipsec"=79 -NOS="nos"=80 -PCP="pcp"=81 -PIM="pim"=82 -PPTP="pptp"=83 -RIP="rip"=84 -SNP="snp"=85 -HOST="host"=86 -RANGE="range"=87 -LOG_LEVEL_ALERTS="alerts"=88 -LOG_LEVEL_CRITICAL="critical"=89 -LOG_LEVEL_DEBUGGING="debugging"=90 -LOG_LEVEL_EMERGENCIES="emergencies"=91 -LOG_LEVEL_ERRORS="errors"=92 -LOG_LEVEL_INFORMATIONAL="informational"=93 -LOG_LEVEL_NOTIFICATIONS="notifications"=94 -LOG_LEVEL_WARNINGS="warnings"=95 -LOG_LEVEL_DISABLE="disable"=96 -LOG_LEVEL_INACTIVE="inactive"=97 -TRANSLATE_TO="->"=98 -Whitespace=99 -HEX_CONST=100 -NUMBER=101 -NEG_INT_CONST=102 -HEX_DIGIT=103 -DIGIT=104 -NUM_3DIGIT=105 -NUM_HEX_4DIGIT=106 -NUMBER_ADDRESS_OR_WORD=107 -STRING=108 -PIPE_CHAR=109 -NUMBER_SIGN=110 -PERCENT=111 -AMPERSAND=112 -APOSTROPHE=113 -STAR=114 -PLUS=115 -MINUS=116 -DOT=117 -SEMICOLON=118 -QUESTION=119 -COMMERCIAL_AT=120 -OPENING_SQUARE=121 -CLOSING_SQUARE=122 -CARET=123 -UNDERLINE=124 -TILDE=125 -EXLAMATION=126 +TABLE="table"=13 +NAT="nat"=14 +BINAT="binat"=15 +RDR="rdr"=16 +TIMEOUT="timeout"=17 +PASS="pass"=18 +BLOCK="block"=19 +IN="in"=20 +OUT="out"=21 +LOG="log"=22 +OPENING_PAREN=23 +COMMA=24 +CLOSING_PAREN=25 +ALL="all"=26 +USER="user"=27 +TO="to"=28 +QUICK="quick"=29 +ON="on"=30 +EXLAMATION=31 +OPENING_BRACE=32 +CLOSING_BRACE=33 +INET="inet"=34 +INET6="inet6"=35 +PROTO="proto"=36 +IP="ip"=37 +ICMP="icmp"=38 +IGMP="igmp"=39 +TCP="tcp"=40 +UDP="udp"=41 +RDP="rdp"=42 +RSVP="rsvp"=43 +GRE="gre"=44 +ESP="esp"=45 +AH="ah"=46 +EIGRP="eigrp"=47 +OSPF="ospf"=48 +IPIP="ipip"=49 +VRRP="vrrp"=50 +L2TP="l2tp"=51 +ISIS="isis"=52 +INT_CONST=53 +FROM="from"=54 +URPF_FAILED="urpf-failed"=55 +ANY="any"=56 +SELF="self"=57 +NO_ROUTE="no-route"=58 +IPV4=59 +IPV6=60 +SLASH=61 +LESS_THAN=62 +GREATER_THAN=63 +ROUTE_TO="route-to"=64 +REPLY_TO="reply-to"=65 +FLAGS="flags"=66 +ICMP_TYPE="icmp-type"=67 +ICMP_CODE="code"=68 +ICMP6_TYPE="icmp6-type"=69 +TAGGED="tagged"=70 +TAG="tag"=71 +NO="no"=72 +KEEP="keep"=73 +MODULATE="modulate"=74 +SYNPROXY="synproxy"=75 +STATE="state"=76 +LABEL="label"=77 +STRING=78 +PORT="port"=79 +COLON=80 +EXIT="exit"=81 +QUIT="quit"=82 +INTRFACE="interface"=83 +ICMP6="icmp6"=84 +IGRP="igrp"=85 +IPSEC="ipsec"=86 +NOS="nos"=87 +PCP="pcp"=88 +PIM="pim"=89 +PPTP="pptp"=90 +RIP="rip"=91 +SNP="snp"=92 +HOST="host"=93 +RANGE="range"=94 +LOG_LEVEL_ALERTS="alerts"=95 +LOG_LEVEL_CRITICAL="critical"=96 +LOG_LEVEL_DEBUGGING="debugging"=97 +LOG_LEVEL_EMERGENCIES="emergencies"=98 +LOG_LEVEL_ERRORS="errors"=99 +LOG_LEVEL_INFORMATIONAL="informational"=100 +LOG_LEVEL_NOTIFICATIONS="notifications"=101 +LOG_LEVEL_WARNINGS="warnings"=102 +LOG_LEVEL_DISABLE="disable"=103 +LOG_LEVEL_INACTIVE="inactive"=104 +TRANSLATE_TO="->"=105 +Whitespace=106 +HEX_CONST=107 +NUMBER=108 +NEG_INT_CONST=109 +HEX_DIGIT=110 +DIGIT=111 +NUM_3DIGIT=112 +NUM_HEX_4DIGIT=113 +NUMBER_ADDRESS_OR_WORD=114 +PIPE_CHAR=115 +NUMBER_SIGN=116 +PERCENT=117 +AMPERSAND=118 +APOSTROPHE=119 +STAR=120 +PLUS=121 +MINUS=122 +DOT=123 +SEMICOLON=124 +QUESTION=125 +COMMERCIAL_AT=126 +OPENING_SQUARE=127 +CLOSING_SQUARE=128 +CARET=129 +UNDERLINE=130 +TILDE=131 +DOUBLE_QUOTE=132 diff --git a/src/parsers/pf.g b/src/parsers/pf.g index 050d74986..1bf312024 100644 --- a/src/parsers/pf.g +++ b/src/parsers/pf.g @@ -124,6 +124,8 @@ cfgfile : set_command | scrub_command + | + table_command | nat_command | @@ -172,7 +174,7 @@ altq_command : ALTQ importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); importer->addMessageToLog( - QString("Warning: import of 'altq' commands is not supported.")); + QString("Error: import of 'altq' commands is not supported.")); consumeUntil(NEWLINE); } ; @@ -183,7 +185,7 @@ queue_command : QUEUE importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); importer->addMessageToLog( - QString("Warning: import of 'queue' commands is not supported.")); + QString("Error: import of 'queue' commands is not supported.")); consumeUntil(NEWLINE); } ; @@ -210,6 +212,17 @@ scrub_command : SCRUB } ; +//**************************************************************** +table_command : TABLE + { + importer->clear(); + importer->setCurrentLineNumber(LT(0)->getLine()); + importer->addMessageToLog( + QString("Warning: import of 'table' commands has not been implemented yet.")); + consumeUntil(NEWLINE); + } + ; + //**************************************************************** nat_command : NAT { @@ -227,7 +240,7 @@ binat_command : BINAT importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); importer->addMessageToLog( - QString("Warning: import of 'binat' commands is not supported.")); + QString("Error: import of 'binat' commands is not supported.")); consumeUntil(NEWLINE); } ; @@ -267,7 +280,7 @@ unknown_command : WORD //**************************************************************** -pass_command: PASS +pass_command : PASS { importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); @@ -277,13 +290,11 @@ pass_command: PASS } rule_extended NEWLINE { - importer->setInterfaceAndDirectionForRuleSet( - "", importer->iface, importer->direction); importer->pushRule(); } ; -block_command: BLOCK +block_command : BLOCK { importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); @@ -293,68 +304,91 @@ block_command: BLOCK } rule_extended NEWLINE { - importer->setInterfaceAndDirectionForRuleSet( - "", importer->iface, importer->direction); importer->pushRule(); } ; -rule_extended: - direction - (logging)? - (quick)? - (intrface)? - ( - (address_family)? - (protospec)? - hosts - filteropts - )? +rule_extended : + ( direction )? + ( logging )? + ( quick )? + ( intrface )? + ( route )? + ( address_family )? + ( protospec )? + ( hosts )? + ( filteropts )? ; -direction: (IN | OUT) +direction : ( IN | OUT ) { importer->direction = LT(0)->getText(); } ; -logging: LOG logopts +logging : + LOG (logopts)? { importer->logging = true; } ; -logopts: +logopts : + OPENING_PAREN logopt ( - COMMA + COMMA { importer->logopts += ","; } logopt )* + CLOSING_PAREN ; -logopt: ALL | USER | TO WORD +logopt : ALL | USER | TO WORD + { + importer->logopts += LT(0)->getText(); + } ; -quick: QUICK +quick : QUICK { importer->quick = true; } ; -intrface: ON WORD +intrface : ON ( ifspec | interface_list ) + ; + +ifspec { InterfaceSpec is; } : + ( EXLAMATION { is.neg = true; } )? + WORD { - importer->iface = LT(0)->getText(); - importer->newInterface(importer->iface); + is.name = LT(0)->getText(); + importer->iface_group.push_back(is); + importer->newInterface(is.name); } ; -address_family: INET | INET6 +interface_list : + OPENING_BRACE + ifspec + ( + ( COMMA )? + ifspec + )* + CLOSING_BRACE + ; + + +address_family : INET | INET6 { importer->address_family = LT(0)->getText(); } ; -protospec: PROTO +protospec : PROTO proto_def + ; + +proto_def : ( proto_name | @@ -364,63 +398,59 @@ protospec: PROTO ) ; -proto_name: (IP | ICMP | IGMP | TCP | UDP | RDP | RSVP | GRE | ESP | AH | +proto_name : (IP | ICMP | IGMP | TCP | UDP | RDP | RSVP | GRE | ESP | AH | EIGRP | OSPF | IPIP | VRRP | L2TP | ISIS ) { importer->proto_list.push_back(LT(0)->getText()); } ; -proto_number: INT_CONST +proto_number : INT_CONST { importer->proto_list.push_back(LT(0)->getText()); } ; -proto_list: +proto_list : OPENING_BRACE - protospec + proto_def ( - COMMA - protospec + ( COMMA )? + proto_def )* CLOSING_BRACE ; -hosts: +hosts : ALL + { + importer->src_group.push_back( + AddressSpec(AddressSpec::ANY, "0.0.0.0", "0.0.0.0")); + importer->dst_group.push_back( + AddressSpec(AddressSpec::ANY, "0.0.0.0", "0.0.0.0")); + } | - ( - ( - FROM - ( src_hosts_part )? - ( src_port_part )? - )? - ( - TO - ( dst_hosts_part )? - ( dst_port_part )? - ) - ) + ( hosts_from )? ( hosts_to )? ; -src_hosts_part: +hosts_from : + FROM ( src_hosts_part )? ( src_port_part )? + ; + +hosts_to : + TO ( dst_hosts_part )? ( dst_port_part )? + ; + +src_hosts_part : ( - ANY + common_hosts_part + | + URPF_FAILED { importer->tmp_group.push_back( - std::pair("0.0.0.0", "0.0.0.0")); + AddressSpec(AddressSpec::SPECIAL_ADDRESS, + "urpf-failed", "")); } - | - SELF - { - importer->tmp_group.push_back( - std::pair("self", "255.255.255.255")); - } - | - host - | - host_list ) { importer->src_neg = importer->tmp_neg; @@ -429,35 +459,42 @@ src_hosts_part: } ; -dst_hosts_part: - ( - ANY - { - importer->tmp_group.push_back( - std::pair("0.0.0.0", "0.0.0.0")); - } - | - SELF - { - importer->tmp_group.push_back( - std::pair("self", "255.255.255.255")); - } - | - host - | - host_list - ) +dst_hosts_part : + common_hosts_part { importer->dst_neg = importer->tmp_neg; - importer->dst_group.splice(importer->src_group.begin(), + importer->dst_group.splice(importer->dst_group.begin(), importer->tmp_group); } + ; +common_hosts_part : + ANY + { + importer->tmp_group.push_back( + AddressSpec(AddressSpec::ANY, "0.0.0.0", "0.0.0.0")); + } + | + SELF + { + importer->tmp_group.push_back( + AddressSpec(AddressSpec::SPECIAL_ADDRESS, "self", "")); + } + | + NO_ROUTE + { + importer->tmp_group.push_back( + AddressSpec(AddressSpec::SPECIAL_ADDRESS, "no-route", "")); + } + | + host + | + host_list ; host : ( - EXCLAMATION + EXLAMATION { importer->tmp_neg = true; } @@ -468,7 +505,7 @@ host : if (v6) { importer->addMessageToLog( - QString("Warning: IPv6 import is not supported. ")); + QString("Error: IPv6 import is not supported. ")); consumeUntil(NEWLINE); } else { @@ -477,7 +514,8 @@ host : if (h) addr = h->getText(); if (nm) netm = nm->getText(); importer->tmp_group.push_back( - std::pair(addr, netm)); + AddressSpec(AddressSpec::NETWORK_ADDRESS, + addr, netm)); } } | @@ -485,10 +523,15 @@ host : { // This should be an interface name importer->tmp_group.push_back( - std::pair( - LT(0)->getText(), "255.255.255.255")); + AddressSpec(AddressSpec::INTERFACE_NAME, + LT(0)->getText(), "")); + } + | + LESS_THAN tn:WORD GREATER_THAN + { + importer->tmp_group.push_back( + AddressSpec(AddressSpec::TABLE, tn->getText(), "")); } - // Add table matching here ) ; @@ -502,20 +545,160 @@ host_list : CLOSING_BRACE ; -filteropts: +// ************************************************************************ +route : + route_to | reply_to + ; + +route_to : + ROUTE_TO ( routehost | routehost_list ) + { + importer->route_type = PFImporter::ROUTE_TO; + } + ; + +reply_to : + REPLY_TO ( routehost | routehost_list ) + { + importer->route_type = PFImporter::REPLY_TO; + } + ; + +routehost { RouteSpec rs; } : + OPENING_PAREN + WORD { rs.iface = LT(0)->getText(); } + (h:IPV4 | v6:IPV6) (SLASH (nm:IPV4 | nm6:INT_CONST))? + { + if (v6) + { + importer->addMessageToLog( + QString("Error: IPv6 import is not supported. ")); + consumeUntil(NEWLINE); + } else + { + if (h) rs.address = h->getText(); + if (nm) rs.netmask = nm->getText(); + importer->route_group.push_back(rs); + } + } + CLOSING_PAREN + ; + +routehost_list : + OPENING_BRACE + routehost + ( + ( COMMA )? + routehost + )* + CLOSING_BRACE + ; + +// ************************************************************************ +filteropts : filteropt ( - COMMA + ( COMMA )? filteropt )* ; -filteropt: - (state)? - (queue)? +filteropt : + tcp_flags + | + icmp_type + | + icmp6_type + | + tagged + | + tag_clause + | + state + | + queue + | + label ; -state: +tcp_flags : + FLAGS + ( + ANY + { + importer->flags_check = "any"; + importer->flags_mask = "all"; + } + | + ( check:WORD )? SLASH ( mask:WORD )? + { + if (check) + importer->flags_check = check->getText(); + else + importer->flags_check = "any"; + if (mask) + importer->flags_mask = mask->getText(); + else + importer->flags_mask = "all"; + } + ) + ; + +icmp_type : + ICMP_TYPE + ( + icmp_type_code + | + icmp_list + ) + ; + +icmp_type_code { std::string icmp_type, icmp_code; } : + ( WORD | INT_CONST ) { icmp_type = LT(0)->getText(); } + ( + ICMP_CODE ( WORD | INT_CONST ) { icmp_code = LT(0)->getText(); } + )? + { + importer->icmp_type_code_group.push_back( + str_tuple(icmp_type, icmp_code)); + } + ; + +icmp_list : + OPENING_BRACE + icmp_type_code + ( + ( COMMA )? + icmp_type_code + )* + CLOSING_BRACE + ; + + +icmp6_type : + ICMP6_TYPE + { + importer->addMessageToLog( + QString("Error: ICMP6 import is not supported. ")); + consumeUntil(NEWLINE); + } + ; + +tagged : + TAGGED WORD + { + importer->tagged = LT(0)->getText(); + } + ; + +tag_clause : + TAG WORD + { + importer->tag = LT(0)->getText(); + } + ; + +state : ( NO | @@ -531,25 +714,29 @@ state: STATE ; -queue: +queue : QUEUE ( WORD { importer->queue += LT(0)->getText(); } | - OPENING_PAREN { importer->queue += "("; } + OPENING_PAREN WORD { importer->queue += LT(0)->getText(); } ( COMMA { importer->queue += ","; } WORD { importer->queue += LT(0)->getText(); } )* - CLOSING_PAREN { importer->queue += ")"; } + CLOSING_PAREN ) ; +label : + LABEL STRING + ; + //**************************************************************** src_port_part : - PORT ( unary_op | binary_op | op_list ) + PORT ( port_op | port_op_list ) { importer->src_port_group.splice(importer->src_port_group.begin(), importer->tmp_port_group); @@ -557,86 +744,77 @@ src_port_part : ; dst_port_part : - PORT ( unary_op | binary_op | op_list ) + PORT ( port_op | port_op_list ) { importer->dst_port_group.splice(importer->dst_port_group.begin(), importer->tmp_port_group); } ; -unary_op : - { - std::string op = "="; - } +unary_port_op : ( - ( - EQUAL - | - NOT_EQUAL - | - LESS_THAN - | - LESS_OR_EQUAL_THAN - | - GREATER_THAN - | - GREATER_OR_EQUAL_THAN - ) - { - op = LT(0)->getText(); - } - )? - port_def - { - std::vector tuple; - tuple.push_back(op); - tuple.push_back(importer->tmp_port_def); - importer->tmp_port_group.push_back(tuple); - } + EQUAL { importer->tmp_port_op = "="; } + | + EXLAMATION EQUAL { importer->tmp_port_op = "!="; } + | + LESS_THAN { importer->tmp_port_op = "<"; } + | + LESS_THAN EQUAL { importer->tmp_port_op = "<="; } + | + GREATER_THAN { importer->tmp_port_op = ">"; } + | + GREATER_THAN EQUAL { importer->tmp_port_op = ">="; } + ) ; -binary_op : - { - std::string op; - std::string arg1; - std::vector tuple; - } - port_def - { - arg1 = importer->tmp_port_def; - } +binary_port_op : ( - EXCEPT_RANGE + LESS_THAN GREATER_THAN { importer->tmp_port_op = "<>"; } | - INSIDE_RANGE + GREATER_THAN LESS_THAN { importer->tmp_port_op = "><"; } | - COLON + COLON { importer->tmp_port_op = ":"; } + ) + ; + +port_op { PortSpec ps; } : + ( + unary_port_op { ps.port_op = importer->tmp_port_op; } + port_def + { + ps.port1 = importer->tmp_port_def; + ps.port2 = importer->tmp_port_def; + } + | + port_def + { + ps.port1 = importer->tmp_port_def; + ps.port2 = ps.port1; + ps.port_op = "="; + } + ( + binary_port_op { ps.port_op = importer->tmp_port_op; } + port_def { ps.port2 = LT(0)->getText(); } + )? ) { - op = LT(0)->getText(); - } - port_def - { - tuple.push_back(op); - tuple.push_back(arg1); - tuple.push_back(importer->tmp_port_def); - importer->tmp_port_group.push_back(tuple); + importer->tmp_port_group.push_back(ps); } ; port_def : - ( WORD | INT_CONST | PORT_RANGE ) + WORD | INT_CONST { importer->tmp_port_def = LT(0)->getText(); } ; -op_list : +port_op_list : OPENING_BRACE - ( unary_op | binary_op ) + port_op ( - COMMA - ( unary_op | binary_op ) + ( COMMA )? + port_op )* CLOSING_BRACE ; @@ -709,13 +887,20 @@ tokens ISIS = "isis"; HOST = "host"; - ANY = "any"; + ANY = "any"; + ALL = "all"; + USER = "user"; + PORT = "port"; RANGE = "range"; LOG = "log"; + NO_ROUTE = "no-route"; + SELF = "self"; + URPF_FAILED = "urpf-failed"; + LOG_LEVEL_ALERTS = "alerts"; LOG_LEVEL_CRITICAL = "critical"; LOG_LEVEL_DEBUGGING = "debugging"; @@ -737,14 +922,17 @@ tokens NAT = "nat"; RDR = "rdr"; BINAT = "binat"; + TABLE = "table"; QUEUE = "queue"; - NOT_EQUAL = "!=" ; - LESS_OR_EQUAL_THAN = "<=" ; - GREATER_OR_EQUAL_THAN = ">=" ; - EXCEPT_RANGE = "<>"; - INSIDE_RANGE = "><"; + LABEL = "label"; + + ROUTE_TO = "route-to"; + REPLY_TO = "reply-to"; + + TAG = "tag"; + TAGGED = "tagged"; TRANSLATE_TO = "->"; @@ -752,6 +940,11 @@ tokens KEEP = "keep"; MODULATE = "modulate"; SYNPROXY = "synproxy"; + + FLAGS = "flags"; + ICMP_TYPE = "icmp-type"; + ICMP6_TYPE = "icmp6-type"; + ICMP_CODE = "code"; } LINE_COMMENT : "#" (~('\r' | '\n'))* NEWLINE ; @@ -786,7 +979,7 @@ protected DIGIT : '0'..'9' ; protected -NUM_3DIGIT: ('1'..'9') (('0'..'9') ('0'..'9')?)? ; +NUM_3DIGIT: ('0'..'9') (('0'..'9') ('0'..'9')?)? ; protected NUM_HEX_4DIGIT: HEX_DIGIT ((HEX_DIGIT) ((HEX_DIGIT) (HEX_DIGIT)?)?)? ; @@ -803,9 +996,9 @@ options { | ( (DIGIT)+ '.' (DIGIT)+ )=> ( (DIGIT)+ '.' (DIGIT)+ ) { $setType(NUMBER); } - | - ( (DIGIT)+ ':' (DIGIT)+ )=> ( (DIGIT)+ ':' (DIGIT)+ ) - { $setType(PORT_RANGE); } +// | +// ( (DIGIT)+ ':' (DIGIT)+ )=> ( (DIGIT)+ ':' (DIGIT)+ ) +// { $setType(PORT_RANGE); } | ( DIGIT )+ { $setType(INT_CONST); } @@ -835,12 +1028,13 @@ options { | -// making sure ',' '(' ')' '=' '<' '>' '-' '+' are not part of WORD do +// making sure ',' '(' ')' '=' '<' '>' '+' are not part of WORD do // not start WORD with '$' since we expand macros in PFImporterRun // using regex. +// double quote " should be included, without it STRING does not match ( 'a'..'z' | 'A'..'Z' ) - ( '$' | '%' | '&' | '0'..'9' | ';' | + ( '"' | '$' | '%' | '&' | '-' | '0'..'9' | ';' | '?' | '@' | 'A'..'Z' | '\\' | '^' | '_' | '`' | 'a'..'z' )* { $setType(WORD); } ; @@ -860,9 +1054,10 @@ MINUS : '-' ; DOT : '.' ; SLASH : '/' ; -// COLON : ':' ; +//COLON : ':' ; SEMICOLON : ';' ; -EQUAL : '=' ; + +EQUAL : '='; QUESTION : '?' ; COMMERCIAL_AT : '@' ; @@ -885,3 +1080,5 @@ EXLAMATION : '!'; LESS_THAN : '<' ; GREATER_THAN : '>' ; + +DOUBLE_QUOTE : '"'; From e10ab65393d43caf4940d86ecac60c3735206736 Mon Sep 17 00:00:00 2001 From: Vadim Kurland Date: Wed, 25 May 2011 23:57:27 -0700 Subject: [PATCH 07/10] see #2394 creating policy rules with src and dst populated; parsing and creating address tables and groups of addresses --- src/import/Importer.cpp | 44 +- src/import/Importer.h | 3 + src/import/PFImporter.cpp | 168 ++++- src/import/PFImporter.h | 25 +- src/parsers/PFCfgLexer.cpp | 359 +++++----- src/parsers/PFCfgLexer.hpp | 2 +- src/parsers/PFCfgParser.cpp | 962 ++++++++++++++++---------- src/parsers/PFCfgParser.hpp | 11 +- src/parsers/PFCfgParserTokenTypes.hpp | 244 +++---- src/parsers/PFCfgParserTokenTypes.txt | 244 +++---- src/parsers/pf.g | 78 ++- 11 files changed, 1293 insertions(+), 847 deletions(-) diff --git a/src/import/Importer.cpp b/src/import/Importer.cpp index 0bdc6b4ce..efdfcb366 100644 --- a/src/import/Importer.cpp +++ b/src/import/Importer.cpp @@ -586,48 +586,38 @@ void Importer::setDstSelf() dst_a = "self"; } -FWObject* Importer::makeSrcObj() +FWObject* Importer::makeAddressObj(const std::string addr, const std::string netm) { - if (src_a == "self") + if (addr == "self") { return getFirewallObject(); } - if ( (src_a=="" && src_nm=="") || - (src_a==InetAddr::getAny().toString() && - src_nm==InetAddr::getAny().toString())) + if ( (addr=="" && netm=="") || + (addr==InetAddr::getAny().toString() && + netm==InetAddr::getAny().toString())) return NULL; // this is 'any' - if (src_nm=="") src_nm = InetAddr::getAllOnes().toString(); - ObjectSignature sig(error_tracker); sig.type_name = Address::TYPENAME; - sig.setAddress(src_a.c_str()); - sig.setNetmask(src_nm.c_str(), address_maker->getInvertedNetmasks()); + sig.setAddress(addr.c_str()); + if (netm=="") + sig.setNetmask(InetAddr::getAllOnes().toString().c_str(), + address_maker->getInvertedNetmasks()); + else + sig.setNetmask(netm.c_str(), address_maker->getInvertedNetmasks()); return commitObject(address_maker->createObject(sig)); } +FWObject* Importer::makeSrcObj() +{ + return makeAddressObj(src_a, src_nm); +} + FWObject* Importer::makeDstObj() { - if (dst_a == "self") - { - return getFirewallObject(); - } - - if ( (dst_a=="" && dst_nm=="") || - (dst_a==InetAddr::getAny().toString() && - dst_nm==InetAddr::getAny().toString())) - return NULL; // this is 'any' - - if (dst_nm=="") dst_nm=InetAddr::getAllOnes().toString(); - - ObjectSignature sig(error_tracker); - sig.type_name = Address::TYPENAME; - sig.setAddress(dst_a.c_str()); - sig.setNetmask(dst_nm.c_str(), address_maker->getInvertedNetmasks()); - - return commitObject(address_maker->createObject(sig)); + return makeAddressObj(dst_a, dst_nm); } FWObject* Importer::makeSrvObj() diff --git a/src/import/Importer.h b/src/import/Importer.h index f0345fef8..7aced0e2c 100644 --- a/src/import/Importer.h +++ b/src/import/Importer.h @@ -182,6 +182,9 @@ protected: virtual libfwbuilder::FWObject* createGroupOfInterfaces( const std::string &ruleset_name, std::list &interfaces); + virtual libfwbuilder::FWObject* makeAddressObj(const std::string addr, + const std::string netm); + virtual libfwbuilder::FWObject* makeSrcObj(); virtual libfwbuilder::FWObject* makeDstObj(); virtual libfwbuilder::FWObject* makeSrvObj(); diff --git a/src/import/PFImporter.cpp b/src/import/PFImporter.cpp index 660665849..26f2afc44 100644 --- a/src/import/PFImporter.cpp +++ b/src/import/PFImporter.cpp @@ -35,6 +35,7 @@ #include "fwbuilder/FWObjectDatabase.h" #include "fwbuilder/AddressRange.h" +#include "fwbuilder/AddressTable.h" #include "fwbuilder/Resources.h" #include "fwbuilder/Network.h" #include "fwbuilder/Address.h" @@ -90,6 +91,7 @@ void PFImporter::clear() iface_group.clear(); proto_list.clear(); + tmp_group.clear(); src_group.clear(); dst_group.clear(); @@ -124,35 +126,81 @@ void PFImporter::clearTempVars() Importer::clear(); } -FWObject* PFImporter::makeSrcObj() +void PFImporter::addSrc() { - if (src_nm == "interface") - { - Interface *intf = getInterfaceByName(src_a); - if (intf) return intf; - reportError( - QString("Cannot find interface with label '%1'").arg(src_a.c_str())); - } + PolicyRule *rule = PolicyRule::cast(current_rule); + RuleElement *re = rule->getSrc(); - return Importer::makeSrcObj(); + list::iterator it; + for (it=src_group.begin(); it!=src_group.end(); ++it) + { + FWObject *obj = makeAddressObj(*it); + if (obj) re->addRef(obj); + } } -FWObject* PFImporter::makeDstObj() +void PFImporter::addDst() { - if (dst_nm == "interface") - { - Interface *intf = getInterfaceByName(dst_a); - if (intf) return intf; - reportError( - QString("Cannot find interface with label '%1'").arg(dst_a.c_str())); - } + PolicyRule *rule = PolicyRule::cast(current_rule); + RuleElement *re = rule->getDst(); - return Importer::makeDstObj(); + list::iterator it; + for (it=dst_group.begin(); it!=dst_group.end(); ++it) + { + FWObject *obj = makeAddressObj(*it); + if (obj) re->addRef(obj); + } } -FWObject* PFImporter::makeSrvObj() +void PFImporter::addSrv() { - return Importer::makeSrvObj(); + PolicyRule *rule = PolicyRule::cast(current_rule); + RuleElement *re = rule->getSrv(); + + // list::iterator it; + // for (it=dst_group.begin(); it!=dst_group.end(); ++it) + // { + // FWObject *obj = makeAddressObj(*it); + // if (obj) re->addRef(obj); + // } +} + +FWObject* PFImporter::makeAddressObj(AddressSpec &as) +{ + if (as.at == AddressSpec::ANY) return NULL; + + if (as.at == AddressSpec::INTERFACE_NAME) + { + Interface *intf = getInterfaceByName(as.address); + assert(intf!=NULL); + return intf; + } + + if (as.at == AddressSpec::HOST_ADDRESS) + { + return Importer::makeAddressObj(as.address, ""); + } + + if (as.at == AddressSpec::NETWORK_ADDRESS) + { + return Importer::makeAddressObj(as.address, as.netmask); + } + + if (as.at == AddressSpec::SPECIAL_ADDRESS) + { + if (as.address == "self") return getFirewallObject(); + { + addMessageToLog( + QObject::tr("Warning: matching '%1' is not supported") + .arg(as.address.c_str())); + return NULL; + } + } + + if (as.at == AddressSpec::TABLE) + { + return address_table_registry[as.address.c_str()]; + } } void PFImporter::addLogging() @@ -260,10 +308,8 @@ void PFImporter::pushPolicyRule() // importer->setInterfaceAndDirectionForRuleSet( // "", importer->iface, importer->direction); - - addMessageToLog( - QString("filtering rule: action %1") - .arg(action.c_str())); + QString message_str = + QString("filtering rule: action %1; interfaces: %2"); PolicyRule *rule = PolicyRule::cast(current_rule); @@ -272,7 +318,10 @@ void PFImporter::pushPolicyRule() if (action=="pass") { - rule->setAction(PolicyRule::Accept); + if (quick) + rule->setAction(PolicyRule::Accept); + else + rule->setAction(PolicyRule::Continue); ropt->setBool("stateless", false); } @@ -282,7 +331,35 @@ void PFImporter::pushPolicyRule() ropt->setBool("stateless", true); } - rule->setDirection(PolicyRule::Both); + if (direction == "in") rule->setDirection(PolicyRule::Inbound); + if (direction == "out") rule->setDirection(PolicyRule::Outbound); + if (direction == "") rule->setDirection(PolicyRule::Both); + + QStringList interfaces; + list::iterator it; + for (it=iface_group.begin(); it!=iface_group.end(); ++it) + { + Interface *intf = getInterfaceByName(it->name); + assert(intf!=NULL); + RuleElement *re =rule->getItf(); + re->addRef(intf); + interfaces << it->name.c_str(); + } + + /* + * Set state-related rule options using variable state_op + */ + + + /* + * Set tagging rule option using variable tag + */ + + /* + * Set queueing rule option using variable queue + */ + + /* * Protocols are in proto_list @@ -290,17 +367,23 @@ void PFImporter::pushPolicyRule() * Destination addresses are in dst_group */ - addSrc(); addDst(); addSrv(); + /* + * Set logging options using variables logging and logopts + */ addLogging(); // then add it to the current ruleset current_ruleset->ruleset->add(current_rule); addStandardImportComment( current_rule, QString::fromUtf8(rule_comment.c_str())); + + addMessageToLog(message_str.arg(action.c_str()).arg(interfaces.join(","))); + + } Firewall* PFImporter::finalize() @@ -364,3 +447,34 @@ Interface* PFImporter::getInterfaceByName(const string &name) return NULL; } +void PFImporter::newAddressTableObject(const string &name, const string &file) +{ + ObjectMaker maker(Library::cast(library), error_tracker); + AddressTable *at = AddressTable::cast( + commitObject(maker.createObject(AddressTable::TYPENAME, name.c_str()))); + assert(at!=NULL); + at->setRunTime(true); + at->setSourceName(file); + address_table_registry[name.c_str()] = at; + + addMessageToLog(QString("Address Table: <%1> file %2") + .arg(name.c_str()).arg(file.c_str())); +} + +void PFImporter::newAddressTableObject(const string &name, + list &addresses) +{ + ObjectMaker maker(Library::cast(library), error_tracker); + FWObject *og = + commitObject(maker.createObject(ObjectGroup::TYPENAME, name.c_str())); + assert(og!=NULL); + address_table_registry[name.c_str()] = og; + + list::iterator it; + for (it=addresses.begin(); it!=addresses.end(); ++it) + { + FWObject *obj = makeAddressObj(*it); + if (obj) og->addRef(obj); + } +} + diff --git a/src/import/PFImporter.h b/src/import/PFImporter.h index 7bcbaa6a3..cc092f89a 100644 --- a/src/import/PFImporter.h +++ b/src/import/PFImporter.h @@ -70,28 +70,31 @@ public: typedef enum { UNKNOWN, ANY, + HOST_NAME, HOST_ADDRESS, NETWORK_ADDRESS, SPECIAL_ADDRESS, INTERFACE_NAME, TABLE } address_type; - + address_type at; + bool neg; std::string address; std::string netmask; AddressSpec() - { at = UNKNOWN; address = ""; netmask = ""; } + { at = UNKNOWN; neg = false; address = ""; netmask = ""; } AddressSpec(const AddressSpec &other) { at = other.at; + neg = other.neg; address = other.address; netmask = other.netmask; } - AddressSpec(address_type _at, const std::string _addr, const std::string _nm) - { at = _at; address = _addr; netmask = _nm; } + AddressSpec(address_type _at, bool _neg, const std::string _addr, const std::string _nm) + { at = _at; neg= _neg; address = _addr; netmask = _nm; } }; @@ -154,6 +157,8 @@ public: REPLY_TO, DUP_TO} route_op_type; + QMap address_table_registry; + std::string direction; std::string address_family; bool quick; @@ -211,13 +216,19 @@ public: // and does final clean up. virtual libfwbuilder::Firewall* finalize(); - virtual libfwbuilder::FWObject* makeSrcObj(); - virtual libfwbuilder::FWObject* makeDstObj(); - virtual libfwbuilder::FWObject* makeSrvObj(); + virtual libfwbuilder::FWObject* makeAddressObj(AddressSpec &as); + + virtual void addSrc(); + virtual void addDst(); + virtual void addSrv(); virtual void addLogging(); libfwbuilder::Interface* getInterfaceByName(const std::string &name); + + void newAddressTableObject(const std::string &name, const std::string &file); + void newAddressTableObject(const std::string &name, + std::list &addresses); }; #endif diff --git a/src/parsers/PFCfgLexer.cpp b/src/parsers/PFCfgLexer.cpp index e758ea60d..c49f3e3c1 100644 --- a/src/parsers/PFCfgLexer.cpp +++ b/src/parsers/PFCfgLexer.cpp @@ -1,4 +1,4 @@ -/* $ANTLR 2.7.7 (20100319): "pf.g" -> "PFCfgLexer.cpp"$ */ +/* $ANTLR 2.7.7 (20090306): "pf.g" -> "PFCfgLexer.cpp"$ */ #line 42 "pf.g" // gets inserted before the antlr generated includes in the cpp @@ -44,90 +44,93 @@ PFCfgLexer::PFCfgLexer(const ANTLR_USE_NAMESPACE(antlr)LexerSharedInputState& st void PFCfgLexer::initLiterals() { - literals["vrrp"] = 50; - literals["critical"] = 96; - literals["ospf"] = 48; - literals["rdp"] = 42; - literals["disable"] = 103; + literals["vrrp"] = 61; + literals["critical"] = 100; + literals["ospf"] = 59; + literals["rdp"] = 53; + literals["disable"] = 107; literals["scrub"] = 12; - literals["ipsec"] = 86; - literals["inet"] = 34; - literals["pcp"] = 88; - literals["emergencies"] = 98; - literals["debugging"] = 97; - literals["snp"] = 92; - literals["timeout"] = 17; - literals["to"] = 28; - literals["flags"] = 66; - literals["isis"] = 52; - literals["icmp6-type"] = 69; - literals["pptp"] = 90; - literals["pass"] = 18; - literals["no"] = 72; - literals["from"] = 54; - literals["igrp"] = 85; - literals["pim"] = 89; - literals["tagged"] = 70; - literals["rsvp"] = 43; - literals["route-to"] = 64; - literals["nos"] = 87; - literals["quit"] = 82; - literals["->"] = 105; - literals["icmp-type"] = 67; - literals["exit"] = 81; - literals["modulate"] = 74; - literals["nat"] = 14; - literals["range"] = 94; - literals["urpf-failed"] = 55; - literals["out"] = 21; + literals["ipsec"] = 90; + literals["inet"] = 45; + literals["pcp"] = 92; + literals["emergencies"] = 102; + literals["debugging"] = 101; + literals["persist"] = 16; + literals["snp"] = 96; + literals["timeout"] = 32; + literals["to"] = 42; + literals["flags"] = 71; + literals["isis"] = 63; + literals["icmp6-type"] = 74; + literals["const"] = 17; + literals["pptp"] = 94; + literals["pass"] = 33; + literals["no"] = 77; + literals["from"] = 64; + literals["igrp"] = 89; + literals["pim"] = 93; + literals["tagged"] = 75; + literals["rsvp"] = 54; + literals["route-to"] = 69; + literals["nos"] = 91; + literals["quit"] = 86; + literals["->"] = 109; + literals["icmp-type"] = 72; + literals["exit"] = 85; + literals["modulate"] = 79; + literals["nat"] = 29; + literals["range"] = 98; + literals["urpf-failed"] = 65; + literals["out"] = 36; literals["queue"] = 10; - literals["gre"] = 44; + literals["gre"] = 55; literals["set"] = 11; - literals["warnings"] = 102; - literals["ah"] = 46; - literals["host"] = 93; - literals["interface"] = 83; - literals["rip"] = 91; - literals["icmp6"] = 84; - literals["notifications"] = 101; - literals["synproxy"] = 75; + literals["warnings"] = 106; + literals["ah"] = 57; + literals["host"] = 97; + literals["interface"] = 87; + literals["rip"] = 95; + literals["icmp6"] = 88; + literals["notifications"] = 105; + literals["file"] = 19; + literals["synproxy"] = 80; literals["altq"] = 9; - literals["any"] = 56; - literals["esp"] = 45; - literals["alerts"] = 95; - literals["all"] = 26; - literals["inet6"] = 35; - literals["inactive"] = 104; - literals["label"] = 77; - literals["udp"] = 41; - literals["no-route"] = 58; - literals["reply-to"] = 65; - literals["tag"] = 71; - literals["port"] = 79; - literals["code"] = 68; - literals["ip"] = 37; + literals["any"] = 66; + literals["esp"] = 56; + literals["alerts"] = 99; + literals["all"] = 40; + literals["inet6"] = 46; + literals["inactive"] = 108; + literals["label"] = 82; + literals["no-route"] = 67; + literals["udp"] = 52; + literals["reply-to"] = 70; + literals["tag"] = 76; + literals["port"] = 83; + literals["code"] = 73; + literals["ip"] = 48; literals["table"] = 13; - literals["eigrp"] = 47; - literals["errors"] = 99; - literals["ipip"] = 49; + literals["eigrp"] = 58; + literals["errors"] = 103; + literals["ipip"] = 60; literals["antispoof"] = 8; - literals["binat"] = 15; - literals["igmp"] = 39; - literals["on"] = 30; - literals["state"] = 76; - literals["proto"] = 36; - literals["log"] = 22; - literals["rdr"] = 16; - literals["informational"] = 100; - literals["in"] = 20; - literals["self"] = 57; - literals["keep"] = 73; - literals["block"] = 19; - literals["l2tp"] = 51; - literals["quick"] = 29; - literals["user"] = 27; - literals["icmp"] = 38; - literals["tcp"] = 40; + literals["binat"] = 30; + literals["igmp"] = 50; + literals["on"] = 44; + literals["state"] = 81; + literals["proto"] = 47; + literals["log"] = 37; + literals["rdr"] = 31; + literals["informational"] = 104; + literals["self"] = 25; + literals["in"] = 35; + literals["keep"] = 78; + literals["block"] = 34; + literals["l2tp"] = 62; + literals["quick"] = 43; + literals["user"] = 41; + literals["icmp"] = 49; + literals["tcp"] = 51; } ANTLR_USE_NAMESPACE(antlr)RefToken PFCfgLexer::nextToken() @@ -435,11 +438,11 @@ void PFCfgLexer::mLINE_COMMENT(bool _createToken) { } } else { - goto _loop140; + goto _loop152; } } - _loop140:; + _loop152:; } // ( ... )* mNEWLINE(false); if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { @@ -471,9 +474,9 @@ void PFCfgLexer::mNEWLINE(bool _createToken) { } if ( inputState->guessing==0 ) { -#line 958 "pf.g" +#line 1010 "pf.g" newline(); -#line 477 "PFCfgLexer.cpp" +#line 480 "PFCfgLexer.cpp" } if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { _token = makeToken(_ttype); @@ -552,9 +555,9 @@ void PFCfgLexer::mWhitespace(bool _createToken) { } } if ( inputState->guessing==0 ) { -#line 953 "pf.g" +#line 1005 "pf.g" _ttype = ANTLR_USE_NAMESPACE(antlr)Token::SKIP; -#line 558 "PFCfgLexer.cpp" +#line 561 "PFCfgLexer.cpp" } if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { _token = makeToken(_ttype); @@ -739,10 +742,10 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { _ttype = NUMBER_ADDRESS_OR_WORD; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; - bool synPredMatched165 = false; + bool synPredMatched177 = false; if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (_tokenSet_2.member(LA(2))) && (_tokenSet_2.member(LA(3))))) { - int _m165 = mark(); - synPredMatched165 = true; + int _m177 = mark(); + synPredMatched177 = true; inputState->guessing++; try { { @@ -753,12 +756,12 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { - synPredMatched165 = false; + synPredMatched177 = false; } - rewind(_m165); + rewind(_m177); inputState->guessing--; } - if ( synPredMatched165 ) { + if ( synPredMatched177 ) { { mNUM_3DIGIT(false); match('.' /* charlit */ ); @@ -769,99 +772,99 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { mNUM_3DIGIT(false); } if ( inputState->guessing==0 ) { -#line 995 "pf.g" +#line 1047 "pf.g" _ttype = IPV4; -#line 775 "PFCfgLexer.cpp" +#line 778 "PFCfgLexer.cpp" } } else { - bool synPredMatched172 = false; + bool synPredMatched184 = false; if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (_tokenSet_2.member(LA(2))) && (_tokenSet_2.member(LA(3))))) { - int _m172 = mark(); - synPredMatched172 = true; + int _m184 = mark(); + synPredMatched184 = true; inputState->guessing++; try { { { // ( ... )+ - int _cnt169=0; + int _cnt181=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt169>=1 ) { goto _loop169; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt181>=1 ) { goto _loop181; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt169++; + _cnt181++; } - _loop169:; + _loop181:; } // ( ... )+ match('.' /* charlit */ ); { // ( ... )+ - int _cnt171=0; + int _cnt183=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt171>=1 ) { goto _loop171; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt183>=1 ) { goto _loop183; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt171++; + _cnt183++; } - _loop171:; + _loop183:; } // ( ... )+ } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { - synPredMatched172 = false; + synPredMatched184 = false; } - rewind(_m172); + rewind(_m184); inputState->guessing--; } - if ( synPredMatched172 ) { + if ( synPredMatched184 ) { { { // ( ... )+ - int _cnt175=0; + int _cnt187=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt175>=1 ) { goto _loop175; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt187>=1 ) { goto _loop187; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt175++; + _cnt187++; } - _loop175:; + _loop187:; } // ( ... )+ match('.' /* charlit */ ); { // ( ... )+ - int _cnt177=0; + int _cnt189=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt177>=1 ) { goto _loop177; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt189>=1 ) { goto _loop189; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt177++; + _cnt189++; } - _loop177:; + _loop189:; } // ( ... )+ } if ( inputState->guessing==0 ) { -#line 998 "pf.g" +#line 1050 "pf.g" _ttype = NUMBER; -#line 858 "PFCfgLexer.cpp" +#line 861 "PFCfgLexer.cpp" } } else { - bool synPredMatched196 = false; + bool synPredMatched208 = false; if (((LA(1) == 0x3a /* ':' */ ) && (LA(2) == 0x3a /* ':' */ ) && ((LA(3) >= 0x30 /* '0' */ && LA(3) <= 0x39 /* '9' */ )))) { - int _m196 = mark(); - synPredMatched196 = true; + int _m208 = mark(); + synPredMatched208 = true; inputState->guessing++; try { { @@ -871,12 +874,12 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { - synPredMatched196 = false; + synPredMatched208 = false; } - rewind(_m196); + rewind(_m208); inputState->guessing--; } - if ( synPredMatched196 ) { + if ( synPredMatched208 ) { match(':' /* charlit */ ); match(':' /* charlit */ ); mNUM_HEX_4DIGIT(false); @@ -887,23 +890,23 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { mNUM_HEX_4DIGIT(false); } else { - goto _loop198; + goto _loop210; } } - _loop198:; + _loop210:; } // ( ... )* if ( inputState->guessing==0 ) { -#line 1021 "pf.g" +#line 1073 "pf.g" _ttype = IPV6; -#line 900 "PFCfgLexer.cpp" +#line 903 "PFCfgLexer.cpp" } } else { - bool synPredMatched181 = false; + bool synPredMatched193 = false; if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && ((LA(2) >= 0x61 /* 'a' */ && LA(2) <= 0x66 /* 'f' */ )))) { - int _m181 = mark(); - synPredMatched181 = true; + int _m193 = mark(); + synPredMatched193 = true; inputState->guessing++; try { { @@ -912,60 +915,60 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { - synPredMatched181 = false; + synPredMatched193 = false; } - rewind(_m181); + rewind(_m193); inputState->guessing--; } - if ( synPredMatched181 ) { + if ( synPredMatched193 ) { { - bool synPredMatched186 = false; + bool synPredMatched198 = false; if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && ((LA(2) >= 0x61 /* 'a' */ && LA(2) <= 0x66 /* 'f' */ )) && ((LA(3) >= 0x30 /* '0' */ && LA(3) <= 0x3a /* ':' */ )))) { - int _m186 = mark(); - synPredMatched186 = true; + int _m198 = mark(); + synPredMatched198 = true; inputState->guessing++; try { { { // ( ... )+ - int _cnt185=0; + int _cnt197=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mNUM_HEX_4DIGIT(false); match(':' /* charlit */ ); } else { - if ( _cnt185>=1 ) { goto _loop185; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt197>=1 ) { goto _loop197; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt185++; + _cnt197++; } - _loop185:; + _loop197:; } // ( ... )+ match(':' /* charlit */ ); } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { - synPredMatched186 = false; + synPredMatched198 = false; } - rewind(_m186); + rewind(_m198); inputState->guessing--; } - if ( synPredMatched186 ) { + if ( synPredMatched198 ) { { { // ( ... )+ - int _cnt189=0; + int _cnt201=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mNUM_HEX_4DIGIT(false); match(':' /* charlit */ ); } else { - if ( _cnt189>=1 ) { goto _loop189; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt201>=1 ) { goto _loop201; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt189++; + _cnt201++; } - _loop189:; + _loop201:; } // ( ... )+ match(':' /* charlit */ ); { @@ -978,11 +981,11 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { mNUM_HEX_4DIGIT(false); } else { - goto _loop192; + goto _loop204; } } - _loop192:; + _loop204:; } // ( ... )* } else { @@ -991,32 +994,32 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { } } if ( inputState->guessing==0 ) { -#line 1012 "pf.g" +#line 1064 "pf.g" _ttype = IPV6; -#line 997 "PFCfgLexer.cpp" +#line 1000 "PFCfgLexer.cpp" } } else if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && ((LA(2) >= 0x61 /* 'a' */ && LA(2) <= 0x66 /* 'f' */ )) && ((LA(3) >= 0x30 /* '0' */ && LA(3) <= 0x3a /* ':' */ ))) { mNUM_HEX_4DIGIT(false); { // ( ... )+ - int _cnt194=0; + int _cnt206=0; for (;;) { if ((LA(1) == 0x3a /* ':' */ )) { match(':' /* charlit */ ); mNUM_HEX_4DIGIT(false); } else { - if ( _cnt194>=1 ) { goto _loop194; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt206>=1 ) { goto _loop206; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt194++; + _cnt206++; } - _loop194:; + _loop206:; } // ( ... )+ if ( inputState->guessing==0 ) { -#line 1015 "pf.g" +#line 1067 "pf.g" _ttype = IPV6; -#line 1020 "PFCfgLexer.cpp" +#line 1023 "PFCfgLexer.cpp" } } else { @@ -1025,47 +1028,47 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { } if ( inputState->guessing==0 ) { -#line 1017 "pf.g" +#line 1069 "pf.g" _ttype = IPV6; -#line 1031 "PFCfgLexer.cpp" +#line 1034 "PFCfgLexer.cpp" } } else if ((LA(1) == 0x3a /* ':' */ ) && (LA(2) == 0x3a /* ':' */ ) && (true)) { match(':' /* charlit */ ); match(':' /* charlit */ ); if ( inputState->guessing==0 ) { -#line 1024 "pf.g" +#line 1076 "pf.g" _ttype = IPV6; -#line 1040 "PFCfgLexer.cpp" +#line 1043 "PFCfgLexer.cpp" } } else if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (true) && (true)) { { // ( ... )+ - int _cnt179=0; + int _cnt191=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt179>=1 ) { goto _loop179; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt191>=1 ) { goto _loop191; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt179++; + _cnt191++; } - _loop179:; + _loop191:; } // ( ... )+ if ( inputState->guessing==0 ) { -#line 1003 "pf.g" +#line 1055 "pf.g" _ttype = INT_CONST; -#line 1061 "PFCfgLexer.cpp" +#line 1064 "PFCfgLexer.cpp" } } else if ((LA(1) == 0x3a /* ':' */ ) && (true)) { match(':' /* charlit */ ); if ( inputState->guessing==0 ) { -#line 1027 "pf.g" +#line 1079 "pf.g" _ttype = COLON; -#line 1069 "PFCfgLexer.cpp" +#line 1072 "PFCfgLexer.cpp" } } else if ((_tokenSet_3.member(LA(1)))) { @@ -1276,16 +1279,16 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { } default: { - goto _loop201; + goto _loop213; } } } - _loop201:; + _loop213:; } // ( ... )* if ( inputState->guessing==0 ) { -#line 1039 "pf.g" +#line 1091 "pf.g" _ttype = WORD; -#line 1289 "PFCfgLexer.cpp" +#line 1292 "PFCfgLexer.cpp" } } else { @@ -1313,11 +1316,11 @@ void PFCfgLexer::mSTRING(bool _createToken) { matchNot('\"' /* charlit */ ); } else { - goto _loop204; + goto _loop216; } } - _loop204:; + _loop216:; } // ( ... )* match('\"' /* charlit */ ); if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { @@ -1724,7 +1727,7 @@ void PFCfgLexer::mDOUBLE_QUOTE(bool _createToken) { const unsigned long PFCfgLexer::_tokenSet_0_data_[] = { 4294958072UL, 1UL, 0UL, 2147483648UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // 0x3 0x4 0x5 0x6 0x7 0x8 0x9 0xb 0xc 0xe 0xf 0x10 0x11 0x12 0x13 0x14 // 0x15 0x16 0x17 0x18 0x19 0x1a 0x1b 0x1c 0x1d 0x1e 0x1f 0x7f 0x80 0x81 -// 0x82 0x83 0x84 +// 0x82 0x83 0x84 0x85 0x86 0x87 0x88 const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgLexer::_tokenSet_0(_tokenSet_0_data_,16); const unsigned long PFCfgLexer::_tokenSet_1_data_[] = { 4294958072UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // 0x3 0x4 0x5 0x6 0x7 0x8 0x9 0xb 0xc 0xe 0xf 0x10 0x11 0x12 0x13 0x14 @@ -1732,7 +1735,7 @@ const unsigned long PFCfgLexer::_tokenSet_1_data_[] = { 4294958072UL, 4294967295 // & \' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ? @ A B C D E F G // H I J K L M N O P Q R S T U V W X Y Z [ 0x5c ] ^ _ ` a b c d e f g h // i j k l m n o p q r s t u v w x y z { | } ~ 0x7f 0x80 0x81 0x82 0x83 -// 0x84 +// 0x84 0x85 0x86 0x87 0x88 const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgLexer::_tokenSet_1(_tokenSet_1_data_,16); const unsigned long PFCfgLexer::_tokenSet_2_data_[] = { 0UL, 67059712UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // . 0 1 2 3 4 5 6 7 8 9 @@ -1747,6 +1750,6 @@ const unsigned long PFCfgLexer::_tokenSet_4_data_[] = { 4294967288UL, 4294967291 // % & \' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ? @ A B C D E F // G H I J K L M N O P Q R S T U V W X Y Z [ 0x5c ] ^ _ ` a b c d e f g // h i j k l m n o p q r s t u v w x y z { | } ~ 0x7f 0x80 0x81 0x82 0x83 -// 0x84 +// 0x84 0x85 0x86 0x87 0x88 const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgLexer::_tokenSet_4(_tokenSet_4_data_,16); diff --git a/src/parsers/PFCfgLexer.hpp b/src/parsers/PFCfgLexer.hpp index 884935613..719eaf729 100644 --- a/src/parsers/PFCfgLexer.hpp +++ b/src/parsers/PFCfgLexer.hpp @@ -9,7 +9,7 @@ #line 11 "PFCfgLexer.hpp" #include -/* $ANTLR 2.7.7 (20100319): "pf.g" -> "PFCfgLexer.hpp"$ */ +/* $ANTLR 2.7.7 (20090306): "pf.g" -> "PFCfgLexer.hpp"$ */ #include #include #include diff --git a/src/parsers/PFCfgParser.cpp b/src/parsers/PFCfgParser.cpp index 11dcdb9ff..5304ae4f8 100644 --- a/src/parsers/PFCfgParser.cpp +++ b/src/parsers/PFCfgParser.cpp @@ -1,4 +1,4 @@ -/* $ANTLR 2.7.7 (20100319): "pf.g" -> "PFCfgParser.cpp"$ */ +/* $ANTLR 2.7.7 (20090306): "pf.g" -> "PFCfgParser.cpp"$ */ #line 42 "pf.g" // gets inserted before the antlr generated includes in the cpp @@ -281,18 +281,142 @@ void PFCfgParser::scrub_command() { void PFCfgParser::table_command() { Tracer traceInOut(this, "table_command"); + ANTLR_USE_NAMESPACE(antlr)RefToken name = ANTLR_USE_NAMESPACE(antlr)nullToken; + ANTLR_USE_NAMESPACE(antlr)RefToken file = ANTLR_USE_NAMESPACE(antlr)nullToken; try { // for error handling match(TABLE); -#line 217 "pf.g" +#line 218 "pf.g" importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); - importer->addMessageToLog( - QString("Warning: import of 'table' commands has not been implemented yet.")); - consumeUntil(NEWLINE); -#line 296 "PFCfgParser.cpp" +#line 295 "PFCfgParser.cpp" + match(LESS_THAN); + name = LT(1); + match(WORD); + match(GREATER_THAN); + { + switch ( LA(1)) { + case PERSIST: + { + match(PERSIST); + break; + } + case CONST: + case COUNTERS: + case FILE: + case OPENING_BRACE: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + { + switch ( LA(1)) { + case CONST: + { + match(CONST); + break; + } + case COUNTERS: + case FILE: + case OPENING_BRACE: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + { + switch ( LA(1)) { + case COUNTERS: + { + match(COUNTERS); + break; + } + case FILE: + case OPENING_BRACE: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + { + switch ( LA(1)) { + case FILE: + { + match(FILE); + file = LT(1); + match(STRING); +#line 230 "pf.g" + + importer->newAddressTableObject(name->getText(), file->getText()); + +#line 368 "PFCfgParser.cpp" + break; + } + case OPENING_BRACE: + { + match(OPENING_BRACE); + tableaddr_spec(); + { // ( ... )* + for (;;) { + if ((_tokenSet_2.member(LA(1)))) { + { + switch ( LA(1)) { + case COMMA: + { + match(COMMA); + break; + } + case WORD: + case EXLAMATION: + case SELF: + case IPV4: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + tableaddr_spec(); + } + else { + goto _loop18; + } + + } + _loop18:; + } // ( ... )* + match(CLOSING_BRACE); +#line 241 "pf.g" + + importer->newAddressTableObject(name->getText(), importer->tmp_group); + +#line 412 "PFCfgParser.cpp" + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -305,7 +429,7 @@ void PFCfgParser::nat_command() { try { // for error handling match(NAT); -#line 228 "pf.g" +#line 277 "pf.g" importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); @@ -313,7 +437,7 @@ void PFCfgParser::nat_command() { QString("Warning: import of 'nat' commands has not been implemented yet.")); consumeUntil(NEWLINE); -#line 317 "PFCfgParser.cpp" +#line 441 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -326,7 +450,7 @@ void PFCfgParser::rdr_command() { try { // for error handling match(RDR); -#line 250 "pf.g" +#line 299 "pf.g" importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); @@ -334,7 +458,7 @@ void PFCfgParser::rdr_command() { QString("Warning: import of 'rdr' commands has not been implemented yet.")); consumeUntil(NEWLINE); -#line 338 "PFCfgParser.cpp" +#line 462 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -347,7 +471,7 @@ void PFCfgParser::binat_command() { try { // for error handling match(BINAT); -#line 239 "pf.g" +#line 288 "pf.g" importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); @@ -355,7 +479,7 @@ void PFCfgParser::binat_command() { QString("Error: import of 'binat' commands is not supported.")); consumeUntil(NEWLINE); -#line 359 "PFCfgParser.cpp" +#line 483 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -368,7 +492,7 @@ void PFCfgParser::pass_command() { try { // for error handling match(PASS); -#line 284 "pf.g" +#line 333 "pf.g" importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); @@ -376,14 +500,14 @@ void PFCfgParser::pass_command() { importer->action = "pass"; *dbg << LT(1)->getLine() << ":" << " pass "; -#line 380 "PFCfgParser.cpp" +#line 504 "PFCfgParser.cpp" rule_extended(); match(NEWLINE); -#line 292 "pf.g" +#line 341 "pf.g" importer->pushRule(); -#line 387 "PFCfgParser.cpp" +#line 511 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -396,7 +520,7 @@ void PFCfgParser::block_command() { try { // for error handling match(BLOCK); -#line 298 "pf.g" +#line 347 "pf.g" importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); @@ -404,14 +528,14 @@ void PFCfgParser::block_command() { importer->action = "block"; *dbg << LT(1)->getLine() << ":" << " block "; -#line 408 "PFCfgParser.cpp" +#line 532 "PFCfgParser.cpp" rule_extended(); match(NEWLINE); -#line 306 "pf.g" +#line 355 "pf.g" importer->pushRule(); -#line 415 "PFCfgParser.cpp" +#line 539 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -424,7 +548,7 @@ void PFCfgParser::timeout_command() { try { // for error handling match(TIMEOUT); -#line 261 "pf.g" +#line 310 "pf.g" importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); @@ -432,7 +556,7 @@ void PFCfgParser::timeout_command() { QString("Warning: import of 'timeout' commands has not been implemented yet.")); consumeUntil(NEWLINE); -#line 436 "PFCfgParser.cpp" +#line 560 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -445,13 +569,13 @@ void PFCfgParser::unknown_command() { try { // for error handling match(WORD); -#line 273 "pf.g" +#line 322 "pf.g" importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); consumeUntil(NEWLINE); -#line 455 "PFCfgParser.cpp" +#line 579 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -459,6 +583,132 @@ void PFCfgParser::unknown_command() { } } +void PFCfgParser::tableaddr_spec() { + Tracer traceInOut(this, "tableaddr_spec"); +#line 247 "pf.g" + AddressSpec as; +#line 591 "PFCfgParser.cpp" + + try { // for error handling + { + switch ( LA(1)) { + case EXLAMATION: + { + match(EXLAMATION); +#line 248 "pf.g" + as.neg = true; +#line 601 "PFCfgParser.cpp" + break; + } + case WORD: + case SELF: + case IPV4: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + { + switch ( LA(1)) { + case WORD: + { + match(WORD); +#line 250 "pf.g" + as.at = AddressSpec::INTERFACE_NAME; as.address = LT(0)->getText(); +#line 623 "PFCfgParser.cpp" + break; + } + case SELF: + { + match(SELF); +#line 252 "pf.g" + as.at = AddressSpec::SPECIAL_ADDRESS; as.address = "self"; +#line 631 "PFCfgParser.cpp" + break; + } + case IPV4: + { + match(IPV4); +#line 255 "pf.g" + + as.at = AddressSpec::HOST_ADDRESS; + as.address = LT(0)->getText(); + +#line 642 "PFCfgParser.cpp" + { + switch ( LA(1)) { + case SLASH: + { + match(SLASH); +#line 261 "pf.g" + + as.at = AddressSpec::NETWORK_ADDRESS; + +#line 652 "PFCfgParser.cpp" + { + switch ( LA(1)) { + case IPV4: + { + match(IPV4); + break; + } + case INT_CONST: + { + match(INT_CONST); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } +#line 265 "pf.g" + + as.netmask = LT(0)->getText(); + +#line 675 "PFCfgParser.cpp" + break; + } + case WORD: + case COMMA: + case CLOSING_BRACE: + case EXLAMATION: + case SELF: + case IPV4: + { + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } +#line 270 "pf.g" + + importer->tmp_group.push_back(as); + +#line 705 "PFCfgParser.cpp" + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + reportError(ex); + recover(ex,_tokenSet_3); + } +} + void PFCfgParser::rule_extended() { Tracer traceInOut(this, "rule_extended"); @@ -714,10 +964,10 @@ void PFCfgParser::rule_extended() { } } { - if ((_tokenSet_2.member(LA(1))) && (_tokenSet_3.member(LA(2)))) { + if ((_tokenSet_4.member(LA(1))) && (_tokenSet_5.member(LA(2)))) { hosts(); } - else if ((_tokenSet_4.member(LA(1))) && (_tokenSet_5.member(LA(2)))) { + else if ((_tokenSet_6.member(LA(1))) && (_tokenSet_7.member(LA(2)))) { } else { throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); @@ -754,7 +1004,7 @@ void PFCfgParser::rule_extended() { } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_6); + recover(ex,_tokenSet_8); } } @@ -780,15 +1030,15 @@ void PFCfgParser::direction() { } } } -#line 324 "pf.g" +#line 373 "pf.g" importer->direction = LT(0)->getText(); -#line 788 "PFCfgParser.cpp" +#line 1038 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_7); + recover(ex,_tokenSet_9); } } @@ -835,15 +1085,15 @@ void PFCfgParser::logging() { } } } -#line 331 "pf.g" +#line 380 "pf.g" importer->logging = true; -#line 843 "PFCfgParser.cpp" +#line 1093 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_10); } } @@ -852,15 +1102,15 @@ void PFCfgParser::quick() { try { // for error handling match(QUICK); -#line 353 "pf.g" +#line 402 "pf.g" importer->quick = true; -#line 860 "PFCfgParser.cpp" +#line 1110 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_9); + recover(ex,_tokenSet_11); } } @@ -891,7 +1141,7 @@ void PFCfgParser::intrface() { } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_10); + recover(ex,_tokenSet_12); } } @@ -918,7 +1168,7 @@ void PFCfgParser::route() { } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_11); + recover(ex,_tokenSet_13); } } @@ -935,11 +1185,11 @@ void PFCfgParser::address_family() { case INET6: { match(INET6); -#line 383 "pf.g" +#line 432 "pf.g" importer->address_family = LT(0)->getText(); -#line 943 "PFCfgParser.cpp" +#line 1193 "PFCfgParser.cpp" break; } default: @@ -950,7 +1200,7 @@ void PFCfgParser::address_family() { } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_12); + recover(ex,_tokenSet_14); } } @@ -963,7 +1213,7 @@ void PFCfgParser::protospec() { } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_2); + recover(ex,_tokenSet_4); } } @@ -975,14 +1225,14 @@ void PFCfgParser::hosts() { case ALL: { match(ALL); -#line 426 "pf.g" +#line 475 "pf.g" importer->src_group.push_back( - AddressSpec(AddressSpec::ANY, "0.0.0.0", "0.0.0.0")); + AddressSpec(AddressSpec::ANY, false, "0.0.0.0", "0.0.0.0")); importer->dst_group.push_back( - AddressSpec(AddressSpec::ANY, "0.0.0.0", "0.0.0.0")); + AddressSpec(AddressSpec::ANY, false, "0.0.0.0", "0.0.0.0")); -#line 986 "PFCfgParser.cpp" +#line 1236 "PFCfgParser.cpp" break; } case NEWLINE: @@ -1067,7 +1317,7 @@ void PFCfgParser::hosts() { } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_4); + recover(ex,_tokenSet_6); } } @@ -1078,7 +1328,7 @@ void PFCfgParser::filteropts() { filteropt(); { // ( ... )* for (;;) { - if ((_tokenSet_13.member(LA(1)))) { + if ((_tokenSet_15.member(LA(1)))) { { switch ( LA(1)) { case COMMA: @@ -1109,16 +1359,16 @@ void PFCfgParser::filteropts() { filteropt(); } else { - goto _loop95; + goto _loop107; } } - _loop95:; + _loop107:; } // ( ... )* } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_6); + recover(ex,_tokenSet_8); } } @@ -1132,23 +1382,23 @@ void PFCfgParser::logopts() { for (;;) { if ((LA(1) == COMMA)) { match(COMMA); -#line 340 "pf.g" +#line 389 "pf.g" importer->logopts += ","; -#line 1138 "PFCfgParser.cpp" +#line 1388 "PFCfgParser.cpp" logopt(); } else { - goto _loop35; + goto _loop47; } } - _loop35:; + _loop47:; } // ( ... )* match(CLOSING_PAREN); } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_10); } } @@ -1171,11 +1421,11 @@ void PFCfgParser::logopt() { { match(TO); match(WORD); -#line 347 "pf.g" +#line 396 "pf.g" importer->logopts += LT(0)->getText(); -#line 1179 "PFCfgParser.cpp" +#line 1429 "PFCfgParser.cpp" break; } default: @@ -1186,15 +1436,15 @@ void PFCfgParser::logopt() { } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_14); + recover(ex,_tokenSet_16); } } void PFCfgParser::ifspec() { Tracer traceInOut(this, "ifspec"); -#line 361 "pf.g" +#line 410 "pf.g" InterfaceSpec is; -#line 1198 "PFCfgParser.cpp" +#line 1448 "PFCfgParser.cpp" try { // for error handling { @@ -1202,9 +1452,9 @@ void PFCfgParser::ifspec() { case EXLAMATION: { match(EXLAMATION); -#line 362 "pf.g" +#line 411 "pf.g" is.neg = true; -#line 1208 "PFCfgParser.cpp" +#line 1458 "PFCfgParser.cpp" break; } case WORD: @@ -1218,17 +1468,17 @@ void PFCfgParser::ifspec() { } } match(WORD); -#line 364 "pf.g" +#line 413 "pf.g" is.name = LT(0)->getText(); importer->iface_group.push_back(is); importer->newInterface(is.name); -#line 1228 "PFCfgParser.cpp" +#line 1478 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_15); + recover(ex,_tokenSet_17); } } @@ -1262,17 +1512,17 @@ void PFCfgParser::interface_list() { ifspec(); } else { - goto _loop45; + goto _loop57; } } - _loop45:; + _loop57:; } // ( ... )* match(CLOSING_BRACE); } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_10); + recover(ex,_tokenSet_12); } } @@ -1321,7 +1571,7 @@ void PFCfgParser::proto_def() { } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_16); + recover(ex,_tokenSet_18); } } @@ -1417,15 +1667,15 @@ void PFCfgParser::proto_name() { } } } -#line 403 "pf.g" +#line 452 "pf.g" importer->proto_list.push_back(LT(0)->getText()); -#line 1425 "PFCfgParser.cpp" +#line 1675 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_16); + recover(ex,_tokenSet_18); } } @@ -1434,15 +1684,15 @@ void PFCfgParser::proto_number() { try { // for error handling match(INT_CONST); -#line 409 "pf.g" +#line 458 "pf.g" importer->proto_list.push_back(LT(0)->getText()); -#line 1442 "PFCfgParser.cpp" +#line 1692 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_16); + recover(ex,_tokenSet_18); } } @@ -1454,7 +1704,7 @@ void PFCfgParser::proto_list() { proto_def(); { // ( ... )* for (;;) { - if ((_tokenSet_17.member(LA(1)))) { + if ((_tokenSet_19.member(LA(1)))) { { switch ( LA(1)) { case COMMA: @@ -1463,6 +1713,7 @@ void PFCfgParser::proto_list() { break; } case OPENING_BRACE: + case INT_CONST: case IP: case ICMP: case IGMP: @@ -1479,7 +1730,6 @@ void PFCfgParser::proto_list() { case VRRP: case L2TP: case ISIS: - case INT_CONST: { break; } @@ -1492,17 +1742,17 @@ void PFCfgParser::proto_list() { proto_def(); } else { - goto _loop56; + goto _loop68; } } - _loop56:; + _loop68:; } // ( ... )* match(CLOSING_BRACE); } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_16); + recover(ex,_tokenSet_18); } } @@ -1514,15 +1764,15 @@ void PFCfgParser::hosts_from() { { switch ( LA(1)) { case WORD: - case EXLAMATION: + case LESS_THAN: case OPENING_BRACE: + case EXLAMATION: + case SELF: + case IPV4: case URPF_FAILED: case ANY: - case SELF: case NO_ROUTE: - case IPV4: case IPV6: - case LESS_THAN: { src_hosts_part(); break; @@ -1582,7 +1832,7 @@ void PFCfgParser::hosts_from() { } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_18); + recover(ex,_tokenSet_20); } } @@ -1594,14 +1844,14 @@ void PFCfgParser::hosts_to() { { switch ( LA(1)) { case WORD: - case EXLAMATION: - case OPENING_BRACE: - case ANY: - case SELF: - case NO_ROUTE: - case IPV4: - case IPV6: case LESS_THAN: + case OPENING_BRACE: + case EXLAMATION: + case SELF: + case IPV4: + case ANY: + case NO_ROUTE: + case IPV6: { dst_hosts_part(); break; @@ -1659,7 +1909,7 @@ void PFCfgParser::hosts_to() { } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_4); + recover(ex,_tokenSet_6); } } @@ -1670,14 +1920,14 @@ void PFCfgParser::src_hosts_part() { { switch ( LA(1)) { case WORD: - case EXLAMATION: - case OPENING_BRACE: - case ANY: - case SELF: - case NO_ROUTE: - case IPV4: - case IPV6: case LESS_THAN: + case OPENING_BRACE: + case EXLAMATION: + case SELF: + case IPV4: + case ANY: + case NO_ROUTE: + case IPV6: { common_hosts_part(); break; @@ -1685,13 +1935,13 @@ void PFCfgParser::src_hosts_part() { case URPF_FAILED: { match(URPF_FAILED); -#line 449 "pf.g" +#line 498 "pf.g" importer->tmp_group.push_back( - AddressSpec(AddressSpec::SPECIAL_ADDRESS, + AddressSpec(AddressSpec::SPECIAL_ADDRESS, false, "urpf-failed", "")); -#line 1695 "PFCfgParser.cpp" +#line 1945 "PFCfgParser.cpp" break; } default: @@ -1700,17 +1950,17 @@ void PFCfgParser::src_hosts_part() { } } } -#line 455 "pf.g" +#line 504 "pf.g" importer->src_neg = importer->tmp_neg; importer->src_group.splice(importer->src_group.begin(), importer->tmp_group); -#line 1710 "PFCfgParser.cpp" +#line 1960 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_19); + recover(ex,_tokenSet_21); } } @@ -1723,10 +1973,10 @@ void PFCfgParser::src_port_part() { switch ( LA(1)) { case WORD: case EQUAL: - case EXLAMATION: - case INT_CONST: case LESS_THAN: case GREATER_THAN: + case EXLAMATION: + case INT_CONST: { port_op(); break; @@ -1742,16 +1992,16 @@ void PFCfgParser::src_port_part() { } } } -#line 740 "pf.g" +#line 789 "pf.g" importer->src_port_group.splice(importer->src_port_group.begin(), importer->tmp_port_group); -#line 1751 "PFCfgParser.cpp" +#line 2001 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_18); + recover(ex,_tokenSet_20); } } @@ -1760,17 +2010,17 @@ void PFCfgParser::dst_hosts_part() { try { // for error handling common_hosts_part(); -#line 464 "pf.g" +#line 513 "pf.g" importer->dst_neg = importer->tmp_neg; importer->dst_group.splice(importer->dst_group.begin(), importer->tmp_group); -#line 1770 "PFCfgParser.cpp" +#line 2020 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_20); + recover(ex,_tokenSet_22); } } @@ -1783,10 +2033,10 @@ void PFCfgParser::dst_port_part() { switch ( LA(1)) { case WORD: case EQUAL: - case EXLAMATION: - case INT_CONST: case LESS_THAN: case GREATER_THAN: + case EXLAMATION: + case INT_CONST: { port_op(); break; @@ -1802,16 +2052,16 @@ void PFCfgParser::dst_port_part() { } } } -#line 748 "pf.g" +#line 797 "pf.g" importer->dst_port_group.splice(importer->dst_port_group.begin(), importer->tmp_port_group); -#line 1811 "PFCfgParser.cpp" +#line 2061 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_4); + recover(ex,_tokenSet_6); } } @@ -1823,41 +2073,41 @@ void PFCfgParser::common_hosts_part() { case ANY: { match(ANY); -#line 473 "pf.g" +#line 522 "pf.g" importer->tmp_group.push_back( - AddressSpec(AddressSpec::ANY, "0.0.0.0", "0.0.0.0")); + AddressSpec(AddressSpec::ANY, false, "0.0.0.0", "0.0.0.0")); -#line 1832 "PFCfgParser.cpp" +#line 2082 "PFCfgParser.cpp" break; } case SELF: { match(SELF); -#line 479 "pf.g" +#line 528 "pf.g" importer->tmp_group.push_back( - AddressSpec(AddressSpec::SPECIAL_ADDRESS, "self", "")); + AddressSpec(AddressSpec::SPECIAL_ADDRESS, false, "self", "")); -#line 1843 "PFCfgParser.cpp" +#line 2093 "PFCfgParser.cpp" break; } case NO_ROUTE: { match(NO_ROUTE); -#line 485 "pf.g" +#line 534 "pf.g" importer->tmp_group.push_back( - AddressSpec(AddressSpec::SPECIAL_ADDRESS, "no-route", "")); + AddressSpec(AddressSpec::SPECIAL_ADDRESS, false, "no-route", "")); -#line 1854 "PFCfgParser.cpp" +#line 2104 "PFCfgParser.cpp" break; } case WORD: + case LESS_THAN: case EXLAMATION: case IPV4: case IPV6: - case LESS_THAN: { host(); break; @@ -1875,7 +2125,7 @@ void PFCfgParser::common_hosts_part() { } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_19); + recover(ex,_tokenSet_21); } } @@ -1893,17 +2143,17 @@ void PFCfgParser::host() { case EXLAMATION: { match(EXLAMATION); -#line 498 "pf.g" +#line 547 "pf.g" importer->tmp_neg = true; -#line 1901 "PFCfgParser.cpp" +#line 2151 "PFCfgParser.cpp" break; } case WORD: + case LESS_THAN: case IPV4: case IPV6: - case LESS_THAN: { break; } @@ -1968,8 +2218,8 @@ void PFCfgParser::host() { case NEWLINE: case QUEUE: case COMMA: - case TO: case CLOSING_BRACE: + case TO: case FLAGS: case ICMP_TYPE: case ICMP6_TYPE: @@ -1990,7 +2240,7 @@ void PFCfgParser::host() { } } } -#line 504 "pf.g" +#line 553 "pf.g" if (v6) { @@ -2004,24 +2254,24 @@ void PFCfgParser::host() { if (h) addr = h->getText(); if (nm) netm = nm->getText(); importer->tmp_group.push_back( - AddressSpec(AddressSpec::NETWORK_ADDRESS, + AddressSpec(AddressSpec::NETWORK_ADDRESS, false, addr, netm)); } -#line 2012 "PFCfgParser.cpp" +#line 2262 "PFCfgParser.cpp" break; } case WORD: { match(WORD); -#line 523 "pf.g" +#line 572 "pf.g" // This should be an interface name importer->tmp_group.push_back( - AddressSpec(AddressSpec::INTERFACE_NAME, + AddressSpec(AddressSpec::INTERFACE_NAME, false, LT(0)->getText(), "")); -#line 2025 "PFCfgParser.cpp" +#line 2275 "PFCfgParser.cpp" break; } case LESS_THAN: @@ -2030,12 +2280,12 @@ void PFCfgParser::host() { tn = LT(1); match(WORD); match(GREATER_THAN); -#line 531 "pf.g" +#line 580 "pf.g" importer->tmp_group.push_back( - AddressSpec(AddressSpec::TABLE, tn->getText(), "")); + AddressSpec(AddressSpec::TABLE, false, tn->getText(), "")); -#line 2039 "PFCfgParser.cpp" +#line 2289 "PFCfgParser.cpp" break; } default: @@ -2047,7 +2297,7 @@ void PFCfgParser::host() { } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_21); + recover(ex,_tokenSet_23); } } @@ -2064,17 +2314,17 @@ void PFCfgParser::host_list() { host(); } else { - goto _loop78; + goto _loop90; } } - _loop78:; + _loop90:; } // ( ... )* match(CLOSING_BRACE); } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_19); + recover(ex,_tokenSet_21); } } @@ -2101,15 +2351,15 @@ void PFCfgParser::route_to() { } } } -#line 555 "pf.g" +#line 604 "pf.g" importer->route_type = PFImporter::ROUTE_TO; -#line 2109 "PFCfgParser.cpp" +#line 2359 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_11); + recover(ex,_tokenSet_13); } } @@ -2136,15 +2386,15 @@ void PFCfgParser::reply_to() { } } } -#line 562 "pf.g" +#line 611 "pf.g" importer->route_type = PFImporter::REPLY_TO; -#line 2144 "PFCfgParser.cpp" +#line 2394 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_11); + recover(ex,_tokenSet_13); } } @@ -2154,16 +2404,16 @@ void PFCfgParser::routehost() { ANTLR_USE_NAMESPACE(antlr)RefToken v6 = ANTLR_USE_NAMESPACE(antlr)nullToken; ANTLR_USE_NAMESPACE(antlr)RefToken nm = ANTLR_USE_NAMESPACE(antlr)nullToken; ANTLR_USE_NAMESPACE(antlr)RefToken nm6 = ANTLR_USE_NAMESPACE(antlr)nullToken; -#line 567 "pf.g" +#line 616 "pf.g" RouteSpec rs; -#line 2160 "PFCfgParser.cpp" +#line 2410 "PFCfgParser.cpp" try { // for error handling match(OPENING_PAREN); match(WORD); -#line 569 "pf.g" +#line 618 "pf.g" rs.iface = LT(0)->getText(); -#line 2167 "PFCfgParser.cpp" +#line 2417 "PFCfgParser.cpp" { switch ( LA(1)) { case IPV4: @@ -2221,7 +2471,7 @@ void PFCfgParser::routehost() { } } } -#line 571 "pf.g" +#line 620 "pf.g" if (v6) { @@ -2235,12 +2485,12 @@ void PFCfgParser::routehost() { importer->route_group.push_back(rs); } -#line 2239 "PFCfgParser.cpp" +#line 2489 "PFCfgParser.cpp" match(CLOSING_PAREN); } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_22); + recover(ex,_tokenSet_24); } } @@ -2252,7 +2502,7 @@ void PFCfgParser::routehost_list() { routehost(); { // ( ... )* for (;;) { - if ((LA(1) == OPENING_PAREN || LA(1) == COMMA)) { + if ((LA(1) == COMMA || LA(1) == OPENING_PAREN)) { { switch ( LA(1)) { case COMMA: @@ -2273,17 +2523,17 @@ void PFCfgParser::routehost_list() { routehost(); } else { - goto _loop91; + goto _loop103; } } - _loop91:; + _loop103:; } // ( ... )* match(CLOSING_BRACE); } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_11); + recover(ex,_tokenSet_13); } } @@ -2343,7 +2593,7 @@ void PFCfgParser::filteropt() { } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_23); + recover(ex,_tokenSet_25); } } @@ -2359,12 +2609,12 @@ void PFCfgParser::tcp_flags() { case ANY: { match(ANY); -#line 628 "pf.g" +#line 677 "pf.g" importer->flags_check = "any"; importer->flags_mask = "all"; -#line 2368 "PFCfgParser.cpp" +#line 2618 "PFCfgParser.cpp" break; } case WORD: @@ -2419,7 +2669,7 @@ void PFCfgParser::tcp_flags() { } } } -#line 634 "pf.g" +#line 683 "pf.g" if (check) importer->flags_check = check->getText(); @@ -2430,7 +2680,7 @@ void PFCfgParser::tcp_flags() { else importer->flags_mask = "all"; -#line 2434 "PFCfgParser.cpp" +#line 2684 "PFCfgParser.cpp" break; } default: @@ -2442,7 +2692,7 @@ void PFCfgParser::tcp_flags() { } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_23); + recover(ex,_tokenSet_25); } } @@ -2473,7 +2723,7 @@ void PFCfgParser::icmp_type() { } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_23); + recover(ex,_tokenSet_25); } } @@ -2482,17 +2732,17 @@ void PFCfgParser::icmp6_type() { try { // for error handling match(ICMP6_TYPE); -#line 680 "pf.g" +#line 729 "pf.g" importer->addMessageToLog( QString("Error: ICMP6 import is not supported. ")); consumeUntil(NEWLINE); -#line 2492 "PFCfgParser.cpp" +#line 2742 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_23); + recover(ex,_tokenSet_25); } } @@ -2502,15 +2752,15 @@ void PFCfgParser::tagged() { try { // for error handling match(TAGGED); match(WORD); -#line 689 "pf.g" +#line 738 "pf.g" importer->tagged = LT(0)->getText(); -#line 2510 "PFCfgParser.cpp" +#line 2760 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_23); + recover(ex,_tokenSet_25); } } @@ -2520,15 +2770,15 @@ void PFCfgParser::tag_clause() { try { // for error handling match(TAG); match(WORD); -#line 696 "pf.g" +#line 745 "pf.g" importer->tag = LT(0)->getText(); -#line 2528 "PFCfgParser.cpp" +#line 2778 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_23); + recover(ex,_tokenSet_25); } } @@ -2564,16 +2814,16 @@ void PFCfgParser::state() { } } } -#line 711 "pf.g" +#line 760 "pf.g" importer->state_op = LT(0)->getText(); -#line 2572 "PFCfgParser.cpp" +#line 2822 "PFCfgParser.cpp" match(STATE); } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_23); + recover(ex,_tokenSet_25); } } @@ -2587,36 +2837,36 @@ void PFCfgParser::queue() { case WORD: { match(WORD); -#line 720 "pf.g" +#line 769 "pf.g" importer->queue += LT(0)->getText(); -#line 2593 "PFCfgParser.cpp" +#line 2843 "PFCfgParser.cpp" break; } case OPENING_PAREN: { match(OPENING_PAREN); match(WORD); -#line 723 "pf.g" +#line 772 "pf.g" importer->queue += LT(0)->getText(); -#line 2602 "PFCfgParser.cpp" +#line 2852 "PFCfgParser.cpp" { // ( ... )* for (;;) { if ((LA(1) == COMMA)) { match(COMMA); -#line 725 "pf.g" +#line 774 "pf.g" importer->queue += ","; -#line 2609 "PFCfgParser.cpp" +#line 2859 "PFCfgParser.cpp" match(WORD); -#line 726 "pf.g" +#line 775 "pf.g" importer->queue += LT(0)->getText(); -#line 2613 "PFCfgParser.cpp" +#line 2863 "PFCfgParser.cpp" } else { - goto _loop119; + goto _loop131; } } - _loop119:; + _loop131:; } // ( ... )* match(CLOSING_PAREN); break; @@ -2630,7 +2880,7 @@ void PFCfgParser::queue() { } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_23); + recover(ex,_tokenSet_25); } } @@ -2643,15 +2893,15 @@ void PFCfgParser::label() { } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_23); + recover(ex,_tokenSet_25); } } void PFCfgParser::icmp_type_code() { Tracer traceInOut(this, "icmp_type_code"); -#line 656 "pf.g" +#line 705 "pf.g" std::string icmp_type, icmp_code; -#line 2655 "PFCfgParser.cpp" +#line 2905 "PFCfgParser.cpp" try { // for error handling { @@ -2672,9 +2922,9 @@ void PFCfgParser::icmp_type_code() { } } } -#line 657 "pf.g" +#line 706 "pf.g" icmp_type = LT(0)->getText(); -#line 2678 "PFCfgParser.cpp" +#line 2928 "PFCfgParser.cpp" { switch ( LA(1)) { case ICMP_CODE: @@ -2698,9 +2948,9 @@ void PFCfgParser::icmp_type_code() { } } } -#line 659 "pf.g" +#line 708 "pf.g" icmp_code = LT(0)->getText(); -#line 2704 "PFCfgParser.cpp" +#line 2954 "PFCfgParser.cpp" break; } case NEWLINE: @@ -2728,16 +2978,16 @@ void PFCfgParser::icmp_type_code() { } } } -#line 661 "pf.g" +#line 710 "pf.g" importer->icmp_type_code_group.push_back( str_tuple(icmp_type, icmp_code)); -#line 2737 "PFCfgParser.cpp" +#line 2987 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_24); + recover(ex,_tokenSet_26); } } @@ -2771,70 +3021,70 @@ void PFCfgParser::icmp_list() { icmp_type_code(); } else { - goto _loop110; + goto _loop122; } } - _loop110:; + _loop122:; } // ( ... )* match(CLOSING_BRACE); } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_23); + recover(ex,_tokenSet_25); } } void PFCfgParser::port_op() { Tracer traceInOut(this, "port_op"); -#line 780 "pf.g" +#line 829 "pf.g" PortSpec ps; -#line 2793 "PFCfgParser.cpp" +#line 3043 "PFCfgParser.cpp" try { // for error handling { switch ( LA(1)) { case EQUAL: - case EXLAMATION: case LESS_THAN: case GREATER_THAN: + case EXLAMATION: { unary_port_op(); -#line 782 "pf.g" +#line 831 "pf.g" ps.port_op = importer->tmp_port_op; -#line 2806 "PFCfgParser.cpp" +#line 3056 "PFCfgParser.cpp" port_def(); -#line 784 "pf.g" +#line 833 "pf.g" ps.port1 = importer->tmp_port_def; ps.port2 = importer->tmp_port_def; -#line 2813 "PFCfgParser.cpp" +#line 3063 "PFCfgParser.cpp" break; } case WORD: case INT_CONST: { port_def(); -#line 790 "pf.g" +#line 839 "pf.g" ps.port1 = importer->tmp_port_def; ps.port2 = ps.port1; ps.port_op = "="; -#line 2826 "PFCfgParser.cpp" +#line 3076 "PFCfgParser.cpp" { - if ((LA(1) == LESS_THAN || LA(1) == GREATER_THAN || LA(1) == COLON) && (_tokenSet_25.member(LA(2)))) { + if ((LA(1) == LESS_THAN || LA(1) == GREATER_THAN || LA(1) == COLON) && (_tokenSet_27.member(LA(2)))) { binary_port_op(); -#line 796 "pf.g" +#line 845 "pf.g" ps.port_op = importer->tmp_port_op; -#line 2832 "PFCfgParser.cpp" +#line 3082 "PFCfgParser.cpp" port_def(); -#line 797 "pf.g" +#line 846 "pf.g" ps.port2 = LT(0)->getText(); -#line 2836 "PFCfgParser.cpp" +#line 3086 "PFCfgParser.cpp" } - else if ((_tokenSet_26.member(LA(1))) && (_tokenSet_27.member(LA(2)))) { + else if ((_tokenSet_28.member(LA(1))) && (_tokenSet_29.member(LA(2)))) { } else { throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); @@ -2849,15 +3099,15 @@ void PFCfgParser::port_op() { } } } -#line 800 "pf.g" +#line 849 "pf.g" importer->tmp_port_group.push_back(ps); -#line 2857 "PFCfgParser.cpp" +#line 3107 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_26); + recover(ex,_tokenSet_28); } } @@ -2869,7 +3119,7 @@ void PFCfgParser::port_op_list() { port_op(); { // ( ... )* for (;;) { - if ((_tokenSet_28.member(LA(1)))) { + if ((_tokenSet_30.member(LA(1)))) { { switch ( LA(1)) { case COMMA: @@ -2879,10 +3129,10 @@ void PFCfgParser::port_op_list() { } case WORD: case EQUAL: - case EXLAMATION: - case INT_CONST: case LESS_THAN: case GREATER_THAN: + case EXLAMATION: + case INT_CONST: { break; } @@ -2895,17 +3145,17 @@ void PFCfgParser::port_op_list() { port_op(); } else { - goto _loop136; + goto _loop148; } } - _loop136:; + _loop148:; } // ( ... )* match(CLOSING_BRACE); } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_18); + recover(ex,_tokenSet_20); } } @@ -2918,46 +3168,46 @@ void PFCfgParser::unary_port_op() { case EQUAL: { match(EQUAL); -#line 756 "pf.g" +#line 805 "pf.g" importer->tmp_port_op = "="; -#line 2924 "PFCfgParser.cpp" +#line 3174 "PFCfgParser.cpp" break; } case EXLAMATION: { match(EXLAMATION); match(EQUAL); -#line 758 "pf.g" +#line 807 "pf.g" importer->tmp_port_op = "!="; -#line 2933 "PFCfgParser.cpp" +#line 3183 "PFCfgParser.cpp" break; } default: if ((LA(1) == LESS_THAN) && (LA(2) == WORD || LA(2) == INT_CONST)) { match(LESS_THAN); -#line 760 "pf.g" +#line 809 "pf.g" importer->tmp_port_op = "<"; -#line 2941 "PFCfgParser.cpp" +#line 3191 "PFCfgParser.cpp" } else if ((LA(1) == LESS_THAN) && (LA(2) == EQUAL)) { match(LESS_THAN); match(EQUAL); -#line 762 "pf.g" +#line 811 "pf.g" importer->tmp_port_op = "<="; -#line 2948 "PFCfgParser.cpp" +#line 3198 "PFCfgParser.cpp" } else if ((LA(1) == GREATER_THAN) && (LA(2) == WORD || LA(2) == INT_CONST)) { match(GREATER_THAN); -#line 764 "pf.g" +#line 813 "pf.g" importer->tmp_port_op = ">"; -#line 2954 "PFCfgParser.cpp" +#line 3204 "PFCfgParser.cpp" } else if ((LA(1) == GREATER_THAN) && (LA(2) == EQUAL)) { match(GREATER_THAN); match(EQUAL); -#line 766 "pf.g" +#line 815 "pf.g" importer->tmp_port_op = ">="; -#line 2961 "PFCfgParser.cpp" +#line 3211 "PFCfgParser.cpp" } else { throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); @@ -2967,7 +3217,7 @@ void PFCfgParser::unary_port_op() { } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_29); + recover(ex,_tokenSet_31); } } @@ -2981,26 +3231,26 @@ void PFCfgParser::binary_port_op() { { match(LESS_THAN); match(GREATER_THAN); -#line 772 "pf.g" +#line 821 "pf.g" importer->tmp_port_op = "<>"; -#line 2987 "PFCfgParser.cpp" +#line 3237 "PFCfgParser.cpp" break; } case GREATER_THAN: { match(GREATER_THAN); match(LESS_THAN); -#line 774 "pf.g" +#line 823 "pf.g" importer->tmp_port_op = "><"; -#line 2996 "PFCfgParser.cpp" +#line 3246 "PFCfgParser.cpp" break; } case COLON: { match(COLON); -#line 776 "pf.g" +#line 825 "pf.g" importer->tmp_port_op = ":"; -#line 3004 "PFCfgParser.cpp" +#line 3254 "PFCfgParser.cpp" break; } default: @@ -3012,7 +3262,7 @@ void PFCfgParser::binary_port_op() { } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_29); + recover(ex,_tokenSet_31); } } @@ -3029,11 +3279,11 @@ void PFCfgParser::port_def() { case INT_CONST: { match(INT_CONST); -#line 807 "pf.g" +#line 856 "pf.g" importer->tmp_port_def = LT(0)->getText(); -#line 3037 "PFCfgParser.cpp" +#line 3287 "PFCfgParser.cpp" break; } default: @@ -3044,7 +3294,7 @@ void PFCfgParser::port_def() { } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); - recover(ex,_tokenSet_30); + recover(ex,_tokenSet_32); } } @@ -3066,6 +3316,21 @@ const char* PFCfgParser::tokenNames[] = { "\"set\"", "\"scrub\"", "\"table\"", + "LESS_THAN", + "GREATER_THAN", + "\"persist\"", + "\"const\"", + "COUNTERS", + "\"file\"", + "STRING", + "OPENING_BRACE", + "COMMA", + "CLOSING_BRACE", + "EXLAMATION", + "\"self\"", + "IPV4", + "SLASH", + "INT_CONST", "\"nat\"", "\"binat\"", "\"rdr\"", @@ -3076,16 +3341,12 @@ const char* PFCfgParser::tokenNames[] = { "\"out\"", "\"log\"", "OPENING_PAREN", - "COMMA", "CLOSING_PAREN", "\"all\"", "\"user\"", "\"to\"", "\"quick\"", "\"on\"", - "EXLAMATION", - "OPENING_BRACE", - "CLOSING_BRACE", "\"inet\"", "\"inet6\"", "\"proto\"", @@ -3105,17 +3366,11 @@ const char* PFCfgParser::tokenNames[] = { "\"vrrp\"", "\"l2tp\"", "\"isis\"", - "INT_CONST", "\"from\"", "\"urpf-failed\"", "\"any\"", - "\"self\"", "\"no-route\"", - "IPV4", "IPV6", - "SLASH", - "LESS_THAN", - "GREATER_THAN", "\"route-to\"", "\"reply-to\"", "\"flags\"", @@ -3130,7 +3385,6 @@ const char* PFCfgParser::tokenNames[] = { "\"synproxy\"", "\"state\"", "\"label\"", - "STRING", "\"port\"", "COLON", "\"exit\"", @@ -3188,142 +3442,148 @@ const char* PFCfgParser::tokenNames[] = { 0 }; -const unsigned long PFCfgParser::_tokenSet_0_data_[] = { 1048434UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +const unsigned long PFCfgParser::_tokenSet_0_data_[] = { 3758112626UL, 7UL, 0UL, 0UL, 0UL, 0UL }; // EOF NEWLINE LINE_COMMENT WORD "antispoof" "altq" "queue" "set" "scrub" // "table" "nat" "binat" "rdr" "timeout" "pass" "block" const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_0(_tokenSet_0_data_,6); const unsigned long PFCfgParser::_tokenSet_1_data_[] = { 2UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // EOF const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_1(_tokenSet_1_data_,6); -const unsigned long PFCfgParser::_tokenSet_2_data_[] = { 335545360UL, 4194304UL, 12268UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +const unsigned long PFCfgParser::_tokenSet_2_data_[] = { 121634880UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// WORD COMMA EXLAMATION "self" IPV4 +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_2(_tokenSet_2_data_,6); +const unsigned long PFCfgParser::_tokenSet_3_data_[] = { 130023488UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// WORD COMMA CLOSING_BRACE EXLAMATION "self" IPV4 +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_3(_tokenSet_3_data_,6); +const unsigned long PFCfgParser::_tokenSet_4_data_[] = { 1040UL, 1280UL, 392577UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // NEWLINE "queue" "all" "to" "from" "flags" "icmp-type" "icmp6-type" "tagged" // "tag" "no" "keep" "modulate" "synproxy" "label" -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_2(_tokenSet_2_data_,8); -const unsigned long PFCfgParser::_tokenSet_3_data_[] = { 2442133362UL, 2141192193UL, 65516UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_4(_tokenSet_4_data_,8); +const unsigned long PFCfgParser::_tokenSet_5_data_[] = { 4285562738UL, 1095UL, 1047966UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // EOF NEWLINE LINE_COMMENT WORD "antispoof" "altq" "queue" "set" "scrub" -// "table" "nat" "binat" "rdr" "timeout" "pass" "block" OPENING_PAREN COMMA -// "to" EXLAMATION OPENING_BRACE INT_CONST "urpf-failed" "any" "self" "no-route" -// IPV4 IPV6 SLASH LESS_THAN "flags" "icmp-type" "icmp6-type" "tagged" -// "tag" "no" "keep" "modulate" "synproxy" "state" "label" STRING "port" -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_3(_tokenSet_3_data_,8); -const unsigned long PFCfgParser::_tokenSet_4_data_[] = { 1040UL, 0UL, 12268UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// "table" LESS_THAN STRING OPENING_BRACE COMMA EXLAMATION "self" IPV4 +// SLASH INT_CONST "nat" "binat" "rdr" "timeout" "pass" "block" OPENING_PAREN +// "to" "urpf-failed" "any" "no-route" IPV6 "flags" "icmp-type" "icmp6-type" +// "tagged" "tag" "no" "keep" "modulate" "synproxy" "state" "label" "port" +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_5(_tokenSet_5_data_,8); +const unsigned long PFCfgParser::_tokenSet_6_data_[] = { 1040UL, 0UL, 392576UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // NEWLINE "queue" "flags" "icmp-type" "icmp6-type" "tagged" "tag" "no" // "keep" "modulate" "synproxy" "label" -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_4(_tokenSet_4_data_,8); -const unsigned long PFCfgParser::_tokenSet_5_data_[] = { 26214258UL, 555745281UL, 32748UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_6(_tokenSet_6_data_,8); +const unsigned long PFCfgParser::_tokenSet_7_data_[] = { 4168105842UL, 71UL, 523652UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // EOF NEWLINE LINE_COMMENT WORD "antispoof" "altq" "queue" "set" "scrub" -// "table" "nat" "binat" "rdr" "timeout" "pass" "block" OPENING_PAREN COMMA -// OPENING_BRACE INT_CONST "any" SLASH "flags" "icmp-type" "icmp6-type" -// "tagged" "tag" "no" "keep" "modulate" "synproxy" "state" "label" STRING -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_5(_tokenSet_5_data_,8); -const unsigned long PFCfgParser::_tokenSet_6_data_[] = { 16UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// "table" STRING OPENING_BRACE COMMA SLASH INT_CONST "nat" "binat" "rdr" +// "timeout" "pass" "block" OPENING_PAREN "any" "flags" "icmp-type" "icmp6-type" +// "tagged" "tag" "no" "keep" "modulate" "synproxy" "state" "label" +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_7(_tokenSet_7_data_,8); +const unsigned long PFCfgParser::_tokenSet_8_data_[] = { 16UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // NEWLINE -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_6(_tokenSet_6_data_,6); -const unsigned long PFCfgParser::_tokenSet_7_data_[] = { 1950352400UL, 4194332UL, 12271UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_8(_tokenSet_8_data_,6); +const unsigned long PFCfgParser::_tokenSet_9_data_[] = { 1040UL, 64800UL, 392673UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // NEWLINE "queue" "log" "all" "to" "quick" "on" "inet" "inet6" "proto" // "from" "route-to" "reply-to" "flags" "icmp-type" "icmp6-type" "tagged" // "tag" "no" "keep" "modulate" "synproxy" "label" -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_7(_tokenSet_7_data_,8); -const unsigned long PFCfgParser::_tokenSet_8_data_[] = { 1946158096UL, 4194332UL, 12271UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_9(_tokenSet_9_data_,8); +const unsigned long PFCfgParser::_tokenSet_10_data_[] = { 1040UL, 64768UL, 392673UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // NEWLINE "queue" "all" "to" "quick" "on" "inet" "inet6" "proto" "from" // "route-to" "reply-to" "flags" "icmp-type" "icmp6-type" "tagged" "tag" // "no" "keep" "modulate" "synproxy" "label" -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_8(_tokenSet_8_data_,8); -const unsigned long PFCfgParser::_tokenSet_9_data_[] = { 1409287184UL, 4194332UL, 12271UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_10(_tokenSet_10_data_,8); +const unsigned long PFCfgParser::_tokenSet_11_data_[] = { 1040UL, 62720UL, 392673UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // NEWLINE "queue" "all" "to" "on" "inet" "inet6" "proto" "from" "route-to" // "reply-to" "flags" "icmp-type" "icmp6-type" "tagged" "tag" "no" "keep" // "modulate" "synproxy" "label" -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_9(_tokenSet_9_data_,8); -const unsigned long PFCfgParser::_tokenSet_10_data_[] = { 335545360UL, 4194332UL, 12271UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_11(_tokenSet_11_data_,8); +const unsigned long PFCfgParser::_tokenSet_12_data_[] = { 1040UL, 58624UL, 392673UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // NEWLINE "queue" "all" "to" "inet" "inet6" "proto" "from" "route-to" // "reply-to" "flags" "icmp-type" "icmp6-type" "tagged" "tag" "no" "keep" // "modulate" "synproxy" "label" -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_10(_tokenSet_10_data_,8); -const unsigned long PFCfgParser::_tokenSet_11_data_[] = { 335545360UL, 4194332UL, 12268UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_12(_tokenSet_12_data_,8); +const unsigned long PFCfgParser::_tokenSet_13_data_[] = { 1040UL, 58624UL, 392577UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // NEWLINE "queue" "all" "to" "inet" "inet6" "proto" "from" "flags" "icmp-type" // "icmp6-type" "tagged" "tag" "no" "keep" "modulate" "synproxy" "label" -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_11(_tokenSet_11_data_,8); -const unsigned long PFCfgParser::_tokenSet_12_data_[] = { 335545360UL, 4194320UL, 12268UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_13(_tokenSet_13_data_,8); +const unsigned long PFCfgParser::_tokenSet_14_data_[] = { 1040UL, 34048UL, 392577UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // NEWLINE "queue" "all" "to" "proto" "from" "flags" "icmp-type" "icmp6-type" // "tagged" "tag" "no" "keep" "modulate" "synproxy" "label" -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_12(_tokenSet_12_data_,8); -const unsigned long PFCfgParser::_tokenSet_13_data_[] = { 16778240UL, 0UL, 12268UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_14(_tokenSet_14_data_,8); +const unsigned long PFCfgParser::_tokenSet_15_data_[] = { 4195328UL, 0UL, 392576UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // "queue" COMMA "flags" "icmp-type" "icmp6-type" "tagged" "tag" "no" "keep" // "modulate" "synproxy" "label" -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_13(_tokenSet_13_data_,8); -const unsigned long PFCfgParser::_tokenSet_14_data_[] = { 50331648UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_15(_tokenSet_15_data_,8); +const unsigned long PFCfgParser::_tokenSet_16_data_[] = { 4194304UL, 128UL, 0UL, 0UL, 0UL, 0UL }; // COMMA CLOSING_PAREN -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_14(_tokenSet_14_data_,6); -const unsigned long PFCfgParser::_tokenSet_15_data_[] = { 2499806288UL, 4194334UL, 12271UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// NEWLINE WORD "queue" COMMA "all" "to" EXLAMATION CLOSING_BRACE "inet" +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_16(_tokenSet_16_data_,6); +const unsigned long PFCfgParser::_tokenSet_17_data_[] = { 29361232UL, 58624UL, 392673UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE WORD "queue" COMMA CLOSING_BRACE EXLAMATION "all" "to" "inet" // "inet6" "proto" "from" "route-to" "reply-to" "flags" "icmp-type" "icmp6-type" // "tagged" "tag" "no" "keep" "modulate" "synproxy" "label" -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_15(_tokenSet_15_data_,8); -const unsigned long PFCfgParser::_tokenSet_16_data_[] = { 352322576UL, 8388579UL, 12268UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// NEWLINE "queue" COMMA "all" "to" OPENING_BRACE CLOSING_BRACE "ip" "icmp" -// "igmp" "tcp" "udp" "rdp" "rsvp" "gre" "esp" "ah" "eigrp" "ospf" "ipip" -// "vrrp" "l2tp" "isis" INT_CONST "from" "flags" "icmp-type" "icmp6-type" +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_17(_tokenSet_17_data_,8); +const unsigned long PFCfgParser::_tokenSet_18_data_[] = { 283116560UL, 4294903040UL, 392577UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE "queue" OPENING_BRACE COMMA CLOSING_BRACE INT_CONST "all" "to" +// "ip" "icmp" "igmp" "tcp" "udp" "rdp" "rsvp" "gre" "esp" "ah" "eigrp" +// "ospf" "ipip" "vrrp" "l2tp" "isis" "from" "flags" "icmp-type" "icmp6-type" // "tagged" "tag" "no" "keep" "modulate" "synproxy" "label" -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_16(_tokenSet_16_data_,8); -const unsigned long PFCfgParser::_tokenSet_17_data_[] = { 16777216UL, 4194273UL, 0UL, 0UL, 0UL, 0UL }; -// COMMA OPENING_BRACE "ip" "icmp" "igmp" "tcp" "udp" "rdp" "rsvp" "gre" -// "esp" "ah" "eigrp" "ospf" "ipip" "vrrp" "l2tp" "isis" INT_CONST -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_17(_tokenSet_17_data_,6); -const unsigned long PFCfgParser::_tokenSet_18_data_[] = { 268436496UL, 0UL, 12268UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_18(_tokenSet_18_data_,8); +const unsigned long PFCfgParser::_tokenSet_19_data_[] = { 274726912UL, 4294901760UL, 0UL, 0UL, 0UL, 0UL }; +// OPENING_BRACE COMMA INT_CONST "ip" "icmp" "igmp" "tcp" "udp" "rdp" "rsvp" +// "gre" "esp" "ah" "eigrp" "ospf" "ipip" "vrrp" "l2tp" "isis" +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_19(_tokenSet_19_data_,6); +const unsigned long PFCfgParser::_tokenSet_20_data_[] = { 1040UL, 1024UL, 392576UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // NEWLINE "queue" "to" "flags" "icmp-type" "icmp6-type" "tagged" "tag" // "no" "keep" "modulate" "synproxy" "label" -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_18(_tokenSet_18_data_,8); -const unsigned long PFCfgParser::_tokenSet_19_data_[] = { 268436496UL, 0UL, 45036UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_20(_tokenSet_20_data_,8); +const unsigned long PFCfgParser::_tokenSet_21_data_[] = { 1040UL, 1024UL, 916864UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // NEWLINE "queue" "to" "flags" "icmp-type" "icmp6-type" "tagged" "tag" // "no" "keep" "modulate" "synproxy" "label" "port" -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_19(_tokenSet_19_data_,8); -const unsigned long PFCfgParser::_tokenSet_20_data_[] = { 1040UL, 0UL, 45036UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_21(_tokenSet_21_data_,8); +const unsigned long PFCfgParser::_tokenSet_22_data_[] = { 1040UL, 0UL, 916864UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // NEWLINE "queue" "flags" "icmp-type" "icmp6-type" "tagged" "tag" "no" // "keep" "modulate" "synproxy" "label" "port" -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_20(_tokenSet_20_data_,8); -const unsigned long PFCfgParser::_tokenSet_21_data_[] = { 285213712UL, 2UL, 45036UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// NEWLINE "queue" COMMA "to" CLOSING_BRACE "flags" "icmp-type" "icmp6-type" +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_22(_tokenSet_22_data_,8); +const unsigned long PFCfgParser::_tokenSet_23_data_[] = { 12583952UL, 1024UL, 916864UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE "queue" COMMA CLOSING_BRACE "to" "flags" "icmp-type" "icmp6-type" // "tagged" "tag" "no" "keep" "modulate" "synproxy" "label" "port" -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_21(_tokenSet_21_data_,8); -const unsigned long PFCfgParser::_tokenSet_22_data_[] = { 360711184UL, 4194334UL, 12268UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// NEWLINE "queue" OPENING_PAREN COMMA "all" "to" CLOSING_BRACE "inet" +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_23(_tokenSet_23_data_,8); +const unsigned long PFCfgParser::_tokenSet_24_data_[] = { 12583952UL, 58688UL, 392577UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE "queue" COMMA CLOSING_BRACE OPENING_PAREN "all" "to" "inet" // "inet6" "proto" "from" "flags" "icmp-type" "icmp6-type" "tagged" "tag" // "no" "keep" "modulate" "synproxy" "label" -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_22(_tokenSet_22_data_,8); -const unsigned long PFCfgParser::_tokenSet_23_data_[] = { 16778256UL, 0UL, 12268UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_24(_tokenSet_24_data_,8); +const unsigned long PFCfgParser::_tokenSet_25_data_[] = { 4195344UL, 0UL, 392576UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // NEWLINE "queue" COMMA "flags" "icmp-type" "icmp6-type" "tagged" "tag" // "no" "keep" "modulate" "synproxy" "label" -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_23(_tokenSet_23_data_,8); -const unsigned long PFCfgParser::_tokenSet_24_data_[] = { 16778320UL, 2097154UL, 12268UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_25(_tokenSet_25_data_,8); +const unsigned long PFCfgParser::_tokenSet_26_data_[] = { 281019472UL, 0UL, 392576UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // NEWLINE WORD "queue" COMMA CLOSING_BRACE INT_CONST "flags" "icmp-type" // "icmp6-type" "tagged" "tag" "no" "keep" "modulate" "synproxy" "label" -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_24(_tokenSet_24_data_,8); -const unsigned long PFCfgParser::_tokenSet_25_data_[] = { 64UL, 3223322624UL, 0UL, 0UL, 0UL, 0UL }; -// WORD INT_CONST LESS_THAN GREATER_THAN -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_25(_tokenSet_25_data_,6); -const unsigned long PFCfgParser::_tokenSet_26_data_[] = { 2432697552UL, 3223322626UL, 12268UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// NEWLINE WORD EQUAL "queue" COMMA "to" EXLAMATION CLOSING_BRACE INT_CONST -// LESS_THAN GREATER_THAN "flags" "icmp-type" "icmp6-type" "tagged" "tag" -// "no" "keep" "modulate" "synproxy" "label" const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_26(_tokenSet_26_data_,8); -const unsigned long PFCfgParser::_tokenSet_27_data_[] = { 2442133490UL, 4280287235UL, 131052UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +const unsigned long PFCfgParser::_tokenSet_27_data_[] = { 268484672UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// WORD LESS_THAN GREATER_THAN INT_CONST +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_27(_tokenSet_27_data_,6); +const unsigned long PFCfgParser::_tokenSet_28_data_[] = { 297845968UL, 1024UL, 392576UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE WORD EQUAL "queue" LESS_THAN GREATER_THAN COMMA CLOSING_BRACE +// EXLAMATION INT_CONST "to" "flags" "icmp-type" "icmp6-type" "tagged" +// "tag" "no" "keep" "modulate" "synproxy" "label" +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_28(_tokenSet_28_data_,8); +const unsigned long PFCfgParser::_tokenSet_29_data_[] = { 4293984242UL, 1095UL, 2096540UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // EOF NEWLINE LINE_COMMENT WORD EQUAL "antispoof" "altq" "queue" "set" -// "scrub" "table" "nat" "binat" "rdr" "timeout" "pass" "block" OPENING_PAREN -// COMMA "to" EXLAMATION OPENING_BRACE CLOSING_BRACE INT_CONST "any" "self" -// "no-route" IPV4 IPV6 SLASH LESS_THAN GREATER_THAN "flags" "icmp-type" +// "scrub" "table" LESS_THAN GREATER_THAN STRING OPENING_BRACE COMMA CLOSING_BRACE +// EXLAMATION "self" IPV4 SLASH INT_CONST "nat" "binat" "rdr" "timeout" +// "pass" "block" OPENING_PAREN "to" "any" "no-route" IPV6 "flags" "icmp-type" // "icmp6-type" "tagged" "tag" "no" "keep" "modulate" "synproxy" "state" -// "label" STRING "port" COLON -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_27(_tokenSet_27_data_,8); -const unsigned long PFCfgParser::_tokenSet_28_data_[] = { 2164261056UL, 3223322624UL, 0UL, 0UL, 0UL, 0UL }; -// WORD EQUAL COMMA EXLAMATION INT_CONST LESS_THAN GREATER_THAN -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_28(_tokenSet_28_data_,6); -const unsigned long PFCfgParser::_tokenSet_29_data_[] = { 64UL, 2097152UL, 0UL, 0UL, 0UL, 0UL }; +// "label" "port" COLON +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_29(_tokenSet_29_data_,8); +const unsigned long PFCfgParser::_tokenSet_30_data_[] = { 289456320UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// WORD EQUAL LESS_THAN GREATER_THAN COMMA EXLAMATION INT_CONST +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_30(_tokenSet_30_data_,6); +const unsigned long PFCfgParser::_tokenSet_31_data_[] = { 268435520UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // WORD INT_CONST -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_29(_tokenSet_29_data_,6); -const unsigned long PFCfgParser::_tokenSet_30_data_[] = { 2432697552UL, 3223322626UL, 77804UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// NEWLINE WORD EQUAL "queue" COMMA "to" EXLAMATION CLOSING_BRACE INT_CONST -// LESS_THAN GREATER_THAN "flags" "icmp-type" "icmp6-type" "tagged" "tag" -// "no" "keep" "modulate" "synproxy" "label" COLON -const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_30(_tokenSet_30_data_,8); +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_31(_tokenSet_31_data_,6); +const unsigned long PFCfgParser::_tokenSet_32_data_[] = { 297845968UL, 1024UL, 1441152UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE WORD EQUAL "queue" LESS_THAN GREATER_THAN COMMA CLOSING_BRACE +// EXLAMATION INT_CONST "to" "flags" "icmp-type" "icmp6-type" "tagged" +// "tag" "no" "keep" "modulate" "synproxy" "label" COLON +const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_32(_tokenSet_32_data_,8); diff --git a/src/parsers/PFCfgParser.hpp b/src/parsers/PFCfgParser.hpp index 901169a0e..5b6aca760 100644 --- a/src/parsers/PFCfgParser.hpp +++ b/src/parsers/PFCfgParser.hpp @@ -9,7 +9,7 @@ #line 11 "PFCfgParser.hpp" #include -/* $ANTLR 2.7.7 (20100319): "pf.g" -> "PFCfgParser.hpp"$ */ +/* $ANTLR 2.7.7 (20090306): "pf.g" -> "PFCfgParser.hpp"$ */ #include #include #include "PFCfgParserTokenTypes.hpp" @@ -104,6 +104,7 @@ public: public: void block_command(); public: void timeout_command(); public: void unknown_command(); + public: void tableaddr_spec(); public: void rule_extended(); public: void direction(); public: void logging(); @@ -162,10 +163,10 @@ protected: private: static const char* tokenNames[]; #ifndef NO_STATIC_CONSTS - static const int NUM_TOKENS = 133; + static const int NUM_TOKENS = 137; #else enum { - NUM_TOKENS = 133 + NUM_TOKENS = 137 }; #endif @@ -231,6 +232,10 @@ private: static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_29; static const unsigned long _tokenSet_30_data_[]; static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_30; + static const unsigned long _tokenSet_31_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_31; + static const unsigned long _tokenSet_32_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_32; }; #endif /*INC_PFCfgParser_hpp_*/ diff --git a/src/parsers/PFCfgParserTokenTypes.hpp b/src/parsers/PFCfgParserTokenTypes.hpp index 7d5e66589..d94fb5eac 100644 --- a/src/parsers/PFCfgParserTokenTypes.hpp +++ b/src/parsers/PFCfgParserTokenTypes.hpp @@ -1,7 +1,7 @@ #ifndef INC_PFCfgParserTokenTypes_hpp_ #define INC_PFCfgParserTokenTypes_hpp_ -/* $ANTLR 2.7.7 (20100319): "pf.g" -> "PFCfgParserTokenTypes.hpp"$ */ +/* $ANTLR 2.7.7 (20090306): "pf.g" -> "PFCfgParserTokenTypes.hpp"$ */ #ifndef CUSTOM_API # define CUSTOM_API @@ -22,125 +22,129 @@ struct CUSTOM_API PFCfgParserTokenTypes { SET = 11, SCRUB = 12, TABLE = 13, - NAT = 14, - BINAT = 15, - RDR = 16, - TIMEOUT = 17, - PASS = 18, - BLOCK = 19, - IN = 20, - OUT = 21, - LOG = 22, - OPENING_PAREN = 23, - COMMA = 24, - CLOSING_PAREN = 25, - ALL = 26, - USER = 27, - TO = 28, - QUICK = 29, - ON = 30, - EXLAMATION = 31, - OPENING_BRACE = 32, - CLOSING_BRACE = 33, - INET = 34, - INET6 = 35, - PROTO = 36, - IP = 37, - ICMP = 38, - IGMP = 39, - TCP = 40, - UDP = 41, - RDP = 42, - RSVP = 43, - GRE = 44, - ESP = 45, - AH = 46, - EIGRP = 47, - OSPF = 48, - IPIP = 49, - VRRP = 50, - L2TP = 51, - ISIS = 52, - INT_CONST = 53, - FROM = 54, - URPF_FAILED = 55, - ANY = 56, - SELF = 57, - NO_ROUTE = 58, - IPV4 = 59, - IPV6 = 60, - SLASH = 61, - LESS_THAN = 62, - GREATER_THAN = 63, - ROUTE_TO = 64, - REPLY_TO = 65, - FLAGS = 66, - ICMP_TYPE = 67, - ICMP_CODE = 68, - ICMP6_TYPE = 69, - TAGGED = 70, - TAG = 71, - NO = 72, - KEEP = 73, - MODULATE = 74, - SYNPROXY = 75, - STATE = 76, - LABEL = 77, - STRING = 78, - PORT = 79, - COLON = 80, - EXIT = 81, - QUIT = 82, - INTRFACE = 83, - ICMP6 = 84, - IGRP = 85, - IPSEC = 86, - NOS = 87, - PCP = 88, - PIM = 89, - PPTP = 90, - RIP = 91, - SNP = 92, - HOST = 93, - RANGE = 94, - LOG_LEVEL_ALERTS = 95, - LOG_LEVEL_CRITICAL = 96, - LOG_LEVEL_DEBUGGING = 97, - LOG_LEVEL_EMERGENCIES = 98, - LOG_LEVEL_ERRORS = 99, - LOG_LEVEL_INFORMATIONAL = 100, - LOG_LEVEL_NOTIFICATIONS = 101, - LOG_LEVEL_WARNINGS = 102, - LOG_LEVEL_DISABLE = 103, - LOG_LEVEL_INACTIVE = 104, - TRANSLATE_TO = 105, - Whitespace = 106, - HEX_CONST = 107, - NUMBER = 108, - NEG_INT_CONST = 109, - HEX_DIGIT = 110, - DIGIT = 111, - NUM_3DIGIT = 112, - NUM_HEX_4DIGIT = 113, - NUMBER_ADDRESS_OR_WORD = 114, - PIPE_CHAR = 115, - NUMBER_SIGN = 116, - PERCENT = 117, - AMPERSAND = 118, - APOSTROPHE = 119, - STAR = 120, - PLUS = 121, - MINUS = 122, - DOT = 123, - SEMICOLON = 124, - QUESTION = 125, - COMMERCIAL_AT = 126, - OPENING_SQUARE = 127, - CLOSING_SQUARE = 128, - CARET = 129, - UNDERLINE = 130, - TILDE = 131, - DOUBLE_QUOTE = 132, + LESS_THAN = 14, + GREATER_THAN = 15, + PERSIST = 16, + CONST = 17, + COUNTERS = 18, + FILE = 19, + STRING = 20, + OPENING_BRACE = 21, + COMMA = 22, + CLOSING_BRACE = 23, + EXLAMATION = 24, + SELF = 25, + IPV4 = 26, + SLASH = 27, + INT_CONST = 28, + NAT = 29, + BINAT = 30, + RDR = 31, + TIMEOUT = 32, + PASS = 33, + BLOCK = 34, + IN = 35, + OUT = 36, + LOG = 37, + OPENING_PAREN = 38, + CLOSING_PAREN = 39, + ALL = 40, + USER = 41, + TO = 42, + QUICK = 43, + ON = 44, + INET = 45, + INET6 = 46, + PROTO = 47, + IP = 48, + ICMP = 49, + IGMP = 50, + TCP = 51, + UDP = 52, + RDP = 53, + RSVP = 54, + GRE = 55, + ESP = 56, + AH = 57, + EIGRP = 58, + OSPF = 59, + IPIP = 60, + VRRP = 61, + L2TP = 62, + ISIS = 63, + FROM = 64, + URPF_FAILED = 65, + ANY = 66, + NO_ROUTE = 67, + IPV6 = 68, + ROUTE_TO = 69, + REPLY_TO = 70, + FLAGS = 71, + ICMP_TYPE = 72, + ICMP_CODE = 73, + ICMP6_TYPE = 74, + TAGGED = 75, + TAG = 76, + NO = 77, + KEEP = 78, + MODULATE = 79, + SYNPROXY = 80, + STATE = 81, + LABEL = 82, + PORT = 83, + COLON = 84, + EXIT = 85, + QUIT = 86, + INTRFACE = 87, + ICMP6 = 88, + IGRP = 89, + IPSEC = 90, + NOS = 91, + PCP = 92, + PIM = 93, + PPTP = 94, + RIP = 95, + SNP = 96, + HOST = 97, + RANGE = 98, + LOG_LEVEL_ALERTS = 99, + LOG_LEVEL_CRITICAL = 100, + LOG_LEVEL_DEBUGGING = 101, + LOG_LEVEL_EMERGENCIES = 102, + LOG_LEVEL_ERRORS = 103, + LOG_LEVEL_INFORMATIONAL = 104, + LOG_LEVEL_NOTIFICATIONS = 105, + LOG_LEVEL_WARNINGS = 106, + LOG_LEVEL_DISABLE = 107, + LOG_LEVEL_INACTIVE = 108, + TRANSLATE_TO = 109, + Whitespace = 110, + HEX_CONST = 111, + NUMBER = 112, + NEG_INT_CONST = 113, + HEX_DIGIT = 114, + DIGIT = 115, + NUM_3DIGIT = 116, + NUM_HEX_4DIGIT = 117, + NUMBER_ADDRESS_OR_WORD = 118, + PIPE_CHAR = 119, + NUMBER_SIGN = 120, + PERCENT = 121, + AMPERSAND = 122, + APOSTROPHE = 123, + STAR = 124, + PLUS = 125, + MINUS = 126, + DOT = 127, + SEMICOLON = 128, + QUESTION = 129, + COMMERCIAL_AT = 130, + OPENING_SQUARE = 131, + CLOSING_SQUARE = 132, + CARET = 133, + UNDERLINE = 134, + TILDE = 135, + DOUBLE_QUOTE = 136, NULL_TREE_LOOKAHEAD = 3 }; #ifdef __cplusplus diff --git a/src/parsers/PFCfgParserTokenTypes.txt b/src/parsers/PFCfgParserTokenTypes.txt index 8eca30dec..827205a38 100644 --- a/src/parsers/PFCfgParserTokenTypes.txt +++ b/src/parsers/PFCfgParserTokenTypes.txt @@ -1,4 +1,4 @@ -// $ANTLR 2.7.7 (20100319): pf.g -> PFCfgParserTokenTypes.txt$ +// $ANTLR 2.7.7 (20090306): pf.g -> PFCfgParserTokenTypes.txt$ PFCfgParser // output token vocab name NEWLINE=4 LINE_COMMENT=5 @@ -10,122 +10,126 @@ QUEUE="queue"=10 SET="set"=11 SCRUB="scrub"=12 TABLE="table"=13 -NAT="nat"=14 -BINAT="binat"=15 -RDR="rdr"=16 -TIMEOUT="timeout"=17 -PASS="pass"=18 -BLOCK="block"=19 -IN="in"=20 -OUT="out"=21 -LOG="log"=22 -OPENING_PAREN=23 -COMMA=24 -CLOSING_PAREN=25 -ALL="all"=26 -USER="user"=27 -TO="to"=28 -QUICK="quick"=29 -ON="on"=30 -EXLAMATION=31 -OPENING_BRACE=32 -CLOSING_BRACE=33 -INET="inet"=34 -INET6="inet6"=35 -PROTO="proto"=36 -IP="ip"=37 -ICMP="icmp"=38 -IGMP="igmp"=39 -TCP="tcp"=40 -UDP="udp"=41 -RDP="rdp"=42 -RSVP="rsvp"=43 -GRE="gre"=44 -ESP="esp"=45 -AH="ah"=46 -EIGRP="eigrp"=47 -OSPF="ospf"=48 -IPIP="ipip"=49 -VRRP="vrrp"=50 -L2TP="l2tp"=51 -ISIS="isis"=52 -INT_CONST=53 -FROM="from"=54 -URPF_FAILED="urpf-failed"=55 -ANY="any"=56 -SELF="self"=57 -NO_ROUTE="no-route"=58 -IPV4=59 -IPV6=60 -SLASH=61 -LESS_THAN=62 -GREATER_THAN=63 -ROUTE_TO="route-to"=64 -REPLY_TO="reply-to"=65 -FLAGS="flags"=66 -ICMP_TYPE="icmp-type"=67 -ICMP_CODE="code"=68 -ICMP6_TYPE="icmp6-type"=69 -TAGGED="tagged"=70 -TAG="tag"=71 -NO="no"=72 -KEEP="keep"=73 -MODULATE="modulate"=74 -SYNPROXY="synproxy"=75 -STATE="state"=76 -LABEL="label"=77 -STRING=78 -PORT="port"=79 -COLON=80 -EXIT="exit"=81 -QUIT="quit"=82 -INTRFACE="interface"=83 -ICMP6="icmp6"=84 -IGRP="igrp"=85 -IPSEC="ipsec"=86 -NOS="nos"=87 -PCP="pcp"=88 -PIM="pim"=89 -PPTP="pptp"=90 -RIP="rip"=91 -SNP="snp"=92 -HOST="host"=93 -RANGE="range"=94 -LOG_LEVEL_ALERTS="alerts"=95 -LOG_LEVEL_CRITICAL="critical"=96 -LOG_LEVEL_DEBUGGING="debugging"=97 -LOG_LEVEL_EMERGENCIES="emergencies"=98 -LOG_LEVEL_ERRORS="errors"=99 -LOG_LEVEL_INFORMATIONAL="informational"=100 -LOG_LEVEL_NOTIFICATIONS="notifications"=101 -LOG_LEVEL_WARNINGS="warnings"=102 -LOG_LEVEL_DISABLE="disable"=103 -LOG_LEVEL_INACTIVE="inactive"=104 -TRANSLATE_TO="->"=105 -Whitespace=106 -HEX_CONST=107 -NUMBER=108 -NEG_INT_CONST=109 -HEX_DIGIT=110 -DIGIT=111 -NUM_3DIGIT=112 -NUM_HEX_4DIGIT=113 -NUMBER_ADDRESS_OR_WORD=114 -PIPE_CHAR=115 -NUMBER_SIGN=116 -PERCENT=117 -AMPERSAND=118 -APOSTROPHE=119 -STAR=120 -PLUS=121 -MINUS=122 -DOT=123 -SEMICOLON=124 -QUESTION=125 -COMMERCIAL_AT=126 -OPENING_SQUARE=127 -CLOSING_SQUARE=128 -CARET=129 -UNDERLINE=130 -TILDE=131 -DOUBLE_QUOTE=132 +LESS_THAN=14 +GREATER_THAN=15 +PERSIST="persist"=16 +CONST="const"=17 +COUNTERS=18 +FILE="file"=19 +STRING=20 +OPENING_BRACE=21 +COMMA=22 +CLOSING_BRACE=23 +EXLAMATION=24 +SELF="self"=25 +IPV4=26 +SLASH=27 +INT_CONST=28 +NAT="nat"=29 +BINAT="binat"=30 +RDR="rdr"=31 +TIMEOUT="timeout"=32 +PASS="pass"=33 +BLOCK="block"=34 +IN="in"=35 +OUT="out"=36 +LOG="log"=37 +OPENING_PAREN=38 +CLOSING_PAREN=39 +ALL="all"=40 +USER="user"=41 +TO="to"=42 +QUICK="quick"=43 +ON="on"=44 +INET="inet"=45 +INET6="inet6"=46 +PROTO="proto"=47 +IP="ip"=48 +ICMP="icmp"=49 +IGMP="igmp"=50 +TCP="tcp"=51 +UDP="udp"=52 +RDP="rdp"=53 +RSVP="rsvp"=54 +GRE="gre"=55 +ESP="esp"=56 +AH="ah"=57 +EIGRP="eigrp"=58 +OSPF="ospf"=59 +IPIP="ipip"=60 +VRRP="vrrp"=61 +L2TP="l2tp"=62 +ISIS="isis"=63 +FROM="from"=64 +URPF_FAILED="urpf-failed"=65 +ANY="any"=66 +NO_ROUTE="no-route"=67 +IPV6=68 +ROUTE_TO="route-to"=69 +REPLY_TO="reply-to"=70 +FLAGS="flags"=71 +ICMP_TYPE="icmp-type"=72 +ICMP_CODE="code"=73 +ICMP6_TYPE="icmp6-type"=74 +TAGGED="tagged"=75 +TAG="tag"=76 +NO="no"=77 +KEEP="keep"=78 +MODULATE="modulate"=79 +SYNPROXY="synproxy"=80 +STATE="state"=81 +LABEL="label"=82 +PORT="port"=83 +COLON=84 +EXIT="exit"=85 +QUIT="quit"=86 +INTRFACE="interface"=87 +ICMP6="icmp6"=88 +IGRP="igrp"=89 +IPSEC="ipsec"=90 +NOS="nos"=91 +PCP="pcp"=92 +PIM="pim"=93 +PPTP="pptp"=94 +RIP="rip"=95 +SNP="snp"=96 +HOST="host"=97 +RANGE="range"=98 +LOG_LEVEL_ALERTS="alerts"=99 +LOG_LEVEL_CRITICAL="critical"=100 +LOG_LEVEL_DEBUGGING="debugging"=101 +LOG_LEVEL_EMERGENCIES="emergencies"=102 +LOG_LEVEL_ERRORS="errors"=103 +LOG_LEVEL_INFORMATIONAL="informational"=104 +LOG_LEVEL_NOTIFICATIONS="notifications"=105 +LOG_LEVEL_WARNINGS="warnings"=106 +LOG_LEVEL_DISABLE="disable"=107 +LOG_LEVEL_INACTIVE="inactive"=108 +TRANSLATE_TO="->"=109 +Whitespace=110 +HEX_CONST=111 +NUMBER=112 +NEG_INT_CONST=113 +HEX_DIGIT=114 +DIGIT=115 +NUM_3DIGIT=116 +NUM_HEX_4DIGIT=117 +NUMBER_ADDRESS_OR_WORD=118 +PIPE_CHAR=119 +NUMBER_SIGN=120 +PERCENT=121 +AMPERSAND=122 +APOSTROPHE=123 +STAR=124 +PLUS=125 +MINUS=126 +DOT=127 +SEMICOLON=128 +QUESTION=129 +COMMERCIAL_AT=130 +OPENING_SQUARE=131 +CLOSING_SQUARE=132 +CARET=133 +UNDERLINE=134 +TILDE=135 +DOUBLE_QUOTE=136 diff --git a/src/parsers/pf.g b/src/parsers/pf.g index 1bf312024..85ec8f114 100644 --- a/src/parsers/pf.g +++ b/src/parsers/pf.g @@ -213,13 +213,62 @@ scrub_command : SCRUB ; //**************************************************************** -table_command : TABLE +table_command : + TABLE { importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); - importer->addMessageToLog( - QString("Warning: import of 'table' commands has not been implemented yet.")); - consumeUntil(NEWLINE); + } + LESS_THAN + name:WORD + GREATER_THAN + ( PERSIST ) ? + ( CONST ) ? + ( COUNTERS )? + ( + FILE file:STRING + { + importer->newAddressTableObject(name->getText(), file->getText()); + } + | + OPENING_BRACE + tableaddr_spec + ( + ( COMMA )? + tableaddr_spec + )* + CLOSING_BRACE + { + importer->newAddressTableObject(name->getText(), importer->tmp_group); + } + ) + ; + +tableaddr_spec { AddressSpec as; } : + ( EXLAMATION { as.neg = true; } )? + ( + WORD { as.at = AddressSpec::INTERFACE_NAME; as.address = LT(0)->getText(); } + | + SELF { as.at = AddressSpec::SPECIAL_ADDRESS; as.address = "self"; } + | + IPV4 + { + as.at = AddressSpec::HOST_ADDRESS; + as.address = LT(0)->getText(); + } + ( + SLASH + { + as.at = AddressSpec::NETWORK_ADDRESS; + } + ( IPV4 | INT_CONST ) + { + as.netmask = LT(0)->getText(); + } + )? + ) + { + importer->tmp_group.push_back(as); } ; @@ -425,9 +474,9 @@ hosts : ALL { importer->src_group.push_back( - AddressSpec(AddressSpec::ANY, "0.0.0.0", "0.0.0.0")); + AddressSpec(AddressSpec::ANY, false, "0.0.0.0", "0.0.0.0")); importer->dst_group.push_back( - AddressSpec(AddressSpec::ANY, "0.0.0.0", "0.0.0.0")); + AddressSpec(AddressSpec::ANY, false, "0.0.0.0", "0.0.0.0")); } | ( hosts_from )? ( hosts_to )? @@ -448,7 +497,7 @@ src_hosts_part : URPF_FAILED { importer->tmp_group.push_back( - AddressSpec(AddressSpec::SPECIAL_ADDRESS, + AddressSpec(AddressSpec::SPECIAL_ADDRESS, false, "urpf-failed", "")); } ) @@ -472,19 +521,19 @@ common_hosts_part : ANY { importer->tmp_group.push_back( - AddressSpec(AddressSpec::ANY, "0.0.0.0", "0.0.0.0")); + AddressSpec(AddressSpec::ANY, false, "0.0.0.0", "0.0.0.0")); } | SELF { importer->tmp_group.push_back( - AddressSpec(AddressSpec::SPECIAL_ADDRESS, "self", "")); + AddressSpec(AddressSpec::SPECIAL_ADDRESS, false, "self", "")); } | NO_ROUTE { importer->tmp_group.push_back( - AddressSpec(AddressSpec::SPECIAL_ADDRESS, "no-route", "")); + AddressSpec(AddressSpec::SPECIAL_ADDRESS, false, "no-route", "")); } | host @@ -514,7 +563,7 @@ host : if (h) addr = h->getText(); if (nm) netm = nm->getText(); importer->tmp_group.push_back( - AddressSpec(AddressSpec::NETWORK_ADDRESS, + AddressSpec(AddressSpec::NETWORK_ADDRESS, false, addr, netm)); } } @@ -523,14 +572,14 @@ host : { // This should be an interface name importer->tmp_group.push_back( - AddressSpec(AddressSpec::INTERFACE_NAME, + AddressSpec(AddressSpec::INTERFACE_NAME, false, LT(0)->getText(), "")); } | LESS_THAN tn:WORD GREATER_THAN { importer->tmp_group.push_back( - AddressSpec(AddressSpec::TABLE, tn->getText(), "")); + AddressSpec(AddressSpec::TABLE, false, tn->getText(), "")); } ) ; @@ -923,6 +972,9 @@ tokens RDR = "rdr"; BINAT = "binat"; TABLE = "table"; + CONST = "const"; + PERSIST = "persist"; + FILE = "file"; QUEUE = "queue"; From 29bf29f89221c66c471bef4148bbc3cf8dd65631 Mon Sep 17 00:00:00 2001 From: Vadim Kurland Date: Thu, 26 May 2011 12:06:50 -0700 Subject: [PATCH 08/10] see #2394 grammar clean-up; creating policy rules in the right ruleset and renumbering rule set in the end --- src/import/PFImporter.cpp | 61 ++-- src/parsers/PFCfgLexer.cpp | 170 ++++----- src/parsers/PFCfgLexer.hpp | 2 +- src/parsers/PFCfgParser.cpp | 484 +++++++++++++------------- src/parsers/PFCfgParser.hpp | 2 +- src/parsers/PFCfgParserTokenTypes.hpp | 2 +- src/parsers/PFCfgParserTokenTypes.txt | 2 +- src/parsers/pf.g | 95 ++--- test/pf/pf_cluster_4_rc.conf.local | 4 +- 9 files changed, 423 insertions(+), 399 deletions(-) diff --git a/src/import/PFImporter.cpp b/src/import/PFImporter.cpp index 26f2afc44..6aaff2f19 100644 --- a/src/import/PFImporter.cpp +++ b/src/import/PFImporter.cpp @@ -291,10 +291,8 @@ void PFImporter::pushRule() void PFImporter::pushPolicyRule() { - if (current_ruleset == NULL) - { - newUnidirRuleSet("filter", libfwbuilder::Policy::TYPENAME ); - } + RuleSet *ruleset = RuleSet::cast( + getFirewallObject()->getFirstByType(Policy::TYPENAME)); assert(current_rule!=NULL); // populate all elements of the rule @@ -377,7 +375,8 @@ void PFImporter::pushPolicyRule() addLogging(); // then add it to the current ruleset - current_ruleset->ruleset->add(current_rule); + ruleset->add(current_rule); + addStandardImportComment( current_rule, QString::fromUtf8(rule_comment.c_str())); @@ -386,6 +385,14 @@ void PFImporter::pushPolicyRule() } +void PFImporter::pushNATRule() +{ + RuleSet *ruleset = RuleSet::cast( + getFirewallObject()->getFirstByType(NAT::TYPENAME)); + + assert(current_rule!=NULL); +} + Firewall* PFImporter::finalize() { // scan all UnidirectionalRuleSet objects, set interface and @@ -399,28 +406,40 @@ Firewall* PFImporter::finalize() { Firewall *fw = Firewall::cast(getFirewallObject()); - if (! discovered_platform.empty()) - { - QString pl = QString(discovered_platform.c_str()).toLower(); + // We can not "discover" host OS just by reading pf.conf file. + // Assume FreeBSD - fw->setStr("platform", pl.toStdString()); + fw->setStr("platform", "pf"); - string host_os = "openbsd"; + string host_os = "freebsd"; - if (! host_os.empty()) - { - fw->setStr("host_OS", host_os); - Resources::setDefaultTargetOptions(host_os , fw); - } + fw->setStr("host_OS", host_os); + Resources::setDefaultTargetOptions(host_os , fw); - string version = findBestVersionMatch( - pl, discovered_version.c_str()).toStdString(); + // We may be able to infer at least something about the version + // from the pf.conf file in the future. + string version = findBestVersionMatch( + "pf", discovered_version.c_str()).toStdString(); - if ( ! version.empty()) fw->setStr("version", version); - } + if ( ! version.empty()) fw->setStr("version", version); rearrangeVlanInterfaces(); + list l1 = fw->getByType(Policy::TYPENAME); + for (list::iterator i=l1.begin(); i!=l1.end(); ++i) + { + RuleSet *rs = RuleSet::cast(*i); + rs->renumberRules(); + } + + // Deal with NAT ruleset + list l2 = fw->getByType(NAT::TYPENAME); + for (list::iterator i=l2.begin(); i!=l2.end(); ++i) + { + RuleSet *rs = RuleSet::cast(*i); + rs->renumberRules(); + } + return fw; } else @@ -429,10 +448,6 @@ Firewall* PFImporter::finalize() } } -void PFImporter::pushNATRule() -{ -} - Interface* PFImporter::getInterfaceByName(const string &name) { map::iterator it; diff --git a/src/parsers/PFCfgLexer.cpp b/src/parsers/PFCfgLexer.cpp index c49f3e3c1..e8a8e8a61 100644 --- a/src/parsers/PFCfgLexer.cpp +++ b/src/parsers/PFCfgLexer.cpp @@ -1,4 +1,4 @@ -/* $ANTLR 2.7.7 (20090306): "pf.g" -> "PFCfgLexer.cpp"$ */ +/* $ANTLR 2.7.7 (20100319): "pf.g" -> "PFCfgLexer.cpp"$ */ #line 42 "pf.g" // gets inserted before the antlr generated includes in the cpp @@ -438,11 +438,11 @@ void PFCfgLexer::mLINE_COMMENT(bool _createToken) { } } else { - goto _loop152; + goto _loop151; } } - _loop152:; + _loop151:; } // ( ... )* mNEWLINE(false); if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { @@ -474,7 +474,7 @@ void PFCfgLexer::mNEWLINE(bool _createToken) { } if ( inputState->guessing==0 ) { -#line 1010 "pf.g" +#line 1021 "pf.g" newline(); #line 480 "PFCfgLexer.cpp" } @@ -555,7 +555,7 @@ void PFCfgLexer::mWhitespace(bool _createToken) { } } if ( inputState->guessing==0 ) { -#line 1005 "pf.g" +#line 1016 "pf.g" _ttype = ANTLR_USE_NAMESPACE(antlr)Token::SKIP; #line 561 "PFCfgLexer.cpp" } @@ -742,10 +742,10 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { _ttype = NUMBER_ADDRESS_OR_WORD; ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; - bool synPredMatched177 = false; + bool synPredMatched176 = false; if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (_tokenSet_2.member(LA(2))) && (_tokenSet_2.member(LA(3))))) { - int _m177 = mark(); - synPredMatched177 = true; + int _m176 = mark(); + synPredMatched176 = true; inputState->guessing++; try { { @@ -756,12 +756,12 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { - synPredMatched177 = false; + synPredMatched176 = false; } - rewind(_m177); + rewind(_m176); inputState->guessing--; } - if ( synPredMatched177 ) { + if ( synPredMatched176 ) { { mNUM_3DIGIT(false); match('.' /* charlit */ ); @@ -772,99 +772,99 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { mNUM_3DIGIT(false); } if ( inputState->guessing==0 ) { -#line 1047 "pf.g" +#line 1058 "pf.g" _ttype = IPV4; #line 778 "PFCfgLexer.cpp" } } else { - bool synPredMatched184 = false; + bool synPredMatched183 = false; if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (_tokenSet_2.member(LA(2))) && (_tokenSet_2.member(LA(3))))) { - int _m184 = mark(); - synPredMatched184 = true; + int _m183 = mark(); + synPredMatched183 = true; inputState->guessing++; try { { { // ( ... )+ - int _cnt181=0; + int _cnt180=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt181>=1 ) { goto _loop181; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt180>=1 ) { goto _loop180; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt181++; + _cnt180++; } - _loop181:; + _loop180:; } // ( ... )+ match('.' /* charlit */ ); { // ( ... )+ - int _cnt183=0; + int _cnt182=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt183>=1 ) { goto _loop183; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt182>=1 ) { goto _loop182; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt183++; + _cnt182++; } - _loop183:; + _loop182:; } // ( ... )+ } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { - synPredMatched184 = false; + synPredMatched183 = false; } - rewind(_m184); + rewind(_m183); inputState->guessing--; } - if ( synPredMatched184 ) { + if ( synPredMatched183 ) { { { // ( ... )+ - int _cnt187=0; + int _cnt186=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt187>=1 ) { goto _loop187; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt186>=1 ) { goto _loop186; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt187++; + _cnt186++; } - _loop187:; + _loop186:; } // ( ... )+ match('.' /* charlit */ ); { // ( ... )+ - int _cnt189=0; + int _cnt188=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt189>=1 ) { goto _loop189; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt188>=1 ) { goto _loop188; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt189++; + _cnt188++; } - _loop189:; + _loop188:; } // ( ... )+ } if ( inputState->guessing==0 ) { -#line 1050 "pf.g" +#line 1061 "pf.g" _ttype = NUMBER; #line 861 "PFCfgLexer.cpp" } } else { - bool synPredMatched208 = false; + bool synPredMatched207 = false; if (((LA(1) == 0x3a /* ':' */ ) && (LA(2) == 0x3a /* ':' */ ) && ((LA(3) >= 0x30 /* '0' */ && LA(3) <= 0x39 /* '9' */ )))) { - int _m208 = mark(); - synPredMatched208 = true; + int _m207 = mark(); + synPredMatched207 = true; inputState->guessing++; try { { @@ -874,12 +874,12 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { - synPredMatched208 = false; + synPredMatched207 = false; } - rewind(_m208); + rewind(_m207); inputState->guessing--; } - if ( synPredMatched208 ) { + if ( synPredMatched207 ) { match(':' /* charlit */ ); match(':' /* charlit */ ); mNUM_HEX_4DIGIT(false); @@ -890,23 +890,23 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { mNUM_HEX_4DIGIT(false); } else { - goto _loop210; + goto _loop209; } } - _loop210:; + _loop209:; } // ( ... )* if ( inputState->guessing==0 ) { -#line 1073 "pf.g" +#line 1084 "pf.g" _ttype = IPV6; #line 903 "PFCfgLexer.cpp" } } else { - bool synPredMatched193 = false; + bool synPredMatched192 = false; if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && ((LA(2) >= 0x61 /* 'a' */ && LA(2) <= 0x66 /* 'f' */ )))) { - int _m193 = mark(); - synPredMatched193 = true; + int _m192 = mark(); + synPredMatched192 = true; inputState->guessing++; try { { @@ -915,60 +915,60 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { - synPredMatched193 = false; + synPredMatched192 = false; } - rewind(_m193); + rewind(_m192); inputState->guessing--; } - if ( synPredMatched193 ) { + if ( synPredMatched192 ) { { - bool synPredMatched198 = false; + bool synPredMatched197 = false; if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && ((LA(2) >= 0x61 /* 'a' */ && LA(2) <= 0x66 /* 'f' */ )) && ((LA(3) >= 0x30 /* '0' */ && LA(3) <= 0x3a /* ':' */ )))) { - int _m198 = mark(); - synPredMatched198 = true; + int _m197 = mark(); + synPredMatched197 = true; inputState->guessing++; try { { { // ( ... )+ - int _cnt197=0; + int _cnt196=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mNUM_HEX_4DIGIT(false); match(':' /* charlit */ ); } else { - if ( _cnt197>=1 ) { goto _loop197; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt196>=1 ) { goto _loop196; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt197++; + _cnt196++; } - _loop197:; + _loop196:; } // ( ... )+ match(':' /* charlit */ ); } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { - synPredMatched198 = false; + synPredMatched197 = false; } - rewind(_m198); + rewind(_m197); inputState->guessing--; } - if ( synPredMatched198 ) { + if ( synPredMatched197 ) { { { // ( ... )+ - int _cnt201=0; + int _cnt200=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mNUM_HEX_4DIGIT(false); match(':' /* charlit */ ); } else { - if ( _cnt201>=1 ) { goto _loop201; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt200>=1 ) { goto _loop200; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt201++; + _cnt200++; } - _loop201:; + _loop200:; } // ( ... )+ match(':' /* charlit */ ); { @@ -981,11 +981,11 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { mNUM_HEX_4DIGIT(false); } else { - goto _loop204; + goto _loop203; } } - _loop204:; + _loop203:; } // ( ... )* } else { @@ -994,7 +994,7 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { } } if ( inputState->guessing==0 ) { -#line 1064 "pf.g" +#line 1075 "pf.g" _ttype = IPV6; #line 1000 "PFCfgLexer.cpp" } @@ -1002,22 +1002,22 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { else if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && ((LA(2) >= 0x61 /* 'a' */ && LA(2) <= 0x66 /* 'f' */ )) && ((LA(3) >= 0x30 /* '0' */ && LA(3) <= 0x3a /* ':' */ ))) { mNUM_HEX_4DIGIT(false); { // ( ... )+ - int _cnt206=0; + int _cnt205=0; for (;;) { if ((LA(1) == 0x3a /* ':' */ )) { match(':' /* charlit */ ); mNUM_HEX_4DIGIT(false); } else { - if ( _cnt206>=1 ) { goto _loop206; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt205>=1 ) { goto _loop205; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt206++; + _cnt205++; } - _loop206:; + _loop205:; } // ( ... )+ if ( inputState->guessing==0 ) { -#line 1067 "pf.g" +#line 1078 "pf.g" _ttype = IPV6; #line 1023 "PFCfgLexer.cpp" } @@ -1028,7 +1028,7 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { } if ( inputState->guessing==0 ) { -#line 1069 "pf.g" +#line 1080 "pf.g" _ttype = IPV6; #line 1034 "PFCfgLexer.cpp" } @@ -1037,28 +1037,28 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { match(':' /* charlit */ ); match(':' /* charlit */ ); if ( inputState->guessing==0 ) { -#line 1076 "pf.g" +#line 1087 "pf.g" _ttype = IPV6; #line 1043 "PFCfgLexer.cpp" } } else if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (true) && (true)) { { // ( ... )+ - int _cnt191=0; + int _cnt190=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt191>=1 ) { goto _loop191; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt190>=1 ) { goto _loop190; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt191++; + _cnt190++; } - _loop191:; + _loop190:; } // ( ... )+ if ( inputState->guessing==0 ) { -#line 1055 "pf.g" +#line 1066 "pf.g" _ttype = INT_CONST; #line 1064 "PFCfgLexer.cpp" } @@ -1066,7 +1066,7 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { else if ((LA(1) == 0x3a /* ':' */ ) && (true)) { match(':' /* charlit */ ); if ( inputState->guessing==0 ) { -#line 1079 "pf.g" +#line 1090 "pf.g" _ttype = COLON; #line 1072 "PFCfgLexer.cpp" } @@ -1279,14 +1279,14 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { } default: { - goto _loop213; + goto _loop212; } } } - _loop213:; + _loop212:; } // ( ... )* if ( inputState->guessing==0 ) { -#line 1091 "pf.g" +#line 1102 "pf.g" _ttype = WORD; #line 1292 "PFCfgLexer.cpp" } @@ -1316,11 +1316,11 @@ void PFCfgLexer::mSTRING(bool _createToken) { matchNot('\"' /* charlit */ ); } else { - goto _loop216; + goto _loop215; } } - _loop216:; + _loop215:; } // ( ... )* match('\"' /* charlit */ ); if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { diff --git a/src/parsers/PFCfgLexer.hpp b/src/parsers/PFCfgLexer.hpp index 719eaf729..884935613 100644 --- a/src/parsers/PFCfgLexer.hpp +++ b/src/parsers/PFCfgLexer.hpp @@ -9,7 +9,7 @@ #line 11 "PFCfgLexer.hpp" #include -/* $ANTLR 2.7.7 (20090306): "pf.g" -> "PFCfgLexer.hpp"$ */ +/* $ANTLR 2.7.7 (20100319): "pf.g" -> "PFCfgLexer.hpp"$ */ #include #include #include diff --git a/src/parsers/PFCfgParser.cpp b/src/parsers/PFCfgParser.cpp index 5304ae4f8..bebadf05a 100644 --- a/src/parsers/PFCfgParser.cpp +++ b/src/parsers/PFCfgParser.cpp @@ -1,4 +1,4 @@ -/* $ANTLR 2.7.7 (20090306): "pf.g" -> "PFCfgParser.cpp"$ */ +/* $ANTLR 2.7.7 (20100319): "pf.g" -> "PFCfgParser.cpp"$ */ #line 42 "pf.g" // gets inserted before the antlr generated includes in the cpp @@ -362,9 +362,10 @@ void PFCfgParser::table_command() { match(STRING); #line 230 "pf.g" - importer->newAddressTableObject(name->getText(), file->getText()); + importer->newAddressTableObject( + name->getText(), file->getText()); -#line 368 "PFCfgParser.cpp" +#line 369 "PFCfgParser.cpp" break; } case OPENING_BRACE: @@ -404,11 +405,12 @@ void PFCfgParser::table_command() { _loop18:; } // ( ... )* match(CLOSING_BRACE); -#line 241 "pf.g" +#line 242 "pf.g" - importer->newAddressTableObject(name->getText(), importer->tmp_group); + importer->newAddressTableObject( + name->getText(), importer->tmp_group); -#line 412 "PFCfgParser.cpp" +#line 414 "PFCfgParser.cpp" break; } default: @@ -429,7 +431,7 @@ void PFCfgParser::nat_command() { try { // for error handling match(NAT); -#line 277 "pf.g" +#line 287 "pf.g" importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); @@ -437,7 +439,7 @@ void PFCfgParser::nat_command() { QString("Warning: import of 'nat' commands has not been implemented yet.")); consumeUntil(NEWLINE); -#line 441 "PFCfgParser.cpp" +#line 443 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -450,7 +452,7 @@ void PFCfgParser::rdr_command() { try { // for error handling match(RDR); -#line 299 "pf.g" +#line 309 "pf.g" importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); @@ -458,7 +460,7 @@ void PFCfgParser::rdr_command() { QString("Warning: import of 'rdr' commands has not been implemented yet.")); consumeUntil(NEWLINE); -#line 462 "PFCfgParser.cpp" +#line 464 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -471,7 +473,7 @@ void PFCfgParser::binat_command() { try { // for error handling match(BINAT); -#line 288 "pf.g" +#line 298 "pf.g" importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); @@ -479,7 +481,7 @@ void PFCfgParser::binat_command() { QString("Error: import of 'binat' commands is not supported.")); consumeUntil(NEWLINE); -#line 483 "PFCfgParser.cpp" +#line 485 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -492,7 +494,7 @@ void PFCfgParser::pass_command() { try { // for error handling match(PASS); -#line 333 "pf.g" +#line 343 "pf.g" importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); @@ -500,14 +502,14 @@ void PFCfgParser::pass_command() { importer->action = "pass"; *dbg << LT(1)->getLine() << ":" << " pass "; -#line 504 "PFCfgParser.cpp" +#line 506 "PFCfgParser.cpp" rule_extended(); match(NEWLINE); -#line 341 "pf.g" +#line 351 "pf.g" importer->pushRule(); -#line 511 "PFCfgParser.cpp" +#line 513 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -520,7 +522,7 @@ void PFCfgParser::block_command() { try { // for error handling match(BLOCK); -#line 347 "pf.g" +#line 357 "pf.g" importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); @@ -528,14 +530,14 @@ void PFCfgParser::block_command() { importer->action = "block"; *dbg << LT(1)->getLine() << ":" << " block "; -#line 532 "PFCfgParser.cpp" +#line 534 "PFCfgParser.cpp" rule_extended(); match(NEWLINE); -#line 355 "pf.g" +#line 365 "pf.g" importer->pushRule(); -#line 539 "PFCfgParser.cpp" +#line 541 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -548,7 +550,7 @@ void PFCfgParser::timeout_command() { try { // for error handling match(TIMEOUT); -#line 310 "pf.g" +#line 320 "pf.g" importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); @@ -556,7 +558,7 @@ void PFCfgParser::timeout_command() { QString("Warning: import of 'timeout' commands has not been implemented yet.")); consumeUntil(NEWLINE); -#line 560 "PFCfgParser.cpp" +#line 562 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -569,13 +571,13 @@ void PFCfgParser::unknown_command() { try { // for error handling match(WORD); -#line 322 "pf.g" +#line 332 "pf.g" importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); consumeUntil(NEWLINE); -#line 579 "PFCfgParser.cpp" +#line 581 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -585,9 +587,9 @@ void PFCfgParser::unknown_command() { void PFCfgParser::tableaddr_spec() { Tracer traceInOut(this, "tableaddr_spec"); -#line 247 "pf.g" +#line 249 "pf.g" AddressSpec as; -#line 591 "PFCfgParser.cpp" +#line 593 "PFCfgParser.cpp" try { // for error handling { @@ -595,9 +597,9 @@ void PFCfgParser::tableaddr_spec() { case EXLAMATION: { match(EXLAMATION); -#line 248 "pf.g" +#line 250 "pf.g" as.neg = true; -#line 601 "PFCfgParser.cpp" +#line 603 "PFCfgParser.cpp" break; } case WORD: @@ -617,38 +619,44 @@ void PFCfgParser::tableaddr_spec() { case WORD: { match(WORD); -#line 250 "pf.g" - as.at = AddressSpec::INTERFACE_NAME; as.address = LT(0)->getText(); -#line 623 "PFCfgParser.cpp" +#line 253 "pf.g" + + as.at = AddressSpec::INTERFACE_NAME; + as.address = LT(0)->getText(); + +#line 628 "PFCfgParser.cpp" break; } case SELF: { match(SELF); -#line 252 "pf.g" - as.at = AddressSpec::SPECIAL_ADDRESS; as.address = "self"; -#line 631 "PFCfgParser.cpp" +#line 259 "pf.g" + + as.at = AddressSpec::SPECIAL_ADDRESS; + as.address = "self"; + +#line 639 "PFCfgParser.cpp" break; } case IPV4: { match(IPV4); -#line 255 "pf.g" +#line 265 "pf.g" as.at = AddressSpec::HOST_ADDRESS; as.address = LT(0)->getText(); -#line 642 "PFCfgParser.cpp" +#line 650 "PFCfgParser.cpp" { switch ( LA(1)) { case SLASH: { match(SLASH); -#line 261 "pf.g" +#line 271 "pf.g" as.at = AddressSpec::NETWORK_ADDRESS; -#line 652 "PFCfgParser.cpp" +#line 660 "PFCfgParser.cpp" { switch ( LA(1)) { case IPV4: @@ -667,11 +675,11 @@ void PFCfgParser::tableaddr_spec() { } } } -#line 265 "pf.g" +#line 275 "pf.g" as.netmask = LT(0)->getText(); -#line 675 "PFCfgParser.cpp" +#line 683 "PFCfgParser.cpp" break; } case WORD: @@ -697,11 +705,11 @@ void PFCfgParser::tableaddr_spec() { } } } -#line 270 "pf.g" +#line 280 "pf.g" importer->tmp_group.push_back(as); -#line 705 "PFCfgParser.cpp" +#line 713 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -1030,11 +1038,11 @@ void PFCfgParser::direction() { } } } -#line 373 "pf.g" +#line 383 "pf.g" importer->direction = LT(0)->getText(); -#line 1038 "PFCfgParser.cpp" +#line 1046 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -1085,11 +1093,11 @@ void PFCfgParser::logging() { } } } -#line 380 "pf.g" +#line 390 "pf.g" importer->logging = true; -#line 1093 "PFCfgParser.cpp" +#line 1101 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -1102,11 +1110,11 @@ void PFCfgParser::quick() { try { // for error handling match(QUICK); -#line 402 "pf.g" +#line 412 "pf.g" importer->quick = true; -#line 1110 "PFCfgParser.cpp" +#line 1118 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -1185,11 +1193,11 @@ void PFCfgParser::address_family() { case INET6: { match(INET6); -#line 432 "pf.g" +#line 442 "pf.g" importer->address_family = LT(0)->getText(); -#line 1193 "PFCfgParser.cpp" +#line 1201 "PFCfgParser.cpp" break; } default: @@ -1225,14 +1233,14 @@ void PFCfgParser::hosts() { case ALL: { match(ALL); -#line 475 "pf.g" +#line 485 "pf.g" importer->src_group.push_back( AddressSpec(AddressSpec::ANY, false, "0.0.0.0", "0.0.0.0")); importer->dst_group.push_back( AddressSpec(AddressSpec::ANY, false, "0.0.0.0", "0.0.0.0")); -#line 1236 "PFCfgParser.cpp" +#line 1244 "PFCfgParser.cpp" break; } case NEWLINE: @@ -1359,11 +1367,11 @@ void PFCfgParser::filteropts() { filteropt(); } else { - goto _loop107; + goto _loop106; } } - _loop107:; + _loop106:; } // ( ... )* } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1382,9 +1390,9 @@ void PFCfgParser::logopts() { for (;;) { if ((LA(1) == COMMA)) { match(COMMA); -#line 389 "pf.g" +#line 399 "pf.g" importer->logopts += ","; -#line 1388 "PFCfgParser.cpp" +#line 1396 "PFCfgParser.cpp" logopt(); } else { @@ -1421,11 +1429,11 @@ void PFCfgParser::logopt() { { match(TO); match(WORD); -#line 396 "pf.g" +#line 406 "pf.g" importer->logopts += LT(0)->getText(); -#line 1429 "PFCfgParser.cpp" +#line 1437 "PFCfgParser.cpp" break; } default: @@ -1442,9 +1450,9 @@ void PFCfgParser::logopt() { void PFCfgParser::ifspec() { Tracer traceInOut(this, "ifspec"); -#line 410 "pf.g" +#line 420 "pf.g" InterfaceSpec is; -#line 1448 "PFCfgParser.cpp" +#line 1456 "PFCfgParser.cpp" try { // for error handling { @@ -1452,9 +1460,9 @@ void PFCfgParser::ifspec() { case EXLAMATION: { match(EXLAMATION); -#line 411 "pf.g" +#line 421 "pf.g" is.neg = true; -#line 1458 "PFCfgParser.cpp" +#line 1466 "PFCfgParser.cpp" break; } case WORD: @@ -1468,13 +1476,13 @@ void PFCfgParser::ifspec() { } } match(WORD); -#line 413 "pf.g" +#line 423 "pf.g" is.name = LT(0)->getText(); importer->iface_group.push_back(is); importer->newInterface(is.name); -#line 1478 "PFCfgParser.cpp" +#line 1486 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -1667,11 +1675,11 @@ void PFCfgParser::proto_name() { } } } -#line 452 "pf.g" +#line 462 "pf.g" importer->proto_list.push_back(LT(0)->getText()); -#line 1675 "PFCfgParser.cpp" +#line 1683 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -1684,11 +1692,11 @@ void PFCfgParser::proto_number() { try { // for error handling match(INT_CONST); -#line 458 "pf.g" +#line 468 "pf.g" importer->proto_list.push_back(LT(0)->getText()); -#line 1692 "PFCfgParser.cpp" +#line 1700 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -1935,13 +1943,13 @@ void PFCfgParser::src_hosts_part() { case URPF_FAILED: { match(URPF_FAILED); -#line 498 "pf.g" +#line 508 "pf.g" importer->tmp_group.push_back( AddressSpec(AddressSpec::SPECIAL_ADDRESS, false, "urpf-failed", "")); -#line 1945 "PFCfgParser.cpp" +#line 1953 "PFCfgParser.cpp" break; } default: @@ -1950,13 +1958,13 @@ void PFCfgParser::src_hosts_part() { } } } -#line 504 "pf.g" +#line 514 "pf.g" importer->src_neg = importer->tmp_neg; importer->src_group.splice(importer->src_group.begin(), importer->tmp_group); -#line 1960 "PFCfgParser.cpp" +#line 1968 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -1992,12 +2000,12 @@ void PFCfgParser::src_port_part() { } } } -#line 789 "pf.g" +#line 800 "pf.g" importer->src_port_group.splice(importer->src_port_group.begin(), importer->tmp_port_group); -#line 2001 "PFCfgParser.cpp" +#line 2009 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -2010,13 +2018,13 @@ void PFCfgParser::dst_hosts_part() { try { // for error handling common_hosts_part(); -#line 513 "pf.g" +#line 523 "pf.g" importer->dst_neg = importer->tmp_neg; importer->dst_group.splice(importer->dst_group.begin(), importer->tmp_group); -#line 2020 "PFCfgParser.cpp" +#line 2028 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -2052,12 +2060,12 @@ void PFCfgParser::dst_port_part() { } } } -#line 797 "pf.g" +#line 808 "pf.g" importer->dst_port_group.splice(importer->dst_port_group.begin(), importer->tmp_port_group); -#line 2061 "PFCfgParser.cpp" +#line 2069 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -2073,39 +2081,29 @@ void PFCfgParser::common_hosts_part() { case ANY: { match(ANY); -#line 522 "pf.g" +#line 532 "pf.g" importer->tmp_group.push_back( AddressSpec(AddressSpec::ANY, false, "0.0.0.0", "0.0.0.0")); -#line 2082 "PFCfgParser.cpp" - break; - } - case SELF: - { - match(SELF); -#line 528 "pf.g" - - importer->tmp_group.push_back( - AddressSpec(AddressSpec::SPECIAL_ADDRESS, false, "self", "")); - -#line 2093 "PFCfgParser.cpp" +#line 2090 "PFCfgParser.cpp" break; } case NO_ROUTE: { match(NO_ROUTE); -#line 534 "pf.g" +#line 538 "pf.g" importer->tmp_group.push_back( AddressSpec(AddressSpec::SPECIAL_ADDRESS, false, "no-route", "")); -#line 2104 "PFCfgParser.cpp" +#line 2101 "PFCfgParser.cpp" break; } case WORD: case LESS_THAN: case EXLAMATION: + case SELF: case IPV4: case IPV6: { @@ -2131,11 +2129,10 @@ void PFCfgParser::common_hosts_part() { void PFCfgParser::host() { Tracer traceInOut(this, "host"); - ANTLR_USE_NAMESPACE(antlr)RefToken h = ANTLR_USE_NAMESPACE(antlr)nullToken; - ANTLR_USE_NAMESPACE(antlr)RefToken v6 = ANTLR_USE_NAMESPACE(antlr)nullToken; - ANTLR_USE_NAMESPACE(antlr)RefToken nm = ANTLR_USE_NAMESPACE(antlr)nullToken; - ANTLR_USE_NAMESPACE(antlr)RefToken nm6 = ANTLR_USE_NAMESPACE(antlr)nullToken; ANTLR_USE_NAMESPACE(antlr)RefToken tn = ANTLR_USE_NAMESPACE(antlr)nullToken; +#line 548 "pf.g" + AddressSpec as; +#line 2136 "PFCfgParser.cpp" try { // for error handling { @@ -2143,15 +2140,14 @@ void PFCfgParser::host() { case EXLAMATION: { match(EXLAMATION); -#line 547 "pf.g" - - importer->tmp_neg = true; - -#line 2151 "PFCfgParser.cpp" +#line 549 "pf.g" + as.neg = true; +#line 2146 "PFCfgParser.cpp" break; } case WORD: case LESS_THAN: + case SELF: case IPV4: case IPV6: { @@ -2165,45 +2161,69 @@ void PFCfgParser::host() { } { switch ( LA(1)) { - case IPV4: + case WORD: + { + match(WORD); +#line 552 "pf.g" + + // interface name or domain/host name + as.at = AddressSpec::INTERFACE_NAME; + as.address = LT(0)->getText(); + +#line 2174 "PFCfgParser.cpp" + break; + } + case SELF: + { + match(SELF); +#line 559 "pf.g" + + as.at = AddressSpec::SPECIAL_ADDRESS; + as.address = "self"; + +#line 2185 "PFCfgParser.cpp" + break; + } case IPV6: { - { - switch ( LA(1)) { - case IPV4: - { - h = LT(1); - match(IPV4); - break; - } - case IPV6: - { - v6 = LT(1); - match(IPV6); - break; - } - default: - { - throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); - } - } - } + match(IPV6); +#line 565 "pf.g" + + importer->addMessageToLog( + QString("Error: IPv6 import is not supported. ")); + consumeUntil(NEWLINE); + +#line 2197 "PFCfgParser.cpp" + break; + } + case IPV4: + { + match(IPV4); +#line 572 "pf.g" + + as.at = AddressSpec::HOST_ADDRESS; + as.address = LT(0)->getText(); + +#line 2208 "PFCfgParser.cpp" { switch ( LA(1)) { case SLASH: { match(SLASH); +#line 578 "pf.g" + + as.at = AddressSpec::NETWORK_ADDRESS; + +#line 2218 "PFCfgParser.cpp" { switch ( LA(1)) { case IPV4: { - nm = LT(1); match(IPV4); break; } case INT_CONST: { - nm6 = LT(1); match(INT_CONST); break; } @@ -2213,6 +2233,11 @@ void PFCfgParser::host() { } } } +#line 582 "pf.g" + + as.netmask = LT(0)->getText(); + +#line 2241 "PFCfgParser.cpp" break; } case NEWLINE: @@ -2240,38 +2265,6 @@ void PFCfgParser::host() { } } } -#line 553 "pf.g" - - if (v6) - { - importer->addMessageToLog( - QString("Error: IPv6 import is not supported. ")); - consumeUntil(NEWLINE); - } else - { - std::string addr = "0.0.0.0"; - std::string netm = "255.255.255.255"; - if (h) addr = h->getText(); - if (nm) netm = nm->getText(); - importer->tmp_group.push_back( - AddressSpec(AddressSpec::NETWORK_ADDRESS, false, - addr, netm)); - } - -#line 2262 "PFCfgParser.cpp" - break; - } - case WORD: - { - match(WORD); -#line 572 "pf.g" - - // This should be an interface name - importer->tmp_group.push_back( - AddressSpec(AddressSpec::INTERFACE_NAME, false, - LT(0)->getText(), "")); - -#line 2275 "PFCfgParser.cpp" break; } case LESS_THAN: @@ -2280,12 +2273,12 @@ void PFCfgParser::host() { tn = LT(1); match(WORD); match(GREATER_THAN); -#line 580 "pf.g" +#line 588 "pf.g" - importer->tmp_group.push_back( - AddressSpec(AddressSpec::TABLE, false, tn->getText(), "")); + as.at = AddressSpec::TABLE; + as.address = tn->getText(); -#line 2289 "PFCfgParser.cpp" +#line 2282 "PFCfgParser.cpp" break; } default: @@ -2294,6 +2287,11 @@ void PFCfgParser::host() { } } } +#line 593 "pf.g" + + importer->tmp_group.push_back(as); + +#line 2295 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -2314,11 +2312,11 @@ void PFCfgParser::host_list() { host(); } else { - goto _loop90; + goto _loop89; } } - _loop90:; + _loop89:; } // ( ... )* match(CLOSING_BRACE); } @@ -2351,11 +2349,11 @@ void PFCfgParser::route_to() { } } } -#line 604 "pf.g" +#line 615 "pf.g" importer->route_type = PFImporter::ROUTE_TO; -#line 2359 "PFCfgParser.cpp" +#line 2357 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -2386,11 +2384,11 @@ void PFCfgParser::reply_to() { } } } -#line 611 "pf.g" +#line 622 "pf.g" importer->route_type = PFImporter::REPLY_TO; -#line 2394 "PFCfgParser.cpp" +#line 2392 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -2404,16 +2402,16 @@ void PFCfgParser::routehost() { ANTLR_USE_NAMESPACE(antlr)RefToken v6 = ANTLR_USE_NAMESPACE(antlr)nullToken; ANTLR_USE_NAMESPACE(antlr)RefToken nm = ANTLR_USE_NAMESPACE(antlr)nullToken; ANTLR_USE_NAMESPACE(antlr)RefToken nm6 = ANTLR_USE_NAMESPACE(antlr)nullToken; -#line 616 "pf.g" +#line 627 "pf.g" RouteSpec rs; -#line 2410 "PFCfgParser.cpp" +#line 2408 "PFCfgParser.cpp" try { // for error handling match(OPENING_PAREN); match(WORD); -#line 618 "pf.g" +#line 629 "pf.g" rs.iface = LT(0)->getText(); -#line 2417 "PFCfgParser.cpp" +#line 2415 "PFCfgParser.cpp" { switch ( LA(1)) { case IPV4: @@ -2471,7 +2469,7 @@ void PFCfgParser::routehost() { } } } -#line 620 "pf.g" +#line 631 "pf.g" if (v6) { @@ -2485,7 +2483,7 @@ void PFCfgParser::routehost() { importer->route_group.push_back(rs); } -#line 2489 "PFCfgParser.cpp" +#line 2487 "PFCfgParser.cpp" match(CLOSING_PAREN); } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -2523,11 +2521,11 @@ void PFCfgParser::routehost_list() { routehost(); } else { - goto _loop103; + goto _loop102; } } - _loop103:; + _loop102:; } // ( ... )* match(CLOSING_BRACE); } @@ -2609,12 +2607,12 @@ void PFCfgParser::tcp_flags() { case ANY: { match(ANY); -#line 677 "pf.g" +#line 688 "pf.g" importer->flags_check = "any"; importer->flags_mask = "all"; -#line 2618 "PFCfgParser.cpp" +#line 2616 "PFCfgParser.cpp" break; } case WORD: @@ -2669,7 +2667,7 @@ void PFCfgParser::tcp_flags() { } } } -#line 683 "pf.g" +#line 694 "pf.g" if (check) importer->flags_check = check->getText(); @@ -2680,7 +2678,7 @@ void PFCfgParser::tcp_flags() { else importer->flags_mask = "all"; -#line 2684 "PFCfgParser.cpp" +#line 2682 "PFCfgParser.cpp" break; } default: @@ -2732,13 +2730,13 @@ void PFCfgParser::icmp6_type() { try { // for error handling match(ICMP6_TYPE); -#line 729 "pf.g" +#line 740 "pf.g" importer->addMessageToLog( QString("Error: ICMP6 import is not supported. ")); consumeUntil(NEWLINE); -#line 2742 "PFCfgParser.cpp" +#line 2740 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -2752,11 +2750,11 @@ void PFCfgParser::tagged() { try { // for error handling match(TAGGED); match(WORD); -#line 738 "pf.g" +#line 749 "pf.g" importer->tagged = LT(0)->getText(); -#line 2760 "PFCfgParser.cpp" +#line 2758 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -2770,11 +2768,11 @@ void PFCfgParser::tag_clause() { try { // for error handling match(TAG); match(WORD); -#line 745 "pf.g" +#line 756 "pf.g" importer->tag = LT(0)->getText(); -#line 2778 "PFCfgParser.cpp" +#line 2776 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -2814,11 +2812,11 @@ void PFCfgParser::state() { } } } -#line 760 "pf.g" +#line 771 "pf.g" importer->state_op = LT(0)->getText(); -#line 2822 "PFCfgParser.cpp" +#line 2820 "PFCfgParser.cpp" match(STATE); } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -2837,36 +2835,36 @@ void PFCfgParser::queue() { case WORD: { match(WORD); -#line 769 "pf.g" +#line 780 "pf.g" importer->queue += LT(0)->getText(); -#line 2843 "PFCfgParser.cpp" +#line 2841 "PFCfgParser.cpp" break; } case OPENING_PAREN: { match(OPENING_PAREN); match(WORD); -#line 772 "pf.g" +#line 783 "pf.g" importer->queue += LT(0)->getText(); -#line 2852 "PFCfgParser.cpp" +#line 2850 "PFCfgParser.cpp" { // ( ... )* for (;;) { if ((LA(1) == COMMA)) { match(COMMA); -#line 774 "pf.g" +#line 785 "pf.g" importer->queue += ","; -#line 2859 "PFCfgParser.cpp" +#line 2857 "PFCfgParser.cpp" match(WORD); -#line 775 "pf.g" +#line 786 "pf.g" importer->queue += LT(0)->getText(); -#line 2863 "PFCfgParser.cpp" +#line 2861 "PFCfgParser.cpp" } else { - goto _loop131; + goto _loop130; } } - _loop131:; + _loop130:; } // ( ... )* match(CLOSING_PAREN); break; @@ -2899,9 +2897,9 @@ void PFCfgParser::label() { void PFCfgParser::icmp_type_code() { Tracer traceInOut(this, "icmp_type_code"); -#line 705 "pf.g" +#line 716 "pf.g" std::string icmp_type, icmp_code; -#line 2905 "PFCfgParser.cpp" +#line 2903 "PFCfgParser.cpp" try { // for error handling { @@ -2922,9 +2920,9 @@ void PFCfgParser::icmp_type_code() { } } } -#line 706 "pf.g" +#line 717 "pf.g" icmp_type = LT(0)->getText(); -#line 2928 "PFCfgParser.cpp" +#line 2926 "PFCfgParser.cpp" { switch ( LA(1)) { case ICMP_CODE: @@ -2948,9 +2946,9 @@ void PFCfgParser::icmp_type_code() { } } } -#line 708 "pf.g" +#line 719 "pf.g" icmp_code = LT(0)->getText(); -#line 2954 "PFCfgParser.cpp" +#line 2952 "PFCfgParser.cpp" break; } case NEWLINE: @@ -2978,12 +2976,12 @@ void PFCfgParser::icmp_type_code() { } } } -#line 710 "pf.g" +#line 721 "pf.g" importer->icmp_type_code_group.push_back( str_tuple(icmp_type, icmp_code)); -#line 2987 "PFCfgParser.cpp" +#line 2985 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -3021,11 +3019,11 @@ void PFCfgParser::icmp_list() { icmp_type_code(); } else { - goto _loop122; + goto _loop121; } } - _loop122:; + _loop121:; } // ( ... )* match(CLOSING_BRACE); } @@ -3037,9 +3035,9 @@ void PFCfgParser::icmp_list() { void PFCfgParser::port_op() { Tracer traceInOut(this, "port_op"); -#line 829 "pf.g" +#line 840 "pf.g" PortSpec ps; -#line 3043 "PFCfgParser.cpp" +#line 3041 "PFCfgParser.cpp" try { // for error handling { @@ -3050,39 +3048,39 @@ void PFCfgParser::port_op() { case EXLAMATION: { unary_port_op(); -#line 831 "pf.g" +#line 842 "pf.g" ps.port_op = importer->tmp_port_op; -#line 3056 "PFCfgParser.cpp" +#line 3054 "PFCfgParser.cpp" port_def(); -#line 833 "pf.g" +#line 844 "pf.g" ps.port1 = importer->tmp_port_def; ps.port2 = importer->tmp_port_def; -#line 3063 "PFCfgParser.cpp" +#line 3061 "PFCfgParser.cpp" break; } case WORD: case INT_CONST: { port_def(); -#line 839 "pf.g" +#line 850 "pf.g" ps.port1 = importer->tmp_port_def; ps.port2 = ps.port1; ps.port_op = "="; -#line 3076 "PFCfgParser.cpp" +#line 3074 "PFCfgParser.cpp" { if ((LA(1) == LESS_THAN || LA(1) == GREATER_THAN || LA(1) == COLON) && (_tokenSet_27.member(LA(2)))) { binary_port_op(); -#line 845 "pf.g" +#line 856 "pf.g" ps.port_op = importer->tmp_port_op; -#line 3082 "PFCfgParser.cpp" +#line 3080 "PFCfgParser.cpp" port_def(); -#line 846 "pf.g" +#line 857 "pf.g" ps.port2 = LT(0)->getText(); -#line 3086 "PFCfgParser.cpp" +#line 3084 "PFCfgParser.cpp" } else if ((_tokenSet_28.member(LA(1))) && (_tokenSet_29.member(LA(2)))) { } @@ -3099,11 +3097,11 @@ void PFCfgParser::port_op() { } } } -#line 849 "pf.g" +#line 860 "pf.g" importer->tmp_port_group.push_back(ps); -#line 3107 "PFCfgParser.cpp" +#line 3105 "PFCfgParser.cpp" } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { reportError(ex); @@ -3145,11 +3143,11 @@ void PFCfgParser::port_op_list() { port_op(); } else { - goto _loop148; + goto _loop147; } } - _loop148:; + _loop147:; } // ( ... )* match(CLOSING_BRACE); } @@ -3168,46 +3166,46 @@ void PFCfgParser::unary_port_op() { case EQUAL: { match(EQUAL); -#line 805 "pf.g" +#line 816 "pf.g" importer->tmp_port_op = "="; -#line 3174 "PFCfgParser.cpp" +#line 3172 "PFCfgParser.cpp" break; } case EXLAMATION: { match(EXLAMATION); match(EQUAL); -#line 807 "pf.g" +#line 818 "pf.g" importer->tmp_port_op = "!="; -#line 3183 "PFCfgParser.cpp" +#line 3181 "PFCfgParser.cpp" break; } default: if ((LA(1) == LESS_THAN) && (LA(2) == WORD || LA(2) == INT_CONST)) { match(LESS_THAN); -#line 809 "pf.g" +#line 820 "pf.g" importer->tmp_port_op = "<"; -#line 3191 "PFCfgParser.cpp" +#line 3189 "PFCfgParser.cpp" } else if ((LA(1) == LESS_THAN) && (LA(2) == EQUAL)) { match(LESS_THAN); match(EQUAL); -#line 811 "pf.g" +#line 822 "pf.g" importer->tmp_port_op = "<="; -#line 3198 "PFCfgParser.cpp" +#line 3196 "PFCfgParser.cpp" } else if ((LA(1) == GREATER_THAN) && (LA(2) == WORD || LA(2) == INT_CONST)) { match(GREATER_THAN); -#line 813 "pf.g" +#line 824 "pf.g" importer->tmp_port_op = ">"; -#line 3204 "PFCfgParser.cpp" +#line 3202 "PFCfgParser.cpp" } else if ((LA(1) == GREATER_THAN) && (LA(2) == EQUAL)) { match(GREATER_THAN); match(EQUAL); -#line 815 "pf.g" +#line 826 "pf.g" importer->tmp_port_op = ">="; -#line 3211 "PFCfgParser.cpp" +#line 3209 "PFCfgParser.cpp" } else { throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); @@ -3231,26 +3229,26 @@ void PFCfgParser::binary_port_op() { { match(LESS_THAN); match(GREATER_THAN); -#line 821 "pf.g" +#line 832 "pf.g" importer->tmp_port_op = "<>"; -#line 3237 "PFCfgParser.cpp" +#line 3235 "PFCfgParser.cpp" break; } case GREATER_THAN: { match(GREATER_THAN); match(LESS_THAN); -#line 823 "pf.g" +#line 834 "pf.g" importer->tmp_port_op = "><"; -#line 3246 "PFCfgParser.cpp" +#line 3244 "PFCfgParser.cpp" break; } case COLON: { match(COLON); -#line 825 "pf.g" +#line 836 "pf.g" importer->tmp_port_op = ":"; -#line 3254 "PFCfgParser.cpp" +#line 3252 "PFCfgParser.cpp" break; } default: @@ -3279,11 +3277,11 @@ void PFCfgParser::port_def() { case INT_CONST: { match(INT_CONST); -#line 856 "pf.g" +#line 867 "pf.g" importer->tmp_port_def = LT(0)->getText(); -#line 3287 "PFCfgParser.cpp" +#line 3285 "PFCfgParser.cpp" break; } default: diff --git a/src/parsers/PFCfgParser.hpp b/src/parsers/PFCfgParser.hpp index 5b6aca760..a3ac5a9f6 100644 --- a/src/parsers/PFCfgParser.hpp +++ b/src/parsers/PFCfgParser.hpp @@ -9,7 +9,7 @@ #line 11 "PFCfgParser.hpp" #include -/* $ANTLR 2.7.7 (20090306): "pf.g" -> "PFCfgParser.hpp"$ */ +/* $ANTLR 2.7.7 (20100319): "pf.g" -> "PFCfgParser.hpp"$ */ #include #include #include "PFCfgParserTokenTypes.hpp" diff --git a/src/parsers/PFCfgParserTokenTypes.hpp b/src/parsers/PFCfgParserTokenTypes.hpp index d94fb5eac..16d857454 100644 --- a/src/parsers/PFCfgParserTokenTypes.hpp +++ b/src/parsers/PFCfgParserTokenTypes.hpp @@ -1,7 +1,7 @@ #ifndef INC_PFCfgParserTokenTypes_hpp_ #define INC_PFCfgParserTokenTypes_hpp_ -/* $ANTLR 2.7.7 (20090306): "pf.g" -> "PFCfgParserTokenTypes.hpp"$ */ +/* $ANTLR 2.7.7 (20100319): "pf.g" -> "PFCfgParserTokenTypes.hpp"$ */ #ifndef CUSTOM_API # define CUSTOM_API diff --git a/src/parsers/PFCfgParserTokenTypes.txt b/src/parsers/PFCfgParserTokenTypes.txt index 827205a38..df88656b6 100644 --- a/src/parsers/PFCfgParserTokenTypes.txt +++ b/src/parsers/PFCfgParserTokenTypes.txt @@ -1,4 +1,4 @@ -// $ANTLR 2.7.7 (20090306): pf.g -> PFCfgParserTokenTypes.txt$ +// $ANTLR 2.7.7 (20100319): pf.g -> PFCfgParserTokenTypes.txt$ PFCfgParser // output token vocab name NEWLINE=4 LINE_COMMENT=5 diff --git a/src/parsers/pf.g b/src/parsers/pf.g index 85ec8f114..eee2d6de8 100644 --- a/src/parsers/pf.g +++ b/src/parsers/pf.g @@ -228,7 +228,8 @@ table_command : ( FILE file:STRING { - importer->newAddressTableObject(name->getText(), file->getText()); + importer->newAddressTableObject( + name->getText(), file->getText()); } | OPENING_BRACE @@ -239,7 +240,8 @@ table_command : )* CLOSING_BRACE { - importer->newAddressTableObject(name->getText(), importer->tmp_group); + importer->newAddressTableObject( + name->getText(), importer->tmp_group); } ) ; @@ -247,9 +249,17 @@ table_command : tableaddr_spec { AddressSpec as; } : ( EXLAMATION { as.neg = true; } )? ( - WORD { as.at = AddressSpec::INTERFACE_NAME; as.address = LT(0)->getText(); } + WORD + { + as.at = AddressSpec::INTERFACE_NAME; + as.address = LT(0)->getText(); + } | - SELF { as.at = AddressSpec::SPECIAL_ADDRESS; as.address = "self"; } + SELF + { + as.at = AddressSpec::SPECIAL_ADDRESS; + as.address = "self"; + } | IPV4 { @@ -523,12 +533,6 @@ common_hosts_part : importer->tmp_group.push_back( AddressSpec(AddressSpec::ANY, false, "0.0.0.0", "0.0.0.0")); } - | - SELF - { - importer->tmp_group.push_back( - AddressSpec(AddressSpec::SPECIAL_ADDRESS, false, "self", "")); - } | NO_ROUTE { @@ -541,47 +545,54 @@ common_hosts_part : host_list ; -host : +host { AddressSpec as; } : + ( EXLAMATION { as.neg = true; } )? ( - EXLAMATION - { - importer->tmp_neg = true; - } - )? - ( - (h:IPV4 | v6:IPV6) (SLASH (nm:IPV4 | nm6:INT_CONST))? - { - if (v6) - { - importer->addMessageToLog( - QString("Error: IPv6 import is not supported. ")); - consumeUntil(NEWLINE); - } else - { - std::string addr = "0.0.0.0"; - std::string netm = "255.255.255.255"; - if (h) addr = h->getText(); - if (nm) netm = nm->getText(); - importer->tmp_group.push_back( - AddressSpec(AddressSpec::NETWORK_ADDRESS, false, - addr, netm)); - } - } - | WORD { - // This should be an interface name - importer->tmp_group.push_back( - AddressSpec(AddressSpec::INTERFACE_NAME, false, - LT(0)->getText(), "")); + // interface name or domain/host name + as.at = AddressSpec::INTERFACE_NAME; + as.address = LT(0)->getText(); } + | + SELF + { + as.at = AddressSpec::SPECIAL_ADDRESS; + as.address = "self"; + } + | + IPV6 + { + importer->addMessageToLog( + QString("Error: IPv6 import is not supported. ")); + consumeUntil(NEWLINE); + } + | + IPV4 + { + as.at = AddressSpec::HOST_ADDRESS; + as.address = LT(0)->getText(); + } + ( + SLASH + { + as.at = AddressSpec::NETWORK_ADDRESS; + } + ( IPV4 | INT_CONST ) + { + as.netmask = LT(0)->getText(); + } + )? | LESS_THAN tn:WORD GREATER_THAN { - importer->tmp_group.push_back( - AddressSpec(AddressSpec::TABLE, false, tn->getText(), "")); + as.at = AddressSpec::TABLE; + as.address = tn->getText(); } ) + { + importer->tmp_group.push_back(as); + } ; host_list : diff --git a/test/pf/pf_cluster_4_rc.conf.local b/test/pf/pf_cluster_4_rc.conf.local index 7885d0da5..2be73ee54 100755 --- a/test/pf/pf_cluster_4_rc.conf.local +++ b/test/pf/pf_cluster_4_rc.conf.local @@ -1,9 +1,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3542 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Sat May 14 15:46:00 2011 PDT by vadim +# Generated Thu May 26 12:05:36 2011 PDT by vadim # # files: * pf_cluster_4_rc.conf.local /etc/pf_cluster_4_rc.conf.local # files: pf_cluster_4_pf.conf /etc/pf_cluster_4_pf.conf From a544492ced75acdcba7657d93e0b94dca5cf7686 Mon Sep 17 00:00:00 2001 From: Vadim Kurland Date: Thu, 26 May 2011 14:13:26 -0700 Subject: [PATCH 09/10] see #2434 "PF compiler should use 'self' keyword where appropriate". Compiler for PF now uses keyword 'self' in rules where firewall object is used in Source or Destination. --- doc/ChangeLog | 12 ++++ .../src/fwbuilder/ObjectMatcher.cpp | 29 ++++++++- src/libfwbuilder/src/fwcompiler/Compiler.cpp | 60 +++++++++++++++++-- src/libfwbuilder/src/fwcompiler/Compiler.h | 17 +++++- .../src/fwcompiler/PolicyCompiler.h | 21 +++++++ src/pflib/PolicyCompiler_pf.cpp | 17 ++++++ src/pflib/PolicyCompiler_pf_writers.cpp | 4 +- test/pf/firewall-base-rulesets.fw.orig | 6 +- test/pf/firewall-ipv6-1.conf.orig | 8 +-- test/pf/firewall-ipv6-1.fw.orig | 6 +- test/pf/firewall-ipv6-2.conf.orig | 14 ++--- test/pf/firewall-ipv6-2.fw.orig | 6 +- test/pf/firewall-ipv6-3.fw.orig | 4 +- test/pf/firewall.conf.orig | 10 ++-- test/pf/firewall.fw.orig | 6 +- test/pf/firewall1.conf.orig | 11 ++-- test/pf/firewall1.fw.orig | 6 +- test/pf/firewall10-1.conf.orig | 2 +- test/pf/firewall10-1.fw.orig | 6 +- test/pf/firewall10-2.conf.orig | 2 +- test/pf/firewall10-2.fw.orig | 6 +- test/pf/firewall10-3.conf.orig | 2 +- test/pf/firewall10-3.fw.orig | 6 +- test/pf/firewall10-4.conf.orig | 2 +- test/pf/firewall10-4.fw.orig | 6 +- test/pf/firewall10-5.conf.orig | 2 +- test/pf/firewall10-5.fw.orig | 6 +- test/pf/firewall10-6.conf.orig | 2 +- test/pf/firewall10-6.fw.orig | 6 +- test/pf/firewall100.conf.orig | 6 +- test/pf/firewall100.fw.orig | 6 +- test/pf/firewall101.conf.orig | 6 +- test/pf/firewall101.fw.orig | 6 +- test/pf/firewall102.conf.orig | 6 +- test/pf/firewall102.fw.orig | 4 +- test/pf/firewall103-1.conf.orig | 6 +- test/pf/firewall103-1.fw.orig | 6 +- test/pf/firewall103-2.conf.orig | 6 +- test/pf/firewall103-2.fw.orig | 6 +- test/pf/firewall103.conf.orig | 6 +- test/pf/firewall103.fw.orig | 6 +- test/pf/firewall104-1.conf.orig | 6 +- test/pf/firewall104-1.fw.orig | 6 +- test/pf/firewall104.conf.orig | 6 +- test/pf/firewall104.fw.orig | 6 +- test/pf/firewall105.conf.orig | 6 +- test/pf/firewall105.fw.orig | 4 +- test/pf/firewall106.conf.orig | 6 +- test/pf/firewall106.fw.orig | 4 +- test/pf/firewall107.conf.orig | 6 +- test/pf/firewall107.fw.orig | 6 +- test/pf/firewall108.conf.orig | 6 +- test/pf/firewall108.fw.orig | 4 +- test/pf/firewall109-1.conf.orig | 6 +- test/pf/firewall109-1.fw.orig | 4 +- test/pf/firewall109-2.conf.orig | 6 +- test/pf/firewall109-2.fw.orig | 6 +- test/pf/firewall109-3.conf.orig | 6 +- test/pf/firewall109-3.fw.orig | 4 +- test/pf/firewall109.conf.orig | 6 +- test/pf/firewall109.fw.orig | 6 +- test/pf/firewall11.conf.orig | 7 +-- test/pf/firewall11.fw.orig | 6 +- test/pf/firewall110.fw.orig | 6 +- test/pf/firewall111.fw.orig | 6 +- test/pf/firewall12.fw.orig | 6 +- test/pf/firewall13.fw.orig | 6 +- test/pf/firewall14-1.conf.orig | 6 +- test/pf/firewall14-1.fw.orig | 6 +- test/pf/firewall14.conf.orig | 6 +- test/pf/firewall14.fw.orig | 6 +- test/pf/firewall2-1.conf.orig | 5 +- test/pf/firewall2-1.fw.orig | 6 +- test/pf/firewall2-6.fw.orig | 6 +- test/pf/firewall2.conf.orig | 17 +++--- test/pf/firewall2.fw.orig | 6 +- test/pf/firewall20.fw.orig | 6 +- test/pf/firewall21.fw.orig | 6 +- test/pf/firewall22.fw.orig | 6 +- test/pf/firewall3.conf.orig | 6 +- test/pf/firewall3.fw.orig | 6 +- test/pf/firewall33.conf.orig | 2 +- test/pf/firewall33.fw.orig | 6 +- test/pf/firewall34.fw.orig | 6 +- test/pf/firewall38.fw.orig | 6 +- test/pf/firewall39-rule2_branch.conf.orig | 6 +- test/pf/firewall39.fw.orig | 6 +- test/pf/firewall4.conf.orig | 6 +- test/pf/firewall4.fw.orig | 6 +- test/pf/firewall40-1.fw.orig | 6 +- test/pf/firewall40.conf.orig | 6 +- test/pf/firewall40.fw.orig | 6 +- test/pf/firewall41.conf.orig | 15 +++-- test/pf/firewall41.fw.orig | 6 +- test/pf/firewall5.fw.orig | 6 +- test/pf/firewall51.fw.orig | 6 +- test/pf/firewall6.conf.orig | 8 +-- test/pf/firewall6.fw.orig | 6 +- test/pf/firewall62.conf.orig | 28 ++++----- test/pf/firewall62.fw.orig | 6 +- test/pf/firewall63.fw.orig | 6 +- test/pf/firewall7.fw.orig | 6 +- test/pf/firewall70.conf.orig | 16 ++--- test/pf/firewall70.fw.orig | 6 +- test/pf/firewall8.fw.orig | 6 +- test/pf/firewall80-4.5.fw.orig | 6 +- test/pf/firewall80.fw.orig | 6 +- test/pf/firewall9.fw.orig | 6 +- test/pf/firewall91.conf.orig | 6 +- test/pf/firewall91.fw.orig | 6 +- test/pf/firewall92.conf.orig | 8 +-- test/pf/firewall92.fw.orig | 6 +- test/pf/objects-for-regression-tests.fwb | 10 +++- test/pf/pf_cluster_1_openbsd-1.fw.orig | 6 +- test/pf/pf_cluster_1_openbsd-2.fw.orig | 6 +- test/pf/pf_cluster_2_freebsd-1.fw.orig | 6 +- test/pf/pf_cluster_2_freebsd-2.fw.orig | 6 +- test/pf/pf_cluster_3_openbsd-3.fw.orig | 6 +- test/pf/pf_cluster_3_openbsd-4.fw.orig | 6 +- test/pf/pf_cluster_4_rc.conf.local | 2 +- test/pf/pf_cluster_5_openbsd-3.fw.orig | 6 +- test/pf/pf_cluster_5_openbsd-4.fw.orig | 6 +- 122 files changed, 458 insertions(+), 425 deletions(-) diff --git a/doc/ChangeLog b/doc/ChangeLog index eb2a9a7d8..b32a29a6c 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,3 +1,15 @@ +2011-05-26 Vadim Kurland + + * PolicyCompiler_pf.cpp (compile): see #2434 "PF compiler should + use 'self' keyword where appropriate". Compiler for PF now uses + keyword 'self' in rules where firewall object is used in Source + or Destination. + + * fwcompiler/Compiler.cpp (processNext): added rule processor to + replace firewall object with special run-time object "self" in + Source and Destination rule elements. This rule processor can + be used in policy compilers for any platform. + 2011-05-17 vadim * FWObjectDatabase_tree_ops.cpp (merge): see #2420 "Crash when diff --git a/src/libfwbuilder/src/fwbuilder/ObjectMatcher.cpp b/src/libfwbuilder/src/fwbuilder/ObjectMatcher.cpp index f36fbeb1a..1908e1dd5 100644 --- a/src/libfwbuilder/src/fwbuilder/ObjectMatcher.cpp +++ b/src/libfwbuilder/src/fwbuilder/ObjectMatcher.cpp @@ -92,7 +92,7 @@ bool ObjectMatcher::complexMatch(Address *obj1, Address *obj2) int cluster_id = obj2->getInt("parent_cluster_id"); if (obj1->getId() == cluster_id) return true; } - + void* res = obj1->dispatch(this, obj2); return (res != NULL); } @@ -411,8 +411,18 @@ void* ObjectMatcher::dispatch(AddressRange *obj1, void *_obj2) return NULL; } -void* ObjectMatcher::dispatch(MultiAddressRunTime*, void*) +/* + * Special case: run-time DNSName object with source name "self" + * matches firewall. + */ +void* ObjectMatcher::dispatch(MultiAddressRunTime *obj1, void *_obj2) { + FWObject *obj2 = (FWObject*)(_obj2); + + if (obj1->getSubstitutionTypeName() == DNSName::TYPENAME && + obj1->getSourceName() == "self" && Firewall::isA(obj2)) + return obj1; + return NULL; // never matches in this implementation } @@ -433,13 +443,26 @@ void* ObjectMatcher::dispatch(Firewall *obj1, void *_obj2) { FWObject *obj2 = (FWObject*)(_obj2); if (obj1->getId() == obj2->getId()) return obj1; + +/* + * Special case: run-time DNSName object with source name "self" + * matches firewall. + */ + MultiAddressRunTime *mart = MultiAddressRunTime::cast(obj2); + if (mart) + { + if (mart->getSubstitutionTypeName() == DNSName::TYPENAME && + mart->getSourceName() == "self") + return obj1; + } + /* * match only if all interfaces of obj1 match obj2 */ bool res = true; list l = obj1->getByTypeDeep(Interface::TYPENAME); for (list::iterator it = l.begin(); it!=l.end(); ++it) - res &= checkComplexMatchForSingleAddress(Interface::cast(*it), obj2); + res &= checkComplexMatchForSingleAddress(Interface::cast(*it), obj2); return res ? obj1 : NULL; } diff --git a/src/libfwbuilder/src/fwcompiler/Compiler.cpp b/src/libfwbuilder/src/fwcompiler/Compiler.cpp index 79eae9574..814b9bff3 100644 --- a/src/libfwbuilder/src/fwcompiler/Compiler.cpp +++ b/src/libfwbuilder/src/fwcompiler/Compiler.cpp @@ -519,8 +519,16 @@ void Compiler::_expand_interface(Rule *rule, } } -bool compare_addresses(Address *a1, Address *a2) +bool compare_addresses(FWObject *o1, FWObject *o2) { + Address *a1 = Address::cast(o1); + Address *a2 = Address::cast(o2); + if (a1 == NULL || a2 == NULL) + { + // one or both could be MultiAddress objects (e.g. DNSName) + return o1->getName() < o2->getName(); + } + const InetAddr *addr1 = a1->getAddressPtr(); const InetAddr *addr2 = a2->getAddressPtr(); if (addr1 == NULL) return true; @@ -541,18 +549,18 @@ void Compiler::_expand_addr(Rule *rule, FWObject *s, list cl; _expand_addr_recursive(rule, s, cl, expand_cluster_interfaces_fully); - list expanded_addresses; + list expanded_addresses; for (FWObject::iterator i=cl.begin(); i!=cl.end(); ++i) { - expanded_addresses.push_back(Address::cast(*i)); + expanded_addresses.push_back(*i); } expanded_addresses.sort(compare_addresses); s->clearChildren(); - for (list::iterator i1=expanded_addresses.begin(); - i1!=expanded_addresses.end(); ++i1) + for (list::iterator i1=expanded_addresses.begin(); + i1!=expanded_addresses.end(); ++i1) { s->addRef( *i1 ); } @@ -860,6 +868,48 @@ bool Compiler::splitIfRuleElementMatchesFW::processNext() return true; } +/* + * This rule processor replaces firewall object in given rule element + * with run-time DNSName object with name "self" and source name (A + * record) set to "self". This is a trick in that when compliers see + * objects like that in a rule, they just put source name in the + * generated code verbatim. This is useful for firewall platforms that + * support keyword "self" (e.g. PF). + * + * Always call this RE after splitIfFirewallInSrc or splitIfFirewallInDst + */ +bool Compiler::ReplaceFirewallObjectWithSelfInRE::processNext() +{ + Rule *rule = prev_processor->getNextRule(); + if (rule==NULL) return false; + RuleElement *re = RuleElement::cast(rule->getFirstByType(re_type)); + + for (list::iterator i1=re->begin(); i1!=re->end(); ++i1) + { + FWObject *obj = FWReference::getObject(*i1); + if (obj == compiler->fw) + { + DNSName *self = DNSName::cast( + compiler->persistent_objects->findObjectByName( + DNSName::TYPENAME, "self")); + if (self == NULL) + { + self = compiler->dbcopy->createDNSName(); + self->setName("self"); + self->setRunTime(true); + self->setSourceName("self"); + compiler->persistent_objects->add(self, false); + } + + re->addRef(self); + re->removeRef(compiler->fw); + break; + } + } + + tmp_queue.push_back(rule); + return true; +} bool Compiler::equalObj::operator()(FWObject *o) { diff --git a/src/libfwbuilder/src/fwcompiler/Compiler.h b/src/libfwbuilder/src/fwcompiler/Compiler.h index 395b8a738..08f5b0565 100644 --- a/src/libfwbuilder/src/fwcompiler/Compiler.h +++ b/src/libfwbuilder/src/fwcompiler/Compiler.h @@ -828,9 +828,20 @@ public: virtual bool processNext(); }; - - - + /** + * This rule processor replaces firewall object with + * DNSName object "self" configured as run-time with source + * name "self". + */ + class ReplaceFirewallObjectWithSelfInRE : public BasicRuleProcessor + { + std::string re_type; + public: + ReplaceFirewallObjectWithSelfInRE(const std::string &n, + std::string _type) : + BasicRuleProcessor(n) { re_type=_type; } + virtual bool processNext(); + }; /** * prints rule in some universal format (close to that visible diff --git a/src/libfwbuilder/src/fwcompiler/PolicyCompiler.h b/src/libfwbuilder/src/fwcompiler/PolicyCompiler.h index f4ccf3807..310ba1d11 100644 --- a/src/libfwbuilder/src/fwcompiler/PolicyCompiler.h +++ b/src/libfwbuilder/src/fwcompiler/PolicyCompiler.h @@ -187,6 +187,27 @@ namespace fwcompiler { expandMultipleAddressesInRE(n,libfwbuilder::RuleElementDst::TYPENAME) {} }; + + + + class ReplaceFirewallObjectWithSelfInSrc : public Compiler::ReplaceFirewallObjectWithSelfInRE + { + public: + ReplaceFirewallObjectWithSelfInSrc(const std::string &n) : + ReplaceFirewallObjectWithSelfInRE( + n, libfwbuilder::RuleElementSrc::TYPENAME) {} + }; + + class ReplaceFirewallObjectWithSelfInDst : public Compiler::ReplaceFirewallObjectWithSelfInRE + { + public: + ReplaceFirewallObjectWithSelfInDst(const std::string &n) : + ReplaceFirewallObjectWithSelfInRE( + n, libfwbuilder::RuleElementDst::TYPENAME) {} + }; + + + /** * processes rules with negation in Itf */ diff --git a/src/pflib/PolicyCompiler_pf.cpp b/src/pflib/PolicyCompiler_pf.cpp index 82c29c667..198ee062f 100644 --- a/src/pflib/PolicyCompiler_pf.cpp +++ b/src/pflib/PolicyCompiler_pf.cpp @@ -29,6 +29,7 @@ #include "NATCompiler_pf.h" #include "fwbuilder/AddressTable.h" +#include "fwbuilder/DNSName.h" #include "fwbuilder/FWObjectDatabase.h" #include "fwbuilder/FailoverClusterGroup.h" #include "fwbuilder/Firewall.h" @@ -655,6 +656,8 @@ bool PolicyCompiler_pf::addLoopbackForRedirect::processNext() for (FWObject::iterator j=dst->begin(); j!=dst->end(); j++) { FWObject *o2 = FWReference::getObject(*j); + if (o2->getName() == "self" && DNSName::isA(o2)) continue; + Address *a = Address::cast( o2 ); assert(a); @@ -937,7 +940,20 @@ void PolicyCompiler_pf::compile() // "process interface policy rules and store interface ids")); add(new splitIfFirewallInSrc("split rule if firewall is in Src")); + add(new ReplaceFirewallObjectWithSelfInSrc( + "Replace firewall object with 'self' in Src")); + add(new splitIfFirewallInDst("split rule if firewall is in Dst")); + add(new ReplaceFirewallObjectWithSelfInDst( + "Replace firewall object with 'self' in Dst")); + + // call these again since "self" is a MultiAddress object + add( new swapMultiAddressObjectsInSrc( + " swap MultiAddress -> MultiAddressRunTime in Src")); + add( new swapMultiAddressObjectsInDst( + " swap MultiAddress -> MultiAddressRunTime in Dst")); + + add(new fillDirection("determine directions")); // commented out for bug #2828602 @@ -949,6 +965,7 @@ void PolicyCompiler_pf::compile() "add loopback to rules that permit redirected services")); add(new ExpandMultipleAddresses( "expand objects with multiple addresses")); + add(new dropRuleWithEmptyRE("drop rules with empty rule elements")); add(new checkForDynamicInterfacesOfOtherObjects( "check for dynamic interfaces of other hosts and firewalls")); diff --git a/src/pflib/PolicyCompiler_pf_writers.cpp b/src/pflib/PolicyCompiler_pf_writers.cpp index 2c0ef5c6a..cfd344f1a 100644 --- a/src/pflib/PolicyCompiler_pf_writers.cpp +++ b/src/pflib/PolicyCompiler_pf_writers.cpp @@ -758,7 +758,7 @@ string PolicyCompiler_pf::PrintRule::_printTCPFlags(libfwbuilder::TCPService *sr return str; } -void PolicyCompiler_pf::PrintRule::_printAddr(Address *o,bool ) +void PolicyCompiler_pf::PrintRule::_printAddr(Address *o, bool ) { MultiAddressRunTime *atrt = MultiAddressRunTime::cast(o); if (atrt!=NULL) @@ -880,7 +880,7 @@ void PolicyCompiler_pf::PrintRule::_printDstAddr(RuleElement *rel) FWReference *oref = FWReference::cast(o); if (o && oref!=NULL) o=oref->getPointer(); - Address *dst= Address::cast(o); + Address *dst = Address::cast(o); _printNegation(rel); diff --git a/test/pf/firewall-base-rulesets.fw.orig b/test/pf/firewall-base-rulesets.fw.orig index fa1a7ee2e..af4a49b6f 100755 --- a/test/pf/firewall-base-rulesets.fw.orig +++ b/test/pf/firewall-base-rulesets.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:33 2011 PDT by vadim +# Generated Thu May 26 14:09:41 2011 PDT by vadim # # files: * firewall-base-rulesets.fw /etc/fw/firewall-base-rulesets.fw # files: firewall-base-rulesets.conf /etc/fw/firewall-base-rulesets.conf @@ -169,7 +169,7 @@ configure_interfaces() { update_addresses_of_interface "en2 192.168.100.1/0xffffff00" "" } -log "Activating firewall script generated Tue May 10 14:53:33 2011 by vadim" +log "Activating firewall script generated Thu May 26 14:09:41 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall-ipv6-1.conf.orig b/test/pf/firewall-ipv6-1.conf.orig index 5fe45b730..334aaa42e 100644 --- a/test/pf/firewall-ipv6-1.conf.orig +++ b/test/pf/firewall-ipv6-1.conf.orig @@ -46,7 +46,7 @@ pass quick inet6 proto tcp from 2001:5c0:0:2::24 to fe80::21d:9ff:fe8b:8e94 p # firewall-ipv6-1:Policy:3: error: Rule '3 (global)' shadows rule '7 (global)' below it # firewall-ipv6-1:Policy:3: warning: Changing rule direction due to self reference -pass in log quick inet6 proto tcp from 3ffe:1200:2001:1:8000::1 to fe80::21d:9ff:fe8b:8e94 port 22 keep state label "RULE 3 -- ACCEPT " +pass in log quick inet6 proto tcp from 3ffe:1200:2001:1:8000::1 to self port 22 keep state label "RULE 3 -- ACCEPT " # # Rule 4 (global) # firewall-ipv6-1:Policy:4: error: Rule '4 (global)' shadows rule '6 (global)' below it @@ -59,15 +59,15 @@ pass log quick inet6 proto tcp from to fe80::21d:9ff:fe8b:8e94 po # Rule 6 (global) # firewall-ipv6-1:Policy:6: warning: Changing rule direction due to self reference -pass in log quick inet6 proto tcp from to fe80::21d:9ff:fe8b:8e94 port 22 keep state label "RULE 6 -- ACCEPT " +pass in log quick inet6 proto tcp from to self port 22 keep state label "RULE 6 -- ACCEPT " # # Rule 7 (global) # firewall-ipv6-1:Policy:7: warning: Changing rule direction due to self reference -pass in log quick inet6 proto tcp from to fe80::21d:9ff:fe8b:8e94 port 22 keep state label "RULE 7 -- ACCEPT " +pass in log quick inet6 proto tcp from to self port 22 keep state label "RULE 7 -- ACCEPT " # # Rule 8 (global) -pass in log quick inet6 from any to fe80::21d:9ff:fe8b:8e94 keep state label "RULE 8 -- ACCEPT " +pass in log quick inet6 from any to self keep state label "RULE 8 -- ACCEPT " # # Rule 9 (global) pass log quick inet6 from fe80::/64 to any keep state label "RULE 9 -- ACCEPT " diff --git a/test/pf/firewall-ipv6-1.fw.orig b/test/pf/firewall-ipv6-1.fw.orig index ffc83e805..94d2811ce 100755 --- a/test/pf/firewall-ipv6-1.fw.orig +++ b/test/pf/firewall-ipv6-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:33 2011 PDT by vadim +# Generated Thu May 26 14:09:41 2011 PDT by vadim # # files: * firewall-ipv6-1.fw pf-ipv6.fw # files: firewall-ipv6-1.conf /etc/fw/pf-ipv6.conf @@ -181,7 +181,7 @@ configure_interfaces() { update_addresses_of_interface "lo ::1/128 127.0.0.1/0xff000000" "" } -log "Activating firewall script generated Tue May 10 14:53:33 2011 by vadim" +log "Activating firewall script generated Thu May 26 14:09:41 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall-ipv6-2.conf.orig b/test/pf/firewall-ipv6-2.conf.orig index abf894394..b1db3ca87 100644 --- a/test/pf/firewall-ipv6-2.conf.orig +++ b/test/pf/firewall-ipv6-2.conf.orig @@ -5,7 +5,7 @@ # Tables: (5) table { 222.222.222.22 , 222.222.222.23 } table { 2001:5c0:0:2::24 , 3ffe:1200:2000::/36 , 3ffe:1200:2001:1:8000::1 } -table { 61.150.47.112 , 64.233.183.99 , 64.233.183.103 , 64.233.183.104 , 64.233.183.105 , 64.233.183.106 , 64.233.183.147 , 192.168.1.0 } +table { 61.150.47.112 , 74.125.224.112 , 74.125.224.113 , 74.125.224.114 , 74.125.224.115 , 74.125.224.116 , 192.168.1.0 } table { 2001:5c0:0:2::24 , 3ffe:1200:2001:1:8000::1 } table { 61.150.47.112 , 192.168.1.0 } @@ -28,10 +28,10 @@ pass log quick inet proto tcp from to 1.1.1.1 port 22 keep state # Rule 7 (global) # firewall-ipv6-2:Policy:7: warning: Changing rule direction due to self reference -pass in log quick inet proto tcp from to 1.1.1.1 port 22 keep state label "RULE 7 -- ACCEPT " +pass in log quick inet proto tcp from to self port 22 keep state label "RULE 7 -- ACCEPT " # # Rule 8 (global) -pass in log quick inet from any to 1.1.1.1 keep state label "RULE 8 -- ACCEPT " +pass in log quick inet from any to self keep state label "RULE 8 -- ACCEPT " # # Rule 11 (global) pass log quick inet from to any keep state label "RULE 11 -- ACCEPT " @@ -83,7 +83,7 @@ pass quick inet6 proto tcp from 2001:5c0:0:2::24 to fe80::21d:9ff:fe8b:8e94 p # firewall-ipv6-2:Policy:3: error: Rule '3 (global)' shadows rule '7 (global)' below it # firewall-ipv6-2:Policy:3: warning: Changing rule direction due to self reference -pass in log quick inet6 proto tcp from 3ffe:1200:2001:1:8000::1 to fe80::21d:9ff:fe8b:8e94 port 22 keep state label "RULE 3 -- ACCEPT " +pass in log quick inet6 proto tcp from 3ffe:1200:2001:1:8000::1 to self port 22 keep state label "RULE 3 -- ACCEPT " # # Rule 4 (global) # firewall-ipv6-2:Policy:4: error: Rule '4 (global)' shadows rule '6 (global)' below it @@ -96,15 +96,15 @@ pass log quick inet6 proto tcp from to fe80::21d:9ff:fe8b:8e94 p # Rule 6 (global) # firewall-ipv6-2:Policy:6: warning: Changing rule direction due to self reference -pass in log quick inet6 proto tcp from to fe80::21d:9ff:fe8b:8e94 port 22 keep state label "RULE 6 -- ACCEPT " +pass in log quick inet6 proto tcp from to self port 22 keep state label "RULE 6 -- ACCEPT " # # Rule 7 (global) # firewall-ipv6-2:Policy:7: warning: Changing rule direction due to self reference -pass in log quick inet6 proto tcp from to fe80::21d:9ff:fe8b:8e94 port 22 keep state label "RULE 7 -- ACCEPT " +pass in log quick inet6 proto tcp from to self port 22 keep state label "RULE 7 -- ACCEPT " # # Rule 8 (global) -pass in log quick inet6 from any to fe80::21d:9ff:fe8b:8e94 keep state label "RULE 8 -- ACCEPT " +pass in log quick inet6 from any to self keep state label "RULE 8 -- ACCEPT " # # Rule 9 (global) pass log quick inet6 from fe80::/64 to any keep state label "RULE 9 -- ACCEPT " diff --git a/test/pf/firewall-ipv6-2.fw.orig b/test/pf/firewall-ipv6-2.fw.orig index 10f8746d2..0366b77f2 100755 --- a/test/pf/firewall-ipv6-2.fw.orig +++ b/test/pf/firewall-ipv6-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:34 2011 PDT by vadim +# Generated Thu May 26 14:09:43 2011 PDT by vadim # # files: * firewall-ipv6-2.fw pf.fw # files: firewall-ipv6-2.conf pf.conf @@ -185,7 +185,7 @@ configure_interfaces() { update_addresses_of_interface "lo ::1/128 127.0.0.1/0xff000000" "" } -log "Activating firewall script generated Tue May 10 14:53:34 2011 by vadim" +log "Activating firewall script generated Thu May 26 14:09:43 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall-ipv6-3.fw.orig b/test/pf/firewall-ipv6-3.fw.orig index 7f34c4d84..74e6c1295 100755 --- a/test/pf/firewall-ipv6-3.fw.orig +++ b/test/pf/firewall-ipv6-3.fw.orig @@ -1,9 +1,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:34 2011 PDT by vadim +# Generated Thu May 26 14:09:43 2011 PDT by vadim # # files: * firewall-ipv6-3.fw /etc/firewall-ipv6-3.fw # files: firewall-ipv6-3.conf /etc/firewall-ipv6-3.conf diff --git a/test/pf/firewall.conf.orig b/test/pf/firewall.conf.orig index 90337d2fd..739d2b76c 100644 --- a/test/pf/firewall.conf.orig +++ b/test/pf/firewall.conf.orig @@ -50,10 +50,10 @@ rdr proto tcp from any to any port 80 -> 127.0.0.1 port 3128 # # Rule backup ssh access rule # backup ssh access rule -pass in quick inet proto tcp from 192.168.1.100 to port 22 flags S/SA modulate state label "RULE -1 - ACCEPT" +pass in quick inet proto tcp from 192.168.1.100 to self port 22 flags S/SA modulate state label "RULE -1 - ACCEPT" # # Rule 0 (eth1) -block in log quick on eth1 inet from any to fragment label "RULE 0 - DROP" +block in log quick on eth1 inet from any to self fragment label "RULE 0 - DROP" # # Rule 1 (eth1) # Automatically generated rule blocking short fragments @@ -61,14 +61,14 @@ block in log quick on eth1 inet from any to any fragment label "RULE 1 - # # Rule 2 (eth1) # Automatically generated anti-spoofing rule -block in log quick on eth1 inet from to any label "RULE 2 - DROP" +block in log quick on eth1 inet from self to any label "RULE 2 - DROP" block in log quick on eth1 inet from 192.168.1.0/24 to any label "RULE 2 - DROP" # # Rule 3 (eth0) # комментарий по-русски, Проверяем конвертацию в Utf-8 # firewall:Policy:3: warning: Changing rule direction due to self reference -pass in quick on eth0 inet proto udp from 192.168.1.0/24 to port 53 keep state label "RULE 3 - ACCEPT" +pass in quick on eth0 inet proto udp from 192.168.1.0/24 to self port 53 keep state label "RULE 3 - ACCEPT" # # Rule 4 (eth0) # code should go into INPUT chain with @@ -109,7 +109,7 @@ pass quick inet from any to 192.168.1.10 keep state label "RULE 16 - ACCEPT" # firewall:Policy:18: error: Rule '18 (global)' shadows rule '21 (global)' below it # firewall:Policy:18: warning: Changing rule direction due to self reference -pass out quick inet from to any keep state label "RULE 18 - ACCEPT" +pass out quick inet from self to any keep state label "RULE 18 - ACCEPT" pass quick inet from 192.168.1.0/24 to any keep state label "RULE 18 - ACCEPT" # # Rule 19 (global) diff --git a/test/pf/firewall.fw.orig b/test/pf/firewall.fw.orig index 0443a17f5..dc57f6c23 100755 --- a/test/pf/firewall.fw.orig +++ b/test/pf/firewall.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:08 2011 PDT by vadim +# Generated Thu May 26 14:08:53 2011 PDT by vadim # # files: * firewall.fw /etc/pf.fw # files: firewall.conf /etc/pf.conf @@ -173,7 +173,7 @@ configure_interfaces() { update_addresses_of_interface "lo 127.0.0.1/0xff000000" "" } -log "Activating firewall script generated Tue May 10 14:53:08 2011 by vadim" +log "Activating firewall script generated Thu May 26 14:08:53 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall1.conf.orig b/test/pf/firewall1.conf.orig index e815aa909..b4de647d5 100644 --- a/test/pf/firewall1.conf.orig +++ b/test/pf/firewall1.conf.orig @@ -18,12 +18,11 @@ scrub in all fragment reassemble -# Tables: (7) +# Tables: (6) table { 22.22.22.22 , 192.168.1.1 } table { 192.168.1.10 , 192.168.1.20 } -table { 22.22.22.22 , 22.22.23.23 , 192.168.1.1 , 192.168.2.0/24 , 192.168.2.1 } +table { self , 192.168.2.0/24 } table { 33.33.33.0/24 , 33.33.44.0/24 } -table { 22.22.22.22 , 22.22.23.23 , 127.0.0.1 , 192.168.1.1 , 192.168.2.1 } table { 192.168.1.0/24 , 192.168.2.0/24 } table { 22.22.22.22 , 22.22.23.23 , 192.168.1.1 , 192.168.2.1 } @@ -113,7 +112,7 @@ block quick on eth0 inet proto 50 from to ! # # Rule 2 (eth1) # Anti-spoofing rule -block in log quick on eth1 inet from to any +block in log quick on eth1 inet from self to any block in log quick on eth1 inet from 192.168.1.0/24 to any # # Rule 3 (eth1) @@ -144,7 +143,7 @@ block log quick inet proto icmp from ! to any icmp-type 3 # this rule is shaded by rule above. # firewall1:Policy:10: warning: Changing rule direction due to self reference -block in log quick inet proto icmp from ! to icmp-type 3 +block in log quick inet proto icmp from ! to self icmp-type 3 # # Rule 11 (global) # this rule shades rule below @@ -168,7 +167,7 @@ pass quick inet from 192.168.1.0/24 to any keep state # Rule 18 (global) # firewall1:Policy:18: warning: Changing rule direction due to self reference -pass in quick inet proto tcp from any to port 3128 keep state +pass in quick inet proto tcp from any to self port 3128 keep state # # Rule 19 (eth0) # rule from http://www.benzedrine.cx/transquid.html diff --git a/test/pf/firewall1.fw.orig b/test/pf/firewall1.fw.orig index bc170a496..63725585f 100755 --- a/test/pf/firewall1.fw.orig +++ b/test/pf/firewall1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:08 2011 PDT by vadim +# Generated Thu May 26 14:08:55 2011 PDT by vadim # # files: * firewall1.fw /etc/fw/firewall1.fw # files: firewall1.conf /etc/fw/firewall1.conf @@ -76,7 +76,7 @@ configure_interfaces() { } -log "Activating firewall script generated Tue May 10 14:53:08 2011 by vadim" +log "Activating firewall script generated Thu May 26 14:08:55 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall10-1.conf.orig b/test/pf/firewall10-1.conf.orig index f29dfb78a..f8dcc0174 100644 --- a/test/pf/firewall10-1.conf.orig +++ b/test/pf/firewall10-1.conf.orig @@ -12,7 +12,7 @@ nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1 # # Rule backup ssh access rule # backup ssh access rule -pass in quick inet proto tcp from 192.168.1.100 to 192.168.1.1 port 22 flags S/SA keep state +pass in quick inet proto tcp from 192.168.1.100 to self port 22 flags S/SA keep state # # Rule 0 (eth0) pass in quick on eth0 inet proto tcp from 192.168.1.0/24 to any port { 80, 22 } flags S/SA keep state diff --git a/test/pf/firewall10-1.fw.orig b/test/pf/firewall10-1.fw.orig index ad980410e..ee698eb86 100755 --- a/test/pf/firewall10-1.fw.orig +++ b/test/pf/firewall10-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:09 2011 PDT by vadim +# Generated Thu May 26 14:08:56 2011 PDT by vadim # # files: * firewall10-1.fw /etc/fw/firewall10-1.fw # files: firewall10-1.conf /etc/fw/firewall10-1.conf @@ -74,7 +74,7 @@ configure_interfaces() { } -log "Activating firewall script generated Tue May 10 14:53:09 2011 by vadim" +log "Activating firewall script generated Thu May 26 14:08:56 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall10-2.conf.orig b/test/pf/firewall10-2.conf.orig index 41b1bfff2..cc504aeee 100644 --- a/test/pf/firewall10-2.conf.orig +++ b/test/pf/firewall10-2.conf.orig @@ -13,7 +13,7 @@ nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1 # # Rule backup ssh access rule # backup ssh access rule -pass in quick inet proto tcp from 192.168.1.100 to 192.168.1.1 port 22 modulate state +pass in quick inet proto tcp from 192.168.1.100 to self port 22 modulate state # # Rule 0 (eth0) pass in quick on eth0 inet proto tcp from 192.168.1.0/24 to any port { 80, 22 } modulate state diff --git a/test/pf/firewall10-2.fw.orig b/test/pf/firewall10-2.fw.orig index 431241e11..97c1d8249 100755 --- a/test/pf/firewall10-2.fw.orig +++ b/test/pf/firewall10-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:10 2011 PDT by vadim +# Generated Thu May 26 14:08:58 2011 PDT by vadim # # files: * firewall10-2.fw /etc/fw/firewall10-2.fw # files: firewall10-2.conf /etc/fw/firewall10-2.conf @@ -74,7 +74,7 @@ configure_interfaces() { } -log "Activating firewall script generated Tue May 10 14:53:10 2011 by vadim" +log "Activating firewall script generated Thu May 26 14:08:58 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall10-3.conf.orig b/test/pf/firewall10-3.conf.orig index 22311b7d9..42da3b64b 100644 --- a/test/pf/firewall10-3.conf.orig +++ b/test/pf/firewall10-3.conf.orig @@ -12,7 +12,7 @@ nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1 # # Rule backup ssh access rule # backup ssh access rule -pass in quick inet proto tcp from 192.168.1.100 to 192.168.1.1 port 22 keep state +pass in quick inet proto tcp from 192.168.1.100 to self port 22 keep state # # Rule 0 (eth0) pass in quick on eth0 inet proto tcp from 192.168.1.0/24 to any port { 80, 22 } keep state diff --git a/test/pf/firewall10-3.fw.orig b/test/pf/firewall10-3.fw.orig index 8834d76c4..d0d62c1c9 100755 --- a/test/pf/firewall10-3.fw.orig +++ b/test/pf/firewall10-3.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:11 2011 PDT by vadim +# Generated Thu May 26 14:09:00 2011 PDT by vadim # # files: * firewall10-3.fw /etc/fw/firewall10-3.fw # files: firewall10-3.conf /etc/fw/firewall10-3.conf @@ -76,7 +76,7 @@ configure_interfaces() { } -log "Activating firewall script generated Tue May 10 14:53:11 2011 by vadim" +log "Activating firewall script generated Thu May 26 14:09:00 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall10-4.conf.orig b/test/pf/firewall10-4.conf.orig index 97e5c8c1f..a71856753 100644 --- a/test/pf/firewall10-4.conf.orig +++ b/test/pf/firewall10-4.conf.orig @@ -13,7 +13,7 @@ nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1 # # Rule backup ssh access rule # backup ssh access rule -pass in quick inet proto tcp from 192.168.1.100 to 192.168.1.1 port 22 flags any +pass in quick inet proto tcp from 192.168.1.100 to self port 22 flags any # # Rule 0 (eth0) pass in quick on eth0 inet proto tcp from 192.168.1.0/24 to any port { 80, 22 } flags any diff --git a/test/pf/firewall10-4.fw.orig b/test/pf/firewall10-4.fw.orig index f0a0eae5a..a0362a3ef 100755 --- a/test/pf/firewall10-4.fw.orig +++ b/test/pf/firewall10-4.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:13 2011 PDT by vadim +# Generated Thu May 26 14:09:04 2011 PDT by vadim # # files: * firewall10-4.fw /etc/fw/firewall10-4.fw # files: firewall10-4.conf /etc/fw/firewall10-4.conf @@ -76,7 +76,7 @@ configure_interfaces() { } -log "Activating firewall script generated Tue May 10 14:53:13 2011 by vadim" +log "Activating firewall script generated Thu May 26 14:09:04 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall10-5.conf.orig b/test/pf/firewall10-5.conf.orig index 7441823d6..1defbe6da 100644 --- a/test/pf/firewall10-5.conf.orig +++ b/test/pf/firewall10-5.conf.orig @@ -12,7 +12,7 @@ nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1 # # Rule backup ssh access rule # backup ssh access rule -pass in quick inet proto tcp from 192.168.1.100 to 192.168.1.1 port 22 keep state +pass in quick inet proto tcp from 192.168.1.100 to self port 22 keep state # # Rule 0 (enc0) # This adds "pass out ... keep state" diff --git a/test/pf/firewall10-5.fw.orig b/test/pf/firewall10-5.fw.orig index e78040031..a39f6cc3f 100755 --- a/test/pf/firewall10-5.fw.orig +++ b/test/pf/firewall10-5.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:14 2011 PDT by vadim +# Generated Thu May 26 14:09:07 2011 PDT by vadim # # files: * firewall10-5.fw /etc/fw/firewall10-5.fw # files: firewall10-5.conf /etc/fw/firewall10-5.conf @@ -77,7 +77,7 @@ configure_interfaces() { } -log "Activating firewall script generated Tue May 10 14:53:14 2011 by vadim" +log "Activating firewall script generated Thu May 26 14:09:07 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall10-6.conf.orig b/test/pf/firewall10-6.conf.orig index 97e5c8c1f..a71856753 100644 --- a/test/pf/firewall10-6.conf.orig +++ b/test/pf/firewall10-6.conf.orig @@ -13,7 +13,7 @@ nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1 # # Rule backup ssh access rule # backup ssh access rule -pass in quick inet proto tcp from 192.168.1.100 to 192.168.1.1 port 22 flags any +pass in quick inet proto tcp from 192.168.1.100 to self port 22 flags any # # Rule 0 (eth0) pass in quick on eth0 inet proto tcp from 192.168.1.0/24 to any port { 80, 22 } flags any diff --git a/test/pf/firewall10-6.fw.orig b/test/pf/firewall10-6.fw.orig index d0c9f9fdd..bb74569fc 100755 --- a/test/pf/firewall10-6.fw.orig +++ b/test/pf/firewall10-6.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:15 2011 PDT by vadim +# Generated Thu May 26 14:09:09 2011 PDT by vadim # # files: * firewall10-6.fw /etc/fw/firewall10-6.fw # files: firewall10-6.conf /etc/fw/firewall10-6.conf @@ -77,7 +77,7 @@ configure_interfaces() { } -log "Activating firewall script generated Tue May 10 14:53:15 2011 by vadim" +log "Activating firewall script generated Thu May 26 14:09:09 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall100.conf.orig b/test/pf/firewall100.conf.orig index ac8df8eec..3f946e0ba 100644 --- a/test/pf/firewall100.conf.orig +++ b/test/pf/firewall100.conf.orig @@ -7,14 +7,10 @@ set timeout udp.single 5 match all scrub (reassemble tcp no-df ) match out all scrub (random-id min-ttl 1 max-mss 1460) - -# Tables: (1) -table { 10.1.1.81 , 10.3.14.81 } - # # Rule backup ssh access rule # backup ssh access rule -pass in quick inet proto tcp from 10.3.14.30 to port 22 label "RULE -1 -- ACCEPT " +pass in quick inet proto tcp from 10.3.14.30 to self port 22 label "RULE -1 -- ACCEPT " # # Rule 0 (global) block log quick inet from any to any no state label "RULE 0 -- DROP " diff --git a/test/pf/firewall100.fw.orig b/test/pf/firewall100.fw.orig index 112bc9242..e2b4c4cb4 100755 --- a/test/pf/firewall100.fw.orig +++ b/test/pf/firewall100.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:08 2011 PDT by vadim +# Generated Thu May 26 14:08:55 2011 PDT by vadim # # files: * firewall100.fw /etc/fw/pf.fw # files: firewall100.conf /etc/fw/path\ with\ space/pf.conf @@ -167,7 +167,7 @@ configure_interfaces() { update_addresses_of_interface "em1 10.1.1.81/0xffffff00" "" } -log "Activating firewall script generated Tue May 10 14:53:08 2011 by vadim" +log "Activating firewall script generated Thu May 26 14:08:55 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall101.conf.orig b/test/pf/firewall101.conf.orig index ac8df8eec..3f946e0ba 100644 --- a/test/pf/firewall101.conf.orig +++ b/test/pf/firewall101.conf.orig @@ -7,14 +7,10 @@ set timeout udp.single 5 match all scrub (reassemble tcp no-df ) match out all scrub (random-id min-ttl 1 max-mss 1460) - -# Tables: (1) -table { 10.1.1.81 , 10.3.14.81 } - # # Rule backup ssh access rule # backup ssh access rule -pass in quick inet proto tcp from 10.3.14.30 to port 22 label "RULE -1 -- ACCEPT " +pass in quick inet proto tcp from 10.3.14.30 to self port 22 label "RULE -1 -- ACCEPT " # # Rule 0 (global) block log quick inet from any to any no state label "RULE 0 -- DROP " diff --git a/test/pf/firewall101.fw.orig b/test/pf/firewall101.fw.orig index 3eefe08ca..c36c1346a 100755 --- a/test/pf/firewall101.fw.orig +++ b/test/pf/firewall101.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:09 2011 PDT by vadim +# Generated Thu May 26 14:08:56 2011 PDT by vadim # # files: * firewall101.fw /etc/fw/pf.fw # files: firewall101.conf /etc/fw/path\ with\ space/pf.conf @@ -170,7 +170,7 @@ configure_interfaces() { update_addresses_of_interface "em1 10.1.1.81/0xffffff00" "" } -log "Activating firewall script generated Tue May 10 14:53:09 2011 by vadim" +log "Activating firewall script generated Thu May 26 14:08:56 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall102.conf.orig b/test/pf/firewall102.conf.orig index ac8df8eec..3f946e0ba 100644 --- a/test/pf/firewall102.conf.orig +++ b/test/pf/firewall102.conf.orig @@ -7,14 +7,10 @@ set timeout udp.single 5 match all scrub (reassemble tcp no-df ) match out all scrub (random-id min-ttl 1 max-mss 1460) - -# Tables: (1) -table { 10.1.1.81 , 10.3.14.81 } - # # Rule backup ssh access rule # backup ssh access rule -pass in quick inet proto tcp from 10.3.14.30 to port 22 label "RULE -1 -- ACCEPT " +pass in quick inet proto tcp from 10.3.14.30 to self port 22 label "RULE -1 -- ACCEPT " # # Rule 0 (global) block log quick inet from any to any no state label "RULE 0 -- DROP " diff --git a/test/pf/firewall102.fw.orig b/test/pf/firewall102.fw.orig index 348ac40b5..a1c1fe4c5 100755 --- a/test/pf/firewall102.fw.orig +++ b/test/pf/firewall102.fw.orig @@ -1,9 +1,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:10 2011 PDT by vadim +# Generated Thu May 26 14:08:58 2011 PDT by vadim # # files: * firewall102.fw /etc/fw/pf.fw # files: firewall102.conf /etc/fw/path\ with\ space/pf.conf diff --git a/test/pf/firewall103-1.conf.orig b/test/pf/firewall103-1.conf.orig index 6635011fc..3f946e0ba 100644 --- a/test/pf/firewall103-1.conf.orig +++ b/test/pf/firewall103-1.conf.orig @@ -7,14 +7,10 @@ set timeout udp.single 5 match all scrub (reassemble tcp no-df ) match out all scrub (random-id min-ttl 1 max-mss 1460) - -# Tables: (1) -table { 10.1.1.81 , 10.3.14.81 , 192.168.1.1 } - # # Rule backup ssh access rule # backup ssh access rule -pass in quick inet proto tcp from 10.3.14.30 to port 22 label "RULE -1 -- ACCEPT " +pass in quick inet proto tcp from 10.3.14.30 to self port 22 label "RULE -1 -- ACCEPT " # # Rule 0 (global) block log quick inet from any to any no state label "RULE 0 -- DROP " diff --git a/test/pf/firewall103-1.fw.orig b/test/pf/firewall103-1.fw.orig index 6ef886c4d..93492cd73 100755 --- a/test/pf/firewall103-1.fw.orig +++ b/test/pf/firewall103-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:12 2011 PDT by vadim +# Generated Thu May 26 14:09:02 2011 PDT by vadim # # files: * firewall103-1.fw /etc/fw/pf.fw # files: firewall103-1.conf /etc/fw/path\ with\ space/pf.conf @@ -394,7 +394,7 @@ configure_interfaces() { update_addresses_of_interface "bridge0 192.168.1.1/0xffffff00" "" } -log "Activating firewall script generated Tue May 10 14:53:12 2011 by vadim" +log "Activating firewall script generated Thu May 26 14:09:02 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall103-2.conf.orig b/test/pf/firewall103-2.conf.orig index dbaea8222..eb16085f4 100644 --- a/test/pf/firewall103-2.conf.orig +++ b/test/pf/firewall103-2.conf.orig @@ -7,14 +7,10 @@ set timeout udp.single 5 scrub all reassemble tcp no-df scrub out all random-id min-ttl 1 max-mss 1460 - -# Tables: (1) -table { 10.1.1.81 , 10.3.14.81 , 192.168.1.1 } - # # Rule backup ssh access rule # backup ssh access rule -pass in quick inet proto tcp from 10.3.14.30 to port 22 label "RULE -1 -- ACCEPT " +pass in quick inet proto tcp from 10.3.14.30 to self port 22 label "RULE -1 -- ACCEPT " # # Rule 0 (global) block log quick inet from any to any no state label "RULE 0 -- DROP " diff --git a/test/pf/firewall103-2.fw.orig b/test/pf/firewall103-2.fw.orig index 58c5e4c30..6f0c36092 100755 --- a/test/pf/firewall103-2.fw.orig +++ b/test/pf/firewall103-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:12 2011 PDT by vadim +# Generated Thu May 26 14:09:02 2011 PDT by vadim # # files: * firewall103-2.fw /etc/fw/pf.fw # files: firewall103-2.conf /etc/fw/path\ with\ space/pf.conf @@ -394,7 +394,7 @@ configure_interfaces() { update_addresses_of_interface "bridge0 192.168.1.1/0xffffff00" "" } -log "Activating firewall script generated Tue May 10 14:53:12 2011 by vadim" +log "Activating firewall script generated Thu May 26 14:09:02 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall103.conf.orig b/test/pf/firewall103.conf.orig index 6635011fc..3f946e0ba 100644 --- a/test/pf/firewall103.conf.orig +++ b/test/pf/firewall103.conf.orig @@ -7,14 +7,10 @@ set timeout udp.single 5 match all scrub (reassemble tcp no-df ) match out all scrub (random-id min-ttl 1 max-mss 1460) - -# Tables: (1) -table { 10.1.1.81 , 10.3.14.81 , 192.168.1.1 } - # # Rule backup ssh access rule # backup ssh access rule -pass in quick inet proto tcp from 10.3.14.30 to port 22 label "RULE -1 -- ACCEPT " +pass in quick inet proto tcp from 10.3.14.30 to self port 22 label "RULE -1 -- ACCEPT " # # Rule 0 (global) block log quick inet from any to any no state label "RULE 0 -- DROP " diff --git a/test/pf/firewall103.fw.orig b/test/pf/firewall103.fw.orig index d4e3dacbf..aaaa7007e 100755 --- a/test/pf/firewall103.fw.orig +++ b/test/pf/firewall103.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:11 2011 PDT by vadim +# Generated Thu May 26 14:09:00 2011 PDT by vadim # # files: * firewall103.fw /etc/fw/pf.fw # files: firewall103.conf /etc/fw/path\ with\ space/pf.conf @@ -397,7 +397,7 @@ configure_interfaces() { update_addresses_of_interface "bridge0 192.168.1.1/0xffffff00" "" } -log "Activating firewall script generated Tue May 10 14:53:11 2011 by vadim" +log "Activating firewall script generated Thu May 26 14:09:00 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall104-1.conf.orig b/test/pf/firewall104-1.conf.orig index 8c25d7aa5..3f946e0ba 100644 --- a/test/pf/firewall104-1.conf.orig +++ b/test/pf/firewall104-1.conf.orig @@ -7,14 +7,10 @@ set timeout udp.single 5 match all scrub (reassemble tcp no-df ) match out all scrub (random-id min-ttl 1 max-mss 1460) - -# Tables: (1) -table { bridge0 , 10.1.1.81 , 10.3.14.81 } - # # Rule backup ssh access rule # backup ssh access rule -pass in quick inet proto tcp from 10.3.14.30 to port 22 label "RULE -1 -- ACCEPT " +pass in quick inet proto tcp from 10.3.14.30 to self port 22 label "RULE -1 -- ACCEPT " # # Rule 0 (global) block log quick inet from any to any no state label "RULE 0 -- DROP " diff --git a/test/pf/firewall104-1.fw.orig b/test/pf/firewall104-1.fw.orig index 5527a4d43..cce5ac486 100755 --- a/test/pf/firewall104-1.fw.orig +++ b/test/pf/firewall104-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:14 2011 PDT by vadim +# Generated Thu May 26 14:09:05 2011 PDT by vadim # # files: * firewall104-1.fw /etc/fw/pf.fw # files: firewall104-1.conf /etc/fw/path\ with\ space/pf.conf @@ -393,7 +393,7 @@ configure_interfaces() { $IFCONFIG bridge0 -stp em3 } -log "Activating firewall script generated Tue May 10 14:53:14 2011 by vadim" +log "Activating firewall script generated Thu May 26 14:09:05 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall104.conf.orig b/test/pf/firewall104.conf.orig index 8c25d7aa5..3f946e0ba 100644 --- a/test/pf/firewall104.conf.orig +++ b/test/pf/firewall104.conf.orig @@ -7,14 +7,10 @@ set timeout udp.single 5 match all scrub (reassemble tcp no-df ) match out all scrub (random-id min-ttl 1 max-mss 1460) - -# Tables: (1) -table { bridge0 , 10.1.1.81 , 10.3.14.81 } - # # Rule backup ssh access rule # backup ssh access rule -pass in quick inet proto tcp from 10.3.14.30 to port 22 label "RULE -1 -- ACCEPT " +pass in quick inet proto tcp from 10.3.14.30 to self port 22 label "RULE -1 -- ACCEPT " # # Rule 0 (global) block log quick inet from any to any no state label "RULE 0 -- DROP " diff --git a/test/pf/firewall104.fw.orig b/test/pf/firewall104.fw.orig index 8846a98f9..c495d0429 100755 --- a/test/pf/firewall104.fw.orig +++ b/test/pf/firewall104.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:13 2011 PDT by vadim +# Generated Thu May 26 14:09:04 2011 PDT by vadim # # files: * firewall104.fw /etc/fw/pf.fw # files: firewall104.conf /etc/fw/path\ with\ space/pf.conf @@ -396,7 +396,7 @@ configure_interfaces() { $IFCONFIG bridge0 stp em3 } -log "Activating firewall script generated Tue May 10 14:53:13 2011 by vadim" +log "Activating firewall script generated Thu May 26 14:09:04 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall105.conf.orig b/test/pf/firewall105.conf.orig index 6635011fc..3f946e0ba 100644 --- a/test/pf/firewall105.conf.orig +++ b/test/pf/firewall105.conf.orig @@ -7,14 +7,10 @@ set timeout udp.single 5 match all scrub (reassemble tcp no-df ) match out all scrub (random-id min-ttl 1 max-mss 1460) - -# Tables: (1) -table { 10.1.1.81 , 10.3.14.81 , 192.168.1.1 } - # # Rule backup ssh access rule # backup ssh access rule -pass in quick inet proto tcp from 10.3.14.30 to port 22 label "RULE -1 -- ACCEPT " +pass in quick inet proto tcp from 10.3.14.30 to self port 22 label "RULE -1 -- ACCEPT " # # Rule 0 (global) block log quick inet from any to any no state label "RULE 0 -- DROP " diff --git a/test/pf/firewall105.fw.orig b/test/pf/firewall105.fw.orig index 31a7422b0..8c2424324 100755 --- a/test/pf/firewall105.fw.orig +++ b/test/pf/firewall105.fw.orig @@ -1,9 +1,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:14 2011 PDT by vadim +# Generated Thu May 26 14:09:06 2011 PDT by vadim # # files: * firewall105.fw /etc/fw/pf.fw # files: firewall105.conf /etc/fw/path\ with\ space/pf.conf diff --git a/test/pf/firewall106.conf.orig b/test/pf/firewall106.conf.orig index 8c25d7aa5..3f946e0ba 100644 --- a/test/pf/firewall106.conf.orig +++ b/test/pf/firewall106.conf.orig @@ -7,14 +7,10 @@ set timeout udp.single 5 match all scrub (reassemble tcp no-df ) match out all scrub (random-id min-ttl 1 max-mss 1460) - -# Tables: (1) -table { bridge0 , 10.1.1.81 , 10.3.14.81 } - # # Rule backup ssh access rule # backup ssh access rule -pass in quick inet proto tcp from 10.3.14.30 to port 22 label "RULE -1 -- ACCEPT " +pass in quick inet proto tcp from 10.3.14.30 to self port 22 label "RULE -1 -- ACCEPT " # # Rule 0 (global) block log quick inet from any to any no state label "RULE 0 -- DROP " diff --git a/test/pf/firewall106.fw.orig b/test/pf/firewall106.fw.orig index 41a3a3036..07249874e 100755 --- a/test/pf/firewall106.fw.orig +++ b/test/pf/firewall106.fw.orig @@ -1,9 +1,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:15 2011 PDT by vadim +# Generated Thu May 26 14:09:07 2011 PDT by vadim # # files: * firewall106.fw /etc/fw/pf.fw # files: firewall106.conf /etc/fw/path\ with\ space/pf.conf diff --git a/test/pf/firewall107.conf.orig b/test/pf/firewall107.conf.orig index 4c2afd3cb..3f946e0ba 100644 --- a/test/pf/firewall107.conf.orig +++ b/test/pf/firewall107.conf.orig @@ -7,14 +7,10 @@ set timeout udp.single 5 match all scrub (reassemble tcp no-df ) match out all scrub (random-id min-ttl 1 max-mss 1460) - -# Tables: (1) -table { 10.1.1.81 , 10.3.14.81 , 192.168.101.1 , 192.168.102.1 } - # # Rule backup ssh access rule # backup ssh access rule -pass in quick inet proto tcp from 10.3.14.30 to port 22 label "RULE -1 -- ACCEPT " +pass in quick inet proto tcp from 10.3.14.30 to self port 22 label "RULE -1 -- ACCEPT " # # Rule 0 (global) block log quick inet from any to any no state label "RULE 0 -- DROP " diff --git a/test/pf/firewall107.fw.orig b/test/pf/firewall107.fw.orig index 9f87da76f..8794c2c2a 100755 --- a/test/pf/firewall107.fw.orig +++ b/test/pf/firewall107.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:15 2011 PDT by vadim +# Generated Thu May 26 14:09:09 2011 PDT by vadim # # files: * firewall107.fw /etc/fw/pf.fw # files: firewall107.conf /etc/fw/path\ with\ space/pf.conf @@ -395,7 +395,7 @@ configure_interfaces() { update_addresses_of_interface "vlan102 192.168.102.1/0xffffff00" "" } -log "Activating firewall script generated Tue May 10 14:53:15 2011 by vadim" +log "Activating firewall script generated Thu May 26 14:09:09 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall108.conf.orig b/test/pf/firewall108.conf.orig index 4c2afd3cb..3f946e0ba 100644 --- a/test/pf/firewall108.conf.orig +++ b/test/pf/firewall108.conf.orig @@ -7,14 +7,10 @@ set timeout udp.single 5 match all scrub (reassemble tcp no-df ) match out all scrub (random-id min-ttl 1 max-mss 1460) - -# Tables: (1) -table { 10.1.1.81 , 10.3.14.81 , 192.168.101.1 , 192.168.102.1 } - # # Rule backup ssh access rule # backup ssh access rule -pass in quick inet proto tcp from 10.3.14.30 to port 22 label "RULE -1 -- ACCEPT " +pass in quick inet proto tcp from 10.3.14.30 to self port 22 label "RULE -1 -- ACCEPT " # # Rule 0 (global) block log quick inet from any to any no state label "RULE 0 -- DROP " diff --git a/test/pf/firewall108.fw.orig b/test/pf/firewall108.fw.orig index 1356dc577..64c512743 100755 --- a/test/pf/firewall108.fw.orig +++ b/test/pf/firewall108.fw.orig @@ -1,9 +1,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:16 2011 PDT by vadim +# Generated Thu May 26 14:09:11 2011 PDT by vadim # # files: * firewall108.fw /etc/fw/pf.fw # files: firewall108.conf /etc/fw/path\ with\ space/pf.conf diff --git a/test/pf/firewall109-1.conf.orig b/test/pf/firewall109-1.conf.orig index 3354274f7..3f946e0ba 100644 --- a/test/pf/firewall109-1.conf.orig +++ b/test/pf/firewall109-1.conf.orig @@ -7,14 +7,10 @@ set timeout udp.single 5 match all scrub (reassemble tcp no-df ) match out all scrub (random-id min-ttl 1 max-mss 1460) - -# Tables: (1) -table { 10.3.14.81 , 192.168.1.1 , 192.168.101.1 , 192.168.102.1 } - # # Rule backup ssh access rule # backup ssh access rule -pass in quick inet proto tcp from 10.3.14.30 to port 22 label "RULE -1 -- ACCEPT " +pass in quick inet proto tcp from 10.3.14.30 to self port 22 label "RULE -1 -- ACCEPT " # # Rule 0 (global) block log quick inet from any to any no state label "RULE 0 -- DROP " diff --git a/test/pf/firewall109-1.fw.orig b/test/pf/firewall109-1.fw.orig index 72b8556cb..02da67193 100755 --- a/test/pf/firewall109-1.fw.orig +++ b/test/pf/firewall109-1.fw.orig @@ -1,9 +1,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:17 2011 PDT by vadim +# Generated Thu May 26 14:09:12 2011 PDT by vadim # # files: * firewall109-1.fw /etc/fw/pf.fw # files: firewall109-1.conf /etc/fw/path\ with\ space/pf.conf diff --git a/test/pf/firewall109-2.conf.orig b/test/pf/firewall109-2.conf.orig index f2903793e..3f946e0ba 100644 --- a/test/pf/firewall109-2.conf.orig +++ b/test/pf/firewall109-2.conf.orig @@ -7,14 +7,10 @@ set timeout udp.single 5 match all scrub (reassemble tcp no-df ) match out all scrub (random-id min-ttl 1 max-mss 1460) - -# Tables: (1) -table { 10.3.14.81 , 192.168.1.1 } - # # Rule backup ssh access rule # backup ssh access rule -pass in quick inet proto tcp from 10.3.14.30 to port 22 label "RULE -1 -- ACCEPT " +pass in quick inet proto tcp from 10.3.14.30 to self port 22 label "RULE -1 -- ACCEPT " # # Rule 0 (global) block log quick inet from any to any no state label "RULE 0 -- DROP " diff --git a/test/pf/firewall109-2.fw.orig b/test/pf/firewall109-2.fw.orig index c375ced4e..b20a54fe4 100755 --- a/test/pf/firewall109-2.fw.orig +++ b/test/pf/firewall109-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:17 2011 PDT by vadim +# Generated Thu May 26 14:09:13 2011 PDT by vadim # # files: * firewall109-2.fw /etc/fw/pf.fw # files: firewall109-2.conf /etc/fw/path\ with\ space/pf.conf @@ -400,7 +400,7 @@ configure_interfaces() { update_addresses_of_interface "bridge0 192.168.1.1/0xffffff00" "" } -log "Activating firewall script generated Tue May 10 14:53:17 2011 by vadim" +log "Activating firewall script generated Thu May 26 14:09:13 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall109-3.conf.orig b/test/pf/firewall109-3.conf.orig index f2903793e..3f946e0ba 100644 --- a/test/pf/firewall109-3.conf.orig +++ b/test/pf/firewall109-3.conf.orig @@ -7,14 +7,10 @@ set timeout udp.single 5 match all scrub (reassemble tcp no-df ) match out all scrub (random-id min-ttl 1 max-mss 1460) - -# Tables: (1) -table { 10.3.14.81 , 192.168.1.1 } - # # Rule backup ssh access rule # backup ssh access rule -pass in quick inet proto tcp from 10.3.14.30 to port 22 label "RULE -1 -- ACCEPT " +pass in quick inet proto tcp from 10.3.14.30 to self port 22 label "RULE -1 -- ACCEPT " # # Rule 0 (global) block log quick inet from any to any no state label "RULE 0 -- DROP " diff --git a/test/pf/firewall109-3.fw.orig b/test/pf/firewall109-3.fw.orig index 3867cddfa..e41dd76e9 100755 --- a/test/pf/firewall109-3.fw.orig +++ b/test/pf/firewall109-3.fw.orig @@ -1,9 +1,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:18 2011 PDT by vadim +# Generated Thu May 26 14:09:14 2011 PDT by vadim # # files: * firewall109-3.fw /etc/fw/pf.fw # files: firewall109-3.conf /etc/fw/path\ with\ space/pf.conf diff --git a/test/pf/firewall109.conf.orig b/test/pf/firewall109.conf.orig index 3354274f7..3f946e0ba 100644 --- a/test/pf/firewall109.conf.orig +++ b/test/pf/firewall109.conf.orig @@ -7,14 +7,10 @@ set timeout udp.single 5 match all scrub (reassemble tcp no-df ) match out all scrub (random-id min-ttl 1 max-mss 1460) - -# Tables: (1) -table { 10.3.14.81 , 192.168.1.1 , 192.168.101.1 , 192.168.102.1 } - # # Rule backup ssh access rule # backup ssh access rule -pass in quick inet proto tcp from 10.3.14.30 to port 22 label "RULE -1 -- ACCEPT " +pass in quick inet proto tcp from 10.3.14.30 to self port 22 label "RULE -1 -- ACCEPT " # # Rule 0 (global) block log quick inet from any to any no state label "RULE 0 -- DROP " diff --git a/test/pf/firewall109.fw.orig b/test/pf/firewall109.fw.orig index a3c2a2bf7..9a9083d45 100755 --- a/test/pf/firewall109.fw.orig +++ b/test/pf/firewall109.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:16 2011 PDT by vadim +# Generated Thu May 26 14:09:11 2011 PDT by vadim # # files: * firewall109.fw /etc/fw/pf.fw # files: firewall109.conf /etc/fw/path\ with\ space/pf.conf @@ -401,7 +401,7 @@ configure_interfaces() { update_addresses_of_interface "bridge0 192.168.1.1/0xffffff00" "" } -log "Activating firewall script generated Tue May 10 14:53:16 2011 by vadim" +log "Activating firewall script generated Thu May 26 14:09:11 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall11.conf.orig b/test/pf/firewall11.conf.orig index e26e2d41f..c0825d4d7 100644 --- a/test/pf/firewall11.conf.orig +++ b/test/pf/firewall11.conf.orig @@ -2,8 +2,7 @@ -# Tables: (3) -table { ppp0 , 33.33.33.33 , 192.168.1.1 } +# Tables: (2) table { 192.168.1.10 , 192.168.1.20 } table { 192.168.1.0/24 , 192.168.2.0/24 } @@ -14,12 +13,12 @@ table { 192.168.1.0/24 , 192.168.2.0/24 } # Rule 0 (global) # firewall11:Policy:0: warning: Changing rule direction due to self reference -pass in quick inet proto tcp from to port 22 flags S/SA keep state +pass in quick inet proto tcp from to self port 22 flags S/SA keep state # # Rule 1 (global) # firewall11:Policy:1: warning: Changing rule direction due to self reference -block in quick inet from any to +block in quick inet from any to self # # Rule 2 (global) pass quick inet from to any keep state diff --git a/test/pf/firewall11.fw.orig b/test/pf/firewall11.fw.orig index c727edac6..999946b0c 100755 --- a/test/pf/firewall11.fw.orig +++ b/test/pf/firewall11.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:18 2011 PDT by vadim +# Generated Thu May 26 14:09:14 2011 PDT by vadim # # files: * firewall11.fw /etc/firewall11.fw # files: firewall11.conf /etc/firewall11.conf @@ -77,7 +77,7 @@ configure_interfaces() { } -log "Activating firewall script generated Tue May 10 14:53:18 2011 by vadim" +log "Activating firewall script generated Thu May 26 14:09:14 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall110.fw.orig b/test/pf/firewall110.fw.orig index f61fa218d..ae4d2169e 100755 --- a/test/pf/firewall110.fw.orig +++ b/test/pf/firewall110.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:19 2011 PDT by vadim +# Generated Thu May 26 14:09:15 2011 PDT by vadim # # files: * firewall110.fw /etc/fw/firewall110.fw # files: firewall110.conf /etc/fw/firewall110.conf @@ -76,7 +76,7 @@ configure_interfaces() { } -log "Activating firewall script generated Tue May 10 14:53:19 2011 by vadim" +log "Activating firewall script generated Thu May 26 14:09:15 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall111.fw.orig b/test/pf/firewall111.fw.orig index 5093b1b99..9a2d6c075 100755 --- a/test/pf/firewall111.fw.orig +++ b/test/pf/firewall111.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:19 2011 PDT by vadim +# Generated Thu May 26 14:09:16 2011 PDT by vadim # # files: * firewall111.fw /etc/fw/firewall111.fw # files: firewall111.conf /etc/fw/firewall111.conf @@ -86,7 +86,7 @@ configure_interfaces() { } -log "Activating firewall script generated Tue May 10 14:53:19 2011 by vadim" +log "Activating firewall script generated Thu May 26 14:09:16 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall12.fw.orig b/test/pf/firewall12.fw.orig index 32d3e354a..d25a3d3ad 100755 --- a/test/pf/firewall12.fw.orig +++ b/test/pf/firewall12.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:19 2011 PDT by vadim +# Generated Thu May 26 14:09:17 2011 PDT by vadim # # files: * firewall12.fw /etc/fw/firewall12.fw # files: firewall12.conf /etc/fw/firewall12.conf @@ -165,7 +165,7 @@ configure_interfaces() { update_addresses_of_interface "lo0 127.0.0.1/0xff000000" "" } -log "Activating firewall script generated Tue May 10 14:53:19 2011 by vadim" +log "Activating firewall script generated Thu May 26 14:09:17 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall13.fw.orig b/test/pf/firewall13.fw.orig index ec49a6be1..6d2a32006 100755 --- a/test/pf/firewall13.fw.orig +++ b/test/pf/firewall13.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:20 2011 PDT by vadim +# Generated Thu May 26 14:09:17 2011 PDT by vadim # # files: * firewall13.fw /etc/fw/firewall13.fw # files: firewall13.conf /etc/fw/firewall13.conf @@ -88,7 +88,7 @@ configure_interfaces() { } -log "Activating firewall script generated Tue May 10 14:53:20 2011 by vadim" +log "Activating firewall script generated Thu May 26 14:09:17 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall14-1.conf.orig b/test/pf/firewall14-1.conf.orig index ec61f0175..bce2ee7bb 100644 --- a/test/pf/firewall14-1.conf.orig +++ b/test/pf/firewall14-1.conf.orig @@ -6,14 +6,10 @@ match all scrub (reassemble tcp no-df ) match out all scrub (random-id min-ttl 64 max-mss 1460) - -# Tables: (1) -table { 10.1.1.50 , 10.3.14.50 , 10.100.101.1 , 10.100.103.1 } - # # Rule backup ssh access rule # backup ssh access rule -pass in quick inet proto tcp from 10.3.14.30 to port 22 label "RULE -1 -- ACCEPT " +pass in quick inet proto tcp from 10.3.14.30 to self port 22 label "RULE -1 -- ACCEPT " # # Rule 0 (global) block log quick inet from any to any no state label "RULE 0 -- DROP " diff --git a/test/pf/firewall14-1.fw.orig b/test/pf/firewall14-1.fw.orig index 2b69e2b92..4982af3f2 100755 --- a/test/pf/firewall14-1.fw.orig +++ b/test/pf/firewall14-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:20 2011 PDT by vadim +# Generated Thu May 26 14:09:19 2011 PDT by vadim # # files: * firewall14-1.fw /etc/firewall14-1.fw # files: firewall14-1.conf /etc/firewall14-1.conf @@ -248,7 +248,7 @@ configure_interfaces() { update_addresses_of_interface "vlan103 10.100.103.1/0xffffff00" "" } -log "Activating firewall script generated Tue May 10 14:53:20 2011 by vadim" +log "Activating firewall script generated Thu May 26 14:09:19 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall14.conf.orig b/test/pf/firewall14.conf.orig index 328eb5870..e804a629e 100644 --- a/test/pf/firewall14.conf.orig +++ b/test/pf/firewall14.conf.orig @@ -6,14 +6,10 @@ scrub in all fragment reassemble no-df scrub out all random-id min-ttl 64 max-mss 1460 - -# Tables: (1) -table { 10.1.1.50 , 10.3.14.50 , 10.100.101.1 , 10.100.103.1 } - # # Rule backup ssh access rule # backup ssh access rule -pass in quick inet proto tcp from 10.3.14.30 to port 22 label "RULE -1 -- ACCEPT " +pass in quick inet proto tcp from 10.3.14.30 to self port 22 label "RULE -1 -- ACCEPT " # # Rule 0 (global) block log quick inet from any to any no state label "RULE 0 -- DROP " diff --git a/test/pf/firewall14.fw.orig b/test/pf/firewall14.fw.orig index 8a42c7cbc..de1d00c30 100755 --- a/test/pf/firewall14.fw.orig +++ b/test/pf/firewall14.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:20 2011 PDT by vadim +# Generated Thu May 26 14:09:19 2011 PDT by vadim # # files: * firewall14.fw /etc/firewall14.fw # files: firewall14.conf /etc/firewall14.conf @@ -248,7 +248,7 @@ configure_interfaces() { update_addresses_of_interface "vlan103 10.100.103.1/0xffffff00" "" } -log "Activating firewall script generated Tue May 10 14:53:20 2011 by vadim" +log "Activating firewall script generated Thu May 26 14:09:19 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall2-1.conf.orig b/test/pf/firewall2-1.conf.orig index e1d4698a7..a645b0bdf 100644 --- a/test/pf/firewall2-1.conf.orig +++ b/test/pf/firewall2-1.conf.orig @@ -22,9 +22,8 @@ scrub in all fragment reassemble no-df scrub out all random-id min-ttl 32 max-mss 1460 -# Tables: (2) +# Tables: (1) table { 22.22.22.22 , 192.168.1.1 } -table { 22.22.22.22 , 192.168.1.1 , 192.168.2.1 } # NAT compiler errors and warnings: # firewall2-1:NAT:1: error: Negation in original service is not supported. @@ -68,7 +67,7 @@ rdr-anchor "NAT" proto tcp from 192.168.1.0/24 to any port 1080 # # Rule backup ssh access rule # backup ssh access rule -pass in quick inet proto tcp from 192.168.1.100 to port 22 keep state label "RULE -1 - ACCEPT **" +pass in quick inet proto tcp from 192.168.1.100 to self port 22 keep state label "RULE -1 - ACCEPT **" # # Rule 0 (global) # 'catch all' rule diff --git a/test/pf/firewall2-1.fw.orig b/test/pf/firewall2-1.fw.orig index f3fcac9bc..c90b54c8e 100755 --- a/test/pf/firewall2-1.fw.orig +++ b/test/pf/firewall2-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:22 2011 PDT by vadim +# Generated Thu May 26 14:09:22 2011 PDT by vadim # # files: * firewall2-1.fw /etc/fw/firewall2-1.fw # files: firewall2-1.conf /etc/fw/firewall2-1.conf @@ -88,7 +88,7 @@ configure_interfaces() { } -log "Activating firewall script generated Tue May 10 14:53:22 2011 by vadim" +log "Activating firewall script generated Thu May 26 14:09:22 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall2-6.fw.orig b/test/pf/firewall2-6.fw.orig index ae46be3df..92a00602e 100755 --- a/test/pf/firewall2-6.fw.orig +++ b/test/pf/firewall2-6.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:23 2011 PDT by vadim +# Generated Thu May 26 14:09:24 2011 PDT by vadim # # files: * firewall2-6.fw /etc/firewall2-6.fw # files: firewall2-6.conf /etc/firewall2-6.conf @@ -170,7 +170,7 @@ configure_interfaces() { update_addresses_of_interface "lo 127.0.0.1/0xff000000" "" } -log "Activating firewall script generated Tue May 10 14:53:23 2011 by vadim" +log "Activating firewall script generated Thu May 26 14:09:24 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall2.conf.orig b/test/pf/firewall2.conf.orig index 440d070d7..fc340ea0a 100644 --- a/test/pf/firewall2.conf.orig +++ b/test/pf/firewall2.conf.orig @@ -22,12 +22,11 @@ scrub in all fragment reassemble no-df scrub out all random-id min-ttl 32 max-mss 1460 -# Tables: (5) +# Tables: (4) table { 192.168.1.10 , 192.168.1.20 } -table { 22.22.22.22 , 22.22.23.23 , 127.0.0.1 , 192.168.1.1 , 192.168.2.1 } table { 22.22.22.22 , 22.22.23.23 , 192.168.1.1 , 192.168.2.1 } table { 192.168.1.0/24 , 192.168.2.0/24 } -table { 22.22.22.22 , 22.22.23.23 , 192.168.1.0/24 , 192.168.1.1 , 192.168.2.1 } +table { self , 192.168.1.0/24 } # # Rule 0 (NAT) @@ -152,14 +151,14 @@ nat on eth1 proto icmp from 192.168.1.0/24 to any -> 22.22.22.22 # # Rule backup ssh access rule # backup ssh access rule -pass in quick inet proto tcp from 192.168.1.100 to port 22 keep state label "RULE -1 - ACCEPT **" +pass in quick inet proto tcp from 192.168.1.100 to self port 22 keep state label "RULE -1 - ACCEPT **" # # Rule 0 (eth0) block in log quick on eth0 inet from ! 192.168.1.0/24 to any label "RULE 0 - DROP **" # # Rule 1 (eth1) # Anti-spoofing rule -block in log quick on eth1 inet from to any label "Iface: eth1 RULE 1 -- DROP **" +block in log quick on eth1 inet from self to any label "Iface: eth1 RULE 1 -- DROP **" block in log quick on eth1 inet from 192.168.1.0/24 to any label "Iface: eth1 RULE 1 -- DROP **" # # Rule 2 (f2i1,3) @@ -167,17 +166,17 @@ block in log quick on eth1 inet from 192.168.1.0/24 to any label "Iface: # usage in interface # all three rules should yield # the same config -block in log quick on { eth1 eth3 } inet from to any label "Iface: eth1 eth3 RULE 2 -- DROP **" +block in log quick on { eth1 eth3 } inet from self to any label "Iface: eth1 eth3 RULE 2 -- DROP **" block in log quick on { eth1 eth3 } inet from 192.168.1.0/24 to any label "Iface: eth1 eth3 RULE 2 -- DROP **" # # Rule 3 (f2i1,eth3) # Anti-spoofing rule -block in log quick on { eth1 eth3 } inet from to any label "Iface: eth1 eth3 RULE 3 -- DROP **" +block in log quick on { eth1 eth3 } inet from self to any label "Iface: eth1 eth3 RULE 3 -- DROP **" block in log quick on { eth1 eth3 } inet from 192.168.1.0/24 to any label "Iface: eth1 eth3 RULE 3 -- DROP **" # # Rule 4 (eth1,eth3) # Anti-spoofing rule -block in log quick on { eth1 eth3 } inet from to any label "Iface: eth1 eth3 RULE 4 -- DROP **" +block in log quick on { eth1 eth3 } inet from self to any label "Iface: eth1 eth3 RULE 4 -- DROP **" block in log quick on { eth1 eth3 } inet from 192.168.1.0/24 to any label "Iface: eth1 eth3 RULE 4 -- DROP **" # # Rule 5 (eth1) @@ -205,7 +204,7 @@ pass quick inet from 192.168.1.0/24 to any keep state label "RULE 10 - ACCEP # Rule 12 (global) # firewall2:Policy:12: warning: Changing rule direction due to self reference -pass in quick inet proto tcp from any to port { 21, 80, 25 } keep state label "RULE 12 - ACCEPT **" +pass in quick inet proto tcp from any to self port { 21, 80, 25 } keep state label "RULE 12 - ACCEPT **" pass quick inet proto tcp from any to 192.168.1.10 port { 21, 80, 25 } keep state label "RULE 12 - ACCEPT **" # # Rule 13 (global) diff --git a/test/pf/firewall2.fw.orig b/test/pf/firewall2.fw.orig index 2ab85f639..a4d1e04b8 100755 --- a/test/pf/firewall2.fw.orig +++ b/test/pf/firewall2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:21 2011 PDT by vadim +# Generated Thu May 26 14:09:20 2011 PDT by vadim # # files: * firewall2.fw /etc/fw/firewall2.fw # files: firewall2.conf /etc/fw/firewall2.conf @@ -73,7 +73,7 @@ configure_interfaces() { } -log "Activating firewall script generated Tue May 10 14:53:21 2011 by vadim" +log "Activating firewall script generated Thu May 26 14:09:20 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall20.fw.orig b/test/pf/firewall20.fw.orig index ed0c6185f..ab8657f55 100755 --- a/test/pf/firewall20.fw.orig +++ b/test/pf/firewall20.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:21 2011 PDT by vadim +# Generated Thu May 26 14:09:21 2011 PDT by vadim # # files: * firewall20.fw /etc/fw/firewall20.fw # files: firewall20.conf /etc/fw/firewall20.conf @@ -73,7 +73,7 @@ configure_interfaces() { } -log "Activating firewall script generated Tue May 10 14:53:21 2011 by vadim" +log "Activating firewall script generated Thu May 26 14:09:21 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall21.fw.orig b/test/pf/firewall21.fw.orig index c82942781..d3ed3a79a 100755 --- a/test/pf/firewall21.fw.orig +++ b/test/pf/firewall21.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:22 2011 PDT by vadim +# Generated Thu May 26 14:09:22 2011 PDT by vadim # # files: * firewall21.fw /etc/fw/firewall21.fw # files: firewall21.conf /etc/fw/firewall21.conf @@ -81,7 +81,7 @@ configure_interfaces() { } -log "Activating firewall script generated Tue May 10 14:53:22 2011 by vadim" +log "Activating firewall script generated Thu May 26 14:09:22 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall22.fw.orig b/test/pf/firewall22.fw.orig index 68cc216ab..80dfd84cd 100755 --- a/test/pf/firewall22.fw.orig +++ b/test/pf/firewall22.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:23 2011 PDT by vadim +# Generated Thu May 26 14:09:24 2011 PDT by vadim # # files: * firewall22.fw /etc/fw/firewall22.fw # files: firewall22.conf /etc/fw/firewall22.conf @@ -80,7 +80,7 @@ configure_interfaces() { } -log "Activating firewall script generated Tue May 10 14:53:23 2011 by vadim" +log "Activating firewall script generated Thu May 26 14:09:24 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall3.conf.orig b/test/pf/firewall3.conf.orig index f68efdd8d..d8ed1169d 100644 --- a/test/pf/firewall3.conf.orig +++ b/test/pf/firewall3.conf.orig @@ -17,10 +17,6 @@ scrub out all random-id # # End of prolog script # - -# Tables: (1) -table { 22.22.22.21 , 22.22.22.22 , 192.168.1.1 } - # # Rule 0 (NAT) nat on le0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 22.22.22.21 @@ -45,7 +41,7 @@ rdr proto {tcp udp icmp} from any to 22.22.22.21 -> { 192.168.1.10 , 192.168.1.2 # the firewall are denied and logged # firewall3:Policy:0: warning: Changing rule direction due to self reference -block in log quick inet from any to label "RULE 0 -- DROP " +block in log quick inet from any to self label "RULE 0 -- DROP " # # Rule 1 (global) pass quick inet from 192.168.1.0/24 to any keep state ( max 1000 ) label "RULE 1 -- ACCEPT " diff --git a/test/pf/firewall3.fw.orig b/test/pf/firewall3.fw.orig index cd0a51957..9c77a57cb 100755 --- a/test/pf/firewall3.fw.orig +++ b/test/pf/firewall3.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:24 2011 PDT by vadim +# Generated Thu May 26 14:09:25 2011 PDT by vadim # # files: * firewall3.fw /etc/firewall3.fw # files: firewall3.conf /etc/firewall3.conf @@ -165,7 +165,7 @@ configure_interfaces() { update_addresses_of_interface "lo 127.0.0.1/0xff000000" "" } -log "Activating firewall script generated Tue May 10 14:53:24 2011 by vadim" +log "Activating firewall script generated Thu May 26 14:09:25 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall33.conf.orig b/test/pf/firewall33.conf.orig index 6cbba8bc4..18c214500 100644 --- a/test/pf/firewall33.conf.orig +++ b/test/pf/firewall33.conf.orig @@ -6,7 +6,7 @@ table { 157.166.224.25 , 157.166.224.26 , 157.166.226.25 , 157.166.226.26 , 157.166.255.18 , 157.166.255.19 } table { www.google.com , 157.166.224.25 , 157.166.224.26 , 157.166.226.25 , 157.166.226.26 , 157.166.255.18 , 157.166.255.19 } table { www.google.com , www.cnn.com } -table { 64.233.183.99 , 64.233.183.103 , 64.233.183.104 , 64.233.183.105 , 64.233.183.106 , 64.233.183.147 , 157.166.224.25 , 157.166.224.26 , 157.166.226.25 , 157.166.226.26 , 157.166.255.18 , 157.166.255.19 } +table { 74.125.224.112 , 74.125.224.113 , 74.125.224.114 , 74.125.224.115 , 74.125.224.116 , 157.166.224.25 , 157.166.224.26 , 157.166.226.25 , 157.166.226.26 , 157.166.255.18 , 157.166.255.19 } # # Rule 0 (NAT) diff --git a/test/pf/firewall33.fw.orig b/test/pf/firewall33.fw.orig index 1a308df3a..87ed5bc47 100755 --- a/test/pf/firewall33.fw.orig +++ b/test/pf/firewall33.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:24 2011 PDT by vadim +# Generated Thu May 26 14:09:26 2011 PDT by vadim # # files: * firewall33.fw /etc/fw/firewall33.fw # files: firewall33.conf /etc/fw/firewall33.conf @@ -168,7 +168,7 @@ configure_interfaces() { update_addresses_of_interface "lo 127.0.0.1/0xff000000" "" } -log "Activating firewall script generated Tue May 10 14:53:24 2011 by vadim" +log "Activating firewall script generated Thu May 26 14:09:26 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall34.fw.orig b/test/pf/firewall34.fw.orig index 202952b76..6933ad633 100755 --- a/test/pf/firewall34.fw.orig +++ b/test/pf/firewall34.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:24 2011 PDT by vadim +# Generated Thu May 26 14:09:27 2011 PDT by vadim # # files: * firewall34.fw /etc/fw/firewall34.fw # files: firewall34.conf /etc/fw/firewall34.conf @@ -164,7 +164,7 @@ configure_interfaces() { update_addresses_of_interface "lo 127.0.0.1/0xff000000" "" } -log "Activating firewall script generated Tue May 10 14:53:24 2011 by vadim" +log "Activating firewall script generated Thu May 26 14:09:27 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall38.fw.orig b/test/pf/firewall38.fw.orig index 74c8ca4c3..c135f2b8f 100755 --- a/test/pf/firewall38.fw.orig +++ b/test/pf/firewall38.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:25 2011 PDT by vadim +# Generated Thu May 26 14:09:27 2011 PDT by vadim # # files: * firewall38.fw /etc/fw/firewall38.fw # files: firewall38.conf /etc/fw/firewall38.conf @@ -76,7 +76,7 @@ configure_interfaces() { } -log "Activating firewall script generated Tue May 10 14:53:25 2011 by vadim" +log "Activating firewall script generated Thu May 26 14:09:27 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall39-rule2_branch.conf.orig b/test/pf/firewall39-rule2_branch.conf.orig index ee5f7ddd4..b5d53ae9a 100644 --- a/test/pf/firewall39-rule2_branch.conf.orig +++ b/test/pf/firewall39-rule2_branch.conf.orig @@ -1,14 +1,10 @@ - -# Tables: (1) -table { 192.168.1.1 , 192.168.2.1 } - # Policy compiler errors and warnings: # firewall39:rule2_branch:0: warning: Changing rule direction due to self reference # # Rule rule2_branch 0 (global) # firewall39:rule2_branch:0: warning: Changing rule direction due to self reference -pass in quick inet from any to keep state +pass in quick inet from any to self keep state # # Rule rule2_branch 1 (global) block log quick inet from any to any diff --git a/test/pf/firewall39.fw.orig b/test/pf/firewall39.fw.orig index 768dc3e9a..c3ec0fcf2 100755 --- a/test/pf/firewall39.fw.orig +++ b/test/pf/firewall39.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:25 2011 PDT by vadim +# Generated Thu May 26 14:09:28 2011 PDT by vadim # # files: * firewall39.fw pf.fw # files: firewall39.conf pf.conf @@ -79,7 +79,7 @@ configure_interfaces() { } -log "Activating firewall script generated Tue May 10 14:53:25 2011 by vadim" +log "Activating firewall script generated Thu May 26 14:09:28 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall4.conf.orig b/test/pf/firewall4.conf.orig index a041e4170..2b8f0e2cd 100644 --- a/test/pf/firewall4.conf.orig +++ b/test/pf/firewall4.conf.orig @@ -5,7 +5,7 @@ set optimization high-latency # Tables: (3) table { eth1 , 192.168.1.1 , 192.168.2.1 , 222.222.222.222 } -table { eth1 , 192.168.1.0/24 , 192.168.1.1 , 192.168.2.1 , 222.222.222.222 } +table { self , 192.168.1.0/24 } table { 192.168.1.10 , 192.168.1.20 } @@ -59,7 +59,7 @@ block log quick on eth1 inet proto icmp from ! 192.168.2.0/24 to any icmp-ty # # Rule 3 (eth1) # Anti-spoofing rule -block in log quick on eth1 inet from to any +block in log quick on eth1 inet from self to any block in log quick on eth1 inet from 192.168.1.0/24 to any # # Rule 4 (eth1) @@ -73,7 +73,7 @@ pass log quick inet proto icmp from any to 192.168.1.1 icmp-type 8 code 0 k # Rule 6 (global) # firewall4:Policy:6: warning: Changing rule direction due to self reference -block in log quick inet proto icmp from ! to icmp-type 3 +block in log quick inet proto icmp from ! to self icmp-type 3 # # Rule 7 (global) # testing negation in the policy rule diff --git a/test/pf/firewall4.fw.orig b/test/pf/firewall4.fw.orig index feca4c86d..4546e1440 100755 --- a/test/pf/firewall4.fw.orig +++ b/test/pf/firewall4.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:25 2011 PDT by vadim +# Generated Thu May 26 14:09:29 2011 PDT by vadim # # files: * firewall4.fw pf.fw # files: firewall4.conf /etc/fw/pf.conf @@ -77,7 +77,7 @@ configure_interfaces() { } -log "Activating firewall script generated Tue May 10 14:53:25 2011 by vadim" +log "Activating firewall script generated Thu May 26 14:09:29 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall40-1.fw.orig b/test/pf/firewall40-1.fw.orig index 1785a918d..976cd566a 100755 --- a/test/pf/firewall40-1.fw.orig +++ b/test/pf/firewall40-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:26 2011 PDT by vadim +# Generated Thu May 26 14:09:30 2011 PDT by vadim # # files: * firewall40-1.fw /etc/firewall40-1.fw # files: firewall40-1.conf /etc/firewall40-1.conf @@ -182,7 +182,7 @@ configure_interfaces() { update_addresses_of_interface "lo0 127.0.0.1/0xff000000" "" } -log "Activating firewall script generated Tue May 10 14:53:26 2011 by vadim" +log "Activating firewall script generated Thu May 26 14:09:30 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall40.conf.orig b/test/pf/firewall40.conf.orig index ccebffb32..9fa30b55d 100644 --- a/test/pf/firewall40.conf.orig +++ b/test/pf/firewall40.conf.orig @@ -1,10 +1,6 @@ - -# Tables: (1) -table { 192.0.2.1 , 192.0.3.1 , 192.168.1.1 } - # # Rule 0 (NAT) # Translate source address @@ -30,7 +26,7 @@ pass in quick on fxp0 route-to { ( le1 192.0.2.10 ) } inet proto tcp from 192 pass in quick on fxp0 route-to { ( le2 192.0.3.10 ) } inet proto tcp from 192.168.1.0/24 to any port 22 label "RULE 3 -- ACCEPT " # # Rule 4 (global) -pass out quick inet from to any keep state label "RULE 4 -- ACCEPT " +pass out quick inet from self to any keep state label "RULE 4 -- ACCEPT " # # Rule 5 (global) block log quick inet from any to any label "RULE 5 -- DROP " diff --git a/test/pf/firewall40.fw.orig b/test/pf/firewall40.fw.orig index 27ddda20f..1138660b3 100755 --- a/test/pf/firewall40.fw.orig +++ b/test/pf/firewall40.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:26 2011 PDT by vadim +# Generated Thu May 26 14:09:29 2011 PDT by vadim # # files: * firewall40.fw /etc/firewall40.fw # files: firewall40.conf /etc/firewall40.conf @@ -166,7 +166,7 @@ configure_interfaces() { update_addresses_of_interface "lo0 127.0.0.1/0xff000000" "" } -log "Activating firewall script generated Tue May 10 14:53:26 2011 by vadim" +log "Activating firewall script generated Thu May 26 14:09:29 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall41.conf.orig b/test/pf/firewall41.conf.orig index c8bca35c1..5e270cf67 100644 --- a/test/pf/firewall41.conf.orig +++ b/test/pf/firewall41.conf.orig @@ -2,10 +2,9 @@ -# Tables: (4) +# Tables: (3) table persist file "block-hosts.tbl" table persist -table { 1.1.1.1 , 2.2.2.2 } table { 192.168.1.1 , 192.168.1.2 , 192.168.1.3/30 , 192.168.1.200 , 192.168.1.201 , 192.168.2.128/25 } # Policy compiler errors and warnings: @@ -14,22 +13,22 @@ table { 192.168.1.1 , 192.168.1.2 , 192.168.1.3/30 , 192.168.1.200 , # firewall41:Policy:3: error: File not found for Address Table: missing table (file_does_not_exist.tbl) Using dummy address in test mode # # Rule 0 (global) -pass out log quick inet from to www.heise.de keep state label "RULE 0 -- ACCEPT " +pass out log quick inet from self to www.heise.de keep state label "RULE 0 -- ACCEPT " # # Rule 1 (global) -pass out log quick inet from to keep state label "RULE 1 -- ACCEPT " +pass out log quick inet from self to keep state label "RULE 1 -- ACCEPT " # # Rule 2 (global) -pass out log quick inet from to keep state label "RULE 2 -- ACCEPT " -pass out log quick inet from to keep state label "RULE 2 -- ACCEPT " +pass out log quick inet from self to keep state label "RULE 2 -- ACCEPT " +pass out log quick inet from self to keep state label "RULE 2 -- ACCEPT " # # Rule 3 (global) # firewall41:Policy:3: error: File not found for Address Table: missing table (file_does_not_exist.tbl) Using dummy address in test mode -pass out log quick inet from to 192.0.2.0/24 keep state label "RULE 3 -- ACCEPT " +pass out log quick inet from self to 192.0.2.0/24 keep state label "RULE 3 -- ACCEPT " # # Rule 4 (global) -pass out log quick inet from to 1.1.1.1 keep state label "RULE 4 -- ACCEPT " +pass out log quick inet from self to 1.1.1.1 keep state label "RULE 4 -- ACCEPT " # # Rule fallback rule # fallback rule diff --git a/test/pf/firewall41.fw.orig b/test/pf/firewall41.fw.orig index 7ee3d7efd..0947da088 100755 --- a/test/pf/firewall41.fw.orig +++ b/test/pf/firewall41.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:27 2011 PDT by vadim +# Generated Thu May 26 14:09:31 2011 PDT by vadim # # files: * firewall41.fw /etc/firewall41.fw # files: firewall41.conf /etc/firewall41.conf @@ -169,7 +169,7 @@ configure_interfaces() { update_addresses_of_interface "eth1 2.2.2.2/0xffffff00" "" } -log "Activating firewall script generated Tue May 10 14:53:27 2011 by vadim" +log "Activating firewall script generated Thu May 26 14:09:31 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall5.fw.orig b/test/pf/firewall5.fw.orig index 49de690af..5fddbe851 100755 --- a/test/pf/firewall5.fw.orig +++ b/test/pf/firewall5.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:27 2011 PDT by vadim +# Generated Thu May 26 14:09:32 2011 PDT by vadim # # files: * firewall5.fw /etc/fw/firewall5.fw # files: firewall5.conf /etc/fw/firewall5.conf @@ -77,7 +77,7 @@ configure_interfaces() { } -log "Activating firewall script generated Tue May 10 14:53:27 2011 by vadim" +log "Activating firewall script generated Thu May 26 14:09:32 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall51.fw.orig b/test/pf/firewall51.fw.orig index e983ed0c3..85c2f7e22 100755 --- a/test/pf/firewall51.fw.orig +++ b/test/pf/firewall51.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:28 2011 PDT by vadim +# Generated Thu May 26 14:09:32 2011 PDT by vadim # # files: * firewall51.fw /etc/fw/firewall51.fw # files: firewall51.conf /etc/fw/firewall51.conf @@ -80,7 +80,7 @@ configure_interfaces() { } -log "Activating firewall script generated Tue May 10 14:53:28 2011 by vadim" +log "Activating firewall script generated Thu May 26 14:09:32 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall6.conf.orig b/test/pf/firewall6.conf.orig index 1ae8eb5d7..f72195672 100644 --- a/test/pf/firewall6.conf.orig +++ b/test/pf/firewall6.conf.orig @@ -1,20 +1,16 @@ - -# Tables: (1) -table { 22.22.22.22 , 22.22.23.23 , 192.168.1.1 , 192.168.2.1 } - # Policy compiler errors and warnings: # firewall6:Policy:1: warning: Changing rule direction due to self reference # # Rule 0 (eth1) -block in log quick on eth1 inet from any to ! +block in log quick on eth1 inet from any to ! self # # Rule 1 (global) # firewall6:Policy:1: warning: Changing rule direction due to self reference -block in quick inet from any to ! +block in quick inet from any to ! self # # Rule fallback rule # fallback rule diff --git a/test/pf/firewall6.fw.orig b/test/pf/firewall6.fw.orig index 7a8250122..5c837f1e0 100755 --- a/test/pf/firewall6.fw.orig +++ b/test/pf/firewall6.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:28 2011 PDT by vadim +# Generated Thu May 26 14:09:33 2011 PDT by vadim # # files: * firewall6.fw /etc/fw/firewall6.fw # files: firewall6.conf /etc/fw/firewall6.conf @@ -73,7 +73,7 @@ configure_interfaces() { } -log "Activating firewall script generated Tue May 10 14:53:28 2011 by vadim" +log "Activating firewall script generated Thu May 26 14:09:33 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall62.conf.orig b/test/pf/firewall62.conf.orig index 8dfe7b541..32232ad3b 100644 --- a/test/pf/firewall62.conf.orig +++ b/test/pf/firewall62.conf.orig @@ -1,10 +1,6 @@ - -# Tables: (1) -table { 192.168.1.1 , 222.222.222.222 } - # Policy compiler errors and warnings: # firewall62:Policy:1: error: Rule '1 (global)' shadows rule '2 (global)' below it # firewall62:Policy:1: error: Rule '1 (global)' shadows rule '2 (global)' below it @@ -44,29 +40,29 @@ pass in quick on en0 inet from any to any user proxy label "RULE 0 -- ACCE # firewall62:Policy:1: error: Rule '1 (global)' shadows rule '6 (global)' below it # firewall62:Policy:1: warning: Changing rule direction due to self reference -pass out quick inet from to any user { 2000, 500 } label "RULE 1 -- ACCEPT " +pass out quick inet from self to any user { 2000, 500 } label "RULE 1 -- ACCEPT " # # Rule 2 (global) # firewall62:Policy:2: warning: Changing rule direction due to self reference -pass out quick inet from to any user 2000 label "RULE 2 -- ACCEPT " +pass out quick inet from self to any user 2000 label "RULE 2 -- ACCEPT " # # Rule 3 (global) # firewall62:Policy:3: error: Rule '3 (global)' shadows rule '4 (global)' below it # firewall62:Policy:3: error: Rule '3 (global)' shadows rule '5 (global)' below it -pass out quick inet proto tcp from to any port 80 flags any label "RULE 3 -- ACCEPT " -pass out quick inet from to any user 2000 label "RULE 3 -- ACCEPT " +pass out quick inet proto tcp from self to any port 80 flags any label "RULE 3 -- ACCEPT " +pass out quick inet from self to any user 2000 label "RULE 3 -- ACCEPT " # # Rule 4 (global) # firewall62:Policy:4: warning: Changing rule direction due to self reference -pass out quick inet proto tcp from to any port 80 flags any label "RULE 4 -- ACCEPT " -pass out quick inet from to any user 2000 label "RULE 4 -- ACCEPT " +pass out quick inet proto tcp from self to any port 80 flags any label "RULE 4 -- ACCEPT " +pass out quick inet from self to any user 2000 label "RULE 4 -- ACCEPT " # # Rule 5 (global) -pass out quick inet proto tcp from to any port 80 flags any label "RULE 5 -- ACCEPT " -pass out quick inet from to any user 2000 label "RULE 5 -- ACCEPT " +pass out quick inet proto tcp from self to any port 80 flags any label "RULE 5 -- ACCEPT " +pass out quick inet from self to any user 2000 label "RULE 5 -- ACCEPT " # # Rule 6 (global) pass quick inet from 192.168.1.1 to any user 2000 label "RULE 6 -- ACCEPT " @@ -79,15 +75,15 @@ pass quick inet from 192.168.1.0/24 to any user 2000 label "RULE 7 -- ACCEP # firewall62:Policy:8: error: Rule '8 (global)' shadows rule '9 (global)' below it # firewall62:Policy:8: warning: Changing rule direction due to self reference -pass in quick inet from any to user 2000 label "RULE 8 -- ACCEPT " +pass in quick inet from any to self user 2000 label "RULE 8 -- ACCEPT " # # Rule 9 (global) # firewall62:Policy:9: warning: Changing rule direction due to self reference -pass in quick inet from any to user { 2000, 500 } label "RULE 9 -- ACCEPT " +pass in quick inet from any to self user { 2000, 500 } label "RULE 9 -- ACCEPT " # # Rule 10 (global) -pass in quick inet from any to user 2000 label "RULE 10 -- ACCEPT " +pass in quick inet from any to self user 2000 label "RULE 10 -- ACCEPT " # # Rule 11 (global) pass quick inet from ! 192.168.1.0/24 to any user 2000 label "RULE 11 -- ACCEPT " @@ -95,7 +91,7 @@ pass quick inet from ! 192.168.1.0/24 to any user 2000 label "RULE 11 -- AC # Rule 12 (global) # firewall62:Policy:12: warning: Changing rule direction due to self reference -pass in quick inet from any to ! user 2000 label "RULE 12 -- ACCEPT " +pass in quick inet from any to ! self user 2000 label "RULE 12 -- ACCEPT " # # Rule 13 (global) block quick inet from any to any no state label "RULE 13 -- DROP " diff --git a/test/pf/firewall62.fw.orig b/test/pf/firewall62.fw.orig index eb53f5a23..6c3e09c32 100755 --- a/test/pf/firewall62.fw.orig +++ b/test/pf/firewall62.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:29 2011 PDT by vadim +# Generated Thu May 26 14:09:34 2011 PDT by vadim # # files: * firewall62.fw /etc/firewall62.fw # files: firewall62.conf /etc/firewall62.conf @@ -191,7 +191,7 @@ configure_interfaces() { update_addresses_of_interface "en1 222.222.222.222/0xffffff00" "" } -log "Activating firewall script generated Tue May 10 14:53:29 2011 by vadim" +log "Activating firewall script generated Thu May 26 14:09:34 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall63.fw.orig b/test/pf/firewall63.fw.orig index b04ecf09f..c47f13e47 100755 --- a/test/pf/firewall63.fw.orig +++ b/test/pf/firewall63.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:29 2011 PDT by vadim +# Generated Thu May 26 14:09:34 2011 PDT by vadim # # files: * firewall63.fw /etc/fw/firewall63.fw # files: firewall63.conf /etc/fw/firewall63.conf @@ -77,7 +77,7 @@ configure_interfaces() { } -log "Activating firewall script generated Tue May 10 14:53:29 2011 by vadim" +log "Activating firewall script generated Thu May 26 14:09:34 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall7.fw.orig b/test/pf/firewall7.fw.orig index a1d6f26a6..b00cc82c5 100755 --- a/test/pf/firewall7.fw.orig +++ b/test/pf/firewall7.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:29 2011 PDT by vadim +# Generated Thu May 26 14:09:35 2011 PDT by vadim # # files: * firewall7.fw /etc/fw/firewall7.fw # files: firewall7.conf /etc/fw/firewall7.conf @@ -73,7 +73,7 @@ configure_interfaces() { } -log "Activating firewall script generated Tue May 10 14:53:29 2011 by vadim" +log "Activating firewall script generated Thu May 26 14:09:35 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall70.conf.orig b/test/pf/firewall70.conf.orig index 4aa5a8c66..32b97eb51 100644 --- a/test/pf/firewall70.conf.orig +++ b/test/pf/firewall70.conf.orig @@ -1,10 +1,6 @@ - -# Tables: (1) -table { 22.22.22.22 , 192.0.2.1 , 192.168.1.1 } - # Policy compiler errors and warnings: # firewall70:Policy:0: warning: Changing rule direction due to self reference # firewall70:Policy:1: warning: Changing rule direction due to self reference @@ -16,32 +12,32 @@ table { 22.22.22.22 , 192.0.2.1 , 192.168.1.1 } # Rule 0 (global) # firewall70:Policy:0: warning: Changing rule direction due to self reference -pass in quick inet proto tcp from any to port 22 flags S/SA keep state +pass in quick inet proto tcp from any to self port 22 flags S/SA keep state # # Rule 1 (en0) # firewall70:Policy:1: warning: Changing rule direction due to self reference -pass in quick on en0 inet proto tcp from any to port 22 flags S/SA keep state +pass in quick on en0 inet proto tcp from any to self port 22 flags S/SA keep state # # Rule 2 (en0,en1) # firewall70:Policy:2: warning: Changing rule direction due to self reference -pass in quick on { en0 en1 } inet proto tcp from any to port 22 flags S/SA keep state +pass in quick on { en0 en1 } inet proto tcp from any to self port 22 flags S/SA keep state # # Rule 3 (en2,en0,en1,en3) # firewall70:Policy:3: warning: Changing rule direction due to self reference -pass in quick on { en0 en1 en2 en3 } inet proto tcp from any to port 22 flags S/SA keep state +pass in quick on { en0 en1 en2 en3 } inet proto tcp from any to self port 22 flags S/SA keep state # # Rule 4 (en0) # firewall70:Policy:4: warning: Changing rule direction due to self reference -pass in quick on { en1 en2 } inet proto tcp from any to port 22 flags S/SA keep state +pass in quick on { en1 en2 } inet proto tcp from any to self port 22 flags S/SA keep state # # Rule 5 (en0,en1) # firewall70:Policy:5: warning: Changing rule direction due to self reference -pass in quick on en2 inet proto tcp from any to port 22 flags S/SA keep state +pass in quick on en2 inet proto tcp from any to self port 22 flags S/SA keep state # # Rule fallback rule # fallback rule diff --git a/test/pf/firewall70.fw.orig b/test/pf/firewall70.fw.orig index e687ceb99..0bbede766 100755 --- a/test/pf/firewall70.fw.orig +++ b/test/pf/firewall70.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:30 2011 PDT by vadim +# Generated Thu May 26 14:09:36 2011 PDT by vadim # # files: * firewall70.fw /etc/fw/firewall70.fw # files: firewall70.conf /etc/fw/firewall70.conf @@ -82,7 +82,7 @@ configure_interfaces() { } -log "Activating firewall script generated Tue May 10 14:53:30 2011 by vadim" +log "Activating firewall script generated Thu May 26 14:09:36 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall8.fw.orig b/test/pf/firewall8.fw.orig index 2aaa77d25..a2b8b7178 100755 --- a/test/pf/firewall8.fw.orig +++ b/test/pf/firewall8.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:30 2011 PDT by vadim +# Generated Thu May 26 14:09:37 2011 PDT by vadim # # files: * firewall8.fw /etc/firewall8.fw # files: firewall8.conf /etc/firewall8.conf @@ -72,7 +72,7 @@ configure_interfaces() { } -log "Activating firewall script generated Tue May 10 14:53:30 2011 by vadim" +log "Activating firewall script generated Thu May 26 14:09:37 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall80-4.5.fw.orig b/test/pf/firewall80-4.5.fw.orig index 1b5848843..0510c0afc 100755 --- a/test/pf/firewall80-4.5.fw.orig +++ b/test/pf/firewall80-4.5.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:31 2011 PDT by vadim +# Generated Thu May 26 14:09:38 2011 PDT by vadim # # files: * firewall80-4.5.fw /etc/firewall80-4.5.fw # files: firewall80-4.5.conf /etc/firewall80-4.5.conf @@ -73,7 +73,7 @@ configure_interfaces() { } -log "Activating firewall script generated Tue May 10 14:53:31 2011 by vadim" +log "Activating firewall script generated Thu May 26 14:09:38 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall80.fw.orig b/test/pf/firewall80.fw.orig index 6cce2185a..0758f8bf1 100755 --- a/test/pf/firewall80.fw.orig +++ b/test/pf/firewall80.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:30 2011 PDT by vadim +# Generated Thu May 26 14:09:37 2011 PDT by vadim # # files: * firewall80.fw /etc/firewall80.fw # files: firewall80.conf /etc/firewall80.conf @@ -73,7 +73,7 @@ configure_interfaces() { } -log "Activating firewall script generated Tue May 10 14:53:30 2011 by vadim" +log "Activating firewall script generated Thu May 26 14:09:37 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall9.fw.orig b/test/pf/firewall9.fw.orig index 7fb36c24c..ba284ec86 100755 --- a/test/pf/firewall9.fw.orig +++ b/test/pf/firewall9.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:31 2011 PDT by vadim +# Generated Thu May 26 14:09:39 2011 PDT by vadim # # files: * firewall9.fw /etc/fw/firewall9.fw # files: firewall9.conf /etc/fw/firewall9.conf @@ -76,7 +76,7 @@ configure_interfaces() { } -log "Activating firewall script generated Tue May 10 14:53:31 2011 by vadim" +log "Activating firewall script generated Thu May 26 14:09:39 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall91.conf.orig b/test/pf/firewall91.conf.orig index 562f6ee2f..fed8a2d2c 100644 --- a/test/pf/firewall91.conf.orig +++ b/test/pf/firewall91.conf.orig @@ -1,14 +1,10 @@ - -# Tables: (1) -table { 10.1.1.50 , 10.3.14.50 , 10.100.101.1 , 10.100.103.1 } - # # Rule backup ssh access rule # backup ssh access rule -pass in quick inet proto tcp from 10.3.14.30 to port 22 flags S/SA keep state label "RULE -1 -- ACCEPT " +pass in quick inet proto tcp from 10.3.14.30 to self port 22 flags S/SA keep state label "RULE -1 -- ACCEPT " # # Rule 0 (global) block log quick inet from any to any label "RULE 0 -- DROP " diff --git a/test/pf/firewall91.fw.orig b/test/pf/firewall91.fw.orig index 5441f88fd..27eaa899b 100755 --- a/test/pf/firewall91.fw.orig +++ b/test/pf/firewall91.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:32 2011 PDT by vadim +# Generated Thu May 26 14:09:39 2011 PDT by vadim # # files: * firewall91.fw /etc/fw/pf.fw # files: firewall91.conf /etc/fw/pf.conf @@ -247,7 +247,7 @@ configure_interfaces() { update_addresses_of_interface "vlan103 10.100.103.1/0xffffff00" "" } -log "Activating firewall script generated Tue May 10 14:53:32 2011 by vadim" +log "Activating firewall script generated Thu May 26 14:09:39 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall92.conf.orig b/test/pf/firewall92.conf.orig index a0b55c9fd..2d0ec3d3f 100644 --- a/test/pf/firewall92.conf.orig +++ b/test/pf/firewall92.conf.orig @@ -7,10 +7,6 @@ set timeout udp.single 5 match all scrub (reassemble tcp no-df ) match out all scrub (random-id min-ttl 1 max-mss 1460) - -# Tables: (1) -table { 10.1.1.81 , 10.3.14.81 } - # NAT compiler errors and warnings: # firewall92:NAT:2: error: No translation rules are not supported for PF 4.7, use negation to implement exclusions # @@ -28,12 +24,12 @@ match in on em0 proto udp from any to 10.3.14.81 port 161 rdr-to 10.1.1.1 port 1 # # Rule backup ssh access rule # backup ssh access rule -pass in quick inet proto tcp from 10.3.14.30 to port 22 label "RULE -1 -- ACCEPT " +pass in quick inet proto tcp from 10.3.14.30 to self port 22 label "RULE -1 -- ACCEPT " # # Rule 0 (global) # firewall92:Policy:0: warning: Changing rule direction due to self reference -pass in quick inet proto tcp from 10.3.14.0/24 to port 22 label "RULE 0 -- ACCEPT " +pass in quick inet proto tcp from 10.3.14.0/24 to self port 22 label "RULE 0 -- ACCEPT " # # Rule 1 (global) pass quick inet from 10.1.1.0/24 to any label "RULE 1 -- ACCEPT " diff --git a/test/pf/firewall92.fw.orig b/test/pf/firewall92.fw.orig index 57a101cc2..b01bf49d0 100755 --- a/test/pf/firewall92.fw.orig +++ b/test/pf/firewall92.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:32 2011 PDT by vadim +# Generated Thu May 26 14:09:40 2011 PDT by vadim # # files: * firewall92.fw /etc/fw/pf.fw # files: firewall92.conf /etc/fw/path\ with\ space/pf.conf @@ -166,7 +166,7 @@ configure_interfaces() { update_addresses_of_interface "em1 10.1.1.81/0xffffff00" "" } -log "Activating firewall script generated Tue May 10 14:53:32 2011 by vadim" +log "Activating firewall script generated Thu May 26 14:09:40 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/objects-for-regression-tests.fwb b/test/pf/objects-for-regression-tests.fwb index d9e345411..1927d4745 100644 --- a/test/pf/objects-for-regression-tests.fwb +++ b/test/pf/objects-for-regression-tests.fwb @@ -2281,7 +2281,7 @@ - + @@ -3002,7 +3002,9 @@ + + @@ -3014,6 +3016,8 @@ + + @@ -3050,6 +3054,7 @@ + @@ -3078,9 +3083,11 @@ + + @@ -3095,6 +3102,7 @@ + diff --git a/test/pf/pf_cluster_1_openbsd-1.fw.orig b/test/pf/pf_cluster_1_openbsd-1.fw.orig index f49c2cad4..336398654 100755 --- a/test/pf/pf_cluster_1_openbsd-1.fw.orig +++ b/test/pf/pf_cluster_1_openbsd-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:34 2011 PDT by vadim +# Generated Thu May 26 14:09:43 2011 PDT by vadim # # files: * pf_cluster_1_openbsd-1.fw /etc/pf_cluster_1_openbsd-1.fw # files: pf_cluster_1_openbsd-1.conf /etc/pf_cluster_1_openbsd-1.conf @@ -299,7 +299,7 @@ configure_interfaces() { update_addresses_of_interface "carp1 192.168.1.1/0xffffff00" "" } -log "Activating firewall script generated Tue May 10 14:53:34 2011 by vadim" +log "Activating firewall script generated Thu May 26 14:09:43 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/pf_cluster_1_openbsd-2.fw.orig b/test/pf/pf_cluster_1_openbsd-2.fw.orig index 8b19d5f75..071bfdf81 100755 --- a/test/pf/pf_cluster_1_openbsd-2.fw.orig +++ b/test/pf/pf_cluster_1_openbsd-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:34 2011 PDT by vadim +# Generated Thu May 26 14:09:43 2011 PDT by vadim # # files: * pf_cluster_1_openbsd-2.fw /etc/pf_cluster_1_openbsd-2.fw # files: pf_cluster_1_openbsd-2.conf /etc/pf_cluster_1_openbsd-2.conf @@ -195,7 +195,7 @@ configure_interfaces() { update_addresses_of_interface "carp1 192.168.1.1/0xffffff00" "" } -log "Activating firewall script generated Tue May 10 14:53:34 2011 by vadim" +log "Activating firewall script generated Thu May 26 14:09:43 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/pf_cluster_2_freebsd-1.fw.orig b/test/pf/pf_cluster_2_freebsd-1.fw.orig index f70ee4353..4903aa80f 100755 --- a/test/pf/pf_cluster_2_freebsd-1.fw.orig +++ b/test/pf/pf_cluster_2_freebsd-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:34 2011 PDT by vadim +# Generated Thu May 26 14:09:43 2011 PDT by vadim # # files: * pf_cluster_2_freebsd-1.fw /etc/pf_cluster_2_freebsd-1.fw # files: pf_cluster_2_freebsd-1.conf /etc/pf_cluster_2_freebsd-1.conf @@ -301,7 +301,7 @@ configure_interfaces() { update_addresses_of_interface "carp1 192.168.1.1/0xffffff00" "" } -log "Activating firewall script generated Tue May 10 14:53:34 2011 by vadim" +log "Activating firewall script generated Thu May 26 14:09:43 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/pf_cluster_2_freebsd-2.fw.orig b/test/pf/pf_cluster_2_freebsd-2.fw.orig index 81dc6b79e..3ccb32835 100755 --- a/test/pf/pf_cluster_2_freebsd-2.fw.orig +++ b/test/pf/pf_cluster_2_freebsd-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:34 2011 PDT by vadim +# Generated Thu May 26 14:09:43 2011 PDT by vadim # # files: * pf_cluster_2_freebsd-2.fw /etc/pf_cluster_2_freebsd-2.fw # files: pf_cluster_2_freebsd-2.conf /etc/pf_cluster_2_freebsd-2.conf @@ -197,7 +197,7 @@ configure_interfaces() { update_addresses_of_interface "carp1 192.168.1.1/0xffffff00" "" } -log "Activating firewall script generated Tue May 10 14:53:34 2011 by vadim" +log "Activating firewall script generated Thu May 26 14:09:43 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/pf_cluster_3_openbsd-3.fw.orig b/test/pf/pf_cluster_3_openbsd-3.fw.orig index a8a69f540..8ead3ec42 100755 --- a/test/pf/pf_cluster_3_openbsd-3.fw.orig +++ b/test/pf/pf_cluster_3_openbsd-3.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:34 2011 PDT by vadim +# Generated Thu May 26 14:09:43 2011 PDT by vadim # # files: * pf_cluster_3_openbsd-3.fw /etc/pf_cluster_3_openbsd-3.fw # files: pf_cluster_3_openbsd-3.conf /etc/pf_cluster_3_openbsd-3.conf @@ -302,7 +302,7 @@ configure_interfaces() { update_addresses_of_interface "carp2 172.20.0.1/0xffffff00" "" } -log "Activating firewall script generated Tue May 10 14:53:34 2011 by vadim" +log "Activating firewall script generated Thu May 26 14:09:43 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/pf_cluster_3_openbsd-4.fw.orig b/test/pf/pf_cluster_3_openbsd-4.fw.orig index ad11f03a7..3591777ce 100755 --- a/test/pf/pf_cluster_3_openbsd-4.fw.orig +++ b/test/pf/pf_cluster_3_openbsd-4.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:34 2011 PDT by vadim +# Generated Thu May 26 14:09:43 2011 PDT by vadim # # files: * pf_cluster_3_openbsd-4.fw /etc/pf_cluster_3_openbsd-4.fw # files: pf_cluster_3_openbsd-4.conf /etc/pf_cluster_3_openbsd-4.conf @@ -199,7 +199,7 @@ configure_interfaces() { update_addresses_of_interface "carp2 172.20.0.1/0xffffff00" "" } -log "Activating firewall script generated Tue May 10 14:53:34 2011 by vadim" +log "Activating firewall script generated Thu May 26 14:09:43 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/pf_cluster_4_rc.conf.local b/test/pf/pf_cluster_4_rc.conf.local index 2be73ee54..a4b89c3e3 100755 --- a/test/pf/pf_cluster_4_rc.conf.local +++ b/test/pf/pf_cluster_4_rc.conf.local @@ -3,7 +3,7 @@ # # Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Thu May 26 12:05:36 2011 PDT by vadim +# Generated Thu May 26 14:09:43 2011 PDT by vadim # # files: * pf_cluster_4_rc.conf.local /etc/pf_cluster_4_rc.conf.local # files: pf_cluster_4_pf.conf /etc/pf_cluster_4_pf.conf diff --git a/test/pf/pf_cluster_5_openbsd-3.fw.orig b/test/pf/pf_cluster_5_openbsd-3.fw.orig index 1d776dd97..a2f147fa9 100755 --- a/test/pf/pf_cluster_5_openbsd-3.fw.orig +++ b/test/pf/pf_cluster_5_openbsd-3.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:34 2011 PDT by vadim +# Generated Thu May 26 14:09:44 2011 PDT by vadim # # files: * pf_cluster_5_openbsd-3.fw /etc/pf_cluster_5_openbsd-3.fw # files: pf_cluster_5_openbsd-3.conf /etc/pf_cluster_5_openbsd-3.conf @@ -302,7 +302,7 @@ configure_interfaces() { update_addresses_of_interface "carp2 172.20.0.1/0xffffff00" "" } -log "Activating firewall script generated Tue May 10 14:53:34 2011 by vadim" +log "Activating firewall script generated Thu May 26 14:09:44 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/pf_cluster_5_openbsd-4.fw.orig b/test/pf/pf_cluster_5_openbsd-4.fw.orig index 36986132f..c102083bd 100755 --- a/test/pf/pf_cluster_5_openbsd-4.fw.orig +++ b/test/pf/pf_cluster_5_openbsd-4.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.1 +# Firewall Builder fwb_pf v4.3.0.3546 # -# Generated Tue May 10 14:53:34 2011 PDT by vadim +# Generated Thu May 26 14:09:44 2011 PDT by vadim # # files: * pf_cluster_5_openbsd-4.fw /etc/pf_cluster_5_openbsd-4.fw # files: pf_cluster_5_openbsd-4.conf /etc/pf_cluster_5_openbsd-4.conf @@ -199,7 +199,7 @@ configure_interfaces() { update_addresses_of_interface "carp2 172.20.0.1/0xffffff00" "" } -log "Activating firewall script generated Tue May 10 14:53:34 2011 by vadim" +log "Activating firewall script generated Thu May 26 14:09:44 2011 by vadim" set_kernel_vars configure_interfaces From ca77bbb51c400934ea62771ce24c13622b7b99c0 Mon Sep 17 00:00:00 2001 From: Vadim Kurland Date: Thu, 26 May 2011 14:29:14 -0700 Subject: [PATCH 10/10] re-ran tests for iptables --- test/ipt/cluster1_secuwall-1.fw.orig | 6 +- test/ipt/firewall-base-rulesets.fw.orig | 6 +- test/ipt/firewall-ipv6-1.fw.orig | 6 +- test/ipt/firewall-ipv6-2.fw.orig | 6 +- test/ipt/firewall-ipv6-3.fw.orig | 6 +- test/ipt/firewall-ipv6-4-1.fw.orig | 6 +- test/ipt/firewall-ipv6-4.fw.orig | 6 +- test/ipt/firewall-ipv6-5.fw.orig | 6 +- test/ipt/firewall-ipv6-6.fw.orig | 6 +- test/ipt/firewall-ipv6-7.fw.orig | 6 +- test/ipt/firewall-ipv6-8.fw.orig | 6 +- ...-ipv6-ipt-reset-prolog-after-flush.fw.orig | 6 +- ...-ipt-reset-prolog-after-interfaces.fw.orig | 6 +- ...firewall-ipv6-ipt-reset-prolog-top.fw.orig | 6 +- test/ipt/firewall-ipv6-nd-ns-1.fw.orig | 6 +- test/ipt/firewall-ipv6-nd-ns-2.fw.orig | 6 +- .../firewall-ipv6-prolog-after-flush.fw.orig | 6 +- ...ewall-ipv6-prolog-after-interfaces.fw.orig | 6 +- test/ipt/firewall-ipv6-prolog-top.fw.orig | 6 +- test/ipt/firewall-server-1-s.fw.orig | 6 +- test/ipt/firewall.fw.orig | 6 +- test/ipt/firewall1.fw.orig | 6 +- test/ipt/firewall10.fw.orig | 6 +- test/ipt/firewall11.fw.orig | 6 +- test/ipt/firewall12.fw.orig | 6 +- test/ipt/firewall13.fw.orig | 6 +- test/ipt/firewall14.fw.orig | 6 +- test/ipt/firewall15.fw.orig | 6 +- test/ipt/firewall16.fw.orig | 6 +- test/ipt/firewall17.fw.orig | 6 +- test/ipt/firewall18.fw.orig | 6 +- test/ipt/firewall19.fw.orig | 6 +- test/ipt/firewall2-1.fw.orig | 6 +- test/ipt/firewall2-2.fw.orig | 6 +- test/ipt/firewall2-3.fw.orig | 6 +- test/ipt/firewall2-4.fw.orig | 6 +- test/ipt/firewall2-5.fw.orig | 6 +- test/ipt/firewall2-6.fw.orig | 6 +- test/ipt/firewall2-7.fw.orig | 6 +- test/ipt/firewall2.fw.orig | 6 +- test/ipt/firewall20-ipv6.fw.orig | 6 +- test/ipt/firewall20.fw.orig | 6 +- test/ipt/firewall21-1.fw.orig | 6 +- test/ipt/firewall21.fw.orig | 6 +- test/ipt/firewall22.fw.orig | 6 +- test/ipt/firewall23-1.fw.orig | 6 +- test/ipt/firewall23.fw.orig | 6 +- test/ipt/firewall24.fw.orig | 6 +- test/ipt/firewall25.fw.orig | 6 +- test/ipt/firewall26.fw.orig | 6 +- test/ipt/firewall27.fw.orig | 6 +- test/ipt/firewall28.fw.orig | 6 +- test/ipt/firewall29.fw.orig | 6 +- test/ipt/firewall3.fw.orig | 6 +- test/ipt/firewall30.fw.orig | 6 +- test/ipt/firewall31.fw.orig | 6 +- test/ipt/firewall32.fw.orig | 6 +- test/ipt/firewall33-1.fw.orig | 17 ++-- test/ipt/firewall33.fw.orig | 17 ++-- test/ipt/firewall34.fw.orig | 6 +- test/ipt/firewall35.fw.orig | 6 +- test/ipt/firewall36-1.fw.orig | 6 +- test/ipt/firewall36-2.fw.orig | 6 +- test/ipt/firewall36.fw.orig | 6 +- test/ipt/firewall37-1.fw.orig | 6 +- test/ipt/firewall37-2.fw.orig | 81 +++++++++++++++-- test/ipt/firewall37.fw.orig | 86 ++++++++++--------- test/ipt/firewall38.fw.orig | 6 +- test/ipt/firewall39.fw.orig | 6 +- test/ipt/firewall4.fw.orig | 6 +- test/ipt/firewall40-1.fw.orig | 10 +-- test/ipt/firewall40-2.fw.orig | 10 +-- test/ipt/firewall40.fw.orig | 10 +-- test/ipt/firewall41-1.fw.orig | 6 +- test/ipt/firewall41.fw.orig | 6 +- test/ipt/firewall42.fw.orig | 6 +- test/ipt/firewall5.fw.orig | 6 +- test/ipt/firewall50.fw.orig | 6 +- test/ipt/firewall51.fw.orig | 6 +- test/ipt/firewall6.fw.orig | 6 +- test/ipt/firewall60.fw.orig | 6 +- test/ipt/firewall61-1.2.5.fw.orig | 6 +- test/ipt/firewall61-1.2.6.fw.orig | 6 +- test/ipt/firewall61-1.3.x.fw.orig | 6 +- test/ipt/firewall61-1.4.fw.orig | 6 +- test/ipt/firewall62.fw.orig | 6 +- test/ipt/firewall63.fw.orig | 6 +- test/ipt/firewall7.fw.orig | 6 +- test/ipt/firewall70.fw.orig | 6 +- test/ipt/firewall71.fw.orig | 6 +- test/ipt/firewall72-1.3.x.fw.orig | 6 +- test/ipt/firewall72-1.4.3.fw.orig | 6 +- test/ipt/firewall73.fw.orig | 6 +- test/ipt/firewall74.fw.orig | 6 +- test/ipt/firewall8.fw.orig | 6 +- test/ipt/firewall80.fw.orig | 6 +- test/ipt/firewall81.fw.orig | 6 +- test/ipt/firewall82.fw.orig | 6 +- test/ipt/firewall82_A.fw.orig | 6 +- test/ipt/firewall82_B.fw.orig | 6 +- test/ipt/firewall9.fw.orig | 6 +- test/ipt/firewall90.fw.orig | 6 +- test/ipt/firewall91.fw.orig | 6 +- test/ipt/firewall92.fw.orig | 6 +- test/ipt/firewall93.fw.orig | 6 +- test/ipt/fw-A.fw.orig | 6 +- test/ipt/fw1.fw.orig | 6 +- test/ipt/fwbuilder.fw.orig | 6 +- .../heartbeat_cluster_1_d_linux-1-d.fw.orig | 6 +- .../heartbeat_cluster_1_d_linux-2-d.fw.orig | 6 +- test/ipt/heartbeat_cluster_1_linux-1.fw.orig | 6 +- test/ipt/heartbeat_cluster_1_linux-2.fw.orig | 6 +- test/ipt/heartbeat_cluster_2_linux-1.fw.orig | 6 +- test/ipt/heartbeat_cluster_2_linux-2.fw.orig | 6 +- test/ipt/host.fw.orig | 6 +- test/ipt/openais_cluster_1_linux-1.fw.orig | 6 +- test/ipt/openais_cluster_1_linux-2.fw.orig | 6 +- test/ipt/rc.firewall.local | 4 +- test/ipt/rh90.fw.orig | 6 +- .../ipt/secuwall_cluster_1_secuwall-1.fw.orig | 6 +- test/ipt/server-cluster-1_server-1.fw.orig | 6 +- test/ipt/server-cluster-1_server-2.fw.orig | 6 +- test/ipt/test-shadowing-1.fw.orig | 6 +- test/ipt/test-shadowing-2.fw.orig | 6 +- test/ipt/test-shadowing-3.fw.orig | 6 +- test/ipt/test_fw.fw.orig | 6 +- test/ipt/vrrp_cluster_1_linux-1.fw.orig | 6 +- test/ipt/vrrp_cluster_1_linux-2.fw.orig | 6 +- test/ipt/vrrp_cluster_2_linux-1.fw.orig | 6 +- test/ipt/vrrp_cluster_2_linux-2.fw.orig | 6 +- test/ipt/vrrp_cluster_2_linux-3.fw.orig | 6 +- 131 files changed, 521 insertions(+), 452 deletions(-) diff --git a/test/ipt/cluster1_secuwall-1.fw.orig b/test/ipt/cluster1_secuwall-1.fw.orig index ed1ea5a32..1ceb38c04 100755 --- a/test/ipt/cluster1_secuwall-1.fw.orig +++ b/test/ipt/cluster1_secuwall-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:42:18 2011 PDT by vadim +# Generated Thu May 26 14:18:20 2011 PDT by vadim # # files: * cluster1_secuwall-1.fw /etc/cluster1_secuwall-1.fw # @@ -609,7 +609,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:42:18 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:18:20 2011 by vadim" log "Database was cluster-tests.fwb" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall-base-rulesets.fw.orig b/test/ipt/firewall-base-rulesets.fw.orig index 7be47d994..d96d2d797 100755 --- a/test/ipt/firewall-base-rulesets.fw.orig +++ b/test/ipt/firewall-base-rulesets.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:41:25 2011 PDT by vadim +# Generated Thu May 26 14:17:25 2011 PDT by vadim # # files: * firewall-base-rulesets.fw /etc/fw/firewall-base-rulesets.fw # @@ -466,7 +466,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:41:25 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:17:25 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-1.fw.orig b/test/ipt/firewall-ipv6-1.fw.orig index f0f04020f..eca0fe218 100755 --- a/test/ipt/firewall-ipv6-1.fw.orig +++ b/test/ipt/firewall-ipv6-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:41:38 2011 PDT by vadim +# Generated Thu May 26 14:17:30 2011 PDT by vadim # # files: * firewall-ipv6-1.fw /etc/firewall-ipv6-1.fw # @@ -723,7 +723,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:41:38 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:17:30 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-2.fw.orig b/test/ipt/firewall-ipv6-2.fw.orig index c3bdbbaca..06f3d0003 100755 --- a/test/ipt/firewall-ipv6-2.fw.orig +++ b/test/ipt/firewall-ipv6-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:41:38 2011 PDT by vadim +# Generated Thu May 26 14:17:31 2011 PDT by vadim # # files: * firewall-ipv6-2.fw /etc/firewall-ipv6-2.fw # @@ -987,7 +987,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:41:38 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:17:31 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-3.fw.orig b/test/ipt/firewall-ipv6-3.fw.orig index 14d664040..f27a7476d 100755 --- a/test/ipt/firewall-ipv6-3.fw.orig +++ b/test/ipt/firewall-ipv6-3.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:41:49 2011 PDT by vadim +# Generated Thu May 26 14:17:36 2011 PDT by vadim # # files: * firewall-ipv6-3.fw /etc/firewall-ipv6-3.fw # @@ -617,7 +617,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:41:49 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:17:36 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-4-1.fw.orig b/test/ipt/firewall-ipv6-4-1.fw.orig index 315746245..e8e4c6bbc 100755 --- a/test/ipt/firewall-ipv6-4-1.fw.orig +++ b/test/ipt/firewall-ipv6-4-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:42:00 2011 PDT by vadim +# Generated Thu May 26 14:17:41 2011 PDT by vadim # # files: * firewall-ipv6-4-1.fw /etc/firewall-ipv6-4-1.fw # @@ -568,7 +568,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:42:00 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:17:41 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-4.fw.orig b/test/ipt/firewall-ipv6-4.fw.orig index fafe6c02d..2e82bb2a8 100755 --- a/test/ipt/firewall-ipv6-4.fw.orig +++ b/test/ipt/firewall-ipv6-4.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:41:49 2011 PDT by vadim +# Generated Thu May 26 14:17:36 2011 PDT by vadim # # files: * firewall-ipv6-4.fw /etc/firewall-ipv6-4.fw # @@ -604,7 +604,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:41:49 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:17:36 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-5.fw.orig b/test/ipt/firewall-ipv6-5.fw.orig index bc1ce6575..5be080249 100755 --- a/test/ipt/firewall-ipv6-5.fw.orig +++ b/test/ipt/firewall-ipv6-5.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:41:51 2011 PDT by vadim +# Generated Thu May 26 14:17:40 2011 PDT by vadim # # files: * firewall-ipv6-5.fw /etc/firewall-ipv6-5.fw # @@ -433,7 +433,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:41:51 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:17:40 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-6.fw.orig b/test/ipt/firewall-ipv6-6.fw.orig index afc1ae538..b14aba8a5 100755 --- a/test/ipt/firewall-ipv6-6.fw.orig +++ b/test/ipt/firewall-ipv6-6.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:41:53 2011 PDT by vadim +# Generated Thu May 26 14:17:44 2011 PDT by vadim # # files: * firewall-ipv6-6.fw /etc/firewall-ipv6-6.fw # @@ -422,7 +422,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:41:53 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:17:44 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-7.fw.orig b/test/ipt/firewall-ipv6-7.fw.orig index d896cc68a..a366b49ea 100755 --- a/test/ipt/firewall-ipv6-7.fw.orig +++ b/test/ipt/firewall-ipv6-7.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:41:55 2011 PDT by vadim +# Generated Thu May 26 14:17:45 2011 PDT by vadim # # files: * firewall-ipv6-7.fw /etc/firewall-ipv6-7.fw # @@ -466,7 +466,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:41:55 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:17:45 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-8.fw.orig b/test/ipt/firewall-ipv6-8.fw.orig index bd6b38981..ed94cd6c4 100755 --- a/test/ipt/firewall-ipv6-8.fw.orig +++ b/test/ipt/firewall-ipv6-8.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sun May 15 12:01:42 2011 PDT by vadim +# Generated Thu May 26 14:17:47 2011 PDT by vadim # # files: * firewall-ipv6-8.fw /etc/firewall-ipv6-8.fw # @@ -539,7 +539,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sun May 15 12:01:42 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:17:47 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-ipt-reset-prolog-after-flush.fw.orig b/test/ipt/firewall-ipv6-ipt-reset-prolog-after-flush.fw.orig index 4ae662354..a37791c74 100755 --- a/test/ipt/firewall-ipv6-ipt-reset-prolog-after-flush.fw.orig +++ b/test/ipt/firewall-ipv6-ipt-reset-prolog-after-flush.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:41:58 2011 PDT by vadim +# Generated Thu May 26 14:17:49 2011 PDT by vadim # # files: * firewall-ipv6-ipt-reset-prolog-after-flush.fw /etc/firewall-ipv6-ipt-reset-prolog-after-flush.fw # @@ -463,7 +463,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:41:58 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:17:49 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-ipt-reset-prolog-after-interfaces.fw.orig b/test/ipt/firewall-ipv6-ipt-reset-prolog-after-interfaces.fw.orig index f89b93518..a1eb41ab7 100755 --- a/test/ipt/firewall-ipv6-ipt-reset-prolog-after-interfaces.fw.orig +++ b/test/ipt/firewall-ipv6-ipt-reset-prolog-after-interfaces.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:42:00 2011 PDT by vadim +# Generated Thu May 26 14:17:52 2011 PDT by vadim # # files: * firewall-ipv6-ipt-reset-prolog-after-interfaces.fw /etc/firewall-ipv6-ipt-reset-prolog-after-interfaces.fw # @@ -463,7 +463,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:42:00 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:17:52 2011 by vadim" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-ipt-reset-prolog-top.fw.orig b/test/ipt/firewall-ipv6-ipt-reset-prolog-top.fw.orig index b43e5e970..7b3ea7652 100755 --- a/test/ipt/firewall-ipv6-ipt-reset-prolog-top.fw.orig +++ b/test/ipt/firewall-ipv6-ipt-reset-prolog-top.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:42:02 2011 PDT by vadim +# Generated Thu May 26 14:17:53 2011 PDT by vadim # # files: * firewall-ipv6-ipt-reset-prolog-top.fw /etc/firewall-ipv6-ipt-reset-prolog-top.fw # @@ -463,7 +463,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:42:02 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:17:53 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-nd-ns-1.fw.orig b/test/ipt/firewall-ipv6-nd-ns-1.fw.orig index 8d5e785b7..cc2563f6b 100755 --- a/test/ipt/firewall-ipv6-nd-ns-1.fw.orig +++ b/test/ipt/firewall-ipv6-nd-ns-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:42:02 2011 PDT by vadim +# Generated Thu May 26 14:17:56 2011 PDT by vadim # # files: * firewall-ipv6-nd-ns-1.fw /etc/firewall-ipv6-nd-ns-1.fw # @@ -463,7 +463,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:42:02 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:17:56 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-nd-ns-2.fw.orig b/test/ipt/firewall-ipv6-nd-ns-2.fw.orig index 0ece67a49..525943567 100755 --- a/test/ipt/firewall-ipv6-nd-ns-2.fw.orig +++ b/test/ipt/firewall-ipv6-nd-ns-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:42:04 2011 PDT by vadim +# Generated Thu May 26 14:17:57 2011 PDT by vadim # # files: * firewall-ipv6-nd-ns-2.fw /etc/firewall-ipv6-nd-ns-2.fw # @@ -467,7 +467,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:42:04 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:17:57 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-prolog-after-flush.fw.orig b/test/ipt/firewall-ipv6-prolog-after-flush.fw.orig index d0d540a71..b96b11a4c 100755 --- a/test/ipt/firewall-ipv6-prolog-after-flush.fw.orig +++ b/test/ipt/firewall-ipv6-prolog-after-flush.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:42:05 2011 PDT by vadim +# Generated Thu May 26 14:17:59 2011 PDT by vadim # # files: * firewall-ipv6-prolog-after-flush.fw /etc/firewall-ipv6-prolog-after-flush.fw # @@ -441,7 +441,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:42:05 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:17:59 2011 by vadim" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-prolog-after-interfaces.fw.orig b/test/ipt/firewall-ipv6-prolog-after-interfaces.fw.orig index 9fe79e7aa..9b077ee0a 100755 --- a/test/ipt/firewall-ipv6-prolog-after-interfaces.fw.orig +++ b/test/ipt/firewall-ipv6-prolog-after-interfaces.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:42:06 2011 PDT by vadim +# Generated Thu May 26 14:18:00 2011 PDT by vadim # # files: * firewall-ipv6-prolog-after-interfaces.fw /etc/firewall-ipv6-prolog-after-interfaces.fw # @@ -441,7 +441,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:42:06 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:18:00 2011 by vadim" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-prolog-top.fw.orig b/test/ipt/firewall-ipv6-prolog-top.fw.orig index 7b6d5b25d..89df16c58 100755 --- a/test/ipt/firewall-ipv6-prolog-top.fw.orig +++ b/test/ipt/firewall-ipv6-prolog-top.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:42:07 2011 PDT by vadim +# Generated Thu May 26 14:18:03 2011 PDT by vadim # # files: * firewall-ipv6-prolog-top.fw /etc/firewall-ipv6-prolog-top.fw # @@ -441,7 +441,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:42:07 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:18:03 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-server-1-s.fw.orig b/test/ipt/firewall-server-1-s.fw.orig index 93ddf4450..50032af01 100755 --- a/test/ipt/firewall-server-1-s.fw.orig +++ b/test/ipt/firewall-server-1-s.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:42:08 2011 PDT by vadim +# Generated Thu May 26 14:18:04 2011 PDT by vadim # # files: * firewall-server-1-s.fw /etc/fw/firewall-server-1-s.fw # @@ -414,7 +414,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:42:08 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:18:04 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall.fw.orig b/test/ipt/firewall.fw.orig index 096c93e8b..2b636b8f9 100755 --- a/test/ipt/firewall.fw.orig +++ b/test/ipt/firewall.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:39:37 2011 PDT by vadim +# Generated Thu May 26 14:14:24 2011 PDT by vadim # # files: * firewall.fw /etc/fw/firewall.fw # @@ -1397,7 +1397,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:39:37 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:14:24 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall1.fw.orig b/test/ipt/firewall1.fw.orig index 31d9d35de..e81081066 100755 --- a/test/ipt/firewall1.fw.orig +++ b/test/ipt/firewall1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:39:39 2011 PDT by vadim +# Generated Thu May 26 14:14:27 2011 PDT by vadim # # files: * firewall1.fw /etc/fw/firewall1.fw # @@ -1269,7 +1269,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:39:39 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:14:27 2011 by vadim" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall10.fw.orig b/test/ipt/firewall10.fw.orig index d735537af..631b71454 100755 --- a/test/ipt/firewall10.fw.orig +++ b/test/ipt/firewall10.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:39:39 2011 PDT by vadim +# Generated Thu May 26 14:14:27 2011 PDT by vadim # # files: * firewall10.fw /etc/fw/firewall10.fw # @@ -494,7 +494,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:39:39 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:14:27 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall11.fw.orig b/test/ipt/firewall11.fw.orig index d12944ba2..20b837751 100755 --- a/test/ipt/firewall11.fw.orig +++ b/test/ipt/firewall11.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:39:42 2011 PDT by vadim +# Generated Thu May 26 14:14:32 2011 PDT by vadim # # files: * firewall11.fw /etc/fw/firewall11.fw # @@ -614,7 +614,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:39:42 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:14:32 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall12.fw.orig b/test/ipt/firewall12.fw.orig index c8a7eddcc..fbaeb7d07 100755 --- a/test/ipt/firewall12.fw.orig +++ b/test/ipt/firewall12.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:39:42 2011 PDT by vadim +# Generated Thu May 26 14:14:32 2011 PDT by vadim # # files: * firewall12.fw /etc/fw/firewall12.fw # @@ -532,7 +532,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:39:42 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:14:32 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall13.fw.orig b/test/ipt/firewall13.fw.orig index f994c89bf..f7e669ed0 100755 --- a/test/ipt/firewall13.fw.orig +++ b/test/ipt/firewall13.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:39:44 2011 PDT by vadim +# Generated Thu May 26 14:14:37 2011 PDT by vadim # # files: * firewall13.fw /etc/fw/firewall13.fw # @@ -406,7 +406,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:39:44 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:14:37 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall14.fw.orig b/test/ipt/firewall14.fw.orig index 044247770..000200da3 100755 --- a/test/ipt/firewall14.fw.orig +++ b/test/ipt/firewall14.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:39:44 2011 PDT by vadim +# Generated Thu May 26 14:14:37 2011 PDT by vadim # # files: * firewall14.fw /etc/fw/firewall14.fw # @@ -425,7 +425,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:39:44 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:14:37 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall15.fw.orig b/test/ipt/firewall15.fw.orig index b1e772605..ab64c61e6 100755 --- a/test/ipt/firewall15.fw.orig +++ b/test/ipt/firewall15.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:39:47 2011 PDT by vadim +# Generated Thu May 26 14:14:42 2011 PDT by vadim # # files: * firewall15.fw /etc/fw/firewall15.fw # @@ -409,7 +409,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:39:47 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:14:42 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall16.fw.orig b/test/ipt/firewall16.fw.orig index 7fad1cf37..e6240b984 100755 --- a/test/ipt/firewall16.fw.orig +++ b/test/ipt/firewall16.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:39:47 2011 PDT by vadim +# Generated Thu May 26 14:14:42 2011 PDT by vadim # # files: * firewall16.fw /etc/fw/firewall16.fw # @@ -513,7 +513,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:39:47 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:14:42 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall17.fw.orig b/test/ipt/firewall17.fw.orig index a6911c4a1..9c636b052 100755 --- a/test/ipt/firewall17.fw.orig +++ b/test/ipt/firewall17.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:39:49 2011 PDT by vadim +# Generated Thu May 26 14:14:46 2011 PDT by vadim # # files: * firewall17.fw /etc/fw/firewall17.fw # @@ -492,7 +492,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:39:49 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:14:46 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall18.fw.orig b/test/ipt/firewall18.fw.orig index 3ff54f76c..96a457189 100755 --- a/test/ipt/firewall18.fw.orig +++ b/test/ipt/firewall18.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:39:50 2011 PDT by vadim +# Generated Thu May 26 14:14:46 2011 PDT by vadim # # files: * firewall18.fw /etc/fw/firewall18.fw # @@ -527,7 +527,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:39:50 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:14:46 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall19.fw.orig b/test/ipt/firewall19.fw.orig index 60a890170..faa1c3dd4 100755 --- a/test/ipt/firewall19.fw.orig +++ b/test/ipt/firewall19.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:39:52 2011 PDT by vadim +# Generated Thu May 26 14:14:51 2011 PDT by vadim # # files: * firewall19.fw /etc/fw/firewall19.fw # @@ -531,7 +531,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:39:52 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:14:51 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall2-1.fw.orig b/test/ipt/firewall2-1.fw.orig index 6260a872a..f803b046d 100755 --- a/test/ipt/firewall2-1.fw.orig +++ b/test/ipt/firewall2-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:40:00 2011 PDT by vadim +# Generated Thu May 26 14:15:04 2011 PDT by vadim # # files: * firewall2-1.fw /etc/fw/firewall2-1.fw # @@ -1451,7 +1451,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:40:00 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:15:04 2011 by vadim" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall2-2.fw.orig b/test/ipt/firewall2-2.fw.orig index 1682ecc84..1c0caef4d 100755 --- a/test/ipt/firewall2-2.fw.orig +++ b/test/ipt/firewall2-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:40:04 2011 PDT by vadim +# Generated Thu May 26 14:15:09 2011 PDT by vadim # # files: * firewall2-2.fw /etc/fw/firewall2-2.fw # @@ -1280,7 +1280,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:40:04 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:15:09 2011 by vadim" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall2-3.fw.orig b/test/ipt/firewall2-3.fw.orig index 7296cde7a..6dfad128c 100755 --- a/test/ipt/firewall2-3.fw.orig +++ b/test/ipt/firewall2-3.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:40:05 2011 PDT by vadim +# Generated Thu May 26 14:15:13 2011 PDT by vadim # # files: * firewall2-3.fw /etc/fw/firewall2-3.fw # @@ -1139,7 +1139,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:40:05 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:15:13 2011 by vadim" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall2-4.fw.orig b/test/ipt/firewall2-4.fw.orig index f05ca4221..3d5c85b99 100755 --- a/test/ipt/firewall2-4.fw.orig +++ b/test/ipt/firewall2-4.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:40:08 2011 PDT by vadim +# Generated Thu May 26 14:15:18 2011 PDT by vadim # # files: * firewall2-4.fw /etc/fw/firewall2-4.fw # @@ -445,7 +445,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:40:08 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:15:18 2011 by vadim" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall2-5.fw.orig b/test/ipt/firewall2-5.fw.orig index 02ca64a94..379eb75b6 100755 --- a/test/ipt/firewall2-5.fw.orig +++ b/test/ipt/firewall2-5.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:40:10 2011 PDT by vadim +# Generated Thu May 26 14:15:22 2011 PDT by vadim # # files: * firewall2-5.fw /etc/fw/firewall2-5.fw # @@ -476,7 +476,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:40:10 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:15:22 2011 by vadim" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall2-6.fw.orig b/test/ipt/firewall2-6.fw.orig index caf4977b1..fa9bac028 100755 --- a/test/ipt/firewall2-6.fw.orig +++ b/test/ipt/firewall2-6.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:40:12 2011 PDT by vadim +# Generated Thu May 26 14:15:27 2011 PDT by vadim # # files: * firewall2-6.fw /etc/fw/firewall2-6.fw # @@ -503,7 +503,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:40:12 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:15:27 2011 by vadim" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall2-7.fw.orig b/test/ipt/firewall2-7.fw.orig index 797895a45..03929473c 100755 --- a/test/ipt/firewall2-7.fw.orig +++ b/test/ipt/firewall2-7.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:40:14 2011 PDT by vadim +# Generated Thu May 26 14:15:32 2011 PDT by vadim # # files: * firewall2-7.fw /etc/fw/firewall2-7.fw # @@ -445,7 +445,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:40:14 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:15:32 2011 by vadim" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall2.fw.orig b/test/ipt/firewall2.fw.orig index a064a9502..4293f5efd 100755 --- a/test/ipt/firewall2.fw.orig +++ b/test/ipt/firewall2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:39:54 2011 PDT by vadim +# Generated Thu May 26 14:14:53 2011 PDT by vadim # # files: * firewall2.fw /etc/fw/firewall2.fw # @@ -1503,7 +1503,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:39:54 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:14:53 2011 by vadim" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall20-ipv6.fw.orig b/test/ipt/firewall20-ipv6.fw.orig index bac5c263f..1c90f7ed8 100755 --- a/test/ipt/firewall20-ipv6.fw.orig +++ b/test/ipt/firewall20-ipv6.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:39:56 2011 PDT by vadim +# Generated Thu May 26 14:14:57 2011 PDT by vadim # # files: * firewall20-ipv6.fw /etc/fw/firewall20-ipv6.fw # @@ -477,7 +477,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:39:56 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:14:57 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall20.fw.orig b/test/ipt/firewall20.fw.orig index bba76e72c..528da7364 100755 --- a/test/ipt/firewall20.fw.orig +++ b/test/ipt/firewall20.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:39:54 2011 PDT by vadim +# Generated Thu May 26 14:14:54 2011 PDT by vadim # # files: * firewall20.fw /etc/fw/firewall20.fw # @@ -695,7 +695,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:39:54 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:14:54 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall21-1.fw.orig b/test/ipt/firewall21-1.fw.orig index d74accfed..0e4b7557b 100755 --- a/test/ipt/firewall21-1.fw.orig +++ b/test/ipt/firewall21-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:39:58 2011 PDT by vadim +# Generated Thu May 26 14:15:02 2011 PDT by vadim # # files: * firewall21-1.fw /etc/fw/firewall21-1.fw # @@ -495,7 +495,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:39:58 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:15:02 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall21.fw.orig b/test/ipt/firewall21.fw.orig index 01ae3f8fb..6f64547d8 100755 --- a/test/ipt/firewall21.fw.orig +++ b/test/ipt/firewall21.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:39:56 2011 PDT by vadim +# Generated Thu May 26 14:14:58 2011 PDT by vadim # # files: * firewall21.fw /etc/fw/firewall21.fw # @@ -494,7 +494,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:39:56 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:14:58 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall22.fw.orig b/test/ipt/firewall22.fw.orig index b4c3903f6..7d302e632 100755 --- a/test/ipt/firewall22.fw.orig +++ b/test/ipt/firewall22.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:40:00 2011 PDT by vadim +# Generated Thu May 26 14:15:05 2011 PDT by vadim # # files: * firewall22.fw /etc/fw/firewall22.fw # @@ -411,7 +411,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:40:00 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:15:05 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall23-1.fw.orig b/test/ipt/firewall23-1.fw.orig index a53862da9..993e3eaf2 100755 --- a/test/ipt/firewall23-1.fw.orig +++ b/test/ipt/firewall23-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:40:06 2011 PDT by vadim +# Generated Thu May 26 14:15:13 2011 PDT by vadim # # files: * firewall23-1.fw /etc/fw/firewall23-1.fw # @@ -585,7 +585,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:40:06 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:15:13 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall23.fw.orig b/test/ipt/firewall23.fw.orig index 717ff5b83..8771bd4b3 100755 --- a/test/ipt/firewall23.fw.orig +++ b/test/ipt/firewall23.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:40:03 2011 PDT by vadim +# Generated Thu May 26 14:15:08 2011 PDT by vadim # # files: * firewall23.fw /etc/fw/firewall23.fw # @@ -497,7 +497,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:40:03 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:15:08 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall24.fw.orig b/test/ipt/firewall24.fw.orig index af615742e..dd480d7bd 100755 --- a/test/ipt/firewall24.fw.orig +++ b/test/ipt/firewall24.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:40:07 2011 PDT by vadim +# Generated Thu May 26 14:15:17 2011 PDT by vadim # # files: * firewall24.fw /etc/fw/firewall24.fw # @@ -514,7 +514,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:40:07 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:15:17 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall25.fw.orig b/test/ipt/firewall25.fw.orig index 8bc5dfa94..e7f1189a7 100755 --- a/test/ipt/firewall25.fw.orig +++ b/test/ipt/firewall25.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:40:10 2011 PDT by vadim +# Generated Thu May 26 14:15:22 2011 PDT by vadim # # files: * firewall25.fw /etc/fw/firewall25.fw # @@ -705,7 +705,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:40:10 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:15:22 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall26.fw.orig b/test/ipt/firewall26.fw.orig index 14b328e85..80ca94f89 100755 --- a/test/ipt/firewall26.fw.orig +++ b/test/ipt/firewall26.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:40:12 2011 PDT by vadim +# Generated Thu May 26 14:15:27 2011 PDT by vadim # # files: * firewall26.fw /etc/fw/firewall26.fw # @@ -585,7 +585,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:40:12 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:15:27 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall27.fw.orig b/test/ipt/firewall27.fw.orig index 85d3aa648..24594208f 100755 --- a/test/ipt/firewall27.fw.orig +++ b/test/ipt/firewall27.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:40:14 2011 PDT by vadim +# Generated Thu May 26 14:15:32 2011 PDT by vadim # # files: * firewall27.fw /etc/fw/firewall27.fw # @@ -567,7 +567,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:40:14 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:15:32 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall28.fw.orig b/test/ipt/firewall28.fw.orig index 1c9d8568a..454b60a36 100755 --- a/test/ipt/firewall28.fw.orig +++ b/test/ipt/firewall28.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:40:17 2011 PDT by vadim +# Generated Thu May 26 14:15:36 2011 PDT by vadim # # files: * firewall28.fw /etc/fw/firewall28.fw # @@ -430,7 +430,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:40:17 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:15:36 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall29.fw.orig b/test/ipt/firewall29.fw.orig index 667c0c1d2..3579ca58f 100755 --- a/test/ipt/firewall29.fw.orig +++ b/test/ipt/firewall29.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:40:17 2011 PDT by vadim +# Generated Thu May 26 14:15:36 2011 PDT by vadim # # files: * firewall29.fw /etc/fw/firewall29.fw # @@ -465,7 +465,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:40:17 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:15:36 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall3.fw.orig b/test/ipt/firewall3.fw.orig index 26d99d2bc..9af6f7918 100755 --- a/test/ipt/firewall3.fw.orig +++ b/test/ipt/firewall3.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:40:19 2011 PDT by vadim +# Generated Thu May 26 14:15:41 2011 PDT by vadim # # files: * firewall3.fw /etc/fw/firewall3.fw # @@ -599,7 +599,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:40:19 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:15:41 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall30.fw.orig b/test/ipt/firewall30.fw.orig index 6415a2c39..fd21049ae 100755 --- a/test/ipt/firewall30.fw.orig +++ b/test/ipt/firewall30.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:40:19 2011 PDT by vadim +# Generated Thu May 26 14:15:41 2011 PDT by vadim # # files: * firewall30.fw /etc/fw/firewall30.fw # @@ -396,7 +396,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:40:19 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:15:41 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall31.fw.orig b/test/ipt/firewall31.fw.orig index b6f8e0437..891064c1e 100755 --- a/test/ipt/firewall31.fw.orig +++ b/test/ipt/firewall31.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:40:22 2011 PDT by vadim +# Generated Thu May 26 14:15:45 2011 PDT by vadim # # files: * firewall31.fw /etc/fw/firewall31.fw # @@ -468,7 +468,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:40:22 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:15:45 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall32.fw.orig b/test/ipt/firewall32.fw.orig index 2d981eeb2..f000a7924 100755 --- a/test/ipt/firewall32.fw.orig +++ b/test/ipt/firewall32.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:40:22 2011 PDT by vadim +# Generated Thu May 26 14:15:45 2011 PDT by vadim # # files: * firewall32.fw /etc/fw/firewall32.fw # @@ -439,7 +439,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:40:22 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:15:45 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall33-1.fw.orig b/test/ipt/firewall33-1.fw.orig index c7c2e5a71..696c6026f 100755 --- a/test/ipt/firewall33-1.fw.orig +++ b/test/ipt/firewall33-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:40:29 2011 PDT by vadim +# Generated Thu May 26 14:15:50 2011 PDT by vadim # # files: * firewall33-1.fw /etc/fw/firewall33-1.fw # @@ -416,12 +416,11 @@ script_body() { # $IPTABLES -N Cid438728A918346.0 $IPTABLES -A Policy -m state --state NEW -j Cid438728A918346.0 - $IPTABLES -A Cid438728A918346.0 -d 74.125.153.99 -j RETURN - $IPTABLES -A Cid438728A918346.0 -d 74.125.153.103 -j RETURN - $IPTABLES -A Cid438728A918346.0 -d 74.125.153.104 -j RETURN - $IPTABLES -A Cid438728A918346.0 -d 74.125.153.105 -j RETURN - $IPTABLES -A Cid438728A918346.0 -d 74.125.153.106 -j RETURN - $IPTABLES -A Cid438728A918346.0 -d 74.125.153.147 -j RETURN + $IPTABLES -A Cid438728A918346.0 -d 74.125.224.112 -j RETURN + $IPTABLES -A Cid438728A918346.0 -d 74.125.224.113 -j RETURN + $IPTABLES -A Cid438728A918346.0 -d 74.125.224.114 -j RETURN + $IPTABLES -A Cid438728A918346.0 -d 74.125.224.115 -j RETURN + $IPTABLES -A Cid438728A918346.0 -d 74.125.224.116 -j RETURN $IPTABLES -A Cid438728A918346.0 -d 157.166.224.25 -j RETURN $IPTABLES -A Cid438728A918346.0 -d 157.166.224.26 -j RETURN $IPTABLES -A Cid438728A918346.0 -d 157.166.226.25 -j RETURN @@ -547,7 +546,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:40:29 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:15:50 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall33.fw.orig b/test/ipt/firewall33.fw.orig index 246998a23..ed33fea49 100755 --- a/test/ipt/firewall33.fw.orig +++ b/test/ipt/firewall33.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:40:29 2011 PDT by vadim +# Generated Thu May 26 14:15:51 2011 PDT by vadim # # files: * firewall33.fw /etc/fw/firewall33.fw # @@ -466,12 +466,11 @@ script_body() { $IPTABLES -A OUTPUT -m state --state NEW -j Cid438728A918346.0 $IPTABLES -A INPUT -m state --state NEW -j Cid438728A918346.0 $IPTABLES -A FORWARD -m state --state NEW -j Cid438728A918346.0 - $IPTABLES -A Cid438728A918346.0 -d 74.125.153.99 -j RETURN - $IPTABLES -A Cid438728A918346.0 -d 74.125.153.103 -j RETURN - $IPTABLES -A Cid438728A918346.0 -d 74.125.153.104 -j RETURN - $IPTABLES -A Cid438728A918346.0 -d 74.125.153.105 -j RETURN - $IPTABLES -A Cid438728A918346.0 -d 74.125.153.106 -j RETURN - $IPTABLES -A Cid438728A918346.0 -d 74.125.153.147 -j RETURN + $IPTABLES -A Cid438728A918346.0 -d 74.125.224.112 -j RETURN + $IPTABLES -A Cid438728A918346.0 -d 74.125.224.113 -j RETURN + $IPTABLES -A Cid438728A918346.0 -d 74.125.224.114 -j RETURN + $IPTABLES -A Cid438728A918346.0 -d 74.125.224.115 -j RETURN + $IPTABLES -A Cid438728A918346.0 -d 74.125.224.116 -j RETURN $IPTABLES -A Cid438728A918346.0 -d 157.166.224.25 -j RETURN $IPTABLES -A Cid438728A918346.0 -d 157.166.224.26 -j RETURN $IPTABLES -A Cid438728A918346.0 -d 157.166.226.25 -j RETURN @@ -596,7 +595,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:40:29 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:15:51 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall34.fw.orig b/test/ipt/firewall34.fw.orig index 4c42d346c..51f624e39 100755 --- a/test/ipt/firewall34.fw.orig +++ b/test/ipt/firewall34.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:40:31 2011 PDT by vadim +# Generated Thu May 26 14:15:55 2011 PDT by vadim # # files: * firewall34.fw /etc/fw/firewall34.fw # @@ -671,7 +671,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:40:31 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:15:55 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall35.fw.orig b/test/ipt/firewall35.fw.orig index 8f3307e2e..2d3f88480 100755 --- a/test/ipt/firewall35.fw.orig +++ b/test/ipt/firewall35.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:40:31 2011 PDT by vadim +# Generated Thu May 26 14:15:55 2011 PDT by vadim # # files: * firewall35.fw /etc/fw/firewall35.fw # @@ -563,7 +563,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:40:31 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:15:55 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall36-1.fw.orig b/test/ipt/firewall36-1.fw.orig index 6cdd76d0a..ff0812222 100755 --- a/test/ipt/firewall36-1.fw.orig +++ b/test/ipt/firewall36-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:40:34 2011 PDT by vadim +# Generated Thu May 26 14:16:00 2011 PDT by vadim # # files: * firewall36-1.fw /etc/firewall36-1.fw # @@ -454,7 +454,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:40:34 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:16:00 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall36-2.fw.orig b/test/ipt/firewall36-2.fw.orig index b468ac6a9..8721bdf0c 100755 --- a/test/ipt/firewall36-2.fw.orig +++ b/test/ipt/firewall36-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:40:36 2011 PDT by vadim +# Generated Thu May 26 14:16:04 2011 PDT by vadim # # files: * firewall36-2.fw /etc/firewall36-2.fw # @@ -454,7 +454,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:40:36 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:16:04 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall36.fw.orig b/test/ipt/firewall36.fw.orig index 34626a2c3..a94850c9d 100755 --- a/test/ipt/firewall36.fw.orig +++ b/test/ipt/firewall36.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:40:33 2011 PDT by vadim +# Generated Thu May 26 14:16:00 2011 PDT by vadim # # files: * firewall36.fw /etc/firewall36.fw # @@ -518,7 +518,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:40:33 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:16:00 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall37-1.fw.orig b/test/ipt/firewall37-1.fw.orig index 1081b4af8..2bbd5f7d7 100755 --- a/test/ipt/firewall37-1.fw.orig +++ b/test/ipt/firewall37-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:40:38 2011 PDT by vadim +# Generated Thu May 26 14:16:07 2011 PDT by vadim # # files: * firewall37-1.fw /etc/fw/firewall37-1.fw # @@ -987,7 +987,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:40:38 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:16:07 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall37-2.fw.orig b/test/ipt/firewall37-2.fw.orig index 1538c4dbf..a19a4cf5c 100755 --- a/test/ipt/firewall37-2.fw.orig +++ b/test/ipt/firewall37-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:40:39 2011 PDT by vadim +# Generated Thu May 26 14:16:09 2011 PDT by vadim # # files: * firewall37-2.fw /etc/fw/firewall37-2.fw # @@ -328,6 +328,14 @@ script_body() { + # ================ Table 'mangle', rule set classify_2 + # + # Rule classify_2 0 (global) + # + echo "Rule classify_2 0 (global)" + # + $IPTABLES -N classify_2 -t mangle + $IPTABLES -t mangle -A classify_2 -s 192.168.1.0/24 -j CLASSIFY --set-class 1:12 # ================ Table 'mangle', rule set Policy # # Rule 0 (eth0) @@ -497,6 +505,38 @@ script_body() { $IPTABLES -t mangle -A POSTROUTING -i eth0 -s 192.168.1.0/24 -j Cid994761X26049.1 $IPTABLES -t mangle -A Cid994761X26049.1 -p icmp -m icmp --icmp-type 8/0 -j CLASSIFY --set-class 1:2 $IPTABLES -t mangle -A Cid994761X26049.1 -p tcp -m tcp --dport 80 -j CLASSIFY --set-class 1:2 + # + # Rule 16 (global) + # + echo "Rule 16 (global)" + # + # test for #2405 + # branching in mangle; branch rule set + # uses CLASSIFY that is ivalid in PREROUTING + # "Assume fw is part of any" is off for this rule + $IPTABLES -t mangle -A PREROUTING -j classify_2 + $IPTABLES -t mangle -A POSTROUTING -j classify_2 + $IPTABLES -t mangle -A FORWARD -j classify_2 + # + # Rule 17 (global) + # + echo "Rule 17 (global)" + # + # test for #2405 + # branching in mangle; branch rule set + # uses CLASSIFY that is ivalid in PREROUTING + # "Assume fw is part of any" is off for this rule + # Should create branch in OUTPUT instead of + # enumerating all ip addresses of the fw in PREROUTING + $IPTABLES -t mangle -A PREROUTING -s 22.22.23.22 -j classify_2 + $IPTABLES -t mangle -A PREROUTING -s 192.168.1.22 -j classify_2 + $IPTABLES -t mangle -A PREROUTING -s 192.168.2.1 -j classify_2 + $IPTABLES -t mangle -A POSTROUTING -s 22.22.23.22 -j classify_2 + $IPTABLES -t mangle -A POSTROUTING -s 192.168.1.22 -j classify_2 + $IPTABLES -t mangle -A POSTROUTING -s 192.168.2.1 -j classify_2 + $IPTABLES -t mangle -A FORWARD -s 22.22.23.22 -j classify_2 + $IPTABLES -t mangle -A FORWARD -s 192.168.1.22 -j classify_2 + $IPTABLES -t mangle -A FORWARD -s 192.168.2.1 -j classify_2 # ================ Table 'filter', rule set Policy # @@ -580,12 +620,35 @@ script_body() { # echo "Rule 16 (global)" # - $IPTABLES -N RULE_16 - $IPTABLES -A OUTPUT -j RULE_16 - $IPTABLES -A INPUT -j RULE_16 - $IPTABLES -A FORWARD -j RULE_16 - $IPTABLES -A RULE_16 -j LOG --log-level info --log-prefix "RULE 16 -- DENY " - $IPTABLES -A RULE_16 -j DROP + # test for #2405 + # branching in mangle; branch rule set + # uses CLASSIFY that is ivalid in PREROUTING + # "Assume fw is part of any" is off for this rule + $IPTABLES -N classify_2 + $IPTABLES -A FORWARD -j classify_2 + # + # Rule 17 (global) + # + echo "Rule 17 (global)" + # + # test for #2405 + # branching in mangle; branch rule set + # uses CLASSIFY that is ivalid in PREROUTING + # "Assume fw is part of any" is off for this rule + # Should create branch in OUTPUT instead of + # enumerating all ip addresses of the fw in PREROUTING + $IPTABLES -A OUTPUT -j classify_2 + # + # Rule 18 (global) + # + echo "Rule 18 (global)" + # + $IPTABLES -N RULE_18 + $IPTABLES -A OUTPUT -j RULE_18 + $IPTABLES -A INPUT -j RULE_18 + $IPTABLES -A FORWARD -j RULE_18 + $IPTABLES -A RULE_18 -j LOG --log-level info --log-prefix "RULE 18 -- DENY " + $IPTABLES -A RULE_18 -j DROP } ip_forward() { @@ -641,7 +704,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:40:39 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:16:09 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall37.fw.orig b/test/ipt/firewall37.fw.orig index 4e7d5e380..bb2dc3d29 100755 --- a/test/ipt/firewall37.fw.orig +++ b/test/ipt/firewall37.