def decodeToken(self, dc): try: util.log_info( 'CryptoProfileMatchIpAddressTokenDecoder: Decode token') decoderhandler = tokendecoderhandler.TokenDecoderHandler(dc) tokenText = decoderhandler.getTokenText() util.log_debug('Token text = %s' % (tokenText)) cursor = util.TokenCursor(None, -1, dc) ipAddress = cursor.getNextToken() util.log_debug('IpAddress = %s' % (ipAddress)) cursor.advance() decoderhandler.addTokenValue( decoderutil.DecoderUtil().makeSiblingToken( tokenText, "ip-address"), ipAddress) value = cursor.getNextToken() util.log_debug('Value = %s' % (value)) if value is None: return decoderhandler.getSearchTokens().size( ) - decoderhandler.getCurrentIndex() if (InetAddressUtils.isIPv4Address(value)): decoderhandler.addTokenValue( decoderutil.DecoderUtil().makeSiblingToken( tokenText, "netmask"), value) cursor.advance() value = cursor.getNextToken() if value is not None: decoderhandler.addTokenValue( decoderutil.DecoderUtil().makeSiblingToken( tokenText, "vrf-name"), value) return decoderhandler.getSearchTokensSize( ) - decoderhandler.getCurrentIndex() except Exception: traceback.print_exc()
def decodeToken(self, dc): util.log_info('CryptoIkeEncryptionTypeTokenDecoder: Decode token') try: decoderhandler = tokendecoderhandler.TokenDecoderHandler(dc) tokenText = decoderhandler.getTokenText() cursor = util.TokenCursor(decoderhandler.getSearchTokens(), 1) util.log_debug( 'CryptoIkeEncryptionTypeTokenDecoder Token text = %s' % (tokenText)) types = { "AES128": ["AES128", "aes", "aes 128"], "AES256": ["AES256", "aes 256"], "AES192": ["AES192", "aes 192"], "DES": ["DES", "des"], "3DES": ["3DES", "3des"] } value_1 = decoderhandler.getValueAtCurrentIndex() util.log_debug("value_1 is : ", value_1) cursor.advance() value_2 = cursor.getNextToken() util.log_debug("Value_2 is : ", value_2) if value_2 is not None: value = "%s %s" % (value_1, value_2) util.log_debug("Value is : ", value) else: value = value_1 util.log_debug("Value is : ", value) for k, v in types.iteritems(): if value in v: util.log_debug("Key is : ", k) break decoderhandler.addTokenValue(tokenText, k) util.log_debug("Key is : ", k) except Exception: traceback.print_exc()
def decodeVariables(self,cpc,dc,context): try: util.log_info('TacacsServerGroupVariableDecoder: Decode token for TACACS Server Group leaf value') decoderhandler = tokendecoderhandler.TokenDecoderHandler(dc) cursor = util.TokenCursor(decoderhandler.getSearchTokens(), 0) self.parseAAAServerGroup(dc, cursor); except Exception: traceback.print_exc()
def decodeVariables(self, cpc, dc, context): try: util.log_info('SnmpViewNameVariableDecoder: Decoding variable') decoderhandler = tokendecoderhandler.TokenDecoderHandler(dc) cursor = util.TokenCursor(decoderhandler.getSearchTokens(), 0) self.parseSnmpViewName(dc, cursor) except Exception: traceback.print_exc()
def decodeVariables(self,cpc,dc,context): try: util.log_info('IpHttpTokenDecoder: Entering Variable Token Decoder for ip http server and ip http secure-server commands.') decoderhandler = tokendecoderhandler.TokenDecoderHandler(dc) cursor = util.TokenCursor(decoderhandler.getSearchTokens(), 0) self.parseIpHttp(dc, cursor) except Exception: traceback.print_exc()
def decodeVariables(self,cpc,dc,context): try: util.log_info('CiscoRouterBGPAddressFamily: Decoding variable') decoderhandler = tokendecoderhandler.TokenDecoderHandler(dc) cursor = util.TokenCursor(decoderhandler.getSearchTokens(), 0) self.parseAddressFamily(dc,cursor) except Exception: traceback.print_exc()
def parseDescription(self,dc,cursor): try: decoderhandler = tokendecoderhandler.TokenDecoderHandler(dc) cursor = util.TokenCursor(decoderhandler.getSearchTokens(), 0, None) cursor.advance() if "description" in decoderhandler.getCurrentBlockTokens(): decoderhandler.addTokenValue("description",cursor.getNextToken()) except Exception: traceback.print_exc()
def decodeVariables(self, cpc, dc, context): try: util.log_info('TransformSetVariableDecoder: Decoding variable') decoderhandler = tokendecoderhandler.TokenDecoderHandler(dc) cursor = util.TokenCursor(decoderhandler.getSearchTokens(), 0, None) self.parseTransformset(dc, cursor) self.parseIpsecEncryptionType(dc, cursor) except Exception: traceback.print_exc()
def parseName(self,dc,cursor): try: decoderhandler = tokendecoderhandler.TokenDecoderHandler(dc) cursor = util.TokenCursor(decoderhandler.getSearchTokens(), 0, None) cursor.advance() if "interface" in decoderhandler.getCurrentBlockTokens(): tokennumber = cursor.getNextToken().split('Port-channel')[-1] decoderhandler.addTokenValue("name",tokennumber) except Exception: traceback.print_exc()
def decodeVariables(self, cpc, dc, context): try: util.log_info('ServiceTimeStampsVariableDecoder: Decoding variable') decoderhandler = tokendecoderhandler.TokenDecoderHandler(dc) cursor = util.TokenCursor(decoderhandler.getSearchTokens(), 0) parse = parseServiceTimestamps(dc, cursor) parse.is_false() parse.field_value() except Exception: traceback.print_exc()
def decodeVariables(self, cpc, dc, context): try: util.log_info('ClassMapVariableTokenDecoder: Decoding variable') decoderhandler = tokendecoderhandler.TokenDecoderHandler(dc) cursor = util.TokenCursor(decoderhandler.getSearchTokens(), 0, None) self.parseName(dc,cursor) self.parseDescription(dc,cursor) self.parseotherbooleans(dc,cursor) except Exception: traceback.print_exc()
def processAccessList(self, cpc, dc, context, block): util.log_debug('ObjectGroupVariableDecoder: processAccessList') decoderhandler = tokendecoderhandler.TokenDecoderHandler(dc) cursor = util.TokenCursor(block.getTokens(), 1, None) objectType = '' objectName = '' objectType = cursor.getNextToken() cursor.advance() objectName = cursor.getNextToken() decoderhandler.addTokenValue("../../type", objectType) decoderhandler.addTokenValue("../../name", objectName)
def decodeVariables(self, cpc, dc, context): try: util.log_info('ClassMapHttpUrlVariableTokenDecoder: Decoding variable') decoderhandler = tokendecoderhandler.TokenDecoderHandler(dc) cursor = util.TokenCursor(decoderhandler.getSearchTokens(), 0, None) self. parseMatchTypeandName(dc, cursor) self.parseConditionType(dc, cursor) self.parseMatchValue(dc, cursor) self.parseUrl(dc, cursor) except Exception: traceback.print_exc()
def parseotherbooleans(self,dc,cursor): try: decoderhandler = tokendecoderhandler.TokenDecoderHandler(dc) cursor = util.TokenCursor(decoderhandler.getSearchTokens(), 0, None) if decoderhandler.getCurrentBlockTokens()[-1] in ['address','redirects','unreachables','proxy-arp','enabled','transmit','receive'] and "no" in decoderhandler.getCurrentBlockTokens(): token = '-'.join(decoderhandler.getCurrentBlockTokens()[1:]) decoderhandler.addTokenValue(token, "false") elif decoderhandler.getCurrentBlockTokens()[-1] in ['address','redirects','unreachables','proxy-arp','enabled','transmit','receive']: token = '-'.join(decoderhandler.getCurrentBlockTokens()) decoderhandler.addTokenValue(token, "true") except Exception: traceback.print_exc()
def decodeToken(self, dc): try: util.log_info( 'Entering into RouteMapMatchConditionTokenDecoder: Decode token' ) decoderhandler = tokendecoderhandler.TokenDecoderHandler(dc) ret = super(RouteMapMatchConditionTokenDecoder, self).decodeToken(dc) util.log_debug( 'The return value(RouteMapMatchConditionTokenDecoder): = %s' % (ret)) if ret <= 0: return ret cursor = util.TokenCursor(decoderhandler.getSearchTokens(), 1, None) tok = cursor.getNextToken() util.log_debug( 'The Token(RouteMapMatchConditionTokenDecoder) value is : = %s' % (tok)) if "ip" == tok: cursor.advance() if "address" == cursor.getNextToken(): cursor.advance() if "prefix-list" == cursor.getNextToken(): decoderhandler.addTokenValue("condition-type", "prefix-list") cursor.advance() util.log_debug( 'The return value under "prefix-list" if block is: = %s' % (ret)) return ret decoderhandler.addTokenValue("condition-type", "address") cursor.advance() util.log_debug( 'The final return value under "address" if block is: = %s' % (ret)) return ret conditionType = cursor.getNextToken() if conditionType is not None: tokenName = decoderutil.DecoderUtil().makeSiblingToken( decoderhandler.getTokenText(), "condition-type") util.log_debug('The tokenName under if block is: = %s' % (tokenName)) util.log_debug( 'The value under if block for conditionType is: = %s' % (conditionType)) decoderhandler.addTokenValue(tokenName, conditionType) util.log_debug('The final return value is: = %s' % (ret)) return ret except Exception: traceback.print_exc()
def decodeToken(self, dc): util.log_info('AclTokenDecoder: decodeToken') cursor = util.TokenCursor(None, -1, dc) action = cursor.getNextToken(-3) self.setToken(dc, "action", action) src = self.parseSourceCondition(dc, cursor) util.log_debug('The source condition') util.log_debug('src', src) dest = self.parseDestCondition(dc, cursor) util.log_debug('The destination condition') util.log_debug('dest', dest) util.log_debug('paramMap = %s' % (dc.getMap())) #LOGGER.info("[{}] ==> {}, {}", dc.getSearchTokens(), src, dest) return tokendecoderhandler.TokenDecoderHandler(dc).getSearchTokensSize( ) - tokendecoderhandler.TokenDecoderHandler(dc).getCurrentIndex()
def decodeVariables(self, cpc, dc, context): try: util.log_info('NewRouteVariableDecoder: Decoding variable') decoderhandler = tokendecoderhandler.TokenDecoderHandler(dc) cursor = util.TokenCursor(decoderhandler.getSearchTokens(), 2, None) self.parseNetwork(dc, cursor) self.parseInterfaceName(dc, cursor) self.parseNextHop(dc, cursor) self.parseName(dc, cursor) decoderhandler.addTokenValue( "id", Joiner.on(" ").join( decoderhandler.getCurrentBlock().getTokens())) except Exception: traceback.print_exc()
def decodeVariables(self, cpc, dc, context): try: util.log_info( 'CiscoStaticRouterVariableDecoder: Decoding variable') decoderhandler = tokendecoderhandler.TokenDecoderHandler(dc) cursor = util.TokenCursor(decoderhandler.getSearchTokens(), 2, None) self.parseVrf(dc, cursor) self.parseNetwork(dc, cursor) self.parseInterfaceName(dc, cursor) self.parseNextHop(dc, cursor) self.parseName(dc, cursor) self.parseTag(dc, cursor) self.parseMetric(dc, cursor) except Exception: traceback.print_exc()
def decodeVariables(self, cpc, dc, context): try: util.log_info( 'VtyVariableDecoder: Decoding variables for complete line vty configurations block' ) decoderhandler = tokendecoderhandler.TokenDecoderHandler(dc) cursor = util.TokenCursor(decoderhandler.getSearchTokens(), 0) self.parseName(dc, cursor) self.parseAcl(dc, cursor) self.parseAuthType(dc, cursor) self.parseTimeOut(dc, cursor) self.parseLogging(dc, cursor) self.parseHistorySize(dc, cursor) self.parsePrivilegeLevel(dc, cursor) self.parseTransportType(dc, cursor) except Exception: traceback.print_exc()
def decodeToken(self, dc): try: util.log_info('TrafficEngTokenDecoder: Decode token') decoderhandler = tokendecoderhandler.TokenDecoderHandler(dc) token = dc.getToken() value = decoderhandler.getValueAtCurrentIndex() util.log_debug('Value = %s' % (value)) dc.addTokenValue(token.getText(), value) if value == 'path-option': cursor = util.TokenCursor(None, 0, dc) path_number = cursor.getNextToken(1) dc.addTokenValue("/path-config/path-number", path_number) path_type = cursor.getNextToken(2) dc.addTokenValue("/path-config/path-type", path_type) else: return 1 except Exception: traceback.print_exc()
def decodeToken(self, dc): try: print 'RouterBgpRouterIdTokenDecoder: Decode token' decoderhandler = tokendecoderhandler.TokenDecoderHandler(dc) cursor = util.TokenCursor(decoderhandler.getSearchTokens(), 2, None) tokenText = decoderhandler.getTokenText() print 'Token text = %s' % (tokenText) value1 = decoderhandler.getValueAtCurrentIndex() print 'Value1 = %s' % (value1) cursor.advance() value2 = cursor.getNextToken() print 'Value2 = %s' % (value2) if value2 == None: decoderhandler.addTokenValue(tokenText, value1) else: decoderhandler.addTokenValue(tokenText, ("%s %s" % (value1, value2))) except Exception: traceback.print_exc()
def decodeVariables(self, cpc, dc, context): try: util.log_info('NewRouteVariableDecoder: Decoding variable') ROUTE_VRF = ["ip", "route", "vrf"] decoderhandler = tokendecoderhandler.TokenDecoderHandler(dc) if AnutaStringUtils.startsWith( decoderhandler.getCurrentBlockTokens(), ROUTE_VRF): return cursor = util.TokenCursor(decoderhandler.getSearchTokens(), 2, None) self.parseNetwork(dc, cursor) self.parseInterfaceName(dc, cursor) self.parseNextHop(dc, cursor) self.parseName(dc, cursor) decoderhandler.addTokenValue( "options/id", Joiner.on(" ").join( decoderhandler.getCurrentBlock().getTokens())) except Exception: traceback.print_exc()
def processNetwork(self, cpc, dc, context, block): util.log_debug('ObjectGroupVariableDecoder: processNetwork') decoderhandler = tokendecoderhandler.TokenDecoderHandler(dc) cursor = util.TokenCursor(block.getTokens(), 0, None) host = cursor.getNextToken() cursor.advance() ip = cursor.getNextToken() cursor.advance() if "host" == host: decoderhandler.addTokenValue("host", ip) decoderhandler.addTokenValue("name", Joiner.on(" ").join(block.getTokens())) return if InetAddressUtils.isIPv4Address(host): decoderhandler.addTokenValue("ip-address", host) decoderhandler.addTokenValue("netmask", ip) decoderhandler.addTokenValue("name", Joiner.on(" ").join(block.getTokens())) return if "group-object" == host: decoderhandler.addTokenValue("group-object", ip) decoderhandler.addTokenValue("name", Joiner.on(" ").join(block.getTokens())) return
def processAccessList(self, cpc, dc, context, block): util.log_info('AclRuleVariableDecoder: processAccessList') try: decoderhandler = tokendecoderhandler.TokenDecoderHandler(dc) cursor = util.TokenCursor(block.getTokens(), 2, None) aclType = '' aclName = '' aclType = cursor.getNextToken() cursor.advance() aclName = cursor.getNextToken() util.log_debug('The aclType: %s' % (aclType)) util.log_debug('The aclName: %s' % (aclName)) print aclType if aclType in ACCESS_TYPE: decoderhandler.addTokenValue("../../acl-type", aclType) else: decoderhandler.addTokenValue("../../name", aclType) decoderhandler.addTokenValue("../../name", aclName) except Exception: traceback.print_exc()
def decodeToken(self, dc): try: util.log_info('ClassMapMatchValueTokenDecoder decode token') decoderhandler = tokendecoderhandler.TokenDecoderHandler(dc) tokenText = decoderhandler.getTokenText() util.log_debug('Token text = %s' %(tokenText)) name = decoderhandler.getValueAtCurrentIndex() util.log_debug('Name = %s' %(name)) decoderhandler.addTokenValue(tokenText, name) cursor = util.TokenCursor(decoderhandler.getSearchTokens(), 1, None) conditionType = cursor.getNextToken() util.log_debug('Condition Type = %s' %(conditionType)) if ("ip" == conditionType and "dscp" == cursor.getNextToken(1)): conditionType = "ip-dscp" if conditionType is not None and conditionType in self.KNOWN_CONDITIONS: decoderhandler.addTokenValue(dc, self.replaceTokenName(tokenText, "condition-type"), conditionType) else: util.log_debug('Unknown condition type = %s'%(conditionType)) return 1 except Exception: traceback.print_exc()
def decodeVariables(self, cpc, dc, context): try: util.log_info( 'RoutePolicyEntriesVariableDecoder : Decoding variable') decoderhandler = tokendecoderhandler.TokenDecoderHandler(dc) cursor = util.TokenCursor(decoderhandler.getSearchTokens(), 0, None) value = decoderhandler.getCurrentBlockTokens() util.log_info("BLOCK : ", value) if not cursor.hasNext(): return util.log_info(cursor.getNextToken()) if cursor.getNextToken() == "route-policy": cursor.advance() util.log_info(cursor.getNextToken()) decoderhandler.addTokenValue("../name", cursor.getNextToken()) if cursor.getNextToken() == "if": cursor.advance() util.log_info(cursor.getNextToken()) if cursor.getNextToken() == "destination": cursor.advance() util.log_info(cursor.getNextToken()) if cursor.getNextToken() == "in": cursor.advance() util.log_info(cursor.getNextToken()) decoderhandler.addTokenValue("prefix-set", cursor.getNextToken()) if cursor.getNextToken() == "set": cursor.advance() util.log_info(cursor.getNextToken()) if cursor.getNextToken() == "med": cursor.advance() util.log_info(cursor.getNextToken()) decoderhandler.addTokenValue("med", cursor.getNextToken()) except Exception: traceback.print_exc()
def decodeToken(self, dc): try: util.log_info('RouterBgpAsnumberTokenDecoder(): Decode token') decoderhandler = tokendecoderhandler.TokenDecoderHandler(dc) current_block = decoderhandler.getCurrentBlock() cursor = util.TokenCursor(decoderhandler.getSearchTokens(), 2, None) tokenText = decoderhandler.getTokenText() print 'Token text = %s' % (tokenText) value = decoderhandler.getValueAtCurrentIndex() print 'Value1 = %s' % (value) decoderhandler.addTokenValue(tokenText, value) block = decoderhandler.getCurrentBlock() util.log_info('BLOCK for BGP:', block) lines_noformat = block.toString().split("\n") lines = [] for line in lines_noformat: if re.search('bgp redistribute-internal', line) is None: line = line.strip(' ') lines.append(line) else: lines.append(line) log_neighbor = '^bgp log-neighbor-changes$' redis_internal = '.*bgp redistribute-internal$' redis_internal_vrf = '.*bgp redistribute-internal$' def_inf = '^default-information originate$' router_id = '^bgp router-id' asoverride = 'as-override$' redistribute_connected = 'redistribute connected$' log_neighbor_found = False redis_internal_found = False redis_internal_found_vrf = False def_inf_found = False asoverride_found = False redistribute_connected_found = False for line in lines: if re.search(' vrf ', block.toString()) is None: log_neighbor_match = re.search(log_neighbor, line) if log_neighbor_match is not None: decoderhandler.addTokenValue("log-neighbor-changes", "true") log_neighbor_found = True if re.search(' vrf ', block.toString()) is None: router_id_match = re.search(router_id, line) if router_id_match is not None: decoderhandler.addTokenValue( "router-id", line.split('bgp router-id ')[1]) if re.search(' vrf ', block.toString()) is None: redis_internal_match = re.search(redis_internal, line) if redis_internal_match is not None: decoderhandler.addTokenValue("../../name", "GLOBAL") decoderhandler.addTokenValue("redistribute-internal", "true") redis_internal_found = True else: vrf = '' if re.search(' vrf ', line) is not None: vrf = line.split(' vrf ')[1] redis_internal_match = re.search(redis_internal_vrf, line) if redis_internal_match is not None: decoderhandler.addTokenValue("../../name", vrf) decoderhandler.addTokenValue("redistribute-internal", "true") redis_internal_found_vrf = True if re.search(' vrf ', block.toString()) is None: def_inf_match = re.search(def_inf, line) if def_inf_match is not None: decoderhandler.addTokenValue("../../name", "GLOBAL") decoderhandler.addTokenValue( "default-information-originate", "true") def_inf_found = True else: vrf = '' if re.search(' vrf ', line) is not None: vrf = line.split(' vrf ')[1] def_inf_match = re.search(def_inf, line) if def_inf_match is not None: decoderhandler.addTokenValue("../../name", vrf) decoderhandler.addTokenValue( "default-information-originate", "true") def_inf_found = True if re.search(' vrf ', block.toString()) is None: asoverride_match = re.search(asoverride, line) if asoverride_match is not None: decoderhandler.addTokenValue("../../name", "GLOBAL") decoderhandler.addTokenValue("$neighbor/as-override", "true") asoverride_found = True else: vrf = '' if re.search(' vrf ', line) is not None: vrf = line.split(' vrf ')[1] asoverride_match = re.search(asoverride, line) if asoverride_match is not None: decoderhandler.addTokenValue("../../name", vrf) decoderhandler.addTokenValue("$neighbor/as-override", "true") asoverride_found = True if re.search(' vrf ', block.toString()) is None: redistribute_connected_match = re.search( redistribute_connected, line) if redistribute_connected_match is not None: decoderhandler.addTokenValue("../../name", "GLOBAL") decoderhandler.addTokenValue("$redistribute/protocol", "connected") redistribute_connected_found = True else: vrf = '' if re.search(' vrf ', line) is not None: vrf = line.split(' vrf ')[1] redistribute_connected_match = re.search( redistribute_connected, line) if redistribute_connected_match is not None: decoderhandler.addTokenValue("../../name", vrf) decoderhandler.addTokenValue("$redistribute/protocol", "connected") redistribute_connected_found = True if not log_neighbor_found: decoderhandler.addTokenValue("log-neighbor-changes", "false") if not redis_internal_found and re.search( ' vrf ', block.toString()) is None: decoderhandler.addTokenValue("../../name", "GLOBAL") decoderhandler.addTokenValue("redistribute-internal", "false") elif not redis_internal_found_vrf and re.search( ' vrf ', block.toString()) is not None: vrf = '' for line in lines: if re.search(' vrf ', line) is not None: vrf = line.split(' vrf ')[1] decoderhandler.addTokenValue("../../name", vrf) decoderhandler.addTokenValue("redistribute-internal", "false") if not def_inf_found and re.search(' vrf ', block.toString()) is None: decoderhandler.addTokenValue("../../name", "GLOBAL") decoderhandler.addTokenValue("default-information-originate", "false") elif not def_inf_found and re.search(' vrf ', block.toString()) is not None: vrf = '' for line in lines: if re.search(' vrf ', line) is not None: vrf = line.split(' vrf ')[1] decoderhandler.addTokenValue("../../name", vrf) decoderhandler.addTokenValue("default-information-originate", "false") if not asoverride_found and re.search(' vrf ', block.toString()) is None: decoderhandler.addTokenValue("../../name", "GLOBAL") decoderhandler.addTokenValue("$neighbor/as-override", "false") elif not asoverride_found and re.search( ' vrf ', block.toString()) is not None: vrf = '' for line in lines: if re.search(' vrf ', line) is not None: vrf = line.split(' vrf ')[1] decoderhandler.addTokenValue("../../name", vrf) decoderhandler.addTokenValue("$neighbor/as-override", "false") for i in lines: if "bgp default ipv4-unicast" == i: decoderhandler.addTokenValue("$bgp-default-ipv4-unicast", "true") elif "no bgp default ipv4-unicast" == i: decoderhandler.addTokenValue("$bgp-default-ipv4-unicast", "false") except Exception: traceback.print_exc()
def processAclRule(self, cpc, dc, context, block): util.log_info('AclRuleVariableDecoder: processAclRule') acl_dict = [ 'linenumber,INT', 'action,ACTION', 'layer4protocol,PROTOCOL', 'service_obj_name,STRING', 'source_condition_type,SOURCE_CONDITION', 'source_ip,CIDR', 'source_mask,IP', 'source_obj_name,STRING', 'source_port_operator,PORT_OPERATORS', 'source_port,STRING', 'dest_condition_type,DEST_CONDITION', 'dest_ip,CIDR', 'dest_mask,IP', 'dest_obj_name,STRING', 'dest_port_operator,PORT_OPERATORS', 'dest_port,STRING', 'match_packets,MATCH_PKTS', 'precedence,STRING', 'extra_options,EXTRA_OPTIONS' ] ACTION = ["permit", "deny"] SOURCE_CONDITION = ["any", "host", "object-group", "addrgroup"] DEST_CONDITION = ["any", "host", "object-group", "addrgroup"] PORT_OPERATORS = ["eq", "gt", "lt", "neq", "range"] MATCH_PKTS = [ "dscp", "fragments", "log-input", "option", "precedence", "time-range", "tos", "ttl", "echo", "echo-reply", "tracked", "ttl-exceeded", "port-unreachable", "established" ] PROTOCOL = [ "object-group", "ahp", "eigrp", "esp", "gre", "icmp", "igmp", "ip", "ipinip", "nos", "ospf", "pcp", "pim", "tcp", "tcp-udp", "udp" ] EXTRA_OPTIONS = ["log"] PORT = [ "bgp", "chargen", "cmd", "daytime", "discard", "domain", "drip", "echo", "exec", "finger", "ftp", "ftp-data", "gopher", "hostname", "ident", "irc", "klogin", "kshell", "login", "lpd", "nntp", "onep-plain", "onep-tls", "pim-auto-rp", "pop2", "pop3", "smtp", "sunrpc", "tacacs", "talk", "telnet", "time", "uucp", "whois", "www", "msrpc", "biff", "bootpc", "bootps", "dnsix", "isakmp", "msrpc", "mobile-ip", "nameserver", "netbios-dgm", "netbios-ns", "netbios-ss", "non500-isakmp", "ntp", "rip", "snmp", "snmptrap", "syslog", "tftp", "who", "xdmcp" ] try: decoderhandler = tokendecoderhandler.TokenDecoderHandler(dc) cursor = util.TokenCursor(block.getTokens(), 0, None) tokens = block.getTokens() tokens = Joiner.on(" ").join(block.getTokens()) tokens = tokens.split(" ") print tokens found = False for token in tokens: for acl_action in ACTION: if token == acl_action: found = True if not found: util.log_debug( 'Does not look like a valid acl rule. rule = %s' % (tokens)) return i = 1 for j in range(i, len(tokens)): if j > 0 and j == len(tokens) - 1: if tokens[j - 1] in ACTION and InetAddressUtils.isIPv4Address( tokens[j]): tokens.insert(j, 'host') break else: if tokens[j - 1] in ACTION and InetAddressUtils.isIPv4Address( tokens[j] ) and not InetAddressUtils.isIPv4Address( tokens[j + 1]): tokens.insert(j, 'host') break util.log_info(tokens) decoderhandler.addTokenValue("$name", Joiner.on(" ").join(tokens)) i = 0 cidr_pattern = '^(\d{1,3}\.){3}\d{1,3}(/\d\d)$' host = False host_dest = False len_token = 0 for token in range(len_token, len(tokens)): if len_token == token: len_token += 1 for j in range(i, len(acl_dict)): options = acl_dict[j].split(',') yang_entity = options[0].replace('_', '-') i += 1 if options[1] == 'INT': if decoderhandler.isValidInteger(tokens[token]): util.log_info("1" + yang_entity + ":" + tokens[token]) decoderhandler.addTokenValue( yang_entity, tokens[token]) break elif options[1] == 'ACTION': if tokens[token] in ACTION: util.log_info("2" + yang_entity + ":" + tokens[token]) decoderhandler.addTokenValue( yang_entity, tokens[token]) break elif options[1] == 'PROTOCOL': if tokens[token] in PROTOCOL: util.log_info("3" + yang_entity + ":" + tokens[token]) decoderhandler.addTokenValue( yang_entity, tokens[token]) if tokens[token] != 'object-group': i += 1 break elif options[1] == 'STRING': if not InetAddressUtils.isIPv4Address( tokens[token] ) and tokens[token] not in SOURCE_CONDITION and tokens[ token] not in PORT_OPERATORS and tokens[ token] not in MATCH_PKTS and tokens[ token] not in PROTOCOL and tokens[ token] not in EXTRA_OPTIONS and re.search( cidr_pattern, tokens[token]) is None: util.log_info("4" + yang_entity + ":" + tokens[token]) if tokens[token].isdigit( ) or tokens[token] in PORT: all_ports = tokens[token] for custom_port in range( len_token, len(tokens)): if tokens[custom_port].isdigit( ) or tokens[custom_port] in PORT: all_ports += ' ' + tokens[ custom_port] len_token += 1 else: break util.log_info("4_1" + yang_entity + ":" + all_ports) decoderhandler.addTokenValue( yang_entity, all_ports) else: util.log_info("4_2" + yang_entity + ":" + tokens[token]) decoderhandler.addTokenValue( yang_entity, tokens[token]) break elif options[1] == 'SOURCE_CONDITION': if tokens[token] in SOURCE_CONDITION: util.log_info("5" + yang_entity + ":" + tokens[token]) if tokens[token] == 'any': i += 2 elif tokens[token] == 'host': host = True elif tokens[token] == 'object-group': tokens[token] = 'objectgroup' decoderhandler.addTokenValue( yang_entity, tokens[token]) break elif options[1] == 'CIDR': if InetAddressUtils.isIPv4Address(tokens[token]): util.log_info("13" + yang_entity + ":" + tokens[token]) decoderhandler.addTokenValue( yang_entity, tokens[token]) break elif re.search(cidr_pattern, tokens[token]) is not None: util.log_info("14" + yang_entity + ":" + tokens[token]) decoderhandler.addTokenValue( yang_entity, tokens[token]) i += 1 break elif options[1] == 'IP': prev_yang_entity = acl_dict[j - 1].split( ',')[0].replace('_', '-') if InetAddressUtils.isIPv4Address( tokens[token] ) and not host and prev_yang_entity == 'source-ip': util.log_info("6" + yang_entity + ":" + tokens[token]) decoderhandler.addTokenValue( yang_entity, tokens[token]) if yang_entity == 'source-mask': util.log_info("7" + yang_entity + ":" + tokens[token]) decoderhandler.addTokenValue( 'source-condition-type', 'cidr') break elif InetAddressUtils.isIPv4Address( tokens[token] ) and not host_dest and prev_yang_entity == 'dest-ip': util.log_info("6_1" + yang_entity + ":" + tokens[token]) decoderhandler.addTokenValue( yang_entity, tokens[token]) if yang_entity == 'dest-mask': util.log_info("8" + yang_entity + ":" + tokens[token]) decoderhandler.addTokenValue( 'dest-condition-type', 'cidr') break elif options[1] == 'PORT_OPERATORS': if tokens[token] in PORT_OPERATORS: util.log_info("9" + yang_entity + ":" + tokens[token]) decoderhandler.addTokenValue( yang_entity, tokens[token]) break elif options[1] == 'DEST_CONDITION': if tokens[token] in DEST_CONDITION: util.log_info("10" + yang_entity + ":" + tokens[token]) if tokens[token] == 'any': i += 2 elif tokens[token] == 'host': host_dest = True elif tokens[token] == 'object-group': tokens[token] = 'objectgroup' decoderhandler.addTokenValue( yang_entity, tokens[token]) break elif options[1] == 'MATCH_PKTS': if tokens[token] in MATCH_PKTS: util.log_info("11" + yang_entity + ":" + tokens[token]) decoderhandler.addTokenValue( yang_entity, tokens[token]) break elif options[1] == 'EXTRA_OPTIONS': if tokens[token] in EXTRA_OPTIONS: util.log_info("12" + yang_entity + ":" + tokens[token]) decoderhandler.addTokenValue( yang_entity, tokens[token]) break except Exception: traceback.print_exc()