private Optional<IpAccessList> makeQueryAcl(IpAccessList originalAcl) { SearchFiltersQuestion question = (SearchFiltersQuestion) _question; switch (question.getType()) { case PERMIT: return Optional.of(originalAcl); case DENY: return Optional.of(toDenyAcl(originalAcl)); case MATCH_LINE: // for each ACL, construct a new ACL that accepts if and only if the specified line matches Integer lineNumber = question.getLineNumber(); checkState(lineNumber != null, "Cannot perform a match line query without a line number"); return originalAcl.getLines().size() > lineNumber ? Optional.of(toMatchLineAcl(lineNumber, originalAcl)) : Optional.empty(); default: throw new BatfishException("Unexpected query Type: " + question.getType()); } }
@Test public void testReachFilter_deny_ACCEPT_ALL() { Optional<SearchFiltersResult> result = _batfish.reachFilter(_config, toDenyAcl(ACCEPT_ALL_ACL), _allLocationsParams); assertThat("Should not find permitted flow", !result.isPresent()); }
@Test public void testReachFilter_deny_REJECT_ALL() { Optional<SearchFiltersResult> result = _batfish.reachFilter(_config, toDenyAcl(REJECT_ALL_ACL), _allLocationsParams); assertThat("Should find permitted flow", result.isPresent()); }
@Test public void testReachFilter_deny() { Optional<SearchFiltersResult> permitResult = _batfish.reachFilter(_config, toDenyAcl(ACL), _allLocationsParams); assertThat("Should find permitted flow", permitResult.isPresent()); assertThat(permitResult.get().getExampleFlow(), hasDstIp(not(oneOf(IP0, IP3)))); }
@Test public void testToDenyAcl() { IpAccessList denyAcl = IpAccessList.builder() .setName("foo") .setLines( ImmutableList.of( IpAccessListLine.rejecting().setMatchCondition(matchDstIp("1.1.1.1")).build(), IpAccessListLine.accepting().setMatchCondition(matchDstIp("1.1.1.2")).build(), IpAccessListLine.accepting().setMatchCondition(matchDstIp("1.1.1.3")).build(), IpAccessListLine.rejecting().setMatchCondition(matchDstIp("1.1.1.4")).build(), IpAccessListLine.ACCEPT_ALL)) .build(); assertThat(SearchFiltersAnswerer.toDenyAcl(_acl), equalTo(denyAcl)); } }