Examples with IpWildcardSetIpSpace org.batfish.datamodel.IpWildcardSetIpSpace used on opensource projects

Search in sources :

Example 1 with IpWildcardSetIpSpace

use of org.batfish.datamodel.IpWildcardSetIpSpace in project batfish by batfish.

the class CommonUtil method initRemoteIpsecVpns.

public static void initRemoteIpsecVpns(Map<String, Configuration> configurations) {
    Map<IpsecVpn, Ip> vpnRemoteIps = new IdentityHashMap<>();
    Map<Ip, Set<IpsecVpn>> externalIpVpnMap = new HashMap<>();
    SetMultimap<Ip, IpWildcardSetIpSpace> privateIpsByPublicIp = initPrivateIpsByPublicIp(configurations);
    for (Configuration c : configurations.values()) {
        for (IpsecVpn ipsecVpn : c.getIpsecVpns().values()) {
            Ip remoteIp = ipsecVpn.getIkeGateway().getAddress();
            vpnRemoteIps.put(ipsecVpn, remoteIp);
            Set<InterfaceAddress> externalAddresses = ipsecVpn.getIkeGateway().getExternalInterface().getAllAddresses();
            for (InterfaceAddress address : externalAddresses) {
                Ip ip = address.getIp();
                Set<IpsecVpn> vpnsUsingExternalAddress = externalIpVpnMap.computeIfAbsent(ip, k -> Sets.newIdentityHashSet());
                vpnsUsingExternalAddress.add(ipsecVpn);
            }
        }
    }
    for (Entry<IpsecVpn, Ip> e : vpnRemoteIps.entrySet()) {
        IpsecVpn ipsecVpn = e.getKey();
        Ip remoteIp = e.getValue();
        Ip localIp = ipsecVpn.getIkeGateway().getLocalIp();
        ipsecVpn.initCandidateRemoteVpns();
        Set<IpsecVpn> remoteIpsecVpnCandidates = externalIpVpnMap.get(remoteIp);
        if (remoteIpsecVpnCandidates != null) {
            for (IpsecVpn remoteIpsecVpnCandidate : remoteIpsecVpnCandidates) {
                Ip remoteIpsecVpnLocalAddress = remoteIpsecVpnCandidate.getIkeGateway().getLocalIp();
                if (remoteIpsecVpnLocalAddress != null && !remoteIpsecVpnLocalAddress.equals(remoteIp)) {
                    continue;
                }
                Ip reciprocalRemoteAddress = vpnRemoteIps.get(remoteIpsecVpnCandidate);
                Set<IpsecVpn> reciprocalVpns = externalIpVpnMap.get(reciprocalRemoteAddress);
                if (reciprocalVpns == null) {
                    Set<IpWildcardSetIpSpace> privateIpsBehindReciprocalRemoteAddress = privateIpsByPublicIp.get(reciprocalRemoteAddress);
                    if (privateIpsBehindReciprocalRemoteAddress != null && privateIpsBehindReciprocalRemoteAddress.stream().anyMatch(ipSpace -> ipSpace.containsIp(localIp))) {
                        reciprocalVpns = externalIpVpnMap.get(localIp);
                        ipsecVpn.setRemoteIpsecVpn(remoteIpsecVpnCandidate);
                        ipsecVpn.getCandidateRemoteIpsecVpns().add(remoteIpsecVpnCandidate);
                        remoteIpsecVpnCandidate.initCandidateRemoteVpns();
                        remoteIpsecVpnCandidate.setRemoteIpsecVpn(ipsecVpn);
                        remoteIpsecVpnCandidate.getCandidateRemoteIpsecVpns().add(ipsecVpn);
                    }
                } else if (reciprocalVpns.contains(ipsecVpn)) {
                    ipsecVpn.setRemoteIpsecVpn(remoteIpsecVpnCandidate);
                    ipsecVpn.getCandidateRemoteIpsecVpns().add(remoteIpsecVpnCandidate);
                }
            }
        }
    }
}
Also used : IpsecVpn(org.batfish.datamodel.IpsecVpn) SSLEngineConfigurator(org.glassfish.grizzly.ssl.SSLEngineConfigurator) SSLContext(javax.net.ssl.SSLContext) FileTime(java.nio.file.attribute.FileTime) StringUtils(org.apache.commons.lang3.StringUtils) Configurations(org.apache.commons.configuration2.builder.fluent.Configurations) Interface(org.batfish.datamodel.Interface) DirectoryStream(java.nio.file.DirectoryStream) BfConsts(org.batfish.common.BfConsts) Flow(org.batfish.datamodel.Flow) Topology(org.batfish.datamodel.Topology) Map(java.util.Map) ResourceConfig(org.glassfish.jersey.server.ResourceConfig) Pair(org.batfish.common.Pair) Path(java.nio.file.Path) DataPlane(org.batfish.datamodel.DataPlane) VrrpGroup(org.batfish.datamodel.VrrpGroup) ClientTracingFeature(io.opentracing.contrib.jaxrs2.client.ClientTracingFeature) Set(java.util.Set) FileAttribute(java.nio.file.attribute.FileAttribute) StandardCharsets(java.nio.charset.StandardCharsets) DirectoryIteratorException(java.nio.file.DirectoryIteratorException) IOUtils(org.apache.commons.io.IOUtils) Stream(java.util.stream.Stream) Supplier(java.util.function.Supplier) TreeSet(java.util.TreeSet) JSONAssert(org.skyscreamer.jsonassert.JSONAssert) MustBeClosed(com.google.errorprone.annotations.MustBeClosed) SSLSession(javax.net.ssl.SSLSession) FlowProcessor(org.batfish.common.plugin.FlowProcessor) BiConsumer(java.util.function.BiConsumer) SSLContextConfigurator(org.glassfish.grizzly.ssl.SSLContextConfigurator) ImmutableSortedMap(com.google.common.collect.ImmutableSortedMap) Nullable(javax.annotation.Nullable) Files(java.nio.file.Files) Route(org.batfish.datamodel.Route) FileOutputStream(java.io.FileOutputStream) IOException(java.io.IOException) FileUtils(org.apache.commons.io.FileUtils) KeyManager(javax.net.ssl.KeyManager) TreeMap(java.util.TreeMap) Paths(java.nio.file.Paths) X509TrustManager(javax.net.ssl.X509TrustManager) BufferedReader(java.io.BufferedReader) X509Certificate(java.security.cert.X509Certificate) IpsecVpn(org.batfish.datamodel.IpsecVpn) NoSuchFileException(java.nio.file.NoSuchFileException) IpProtocol(org.batfish.datamodel.IpProtocol) SortedSet(java.util.SortedSet) URL(java.net.URL) TrustManager(javax.net.ssl.TrustManager) FlowTrace(org.batfish.datamodel.FlowTrace) InterfaceAddress(org.batfish.datamodel.InterfaceAddress) OspfNeighbor(org.batfish.datamodel.OspfNeighbor) Edge(org.batfish.datamodel.Edge) IpWildcardSetIpSpace(org.batfish.datamodel.IpWildcardSetIpSpace) OspfProcess(org.batfish.datamodel.OspfProcess) URI(java.net.URI) HostnameVerifier(javax.net.ssl.HostnameVerifier) NamedPort(org.batfish.datamodel.NamedPort) Vrf(org.batfish.datamodel.Vrf) OspfArea(org.batfish.datamodel.OspfArea) ImmutableSetMultimap(com.google.common.collect.ImmutableSetMultimap) ImmutableSet(com.google.common.collect.ImmutableSet) IdentityHashMap(java.util.IdentityHashMap) PatternSyntaxException(java.util.regex.PatternSyntaxException) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) ImmutableMap(com.google.common.collect.ImmutableMap) Predicate(java.util.function.Predicate) Collection(java.util.Collection) FlowDisposition(org.batfish.datamodel.FlowDisposition) KeyStore(java.security.KeyStore) Collectors(java.util.stream.Collectors) Sets(com.google.common.collect.Sets) FileNotFoundException(java.io.FileNotFoundException) List(java.util.List) Entry(java.util.Map.Entry) Pattern(java.util.regex.Pattern) BgpNeighbor(org.batfish.datamodel.BgpNeighbor) SortedMap(java.util.SortedMap) IpWildcard(org.batfish.datamodel.IpWildcard) Ip(org.batfish.datamodel.Ip) NodeInterfacePair(org.batfish.datamodel.collections.NodeInterfacePair) Hashing(com.google.common.hash.Hashing) HashMap(java.util.HashMap) BatfishException(org.batfish.common.BatfishException) BgpProcess(org.batfish.datamodel.BgpProcess) Function(java.util.function.Function) HashSet(java.util.HashSet) ClientBuilder(javax.ws.rs.client.ClientBuilder) Configuration(org.batfish.datamodel.Configuration) OutputStreamWriter(java.io.OutputStreamWriter) OutputStream(java.io.OutputStream) IpLink(org.batfish.datamodel.IpLink) Iterator(java.util.Iterator) MalformedURLException(java.net.MalformedURLException) KeyManagerFactory(javax.net.ssl.KeyManagerFactory) GlobalTracer(io.opentracing.util.GlobalTracer) FileInputStream(java.io.FileInputStream) SetMultimap(com.google.common.collect.SetMultimap) Consumer(java.util.function.Consumer) GrizzlyHttpServerFactory(org.glassfish.jersey.grizzly2.httpserver.GrizzlyHttpServerFactory) VisibleForTesting(com.google.common.annotations.VisibleForTesting) Collections(java.util.Collections) InputStream(java.io.InputStream) Prefix(org.batfish.datamodel.Prefix) Set(java.util.Set) TreeSet(java.util.TreeSet) SortedSet(java.util.SortedSet) ImmutableSet(com.google.common.collect.ImmutableSet) HashSet(java.util.HashSet) Configuration(org.batfish.datamodel.Configuration) IdentityHashMap(java.util.IdentityHashMap) HashMap(java.util.HashMap) InterfaceAddress(org.batfish.datamodel.InterfaceAddress) Ip(org.batfish.datamodel.Ip) IdentityHashMap(java.util.IdentityHashMap) IpWildcardSetIpSpace(org.batfish.datamodel.IpWildcardSetIpSpace)

