Example 21 with RouteFilterList
use of org.batfish.datamodel.RouteFilterList in project batfish by batfish.
the class JuniperConfiguration method toRoutingPolicy.
private RoutingPolicy toRoutingPolicy(PolicyStatement ps) {
String name = ps.getName();
RoutingPolicy routingPolicy = new RoutingPolicy(name, _c);
List<Statement> statements = routingPolicy.getStatements();
boolean hasDefaultTerm = ps.getDefaultTerm().getFroms().size() > 0 || ps.getDefaultTerm().getThens().size() > 0;
List<PsTerm> terms = new ArrayList<>();
terms.addAll(ps.getTerms().values());
if (hasDefaultTerm) {
terms.add(ps.getDefaultTerm());
}
for (PsTerm term : terms) {
List<Statement> thens = toStatements(term.getThens());
if (!term.getFroms().isEmpty()) {
If ifStatement = new If();
ifStatement.setComment(term.getName());
Conjunction conj = new Conjunction();
List<BooleanExpr> subroutines = new ArrayList<>();
for (PsFrom from : term.getFroms()) {
if (from instanceof PsFromRouteFilter) {
int actionLineCounter = 0;
PsFromRouteFilter fromRouteFilter = (PsFromRouteFilter) from;
String routeFilterName = fromRouteFilter.getRouteFilterName();
RouteFilter rf = _routeFilters.get(routeFilterName);
for (RouteFilterLine line : rf.getLines()) {
if (line.getThens().size() > 0) {
String lineListName = name + "_ACTION_LINE_" + actionLineCounter;
RouteFilterList lineSpecificList = new RouteFilterList(lineListName);
line.applyTo(lineSpecificList);
actionLineCounter++;
_c.getRouteFilterLists().put(lineListName, lineSpecificList);
If lineSpecificIfStatement = new If();
String lineSpecificClauseName = routeFilterName + "_ACTION_LINE_" + actionLineCounter;
lineSpecificIfStatement.setComment(lineSpecificClauseName);
MatchPrefixSet mrf = new MatchPrefixSet(new DestinationNetwork(), new NamedPrefixSet(lineListName));
lineSpecificIfStatement.setGuard(mrf);
lineSpecificIfStatement.getTrueStatements().addAll(toStatements(line.getThens()));
statements.add(lineSpecificIfStatement);
}
}
}
BooleanExpr booleanExpr = from.toBooleanExpr(this, _c, _w);
if (from instanceof PsFromPolicyStatement || from instanceof PsFromPolicyStatementConjunction) {
subroutines.add(booleanExpr);
} else {
conj.getConjuncts().add(booleanExpr);
}
}
if (!subroutines.isEmpty()) {
ConjunctionChain chain = new ConjunctionChain(subroutines);
conj.getConjuncts().add(chain);
}
BooleanExpr guard = conj.simplify();
ifStatement.setGuard(guard);
ifStatement.getTrueStatements().addAll(thens);
statements.add(ifStatement);
} else {
statements.addAll(thens);
}
}
If endOfPolicy = new If();
endOfPolicy.setGuard(BooleanExprs.CallExprContext.toStaticBooleanExpr());
endOfPolicy.setFalseStatements(Collections.singletonList(Statements.Return.toStaticStatement()));
statements.add(endOfPolicy);
return routingPolicy;
}
Also used :
NamedPrefixSet(org.batfish.datamodel.routing_policy.expr.NamedPrefixSet)
Statement(org.batfish.datamodel.routing_policy.statement.Statement)
MatchPrefixSet(org.batfish.datamodel.routing_policy.expr.MatchPrefixSet)
ArrayList(java.util.ArrayList)
RoutingPolicy(org.batfish.datamodel.routing_policy.RoutingPolicy)
ConjunctionChain(org.batfish.datamodel.routing_policy.expr.ConjunctionChain)
DestinationNetwork(org.batfish.datamodel.routing_policy.expr.DestinationNetwork)
RouteFilterList(org.batfish.datamodel.RouteFilterList)
Conjunction(org.batfish.datamodel.routing_policy.expr.Conjunction)
If(org.batfish.datamodel.routing_policy.statement.If)
BooleanExpr(org.batfish.datamodel.routing_policy.expr.BooleanExpr)
Example 22 with RouteFilterList
use of org.batfish.datamodel.RouteFilterList in project batfish by batfish.
the class JuniperConfiguration method toVendorIndependentConfiguration.
@Override
public Configuration toVendorIndependentConfiguration() throws VendorConversionException {
String hostname = getHostname();
_c = new Configuration(hostname, _vendor);
_c.setAuthenticationKeyChains(convertAuthenticationKeyChains(_authenticationKeyChains));
_c.setRoles(_roles);
_c.setDnsServers(_dnsServers);
_c.setDomainName(_defaultRoutingInstance.getDomainName());
_c.setLoggingServers(_syslogHosts);
_c.setNtpServers(_ntpServers);
_c.setTacacsServers(_tacplusServers);
_c.getVendorFamily().setJuniper(_jf);
for (String riName : _routingInstances.keySet()) {
_c.getVrfs().put(riName, new Vrf(riName));
}
// convert prefix lists to route filter lists
for (Entry<String, PrefixList> e : _prefixLists.entrySet()) {
String name = e.getKey();
PrefixList pl = e.getValue();
RouteFilterList rfl = new RouteFilterList(name);
for (Prefix prefix : pl.getPrefixes()) {
int prefixLength = prefix.getPrefixLength();
org.batfish.datamodel.RouteFilterLine line = new org.batfish.datamodel.RouteFilterLine(LineAction.ACCEPT, prefix, new SubRange(prefixLength, prefixLength));
rfl.addLine(line);
}
_c.getRouteFilterLists().put(name, rfl);
}
// remove ipv6 lines from firewall filters
for (FirewallFilter filter : _filters.values()) {
Set<String> toRemove = new HashSet<>();
for (Entry<String, FwTerm> e2 : filter.getTerms().entrySet()) {
String termName = e2.getKey();
FwTerm term = e2.getValue();
if (term.getIpv6()) {
toRemove.add(termName);
}
}
for (String termName : toRemove) {
filter.getTerms().remove(termName);
}
}
// remove empty firewall filters (ipv6-only filters)
Map<String, FirewallFilter> allFilters = new LinkedHashMap<>();
allFilters.putAll(_filters);
for (Entry<String, FirewallFilter> e : allFilters.entrySet()) {
String name = e.getKey();
FirewallFilter filter = e.getValue();
if (filter.getTerms().size() == 0) {
_filters.remove(name);
}
}
// convert firewall filters to ipaccesslists
for (Entry<String, FirewallFilter> e : _filters.entrySet()) {
String name = e.getKey();
FirewallFilter filter = e.getValue();
// TODO: support other filter families
if (filter.getFamily() != Family.INET) {
continue;
}
IpAccessList list = toIpAccessList(filter);
_c.getIpAccessLists().put(name, list);
}
// objects
for (Entry<String, FirewallFilter> e : _filters.entrySet()) {
String name = e.getKey();
FirewallFilter filter = e.getValue();
if (filter.getRoutingPolicy()) {
// TODO: support other filter families
if (filter.getFamily() != Family.INET) {
continue;
}
RoutingPolicy routingPolicy = toRoutingPolicy(filter);
_c.getRoutingPolicies().put(name, routingPolicy);
}
}
// convert route filters to route filter lists
for (Entry<String, RouteFilter> e : _routeFilters.entrySet()) {
String name = e.getKey();
RouteFilter rf = e.getValue();
if (rf.getIpv4()) {
RouteFilterList rfl = new RouteFilterList(name);
for (RouteFilterLine line : rf.getLines()) {
if (line.getThens().size() == 0) {
line.applyTo(rfl);
}
}
_c.getRouteFilterLists().put(name, rfl);
}
if (rf.getIpv6()) {
Route6FilterList rfl = new Route6FilterList(name);
for (RouteFilterLine line : rf.getLines()) {
if (line.getThens().size() == 0) {
line.applyTo(rfl);
}
}
_c.getRoute6FilterLists().put(name, rfl);
}
}
// convert community lists
for (Entry<String, CommunityList> e : _communityLists.entrySet()) {
String name = e.getKey();
CommunityList cl = e.getValue();
org.batfish.datamodel.CommunityList newCl = toCommunityList(cl);
_c.getCommunityLists().put(name, newCl);
}
// convert policy-statements to RoutingPolicy objects
for (Entry<String, PolicyStatement> e : _policyStatements.entrySet()) {
String name = e.getKey();
PolicyStatement ps = e.getValue();
RoutingPolicy routingPolicy = toRoutingPolicy(ps);
_c.getRoutingPolicies().put(name, routingPolicy);
}
// convert interfaces
Map<String, Interface> allInterfaces = new LinkedHashMap<>();
for (Interface iface : _interfaces.values()) {
allInterfaces.putAll(iface.getUnits());
}
for (NodeDevice nd : _nodeDevices.values()) {
for (Interface iface : nd.getInterfaces().values()) {
allInterfaces.putAll(iface.getUnits());
}
}
for (Entry<String, Interface> eUnit : allInterfaces.entrySet()) {
String unitName = eUnit.getKey();
Interface unitIface = eUnit.getValue();
unitIface.inheritUnsetFields();
org.batfish.datamodel.Interface newUnitIface = toInterface(unitIface);
_c.getInterfaces().put(unitName, newUnitIface);
Vrf vrf = newUnitIface.getVrf();
String vrfName = vrf.getName();
vrf.getInterfaces().put(unitName, newUnitIface);
_routingInstances.get(vrfName).getInterfaces().put(unitName, unitIface);
}
// set router-id
if (_defaultRoutingInstance.getRouterId() == null) {
Interface loopback0 = _defaultRoutingInstance.getInterfaces().get(FIRST_LOOPBACK_INTERFACE_NAME);
if (loopback0 != null) {
Interface loopback0unit0 = loopback0.getUnits().get(FIRST_LOOPBACK_INTERFACE_NAME + ".0");
if (loopback0unit0 != null) {
InterfaceAddress address = loopback0unit0.getPrimaryAddress();
if (address != null) {
// now we should set router-id
Ip routerId = address.getIp();
_defaultRoutingInstance.setRouterId(routerId);
}
}
}
}
// copy ike proposals
_c.getIkeProposals().putAll(_ikeProposals);
// convert ike policies
for (Entry<String, IkePolicy> e : _ikePolicies.entrySet()) {
String name = e.getKey();
IkePolicy oldIkePolicy = e.getValue();
org.batfish.datamodel.IkePolicy newPolicy = toIkePolicy(oldIkePolicy);
_c.getIkePolicies().put(name, newPolicy);
}
// convert ike gateways
for (Entry<String, IkeGateway> e : _ikeGateways.entrySet()) {
String name = e.getKey();
IkeGateway oldIkeGateway = e.getValue();
org.batfish.datamodel.IkeGateway newIkeGateway = toIkeGateway(oldIkeGateway);
_c.getIkeGateways().put(name, newIkeGateway);
}
// copy ipsec proposals
_c.getIpsecProposals().putAll(_ipsecProposals);
// convert ipsec policies
for (Entry<String, IpsecPolicy> e : _ipsecPolicies.entrySet()) {
String name = e.getKey();
IpsecPolicy oldIpsecPolicy = e.getValue();
org.batfish.datamodel.IpsecPolicy newPolicy = toIpsecPolicy(oldIpsecPolicy);
_c.getIpsecPolicies().put(name, newPolicy);
}
// convert ipsec vpns
for (Entry<String, IpsecVpn> e : _ipsecVpns.entrySet()) {
String name = e.getKey();
IpsecVpn oldIpsecVpn = e.getValue();
org.batfish.datamodel.IpsecVpn newIpsecVpn = toIpsecVpn(oldIpsecVpn);
_c.getIpsecVpns().put(name, newIpsecVpn);
}
// zones
for (Zone zone : _zones.values()) {
org.batfish.datamodel.Zone newZone = toZone(zone);
_c.getZones().put(zone.getName(), newZone);
}
// default zone behavior
_c.setDefaultCrossZoneAction(_defaultCrossZoneAction);
_c.setDefaultInboundAction(_defaultInboundAction);
for (Entry<String, RoutingInstance> e : _routingInstances.entrySet()) {
String riName = e.getKey();
RoutingInstance ri = e.getValue();
Vrf vrf = _c.getVrfs().get(riName);
// dhcp relay
for (Entry<String, DhcpRelayGroup> e2 : ri.getDhcpRelayGroups().entrySet()) {
DhcpRelayGroup rg = e2.getValue();
List<org.batfish.datamodel.Interface> interfaces = new ArrayList<>();
if (rg.getAllInterfaces()) {
interfaces.addAll(_c.getInterfaces().values());
} else {
for (String ifaceName : rg.getInterfaces()) {
org.batfish.datamodel.Interface iface = _c.getInterfaces().get(ifaceName);
interfaces.add(iface);
}
}
String asgName = rg.getActiveServerGroup();
if (asgName != null) {
DhcpRelayServerGroup asg = ri.getDhcpRelayServerGroups().get(asgName);
if (asg == null) {
int asgLine = rg.getActiveServerGroupLine();
undefined(JuniperStructureType.DHCP_RELAY_SERVER_GROUP, asgName, JuniperStructureUsage.DHCP_RELAY_GROUP_ACTIVE_SERVER_GROUP, asgLine);
} else {
for (org.batfish.datamodel.Interface iface : interfaces) {
iface.getDhcpRelayAddresses().addAll(asg.getServers());
}
}
}
}
// snmp
SnmpServer snmpServer = ri.getSnmpServer();
vrf.setSnmpServer(snmpServer);
if (snmpServer != null) {
for (SnmpCommunity community : snmpServer.getCommunities().values()) {
String listName = community.getAccessList();
if (listName != null) {
int listLine = community.getAccessListLine();
PrefixList prefixList = _prefixLists.get(listName);
if (prefixList != null) {
prefixList.getReferers().put(community, "prefix-list for community: " + community.getName());
} else {
undefined(JuniperStructureType.PREFIX_LIST, listName, JuniperStructureUsage.SNMP_COMMUNITY_PREFIX_LIST, listLine);
}
}
}
}
// static routes
for (StaticRoute route : _defaultRoutingInstance.getRibs().get(RoutingInformationBase.RIB_IPV4_UNICAST).getStaticRoutes().values()) {
org.batfish.datamodel.StaticRoute newStaticRoute = toStaticRoute(route);
vrf.getStaticRoutes().add(newStaticRoute);
}
// aggregate routes
for (AggregateRoute route : _defaultRoutingInstance.getRibs().get(RoutingInformationBase.RIB_IPV4_UNICAST).getAggregateRoutes().values()) {
org.batfish.datamodel.GeneratedRoute newAggregateRoute = toAggregateRoute(route);
vrf.getGeneratedRoutes().add(newAggregateRoute);
}
// generated routes
for (GeneratedRoute route : _defaultRoutingInstance.getRibs().get(RoutingInformationBase.RIB_IPV4_UNICAST).getGeneratedRoutes().values()) {
org.batfish.datamodel.GeneratedRoute newGeneratedRoute = toGeneratedRoute(route);
vrf.getGeneratedRoutes().add(newGeneratedRoute);
}
// create ospf process
if (ri.getOspfAreas().size() > 0) {
OspfProcess oproc = createOspfProcess(ri);
vrf.setOspfProcess(oproc);
}
// create is-is process
// is-is runs only if iso address is configured on lo0 unit 0
Interface loopback0 = _defaultRoutingInstance.getInterfaces().get(FIRST_LOOPBACK_INTERFACE_NAME);
if (loopback0 != null) {
Interface loopback0unit0 = loopback0.getUnits().get(FIRST_LOOPBACK_INTERFACE_NAME + ".0");
if (loopback0unit0 != null) {
IsoAddress isisNet = loopback0unit0.getIsoAddress();
if (isisNet != null) {
// now we should create is-is process
IsisProcess proc = createIsisProcess(ri, isisNet);
vrf.setIsisProcess(proc);
}
}
}
// create bgp process
if (ri.getNamedBgpGroups().size() > 0 || ri.getIpBgpGroups().size() > 0) {
BgpProcess proc = createBgpProcess(ri);
vrf.setBgpProcess(proc);
}
}
// mark forwarding table export policy if it exists
String forwardingTableExportPolicyName = _defaultRoutingInstance.getForwardingTableExportPolicy();
if (forwardingTableExportPolicyName != null) {
int forwardingTableExportPolicyLine = _defaultRoutingInstance.getForwardingTableExportPolicyLine();
PolicyStatement forwardingTableExportPolicy = _policyStatements.get(forwardingTableExportPolicyName);
if (forwardingTableExportPolicy != null) {
setPolicyStatementReferent(forwardingTableExportPolicyName, _defaultRoutingInstance, "Forwarding-table export policy");
} else {
undefined(JuniperStructureType.POLICY_STATEMENT, forwardingTableExportPolicyName, JuniperStructureUsage.FORWARDING_TABLE_EXPORT_POLICY, forwardingTableExportPolicyLine);
}
}
// mark references to authentication key chain that may not appear in data model
markAuthenticationKeyChains(JuniperStructureUsage.AUTHENTICATION_KEY_CHAINS_POLICY, _c);
markStructure(JuniperStructureType.FIREWALL_FILTER, JuniperStructureUsage.INTERFACE_FILTER, _filters);
// warn about unreferenced data structures
warnUnreferencedAuthenticationKeyChains();
warnUnreferencedBgpGroups();
warnUnreferencedDhcpRelayServerGroups();
warnUnreferencedPolicyStatements();
warnUnreferencedFirewallFilters();
warnUnreferencedIkeProposals();
warnUnreferencedIkePolicies();
warnUnreferencedIkeGateways();
warnUnreferencedIpsecProposals();
warnUnreferencedIpsecPolicies();
warnUnusedPrefixLists();
warnEmptyPrefixLists();
warnAndDisableUnreferencedStInterfaces();
_c.computeRoutingPolicySources(_w);
return _c;
}
Also used :
VendorConfiguration(org.batfish.vendor.VendorConfiguration)
Configuration(org.batfish.datamodel.Configuration)
BgpProcess(org.batfish.datamodel.BgpProcess)
ArrayList(java.util.ArrayList)
Vrf(org.batfish.datamodel.Vrf)
LinkedHashMap(java.util.LinkedHashMap)
HashSet(java.util.HashSet)
SnmpCommunity(org.batfish.datamodel.SnmpCommunity)
InterfaceAddress(org.batfish.datamodel.InterfaceAddress)
IpAccessList(org.batfish.datamodel.IpAccessList)
Ip(org.batfish.datamodel.Ip)
Prefix(org.batfish.datamodel.Prefix)
SubRange(org.batfish.datamodel.SubRange)
IsisProcess(org.batfish.datamodel.IsisProcess)
RoutingPolicy(org.batfish.datamodel.routing_policy.RoutingPolicy)
OspfProcess(org.batfish.datamodel.OspfProcess)
Route6FilterList(org.batfish.datamodel.Route6FilterList)
IsoAddress(org.batfish.datamodel.IsoAddress)
RouteFilterList(org.batfish.datamodel.RouteFilterList)
SnmpServer(org.batfish.datamodel.SnmpServer)
Example 23 with RouteFilterList
use of org.batfish.datamodel.RouteFilterList in project batfish by batfish.
the class FwFromSourcePrefixList method applyTo.
@Override
public void applyTo(IpAccessListLine line, JuniperConfiguration jc, Warnings w, Configuration c) {
PrefixList pl = jc.getPrefixLists().get(_name);
if (pl != null) {
pl.getReferers().put(this, "firewall from source-prefix-list");
if (pl.getIpv6()) {
return;
}
RouteFilterList sourcePrefixList = c.getRouteFilterLists().get(_name);
List<IpWildcard> wildcards = sourcePrefixList.getMatchingIps();
line.setSrcIps(Iterables.concat(line.getSrcIps(), wildcards));
} else {
w.redFlag("Reference to undefined source prefix-list: \"" + _name + "\"");
}
}
Also used :
IpWildcard(org.batfish.datamodel.IpWildcard)
RouteFilterList(org.batfish.datamodel.RouteFilterList)
Example 24 with RouteFilterList
use of org.batfish.datamodel.RouteFilterList in project batfish by batfish.
the class FwFromDestinationPrefixListExcept method applyTo.
@Override
public void applyTo(IpAccessListLine line, JuniperConfiguration jc, Warnings w, Configuration c) {
PrefixList pl = jc.getPrefixLists().get(_name);
if (pl != null) {
pl.getReferers().put(this, "firewall from destination-prefix-list");
if (pl.getIpv6()) {
return;
}
RouteFilterList destinationPrefixList = c.getRouteFilterLists().get(_name);
List<IpWildcard> wildcards = destinationPrefixList.getMatchingIps();
line.setNotDstIps(Iterables.concat(line.getNotDstIps(), wildcards));
} else {
w.redFlag("Reference to undefined source prefix-list: \"" + _name + "\"");
}
}
Also used :
IpWildcard(org.batfish.datamodel.IpWildcard)
RouteFilterList(org.batfish.datamodel.RouteFilterList)
Aggregations
RouteFilterList (org.batfish.datamodel.RouteFilterList)24
Prefix (org.batfish.datamodel.Prefix)11
NamedPrefixSet (org.batfish.datamodel.routing_policy.expr.NamedPrefixSet)11
DestinationNetwork (org.batfish.datamodel.routing_policy.expr.DestinationNetwork)10
MatchPrefixSet (org.batfish.datamodel.routing_policy.expr.MatchPrefixSet)10
SubRange (org.batfish.datamodel.SubRange)9
RoutingPolicy (org.batfish.datamodel.routing_policy.RoutingPolicy)9
RouteFilterLine (org.batfish.datamodel.RouteFilterLine)8
Ip (org.batfish.datamodel.Ip)7
If (org.batfish.datamodel.routing_policy.statement.If)7
ArrayList (java.util.ArrayList)6
BatfishException (org.batfish.common.BatfishException)6
IpWildcard (org.batfish.datamodel.IpWildcard)6
Conjunction (org.batfish.datamodel.routing_policy.expr.Conjunction)6
Statement (org.batfish.datamodel.routing_policy.statement.Statement)6
Configuration (org.batfish.datamodel.Configuration)5
InterfaceAddress (org.batfish.datamodel.InterfaceAddress)5
PrefixRange (org.batfish.datamodel.PrefixRange)5
Route6FilterList (org.batfish.datamodel.Route6FilterList)5
BooleanExpr (org.batfish.datamodel.routing_policy.expr.BooleanExpr)5
