Examples with AclPermit org.batfish.z3.state.AclPermit used on opensource projects

Example 1 with AclPermit

use of org.batfish.z3.state.AclPermit in project batfish by batfish.

the class DefaultTransitionGeneratorTest method testVisitPostOutEdge.

@Test
public void testVisitPostOutEdge() {
    SynthesizerInput input = MockSynthesizerInput.builder().setEnabledEdges(ImmutableSet.of(new Edge(NODE1, INTERFACE1, NODE2, INTERFACE1), new Edge(NODE1, INTERFACE2, NODE2, INTERFACE2), new Edge(NODE1, INTERFACE3, NODE2, INTERFACE3))).setOutgoingAcls(ImmutableMap.of(NODE1, ImmutableMap.of(INTERFACE1, ACL1, INTERFACE2, ACL2), NODE2, ImmutableMap.of(INTERFACE1, ACL1, INTERFACE2, ACL2))).setSourceNats(ImmutableMap.of(NODE1, ImmutableMap.of(INTERFACE1, ImmutableList.of(Maps.immutableEntry(new AclPermit(NODE1, NAT_ACL1), TrueExpr.INSTANCE), Maps.immutableEntry(new AclPermit(NODE1, NAT_ACL2), FalseExpr.INSTANCE)), INTERFACE2, ImmutableList.of(), INTERFACE3, ImmutableList.of()), NODE2, ImmutableMap.of(INTERFACE1, ImmutableList.of(Maps.immutableEntry(new AclPermit(NODE2, NAT_ACL1), FalseExpr.INSTANCE), Maps.immutableEntry(new AclPermit(NODE2, NAT_ACL2), TrueExpr.INSTANCE)), INTERFACE2, ImmutableList.of(), INTERFACE3, ImmutableList.of()))).setTopologyInterfaces(ImmutableMap.of(NODE1, ImmutableSet.of(INTERFACE1, INTERFACE2, INTERFACE3), NODE2, ImmutableSet.of(INTERFACE1, INTERFACE2, INTERFACE3))).build();
    Set<RuleStatement> rules = ImmutableSet.copyOf(DefaultTransitionGenerator.generateTransitions(input, ImmutableSet.of(PostOutEdge.State.INSTANCE)));
    // PassOutgoingAcl
    assertThat(rules, hasItem(new BasicRuleStatement(TrueExpr.INSTANCE, ImmutableSet.of(new AclPermit(NODE1, ACL1), new PreOutEdgePostNat(NODE1, INTERFACE1, NODE2, INTERFACE1)), new PostOutEdge(NODE1, INTERFACE1, NODE2, INTERFACE1))));
    assertThat(rules, hasItem(new BasicRuleStatement(TrueExpr.INSTANCE, ImmutableSet.of(new AclPermit(NODE1, ACL2), new PreOutEdgePostNat(NODE1, INTERFACE2, NODE2, INTERFACE2)), new PostOutEdge(NODE1, INTERFACE2, NODE2, INTERFACE2))));
    assertThat(rules, hasItem(new BasicRuleStatement(TrueExpr.INSTANCE, ImmutableSet.of(new PreOutEdgePostNat(NODE1, INTERFACE3, NODE2, INTERFACE3)), new PostOutEdge(NODE1, INTERFACE3, NODE2, INTERFACE3))));
}

Example 2 with AclPermit

use of org.batfish.z3.state.AclPermit in project batfish by batfish.

the class DefaultTransitionGeneratorTest method testVisitAclPermit.

@Test
public void testVisitAclPermit() {
    SynthesizerInput input = MockSynthesizerInput.builder().setAclActions(aclActions()).build();
    Set<RuleStatement> rules = ImmutableSet.copyOf(DefaultTransitionGenerator.generateTransitions(input, ImmutableSet.of(AclPermit.State.INSTANCE)));
    // MatchPermitLine
    assertThat(rules, hasItem(new BasicRuleStatement(new AclLineMatch(NODE1, ACL1, 0), new AclPermit(NODE1, ACL1))));
    assertThat(rules, hasItem(new BasicRuleStatement(new AclLineMatch(NODE1, ACL1, 2), new AclPermit(NODE1, ACL1))));
    assertThat(rules, hasItem(new BasicRuleStatement(new AclLineMatch(NODE1, ACL2, 1), new AclPermit(NODE1, ACL2))));
    assertThat(rules, hasItem(new BasicRuleStatement(new AclLineMatch(NODE1, ACL2, 3), new AclPermit(NODE1, ACL2))));
    assertThat(rules, hasItem(new BasicRuleStatement(new AclLineMatch(NODE2, ACL1, 0), new AclPermit(NODE2, ACL1))));
    assertThat(rules, hasItem(new BasicRuleStatement(new AclLineMatch(NODE2, ACL1, 2), new AclPermit(NODE2, ACL1))));
    assertThat(rules, hasItem(new BasicRuleStatement(new AclLineMatch(NODE2, ACL2, 1), new AclPermit(NODE2, ACL2))));
    assertThat(rules, hasItem(new BasicRuleStatement(new AclLineMatch(NODE2, ACL2, 3), new AclPermit(NODE2, ACL2))));
}

Example 3 with AclPermit

use of org.batfish.z3.state.AclPermit in project batfish by batfish.

the class SynthesizerInputImplTest method testComputeSourceNats.

@Test
public void testComputeSourceNats() {
    Configuration srcNode = _cb.build();
    Configuration nextHop = _cb.build();
    Vrf srcVrf = _vb.setOwner(srcNode).build();
    Vrf nextHopVrf = _vb.setOwner(nextHop).build();
    Ip ip11 = new Ip("1.0.0.0");
    Ip ip12 = new Ip("1.0.0.10");
    Ip ip21 = new Ip("2.0.0.0");
    Ip ip22 = new Ip("2.0.0.10");
    IpAccessList sourceNat1Acl = _aclb.setLines(ImmutableList.of()).setOwner(srcNode).build();
    IpAccessList sourceNat2Acl = _aclb.build();
    SourceNat sourceNat1 = _snb.setPoolIpFirst(ip11).setPoolIpLast(ip12).setAcl(sourceNat1Acl).build();
    SourceNat sourceNat2 = _snb.setPoolIpFirst(ip21).setPoolIpLast(ip22).setAcl(sourceNat2Acl).build();
    Interface srcInterfaceZeroSourceNats = _ib.setOwner(srcNode).setVrf(srcVrf).setSourceNats(ImmutableList.of()).build();
    Interface srcInterfaceOneSourceNat = _ib.setSourceNats(ImmutableList.of(sourceNat1)).build();
    Interface srcInterfaceTwoSourceNats = _ib.setSourceNats(ImmutableList.of(sourceNat1, sourceNat2)).build();
    Interface nextHopInterface = _ib.setOwner(nextHop).setVrf(nextHopVrf).setSourceNats(ImmutableList.of()).build();
    Edge forwardEdge1 = new Edge(srcInterfaceZeroSourceNats, nextHopInterface);
    Edge forwardEdge2 = new Edge(srcInterfaceOneSourceNat, nextHopInterface);
    Edge forwardEdge3 = new Edge(srcInterfaceTwoSourceNats, nextHopInterface);
    Edge backEdge1 = new Edge(nextHopInterface, srcInterfaceZeroSourceNats);
    Edge backEdge2 = new Edge(nextHopInterface, srcInterfaceOneSourceNat);
    Edge backEdge3 = new Edge(nextHopInterface, srcInterfaceTwoSourceNats);
    SynthesizerInput inputWithoutDataPlane = _inputBuilder.setConfigurations(ImmutableMap.of(srcNode.getName(), srcNode, nextHop.getName(), nextHop)).build();
    SynthesizerInput inputWithDataPlane = _inputBuilder.setForwardingAnalysis(MockForwardingAnalysis.builder().build()).setTopology(new Topology(ImmutableSortedSet.of(forwardEdge1, forwardEdge2, forwardEdge3, backEdge1, backEdge2, backEdge3))).build();
    assertThat(inputWithDataPlane, hasSourceNats(hasEntry(equalTo(srcNode.getName()), hasEntry(equalTo(srcInterfaceZeroSourceNats.getName()), equalTo(ImmutableList.of())))));
    assertThat(inputWithDataPlane, hasSourceNats(hasEntry(equalTo(srcNode.getName()), hasEntry(equalTo(srcInterfaceOneSourceNat.getName()), equalTo(ImmutableList.of(immutableEntry(new AclPermit(srcNode.getName(), sourceNat1Acl.getName()), new RangeMatchExpr(TransformationHeaderField.NEW_SRC_IP, TransformationHeaderField.NEW_SRC_IP.getSize(), ImmutableSet.of(Range.closed(ip11.asLong(), ip12.asLong()))))))))));
    assertThat(inputWithDataPlane, hasSourceNats(hasEntry(equalTo(srcNode.getName()), hasEntry(equalTo(srcInterfaceTwoSourceNats.getName()), equalTo(ImmutableList.of(immutableEntry(new AclPermit(srcNode.getName(), sourceNat1Acl.getName()), new RangeMatchExpr(TransformationHeaderField.NEW_SRC_IP, TransformationHeaderField.NEW_SRC_IP.getSize(), ImmutableSet.of(Range.closed(ip11.asLong(), ip12.asLong())))), immutableEntry(new AclPermit(srcNode.getName(), sourceNat2Acl.getName()), new RangeMatchExpr(TransformationHeaderField.NEW_SRC_IP, TransformationHeaderField.NEW_SRC_IP.getSize(), ImmutableSet.of(Range.closed(ip21.asLong(), ip22.asLong()))))))))));
    assertThat(inputWithoutDataPlane, hasSourceNats(nullValue()));
}

Example 4 with AclPermit

use of org.batfish.z3.state.AclPermit in project batfish by batfish.

the class DefaultTransitionGenerator method visitPreOutEdgePostNat_generateNoMatchSourceNatRules.

private void visitPreOutEdgePostNat_generateNoMatchSourceNatRules(String node1, String iface1, String node2, String iface2) {
    List<Entry<AclPermit, BooleanExpr>> sourceNats = _input.getSourceNats().getOrDefault(node1, ImmutableMap.of()).getOrDefault(iface1, ImmutableList.of());
    ImmutableSet.Builder<StateExpr> preStates = ImmutableSet.builder();
    preStates.add(new PreOutEdge(node1, iface1, node2, iface2));
    sourceNats.stream().map(Entry::getKey).map(aclPermit -> new AclDeny(aclPermit.getHostname(), aclPermit.getAcl())).forEach(preStates::add);
    _rules.add(new TransformationRuleStatement(new EqExpr(new VarIntExpr(TransformationHeaderField.NEW_SRC_IP), new VarIntExpr(TransformationHeaderField.NEW_SRC_IP.getCurrent())), preStates.build(), ImmutableSet.of(), new PreOutEdgePostNat(node1, iface1, node2, iface2)));
}

Example 5 with AclPermit

use of org.batfish.z3.state.AclPermit in project batfish by batfish.

the class DefaultTransitionGeneratorTest method testVisitPostInInterface.

@Test
public void testVisitPostInInterface() {
    SynthesizerInput input = MockSynthesizerInput.builder().setIncomingAcls(ImmutableMap.of(NODE1, ImmutableMap.of(INTERFACE1, ACL1, INTERFACE2, ACL2), NODE2, ImmutableMap.of(INTERFACE1, ACL1, INTERFACE2, ACL2))).setTopologyInterfaces(ImmutableMap.of(NODE1, ImmutableSet.of(INTERFACE1, INTERFACE2, INTERFACE3), NODE2, ImmutableSet.of(INTERFACE1, INTERFACE2, INTERFACE3))).build();
    Set<RuleStatement> rules = ImmutableSet.copyOf(DefaultTransitionGenerator.generateTransitions(input, ImmutableSet.of(PostInInterface.State.INSTANCE)));
    // PassIncomingAcl
    assertThat(rules, hasItem(new BasicRuleStatement(ImmutableSet.of(new AclPermit(NODE1, ACL1), new PreInInterface(NODE1, INTERFACE1)), new PostInInterface(NODE1, INTERFACE1))));
    assertThat(rules, hasItem(new BasicRuleStatement(ImmutableSet.of(new AclPermit(NODE1, ACL2), new PreInInterface(NODE1, INTERFACE2)), new PostInInterface(NODE1, INTERFACE2))));
    assertThat(rules, hasItem(new BasicRuleStatement(new PreInInterface(NODE1, INTERFACE3), new PostInInterface(NODE1, INTERFACE3))));
    assertThat(rules, hasItem(new BasicRuleStatement(ImmutableSet.of(new AclPermit(NODE2, ACL1), new PreInInterface(NODE2, INTERFACE1)), new PostInInterface(NODE2, INTERFACE1))));
    assertThat(rules, hasItem(new BasicRuleStatement(ImmutableSet.of(new AclPermit(NODE2, ACL2), new PreInInterface(NODE2, INTERFACE2)), new PostInInterface(NODE2, INTERFACE2))));
    assertThat(rules, hasItem(new BasicRuleStatement(new PreInInterface(NODE2, INTERFACE3), new PostInInterface(NODE2, INTERFACE3))));
}