@Test public void testReachFilter_permit() { Optional<SearchFiltersResult> result = _batfish.reachFilter(_config, ACL, _allLocationsParams); assertThat("Should find permitted flow", result.isPresent()); assertThat(result.get().getExampleFlow(), hasDstIp(oneOf(IP0, IP3))); }
@Test public void testReachFilter_deny() { Optional<SearchFiltersResult> permitResult = _batfish.reachFilter(_config, toDenyAcl(ACL), _allLocationsParams); assertThat("Should find permitted flow", permitResult.isPresent()); assertThat(permitResult.get().getExampleFlow(), hasDstIp(not(oneOf(IP0, IP3)))); }
@Test public void testReachFilter_matchLine() { Optional<SearchFiltersResult> permitResult = _batfish.reachFilter(_config, toMatchLineAcl(0, ACL), _allLocationsParams); assertThat("Should find permitted flow", permitResult.isPresent()); assertThat(permitResult.get().getExampleFlow(), hasDstIp(IP0)); permitResult = _batfish.reachFilter(_config, toMatchLineAcl(1, ACL), _allLocationsParams); assertThat("Should find permitted flow", permitResult.isPresent()); assertThat(permitResult.get().getExampleFlow(), hasDstIp(IP1)); permitResult = _batfish.reachFilter(_config, toMatchLineAcl(2, ACL), _allLocationsParams); assertThat("Should find permitted flow", permitResult.isPresent()); assertThat(permitResult.get().getExampleFlow(), hasDstIp(IP2)); permitResult = _batfish.reachFilter(_config, toMatchLineAcl(3, ACL), _allLocationsParams); assertThat("Should find permitted flow", permitResult.isPresent()); assertThat(permitResult.get().getExampleFlow(), hasDstIp(IP3)); }
@Test public void testMatchSrcInterface() { Optional<SearchFiltersResult> result = _batfish.reachFilter(_config, toMatchLineAcl(0, SRC_ACL), _allLocationsParams); assertThat( result.get().getExampleFlow(), allOf(hasIngressInterface(nullValue()), hasDstIp(IP0))); result = _batfish.reachFilter(_config, toMatchLineAcl(1, SRC_ACL), _allLocationsParams); assertThat(result.get().getExampleFlow(), allOf(hasIngressInterface(IFACE1), hasDstIp(IP1))); result = _batfish.reachFilter(_config, toMatchLineAcl(2, SRC_ACL), _allLocationsParams); assertThat(result.get().getExampleFlow(), allOf(hasIngressInterface(IFACE2), hasDstIp(IP2))); // cannot have two different source interfaces result = _batfish.reachFilter(_config, toMatchLineAcl(3, SRC_ACL), _allLocationsParams); assertThat(result, equalTo(Optional.empty())); // cannot have originate from device and have a source interface result = _batfish.reachFilter(_config, toMatchLineAcl(4, SRC_ACL), _allLocationsParams); assertThat(result, equalTo(Optional.empty())); }
toSearchFiltersRow( result.getHeaderSpaceDescription().orElse(null), testFiltersRow(true, hostname, aclname, result.getExampleFlow()), question.getGenerateExplanations())));
.forEach( result -> { Flow flow = result.getExampleFlow(); AclLineMatchExpr description = result.getHeaderSpaceDescription().orElse(null); baseTable.addRow(
@Test public void testSourceInterfaceParameter() { SearchFiltersParameters params = _allLocationsParams .toBuilder() .setStartLocationSpecifier(new NameRegexInterfaceLinkLocationSpecifier(IFACE1)) .build(); // can match line 1 because IFACE1 is specified Optional<SearchFiltersResult> result = _batfish.reachFilter(_config, toMatchLineAcl(1, SRC_ACL), params); assertThat(result.get().getExampleFlow(), allOf(hasIngressInterface(IFACE1), hasDstIp(IP1))); // cannot match line 2 because IFACE2 is not specified result = _batfish.reachFilter(_config, toMatchLineAcl(2, SRC_ACL), params); assertThat("Should not find a result", !result.isPresent()); }
@Test public void testReachFilter_permit_headerSpace() { SearchFiltersParameters.Builder paramsBuilder = _allLocationsParams .toBuilder() .setDestinationIpSpaceSpecifier(new ConstantIpSpaceSpecifier(IP0.toIpSpace())) .setSourceIpSpaceSpecifier(new ConstantIpSpaceSpecifier(UniverseIpSpace.INSTANCE)) .setHeaderSpace(HeaderSpace.builder().build()); SearchFiltersParameters params = paramsBuilder.build(); Optional<SearchFiltersResult> result = _batfish.reachFilter(_config, ACL, params); assertThat("Should find result", result.isPresent()); assertThat(result.get().getExampleFlow(), hasDstIp(IP0)); params = paramsBuilder.setHeaderSpace(HeaderSpace.builder().setNegate(true).build()).build(); result = _batfish.reachFilter(_config, ACL, params); assertThat("Should find result", result.isPresent()); assertThat(result.get().getExampleFlow(), hasDstIp(IP3)); }
@Test public void testSane2() { // An ACL that can only match with ingress interface IFACE2. IpAccessList denyAllSourcesAcl = IpAccessList.builder() .setName("srcAcl") .setLines( ImmutableList.of( rejecting().setMatchCondition(ORIGINATING_FROM_DEVICE).build(), rejecting().setMatchCondition(matchSrcInterface(IFACE1)).build(), ACCEPT_ALL)) .build(); Optional<SearchFiltersResult> flow = _batfish.reachFilter(_config, denyAllSourcesAcl, _allLocationsParams); assertThat("Should find a result", flow.isPresent()); assertThat(flow.get().getExampleFlow(), hasIngressInterface(IFACE2)); }
@Test public void testReachFilter_DENY_ALL_portConstraints() { HeaderSpace hs = new HeaderSpace(); hs.setSrcPorts(Collections.singletonList(new SubRange(1111, 1111))); hs.setDstPorts(Collections.singletonList(new SubRange(2222, 2222))); SearchFiltersParameters params = _allLocationsParams .toBuilder() .setDestinationIpSpaceSpecifier(new ConstantIpSpaceSpecifier(UniverseIpSpace.INSTANCE)) .setSourceIpSpaceSpecifier(new ConstantIpSpaceSpecifier(UniverseIpSpace.INSTANCE)) .setHeaderSpace(hs) .build(); Optional<SearchFiltersResult> result = _batfish.reachFilter(_config, ACCEPT_ALL_ACL, params); assertThat(result.get().getExampleFlow(), allOf(hasSrcPort(1111), hasDstPort(2222))); }
@Test public void testReachFilter_ACCEPT_ALL_dstIpConstraint() { Ip constraintIp = Ip.parse("21.21.21.21"); SearchFiltersParameters params = _allLocationsParams .toBuilder() .setDestinationIpSpaceSpecifier(new ConstantIpSpaceSpecifier(constraintIp.toIpSpace())) .setSourceIpSpaceSpecifier(new ConstantIpSpaceSpecifier(UniverseIpSpace.INSTANCE)) .setHeaderSpace(new HeaderSpace()) .build(); Optional<SearchFiltersResult> result = _batfish.reachFilter(_config, ACCEPT_ALL_ACL, params); assertThat(result.get().getExampleFlow(), hasDstIp(constraintIp)); }
@Test public void testReachFilter_ACCEPT_ALL_srcIpConstraint() { Ip constraintIp = Ip.parse("21.21.21.21"); SearchFiltersParameters params = _allLocationsParams .toBuilder() .setDestinationIpSpaceSpecifier(new ConstantIpSpaceSpecifier(UniverseIpSpace.INSTANCE)) .setSourceIpSpaceSpecifier(new ConstantIpSpaceSpecifier(constraintIp.toIpSpace())) .setHeaderSpace(new HeaderSpace()) .build(); Optional<SearchFiltersResult> result = _batfish.reachFilter(_config, ACCEPT_ALL_ACL, params); assertThat(result.get().getExampleFlow(), hasSrcIp(constraintIp)); }