Example 2 with IpWildcardSetIpSpace

use of org.batfish.datamodel.IpWildcardSetIpSpace in project batfish by batfish.

the class IpSpaceSimplifierTest method testVisitIpWildcardSetIpSpace.

@Test
public void testVisitIpWildcardSetIpSpace() {
    assertThat(IpSpaceSimplifier.simplify(IpWildcardSetIpSpace.builder().build()), equalTo(EmptyIpSpace.INSTANCE));
    assertThat(IpSpaceSimplifier.simplify(IpWildcardSetIpSpace.builder().excluding(new IpWildcard("1.2.3.0/24")).build()), equalTo(EmptyIpSpace.INSTANCE));
    assertThat(IpSpaceSimplifier.simplify(IpWildcardSetIpSpace.builder().including(IpWildcard.ANY).build()), equalTo(UniverseIpSpace.INSTANCE));
    assertThat(IpSpaceSimplifier.simplify(IpWildcardSetIpSpace.builder().including(IpWildcard.ANY).excluding(IpWildcard.ANY).build()), equalTo(EmptyIpSpace.INSTANCE));
    // whitelisted wildcards that are covered by a blacklisted wildcard are removed
    IpWildcardSetIpSpace ipSpace = IpWildcardSetIpSpace.builder().including(new IpWildcard("1.2.1.0/24"), new IpWildcard("2.2.2.2")).excluding(new IpWildcard("1.2.0.0/16")).build();
    IpWildcard simplifiedIpSpace = new IpWildcard("2.2.2.2");
    assertThat(IpSpaceSimplifier.simplify(ipSpace), equalTo(simplifiedIpSpace));
    // blacklisted wildcards that don't overlap whitelisted wildcards are removed
    ipSpace = IpWildcardSetIpSpace.builder().including(new IpWildcard("2.2.2.2")).excluding(new IpWildcard("1.0.0.0/8")).build();
    assertThat(IpSpaceSimplifier.simplify(ipSpace), equalTo(simplifiedIpSpace));
}
Also used : IpWildcard(org.batfish.datamodel.IpWildcard) IpWildcardSetIpSpace(org.batfish.datamodel.IpWildcardSetIpSpace) Test(org.junit.Test)

Example 3 with IpWildcardSetIpSpace

use of org.batfish.datamodel.IpWildcardSetIpSpace in project batfish by batfish.

the class IpSpaceBooleanExprTransformerTest method testVisitIpWildcardSetIpSpace.

@Test
public void testVisitIpWildcardSetIpSpace() {
    IpWildcard includeWildcard = new IpWildcard("1.1.1.1");
    IpWildcard excludeWildcard = new IpWildcard("2.2.2.2");
    IpWildcardSetIpSpace ipSpace = IpWildcardSetIpSpace.builder().including(includeWildcard).excluding(excludeWildcard).build();
    BooleanExpr expr = ipSpace.accept(SRC_IP_SPACE_BOOLEAN_EXPR_TRANSFORMER);
    BooleanExpr includeExpr = includeWildcard.accept(SRC_IP_SPACE_BOOLEAN_EXPR_TRANSFORMER);
    BooleanExpr excludeExpr = excludeWildcard.accept(SRC_IP_SPACE_BOOLEAN_EXPR_TRANSFORMER);
    assertThat(expr, equalTo(new AndExpr(ImmutableList.of(new NotExpr(excludeExpr), includeExpr))));
}
Also used : IpWildcard(org.batfish.datamodel.IpWildcard) AndExpr(org.batfish.z3.expr.AndExpr) IpWildcardSetIpSpace(org.batfish.datamodel.IpWildcardSetIpSpace) NotExpr(org.batfish.z3.expr.NotExpr) BooleanExpr(org.batfish.z3.expr.BooleanExpr) Test(org.junit.Test)

Example 4 with IpWildcardSetIpSpace

use of org.batfish.datamodel.IpWildcardSetIpSpace in project batfish by batfish.

the class IpSpaceSpecializerTest method testSpecializeIpWildcardSetIpSpace.

@Test
public void testSpecializeIpWildcardSetIpSpace() {
    IpWildcardSetIpSpace ipSpace = IpWildcardSetIpSpace.builder().including(new IpWildcard("1.1.1.0/24")).including(new IpWildcard("1.2.0.0/24")).excluding(new IpWildcard("1.1.1.4/30")).build();
    assertThat(trivialSpecializer.visitIpWildcardSetIpSpace(ipSpace), equalTo(ipSpace));
    assertThat(whitelistAnySpecializer.visitIpWildcardSetIpSpace(ipSpace), equalTo(ipSpace));
    assertThat(blacklistAnySpecializer.visitIpWildcardSetIpSpace(ipSpace), equalTo(EmptyIpSpace.INSTANCE));
    IpSpaceSpecializer specializer = new IpSpaceSpecializer(ImmutableSortedSet.of(new IpWildcard("1.1.1.0/24")), ImmutableSortedSet.of());
    assertThat(specializer.visitIpWildcardSetIpSpace(ipSpace), equalTo(IpWildcardSetIpSpace.builder().including(IpWildcard.ANY).excluding(new IpWildcard("1.1.1.4/30")).build()));
    /*
     * Entire headerspace is contained in ipSpace, to specialize to UniverseIpSpace
     */
    specializer = new IpSpaceSpecializer(ImmutableSortedSet.of(new IpWildcard("1.2.0.0/30")), ImmutableSortedSet.of());
    assertThat(specializer.visitIpWildcardSetIpSpace(ipSpace), equalTo(UniverseIpSpace.INSTANCE));
    /*
     * ipSpace contains only a portion of the headerspace, but we can remove parts of ipSpace
     * that are irrelevant.
     */
    specializer = new IpSpaceSpecializer(ImmutableSortedSet.of(new IpWildcard("1.2.0.0/16")), ImmutableSortedSet.of());
    assertThat(specializer.visitIpWildcardSetIpSpace(ipSpace), equalTo(IpWildcardSetIpSpace.builder().including(new IpWildcard("1.2.0.0/24")).build()));
}
Also used : IpWildcard(org.batfish.datamodel.IpWildcard) IpWildcardSetIpSpace(org.batfish.datamodel.IpWildcardSetIpSpace) Test(org.junit.Test)

Example 5 with IpWildcardSetIpSpace

use of org.batfish.datamodel.IpWildcardSetIpSpace in project batfish by batfish.

the class IpAccessListSpecializer method specialize.

public Optional<IpAccessListLine> specialize(IpAccessListLine ipAccessListLine) {
    IpWildcardSetIpSpace.Builder srcIpSpaceBuilder = IpWildcardSetIpSpace.builder().excluding(ipAccessListLine.getNotSrcIps());
    if (ipAccessListLine.getSrcIps().isEmpty() && ipAccessListLine.getSrcOrDstIps().isEmpty()) {
        srcIpSpaceBuilder.including(IpWildcard.ANY);
    } else {
        srcIpSpaceBuilder.including(ipAccessListLine.getSrcIps());
        srcIpSpaceBuilder.including(ipAccessListLine.getSrcOrDstIps());
    }
    IpSpace specializedSrcIpSpace = _srcIpSpaceSpecializer.specialize(srcIpSpaceBuilder.build());
    IpWildcardSetIpSpace.Builder dstIpSpaceBuilder = IpWildcardSetIpSpace.builder().excluding(ipAccessListLine.getNotDstIps());
    if (ipAccessListLine.getDstIps().isEmpty() && ipAccessListLine.getSrcOrDstIps().isEmpty()) {
        dstIpSpaceBuilder.including(IpWildcard.ANY);
    } else {
        dstIpSpaceBuilder.including(ipAccessListLine.getDstIps());
        dstIpSpaceBuilder.including(ipAccessListLine.getSrcOrDstIps());
    }
    IpSpace specializedDstIpSpace = _dstIpSpaceSpecializer.specialize(dstIpSpaceBuilder.build());
    if (specializedDstIpSpace instanceof EmptyIpSpace || specializedSrcIpSpace instanceof EmptyIpSpace) {
        return Optional.empty();
    }
    Set<IpWildcard> specializedDstIps;
    Set<IpWildcard> specializedNotDstIps;
    if (specializedDstIpSpace instanceof UniverseIpSpace) {
        // for a HeaderSpace, empty dstIps means Universe
        specializedDstIps = ImmutableSet.of();
        specializedNotDstIps = ImmutableSet.of();
    } else if (specializedDstIpSpace instanceof IpWildcardSetIpSpace) {
        IpWildcardSetIpSpace dstIpWildcardSetIpSpace = (IpWildcardSetIpSpace) specializedDstIpSpace;
        specializedDstIps = dstIpWildcardSetIpSpace.getWhitelist();
        specializedNotDstIps = dstIpWildcardSetIpSpace.getBlacklist();
    } else if (specializedDstIpSpace instanceof IpWildcard) {
        specializedDstIps = ImmutableSet.of((IpWildcard) specializedDstIpSpace);
        specializedNotDstIps = ImmutableSet.of();
    } else {
        throw new BatfishException("unexpected specializedDstIpSpace type");
    }
    Set<IpWildcard> specializedSrcIps;
    Set<IpWildcard> specializedNotSrcIps;
    if (specializedSrcIpSpace instanceof UniverseIpSpace) {
        specializedSrcIps = ImmutableSet.of();
        specializedNotSrcIps = ImmutableSet.of();
    } else if (specializedSrcIpSpace instanceof IpWildcardSetIpSpace) {
        IpWildcardSetIpSpace srcIpWildcardSetIpSpace = (IpWildcardSetIpSpace) specializedSrcIpSpace;
        specializedSrcIps = srcIpWildcardSetIpSpace.getWhitelist();
        specializedNotSrcIps = srcIpWildcardSetIpSpace.getBlacklist();
    } else if (specializedSrcIpSpace instanceof IpWildcard) {
        specializedSrcIps = ImmutableSet.of((IpWildcard) specializedSrcIpSpace);
        specializedNotSrcIps = ImmutableSet.of();
    } else {
        throw new BatfishException("unexpected specializedSrcIpSpace type");
    }
    return Optional.of(ipAccessListLine.rebuild().setDstIps(specializedDstIps).setNotDstIps(specializedNotDstIps).setSrcIps(specializedSrcIps).setNotSrcIps(specializedNotSrcIps).build());
}
Also used : IpWildcard(org.batfish.datamodel.IpWildcard) IpWildcardSetIpSpace(org.batfish.datamodel.IpWildcardSetIpSpace) BatfishException(org.batfish.common.BatfishException) IpSpace(org.batfish.datamodel.IpSpace) IpWildcardSetIpSpace(org.batfish.datamodel.IpWildcardSetIpSpace) EmptyIpSpace(org.batfish.datamodel.EmptyIpSpace) UniverseIpSpace(org.batfish.datamodel.UniverseIpSpace) EmptyIpSpace(org.batfish.datamodel.EmptyIpSpace) UniverseIpSpace(org.batfish.datamodel.UniverseIpSpace)

Aggregations

IpWildcard (org.batfish.datamodel.IpWildcard)6 IpWildcardSetIpSpace (org.batfish.datamodel.IpWildcardSetIpSpace)6 VisibleForTesting (com.google.common.annotations.VisibleForTesting)2 ImmutableMap (com.google.common.collect.ImmutableMap)2 ImmutableSet (com.google.common.collect.ImmutableSet)2 ImmutableSetMultimap (com.google.common.collect.ImmutableSetMultimap)2 ImmutableSortedMap (com.google.common.collect.ImmutableSortedMap)2 SetMultimap (com.google.common.collect.SetMultimap)2 Sets (com.google.common.collect.Sets)2 Hashing (com.google.common.hash.Hashing)2 MustBeClosed (com.google.errorprone.annotations.MustBeClosed)2 ClientTracingFeature (io.opentracing.contrib.jaxrs2.client.ClientTracingFeature)2 GlobalTracer (io.opentracing.util.GlobalTracer)2 BufferedReader (java.io.BufferedReader)2 FileInputStream (java.io.FileInputStream)2 FileNotFoundException (java.io.FileNotFoundException)2 FileOutputStream (java.io.FileOutputStream)2 IOException (java.io.IOException)2 InputStream (java.io.InputStream)2 OutputStream (java.io.OutputStream)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial