Re: Regex to match a Cisco ACL

A simple and easy to debug approach is to build your regular expression from other regular expressions that you have tested before. For example:

my $re_protocols = qr/ip|tcp|udp|object-group\s+(\w+)/;
my $re_port      = qr/eq\s+(\d+)|range\s+(\d+)\s+(\d+)|/;

my $acl = qr/access-list
             \s+
            (\w+) # name
             \s+
            (\w+) # action
             \s+
            ($re_protocols)
             \s+
            # ... and so on
            /x;
[download]

Comment on Re: Regex to match a Cisco ACL Download Code

Replies are listed 'Best First'.
Re^2: Regex to match a Cisco ACL by Anonymous Monk on May 22, 2011 at 10:24 UTC
Thanks! That is a pretty easy approach indeed. But the source & destination network are still a problem though. If I find a "any" or "host X.X.X.X" entry in the line, how to help the interpreter to determine if it is source or destination. Actually the same limitation exists for the regex $re_protocols as well. It wouldn't know the difference between object-group entry for protocol, source network or a destination network.	[reply]

Replies are listed 'Best First'.

Re^2: Regex to match a Cisco ACL
by Anonymous Monk on May 22, 2011 at 10:24 UTC

Thanks! That is a pretty easy approach indeed. But the source & destination network are still a problem though.

If I find a "any" or "host X.X.X.X" entry in the line, how to help the interpreter to determine if it is source or destination.

Actually the same limitation exists for the regex $re_protocols as well. It wouldn't know the difference between object-group entry for protocol, source network or a destination network.

[reply]