diff --git a/projects/batfish/src/main/antlr4/org/batfish/grammar/flatjuniper/FlatJuniperLexer.g4 b/projects/batfish/src/main/antlr4/org/batfish/grammar/flatjuniper/FlatJuniperLexer.g4 index a599028109..2b7cb78e5c 100644 --- a/projects/batfish/src/main/antlr4/org/batfish/grammar/flatjuniper/FlatJuniperLexer.g4 +++ b/projects/batfish/src/main/antlr4/org/batfish/grammar/flatjuniper/FlatJuniperLexer.g4 @@ -54,6 +54,8 @@ ACCEPTED_PREFIX_LIMIT: 'accepted-prefix-limit'; ACCESS: 'access'; +ACCESS_DISABLE_EXTERNAL: 'access-disable-external'; + ACCESS_INTERNAL: 'access-internal'; ACCESS_PROFILE: 'access-profile' -> pushMode(M_Name); @@ -186,6 +188,8 @@ ALLOW_DUPLICATES: 'allow-duplicates'; ALLOW_SNOOPED_CLIENTS: 'allow-snooped-clients'; +ALLOW_TCP_FORWARDING: 'allow-tcp-forwarding'; + ALLOW_V4MAPPED_PACKETS: 'allow-v4mapped-packets'; ALWAYS_COMPARE_MED: 'always-compare-med'; @@ -601,6 +605,8 @@ DOMAIN_NAME: 'domain-name' -> pushMode(M_Name); DOMAIN_SEARCH: 'domain-search'; DOMAIN_TYPE: 'domain-type'; +DROP: 'drop'; +DROP_AND_LOG: 'drop-and-log'; DROP_PATH_ATTRIBUTES: 'drop-path-attributes'; DROP_PROFILES: 'drop-profiles' -> pushMode(M_Name); @@ -1087,6 +1093,7 @@ INTERFACE 'interface' -> pushMode ( M_Interface ) ; +INTERFACE_MAC_LIMIT: 'interface-mac-limit'; INTERFACE_MODE: 'interface-mode'; INTERFACE_RANGE: 'interface-range' -> pushMode(M_Name); @@ -1991,6 +1998,7 @@ NO_ANTI_REPLAY: 'no-anti-replay'; NO_ARP: 'no-arp'; NO_AUTO_NEGOTIATION: 'no-auto-negotiation'; +NO_CHALLENGE_RESPONSE: 'no-challenge-response'; NO_CLIENT_REFLECT: 'no-client-reflect'; NO_DECREMENT_TTL: 'no-decrement-ttl'; NO_ECMP_FAST_REROUTE: 'no-ecmp-fast-reroute'; @@ -2010,6 +2018,8 @@ NO_NEXT_HEADER: 'no-next-header'; NO_NEXTHOP_CHANGE: 'no-nexthop-change'; +NO_PASSWORD_AUTHENTICATION: 'no-password-authentication'; + NO_PASSWORDS: 'no-passwords'; NO_PEER_LOOP_CHECK: 'no-peer-loop-check'; @@ -2022,6 +2032,8 @@ NO_PREEMPT: 'no-preempt'; NO_PREPEND_GLOBAL_AS: 'no-prepend-global-as'; +NO_PUBLIC_KEYS: 'no-public-keys'; + NO_READVERTISE: 'no-readvertise'; NO_REDIRECTS: 'no-redirects'; @@ -2087,6 +2099,7 @@ OVERRIDES: 'overrides'; P2MP: 'p2mp'; P2MP_OVER_LAN: 'p2mp-over-lan'; P2P: 'p2p'; +PACKET_ACTION: 'packet-action'; PACKET_LENGTH: 'packet-length' -> pushMode(M_SubRange); PACKET_LENGTH_EXCEPT: 'packet-length-except' -> pushMode(M_SubRange); @@ -2643,7 +2656,7 @@ SHARED_IKE_ID: 'shared-ike-id'; SHIM6_HEADER: 'shim6-header'; SHORTCUTS: 'shortcuts'; - +SHUTDOWN: 'shutdown'; SIGNALING: 'signaling'; SIMPLE: 'simple'; diff --git a/projects/batfish/src/main/antlr4/org/batfish/grammar/flatjuniper/FlatJuniper_switch_options.g4 b/projects/batfish/src/main/antlr4/org/batfish/grammar/flatjuniper/FlatJuniper_switch_options.g4 index 6816d96c47..0b33cd0fc6 100644 --- a/projects/batfish/src/main/antlr4/org/batfish/grammar/flatjuniper/FlatJuniper_switch_options.g4 +++ b/projects/batfish/src/main/antlr4/org/batfish/grammar/flatjuniper/FlatJuniper_switch_options.g4 @@ -10,7 +10,8 @@ s_switch_options : SWITCH_OPTIONS ( - so_vtep_source_interface + so_interface + | so_vtep_source_interface | so_route_distinguisher | so_vrf_target | so_vrf_export @@ -42,3 +43,37 @@ so_vrf_import : VRF_IMPORT null_filler ; + +so_interface +: + INTERFACE interface_id + ( + soi_interface_mac_limit + ) +; + +soi_interface_mac_limit +: + INTERFACE_MAC_LIMIT + ( + soiiml_limit_null + | soiiml_packet_action_null + ) +; + +soiiml_limit_null +: + uint16 +; + +soiiml_packet_action_null +: + PACKET_ACTION + ( + DROP + | DROP_AND_LOG + | LOG + | NONE + | SHUTDOWN + ) +; diff --git a/projects/batfish/src/main/antlr4/org/batfish/grammar/flatjuniper/FlatJuniper_system.g4 b/projects/batfish/src/main/antlr4/org/batfish/grammar/flatjuniper/FlatJuniper_system.g4 index 5c1dd0331e..99e818c51f 100644 --- a/projects/batfish/src/main/antlr4/org/batfish/grammar/flatjuniper/FlatJuniper_system.g4 +++ b/projects/batfish/src/main/antlr4/org/batfish/grammar/flatjuniper/FlatJuniper_system.g4 @@ -254,29 +254,54 @@ sy_services : SERVICES ( - sy_services_linetype - | sy_services_null + syserv_ftp + | syserv_ssh + | syserv_telnet + | syserv_null ) ; -sy_services_linetype +syserv_ftp : - linetype = line_type + FTP ( apply_groups | sy_authentication_order - | sysl_null + | syserv_common_null )? ; -line_type +syserv_ssh : - FTP - | SSH - | TELNET + SSH + ( + apply_groups + | sy_authentication_order + | syserv_common_null + | syservs_access_disable_external_null + | syservs_allow_tcp_forwarding_null + | syservs_no_challenge_response_null + | syservs_no_password_authentication_null + | syservs_no_passwords_null + | syservs_no_public_keys_null + | syservs_no_tcp_forwarding_null + | syservs_root_login_null + | syservs_tcp_forwarding_null + | syservs_null + )? +; + +syserv_telnet +: + TELNET + ( + apply_groups + | sy_authentication_order + | syserv_common_null + )? ; -sy_services_null +syserv_null : ( DATABASE_REPLICATION @@ -343,31 +368,80 @@ syr_encrypted_password ENCRYPTED_PASSWORD password = secret_string ; -sysl_null +syserv_common_null : + // Options shared by SSH, FTP, and TELNET + ( + CONNECTION_LIMIT + | RATE_LIMIT + ) null_filler +; + +syservs_access_disable_external_null +: + ACCESS_DISABLE_EXTERNAL +; + +syservs_allow_tcp_forwarding_null +: + ALLOW_TCP_FORWARDING +; + +syservs_no_challenge_response_null +: + NO_CHALLENGE_RESPONSE +; + +syservs_no_password_authentication_null +: + NO_PASSWORD_AUTHENTICATION +; + +syservs_no_public_keys_null +: + NO_PUBLIC_KEYS +; + +syservs_null +: + // Other SSH-only options (not yet extracted) ( AUTHORIZED_KEYS_COMMAND | AUTHORIZED_KEYS_COMMAND_USER | CIPHERS | CLIENT_ALIVE_COUNT_MAX | CLIENT_ALIVE_INTERVAL - | CONNECTION_LIMIT | FINGERPRINT_HASH | HOSTKEY_ALGORITHM | KEY_EXCHANGE | MACS | MAX_PRE_AUTHENTICATION_PACKETS | MAX_SESSIONS_PER_CONNECTION - | NO_PASSWORDS - | NO_TCP_FORWARDING | PROTOCOL_VERSION - | RATE_LIMIT | REKEY - | ROOT_LOGIN - | TCP_FORWARDING ) null_filler ; +syservs_no_passwords_null +: + NO_PASSWORDS +; + +syservs_no_tcp_forwarding_null +: + NO_TCP_FORWARDING +; + +syservs_root_login_null +: + ROOT_LOGIN null_filler +; + +syservs_tcp_forwarding_null +: + TCP_FORWARDING +; + sysp_logical_system : LOGICAL_SYSTEM name = junos_name diff --git a/projects/batfish/src/main/java/org/batfish/grammar/flatjuniper/ConfigurationBuilder.java b/projects/batfish/src/main/java/org/batfish/grammar/flatjuniper/ConfigurationBuilder.java index c9f8210d09..49f9ac7af3 100644 --- a/projects/batfish/src/main/java/org/batfish/grammar/flatjuniper/ConfigurationBuilder.java +++ b/projects/batfish/src/main/java/org/batfish/grammar/flatjuniper/ConfigurationBuilder.java @@ -458,7 +458,6 @@ import org.batfish.grammar.flatjuniper.FlatJuniperParser.Junos_applicationContext; import org.batfish.grammar.flatjuniper.FlatJuniperParser.Junos_application_setContext; import org.batfish.grammar.flatjuniper.FlatJuniperParser.Junos_nameContext; -import org.batfish.grammar.flatjuniper.FlatJuniperParser.Line_typeContext; import org.batfish.grammar.flatjuniper.FlatJuniperParser.Mpls_admin_groupsContext; import org.batfish.grammar.flatjuniper.FlatJuniperParser.Mpls_pathContext; import org.batfish.grammar.flatjuniper.FlatJuniperParser.Mpls_rib_nameContext; @@ -806,7 +805,6 @@ import org.batfish.grammar.flatjuniper.FlatJuniperParser.Sy_portsContext; import org.batfish.grammar.flatjuniper.FlatJuniperParser.Sy_porttypeContext; import org.batfish.grammar.flatjuniper.FlatJuniperParser.Sy_security_profileContext; -import org.batfish.grammar.flatjuniper.FlatJuniperParser.Sy_services_linetypeContext; import org.batfish.grammar.flatjuniper.FlatJuniperParser.Sy_tacplus_serverContext; import org.batfish.grammar.flatjuniper.FlatJuniperParser.Syn_serverContext; import org.batfish.grammar.flatjuniper.FlatJuniperParser.Syn_server_routing_instanceContext; @@ -814,6 +812,9 @@ import org.batfish.grammar.flatjuniper.FlatJuniperParser.Syp_disableContext; import org.batfish.grammar.flatjuniper.FlatJuniperParser.Syr_encrypted_passwordContext; import org.batfish.grammar.flatjuniper.FlatJuniperParser.Sys_hostContext; +import org.batfish.grammar.flatjuniper.FlatJuniperParser.Syserv_ftpContext; +import org.batfish.grammar.flatjuniper.FlatJuniperParser.Syserv_sshContext; +import org.batfish.grammar.flatjuniper.FlatJuniperParser.Syserv_telnetContext; import org.batfish.grammar.flatjuniper.FlatJuniperParser.Sysh_routing_instanceContext; import org.batfish.grammar.flatjuniper.FlatJuniperParser.Sysp_logical_systemContext; import org.batfish.grammar.flatjuniper.FlatJuniperParser.Syt_routing_instanceContext; @@ -4200,9 +4201,7 @@ public void enterSy_security_profile(Sy_security_profileContext ctx) { _configuration.defineFlattenedStructure(SECURITY_PROFILE, toString(ctx.name), ctx, _parser); } - @Override - public void enterSy_services_linetype(Sy_services_linetypeContext ctx) { - String name = toString(ctx.linetype); + private void enterServiceLine(String name) { _currentLogicalSystem.getJf().getLines().computeIfAbsent(name, Line::new); _currentLine = _currentLogicalSystem.getJf().getLines().get(name); @@ -4216,6 +4215,21 @@ public void enterSy_services_linetype(Sy_services_linetypeContext ctx) { } } + @Override + public void enterSyserv_ftp(Syserv_ftpContext ctx) { + enterServiceLine("ftp"); + } + + @Override + public void enterSyserv_ssh(Syserv_sshContext ctx) { + enterServiceLine("ssh"); + } + + @Override + public void enterSyserv_telnet(Syserv_telnetContext ctx) { + enterServiceLine("telnet"); + } + @Override public void enterSy_tacplus_server(Sy_tacplus_serverContext ctx) { String hostname = toString(ctx.tacplus_server_host()); @@ -7534,7 +7548,17 @@ public void exitSy_ports(Sy_portsContext ctx) { } @Override - public void exitSy_services_linetype(Sy_services_linetypeContext ctx) { + public void exitSyserv_ftp(Syserv_ftpContext ctx) { + _currentLine = null; + } + + @Override + public void exitSyserv_ssh(Syserv_sshContext ctx) { + _currentLine = null; + } + + @Override + public void exitSyserv_telnet(Syserv_telnetContext ctx) { _currentLine = null; } @@ -8250,10 +8274,6 @@ private AsPath toAsPath(As_path_exprContext path) { return unquote(ctx.getText(), ctx); } - private static @Nonnull String toString(Line_typeContext ctx) { - return ctx.getText(); - } - private @Nonnull Optional toString(Bgp_description_textContext ctx) { String description = unquote(ctx.getText(), ctx.getParent()); // Juniper requires BGP descriptions to be between 1 and 255 characters diff --git a/projects/batfish/src/test/java/org/batfish/grammar/flatjuniper/FlatJuniperGrammarTest.java b/projects/batfish/src/test/java/org/batfish/grammar/flatjuniper/FlatJuniperGrammarTest.java index 63b592aa71..daea950792 100644 --- a/projects/batfish/src/test/java/org/batfish/grammar/flatjuniper/FlatJuniperGrammarTest.java +++ b/projects/batfish/src/test/java/org/batfish/grammar/flatjuniper/FlatJuniperGrammarTest.java @@ -1011,6 +1011,16 @@ public void testClassOfServiceParsing() { parseJuniperConfig("juniper-class-of-service"); } + @Test + public void testInterfaceMacLimitParsing() { + parseJuniperConfig("interface-mac-limit"); + } + + @Test + public void testSystemServicesSshParsing() { + parseJuniperConfig("system-services-ssh"); + } + @Test public void testL2Topology() throws IOException { /* diff --git a/projects/batfish/src/test/resources/org/batfish/grammar/juniper/testconfigs/interface-mac-limit b/projects/batfish/src/test/resources/org/batfish/grammar/juniper/testconfigs/interface-mac-limit new file mode 100644 index 0000000000..858750fe19 --- /dev/null +++ b/projects/batfish/src/test/resources/org/batfish/grammar/juniper/testconfigs/interface-mac-limit @@ -0,0 +1,21 @@ +# RANCID-CONTENT-TYPE: juniper +set system host-name interface-mac-limit +# +# Test interface-mac-limit with limit value +set switch-options interface ge-0/0/24.0 interface-mac-limit 5 +# +# Test interface-mac-limit with packet-action shutdown +set switch-options interface ge-0/0/24.0 interface-mac-limit packet-action shutdown +# +# Test interface-mac-limit with all packet-action values +set switch-options interface ge-0/0/25.0 interface-mac-limit 10 +set switch-options interface ge-0/0/25.0 interface-mac-limit packet-action drop +# +set switch-options interface ge-0/0/26.0 interface-mac-limit 15 +set switch-options interface ge-0/0/26.0 interface-mac-limit packet-action drop-and-log +# +set switch-options interface ge-0/0/27.0 interface-mac-limit 20 +set switch-options interface ge-0/0/27.0 interface-mac-limit packet-action log +# +set switch-options interface ge-0/0/28.0 interface-mac-limit 25 +set switch-options interface ge-0/0/28.0 interface-mac-limit packet-action none diff --git a/projects/batfish/src/test/resources/org/batfish/grammar/juniper/testconfigs/system-services-ssh b/projects/batfish/src/test/resources/org/batfish/grammar/juniper/testconfigs/system-services-ssh new file mode 100644 index 0000000000..faae7317cc --- /dev/null +++ b/projects/batfish/src/test/resources/org/batfish/grammar/juniper/testconfigs/system-services-ssh @@ -0,0 +1,10 @@ +# RANCID-CONTENT-TYPE: juniper +set system host-name system-services-ssh +# +# Test simple SSH boolean options +set system services ssh access-disable-external +set system services ssh allow-tcp-forwarding +set system services ssh no-challenge-response +set system services ssh no-password-authentication +set system services ssh no-passwords +set system services ssh no-public-keys diff --git a/tests/parsing-tests/srx-testbed.ref b/tests/parsing-tests/srx-testbed.ref index 3a56364486..8cada3c7fb 100644 --- a/tests/parsing-tests/srx-testbed.ref +++ b/tests/parsing-tests/srx-testbed.ref @@ -255,9 +255,8 @@ " SYSTEM:'system'", " (sy_services*", " SERVICES:'services'", - " (sy_services_linetype", - " linetype = (line_type*", - " SSH:'ssh')))))))", + " (syserv_ssh", + " SSH:'ssh'))))))", " NEWLINE:'\\n')", " (set_line*", " SET:'set'", @@ -268,7 +267,7 @@ " SYSTEM:'system'", " (sy_services*", " SERVICES:'services'", - " (sy_services_null*", + " (syserv_null*", " WEB_MANAGEMENT:'web-management'", " (null_filler*", " HTTP:'http'", @@ -2683,9 +2682,8 @@ " SYSTEM:'system'", " (sy_services*", " SERVICES:'services'", - " (sy_services_linetype", - " linetype = (line_type*", - " SSH:'ssh')))))))", + " (syserv_ssh", + " SSH:'ssh'))))))", " NEWLINE:'\\n')", " (set_line*", " SET:'set'", @@ -2696,7 +2694,7 @@ " SYSTEM:'system'", " (sy_services*", " SERVICES:'services'", - " (sy_services_null*", + " (syserv_null*", " WEB_MANAGEMENT:'web-management'", " (null_filler*", " HTTP:'http'", @@ -4621,9 +4619,8 @@ " SYSTEM:'system'", " (sy_services*", " SERVICES:'services'", - " (sy_services_linetype", - " linetype = (line_type*", - " SSH:'ssh')))))))", + " (syserv_ssh", + " SSH:'ssh'))))))", " NEWLINE:'\\n')", " (set_line*", " SET:'set'", @@ -4634,7 +4631,7 @@ " SYSTEM:'system'", " (sy_services*", " SERVICES:'services'", - " (sy_services_null*", + " (syserv_null*", " WEB_MANAGEMENT:'web-management'", " (null_filler*", " HTTP:'http'", diff --git a/tests/parsing-tests/unit-tests.ref b/tests/parsing-tests/unit-tests.ref index e27c6275d7..04695c4123 100644 --- a/tests/parsing-tests/unit-tests.ref +++ b/tests/parsing-tests/unit-tests.ref @@ -40274,9 +40274,8 @@ " SYSTEM:'system'", " (sy_services*", " SERVICES:'services'", - " (sy_services_linetype", - " linetype = (line_type*", - " SSH:'ssh')))))))", + " (syserv_ssh", + " SSH:'ssh'))))))", " NEWLINE:'\\n')", " (set_line*", " SET:'set'", @@ -40287,7 +40286,7 @@ " SYSTEM:'system'", " (sy_services*", " SERVICES:'services'", - " (sy_services_null*", + " (syserv_null*", " NETCONF:'netconf'", " (null_filler*", " SSH:'ssh')))))))", @@ -61586,7 +61585,7 @@ " SYSTEM:'system'", " (sy_services*", " SERVICES:'services'", - " (sy_services_null*", + " (syserv_null*", " DHCP:'dhcp'", " (null_filler*", " TRACEOPTIONS:'traceoptions'", @@ -61602,7 +61601,7 @@ " SYSTEM:'system'", " (sy_services*", " SERVICES:'services'", - " (sy_services_null*", + " (syserv_null*", " DHCP:'dhcp'", " (null_filler*", " POOL:'pool'", @@ -61622,7 +61621,7 @@ " SYSTEM:'system'", " (sy_services*", " SERVICES:'services'", - " (sy_services_null*", + " (syserv_null*", " DHCP:'dhcp'", " (null_filler*", " POOL:'pool'", @@ -61639,7 +61638,7 @@ " SYSTEM:'system'", " (sy_services*", " SERVICES:'services'", - " (sy_services_null*", + " (syserv_null*", " DHCP:'dhcp'", " (null_filler*", " POOL:'pool'",