diff --git a/src/libgui/IOSImporter.cpp b/src/libgui/IOSImporter.cpp index b816bc6ca..b275bd2f1 100644 --- a/src/libgui/IOSImporter.cpp +++ b/src/libgui/IOSImporter.cpp @@ -30,6 +30,8 @@ #include "IOSImporter.h" +#include "getProtoByName.h" +#include "getServByName.h" #include #include @@ -92,83 +94,6 @@ IOSImporter::IOSImporter(FWObject *lib, cisco_icmp_specs["information-reply"] = std::pair(16, 0); cisco_icmp_specs["mask-request"] = std::pair(17, 0); cisco_icmp_specs["mask-reply"] = std::pair(18, 0); - - cisco_proto_specs["ah"] = 51; - cisco_proto_specs["ahp"] = 51; - cisco_proto_specs["eigrp"] = 88; - cisco_proto_specs["esp"] = 50; - cisco_proto_specs["gre"] = 47; - cisco_proto_specs["igmp"] = 2; - cisco_proto_specs["igrp"] = 9; - cisco_proto_specs["ip"] = 0; - cisco_proto_specs["ipinip"] = 4; - cisco_proto_specs["nos"] = 94; - cisco_proto_specs["ospf"] = 89; - cisco_proto_specs["pim"] = 103; - cisco_proto_specs["pcp"] = 108; - cisco_proto_specs["snp"] = 109; - - cisco_tcp_specs["bgp"] = 179; - cisco_tcp_specs["chargen"] = 19; - cisco_tcp_specs["cmd"] = 514; - cisco_tcp_specs["daytime"] = 13; - cisco_tcp_specs["discard"] = 9; - cisco_tcp_specs["domain"] = 53; - cisco_tcp_specs["echo"] = 7; - cisco_tcp_specs["exec"] = 512; - cisco_tcp_specs["finger"] = 79; - cisco_tcp_specs["ftp"] = 21; - cisco_tcp_specs["ftp-data"] = 20; - cisco_tcp_specs["gopher"] = 70; - cisco_tcp_specs["hostname"] = 101; - cisco_tcp_specs["ident"] = 113; - cisco_tcp_specs["irc"] = 194; - cisco_tcp_specs["klogin"] = 543; - cisco_tcp_specs["kshell"] = 544; - cisco_tcp_specs["login"] = 513; - cisco_tcp_specs["lpd"] = 515; - cisco_tcp_specs["nntp"] = 119; - cisco_tcp_specs["pop2"] = 109; - cisco_tcp_specs["pop3"] = 110; - cisco_tcp_specs["smtp"] = 25; - cisco_tcp_specs["sunrpc"] = 111; - cisco_tcp_specs["syslog"] = 514; - cisco_tcp_specs["tacacs"] = 49; - cisco_tcp_specs["tacacs-ds"] = 63; - cisco_tcp_specs["talk"] = 517; - cisco_tcp_specs["telnet"] = 23; - cisco_tcp_specs["time"] = 37; - cisco_tcp_specs["uucp"] = 540; - cisco_tcp_specs["whois"] = 43; - cisco_tcp_specs["www"] = 80; - - cisco_udp_specs["biff"] = 512; - cisco_udp_specs["bootpc"] = 68; - cisco_udp_specs["bootps"] = 67; - cisco_udp_specs["discard"] = 9; - cisco_udp_specs["dnsix"] = 195; - cisco_udp_specs["domain"] = 53; - cisco_udp_specs["echo"] = 7; - cisco_udp_specs["isakmp"] = 500; - cisco_udp_specs["mobile-ip"] = 434; - cisco_udp_specs["nameserver"] = 42; - cisco_udp_specs["netbios-dgm"] = 138; - cisco_udp_specs["netbios-ns"] = 137; - cisco_udp_specs["netbios-ss"] = 139; - cisco_udp_specs["ntp"] = 123; - cisco_udp_specs["pim-auto-rp"] = 496; - cisco_udp_specs["rip"] = 520; - cisco_udp_specs["snmp"] = 161; - cisco_udp_specs["snmptrap"] = 162; - cisco_udp_specs["sunrpc"] = 111; - cisco_udp_specs["syslog"] = 514; - cisco_udp_specs["tacacs"] = 49; - cisco_udp_specs["talk"] = 517; - cisco_udp_specs["tftp"] = 69; - cisco_udp_specs["time"] = 37; - cisco_udp_specs["who"] = 513; - cisco_udp_specs["xdmcp"] = 177; - } @@ -239,18 +164,29 @@ FWObject* IOSImporter::createICMPService() FWObject* IOSImporter::createIPService() { - if (cisco_proto_specs.count(protocol)!=0) + int proto = GetProtoByName::getProtocolByName(protocol.c_str()); + if (proto > -1) { std::ostringstream s; - s << cisco_proto_specs[protocol]; + s << proto; protocol = s.str(); } return Importer::createIPService(); } int IOSImporter::convertPort(const std::string &port_str, - std::map &port_map) + const std::string &proto) { + QString ps = QString(port_str.c_str()).trimmed(); + int port = GetServByName::getPortByName(ps, proto.c_str()); + if (port == -1) + { + markCurrentRuleBad(std::string("Port spec '") + port_str + "' unknown "); + port = 0; + } + return port; + +/* int port = 0; std::string ps = strip(port_str); if (port_map.count(ps)>0) port = port_map[ps]; @@ -269,11 +205,12 @@ int IOSImporter::convertPort(const std::string &port_str, } } return port; +*/ } std::pair IOSImporter::convertPortSpec(const std::string &port_op, const std::string &port_spec, - std::map &port_map) + const std::string &proto) { int range_start; int range_end; @@ -297,8 +234,8 @@ std::pair IOSImporter::convertPortSpec(const std::string &port_op, s1 = portspec; s2 = portspec; } - range_start = convertPort(s1, port_map); - range_end = convertPort(s2, port_map); + range_start = convertPort(s1, proto); + range_end = convertPort(s2, proto); if (portop=="lt") range_start = 0; if (portop=="gt") range_end = 65535; @@ -326,11 +263,11 @@ FWObject* IOSImporter::createTCPService() std::string name = "tcp " + src_port_spec + " " + dst_port_spec; std::pair pr = - convertPortSpec(src_port_op, src_port_spec, cisco_tcp_specs); + convertPortSpec(src_port_op, src_port_spec, "tcp"); int srs = pr.first; int sre = pr.second; - pr = convertPortSpec(dst_port_op, dst_port_spec, cisco_tcp_specs); + pr = convertPortSpec(dst_port_op, dst_port_spec, "tcp"); int drs = pr.first; int dre = pr.second; @@ -350,11 +287,11 @@ FWObject* IOSImporter::createUDPService() std::string name = "udp " + src_port_spec + " " + dst_port_spec; std::pair pr = - convertPortSpec(src_port_op, src_port_spec, cisco_udp_specs); + convertPortSpec(src_port_op, src_port_spec, "udp"); int srs = pr.first; int sre = pr.second; - pr = convertPortSpec(dst_port_op, dst_port_spec, cisco_udp_specs); + pr = convertPortSpec(dst_port_op, dst_port_spec, "udp"); int drs = pr.first; int dre = pr.second; diff --git a/src/libgui/IOSImporter.h b/src/libgui/IOSImporter.h index faf71f59b..6cbb922f7 100644 --- a/src/libgui/IOSImporter.h +++ b/src/libgui/IOSImporter.h @@ -42,9 +42,6 @@ class IOSImporter : public Importer { std::map > cisco_icmp_specs; - std::map cisco_proto_specs; - std::map cisco_tcp_specs; - std::map cisco_udp_specs; virtual libfwbuilder::FWObject* createAddress(const std::string &a, const std::string &nm); @@ -53,12 +50,11 @@ class IOSImporter : public Importer virtual libfwbuilder::FWObject* createTCPService(); virtual libfwbuilder::FWObject* createUDPService(); - int convertPort(const std::string &port, - std::map &port_map); + int convertPort(const std::string &port, const std::string &proto); std::pair convertPortSpec(const std::string &port_op, const std::string &port_spec, - std::map &port_map); + const std::string &proto); public: diff --git a/src/libgui/IPTImporter.cpp b/src/libgui/IPTImporter.cpp index 635fb8362..3a4c040e2 100644 --- a/src/libgui/IPTImporter.cpp +++ b/src/libgui/IPTImporter.cpp @@ -30,18 +30,20 @@ #include "IPTImporter.h" +#include "getProtoByName.h" +#include "getServByName.h" #include #include #include #include -#ifndef _WIN32 -# include -# include -#else -# include -#endif +// #ifndef _WIN32 +// # include +// # include +// #else +// # include +// #endif #include "fwbuilder/FWObjectDatabase.h" #include "fwbuilder/Resources.h" @@ -258,15 +260,25 @@ FWObject* IPTImporter::createICMPService() FWObject* IPTImporter::createIPService() { - struct protoent *pe = getprotobyname(protocol.c_str()); - if (pe!