ifaceUnit -> builder.put( interfaceLocation(ifaceUnit), matchSrcInterface(ifaceUnit)))); _masterLogicalSystem .getZones() builder.put( zoneLocation(zone.getName()), matchSrcInterface( zone.getInterfaces().stream() .map(Interface::getName) builder.put( routingInstanceLocation(routingInstance.getName()), matchSrcInterface( routingInstance.getInterfaces().values().stream() .map(Interface::getName)
@Test public void testAnd() { assertThat(and(ImmutableList.of()), equalTo(TrueExpr.INSTANCE)); MatchSrcInterface expr = matchSrcInterface("a"); assertThat(and(ImmutableList.of(expr)), equalTo(expr)); }
@Test public void testOr() { assertThat(or(ImmutableList.of()), equalTo(FalseExpr.INSTANCE)); MatchSrcInterface expr = matchSrcInterface("a"); assertThat(or(ImmutableList.of(expr)), equalTo(expr)); } }
@Test public void testExprs() { Map<String, IpAccessList> namedAcls = ImmutableMap.of(); assertThat(referencedSources(namedAcls, TRUE), equalTo(ImmutableSet.of())); assertThat(referencedSources(namedAcls, FALSE), equalTo(ImmutableSet.of())); assertThat( referencedSources(namedAcls, ORIGINATING_FROM_DEVICE), equalTo(ImmutableSet.of(SOURCE_ORIGINATING_FROM_DEVICE))); assertThat(referencedSources(namedAcls, matchDst(Ip.AUTO)), equalTo(ImmutableSet.of())); assertThat( referencedSources(namedAcls, matchSrcInterface("a", "b", "c")), equalTo(ImmutableSet.of("a", "b", "c"))); assertThat( referencedSources(namedAcls, and(matchSrcInterface("a"), matchSrcInterface("b", "c"))), equalTo(ImmutableSet.of("a", "b", "c"))); assertThat( referencedSources(namedAcls, not(matchSrcInterface("a", "b", "c"))), equalTo(ImmutableSet.of("a", "b", "c"))); assertThat( referencedSources(namedAcls, or(matchSrcInterface("a"), matchSrcInterface("b", "c"))), equalTo(ImmutableSet.of("a", "b", "c"))); }
@Test public void visitMatchSrcInterface() { MatchSrcInterface matchSrcInterface = AclLineMatchExprs.matchSrcInterface("foo"); assertThat(negate(matchSrcInterface), equalTo(not(matchSrcInterface))); }
@Test public void testAcl() { IpAccessList.Builder aclBuilder = IpAccessList.builder().setName("foo"); IpAccessList acl = aclBuilder.setLines(ImmutableList.of(IpAccessListLine.ACCEPT_ALL)).build(); Map<String, IpAccessList> namedAcls = ImmutableMap.of(); assertThat(referencedSources(namedAcls, acl), equalTo(ImmutableSet.of())); acl = aclBuilder .setLines( ImmutableList.of( accepting().setMatchCondition(matchSrcInterface("a")).build(), rejecting().setMatchCondition(matchSrcInterface("b")).build(), accepting().setMatchCondition(matchSrcInterface("c")).build())) .build(); assertThat(referencedSources(namedAcls, acl), equalTo(ImmutableSet.of("a", "b", "c"))); }
@Test public void testPermittedByAcl() { IpAccessList.Builder aclBuilder = IpAccessList.builder().setName("foo"); IpAccessList acl = aclBuilder .setLines( ImmutableList.of( IpAccessListLine.accepting().setMatchCondition(matchSrcInterface("a")).build())) .build(); Map<String, IpAccessList> namedAcls = ImmutableMap.of(acl.getName(), acl); assertThat( referencedSources(namedAcls, new PermittedByAcl(acl.getName())), equalTo(ImmutableSet.of("a"))); } }
@Test public void testSane() { // an ACL that can only match with an insane interface IpAccessList denyAllSourcesAcl = IpAccessList.builder() .setName("srcAcl") .setLines( ImmutableList.of( rejecting().setMatchCondition(ORIGINATING_FROM_DEVICE).build(), rejecting().setMatchCondition(matchSrcInterface(IFACE1)).build(), rejecting().setMatchCondition(matchSrcInterface(IFACE2)).build(), ACCEPT_ALL)) .build(); Optional<SearchFiltersResult> flow = _batfish.reachFilter(_config, denyAllSourcesAcl, _allLocationsParams); assertThat(flow, equalTo(Optional.empty())); }
@Test public void testSane2() { // An ACL that can only match with ingress interface IFACE2. IpAccessList denyAllSourcesAcl = IpAccessList.builder() .setName("srcAcl") .setLines( ImmutableList.of( rejecting().setMatchCondition(ORIGINATING_FROM_DEVICE).build(), rejecting().setMatchCondition(matchSrcInterface(IFACE1)).build(), ACCEPT_ALL)) .build(); Optional<SearchFiltersResult> flow = _batfish.reachFilter(_config, denyAllSourcesAcl, _allLocationsParams); assertThat("Should find a result", flow.isPresent()); assertThat(flow.get().getExampleFlow(), hasIngressInterface(IFACE2)); }
matchExpr = and(matchExpr, matchSrcInterface(insideInterface));
matchExpr = and(matchExpr, matchSrcInterface(insideInterface));
.setLines( ImmutableList.of( accepting().setMatchCondition(and(matchSrcInterface(IFACE), matchDst(ip))).build())) .build(); Batfish batfish = getBatfish(baseConfig, deltaConfig);
.setLines( ImmutableList.of( accepting().setMatchCondition(and(matchSrcInterface(IFACE), matchDst(ip))).build())) .build(); Batfish batfish = getBatfish(baseConfig, deltaConfig);
private static Configuration configWithOneAcl(NetworkFactory nf) { Configuration config = nf.configurationBuilder().setConfigurationFormat(ConfigurationFormat.CISCO_IOS).build(); Interface.Builder ib = nf.interfaceBuilder().setOwner(config); ib.setName(IFACE1).build(); ib.setName(IFACE2).build(); ib.setName(IFACE3).build(); ib.setName(IFACE4).setActive(false).build(); // an ACL that can only match with an IFACE2 or iface3 IpAccessList.builder() .setName("acl") .setOwner(config) .setLines( ImmutableList.of( accepting().setMatchCondition(matchSrcInterface(IFACE1)).build(), rejecting().setMatchCondition(matchSrcInterface(IFACE4)).build(), ACCEPT_ALL)) .build(); return config; }