Skip to content

Commit

Permalink
ASA: extract snmp source-interface and trap servers (#6456)
Browse files Browse the repository at this point in the history 
Split parser along ASA lines to better support this syntax.

Docs: https://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/monitor_snmp.html

Fix #6426
  • Loading branch information
@dhalperi
dhalperi committed Nov 24, 2020
1 parent d2398e8 commit 1300a11
Show file tree
Hide file tree
Showing 6 changed files with 133 additions and 70 deletions.
5 changes: 5 additions & 0 deletions projects/batfish/src/main/antlr4/org/batfish/grammar/cisco/CiscoLexer.g4
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9745,6 +9745,11 @@ POLICY_MAP_OUTPUT
'policy-map-output'
;

POLL
:
'poll'
;

POOL
:
'pool'
Expand Down
23 changes: 23 additions & 0 deletions projects/batfish/src/main/antlr4/org/batfish/grammar/cisco/Cisco_snmp.g4
View file
Original file line number Diff line number Diff line change
Expand Up @@ -118,6 +118,14 @@ ss_group_v3
ss_host
:
HOST
(
{isAsa()}? ss_host_asa
| {!isAsa()}? ss_host_generic
)
;

ss_host_generic
:
(
ip4 = IP_ADDRESS
| ip6 = IPV6_ADDRESS
Expand Down Expand Up @@ -147,6 +155,21 @@ ss_host
) NEWLINE
;

ss_host_asa
:
source_interface = variable
(
ip4 = IP_ADDRESS
| ip6 = IPV6_ADDRESS
| host = variable_snmp_host
)
event_type = (TRAP | POLL)?
(COMMUNITY comm = variable_snmp_host)?
(VERSION version = variable_snmp_host (username = variable_snmp_host)?)?
(UDP_PORT port)?
NEWLINE
;

ss_host_informs
:
INFORMS
Expand Down
38 changes: 26 additions & 12 deletions projects/batfish/src/main/java/org/batfish/grammar/cisco/CiscoControlPlaneExtractor.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -952,7 +952,8 @@
import org.batfish.grammar.cisco.CiscoParser.Ss_enable_trapsContext;
import org.batfish.grammar.cisco.CiscoParser.Ss_file_transferContext;
import org.batfish.grammar.cisco.CiscoParser.Ss_group_v3Context;
import org.batfish.grammar.cisco.CiscoParser.Ss_hostContext;
import org.batfish.grammar.cisco.CiscoParser.Ss_host_asaContext;
import org.batfish.grammar.cisco.CiscoParser.Ss_host_genericContext;
import org.batfish.grammar.cisco.CiscoParser.Ss_source_interfaceContext;
import org.batfish.grammar.cisco.CiscoParser.Ss_tftp_server_listContext;
import org.batfish.grammar.cisco.CiscoParser.Ss_trap_sourceContext;
Expand Down Expand Up @@ -1426,9 +1427,6 @@ private static String unquote(String text) {

private SnmpCommunity _currentSnmpCommunity;

@SuppressWarnings("unused")
private SnmpHost _currentSnmpHost;

private StandardAccessList _currentStandardAcl;

private StandardCommunityList _currentStandardCommunityList;
Expand Down Expand Up @@ -3645,7 +3643,29 @@ public void enterSs_community(Ss_communityContext ctx) {
}

@Override
public void enterSs_host(Ss_hostContext ctx) {
public void exitSs_host_generic(Ss_host_genericContext ctx) {
String hostname;
if (ctx.ip4 != null) {
hostname = ctx.ip4.getText();
} else if (ctx.ip6 != null) {
hostname = ctx.ip6.getText();
} else if (ctx.host != null) {
hostname = ctx.host.getText();
} else {
throw new BatfishException("Invalid host");
}
_configuration.getSnmpServer().getHosts().computeIfAbsent(hostname, SnmpHost::new);
}

@Override
public void exitSs_host_asa(Ss_host_asaContext ctx) {
String sourceInterface = ctx.source_interface.getText();
_configuration.setSnmpSourceInterface(sourceInterface);
_configuration.referenceStructure(
INTERFACE,
sourceInterface,
SNMP_SERVER_SOURCE_INTERFACE,
ctx.source_interface.getStart().getLine());
String hostname;
if (ctx.ip4 != null) {
hostname = ctx.ip4.getText();
Expand All @@ -3656,8 +3676,7 @@ public void enterSs_host(Ss_hostContext ctx) {
} else {
throw new BatfishException("Invalid host");
}
Map<String, SnmpHost> hosts = _configuration.getSnmpServer().getHosts();
_currentSnmpHost = hosts.computeIfAbsent(hostname, SnmpHost::new);
_configuration.getSnmpServer().getHosts().computeIfAbsent(hostname, SnmpHost::new);
}

@Override
Expand Down Expand Up @@ -9064,11 +9083,6 @@ public void exitSs_group_v3(Ss_group_v3Context ctx) {
}
}

@Override
public void exitSs_host(Ss_hostContext ctx) {
_currentSnmpHost = null;
}

@Override
public void exitSs_source_interface(Ss_source_interfaceContext ctx) {
String ifaceName = getCanonicalInterfaceName(ctx.iname.getText());
Expand Down
7 changes: 7 additions & 0 deletions projects/batfish/src/test/java/org/batfish/grammar/cisco/CiscoGrammarTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1306,6 +1306,13 @@ public void testAsaNestedServiceObjectGroup() throws IOException {
assertThat(c, hasIpAccessList(services, not(accepts(otherFlow, null, c))));
}

@Test
public void testAsaSnmp() throws IOException {
Configuration c = parseConfig("asa_snmp");
assertThat(c.getSnmpSourceInterface(), equalTo("inside"));
assertThat(c.getSnmpTrapServers(), contains("1.2.3.4"));
}

@Test
public void testCadantBanner() throws IOException {
Configuration c = parseConfig("cadant_banner");
Expand Down
7 changes: 7 additions & 0 deletions projects/batfish/src/test/resources/org/batfish/grammar/cisco/testconfigs/asa_snmp
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
! This is an ASA device.
ASA Version 9.9
!
hostname asa_snmp
!
snmp-server host inside 1.2.3.4 poll version 3 some_user
!
123 changes: 65 additions & 58 deletions tests/parsing-tests/unit-tests.ref
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6746,18 +6746,19 @@
" SNMP_SERVER:'snmp-server'",
" (ss_host",
" HOST:'host'",
" ip4 = IP_ADDRESS:'1.2.3.4'",
" (ss_host_version",
" VERSION:'version'",
" version = (variable_snmp_host",
" VARIABLE:'2c'))",
" comm_or_username = (variable_snmp_host",
" VARIABLE:'foofoo')",
" (variable_snmp_host",
" UDP_PORT:'udp-port')",
" (variable_snmp_host",
" DEC:'123')",
" NEWLINE:'\\n')))",
" (ss_host_generic",
" ip4 = IP_ADDRESS:'1.2.3.4'",
" (ss_host_version",
" VERSION:'version'",
" version = (variable_snmp_host",
" VARIABLE:'2c'))",
" comm_or_username = (variable_snmp_host",
" VARIABLE:'foofoo')",
" (variable_snmp_host",
" UDP_PORT:'udp-port')",
" (variable_snmp_host",
" DEC:'123')",
" NEWLINE:'\\n'))))",
" (stanza",
" (s_snmp_server",
" SNMP_SERVER:'snmp-server'",
Expand Down Expand Up @@ -13275,18 +13276,19 @@
" SNMP_SERVER:'snmp-server'",
" (ss_host",
" HOST:'host'",
" ip4 = IP_ADDRESS:'1.2.3.4'",
" (ss_host_name",
" NAME:'name'",
" name = (variable",
" VARIABLE:'\"1.2.3.4:1\"' <== mode:M_Name))",
" (ss_host_traps",
" TRAPS:'traps')",
" (ss_host_version",
" VERSION:'version'",
" version = (variable_snmp_host",
" V2C:'v2c'))",
" NEWLINE:'\\n')))",
" (ss_host_generic",
" ip4 = IP_ADDRESS:'1.2.3.4'",
" (ss_host_name",
" NAME:'name'",
" name = (variable",
" VARIABLE:'\"1.2.3.4:1\"' <== mode:M_Name))",
" (ss_host_traps",
" TRAPS:'traps')",
" (ss_host_version",
" VERSION:'version'",
" version = (variable_snmp_host",
" V2C:'v2c'))",
" NEWLINE:'\\n'))))",
" (stanza",
" (s_snmp_server",
" SNMP_SERVER:'snmp-server'",
Expand Down Expand Up @@ -35601,60 +35603,65 @@
" SNMP_SERVER:'snmp-server'",
" (ss_host",
" HOST:'host'",
" ip4 = IP_ADDRESS:'10.1.2.3'",
" comm_or_username = (variable_snmp_host",
" VARIABLE:'xyx')",
" NEWLINE:'\\n')))",
" (ss_host_generic",
" ip4 = IP_ADDRESS:'10.1.2.3'",
" comm_or_username = (variable_snmp_host",
" VARIABLE:'xyx')",
" NEWLINE:'\\n'))))",
" (stanza",
" (s_snmp_server",
" SNMP_SERVER:'snmp-server'",
" (ss_host",
" HOST:'host'",
" ip4 = IP_ADDRESS:'10.1.2.3'",
" (ss_host_use_vrf",
" USE_VRF:'use-vrf'",
" vrf = (variable",
" MANAGEMENT:'management'))",
" NEWLINE:'\\n')))",
" (ss_host_generic",
" ip4 = IP_ADDRESS:'10.1.2.3'",
" (ss_host_use_vrf",
" USE_VRF:'use-vrf'",
" vrf = (variable",
" MANAGEMENT:'management'))",
" NEWLINE:'\\n'))))",
" (stanza",
" (s_snmp_server",
" SNMP_SERVER:'snmp-server'",
" (ss_host",
" HOST:'host'",
" ip4 = IP_ADDRESS:'10.1.2.3'",
" (ss_host_version",
" VERSION:'version'",
" version = (variable_snmp_host",
" VARIABLE:'2c'))",
" comm_or_username = (variable_snmp_host",
" VARIABLE:'dummycommunity')",
" NEWLINE:'\\n')))",
" (ss_host_generic",
" ip4 = IP_ADDRESS:'10.1.2.3'",
" (ss_host_version",
" VERSION:'version'",
" version = (variable_snmp_host",
" VARIABLE:'2c'))",
" comm_or_username = (variable_snmp_host",
" VARIABLE:'dummycommunity')",
" NEWLINE:'\\n'))))",
" (stanza",
" (s_snmp_server",
" SNMP_SERVER:'snmp-server'",
" (ss_host",
" HOST:'host'",
" ip4 = IP_ADDRESS:'10.1.2.3'",
" (ss_host_use_vrf",
" VRF:'vrf'",
" vrf = (variable",
" VARIABLE:'mangement'))",
" NEWLINE:'\\n')))",
" (ss_host_generic",
" ip4 = IP_ADDRESS:'10.1.2.3'",
" (ss_host_use_vrf",
" VRF:'vrf'",
" vrf = (variable",
" VARIABLE:'mangement'))",
" NEWLINE:'\\n'))))",
" (stanza",
" (s_snmp_server",
" SNMP_SERVER:'snmp-server'",
" (ss_host",
" HOST:'host'",
" ip4 = IP_ADDRESS:'10.1.2.3'",
" (ss_host_informs",
" INFORMS:'informs')",
" (ss_host_version",
" VERSION:'version'",
" version = (variable_snmp_host",
" VARIABLE:'2c'))",
" comm_or_username = (variable_snmp_host",
" VARIABLE:'dummycommunity')",
" NEWLINE:'\\n')))",
" (ss_host_generic",
" ip4 = IP_ADDRESS:'10.1.2.3'",
" (ss_host_informs",
" INFORMS:'informs')",
" (ss_host_version",
" VERSION:'version'",
" version = (variable_snmp_host",
" VARIABLE:'2c'))",
" comm_or_username = (variable_snmp_host",
" VARIABLE:'dummycommunity')",
" NEWLINE:'\\n'))))",
" (stanza",
" (s_snmp_server",
" SNMP_SERVER:'snmp-server'",
Expand Down

0 comments on commit 1300a11

Please sign in to comment.