IPAddress GetIPAddress(AccessListStepArgs args)
{
IPAddress ip = null;
if (IPAddress.TryParse(args.Line, out ip))
{
return(ip);
}
else
{
return(null);
}
}
void ParseAccessListStepByCollectionType(AccessListStepArgs args, ParserArgs parseArgs)
{
switch (args.CollectionType)
{
case AccessListStepType.SourceIPAddress:
args.Acl.SourceIPGroup.IP = GetIPAddress(args);
break;
case AccessListStepType.SourceSubnet:
args.Acl.SourceIPGroup.Subnet = GetIPAddress(args);
break;
case AccessListStepType.SourceAlias:
args.Acl.SourceIPGroup.IPAlias = args.Line;
break;
case AccessListStepType.DestinationIPAddress:
args.Acl.DestinationIPGroup.IP = GetIPAddress(args);
break;
case AccessListStepType.DestinationSubnet:
args.Acl.DestinationIPGroup.Subnet = GetIPAddress(args);
break;
case AccessListStepType.DestinationAlias:
args.Acl.DestinationIPGroup.IPAlias = args.Line;
break;
case AccessListStepType.SourcePort:
args.Acl.SourceIPGroup.Port1 = args.Line;
break;
case AccessListStepType.SourceRange1:
args.Acl.SourceIPGroup.Port1 = args.Line;
args.CollectionType = AccessListStepType.SourceRange2;
return;
case AccessListStepType.SourceRange2:
args.Acl.SourceIPGroup.Port2 = args.Line;
break;
case AccessListStepType.DestinationPort:
args.Acl.DestinationIPGroup.Port1 = args.Line;
break;
case AccessListStepType.DestinationRange1:
args.Acl.DestinationIPGroup.Port1 = args.Line;
args.CollectionType = AccessListStepType.DestinationRange2;
return;
case AccessListStepType.DestinationRange2:
args.Acl.DestinationIPGroup.Port2 = args.Line;
break;
case AccessListStepType.None:
default:
break;
}
args.CollectionType = AccessListStepType.None;
}
void ParseExtendedAccessList(AccessList acl, ParserArgs parseArgs)
{
//access-list outside_cryptomap_8 extended permit ip 10.251.27.0 255.255.255.0 host 10.42.8.233
//access-list OpenSys_access_in extended deny ip any4 object DMZ-LAN
//access-list mgmtzone_access_in extended permit udp object HPS_TP_PROD_LAN object-group HPS_remote_offices
var lines = acl.LinesToProcess.Skip(1).ToList();
acl.Protocol = lines[0];
int sequence = 0;
var stepArgs = new AccessListStepArgs()
{
Acl = acl
};
//access-list inside_access_in extended permit object-group HPSNETMON_GRP object HPSNetMon1 any4
//access-list inside_access_in extended permit object-group client_to_mgmtzone_services any object mgmtzone_servers
if (acl.Protocol.StartsWith(AccessList.ObjectTag))
{
MicroManageExtendedAccessList(acl, lines);
return;
}
foreach (var line in lines.Skip(1))
{
stepArgs.Line = line;
IPAddress ip = null;
if (stepArgs.CollectionType != AccessListStepType.None)
{
ParseAccessListStepByCollectionType(stepArgs, parseArgs);
}
else if (GetIPAddress(line, out ip))
{
if (!acl.SourceIPGroup.HasMinimumIPCriteria)
{
acl.SourceIPGroup.IP = ip;
acl.SourceType = AccessList.SubnetTag;
stepArgs.CollectionType = AccessListStepType.SourceSubnet;
}
else if (!acl.DestinationIPGroup.HasMinimumIPCriteria)
{
acl.DestinationIPGroup.IP = ip;
acl.DestinationType = AccessList.SubnetTag;
stepArgs.CollectionType = AccessListStepType.DestinationSubnet;
}
}
else if (line.StartsWith(AccessList.ObjectTag))
{
if (sequence == 0)
{
acl.SourceType = line;
stepArgs.CollectionType = AccessListStepType.SourceAlias;
}
else
{
acl.DestinationType = line;
stepArgs.CollectionType = AccessListStepType.DestinationAlias;
}
}
else if (line == AccessList.HostTag)
{
if (!acl.SourceIPGroup.HasMinimumIPCriteria)
{
acl.SourceType = line;
stepArgs.CollectionType = AccessListStepType.SourceIPAddress;
}
else
{
acl.DestinationType = line;
stepArgs.CollectionType = AccessListStepType.DestinationIPAddress;
}
}
else if (line.StartsWith(AccessList.IpWildCardPrefix))
{
if (sequence == 0)
{
acl.SourceIPGroup.IPWildCard = line;
}
else
{
acl.DestinationIPGroup.IPWildCard = line;
}
}
else if (AccessList.MatchConditionSymbol.ToList().Any(x => x == line.Trim()))
{
acl.PortMatchType = line;
bool source = false;
if (sequence <= 1 && !string.IsNullOrEmpty(acl.SourceIPGroup.IPWildCard))
{
source = true;
}
else if (acl.SourceIPGroup.IPWildCard == acl.DestinationIPGroup.IPWildCard)
{
source = false;
}
else if (sequence <= 2 && acl.SourceIPGroup.HasMinimumIPCriteria)
{
source = true;
}
else
{
source = false;
}
if (source)
{
if (line == AccessList.PortRangeTag)
{
stepArgs.CollectionType = AccessListStepType.SourceRange1;
}
else
{
stepArgs.CollectionType = AccessListStepType.SourcePort;
}
}
else
{
if (line == AccessList.PortRangeTag)
{
stepArgs.CollectionType = AccessListStepType.DestinationRange1;
}
else
{
stepArgs.CollectionType = AccessListStepType.DestinationPort;
}
}
}
else if (line.Contains(AccessList.HitCountPrefix))
{
acl.HitCount = line.Replace("(", null)
.Replace(")", null)
.Split(new[] { "=" }, StringSplitOptions.RemoveEmptyEntries)
.Last();
}
else
{
stepArgs.CollectionType = AccessListStepType.DestinationPort;
}
sequence++;
}
}
