Example 1 with IpProtocol
use of org.batfish.datamodel.IpProtocol in project batfish by batfish.
the class ConfigurationBuilder method exitFftf_protocol.
@Override
public void exitFftf_protocol(Fftf_protocolContext ctx) {
IpProtocol protocol = toIpProtocol(ctx.ip_protocol());
FwFrom from = new FwFromProtocol(protocol);
_currentFwTerm.getFroms().add(from);
}
Also used :
IpProtocol(org.batfish.datamodel.IpProtocol)
FwFrom(org.batfish.representation.juniper.FwFrom)
FwFromProtocol(org.batfish.representation.juniper.FwFromProtocol)
Example 2 with IpProtocol
use of org.batfish.datamodel.IpProtocol in project batfish by batfish.
the class ConfigurationBuilder method exitAat_protocol.
@Override
public void exitAat_protocol(Aat_protocolContext ctx) {
IpProtocol protocol = toIpProtocol(ctx.ip_protocol());
_currentApplicationTerm.getLine().getIpProtocols().add(protocol);
}
Also used :
IpProtocol(org.batfish.datamodel.IpProtocol)
Example 3 with IpProtocol
use of org.batfish.datamodel.IpProtocol in project batfish by batfish.
the class NetworkAcl method getAcl.
private IpAccessList getAcl(boolean isEgress) {
String listName = _networkAclId + (isEgress ? "_egress" : "_ingress");
Map<Integer, IpAccessListLine> lineMap = new TreeMap<>();
for (NetworkAclEntry entry : _entries) {
if ((isEgress && entry.getIsEgress()) || (!isEgress && !entry.getIsEgress())) {
IpAccessListLine line = new IpAccessListLine();
int key = entry.getRuleNumber();
LineAction action = entry.getIsAllow() ? LineAction.ACCEPT : LineAction.REJECT;
line.setAction(action);
Prefix prefix = entry.getCidrBlock();
if (!prefix.equals(Prefix.ZERO)) {
if (isEgress) {
line.setDstIps(ImmutableSortedSet.of(new IpWildcard(prefix)));
} else {
line.setSrcIps(ImmutableSortedSet.of(new IpWildcard(prefix)));
}
}
IpProtocol protocol = IpPermissions.toIpProtocol(entry.getProtocol());
String protocolStr = protocol != null ? protocol.toString() : "ALL";
if (protocol != null) {
line.setIpProtocols(ImmutableSortedSet.of(protocol));
}
int fromPort = entry.getFromPort();
int toPort = entry.getToPort();
SubRange portRange = new SubRange(fromPort, toPort);
if (fromPort != -1 || toPort != -1) {
if (fromPort == -1) {
fromPort = 0;
}
if (toPort == -1) {
toPort = 65535;
}
line.setDstPorts(ImmutableSortedSet.of(portRange));
}
String portStr;
if (protocol == IpProtocol.ICMP) {
// TODO: flesh these out
portStr = "some ICMP type(s)/code(s)";
} else if ((fromPort == 0 && toPort == 65535) || (fromPort == -1 && toPort == -1)) {
portStr = "ALL";
} else {
portStr = portRange.toString();
}
String actionStr = action == LineAction.ACCEPT ? "ALLOW" : "DENY";
String lineNumber = key == 32767 ? "*" : Integer.toString(key);
line.setName(String.format("%s %s %s %s %s", lineNumber, protocolStr, portStr, prefix, actionStr));
lineMap.put(key, line);
}
}
List<IpAccessListLine> lines = ImmutableList.copyOf(lineMap.values());
IpAccessList list = new IpAccessList(listName, lines);
return list;
}
Also used :
LineAction(org.batfish.datamodel.LineAction)
Prefix(org.batfish.datamodel.Prefix)
TreeMap(java.util.TreeMap)
IpWildcard(org.batfish.datamodel.IpWildcard)
IpProtocol(org.batfish.datamodel.IpProtocol)
IpAccessListLine(org.batfish.datamodel.IpAccessListLine)
SubRange(org.batfish.datamodel.SubRange)
IpAccessList(org.batfish.datamodel.IpAccessList)
Example 4 with IpProtocol
use of org.batfish.datamodel.IpProtocol in project batfish by batfish.
the class EncoderSlice method computeIpProtocols.
/*
* Convert a set of ip protocols to a boolean expression on the symbolic packet
*/
private BoolExpr computeIpProtocols(Set<IpProtocol> ipProtos) {
BoolExpr acc = mkFalse();
for (IpProtocol proto : ipProtos) {
ArithExpr protoNum = mkInt(proto.number());
acc = mkOr(acc, mkEq(protoNum, _symbolicPacket.getIpProtocol()));
}
return (BoolExpr) acc.simplify();
}
Also used :
ArithExpr(com.microsoft.z3.ArithExpr)
BoolExpr(com.microsoft.z3.BoolExpr)
IpProtocol(org.batfish.datamodel.IpProtocol)
Example 5 with IpProtocol
use of org.batfish.datamodel.IpProtocol in project batfish by batfish.
the class EncoderSlice method addHeaderSpaceConstraint.
/*
* Add constraints for the type of packets we will consider in the model.
* This can include restrictions on any packet field such as dstIp, protocol etc.
*/
private void addHeaderSpaceConstraint() {
BoolExpr acc;
if (_headerSpace.getDstIps().size() > 0) {
acc = mkFalse();
for (IpWildcard ipWildcard : _headerSpace.getDstIps()) {
BoolExpr bound = ipWildCardBound(_symbolicPacket.getDstIp(), ipWildcard);
acc = mkOr(acc, bound);
}
add(acc);
}
if (_headerSpace.getNotDstIps().size() > 0) {
acc = mkTrue();
for (IpWildcard ipWildcard : _headerSpace.getNotDstIps()) {
BoolExpr bound = ipWildCardBound(_symbolicPacket.getDstIp(), ipWildcard);
acc = mkAnd(acc, mkNot(bound));
}
add(acc);
}
if (_headerSpace.getSrcIps().size() > 0) {
acc = mkFalse();
for (IpWildcard ipWildcard : _headerSpace.getSrcIps()) {
BoolExpr bound = ipWildCardBound(_symbolicPacket.getSrcIp(), ipWildcard);
acc = mkOr(acc, bound);
}
add(acc);
}
if (_headerSpace.getNotSrcIps().size() > 0) {
acc = mkTrue();
for (IpWildcard ipWildcard : _headerSpace.getNotSrcIps()) {
BoolExpr bound = ipWildCardBound(_symbolicPacket.getSrcIp(), ipWildcard);
acc = mkAnd(acc, mkNot(bound));
}
add(acc);
}
if (_headerSpace.getSrcOrDstIps().size() > 0) {
acc = mkFalse();
for (IpWildcard ipWildcard : _headerSpace.getSrcOrDstIps()) {
BoolExpr bound1 = ipWildCardBound(_symbolicPacket.getDstIp(), ipWildcard);
BoolExpr bound2 = ipWildCardBound(_symbolicPacket.getSrcIp(), ipWildcard);
acc = mkOr(acc, bound1, bound2);
}
add(acc);
}
if (_headerSpace.getDstPorts().size() > 0) {
acc = mkFalse();
for (SubRange subRange : _headerSpace.getDstPorts()) {
BoolExpr bound = subRangeBound(_symbolicPacket.getDstPort(), subRange);
acc = mkOr(acc, bound);
}
add(acc);
}
if (_headerSpace.getNotDstPorts().size() > 0) {
acc = mkTrue();
for (SubRange subRange : _headerSpace.getNotDstPorts()) {
BoolExpr bound = subRangeBound(_symbolicPacket.getDstPort(), subRange);
acc = mkAnd(acc, mkNot(bound));
}
add(acc);
}
if (_headerSpace.getSrcPorts().size() > 0) {
acc = mkFalse();
for (SubRange subRange : _headerSpace.getSrcPorts()) {
BoolExpr bound = subRangeBound(_symbolicPacket.getDstPort(), subRange);
acc = mkOr(acc, bound);
}
add(acc);
}
if (_headerSpace.getNotSrcPorts().size() > 0) {
acc = mkTrue();
for (SubRange subRange : _headerSpace.getNotSrcPorts()) {
BoolExpr bound = subRangeBound(_symbolicPacket.getDstPort(), subRange);
acc = mkAnd(acc, mkNot(bound));
}
add(acc);
}
if (_headerSpace.getSrcOrDstPorts().size() > 0) {
acc = mkFalse();
for (SubRange subRange : _headerSpace.getSrcOrDstPorts()) {
BoolExpr bound1 = subRangeBound(_symbolicPacket.getDstPort(), subRange);
BoolExpr bound2 = subRangeBound(_symbolicPacket.getSrcPort(), subRange);
acc = mkOr(acc, bound1, bound2);
}
add(acc);
}
if (_headerSpace.getIcmpTypes().size() > 0) {
acc = mkFalse();
for (SubRange subRange : _headerSpace.getIcmpTypes()) {
BoolExpr bound = subRangeBound(_symbolicPacket.getIcmpType(), subRange);
acc = mkOr(acc, bound);
}
add(acc);
}
if (_headerSpace.getNotIcmpTypes().size() > 0) {
acc = mkTrue();
for (SubRange subRange : _headerSpace.getNotIcmpTypes()) {
BoolExpr bound = subRangeBound(_symbolicPacket.getIcmpType(), subRange);
acc = mkAnd(acc, mkNot(bound));
}
add(acc);
}
if (_headerSpace.getIcmpCodes().size() > 0) {
acc = mkFalse();
for (SubRange subRange : _headerSpace.getIcmpCodes()) {
BoolExpr bound = subRangeBound(_symbolicPacket.getIcmpCode(), subRange);
acc = mkOr(acc, bound);
}
add(acc);
}
if (_headerSpace.getNotIcmpCodes().size() > 0) {
acc = mkTrue();
for (SubRange subRange : _headerSpace.getNotIcmpCodes()) {
BoolExpr bound = subRangeBound(_symbolicPacket.getIcmpCode(), subRange);
acc = mkAnd(acc, mkNot(bound));
}
add(acc);
}
if (_headerSpace.getIpProtocols().size() > 0) {
acc = mkFalse();
for (IpProtocol ipProtocol : _headerSpace.getIpProtocols()) {
BoolExpr bound = mkEq(_symbolicPacket.getIpProtocol(), mkInt(ipProtocol.number()));
acc = mkOr(acc, bound);
}
add(acc);
}
if (_headerSpace.getNotIpProtocols().size() > 0) {
acc = mkTrue();
for (IpProtocol ipProtocol : _headerSpace.getNotIpProtocols()) {
BoolExpr bound = mkEq(_symbolicPacket.getIpProtocol(), mkInt(ipProtocol.number()));
acc = mkAnd(acc, mkNot(bound));
}
add(acc);
}
// TODO: need to implement fragment offsets, Ecns, states, etc
}
Also used :
IpWildcard(org.batfish.datamodel.IpWildcard)
BoolExpr(com.microsoft.z3.BoolExpr)
IpProtocol(org.batfish.datamodel.IpProtocol)
SubRange(org.batfish.datamodel.SubRange)
Aggregations
IpProtocol (org.batfish.datamodel.IpProtocol)14
SubRange (org.batfish.datamodel.SubRange)8
IpWildcard (org.batfish.datamodel.IpWildcard)5
BoolExpr (com.microsoft.z3.BoolExpr)4
ArrayList (java.util.ArrayList)4
Ip (org.batfish.datamodel.Ip)4
State (org.batfish.datamodel.State)4
TcpFlags (org.batfish.datamodel.TcpFlags)4
TreeSet (java.util.TreeSet)3
IpAccessListLine (org.batfish.datamodel.IpAccessListLine)3
LineAction (org.batfish.datamodel.LineAction)3
ArithExpr (com.microsoft.z3.ArithExpr)2
BigInteger (java.math.BigInteger)2
TreeMap (java.util.TreeMap)2
Ip6Wildcard (org.batfish.datamodel.Ip6Wildcard)2
IpAccessList (org.batfish.datamodel.IpAccessList)2
Prefix (org.batfish.datamodel.Prefix)2
Extended_access_list_additional_featureContext (org.batfish.grammar.cisco.CiscoParser.Extended_access_list_additional_featureContext)2
GraphEdge (org.batfish.symbolic.GraphEdge)2
BitVecExpr (com.microsoft.z3.BitVecExpr)1
