Last active
October 5, 2017 04:51
-
-
Save spdkils/aaec03ad246f47ee2de32480dbb2099e to your computer and use it in GitHub Desktop.
antlr4 Cisco ACL parser 3rd version
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| grammar aclv3; | |
| acl : ace+ EOF ; | |
| ace : action ops ; | |
| action : REMARK | |
| | ( PERMIT ( NAMED | NUM ) source dest ) | |
| | ( DENY ( NAMED | NUM ) source dest ) | |
| ; | |
| source : ( ANY | HOST ADDRESS | ADDRESS ( MASK | ADDRESS ) ) srcports? ; | |
| dest : (ANY | HOST ADDRESS | ADDRESS ( MASK | ADDRESS ) ) dstports? ; | |
| srcports : EQ ( PORT | NUM )+ | |
| | LT ( PORT | NUM ) | |
| | GT ( PORT | NUM ) | |
| | RNG ( PORT | NUM ) ( PORT | NUM ) | |
| ; | |
| dstports : EQ ( PORT | NUM )+ | |
| | LT ( PORT | NUM ) | |
| | GT ( PORT | NUM ) | |
| | RNG ( PORT | NUM ) ( PORT | NUM ) | |
| | ICMP_PORTS | ( NUM NUM ) | |
| ; | |
| ops : EST? ( REFLECT NAME ( TIMEOUT NUM )? )? LOG? ; | |
| REMARK : 'remark' LINE ; | |
| fragment LINE : ~[\r\n] ; | |
| ANY : 'any' ; | |
| EST : 'established' ; | |
| LOG : 'log-input' | 'log' ; | |
| PERMIT : 'permit' ; | |
| DENY : 'deny' ; | |
| NAMED : 'ip' | 'tcp' | 'udp' | 'icmp' | 'ahp' | 'eigrp' | 'esp' | |
| | 'gre' | 'igmp' | 'ipinip' | 'nos' | 'ospf' | 'pcp' | 'pim' ; | |
| REFLECT : 'reflect' ; | |
| TIMEOUT : 'timeout' ; | |
| EQ : 'eq' ; | |
| LT : 'lt' ; | |
| GT : 'gt' ; | |
| RNG : 'range' ; | |
| HOST : 'host' ; | |
| MASK : ZERO DOT QUAD DOT QUAD DOT QUAD ; | |
| ADDRESS : QUAD DOT QUAD DOT QUAD DOT QUAD ; | |
| PORT : ( TCP_PORTS | UDP_PORTS ) ; | |
| ICMP_PORTS : 'administratively-prohibited' | 'alternate-address' | |
| | 'conversion-error' | 'dod-host-prohibited' | 'dod-net-prohibited' | |
| | 'dscp' | 'echo' | 'echo-reply' | 'fragments' | |
| | 'general-parameter-problem' | 'host-isolated' | |
| | 'host-precedence-unreachable' | 'host-redirect' | |
| | 'host-tos-redirect' | 'host-tos-unreachable' | 'host-unknown' | |
| | 'host-unreachable' | 'information-reply' | 'information-request' | |
| | 'mask-reply' | 'mask-request' | 'mobile-redirect' | 'net-redirect' | |
| | 'net-tos-redirect' | 'net-tos-unreachable' | 'net-unreachable' | |
| | 'network-unknown' | 'no-room-for-option' | 'option' | |
| | 'option-missing' | 'packet-too-big' | 'pak-len' | |
| | 'parameter-problem' | 'port-unreachable' | 'precedence' | |
| | 'precedence-unreachable' | 'protocol-unreachable' | |
| | 'reassembly-timeout' | 'redirect' | 'reflect' | |
| | 'router-advertisement' | 'router-solicitation' | 'source-quench' | |
| | 'source-route-failed' | 'time-exceeded' | 'time-range' | |
| | 'timestamp-reply' | 'timestamp-request' | 'tos' | 'traceroute' | |
| | 'ttl' | 'ttl-exceeded' | 'unreachable' | |
| ; | |
| UDP_PORTS : 'biff' | 'bootpc' | 'bootps' | 'discard' | 'dnsix' | |
| | 'domain' | 'echo' | 'isakmp' | 'mobile-ip' | 'nameserver' | |
| | 'netbios-dgm' | 'netbios-ns' | 'netbios-ss' | 'non500-isakmp' | |
| | 'ntp' | 'pim-auto-rp' | 'rip' | 'snmp' | 'snmptrap' | 'sunrpc' | |
| | 'syslog' | 'tacacs' | 'talk' | 'tftp' | 'time' | 'who' | 'xdmcp' | |
| ; | |
| TCP_PORTS : 'bgp' | |
| | 'chargen' | 'cmd' | 'daytime' | 'discard' | 'domain' | 'echo' | |
| | 'exec' | 'finger' | 'ftp' | 'ftp-data' | 'gopher' | 'hostname' | |
| | 'ident' | 'irc' | 'klogin' | 'kshell' | 'login' | 'lpd' | 'nntp' | |
| | 'pim-auto-rp' | 'pop2' | 'pop3' | 'smtp' | 'sunrpc' | 'syslog' | |
| | 'tacacs' | 'talk' | 'telnet' | 'time' | 'uucp' | 'whois' | 'www' | |
| ; | |
| fragment DOT : '.' ; | |
| fragment ZERO : [0] ; | |
| fragment DIG : [0-9] ; | |
| fragment LO4 : [0-4] ; | |
| fragment LO5 : [0-5] ; | |
| fragment ONE : '1' ; | |
| fragment TWO : '2' ; | |
| fragment QUAD : TWO LO5 LO5 | TWO LO4 DIG | ONE DIG DIG | DIG DIG | DIG ; | |
| NAME : [a-zA-Z\-]+ ; | |
| NUM : DIG+ ; | |
| WS : [ \r\n] -> skip ; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment