Example 26 with IpWildcard
use of org.batfish.datamodel.IpWildcard in project batfish by batfish.
the class NodJobTest method testNattedUnsat.
/**
* Test that traffic originating from 3.0.0.0 that is expected to be NATed returns UNSAT when we
* constrain to only allow NOT-NATed results.
*/
@Test
public void testNattedUnsat() {
HeaderSpace headerSpace = new HeaderSpace();
headerSpace.setSrcIps(ImmutableList.of(new IpWildcard("3.0.0.0")));
NodJob nodJob = getNodJob(headerSpace, false);
Context z3Context = new Context();
Status status = nodJob.computeNodSat(System.currentTimeMillis(), z3Context);
assertThat(status, equalTo(Status.UNSATISFIABLE));
}
Also used :
IpWildcard(org.batfish.datamodel.IpWildcard)
Context(com.microsoft.z3.Context)
Status(com.microsoft.z3.Status)
HeaderSpace(org.batfish.datamodel.HeaderSpace)
Test(org.junit.Test)
Example 27 with IpWildcard
use of org.batfish.datamodel.IpWildcard in project batfish by batfish.
the class NodJobTest method testNatted.
/**
* Test that traffic originating from 3.0.0.0 is NATed
*/
@Test
public void testNatted() {
HeaderSpace headerSpace = new HeaderSpace();
headerSpace.setSrcIps(ImmutableList.of(new IpWildcard("3.0.0.0")));
NodJob nodJob = getNodJob(headerSpace);
Context z3Context = new Context();
SmtInput smtInput = nodJob.computeSmtInput(System.currentTimeMillis(), z3Context);
Map<OriginateVrf, Map<String, Long>> fieldConstraintsByOriginateVrf = nodJob.getOriginateVrfConstraints(z3Context, smtInput);
assertThat(fieldConstraintsByOriginateVrf.entrySet(), hasSize(1));
assertThat(fieldConstraintsByOriginateVrf, hasKey(_originateVrf));
Map<String, Long> fieldConstraints = fieldConstraintsByOriginateVrf.get(_originateVrf);
// Only one OriginateVrf choice, so this must be 0
assertThat(fieldConstraints, hasEntry(OriginateVrfInstrumentation.ORIGINATE_VRF_FIELD_NAME, new Long(0)));
assertThat(fieldConstraints, hasEntry(BasicHeaderField.ORIG_SRC_IP.getName(), new Ip("3.0.0.0").asLong()));
assertThat(fieldConstraints, hasEntry(equalTo(BasicHeaderField.SRC_IP.getName()), not(equalTo(new Ip("3.0.0.0").asLong()))));
assertThat(fieldConstraints, hasEntry(BasicHeaderField.SRC_IP.getName(), new Ip("1.0.0.10").asLong()));
Set<Flow> flows = nodJob.getFlows(fieldConstraintsByOriginateVrf);
_bdpDataPlanePlugin.processFlows(flows, _dataPlane);
List<FlowTrace> flowTraces = _bdpDataPlanePlugin.getHistoryFlowTraces(_dataPlane);
flowTraces.forEach(trace -> {
assertThat(trace.getNotes(), is("ACCEPTED"));
List<FlowTraceHop> hops = trace.getHops();
assertThat(hops, hasSize(1));
FlowTraceHop hop = hops.get(0);
assertThat(hop.getTransformedFlow(), notNullValue());
assertThat(hop.getTransformedFlow().getSrcIp(), equalTo(new Ip("1.0.0.10")));
});
}
Also used :
Context(com.microsoft.z3.Context)
Ip(org.batfish.datamodel.Ip)
HeaderSpace(org.batfish.datamodel.HeaderSpace)
OriginateVrf(org.batfish.z3.state.OriginateVrf)
Flow(org.batfish.datamodel.Flow)
IpWildcard(org.batfish.datamodel.IpWildcard)
FlowTraceHop(org.batfish.datamodel.FlowTraceHop)
FlowTrace(org.batfish.datamodel.FlowTrace)
Map(java.util.Map)
ImmutableMap(com.google.common.collect.ImmutableMap)
SortedMap(java.util.SortedMap)
ImmutableSortedMap(com.google.common.collect.ImmutableSortedMap)
Test(org.junit.Test)
Example 28 with IpWildcard
use of org.batfish.datamodel.IpWildcard in project batfish by batfish.
the class BatfishCompressionTest method testCompressionFibs_diamondNetwork.
/**
* Test the following invariant: if a FIB appears on concrete router “r”, then a corresponding
* abstract FIB appears on one of these representatives. For example, if there is a concrete FIB
* from C to D, then there should be an abstract FIB from A to B, where A is in representatives(C)
* and B is in representatives(D).
*/
@Test
public void testCompressionFibs_diamondNetwork() throws IOException {
IpAccessListLine line = new IpAccessListLine();
line.setDstIps(ImmutableList.of(new IpWildcard(Prefix.parse("4.4.4.4/32"))));
SortedMap<String, Configuration> origConfigs = diamondNetwork();
DataPlane origDataPlane = getDataPlane(origConfigs);
Map<String, Map<String, Fib>> origFibs = origDataPlane.getFibs();
Topology origTopology = new Topology(origDataPlane.getTopologyEdges());
/* Node A should have a route with C as a next hop. */
assertThat(origFibs, hasEntry(equalTo("A"), hasEntry(equalTo(Configuration.DEFAULT_VRF_NAME), hasNextHopInterfaces(hasValue(hasKey(withNode("A", isNeighborOfNode(origTopology, "C"))))))));
// compress a new copy since it will get mutated.
SortedMap<String, Configuration> compressedConfigs = new TreeMap<>(compressNetwork(diamondNetwork(), line));
DataPlane compressedDataPlane = getDataPlane(compressedConfigs);
compressedConfigs.values().forEach(BatfishCompressionTest::assertIsCompressedConfig);
assertThat(compressedConfigs.values(), hasSize(3));
SortedMap<String, SortedMap<String, GenericRib<AbstractRoute>>> origRibs = origDataPlane.getRibs();
SortedMap<String, SortedMap<String, GenericRib<AbstractRoute>>> compressedRibs = compressedDataPlane.getRibs();
compressedRibs.forEach((hostname, compressedRibsByVrf) -> compressedRibsByVrf.forEach((vrf, compressedRib) -> {
GenericRib<AbstractRoute> origRib = origRibs.get(hostname).get(vrf);
Set<AbstractRoute> origRoutes = origRib.getRoutes();
Set<AbstractRoute> compressedRoutes = compressedRib.getRoutes();
for (AbstractRoute route : compressedRoutes) {
/* Every compressed route should appear in original RIB */
assertThat(origRoutes, hasItem(route));
}
}));
/* Compression removed B or C entirely (but not both) */
assertThat(compressedRibs, either(not(hasKey("B"))).or(not(hasKey("C"))));
assertThat(compressedRibs, either(hasKey("B")).or(hasKey("C")));
String remains = compressedConfigs.containsKey("B") ? "B" : "C";
/* The remaining node is unchanged. */
assertThat(origRibs.get(remains).get(Configuration.DEFAULT_VRF_NAME).getRoutes(), equalTo(compressedRibs.get(remains).get(Configuration.DEFAULT_VRF_NAME).getRoutes()));
}
Also used :
DataPlane(org.batfish.datamodel.DataPlane)
AbstractRoute(org.batfish.datamodel.AbstractRoute)
BatfishTestUtils(org.batfish.main.BatfishTestUtils)
FibMatchers.hasNextHopInterfaces(org.batfish.datamodel.matchers.FibMatchers.hasNextHopInterfaces)
BdpDataPlanePlugin(org.batfish.bdp.BdpDataPlanePlugin)
HeaderSpace(org.batfish.datamodel.HeaderSpace)
Matchers.either(org.hamcrest.Matchers.either)
If(org.batfish.datamodel.routing_policy.statement.If)
TopologyMatchers.isNeighborOfNode(org.batfish.datamodel.matchers.TopologyMatchers.isNeighborOfNode)
Matchers.not(org.hamcrest.Matchers.not)
InterfaceAddress(org.batfish.datamodel.InterfaceAddress)
Matchers.hasValue(org.hamcrest.Matchers.hasValue)
Matchers.hasKey(org.hamcrest.Matchers.hasKey)
Interface(org.batfish.datamodel.Interface)
CoreMatchers.instanceOf(org.hamcrest.CoreMatchers.instanceOf)
TestCase.assertNotNull(junit.framework.TestCase.assertNotNull)
ImmutableList(com.google.common.collect.ImmutableList)
AbstractRoute(org.batfish.datamodel.AbstractRoute)
Topology(org.batfish.datamodel.Topology)
TopologyMatchers.withNode(org.batfish.datamodel.matchers.TopologyMatchers.withNode)
Map(java.util.Map)
Configuration(org.batfish.datamodel.Configuration)
Matchers.hasSize(org.hamcrest.Matchers.hasSize)
MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat)
Batfish(org.batfish.main.Batfish)
Vrf(org.batfish.datamodel.Vrf)
ImmutableSortedMap(com.google.common.collect.ImmutableSortedMap)
Matchers.hasEntry(org.hamcrest.Matchers.hasEntry)
ConfigurationFormat(org.batfish.datamodel.ConfigurationFormat)
DataPlane(org.batfish.datamodel.DataPlane)
NetworkFactory(org.batfish.datamodel.NetworkFactory)
StaticRoute(org.batfish.datamodel.StaticRoute)
Fib(org.batfish.datamodel.Fib)
Set(java.util.Set)
GenericRib(org.batfish.datamodel.GenericRib)
IOException(java.io.IOException)
Test(org.junit.Test)
IBatfish(org.batfish.common.plugin.IBatfish)
Matchers.hasItem(org.hamcrest.Matchers.hasItem)
TreeMap(java.util.TreeMap)
IpAccessListLine(org.batfish.datamodel.IpAccessListLine)
Matchers.equalTo(org.hamcrest.Matchers.equalTo)
Assert.assertEquals(org.junit.Assert.assertEquals)
SortedMap(java.util.SortedMap)
IpWildcard(org.batfish.datamodel.IpWildcard)
TemporaryFolder(org.junit.rules.TemporaryFolder)
Prefix(org.batfish.datamodel.Prefix)
Set(java.util.Set)
Configuration(org.batfish.datamodel.Configuration)
GenericRib(org.batfish.datamodel.GenericRib)
Topology(org.batfish.datamodel.Topology)
TreeMap(java.util.TreeMap)
IpWildcard(org.batfish.datamodel.IpWildcard)
ImmutableSortedMap(com.google.common.collect.ImmutableSortedMap)
SortedMap(java.util.SortedMap)
IpAccessListLine(org.batfish.datamodel.IpAccessListLine)
Map(java.util.Map)
ImmutableSortedMap(com.google.common.collect.ImmutableSortedMap)
TreeMap(java.util.TreeMap)
SortedMap(java.util.SortedMap)
Test(org.junit.Test)
Example 29 with IpWildcard
use of org.batfish.datamodel.IpWildcard in project batfish by batfish.
the class CiscoControlPlaneExtractor method exitExtended_access_list_tail.
@Override
public void exitExtended_access_list_tail(Extended_access_list_tailContext ctx) {
LineAction action = toLineAction(ctx.ala);
IpProtocol protocol = toIpProtocol(ctx.prot);
Ip srcIp = getIp(ctx.srcipr);
Ip srcWildcard = getWildcard(ctx.srcipr);
Ip dstIp = getIp(ctx.dstipr);
Ip dstWildcard = getWildcard(ctx.dstipr);
String srcAddressGroup = getAddressGroup(ctx.srcipr);
String dstAddressGroup = getAddressGroup(ctx.dstipr);
List<SubRange> srcPortRanges = ctx.alps_src != null ? toPortRanges(ctx.alps_src) : Collections.<SubRange>emptyList();
List<SubRange> dstPortRanges = ctx.alps_dst != null ? toPortRanges(ctx.alps_dst) : Collections.<SubRange>emptyList();
Integer icmpType = null;
Integer icmpCode = null;
List<TcpFlags> tcpFlags = new ArrayList<>();
Set<Integer> dscps = new TreeSet<>();
Set<Integer> ecns = new TreeSet<>();
Set<State> states = EnumSet.noneOf(State.class);
for (Extended_access_list_additional_featureContext feature : ctx.features) {
if (feature.ACK() != null) {
TcpFlags alt = new TcpFlags();
alt.setUseAck(true);
alt.setAck(true);
tcpFlags.add(alt);
}
if (feature.DSCP() != null) {
int dscpType = toDscpType(feature.dscp_type());
dscps.add(dscpType);
}
if (feature.ECE() != null) {
TcpFlags alt = new TcpFlags();
alt.setUseEce(true);
alt.setEce(true);
tcpFlags.add(alt);
}
if (feature.ECHO_REPLY() != null) {
icmpType = IcmpType.ECHO_REPLY;
icmpCode = IcmpCode.ECHO_REPLY;
}
if (feature.ECHO() != null) {
icmpType = IcmpType.ECHO_REQUEST;
icmpCode = IcmpCode.ECHO_REQUEST;
}
if (feature.ECN() != null) {
int ecn = toInteger(feature.ecn);
ecns.add(ecn);
}
if (feature.ESTABLISHED() != null) {
// must contain ACK or RST
TcpFlags alt1 = new TcpFlags();
TcpFlags alt2 = new TcpFlags();
alt1.setUseAck(true);
alt1.setAck(true);
alt2.setUseRst(true);
alt2.setRst(true);
tcpFlags.add(alt1);
tcpFlags.add(alt2);
}
if (feature.FIN() != null) {
TcpFlags alt = new TcpFlags();
alt.setUseFin(true);
alt.setFin(true);
tcpFlags.add(alt);
}
if (feature.FRAGMENTS() != null) {
todo(ctx, F_FRAGMENTS);
}
if (feature.HOST_UNKNOWN() != null) {
icmpType = IcmpType.DESTINATION_UNREACHABLE;
icmpCode = IcmpCode.DESTINATION_HOST_UNKNOWN;
}
if (feature.HOST_UNREACHABLE() != null) {
icmpType = IcmpType.DESTINATION_UNREACHABLE;
icmpCode = IcmpCode.DESTINATION_HOST_UNREACHABLE;
}
if (feature.NETWORK_UNKNOWN() != null) {
icmpType = IcmpType.DESTINATION_UNREACHABLE;
icmpCode = IcmpCode.DESTINATION_NETWORK_UNKNOWN;
}
if (feature.NET_UNREACHABLE() != null) {
icmpType = IcmpType.DESTINATION_UNREACHABLE;
icmpCode = IcmpCode.DESTINATION_NETWORK_UNREACHABLE;
}
if (feature.PACKET_TOO_BIG() != null) {
icmpType = IcmpType.DESTINATION_UNREACHABLE;
icmpCode = IcmpCode.PACKET_TOO_BIG;
}
if (feature.PARAMETER_PROBLEM() != null) {
icmpType = IcmpType.PARAMETER_PROBLEM;
}
if (feature.PORT_UNREACHABLE() != null) {
icmpType = IcmpType.DESTINATION_UNREACHABLE;
icmpCode = IcmpCode.DESTINATION_PORT_UNREACHABLE;
}
if (feature.PSH() != null) {
TcpFlags alt = new TcpFlags();
alt.setUsePsh(true);
alt.setPsh(true);
tcpFlags.add(alt);
}
if (feature.REDIRECT() != null) {
icmpType = IcmpType.REDIRECT_MESSAGE;
}
if (feature.RST() != null) {
TcpFlags alt = new TcpFlags();
alt.setUseRst(true);
alt.setRst(true);
tcpFlags.add(alt);
}
if (feature.SOURCE_QUENCH() != null) {
icmpType = IcmpType.SOURCE_QUENCH;
icmpCode = IcmpCode.SOURCE_QUENCH;
}
if (feature.SYN() != null) {
TcpFlags alt = new TcpFlags();
alt.setUseSyn(true);
alt.setSyn(true);
tcpFlags.add(alt);
}
if (feature.TIME_EXCEEDED() != null) {
icmpType = IcmpType.TIME_EXCEEDED;
}
if (feature.TTL() != null) {
todo(ctx, F_TTL);
}
if (feature.TTL_EXCEEDED() != null) {
icmpType = IcmpType.TIME_EXCEEDED;
icmpCode = IcmpCode.TTL_EXCEEDED;
}
if (feature.TRACEROUTE() != null) {
icmpType = IcmpType.TRACEROUTE;
icmpCode = IcmpCode.TRACEROUTE;
}
if (feature.TRACKED() != null) {
states.add(State.ESTABLISHED);
}
if (feature.UNREACHABLE() != null) {
icmpType = IcmpType.DESTINATION_UNREACHABLE;
}
if (feature.URG() != null) {
TcpFlags alt = new TcpFlags();
alt.setUseUrg(true);
alt.setUrg(true);
tcpFlags.add(alt);
}
}
String name = getFullText(ctx).trim();
ExtendedAccessListLine line = new ExtendedAccessListLine(name, action, protocol, new IpWildcard(srcIp, srcWildcard), srcAddressGroup, new IpWildcard(dstIp, dstWildcard), dstAddressGroup, srcPortRanges, dstPortRanges, dscps, ecns, icmpType, icmpCode, states, tcpFlags);
_currentExtendedAcl.addLine(line);
}
Also used :
LineAction(org.batfish.datamodel.LineAction)
Ip(org.batfish.datamodel.Ip)
RoutePolicyNextHopIp(org.batfish.representation.cisco.RoutePolicyNextHopIp)
ExtendedAccessListLine(org.batfish.representation.cisco.ExtendedAccessListLine)
ArrayList(java.util.ArrayList)
IpWildcard(org.batfish.datamodel.IpWildcard)
TcpFlags(org.batfish.datamodel.TcpFlags)
TreeSet(java.util.TreeSet)
State(org.batfish.datamodel.State)
Extended_access_list_additional_featureContext(org.batfish.grammar.cisco.CiscoParser.Extended_access_list_additional_featureContext)
IpProtocol(org.batfish.datamodel.IpProtocol)
SubRange(org.batfish.datamodel.SubRange)
Example 30 with IpWildcard
use of org.batfish.datamodel.IpWildcard in project batfish by batfish.
the class CiscoConfiguration method toIpAccessList.
private IpAccessList toIpAccessList(ExtendedAccessList eaList) {
String name = eaList.getName();
List<IpAccessListLine> lines = new ArrayList<>(eaList.getLines().size());
for (ExtendedAccessListLine fromLine : eaList.getLines()) {
IpAccessListLine newLine = new IpAccessListLine();
newLine.setName(fromLine.getName());
newLine.setAction(fromLine.getAction());
IpWildcard srcIpWildcard = fromLine.getSourceIpWildcard();
if (srcIpWildcard != null) {
newLine.setSrcIps(ImmutableSortedSet.of(srcIpWildcard));
}
IpWildcard dstIpWildcard = fromLine.getDestinationIpWildcard();
if (dstIpWildcard != null) {
newLine.setDstIps(ImmutableSortedSet.of(dstIpWildcard));
}
// TODO: src/dst address group
IpProtocol protocol = fromLine.getProtocol();
if (protocol != IpProtocol.IP) {
newLine.setIpProtocols(ImmutableSortedSet.of(protocol));
}
newLine.setDstPorts(fromLine.getDstPorts());
newLine.setSrcPorts(fromLine.getSrcPorts());
Integer icmpType = fromLine.getIcmpType();
if (icmpType != null) {
newLine.setIcmpTypes(ImmutableSortedSet.of(new SubRange(icmpType)));
}
Integer icmpCode = fromLine.getIcmpCode();
if (icmpCode != null) {
newLine.setIcmpCodes(ImmutableSortedSet.of(new SubRange(icmpCode)));
}
Set<State> states = fromLine.getStates();
newLine.setStates(states);
List<TcpFlags> tcpFlags = fromLine.getTcpFlags();
newLine.setTcpFlags(tcpFlags);
Set<Integer> dscps = fromLine.getDscps();
newLine.setDscps(dscps);
Set<Integer> ecns = fromLine.getEcns();
newLine.setEcns(ecns);
lines.add(newLine);
}
return new IpAccessList(name, lines);
}
Also used :
ArrayList(java.util.ArrayList)
IpWildcard(org.batfish.datamodel.IpWildcard)
BigInteger(java.math.BigInteger)
TcpFlags(org.batfish.datamodel.TcpFlags)
State(org.batfish.datamodel.State)
IpProtocol(org.batfish.datamodel.IpProtocol)
IpAccessListLine(org.batfish.datamodel.IpAccessListLine)
SubRange(org.batfish.datamodel.SubRange)
IpAccessList(org.batfish.datamodel.IpAccessList)
Aggregations
IpWildcard (org.batfish.datamodel.IpWildcard)63
Test (org.junit.Test)38
Ip (org.batfish.datamodel.Ip)18
IpAccessListLine (org.batfish.datamodel.IpAccessListLine)17
SubRange (org.batfish.datamodel.SubRange)16
HeaderSpace (org.batfish.datamodel.HeaderSpace)12
Prefix (org.batfish.datamodel.Prefix)9
LinkedList (java.util.LinkedList)8
Configuration (org.batfish.datamodel.Configuration)8
Context (com.microsoft.z3.Context)7
Interface (org.batfish.datamodel.Interface)7
IpAccessList (org.batfish.datamodel.IpAccessList)6
IpProtocol (org.batfish.datamodel.IpProtocol)6
BoolExpr (com.microsoft.z3.BoolExpr)5
TreeSet (java.util.TreeSet)5
BatfishException (org.batfish.common.BatfishException)5
RouteFilterList (org.batfish.datamodel.RouteFilterList)5
ImmutableSortedMap (com.google.common.collect.ImmutableSortedMap)4
Status (com.microsoft.z3.Status)4
Map (java.util.Map)4
