Examples with IpWildcard org.batfish.datamodel.IpWildcard used on opensource projects

Search in sources :

Example 61 with IpWildcard

use of org.batfish.datamodel.IpWildcard in project batfish by batfish.

the class IpAccessListSpecializer method specialize.

public Optional<IpAccessListLine> specialize(IpAccessListLine ipAccessListLine) {
    IpWildcardSetIpSpace.Builder srcIpSpaceBuilder = IpWildcardSetIpSpace.builder().excluding(ipAccessListLine.getNotSrcIps());
    if (ipAccessListLine.getSrcIps().isEmpty() && ipAccessListLine.getSrcOrDstIps().isEmpty()) {
        srcIpSpaceBuilder.including(IpWildcard.ANY);
    } else {
        srcIpSpaceBuilder.including(ipAccessListLine.getSrcIps());
        srcIpSpaceBuilder.including(ipAccessListLine.getSrcOrDstIps());
    }
    IpSpace specializedSrcIpSpace = _srcIpSpaceSpecializer.specialize(srcIpSpaceBuilder.build());
    IpWildcardSetIpSpace.Builder dstIpSpaceBuilder = IpWildcardSetIpSpace.builder().excluding(ipAccessListLine.getNotDstIps());
    if (ipAccessListLine.getDstIps().isEmpty() && ipAccessListLine.getSrcOrDstIps().isEmpty()) {
        dstIpSpaceBuilder.including(IpWildcard.ANY);
    } else {
        dstIpSpaceBuilder.including(ipAccessListLine.getDstIps());
        dstIpSpaceBuilder.including(ipAccessListLine.getSrcOrDstIps());
    }
    IpSpace specializedDstIpSpace = _dstIpSpaceSpecializer.specialize(dstIpSpaceBuilder.build());
    if (specializedDstIpSpace instanceof EmptyIpSpace || specializedSrcIpSpace instanceof EmptyIpSpace) {
        return Optional.empty();
    }
    Set<IpWildcard> specializedDstIps;
    Set<IpWildcard> specializedNotDstIps;
    if (specializedDstIpSpace instanceof UniverseIpSpace) {
        // for a HeaderSpace, empty dstIps means Universe
        specializedDstIps = ImmutableSet.of();
        specializedNotDstIps = ImmutableSet.of();
    } else if (specializedDstIpSpace instanceof IpWildcardSetIpSpace) {
        IpWildcardSetIpSpace dstIpWildcardSetIpSpace = (IpWildcardSetIpSpace) specializedDstIpSpace;
        specializedDstIps = dstIpWildcardSetIpSpace.getWhitelist();
        specializedNotDstIps = dstIpWildcardSetIpSpace.getBlacklist();
    } else if (specializedDstIpSpace instanceof IpWildcard) {
        specializedDstIps = ImmutableSet.of((IpWildcard) specializedDstIpSpace);
        specializedNotDstIps = ImmutableSet.of();
    } else {
        throw new BatfishException("unexpected specializedDstIpSpace type");
    }
    Set<IpWildcard> specializedSrcIps;
    Set<IpWildcard> specializedNotSrcIps;
    if (specializedSrcIpSpace instanceof UniverseIpSpace) {
        specializedSrcIps = ImmutableSet.of();
        specializedNotSrcIps = ImmutableSet.of();
    } else if (specializedSrcIpSpace instanceof IpWildcardSetIpSpace) {
        IpWildcardSetIpSpace srcIpWildcardSetIpSpace = (IpWildcardSetIpSpace) specializedSrcIpSpace;
        specializedSrcIps = srcIpWildcardSetIpSpace.getWhitelist();
        specializedNotSrcIps = srcIpWildcardSetIpSpace.getBlacklist();
    } else if (specializedSrcIpSpace instanceof IpWildcard) {
        specializedSrcIps = ImmutableSet.of((IpWildcard) specializedSrcIpSpace);
        specializedNotSrcIps = ImmutableSet.of();
    } else {
        throw new BatfishException("unexpected specializedSrcIpSpace type");
    }
    return Optional.of(ipAccessListLine.rebuild().setDstIps(specializedDstIps).setNotDstIps(specializedNotDstIps).setSrcIps(specializedSrcIps).setNotSrcIps(specializedNotSrcIps).build());
}
Also used : IpWildcard(org.batfish.datamodel.IpWildcard) IpWildcardSetIpSpace(org.batfish.datamodel.IpWildcardSetIpSpace) BatfishException(org.batfish.common.BatfishException) IpSpace(org.batfish.datamodel.IpSpace) IpWildcardSetIpSpace(org.batfish.datamodel.IpWildcardSetIpSpace) EmptyIpSpace(org.batfish.datamodel.EmptyIpSpace) UniverseIpSpace(org.batfish.datamodel.UniverseIpSpace) EmptyIpSpace(org.batfish.datamodel.EmptyIpSpace) UniverseIpSpace(org.batfish.datamodel.UniverseIpSpace)

Example 62 with IpWildcard

use of org.batfish.datamodel.IpWildcard in project batfish by batfish.

the class HeaderSpaceMatchExpr method matchIp.

public static BooleanExpr matchIp(Set<IpWildcard> ipWildcards, boolean useSrc, boolean useDst) {
    ImmutableList.Builder<BooleanExpr> matchSomeIpRange = ImmutableList.builder();
    for (IpWildcard ipWildcard : ipWildcards) {
        if (ipWildcard.isPrefix()) {
            Prefix prefix = ipWildcard.toPrefix();
            long ip = prefix.getStartIp().asLong();
            int ipWildcardBits = Prefix.MAX_PREFIX_LENGTH - prefix.getPrefixLength();
            int ipStart = ipWildcardBits;
            int ipEnd = Prefix.MAX_PREFIX_LENGTH - 1;
            if (ipStart < Prefix.MAX_PREFIX_LENGTH) {
                IntExpr extractSrcIp = ExtractExpr.newExtractExpr(BasicHeaderField.SRC_IP, ipStart, ipEnd);
                IntExpr extractDstIp = ExtractExpr.newExtractExpr(BasicHeaderField.DST_IP, ipStart, ipEnd);
                LitIntExpr ipMatchLit = new LitIntExpr(ip, ipStart, ipEnd);
                EqExpr matchSrcIp = new EqExpr(extractSrcIp, ipMatchLit);
                EqExpr matchDstIp = new EqExpr(extractDstIp, ipMatchLit);
                BooleanExpr matchSpecifiedIp;
                if (useSrc) {
                    if (useDst) {
                        matchSpecifiedIp = new OrExpr(ImmutableList.of(matchSrcIp, matchDstIp));
                    } else {
                        matchSpecifiedIp = matchSrcIp;
                    }
                } else if (useDst) {
                    matchSpecifiedIp = matchDstIp;
                } else {
                    throw new BatfishException("useSrc and useDst cannot both be false");
                }
                matchSomeIpRange.add(matchSpecifiedIp);
            } else {
                return TrueExpr.INSTANCE;
            }
        } else {
            long ip = ipWildcard.getIp().asLong();
            long wildcard = ipWildcard.getWildcard().asLong();
            ImmutableList.Builder<BooleanExpr> matchSrcIp = ImmutableList.builder();
            if (useSrc) {
                for (int currentBitIndex = 0; currentBitIndex < Prefix.MAX_PREFIX_LENGTH; currentBitIndex++) {
                    long mask = 1L << currentBitIndex;
                    long currentWildcardBit = mask & wildcard;
                    boolean useBit = currentWildcardBit == 0;
                    if (useBit) {
                        IntExpr extractSrcIp = ExtractExpr.newExtractExpr(BasicHeaderField.SRC_IP, currentBitIndex, currentBitIndex);
                        LitIntExpr srcIpMatchLit = new LitIntExpr(ip, currentBitIndex, currentBitIndex);
                        EqExpr matchSrcIpBit = new EqExpr(extractSrcIp, srcIpMatchLit);
                        matchSrcIp.add(matchSrcIpBit);
                    }
                }
            }
            ImmutableList.Builder<BooleanExpr> matchDstIp = ImmutableList.builder();
            if (useDst) {
                for (int currentBitIndex = 0; currentBitIndex < Prefix.MAX_PREFIX_LENGTH; currentBitIndex++) {
                    long mask = 1L << currentBitIndex;
                    long currentWildcardBit = mask & wildcard;
                    boolean useBit = currentWildcardBit == 0;
                    if (useBit) {
                        IntExpr extractDstIp = ExtractExpr.newExtractExpr(BasicHeaderField.DST_IP, currentBitIndex, currentBitIndex);
                        LitIntExpr dstIpMatchLit = new LitIntExpr(ip, currentBitIndex, currentBitIndex);
                        EqExpr matchDstIpBit = new EqExpr(extractDstIp, dstIpMatchLit);
                        matchDstIp.add(matchDstIpBit);
                    }
                }
            }
            BooleanExpr matchSpecifiedIp;
            if (useSrc) {
                if (useDst) {
                    matchSpecifiedIp = new OrExpr(ImmutableList.of(new AndExpr(matchSrcIp.build()), new AndExpr(matchDstIp.build())));
                } else {
                    matchSpecifiedIp = new AndExpr(matchSrcIp.build());
                }
            } else if (useDst) {
                matchSpecifiedIp = new AndExpr(matchDstIp.build());
            } else {
                throw new BatfishException("useSrc and useDst cannot both be false");
            }
            matchSomeIpRange.add(matchSpecifiedIp);
        }
    }
    return new OrExpr(matchSomeIpRange.build());
}
Also used : BatfishException(org.batfish.common.BatfishException) ImmutableList(com.google.common.collect.ImmutableList) Prefix(org.batfish.datamodel.Prefix) IpWildcard(org.batfish.datamodel.IpWildcard)

Example 63 with IpWildcard

use of org.batfish.datamodel.IpWildcard in project batfish by batfish.

the class CommonUtil method initPrivateIpsByPublicIp.

@VisibleForTesting
static SetMultimap<Ip, IpWildcardSetIpSpace> initPrivateIpsByPublicIp(Map<String, Configuration> configurations) {
    /*
     * Very hacky mapping from public IP to set of spaces of possible natted private IPs.
     * Does not currently support source-nat acl.
     *
     * The current implementation just considers every IP in every prefix on a non-masquerading
     * interface (except the local address in each such prefix) to be a possible private IP
     * match for every public IP referred to by every source-nat pool on a masquerading interface.
     */
    ImmutableSetMultimap.Builder<Ip, IpWildcardSetIpSpace> builder = ImmutableSetMultimap.builder();
    for (Configuration c : configurations.values()) {
        Collection<Interface> interfaces = c.getInterfaces().values();
        Set<InterfaceAddress> nonNattedInterfaceAddresses = interfaces.stream().filter(i -> i.getSourceNats().isEmpty()).flatMap(i -> i.getAllAddresses().stream()).collect(ImmutableSet.toImmutableSet());
        Set<IpWildcard> blacklist = nonNattedInterfaceAddresses.stream().map(address -> new IpWildcard(address.getIp(), Ip.ZERO)).collect(ImmutableSet.toImmutableSet());
        Set<IpWildcard> whitelist = nonNattedInterfaceAddresses.stream().map(address -> new IpWildcard(address.getPrefix())).collect(ImmutableSet.toImmutableSet());
        IpWildcardSetIpSpace ipSpace = IpWildcardSetIpSpace.builder().including(whitelist).excluding(blacklist).build();
        interfaces.stream().flatMap(i -> i.getSourceNats().stream()).forEach(sourceNat -> {
            for (long ipAsLong = sourceNat.getPoolIpFirst().asLong(); ipAsLong <= sourceNat.getPoolIpLast().asLong(); ipAsLong++) {
                Ip currentPoolIp = new Ip(ipAsLong);
                builder.put(currentPoolIp, ipSpace);
            }
        });
    }
    return builder.build();
}
Also used : SSLEngineConfigurator(org.glassfish.grizzly.ssl.SSLEngineConfigurator) SSLContext(javax.net.ssl.SSLContext) FileTime(java.nio.file.attribute.FileTime) StringUtils(org.apache.commons.lang3.StringUtils) Configurations(org.apache.commons.configuration2.builder.fluent.Configurations) Interface(org.batfish.datamodel.Interface) DirectoryStream(java.nio.file.DirectoryStream) BfConsts(org.batfish.common.BfConsts) Flow(org.batfish.datamodel.Flow) Topology(org.batfish.datamodel.Topology) Map(java.util.Map) ResourceConfig(org.glassfish.jersey.server.ResourceConfig) Pair(org.batfish.common.Pair) Path(java.nio.file.Path) DataPlane(org.batfish.datamodel.DataPlane) VrrpGroup(org.batfish.datamodel.VrrpGroup) ClientTracingFeature(io.opentracing.contrib.jaxrs2.client.ClientTracingFeature) Set(java.util.Set) FileAttribute(java.nio.file.attribute.FileAttribute) StandardCharsets(java.nio.charset.StandardCharsets) DirectoryIteratorException(java.nio.file.DirectoryIteratorException) IOUtils(org.apache.commons.io.IOUtils) Stream(java.util.stream.Stream) Supplier(java.util.function.Supplier) TreeSet(java.util.TreeSet) JSONAssert(org.skyscreamer.jsonassert.JSONAssert) MustBeClosed(com.google.errorprone.annotations.MustBeClosed) SSLSession(javax.net.ssl.SSLSession) FlowProcessor(org.batfish.common.plugin.FlowProcessor) BiConsumer(java.util.function.BiConsumer) SSLContextConfigurator(org.glassfish.grizzly.ssl.SSLContextConfigurator) ImmutableSortedMap(com.google.common.collect.ImmutableSortedMap) Nullable(javax.annotation.Nullable) Files(java.nio.file.Files) Route(org.batfish.datamodel.Route) FileOutputStream(java.io.FileOutputStream) IOException(java.io.IOException) FileUtils(org.apache.commons.io.FileUtils) KeyManager(javax.net.ssl.KeyManager) TreeMap(java.util.TreeMap) Paths(java.nio.file.Paths) X509TrustManager(javax.net.ssl.X509TrustManager) BufferedReader(java.io.BufferedReader) X509Certificate(java.security.cert.X509Certificate) IpsecVpn(org.batfish.datamodel.IpsecVpn) NoSuchFileException(java.nio.file.NoSuchFileException) IpProtocol(org.batfish.datamodel.IpProtocol) SortedSet(java.util.SortedSet) URL(java.net.URL) TrustManager(javax.net.ssl.TrustManager) FlowTrace(org.batfish.datamodel.FlowTrace) InterfaceAddress(org.batfish.datamodel.InterfaceAddress) OspfNeighbor(org.batfish.datamodel.OspfNeighbor) Edge(org.batfish.datamodel.Edge) IpWildcardSetIpSpace(org.batfish.datamodel.IpWildcardSetIpSpace) OspfProcess(org.batfish.datamodel.OspfProcess) URI(java.net.URI) HostnameVerifier(javax.net.ssl.HostnameVerifier) NamedPort(org.batfish.datamodel.NamedPort) Vrf(org.batfish.datamodel.Vrf) OspfArea(org.batfish.datamodel.OspfArea) ImmutableSetMultimap(com.google.common.collect.ImmutableSetMultimap) ImmutableSet(com.google.common.collect.ImmutableSet) IdentityHashMap(java.util.IdentityHashMap) PatternSyntaxException(java.util.regex.PatternSyntaxException) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) ImmutableMap(com.google.common.collect.ImmutableMap) Predicate(java.util.function.Predicate) Collection(java.util.Collection) FlowDisposition(org.batfish.datamodel.FlowDisposition) KeyStore(java.security.KeyStore) Collectors(java.util.stream.Collectors) Sets(com.google.common.collect.Sets) FileNotFoundException(java.io.FileNotFoundException) List(java.util.List) Entry(java.util.Map.Entry) Pattern(java.util.regex.Pattern) BgpNeighbor(org.batfish.datamodel.BgpNeighbor) SortedMap(java.util.SortedMap) IpWildcard(org.batfish.datamodel.IpWildcard) Ip(org.batfish.datamodel.Ip) NodeInterfacePair(org.batfish.datamodel.collections.NodeInterfacePair) Hashing(com.google.common.hash.Hashing) HashMap(java.util.HashMap) BatfishException(org.batfish.common.BatfishException) BgpProcess(org.batfish.datamodel.BgpProcess) Function(java.util.function.Function) HashSet(java.util.HashSet) ClientBuilder(javax.ws.rs.client.ClientBuilder) Configuration(org.batfish.datamodel.Configuration) OutputStreamWriter(java.io.OutputStreamWriter) OutputStream(java.io.OutputStream) IpLink(org.batfish.datamodel.IpLink) Iterator(java.util.Iterator) MalformedURLException(java.net.MalformedURLException) KeyManagerFactory(javax.net.ssl.KeyManagerFactory) GlobalTracer(io.opentracing.util.GlobalTracer) FileInputStream(java.io.FileInputStream) SetMultimap(com.google.common.collect.SetMultimap) Consumer(java.util.function.Consumer) GrizzlyHttpServerFactory(org.glassfish.jersey.grizzly2.httpserver.GrizzlyHttpServerFactory) VisibleForTesting(com.google.common.annotations.VisibleForTesting) Collections(java.util.Collections) InputStream(java.io.InputStream) Prefix(org.batfish.datamodel.Prefix) Configuration(org.batfish.datamodel.Configuration) ImmutableSetMultimap(com.google.common.collect.ImmutableSetMultimap) InterfaceAddress(org.batfish.datamodel.InterfaceAddress) Ip(org.batfish.datamodel.Ip) IpWildcard(org.batfish.datamodel.IpWildcard) IpWildcardSetIpSpace(org.batfish.datamodel.IpWildcardSetIpSpace) Interface(org.batfish.datamodel.Interface) VisibleForTesting(com.google.common.annotations.VisibleForTesting)

Aggregations

IpWildcard (org.batfish.datamodel.IpWildcard)63 Test (org.junit.Test)38 Ip (org.batfish.datamodel.Ip)18 IpAccessListLine (org.batfish.datamodel.IpAccessListLine)17 SubRange (org.batfish.datamodel.SubRange)16 HeaderSpace (org.batfish.datamodel.HeaderSpace)12 Prefix (org.batfish.datamodel.Prefix)9 LinkedList (java.util.LinkedList)8 Configuration (org.batfish.datamodel.Configuration)8 Context (com.microsoft.z3.Context)7 Interface (org.batfish.datamodel.Interface)7 IpAccessList (org.batfish.datamodel.IpAccessList)6 IpProtocol (org.batfish.datamodel.IpProtocol)6 BoolExpr (com.microsoft.z3.BoolExpr)5 TreeSet (java.util.TreeSet)5 BatfishException (org.batfish.common.BatfishException)5 RouteFilterList (org.batfish.datamodel.RouteFilterList)5 ImmutableSortedMap (com.google.common.collect.ImmutableSortedMap)4 Status (com.microsoft.z3.Status)4 Map (java.util.Map)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial