use of org.batfish.datamodel.routing_policy.RoutingPolicy in project batfish by batfish.
the class AstVisitor method visit.
/*
* Walk starting from an AST boolean expression
*/
public void visit(Configuration conf, BooleanExpr e, Consumer<Statement> fs, Consumer<BooleanExpr> fe) {
fe.accept(e);
if (e instanceof Conjunction) {
Conjunction c = (Conjunction) e;
for (BooleanExpr be : c.getConjuncts()) {
visit(conf, be, fs, fe);
}
} else if (e instanceof Disjunction) {
Disjunction d = (Disjunction) e;
for (BooleanExpr be : d.getDisjuncts()) {
visit(conf, be, fs, fe);
}
} else if (e instanceof ConjunctionChain) {
ConjunctionChain c = (ConjunctionChain) e;
for (BooleanExpr be : c.getSubroutines()) {
visit(conf, be, fs, fe);
}
} else if (e instanceof DisjunctionChain) {
DisjunctionChain d = (DisjunctionChain) e;
for (BooleanExpr be : d.getSubroutines()) {
visit(conf, be, fs, fe);
}
} else if (e instanceof Not) {
Not n = (Not) e;
visit(conf, n.getExpr(), fs, fe);
} else if (e instanceof CallExpr) {
CallExpr c = (CallExpr) e;
RoutingPolicy rp = conf.getRoutingPolicies().get(c.getCalledPolicyName());
visit(conf, rp.getStatements(), fs, fe);
}
}
use of org.batfish.datamodel.routing_policy.RoutingPolicy in project batfish by batfish.
the class BDDNetwork method computeInterfacePolicies.
/*
* For each interface in the network, creates a canonical
* representation of the import and export policies on this interface.
*/
private void computeInterfacePolicies() {
for (Entry<String, Configuration> entry : _graph.getConfigurations().entrySet()) {
String router = entry.getKey();
// Skip if doesn't match the node regex
Matcher m = _nodeSpecifier.getRegex().matcher(router);
if (!m.matches()) {
continue;
}
Configuration conf = entry.getValue();
List<GraphEdge> edges = _graph.getEdgeMap().get(router);
for (GraphEdge ge : edges) {
// Import BGP policy
RoutingPolicy importBgp = _graph.findImportRoutingPolicy(router, Protocol.BGP, ge);
if (importBgp != null) {
BDDRoute rec = computeBDD(_graph, conf, importBgp, true);
_importBgpPolicies.put(ge, rec);
}
// Export BGP policy
RoutingPolicy exportBgp = _graph.findExportRoutingPolicy(router, Protocol.BGP, ge);
if (exportBgp != null) {
BDDRoute rec = computeBDD(_graph, conf, exportBgp, true);
_exportBgpPolicies.put(ge, rec);
}
IpAccessList in = ge.getStart().getIncomingFilter();
IpAccessList out = ge.getStart().getOutgoingFilter();
// Incoming ACL
if (in != null) {
BDDAcl x = BDDAcl.create(conf, in, true);
_inAcls.put(ge, x);
}
// Outgoing ACL
if (out != null) {
BDDAcl x = BDDAcl.create(conf, out, true);
_outAcls.put(ge, x);
}
}
}
for (Entry<String, List<GraphEdge>> entry : _graph.getEdgeMap().entrySet()) {
String router = entry.getKey();
// Skip if doesn't match the node regex
Matcher m = _nodeSpecifier.getRegex().matcher(router);
if (!m.matches()) {
continue;
}
List<GraphEdge> edges = entry.getValue();
Configuration conf = _graph.getConfigurations().get(router);
for (GraphEdge ge : edges) {
BDDRoute bgpIn = _importBgpPolicies.get(ge);
BDDRoute bgpOut = _exportBgpPolicies.get(ge);
BDDAcl aclIn = _inAcls.get(ge);
BDDAcl aclOut = _outAcls.get(ge);
Integer ospfCost = ge.getStart().getOspfCost();
SortedSet<Pair<Prefix, Integer>> staticPrefixes = new TreeSet<>();
SortedSet<StaticRoute> staticRoutes = conf.getDefaultVrf().getStaticRoutes();
for (StaticRoute sr : staticRoutes) {
Prefix pfx = sr.getNetwork();
Integer adminCost = sr.getAdministrativeCost();
Pair<Prefix, Integer> tup = new Pair<>(pfx, adminCost);
staticPrefixes.add(tup);
}
InterfacePolicy ipol = new InterfacePolicy(aclIn, bgpIn, null, staticPrefixes);
InterfacePolicy epol = new InterfacePolicy(aclOut, bgpOut, ospfCost, null);
_importPolicyMap.put(ge, ipol);
_exportPolicyMap.put(ge, epol);
}
}
}
use of org.batfish.datamodel.routing_policy.RoutingPolicy in project batfish by batfish.
the class JuniperConfiguration method toRoutingPolicy.
private RoutingPolicy toRoutingPolicy(PolicyStatement ps) {
String name = ps.getName();
RoutingPolicy routingPolicy = new RoutingPolicy(name, _c);
List<Statement> statements = routingPolicy.getStatements();
boolean hasDefaultTerm = ps.getDefaultTerm().getFroms().size() > 0 || ps.getDefaultTerm().getThens().size() > 0;
List<PsTerm> terms = new ArrayList<>();
terms.addAll(ps.getTerms().values());
if (hasDefaultTerm) {
terms.add(ps.getDefaultTerm());
}
for (PsTerm term : terms) {
List<Statement> thens = toStatements(term.getThens());
if (!term.getFroms().isEmpty()) {
If ifStatement = new If();
ifStatement.setComment(term.getName());
Conjunction conj = new Conjunction();
List<BooleanExpr> subroutines = new ArrayList<>();
for (PsFrom from : term.getFroms()) {
if (from instanceof PsFromRouteFilter) {
int actionLineCounter = 0;
PsFromRouteFilter fromRouteFilter = (PsFromRouteFilter) from;
String routeFilterName = fromRouteFilter.getRouteFilterName();
RouteFilter rf = _routeFilters.get(routeFilterName);
for (RouteFilterLine line : rf.getLines()) {
if (line.getThens().size() > 0) {
String lineListName = name + "_ACTION_LINE_" + actionLineCounter;
RouteFilterList lineSpecificList = new RouteFilterList(lineListName);
line.applyTo(lineSpecificList);
actionLineCounter++;
_c.getRouteFilterLists().put(lineListName, lineSpecificList);
If lineSpecificIfStatement = new If();
String lineSpecificClauseName = routeFilterName + "_ACTION_LINE_" + actionLineCounter;
lineSpecificIfStatement.setComment(lineSpecificClauseName);
MatchPrefixSet mrf = new MatchPrefixSet(new DestinationNetwork(), new NamedPrefixSet(lineListName));
lineSpecificIfStatement.setGuard(mrf);
lineSpecificIfStatement.getTrueStatements().addAll(toStatements(line.getThens()));
statements.add(lineSpecificIfStatement);
}
}
}
BooleanExpr booleanExpr = from.toBooleanExpr(this, _c, _w);
if (from instanceof PsFromPolicyStatement || from instanceof PsFromPolicyStatementConjunction) {
subroutines.add(booleanExpr);
} else {
conj.getConjuncts().add(booleanExpr);
}
}
if (!subroutines.isEmpty()) {
ConjunctionChain chain = new ConjunctionChain(subroutines);
conj.getConjuncts().add(chain);
}
BooleanExpr guard = conj.simplify();
ifStatement.setGuard(guard);
ifStatement.getTrueStatements().addAll(thens);
statements.add(ifStatement);
} else {
statements.addAll(thens);
}
}
If endOfPolicy = new If();
endOfPolicy.setGuard(BooleanExprs.CallExprContext.toStaticBooleanExpr());
endOfPolicy.setFalseStatements(Collections.singletonList(Statements.Return.toStaticStatement()));
statements.add(endOfPolicy);
return routingPolicy;
}
use of org.batfish.datamodel.routing_policy.RoutingPolicy in project batfish by batfish.
the class JuniperConfiguration method toVendorIndependentConfiguration.
@Override
public Configuration toVendorIndependentConfiguration() throws VendorConversionException {
String hostname = getHostname();
_c = new Configuration(hostname, _vendor);
_c.setAuthenticationKeyChains(convertAuthenticationKeyChains(_authenticationKeyChains));
_c.setRoles(_roles);
_c.setDnsServers(_dnsServers);
_c.setDomainName(_defaultRoutingInstance.getDomainName());
_c.setLoggingServers(_syslogHosts);
_c.setNtpServers(_ntpServers);
_c.setTacacsServers(_tacplusServers);
_c.getVendorFamily().setJuniper(_jf);
for (String riName : _routingInstances.keySet()) {
_c.getVrfs().put(riName, new Vrf(riName));
}
// convert prefix lists to route filter lists
for (Entry<String, PrefixList> e : _prefixLists.entrySet()) {
String name = e.getKey();
PrefixList pl = e.getValue();
RouteFilterList rfl = new RouteFilterList(name);
for (Prefix prefix : pl.getPrefixes()) {
int prefixLength = prefix.getPrefixLength();
org.batfish.datamodel.RouteFilterLine line = new org.batfish.datamodel.RouteFilterLine(LineAction.ACCEPT, prefix, new SubRange(prefixLength, prefixLength));
rfl.addLine(line);
}
_c.getRouteFilterLists().put(name, rfl);
}
// remove ipv6 lines from firewall filters
for (FirewallFilter filter : _filters.values()) {
Set<String> toRemove = new HashSet<>();
for (Entry<String, FwTerm> e2 : filter.getTerms().entrySet()) {
String termName = e2.getKey();
FwTerm term = e2.getValue();
if (term.getIpv6()) {
toRemove.add(termName);
}
}
for (String termName : toRemove) {
filter.getTerms().remove(termName);
}
}
// remove empty firewall filters (ipv6-only filters)
Map<String, FirewallFilter> allFilters = new LinkedHashMap<>();
allFilters.putAll(_filters);
for (Entry<String, FirewallFilter> e : allFilters.entrySet()) {
String name = e.getKey();
FirewallFilter filter = e.getValue();
if (filter.getTerms().size() == 0) {
_filters.remove(name);
}
}
// convert firewall filters to ipaccesslists
for (Entry<String, FirewallFilter> e : _filters.entrySet()) {
String name = e.getKey();
FirewallFilter filter = e.getValue();
// TODO: support other filter families
if (filter.getFamily() != Family.INET) {
continue;
}
IpAccessList list = toIpAccessList(filter);
_c.getIpAccessLists().put(name, list);
}
// objects
for (Entry<String, FirewallFilter> e : _filters.entrySet()) {
String name = e.getKey();
FirewallFilter filter = e.getValue();
if (filter.getRoutingPolicy()) {
// TODO: support other filter families
if (filter.getFamily() != Family.INET) {
continue;
}
RoutingPolicy routingPolicy = toRoutingPolicy(filter);
_c.getRoutingPolicies().put(name, routingPolicy);
}
}
// convert route filters to route filter lists
for (Entry<String, RouteFilter> e : _routeFilters.entrySet()) {
String name = e.getKey();
RouteFilter rf = e.getValue();
if (rf.getIpv4()) {
RouteFilterList rfl = new RouteFilterList(name);
for (RouteFilterLine line : rf.getLines()) {
if (line.getThens().size() == 0) {
line.applyTo(rfl);
}
}
_c.getRouteFilterLists().put(name, rfl);
}
if (rf.getIpv6()) {
Route6FilterList rfl = new Route6FilterList(name);
for (RouteFilterLine line : rf.getLines()) {
if (line.getThens().size() == 0) {
line.applyTo(rfl);
}
}
_c.getRoute6FilterLists().put(name, rfl);
}
}
// convert community lists
for (Entry<String, CommunityList> e : _communityLists.entrySet()) {
String name = e.getKey();
CommunityList cl = e.getValue();
org.batfish.datamodel.CommunityList newCl = toCommunityList(cl);
_c.getCommunityLists().put(name, newCl);
}
// convert policy-statements to RoutingPolicy objects
for (Entry<String, PolicyStatement> e : _policyStatements.entrySet()) {
String name = e.getKey();
PolicyStatement ps = e.getValue();
RoutingPolicy routingPolicy = toRoutingPolicy(ps);
_c.getRoutingPolicies().put(name, routingPolicy);
}
// convert interfaces
Map<String, Interface> allInterfaces = new LinkedHashMap<>();
for (Interface iface : _interfaces.values()) {
allInterfaces.putAll(iface.getUnits());
}
for (NodeDevice nd : _nodeDevices.values()) {
for (Interface iface : nd.getInterfaces().values()) {
allInterfaces.putAll(iface.getUnits());
}
}
for (Entry<String, Interface> eUnit : allInterfaces.entrySet()) {
String unitName = eUnit.getKey();
Interface unitIface = eUnit.getValue();
unitIface.inheritUnsetFields();
org.batfish.datamodel.Interface newUnitIface = toInterface(unitIface);
_c.getInterfaces().put(unitName, newUnitIface);
Vrf vrf = newUnitIface.getVrf();
String vrfName = vrf.getName();
vrf.getInterfaces().put(unitName, newUnitIface);
_routingInstances.get(vrfName).getInterfaces().put(unitName, unitIface);
}
// set router-id
if (_defaultRoutingInstance.getRouterId() == null) {
Interface loopback0 = _defaultRoutingInstance.getInterfaces().get(FIRST_LOOPBACK_INTERFACE_NAME);
if (loopback0 != null) {
Interface loopback0unit0 = loopback0.getUnits().get(FIRST_LOOPBACK_INTERFACE_NAME + ".0");
if (loopback0unit0 != null) {
InterfaceAddress address = loopback0unit0.getPrimaryAddress();
if (address != null) {
// now we should set router-id
Ip routerId = address.getIp();
_defaultRoutingInstance.setRouterId(routerId);
}
}
}
}
// copy ike proposals
_c.getIkeProposals().putAll(_ikeProposals);
// convert ike policies
for (Entry<String, IkePolicy> e : _ikePolicies.entrySet()) {
String name = e.getKey();
IkePolicy oldIkePolicy = e.getValue();
org.batfish.datamodel.IkePolicy newPolicy = toIkePolicy(oldIkePolicy);
_c.getIkePolicies().put(name, newPolicy);
}
// convert ike gateways
for (Entry<String, IkeGateway> e : _ikeGateways.entrySet()) {
String name = e.getKey();
IkeGateway oldIkeGateway = e.getValue();
org.batfish.datamodel.IkeGateway newIkeGateway = toIkeGateway(oldIkeGateway);
_c.getIkeGateways().put(name, newIkeGateway);
}
// copy ipsec proposals
_c.getIpsecProposals().putAll(_ipsecProposals);
// convert ipsec policies
for (Entry<String, IpsecPolicy> e : _ipsecPolicies.entrySet()) {
String name = e.getKey();
IpsecPolicy oldIpsecPolicy = e.getValue();
org.batfish.datamodel.IpsecPolicy newPolicy = toIpsecPolicy(oldIpsecPolicy);
_c.getIpsecPolicies().put(name, newPolicy);
}
// convert ipsec vpns
for (Entry<String, IpsecVpn> e : _ipsecVpns.entrySet()) {
String name = e.getKey();
IpsecVpn oldIpsecVpn = e.getValue();
org.batfish.datamodel.IpsecVpn newIpsecVpn = toIpsecVpn(oldIpsecVpn);
_c.getIpsecVpns().put(name, newIpsecVpn);
}
// zones
for (Zone zone : _zones.values()) {
org.batfish.datamodel.Zone newZone = toZone(zone);
_c.getZones().put(zone.getName(), newZone);
}
// default zone behavior
_c.setDefaultCrossZoneAction(_defaultCrossZoneAction);
_c.setDefaultInboundAction(_defaultInboundAction);
for (Entry<String, RoutingInstance> e : _routingInstances.entrySet()) {
String riName = e.getKey();
RoutingInstance ri = e.getValue();
Vrf vrf = _c.getVrfs().get(riName);
// dhcp relay
for (Entry<String, DhcpRelayGroup> e2 : ri.getDhcpRelayGroups().entrySet()) {
DhcpRelayGroup rg = e2.getValue();
List<org.batfish.datamodel.Interface> interfaces = new ArrayList<>();
if (rg.getAllInterfaces()) {
interfaces.addAll(_c.getInterfaces().values());
} else {
for (String ifaceName : rg.getInterfaces()) {
org.batfish.datamodel.Interface iface = _c.getInterfaces().get(ifaceName);
interfaces.add(iface);
}
}
String asgName = rg.getActiveServerGroup();
if (asgName != null) {
DhcpRelayServerGroup asg = ri.getDhcpRelayServerGroups().get(asgName);
if (asg == null) {
int asgLine = rg.getActiveServerGroupLine();
undefined(JuniperStructureType.DHCP_RELAY_SERVER_GROUP, asgName, JuniperStructureUsage.DHCP_RELAY_GROUP_ACTIVE_SERVER_GROUP, asgLine);
} else {
for (org.batfish.datamodel.Interface iface : interfaces) {
iface.getDhcpRelayAddresses().addAll(asg.getServers());
}
}
}
}
// snmp
SnmpServer snmpServer = ri.getSnmpServer();
vrf.setSnmpServer(snmpServer);
if (snmpServer != null) {
for (SnmpCommunity community : snmpServer.getCommunities().values()) {
String listName = community.getAccessList();
if (listName != null) {
int listLine = community.getAccessListLine();
PrefixList prefixList = _prefixLists.get(listName);
if (prefixList != null) {
prefixList.getReferers().put(community, "prefix-list for community: " + community.getName());
} else {
undefined(JuniperStructureType.PREFIX_LIST, listName, JuniperStructureUsage.SNMP_COMMUNITY_PREFIX_LIST, listLine);
}
}
}
}
// static routes
for (StaticRoute route : _defaultRoutingInstance.getRibs().get(RoutingInformationBase.RIB_IPV4_UNICAST).getStaticRoutes().values()) {
org.batfish.datamodel.StaticRoute newStaticRoute = toStaticRoute(route);
vrf.getStaticRoutes().add(newStaticRoute);
}
// aggregate routes
for (AggregateRoute route : _defaultRoutingInstance.getRibs().get(RoutingInformationBase.RIB_IPV4_UNICAST).getAggregateRoutes().values()) {
org.batfish.datamodel.GeneratedRoute newAggregateRoute = toAggregateRoute(route);
vrf.getGeneratedRoutes().add(newAggregateRoute);
}
// generated routes
for (GeneratedRoute route : _defaultRoutingInstance.getRibs().get(RoutingInformationBase.RIB_IPV4_UNICAST).getGeneratedRoutes().values()) {
org.batfish.datamodel.GeneratedRoute newGeneratedRoute = toGeneratedRoute(route);
vrf.getGeneratedRoutes().add(newGeneratedRoute);
}
// create ospf process
if (ri.getOspfAreas().size() > 0) {
OspfProcess oproc = createOspfProcess(ri);
vrf.setOspfProcess(oproc);
}
// create is-is process
// is-is runs only if iso address is configured on lo0 unit 0
Interface loopback0 = _defaultRoutingInstance.getInterfaces().get(FIRST_LOOPBACK_INTERFACE_NAME);
if (loopback0 != null) {
Interface loopback0unit0 = loopback0.getUnits().get(FIRST_LOOPBACK_INTERFACE_NAME + ".0");
if (loopback0unit0 != null) {
IsoAddress isisNet = loopback0unit0.getIsoAddress();
if (isisNet != null) {
// now we should create is-is process
IsisProcess proc = createIsisProcess(ri, isisNet);
vrf.setIsisProcess(proc);
}
}
}
// create bgp process
if (ri.getNamedBgpGroups().size() > 0 || ri.getIpBgpGroups().size() > 0) {
BgpProcess proc = createBgpProcess(ri);
vrf.setBgpProcess(proc);
}
}
// mark forwarding table export policy if it exists
String forwardingTableExportPolicyName = _defaultRoutingInstance.getForwardingTableExportPolicy();
if (forwardingTableExportPolicyName != null) {
int forwardingTableExportPolicyLine = _defaultRoutingInstance.getForwardingTableExportPolicyLine();
PolicyStatement forwardingTableExportPolicy = _policyStatements.get(forwardingTableExportPolicyName);
if (forwardingTableExportPolicy != null) {
setPolicyStatementReferent(forwardingTableExportPolicyName, _defaultRoutingInstance, "Forwarding-table export policy");
} else {
undefined(JuniperStructureType.POLICY_STATEMENT, forwardingTableExportPolicyName, JuniperStructureUsage.FORWARDING_TABLE_EXPORT_POLICY, forwardingTableExportPolicyLine);
}
}
// mark references to authentication key chain that may not appear in data model
markAuthenticationKeyChains(JuniperStructureUsage.AUTHENTICATION_KEY_CHAINS_POLICY, _c);
markStructure(JuniperStructureType.FIREWALL_FILTER, JuniperStructureUsage.INTERFACE_FILTER, _filters);
// warn about unreferenced data structures
warnUnreferencedAuthenticationKeyChains();
warnUnreferencedBgpGroups();
warnUnreferencedDhcpRelayServerGroups();
warnUnreferencedPolicyStatements();
warnUnreferencedFirewallFilters();
warnUnreferencedIkeProposals();
warnUnreferencedIkePolicies();
warnUnreferencedIkeGateways();
warnUnreferencedIpsecProposals();
warnUnreferencedIpsecPolicies();
warnUnusedPrefixLists();
warnEmptyPrefixLists();
warnAndDisableUnreferencedStInterfaces();
_c.computeRoutingPolicySources(_w);
return _c;
}
use of org.batfish.datamodel.routing_policy.RoutingPolicy in project batfish by batfish.
the class JuniperConfiguration method toRoutingPolicy.
private RoutingPolicy toRoutingPolicy(FirewallFilter filter) {
String name = filter.getName();
RoutingPolicy routingPolicy = new RoutingPolicy(name, _c);
// }
return routingPolicy;
}
Aggregations