Examples with BooleanExpr org.batfish.datamodel.routing_policy.expr.BooleanExpr used on opensource projects

Example 6 with BooleanExpr

use of org.batfish.datamodel.routing_policy.expr.BooleanExpr in project batfish by batfish.

the class BatfishCompressor method matchExternalTraffic.

/**
 * Create a filter that only allows traffic for those prefixes if it came from outside. EXTERNAL =
 * (protocol is bgp or ibgp) and (the AS path is not an internal path) MATCH = destination matches
 * the prefixTrie GUARD = EXTERNAL or MATCH (only allow this traffic through)
 */
@Nonnull
private BooleanExpr matchExternalTraffic() {
    List<AsPathSetElem> elements = new ArrayList<>();
    elements.add(new RegexAsPathSetElem(_internalRegex));
    ExplicitAsPathSet expr = new ExplicitAsPathSet(elements);
    MatchAsPath matchPath = new MatchAsPath(expr);
    MatchProtocol mpBgp = new MatchProtocol(RoutingProtocol.BGP);
    MatchProtocol mpIbgp = new MatchProtocol(RoutingProtocol.IBGP);
    Disjunction d = new Disjunction();
    List<BooleanExpr> disjuncts = new ArrayList<>();
    disjuncts.add(mpBgp);
    disjuncts.add(mpIbgp);
    d.setDisjuncts(disjuncts);
    Not n = new Not(matchPath);
    Conjunction c = new Conjunction();
    List<BooleanExpr> conjuncts = new ArrayList<>();
    conjuncts.add(d);
    conjuncts.add(n);
    c.setConjuncts(conjuncts);
    return c;
}

Example 7 with BooleanExpr

use of org.batfish.datamodel.routing_policy.expr.BooleanExpr in project batfish by batfish.

the class JuniperConfiguration method createBgpProcess.

private BgpProcess createBgpProcess(RoutingInstance routingInstance) {
    initDefaultBgpExportPolicy();
    initDefaultBgpImportPolicy();
    String vrfName = routingInstance.getName();
    Vrf vrf = _c.getVrfs().get(vrfName);
    BgpProcess proc = new BgpProcess();
    Ip routerId = routingInstance.getRouterId();
    if (routerId == null) {
        routerId = _defaultRoutingInstance.getRouterId();
        if (routerId == null) {
            routerId = Ip.ZERO;
        }
    }
    proc.setRouterId(routerId);
    BgpGroup mg = routingInstance.getMasterBgpGroup();
    boolean multipathEbgp = false;
    boolean multipathIbgp = false;
    boolean multipathMultipleAs = false;
    boolean multipathEbgpSet = false;
    boolean multipathIbgpSet = false;
    boolean multipathMultipleAsSet = false;
    if (mg.getLocalAs() == null) {
        Integer routingInstanceAs = routingInstance.getAs();
        if (routingInstanceAs == null) {
            routingInstanceAs = _defaultRoutingInstance.getAs();
        }
        if (routingInstanceAs == null) {
            _w.redFlag("BGP BROKEN FOR THIS ROUTER: Cannot determine local autonomous system");
        } else {
            mg.setLocalAs(routingInstanceAs);
        }
    }
    // Set default authentication algorithm if missing
    if (mg.getAuthenticationAlgorithm() == null) {
        mg.setAuthenticationAlgorithm(DEFAULT_BGP_AUTHENTICATION_ALGORITHM);
    }
    for (IpBgpGroup ig : routingInstance.getIpBgpGroups().values()) {
        ig.cascadeInheritance();
    }
    _unreferencedBgpGroups = new TreeMap<>();
    int fakeIpCounter = 0;
    for (Entry<String, NamedBgpGroup> e : routingInstance.getNamedBgpGroups().entrySet()) {
        fakeIpCounter++;
        String name = e.getKey();
        NamedBgpGroup group = e.getValue();
        if (!group.getIpv6() && !group.getInherited()) {
            _unreferencedBgpGroups.put(name, group.getDefinitionLine());
            Ip fakeIp = new Ip(-1 * fakeIpCounter);
            IpBgpGroup dummy = new IpBgpGroup(fakeIp);
            dummy.setParent(group);
            dummy.cascadeInheritance();
            routingInstance.getIpBgpGroups().put(fakeIp, dummy);
        }
    }
    for (Entry<Ip, IpBgpGroup> e : routingInstance.getIpBgpGroups().entrySet()) {
        Ip ip = e.getKey();
        IpBgpGroup ig = e.getValue();
        BgpNeighbor neighbor = new BgpNeighbor(ip, _c);
        neighbor.setVrf(vrfName);
        // route reflection
        Ip declaredClusterId = ig.getClusterId();
        if (declaredClusterId != null) {
            neighbor.setRouteReflectorClient(true);
            neighbor.setClusterId(declaredClusterId.asLong());
        } else {
            neighbor.setClusterId(routerId.asLong());
        }
        // multipath multiple-as
        boolean currentGroupMultipathMultipleAs = ig.getMultipathMultipleAs();
        if (multipathMultipleAsSet && currentGroupMultipathMultipleAs != multipathMultipleAs) {
            _w.redFlag("Currently do not support mixed multipath-multiple-as/non-multipath-multiple-as bgp" + "groups on Juniper - FORCING NON-MULTIPATH-MULTIPLE-AS");
            multipathMultipleAs = false;
        } else {
            multipathMultipleAs = currentGroupMultipathMultipleAs;
            multipathMultipleAsSet = true;
        }
        String authenticationKeyChainName = ig.getAuthenticationKeyChainName();
        if (ig.getAuthenticationKeyChainName() != null) {
            if (!_c.getAuthenticationKeyChains().containsKey(authenticationKeyChainName)) {
                authenticationKeyChainName = null;
            } else if (ig.getAuthenticationKey() != null) {
                _w.redFlag("Both authentication-key and authentication-key-chain specified for neighbor " + ig.getRemoteAddress());
            }
        }
        BgpAuthenticationSettings bgpAuthenticationSettings = new BgpAuthenticationSettings();
        bgpAuthenticationSettings.setAuthenticationAlgorithm(ig.getAuthenticationAlgorithm());
        bgpAuthenticationSettings.setAuthenticationKey(ig.getAuthenticationKey());
        bgpAuthenticationSettings.setAuthenticationKeyChainName(authenticationKeyChainName);
        neighbor.setAuthenticationSettings(bgpAuthenticationSettings);
        Boolean ebgpMultihop = ig.getEbgpMultihop();
        if (ebgpMultihop == null) {
            ebgpMultihop = false;
        }
        neighbor.setEbgpMultihop(ebgpMultihop);
        Integer loops = ig.getLoops();
        boolean allowLocalAsIn = loops != null && loops > 0;
        neighbor.setAllowLocalAsIn(allowLocalAsIn);
        Boolean advertisePeerAs = ig.getAdvertisePeerAs();
        if (advertisePeerAs == null) {
            advertisePeerAs = false;
        }
        neighbor.setAllowRemoteAsOut(advertisePeerAs);
        Boolean advertiseExternal = ig.getAdvertiseExternal();
        if (advertiseExternal == null) {
            advertiseExternal = false;
        }
        neighbor.setAdvertiseExternal(advertiseExternal);
        Boolean advertiseInactive = ig.getAdvertiseInactive();
        if (advertiseInactive == null) {
            advertiseInactive = false;
        }
        neighbor.setAdvertiseInactive(advertiseInactive);
        neighbor.setGroup(ig.getGroupName());
        // import policies
        String peerImportPolicyName = "~PEER_IMPORT_POLICY:" + ig.getRemoteAddress() + "~";
        neighbor.setImportPolicy(peerImportPolicyName);
        RoutingPolicy peerImportPolicy = new RoutingPolicy(peerImportPolicyName, _c);
        _c.getRoutingPolicies().put(peerImportPolicyName, peerImportPolicy);
        // default import policy is to accept
        peerImportPolicy.getStatements().add(new SetDefaultPolicy(DEFAULT_BGP_IMPORT_POLICY_NAME));
        peerImportPolicy.getStatements().add(Statements.SetDefaultActionAccept.toStaticStatement());
        List<BooleanExpr> importPolicyCalls = new ArrayList<>();
        ig.getImportPolicies().forEach((importPolicyName, importPolicyLine) -> {
            PolicyStatement importPolicy = _policyStatements.get(importPolicyName);
            if (importPolicy == null) {
                undefined(JuniperStructureType.POLICY_STATEMENT, importPolicyName, JuniperStructureUsage.BGP_IMPORT_POLICY, importPolicyLine);
            } else {
                setPolicyStatementReferent(importPolicyName, ig.getImportPolicies(), "BGP import policy for neighbor: " + ig.getRemoteAddress());
                CallExpr callPolicy = new CallExpr(importPolicyName);
                importPolicyCalls.add(callPolicy);
            }
        });
        If peerImportPolicyConditional = new If();
        DisjunctionChain importPolicyChain = new DisjunctionChain(importPolicyCalls);
        peerImportPolicyConditional.setGuard(importPolicyChain);
        peerImportPolicy.getStatements().add(peerImportPolicyConditional);
        peerImportPolicyConditional.getTrueStatements().add(Statements.ExitAccept.toStaticStatement());
        peerImportPolicyConditional.getFalseStatements().add(Statements.ExitReject.toStaticStatement());
        // export policies
        String peerExportPolicyName = "~PEER_EXPORT_POLICY:" + ig.getRemoteAddress() + "~";
        neighbor.setExportPolicy(peerExportPolicyName);
        RoutingPolicy peerExportPolicy = new RoutingPolicy(peerExportPolicyName, _c);
        _c.getRoutingPolicies().put(peerExportPolicyName, peerExportPolicy);
        peerExportPolicy.getStatements().add(new SetDefaultPolicy(DEFAULT_BGP_EXPORT_POLICY_NAME));
        /*
       * For new BGP advertisements, i.e. those that are created from non-BGP
       * routes, an origin code must be set. By default, Juniper sets the origin
       * code to IGP.
       */
        If setOriginForNonBgp = new If();
        Disjunction isBgp = new Disjunction();
        isBgp.getDisjuncts().add(new MatchProtocol(RoutingProtocol.BGP));
        isBgp.getDisjuncts().add(new MatchProtocol(RoutingProtocol.IBGP));
        setOriginForNonBgp.setGuard(isBgp);
        setOriginForNonBgp.getFalseStatements().add(new SetOrigin(new LiteralOrigin(OriginType.IGP, null)));
        peerExportPolicy.getStatements().add(setOriginForNonBgp);
        List<BooleanExpr> exportPolicyCalls = new ArrayList<>();
        ig.getExportPolicies().forEach((exportPolicyName, exportPolicyLine) -> {
            PolicyStatement exportPolicy = _policyStatements.get(exportPolicyName);
            if (exportPolicy == null) {
                undefined(JuniperStructureType.POLICY_STATEMENT, exportPolicyName, JuniperStructureUsage.BGP_EXPORT_POLICY, exportPolicyLine);
            } else {
                setPolicyStatementReferent(exportPolicyName, ig.getExportPolicies(), "BGP export policy for neighbor: " + ig.getRemoteAddress());
                CallExpr callPolicy = new CallExpr(exportPolicyName);
                exportPolicyCalls.add(callPolicy);
            }
        });
        If peerExportPolicyConditional = new If();
        DisjunctionChain exportPolicyChain = new DisjunctionChain(exportPolicyCalls);
        peerExportPolicyConditional.setGuard(exportPolicyChain);
        peerExportPolicyConditional.getTrueStatements().add(Statements.ExitAccept.toStaticStatement());
        peerExportPolicyConditional.getFalseStatements().add(Statements.ExitReject.toStaticStatement());
        peerExportPolicy.getStatements().add(peerExportPolicyConditional);
        // inherit local-as
        neighbor.setLocalAs(ig.getLocalAs());
        if (neighbor.getLocalAs() == null) {
            _w.redFlag("Missing local-as for neighbor: " + ig.getRemoteAddress());
            continue;
        }
        /*
       * inherit peer-as, or use local-as if internal
       *
       * Also set multipath
       */
        if (ig.getType() == BgpGroupType.INTERNAL) {
            neighbor.setRemoteAs(ig.getLocalAs());
            boolean currentGroupMultipathIbgp = ig.getMultipath();
            if (multipathIbgpSet && currentGroupMultipathIbgp != multipathIbgp) {
                _w.redFlag("Currently do not support mixed iBGP multipath/non-multipath bgp groups on Juniper " + "- FORCING NON-MULTIPATH IBGP");
                multipathIbgp = false;
            } else {
                multipathIbgp = currentGroupMultipathIbgp;
                multipathIbgpSet = true;
            }
        } else {
            neighbor.setRemoteAs(ig.getPeerAs());
            boolean currentGroupMultipathEbgp = ig.getMultipath();
            if (multipathEbgpSet && currentGroupMultipathEbgp != multipathEbgp) {
                _w.redFlag("Currently do not support mixed eBGP multipath/non-multipath bgp groups on Juniper " + "- FORCING NON-MULTIPATH EBGP");
                multipathEbgp = false;
            } else {
                multipathEbgp = currentGroupMultipathEbgp;
                multipathEbgpSet = true;
            }
        }
        // TODO: implement better behavior than setting default metric to 0
        neighbor.setDefaultMetric(0);
        // TODO: find out if there is a juniper equivalent of cisco
        // send-community
        neighbor.setSendCommunity(true);
        // inherit update-source
        Ip localIp = ig.getLocalAddress();
        if (localIp == null) {
            // peer
            outerloop: for (org.batfish.datamodel.Interface iface : vrf.getInterfaces().values()) {
                for (InterfaceAddress address : iface.getAllAddresses()) {
                    if (address.getPrefix().containsIp(ip)) {
                        localIp = address.getIp();
                        break outerloop;
                    }
                }
            }
        }
        if (localIp == null && _defaultAddressSelection) {
            initFirstLoopbackInterface();
            if (_lo0 != null) {
                InterfaceAddress lo0Unit0Address = _lo0.getPrimaryAddress();
                if (lo0Unit0Address != null) {
                    localIp = lo0Unit0Address.getIp();
                }
            }
        }
        if (localIp == null && ip.valid()) {
            _w.redFlag("Could not determine local ip for bgp peering with neighbor ip: " + ip);
        } else {
            neighbor.setLocalIp(localIp);
        }
        if (neighbor.getGroup() == null || !_unreferencedBgpGroups.containsKey(neighbor.getGroup())) {
            proc.getNeighbors().put(neighbor.getPrefix(), neighbor);
        }
    }
    proc.setMultipathEbgp(multipathEbgpSet);
    proc.setMultipathIbgp(multipathIbgp);
    MultipathEquivalentAsPathMatchMode multipathEquivalentAsPathMatchMode = multipathMultipleAs ? MultipathEquivalentAsPathMatchMode.PATH_LENGTH : MultipathEquivalentAsPathMatchMode.FIRST_AS;
    proc.setMultipathEquivalentAsPathMatchMode(multipathEquivalentAsPathMatchMode);
    return proc;
}

Example 8 with BooleanExpr

use of org.batfish.datamodel.routing_policy.expr.BooleanExpr in project batfish by batfish.

the class PsFromRouteFilter method toBooleanExpr.

@Override
public BooleanExpr toBooleanExpr(JuniperConfiguration jc, Configuration c, Warnings warnings) {
    RouteFilterList rfl = c.getRouteFilterLists().get(_routeFilterName);
    Route6FilterList rfl6 = c.getRoute6FilterLists().get(_routeFilterName);
    BooleanExpr match4 = null;
    BooleanExpr match6 = null;
    if (rfl != null) {
        match4 = new MatchPrefixSet(new DestinationNetwork(), new NamedPrefixSet(_routeFilterName));
    }
    if (rfl6 != null) {
        match6 = new MatchPrefix6Set(new DestinationNetwork6(), new NamedPrefix6Set(_routeFilterName));
    }
    if (match4 != null && match6 == null) {
        return match4;
    } else if (rfl == null && rfl6 != null) {
        return match6;
    } else if (rfl != null && rfl6 != null) {
        Disjunction d = new Disjunction();
        d.getDisjuncts().add(match4);
        d.getDisjuncts().add(match6);
        return d;
    } else {
        throw new VendorConversionException("missing route filter list: \"" + _routeFilterName + "\"");
    }
}

Example 9 with BooleanExpr

use of org.batfish.datamodel.routing_policy.expr.BooleanExpr in project batfish by batfish.

the class EncoderSlice method addExportConstraint.

/*
   * Creates the transfer function to represent export filters
   * between two symbolic records. The import filter depends
   * heavily on the protocol.
   */
private void addExportConstraint(LogicalEdge e, SymbolicRoute varsOther, @Nullable SymbolicRoute ospfRedistribVars, @Nullable SymbolicRoute overallBest, Configuration conf, Protocol proto, GraphEdge ge, String router, boolean usedExport, Set<Prefix> originations) {
    SymbolicRoute vars = e.getSymbolicRecord();
    Interface iface = ge.getStart();
    ArithExpr failed = getSymbolicFailures().getFailedVariable(e.getEdge());
    assert (failed != null);
    BoolExpr notFailed = mkEq(failed, mkInt(0));
    // only add constraints once when using a single copy of export variables
    if (!_optimizations.getSliceCanKeepSingleExportVar().get(router).get(proto) || !usedExport) {
        if (proto.isConnected()) {
            BoolExpr val = mkNot(vars.getPermitted());
            add(val);
        }
        if (proto.isStatic()) {
            BoolExpr val = mkNot(vars.getPermitted());
            add(val);
        }
        if (proto.isOspf() || proto.isBgp()) {
            // BGP cost based on export
            Integer cost = proto.isBgp() ? addedCost(proto, ge) : 0;
            BoolExpr val = mkNot(vars.getPermitted());
            BoolExpr active = interfaceActive(iface, proto);
            // Apply BGP export policy and cost based on peer type
            // (1) EBGP --> ALL
            // (2) CLIENT --> ALL
            // (3) NONCLIENT --> EBGP, CLIENT
            boolean isNonClientEdge = proto.isBgp() && getGraph().peerType(ge) != Graph.BgpSendType.TO_EBGP;
            boolean isClientEdge = proto.isBgp() && getGraph().peerType(ge) == Graph.BgpSendType.TO_CLIENT;
            boolean isInternalExport = varsOther.isBest() && _optimizations.getNeedBgpInternal().contains(router);
            BoolExpr doExport = mkTrue();
            if (isInternalExport && proto.isBgp() && isNonClientEdge) {
                if (isClientEdge) {
                    cost = 0;
                } else {
                    // Lookup if we learned from iBGP, and if so, don't export the route
                    SymbolicRoute other = getBestNeighborPerProtocol(router, proto);
                    assert other != null;
                    assert other.getBgpInternal() != null;
                    if (other.getBgpInternal() != null) {
                        doExport = mkNot(other.getBgpInternal());
                        cost = 0;
                    }
                }
            }
            BoolExpr acc;
            RoutingPolicy pol = getGraph().findExportRoutingPolicy(router, proto, e.getEdge());
            if (Encoder.ENABLE_DEBUGGING && pol != null) {
                System.out.println("Export policy (" + _sliceName + "," + ge + "): " + pol.getName());
            }
            // We have to wrap this with the right thing for some reason
            List<Statement> statements;
            Statements.StaticStatement s1 = new Statements.StaticStatement(Statements.ExitAccept);
            Statements.StaticStatement s2 = new Statements.StaticStatement(Statements.ExitReject);
            if (proto.isOspf()) {
                If i = new If();
                List<Statement> stmts = (pol == null ? Collections.singletonList(s2) : pol.getStatements());
                i.setTrueStatements(Collections.singletonList(s1));
                i.setFalseStatements(stmts);
                BooleanExpr expr = new MatchProtocol(RoutingProtocol.OSPF);
                i.setGuard(expr);
                statements = Collections.singletonList(i);
            } else {
                statements = (pol == null ? Collections.singletonList(s1) : pol.getStatements());
            }
            TransferSSA f = new TransferSSA(this, conf, varsOther, vars, proto, statements, cost, ge, true);
            acc = f.compute();
            BoolExpr usable = mkAnd(active, doExport, varsOther.getPermitted(), notFailed);
            // will maintain the same preference when adding to the cost.
            if (ospfRedistribVars != null) {
                assert overallBest != null;
                f = new TransferSSA(this, conf, overallBest, ospfRedistribVars, proto, statements, cost, ge, true);
                BoolExpr acc2 = f.compute();
                // System.out.println("ADDING: \n" + acc2.simplify());
                add(acc2);
                BoolExpr usable2 = mkAnd(active, doExport, ospfRedistribVars.getPermitted(), notFailed);
                BoolExpr geq = greaterOrEqual(conf, proto, ospfRedistribVars, varsOther, e);
                BoolExpr isBetter = mkNot(mkAnd(ospfRedistribVars.getPermitted(), geq));
                BoolExpr usesOspf = mkAnd(varsOther.getPermitted(), isBetter);
                BoolExpr eq = equal(conf, proto, ospfRedistribVars, vars, e, false);
                BoolExpr eqPer = mkEq(ospfRedistribVars.getPermitted(), vars.getPermitted());
                acc = mkIf(usesOspf, mkIf(usable, acc, val), mkIf(usable2, mkAnd(eq, eqPer), val));
            } else {
                acc = mkIf(usable, acc, val);
            }
            for (Prefix p : originations) {
                // For OSPF, we need to explicitly initiate a route
                if (proto.isOspf()) {
                    BoolExpr ifaceUp = interfaceActive(iface, proto);
                    BoolExpr relevantPrefix = isRelevantFor(p, _symbolicPacket.getDstIp());
                    BoolExpr relevant = mkAnd(ifaceUp, relevantPrefix);
                    int adminDistance = defaultAdminDistance(conf, proto);
                    int prefixLength = p.getPrefixLength();
                    BoolExpr per = vars.getPermitted();
                    BoolExpr lp = safeEq(vars.getLocalPref(), mkInt(0));
                    BoolExpr ad = safeEq(vars.getAdminDist(), mkInt(adminDistance));
                    BoolExpr met = safeEq(vars.getMetric(), mkInt(cost));
                    BoolExpr med = safeEq(vars.getMed(), mkInt(100));
                    BoolExpr len = safeEq(vars.getPrefixLength(), mkInt(prefixLength));
                    BoolExpr type = safeEqEnum(vars.getOspfType(), OspfType.O);
                    BoolExpr area = safeEqEnum(vars.getOspfArea(), iface.getOspfAreaName());
                    BoolExpr internal = safeEq(vars.getBgpInternal(), mkFalse());
                    BoolExpr igpMet = safeEq(vars.getIgpMetric(), mkInt(0));
                    BoolExpr comms = mkTrue();
                    for (Map.Entry<CommunityVar, BoolExpr> entry : vars.getCommunities().entrySet()) {
                        comms = mkAnd(comms, mkNot(entry.getValue()));
                    }
                    BoolExpr values = mkAnd(per, lp, ad, met, med, len, type, area, internal, igpMet, comms);
                    // Don't originate OSPF route when there is a better redistributed route
                    if (ospfRedistribVars != null) {
                        BoolExpr betterLen = mkGt(ospfRedistribVars.getPrefixLength(), mkInt(prefixLength));
                        BoolExpr equalLen = mkEq(ospfRedistribVars.getPrefixLength(), mkInt(prefixLength));
                        BoolExpr betterAd = mkLt(ospfRedistribVars.getAdminDist(), mkInt(110));
                        BoolExpr better = mkOr(betterLen, mkAnd(equalLen, betterAd));
                        BoolExpr betterRedistributed = mkAnd(ospfRedistribVars.getPermitted(), better);
                        relevant = mkAnd(relevant, mkNot(betterRedistributed));
                    }
                    acc = mkIf(relevant, values, acc);
                }
            }
            add(acc);
            if (Encoder.ENABLE_DEBUGGING) {
                System.out.println("EXPORT: " + router + " " + varsOther.getName() + " " + ge);
                System.out.println(acc.simplify());
                System.out.println("\n\n");
            }
        }
    }
}

Example 10 with BooleanExpr

use of org.batfish.datamodel.routing_policy.expr.BooleanExpr in project batfish by batfish.

the class TransferBDD method compute.

/*
   * Convert a Batfish AST boolean expression to a symbolic Z3 boolean expression
   * by performing inlining of stateful side effects.
   */
private TransferResult<TransferReturn, BDD> compute(BooleanExpr expr, TransferParam<BDDRoute> p) {
    // TODO: right now everything is IPV4
    if (expr instanceof MatchIpv4) {
        p.debug("MatchIpv4");
        TransferReturn ret = new TransferReturn(p.getData(), factory.one());
        p.debug("MatchIpv4 Result: " + ret);
        return fromExpr(ret);
    }
    if (expr instanceof MatchIpv6) {
        p.debug("MatchIpv6");
        TransferReturn ret = new TransferReturn(p.getData(), factory.zero());
        return fromExpr(ret);
    }
    if (expr instanceof Conjunction) {
        p.debug("Conjunction");
        Conjunction c = (Conjunction) expr;
        BDD acc = factory.one();
        TransferResult<TransferReturn, BDD> result = new TransferResult<>();
        for (BooleanExpr be : c.getConjuncts()) {
            TransferResult<TransferReturn, BDD> r = compute(be, p.indent());
            acc = acc.and(r.getReturnValue().getSecond());
        }
        TransferReturn ret = new TransferReturn(p.getData(), acc);
        p.debug("Conjunction return: " + acc);
        return result.setReturnValue(ret);
    }
    if (expr instanceof Disjunction) {
        p.debug("Disjunction");
        Disjunction d = (Disjunction) expr;
        BDD acc = factory.zero();
        TransferResult<TransferReturn, BDD> result = new TransferResult<>();
        for (BooleanExpr be : d.getDisjuncts()) {
            TransferResult<TransferReturn, BDD> r = compute(be, p.indent());
            result = result.addChangedVariables(r);
            acc = acc.or(r.getReturnValue().getSecond());
        }
        TransferReturn ret = new TransferReturn(p.getData(), acc);
        p.debug("Disjunction return: " + acc);
        return result.setReturnValue(ret);
    }
    // TODO: thread the BDDRecord through calls
    if (expr instanceof ConjunctionChain) {
        p.debug("ConjunctionChain");
        ConjunctionChain d = (ConjunctionChain) expr;
        List<BooleanExpr> conjuncts = new ArrayList<>(d.getSubroutines());
        if (p.getDefaultPolicy() != null) {
            BooleanExpr be = new CallExpr(p.getDefaultPolicy().getDefaultPolicy());
            conjuncts.add(be);
        }
        if (conjuncts.size() == 0) {
            TransferReturn ret = new TransferReturn(p.getData(), factory.one());
            return fromExpr(ret);
        } else {
            TransferResult<TransferReturn, BDD> result = new TransferResult<>();
            TransferParam<BDDRoute> record = p;
            BDD acc = factory.zero();
            for (int i = conjuncts.size() - 1; i >= 0; i--) {
                BooleanExpr conjunct = conjuncts.get(i);
                TransferParam<BDDRoute> param = record.setDefaultPolicy(null).setChainContext(TransferParam.ChainContext.CONJUNCTION).indent();
                TransferResult<TransferReturn, BDD> r = compute(conjunct, param);
                record = record.setData(r.getReturnValue().getFirst());
                acc = ite(r.getFallthroughValue(), acc, r.getReturnValue().getSecond());
            }
            TransferReturn ret = new TransferReturn(record.getData(), acc);
            return result.setReturnValue(ret);
        }
    }
    if (expr instanceof DisjunctionChain) {
        p.debug("DisjunctionChain");
        DisjunctionChain d = (DisjunctionChain) expr;
        List<BooleanExpr> disjuncts = new ArrayList<>(d.getSubroutines());
        if (p.getDefaultPolicy() != null) {
            BooleanExpr be = new CallExpr(p.getDefaultPolicy().getDefaultPolicy());
            disjuncts.add(be);
        }
        if (disjuncts.size() == 0) {
            TransferReturn ret = new TransferReturn(p.getData(), factory.zero());
            return fromExpr(ret);
        } else {
            TransferResult<TransferReturn, BDD> result = new TransferResult<>();
            TransferParam<BDDRoute> record = p;
            BDD acc = factory.zero();
            for (int i = disjuncts.size() - 1; i >= 0; i--) {
                BooleanExpr disjunct = disjuncts.get(i);
                TransferParam<BDDRoute> param = record.setDefaultPolicy(null).setChainContext(TransferParam.ChainContext.CONJUNCTION).indent();
                TransferResult<TransferReturn, BDD> r = compute(disjunct, param);
                record = record.setData(r.getReturnValue().getFirst());
                acc = ite(r.getFallthroughValue(), acc, r.getReturnValue().getSecond());
            }
            TransferReturn ret = new TransferReturn(record.getData(), acc);
            return result.setReturnValue(ret);
        }
    }
    if (expr instanceof Not) {
        p.debug("mkNot");
        Not n = (Not) expr;
        TransferResult<TransferReturn, BDD> result = compute(n.getExpr(), p);
        TransferReturn r = result.getReturnValue();
        TransferReturn ret = new TransferReturn(r.getFirst(), r.getSecond().not());
        return result.setReturnValue(ret);
    }
    if (expr instanceof MatchProtocol) {
        MatchProtocol mp = (MatchProtocol) expr;
        Protocol proto = Protocol.fromRoutingProtocol(mp.getProtocol());
        if (proto == null) {
            p.debug("MatchProtocol(" + mp.getProtocol().protocolName() + "): false");
            TransferReturn ret = new TransferReturn(p.getData(), factory.zero());
            return fromExpr(ret);
        }
        BDD protoMatch = p.getData().getProtocolHistory().value(proto);
        p.debug("MatchProtocol(" + mp.getProtocol().protocolName() + "): " + protoMatch);
        TransferReturn ret = new TransferReturn(p.getData(), protoMatch);
        return fromExpr(ret);
    }
    if (expr instanceof MatchPrefixSet) {
        p.debug("MatchPrefixSet");
        MatchPrefixSet m = (MatchPrefixSet) expr;
        BDD r = matchPrefixSet(p.indent(), _conf, m.getPrefixSet(), p.getData());
        TransferReturn ret = new TransferReturn(p.getData(), r);
        return fromExpr(ret);
    // TODO: implement me
    } else if (expr instanceof MatchPrefix6Set) {
        p.debug("MatchPrefix6Set");
        TransferReturn ret = new TransferReturn(p.getData(), factory.zero());
        return fromExpr(ret);
    } else if (expr instanceof CallExpr) {
        p.debug("CallExpr");
        CallExpr c = (CallExpr) expr;
        String router = _conf.getName();
        String name = c.getCalledPolicyName();
        TransferResult<TransferReturn, BDD> r = CACHE.get(router, name);
        if (r != null) {
            return r;
        }
        RoutingPolicy pol = _conf.getRoutingPolicies().get(name);
        p = p.setCallContext(TransferParam.CallContext.EXPR_CALL);
        r = compute(pol.getStatements(), p.indent().enterScope(name));
        CACHE.put(router, name, r);
        return r;
    } else if (expr instanceof WithEnvironmentExpr) {
        p.debug("WithEnvironmentExpr");
        // TODO: this is not correct
        WithEnvironmentExpr we = (WithEnvironmentExpr) expr;
        // TODO: postStatements() and preStatements()
        return compute(we.getExpr(), p.deepCopy());
    } else if (expr instanceof MatchCommunitySet) {
        p.debug("MatchCommunitySet");
        MatchCommunitySet mcs = (MatchCommunitySet) expr;
        BDD c = matchCommunitySet(p.indent(), _conf, mcs.getExpr(), p.getData());
        TransferReturn ret = new TransferReturn(p.getData(), c);
        return fromExpr(ret);
    } else if (expr instanceof BooleanExprs.StaticBooleanExpr) {
        BooleanExprs.StaticBooleanExpr b = (BooleanExprs.StaticBooleanExpr) expr;
        TransferReturn ret;
        switch(b.getType()) {
            case CallExprContext:
                p.debug("CallExprContext");
                BDD x1 = mkBDD(p.getCallContext() == TransferParam.CallContext.EXPR_CALL);
                ret = new TransferReturn(p.getData(), x1);
                return fromExpr(ret);
            case CallStatementContext:
                p.debug("CallStmtContext");
                BDD x2 = mkBDD(p.getCallContext() == TransferParam.CallContext.STMT_CALL);
                ret = new TransferReturn(p.getData(), x2);
                return fromExpr(ret);
            case True:
                p.debug("True");
                ret = new TransferReturn(p.getData(), factory.one());
                return fromExpr(ret);
            case False:
                p.debug("False");
                ret = new TransferReturn(p.getData(), factory.zero());
                return fromExpr(ret);
            default:
                throw new BatfishException("Unhandled " + BooleanExprs.class.getCanonicalName() + ": " + b.getType());
        }
    } else if (expr instanceof MatchAsPath) {
        p.debug("MatchAsPath");
        // System.out.println("Warning: use of unimplemented feature MatchAsPath");
        TransferReturn ret = new TransferReturn(p.getData(), factory.one());
        return fromExpr(ret);
    }
    throw new BatfishException("TODO: compute expr transfer function: " + expr);
}