Example 26 with Prefix
use of org.batfish.datamodel.Prefix in project batfish by batfish.
the class NetworkAcl method getAcl.
private IpAccessList getAcl(boolean isEgress) {
String listName = _networkAclId + (isEgress ? "_egress" : "_ingress");
Map<Integer, IpAccessListLine> lineMap = new TreeMap<>();
for (NetworkAclEntry entry : _entries) {
if ((isEgress && entry.getIsEgress()) || (!isEgress && !entry.getIsEgress())) {
IpAccessListLine line = new IpAccessListLine();
int key = entry.getRuleNumber();
LineAction action = entry.getIsAllow() ? LineAction.ACCEPT : LineAction.REJECT;
line.setAction(action);
Prefix prefix = entry.getCidrBlock();
if (!prefix.equals(Prefix.ZERO)) {
if (isEgress) {
line.setDstIps(ImmutableSortedSet.of(new IpWildcard(prefix)));
} else {
line.setSrcIps(ImmutableSortedSet.of(new IpWildcard(prefix)));
}
}
IpProtocol protocol = IpPermissions.toIpProtocol(entry.getProtocol());
String protocolStr = protocol != null ? protocol.toString() : "ALL";
if (protocol != null) {
line.setIpProtocols(ImmutableSortedSet.of(protocol));
}
int fromPort = entry.getFromPort();
int toPort = entry.getToPort();
SubRange portRange = new SubRange(fromPort, toPort);
if (fromPort != -1 || toPort != -1) {
if (fromPort == -1) {
fromPort = 0;
}
if (toPort == -1) {
toPort = 65535;
}
line.setDstPorts(ImmutableSortedSet.of(portRange));
}
String portStr;
if (protocol == IpProtocol.ICMP) {
// TODO: flesh these out
portStr = "some ICMP type(s)/code(s)";
} else if ((fromPort == 0 && toPort == 65535) || (fromPort == -1 && toPort == -1)) {
portStr = "ALL";
} else {
portStr = portRange.toString();
}
String actionStr = action == LineAction.ACCEPT ? "ALLOW" : "DENY";
String lineNumber = key == 32767 ? "*" : Integer.toString(key);
line.setName(String.format("%s %s %s %s %s", lineNumber, protocolStr, portStr, prefix, actionStr));
lineMap.put(key, line);
}
}
List<IpAccessListLine> lines = ImmutableList.copyOf(lineMap.values());
IpAccessList list = new IpAccessList(listName, lines);
return list;
}
Also used :
LineAction(org.batfish.datamodel.LineAction)
Prefix(org.batfish.datamodel.Prefix)
TreeMap(java.util.TreeMap)
IpWildcard(org.batfish.datamodel.IpWildcard)
IpProtocol(org.batfish.datamodel.IpProtocol)
IpAccessListLine(org.batfish.datamodel.IpAccessListLine)
SubRange(org.batfish.datamodel.SubRange)
IpAccessList(org.batfish.datamodel.IpAccessList)
Example 27 with Prefix
use of org.batfish.datamodel.Prefix in project batfish by batfish.
the class Graph method createIbgpInterface.
/*
* Create a new "fake" interface to correspond to an abstract
* iBGP control plane edge in the network.
*/
private Interface createIbgpInterface(BgpNeighbor n, String peer) {
Interface iface = new Interface("iBGP-" + peer);
iface.setActive(true);
// TODO is this valid.
Prefix p = n.getPrefix();
assert p.getPrefixLength() == Prefix.MAX_PREFIX_LENGTH;
iface.setAddress(new InterfaceAddress(n.getPrefix().getStartIp(), Prefix.MAX_PREFIX_LENGTH));
iface.setBandwidth(0.);
return iface;
}
Also used :
InterfaceAddress(org.batfish.datamodel.InterfaceAddress)
Prefix(org.batfish.datamodel.Prefix)
Interface(org.batfish.datamodel.Interface)
Example 28 with Prefix
use of org.batfish.datamodel.Prefix in project batfish by batfish.
the class Graph method getOriginatedNetworks.
/*
* Collects and returns all originated prefixes for the given
* router as well as the protocol. Static routes and connected
* routes are treated as originating the prefix.
*/
public static Set<Prefix> getOriginatedNetworks(Configuration conf, Protocol proto) {
Set<Prefix> acc = new HashSet<>();
if (proto.isOspf()) {
OspfProcess ospf = conf.getDefaultVrf().getOspfProcess();
for (OspfArea area : ospf.getAreas().values()) {
for (String ifaceName : area.getInterfaces()) {
Interface iface = conf.getInterfaces().get(ifaceName);
if (iface.getActive() && iface.getOspfEnabled()) {
acc.add(iface.getAddress().getPrefix());
}
}
}
return acc;
}
if (proto.isBgp()) {
RoutingPolicy defaultPol = findCommonRoutingPolicy(conf, Protocol.BGP);
if (defaultPol != null) {
AstVisitor v = new AstVisitor();
v.visit(conf, defaultPol.getStatements(), stmt -> {
}, expr -> {
if (expr instanceof Conjunction) {
Conjunction c = (Conjunction) expr;
if (c.getConjuncts().size() >= 2) {
BooleanExpr be1 = c.getConjuncts().get(0);
BooleanExpr be2 = c.getConjuncts().get(1);
if (be1 instanceof MatchPrefixSet && be2 instanceof Not) {
MatchPrefixSet mps = (MatchPrefixSet) be1;
Not n = (Not) be2;
if (n.getExpr() instanceof MatchProtocol) {
MatchProtocol mp = (MatchProtocol) n.getExpr();
if (mp.getProtocol() == RoutingProtocol.BGP) {
PrefixSetExpr e = mps.getPrefixSet();
if (e instanceof ExplicitPrefixSet) {
ExplicitPrefixSet eps = (ExplicitPrefixSet) e;
Set<PrefixRange> ranges = eps.getPrefixSpace().getPrefixRanges();
for (PrefixRange r : ranges) {
acc.add(r.getPrefix());
}
}
}
}
}
}
}
});
}
return acc;
}
if (proto.isConnected()) {
for (Interface iface : conf.getInterfaces().values()) {
InterfaceAddress address = iface.getAddress();
if (address != null) {
acc.add(address.getPrefix());
}
}
return acc;
}
if (proto.isStatic()) {
for (StaticRoute sr : conf.getDefaultVrf().getStaticRoutes()) {
if (sr.getNetwork() != null) {
acc.add(sr.getNetwork());
}
}
return acc;
}
throw new BatfishException("ERROR: getOriginatedNetworks: " + proto.name());
}
Also used :
BatfishException(org.batfish.common.BatfishException)
PrefixRange(org.batfish.datamodel.PrefixRange)
StaticRoute(org.batfish.datamodel.StaticRoute)
OspfArea(org.batfish.datamodel.OspfArea)
InterfaceAddress(org.batfish.datamodel.InterfaceAddress)
MatchPrefixSet(org.batfish.datamodel.routing_policy.expr.MatchPrefixSet)
PrefixSetExpr(org.batfish.datamodel.routing_policy.expr.PrefixSetExpr)
OspfProcess(org.batfish.datamodel.OspfProcess)
RoutingPolicy(org.batfish.datamodel.routing_policy.RoutingPolicy)
Prefix(org.batfish.datamodel.Prefix)
MatchProtocol(org.batfish.datamodel.routing_policy.expr.MatchProtocol)
Not(org.batfish.datamodel.routing_policy.expr.Not)
ExplicitPrefixSet(org.batfish.datamodel.routing_policy.expr.ExplicitPrefixSet)
Conjunction(org.batfish.datamodel.routing_policy.expr.Conjunction)
Interface(org.batfish.datamodel.Interface)
BooleanExpr(org.batfish.datamodel.routing_policy.expr.BooleanExpr)
HashSet(java.util.HashSet)
Example 29 with Prefix
use of org.batfish.datamodel.Prefix in project batfish by batfish.
the class AbstractionBuilder method createAbstractConfig.
/*
* Creates a new Configuration from an old one for an abstract router
* by copying the old configuration, but removing any concrete interfaces,
* neighbors etc that do not correpond to any abstract neighbors.
*/
private Configuration createAbstractConfig(Set<String> abstractRouters, Configuration conf) {
Configuration abstractConf = new Configuration(conf.getHostname(), conf.getConfigurationFormat());
abstractConf.setDnsServers(conf.getDnsServers());
abstractConf.setDnsSourceInterface(conf.getDnsSourceInterface());
abstractConf.setDomainName(conf.getDomainName());
abstractConf.setAuthenticationKeyChains(conf.getAuthenticationKeyChains());
abstractConf.setIkeGateways(conf.getIkeGateways());
abstractConf.setDefaultCrossZoneAction(conf.getDefaultCrossZoneAction());
abstractConf.setIkePolicies(conf.getIkePolicies());
abstractConf.setIkeProposals(conf.getIkeProposals());
abstractConf.setDefaultInboundAction(conf.getDefaultInboundAction());
abstractConf.setIpAccessLists(conf.getIpAccessLists());
abstractConf.setIp6AccessLists(conf.getIp6AccessLists());
abstractConf.setRouteFilterLists(conf.getRouteFilterLists());
abstractConf.setRoute6FilterLists(conf.getRoute6FilterLists());
abstractConf.setIpsecPolicies(conf.getIpsecPolicies());
abstractConf.setIpsecProposals(conf.getIpsecProposals());
abstractConf.setIpsecVpns(conf.getIpsecVpns());
abstractConf.setLoggingServers(conf.getLoggingServers());
abstractConf.setLoggingSourceInterface(conf.getLoggingSourceInterface());
abstractConf.setNormalVlanRange(conf.getNormalVlanRange());
abstractConf.setNtpServers(conf.getNtpServers());
abstractConf.setNtpSourceInterface(conf.getNtpSourceInterface());
abstractConf.setRoles(conf.getRoles());
abstractConf.setSnmpSourceInterface(conf.getSnmpSourceInterface());
abstractConf.setSnmpTrapServers(conf.getSnmpTrapServers());
abstractConf.setTacacsServers(conf.getTacacsServers());
abstractConf.setTacacsSourceInterface(conf.getTacacsSourceInterface());
abstractConf.setVendorFamily(conf.getVendorFamily());
abstractConf.setZones(conf.getZones());
abstractConf.setCommunityLists(conf.getCommunityLists());
abstractConf.setRoutingPolicies(conf.getRoutingPolicies());
abstractConf.setRoute6FilterLists(conf.getRoute6FilterLists());
SortedSet<Interface> toRetain = new TreeSet<>();
SortedSet<IpLink> ipNeighbors = new TreeSet<>();
SortedSet<BgpNeighbor> bgpNeighbors = new TreeSet<>();
List<GraphEdge> edges = _graph.getEdgeMap().get(conf.getName());
for (GraphEdge ge : edges) {
boolean leavesNetwork = (ge.getPeer() == null);
if (leavesNetwork || (abstractRouters.contains(ge.getRouter()) && abstractRouters.contains(ge.getPeer()))) {
toRetain.add(ge.getStart());
Ip start = ge.getStart().getAddress().getIp();
if (!leavesNetwork) {
Ip end = ge.getEnd().getAddress().getIp();
ipNeighbors.add(new IpLink(start, end));
}
BgpNeighbor n = _graph.getEbgpNeighbors().get(ge);
if (n != null) {
bgpNeighbors.add(n);
}
}
}
// Update interfaces
NavigableMap<String, Interface> abstractInterfaces = new TreeMap<>();
for (Entry<String, Interface> entry : conf.getInterfaces().entrySet()) {
String name = entry.getKey();
Interface iface = entry.getValue();
if (toRetain.contains(iface)) {
abstractInterfaces.put(name, iface);
}
}
abstractConf.setInterfaces(abstractInterfaces);
// Update VRFs
Map<String, Vrf> abstractVrfs = new HashMap<>();
for (Entry<String, Vrf> entry : conf.getVrfs().entrySet()) {
String name = entry.getKey();
Vrf vrf = entry.getValue();
Vrf abstractVrf = new Vrf(name);
abstractVrf.setStaticRoutes(vrf.getStaticRoutes());
abstractVrf.setIsisProcess(vrf.getIsisProcess());
abstractVrf.setRipProcess(vrf.getRipProcess());
abstractVrf.setSnmpServer(vrf.getSnmpServer());
NavigableMap<String, Interface> abstractVrfInterfaces = new TreeMap<>();
for (Entry<String, Interface> entry2 : vrf.getInterfaces().entrySet()) {
String iname = entry2.getKey();
Interface iface = entry2.getValue();
if (toRetain.contains(iface)) {
abstractVrfInterfaces.put(iname, iface);
}
}
abstractVrf.setInterfaces(abstractVrfInterfaces);
abstractVrf.setInterfaceNames(new TreeSet<>(abstractVrfInterfaces.keySet()));
OspfProcess ospf = vrf.getOspfProcess();
if (ospf != null) {
OspfProcess abstractOspf = new OspfProcess();
abstractOspf.setAreas(ospf.getAreas());
abstractOspf.setExportPolicy(ospf.getExportPolicy());
abstractOspf.setReferenceBandwidth(ospf.getReferenceBandwidth());
abstractOspf.setRouterId(ospf.getRouterId());
// Copy over neighbors
Map<IpLink, OspfNeighbor> abstractNeighbors = new HashMap<>();
if (ospf.getOspfNeighbors() != null) {
for (Entry<IpLink, OspfNeighbor> entry2 : ospf.getOspfNeighbors().entrySet()) {
IpLink link = entry2.getKey();
OspfNeighbor neighbor = entry2.getValue();
if (ipNeighbors.contains(link)) {
abstractNeighbors.put(link, neighbor);
}
}
}
abstractOspf.setOspfNeighbors(abstractNeighbors);
abstractVrf.setOspfProcess(abstractOspf);
}
BgpProcess bgp = vrf.getBgpProcess();
if (bgp != null) {
BgpProcess abstractBgp = new BgpProcess();
abstractBgp.setMultipathEbgp(bgp.getMultipathEbgp());
abstractBgp.setMultipathIbgp(bgp.getMultipathIbgp());
abstractBgp.setRouterId(bgp.getRouterId());
abstractBgp.setOriginationSpace(bgp.getOriginationSpace());
// TODO: set bgp neighbors accordingly
// Copy over neighbors
SortedMap<Prefix, BgpNeighbor> abstractBgpNeighbors = new TreeMap<>();
if (bgp.getNeighbors() != null) {
for (Entry<Prefix, BgpNeighbor> entry2 : bgp.getNeighbors().entrySet()) {
Prefix prefix = entry2.getKey();
BgpNeighbor neighbor = entry2.getValue();
if (bgpNeighbors.contains(neighbor)) {
abstractBgpNeighbors.put(prefix, neighbor);
}
}
}
abstractBgp.setNeighbors(abstractBgpNeighbors);
abstractVrf.setBgpProcess(abstractBgp);
}
abstractVrfs.put(name, abstractVrf);
}
abstractConf.setVrfs(abstractVrfs);
return abstractConf;
}
Also used :
IpLink(org.batfish.datamodel.IpLink)
Configuration(org.batfish.datamodel.Configuration)
HashMap(java.util.HashMap)
BgpProcess(org.batfish.datamodel.BgpProcess)
Ip(org.batfish.datamodel.Ip)
Vrf(org.batfish.datamodel.Vrf)
Prefix(org.batfish.datamodel.Prefix)
BgpNeighbor(org.batfish.datamodel.BgpNeighbor)
TreeSet(java.util.TreeSet)
OspfNeighbor(org.batfish.datamodel.OspfNeighbor)
OspfProcess(org.batfish.datamodel.OspfProcess)
TreeMap(java.util.TreeMap)
GraphEdge(org.batfish.symbolic.GraphEdge)
Interface(org.batfish.datamodel.Interface)
Example 30 with Prefix
use of org.batfish.datamodel.Prefix in project batfish by batfish.
the class DestinationClasses method buildPrefixTrie.
private void buildPrefixTrie(Map<String, List<Protocol>> protoMap, List<Prefix> dstIps, List<Prefix> notDstIps, PrefixTrieMap pt) {
// Populate prefix trie
for (Entry<String, Configuration> entry : _graph.getConfigurations().entrySet()) {
String router = entry.getKey();
Configuration conf = entry.getValue();
for (Protocol proto : protoMap.get(router)) {
Set<Prefix> destinations = new HashSet<>();
if (!proto.isStatic()) {
destinations = Graph.getOriginatedNetworks(conf, proto);
}
// Add all destinations to the prefix trie relevant to this slice
for (Prefix p : destinations) {
if (PrefixUtils.overlap(p, dstIps) && !PrefixUtils.overlap(p, notDstIps)) {
Set<Prefix> toAdd = new HashSet<>();
for (Prefix pfx : dstIps) {
if (p.equals(pfx)) {
toAdd.add(p);
} else if (pfx.containsPrefix(p)) {
toAdd.add(p);
} else if (p.containsPrefix(pfx)) {
toAdd.add(pfx);
}
}
for (Prefix prefix : toAdd) {
pt.add(prefix, router);
}
}
}
}
}
}
Also used :
Configuration(org.batfish.datamodel.Configuration)
Prefix(org.batfish.datamodel.Prefix)
Protocol(org.batfish.symbolic.Protocol)
HashSet(java.util.HashSet)
Aggregations
Prefix (org.batfish.datamodel.Prefix)133
Ip (org.batfish.datamodel.Ip)53
Configuration (org.batfish.datamodel.Configuration)33
InterfaceAddress (org.batfish.datamodel.InterfaceAddress)29
Interface (org.batfish.datamodel.Interface)28
BatfishException (org.batfish.common.BatfishException)22
RoutingPolicy (org.batfish.datamodel.routing_policy.RoutingPolicy)20
SubRange (org.batfish.datamodel.SubRange)19
HashMap (java.util.HashMap)18
StaticRoute (org.batfish.datamodel.StaticRoute)18
Test (org.junit.Test)18
ArrayList (java.util.ArrayList)17
BgpNeighbor (org.batfish.datamodel.BgpNeighbor)17
BgpProcess (org.batfish.datamodel.BgpProcess)17
SortedSet (java.util.SortedSet)16
TreeSet (java.util.TreeSet)16
AbstractRoute (org.batfish.datamodel.AbstractRoute)16
RoutingProtocol (org.batfish.datamodel.RoutingProtocol)16
TreeMap (java.util.TreeMap)14
HashSet (java.util.HashSet)13
