def decodeToken(self, dc):
try:
util.log_info(
'CryptoProfileMatchIpAddressTokenDecoder: Decode token')
decoderhandler = tokendecoderhandler.TokenDecoderHandler(dc)
tokenText = decoderhandler.getTokenText()
util.log_debug('Token text = %s' % (tokenText))
cursor = util.TokenCursor(None, -1, dc)
ipAddress = cursor.getNextToken()
util.log_debug('IpAddress = %s' % (ipAddress))
cursor.advance()
decoderhandler.addTokenValue(
decoderutil.DecoderUtil().makeSiblingToken(
tokenText, "ip-address"), ipAddress)
value = cursor.getNextToken()
util.log_debug('Value = %s' % (value))
if value is None:
return decoderhandler.getSearchTokens().size(
) - decoderhandler.getCurrentIndex()
if (InetAddressUtils.isIPv4Address(value)):
decoderhandler.addTokenValue(
decoderutil.DecoderUtil().makeSiblingToken(
tokenText, "netmask"), value)
cursor.advance()
value = cursor.getNextToken()
if value is not None:
decoderhandler.addTokenValue(
decoderutil.DecoderUtil().makeSiblingToken(
tokenText, "vrf-name"), value)
return decoderhandler.getSearchTokensSize(
) - decoderhandler.getCurrentIndex()
except Exception:
traceback.print_exc()
def processService(self, cpc, dc, context, block):
util.log_debug('ObjectGroupServiceVariableDecoder: processNetwork')
compare = ['eq', 'lt', 'gt', 'range']
ip_protocol_list = [
'ahp', 'eigrp', 'esp', 'gre', 'icmp', 'igmp', 'ip', 'ipinip',
'nos', 'ospf', 'pcp', 'pim'
]
decoderhandler = tokendecoderhandler.TokenDecoderHandler(dc)
lines = block.toString().split("\n")
lines = [line.strip(' ') for line in lines]
util.log_info('BLOCK for obj service:', block)
for line in lines:
words = line.split(' ')
if words[0].isdigit():
decoderhandler.addTokenValue("name", words[0])
decoderhandler.addTokenValue("ip-protocol", words[0])
return
elif words[0] in ip_protocol_list:
decoderhandler.addTokenValue("name", words[0])
decoderhandler.addTokenValue("protocol", words[0])
return
elif words[0] == 'group-object':
util.log_debug('ObjectGroup')
else:
if InetAddressUtils.isIPv4Address(
words[0]) or words[0] == 'host':
return
decoderhandler.addTokenValue("protocol", words[0])
if len(words) - 1 >= 1:
if words[1] == 'source':
decoderhandler.addTokenValue("operation", words[1])
if words[2] in compare:
decoderhandler.addTokenValue("compare", words[2])
decoderhandler.addTokenValue("port", words[3])
if words[2] == 'range':
decoderhandler.addTokenValue("end-port", words[4])
decoderhandler.addTokenValue(
"name",
Joiner.on(" ").join(block.getTokens()))
elif words[1] in compare:
decoderhandler.addTokenValue("compare", words[1])
decoderhandler.addTokenValue("port", words[2])
if words[1] == 'range':
decoderhandler.addTokenValue("end-port", words[3])
decoderhandler.addTokenValue(
"name",
Joiner.on(" ").join(block.getTokens()))
else:
if words[0] == 'group-object':
decoderhandler.addTokenValue("group-object", words[1])
else:
decoderhandler.addTokenValue("port", words[1])
decoderhandler.addTokenValue(
"name",
Joiner.on(" ").join(block.getTokens()))
def parseVrf(self, dc, cursor):
util.log_debug('NewVrfRouteVariableDecoder: parseVrf')
decoderhandler = tokendecoderhandler.TokenDecoderHandler(dc)
if not cursor.hasNext():
return
if "vrf" == cursor.getNextToken():
cursor.advance()
if not InetAddressUtils.isIPv4Address(cursor.getNextToken()):
decoderhandler.addTokenValue("../../../name",
cursor.getNextToken())
decoderhandler.addTokenValue("vrf-name", cursor.getNextToken())
cursor.advance()
def parseInterfaceName(self, dc, cursor):
util.log_debug('CiscoStaticRouterVariableDecoder: parseInterfaceName')
decoderhandler = tokendecoderhandler.TokenDecoderHandler(dc)
if not cursor.hasNext():
return
if not InetAddressUtils.isIPv4Address(cursor.getNextToken()):
util.log_debug(
'CiscoStaticRouterVariableDecoder(parseInterfaceName): interface-name next token is = %s'
% (cursor.getNextToken()))
decoderhandler.addTokenValue("interface-name",
cursor.getNextToken())
cursor.advance()
def decodeToken(self, dc):
try:
util.log_info('TrackIpTokenDecoder: ')
decoderhandler = tokendecoderhandler.TokenDecoderHandler(dc)
tokenText = decoderhandler.getTokenText()
util.log_debug('Token text = %s' % (tokenText))
value = decoderhandler.getValueAtCurrentIndex()
util.log_debug('Value = %s' % (value))
if value is not None and InetAddressUtils.isIPv4Address(value):
decoderhandler.addTokenValue(tokenText, value)
except Exception:
traceback.print_exc()
def decodeToken(self, dc):
try:
util.log_info('MasterIpTokenDecoder: Decoding variable')
decoderhandler = tokendecoderhandler.TokenDecoderHandler(dc)
util.log_debug("Block is : ", decoderhandler.getCurrentBlock())
tokenText = decoderhandler.getTokenText()
util.log_debug("Text :", tokenText)
tokenValue = decoderhandler.getValueAtCurrentIndex()
util.log_debug("Value :", tokenValue)
if tokenValue is not None and InetAddressUtils.isIPv4Address(
tokenValue):
decoderhandler.addTokenValue(tokenText, tokenValue)
except Exception:
traceback.print_exc()
def parseNextHop(self, dc, cursor):
util.log_debug(
'NewVrfRouteVariableDecoder: parse NextHop if it is a ip-address else will check for VRF info and assign'
)
decoderhandler = tokendecoderhandler.TokenDecoderHandler(dc)
if not cursor.hasNext():
return
if InetAddressUtils.isIPv4Address(cursor.getNextToken()):
decoderhandler.addTokenValue("next-hop-ip", cursor.getNextToken())
cursor.advance()
return
if "vrf" == cursor.getNextToken():
cursor.advance()
decoderhandler.addTokenValue("vrf-name", cursor.getNextToken())
cursor.advance()
def parseInterfaceName(self, dc, cursor):
util.log_debug(
'NewVrfRouteVariableDecoder: will parse InterfaceName if exists else if it is a Ip-addess assign it to Next-hop-ip'
)
decoderhandler = tokendecoderhandler.TokenDecoderHandler(dc)
if not cursor.hasNext():
return
next = cursor.getNextToken()
if not InetAddressUtils.isIPv4Address(next):
decoderhandler.addTokenValue("interface-name",
cursor.getNextToken())
cursor.advance()
else:
decoderhandler.addTokenValue("next-hop-ip", cursor.getNextToken())
cursor.advance()
def parseVrf(self, dc, cursor):
util.log_debug('CiscoStaticRouterVariableDecoder: parseVrf')
decoderhandler = tokendecoderhandler.TokenDecoderHandler(dc)
if not cursor.hasNext():
return
if cursor.getNextToken() == "vrf":
util.log_debug(
'CiscoStaticRouterVariableDecoder(parseVrf) next token is vrf')
cursor.advance()
if not InetAddressUtils.isIPv4Address(cursor.getNextToken()):
util.log_debug(
'CiscoStaticRouterVariableDecoder(parseVrf): next token is = %s'
% (cursor.getNextToken()))
decoderhandler.addTokenValue("../../name",
cursor.getNextToken())
cursor.advance()
def decodeToken(self, dc):
try:
util.log_info(
'NtpServerTokenDecoder: Decode token for Ntp server ip-address leaf value'
)
decoderhandler = tokendecoderhandler.TokenDecoderHandler(dc)
tokenText = decoderhandler.getTokenText()
util.log_info('NTP Server Token text = %s' % (tokenText))
value = decoderhandler.getValueAtCurrentIndex()
util.log_info('NTP Server Value = %s' % (value))
if value is not None and InetAddressUtils.isIPv4Address(value):
decoderhandler.addTokenValue('ntp-server-address', value)
return 1
else:
return -1
except Exception:
traceback.print_exc()
def decodeToken(self, dc):
try:
util.log_info(
'NatStaticTokenDecoder: Decode token for inside-global-ip leaf value'
)
decoderhandler = tokendecoderhandler.TokenDecoderHandler(dc)
tokenText = decoderhandler.getTokenText()
util.log_debug('Token text = %s' % (tokenText))
value = decoderhandler.getValueAtCurrentIndex()
util.log_debug('Value = %s' % (value))
if value is not None and InetAddressUtils.isIPv4Address(value):
decoderhandler.addTokenValue(tokenText, value)
return 1
else:
return -1
except Exception:
traceback.print_exc()
def decodeToken(self, dc):
try:
util.log_info('SlaDestinationPortTokenDecoder: Decode token')
decoderhandler = tokendecoderhandler.TokenDecoderHandler(dc)
token = dc.getToken()
value = decoderhandler.getValueAtCurrentIndex()
util.log_debug('Value = %s' % (value))
dest_port_pattern = '^\d+$'
dest_port_match = re.search(dest_port_pattern, value)
if InetAddressUtils.isIPv4Address(
value) or dest_port_match is None:
return 1
dc.addTokenValue(token.getText(), value)
return 1
except Exception:
traceback.print_exc()
def decodeToken(self, dc):
try:
util.log_info(
'BgpNeighborTokenDecoder: Decode token for Bgp neighbor ip-address leaf value'
)
decoderhandler = tokendecoderhandler.TokenDecoderHandler(dc)
block = decoderhandler.getCurrentBlock()
command_block = block.toString().split('\n')
commands = []
for cmds in command_block:
commands.append(str(cmds.strip()))
util.log_info("Commands: ", commands)
for i in commands:
commands_1 = i.split()
util.log_info("Commands1: ", commands_1)
if "bfd" and "fall-over" in commands_1:
decoderhandler.addTokenValue("bfd-fall-over", "true")
elif "no" and "bfd" and "fall-over" in commands_1:
decoderhandler.addTokenValue("bfd-fall-over", "false")
tokenText = decoderhandler.getTokenText()
util.log_info('Token text = %s' % (tokenText))
value = decoderhandler.getValueAtCurrentIndex()
util.log_info('Value = %s' % (value))
if value is not None and InetAddressUtils.isIPv4Address(value):
decoderhandler.addTokenValue(tokenText, value)
bgp_boolean = [
"send-community", "next-hop-self", "soft-reconfiguration",
"allowas-in", "next-hop-unchanged",
"route-reflector-client", "as-override", "weight"
]
for bgp_b in bgp_boolean:
if bgp_b == "weight":
if "weight" in commands_1:
decoderhandler.addTokenValue(
"weight", commands_1[-1])
elif bgp_b in commands_1:
decoderhandler.addTokenValue(bgp_b, "true")
return 1
else:
return -1
except Exception:
traceback.print_exc()
def processNetwork(self, cpc, dc, context, block):
util.log_debug('ObjectGroupVariableDecoder: processNetwork')
decoderhandler = tokendecoderhandler.TokenDecoderHandler(dc)
cursor = util.TokenCursor(block.getTokens(), 0, None)
host = cursor.getNextToken()
cursor.advance()
ip = cursor.getNextToken()
cursor.advance()
if "host" == host:
decoderhandler.addTokenValue("host", ip)
decoderhandler.addTokenValue("name", Joiner.on(" ").join(block.getTokens()))
return
if InetAddressUtils.isIPv4Address(host):
decoderhandler.addTokenValue("ip-address", host)
decoderhandler.addTokenValue("netmask", ip)
decoderhandler.addTokenValue("name", Joiner.on(" ").join(block.getTokens()))
return
if "group-object" == host:
decoderhandler.addTokenValue("group-object", ip)
decoderhandler.addTokenValue("name", Joiner.on(" ").join(block.getTokens()))
return
def matchToken(self, configParserContext, configToken, idx, toks):
value = toks.get(idx)
if value is not None and InetAddressUtils.isIPv4Address(value):
return 1
else:
return -1
def processAclRule(self, cpc, dc, context, block):
util.log_info('AclRuleVariableDecoder: processAclRule')
acl_dict = [
'linenumber,INT', 'action,ACTION', 'layer4protocol,PROTOCOL',
'service_obj_name,STRING',
'source_condition_type,SOURCE_CONDITION', 'source_ip,CIDR',
'source_mask,IP', 'source_obj_name,STRING',
'source_port_operator,PORT_OPERATORS', 'source_port,STRING',
'dest_condition_type,DEST_CONDITION', 'dest_ip,CIDR',
'dest_mask,IP', 'dest_obj_name,STRING',
'dest_port_operator,PORT_OPERATORS', 'dest_port,STRING',
'match_packets,MATCH_PKTS', 'precedence,STRING',
'extra_options,EXTRA_OPTIONS'
]
ACTION = ["permit", "deny"]
SOURCE_CONDITION = ["any", "host", "object-group", "addrgroup"]
DEST_CONDITION = ["any", "host", "object-group", "addrgroup"]
PORT_OPERATORS = ["eq", "gt", "lt", "neq", "range"]
MATCH_PKTS = [
"dscp", "fragments", "log-input", "option", "precedence",
"time-range", "tos", "ttl", "echo", "echo-reply", "tracked",
"ttl-exceeded", "port-unreachable", "established"
]
PROTOCOL = [
"object-group", "ahp", "eigrp", "esp", "gre", "icmp", "igmp", "ip",
"ipinip", "nos", "ospf", "pcp", "pim", "tcp", "tcp-udp", "udp"
]
EXTRA_OPTIONS = ["log"]
PORT = [
"bgp", "chargen", "cmd", "daytime", "discard", "domain", "drip",
"echo", "exec", "finger", "ftp", "ftp-data", "gopher", "hostname",
"ident", "irc", "klogin", "kshell", "login", "lpd", "nntp",
"onep-plain", "onep-tls", "pim-auto-rp", "pop2", "pop3", "smtp",
"sunrpc", "tacacs", "talk", "telnet", "time", "uucp", "whois",
"www", "msrpc", "biff", "bootpc", "bootps", "dnsix", "isakmp",
"msrpc", "mobile-ip", "nameserver", "netbios-dgm", "netbios-ns",
"netbios-ss", "non500-isakmp", "ntp", "rip", "snmp", "snmptrap",
"syslog", "tftp", "who", "xdmcp"
]
try:
decoderhandler = tokendecoderhandler.TokenDecoderHandler(dc)
cursor = util.TokenCursor(block.getTokens(), 0, None)
tokens = block.getTokens()
tokens = Joiner.on(" ").join(block.getTokens())
tokens = tokens.split(" ")
print tokens
found = False
for token in tokens:
for acl_action in ACTION:
if token == acl_action:
found = True
if not found:
util.log_debug(
'Does not look like a valid acl rule. rule = %s' %
(tokens))
return
i = 1
for j in range(i, len(tokens)):
if j > 0 and j == len(tokens) - 1:
if tokens[j -
1] in ACTION and InetAddressUtils.isIPv4Address(
tokens[j]):
tokens.insert(j, 'host')
break
else:
if tokens[j -
1] in ACTION and InetAddressUtils.isIPv4Address(
tokens[j]
) and not InetAddressUtils.isIPv4Address(
tokens[j + 1]):
tokens.insert(j, 'host')
break
util.log_info(tokens)
decoderhandler.addTokenValue("$name", Joiner.on(" ").join(tokens))
i = 0
cidr_pattern = '^(\d{1,3}\.){3}\d{1,3}(/\d\d)$'
host = False
host_dest = False
len_token = 0
for token in range(len_token, len(tokens)):
if len_token == token:
len_token += 1
for j in range(i, len(acl_dict)):
options = acl_dict[j].split(',')
yang_entity = options[0].replace('_', '-')
i += 1
if options[1] == 'INT':
if decoderhandler.isValidInteger(tokens[token]):
util.log_info("1" + yang_entity + ":" +
tokens[token])
decoderhandler.addTokenValue(
yang_entity, tokens[token])
break
elif options[1] == 'ACTION':
if tokens[token] in ACTION:
util.log_info("2" + yang_entity + ":" +
tokens[token])
decoderhandler.addTokenValue(
yang_entity, tokens[token])
break
elif options[1] == 'PROTOCOL':
if tokens[token] in PROTOCOL:
util.log_info("3" + yang_entity + ":" +
tokens[token])
decoderhandler.addTokenValue(
