Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Project cisco acl parsing #14

Merged
merged 51 commits into from
Apr 23, 2020
Merged

Project cisco acl parsing #14

merged 51 commits into from
Apr 23, 2020

Conversation

cctechwiz
Copy link
Contributor

@cctechwiz cctechwiz commented Apr 7, 2020
edited
Loading

Closes #4

This PR includes the following enhancements to nmdb-import-cisco :

  • Documents format of cisco access-list rules
  • Parsing / saving access-list extended information into NetBooks, ServiceBooks, and RuleBooks
  • Parsing access-group information to show which rules are applied to a given interface
  • A full implementation of IpNetwork::setWildcardMask for contiguous masks

This PR does NOT include the following:

  • Parsing / saving access-list standard' information (logged as Notable`)
  • Marking / saving AcRules that have been defined but not applied (logged as Notable)
  • Exploding NetBooks, ServiceBook, or RuleBooks (since everything is currently global)

marshall-sg and others added 30 commits March 17, 2020 09:50
@marshall-sg
aligned with other parsers, device-id required
1bdb8ec
@marshall-sg
aligned with other parsers, device-id required, minor cleanup
29bab04
@marshall-sg
aligned with other parsers, device-id required
ba9ce35
@marshall-sg
aligned with other parsers, device-id required
153b8b8
@marshall-sg
fix variable issues
04fa2c5
@marshall-sg
ignoring swp files
c782125
@marshall-sg
small cleanup to logic
9fbf94d
@marshall-sg
cleaning up code, standardizing
bb56c23
Initial parsing started, logic is different enough from ASA it cannot be
d0941ee 
simply copied.

Mainly, the Cisco parser uses indentation to group the related rules
under a name. Whereas the ASA parser uses a new line for each rule.
Merge branch 'project-cisco-acl-parsing' of github.com:netmeld/netmel…
d70e5d0 
…d into project-cisco-acl-parsing
@marshall-sg
nxos logic cleanup and fix processing errors
c3d5f84
@marshall-sg
Merge branch 'project-cisco-acl-parsing' of github.com:netmeld/netmel…
93d99ca 
…d into project-cisco-acl-parsing
Added parser to handle rule with IpAddr and optional subnet mask
eeb4ee7
Parses protocol type rules now.
a519499
Added ANY rule to catch the last rule in the config I have been using
9cff38d
@marshall-sg
Merge remote-tracking branch 'origin/master' into project-cisco-acl-p…
9f4b3c5 
…arsing
@marshall-sg
modified list to maybe be relevant, not tested
b6395c2
@marshall-sg
Merge branch 'project-cisco-acl-parsing' of github.com:netmeld/netmel…
899a095 
…d into project-cisco-acl-parsing
Broke access-list {standard | extended} into separate rules.
2da8e92 
All parsing will currently only be done against extended rules.
Standard rules are logged as unsups.
@marshall-sg
bring inline with cisco-nxos parser feel
bb2d343
Finalized the rules and how they look in configs the cisco parser
be5e0b7 
handles (rules added in comments around parser logic).
Sketched out individual rules. Need to tie them to actions and data now.
6228e23
@marshall-sg
reworded functions to bin and make clearer, hopefully
5c7de55
@marshall-sg
cleaning up logic
c5472c1
Removed 'remark' function as it's not used right now.
e638949
@cctechwiz
Adding TODOs with comments
4307b55
@marshall-sg
Merge branch 'project-cisco-acl-parsing' of github.com:netmeld/netmel…
f325065 
…d into project-cisco-acl-parsing
@cctechwiz
Building AcRules/RuleBook from parsed data. Missing Ports in Service
ee4c9e1 
still.

There is also some clean up that can be done with merging rules and
returning data rather than calling functions for every sub-rule.
@marshall-sg
Update LICENSE
6109c5e 
testing to auto-populate
@cctechwiz
Added netBooks and serviceBooks to ruleBooks and saved data into them.
376f84d 
There are a few things left to do:
  - Use setWildcardMask (dummy implementation done)
  - Create parser for ip access-group
  - Create save logic in tool
  - Verify everything is saving correctly and looks the same as ASA
  parser
cctechwiz
cctechwiz commented Apr 7, 2020
View reviewed changes
Copy link
Contributor Author

@cctechwiz cctechwiz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I need to resolve comments and suggestions before merging.

LICENSE Show resolved Hide resolved
core/objects/IpNetwork.cpp Outdated Show resolved Hide resolved
importers/nmdb-import-cisco/Parser.hpp Outdated Show resolved Hide resolved
importers/nmdb-import-cisco/Parser.hpp Outdated Show resolved Hide resolved
importers/nmdb-import-cisco/Parser.cpp Outdated Show resolved Hide resolved
importers/nmdb-import-cisco/Parser.cpp Show resolved Hide resolved
importers/nmdb-import-cisco/Parser.cpp Outdated Show resolved Hide resolved
importers/nmdb-import-cisco/Parser.cpp Outdated Show resolved Hide resolved
importers/nmdb-import-cisco/Parser.cpp Outdated Show resolved Hide resolved
importers/nmdb-import-cisco/Parser.cpp Show resolved Hide resolved
@cctechwiz
Copy link
Contributor Author

My review is done, and I've changed everything but the last two items above that I want your input on.

marshall-sg
marshall-sg requested changes Apr 13, 2020
View reviewed changes
Copy link
Collaborator

@marshall-sg marshall-sg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See targeted notes for change info.

core/objects/IpNetwork.cpp Outdated Show resolved Hide resolved
LICENSE Show resolved Hide resolved
importers/nmdb-import-cisco/Parser.cpp Outdated Show resolved Hide resolved
importers/nmdb-import-cisco/Parser.cpp Outdated Show resolved Hide resolved
importers/nmdb-import-cisco/Parser.cpp Outdated Show resolved Hide resolved
importers/nmdb-import-cisco/Parser.hpp Outdated Show resolved Hide resolved
importers/nmdb-import-cisco/Parser.cpp Outdated Show resolved Hide resolved
importers/nmdb-import-cisco/Parser.cpp Show resolved Hide resolved
importers/nmdb-import-cisco/Parser.cpp Outdated Show resolved Hide resolved
importers/nmdb-import-cisco/Parser.cpp Show resolved Hide resolved
@marshall-sg marshall-sg added this to WIP: Week in FC#001 Apr 14, 2020
@marshall-sg marshall-sg removed this from WIP: Week in FC#001 Apr 14, 2020
cctechwiz and others added 14 commits April 14, 2020 15:08
@cctechwiz
Fixed license to show correctly as MIT
c5ebf6f
@cctechwiz
Update LICENSE
349dcfc
@cctechwiz
Implemented IpNetwork::setWildcardNetmask
6adda73
@cctechwiz
Fixing small change requests from RP, all marked as Done
bccd802
@cctechwiz
reduced all source and destination parsing to addressArgument. Regres…
cb672ae 
…sion has an extra 'any' Im figuring out
@cctechwiz
missed setting _val of the addressArgument for the simple cases, I th…
924372a 
…ought they would be implictly returned
@cctechwiz
changing deep dictionary access to global member pointer. This does n…
e29e5e5 
…ot translate as well to the other cisco parsers as I thought
@cctechwiz
removing commented code
3b885f9
@marshall-sg
fix incorrect construction of mask tests
8006bee
@marshall-sg
fix and clean up setNetmask, combined with setWildcard
5717e3f
@marshall-sg
more tests, setWildcardNetmask to setWildcardMask
ff4821d
@marshall-sg
re-added setWildcardMask error message on IPv6 mask, added note to test
93a8724
@cctechwiz
parsing out all needed parts for service-policy mapping, need to save…
9271d79 
… local and relate to interface next
@cctechwiz
Added saving for rules applied via service-policy
79a281d
cctechwiz
cctechwiz commented Apr 22, 2020
View reviewed changes
Copy link
Contributor Author

@cctechwiz cctechwiz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that covers all requested changes.

@marshall-sg marshall-sg self-assigned this Apr 23, 2020
@marshall-sg marshall-sg self-requested a review April 23, 2020 14:06
marshall-sg
marshall-sg approved these changes Apr 23, 2020
View reviewed changes
Copy link
Collaborator

@marshall-sg marshall-sg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the changes. Regression looks good.

@marshall-sg marshall-sg merged commit 437c628 into master Apr 23, 2020
@marshall-sg marshall-sg deleted the project-cisco-acl-parsing branch April 23, 2020 17:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@marshall-sg marshall-sg marshall-sg approved these changes

Assignees

@marshall-sg marshall-sg

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

ACL Processing for nmdb-import-cisco
2 participants
@cctechwiz @marshall-sg