Examples with IpWildcard org.batfish.datamodel.IpWildcard used on opensource projects

Example 51 with IpWildcard

use of org.batfish.datamodel.IpWildcard in project batfish by batfish.

the class NodJobTest method testNotNatted.

/**
 * Test that traffic originating from 3.0.0.1 is not NATed
 */
@Test
public void testNotNatted() {
    HeaderSpace headerSpace = new HeaderSpace();
    headerSpace.setSrcIps(ImmutableList.of(new IpWildcard("3.0.0.1")));
    NodJob nodJob = getNodJob(headerSpace);
    Context z3Context = new Context();
    SmtInput smtInput = nodJob.computeSmtInput(System.currentTimeMillis(), z3Context);
    Map<OriginateVrf, Map<String, Long>> fieldConstraintsByOriginateVrf = nodJob.getOriginateVrfConstraints(z3Context, smtInput);
    assertThat(fieldConstraintsByOriginateVrf.entrySet(), hasSize(1));
    assertThat(fieldConstraintsByOriginateVrf, hasKey(_originateVrf));
    Map<String, Long> fieldConstraints = fieldConstraintsByOriginateVrf.get(_originateVrf);
    assertThat(fieldConstraints, hasEntry(OriginateVrfInstrumentation.ORIGINATE_VRF_FIELD_NAME, new Long(0)));
    assertThat(smtInput._variablesAsConsts, hasKey("SRC_IP"));
    assertThat(fieldConstraints, hasKey(BasicHeaderField.SRC_IP.getName()));
    assertThat(fieldConstraints, hasEntry(BasicHeaderField.ORIG_SRC_IP.getName(), new Ip("3.0.0.1").asLong()));
    assertThat(fieldConstraints, hasEntry(BasicHeaderField.SRC_IP.getName(), new Ip("3.0.0.1").asLong()));
    Set<Flow> flows = nodJob.getFlows(fieldConstraintsByOriginateVrf);
    _bdpDataPlanePlugin.processFlows(flows, _dataPlane);
    List<FlowTrace> flowTraces = _bdpDataPlanePlugin.getHistoryFlowTraces(_dataPlane);
    flowTraces.forEach(trace -> {
        assertThat(trace.getNotes(), is("ACCEPTED"));
        List<FlowTraceHop> hops = trace.getHops();
        assertThat(hops, hasSize(1));
        FlowTraceHop hop = hops.get(0);
        assertThat(hop.getTransformedFlow(), nullValue());
    });
}

Example 52 with IpWildcard

use of org.batfish.datamodel.IpWildcard in project batfish by batfish.

the class NodJobTest method setupConfigs.

private void setupConfigs() {
    NetworkFactory nf = new NetworkFactory();
    Configuration.Builder cb = nf.configurationBuilder().setConfigurationFormat(ConfigurationFormat.CISCO_IOS);
    Interface.Builder ib = nf.interfaceBuilder().setActive(true).setBandwidth(1E9d);
    IpAccessList.Builder aclb = nf.aclBuilder();
    IpAccessListLine.Builder acllb = IpAccessListLine.builder();
    SourceNat.Builder snb = SourceNat.builder();
    Vrf.Builder vb = nf.vrfBuilder();
    _srcNode = cb.build();
    _dstNode = cb.build();
    _srcVrf = vb.setOwner(_srcNode).build();
    _originateVrf = new OriginateVrf(_srcNode.getHostname(), _srcVrf.getName());
    Vrf dstVrf = vb.setOwner(_dstNode).build();
    Prefix p1 = Prefix.parse("1.0.0.0/31");
    Ip poolIp1 = new Ip("1.0.0.10");
    // apply NAT to all packets
    IpAccessList sourceNat1Acl = aclb.setLines(ImmutableList.of(acllb.setSrcIps(ImmutableList.of(new IpWildcard("3.0.0.0/32"))).setAction(LineAction.ACCEPT).build())).setOwner(_srcNode).build();
    SourceNat sourceNat1 = // Would be easier to understand, and Nuno says it will likely be more efficient.
    snb.setPoolIpFirst(poolIp1).setPoolIpLast(poolIp1).setAcl(sourceNat1Acl).build();
    ib.setOwner(_srcNode).setVrf(_srcVrf).setAddress(new InterfaceAddress(p1.getStartIp(), p1.getPrefixLength())).setSourceNats(ImmutableList.of(sourceNat1)).build();
    ib.setOwner(_dstNode).setVrf(dstVrf).setAddress(new InterfaceAddress(p1.getEndIp(), p1.getPrefixLength())).setSourceNats(ImmutableList.of()).build();
    // For the destination
    Prefix pDest = Prefix.parse("2.0.0.0/32");
    ib.setOwner(_dstNode).setVrf(dstVrf).setAddress(new InterfaceAddress(pDest.getEndIp(), pDest.getPrefixLength())).build();
    StaticRoute.Builder bld = StaticRoute.builder().setNetwork(pDest);
    _srcVrf.getStaticRoutes().add(bld.setNextHopIp(p1.getEndIp()).build());
    _configs = ImmutableSortedMap.of(_srcNode.getName(), _srcNode, _dstNode.getName(), _dstNode);
}

Example 53 with IpWildcard

use of org.batfish.datamodel.IpWildcard in project batfish by batfish.

the class NodJobTest method testNattedSat.

/**
 * Test that traffic originating from 3.0.0.0 that is expected to be NATed returns SAT when we
 * constrain to only allow NATed results.
 */
@Test
public void testNattedSat() {
    HeaderSpace headerSpace = new HeaderSpace();
    headerSpace.setSrcIps(ImmutableList.of(new IpWildcard("3.0.0.0")));
    NodJob nodJob = getNodJob(headerSpace, true);
    Context z3Context = new Context();
    Status status = nodJob.computeNodSat(System.currentTimeMillis(), z3Context);
    assertThat(status, equalTo(Status.SATISFIABLE));
}

Example 54 with IpWildcard

use of org.batfish.datamodel.IpWildcard in project batfish by batfish.

the class SynthesizerInputImplTest method testComputeAclConditions.

@Test
public void testComputeAclConditions() {
    Configuration c = _cb.build();
    IpAccessList aclWithoutLines = _aclb.setOwner(c).build();
    _acllb.setAction(LineAction.ACCEPT);
    IpAccessList aclWithLines = _aclb.setLines(ImmutableList.<IpAccessListLine>of(_acllb.setDstIps(ImmutableSet.of(new IpWildcard(new Ip("1.2.3.4")))).build(), _acllb.setDstIps(ImmutableSet.of(new IpWildcard(new Ip("5.6.7.8")))).build())).build();
    SynthesizerInput input = _inputBuilder.setConfigurations(ImmutableMap.of(c.getName(), c)).build();
    assertThat(input, hasAclConditions(equalTo(ImmutableMap.of(c.getName(), ImmutableMap.of(aclWithoutLines.getName(), ImmutableList.of(), aclWithLines.getName(), ImmutableList.of(new HeaderSpaceMatchExpr(aclWithLines.getLines().get(0)), new HeaderSpaceMatchExpr(aclWithLines.getLines().get(1))))))));
    Configuration srcNode = _cb.build();
    Configuration nextHop = _cb.build();
    Vrf srcVrf = _vb.setOwner(srcNode).build();
    Vrf nextHopVrf = _vb.setOwner(nextHop).build();
    Ip ip11 = new Ip("1.0.0.0");
    Ip ip12 = new Ip("1.0.0.10");
    Ip ip21 = new Ip("2.0.0.0");
    Ip ip22 = new Ip("2.0.0.10");
    IpAccessList sourceNat1Acl = _aclb.setLines(ImmutableList.of()).setOwner(srcNode).build();
    IpAccessList sourceNat2Acl = _aclb.build();
    SourceNat sourceNat1 = _snb.setPoolIpFirst(ip11).setPoolIpLast(ip12).setAcl(sourceNat1Acl).build();
    SourceNat sourceNat2 = _snb.setPoolIpFirst(ip21).setPoolIpLast(ip22).setAcl(sourceNat2Acl).build();
    Interface srcInterfaceZeroSourceNats = _ib.setOwner(srcNode).setVrf(srcVrf).setSourceNats(ImmutableList.of()).build();
    Interface srcInterfaceOneSourceNat = _ib.setSourceNats(ImmutableList.of(sourceNat1)).build();
    Interface srcInterfaceTwoSourceNats = _ib.setSourceNats(ImmutableList.of(sourceNat1, sourceNat2)).build();
    Interface nextHopInterface = _ib.setOwner(nextHop).setVrf(nextHopVrf).setSourceNats(ImmutableList.of()).build();
    Edge forwardEdge1 = new Edge(srcInterfaceZeroSourceNats, nextHopInterface);
    Edge forwardEdge2 = new Edge(srcInterfaceOneSourceNat, nextHopInterface);
    Edge forwardEdge3 = new Edge(srcInterfaceTwoSourceNats, nextHopInterface);
    Edge backEdge1 = new Edge(nextHopInterface, srcInterfaceZeroSourceNats);
    Edge backEdge2 = new Edge(nextHopInterface, srcInterfaceOneSourceNat);
    Edge backEdge3 = new Edge(nextHopInterface, srcInterfaceTwoSourceNats);
    SynthesizerInput inputWithDataPlane = _inputBuilder.setConfigurations(ImmutableMap.of(srcNode.getName(), srcNode, nextHop.getName(), nextHop)).setForwardingAnalysis(MockForwardingAnalysis.builder().build()).setTopology(new Topology(ImmutableSortedSet.of(forwardEdge1, forwardEdge2, forwardEdge3, backEdge1, backEdge2, backEdge3))).build();
    assertThat(inputWithDataPlane, hasAclConditions(equalTo(ImmutableMap.of(srcNode.getName(), ImmutableMap.of(sourceNat1Acl.getName(), ImmutableList.of(), sourceNat2Acl.getName(), ImmutableList.of()), nextHop.getName(), ImmutableMap.of()))));
}

Example 55 with IpWildcard

use of org.batfish.datamodel.IpWildcard in project batfish by batfish.

the class SynthesizerInputImplTest method testSourceNatWithNoAcl.

/**
 * Test that for a SourceNat with no ACL, the SynthesizerInput will have an "accept everything"
 * ACL.
 */
@Test
public void testSourceNatWithNoAcl() {
    Configuration srcNode = _cb.build();
    Configuration nextHop = _cb.build();
    Vrf srcVrf = _vb.setOwner(srcNode).build();
    Vrf nextHopVrf = _vb.setOwner(nextHop).build();
    Ip ip1 = new Ip("1.0.0.0");
    Ip ip2 = new Ip("1.0.0.10");
    SourceNat sourceNat = _snb.setPoolIpFirst(ip1).setPoolIpLast(ip2).build();
    Interface srcInterfaceOneSourceNat = _ib.setOwner(srcNode).setVrf(srcVrf).setSourceNats(ImmutableList.of(sourceNat)).build();
    Interface nextHopInterface = _ib.setOwner(nextHop).setVrf(nextHopVrf).setSourceNats(ImmutableList.of()).build();
    Edge forwardEdge = new Edge(srcInterfaceOneSourceNat, nextHopInterface);
    Edge backEdge = new Edge(nextHopInterface, srcInterfaceOneSourceNat);
    SynthesizerInput inputWithDataPlane = _inputBuilder.setConfigurations(ImmutableMap.of(srcNode.getName(), srcNode, nextHop.getName(), nextHop)).setForwardingAnalysis(MockForwardingAnalysis.builder().build()).setTopology(new Topology(ImmutableSortedSet.of(forwardEdge, backEdge))).build();
    // Acl for the SourceNat is DefaultSourceNatAcl
    assertThat(inputWithDataPlane, hasSourceNats(hasEntry(equalTo(srcNode.getName()), hasEntry(equalTo(srcInterfaceOneSourceNat.getName()), equalTo(ImmutableList.of(immutableEntry(new AclPermit(srcNode.getHostname(), SynthesizerInputImpl.DEFAULT_SOURCE_NAT_ACL.getName()), new RangeMatchExpr(TransformationHeaderField.NEW_SRC_IP, TransformationHeaderField.NEW_SRC_IP.getSize(), ImmutableSet.of(Range.closed(ip1.asLong(), ip2.asLong()))))))))));
    assertThat(inputWithDataPlane, hasAclConditions(hasEntry(srcNode.getHostname(), ImmutableMap.of(SynthesizerInputImpl.DEFAULT_SOURCE_NAT_ACL.getName(), ImmutableList.of(new HeaderSpaceMatchExpr(IpAccessListLine.builder().setSrcIps(ImmutableList.of(new IpWildcard("0.0.0.0/0"))).build()))))));
    assertThat(inputWithDataPlane, hasAclActions(hasEntry(srcNode.getHostname(), ImmutableMap.of(SynthesizerInputImpl.DEFAULT_SOURCE_NAT_ACL.getName(), ImmutableList.of(LineAction.ACCEPT)))));
}