Examples with Line org.batfish.datamodel.vendor_family.cisco.Line used on opensource projects

Example 1 with Line

use of org.batfish.datamodel.vendor_family.cisco.Line in project batfish by batfish.

the class CiscoControlPlaneExtractor method exitL_access_class.

@Override
public void exitL_access_class(L_access_classContext ctx) {
    boolean ipv6 = (ctx.IPV6() != null);
    String name = ctx.name.getText();
    int nameLine = ctx.name.getStart().getLine();
    BiConsumer<Line, String> setter;
    CiscoStructureType structureType;
    CiscoStructureUsage structureUsage;
    if (ctx.OUT() != null || ctx.EGRESS() != null) {
        if (ipv6) {
            setter = Line::setOutputIpv6AccessList;
            structureType = CiscoStructureType.IPV6_ACCESS_LIST;
            structureUsage = CiscoStructureUsage.LINE_ACCESS_CLASS_LIST6;
            _configuration.getLineIpv6AccessClassLists().add(name);
        } else {
            setter = Line::setOutputAccessList;
            structureType = CiscoStructureType.IP_ACCESS_LIST;
            structureUsage = CiscoStructureUsage.LINE_ACCESS_CLASS_LIST;
            _configuration.getLineAccessClassLists().add(name);
        }
    } else {
        if (ipv6) {
            setter = Line::setInputIpv6AccessList;
            structureType = CiscoStructureType.IPV6_ACCESS_LIST;
            structureUsage = CiscoStructureUsage.LINE_ACCESS_CLASS_LIST6;
            _configuration.getLineIpv6AccessClassLists().add(name);
        } else {
            setter = Line::setInputAccessList;
            structureType = CiscoStructureType.IP_ACCESS_LIST;
            structureUsage = CiscoStructureUsage.LINE_ACCESS_CLASS_LIST;
            _configuration.getLineAccessClassLists().add(name);
        }
    }
    _configuration.referenceStructure(structureType, name, structureUsage, nameLine);
    for (String currentName : _currentLineNames) {
        Line line = _configuration.getCf().getLines().get(currentName);
        setter.accept(line, name);
    }
}

Example 2 with Line

use of org.batfish.datamodel.vendor_family.cisco.Line in project batfish by batfish.

the class CiscoControlPlaneExtractor method exitL_transport.

@Override
public void exitL_transport(L_transportContext ctx) {
    SortedSet<String> protocols = new TreeSet<>(ctx.prot.stream().map(c -> c.getText()).collect(Collectors.toSet()));
    BiConsumer<Line, SortedSet<String>> setter;
    if (ctx.INPUT() != null) {
        setter = Line::setTransportInput;
    } else if (ctx.OUTPUT() != null) {
        setter = Line::setTransportOutput;
    } else if (ctx.PREFERRED() != null) {
        setter = Line::setTransportPreferred;
    } else {
        throw new BatfishException("Invalid or unsupported line transport type");
    }
    for (String currentName : _currentLineNames) {
        Line line = _configuration.getCf().getLines().get(currentName);
        setter.accept(line, protocols);
    }
}

Example 3 with Line

use of org.batfish.datamodel.vendor_family.cisco.Line in project batfish by batfish.

the class CiscoControlPlaneExtractor method enterS_line.

@Override
public void enterS_line(S_lineContext ctx) {
    String lineType = ctx.line_type().getText();
    if (lineType.equals("")) {
        lineType = "<UNNAMED>";
    }
    String nameBase = lineType;
    Integer slot1 = null;
    Integer slot2 = null;
    Integer port1 = null;
    Integer port2 = null;
    List<String> names = new ArrayList<>();
    if (ctx.first != null) {
        if (ctx.slot1 != null) {
            slot1 = toInteger(ctx.slot1);
            slot2 = slot1;
            if (ctx.port1 != null) {
                port1 = toInteger(ctx.port1);
                port2 = port1;
            }
        }
        int first = toInteger(ctx.first);
        int last;
        if (ctx.last != null) {
            if (ctx.slot2 != null) {
                slot2 = toInteger(ctx.slot2);
                if (ctx.port2 != null) {
                    port2 = toInteger(ctx.port2);
                }
            }
            last = toInteger(ctx.last);
        } else {
            last = first;
        }
        if (last < first) {
            throw new BatfishException("Do not support decreasing line range: " + first + " " + last);
        }
        if (slot1 != null && port1 != null) {
            for (int s = slot1; s <= slot2; s++) {
                for (int p = port1; p <= port2; p++) {
                    for (int i = first; i <= last; i++) {
                        String name = nameBase + s + "/" + p + "/" + i;
                        names.add(name);
                    }
                }
            }
        } else if (slot1 != null) {
            for (int s = slot1; s <= slot2; s++) {
                for (int i = first; i <= last; i++) {
                    String name = nameBase + s + "/" + i;
                    names.add(name);
                }
            }
        } else {
            for (int i = first; i <= last; i++) {
                String name = nameBase + i;
                names.add(name);
            }
        }
    } else {
        names.add(nameBase);
    }
    for (String name : names) {
        if (_configuration.getCf().getLines().get(name) == null) {
            Line line = new Line(name);
            line.setLoginAuthentication(AaaAuthenticationLogin.DEFAULT_LIST_NAME);
            _configuration.getCf().getLines().put(name, line);
        }
    }
    _currentLineNames = names;
}

Example 4 with Line

use of org.batfish.datamodel.vendor_family.cisco.Line in project batfish by batfish.

the class CiscoControlPlaneExtractor method exitL_exec_timeout.

@Override
public void exitL_exec_timeout(L_exec_timeoutContext ctx) {
    int minutes = toInteger(ctx.minutes);
    int seconds = ctx.seconds != null ? toInteger(ctx.seconds) : 0;
    for (String lineName : _currentLineNames) {
        Line line = _configuration.getCf().getLines().get(lineName);
        line.setExecTimeoutMinutes(minutes);
        line.setExecTimeoutSeconds(seconds);
    }
}

Example 5 with Line

use of org.batfish.datamodel.vendor_family.cisco.Line in project batfish by batfish.

the class CiscoConfiguration method toVendorIndependentConfiguration.

@Override
public Configuration toVendorIndependentConfiguration() {
    final Configuration c = new Configuration(_hostname, _vendor);
    c.getVendorFamily().setCisco(_cf);
    c.setRoles(_roles);
    c.setDefaultInboundAction(LineAction.ACCEPT);
    c.setDefaultCrossZoneAction(LineAction.ACCEPT);
    c.setDnsServers(_dnsServers);
    c.setDnsSourceInterface(_dnsSourceInterface);
    c.setDomainName(_domainName);
    c.setNormalVlanRange(new SubRange(VLAN_NORMAL_MIN_CISCO, VLAN_NORMAL_MAX_CISCO));
    c.setTacacsServers(_tacacsServers);
    c.setTacacsSourceInterface(_tacacsSourceInterface);
    c.setNtpSourceInterface(_ntpSourceInterface);
    if (_cf.getNtp() != null) {
        c.setNtpServers(new TreeSet<>(_cf.getNtp().getServers().keySet()));
    }
    if (_cf.getLogging() != null) {
        c.setLoggingSourceInterface(_cf.getLogging().getSourceInterface());
        c.setLoggingServers(new TreeSet<>(_cf.getLogging().getHosts().keySet()));
    }
    c.setSnmpSourceInterface(_snmpSourceInterface);
    processLines();
    processFailoverSettings();
    // remove line login authentication lists if they don't exist
    for (Line line : _cf.getLines().values()) {
        String list = line.getLoginAuthentication();
        boolean found = false;
        Aaa aaa = _cf.getAaa();
        if (aaa != null) {
            AaaAuthentication authentication = aaa.getAuthentication();
            if (authentication != null) {
                AaaAuthenticationLogin login = authentication.getLogin();
                if (login != null && login.getLists().containsKey(list)) {
                    found = true;
                }
            }
        }
        if (!found) {
            line.setLoginAuthentication(null);
        }
    }
    // initialize vrfs
    for (String vrfName : _vrfs.keySet()) {
        c.getVrfs().put(vrfName, new org.batfish.datamodel.Vrf(vrfName));
    }
    // snmp server
    if (_snmpServer != null) {
        String snmpServerVrf = _snmpServer.getVrf();
        c.getVrfs().get(snmpServerVrf).setSnmpServer(_snmpServer);
    }
    // convert as path access lists to vendor independent format
    for (IpAsPathAccessList pathList : _asPathAccessLists.values()) {
        AsPathAccessList apList = toAsPathAccessList(pathList);
        c.getAsPathAccessLists().put(apList.getName(), apList);
    }
    // convert as-path-sets to vendor independent format
    for (AsPathSet asPathSet : _asPathSets.values()) {
        AsPathAccessList apList = toAsPathAccessList(asPathSet);
        c.getAsPathAccessLists().put(apList.getName(), apList);
    }
    // convert standard/expanded community lists to community lists
    for (StandardCommunityList scList : _standardCommunityLists.values()) {
        ExpandedCommunityList ecList = scList.toExpandedCommunityList();
        CommunityList cList = toCommunityList(ecList);
        c.getCommunityLists().put(cList.getName(), cList);
    }
    for (ExpandedCommunityList ecList : _expandedCommunityLists.values()) {
        CommunityList cList = toCommunityList(ecList);
        c.getCommunityLists().put(cList.getName(), cList);
    }
    // convert prefix lists to route filter lists
    for (PrefixList prefixList : _prefixLists.values()) {
        RouteFilterList newRouteFilterList = toRouteFilterList(prefixList);
        c.getRouteFilterLists().put(newRouteFilterList.getName(), newRouteFilterList);
    }
    // convert ipv6 prefix lists to route6 filter lists
    for (Prefix6List prefixList : _prefix6Lists.values()) {
        Route6FilterList newRouteFilterList = toRoute6FilterList(prefixList);
        c.getRoute6FilterLists().put(newRouteFilterList.getName(), newRouteFilterList);
    }
    // convert standard/extended access lists to access lists or route filter
    // lists
    List<ExtendedAccessList> allACLs = new ArrayList<>();
    for (StandardAccessList saList : _standardAccessLists.values()) {
        ExtendedAccessList eaList = saList.toExtendedAccessList();
        allACLs.add(eaList);
    }
    allACLs.addAll(_extendedAccessLists.values());
    for (ExtendedAccessList eaList : allACLs) {
        if (usedForRouting(eaList)) {
            String msg = "used for routing";
            StandardAccessList parent = eaList.getParent();
            if (parent != null) {
                parent.getReferers().put(this, msg);
            } else {
                eaList.getReferers().put(this, msg);
            }
            RouteFilterList rfList = toRouteFilterList(eaList);
            c.getRouteFilterLists().put(rfList.getName(), rfList);
        }
        IpAccessList ipaList = toIpAccessList(eaList);
        c.getIpAccessLists().put(ipaList.getName(), ipaList);
    }
    // convert standard/extended ipv6 access lists to ipv6 access lists or
    // route6 filter
    // lists
    List<ExtendedIpv6AccessList> allIpv6ACLs = new ArrayList<>();
    for (StandardIpv6AccessList saList : _standardIpv6AccessLists.values()) {
        ExtendedIpv6AccessList eaList = saList.toExtendedIpv6AccessList();
        allIpv6ACLs.add(eaList);
    }
    allIpv6ACLs.addAll(_extendedIpv6AccessLists.values());
    for (ExtendedIpv6AccessList eaList : allIpv6ACLs) {
        if (usedForRouting(eaList)) {
            String msg = "used for routing";
            StandardIpv6AccessList parent = eaList.getParent();
            if (parent != null) {
                parent.getReferers().put(this, msg);
            } else {
                eaList.getReferers().put(this, msg);
            }
            Route6FilterList rfList = toRoute6FilterList(eaList);
            c.getRoute6FilterLists().put(rfList.getName(), rfList);
        }
        Ip6AccessList ipaList = toIp6AccessList(eaList);
        c.getIp6AccessLists().put(ipaList.getName(), ipaList);
    }
    // convert route maps to policy maps
    Set<RouteMap> routingRouteMaps = getRoutingRouteMaps();
    for (RouteMap map : _routeMaps.values()) {
        convertForPurpose(routingRouteMaps, map);
        // convert route maps to RoutingPolicy objects
        RoutingPolicy newPolicy = toRoutingPolicy(c, map);
        c.getRoutingPolicies().put(newPolicy.getName(), newPolicy);
    }
    // convert RoutePolicy to RoutingPolicy
    for (RoutePolicy routePolicy : _routePolicies.values()) {
        RoutingPolicy routingPolicy = toRoutingPolicy(c, routePolicy);
        c.getRoutingPolicies().put(routingPolicy.getName(), routingPolicy);
    }
    // convert interfaces
    _interfaces.forEach((ifaceName, iface) -> {
        org.batfish.datamodel.Interface newInterface = toInterface(iface, c.getIpAccessLists(), c);
        String vrfName = iface.getVrf();
        if (vrfName == null) {
            throw new BatfishException("Missing vrf name for iface: '" + iface.getName() + "'");
        }
        c.getInterfaces().put(ifaceName, newInterface);
        c.getVrfs().get(vrfName).getInterfaces().put(ifaceName, newInterface);
    });
    // apply vrrp settings to interfaces
    applyVrrp(c);
    // get IKE proposals
    for (Entry<String, IsakmpPolicy> e : _isakmpPolicies.entrySet()) {
        c.getIkeProposals().put(e.getKey(), e.getValue().getProposal());
    }
    addIkePoliciesAndGateways(c);
    // ipsec proposals
    for (Entry<String, IpsecTransformSet> e : _ipsecTransformSets.entrySet()) {
        c.getIpsecProposals().put(e.getKey(), e.getValue().getProposal());
    }
    // ipsec policies
    for (Entry<String, IpsecProfile> e : _ipsecProfiles.entrySet()) {
        String name = e.getKey();
        IpsecProfile profile = e.getValue();
        IpsecPolicy policy = new IpsecPolicy(name);
        policy.setPfsKeyGroup(profile.getPfsGroup());
        String transformSetName = profile.getTransformSet();
        if (c.getIpsecProposals().containsKey(transformSetName)) {
            policy.getProposals().put(transformSetName, c.getIpsecProposals().get(transformSetName));
        }
        c.getIpsecPolicies().put(name, policy);
    }
    // ipsec vpns
    for (Entry<String, Interface> e : _interfaces.entrySet()) {
        String name = e.getKey();
        Interface iface = e.getValue();
        Tunnel tunnel = iface.getTunnel();
        if (tunnel != null && tunnel.getMode() == TunnelMode.IPSEC) {
            IpsecVpn ipsecVpn = new IpsecVpn(name, c);
            ipsecVpn.setBindInterface(c.getInterfaces().get(name));
            ipsecVpn.setIpsecPolicy(c.getIpsecPolicies().get(tunnel.getIpsecProfileName()));
            Ip source = tunnel.getSource();
            Ip destination = tunnel.getDestination();
            if (source == null || destination == null) {
                _w.redFlag("Can't match IkeGateway: tunnel source or destination is not set for " + name);
            } else {
                for (IkeGateway ikeGateway : c.getIkeGateways().values()) {
                    if (source.equals(ikeGateway.getLocalIp()) && destination.equals(ikeGateway.getAddress())) {
                        ipsecVpn.setIkeGateway(ikeGateway);
                    }
                }
                if (ipsecVpn.getIkeGateway() == null) {
                    _w.redFlag("Can't find matching IkeGateway for " + name);
                }
            }
            c.getIpsecVpns().put(ipsecVpn.getName(), ipsecVpn);
        }
    }
    // convert routing processes
    _vrfs.forEach((vrfName, vrf) -> {
        org.batfish.datamodel.Vrf newVrf = c.getVrfs().get(vrfName);
        // add snmp trap servers to main list
        if (newVrf.getSnmpServer() != null) {
            c.getSnmpTrapServers().addAll(newVrf.getSnmpServer().getHosts().keySet());
        }
        // convert static routes
        for (StaticRoute staticRoute : vrf.getStaticRoutes()) {
            newVrf.getStaticRoutes().add(toStaticRoute(c, staticRoute));
        }
        // convert rip process
        RipProcess ripProcess = vrf.getRipProcess();
        if (ripProcess != null) {
            org.batfish.datamodel.RipProcess newRipProcess = toRipProcess(ripProcess, vrfName, c, this);
            newVrf.setRipProcess(newRipProcess);
        }
        // convert ospf process
        OspfProcess ospfProcess = vrf.getOspfProcess();
        if (ospfProcess != null) {
            org.batfish.datamodel.OspfProcess newOspfProcess = toOspfProcess(ospfProcess, vrfName, c, this);
            newVrf.setOspfProcess(newOspfProcess);
        }
        // convert isis process
        IsisProcess isisProcess = vrf.getIsisProcess();
        if (isisProcess != null) {
            org.batfish.datamodel.IsisProcess newIsisProcess = toIsisProcess(isisProcess, c, this);
            newVrf.setIsisProcess(newIsisProcess);
        }
        // convert bgp process
        BgpProcess bgpProcess = vrf.getBgpProcess();
        if (bgpProcess != null) {
            org.batfish.datamodel.BgpProcess newBgpProcess = toBgpProcess(c, bgpProcess, vrfName);
            c.getVrfs().get(vrfName).setBgpProcess(newBgpProcess);
        }
    });
    // warn about references to undefined peer groups
    for (Entry<String, Integer> e : _undefinedPeerGroups.entrySet()) {
        String name = e.getKey();
        int line = e.getValue();
        undefined(CiscoStructureType.BGP_PEER_GROUP, name, CiscoStructureUsage.BGP_NEIGHBOR_STATEMENT, line);
    }
    // mark references to IPv4/6 ACLs that may not appear in data model
    markAcls(CiscoStructureUsage.CLASS_MAP_ACCESS_GROUP);
    markIpv4Acls(CiscoStructureUsage.CONTROL_PLANE_ACCESS_GROUP);
    markAcls(CiscoStructureUsage.COPS_LISTENER_ACCESS_LIST);
    markAcls(CiscoStructureUsage.CRYPTO_MAP_IPSEC_ISAKMP_ACL);
    markAcls(CiscoStructureUsage.INTERFACE_IGMP_ACCESS_GROUP_ACL);
    markIpv4Acls(CiscoStructureUsage.INTERFACE_IGMP_STATIC_GROUP_ACL);
    markAcls(CiscoStructureUsage.INTERFACE_IP_INBAND_ACCESS_GROUP);
    markIpv4Acls(CiscoStructureUsage.INTERFACE_IP_VERIFY_ACCESS_LIST);
    markIpv4Acls(CiscoStructureUsage.INTERFACE_PIM_NEIGHBOR_FILTER);
    markIpv4Acls(CiscoStructureUsage.IP_NAT_DESTINATION_ACCESS_LIST);
    markIpv4Acls(CiscoStructureUsage.IP_NAT_SOURCE_ACCESS_LIST);
    markAcls(CiscoStructureUsage.LINE_ACCESS_CLASS_LIST);
    markIpv6Acls(CiscoStructureUsage.LINE_ACCESS_CLASS_LIST6);
    markIpv4Acls(CiscoStructureUsage.MANAGEMENT_TELNET_ACCESS_GROUP);
    markIpv4Acls(CiscoStructureUsage.MSDP_PEER_SA_LIST);
    markIpv4Acls(CiscoStructureUsage.NTP_ACCESS_GROUP);
    markIpv4Acls(CiscoStructureUsage.PIM_ACCEPT_REGISTER_ACL);
    markIpv4Acls(CiscoStructureUsage.PIM_ACCEPT_RP_ACL);
    markIpv4Acls(CiscoStructureUsage.PIM_RP_ADDRESS_ACL);
    markIpv4Acls(CiscoStructureUsage.PIM_RP_ANNOUNCE_FILTER);
    markIpv4Acls(CiscoStructureUsage.PIM_RP_CANDIDATE_ACL);
    markIpv4Acls(CiscoStructureUsage.PIM_SEND_RP_ANNOUNCE_ACL);
    markIpv4Acls(CiscoStructureUsage.PIM_SPT_THRESHOLD_ACL);
    markAcls(CiscoStructureUsage.RIP_DISTRIBUTE_LIST);
    markAcls(CiscoStructureUsage.ROUTER_ISIS_DISTRIBUTE_LIST_ACL);
    markAcls(CiscoStructureUsage.SNMP_SERVER_FILE_TRANSFER_ACL);
    markAcls(CiscoStructureUsage.SNMP_SERVER_TFTP_SERVER_LIST);
    markAcls(CiscoStructureUsage.SNMP_SERVER_COMMUNITY_ACL);
    markIpv4Acls(CiscoStructureUsage.SNMP_SERVER_COMMUNITY_ACL4);
    markIpv6Acls(CiscoStructureUsage.SNMP_SERVER_COMMUNITY_ACL6);
    markAcls(CiscoStructureUsage.SSH_ACL);
    markIpv4Acls(CiscoStructureUsage.SSH_IPV4_ACL);
    markIpv6Acls(CiscoStructureUsage.SSH_IPV6_ACL);
    markAcls(CiscoStructureUsage.WCCP_GROUP_LIST);
    markAcls(CiscoStructureUsage.WCCP_REDIRECT_LIST);
    markAcls(CiscoStructureUsage.WCCP_SERVICE_LIST);
    // mark references to mac-ACLs that may not appear in data model
    // TODO: fill in
    // mark references to route-maps that may not appear in data model
    markRouteMaps(CiscoStructureUsage.BGP_REDISTRIBUTE_OSPFV3_MAP);
    markRouteMaps(CiscoStructureUsage.BGP_ROUTE_MAP_OTHER);
    markRouteMaps(CiscoStructureUsage.BGP_VRF_AGGREGATE_ROUTE_MAP);
    markRouteMaps(CiscoStructureUsage.PIM_ACCEPT_REGISTER_ROUTE_MAP);
    // Cable
    markDepiClasses(CiscoStructureUsage.DEPI_TUNNEL_DEPI_CLASS);
    markDepiTunnels(CiscoStructureUsage.CONTROLLER_DEPI_TUNNEL);
    markDepiTunnels(CiscoStructureUsage.DEPI_TUNNEL_PROTECT_TUNNEL);
    markDocsisPolicies(CiscoStructureUsage.DOCSIS_GROUP_DOCSIS_POLICY);
    markDocsisPolicyRules(CiscoStructureUsage.DOCSIS_POLICY_DOCSIS_POLICY_RULE);
    markServiceClasses(CiscoStructureUsage.QOS_ENFORCE_RULE_SERVICE_CLASS);
    // L2tp
    markL2tpClasses(CiscoStructureUsage.DEPI_TUNNEL_L2TP_CLASS);
    // Vpn
    markIpsecProfiles(CiscoStructureUsage.TUNNEL_PROTECTION_IPSEC_PROFILE);
    markIpsecTransformSets(CiscoStructureUsage.IPSEC_PROFILE_TRANSFORM_SET);
    markKeyrings(CiscoStructureUsage.ISAKMP_PROFILE_KEYRING);
    // warn about unreferenced data structures
    warnUnusedStructure(_asPathSets, CiscoStructureType.AS_PATH_SET);
    warnUnusedCommunityLists();
    warnUnusedStructure(_cf.getDepiClasses(), CiscoStructureType.DEPI_CLASS);
    warnUnusedStructure(_cf.getDepiTunnels(), CiscoStructureType.DEPI_TUNNEL);
    warnUnusedDocsisPolicies();
    warnUnusedDocsisPolicyRules();
    warnUnusedStructure(_asPathAccessLists, CiscoStructureType.AS_PATH_ACCESS_LIST);
    warnUnusedIpAccessLists();
    warnUnusedStructure(_ipsecProfiles, CiscoStructureType.IPSEC_PROFILE);
    warnUnusedStructure(_ipsecTransformSets, CiscoStructureType.IPSEC_TRANSFORM_SET);
    warnUnusedIpv6AccessLists();
    warnUnusedKeyrings();
    warnUnusedStructure(_cf.getL2tpClasses(), CiscoStructureType.L2TP_CLASS);
    warnUnusedStructure(_macAccessLists, CiscoStructureType.MAC_ACCESS_LIST);
    warnUnusedStructure(_natPools, CiscoStructureType.NAT_POOL);
    warnUnusedStructure(_prefixLists, CiscoStructureType.PREFIX_LIST);
    warnUnusedStructure(_prefix6Lists, CiscoStructureType.PREFIX6_LIST);
    warnUnusedPeerGroups();
    warnUnusedPeerSessions();
    warnUnusedStructure(_routeMaps, CiscoStructureType.ROUTE_MAP);
    warnUnusedServiceClasses();
    c.simplifyRoutingPolicies();
    c.computeRoutingPolicySources(_w);
    return c;
}