Search in sources :

Example 61 with SubRange

use of org.batfish.datamodel.SubRange in project batfish by batfish.

the class EncoderSlice method isRelevantFor.

/*
   * Check if a prefix range match is applicable for the packet destination
   * Ip address, given the prefix length variable.
   */
BoolExpr isRelevantFor(ArithExpr prefixLen, PrefixRange range) {
    Prefix p = range.getPrefix();
    SubRange r = range.getLengthRange();
    long pfx = p.getStartIp().asLong();
    int len = p.getPrefixLength();
    int lower = r.getStart();
    int upper = r.getEnd();
    // well formed prefix
    assert (p.getPrefixLength() <= lower && lower <= upper);
    BoolExpr lowerBitsMatch = firstBitsEqual(_symbolicPacket.getDstIp(), pfx, len);
    if (lower == upper) {
        BoolExpr equalLen = mkEq(prefixLen, mkInt(lower));
        return mkAnd(equalLen, lowerBitsMatch);
    } else {
        BoolExpr lengthLowerBound = mkGe(prefixLen, mkInt(lower));
        BoolExpr lengthUpperBound = mkLe(prefixLen, mkInt(upper));
        return mkAnd(lengthLowerBound, lengthUpperBound, lowerBitsMatch);
    }
}
Also used : BoolExpr(com.microsoft.z3.BoolExpr) Prefix(org.batfish.datamodel.Prefix) SubRange(org.batfish.datamodel.SubRange)

Example 62 with SubRange

use of org.batfish.datamodel.SubRange in project batfish by batfish.

the class JuniperConfiguration method toVendorIndependentConfiguration.

@Override
public Configuration toVendorIndependentConfiguration() throws VendorConversionException {
    String hostname = getHostname();
    _c = new Configuration(hostname, _vendor);
    _c.setAuthenticationKeyChains(convertAuthenticationKeyChains(_authenticationKeyChains));
    _c.setRoles(_roles);
    _c.setDnsServers(_dnsServers);
    _c.setDomainName(_defaultRoutingInstance.getDomainName());
    _c.setLoggingServers(_syslogHosts);
    _c.setNtpServers(_ntpServers);
    _c.setTacacsServers(_tacplusServers);
    _c.getVendorFamily().setJuniper(_jf);
    for (String riName : _routingInstances.keySet()) {
        _c.getVrfs().put(riName, new Vrf(riName));
    }
    // convert prefix lists to route filter lists
    for (Entry<String, PrefixList> e : _prefixLists.entrySet()) {
        String name = e.getKey();
        PrefixList pl = e.getValue();
        RouteFilterList rfl = new RouteFilterList(name);
        for (Prefix prefix : pl.getPrefixes()) {
            int prefixLength = prefix.getPrefixLength();
            org.batfish.datamodel.RouteFilterLine line = new org.batfish.datamodel.RouteFilterLine(LineAction.ACCEPT, prefix, new SubRange(prefixLength, prefixLength));
            rfl.addLine(line);
        }
        _c.getRouteFilterLists().put(name, rfl);
    }
    // remove ipv6 lines from firewall filters
    for (FirewallFilter filter : _filters.values()) {
        Set<String> toRemove = new HashSet<>();
        for (Entry<String, FwTerm> e2 : filter.getTerms().entrySet()) {
            String termName = e2.getKey();
            FwTerm term = e2.getValue();
            if (term.getIpv6()) {
                toRemove.add(termName);
            }
        }
        for (String termName : toRemove) {
            filter.getTerms().remove(termName);
        }
    }
    // remove empty firewall filters (ipv6-only filters)
    Map<String, FirewallFilter> allFilters = new LinkedHashMap<>();
    allFilters.putAll(_filters);
    for (Entry<String, FirewallFilter> e : allFilters.entrySet()) {
        String name = e.getKey();
        FirewallFilter filter = e.getValue();
        if (filter.getTerms().size() == 0) {
            _filters.remove(name);
        }
    }
    // convert firewall filters to ipaccesslists
    for (Entry<String, FirewallFilter> e : _filters.entrySet()) {
        String name = e.getKey();
        FirewallFilter filter = e.getValue();
        // TODO: support other filter families
        if (filter.getFamily() != Family.INET) {
            continue;
        }
        IpAccessList list = toIpAccessList(filter);
        _c.getIpAccessLists().put(name, list);
    }
    // objects
    for (Entry<String, FirewallFilter> e : _filters.entrySet()) {
        String name = e.getKey();
        FirewallFilter filter = e.getValue();
        if (filter.getRoutingPolicy()) {
            // TODO: support other filter families
            if (filter.getFamily() != Family.INET) {
                continue;
            }
            RoutingPolicy routingPolicy = toRoutingPolicy(filter);
            _c.getRoutingPolicies().put(name, routingPolicy);
        }
    }
    // convert route filters to route filter lists
    for (Entry<String, RouteFilter> e : _routeFilters.entrySet()) {
        String name = e.getKey();
        RouteFilter rf = e.getValue();
        if (rf.getIpv4()) {
            RouteFilterList rfl = new RouteFilterList(name);
            for (RouteFilterLine line : rf.getLines()) {
                if (line.getThens().size() == 0) {
                    line.applyTo(rfl);
                }
            }
            _c.getRouteFilterLists().put(name, rfl);
        }
        if (rf.getIpv6()) {
            Route6FilterList rfl = new Route6FilterList(name);
            for (RouteFilterLine line : rf.getLines()) {
                if (line.getThens().size() == 0) {
                    line.applyTo(rfl);
                }
            }
            _c.getRoute6FilterLists().put(name, rfl);
        }
    }
    // convert community lists
    for (Entry<String, CommunityList> e : _communityLists.entrySet()) {
        String name = e.getKey();
        CommunityList cl = e.getValue();
        org.batfish.datamodel.CommunityList newCl = toCommunityList(cl);
        _c.getCommunityLists().put(name, newCl);
    }
    // convert policy-statements to RoutingPolicy objects
    for (Entry<String, PolicyStatement> e : _policyStatements.entrySet()) {
        String name = e.getKey();
        PolicyStatement ps = e.getValue();
        RoutingPolicy routingPolicy = toRoutingPolicy(ps);
        _c.getRoutingPolicies().put(name, routingPolicy);
    }
    // convert interfaces
    Map<String, Interface> allInterfaces = new LinkedHashMap<>();
    for (Interface iface : _interfaces.values()) {
        allInterfaces.putAll(iface.getUnits());
    }
    for (NodeDevice nd : _nodeDevices.values()) {
        for (Interface iface : nd.getInterfaces().values()) {
            allInterfaces.putAll(iface.getUnits());
        }
    }
    for (Entry<String, Interface> eUnit : allInterfaces.entrySet()) {
        String unitName = eUnit.getKey();
        Interface unitIface = eUnit.getValue();
        unitIface.inheritUnsetFields();
        org.batfish.datamodel.Interface newUnitIface = toInterface(unitIface);
        _c.getInterfaces().put(unitName, newUnitIface);
        Vrf vrf = newUnitIface.getVrf();
        String vrfName = vrf.getName();
        vrf.getInterfaces().put(unitName, newUnitIface);
        _routingInstances.get(vrfName).getInterfaces().put(unitName, unitIface);
    }
    // set router-id
    if (_defaultRoutingInstance.getRouterId() == null) {
        Interface loopback0 = _defaultRoutingInstance.getInterfaces().get(FIRST_LOOPBACK_INTERFACE_NAME);
        if (loopback0 != null) {
            Interface loopback0unit0 = loopback0.getUnits().get(FIRST_LOOPBACK_INTERFACE_NAME + ".0");
            if (loopback0unit0 != null) {
                InterfaceAddress address = loopback0unit0.getPrimaryAddress();
                if (address != null) {
                    // now we should set router-id
                    Ip routerId = address.getIp();
                    _defaultRoutingInstance.setRouterId(routerId);
                }
            }
        }
    }
    // copy ike proposals
    _c.getIkeProposals().putAll(_ikeProposals);
    // convert ike policies
    for (Entry<String, IkePolicy> e : _ikePolicies.entrySet()) {
        String name = e.getKey();
        IkePolicy oldIkePolicy = e.getValue();
        org.batfish.datamodel.IkePolicy newPolicy = toIkePolicy(oldIkePolicy);
        _c.getIkePolicies().put(name, newPolicy);
    }
    // convert ike gateways
    for (Entry<String, IkeGateway> e : _ikeGateways.entrySet()) {
        String name = e.getKey();
        IkeGateway oldIkeGateway = e.getValue();
        org.batfish.datamodel.IkeGateway newIkeGateway = toIkeGateway(oldIkeGateway);
        _c.getIkeGateways().put(name, newIkeGateway);
    }
    // copy ipsec proposals
    _c.getIpsecProposals().putAll(_ipsecProposals);
    // convert ipsec policies
    for (Entry<String, IpsecPolicy> e : _ipsecPolicies.entrySet()) {
        String name = e.getKey();
        IpsecPolicy oldIpsecPolicy = e.getValue();
        org.batfish.datamodel.IpsecPolicy newPolicy = toIpsecPolicy(oldIpsecPolicy);
        _c.getIpsecPolicies().put(name, newPolicy);
    }
    // convert ipsec vpns
    for (Entry<String, IpsecVpn> e : _ipsecVpns.entrySet()) {
        String name = e.getKey();
        IpsecVpn oldIpsecVpn = e.getValue();
        org.batfish.datamodel.IpsecVpn newIpsecVpn = toIpsecVpn(oldIpsecVpn);
        _c.getIpsecVpns().put(name, newIpsecVpn);
    }
    // zones
    for (Zone zone : _zones.values()) {
        org.batfish.datamodel.Zone newZone = toZone(zone);
        _c.getZones().put(zone.getName(), newZone);
    }
    // default zone behavior
    _c.setDefaultCrossZoneAction(_defaultCrossZoneAction);
    _c.setDefaultInboundAction(_defaultInboundAction);
    for (Entry<String, RoutingInstance> e : _routingInstances.entrySet()) {
        String riName = e.getKey();
        RoutingInstance ri = e.getValue();
        Vrf vrf = _c.getVrfs().get(riName);
        // dhcp relay
        for (Entry<String, DhcpRelayGroup> e2 : ri.getDhcpRelayGroups().entrySet()) {
            DhcpRelayGroup rg = e2.getValue();
            List<org.batfish.datamodel.Interface> interfaces = new ArrayList<>();
            if (rg.getAllInterfaces()) {
                interfaces.addAll(_c.getInterfaces().values());
            } else {
                for (String ifaceName : rg.getInterfaces()) {
                    org.batfish.datamodel.Interface iface = _c.getInterfaces().get(ifaceName);
                    interfaces.add(iface);
                }
            }
            String asgName = rg.getActiveServerGroup();
            if (asgName != null) {
                DhcpRelayServerGroup asg = ri.getDhcpRelayServerGroups().get(asgName);
                if (asg == null) {
                    int asgLine = rg.getActiveServerGroupLine();
                    undefined(JuniperStructureType.DHCP_RELAY_SERVER_GROUP, asgName, JuniperStructureUsage.DHCP_RELAY_GROUP_ACTIVE_SERVER_GROUP, asgLine);
                } else {
                    for (org.batfish.datamodel.Interface iface : interfaces) {
                        iface.getDhcpRelayAddresses().addAll(asg.getServers());
                    }
                }
            }
        }
        // snmp
        SnmpServer snmpServer = ri.getSnmpServer();
        vrf.setSnmpServer(snmpServer);
        if (snmpServer != null) {
            for (SnmpCommunity community : snmpServer.getCommunities().values()) {
                String listName = community.getAccessList();
                if (listName != null) {
                    int listLine = community.getAccessListLine();
                    PrefixList prefixList = _prefixLists.get(listName);
                    if (prefixList != null) {
                        prefixList.getReferers().put(community, "prefix-list for community: " + community.getName());
                    } else {
                        undefined(JuniperStructureType.PREFIX_LIST, listName, JuniperStructureUsage.SNMP_COMMUNITY_PREFIX_LIST, listLine);
                    }
                }
            }
        }
        // static routes
        for (StaticRoute route : _defaultRoutingInstance.getRibs().get(RoutingInformationBase.RIB_IPV4_UNICAST).getStaticRoutes().values()) {
            org.batfish.datamodel.StaticRoute newStaticRoute = toStaticRoute(route);
            vrf.getStaticRoutes().add(newStaticRoute);
        }
        // aggregate routes
        for (AggregateRoute route : _defaultRoutingInstance.getRibs().get(RoutingInformationBase.RIB_IPV4_UNICAST).getAggregateRoutes().values()) {
            org.batfish.datamodel.GeneratedRoute newAggregateRoute = toAggregateRoute(route);
            vrf.getGeneratedRoutes().add(newAggregateRoute);
        }
        // generated routes
        for (GeneratedRoute route : _defaultRoutingInstance.getRibs().get(RoutingInformationBase.RIB_IPV4_UNICAST).getGeneratedRoutes().values()) {
            org.batfish.datamodel.GeneratedRoute newGeneratedRoute = toGeneratedRoute(route);
            vrf.getGeneratedRoutes().add(newGeneratedRoute);
        }
        // create ospf process
        if (ri.getOspfAreas().size() > 0) {
            OspfProcess oproc = createOspfProcess(ri);
            vrf.setOspfProcess(oproc);
        }
        // create is-is process
        // is-is runs only if iso address is configured on lo0 unit 0
        Interface loopback0 = _defaultRoutingInstance.getInterfaces().get(FIRST_LOOPBACK_INTERFACE_NAME);
        if (loopback0 != null) {
            Interface loopback0unit0 = loopback0.getUnits().get(FIRST_LOOPBACK_INTERFACE_NAME + ".0");
            if (loopback0unit0 != null) {
                IsoAddress isisNet = loopback0unit0.getIsoAddress();
                if (isisNet != null) {
                    // now we should create is-is process
                    IsisProcess proc = createIsisProcess(ri, isisNet);
                    vrf.setIsisProcess(proc);
                }
            }
        }
        // create bgp process
        if (ri.getNamedBgpGroups().size() > 0 || ri.getIpBgpGroups().size() > 0) {
            BgpProcess proc = createBgpProcess(ri);
            vrf.setBgpProcess(proc);
        }
    }
    // mark forwarding table export policy if it exists
    String forwardingTableExportPolicyName = _defaultRoutingInstance.getForwardingTableExportPolicy();
    if (forwardingTableExportPolicyName != null) {
        int forwardingTableExportPolicyLine = _defaultRoutingInstance.getForwardingTableExportPolicyLine();
        PolicyStatement forwardingTableExportPolicy = _policyStatements.get(forwardingTableExportPolicyName);
        if (forwardingTableExportPolicy != null) {
            setPolicyStatementReferent(forwardingTableExportPolicyName, _defaultRoutingInstance, "Forwarding-table export policy");
        } else {
            undefined(JuniperStructureType.POLICY_STATEMENT, forwardingTableExportPolicyName, JuniperStructureUsage.FORWARDING_TABLE_EXPORT_POLICY, forwardingTableExportPolicyLine);
        }
    }
    // mark references to authentication key chain that may not appear in data model
    markAuthenticationKeyChains(JuniperStructureUsage.AUTHENTICATION_KEY_CHAINS_POLICY, _c);
    markStructure(JuniperStructureType.FIREWALL_FILTER, JuniperStructureUsage.INTERFACE_FILTER, _filters);
    // warn about unreferenced data structures
    warnUnreferencedAuthenticationKeyChains();
    warnUnreferencedBgpGroups();
    warnUnreferencedDhcpRelayServerGroups();
    warnUnreferencedPolicyStatements();
    warnUnreferencedFirewallFilters();
    warnUnreferencedIkeProposals();
    warnUnreferencedIkePolicies();
    warnUnreferencedIkeGateways();
    warnUnreferencedIpsecProposals();
    warnUnreferencedIpsecPolicies();
    warnUnusedPrefixLists();
    warnEmptyPrefixLists();
    warnAndDisableUnreferencedStInterfaces();
    _c.computeRoutingPolicySources(_w);
    return _c;
}
Also used : VendorConfiguration(org.batfish.vendor.VendorConfiguration) Configuration(org.batfish.datamodel.Configuration) BgpProcess(org.batfish.datamodel.BgpProcess) ArrayList(java.util.ArrayList) Vrf(org.batfish.datamodel.Vrf) LinkedHashMap(java.util.LinkedHashMap) HashSet(java.util.HashSet) SnmpCommunity(org.batfish.datamodel.SnmpCommunity) InterfaceAddress(org.batfish.datamodel.InterfaceAddress) IpAccessList(org.batfish.datamodel.IpAccessList) Ip(org.batfish.datamodel.Ip) Prefix(org.batfish.datamodel.Prefix) SubRange(org.batfish.datamodel.SubRange) IsisProcess(org.batfish.datamodel.IsisProcess) RoutingPolicy(org.batfish.datamodel.routing_policy.RoutingPolicy) OspfProcess(org.batfish.datamodel.OspfProcess) Route6FilterList(org.batfish.datamodel.Route6FilterList) IsoAddress(org.batfish.datamodel.IsoAddress) RouteFilterList(org.batfish.datamodel.RouteFilterList) SnmpServer(org.batfish.datamodel.SnmpServer)

Example 63 with SubRange

use of org.batfish.datamodel.SubRange in project batfish by batfish.

the class Route4FilterLineExact method applyTo.

@Override
public void applyTo(RouteFilterList rfl) {
    int prefixLength = _prefix.getPrefixLength();
    org.batfish.datamodel.RouteFilterLine line = new org.batfish.datamodel.RouteFilterLine(LineAction.ACCEPT, _prefix, new SubRange(prefixLength, prefixLength));
    rfl.addLine(line);
}
Also used : SubRange(org.batfish.datamodel.SubRange)

Example 64 with SubRange

use of org.batfish.datamodel.SubRange in project batfish by batfish.

the class Route4FilterLineLengthRange method applyTo.

@Override
public void applyTo(RouteFilterList rfl) {
    org.batfish.datamodel.RouteFilterLine line = new org.batfish.datamodel.RouteFilterLine(LineAction.ACCEPT, _prefix, new SubRange(_minPrefixLength, _maxPrefixLength));
    rfl.addLine(line);
}
Also used : SubRange(org.batfish.datamodel.SubRange)

Example 65 with SubRange

use of org.batfish.datamodel.SubRange in project batfish by batfish.

the class Route4FilterLineLonger method applyTo.

@Override
public void applyTo(RouteFilterList rfl) {
    int prefixLength = _prefix.getPrefixLength();
    if (prefixLength >= 32) {
        throw new BatfishException("Route filter prefix length cannot be 'longer' than 32");
    }
    org.batfish.datamodel.RouteFilterLine line = new org.batfish.datamodel.RouteFilterLine(LineAction.ACCEPT, _prefix, new SubRange(prefixLength + 1, Prefix.MAX_PREFIX_LENGTH));
    rfl.addLine(line);
}
Also used : BatfishException(org.batfish.common.BatfishException) SubRange(org.batfish.datamodel.SubRange)

Aggregations

SubRange (org.batfish.datamodel.SubRange)74 Prefix (org.batfish.datamodel.Prefix)18 IpWildcard (org.batfish.datamodel.IpWildcard)16 ArrayList (java.util.ArrayList)15 IpAccessListLine (org.batfish.datamodel.IpAccessListLine)13 Ip (org.batfish.datamodel.Ip)11 FwFrom (org.batfish.representation.juniper.FwFrom)11 Test (org.junit.Test)11 BatfishException (org.batfish.common.BatfishException)9 LineAction (org.batfish.datamodel.LineAction)9 RouteFilterLine (org.batfish.datamodel.RouteFilterLine)9 LinkedList (java.util.LinkedList)8 IpProtocol (org.batfish.datamodel.IpProtocol)8 RouteFilterList (org.batfish.datamodel.RouteFilterList)8 BoolExpr (com.microsoft.z3.BoolExpr)7 RoutingPolicy (org.batfish.datamodel.routing_policy.RoutingPolicy)7 DestinationNetwork (org.batfish.datamodel.routing_policy.expr.DestinationNetwork)7 MatchPrefixSet (org.batfish.datamodel.routing_policy.expr.MatchPrefixSet)7 IpAccessList (org.batfish.datamodel.IpAccessList)6 PrefixRange (org.batfish.datamodel.PrefixRange)6