Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IOS: Add session info to interfaces #6653

Merged
merged 6 commits into from
Mar 1, 2021
Merged

IOS: Add session info to interfaces #6653

merged 6 commits into from
Mar 1, 2021

Conversation

corinaminer
Copy link
Contributor

No description provided.

@batfish-bot
Copy link

This change is Reviewable

@codecov
Copy link

codecov bot commented Feb 23, 2021
edited
Loading

Codecov Report

Merging #6653 (fc161e0) into master (48c90e5) will decrease coverage by 0.00%.
The diff coverage is 89.47%.

@@             Coverage Diff              @@
##             master    #6653      +/-   ##
============================================
- Coverage     73.52%   73.52%   -0.01%     
  Complexity    36665    36665              
============================================
  Files          2934     2934              
  Lines        147488   147504      +16     
  Branches      17778    17780       +2     
============================================
+ Hits         108442   108446       +4     
- Misses        30508    30517       +9     
- Partials       8538     8541       +3
Impacted Files Coverage Δ Complexity Δ
...tfish/representation/cisco/CiscoConfiguration.java 86.56% <89.47%> (-0.09%) 512.00 <2.00> (+3.00) ⬇️
...src/main/java/org/batfish/coordinator/PoolMgr.java 59.52% <0.00%> (-1.20%) 15.00% <0.00%> (-1.00%)
...ain/java/org/batfish/storage/FileBasedStorage.java 84.50% <0.00%> (-0.67%) 249.00% <0.00%> (ø%)
...src/main/java/org/batfish/coordinator/WorkMgr.java 75.42% <0.00%> (-0.39%) 245.00% <0.00%> (-2.00%)
.../org/batfish/dataplane/ibdp/BgpRoutingProcess.java 84.79% <0.00%> (-0.12%) 150.00% <0.00%> (-1.00%)
...main/java/org/batfish/datamodel/acl/AclTracer.java 64.15% <0.00%> (+1.25%) 44.00% <0.00%> (+1.00%)
...g/batfish/datamodel/flow/IncomingSessionScope.java 100.00% <0.00%> (+15.38%) 8.00% <0.00%> (+1.00%)

anothermattbrown
anothermattbrown reviewed Feb 23, 2021
View reviewed changes
Copy link
Contributor

@anothermattbrown anothermattbrown left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed 3 of 3 files at r1, 1 of 1 files at r2.
Reviewable status: all files reviewed, 2 unresolved discussions (waiting on @corinaminer)

projects/batfish/src/main/java/org/batfish/representation/cisco/CiscoConfiguration.java, line 1936 at r2 (raw file):

Assume each interface has its own session info (sessions are not shared by interfaces).

Is this a safe assumption? It would seem reasonable to allow return traffic to enter any interface on the same (in/out)side as newIface.

projects/batfish/src/main/java/org/batfish/representation/cisco/CiscoConfiguration.java, line 1951 at r2 (raw file):

Action.PRE_NAT_FIB_LOOKUP

Adding the FirewallSessionInteraceInfo to this (inside) interface will cause sessions to be created for all flows exiting this interface. Presumably we only want to create sessions for flows that entered an outside interface. Can we assume that?

@corinaminer
Return flow can match different interface
109e8b3 
If session was set up on inside interface, return flow can match it on
any inside interface (same for setup/match on outside ifaces).
@corinaminer
update ref
0ac8382
corinaminer
corinaminer commented Feb 24, 2021
View reviewed changes
Copy link
Contributor Author

@corinaminer corinaminer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: 0 of 4 files reviewed, 3 unresolved discussions (waiting on @anothermattbrown and @corinaminer)

projects/batfish/src/main/java/org/batfish/representation/cisco/CiscoConfiguration.java, line 1936 at r2 (raw file):

Previously, anothermattbrown (Matt Brown) wrote…
Assume each interface has its own session info (sessions are not shared by interfaces).

Is this a safe assumption? It would seem reasonable to allow return traffic to enter any interface on the same (in/out)side as newIface.

Good call -- i just checked in GNS3 and you're right. Fixed.

tests/parsing-tests/unit-tests-vimodel.ref, line 0 at r3 (raw file):
It's upsetting that an interface's session action changed, but it's just because that interface's config has both ip nat outside and ip nat inside. ip nat outside comes second, so POST_NAT_FIB_LOOKUP seems like the more correct option. (real interface configs can't have both and configuring one will overwrite the other.)

anothermattbrown
anothermattbrown reviewed Feb 25, 2021
View reviewed changes
Copy link
Contributor

@anothermattbrown anothermattbrown left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed 4 of 4 files at r3.
Reviewable status: all files reviewed, 3 unresolved discussions (waiting on @corinaminer)

projects/batfish/src/main/java/org/batfish/representation/cisco/CiscoConfiguration.java, line 1936 at r2 (raw file):

Previously, corinaminer (Corina Miner) wrote…

Good call -- i just checked in GNS3 and you're right. Fixed.

Does this comment need to be updated?

corinaminer
corinaminer commented Feb 26, 2021
View reviewed changes
Copy link
Contributor Author

@corinaminer corinaminer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: all files reviewed, 2 unresolved discussions (waiting on @corinaminer)

projects/batfish/src/main/java/org/batfish/representation/cisco/CiscoConfiguration.java, line 1936 at r2 (raw file):

Previously, anothermattbrown (Matt Brown) wrote…

Does this comment need to be updated?

no, this comment is specific to ASA. There's a comment addressing non-ASA behavior down with the new conversion code

corinaminer
corinaminer commented Mar 1, 2021
View reviewed changes
Copy link
Contributor Author

@corinaminer corinaminer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: 1 of 4 files reviewed, 2 unresolved discussions (waiting on @anothermattbrown)

projects/batfish/src/main/java/org/batfish/representation/cisco/CiscoConfiguration.java, line 1951 at r2 (raw file):

Previously, anothermattbrown (Matt Brown) wrote…
Action.PRE_NAT_FIB_LOOKUP

Adding the FirewallSessionInteraceInfo to this (inside) interface will cause sessions to be created for all flows exiting this interface. Presumably we only want to create sessions for flows that entered an outside interface. Can we assume that?

done.

anothermattbrown
anothermattbrown reviewed Mar 1, 2021
View reviewed changes
Copy link
Contributor

@anothermattbrown anothermattbrown left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed 3 of 3 files at r4.
Reviewable status: all files reviewed, 1 unresolved discussion

@corinaminer corinaminer merged commit 666bc84 into master Mar 1, 2021
@corinaminer corinaminer deleted the ios-sessions branch March 1, 2021 23:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@anothermattbrown anothermattbrown anothermattbrown left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@corinaminer @batfish-bot @anothermattbrown