IPAddress GetIPAddress(AccessListStepArgs args) { IPAddress ip = null; if (IPAddress.TryParse(args.Line, out ip)) { return(ip); } else { return(null); } }
void ParseAccessListStepByCollectionType(AccessListStepArgs args, ParserArgs parseArgs) { switch (args.CollectionType) { case AccessListStepType.SourceIPAddress: args.Acl.SourceIPGroup.IP = GetIPAddress(args); break; case AccessListStepType.SourceSubnet: args.Acl.SourceIPGroup.Subnet = GetIPAddress(args); break; case AccessListStepType.SourceAlias: args.Acl.SourceIPGroup.IPAlias = args.Line; break; case AccessListStepType.DestinationIPAddress: args.Acl.DestinationIPGroup.IP = GetIPAddress(args); break; case AccessListStepType.DestinationSubnet: args.Acl.DestinationIPGroup.Subnet = GetIPAddress(args); break; case AccessListStepType.DestinationAlias: args.Acl.DestinationIPGroup.IPAlias = args.Line; break; case AccessListStepType.SourcePort: args.Acl.SourceIPGroup.Port1 = args.Line; break; case AccessListStepType.SourceRange1: args.Acl.SourceIPGroup.Port1 = args.Line; args.CollectionType = AccessListStepType.SourceRange2; return; case AccessListStepType.SourceRange2: args.Acl.SourceIPGroup.Port2 = args.Line; break; case AccessListStepType.DestinationPort: args.Acl.DestinationIPGroup.Port1 = args.Line; break; case AccessListStepType.DestinationRange1: args.Acl.DestinationIPGroup.Port1 = args.Line; args.CollectionType = AccessListStepType.DestinationRange2; return; case AccessListStepType.DestinationRange2: args.Acl.DestinationIPGroup.Port2 = args.Line; break; case AccessListStepType.None: default: break; } args.CollectionType = AccessListStepType.None; }
void ParseExtendedAccessList(AccessList acl, ParserArgs parseArgs) { //access-list outside_cryptomap_8 extended permit ip 10.251.27.0 255.255.255.0 host 10.42.8.233 //access-list OpenSys_access_in extended deny ip any4 object DMZ-LAN //access-list mgmtzone_access_in extended permit udp object HPS_TP_PROD_LAN object-group HPS_remote_offices var lines = acl.LinesToProcess.Skip(1).ToList(); acl.Protocol = lines[0]; int sequence = 0; var stepArgs = new AccessListStepArgs() { Acl = acl }; //access-list inside_access_in extended permit object-group HPSNETMON_GRP object HPSNetMon1 any4 //access-list inside_access_in extended permit object-group client_to_mgmtzone_services any object mgmtzone_servers if (acl.Protocol.StartsWith(AccessList.ObjectTag)) { MicroManageExtendedAccessList(acl, lines); return; } foreach (var line in lines.Skip(1)) { stepArgs.Line = line; IPAddress ip = null; if (stepArgs.CollectionType != AccessListStepType.None) { ParseAccessListStepByCollectionType(stepArgs, parseArgs); } else if (GetIPAddress(line, out ip)) { if (!acl.SourceIPGroup.HasMinimumIPCriteria) { acl.SourceIPGroup.IP = ip; acl.SourceType = AccessList.SubnetTag; stepArgs.CollectionType = AccessListStepType.SourceSubnet; } else if (!acl.DestinationIPGroup.HasMinimumIPCriteria) { acl.DestinationIPGroup.IP = ip; acl.DestinationType = AccessList.SubnetTag; stepArgs.CollectionType = AccessListStepType.DestinationSubnet; } } else if (line.StartsWith(AccessList.ObjectTag)) { if (sequence == 0) { acl.SourceType = line; stepArgs.CollectionType = AccessListStepType.SourceAlias; } else { acl.DestinationType = line; stepArgs.CollectionType = AccessListStepType.DestinationAlias; } } else if (line == AccessList.HostTag) { if (!acl.SourceIPGroup.HasMinimumIPCriteria) { acl.SourceType = line; stepArgs.CollectionType = AccessListStepType.SourceIPAddress; } else { acl.DestinationType = line; stepArgs.CollectionType = AccessListStepType.DestinationIPAddress; } } else if (line.StartsWith(AccessList.IpWildCardPrefix)) { if (sequence == 0) { acl.SourceIPGroup.IPWildCard = line; } else { acl.DestinationIPGroup.IPWildCard = line; } } else if (AccessList.MatchConditionSymbol.ToList().Any(x => x == line.Trim())) { acl.PortMatchType = line; bool source = false; if (sequence <= 1 && !string.IsNullOrEmpty(acl.SourceIPGroup.IPWildCard)) { source = true; } else if (acl.SourceIPGroup.IPWildCard == acl.DestinationIPGroup.IPWildCard) { source = false; } else if (sequence <= 2 && acl.SourceIPGroup.HasMinimumIPCriteria) { source = true; } else { source = false; } if (source) { if (line == AccessList.PortRangeTag) { stepArgs.CollectionType = AccessListStepType.SourceRange1; } else { stepArgs.CollectionType = AccessListStepType.SourcePort; } } else { if (line == AccessList.PortRangeTag) { stepArgs.CollectionType = AccessListStepType.DestinationRange1; } else { stepArgs.CollectionType = AccessListStepType.DestinationPort; } } } else if (line.Contains(AccessList.HitCountPrefix)) { acl.HitCount = line.Replace("(", null) .Replace(")", null) .Split(new[] { "=" }, StringSplitOptions.RemoveEmptyEntries) .Last(); } else { stepArgs.CollectionType = AccessListStepType.DestinationPort; } sequence++; } }