onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-23 19:57:21 +01:00
Code Issues Releases Wiki Activity

see #2463 implemented import of "scrub" commands in both old and new syntax

Browse Source
This commit is contained in:
Vadim Kurland 2011-06-02 19:02:09 -07:00
parent a0da65ddc9
commit c9211157ff
14 changed files with 2479 additions and 1739 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
src/import/PFImporter.cpp
View File

@ -150,6 +150,8 @@ void PFImporter::clear()
// they is filled when we parse "set timeout", "set limit"
// commands and then used in finalize()
scrub_rule = false;
Importer::clear();
}
@ -1143,6 +1145,53 @@ Firewall* PFImporter::finalize()
addMessageToLog(QString("set debug %1\n").arg(set_debug.c_str()));
}
// Scrub options
if (scrub_options.size() > 0)
{
options->setBool("pf_do_scrub", true);
list<str_tuple>::iterator it;
for (it=scrub_options.begin(); it!=scrub_options.end(); ++it)
{
string name = it->first;
string arg = it->second;
addMessageToLog(QString("scrub %1 %2\n")
.arg(name.c_str()).arg(arg.c_str()));
if (name == "fragment")
{
if (arg == "reassemble")
options->setBool("pf_scrub_reassemble", true);
if (arg == "crop")
options->setBool("pf_scrub_fragm_crop", true);
if (arg == "drop-ovl")
options->setBool("pf_scrub_fragm_drop_ovl", true);
}
if (name == "reassemble")
options->setBool("pf_scrub_reassemble_tcp", true);
if (name == "no-df")
options->setBool("pf_scrub_no_df", true);
if (name == "min-ttl")
{
options->setBool("pf_scrub_use_minttl", true);
options->setStr("pf_scrub_minttl", arg);
}
if (name == "max-mss")
{
options->setBool("pf_scrub_use_maxmss", true);
options->setStr("pf_scrub_maxmss", arg);
}
if (name == "random-id")
options->setBool("pf_scrub_random_id", true);
}
}
return fw;
}
else

5
src/import/PFImporter.h
View File

@ -125,7 +125,10 @@ public:
std::string set_state_policy;
std::string set_skip_on;
std::string set_debug;
std::list<str_tuple> scrub_options;
bool scrub_rule;
PFImporter(libfwbuilder::FWObject *lib,
std::istringstream &input,
libfwbuilder::Logger *log,

