From f04dc03fc64616668b0b734fccae4d7eb3177642 Mon Sep 17 00:00:00 2001 From: Vadim Kurland Date: Thu, 31 Mar 2011 17:58:59 -0700 Subject: [PATCH] see #2164 added import of http commands, import should not abort on "service" commands --- VERSION | 2 +- VERSION.h | 2 +- doc/ChangeLog | 3 + packaging/fwbuilder-static-qt.spec | 2 +- packaging/fwbuilder.control | 2 +- packaging/fwbuilder.spec | 2 +- src/import/PIXImporter.cpp | 1 + src/parsers/PIXCfgLexer.cpp | 472 ++--- src/parsers/PIXCfgParser.cpp | 1601 ++++++++++------- src/parsers/PIXCfgParser.hpp | 8 +- src/parsers/PIXCfgParserTokenTypes.hpp | 311 ++-- src/parsers/PIXCfgParserTokenTypes.txt | 311 ++-- src/parsers/pix.g | 92 +- .../test_data/asa8.3-objects-and-groups.fwb | 437 ++--- .../asa8.3-objects-and-groups.output | 123 +- .../test_data/asa8.3-objects-and-groups.test | 2 + .../PIXImporterTest/test_data/asa8.3.fwb | 158 +- .../PIXImporterTest/test_data/asa8.3.output | 7 +- .../PIXImporterTest/test_data/asa8.3.test | 31 + 19 files changed, 2006 insertions(+), 1561 deletions(-) diff --git a/VERSION b/VERSION index 8a3d5707b..e249789e6 100644 --- a/VERSION +++ b/VERSION @@ -7,7 +7,7 @@ FWB_MICRO_VERSION=0 # build number is like "nano" version number. I am incrementing build # number during development cycle # -BUILD_NUM="3514" +BUILD_NUM="3515" VERSION="$FWB_MAJOR_VERSION.$FWB_MINOR_VERSION.$FWB_MICRO_VERSION.$BUILD_NUM" diff --git a/VERSION.h b/VERSION.h index 89a8b7901..2d0aca889 100644 --- a/VERSION.h +++ b/VERSION.h @@ -1,2 +1,2 @@ -#define VERSION "4.2.0.3514" +#define VERSION "4.2.0.3515" #define GENERATION "4.2" diff --git a/doc/ChangeLog b/doc/ChangeLog index 41ee883c8..a75b31c70 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,5 +1,8 @@ 2011-03-31 vadim + * parsers/pix.g (http_command): see #2164 fixed import of "ssh" + commands and added import of "http" commands + * objectMaker.h (ObjectMakerErrorTracker): see #2302 Importer should log and continue when it encounters an error. This matches its behavior in older versions and makes it more resilient to diff --git a/packaging/fwbuilder-static-qt.spec b/packaging/fwbuilder-static-qt.spec index 03e08e63c..8900c6d54 100644 --- a/packaging/fwbuilder-static-qt.spec +++ b/packaging/fwbuilder-static-qt.spec @@ -3,7 +3,7 @@ %define name fwbuilder -%define version 4.2.0.3514 +%define version 4.2.0.3515 %define release 1 %if "%_vendor" == "MandrakeSoft" diff --git a/packaging/fwbuilder.control b/packaging/fwbuilder.control index 4d354095e..26c69ff12 100644 --- a/packaging/fwbuilder.control +++ b/packaging/fwbuilder.control @@ -4,6 +4,6 @@ Replaces: fwbuilder (<=4.1.1-1), fwbuilder-common, fwbuilder-bsd, fwbuilder-linu Priority: extra Section: checkinstall Maintainer: vadim@fwbuilder.org -Version: 4.2.0.3514-1 +Version: 4.2.0.3515-1 Depends: libqt4-gui (>= 4.3.0), libxml2, libxslt1.1, libsnmp | libsnmp15 Description: Firewall Builder GUI and policy compilers diff --git a/packaging/fwbuilder.spec b/packaging/fwbuilder.spec index 8d54ae42a..9f27b1376 100644 --- a/packaging/fwbuilder.spec +++ b/packaging/fwbuilder.spec @@ -1,6 +1,6 @@ %define name fwbuilder -%define version 4.2.0.3514 +%define version 4.2.0.3515 %define release 1 %if "%_vendor" == "MandrakeSoft" diff --git a/src/import/PIXImporter.cpp b/src/import/PIXImporter.cpp index f61fa1ae8..2c7d84b16 100644 --- a/src/import/PIXImporter.cpp +++ b/src/import/PIXImporter.cpp @@ -352,6 +352,7 @@ bool compare_ruleset_names(string a, string b) if (a.find("ssh_commands") == 0) return true; if (a.find("telnet_commands") == 0) return true; if (a.find("icmp_commands") == 0) return true; + if (a.find("http_commands") == 0) return true; return a < b; } diff --git a/src/parsers/PIXCfgLexer.cpp b/src/parsers/PIXCfgLexer.cpp index 83eadc73b..b63c5611b 100644 --- a/src/parsers/PIXCfgLexer.cpp +++ b/src/parsers/PIXCfgLexer.cpp @@ -44,142 +44,151 @@ PIXCfgLexer::PIXCfgLexer(const ANTLR_USE_NAMESPACE(antlr)LexerSharedInputState& void PIXCfgLexer::initLiterals() { - literals["full"] = 118; - literals["parameter-problem"] = 84; - literals["port-object"] = 51; - literals["notifications"] = 104; - literals["duplex"] = 124; - literals["dns"] = 53; - literals["no"] = 54; - literals["static"] = 152; + literals["full"] = 125; + literals["parameter-problem"] = 91; + literals["port-object"] = 54; + literals["notifications"] = 111; + literals["duplex"] = 131; + literals["dns"] = 56; + literals["no"] = 63; + literals["static"] = 161; literals["esp"] = 16; - literals["time-range"] = 110; + literals["time-range"] = 117; literals["gre"] = 17; - literals["timestamp-request"] = 91; - literals["echo"] = 71; - literals["speed"] = 123; - literals["warnings"] = 105; + literals["timestamp-request"] = 98; + literals["echo"] = 80; + literals["speed"] = 130; + literals["warnings"] = 112; + literals["resetoutbound"] = 61; literals["timeout"] = 8; literals["eigrp"] = 15; - literals["icmp-type"] = 48; - literals["permit"] = 64; - literals["remark"] = 142; + literals["icmp-type"] = 51; + literals["permit"] = 73; + literals["remark"] = 151; literals["network"] = 29; literals["igmp"] = 18; literals["range"] = 32; - literals["destination"] = 41; - literals["setroute"] = 155; - literals["vlan"] = 122; - literals["debugging"] = 100; - literals["controller"] = 111; - literals["interface"] = 94; - literals["dhcp"] = 136; - literals["aui"] = 115; - literals["Version"] = 58; - literals["auto"] = 116; + literals["destination"] = 44; + literals["setroute"] = 164; + literals["vlan"] = 129; + literals["debugging"] = 107; + literals["controller"] = 118; + literals["interface"] = 101; + literals["dhcp"] = 143; + literals["aui"] = 122; + literals["Version"] = 67; + literals["auto"] = 123; literals["subnet"] = 33; - literals["time-exceeded"] = 89; - literals["outside"] = 112; - literals["shutdown"] = 134; - literals["group-object"] = 43; - literals["eq"] = 67; - literals["fragments"] = 109; - literals["norandomseq"] = 153; - literals["unreachable"] = 93; - literals["delay"] = 127; + literals["time-exceeded"] = 96; + literals["outside"] = 119; + literals["shutdown"] = 141; + literals["group-object"] = 46; + literals["eq"] = 76; + literals["fragments"] = 116; + literals["norandomseq"] = 162; + literals["unreachable"] = 100; + literals["delay"] = 134; literals["ip"] = 6; - literals["security-level"] = 133; - literals["mobile-redirect"] = 83; + literals["security-level"] = 140; + literals["mobile-redirect"] = 90; literals["ospf"] = 23; literals["name"] = 10; - literals["errors"] = 102; - literals["mask-request"] = 82; - literals["PIX"] = 56; - literals["any"] = 95; - literals["ASA"] = 57; + literals["errors"] = 109; + literals["mask-request"] = 89; + literals["PIX"] = 65; + literals["any"] = 102; + literals["ASA"] = 66; literals["pptp"] = 26; - literals["redirect"] = 85; - literals["forward"] = 126; + literals["redirect"] = 92; + literals["forward"] = 133; + literals["timestamp-reply"] = 97; literals["description"] = 30; - literals["timestamp-reply"] = 90; - literals["alerts"] = 98; - literals["netmask"] = 151; - literals["lt"] = 69; - literals["bnc"] = 117; - literals["global"] = 149; + literals["alerts"] = 105; + literals["netmask"] = 160; + literals["lt"] = 78; + literals["internal"] = 58; + literals["bnc"] = 124; + literals["global"] = 158; literals["nos"] = 22; - literals["extended"] = 63; - literals["certificate"] = 55; + literals["extended"] = 72; + literals["certificate"] = 64; literals["service"] = 34; - literals["telnet"] = 74; - literals["udp"] = 39; - literals["hold-time"] = 128; - literals["baseT"] = 119; + literals["telnet"] = 37; + literals["udp"] = 42; + literals["hold-time"] = 135; + literals["baseT"] = 126; literals["ipinip"] = 20; - literals["standby"] = 137; - literals["crypto"] = 52; + literals["standby"] = 144; + literals["crypto"] = 55; literals["pim"] = 25; - literals["secondary"] = 154; - literals["emergencies"] = 101; - literals["disable"] = 106; - literals["mask-reply"] = 81; - literals["tcp"] = 38; - literals["tcp-udp"] = 49; - literals["source"] = 40; + literals["secondary"] = 163; + literals["emergencies"] = 108; + literals["disable"] = 113; + literals["mask-reply"] = 88; + literals["tcp"] = 41; + literals["tcp-udp"] = 52; + literals["source"] = 43; literals["names"] = 9; - literals["icmp"] = 35; - literals["log"] = 96; + literals["icmp"] = 38; + literals["http"] = 35; + literals["call-home"] = 57; + literals["log"] = 103; literals["snp"] = 27; - literals["mac-address"] = 130; - literals["established"] = 75; - literals["deny"] = 65; - literals["information-request"] = 80; - literals["ssh"] = 73; - literals["protocol-object"] = 46; - literals["gt"] = 68; + literals["mac-address"] = 137; + literals["established"] = 82; + literals["deny"] = 74; + literals["information-request"] = 87; + literals["ssh"] = 36; + literals["protocol-object"] = 49; + literals["gt"] = 77; literals["ah"] = 14; - literals["interval"] = 108; - literals["ddns"] = 125; - literals["ipv6"] = 129; - literals["rip"] = 72; - literals["baseTX"] = 120; - literals["access-group"] = 143; - literals["critical"] = 99; - literals["standard"] = 66; + literals["interval"] = 115; + literals["resetoutside"] = 62; + literals["ddns"] = 132; + literals["ipv6"] = 136; + literals["rip"] = 81; + literals["baseTX"] = 127; + literals["access-group"] = 152; + literals["critical"] = 106; + literals["standard"] = 75; literals["quit"] = 5; literals["community-list"] = 7; - literals["network-object"] = 44; - literals["hostname"] = 60; - literals["information-reply"] = 79; - literals["icmp6"] = 37; - literals["switchport"] = 138; + literals["network-object"] = 47; + literals["hostname"] = 69; + literals["server"] = 150; + literals["information-reply"] = 86; + literals["icmp6"] = 40; + literals["authentication-certificate"] = 149; + literals["switchport"] = 145; literals["ipsec"] = 21; - literals["conversion-error"] = 77; + literals["conversion-error"] = 84; literals["host"] = 31; - literals["echo-reply"] = 78; - literals["nameif"] = 121; + literals["echo-reply"] = 85; + literals["nameif"] = 128; literals["pcp"] = 24; - literals["service-object"] = 50; - literals["nat"] = 145; - literals["access-list"] = 62; - literals["informational"] = 103; + literals["service-object"] = 53; + literals["nat"] = 154; + literals["access-list"] = 71; + literals["informational"] = 110; literals["igrp"] = 19; - literals["traceroute"] = 92; - literals["address"] = 135; - literals["log-input"] = 97; - literals["router-advertisement"] = 86; - literals["router-solicitation"] = 87; - literals["access"] = 139; - literals["icmp-object"] = 47; - literals["source-quench"] = 88; - literals["scopy"] = 140; - literals["protocol"] = 45; - literals["inactive"] = 107; - literals["multicast"] = 131; - literals["exit"] = 114; - literals["version"] = 141; - literals["neq"] = 70; - literals["alternate-address"] = 76; + literals["traceroute"] = 99; + literals["address"] = 142; + literals["log-input"] = 104; + literals["router-advertisement"] = 93; + literals["resetinbound"] = 60; + literals["router-solicitation"] = 94; + literals["access"] = 146; + literals["icmp-object"] = 50; + literals["source-quench"] = 95; + literals["scopy"] = 147; + literals["protocol"] = 48; + literals["inactive"] = 114; + literals["multicast"] = 138; + literals["exit"] = 121; + literals["version"] = 148; + literals["neq"] = 79; + literals["alternate-address"] = 83; + literals["password-recovery"] = 59; } ANTLR_USE_NAMESPACE(antlr)RefToken PIXCfgLexer::nextToken() @@ -493,11 +502,11 @@ void PIXCfgLexer::mLINE_COMMENT(bool _createToken) { } } else { - goto _loop275; + goto _loop282; } } - _loop275:; + _loop282:; } // ( ... )* mNEWLINE(false); if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { @@ -529,9 +538,9 @@ void PIXCfgLexer::mNEWLINE(bool _createToken) { } if ( inputState->guessing==0 ) { -#line 2335 "pix.g" +#line 2417 "pix.g" newline(); -#line 535 "PIXCfgLexer.cpp" +#line 544 "PIXCfgLexer.cpp" } if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { _token = makeToken(_ttype); @@ -555,11 +564,11 @@ void PIXCfgLexer::mCOLON_COMMENT(bool _createToken) { } } else { - goto _loop279; + goto _loop286; } } - _loop279:; + _loop286:; } // ( ... )* mNEWLINE(false); if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { @@ -653,9 +662,9 @@ void PIXCfgLexer::mWhitespace(bool _createToken) { } } if ( inputState->guessing==0 ) { -#line 2330 "pix.g" +#line 2412 "pix.g" _ttype = ANTLR_USE_NAMESPACE(antlr)Token::SKIP; -#line 659 "PIXCfgLexer.cpp" +#line 668 "PIXCfgLexer.cpp" } if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { _token = makeToken(_ttype); @@ -777,10 +786,10 @@ void PIXCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex; { - bool synPredMatched340 = false; + bool synPredMatched347 = false; if (((LA(1) == 0x6f /* 'o' */ ) && (LA(2) == 0x62 /* 'b' */ ) && (LA(3) == 0x6a /* 'j' */ ))) { - int _m340 = mark(); - synPredMatched340 = true; + int _m347 = mark(); + synPredMatched347 = true; inputState->guessing++; try { { @@ -789,12 +798,12 @@ void PIXCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { - synPredMatched340 = false; + synPredMatched347 = false; } - rewind(_m340); + rewind(_m347); inputState->guessing--; } - if ( synPredMatched340 ) { + if ( synPredMatched347 ) { { match("object"); { @@ -804,17 +813,17 @@ void PIXCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { match("oup"); } if ( inputState->guessing==0 ) { -#line 2387 "pix.g" +#line 2469 "pix.g" _ttype = OBJECT_GROUP; -#line 810 "PIXCfgLexer.cpp" +#line 819 "PIXCfgLexer.cpp" } } else { match(""); if ( inputState->guessing==0 ) { -#line 2389 "pix.g" +#line 2471 "pix.g" _ttype = OBJECT; -#line 818 "PIXCfgLexer.cpp" +#line 827 "PIXCfgLexer.cpp" } } @@ -822,15 +831,15 @@ void PIXCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { } } else { - bool synPredMatched330 = false; + bool synPredMatched337 = false; if (((_tokenSet_2.member(LA(1))) && (_tokenSet_3.member(LA(2))) && (true))) { - int _m330 = mark(); - synPredMatched330 = true; + int _m337 = mark(); + synPredMatched337 = true; inputState->guessing++; try { { { // ( ... )+ - int _cnt329=0; + int _cnt336=0; for (;;) { switch ( LA(1)) { case 0x61 /* 'a' */ : @@ -859,27 +868,27 @@ void PIXCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { } default: { - if ( _cnt329>=1 ) { goto _loop329; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt336>=1 ) { goto _loop336; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } } - _cnt329++; + _cnt336++; } - _loop329:; + _loop336:; } // ( ... )+ mCOLON(false); } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { - synPredMatched330 = false; + synPredMatched337 = false; } - rewind(_m330); + rewind(_m337); inputState->guessing--; } - if ( synPredMatched330 ) { + if ( synPredMatched337 ) { { { { // ( ... )+ - int _cnt334=0; + int _cnt341=0; for (;;) { switch ( LA(1)) { case 0x61 /* 'a' */ : @@ -908,15 +917,15 @@ void PIXCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { } default: { - if ( _cnt334>=1 ) { goto _loop334; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt341>=1 ) { goto _loop341; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } } - _cnt334++; + _cnt341++; } - _loop334:; + _loop341:; } // ( ... )+ { // ( ... )+ - int _cnt338=0; + int _cnt345=0; for (;;) { if ((LA(1) == 0x3a /* ':' */ )) { mCOLON(false); @@ -949,34 +958,34 @@ void PIXCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { } default: { - goto _loop337; + goto _loop344; } } } - _loop337:; + _loop344:; } // ( ... )* } else { - if ( _cnt338>=1 ) { goto _loop338; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt345>=1 ) { goto _loop345; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt338++; + _cnt345++; } - _loop338:; + _loop345:; } // ( ... )+ } if ( inputState->guessing==0 ) { -#line 2380 "pix.g" +#line 2462 "pix.g" _ttype = IPV6; -#line 972 "PIXCfgLexer.cpp" +#line 981 "PIXCfgLexer.cpp" } } } else { - bool synPredMatched295 = false; + bool synPredMatched302 = false; if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (true) && (true))) { - int _m295 = mark(); - synPredMatched295 = true; + int _m302 = mark(); + synPredMatched302 = true; inputState->guessing++; try { { @@ -984,242 +993,242 @@ void PIXCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { - synPredMatched295 = false; + synPredMatched302 = false; } - rewind(_m295); + rewind(_m302); inputState->guessing--; } - if ( synPredMatched295 ) { + if ( synPredMatched302 ) { { - bool synPredMatched304 = false; + bool synPredMatched311 = false; if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (_tokenSet_4.member(LA(2))) && (_tokenSet_4.member(LA(3))))) { - int _m304 = mark(); - synPredMatched304 = true; + int _m311 = mark(); + synPredMatched311 = true; inputState->guessing++; try { { { // ( ... )+ - int _cnt299=0; + int _cnt306=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt299>=1 ) { goto _loop299; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt306>=1 ) { goto _loop306; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt299++; + _cnt306++; } - _loop299:; + _loop306:; } // ( ... )+ mDOT(false); { // ( ... )+ - int _cnt301=0; + int _cnt308=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt301>=1 ) { goto _loop301; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt308>=1 ) { goto _loop308; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt301++; + _cnt308++; } - _loop301:; + _loop308:; } // ( ... )+ mDOT(false); { // ( ... )+ - int _cnt303=0; + int _cnt310=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt303>=1 ) { goto _loop303; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt310>=1 ) { goto _loop310; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt303++; + _cnt310++; } - _loop303:; + _loop310:; } // ( ... )+ } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { - synPredMatched304 = false; + synPredMatched311 = false; } - rewind(_m304); + rewind(_m311); inputState->guessing--; } - if ( synPredMatched304 ) { + if ( synPredMatched311 ) { { { // ( ... )+ - int _cnt307=0; + int _cnt314=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt307>=1 ) { goto _loop307; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt314>=1 ) { goto _loop314; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt307++; + _cnt314++; } - _loop307:; + _loop314:; } // ( ... )+ mDOT(false); { // ( ... )+ - int _cnt309=0; + int _cnt316=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt309>=1 ) { goto _loop309; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt316>=1 ) { goto _loop316; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt309++; + _cnt316++; } - _loop309:; + _loop316:; } // ( ... )+ mDOT(false); { // ( ... )+ - int _cnt311=0; + int _cnt318=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt311>=1 ) { goto _loop311; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt318>=1 ) { goto _loop318; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt311++; + _cnt318++; } - _loop311:; + _loop318:; } // ( ... )+ mDOT(false); { // ( ... )+ - int _cnt313=0; + int _cnt320=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt313>=1 ) { goto _loop313; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt320>=1 ) { goto _loop320; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt313++; + _cnt320++; } - _loop313:; + _loop320:; } // ( ... )+ } if ( inputState->guessing==0 ) { -#line 2368 "pix.g" +#line 2450 "pix.g" _ttype = IPV4; -#line 1119 "PIXCfgLexer.cpp" +#line 1128 "PIXCfgLexer.cpp" } } else { - bool synPredMatched319 = false; + bool synPredMatched326 = false; if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (_tokenSet_4.member(LA(2))) && (_tokenSet_4.member(LA(3))))) { - int _m319 = mark(); - synPredMatched319 = true; + int _m326 = mark(); + synPredMatched326 = true; inputState->guessing++; try { { { // ( ... )+ - int _cnt316=0; + int _cnt323=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt316>=1 ) { goto _loop316; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt323>=1 ) { goto _loop323; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt316++; + _cnt323++; } - _loop316:; + _loop323:; } // ( ... )+ mDOT(false); { // ( ... )+ - int _cnt318=0; + int _cnt325=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt318>=1 ) { goto _loop318; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt325>=1 ) { goto _loop325; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt318++; + _cnt325++; } - _loop318:; + _loop325:; } // ( ... )+ } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { - synPredMatched319 = false; + synPredMatched326 = false; } - rewind(_m319); + rewind(_m326); inputState->guessing--; } - if ( synPredMatched319 ) { + if ( synPredMatched326 ) { { { // ( ... )+ - int _cnt322=0; + int _cnt329=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt322>=1 ) { goto _loop322; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt329>=1 ) { goto _loop329; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt322++; + _cnt329++; } - _loop322:; + _loop329:; } // ( ... )+ mDOT(false); { // ( ... )+ - int _cnt324=0; + int _cnt331=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt324>=1 ) { goto _loop324; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt331>=1 ) { goto _loop331; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt324++; + _cnt331++; } - _loop324:; + _loop331:; } // ( ... )+ } if ( inputState->guessing==0 ) { -#line 2371 "pix.g" +#line 2453 "pix.g" _ttype = NUMBER; -#line 1202 "PIXCfgLexer.cpp" +#line 1211 "PIXCfgLexer.cpp" } } else if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (true) && (true)) { { // ( ... )+ - int _cnt326=0; + int _cnt333=0; for (;;) { if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) { mDIGIT(false); } else { - if ( _cnt326>=1 ) { goto _loop326; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} + if ( _cnt333>=1 ) { goto _loop333; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());} } - _cnt326++; + _cnt333++; } - _loop326:; + _loop333:; } // ( ... )+ if ( inputState->guessing==0 ) { -#line 2373 "pix.g" +#line 2455 "pix.g" _ttype = INT_CONST; -#line 1223 "PIXCfgLexer.cpp" +#line 1232 "PIXCfgLexer.cpp" } } else { @@ -1472,16 +1481,16 @@ void PIXCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) { } default: { - goto _loop346; + goto _loop353; } } } - _loop346:; + _loop353:; } // ( ... )* if ( inputState->guessing==0 ) { -#line 2398 "pix.g" +#line 2480 "pix.g" _ttype = WORD; -#line 1485 "PIXCfgLexer.cpp" +#line 1494 "PIXCfgLexer.cpp" } } else { @@ -1523,11 +1532,11 @@ void PIXCfgLexer::mSTRING(bool _createToken) { matchNot('\"' /* charlit */ ); } else { - goto _loop349; + goto _loop356; } } - _loop349:; + _loop356:; } // ( ... )* match('\"' /* charlit */ ); if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) { @@ -1910,6 +1919,7 @@ const unsigned long PIXCfgLexer::_tokenSet_0_data_[] = { 4294958072UL, 1UL, 0UL, // 0x90 0x91 0x92 0x93 0x94 0x95 0x96 0x97 0x98 0x99 0x9a 0x9b 0x9c 0x9d // 0x9e 0x9f 0xa0 0xa1 0xa2 0xa3 0xa4 0xa5 0xa6 0xa7 0xa8 0xa9 0xaa 0xab // 0xac 0xad 0xae 0xaf 0xb0 0xb1 0xb2 0xb3 0xb4 0xb5 0xb6 0xb7 0xb8 0xb9 +// 0xba 0xbb 0xbc 0xbd 0xbe 0xbf 0xc0 0xc1 0xc2 const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgLexer::_tokenSet_0(_tokenSet_0_data_,16); const unsigned long PIXCfgLexer::_tokenSet_1_data_[] = { 4294958072UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // 0x3 0x4 0x5 0x6 0x7 0x8 0x9 0xb 0xc 0xe 0xf 0x10 0x11 0x12 0x13 0x14 @@ -1920,7 +1930,8 @@ const unsigned long PIXCfgLexer::_tokenSet_1_data_[] = { 4294958072UL, 429496729 // 0x84 0x85 0x86 0x87 0x88 0x89 0x8a 0x8b 0x8c 0x8d 0x8e 0x8f 0x90 0x91 // 0x92 0x93 0x94 0x95 0x96 0x97 0x98 0x99 0x9a 0x9b 0x9c 0x9d 0x9e 0x9f // 0xa0 0xa1 0xa2 0xa3 0xa4 0xa5 0xa6 0xa7 0xa8 0xa9 0xaa 0xab 0xac 0xad -// 0xae 0xaf 0xb0 0xb1 0xb2 0xb3 0xb4 0xb5 0xb6 0xb7 0xb8 0xb9 +// 0xae 0xaf 0xb0 0xb1 0xb2 0xb3 0xb4 0xb5 0xb6 0xb7 0xb8 0xb9 0xba 0xbb +// 0xbc 0xbd 0xbe 0xbf 0xc0 0xc1 0xc2 const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgLexer::_tokenSet_1(_tokenSet_1_data_,16); const unsigned long PIXCfgLexer::_tokenSet_2_data_[] = { 0UL, 67043328UL, 0UL, 126UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // 0 1 2 3 4 5 6 7 8 9 a b c d e f @@ -1944,6 +1955,7 @@ const unsigned long PIXCfgLexer::_tokenSet_6_data_[] = { 4294967288UL, 429496729 // 0x84 0x85 0x86 0x87 0x88 0x89 0x8a 0x8b 0x8c 0x8d 0x8e 0x8f 0x90 0x91 // 0x92 0x93 0x94 0x95 0x96 0x97 0x98 0x99 0x9a 0x9b 0x9c 0x9d 0x9e 0x9f // 0xa0 0xa1 0xa2 0xa3 0xa4 0xa5 0xa6 0xa7 0xa8 0xa9 0xaa 0xab 0xac 0xad -// 0xae 0xaf 0xb0 0xb1 0xb2 0xb3 0xb4 0xb5 0xb6 0xb7 0xb8 0xb9 +// 0xae 0xaf 0xb0 0xb1 0xb2 0xb3 0xb4 0xb5 0xb6 0xb7 0xb8 0xb9 0xba 0xbb +// 0xbc 0xbd 0xbe 0xbf 0xc0 0xc1 0xc2 const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgLexer::_tokenSet_6(_tokenSet_6_data_,16); diff --git a/src/parsers/PIXCfgParser.cpp b/src/parsers/PIXCfgParser.cpp index 97e6aa2e2..36a9af349 100644 --- a/src/parsers/PIXCfgParser.cpp +++ b/src/parsers/PIXCfgParser.cpp @@ -99,6 +99,11 @@ void PIXCfgParser::cfgfile() { telnet_command(); break; } + case HTTP: + { + http_command(); + break; + } case ICMP: { icmp_top_level_command(); @@ -169,6 +174,11 @@ void PIXCfgParser::cfgfile() { dns_command(); break; } + case SERVICE: + { + service_top_level_command(); + break; + } case WORD: { unknown_command(); @@ -284,14 +294,14 @@ void PIXCfgParser::version() { match(VERSION_WORD_CAP); match(NUMBER); if ( inputState->guessing==0 ) { -#line 837 "pix.g" +#line 869 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); importer->setDiscoveredVersion(LT(0)->getText()); *dbg << "VERSION " << LT(0)->getText() << std::endl; consumeUntil(NEWLINE); -#line 295 "PIXCfgParser.cpp" +#line 305 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -328,7 +338,7 @@ void PIXCfgParser::hostname() { } } if ( inputState->guessing==0 ) { -#line 847 "pix.g" +#line 879 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); importer->setHostName( LT(0)->getText() ); @@ -336,7 +346,7 @@ void PIXCfgParser::hostname() { << "LT0=" << LT(0)->getText() << std::endl; -#line 340 "PIXCfgParser.cpp" +#line 350 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -356,11 +366,11 @@ void PIXCfgParser::community_list_command() { match(IP); match(COMMUNITY_LIST); if ( inputState->guessing==0 ) { -#line 193 "pix.g" +#line 197 "pix.g" consumeUntil(NEWLINE); -#line 364 "PIXCfgParser.cpp" +#line 374 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -380,11 +390,11 @@ void PIXCfgParser::unknown_ip_command() { match(IP); match(WORD); if ( inputState->guessing==0 ) { -#line 799 "pix.g" +#line 808 "pix.g" consumeUntil(NEWLINE); -#line 388 "PIXCfgParser.cpp" +#line 398 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -427,34 +437,34 @@ void PIXCfgParser::intrface() { void PIXCfgParser::nameif_top_level() { Tracer traceInOut(this, "nameif_top_level"); -#line 1406 "pix.g" +#line 1438 "pix.g" std::string intf_name, intf_label, sec_level; -#line 435 "PIXCfgParser.cpp" +#line 445 "PIXCfgParser.cpp" try { // for error handling match(NAMEIF); match(WORD); if ( inputState->guessing==0 ) { -#line 1411 "pix.g" +#line 1443 "pix.g" intf_name = LT(0)->getText(); -#line 443 "PIXCfgParser.cpp" +#line 453 "PIXCfgParser.cpp" } interface_label(); if ( inputState->guessing==0 ) { -#line 1412 "pix.g" +#line 1444 "pix.g" intf_label = LT(0)->getText(); -#line 449 "PIXCfgParser.cpp" +#line 459 "PIXCfgParser.cpp" } match(WORD); if ( inputState->guessing==0 ) { -#line 1413 "pix.g" +#line 1445 "pix.g" sec_level = LT(0)->getText(); -#line 455 "PIXCfgParser.cpp" +#line 465 "PIXCfgParser.cpp" } if ( inputState->guessing==0 ) { -#line 1414 "pix.g" +#line 1446 "pix.g" importer->setInterfaceParametes(intf_name, intf_label, sec_level); *dbg << " NAMEIF: " @@ -462,7 +472,7 @@ void PIXCfgParser::nameif_top_level() { << intf_label << " " << sec_level << std::endl; -#line 466 "PIXCfgParser.cpp" +#line 476 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -481,12 +491,12 @@ void PIXCfgParser::controller() { try { // for error handling match(CONTROLLER); if ( inputState->guessing==0 ) { -#line 1318 "pix.g" +#line 1350 "pix.g" importer->clearCurrentInterface(); consumeUntil(NEWLINE); -#line 490 "PIXCfgParser.cpp" +#line 500 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -508,7 +518,7 @@ void PIXCfgParser::access_list_commands() { name = LT(1); match(WORD); if ( inputState->guessing==0 ) { -#line 859 "pix.g" +#line 891 "pix.g" importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); @@ -517,7 +527,7 @@ void PIXCfgParser::access_list_commands() { *dbg << name->getLine() << ":" << " ACL ext " << name->getText() << std::endl; -#line 521 "PIXCfgParser.cpp" +#line 531 "PIXCfgParser.cpp" } { switch ( LA(1)) { @@ -556,12 +566,12 @@ void PIXCfgParser::access_list_commands() { } } if ( inputState->guessing==0 ) { -#line 882 "pix.g" +#line 914 "pix.g" *dbg << LT(0)->getLine() << ":" << " ACL line end" << std::endl << std::endl; -#line 565 "PIXCfgParser.cpp" +#line 575 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -580,11 +590,11 @@ void PIXCfgParser::ssh_command() { try { // for error handling match(SSH); if ( inputState->guessing==0 ) { -#line 1654 "pix.g" +#line 1686 "pix.g" importer->clear(); -#line 588 "PIXCfgParser.cpp" +#line 598 "PIXCfgParser.cpp" } { switch ( LA(1)) { @@ -595,11 +605,11 @@ void PIXCfgParser::ssh_command() { match(INT_CONST); } if ( inputState->guessing==0 ) { -#line 1659 "pix.g" +#line 1691 "pix.g" // set ssh timeout here -#line 603 "PIXCfgParser.cpp" +#line 613 "PIXCfgParser.cpp" } break; } @@ -611,6 +621,7 @@ void PIXCfgParser::ssh_command() { case VERSION_WORD_LOW: { match(VERSION_WORD_LOW); + match(INT_CONST); break; } case IPV4: @@ -623,16 +634,16 @@ void PIXCfgParser::ssh_command() { { hostaddr_expr(); if ( inputState->guessing==0 ) { -#line 1669 "pix.g" +#line 1701 "pix.g" importer->SaveTmpAddrToSrc(); -#line 631 "PIXCfgParser.cpp" +#line 642 "PIXCfgParser.cpp" } interface_label(); } if ( inputState->guessing==0 ) { -#line 1674 "pix.g" +#line 1706 "pix.g" std::string intf_label = LT(0)->getText(); std::string acl_name = "ssh_commands_" + intf_label; @@ -649,7 +660,7 @@ void PIXCfgParser::ssh_command() { importer->pushRule(); *dbg << std::endl; -#line 653 "PIXCfgParser.cpp" +#line 664 "PIXCfgParser.cpp" } break; } @@ -676,11 +687,11 @@ void PIXCfgParser::telnet_command() { try { // for error handling match(TELNET); if ( inputState->guessing==0 ) { -#line 1694 "pix.g" +#line 1726 "pix.g" importer->clear(); -#line 684 "PIXCfgParser.cpp" +#line 695 "PIXCfgParser.cpp" } { switch ( LA(1)) { @@ -702,16 +713,16 @@ void PIXCfgParser::telnet_command() { { hostaddr_expr(); if ( inputState->guessing==0 ) { -#line 1701 "pix.g" +#line 1733 "pix.g" importer->SaveTmpAddrToSrc(); -#line 710 "PIXCfgParser.cpp" +#line 721 "PIXCfgParser.cpp" } interface_label(); } if ( inputState->guessing==0 ) { -#line 1706 "pix.g" +#line 1738 "pix.g" std::string intf_label = LT(0)->getText(); std::string acl_name = "telnet_commands_" + intf_label; @@ -728,7 +739,115 @@ void PIXCfgParser::telnet_command() { importer->pushRule(); *dbg << std::endl; -#line 732 "PIXCfgParser.cpp" +#line 743 "PIXCfgParser.cpp" + } + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + if( inputState->guessing == 0 ) { + reportError(ex); + recover(ex,_tokenSet_1); + } else { + throw; + } + } +} + +void PIXCfgParser::http_command() { + Tracer traceInOut(this, "http_command"); + + try { // for error handling + match(HTTP); + if ( inputState->guessing==0 ) { +#line 1760 "pix.g" + + importer->clear(); + +#line 774 "PIXCfgParser.cpp" + } + { + switch ( LA(1)) { + case REDIRECT: + case AUTHENTICATION_CERTIFICATE: + case SERVER: + { + { + switch ( LA(1)) { + case AUTHENTICATION_CERTIFICATE: + { + match(AUTHENTICATION_CERTIFICATE); + break; + } + case REDIRECT: + { + match(REDIRECT); + break; + } + case SERVER: + { + match(SERVER); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + if ( inputState->guessing==0 ) { +#line 1765 "pix.g" + + consumeUntil(NEWLINE); + +#line 810 "PIXCfgParser.cpp" + } + break; + } + case IPV4: + case OBJECT: + case HOST: + case OBJECT_GROUP: + case INTRFACE: + case ANY: + { + { + hostaddr_expr(); + if ( inputState->guessing==0 ) { +#line 1771 "pix.g" + + importer->SaveTmpAddrToSrc(); + +#line 828 "PIXCfgParser.cpp" + } + interface_label(); + } + if ( inputState->guessing==0 ) { +#line 1776 "pix.g" + + std::string intf_label = LT(0)->getText(); + std::string acl_name = "http_commands_" + intf_label; + importer->setCurrentLineNumber(LT(0)->getLine()); + importer->newUnidirRuleSet(acl_name, + libfwbuilder::Policy::TYPENAME ); + importer->newPolicyRule(); + importer->action = "permit"; + importer->setDstSelf(); + importer->protocol = "tcp"; + importer->dst_port_op = "eq"; + importer->dst_port_spec = "www"; + importer->setInterfaceAndDirectionForRuleSet( + acl_name, intf_label, "in" ); + importer->pushRule(); + *dbg << std::endl; + +#line 851 "PIXCfgParser.cpp" } break; } @@ -763,11 +882,11 @@ void PIXCfgParser::icmp_top_level_command() { { match(UNREACHABLE); if ( inputState->guessing==0 ) { -#line 1735 "pix.g" +#line 1806 "pix.g" consumeUntil(NEWLINE); -#line 771 "PIXCfgParser.cpp" +#line 890 "PIXCfgParser.cpp" } } break; @@ -797,19 +916,19 @@ void PIXCfgParser::icmp_top_level_command() { } } if ( inputState->guessing==0 ) { -#line 1742 "pix.g" +#line 1813 "pix.g" importer->clear(); -#line 805 "PIXCfgParser.cpp" +#line 924 "PIXCfgParser.cpp" } hostaddr_expr(); if ( inputState->guessing==0 ) { -#line 1746 "pix.g" +#line 1817 "pix.g" importer->SaveTmpAddrToSrc(); -#line 813 "PIXCfgParser.cpp" +#line 932 "PIXCfgParser.cpp" } { switch ( LA(1)) { @@ -835,7 +954,7 @@ void PIXCfgParser::icmp_top_level_command() { } interface_label(); if ( inputState->guessing==0 ) { -#line 1751 "pix.g" +#line 1822 "pix.g" std::string intf_label = LT(0)->getText(); std::string acl_name = "icmp_commands_" + intf_label; @@ -850,7 +969,7 @@ void PIXCfgParser::icmp_top_level_command() { acl_name, intf_label, "in" ); importer->pushRule(); -#line 854 "PIXCfgParser.cpp" +#line 973 "PIXCfgParser.cpp" } } break; @@ -879,11 +998,11 @@ void PIXCfgParser::nat_top_level_command() { match(NAT); match(OPENING_PAREN); if ( inputState->guessing==0 ) { -#line 1837 "pix.g" +#line 1908 "pix.g" importer->clear(); -#line 887 "PIXCfgParser.cpp" +#line 1006 "PIXCfgParser.cpp" } { if ((LA(1) == WORD || LA(1) == OUTSIDE) && (LA(2) == CLOSING_PAREN)) { @@ -916,26 +1035,26 @@ void PIXCfgParser::global_top_level_command() { match(GLOBAL); match(OPENING_PAREN); if ( inputState->guessing==0 ) { -#line 1930 "pix.g" +#line 2001 "pix.g" importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); -#line 925 "PIXCfgParser.cpp" +#line 1044 "PIXCfgParser.cpp" } interface_label(); if ( inputState->guessing==0 ) { -#line 1935 "pix.g" +#line 2006 "pix.g" importer->tmp_global_pool.interface = LT(0)->getText(); -#line 933 "PIXCfgParser.cpp" +#line 1052 "PIXCfgParser.cpp" } match(CLOSING_PAREN); num = LT(1); match(INT_CONST); if ( inputState->guessing==0 ) { -#line 1940 "pix.g" +#line 2011 "pix.g" importer->tmp_global_pool.str_num = num->getText(); importer->tmp_global_pool.netmask = "255.255.255.255"; @@ -944,7 +1063,7 @@ void PIXCfgParser::global_top_level_command() { << " " << importer->tmp_global_pool.interface; -#line 948 "PIXCfgParser.cpp" +#line 1067 "PIXCfgParser.cpp" } { switch ( LA(1)) { @@ -966,12 +1085,12 @@ void PIXCfgParser::global_top_level_command() { } } if ( inputState->guessing==0 ) { -#line 1952 "pix.g" +#line 2023 "pix.g" importer->tmp_global_pool.start = LT(0)->getText(); importer->tmp_global_pool.end = LT(0)->getText(); -#line 975 "PIXCfgParser.cpp" +#line 1094 "PIXCfgParser.cpp" } { switch ( LA(1)) { @@ -980,11 +1099,11 @@ void PIXCfgParser::global_top_level_command() { match(MINUS); single_addr(); if ( inputState->guessing==0 ) { -#line 1960 "pix.g" +#line 2031 "pix.g" importer->tmp_global_pool.end = LT(0)->getText(); -#line 988 "PIXCfgParser.cpp" +#line 1107 "PIXCfgParser.cpp" } break; } @@ -1006,11 +1125,11 @@ void PIXCfgParser::global_top_level_command() { match(NETMASK); match(IPV4); if ( inputState->guessing==0 ) { -#line 1969 "pix.g" +#line 2040 "pix.g" importer->tmp_global_pool.netmask = LT(0)->getText(); -#line 1014 "PIXCfgParser.cpp" +#line 1133 "PIXCfgParser.cpp" } break; } @@ -1026,7 +1145,7 @@ void PIXCfgParser::global_top_level_command() { } match(NEWLINE); if ( inputState->guessing==0 ) { -#line 1975 "pix.g" +#line 2046 "pix.g" importer->addGlobalPool(); *dbg << " " << importer->tmp_global_pool.start @@ -1034,7 +1153,7 @@ void PIXCfgParser::global_top_level_command() { << " " << importer->tmp_global_pool.netmask << std::endl; -#line 1038 "PIXCfgParser.cpp" +#line 1157 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1054,35 +1173,35 @@ void PIXCfgParser::static_top_level_command() { match(STATIC); match(OPENING_PAREN); if ( inputState->guessing==0 ) { -#line 1987 "pix.g" +#line 2058 "pix.g" importer->clear(); -#line 1062 "PIXCfgParser.cpp" +#line 1181 "PIXCfgParser.cpp" } interface_label(); if ( inputState->guessing==0 ) { -#line 1990 "pix.g" +#line 2061 "pix.g" importer->prenat_interface = LT(0)->getText(); -#line 1068 "PIXCfgParser.cpp" +#line 1187 "PIXCfgParser.cpp" } match(COMMA); interface_label(); if ( inputState->guessing==0 ) { -#line 1992 "pix.g" +#line 2063 "pix.g" importer->postnat_interface = LT(0)->getText(); -#line 1075 "PIXCfgParser.cpp" +#line 1194 "PIXCfgParser.cpp" } match(CLOSING_PAREN); if ( inputState->guessing==0 ) { -#line 1994 "pix.g" +#line 2065 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); importer->newUnidirRuleSet("nat", libfwbuilder::NAT::TYPENAME ); *dbg << " DNAT rule "; importer->rule_type = libfwbuilder::NATRule::DNAT; -#line 1086 "PIXCfgParser.cpp" +#line 1205 "PIXCfgParser.cpp" } { switch ( LA(1)) { @@ -1107,12 +1226,12 @@ void PIXCfgParser::static_top_level_command() { } match(NEWLINE); if ( inputState->guessing==0 ) { -#line 2010 "pix.g" +#line 2081 "pix.g" importer->pushNATRule(); *dbg << std::endl; -#line 1116 "PIXCfgParser.cpp" +#line 1235 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1139,7 +1258,7 @@ void PIXCfgParser::access_group() { match(INTRFACE); interface_label(); if ( inputState->guessing==0 ) { -#line 1810 "pix.g" +#line 1881 "pix.g" std::string intf_label = LT(0)->getText(); importer->setCurrentLineNumber(LT(0)->getLine()); @@ -1152,7 +1271,7 @@ void PIXCfgParser::access_group() { << " " << intf_label << " " << dir->getText() << std::endl; -#line 1156 "PIXCfgParser.cpp" +#line 1275 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1188,12 +1307,12 @@ void PIXCfgParser::certificate() { match(CERTIFICATE); match(WORD); if ( inputState->guessing==0 ) { -#line 829 "pix.g" +#line 861 "pix.g" consumeUntil(NEWLINE); consumeUntil(QUIT); -#line 1197 "PIXCfgParser.cpp" +#line 1316 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1212,11 +1331,11 @@ void PIXCfgParser::quit() { try { // for error handling match(QUIT); if ( inputState->guessing==0 ) { -#line 186 "pix.g" +#line 190 "pix.g" consumeUntil(NEWLINE); -#line 1220 "PIXCfgParser.cpp" +#line 1339 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1235,7 +1354,7 @@ void PIXCfgParser::names_section() { try { // for error handling match(NAMES); if ( inputState->guessing==0 ) { -#line 207 "pix.g" +#line 211 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); importer->addMessageToLog( @@ -1243,7 +1362,7 @@ void PIXCfgParser::names_section() { "Import of configuration that uses \"names\" " "is not supported at this time")); -#line 1247 "PIXCfgParser.cpp" +#line 1366 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1287,7 +1406,7 @@ void PIXCfgParser::name_entry() { n = LT(1); match(WORD); if ( inputState->guessing==0 ) { -#line 217 "pix.g" +#line 221 "pix.g" if (a) { @@ -1303,7 +1422,7 @@ void PIXCfgParser::name_entry() { consumeUntil(NEWLINE); } -#line 1307 "PIXCfgParser.cpp" +#line 1426 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1327,7 +1446,7 @@ void PIXCfgParser::named_object_network() { match(WORD); match(NEWLINE); if ( inputState->guessing==0 ) { -#line 250 "pix.g" +#line 254 "pix.g" importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); @@ -1335,7 +1454,7 @@ void PIXCfgParser::named_object_network() { *dbg << name->getLine() << ":" << " Named Object " << name->getText() << std::endl; -#line 1339 "PIXCfgParser.cpp" +#line 1458 "PIXCfgParser.cpp" } { // ( ... )* for (;;) { @@ -1376,36 +1495,66 @@ void PIXCfgParser::named_object_network() { void PIXCfgParser::named_object_service() { Tracer traceInOut(this, "named_object_service"); - ANTLR_USE_NAMESPACE(antlr)RefToken name = ANTLR_USE_NAMESPACE(antlr)nullToken; try { // for error handling match(OBJECT); match(SERVICE); - name = LT(1); - match(WORD); - match(NEWLINE); if ( inputState->guessing==0 ) { -#line 359 "pix.g" +#line 365 "pix.g" importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); - importer->newNamedObjectService(name->getText()); - *dbg << name->getLine() << ":" - << " Named Object " << name->getText() << std::endl; -#line 1397 "PIXCfgParser.cpp" +#line 1509 "PIXCfgParser.cpp" } + { + switch ( LA(1)) { + case WORD: + { + match(WORD); + break; + } + case HTTP: + { + match(HTTP); + break; + } + case SSH: + { + match(SSH); + break; + } + case TELNET: + { + match(TELNET); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + if ( inputState->guessing==0 ) { +#line 370 "pix.g" + + importer->newNamedObjectService(LT(0)->getText()); + *dbg << " NAMED OBJECT " << LT(0)->getText() << std::endl; + +#line 1545 "PIXCfgParser.cpp" + } + match(NEWLINE); { // ( ... )* for (;;) { - if ((LA(1) == DESCRIPTION || LA(1) == SERVICE)) { + if ((LA(1) == DESCRIPTION || LA(1) == SERVICE) && (_tokenSet_6.member(LA(2)))) { named_object_service_parameters(); } else { - goto _loop30; + goto _loop31; } } - _loop30:; + _loop31:; } // ( ... )* } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1429,7 +1578,7 @@ void PIXCfgParser::object_group_network() { match(WORD); match(NEWLINE); if ( inputState->guessing==0 ) { -#line 476 "pix.g" +#line 485 "pix.g" importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); @@ -1437,7 +1586,7 @@ void PIXCfgParser::object_group_network() { *dbg << name->getLine() << ":" << " Object Group " << name->getText() << std::endl; -#line 1441 "PIXCfgParser.cpp" +#line 1590 "PIXCfgParser.cpp" } { // ( ... )* for (;;) { @@ -1445,11 +1594,11 @@ void PIXCfgParser::object_group_network() { object_group_network_parameters(); } else { - goto _loop49; + goto _loop50; } } - _loop49:; + _loop50:; } // ( ... )* } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1506,7 +1655,7 @@ void PIXCfgParser::object_group_service() { } match(NEWLINE); if ( inputState->guessing==0 ) { -#line 698 "pix.g" +#line 707 "pix.g" importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); @@ -1517,19 +1666,19 @@ void PIXCfgParser::object_group_service() { *dbg << name->getLine() << ":" << " Object Group " << name->getText() << std::endl; -#line 1521 "PIXCfgParser.cpp" +#line 1670 "PIXCfgParser.cpp" } { // ( ... )* for (;;) { - if ((_tokenSet_6.member(LA(1)))) { + if ((_tokenSet_7.member(LA(1)))) { object_group_service_parameters(); } else { - goto _loop81; + goto _loop82; } } - _loop81:; + _loop82:; } // ( ... )* } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1553,7 +1702,7 @@ void PIXCfgParser::object_group_protocol() { match(WORD); match(NEWLINE); if ( inputState->guessing==0 ) { -#line 574 "pix.g" +#line 583 "pix.g" importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); @@ -1561,21 +1710,21 @@ void PIXCfgParser::object_group_protocol() { *dbg << name->getLine() << ":" << " Object Group " << name->getText() << std::endl; -#line 1565 "PIXCfgParser.cpp" +#line 1714 "PIXCfgParser.cpp" } { // ( ... )+ - int _cnt61=0; + int _cnt62=0; for (;;) { if ((LA(1) == DESCRIPTION || LA(1) == GROUP_OBJECT || LA(1) == PROTOCOL_OBJECT)) { object_group_protocol_parameters(); } else { - if ( _cnt61>=1 ) { goto _loop61; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());} + if ( _cnt62>=1 ) { goto _loop62; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());} } - _cnt61++; + _cnt62++; } - _loop61:; + _loop62:; } // ( ... )+ } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1599,7 +1748,7 @@ void PIXCfgParser::object_group_icmp_8_0() { match(WORD); match(NEWLINE); if ( inputState->guessing==0 ) { -#line 629 "pix.g" +#line 638 "pix.g" importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); @@ -1607,7 +1756,7 @@ void PIXCfgParser::object_group_icmp_8_0() { *dbg << name->getLine() << ":" << " Object Group " << name->getText() << std::endl; -#line 1611 "PIXCfgParser.cpp" +#line 1760 "PIXCfgParser.cpp" } { // ( ... )* for (;;) { @@ -1615,11 +1764,11 @@ void PIXCfgParser::object_group_icmp_8_0() { object_group_icmp_parameters(); } else { - goto _loop69; + goto _loop70; } } - _loop69:; + _loop70:; } // ( ... )* } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1643,7 +1792,7 @@ void PIXCfgParser::object_group_icmp_8_3() { match(WORD); match(NEWLINE); if ( inputState->guessing==0 ) { -#line 642 "pix.g" +#line 651 "pix.g" importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); @@ -1651,7 +1800,7 @@ void PIXCfgParser::object_group_icmp_8_3() { *dbg << name->getLine() << ":" << " Object Group " << name->getText() << std::endl; -#line 1655 "PIXCfgParser.cpp" +#line 1804 "PIXCfgParser.cpp" } { // ( ... )* for (;;) { @@ -1659,11 +1808,11 @@ void PIXCfgParser::object_group_icmp_8_3() { object_group_icmp_parameters(); } else { - goto _loop72; + goto _loop73; } } - _loop72:; + _loop73:; } // ( ... )* } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1682,11 +1831,11 @@ void PIXCfgParser::crypto() { try { // for error handling match(CRYPTO); if ( inputState->guessing==0 ) { -#line 792 "pix.g" +#line 801 "pix.g" consumeUntil(NEWLINE); -#line 1690 "PIXCfgParser.cpp" +#line 1839 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1705,13 +1854,13 @@ void PIXCfgParser::no_commands() { try { // for error handling match(NO); if ( inputState->guessing==0 ) { -#line 820 "pix.g" +#line 852 "pix.g" *dbg << " TOP LEVEL \"NO\" COMMAND: " << LT(0)->getText() << std::endl; consumeUntil(NEWLINE); -#line 1715 "PIXCfgParser.cpp" +#line 1864 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1730,11 +1879,11 @@ void PIXCfgParser::timeout_command() { try { // for error handling match(TIMEOUT); if ( inputState->guessing==0 ) { -#line 200 "pix.g" +#line 204 "pix.g" consumeUntil(NEWLINE); -#line 1738 "PIXCfgParser.cpp" +#line 1887 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1753,11 +1902,72 @@ void PIXCfgParser::dns_command() { try { // for error handling match(DNS); if ( inputState->guessing==0 ) { -#line 813 "pix.g" +#line 822 "pix.g" consumeUntil(NEWLINE); -#line 1761 "PIXCfgParser.cpp" +#line 1910 "PIXCfgParser.cpp" + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + if( inputState->guessing == 0 ) { + reportError(ex); + recover(ex,_tokenSet_1); + } else { + throw; + } + } +} + +void PIXCfgParser::service_top_level_command() { + Tracer traceInOut(this, "service_top_level_command"); + + try { // for error handling + match(SERVICE); + { + switch ( LA(1)) { + case CALL_HOME: + { + match(CALL_HOME); + break; + } + case INTERNAL: + { + match(INTERNAL); + break; + } + case PASSWORD_RECOVERY: + { + match(PASSWORD_RECOVERY); + break; + } + case RESETINBOUND: + { + match(RESETINBOUND); + break; + } + case RESETOUTBOUND: + { + match(RESETOUTBOUND); + break; + } + case RESETOUTSIDE: + { + match(RESETOUTSIDE); + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + if ( inputState->guessing==0 ) { +#line 845 "pix.g" + + consumeUntil(NEWLINE); + +#line 1971 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1776,11 +1986,11 @@ void PIXCfgParser::unknown_command() { try { // for error handling match(WORD); if ( inputState->guessing==0 ) { -#line 806 "pix.g" +#line 815 "pix.g" consumeUntil(NEWLINE); -#line 1784 "PIXCfgParser.cpp" +#line 1994 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1884,7 +2094,7 @@ void PIXCfgParser::ip_protocol_names() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_7); + recover(ex,_tokenSet_8); } else { throw; } @@ -1897,7 +2107,7 @@ void PIXCfgParser::named_object_nat() { try { // for error handling nat_top_level_command(); if ( inputState->guessing==0 ) { -#line 278 "pix.g" +#line 282 "pix.g" *dbg << "Named object with singleton nat command" << std::endl; importer->addMessageToLog( @@ -1906,7 +2116,7 @@ void PIXCfgParser::named_object_nat() { "is not supported at this time")); consumeUntil(NEWLINE); -#line 1910 "PIXCfgParser.cpp" +#line 2120 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1925,7 +2135,7 @@ void PIXCfgParser::named_object_description() { try { // for error handling match(DESCRIPTION); if ( inputState->guessing==0 ) { -#line 289 "pix.g" +#line 293 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); *dbg << LT(1)->getLine() << ":"; @@ -1938,7 +2148,7 @@ void PIXCfgParser::named_object_description() { importer->setNamedObjectDescription(descr); *dbg << " DESCRIPTION " << descr << std::endl; -#line 1942 "PIXCfgParser.cpp" +#line 2152 "PIXCfgParser.cpp" } match(NEWLINE); } @@ -2001,7 +2211,7 @@ void PIXCfgParser::host_addr() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -2022,7 +2232,7 @@ void PIXCfgParser::range_addr() { match(IPV4); } if ( inputState->guessing==0 ) { -#line 327 "pix.g" +#line 331 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); importer->tmp_range_1 = r1->getText(); @@ -2030,13 +2240,13 @@ void PIXCfgParser::range_addr() { importer->commitNamedAddressRangeObject(); *dbg << r1->getText() << "/" << r2->getText(); -#line 2034 "PIXCfgParser.cpp" +#line 2244 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -2078,7 +2288,7 @@ void PIXCfgParser::subnet_addr() { } } if ( inputState->guessing==0 ) { -#line 337 "pix.g" +#line 341 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); if (a) @@ -2095,13 +2305,13 @@ void PIXCfgParser::subnet_addr() { consumeUntil(NEWLINE); } -#line 2099 "PIXCfgParser.cpp" +#line 2309 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -2135,7 +2345,7 @@ void PIXCfgParser::single_addr() { } } if ( inputState->guessing==0 ) { -#line 308 "pix.g" +#line 312 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); if (h) @@ -2152,13 +2362,13 @@ void PIXCfgParser::single_addr() { consumeUntil(NEWLINE); } -#line 2156 "PIXCfgParser.cpp" +#line 2366 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_9); + recover(ex,_tokenSet_10); } else { throw; } @@ -2179,7 +2389,7 @@ void PIXCfgParser::named_object_service_parameters() { else if ((LA(1) == SERVICE) && (LA(2) == TCP || LA(2) == UDP)) { service_tcp_udp(); } - else if ((LA(1) == SERVICE) && (_tokenSet_10.member(LA(2)))) { + else if ((LA(1) == SERVICE) && (_tokenSet_11.member(LA(2)))) { service_other(); } else if ((LA(1) == SERVICE) && (LA(2) == WORD)) { @@ -2198,7 +2408,7 @@ void PIXCfgParser::named_object_service_parameters() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_11); + recover(ex,_tokenSet_12); } else { throw; } @@ -2219,11 +2429,11 @@ void PIXCfgParser::service_icmp() { icmp_type = LT(1); match(INT_CONST); if ( inputState->guessing==0 ) { -#line 391 "pix.g" +#line 400 "pix.g" importer->icmp_type = LT(0)->getText(); -#line 2227 "PIXCfgParser.cpp" +#line 2437 "PIXCfgParser.cpp" } break; } @@ -2249,11 +2459,11 @@ void PIXCfgParser::service_icmp() { { icmp_names(); if ( inputState->guessing==0 ) { -#line 396 "pix.g" +#line 405 "pix.g" importer->icmp_spec = LT(0)->getText(); -#line 2257 "PIXCfgParser.cpp" +#line 2467 "PIXCfgParser.cpp" } break; } @@ -2264,19 +2474,19 @@ void PIXCfgParser::service_icmp() { } } if ( inputState->guessing==0 ) { -#line 400 "pix.g" +#line 409 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); importer->commitNamedICMPServiceObject(); *dbg << "NAMED OBJECT SERVICE ICMP " << LT(0)->getText() << " "; -#line 2274 "PIXCfgParser.cpp" +#line 2484 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -2308,7 +2518,7 @@ void PIXCfgParser::service_icmp6() { } } if ( inputState->guessing==0 ) { -#line 408 "pix.g" +#line 417 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); importer->addMessageToLog( @@ -2318,13 +2528,13 @@ void PIXCfgParser::service_icmp6() { *dbg << "NAMED OBJECT SERVICE ICMP6 " << LT(0)->getText() << " "; consumeUntil(NEWLINE); -#line 2322 "PIXCfgParser.cpp" +#line 2532 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -2355,12 +2565,12 @@ void PIXCfgParser::service_tcp_udp() { } } if ( inputState->guessing==0 ) { -#line 420 "pix.g" +#line 429 "pix.g" importer->protocol = LT(0)->getText(); *dbg << "NAMED OBJECT SERVICE " << LT(0)->getText() << " "; -#line 2364 "PIXCfgParser.cpp" +#line 2574 "PIXCfgParser.cpp" } { switch ( LA(1)) { @@ -2408,18 +2618,18 @@ void PIXCfgParser::service_tcp_udp() { } } if ( inputState->guessing==0 ) { -#line 426 "pix.g" +#line 435 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); importer->commitNamedTCPUDPServiceObject(); -#line 2417 "PIXCfgParser.cpp" +#line 2627 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -2464,20 +2674,20 @@ void PIXCfgParser::service_other() { } } if ( inputState->guessing==0 ) { -#line 445 "pix.g" +#line 454 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); importer->protocol = LT(0)->getText(); importer->commitNamedIPServiceObject(); *dbg << "NAMED OBJECT SERVICE " << LT(0)->getText() << " "; -#line 2475 "PIXCfgParser.cpp" +#line 2685 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -2491,7 +2701,7 @@ void PIXCfgParser::service_unknown() { match(SERVICE); match(WORD); if ( inputState->guessing==0 ) { -#line 460 "pix.g" +#line 469 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); importer->protocol = "ip"; @@ -2502,13 +2712,13 @@ void PIXCfgParser::service_unknown() { importer->addMessageToLog(err); *dbg << "UNKNOWN SERVICE " << LT(0)->getText() << " "; -#line 2506 "PIXCfgParser.cpp" +#line 2716 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -2626,7 +2836,7 @@ void PIXCfgParser::icmp_names() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_12); + recover(ex,_tokenSet_13); } else { throw; } @@ -2640,17 +2850,17 @@ void PIXCfgParser::src_port_spec() { match(SOURCE); xoperator(); if ( inputState->guessing==0 ) { -#line 433 "pix.g" +#line 442 "pix.g" importer->SaveTmpPortToSrc(); -#line 2648 "PIXCfgParser.cpp" +#line 2858 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_13); + recover(ex,_tokenSet_14); } else { throw; } @@ -2684,17 +2894,17 @@ void PIXCfgParser::dst_port_spec() { } xoperator(); if ( inputState->guessing==0 ) { -#line 439 "pix.g" +#line 448 "pix.g" importer->SaveTmpPortToDst(); -#line 2692 "PIXCfgParser.cpp" +#line 2902 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -2703,9 +2913,9 @@ void PIXCfgParser::dst_port_spec() { void PIXCfgParser::xoperator() { Tracer traceInOut(this, "xoperator"); -#line 1094 "pix.g" +#line 1126 "pix.g" importer->tmp_port_spec = ""; -#line 2709 "PIXCfgParser.cpp" +#line 2919 "PIXCfgParser.cpp" try { // for error handling switch ( LA(1)) { @@ -2731,7 +2941,7 @@ void PIXCfgParser::xoperator() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_14); + recover(ex,_tokenSet_15); } else { throw; } @@ -2770,7 +2980,7 @@ void PIXCfgParser::object_group_network_parameters() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_15); + recover(ex,_tokenSet_16); } else { throw; } @@ -2783,7 +2993,7 @@ void PIXCfgParser::object_group_description() { try { // for error handling match(DESCRIPTION); if ( inputState->guessing==0 ) { -#line 500 "pix.g" +#line 509 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); *dbg << LT(1)->getLine() << ":"; @@ -2796,13 +3006,13 @@ void PIXCfgParser::object_group_description() { importer->setObjectGroupDescription(descr); *dbg << " DESCRIPTION " << descr << std::endl; -#line 2800 "PIXCfgParser.cpp" +#line 3010 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -2818,20 +3028,20 @@ void PIXCfgParser::group_object() { name = LT(1); match(WORD); if ( inputState->guessing==0 ) { -#line 515 "pix.g" +#line 524 "pix.g" importer->clearTempVars(); importer->setCurrentLineNumber(LT(0)->getLine()); importer->addNamedObjectToObjectGroup(name->getText()); *dbg << " GROUP MEMBER " << name->getLine() << std::endl; -#line 2829 "PIXCfgParser.cpp" +#line 3039 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -2850,12 +3060,12 @@ void PIXCfgParser::network_object() { try { // for error handling match(NETWORK_OBJECT); if ( inputState->guessing==0 ) { -#line 524 "pix.g" +#line 533 "pix.g" importer->clearTempVars(); importer->setCurrentLineNumber(LT(0)->getLine()); -#line 2859 "PIXCfgParser.cpp" +#line 3069 "PIXCfgParser.cpp" } { switch ( LA(1)) { @@ -2887,7 +3097,7 @@ void PIXCfgParser::network_object() { } } if ( inputState->guessing==0 ) { -#line 530 "pix.g" +#line 539 "pix.g" if (a) { @@ -2903,7 +3113,7 @@ void PIXCfgParser::network_object() { consumeUntil(NEWLINE); } -#line 2907 "PIXCfgParser.cpp" +#line 3117 "PIXCfgParser.cpp" } break; } @@ -2931,7 +3141,7 @@ void PIXCfgParser::network_object() { } } if ( inputState->guessing==0 ) { -#line 547 "pix.g" +#line 556 "pix.g" if (h) { @@ -2947,7 +3157,7 @@ void PIXCfgParser::network_object() { consumeUntil(NEWLINE); } -#line 2951 "PIXCfgParser.cpp" +#line 3161 "PIXCfgParser.cpp" } break; } @@ -2957,12 +3167,12 @@ void PIXCfgParser::network_object() { name = LT(1); match(WORD); if ( inputState->guessing==0 ) { -#line 564 "pix.g" +#line 573 "pix.g" importer->addNamedObjectToObjectGroup(name->getText()); *dbg << " GROUP MEMBER " << name->getLine() << std::endl; -#line 2966 "PIXCfgParser.cpp" +#line 3176 "PIXCfgParser.cpp" } break; } @@ -2976,7 +3186,7 @@ void PIXCfgParser::network_object() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -3015,7 +3225,7 @@ void PIXCfgParser::object_group_protocol_parameters() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_16); + recover(ex,_tokenSet_17); } else { throw; } @@ -3029,12 +3239,12 @@ void PIXCfgParser::protocol_object() { try { // for error handling match(PROTOCOL_OBJECT); if ( inputState->guessing==0 ) { -#line 598 "pix.g" +#line 607 "pix.g" importer->clearTempVars(); importer->setCurrentLineNumber(LT(0)->getLine()); -#line 3038 "PIXCfgParser.cpp" +#line 3248 "PIXCfgParser.cpp" } { switch ( LA(1)) { @@ -3106,14 +3316,14 @@ void PIXCfgParser::protocol_object() { } } if ( inputState->guessing==0 ) { -#line 604 "pix.g" +#line 613 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); importer->protocol = LT(0)->getText(); importer->addIPServiceToObjectGroup(); *dbg << " GROUP MEMBER " << LT(0)->getText() << " "; -#line 3117 "PIXCfgParser.cpp" +#line 3327 "PIXCfgParser.cpp" } break; } @@ -3121,13 +3331,13 @@ void PIXCfgParser::protocol_object() { { match(ICMP6); if ( inputState->guessing==0 ) { -#line 612 "pix.g" +#line 621 "pix.g" importer->addMessageToLog( QString("Parser warning: IPv6 import is not supported. ")); consumeUntil(NEWLINE); -#line 3131 "PIXCfgParser.cpp" +#line 3341 "PIXCfgParser.cpp" } break; } @@ -3137,12 +3347,12 @@ void PIXCfgParser::protocol_object() { name = LT(1); match(WORD); if ( inputState->guessing==0 ) { -#line 619 "pix.g" +#line 628 "pix.g" importer->addNamedObjectToObjectGroup(name->getText()); *dbg << " GROUP MEMBER " << name->getLine() << std::endl; -#line 3146 "PIXCfgParser.cpp" +#line 3356 "PIXCfgParser.cpp" } break; } @@ -3156,7 +3366,7 @@ void PIXCfgParser::protocol_object() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -3195,7 +3405,7 @@ void PIXCfgParser::object_group_icmp_parameters() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_17); + recover(ex,_tokenSet_18); } else { throw; } @@ -3210,12 +3420,12 @@ void PIXCfgParser::icmp_object() { try { // for error handling match(ICMP_OBJECT); if ( inputState->guessing==0 ) { -#line 666 "pix.g" +#line 675 "pix.g" importer->clearTempVars(); importer->setCurrentLineNumber(LT(0)->getLine()); -#line 3219 "PIXCfgParser.cpp" +#line 3429 "PIXCfgParser.cpp" } { switch ( LA(1)) { @@ -3247,11 +3457,11 @@ void PIXCfgParser::icmp_object() { icmp_type = LT(1); match(INT_CONST); if ( inputState->guessing==0 ) { -#line 673 "pix.g" +#line 682 "pix.g" importer->icmp_type = LT(0)->getText(); -#line 3255 "PIXCfgParser.cpp" +#line 3465 "PIXCfgParser.cpp" } break; } @@ -3277,11 +3487,11 @@ void PIXCfgParser::icmp_object() { { icmp_names(); if ( inputState->guessing==0 ) { -#line 678 "pix.g" +#line 687 "pix.g" importer->icmp_spec = LT(0)->getText(); -#line 3285 "PIXCfgParser.cpp" +#line 3495 "PIXCfgParser.cpp" } break; } @@ -3292,12 +3502,12 @@ void PIXCfgParser::icmp_object() { } } if ( inputState->guessing==0 ) { -#line 682 "pix.g" +#line 691 "pix.g" importer->addICMPServiceToObjectGroup(); *dbg << " SERVICE ICMP " << LT(0)->getText() << " "; -#line 3301 "PIXCfgParser.cpp" +#line 3511 "PIXCfgParser.cpp" } break; } @@ -3307,12 +3517,12 @@ void PIXCfgParser::icmp_object() { name = LT(1); match(WORD); if ( inputState->guessing==0 ) { -#line 688 "pix.g" +#line 697 "pix.g" importer->addNamedObjectToObjectGroup(name->getText()); *dbg << " GROUP MEMBER " << name->getLine() << std::endl; -#line 3316 "PIXCfgParser.cpp" +#line 3526 "PIXCfgParser.cpp" } break; } @@ -3326,7 +3536,7 @@ void PIXCfgParser::icmp_object() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -3370,7 +3580,7 @@ void PIXCfgParser::object_group_service_parameters() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_18); + recover(ex,_tokenSet_19); } else { throw; } @@ -3385,12 +3595,12 @@ void PIXCfgParser::service_object() { try { // for error handling match(SERVICE_OBJECT); if ( inputState->guessing==0 ) { -#line 727 "pix.g" +#line 736 "pix.g" importer->clearTempVars(); importer->setCurrentLineNumber(LT(0)->getLine()); -#line 3394 "PIXCfgParser.cpp" +#line 3604 "PIXCfgParser.cpp" } { switch ( LA(1)) { @@ -3444,14 +3654,14 @@ void PIXCfgParser::service_object() { } } if ( inputState->guessing==0 ) { -#line 733 "pix.g" +#line 742 