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:40:41 2011 PDT by vadim +# Generated Thu May 26 14:16:05 2011 PDT by vadim # # files: * firewall37.fw /etc/fw/firewall37.fw # @@ -618,21 +618,29 @@ script_body() { # echo "Rule 30 (global)" # + $IPTABLES -t mangle -A POSTROUTING -s 22.22.23.22 -j CLASSIFY --set-class 1:2 + $IPTABLES -t mangle -A POSTROUTING -s 192.168.1.22 -j CLASSIFY --set-class 1:2 + $IPTABLES -t mangle -A POSTROUTING -s 192.168.2.1 -j CLASSIFY --set-class 1:2 + # + # Rule 31 (global) + # + echo "Rule 31 (global)" + # # testing for bug #1618381 # classify action is non-terminating # in this firewall object $IPTABLES -t mangle -A POSTROUTING -p icmp -m icmp --icmp-type 3 -j CLASSIFY --set-class 1:10 # - # Rule 31 (eth0) + # Rule 32 (eth0) # - echo "Rule 31 (eth0)" + echo "Rule 32 (eth0)" # # second rule for bug #1618381 $IPTABLES -t mangle -A POSTROUTING -o eth0 -j CLASSIFY --set-class 1:11 # - # Rule 32 (global) + # Rule 33 (global) # - echo "Rule 32 (global)" + echo "Rule 33 (global)" # # testing for bug #1618381 $IPTABLES -N Cid459A026219324.0 -t mangle @@ -641,9 +649,9 @@ script_body() { $IPTABLES -t mangle -A Cid459A026219324.0 -s 192.168.2.0/24 -j RETURN $IPTABLES -t mangle -A Cid459A026219324.0 -j CLASSIFY --set-class 1:10 # - # Rule 33 (global) + # Rule 34 (global) # - echo "Rule 33 (global)" + echo "Rule 34 (global)" # # testing for bug #1618381 $IPTABLES -N Cid459A5AFB19324.0 -t mangle @@ -653,9 +661,9 @@ script_body() { $IPTABLES -t mangle -A Cid459A5AFB19324.0 -s 192.168.2.0/24 -j RETURN $IPTABLES -t mangle -A Cid459A5AFB19324.0 -j CLASSIFY --set-class 1:10 # - # Rule 34 (eth0) + # Rule 35 (eth0) # - echo "Rule 34 (eth0)" + echo "Rule 35 (eth0)" # # bug #1618381 # this rule uses multiport @@ -665,9 +673,9 @@ script_body() { $IPTABLES -t mangle -A POSTROUTING -o eth0 -p tcp -m tcp -m multiport --dports 113,13,53,2105,21,70,80,443,6667,119,25,3128,22,23,540 -j CLASSIFY --set-class 1:11 $IPTABLES -t mangle -A POSTROUTING -o eth0 -p udp -m udp -m multiport --dports 53,161 -j CLASSIFY --set-class 1:11 # - # Rule 36 (global) + # Rule 37 (global) # - echo "Rule 36 (global)" + echo "Rule 37 (global)" # $IPTABLES -t mangle -A PREROUTING -j mymark $IPTABLES -t mangle -A POSTROUTING -j mymark @@ -1150,9 +1158,9 @@ script_body() { $IPTABLES -A Out_RULE_29 -j LOG --log-level info --log-prefix "RULE 29 -- ACCEPT " $IPTABLES -A Out_RULE_29 -j ACCEPT # - # Rule 30 (global) + # Rule 31 (global) # - echo "Rule 30 (global)" + echo "Rule 31 (global)" # # testing for bug #1618381 # classify action is non-terminating @@ -1161,9 +1169,9 @@ script_body() { $IPTABLES -A INPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT $IPTABLES -A FORWARD -p icmp -m icmp --icmp-type 3 -j ACCEPT # - # Rule 31 (eth0) + # Rule 32 (eth0) # - echo "Rule 31 (eth0)" + echo "Rule 32 (eth0)" # # second rule for bug #1618381 $IPTABLES -A INPUT -i eth0 -j ACCEPT @@ -1171,9 +1179,9 @@ script_body() { $IPTABLES -A OUTPUT -o eth0 -j ACCEPT $IPTABLES -A FORWARD -o eth0 -j ACCEPT # - # Rule 32 (global) + # Rule 33 (global) # - echo "Rule 32 (global)" + echo "Rule 33 (global)" # # testing for bug #1618381 $IPTABLES -N Cid459A026219324.0 @@ -1184,9 +1192,9 @@ script_body() { $IPTABLES -A Cid459A026219324.0 -s 192.168.2.0/24 -j RETURN $IPTABLES -A Cid459A026219324.0 -j ACCEPT # - # Rule 33 (global) + # Rule 34 (global) # - echo "Rule 33 (global)" + echo "Rule 34 (global)" # # testing for bug #1618381 $IPTABLES -N Cid459A5AFB19324.0 @@ -1200,9 +1208,9 @@ script_body() { $IPTABLES -A Cid459A5AFB19324.0 -s 192.168.2.0/24 -j RETURN $IPTABLES -A Cid459A5AFB19324.0 -j ACCEPT # - # Rule 34 (eth0) + # Rule 35 (eth0) # - echo "Rule 34 (eth0)" + echo "Rule 35 (eth0)" # # bug #1618381 # this rule uses multiport @@ -1221,24 +1229,13 @@ script_body() { $IPTABLES -A FORWARD -o eth0 -p tcp -m tcp -m multiport --dports 113,13,53,2105,21,70,80,443,6667,119,25,3128,22,23,540 -j ACCEPT $IPTABLES -A FORWARD -o eth0 -p udp -m udp -m multiport --dports 53,161 -j ACCEPT # - # Rule 35 (global) - # - echo "Rule 35 (global)" - # - $IPTABLES -A INPUT -s 192.168.1.0/24 -j TCPMSS --set-mss 1400 - $IPTABLES -A OUTPUT -s 192.168.1.0/24 -j TCPMSS --set-mss 1400 - $IPTABLES -A FORWARD -s 192.168.1.0/24 -j TCPMSS --set-mss 1400 - # # Rule 36 (global) # echo "Rule 36 (global)" # - $IPTABLES -N RULE_36 - $IPTABLES -A OUTPUT -j RULE_36 - $IPTABLES -A INPUT -j RULE_36 - $IPTABLES -A FORWARD -j RULE_36 - $IPTABLES -A RULE_36 -j LOG --log-level info --log-prefix "RULE 36 -- BRANCH " - $IPTABLES -A RULE_36 -j mymark + $IPTABLES -A INPUT -s 192.168.1.0/24 -j TCPMSS --set-mss 1400 + $IPTABLES -A OUTPUT -s 192.168.1.0/24 -j TCPMSS --set-mss 1400 + $IPTABLES -A FORWARD -s 192.168.1.0/24 -j TCPMSS --set-mss 1400 # # Rule 37 (global) # @@ -1248,8 +1245,19 @@ script_body() { $IPTABLES -A OUTPUT -j RULE_37 $IPTABLES -A INPUT -j RULE_37 $IPTABLES -A FORWARD -j RULE_37 - $IPTABLES -A RULE_37 -j LOG --log-level info --log-prefix "RULE 37 -- DENY " - $IPTABLES -A RULE_37 -j DROP + $IPTABLES -A RULE_37 -j LOG --log-level info --log-prefix "RULE 37 -- BRANCH " + $IPTABLES -A RULE_37 -j mymark + # + # Rule 38 (global) + # + echo "Rule 38 (global)" + # + $IPTABLES -N RULE_38 + $IPTABLES -A OUTPUT -j RULE_38 + $IPTABLES -A INPUT -j RULE_38 + $IPTABLES -A FORWARD -j RULE_38 + $IPTABLES -A RULE_38 -j LOG --log-level info --log-prefix "RULE 38 -- DENY " + $IPTABLES -A RULE_38 -j DROP } ip_forward() { @@ -1305,7 +1313,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:40:41 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:16:05 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall38.fw.orig b/test/ipt/firewall38.fw.orig index 75e978093..57a5dc774 100755 --- a/test/ipt/firewall38.fw.orig +++ b/test/ipt/firewall38.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:40:41 2011 PDT by vadim +# Generated Thu May 26 14:16:11 2011 PDT by vadim # # files: * firewall38.fw /etc/fw/firewall38.fw # @@ -540,7 +540,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:40:41 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:16:11 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall39.fw.orig b/test/ipt/firewall39.fw.orig index 423df29fc..f7fa63d5c 100755 --- a/test/ipt/firewall39.fw.orig +++ b/test/ipt/firewall39.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:40:43 2011 PDT by vadim +# Generated Thu May 26 14:16:13 2011 PDT by vadim # # files: * firewall39.fw /etc/fw/firewall39.fw # @@ -820,7 +820,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:40:43 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:16:13 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall4.fw.orig b/test/ipt/firewall4.fw.orig index ad7ab412a..62ffcd1a1 100755 --- a/test/ipt/firewall4.fw.orig +++ b/test/ipt/firewall4.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:40:44 2011 PDT by vadim +# Generated Thu May 26 14:16:14 2011 PDT by vadim # # files: * firewall4.fw /etc/fw/firewall4.fw # @@ -733,7 +733,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:40:44 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:16:14 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall40-1.fw.orig b/test/ipt/firewall40-1.fw.orig index 9f1e85576..18cee16b5 100755 --- a/test/ipt/firewall40-1.fw.orig +++ b/test/ipt/firewall40-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:40:46 2011 PDT by vadim +# Generated Thu May 26 14:16:18 2011 PDT by vadim # # files: * firewall40-1.fw /etc/firewall40-1.fw # @@ -12,8 +12,8 @@ # # more complex and realistic combination of Tag and Route rules that are in the separate Policy rule set -# firewall40-1:Policy_1:3: error: Option Route is deprecated. You can use Custom Action to geenrate iptables command using '-j ROUTE' target if it is supported by your firewall OS -# firewall40-1:Policy_1:4: error: Option Route is deprecated. You can use Custom Action to geenrate iptables command using '-j ROUTE' target if it is supported by your firewall OS +# firewall40-1:Policy_1:3: error: Option Route is deprecated. You can use Custom Action to generate iptables command using '-j ROUTE' target if it is supported by your firewall OS +# firewall40-1:Policy_1:4: error: Option Route is deprecated. You can use Custom Action to generate iptables command using '-j ROUTE' target if it is supported by your firewall OS FWBDEBUG="" @@ -462,7 +462,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:40:46 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:16:18 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall40-2.fw.orig b/test/ipt/firewall40-2.fw.orig index f4c16bb8c..d9c92cf34 100755 --- a/test/ipt/firewall40-2.fw.orig +++ b/test/ipt/firewall40-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:40:47 2011 PDT by vadim +# Generated Thu May 26 14:16:20 2011 PDT by vadim # # files: * firewall40-2.fw /etc/firewall40-2.fw # @@ -12,8 +12,8 @@ # # more complex and realistic combination of Tag and Route rules that are in the separate Policy rule set. Here the top Policy rule set is empty -# firewall40-2:Policy_1:3: error: Option Route is deprecated. You can use Custom Action to geenrate iptables command using '-j ROUTE' target if it is supported by your firewall OS -# firewall40-2:Policy_1:4: error: Option Route is deprecated. You can use Custom Action to geenrate iptables command using '-j ROUTE' target if it is supported by your firewall OS +# firewall40-2:Policy_1:3: error: Option Route is deprecated. You can use Custom Action to generate iptables command using '-j ROUTE' target if it is supported by your firewall OS +# firewall40-2:Policy_1:4: error: Option Route is deprecated. You can use Custom Action to generate iptables command using '-j ROUTE' target if it is supported by your firewall OS FWBDEBUG="" @@ -449,7 +449,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:40:47 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:16:20 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall40.fw.orig b/test/ipt/firewall40.fw.orig index dfbce9b2f..3b65d667f 100755 --- a/test/ipt/firewall40.fw.orig +++ b/test/ipt/firewall40.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:40:45 2011 PDT by vadim +# Generated Thu May 26 14:16:17 2011 PDT by vadim # # files: * firewall40.fw /etc/firewall40.fw # @@ -12,8 +12,8 @@ # # more complex and realistic combination of Tag and Route rules -# firewall40:Policy:3: error: Option Route is deprecated. You can use Custom Action to geenrate iptables command using '-j ROUTE' target if it is supported by your firewall OS -# firewall40:Policy:4: error: Option Route is deprecated. You can use Custom Action to geenrate iptables command using '-j ROUTE' target if it is supported by your firewall OS +# firewall40:Policy:3: error: Option Route is deprecated. You can use Custom Action to generate iptables command using '-j ROUTE' target if it is supported by your firewall OS +# firewall40:Policy:4: error: Option Route is deprecated. You can use Custom Action to generate iptables command using '-j ROUTE' target if it is supported by your firewall OS FWBDEBUG="" @@ -455,7 +455,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:40:45 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:16:17 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall41-1.fw.orig b/test/ipt/firewall41-1.fw.orig index 67e50b50e..87c77a96a 100755 --- a/test/ipt/firewall41-1.fw.orig +++ b/test/ipt/firewall41-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:40:49 2011 PDT by vadim +# Generated Thu May 26 14:16:24 2011 PDT by vadim # # files: * firewall41-1.fw /etc/firewall41-1.fw # @@ -596,7 +596,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:40:49 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:16:24 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall41.fw.orig b/test/ipt/firewall41.fw.orig index 0a2e9b659..347bed83f 100755 --- a/test/ipt/firewall41.fw.orig +++ b/test/ipt/firewall41.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:40:50 2011 PDT by vadim +# Generated Thu May 26 14:16:22 2011 PDT by vadim # # files: * firewall41.fw /etc/firewall41.fw # @@ -480,7 +480,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:40:50 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:16:22 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall42.fw.orig b/test/ipt/firewall42.fw.orig index ba7f07928..1178a52bb 100755 --- a/test/ipt/firewall42.fw.orig +++ b/test/ipt/firewall42.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:40:52 2011 PDT by vadim +# Generated Thu May 26 14:16:28 2011 PDT by vadim # # files: * firewall42.fw /etc/fw/firewall42.fw # @@ -405,7 +405,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:40:52 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:16:28 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall5.fw.orig b/test/ipt/firewall5.fw.orig index d5f709883..331d7356f 100755 --- a/test/ipt/firewall5.fw.orig +++ b/test/ipt/firewall5.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:40:54 2011 PDT by vadim +# Generated Thu May 26 14:16:29 2011 PDT by vadim # # files: * firewall5.fw /etc/fw/firewall5.fw # @@ -647,7 +647,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:40:54 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:16:29 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall50.fw.orig b/test/ipt/firewall50.fw.orig index cc53f50db..726581499 100755 --- a/test/ipt/firewall50.fw.orig +++ b/test/ipt/firewall50.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:40:54 2011 PDT by vadim +# Generated Thu May 26 14:16:31 2011 PDT by vadim # # files: * firewall50.fw /etc/fw/firewall50.fw # @@ -439,7 +439,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:40:54 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:16:31 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall51.fw.orig b/test/ipt/firewall51.fw.orig index 3fd16dc47..0349a5d9b 100755 --- a/test/ipt/firewall51.fw.orig +++ b/test/ipt/firewall51.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:40:56 2011 PDT by vadim +# Generated Thu May 26 14:16:33 2011 PDT by vadim # # files: * firewall51.fw /etc/fw/firewall51.fw # @@ -512,7 +512,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:40:56 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:16:33 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall6.fw.orig b/test/ipt/firewall6.fw.orig index 0f8bfe5a4..953e4eb42 100755 --- a/test/ipt/firewall6.fw.orig +++ b/test/ipt/firewall6.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:40:56 2011 PDT by vadim +# Generated Thu May 26 14:16:35 2011 PDT by vadim # # files: * firewall6.fw /etc/fw/firewall6.fw # @@ -534,7 +534,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:40:56 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:16:35 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall60.fw.orig b/test/ipt/firewall60.fw.orig index ed89ba600..c4d5ac129 100755 --- a/test/ipt/firewall60.fw.orig +++ b/test/ipt/firewall60.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:40:58 2011 PDT by vadim +# Generated Thu May 26 14:16:37 2011 PDT by vadim # # files: * firewall60.fw /etc/firewall60.fw # @@ -440,7 +440,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:40:58 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:16:37 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall61-1.2.5.fw.orig b/test/ipt/firewall61-1.2.5.fw.orig index 639fd2ec6..893cadda6 100755 --- a/test/ipt/firewall61-1.2.5.fw.orig +++ b/test/ipt/firewall61-1.2.5.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:40:58 2011 PDT by vadim +# Generated Thu May 26 14:16:38 2011 PDT by vadim # # files: * firewall61-1.2.5.fw /etc/firewall61-1.2.5.fw # @@ -520,7 +520,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:40:58 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:16:38 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall61-1.2.6.fw.orig b/test/ipt/firewall61-1.2.6.fw.orig index 639364b36..6b99ae44c 100755 --- a/test/ipt/firewall61-1.2.6.fw.orig +++ b/test/ipt/firewall61-1.2.6.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:41:00 2011 PDT by vadim +# Generated Thu May 26 14:16:41 2011 PDT by vadim # # files: * firewall61-1.2.6.fw /etc/firewall61-1.2.6.fw # @@ -526,7 +526,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:41:00 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:16:41 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall61-1.3.x.fw.orig b/test/ipt/firewall61-1.3.x.fw.orig index ae28afc5d..bb11affcc 100755 --- a/test/ipt/firewall61-1.3.x.fw.orig +++ b/test/ipt/firewall61-1.3.x.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:41:01 2011 PDT by vadim +# Generated Thu May 26 14:16:42 2011 PDT by vadim # # files: * firewall61-1.3.x.fw /etc/firewall61-1.3.x.fw # @@ -513,7 +513,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:41:01 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:16:42 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall61-1.4.fw.orig b/test/ipt/firewall61-1.4.fw.orig index 0e98ce912..cc58f2535 100755 --- a/test/ipt/firewall61-1.4.fw.orig +++ b/test/ipt/firewall61-1.4.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:41:02 2011 PDT by vadim +# Generated Thu May 26 14:16:45 2011 PDT by vadim # # files: * firewall61-1.4.fw /etc/firewall61-1.4.fw # @@ -514,7 +514,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:41:02 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:16:45 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall62.fw.orig b/test/ipt/firewall62.fw.orig index e560efef4..6cb7b324a 100755 --- a/test/ipt/firewall62.fw.orig +++ b/test/ipt/firewall62.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:41:03 2011 PDT by vadim +# Generated Thu May 26 14:16:46 2011 PDT by vadim # # files: * firewall62.fw /etc/firewall62.fw # @@ -590,7 +590,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:41:03 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:16:46 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall63.fw.orig b/test/ipt/firewall63.fw.orig index 33a91db4b..37c8f48cd 100755 --- a/test/ipt/firewall63.fw.orig +++ b/test/ipt/firewall63.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:41:04 2011 PDT by vadim +# Generated Thu May 26 14:16:49 2011 PDT by vadim # # files: * firewall63.fw /etc/firewall63.fw # @@ -410,7 +410,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:41:04 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:16:49 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall7.fw.orig b/test/ipt/firewall7.fw.orig index 33d60e047..f9eebe4a4 100755 --- a/test/ipt/firewall7.fw.orig +++ b/test/ipt/firewall7.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:41:05 2011 PDT by vadim +# Generated Thu May 26 14:16:50 2011 PDT by vadim # # files: * firewall7.fw /etc/fw/firewall7.fw # @@ -494,7 +494,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:41:05 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:16:50 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall70.fw.orig b/test/ipt/firewall70.fw.orig index 07ce2f624..a9b13d1e5 100755 --- a/test/ipt/firewall70.fw.orig +++ b/test/ipt/firewall70.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:41:07 2011 PDT by vadim +# Generated Thu May 26 14:16:52 2011 PDT by vadim # # files: * firewall70.fw iptables.sh # @@ -433,7 +433,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:41:07 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:16:52 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall71.fw.orig b/test/ipt/firewall71.fw.orig index 6bc505b78..bfd5495b1 100755 --- a/test/ipt/firewall71.fw.orig +++ b/test/ipt/firewall71.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:41:07 2011 PDT by vadim +# Generated Thu May 26 14:16:54 2011 PDT by vadim # # files: * firewall71.fw /etc/fw/firewall71.fw # @@ -449,7 +449,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:41:07 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:16:54 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall72-1.3.x.fw.orig b/test/ipt/firewall72-1.3.x.fw.orig index b6f162156..fcf799cb3 100755 --- a/test/ipt/firewall72-1.3.x.fw.orig +++ b/test/ipt/firewall72-1.3.x.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:41:09 2011 PDT by vadim +# Generated Thu May 26 14:16:56 2011 PDT by vadim # # files: * firewall72-1.3.x.fw /etc/fw/firewall72-1.3.x.fw # @@ -581,7 +581,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:41:09 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:16:56 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall72-1.4.3.fw.orig b/test/ipt/firewall72-1.4.3.fw.orig index 32820e12c..9a91d1a8c 100755 --- a/test/ipt/firewall72-1.4.3.fw.orig +++ b/test/ipt/firewall72-1.4.3.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:41:09 2011 PDT by vadim +# Generated Thu May 26 14:16:57 2011 PDT by vadim # # files: * firewall72-1.4.3.fw /etc/fw/firewall72-1.4.3.fw # @@ -581,7 +581,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:41:09 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:16:57 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall73.fw.orig b/test/ipt/firewall73.fw.orig index 03056a52d..d836622ec 100755 --- a/test/ipt/firewall73.fw.orig +++ b/test/ipt/firewall73.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:41:11 2011 PDT by vadim +# Generated Thu May 26 14:17:01 2011 PDT by vadim # # files: * firewall73.fw /etc/fw/firewall73.fw # @@ -544,7 +544,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:41:11 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:17:01 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall74.fw.orig b/test/ipt/firewall74.fw.orig index 71420bac2..dae927513 100755 --- a/test/ipt/firewall74.fw.orig +++ b/test/ipt/firewall74.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:41:11 2011 PDT by vadim +# Generated Thu May 26 14:17:01 2011 PDT by vadim # # files: * firewall74.fw /etc/fw/firewall74.fw # @@ -396,7 +396,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:41:11 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:17:01 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall8.fw.orig b/test/ipt/firewall8.fw.orig index 3d078d9dd..41c61e515 100755 --- a/test/ipt/firewall8.fw.orig +++ b/test/ipt/firewall8.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:41:13 2011 PDT by vadim +# Generated Thu May 26 14:17:05 2011 PDT by vadim # # files: * firewall8.fw /etc/fw/firewall8.fw # @@ -381,7 +381,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:41:13 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:17:05 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall80.fw.orig b/test/ipt/firewall80.fw.orig index 388e9307a..a475e3b01 100755 --- a/test/ipt/firewall80.fw.orig +++ b/test/ipt/firewall80.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:41:14 2011 PDT by vadim +# Generated Thu May 26 14:17:05 2011 PDT by vadim # # files: * firewall80.fw /etc/fw/firewall80.fw # @@ -420,7 +420,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:41:14 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:17:05 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall81.fw.orig b/test/ipt/firewall81.fw.orig index 44b7170d7..257b6c2e7 100755 --- a/test/ipt/firewall81.fw.orig +++ b/test/ipt/firewall81.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:41:15 2011 PDT by vadim +# Generated Thu May 26 14:17:08 2011 PDT by vadim # # files: * firewall81.fw /etc/fw/firewall81.fw # @@ -441,7 +441,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:41:15 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:17:08 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall82.fw.orig b/test/ipt/firewall82.fw.orig index 59bbf2714..a6ef10b31 100755 --- a/test/ipt/firewall82.fw.orig +++ b/test/ipt/firewall82.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:41:16 2011 PDT by vadim +# Generated Thu May 26 14:17:09 2011 PDT by vadim # # files: * firewall82.fw /etc/firewall82.fw # @@ -434,7 +434,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:41:16 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:17:09 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall82_A.fw.orig b/test/ipt/firewall82_A.fw.orig index c8465d8d1..08782b8f4 100755 --- a/test/ipt/firewall82_A.fw.orig +++ b/test/ipt/firewall82_A.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:41:18 2011 PDT by vadim +# Generated Thu May 26 14:17:12 2011 PDT by vadim # # files: * firewall82_A.fw /etc/fw/firewall82_A.fw # @@ -421,7 +421,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:41:18 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:17:12 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall82_B.fw.orig b/test/ipt/firewall82_B.fw.orig index 5eb9f8f48..59706b61c 100755 --- a/test/ipt/firewall82_B.fw.orig +++ b/test/ipt/firewall82_B.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:41:18 2011 PDT by vadim +# Generated Thu May 26 14:17:13 2011 PDT by vadim # # files: * firewall82_B.fw /etc/fw/firewall82_B.fw # @@ -384,7 +384,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:41:18 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:17:13 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall9.fw.orig b/test/ipt/firewall9.fw.orig index 726e2c61c..4e7b42944 100755 --- a/test/ipt/firewall9.fw.orig +++ b/test/ipt/firewall9.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:41:20 2011 PDT by vadim +# Generated Thu May 26 14:17:16 2011 PDT by vadim # # files: * firewall9.fw /etc/fw/firewall9.fw # @@ -642,7 +642,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:41:20 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:17:16 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall90.fw.orig b/test/ipt/firewall90.fw.orig index a45be4848..ca1873278 100755 --- a/test/ipt/firewall90.fw.orig +++ b/test/ipt/firewall90.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:41:20 2011 PDT by vadim +# Generated Thu May 26 14:17:17 2011 PDT by vadim # # files: * firewall90.fw /etc/fw/firewall90.fw # @@ -404,7 +404,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:41:20 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:17:17 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall91.fw.orig b/test/ipt/firewall91.fw.orig index 8f612ede0..d71167b1e 100755 --- a/test/ipt/firewall91.fw.orig +++ b/test/ipt/firewall91.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:41:22 2011 PDT by vadim +# Generated Thu May 26 14:17:20 2011 PDT by vadim # # files: * firewall91.fw /etc/fw/firewall91.fw # @@ -404,7 +404,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:41:22 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:17:20 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall92.fw.orig b/test/ipt/firewall92.fw.orig index c66b74034..0fcbef882 100755 --- a/test/ipt/firewall92.fw.orig +++ b/test/ipt/firewall92.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:41:22 2011 PDT by vadim +# Generated Thu May 26 14:17:21 2011 PDT by vadim # # files: * firewall92.fw /etc/fw/firewall92.fw # @@ -440,7 +440,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:41:22 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:17:21 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall93.fw.orig b/test/ipt/firewall93.fw.orig index 75b095bbf..7b77a4e6e 100755 --- a/test/ipt/firewall93.fw.orig +++ b/test/ipt/firewall93.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:41:25 2011 PDT by vadim +# Generated Thu May 26 14:17:25 2011 PDT by vadim # # files: * firewall93.fw /etc/fw/firewall93.fw # @@ -483,7 +483,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:41:25 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:17:25 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/fw-A.fw.orig b/test/ipt/fw-A.fw.orig index a8d5b15bb..f4643fcd4 100755 --- a/test/ipt/fw-A.fw.orig +++ b/test/ipt/fw-A.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:42:11 2011 PDT by vadim +# Generated Thu May 26 14:18:08 2011 PDT by vadim # # files: * fw-A.fw /sw/FWbuilder/fw-A.fw # @@ -745,7 +745,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:42:11 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:18:08 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/fw1.fw.orig b/test/ipt/fw1.fw.orig index c987c4554..d942c10f7 100755 --- a/test/ipt/fw1.fw.orig +++ b/test/ipt/fw1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:42:09 2011 PDT by vadim +# Generated Thu May 26 14:18:07 2011 PDT by vadim # # files: * fw1.fw /etc/fw1.fw # @@ -546,7 +546,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:42:09 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:18:07 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/fwbuilder.fw.orig b/test/ipt/fwbuilder.fw.orig index 3f7ff9ca3..bae232e7a 100755 --- a/test/ipt/fwbuilder.fw.orig +++ b/test/ipt/fwbuilder.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:40:51 2011 PDT by vadim +# Generated Thu May 26 14:16:26 2011 PDT by vadim # # files: * fwbuilder.fw /etc/init.d/fwbuilder.fw # @@ -504,7 +504,7 @@ status_action() { } start() { - log "Activating firewall script generated Sat May 14 15:40:51 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:16:26 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/heartbeat_cluster_1_d_linux-1-d.fw.orig b/test/ipt/heartbeat_cluster_1_d_linux-1-d.fw.orig index c02473d33..15936b04a 100755 --- a/test/ipt/heartbeat_cluster_1_d_linux-1-d.fw.orig +++ b/test/ipt/heartbeat_cluster_1_d_linux-1-d.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:42:18 2011 PDT by vadim +# Generated Thu May 26 14:18:22 2011 PDT by vadim # # files: * heartbeat_cluster_1_d_linux-1-d.fw firewall.sh # @@ -747,7 +747,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:42:18 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:18:22 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/heartbeat_cluster_1_d_linux-2-d.fw.orig b/test/ipt/heartbeat_cluster_1_d_linux-2-d.fw.orig index cb573cfa0..80e3bc7e0 100755 --- a/test/ipt/heartbeat_cluster_1_d_linux-2-d.fw.orig +++ b/test/ipt/heartbeat_cluster_1_d_linux-2-d.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:42:18 2011 PDT by vadim +# Generated Thu May 26 14:18:22 2011 PDT by vadim # # files: * heartbeat_cluster_1_d_linux-2-d.fw firewall.sh # @@ -751,7 +751,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:42:18 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:18:22 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/heartbeat_cluster_1_linux-1.fw.orig b/test/ipt/heartbeat_cluster_1_linux-1.fw.orig index 9af2bdcb5..8d01b8050 100755 --- a/test/ipt/heartbeat_cluster_1_linux-1.fw.orig +++ b/test/ipt/heartbeat_cluster_1_linux-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:42:18 2011 PDT by vadim +# Generated Thu May 26 14:18:21 2011 PDT by vadim # # files: * heartbeat_cluster_1_linux-1.fw /etc/heartbeat_cluster_1_linux-1.fw # @@ -864,7 +864,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:42:18 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:18:21 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/heartbeat_cluster_1_linux-2.fw.orig b/test/ipt/heartbeat_cluster_1_linux-2.fw.orig index 704e26a22..ecc7192e1 100755 --- a/test/ipt/heartbeat_cluster_1_linux-2.fw.orig +++ b/test/ipt/heartbeat_cluster_1_linux-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:42:18 2011 PDT by vadim +# Generated Thu May 26 14:18:21 2011 PDT by vadim # # files: * heartbeat_cluster_1_linux-2.fw /etc/heartbeat_cluster_1_linux-2.fw # @@ -762,7 +762,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:42:18 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:18:21 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/heartbeat_cluster_2_linux-1.fw.orig b/test/ipt/heartbeat_cluster_2_linux-1.fw.orig index d8e2a488d..0db794844 100755 --- a/test/ipt/heartbeat_cluster_2_linux-1.fw.orig +++ b/test/ipt/heartbeat_cluster_2_linux-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:42:19 2011 PDT by vadim +# Generated Thu May 26 14:18:22 2011 PDT by vadim # # files: * heartbeat_cluster_2_linux-1.fw /etc/heartbeat_cluster_2_linux-1.fw # @@ -728,7 +728,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:42:19 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:18:22 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/heartbeat_cluster_2_linux-2.fw.orig b/test/ipt/heartbeat_cluster_2_linux-2.fw.orig index 85d43b683..3fe662357 100755 --- a/test/ipt/heartbeat_cluster_2_linux-2.fw.orig +++ b/test/ipt/heartbeat_cluster_2_linux-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:42:19 2011 PDT by vadim +# Generated Thu May 26 14:18:23 2011 PDT by vadim # # files: * heartbeat_cluster_2_linux-2.fw /etc/heartbeat_cluster_2_linux-2.fw # @@ -641,7 +641,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:42:19 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:18:23 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/host.fw.orig b/test/ipt/host.fw.orig index f8a4865ad..d4ed4f5cf 100755 --- a/test/ipt/host.fw.orig +++ b/test/ipt/host.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:42:11 2011 PDT by vadim +# Generated Thu May 26 14:18:11 2011 PDT by vadim # # files: * host.fw /etc/fw/host.fw # @@ -443,7 +443,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:42:11 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:18:11 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/openais_cluster_1_linux-1.fw.orig b/test/ipt/openais_cluster_1_linux-1.fw.orig index 8a99b75c0..ab0744cd9 100755 --- a/test/ipt/openais_cluster_1_linux-1.fw.orig +++ b/test/ipt/openais_cluster_1_linux-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:42:19 2011 PDT by vadim +# Generated Thu May 26 14:18:23 2011 PDT by vadim # # files: * openais_cluster_1_linux-1.fw /etc/openais_cluster_1_linux-1.fw # @@ -728,7 +728,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:42:19 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:18:23 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/openais_cluster_1_linux-2.fw.orig b/test/ipt/openais_cluster_1_linux-2.fw.orig index 9ededa8e4..93da2796a 100755 --- a/test/ipt/openais_cluster_1_linux-2.fw.orig +++ b/test/ipt/openais_cluster_1_linux-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:42:19 2011 PDT by vadim +# Generated Thu May 26 14:18:23 2011 PDT by vadim # # files: * openais_cluster_1_linux-2.fw /etc/openais_cluster_1_linux-2.fw # @@ -632,7 +632,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:42:19 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:18:23 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/rc.firewall.local b/test/ipt/rc.firewall.local index c390c6b6c..0c636c2ae 100755 --- a/test/ipt/rc.firewall.local +++ b/test/ipt/rc.firewall.local @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:42:13 2011 PDT by vadim +# Generated Thu May 26 14:18:12 2011 PDT by vadim # # files: * rc.firewall.local /etc/rc.d//rc.firewall.local # diff --git a/test/ipt/rh90.fw.orig b/test/ipt/rh90.fw.orig index 87a42060f..d2d1530ce 100755 --- a/test/ipt/rh90.fw.orig +++ b/test/ipt/rh90.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:42:13 2011 PDT by vadim +# Generated Thu May 26 14:18:15 2011 PDT by vadim # # files: * rh90.fw /etc/rh90.fw # @@ -442,7 +442,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:42:13 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:18:15 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/secuwall_cluster_1_secuwall-1.fw.orig b/test/ipt/secuwall_cluster_1_secuwall-1.fw.orig index 136df11d1..97de27c67 100755 --- a/test/ipt/secuwall_cluster_1_secuwall-1.fw.orig +++ b/test/ipt/secuwall_cluster_1_secuwall-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:42:19 2011 PDT by vadim +# Generated Thu May 26 14:18:23 2011 PDT by vadim # # files: * secuwall_cluster_1_secuwall-1.fw /etc/secuwall_cluster_1_secuwall-1.fw # @@ -426,7 +426,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:42:19 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:18:23 2011 by vadim" log "Database was cluster-tests.fwb" check_tools check_run_time_address_table_files diff --git a/test/ipt/server-cluster-1_server-1.fw.orig b/test/ipt/server-cluster-1_server-1.fw.orig index fa7418f67..f8d19357b 100755 --- a/test/ipt/server-cluster-1_server-1.fw.orig +++ b/test/ipt/server-cluster-1_server-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:42:19 2011 PDT by vadim +# Generated Thu May 26 14:18:23 2011 PDT by vadim # # files: * server-cluster-1_server-1.fw /etc/fw/server-cluster-1_server-1.fw # @@ -421,7 +421,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:42:19 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:18:23 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/server-cluster-1_server-2.fw.orig b/test/ipt/server-cluster-1_server-2.fw.orig index 592c04d51..718d1a550 100755 --- a/test/ipt/server-cluster-1_server-2.fw.orig +++ b/test/ipt/server-cluster-1_server-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:42:19 2011 PDT by vadim +# Generated Thu May 26 14:18:23 2011 PDT by vadim # # files: * server-cluster-1_server-2.fw /etc/fw/server-cluster-1_server-2.fw # @@ -418,7 +418,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:42:19 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:18:23 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/test-shadowing-1.fw.orig b/test/ipt/test-shadowing-1.fw.orig index 0e76ac0ee..bd9a2f0c9 100755 --- a/test/ipt/test-shadowing-1.fw.orig +++ b/test/ipt/test-shadowing-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:42:15 2011 PDT by vadim +# Generated Thu May 26 14:18:19 2011 PDT by vadim # # files: * test-shadowing-1.fw /etc/test-shadowing-1.fw # @@ -492,7 +492,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:42:15 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:18:19 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/test-shadowing-2.fw.orig b/test/ipt/test-shadowing-2.fw.orig index d30689dbe..a5dd11756 100755 --- a/test/ipt/test-shadowing-2.fw.orig +++ b/test/ipt/test-shadowing-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:42:17 2011 PDT by vadim +# Generated Thu May 26 14:18:20 2011 PDT by vadim # # files: * test-shadowing-2.fw /etc/test-shadowing-2.fw # @@ -450,7 +450,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:42:17 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:18:20 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/test-shadowing-3.fw.orig b/test/ipt/test-shadowing-3.fw.orig index fc32edf9b..4c1f37fc7 100755 --- a/test/ipt/test-shadowing-3.fw.orig +++ b/test/ipt/test-shadowing-3.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:42:18 2011 PDT by vadim +# Generated Thu May 26 14:18:22 2011 PDT by vadim # # files: * test-shadowing-3.fw /etc/test-shadowing-3.fw # @@ -499,7 +499,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:42:18 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:18:22 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/test_fw.fw.orig b/test/ipt/test_fw.fw.orig index 401437ba7..a7e16a7f3 100755 --- a/test/ipt/test_fw.fw.orig +++ b/test/ipt/test_fw.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:42:15 2011 PDT by vadim +# Generated Thu May 26 14:18:16 2011 PDT by vadim # # files: * test_fw.fw /etc/test_fw.fw # @@ -591,7 +591,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:42:15 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:18:16 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/vrrp_cluster_1_linux-1.fw.orig b/test/ipt/vrrp_cluster_1_linux-1.fw.orig index 3da903046..45fc4ccb3 100755 --- a/test/ipt/vrrp_cluster_1_linux-1.fw.orig +++ b/test/ipt/vrrp_cluster_1_linux-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:42:19 2011 PDT by vadim +# Generated Thu May 26 14:18:24 2011 PDT by vadim # # files: * vrrp_cluster_1_linux-1.fw /etc/vrrp_cluster_1_linux-1.fw # @@ -731,7 +731,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:42:19 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:18:24 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/vrrp_cluster_1_linux-2.fw.orig b/test/ipt/vrrp_cluster_1_linux-2.fw.orig index eaf0ddf70..d0958aea6 100755 --- a/test/ipt/vrrp_cluster_1_linux-2.fw.orig +++ b/test/ipt/vrrp_cluster_1_linux-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:42:20 2011 PDT by vadim +# Generated Thu May 26 14:18:24 2011 PDT by vadim # # files: * vrrp_cluster_1_linux-2.fw /etc/vrrp_cluster_1_linux-2.fw # @@ -636,7 +636,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:42:20 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:18:24 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/vrrp_cluster_2_linux-1.fw.orig b/test/ipt/vrrp_cluster_2_linux-1.fw.orig index 8f22e4234..be4015563 100755 --- a/test/ipt/vrrp_cluster_2_linux-1.fw.orig +++ b/test/ipt/vrrp_cluster_2_linux-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:42:20 2011 PDT by vadim +# Generated Thu May 26 14:18:24 2011 PDT by vadim # # files: * vrrp_cluster_2_linux-1.fw /etc/vrrp_cluster_2_linux-1.fw # @@ -663,7 +663,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:42:20 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:18:24 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/vrrp_cluster_2_linux-2.fw.orig b/test/ipt/vrrp_cluster_2_linux-2.fw.orig index 5a72eb397..3f4852ee9 100755 --- a/test/ipt/vrrp_cluster_2_linux-2.fw.orig +++ b/test/ipt/vrrp_cluster_2_linux-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:42:20 2011 PDT by vadim +# Generated Thu May 26 14:18:24 2011 PDT by vadim # # files: * vrrp_cluster_2_linux-2.fw /etc/vrrp_cluster_2_linux-2.fw # @@ -568,7 +568,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:42:20 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:18:24 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/vrrp_cluster_2_linux-3.fw.orig b/test/ipt/vrrp_cluster_2_linux-3.fw.orig index 2cb9631f5..910240d44 100755 --- a/test/ipt/vrrp_cluster_2_linux-3.fw.orig +++ b/test/ipt/vrrp_cluster_2_linux-3.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3542 +# Firewall Builder fwb_ipt v4.3.0.3546 # -# Generated Sat May 14 15:42:20 2011 PDT by vadim +# Generated Thu May 26 14:18:24 2011 PDT by vadim # # files: * vrrp_cluster_2_linux-3.fw /etc/vrrp_cluster_2_linux-3.fw # @@ -544,7 +544,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Sat May 14 15:42:20 2011 by vadim" + log "Activating firewall script generated Thu May 26 14:18:24 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files