Juergen Kahnert wrote:
> Hello,
>
> is there any way to write a parser for Cisco firewall configs with PLY?
>
> I can't find a way to solve the shift/reduce conflict with the
> "object-group" used within an access-list command.
> access-list foo permit tcp object-group A object-group C
> access-list foo permit tcp object-group A object-group B object-group C
> access-list foo permit tcp object-group A object-group C object-group D
> access-list foo permit tcp object-group A object-group B object-group C
> object-group D
>
> Obviously, I can't change the grammar. And precedence won't help either,
> the two middle access-list commands are grouped this way:
>
> access-list foo permit tcp ( object-group A object-group B ) object-group
> C
> access-list foo permit tcp object-group A ( object-group C object-group D
> )
>
> But this can only be recognized by checking the object-group if it's a
> network or a service group.
I have never seen a grammar for such files, but from your description it seems
that you can only decide this semantically.
The standard solution for such a problem is post-pone grouping until after
parsing. During parsing, abstract away grouping by parsing all 'object-group
X' fields into a flat list:
rule: 'access-list' ID 'permit' ('tcp' | 'udp') objgroups
objgroups: objgrp
| objgroups objgroup
objgrp: 'object-group' ID
After parsing restructure the list to the proper tree structure.
Albert
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"ply-hack" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/ply-hack?hl=en
-~----------~----~----~----~------~----~------~--~---