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); importer->protocol = LT(0)->getText(); importer->addIPServiceToObjectGroup(); *dbg << " GROUP MEMBER " << LT(0)->getText() << " "; -#line 3455 "PIXCfgParser.cpp" +#line 3665 "PIXCfgParser.cpp" } break; } @@ -3483,12 +3693,12 @@ void PIXCfgParser::service_object() { } } if ( inputState->guessing==0 ) { -#line 741 "pix.g" +#line 750 "pix.g" importer->protocol = LT(0)->getText(); *dbg << " SERVICE TCP/UDP" << LT(0)->getText() << " "; -#line 3492 "PIXCfgParser.cpp" +#line 3702 "PIXCfgParser.cpp" } { switch ( LA(1)) { @@ -3536,11 +3746,11 @@ void PIXCfgParser::service_object() { } } if ( inputState->guessing==0 ) { -#line 747 "pix.g" +#line 756 "pix.g" importer->addTCPUDPServiceToObjectGroup(); -#line 3544 "PIXCfgParser.cpp" +#line 3754 "PIXCfgParser.cpp" } break; } @@ -3554,11 +3764,11 @@ void PIXCfgParser::service_object() { icmp_type = LT(1); match(INT_CONST); if ( inputState->guessing==0 ) { -#line 754 "pix.g" +#line 763 "pix.g" importer->icmp_type = LT(0)->getText(); -#line 3562 "PIXCfgParser.cpp" +#line 3772 "PIXCfgParser.cpp" } break; } @@ -3584,11 +3794,11 @@ void PIXCfgParser::service_object() { { icmp_names(); if ( inputState->guessing==0 ) { -#line 759 "pix.g" +#line 768 "pix.g" importer->icmp_spec = LT(0)->getText(); -#line 3592 "PIXCfgParser.cpp" +#line 3802 "PIXCfgParser.cpp" } break; } @@ -3599,12 +3809,12 @@ void PIXCfgParser::service_object() { } } if ( inputState->guessing==0 ) { -#line 763 "pix.g" +#line 772 "pix.g" importer->addICMPServiceToObjectGroup(); *dbg << " SERVICE ICMP " << LT(0)->getText() << " "; -#line 3608 "PIXCfgParser.cpp" +#line 3818 "PIXCfgParser.cpp" } break; } @@ -3614,12 +3824,12 @@ void PIXCfgParser::service_object() { name = LT(1); match(WORD); if ( inputState->guessing==0 ) { -#line 769 "pix.g" +#line 778 "pix.g" importer->addNamedObjectToObjectGroup(name->getText()); *dbg << " GROUP MEMBER " << name->getLine() << std::endl; -#line 3623 "PIXCfgParser.cpp" +#line 3833 "PIXCfgParser.cpp" } break; } @@ -3633,7 +3843,7 @@ void PIXCfgParser::service_object() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -3642,18 +3852,18 @@ void PIXCfgParser::service_object() { void PIXCfgParser::port_object() { Tracer traceInOut(this, "port_object"); -#line 776 "pix.g" +#line 785 "pix.g" importer->tmp_port_spec = ""; importer->tmp_port_spec_2 = ""; -#line 3651 "PIXCfgParser.cpp" +#line 3861 "PIXCfgParser.cpp" try { // for error handling match(PORT_OBJECT); xoperator(); if ( inputState->guessing==0 ) { -#line 781 "pix.g" +#line 790 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); *dbg << " PORT OBJECT TCP/UDP " << LT(0)->getText() << " " << std::endl; @@ -3661,13 +3871,13 @@ void PIXCfgParser::port_object() { importer->addTCPUDPServiceToObjectGroup(); *dbg << std::endl; -#line 3665 "PIXCfgParser.cpp" +#line 3875 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -3697,23 +3907,23 @@ void PIXCfgParser::permit_extended() { } match(PERMIT); if ( inputState->guessing==0 ) { -#line 890 "pix.g" +#line 922 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); importer->newPolicyRule(); importer->action = "permit"; *dbg << LT(1)->getLine() << ":" << " permit "; -#line 3708 "PIXCfgParser.cpp" +#line 3918 "PIXCfgParser.cpp" } rule_extended(); match(NEWLINE); if ( inputState->guessing==0 ) { -#line 897 "pix.g" +#line 929 "pix.g" importer->pushRule(); -#line 3717 "PIXCfgParser.cpp" +#line 3927 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -3749,23 +3959,23 @@ void PIXCfgParser::deny_extended() { } match(DENY); if ( inputState->guessing==0 ) { -#line 903 "pix.g" +#line 935 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); importer->newPolicyRule(); importer->action = "deny"; *dbg << LT(1)->getLine() << ":" << " deny "; -#line 3760 "PIXCfgParser.cpp" +#line 3970 "PIXCfgParser.cpp" } rule_extended(); match(NEWLINE); if ( inputState->guessing==0 ) { -#line 910 "pix.g" +#line 942 "pix.g" importer->pushRule(); -#line 3769 "PIXCfgParser.cpp" +#line 3979 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -3785,23 +3995,23 @@ void PIXCfgParser::permit_standard() { match(STANDARD); match(PERMIT); if ( inputState->guessing==0 ) { -#line 916 "pix.g" +#line 948 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); importer->newPolicyRule(); importer->action = "permit"; *dbg << LT(1)->getLine() << ":" << " permit "; -#line 3796 "PIXCfgParser.cpp" +#line 4006 "PIXCfgParser.cpp" } rule_standard(); match(NEWLINE); if ( inputState->guessing==0 ) { -#line 923 "pix.g" +#line 955 "pix.g" importer->pushRule(); -#line 3805 "PIXCfgParser.cpp" +#line 4015 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -3821,23 +4031,23 @@ void PIXCfgParser::deny_standard() { match(STANDARD); match(DENY); if ( inputState->guessing==0 ) { -#line 929 "pix.g" +#line 961 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); importer->newPolicyRule(); importer->action = "deny"; *dbg << LT(1)->getLine() << ":" << " deny "; -#line 3832 "PIXCfgParser.cpp" +#line 4042 "PIXCfgParser.cpp" } rule_standard(); match(NEWLINE); if ( inputState->guessing==0 ) { -#line 936 "pix.g" +#line 968 "pix.g" importer->pushRule(); -#line 3841 "PIXCfgParser.cpp" +#line 4051 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -3856,7 +4066,7 @@ void PIXCfgParser::remark() { try { // for error handling match(REMARK); if ( inputState->guessing==0 ) { -#line 1792 "pix.g" +#line 1863 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); *dbg << LT(1)->getLine() << ":"; @@ -3870,7 +4080,7 @@ void PIXCfgParser::remark() { *dbg << " REMARK " << rem << std::endl; //consumeUntil(NEWLINE); -#line 3874 "PIXCfgParser.cpp" +#line 4084 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -3911,15 +4121,15 @@ void PIXCfgParser::rule_extended() { ip_protocols(); hostaddr_expr(); if ( inputState->guessing==0 ) { -#line 961 "pix.g" +#line 993 "pix.g" importer->SaveTmpAddrToSrc(); *dbg << "(src) "; -#line 3917 "PIXCfgParser.cpp" +#line 4127 "PIXCfgParser.cpp" } hostaddr_expr(); if ( inputState->guessing==0 ) { -#line 962 "pix.g" +#line 994 "pix.g" importer->SaveTmpAddrToDst(); *dbg << "(dst) "; -#line 3923 "PIXCfgParser.cpp" +#line 4133 "PIXCfgParser.cpp" } { switch ( LA(1)) { @@ -3984,24 +4194,24 @@ void PIXCfgParser::rule_extended() { { match(ICMP); if ( inputState->guessing==0 ) { -#line 968 "pix.g" +#line 1000 "pix.g" importer->protocol = LT(0)->getText(); *dbg << "protocol " << LT(0)->getText() << " "; -#line 3993 "PIXCfgParser.cpp" +#line 4203 "PIXCfgParser.cpp" } hostaddr_expr(); if ( inputState->guessing==0 ) { -#line 972 "pix.g" +#line 1004 "pix.g" importer->SaveTmpAddrToSrc(); *dbg << "(src) "; -#line 3999 "PIXCfgParser.cpp" +#line 4209 "PIXCfgParser.cpp" } hostaddr_expr(); if ( inputState->guessing==0 ) { -#line 973 "pix.g" +#line 1005 "pix.g" importer->SaveTmpAddrToDst(); *dbg << "(dst) "; -#line 4005 "PIXCfgParser.cpp" +#line 4215 "PIXCfgParser.cpp" } { switch ( LA(1)) { @@ -4115,17 +4325,17 @@ void PIXCfgParser::rule_extended() { } } if ( inputState->guessing==0 ) { -#line 981 "pix.g" +#line 1013 "pix.g" *dbg << std::endl; -#line 4123 "PIXCfgParser.cpp" +#line 4333 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -4137,28 +4347,28 @@ void PIXCfgParser::rule_standard() { try { // for error handling if ( inputState->guessing==0 ) { -#line 946 "pix.g" +#line 978 "pix.g" importer->tmp_a = "0.0.0.0"; importer->tmp_nm = "0.0.0.0"; importer->SaveTmpAddrToSrc(); -#line 4147 "PIXCfgParser.cpp" +#line 4357 "PIXCfgParser.cpp" } hostaddr_expr(); if ( inputState->guessing==0 ) { -#line 952 "pix.g" +#line 984 "pix.g" importer->SaveTmpAddrToDst(); *dbg << "(dst) " << std::endl; -#line 4156 "PIXCfgParser.cpp" +#line 4366 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -4179,13 +4389,13 @@ void PIXCfgParser::hostaddr_expr() { match(INTRFACE); interface_label(); if ( inputState->guessing==0 ) { -#line 1228 "pix.g" +#line 1260 "pix.g" importer->tmp_a = LT(0)->getText(); importer->tmp_nm = "interface"; *dbg << "object " << LT(0)->getText() << " "; -#line 4189 "PIXCfgParser.cpp" +#line 4399 "PIXCfgParser.cpp" } break; } @@ -4215,13 +4425,13 @@ void PIXCfgParser::hostaddr_expr() { match(WORD); } if ( inputState->guessing==0 ) { -#line 1235 "pix.g" +#line 1267 "pix.g" importer->tmp_a = name->getText(); importer->tmp_nm = ""; *dbg << "object " << name->getText() << " "; -#line 4225 "PIXCfgParser.cpp" +#line 4435 "PIXCfgParser.cpp" } break; } @@ -4233,13 +4443,13 @@ void PIXCfgParser::hostaddr_expr() { match(IPV4); } if ( inputState->guessing==0 ) { -#line 1242 "pix.g" +#line 1274 "pix.g" importer->tmp_a = h->getText(); importer->tmp_nm = "255.255.255.255"; *dbg << h->getText() << "/255.255.255.255"; -#line 4243 "PIXCfgParser.cpp" +#line 4453 "PIXCfgParser.cpp" } break; } @@ -4252,13 +4462,13 @@ void PIXCfgParser::hostaddr_expr() { match(IPV4); } if ( inputState->guessing==0 ) { -#line 1249 "pix.g" +#line 1281 "pix.g" importer->tmp_a = a->getText(); importer->tmp_nm = m->getText(); *dbg << a->getText() << "/" << m->getText(); -#line 4262 "PIXCfgParser.cpp" +#line 4472 "PIXCfgParser.cpp" } break; } @@ -4266,13 +4476,13 @@ void PIXCfgParser::hostaddr_expr() { { match(ANY); if ( inputState->guessing==0 ) { -#line 1256 "pix.g" +#line 1288 "pix.g" importer->tmp_a = "0.0.0.0"; importer->tmp_nm = "0.0.0.0"; *dbg << "0.0.0.0/0.0.0.0"; -#line 4276 "PIXCfgParser.cpp" +#line 4486 "PIXCfgParser.cpp" } break; } @@ -4285,7 +4495,7 @@ void PIXCfgParser::hostaddr_expr() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_19); + recover(ex,_tokenSet_20); } else { throw; } @@ -4349,12 +4559,12 @@ void PIXCfgParser::ip_protocols() { } } if ( inputState->guessing==0 ) { -#line 1175 "pix.g" +#line 1207 "pix.g" importer->protocol = LT(0)->getText(); *dbg << "protocol " << LT(0)->getText() << " "; -#line 4358 "PIXCfgParser.cpp" +#line 4568 "PIXCfgParser.cpp" } break; } @@ -4384,12 +4594,12 @@ void PIXCfgParser::ip_protocols() { match(WORD); } if ( inputState->guessing==0 ) { -#line 1181 "pix.g" +#line 1213 "pix.g" importer->protocol = name->getText(); *dbg << "protocol " << name->getText() << " "; -#line 4393 "PIXCfgParser.cpp" +#line 4603 "PIXCfgParser.cpp" } break; } @@ -4403,7 +4613,7 @@ void PIXCfgParser::ip_protocols() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_20); + recover(ex,_tokenSet_21); } else { throw; } @@ -4419,18 +4629,18 @@ void PIXCfgParser::time_range() { tr_name = LT(1); match(WORD); if ( inputState->guessing==0 ) { -#line 1308 "pix.g" +#line 1340 "pix.g" importer->time_range_name = tr_name->getText(); *dbg << "time_range " << tr_name->getText() << " "; -#line 4428 "PIXCfgParser.cpp" +#line 4638 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_21); + recover(ex,_tokenSet_22); } else { throw; } @@ -4443,18 +4653,18 @@ void PIXCfgParser::fragments() { try { // for error handling match(FRAGMENTS); if ( inputState->guessing==0 ) { -#line 1301 "pix.g" +#line 1333 "pix.g" importer->fragments = true; *dbg << "fragments "; -#line 4452 "PIXCfgParser.cpp" +#line 4662 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_22); + recover(ex,_tokenSet_23); } else { throw; } @@ -4484,11 +4694,11 @@ void PIXCfgParser::log() { } } if ( inputState->guessing==0 ) { -#line 1267 "pix.g" +#line 1299 "pix.g" importer->logging = true; -#line 4492 "PIXCfgParser.cpp" +#line 4702 "PIXCfgParser.cpp" } { { @@ -4569,9 +4779,9 @@ void PIXCfgParser::log() { } } if ( inputState->guessing==0 ) { -#line 1284 "pix.g" +#line 1316 "pix.g" importer->log_level = LT(0)->getText(); -#line 4575 "PIXCfgParser.cpp" +#line 4785 "PIXCfgParser.cpp" } break; } @@ -4595,9 +4805,9 @@ void PIXCfgParser::log() { match(INT_CONST); } if ( inputState->guessing==0 ) { -#line 1289 "pix.g" +#line 1321 "pix.g" importer->log_interval = LT(0)->getText(); -#line 4601 "PIXCfgParser.cpp" +#line 4811 "PIXCfgParser.cpp" } break; } @@ -4613,20 +4823,20 @@ void PIXCfgParser::log() { } } if ( inputState->guessing==0 ) { -#line 1292 "pix.g" +#line 1324 "pix.g" // if (importer->log_level == "log") importer->log_level = ""; // if (importer->log_interval == "log") importer->log_interval = ""; *dbg << "logging level '" << importer->log_level << "' interval '" << importer->log_interval << "'"; -#line 4624 "PIXCfgParser.cpp" +#line 4834 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -4650,7 +4860,7 @@ void PIXCfgParser::icmp_spec() { match(INT_CONST); } if ( inputState->guessing==0 ) { -#line 1191 "pix.g" +#line 1223 "pix.g" importer->icmp_type = icmp_type->getText(); importer->icmp_code = icmp_code->getText(); @@ -4658,7 +4868,7 @@ void PIXCfgParser::icmp_spec() { *dbg << icmp_type->getText() << " " << icmp_code->getText() << " "; -#line 4662 "PIXCfgParser.cpp" +#line 4872 "PIXCfgParser.cpp" } break; } @@ -4684,12 +4894,12 @@ void PIXCfgParser::icmp_spec() { { icmp_names(); if ( inputState->guessing==0 ) { -#line 1200 "pix.g" +#line 1232 "pix.g" importer->icmp_spec = LT(0)->getText(); *dbg << LT(0)->getText() << " "; -#line 4693 "PIXCfgParser.cpp" +#line 4903 "PIXCfgParser.cpp" } break; } @@ -4703,7 +4913,7 @@ void PIXCfgParser::icmp_spec() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_12); + recover(ex,_tokenSet_13); } else { throw; } @@ -4735,24 +4945,24 @@ void PIXCfgParser::tcp_udp_rule_extended() { } } if ( inputState->guessing==0 ) { -#line 988 "pix.g" +#line 1020 "pix.g" importer->protocol = LT(0)->getText(); *dbg << "protocol " << LT(0)->getText() << " "; -#line 4744 "PIXCfgParser.cpp" +#line 4954 "PIXCfgParser.cpp" } hostaddr_expr(); if ( inputState->guessing==0 ) { -#line 992 "pix.g" +#line 1024 "pix.g" importer->SaveTmpAddrToSrc(); *dbg << "(src) "; -#line 4750 "PIXCfgParser.cpp" +#line 4960 "PIXCfgParser.cpp" } { - bool synPredMatched124 = false; - if (((_tokenSet_20.member(LA(1))) && (_tokenSet_23.member(LA(2))))) { - int _m124 = mark(); - synPredMatched124 = true; + bool synPredMatched127 = false; + if (((_tokenSet_21.member(LA(1))) && (_tokenSet_24.member(LA(2))))) { + int _m127 = mark(); + synPredMatched127 = true; inputState->guessing++; try { { @@ -4760,46 +4970,46 @@ void PIXCfgParser::tcp_udp_rule_extended() { } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) { - synPredMatched124 = false; + synPredMatched127 = false; } - rewind(_m124); + rewind(_m127); inputState->guessing--; } - if ( synPredMatched124 ) { + if ( synPredMatched127 ) { { if (((LA(1) == OBJECT_GROUP) && (LA(2) == WORD))&&( importer->isKnownServiceGroupName(LT(2)->getText()) )) { match(OBJECT_GROUP); src_grp_name = LT(1); match(WORD); if ( inputState->guessing==0 ) { -#line 1002 "pix.g" +#line 1034 "pix.g" importer->src_port_spec = src_grp_name->getText(); *dbg << "src port spec: " << src_grp_name->getText() << std::endl; -#line 4782 "PIXCfgParser.cpp" +#line 4992 "PIXCfgParser.cpp" } hostaddr_expr_1(); if ( inputState->guessing==0 ) { -#line 1010 "pix.g" +#line 1042 "pix.g" importer->SaveTmpAddrToDst(); *dbg << "(dst) "; -#line 4791 "PIXCfgParser.cpp" +#line 5001 "PIXCfgParser.cpp" } acl_tcp_udp_dst_port_spec(); } - else if ((_tokenSet_20.member(LA(1))) && (_tokenSet_23.member(LA(2)))) { + else if ((_tokenSet_21.member(LA(1))) && (_tokenSet_24.member(LA(2)))) { hostaddr_expr_2(); if ( inputState->guessing==0 ) { -#line 1019 "pix.g" +#line 1051 "pix.g" importer->SaveTmpAddrToDst(); *dbg << "(dst) "; -#line 4803 "PIXCfgParser.cpp" +#line 5013 "PIXCfgParser.cpp" } acl_tcp_udp_dst_port_spec(); } @@ -4814,10 +5024,10 @@ void PIXCfgParser::tcp_udp_rule_extended() { dst_addr_name = LT(1); match(WORD); { - if ((_tokenSet_24.member(LA(1))) && (_tokenSet_25.member(LA(2)))) { + if ((_tokenSet_25.member(LA(1))) && (_tokenSet_26.member(LA(2)))) { acl_xoperator_dst(); } - else if ((_tokenSet_26.member(LA(1))) && (_tokenSet_27.member(LA(2)))) { + else if ((_tokenSet_27.member(LA(1))) && (_tokenSet_28.member(LA(2)))) { } else { throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); @@ -4825,10 +5035,10 @@ void PIXCfgParser::tcp_udp_rule_extended() { } { - if ((LA(1) == ESTABLISHED) && (_tokenSet_26.member(LA(2)))) { + if ((LA(1) == ESTABLISHED) && (_tokenSet_27.member(LA(2)))) { established(); } - else if ((_tokenSet_26.member(LA(1))) && (_tokenSet_28.member(LA(2)))) { + else if ((_tokenSet_27.member(LA(1))) && (_tokenSet_29.member(LA(2)))) { } else { throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); @@ -4836,7 +5046,7 @@ void PIXCfgParser::tcp_udp_rule_extended() { } if ( inputState->guessing==0 ) { -#line 1028 "pix.g" +#line 1060 "pix.g" // looks like "object foo" at this point can only be dest addr. // (judging by cli prompts on 8.3) @@ -4845,11 +5055,11 @@ void PIXCfgParser::tcp_udp_rule_extended() { importer->SaveTmpAddrToDst(); *dbg << "dst addr object " << dst_addr_name->getText() << " "; -#line 4849 "PIXCfgParser.cpp" +#line 5059 "PIXCfgParser.cpp" } acl_tcp_udp_dst_port_spec(); } - else if ((_tokenSet_29.member(LA(1))) && (_tokenSet_30.member(LA(2)))) { + else if ((_tokenSet_30.member(LA(1))) && (_tokenSet_31.member(LA(2)))) { { switch ( LA(1)) { case RANGE: @@ -4860,11 +5070,11 @@ void PIXCfgParser::tcp_udp_rule_extended() { { xoperator(); if ( inputState->guessing==0 ) { -#line 1042 "pix.g" +#line 1074 "pix.g" importer->SaveTmpPortToSrc(); -#line 4868 "PIXCfgParser.cpp" +#line 5078 "PIXCfgParser.cpp" } break; } @@ -4885,9 +5095,9 @@ void PIXCfgParser::tcp_udp_rule_extended() { } hostaddr_expr_3(); if ( inputState->guessing==0 ) { -#line 1046 "pix.g" +#line 1078 "pix.g" importer->SaveTmpAddrToDst(); *dbg << "(dst) "; -#line 4891 "PIXCfgParser.cpp" +#line 5101 "PIXCfgParser.cpp" } acl_tcp_udp_dst_port_spec(); } @@ -4957,7 +5167,7 @@ void PIXCfgParser::tcp_udp_rule_extended() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -4973,7 +5183,7 @@ void PIXCfgParser::hostaddr_expr_1() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_26); + recover(ex,_tokenSet_27); } else { throw; } @@ -4995,13 +5205,13 @@ void PIXCfgParser::acl_tcp_udp_dst_port_spec() { dst_port_group_name = LT(1); match(WORD); if ( inputState->guessing==0 ) { -#line 1064 "pix.g" +#line 1096 "pix.g" importer->dst_port_spec = dst_port_group_name->getText(); *dbg << "dst port spec: " << dst_port_group_name->getText() << std::endl; -#line 5005 "PIXCfgParser.cpp" +#line 5215 "PIXCfgParser.cpp" } { switch ( LA(1)) { @@ -5033,13 +5243,13 @@ void PIXCfgParser::acl_tcp_udp_dst_port_spec() { dst_port_obj_name = LT(1); match(WORD); if ( inputState->guessing==0 ) { -#line 1074 "pix.g" +#line 1106 "pix.g" importer->dst_port_spec = dst_port_obj_name->getText(); *dbg << "dst addr object " << dst_port_obj_name->getText() << std::endl; -#line 5043 "PIXCfgParser.cpp" +#line 5253 "PIXCfgParser.cpp" } { switch ( LA(1)) { @@ -5135,7 +5345,7 @@ void PIXCfgParser::acl_tcp_udp_dst_port_spec() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_12); + recover(ex,_tokenSet_13); } else { throw; } @@ -5151,7 +5361,7 @@ void PIXCfgParser::hostaddr_expr_2() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_26); + recover(ex,_tokenSet_27); } else { throw; } @@ -5164,17 +5374,17 @@ void PIXCfgParser::acl_xoperator_dst() { try { // for error handling xoperator(); if ( inputState->guessing==0 ) { -#line 1089 "pix.g" +#line 1121 "pix.g" importer->SaveTmpPortToDst(); -#line 5172 "PIXCfgParser.cpp" +#line 5382 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_26); + recover(ex,_tokenSet_27); } else { throw; } @@ -5187,18 +5397,18 @@ void PIXCfgParser::established() { try { // for error handling match(ESTABLISHED); if ( inputState->guessing==0 ) { -#line 1164 "pix.g" +#line 1196 "pix.g" importer->established = true; *dbg << "established "; -#line 5196 "PIXCfgParser.cpp" +#line 5406 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_26); + recover(ex,_tokenSet_27); } else { throw; } @@ -5214,7 +5424,7 @@ void PIXCfgParser::hostaddr_expr_3() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_26); + recover(ex,_tokenSet_27); } else { throw; } @@ -5254,19 +5464,19 @@ void PIXCfgParser::single_port_op() { } } if ( inputState->guessing==0 ) { -#line 1101 "pix.g" +#line 1133 "pix.g" importer->tmp_port_op = LT(0)->getText(); *dbg << LT(0)->getText() << " "; -#line 5263 "PIXCfgParser.cpp" +#line 5473 "PIXCfgParser.cpp" } port_spec(); } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_14); + recover(ex,_tokenSet_15); } else { throw; } @@ -5280,18 +5490,18 @@ void PIXCfgParser::port_range() { match(RANGE); pair_of_ports_spec(); if ( inputState->guessing==0 ) { -#line 1120 "pix.g" +#line 1152 "pix.g" importer->tmp_port_op = "range"; *dbg << "range " << importer->tmp_port_spec; -#line 5289 "PIXCfgParser.cpp" +#line 5499 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_14); + recover(ex,_tokenSet_15); } else { throw; } @@ -5303,26 +5513,26 @@ void PIXCfgParser::port_spec() { try { // for error handling if ( inputState->guessing==0 ) { -#line 1109 "pix.g" +#line 1141 "pix.g" importer->tmp_port_spec_2 = ""; -#line 5311 "PIXCfgParser.cpp" +#line 5521 "PIXCfgParser.cpp" } tcp_udp_port_spec(); if ( inputState->guessing==0 ) { -#line 1113 "pix.g" +#line 1145 "pix.g" importer->tmp_port_spec = std::string(" ") + importer->tmp_port_spec_2; *dbg << LT(0)->getText() << " " << importer->tmp_port_spec; -#line 5320 "PIXCfgParser.cpp" +#line 5530 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_14); + recover(ex,_tokenSet_15); } else { throw; } @@ -5336,11 +5546,11 @@ void PIXCfgParser::tcp_udp_port_spec() { { switch ( LA(1)) { case PPTP: + case SSH: + case TELNET: case HOSTNAME: case ECHO: case RIP: - case SSH: - case TELNET: { tcp_udp_port_names(); break; @@ -5362,17 +5572,17 @@ void PIXCfgParser::tcp_udp_port_spec() { } } if ( inputState->guessing==0 ) { -#line 1144 "pix.g" +#line 1176 "pix.g" importer->tmp_port_spec_2 = LT(0)->getText(); -#line 5370 "PIXCfgParser.cpp" +#line 5580 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_31); + recover(ex,_tokenSet_32); } else { throw; } @@ -5384,34 +5594,34 @@ void PIXCfgParser::pair_of_ports_spec() { try { // for error handling if ( inputState->guessing==0 ) { -#line 1127 "pix.g" +#line 1159 "pix.g" importer->tmp_port_spec_2 = ""; -#line 5392 "PIXCfgParser.cpp" +#line 5602 "PIXCfgParser.cpp" } tcp_udp_port_spec(); if ( inputState->guessing==0 ) { -#line 1131 "pix.g" +#line 1163 "pix.g" importer->tmp_port_spec += importer->tmp_port_spec_2; -#line 5400 "PIXCfgParser.cpp" +#line 5610 "PIXCfgParser.cpp" } tcp_udp_port_spec(); if ( inputState->guessing==0 ) { -#line 1135 "pix.g" +#line 1167 "pix.g" importer->tmp_port_spec += " "; importer->tmp_port_spec += importer->tmp_port_spec_2; -#line 5409 "PIXCfgParser.cpp" +#line 5619 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_14); + recover(ex,_tokenSet_15); } else { throw; } @@ -5464,7 +5674,7 @@ void PIXCfgParser::tcp_udp_port_names() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_31); + recover(ex,_tokenSet_32); } else { throw; } @@ -5495,7 +5705,7 @@ void PIXCfgParser::interface_label() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_32); + recover(ex,_tokenSet_33); } else { throw; } @@ -5511,14 +5721,14 @@ void PIXCfgParser::interface_command_6() { match(WORD); pix6_interface_hw_speed(); if ( inputState->guessing==0 ) { -#line 1372 "pix.g" +#line 1404 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); importer->newInterface( in->getText() ); *dbg << in->getLine() << ":" << " INTRFACE: " << in->getText() << std::endl; -#line 5522 "PIXCfgParser.cpp" +#line 5732 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -5534,41 +5744,41 @@ void PIXCfgParser::interface_command_6() { void PIXCfgParser::interface_command_7() { Tracer traceInOut(this, "interface_command_7"); ANTLR_USE_NAMESPACE(antlr)RefToken in = ANTLR_USE_NAMESPACE(antlr)nullToken; -#line 1380 "pix.g" +#line 1412 "pix.g" bool have_interface_parameters = false; -#line 5540 "PIXCfgParser.cpp" +#line 5750 "PIXCfgParser.cpp" try { // for error handling in = LT(1); match(WORD); match(NEWLINE); if ( inputState->guessing==0 ) { -#line 1381 "pix.g" +#line 1413 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); importer->newInterface( in->getText() ); *dbg << in->getLine() << ":" << " INTRFACE: " << in->getText() << std::endl; -#line 5554 "PIXCfgParser.cpp" +#line 5764 "PIXCfgParser.cpp" } { { // ( ... )* for (;;) { - if ((_tokenSet_33.member(LA(1)))) { + if ((_tokenSet_34.member(LA(1)))) { interface_parameters(); if ( inputState->guessing==0 ) { -#line 1388 "pix.g" +#line 1420 "pix.g" have_interface_parameters = true; -#line 5564 "PIXCfgParser.cpp" +#line 5774 "PIXCfgParser.cpp" } } else { - goto _loop190; + goto _loop193; } } - _loop190:; + _loop193:; } // ( ... )* { switch ( LA(1)) { @@ -5589,7 +5799,7 @@ void PIXCfgParser::interface_command_7() { } } if ( inputState->guessing==0 ) { -#line 1390 "pix.g" +#line 1422 "pix.g" if ( ! have_interface_parameters ) { @@ -5598,7 +5808,7 @@ void PIXCfgParser::interface_command_7() { << " EMPTY INTERFACE " << std::endl; } -#line 5602 "PIXCfgParser.cpp" +#line 5812 "PIXCfgParser.cpp" } } } @@ -5690,11 +5900,11 @@ void PIXCfgParser::interface_parameters() { try { // for error handling if ( inputState->guessing==0 ) { -#line 1425 "pix.g" +#line 1457 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); -#line 5698 "PIXCfgParser.cpp" +#line 5908 "PIXCfgParser.cpp" } { switch ( LA(1)) { @@ -5767,7 +5977,7 @@ void PIXCfgParser::interface_parameters() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_34); + recover(ex,_tokenSet_35); } else { throw; } @@ -5803,7 +6013,7 @@ void PIXCfgParser::intf_address() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -5819,18 +6029,18 @@ void PIXCfgParser::vlan_interface() { vlan_id = LT(1); match(INT_CONST); if ( inputState->guessing==0 ) { -#line 1451 "pix.g" +#line 1483 "pix.g" importer->setInterfaceVlanId(vlan_id->getText()); *dbg << " VLAN: " << vlan_id->getText() << std::endl; -#line 5828 "PIXCfgParser.cpp" +#line 6038 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -5846,18 +6056,18 @@ void PIXCfgParser::sec_level() { sec_level = LT(1); match(INT_CONST); if ( inputState->guessing==0 ) { -#line 1503 "pix.g" +#line 1535 "pix.g" importer->setInterfaceSecurityLevel(sec_level->getText()); *dbg << "SEC_LEVEL: " << sec_level->getText() << std::endl; -#line 5855 "PIXCfgParser.cpp" +#line 6065 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -5871,18 +6081,18 @@ void PIXCfgParser::nameif() { match(NAMEIF); interface_label(); if ( inputState->guessing==0 ) { -#line 1522 "pix.g" +#line 1554 "pix.g" importer->setInterfaceParametes(LT(0)->getText(), "", ""); *dbg << " NAMEIF: " << LT(0)->getText() << std::endl; -#line 5880 "PIXCfgParser.cpp" +#line 6090 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -5895,7 +6105,7 @@ void PIXCfgParser::interface_description() { try { // for error handling match(DESCRIPTION); if ( inputState->guessing==0 ) { -#line 1531 "pix.g" +#line 1563 "pix.g" *dbg << LT(1)->getLine() << ":"; std::string descr; @@ -5908,13 +6118,13 @@ void PIXCfgParser::interface_description() { *dbg << " DESCRIPTION " << descr << std::endl; //consumeUntil(NEWLINE); -#line 5912 "PIXCfgParser.cpp" +#line 6122 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -5932,18 +6142,18 @@ void PIXCfgParser::switchport() { vlan_num = LT(1); match(INT_CONST); if ( inputState->guessing==0 ) { -#line 1644 "pix.g" +#line 1676 "pix.g" importer->addMessageToLog("Switch port vlan " + vlan_num->getText()); *dbg << "Switch port vlan " << vlan_num->getText() << std::endl; -#line 5941 "PIXCfgParser.cpp" +#line 6151 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -5956,19 +6166,19 @@ void PIXCfgParser::shutdown() { try { // for error handling match(SHUTDOWN); if ( inputState->guessing==0 ) { -#line 1546 "pix.g" +#line 1578 "pix.g" importer->ignoreCurrentInterface(); *dbg<< LT(1)->getLine() << ":" << " INTERFACE SHUTDOWN " << std::endl; -#line 5966 "PIXCfgParser.cpp" +#line 6176 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -6009,19 +6219,19 @@ void PIXCfgParser::interface_no_commands() { } } if ( inputState->guessing==0 ) { -#line 1495 "pix.g" +#line 1527 "pix.g" *dbg << " INTERFACE \"NO\" COMMAND: " << LT(0)->getText() << std::endl; consumeUntil(NEWLINE); -#line 6019 "PIXCfgParser.cpp" +#line 6229 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -6111,19 +6321,19 @@ void PIXCfgParser::unsupported_interface_commands() { } } if ( inputState->guessing==0 ) { -#line 1487 "pix.g" +#line 1519 "pix.g" *dbg << " UNSUPPORTED INTERFACE COMMAND: " << LT(0)->getText() << std::endl; consumeUntil(NEWLINE); -#line 6121 "PIXCfgParser.cpp" +#line 6331 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -6148,7 +6358,7 @@ void PIXCfgParser::v6_ip_address() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -6179,7 +6389,7 @@ void PIXCfgParser::v7_ip_address() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -6197,7 +6407,7 @@ void PIXCfgParser::v6_dhcp_address() { dhcp = LT(1); match(DHCP); if ( inputState->guessing==0 ) { -#line 1581 "pix.g" +#line 1613 "pix.g" std::string label = lbl->getText(); std::string addr = dhcp->getText(); @@ -6208,13 +6418,13 @@ void PIXCfgParser::v6_dhcp_address() { // which we do not support consumeUntil(NEWLINE); -#line 6212 "PIXCfgParser.cpp" +#line 6422 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -6235,7 +6445,7 @@ void PIXCfgParser::v6_static_address() { m = LT(1); match(IPV4); if ( inputState->guessing==0 ) { -#line 1594 "pix.g" +#line 1626 "pix.g" std::string label = lbl->getText(); std::string addr = a->getText(); @@ -6246,13 +6456,13 @@ void PIXCfgParser::v6_static_address() { // in case there are some other parameters after address and netmask consumeUntil(NEWLINE); -#line 6250 "PIXCfgParser.cpp" +#line 6460 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -6267,7 +6477,7 @@ void PIXCfgParser::v7_dhcp_address() { dhcp = LT(1); match(DHCP); if ( inputState->guessing==0 ) { -#line 1611 "pix.g" +#line 1643 "pix.g" std::string addr = dhcp->getText(); importer->addInterfaceAddress(addr, ""); @@ -6275,13 +6485,13 @@ void PIXCfgParser::v7_dhcp_address() { << " INTRFACE ADDRESS: " << addr << std::endl; consumeUntil(NEWLINE); -#line 6279 "PIXCfgParser.cpp" +#line 6489 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -6318,7 +6528,7 @@ void PIXCfgParser::v7_static_address() { } } if ( inputState->guessing==0 ) { -#line 1622 "pix.g" +#line 1654 "pix.g" std::string addr = a->getText(); std::string netm = m->getText(); @@ -6336,13 +6546,13 @@ void PIXCfgParser::v7_static_address() { } consumeUntil(NEWLINE); -#line 6340 "PIXCfgParser.cpp" +#line 6550 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -6358,13 +6568,13 @@ void PIXCfgParser::icmp_types_for_icmp_command() { { match(INT_CONST); if ( inputState->guessing==0 ) { -#line 1771 "pix.g" +#line 1842 "pix.g" importer->icmp_type = LT(0)->getText(); importer->icmp_code = "0"; importer->icmp_spec = ""; -#line 6368 "PIXCfgParser.cpp" +#line 6578 "PIXCfgParser.cpp" } break; } @@ -6402,13 +6612,13 @@ void PIXCfgParser::icmp_types_for_icmp_command() { } } if ( inputState->guessing==0 ) { -#line 1778 "pix.g" +#line 1849 "pix.g" importer->icmp_type = ""; importer->icmp_code = "0"; importer->icmp_spec = LT(0)->getText(); -#line 6412 "PIXCfgParser.cpp" +#line 6622 "PIXCfgParser.cpp" } break; } @@ -6421,7 +6631,7 @@ void PIXCfgParser::icmp_types_for_icmp_command() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_35); + recover(ex,_tokenSet_36); } else { throw; } @@ -6434,52 +6644,52 @@ void PIXCfgParser::nat_old_top_level_command() { try { // for error handling interface_label(); if ( inputState->guessing==0 ) { -#line 1845 "pix.g" +#line 1916 "pix.g" importer->prenat_interface = LT(0)->getText(); -#line 6442 "PIXCfgParser.cpp" +#line 6652 "PIXCfgParser.cpp" } match(CLOSING_PAREN); if ( inputState->guessing==0 ) { -#line 1849 "pix.g" +#line 1920 "pix.g" importer->setCurrentLineNumber(LT(0)->getLine()); importer->newUnidirRuleSet("nat", libfwbuilder::NAT::TYPENAME ); *dbg << " SNAT rule "; importer->rule_type = libfwbuilder::NATRule::SNAT; -#line 6453 "PIXCfgParser.cpp" +#line 6663 "PIXCfgParser.cpp" } match(INT_CONST); if ( inputState->guessing==0 ) { -#line 1858 "pix.g" +#line 1929 "pix.g" importer->nat_num = LT(0)->getText(); -#line 6461 "PIXCfgParser.cpp" +#line 6671 "PIXCfgParser.cpp" } nat_addr_match(); { // ( ... )* for (;;) { - if ((_tokenSet_36.member(LA(1)))) { + if ((_tokenSet_37.member(LA(1)))) { nat_command_last_parameters(); } else { - goto _loop243; + goto _loop250; } } - _loop243:; + _loop250:; } // ( ... )* match(NEWLINE); if ( inputState->guessing==0 ) { -#line 1870 "pix.g" +#line 1941 "pix.g" importer->pushNATRule(); *dbg << std::endl; -#line 6483 "PIXCfgParser.cpp" +#line 6693 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -6501,11 +6711,11 @@ void PIXCfgParser::nat_new_top_level_command() { interface_label(); match(CLOSING_PAREN); if ( inputState->guessing==0 ) { -#line 1922 "pix.g" +#line 1993 "pix.g" consumeUntil(NEWLINE); -#line 6509 "PIXCfgParser.cpp" +#line 6719 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -6529,11 +6739,11 @@ void PIXCfgParser::nat_addr_match() { { single_addr(); if ( inputState->guessing==0 ) { -#line 1878 "pix.g" +#line 1949 "pix.g" importer->nat_a = importer->tmp_a; -#line 6537 "PIXCfgParser.cpp" +#line 6747 "PIXCfgParser.cpp" } { switch ( LA(1)) { @@ -6542,11 +6752,11 @@ void PIXCfgParser::nat_addr_match() { { single_addr(); if ( inputState->guessing==0 ) { -#line 1886 "pix.g" +#line 1957 "pix.g" importer->nat_nm = importer->tmp_a; -#line 6550 "PIXCfgParser.cpp" +#line 6760 "PIXCfgParser.cpp" } break; } @@ -6573,11 +6783,11 @@ void PIXCfgParser::nat_addr_match() { acl_name = LT(1); match(WORD); if ( inputState->guessing==0 ) { -#line 1892 "pix.g" +#line 1963 "pix.g" importer->nat_acl = acl_name->getText(); -#line 6581 "PIXCfgParser.cpp" +#line 6791 "PIXCfgParser.cpp" } break; } @@ -6590,7 +6800,7 @@ void PIXCfgParser::nat_addr_match() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_37); + recover(ex,_tokenSet_38); } else { throw; } @@ -6667,11 +6877,11 @@ void PIXCfgParser::nat_command_last_parameters() { max_conn = LT(1); match(INT_CONST); { - if ((LA(1) == INT_CONST) && (_tokenSet_37.member(LA(2)))) { + if ((LA(1) == INT_CONST) && (_tokenSet_38.member(LA(2)))) { max_emb_conn = LT(1); match(INT_CONST); } - else if ((_tokenSet_37.member(LA(1))) && (_tokenSet_38.member(LA(2)))) { + else if ((_tokenSet_38.member(LA(1))) && (_tokenSet_39.member(LA(2)))) { } else { throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); @@ -6679,19 +6889,19 @@ void PIXCfgParser::nat_command_last_parameters() { } if ( inputState->guessing==0 ) { -#line 1910 "pix.g" +#line 1981 "pix.g" importer->static_max_conn = max_conn->getText(); if (max_emb_conn) importer->static_max_emb_conn = max_emb_conn->getText(); -#line 6689 "PIXCfgParser.cpp" +#line 6899 "PIXCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_37); + recover(ex,_tokenSet_38); } else { throw; } @@ -6706,21 +6916,21 @@ void PIXCfgParser::static_starts_with_hostaddr() { static_real_addr_match(); { // ( ... )* for (;;) { - if ((_tokenSet_39.member(LA(1)))) { + if ((_tokenSet_40.member(LA(1)))) { static_command_common_last_parameters(); } else { - goto _loop260; + goto _loop267; } } - _loop260:; + _loop267:; } // ( ... )* } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -6750,50 +6960,50 @@ void PIXCfgParser::static_starts_with_tcp_udp() { } } if ( inputState->guessing==0 ) { -#line 2059 "pix.g" +#line 2130 "pix.g" importer->protocol = LT(0)->getText(); *dbg << " SERVICE TCP/UDP " << LT(0)->getText() << " "; -#line 6759 "PIXCfgParser.cpp" +#line 6969 "PIXCfgParser.cpp" } static_mapped_addr_match(); tcp_udp_port_spec(); if ( inputState->guessing==0 ) { -#line 2073 "pix.g" +#line 2144 "pix.g" importer->mapped_port_spec = importer->tmp_port_spec_2; *dbg << "mapped port " << importer->mapped_port_spec << " "; -#line 6769 "PIXCfgParser.cpp" +#line 6979 "PIXCfgParser.cpp" } static_real_addr_match(); tcp_udp_port_spec(); if ( inputState->guessing==0 ) { -#line 2088 "pix.g" +#line 2159 "pix.g" importer->real_port_spec = importer->tmp_port_spec_2; *dbg << "real port " << importer->real_port_spec << " "; -#line 6779 "PIXCfgParser.cpp" +#line 6989 "PIXCfgParser.cpp" } { // ( ... )* for (;;) { - if ((_tokenSet_39.member(LA(1)))) { + if ((_tokenSet_40.member(LA(1)))) { static_command_common_last_parameters(); } else { - goto _loop268; + goto _loop275; } } - _loop268:; + _loop275:; } // ( ... )* } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_8); + recover(ex,_tokenSet_9); } else { throw; } @@ -6811,12 +7021,12 @@ void PIXCfgParser::static_mapped_addr_match() { { single_addr(); if ( inputState->guessing==0 ) { -#line 2030 "pix.g" +#line 2101 "pix.g" importer->mapped_a = importer->tmp_a; importer->mapped_nm = importer->tmp_nm; -#line 6820 "PIXCfgParser.cpp" +#line 7030 "PIXCfgParser.cpp" } break; } @@ -6824,64 +7034,12 @@ void PIXCfgParser::static_mapped_addr_match() { { match(INTRFACE); if ( inputState->guessing==0 ) { -#line 2036 "pix.g" +#line 2107 "pix.g" importer->mapped_a = "interface"; importer->mapped_nm = ""; -#line 6833 "PIXCfgParser.cpp" - } - break; - } - default: - { - throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); - } - } - } - } - catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { - if( inputState->guessing == 0 ) { - reportError(ex); - recover(ex,_tokenSet_40); - } else { - throw; - } - } -} - -void PIXCfgParser::static_real_addr_match() { - Tracer traceInOut(this, "static_real_addr_match"); - ANTLR_USE_NAMESPACE(antlr)RefToken acl_name = ANTLR_USE_NAMESPACE(antlr)nullToken; - - try { // for error handling - { - switch ( LA(1)) { - case IPV4: - case IPV6: - { - single_addr(); - if ( inputState->guessing==0 ) { -#line 2046 "pix.g" - - importer->real_a = importer->tmp_a; - importer->real_nm = importer->tmp_nm; - -#line 6871 "PIXCfgParser.cpp" - } - break; - } - case ACCESS_LIST: - { - match(ACCESS_LIST); - acl_name = LT(1); - match(WORD); - if ( inputState->guessing==0 ) { -#line 2052 "pix.g" - - importer->real_addr_acl = acl_name->getText(); - -#line 6885 "PIXCfgParser.cpp" +#line 7043 "PIXCfgParser.cpp" } break; } @@ -6902,6 +7060,58 @@ void PIXCfgParser::static_real_addr_match() { } } +void PIXCfgParser::static_real_addr_match() { + Tracer traceInOut(this, "static_real_addr_match"); + ANTLR_USE_NAMESPACE(antlr)RefToken acl_name = ANTLR_USE_NAMESPACE(antlr)nullToken; + + try { // for error handling + { + switch ( LA(1)) { + case IPV4: + case IPV6: + { + single_addr(); + if ( inputState->guessing==0 ) { +#line 2117 "pix.g" + + importer->real_a = importer->tmp_a; + importer->real_nm = importer->tmp_nm; + +#line 7081 "PIXCfgParser.cpp" + } + break; + } + case ACCESS_LIST: + { + match(ACCESS_LIST); + acl_name = LT(1); + match(WORD); + if ( inputState->guessing==0 ) { +#line 2123 "pix.g" + + importer->real_addr_acl = acl_name->getText(); + +#line 7095 "PIXCfgParser.cpp" + } + break; + } + default: + { + throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); + } + } + } + } + catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { + if( inputState->guessing == 0 ) { + reportError(ex); + recover(ex,_tokenSet_42); + } else { + throw; + } + } +} + void PIXCfgParser::static_command_common_last_parameters() { Tracer traceInOut(this, "static_command_common_last_parameters"); ANTLR_USE_NAMESPACE(antlr)RefToken nm = ANTLR_USE_NAMESPACE(antlr)nullToken; @@ -6914,12 +7124,12 @@ void PIXCfgParser::static_command_common_last_parameters() { { match(DNS); if ( inputState->guessing==0 ) { -#line 2106 "pix.g" +#line 2177 "pix.g" importer->addMessageToLog( QString("Warning: 'static' command option 'dns' is not supported")); -#line 6923 "PIXCfgParser.cpp" +#line 7133 "PIXCfgParser.cpp" } break; } @@ -6927,12 +7137,12 @@ void PIXCfgParser::static_command_common_last_parameters() { { match(NORANDOMSEQ); if ( inputState->guessing==0 ) { -#line 2112 "pix.g" +#line 2183 "pix.g" importer->addMessageToLog( QString("Warning: 'static' command option 'norandomseq' is not supported")); -#line 6936 "PIXCfgParser.cpp" +#line 7146 "PIXCfgParser.cpp" } break; } @@ -6942,11 +7152,11 @@ void PIXCfgParser::static_command_common_last_parameters() { nm = LT(1); match(IPV4); if ( inputState->guessing==0 ) { -#line 2118 "pix.g" +#line 2189 "pix.g" importer->mapped_nm = nm->getText(); -#line 6950 "PIXCfgParser.cpp" +#line 7160 "PIXCfgParser.cpp" } break; } @@ -6979,11 +7189,11 @@ void PIXCfgParser::static_command_common_last_parameters() { max_conn = LT(1); match(INT_CONST); { - if ((LA(1) == INT_CONST) && (_tokenSet_42.member(LA(2)))) { + if ((LA(1) == INT_CONST) && (_tokenSet_43.member(LA(2)))) { max_emb_conn = LT(1); match(INT_CONST); } - else if ((_tokenSet_42.member(LA(1))) && (_tokenSet_43.member(LA(2)))) { + else if ((_tokenSet_43.member(LA(1))) && (_tokenSet_44.member(LA(2)))) { } else { throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename()); @@ -6991,13 +7201,13 @@ void PIXCfgParser::static_command_common_last_parameters() { } if ( inputState->guessing==0 ) { -#line 2124 "pix.g" +#line 2195 "pix.g" importer->static_max_conn = max_conn->getText(); if (max_emb_conn) importer->static_max_emb_conn = max_emb_conn->getText(); -#line 7001 "PIXCfgParser.cpp" +#line 7211 "PIXCfgParser.cpp" } break; } @@ -7010,7 +7220,7 @@ void PIXCfgParser::static_command_common_last_parameters() { catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { if( inputState->guessing == 0 ) { reportError(ex); - recover(ex,_tokenSet_42); + recover(ex,_tokenSet_43); } else { throw; } @@ -7056,6 +7266,9 @@ const char* PIXCfgParser::tokenNames[] = { "\"range\"", "\"subnet\"", "\"service\"", + "\"http\"", + "\"ssh\"", + "\"telnet\"", "\"icmp\"", "INT_CONST", "\"icmp6\"", @@ -7075,6 +7288,12 @@ const char* PIXCfgParser::tokenNames[] = { "\"port-object\"", "\"crypto\"", "\"dns\"", + "\"call-home\"", + "\"internal\"", + "\"password-recovery\"", + "\"resetinbound\"", + "\"resetoutbound\"", + "\"resetoutside\"", "\"no\"", "\"certificate\"", "\"PIX\"", @@ -7094,8 +7313,6 @@ const char* PIXCfgParser::tokenNames[] = { "\"neq\"", "\"echo\"", "\"rip\"", - "\"ssh\"", - "\"telnet\"", "\"established\"", "\"alternate-address\"", "\"conversion-error\"", @@ -7163,6 +7380,8 @@ const char* PIXCfgParser::tokenNames[] = { "\"access\"", "\"scopy\"", "\"version\"", + "\"authentication-certificate\"", + "\"server\"", "\"remark\"", "\"access-group\"", "COLON_COMMENT", @@ -7210,100 +7429,104 @@ const char* PIXCfgParser::tokenNames[] = { 0 }; -const unsigned long PIXCfgParser::_tokenSet_0_data_[] = { 2UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +const unsigned long PIXCfgParser::_tokenSet_0_data_[] = { 2UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // EOF -const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_0(_tokenSet_0_data_,6); -const unsigned long PIXCfgParser::_tokenSet_1_data_[] = { 268445554UL, 1408238600UL, 1073743360UL, 33980416UL, 19103744UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// EOF NEWLINE "quit" "ip" "timeout" "names" "name" WORD OBJECT "icmp" -// OBJECT_GROUP "crypto" "dns" "no" "certificate" "PIX" "ASA" "hostname" -// "access-list" "ssh" "telnet" "interface" "controller" LINE_COMMENT "exit" -// "nameif" "access-group" COLON_COMMENT "nat" "global" "static" +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_0(_tokenSet_0_data_,8); +const unsigned long PIXCfgParser::_tokenSet_1_data_[] = { 268445554UL, 2172657788UL, 167UL, 54525984UL, 1191182337UL, 2UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// EOF NEWLINE "quit" "ip" "timeout" "names" "name" WORD OBJECT "service" +// "http" "ssh" "telnet" "icmp" OBJECT_GROUP "crypto" "dns" "no" "certificate" +// "PIX" "ASA" "hostname" "access-list" "interface" "controller" LINE_COMMENT +// "exit" "nameif" "access-group" COLON_COMMENT "nat" "global" "static" const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_1(_tokenSet_1_data_,12); -const unsigned long PIXCfgParser::_tokenSet_2_data_[] = { 0UL, 16UL, 0UL, 3670016UL, 0UL, 0UL, 0UL, 0UL }; +const unsigned long PIXCfgParser::_tokenSet_2_data_[] = { 0UL, 128UL, 0UL, 469762048UL, 0UL, 0UL, 0UL, 0UL }; // INT_CONST "aui" "auto" "bnc" const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_2(_tokenSet_2_data_,8); -const unsigned long PIXCfgParser::_tokenSet_3_data_[] = { 536854592UL, 1256UL, 1UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +const unsigned long PIXCfgParser::_tokenSet_3_data_[] = { 536854592UL, 10048UL, 512UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // "ip" "ah" "eigrp" "esp" "gre" "igmp" "igrp" "ipinip" "ipsec" "nos" "ospf" // "pcp" "pim" "pptp" "snp" OBJECT "icmp" "icmp6" "tcp" "udp" OBJECT_GROUP // "permit" const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_3(_tokenSet_3_data_,8); -const unsigned long PIXCfgParser::_tokenSet_4_data_[] = { 536854592UL, 1256UL, 2UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +const unsigned long PIXCfgParser::_tokenSet_4_data_[] = { 536854592UL, 10048UL, 1024UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // "ip" "ah" "eigrp" "esp" "gre" "igmp" "igrp" "ipinip" "ipsec" "nos" "ospf" // "pcp" "pim" "pptp" "snp" OBJECT "icmp" "icmp6" "tcp" "udp" OBJECT_GROUP // "deny" const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_4(_tokenSet_4_data_,8); -const unsigned long PIXCfgParser::_tokenSet_5_data_[] = { 3489671026UL, 1408238603UL, 1073743360UL, 33980416UL, 19103744UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +const unsigned long PIXCfgParser::_tokenSet_5_data_[] = { 3489671026UL, 2172657791UL, 167UL, 54525984UL, 1191182337UL, 2UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // EOF NEWLINE "quit" "ip" "timeout" "names" "name" WORD OBJECT "description" -// "host" "range" "subnet" "icmp" OBJECT_GROUP "crypto" "dns" "no" "certificate" -// "PIX" "ASA" "hostname" "access-list" "ssh" "telnet" "interface" "controller" -// LINE_COMMENT "exit" "nameif" "access-group" COLON_COMMENT "nat" "global" -// "static" +// "host" "range" "subnet" "service" "http" "ssh" "telnet" "icmp" OBJECT_GROUP +// "crypto" "dns" "no" "certificate" "PIX" "ASA" "hostname" "access-list" +// "interface" "controller" LINE_COMMENT "exit" "nameif" "access-group" +// COLON_COMMENT "nat" "global" "static" const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_5(_tokenSet_5_data_,12); -const unsigned long PIXCfgParser::_tokenSet_6_data_[] = { 1073741824UL, 788480UL, 0UL, 0UL, 0UL, 0UL }; +const unsigned long PIXCfgParser::_tokenSet_6_data_[] = { 268427344UL, 1984UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE "ip" WORD "ah" "eigrp" "esp" "gre" "igmp" "igrp" "ipinip" "ipsec" +// "nos" "ospf" "pcp" "pim" "pptp" "snp" "icmp" INT_CONST "icmp6" "tcp" +// "udp" +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_6(_tokenSet_6_data_,8); +const unsigned long PIXCfgParser::_tokenSet_7_data_[] = { 1073741824UL, 6307840UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // "description" "group-object" "service-object" "port-object" -const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_6(_tokenSet_6_data_,6); -const unsigned long PIXCfgParser::_tokenSet_7_data_[] = { 2415921168UL, 1024UL, 3221225472UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// NEWLINE IPV4 OBJECT "host" OBJECT_GROUP "interface" "any" const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_7(_tokenSet_7_data_,8); -const unsigned long PIXCfgParser::_tokenSet_8_data_[] = { 16UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +const unsigned long PIXCfgParser::_tokenSet_8_data_[] = { 2415921168UL, 8192UL, 0UL, 96UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE IPV4 OBJECT "host" OBJECT_GROUP "interface" "any" +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_8(_tokenSet_8_data_,8); +const unsigned long PIXCfgParser::_tokenSet_9_data_[] = { 16UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // NEWLINE -const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_8(_tokenSet_8_data_,6); -const unsigned long PIXCfgParser::_tokenSet_9_data_[] = { 67123216UL, 1344274640UL, 1920UL, 65536UL, 46137344UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// NEWLINE IPV4 IPV6 WORD "pptp" INT_CONST "tcp" "udp" "dns" "hostname" -// "access-list" "echo" "rip" "ssh" "telnet" "outside" MINUS "netmask" -// "norandomseq" -const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_9(_tokenSet_9_data_,12); -const unsigned long PIXCfgParser::_tokenSet_10_data_[] = { 268419136UL, 16UL, 0UL, 0UL, 0UL, 0UL }; +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_9(_tokenSet_9_data_,8); +const unsigned long PIXCfgParser::_tokenSet_10_data_[] = { 67123216UL, 16778928UL, 196768UL, 8388608UL, 2147483648UL, 5UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE IPV4 IPV6 WORD "pptp" "ssh" "telnet" INT_CONST "tcp" "udp" "dns" +// "hostname" "access-list" "echo" "rip" "outside" MINUS "netmask" "norandomseq" +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_10(_tokenSet_10_data_,12); +const unsigned long PIXCfgParser::_tokenSet_11_data_[] = { 268419136UL, 128UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // "ip" "ah" "eigrp" "esp" "gre" "igmp" "igrp" "ipinip" "ipsec" "nos" "ospf" // "pcp" "pim" "pptp" "snp" INT_CONST -const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_10(_tokenSet_10_data_,6); -const unsigned long PIXCfgParser::_tokenSet_11_data_[] = { 1342187378UL, 1408238604UL, 1073743360UL, 33980416UL, 19103744UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_11(_tokenSet_11_data_,8); +const unsigned long PIXCfgParser::_tokenSet_12_data_[] = { 1342187378UL, 2172657788UL, 167UL, 54525984UL, 1191182337UL, 2UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // EOF NEWLINE "quit" "ip" "timeout" "names" "name" WORD OBJECT "description" -// "service" "icmp" OBJECT_GROUP "crypto" "dns" "no" "certificate" "PIX" -// "ASA" "hostname" "access-list" "ssh" "telnet" "interface" "controller" +// "service" "http" "ssh" "telnet" "icmp" OBJECT_GROUP "crypto" "dns" "no" +// "certificate" "PIX" "ASA" "hostname" "access-list" "interface" "controller" // LINE_COMMENT "exit" "nameif" "access-group" COLON_COMMENT "nat" "global" // "static" -const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_11(_tokenSet_11_data_,12); -const unsigned long PIXCfgParser::_tokenSet_12_data_[] = { 16UL, 0UL, 0UL, 24579UL, 0UL, 0UL, 0UL, 0UL }; +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_12(_tokenSet_12_data_,12); +const unsigned long PIXCfgParser::_tokenSet_13_data_[] = { 16UL, 0UL, 0UL, 3146112UL, 0UL, 0UL, 0UL, 0UL }; // NEWLINE "log" "log-input" "fragments" "time-range" -const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_12(_tokenSet_12_data_,8); -const unsigned long PIXCfgParser::_tokenSet_13_data_[] = { 16UL, 513UL, 120UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// NEWLINE "range" "destination" "eq" "gt" "lt" "neq" const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_13(_tokenSet_13_data_,8); -const unsigned long PIXCfgParser::_tokenSet_14_data_[] = { 2415921168UL, 1537UL, 3221227640UL, 24579UL, 0UL, 0UL, 0UL, 0UL }; +const unsigned long PIXCfgParser::_tokenSet_14_data_[] = { 16UL, 4097UL, 61440UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE "range" "destination" "eq" "gt" "lt" "neq" +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_14(_tokenSet_14_data_,8); +const unsigned long PIXCfgParser::_tokenSet_15_data_[] = { 2415921168UL, 12289UL, 323584UL, 3146208UL, 0UL, 0UL, 0UL, 0UL }; // NEWLINE IPV4 OBJECT "host" "range" "destination" OBJECT_GROUP "eq" "gt" // "lt" "neq" "established" "interface" "any" "log" "log-input" "fragments" // "time-range" -const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_14(_tokenSet_14_data_,8); -const unsigned long PIXCfgParser::_tokenSet_15_data_[] = { 1342187378UL, 1408244744UL, 1073743360UL, 33980416UL, 19103744UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_15(_tokenSet_15_data_,8); +const unsigned long PIXCfgParser::_tokenSet_16_data_[] = { 1342187378UL, 2172706940UL, 167UL, 54525984UL, 1191182337UL, 2UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // EOF NEWLINE "quit" "ip" "timeout" "names" "name" WORD OBJECT "description" -// "icmp" OBJECT_GROUP "group-object" "network-object" "crypto" "dns" "no" -// "certificate" "PIX" "ASA" "hostname" "access-list" "ssh" "telnet" "interface" -// "controller" LINE_COMMENT "exit" "nameif" "access-group" COLON_COMMENT -// "nat" "global" "static" -const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_15(_tokenSet_15_data_,12); -const unsigned long PIXCfgParser::_tokenSet_16_data_[] = { 1342187378UL, 1408257032UL, 1073743360UL, 33980416UL, 19103744UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// EOF NEWLINE "quit" "ip" "timeout" "names" "name" WORD OBJECT "description" -// "icmp" OBJECT_GROUP "group-object" "protocol-object" "crypto" "dns" -// "no" "certificate" "PIX" "ASA" "hostname" "access-list" "ssh" "telnet" +// "service" "http" "ssh" "telnet" "icmp" OBJECT_GROUP "group-object" "network-object" +// "crypto" "dns" "no" "certificate" "PIX" "ASA" "hostname" "access-list" // "interface" "controller" LINE_COMMENT "exit" "nameif" "access-group" // COLON_COMMENT "nat" "global" "static" const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_16(_tokenSet_16_data_,12); -const unsigned long PIXCfgParser::_tokenSet_17_data_[] = { 1342187378UL, 1408273416UL, 1073743360UL, 33980416UL, 19103744UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +const unsigned long PIXCfgParser::_tokenSet_17_data_[] = { 1342187378UL, 2172805244UL, 167UL, 54525984UL, 1191182337UL, 2UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // EOF NEWLINE "quit" "ip" "timeout" "names" "name" WORD OBJECT "description" -// "icmp" OBJECT_GROUP "group-object" "icmp-object" "crypto" "dns" "no" -// "certificate" "PIX" "ASA" "hostname" "access-list" "ssh" "telnet" "interface" -// "controller" LINE_COMMENT "exit" "nameif" "access-group" COLON_COMMENT -// "nat" "global" "static" +// "service" "http" "ssh" "telnet" "icmp" OBJECT_GROUP "group-object" "protocol-object" +// "crypto" "dns" "no" "certificate" "PIX" "ASA" "hostname" "access-list" +// "interface" "controller" LINE_COMMENT "exit" "nameif" "access-group" +// COLON_COMMENT "nat" "global" "static" const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_17(_tokenSet_17_data_,12); -const unsigned long PIXCfgParser::_tokenSet_18_data_[] = { 1342187378UL, 1409027080UL, 1073743360UL, 33980416UL, 19103744UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +const unsigned long PIXCfgParser::_tokenSet_18_data_[] = { 1342187378UL, 2172936316UL, 167UL, 54525984UL, 1191182337UL, 2UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // EOF NEWLINE "quit" "ip" "timeout" "names" "name" WORD OBJECT "description" -// "icmp" OBJECT_GROUP "group-object" "service-object" "port-object" "crypto" -// "dns" "no" "certificate" "PIX" "ASA" "hostname" "access-list" "ssh" -// "telnet" "interface" "controller" LINE_COMMENT "exit" "nameif" "access-group" +// "service" "http" "ssh" "telnet" "icmp" OBJECT_GROUP "group-object" "icmp-object" +// "crypto" "dns" "no" "certificate" "PIX" "ASA" "hostname" "access-list" +// "interface" "controller" LINE_COMMENT "exit" "nameif" "access-group" // COLON_COMMENT "nat" "global" "static" const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_18(_tokenSet_18_data_,12); -const unsigned long PIXCfgParser::_tokenSet_19_data_[] = { 2415929360UL, 1041UL, 4294965496UL, 90115UL, 0UL, 0UL, 0UL, 0UL }; +const unsigned long PIXCfgParser::_tokenSet_19_data_[] = { 1342187378UL, 2178965628UL, 167UL, 54525984UL, 1191182337UL, 2UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// EOF NEWLINE "quit" "ip" "timeout" "names" "name" WORD OBJECT "description" +// "service" "http" "ssh" "telnet" "icmp" OBJECT_GROUP "group-object" "service-object" +// "port-object" "crypto" "dns" "no" "certificate" "PIX" "ASA" "hostname" +// "access-list" "interface" "controller" LINE_COMMENT "exit" "nameif" +// "access-group" COLON_COMMENT "nat" "global" "static" +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_19(_tokenSet_19_data_,12); +const unsigned long PIXCfgParser::_tokenSet_20_data_[] = { 2415929360UL, 8321UL, 4294832128UL, 11534847UL, 0UL, 0UL, 0UL, 0UL }; // NEWLINE IPV4 WORD OBJECT "host" "range" INT_CONST OBJECT_GROUP "eq" // "gt" "lt" "neq" "echo" "established" "alternate-address" "conversion-error" // "echo-reply" "information-reply" "information-request" "mask-reply" @@ -7311,123 +7534,123 @@ const unsigned long PIXCfgParser::_tokenSet_19_data_[] = { 2415929360UL, 1041UL, // "router-solicitation" "source-quench" "time-exceeded" "timestamp-reply" // "timestamp-request" "traceroute" "unreachable" "interface" "any" "log" // "log-input" "fragments" "time-range" "outside" -const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_19(_tokenSet_19_data_,8); -const unsigned long PIXCfgParser::_tokenSet_20_data_[] = { 2415921152UL, 1024UL, 3221225472UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// IPV4 OBJECT "host" OBJECT_GROUP "interface" "any" const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_20(_tokenSet_20_data_,8); -const unsigned long PIXCfgParser::_tokenSet_21_data_[] = { 16UL, 0UL, 0UL, 8195UL, 0UL, 0UL, 0UL, 0UL }; -// NEWLINE "log" "log-input" "fragments" +const unsigned long PIXCfgParser::_tokenSet_21_data_[] = { 2415921152UL, 8192UL, 0UL, 96UL, 0UL, 0UL, 0UL, 0UL }; +// IPV4 OBJECT "host" OBJECT_GROUP "interface" "any" const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_21(_tokenSet_21_data_,8); -const unsigned long PIXCfgParser::_tokenSet_22_data_[] = { 16UL, 0UL, 0UL, 3UL, 0UL, 0UL, 0UL, 0UL }; -// NEWLINE "log" "log-input" +const unsigned long PIXCfgParser::_tokenSet_22_data_[] = { 16UL, 0UL, 0UL, 1048960UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE "log" "log-input" "fragments" const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_22(_tokenSet_22_data_,8); -const unsigned long PIXCfgParser::_tokenSet_23_data_[] = { 268445712UL, 1025UL, 2168UL, 90115UL, 0UL, 0UL, 0UL, 0UL }; +const unsigned long PIXCfgParser::_tokenSet_23_data_[] = { 16UL, 0UL, 0UL, 384UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE "log" "log-input" +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_23(_tokenSet_23_data_,8); +const unsigned long PIXCfgParser::_tokenSet_24_data_[] = { 268445712UL, 8193UL, 323584UL, 11534720UL, 0UL, 0UL, 0UL, 0UL }; // NEWLINE IPV4 WORD OBJECT "range" OBJECT_GROUP "eq" "gt" "lt" "neq" "established" // "log" "log-input" "fragments" "time-range" "outside" -const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_23(_tokenSet_23_data_,8); -const unsigned long PIXCfgParser::_tokenSet_24_data_[] = { 0UL, 1UL, 120UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// "range" "eq" "gt" "lt" "neq" const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_24(_tokenSet_24_data_,8); -const unsigned long PIXCfgParser::_tokenSet_25_data_[] = { 67117056UL, 268435472UL, 1920UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// WORD "pptp" INT_CONST "hostname" "echo" "rip" "ssh" "telnet" +const unsigned long PIXCfgParser::_tokenSet_25_data_[] = { 0UL, 1UL, 61440UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// "range" "eq" "gt" "lt" "neq" const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_25(_tokenSet_25_data_,8); -const unsigned long PIXCfgParser::_tokenSet_26_data_[] = { 268435472UL, 1025UL, 2168UL, 24579UL, 0UL, 0UL, 0UL, 0UL }; +const unsigned long PIXCfgParser::_tokenSet_26_data_[] = { 67117056UL, 176UL, 196640UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// WORD "pptp" "ssh" "telnet" INT_CONST "hostname" "echo" "rip" +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_26(_tokenSet_26_data_,8); +const unsigned long PIXCfgParser::_tokenSet_27_data_[] = { 268435472UL, 8193UL, 323584UL, 3146112UL, 0UL, 0UL, 0UL, 0UL }; // NEWLINE OBJECT "range" OBJECT_GROUP "eq" "gt" "lt" "neq" "established" // "log" "log-input" "fragments" "time-range" -const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_26(_tokenSet_26_data_,8); -const unsigned long PIXCfgParser::_tokenSet_27_data_[] = { 335554418UL, 1408238617UL, 1073745912UL, 34013183UL, 19103744UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_27(_tokenSet_27_data_,8); +const unsigned long PIXCfgParser::_tokenSet_28_data_[] = { 335554418UL, 2172657917UL, 520359UL, 58720160UL, 1191182337UL, 2UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // EOF NEWLINE "quit" "ip" "timeout" "names" "name" WORD "pptp" OBJECT -// "range" "icmp" INT_CONST OBJECT_GROUP "crypto" "dns" "no" "certificate" -// "PIX" "ASA" "hostname" "access-list" "eq" "gt" "lt" "neq" "echo" "rip" -// "ssh" "telnet" "established" "interface" "log" "log-input" "alerts" -// "critical" "debugging" "emergencies" "errors" "informational" "notifications" -// "warnings" "disable" "inactive" "interval" "fragments" "time-range" -// "controller" LINE_COMMENT "exit" "nameif" "access-group" COLON_COMMENT -// "nat" "global" "static" -const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_27(_tokenSet_27_data_,12); -const unsigned long PIXCfgParser::_tokenSet_28_data_[] = { 335554418UL, 1408238616UL, 1073743744UL, 34013183UL, 19103744UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// EOF NEWLINE "quit" "ip" "timeout" "names" "name" WORD "pptp" OBJECT -// "icmp" INT_CONST OBJECT_GROUP "crypto" "dns" "no" "certificate" "PIX" -// "ASA" "hostname" "access-list" "echo" "rip" "ssh" "telnet" "interface" -// "log" "log-input" "alerts" "critical" "debugging" "emergencies" "errors" -// "informational" "notifications" "warnings" "disable" "inactive" "interval" -// "fragments" "time-range" "controller" LINE_COMMENT "exit" "nameif" "access-group" +// "range" "service" "http" "ssh" "telnet" "icmp" INT_CONST OBJECT_GROUP +// "crypto" "dns" "no" "certificate" "PIX" "ASA" "hostname" "access-list" +// "eq" "gt" "lt" "neq" "echo" "rip" "established" "interface" "log" "log-input" +// "alerts" "critical" "debugging" "emergencies" "errors" "informational" +// "notifications" "warnings" "disable" "inactive" "interval" "fragments" +// "time-range" "controller" LINE_COMMENT "exit" "nameif" "access-group" // COLON_COMMENT "nat" "global" "static" const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_28(_tokenSet_28_data_,12); -const unsigned long PIXCfgParser::_tokenSet_29_data_[] = { 2415921152UL, 1025UL, 3221225592UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +const unsigned long PIXCfgParser::_tokenSet_29_data_[] = { 335554418UL, 2172657916UL, 196775UL, 58720160UL, 1191182337UL, 2UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// EOF NEWLINE "quit" "ip" "timeout" "names" "name" WORD "pptp" OBJECT +// "service" "http" "ssh" "telnet" "icmp" INT_CONST OBJECT_GROUP "crypto" +// "dns" "no" "certificate" "PIX" "ASA" "hostname" "access-list" "echo" +// "rip" "interface" "log" "log-input" "alerts" "critical" "debugging" +// "emergencies" "errors" "informational" "notifications" "warnings" "disable" +// "inactive" "interval" "fragments" "time-range" "controller" LINE_COMMENT +// "exit" "nameif" "access-group" COLON_COMMENT "nat" "global" "static" +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_29(_tokenSet_29_data_,12); +const unsigned long PIXCfgParser::_tokenSet_30_data_[] = { 2415921152UL, 8193UL, 61440UL, 96UL, 0UL, 0UL, 0UL, 0UL }; // IPV4 OBJECT "host" "range" OBJECT_GROUP "eq" "gt" "lt" "neq" "interface" // "any" -const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_29(_tokenSet_29_data_,8); -const unsigned long PIXCfgParser::_tokenSet_30_data_[] = { 335554576UL, 268436497UL, 4088UL, 90115UL, 0UL, 0UL, 0UL, 0UL }; -// NEWLINE IPV4 WORD "pptp" OBJECT "range" INT_CONST OBJECT_GROUP "hostname" -// "eq" "gt" "lt" "neq" "echo" "rip" "ssh" "telnet" "established" "log" -// "log-input" "fragments" "time-range" "outside" const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_30(_tokenSet_30_data_,8); -const unsigned long PIXCfgParser::_tokenSet_31_data_[] = { 2483042320UL, 1344276177UL, 3221229560UL, 24579UL, 41943040UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// NEWLINE IPV4 IPV6 WORD "pptp" OBJECT "host" "range" INT_CONST "tcp" -// "udp" "destination" OBJECT_GROUP "dns" "hostname" "access-list" "eq" -// "gt" "lt" "neq" "echo" "rip" "ssh" "telnet" "established" "interface" -// "any" "log" "log-input" "fragments" "time-range" "netmask" "norandomseq" -const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_31(_tokenSet_31_data_,12); -const unsigned long PIXCfgParser::_tokenSet_32_data_[] = { 2415931250UL, 1408238617UL, 4294967032UL, 34070531UL, 20676608UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +const unsigned long PIXCfgParser::_tokenSet_31_data_[] = { 335554576UL, 8369UL, 520224UL, 11534720UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE IPV4 WORD "pptp" OBJECT "range" "ssh" "telnet" INT_CONST OBJECT_GROUP +// "hostname" "eq" "gt" "lt" "neq" "echo" "rip" "established" "log" "log-input" +// "fragments" "time-range" "outside" +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_31(_tokenSet_31_data_,8); +const unsigned long PIXCfgParser::_tokenSet_32_data_[] = { 2483042320UL, 16791217UL, 520352UL, 3146208UL, 0UL, 5UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE IPV4 IPV6 WORD "pptp" OBJECT "host" "range" "ssh" "telnet" INT_CONST +// "tcp" "udp" "destination" OBJECT_GROUP "dns" "hostname" "access-list" +// "eq" "gt" "lt" "neq" "echo" "rip" "established" "interface" "any" "log" +// "log-input" "fragments" "time-range" "netmask" "norandomseq" +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_32(_tokenSet_32_data_,12); +const unsigned long PIXCfgParser::_tokenSet_33_data_[] = { 2415931250UL, 2172657917UL, 4294832295UL, 66060799UL, 1996488705UL, 2UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // EOF NEWLINE "quit" "ip" "timeout" "names" "name" IPV4 WORD OBJECT "host" -// "range" "icmp" INT_CONST OBJECT_GROUP "crypto" "dns" "no" "certificate" -// "PIX" "ASA" "hostname" "access-list" "eq" "gt" "lt" "neq" "echo" "ssh" -// "telnet" "established" "alternate-address" "conversion-error" "echo-reply" -// "information-reply" "information-request" "mask-reply" "mask-request" -// "mobile-redirect" "parameter-problem" "redirect" "router-advertisement" +// "range" "service" "http" "ssh" "telnet" "icmp" INT_CONST OBJECT_GROUP +// "crypto" "dns" "no" "certificate" "PIX" "ASA" "hostname" "access-list" +// "eq" "gt" "lt" "neq" "echo" "established" "alternate-address" "conversion-error" +// "echo-reply" "information-reply" "information-request" "mask-reply" +// "mask-request" "mobile-redirect" "parameter-problem" "redirect" "router-advertisement" // "router-solicitation" "source-quench" "time-exceeded" "timestamp-reply" // "timestamp-request" "traceroute" "unreachable" "interface" "any" "log" // "log-input" "fragments" "time-range" "controller" "outside" LINE_COMMENT // "exit" "nameif" "access-group" COLON_COMMENT "nat" CLOSING_PAREN COMMA // "global" "static" -const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_32(_tokenSet_32_data_,12); -const unsigned long PIXCfgParser::_tokenSet_33_data_[] = { 1115947072UL, 4194304UL, 256UL, 4261412864UL, 1151UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_33(_tokenSet_33_data_,12); +const unsigned long PIXCfgParser::_tokenSet_34_data_[] = { 1115947072UL, 2147483648UL, 131072UL, 0UL, 147455UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // "ip" "igmp" "ospf" "pim" "description" "no" "rip" "nameif" "vlan" "speed" // "duplex" "ddns" "forward" "delay" "hold-time" "ipv6" "mac-address" "multicast" // PPPOE "security-level" "shutdown" "switchport" -const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_33(_tokenSet_33_data_,12); -const unsigned long PIXCfgParser::_tokenSet_34_data_[] = { 1115947072UL, 4194304UL, 256UL, 4261806080UL, 1151UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_34(_tokenSet_34_data_,12); +const unsigned long PIXCfgParser::_tokenSet_35_data_[] = { 1115947072UL, 2147483648UL, 131072UL, 50331648UL, 147455UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // "ip" "igmp" "ospf" "pim" "description" "no" "rip" LINE_COMMENT "exit" // "nameif" "vlan" "speed" "duplex" "ddns" "forward" "delay" "hold-time" // "ipv6" "mac-address" "multicast" PPPOE "security-level" "shutdown" "switchport" -const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_34(_tokenSet_34_data_,12); -const unsigned long PIXCfgParser::_tokenSet_35_data_[] = { 8192UL, 0UL, 0UL, 65536UL, 0UL, 0UL, 0UL, 0UL }; +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_35(_tokenSet_35_data_,12); +const unsigned long PIXCfgParser::_tokenSet_36_data_[] = { 8192UL, 0UL, 0UL, 8388608UL, 0UL, 0UL, 0UL, 0UL }; // WORD "outside" -const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_35(_tokenSet_35_data_,8); -const unsigned long PIXCfgParser::_tokenSet_36_data_[] = { 0UL, 2097360UL, 0UL, 65536UL, 0UL, 0UL, 0UL, 0UL }; -// INT_CONST "tcp" "udp" "dns" "outside" const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_36(_tokenSet_36_data_,8); -const unsigned long PIXCfgParser::_tokenSet_37_data_[] = { 16UL, 2097360UL, 0UL, 65536UL, 0UL, 0UL, 0UL, 0UL }; -// NEWLINE INT_CONST "tcp" "udp" "dns" "outside" +const unsigned long PIXCfgParser::_tokenSet_37_data_[] = { 0UL, 16778880UL, 0UL, 8388608UL, 0UL, 0UL, 0UL, 0UL }; +// INT_CONST "tcp" "udp" "dns" "outside" const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_37(_tokenSet_37_data_,8); -const unsigned long PIXCfgParser::_tokenSet_38_data_[] = { 3489671026UL, 1408238811UL, 1073743360UL, 34045952UL, 19103744UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +const unsigned long PIXCfgParser::_tokenSet_38_data_[] = { 16UL, 16778880UL, 0UL, 8388608UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE INT_CONST "tcp" "udp" "dns" "outside" +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_38(_tokenSet_38_data_,8); +const unsigned long PIXCfgParser::_tokenSet_39_data_[] = { 3489671026UL, 2172659455UL, 167UL, 62914592UL, 1191182337UL, 2UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; // EOF NEWLINE "quit" "ip" "timeout" "names" "name" WORD OBJECT "description" -// "host" "range" "subnet" "icmp" INT_CONST "tcp" "udp" OBJECT_GROUP "crypto" -// "dns" "no" "certificate" "PIX" "ASA" "hostname" "access-list" "ssh" -// "telnet" "interface" "controller" "outside" LINE_COMMENT "exit" "nameif" -// "access-group" COLON_COMMENT "nat" "global" "static" -const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_38(_tokenSet_38_data_,12); -const unsigned long PIXCfgParser::_tokenSet_39_data_[] = { 0UL, 2097360UL, 0UL, 0UL, 41943040UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// INT_CONST "tcp" "udp" "dns" "netmask" "norandomseq" +// "host" "range" "subnet" "service" "http" "ssh" "telnet" "icmp" INT_CONST +// "tcp" "udp" OBJECT_GROUP "crypto" "dns" "no" "certificate" "PIX" "ASA" +// "hostname" "access-list" "interface" "controller" "outside" LINE_COMMENT +// "exit" "nameif" "access-group" COLON_COMMENT "nat" "global" "static" const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_39(_tokenSet_39_data_,12); -const unsigned long PIXCfgParser::_tokenSet_40_data_[] = { 67123200UL, 1342177296UL, 1920UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// IPV4 IPV6 WORD "pptp" INT_CONST "hostname" "access-list" "echo" "rip" -// "ssh" "telnet" -const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_40(_tokenSet_40_data_,8); -const unsigned long PIXCfgParser::_tokenSet_41_data_[] = { 67117072UL, 270532816UL, 1920UL, 0UL, 41943040UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// NEWLINE WORD "pptp" INT_CONST "tcp" "udp" "dns" "hostname" "echo" "rip" -// "ssh" "telnet" "netmask" "norandomseq" -const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_41(_tokenSet_41_data_,12); -const unsigned long PIXCfgParser::_tokenSet_42_data_[] = { 16UL, 2097360UL, 0UL, 0UL, 41943040UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// NEWLINE INT_CONST "tcp" "udp" "dns" "netmask" "norandomseq" +const unsigned long PIXCfgParser::_tokenSet_40_data_[] = { 0UL, 16778880UL, 0UL, 0UL, 0UL, 5UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// INT_CONST "tcp" "udp" "dns" "netmask" "norandomseq" +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_40(_tokenSet_40_data_,12); +const unsigned long PIXCfgParser::_tokenSet_41_data_[] = { 67123200UL, 176UL, 196768UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// IPV4 IPV6 WORD "pptp" "ssh" "telnet" INT_CONST "hostname" "access-list" +// "echo" "rip" +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_41(_tokenSet_41_data_,8); +const unsigned long PIXCfgParser::_tokenSet_42_data_[] = { 67117072UL, 16778928UL, 196640UL, 0UL, 0UL, 5UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE WORD "pptp" "ssh" "telnet" INT_CONST "tcp" "udp" "dns" "hostname" +// "echo" "rip" "netmask" "norandomseq" const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_42(_tokenSet_42_data_,12); -const unsigned long PIXCfgParser::_tokenSet_43_data_[] = { 268447602UL, 1408238808UL, 1073743360UL, 33980416UL, 61046784UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; -// EOF NEWLINE "quit" "ip" "timeout" "names" "name" IPV4 WORD OBJECT "icmp" -// INT_CONST "tcp" "udp" OBJECT_GROUP "crypto" "dns" "no" "certificate" -// "PIX" "ASA" "hostname" "access-list" "ssh" "telnet" "interface" "controller" -// LINE_COMMENT "exit" "nameif" "access-group" COLON_COMMENT "nat" "global" -// "netmask" "static" "norandomseq" +const unsigned long PIXCfgParser::_tokenSet_43_data_[] = { 16UL, 16778880UL, 0UL, 0UL, 0UL, 5UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// NEWLINE INT_CONST "tcp" "udp" "dns" "netmask" "norandomseq" const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_43(_tokenSet_43_data_,12); +const unsigned long PIXCfgParser::_tokenSet_44_data_[] = { 268447602UL, 2172659452UL, 167UL, 54525984UL, 1191182337UL, 7UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL }; +// EOF NEWLINE "quit" "ip" "timeout" "names" "name" IPV4 WORD OBJECT "service" +// "http" "ssh" "telnet" "icmp" INT_CONST "tcp" "udp" OBJECT_GROUP "crypto" +// "dns" "no" "certificate" "PIX" "ASA" "hostname" "access-list" "interface" +// "controller" LINE_COMMENT "exit" "nameif" "access-group" COLON_COMMENT +// "nat" "global" "netmask" "static" "norandomseq" +const ANTLR_USE_NAMESPACE(antlr)BitSet PIXCfgParser::_tokenSet_44(_tokenSet_44_data_,12); diff --git a/src/parsers/PIXCfgParser.hpp b/src/parsers/PIXCfgParser.hpp index 1d7567d52..93a28fe42 100644 --- a/src/parsers/PIXCfgParser.hpp +++ b/src/parsers/PIXCfgParser.hpp @@ -100,6 +100,7 @@ public: public: void access_list_commands(); public: void ssh_command(); public: void telnet_command(); + public: void http_command(); public: void icmp_top_level_command(); public: void nat_top_level_command(); public: void global_top_level_command(); @@ -121,6 +122,7 @@ public: public: void no_commands(); public: void timeout_command(); public: void dns_command(); + public: void service_top_level_command(); public: void unknown_command(); public: void ip_protocol_names(); public: void named_object_nat(); @@ -218,10 +220,10 @@ protected: private: static const char* tokenNames[]; #ifndef NO_STATIC_CONSTS - static const int NUM_TOKENS = 186; + static const int NUM_TOKENS = 195; #else enum { - NUM_TOKENS = 186 + NUM_TOKENS = 195 }; #endif @@ -313,6 +315,8 @@ private: static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_42; static const unsigned long _tokenSet_43_data_[]; static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_43; + static const unsigned long _tokenSet_44_data_[]; + static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_44; }; #endif /*INC_PIXCfgParser_hpp_*/ diff --git a/src/parsers/PIXCfgParserTokenTypes.hpp b/src/parsers/PIXCfgParserTokenTypes.hpp index 7ad07837b..c33f0a39a 100644 --- a/src/parsers/PIXCfgParserTokenTypes.hpp +++ b/src/parsers/PIXCfgParserTokenTypes.hpp @@ -43,157 +43,166 @@ struct CUSTOM_API PIXCfgParserTokenTypes { RANGE = 32, SUBNET = 33, SERVICE = 34, - ICMP = 35, - INT_CONST = 36, - ICMP6 = 37, - TCP = 38, - UDP = 39, - SOURCE = 40, - DESTINATION = 41, - OBJECT_GROUP = 42, - GROUP_OBJECT = 43, - NETWORK_OBJECT = 44, - PROTOCOL = 45, - PROTOCOL_OBJECT = 46, - ICMP_OBJECT = 47, - ICMP_TYPE = 48, - TCP_UDP = 49, - SERVICE_OBJECT = 50, - PORT_OBJECT = 51, - CRYPTO = 52, - DNS = 53, - NO = 54, - CERTIFICATE = 55, - PIX_WORD = 56, - ASA_WORD = 57, - VERSION_WORD_CAP = 58, - NUMBER = 59, - HOSTNAME = 60, - STRING = 61, - ACCESS_LIST = 62, - EXTENDED = 63, - PERMIT = 64, - DENY = 65, - STANDARD = 66, - P_EQ = 67, - P_GT = 68, - P_LT = 69, - P_NEQ = 70, - ECHO = 71, - RIP = 72, - SSH = 73, - TELNET = 74, - ESTABLISHED = 75, - ALTERNATE_ADDRESS = 76, - CONVERSION_ERROR = 77, - ECHO_REPLY = 78, - INFORMATION_REPLY = 79, - INFORMATION_REQUEST = 80, - MASK_REPLY = 81, - MASK_REQUEST = 82, - MOBILE_REDIRECT = 83, - PARAMETER_PROBLEM = 84, - REDIRECT = 85, - ROUTER_ADVERTISEMENT = 86, - ROUTER_SOLICITATION = 87, - SOURCE_QUENCH = 88, - TIME_EXCEEDED = 89, - TIMESTAMP_REPLY = 90, - TIMESTAMP_REQUEST = 91, - TRACEROUTE = 92, - UNREACHABLE = 93, - INTRFACE = 94, - ANY = 95, - LOG = 96, - LOG_INPUT = 97, - LOG_LEVEL_ALERTS = 98, - LOG_LEVEL_CRITICAL = 99, - LOG_LEVEL_DEBUGGING = 100, - LOG_LEVEL_EMERGENCIES = 101, - LOG_LEVEL_ERRORS = 102, - LOG_LEVEL_INFORMATIONAL = 103, - LOG_LEVEL_NOTIFICATIONS = 104, - LOG_LEVEL_WARNINGS = 105, - LOG_LEVEL_DISABLE = 106, - LOG_LEVEL_INACTIVE = 107, - INTERVAL = 108, - FRAGMENTS = 109, - TIME_RANGE = 110, - CONTROLLER = 111, - OUTSIDE = 112, - LINE_COMMENT = 113, - EXIT = 114, - AUI = 115, - AUTO = 116, - BNC = 117, - FULL = 118, - BASET = 119, - BASETX = 120, - NAMEIF = 121, - VLAN = 122, - SPEED = 123, - DUPLEX = 124, - DDNS = 125, - FORWARD = 126, - DELAY = 127, - HOLD_TIME = 128, - IPV6_C = 129, - MAC_ADDRESS = 130, - MULTICAST = 131, - PPPOE = 132, - SEC_LEVEL = 133, - SHUTDOWN = 134, - ADDRESS = 135, - DHCP = 136, - STANDBY = 137, - SWITCHPORT = 138, - ACCESS = 139, - SCOPY = 140, - VERSION_WORD_LOW = 141, - REMARK = 142, - ACCESS_GROUP = 143, - COLON_COMMENT = 144, - NAT = 145, - OPENING_PAREN = 146, - CLOSING_PAREN = 147, - COMMA = 148, - GLOBAL = 149, - MINUS = 150, - NETMASK = 151, - STATIC = 152, - NORANDOMSEQ = 153, - SECONDARY = 154, - SETROUTE = 155, - Whitespace = 156, - HEX_CONST = 157, - NEG_INT_CONST = 158, - DIGIT = 159, - HEXDIGIT = 160, - NUMBER_ADDRESS_OR_WORD = 161, - PIPE_CHAR = 162, - NUMBER_SIGN = 163, - PERCENT = 164, - AMPERSAND = 165, - APOSTROPHE = 166, - STAR = 167, - PLUS = 168, - DOT = 169, - SLASH = 170, - COLON = 171, - SEMICOLON = 172, - LESS_THAN = 173, - EQUALS = 174, - GREATER_THAN = 175, - QUESTION = 176, - COMMERCIAL_AT = 177, - OPENING_SQUARE = 178, - CLOSING_SQUARE = 179, - CARET = 180, - UNDERLINE = 181, - OPENING_BRACE = 182, - CLOSING_BRACE = 183, - TILDE = 184, - EXLAMATION = 185, + HTTP = 35, + SSH = 36, + TELNET = 37, + ICMP = 38, + INT_CONST = 39, + ICMP6 = 40, + TCP = 41, + UDP = 42, + SOURCE = 43, + DESTINATION = 44, + OBJECT_GROUP = 45, + GROUP_OBJECT = 46, + NETWORK_OBJECT = 47, + PROTOCOL = 48, + PROTOCOL_OBJECT = 49, + ICMP_OBJECT = 50, + ICMP_TYPE = 51, + TCP_UDP = 52, + SERVICE_OBJECT = 53, + PORT_OBJECT = 54, + CRYPTO = 55, + DNS = 56, + CALL_HOME = 57, + INTERNAL = 58, + PASSWORD_RECOVERY = 59, + RESETINBOUND = 60, + RESETOUTBOUND = 61, + RESETOUTSIDE = 62, + NO = 63, + CERTIFICATE = 64, + PIX_WORD = 65, + ASA_WORD = 66, + VERSION_WORD_CAP = 67, + NUMBER = 68, + HOSTNAME = 69, + STRING = 70, + ACCESS_LIST = 71, + EXTENDED = 72, + PERMIT = 73, + DENY = 74, + STANDARD = 75, + P_EQ = 76, + P_GT = 77, + P_LT = 78, + P_NEQ = 79, + ECHO = 80, + RIP = 81, + ESTABLISHED = 82, + ALTERNATE_ADDRESS = 83, + CONVERSION_ERROR = 84, + ECHO_REPLY = 85, + INFORMATION_REPLY = 86, + INFORMATION_REQUEST = 87, + MASK_REPLY = 88, + MASK_REQUEST = 89, + MOBILE_REDIRECT = 90, + PARAMETER_PROBLEM = 91, + REDIRECT = 92, + ROUTER_ADVERTISEMENT = 93, + ROUTER_SOLICITATION = 94, + SOURCE_QUENCH = 95, + TIME_EXCEEDED = 96, + TIMESTAMP_REPLY = 97, + TIMESTAMP_REQUEST = 98, + TRACEROUTE = 99, + UNREACHABLE = 100, + INTRFACE = 101, + ANY = 102, + LOG = 103, + LOG_INPUT = 104, + LOG_LEVEL_ALERTS = 105, + LOG_LEVEL_CRITICAL = 106, + LOG_LEVEL_DEBUGGING = 107, + LOG_LEVEL_EMERGENCIES = 108, + LOG_LEVEL_ERRORS = 109, + LOG_LEVEL_INFORMATIONAL = 110, + LOG_LEVEL_NOTIFICATIONS = 111, + LOG_LEVEL_WARNINGS = 112, + LOG_LEVEL_DISABLE = 113, + LOG_LEVEL_INACTIVE = 114, + INTERVAL = 115, + FRAGMENTS = 116, + TIME_RANGE = 117, + CONTROLLER = 118, + OUTSIDE = 119, + LINE_COMMENT = 120, + EXIT = 121, + AUI = 122, + AUTO = 123, + BNC = 124, + FULL = 125, + BASET = 126, + BASETX = 127, + NAMEIF = 128, + VLAN = 129, + SPEED = 130, + DUPLEX = 131, + DDNS = 132, + FORWARD = 133, + DELAY = 134, + HOLD_TIME = 135, + IPV6_C = 136, + MAC_ADDRESS = 137, + MULTICAST = 138, + PPPOE = 139, + SEC_LEVEL = 140, + SHUTDOWN = 141, + ADDRESS = 142, + DHCP = 143, + STANDBY = 144, + SWITCHPORT = 145, + ACCESS = 146, + SCOPY = 147, + VERSION_WORD_LOW = 148, + AUTHENTICATION_CERTIFICATE = 149, + SERVER = 150, + REMARK = 151, + ACCESS_GROUP = 152, + COLON_COMMENT = 153, + NAT = 154, + OPENING_PAREN = 155, + CLOSING_PAREN = 156, + COMMA = 157, + GLOBAL = 158, + MINUS = 159, + NETMASK = 160, + STATIC = 161, + NORANDOMSEQ = 162, + SECONDARY = 163, + SETROUTE = 164, + Whitespace = 165, + HEX_CONST = 166, + NEG_INT_CONST = 167, + DIGIT = 168, + HEXDIGIT = 169, + NUMBER_ADDRESS_OR_WORD = 170, + PIPE_CHAR = 171, + NUMBER_SIGN = 172, + PERCENT = 173, + AMPERSAND = 174, + APOSTROPHE = 175, + STAR = 176, + PLUS = 177, + DOT = 178, + SLASH = 179, + COLON = 180, + SEMICOLON = 181, + LESS_THAN = 182, + EQUALS = 183, + GREATER_THAN = 184, + QUESTION = 185, + COMMERCIAL_AT = 186, + OPENING_SQUARE = 187, + CLOSING_SQUARE = 188, + CARET = 189, + UNDERLINE = 190, + OPENING_BRACE = 191, + CLOSING_BRACE = 192, + TILDE = 193, + EXLAMATION = 194, NULL_TREE_LOOKAHEAD = 3 }; #ifdef __cplusplus diff --git a/src/parsers/PIXCfgParserTokenTypes.txt b/src/parsers/PIXCfgParserTokenTypes.txt index 0959815b7..0efbf28b7 100644 --- a/src/parsers/PIXCfgParserTokenTypes.txt +++ b/src/parsers/PIXCfgParserTokenTypes.txt @@ -31,154 +31,163 @@ HOST="host"=31 RANGE="range"=32 SUBNET="subnet"=33 SERVICE="service"=34 -ICMP="icmp"=35 -INT_CONST=36 -ICMP6="icmp6"=37 -TCP="tcp"=38 -UDP="udp"=39 -SOURCE="source"=40 -DESTINATION="destination"=41 -OBJECT_GROUP=42 -GROUP_OBJECT="group-object"=43 -NETWORK_OBJECT="network-object"=44 -PROTOCOL="protocol"=45 -PROTOCOL_OBJECT="protocol-object"=46 -ICMP_OBJECT="icmp-object"=47 -ICMP_TYPE="icmp-type"=48 -TCP_UDP="tcp-udp"=49 -SERVICE_OBJECT="service-object"=50 -PORT_OBJECT="port-object"=51 -CRYPTO="crypto"=52 -DNS="dns"=53 -NO="no"=54 -CERTIFICATE="certificate"=55 -PIX_WORD="PIX"=56 -ASA_WORD="ASA"=57 -VERSION_WORD_CAP="Version"=58 -NUMBER=59 -HOSTNAME="hostname"=60 -STRING=61 -ACCESS_LIST="access-list"=62 -EXTENDED="extended"=63 -PERMIT="permit"=64 -DENY="deny"=65 -STANDARD="standard"=66 -P_EQ="eq"=67 -P_GT="gt"=68 -P_LT="lt"=69 -P_NEQ="neq"=70 -ECHO="echo"=71 -RIP="rip"=72 -SSH="ssh"=73 -TELNET="telnet"=74 -ESTABLISHED="established"=75 -ALTERNATE_ADDRESS="alternate-address"=76 -CONVERSION_ERROR="conversion-error"=77 -ECHO_REPLY="echo-reply"=78 -INFORMATION_REPLY="information-reply"=79 -INFORMATION_REQUEST="information-request"=80 -MASK_REPLY="mask-reply"=81 -MASK_REQUEST="mask-request"=82 -MOBILE_REDIRECT="mobile-redirect"=83 -PARAMETER_PROBLEM="parameter-problem"=84 -REDIRECT="redirect"=85 -ROUTER_ADVERTISEMENT="router-advertisement"=86 -ROUTER_SOLICITATION="router-solicitation"=87 -SOURCE_QUENCH="source-quench"=88 -TIME_EXCEEDED="time-exceeded"=89 -TIMESTAMP_REPLY="timestamp-reply"=90 -TIMESTAMP_REQUEST="timestamp-request"=91 -TRACEROUTE="traceroute"=92 -UNREACHABLE="unreachable"=93 -INTRFACE="interface"=94 -ANY="any"=95 -LOG="log"=96 -LOG_INPUT="log-input"=97 -LOG_LEVEL_ALERTS="alerts"=98 -LOG_LEVEL_CRITICAL="critical"=99 -LOG_LEVEL_DEBUGGING="debugging"=100 -LOG_LEVEL_EMERGENCIES="emergencies"=101 -LOG_LEVEL_ERRORS="errors"=102 -LOG_LEVEL_INFORMATIONAL="informational"=103 -LOG_LEVEL_NOTIFICATIONS="notifications"=104 -LOG_LEVEL_WARNINGS="warnings"=105 -LOG_LEVEL_DISABLE="disable"=106 -LOG_LEVEL_INACTIVE="inactive"=107 -INTERVAL="interval"=108 -FRAGMENTS="fragments"=109 -TIME_RANGE="time-range"=110 -CONTROLLER="controller"=111 -OUTSIDE="outside"=112 -LINE_COMMENT=113 -EXIT="exit"=114 -AUI="aui"=115 -AUTO="auto"=116 -BNC="bnc"=117 -FULL="full"=118 -BASET="baseT"=119 -BASETX="baseTX"=120 -NAMEIF="nameif"=121 -VLAN="vlan"=122 -SPEED="speed"=123 -DUPLEX="duplex"=124 -DDNS="ddns"=125 -FORWARD="forward"=126 -DELAY="delay"=127 -HOLD_TIME="hold-time"=128 -IPV6_C="ipv6"=129 -MAC_ADDRESS="mac-address"=130 -MULTICAST="multicast"=131 -PPPOE=132 -SEC_LEVEL="security-level"=133 -SHUTDOWN="shutdown"=134 -ADDRESS="address"=135 -DHCP="dhcp"=136 -STANDBY="standby"=137 -SWITCHPORT="switchport"=138 -ACCESS="access"=139 -SCOPY="scopy"=140 -VERSION_WORD_LOW="version"=141 -REMARK="remark"=142 -ACCESS_GROUP="access-group"=143 -COLON_COMMENT=144 -NAT="nat"=145 -OPENING_PAREN=146 -CLOSING_PAREN=147 -COMMA=148 -GLOBAL="global"=149 -MINUS=150 -NETMASK="netmask"=151 -STATIC="static"=152 -NORANDOMSEQ="norandomseq"=153 -SECONDARY="secondary"=154 -SETROUTE="setroute"=155 -Whitespace=156 -HEX_CONST=157 -NEG_INT_CONST=158 -DIGIT=159 -HEXDIGIT=160 -NUMBER_ADDRESS_OR_WORD=161 -PIPE_CHAR=162 -NUMBER_SIGN=163 -PERCENT=164 -AMPERSAND=165 -APOSTROPHE=166 -STAR=167 -PLUS=168 -DOT=169 -SLASH=170 -COLON=171 -SEMICOLON=172 -LESS_THAN=173 -EQUALS=174 -GREATER_THAN=175 -QUESTION=176 -COMMERCIAL_AT=177 -OPENING_SQUARE=178 -CLOSING_SQUARE=179 -CARET=180 -UNDERLINE=181 -OPENING_BRACE=182 -CLOSING_BRACE=183 -TILDE=184 -EXLAMATION=185 +HTTP="http"=35 +SSH="ssh"=36 +TELNET="telnet"=37 +ICMP="icmp"=38 +INT_CONST=39 +ICMP6="icmp6"=40 +TCP="tcp"=41 +UDP="udp"=42 +SOURCE="source"=43 +DESTINATION="destination"=44 +OBJECT_GROUP=45 +GROUP_OBJECT="group-object"=46 +NETWORK_OBJECT="network-object"=47 +PROTOCOL="protocol"=48 +PROTOCOL_OBJECT="protocol-object"=49 +ICMP_OBJECT="icmp-object"=50 +ICMP_TYPE="icmp-type"=51 +TCP_UDP="tcp-udp"=52 +SERVICE_OBJECT="service-object"=53 +PORT_OBJECT="port-object"=54 +CRYPTO="crypto"=55 +DNS="dns"=56 +CALL_HOME="call-home"=57 +INTERNAL="internal"=58 +PASSWORD_RECOVERY="password-recovery"=59 +RESETINBOUND="resetinbound"=60 +RESETOUTBOUND="resetoutbound"=61 +RESETOUTSIDE="resetoutside"=62 +NO="no"=63 +CERTIFICATE="certificate"=64 +PIX_WORD="PIX"=65 +ASA_WORD="ASA"=66 +VERSION_WORD_CAP="Version"=67 +NUMBER=68 +HOSTNAME="hostname"=69 +STRING=70 +ACCESS_LIST="access-list"=71 +EXTENDED="extended"=72 +PERMIT="permit"=73 +DENY="deny"=74 +STANDARD="standard"=75 +P_EQ="eq"=76 +P_GT="gt"=77 +P_LT="lt"=78 +P_NEQ="neq"=79 +ECHO="echo"=80 +RIP="rip"=81 +ESTABLISHED="established"=82 +ALTERNATE_ADDRESS="alternate-address"=83 +CONVERSION_ERROR="conversion-error"=84 +ECHO_REPLY="echo-reply"=85 +INFORMATION_REPLY="information-reply"=86 +INFORMATION_REQUEST="information-request"=87 +MASK_REPLY="mask-reply"=88 +MASK_REQUEST="mask-request"=89 +MOBILE_REDIRECT="mobile-redirect"=90 +PARAMETER_PROBLEM="parameter-problem"=91 +REDIRECT="redirect"=92 +ROUTER_ADVERTISEMENT="router-advertisement"=93 +ROUTER_SOLICITATION="router-solicitation"=94 +SOURCE_QUENCH="source-quench"=95 +TIME_EXCEEDED="time-exceeded"=96 +TIMESTAMP_REPLY="timestamp-reply"=97 +TIMESTAMP_REQUEST="timestamp-request"=98 +TRACEROUTE="traceroute"=99 +UNREACHABLE="unreachable"=100 +INTRFACE="interface"=101 +ANY="any"=102 +LOG="log"=103 +LOG_INPUT="log-input"=104 +LOG_LEVEL_ALERTS="alerts"=105 +LOG_LEVEL_CRITICAL="critical"=106 +LOG_LEVEL_DEBUGGING="debugging"=107 +LOG_LEVEL_EMERGENCIES="emergencies"=108 +LOG_LEVEL_ERRORS="errors"=109 +LOG_LEVEL_INFORMATIONAL="informational"=110 +LOG_LEVEL_NOTIFICATIONS="notifications"=111 +LOG_LEVEL_WARNINGS="warnings"=112 +LOG_LEVEL_DISABLE="disable"=113 +LOG_LEVEL_INACTIVE="inactive"=114 +INTERVAL="interval"=115 +FRAGMENTS="fragments"=116 +TIME_RANGE="time-range"=117 +CONTROLLER="controller"=118 +OUTSIDE="outside"=119 +LINE_COMMENT=120 +EXIT="exit"=121 +AUI="aui"=122 +AUTO="auto"=123 +BNC="bnc"=124 +FULL="full"=125 +BASET="baseT"=126 +BASETX="baseTX"=127 +NAMEIF="nameif"=128 +VLAN="vlan"=129 +SPEED="speed"=130 +DUPLEX="duplex"=131 +DDNS="ddns"=132 +FORWARD="forward"=133 +DELAY="delay"=134 +HOLD_TIME="hold-time"=135 +IPV6_C="ipv6"=136 +MAC_ADDRESS="mac-address"=137 +MULTICAST="multicast"=138 +PPPOE=139 +SEC_LEVEL="security-level"=140 +SHUTDOWN="shutdown"=141 +ADDRESS="address"=142 +DHCP="dhcp"=143 +STANDBY="standby"=144 +SWITCHPORT="switchport"=145 +ACCESS="access"=146 +SCOPY="scopy"=147 +VERSION_WORD_LOW="version"=148 +AUTHENTICATION_CERTIFICATE="authentication-certificate"=149 +SERVER="server"=150 +REMARK="remark"=151 +ACCESS_GROUP="access-group"=152 +COLON_COMMENT=153 +NAT="nat"=154 +OPENING_PAREN=155 +CLOSING_PAREN=156 +COMMA=157 +GLOBAL="global"=158 +MINUS=159 +NETMASK="netmask"=160 +STATIC="static"=161 +NORANDOMSEQ="norandomseq"=162 +SECONDARY="secondary"=163 +SETROUTE="setroute"=164 +Whitespace=165 +HEX_CONST=166 +NEG_INT_CONST=167 +DIGIT=168 +HEXDIGIT=169 +NUMBER_ADDRESS_OR_WORD=170 +PIPE_CHAR=171 +NUMBER_SIGN=172 +PERCENT=173 +AMPERSAND=174 +APOSTROPHE=175 +STAR=176 +PLUS=177 +DOT=178 +SLASH=179 +COLON=180 +SEMICOLON=181 +LESS_THAN=182 +EQUALS=183 +GREATER_THAN=184 +QUESTION=185 +COMMERCIAL_AT=186 +OPENING_SQUARE=187 +CLOSING_SQUARE=188 +CARET=189 +UNDERLINE=190 +OPENING_BRACE=191 +CLOSING_BRACE=192 +TILDE=193 +EXLAMATION=194 diff --git a/src/parsers/pix.g b/src/parsers/pix.g index 711e9c1af..f4e5200e5 100644 --- a/src/parsers/pix.g +++ b/src/parsers/pix.g @@ -132,6 +132,8 @@ cfgfile : ssh_command | telnet_command + | + http_command | icmp_top_level_command | @@ -174,6 +176,8 @@ cfgfile : timeout_command | dns_command + | + service_top_level_command | unknown_command | @@ -355,14 +359,19 @@ subnet_addr : (SUBNET ((a:IPV4 nm:IPV4) | v6:IPV6)) //**************************************************************** -named_object_service : OBJECT SERVICE name:WORD NEWLINE +// Unfortunately any keyword can be used as named object name +// +named_object_service : OBJECT SERVICE { importer->clear(); importer->setCurrentLineNumber(LT(0)->getLine()); - importer->newNamedObjectService(name->getText()); - *dbg << name->getLine() << ":" - << " Named Object " << name->getText() << std::endl; } + (WORD | HTTP | SSH | TELNET) + { + importer->newNamedObjectService(LT(0)->getText()); + *dbg << " NAMED OBJECT " << LT(0)->getText() << std::endl; + } + NEWLINE ( named_object_service_parameters )* @@ -815,6 +824,29 @@ dns_command : DNS } ; +//**************************************************************** +// +//asa5505(config)# service ? +// +// call-home Enable or disable Smart Call-Home +// internal Advanced settings (use only under Cisco supervision) +// password-recovery Password recovery configuration +// resetinbound Send reset to a denied inbound TCP packet +// resetoutbound Send reset to a denied outbound TCP packet +// resetoutside Send reset to a denied TCP packet to outside interface + +service_top_level_command : SERVICE + ( CALL_HOME | + INTERNAL | + PASSWORD_RECOVERY | + RESETINBOUND | + RESETOUTBOUND | + RESETOUTSIDE ) + { + consumeUntil(NEWLINE); + } + ; + //**************************************************************** no_commands : NO { @@ -1662,7 +1694,7 @@ ssh_command : SSH | SCOPY | - VERSION_WORD_LOW + VERSION_WORD_LOW INT_CONST | ( hostaddr_expr @@ -1722,6 +1754,45 @@ telnet_command : TELNET ) ; +// pretend ssh commands are rules in access lists with names +// "htto_commands_" + interface_label +http_command : HTTP + { + importer->clear(); + } + ( + ( AUTHENTICATION_CERTIFICATE | REDIRECT | SERVER ) + { + consumeUntil(NEWLINE); + } + | + ( + hostaddr_expr + { + importer->SaveTmpAddrToSrc(); + } + interface_label + ) + { + std::string intf_label = LT(0)->getText(); + std::string acl_name = "http_commands_" + intf_label; + importer->setCurrentLineNumber(LT(0)->getLine()); + importer->newUnidirRuleSet(acl_name, + libfwbuilder::Policy::TYPENAME ); + importer->newPolicyRule(); + importer->action = "permit"; + importer->setDstSelf(); + importer->protocol = "tcp"; + importer->dst_port_op = "eq"; + importer->dst_port_spec = "www"; + importer->setInterfaceAndDirectionForRuleSet( + acl_name, intf_label, "in" ); + importer->pushRule(); + *dbg << std::endl; + } + ) + ; + // icmp command is non-determenistic syntactically because WORD can be // used as a name of icmp type or as interface label. I am going to @@ -2316,6 +2387,17 @@ tokens NORANDOMSEQ = "norandomseq"; SCOPY = "scopy"; + + CALL_HOME = "call-home"; + INTERNAL = "internal"; + PASSWORD_RECOVERY = "password-recovery"; + RESETINBOUND = "resetinbound"; + RESETOUTBOUND = "resetoutbound"; + RESETOUTSIDE = "resetoutside"; + + HTTP = "http"; + AUTHENTICATION_CERTIFICATE = "authentication-certificate"; + SERVER = "server"; } LINE_COMMENT : "!" (~('\r' | '\n'))* NEWLINE ; diff --git a/src/unit_tests/PIXImporterTest/test_data/asa8.3-objects-and-groups.fwb b/src/unit_tests/PIXImporterTest/test_data/asa8.3-objects-and-groups.fwb index ccb1215cd..c1c666b57 100644 --- a/src/unit_tests/PIXImporterTest/test_data/asa8.3-objects-and-groups.fwb +++ b/src/unit_tests/PIXImporterTest/test_data/asa8.3-objects-and-groups.fwb @@ -1,6 +1,6 @@ - + @@ -442,36 +442,36 @@ - + - + - + - + - + - + - + - + @@ -495,90 +495,90 @@ - - + + - - + + - - + + - - + + - - + + - + - + - + - + - - + - - - - - - - - + + + + + + + + + - - + + - - + - + + - + - - - - - + - + - + + + + + @@ -594,248 +594,249 @@ - - + - - + + - - - - - + + - - + + + + + + - + - - + + - - + + - + - - + + - - + + - + - - + - - + + - - + + - - + + - - + + - - + + - - + + + - - + + - + - + - + - + - + - - + + - + - - - + + + - - - - - - - + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - + + + - - - + + + - - + + @@ -846,7 +847,7 @@ - + @@ -857,17 +858,17 @@ - + - + - - + + - + @@ -888,7 +889,7 @@ - - + + diff --git a/src/unit_tests/PIXImporterTest/test_data/asa8.3-objects-and-groups.output b/src/unit_tests/PIXImporterTest/test_data/asa8.3-objects-and-groups.output index 3168260da..0957763b9 100644 --- a/src/unit_tests/PIXImporterTest/test_data/asa8.3-objects-and-groups.output +++ b/src/unit_tests/PIXImporterTest/test_data/asa8.3-objects-and-groups.output @@ -45,64 +45,65 @@ 95: Named object (address) host-1 99: Named object (service) smtp 101: Named object (service) http -103: Named object (service) squid -105: Named object (service) smtps -108: Named object (service) icmp1 -110: Named object (service) icmp2 -112: Named object (service) ip5 -116: Named object (service) tcp-src-1 -118: Named object (service) tcp-src-2 -120: Named object (service) tcp-src-3 -122: Named object (service) tcp-src-4 -124: Named object (service) tcp-src-5 -127: Named object (service) tcp-dst-1 -129: Named object (service) tcp-dst-2 -131: Named object (service) tcp-dst-3 -133: Named object (service) tcp-dst-4 -135: Named object (service) tcp-dst-5 -139: Named object (service) tcp-src-dst-1 -141: Named object (service) tcp-src-dst-2 -143: Named object (service) tcp-src-dst-3 -145: Named object (service) tcp-src-dst-4 -147: Named object (service) tcp-src-dst-5 -151: Named object (service) udp-src-1 -153: Named object (service) udp-src-2 -155: Named object (service) udp-src-3 -157: Named object (service) udp-src-4 -159: Named object (service) udp-src-5 -162: Named object (service) udp-dst-1 -164: Named object (service) udp-dst-2 -166: Named object (service) udp-dst-3 -168: Named object (service) udp-dst-4 -170: Named object (service) udp-dst-5 -174: Named object (service) ip1 -176: Named object (service) ip2 -178: Named object (service) icmp6-1 -179: Parser warning: Import of IPv6 addresses and servcies is not supported at this time -182: Named object (service) ip3 -183: Parser warning: Unknown service name some_weird_protocol -187: Named object (service) ip4 -190: Object Group (network) outside.id178211X29963.osrc.net.0 -193: Object Group (network) outside.id21353X4994.osrc.net.0 -197: Object Group (network) outside.id77971X5929.osrc.net.1 -200: Object Group (network) outside.id77971X5929.odst.net.1 -203: Object Group (network) outside.id77971X5929.tsrc.net.1 -206: Object Group (network) outside.id77971X5929.osrc.net.0 -209: Object Group (network) outside.id77971X5929.odst.net.0 -212: Object Group (network) outside.id77971X5929.tsrc.net.0 -216: Object Group (service) outside.id77971X5929.osrv.1 -220: Object Group (service) sg1 -225: Object Group (service) sg2 -229: Object Group (service) sg3 -235: Object Group (service) sg4 -240: Object Group (service) sg5 -251: Object Group (service) combo-group-1 -255: Object Group (service) neq-group-2 -271: Object Group (protocol) pg1 -276: Object Group (protocol) pg2 -281: Object Group (icmp) ig1 -284: Object Group (icmp) ig2 -287: Object Group (icmp) ig3 -293: Object Group (service) id5102X14531.srv.tcp.0 -298: Object Group (service) tcp-udp-1 -302: Interface Vlan1 ruleset inside_in direction 'in' +103: Named object (service) ssh +105: Named object (service) squid +107: Named object (service) smtps +110: Named object (service) icmp1 +112: Named object (service) icmp2 +114: Named object (service) ip5 +118: Named object (service) tcp-src-1 +120: Named object (service) tcp-src-2 +122: Named object (service) tcp-src-3 +124: Named object (service) tcp-src-4 +126: Named object (service) tcp-src-5 +129: Named object (service) tcp-dst-1 +131: Named object (service) tcp-dst-2 +133: Named object (service) tcp-dst-3 +135: Named object (service) tcp-dst-4 +137: Named object (service) tcp-dst-5 +141: Named object (service) tcp-src-dst-1 +143: Named object (service) tcp-src-dst-2 +145: Named object (service) tcp-src-dst-3 +147: Named object (service) tcp-src-dst-4 +149: Named object (service) tcp-src-dst-5 +153: Named object (service) udp-src-1 +155: Named object (service) udp-src-2 +157: Named object (service) udp-src-3 +159: Named object (service) udp-src-4 +161: Named object (service) udp-src-5 +164: Named object (service) udp-dst-1 +166: Named object (service) udp-dst-2 +168: Named object (service) udp-dst-3 +170: Named object (service) udp-dst-4 +172: Named object (service) udp-dst-5 +176: Named object (service) ip1 +178: Named object (service) ip2 +180: Named object (service) icmp6-1 +181: Parser warning: Import of IPv6 addresses and servcies is not supported at this time +184: Named object (service) ip3 +185: Parser warning: Unknown service name some_weird_protocol +189: Named object (service) ip4 +192: Object Group (network) outside.id178211X29963.osrc.net.0 +195: Object Group (network) outside.id21353X4994.osrc.net.0 +199: Object Group (network) outside.id77971X5929.osrc.net.1 +202: Object Group (network) outside.id77971X5929.odst.net.1 +205: Object Group (network) outside.id77971X5929.tsrc.net.1 +208: Object Group (network) outside.id77971X5929.osrc.net.0 +211: Object Group (network) outside.id77971X5929.odst.net.0 +214: Object Group (network) outside.id77971X5929.tsrc.net.0 +218: Object Group (service) outside.id77971X5929.osrv.1 +222: Object Group (service) sg1 +227: Object Group (service) sg2 +231: Object Group (service) sg3 +237: Object Group (service) sg4 +242: Object Group (service) sg5 +253: Object Group (service) combo-group-1 +257: Object Group (service) neq-group-2 +273: Object Group (protocol) pg1 +278: Object Group (protocol) pg2 +283: Object Group (icmp) ig1 +286: Object Group (icmp) ig2 +289: Object Group (icmp) ig3 +295: Object Group (service) id5102X14531.srv.tcp.0 +300: Object Group (service) tcp-udp-1 +304: Interface Vlan1 ruleset inside_in direction 'in' diff --git a/src/unit_tests/PIXImporterTest/test_data/asa8.3-objects-and-groups.test b/src/unit_tests/PIXImporterTest/test_data/asa8.3-objects-and-groups.test index 16eb15eae..ecc20f76f 100644 --- a/src/unit_tests/PIXImporterTest/test_data/asa8.3-objects-and-groups.test +++ b/src/unit_tests/PIXImporterTest/test_data/asa8.3-objects-and-groups.test @@ -100,6 +100,8 @@ object service smtp service tcp destination eq smtp object service http service tcp destination eq www +object service ssh + service tcp destination eq 22 object service squid service tcp destination eq 3128 object service smtps diff --git a/src/unit_tests/PIXImporterTest/test_data/asa8.3.fwb b/src/unit_tests/PIXImporterTest/test_data/asa8.3.fwb index 8e7bcffbc..c86d0de82 100644 --- a/src/unit_tests/PIXImporterTest/test_data/asa8.3.fwb +++ b/src/unit_tests/PIXImporterTest/test_data/asa8.3.fwb @@ -1,6 +1,6 @@ - + @@ -433,52 +433,56 @@ + - - - - - - - - - - + + + + + + + + + + + + - + - - - - - + + + + + - - + + + - - - - + + + + - - - + + + - - + + - + - + - + - + @@ -487,18 +491,78 @@ - + + + + + + + + + + + + + + + + + + + + + - + - + - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -509,8 +573,8 @@ - - + + @@ -518,7 +582,7 @@ - + @@ -532,20 +596,20 @@ - + - + - - + + - + - + @@ -566,7 +630,7 @@ - - + + diff --git a/src/unit_tests/PIXImporterTest/test_data/asa8.3.output b/src/unit_tests/PIXImporterTest/test_data/asa8.3.output index 167f5c0c2..b6073060c 100644 --- a/src/unit_tests/PIXImporterTest/test_data/asa8.3.output +++ b/src/unit_tests/PIXImporterTest/test_data/asa8.3.output @@ -37,5 +37,8 @@ Warning: interface Ethernet0/7 was not imported because it is in "shutdown" mode 56: Named object (address) internal_subnet_2 59: Named object (address) Internal_net 61: Named object (address) hostA:eth0 -92: Interface Vlan1 ruleset ssh_commands_inside direction 'in' -93: Interface Vlan1 ruleset ssh_commands_inside direction 'in' +84: Interface Vlan1 ruleset http_commands_inside direction 'in' +85: Interface Vlan1 ruleset http_commands_inside direction 'in' +86: Interface Vlan1 ruleset http_commands_inside direction 'in' +95: Interface Vlan1 ruleset ssh_commands_inside direction 'in' +96: Interface Vlan1 ruleset ssh_commands_inside direction 'in' diff --git a/src/unit_tests/PIXImporterTest/test_data/asa8.3.test b/src/unit_tests/PIXImporterTest/test_data/asa8.3.test index 79af89f99..cd9af2e89 100755 --- a/src/unit_tests/PIXImporterTest/test_data/asa8.3.test +++ b/src/unit_tests/PIXImporterTest/test_data/asa8.3.test @@ -82,9 +82,12 @@ dynamic-access-policy-record DfltAccessPolicy aaa authentication ssh console LOCAL http server enable http 192.168.1.0 255.255.255.0 inside +http 10.0.0.0 255.255.255.0 inside +http 10.1.1.1 255.255.255.255 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart +service resetinbound interface outside crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 telnet timeout 5 @@ -101,7 +104,35 @@ no threat-detection statistics tcp-intercept webvpn username foo password AAAAAAAAAAAAAAAA encrypted privilege 15 ! +class-map inspection_default + match default-inspection-traffic ! +! +policy-map global_policy + class inspection_default + inspect ctiqbe + inspect dns + inspect ftp + inspect h323 h225 + inspect h323 ras + inspect http + inspect icmp + inspect ils + inspect mgcp + inspect rsh + inspect rtsp + inspect sip + inspect skinny + inspect esmtp + inspect sqlnet + inspect tftp +policy-map type inspect ip-options ip-options-map + parameters + eool action allow + nop action allow + router-alert action allow +! +service-policy global_policy global prompt hostname context call-home profile CiscoTAC-1