use of org.batfish.z3.state.AclLineMatch in project batfish by batfish.
the class DefaultTransitionGeneratorTest method testVisitAclDeny.
@Test
public void testVisitAclDeny() {
SynthesizerInput input = MockSynthesizerInput.builder().setAclActions(aclActions()).build();
Set<RuleStatement> rules = ImmutableSet.copyOf(DefaultTransitionGenerator.generateTransitions(input, ImmutableSet.of(AclDeny.State.INSTANCE)));
// MatchDenyLine
assertThat(rules, hasItem(new BasicRuleStatement(new AclLineMatch(NODE1, ACL1, 1), new AclDeny(NODE1, ACL1))));
assertThat(rules, hasItem(new BasicRuleStatement(new AclLineMatch(NODE1, ACL1, 3), new AclDeny(NODE1, ACL1))));
assertThat(rules, hasItem(new BasicRuleStatement(new AclLineMatch(NODE1, ACL2, 0), new AclDeny(NODE1, ACL2))));
assertThat(rules, hasItem(new BasicRuleStatement(new AclLineMatch(NODE1, ACL2, 2), new AclDeny(NODE1, ACL2))));
assertThat(rules, hasItem(new BasicRuleStatement(new AclLineMatch(NODE2, ACL1, 1), new AclDeny(NODE2, ACL1))));
assertThat(rules, hasItem(new BasicRuleStatement(new AclLineMatch(NODE2, ACL1, 3), new AclDeny(NODE2, ACL1))));
assertThat(rules, hasItem(new BasicRuleStatement(new AclLineMatch(NODE2, ACL2, 0), new AclDeny(NODE2, ACL2))));
assertThat(rules, hasItem(new BasicRuleStatement(new AclLineMatch(NODE2, ACL2, 2), new AclDeny(NODE2, ACL2))));
// MatchNoLines
assertThat(rules, hasItem(new BasicRuleStatement(new AclLineNoMatch(NODE1, ACL1, 3), new AclDeny(NODE1, ACL1))));
assertThat(rules, hasItem(new BasicRuleStatement(new AclLineNoMatch(NODE1, ACL2, 3), new AclDeny(NODE1, ACL2))));
assertThat(rules, hasItem(new BasicRuleStatement(new AclDeny(NODE1, ACL3))));
assertThat(rules, hasItem(new BasicRuleStatement(new AclLineNoMatch(NODE2, ACL1, 3), new AclDeny(NODE2, ACL1))));
assertThat(rules, hasItem(new BasicRuleStatement(new AclLineNoMatch(NODE2, ACL2, 3), new AclDeny(NODE2, ACL2))));
assertThat(rules, hasItem(new BasicRuleStatement(new AclDeny(NODE1, ACL3))));
}
use of org.batfish.z3.state.AclLineMatch in project batfish by batfish.
the class DefaultTransitionGeneratorTest method testVisitAclPermit.
@Test
public void testVisitAclPermit() {
SynthesizerInput input = MockSynthesizerInput.builder().setAclActions(aclActions()).build();
Set<RuleStatement> rules = ImmutableSet.copyOf(DefaultTransitionGenerator.generateTransitions(input, ImmutableSet.of(AclPermit.State.INSTANCE)));
// MatchPermitLine
assertThat(rules, hasItem(new BasicRuleStatement(new AclLineMatch(NODE1, ACL1, 0), new AclPermit(NODE1, ACL1))));
assertThat(rules, hasItem(new BasicRuleStatement(new AclLineMatch(NODE1, ACL1, 2), new AclPermit(NODE1, ACL1))));
assertThat(rules, hasItem(new BasicRuleStatement(new AclLineMatch(NODE1, ACL2, 1), new AclPermit(NODE1, ACL2))));
assertThat(rules, hasItem(new BasicRuleStatement(new AclLineMatch(NODE1, ACL2, 3), new AclPermit(NODE1, ACL2))));
assertThat(rules, hasItem(new BasicRuleStatement(new AclLineMatch(NODE2, ACL1, 0), new AclPermit(NODE2, ACL1))));
assertThat(rules, hasItem(new BasicRuleStatement(new AclLineMatch(NODE2, ACL1, 2), new AclPermit(NODE2, ACL1))));
assertThat(rules, hasItem(new BasicRuleStatement(new AclLineMatch(NODE2, ACL2, 1), new AclPermit(NODE2, ACL2))));
assertThat(rules, hasItem(new BasicRuleStatement(new AclLineMatch(NODE2, ACL2, 3), new AclPermit(NODE2, ACL2))));
}
use of org.batfish.z3.state.AclLineMatch in project batfish by batfish.
the class DefaultTransitionGeneratorTest method testVisitAclLineMatch.
@Test
public void testVisitAclLineMatch() {
SynthesizerInput input = MockSynthesizerInput.builder().setAclConditions(aclConditions()).build();
Set<RuleStatement> rules = ImmutableSet.copyOf(DefaultTransitionGenerator.generateTransitions(input, ImmutableSet.of(AclLineMatch.State.INSTANCE)));
// MatchCurrentAndDontMatchPrevious
assertThat(rules, hasItem(new BasicRuleStatement(TrueExpr.INSTANCE, new AclLineMatch(NODE1, ACL1, 0))));
assertThat(rules, hasItem(new BasicRuleStatement(FalseExpr.INSTANCE, ImmutableSet.of(new AclLineNoMatch(NODE1, ACL1, 0)), new AclLineMatch(NODE1, ACL1, 1))));
assertThat(rules, hasItem(new BasicRuleStatement(TrueExpr.INSTANCE, ImmutableSet.of(new AclLineNoMatch(NODE1, ACL1, 1)), new AclLineMatch(NODE1, ACL1, 2))));
assertThat(rules, hasItem(new BasicRuleStatement(FalseExpr.INSTANCE, ImmutableSet.of(new AclLineNoMatch(NODE1, ACL1, 2)), new AclLineMatch(NODE1, ACL1, 3))));
assertThat(rules, hasItem(new BasicRuleStatement(FalseExpr.INSTANCE, new AclLineMatch(NODE1, ACL2, 0))));
assertThat(rules, hasItem(new BasicRuleStatement(TrueExpr.INSTANCE, ImmutableSet.of(new AclLineNoMatch(NODE1, ACL2, 0)), new AclLineMatch(NODE1, ACL2, 1))));
assertThat(rules, hasItem(new BasicRuleStatement(FalseExpr.INSTANCE, ImmutableSet.of(new AclLineNoMatch(NODE1, ACL2, 1)), new AclLineMatch(NODE1, ACL2, 2))));
assertThat(rules, hasItem(new BasicRuleStatement(TrueExpr.INSTANCE, ImmutableSet.of(new AclLineNoMatch(NODE1, ACL2, 2)), new AclLineMatch(NODE1, ACL2, 3))));
assertThat(rules, hasItem(new BasicRuleStatement(TrueExpr.INSTANCE, new AclLineMatch(NODE2, ACL1, 0))));
assertThat(rules, hasItem(new BasicRuleStatement(FalseExpr.INSTANCE, ImmutableSet.of(new AclLineNoMatch(NODE2, ACL1, 0)), new AclLineMatch(NODE2, ACL1, 1))));
assertThat(rules, hasItem(new BasicRuleStatement(TrueExpr.INSTANCE, ImmutableSet.of(new AclLineNoMatch(NODE2, ACL1, 1)), new AclLineMatch(NODE2, ACL1, 2))));
assertThat(rules, hasItem(new BasicRuleStatement(FalseExpr.INSTANCE, ImmutableSet.of(new AclLineNoMatch(NODE2, ACL1, 2)), new AclLineMatch(NODE2, ACL1, 3))));
assertThat(rules, hasItem(new BasicRuleStatement(FalseExpr.INSTANCE, new AclLineMatch(NODE2, ACL2, 0))));
assertThat(rules, hasItem(new BasicRuleStatement(TrueExpr.INSTANCE, ImmutableSet.of(new AclLineNoMatch(NODE2, ACL2, 0)), new AclLineMatch(NODE2, ACL2, 1))));
assertThat(rules, hasItem(new BasicRuleStatement(FalseExpr.INSTANCE, ImmutableSet.of(new AclLineNoMatch(NODE2, ACL2, 1)), new AclLineMatch(NODE2, ACL2, 2))));
assertThat(rules, hasItem(new BasicRuleStatement(TrueExpr.INSTANCE, ImmutableSet.of(new AclLineNoMatch(NODE2, ACL2, 2)), new AclLineMatch(NODE2, ACL2, 3))));
}
use of org.batfish.z3.state.AclLineMatch in project batfish by batfish.
the class DefaultTransitionGenerator method visitAclDeny.
@Override
public void visitAclDeny(AclDeny.State aclDeny) {
// MatchDenyLine
_input.getAclActions().forEach((node, nodeAcls) -> nodeAcls.forEach((acl, linesActions) -> {
int lineNumber = 0;
for (LineAction linesAction : linesActions) {
if (linesAction == LineAction.REJECT) {
_rules.add(new BasicRuleStatement(new AclLineMatch(node, acl, lineNumber), new AclDeny(node, acl)));
}
lineNumber++;
}
}));
// MatchNoLines
_input.getAclActions().entrySet().stream().flatMap(aclActionsEntryByNode -> {
String hostname = aclActionsEntryByNode.getKey();
return aclActionsEntryByNode.getValue().entrySet().stream().map(aclActionsEntryByAclName -> {
String acl = aclActionsEntryByAclName.getKey();
List<LineAction> lineActions = aclActionsEntryByAclName.getValue();
AclDeny deny = new AclDeny(hostname, acl);
if (lineActions.isEmpty()) {
return new BasicRuleStatement(deny);
} else {
int lastLine = lineActions.size() - 1;
return new BasicRuleStatement(new AclLineNoMatch(hostname, acl, lastLine), deny);
}
});
}).forEach(_rules::add);
}
use of org.batfish.z3.state.AclLineMatch in project batfish by batfish.
the class AclReachabilityQuerySynthesizer method getReachabilityProgram.
@Override
public ReachabilityProgram getReachabilityProgram(SynthesizerInput input) {
ReachabilityProgram.Builder builder = ReachabilityProgram.builder().setInput(input);
ImmutableList.Builder<QueryStatement> queries = ImmutableList.builder();
ImmutableList.Builder<RuleStatement> rules = ImmutableList.builder();
for (int line = 0; line < _numLines; line++) {
NumberedQuery query = new NumberedQuery(line);
rules.add(new BasicRuleStatement(SaneExpr.INSTANCE, ImmutableSet.of(new AclLineMatch(_hostname, _aclName, line)), new NumberedQuery(line)));
queries.add(new QueryStatement(query));
_keys.add(new AclLine(_hostname, _aclName, line));
}
return builder.setInput(input).setQueries(queries.build()).setRules(rules.build()).build();
}
Aggregations