package org.freertr.cfg; import java.util.ArrayList; import java.util.List; import org.freertr.addr.addrIP; import org.freertr.tab.tabAceslstN; import org.freertr.tab.tabGen; import org.freertr.tab.tabListing; import org.freertr.tab.tabListingEntry; import org.freertr.user.userFilter; import org.freertr.user.userHelping; import org.freertr.util.bits; import org.freertr.util.cmds; /** * access list configuration * * @author matecsaba */ public class cfgAceslst implements Comparable, cfgGeneric { /** * name of access list */ public String name; /** * description of access list */ public String description; /** * hidden list */ public boolean hidden; /** * list of statements */ public tabListing, addrIP> aceslst; /** * create new access list * * @param s name */ public cfgAceslst(String s) { aceslst = new tabListing, addrIP>(); name = s; aceslst.listName = s; } /** * defaults text */ public final static String[] defaultL = {}; /** * defaults filter */ public static tabGen defaultF; public String toString() { return name; } public List getShRun(int filter) { List l = new ArrayList(); l.add("access-list " + name); if (description != null) { l.add(cmds.tabulator + "description " + description); } if (hidden) { l.add(cmds.tabulator + "hidden"); } if (!hidden) { l.addAll(aceslst.dump(cmds.tabulator, filter)); } l.add(cmds.tabulator + cmds.finish); l.add(cmds.comment); if ((filter & 1) == 0) { return l; } return userFilter.filterText(l, defaultF); } public void getHelp(userHelping l) { l.add(null, "1 2 sequence sequence number of an entry"); l.add(null, "2 1 sequence number"); l.add(null, "1 3,. description specify description"); l.add(null, "3 3,. text"); l.add(null, "1 2 rename rename this access list"); l.add(null, "2 . set new name"); l.add(null, "1 . hidden hide the entries"); l.add(null, "1 3 evaluate evaluate another list"); l.add(null, "3 4 permit specify list to allow"); l.add(null, "3 4 deny specify list to forbid"); l.add(null, "4 . name of list"); l.add(null, "1 3 reflect create forward entry on match"); l.add(null, "3 4 name of forward list"); l.add(null, "4 5 name of reverse list"); l.add(null, "5 . timeout"); l.add(null, "1 3 permit specify networks to allow"); l.add(null, "1 3 deny specify networks to forbid"); l.add(null, "3 4 all no protocol matching"); l.add(null, "3 4 protocol number"); l.add(null, "4 6 any no source address matching"); l.add(null, "4 5 obj object group source address matching"); l.add(null, "4 5 host host source address matching"); l.add(null, "4 5 address of source network"); l.add(null, "5 6 mask of source network"); l.add(null, "6 8 all no source port matching"); l.add(null, "6 8 source port"); l.add(null, "6 7 obj object group source port matching"); l.add(null, "7 8 name of object group"); l.add(null, "8 10 any no target address matching"); l.add(null, "8 9 obj object group target address matching"); l.add(null, "8 9 host host target address matching"); l.add(null, "8 9 address of target network"); l.add(null, "9 10 mask of target network"); l.add(null, "10 12,. all no target port matching"); l.add(null, "10 12,. target port"); l.add(null, "10 11 obj object group target port matching"); l.add(null, "11 12,. name of object group"); l.add(null, "12 12,. alrt alerted datagrams"); l.add(null, "12 12,. frag fragmented datagrams"); l.add(null, "12 13 flag tcp flags"); l.add(null, "13 12,. all no flag matching"); l.add(null, "13 12,. flag value"); l.add(null, "12 13 tos type of service matching"); l.add(null, "13 12,. all no tos matching"); l.add(null, "13 12,. tos value"); l.add(null, "12 13 flow flow label matching"); l.add(null, "13 12,. all no tos matching"); l.add(null, "13 12,. tos value"); l.add(null, "12 13 dscp dscp matching"); l.add(null, "13 12,. all no dscp matching"); l.add(null, "13 12,. tos value"); l.add(null, "12 13 prec precedence matching"); l.add(null, "13 12,. all no precedence matching"); l.add(null, "13 12,. tos value"); l.add(null, "12 13 len length matching"); l.add(null, "13 12,. all no length matching"); l.add(null, "13 12,. length value"); l.add(null, "12 13 ttl time to live matching"); l.add(null, "13 12,. all no ttl matching"); l.add(null, "13 12,. ttl value"); l.add(null, "12 13 sgt security group tag matching"); l.add(null, "13 12,. all no sgt matching"); l.add(null, "13 12,. sgt value"); l.add(null, "12 12,. log log on matching"); l.add(null, "1 2,. reindex reindex access list"); l.add(null, "2 3,. [num] initial number to start with"); l.add(null, "3 . [num] increment number"); } public void doCfgStr(cmds cmd) { String a = cmd.word(); if (a.equals(cmds.negated)) { a = cmd.word(); if (a.equals("description")) { description = null; return; } if (a.equals("hidden")) { hidden = false; return; } if (a.equals("sequence")) { tabAceslstN ntry = new tabAceslstN(new addrIP()); ntry.sequence = bits.str2num(cmd.word()); if (aceslst.del(ntry)) { cmd.error("invalid sequence"); return; } return; } cmd.badCmd(); return; } if (a.equals("rename")) { a = cmd.word(); cfgAceslst v = cfgAll.aclsFind(a, false); if (v != null) { cmd.error("already exists"); return; } name = a; aceslst.listName = a; return; } if (a.equals("description")) { description = cmd.getRemaining(); return; } if (a.equals("hidden")) { hidden = true; return; } if (a.equals("reindex")) { int i = bits.str2num(cmd.word()); aceslst.reindex(i, bits.str2num(cmd.word())); return; } int seq = aceslst.nextseq(); if (a.equals("sequence")) { seq = bits.str2num(cmd.word()); a = cmd.word(); } tabAceslstN ntry = new tabAceslstN(new addrIP()); ntry.sequence = seq; if (a.equals("reflect")) { ntry = aceslst.find(ntry); if (ntry == null) { cmd.error("no such entry"); return; } cfgAceslst res = cfgAll.aclsFind(cmd.word(), false); if (res == null) { cmd.error("no such list"); return; } ntry.reflectFwd = res.aceslst; res = cfgAll.aclsFind(cmd.word(), false); if (res == null) { cmd.error("no such list"); return; } ntry.reflectRev = res.aceslst; ntry.reflectTim = bits.str2num(cmd.word()); return; } if (a.equals("evaluate")) { ntry.action = tabListingEntry.string2action(cmd.word()); cfgAceslst res = cfgAll.aclsFind(cmd.word(), false); if (res == null) { cmd.error("no such list"); return; } ntry.evaluate = res.aceslst; aceslst.add(ntry); return; } ntry.action = tabListingEntry.string2action(a); if (tabAceslstN.fromString(ntry, cmd)) { cmd.error("invalid network"); return; } aceslst.add(ntry); } public int compareTo(cfgAceslst o) { return name.toLowerCase().compareTo(o.name.toLowerCase()); } public String getPrompt() { return "acl"; } }