Search in sources :

Example 1 with IpWildcard

use of org.batfish.datamodel.IpWildcard in project batfish by batfish.

the class Client method validateType.

/**
 * Validate the contents contained in json-encoded {@code value} matches the type required by
 * {@code variable}, and the length of input string meets the requirement of minimum length if
 * specified in {@code variable}. Call {@link Variable#getType()} on {@code variable} gives the
 * expected type.
 *
 * @throws BatfishException if the content encoded in input {@code value} does not satisfy the
 *     requirements specified in {@code variable}.
 */
static void validateType(JsonNode value, Variable variable) throws BatfishException {
    int minLength = variable.getMinLength() == null ? 0 : variable.getMinLength();
    if (value.isTextual() && value.textValue().length() < minLength) {
        throw new BatfishException(String.format("Must be at least %s characters in length", minLength));
    }
    Variable.Type expectedType = variable.getType();
    switch(expectedType) {
        case BOOLEAN:
            if (!value.isBoolean()) {
                throw new BatfishException(String.format("It is not a valid JSON %s value", expectedType.getName()));
            }
            break;
        case COMPARATOR:
            if (!(COMPARATORS.contains(value.textValue()))) {
                throw new BatfishException(String.format("It is not a known %s. Valid options are:" + " %s", expectedType.getName(), COMPARATORS));
            }
            break;
        case DOUBLE:
            if (!value.isDouble()) {
                throw new BatfishException(String.format("It is not a valid JSON %s value", expectedType.getName()));
            }
            break;
        case FLOAT:
            if (!value.isFloat()) {
                throw new BatfishException(String.format("It is not a valid JSON %s value", expectedType.getName()));
            }
            break;
        case INTEGER:
            if (!value.isInt()) {
                throw new BatfishException(String.format("It is not a valid JSON %s value", expectedType.getName()));
            }
            break;
        case LONG:
            if (!value.isLong()) {
                throw new BatfishException(String.format("It is not a valid JSON %s value", expectedType.getName()));
            }
            break;
        case IP:
            // TODO: Need to double check isInetAddress()
            if (!(value.isTextual())) {
                throw new BatfishException(String.format("A Batfish %s must be a JSON string", expectedType.getName()));
            }
            new Ip(value.textValue());
            break;
        case IP_PROTOCOL:
            if (!value.isTextual()) {
                throw new BatfishException(String.format("A Batfish %s must be a JSON string", expectedType.getName()));
            }
            try {
                IpProtocol.fromString(value.textValue());
            } catch (IllegalArgumentException e) {
                throw new BatfishException(String.format("Unknown %s string", expectedType.getName()));
            }
            break;
        case IP_WILDCARD:
            if (!value.isTextual()) {
                throw new BatfishException(String.format("A Batfish %s must be a JSON string", expectedType.getName()));
            }
            new IpWildcard(value.textValue());
            break;
        case JAVA_REGEX:
            if (!value.isTextual()) {
                throw new BatfishException(String.format("A Batfish %s must be a JSON string", expectedType.getName()));
            }
            try {
                Pattern.compile(value.textValue());
            } catch (PatternSyntaxException e) {
                throw new BatfishException("It is not a valid Java regular " + "expression", e);
            }
            break;
        case JSON_PATH_REGEX:
            if (!value.isTextual()) {
                throw new BatfishException(String.format("A Batfish %s must be a JSON string", expectedType.getName()));
            }
            validateJsonPathRegex(value.textValue());
            break;
        case PREFIX:
            if (!value.isTextual()) {
                throw new BatfishException(String.format("A Batfish %s must be a JSON string", expectedType.getName()));
            }
            Prefix.parse(value.textValue());
            break;
        case PREFIX_RANGE:
            if (!value.isTextual()) {
                throw new BatfishException(String.format("A Batfish %s must be a JSON string", expectedType.getName()));
            }
            PrefixRange.fromString(value.textValue());
            break;
        case QUESTION:
            // TODO: Implement
            break;
        case STRING:
            if (!value.isTextual()) {
                throw new BatfishException(String.format("A Batfish %s must be a JSON string", expectedType.getName()));
            }
            break;
        case SUBRANGE:
            if (!(value.isTextual() || value.isInt())) {
                throw new BatfishException(String.format("A Batfish %s must be a JSON string or " + "integer", expectedType.getName()));
            }
            Object actualValue = value.isTextual() ? value.textValue() : value.asInt();
            new SubRange(actualValue);
            break;
        case PROTOCOL:
            if (!value.isTextual()) {
                throw new BatfishException(String.format("A Batfish %s must be a JSON string", expectedType.getName()));
            }
            Protocol.fromString(value.textValue());
            break;
        case JSON_PATH:
            validateJsonPath(value);
            break;
        default:
            throw new BatfishException(String.format("Unsupported parameter type: %s", expectedType));
    }
}
Also used : IpWildcard(org.batfish.datamodel.IpWildcard) BatfishException(org.batfish.common.BatfishException) Variable(org.batfish.datamodel.questions.Question.InstanceData.Variable) Ip(org.batfish.datamodel.Ip) JSONObject(org.codehaus.jettison.json.JSONObject) SubRange(org.batfish.datamodel.SubRange) PatternSyntaxException(java.util.regex.PatternSyntaxException)

Example 2 with IpWildcard

use of org.batfish.datamodel.IpWildcard in project batfish by batfish.

the class CiscoControlPlaneExtractor method exitStandard_access_list_tail.

@Override
public void exitStandard_access_list_tail(Standard_access_list_tailContext ctx) {
    LineAction action = toLineAction(ctx.ala);
    Ip srcIp = getIp(ctx.ipr);
    Ip srcWildcard = getWildcard(ctx.ipr);
    Set<Integer> dscps = new TreeSet<>();
    Set<Integer> ecns = new TreeSet<>();
    for (Standard_access_list_additional_featureContext feature : ctx.features) {
        if (feature.DSCP() != null) {
            int dscpType = toDscpType(feature.dscp_type());
            dscps.add(dscpType);
        } else if (feature.ECN() != null) {
            int ecn = toInteger(feature.ecn);
            ecns.add(ecn);
        }
    }
    String name;
    if (ctx.num != null) {
        name = ctx.num.getText();
    } else {
        name = getFullText(ctx).trim();
    }
    StandardAccessListLine line = new StandardAccessListLine(name, action, new IpWildcard(srcIp, srcWildcard), dscps, ecns);
    _currentStandardAcl.addLine(line);
}
Also used : LineAction(org.batfish.datamodel.LineAction) IpWildcard(org.batfish.datamodel.IpWildcard) Standard_access_list_additional_featureContext(org.batfish.grammar.cisco.CiscoParser.Standard_access_list_additional_featureContext) StandardAccessListLine(org.batfish.representation.cisco.StandardAccessListLine) TreeSet(java.util.TreeSet) Ip(org.batfish.datamodel.Ip) RoutePolicyNextHopIp(org.batfish.representation.cisco.RoutePolicyNextHopIp)

Example 3 with IpWildcard

use of org.batfish.datamodel.IpWildcard in project batfish by batfish.

the class NetworkAcl method getAcl.

private IpAccessList getAcl(boolean isEgress) {
    String listName = _networkAclId + (isEgress ? "_egress" : "_ingress");
    Map<Integer, IpAccessListLine> lineMap = new TreeMap<>();
    for (NetworkAclEntry entry : _entries) {
        if ((isEgress && entry.getIsEgress()) || (!isEgress && !entry.getIsEgress())) {
            IpAccessListLine line = new IpAccessListLine();
            int key = entry.getRuleNumber();
            LineAction action = entry.getIsAllow() ? LineAction.ACCEPT : LineAction.REJECT;
            line.setAction(action);
            Prefix prefix = entry.getCidrBlock();
            if (!prefix.equals(Prefix.ZERO)) {
                if (isEgress) {
                    line.setDstIps(ImmutableSortedSet.of(new IpWildcard(prefix)));
                } else {
                    line.setSrcIps(ImmutableSortedSet.of(new IpWildcard(prefix)));
                }
            }
            IpProtocol protocol = IpPermissions.toIpProtocol(entry.getProtocol());
            String protocolStr = protocol != null ? protocol.toString() : "ALL";
            if (protocol != null) {
                line.setIpProtocols(ImmutableSortedSet.of(protocol));
            }
            int fromPort = entry.getFromPort();
            int toPort = entry.getToPort();
            SubRange portRange = new SubRange(fromPort, toPort);
            if (fromPort != -1 || toPort != -1) {
                if (fromPort == -1) {
                    fromPort = 0;
                }
                if (toPort == -1) {
                    toPort = 65535;
                }
                line.setDstPorts(ImmutableSortedSet.of(portRange));
            }
            String portStr;
            if (protocol == IpProtocol.ICMP) {
                // TODO: flesh these out
                portStr = "some ICMP type(s)/code(s)";
            } else if ((fromPort == 0 && toPort == 65535) || (fromPort == -1 && toPort == -1)) {
                portStr = "ALL";
            } else {
                portStr = portRange.toString();
            }
            String actionStr = action == LineAction.ACCEPT ? "ALLOW" : "DENY";
            String lineNumber = key == 32767 ? "*" : Integer.toString(key);
            line.setName(String.format("%s %s %s %s %s", lineNumber, protocolStr, portStr, prefix, actionStr));
            lineMap.put(key, line);
        }
    }
    List<IpAccessListLine> lines = ImmutableList.copyOf(lineMap.values());
    IpAccessList list = new IpAccessList(listName, lines);
    return list;
}
Also used : LineAction(org.batfish.datamodel.LineAction) Prefix(org.batfish.datamodel.Prefix) TreeMap(java.util.TreeMap) IpWildcard(org.batfish.datamodel.IpWildcard) IpProtocol(org.batfish.datamodel.IpProtocol) IpAccessListLine(org.batfish.datamodel.IpAccessListLine) SubRange(org.batfish.datamodel.SubRange) IpAccessList(org.batfish.datamodel.IpAccessList)

Example 4 with IpWildcard

use of org.batfish.datamodel.IpWildcard in project batfish by batfish.

the class FwFromPrefixList method applyTo.

@Override
public void applyTo(IpAccessListLine line, JuniperConfiguration jc, Warnings w, Configuration c) {
    PrefixList pl = jc.getPrefixLists().get(_name);
    if (pl != null) {
        pl.getReferers().put(this, "firewall from source-prefix-list");
        if (pl.getIpv6()) {
            return;
        }
        RouteFilterList sourcePrefixList = c.getRouteFilterLists().get(_name);
        List<IpWildcard> wildcards = sourcePrefixList.getMatchingIps();
        line.setSrcOrDstIps(Iterables.concat(line.getSrcOrDstIps(), wildcards));
    } else {
        w.redFlag("Reference to undefined source prefix-list: \"" + _name + "\"");
    }
}
Also used : IpWildcard(org.batfish.datamodel.IpWildcard) RouteFilterList(org.batfish.datamodel.RouteFilterList)

Example 5 with IpWildcard

use of org.batfish.datamodel.IpWildcard in project batfish by batfish.

the class FwFromSourceAddress method applyTo.

@Override
public void applyTo(IpAccessListLine line, JuniperConfiguration jc, Warnings w, Configuration c) {
    IpWildcard wildcard = new IpWildcard(_prefix);
    line.setSrcIps(Iterables.concat(line.getSrcIps(), Collections.singleton(wildcard)));
}
Also used : IpWildcard(org.batfish.datamodel.IpWildcard)

Aggregations

IpWildcard (org.batfish.datamodel.IpWildcard)63 Test (org.junit.Test)38 Ip (org.batfish.datamodel.Ip)18 IpAccessListLine (org.batfish.datamodel.IpAccessListLine)17 SubRange (org.batfish.datamodel.SubRange)16 HeaderSpace (org.batfish.datamodel.HeaderSpace)12 Prefix (org.batfish.datamodel.Prefix)9 LinkedList (java.util.LinkedList)8 Configuration (org.batfish.datamodel.Configuration)8 Context (com.microsoft.z3.Context)7 Interface (org.batfish.datamodel.Interface)7 IpAccessList (org.batfish.datamodel.IpAccessList)6 IpProtocol (org.batfish.datamodel.IpProtocol)6 BoolExpr (com.microsoft.z3.BoolExpr)5 TreeSet (java.util.TreeSet)5 BatfishException (org.batfish.common.BatfishException)5 RouteFilterList (org.batfish.datamodel.RouteFilterList)5 ImmutableSortedMap (com.google.common.collect.ImmutableSortedMap)4 Status (com.microsoft.z3.Status)4 Map (java.util.Map)4