Skip to content

Commit

Permalink
FIXES networktocode#245 - CISCO_IOS_SHOW_IP_ACCESS-LISTS:
Browse files Browse the repository at this point in the history
* Fix issue where negative look-behind should be a positive look-behind for src ports
* Fix issue with missing  for log variable in standard acl regex
* Fix issue where ports can have multiple values if not a port range
* Add  as a potential port match
  • Loading branch information
jmcgill298 committed Oct 14, 2018
1 parent a60e619 commit 0f1a693
Show file tree
Hide file tree
Showing 3 changed files with 83 additions and 8 deletions.
14 changes: 7 additions & 7 deletions templates/cisco_ios_show_ip_access-lists.template
Original file line number Diff line number Diff line change
Expand Up @@ -7,16 +7,16 @@ Value SRC_HOST (\d+\.\d+\.\d+\.\d+)
Value SRC_ANY (any)
Value SRC_NETWORK (\d+\.\d+\.\d+\.\d+)
Value SRC_WILDCARD (\d+\.\d+\.\d+\.\d+)
Value SRC_PORT_MATCH (eq|range|lt|gt)
Value SRC_PORT ((?<!range\s)\S+)
Value SRC_PORT_RANGE_START ((?<!range\s)\S+)
Value SRC_PORT_MATCH (eq|neq|range|lt|gt)
Value SRC_PORT ((?<!range\s).+?)
Value SRC_PORT_RANGE_START ((?<=range\s)\S+)
Value SRC_PORT_RANGE_END (\S+)
Value DST_HOST (\d+\.\d+\.\d+\.\d+)
Value DST_ANY (any)
Value DST_NETWORK (\d+\.\d+\.\d+\.\d+)
Value DST_WILDCARD (\d+\.\d+\.\d+\.\d+)
Value DST_PORT_MATCH (eq|range|lt|gt)
Value DST_PORT ((?<!range\s)\S+)
Value DST_PORT_MATCH (eq|neq|range|lt|gt)
Value DST_PORT ((?<!range\s).+?)
Value DST_PORT_RANGE_START ((?<=range\s)\S+)
Value DST_PORT_RANGE_END (\S+)
Value LOG (log-input|log)
Expand All @@ -27,8 +27,8 @@ Value STATE (inactive|active)
Start
^(Standard|Extended) -> Continue.Clearall
^${ACL_TYPE}\s+IP\s+access\s+list\s+${ACL_NAME}\s* -> Record
^\s+${LINE_NUM}\s+${ACTION}\s+${PROTOCOL}\s+(host\s+${SRC_HOST}|${SRC_ANY}|${SRC_NETWORK}\s+${SRC_WILDCARD})(\s+${SRC_PORT_MATCH}\s+|)(${SRC_PORT_RANGE_START}\s+${SRC_PORT_RANGE_END}|${SRC_PORT}|)\s+(host\s+${DST_HOST}|${DST_ANY}|${DST_NETWORK}\s+${DST_WILDCARD})(\s+${DST_PORT_MATCH}\s+(${DST_PORT_RANGE_START}\s+${DST_PORT_RANGE_END}|${DST_PORT}|)|)(\s+${LOG}|)(\s+time-range\s+${TIME}\s+\(${STATE}\)|)\s* -> Record
^\s+${LINE_NUM}\s+${ACTION}\s+(${SRC_NETWORK},\s+wildcard\s+bits\s+${SRC_WILDCARD}|${SRC_HOST}|${SRC_ANY})(\s+{LOG}|)(\s+time-range\s+${TIME}\s+\(${STATE}\)|)\s* -> Record
^\s+${LINE_NUM}\s+${ACTION}\s+${PROTOCOL}\s+(host\s+${SRC_HOST}|${SRC_ANY}|${SRC_NETWORK}\s+${SRC_WILDCARD})(\s+${SRC_PORT_MATCH}\s+|)(${SRC_PORT_RANGE_START}\s+${SRC_PORT_RANGE_END}|${SRC_PORT}|)\s+(host\s+${DST_HOST}|${DST_ANY}|${DST_NETWORK}\s+${DST_WILDCARD})(\s+${DST_PORT_MATCH}\s+(${DST_PORT_RANGE_START}\s+${DST_PORT_RANGE_END}|${DST_PORT}|)|)(\s+${LOG}|)(\s+time-range\s+${TIME}\s+\(${STATE}\)|)\s*$$ -> Record
^\s+${LINE_NUM}\s+${ACTION}\s+(${SRC_NETWORK},\s+wildcard\s+bits\s+${SRC_WILDCARD}|${SRC_HOST}|${SRC_ANY})(\s+${LOG}|)(\s+time-range\s+${TIME}\s+\(${STATE}\)|)\s*$$ -> Record
^.* -> Error "Could not parse line:"

EOF
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ parsed_sample:
dst_port: ""
dst_port_range_start: ""
dst_port_range_end: ""
log: ""
log: "log"
time: ""
state: ""
- acl_type: "Standard"
Expand Down Expand Up @@ -311,6 +311,78 @@ parsed_sample:
log: "log"
time: "test2"
state: "inactive"
- acl_type: "Extended"
acl_name: "101"
line_num: "60"
action: "permit"
protocol: "udp"
src_host: ""
src_any: "any"
src_network: ""
src_wildcard: ""
src_port_match: "range"
src_port: ""
src_port_range_start: "16384"
src_port_range_end: "32767"
dst_host: ""
dst_any: ""
dst_network: "10.1.1.0"
dst_wildcard: "0.0.0.255"
dst_port_match: "range"
dst_port: ""
dst_port_range_start: "16384"
dst_port_range_end: "32767"
log: ""
time: ""
state: ""
- acl_type: "Extended"
acl_name: "101"
line_num: "70"
action: "permit"
protocol: "udp"
src_host: ""
src_any: "any"
src_network: ""
src_wildcard: ""
src_port_match: "eq"
src_port: "snmp bootpc"
src_port_range_start: ""
src_port_range_end: ""
dst_host: ""
dst_any: ""
dst_network: "10.1.0.0"
dst_wildcard: "0.0.0.255"
dst_port_match: ""
dst_port: ""
dst_port_range_start: ""
dst_port_range_end: ""
log: ""
time: ""
state: ""
- acl_type: "Extended"
acl_name: "101"
line_num: "80"
action: "permit"
protocol: "tcp"
src_host: ""
src_any: ""
src_network: "10.0.0.0"
src_wildcard: "0.255.255.255"
src_port_match: "eq"
src_port: "telnet ssh http 8080"
src_port_range_start: ""
src_port_range_end: ""
dst_host: "10.1.0.0"
dst_any: ""
dst_network: ""
dst_wildcard: ""
dst_port_match: "neq"
dst_port: "telnet ssh"
dst_port_range_start: ""
dst_port_range_end: ""
log: ""
time: ""
state: ""
- acl_type: "Extended"
acl_name: "sample"
line_num: ""
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,9 @@ Extended IP access list 101
30 permit ahp any any log-input
40 permit ahp any any log-input time-range test (active)
50 permit ip any host 10.1.10.11 log time-range test2 (inactive)
60 permit udp any range 16384 32767 10.1.1.0 0.0.0.255 range 16384 32767
70 permit udp any eq snmp bootpc 10.1.0.0 0.0.0.255
80 permit tcp 10.0.0.0 0.255.255.255 eq telnet ssh http 8080 host 10.1.0.0 neq telnet ssh
Extended IP access list sample
10 permit tcp host 10.10.37.18 host 10.10.37.17 eq bgp
20 permit tcp host 10.10.37.18 eq bgp host 10.10.37.17
Expand Down

0 comments on commit 0f1a693

Please sign in to comment.