yang_entity, tokens[token])
if tokens[token] != 'object-group':
i += 1
break
elif options[1] == 'STRING':
if not InetAddressUtils.isIPv4Address(
tokens[token]
) and tokens[token] not in SOURCE_CONDITION and tokens[
token] not in PORT_OPERATORS and tokens[
token] not in MATCH_PKTS and tokens[
token] not in PROTOCOL and tokens[
token] not in EXTRA_OPTIONS and re.search(
cidr_pattern,
tokens[token]) is None:
util.log_info("4" + yang_entity + ":" +
tokens[token])
if tokens[token].isdigit(
) or tokens[token] in PORT:
all_ports = tokens[token]
for custom_port in range(
len_token, len(tokens)):
if tokens[custom_port].isdigit(
) or tokens[custom_port] in PORT:
all_ports += ' ' + tokens[
custom_port]
len_token += 1
else:
break
util.log_info("4_1" + yang_entity + ":" +
all_ports)
decoderhandler.addTokenValue(
yang_entity, all_ports)
else:
util.log_info("4_2" + yang_entity + ":" +
tokens[token])
decoderhandler.addTokenValue(
yang_entity, tokens[token])
break
elif options[1] == 'SOURCE_CONDITION':
if tokens[token] in SOURCE_CONDITION:
util.log_info("5" + yang_entity + ":" +
tokens[token])
if tokens[token] == 'any':
i += 2
elif tokens[token] == 'host':
host = True
elif tokens[token] == 'object-group':
tokens[token] = 'objectgroup'
decoderhandler.addTokenValue(
yang_entity, tokens[token])
break
elif options[1] == 'CIDR':
if InetAddressUtils.isIPv4Address(tokens[token]):
util.log_info("13" + yang_entity + ":" +
tokens[token])
decoderhandler.addTokenValue(
yang_entity, tokens[token])
break
elif re.search(cidr_pattern,
tokens[token]) is not None:
util.log_info("14" + yang_entity + ":" +
tokens[token])
decoderhandler.addTokenValue(
yang_entity, tokens[token])
i += 1
break
elif options[1] == 'IP':
prev_yang_entity = acl_dict[j - 1].split(
',')[0].replace('_', '-')
if InetAddressUtils.isIPv4Address(
tokens[token]
) and not host and prev_yang_entity == 'source-ip':
util.log_info("6" + yang_entity + ":" +
tokens[token])
decoderhandler.addTokenValue(
yang_entity, tokens[token])
if yang_entity == 'source-mask':
util.log_info("7" + yang_entity + ":" +
tokens[token])
decoderhandler.addTokenValue(
'source-condition-type', 'cidr')
break
elif InetAddressUtils.isIPv4Address(
tokens[token]
) and not host_dest and prev_yang_entity == 'dest-ip':
util.log_info("6_1" + yang_entity + ":" +
tokens[token])
decoderhandler.addTokenValue(
yang_entity, tokens[token])
if yang_entity == 'dest-mask':
util.log_info("8" + yang_entity + ":" +
tokens[token])
decoderhandler.addTokenValue(
'dest-condition-type', 'cidr')
break
elif options[1] == 'PORT_OPERATORS':
if tokens[token] in PORT_OPERATORS:
util.log_info("9" + yang_entity + ":" +
tokens[token])
decoderhandler.addTokenValue(
yang_entity, tokens[token])
break
elif options[1] == 'DEST_CONDITION':
if tokens[token] in DEST_CONDITION:
util.log_info("10" + yang_entity + ":" +
tokens[token])
if tokens[token] == 'any':
i += 2
elif tokens[token] == 'host':
host_dest = True
elif tokens[token] == 'object-group':
tokens[token] = 'objectgroup'
decoderhandler.addTokenValue(
yang_entity, tokens[token])
break
elif options[1] == 'MATCH_PKTS':
if tokens[token] in MATCH_PKTS:
util.log_info("11" + yang_entity + ":" +
tokens[token])
decoderhandler.addTokenValue(
yang_entity, tokens[token])
break
elif options[1] == 'EXTRA_OPTIONS':
if tokens[token] in EXTRA_OPTIONS:
util.log_info("12" + yang_entity + ":" +
tokens[token])
decoderhandler.addTokenValue(
yang_entity, tokens[token])
break
except Exception:
traceback.print_exc()
