cisco_acl_intp 0.0.1

data/lib/cisco_acl_intp/ace_port.rb

@@ -0,0 +1,146 @@
+# -*- coding: utf-8 -*-
+
+require 'cisco_acl_intp/ace_proto'
+
+module CiscoAclIntp
+  # TCP/UDP port number and operator container
+  class AcePortSpec < AclContainerBase
+    include AceTcpUdpPortValidation
+
+    # @param [String] value Operator of port (eq/neq/gt/lt/range)
+    # @return [String]
+    attr_accessor :operator
+
+    # @param [AceProtoSpecBase] value Port No. (single/lower)
+    # @return [AceProtoSpecBase]
+    attr_accessor :begin_port
+
+    # alias for unary operator
+    alias_method :port, :begin_port
+
+    # @param [AceProtoSpecBase] value Port No. (higher)
+    # @return [AceProtoSpecBase]
+    attr_accessor :end_port
+
+    # Constructor
+    # @param [Hash] opts Options
+    # @option opts [String] :operator Port operator, eq/neq/lt/gt/range
+    # @option opts [AceProtoSpecBase] :port Port No. (single/lower)
+    #   (same as :begin_port, alias for unary operator)
+    # @option opts [AceProtoSpecBase] :begin_port Port No. (single/lower)
+    # @option opts [AceProtoSpecBase] :end_port Port No. (higher)
+    # @raise [AclArgumentError]
+    # @return [AcePortSpec]
+    # @note '@begin_port' and '@end_port' should managed
+    #   with port number and protocol name.
+    #   it need the number when operate/compare protocol number,
+    #   and need the name when stringize the object.
+    def initialize(opts)
+      ## TBD
+      ## in ACL, can "eq/neq" receive port list?
+      ## IOS15 later?
+
+      if opts.key?(:operator)
+        validate_operators(opts)
+      else
+        fail AclArgumentError, 'Not specified port operator'
+      end
+    end
+
+    # @param [AcePortSpec] other RHS Object
+    # @return [Boolean]
+    def ==(other)
+      @operator == other.operator &&
+        @begin_port == other.begin_port &&
+        @end_port == other.end_port
+    end
+
+    # Generate string for Cisco IOS access list
+    # @return [String]
+    def to_s
+      if @operator == 'any'
+        ''
+      else
+        c_pp(sprintf('%s %s %s', @operator, @begin_port, @end_port))
+      end
+    end
+
+    # Table of port match operator and operations
+    PORT_OPERATE = {
+      'any'   => proc do |begin_port, end_port, port|
+        true
+      end,
+      'eq'    => proc do |begin_port, end_port, port|
+        begin_port == port
+      end,
+      'neq'   => proc do |begin_port, end_port, port|
+        begin_port != port
+      end,
+      'gt'    => proc do |begin_port, end_port, port|
+        begin_port  < port
+      end,
+      'lt'    => proc do |begin_port, end_port, port|
+        begin_port  > port
+      end,
+      'range' => proc do |begin_port, end_port, port|
+        (begin_port .. end_port).include?(port)
+      end,
+    }
+
+    # Check the port number matches this?
+    # @param [Integer] port TCP/UDP Port number
+    # @raise [AclArgumentError]
+    # @return [Boolean]
+    def matches?(port)
+      unless valid_range?(port)
+        fail AclArgumentError, "Port out of range: #{ port }"
+      end
+      # @operator was validated in constructor
+      PORT_OPERATE[@operator].call(@begin_port.to_i, @end_port.to_i, port)
+    end
+
+    private
+
+    # Set instance variables
+    # @param [Hash] opts Options of constructor
+    def define_operator_and_ports(opts)
+      @operator = opts[:operator] || 'any'
+      @begin_port = opts[:port] || opts[:begin_port] || nil
+      @end_port = opts[:end_port] || nil
+    end
+
+    # Varidate options
+    # @param [Hash] opts Options of constructor
+    # @raise [AclArgumentError]
+    def validate_operators(opts)
+      define_operator_and_ports(opts)
+
+      if !PORT_OPERATE.key?(@operator)
+        fail AclArgumentError, "Unknown operator: #{@operator}"
+      elsif !valid_operator_and_port?
+        fail AclArgumentError, 'Invalid port or ports sequence'
+      end
+    end
+
+    # Varidate combination operator and port number
+    # @return [Boolean]
+    def valid_operator_and_port?
+      case @operator
+      when 'any'
+        true
+      when 'range'
+        @begin_port &&
+          @end_port &&
+          @begin_port < @end_port
+      else
+        @begin_port
+      end
+    end
+  end
+end # module
+
+### Local variables:
+### mode: Ruby
+### coding: utf-8-unix
+### indent-tabs-mode: nil
+### End:

data/lib/cisco_acl_intp/ace_proto.rb

@@ -0,0 +1,319 @@
+# -*- coding: utf-8 -*-
+
+require 'cisco_acl_intp/acl_base'
+
+module CiscoAclIntp
+  # IP/TCP/UDP port number and protocol name container base
+  class AceProtoSpecBase < AclContainerBase
+    include Comparable
+
+    # @param [String] value Protocol name,
+    #   it is literal used in Cisco IOS access-list
+    # @return [String]
+    attr_accessor :name
+
+    # @param [Integer] value Protocol/Port number
+    # @return [Integer]
+    attr_accessor :number
+
+    # @return [String, Symbol] L3/L4 protocol type
+    attr_reader :protocol
+
+    # Constructor
+    # @param [Hash] opts Options
+    # @option opts [String] :name Protocol name
+    # @option opts [Integer] :number Protocol/Port number
+    # @raise [AclArgumentError]
+    # @return [AceProtoSpecBase]
+    # @abstract
+    # @note Variable '@protocol'
+    #   should be assigned in inherited class constructor,
+    #   at first. (before call super class constructor)
+    def initialize(opts)
+      define_values(opts)
+
+      # arguments     |
+      # :name :number | @name         @number
+      # --------------+----------------------------
+      # set   set     | use arg       use arg (*1)
+      #       none    | use arg       nil     (*2)
+      # none  set     | nil           use arg (*3)
+      #       none    | [    raise error    ] (*4)
+      #
+      # (*1) args are set in parser (assume correct args)
+      #    check if :name and number_to_name(:number) are same.
+      # (*2) args are set in parser (assume correct args)
+      # (*3)
+
+      validate_protocol_number
+      validate_protocol_name_and_number
+    end
+
+    # Check the port number in valid range of port number
+    # @abstract
+    # @param [Integer] port IP/TCP/UDP port/protocol number
+    # @return [Boolean]
+    def valid_range?(port)
+      port.integer?
+    end
+
+    # Generate string for Cisco IOS access list
+    # @return [String]
+    def to_s
+      @name || number_to_name(@number)
+    end
+
+    # Convert protocol/port number to string (its name)
+    # @abstract
+    # @param [Integer] number Protocol/Port number
+    # @return [String] Name of protocol/port number.
+    #   If does not match the number in IOS proto/port literal,
+    #   return number.to_s string
+    def number_to_name(number)
+      number.to_s
+    end
+
+    # @return [Integer] Protocol/Port number
+    def to_i
+      @number
+    end
+
+    # Compare by port number
+    # @note Using "Comparable" module, '==' operator is defined by
+    #   '<=>' operator. But '==' is overriden to compare instance
+    #   equivalence instead of port number comparison.
+    # @param [AceProtoSpecBase] other Compared instance
+    # @return [Fixnum] Compare with protocol/port number
+    def <=>(other)
+      @number <=> other.to_i
+    end
+
+    # @return [Boolean] Compare with protocol/port number
+    def ==(other)
+      @protocol == other.protocol &&
+        @name == other.name &&
+        @number == other.number
+    end
+
+    private
+
+    # Set instance variables with ip/default-netmask
+    # @param [Hash] opts Options of constructor
+    def define_values(opts)
+      @protocol = nil unless @protocol
+      @name = opts[:name] || nil
+      @number = opts[:number] || nil
+    end
+
+    # Validate protocol number
+    # @raise [AclArgumentError]
+    def validate_protocol_number
+      if @number && (!valid_range?(@number))
+        # Pattern (*1)(*3)
+        fail AclArgumentError, "Wrong protocol number: #{ @number }"
+      end
+    end
+
+    # Validate protocol name and number (combination)
+    # @raise [AclArgumentError]
+    def validate_protocol_name_and_number
+      if @name && @number
+        # Case (*1): check parameter match
+        # Do not overwrite name by number converted name,
+        # because args are configured in parser,
+        # that name mismatch looks like a bug.
+        if @name != number_to_name(@number)
+          fail AclArgumentError, 'Specified protocol name and number not match'
+        end
+      elsif (!@name) && (!@number)
+        # Case (*4):
+        fail AclArgumentError, 'Not specified protocol name and number'
+      else
+        ## condition: @name && (!@number)
+        # Case (*2): no-op
+        # Usually, args are configured in parser.
+        # If not specified the number, it is empty explicitly
+        ## condition: (!@name) && @number
+        # Case (*3): no-op
+        # @name is used to stringify, convert @number to name in to_s
+      end
+    end
+  end
+
+  # IP protocol number/name container
+  class AceIpProtoSpec < AceProtoSpecBase
+    # Minimum port/protocol number
+    MIN_PORT = 0
+    # Maximum port/protocol number
+    MAX_PORT = 255
+
+    # convert table of tcp port/name
+    IP_PROTO_NAME_TABLE = {
+      51 => 'ahp',
+      88 => 'eigrp',
+      50 => 'esp',
+      47 => 'gre',
+      2 => 'igmp',
+      9 => 'igrp',
+      94 => 'ipinip',
+      4 => 'nos',
+      89 => 'ospf',
+      108 => 'pcp',
+      103 => 'pim',
+      1 => 'icmp',
+      6 => 'tcp',
+      17 => 'udp'
+    }
+
+    # Constructor
+    # @param [Hash] opts Options of {AceProtoSpecBase}
+    # @return [AceIpProtoSpec]
+    def initialize(opts)
+      @protocol = :ip
+      super
+    end
+
+    # Check the port number in valid range of port number
+    # @param [Integer] port IP/TCP/UDP port/protocol number
+    # @return [Boolean]
+    def valid_range?(port)
+      (MIN_PORT .. MAX_PORT).include?(port.to_i)
+    end
+
+    # Convert protocol/port number to string (its name)
+    # @param [Integer] number Protocol/Port number
+    # @return [String] Name of protocol/port number.
+    def number_to_name(number)
+      IP_PROTO_NAME_TABLE[number] || number.to_s
+    end
+  end
+
+  # TCP/UDP port range validation feature
+  module AceTcpUdpPortValidation
+    # Minimum port/protocol number
+    MIN_PORT = 0
+    # Maximum port/protocol number
+    MAX_PORT = 65_535
+
+    # Check the port number in valid range of port number
+    # @param [Integer] port TCP/UDP port/protocol number
+    # @return [Boolean]
+    def valid_range?(port)
+      (MIN_PORT .. MAX_PORT).include?(port.to_i)
+    end
+  end
+
+  # TCP protocol number/name container
+  class AceTcpProtoSpec < AceProtoSpecBase
+    include AceTcpUdpPortValidation
+
+    # convert table of tcp port/name
+    TCP_PORT_NAME_TABLE = {
+      179 => 'bgp',
+      19 => 'chargen',
+      514 => 'cmd',
+      13 => 'daytime',
+      9 => 'discard',
+      53 => 'domain',
+      3949 => 'drip',
+      7 => 'echo',
+      512 => 'exec',
+      79 => 'finger',
+      21 => 'ftp',
+      20 => 'ftp-data',
+      70 => 'gopher',
+      101 => 'hostname',
+      113 => 'ident',
+      194 => 'irc',
+      543 => 'klogin',
+      544 => 'kshell',
+      513 => 'login',
+      515 => 'lpd',
+      119 => 'nntp',
+      496 => 'pim-auto-rp',
+      109 => 'pop2',
+      110 => 'pop3',
+      25 => 'smtp',
+      111 => 'sunrpc',
+      49 => 'tacacs',
+      517 => 'talk',
+      23 => 'telnet',
+      37 => 'time',
+      540 => 'uucp',
+      43 => 'whois',
+      80 => 'www'
+    }
+
+    # Constructor
+    # @param [Hash] opts Options of {AceProtoSpecBase}
+    # @return [AceTcpProtoSpec]
+    def initialize(opts)
+      @protocol = :tcp
+      super
+    end
+
+    # Convert protocol to port number by string (its name)
+    # @param [Integer] number Protocol/Port number
+    # @return [String] Name of protocol/port number.
+    def number_to_name(number)
+      TCP_PORT_NAME_TABLE[number] || number.to_s
+    end
+  end
+
+  # UDP protocol number/name container
+  class AceUdpProtoSpec < AceProtoSpecBase
+    include AceTcpUdpPortValidation
+
+    # convert table of UDP port/name
+    UDP_PORT_NAME_TABLE = {
+      512 => 'biff',
+      68 => 'bootpc',
+      67 => 'bootps',
+      9 => 'discard',
+      195 => 'dnsix',
+      53 => 'domain',
+      7 => 'echo',
+      500 => 'isakmp',
+      434 => 'mobile-ip',
+      42 => 'nameserver',
+      138 => 'netbios-dgm',
+      137 => 'netbios-ns',
+      139 => 'netbios-ss',
+      4500 => 'non500-isakmp',
+      123 => 'ntp',
+      496 => 'pim-auto-rp',
+      520 => 'rip',
+      161 => 'snmp',
+      162 => 'snmptrap',
+      111 => 'sunrpc',
+      514 => 'syslog',
+      49 => 'tacacs',
+      517 => 'talk',
+      69 => 'tftp',
+      37 => 'time',
+      513 => 'who',
+      177 => 'xdmcp'
+    }
+
+    # Constructor
+    # @param [Hash] opts Options of {AceProtoSpecBase}
+    # @return [AceUdpProtoSpec]
+    def initialize(opts)
+      @protocol = :udp
+      super
+    end
+
+    # Convert protocol/port number to string (its name)
+    # @param [Integer] number Protocol/Port number
+    # @return [String] Name of protocol/port number.
+    def number_to_name(number)
+      UDP_PORT_NAME_TABLE[number] || number.to_s
+    end
+  end
+end # module
+
+### Local variables:
+### mode: Ruby
+### coding: utf-8-unix
+### indent-tabs-mode: nil
+### End:

data/lib/cisco_acl_intp/ace_srcdst.rb

@@ -0,0 +1,114 @@
+# -*- coding: utf-8 -*-
+
+require 'netaddr'
+require 'cisco_acl_intp/ace_ip'
+require 'cisco_acl_intp/ace_port'
+require 'cisco_acl_intp/ace_other_qualifiers'
+require 'cisco_acl_intp/ace_tcp_flags'
+
+module CiscoAclIntp
+  # IP Address and TCP/UDP Port Info
+  class AceSrcDstSpec < AclContainerBase
+    ## TBD
+    ## Src/Dst takes Network Object Group or IP/wildcard.
+    ## object group is not implemented yet.
+
+    # @param [AceIpSpec] value IP address and Wildcard-mask
+    # @return [AceIpSpec]
+    attr_accessor :ip_spec
+
+    # @param [AcePortSpec] value Port number(s) and Operator
+    # @return [AcePortSpec]
+    attr_accessor :port_spec
+
+    # Constructor
+    # @param [Hash] opts Options
+    # @option opts [AceIpSpec] :ip_spec IP address/Mask object
+    # @option opts [String] :ipaddr IP Address (dotted notation)
+    # @option opts [String] :wildcard Wildcard mask
+    #   (dotted/bit-flipped notation)
+    # @option opts [AcePortSpec] :port_spec Port/Operator object
+    # @option opts [String] :operator Port operator
+    # @option opts [AceProtoSpecBase] :port port number (single/lower)
+    #   (same as :begin_port, alias for unary operator)
+    # @option opts [AceProtoSpecBase] :begin_port port number (single/lower)
+    # @option opts [AceProtoSpecBase] :end_port port number (higher)
+    # @raise [AclArgumentError]
+    # @return [AceSrcDstSpec]
+    # @note When it does not specified port in opts,
+    #   (:port_spec or :operator, :begin_port, :end_port)
+    #   it assumed with ANY port.
+    def initialize(opts)
+      @ip_spec = define_ipspec(opts)
+      @port_spec = define_portspec(opts)
+    end
+
+    # @param [AceSrcDstSpec] other RHS Object
+    # @return [Boolean]
+    def ==(other)
+      @port_spec == other.port_spec &&
+        @ip_spec == other.ip_spec
+    end
+
+    # Generate string for Cisco IOS access list
+    # @return [String]
+    def to_s
+      sprintf('%s %s', @ip_spec, @port_spec)
+    end
+
+    # Check address and port number matche this object.
+    # @param [String] address IP address (dotted notation)
+    # @param [Integer] port Port No.
+    # @return [Boolean]
+    def matches?(address, port = nil)
+      ip_spec_match = @ip_spec.matches?(address)
+      ip_spec_match && @port_spec.matches?(port) if port
+    end
+
+    private
+
+    # Set instance variables
+    # @param [Hash] opts Options of constructor
+    # @raise [AclArgumentError]
+    # @return [AceIpSpec] IP address/Mask object
+    # @see #initialize
+    def define_ipspec(opts)
+      if opts.key?(:ip_spec)
+        opts[:ip_spec]
+      elsif opts.key?(:ipaddr)
+        AceIpSpec.new(
+          ipaddr: opts[:ipaddr],
+          wildcard: opts[:wildcard]
+        )
+      else
+        fail AclArgumentError, 'Not specified: ip spec'
+      end
+    end
+
+    # Set instance variables
+    # @param [Hash] opts Options of constructor
+    # @return [AcePortSpec] Port/Operator object
+    # @see #initialize
+    def define_portspec(opts)
+      if opts.key?(:port_spec)
+        opts[:port_spec]
+      elsif opts.key?(:operator)
+        AcePortSpec.new(
+          operator: opts[:operator],
+          begin_port: opts[:port] || opts[:begin_port],
+          end_port: opts[:end_port]
+        )
+      else
+        # in standard acl, not used port_spec
+        # if not specified port spec: default: any port
+        AcePortSpec.new(operator: 'any')
+      end
+    end
+  end
+end # module
+
+### Local variables:
+### mode: Ruby
+### coding: utf-8-unix
+### indent-tabs-mode: nil
+### End:

data/lib/cisco_acl_intp/ace_tcp_flags.rb

@@ -0,0 +1,65 @@
+# -*- coding: utf-8 -*-
+
+require 'forwardable'
+require 'cisco_acl_intp/acl_base'
+
+module CiscoAclIntp
+  # TCP flag container
+  class AceTcpFlag < AclContainerBase
+    # @param [String] value TCP flag name
+    # @return [String]
+    attr_accessor :flag
+
+    # Constructor
+    # @param [String] flag TCP flag name
+    # @return [AceTcpFlag]
+    def initialize(flag)
+      @flag = flag
+    end
+
+    # Generate string for Cisco IOS access list
+    # @return [String]
+    def to_s
+      @flag.to_s
+    end
+
+    # @param [AceTcpFlag] other RHS Object
+    # @return [Boolean]
+    def ==(other)
+      @flag == other.flag
+    end
+  end
+
+  # TCP flag list container
+  class AceTcpFlagList < AclContainerBase
+    extend Forwardable
+
+    # @param [Array] value TCP Flags
+    # @return [Array]
+    attr_accessor :list
+
+    def_delegators :@list, :push, :pop, :shift, :unshift, :size, :length
+
+    def initialize
+      @list = []
+    end
+
+    # Generate string for Cisco IOS access list
+    # @return [String]
+    def to_s
+      c_pp(@list.map { | each | each.to_s }.join(' '))
+    end
+
+    # @param [AceTcpFlagList] other RHS Object
+    # @return [Boolean]
+    def ==(other)
+      @list == other.list
+    end
+  end
+end # module
+
+### Local variables:
+### mode: Ruby
+### coding: utf-8-unix
+### indent-tabs-mode: nil
+### End: