Examples with IpAccessListLine org.batfish.datamodel.IpAccessListLine used on opensource projects

Search in sources :

Example 11 with IpAccessListLine

use of org.batfish.datamodel.IpAccessListLine in project batfish by batfish.

the class EarliestMoreGeneralReachableLineQuerySynthesizer method getReachabilityProgram.

@Override
public ReachabilityProgram getReachabilityProgram(SynthesizerInput input) {
    int unreachableLineIndex = _unreachableLine.getLine();
    IpAccessListLine unreachableLine = _list.getLines().get(unreachableLineIndex);
    BooleanExpr matchUnreachableLineHeaderSpace = new HeaderSpaceMatchExpr(unreachableLine);
    ImmutableList.Builder<QueryStatement> queries = ImmutableList.builder();
    ImmutableList.Builder<RuleStatement> rules = ImmutableList.builder();
    for (AclLine earlierReachableLine : _earlierReachableLines) {
        int earlierLineIndex = earlierReachableLine.getLine();
        IpAccessListLine earlierLine = _list.getLines().get(earlierLineIndex);
        BooleanExpr matchEarlierLineHeaderSpace = new HeaderSpaceMatchExpr(earlierLine);
        NumberedQuery queryRel = new NumberedQuery(earlierLineIndex);
        rules.add(new BasicRuleStatement(new AndExpr(ImmutableList.of(new NotExpr(matchEarlierLineHeaderSpace), matchUnreachableLineHeaderSpace, SaneExpr.INSTANCE)), queryRel));
        QueryStatement query = new QueryStatement(queryRel);
        queries.add(query);
        _resultsByQueryIndex.add(earlierLineIndex);
    }
    return ReachabilityProgram.builder().setInput(input).setQueries(queries.build()).setRules(rules.build()).build();
}
Also used : AndExpr(org.batfish.z3.expr.AndExpr) NumberedQuery(org.batfish.z3.state.NumberedQuery) ImmutableList(com.google.common.collect.ImmutableList) BasicRuleStatement(org.batfish.z3.expr.BasicRuleStatement) BasicRuleStatement(org.batfish.z3.expr.BasicRuleStatement) RuleStatement(org.batfish.z3.expr.RuleStatement) IpAccessListLine(org.batfish.datamodel.IpAccessListLine) HeaderSpaceMatchExpr(org.batfish.z3.expr.HeaderSpaceMatchExpr) QueryStatement(org.batfish.z3.expr.QueryStatement) NotExpr(org.batfish.z3.expr.NotExpr) BooleanExpr(org.batfish.z3.expr.BooleanExpr)

Example 12 with IpAccessListLine

use of org.batfish.datamodel.IpAccessListLine in project batfish by batfish.

the class ElasticsearchDomainTest method testSecurityGroupsAcl.

@Test
public void testSecurityGroupsAcl() throws IOException {
    Map<String, Configuration> configurations = loadAwsConfigurations();
    assertThat(configurations, hasKey("es-domain"));
    assertThat(configurations.get("es-domain").getInterfaces().entrySet(), hasSize(2));
    IpAccessListLine rejectSynOnly = IpAccessListLine.builder().setTcpFlags(ImmutableSet.of(TcpFlags.SYN_ONLY)).setAction(LineAction.REJECT).build();
    IpAccessList expectedIncomingFilter = new IpAccessList("~SECURITY_GROUP_INGRESS_ACL~", Lists.newArrayList(IpAccessListLine.builder().setAction(LineAction.ACCEPT).setIpProtocols(Sets.newHashSet(IpProtocol.TCP)).setSrcIps(Sets.newHashSet(new IpWildcard("1.2.3.4/32"), new IpWildcard("10.193.16.105/32"))).setDstPorts(Sets.newHashSet(new SubRange(45, 50))).build(), rejectSynOnly, IpAccessListLine.builder().setAction(LineAction.ACCEPT).setSrcIps(Sets.newHashSet(new IpWildcard("0.0.0.0/0"))).build()));
    IpAccessList expectedOutgoingFilter = new IpAccessList("~SECURITY_GROUP_EGRESS_ACL~", Lists.newArrayList(IpAccessListLine.builder().setAction(LineAction.ACCEPT).setDstIps(Sets.newHashSet(new IpWildcard("0.0.0.0/0"))).build(), rejectSynOnly, IpAccessListLine.builder().setAction(LineAction.ACCEPT).setIpProtocols(Sets.newHashSet(IpProtocol.TCP)).setDstIps(Sets.newHashSet(new IpWildcard("1.2.3.4/32"), new IpWildcard("10.193.16.105/32"))).setSrcPorts(Sets.newHashSet(new SubRange(45, 50))).build()));
    for (Interface iface : configurations.get("es-domain").getInterfaces().values()) {
        assertThat(iface.getIncomingFilter(), equalTo(expectedIncomingFilter));
        assertThat(iface.getOutgoingFilter(), equalTo(expectedOutgoingFilter));
    }
}
Also used : IpWildcard(org.batfish.datamodel.IpWildcard) Configuration(org.batfish.datamodel.Configuration) IpAccessListLine(org.batfish.datamodel.IpAccessListLine) IpAccessList(org.batfish.datamodel.IpAccessList) SubRange(org.batfish.datamodel.SubRange) Interface(org.batfish.datamodel.Interface) Test(org.junit.Test)

Example 13 with IpAccessListLine

use of org.batfish.datamodel.IpAccessListLine in project batfish by batfish.

the class RdsInstanceTest method testSecurityGroupsAcl.

@Test
public void testSecurityGroupsAcl() throws IOException {
    Map<String, Configuration> configurations = loadAwsConfigurations();
    assertThat(configurations, hasKey("test-rds"));
    assertThat(configurations.get("test-rds").getInterfaces().entrySet(), hasSize(2));
    IpAccessListLine rejectSynOnly = IpAccessListLine.builder().setTcpFlags(ImmutableSet.of(TcpFlags.SYN_ONLY)).setAction(LineAction.REJECT).build();
    IpAccessList expectedIncomingFilter = new IpAccessList("~SECURITY_GROUP_INGRESS_ACL~", Lists.newArrayList(IpAccessListLine.builder().setAction(LineAction.ACCEPT).setIpProtocols(Sets.newHashSet(IpProtocol.TCP)).setSrcIps(Sets.newHashSet(new IpWildcard("1.2.3.4/32"), new IpWildcard("10.193.16.105/32"))).setDstPorts(Sets.newHashSet(new SubRange(45, 50))).build(), rejectSynOnly, IpAccessListLine.builder().setAction(LineAction.ACCEPT).setSrcIps(Sets.newHashSet(new IpWildcard("0.0.0.0/0"))).build()));
    IpAccessList expectedOutgoingFilter = new IpAccessList("~SECURITY_GROUP_EGRESS_ACL~", Lists.newArrayList(IpAccessListLine.builder().setAction(LineAction.ACCEPT).setDstIps(Sets.newHashSet(new IpWildcard("0.0.0.0/0"))).build(), rejectSynOnly, IpAccessListLine.builder().setAction(LineAction.ACCEPT).setIpProtocols(Sets.newHashSet(IpProtocol.TCP)).setDstIps(Sets.newHashSet(new IpWildcard("1.2.3.4/32"), new IpWildcard("10.193.16.105/32"))).setSrcPorts(Sets.newHashSet(new SubRange(45, 50))).build()));
    for (Interface iface : configurations.get("test-rds").getInterfaces().values()) {
        assertThat(iface.getIncomingFilter(), equalTo(expectedIncomingFilter));
        assertThat(iface.getOutgoingFilter(), equalTo(expectedOutgoingFilter));
    }
}
Also used : IpWildcard(org.batfish.datamodel.IpWildcard) Configuration(org.batfish.datamodel.Configuration) IpAccessListLine(org.batfish.datamodel.IpAccessListLine) IpAccessList(org.batfish.datamodel.IpAccessList) SubRange(org.batfish.datamodel.SubRange) Interface(org.batfish.datamodel.Interface) Test(org.junit.Test)

Example 14 with IpAccessListLine

use of org.batfish.datamodel.IpAccessListLine in project batfish by batfish.

the class SecurityGroupsTest method testEndHalfOpenInterval.

@Test
public void testEndHalfOpenInterval() throws JSONException {
    SecurityGroup sg = new SecurityGroup(_securityGroups.getJSONObject(2), null);
    List<IpAccessListLine> inboundRules = new LinkedList<>();
    List<IpAccessListLine> outboundRules = new LinkedList<>();
    sg.addInOutAccessLines(inboundRules, outboundRules, _region);
    assertThat(inboundRules, equalTo(ImmutableList.of(IpAccessListLine.builder().setAction(LineAction.ACCEPT).setIpProtocols(Sets.newHashSet(IpProtocol.TCP)).setSrcIps(Sets.newHashSet(new IpWildcard("1.2.3.4/32"))).setDstPorts(Sets.newHashSet(new SubRange(65530, 65535))).build(), _rejectSynOnly, _allowAllReverseOutboundRule)));
}
Also used : IpWildcard(org.batfish.datamodel.IpWildcard) IpAccessListLine(org.batfish.datamodel.IpAccessListLine) SubRange(org.batfish.datamodel.SubRange) LinkedList(java.util.LinkedList) Test(org.junit.Test)

Example 15 with IpAccessListLine

use of org.batfish.datamodel.IpAccessListLine in project batfish by batfish.

the class SecurityGroupsTest method testInvalidStartInterval.

@Test
public void testInvalidStartInterval() throws JSONException {
    SecurityGroup sg = new SecurityGroup(_securityGroups.getJSONObject(6), null);
    List<IpAccessListLine> inboundRules = new LinkedList<>();
    List<IpAccessListLine> outboundRules = new LinkedList<>();
    sg.addInOutAccessLines(inboundRules, outboundRules, _region);
    assertThat(inboundRules, equalTo(ImmutableList.of(IpAccessListLine.builder().setAction(LineAction.ACCEPT).setIpProtocols(Sets.newHashSet(IpProtocol.TCP)).setSrcIps(Sets.newHashSet(new IpWildcard("1.2.3.4/32"))).setDstPorts(Sets.newHashSet(new SubRange(0, 50))).build(), _rejectSynOnly, _allowAllReverseOutboundRule)));
}
Also used : IpWildcard(org.batfish.datamodel.IpWildcard) IpAccessListLine(org.batfish.datamodel.IpAccessListLine) SubRange(org.batfish.datamodel.SubRange) LinkedList(java.util.LinkedList) Test(org.junit.Test)

Aggregations

IpAccessListLine (org.batfish.datamodel.IpAccessListLine)35 IpWildcard (org.batfish.datamodel.IpWildcard)17 Test (org.junit.Test)17 IpAccessList (org.batfish.datamodel.IpAccessList)15 LinkedList (java.util.LinkedList)13 SubRange (org.batfish.datamodel.SubRange)12 Configuration (org.batfish.datamodel.Configuration)8 ImmutableList (com.google.common.collect.ImmutableList)6 ArrayList (java.util.ArrayList)6 Interface (org.batfish.datamodel.Interface)6 Set (java.util.Set)5 BatfishException (org.batfish.common.BatfishException)5 Ip (org.batfish.datamodel.Ip)5 LineAction (org.batfish.datamodel.LineAction)5 IpProtocol (org.batfish.datamodel.IpProtocol)4 HashSet (java.util.HashSet)3 List (java.util.List)3 Map (java.util.Map)3 TreeMap (java.util.TreeMap)3 Prefix (org.batfish.datamodel.Prefix)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial