use of org.batfish.datamodel.IpWildcard in project batfish by batfish.
the class Client method validateType.
/**
* Validate the contents contained in json-encoded {@code value} matches the type required by
* {@code variable}, and the length of input string meets the requirement of minimum length if
* specified in {@code variable}. Call {@link Variable#getType()} on {@code variable} gives the
* expected type.
*
* @throws BatfishException if the content encoded in input {@code value} does not satisfy the
* requirements specified in {@code variable}.
*/
static void validateType(JsonNode value, Variable variable) throws BatfishException {
int minLength = variable.getMinLength() == null ? 0 : variable.getMinLength();
if (value.isTextual() && value.textValue().length() < minLength) {
throw new BatfishException(String.format("Must be at least %s characters in length", minLength));
}
Variable.Type expectedType = variable.getType();
switch(expectedType) {
case BOOLEAN:
if (!value.isBoolean()) {
throw new BatfishException(String.format("It is not a valid JSON %s value", expectedType.getName()));
}
break;
case COMPARATOR:
if (!(COMPARATORS.contains(value.textValue()))) {
throw new BatfishException(String.format("It is not a known %s. Valid options are:" + " %s", expectedType.getName(), COMPARATORS));
}
break;
case DOUBLE:
if (!value.isDouble()) {
throw new BatfishException(String.format("It is not a valid JSON %s value", expectedType.getName()));
}
break;
case FLOAT:
if (!value.isFloat()) {
throw new BatfishException(String.format("It is not a valid JSON %s value", expectedType.getName()));
}
break;
case INTEGER:
if (!value.isInt()) {
throw new BatfishException(String.format("It is not a valid JSON %s value", expectedType.getName()));
}
break;
case LONG:
if (!value.isLong()) {
throw new BatfishException(String.format("It is not a valid JSON %s value", expectedType.getName()));
}
break;
case IP:
// TODO: Need to double check isInetAddress()
if (!(value.isTextual())) {
throw new BatfishException(String.format("A Batfish %s must be a JSON string", expectedType.getName()));
}
new Ip(value.textValue());
break;
case IP_PROTOCOL:
if (!value.isTextual()) {
throw new BatfishException(String.format("A Batfish %s must be a JSON string", expectedType.getName()));
}
try {
IpProtocol.fromString(value.textValue());
} catch (IllegalArgumentException e) {
throw new BatfishException(String.format("Unknown %s string", expectedType.getName()));
}
break;
case IP_WILDCARD:
if (!value.isTextual()) {
throw new BatfishException(String.format("A Batfish %s must be a JSON string", expectedType.getName()));
}
new IpWildcard(value.textValue());
break;
case JAVA_REGEX:
if (!value.isTextual()) {
throw new BatfishException(String.format("A Batfish %s must be a JSON string", expectedType.getName()));
}
try {
Pattern.compile(value.textValue());
} catch (PatternSyntaxException e) {
throw new BatfishException("It is not a valid Java regular " + "expression", e);
}
break;
case JSON_PATH_REGEX:
if (!value.isTextual()) {
throw new BatfishException(String.format("A Batfish %s must be a JSON string", expectedType.getName()));
}
validateJsonPathRegex(value.textValue());
break;
case PREFIX:
if (!value.isTextual()) {
throw new BatfishException(String.format("A Batfish %s must be a JSON string", expectedType.getName()));
}
Prefix.parse(value.textValue());
break;
case PREFIX_RANGE:
if (!value.isTextual()) {
throw new BatfishException(String.format("A Batfish %s must be a JSON string", expectedType.getName()));
}
PrefixRange.fromString(value.textValue());
break;
case QUESTION:
// TODO: Implement
break;
case STRING:
if (!value.isTextual()) {
throw new BatfishException(String.format("A Batfish %s must be a JSON string", expectedType.getName()));
}
break;
case SUBRANGE:
if (!(value.isTextual() || value.isInt())) {
throw new BatfishException(String.format("A Batfish %s must be a JSON string or " + "integer", expectedType.getName()));
}
Object actualValue = value.isTextual() ? value.textValue() : value.asInt();
new SubRange(actualValue);
break;
case PROTOCOL:
if (!value.isTextual()) {
throw new BatfishException(String.format("A Batfish %s must be a JSON string", expectedType.getName()));
}
Protocol.fromString(value.textValue());
break;
case JSON_PATH:
validateJsonPath(value);
break;
default:
throw new BatfishException(String.format("Unsupported parameter type: %s", expectedType));
}
}
use of org.batfish.datamodel.IpWildcard in project batfish by batfish.
the class CiscoControlPlaneExtractor method exitStandard_access_list_tail.
@Override
public void exitStandard_access_list_tail(Standard_access_list_tailContext ctx) {
LineAction action = toLineAction(ctx.ala);
Ip srcIp = getIp(ctx.ipr);
Ip srcWildcard = getWildcard(ctx.ipr);
Set<Integer> dscps = new TreeSet<>();
Set<Integer> ecns = new TreeSet<>();
for (Standard_access_list_additional_featureContext feature : ctx.features) {
if (feature.DSCP() != null) {
int dscpType = toDscpType(feature.dscp_type());
dscps.add(dscpType);
} else if (feature.ECN() != null) {
int ecn = toInteger(feature.ecn);
ecns.add(ecn);
}
}
String name;
if (ctx.num != null) {
name = ctx.num.getText();
} else {
name = getFullText(ctx).trim();
}
StandardAccessListLine line = new StandardAccessListLine(name, action, new IpWildcard(srcIp, srcWildcard), dscps, ecns);
_currentStandardAcl.addLine(line);
}
use of org.batfish.datamodel.IpWildcard in project batfish by batfish.
the class NetworkAcl method getAcl.
private IpAccessList getAcl(boolean isEgress) {
String listName = _networkAclId + (isEgress ? "_egress" : "_ingress");
Map<Integer, IpAccessListLine> lineMap = new TreeMap<>();
for (NetworkAclEntry entry : _entries) {
if ((isEgress && entry.getIsEgress()) || (!isEgress && !entry.getIsEgress())) {
IpAccessListLine line = new IpAccessListLine();
int key = entry.getRuleNumber();
LineAction action = entry.getIsAllow() ? LineAction.ACCEPT : LineAction.REJECT;
line.setAction(action);
Prefix prefix = entry.getCidrBlock();
if (!prefix.equals(Prefix.ZERO)) {
if (isEgress) {
line.setDstIps(ImmutableSortedSet.of(new IpWildcard(prefix)));
} else {
line.setSrcIps(ImmutableSortedSet.of(new IpWildcard(prefix)));
}
}
IpProtocol protocol = IpPermissions.toIpProtocol(entry.getProtocol());
String protocolStr = protocol != null ? protocol.toString() : "ALL";
if (protocol != null) {
line.setIpProtocols(ImmutableSortedSet.of(protocol));
}
int fromPort = entry.getFromPort();
int toPort = entry.getToPort();
SubRange portRange = new SubRange(fromPort, toPort);
if (fromPort != -1 || toPort != -1) {
if (fromPort == -1) {
fromPort = 0;
}
if (toPort == -1) {
toPort = 65535;
}
line.setDstPorts(ImmutableSortedSet.of(portRange));
}
String portStr;
if (protocol == IpProtocol.ICMP) {
// TODO: flesh these out
portStr = "some ICMP type(s)/code(s)";
} else if ((fromPort == 0 && toPort == 65535) || (fromPort == -1 && toPort == -1)) {
portStr = "ALL";
} else {
portStr = portRange.toString();
}
String actionStr = action == LineAction.ACCEPT ? "ALLOW" : "DENY";
String lineNumber = key == 32767 ? "*" : Integer.toString(key);
line.setName(String.format("%s %s %s %s %s", lineNumber, protocolStr, portStr, prefix, actionStr));
lineMap.put(key, line);
}
}
List<IpAccessListLine> lines = ImmutableList.copyOf(lineMap.values());
IpAccessList list = new IpAccessList(listName, lines);
return list;
}
use of org.batfish.datamodel.IpWildcard in project batfish by batfish.
the class FwFromPrefixList method applyTo.
@Override
public void applyTo(IpAccessListLine line, JuniperConfiguration jc, Warnings w, Configuration c) {
PrefixList pl = jc.getPrefixLists().get(_name);
if (pl != null) {
pl.getReferers().put(this, "firewall from source-prefix-list");
if (pl.getIpv6()) {
return;
}
RouteFilterList sourcePrefixList = c.getRouteFilterLists().get(_name);
List<IpWildcard> wildcards = sourcePrefixList.getMatchingIps();
line.setSrcOrDstIps(Iterables.concat(line.getSrcOrDstIps(), wildcards));
} else {
w.redFlag("Reference to undefined source prefix-list: \"" + _name + "\"");
}
}
use of org.batfish.datamodel.IpWildcard in project batfish by batfish.
the class FwFromSourceAddress method applyTo.
@Override
public void applyTo(IpAccessListLine line, JuniperConfiguration jc, Warnings w, Configuration c) {
IpWildcard wildcard = new IpWildcard(_prefix);
line.setSrcIps(Iterables.concat(line.getSrcIps(), Collections.singleton(wildcard)));
}
Aggregations