Search in sources :

Example 1 with PreOutEdgePostNat

use of org.batfish.z3.state.PreOutEdgePostNat in project batfish by batfish.

the class BoolExprTransformerTest method setup.

@Before
public void setup() {
    _stateExpr = Accept.INSTANCE;
    _transformationStateExpr = new PreOutEdgePostNat("host1", "interface1", "host2", "interface2");
    _ctx = new Context();
    _input = MockSynthesizerInput.builder().build();
    _nodContext = new NodContext(_ctx, ReachabilityProgram.builder().setInput(_input).setRules(of(new BasicRuleStatement(_stateExpr), new TransformationRuleStatement(_transformationStateExpr))).build());
}
Also used : NodContext(org.batfish.z3.NodContext) Context(com.microsoft.z3.Context) TransformationRuleStatement(org.batfish.z3.expr.TransformationRuleStatement) NodContext(org.batfish.z3.NodContext) PreOutEdgePostNat(org.batfish.z3.state.PreOutEdgePostNat) BasicRuleStatement(org.batfish.z3.expr.BasicRuleStatement) Before(org.junit.Before)

Example 2 with PreOutEdgePostNat

use of org.batfish.z3.state.PreOutEdgePostNat in project batfish by batfish.

the class DefaultTransitionGeneratorTest method testVisitPostOutEdge.

@Test
public void testVisitPostOutEdge() {
    SynthesizerInput input = MockSynthesizerInput.builder().setEnabledEdges(ImmutableSet.of(new Edge(NODE1, INTERFACE1, NODE2, INTERFACE1), new Edge(NODE1, INTERFACE2, NODE2, INTERFACE2), new Edge(NODE1, INTERFACE3, NODE2, INTERFACE3))).setOutgoingAcls(ImmutableMap.of(NODE1, ImmutableMap.of(INTERFACE1, ACL1, INTERFACE2, ACL2), NODE2, ImmutableMap.of(INTERFACE1, ACL1, INTERFACE2, ACL2))).setSourceNats(ImmutableMap.of(NODE1, ImmutableMap.of(INTERFACE1, ImmutableList.of(Maps.immutableEntry(new AclPermit(NODE1, NAT_ACL1), TrueExpr.INSTANCE), Maps.immutableEntry(new AclPermit(NODE1, NAT_ACL2), FalseExpr.INSTANCE)), INTERFACE2, ImmutableList.of(), INTERFACE3, ImmutableList.of()), NODE2, ImmutableMap.of(INTERFACE1, ImmutableList.of(Maps.immutableEntry(new AclPermit(NODE2, NAT_ACL1), FalseExpr.INSTANCE), Maps.immutableEntry(new AclPermit(NODE2, NAT_ACL2), TrueExpr.INSTANCE)), INTERFACE2, ImmutableList.of(), INTERFACE3, ImmutableList.of()))).setTopologyInterfaces(ImmutableMap.of(NODE1, ImmutableSet.of(INTERFACE1, INTERFACE2, INTERFACE3), NODE2, ImmutableSet.of(INTERFACE1, INTERFACE2, INTERFACE3))).build();
    Set<RuleStatement> rules = ImmutableSet.copyOf(DefaultTransitionGenerator.generateTransitions(input, ImmutableSet.of(PostOutEdge.State.INSTANCE)));
    // PassOutgoingAcl
    assertThat(rules, hasItem(new BasicRuleStatement(TrueExpr.INSTANCE, ImmutableSet.of(new AclPermit(NODE1, ACL1), new PreOutEdgePostNat(NODE1, INTERFACE1, NODE2, INTERFACE1)), new PostOutEdge(NODE1, INTERFACE1, NODE2, INTERFACE1))));
    assertThat(rules, hasItem(new BasicRuleStatement(TrueExpr.INSTANCE, ImmutableSet.of(new AclPermit(NODE1, ACL2), new PreOutEdgePostNat(NODE1, INTERFACE2, NODE2, INTERFACE2)), new PostOutEdge(NODE1, INTERFACE2, NODE2, INTERFACE2))));
    assertThat(rules, hasItem(new BasicRuleStatement(TrueExpr.INSTANCE, ImmutableSet.of(new PreOutEdgePostNat(NODE1, INTERFACE3, NODE2, INTERFACE3)), new PostOutEdge(NODE1, INTERFACE3, NODE2, INTERFACE3))));
}
Also used : MockSynthesizerInput(org.batfish.z3.MockSynthesizerInput) SynthesizerInput(org.batfish.z3.SynthesizerInput) TransformationRuleStatement(org.batfish.z3.expr.TransformationRuleStatement) RuleStatement(org.batfish.z3.expr.RuleStatement) BasicRuleStatement(org.batfish.z3.expr.BasicRuleStatement) PostOutEdge(org.batfish.z3.state.PostOutEdge) AclPermit(org.batfish.z3.state.AclPermit) Edge(org.batfish.datamodel.Edge) PostOutEdge(org.batfish.z3.state.PostOutEdge) PreOutEdge(org.batfish.z3.state.PreOutEdge) PreOutEdgePostNat(org.batfish.z3.state.PreOutEdgePostNat) BasicRuleStatement(org.batfish.z3.expr.BasicRuleStatement) Test(org.junit.Test)

Example 3 with PreOutEdgePostNat

use of org.batfish.z3.state.PreOutEdgePostNat in project batfish by batfish.

the class DefaultTransitionGenerator method visitPreOutEdgePostNat_generateNoMatchSourceNatRules.

private void visitPreOutEdgePostNat_generateNoMatchSourceNatRules(String node1, String iface1, String node2, String iface2) {
    List<Entry<AclPermit, BooleanExpr>> sourceNats = _input.getSourceNats().getOrDefault(node1, ImmutableMap.of()).getOrDefault(iface1, ImmutableList.of());
    ImmutableSet.Builder<StateExpr> preStates = ImmutableSet.builder();
    preStates.add(new PreOutEdge(node1, iface1, node2, iface2));
    sourceNats.stream().map(Entry::getKey).map(aclPermit -> new AclDeny(aclPermit.getHostname(), aclPermit.getAcl())).forEach(preStates::add);
    _rules.add(new TransformationRuleStatement(new EqExpr(new VarIntExpr(TransformationHeaderField.NEW_SRC_IP), new VarIntExpr(TransformationHeaderField.NEW_SRC_IP.getCurrent())), preStates.build(), ImmutableSet.of(), new PreOutEdgePostNat(node1, iface1, node2, iface2)));
}
Also used : DropAclIn(org.batfish.z3.state.DropAclIn) NodeDropAclOut(org.batfish.z3.state.NodeDropAclOut) AclLineMatch(org.batfish.z3.state.AclLineMatch) Drop(org.batfish.z3.state.Drop) NodeDropAcl(org.batfish.z3.state.NodeDropAcl) NodeDropNoRoute(org.batfish.z3.state.NodeDropNoRoute) NumberedQuery(org.batfish.z3.state.NumberedQuery) AtomicInteger(java.util.concurrent.atomic.AtomicInteger) Map(java.util.Map) PostIn(org.batfish.z3.state.PostIn) AclLineNoMatch(org.batfish.z3.state.AclLineNoMatch) HeaderSpaceMatchExpr(org.batfish.z3.expr.HeaderSpaceMatchExpr) State(org.batfish.z3.expr.StateExpr.State) Originate(org.batfish.z3.state.Originate) NodeDropNullRoute(org.batfish.z3.state.NodeDropNullRoute) ImmutableSet(com.google.common.collect.ImmutableSet) ImmutableMap(com.google.common.collect.ImmutableMap) Set(java.util.Set) Query(org.batfish.z3.state.Query) PostOutEdge(org.batfish.z3.state.PostOutEdge) List(java.util.List) PreOutEdgePostNat(org.batfish.z3.state.PreOutEdgePostNat) OriginateVrf(org.batfish.z3.state.OriginateVrf) PreOutEdge(org.batfish.z3.state.PreOutEdge) Entry(java.util.Map.Entry) NodeDrop(org.batfish.z3.state.NodeDrop) NodeNeighborUnreachable(org.batfish.z3.state.NodeNeighborUnreachable) IpWildcard(org.batfish.datamodel.IpWildcard) TransformationHeaderField(org.batfish.z3.TransformationHeaderField) TrueExpr(org.batfish.z3.expr.TrueExpr) DropAcl(org.batfish.z3.state.DropAcl) DropNullRoute(org.batfish.z3.state.DropNullRoute) SynthesizerInput(org.batfish.z3.SynthesizerInput) TransformationRuleStatement(org.batfish.z3.expr.TransformationRuleStatement) NodeAccept(org.batfish.z3.state.NodeAccept) ImmutableList(com.google.common.collect.ImmutableList) StateExpr(org.batfish.z3.expr.StateExpr) LineAction(org.batfish.datamodel.LineAction) RuleStatement(org.batfish.z3.expr.RuleStatement) DropAclOut(org.batfish.z3.state.DropAclOut) Debug(org.batfish.z3.state.Debug) DropNoRoute(org.batfish.z3.state.DropNoRoute) BooleanExpr(org.batfish.z3.expr.BooleanExpr) Accept(org.batfish.z3.state.Accept) NodeDropAclIn(org.batfish.z3.state.NodeDropAclIn) PreOut(org.batfish.z3.state.PreOut) AclDeny(org.batfish.z3.state.AclDeny) NotExpr(org.batfish.z3.expr.NotExpr) AclPermit(org.batfish.z3.state.AclPermit) VarIntExpr(org.batfish.z3.expr.VarIntExpr) PreInInterface(org.batfish.z3.state.PreInInterface) PostInVrf(org.batfish.z3.state.PostInVrf) BasicRuleStatement(org.batfish.z3.expr.BasicRuleStatement) NeighborUnreachable(org.batfish.z3.state.NeighborUnreachable) EqExpr(org.batfish.z3.expr.EqExpr) PostInInterface(org.batfish.z3.state.PostInInterface) AclDeny(org.batfish.z3.state.AclDeny) VarIntExpr(org.batfish.z3.expr.VarIntExpr) TransformationRuleStatement(org.batfish.z3.expr.TransformationRuleStatement) StateExpr(org.batfish.z3.expr.StateExpr) Entry(java.util.Map.Entry) PreOutEdge(org.batfish.z3.state.PreOutEdge) ImmutableSet(com.google.common.collect.ImmutableSet) EqExpr(org.batfish.z3.expr.EqExpr) PreOutEdgePostNat(org.batfish.z3.state.PreOutEdgePostNat)

Example 4 with PreOutEdgePostNat

use of org.batfish.z3.state.PreOutEdgePostNat in project batfish by batfish.

the class DefaultTransitionGeneratorTest method testPreOutEdgePostNat.

@Test
public void testPreOutEdgePostNat() {
    SynthesizerInput input = MockSynthesizerInput.builder().setEnabledEdges(ImmutableSet.of(new Edge(NODE1, INTERFACE1, NODE2, INTERFACE1), new Edge(NODE1, INTERFACE1, NODE2, INTERFACE2), new Edge(NODE1, INTERFACE2, NODE2, INTERFACE1), new Edge(NODE1, INTERFACE2, NODE2, INTERFACE2), new Edge(NODE2, INTERFACE1, NODE1, INTERFACE1), new Edge(NODE2, INTERFACE1, NODE1, INTERFACE2), new Edge(NODE2, INTERFACE2, NODE1, INTERFACE1), new Edge(NODE2, INTERFACE2, NODE1, INTERFACE2))).build();
    Set<RuleStatement> rules = ImmutableSet.copyOf(DefaultTransitionGenerator.generateTransitions(input, ImmutableSet.of(PreOutEdgePostNat.State.INSTANCE)));
    BooleanExpr newSrcIpEqualsCurrentSrcIp = new EqExpr(new VarIntExpr(TransformationHeaderField.NEW_SRC_IP), new VarIntExpr(TransformationHeaderField.NEW_SRC_IP.getCurrent()));
    // PreOutEdgePostNatForTopologyEdges
    assertThat(rules, hasItem(new TransformationRuleStatement(newSrcIpEqualsCurrentSrcIp, ImmutableSet.of(new PreOutEdge(NODE1, INTERFACE1, NODE2, INTERFACE1)), ImmutableSet.of(), new PreOutEdgePostNat(NODE1, INTERFACE1, NODE2, INTERFACE1))));
    assertThat(rules, hasItem(new TransformationRuleStatement(newSrcIpEqualsCurrentSrcIp, ImmutableSet.of(new PreOutEdge(NODE1, INTERFACE1, NODE2, INTERFACE2)), ImmutableSet.of(), new PreOutEdgePostNat(NODE1, INTERFACE1, NODE2, INTERFACE2))));
    assertThat(rules, hasItem(new TransformationRuleStatement(newSrcIpEqualsCurrentSrcIp, ImmutableSet.of(new PreOutEdge(NODE1, INTERFACE2, NODE2, INTERFACE1)), ImmutableSet.of(), new PreOutEdgePostNat(NODE1, INTERFACE2, NODE2, INTERFACE1))));
    assertThat(rules, hasItem(new TransformationRuleStatement(newSrcIpEqualsCurrentSrcIp, ImmutableSet.of(new PreOutEdge(NODE1, INTERFACE2, NODE2, INTERFACE2)), ImmutableSet.of(), new PreOutEdgePostNat(NODE1, INTERFACE2, NODE2, INTERFACE2))));
    assertThat(rules, hasItem(new TransformationRuleStatement(newSrcIpEqualsCurrentSrcIp, ImmutableSet.of(new PreOutEdge(NODE2, INTERFACE1, NODE1, INTERFACE1)), ImmutableSet.of(), new PreOutEdgePostNat(NODE2, INTERFACE1, NODE1, INTERFACE1))));
    assertThat(rules, hasItem(new TransformationRuleStatement(newSrcIpEqualsCurrentSrcIp, ImmutableSet.of(new PreOutEdge(NODE2, INTERFACE1, NODE1, INTERFACE2)), ImmutableSet.of(), new PreOutEdgePostNat(NODE2, INTERFACE1, NODE1, INTERFACE2))));
    assertThat(rules, hasItem(new TransformationRuleStatement(newSrcIpEqualsCurrentSrcIp, ImmutableSet.of(new PreOutEdge(NODE2, INTERFACE2, NODE1, INTERFACE1)), ImmutableSet.of(), new PreOutEdgePostNat(NODE2, INTERFACE2, NODE1, INTERFACE1))));
    assertThat(rules, hasItem(new TransformationRuleStatement(newSrcIpEqualsCurrentSrcIp, ImmutableSet.of(new PreOutEdge(NODE2, INTERFACE2, NODE1, INTERFACE2)), ImmutableSet.of(), new PreOutEdgePostNat(NODE2, INTERFACE2, NODE1, INTERFACE2))));
}
Also used : VarIntExpr(org.batfish.z3.expr.VarIntExpr) PreOutEdge(org.batfish.z3.state.PreOutEdge) MockSynthesizerInput(org.batfish.z3.MockSynthesizerInput) SynthesizerInput(org.batfish.z3.SynthesizerInput) TransformationRuleStatement(org.batfish.z3.expr.TransformationRuleStatement) RuleStatement(org.batfish.z3.expr.RuleStatement) BasicRuleStatement(org.batfish.z3.expr.BasicRuleStatement) EqExpr(org.batfish.z3.expr.EqExpr) TransformationRuleStatement(org.batfish.z3.expr.TransformationRuleStatement) Edge(org.batfish.datamodel.Edge) PostOutEdge(org.batfish.z3.state.PostOutEdge) PreOutEdge(org.batfish.z3.state.PreOutEdge) BooleanExpr(org.batfish.z3.expr.BooleanExpr) PreOutEdgePostNat(org.batfish.z3.state.PreOutEdgePostNat) Test(org.junit.Test)

Example 5 with PreOutEdgePostNat

use of org.batfish.z3.state.PreOutEdgePostNat in project batfish by batfish.

the class DefaultTransitionGeneratorTest method testVisitPreOutEdgePostNat_topologyInterfaceWithNAT.

/**
 * Test the transitions generated for PreOutEdgePostNat for an edge with a source nat.
 */
@Test
public void testVisitPreOutEdgePostNat_topologyInterfaceWithNAT() {
    SynthesizerInput input = MockSynthesizerInput.builder().setEnabledEdges(ImmutableSet.of(new Edge(NODE1, INTERFACE1, NODE2, INTERFACE2))).setTopologyInterfaces(ImmutableMap.of(NODE1, ImmutableSet.of(INTERFACE1))).setSourceNats(ImmutableMap.of(NODE1, ImmutableMap.of(INTERFACE1, ImmutableList.of(Maps.immutableEntry(new AclPermit(NODE1, NAT_ACL1), B1))))).build();
    List<RuleStatement> rules = DefaultTransitionGenerator.generateTransitions(input, ImmutableSet.of(PreOutEdgePostNat.State.INSTANCE));
    RuleStatement permitRule = new TransformationRuleStatement(B1, ImmutableSet.of(new PreOutEdge(NODE1, INTERFACE1, NODE2, INTERFACE2), new AclPermit(NODE1, NAT_ACL1)), ImmutableSet.of(), new PreOutEdgePostNat(NODE1, INTERFACE1, NODE2, INTERFACE2));
    RuleStatement denyRule = new TransformationRuleStatement(new EqExpr(new VarIntExpr(TransformationHeaderField.NEW_SRC_IP), new VarIntExpr(TransformationHeaderField.NEW_SRC_IP.getCurrent())), ImmutableSet.of(new PreOutEdge(NODE1, INTERFACE1, NODE2, INTERFACE2), new AclDeny(NODE1, NAT_ACL1)), ImmutableSet.of(), new PreOutEdgePostNat(NODE1, INTERFACE1, NODE2, INTERFACE2));
    assertThat(rules, containsInAnyOrder(permitRule, denyRule));
}
Also used : AclDeny(org.batfish.z3.state.AclDeny) PreOutEdge(org.batfish.z3.state.PreOutEdge) VarIntExpr(org.batfish.z3.expr.VarIntExpr) MockSynthesizerInput(org.batfish.z3.MockSynthesizerInput) SynthesizerInput(org.batfish.z3.SynthesizerInput) TransformationRuleStatement(org.batfish.z3.expr.TransformationRuleStatement) RuleStatement(org.batfish.z3.expr.RuleStatement) BasicRuleStatement(org.batfish.z3.expr.BasicRuleStatement) EqExpr(org.batfish.z3.expr.EqExpr) AclPermit(org.batfish.z3.state.AclPermit) TransformationRuleStatement(org.batfish.z3.expr.TransformationRuleStatement) Edge(org.batfish.datamodel.Edge) PostOutEdge(org.batfish.z3.state.PostOutEdge) PreOutEdge(org.batfish.z3.state.PreOutEdge) PreOutEdgePostNat(org.batfish.z3.state.PreOutEdgePostNat) Test(org.junit.Test)

Aggregations

BasicRuleStatement (org.batfish.z3.expr.BasicRuleStatement)8 PreOutEdgePostNat (org.batfish.z3.state.PreOutEdgePostNat)8 TransformationRuleStatement (org.batfish.z3.expr.TransformationRuleStatement)7 SynthesizerInput (org.batfish.z3.SynthesizerInput)6 RuleStatement (org.batfish.z3.expr.RuleStatement)6 PostOutEdge (org.batfish.z3.state.PostOutEdge)6 PreOutEdge (org.batfish.z3.state.PreOutEdge)6 EqExpr (org.batfish.z3.expr.EqExpr)5 VarIntExpr (org.batfish.z3.expr.VarIntExpr)5 AclDeny (org.batfish.z3.state.AclDeny)5 AclPermit (org.batfish.z3.state.AclPermit)5 Edge (org.batfish.datamodel.Edge)4 MockSynthesizerInput (org.batfish.z3.MockSynthesizerInput)4 BooleanExpr (org.batfish.z3.expr.BooleanExpr)4 ImmutableList (com.google.common.collect.ImmutableList)3 ImmutableMap (com.google.common.collect.ImmutableMap)3 ImmutableSet (com.google.common.collect.ImmutableSet)3 List (java.util.List)3 Map (java.util.Map)3 Set (java.util.Set)3