Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cisco ASA show access-list command templates update. #783

Merged
merged 1 commit into from
Oct 2, 2020
Merged

Cisco ASA show access-list command templates update. #783

merged 1 commit into from
Oct 2, 2020

Conversation

HideoYukutake
Copy link
Contributor

ISSUE TYPE
  • Bugfix Pull Request
  • Additional Testing
COMPONENT

cisco_asa_show_access-list

SUMMARY

I had a parse error when the following sentence.

  • access-list test line 2 extended permit tcp 172.16.0.0 255.240.0.0 host 10.2.66.237 eq ssh inactive (hitcnt=0) (inactive) 0xcc9741b2
  • access-list test line 426 extended permit tcp 10.0.247.0 255.255.255.0 host 10.2.66.53 eq 6991 log disable (hitcnt=40) 0xea52114
  • access-list test line 1 extended permit tcp host 172.16.71.34 host 10.2.74.35 eq ftp-data (hitcnt=0) 0x9fb86c39

modified: templates/cisco_asa_show_access-list.textfsm
added: tests/cisco_asa/show_access-list/cisco_asa_show_access-list_update.raw, tests/cisco_asa/show_access-list/cisco_asa_show_access-list_update.yml

diff --git a/templates/cisco_asa_show_access-list.textfsm b/templates/cisco_asa_show_access-list.textfsm
index 05e95d9..0d57767 100644
--- a/templates/cisco_asa_show_access-list.textfsm
+++ b/templates/cisco_asa_show_access-list.textfsm
@@ -48,9 +48,9 @@ Value ENTRY_DST_NETWORK (\d+\.\d+\.\d+\.\d+)
 Value ENTRY_DST_MASK (\d+\.\d+\.\d+\.\d+)
 Value ENTRY_DST_ANY (any[46]{0,1})
 Value ENTRY_DST_FQDN_STATE (unresolved)
-Value ENTRY_ICMP_TYPE (\S+)
-Value ENTRY_ICMP_CODE (\S+)
-Value ENTRY_PORT ([a-z\-]+\s+\d+|\w+)
+Value ENTRY_ICMP_TYPE (echo-reply|unreachable|echo|time-exceeded)
+Value ENTRY_ICMP_CODE (\d+)
+Value ENTRY_PORT ([a-z\-]+\s+\d+|[\w\-]+)
 Value ENTRY_PORT_LESS_THAN ([a-z\-]+\s+\d+|\w+)
 Value ENTRY_PORT_GREATER_THAN ([a-z\-]+\s+\d+|\w+)
 Value ENTRY_PORT_RANGE_START ([a-z\-]+\s+\d+|\w+)
@@ -62,9 +62,10 @@ Value ENTRY_HASH (0x\w+)
 Start
   ^access\-list\s+${ACL_NAME};\s+${ACL_TOT_ELEM}\s+elements;\s+name\s+hash:\s+${ACL_NAME_HASH}\s* -> Record
   ^access-list\s+${ACL_NAME}\s+line\s+${LINE_NUM}\s+remark\s+${REMARK}\s*$$ -> Record
-  ^access\-list\s+${ACL_NAME}\s+line\s+${LINE_NUM}\s+${TYPE}\s+${ACTION}\s+(object\-group\s+${SVC_OBJECT_GRP}|object\s+${SVC_OBJECT}|${PROTOCOL})\s+(interface\s+${SRC_INTFC}|object\-group\s+${SRC_OBJECT_GRP}|object\s+${SRC_OBJECT}|host\s+${SRC_HOST}|${SRC_NETWORK}\s+${SRC_MASK}|${SRC_ANY})\s+(interface\s+${DST_INTFC}|object\-group\s+${DST_OBJECT_GRP}|object\s+${DST_OBJECT}|host\s+${DST_HOST}|${DST_NETWORK}\s+${DST_MASK}|${DST_ANY})\s+((eq\s+${DST_PORT}|object\-group\s+${DST_PORT_GRP}|object\s+${DST_PORT_OBJECT})\s+){0,1}(${ENTRY_ICMP_TYPE}(\s+${ENTRY_ICMP_CODE}){0,1}\s+){0,1}((log\s+${LOG_LEVEL}\s+interval\s+${LOG_INTERVAL})\s+){0,1}(${STATE}\s+){0,1}\(hitcnt=${HIT_COUNT}\)\s+(\(inactive\)\s+){0,1}${LINE_HASH}\s* -> Record
-  ^\s+access\-list\s+${ACL_NAME}\s+line\s+${LINE_NUM}\s+(standard|extended)\s+(permit|deny)\s+${ENTRY_PROTOCOL_ICMP}\s+(fqdn\s+${ENTRY_SRC_FQDN}|range\s+${ENTRY_SRC_RANGE_START}\s+${ENTRY_SRC_RANGE_END}|host\s+${ENTRY_SRC_HOST}|${ENTRY_SRC_NETWORK}\s+${ENTRY_SRC_MASK}|${ENTRY_SRC_ANY})\s+(\(${ENTRY_SRC_FQDN_STATE}\)\s+){0,1}(fqdn\s+${ENTRY_DST_FQDN}|range\s+${ENTRY_DST_RANGE_START}\s+${ENTRY_DST_RANGE_END}|host\s+${ENTRY_DST_HOST}|${ENTRY_DST_NETWORK}\s+${ENTRY_DST_MASK}|${ENTRY_DST_ANY})\s+(\(${ENTRY_DST_FQDN_STATE}\)\s+){0,1}(${ENTRY_ICMP_TYPE}(\s+${ENTRY_ICMP_CODE}){0,1}\s+){0,1}(log\s+${LOG_LEVEL}\s+interval\s+${LOG_INTERVAL}\s+){0,1}\((hitcnt=${ENTRY_HIT_COUNT}|${ENTRY_STATE})\)\s+${ENTRY_HASH}\s* -> Record
-  ^\s+access\-list\s+${ACL_NAME}\s+line\s+${LINE_NUM}\s+(standard|extended)\s+(permit|deny)\s+${ENTRY_PROTOCOL}\s+(fqdn\s+${ENTRY_SRC_FQDN}|range\s+${ENTRY_SRC_RANGE_START}\s+${ENTRY_SRC_RANGE_END}|host\s+${ENTRY_SRC_HOST}|${ENTRY_SRC_NETWORK}\s+${ENTRY_SRC_MASK}|${ENTRY_SRC_ANY})\s+(\(${ENTRY_SRC_FQDN_STATE}\)\s+){0,1}(fqdn\s+${ENTRY_DST_FQDN}|range\s+${ENTRY_DST_RANGE_START}\s+${ENTRY_DST_RANGE_END}|host\s+${ENTRY_DST_HOST}|${ENTRY_DST_NETWORK}\s+${ENTRY_DST_MASK}|${ENTRY_DST_ANY})\s+(\(${ENTRY_DST_FQDN_STATE}\)\s+){0,1}((eq\s+${ENTRY_PORT}|lt\s+${ENTRY_PORT_LESS_THAN}|gt\s+${ENTRY_PORT_GREATER_THAN}|range\s+${ENTRY_PORT_RANGE_START}\s+${ENTRY_PORT_RANGE_END})\s+){0,1}(log\s+[a-z0-9]+\s+interval\s+\d+\s+){0,1}\((hitcnt=${ENTRY_HIT_COUNT}|${ENTRY_STATE})\)\s+${ENTRY_HASH}\s* -> Record
+  ^access\-list\s+${ACL_NAME}\s+line\s+${LINE_NUM}\s+${TYPE}\s+${ACTION}\s+(object\-group\s+${SVC_OBJECT_GRP}|object\s+${SVC_OBJECT}|${PROTOCOL})\s+(interface\s+${SRC_INTFC}|object\-group\s+${SRC_OBJECT_GRP}|object\s+${SRC_OBJECT}|host\s+${SRC_HOST}|${SRC_NETWORK}\s+${SRC_MASK}|${SRC_ANY})\s+(interface\s+${DST_INTFC}|object\-group\s+${DST_OBJECT_GRP}|object\s+${DST_OBJECT}|host\s+${DST_HOST}|${DST_NETWORK}\s+${DST_MASK}|${DST_ANY})\s+((eq\s+${DST_PORT}|object\-group\s+${DST_PORT_GRP}|object\s+${DST_PORT_OBJECT})\s+){0,1}(${ENTRY_ICMP_TYPE}(\s+${ENTRY_ICMP_CODE}){0,1}\s+){0,1}((log\s+(${LOG_LEVEL}\s+interval\s+${LOG_INTERVAL}|disable|default))\s+){0,1}(${STATE}\s+){0,1}\(hitcnt=${HIT_COUNT}\)\s+(\(inactive\)\s+){0,1}${LINE_HASH}\s* -> Record
+  ^\s+access\-list\s+${ACL_NAME}\s+line\s+${LINE_NUM}\s+(standard|extended)\s+(permit|deny)\s+${ENTRY_PROTOCOL_ICMP}\s+(fqdn\s+${ENTRY_SRC_FQDN}|range\s+${ENTRY_SRC_RANGE_START}\s+${ENTRY_SRC_RANGE_END}|host\s+${ENTRY_SRC_HOST}|${ENTRY_SRC_NETWORK}\s+${ENTRY_SRC_MASK}|${ENTRY_SRC_ANY})\s+(\(${ENTRY_SRC_FQDN_STATE}\)\s+){0,1}(fqdn\s+${ENTRY_DST_FQDN}|range\s+${ENTRY_DST_RANGE_START}\s+${ENTRY_DST_RANGE_END}|host\s+${ENTRY_DST_HOST}|${ENTRY_DST_NETWORK}\s+${ENTRY_DST_MASK}|${ENTRY_DST_ANY})\s+(\(${ENTRY_DST_FQDN_STATE}\)\s+){0,1}(${ENTRY_ICMP_TYPE}(\s+${ENTRY_ICMP_CODE}){0,1}\s+){0,1}(log\s+(${LOG_LEVEL}\s+interval\s+${LOG_INTERVAL}|disable|default)\s+){0,1}(inactive){0,1}\s*(\(hitcnt=${ENTRY_HIT_COUNT}\)){0,1}\s*(\(${ENTRY_STATE}\)){0,1}\s+${ENTRY_HASH}\s* -> Record
+  ^\s+access\-list\s+${ACL_NAME}\s+line\s+${LINE_NUM}\s+(standard|extended)\s+(permit|deny)\s+(${ENTRY_PROTOCOL}\s+){0,1}(fqdn\s+${ENTRY_SRC_FQDN}|range\s+${ENTRY_SRC_RANGE_START}\s+${ENTRY_SRC_RANGE_END}|host\s+${ENTRY_SRC_HOST}|${ENTRY_SRC_NETWORK}\s+${ENTRY_SRC_MASK}|${ENTRY_SRC_ANY})\s+(\(${ENTRY_SRC_FQDN_STATE}\)\s+){0,1}((fqdn\s+${ENTRY_DST_FQDN}|range\s+${ENTRY_DST_RANGE_START}\s+${ENTRY_DST_RANGE_END}|host\s+${ENTRY_DST_HOST}|${ENTRY_DST_NETWORK}\s+${ENTRY_DST_MASK}|${ENTRY_DST_ANY})\s+){0,1}(\(${ENTRY_DST_FQDN_STATE}\)\s+){0,1}((eq\s+${ENTRY_PORT}|lt\s+${ENTRY_PORT_LESS_THAN}|gt\s+${ENTRY_PORT_GREATER_THAN}|range\s+${ENTRY_PORT_RANGE_START}\s+${ENTRY_PORT_RANGE_END})\s+){0,1}(log\s+([a-z0-9]+\s+interval\s+\d+|disable|default)\s+){0,1}(inactive){0,1}\s*(\(hitcnt=${ENTRY_HIT_COUNT}\)){0,1}\s*(\(${ENTRY_STATE}\)){0,1}\s+${ENTRY_HASH}\s* -> Record
+  ^access\-list\s+${ACL_NAME}\s+line\s+${LINE_NUM}\s+(standard|extended)\s+(permit|deny)\s+(fqdn\s+${ENTRY_SRC_FQDN}|range\s+${ENTRY_SRC_RANGE_START}\s+${ENTRY_SRC_RANGE_END}|host\s+${ENTRY_SRC_HOST}|${ENTRY_SRC_NETWORK}\s+${ENTRY_SRC_MASK}|${ENTRY_SRC_ANY})\s+\((hitcnt=${ENTRY_HIT_COUNT})\)\s+${ENTRY_HASH}\s* -> Record
   ^.* -> Error "Did not match any rules"
ACKNOWLEDGMENT

Thank you for your good product.
I am not good at English, so please point out any points that are difficult to understand.

@jmcgill298 jmcgill298 merged commit a8428ca into networktocode:master Oct 2, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@HideoYukutake @jmcgill298