Example 11 with BDD
use of net.sf.javabdd.BDD in project batfish by batfish.
the class BDDAcl method computeACL.
/*
* Convert an Access Control List (ACL) to a symbolic boolean expression.
* The default action in an ACL is to deny all traffic.
*/
private void computeACL(@Nullable Set<Prefix> networks) {
// Check if there is an ACL first
if (_acl == null) {
_bdd = _factory.one();
}
_bdd = _factory.zero();
List<IpAccessListLine> lines = new ArrayList<>(_acl.getLines());
Collections.reverse(lines);
for (IpAccessListLine l : lines) {
// System.out.println("ACL Line: " + l.getName() + ", " + l.getAction());
BDD local = null;
if (l.getDstIps() != null) {
BDD val = computeWildcardMatch(l.getDstIps(), _pkt.getDstIp(), networks);
val = l.getDstIps().isEmpty() ? _factory.one() : val;
local = val;
}
if (l.getSrcIps() != null) {
BDD val = computeWildcardMatch(l.getSrcIps(), _pkt.getSrcIp(), null);
val = l.getDstIps().isEmpty() ? _factory.one() : val;
local = (local == null ? val : local.and(val));
}
if (l.getDscps() != null && !l.getDscps().isEmpty()) {
throw new BatfishException("detected dscps");
}
if (l.getDstPorts() != null) {
BDD val = computeValidRange(l.getDstPorts(), _pkt.getDstPort());
val = l.getDstPorts().isEmpty() ? _factory.one() : val;
local = (local == null ? val : local.and(val));
}
if (l.getSrcPorts() != null) {
BDD val = computeValidRange(l.getSrcPorts(), _pkt.getSrcPort());
val = l.getSrcPorts().isEmpty() ? _factory.one() : val;
local = (local == null ? val : local.and(val));
}
if (l.getEcns() != null && !l.getEcns().isEmpty()) {
throw new BatfishException("detected ecns");
}
if (l.getTcpFlags() != null) {
BDD val = computeTcpFlags(l.getTcpFlags());
val = l.getTcpFlags().isEmpty() ? _factory.one() : val;
local = (local == null ? val : local.and(val));
}
if (l.getFragmentOffsets() != null && !l.getFragmentOffsets().isEmpty()) {
throw new BatfishException("detected fragment offsets");
}
if (l.getIcmpCodes() != null) {
BDD val = computeValidRange(l.getIcmpCodes(), _pkt.getIcmpCode());
val = l.getIcmpCodes().isEmpty() ? _factory.one() : val;
local = (local == null ? val : local.and(val));
}
if (l.getIcmpTypes() != null) {
BDD val = computeValidRange(l.getIcmpTypes(), _pkt.getIcmpType());
val = l.getIcmpTypes().isEmpty() ? _factory.one() : val;
local = (local == null ? val : local.and(val));
}
if (l.getStates() != null && !l.getStates().isEmpty()) {
throw new BatfishException("detected states");
}
if (l.getIpProtocols() != null) {
BDD val = computeIpProtocols(l.getIpProtocols());
val = l.getIpProtocols().isEmpty() ? _factory.one() : val;
local = (local == null ? val : local.and(val));
}
if (l.getNotDscps() != null && !l.getNotDscps().isEmpty()) {
throw new BatfishException("detected NOT dscps");
}
if (l.getNotDstIps() != null && !l.getNotDstIps().isEmpty()) {
throw new BatfishException("detected NOT dst ip");
}
if (l.getNotSrcIps() != null && !l.getNotSrcIps().isEmpty()) {
throw new BatfishException("detected NOT src ip");
}
if (l.getNotDstPorts() != null && !l.getNotDstPorts().isEmpty()) {
throw new BatfishException("detected NOT dst port");
}
if (l.getNotSrcPorts() != null && !l.getNotSrcPorts().isEmpty()) {
throw new BatfishException("detected NOT src port");
}
if (l.getNotEcns() != null && !l.getNotEcns().isEmpty()) {
throw new BatfishException("detected NOT ecns");
}
if (l.getNotIcmpCodes() != null && !l.getNotIcmpCodes().isEmpty()) {
throw new BatfishException("detected NOT icmp codes");
}
if (l.getNotIcmpTypes() != null && !l.getNotIcmpTypes().isEmpty()) {
throw new BatfishException("detected NOT icmp types");
}
if (l.getNotFragmentOffsets() != null && !l.getNotFragmentOffsets().isEmpty()) {
throw new BatfishException("detected NOT fragment offset");
}
if (l.getNotIpProtocols() != null && !l.getNotIpProtocols().isEmpty()) {
throw new BatfishException("detected NOT ip protocols");
}
if (local != null) {
BDD ret;
if (l.getAction() == LineAction.ACCEPT) {
ret = _factory.one();
} else {
ret = _factory.zero();
}
if (l.getNegate()) {
local = local.not();
}
_bdd = local.ite(ret, _bdd);
}
}
}
Also used :
BatfishException(org.batfish.common.BatfishException)
BDD(net.sf.javabdd.BDD)
ArrayList(java.util.ArrayList)
IpAccessListLine(org.batfish.datamodel.IpAccessListLine)
Example 12 with BDD
use of net.sf.javabdd.BDD in project batfish by batfish.
the class BDDAcl method computeValidRange.
/*
* Convert a set of ranges and a packet field to a symbolic boolean expression
*/
private BDD computeValidRange(Set<SubRange> ranges, BDDInteger field) {
BDD acc = _factory.zero();
for (SubRange range : ranges) {
int start = range.getStart();
int end = range.getEnd();
// System.out.println("Range: " + start + "--" + end);
if (start == end) {
BDD isValue = field.value(start);
acc = acc.or(isValue);
} else {
BDD r = field.geq(start).and(field.leq(end));
acc = acc.or(r);
}
}
return acc;
}Example 13 with BDD
use of net.sf.javabdd.BDD in project batfish by batfish.
the class BDDInteger method add.
/*
* Add two BDDs bitwise to create a new BDD
*/
public BDDInteger add(BDDInteger var1) {
if (this._bitvec.length != var1._bitvec.length) {
throw new BDDException();
} else {
BDD var3 = _factory.zero();
BDDInteger var4 = new BDDInteger(_factory, this._bitvec.length);
for (int var5 = var4._bitvec.length - 1; var5 >= 0; --var5) {
var4._bitvec[var5] = this._bitvec[var5].xor(var1._bitvec[var5]);
var4._bitvec[var5] = var4._bitvec[var5].xor(var3.id());
BDD var6 = this._bitvec[var5].or(var1._bitvec[var5]);
var6 = var6.and(var3);
BDD var7 = this._bitvec[var5].and(var1._bitvec[var5]);
var7 = var7.or(var6);
var3 = var7;
}
var3.free();
return var4;
}
}
Also used :
BDD(net.sf.javabdd.BDD)
BDDException(net.sf.javabdd.BDDException)
Example 14 with BDD
use of net.sf.javabdd.BDD in project batfish by batfish.
the class BDDInteger method geq.
/*
* Less than or equal to on integers
*/
public BDD geq(int val) {
BDD[] eq = new BDD[_bitvec.length];
BDD[] greater = new BDD[_bitvec.length];
for (int i = _bitvec.length - 1; i >= 0; i--) {
if ((val & 1) != 0) {
eq[i] = _bitvec[i];
greater[i] = _factory.zero();
} else {
eq[i] = _bitvec[i].not();
greater[i] = _bitvec[i];
}
val >>= 1;
}
BDD acc = _factory.one();
for (int i = _bitvec.length - 1; i >= 0; i--) {
acc = greater[i].or(eq[i].and(acc));
}
return acc;
}
Also used :
BDD(net.sf.javabdd.BDD)
Example 15 with BDD
use of net.sf.javabdd.BDD in project batfish by batfish.
the class BDDPacket method restrict.
public BDD restrict(BDD bdd, List<Prefix> prefixes) {
if (prefixes.isEmpty()) {
throw new BatfishException("Empty prefix list in BDDRecord restrict");
}
BDD r = restrict(bdd, prefixes.get(0));
for (int i = 1; i < prefixes.size(); i++) {
Prefix p = prefixes.get(i);
BDD x = restrict(bdd, p);
r = r.or(x);
}
return r;
}
Also used :
BatfishException(org.batfish.common.BatfishException)
BDD(net.sf.javabdd.BDD)
Prefix(org.batfish.datamodel.Prefix)
Aggregations
BDD (net.sf.javabdd.BDD)26
BatfishException (org.batfish.common.BatfishException)7
ArrayList (java.util.ArrayList)5
Prefix (org.batfish.datamodel.Prefix)4
SubRange (org.batfish.datamodel.SubRange)3
CommunityVar (org.batfish.symbolic.CommunityVar)3
HashSet (java.util.HashSet)2
Set (java.util.Set)2
BDDException (net.sf.javabdd.BDDException)2
PrefixRange (org.batfish.datamodel.PrefixRange)2
ExplicitPrefixSet (org.batfish.datamodel.routing_policy.expr.ExplicitPrefixSet)2
InlineCommunitySet (org.batfish.datamodel.routing_policy.expr.InlineCommunitySet)2
MatchCommunitySet (org.batfish.datamodel.routing_policy.expr.MatchCommunitySet)2
MatchPrefix6Set (org.batfish.datamodel.routing_policy.expr.MatchPrefix6Set)2
MatchPrefixSet (org.batfish.datamodel.routing_policy.expr.MatchPrefixSet)2
NamedCommunitySet (org.batfish.datamodel.routing_policy.expr.NamedCommunitySet)2
NamedPrefixSet (org.batfish.datamodel.routing_policy.expr.NamedPrefixSet)2
TransferResult (org.batfish.symbolic.TransferResult)2
HashMap (java.util.HashMap)1
List (java.util.List)1
