onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-23 19:57:21 +01:00
Code Issues Releases Wiki Activity

see #2275 fixed parser to match a combination of any number of states separated by comma

Browse Source
This commit is contained in:
Vadim Kurland 2011-04-15 16:58:15 -07:00
parent ef3485df4a
commit fbf7f4e6da
6 changed files with 2006 additions and 1983 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
src/parsers/IPTCfgLexer.cpp
View File

@ -997,10 +997,10 @@ void IPTCfgLexer::mNUMBER(bool _createToken) {
_ttype = NUMBER;
ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
bool synPredMatched185 = false;
bool synPredMatched186 = false;
if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (_tokenSet_2.member(LA(2))) && (_tokenSet_2.member(LA(3))) && (_tokenSet_2.member(LA(4))) && (_tokenSet_2.member(LA(5))) && (_tokenSet_2.member(LA(6))) && (_tokenSet_2.member(LA(7))) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true))) {
int _m185 = mark();
synPredMatched185 = true;
int _m186 = mark();
synPredMatched186 = true;
inputState->guessing++;
try {
{
@ -1011,12 +1011,12 @@ void IPTCfgLexer::mNUMBER(bool _createToken) {
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) {
synPredMatched185 = false;
synPredMatched186 = false;
}
rewind(_m185);
rewind(_m186);
inputState->guessing--;
}
if ( synPredMatched185 ) {
if ( synPredMatched186 ) {
{
mNUM_3DIGIT(false);
match('.' /* charlit */ );
@ -1033,10 +1033,10 @@ void IPTCfgLexer::mNUMBER(bool _createToken) {
}
}
else {
bool synPredMatched188 = false;
bool synPredMatched189 = false;
if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (_tokenSet_2.member(LA(2))) && (_tokenSet_2.member(LA(3))) && (_tokenSet_2.member(LA(4))) && (_tokenSet_2.member(LA(5))) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true))) {
int _m188 = mark();
synPredMatched188 = true;
int _m189 = mark();
synPredMatched189 = true;
inputState->guessing++;
try {
{
@ -1047,12 +1047,12 @@ void IPTCfgLexer::mNUMBER(bool _createToken) {
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) {
synPredMatched188 = false;
synPredMatched189 = false;
}
rewind(_m188);
rewind(_m189);
inputState->guessing--;
}
if ( synPredMatched188 ) {
if ( synPredMatched189 ) {
{
mNUM_3DIGIT(false);
match('.' /* charlit */ );
@ -1071,18 +1071,18 @@ void IPTCfgLexer::mNUMBER(bool _createToken) {
match('0' /* charlit */ );
match('x' /* charlit */ );
{ // ( ... )+
int _cnt192=0;
int _cnt193=0;
for (;;) {
if ((_tokenSet_1.member(LA(1)))) {
mHEXDIGIT(false);
}
else {
if ( _cnt192>=1 ) { goto _loop192; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
if ( _cnt193>=1 ) { goto _loop193; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt192++;
_cnt193++;
}
_loop192:;
_loop193:;
} // ( ... )+
}
if ( inputState->guessing==0 ) {
@ -1093,18 +1093,18 @@ void IPTCfgLexer::mNUMBER(bool _createToken) {
}
else if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true)) {
{ // ( ... )+
int _cnt194=0;
int _cnt195=0;
for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mDIGIT(false);
}
else {
if ( _cnt194>=1 ) { goto _loop194; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
if ( _cnt195>=1 ) { goto _loop195; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt194++;
_cnt195++;
}
_loop194:;
_loop195:;
} // ( ... )+
if ( inputState->guessing==0 ) {
#line 1316 "iptables.g"
@ -1362,11 +1362,11 @@ void IPTCfgLexer::mWORD(bool _createToken) {
}
default:
{
goto _loop198;
goto _loop199;
}
}
}
_loop198:;
_loop199:;
} // ( ... )*
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
@ -1388,11 +1388,11 @@ void IPTCfgLexer::mSTRING(bool _createToken) {
matchNot('\"' /* charlit */ );
}
else {
goto _loop201;
goto _loop202;
}
}
_loop201:;
_loop202:;
} // ( ... )*
match('\"' /* charlit */ );
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {

242
src/parsers/IPTCfgParser.cpp
View File

@ -720,18 +720,18 @@ void IPTCfgParser::match_recent() {
match(OPT_MODULE);
m_recent();
{ // ( ... )+
int _cnt94=0;
int _cnt95=0;
for (;;) {
if (((LA(1) >= MATCH_RECENT_SET && LA(1) <= MATCH_RECENT_HITCOUNT))) {
recent_opts();
}
else {
if ( _cnt94>=1 ) { goto _loop94; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());}
if ( _cnt95>=1 ) { goto _loop95; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());}
}
_cnt94++;
_cnt95++;
}
_loop94:;
_loop95:;
} // ( ... )+
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@ -1428,11 +1428,11 @@ void IPTCfgParser::multiport_tcp_udp_port_spec() {
}
}
else {
goto _loop113;
goto _loop114;
}
}
_loop113:;
_loop114:;
} // ( ... )*
}
break;
@ -1471,11 +1471,11 @@ void IPTCfgParser::multiport_tcp_udp_port_spec() {
}
}
else {
goto _loop116;
goto _loop117;
}
}
_loop116:;
_loop117:;
} // ( ... )*
}
break;
@ -1514,11 +1514,11 @@ void IPTCfgParser::multiport_tcp_udp_port_spec() {
}
}
else {
goto _loop119;
goto _loop120;
}
}
_loop119:;
_loop120:;
} // ( ... )*
}
break;
@ -2110,64 +2110,32 @@ void IPTCfgParser::m_state() {
#line 2112 "IPTCfgParser.cpp"
}
{
switch ( LA(1)) {
case COMMA:
{
match(COMMA);
state_word();
if ( inputState->guessing==0 ) {
{ // ( ... )*
for (;;) {
if ((LA(1) == COMMA)) {
match(COMMA);
state_word();
if ( inputState->guessing==0 ) {
#line 703 "iptables.g"
importer->current_state += std::string(",") + LT(0)->getText();
#line 2125 "IPTCfgParser.cpp"
importer->current_state += std::string(",") + LT(0)->getText();
#line 2124 "IPTCfgParser.cpp"
}
}
break;
}
case NEWLINE:
case MINUS:
case EXCLAMATION:
case UNSUPPORTED_OPTION:
case OPT_MODULE:
case OPT_SRC:
case OPT_DST:
case OPT_IN_INTF:
case OPT_OUT_INTF:
case OPT_PROTO:
case OPT_TARGET:
case OPT_FRAGM:
case MATCH_LIMIT:
case MATCH_LIMIT_BURST:
case MATCH_IPRANGE_SRC:
case MATCH_IPRANGE_DST:
case MATCH_LENGTH:
case MATCH_SRC_MULTIPORT:
case MATCH_DST_MULTIPORT:
case MATCH_BOTH_MULTIPORT:
case MATCH_ICMP_TYPE:
case MATCH_SRC_PORT:
case MATCH_SRC_PORT_SHORT:
case MATCH_DST_PORT:
case MATCH_DST_PORT_SHORT:
case MATCH_SYN:
case MATCH_TCP_FLAGS:
case MATCH_TCP_OPTION:
{
break;
}
default:
{
throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
}
}
else {
goto _loop76;
}
}
_loop76:;
} // ( ... )*
if ( inputState->guessing==0 ) {
#line 707 "iptables.g"
*dbg << " STATE MATCH=" << importer->current_state;
#line 2171 "IPTCfgParser.cpp"
#line 2139 "IPTCfgParser.cpp"
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@ -2189,7 +2157,7 @@ void IPTCfgParser::m_mport() {
*dbg << " MULTIPORT";
#line 2193 "IPTCfgParser.cpp"
#line 2161 "IPTCfgParser.cpp"
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@ -2212,7 +2180,7 @@ void IPTCfgParser::m_icmp() {
importer->protocol = "icmp";
*dbg << " ICMP";
#line 2216 "IPTCfgParser.cpp"
#line 2184 "IPTCfgParser.cpp"
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@ -2235,7 +2203,7 @@ void IPTCfgParser::m_tcp() {
importer->protocol = "tcp";
*dbg << " TCP";
#line 2239 "IPTCfgParser.cpp"
#line 2207 "IPTCfgParser.cpp"
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@ -2258,7 +2226,7 @@ void IPTCfgParser::m_udp() {
importer->protocol = "udp";
*dbg << " UDP";
#line 2262 "IPTCfgParser.cpp"
#line 2230 "IPTCfgParser.cpp"
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@ -2280,7 +2248,7 @@ void IPTCfgParser::m_limit() {
*dbg << " LIMIT";
#line 2284 "IPTCfgParser.cpp"
#line 2252 "IPTCfgParser.cpp"
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@ -2302,7 +2270,7 @@ void IPTCfgParser::m_length() {
*dbg << " LENGTH";
#line 2306 "IPTCfgParser.cpp"
#line 2274 "IPTCfgParser.cpp"
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@ -2324,7 +2292,7 @@ void IPTCfgParser::m_iprange() {
*dbg << " IPRANGE";
#line 2328 "IPTCfgParser.cpp"
#line 2296 "IPTCfgParser.cpp"
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@ -2348,7 +2316,7 @@ void IPTCfgParser::m_comment() {
*dbg << " COMMENT=" << LT(0)->getText();
#line 2352 "IPTCfgParser.cpp"
#line 2320 "IPTCfgParser.cpp"
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@ -2389,7 +2357,7 @@ void IPTCfgParser::m_unknown_module() {
importer->reportError(
std::string("Unknown module: ")+LT(0)->getText());
#line 2393 "IPTCfgParser.cpp"
#line 2361 "IPTCfgParser.cpp"
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@ -2464,7 +2432,7 @@ void IPTCfgParser::target_options() {
importer->action_params["reject_with"] = LT(0)->getText();
*dbg << " REJECT WITH=" << LT(0)->getText();
#line 2468 "IPTCfgParser.cpp"
#line 2436 "IPTCfgParser.cpp"
}
break;
}
@ -2495,7 +2463,7 @@ void IPTCfgParser::target_options() {
importer->action_params["log_prefix"] = LT(0)->getText();
*dbg << " LOG PREFIX=" << LT(0)->getText();
#line 2499 "IPTCfgParser.cpp"
#line 2467 "IPTCfgParser.cpp"
}
break;
}
@ -2508,7 +2476,7 @@ void IPTCfgParser::target_options() {
importer->action_params["log_tcp_seq"] = LT(0)->getText();
*dbg << " LOG TCP SEQUENCE=";
#line 2512 "IPTCfgParser.cpp"
#line 2480 "IPTCfgParser.cpp"
}
break;
}
@ -2521,7 +2489,7 @@ void IPTCfgParser::target_options() {
importer->action_params["log_tcp_options"] = LT(0)->getText();
*dbg << " LOG TCP OPTIONS=";
#line 2525 "IPTCfgParser.cpp"
#line 2493 "IPTCfgParser.cpp"
}
break;
}
@ -2534,7 +2502,7 @@ void IPTCfgParser::target_options() {
importer->action_params["log_ip_options"] = LT(0)->getText();
*dbg << " LOG IP OPTIONS=";
#line 2538 "IPTCfgParser.cpp"
#line 2506 "IPTCfgParser.cpp"
}
break;
}
@ -2565,7 +2533,7 @@ void IPTCfgParser::target_options() {
importer->action_params["log_prefix"] = LT(0)->getText();
*dbg << " ULOG PREFIX=" << LT(0)->getText();
#line 2569 "IPTCfgParser.cpp"
#line 2537 "IPTCfgParser.cpp"
}
break;
}
@ -2596,7 +2564,7 @@ void IPTCfgParser::target_options() {
importer->action_params["log_level"] = LT(0)->getText();
*dbg << " LOG LEVEL=" << LT(0)->getText();
#line 2600 "IPTCfgParser.cpp"
#line 2568 "IPTCfgParser.cpp"
}
break;
}
@ -2627,7 +2595,7 @@ void IPTCfgParser::target_options() {
importer->action_params["set_mark"] = LT(0)->getText();
*dbg << " SET MARK=" << LT(0)->getText();
#line 2631 "IPTCfgParser.cpp"
#line 2599 "IPTCfgParser.cpp"
}
break;
}
@ -2640,7 +2608,7 @@ void IPTCfgParser::target_options() {
importer->action_params["connmark_save_mark"] = "--save-mark";
*dbg << " SAVE MARK";
#line 2644 "IPTCfgParser.cpp"
#line 2612 "IPTCfgParser.cpp"
}
break;
}
@ -2653,7 +2621,7 @@ void IPTCfgParser::target_options() {
importer->action_params["connmark_restore_mark"] = "--restore-mark";
*dbg << " RESTORE MARK";
#line 2657 "IPTCfgParser.cpp"
#line 2625 "IPTCfgParser.cpp"
}
break;
}
@ -2666,7 +2634,7 @@ void IPTCfgParser::target_options() {
importer->action_params["route_continue"] = "--continue";
*dbg << " CONTINUE";
#line 2670 "IPTCfgParser.cpp"
#line 2638 "IPTCfgParser.cpp"
}
break;
}
@ -2680,7 +2648,7 @@ void IPTCfgParser::target_options() {
importer->action_params["route_iif"] = LT(0)->getText();
*dbg << " ROUTE_IIF=" << LT(0)->getText();
#line 2684 "IPTCfgParser.cpp"
#line 2652 "IPTCfgParser.cpp"
}
break;
}
@ -2694,7 +2662,7 @@ void IPTCfgParser::target_options() {
importer->action_params["route_oif"] = LT(0)->getText();
*dbg << " ROUTE_OIF=" << LT(0)->getText();
#line 2698 "IPTCfgParser.cpp"
#line 2666 "IPTCfgParser.cpp"
}
break;
}
@ -2708,7 +2676,7 @@ void IPTCfgParser::target_options() {
importer->action_params["route_gw"] = LT(0)->getText();
*dbg << " ROUTE_GW=" << LT(0)->getText();
#line 2712 "IPTCfgParser.cpp"
#line 2680 "IPTCfgParser.cpp"
}
break;
}
@ -2721,7 +2689,7 @@ void IPTCfgParser::target_options() {
importer->action_params["route_tee"] = "--tee";
*dbg << " ROUTE_TEE";
#line 2725 "IPTCfgParser.cpp"
#line 2693 "IPTCfgParser.cpp"
}
break;
}
@ -2733,7 +2701,7 @@ void IPTCfgParser::target_options() {
*dbg << " TO-SOURCE";
#line 2737 "IPTCfgParser.cpp"
#line 2705 "IPTCfgParser.cpp"
}
nat_spec();
break;
@ -2746,7 +2714,7 @@ void IPTCfgParser::target_options() {
*dbg << " TO-DESTINATION";
#line 2750 "IPTCfgParser.cpp"
#line 2718 "IPTCfgParser.cpp"
}
nat_spec();
break;
@ -2765,7 +2733,7 @@ void IPTCfgParser::target_options() {
*dbg << " TO-NETMAP";
#line 2769 "IPTCfgParser.cpp"
#line 2737 "IPTCfgParser.cpp"
}
{
match(IPV4);
@ -2776,7 +2744,7 @@ void IPTCfgParser::target_options() {
importer->nat_addr2 = LT(0)->getText();
*dbg << LT(0)->getText();
#line 2780 "IPTCfgParser.cpp"
#line 2748 "IPTCfgParser.cpp"
}
match(SLASH);
{
@ -2803,7 +2771,7 @@ void IPTCfgParser::target_options() {
importer->nat_nm = LT(0)->getText();
*dbg << "/" << LT(0)->getText();
#line 2807 "IPTCfgParser.cpp"
#line 2775 "IPTCfgParser.cpp"
}
}
break;
@ -2817,7 +2785,7 @@ void IPTCfgParser::target_options() {
importer->action_params["clamp-mss-to-pmtu"] = "--clamp-mss-to-pmtu";
*dbg << " TO-NETMAP";
#line 2821 "IPTCfgParser.cpp"
#line 2789 "IPTCfgParser.cpp"
}
break;
}
@ -2831,7 +2799,7 @@ void IPTCfgParser::target_options() {
importer->action_params["set_tos"] = LT(0)->getText();
*dbg << " SET TOS=" << LT(0)->getText();
#line 2835 "IPTCfgParser.cpp"
#line 2803 "IPTCfgParser.cpp"
}
}
else if ((LA(1) == SET_TOS) && (LA(2) == WORD)) {
@ -2843,7 +2811,7 @@ void IPTCfgParser::target_options() {
importer->action_params["set_tos"] = LT(0)->getText();
*dbg << " SET TOS=" << LT(0)->getText();
#line 2847 "IPTCfgParser.cpp"
#line 2815 "IPTCfgParser.cpp"
}
}
else {
@ -2944,7 +2912,7 @@ void IPTCfgParser::nat_spec() {
<< "-"
<< importer->nat_port_range_end;
#line 2948 "IPTCfgParser.cpp"
#line 2916 "IPTCfgParser.cpp"
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@ -2973,7 +2941,7 @@ void IPTCfgParser::redirect_spec() {
<< "-"
<< importer->nat_port_range_end;
#line 2977 "IPTCfgParser.cpp"
#line 2945 "IPTCfgParser.cpp"
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@ -3023,7 +2991,7 @@ void IPTCfgParser::nat_addr_range() {
importer->nat_addr1 = a1->getText();
importer->nat_addr2 = a2->getText();
#line 3027 "IPTCfgParser.cpp"
#line 2995 "IPTCfgParser.cpp"
}
}
}
@ -3037,7 +3005,7 @@ void IPTCfgParser::nat_addr_range() {
importer->nat_addr1 = LT(0)->getText();
importer->nat_addr2 = LT(0)->getText();
#line 3041 "IPTCfgParser.cpp"
#line 3009 "IPTCfgParser.cpp"
}
}
else {
@ -3058,10 +3026,10 @@ void IPTCfgParser::nat_addr_range() {
void IPTCfgParser::nat_port_def_with_range() {
try { // for error handling
bool synPredMatched136 = false;
bool synPredMatched137 = false;
if (((LA(1) == WORD || LA(1) == INT_CONST) && (LA(2) == MINUS))) {
int _m136 = mark();
synPredMatched136 = true;
int _m137 = mark();
synPredMatched137 = true;
inputState->guessing++;
try {
{
@ -3087,12 +3055,12 @@ void IPTCfgParser::nat_port_def_with_range() {
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) {
synPredMatched136 = false;
synPredMatched137 = false;
}
rewind(_m136);
rewind(_m137);
inputState->guessing--;
}
if ( synPredMatched136 ) {
if ( synPredMatched137 ) {
{
{
switch ( LA(1)) {
@ -3119,7 +3087,7 @@ void IPTCfgParser::nat_port_def_with_range() {
importer->nat_port_range_end = LT(0)->getText();
*dbg << " PORT=" << LT(0)->getText();
#line 3123 "IPTCfgParser.cpp"
#line 3091 "IPTCfgParser.cpp"
}
match(MINUS);
{
@ -3146,7 +3114,7 @@ void IPTCfgParser::nat_port_def_with_range() {
importer->nat_port_range_end = LT(0)->getText();
*dbg << ":" << LT(0)->getText();
#line 3150 "IPTCfgParser.cpp"
#line 3118 "IPTCfgParser.cpp"
}
}
}
@ -3176,7 +3144,7 @@ void IPTCfgParser::nat_port_def_with_range() {
importer->nat_port_range_end = LT(0)->getText();
*dbg << " PORT=" << LT(0)->getText();
#line 3180 "IPTCfgParser.cpp"
#line 3148 "IPTCfgParser.cpp"
}
}
else {
@ -3245,7 +3213,7 @@ void IPTCfgParser::m_mark() {
*dbg << " MARK";
#line 3249 "IPTCfgParser.cpp"
#line 3217 "IPTCfgParser.cpp"
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@ -3265,14 +3233,14 @@ void IPTCfgParser::limit_rate() {
if ( inputState->guessing==0 ) {
#line 747 "iptables.g"
importer->limit_val = LT(0)->getText();
#line 3269 "IPTCfgParser.cpp"
#line 3237 "IPTCfgParser.cpp"
}
match(SLASH);
match(WORD);
if ( inputState->guessing==0 ) {
#line 749 "iptables.g"
importer->limit_suffix = LT(0)->getText();
#line 3276 "IPTCfgParser.cpp"
#line 3244 "IPTCfgParser.cpp"
}
if ( inputState->guessing==0 ) {
#line 750 "iptables.g"
@ -3281,7 +3249,7 @@ void IPTCfgParser::limit_rate() {
<< importer->limit_val << "/"
<< importer->limit_suffix;
#line 3285 "IPTCfgParser.cpp"
#line 3253 "IPTCfgParser.cpp"
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@ -3303,7 +3271,7 @@ void IPTCfgParser::m_recent() {
*dbg << " RECENT";
#line 3307 "IPTCfgParser.cpp"
#line 3275 "IPTCfgParser.cpp"
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@ -3403,7 +3371,7 @@ void IPTCfgParser::recent_args_no_param() {
if ( inputState->guessing==0 ) {
#line 819 "iptables.g"
importer->recent_match += LT(0)->getText() + " ";
#line 3407 "IPTCfgParser.cpp"
#line 3375 "IPTCfgParser.cpp"
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@ -3445,7 +3413,7 @@ void IPTCfgParser::recent_args_param() {
if ( inputState->guessing==0 ) {
#line 823 "iptables.g"
importer->recent_match += LT(0)->getText() + " ";
#line 3449 "IPTCfgParser.cpp"
#line 3417 "IPTCfgParser.cpp"
}
{
switch ( LA(1)) {
@ -3468,7 +3436,7 @@ void IPTCfgParser::recent_args_param() {
if ( inputState->guessing==0 ) {
#line 825 "iptables.g"
importer->recent_match += LT(0)->getText() + " ";
#line 3472 "IPTCfgParser.cpp"
#line 3440 "IPTCfgParser.cpp"
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@ -3488,7 +3456,7 @@ void IPTCfgParser::length_spec() {
if ( inputState->guessing==0 ) {
#line 842 "iptables.g"
importer->length_spec = LT(0)->getText();
#line 3492 "IPTCfgParser.cpp"
#line 3460 "IPTCfgParser.cpp"
}
match(COLON);
match(INT_CONST);
@ -3496,14 +3464,14 @@ void IPTCfgParser::length_spec() {
#line 844 "iptables.g"
importer->length_spec += ":";
importer->length_spec += LT(0)->getText();
#line 3500 "IPTCfgParser.cpp"
#line 3468 "IPTCfgParser.cpp"
}
if ( inputState->guessing==0 ) {
#line 846 "iptables.g"
*dbg << " MATCH LENGTH " << importer->length_spec;
#line 3507 "IPTCfgParser.cpp"
#line 3475 "IPTCfgParser.cpp"
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@ -3548,7 +3516,7 @@ void IPTCfgParser::pkt_type_spec() {
importer->pkt_type_spec = LT(0)->getText();
*dbg << " PKT_TYPE " << importer->pkt_type_spec;
#line 3552 "IPTCfgParser.cpp"
#line 3520 "IPTCfgParser.cpp"
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@ -3598,7 +3566,7 @@ void IPTCfgParser::port_def_with_range() {
importer->tmp_port_range_end = LT(0)->getText();
*dbg << " PORT=" << LT(0)->getText();
#line 3602 "IPTCfgParser.cpp"
#line 3570 "IPTCfgParser.cpp"
}
{
switch ( LA(1)) {
@ -3661,7 +3629,7 @@ void IPTCfgParser::port_def_with_range() {
importer->tmp_port_range_end = LT(0)->getText();
*dbg << ":" << LT(0)->getText();
#line 3665 "IPTCfgParser.cpp"
#line 3633 "IPTCfgParser.cpp"
}
break;
}
@ -3742,7 +3710,7 @@ void IPTCfgParser::port_def_no_range() {
importer->tmp_port_range_end = LT(0)->getText();
*dbg << " PORT=" << LT(0)->getText();
#line 3746 "IPTCfgParser.cpp"
#line 3714 "IPTCfgParser.cpp"
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@ -3784,7 +3752,7 @@ void IPTCfgParser::port_def_with_incomplete_range() {
importer->tmp_port_range_end = LT(0)->getText();
*dbg << "PORT 0:" << LT(0)->getText();
#line 3788 "IPTCfgParser.cpp"
#line 3756 "IPTCfgParser.cpp"
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@ -3812,7 +3780,7 @@ void IPTCfgParser::syn() {
importer->tcp_flags_comp.clear();
importer->tcp_flags_comp.push_back(libfwbuilder::TCPService::SYN);
#line 3816 "IPTCfgParser.cpp"
#line 3784 "IPTCfgParser.cpp"
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@ -3836,7 +3804,7 @@ void IPTCfgParser::tcp_flags() {
importer->tcp_flags_mask = importer->tmp_tcp_flags_list;
importer->tmp_tcp_flags_list.clear();
#line 3840 "IPTCfgParser.cpp"
#line 3808 "IPTCfgParser.cpp"
}
tcp_flags_list();
if ( inputState->guessing==0 ) {
@ -3851,7 +3819,7 @@ void IPTCfgParser::tcp_flags() {
foreach(int x, importer->tcp_flags_comp)
*dbg << x << "|";
#line 3855 "IPTCfgParser.cpp"
#line 3823 "IPTCfgParser.cpp"
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@ -3891,7 +3859,7 @@ void IPTCfgParser::tcp_flag_word() {
if ( inputState->guessing==0 ) {
#line 1118 "iptables.g"
importer->tmp_tcp_flag_code = libfwbuilder::TCPService::SYN;
#line 3895 "IPTCfgParser.cpp"
#line 3863 "IPTCfgParser.cpp"
}
break;
}
@ -3901,7 +3869,7 @@ void IPTCfgParser::tcp_flag_word() {
if ( inputState->guessing==0 ) {
#line 1120 "iptables.g"
importer->tmp_tcp_flag_code = libfwbuilder::TCPService::ACK;
#line 3905 "IPTCfgParser.cpp"
#line 3873 "IPTCfgParser.cpp"
}
break;
}
@ -3911,7 +3879,7 @@ void IPTCfgParser::tcp_flag_word() {
if ( inputState->guessing==0 ) {
#line 1122 "iptables.g"
importer->tmp_tcp_flag_code = libfwbuilder::TCPService::FIN;
#line 3915 "IPTCfgParser.cpp"
#line 3883 "IPTCfgParser.cpp"
}
break;
}
@ -3921,7 +3889,7 @@ void IPTCfgParser::tcp_flag_word() {
if ( inputState->guessing==0 ) {
#line 1124 "iptables.g"
importer->tmp_tcp_flag_code = libfwbuilder::TCPService::RST;
#line 3925 "IPTCfgParser.cpp"
#line 3893 "IPTCfgParser.cpp"
}
break;
}
@ -3931,7 +3899,7 @@ void IPTCfgParser::tcp_flag_word() {
if ( inputState->guessing==0 ) {
#line 1126 "iptables.g"
importer->tmp_tcp_flag_code = libfwbuilder::TCPService::URG;
#line 3935 "IPTCfgParser.cpp"
#line 3903 "IPTCfgParser.cpp"
}
break;
}
@ -3941,7 +3909,7 @@ void IPTCfgParser::tcp_flag_word() {
if ( inputState->guessing==0 ) {
#line 1128 "iptables.g"
importer->tmp_tcp_flag_code = libfwbuilder::TCPService::PSH;
#line 3945 "IPTCfgParser.cpp"
#line 3913 "IPTCfgParser.cpp"
}
break;
}
@ -3951,7 +3919,7 @@ void IPTCfgParser::tcp_flag_word() {
if ( inputState->guessing==0 ) {
#line 1130 "iptables.g"
importer->tmp_tcp_flag_code = 99;
#line 3955 "IPTCfgParser.cpp"
#line 3923 "IPTCfgParser.cpp"
}
break;
}
@ -3961,7 +3929,7 @@ void IPTCfgParser::tcp_flag_word() {
if ( inputState->guessing==0 ) {
#line 1132 "iptables.g"
importer->tmp_tcp_flag_code = 98;
#line 3965 "IPTCfgParser.cpp"
#line 3933 "IPTCfgParser.cpp"
}
break;
}
@ -3991,7 +3959,7 @@ void IPTCfgParser::tcp_flags_list() {
importer->tmp_tcp_flags_list.clear();
importer->tmp_tcp_flag_code = 0;
#line 3995 "IPTCfgParser.cpp"
#line 3963 "IPTCfgParser.cpp"
}
tcp_flag_word();
if ( inputState->guessing==0 ) {
@ -3999,7 +3967,7 @@ void IPTCfgParser::tcp_flags_list() {
importer->tmp_tcp_flags_list.push_back(importer->tmp_tcp_flag_code);
#line 4003 "IPTCfgParser.cpp"
#line 3971 "IPTCfgParser.cpp"
}
{ // ( ... )*
for (;;) {
@ -4012,15 +3980,15 @@ void IPTCfgParser::tcp_flags_list() {
importer->tmp_tcp_flags_list.push_back(
importer->tmp_tcp_flag_code);
#line 4016 "IPTCfgParser.cpp"
#line 3984 "IPTCfgParser.cpp"
}
}
else {
goto _loop155;
goto _loop156;
}
}
_loop155:;
_loop156:;
} // ( ... )*
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {

2
src/parsers/iptables.g
View File

@ -703,7 +703,7 @@ m_state : M_STATE MATCH_STATE
{
importer->current_state += std::string(",") + LT(0)->getText();
}
)?
)*
{
*dbg << " STATE MATCH=" << importer->current_state;
}

3574
src/unit_tests/ImporterTest/test_data/ipt.fwb
View File

File diff suppressed because it is too large Load Diff

120
src/unit_tests/ImporterTest/test_data/ipt.output
View File

@ -17,67 +17,69 @@
23: Warning: Rule matches states 'RELATED,ESTABLISHED'. Consider using automatic rule controlled by the checkbox in the firewall settings dialog. Automatic rule matches in all standard chains which may be different from the original imported configuration. This requires manual checking.
28: Created branch OUTPUT_established_2
28: Warning: Rule matches states 'RELATED,ESTABLISHED'. Consider using automatic rule controlled by the checkbox in the firewall settings dialog. Automatic rule matches in all standard chains which may be different from the original imported configuration. This requires manual checking.
31: Warning: Using automatic rule controlled by option 'Drop packet that do not match any known connection' to match state INVALID
31: Created branch FORWARD_state_match_3
31: Warning: Rule matches combination of states 'NEW,RELATED,ESTABLISHED'. Iptables rules generated by fwbuilder can be stateless (match no state) or stateful (match state NEW). Fwbuilder also adds a rule at the top of the script to match states ESTABLISHED,RELATED. Combination of states 'NEW,RELATED,ESTABLISHED' does not fit these standard cases and to match it, the program created new Custom Service object. This may require manual checking.
34: Warning: Using automatic rule controlled by option 'Drop packet that do not match any known connection' to match state INVALID
37: New interface: lo
42: Created branch Policy_eth1
42: New interface: eth1
42: New interface: eth0
42: Warning: Creating branch ruleset 'Policy_eth1' to match inbound and outbound interfaces -i eth0 -o eth1
103: Warning: Rule matches states 'RELATED,ESTABLISHED'. Consider using automatic rule controlled by the checkbox in the firewall settings dialog. Automatic rule matches in all standard chains which may be different from the original imported configuration. This requires manual checking.
212: Created branch user_chain_54_mod_match
216: Created branch user_chain_55_mod_match
217: Created branch user_chain_56_mod_match
218: Created branch user_chain_57_mod_match
221: Created branch user_chain_58_mod_match
224: Created branch user_chain_59_mod_match
227: Created branch user_chain_60_mod_match
227: Error: Original rule combines match of tcp/udp/icmp protocols with two or more module matches, such as module 'mark', 'recent' or 'length'. Use additional branches to implement this complex match.
227: Error: Error: Original rule combines match of tcp/udp/icmp protocols with two or more module matches, such as module 'mark', 'recent' or 'length'. Use additional branches to implement this complex match.
228: Created branch user_chain_61_mod_match
228: Error: Original rule combines match of tcp/udp/icmp protocols with two or more module matches, such as module 'mark', 'recent' or 'length'. Use additional branches to implement this complex match.
228: Error: Error: Original rule combines match of tcp/udp/icmp protocols with two or more module matches, such as module 'mark', 'recent' or 'length'. Use additional branches to implement this complex match.
239: New ruleset: mangle / PREROUTING
239: Default action: Accept
240: New ruleset: mangle / INPUT
240: Default action: Accept
241: New ruleset: mangle / FORWARD
241: Default action: Accept
242: New ruleset: mangle / OUTPUT
37: Warning: Using automatic rule controlled by option 'Drop packet that do not match any known connection' to match state INVALID
40: New interface: lo
45: Created branch Policy_eth1
45: New interface: eth1
45: New interface: eth0
45: Warning: Creating branch ruleset 'Policy_eth1' to match inbound and outbound interfaces -i eth0 -o eth1
106: Warning: Rule matches states 'RELATED,ESTABLISHED'. Consider using automatic rule controlled by the checkbox in the firewall settings dialog. Automatic rule matches in all standard chains which may be different from the original imported configuration. This requires manual checking.
215: Created branch user_chain_54_mod_match
219: Created branch user_chain_55_mod_match
220: Created branch user_chain_56_mod_match
221: Created branch user_chain_57_mod_match
224: Created branch user_chain_58_mod_match
227: Created branch user_chain_59_mod_match
230: Created branch user_chain_60_mod_match
230: Error: Original rule combines match of tcp/udp/icmp protocols with two or more module matches, such as module 'mark', 'recent' or 'length'. Use additional branches to implement this complex match.
230: Error: Error: Original rule combines match of tcp/udp/icmp protocols with two or more module matches, such as module 'mark', 'recent' or 'length'. Use additional branches to implement this complex match.
231: Created branch user_chain_61_mod_match
231: Error: Original rule combines match of tcp/udp/icmp protocols with two or more module matches, such as module 'mark', 'recent' or 'length'. Use additional branches to implement this complex match.
231: Error: Error: Original rule combines match of tcp/udp/icmp protocols with two or more module matches, such as module 'mark', 'recent' or 'length'. Use additional branches to implement this complex match.
242: New ruleset: mangle / PREROUTING
242: Default action: Accept
243: New ruleset: mangle / POSTROUTING
243: New ruleset: mangle / INPUT
243: Default action: Accept
246: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain FORWARD
246: Error: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain FORWARD
244: New ruleset: mangle / FORWARD
244: Default action: Accept
245: New ruleset: mangle / OUTPUT
245: Default action: Accept
246: New ruleset: mangle / POSTROUTING
246: Default action: Accept
249: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain FORWARD
249: Error: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain FORWARD
250: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain FORWARD
250: Error: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain FORWARD
256: Warning: Skipping command with '-j CONNMARK --restore-mark' This rule is generated automatically.
259: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING
259: Error: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING
260: Warning: Turned option on in previous rule with action Mark for '-j CONNMARK --save-mark'
263: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING
263: Error: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING
264: New interface: eth2
264: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING
264: Error: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING
268: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING
268: Error: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING
269: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING
269: Error: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING
274: New ruleset: nat / PREROUTING
274: Default action: Accept
275: New ruleset: nat / POSTROUTING
275: Default action: Accept
276: New ruleset: nat / OUTPUT
276: Default action: Accept
280: New interface: eth+
309: Warning: Line 5: Added rule to reproduce default policy ACCEPT in filter/OUTPUT
309: Warning: Line 241: Can not reproduce default action in table 'mangle' chain 'FORWARD'. (Generated rule may not generate equivalent iptables command when compiled)
309: Warning: Line 241: Added rule to reproduce default policy ACCEPT in mangle/FORWARD
309: Warning: Line 240: Can not reproduce default action in table 'mangle' chain 'INPUT'. (Generated rule may not generate equivalent iptables command when compiled)
309: Warning: Line 240: Added rule to reproduce default policy ACCEPT in mangle/INPUT
309: Warning: Line 242: Added rule to reproduce default policy ACCEPT in mangle/OUTPUT
309: Warning: Line 243: Added rule to reproduce default policy ACCEPT in mangle/POSTROUTING
309: Warning: Line 239: Added rule to reproduce default policy ACCEPT in mangle/PREROUTING
252: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain FORWARD
252: Error: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain FORWARD
253: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain FORWARD
253: Error: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain FORWARD
259: Warning: Skipping command with '-j CONNMARK --restore-mark' This rule is generated automatically.
262: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING
262: Error: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING
263: Warning: Turned option on in previous rule with action Mark for '-j CONNMARK --save-mark'
266: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING
266: Error: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING
267: New interface: eth2
267: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING
267: Error: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING
271: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING
271: Error: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING
272: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING
272: Error: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING
277: New ruleset: nat / PREROUTING
277: Default action: Accept
278: New ruleset: nat / POSTROUTING
278: Default action: Accept
279: New ruleset: nat / OUTPUT
279: Default action: Accept
283: New interface: eth+
312: Warning: Line 5: Added rule to reproduce default policy ACCEPT in filter/OUTPUT
312: Warning: Line 244: Can not reproduce default action in table 'mangle' chain 'FORWARD'. (Generated rule may not generate equivalent iptables command when compiled)
312: Warning: Line 244: Added rule to reproduce default policy ACCEPT in mangle/FORWARD
312: Warning: Line 243: Can not reproduce default action in table 'mangle' chain 'INPUT'. (Generated rule may not generate equivalent iptables command when compiled)
312: Warning: Line 243: Added rule to reproduce default policy ACCEPT in mangle/INPUT
312: Warning: Line 245: Added rule to reproduce default policy ACCEPT in mangle/OUTPUT
312: Warning: Line 246: Added rule to reproduce default policy ACCEPT in mangle/POSTROUTING
312: Warning: Line 242: Added rule to reproduce default policy ACCEPT in mangle/PREROUTING

3
src/unit_tests/ImporterTest/test_data/ipt.test
View File

@ -27,6 +27,9 @@
#
-A OUTPUT -d 21.21.21.21 -p tcp -m tcp --dport 23 -m state --state RELATED,ESTABLISHED -j DROP
# more complex combination of states
-A FORWARD -s 1.1.1.0/24 -d 2.2.2.0/24 -p tcp -m state --state NEW,RELATED,ESTABLISHED -m tcp ! --dport 80 -j ACCEPT
# this should be recognized as built-in rule
-A FORWARD -m state --state INVALID -j drop_invalid