Examples with AclIpSpace org.batfish.datamodel.AclIpSpace used on opensource projects

Search in sources :

Example 1 with AclIpSpace

use of org.batfish.datamodel.AclIpSpace in project batfish by batfish.

the class IpSpaceSimplifier method visitAclIpSpace.

@Override
public IpSpace visitAclIpSpace(AclIpSpace aclIpSpace) {
    /*
     * To simplify an AclIpSpace: 1) Simplify the IpSpace of each line. 2) Remove EmptyIpSpace
     * lines. 3) Remove all lines after the first UniverseIpSpace line - More generally, we could
     * remove all lines whose spaces are covered by a previous line, but this is not implemented.
     * It's also probably too expensive to implement a complete IpSpace subset operation, so we'll
     * stick to the easy and most important case.
     */
    List<AclIpSpaceLine> simplifiedLines = new ArrayList<>();
    for (AclIpSpaceLine line : aclIpSpace.getLines()) {
        IpSpace simplifiedLineIpSpace = line.getIpSpace().accept(this);
        if (simplifiedLineIpSpace == EmptyIpSpace.INSTANCE) {
            continue;
        }
        AclIpSpaceLine simplifiedLine = line.rebuild().setIpSpace(simplifiedLineIpSpace).build();
        simplifiedLines.add(simplifiedLine);
        if (simplifiedLineIpSpace == UniverseIpSpace.INSTANCE) {
            break;
        }
    }
    /*
     * If there is only one line, and it accepts, then simplify to the space of that line.
     */
    if (simplifiedLines.size() == 1 && simplifiedLines.get(0).getAction() == LineAction.ACCEPT) {
        return simplifiedLines.get(0).getIpSpace();
    }
    /*
     * If all lines reject (or there are no lines), simplify to EmptyIpSpace.
     */
    if (simplifiedLines.stream().allMatch(line -> line.getAction() == LineAction.REJECT)) {
        return EmptyIpSpace.INSTANCE;
    }
    /*
     * If all lines are accepts, and the last accepts UniverseIpSpace, then this can be simplified
     * to UniverseIpSpace.
     */
    if (simplifiedLines.get(simplifiedLines.size() - 1).getIpSpace() == UniverseIpSpace.INSTANCE && simplifiedLines.stream().allMatch(line -> line.getAction() == LineAction.ACCEPT)) {
        return UniverseIpSpace.INSTANCE;
    }
    return AclIpSpace.builder().setLines(simplifiedLines).build();
}
Also used : AclIpSpaceLine(org.batfish.datamodel.AclIpSpaceLine) AclIpSpaceLine(org.batfish.datamodel.AclIpSpaceLine) Set(java.util.Set) IpSpace(org.batfish.datamodel.IpSpace) Collectors(java.util.stream.Collectors) ArrayList(java.util.ArrayList) IpWildcardSetIpSpace(org.batfish.datamodel.IpWildcardSetIpSpace) List(java.util.List) AclIpSpace(org.batfish.datamodel.AclIpSpace) EmptyIpSpace(org.batfish.datamodel.EmptyIpSpace) GenericIpSpaceVisitor(org.batfish.datamodel.visitors.GenericIpSpaceVisitor) LineAction(org.batfish.datamodel.LineAction) UniverseIpSpace(org.batfish.datamodel.UniverseIpSpace) IpWildcard(org.batfish.datamodel.IpWildcard) Ip(org.batfish.datamodel.Ip) Prefix(org.batfish.datamodel.Prefix) IpSpace(org.batfish.datamodel.IpSpace) IpWildcardSetIpSpace(org.batfish.datamodel.IpWildcardSetIpSpace) AclIpSpace(org.batfish.datamodel.AclIpSpace) EmptyIpSpace(org.batfish.datamodel.EmptyIpSpace) UniverseIpSpace(org.batfish.datamodel.UniverseIpSpace) ArrayList(java.util.ArrayList)

Example 2 with AclIpSpace

use of org.batfish.datamodel.AclIpSpace in project batfish by batfish.

the class IpSpaceBooleanExprTransformerTest method testVisitAclIpSpace.

@Test
public void testVisitAclIpSpace() {
    AclIpSpace ipSpace = AclIpSpace.builder().thenRejecting(UniverseIpSpace.INSTANCE).thenPermitting(EmptyIpSpace.INSTANCE).build();
    BooleanExpr expr = ipSpace.accept(SRC_IP_SPACE_BOOLEAN_EXPR_TRANSFORMER);
    assertThat(expr, equalTo(new IfThenElse(// Matches UniverseIpSpace
    TrueExpr.INSTANCE, // Reject
    FalseExpr.INSTANCE, new IfThenElse(// Matches EmptyIpSpace
    FalseExpr.INSTANCE, // Accept
    TrueExpr.INSTANCE, // Matches nothing so reject
    FalseExpr.INSTANCE))));
}
Also used : AclIpSpace(org.batfish.datamodel.AclIpSpace) IfThenElse(org.batfish.z3.expr.IfThenElse) BooleanExpr(org.batfish.z3.expr.BooleanExpr) Test(org.junit.Test)

Example 3 with AclIpSpace

use of org.batfish.datamodel.AclIpSpace in project batfish by batfish.

the class IpSpaceSpecializerTest method testSpecializeAclIpSpace.

@Test
public void testSpecializeAclIpSpace() {
    AclIpSpace ipSpace = AclIpSpace.builder().thenPermitting(Prefix.parse("0.0.1.0/24")).thenRejecting(Prefix.parse("0.0.1.4/30")).thenPermitting(Prefix.parse("0.0.1.6/31")).build();
    assertThat(trivialSpecializer.visitAclIpSpace(ipSpace), equalTo(ipSpace));
    assertThat(whitelistAnySpecializer.visitAclIpSpace(ipSpace), equalTo(ipSpace));
    assertThat(blacklistAnySpecializer.visitAclIpSpace(ipSpace), equalTo(AclIpSpace.builder().thenPermitting(EmptyIpSpace.INSTANCE).thenRejecting(EmptyIpSpace.INSTANCE).thenPermitting(EmptyIpSpace.INSTANCE).build()));
    // headerspace is contained in all lines
    IpSpaceSpecializer specializer = new IpSpaceSpecializer(ImmutableSortedSet.of(new IpWildcard("0.0.1.6/32")), ImmutableSortedSet.of());
    assertThat(specializer.visitAclIpSpace(ipSpace), equalTo(AclIpSpace.builder().thenPermitting(UniverseIpSpace.INSTANCE).thenRejecting(UniverseIpSpace.INSTANCE).thenPermitting(UniverseIpSpace.INSTANCE).build()));
    // headerspace is outside of all lines
    specializer = new IpSpaceSpecializer(ImmutableSortedSet.of(new IpWildcard("1.1.1.1/32")), ImmutableSortedSet.of());
    assertThat(specializer.visitAclIpSpace(ipSpace), equalTo(AclIpSpace.builder().thenPermitting(EmptyIpSpace.INSTANCE).thenRejecting(EmptyIpSpace.INSTANCE).thenPermitting(EmptyIpSpace.INSTANCE).build()));
    // not contained in any line, and intersects the first only
    specializer = new IpSpaceSpecializer(ImmutableSortedSet.of(new IpWildcard(new Ip(0x00000100L), new Ip(0xFF0FFF00L))), ImmutableSortedSet.of());
    assertThat(specializer.visitAclIpSpace(ipSpace), equalTo(AclIpSpace.builder().thenPermitting(Prefix.parse("0.0.1.0/24")).thenRejecting(EmptyIpSpace.INSTANCE).thenPermitting(EmptyIpSpace.INSTANCE).build()));
}
Also used : IpWildcard(org.batfish.datamodel.IpWildcard) AclIpSpace(org.batfish.datamodel.AclIpSpace) Ip(org.batfish.datamodel.Ip) Test(org.junit.Test)

Aggregations

AclIpSpace (org.batfish.datamodel.AclIpSpace)3 Ip (org.batfish.datamodel.Ip)2 IpWildcard (org.batfish.datamodel.IpWildcard)2 Test (org.junit.Test)2 ArrayList (java.util.ArrayList)1 List (java.util.List)1 Set (java.util.Set)1 Collectors (java.util.stream.Collectors)1 AclIpSpaceLine (org.batfish.datamodel.AclIpSpaceLine)1 EmptyIpSpace (org.batfish.datamodel.EmptyIpSpace)1 IpSpace (org.batfish.datamodel.IpSpace)1 IpWildcardSetIpSpace (org.batfish.datamodel.IpWildcardSetIpSpace)1 LineAction (org.batfish.datamodel.LineAction)1 Prefix (org.batfish.datamodel.Prefix)1 UniverseIpSpace (org.batfish.datamodel.UniverseIpSpace)1 GenericIpSpaceVisitor (org.batfish.datamodel.visitors.GenericIpSpaceVisitor)1 BooleanExpr (org.batfish.z3.expr.BooleanExpr)1 IfThenElse (org.batfish.z3.expr.IfThenElse)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial