Search in sources :

Example 16 with IpAccessList

use of org.batfish.datamodel.IpAccessList in project batfish by batfish.

the class RdsInstanceTest method testSecurityGroupsAcl.

@Test
public void testSecurityGroupsAcl() throws IOException {
    Map<String, Configuration> configurations = loadAwsConfigurations();
    assertThat(configurations, hasKey("test-rds"));
    assertThat(configurations.get("test-rds").getInterfaces().entrySet(), hasSize(2));
    IpAccessListLine rejectSynOnly = IpAccessListLine.builder().setTcpFlags(ImmutableSet.of(TcpFlags.SYN_ONLY)).setAction(LineAction.REJECT).build();
    IpAccessList expectedIncomingFilter = new IpAccessList("~SECURITY_GROUP_INGRESS_ACL~", Lists.newArrayList(IpAccessListLine.builder().setAction(LineAction.ACCEPT).setIpProtocols(Sets.newHashSet(IpProtocol.TCP)).setSrcIps(Sets.newHashSet(new IpWildcard("1.2.3.4/32"), new IpWildcard("10.193.16.105/32"))).setDstPorts(Sets.newHashSet(new SubRange(45, 50))).build(), rejectSynOnly, IpAccessListLine.builder().setAction(LineAction.ACCEPT).setSrcIps(Sets.newHashSet(new IpWildcard("0.0.0.0/0"))).build()));
    IpAccessList expectedOutgoingFilter = new IpAccessList("~SECURITY_GROUP_EGRESS_ACL~", Lists.newArrayList(IpAccessListLine.builder().setAction(LineAction.ACCEPT).setDstIps(Sets.newHashSet(new IpWildcard("0.0.0.0/0"))).build(), rejectSynOnly, IpAccessListLine.builder().setAction(LineAction.ACCEPT).setIpProtocols(Sets.newHashSet(IpProtocol.TCP)).setDstIps(Sets.newHashSet(new IpWildcard("1.2.3.4/32"), new IpWildcard("10.193.16.105/32"))).setSrcPorts(Sets.newHashSet(new SubRange(45, 50))).build()));
    for (Interface iface : configurations.get("test-rds").getInterfaces().values()) {
        assertThat(iface.getIncomingFilter(), equalTo(expectedIncomingFilter));
        assertThat(iface.getOutgoingFilter(), equalTo(expectedOutgoingFilter));
    }
}
Also used : IpWildcard(org.batfish.datamodel.IpWildcard) Configuration(org.batfish.datamodel.Configuration) IpAccessListLine(org.batfish.datamodel.IpAccessListLine) IpAccessList(org.batfish.datamodel.IpAccessList) SubRange(org.batfish.datamodel.SubRange) Interface(org.batfish.datamodel.Interface) Test(org.junit.Test)

Example 17 with IpAccessList

use of org.batfish.datamodel.IpAccessList in project batfish by batfish.

the class SecurityGroupsTest method testDeniedWrongIpResponse.

@Test
public void testDeniedWrongIpResponse() throws JSONException {
    SecurityGroup sg = new SecurityGroup(_securityGroups.getJSONObject(8), null);
    List<IpAccessListLine> inboundRules = new LinkedList<>();
    List<IpAccessListLine> outboundRules = new LinkedList<>();
    sg.addInOutAccessLines(inboundRules, outboundRules, _region);
    IpAccessList outFilter = new IpAccessList(TEST_ACL, outboundRules);
    // flow containing wrong destination IP should be rejected
    _flowBuilder.setDstIp(new Ip("1.2.3.5"));
    _flowBuilder.setSrcPort(22);
    _flowBuilder.setTcpFlagsAck(1);
    _flowBuilder.setTcpFlagsSyn(1);
    assertThat(outFilter.filter(_flowBuilder.build()).getAction(), equalTo(LineAction.REJECT));
}
Also used : Ip(org.batfish.datamodel.Ip) IpAccessListLine(org.batfish.datamodel.IpAccessListLine) IpAccessList(org.batfish.datamodel.IpAccessList) LinkedList(java.util.LinkedList) Test(org.junit.Test)

Example 18 with IpAccessList

use of org.batfish.datamodel.IpAccessList in project batfish by batfish.

the class SynthesizerInputImplTest method testComputeSourceNats.

@Test
public void testComputeSourceNats() {
    Configuration srcNode = _cb.build();
    Configuration nextHop = _cb.build();
    Vrf srcVrf = _vb.setOwner(srcNode).build();
    Vrf nextHopVrf = _vb.setOwner(nextHop).build();
    Ip ip11 = new Ip("1.0.0.0");
    Ip ip12 = new Ip("1.0.0.10");
    Ip ip21 = new Ip("2.0.0.0");
    Ip ip22 = new Ip("2.0.0.10");
    IpAccessList sourceNat1Acl = _aclb.setLines(ImmutableList.of()).setOwner(srcNode).build();
    IpAccessList sourceNat2Acl = _aclb.build();
    SourceNat sourceNat1 = _snb.setPoolIpFirst(ip11).setPoolIpLast(ip12).setAcl(sourceNat1Acl).build();
    SourceNat sourceNat2 = _snb.setPoolIpFirst(ip21).setPoolIpLast(ip22).setAcl(sourceNat2Acl).build();
    Interface srcInterfaceZeroSourceNats = _ib.setOwner(srcNode).setVrf(srcVrf).setSourceNats(ImmutableList.of()).build();
    Interface srcInterfaceOneSourceNat = _ib.setSourceNats(ImmutableList.of(sourceNat1)).build();
    Interface srcInterfaceTwoSourceNats = _ib.setSourceNats(ImmutableList.of(sourceNat1, sourceNat2)).build();
    Interface nextHopInterface = _ib.setOwner(nextHop).setVrf(nextHopVrf).setSourceNats(ImmutableList.of()).build();
    Edge forwardEdge1 = new Edge(srcInterfaceZeroSourceNats, nextHopInterface);
    Edge forwardEdge2 = new Edge(srcInterfaceOneSourceNat, nextHopInterface);
    Edge forwardEdge3 = new Edge(srcInterfaceTwoSourceNats, nextHopInterface);
    Edge backEdge1 = new Edge(nextHopInterface, srcInterfaceZeroSourceNats);
    Edge backEdge2 = new Edge(nextHopInterface, srcInterfaceOneSourceNat);
    Edge backEdge3 = new Edge(nextHopInterface, srcInterfaceTwoSourceNats);
    SynthesizerInput inputWithoutDataPlane = _inputBuilder.setConfigurations(ImmutableMap.of(srcNode.getName(), srcNode, nextHop.getName(), nextHop)).build();
    SynthesizerInput inputWithDataPlane = _inputBuilder.setForwardingAnalysis(MockForwardingAnalysis.builder().build()).setTopology(new Topology(ImmutableSortedSet.of(forwardEdge1, forwardEdge2, forwardEdge3, backEdge1, backEdge2, backEdge3))).build();
    assertThat(inputWithDataPlane, hasSourceNats(hasEntry(equalTo(srcNode.getName()), hasEntry(equalTo(srcInterfaceZeroSourceNats.getName()), equalTo(ImmutableList.of())))));
    assertThat(inputWithDataPlane, hasSourceNats(hasEntry(equalTo(srcNode.getName()), hasEntry(equalTo(srcInterfaceOneSourceNat.getName()), equalTo(ImmutableList.of(immutableEntry(new AclPermit(srcNode.getName(), sourceNat1Acl.getName()), new RangeMatchExpr(TransformationHeaderField.NEW_SRC_IP, TransformationHeaderField.NEW_SRC_IP.getSize(), ImmutableSet.of(Range.closed(ip11.asLong(), ip12.asLong()))))))))));
    assertThat(inputWithDataPlane, hasSourceNats(hasEntry(equalTo(srcNode.getName()), hasEntry(equalTo(srcInterfaceTwoSourceNats.getName()), equalTo(ImmutableList.of(immutableEntry(new AclPermit(srcNode.getName(), sourceNat1Acl.getName()), new RangeMatchExpr(TransformationHeaderField.NEW_SRC_IP, TransformationHeaderField.NEW_SRC_IP.getSize(), ImmutableSet.of(Range.closed(ip11.asLong(), ip12.asLong())))), immutableEntry(new AclPermit(srcNode.getName(), sourceNat2Acl.getName()), new RangeMatchExpr(TransformationHeaderField.NEW_SRC_IP, TransformationHeaderField.NEW_SRC_IP.getSize(), ImmutableSet.of(Range.closed(ip21.asLong(), ip22.asLong()))))))))));
    assertThat(inputWithoutDataPlane, hasSourceNats(nullValue()));
}
Also used : SourceNat(org.batfish.datamodel.SourceNat) Configuration(org.batfish.datamodel.Configuration) Ip(org.batfish.datamodel.Ip) AclPermit(org.batfish.z3.state.AclPermit) RangeMatchExpr(org.batfish.z3.expr.RangeMatchExpr) Vrf(org.batfish.datamodel.Vrf) IpAccessList(org.batfish.datamodel.IpAccessList) Topology(org.batfish.datamodel.Topology) Edge(org.batfish.datamodel.Edge) SynthesizerInputMatchers.hasArpTrueEdge(org.batfish.z3.matchers.SynthesizerInputMatchers.hasArpTrueEdge) Interface(org.batfish.datamodel.Interface) Test(org.junit.Test)

Example 19 with IpAccessList

use of org.batfish.datamodel.IpAccessList in project batfish by batfish.

the class BdpEngine method processCurrentNextHopInterfaceEdges.

private boolean processCurrentNextHopInterfaceEdges(BdpDataPlane dp, String currentNodeName, Set<Edge> visitedEdges, List<FlowTraceHop> hopsSoFar, Set<FlowTrace> flowTraces, Flow originalFlow, Flow transformedFlow, Ip dstIp, Set<String> dstIpOwners, @Nullable String nextHopInterfaceName, SortedSet<String> routesForThisNextHopInterface, @Nullable Ip finalNextHopIp, @Nullable NodeInterfacePair nextHopInterface, SortedSet<Edge> edges, boolean arp) {
    boolean continueToNextNextHopInterface = false;
    int unreachableNeighbors = 0;
    int potentialNeighbors = 0;
    for (Edge edge : edges) {
        if (!edge.getNode1().equals(currentNodeName)) {
            continue;
        }
        potentialNeighbors++;
        List<FlowTraceHop> newHops = new ArrayList<>(hopsSoFar);
        Set<Edge> newVisitedEdges = new LinkedHashSet<>(visitedEdges);
        FlowTraceHop newHop = new FlowTraceHop(edge, routesForThisNextHopInterface, hopFlow(originalFlow, transformedFlow));
        newVisitedEdges.add(edge);
        newHops.add(newHop);
        /*
       * Check to see whether neighbor would refrain from sending ARP reply
       * (NEIGHBOR_UNREACHABLE)
       *
       * This occurs if:
       *
       * - Using interface-only route
       *
       * AND
       *
       * - Neighbor does not own arpIp
       *
       * AND EITHER
       *
       * -- Neighbor not using proxy-arp
       *
       * - OR
       *
       * -- Subnet of neighbor's receiving-interface contains arpIp
       */
        if (arp) {
            Ip arpIp;
            Set<String> arpIpOwners;
            if (finalNextHopIp == null) {
                arpIp = dstIp;
                arpIpOwners = dstIpOwners;
            } else {
                arpIp = finalNextHopIp;
                arpIpOwners = dp._ipOwners.get(arpIp);
            }
            // using interface-only route
            String node2 = edge.getNode2();
            if (arpIpOwners == null || !arpIpOwners.contains(node2)) {
                // neighbor does not own arpIp
                String int2Name = edge.getInt2();
                Interface int2 = dp._nodes.get(node2)._c.getInterfaces().get(int2Name);
                boolean neighborUnreachable = false;
                Boolean proxyArp = int2.getProxyArp();
                if (proxyArp == null || !proxyArp) {
                    // TODO: proxyArp probably shouldn't be null
                    neighborUnreachable = true;
                } else {
                    for (InterfaceAddress address : int2.getAllAddresses()) {
                        if (address.getPrefix().containsIp(arpIp)) {
                            neighborUnreachable = true;
                            break;
                        }
                    }
                }
                if (neighborUnreachable) {
                    unreachableNeighbors++;
                    continue;
                }
            }
        }
        if (visitedEdges.contains(edge)) {
            FlowTrace trace = new FlowTrace(FlowDisposition.LOOP, newHops, FlowDisposition.LOOP.toString());
            flowTraces.add(trace);
            potentialNeighbors--;
            continue;
        }
        String nextNodeName = edge.getNode2();
        // now check output filter and input filter
        if (nextHopInterfaceName != null) {
            IpAccessList outFilter = dp._nodes.get(currentNodeName)._c.getInterfaces().get(nextHopInterfaceName).getOutgoingFilter();
            if (outFilter != null) {
                FlowDisposition disposition = FlowDisposition.DENIED_OUT;
                boolean denied = flowTraceDeniedHelper(flowTraces, originalFlow, transformedFlow, newHops, outFilter, disposition);
                if (denied) {
                    potentialNeighbors--;
                    continue;
                }
            }
        }
        IpAccessList inFilter = dp._nodes.get(nextNodeName)._c.getInterfaces().get(edge.getInt2()).getIncomingFilter();
        if (inFilter != null) {
            FlowDisposition disposition = FlowDisposition.DENIED_IN;
            boolean denied = flowTraceDeniedHelper(flowTraces, originalFlow, transformedFlow, newHops, inFilter, disposition);
            if (denied) {
                potentialNeighbors--;
                continue;
            }
        }
        // recurse
        collectFlowTraces(dp, nextNodeName, newVisitedEdges, newHops, flowTraces, originalFlow, transformedFlow);
    }
    if (arp && unreachableNeighbors > 0 && unreachableNeighbors == potentialNeighbors) {
        FlowTrace trace = neighborUnreachableTrace(hopsSoFar, nextHopInterface, routesForThisNextHopInterface, originalFlow, transformedFlow);
        flowTraces.add(trace);
        continueToNextNextHopInterface = true;
    }
    return continueToNextNextHopInterface;
}
Also used : LinkedHashSet(java.util.LinkedHashSet) InterfaceAddress(org.batfish.datamodel.InterfaceAddress) Ip(org.batfish.datamodel.Ip) ArrayList(java.util.ArrayList) FlowDisposition(org.batfish.datamodel.FlowDisposition) FlowTraceHop(org.batfish.datamodel.FlowTraceHop) FlowTrace(org.batfish.datamodel.FlowTrace) IpAccessList(org.batfish.datamodel.IpAccessList) AtomicBoolean(java.util.concurrent.atomic.AtomicBoolean) Edge(org.batfish.datamodel.Edge) Interface(org.batfish.datamodel.Interface)

Example 20 with IpAccessList

use of org.batfish.datamodel.IpAccessList in project batfish by batfish.

the class CiscoConfiguration method toInterface.

private org.batfish.datamodel.Interface toInterface(Interface iface, Map<String, IpAccessList> ipAccessLists, Configuration c) {
    String name = iface.getName();
    org.batfish.datamodel.Interface newIface = new org.batfish.datamodel.Interface(name, c);
    String vrfName = iface.getVrf();
    Vrf vrf = _vrfs.computeIfAbsent(vrfName, Vrf::new);
    newIface.setDescription(iface.getDescription());
    newIface.setActive(iface.getActive());
    newIface.setAutoState(iface.getAutoState());
    newIface.setVrf(c.getVrfs().get(vrfName));
    newIface.setBandwidth(iface.getBandwidth());
    if (iface.getDhcpRelayClient()) {
        newIface.getDhcpRelayAddresses().addAll(_dhcpRelayServers);
    } else {
        newIface.getDhcpRelayAddresses().addAll(iface.getDhcpRelayAddresses());
    }
    newIface.setMtu(getInterfaceMtu(iface));
    newIface.setOspfPointToPoint(iface.getOspfPointToPoint());
    newIface.setProxyArp(iface.getProxyArp());
    newIface.setSpanningTreePortfast(iface.getSpanningTreePortfast());
    newIface.setSwitchport(iface.getSwitchport());
    newIface.setDeclaredNames(ImmutableSortedSet.copyOf(iface.getDeclaredNames()));
    // All prefixes is the combination of the interface prefix + any secondary prefixes.
    ImmutableSet.Builder<InterfaceAddress> allPrefixes = ImmutableSet.builder();
    if (iface.getAddress() != null) {
        newIface.setAddress(iface.getAddress());
        allPrefixes.add(iface.getAddress());
    }
    allPrefixes.addAll(iface.getSecondaryAddresses());
    newIface.setAllAddresses(allPrefixes.build());
    Long ospfAreaLong = iface.getOspfArea();
    if (ospfAreaLong != null) {
        OspfProcess proc = vrf.getOspfProcess();
        if (proc != null) {
            if (iface.getOspfActive()) {
                proc.getActiveInterfaceList().add(name);
            }
            if (iface.getOspfPassive()) {
                proc.getPassiveInterfaceList().add(name);
            }
            for (InterfaceAddress address : newIface.getAllAddresses()) {
                Prefix prefix = address.getPrefix();
                OspfNetwork ospfNetwork = new OspfNetwork(prefix, ospfAreaLong);
                proc.getNetworks().add(ospfNetwork);
            }
        } else {
            _w.redFlag("Interface: '" + name + "' contains OSPF settings, but there is no OSPF process");
        }
    }
    boolean level1 = false;
    boolean level2 = false;
    IsisProcess isisProcess = vrf.getIsisProcess();
    if (isisProcess != null) {
        switch(isisProcess.getLevel()) {
            case LEVEL_1:
                level1 = true;
                break;
            case LEVEL_1_2:
                level1 = true;
                level2 = true;
                break;
            case LEVEL_2:
                level2 = true;
                break;
            default:
                throw new VendorConversionException("Invalid IS-IS level");
        }
    }
    if (level1) {
        newIface.setIsisL1InterfaceMode(iface.getIsisInterfaceMode());
    } else {
        newIface.setIsisL1InterfaceMode(IsisInterfaceMode.UNSET);
    }
    if (level2) {
        newIface.setIsisL2InterfaceMode(iface.getIsisInterfaceMode());
    } else {
        newIface.setIsisL2InterfaceMode(IsisInterfaceMode.UNSET);
    }
    newIface.setIsisCost(iface.getIsisCost());
    newIface.setOspfCost(iface.getOspfCost());
    newIface.setOspfDeadInterval(iface.getOspfDeadInterval());
    newIface.setOspfHelloMultiplier(iface.getOspfHelloMultiplier());
    // switch settings
    newIface.setAccessVlan(iface.getAccessVlan());
    newIface.setNativeVlan(iface.getNativeVlan());
    newIface.setSwitchportMode(iface.getSwitchportMode());
    SwitchportEncapsulationType encapsulation = iface.getSwitchportTrunkEncapsulation();
    if (encapsulation == null) {
        // no encapsulation set, so use default..
        // TODO: check if this is OK
        encapsulation = SwitchportEncapsulationType.DOT1Q;
    }
    newIface.setSwitchportTrunkEncapsulation(encapsulation);
    newIface.addAllowedRanges(iface.getAllowedVlans());
    String incomingFilterName = iface.getIncomingFilter();
    if (incomingFilterName != null) {
        int incomingFilterLine = iface.getIncomingFilterLine();
        IpAccessList incomingFilter = ipAccessLists.get(incomingFilterName);
        if (incomingFilter == null) {
            undefined(CiscoStructureType.IP_ACCESS_LIST, incomingFilterName, CiscoStructureUsage.INTERFACE_INCOMING_FILTER, incomingFilterLine);
        } else {
            String msg = "incoming acl for interface: " + iface.getName();
            ExtendedAccessList incomingExtendedAccessList = _extendedAccessLists.get(incomingFilterName);
            if (incomingExtendedAccessList != null) {
                incomingExtendedAccessList.getReferers().put(iface, msg);
            }
            StandardAccessList incomingStandardAccessList = _standardAccessLists.get(incomingFilterName);
            if (incomingStandardAccessList != null) {
                incomingStandardAccessList.getReferers().put(iface, msg);
            }
        }
        newIface.setIncomingFilter(incomingFilter);
    }
    String outgoingFilterName = iface.getOutgoingFilter();
    if (outgoingFilterName != null) {
        int outgoingFilterLine = iface.getOutgoingFilterLine();
        IpAccessList outgoingFilter = ipAccessLists.get(outgoingFilterName);
        if (outgoingFilter == null) {
            undefined(CiscoStructureType.IP_ACCESS_LIST, outgoingFilterName, CiscoStructureUsage.INTERFACE_OUTGOING_FILTER, outgoingFilterLine);
        } else {
            String msg = "outgoing acl for interface: " + iface.getName();
            ExtendedAccessList outgoingExtendedAccessList = _extendedAccessLists.get(outgoingFilterName);
            if (outgoingExtendedAccessList != null) {
                outgoingExtendedAccessList.getReferers().put(iface, msg);
            }
            StandardAccessList outgoingStandardAccessList = _standardAccessLists.get(outgoingFilterName);
            if (outgoingStandardAccessList != null) {
                outgoingStandardAccessList.getReferers().put(iface, msg);
            }
        }
        newIface.setOutgoingFilter(outgoingFilter);
    }
    List<CiscoSourceNat> origSourceNats = iface.getSourceNats();
    if (origSourceNats != null) {
        // Process each of the CiscoSourceNats:
        // 1) Collect references to ACLs and NAT pools.
        // 2) For valid CiscoSourceNat rules, add them to the newIface source NATs list.
        newIface.setSourceNats(origSourceNats.stream().map(nat -> processSourceNat(nat, iface, ipAccessLists)).filter(Objects::nonNull).collect(ImmutableList.toImmutableList()));
    }
    String routingPolicyName = iface.getRoutingPolicy();
    if (routingPolicyName != null) {
        int routingPolicyLine = iface.getRoutingPolicyLine();
        RouteMap routingPolicyRouteMap = _routeMaps.get(routingPolicyName);
        if (routingPolicyRouteMap == null) {
            undefined(CiscoStructureType.ROUTE_MAP, routingPolicyName, CiscoStructureUsage.INTERFACE_POLICY_ROUTING_MAP, routingPolicyLine);
        } else {
            routingPolicyRouteMap.getReferers().put(iface, "routing policy for interface: " + iface.getName());
        }
        newIface.setRoutingPolicy(routingPolicyName);
    }
    return newIface;
}
Also used : DefinedStructure(org.batfish.common.util.DefinedStructure) Prefix6Range(org.batfish.datamodel.Prefix6Range) CallStatement(org.batfish.datamodel.routing_policy.statement.CallStatement) Arrays(java.util.Arrays) OspfAreaSummary(org.batfish.datamodel.OspfAreaSummary) Disjunction(org.batfish.datamodel.routing_policy.expr.Disjunction) CommunityListLine(org.batfish.datamodel.CommunityListLine) RouteFilterList(org.batfish.datamodel.RouteFilterList) TunnelMode(org.batfish.representation.cisco.Tunnel.TunnelMode) PrefixSpace(org.batfish.datamodel.PrefixSpace) Matcher(java.util.regex.Matcher) GeneratedRoute6(org.batfish.datamodel.GeneratedRoute6) Ip6AccessList(org.batfish.datamodel.Ip6AccessList) Aaa(org.batfish.datamodel.vendor_family.cisco.Aaa) Map(java.util.Map) CiscoFamily(org.batfish.datamodel.vendor_family.cisco.CiscoFamily) BigInteger(java.math.BigInteger) ConfigurationFormat(org.batfish.datamodel.ConfigurationFormat) VendorConfiguration(org.batfish.vendor.VendorConfiguration) Set(java.util.Set) SelfNextHop(org.batfish.datamodel.routing_policy.expr.SelfNextHop) Cable(org.batfish.datamodel.vendor_family.cisco.Cable) State(org.batfish.datamodel.State) SourceNat(org.batfish.datamodel.SourceNat) MultipathEquivalentAsPathMatchMode(org.batfish.datamodel.MultipathEquivalentAsPathMatchMode) DestinationNetwork(org.batfish.datamodel.routing_policy.expr.DestinationNetwork) CallExpr(org.batfish.datamodel.routing_policy.expr.CallExpr) Route6FilterList(org.batfish.datamodel.Route6FilterList) NamedPrefixSet(org.batfish.datamodel.routing_policy.expr.NamedPrefixSet) If(org.batfish.datamodel.routing_policy.statement.If) Statements(org.batfish.datamodel.routing_policy.statement.Statements) CommonUtil(org.batfish.common.util.CommonUtil) Ip6AccessListLine(org.batfish.datamodel.Ip6AccessListLine) TreeSet(java.util.TreeSet) SetNextHop(org.batfish.datamodel.routing_policy.statement.SetNextHop) ArrayList(java.util.ArrayList) LiteralLong(org.batfish.datamodel.routing_policy.expr.LiteralLong) TcpFlags(org.batfish.datamodel.TcpFlags) CommunityList(org.batfish.datamodel.CommunityList) SnmpServer(org.batfish.datamodel.SnmpServer) Ip6(org.batfish.datamodel.Ip6) LineAction(org.batfish.datamodel.LineAction) ImmutableSortedMap(com.google.common.collect.ImmutableSortedMap) LinkedHashSet(java.util.LinkedHashSet) Nullable(javax.annotation.Nullable) DestinationNetwork6(org.batfish.datamodel.routing_policy.expr.DestinationNetwork6) ImmutableSortedSet(com.google.common.collect.ImmutableSortedSet) WithEnvironmentExpr(org.batfish.datamodel.routing_policy.expr.WithEnvironmentExpr) MatchPrefixSet(org.batfish.datamodel.routing_policy.expr.MatchPrefixSet) BgpTieBreaker(org.batfish.datamodel.BgpTieBreaker) AaaAuthentication(org.batfish.datamodel.vendor_family.cisco.AaaAuthentication) TreeMap(java.util.TreeMap) AaaAuthenticationLogin(org.batfish.datamodel.vendor_family.cisco.AaaAuthenticationLogin) GeneratedRoute(org.batfish.datamodel.GeneratedRoute) SetMetric(org.batfish.datamodel.routing_policy.statement.SetMetric) IpsecVpn(org.batfish.datamodel.IpsecVpn) IpProtocol(org.batfish.datamodel.IpProtocol) SortedSet(java.util.SortedSet) Not(org.batfish.datamodel.routing_policy.expr.Not) IkePolicy(org.batfish.datamodel.IkePolicy) InterfaceAddress(org.batfish.datamodel.InterfaceAddress) Ip6Wildcard(org.batfish.datamodel.Ip6Wildcard) IsisInterfaceMode(org.batfish.datamodel.IsisInterfaceMode) Prefix6(org.batfish.datamodel.Prefix6) Route6FilterLine(org.batfish.datamodel.Route6FilterLine) MatchPrefix6Set(org.batfish.datamodel.routing_policy.expr.MatchPrefix6Set) AsPathAccessList(org.batfish.datamodel.AsPathAccessList) OspfArea(org.batfish.datamodel.OspfArea) Statement(org.batfish.datamodel.routing_policy.statement.Statement) Conjunction(org.batfish.datamodel.routing_policy.expr.Conjunction) ImmutableSet(com.google.common.collect.ImmutableSet) ImmutableMap(com.google.common.collect.ImmutableMap) Line(org.batfish.datamodel.vendor_family.cisco.Line) NavigableSet(java.util.NavigableSet) OriginType(org.batfish.datamodel.OriginType) Objects(java.util.Objects) List(java.util.List) RoutingPolicy(org.batfish.datamodel.routing_policy.RoutingPolicy) Entry(java.util.Map.Entry) BooleanExprs(org.batfish.datamodel.routing_policy.expr.BooleanExprs) Pattern(java.util.regex.Pattern) BgpNeighbor(org.batfish.datamodel.BgpNeighbor) MatchProtocol(org.batfish.datamodel.routing_policy.expr.MatchProtocol) SortedMap(java.util.SortedMap) IpWildcard(org.batfish.datamodel.IpWildcard) SwitchportEncapsulationType(org.batfish.datamodel.SwitchportEncapsulationType) Ip(org.batfish.datamodel.Ip) OspfMetricType(org.batfish.datamodel.OspfMetricType) BooleanExpr(org.batfish.datamodel.routing_policy.expr.BooleanExpr) RoutingProtocol(org.batfish.datamodel.RoutingProtocol) HashMap(java.util.HashMap) AsPathSetElem(org.batfish.datamodel.routing_policy.expr.AsPathSetElem) BatfishException(org.batfish.common.BatfishException) IpAccessList(org.batfish.datamodel.IpAccessList) SetOrigin(org.batfish.datamodel.routing_policy.statement.SetOrigin) HashSet(java.util.HashSet) IpsecPolicy(org.batfish.datamodel.IpsecPolicy) LiteralOrigin(org.batfish.datamodel.routing_policy.expr.LiteralOrigin) IkeGateway(org.batfish.datamodel.IkeGateway) ImmutableList(com.google.common.collect.ImmutableList) RouteFilterLine(org.batfish.datamodel.RouteFilterLine) SubRange(org.batfish.datamodel.SubRange) Configuration(org.batfish.datamodel.Configuration) AsPathAccessListLine(org.batfish.datamodel.AsPathAccessListLine) ReferenceCountedStructure(org.batfish.common.util.ReferenceCountedStructure) ExplicitPrefixSet(org.batfish.datamodel.routing_policy.expr.ExplicitPrefixSet) PrefixRange(org.batfish.datamodel.PrefixRange) ExplicitPrefix6Set(org.batfish.datamodel.routing_policy.expr.ExplicitPrefix6Set) IpAccessListLine(org.batfish.datamodel.IpAccessListLine) Prefix6Space(org.batfish.datamodel.Prefix6Space) Comparator(java.util.Comparator) Collections(java.util.Collections) VendorConversionException(org.batfish.common.VendorConversionException) Prefix(org.batfish.datamodel.Prefix) SetOspfMetricType(org.batfish.datamodel.routing_policy.statement.SetOspfMetricType) Prefix(org.batfish.datamodel.Prefix) ImmutableSet(com.google.common.collect.ImmutableSet) SwitchportEncapsulationType(org.batfish.datamodel.SwitchportEncapsulationType) InterfaceAddress(org.batfish.datamodel.InterfaceAddress) VendorConversionException(org.batfish.common.VendorConversionException) LiteralLong(org.batfish.datamodel.routing_policy.expr.LiteralLong) Objects(java.util.Objects) IpAccessList(org.batfish.datamodel.IpAccessList)

Aggregations

IpAccessList (org.batfish.datamodel.IpAccessList)37 IpAccessListLine (org.batfish.datamodel.IpAccessListLine)19 Configuration (org.batfish.datamodel.Configuration)17 Ip (org.batfish.datamodel.Ip)16 Interface (org.batfish.datamodel.Interface)14 ArrayList (java.util.ArrayList)10 Test (org.junit.Test)10 BatfishException (org.batfish.common.BatfishException)9 List (java.util.List)7 IpWildcard (org.batfish.datamodel.IpWildcard)7 LineAction (org.batfish.datamodel.LineAction)7 SubRange (org.batfish.datamodel.SubRange)7 ImmutableList (com.google.common.collect.ImmutableList)6 Set (java.util.Set)6 TreeSet (java.util.TreeSet)6 Edge (org.batfish.datamodel.Edge)6 InterfaceAddress (org.batfish.datamodel.InterfaceAddress)6 Prefix (org.batfish.datamodel.Prefix)6 SourceNat (org.batfish.datamodel.SourceNat)6 Map (java.util.Map)5