1 /* 2 * Argus Software 3 * Copyright (c) 2000-2016 QoSient, LLC 4 * All rights reserved. 5 * 6 * This program is free software; you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License as published by 8 * the Free Software Foundation; either version 2, or (at your option) 9 * any later version. 10 11 * This program is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 * GNU General Public License for more details. 15 16 * You should have received a copy of the GNU General Public License 17 * along with this program; if not, write to the Free Software 18 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 19 * 20 */ 21 22 /* 23 * $Id: //depot/argus/clients/include/rapolicy.h#17 $ 24 * $DateTime: 2016/06/01 15:17:28 $ 25 * $Change: 3148 $ 26 */ 27 28 29 #ifndef RaPolicy_h 30 #define RaPolicy_h 31 32 #ifdef __cplusplus 33 extern "C" { 34 #endif 35 36 #define ARGUS_POLICY_SHOW_DENY 0x01 37 #define ARGUS_POLICY_LABEL_ALL 0x02 38 #define ARGUS_POLICY_LABEL_LOG 0x04 39 #define ARGUS_POLICY_PERMIT_OTHERS 0x08 40 #define ARGUS_POLICY_DUMP_POLICY 0x10 41 #define ARGUS_POLICY_LABEL_IMPLICIT 0x20 42 #define ARGUS_POLICY_JUST_LABEL 0x40 43 44 45 #define DEFAULT_POLICY "rapolicy.conf" 46 #define POLICY_STRING "access-list" 47 #define PREFIX_STRING "prefix-list" 48 49 #define POLICYFIELDNUM 9 50 51 #define POLICYSTRING 0 52 #define POLICYID 1 53 #define POLICYACTION 2 54 #define POLICYPROTO 3 55 #define POLICYSRC 4 56 #define POLICYSRCPORT 5 57 #define POLICYDST 6 58 #define POLICYDSTPORT 7 59 #define POLICYNOTIFICATION 8 60 #define POLICYCOMPLETE 9 61 #define POLICYREMARK 10 62 #define POLICYSEQUENCE 11 63 64 #define POLICYERRORNUM 14 65 #define POLICYERR_NOACL 0 66 #define POLICYERR_NOID 1 67 #define POLICYERR_NOACTION 2 68 #define POLICYERR_NOPROTO 3 69 #define POLICYERR_NOSRCADR 4 70 #define POLICYERR_NOSRCMSK 5 71 #define POLICYERR_SP_ACT 6 72 #define POLICYERR_SPORT 7 73 #define POLICYERR_NODSTADR 8 74 #define POLICYERR_NODSTMSK 9 75 #define POLICYERR_DP_ACT 10 76 #define POLICYERR_DPORT 11 77 #define POLICYERR_NONOTE 12 78 #define POLICYERR_NOSEQ 13 79 80 #define POLICYTESTCRITERIA 5 81 82 #define POLICYTESTPROTO 0 83 #define POLICYTESTSRC 1 84 #define POLICYTESTSRCPORT 2 85 #define POLICYTESTDST 3 86 #define POLICYTESTDSTPORT 4 87 88 #define RA_PERMIT 0x10000 89 #define RA_DENY 0x20000 90 #define RA_COMMENT 0x40000 91 92 #define RA_PROTO_SET 0x0001 93 #define RA_SRC_SET 0x0002 94 #define RA_DST_SET 0x0004 95 #define RA_SRCPORT_SET 0x0008 96 #define RA_DSTPORT_SET 0x0010 97 #define RA_TCPFLG_SET 0x0020 98 #define RA_PREC_SET 0x0040 99 #define RA_TOS_SET 0x0080 100 #define RA_LOG_SET 0x0100 101 #define RA_DSCP_SET 0x0200 102 #define RA_EST_SET 0x0400 103 #define RA_ICMP_SET 0x0800 104 #define RA_IGMP_SET 0x1000 105 106 107 #define RA_EQ 0x01 108 #define RA_LT 0x02 109 #define RA_GT 0x04 110 #define RA_NEQ 0x08 111 #define RA_RANGE 0x10 112 113 #define RA_FIN 0x0001 114 #define RA_SYN 0x0002 115 #define RA_RST 0x0004 116 #define RA_PSH 0x0008 117 #define RA_ACK 0x0010 118 #define RA_URG 0x0020 119 #define RA_ECE 0x0040 120 #define RA_CWR 0x0080 121 #define RA_NS 0x0100 122 123 #define ICMPCodeAny 99 124 125 #define RA_SRCROUTED 0x01 126 #define RA_IPACCESSLIST 0x02 127 #define RA_PREFIXLIST 0x04 128 #define RA_ETHERTYPEACCESSLIST 0x08 129 #define RA_ETHERADDRACCESSLIST 0x10 130 131 struct ArgusNetStruct { 132 arg_int32 operator; 133 arg_uint32 addr; 134 arg_uint32 mask; 135 }; 136 137 struct RaPolicyPolicyStruct { 138 struct RaPolicyPolicyStruct *prv, *nxt; 139 char *policyID; 140 arg_uint8 TCPflags, tos, precedence, dscp; 141 arg_uint8 ICMPtype, ICMPcode, IGMPtype; 142 arg_int32 type, flags, seq, tags; 143 long long hitCount, hitPkts, hitBytes; 144 arg_uint32 line; 145 arg_uint16 IPoptions; 146 arg_uint16 proto, src_port_low, src_port_hi; 147 arg_uint16 dst_port_low, dst_port_hi, src_action, dst_action; 148 arg_int32 notification; 149 struct ArgusNetStruct src, dst; 150 char *str; 151 char *labelStr; 152 }; 153 154 155 #if defined(RA_POLICY_C) 156 157 158 /**************************************************************************************** 159 * Some basic definitions for the finite state machine that controls the parsing of the 160 * Access Control List entries 161 * *************************************************************************************/ 162 163 /**************************************************************************************** 164 * The states which are effectively the row index of a two-dimensional array of entry_t 165 * structures containing the next state and a pointer to a function called at the current state 166 * Using enum avoids the need to have a static value for the highest valid state number 167 * S_FINAL the entry that sets the number of rows in the state event table array. 168 * Values beyond S_FINAL are flags and are defined to avoid compiler warnings 169 * ************************************************************************************/ 170 171 enum states { 172 S_START, 173 S_NUMACL, 174 S_STDACL, 175 S_STDADDR, 176 S_GETADDR, 177 S_GETWC, 178 S_EXTACL, 179 S_EXTSADDR, 180 S_EXTGETSWC, 181 S_EXTGETSADDR, 182 S_EXTSPORT, 183 S_EXTGETSPORT, 184 S_EXTGETSPORT1, 185 S_EXTGETSPORT2, 186 S_EXTDADDR, 187 S_EXTGETDWC, 188 S_EXTGETDADDR, 189 S_EXTDPORT, 190 S_EXTGETDPORT, 191 S_EXTGETDPORT1, 192 S_EXTGETDPORT2, 193 S_TAGS, 194 S_NAMACL, 195 S_DONE, 196 S_FINAL, // defines the number of rows in the state event table 197 // anything beyond this comment is a valid value (no compiler warning) but is really an in band indicator 198 S_LOCAL = 1000, // no chage in the current state 199 S_NONE // the state cannot be determined always an indication of failure 200 }; 201 202 typedef enum states states_t; 203 204 /* Sometimes it's nice to be able to print the names of the states */ 205 206 char *stateNames[] = { 207 "S_START", "S_NUMACL", "S_STDACL", "S_STDADDR", "S_GETADDR", "S_GETWC", "S_EXTACL", "S_EXTSADDR", "S_EXTGETSWC", "S_EXTGETSADDR", "S_EXTSPORT", "S_EXTGETSPORT", 208 "S_EXTGETSPORT1", "S_EXTGETSPORT2", "S_EXTDADDR", "S_EXTGETDWC", "S_EXTGETDADDR", "S_EXTDPORT", "S_EXTGETDPORT", "S_EXTGETDPORT1", "S_EXTGETDPORT2", "S_TAGS", 209 "S_NAMACL", "S_DONE", "S_FINAL", "S_LOCAL", "S_NONE" }; 210 211 /**************************************************************************************** 212 * The events which are effectively the column index of a two-dimensional array of entry_t 213 * structures containing the next state and a pointer to a function called at the current state 214 * Using enum avoids the need to have a static value for the highest valid event number 215 * E_FINAL is the entry that sets the number of columns in the state event table array. 216 * Values beyond E_FINAL are flags and are defined to avoid compiler warnings 217 * ************************************************************************************/ 218 enum events { 219 E_ACL, // "access-list" 220 E_ACTION, // "permit" "deny" 221 E_ANY, //"any" 222 E_HOST, // "host" 223 E_QUAD, // a.b.c.d 224 E_INTEGER, // nnnn 225 E_EOL, // \n 226 E_STD, // "standard" or ACL number 1-99 or ?-? 227 E_EXT, // "extended" or ACL number 100-199 or x-x 228 E_REMARK, // "remark" 229 E_IP, // "ip" 230 E_ICMP, // "icmp" 231 E_IGMP, // "igmp" 232 E_UDP, // "udp" 233 E_TCP, // "tcp" 234 E_PROTO, // any of the other protocols: ah eigrp esp gre igrp ipinip nos ospf 235 E_PORTUDP, // any service name that is valid as a Cisco UDP port 236 E_PORTTCP, // any service name that is valid as a Cisco TCP port 237 E_PORTIP, // any service name that is valis as either TCP or UDP 238 E_UNARY, // any of the unary relational operators lt eq gt ne 239 E_BINARY, // the binary relational operator range 240 E_TOS, // "tos" 241 E_LOG, // "log" 242 E_IGMPTYPE, // any of the valid IGMP type names 243 E_ICMPCODE, // any of the valid ICMP code names 244 E_ICMPMSG, // any of the valid ICMP message names 245 E_EST, // "est[ablished]" 246 E_FLAGS, // named TCP flags ack syn urg push rst fin 247 E_PRECEDENCE, // Precedence Value 248 E_PRFLG, // "precedence" 249 E_TOSVAL, // TOS value name 250 E_DSCPFLG, // "dscp" 251 E_DSCPVAL, // any of the DiffServ values 252 E_IPOPT, // any of the IP Header options values 253 E_IGNORE, // Anything that we recognize but do not process 254 E_RAWTEXT, // any unclassified ascii string 255 E_FINAL, // defines the number of columns in the state event table 256 E_NULL = 1000 // a function must either return E_NULL or an event token less than E_FINAL which is treated as an injected event 257 }; 258 259 typedef enum events events_t; 260 261 /* And their printable names */ 262 263 char *eventNames[] = { 264 "E_ACL", "E_ACTION", "E_ANY", "E_HOST", "E_QUAD", "E_INTEGER", "E_EOL", "E_STD", "E_EXT", "E_REMARK", "E_IP", "E_ICMP", "E_IGMP","E_UDP", 265 "E_TCP", "E_PROTO","E_PORTUDP","E_PORTTCP","E_PORTIP","E_UNARY","E_BINARY","E_TOS","E_LOG", "E_IGMPTYPE","E_ICMPCODE", "E_ICMPMSG", 266 "E_EST", "E_FLAGS","E_PRECEDENCE","E_PRFLG","E_TOSVAL", "E_DSCPFLG","E_DSCPVAL","E_IPOPT","E_IGNORE","E_RAWTEXT","E_FINAL","E_NULL"}; 267 268 269 270 /* Function prototypes for the the parser actions */ 271 272 events_t terror(struct RaPolicyPolicyStruct *policy, char *token); 273 events_t initACL(struct RaPolicyPolicyStruct *policy, char *token); 274 events_t initEXT(struct RaPolicyPolicyStruct *policy, char *token); 275 events_t procACLnum(struct RaPolicyPolicyStruct *policy, char *token); 276 events_t saveName(struct RaPolicyPolicyStruct *policy, char *token); 277 events_t notYet(struct RaPolicyPolicyStruct *policy, char *token); 278 events_t setAction(struct RaPolicyPolicyStruct *policy, char *token); 279 events_t setsAddr(struct RaPolicyPolicyStruct *policy, char *token); 280 events_t setswc(struct RaPolicyPolicyStruct *policy, char *token); 281 events_t setsany(struct RaPolicyPolicyStruct *policy, char *token); 282 events_t setdAddr(struct RaPolicyPolicyStruct *policy, char *token); 283 events_t setdwc(struct RaPolicyPolicyStruct *policy, char *token); 284 events_t setdany(struct RaPolicyPolicyStruct *policy, char *token); 285 events_t finished(struct RaPolicyPolicyStruct *policy, char *token); 286 events_t getSeq(struct RaPolicyPolicyStruct *policy, char *token); 287 events_t setsrel(struct RaPolicyPolicyStruct *policy, char *token); 288 events_t setdrel(struct RaPolicyPolicyStruct *policy, char *token); 289 events_t setProto(struct RaPolicyPolicyStruct *policy, char *token); 290 events_t setsport(struct RaPolicyPolicyStruct *policy, char *token); 291 events_t setdport(struct RaPolicyPolicyStruct *policy, char *token); 292 events_t setsport2(struct RaPolicyPolicyStruct *policy, char *token); 293 events_t setdport2(struct RaPolicyPolicyStruct *policy, char *token); 294 events_t setsportname(struct RaPolicyPolicyStruct *policy, char *token); 295 events_t setdportname(struct RaPolicyPolicyStruct *policy, char *token); 296 events_t flagLog(struct RaPolicyPolicyStruct *policy, char *token); 297 events_t setIGMP(struct RaPolicyPolicyStruct *policy, char *token); 298 events_t setICMPcode(struct RaPolicyPolicyStruct *policy, char *token); 299 events_t setICMPmsg(struct RaPolicyPolicyStruct *policy, char *token); 300 events_t setEst(struct RaPolicyPolicyStruct *policy, char *token); 301 events_t setTCPflag(struct RaPolicyPolicyStruct *policy, char *token); 302 events_t getRemark(struct RaPolicyPolicyStruct *policy, char *token); 303 events_t flagTOS(struct RaPolicyPolicyStruct *policy, char *token); 304 events_t flagPrecedence(struct RaPolicyPolicyStruct *policy, char *token); 305 events_t setPrecValue(struct RaPolicyPolicyStruct *policy, char *token); 306 events_t setTOSvalue(struct RaPolicyPolicyStruct *policy, char *token); 307 events_t flagDSCP(struct RaPolicyPolicyStruct *policy, char *token); 308 events_t setDSCPvalue(struct RaPolicyPolicyStruct *policy, char *token); 309 events_t idle(struct RaPolicyPolicyStruct *policy, char *token); 310 events_t setProtoParameter(struct RaPolicyPolicyStruct *policy, char *token); 311 312 events_t tokenize( char *token); 313 314 /******************************************************************************************************* 315 * The actual state event table for Cisco IOS Access Control List Entries 316 * It will handle standard and extended IP access lists in either the 317 * numbered or named variations. The FSM populates a single instance of 318 * a RaPolicyPolicyStruct structure which is joined to a linked list of 319 * these structure which is traversed for each flow until a match is found 320 * 321 * Standard Named: 322 * ip access-list standard standard-named-list-sample 323 * permit 10.1.1.0 0.0.0.255 324 * deny any 325 * 326 * Extended Named: 327 * ip access-list extended extended-named-list-sample 328 * permit udp any gt 5000 host 10.1.1.2 eq 53 log 329 * permit tcp 10.1.1.0 0.0.0.255 range 5000 5002 host 10.1.1.7 tos max-reliability log 330 * 331 * Standard Numbered: 332 * access-list 10 permit 10.1.1.0 0.0.0.255 333 * access-list 10 deny any 334 * 335 * Extended Numbered: 336 * access-list 110 permit udp any gt host 5000 host 10.1.1.2 eq 53 log 337 * access-list 110 permit tcp 10.1.1.0 0.0.0.255 range 500 5002 host 10.1.1.7 tos max-reliability log 338 * 339 * NB: This set of values was selected to provide accurate parsing of a well formed access list 340 * it is not a syntax checker and it is very apt to accept access lists that are not syntactically 341 * valid. The ideal input to rapolicy() is an access list taken from the output of "show running" which, 342 * by definition, is in good form. 343 * 344 * ****************************************************************************************************/ 345 346 typedef struct { 347 states_t nextState; 348 events_t (* fn) (struct RaPolicyPolicyStruct *policy, char *token); 349 } entry_t; 350 351 entry_t stateTable[(int) S_FINAL][(int) E_FINAL] = { 352 { //S_START 353 {S_NUMACL, initACL}, //E_ACL 354 {S_EXTACL, setAction}, //E_ACTION 355 {S_NONE, terror}, //E_ANY 356 {S_NONE, terror}, //E_HOST 357 {S_NONE, terror}, //E_QUAD 358 {S_START, getSeq}, //E_INTEGER 359 {S_NONE, terror}, //E_EOL 360 {S_NONE, terror}, //E_STD 361 {S_NONE, terror}, //E_EXT 362 {S_DONE, getRemark}, //E_REMARK, 363 {S_NAMACL, initEXT}, //E_IP, 364 {S_NONE, terror}, //E_ICMP, 365 {S_NONE, terror}, //E_IGMP, 366 {S_NONE, terror}, //E_UDP, 367 {S_NONE, terror}, //E_TCP, 368 {S_NONE, terror}, //E_PROTO 369 {S_NONE, terror}, //E_PORTUDP, 370 {S_NONE, terror}, //E_PORTTCP, 371 {S_NONE, terror}, //E_PORTIP, 372 {S_NONE, terror}, //E_UNARY, 373 {S_NONE, terror}, //E_BINARY, 374 {S_NONE, terror}, //E_TOS, 375 {S_NONE, terror}, //E_LOG, 376 {S_NONE, terror}, //E_IGMPTYPE, 377 {S_NONE, terror}, //E_ICMPCODE, 378 {S_NONE, terror}, //E_ICMPMSG, 379 {S_NONE, terror}, //E_EST, 380 {S_NONE, terror}, //E_FLAGS, 381 {S_NONE, terror}, //E_PRECEDENCE, 382 {S_NONE, terror}, //E_PRFLG, 383 {S_NONE, terror}, //E_TOSVAL 384 {S_NONE, terror}, //E_DSCPFLG 385 {S_NONE, terror}, //E_DSCPVAL 386 {S_NONE, terror}, //E_IPOPT, 387 {S_LOCAL, idle}, //E_IGNORE, 388 {S_NONE, terror}, //E_RAWTEXT, 389 }, 390 391 { //S_NUMACL 392 {S_NONE, terror}, //E_ACL 393 {S_NONE, terror}, //E_ACTION 394 {S_NONE, terror}, //E_ANY 395 {S_NONE, terror}, //E_HOST 396 {S_NONE, terror}, //E_QUAD 397 {S_NUMACL, procACLnum}, //E_INTEGER 398 {S_NUMACL, terror}, //E_EOL 399 {S_STDACL, saveName}, //E_STD 400 {S_EXTACL, saveName}, //E_EXT 401 {S_DONE, getRemark}, //E_REMARK, 402 {S_NONE, terror}, //E_IP, 403 {S_NONE, terror}, //E_ICMP, 404 {S_NONE, terror}, //E_IGMP, 405 {S_NONE, terror}, //E_UDP, 406 {S_NONE, terror}, //E_TCP, 407 {S_NONE, terror}, //E_PROTO 408 {S_NONE, terror}, //E_PORTUDP, 409 {S_NONE, terror}, //E_PORTTCP, 410 {S_NONE, terror}, //E_PORTIP, 411 {S_NONE, terror}, //E_UNARY, 412 {S_NONE, terror}, //E_BINARY, 413 {S_NONE, terror}, //E_TOS, 414 {S_NONE, terror}, //E_LOG, 415 {S_NONE, terror}, //E_IGMPTYPE, 416 {S_NONE, terror}, //E_ICMPCODE, 417 {S_NONE, terror}, //E_ICMPMSG, 418 {S_NONE, terror}, //E_EST, 419 {S_NONE, terror}, //E_FLAGS, 420 {S_NONE, terror}, //E_PRECEDENCE, 421 {S_NONE, terror}, //E_PRFLG, 422 {S_NONE, terror}, //E_TOSVAL 423 {S_NONE, terror}, //E_DSCPFLG 424 {S_NONE, terror}, //E_DSCPVAL 425 {S_NONE, terror}, //E_IPOPT, 426 {S_LOCAL, idle}, //E_IGNORE, 427 {S_NONE, terror}, //E_RAWTEXT, 428 }, 429 430 { //S_STDACL 431 {S_NONE, terror}, //E_ACL 432 {S_STDADDR, setAction}, //E_ACTION 433 {S_NONE, terror}, //E_ANY 434 {S_NONE, terror}, //E_HOST 435 {S_NONE, terror}, //E_QUAD 436 {S_NONE, terror}, //E_INTEGER 437 {S_NONE, terror}, //E_EOL 438 {S_NONE, terror}, //E_STD 439 {S_NONE, terror}, //E_EXT 440 {S_DONE, getRemark}, //E_REMARK, 441 {S_NONE, terror}, //E_IP, 442 {S_NONE, terror}, //E_ICMP, 443 {S_NONE, terror}, //E_IGMP, 444 {S_NONE, terror}, //E_UDP, 445 {S_NONE, terror}, //E_TCP, 446 {S_NONE, terror}, //E_PROTO 447 {S_NONE, terror}, //E_PORTUDP, 448 {S_NONE, terror}, //E_PORTTCP, 449 {S_NONE, terror}, //E_PORTIP, 450 {S_NONE, terror}, //E_UNARY, 451 {S_NONE, terror}, //E_BINARY, 452 {S_NONE, terror}, //E_TOS, 453 {S_NONE, terror}, //E_LOG, 454 {S_NONE, terror}, //E_IGMPTYPE, 455 {S_NONE, terror}, //E_ICMPCODE, 456 {S_NONE, terror}, //E_ICMPMSG, 457 {S_NONE, terror}, //E_EST, 458 {S_NONE, terror}, //E_FLAGS, 459 {S_NONE, terror}, //E_PRECEDENCE, 460 {S_NONE, terror}, //E_PRFLG, 461 {S_NONE, terror}, //E_TOSVAL 462 {S_NONE, terror}, //E_DSCPFLG 463 {S_NONE, terror}, //E_DSCPVAL 464 {S_NONE, terror}, //E_IPOPT, 465 {S_LOCAL, idle}, //E_IGNORE, 466 {S_NONE, terror}, //E_RAWTEXT, 467 }, 468 469 { //S_STDADDR 470 {S_NONE, terror}, //E_ACL 471 {S_NONE, terror}, //E_ACTION 472 {S_DONE, setsany}, //E_ANY 473 {S_GETADDR, setswc}, //E_HOST 474 {S_GETWC, setsAddr}, //E_QUAD 475 {S_NONE, terror}, //E_INTEGER 476 {S_NONE, terror}, //E_EOL 477 {S_NONE, terror}, //E_STD 478 {S_NONE, terror}, //E_EXT 479 {S_DONE, getRemark}, //E_REMARK, 480 {S_NONE, terror}, //E_IP, 481 {S_NONE, terror}, //E_ICMP, 482 {S_NONE, terror}, //E_IGMP, 483 {S_NONE, terror}, //E_UDP, 484 {S_NONE, terror}, //E_TCP, 485 {S_NONE, terror}, //E_PROTO 486 {S_NONE, terror}, //E_PORTUDP, 487 {S_NONE, terror}, //E_PORTTCP, 488 {S_NONE, terror}, //E_PORTIP, 489 {S_NONE, terror}, //E_UNARY, 490 {S_NONE, terror}, //E_BINARY, 491 {S_NONE, terror}, //E_TOS, 492 {S_NONE, terror}, //E_LOG, 493 {S_NONE, terror}, //E_IGMPTYPE, 494 {S_NONE, terror}, //E_ICMPCODE, 495 {S_NONE, terror}, //E_ICMPMSG, 496 {S_NONE, terror}, //E_EST, 497 {S_NONE, terror}, //E_FLAGS, 498 {S_NONE, terror}, //E_PRECEDENCE, 499 {S_NONE, terror}, //E_PRFLG, 500 {S_NONE, terror}, //E_TOSVAL 501 {S_NONE, terror}, //E_DSCPFLG 502 {S_NONE, terror}, //E_DSCPVAL 503 {S_NONE, terror}, //E_IPOPT, 504 {S_LOCAL, idle}, //E_IGNORE, 505 {S_NONE, terror}, //E_RAWTEXT, 506 }, 507 508 { //S_GETADDR 509 {S_NONE, terror}, //E_ACL 510 {S_NONE, terror}, //E_ACTION 511 {S_NONE, terror}, //E_ANY 512 {S_NONE, terror}, //E_HOST 513 {S_DONE, setsAddr}, //E_QUAD 514 {S_NONE, terror}, //E_INTEGER 515 {S_NONE, terror}, //E_EOL 516 {S_NONE, terror}, //E_STD 517 {S_NONE, terror}, //E_EXT 518 {S_DONE, getRemark}, //E_REMARK, 519 {S_NONE, terror}, //E_IP, 520 {S_NONE, terror}, //E_ICMP, 521 {S_NONE, terror}, //E_IGMP, 522 {S_NONE, terror}, //E_UDP, 523 {S_NONE, terror}, //E_TCP, 524 {S_NONE, terror}, //E_PROTO 525 {S_NONE, terror}, //E_PORTUDP, 526 {S_NONE, terror}, //E_PORTTCP, 527 {S_NONE, terror}, //E_PORTIP, 528 {S_NONE, terror}, //E_UNARY, 529 {S_NONE, terror}, //E_BINARY, 530 {S_NONE, terror}, //E_TOS, 531 {S_NONE, terror}, //E_LOG, 532 {S_NONE, terror}, //E_IGMPTYPE, 533 {S_NONE, terror}, //E_ICMPCODE, 534 {S_NONE, terror}, //E_ICMPMSG, 535 {S_NONE, terror}, //E_EST, 536 {S_NONE, terror}, //E_FLAGS, 537 {S_NONE, terror}, //E_PRECEDENCE, 538 {S_NONE, terror}, //E_PRFLG, 539 {S_NONE, terror}, //E_TOSVAL 540 {S_NONE, terror}, //E_DSCPFLG 541 {S_NONE, terror}, //E_DSCPVAL 542 {S_NONE, terror}, //E_IPOPT, 543 {S_LOCAL, idle}, //E_IGNORE, 544 {S_NONE, terror}, //E_RAWTEXT, 545 }, 546 547 { //S_GETWC 548 {S_NONE, terror}, //E_ACL 549 {S_NONE, terror}, //E_ACTION 550 {S_NONE, terror}, //E_ANY 551 {S_NONE, terror}, //E_HOST 552 {S_DONE, setswc}, //E_QUAD 553 {S_NONE, terror}, //E_INTEGER 554 {S_NONE, finished}, //E_EOL 555 {S_NONE, terror}, //E_STD 556 {S_NONE, terror}, //E_EXT 557 {S_DONE, getRemark}, //E_REMARK, 558 {S_NONE, terror}, //E_IP, 559 {S_NONE, terror}, //E_ICMP, 560 {S_NONE, terror}, //E_IGMP, 561 {S_NONE, terror}, //E_UDP, 562 {S_NONE, terror}, //E_TCP, 563 {S_NONE, terror}, //E_PROTO 564 {S_NONE, terror}, //E_PORTUDP, 565 {S_NONE, terror}, //E_PORTTCP, 566 {S_NONE, terror}, //E_PORTIP, 567 {S_NONE, terror}, //E_UNARY, 568 {S_NONE, terror}, //E_BINARY, 569 {S_NONE, terror}, //E_TOS, 570 {S_NONE, terror}, //E_LOG, 571 {S_NONE, terror}, //E_IGMPTYPE, 572 {S_NONE, terror}, //E_ICMPCODE, 573 {S_NONE, terror}, //E_ICMPMSG, 574 {S_NONE, terror}, //E_EST, 575 {S_NONE, terror}, //E_FLAGS, 576 {S_NONE, terror}, //E_PRECEDENCE, 577 {S_NONE, terror}, //E_PRFLG, 578 {S_NONE, terror}, //E_TOSVAL 579 {S_NONE, terror}, //E_DSCPFLG 580 {S_NONE, terror}, //E_DSCPVAL 581 {S_NONE, terror}, //E_IPOPT, 582 {S_LOCAL, idle}, //E_IGNORE, 583 {S_NONE, terror}, //E_RAWTEXT, 584 }, 585 586 { //S_EXTACL 587 {S_NONE, terror}, //E_ACL 588 {S_EXTACL, setAction}, //E_ACTION 589 {S_NONE, terror}, //E_ANY 590 {S_NONE, terror}, //E_HOST 591 {S_NONE, terror}, //E_QUAD 592 {S_EXTSADDR, setProto}, //E_INTEGER 593 {S_NONE, terror}, //E_EOL 594 {S_NONE, terror}, //E_STD 595 {S_NONE, terror}, //E_EXT 596 {S_DONE, getRemark}, //E_REMARK, 597 {S_EXTSADDR, setProto}, //E_IP, 598 {S_EXTSADDR, setProto}, //E_ICMP, 599 {S_EXTSADDR, setProto}, //E_IGMP, 600 {S_EXTSADDR, setProto}, //E_UDP, 601 {S_EXTSADDR, setProto}, //E_TCP, 602 {S_EXTSADDR, setProto}, //E_PROTO 603 {S_NONE, terror}, //E_PORTUDP, 604 {S_NONE, terror}, //E_PORTTCP, 605 {S_NONE, terror}, //E_PORTIP, 606 {S_NONE, terror}, //E_UNARY, 607 {S_NONE, terror}, //E_BINARY, 608 {S_NONE, terror}, //E_TOS, 609 {S_NONE, terror}, //E_LOG, 610 {S_NONE, terror}, //E_IGMPTYPE, 611 {S_NONE, terror}, //E_ICMPCODE, 612 {S_NONE, terror}, //E_ICMPMSG, 613 {S_NONE, terror}, //E_EST, 614 {S_NONE, terror}, //E_FLAGS, 615 {S_NONE, terror}, //E_PRECEDENCE, 616 {S_NONE, terror}, //E_PRFLG, 617 {S_NONE, terror}, //E_TOSVAL 618 {S_NONE, terror}, //E_DSCPFLG 619 {S_NONE, terror}, //E_DSCPVAL 620 {S_NONE, terror}, //E_IPOPT, 621 {S_LOCAL, idle}, //E_IGNORE, 622 {S_EXTSADDR, setProto}, //E_RAWTEXT, 623 }, 624 625 { //S_EXTSADDR 626 {S_NONE, terror}, //E_ACL 627 {S_NONE, terror}, //E_ACTION 628 {S_EXTSPORT, setsany}, //E_ANY 629 {S_EXTGETSADDR, setswc}, //E_HOST 630 {S_EXTGETSWC, setsAddr}, //E_QUAD 631 {S_NONE, terror}, //E_INTEGER 632 {S_NONE, terror}, //E_EOL 633 {S_NONE, terror}, //E_STD 634 {S_NONE, terror}, //E_EXT 635 {S_DONE, getRemark}, //E_REMARK, 636 {S_NONE, terror}, //E_IP, 637 {S_NONE, terror}, //E_ICMP, 638 {S_NONE, terror}, //E_IGMP, 639 {S_NONE, terror}, //E_UDP, 640 {S_NONE, terror}, //E_TCP, 641 {S_NONE, terror}, //E_PROTO 642 {S_NONE, terror}, //E_PORTUDP, 643 {S_NONE, terror}, //E_PORTTCP, 644 {S_NONE, terror}, //E_PORTIP, 645 {S_NONE, terror}, //E_UNARY, 646 {S_NONE, terror}, //E_BINARY, 647 {S_NONE, terror}, //E_TOS, 648 {S_NONE, terror}, //E_LOG, 649 {S_NONE, terror}, //E_IGMPTYPE, 650 {S_NONE, terror}, //E_ICMPCODE, 651 {S_NONE, terror}, //E_ICMPMSG, 652 {S_NONE, terror}, //E_EST, 653 {S_NONE, terror}, //E_FLAGS, 654 {S_NONE, terror}, //E_PRECEDENCE, 655 {S_NONE, terror}, //E_PRFLG, 656 {S_NONE, terror}, //E_TOSVAL 657 {S_NONE, terror}, //E_DSCPFLG 658 {S_NONE, terror}, //E_DSCPVAL 659 {S_NONE, terror}, //E_IPOPT, 660 {S_LOCAL, idle}, //E_IGNORE, 661 {S_NONE, terror}, //E_RAWTEXT, 662 }, 663 664 { //S_EXTGETSWC 665 {S_NONE, terror}, //E_ACL 666 {S_NONE, terror}, //E_ACTION 667 {S_NONE, terror}, //E_ANY 668 {S_NONE, terror}, //E_HOST 669 {S_EXTSPORT, setswc}, //E_QUAD 670 {S_NONE, terror}, //E_INTEGER 671 {S_NONE, terror}, //E_EOL 672 {S_NONE, terror}, //E_STD 673 {S_NONE, terror}, //E_EXT 674 {S_DONE, getRemark}, //E_REMARK, 675 {S_NONE, terror}, //E_IP, 676 {S_NONE, terror}, //E_ICMP, 677 {S_NONE, terror}, //E_IGMP, 678 {S_NONE, terror}, //E_UDP, 679 {S_NONE, terror}, //E_TCP, 680 {S_NONE, terror}, //E_PROTO 681 {S_NONE, terror}, //E_PORTUDP, 682 {S_NONE, terror}, //E_PORTTCP, 683 {S_NONE, terror}, //E_PORTIP, 684 {S_NONE, terror}, //E_UNARY, 685 {S_NONE, terror}, //E_BINARY, 686 {S_NONE, terror}, //E_TOS, 687 {S_NONE, terror}, //E_LOG, 688 {S_NONE, terror}, //E_IGMPTYPE, 689 {S_NONE, terror}, //E_ICMPCODE, 690 {S_NONE, terror}, //E_ICMPMSG, 691 {S_NONE, terror}, //E_EST, 692 {S_NONE, terror}, //E_FLAGS, 693 {S_NONE, terror}, //E_PRECEDENCE, 694 {S_NONE, terror}, //E_PRFLG, 695 {S_NONE, terror}, //E_TOSVAL 696 {S_NONE, terror}, //E_DSCPFLG 697 {S_NONE, terror}, //E_DSCPVAL 698 {S_NONE, terror}, //E_IPOPT, 699 {S_LOCAL, idle}, //E_IGNORE, 700 {S_NONE, terror}, //E_RAWTEXT, 701 }, 702 703 { //S_EXTGETSADDR 704 {S_NONE, terror}, //E_ACL 705 {S_NONE, terror}, //E_ACTION 706 {S_NONE, terror}, //E_ANY 707 {S_NONE, terror}, //E_HOST 708 {S_EXTSPORT, setsAddr}, //E_QUAD 709 {S_NONE, terror}, //E_INTEGER 710 {S_NONE, terror}, //E_EOL 711 {S_NONE, terror}, //E_STD 712 {S_NONE, terror}, //E_EXT 713 {S_DONE, getRemark}, //E_REMARK, 714 {S_NONE, terror}, //E_IP, 715 {S_NONE, terror}, //E_ICMP, 716 {S_NONE, terror}, //E_IGMP, 717 {S_NONE, terror}, //E_UDP, 718 {S_NONE, terror}, //E_TCP, 719 {S_NONE, terror}, //E_PROTO 720 {S_NONE, terror}, //E_PORTUDP, 721 {S_NONE, terror}, //E_PORTTCP, 722 {S_NONE, terror}, //E_PORTIP, 723 {S_NONE, terror}, //E_UNARY, 724 {S_NONE, terror}, //E_BINARY, 725 {S_NONE, terror}, //E_TOS, 726 {S_NONE, terror}, //E_LOG, 727 {S_NONE, terror}, //E_IGMPTYPE, 728 {S_NONE, terror}, //E_ICMPCODE, 729 {S_NONE, terror}, //E_ICMPMSG, 730 {S_NONE, terror}, //E_EST, 731 {S_NONE, terror}, //E_FLAGS, 732 {S_NONE, terror}, //E_PRECEDENCE, 733 {S_NONE, terror}, //E_PRFLG, 734 {S_NONE, terror}, //E_TOSVAL 735 {S_NONE, terror}, //E_DSCPFLG 736 {S_NONE, terror}, //E_DSCPVAL 737 {S_NONE, terror}, //E_IPOPT, 738 {S_LOCAL, idle}, //E_IGNORE, 739 {S_NONE, terror}, //E_RAWTEXT, 740 }, 741 742 { //S_EXTSPORT 743 {S_NONE, terror}, //E_ACL 744 {S_NONE, terror}, //E_ACTION 745 {S_EXTDPORT, setdany}, //E_ANY 746 {S_EXTGETDADDR, setdwc}, //E_HOST 747 {S_EXTGETDWC, setdAddr}, //E_QUAD 748 {S_NONE, terror}, //E_INTEGER 749 {S_NONE, terror}, //E_EOL 750 {S_NONE, terror}, //E_STD 751 {S_NONE, terror}, //E_EXT 752 {S_DONE, getRemark}, //E_REMARK, 753 {S_NONE, terror}, //E_IP, 754 {S_NONE, terror}, //E_ICMP, 755 {S_NONE, terror}, //E_IGMP, 756 {S_NONE, terror}, //E_UDP, 757 {S_NONE, terror}, //E_TCP, 758 {S_NONE, terror}, //E_PROTO 759 {S_NONE, terror}, //E_PORTUDP, 760 {S_NONE, terror}, //E_PORTTCP, 761 {S_NONE, terror}, //E_PORTIP, 762 {S_EXTGETSPORT, setsrel}, //E_UNARY, 763 {S_EXTGETSPORT1, setsrel}, //E_BINARY, 764 {S_NONE, terror}, //E_TOS, 765 {S_NONE, terror}, //E_LOG, 766 {S_NONE, terror}, //E_IGMPTYPE, 767 {S_NONE, terror}, //E_ICMPCODE, 768 {S_NONE, terror}, //E_ICMPMSG, 769 {S_NONE, terror}, //E_EST, 770 {S_NONE, terror}, //E_FLAGS, 771 {S_NONE, terror}, //E_PRECEDENCE, 772 {S_NONE, terror}, //E_PRFLG, 773 {S_NONE, terror}, //E_TOSVAL 774 {S_NONE, terror}, //E_DSCPFLG 775 {S_NONE, terror}, //E_DSCPVAL 776 {S_NONE, terror}, //E_IPOPT, 777 {S_LOCAL, idle}, //E_IGNORE, 778 {S_NONE, terror}, //E_RAWTEXT, 779 }, 780 781 { //S_EXTGETSPORT 782 {S_NONE, terror}, //E_ACL 783 {S_NONE, terror}, //E_ACTION 784 {S_NONE, terror}, //E_ANY 785 {S_NONE, terror}, //E_HOST 786 {S_NONE, terror}, //E_QUAD 787 {S_EXTDADDR, setsport}, //E_INTEGER 788 {S_NONE, terror}, //E_EOL 789 {S_NONE, terror}, //E_STD 790 {S_NONE, terror}, //E_EXT 791 {S_DONE, getRemark}, //E_REMARK, 792 {S_NONE, terror}, //E_IP, 793 {S_NONE, terror}, //E_ICMP, 794 {S_NONE, terror}, //E_IGMP, 795 {S_NONE, terror}, //E_UDP, 796 {S_NONE, terror}, //E_TCP, 797 {S_NONE, terror}, //E_PROTO 798 {S_EXTDADDR, setsportname}, //E_PORTUDP, 799 {S_EXTDADDR, setsportname}, //E_PORTTCP, 800 {S_EXTDADDR, setsportname}, //E_PORTIP, 801 {S_NONE, terror}, //E_UNARY, 802 {S_NONE, terror}, //E_BINARY, 803 {S_NONE, terror}, //E_TOS, 804 {S_NONE, terror}, //E_LOG, 805 {S_NONE, terror}, //E_IGMPTYPE, 806 {S_NONE, terror}, //E_ICMPCODE, 807 {S_NONE, terror}, //E_ICMPMSG, 808 {S_NONE, terror}, //E_EST, 809 {S_NONE, terror}, //E_FLAGS, 810 {S_NONE, terror}, //E_PRECEDENCE, 811 {S_NONE, terror}, //E_PRFLG, 812 {S_NONE, terror}, //E_TOSVAL 813 {S_NONE, terror}, //E_DSCPFLG 814 {S_NONE, terror}, //E_DSCPVAL 815 {S_NONE, terror}, //E_IPOPT, 816 {S_LOCAL, idle}, //E_IGNORE, 817 {S_EXTDADDR, setsportname}, //E_RAWTEXT, 818 }, 819 820 { //S_EXTGETSPORT1 821 {S_NONE, terror}, //E_ACL 822 {S_NONE, terror}, //E_ACTION 823 {S_NONE, terror}, //E_ANY 824 {S_NONE, terror}, //E_HOST 825 {S_NONE, terror}, //E_QUAD 826 {S_EXTGETSPORT2, setsport}, //E_INTEGER 827 {S_NONE, terror}, //E_EOL 828 {S_NONE, terror}, //E_STD 829 {S_NONE, terror}, //E_EXT 830 {S_DONE, getRemark}, //E_REMARK, 831 {S_NONE, terror}, //E_IP, 832 {S_NONE, terror}, //E_ICMP, 833 {S_NONE, terror}, //E_IGMP, 834 {S_NONE, terror}, //E_UDP, 835 {S_NONE, terror}, //E_TCP, 836 {S_NONE, terror}, //E_PROTO 837 {S_NONE, terror}, //E_PORTUDP, 838 {S_NONE, terror}, //E_PORTTCP, 839 {S_NONE, terror}, //E_PORTIP, 840 {S_NONE, terror}, //E_UNARY, 841 {S_NONE, terror}, //E_BINARY, 842 {S_NONE, terror}, //E_TOS, 843 {S_NONE, terror}, //E_LOG, 844 {S_NONE, terror}, //E_IGMPTYPE, 845 {S_NONE, terror}, //E_ICMPCODE, 846 {S_NONE, terror}, //E_ICMPMSG, 847 {S_NONE, terror}, //E_EST, 848 {S_NONE, terror}, //E_FLAGS, 849 {S_NONE, terror}, //E_PRECEDENCE, 850 {S_NONE, terror}, //E_PRFLG, 851 {S_NONE, terror}, //E_TOSVAL 852 {S_NONE, terror}, //E_DSCPFLG 853 {S_NONE, terror}, //E_DSCPVAL 854 {S_NONE, terror}, //E_IPOPT, 855 {S_LOCAL, idle}, //E_IGNORE, 856 {S_NONE, terror}, //E_RAWTEXT, 857 }, 858 859 { //S_EXTGETSPORT2 860 {S_NONE, terror}, //E_ACL 861 {S_NONE, terror}, //E_ACTION 862 {S_NONE, terror}, //E_ANY 863 {S_NONE, terror}, //E_HOST 864 {S_NONE, terror}, //E_QUAD 865 {S_EXTDADDR, setsport2}, //E_INTEGER 866 {S_NONE, terror}, //E_EOL 867 {S_NONE, terror}, //E_STD 868 {S_NONE, terror}, //E_EXT 869 {S_DONE, getRemark}, //E_REMARK, 870 {S_NONE, terror}, //E_IP, 871 {S_NONE, terror}, //E_ICMP, 872 {S_NONE, terror}, //E_IGMP, 873 {S_NONE, terror}, //E_UDP, 874 {S_NONE, terror}, //E_TCP, 875 {S_NONE, terror}, //E_PROTO 876 {S_NONE, terror}, //E_PORTUDP, 877 {S_NONE, terror}, //E_PORTTCP, 878 {S_NONE, terror}, //E_PORTIP, 879 {S_NONE, terror}, //E_UNARY, 880 {S_NONE, terror}, //E_BINARY, 881 {S_NONE, terror}, //E_TOS, 882 {S_NONE, terror}, //E_LOG, 883 {S_NONE, terror}, //E_IGMPTYPE, 884 {S_NONE, terror}, //E_ICMPCODE, 885 {S_NONE, terror}, //E_ICMPMSG, 886 {S_NONE, terror}, //E_EST, 887 {S_NONE, terror}, //E_FLAGS, 888 {S_NONE, terror}, //E_PRECEDENCE, 889 {S_NONE, terror}, //E_PRFLG, 890 {S_NONE, terror}, //E_TOSVAL 891 {S_NONE, terror}, //E_DSCPFLG 892 {S_NONE, terror}, //E_DSCPVAL 893 {S_NONE, terror}, //E_IPOPT, 894 {S_LOCAL, idle}, //E_IGNORE, 895 {S_NONE, terror}, //E_RAWTEXT, 896 }, 897 898 { //S_EXTDADDR 899 {S_NONE, terror}, //E_ACL 900 {S_NONE, terror}, //E_ACTION 901 {S_EXTDPORT, setdany}, //E_ANY 902 {S_EXTGETDADDR, setdwc}, //E_HOST 903 {S_EXTGETDWC, setdAddr}, //E_QUAD 904 {S_NONE, terror}, //E_INTEGER 905 {S_NONE, terror}, //E_EOL 906 {S_NONE, terror}, //E_STD 907 {S_NONE, terror}, //E_EXT 908 {S_DONE, getRemark}, //E_REMARK, 909 {S_NONE, terror}, //E_IP, 910 {S_NONE, terror}, //E_ICMP, 911 {S_NONE, terror}, //E_IGMP, 912 {S_NONE, terror}, //E_UDP, 913 {S_NONE, terror}, //E_TCP, 914 {S_NONE, terror}, //E_PROTO 915 {S_NONE, terror}, //E_PORTUDP, 916 {S_NONE, terror}, //E_PORTTCP, 917 {S_NONE, terror}, //E_PORTIP, 918 {S_NONE, terror}, //E_UNARY, 919 {S_NONE, terror}, //E_BINARY, 920 {S_NONE, terror}, //E_TOS, 921 {S_NONE, terror}, //E_LOG, 922 {S_NONE, terror}, //E_IGMPTYPE, 923 {S_NONE, terror}, //E_ICMPCODE, 924 {S_NONE, terror}, //E_ICMPMSG, 925 {S_NONE, terror}, //E_EST, 926 {S_NONE, terror}, //E_FLAGS, 927 {S_NONE, terror}, //E_PRECEDENCE, 928 {S_NONE, terror}, //E_PRFLG, 929 {S_NONE, terror}, //E_TOSVAL 930 {S_NONE, terror}, //E_DSCPFLG 931 {S_NONE, terror}, //E_DSCPVAL 932 {S_NONE, terror}, //E_IPOPT, 933 {S_LOCAL, idle}, //E_IGNORE, 934 {S_NONE, terror}, //E_RAWTEXT, 935 }, 936 937 { //S_EXTGETDWC 938 {S_NONE, terror}, //E_ACL 939 {S_NONE, terror}, //E_ACTION 940 {S_NONE, terror}, //E_ANY 941 {S_NONE, terror}, //E_HOST 942 {S_EXTDPORT, setdwc}, //E_QUAD 943 {S_NONE, terror}, //E_INTEGER 944 {S_NONE, terror}, //E_EOL 945 {S_NONE, terror}, //E_STD 946 {S_NONE, terror}, //E_EXT 947 {S_DONE, getRemark}, //E_REMARK, 948 {S_NONE, terror}, //E_IP, 949 {S_NONE, terror}, //E_ICMP, 950 {S_NONE, terror}, //E_IGMP, 951 {S_NONE, terror}, //E_UDP, 952 {S_NONE, terror}, //E_TCP, 953 {S_NONE, terror}, //E_PROTO 954 {S_NONE, terror}, //E_PORTUDP, 955 {S_NONE, terror}, //E_PORTTCP, 956 {S_NONE, terror}, //E_PORTIP, 957 {S_NONE, terror}, //E_UNARY, 958 {S_NONE, terror}, //E_BINARY, 959 {S_NONE, terror}, //E_TOS, 960 {S_NONE, terror}, //E_LOG, 961 {S_NONE, terror}, //E_IGMPTYPE, 962 {S_NONE, terror}, //E_ICMPCODE, 963 {S_NONE, terror}, //E_ICMPMSG, 964 {S_NONE, terror}, //E_EST, 965 {S_NONE, terror}, //E_FLAGS, 966 {S_NONE, terror}, //E_PRECEDENCE, 967 {S_NONE, terror}, //E_PRFLG, 968 {S_NONE, terror}, //E_TOSVAL 969 {S_NONE, terror}, //E_DSCPFLG 970 {S_NONE, terror}, //E_DSCPVAL 971 {S_NONE, idle}, //E_IPOPT, 972 {S_LOCAL, idle}, //E_IGNORE, 973 {S_NONE, terror}, //E_RAWTEXT, 974 }, 975 976 { //S_EXTGETDADDR 977 {S_NONE, terror}, //E_ACL 978 {S_NONE, terror}, //E_ACTION 979 {S_NONE, terror}, //E_ANY 980 {S_NONE, terror}, //E_HOST 981 {S_EXTDPORT, setdAddr}, //E_QUAD 982 {S_NONE, terror}, //E_INTEGER 983 {S_NONE, terror}, //E_EOL 984 {S_NONE, terror}, //E_STD 985 {S_NONE, terror}, //E_EXT 986 {S_DONE, getRemark}, //E_REMARK, 987 {S_NONE, terror}, //E_IP, 988 {S_NONE, terror}, //E_ICMP, 989 {S_NONE, terror}, //E_IGMP, 990 {S_NONE, terror}, //E_UDP, 991 {S_NONE, terror}, //E_TCP, 992 {S_NONE, terror}, //E_PROTO 993 {S_NONE, terror}, //E_PORTUDP, 994 {S_NONE, terror}, //E_PORTTCP, 995 {S_NONE, terror}, //E_PORTIP, 996 {S_NONE, terror}, //E_UNARY, 997 {S_NONE, terror}, //E_BINARY, 998 {S_NONE, terror}, //E_TOS, 999 {S_NONE, terror}, //E_LOG, 1000 {S_NONE, terror}, //E_IGMPTYPE, 1001 {S_NONE, terror}, //E_ICMPCODE, 1002 {S_NONE, terror}, //E_ICMPMSG, 1003 {S_NONE, terror}, //E_EST, 1004 {S_NONE, terror}, //E_FLAGS, 1005 {S_NONE, terror}, //E_PRECEDENCE, 1006 {S_NONE, terror}, //E_PRFLG, 1007 {S_NONE, terror}, //E_TOSVAL 1008 {S_NONE, terror}, //E_DSCPFLG 1009 {S_NONE, terror}, //E_DSCPVAL 1010 {S_NONE, terror}, //E_IPOPT, 1011 {S_LOCAL, idle}, //E_IGNORE, 1012 {S_NONE, terror}, //E_RAWTEXT, 1013 }, 1014 1015 { //S_EXTDPORT 1016 {S_NONE, terror}, //E_ACL 1017 {S_NONE, terror}, //E_ACTION 1018 {S_NONE, terror}, //E_ANY 1019 {S_NONE, terror}, //E_HOST 1020 {S_NONE, terror}, //E_QUAD 1021 {S_LOCAL, setProtoParameter}, //E_INTEGER 1022 {S_NONE, terror}, //E_EOL 1023 {S_NONE, terror}, //E_STD 1024 {S_NONE, terror}, //E_EXT 1025 {S_DONE, getRemark}, //E_REMARK, 1026 {S_NONE, terror}, //E_IP, 1027 {S_NONE, terror}, //E_ICMP, 1028 {S_NONE, terror}, //E_IGMP, 1029 {S_NONE, terror}, //E_UDP, 1030 {S_NONE, terror}, //E_TCP, 1031 {S_TAGS, setIGMP}, //E_PROTO This might be PIMv1 in an IGMP packet 1032 {S_NONE, terror}, //E_PORTUDP, 1033 {S_NONE, terror}, //E_PORTTCP, 1034 {S_NONE, terror}, //E_PORTIP, 1035 {S_EXTGETDPORT, setdrel}, //E_UNARY, 1036 {S_EXTGETDPORT1, setdrel}, //E_BINARY, 1037 {S_TAGS, flagTOS}, //E_TOS, 1038 {S_TAGS, flagLog}, //E_LOG, 1039 {S_TAGS, setIGMP}, //E_IGMPTYPE, 1040 {S_TAGS, setICMPcode}, //E_ICMPCODE, 1041 {S_TAGS, setICMPmsg}, //E_ICMPMSG, 1042 {S_TAGS, setEst}, //E_EST, 1043 {S_TAGS, setTCPflag}, //E_FLAGS, 1044 {S_TAGS, setPrecValue}, //E_PRECEDENCE, 1045 {S_TAGS, flagPrecedence}, //E_PRFLG, 1046 {S_TAGS, setTOSvalue}, //E_TOSVAL 1047 {S_TAGS, flagDSCP}, //E_DSCPFLG 1048 {S_TAGS, setDSCPvalue}, //E_DSCPVAL 1049 {S_LOCAL, idle}, //E_IPOPT, 1050 {S_LOCAL, idle}, //E_IGNORE, 1051 {S_NONE, terror}, //E_RAWTEXT, 1052 }, 1053 1054 { //S_EXTGETDPORT 1055 {S_NONE, terror}, //E_ACL 1056 {S_NONE, terror}, //E_ACTION 1057 {S_NONE, terror}, //E_ANY 1058 {S_NONE, terror}, //E_HOST 1059 {S_NONE, terror}, //E_QUAD 1060 {S_TAGS, setdport}, //E_INTEGER 1061 {S_DONE, finished}, //E_EOL 1062 {S_NONE, terror}, //E_STD 1063 {S_NONE, terror}, //E_EXT 1064 {S_DONE, getRemark}, //E_REMARK, 1065 {S_NONE, terror}, //E_IP, 1066 {S_NONE, terror}, //E_ICMP, 1067 {S_NONE, terror}, //E_IGMP, 1068 {S_NONE, terror}, //E_UDP, 1069 {S_NONE, terror}, //E_TCP, 1070 {S_NONE, terror}, //E_PROTO 1071 {S_TAGS, setdportname}, //E_PORTUDP, 1072 {S_TAGS, setdportname}, //E_PORTTCP, 1073 {S_TAGS, setdportname}, //E_PORTIP, 1074 {S_NONE, terror}, //E_UNARY, 1075 {S_NONE, terror}, //E_BINARY, 1076 {S_NONE, terror}, //E_TOS, 1077 {S_NONE, terror}, //E_LOG, 1078 {S_NONE, terror}, //E_IGMPTYPE, 1079 {S_NONE, terror}, //E_ICMPCODE, 1080 {S_NONE, terror}, //E_ICMPMSG, 1081 {S_NONE, terror}, //E_EST, 1082 {S_NONE, terror}, //E_FLAGS, 1083 {S_NONE, terror}, //E_PRECEDENCE, 1084 {S_NONE, terror}, //E_PRFLG, 1085 {S_NONE, terror}, //E_TOSVAL 1086 {S_NONE, terror}, //E_DSCPFLG 1087 {S_NONE, terror}, //E_DSCPVAL 1088 {S_NONE, idle}, //E_IPOPT, 1089 {S_LOCAL, idle}, //E_IGNORE, 1090 {S_TAGS, setdportname}, //E_RAWTEXT, 1091 }, 1092 1093 { //S_EXTGETDPORT1 1094 {S_NONE, terror}, //E_ACL 1095 {S_NONE, terror}, //E_ACTION 1096 {S_NONE, terror}, //E_ANY 1097 {S_NONE, terror}, //E_HOST 1098 {S_NONE, terror}, //E_QUAD 1099 {S_EXTGETDPORT2, setdport}, //E_INTEGER 1100 {S_NONE, terror}, //E_EOL 1101 {S_NONE, terror}, //E_STD 1102 {S_NONE, terror}, //E_EXT 1103 {S_DONE, getRemark}, //E_REMARK, 1104 {S_NONE, terror}, //E_IP, 1105 {S_NONE, terror}, //E_ICMP, 1106 {S_NONE, terror}, //E_IGMP, 1107 {S_NONE, terror}, //E_UDP, 1108 {S_NONE, terror}, //E_TCP, 1109 {S_NONE, terror}, //E_PROTO 1110 {S_NONE, terror}, //E_PORTUDP, 1111 {S_NONE, terror}, //E_PORTTCP, 1112 {S_NONE, terror}, //E_PORTIP, 1113 {S_NONE, terror}, //E_UNARY, 1114 {S_NONE, terror}, //E_BINARY, 1115 {S_NONE, terror}, //E_TOS, 1116 {S_NONE, terror}, //E_LOG, 1117 {S_NONE, terror}, //E_IGMPTYPE, 1118 {S_NONE, terror}, //E_ICMPCODE, 1119 {S_NONE, terror}, //E_ICMPMSG, 1120 {S_NONE, terror}, //E_EST, 1121 {S_NONE, terror}, //E_FLAGS, 1122 {S_NONE, terror}, //E_PRECEDENCE, 1123 {S_NONE, terror}, //E_PRFLG, 1124 {S_NONE, terror}, //E_TOSVAL 1125 {S_NONE, terror}, //E_DSCPFLG 1126 {S_NONE, terror}, //E_DSCPVAL 1127 {S_NONE, terror}, //E_IPOPT, 1128 {S_LOCAL, idle}, //E_IGNORE, 1129 {S_NONE, terror}, //E_RAWTEXT, 1130 }, 1131 1132 { //S_EXTGETDPORT2 1133 {S_NONE, terror}, //E_ACL 1134 {S_NONE, terror}, //E_ACTION 1135 {S_NONE, terror}, //E_ANY 1136 {S_NONE, terror}, //E_HOST 1137 {S_NONE, terror}, //E_QUAD 1138 {S_TAGS, setdport2}, //E_INTEGER 1139 {S_NONE, terror}, //E_EOL 1140 {S_NONE, terror}, //E_STD 1141 {S_NONE, terror}, //E_EXT 1142 {S_DONE, getRemark}, //E_REMARK, 1143 {S_NONE, terror}, //E_IP, 1144 {S_NONE, terror}, //E_ICMP, 1145 {S_NONE, terror}, //E_IGMP, 1146 {S_NONE, terror}, //E_UDP, 1147 {S_NONE, terror}, //E_TCP, 1148 {S_NONE, terror}, //E_PROTO 1149 {S_NONE, terror}, //E_PORTUDP, 1150 {S_NONE, terror}, //E_PORTTCP, 1151 {S_NONE, terror}, //E_PORTIP, 1152 {S_NONE, terror}, //E_UNARY, 1153 {S_NONE, terror}, //E_BINARY, 1154 {S_NONE, terror}, //E_TOS, 1155 {S_NONE, terror}, //E_LOG, 1156 {S_NONE, terror}, //E_IGMPTYPE, 1157 {S_NONE, terror}, //E_ICMPCODE, 1158 {S_NONE, terror}, //E_ICMPMSG, 1159 {S_NONE, terror}, //E_EST, 1160 {S_NONE, terror}, //E_FLAGS, 1161 {S_NONE, terror}, //E_PRECEDENCE, 1162 {S_NONE, terror}, //E_PRFLG, 1163 {S_NONE, terror}, //E_TOSVAL 1164 {S_NONE, terror}, //E_DSCPFLG 1165 {S_NONE, terror}, //E_DSCPVAL 1166 {S_NONE, terror}, //E_IPOPT, 1167 {S_LOCAL, idle}, //E_IGNORE, 1168 {S_NONE, terror}, //E_RAWTEXT, 1169 }, 1170 1171 { //S_TAGS 1172 {S_NONE, terror}, //E_ACL 1173 {S_NONE, terror}, //E_ACTION 1174 {S_NONE, terror}, //E_ANY 1175 {S_NONE, terror}, //E_HOST 1176 {S_NONE, terror}, //E_QUAD 1177 {S_NONE, terror}, //E_INTEGER 1178 {S_DONE, finished}, //E_EOL 1179 {S_NONE, terror}, //E_STD 1180 {S_NONE, terror}, //E_EXT 1181 {S_DONE, getRemark}, //E_REMARK, 1182 {S_NONE, terror}, //E_IP, 1183 {S_NONE, terror}, //E_ICMP, 1184 {S_NONE, terror}, //E_IGMP, 1185 {S_NONE, terror}, //E_UDP, 1186 {S_NONE, terror}, //E_TCP, 1187 {S_TAGS, setIGMP}, //E_PROTO this could be PIMv1 in an IGMP packet 1188 {S_NONE, terror}, //E_PORTUDP, 1189 {S_NONE, terror}, //E_PORTTCP, 1190 {S_NONE, terror}, //E_PORTIP, 1191 {S_NONE, terror}, //E_UNARY, 1192 {S_NONE, terror}, //E_BINARY, 1193 {S_TAGS, flagTOS}, //E_TOS, 1194 {S_TAGS, flagLog}, //E_LOG, 1195 {S_TAGS, setIGMP}, //E_IGMPTYPE, 1196 {S_TAGS, setICMPcode}, //E_ICMPCODE, 1197 {S_TAGS, setICMPmsg}, //E_ICMPMSG, 1198 {S_TAGS, setEst}, //E_EST, 1199 {S_TAGS, setTCPflag}, //E_FLAGS, 1200 {S_TAGS, setPrecValue}, //E_PRECEDENCE, 1201 {S_TAGS, flagPrecedence}, //E_PRFLG, 1202 {S_TAGS, setTOSvalue}, //E_TOSVAL 1203 {S_TAGS, flagDSCP}, //E_DSCPFLG 1204 {S_TAGS, setDSCPvalue}, //E_DSCPVAL 1205 {S_LOCAL, idle}, //E_IPOPT, 1206 {S_LOCAL, idle}, //E_IGNORE, 1207 {S_NONE, terror}, //E_RAWTEXT, 1208 }, 1209 1210 { //S_NAMACL 1211 {S_NAMACL, initACL}, //E_ACL 1212 {S_NONE, terror}, //E_ACTION 1213 {S_NONE, terror}, //E_ANY 1214 {S_NONE, terror}, //E_HOST 1215 {S_NONE, terror}, //E_QUAD 1216 {S_NONE, terror}, //E_INTEGER 1217 {S_NONE, terror}, //E_EOL 1218 {S_NAMACL, idle}, //E_STD 1219 {S_NAMACL, idle}, //E_EXT 1220 {S_DONE, getRemark}, //E_REMARK, 1221 {S_NONE, terror}, //E_IP, 1222 {S_NONE, terror}, //E_ICMP, 1223 {S_NONE, terror}, //E_IGMP, 1224 {S_NONE, terror}, //E_UDP, 1225 {S_NONE, terror}, //E_TCP, 1226 {S_NONE, terror}, //E_PROTO 1227 {S_NONE, terror}, //E_PORTUDP, 1228 {S_NONE, terror}, //E_PORTTCP, 1229 {S_NONE, terror}, //E_PORTIP, 1230 {S_NONE, terror}, //E_UNARY, 1231 {S_NONE, terror}, //E_BINARY, 1232 {S_NONE, terror}, //E_TOS, 1233 {S_NONE, terror}, //E_LOG, 1234 {S_NONE, terror}, //E_IGMPTYPE, 1235 {S_NONE, terror}, //E_ICMPCODE, 1236 {S_NONE, terror}, //E_ICMPMSG, 1237 {S_NONE, terror}, //E_EST, 1238 {S_NONE, terror}, //E_FLAGS, 1239 {S_NONE, terror}, //E_PRECEDENCE, 1240 {S_NONE, terror}, //E_PRFLG, 1241 {S_NONE, terror}, //E_TOSVAL 1242 {S_NONE, terror}, //E_DSCPFLG 1243 {S_NONE, terror}, //E_DSCPVAL 1244 {S_NONE, terror}, //E_IPOPT, 1245 {S_LOCAL, idle}, //E_IGNORE, 1246 {S_DONE, saveName}, //E_RAWTEXT, 1247 }, 1248 1249 { //S_DONE 1250 {S_LOCAL, idle}, //E_ACL 1251 {S_LOCAL, idle}, //E_ACTION 1252 {S_LOCAL, idle}, //E_ANY 1253 {S_LOCAL, idle}, //E_HOST 1254 {S_LOCAL, idle}, //E_QUAD 1255 {S_LOCAL, idle}, //E_INTEGER 1256 {S_DONE, finished}, //E_EOL 1257 {S_LOCAL, idle}, //E_STD 1258 {S_LOCAL, idle}, //E_EXT 1259 {S_DONE, idle}, //E_REMARK, 1260 {S_LOCAL, idle}, //E_IP, 1261 {S_LOCAL, idle}, //E_ICMP, 1262 {S_LOCAL, idle}, //E_IGMP, 1263 {S_LOCAL, idle}, //E_UDP, 1264 {S_LOCAL, idle}, //E_TCP, 1265 {S_LOCAL, idle}, //E_PROTO 1266 {S_LOCAL, idle}, //E_PORTUDP, 1267 {S_LOCAL, idle}, //E_PORTTCP, 1268 {S_LOCAL, idle}, //E_PORTIP, 1269 {S_LOCAL, idle}, //E_UNARY, 1270 {S_LOCAL, idle}, //E_BINARY, 1271 {S_LOCAL, idle}, //E_TOS, 1272 {S_LOCAL, idle}, //E_LOG, 1273 {S_LOCAL, idle}, //E_IGMPTYPE, 1274 {S_LOCAL, idle}, //E_ICMPCODE, 1275 {S_LOCAL, idle}, //E_ICMPMSG, 1276 {S_LOCAL, idle}, //E_EST, 1277 {S_LOCAL, idle}, //E_FLAGS, 1278 {S_LOCAL, idle}, //E_PRECEDENCE, 1279 {S_LOCAL, idle}, //E_PRFLG, 1280 {S_LOCAL, idle}, //E_TOSVAL 1281 {S_LOCAL, idle}, //E_DSCPFLG 1282 {S_LOCAL, idle}, //E_DSCPVAL 1283 {S_LOCAL, idle}, //E_IPOPT, 1284 {S_LOCAL, idle}, //E_IGNORE, 1285 {S_LOCAL, idle}, //E_RAWTEXT, 1286 }, 1287 }; 1288 1289 1290 1291 /********************************************************************************************* 1292 * There are many things that can appear in an ACL entry 1293 * At the end of the day they fall into only a few general categories 1294 * Integer port and protocol numbers are the most common 1295 * Quad IP addresses and wildcards 1296 * Text port names, protocol names, ICMP codes and options, 1297 * Metavalues any, host, IP, access-list, log, etc. 1298 * Relational Operators 1299 * Unary lt, eq, ne, gt 1300 * binary range 1301 * 1302 * Any input symbol that isn't an integer or a quad is tokenized according to this structure 1303 * which may be a candidate for a representation that is more efficient than O(n) 1304 * 1305 * Three elements to the structure: the string, its length for strnlen, the output token 1306 ***********************************************************************************************/ 1307 1308 typedef struct { 1309 char *symbol; 1310 int len; 1311 events_t token; 1312 } str_t; 1313 1314 str_t strings[] = { 1315 {"access-list", 11, E_ACL}, 1316 {"permit", 6, E_ACTION}, 1317 {"deny", 4, E_ACTION}, 1318 {"any", 3, E_ANY}, 1319 {"host", 4, E_HOST}, 1320 {"extended", 8, E_EXT}, 1321 {"standard", 8, E_STD}, 1322 {"log", 3, E_LOG}, 1323 {"log-input", 9, E_LOG}, 1324 {"est", 3, E_EST}, 1325 {"established", 11, E_EST}, 1326 {"remark", 6, E_REMARK}, 1327 1328 // Protocols these can also be entered as decimal values 1329 1330 {"ip", 2, E_IP}, // Any Internet Protocol (0) 1331 {"tcp", 3, E_TCP}, // Transmission Control Protocol (6) 1332 {"udp", 3, E_UDP}, // User Datagram Protocol (17) 1333 {"ahp", 3, E_PROTO}, // Authentication Header Protocol (51) Normally called "ah" 1334 {"eigrp", 5, E_PROTO}, // Cisco's EIGRP routing protocol (88) 1335 {"esp", 3, E_PROTO}, // Encapsulation Security Payload (50) 1336 {"gre", 3, E_PROTO}, // Cisco's GRE tunneling (47) 1337 {"icmp", 4, E_ICMP}, // Internet Control Message Protocol (1) 1338 {"igmp", 4, E_IGMP}, // Internet Group Management Protocol (2) 1339 {"ipinip", 6, E_PROTO}, // IP in IP tunneling (94) (possibly 131) 1340 {"nos", 3, E_PROTO}, // KA9Q NOS compatible IP over IP tunneling 1341 {"ospf", 4, E_PROTO}, // OSPF routing protocol (89) 1342 {"pcp", 3, E_PROTO}, // Payload Compression Protocol 1343 {"pim", 3, E_PROTO}, // Protocol Independent Multicast (103) 1344 1345 // Relational Operators 1346 1347 {"range", 5, E_BINARY}, 1348 {"lt", 2, E_UNARY}, 1349 {"gt", 2, E_UNARY}, 1350 {"neq", 3, E_UNARY}, 1351 {"eq", 2, E_UNARY}, 1352 1353 // TCP Flags 1354 1355 {"syn", 3, E_FLAGS}, 1356 {"fin", 3, E_FLAGS}, 1357 {"rst", 3, E_FLAGS}, 1358 {"ack", 3, E_FLAGS}, 1359 {"psh", 3, E_FLAGS}, 1360 {"urg", 3, E_FLAGS}, 1361 1362 // DSCP code points (note: the bit values represent the six high order bits in the octet, the two low order bits 1363 // MUST be ignored.) 1364 1365 {"dscp", 4, E_DSCPFLG}, 1366 {"af11", 4, E_DSCPVAL}, // Match packets with AF11 dscp (001010) 1367 {"af12", 4, E_DSCPVAL}, // Match packets with AF12 dscp (001100) 1368 {"af13", 4, E_DSCPVAL}, // Match packets with AF13 dscp (001110) 1369 {"af21", 4, E_DSCPVAL}, // Match packets with AF21 dscp (010010) 1370 {"af22", 4, E_DSCPVAL}, // Match packets with AF22 dscp (010100) 1371 {"af23", 4, E_DSCPVAL}, // Match packets with AF23 dscp (010110) 1372 {"af31", 4, E_DSCPVAL}, // Match packets with AF31 dscp (011010) 1373 {"af32", 4, E_DSCPVAL}, // Match packets with AF32 dscp (011100) 1374 {"af33", 4, E_DSCPVAL}, // Match packets with AF33 dscp (011110) 1375 {"af41", 4, E_DSCPVAL}, // Match packets with AF41 dscp (100010) 1376 {"af42", 4, E_DSCPVAL}, // Match packets with AF42 dscp (100100) 1377 {"af43", 4, E_DSCPVAL}, // Match packets with AF43 dscp (100110) 1378 {"cs1", 3, E_DSCPVAL}, // Match packets with CS1(precedence 1) dscp (001000) 1379 {"cs2", 3, E_DSCPVAL}, // Match packets with CS2(precedence 2) dscp (010000) 1380 {"cs3", 3, E_DSCPVAL}, // Match packets with CS3(precedence 3) dscp (011000) 1381 {"cs4", 3, E_DSCPVAL}, // Match packets with CS4(precedence 4) dscp (100000) 1382 {"cs5", 3, E_DSCPVAL}, // Match packets with CS5(precedence 5) dscp (101000) 1383 {"cs6", 3, E_DSCPVAL}, // Match packets with CS6(precedence 6) dscp (110000) 1384 {"cs7", 3, E_DSCPVAL}, // Match packets with CS7(precedence 7) dscp (111000) 1385 {"default", 7, E_DSCPVAL}, // Match packets with default dscp (000000) 1386 {"ef", 2, E_DSCPVAL}, // Match packets with EF dscp (101110) 1387 1388 // ICMP Messages and Codes these can also be entered as decimal values 1389 1390 {"administratively-prohibited", 27, E_ICMPMSG }, // Administratively prohibited 3 13 1391 {"alternate-address", 17, E_ICMPMSG }, // Alternate address 6 0 1392 {"conversion-error", 16, E_ICMPMSG }, // Datagram conversion 31 0 1393 {"dod-host-prohibited",19, E_ICMPMSG }, // Host prohibited 3 10 1394 {"dod-net-prohibited", 18, E_ICMPMSG }, // Net prohibited 3 9 1395 {"echo", 4, E_ICMPMSG }, // Echo (ping) 8 0 1396 {"echo-reply", 10, E_ICMPMSG }, // Echo reply 0 0 1397 {"general-parameter-problem", 25, E_ICMPMSG }, // Parameter problem 12 0 1398 {"host-isolated", 13, E_ICMPMSG }, // Host isolated 3 8 1399 {"host-precedence-unreachable", 27, E_ICMPMSG }, // Host unreachable for precedence 3 14 1400 {"host-redirect", 13, E_ICMPMSG }, // Host redirect 5 1 1401 {"host-tos-redirect", 17, E_ICMPMSG }, // Host redirect for TOS 5 3 1402 {"host-tos-unreachable", 20, E_ICMPMSG }, // Host unreachable for TOS 3 12 1403 {"host-unknown", 12, E_ICMPMSG }, // Host unknown 3 7 1404 {"host-unreachable", 16, E_ICMPMSG }, // Host unreachable 3 1 1405 {"information-reply", 17, E_ICMPMSG }, // Information replies 16 0 1406 {"information-request", 19, E_ICMPMSG }, // Information requests 15 0 1407 {"mask-reply", 10, E_ICMPMSG }, // Mask replies 18 0 1408 {"mask-request", 12, E_ICMPMSG }, // Mask requests 17 0 1409 {"mobile-redirect", 15, E_ICMPMSG }, // Mobile host redirect 32 0 1410 {"net-redirect", 12, E_ICMPMSG }, // Network redirect 5 0 1411 {"net-tos-redirect", 16, E_ICMPMSG }, // Net redirect for TOS 5 2 1412 {"net-tos-unreachable", 19, E_ICMPMSG }, // Network unreachable for TOS 3 11 1413 {"net-unreachable", 15, E_ICMPMSG }, // Net unreachable 3 0 1414 {"network-unknown", 15, E_ICMPMSG }, // Network unknown 3 6 1415 {"no-room-for-option", 18, E_ICMPMSG }, // Parameter required but no room 12 2 1416 {"option-missing", 14, E_ICMPMSG }, // Parameter required but not present 12 1 1417 {"packet-too-big", 14, E_ICMPMSG }, // Fragmentation needed and DF set 3 4 1418 {"parameter-problem", 17, E_ICMPMSG }, // All parameter problems 12 1419 {"port-unreachable", 16, E_ICMPMSG }, // Port unreachable 3 3 1420 {"precedence-unreachable", 22, E_ICMPMSG }, // Precedence cutoff 3 15 1421 {"protocol-unreachable", 20, E_ICMPMSG }, // Protocol unreachable 3 2 1422 {"reassembly-timeout", 18, E_ICMPMSG }, // Reassembly timeout 11 1 1423 {"redirect", 8, E_ICMPMSG }, // All redirects 5 1424 {"router-advertisement", 20, E_ICMPMSG }, // Router discovery advertisements 9 0 1425 {"router-solicitation", 19, E_ICMPMSG }, // Router discovery solicitations 10 0 1426 {"source-quench", 13, E_ICMPMSG }, // Source quenches 4 0 1427 {"source-route-failed", 19, E_ICMPMSG }, // Source route failed 3 5 1428 {"time-exceeded", 13, E_ICMPMSG }, // All time exceededs 11 1429 {"timestamp-reply", 15, E_ICMPMSG }, // Timestamp replies 14 0 1430 {"timestamp-request", 17, E_ICMPMSG }, // Timestamp requests 13 0 1431 {"traceroute", 10, E_ICMPMSG }, // Traceroute 30 0 1432 {"ttl-exceeded", 12, E_ICMPMSG }, // TTL exceeded 11 1 1433 {"unreachable", 11, E_ICMPMSG }, // All unreachables 3 1434 1435 // IGMP Types these can also be entered as decimal values 1436 1437 {"dvmrp", 5, E_IGMPTYPE}, // Distance Vector Multicast Routing Protocol(19) 1438 {"host-query", 10, E_IGMPTYPE}, // IGMP Membership Query(17) 1439 {"mtrace-resp", 11, E_IGMPTYPE}, // Multicast Traceroute Response(30) 1440 {"mtrace-route", 12, E_IGMPTYPE}, // Multicast Traceroute(31) 1441 {"trace", 5, E_IGMPTYPE}, // Multicast trace(21) 1442 {"v1host-report", 13, E_IGMPTYPE}, // IGMPv1 Membership Report(18) 1443 {"v2host-report", 13, E_IGMPTYPE}, // IGMPv2 Membership Report(22) 1444 {"v3host-report", 13, E_IGMPTYPE}, // IGMPv3 Membership Report(34) 1445 {"v2leave-group", 13, E_IGMPTYPE}, // IGMPv2 Leave Group(23) 1446 1447 // PIM Version 1 was transported over IGMP this is a conflict that is handled in the state machine 1448 // because the match with the protocol name will be made much earlier and the event will be E_PROTO 1449 // the value handler routine will prevent any other protocol name from being accepted as an IGMP type 1450 1451 {"pim", 3, E_IGMPTYPE}, // PIMv1(20) 1452 1453 // TOS these can also be entered as decimal values 1454 1455 {"tos", 3, E_TOS}, 1456 {"max-reliability", 15, E_TOSVAL}, // Match packets with max reliable TOS (2) 1457 {"max-throughput", 14, E_TOSVAL}, // Match packets with max throughput TOS (4) 1458 {"min-delay", 9, E_TOSVAL}, // Match packets with min delay TOS (8) 1459 {"min-monetary-cost", 17, E_TOSVAL}, // Match packets with min monetary cost TOS (1) 1460 {"normal", 6, E_TOSVAL}, // Match packets with normal TOS (0) 1461 // Precedence these can also be entered as decimal values 1462 {"precedence", 10, E_PRFLG}, 1463 {"critical", 8, E_PRECEDENCE}, // Match packets with critical precedence (5) 1464 {"flash", 5, E_PRECEDENCE}, // Match packets with flash precedence (3) 1465 {"flash-override", 14, E_PRECEDENCE}, // Match packets with flash override precedence (4) 1466 {"immediate", 9, E_PRECEDENCE}, // Match packets with immediate precedence (2) 1467 {"internet", 8, E_PRECEDENCE}, // Match packets with internetwork control precedence (6) 1468 {"network", 7, E_PRECEDENCE}, // Match packets with network control precedence (7) 1469 {"priority", 8, E_PRECEDENCE}, // Match packets with priority precedence (1) 1470 {"routine", 7, E_PRECEDENCE}, // Match packets with routine precedence (0) 1471 1472 // IP Header Options these can also be entered as decimal values 1473 // more than a single value may be associated with a flow, we may need to encode these as 1474 // a bit vector and set the bit at the appropriate offset for each optikon seen in a flow 1475 // obviously this depends on Argus and its internal representation of the material 1476 // for now, we are parsing the values but not using them to make a permit or deny choice 1477 1478 {"add-ext", 7, E_IPOPT}, // Match packets with Address Extension Option (147) 1479 {"any-options", 11, E_IPOPT}, // Match packets with ANY Option 1480 {"com-security", 12, E_IPOPT}, // Match packets with Commercial Security Option (134) 1481 {"dps", 3, E_IPOPT}, // Match packets with Dynamic Packet State Option (151) 1482 {"encode", 6, E_IPOPT}, // Match packets with Encode Option (15) 1483 {"eool", 4, E_IPOPT}, // Match packets with End of Options (0) 1484 {"ext-ip", 6, E_IPOPT}, // Match packets with Extended IP Option (145) 1485 {"ext-security", 13, E_IPOPT}, // Match packets with Extended Security Option (133) 1486 {"finn", 4, E_IPOPT}, // Match packets with Experimental Flow Control Option (205) 1487 {"imitd", 5, E_IPOPT}, // Match packets with IMI Traffic Desriptor Option (144) 1488 {"lsr", 3, E_IPOPT}, // Match packets with Loose Source Route Option (131) 1489 {"mtup", 4, E_IPOPT}, // Match packets with MTU Probe Option (11) 1490 {"mtur", 4, E_IPOPT}, // Match packets with MTU Reply Option (12) 1491 {"no-op", 5, E_IPOPT}, // Match packets with No Operation Option (1) 1492 {"nsapa", 5, E_IPOPT}, // Match packets with NSAP Addresses Option (150) 1493 {"record-route", 12, E_IPOPT}, // Match packets with Record Route Option (7) 1494 {"router-alert", 12, E_IPOPT}, // Match packets with Router Alert Option (148) 1495 {"sdb", 3, E_IPOPT}, // Match packets with Selective Directed Broadcast Option (149) 1496 {"security", 8, E_IPOPT}, // Match packets with Basic Security Option (130) 1497 {"ssr", 3, E_IPOPT}, // Match packets with Strict Source Routing Option (137) 1498 {"stream-id", 9, E_IPOPT}, // Match packets with Stream ID Option (136) 1499 {"timestamp", 9, E_IPOPT}, // Match packets with Time Stamp Option (68) 1500 {"traceroute", 10, E_IPOPT}, // Match packets with Trace Route Option (82) 1501 {"ump", 3, E_IPOPT}, // Match packets with Upstream Multicast Packet Option (152) 1502 {"visa", 4, E_IPOPT}, // Match packets with Experimental Access Control Option (142) 1503 {"zsu", 3, E_IPOPT}, // Match packets with Experimental Measurement Option (10) 1504 1505 // Things that we need to ignore for now 1506 1507 {"drip", 4, E_IGNORE}, 1508 {"fragments", 9, E_IGNORE}, 1509 {"time-range", 10, E_IGNORE}, 1510 {"non500-isakmp", 13, E_IGNORE}, 1511 {"reflex", 6, E_IGNORE}, 1512 {"", 0, E_NULL}, 1513 }; 1514 1515 1516 /*********************************************************************************************************************** 1517 * Values used in mapping specific components of an access list entry from a name to an internal representation 1518 * ********************************************************************************************************************/ 1519 struct tlv { 1520 char *name; 1521 int len; 1522 int value; 1523 } ; 1524 1525 typedef struct tlv tlv_t; 1526 1527 1528 tlv_t igmpmap [] = 1529 { 1530 {"dvmrp", 5, 19}, // Distance Vector Multicast Routing Protocol 1531 {"host-query", 10, 17}, // IGMP Membership Query 1532 {"mtrace-resp", 11, 30}, // Multicast Traceroute Response 1533 {"mtrace-route", 12, 31}, // Multicast Traceroute 1534 {"trace", 5, 21}, // Multicast trace 1535 {"v1host-report", 13, 18}, // IGMPv1 Membership Report 1536 {"v2host-report", 13, 22}, // IGMPv2 Membership Report 1537 {"v3host-report", 13, 34}, // IGMPv3 Membership Report 1538 {"v2leave-group", 13, 23}, // IGMPv2 Leave Group 1539 {"pim", 3, 20}, // PIMv1 1540 {"", 0, 0} 1541 }; 1542 1543 /****************************************************************************************************** 1544 * The six most significant bits of one of the IP header bytes have been defined and redefined 1545 * as experience with the realities of the Internet came to be understood. 1546 * The two least significant bits of this same byte were taken for use as ECN (explicit 1547 * congestion notification) indicators 1548 * 1549 * If we are using the RFC 4274 definitions of this byte 1550 * The six most significant bits taken as a set became the DiffServ Code Points 1551 * The three most significant bits still retained there original IP precedence meanings 1552 * Whenever the three least significant bits are all set to 0 the DSCP code point name 1553 * is designated as CS (Class Selector) and a value between 0 and 7. 1554 * If any of the three least significant bits are set, then the code point is designated 1555 * AF (Assured Forwarding) or EF (Expedited Forwarding) 1556 * 1557 * If we are using the RFC 791 / RFC 1349 definitions of this byte 1558 * The least significant bit is always 0 1559 * The three most significant bits are the IP precedence 1560 * The four bits in between are the TOS value 1561 * 1562 * Effectively we inspect the same set of bits three different ways to match 1563 * TOS, DSCP, and Precedence. 1564 * TOS = ( (byteValue > 1) & 0x0f) 1565 * Precedence = ( byteValue >> 5) 1566 * DSCP = ( byteValue >> 2) 1567 * 1568 * The shifts are zero extended (unsigned) 1569 *******************************************************************************************************/ 1570 tlv_t precmap [] = 1571 { 1572 {"critical", 8, 5}, // Match packets with critical precedence (5) 1573 {"flash", 5, 3}, // Match packets with flash precedence (3) 1574 {"flash-override", 14, 4}, // Match packets with flash override precedence (4) 1575 {"immediate", 9, 2}, // Match packets with immediate precedence (2) 1576 {"internet", 8, 6}, // Match packets with internetwork control precedence (6) 1577 {"network", 7, 7}, // Match packets with network control precedence (7) 1578 {"priority", 8, 1}, // Match packets with priority precedence (1) 1579 {"routine", 7, 0}, // Match packets with routine precedence (0) 1580 {"",0,0} 1581 }; 1582 1583 1584 tlv_t tosmap [] = 1585 { 1586 {"max-reliability", 14, 2}, // Match packets with max reliable TOS (2) 1587 {"max-throughput", 13, 4}, // Match packets with max throughput TOS (4) 1588 {"min-delay", 9, 8}, // Match packets with min delay TOS (8) 1589 {"min-monetary-cost", 16, 1}, // Match packets with min monetary cost TOS (1) 1590 {"normal", 6, 0}, // Match packets with normal TOS (0) 1591 {"", 0, 0} 1592 }; 1593 1594 1595 tlv_t DSCPmap [] = 1596 { 1597 {"af11", 4, 10}, // Match packets with AF11 dscp (001010) 1598 {"af12", 4, 12}, // Match packets with AF12 dscp (001100) 1599 {"af13", 4, 14}, // Match packets with AF13 dscp (001110) 1600 {"af21", 4, 18}, // Match packets with AF21 dscp (010010) 1601 {"af22", 4, 20}, // Match packets with AF22 dscp (010100) 1602 {"af23", 4, 22}, // Match packets with AF23 dscp (010110) 1603 {"af31", 4, 26}, // Match packets with AF31 dscp (011010) 1604 {"af32", 4, 28}, // Match packets with AF32 dscp (011100) 1605 {"af33", 4, 30}, // Match packets with AF33 dscp (011110) 1606 {"af41", 4, 34}, // Match packets with AF41 dscp (100010) 1607 {"af42", 4, 36}, // Match packets with AF42 dscp (100100) 1608 {"af43", 4, 38}, // Match packets with AF43 dscp (100110) 1609 {"cs1", 3, 8}, // Match packets with CS1(precedence 1) dscp (001000) 1610 {"cs2", 3, 16}, // Match packets with CS2(precedence 2) dscp (010000) 1611 {"cs3", 3, 24}, // Match packets with CS3(precedence 3) dscp (011000) 1612 {"cs4", 3, 32}, // Match packets with CS4(precedence 4) dscp (100000) 1613 {"cs5", 3, 40}, // Match packets with CS5(precedence 5) dscp (101000) 1614 {"cs6", 3, 48}, // Match packets with CS6(precedence 6) dscp (110000) 1615 {"cs7", 3, 56}, // Match packets with CS7(precedence 7) dscp (111000) 1616 {"default", 7, 0}, // Match packets with default dscp (000000) 1617 {"ef", 2, 46}, // Match packets with EF dscp (101110) 1618 {"", 0, 0} 1619 }; 1620 1621 struct tlv2 { 1622 char *name; 1623 int len; 1624 int value1; 1625 int value2; 1626 }; 1627 1628 typedef struct tlv2 tlv2_t; 1629 1630 tlv2_t icmpmap [] = 1631 { 1632 {"administratively-prohibited", 26, 3,13 }, // Administratively prohibited 3 13 1633 {"alternate-address", 17, 6, 0 }, // Alternate address 6 0 1634 {"conversion-error", 16, 31, 0 }, // Datagram conversion 31 0 1635 {"dod-host-prohibited", 20, 3, 10 }, // Host prohibited 3 10 1636 {"dod-net-prohibited", 19, 3, 9 }, // Net prohibited 3 9 1637 {"echo", 4, 8, 0 }, // Echo (ping) 8 0 1638 {"echo-reply", 10, 0, 0 }, // Echo reply 0 0 1639 {"general-parameter-problem", 25, 12, 0 }, // Parameter problem 12 0 1640 {"host-isolated", 12, 3, 8 }, // Host isolated 3 8 1641 {"host-precedence-unreachable", 28, 3, 14 }, // Host unreachable for precedence 3 14 1642 {"host-redirect", 12, 5, 1 }, // Host redirect 5 1 1643 {"host-tos-redirect", 10, 5, 3 }, // Host redirect for TOS 5 3 1644 {"host-tos-unreachable", 20, 3,12 }, // Host unreachable for TOS 3 12 1645 {"host-unknown", 12, 3, 7 }, // Host unknown 3 7 1646 {"host-unreachable", 16, 3, 1 }, // Host unreachable 3 1 1647 {"information-reply", 17, 16, 0 }, // Information replies 16 0 1648 {"information-request", 19, 15, 0 }, // Information requests 15 0 1649 {"mask-reply", 10, 18, 0 }, // Mask replies 18 0 1650 {"mask-request", 12, 17, 0 }, // Mask requests 17 0 1651 {"mobile-redirect", 16, 32, 0 }, // Mobile host redirect 32 0 1652 {"net-redirect", 12, 5, 0 }, // Network redirect 5 0 1653 {"net-tos-redirect", 17, 5, 2 }, // Net redirect for TOS 5 2 1654 {"net-tos-unreachable", 20, 3, 11 }, // Network unreachable for TOS 3 11 1655 {"net-unreachable", 17, 3, 0 }, // Net unreachable 3 0 1656 {"network-unknown", 17, 3, 6 }, // Network unknown 3 6 1657 {"no-room-for-option", 20, 12, 2 }, // Parameter required but no room 12 2 1658 {"option-missing", 17, 12, 1 }, // Parameter required but not present 12 1 1659 {"packet-too-big", 17, 3, 4 }, // Fragmentation needed and DF set 3 4 1660 {"parameter-problem", 20, 12, ICMPCodeAny }, // All parameter problems 12 1661 {"port-unreachable", 19, 3, 3 }, // Port unreachable 3 3 1662 {"precedence-unreachable", 25, 3, 15 }, // Precedence cutoff 3 15 1663 {"protocol-unreachable", 23, 3, 2 }, // Protocol unreachable 3 2 1664 {"reassembly-timeout", 18, 11, 1 }, // Reassembly timeout 11 1 1665 {"redirect", 8, 5, ICMPCodeAny }, // All redirects 5 1666 {"router-advertisement", 20, 9, 0 }, // Router discovery advertisements 9 0 1667 {"router-solicitation", 19, 10, 0 }, // Router discovery solicitations 10 0 1668 {"source-quench", 13, 4, 0 }, // Source quenches 4 0 1669 {"source-route-failed", 19, 3, 5 }, // Source route failed 3 5 1670 {"time-exceeded", 13, 11, ICMPCodeAny }, // All time exceededs 11 1671 {"timestamp-reply", 15, 14, 0 }, // Timestamp replies 14 0 1672 {"timestamp-request", 17, 13, 0 }, // Timestamp requests 13 0 1673 {"traceroute", 10, 30, 0 }, // Traceroute 30 0 1674 {"ttl-exceeded", 12, 11, 0 }, // TTL exceeded 11 1 1675 {"unreachable", 11, 3, ICMPCodeAny }, // All unreachables 3 1676 {"", 0, 0, 0 }, 1677 }; 1678 1679 #endif // RA_POLICY_C 1680 1681 #ifdef __cplusplus 1682 } 1683 #endif 1684 #endif 1685