Examples with Interface org.batfish.datamodel.Interface used on opensource projects

Search in sources :

Example 31 with Interface

use of org.batfish.datamodel.Interface in project batfish by batfish.

the class CounterExample method buildFlowTrace.

/*
   * Build flow information for a given hop along a path
   */
Tuple<Flow, FlowTrace> buildFlowTrace(Encoder enc, String router) {
    EncoderSlice slice = enc.getMainSlice();
    SymbolicPacket pkt = slice.getSymbolicPacket();
    SymbolicDecisions decisions = slice.getSymbolicDecisions();
    Flow f = buildFlow(pkt, router);
    SortedSet<String> visited = new TreeSet<>();
    List<FlowTraceHop> hops = new ArrayList<>();
    String current = router;
    while (true) {
        visited.add(current);
        // Get the forwarding variables
        Map<GraphEdge, BoolExpr> dfwd = decisions.getDataForwarding().get(current);
        Map<GraphEdge, BoolExpr> cfwd = decisions.getControlForwarding().get(current);
        Map<GraphEdge, BoolExpr> across = enc.getMainSlice().getForwardsAcross().get(current);
        // Find the route used
        SymbolicRoute r = decisions.getBestNeighbor().get(current);
        Protocol proto = buildProcotol(r, slice, current);
        Prefix pfx = buildPrefix(r, f);
        // pick the next router
        boolean found = false;
        for (Entry<GraphEdge, BoolExpr> entry : dfwd.entrySet()) {
            GraphEdge ge = entry.getKey();
            BoolExpr dexpr = entry.getValue();
            BoolExpr cexpr = cfwd.get(ge);
            BoolExpr aexpr = across.get(ge);
            String route = buildRoute(pfx, proto, ge);
            if (isTrue(dexpr)) {
                hops.add(buildFlowTraceHop(ge, route));
                if (ge.getPeer() != null && visited.contains(ge.getPeer())) {
                    FlowTrace ft = new FlowTrace(FlowDisposition.LOOP, hops, "LOOP");
                    return new Tuple<>(f, ft);
                }
                if (isFalse(aexpr)) {
                    Interface i = ge.getEnd();
                    IpAccessList acl = i.getIncomingFilter();
                    FilterResult fr = acl.filter(f);
                    String line = "default deny";
                    if (fr.getMatchLine() != null) {
                        line = acl.getLines().get(fr.getMatchLine()).getName();
                    }
                    String note = String.format("DENIED_IN{%s}{%s}", acl.getName(), line);
                    FlowTrace ft = new FlowTrace(FlowDisposition.DENIED_IN, hops, note);
                    return new Tuple<>(f, ft);
                }
                boolean isLoopback = slice.getGraph().isLoopback(ge);
                if (isLoopback) {
                    FlowTrace ft = new FlowTrace(FlowDisposition.ACCEPTED, hops, "ACCEPTED");
                    return new Tuple<>(f, ft);
                }
                if (ge.getPeer() == null) {
                    boolean isBgpPeering = slice.getGraph().getEbgpNeighbors().get(ge) != null;
                    if (isBgpPeering) {
                        FlowTrace ft = new FlowTrace(FlowDisposition.ACCEPTED, hops, "ACCEPTED");
                        return new Tuple<>(f, ft);
                    } else {
                        FlowTrace ft = new FlowTrace(FlowDisposition.NEIGHBOR_UNREACHABLE_OR_EXITS_NETWORK, hops, "NEIGHBOR_UNREACHABLE_OR_EXITS_NETWORK");
                        return new Tuple<>(f, ft);
                    }
                }
                if (slice.getGraph().isHost(ge.getPeer())) {
                    FlowTrace ft = new FlowTrace(FlowDisposition.ACCEPTED, hops, "ACCEPTED");
                    return new Tuple<>(f, ft);
                }
                current = ge.getPeer();
                found = true;
                break;
            } else if (isTrue(cexpr)) {
                hops.add(buildFlowTraceHop(ge, route));
                Interface i = ge.getStart();
                IpAccessList acl = i.getOutgoingFilter();
                FilterResult fr = acl.filter(f);
                IpAccessListLine line = acl.getLines().get(fr.getMatchLine());
                String note = String.format("DENIED_OUT{%s}{%s}", acl.getName(), line.getName());
                FlowTrace ft = new FlowTrace(FlowDisposition.DENIED_OUT, hops, note);
                return new Tuple<>(f, ft);
            }
        }
        if (!found) {
            BoolExpr permitted = r.getPermitted();
            if (boolVal(permitted)) {
                // Check if there is an accepting interface
                for (GraphEdge ge : slice.getGraph().getEdgeMap().get(current)) {
                    Interface i = ge.getStart();
                    Ip ip = i.getAddress().getIp();
                    if (ip.equals(f.getDstIp())) {
                        FlowTrace ft = new FlowTrace(FlowDisposition.ACCEPTED, hops, "ACCEPTED");
                        return new Tuple<>(f, ft);
                    }
                }
                FlowTrace ft = new FlowTrace(FlowDisposition.NEIGHBOR_UNREACHABLE_OR_EXITS_NETWORK, hops, "NEIGHBOR_UNREACHABLE_OR_EXITS_NETWORK");
                return new Tuple<>(f, ft);
            }
            FlowTrace ft = new FlowTrace(FlowDisposition.NO_ROUTE, hops, "NO_ROUTE");
            return new Tuple<>(f, ft);
        }
    }
}
Also used : BoolExpr(com.microsoft.z3.BoolExpr) Ip(org.batfish.datamodel.Ip) ArrayList(java.util.ArrayList) Prefix(org.batfish.datamodel.Prefix) TreeSet(java.util.TreeSet) IpAccessListLine(org.batfish.datamodel.IpAccessListLine) IpProtocol(org.batfish.datamodel.IpProtocol) RoutingProtocol(org.batfish.datamodel.RoutingProtocol) Protocol(org.batfish.symbolic.Protocol) Flow(org.batfish.datamodel.Flow) FlowTraceHop(org.batfish.datamodel.FlowTraceHop) FlowTrace(org.batfish.datamodel.FlowTrace) IpAccessList(org.batfish.datamodel.IpAccessList) FilterResult(org.batfish.datamodel.FilterResult) GraphEdge(org.batfish.symbolic.GraphEdge) Tuple(org.batfish.symbolic.utils.Tuple) Interface(org.batfish.datamodel.Interface)

Example 32 with Interface

use of org.batfish.datamodel.Interface in project batfish by batfish.

the class CiscoGrammarTest method testParsingRecovery.

@Test
public void testParsingRecovery() throws IOException {
    String testrigName = "parsing-recovery";
    String hostname = "ios-recovery";
    List<String> configurationNames = ImmutableList.of(hostname);
    Batfish batfish = BatfishTestUtils.getBatfishFromTestrigText(TestrigText.builder().setConfigurationText(TESTRIGS_PREFIX + testrigName, configurationNames).build(), _folder);
    batfish.getSettings().setDisableUnrecognized(false);
    Map<String, Configuration> configurations = batfish.loadConfigurations();
    Configuration iosRecovery = configurations.get(hostname);
    Map<String, Interface> iosRecoveryInterfaces = iosRecovery.getInterfaces();
    Set<String> iosRecoveryInterfaceNames = iosRecoveryInterfaces.keySet();
    Set<InterfaceAddress> l3Prefixes = iosRecoveryInterfaces.get("Loopback3").getAllAddresses();
    Set<InterfaceAddress> l4Prefixes = iosRecoveryInterfaces.get("Loopback4").getAllAddresses();
    assertThat("Loopback0", isIn(iosRecoveryInterfaceNames));
    assertThat("Loopback1", isIn(iosRecoveryInterfaceNames));
    assertThat("Loopback2", not(isIn(iosRecoveryInterfaceNames)));
    assertThat("Loopback3", isIn(iosRecoveryInterfaceNames));
    assertThat(new InterfaceAddress("10.0.0.1/32"), not(isIn(l3Prefixes)));
    assertThat(new InterfaceAddress("10.0.0.2/32"), isIn(l3Prefixes));
    assertThat("Loopback4", isIn(iosRecoveryInterfaceNames));
    assertThat(new InterfaceAddress("10.0.0.3/32"), not(isIn(l4Prefixes)));
    assertThat(new InterfaceAddress("10.0.0.4/32"), isIn(l4Prefixes));
}
Also used : Configuration(org.batfish.datamodel.Configuration) InterfaceAddress(org.batfish.datamodel.InterfaceAddress) Batfish(org.batfish.main.Batfish) Interface(org.batfish.datamodel.Interface) ConfigurationMatchers.hasInterface(org.batfish.datamodel.matchers.ConfigurationMatchers.hasInterface) Test(org.junit.Test)

Example 33 with Interface

use of org.batfish.datamodel.Interface in project batfish by batfish.

the class HostInterfaceTest method testShared.

@Test
public void testShared() throws IOException {
    Ip sharedIp = new Ip("1.0.0.1");
    InterfaceAddress sharedAddress = new InterfaceAddress(sharedIp, 24);
    Prefix nonShared1Prefix = Prefix.parse("2.0.0.2/24");
    Prefix nonShared2Prefix = Prefix.parse("3.0.0.2/24");
    String ifaceSharedText = "{\"name\":\"shared_interface\", \"prefix\":\"" + sharedAddress + "\", \"shared\":true}";
    String ifaceNonShared1Text = "{\"name\":\"non_shared1_interface\", \"prefix\":\"" + nonShared1Prefix + "\", \"shared\":false}";
    String ifaceNonShared2Text = "{\"name\":\"non_shared2_interface\", \"prefix\":\"" + nonShared2Prefix + "\"}";
    HostInterface sharedHostInterface = BatfishObjectMapper.mapper().readValue(ifaceSharedText, HostInterface.class);
    HostInterface nonShared1HostInterface = BatfishObjectMapper.mapper().readValue(ifaceNonShared1Text, HostInterface.class);
    HostInterface nonShared2HostInterface = BatfishObjectMapper.mapper().readValue(ifaceNonShared2Text, HostInterface.class);
    Interface sharedInterface = sharedHostInterface.toInterface(_c, _w);
    Interface nonShared1Interface = nonShared1HostInterface.toInterface(_c, _w);
    Interface nonShared2Interface = nonShared2HostInterface.toInterface(_c, _w);
    /*
     * Check that shared status from text is propagated into instances with correct defaults.
     */
    assertThat(sharedHostInterface, isShared());
    assertThat(nonShared1HostInterface, not(isShared()));
    assertThat(nonShared2HostInterface, not(isShared()));
    /*
     * The shared interface should contain source NAT info as indicated, while the other interfaces
     * should not contain any source NAT information.
     */
    assertThat(sharedInterface, hasSourceNats(hasItem(allOf(hasPoolIpFirst(sharedIp), hasPoolIpLast(sharedIp)))));
    assertThat(nonShared1Interface, hasSourceNats(empty()));
    assertThat(nonShared2Interface, hasSourceNats(empty()));
}
Also used : InterfaceAddress(org.batfish.datamodel.InterfaceAddress) Ip(org.batfish.datamodel.Ip) HostInterface(org.batfish.representation.host.HostInterface) Prefix(org.batfish.datamodel.Prefix) HostInterface(org.batfish.representation.host.HostInterface) Interface(org.batfish.datamodel.Interface) Test(org.junit.Test)

Example 34 with Interface

use of org.batfish.datamodel.Interface in project batfish by batfish.

the class ElasticsearchDomainTest method testSecurityGroupsAcl.

@Test
public void testSecurityGroupsAcl() throws IOException {
    Map<String, Configuration> configurations = loadAwsConfigurations();
    assertThat(configurations, hasKey("es-domain"));
    assertThat(configurations.get("es-domain").getInterfaces().entrySet(), hasSize(2));
    IpAccessListLine rejectSynOnly = IpAccessListLine.builder().setTcpFlags(ImmutableSet.of(TcpFlags.SYN_ONLY)).setAction(LineAction.REJECT).build();
    IpAccessList expectedIncomingFilter = new IpAccessList("~SECURITY_GROUP_INGRESS_ACL~", Lists.newArrayList(IpAccessListLine.builder().setAction(LineAction.ACCEPT).setIpProtocols(Sets.newHashSet(IpProtocol.TCP)).setSrcIps(Sets.newHashSet(new IpWildcard("1.2.3.4/32"), new IpWildcard("10.193.16.105/32"))).setDstPorts(Sets.newHashSet(new SubRange(45, 50))).build(), rejectSynOnly, IpAccessListLine.builder().setAction(LineAction.ACCEPT).setSrcIps(Sets.newHashSet(new IpWildcard("0.0.0.0/0"))).build()));
    IpAccessList expectedOutgoingFilter = new IpAccessList("~SECURITY_GROUP_EGRESS_ACL~", Lists.newArrayList(IpAccessListLine.builder().setAction(LineAction.ACCEPT).setDstIps(Sets.newHashSet(new IpWildcard("0.0.0.0/0"))).build(), rejectSynOnly, IpAccessListLine.builder().setAction(LineAction.ACCEPT).setIpProtocols(Sets.newHashSet(IpProtocol.TCP)).setDstIps(Sets.newHashSet(new IpWildcard("1.2.3.4/32"), new IpWildcard("10.193.16.105/32"))).setSrcPorts(Sets.newHashSet(new SubRange(45, 50))).build()));
    for (Interface iface : configurations.get("es-domain").getInterfaces().values()) {
        assertThat(iface.getIncomingFilter(), equalTo(expectedIncomingFilter));
        assertThat(iface.getOutgoingFilter(), equalTo(expectedOutgoingFilter));
    }
}
Also used : IpWildcard(org.batfish.datamodel.IpWildcard) Configuration(org.batfish.datamodel.Configuration) IpAccessListLine(org.batfish.datamodel.IpAccessListLine) IpAccessList(org.batfish.datamodel.IpAccessList) SubRange(org.batfish.datamodel.SubRange) Interface(org.batfish.datamodel.Interface) Test(org.junit.Test)

Example 35 with Interface

use of org.batfish.datamodel.Interface in project batfish by batfish.

the class RdsInstanceTest method testSecurityGroupsAcl.

@Test
public void testSecurityGroupsAcl() throws IOException {
    Map<String, Configuration> configurations = loadAwsConfigurations();
    assertThat(configurations, hasKey("test-rds"));
    assertThat(configurations.get("test-rds").getInterfaces().entrySet(), hasSize(2));
    IpAccessListLine rejectSynOnly = IpAccessListLine.builder().setTcpFlags(ImmutableSet.of(TcpFlags.SYN_ONLY)).setAction(LineAction.REJECT).build();
    IpAccessList expectedIncomingFilter = new IpAccessList("~SECURITY_GROUP_INGRESS_ACL~", Lists.newArrayList(IpAccessListLine.builder().setAction(LineAction.ACCEPT).setIpProtocols(Sets.newHashSet(IpProtocol.TCP)).setSrcIps(Sets.newHashSet(new IpWildcard("1.2.3.4/32"), new IpWildcard("10.193.16.105/32"))).setDstPorts(Sets.newHashSet(new SubRange(45, 50))).build(), rejectSynOnly, IpAccessListLine.builder().setAction(LineAction.ACCEPT).setSrcIps(Sets.newHashSet(new IpWildcard("0.0.0.0/0"))).build()));
    IpAccessList expectedOutgoingFilter = new IpAccessList("~SECURITY_GROUP_EGRESS_ACL~", Lists.newArrayList(IpAccessListLine.builder().setAction(LineAction.ACCEPT).setDstIps(Sets.newHashSet(new IpWildcard("0.0.0.0/0"))).build(), rejectSynOnly, IpAccessListLine.builder().setAction(LineAction.ACCEPT).setIpProtocols(Sets.newHashSet(IpProtocol.TCP)).setDstIps(Sets.newHashSet(new IpWildcard("1.2.3.4/32"), new IpWildcard("10.193.16.105/32"))).setSrcPorts(Sets.newHashSet(new SubRange(45, 50))).build()));
    for (Interface iface : configurations.get("test-rds").getInterfaces().values()) {
        assertThat(iface.getIncomingFilter(), equalTo(expectedIncomingFilter));
        assertThat(iface.getOutgoingFilter(), equalTo(expectedOutgoingFilter));
    }
}
Also used : IpWildcard(org.batfish.datamodel.IpWildcard) Configuration(org.batfish.datamodel.Configuration) IpAccessListLine(org.batfish.datamodel.IpAccessListLine) IpAccessList(org.batfish.datamodel.IpAccessList) SubRange(org.batfish.datamodel.SubRange) Interface(org.batfish.datamodel.Interface) Test(org.junit.Test)

Aggregations

Interface (org.batfish.datamodel.Interface)68 Configuration (org.batfish.datamodel.Configuration)42 Ip (org.batfish.datamodel.Ip)26 Edge (org.batfish.datamodel.Edge)21 Prefix (org.batfish.datamodel.Prefix)20 Test (org.junit.Test)19 InterfaceAddress (org.batfish.datamodel.InterfaceAddress)18 Vrf (org.batfish.datamodel.Vrf)18 HashMap (java.util.HashMap)17 IpAccessList (org.batfish.datamodel.IpAccessList)16 Topology (org.batfish.datamodel.Topology)14 ArrayList (java.util.ArrayList)13 List (java.util.List)13 StaticRoute (org.batfish.datamodel.StaticRoute)13 HashSet (java.util.HashSet)12 Set (java.util.Set)12 BatfishException (org.batfish.common.BatfishException)12 Map (java.util.Map)11 TreeSet (java.util.TreeSet)10 SortedSet (java.util.SortedSet)9
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial