Example 1 with UniverseIpSpace
use of org.batfish.datamodel.UniverseIpSpace in project batfish by batfish.
the class IpSpaceSimplifier method visitAclIpSpace.
@Override
public IpSpace visitAclIpSpace(AclIpSpace aclIpSpace) {
/*
* To simplify an AclIpSpace: 1) Simplify the IpSpace of each line. 2) Remove EmptyIpSpace
* lines. 3) Remove all lines after the first UniverseIpSpace line - More generally, we could
* remove all lines whose spaces are covered by a previous line, but this is not implemented.
* It's also probably too expensive to implement a complete IpSpace subset operation, so we'll
* stick to the easy and most important case.
*/
List<AclIpSpaceLine> simplifiedLines = new ArrayList<>();
for (AclIpSpaceLine line : aclIpSpace.getLines()) {
IpSpace simplifiedLineIpSpace = line.getIpSpace().accept(this);
if (simplifiedLineIpSpace == EmptyIpSpace.INSTANCE) {
continue;
}
AclIpSpaceLine simplifiedLine = line.rebuild().setIpSpace(simplifiedLineIpSpace).build();
simplifiedLines.add(simplifiedLine);
if (simplifiedLineIpSpace == UniverseIpSpace.INSTANCE) {
break;
}
}
/*
* If there is only one line, and it accepts, then simplify to the space of that line.
*/
if (simplifiedLines.size() == 1 && simplifiedLines.get(0).getAction() == LineAction.ACCEPT) {
return simplifiedLines.get(0).getIpSpace();
}
/*
* If all lines reject (or there are no lines), simplify to EmptyIpSpace.
*/
if (simplifiedLines.stream().allMatch(line -> line.getAction() == LineAction.REJECT)) {
return EmptyIpSpace.INSTANCE;
}
/*
* If all lines are accepts, and the last accepts UniverseIpSpace, then this can be simplified
* to UniverseIpSpace.
*/
if (simplifiedLines.get(simplifiedLines.size() - 1).getIpSpace() == UniverseIpSpace.INSTANCE && simplifiedLines.stream().allMatch(line -> line.getAction() == LineAction.ACCEPT)) {
return UniverseIpSpace.INSTANCE;
}
return AclIpSpace.builder().setLines(simplifiedLines).build();
}
Also used :
AclIpSpaceLine(org.batfish.datamodel.AclIpSpaceLine)
AclIpSpaceLine(org.batfish.datamodel.AclIpSpaceLine)
Set(java.util.Set)
IpSpace(org.batfish.datamodel.IpSpace)
Collectors(java.util.stream.Collectors)
ArrayList(java.util.ArrayList)
IpWildcardSetIpSpace(org.batfish.datamodel.IpWildcardSetIpSpace)
List(java.util.List)
AclIpSpace(org.batfish.datamodel.AclIpSpace)
EmptyIpSpace(org.batfish.datamodel.EmptyIpSpace)
GenericIpSpaceVisitor(org.batfish.datamodel.visitors.GenericIpSpaceVisitor)
LineAction(org.batfish.datamodel.LineAction)
UniverseIpSpace(org.batfish.datamodel.UniverseIpSpace)
IpWildcard(org.batfish.datamodel.IpWildcard)
Ip(org.batfish.datamodel.Ip)
Prefix(org.batfish.datamodel.Prefix)
IpSpace(org.batfish.datamodel.IpSpace)
IpWildcardSetIpSpace(org.batfish.datamodel.IpWildcardSetIpSpace)
AclIpSpace(org.batfish.datamodel.AclIpSpace)
EmptyIpSpace(org.batfish.datamodel.EmptyIpSpace)
UniverseIpSpace(org.batfish.datamodel.UniverseIpSpace)
ArrayList(java.util.ArrayList)
Example 2 with UniverseIpSpace
use of org.batfish.datamodel.UniverseIpSpace in project batfish by batfish.
the class IpAccessListSpecializer method specialize.
public Optional<IpAccessListLine> specialize(IpAccessListLine ipAccessListLine) {
IpWildcardSetIpSpace.Builder srcIpSpaceBuilder = IpWildcardSetIpSpace.builder().excluding(ipAccessListLine.getNotSrcIps());
if (ipAccessListLine.getSrcIps().isEmpty() && ipAccessListLine.getSrcOrDstIps().isEmpty()) {
srcIpSpaceBuilder.including(IpWildcard.ANY);
} else {
srcIpSpaceBuilder.including(ipAccessListLine.getSrcIps());
srcIpSpaceBuilder.including(ipAccessListLine.getSrcOrDstIps());
}
IpSpace specializedSrcIpSpace = _srcIpSpaceSpecializer.specialize(srcIpSpaceBuilder.build());
IpWildcardSetIpSpace.Builder dstIpSpaceBuilder = IpWildcardSetIpSpace.builder().excluding(ipAccessListLine.getNotDstIps());
if (ipAccessListLine.getDstIps().isEmpty() && ipAccessListLine.getSrcOrDstIps().isEmpty()) {
dstIpSpaceBuilder.including(IpWildcard.ANY);
} else {
dstIpSpaceBuilder.including(ipAccessListLine.getDstIps());
dstIpSpaceBuilder.including(ipAccessListLine.getSrcOrDstIps());
}
IpSpace specializedDstIpSpace = _dstIpSpaceSpecializer.specialize(dstIpSpaceBuilder.build());
if (specializedDstIpSpace instanceof EmptyIpSpace || specializedSrcIpSpace instanceof EmptyIpSpace) {
return Optional.empty();
}
Set<IpWildcard> specializedDstIps;
Set<IpWildcard> specializedNotDstIps;
if (specializedDstIpSpace instanceof UniverseIpSpace) {
// for a HeaderSpace, empty dstIps means Universe
specializedDstIps = ImmutableSet.of();
specializedNotDstIps = ImmutableSet.of();
} else if (specializedDstIpSpace instanceof IpWildcardSetIpSpace) {
IpWildcardSetIpSpace dstIpWildcardSetIpSpace = (IpWildcardSetIpSpace) specializedDstIpSpace;
specializedDstIps = dstIpWildcardSetIpSpace.getWhitelist();
specializedNotDstIps = dstIpWildcardSetIpSpace.getBlacklist();
} else if (specializedDstIpSpace instanceof IpWildcard) {
specializedDstIps = ImmutableSet.of((IpWildcard) specializedDstIpSpace);
specializedNotDstIps = ImmutableSet.of();
} else {
throw new BatfishException("unexpected specializedDstIpSpace type");
}
Set<IpWildcard> specializedSrcIps;
Set<IpWildcard> specializedNotSrcIps;
if (specializedSrcIpSpace instanceof UniverseIpSpace) {
specializedSrcIps = ImmutableSet.of();
specializedNotSrcIps = ImmutableSet.of();
} else if (specializedSrcIpSpace instanceof IpWildcardSetIpSpace) {
IpWildcardSetIpSpace srcIpWildcardSetIpSpace = (IpWildcardSetIpSpace) specializedSrcIpSpace;
specializedSrcIps = srcIpWildcardSetIpSpace.getWhitelist();
specializedNotSrcIps = srcIpWildcardSetIpSpace.getBlacklist();
} else if (specializedSrcIpSpace instanceof IpWildcard) {
specializedSrcIps = ImmutableSet.of((IpWildcard) specializedSrcIpSpace);
specializedNotSrcIps = ImmutableSet.of();
} else {
throw new BatfishException("unexpected specializedSrcIpSpace type");
}
return Optional.of(ipAccessListLine.rebuild().setDstIps(specializedDstIps).setNotDstIps(specializedNotDstIps).setSrcIps(specializedSrcIps).setNotSrcIps(specializedNotSrcIps).build());
}
Also used :
IpWildcard(org.batfish.datamodel.IpWildcard)
IpWildcardSetIpSpace(org.batfish.datamodel.IpWildcardSetIpSpace)
BatfishException(org.batfish.common.BatfishException)
IpSpace(org.batfish.datamodel.IpSpace)
IpWildcardSetIpSpace(org.batfish.datamodel.IpWildcardSetIpSpace)
EmptyIpSpace(org.batfish.datamodel.EmptyIpSpace)
UniverseIpSpace(org.batfish.datamodel.UniverseIpSpace)
EmptyIpSpace(org.batfish.datamodel.EmptyIpSpace)
UniverseIpSpace(org.batfish.datamodel.UniverseIpSpace)
Aggregations
EmptyIpSpace (org.batfish.datamodel.EmptyIpSpace)2
IpSpace (org.batfish.datamodel.IpSpace)2
IpWildcard (org.batfish.datamodel.IpWildcard)2
IpWildcardSetIpSpace (org.batfish.datamodel.IpWildcardSetIpSpace)2
UniverseIpSpace (org.batfish.datamodel.UniverseIpSpace)2
ArrayList (java.util.ArrayList)1
List (java.util.List)1
Set (java.util.Set)1
Collectors (java.util.stream.Collectors)1
BatfishException (org.batfish.common.BatfishException)1
AclIpSpace (org.batfish.datamodel.AclIpSpace)1
AclIpSpaceLine (org.batfish.datamodel.AclIpSpaceLine)1
Ip (org.batfish.datamodel.Ip)1
LineAction (org.batfish.datamodel.LineAction)1
Prefix (org.batfish.datamodel.Prefix)1
GenericIpSpaceVisitor (org.batfish.datamodel.visitors.GenericIpSpaceVisitor)1
