Cisco-ACL
view release on metacpan or search on metacpan
bin/aclmaker.pl view on Meta::CPAN
10.10.10.10/8,45.45.45.45
=item * src_port
Ports may be specified as a singe port, a range of ports in the form
xxxx-yyyy, or a comma separated list of any combination of those. The valid
range is 0-65535.
=item * dst_addr
As with src_addr but for the destination endpoint.
=item * dst_port
As with src_port but tor the destination endpoint.
=item * protocol
The protocol for the ACL. One of C<tcp>, C<udp> or C<ip>. For compatibility
the value C<both> is interpreted as C<ip>.
=back
=head1 OUTPUT
lib/Cisco/ACL.pm view on Meta::CPAN
#
sub breakout_addrs {
# Split on commas, return a list where every element is either a
# single address or a single cidr specification.
my @list = @_;
if ($list[0] =~ /any/) { return("any"); };
my (@elements,$addr,@endpoints,@octets1,@octets2,$start,$end,$i,
$number_of_endpoints,$number_of_octets,$done,$dec_start,$dec_end,@george,$remaining);
foreach $addr( @list ) {
if ($addr !~ /\-/) {
push @elements, $addr; # Not a range and we're returning single addresses and
# cidr notation as is, so nothing to do
}
else {
@endpoints = split(/\-/, $addr);
$number_of_endpoints = @endpoints;
if ($number_of_endpoints != 2) {
next; # something is screwey; probably something like
# 10.10.10.10-20-30. Silently shitcan it.
};
# Two cases left; x.x.x.x-y.y.y.y and x.x.x.x-y
#
@octets2 = split(/\./, $endpoints[1]);
$number_of_octets = @octets2;
if ($number_of_octets == 4) {
$dec_start = ip_to_decimal($endpoints[0]);
$dec_end = ip_to_decimal($endpoints[1]);
push @elements, ferment("$dec_start-$dec_end");
}
else {
@octets1 = split(/\./, $endpoints[0]);
my $newend = "$octets1[0].$octets1[1].$octets1[2].$octets2[0]";
$dec_start = ip_to_decimal($endpoints[0]);
$dec_end = ip_to_decimal($newend);
push @elements, ferment("$dec_start-$dec_end");
}
}
}
return(@elements);
}
#
#-------------------------------------------------------------------
#
sub breakout_ports {
my @list = @_;
my ($tidbit,@endpoints,$start,$end,$i,$number_of_endpoints,@elements);
foreach $tidbit( @list ) {
if ($tidbit =~ /\-/) {
@endpoints = split(/\-/, $tidbit);
$number_of_endpoints = @endpoints;
if ($number_of_endpoints != 2) {
next;
};
$start = $endpoints[0];
$end = $endpoints[1];
# flip range ends if they are backward
if ($start >= $end) {
($start, $end) = ($end, $start);
};
push @elements, "range $start $end";
}
else {
lib/Cisco/ACL.pm view on Meta::CPAN
};
#
#-------------------------------------------------------------------
#
sub parse_cidr {
my $bob = $_[0];
my ($address, $block, $start, $end, $mask, $rev_mask);
($address, $block) = split(/\//, $bob);
($start, $end) = ip_to_endpoints($address, $block);
$mask = find_mask($block);
my $bin_mask = ip_to_bin($mask);
my @bits = split(//, $bin_mask);
foreach my $toggle_bait (@bits) {
if ($toggle_bait eq "1") {
$toggle_bait = "0";
}
else {
$toggle_bait = "1";
};
lib/Cisco/ACL.pm view on Meta::CPAN
$got_it = 0;
for ($i = 1; $i < 31; $i++) {
# We'll only try to put 1 block per call of this subroutine
if ($got_it) { last };
# Using the cidr size for this loop iteration, calculate what
# the block of that size would be for the start address we
# have, then compare that to the range we're looking for.
#
($trial_start, $trial_end) = ip_to_endpoints(decimal_to_ip($start),$i); # dotted
$trial_start = ip_to_decimal($trial_start); # now decimal
$trial_end = ip_to_decimal($trial_end);
#
# Ok, now these are in decimal
#
if ($trial_start == $start) {
# Woo hoo, the start of the range is aligned with a cidr boundary.
# Is it the right one? We know it's the biggest possible,
# but it may be too big. If so, just move on to the next
lib/Cisco/ACL.pm view on Meta::CPAN
push @list_to_date, $block_found;
return(ferment($remaining_range,@list_to_date));
};
#
#-------------------------------------------------------------------
#
sub ip_to_endpoints {
#
# Various of these routings use strings for bit masks where
# it would undoubtedly be much more efficient to use real binary
# data, but... it's fast enough, and this was easier. :)
#
my($address,$cidr,$zeros,$ones,$bin_address);
$address = $_[0];
$bin_address = ip_to_bin($address);
$cidr = $_[1];
$zeros = "00000000000000000000000000000000";
( run in 0.299 second using v1.01-cache-2.11-cpan-27979f6cc8f )