def decodeToken(self, dc): try: util.log_info( 'CryptoProfileMatchIpAddressTokenDecoder: Decode token') decoderhandler = tokendecoderhandler.TokenDecoderHandler(dc) tokenText = decoderhandler.getTokenText() util.log_debug('Token text = %s' % (tokenText)) cursor = util.TokenCursor(None, -1, dc) ipAddress = cursor.getNextToken() util.log_debug('IpAddress = %s' % (ipAddress)) cursor.advance() decoderhandler.addTokenValue( decoderutil.DecoderUtil().makeSiblingToken( tokenText, "ip-address"), ipAddress) value = cursor.getNextToken() util.log_debug('Value = %s' % (value)) if value is None: return decoderhandler.getSearchTokens().size( ) - decoderhandler.getCurrentIndex() if (InetAddressUtils.isIPv4Address(value)): decoderhandler.addTokenValue( decoderutil.DecoderUtil().makeSiblingToken( tokenText, "netmask"), value) cursor.advance() value = cursor.getNextToken() if value is not None: decoderhandler.addTokenValue( decoderutil.DecoderUtil().makeSiblingToken( tokenText, "vrf-name"), value) return decoderhandler.getSearchTokensSize( ) - decoderhandler.getCurrentIndex() except Exception: traceback.print_exc()
def processService(self, cpc, dc, context, block): util.log_debug('ObjectGroupServiceVariableDecoder: processNetwork') compare = ['eq', 'lt', 'gt', 'range'] ip_protocol_list = [ 'ahp', 'eigrp', 'esp', 'gre', 'icmp', 'igmp', 'ip', 'ipinip', 'nos', 'ospf', 'pcp', 'pim' ] decoderhandler = tokendecoderhandler.TokenDecoderHandler(dc) lines = block.toString().split("\n") lines = [line.strip(' ') for line in lines] util.log_info('BLOCK for obj service:', block) for line in lines: words = line.split(' ') if words[0].isdigit(): decoderhandler.addTokenValue("name", words[0]) decoderhandler.addTokenValue("ip-protocol", words[0]) return elif words[0] in ip_protocol_list: decoderhandler.addTokenValue("name", words[0]) decoderhandler.addTokenValue("protocol", words[0]) return elif words[0] == 'group-object': util.log_debug('ObjectGroup') else: if InetAddressUtils.isIPv4Address( words[0]) or words[0] == 'host': return decoderhandler.addTokenValue("protocol", words[0]) if len(words) - 1 >= 1: if words[1] == 'source': decoderhandler.addTokenValue("operation", words[1]) if words[2] in compare: decoderhandler.addTokenValue("compare", words[2]) decoderhandler.addTokenValue("port", words[3]) if words[2] == 'range': decoderhandler.addTokenValue("end-port", words[4]) decoderhandler.addTokenValue( "name", Joiner.on(" ").join(block.getTokens())) elif words[1] in compare: decoderhandler.addTokenValue("compare", words[1]) decoderhandler.addTokenValue("port", words[2]) if words[1] == 'range': decoderhandler.addTokenValue("end-port", words[3]) decoderhandler.addTokenValue( "name", Joiner.on(" ").join(block.getTokens())) else: if words[0] == 'group-object': decoderhandler.addTokenValue("group-object", words[1]) else: decoderhandler.addTokenValue("port", words[1]) decoderhandler.addTokenValue( "name", Joiner.on(" ").join(block.getTokens()))
def parseVrf(self, dc, cursor): util.log_debug('NewVrfRouteVariableDecoder: parseVrf') decoderhandler = tokendecoderhandler.TokenDecoderHandler(dc) if not cursor.hasNext(): return if "vrf" == cursor.getNextToken(): cursor.advance() if not InetAddressUtils.isIPv4Address(cursor.getNextToken()): decoderhandler.addTokenValue("../../../name", cursor.getNextToken()) decoderhandler.addTokenValue("vrf-name", cursor.getNextToken()) cursor.advance()
def parseInterfaceName(self, dc, cursor): util.log_debug('CiscoStaticRouterVariableDecoder: parseInterfaceName') decoderhandler = tokendecoderhandler.TokenDecoderHandler(dc) if not cursor.hasNext(): return if not InetAddressUtils.isIPv4Address(cursor.getNextToken()): util.log_debug( 'CiscoStaticRouterVariableDecoder(parseInterfaceName): interface-name next token is = %s' % (cursor.getNextToken())) decoderhandler.addTokenValue("interface-name", cursor.getNextToken()) cursor.advance()
def decodeToken(self, dc): try: util.log_info('TrackIpTokenDecoder: ') decoderhandler = tokendecoderhandler.TokenDecoderHandler(dc) tokenText = decoderhandler.getTokenText() util.log_debug('Token text = %s' % (tokenText)) value = decoderhandler.getValueAtCurrentIndex() util.log_debug('Value = %s' % (value)) if value is not None and InetAddressUtils.isIPv4Address(value): decoderhandler.addTokenValue(tokenText, value) except Exception: traceback.print_exc()
def decodeToken(self, dc): try: util.log_info('MasterIpTokenDecoder: Decoding variable') decoderhandler = tokendecoderhandler.TokenDecoderHandler(dc) util.log_debug("Block is : ", decoderhandler.getCurrentBlock()) tokenText = decoderhandler.getTokenText() util.log_debug("Text :", tokenText) tokenValue = decoderhandler.getValueAtCurrentIndex() util.log_debug("Value :", tokenValue) if tokenValue is not None and InetAddressUtils.isIPv4Address( tokenValue): decoderhandler.addTokenValue(tokenText, tokenValue) except Exception: traceback.print_exc()
def parseNextHop(self, dc, cursor): util.log_debug( 'NewVrfRouteVariableDecoder: parse NextHop if it is a ip-address else will check for VRF info and assign' ) decoderhandler = tokendecoderhandler.TokenDecoderHandler(dc) if not cursor.hasNext(): return if InetAddressUtils.isIPv4Address(cursor.getNextToken()): decoderhandler.addTokenValue("next-hop-ip", cursor.getNextToken()) cursor.advance() return if "vrf" == cursor.getNextToken(): cursor.advance() decoderhandler.addTokenValue("vrf-name", cursor.getNextToken()) cursor.advance()
def parseInterfaceName(self, dc, cursor): util.log_debug( 'NewVrfRouteVariableDecoder: will parse InterfaceName if exists else if it is a Ip-addess assign it to Next-hop-ip' ) decoderhandler = tokendecoderhandler.TokenDecoderHandler(dc) if not cursor.hasNext(): return next = cursor.getNextToken() if not InetAddressUtils.isIPv4Address(next): decoderhandler.addTokenValue("interface-name", cursor.getNextToken()) cursor.advance() else: decoderhandler.addTokenValue("next-hop-ip", cursor.getNextToken()) cursor.advance()
def parseVrf(self, dc, cursor): util.log_debug('CiscoStaticRouterVariableDecoder: parseVrf') decoderhandler = tokendecoderhandler.TokenDecoderHandler(dc) if not cursor.hasNext(): return if cursor.getNextToken() == "vrf": util.log_debug( 'CiscoStaticRouterVariableDecoder(parseVrf) next token is vrf') cursor.advance() if not InetAddressUtils.isIPv4Address(cursor.getNextToken()): util.log_debug( 'CiscoStaticRouterVariableDecoder(parseVrf): next token is = %s' % (cursor.getNextToken())) decoderhandler.addTokenValue("../../name", cursor.getNextToken()) cursor.advance()
def decodeToken(self, dc): try: util.log_info( 'NtpServerTokenDecoder: Decode token for Ntp server ip-address leaf value' ) decoderhandler = tokendecoderhandler.TokenDecoderHandler(dc) tokenText = decoderhandler.getTokenText() util.log_info('NTP Server Token text = %s' % (tokenText)) value = decoderhandler.getValueAtCurrentIndex() util.log_info('NTP Server Value = %s' % (value)) if value is not None and InetAddressUtils.isIPv4Address(value): decoderhandler.addTokenValue('ntp-server-address', value) return 1 else: return -1 except Exception: traceback.print_exc()
def decodeToken(self, dc): try: util.log_info( 'NatStaticTokenDecoder: Decode token for inside-global-ip leaf value' ) decoderhandler = tokendecoderhandler.TokenDecoderHandler(dc) tokenText = decoderhandler.getTokenText() util.log_debug('Token text = %s' % (tokenText)) value = decoderhandler.getValueAtCurrentIndex() util.log_debug('Value = %s' % (value)) if value is not None and InetAddressUtils.isIPv4Address(value): decoderhandler.addTokenValue(tokenText, value) return 1 else: return -1 except Exception: traceback.print_exc()
def decodeToken(self, dc): try: util.log_info('SlaDestinationPortTokenDecoder: Decode token') decoderhandler = tokendecoderhandler.TokenDecoderHandler(dc) token = dc.getToken() value = decoderhandler.getValueAtCurrentIndex() util.log_debug('Value = %s' % (value)) dest_port_pattern = '^\d+$' dest_port_match = re.search(dest_port_pattern, value) if InetAddressUtils.isIPv4Address( value) or dest_port_match is None: return 1 dc.addTokenValue(token.getText(), value) return 1 except Exception: traceback.print_exc()
def decodeToken(self, dc): try: util.log_info( 'BgpNeighborTokenDecoder: Decode token for Bgp neighbor ip-address leaf value' ) decoderhandler = tokendecoderhandler.TokenDecoderHandler(dc) block = decoderhandler.getCurrentBlock() command_block = block.toString().split('\n') commands = [] for cmds in command_block: commands.append(str(cmds.strip())) util.log_info("Commands: ", commands) for i in commands: commands_1 = i.split() util.log_info("Commands1: ", commands_1) if "bfd" and "fall-over" in commands_1: decoderhandler.addTokenValue("bfd-fall-over", "true") elif "no" and "bfd" and "fall-over" in commands_1: decoderhandler.addTokenValue("bfd-fall-over", "false") tokenText = decoderhandler.getTokenText() util.log_info('Token text = %s' % (tokenText)) value = decoderhandler.getValueAtCurrentIndex() util.log_info('Value = %s' % (value)) if value is not None and InetAddressUtils.isIPv4Address(value): decoderhandler.addTokenValue(tokenText, value) bgp_boolean = [ "send-community", "next-hop-self", "soft-reconfiguration", "allowas-in", "next-hop-unchanged", "route-reflector-client", "as-override", "weight" ] for bgp_b in bgp_boolean: if bgp_b == "weight": if "weight" in commands_1: decoderhandler.addTokenValue( "weight", commands_1[-1]) elif bgp_b in commands_1: decoderhandler.addTokenValue(bgp_b, "true") return 1 else: return -1 except Exception: traceback.print_exc()
def processNetwork(self, cpc, dc, context, block): util.log_debug('ObjectGroupVariableDecoder: processNetwork') decoderhandler = tokendecoderhandler.TokenDecoderHandler(dc) cursor = util.TokenCursor(block.getTokens(), 0, None) host = cursor.getNextToken() cursor.advance() ip = cursor.getNextToken() cursor.advance() if "host" == host: decoderhandler.addTokenValue("host", ip) decoderhandler.addTokenValue("name", Joiner.on(" ").join(block.getTokens())) return if InetAddressUtils.isIPv4Address(host): decoderhandler.addTokenValue("ip-address", host) decoderhandler.addTokenValue("netmask", ip) decoderhandler.addTokenValue("name", Joiner.on(" ").join(block.getTokens())) return if "group-object" == host: decoderhandler.addTokenValue("group-object", ip) decoderhandler.addTokenValue("name", Joiner.on(" ").join(block.getTokens())) return
def matchToken(self, configParserContext, configToken, idx, toks): value = toks.get(idx) if value is not None and InetAddressUtils.isIPv4Address(value): return 1 else: return -1
def processAclRule(self, cpc, dc, context, block): util.log_info('AclRuleVariableDecoder: processAclRule') acl_dict = [ 'linenumber,INT', 'action,ACTION', 'layer4protocol,PROTOCOL', 'service_obj_name,STRING', 'source_condition_type,SOURCE_CONDITION', 'source_ip,CIDR', 'source_mask,IP', 'source_obj_name,STRING', 'source_port_operator,PORT_OPERATORS', 'source_port,STRING', 'dest_condition_type,DEST_CONDITION', 'dest_ip,CIDR', 'dest_mask,IP', 'dest_obj_name,STRING', 'dest_port_operator,PORT_OPERATORS', 'dest_port,STRING', 'match_packets,MATCH_PKTS', 'precedence,STRING', 'extra_options,EXTRA_OPTIONS' ] ACTION = ["permit", "deny"] SOURCE_CONDITION = ["any", "host", "object-group", "addrgroup"] DEST_CONDITION = ["any", "host", "object-group", "addrgroup"] PORT_OPERATORS = ["eq", "gt", "lt", "neq", "range"] MATCH_PKTS = [ "dscp", "fragments", "log-input", "option", "precedence", "time-range", "tos", "ttl", "echo", "echo-reply", "tracked", "ttl-exceeded", "port-unreachable", "established" ] PROTOCOL = [ "object-group", "ahp", "eigrp", "esp", "gre", "icmp", "igmp", "ip", "ipinip", "nos", "ospf", "pcp", "pim", "tcp", "tcp-udp", "udp" ] EXTRA_OPTIONS = ["log"] PORT = [ "bgp", "chargen", "cmd", "daytime", "discard", "domain", "drip", "echo", "exec", "finger", "ftp", "ftp-data", "gopher", "hostname", "ident", "irc", "klogin", "kshell", "login", "lpd", "nntp", "onep-plain", "onep-tls", "pim-auto-rp", "pop2", "pop3", "smtp", "sunrpc", "tacacs", "talk", "telnet", "time", "uucp", "whois", "www", "msrpc", "biff", "bootpc", "bootps", "dnsix", "isakmp", "msrpc", "mobile-ip", "nameserver", "netbios-dgm", "netbios-ns", "netbios-ss", "non500-isakmp", "ntp", "rip", "snmp", "snmptrap", "syslog", "tftp", "who", "xdmcp" ] try: decoderhandler = tokendecoderhandler.TokenDecoderHandler(dc) cursor = util.TokenCursor(block.getTokens(), 0, None) tokens = block.getTokens() tokens = Joiner.on(" ").join(block.getTokens()) tokens = tokens.split(" ") print tokens found = False for token in tokens: for acl_action in ACTION: if token == acl_action: found = True if not found: util.log_debug( 'Does not look like a valid acl rule. rule = %s' % (tokens)) return i = 1 for j in range(i, len(tokens)): if j > 0 and j == len(tokens) - 1: if tokens[j - 1] in ACTION and InetAddressUtils.isIPv4Address( tokens[j]): tokens.insert(j, 'host') break else: if tokens[j - 1] in ACTION and InetAddressUtils.isIPv4Address( tokens[j] ) and not InetAddressUtils.isIPv4Address( tokens[j + 1]): tokens.insert(j, 'host') break util.log_info(tokens) decoderhandler.addTokenValue("$name", Joiner.on(" ").join(tokens)) i = 0 cidr_pattern = '^(\d{1,3}\.){3}\d{1,3}(/\d\d)$' host = False host_dest = False len_token = 0 for token in range(len_token, len(tokens)): if len_token == token: len_token += 1 for j in range(i, len(acl_dict)): options = acl_dict[j].split(',') yang_entity = options[0].replace('_', '-') i += 1 if options[1] == 'INT': if decoderhandler.isValidInteger(tokens[token]): util.log_info("1" + yang_entity + ":" + tokens[token]) decoderhandler.addTokenValue( yang_entity, tokens[token]) break elif options[1] == 'ACTION': if tokens[token] in ACTION: util.log_info("2" + yang_entity + ":" + tokens[token]) decoderhandler.addTokenValue( yang_entity, tokens[token]) break elif options[1] == 'PROTOCOL': if tokens[token] in PROTOCOL: util.log_info("3" + yang_entity + ":" + tokens[token]) decoderhandler.addTokenValue( yang_entity, tokens[token]) if tokens[token] != 'object-group': i += 1 break elif options[1] == 'STRING': if not InetAddressUtils.isIPv4Address( tokens[token] ) and tokens[token] not in SOURCE_CONDITION and tokens[ token] not in PORT_OPERATORS and tokens[ token] not in MATCH_PKTS and tokens[ token] not in PROTOCOL and tokens[ token] not in EXTRA_OPTIONS and re.search( cidr_pattern, tokens[token]) is None: util.log_info("4" + yang_entity + ":" + tokens[token]) if tokens[token].isdigit( ) or tokens[token] in PORT: all_ports = tokens[token] for custom_port in range( len_token, len(tokens)): if tokens[custom_port].isdigit( ) or tokens[custom_port] in PORT: all_ports += ' ' + tokens[ custom_port] len_token += 1 else: break util.log_info("4_1" + yang_entity + ":" + all_ports) decoderhandler.addTokenValue( yang_entity, all_ports) else: util.log_info("4_2" + yang_entity + ":" + tokens[token]) decoderhandler.addTokenValue( yang_entity, tokens[token]) break elif options[1] == 'SOURCE_CONDITION': if tokens[token] in SOURCE_CONDITION: util.log_info("5" + yang_entity + ":" + tokens[token]) if tokens[token] == 'any': i += 2 elif tokens[token] == 'host': host = True elif tokens[token] == 'object-group': tokens[token] = 'objectgroup' decoderhandler.addTokenValue( yang_entity, tokens[token]) break elif options[1] == 'CIDR': if InetAddressUtils.isIPv4Address(tokens[token]): util.log_info("13" + yang_entity + ":" + tokens[token]) decoderhandler.addTokenValue( yang_entity, tokens[token]) break elif re.search(cidr_pattern, tokens[token]) is not None: util.log_info("14" + yang_entity + ":" + tokens[token]) decoderhandler.addTokenValue( yang_entity, tokens[token]) i += 1 break elif options[1] == 'IP': prev_yang_entity = acl_dict[j - 1].split( ',')[0].replace('_', '-') if InetAddressUtils.isIPv4Address( tokens[token] ) and not host and prev_yang_entity == 'source-ip': util.log_info("6" + yang_entity + ":" + tokens[token]) decoderhandler.addTokenValue( yang_entity, tokens[token]) if yang_entity == 'source-mask': util.log_info("7" + yang_entity + ":" + tokens[token]) decoderhandler.addTokenValue( 'source-condition-type', 'cidr') break elif InetAddressUtils.isIPv4Address( tokens[token] ) and not host_dest and prev_yang_entity == 'dest-ip': util.log_info("6_1" + yang_entity + ":" + tokens[token]) decoderhandler.addTokenValue( yang_entity, tokens[token]) if yang_entity == 'dest-mask': util.log_info("8" + yang_entity + ":" + tokens[token]) decoderhandler.addTokenValue( 'dest-condition-type', 'cidr') break elif options[1] == 'PORT_OPERATORS': if tokens[token] in PORT_OPERATORS: util.log_info("9" + yang_entity + ":" + tokens[token]) decoderhandler.addTokenValue( yang_entity, tokens[token]) break elif options[1] == 'DEST_CONDITION': if tokens[token] in DEST_CONDITION: util.log_info("10" + yang_entity + ":" + tokens[token]) if tokens[token] == 'any': i += 2 elif tokens[token] == 'host': host_dest = True elif tokens[token] == 'object-group': tokens[token] = 'objectgroup' decoderhandler.addTokenValue( yang_entity, tokens[token]) break elif options[1] == 'MATCH_PKTS': if tokens[token] in MATCH_PKTS: util.log_info("11" + yang_entity + ":" + tokens[token]) decoderhandler.addTokenValue( yang_entity, tokens[token]) break elif options[1] == 'EXTRA_OPTIONS': if tokens[token] in EXTRA_OPTIONS: util.log_info("12" + yang_entity + ":" + tokens[token]) decoderhandler.addTokenValue( yang_entity, tokens[token]) break except Exception: traceback.print_exc()