538
src/parsers/PFCfgLexer.cpp
View File

@ -44,205 +44,213 @@ PFCfgLexer::PFCfgLexer(const ANTLR_USE_NAMESPACE(antlr)LexerSharedInputState& st
void PFCfgLexer::initLiterals()
{
literals["badhead"] = 188;
literals["notifications"] = 222;
literals["badhead"] = 196;
literals["notifications"] = 230;
literals["state-policy"] = 25;
literals["floating"] = 27;
literals["no"] = 81;
literals["esp"] = 123;
literals["routersol"] = 147;
literals["no"] = 82;
literals["esp"] = 124;
literals["routersol"] = 155;
literals["frags"] = 59;
literals["reply-to"] = 136;
literals["reply-to"] = 137;
literals["icmp.first"] = 45;
literals["string-key"] = 96;
literals["gre"] = 122;
literals["pass"] = 83;
literals["string-key"] = 97;
literals["gre"] = 123;
literals["pass"] = 84;
literals["scrub"] = 64;
literals["warnings"] = 223;
literals["warnings"] = 231;
literals["skip"] = 31;
literals["timeout"] = 12;
literals["eigrp"] = 125;
literals["icmp-type"] = 138;
literals["transit"] = 186;
literals["inet"] = 112;
literals["network"] = 75;
literals["photuris"] = 163;
literals["igmp"] = 117;
literals["unreach"] = 141;
literals["range"] = 215;
literals["rsvp"] = 121;
literals["debugging"] = 218;
literals["host-tos"] = 176;
literals["paramprob"] = 149;
literals["user"] = 109;
literals["interface"] = 204;
literals["eigrp"] = 126;
literals["icmp-type"] = 146;
literals["transit"] = 194;
literals["inet"] = 113;
literals["no-df"] = 141;
literals["network"] = 76;
literals["photuris"] = 171;
literals["igmp"] = 118;
literals["unreach"] = 149;
literals["range"] = 223;
literals["rsvp"] = 122;
literals["debugging"] = 226;
literals["host-tos"] = 184;
literals["paramprob"] = 157;
literals["user"] = 110;
literals["interface"] = 212;
literals["adaptive.end"] = 54;
literals["limit"] = 20;
literals["state-defaults"] = 28;
literals["hex-key"] = 95;
literals["net-unk"] = 170;
literals["hex-key"] = 96;
literals["net-unk"] = 178;
literals["antispoof"] = 8;
literals["udp.single"] = 43;
literals["inforeq"] = 152;
literals["ipv6-here"] = 160;
literals["redir"] = 143;
literals["static-port"] = 85;
literals["common-adv"] = 185;
literals["inforeq"] = 160;
literals["ipv6-here"] = 168;
literals["redir"] = 151;
literals["static-port"] = 86;
literals["common-adv"] = 193;
literals["loginterface"] = 21;
literals["ip"] = 115;
literals["mobregreq"] = 161;
literals["ip"] = 116;
literals["mobregreq"] = 169;
literals["conservative"] = 16;
literals["ospf"] = 126;
literals["proto-unr"] = 166;
literals["peer"] = 77;
literals["inforep"] = 153;
literals["errors"] = 220;
literals["ospf"] = 127;
literals["proto-unr"] = 174;
literals["peer"] = 78;
literals["inforep"] = 161;
literals["errors"] = 228;
literals["tables-entries"] = 63;
literals["any"] = 133;
literals["mobregrep"] = 162;
literals["label"] = 201;
literals["pptp"] = 211;
literals["synproxy"] = 199;
literals["any"] = 134;
literals["mobregrep"] = 170;
literals["label"] = 209;
literals["pptp"] = 219;
literals["synproxy"] = 207;
literals["debug"] = 33;
literals["alerts"] = 216;
literals["all"] = 108;
literals["state"] = 200;
literals["tag"] = 196;
literals["in"] = 105;
literals["alerts"] = 224;
literals["all"] = 109;
literals["state"] = 208;
literals["tag"] = 204;
literals["in"] = 106;
literals["tables"] = 62;
literals["file"] = 71;
literals["nos"] = 208;
literals["file"] = 72;
literals["nos"] = 216;
literals["src-nodes"] = 61;
literals["ipv6-where"] = 159;
literals["ipv6-where"] = 167;
literals["require-order"] = 29;
literals["udp"] = 119;
literals["udp"] = 120;
literals["states"] = 60;
literals["sticky-address"] = 98;
literals["return-icmp"] = 103;
literals["redir-tos-net"] = 182;
literals["pim"] = 210;
literals["emergencies"] = 219;
literals["squench"] = 142;
literals["disable"] = 224;
literals["flags"] = 137;
literals["tcp"] = 118;
literals["net-tos"] = 175;
literals["sticky-address"] = 99;
literals["return-icmp"] = 104;
literals["redir-tos-net"] = 190;
literals["pim"] = 218;
literals["emergencies"] = 227;
literals["squench"] = 150;
literals["disable"] = 232;
literals["flags"] = 145;
literals["tcp"] = 119;
literals["net-tos"] = 183;
literals["reassemble"] = 34;
literals["adaptive.start"] = 53;
literals["frag"] = 50;
literals["port"] = 89;
literals["icmp"] = 116;
literals["to"] = 110;
literals["return-rst"] = 101;
literals["normal-adv"] = 184;
literals["port"] = 90;
literals["icmp"] = 117;
literals["to"] = 111;
literals["return-rst"] = 102;
literals["normal-adv"] = 192;
literals["optimization"] = 14;
literals["log"] = 107;
literals["snp"] = 213;
literals["broadcast"] = 76;
literals["icmp6-type"] = 194;
literals["log"] = 108;
literals["fragment"] = 138;
literals["snp"] = 221;
literals["broadcast"] = 77;
literals["icmp6-type"] = 202;
literals["normal"] = 18;
literals["code"] = 139;
literals["code"] = 147;
literals["if-bound"] = 26;
literals["src.track"] = 52;
literals["routeradv"] = 146;
literals["drop-ovl"] = 140;
literals["routeradv"] = 154;
literals["other.single"] = 48;
literals["bitmask"] = 92;
literals["maskreq"] = 154;
literals["ipip"] = 127;
literals["bitmask"] = 93;
literals["maskreq"] = 162;
literals["ipip"] = 128;
literals["tcp.closed"] = 41;
literals["block"] = 100;
literals["block"] = 101;
literals["high-latency"] = 17;
literals["udp.first"] = 42;
literals["badlen"] = 190;
literals["badlen"] = 198;
literals["tcp.first"] = 36;
literals["host-unr"] = 165;
literals["ah"] = 124;
literals["modulate"] = 198;
literals["host-unr"] = 173;
literals["ah"] = 125;
literals["random-id"] = 144;
literals["modulate"] = 206;
literals["interval"] = 51;
literals["maskrep"] = 155;
literals["maskrep"] = 163;
literals["ruleset-optimization"] = 13;
literals["trace"] = 156;
literals["rip"] = 212;
literals["urpf-failed"] = 132;
literals["trace"] = 164;
literals["rip"] = 220;
literals["urpf-failed"] = 133;
literals["set"] = 11;
literals["source-hash"] = 94;
literals["critical"] = 217;
literals["quit"] = 203;
literals["source-hash"] = 95;
literals["critical"] = 225;
literals["quit"] = 211;
literals["icmp.error"] = 46;
literals["const"] = 69;
literals["const"] = 70;
literals["altq"] = 9;
literals["tcp.closing"] = 39;
literals["port-unr"] = 167;
literals["table"] = 65;
literals["redir-tos-host"] = 183;
literals["port-unr"] = 175;
literals["table"] = 66;
literals["redir-tos-host"] = 191;
literals["fingerprints"] = 30;
literals["return"] = 24;
literals["optmiss"] = 189;
literals["keep"] = 197;
literals["net-prohib"] = 173;
literals["inet6"] = 113;
literals["from"] = 131;
literals["optmiss"] = 197;
literals["match"] = 65;
literals["keep"] = 205;
literals["net-prohib"] = 181;
literals["inet6"] = 114;
literals["from"] = 132;
literals["tcp.finwait"] = 40;
literals["hostid"] = 35;
literals["proto"] = 114;
literals["vrrp"] = 128;
literals["proto"] = 115;
literals["vrrp"] = 129;
literals["drop"] = 23;
literals["l2tp"] = 129;
literals["isolate"] = 172;
literals["timereq"] = 150;
literals["l2tp"] = 130;
literals["max-mss"] = 143;
literals["isolate"] = 180;
literals["timereq"] = 158;
literals["aggressive"] = 15;
literals["icmp6"] = 205;
literals["echoreq"] = 145;
literals["icmp6"] = 213;
literals["echoreq"] = 153;
literals["tcp.established"] = 38;
literals["decrypt-fail"] = 193;
literals["mobredir"] = 158;
literals["decrypt-fail"] = 201;
literals["mobredir"] = 166;
literals["other.first"] = 47;
literals["ipsec"] = 207;
literals["no-route"] = 134;
literals["random"] = 93;
literals["binat"] = 99;
literals["srcfail"] = 169;
literals["self"] = 78;
literals["timerep"] = 151;
literals["host-preced"] = 178;
literals["host"] = 214;
literals["echorep"] = 140;
literals["ipsec"] = 215;
literals["no-route"] = 135;
literals["random"] = 94;
literals["binat"] = 100;
literals["srcfail"] = 177;
literals["self"] = 79;
literals["timerep"] = 159;
literals["crop"] = 139;
literals["host-preced"] = 186;
literals["host"] = 222;
literals["echorep"] = 148;
literals["other.multiple"] = 49;
literals["althost"] = 144;
literals["althost"] = 152;
literals["udp.multiple"] = 44;
literals["cutoff-preced"] = 179;
literals["redir-host"] = 181;
literals["rdr"] = 86;
literals["tagged"] = 195;
literals["cutoff-preced"] = 187;
literals["redir-host"] = 189;
literals["rdr"] = 87;
literals["tagged"] = 203;
literals["on"] = 32;
literals["round-robin"] = 97;
literals["pcp"] = 209;
literals["round-robin"] = 98;
literals["pcp"] = 217;
literals["block-policy"] = 22;
literals["persist"] = 68;
literals["unknown-ind"] = 191;
literals["redir-net"] = 180;
literals["filter-prohib"] = 177;
literals["nat"] = 82;
literals["persist"] = 69;
literals["unknown-ind"] = 199;
literals["redir-net"] = 188;
literals["filter-prohib"] = 185;
literals["nat"] = 83;
literals["satellite"] = 19;
literals["informational"] = 221;
literals["needfrag"] = 168;
literals["informational"] = 229;
literals["needfrag"] = 176;
literals["tcp.opening"] = 37;
literals["igrp"] = 206;
literals["quick"] = 111;
literals["timex"] = 148;
literals["host-unk"] = 171;
literals["route-to"] = 135;
literals["dataconv"] = 157;
literals["rdp"] = 120;
literals["net-unr"] = 164;
literals["igrp"] = 214;
literals["quick"] = 112;
literals["timex"] = 156;
literals["host-unk"] = 179;
literals["route-to"] = 136;
literals["dataconv"] = 165;
literals["rdp"] = 121;
literals["net-unr"] = 172;
literals["queue"] = 10;
literals["isis"] = 130;
literals["reassemb"] = 187;
literals["inactive"] = 225;
literals["out"] = 106;
literals["auth-fail"] = 192;
literals["exit"] = 202;
literals["host-prohib"] = 174;
literals["isis"] = 131;
literals["reassemb"] = 195;
literals["inactive"] = 233;
literals["out"] = 107;
literals["min-ttl"] = 142;
literals["auth-fail"] = 200;
literals["exit"] = 210;
literals["host-prohib"] = 182;
}
ANTLR_USE_NAMESPACE(antlr)RefToken PFCfgLexer::nextToken()
@ -550,11 +558,11 @@ void PFCfgLexer::mLINE_COMMENT(bool _createToken) {
}
}
else {
goto _loop237;
goto _loop248;
}
}
_loop237:;
_loop248:;
} // ( ... )*
mNEWLINE(false);
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
@ -586,9 +594,9 @@ void PFCfgLexer::mNEWLINE(bool _createToken) {
}
if ( inputState->guessing==0 ) {
#line 1787 "pf.g"
#line 1890 "pf.g"
newline();
#line 592 "PFCfgLexer.cpp"
#line 600 "PFCfgLexer.cpp"
}
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
@ -667,9 +675,9 @@ void PFCfgLexer::mWhitespace(bool _createToken) {
}
}
if ( inputState->guessing==0 ) {
#line 1782 "pf.g"
#line 1885 "pf.g"
_ttype = ANTLR_USE_NAMESPACE(antlr)Token::SKIP;
#line 673 "PFCfgLexer.cpp"
#line 681 "PFCfgLexer.cpp"
}
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
@ -894,10 +902,10 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
_ttype = NUMBER_ADDRESS_OR_WORD;
ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
bool synPredMatched275 = false;
bool synPredMatched286 = false;
if (((_tokenSet_2.member(LA(1))) && (_tokenSet_3.member(LA(2))) && (_tokenSet_3.member(LA(3))))) {
int _m275 = mark();
synPredMatched275 = true;
int _m286 = mark();
synPredMatched286 = true;
inputState->guessing++;
try {
{
@ -906,60 +914,60 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) {
synPredMatched275 = false;
synPredMatched286 = false;
}
rewind(_m275);
rewind(_m286);
inputState->guessing--;
}
if ( synPredMatched275 ) {
if ( synPredMatched286 ) {
{
bool synPredMatched280 = false;
bool synPredMatched291 = false;
if (((_tokenSet_2.member(LA(1))) && (_tokenSet_3.member(LA(2))) && (_tokenSet_3.member(LA(3))))) {
int _m280 = mark();
synPredMatched280 = true;
int _m291 = mark();
synPredMatched291 = true;
inputState->guessing++;
try {
{
{ // ( ... )+
int _cnt279=0;
int _cnt290=0;
for (;;) {
if ((_tokenSet_2.member(LA(1)))) {
mNUM_HEX_4DIGIT(false);
match(':' /* charlit */ );
}
else {
if ( _cnt279>=1 ) { goto _loop279; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
if ( _cnt290>=1 ) { goto _loop290; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt279++;
_cnt290++;
}
_loop279:;
_loop290:;
} // ( ... )+
match(':' /* charlit */ );
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) {
synPredMatched280 = false;
synPredMatched291 = false;
}
rewind(_m280);
rewind(_m291);
inputState->guessing--;
}
if ( synPredMatched280 ) {
if ( synPredMatched291 ) {
{
{ // ( ... )+
int _cnt283=0;
int _cnt294=0;
for (;;) {
if ((_tokenSet_2.member(LA(1)))) {
mNUM_HEX_4DIGIT(false);
match(':' /* charlit */ );
}
else {
if ( _cnt283>=1 ) { goto _loop283; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
if ( _cnt294>=1 ) { goto _loop294; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt283++;
_cnt294++;
}
_loop283:;
_loop294:;
} // ( ... )+
match(':' /* charlit */ );
{
@ -972,11 +980,11 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
mNUM_HEX_4DIGIT(false);
}
else {
goto _loop286;
goto _loop297;
}
}
_loop286:;
_loop297:;
} // ( ... )*
}
else {
@ -985,34 +993,34 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
}
}
if ( inputState->guessing==0 ) {
#line 1835 "pf.g"
#line 1938 "pf.g"
_ttype = IPV6;
#line 991 "PFCfgLexer.cpp"
#line 999 "PFCfgLexer.cpp"
}
}
else if ((_tokenSet_2.member(LA(1))) && (_tokenSet_3.member(LA(2))) && (_tokenSet_3.member(LA(3)))) {
{
mNUM_HEX_4DIGIT(false);
{ // ( ... )+
int _cnt289=0;
int _cnt300=0;
for (;;) {
if ((LA(1) == 0x3a /* ':' */ )) {
match(':' /* charlit */ );
mNUM_HEX_4DIGIT(false);
}
else {
if ( _cnt289>=1 ) { goto _loop289; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
if ( _cnt300>=1 ) { goto _loop300; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt289++;
_cnt300++;
}
_loop289:;
_loop300:;
} // ( ... )+
}
if ( inputState->guessing==0 ) {
#line 1837 "pf.g"
#line 1940 "pf.g"
_ttype = IPV6;
#line 1016 "PFCfgLexer.cpp"
#line 1024 "PFCfgLexer.cpp"
}
}
else {
@ -1022,10 +1030,10 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
}
}
else {
bool synPredMatched291 = false;
bool synPredMatched302 = false;
if (((LA(1) == 0x3a /* ':' */ ) && (LA(2) == 0x3a /* ':' */ ) && (_tokenSet_2.member(LA(3))))) {
int _m291 = mark();
synPredMatched291 = true;
int _m302 = mark();
synPredMatched302 = true;
inputState->guessing++;
try {
{
@ -1035,12 +1043,12 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) {
synPredMatched291 = false;
synPredMatched302 = false;
}
rewind(_m291);
rewind(_m302);
inputState->guessing--;
}
if ( synPredMatched291 ) {
if ( synPredMatched302 ) {
match(':' /* charlit */ );
match(':' /* charlit */ );
mNUM_HEX_4DIGIT(false);
@ -1051,23 +1059,23 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
mNUM_HEX_4DIGIT(false);
}
else {
goto _loop293;
goto _loop304;
}
}
_loop293:;
_loop304:;
} // ( ... )*
if ( inputState->guessing==0 ) {
#line 1841 "pf.g"
#line 1944 "pf.g"
_ttype = IPV6;
#line 1064 "PFCfgLexer.cpp"
#line 1072 "PFCfgLexer.cpp"
}
}
else {
bool synPredMatched295 = false;
bool synPredMatched306 = false;
if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (_tokenSet_4.member(LA(2))) && (_tokenSet_4.member(LA(3))))) {
int _m295 = mark();
synPredMatched295 = true;
int _m306 = mark();
synPredMatched306 = true;
inputState->guessing++;
try {
{
@ -1078,12 +1086,12 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) {
synPredMatched295 = false;
synPredMatched306 = false;
}
rewind(_m295);
rewind(_m306);
inputState->guessing--;
}
if ( synPredMatched295 ) {
if ( synPredMatched306 ) {
{
mNUM_3DIGIT(false);
match('.' /* charlit */ );
@ -1094,144 +1102,144 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
mNUM_3DIGIT(false);
}
if ( inputState->guessing==0 ) {
#line 1859 "pf.g"
#line 1962 "pf.g"
_ttype = IPV4;
#line 1100 "PFCfgLexer.cpp"
#line 1108 "PFCfgLexer.cpp"
}
}
else {
bool synPredMatched302 = false;
bool synPredMatched313 = false;
if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (_tokenSet_4.member(LA(2))) && (_tokenSet_4.member(LA(3))))) {
int _m302 = mark();
synPredMatched302 = true;
int _m313 = mark();
synPredMatched313 = true;
inputState->guessing++;
try {
{
{ // ( ... )+
int _cnt299=0;
int _cnt310=0;
for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mDIGIT(false);
}
else {
if ( _cnt299>=1 ) { goto _loop299; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
if ( _cnt310>=1 ) { goto _loop310; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt299++;
_cnt310++;
}
_loop299:;
_loop310:;
} // ( ... )+
match('.' /* charlit */ );
{ // ( ... )+
int _cnt301=0;
int _cnt312=0;
for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mDIGIT(false);
}
else {
if ( _cnt301>=1 ) { goto _loop301; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
if ( _cnt312>=1 ) { goto _loop312; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt301++;
_cnt312++;
}
_loop301:;
_loop312:;
} // ( ... )+
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) {
synPredMatched302 = false;
synPredMatched313 = false;
}
rewind(_m302);
rewind(_m313);
inputState->guessing--;
}
if ( synPredMatched302 ) {
if ( synPredMatched313 ) {
{
{ // ( ... )+
int _cnt305=0;
int _cnt316=0;
for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mDIGIT(false);
}
else {
if ( _cnt305>=1 ) { goto _loop305; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
if ( _cnt316>=1 ) { goto _loop316; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt305++;
_cnt316++;
}
_loop305:;
_loop316:;
} // ( ... )+
match('.' /* charlit */ );
{ // ( ... )+
int _cnt307=0;
int _cnt318=0;
for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mDIGIT(false);
}
else {
if ( _cnt307>=1 ) { goto _loop307; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
if ( _cnt318>=1 ) { goto _loop318; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt307++;
_cnt318++;
}
_loop307:;
_loop318:;
} // ( ... )+
}
if ( inputState->guessing==0 ) {
#line 1862 "pf.g"
#line 1965 "pf.g"
_ttype = NUMBER;
#line 1183 "PFCfgLexer.cpp"
#line 1191 "PFCfgLexer.cpp"
}
}
else {
bool synPredMatched265 = false;
bool synPredMatched276 = false;
if (((_tokenSet_2.member(LA(1))) && (_tokenSet_3.member(LA(2))) && (true))) {
int _m265 = mark();
synPredMatched265 = true;
int _m276 = mark();
synPredMatched276 = true;
inputState->guessing++;
try {
{
{ // ( ... )+
int _cnt264=0;
int _cnt275=0;
for (;;) {
if ((_tokenSet_2.member(LA(1)))) {
mHEX_DIGIT(false);
}
else {
if ( _cnt264>=1 ) { goto _loop264; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
if ( _cnt275>=1 ) { goto _loop275; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt264++;
_cnt275++;
}
_loop264:;
_loop275:;
} // ( ... )+
match(':' /* charlit */ );
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) {
synPredMatched265 = false;
synPredMatched276 = false;
}
rewind(_m265);
rewind(_m276);
inputState->guessing--;
}
if ( synPredMatched265 ) {
if ( synPredMatched276 ) {
{
{
{ // ( ... )+
int _cnt269=0;
int _cnt280=0;
for (;;) {
if ((_tokenSet_2.member(LA(1)))) {
mHEX_DIGIT(false);
}
else {
if ( _cnt269>=1 ) { goto _loop269; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
if ( _cnt280>=1 ) { goto _loop280; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt269++;
_cnt280++;
}
_loop269:;
_loop280:;
} // ( ... )+
{ // ( ... )+
int _cnt273=0;
int _cnt284=0;
for (;;) {
if ((LA(1) == 0x3a /* ':' */ )) {
match(':' /* charlit */ );
@ -1241,26 +1249,26 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
mHEX_DIGIT(false);
}
else {
goto _loop272;
goto _loop283;
}
}
_loop272:;
_loop283:;
} // ( ... )*
}
else {
if ( _cnt273>=1 ) { goto _loop273; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
if ( _cnt284>=1 ) { goto _loop284; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt273++;
_cnt284++;
}
_loop273:;
_loop284:;
} // ( ... )+
}
if ( inputState->guessing==0 ) {
#line 1826 "pf.g"
#line 1929 "pf.g"
_ttype = IPV6;
#line 1264 "PFCfgLexer.cpp"
#line 1272 "PFCfgLexer.cpp"
}
}
}
@ -1268,38 +1276,38 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
match(':' /* charlit */ );
match(':' /* charlit */ );
if ( inputState->guessing==0 ) {
#line 1843 "pf.g"
#line 1946 "pf.g"
_ttype = IPV6;
#line 1274 "PFCfgLexer.cpp"
#line 1282 "PFCfgLexer.cpp"
}
}
else if ((LA(1) == 0x3a /* ':' */ ) && (true)) {
match(':' /* charlit */ );
if ( inputState->guessing==0 ) {
#line 1845 "pf.g"
#line 1948 "pf.g"
_ttype = COLON;
#line 1282 "PFCfgLexer.cpp"
#line 1290 "PFCfgLexer.cpp"
}
}
else if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (true) && (true)) {
{ // ( ... )+
int _cnt309=0;
int _cnt320=0;
for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mDIGIT(false);
}
else {
if ( _cnt309>=1 ) { goto _loop309; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
if ( _cnt320>=1 ) { goto _loop320; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt309++;
_cnt320++;
}
_loop309:;
_loop320:;
} // ( ... )+
if ( inputState->guessing==0 ) {
#line 1864 "pf.g"
#line 1967 "pf.g"
_ttype = INT_CONST;
#line 1303 "PFCfgLexer.cpp"
#line 1311 "PFCfgLexer.cpp"
}
}
else if ((_tokenSet_5.member(LA(1))) && (true) && (true)) {
@ -1515,16 +1523,16 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
}
default:
{
goto _loop312;
goto _loop323;
}
}
}
_loop312:;
_loop323:;
} // ( ... )*
if ( inputState->guessing==0 ) {
#line 1877 "pf.g"
#line 1980 "pf.g"
_ttype = WORD;
#line 1528 "PFCfgLexer.cpp"
#line 1536 "PFCfgLexer.cpp"
}
}
else {
@ -1552,11 +1560,11 @@ void PFCfgLexer::mSTRING(bool _createToken) {
matchNot('\"' /* charlit */ );
}
else {
goto _loop315;
goto _loop326;
}
}
_loop315:;
_loop326:;
} // ( ... )*
match('\"' /* charlit */ );
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
@ -1971,7 +1979,7 @@ const unsigned long PFCfgLexer::_tokenSet_0_data_[] = { 4294958072UL, 1UL, 0UL,
// 0xc8 0xc9 0xca 0xcb 0xcc 0xcd 0xce 0xcf 0xd0 0xd1 0xd2 0xd3 0xd4 0xd5
// 0xd6 0xd7 0xd8 0xd9 0xda 0xdb 0xdc 0xdd 0xde 0xdf 0xe0 0xe1 0xe2 0xe3
// 0xe4 0xe5 0xe6 0xe7 0xe8 0xe9 0xea 0xeb 0xec 0xed 0xee 0xef 0xf0 0xf1
// 0xf2 0xf3 0xf4 0xf5 0xf6 0xf7 0xf8 0xf9 0xfa
// 0xf2 0xf3 0xf4 0xf5 0xf6 0xf7 0xf8 0xf9 0xfa 0xfb 0xfc 0xfd 0xfe 0xff
const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgLexer::_tokenSet_0(_tokenSet_0_data_,16);
const unsigned long PFCfgLexer::_tokenSet_1_data_[] = { 4294958072UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL };
// 0x3 0x4 0x5 0x6 0x7 0x8 0x9 0xb 0xc 0xe 0xf 0x10 0x11 0x12 0x13 0x14
@ -1987,7 +1995,7 @@ const unsigned long PFCfgLexer::_tokenSet_1_data_[] = { 4294958072UL, 4294967295
// 0xca 0xcb 0xcc 0xcd 0xce 0xcf 0xd0 0xd1 0xd2 0xd3 0xd4 0xd5 0xd6 0xd7
// 0xd8 0xd9 0xda 0xdb 0xdc 0xdd 0xde 0xdf 0xe0 0xe1 0xe2 0xe3 0xe4 0xe5
// 0xe6 0xe7 0xe8 0xe9 0xea 0xeb 0xec 0xed 0xee 0xef 0xf0 0xf1 0xf2 0xf3
// 0xf4 0xf5 0xf6 0xf7 0xf8 0xf9 0xfa
// 0xf4 0xf5 0xf6 0xf7 0xf8 0xf9 0xfa 0xfb 0xfc 0xfd 0xfe 0xff
const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgLexer::_tokenSet_1(_tokenSet_1_data_,16);
const unsigned long PFCfgLexer::_tokenSet_2_data_[] = { 0UL, 67043328UL, 126UL, 126UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL };
// 0 1 2 3 4 5 6 7 8 9 A B C D E F a b c d e f
@ -2016,6 +2024,6 @@ const unsigned long PFCfgLexer::_tokenSet_6_data_[] = { 4294967288UL, 4294967291
// 0xca 0xcb 0xcc 0xcd 0xce 0xcf 0xd0 0xd1 0xd2 0xd3 0xd4 0xd5 0xd6 0xd7
// 0xd8 0xd9 0xda 0xdb 0xdc 0xdd 0xde 0xdf 0xe0 0xe1 0xe2 0xe3 0xe4 0xe5
// 0xe6 0xe7 0xe8 0xe9 0xea 0xeb 0xec 0xed 0xee 0xef 0xf0 0xf1 0xf2 0xf3
// 0xf4 0xf5 0xf6 0xf7 0xf8 0xf9 0xfa
// 0xf4 0xf5 0xf6 0xf7 0xf8 0xf9 0xfa 0xfb 0xfc 0xfd 0xfe 0xff
const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgLexer::_tokenSet_6(_tokenSet_6_data_,16);

2643
src/parsers/PFCfgParser.cpp
View File

File diff suppressed because it is too large Load Diff

21
src/parsers/PFCfgParser.hpp
View File

@ -97,6 +97,7 @@ public:
public: void queue_rule();
public: void set_rule();
public: void scrub_rule();
public: void match_rule();
public: void table_rule();
public: void no_nat_rule();
public: void nat_rule();
@ -122,6 +123,7 @@ public:
public: void timeout_def_list();
public: void limit_def();
public: void limit_def_list();
public: void rule_extended();
public: void tableaddr_spec();
public: void logging();
public: void intrface();
@ -135,7 +137,6 @@ public:
public: void portspec();
public: void pooltype();
public: void port_def();
public: void rule_extended();
public: void block_return();
public: void icmp_code_by_name();
public: void direction();
@ -170,6 +171,10 @@ public:
public: void state();
public: void queue();
public: void label();
public: void match_rule_scrub_options();
public: void scrub_options();
public: void scrub_option();
public: void scrub_option_list();
public: void icmp_type_code();
public: void icmp_list();
public: void icmp_type_by_name();
@ -188,10 +193,10 @@ protected:
private:
static const char* tokenNames[];
#ifndef NO_STATIC_CONSTS
static const int NUM_TOKENS = 251;
static const int NUM_TOKENS = 259;
#else
enum {
NUM_TOKENS = 251
NUM_TOKENS = 259
};
#endif
@ -293,6 +298,16 @@ private:
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_47;
static const unsigned long _tokenSet_48_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_48;
static const unsigned long _tokenSet_49_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_49;
static const unsigned long _tokenSet_50_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_50;
static const unsigned long _tokenSet_51_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_51;
static const unsigned long _tokenSet_52_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_52;
static const unsigned long _tokenSet_53_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_53;
};
#endif /*INC_PFCfgParser_hpp_*/

380
src/parsers/PFCfgParserTokenTypes.hpp
View File

@ -73,192 +73,200 @@ struct CUSTOM_API PFCfgParserTokenTypes {
LITERAL_tables = 62,
// "tables-entries" = 63
SCRUB = 64,
TABLE = 65,
LESS_THAN = 66,
GREATER_THAN = 67,
PERSIST = 68,
CONST = 69,
COUNTERS = 70,
FILE = 71,
STRING = 72,
EXLAMATION = 73,
COLON = 74,
NETWORK = 75,
BROADCAST = 76,
PEER = 77,
SELF = 78,
IPV4 = 79,
SLASH = 80,
NO = 81,
NAT = 82,
PASS = 83,
MINUS = 84,
STATIC_PORT = 85,
RDR = 86,
OPENING_PAREN = 87,
CLOSING_PAREN = 88,
PORT = 89,
IPV6 = 90,
STAR = 91,
BITMASK = 92,
RANDOM = 93,
SOURCE_HASH = 94,
HEX_KEY = 95,
STRING_KEY = 96,
ROUND_ROBIN = 97,
STICKY_ADDRESS = 98,
BINAT = 99,
BLOCK = 100,
RETURN_RST = 101,
TTL = 102,
RETURN_ICMP = 103,
RETURN_ICMP6 = 104,
IN = 105,
OUT = 106,
LOG = 107,
ALL = 108,
USER = 109,
TO = 110,
QUICK = 111,
INET = 112,
INET6 = 113,
PROTO = 114,
IP = 115,
ICMP = 116,
IGMP = 117,
TCP = 118,
UDP = 119,
RDP = 120,
RSVP = 121,
GRE = 122,
ESP = 123,
AH = 124,
EIGRP = 125,
OSPF = 126,
IPIP = 127,
VRRP = 128,
L2TP = 129,
ISIS = 130,
FROM = 131,
URPF_FAILED = 132,
ANY = 133,
NO_ROUTE = 134,
ROUTE_TO = 135,
REPLY_TO = 136,
FLAGS = 137,
ICMP_TYPE = 138,
ICMP_CODE = 139,
LITERAL_echorep = 140,
LITERAL_unreach = 141,
LITERAL_squench = 142,
LITERAL_redir = 143,
LITERAL_althost = 144,
LITERAL_echoreq = 145,
LITERAL_routeradv = 146,
LITERAL_routersol = 147,
LITERAL_timex = 148,
LITERAL_paramprob = 149,
LITERAL_timereq = 150,
LITERAL_timerep = 151,
LITERAL_inforeq = 152,
LITERAL_inforep = 153,
LITERAL_maskreq = 154,
LITERAL_maskrep = 155,
LITERAL_trace = 156,
LITERAL_dataconv = 157,
LITERAL_mobredir = 158,
// "ipv6-where" = 159
// "ipv6-here" = 160
LITERAL_mobregreq = 161,
LITERAL_mobregrep = 162,
LITERAL_photuris = 163,
// "net-unr" = 164
// "host-unr" = 165
// "proto-unr" = 166
// "port-unr" = 167
LITERAL_needfrag = 168,
LITERAL_srcfail = 169,
// "net-unk" = 170
// "host-unk" = 171
LITERAL_isolate = 172,
// "net-prohib" = 173
// "host-prohib" = 174
// "net-tos" = 175
// "host-tos" = 176
// "filter-prohib" = 177
// "host-preced" = 178
// "cutoff-preced" = 179
// "redir-net" = 180
// "redir-host" = 181
// "redir-tos-net" = 182
// "redir-tos-host" = 183
// "normal-adv" = 184
// "common-adv" = 185
LITERAL_transit = 186,
LITERAL_reassemb = 187,
LITERAL_badhead = 188,
LITERAL_optmiss = 189,
LITERAL_badlen = 190,
// "unknown-ind" = 191
// "auth-fail" = 192
// "decrypt-fail" = 193
ICMP6_TYPE = 194,
TAGGED = 195,
TAG = 196,
KEEP = 197,
MODULATE = 198,
SYNPROXY = 199,
STATE = 200,
LABEL = 201,
EXIT = 202,
QUIT = 203,
INTRFACE = 204,
ICMP6 = 205,
IGRP = 206,
IPSEC = 207,
NOS = 208,
PCP = 209,
PIM = 210,
PPTP = 211,
RIP = 212,
SNP = 213,
HOST = 214,
RANGE = 215,
LOG_LEVEL_ALERTS = 216,
LOG_LEVEL_CRITICAL = 217,
LOG_LEVEL_DEBUGGING = 218,
LOG_LEVEL_EMERGENCIES = 219,
LOG_LEVEL_ERRORS = 220,
LOG_LEVEL_INFORMATIONAL = 221,
LOG_LEVEL_NOTIFICATIONS = 222,
LOG_LEVEL_WARNINGS = 223,
LOG_LEVEL_DISABLE = 224,
LOG_LEVEL_INACTIVE = 225,
Whitespace = 226,
HEX_CONST = 227,
NUMBER = 228,
NEG_INT_CONST = 229,
HEX_DIGIT = 230,
DIGIT = 231,
NUM_3DIGIT = 232,
NUM_HEX_4DIGIT = 233,
NUMBER_ADDRESS_OR_WORD = 234,
PIPE_CHAR = 235,
NUMBER_SIGN = 236,
PERCENT = 237,
AMPERSAND = 238,
APOSTROPHE = 239,
PLUS = 240,
DOT = 241,
SEMICOLON = 242,
QUESTION = 243,
COMMERCIAL_AT = 244,
OPENING_SQUARE = 245,
CLOSING_SQUARE = 246,
CARET = 247,
UNDERLINE = 248,
TILDE = 249,
DOUBLE_QUOTE = 250,
MATCH = 65,
TABLE = 66,
LESS_THAN = 67,
GREATER_THAN = 68,
PERSIST = 69,
CONST = 70,
COUNTERS = 71,
FILE = 72,
STRING = 73,
EXLAMATION = 74,
COLON = 75,
NETWORK = 76,
BROADCAST = 77,
PEER = 78,
SELF = 79,
IPV4 = 80,
SLASH = 81,
NO = 82,
NAT = 83,
PASS = 84,
MINUS = 85,
STATIC_PORT = 86,
RDR = 87,
OPENING_PAREN = 88,
CLOSING_PAREN = 89,
PORT = 90,
IPV6 = 91,
STAR = 92,
BITMASK = 93,
RANDOM = 94,
SOURCE_HASH = 95,
HEX_KEY = 96,
STRING_KEY = 97,
ROUND_ROBIN = 98,
STICKY_ADDRESS = 99,
BINAT = 100,
BLOCK = 101,
RETURN_RST = 102,
TTL = 103,
RETURN_ICMP = 104,
RETURN_ICMP6 = 105,
IN = 106,
OUT = 107,
LOG = 108,
ALL = 109,
USER = 110,
TO = 111,
QUICK = 112,
INET = 113,
INET6 = 114,
PROTO = 115,
IP = 116,
ICMP = 117,
IGMP = 118,
TCP = 119,
UDP = 120,
RDP = 121,
RSVP = 122,
GRE = 123,
ESP = 124,
AH = 125,
EIGRP = 126,
OSPF = 127,
IPIP = 128,
VRRP = 129,
L2TP = 130,
ISIS = 131,
FROM = 132,
URPF_FAILED = 133,
ANY = 134,
NO_ROUTE = 135,
ROUTE_TO = 136,
REPLY_TO = 137,
LITERAL_fragment = 138,
LITERAL_crop = 139,
// "drop-ovl" = 140
// "no-df" = 141
// "min-ttl" = 142
// "max-mss" = 143
// "random-id" = 144
FLAGS = 145,
ICMP_TYPE = 146,
ICMP_CODE = 147,
LITERAL_echorep = 148,
LITERAL_unreach = 149,
LITERAL_squench = 150,
LITERAL_redir = 151,
LITERAL_althost = 152,
LITERAL_echoreq = 153,
LITERAL_routeradv = 154,
LITERAL_routersol = 155,
LITERAL_timex = 156,
LITERAL_paramprob = 157,
LITERAL_timereq = 158,
LITERAL_timerep = 159,
LITERAL_inforeq = 160,
LITERAL_inforep = 161,
LITERAL_maskreq = 162,
LITERAL_maskrep = 163,
LITERAL_trace = 164,
LITERAL_dataconv = 165,
LITERAL_mobredir = 166,
// "ipv6-where" = 167
// "ipv6-here" = 168
LITERAL_mobregreq = 169,
LITERAL_mobregrep = 170,
LITERAL_photuris = 171,
// "net-unr" = 172
// "host-unr" = 173
// "proto-unr" = 174
// "port-unr" = 175
LITERAL_needfrag = 176,
LITERAL_srcfail = 177,
// "net-unk" = 178
// "host-unk" = 179
LITERAL_isolate = 180,
// "net-prohib" = 181
// "host-prohib" = 182
// "net-tos" = 183
// "host-tos" = 184
// "filter-prohib" = 185
// "host-preced" = 186
// "cutoff-preced" = 187
// "redir-net" = 188
// "redir-host" = 189
// "redir-tos-net" = 190
// "redir-tos-host" = 191
// "normal-adv" = 192
// "common-adv" = 193
LITERAL_transit = 194,
LITERAL_reassemb = 195,
LITERAL_badhead = 196,
LITERAL_optmiss = 197,
LITERAL_badlen = 198,
// "unknown-ind" = 199
// "auth-fail" = 200
// "decrypt-fail" = 201
ICMP6_TYPE = 202,
TAGGED = 203,
TAG = 204,
KEEP = 205,
MODULATE = 206,
SYNPROXY = 207,
STATE = 208,
LABEL = 209,
EXIT = 210,
QUIT = 211,
INTRFACE = 212,
ICMP6 = 213,
IGRP = 214,
IPSEC = 215,
NOS = 216,
PCP = 217,
PIM = 218,
PPTP = 219,
RIP = 220,
SNP = 221,
HOST = 222,
RANGE = 223,
LOG_LEVEL_ALERTS = 224,
LOG_LEVEL_CRITICAL = 225,
LOG_LEVEL_DEBUGGING = 226,
LOG_LEVEL_EMERGENCIES = 227,
LOG_LEVEL_ERRORS = 228,
LOG_LEVEL_INFORMATIONAL = 229,
LOG_LEVEL_NOTIFICATIONS = 230,
LOG_LEVEL_WARNINGS = 231,
LOG_LEVEL_DISABLE = 232,
LOG_LEVEL_INACTIVE = 233,
Whitespace = 234,
HEX_CONST = 235,
NUMBER = 236,
NEG_INT_CONST = 237,
HEX_DIGIT = 238,
DIGIT = 239,
NUM_3DIGIT = 240,
NUM_HEX_4DIGIT = 241,
NUMBER_ADDRESS_OR_WORD = 242,
PIPE_CHAR = 243,
NUMBER_SIGN = 244,
PERCENT = 245,
AMPERSAND = 246,
APOSTROPHE = 247,
PLUS = 248,
DOT = 249,
SEMICOLON = 250,
QUESTION = 251,
COMMERCIAL_AT = 252,
OPENING_SQUARE = 253,
CLOSING_SQUARE = 254,
CARET = 255,
UNDERLINE = 256,
TILDE = 257,
DOUBLE_QUOTE = 258,
NULL_TREE_LOOKAHEAD = 3
};
#ifdef __cplusplus

380
src/parsers/PFCfgParserTokenTypes.txt
View File

@ -61,189 +61,197 @@ LITERAL_states="states"=60
LITERAL_tables="tables"=62
"tables-entries"=63
SCRUB="scrub"=64
TABLE="table"=65
LESS_THAN=66
GREATER_THAN=67
PERSIST="persist"=68
CONST="const"=69
COUNTERS=70
FILE="file"=71
STRING=72
EXLAMATION=73
COLON=74
NETWORK="network"=75
BROADCAST="broadcast"=76
PEER="peer"=77
SELF="self"=78
IPV4=79
SLASH=80
NO="no"=81
NAT="nat"=82
PASS="pass"=83
MINUS=84
STATIC_PORT="static-port"=85
RDR="rdr"=86
OPENING_PAREN=87
CLOSING_PAREN=88
PORT="port"=89
IPV6=90
STAR=91
BITMASK="bitmask"=92
RANDOM="random"=93
SOURCE_HASH="source-hash"=94
HEX_KEY="hex-key"=95
STRING_KEY="string-key"=96
ROUND_ROBIN="round-robin"=97
STICKY_ADDRESS="sticky-address"=98
BINAT="binat"=99
BLOCK="block"=100
RETURN_RST="return-rst"=101
TTL=102
RETURN_ICMP="return-icmp"=103
RETURN_ICMP6=104
IN="in"=105
OUT="out"=106
LOG="log"=107
ALL="all"=108
USER="user"=109
TO="to"=110
QUICK="quick"=111
INET="inet"=112
INET6="inet6"=113
PROTO="proto"=114
IP="ip"=115
ICMP="icmp"=116
IGMP="igmp"=117
TCP="tcp"=118
UDP="udp"=119
RDP="rdp"=120
RSVP="rsvp"=121
GRE="gre"=122
ESP="esp"=123
AH="ah"=124
EIGRP="eigrp"=125
OSPF="ospf"=126
IPIP="ipip"=127
VRRP="vrrp"=128
L2TP="l2tp"=129
ISIS="isis"=130
FROM="from"=131
URPF_FAILED="urpf-failed"=132
ANY="any"=133
NO_ROUTE="no-route"=134
ROUTE_TO="route-to"=135
REPLY_TO="reply-to"=136
FLAGS="flags"=137
ICMP_TYPE="icmp-type"=138
ICMP_CODE="code"=139
LITERAL_echorep="echorep"=140
LITERAL_unreach="unreach"=141
LITERAL_squench="squench"=142
LITERAL_redir="redir"=143
LITERAL_althost="althost"=144
LITERAL_echoreq="echoreq"=145
LITERAL_routeradv="routeradv"=146
LITERAL_routersol="routersol"=147
LITERAL_timex="timex"=148
LITERAL_paramprob="paramprob"=149
LITERAL_timereq="timereq"=150
LITERAL_timerep="timerep"=151
LITERAL_inforeq="inforeq"=152
LITERAL_inforep="inforep"=153
LITERAL_maskreq="maskreq"=154
LITERAL_maskrep="maskrep"=155
LITERAL_trace="trace"=156
LITERAL_dataconv="dataconv"=157
LITERAL_mobredir="mobredir"=158
"ipv6-where"=159
"ipv6-here"=160
LITERAL_mobregreq="mobregreq"=161
LITERAL_mobregrep="mobregrep"=162
LITERAL_photuris="photuris"=163
"net-unr"=164
"host-unr"=165
"proto-unr"=166
"port-unr"=167
LITERAL_needfrag="needfrag"=168
LITERAL_srcfail="srcfail"=169
"net-unk"=170
"host-unk"=171
LITERAL_isolate="isolate"=172
"net-prohib"=173
"host-prohib"=174
"net-tos"=175
"host-tos"=176
"filter-prohib"=177
"host-preced"=178
"cutoff-preced"=179
"redir-net"=180
"redir-host"=181
"redir-tos-net"=182
"redir-tos-host"=183
"normal-adv"=184
"common-adv"=185
LITERAL_transit="transit"=186
LITERAL_reassemb="reassemb"=187
LITERAL_badhead="badhead"=188
LITERAL_optmiss="optmiss"=189
LITERAL_badlen="badlen"=190
"unknown-ind"=191
"auth-fail"=192
"decrypt-fail"=193
ICMP6_TYPE="icmp6-type"=194
TAGGED="tagged"=195
TAG="tag"=196
KEEP="keep"=197
MODULATE="modulate"=198
SYNPROXY="synproxy"=199
STATE="state"=200
LABEL="label"=201
EXIT="exit"=202
QUIT="quit"=203
INTRFACE="interface"=204
ICMP6="icmp6"=205
IGRP="igrp"=206
IPSEC="ipsec"=207
NOS="nos"=208
PCP="pcp"=209
PIM="pim"=210
PPTP="pptp"=211
RIP="rip"=212
SNP="snp"=213
HOST="host"=214
RANGE="range"=215
LOG_LEVEL_ALERTS="alerts"=216
LOG_LEVEL_CRITICAL="critical"=217
LOG_LEVEL_DEBUGGING="debugging"=218
LOG_LEVEL_EMERGENCIES="emergencies"=219
LOG_LEVEL_ERRORS="errors"=220
LOG_LEVEL_INFORMATIONAL="informational"=221
LOG_LEVEL_NOTIFICATIONS="notifications"=222
LOG_LEVEL_WARNINGS="warnings"=223
LOG_LEVEL_DISABLE="disable"=224
LOG_LEVEL_INACTIVE="inactive"=225
Whitespace=226
HEX_CONST=227
NUMBER=228
NEG_INT_CONST=229
HEX_DIGIT=230
DIGIT=231
NUM_3DIGIT=232
NUM_HEX_4DIGIT=233
NUMBER_ADDRESS_OR_WORD=234
PIPE_CHAR=235
NUMBER_SIGN=236
PERCENT=237
AMPERSAND=238
APOSTROPHE=239
PLUS=240
DOT=241
SEMICOLON=242
QUESTION=243
COMMERCIAL_AT=244
OPENING_SQUARE=245
CLOSING_SQUARE=246
CARET=247
UNDERLINE=248
TILDE=249
DOUBLE_QUOTE=250
MATCH="match"=65
TABLE="table"=66
LESS_THAN=67
GREATER_THAN=68
PERSIST="persist"=69
CONST="const"=70
COUNTERS=71
FILE="file"=72
STRING=73
EXLAMATION=74
COLON=75
NETWORK="network"=76
BROADCAST="broadcast"=77
PEER="peer"=78
SELF="self"=79
IPV4=80
SLASH=81
NO="no"=82
NAT="nat"=83
PASS="pass"=84
MINUS=85
STATIC_PORT="static-port"=86
RDR="rdr"=87
OPENING_PAREN=88
CLOSING_PAREN=89
PORT="port"=90
IPV6=91
STAR=92
BITMASK="bitmask"=93
RANDOM="random"=94
SOURCE_HASH="source-hash"=95
HEX_KEY="hex-key"=96
STRING_KEY="string-key"=97
ROUND_ROBIN="round-robin"=98
STICKY_ADDRESS="sticky-address"=99
BINAT="binat"=100
BLOCK="block"=101
RETURN_RST="return-rst"=102
TTL=103
RETURN_ICMP="return-icmp"=104
RETURN_ICMP6=105
IN="in"=106
OUT="out"=107
LOG="log"=108
ALL="all"=109
USER="user"=110
TO="to"=111
QUICK="quick"=112
INET="inet"=113
INET6="inet6"=114
PROTO="proto"=115
IP="ip"=116
ICMP="icmp"=117
IGMP="igmp"=118
TCP="tcp"=119
UDP="udp"=120
RDP="rdp"=121
RSVP="rsvp"=122
GRE="gre"=123
ESP="esp"=124
AH="ah"=125
EIGRP="eigrp"=126
OSPF="ospf"=127
IPIP="ipip"=128
VRRP="vrrp"=129
L2TP="l2tp"=130
ISIS="isis"=131
FROM="from"=132
URPF_FAILED="urpf-failed"=133
ANY="any"=134
NO_ROUTE="no-route"=135
ROUTE_TO="route-to"=136
REPLY_TO="reply-to"=137
LITERAL_fragment="fragment"=138
LITERAL_crop="crop"=139
"drop-ovl"=140
"no-df"=141
"min-ttl"=142
"max-mss"=143
"random-id"=144
FLAGS="flags"=145
ICMP_TYPE="icmp-type"=146
ICMP_CODE="code"=147
LITERAL_echorep="echorep"=148
LITERAL_unreach="unreach"=149
LITERAL_squench="squench"=150
LITERAL_redir="redir"=151
LITERAL_althost="althost"=152
LITERAL_echoreq="echoreq"=153
LITERAL_routeradv="routeradv"=154
LITERAL_routersol="routersol"=155
LITERAL_timex="timex"=156
LITERAL_paramprob="paramprob"=157
LITERAL_timereq="timereq"=158
LITERAL_timerep="timerep"=159
LITERAL_inforeq="inforeq"=160
LITERAL_inforep="inforep"=161
LITERAL_maskreq="maskreq"=162
LITERAL_maskrep="maskrep"=163
LITERAL_trace="trace"=164
LITERAL_dataconv="dataconv"=165
LITERAL_mobredir="mobredir"=166
"ipv6-where"=167
"ipv6-here"=168
LITERAL_mobregreq="mobregreq"=169
LITERAL_mobregrep="mobregrep"=170
LITERAL_photuris="photuris"=171
"net-unr"=172
"host-unr"=173
"proto-unr"=174
"port-unr"=175
LITERAL_needfrag="needfrag"=176
LITERAL_srcfail="srcfail"=177
"net-unk"=178
"host-unk"=179
LITERAL_isolate="isolate"=180
"net-prohib"=181
"host-prohib"=182
"net-tos"=183
"host-tos"=184
"filter-prohib"=185
"host-preced"=186
"cutoff-preced"=187
"redir-net"=188
"redir-host"=189
"redir-tos-net"=190
"redir-tos-host"=191
"normal-adv"=192
"common-adv"=193
LITERAL_transit="transit"=194
LITERAL_reassemb="reassemb"=195
LITERAL_badhead="badhead"=196
LITERAL_optmiss="optmiss"=197
LITERAL_badlen="badlen"=198
"unknown-ind"=199
"auth-fail"=200
"decrypt-fail"=201
ICMP6_TYPE="icmp6-type"=202
TAGGED="tagged"=203
TAG="tag"=204
KEEP="keep"=205
MODULATE="modulate"=206
SYNPROXY="synproxy"=207
STATE="state"=208
LABEL="label"=209
EXIT="exit"=210
QUIT="quit"=211
INTRFACE="interface"=212
ICMP6="icmp6"=213
IGRP="igrp"=214
IPSEC="ipsec"=215
NOS="nos"=216
PCP="pcp"=217
PIM="pim"=218
PPTP="pptp"=219
RIP="rip"=220
SNP="snp"=221
HOST="host"=222
RANGE="range"=223
LOG_LEVEL_ALERTS="alerts"=224
LOG_LEVEL_CRITICAL="critical"=225
LOG_LEVEL_DEBUGGING="debugging"=226
LOG_LEVEL_EMERGENCIES="emergencies"=227
LOG_LEVEL_ERRORS="errors"=228
LOG_LEVEL_INFORMATIONAL="informational"=229
LOG_LEVEL_NOTIFICATIONS="notifications"=230
LOG_LEVEL_WARNINGS="warnings"=231
LOG_LEVEL_DISABLE="disable"=232
LOG_LEVEL_INACTIVE="inactive"=233
Whitespace=234
HEX_CONST=235
NUMBER=236
NEG_INT_CONST=237
HEX_DIGIT=238
DIGIT=239
NUM_3DIGIT=240
NUM_HEX_4DIGIT=241
NUMBER_ADDRESS_OR_WORD=242
PIPE_CHAR=243
NUMBER_SIGN=244
PERCENT=245
AMPERSAND=246
APOSTROPHE=247
PLUS=248
DOT=249
SEMICOLON=250
QUESTION=251
COMMERCIAL_AT=252
OPENING_SQUARE=253
CLOSING_SQUARE=254
CARET=255
UNDERLINE=256
TILDE=257
DOUBLE_QUOTE=258

111
src/parsers/pf.g
View File

@ -125,6 +125,8 @@ cfgfile :
set_rule
|
scrub_rule
|
match_rule
|
table_rule
|
@ -479,10 +481,30 @@ scrub_rule : SCRUB
{
importer->clear();
importer->setCurrentLineNumber(LT(0)->getLine());
importer->addMessageToLog(
QString("Warning: import of 'scrub' commands has not been implemented yet."));
consumeUntil(NEWLINE);
importer->newPolicyRule();
importer->action = "scrub";
*dbg << LT(1)->getLine() << ":" << " scrub ";
}
rule_extended
// do not call pushRule() for scrub rules because we configure
// scrub parameters as firewall options
NEWLINE
;
//****************************************************************
match_rule : MATCH
{
importer->clear();
importer->setCurrentLineNumber(LT(0)->getLine());
importer->newPolicyRule();
importer->action = "match";
*dbg << LT(1)->getLine() << ":" << " match ";
}
rule_extended
{
if ( ! importer->scrub_rule) importer->pushRule();
}
NEWLINE
;
//****************************************************************
@ -1272,9 +1294,89 @@ filteropt :
queue
|
label
|
match_rule_scrub_options
|
scrub_options
;
tcp_flags :
match_rule_scrub_options
:
SCRUB scrub_options
;
scrub_options
:
( scrub_option | scrub_option_list )
;
scrub_option_list
:
OPENING_PAREN
scrub_option
(
( COMMA )?
scrub_option
)*
CLOSING_PAREN
;
scrub_option
:
(
"fragment"
(
"reassemble"
|
"crop"
|
"drop-ovl"
)
{
importer->scrub_options.push_back(
str_tuple("fragment", LT(0)->getText()));
importer->scrub_rule = true;
}
|
"reassemble" TCP
{
importer->scrub_options.push_back(
str_tuple("reassemble", "tcp"));
importer->scrub_rule = true;
}
|
"no-df"
{
importer->scrub_options.push_back(
str_tuple(LT(0)->getText(), ""));
importer->scrub_rule = true;
}
|
"min-ttl" INT_CONST
{
importer->scrub_options.push_back(
str_tuple("min-ttl", LT(0)->getText()));
importer->scrub_rule = true;
}
|
"max-mss" INT_CONST
{
importer->scrub_options.push_back(
str_tuple("max-mss", LT(0)->getText()));
importer->scrub_rule = true;
}
|
"random-id"
{
importer->scrub_options.push_back(
str_tuple(LT(0)->getText(), ""));
importer->scrub_rule = true;
}
)
;
tcp_flags
:
FLAGS
(
ANY
@ -1653,6 +1755,7 @@ tokens
PASS = "pass";
BLOCK = "block";
MATCH = "match";
QUICK = "quick";

33
src/unit_tests/PFImporterTest/PFImporterTest.cpp
View File

@ -433,4 +433,37 @@ void PFImporterTest::setTimeoutCommands()
// "pf-timeouts.fwb");
}
void PFImporterTest::scrubCommandsOld()
{
platform = "pf";
std::istringstream instream(
openTestFile("test_data/pf-scrub-commands-old.conf"));
Importer* imp = new PFImporter(lib, instream, logger, "test_fw");
CPPUNIT_ASSERT_NO_THROW( imp->run() );
imp->finalize();
compareResults(logger,
"test_data/pf-scrub-commands-old.output",
"pf-scrub-commands-old.output");
}
void PFImporterTest::scrubCommandsNew()
{
platform = "pf";
std::istringstream instream(
openTestFile("test_data/pf-scrub-commands-new.conf"));
Importer* imp = new PFImporter(lib, instream, logger, "test_fw");
CPPUNIT_ASSERT_NO_THROW( imp->run() );
imp->finalize();
compareResults(logger,
"test_data/pf-scrub-commands-new.output",
"pf-scrub-commands-new.output");
}

4
src/unit_tests/PFImporterTest/PFImporterTest.h
View File

@ -69,6 +69,8 @@ public:
void natCommands();
void rdrCommands();
void setTimeoutCommands();
void scrubCommandsOld();
void scrubCommandsNew();
CPPUNIT_TEST_SUITE(PFImporterTest);
@ -83,6 +85,8 @@ public:
CPPUNIT_TEST(natCommands);
CPPUNIT_TEST(rdrCommands);
CPPUNIT_TEST(setTimeoutCommands);
CPPUNIT_TEST(scrubCommandsOld);
CPPUNIT_TEST(scrubCommandsNew);
CPPUNIT_TEST_SUITE_END();

16
src/unit_tests/PFImporterTest/test_data/pf-scrub-commands-new.conf Normal file
View File

@ -0,0 +1,16 @@
# supported commands
match all scrub fragment reassemble
match all scrub fragment crop
match all scrub fragment drop-ovl
match all scrub reassemble tcp
match all scrub no-df
match out all scrub min-ttl 10
match out all scrub max-mss 1470
match out all scrub random-id
match in all scrub (no-df max-mss 1440)
block log all

13
src/unit_tests/PFImporterTest/test_data/pf-scrub-commands-new.output Normal file
View File

@ -0,0 +1,13 @@
16: filtering rule: action block; interfaces:
Could not find enough information in the data file to create firewall interface objects.
scrub fragment reassemble
scrub fragment crop
scrub fragment drop-ovl
scrub reassemble tcp
scrub no-df
scrub min-ttl 10
scrub max-mss 1470
scrub random-id
scrub no-df
scrub max-mss 1440

14
src/unit_tests/PFImporterTest/test_data/pf-scrub-commands-old.conf Normal file
View File

@ -0,0 +1,14 @@
# supported commands
scrub all fragment reassemble
scrub all fragment crop
scrub all fragment drop-ovl
scrub all reassemble tcp
scrub all no-df
scrub out all min-ttl 10
scrub out all max-mss 1470
scrub out all random-id
block log all

11
src/unit_tests/PFImporterTest/test_data/pf-scrub-commands-old.output Normal file
View File

@ -0,0 +1,11 @@
14: filtering rule: action block; interfaces:
Could not find enough information in the data file to create firewall interface objects.
scrub fragment reassemble
scrub fragment crop
scrub fragment drop-ovl
scrub reassemble tcp
scrub no-df
scrub min-ttl 10
scrub max-mss 1470
scrub random-id