public static MatchHeaderSpace matchSrcPort(int port) { return match( HeaderSpace.builder().setSrcPorts(ImmutableList.of(new SubRange(port, port))).build()); }
@Override public Optional<Transformation.Builder> toOutgoingTransformation( Map<String, IpAccessList> ipAccessLists, Map<String, NatPool> natPools, @Nullable Set<String> insideInterfaces, Configuration c) { /* * No named ACL in rule, but need to match src/dest to global/local according * to direction and rule type */ AclLineMatchExpr matchExpr; TransformationStep step; switch (getAction()) { case SOURCE_INSIDE: matchExpr = AclLineMatchExprs.matchSrc(_localNetwork); step = TransformationStep.shiftSourceIp(_globalNetwork); break; case SOURCE_OUTSIDE: matchExpr = AclLineMatchExprs.matchDst(_localNetwork); step = TransformationStep.shiftDestinationIp(_globalNetwork); break; default: return Optional.empty(); } if (insideInterfaces != null) { matchExpr = AclLineMatchExprs.and(matchExpr, new MatchSrcInterface(insideInterfaces)); } return Optional.of(Transformation.when(matchExpr).apply(step)); }
@Test public void testAnd() { assertThat(and(ImmutableList.of()), equalTo(TrueExpr.INSTANCE)); MatchSrcInterface expr = matchSrcInterface("a"); assertThat(and(ImmutableList.of(expr)), equalTo(expr)); }
@Test public void testOr() { assertThat(or(ImmutableList.of()), equalTo(FalseExpr.INSTANCE)); MatchSrcInterface expr = matchSrcInterface("a"); assertThat(or(ImmutableList.of(expr)), equalTo(expr)); } }
@Test public void testExprs() { Map<String, IpAccessList> namedAcls = ImmutableMap.of(); assertThat(referencedSources(namedAcls, TRUE), equalTo(ImmutableSet.of())); assertThat(referencedSources(namedAcls, FALSE), equalTo(ImmutableSet.of())); assertThat( referencedSources(namedAcls, ORIGINATING_FROM_DEVICE), equalTo(ImmutableSet.of(SOURCE_ORIGINATING_FROM_DEVICE))); assertThat(referencedSources(namedAcls, matchDst(Ip.AUTO)), equalTo(ImmutableSet.of())); assertThat( referencedSources(namedAcls, matchSrcInterface("a", "b", "c")), equalTo(ImmutableSet.of("a", "b", "c"))); assertThat( referencedSources(namedAcls, and(matchSrcInterface("a"), matchSrcInterface("b", "c"))), equalTo(ImmutableSet.of("a", "b", "c"))); assertThat( referencedSources(namedAcls, not(matchSrcInterface("a", "b", "c"))), equalTo(ImmutableSet.of("a", "b", "c"))); assertThat( referencedSources(namedAcls, or(matchSrcInterface("a"), matchSrcInterface("b", "c"))), equalTo(ImmutableSet.of("a", "b", "c"))); }
.setLines( ImmutableList.of( accepting().setMatchCondition(and(matchSrcInterface(IFACE), matchDst(ip))).build())) .build(); Batfish batfish = getBatfish(baseConfig, deltaConfig);
AclLineMatchExpr matchExpr = matchSrc(realSource.toIpSpace()); matchExpr = and(matchExpr, matchSrcInterface(insideInterface));
public BDDReachabilityAnalysis bddReachabilityAnalysis(IpSpaceAssignment srcIpSpaceAssignment) { return bddReachabilityAnalysis( srcIpSpaceAssignment, matchDst(UniverseIpSpace.INSTANCE), ImmutableSet.of(), ImmutableSet.of(), _configs.keySet(), ImmutableSet.of(FlowDisposition.ACCEPTED)); }
public static AclLineMatchExpr and(AclLineMatchExpr... exprs) { return and( Arrays.stream(exprs) .collect(ImmutableSortedSet.toImmutableSortedSet(Comparator.naturalOrder()))); }
@Override public Optional<Transformation.Builder> toIncomingTransformation(Map<String, NatPool> natPools) { /* * No named ACL in rule, but need to match src/dest to global/local according * to direction and rule type */ AclLineMatchExpr matchExpr; TransformationStep step; switch (getAction()) { case SOURCE_INSIDE: matchExpr = AclLineMatchExprs.matchDst(_globalNetwork); step = TransformationStep.shiftDestinationIp(_localNetwork); break; case SOURCE_OUTSIDE: matchExpr = AclLineMatchExprs.matchSrc(_globalNetwork); step = TransformationStep.shiftSourceIp(_localNetwork); break; default: return Optional.empty(); } return Optional.of(Transformation.when(matchExpr).apply(step)); } }
ifaceUnit -> builder.put( interfaceLocation(ifaceUnit), matchSrcInterface(ifaceUnit)))); _masterLogicalSystem .getZones() builder.put( zoneLocation(zone.getName()), matchSrcInterface( zone.getInterfaces().stream() .map(Interface::getName) builder.put( routingInstanceLocation(routingInstance.getName()), matchSrcInterface( routingInstance.getInterfaces().values().stream() .map(Interface::getName)
public static AclLineMatchExpr or(AclLineMatchExpr... exprs) { return or( Arrays.stream(exprs).collect(ImmutableSortedSet.toImmutableSortedSet(Ordering.natural()))); }
public static MatchHeaderSpace matchSrc(Ip ip) { return matchSrc(ip.toIpSpace()); }
AclLineMatchExpr natAclExpr = permittedByAcl(natAclName); if (insideInterfaces != null) { natAclExpr = and(natAclExpr, new MatchSrcInterface(insideInterfaces));
@Test public void visitMatchSrcInterface() { MatchSrcInterface matchSrcInterface = AclLineMatchExprs.matchSrcInterface("foo"); assertThat(negate(matchSrcInterface), equalTo(not(matchSrcInterface))); }
/** * Scope the headerspace permitted by an {@link IpAccessList} to those flows that also match * {@code invariantExpr}. */ @VisibleForTesting static IpAccessList scopedAcl(AclLineMatchExpr invariantExpr, IpAccessList acl) { return IpAccessList.builder() .setName(INVARIANT_ACL_NAME) .setLines( ImmutableList.<IpAccessListLine>builder() .add(rejecting(not(invariantExpr))) .add(accepting(new PermittedByAcl(acl.getName()))) .build()) .build(); } }
@Test public void visitPermittedByAcl() { PermittedByAcl permittedByFoo = permittedByAcl("foo"); assertThat(negate(permittedByFoo), equalTo(not(permittedByFoo))); }