Example 26 with IpAccessListLine
use of org.batfish.datamodel.IpAccessListLine in project batfish by batfish.
the class BdpDataPlanePluginTest method makeAcl.
private static IpAccessList makeAcl(String name, LineAction action) {
IpAccessListLine aclLine = new IpAccessListLine();
aclLine.setAction(action);
return new IpAccessList(name, singletonList(aclLine));
}
Also used :
IpAccessListLine(org.batfish.datamodel.IpAccessListLine)
IpAccessList(org.batfish.datamodel.IpAccessList)
Example 27 with IpAccessListLine
use of org.batfish.datamodel.IpAccessListLine in project batfish by batfish.
the class IpAccessListSpecializerTest method testSpecializeIpAccessListLine_singleDst.
@Test
public void testSpecializeIpAccessListLine_singleDst() {
IpAccessListLine ipAccessListLine = IpAccessListLine.builder().setDstIps(ImmutableSet.of(new IpWildcard("1.2.3.0/24"))).build();
assertThat(TRIVIAL_SPECIALIZER.specialize(ipAccessListLine), equalTo(Optional.of(ipAccessListLine)));
assertThat(BLACKLIST_ANY_DST_SPECIALIZER.specialize(ipAccessListLine), equalTo(Optional.empty()));
assertThat(WHITELIST_ANY_DST_SPECIALIZER.specialize(ipAccessListLine), equalTo(Optional.of(ipAccessListLine)));
assertThat(BLACKLIST_ANY_SRC_SPECIALIZER.specialize(ipAccessListLine), equalTo(Optional.empty()));
assertThat(WHITELIST_ANY_SRC_SPECIALIZER.specialize(ipAccessListLine), equalTo(Optional.of(ipAccessListLine)));
// specialize to a headerspace that whitelists part of the dstIp
IpAccessListSpecializer specializer = new IpAccessListSpecializer(IpAccessListLine.builder().setDstIps(ImmutableSet.of(new IpWildcard("1.2.3.4"))).build());
assertThat(specializer.specialize(ipAccessListLine), equalTo(Optional.of(ALWAYS_TRUE_LINE)));
// specialize to a headerspace that blacklists part of the dstIp
specializer = new IpAccessListSpecializer(IpAccessListLine.builder().setNotDstIps(ImmutableSet.of(new IpWildcard("1.2.3.4"))).build());
assertThat(specializer.specialize(ipAccessListLine), equalTo(Optional.of(ipAccessListLine)));
}
Also used :
IpWildcard(org.batfish.datamodel.IpWildcard)
IpAccessListLine(org.batfish.datamodel.IpAccessListLine)
Test(org.junit.Test)
Example 28 with IpAccessListLine
use of org.batfish.datamodel.IpAccessListLine in project batfish by batfish.
the class IpAccessListSpecializerTest method testSpecializeIpAccessListLine_singleSrc.
@Test
public void testSpecializeIpAccessListLine_singleSrc() {
IpAccessListLine ipAccessListLine = IpAccessListLine.builder().setSrcIps(ImmutableSet.of(new IpWildcard("1.2.3.0/24"))).build();
assertThat(TRIVIAL_SPECIALIZER.specialize(ipAccessListLine), equalTo(Optional.of(ipAccessListLine)));
assertThat(BLACKLIST_ANY_DST_SPECIALIZER.specialize(ipAccessListLine), equalTo(Optional.empty()));
assertThat(WHITELIST_ANY_DST_SPECIALIZER.specialize(ipAccessListLine), equalTo(Optional.of(ipAccessListLine)));
assertThat(BLACKLIST_ANY_SRC_SPECIALIZER.specialize(ipAccessListLine), equalTo(Optional.empty()));
assertThat(WHITELIST_ANY_SRC_SPECIALIZER.specialize(ipAccessListLine), equalTo(Optional.of(ipAccessListLine)));
// specialize to a headerspace that whitelists part of the srcIp
IpAccessListSpecializer specializer = new IpAccessListSpecializer(IpAccessListLine.builder().setSrcIps(ImmutableSet.of(new IpWildcard("1.2.3.4"))).build());
assertThat(specializer.specialize(ipAccessListLine), equalTo(Optional.of(ALWAYS_TRUE_LINE)));
// specialize to a headerspace that blacklists part of the srcIp
specializer = new IpAccessListSpecializer(IpAccessListLine.builder().setNotSrcIps(ImmutableSet.of(new IpWildcard("1.2.3.4"))).build());
assertThat(specializer.specialize(ipAccessListLine), equalTo(Optional.of(ipAccessListLine)));
}
Also used :
IpWildcard(org.batfish.datamodel.IpWildcard)
IpAccessListLine(org.batfish.datamodel.IpAccessListLine)
Test(org.junit.Test)
Example 29 with IpAccessListLine
use of org.batfish.datamodel.IpAccessListLine in project batfish by batfish.
the class SynthesizerInputImplTest method testComputeAclConditions.
@Test
public void testComputeAclConditions() {
Configuration c = _cb.build();
IpAccessList aclWithoutLines = _aclb.setOwner(c).build();
_acllb.setAction(LineAction.ACCEPT);
IpAccessList aclWithLines = _aclb.setLines(ImmutableList.<IpAccessListLine>of(_acllb.setDstIps(ImmutableSet.of(new IpWildcard(new Ip("1.2.3.4")))).build(), _acllb.setDstIps(ImmutableSet.of(new IpWildcard(new Ip("5.6.7.8")))).build())).build();
SynthesizerInput input = _inputBuilder.setConfigurations(ImmutableMap.of(c.getName(), c)).build();
assertThat(input, hasAclConditions(equalTo(ImmutableMap.of(c.getName(), ImmutableMap.of(aclWithoutLines.getName(), ImmutableList.of(), aclWithLines.getName(), ImmutableList.of(new HeaderSpaceMatchExpr(aclWithLines.getLines().get(0)), new HeaderSpaceMatchExpr(aclWithLines.getLines().get(1))))))));
Configuration srcNode = _cb.build();
Configuration nextHop = _cb.build();
Vrf srcVrf = _vb.setOwner(srcNode).build();
Vrf nextHopVrf = _vb.setOwner(nextHop).build();
Ip ip11 = new Ip("1.0.0.0");
Ip ip12 = new Ip("1.0.0.10");
Ip ip21 = new Ip("2.0.0.0");
Ip ip22 = new Ip("2.0.0.10");
IpAccessList sourceNat1Acl = _aclb.setLines(ImmutableList.of()).setOwner(srcNode).build();
IpAccessList sourceNat2Acl = _aclb.build();
SourceNat sourceNat1 = _snb.setPoolIpFirst(ip11).setPoolIpLast(ip12).setAcl(sourceNat1Acl).build();
SourceNat sourceNat2 = _snb.setPoolIpFirst(ip21).setPoolIpLast(ip22).setAcl(sourceNat2Acl).build();
Interface srcInterfaceZeroSourceNats = _ib.setOwner(srcNode).setVrf(srcVrf).setSourceNats(ImmutableList.of()).build();
Interface srcInterfaceOneSourceNat = _ib.setSourceNats(ImmutableList.of(sourceNat1)).build();
Interface srcInterfaceTwoSourceNats = _ib.setSourceNats(ImmutableList.of(sourceNat1, sourceNat2)).build();
Interface nextHopInterface = _ib.setOwner(nextHop).setVrf(nextHopVrf).setSourceNats(ImmutableList.of()).build();
Edge forwardEdge1 = new Edge(srcInterfaceZeroSourceNats, nextHopInterface);
Edge forwardEdge2 = new Edge(srcInterfaceOneSourceNat, nextHopInterface);
Edge forwardEdge3 = new Edge(srcInterfaceTwoSourceNats, nextHopInterface);
Edge backEdge1 = new Edge(nextHopInterface, srcInterfaceZeroSourceNats);
Edge backEdge2 = new Edge(nextHopInterface, srcInterfaceOneSourceNat);
Edge backEdge3 = new Edge(nextHopInterface, srcInterfaceTwoSourceNats);
SynthesizerInput inputWithDataPlane = _inputBuilder.setConfigurations(ImmutableMap.of(srcNode.getName(), srcNode, nextHop.getName(), nextHop)).setForwardingAnalysis(MockForwardingAnalysis.builder().build()).setTopology(new Topology(ImmutableSortedSet.of(forwardEdge1, forwardEdge2, forwardEdge3, backEdge1, backEdge2, backEdge3))).build();
assertThat(inputWithDataPlane, hasAclConditions(equalTo(ImmutableMap.of(srcNode.getName(), ImmutableMap.of(sourceNat1Acl.getName(), ImmutableList.of(), sourceNat2Acl.getName(), ImmutableList.of()), nextHop.getName(), ImmutableMap.of()))));
}
Also used :
IpWildcard(org.batfish.datamodel.IpWildcard)
SourceNat(org.batfish.datamodel.SourceNat)
Configuration(org.batfish.datamodel.Configuration)
Ip(org.batfish.datamodel.Ip)
IpAccessListLine(org.batfish.datamodel.IpAccessListLine)
IpAccessList(org.batfish.datamodel.IpAccessList)
HeaderSpaceMatchExpr(org.batfish.z3.expr.HeaderSpaceMatchExpr)
Vrf(org.batfish.datamodel.Vrf)
Topology(org.batfish.datamodel.Topology)
Edge(org.batfish.datamodel.Edge)
SynthesizerInputMatchers.hasArpTrueEdge(org.batfish.z3.matchers.SynthesizerInputMatchers.hasArpTrueEdge)
Interface(org.batfish.datamodel.Interface)
Test(org.junit.Test)
Example 30 with IpAccessListLine
use of org.batfish.datamodel.IpAccessListLine in project batfish by batfish.
the class SecurityGroupsTest method testSinglePort.
@Test
public void testSinglePort() throws JSONException {
SecurityGroup sg = new SecurityGroup(_securityGroups.getJSONObject(0), null);
List<IpAccessListLine> inboundRules = new LinkedList<>();
List<IpAccessListLine> outboundRules = new LinkedList<>();
sg.addInOutAccessLines(inboundRules, outboundRules, _region);
assertThat(inboundRules, equalTo(ImmutableList.of(IpAccessListLine.builder().setAction(LineAction.ACCEPT).setIpProtocols(Sets.newHashSet(IpProtocol.TCP)).setSrcIps(Sets.newHashSet(new IpWildcard("1.2.3.4/32"))).setDstPorts(Sets.newHashSet(new SubRange(22, 22))).build(), _rejectSynOnly, _allowAllReverseOutboundRule)));
}
Also used :
IpWildcard(org.batfish.datamodel.IpWildcard)
IpAccessListLine(org.batfish.datamodel.IpAccessListLine)
SubRange(org.batfish.datamodel.SubRange)
LinkedList(java.util.LinkedList)
Test(org.junit.Test)
Aggregations
IpAccessListLine (org.batfish.datamodel.IpAccessListLine)35
IpWildcard (org.batfish.datamodel.IpWildcard)17
Test (org.junit.Test)17
IpAccessList (org.batfish.datamodel.IpAccessList)15
LinkedList (java.util.LinkedList)13
SubRange (org.batfish.datamodel.SubRange)12
Configuration (org.batfish.datamodel.Configuration)8
ImmutableList (com.google.common.collect.ImmutableList)6
ArrayList (java.util.ArrayList)6
Interface (org.batfish.datamodel.Interface)6
Set (java.util.Set)5
BatfishException (org.batfish.common.BatfishException)5
Ip (org.batfish.datamodel.Ip)5
LineAction (org.batfish.datamodel.LineAction)5
IpProtocol (org.batfish.datamodel.IpProtocol)4
HashSet (java.util.HashSet)3
List (java.util.List)3
Map (java.util.Map)3
TreeMap (java.util.TreeMap)3
Prefix (org.batfish.datamodel.Prefix)3
