Closed Jypear closed 5 months ago
codeout
commented
7 months ago Hi,
Thank you for your report. It looks like a quote-handling issue. That XSD generates ruby code below
a(str("tcp-flags"), arg),which doesn't match expressions with a white space. We need a special care of this, but it can be fixed.
codeout
commented
7 months ago I'm just thinking that we might interpret <flag>unquoted</flag> in the opposite way, like "may be quoted".
Jypear
commented
7 months ago Hi, thanks for taking a look at this.
which doesn't match expressions with a white space.
I can confirm, I modified the config file to the following:
tcp-flags "(syn|!ack)|fin|rst"
This worked fine without the whitespace.
When doing a syntax check, this works as both quoted and unquoted (as long as there is no whitespace).
codeout
commented
7 months ago Hi, I've just pushed a quick fix for this. I'm going to study Juniper's .xsd to find long-time solution, but need some time. Meanwhile, if you don't mind installing junoser from GitHub, you can use the fixed version.
gem install specific_install
gem specific_install https://github.com/codeout/junoser.gitJust installed the version from github and can confirm the changes you made have resolved that issue. Thanks for the quick fix and the time put into this tool. 👍
Hi,
We are testing this tool for parsing junos configuration and using it for syntax checking. In configuration we have something like the following example:
When running junosers syntax checking the syntax error is raised by using ! or | in the match expression. However the syntax error is not present when stating a single tcp-flag (like syn or ack).
Generated rule files seems to show the available args for the TCP flag
However, juniper docs states match expressions are valid within configuration. https://www.juniper.net/documentation/us/en/software/junos/routing-policy/topics/concept/firewall-filter-stateless-match-conditions-bit-field-values.html
In this a limitation of the XSD file Juniper supplies?