=NULL) + int proto = GetProtoByName::getProtocolByName(protocol.c_str()); + if (proto > -1) { std::ostringstream s; - s << pe->p_proto; + s << proto; protocol = s.str(); //free(pe); } return Importer::createIPService(); + + // struct protoent *pe = getprotobyname(protocol.c_str()); + // if (pe!=NULL) + // { + // std::ostringstream s; + // s << pe->p_proto; + // protocol = s.str(); + // //free(pe); + // } + // return Importer::createIPService(); } std::pair IPTImporter::convertPortRange(str_tuple &range, @@ -280,11 +292,19 @@ int IPTImporter::convertPort(const std::string &port_spec, const char *proto, int default_port) { - int port = 0; - std::string ps = strip(port_spec); + QString ps = QString(port_spec.c_str()).trimmed(); if (ps == "") return 0; if (ps == ":") return default_port; + int port = GetServByName::getPortByName(ps, proto); + if (port == -1) + { + markCurrentRuleBad(std::string("Port spec '") + port_spec + "' unknown "); + port = 0; + } + return port; + +/* struct servent *se = getservbyname(ps.c_str(), proto); if (se!=NULL) { @@ -304,6 +324,7 @@ int IPTImporter::convertPort(const std::string &port_spec, "' unknown. Error " + ex.what()); } return port; +*/ } FWObject* IPTImporter::createTCPUDPService(str_tuple &src_range, diff --git a/src/libgui/getProtoByName.cpp b/src/libgui/getProtoByName.cpp new file mode 100644 index 000000000..70eb103e7 --- /dev/null +++ b/src/libgui/getProtoByName.cpp @@ -0,0 +1,122 @@ +/* + + Firewall Builder + + Copyright (C) 2011 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "../../config.h" + +#include "getProtoByName.h" + +#ifndef _WIN32 +# include +# include +#else +# include +#endif + + +QMap GetProtoByName::protocols; + +int GetProtoByName::getProtocolByName(const QString &name) +{ + if (protocols.size() == 0) + { + protocols["icmp"] = 1; + protocols["igmp"] = 2; + protocols["ggp"] = 3; + protocols["ipencap"] = 4; + protocols["st"] = 5; + protocols["tcp"] = 6; + protocols["egp"] = 8; + protocols["igp"] = 9; + protocols["pup"] = 12; + protocols["udp"] = 17; + protocols["hmp"] = 20; + protocols["xns-idp"] = 22; + protocols["rdp"] = 27; + protocols["iso-tp4"] = 29; + protocols["xtp"] = 36; + protocols["ddp"] = 37; + protocols["idpr-cmtp"] = 38; + protocols["ipv6"] = 41; + protocols["ipv6-route"] = 43; + protocols["ipv6-frag"]= 44; + protocols["idrp"] = 45; + protocols["rsvp"] = 46; + protocols["gre"] = 47; + protocols["esp"] = 50; + protocols["ah"] = 51; + protocols["skip"] = 57; + protocols["ipv6-icmp"] = 58; + protocols["ipv6-nonxt"] = 59; + protocols["ipv6-opts"] = 60; + protocols["rspf"] = 73; + protocols["vmtp"] = 81; + protocols["eigrp"] = 88; + protocols["ospf"] = 89; + protocols["ax.25"] = 93; + protocols["ipip"] = 94; + protocols["etherip"] = 97; + protocols["encap"] = 98; + protocols["pim"] = 103; + protocols["ipcomp"] = 108; + protocols["vrrp"] = 112; + protocols["l2tp"] = 115; + protocols["isis"] = 124; + protocols["sctp"] = 132; + protocols["fc"] = 133; + protocols["udplite"] = 136; + protocols["mpls-in-ip"] = 137; + protocols["manet"] = 138; + protocols["hip"] = 139; + +// these are found in Cisco configs. Some of these names duplicate +// protocols listed above but a few are extras. + protocols["ah"] = 51; + protocols["ahp"] = 51; + protocols["eigrp"] = 88; + protocols["esp"] = 50; + protocols["gre"] = 47; + protocols["igmp"] = 2; + protocols["igrp"] = 9; + protocols["ip"] = 0; + protocols["ipinip"] = 4; + protocols["nos"] = 94; + protocols["ospf"] = 89; + protocols["pim"] = 103; + protocols["pcp"] = 108; + protocols["snp"] = 109; + + } + + bool ok = false; + int protocol = name.toInt(&ok); + if (ok) return protocol; + + if (protocols.contains(name)) return protocols[name]; + + struct protoent *pe = getprotobyname(name.toAscii().constData()); + if (pe!=NULL) + return pe->p_proto; + + return -1; +} + diff --git a/src/libgui/getProtoByName.h b/src/libgui/getProtoByName.h new file mode 100644 index 000000000..056e2067a --- /dev/null +++ b/src/libgui/getProtoByName.h @@ -0,0 +1,46 @@ +/* + + Firewall Builder + + Copyright (C) 2011 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#ifndef _GETPROTOBYNAME_H_ +#define _GETPROTOBYNAME_H_ + +#include +#include + +/* + * Simple wrapper class for getprotobyname() function to make sure we + * get useful results even when this function does not work quite + * right. For example, protocol "gre" does not resolve on Windows but + * resolves to ip protocol 47 on Linux. + */ +class GetProtoByName +{ + static QMap protocols; + +public: + GetProtoByName() {}; + + static int getProtocolByName(const QString &name); +}; + +#endif diff --git a/src/libgui/getServByName.cpp b/src/libgui/getServByName.cpp new file mode 100644 index 000000000..5c8fab3a0 --- /dev/null +++ b/src/libgui/getServByName.cpp @@ -0,0 +1,635 @@ +/* + + Firewall Builder + + Copyright (C) 2011 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "../../config.h" + +#include "getServByName.h" + +#ifndef _WIN32 +# include +# include +#else +# include +#endif + + +QMap > GetServByName::ports; + +int GetServByName::getPortByName(const QString &name, const QString &proto) +{ + if (ports.size() == 0) + { + + ports["tcp"]["tcpmux"] = 1; + ports["tcp"]["echo"] = 7; + ports["tcp"]["discard"] = 9; + ports["tcp"]["systat"] = 11; + ports["tcp"]["daytime"] = 13; + ports["tcp"]["netstat"] = 15; + ports["tcp"]["qotd"] = 17; + ports["tcp"]["msp"] = 18; + ports["tcp"]["chargen"] = 19; + ports["tcp"]["ftp-data"] = 20; + ports["tcp"]["ftp"] = 21; + ports["tcp"]["ssh"] = 22; + ports["tcp"]["telnet"] = 23; + ports["tcp"]["smtp"] = 25; + ports["tcp"]["time"] = 37; + ports["tcp"]["nameserver"] = 42; + ports["tcp"]["whois"] = 43; + ports["tcp"]["tacacs"] = 49; + ports["tcp"]["re-mail-ck"] = 50; + ports["tcp"]["domain"] = 53; + ports["tcp"]["mtp"] = 57; + ports["tcp"]["tacacs-ds"] = 65; + ports["tcp"]["bootps"] = 67; + ports["tcp"]["bootpc"] = 68; + ports["tcp"]["gopher"] = 70; + ports["tcp"]["rje"] = 77; + ports["tcp"]["finger"] = 79; + ports["tcp"]["www"] = 80; + ports["tcp"]["link"] = 87; + ports["tcp"]["kerberos"] = 88; + ports["tcp"]["supdup"] = 95; + ports["tcp"]["hostnames"] = 101; + ports["tcp"]["iso-tsap"] = 102; + ports["tcp"]["acr-nema"] = 104; + ports["tcp"]["csnet-ns"] = 105; + ports["tcp"]["rtelnet"] = 107; + ports["tcp"]["pop2"] = 109; + ports["tcp"]["pop3"] = 110; + ports["tcp"]["sunrpc"] = 111; + ports["tcp"]["auth"] = 113; + ports["tcp"]["sftp"] = 115; + ports["tcp"]["uucp-path"] = 117; + ports["tcp"]["nntp"] = 119; + ports["tcp"]["ntp"] = 123; + ports["tcp"]["pwdgen"] = 129; + ports["tcp"]["loc-srv"] = 135; + ports["tcp"]["netbios-ns"] = 137; + ports["tcp"]["netbios-dgm"] = 138; + ports["tcp"]["netbios-ssn"] = 139; + ports["tcp"]["imap2"] = 143; + ports["tcp"]["snmp"] = 161; + ports["tcp"]["snmp-trap"] = 162; + ports["tcp"]["cmip-man"] = 163; + ports["tcp"]["cmip-agent"] = 164; + ports["tcp"]["mailq"] = 174; + ports["tcp"]["xdmcp"] = 177; + ports["tcp"]["nextstep"] = 178; + ports["tcp"]["bgp"] = 179; + ports["tcp"]["prospero"] = 191; + ports["tcp"]["irc"] = 194; + ports["tcp"]["smux"] = 199; + ports["tcp"]["at-rtmp"] = 201; + ports["tcp"]["at-nbp"] = 202; + ports["tcp"]["at-echo"] = 204; + ports["tcp"]["at-zis"] = 206; + ports["tcp"]["qmtp"] = 209; + ports["tcp"]["z3950"] = 210; + ports["tcp"]["ipx"] = 213; + ports["tcp"]["imap3"] = 220; + ports["tcp"]["pawserv"] = 345; + ports["tcp"]["zserv"] = 346; + ports["tcp"]["fatserv"] = 347; + ports["tcp"]["rpc2portmap"] = 369; + ports["tcp"]["codaauth2"] = 370; + ports["tcp"]["clearcase"] = 371; + ports["tcp"]["ulistserv"] = 372; + ports["tcp"]["ldap"] = 389; + ports["tcp"]["imsp"] = 406; + ports["tcp"]["https"] = 443; + ports["tcp"]["snpp"] = 444; + ports["tcp"]["microsoft-ds"] = 445; + ports["tcp"]["kpasswd"] = 464; + ports["tcp"]["saft"] = 487; + ports["tcp"]["isakmp"] = 500; + ports["tcp"]["rtsp"] = 554; + ports["tcp"]["nqs"] = 607; + ports["tcp"]["npmp-local"] = 610; + ports["tcp"]["npmp-gui"] = 611; + ports["tcp"]["hmmp-ind"] = 612; + ports["tcp"]["qmqp"] = 628; + ports["tcp"]["ipp"] = 631; + ports["tcp"]["exec"] = 512; + ports["tcp"]["login"] = 513; + ports["tcp"]["shell"] = 514; + ports["tcp"]["printer"] = 515; + ports["tcp"]["tempo"] = 526; + ports["tcp"]["courier"] = 530; + ports["tcp"]["conference"] = 531; + ports["tcp"]["netnews"] = 532; + ports["tcp"]["gdomap"] = 538; + ports["tcp"]["uucp"] = 540; + ports["tcp"]["klogin"] = 543; + ports["tcp"]["kshell"] = 544; + ports["tcp"]["afpovertcp"] = 548; + ports["tcp"]["remotefs"] = 556; + ports["tcp"]["nntps"] = 563; + ports["tcp"]["submission"] = 587; + ports["tcp"]["ldaps"] = 636; + ports["tcp"]["tinc"] = 655; + ports["tcp"]["silc"] = 706; + ports["tcp"]["kerberos-adm"] = 749; + ports["tcp"]["webster"] = 765; + ports["tcp"]["rsync"] = 873; + ports["tcp"]["ftps-data"] = 989; + ports["tcp"]["ftps"] = 990; + ports["tcp"]["telnets"] = 992; + ports["tcp"]["imaps"] = 993; + ports["tcp"]["ircs"] = 994; + ports["tcp"]["pop3s"] = 995; + ports["tcp"]["socks"] = 1080; + ports["tcp"]["proofd"] = 1093; + ports["tcp"]["rootd"] = 1094; + ports["tcp"]["openvpn"] = 1194; + ports["tcp"]["rmiregistry"] = 1099; + ports["tcp"]["kazaa"] = 1214; + ports["tcp"]["nessus"] = 1241; + ports["tcp"]["lotusnote"] = 1352; + ports["tcp"]["ms-sql-s"] = 1433; + ports["tcp"]["ms-sql-m"] = 1434; + ports["tcp"]["ingreslock"] = 1524; + ports["tcp"]["prospero-np"] = 1525; + ports["tcp"]["datametrics"] = 1645; + ports["tcp"]["sa-msg-port"] = 1646; + ports["tcp"]["kermit"] = 1649; + ports["tcp"]["l2f"] = 1701; + ports["tcp"]["radius"] = 1812; + ports["tcp"]["radius-acct"] = 1813; + ports["tcp"]["msnp"] = 1863; + ports["tcp"]["unix-status"] = 1957; + ports["tcp"]["log-server"] = 1958; + ports["tcp"]["remoteping"] = 1959; + ports["tcp"]["cisco-sccp"] = 2000; + ports["tcp"]["search"] = 2010; + ports["tcp"]["pipe_server"] = 2010; + ports["tcp"]["nfs"] = 2049; + ports["tcp"]["gnunet"] = 2086; + ports["tcp"]["rtcm-sc104"] = 2101; + ports["tcp"]["cvspserver"] = 2401; + ports["tcp"]["venus"] = 2430; + ports["tcp"]["venus-se"] = 2431; + ports["tcp"]["codasrv"] = 2432; + ports["tcp"]["codasrv-se"] = 2433; + ports["tcp"]["mon"] = 2583; + ports["tcp"]["dict"] = 2628; + ports["tcp"]["gpsd"] = 2947; + ports["tcp"]["gds_db"] = 3050; + ports["tcp"]["icpv2"] = 3130; + ports["tcp"]["mysql"] = 3306; + ports["tcp"]["nut"] = 3493; + ports["tcp"]["distcc"] = 3632; + ports["tcp"]["daap"] = 3689; + ports["tcp"]["svn"] = 3690; + ports["tcp"]["suucp"] = 4031; + ports["tcp"]["sysrqd"] = 4094; + ports["tcp"]["remctl"] = 4373; + ports["tcp"]["iax"] = 4569; + ports["tcp"]["radmin-port"] = 4899; + ports["tcp"]["rfe"] = 5002; + ports["tcp"]["mmcc"] = 5050; + ports["tcp"]["sip"] = 5060; + ports["tcp"]["sip-tls"] = 5061; + ports["tcp"]["aol"] = 5190; + ports["tcp"]["xmpp-client"] = 5222; + ports["tcp"]["xmpp-server"] = 5269; + ports["tcp"]["cfengine"] = 5308; + ports["tcp"]["mdns"] = 5353; + ports["tcp"]["postgresql"] = 5432; + ports["tcp"]["freeciv"] = 5556; + ports["tcp"]["ggz"] = 5688; + ports["tcp"]["x11"] = 6000; + ports["tcp"]["x11-1"] = 6001; + ports["tcp"]["x11-2"] = 6002; + ports["tcp"]["x11-3"] = 6003; + ports["tcp"]["x11-4"] = 6004; + ports["tcp"]["x11-5"] = 6005; + ports["tcp"]["x11-6"] = 6006; + ports["tcp"]["x11-7"] = 6007; + ports["tcp"]["gnutella-svc"] = 6346; + ports["tcp"]["gnutella-rtr"] = 6347; + ports["tcp"]["sge_qmaster"] = 6444; + ports["tcp"]["sge_execd"] = 6445; + ports["tcp"]["afs3-fileserver"] = 7000; + ports["tcp"]["afs3-callback"] = 7001; + ports["tcp"]["afs3-prserver"] = 7002; + ports["tcp"]["afs3-vlserver"] = 7003; + ports["tcp"]["afs3-kaserver"] = 7004; + ports["tcp"]["afs3-volser"] = 7005; + ports["tcp"]["afs3-errors"] = 7006; + ports["tcp"]["afs3-bos"] = 7007; + ports["tcp"]["afs3-update"] = 7008; + ports["tcp"]["afs3-rmtsys"] = 7009; + ports["tcp"]["font-service"] = 7100; + ports["tcp"]["http-alt"] = 8080; + ports["tcp"]["bacula-dir"] = 9101; + ports["tcp"]["bacula-fd"] = 9102; + ports["tcp"]["bacula-sd"] = 9103; + ports["tcp"]["amanda"] = 10080; + ports["tcp"]["hkp"] = 11371; + ports["tcp"]["bprd"] = 13720; + ports["tcp"]["bpdbm"] = 13721; + ports["tcp"]["bpjava-msvc"] = 13722; + ports["tcp"]["vnetd"] = 13724; + ports["tcp"]["bpcd"] = 13782; + ports["tcp"]["vopied"] = 13783; + ports["tcp"]["wnn6"] = 22273; + ports["tcp"]["kerberos4"] = 750; + ports["tcp"]["kerberos_master"] = 751; + ports["tcp"]["krb_prop"] = 754; + ports["tcp"]["krbupdate"] = 760; + ports["tcp"]["swat"] = 901; + ports["tcp"]["kpop"] = 1109; + ports["tcp"]["knetd"] = 2053; + ports["tcp"]["eklogin"] = 2105; + ports["tcp"]["kx"] = 2111; + ports["tcp"]["iprop"] = 2121; + ports["tcp"]["supfilesrv"] = 871; + ports["tcp"]["supfiledbg"] = 1127; + ports["tcp"]["linuxconf"] = 98; + ports["tcp"]["poppassd"] = 106; + ports["tcp"]["ssmtp"] = 465; + ports["tcp"]["moira_db"] = 775; + ports["tcp"]["moira_update"] = 777; + ports["tcp"]["spamd"] = 783; + ports["tcp"]["omirr"] = 808; + ports["tcp"]["customs"] = 1001; + ports["tcp"]["skkserv"] = 1178; + ports["tcp"]["rmtcfg"] = 1236; + ports["tcp"]["wipld"] = 1300; + ports["tcp"]["xtel"] = 1313; + ports["tcp"]["xtelw"] = 1314; + ports["tcp"]["support"] = 1529; + ports["tcp"]["cfinger"] = 2003; + ports["tcp"]["frox"] = 2121; + ports["tcp"]["ninstall"] = 2150; + ports["tcp"]["zebrasrv"] = 2600; + ports["tcp"]["zebra"] = 2601; + ports["tcp"]["ripd"] = 2602; + ports["tcp"]["ripngd"] = 2603; + ports["tcp"]["ospfd"] = 2604; + ports["tcp"]["bgpd"] = 2605; + ports["tcp"]["ospf6d"] = 2606; + ports["tcp"]["ospfapi"] = 2607; + ports["tcp"]["isisd"] = 2608; + ports["tcp"]["afbackup"] = 2988; + ports["tcp"]["afmbackup"] = 2989; + ports["tcp"]["xtell"] = 4224; + ports["tcp"]["fax"] = 4557; + ports["tcp"]["hylafax"] = 4559; + ports["tcp"]["distmp3"] = 4600; + ports["tcp"]["munin"] = 4949; + ports["tcp"]["enbd-cstatd"] = 5051; + ports["tcp"]["enbd-sstatd"] = 5052; + ports["tcp"]["pcrd"] = 5151; + ports["tcp"]["noclog"] = 5354; + ports["tcp"]["hostmon"] = 5355; + ports["tcp"]["nsca"] = 5667; + ports["tcp"]["mrtd"] = 5674; + ports["tcp"]["bgpsim"] = 5675; + ports["tcp"]["canna"] = 5680; + ports["tcp"]["sane-port"] = 6566; + ports["tcp"]["ircd"] = 6667; + ports["tcp"]["zope-ftp"] = 8021; + ports["tcp"]["tproxy"] = 8081; + ports["tcp"]["omniorb"] = 8088; + ports["tcp"]["clc-build-daemon"] = 8990; + ports["tcp"]["xinetd"] = 9098; + ports["tcp"]["git"] = 9418; + ports["tcp"]["zope"] = 9673; + ports["tcp"]["webmin"] = 10000; + ports["tcp"]["kamanda"] = 10081; + ports["tcp"]["amandaidx"] = 10082; + ports["tcp"]["amidxtape"] = 10083; + ports["tcp"]["smsqp"] = 11201; + ports["tcp"]["xpilot"] = 15345; + ports["tcp"]["sgi-cad"] = 17004; + ports["tcp"]["isdnlog"] = 20011; + ports["tcp"]["vboxd"] = 20012; + ports["tcp"]["binkp"] = 24554; + ports["tcp"]["asp"] = 27374; + ports["tcp"]["csync2"] = 30865; + ports["tcp"]["dircproxy"] = 57000; + ports["tcp"]["tfido"] = 60177; + ports["tcp"]["fido"] = 60179; + + ports["udp"]["echo"] = 7; + ports["udp"]["discard"] = 9; + ports["udp"]["daytime"] = 13; + ports["udp"]["msp"] = 18; + ports["udp"]["chargen"] = 19; + ports["udp"]["fsp"] = 21; + ports["udp"]["ssh"] = 22; + ports["udp"]["time"] = 37; + ports["udp"]["rlp"] = 39; + ports["udp"]["tacacs"] = 49; + ports["udp"]["re-mail-ck"] = 50; + ports["udp"]["domain"] = 53; + ports["udp"]["tacacs-ds"] = 65; + ports["udp"]["bootps"] = 67; + ports["udp"]["bootpc"] = 68; + ports["udp"]["tftp"] = 69; + ports["udp"]["gopher"] = 70; + ports["udp"]["www"] = 80; + ports["udp"]["kerberos"] = 88; + ports["udp"]["acr-nema"] = 104; + ports["udp"]["csnet-ns"] = 105; + ports["udp"]["rtelnet"] = 107; + ports["udp"]["pop2"] = 109; + ports["udp"]["pop3"] = 110; + ports["udp"]["sunrpc"] = 111; + ports["udp"]["ntp"] = 123; + ports["udp"]["pwdgen"] = 129; + ports["udp"]["loc-srv"] = 135; + ports["udp"]["netbios-ns"] = 137; + ports["udp"]["netbios-dgm"] = 138; + ports["udp"]["netbios-ssn"] = 139; + ports["udp"]["imap2"] = 143; + ports["udp"]["snmp"] = 161; + ports["udp"]["snmp-trap"] = 162; + ports["udp"]["cmip-man"] = 163; + ports["udp"]["cmip-agent"] = 164; + ports["udp"]["mailq"] = 174; + ports["udp"]["xdmcp"] = 177; + ports["udp"]["nextstep"] = 178; + ports["udp"]["bgp"] = 179; + ports["udp"]["prospero"] = 191; + ports["udp"]["irc"] = 194; + ports["udp"]["smux"] = 199; + ports["udp"]["at-rtmp"] = 201; + ports["udp"]["at-nbp"] = 202; + ports["udp"]["at-echo"] = 204; + ports["udp"]["at-zis"] = 206; + ports["udp"]["qmtp"] = 209; + ports["udp"]["z3950"] = 210; + ports["udp"]["ipx"] = 213; + ports["udp"]["imap3"] = 220; + ports["udp"]["pawserv"] = 345; + ports["udp"]["zserv"] = 346; + ports["udp"]["fatserv"] = 347; + ports["udp"]["rpc2portmap"] = 369; + ports["udp"]["codaauth2"] = 370; + ports["udp"]["clearcase"] = 371; + ports["udp"]["ulistserv"] = 372; + ports["udp"]["ldap"] = 389; + ports["udp"]["imsp"] = 406; + ports["udp"]["https"] = 443; + ports["udp"]["snpp"] = 444; + ports["udp"]["microsoft-ds"] = 445; + ports["udp"]["kpasswd"] = 464; + ports["udp"]["saft"] = 487; + ports["udp"]["isakmp"] = 500; + ports["udp"]["rtsp"] = 554; + ports["udp"]["nqs"] = 607; + ports["udp"]["npmp-local"] = 610; + ports["udp"]["npmp-gui"] = 611; + ports["udp"]["hmmp-ind"] = 612; + ports["udp"]["qmqp"] = 628; + ports["udp"]["ipp"] = 631; + ports["udp"]["biff"] = 512; + ports["udp"]["who"] = 513; + ports["udp"]["syslog"] = 514; + ports["udp"]["talk"] = 517; + ports["udp"]["ntalk"] = 518; + ports["udp"]["route"] = 520; + ports["udp"]["timed"] = 525; + ports["udp"]["netwall"] = 533; + ports["udp"]["gdomap"] = 538; + ports["udp"]["afpovertcp"] = 548; + ports["udp"]["nntps"] = 563; + ports["udp"]["submission"] = 587; + ports["udp"]["ldaps"] = 636; + ports["udp"]["tinc"] = 655; + ports["udp"]["silc"] = 706; + ports["udp"]["webster"] = 765; + ports["udp"]["rsync"] = 873; + ports["udp"]["telnets"] = 992; + ports["udp"]["imaps"] = 993; + ports["udp"]["ircs"] = 994; + ports["udp"]["pop3s"] = 995; + ports["udp"]["socks"] = 1080; + ports["udp"]["proofd"] = 1093; + ports["udp"]["rootd"] = 1094; + ports["udp"]["openvpn"] = 1194; + ports["udp"]["rmiregistry"] = 1099; + ports["udp"]["kazaa"] = 1214; + ports["udp"]["nessus"] = 1241; + ports["udp"]["lotusnote"] = 1352; + ports["udp"]["ms-sql-s"] = 1433; + ports["udp"]["ms-sql-m"] = 1434; + ports["udp"]["ingreslock"] = 1524; + ports["udp"]["prospero-np"] = 1525; + ports["udp"]["datametrics"] = 1645; + ports["udp"]["sa-msg-port"] = 1646; + ports["udp"]["kermit"] = 1649; + ports["udp"]["l2f"] = 1701; + ports["udp"]["radius"] = 1812; + ports["udp"]["radius-acct"] = 1813; + ports["udp"]["msnp"] = 1863; + ports["udp"]["cisco-sccp"] = 2000; + ports["udp"]["nfs"] = 2049; + ports["udp"]["gnunet"] = 2086; + ports["udp"]["rtcm-sc104"] = 2101; + ports["udp"]["cvspserver"] = 2401; + ports["udp"]["venus"] = 2430; + ports["udp"]["venus-se"] = 2431; + ports["udp"]["codasrv"] = 2432; + ports["udp"]["codasrv-se"] = 2433; + ports["udp"]["mon"] = 2583; + ports["udp"]["dict"] = 2628; + ports["udp"]["gpsd"] = 2947; + ports["udp"]["gds_db"] = 3050; + ports["udp"]["icpv2"] = 3130; + ports["udp"]["mysql"] = 3306; + ports["udp"]["nut"] = 3493; + ports["udp"]["distcc"] = 3632; + ports["udp"]["daap"] = 3689; + ports["udp"]["svn"] = 3690; + ports["udp"]["suucp"] = 4031; + ports["udp"]["sysrqd"] = 4094; + ports["udp"]["remctl"] = 4373; + ports["udp"]["iax"] = 4569; + ports["udp"]["radmin-port"] = 4899; + ports["udp"]["rfe"] = 5002; + ports["udp"]["mmcc"] = 5050; + ports["udp"]["sip"] = 5060; + ports["udp"]["sip-tls"] = 5061; + ports["udp"]["aol"] = 5190; + ports["udp"]["xmpp-client"] = 5222; + ports["udp"]["xmpp-server"] = 5269; + ports["udp"]["cfengine"] = 5308; + ports["udp"]["mdns"] = 5353; + ports["udp"]["postgresql"] = 5432; + ports["udp"]["freeciv"] = 5556; + ports["udp"]["ggz"] = 5688; + ports["udp"]["x11"] = 6000; + ports["udp"]["x11-1"] = 6001; + ports["udp"]["x11-2"] = 6002; + ports["udp"]["x11-3"] = 6003; + ports["udp"]["x11-4"] = 6004; + ports["udp"]["x11-5"] = 6005; + ports["udp"]["x11-6"] = 6006; + ports["udp"]["x11-7"] = 6007; + ports["udp"]["gnutella-svc"] = 6346; + ports["udp"]["gnutella-rtr"] = 6347; + ports["udp"]["sge_qmaster"] = 6444; + ports["udp"]["sge_execd"] = 6445; + ports["udp"]["afs3-fileserver"] = 7000; + ports["udp"]["afs3-callback"] = 7001; + ports["udp"]["afs3-prserver"] = 7002; + ports["udp"]["afs3-vlserver"] = 7003; + ports["udp"]["afs3-kaserver"] = 7004; + ports["udp"]["afs3-volser"] = 7005; + ports["udp"]["afs3-errors"] = 7006; + ports["udp"]["afs3-bos"] = 7007; + ports["udp"]["afs3-update"] = 7008; + ports["udp"]["afs3-rmtsys"] = 7009; + ports["udp"]["font-service"] = 7100; + ports["udp"]["http-alt"] = 8080; + ports["udp"]["bacula-dir"] = 9101; + ports["udp"]["bacula-fd"] = 9102; + ports["udp"]["bacula-sd"] = 9103; + ports["udp"]["amanda"] = 10080; + ports["udp"]["hkp"] = 11371; + ports["udp"]["bprd"] = 13720; + ports["udp"]["bpdbm"] = 13721; + ports["udp"]["bpjava-msvc"] = 13722; + ports["udp"]["vnetd"] = 13724; + ports["udp"]["bpcd"] = 13782; + ports["udp"]["vopied"] = 13783; + ports["udp"]["wnn6"] = 22273; + ports["udp"]["kerberos4"] = 750; + ports["udp"]["kerberos_master"] = 751; + ports["udp"]["passwd_server"] = 752; + ports["udp"]["zephyr-srv"] = 2102; + ports["udp"]["zephyr-clt"] = 2103; + ports["udp"]["zephyr-hm"] = 2104; + ports["udp"]["poppassd"] = 106; + ports["udp"]["moira_ureg"] = 779; + ports["udp"]["omirr"] = 808; + ports["udp"]["customs"] = 1001; + ports["udp"]["predict"] = 1210; + ports["udp"]["ninstall"] = 2150; + ports["udp"]["afbackup"] = 2988; + ports["udp"]["afmbackup"] = 2989; + ports["udp"]["noclog"] = 5354; + ports["udp"]["hostmon"] = 5355; + ports["udp"]["rplay"] = 5555; + ports["udp"]["omniorb"] = 8088; + ports["udp"]["mandelspawn"] = 9359; + ports["udp"]["kamanda"] = 10081; + ports["udp"]["smsqp"] = 11201; + ports["udp"]["xpilot"] = 15345; + ports["udp"]["sgi-cmsd"] = 17001; + ports["udp"]["sgi-crsd"] = 17002; + ports["udp"]["sgi-gcd"] = 17003; + ports["udp"]["isdnlog"] = 20011; + ports["udp"]["vboxd"] = 20012; + ports["udp"]["asp"] = 27374; + +// these are found in Cisco configs. Some of these names duplicate +// protocols listed above but a few are extras. + ports["tcp"]["bgp"] = 179; + ports["tcp"]["chargen"] = 19; + ports["tcp"]["cmd"] = 514; + ports["tcp"]["daytime"] = 13; + ports["tcp"]["discard"] = 9; + ports["tcp"]["domain"] = 53; + ports["tcp"]["echo"] = 7; + ports["tcp"]["exec"] = 512; + ports["tcp"]["finger"] = 79; + ports["tcp"]["ftp"] = 21; + ports["tcp"]["ftp-data"] = 20; + ports["tcp"]["gopher"] = 70; + ports["tcp"]["hostname"] = 101; + ports["tcp"]["ident"] = 113; + ports["tcp"]["irc"] = 194; + ports["tcp"]["klogin"] = 543; + ports["tcp"]["kshell"] = 544; + ports["tcp"]["login"] = 513; + ports["tcp"]["lpd"] = 515; + ports["tcp"]["nntp"] = 119; + ports["tcp"]["pop2"] = 109; + ports["tcp"]["pop3"] = 110; + ports["tcp"]["smtp"] = 25; + ports["tcp"]["sunrpc"] = 111; + ports["tcp"]["syslog"] = 514; + ports["tcp"]["tacacs"] = 49; + ports["tcp"]["tacacs-ds"] = 63; + ports["tcp"]["talk"] = 517; + ports["tcp"]["telnet"] = 23; + ports["tcp"]["time"] = 37; + ports["tcp"]["uucp"] = 540; + ports["tcp"]["whois"] = 43; + ports["tcp"]["www"] = 80; + + ports["udp"]["biff"] = 512; + ports["udp"]["bootpc"] = 68; + ports["udp"]["bootps"] = 67; + ports["udp"]["discard"] = 9; + ports["udp"]["dnsix"] = 195; + ports["udp"]["domain"] = 53; + ports["udp"]["echo"] = 7; + ports["udp"]["isakmp"] = 500; + ports["udp"]["mobile-ip"] = 434; + ports["udp"]["nameserver"] = 42; + ports["udp"]["netbios-dgm"] = 138; + ports["udp"]["netbios-ns"] = 137; + ports["udp"]["netbios-ss"] = 139; + ports["udp"]["ntp"] = 123; + ports["udp"]["pim-auto-rp"] = 496; + ports["udp"]["rip"] = 520; + ports["udp"]["snmp"] = 161; + ports["udp"]["snmptrap"] = 162; + ports["udp"]["sunrpc"] = 111; + ports["udp"]["syslog"] = 514; + ports["udp"]["tacacs"] = 49; + ports["udp"]["talk"] = 517; + ports["udp"]["tftp"] = 69; + ports["udp"]["time"] = 37; + ports["udp"]["who"] = 513; + ports["udp"]["xdmcp"] = 177; + + + } + + bool ok = false; + int port = name.toInt(&ok); + if (ok) return port; + + if (ports.contains(proto) && ports[proto].contains(name)) + return ports[proto][name]; + + struct servent *se = getservbyname(name.toAscii().constData(), + proto.toAscii().constData()); + if (se!=NULL) + { + int port = ntohs(se->s_port); + //free(se); + return port; + } + + return -1; +} + diff --git a/src/libgui/getServByName.h b/src/libgui/getServByName.h new file mode 100644 index 000000000..1baaa7d29 --- /dev/null +++ b/src/libgui/getServByName.h @@ -0,0 +1,45 @@ +/* + + Firewall Builder + + Copyright (C) 2011 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#ifndef _GETSERVBYNAME_H_ +#define _GETSERVBYNAME_H_ + +#include +#include + +/* + * Simple wrapper class for getservbyname() function to make sure we + * get useful results even when this function does not work quite + * right. + */ +class GetServByName +{ + static QMap > ports; + +public: + GetServByName() {}; + + static int getPortByName(const QString &name, const QString &proto); +}; + +#endif diff --git a/src/libgui/importFirewallConfigurationWizard/IC_FirewallNamePage.cpp b/src/libgui/importFirewallConfigurationWizard/IC_FirewallNamePage.cpp index ec0e9a624..19a25cf89 100644 --- a/src/libgui/importFirewallConfigurationWizard/IC_FirewallNamePage.cpp +++ b/src/libgui/importFirewallConfigurationWizard/IC_FirewallNamePage.cpp @@ -55,7 +55,7 @@ void IC_FirewallNamePage::initializePage() qDebug() << "platform=" << platform; - if (platform == "pix" || platform == "fwsm" || platform == "ios_acl") + if (platform == "pix" || platform == "fwsm" || platform == "iosacl") { QRegExp cisco_re("^hostname\\s+(\\S+)"); diff --git a/src/libgui/libgui.pro b/src/libgui/libgui.pro index ff0073cf1..0e9b30c23 100644 --- a/src/libgui/libgui.pro +++ b/src/libgui/libgui.pro @@ -30,6 +30,8 @@ HEADERS += ../../config.h \ TextEditWidget.h \ utils.h \ utils_no_qt.h \ + getProtoByName.h \ + getServByName.h \ Importer.h \ IOSImporter.h \ IPTImporter.h \ @@ -241,6 +243,8 @@ SOURCES += ProjectPanel.cpp \ ssh_wrappers.cpp \ utils.cpp \ utils_no_qt.cpp \ + getProtoByName.cpp \ + getServByName.cpp \ Importer.cpp \ IOSImporter.cpp \ IOSImporterRun.cpp \ diff --git a/src/unit_tests/DiscoveryDruidTest/DiscoveryDruidTest.cpp b/src/unit_tests/DiscoveryDruidTest/DiscoveryDruidTest.cpp deleted file mode 100644 index badbecd9b..000000000 --- a/src/unit_tests/DiscoveryDruidTest/DiscoveryDruidTest.cpp +++ /dev/null @@ -1,153 +0,0 @@ -/* - - Firewall Builder - - Copyright (C) 2010 NetCitadel, LLC - - Author: Roman Bovsunivskiy a2k0001@gmail.com - - $Id: DiscoveryDruidTest.cpp 2786 2010-04-01 14:05:36Z a2k $ - - This program is free software which we release under the GNU General Public - License. You may redistribute and/or modify this program under the terms - of that license as published by the Free Software Foundation; either - version 2 of the License, or (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - To get a copy of the GNU General Public License, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - -*/ - -#include "DiscoveryDruidTest.h" - -#include "unistd.h" - -#include -#include -#include -#include -#include -#include -#include -#include -#include "FWObjectClipboard.h" -#include "FWBApplication.h" -#include "DiscoveryDruid.h" - -using namespace std; -using namespace QTest; -using namespace libfwbuilder; - - -void DiscoveryDruidTest::initTestCase() -{ - mw = new FWWindow(); - mw->show(); - mw->startupLoad(); - new FWObjectClipboard(); -} - -void DiscoveryDruidTest::cleanupTestCase() -{ - if (QFileInfo("result.fwb").exists()) - QVERIFY(QFile::remove("result.fwb")); -} - -void DiscoveryDruidTest::compareFwbFiles(QString expected_result_file_name, - QString obtained_result_file_name) -{ - QStringList obtained_result; - - QFile rr(obtained_result_file_name); - rr.open(QFile::ReadOnly); - QString result_file = rr.readAll(); - rr.close(); - obtained_result = result_file.split("\n"); - - QFile er(expected_result_file_name); - er.open(QFile::ReadOnly); - result_file = er.readAll(); - er.close(); - QStringList expected_result = result_file.split("\n"); - - // find all lastModified attributes and replace them with identical values - // because they are always going to be different - Q_ASSERT_X(expected_result.size() == obtained_result.size(), "result comparison", - "Sizes of the generated .fwb and test files are different"); - - QRegExp last_mod_re("lastModified=\"\\d+\""); - QRegExp id_re("id=\"\\w+\""); - int max_idx = max(expected_result.size(), obtained_result.size()); - for (int i=0; i < max_idx; ++i) - { - QString os = obtained_result[i]; - obtained_result[i] = os.replace(last_mod_re, "lastModified=\"0000000000\"") - .remove(id_re); - - QString es = expected_result[i]; - expected_result[i] = es.replace(last_mod_re, "lastModified=\"0000000000\"") - .remove(id_re); - } - - for (int i=0; i < max_idx; ++i) - { - QString err = QString("Line %1:\nExpected: '%2'\nResult: '%3'\n") - .arg(i).arg(expected_result[i]).arg(obtained_result[i]); - Q_ASSERT_X(expected_result[i] == obtained_result[i], "result comparison", err.toUtf8().constData()); - } -} - -void DiscoveryDruidTest::testHostsImportDialog() -{ - DiscoveryDruid *dlg = dynamic_cast(app->activeModalWidget()); - QVERIFY(dlg!=NULL); - - QPushButton *next = dlg->findChild("nextButton"); - QPushButton *finish = dlg->findChild("finishButton"); - - // Selecting "Read file in hosts format" radio button - QTest::mouseClick(dlg->findChild("dm_fromfile"), Qt::LeftButton, 0, QPoint(5,5)); - QTest::mouseClick(next, Qt::LeftButton); - - dlg->findChild("filename")->setText("test.hosts"); - - QTest::mouseClick(next, Qt::LeftButton); - - // Waiting for parsing to wait. We are using small and simple hosts - // file, so it should not take more than 1 second - QTest::qWait(1000); - QVERIFY(next->isEnabled()); - QTest::mouseClick(next, Qt::LeftButton); - - QListWidget *unused = dlg->findChild("objectresultlist"); - QVERIFY(unused->count() == 3); - unused->selectAll(); - QTest::mouseClick(dlg->findChild("addObjButton"), Qt::LeftButton); - QVERIFY(dlg->findChild("objectlist")->count() == 3); - QTest::mouseClick(next, Qt::LeftButton); - QTest::mouseClick(next, Qt::LeftButton); // using default library ("User") - - QVERIFY(finish->isEnabled()); // it should be enabled if everything is ok - QTest::mouseClick(finish, Qt::LeftButton); - // hosts should be imported to "User" database now and dialog is closed -} - -void DiscoveryDruidTest::testHostsImport() -{ - // Dialog is modal, so we have to test it in another thread - QTimer::singleShot(100, this, SLOT(testHostsImportDialog())); - mw->findChild("DiscoveryDruidAction")->trigger(); - - // this is running after import dialog is closed - mw->activeProject()->setFileName("result.fwb"); - mw->activeProject()->db()->setPredictableIds(); - mw->activeProject()->save(); - - compareFwbFiles("output.fwb", "result.fwb"); -} - diff --git a/src/unit_tests/DiscoveryDruidTest/DiscoveryDruidTest.h b/src/unit_tests/DiscoveryDruidTest/DiscoveryDruidTest.h deleted file mode 100644 index 8b5fc64d5..000000000 --- a/src/unit_tests/DiscoveryDruidTest/DiscoveryDruidTest.h +++ /dev/null @@ -1,58 +0,0 @@ -/* - - Firewall Builder - - Copyright (C) 2010 NetCitadel, LLC - - Author: Roman Bovsunivskiy a2k0001@gmail.com - - $Id: DiscoveryDruidTest.h 2786 2010-04-01 14:05:36Z a2k $ - - This program is free software which we release under the GNU General Public - License. You may redistribute and/or modify this program under the terms - of that license as published by the Free Software Foundation; either - version 2 of the License, or (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - To get a copy of the GNU General Public License, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - -*/ - -#ifndef INSTDIALOGTEST_H -#define INSTDIALOGTEST_H - -#include - -#include "FWBTree.h" -#include "FWWindow.h" -#include "ObjectManipulator.h" -#include "ObjectTreeView.h" -#include "ObjectTreeViewItem.h" -#include "events.h" -#include "fwbuilder/Firewall.h" -#include "fwbuilder/Library.h" -#include "fwbuilder/Policy.h" -#include "instDialog.h" -#include "newClusterDialog.h" -#include "upgradePredicate.h" - -class DiscoveryDruidTest : public QObject -{ - Q_OBJECT; - void compareFwbFiles(QString expected_result_file_name, - QString obtained_result_file_name); -private slots: - void initTestCase(); - void cleanupTestCase(); - - void testHostsImport(); -public slots: - void testHostsImportDialog(); -}; - -#endif // INSTDIALOGTEST_H diff --git a/src/unit_tests/DiscoveryDruidTest/DiscoveryDruidTest.pro b/src/unit_tests/DiscoveryDruidTest/DiscoveryDruidTest.pro deleted file mode 100644 index 3e2f002f9..000000000 --- a/src/unit_tests/DiscoveryDruidTest/DiscoveryDruidTest.pro +++ /dev/null @@ -1,11 +0,0 @@ -include(../tests_common.pri) - -QT += testlib network gui -TARGET = DiscoveryDruidTest -CONFIG += console -CONFIG -= app_bundle -TEMPLATE = app -SOURCES += main_DiscoveryDruidTest.cpp \ - DiscoveryDruidTest.cpp - -HEADERS += DiscoveryDruidTest.h diff --git a/src/unit_tests/DiscoveryDruidTest/main_DiscoveryDruidTest.cpp b/src/unit_tests/DiscoveryDruidTest/main_DiscoveryDruidTest.cpp deleted file mode 100644 index 781f16e41..000000000 --- a/src/unit_tests/DiscoveryDruidTest/main_DiscoveryDruidTest.cpp +++ /dev/null @@ -1,67 +0,0 @@ -/* - - Firewall Builder - - Copyright (C) 2010 NetCitadel, LLC - - Author: Roman Bovsunivskiy a2k0001@gmail.com - - $Id: main_DiscoveryDruidTest.cpp 2707 2010-03-10 18:22:19Z a2k $ - - This program is free software which we release under the GNU General Public - License. You may redistribute and/or modify this program under the terms - of that license as published by the Free Software Foundation; either - version 2 of the License, or (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - To get a copy of the GNU General Public License, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - -*/ - -#include "DiscoveryDruidTest.h" - - -#include -#include - -#include "FWWindow.h" -#include "FWBSettings.h" -#include "FWBApplication.h" -#include "UserWorkflow.h" - - -using namespace std; -using namespace libfwbuilder; - -int fwbdebug = 0; -FWWindow *mw = NULL; -FWBSettings *st = NULL; -FWBApplication *app = NULL; -UserWorkflow *wfl; -int sig = FWB_SIG; - - -extern void build_app(int argc, char** argv, - FWBApplication** app, - FWBSettings** st, - UserWorkflow** wfl); - -int main(int argc, char** argv) -{ - app = new FWBApplication(argc, argv); - app->setOrganizationName(QLatin1String("NetCitadel")); - app->setApplicationName(QLatin1String("Firewall Builder")); - - build_app(argc, argv, &app, &st, &wfl); - - - QTest::qExec(new DiscoveryDruidTest()); - - if (QFile::exists("test_work.fwb")) - QFile::remove("test_work.fwb"); -} diff --git a/src/unit_tests/DiscoveryDruidTest/output.fwb b/src/unit_tests/DiscoveryDruidTest/output.fwb deleted file mode 100644 index 14ef0731b..000000000 --- a/src/unit_tests/DiscoveryDruidTest/output.fwb +++ /dev/null @@ -1,460 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - established - - established - -m state --state ESTABLISHED,RELATED - established - - - - established - - established - -m state --state ESTABLISHED,RELATED - established - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -m record_rpc - - - - - - - - - - -m irc - - - - - - - - - - -m psd --psd-weight-threshold 5 --psd-delay-threshold 10000 - - - - - - - - - - -m string --string test_pattern - - - - - - - - - - -m talk - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/src/unit_tests/DiscoveryDruidTest/test.hosts b/src/unit_tests/DiscoveryDruidTest/test.hosts deleted file mode 100644 index 348c3d131..000000000 --- a/src/unit_tests/DiscoveryDruidTest/test.hosts +++ /dev/null @@ -1,5 +0,0 @@ -192.168.1.1 host1 -192.168.1.2 host2 -# comment -192.168.1.3 host3 - diff --git a/src/unit_tests/ImporterTest/test_data/ipt.fwb b/src/unit_tests/ImporterTest/test_data/ipt.fwb index a1ffa3e9c..eed4785df 100644 --- a/src/unit_tests/ImporterTest/test_data/ipt.fwb +++ b/src/unit_tests/ImporterTest/test_data/ipt.fwb @@ -1,6 +1,6 @@ - + @@ -1664,7 +1664,7 @@ - + @@ -1686,7 +1686,7 @@ - + @@ -2501,7 +2501,7 @@ - + @@ -3724,7 +3724,7 @@ - + @@ -3745,7 +3745,7 @@ - + diff --git a/src/unit_tests/ImporterTest/test_data/ipt.result b/src/unit_tests/ImporterTest/test_data/ipt.result index f51fbae66..07bc39b6c 100644 --- a/src/unit_tests/ImporterTest/test_data/ipt.result +++ b/src/unit_tests/ImporterTest/test_data/ipt.result @@ -6,29 +6,29 @@ Ruleset: filter / OUTPUT Default action: Accept Ruleset: filter / user_chain Default action: Deny -Rule matches states 'RELATED,ESTABLISHED'. Consider using automatic rule controlled by the checkbox in the firewall settings dialog. Automatic rule matches in all standard chains which may be different from the original imported configuration. This requires manual checking. -Rule matches states 'RELATED,ESTABLISHED'. Consider using automatic rule controlled by the checkbox in the firewall settings dialog. Automatic rule matches in all standard chains which may be different from the original imported configuration. This requires manual checking. -Rule matches states 'RELATED,ESTABLISHED'. Consider using automatic rule controlled by the checkbox in the firewall settings dialog. Automatic rule matches in all standard chains which may be different from the original imported configuration. This requires manual checking. -Rule matches states 'RELATED,ESTABLISHED'. Consider using automatic rule controlled by the checkbox in the firewall settings dialog. Automatic rule matches in all standard chains which may be different from the original imported configuration. This requires manual checking. +Warning: Rule matches states 'RELATED,ESTABLISHED'. Consider using automatic rule controlled by the checkbox in the firewall settings dialog. Automatic rule matches in all standard chains which may be different from the original imported configuration. This requires manual checking. +Warning: Rule matches states 'RELATED,ESTABLISHED'. Consider using automatic rule controlled by the checkbox in the firewall settings dialog. Automatic rule matches in all standard chains which may be different from the original imported configuration. This requires manual checking. +Warning: Rule matches states 'RELATED,ESTABLISHED'. Consider using automatic rule controlled by the checkbox in the firewall settings dialog. Automatic rule matches in all standard chains which may be different from the original imported configuration. This requires manual checking. +Warning: Rule matches states 'RELATED,ESTABLISHED'. Consider using automatic rule controlled by the checkbox in the firewall settings dialog. Automatic rule matches in all standard chains which may be different from the original imported configuration. This requires manual checking. Address object: h-21.21.21.21 TCP Service object: tcp 22-22: Created branch OUTPUT_established_0 -Rule matches states 'RELATED,ESTABLISHED'. Consider using automatic rule controlled by the checkbox in the firewall settings dialog. Automatic rule matches in all standard chains which may be different from the original imported configuration. This requires manual checking. +Warning: Rule matches states 'RELATED,ESTABLISHED'. Consider using automatic rule controlled by the checkbox in the firewall settings dialog. Automatic rule matches in all standard chains which may be different from the original imported configuration. This requires manual checking. TCP Service object: tcp 23-23 Created branch OUTPUT_established_1 -Rule matches states 'RELATED,ESTABLISHED'. Consider using automatic rule controlled by the checkbox in the firewall settings dialog. Automatic rule matches in all standard chains which may be different from the original imported configuration. This requires manual checking. -Using automatic rule controlled by option 'Drop packet that do not match any known connection' to match state INVALID -Using automatic rule controlled by option 'Drop packet that do not match any known connection' to match state INVALID +Warning: Rule matches states 'RELATED,ESTABLISHED'. Consider using automatic rule controlled by the checkbox in the firewall settings dialog. Automatic rule matches in all standard chains which may be different from the original imported configuration. This requires manual checking. +Warning: Using automatic rule controlled by option 'Drop packet that do not match any known connection' to match state INVALID +Warning: Using automatic rule controlled by option 'Drop packet that do not match any known connection' to match state INVALID New interface: lo UDP Service object: udp 1604-1604 Created branch Policy_eth1 New interface: eth1 New interface: eth0 -Creating branch ruleset 'Policy_eth1' to match inbound and outbound interfaces -i eth0 -o eth1 +Warning: Creating branch ruleset 'Policy_eth1' to match inbound and outbound interfaces -i eth0 -o eth1 TCP Service object: tcp 0-8000 UDP Service object: udp 0-8000 -Unknown parameter of target REJECT: icmp-foo-prohibited. -Unknown parameter of target REJECT: foo-prohib. +Warning: Unknown parameter of target REJECT: icmp-foo-prohibited. +Warning: Unknown parameter of target REJECT: foo-prohib. AddressRange object: range-10.212.66.2-10.212.66.3 AddressRange object: range-192.11.1.11-192.11.1.63 Address object: h-10.212.66.2 @@ -39,7 +39,7 @@ ICMP Service object: icmp -1/-1 Address object: h-192.168.1.1 IP Service object: ip-47 Network object: net-1.1.0.0/16 -Rule matches states 'RELATED,ESTABLISHED'. Consider using automatic rule controlled by the checkbox in the firewall settings dialog. Automatic rule matches in all standard chains which may be different from the original imported configuration. This requires manual checking. +Warning: Rule matches states 'RELATED,ESTABLISHED'. Consider using automatic rule controlled by the checkbox in the firewall settings dialog. Automatic rule matches in all standard chains which may be different from the original imported configuration. This requires manual checking. Network object: net-192.168.19.0/24 TCP Service object: tcp 5432-5432 Address object: h-192.168.16.125 @@ -66,10 +66,8 @@ TCP Service object: tcp fsrpau/f TCP Service object: tcp sr/sr TCP Service object: tcp fs/fs TCP Service object: tcp fsrpau/N -Parser error: -Port spec 'foo' unknown. Error basic_ios::clear -Parser error: -Port spec 'foo' unknown. Error basic_ios::clear +Parser error: Port spec 'foo' unknown +Parser error: Port spec 'foo' unknown TCP Service object: tcp TCP Service object: tcp 427-427 UDP Service object: udp 427-427 @@ -104,14 +102,12 @@ Tag Service object: tag-0x4 Created branch user_chain_47_mod_match TCP Service object: tcp 53-53: Created branch user_chain_48_mod_match -Parser error: -Original rule combines match of tcp/udp/icmp +Parser error: Original rule combines match of tcp/udp/icmp protocols with two or more module matches, such as module 'mark', 'recent' or 'length'. Use additional branches to implement this complex match. Created branch user_chain_49_mod_match -Parser error: -Original rule combines match of tcp/udp/icmp +Parser error: Original rule combines match of tcp/udp/icmp protocols with two or more module matches, such as module 'mark', 'recent' or 'length'. Use additional branches to implement this complex match. @@ -130,9 +126,9 @@ Tag Service object: tag-16 TCP Service object: tcp 25-25 Tag Service object: tag-0xa Tag Service object: tag-0xB -Skip command with '-j CONNMARK --restore-mark' This rule is generated automatically. +Warning: Skip command with '-j CONNMARK --restore-mark' This rule is generated automatically. TCP Service object: tcp 25-25: -Turned option on in previous rule with action Mark for '-j CONNMARK --save-mark' +Warning: Turned option on in previous rule with action Mark for '-j CONNMARK --save-mark' Tag Service object: tag-1 New interface: eth2 Tag Service object: tag-2 @@ -144,28 +140,22 @@ Ruleset: nat / OUTPUT Default action: Accept Network object: net-192.168.1.0/24 Address object: h-222.222.222.222 -Parser error: -Original rule defines outbound interface 'eth1'. +Parser error: Original rule defines outbound interface 'eth1'. Replace address in TSrc with matching interface of the firewall. -Parser error: -Original rule defines outbound interface 'eth0'. +Parser error: Original rule defines outbound interface 'eth0'. Replace address in TSrc with matching interface of the firewall. Network object: net-192.168.1.32/27 Address object: h-222.222.222.100 -Parser error: -Original rule defines outbound interface 'eth+'. +Parser error: Original rule defines outbound interface 'eth+'. Replace address in TSrc with matching interface of the firewall. Address object: h-192.168.1.20 -Parser error: -Original rule defines outbound interface 'eth+'. +Parser error: Original rule defines outbound interface 'eth+'. Replace address in TSrc with matching interface of the firewall. Address object: h-192.168.1.10 -Parser error: -Original rule defines outbound interface 'eth+'. +Parser error: Original rule defines outbound interface 'eth+'. Replace address in TSrc with matching interface of the firewall. TCP Service object: tcp 1000-1010: -Parser error: -Original rule defines outbound interface 'eth1'. +Parser error: Original rule defines outbound interface 'eth1'. Replace address in TSrc with matching interface of the firewall. Network object: net-222.222.222.0/24 TCP Service object: tcp 25-50 @@ -183,19 +173,18 @@ TCP Service object: tcp 13-13 TCP Service object: tcp 2105-2105 Address object: h-192.168.3.145 Address object: h-1.1.1.1 -Parser error: -Original rule defines inbound interface 'eth0'. +Parser error: Original rule defines inbound interface 'eth0'. Replace address in ODst with matching interface of the firewall. Network object: net-192.168.2.0/24 Address object: h-192.168.1.22 Address object: h-192.168.2.10 Address object: h-22.22.22.23 ICMP Service object: icmp 11/0 -Added rule to reproduce default policy ACCEPT in filter/OUTPUT -Can not reproduce default action in table 'mangle' chain 'FORWARD'. -Added rule to reproduce default policy ACCEPT in mangle/FORWARD -Can not reproduce default action in table 'mangle' chain 'INPUT'. -Added rule to reproduce default policy ACCEPT in mangle/INPUT -Added rule to reproduce default policy ACCEPT in mangle/OUTPUT -Added rule to reproduce default policy ACCEPT in mangle/POSTROUTING -Added rule to reproduce default policy ACCEPT in mangle/PREROUTING +Warning: Added rule to reproduce default policy ACCEPT in filter/OUTPUT +Warning: Can not reproduce default action in table 'mangle' chain 'FORWARD'. +Warning: Added rule to reproduce default policy ACCEPT in mangle/FORWARD +Warning: Can not reproduce default action in table 'mangle' chain 'INPUT'. +Warning: Added rule to reproduce default policy ACCEPT in mangle/INPUT +Warning: Added rule to reproduce default policy ACCEPT in mangle/OUTPUT +Warning: Added rule to reproduce default policy ACCEPT in mangle/POSTROUTING +Warning: Added rule to reproduce default policy ACCEPT in mangle/PREROUTING