use of org.batfish.datamodel.IpWildcard in project batfish by batfish.
the class NodJobTest method testNattedUnsat.
/**
* Test that traffic originating from 3.0.0.0 that is expected to be NATed returns UNSAT when we
* constrain to only allow NOT-NATed results.
*/
@Test
public void testNattedUnsat() {
HeaderSpace headerSpace = new HeaderSpace();
headerSpace.setSrcIps(ImmutableList.of(new IpWildcard("3.0.0.0")));
NodJob nodJob = getNodJob(headerSpace, false);
Context z3Context = new Context();
Status status = nodJob.computeNodSat(System.currentTimeMillis(), z3Context);
assertThat(status, equalTo(Status.UNSATISFIABLE));
}
use of org.batfish.datamodel.IpWildcard in project batfish by batfish.
the class NodJobTest method testNatted.
/**
* Test that traffic originating from 3.0.0.0 is NATed
*/
@Test
public void testNatted() {
HeaderSpace headerSpace = new HeaderSpace();
headerSpace.setSrcIps(ImmutableList.of(new IpWildcard("3.0.0.0")));
NodJob nodJob = getNodJob(headerSpace);
Context z3Context = new Context();
SmtInput smtInput = nodJob.computeSmtInput(System.currentTimeMillis(), z3Context);
Map<OriginateVrf, Map<String, Long>> fieldConstraintsByOriginateVrf = nodJob.getOriginateVrfConstraints(z3Context, smtInput);
assertThat(fieldConstraintsByOriginateVrf.entrySet(), hasSize(1));
assertThat(fieldConstraintsByOriginateVrf, hasKey(_originateVrf));
Map<String, Long> fieldConstraints = fieldConstraintsByOriginateVrf.get(_originateVrf);
// Only one OriginateVrf choice, so this must be 0
assertThat(fieldConstraints, hasEntry(OriginateVrfInstrumentation.ORIGINATE_VRF_FIELD_NAME, new Long(0)));
assertThat(fieldConstraints, hasEntry(BasicHeaderField.ORIG_SRC_IP.getName(), new Ip("3.0.0.0").asLong()));
assertThat(fieldConstraints, hasEntry(equalTo(BasicHeaderField.SRC_IP.getName()), not(equalTo(new Ip("3.0.0.0").asLong()))));
assertThat(fieldConstraints, hasEntry(BasicHeaderField.SRC_IP.getName(), new Ip("1.0.0.10").asLong()));
Set<Flow> flows = nodJob.getFlows(fieldConstraintsByOriginateVrf);
_bdpDataPlanePlugin.processFlows(flows, _dataPlane);
List<FlowTrace> flowTraces = _bdpDataPlanePlugin.getHistoryFlowTraces(_dataPlane);
flowTraces.forEach(trace -> {
assertThat(trace.getNotes(), is("ACCEPTED"));
List<FlowTraceHop> hops = trace.getHops();
assertThat(hops, hasSize(1));
FlowTraceHop hop = hops.get(0);
assertThat(hop.getTransformedFlow(), notNullValue());
assertThat(hop.getTransformedFlow().getSrcIp(), equalTo(new Ip("1.0.0.10")));
});
}
use of org.batfish.datamodel.IpWildcard in project batfish by batfish.
the class BatfishCompressionTest method testCompressionFibs_diamondNetwork.
/**
* Test the following invariant: if a FIB appears on concrete router “r”, then a corresponding
* abstract FIB appears on one of these representatives. For example, if there is a concrete FIB
* from C to D, then there should be an abstract FIB from A to B, where A is in representatives(C)
* and B is in representatives(D).
*/
@Test
public void testCompressionFibs_diamondNetwork() throws IOException {
IpAccessListLine line = new IpAccessListLine();
line.setDstIps(ImmutableList.of(new IpWildcard(Prefix.parse("4.4.4.4/32"))));
SortedMap<String, Configuration> origConfigs = diamondNetwork();
DataPlane origDataPlane = getDataPlane(origConfigs);
Map<String, Map<String, Fib>> origFibs = origDataPlane.getFibs();
Topology origTopology = new Topology(origDataPlane.getTopologyEdges());
/* Node A should have a route with C as a next hop. */
assertThat(origFibs, hasEntry(equalTo("A"), hasEntry(equalTo(Configuration.DEFAULT_VRF_NAME), hasNextHopInterfaces(hasValue(hasKey(withNode("A", isNeighborOfNode(origTopology, "C"))))))));
// compress a new copy since it will get mutated.
SortedMap<String, Configuration> compressedConfigs = new TreeMap<>(compressNetwork(diamondNetwork(), line));
DataPlane compressedDataPlane = getDataPlane(compressedConfigs);
compressedConfigs.values().forEach(BatfishCompressionTest::assertIsCompressedConfig);
assertThat(compressedConfigs.values(), hasSize(3));
SortedMap<String, SortedMap<String, GenericRib<AbstractRoute>>> origRibs = origDataPlane.getRibs();
SortedMap<String, SortedMap<String, GenericRib<AbstractRoute>>> compressedRibs = compressedDataPlane.getRibs();
compressedRibs.forEach((hostname, compressedRibsByVrf) -> compressedRibsByVrf.forEach((vrf, compressedRib) -> {
GenericRib<AbstractRoute> origRib = origRibs.get(hostname).get(vrf);
Set<AbstractRoute> origRoutes = origRib.getRoutes();
Set<AbstractRoute> compressedRoutes = compressedRib.getRoutes();
for (AbstractRoute route : compressedRoutes) {
/* Every compressed route should appear in original RIB */
assertThat(origRoutes, hasItem(route));
}
}));
/* Compression removed B or C entirely (but not both) */
assertThat(compressedRibs, either(not(hasKey("B"))).or(not(hasKey("C"))));
assertThat(compressedRibs, either(hasKey("B")).or(hasKey("C")));
String remains = compressedConfigs.containsKey("B") ? "B" : "C";
/* The remaining node is unchanged. */
assertThat(origRibs.get(remains).get(Configuration.DEFAULT_VRF_NAME).getRoutes(), equalTo(compressedRibs.get(remains).get(Configuration.DEFAULT_VRF_NAME).getRoutes()));
}
use of org.batfish.datamodel.IpWildcard in project batfish by batfish.
the class CiscoControlPlaneExtractor method exitExtended_access_list_tail.
@Override
public void exitExtended_access_list_tail(Extended_access_list_tailContext ctx) {
LineAction action = toLineAction(ctx.ala);
IpProtocol protocol = toIpProtocol(ctx.prot);
Ip srcIp = getIp(ctx.srcipr);
Ip srcWildcard = getWildcard(ctx.srcipr);
Ip dstIp = getIp(ctx.dstipr);
Ip dstWildcard = getWildcard(ctx.dstipr);
String srcAddressGroup = getAddressGroup(ctx.srcipr);
String dstAddressGroup = getAddressGroup(ctx.dstipr);
List<SubRange> srcPortRanges = ctx.alps_src != null ? toPortRanges(ctx.alps_src) : Collections.<SubRange>emptyList();
List<SubRange> dstPortRanges = ctx.alps_dst != null ? toPortRanges(ctx.alps_dst) : Collections.<SubRange>emptyList();
Integer icmpType = null;
Integer icmpCode = null;
List<TcpFlags> tcpFlags = new ArrayList<>();
Set<Integer> dscps = new TreeSet<>();
Set<Integer> ecns = new TreeSet<>();
Set<State> states = EnumSet.noneOf(State.class);
for (Extended_access_list_additional_featureContext feature : ctx.features) {
if (feature.ACK() != null) {
TcpFlags alt = new TcpFlags();
alt.setUseAck(true);
alt.setAck(true);
tcpFlags.add(alt);
}
if (feature.DSCP() != null) {
int dscpType = toDscpType(feature.dscp_type());
dscps.add(dscpType);
}
if (feature.ECE() != null) {
TcpFlags alt = new TcpFlags();
alt.setUseEce(true);
alt.setEce(true);
tcpFlags.add(alt);
}
if (feature.ECHO_REPLY() != null) {
icmpType = IcmpType.ECHO_REPLY;
icmpCode = IcmpCode.ECHO_REPLY;
}
if (feature.ECHO() != null) {
icmpType = IcmpType.ECHO_REQUEST;
icmpCode = IcmpCode.ECHO_REQUEST;
}
if (feature.ECN() != null) {
int ecn = toInteger(feature.ecn);
ecns.add(ecn);
}
if (feature.ESTABLISHED() != null) {
// must contain ACK or RST
TcpFlags alt1 = new TcpFlags();
TcpFlags alt2 = new TcpFlags();
alt1.setUseAck(true);
alt1.setAck(true);
alt2.setUseRst(true);
alt2.setRst(true);
tcpFlags.add(alt1);
tcpFlags.add(alt2);
}
if (feature.FIN() != null) {
TcpFlags alt = new TcpFlags();
alt.setUseFin(true);
alt.setFin(true);
tcpFlags.add(alt);
}
if (feature.FRAGMENTS() != null) {
todo(ctx, F_FRAGMENTS);
}
if (feature.HOST_UNKNOWN() != null) {
icmpType = IcmpType.DESTINATION_UNREACHABLE;
icmpCode = IcmpCode.DESTINATION_HOST_UNKNOWN;
}
if (feature.HOST_UNREACHABLE() != null) {
icmpType = IcmpType.DESTINATION_UNREACHABLE;
icmpCode = IcmpCode.DESTINATION_HOST_UNREACHABLE;
}
if (feature.NETWORK_UNKNOWN() != null) {
icmpType = IcmpType.DESTINATION_UNREACHABLE;
icmpCode = IcmpCode.DESTINATION_NETWORK_UNKNOWN;
}
if (feature.NET_UNREACHABLE() != null) {
icmpType = IcmpType.DESTINATION_UNREACHABLE;
icmpCode = IcmpCode.DESTINATION_NETWORK_UNREACHABLE;
}
if (feature.PACKET_TOO_BIG() != null) {
icmpType = IcmpType.DESTINATION_UNREACHABLE;
icmpCode = IcmpCode.PACKET_TOO_BIG;
}
if (feature.PARAMETER_PROBLEM() != null) {
icmpType = IcmpType.PARAMETER_PROBLEM;
}
if (feature.PORT_UNREACHABLE() != null) {
icmpType = IcmpType.DESTINATION_UNREACHABLE;
icmpCode = IcmpCode.DESTINATION_PORT_UNREACHABLE;
}
if (feature.PSH() != null) {
TcpFlags alt = new TcpFlags();
alt.setUsePsh(true);
alt.setPsh(true);
tcpFlags.add(alt);
}
if (feature.REDIRECT() != null) {
icmpType = IcmpType.REDIRECT_MESSAGE;
}
if (feature.RST() != null) {
TcpFlags alt = new TcpFlags();
alt.setUseRst(true);
alt.setRst(true);
tcpFlags.add(alt);
}
if (feature.SOURCE_QUENCH() != null) {
icmpType = IcmpType.SOURCE_QUENCH;
icmpCode = IcmpCode.SOURCE_QUENCH;
}
if (feature.SYN() != null) {
TcpFlags alt = new TcpFlags();
alt.setUseSyn(true);
alt.setSyn(true);
tcpFlags.add(alt);
}
if (feature.TIME_EXCEEDED() != null) {
icmpType = IcmpType.TIME_EXCEEDED;
}
if (feature.TTL() != null) {
todo(ctx, F_TTL);
}
if (feature.TTL_EXCEEDED() != null) {
icmpType = IcmpType.TIME_EXCEEDED;
icmpCode = IcmpCode.TTL_EXCEEDED;
}
if (feature.TRACEROUTE() != null) {
icmpType = IcmpType.TRACEROUTE;
icmpCode = IcmpCode.TRACEROUTE;
}
if (feature.TRACKED() != null) {
states.add(State.ESTABLISHED);
}
if (feature.UNREACHABLE() != null) {
icmpType = IcmpType.DESTINATION_UNREACHABLE;
}
if (feature.URG() != null) {
TcpFlags alt = new TcpFlags();
alt.setUseUrg(true);
alt.setUrg(true);
tcpFlags.add(alt);
}
}
String name = getFullText(ctx).trim();
ExtendedAccessListLine line = new ExtendedAccessListLine(name, action, protocol, new IpWildcard(srcIp, srcWildcard), srcAddressGroup, new IpWildcard(dstIp, dstWildcard), dstAddressGroup, srcPortRanges, dstPortRanges, dscps, ecns, icmpType, icmpCode, states, tcpFlags);
_currentExtendedAcl.addLine(line);
}
use of org.batfish.datamodel.IpWildcard in project batfish by batfish.
the class CiscoConfiguration method toIpAccessList.
private IpAccessList toIpAccessList(ExtendedAccessList eaList) {
String name = eaList.getName();
List<IpAccessListLine> lines = new ArrayList<>(eaList.getLines().size());
for (ExtendedAccessListLine fromLine : eaList.getLines()) {
IpAccessListLine newLine = new IpAccessListLine();
newLine.setName(fromLine.getName());
newLine.setAction(fromLine.getAction());
IpWildcard srcIpWildcard = fromLine.getSourceIpWildcard();
if (srcIpWildcard != null) {
newLine.setSrcIps(ImmutableSortedSet.of(srcIpWildcard));
}
IpWildcard dstIpWildcard = fromLine.getDestinationIpWildcard();
if (dstIpWildcard != null) {
newLine.setDstIps(ImmutableSortedSet.of(dstIpWildcard));
}
// TODO: src/dst address group
IpProtocol protocol = fromLine.getProtocol();
if (protocol != IpProtocol.IP) {
newLine.setIpProtocols(ImmutableSortedSet.of(protocol));
}
newLine.setDstPorts(fromLine.getDstPorts());
newLine.setSrcPorts(fromLine.getSrcPorts());
Integer icmpType = fromLine.getIcmpType();
if (icmpType != null) {
newLine.setIcmpTypes(ImmutableSortedSet.of(new SubRange(icmpType)));
}
Integer icmpCode = fromLine.getIcmpCode();
if (icmpCode != null) {
newLine.setIcmpCodes(ImmutableSortedSet.of(new SubRange(icmpCode)));
}
Set<State> states = fromLine.getStates();
newLine.setStates(states);
List<TcpFlags> tcpFlags = fromLine.getTcpFlags();
newLine.setTcpFlags(tcpFlags);
Set<Integer> dscps = fromLine.getDscps();
newLine.setDscps(dscps);
Set<Integer> ecns = fromLine.getEcns();
newLine.setEcns(ecns);
lines.add(newLine);
}
return new IpAccessList(name, lines);
}
Aggregations