Skip to content

Commit

Permalink
IOS: support ACL references in snmp-server group v3 (#5810)
Browse files Browse the repository at this point in the history 
Fix #5793
  • Loading branch information
@dhalperi
dhalperi committed May 13, 2020
1 parent acb47df commit 19cad80
Show file tree
Hide file tree
Showing 8 changed files with 344 additions and 156 deletions.
30 changes: 30 additions & 0 deletions projects/batfish/src/main/antlr4/org/batfish/grammar/cisco/CiscoLexer.g4
View file
Expand Up @@ -5165,6 +5165,11 @@ GREEN
GROUP
:
'group'
{
if (lastTokenType() == SNMP_SERVER) {
pushMode(M_Name);
}
}
;

GROUP_ALIAS
Expand Down Expand Up @@ -10432,6 +10437,11 @@ REACTION
'reaction'
;

READ
:
'read'
;

READ_ONLY_PASSWORD
:
'read-only-password'
Expand Down Expand Up @@ -14239,6 +14249,11 @@ UUCP_PATH
'uucp-path'
;

V1
:
'v1'
;

V1_RP_REACHABILITY
:
'v1-rp-reachability'
Expand All @@ -14249,6 +14264,16 @@ V2
'v2'
;

V2C
:
'v2c'
;

V3
:
'v3'
;

V4
:
'v4'
Expand Down Expand Up @@ -14901,6 +14926,11 @@ WRED_PROFILE
'wred-profile'
;

WRITE
:
'write'
;

WRITE_MEMORY
:
'write-memory'
Expand Down
35 changes: 34 additions & 1 deletion projects/batfish/src/main/antlr4/org/batfish/grammar/cisco/Cisco_snmp.g4
View file
Expand Up @@ -25,6 +25,7 @@ s_snmp_server
| ss_enable_trap
| ss_enable_traps
| ss_file_transfer
| ss_group
| ss_host
| ss_mib
| ss_null
Expand Down Expand Up @@ -81,6 +82,39 @@ ss_file_transfer
)? NEWLINE
;

ss_group
:
GROUP name = variable
(
ss_group_null
| ss_group_v3
)
;

ss_group_null
:
(V1 | V2C) null_rest_of_line
;

ss_view_name
:
name = variable
| quoted_name = double_quoted_string
;

ss_group_v3
:
V3
level = (AUTH | NOAUTH | PRIV)
(CONTEXT cname = variable)?
(MATCH mtype = (EXACT | PREFIX))?
(READ rview = ss_view_name)?
(WRITE wview = ss_view_name)?
(NOTIFY nview = ss_view_name)?
(ACCESS (v4acl = variable | IPV6 v6acl = variable))?
NEWLINE
;

ss_host
:
HOST
Expand Down Expand Up @@ -163,7 +197,6 @@ ss_null
| CONTEXT
| ENGINEID
| GLOBALENFORCEPRIV
| GROUP
| IFINDEX
| IFMIB
| LOCATION
Expand Down
21 changes: 21 additions & 0 deletions projects/batfish/src/main/java/org/batfish/grammar/cisco/CiscoControlPlaneExtractor.java
View file
Expand Up @@ -241,6 +241,8 @@
import static org.batfish.representation.cisco.CiscoStructureUsage.SNMP_SERVER_COMMUNITY_ACL4;
import static org.batfish.representation.cisco.CiscoStructureUsage.SNMP_SERVER_COMMUNITY_ACL6;
import static org.batfish.representation.cisco.CiscoStructureUsage.SNMP_SERVER_FILE_TRANSFER_ACL;
import static org.batfish.representation.cisco.CiscoStructureUsage.SNMP_SERVER_GROUP_V3_ACCESS;
import static org.batfish.representation.cisco.CiscoStructureUsage.SNMP_SERVER_GROUP_V3_ACCESS_IPV6;
import static org.batfish.representation.cisco.CiscoStructureUsage.SNMP_SERVER_SOURCE_INTERFACE;
import static org.batfish.representation.cisco.CiscoStructureUsage.SNMP_SERVER_TFTP_SERVER_LIST;
import static org.batfish.representation.cisco.CiscoStructureUsage.SNMP_SERVER_TRAP_SOURCE;
Expand Down Expand Up @@ -908,6 +910,7 @@
import org.batfish.grammar.cisco.CiscoParser.Ss_communityContext;
import org.batfish.grammar.cisco.CiscoParser.Ss_enable_trapsContext;
import org.batfish.grammar.cisco.CiscoParser.Ss_file_transferContext;
import org.batfish.grammar.cisco.CiscoParser.Ss_group_v3Context;
import org.batfish.grammar.cisco.CiscoParser.Ss_hostContext;
import org.batfish.grammar.cisco.CiscoParser.Ss_source_interfaceContext;
import org.batfish.grammar.cisco.CiscoParser.Ss_tftp_server_listContext;
Expand Down Expand Up @@ -8690,6 +8693,24 @@ public void exitSs_file_transfer(Ss_file_transferContext ctx) {
_configuration.referenceStructure(IP_ACCESS_LIST, acl, SNMP_SERVER_FILE_TRANSFER_ACL, line);
}

@Override
public void exitSs_group_v3(Ss_group_v3Context ctx) {
if (ctx.v4acl != null) {
_configuration.referenceStructure(
IPV4_ACCESS_LIST,
ctx.v4acl.getText(),
SNMP_SERVER_GROUP_V3_ACCESS,
ctx.v4acl.getStart().getLine());
}
if (ctx.v6acl != null) {
_configuration.referenceStructure(
IPV6_ACCESS_LIST,
ctx.v6acl.getText(),
SNMP_SERVER_GROUP_V3_ACCESS_IPV6,
ctx.v6acl.getStart().getLine());
}
}

@Override
public void exitSs_host(Ss_hostContext ctx) {
_currentSnmpHost = null;
Expand Down
2 changes: 2 additions & 0 deletions projects/batfish/src/main/java/org/batfish/representation/cisco/CiscoConfiguration.java
View file
Expand Up @@ -3470,6 +3470,7 @@ public List<Configuration> toVendorIndependentConfigurations() {
CiscoStructureUsage.PIM_SPT_THRESHOLD_ACL,
CiscoStructureUsage.ROUTE_MAP_MATCH_IPV4_ACCESS_LIST,
CiscoStructureUsage.SNMP_SERVER_COMMUNITY_ACL4,
CiscoStructureUsage.SNMP_SERVER_GROUP_V3_ACCESS,
CiscoStructureUsage.SSH_IPV4_ACL);
markIpv6Acls(
CiscoStructureUsage.BGP_NEIGHBOR_DISTRIBUTE_LIST_ACCESS6_LIST_IN,
Expand All @@ -3478,6 +3479,7 @@ public List<Configuration> toVendorIndependentConfigurations() {
CiscoStructureUsage.NTP_ACCESS_GROUP,
CiscoStructureUsage.ROUTE_MAP_MATCH_IPV6_ACCESS_LIST,
CiscoStructureUsage.SNMP_SERVER_COMMUNITY_ACL6,
CiscoStructureUsage.SNMP_SERVER_GROUP_V3_ACCESS_IPV6,
CiscoStructureUsage.SSH_IPV6_ACL,
CiscoStructureUsage.INTERFACE_IPV6_TRAFFIC_FILTER_IN,
CiscoStructureUsage.INTERFACE_IPV6_TRAFFIC_FILTER_OUT);
Expand Down
2 changes: 2 additions & 0 deletions projects/batfish/src/main/java/org/batfish/representation/cisco/CiscoStructureUsage.java
View file
Expand Up @@ -203,6 +203,8 @@ public enum CiscoStructureUsage implements StructureUsage {
SNMP_SERVER_COMMUNITY_ACL4("snmp server community ipv4 acl"),
SNMP_SERVER_COMMUNITY_ACL6("snmp server community ipv6 acl"),
SNMP_SERVER_FILE_TRANSFER_ACL("snmp server file transfer acl"),
SNMP_SERVER_GROUP_V3_ACCESS("snmp-server group v3 access"),
SNMP_SERVER_GROUP_V3_ACCESS_IPV6("snmp-server group v3 access ipv6"),
SNMP_SERVER_SOURCE_INTERFACE("snmp-server source-interface"),
SNMP_SERVER_TFTP_SERVER_LIST("snmp server tftp-server list"),
SNMP_SERVER_TRAP_SOURCE("snmp-server trap-source"),
Expand Down
2 changes: 2 additions & 0 deletions tests/parsing-tests/networks/unit-tests/configs/cisco_snmp
View file
Expand Up @@ -66,6 +66,8 @@ snmp-server enable traps vtp vlandelete
snmp-server engineID local 000000090200000652D6C000
snmp-server file-transfer access-group 8 protocol tftp
snmp-server group cenic-nms v2c IPv4 auth
snmp-server group V3GROUP v3 priv read V3READ access 50
snmp-server group V3GROUP v3 priv read V3READ access ipv6 snmp6
snmp-server host 10.1.2.3 xyx
snmp-server host 10.1.2.3 use-vrf management
snmp-server host 10.1.2.3 version 2c dummycommunity
Expand Down
36 changes: 30 additions & 6 deletions tests/parsing-tests/unit-tests-undefined.ref
View file
Expand Up @@ -1975,7 +1975,7 @@
"Lines" : {
"filename" : "configs/cisco_snmp",
"lines" : [
87
89
]
}
},
Expand All @@ -1987,7 +1987,7 @@
"Lines" : {
"filename" : "configs/cisco_snmp",
"lines" : [
89
91
]
}
},
Expand All @@ -1999,7 +1999,7 @@
"Lines" : {
"filename" : "configs/cisco_snmp",
"lines" : [
88
90
]
}
},
Expand Down Expand Up @@ -2028,6 +2028,18 @@
]
}
},
{
"File_Name" : "configs/cisco_snmp",
"Struct_Type" : "ipv4 acl",
"Ref_Name" : "50",
"Context" : "snmp-server group v3 access",
"Lines" : {
"filename" : "configs/cisco_snmp",
"lines" : [
69
]
}
},
{
"File_Name" : "configs/cisco_snmp",
"Struct_Type" : "ipv4 acl",
Expand Down Expand Up @@ -2109,7 +2121,7 @@
"Lines" : {
"filename" : "configs/cisco_snmp",
"lines" : [
92
94
]
}
},
Expand All @@ -2125,6 +2137,18 @@
]
}
},
{
"File_Name" : "configs/cisco_snmp",
"Struct_Type" : "ipv6 acl",
"Ref_Name" : "snmp6",
"Context" : "snmp-server group v3 access ipv6",
"Lines" : {
"filename" : "configs/cisco_snmp",
"lines" : [
70
]
}
},
{
"File_Name" : "configs/cisco_snmp",
"Struct_Type" : "ipv6 acl",
Expand Down Expand Up @@ -4168,10 +4192,10 @@
}
],
"summary" : {
"notes" : "Found 338 results",
"notes" : "Found 340 results",
"numFailed" : 0,
"numPassed" : 0,
"numResults" : 338
"numResults" : 340
}
}
]

0 comments on commit 19cad80

Please sign in to comment.