onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-23 11:47:24 +01:00
Code Issues Releases Wiki Activity

see #2464 implemented import of "set timeout" commands

Browse Source
This commit is contained in:
Vadim Kurland 2011-06-02 11:38:13 -07:00
parent d825133481
commit b86900cc54
9 changed files with 1975 additions and 1015 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

79
src/import/PFImporter.cpp
View File

@ -146,6 +146,10 @@ void PFImporter::clear()
nat_rule_opt_1 = "";
nat_rule_opt_2 = "";
// Do not clear list of timeout name-value pairs since it is filled
// when we parse "set timeout" commands and then used in finalize()
// timeouts.clear();
Importer::clear();
}
@ -921,6 +925,8 @@ Firewall* PFImporter::finalize()
fw->setStr("host_OS", host_os);
Resources::setDefaultTargetOptions(host_os , fw);
FWOptions* options = fw->getOptionsObject();
// We may be able to infer at least something about the version
// from the pf.conf file in the future.
string version = findBestVersionMatch(
@ -955,6 +961,79 @@ Firewall* PFImporter::finalize()
iface->setDyn(true);
}
// configure timeouts
// mapping between PF timeout names and our option names
map<string, string> timeout_option_names;
timeout_option_names["tcp.first"] = "pf_tcp_first";
timeout_option_names["tcp.opening"] = "pf_tcp_opening";
timeout_option_names["tcp.established"] = "pf_tcp_established";
timeout_option_names["tcp.closing"] = "pf_tcp_closing";
timeout_option_names["tcp.finwait"] = "pf_tcp_finwait";
timeout_option_names["tcp.closed"] = "pf_tcp_closed";
timeout_option_names["udp.first"] = "pf_udp_first";
timeout_option_names["udp.single"] = "pf_udp_single";
timeout_option_names["udp.multiple"] = "pf_udp_multiple";
timeout_option_names["icmp.first"] = "pf_icmp_first";
timeout_option_names["icmp.error"] = "pf_icmp_error";
timeout_option_names["other.first"] = "pf_other_first";
timeout_option_names["other.single"] = "pf_other_single";
timeout_option_names["other.multiple"] = "pf_other_multiple";
timeout_option_names["adaptive.start"] = "pf_adaptive_start";
timeout_option_names["adaptive.end"] = "pf_adaptive_end";
timeout_option_names["frag"] = "pf_timeout_frag";
timeout_option_names["interval"] = "pf_timeout_interval";
// looks like we do not support src.track as of 4.3
// timeout_option_names["src.track"] = "pf_src_track";
// mapping between PF timeout names and boolean option names that
// activate setting of the corresponding timeout
map<string, string> timeout_activation_names;
timeout_activation_names["tcp.first"] = "pf_set_tcp_first";
timeout_activation_names["tcp.opening"] = "pf_set_tcp_opening";
timeout_activation_names["tcp.established"] = "pf_set_tcp_established";
timeout_activation_names["tcp.closing"] = "pf_set_tcp_closing";
timeout_activation_names["tcp.finwait"] = "pf_set_tcp_finwait";
timeout_activation_names["tcp.closed"] = "pf_set_tcp_closed";
timeout_activation_names["udp.first"] = "pf_set_udp_first";
timeout_activation_names["udp.single"] = "pf_set_udp_single";
timeout_activation_names["udp.multiple"] = "pf_set_udp_multiple";
timeout_activation_names["icmp.first"] = "pf_set_icmp_first";
timeout_activation_names["icmp.error"] = "pf_set_icmp_error";
timeout_activation_names["other.first"] = "pf_set_other_first";
timeout_activation_names["other.single"] = "pf_set_other_single";
timeout_activation_names["other.multiple"] = "pf_set_other_multiple";
timeout_activation_names["adaptive.start"] = "pf_set_adaptive";
timeout_activation_names["adaptive.end"] = "pf_set_adaptive";
timeout_activation_names["frag"] = "pf_do_timeout_frag";
timeout_activation_names["interval"] = "pf_do_timeout_interval";
list<str_tuple>::iterator it;
for (it=timeouts.begin(); it!=timeouts.end(); ++it)
{
string name = it->first;
bool ok = false;
int value = QString(it->second.c_str()).toInt(&ok);
qDebug() << "Timeout " << name.c_str() << "=" << value;
if (timeout_activation_names.count(name) == 0)
{
error_tracker->registerError(
QObject::tr("Unknown timeout name %1").arg(name.c_str()));
} else
{
options->setBool(timeout_activation_names[name], true);
options->setInt(timeout_option_names[name], value);
}
}
return fw;
}
else

5
src/import/PFImporter.h
View File

@ -117,6 +117,11 @@ public:
std::string nat_rule_opt_2;
libfwbuilder::NATRule::NATRuleTypes rule_type;
std::list<str_tuple> timeouts;
PFImporter(libfwbuilder::FWObject *lib,
std::istringstream &input,

469
src/parsers/PFCfgLexer.cpp
View File

@ -44,107 +44,138 @@ PFCfgLexer::PFCfgLexer(const ANTLR_USE_NAMESPACE(antlr)LexerSharedInputState& st
void PFCfgLexer::initLiterals()
{
literals["vrrp"] = 84;
literals["critical"] = 119;
literals["ospf"] = 82;
literals["rdp"] = 76;
literals["disable"] = 126;
literals["return-rst"] = 56;
literals["scrub"] = 12;
literals["source-hash"] = 46;
literals["bitmask"] = 44;
literals["ipsec"] = 109;
literals["inet"] = 68;
literals["pcp"] = 111;
literals["emergencies"] = 121;
literals["debugging"] = 120;
literals["hex-key"] = 47;
literals["persist"] = 16;
literals["snp"] = 115;
literals["timeout"] = 52;
literals["to"] = 65;
literals["flags"] = 93;
literals["isis"] = 86;
literals["icmp6-type"] = 96;
literals["const"] = 17;
literals["return"] = 55;
literals["pptp"] = 113;
literals["pass"] = 35;
literals["no"] = 33;
literals["static-port"] = 37;
literals["from"] = 87;
literals["igrp"] = 108;
literals["pim"] = 112;
literals["tagged"] = 97;
literals["rsvp"] = 77;
literals["route-to"] = 91;
literals["nos"] = 110;
literals["quit"] = 105;
literals["peer"] = 28;
literals["icmp-type"] = 94;
literals["exit"] = 104;
literals["modulate"] = 100;
literals["nat"] = 34;
literals["range"] = 117;
literals["urpf-failed"] = 88;
literals["out"] = 61;
literals["vrrp"] = 115;
literals["other.single"] = 37;
literals["critical"] = 150;
literals["ospf"] = 113;
literals["rdp"] = 107;
literals["disable"] = 157;
literals["return-rst"] = 87;
literals["scrub"] = 48;
literals["source-hash"] = 78;
literals["optimization"] = 14;
literals["bitmask"] = 76;
literals["ipsec"] = 140;
literals["inet"] = 99;
literals["pcp"] = 142;
literals["emergencies"] = 152;
literals["debugging"] = 151;
literals["limit"] = 15;
literals["hex-key"] = 79;
literals["persist"] = 52;
literals["snp"] = 146;
literals["reassemble"] = 24;
literals["block-policy"] = 17;
literals["other.first"] = 36;
literals["timeout"] = 12;
literals["tcp.closed"] = 30;
literals["state-policy"] = 18;
literals["to"] = 96;
literals["flags"] = 124;
literals["isis"] = 117;
literals["icmp6-type"] = 127;
literals["const"] = 53;
literals["return"] = 86;
literals["pptp"] = 144;
literals["interval"] = 40;
literals["udp.single"] = 32;
literals["pass"] = 67;
literals["no"] = 65;
literals["static-port"] = 69;
literals["igrp"] = 139;
literals["from"] = 118;
literals["tcp.finwait"] = 29;
literals["pim"] = 143;
literals["tagged"] = 128;
literals["tcp.opening"] = 26;
literals["rsvp"] = 108;
literals["route-to"] = 122;
literals["nos"] = 141;
literals["quit"] = 136;
literals["peer"] = 61;
literals["icmp-type"] = 125;
literals["exit"] = 135;
literals["icmp.error"] = 35;
literals["modulate"] = 131;
literals["nat"] = 66;
literals["loginterface"] = 16;
literals["range"] = 148;
literals["urpf-failed"] = 119;
literals["out"] = 92;
literals["queue"] = 10;
literals["gre"] = 78;
literals["gre"] = 109;
literals["set"] = 11;
literals["warnings"] = 125;
literals["ah"] = 80;
literals["host"] = 116;
literals["interface"] = 106;
literals["rip"] = 114;
literals["icmp6"] = 107;
literals["broadcast"] = 27;
literals["notifications"] = 124;
literals["file"] = 19;
literals["network"] = 26;
literals["synproxy"] = 101;
literals["round-robin"] = 49;
literals["require-order"] = 20;
literals["tcp.first"] = 25;
literals["other.multiple"] = 38;
literals["warnings"] = 156;
literals["ah"] = 111;
literals["host"] = 147;
literals["src.track"] = 41;
literals["interface"] = 137;
literals["rip"] = 145;
literals["icmp6"] = 138;
literals["broadcast"] = 60;
literals["notifications"] = 155;
literals["file"] = 55;
literals["network"] = 59;
literals["synproxy"] = 132;
literals["round-robin"] = 81;
literals["altq"] = 9;
literals["any"] = 89;
literals["esp"] = 79;
literals["alerts"] = 118;
literals["all"] = 63;
literals["drop"] = 54;
literals["return-icmp"] = 58;
literals["inet6"] = 69;
literals["inactive"] = 127;
literals["label"] = 103;
literals["no-route"] = 90;
literals["udp"] = 75;
literals["reply-to"] = 92;
literals["tag"] = 98;
literals["port"] = 41;
literals["code"] = 95;
literals["ip"] = 71;
literals["table"] = 13;
literals["eigrp"] = 81;
literals["errors"] = 122;
literals["sticky-address"] = 50;
literals["ipip"] = 83;
literals["any"] = 120;
literals["esp"] = 110;
literals["state-defaults"] = 19;
literals["alerts"] = 149;
literals["all"] = 94;
literals["drop"] = 85;
literals["return-icmp"] = 89;
literals["inet6"] = 100;
literals["ruleset-optimization"] = 13;
literals["inactive"] = 158;
literals["label"] = 134;
literals["no-route"] = 121;
literals["udp"] = 106;
literals["udp.multiple"] = 33;
literals["reply-to"] = 123;
literals["tcp.established"] = 27;
literals["tag"] = 129;
literals["port"] = 73;
literals["code"] = 126;
literals["ip"] = 102;
literals["adaptive.start"] = 42;
literals["debug"] = 23;
literals["table"] = 49;
literals["eigrp"] = 112;
literals["errors"] = 153;
literals["sticky-address"] = 82;
literals["ipip"] = 114;
literals["antispoof"] = 8;
literals["random"] = 45;
literals["binat"] = 51;
literals["igmp"] = 73;
literals["on"] = 67;
literals["state"] = 102;
literals["string-key"] = 48;
literals["log"] = 62;
literals["proto"] = 70;
literals["rdr"] = 38;
literals["informational"] = 123;
literals["self"] = 30;
literals["in"] = 60;
literals["keep"] = 99;
literals["block"] = 53;
literals["l2tp"] = 85;
literals["quick"] = 66;
literals["user"] = 64;
literals["icmp"] = 72;
literals["tcp"] = 74;
literals["random"] = 77;
literals["binat"] = 83;
literals["igmp"] = 104;
literals["on"] = 98;
literals["fingerprints"] = 21;
literals["state"] = 133;
literals["string-key"] = 80;
literals["udp.first"] = 31;
literals["log"] = 93;
literals["proto"] = 101;
literals["adaptive.end"] = 43;
literals["rdr"] = 70;
literals["informational"] = 154;
literals["self"] = 62;
literals["in"] = 91;
literals["frag"] = 39;
literals["keep"] = 130;
literals["block"] = 84;
literals["skip"] = 22;
literals["tcp.closing"] = 28;
literals["l2tp"] = 116;
literals["quick"] = 97;
literals["user"] = 95;
literals["icmp.first"] = 34;
literals["icmp"] = 103;
literals["tcp"] = 105;
}
ANTLR_USE_NAMESPACE(antlr)RefToken PFCfgLexer::nextToken()
@ -452,11 +483,11 @@ void PFCfgLexer::mLINE_COMMENT(bool _createToken) {
}
}
else {
goto _loop202;
goto _loop222;
}
}
_loop202:;
_loop222:;
} // ( ... )*
mNEWLINE(false);
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
@ -488,9 +519,9 @@ void PFCfgLexer::mNEWLINE(bool _createToken) {
}
if ( inputState->guessing==0 ) {
#line 1403 "pf.g"
#line 1612 "pf.g"
newline();
#line 494 "PFCfgLexer.cpp"
#line 525 "PFCfgLexer.cpp"
}
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
@ -569,9 +600,9 @@ void PFCfgLexer::mWhitespace(bool _createToken) {
}
}
if ( inputState->guessing==0 ) {
#line 1398 "pf.g"
#line 1607 "pf.g"
_ttype = ANTLR_USE_NAMESPACE(antlr)Token::SKIP;
#line 575 "PFCfgLexer.cpp"
#line 606 "PFCfgLexer.cpp"
}
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
@ -796,10 +827,10 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
_ttype = NUMBER_ADDRESS_OR_WORD;
ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
bool synPredMatched240 = false;
bool synPredMatched260 = false;
if (((_tokenSet_2.member(LA(1))) && (_tokenSet_3.member(LA(2))) && (_tokenSet_3.member(LA(3))))) {
int _m240 = mark();
synPredMatched240 = true;
int _m260 = mark();
synPredMatched260 = true;
inputState->guessing++;
try {
{
@ -808,60 +839,60 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) {
synPredMatched240 = false;
synPredMatched260 = false;
}
rewind(_m240);
rewind(_m260);
inputState->guessing--;
}
if ( synPredMatched240 ) {
if ( synPredMatched260 ) {
{
bool synPredMatched245 = false;
bool synPredMatched265 = false;
if (((_tokenSet_2.member(LA(1))) && (_tokenSet_3.member(LA(2))) && (_tokenSet_3.member(LA(3))))) {
int _m245 = mark();
synPredMatched245 = true;
int _m265 = mark();
synPredMatched265 = true;
inputState->guessing++;
try {
{
{ // ( ... )+
int _cnt244=0;
int _cnt264=0;
for (;;) {
if ((_tokenSet_2.member(LA(1)))) {
mNUM_HEX_4DIGIT(false);
match(':' /* charlit */ );
}
else {
if ( _cnt244>=1 ) { goto _loop244; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
if ( _cnt264>=1 ) { goto _loop264; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt244++;
_cnt264++;
}
_loop244:;
_loop264:;
} // ( ... )+
match(':' /* charlit */ );
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) {
synPredMatched245 = false;
synPredMatched265 = false;
}
rewind(_m245);
rewind(_m265);
inputState->guessing--;
}
if ( synPredMatched245 ) {
if ( synPredMatched265 ) {
{
{ // ( ... )+
int _cnt248=0;
int _cnt268=0;
for (;;) {
if ((_tokenSet_2.member(LA(1)))) {
mNUM_HEX_4DIGIT(false);
match(':' /* charlit */ );
}
else {
if ( _cnt248>=1 ) { goto _loop248; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
if ( _cnt268>=1 ) { goto _loop268; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt248++;
_cnt268++;
}
_loop248:;
_loop268:;
} // ( ... )+
match(':' /* charlit */ );
{
@ -874,11 +905,11 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
mNUM_HEX_4DIGIT(false);
}
else {
goto _loop251;
goto _loop271;
}
}
_loop251:;
_loop271:;
} // ( ... )*
}
else {
@ -887,34 +918,34 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
}
}
if ( inputState->guessing==0 ) {
#line 1451 "pf.g"
#line 1660 "pf.g"
_ttype = IPV6;
#line 893 "PFCfgLexer.cpp"
#line 924 "PFCfgLexer.cpp"
}
}
else if ((_tokenSet_2.member(LA(1))) && (_tokenSet_3.member(LA(2))) && (_tokenSet_3.member(LA(3)))) {
{
mNUM_HEX_4DIGIT(false);
{ // ( ... )+
int _cnt254=0;
int _cnt274=0;
for (;;) {
if ((LA(1) == 0x3a /* ':' */ )) {
match(':' /* charlit */ );
mNUM_HEX_4DIGIT(false);
}
else {
if ( _cnt254>=1 ) { goto _loop254; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
if ( _cnt274>=1 ) { goto _loop274; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt254++;
_cnt274++;
}
_loop254:;
_loop274:;
} // ( ... )+
}
if ( inputState->guessing==0 ) {
#line 1453 "pf.g"
#line 1662 "pf.g"
_ttype = IPV6;
#line 918 "PFCfgLexer.cpp"
#line 949 "PFCfgLexer.cpp"
}
}
else {
@ -924,10 +955,10 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
}
}
else {
bool synPredMatched256 = false;
bool synPredMatched276 = false;
if (((LA(1) == 0x3a /* ':' */ ) && (LA(2) == 0x3a /* ':' */ ) && (_tokenSet_2.member(LA(3))))) {
int _m256 = mark();
synPredMatched256 = true;
int _m276 = mark();
synPredMatched276 = true;
inputState->guessing++;
try {
{
@ -937,12 +968,12 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) {
synPredMatched256 = false;
synPredMatched276 = false;
}
rewind(_m256);
rewind(_m276);
inputState->guessing--;
}
if ( synPredMatched256 ) {
if ( synPredMatched276 ) {
match(':' /* charlit */ );
match(':' /* charlit */ );
mNUM_HEX_4DIGIT(false);
@ -953,23 +984,23 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
mNUM_HEX_4DIGIT(false);
}
else {
goto _loop258;
goto _loop278;
}
}
_loop258:;
_loop278:;
} // ( ... )*
if ( inputState->guessing==0 ) {
#line 1457 "pf.g"
#line 1666 "pf.g"
_ttype = IPV6;
#line 966 "PFCfgLexer.cpp"
#line 997 "PFCfgLexer.cpp"
}
}
else {
bool synPredMatched260 = false;
bool synPredMatched280 = false;
if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (_tokenSet_4.member(LA(2))) && (_tokenSet_4.member(LA(3))))) {
int _m260 = mark();
synPredMatched260 = true;
int _m280 = mark();
synPredMatched280 = true;
inputState->guessing++;
try {
{
@ -980,12 +1011,12 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) {
synPredMatched260 = false;
synPredMatched280 = false;
}
rewind(_m260);
rewind(_m280);
inputState->guessing--;
}
if ( synPredMatched260 ) {
if ( synPredMatched280 ) {
{
mNUM_3DIGIT(false);
match('.' /* charlit */ );
@ -996,144 +1027,144 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
mNUM_3DIGIT(false);
}
if ( inputState->guessing==0 ) {
#line 1475 "pf.g"
#line 1684 "pf.g"
_ttype = IPV4;
#line 1002 "PFCfgLexer.cpp"
#line 1033 "PFCfgLexer.cpp"
}
}
else {
bool synPredMatched267 = false;
bool synPredMatched287 = false;
if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (_tokenSet_4.member(LA(2))) && (_tokenSet_4.member(LA(3))))) {
int _m267 = mark();
synPredMatched267 = true;
int _m287 = mark();
synPredMatched287 = true;
inputState->guessing++;
try {
{
{ // ( ... )+
int _cnt264=0;
int _cnt284=0;
for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mDIGIT(false);
}
else {
if ( _cnt264>=1 ) { goto _loop264; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
if ( _cnt284>=1 ) { goto _loop284; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt264++;
_cnt284++;
}
_loop264:;
_loop284:;
} // ( ... )+
match('.' /* charlit */ );
{ // ( ... )+
int _cnt266=0;
int _cnt286=0;
for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mDIGIT(false);
}
else {
if ( _cnt266>=1 ) { goto _loop266; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
if ( _cnt286>=1 ) { goto _loop286; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt266++;
_cnt286++;
}
_loop266:;
_loop286:;
} // ( ... )+
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) {
synPredMatched267 = false;
synPredMatched287 = false;
}
rewind(_m267);
rewind(_m287);
inputState->guessing--;
}
if ( synPredMatched267 ) {
if ( synPredMatched287 ) {
{
{ // ( ... )+
int _cnt270=0;
int _cnt290=0;
for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mDIGIT(false);
}
else {
if ( _cnt270>=1 ) { goto _loop270; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
if ( _cnt290>=1 ) { goto _loop290; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt270++;
_cnt290++;
}
_loop270:;
_loop290:;
} // ( ... )+
match('.' /* charlit */ );
{ // ( ... )+
int _cnt272=0;
int _cnt292=0;
for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mDIGIT(false);
}
else {
if ( _cnt272>=1 ) { goto _loop272; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
if ( _cnt292>=1 ) { goto _loop292; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt272++;
_cnt292++;
}
_loop272:;
_loop292:;
} // ( ... )+
}
if ( inputState->guessing==0 ) {
#line 1478 "pf.g"
#line 1687 "pf.g"
_ttype = NUMBER;
#line 1085 "PFCfgLexer.cpp"
#line 1116 "PFCfgLexer.cpp"
}
}
else {
bool synPredMatched230 = false;
bool synPredMatched250 = false;
if (((_tokenSet_2.member(LA(1))) && (_tokenSet_3.member(LA(2))) && (true))) {
int _m230 = mark();
synPredMatched230 = true;
int _m250 = mark();
synPredMatched250 = true;
inputState->guessing++;
try {
{
{ // ( ... )+
int _cnt229=0;
int _cnt249=0;
for (;;) {
if ((_tokenSet_2.member(LA(1)))) {
mHEX_DIGIT(false);
}
else {
if ( _cnt229>=1 ) { goto _loop229; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
if ( _cnt249>=1 ) { goto _loop249; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt229++;
_cnt249++;
}
_loop229:;
_loop249:;
} // ( ... )+
match(':' /* charlit */ );
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) {
synPredMatched230 = false;
synPredMatched250 = false;
}
rewind(_m230);
rewind(_m250);
inputState->guessing--;
}
if ( synPredMatched230 ) {
if ( synPredMatched250 ) {
{
{
{ // ( ... )+
int _cnt234=0;
int _cnt254=0;
for (;;) {
if ((_tokenSet_2.member(LA(1)))) {
mHEX_DIGIT(false);
}
else {
if ( _cnt234>=1 ) { goto _loop234; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
if ( _cnt254>=1 ) { goto _loop254; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt234++;
_cnt254++;
}
_loop234:;
_loop254:;
} // ( ... )+
{ // ( ... )+
int _cnt238=0;
int _cnt258=0;
for (;;) {
if ((LA(1) == 0x3a /* ':' */ )) {
match(':' /* charlit */ );
@ -1143,26 +1174,26 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
mHEX_DIGIT(false);
}
else {
goto _loop237;
goto _loop257;
}
}
_loop237:;
_loop257:;
} // ( ... )*
}
else {
if ( _cnt238>=1 ) { goto _loop238; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
if ( _cnt258>=1 ) { goto _loop258; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt238++;
_cnt258++;
}
_loop238:;
_loop258:;
} // ( ... )+
}
if ( inputState->guessing==0 ) {
#line 1442 "pf.g"
#line 1651 "pf.g"
_ttype = IPV6;
#line 1166 "PFCfgLexer.cpp"
#line 1197 "PFCfgLexer.cpp"
}
}
}
@ -1170,38 +1201,38 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
match(':' /* charlit */ );
match(':' /* charlit */ );
if ( inputState->guessing==0 ) {
#line 1459 "pf.g"
#line 1668 "pf.g"
_ttype = IPV6;
#line 1176 "PFCfgLexer.cpp"
#line 1207 "PFCfgLexer.cpp"
}
}
else if ((LA(1) == 0x3a /* ':' */ ) && (true)) {
match(':' /* charlit */ );
if ( inputState->guessing==0 ) {
#line 1461 "pf.g"
#line 1670 "pf.g"
_ttype = COLON;
#line 1184 "PFCfgLexer.cpp"
#line 1215 "PFCfgLexer.cpp"
}
}
else if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (true) && (true)) {
{ // ( ... )+
int _cnt274=0;
int _cnt294=0;
for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mDIGIT(false);
}
else {
if ( _cnt274>=1 ) { goto _loop274; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
if ( _cnt294>=1 ) { goto _loop294; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt274++;
_cnt294++;
}
_loop274:;
_loop294:;
} // ( ... )+
if ( inputState->guessing==0 ) {
#line 1480 "pf.g"
#line 1689 "pf.g"
_ttype = INT_CONST;
#line 1205 "PFCfgLexer.cpp"
#line 1236 "PFCfgLexer.cpp"
}
}
else if ((_tokenSet_5.member(LA(1))) && (true) && (true)) {
@ -1417,16 +1448,16 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
}
default:
{
goto _loop277;
goto _loop297;
}
}
}
_loop277:;
_loop297:;
} // ( ... )*
if ( inputState->guessing==0 ) {
#line 1493 "pf.g"
#line 1702 "pf.g"
_ttype = WORD;
#line 1430 "PFCfgLexer.cpp"
#line 1461 "PFCfgLexer.cpp"
}
}
else {
@ -1454,11 +1485,11 @@ void PFCfgLexer::mSTRING(bool _createToken) {
matchNot('\"' /* charlit */ );
}
else {
goto _loop280;
goto _loop300;
}
}
_loop280:;
_loop300:;
} // ( ... )*
match('\"' /* charlit */ );
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
@ -1866,7 +1897,9 @@ const unsigned long PFCfgLexer::_tokenSet_0_data_[] = { 4294958072UL, 1UL, 0UL,
// 0x3 0x4 0x5 0x6 0x7 0x8 0x9 0xb 0xc 0xe 0xf 0x10 0x11 0x12 0x13 0x14
// 0x15 0x16 0x17 0x18 0x19 0x1a 0x1b 0x1c 0x1d 0x1e 0x1f 0x7f 0x80 0x81
// 0x82 0x83 0x84 0x85 0x86 0x87 0x88 0x89 0x8a 0x8b 0x8c 0x8d 0x8e 0x8f
// 0x90 0x91 0x92 0x93 0x94 0x95 0x96 0x97 0x98
// 0x90 0x91 0x92 0x93 0x94 0x95 0x96 0x97 0x98 0x99 0x9a 0x9b 0x9c 0x9d
// 0x9e 0x9f 0xa0 0xa1 0xa2 0xa3 0xa4 0xa5 0xa6 0xa7 0xa8 0xa9 0xaa 0xab
// 0xac 0xad 0xae 0xaf 0xb0 0xb1 0xb2 0xb3 0xb4 0xb5 0xb6 0xb7
const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgLexer::_tokenSet_0(_tokenSet_0_data_,16);
const unsigned long PFCfgLexer::_tokenSet_1_data_[] = { 4294958072UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL };
// 0x3 0x4 0x5 0x6 0x7 0x8 0x9 0xb 0xc 0xe 0xf 0x10 0x11 0x12 0x13 0x14
@ -1875,7 +1908,9 @@ const unsigned long PFCfgLexer::_tokenSet_1_data_[] = { 4294958072UL, 4294967295
// H I J K L M N O P Q R S T U V W X Y Z [ 0x5c ] ^ _ ` a b c d e f g h
// i j k l m n o p q r s t u v w x y z { | } ~ 0x7f 0x80 0x81 0x82 0x83
// 0x84 0x85 0x86 0x87 0x88 0x89 0x8a 0x8b 0x8c 0x8d 0x8e 0x8f 0x90 0x91
// 0x92 0x93 0x94 0x95 0x96 0x97 0x98
// 0x92 0x93 0x94 0x95 0x96 0x97 0x98 0x99 0x9a 0x9b 0x9c 0x9d 0x9e 0x9f
// 0xa0 0xa1 0xa2 0xa3 0xa4 0xa5 0xa6 0xa7 0xa8 0xa9 0xaa 0xab 0xac 0xad
// 0xae 0xaf 0xb0 0xb1 0xb2 0xb3 0xb4 0xb5 0xb6 0xb7
const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgLexer::_tokenSet_1(_tokenSet_1_data_,16);
const unsigned long PFCfgLexer::_tokenSet_2_data_[] = { 0UL, 67043328UL, 126UL, 126UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL };
// 0 1 2 3 4 5 6 7 8 9 A B C D E F a b c d e f
@ -1897,6 +1932,8 @@ const unsigned long PFCfgLexer::_tokenSet_6_data_[] = { 4294967288UL, 4294967291
// G H I J K L M N O P Q R S T U V W X Y Z [ 0x5c ] ^ _ ` a b c d e f g
// h i j k l m n o p q r s t u v w x y z { | } ~ 0x7f 0x80 0x81 0x82 0x83
// 0x84 0x85 0x86 0x87 0x88 0x89 0x8a 0x8b 0x8c 0x8d 0x8e 0x8f 0x90 0x91
// 0x92 0x93 0x94 0x95 0x96 0x97 0x98
// 0x92 0x93 0x94 0x95 0x96 0x97 0x98 0x99 0x9a 0x9b 0x9c 0x9d 0x9e 0x9f
// 0xa0 0xa1 0xa2 0xa3 0xa4 0xa5 0xa6 0xa7 0xa8 0xa9 0xaa 0xab 0xac 0xad
// 0xae 0xaf 0xb0 0xb1 0xb2 0xb3 0xb4 0xb5 0xb6 0xb7
const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgLexer::_tokenSet_6(_tokenSet_6_data_,16);

1542
src/parsers/PFCfgParser.cpp
View File

File diff suppressed because it is too large Load Diff

24
src/parsers/PFCfgParser.hpp
View File

@ -104,7 +104,21 @@ public:
public: void binat_rule();
public: void pass_rule();
public: void block_rule();
public: void timeout_rule();
public: void set_timeout();
public: void set_ruleset_optimization();
public: void set_optimization();
public: void set_limit();
public: void set_loginterface();
public: void set_block_policy();
public: void set_state_policy();
public: void set_state_defaults();
public: void set_require_order();
public: void set_fingerprints();
public: void set_skip();
public: void set_debug();
public: void set_reassemble();
public: void timeout_def();
public: void timeout_def_list();
public: void tableaddr_spec();
public: void logging();
public: void intrface();
@ -169,10 +183,10 @@ protected:
private:
static const char* tokenNames[];
#ifndef NO_STATIC_CONSTS
static const int NUM_TOKENS = 153;
static const int NUM_TOKENS = 184;
#else
enum {
NUM_TOKENS = 153
NUM_TOKENS = 184
};
#endif
@ -260,6 +274,10 @@ private:
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_40;
static const unsigned long _tokenSet_41_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_41;
static const unsigned long _tokenSet_42_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_42;
static const unsigned long _tokenSet_43_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_43;
};
#endif /*INC_PFCfgParser_hpp_*/

313
src/parsers/PFCfgParserTokenTypes.hpp
View File

@ -20,147 +20,178 @@ struct CUSTOM_API PFCfgParserTokenTypes {
ALTQ = 9,
QUEUE = 10,
SET = 11,
SCRUB = 12,
TABLE = 13,
LESS_THAN = 14,
GREATER_THAN = 15,
PERSIST = 16,
CONST = 17,
COUNTERS = 18,
FILE = 19,
STRING = 20,
OPENING_BRACE = 21,
COMMA = 22,
CLOSING_BRACE = 23,
EXLAMATION = 24,
COLON = 25,
NETWORK = 26,
BROADCAST = 27,
PEER = 28,
INT_CONST = 29,
SELF = 30,
IPV4 = 31,
SLASH = 32,
NO = 33,
NAT = 34,
PASS = 35,
MINUS = 36,
STATIC_PORT = 37,
RDR = 38,
OPENING_PAREN = 39,
CLOSING_PAREN = 40,
PORT = 41,
IPV6 = 42,
STAR = 43,
BITMASK = 44,
RANDOM = 45,
SOURCE_HASH = 46,
HEX_KEY = 47,
STRING_KEY = 48,
ROUND_ROBIN = 49,
STICKY_ADDRESS = 50,
BINAT = 51,
TIMEOUT = 52,
BLOCK = 53,
DROP = 54,
RETURN = 55,
RETURN_RST = 56,
TTL = 57,
RETURN_ICMP = 58,
RETURN_ICMP6 = 59,
IN = 60,
OUT = 61,
LOG = 62,
ALL = 63,
USER = 64,
TO = 65,
QUICK = 66,
ON = 67,
INET = 68,
INET6 = 69,
PROTO = 70,
IP = 71,
ICMP = 72,
IGMP = 73,
TCP = 74,
UDP = 75,
RDP = 76,
RSVP = 77,
GRE = 78,
ESP = 79,
AH = 80,
EIGRP = 81,
OSPF = 82,
IPIP = 83,
VRRP = 84,
L2TP = 85,
ISIS = 86,
FROM = 87,
URPF_FAILED = 88,
ANY = 89,
NO_ROUTE = 90,
ROUTE_TO = 91,
REPLY_TO = 92,
FLAGS = 93,
ICMP_TYPE = 94,
ICMP_CODE = 95,
ICMP6_TYPE = 96,
TAGGED = 97,
TAG = 98,
KEEP = 99,
MODULATE = 100,
SYNPROXY = 101,
STATE = 102,
LABEL = 103,
EXIT = 104,
QUIT = 105,
INTRFACE = 106,
ICMP6 = 107,
IGRP = 108,
IPSEC = 109,
NOS = 110,
PCP = 111,
PIM = 112,
PPTP = 113,
RIP = 114,
SNP = 115,
HOST = 116,
RANGE = 117,
LOG_LEVEL_ALERTS = 118,
LOG_LEVEL_CRITICAL = 119,
LOG_LEVEL_DEBUGGING = 120,
LOG_LEVEL_EMERGENCIES = 121,
LOG_LEVEL_ERRORS = 122,
LOG_LEVEL_INFORMATIONAL = 123,
LOG_LEVEL_NOTIFICATIONS = 124,
LOG_LEVEL_WARNINGS = 125,
LOG_LEVEL_DISABLE = 126,
LOG_LEVEL_INACTIVE = 127,
Whitespace = 128,
HEX_CONST = 129,
NUMBER = 130,
NEG_INT_CONST = 131,
HEX_DIGIT = 132,
DIGIT = 133,
NUM_3DIGIT = 134,
NUM_HEX_4DIGIT = 135,
NUMBER_ADDRESS_OR_WORD = 136,
PIPE_CHAR = 137,
NUMBER_SIGN = 138,
PERCENT = 139,
AMPERSAND = 140,
APOSTROPHE = 141,
PLUS = 142,
DOT = 143,
SEMICOLON = 144,
QUESTION = 145,
COMMERCIAL_AT = 146,
OPENING_SQUARE = 147,
CLOSING_SQUARE = 148,
CARET = 149,
UNDERLINE = 150,
TILDE = 151,
DOUBLE_QUOTE = 152,
TIMEOUT = 12,
// "ruleset-optimization" = 13
LITERAL_optimization = 14,
LITERAL_limit = 15,
LITERAL_loginterface = 16,
// "block-policy" = 17
// "state-policy" = 18
// "state-defaults" = 19
// "require-order" = 20
LITERAL_fingerprints = 21,
LITERAL_skip = 22,
LITERAL_debug = 23,
LITERAL_reassemble = 24,
// "tcp.first" = 25
// "tcp.opening" = 26
// "tcp.established" = 27
// "tcp.closing" = 28
// "tcp.finwait" = 29
// "tcp.closed" = 30
// "udp.first" = 31
// "udp.single" = 32
// "udp.multiple" = 33
// "icmp.first" = 34
// "icmp.error" = 35
// "other.first" = 36
// "other.single" = 37
// "other.multiple" = 38
LITERAL_frag = 39,
LITERAL_interval = 40,
// "src.track" = 41
// "adaptive.start" = 42
// "adaptive.end" = 43
INT_CONST = 44,
OPENING_BRACE = 45,
COMMA = 46,
CLOSING_BRACE = 47,
SCRUB = 48,
TABLE = 49,
LESS_THAN = 50,
GREATER_THAN = 51,
PERSIST = 52,
CONST = 53,
COUNTERS = 54,
FILE = 55,
STRING = 56,
EXLAMATION = 57,
COLON = 58,
NETWORK = 59,
BROADCAST = 60,
PEER = 61,
SELF = 62,
IPV4 = 63,
SLASH = 64,
NO = 65,
NAT = 66,
PASS = 67,
MINUS = 68,
STATIC_PORT = 69,
RDR = 70,
OPENING_PAREN = 71,
CLOSING_PAREN = 72,
PORT = 73,
IPV6 = 74,
STAR = 75,
BITMASK = 76,
RANDOM = 77,
SOURCE_HASH = 78,
HEX_KEY = 79,
STRING_KEY = 80,
ROUND_ROBIN = 81,
STICKY_ADDRESS = 82,
BINAT = 83,
BLOCK = 84,
DROP = 85,
RETURN = 86,
RETURN_RST = 87,
TTL = 88,
RETURN_ICMP = 89,
RETURN_ICMP6 = 90,
IN = 91,
OUT = 92,
LOG = 93,
ALL = 94,
USER = 95,
TO = 96,
QUICK = 97,
ON = 98,
INET = 99,
INET6 = 100,
PROTO = 101,
IP = 102,
ICMP = 103,
IGMP = 104,
TCP = 105,
UDP = 106,
RDP = 107,
RSVP = 108,
GRE = 109,
ESP = 110,
AH = 111,
EIGRP = 112,
OSPF = 113,
IPIP = 114,
VRRP = 115,
L2TP = 116,
ISIS = 117,
FROM = 118,
URPF_FAILED = 119,
ANY = 120,
NO_ROUTE = 121,
ROUTE_TO = 122,
REPLY_TO = 123,
FLAGS = 124,
ICMP_TYPE = 125,
ICMP_CODE = 126,
ICMP6_TYPE = 127,
TAGGED = 128,
TAG = 129,
KEEP = 130,
MODULATE = 131,
SYNPROXY = 132,
STATE = 133,
LABEL = 134,
EXIT = 135,
QUIT = 136,
INTRFACE = 137,
ICMP6 = 138,
IGRP = 139,
IPSEC = 140,
NOS = 141,
PCP = 142,
PIM = 143,
PPTP = 144,
RIP = 145,
SNP = 146,
HOST = 147,
RANGE = 148,
LOG_LEVEL_ALERTS = 149,
LOG_LEVEL_CRITICAL = 150,
LOG_LEVEL_DEBUGGING = 151,
LOG_LEVEL_EMERGENCIES = 152,
LOG_LEVEL_ERRORS = 153,
LOG_LEVEL_INFORMATIONAL = 154,
LOG_LEVEL_NOTIFICATIONS = 155,
LOG_LEVEL_WARNINGS = 156,
LOG_LEVEL_DISABLE = 157,
LOG_LEVEL_INACTIVE = 158,
Whitespace = 159,
HEX_CONST = 160,
NUMBER = 161,
NEG_INT_CONST = 162,
HEX_DIGIT = 163,
DIGIT = 164,
NUM_3DIGIT = 165,
NUM_HEX_4DIGIT = 166,
NUMBER_ADDRESS_OR_WORD = 167,
PIPE_CHAR = 168,
NUMBER_SIGN = 169,
PERCENT = 170,
AMPERSAND = 171,
APOSTROPHE = 172,
PLUS = 173,
DOT = 174,
SEMICOLON = 175,
QUESTION = 176,
COMMERCIAL_AT = 177,
OPENING_SQUARE = 178,
CLOSING_SQUARE = 179,
CARET = 180,
UNDERLINE = 181,
TILDE = 182,
DOUBLE_QUOTE = 183,
NULL_TREE_LOOKAHEAD = 3
};
#ifdef __cplusplus

313
src/parsers/PFCfgParserTokenTypes.txt
View File

@ -8,144 +8,175 @@ ANTISPOOF="antispoof"=8
ALTQ="altq"=9
QUEUE="queue"=10
SET="set"=11
SCRUB="scrub"=12
TABLE="table"=13
LESS_THAN=14
GREATER_THAN=15
PERSIST="persist"=16
CONST="const"=17
COUNTERS=18
FILE="file"=19
STRING=20
OPENING_BRACE=21
COMMA=22
CLOSING_BRACE=23
EXLAMATION=24
COLON=25
NETWORK="network"=26
BROADCAST="broadcast"=27
PEER="peer"=28
INT_CONST=29
SELF="self"=30
IPV4=31
SLASH=32
NO="no"=33
NAT="nat"=34
PASS="pass"=35
MINUS=36
STATIC_PORT="static-port"=37
RDR="rdr"=38
OPENING_PAREN=39
CLOSING_PAREN=40
PORT="port"=41
IPV6=42
STAR=43
BITMASK="bitmask"=44
RANDOM="random"=45
SOURCE_HASH="source-hash"=46
HEX_KEY="hex-key"=47
STRING_KEY="string-key"=48
ROUND_ROBIN="round-robin"=49
STICKY_ADDRESS="sticky-address"=50
BINAT="binat"=51
TIMEOUT="timeout"=52
BLOCK="block"=53
DROP="drop"=54
RETURN="return"=55
RETURN_RST="return-rst"=56
TTL=57
RETURN_ICMP="return-icmp"=58
RETURN_ICMP6=59
IN="in"=60
OUT="out"=61
LOG="log"=62
ALL="all"=63
USER="user"=64
TO="to"=65
QUICK="quick"=66
ON="on"=67
INET="inet"=68
INET6="inet6"=69
PROTO="proto"=70
IP="ip"=71
ICMP="icmp"=72
IGMP="igmp"=73
TCP="tcp"=74
UDP="udp"=75
RDP="rdp"=76
RSVP="rsvp"=77
GRE="gre"=78
ESP="esp"=79
AH="ah"=80
EIGRP="eigrp"=81
OSPF="ospf"=82
IPIP="ipip"=83
VRRP="vrrp"=84
L2TP="l2tp"=85
ISIS="isis"=86
FROM="from"=87
URPF_FAILED="urpf-failed"=88
ANY="any"=89
NO_ROUTE="no-route"=90
ROUTE_TO="route-to"=91
REPLY_TO="reply-to"=92
FLAGS="flags"=93
ICMP_TYPE="icmp-type"=94
ICMP_CODE="code"=95
ICMP6_TYPE="icmp6-type"=96
TAGGED="tagged"=97
TAG="tag"=98
KEEP="keep"=99
MODULATE="modulate"=100
SYNPROXY="synproxy"=101
STATE="state"=102
LABEL="label"=103
EXIT="exit"=104
QUIT="quit"=105
INTRFACE="interface"=106
ICMP6="icmp6"=107
IGRP="igrp"=108
IPSEC="ipsec"=109
NOS="nos"=110
PCP="pcp"=111
PIM="pim"=112
PPTP="pptp"=113
RIP="rip"=114
SNP="snp"=115
HOST="host"=116
RANGE="range"=117
LOG_LEVEL_ALERTS="alerts"=118
LOG_LEVEL_CRITICAL="critical"=119
LOG_LEVEL_DEBUGGING="debugging"=120
LOG_LEVEL_EMERGENCIES="emergencies"=121
LOG_LEVEL_ERRORS="errors"=122
LOG_LEVEL_INFORMATIONAL="informational"=123
LOG_LEVEL_NOTIFICATIONS="notifications"=124
LOG_LEVEL_WARNINGS="warnings"=125
LOG_LEVEL_DISABLE="disable"=126
LOG_LEVEL_INACTIVE="inactive"=127
Whitespace=128
HEX_CONST=129
NUMBER=130
NEG_INT_CONST=131
HEX_DIGIT=132
DIGIT=133
NUM_3DIGIT=134
NUM_HEX_4DIGIT=135
NUMBER_ADDRESS_OR_WORD=136
PIPE_CHAR=137
NUMBER_SIGN=138
PERCENT=139
AMPERSAND=140
APOSTROPHE=141
PLUS=142
DOT=143
SEMICOLON=144
QUESTION=145
COMMERCIAL_AT=146
OPENING_SQUARE=147
CLOSING_SQUARE=148
CARET=149
UNDERLINE=150
TILDE=151
DOUBLE_QUOTE=152
TIMEOUT="timeout"=12
"ruleset-optimization"=13
LITERAL_optimization="optimization"=14
LITERAL_limit="limit"=15
LITERAL_loginterface="loginterface"=16
"block-policy"=17
"state-policy"=18
"state-defaults"=19
"require-order"=20
LITERAL_fingerprints="fingerprints"=21
LITERAL_skip="skip"=22
LITERAL_debug="debug"=23
LITERAL_reassemble="reassemble"=24
"tcp.first"=25
"tcp.opening"=26
"tcp.established"=27
"tcp.closing"=28
"tcp.finwait"=29
"tcp.closed"=30
"udp.first"=31
"udp.single"=32
"udp.multiple"=33
"icmp.first"=34
"icmp.error"=35
"other.first"=36
"other.single"=37
"other.multiple"=38
LITERAL_frag="frag"=39
LITERAL_interval="interval"=40
"src.track"=41
"adaptive.start"=42
"adaptive.end"=43
INT_CONST=44
OPENING_BRACE=45
COMMA=46
CLOSING_BRACE=47
SCRUB="scrub"=48
TABLE="table"=49
LESS_THAN=50
GREATER_THAN=51
PERSIST="persist"=52
CONST="const"=53
COUNTERS=54
FILE="file"=55
STRING=56
EXLAMATION=57
COLON=58
NETWORK="network"=59
BROADCAST="broadcast"=60
PEER="peer"=61
SELF="self"=62
IPV4=63
SLASH=64
NO="no"=65
NAT="nat"=66
PASS="pass"=67
MINUS=68
STATIC_PORT="static-port"=69
RDR="rdr"=70
OPENING_PAREN=71
CLOSING_PAREN=72
PORT="port"=73
IPV6=74
STAR=75
BITMASK="bitmask"=76
RANDOM="random"=77
SOURCE_HASH="source-hash"=78
HEX_KEY="hex-key"=79
STRING_KEY="string-key"=80
ROUND_ROBIN="round-robin"=81
STICKY_ADDRESS="sticky-address"=82
BINAT="binat"=83
BLOCK="block"=84
DROP="drop"=85
RETURN="return"=86
RETURN_RST="return-rst"=87
TTL=88
RETURN_ICMP="return-icmp"=89
RETURN_ICMP6=90
IN="in"=91
OUT="out"=92
LOG="log"=93
ALL="all"=94
USER="user"=95
TO="to"=96
QUICK="quick"=97
ON="on"=98
INET="inet"=99
INET6="inet6"=100
PROTO="proto"=101
IP="ip"=102
ICMP="icmp"=103
IGMP="igmp"=104
TCP="tcp"=105
UDP="udp"=106
RDP="rdp"=107
RSVP="rsvp"=108
GRE="gre"=109
ESP="esp"=110
AH="ah"=111
EIGRP="eigrp"=112
OSPF="ospf"=113
IPIP="ipip"=114
VRRP="vrrp"=115
L2TP="l2tp"=116
ISIS="isis"=117
FROM="from"=118
URPF_FAILED="urpf-failed"=119
ANY="any"=120
NO_ROUTE="no-route"=121
ROUTE_TO="route-to"=122
REPLY_TO="reply-to"=123
FLAGS="flags"=124
ICMP_TYPE="icmp-type"=125
ICMP_CODE="code"=126
ICMP6_TYPE="icmp6-type"=127
TAGGED="tagged"=128
TAG="tag"=129
KEEP="keep"=130
MODULATE="modulate"=131
SYNPROXY="synproxy"=132
STATE="state"=133
LABEL="label"=134
EXIT="exit"=135
QUIT="quit"=136
INTRFACE="interface"=137
ICMP6="icmp6"=138
IGRP="igrp"=139
IPSEC="ipsec"=140
NOS="nos"=141
PCP="pcp"=142
PIM="pim"=143
PPTP="pptp"=144
RIP="rip"=145
SNP="snp"=146
HOST="host"=147
RANGE="range"=148
LOG_LEVEL_ALERTS="alerts"=149
LOG_LEVEL_CRITICAL="critical"=150
LOG_LEVEL_DEBUGGING="debugging"=151
LOG_LEVEL_EMERGENCIES="emergencies"=152
LOG_LEVEL_ERRORS="errors"=153
LOG_LEVEL_INFORMATIONAL="informational"=154
LOG_LEVEL_NOTIFICATIONS="notifications"=155
LOG_LEVEL_WARNINGS="warnings"=156
LOG_LEVEL_DISABLE="disable"=157
LOG_LEVEL_INACTIVE="inactive"=158
Whitespace=159
HEX_CONST=160
NUMBER=161
NEG_INT_CONST=162
HEX_DIGIT=163
DIGIT=164
NUM_3DIGIT=165
NUM_HEX_4DIGIT=166
NUMBER_ADDRESS_OR_WORD=167
PIPE_CHAR=168
NUMBER_SIGN=169
PERCENT=170
AMPERSAND=171
APOSTROPHE=172
PLUS=173
DOT=174
SEMICOLON=175
QUESTION=176
COMMERCIAL_AT=177
OPENING_SQUARE=178
CLOSING_SQUARE=179
CARET=180
UNDERLINE=181
TILDE=182
DOUBLE_QUOTE=183

235
src/parsers/pf.g
View File

@ -140,8 +140,6 @@ cfgfile :
|
block_rule
|
timeout_rule
|
// unknown_rule
// |
NEWLINE
@ -198,12 +196,230 @@ set_rule : SET
{
importer->clear();
importer->setCurrentLineNumber(LT(0)->getLine());
importer->addMessageToLog(
QString("Warning: import of 'set' commands has not been implemented yet."));
}
(
set_timeout
|
set_ruleset_optimization
|
set_optimization
|
set_limit
|
set_loginterface
|
set_block_policy
|
set_state_policy
|
set_state_defaults
|
set_require_order
|
set_fingerprints
|
set_skip
|
set_debug
|
set_reassemble
)
;
set_timeout
:
TIMEOUT ( timeout_def | timeout_def_list )
;
set_ruleset_optimization
:
"ruleset-optimization"
{
importer->clear();
importer->setCurrentLineNumber(LT(0)->getLine());
importer->error_tracker->registerError(
QString("import of 'set ruleset-optimization' commands is not supported."));
consumeUntil(NEWLINE);
}
;
set_optimization
:
"optimization"
;
set_limit
:
"limit"
;
set_loginterface
:
"loginterface"
{
importer->clear();
importer->setCurrentLineNumber(LT(0)->getLine());
importer->error_tracker->registerError(
QString("import of 'set loginterface' commands is not supported."));
consumeUntil(NEWLINE);
}
;
set_block_policy
:
"block-policy"
{
importer->clear();
importer->setCurrentLineNumber(LT(0)->getLine());
importer->error_tracker->registerError(
QString("import of 'set block-policy' commands is not supported."));
consumeUntil(NEWLINE);
}
;
set_state_policy
:
"state-policy"
;
set_state_defaults
:
"state-defaults"
{
importer->clear();
importer->setCurrentLineNumber(LT(0)->getLine());
importer->error_tracker->registerError(
QString("import of 'set state-defaults' commands is not supported."));
consumeUntil(NEWLINE);
}
;
set_require_order
:
"require-order"
{
importer->clear();
importer->setCurrentLineNumber(LT(0)->getLine());
importer->error_tracker->registerError(
QString("import of 'set require-order' commands is not supported."));
consumeUntil(NEWLINE);
}
;
set_fingerprints
:
"fingerprints"
{
importer->clear();
importer->setCurrentLineNumber(LT(0)->getLine());
importer->error_tracker->registerError(
QString("import of 'set fingerprints' commands is not supported."));
consumeUntil(NEWLINE);
}
;
set_skip
:
"skip"
;
set_debug
:
"debug"
{
importer->clear();
importer->setCurrentLineNumber(LT(0)->getLine());
importer->error_tracker->registerError(
QString("import of 'set debug' commands is not supported."));
consumeUntil(NEWLINE);
}
;
set_reassemble
:
"reassemble"
{
importer->clear();
importer->setCurrentLineNumber(LT(0)->getLine());
importer->error_tracker->registerError(
QString("import of 'set reassemble' commands is not supported."));
consumeUntil(NEWLINE);
}
;
/*
timeout = ( "tcp.first" | "tcp.opening" | "tcp.established" |
"tcp.closing" | "tcp.finwait" | "tcp.closed" |
"udp.first" | "udp.single" | "udp.multiple" |
"icmp.first" | "icmp.error" |
"other.first" | "other.single" | "other.multiple" |
"frag" | "interval" | "src.track" |
"adaptive.start" | "adaptive.end" ) number
*/
timeout_def { std::string timeout_name, timeout_value; }
:
(
"tcp.first"
|
"tcp.opening"
|
"tcp.established"
|
"tcp.closing"
|
"tcp.finwait"
|
"tcp.closed"
|
"udp.first"
|
"udp.single"
|
"udp.multiple"
|
"icmp.first"
|
"icmp.error"
|
"other.first"
|
"other.single"
|
"other.multiple"
|
"frag"
|
"interval"
|
"src.track"
|
"adaptive.start"
|
"adaptive.end"
)
{
timeout_name = LT(0)->getText();
}
INT_CONST
{
timeout_value = LT(0)->getText();
importer->timeouts.push_back(
std::pair<std::string, std::string>(timeout_name, timeout_value));
}
;
timeout_def_list
:
OPENING_BRACE
timeout_def
(
( COMMA )?
timeout_def
)*
CLOSING_BRACE
;
//****************************************************************
scrub_rule : SCRUB
{
@ -573,17 +789,6 @@ binat_rule : BINAT
}
;
//****************************************************************
timeout_rule : TIMEOUT
{
importer->clear();
importer->setCurrentLineNumber(LT(0)->getLine());
importer->addMessageToLog(
QString("Warning: import of 'timeout' commands has not been implemented yet."));
consumeUntil(NEWLINE);
}
;
//****************************************************************
//unknown_rule : WORD

10
src/unit_tests/PFImporterTest/test_data/pf-timeouts.conf Normal file
View File

@ -0,0 +1,10 @@
# these should be all timeouts we support in 4.3
set timeout { interval 10, frag 30 }
set timeout { tcp.first 60, tcp.opening 30, tcp.established 3600, tcp.closing 30, tcp.finwait 2, tcp.closed 10 }
set timeout { udp.first 20, udp.single 10, udp.multiple 15 }
set timeout { icmp.first 11, icmp.error 6 }
set timeout { other.first 40, other.single 20, other.multiple 30 }
set timeout { adaptive.start 10, adaptive.end 5 }
block log all