cisco_acl_intp 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: ca5d93222e696b7d5cbe8af83c2993454a7ce56f
+  data.tar.gz: e6d9b5ce240ae6a494b11f46a461bdc6ac90ac27
+SHA512:
+  metadata.gz: 0e7d8aa8410bd44bc5406424548936d6a245f76c4c473c64dfe9bb2834e9f8348ddb797b513317a699e3615b455a68a3e201e6a60ef464faf0c4a2df9303e921
+  data.tar.gz: 37a36a2086e4106d327b08d6c157d829af96b2dfe807fd8fb008c52be07ddd6be0a6b221446d79e975f76a89a8428b1a34610f5f56b161cb94f95e1afffd3b9d

data/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/.rspec

@@ -0,0 +1,2 @@
+--format documentation
+--color

data/.rubocop.yml

@@ -0,0 +1,13 @@
+AllCops:
+  Includes:
+    - lib/**/*.rb
+    - tool/*.rb
+    - spec/**/*.rb
+    - Rakefile
+    - Gemfile
+    - cisco_acl_intp.gemspec
+  Excludes:
+    - lib/**/parser.rb
+    - spec/data/*.rb
+MethodLength:
+  Max: 15

data/.travis.yml

@@ -0,0 +1,3 @@
+language: ruby
+rvm:
+  - 2.0.0

data/.yardopts

@@ -0,0 +1,4 @@
+--exclude parser.rb
+--exclude spec/data/*
+--private
+--protected

data/Gemfile

@@ -0,0 +1,19 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in cisco_acl_intp.gemspec
+gemspec
+
+group :development, :test do
+  gem 'racc', '~> 1.4.11'
+  gem 'rake', '~> 10.1.1'
+  gem 'rspec', '~> 2.14.1'
+  gem 'rubocop', '~> 0.16.0' if RUBY_VERSION >= '1.9.0'
+  gem 'simplecov', '~> 0.8.2' if RUBY_VERSION >= '1.9.0'
+  gem 'yard', '~> 0.8.7'
+end
+
+### Local variables:
+### mode: Ruby
+### coding: utf-8-unix
+### indent-tabs-mode: nil
+### End:

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2013 stereocat
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,132 @@
+# CiscoAclIntp
+
+CiscoAclIntp is a interpreter of Cisco IOS access control list (ACL).
+
+## Features Overview
+
+CiscoAclIntp can...
+
+* parse ACL types of below
+  * Numbered ACL (standard/extended)
+  * Named ACL (standard/extended)
+* parse almost ACL syntaxes.
+  * basic IPv4 acl (protocol `ip`/`tcp`/`udp`)
+
+CiscoAclIntp *CANNOT*...
+
+* handle IPv4 tcp-flags-qualifier, object-groups, and other specific
+  qualifiers (`dscp`, `ttl`, `tos`, ...).  These features are not
+  implemented yet.
+* handle IPv6 ACL (`ip access-list ipv6`) (not implemented yet)
+
+Supports
+
+* Ruby/1.9 or later. (Development and testing is being conducted in
+  Ruby/2.0.0 and *NOT* supported Ruby/1.8.x)
+* Racc/1.4.9 or later.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'cisco_acl_intp'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install cisco_acl_intp
+
+## Sample Application
+
+### ACL Validator
+
+#### Usage
+
+One of application using CiscoAclIntp is in `tools/check_acl.rb`.
+The script works as ACL validator.  It reads a ACL file, parse it with
+CiscoAclIntp parser and output parser results.
+
+In directory `acl_examples`, there are some Cisco IOS ACL sample
+files. Run `check_acl.rb` with ACL sample files, like below.
+
+    $ ~/cisco_acl_intp$ ruby tools/check_acl.rb -c -f acl_examples/numd-acl.txt
+    acl name : 1
+    access-list 1  permit 192.168.0.0 0.0.255.255
+    access-list 1  deny any  log
+    acl name : 100
+    access-list 100  remark General Internet Access
+    access-list 100  permit icmp any  any
+    access-list 100  permit ip 192.168.0.0 0.0.255.255  any
+    access-list 100  remark NTP
+    access-list 100  permit tcp any  host 210.197.74.200
+    access-list 100  permit udp any eq ntp  any eq ntp
+    access-list 100  remark 6to4
+    access-list 100  permit 41 any  host 192.88.99.1
+    access-list 100  permit ip any  host 192.88.99.1
+    access-list 100  remark others
+    access-list 100  permit tcp any eq 0  any eq 0
+    access-list 100  permit udp any eq 0  any eq 0
+    access-list 100  deny ip any  any   log
+    acl name : 110
+    access-list 110  remark SPLIT_VPN
+    access-list 110  permit ip 192.168.0.0 0.0.255.255  any
+    $ ~/cisco_acl_intp$
+
+By putting `-c` (`--color`) option, `check_acl.rb` outputs
+**color-coded ACL** according to type of each word. It can parse
+multiple ACLs at the same time. In addition, in the case of the
+parsing of a ACL that contains errors, CiscoAclIntp parser outputs
+corresponding error messages. Please try to run using sample ACL file,
+`acl_examples/err-acl.txt`, that contains some kind of errors.
+
+You can get short usage with `-h` option. If it runs without `-f`
+(`--file`) option, it reads ACLs from standard input.
+
+#### Codes
+
+```ruby
+require 'optparse'
+require 'cisco_acl_intp'
+
+## CUT: option handling
+
+parser = CiscoAclIntp::Parser.new(popts)
+
+# read acl from file or STDIN
+if opts[:file]
+  parser.parse_file opts[:file]
+else
+  parser.parse_file $stdin
+end
+
+# print acl data
+aclt = parser.acl_table
+aclt.each do |name, acl|
+  puts "acl name : #{name}"
+  puts acl.to_s
+end
+```
+
+In the script, generate `CiscoAclIntp::Parser` instance and it reads
+ACLs from a file (or `$stdin`). The `parser` instance generate ACL
+objects (as Hash table of ACL name and ACL objects). An element of the
+table is "ACL object". "ACL object" is build by ACL components. For
+example, source/destination address obj, action obj, tcp/udp protocol
+obj,... See more detail in documents (see also, Documents section)
+
+## Documents
+
+It can generate documents with YARD.
+
+    $ rake yard
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1,78 @@
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+require 'rake/clean'
+
+LIB_DIR = './lib'
+PACKAGE_NAME = 'cisco_acl_intp'
+SPEC_ORIG_DIR = 'spec'
+SPEC_DIR = "#{SPEC_ORIG_DIR}/#{PACKAGE_NAME}/"
+SPEC_DATA_DIR = "#{SPEC_ORIG_DIR}/data"
+CLASS_DIR = "#{LIB_DIR}/#{PACKAGE_NAME}"
+CLASS_GRAPH_DOT = "doc/#{PACKAGE_NAME}.dot"
+CLASS_GRAPH_PNG = "doc/#{PACKAGE_NAME}.png"
+PARSER_RACC = "#{CLASS_DIR}/parser.ry"
+PARSER_RUBY = "#{CLASS_DIR}/parser.rb"
+
+CLEAN.include(
+  "#{SPEC_DATA_DIR}/*.*",
+  "#{LIB_DIR}/*.output"
+)
+CLOBBER.include(
+  PARSER_RUBY,
+  CLASS_GRAPH_DOT,
+  CLASS_GRAPH_PNG
+)
+
+task default: [:parser, :spec]
+task parser: [PARSER_RUBY]
+task spec: [SPEC_DATA_DIR]
+
+task :fullfill do
+  # generate full-fill pattern test scripts
+  sh "ruby #{SPEC_ORIG_DIR}/parser_fullfill_patterns.rb"
+end
+
+directory SPEC_DATA_DIR
+file PARSER_RUBY => [PARSER_RACC] do
+  sh "racc -v -t #{PARSER_RACC} -o #{PARSER_RUBY}"
+end
+
+RSpec::Core::RakeTask.new(:spec) do |spec|
+  spec.pattern = FileList["#{SPEC_DIR}/*_spec.rb"]
+  spec.rspec_opts = '--format documentation --color'
+end
+
+RSpec::Core::RakeTask.new(fullspec: [:fullfill]) do |spec|
+  spec.pattern = FileList["#{SPEC_ORIG_DIR}/**/*_spec.rb"]
+  spec.rspec_opts = '--format documentation --color'
+end
+
+# documentation by yard
+require 'yard'
+require 'yard/rake/yardoc_task'
+YARD::Rake::YardocTask.new do |task|
+  # yardoc options in .yardopts
+  task.files = ["#{LIB_DIR}/**/*.rb"]
+end
+
+task :docgraph do
+  # need to install graphviz package
+  sh "yard graph --full -f #{CLASS_GRAPH_DOT}"
+  sh "dot -Tpng #{CLASS_GRAPH_DOT} -o #{CLASS_GRAPH_PNG}"
+end
+
+# rubocop settings
+if RUBY_VERSION >= '1.9.0'
+  task quality: :rubocop
+  require 'rubocop/rake_task'
+  Rubocop::RakeTask.new do |task|
+    # file patterns in ".rubocop.yml"
+    task.fail_on_error = false
+  end
+end
+
+### Local variables:
+### mode: Ruby
+### coding: utf-8-unix
+### indent-tabs-mode: nil
+### End:

data/acl_examples/err-acl.txt

@@ -0,0 +1,49 @@
+access-list 1 permit 192.168.0.0 0.0.255.255
+access-list 1 deny   any log
+access-list 100 remark General Internet Access
+access-list 100 permit icmp any any
+access-list 100 permit ip 192.168.0.0 0.0.255.255 any
+access-list 100 permit tcp any host 210.197.74.200
+access-list 100 remark !wrong acl number!
+access-list 10 permit udp any eq ntp any eq ntp
+access-list 100 remark !------cleared------!
+access-list 100 remark !wrong header! caccess-list
+caccess-list 100 remark 6to4
+access-list 100 remark !------cleared------!
+access-list 100 permit 41 any host 192.88.99.1
+access-list 100 remark !wrong ip proto number!
+access-list 100 permit 256 any host 192.88.99.1
+access-list 100 remark !------cleared------!
+access-list 100 remark !wrong ip proto!
+access-list 100 permit hoge any host 192.88.99.1
+access-list 100 remark !------cleared------!
+access-list 100 permit ip any host 192.88.99.1
+access-list 100 remark others
+access-list 100 permit tcp any eq 0 any eq 0
+access-list 100 permit udp any eq 0 any eq 0
+access-list 100 deny   ip any any log
+access-list 110 remark SPLIT_VPN
+access-list 110 permit ip 192.168.0.0 0.0.255.255 any
+
+ip access-list extended FA8-OUT
+ deny   udp any any eq bootpc
+ deny   udp any any eq bootps
+ remark !argment error! 65536
+ permit tcp host 192.168.3.4 173.30.240.0 0.0.0.255 range 32768 65536
+ remark !------cleared------!
+ remark !argment error! 255 => 256
+ deny udp 192.168.3.0 0.0.240.256 lt 1024 any eq 80
+ remark !------cleared------!
+ remark network access-list remark!!
+ permit tcp any any established
+ deny tcp any any syn rst
+ remark !syntax error! tcp -> tp (typo)
+ deny up any any log-input hoge
+ remark !------cleared------!
+ permit ip any any log
+!
+ip access-list standard remote-ipv4
+ permit 192.168.0.0 0.0.255.255
+ remark standard access-list last deny!?
+ deny   any log
+!

data/acl_examples/named-ext-acl.txt

@@ -0,0 +1,12 @@
+ip access-list extended FA8-OUT
+ deny   udp any any eq bootpc
+ deny   udp any any eq bootps
+ permit tcp host 192.168.3.4 173.30.240.0 0.0.0.255 range 32768 65535
+ deny udp 192.168.3.0 0.0.240.255 lt 1024 any eq 80
+ remark network access-list remark!!
+ permit tcp any any established
+ deny tcp any any syn rst
+ deny udp any any log-input hoge
+ permit ip any any log
+!
+!

data/acl_examples/named-std-acl.txt

@@ -0,0 +1,6 @@
+ip access-list standard remote-ipv4
+ permit 192.168.0.0 0.0.255.255
+ deny 192.168.0.0 0.0.0.255
+ remark standard access-list last deny!?
+ deny   any log
+!

data/acl_examples/numd-acl.txt

@@ -0,0 +1,21 @@
+access-list 1 permit 192.168.0.0 0.0.255.255
+access-list 1 deny   any log
+access-list 100 remark General Internet Access
+access-list 100 permit icmp any any
+access-list 100 permit ip 192.168.0.0 0.0.255.255 any
+access-list 100 remark NTP
+access-list 100 permit tcp any host 210.197.74.200
+access-list 100 permit udp any eq ntp any eq ntp
+access-list 100 remark 6to4
+access-list 100 permit 41 any host 192.88.99.1
+access-list 100 permit ip any host 192.88.99.1
+access-list 100 remark others
+access-list 100 permit tcp any eq 0 any eq 0
+access-list 100 permit udp any eq 0 any eq 0
+access-list 100 deny   ip any any log
+# comment
+
+! comment
+access-list 110 remark SPLIT_VPN
+access-list 110 permit ip 192.168.0.0 0.0.255.255 any
+!! test

data/cisco_acl_intp.gemspec

@@ -0,0 +1,31 @@
+# coding: utf-8
+
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'cisco_acl_intp/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'cisco_acl_intp'
+  spec.version       = CiscoAclIntp::VERSION
+  spec.authors       = ['stereocat']
+  spec.email         = ['stereocat@gmail.com']
+  spec.description   = %q{Cisco Access List Interpreter}
+  spec.summary       = %q{Cisco Access List Interpreter}
+  spec.homepage      = ''
+  spec.license       = 'MIT'
+
+  spec.files         = `git ls-files`.split("\n")
+  spec.executables   = spec.files.grep(/^bin\//) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(/^(test|spec|features)\//)
+  spec.require_paths = ['lib']
+
+  spec.add_runtime_dependency 'netaddr', '~> 1.5.0'
+  spec.add_runtime_dependency 'term-ansicolor', '~> 1.2.2'
+  spec.add_development_dependency 'bundler', '~> 1.3'
+end
+
+### Local variables:
+### mode: Ruby
+### coding: utf-8-unix
+### indent-tabs-mode: nil
+### End: