Examples with IpsecVpn - org.batfish.datamodel.IpsecVpn

Example 6 with IpsecVpn

use of org.batfish.datamodel.IpsecVpn in project batfish by batfish.

the class IpsecVpnStatusAnswerer method analyzeIpsecVpn.

@VisibleForTesting
public static IpsecVpnInfo analyzeIpsecVpn(IpsecVpn ipsecVpn) {
    SortedSet<Problem> problems = new TreeSet<>();
    IpsecVpn remoteIpsecVpn = null;
    if (ipsecVpn.getRemoteIpsecVpn() == null) {
        problems.add(Problem.MISSING_REMOTE_ENDPOINT);
    } else {
        if (ipsecVpn.getCandidateRemoteIpsecVpns().size() != 1) {
            problems.add(Problem.MULTIPLE_REMOTE_ENDPOINTS);
        }
        remoteIpsecVpn = ipsecVpn.getRemoteIpsecVpn();
        if (!ipsecVpn.compatibleIkeProposals(remoteIpsecVpn)) {
            problems.add(Problem.INCOMPATIBLE_IKE_PROPOSALS);
        }
        if (!ipsecVpn.compatibleIpsecProposals(remoteIpsecVpn)) {
            problems.add(Problem.INCOMPATIBLE_IPSEC_PROPOSALS);
        }
        if (!ipsecVpn.compatiblePreSharedKey(remoteIpsecVpn)) {
            problems.add(Problem.INCOMPATIBLE_PRE_SHARED_KEY);
        }
    }
    if (problems.size() == 0) {
        problems.add(Problem.NONE);
    }
    return new IpsecVpnInfo(ipsecVpn, problems, remoteIpsecVpn);
}

Also used : IpsecVpn(org.batfish.datamodel.IpsecVpn) TreeSet(java.util.TreeSet) Problem(org.batfish.question.ipsecvpnstatus.IpsecVpnInfo.Problem) VisibleForTesting(com.google.common.annotations.VisibleForTesting)

Example 7 with IpsecVpn

use of org.batfish.datamodel.IpsecVpn in project batfish by batfish.

the class IpsecVpnStatusAnswerer method answer.

@Override
public AnswerElement answer() {
    IpsecVpnStatusQuestion question = (IpsecVpnStatusQuestion) _question;
    Map<String, Configuration> configurations = _batfish.loadConfigurations();
    Set<String> includeNodes1 = question.getNode1Regex().getMatchingNodes(configurations);
    Set<String> includeNodes2 = question.getNode2Regex().getMatchingNodes(configurations);
    CommonUtil.initRemoteIpsecVpns(configurations);
    IpsecVpnStatusAnswerElement answerElement = new IpsecVpnStatusAnswerElement();
    for (Configuration c : configurations.values()) {
        if (!includeNodes1.contains(c.getHostname())) {
            continue;
        }
        for (IpsecVpn ipsecVpn : c.getIpsecVpns().values()) {
            IpsecVpnInfo vpnInfo = analyzeIpsecVpn(ipsecVpn);
            if ((vpnInfo.getRemoteEndpoint() == null || includeNodes2.contains(vpnInfo.getRemoteEndpoint().getHostname())) && vpnInfo.getProblems().stream().anyMatch(v -> question.matchesProblem(v))) {
                answerElement.getIpsecVpns().add(vpnInfo);
            }
        }
    }
    return answerElement;
}

Also used : IpsecVpn(org.batfish.datamodel.IpsecVpn) Answerer(org.batfish.common.Answerer) IpsecVpn(org.batfish.datamodel.IpsecVpn) SortedSet(java.util.SortedSet) CommonUtil(org.batfish.common.util.CommonUtil) Set(java.util.Set) TreeSet(java.util.TreeSet) IBatfish(org.batfish.common.plugin.IBatfish) Problem(org.batfish.question.ipsecvpnstatus.IpsecVpnInfo.Problem) Question(org.batfish.datamodel.questions.Question) Map(java.util.Map) Configuration(org.batfish.datamodel.Configuration) AnswerElement(org.batfish.datamodel.answers.AnswerElement) VisibleForTesting(com.google.common.annotations.VisibleForTesting) Configuration(org.batfish.datamodel.Configuration)

Example 8 with IpsecVpn

use of org.batfish.datamodel.IpsecVpn in project batfish by batfish.

the class IpsecVpnStatusAnswererTest method analyzeVpnTestIncompatibleIpsecProposal.

@Test
public void analyzeVpnTestIncompatibleIpsecProposal() {
    IpsecVpn ipsecVpn = createIpsecVpn("local", IkeProposal.PSK_3DES_DH2_MD5, IpsecProposal.NOPFS_ESP_DES_MD5, "key");
    IpsecVpn remote1 = createIpsecVpn("remote1", IkeProposal.PSK_3DES_DH2_MD5, IpsecProposal.NOPFS_ESP_DES_SHA, "key");
    ipsecVpn.initCandidateRemoteVpns();
    ipsecVpn.setRemoteIpsecVpn(remote1);
    ipsecVpn.getCandidateRemoteIpsecVpns().add(remote1);
    IpsecVpnInfo vpnInfo = IpsecVpnStatusAnswerer.analyzeIpsecVpn(ipsecVpn);
    assertThat(vpnInfo.getProblems(), equalTo(Collections.singleton(Problem.INCOMPATIBLE_IPSEC_PROPOSALS)));
    assertThat(vpnInfo.getRemoteEndpoint(), equalTo(new IpsecVpnEndpoint(remote1)));
}

Also used : IpsecVpn(org.batfish.datamodel.IpsecVpn) Test(org.junit.Test)

Example 9 with IpsecVpn

use of org.batfish.datamodel.IpsecVpn in project batfish by batfish.

the class IpsecVpnStatusAnswererTest method createIpsecVpn.

private static IpsecVpn createIpsecVpn(String name, IkeProposal ikeProposal, IpsecProposal ipsecProposal, String pskHash) {
    IpsecVpn ipsecVpn = new IpsecVpn(name);
    ipsecVpn.setOwner(new Configuration(name, ConfigurationFormat.UNKNOWN));
    IkeGateway ikeGw = new IkeGateway(name + "-ikeGw");
    ipsecVpn.setIkeGateway(ikeGw);
    IkePolicy ikePolicy = new IkePolicy(name + "-ikePolicy");
    ikeGw.setIkePolicy(ikePolicy);
    SortedMap<String, IkeProposal> ikeProposalMap = new TreeMap<>();
    ikeProposalMap.put(name + "-ikeproposal", ikeProposal);
    ikePolicy.setProposals(ikeProposalMap);
    ikePolicy.setPreSharedKeyHash(pskHash);
    IpsecPolicy ipsecPolicy = new IpsecPolicy(name + "-ipsecpolicy");
    ipsecVpn.setIpsecPolicy(ipsecPolicy);
    SortedMap<String, IpsecProposal> ipsecProposalMap = new TreeMap<>();
    ipsecProposalMap.put(name + "-ipsecproposal", ipsecProposal);
    ipsecPolicy.setProposals(ipsecProposalMap);
    return ipsecVpn;
}

Also used : IpsecVpn(org.batfish.datamodel.IpsecVpn) IkeProposal(org.batfish.datamodel.IkeProposal) IpsecProposal(org.batfish.datamodel.IpsecProposal) Configuration(org.batfish.datamodel.Configuration) IkeGateway(org.batfish.datamodel.IkeGateway) IpsecPolicy(org.batfish.datamodel.IpsecPolicy) IkePolicy(org.batfish.datamodel.IkePolicy) TreeMap(java.util.TreeMap)

Example 10 with IpsecVpn

use of org.batfish.datamodel.IpsecVpn in project batfish by batfish.

the class IpsecVpnStatusAnswererTest method analyzeVpnTestIncompatiblePreSharedKey.

@Test
public void analyzeVpnTestIncompatiblePreSharedKey() {
    IpsecVpn ipsecVpn = createIpsecVpn("local", IkeProposal.PSK_3DES_DH2_MD5, IpsecProposal.NOPFS_ESP_DES_MD5, "key");
    IpsecVpn remote1 = createIpsecVpn("remote1", IkeProposal.PSK_3DES_DH2_MD5, IpsecProposal.NOPFS_ESP_DES_MD5, "key-bad");
    ipsecVpn.initCandidateRemoteVpns();
    ipsecVpn.setRemoteIpsecVpn(remote1);
    ipsecVpn.getCandidateRemoteIpsecVpns().add(remote1);
    IpsecVpnInfo vpnInfo = IpsecVpnStatusAnswerer.analyzeIpsecVpn(ipsecVpn);
    assertThat(vpnInfo.getProblems(), equalTo(Collections.singleton(Problem.INCOMPATIBLE_PRE_SHARED_KEY)));
    assertThat(vpnInfo.getRemoteEndpoint(), equalTo(new IpsecVpnEndpoint(remote1)));
}

Also used : IpsecVpn(org.batfish.datamodel.IpsecVpn) Test(org.junit.Test)

Aggregations

IpsecVpn (org.batfish.datamodel.IpsecVpn)15 Test (org.junit.Test)7 Configuration (org.batfish.datamodel.Configuration)6 BatfishException (org.batfish.common.BatfishException)4 IkeGateway (org.batfish.datamodel.IkeGateway)4 Ip (org.batfish.datamodel.Ip)4 IpsecPolicy (org.batfish.datamodel.IpsecPolicy)4 VisibleForTesting (com.google.common.annotations.VisibleForTesting)3 TreeSet (java.util.TreeSet)3 IkePolicy (org.batfish.datamodel.IkePolicy)3 Interface (org.batfish.datamodel.Interface)3 IpsecProposal (org.batfish.datamodel.IpsecProposal)3 Map (java.util.Map)2 Set (java.util.Set)2 SortedSet (java.util.SortedSet)2 TreeMap (java.util.TreeMap)2 BgpNeighbor (org.batfish.datamodel.BgpNeighbor)2 BgpProcess (org.batfish.datamodel.BgpProcess)2 IkeProposal (org.batfish.datamodel.IkeProposal)2 InterfaceAddress (org.batfish.datamodel.InterfaceAddress)2