Example 1 with Accept
use of org.batfish.z3.state.Accept in project batfish by batfish.
the class IpSpaceBooleanExprTransformerTest method testVisitAclIpSpace.
@Test
public void testVisitAclIpSpace() {
AclIpSpace ipSpace = AclIpSpace.builder().thenRejecting(UniverseIpSpace.INSTANCE).thenPermitting(EmptyIpSpace.INSTANCE).build();
BooleanExpr expr = ipSpace.accept(SRC_IP_SPACE_BOOLEAN_EXPR_TRANSFORMER);
assertThat(expr, equalTo(new IfThenElse(// Matches UniverseIpSpace
TrueExpr.INSTANCE, // Reject
FalseExpr.INSTANCE, new IfThenElse(// Matches EmptyIpSpace
FalseExpr.INSTANCE, // Accept
TrueExpr.INSTANCE, // Matches nothing so reject
FalseExpr.INSTANCE))));
}
Also used :
AclIpSpace(org.batfish.datamodel.AclIpSpace)
IfThenElse(org.batfish.z3.expr.IfThenElse)
BooleanExpr(org.batfish.z3.expr.BooleanExpr)
Test(org.junit.Test)
Example 2 with Accept
use of org.batfish.z3.state.Accept in project batfish by batfish.
the class SynthesizerInputImplTest method testSourceNatWithNoAcl.
/**
* Test that for a SourceNat with no ACL, the SynthesizerInput will have an "accept everything"
* ACL.
*/
@Test
public void testSourceNatWithNoAcl() {
Configuration srcNode = _cb.build();
Configuration nextHop = _cb.build();
Vrf srcVrf = _vb.setOwner(srcNode).build();
Vrf nextHopVrf = _vb.setOwner(nextHop).build();
Ip ip1 = new Ip("1.0.0.0");
Ip ip2 = new Ip("1.0.0.10");
SourceNat sourceNat = _snb.setPoolIpFirst(ip1).setPoolIpLast(ip2).build();
Interface srcInterfaceOneSourceNat = _ib.setOwner(srcNode).setVrf(srcVrf).setSourceNats(ImmutableList.of(sourceNat)).build();
Interface nextHopInterface = _ib.setOwner(nextHop).setVrf(nextHopVrf).setSourceNats(ImmutableList.of()).build();
Edge forwardEdge = new Edge(srcInterfaceOneSourceNat, nextHopInterface);
Edge backEdge = new Edge(nextHopInterface, srcInterfaceOneSourceNat);
SynthesizerInput inputWithDataPlane = _inputBuilder.setConfigurations(ImmutableMap.of(srcNode.getName(), srcNode, nextHop.getName(), nextHop)).setForwardingAnalysis(MockForwardingAnalysis.builder().build()).setTopology(new Topology(ImmutableSortedSet.of(forwardEdge, backEdge))).build();
// Acl for the SourceNat is DefaultSourceNatAcl
assertThat(inputWithDataPlane, hasSourceNats(hasEntry(equalTo(srcNode.getName()), hasEntry(equalTo(srcInterfaceOneSourceNat.getName()), equalTo(ImmutableList.of(immutableEntry(new AclPermit(srcNode.getHostname(), SynthesizerInputImpl.DEFAULT_SOURCE_NAT_ACL.getName()), new RangeMatchExpr(TransformationHeaderField.NEW_SRC_IP, TransformationHeaderField.NEW_SRC_IP.getSize(), ImmutableSet.of(Range.closed(ip1.asLong(), ip2.asLong()))))))))));
assertThat(inputWithDataPlane, hasAclConditions(hasEntry(srcNode.getHostname(), ImmutableMap.of(SynthesizerInputImpl.DEFAULT_SOURCE_NAT_ACL.getName(), ImmutableList.of(new HeaderSpaceMatchExpr(IpAccessListLine.builder().setSrcIps(ImmutableList.of(new IpWildcard("0.0.0.0/0"))).build()))))));
assertThat(inputWithDataPlane, hasAclActions(hasEntry(srcNode.getHostname(), ImmutableMap.of(SynthesizerInputImpl.DEFAULT_SOURCE_NAT_ACL.getName(), ImmutableList.of(LineAction.ACCEPT)))));
}
Also used :
SourceNat(org.batfish.datamodel.SourceNat)
IpWildcard(org.batfish.datamodel.IpWildcard)
Configuration(org.batfish.datamodel.Configuration)
Ip(org.batfish.datamodel.Ip)
AclPermit(org.batfish.z3.state.AclPermit)
RangeMatchExpr(org.batfish.z3.expr.RangeMatchExpr)
Vrf(org.batfish.datamodel.Vrf)
Topology(org.batfish.datamodel.Topology)
HeaderSpaceMatchExpr(org.batfish.z3.expr.HeaderSpaceMatchExpr)
Edge(org.batfish.datamodel.Edge)
SynthesizerInputMatchers.hasArpTrueEdge(org.batfish.z3.matchers.SynthesizerInputMatchers.hasArpTrueEdge)
Interface(org.batfish.datamodel.Interface)
Test(org.junit.Test)
Example 3 with Accept
use of org.batfish.z3.state.Accept in project batfish by batfish.
the class IpSpaceBooleanExprTransformer method visitAclIpSpace.
@Override
public BooleanExpr visitAclIpSpace(AclIpSpace aclIpSpace) {
// right fold
BooleanExpr expr = FalseExpr.INSTANCE;
for (int i = aclIpSpace.getLines().size() - 1; i >= 0; i--) {
AclIpSpaceLine line = aclIpSpace.getLines().get(i);
expr = new IfThenElse(line.getIpSpace().accept(this), line.getAction() == LineAction.ACCEPT ? TrueExpr.INSTANCE : FalseExpr.INSTANCE, expr);
}
return expr;
}
Also used :
AclIpSpaceLine(org.batfish.datamodel.AclIpSpaceLine)
IfThenElse(org.batfish.z3.expr.IfThenElse)
BooleanExpr(org.batfish.z3.expr.BooleanExpr)
Example 4 with Accept
use of org.batfish.z3.state.Accept in project batfish by batfish.
the class StandardReachabilityQuerySynthesizer method computeFinalActions.
/**
* Create query condition for action at final node(s)
*/
private List<StateExpr> computeFinalActions() {
ImmutableList.Builder<StateExpr> finalActionsBuilder = ImmutableList.builder();
for (ForwardingAction action : _actions) {
switch(action) {
case ACCEPT:
if (_finalNodes.size() > 0) {
for (String finalNode : _finalNodes) {
StateExpr accept = new NodeAccept(finalNode);
finalActionsBuilder.add(accept);
}
} else {
finalActionsBuilder.add(Accept.INSTANCE);
}
break;
case DEBUG:
finalActionsBuilder.add(Debug.INSTANCE);
break;
case DROP:
if (_finalNodes.size() > 0) {
for (String finalNode : _finalNodes) {
StateExpr drop = new NodeDrop(finalNode);
finalActionsBuilder.add(drop);
}
} else {
finalActionsBuilder.add(Drop.INSTANCE);
}
break;
case DROP_ACL:
if (_finalNodes.size() > 0) {
for (String finalNode : _finalNodes) {
StateExpr drop = new NodeDropAcl(finalNode);
finalActionsBuilder.add(drop);
}
} else {
finalActionsBuilder.add(DropAcl.INSTANCE);
}
break;
case DROP_ACL_IN:
if (_finalNodes.size() > 0) {
for (String finalNode : _finalNodes) {
StateExpr drop = new NodeDropAclIn(finalNode);
finalActionsBuilder.add(drop);
}
} else {
finalActionsBuilder.add(DropAclIn.INSTANCE);
}
break;
case DROP_ACL_OUT:
if (_finalNodes.size() > 0) {
for (String finalNode : _finalNodes) {
StateExpr drop = new NodeDropAclOut(finalNode);
finalActionsBuilder.add(drop);
}
} else {
finalActionsBuilder.add(DropAclOut.INSTANCE);
}
break;
case DROP_NO_ROUTE:
if (_finalNodes.size() > 0) {
for (String finalNode : _finalNodes) {
StateExpr drop = new NodeDropNoRoute(finalNode);
finalActionsBuilder.add(drop);
}
} else {
finalActionsBuilder.add(DropNoRoute.INSTANCE);
}
break;
case DROP_NULL_ROUTE:
if (_finalNodes.size() > 0) {
for (String finalNode : _finalNodes) {
StateExpr drop = new NodeDropNullRoute(finalNode);
finalActionsBuilder.add(drop);
}
} else {
finalActionsBuilder.add(DropNullRoute.INSTANCE);
}
break;
case NEIGHBOR_UNREACHABLE_OR_EXITS_NETWORK:
if (_finalNodes.size() > 0) {
for (String finalNode : _finalNodes) {
StateExpr drop = new NodeNeighborUnreachable(finalNode);
finalActionsBuilder.add(drop);
}
} else {
finalActionsBuilder.add(NeighborUnreachable.INSTANCE);
}
break;
case FORWARD:
default:
throw new BatfishException("unsupported action");
}
}
return finalActionsBuilder.build();
}
Also used :
ForwardingAction(org.batfish.datamodel.ForwardingAction)
NodeDropAcl(org.batfish.z3.state.NodeDropAcl)
BatfishException(org.batfish.common.BatfishException)
NodeDropNoRoute(org.batfish.z3.state.NodeDropNoRoute)
NodeDropNullRoute(org.batfish.z3.state.NodeDropNullRoute)
ImmutableList(com.google.common.collect.ImmutableList)
NodeAccept(org.batfish.z3.state.NodeAccept)
StateExpr(org.batfish.z3.expr.StateExpr)
NodeDrop(org.batfish.z3.state.NodeDrop)
NodeDropAclIn(org.batfish.z3.state.NodeDropAclIn)
NodeNeighborUnreachable(org.batfish.z3.state.NodeNeighborUnreachable)
NodeDropAclOut(org.batfish.z3.state.NodeDropAclOut)
Aggregations
BooleanExpr (org.batfish.z3.expr.BooleanExpr)2
IfThenElse (org.batfish.z3.expr.IfThenElse)2
Test (org.junit.Test)2
ImmutableList (com.google.common.collect.ImmutableList)1
BatfishException (org.batfish.common.BatfishException)1
AclIpSpace (org.batfish.datamodel.AclIpSpace)1
AclIpSpaceLine (org.batfish.datamodel.AclIpSpaceLine)1
Configuration (org.batfish.datamodel.Configuration)1
Edge (org.batfish.datamodel.Edge)1
ForwardingAction (org.batfish.datamodel.ForwardingAction)1
Interface (org.batfish.datamodel.Interface)1
Ip (org.batfish.datamodel.Ip)1
IpWildcard (org.batfish.datamodel.IpWildcard)1
SourceNat (org.batfish.datamodel.SourceNat)1
Topology (org.batfish.datamodel.Topology)1
Vrf (org.batfish.datamodel.Vrf)1
HeaderSpaceMatchExpr (org.batfish.z3.expr.HeaderSpaceMatchExpr)1
RangeMatchExpr (org.batfish.z3.expr.RangeMatchExpr)1
StateExpr (org.batfish.z3.expr.StateExpr)1
SynthesizerInputMatchers.hasArpTrueEdge (org.batfish.z3.matchers.SynthesizerInputMatchers.hasArpTrueEdge)1
