Examples with IpAccessListLine org.batfish.datamodel.IpAccessListLine used on opensource projects

Search in sources :

Example 31 with IpAccessListLine

use of org.batfish.datamodel.IpAccessListLine in project batfish by batfish.

the class SecurityGroupsTest method testStatefulTcpRules.

@Test
public void testStatefulTcpRules() throws JSONException {
    SecurityGroup sg = new SecurityGroup(_securityGroups.getJSONObject(8), null);
    List<IpAccessListLine> inboundRules = new LinkedList<>();
    List<IpAccessListLine> outboundRules = new LinkedList<>();
    sg.addInOutAccessLines(inboundRules, outboundRules, _region);
    assertThat(inboundRules, equalTo(ImmutableList.of(IpAccessListLine.builder().setAction(LineAction.ACCEPT).setIpProtocols(Sets.newHashSet(IpProtocol.TCP)).setSrcIps(Sets.newHashSet(new IpWildcard("1.2.3.4/32"))).setDstPorts(Sets.newHashSet(new SubRange(22, 22))).build(), _rejectSynOnly, // reverse of outbound rule
    IpAccessListLine.builder().setAction(LineAction.ACCEPT).setIpProtocols(Sets.newHashSet(IpProtocol.TCP)).setSrcIps(Sets.newHashSet(new IpWildcard("5.6.7.8/32"))).setSrcPorts(Sets.newHashSet(new SubRange(80, 80))).build())));
    assertThat(outboundRules, equalTo(ImmutableList.of(IpAccessListLine.builder().setAction(LineAction.ACCEPT).setIpProtocols(Sets.newHashSet(IpProtocol.TCP)).setDstIps(Sets.newHashSet(new IpWildcard("5.6.7.8/32"))).setDstPorts(Sets.newHashSet(new SubRange(80, 80))).build(), _rejectSynOnly, // reverse of inbound rule
    IpAccessListLine.builder().setAction(LineAction.ACCEPT).setIpProtocols(Sets.newHashSet(IpProtocol.TCP)).setDstIps(Sets.newHashSet(new IpWildcard("1.2.3.4/32"))).setSrcPorts(Sets.newHashSet(new SubRange(22, 22))).build())));
}
Also used : IpWildcard(org.batfish.datamodel.IpWildcard) IpAccessListLine(org.batfish.datamodel.IpAccessListLine) SubRange(org.batfish.datamodel.SubRange) LinkedList(java.util.LinkedList) Test(org.junit.Test)

Example 32 with IpAccessListLine

use of org.batfish.datamodel.IpAccessListLine in project batfish by batfish.

the class SecurityGroupsTest method testDeniedSynOnlyResponse.

@Test
public void testDeniedSynOnlyResponse() throws JSONException {
    SecurityGroup sg = new SecurityGroup(_securityGroups.getJSONObject(8), null);
    List<IpAccessListLine> inboundRules = new LinkedList<>();
    List<IpAccessListLine> outboundRules = new LinkedList<>();
    sg.addInOutAccessLines(inboundRules, outboundRules, _region);
    IpAccessList outFilter = new IpAccessList(TEST_ACL, outboundRules);
    // flow containing SYN and ~ACK should be rejected
    _flowBuilder.setDstIp(new Ip("1.2.3.4"));
    _flowBuilder.setSrcPort(22);
    _flowBuilder.setTcpFlagsAck(0);
    _flowBuilder.setTcpFlagsSyn(1);
    assertThat(outFilter.filter(_flowBuilder.build()).getAction(), equalTo(LineAction.REJECT));
}
Also used : Ip(org.batfish.datamodel.Ip) IpAccessListLine(org.batfish.datamodel.IpAccessListLine) IpAccessList(org.batfish.datamodel.IpAccessList) LinkedList(java.util.LinkedList) Test(org.junit.Test)

Example 33 with IpAccessListLine

use of org.batfish.datamodel.IpAccessListLine in project batfish by batfish.

the class SecurityGroupsTest method testBeginningHalfOpenInterval.

@Test
public void testBeginningHalfOpenInterval() throws JSONException {
    SecurityGroup sg = new SecurityGroup(_securityGroups.getJSONObject(1), null);
    List<IpAccessListLine> inboundRules = new LinkedList<>();
    List<IpAccessListLine> outboundRules = new LinkedList<>();
    sg.addInOutAccessLines(inboundRules, outboundRules, _region);
    assertThat(inboundRules, equalTo(ImmutableList.of(IpAccessListLine.builder().setAction(LineAction.ACCEPT).setIpProtocols(Sets.newHashSet(IpProtocol.TCP)).setSrcIps(Sets.newHashSet(new IpWildcard("1.2.3.4/32"))).setDstPorts(Sets.newHashSet(new SubRange(0, 22))).build(), _rejectSynOnly, _allowAllReverseOutboundRule)));
}
Also used : IpWildcard(org.batfish.datamodel.IpWildcard) IpAccessListLine(org.batfish.datamodel.IpAccessListLine) SubRange(org.batfish.datamodel.SubRange) LinkedList(java.util.LinkedList) Test(org.junit.Test)

Example 34 with IpAccessListLine

use of org.batfish.datamodel.IpAccessListLine in project batfish by batfish.

the class SecurityGroupsTest method testAllowedSynAckResponse.

@Test
public void testAllowedSynAckResponse() throws JSONException {
    SecurityGroup sg = new SecurityGroup(_securityGroups.getJSONObject(8), null);
    List<IpAccessListLine> inboundRules = new LinkedList<>();
    List<IpAccessListLine> outboundRules = new LinkedList<>();
    sg.addInOutAccessLines(inboundRules, outboundRules, _region);
    IpAccessList outFilter = new IpAccessList(TEST_ACL, outboundRules);
    // flow containing SYN and ACK should be accepted
    _flowBuilder.setDstIp(new Ip("1.2.3.4"));
    _flowBuilder.setSrcPort(22);
    _flowBuilder.setTcpFlagsAck(1);
    _flowBuilder.setTcpFlagsSyn(1);
    assertThat(outFilter.filter(_flowBuilder.build()).getAction(), equalTo(LineAction.ACCEPT));
}
Also used : Ip(org.batfish.datamodel.Ip) IpAccessListLine(org.batfish.datamodel.IpAccessListLine) IpAccessList(org.batfish.datamodel.IpAccessList) LinkedList(java.util.LinkedList) Test(org.junit.Test)

Example 35 with IpAccessListLine

use of org.batfish.datamodel.IpAccessListLine in project batfish by batfish.

the class SecurityGroupsTest method testInvalidEndInterval.

@Test
public void testInvalidEndInterval() throws JSONException {
    SecurityGroup sg = new SecurityGroup(_securityGroups.getJSONObject(7), null);
    List<IpAccessListLine> inboundRules = new LinkedList<>();
    List<IpAccessListLine> outboundRules = new LinkedList<>();
    sg.addInOutAccessLines(inboundRules, outboundRules, _region);
    assertThat(inboundRules, equalTo(ImmutableList.of(IpAccessListLine.builder().setAction(LineAction.ACCEPT).setIpProtocols(Sets.newHashSet(IpProtocol.TCP)).setSrcIps(Sets.newHashSet(new IpWildcard("1.2.3.4/32"))).setDstPorts(Sets.newHashSet(new SubRange(30, 65535))).build(), _rejectSynOnly, _allowAllReverseOutboundRule)));
}
Also used : IpWildcard(org.batfish.datamodel.IpWildcard) IpAccessListLine(org.batfish.datamodel.IpAccessListLine) SubRange(org.batfish.datamodel.SubRange) LinkedList(java.util.LinkedList) Test(org.junit.Test)

Aggregations

IpAccessListLine (org.batfish.datamodel.IpAccessListLine)35 IpWildcard (org.batfish.datamodel.IpWildcard)17 Test (org.junit.Test)17 IpAccessList (org.batfish.datamodel.IpAccessList)15 LinkedList (java.util.LinkedList)13 SubRange (org.batfish.datamodel.SubRange)12 Configuration (org.batfish.datamodel.Configuration)8 ImmutableList (com.google.common.collect.ImmutableList)6 ArrayList (java.util.ArrayList)6 Interface (org.batfish.datamodel.Interface)6 Set (java.util.Set)5 BatfishException (org.batfish.common.BatfishException)5 Ip (org.batfish.datamodel.Ip)5 LineAction (org.batfish.datamodel.LineAction)5 IpProtocol (org.batfish.datamodel.IpProtocol)4 HashSet (java.util.HashSet)3 List (java.util.List)3 Map (java.util.Map)3 TreeMap (java.util.TreeMap)3 Prefix (org.batfish.datamodel.Prefix)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial