@VisibleForTesting @Nonnull HeaderSpace getHeaderSpace() { return PacketHeaderConstraintsUtil.toHeaderSpaceBuilder(_headerConstraints) .setNegate(_complementHeaderSpace) .build(); }
public static HeaderSpace toHeaderSpace(List<NatRuleMatch> matches) { NatRuleMatchToHeaderSpace v = new NatRuleMatchToHeaderSpace(); matches.forEach(m -> m.accept(v)); return v._headerSpace.build(); }
@Override public AclLineMatchExpr toAclLineMatchExpr() { return new MatchHeaderSpace( HeaderSpace.builder().setIpProtocols(ImmutableList.of(_protocol)).build()); } }
@Override public AclLineMatchExpr toAclLineMatchExpr() { HeaderSpace.Builder b = HeaderSpace.builder().setIpProtocols(ImmutableList.copyOf(_protocols)); b.setDstPorts(_dstPorts); b.setSrcPorts(_srcPorts); if (_icmpType != null) { b.setIcmpTypes(ImmutableList.of(new SubRange(_icmpType))); } return new MatchHeaderSpace(b.build()); } }
@Override public HeaderSpace visitTrueExpr(TrueExpr trueExpr) { return HeaderSpace.builder().build(); } }
private static MatchHeaderSpace matchField(Prefix prefix, IpField field) { switch (field) { case DESTINATION: return new MatchHeaderSpace(HeaderSpace.builder().setDstIps(prefix.toIpSpace()).build()); case SOURCE: return new MatchHeaderSpace(HeaderSpace.builder().setSrcIps(prefix.toIpSpace()).build()); default: throw new BatfishException("Invalid field"); } }
@Test public void test_icmpType() { HeaderSpace headerSpace = HeaderSpace.builder().setIcmpTypes(ImmutableList.of(new SubRange(8, 8))).build(); BDD matchExprBDD = _toBDD.toBDD(headerSpace); BDD icmpTypeBDD = _pkt.getIcmpType().value(8); assertThat(matchExprBDD, equalTo(icmpTypeBDD)); }
@Test public void test_fragmentOffsets() { HeaderSpace headerSpace = HeaderSpace.builder() .setFragmentOffsets(ImmutableSet.of(new SubRange(0, 5))) .setNotFragmentOffsets(ImmutableSet.of(new SubRange(2, 6))) .build(); BDD bdd = _toBDD.toBDD(headerSpace); BDDInteger fragmentOffset = _pkt.getFragmentOffset(); BDD fragmentOffsetBDD = fragmentOffset.value(0).or(fragmentOffset.value(1)); assertThat(bdd, equalTo(fragmentOffsetBDD)); }
@Test public void test_srcOrDstPorts() { SubRange portRange = new SubRange(10, 20); HeaderSpace headerSpace = HeaderSpace.builder().setSrcOrDstPorts(ImmutableList.of(portRange)).build(); BDD bdd = _toBDD.toBDD(headerSpace); BDDInteger dstPort = _pkt.getDstPort(); BDD dstPortBDD = dstPort.leq(20).and(dstPort.geq(10)); BDDInteger srcPort = _pkt.getSrcPort(); BDD srcPortBDD = srcPort.leq(20).and(srcPort.geq(10)); assertThat(bdd, equalTo(dstPortBDD.or(srcPortBDD))); }
@Override public AclLineMatchExpr toAclLineMatchExpr() { return new MatchHeaderSpace( HeaderSpace.builder() .setIpProtocols(ImmutableList.of(IpProtocol.TCP)) .setDstPorts(_ports) .build()); } }
public static MatchHeaderSpace match5Tuple( Ip srcIp, int srcPort, Ip dstIp, int dstPort, IpProtocol ipProtocol) { return new MatchHeaderSpace( HeaderSpace.builder() .setSrcIps(srcIp.toIpSpace()) .setSrcPorts(ImmutableList.of(new SubRange(srcPort, srcPort))) .setDstIps(dstIp.toIpSpace()) .setDstPorts(ImmutableList.of(new SubRange(dstPort, dstPort))) .setIpProtocols(ImmutableList.of(ipProtocol)) .build()); } }
@Test public void testIntersect() { HeaderSpace h1 = HeaderSpace.builder().setDstIps(IP1).build(); HeaderSpace h2 = HeaderSpace.builder().setSrcIps(IP2).build(); HeaderSpace h3 = HeaderSpace.builder().setDstIps(IP1).setSrcIps(IP2).build(); assertThat(intersect(h1, h2), equalTo(Optional.of(h3))); assertThat(intersect(h2, h1), equalTo(Optional.of(h3))); }
@Override public AclLineMatchExpr toAclLineMatchExpr() { return new MatchHeaderSpace( HeaderSpace.builder().setIpProtocols(ImmutableList.of(IpProtocol.ICMP)).build()); } }
@Test public void test_state() { HeaderSpace headerSpace = HeaderSpace.builder() .setStates(ImmutableSet.of(FlowState.fromNum(0), FlowState.fromNum(1))) .build(); BDD bdd = _toBDD.toBDD(headerSpace); BDDInteger state = _pkt.getState(); BDD stateBDD = state.value(0).or(state.value(1)); assertThat(bdd, equalTo(stateBDD)); }
/** * Convert {@link PacketHeaderConstraints} to an {@link AclLineMatchExpr}. * * @param phc the packet header constraints * @param srcIpSpace Resolved source IP space * @param dstIpSpace Resolved destination IP space */ public static AclLineMatchExpr toAclLineMatchExpr( PacketHeaderConstraints phc, IpSpace srcIpSpace, IpSpace dstIpSpace) { return new MatchHeaderSpace( toHeaderSpaceBuilder(phc).setSrcIps(srcIpSpace).setDstIps(dstIpSpace).build()); }
@Override @Nonnull public AclLineMatchExpr toAclLineMatchExpr(Map<String, ObjectGroup> objectGroups) { return new MatchHeaderSpace(HeaderSpace.builder().setDscps(_dscps).setEcns(_ecns).build()); } }
/** Resolve all parameters and update the underlying headerspace. */ public HeaderSpace resolveHeaderspace(SpecifierContext ctx) { return _headerSpace .toBuilder() .setSrcIps(resolveIpSpaceSpecifier(_sourceIpSpaceSpecifier, ctx)) .setDstIps(resolveIpSpaceSpecifier(_destinationIpSpaceSpecifier, ctx)) .build(); }
@Override public AclLineMatchExpr toAclLineMatchExpr() { return new MatchHeaderSpace( HeaderSpace.builder().setIcmpTypes(ImmutableList.of(new SubRange(_type))).build()); } }
@Test public void testIntersect_nonTrivialDstIpIntersection() { HeaderSpace h1 = HeaderSpace.builder().setDstIps(IP1).build(); HeaderSpace h2 = HeaderSpace.builder().setDstIps(IP2).build(); HeaderSpace h3 = HeaderSpace.builder().setDstIps(AclIpSpace.intersection(IP1, IP2)).build(); assertThat(intersect(h1, h2), equalTo(Optional.of(h3))); }