我使用这种结构:
policies {
apply-groups default-log;
from-zone Trust to-zone DMZ {
policy policy-66 {
match {
source-address g_DMZ_SRV_;
destination-address g_DMZ_SRV;
application any;
}
then {
permit;
}
}
policy policy-9 {
match {
source-address g_h_OpenMail-Server;
destination-address g_in_DMZ_Exchange;
application t_1023;
}
then {
permit;
}
}
}
from-zone DMZ to-zone Blabla {
policy policy-68 {
match {
source-address g_DMZ_SRV_2_;
destination-address g_DMZ_SRV_3;
application T_22-ssh;
}
then {
permit;
}
}
policy policy-95 {
match {
source-address g_h_OpenMail-Server-2;
source-address 1.2.0.3;
destination-address g_in_DMZ_Exchange-1;
destination-address 10.25.32.64;
application t_1024;
}
then {
permit;
}
}
}
}
,我想以perl将其解析,以构建一个哈希(或简单地放置我可以利用的数据(,例如:
之类的东西Trust-to-DMZ
policy-66
source => g_DMZ_SRV
destination => blabla
policy-44
source => source1
source2
source3
destination => dest1
ports => port1
DMZ-to-Trust
policy-XX
我想知道:
如果您知道在这样的任务中有一些模块帮助(我想我可以使用text ::平衡,我在其他一些帖子中找到了一些示例(
如果有一些方法/最佳实践以避免肮脏的工作?
我想我可以"计数"牙套的数量,并在循环中进行循环。
是否有更轻松的解决方案或模块自动执行此操作?(例如,XML文件存在模块,例如, XML :: Simple 将XML的内容放入哈希中,我期望这种类似的东西?(
否则,我将开始编码一些肮脏的内容,然后在此处发布进度
谢谢!
在6月8日编辑,您知道,它可以与这样的肮脏肮脏的肮脏代码(我不是开发人员,很抱歉(,这不是我真正想要的不适合..而且显然是肮脏的你被警告了!:)因此,如果您不想要血液中的血液
,请不要看它use warnings;
use lib '/opt/csm/64-bit/cpan/5.16.3-2013.03/lib';
use Data::Dumper;
my ( $policies_flag, $fromzone_flag, $policy_flag, $match_flag, $zone_flag ) = ( 0,0,0,0,0 );
my ( $details_flag, $clos_flag, $then_flag, $permit_flag, $clos2_flag, $final_flag ) = ( 0,0,0,0,0,0 );
my $fromzone;
my $tozone;
my %pols;
my $clos_counter;
die "Usage: $0 <path_to_file>" if $ARGV[0] eq '';
open D, '<', $ARGV[0] or die "cannot open $ARGV[0] for readn";
@data = <D>;
close D;
OUTER: foreach my $str (@data) {
next if $str =~ /^$/;
next if $str =~ /apply-groups/;
chomp $str;
if ( $str =~ /s*policiess+{/ ) {
$policies_flag = 1;
next OUTER;
}
# policies
if ($policies_flag == 1) {
if ($str =~ /from-zonesS+sto-zonesS+s{$/) {
next if $str =~ /(<|>)/;
( $fromzone, $tozone ) = ( split(/s+/,$str) )[2,4];
$fromzone_flag = 1;
next OUTER;
}
# from-zone
if ($fromzone_flag == 1) {
if ($str =~ /policys+S+s+{/) {
$policy_flag = 1;
$clos_counter=0;
( $policy_name ) = ( split(/s+/, $str) )[2];
$pols{$policy_name}{from_zone} = "$fromzone";
$pols{$policy_name}{to_zone} = "$tozone";
next OUTER;
}
# pol
if ($policy_flag == 1) {
if ($str =~ /matchs+{/) {
$match_flag = 1;
next OUTER;
}
}
# match
if ($match_flag == 1) {
if ($str =~ /S+s+S+;$/) {
$details_flag = 1;
if ($str =~ /source-address/) {
( $sources ) = ( split(/s+/, $str) )[2];
$sources =~ s/;//;
push( @{$pols{$policy_name}{sources}}, "$sources");
} elsif ($str =~ /destination-address/) {
( $dests ) = ( split(/s+/, $str) )[2];
$dests =~ s/;//;
push( @{$pols{$policy_name}{destinations}}, "$dests");
} elsif ($str =~ /application/) {
( $ports ) = ( split(/s+/, $str) )[2];
$ports =~ s/;//;
push( @{$pols{$policy_name}{ports}}, "$ports");
}
next OUTER;
}
}
# rest
if ($details_flag == 1) {
if ($str =~ /s*}s*$/) {
if ($clos_counter == 0) {
$clos_flag = 1;
$clos_counter++;
next OUTER;
}
}
}
# then
if ($clos_flag == 1) {
if ($str =~ /s*thens+{$/) {
$then_flag = 1;
next OUTER;
}
}
# permit
if ($then_flag == 1) {
if ($str =~ /s*permit;$/) {
$permit_flag = 1;
$pols{$policy_name}{action} = ( split(/s+/,$str) )[1];
next OUTER;
}
}
# clos2
if ($permit_flag == 1) {
if ($str =~ /s*}s*$/) {
if ($clos_counter == 1) {
$clos2_flag = 1;
$clos_counter++;
next OUTER;
}
}
}
# final close
if ($clos2_flag == 1) {
if ($str =~ /s*}s*$/) {
if ($clos_counter == 2) {
$final_flag = 1;
$clos_counter++;
next OUTER;
}
}
}
# ultimate zone
if ($final_flag == 1) {
if ($str =~ /s*}s*$/) {
if ($clos_counter == 3) {
$zone_flag = 1;
$clos_counter++;
next OUTER;
}
}
}
# ulti pols
if ($zone_flag == 1) {
if ($str =~ /s*}s*$/) {
if ($clos_counter == 4) {
$clos_counter++;
last OUTER;
}
}
}
}
}
}
print Dumper(%pols);
给出:
$VAR1 = {
'policy-68' => {
'ports' => [
'T_22-ssh'
],
'sources' => [
'g_DMZ_SRV_2_'
],
'to_zone' => 'Blabla',
'from_zone' => 'DMZ',
'action' => 'permit;',
'destinations' => [
'g_DMZ_SRV_3'
]
},
'policy-9' => {
'ports' => [
't_1023'
],
'sources' => [
'g_h_OpenMail-Server'
],
'to_zone' => 'DMZ',
'from_zone' => 'Trust',
'action' => 'permit;',
'destinations' => [
'g_in_DMZ_Exchange'
]
},
'policy-66' => {
'ports' => [
'any'
],
'sources' => [
'g_DMZ_SRV_'
],
'to_zone' => 'DMZ',
'from_zone' => 'Trust',
'action' => 'permit;',
'destinations' => [
'g_DMZ_SRV'
]
},
'policy-95' => {
'ports' => [
't_1024'
],
'sources' => [
'g_h_OpenMail-Server-2',
'1.2.0.3'
],
'to_zone' => 'Blabla',
'from_zone' => 'DMZ',
'action' => 'permit;',
'destinations' => [
'g_in_DMZ_Exchange-1',
'10.25.32.64'
]
}
};
在我的可能不是完全没有偏见的意见中,marpa :: r2是解决您类型问题的好方法。
Marpa社区的Ron Savage提出以下内容:
我的($ parser(= text :: balanced :: marpa-> (( open => ['{'], 关闭=> ['}'], (; 我的($ text(= read_text('policies.txt'(; 我的($ result(= $ parser-> parse(text => $ text(; 打印" parse结果:$ result(0是成功( n"; #print join(" n", @{$ parser-> tree-> tree2String}(," n"; 我的($缩进(; 对于我的$ node($ parser-> tree-> traverse($ parser-> tree-> post_order(( { $ indent =''x $ node-> depth; $ text = $ {$ node-> meta} {text} = 〜s/ n | [{}]//gr; 说$缩进,如果($ text(; } Output:
Parse result: 0 (0 is success)
policies
apply-groups default-log; from-zone Trust to-zone DMZ
policy policy-66
match
source-address g_DMZ_SRV_; destination-address g_DMZ_SRV; application any;
then
permit;
policy policy-9
match
source-address g_h_OpenMail-Server; destination-address g_in_DMZ_Exchange; application t_1023;
then
permit;
from-zone DMZ to-zone Blabla
policy policy-68
match
source-address g_DMZ_SRV_2_; destination-address g_DMZ_SRV_3; application T_22-ssh;
then
permit;
policy policy-95
match
source-address g_h_OpenMail-Server-2; source-address 1.2.0.3; destination-address g_in_DMZ_Exchange-1; destination-address 10.25.32.64; application t_1024;
then
permit;
此要旨包含上述代码和输出。Stackoverflow的格式化者坚持要缩进所有内容,无论它是否理解 - - 可以依靠要依靠的要点来包含遭受损害的副本。