private Optional<IpAccessList> makeQueryAcl(IpAccessList originalAcl) { SearchFiltersQuestion question = (SearchFiltersQuestion) _question; switch (question.getType()) { case PERMIT: return Optional.of(originalAcl); case DENY: return Optional.of(toDenyAcl(originalAcl)); case MATCH_LINE: // for each ACL, construct a new ACL that accepts if and only if the specified line matches Integer lineNumber = question.getLineNumber(); checkState(lineNumber != null, "Cannot perform a match line query without a line number"); return originalAcl.getLines().size() > lineNumber ? Optional.of(toMatchLineAcl(lineNumber, originalAcl)) : Optional.empty(); default: throw new BatfishException("Unexpected query Type: " + question.getType()); } }
@Test public void testReachFilter_matchLine_blocked() { Optional<SearchFiltersResult> permitResult = _batfish.reachFilter(_config, toMatchLineAcl(2, BLOCKED_LINE_ACL), _allLocationsParams); assertThat("Should not find permitted flow", !permitResult.isPresent()); }
@Test public void testReachFilter_matchLine() { Optional<SearchFiltersResult> permitResult = _batfish.reachFilter(_config, toMatchLineAcl(0, ACL), _allLocationsParams); assertThat("Should find permitted flow", permitResult.isPresent()); assertThat(permitResult.get().getExampleFlow(), hasDstIp(IP0)); permitResult = _batfish.reachFilter(_config, toMatchLineAcl(1, ACL), _allLocationsParams); assertThat("Should find permitted flow", permitResult.isPresent()); assertThat(permitResult.get().getExampleFlow(), hasDstIp(IP1)); permitResult = _batfish.reachFilter(_config, toMatchLineAcl(2, ACL), _allLocationsParams); assertThat("Should find permitted flow", permitResult.isPresent()); assertThat(permitResult.get().getExampleFlow(), hasDstIp(IP2)); permitResult = _batfish.reachFilter(_config, toMatchLineAcl(3, ACL), _allLocationsParams); assertThat("Should find permitted flow", permitResult.isPresent()); assertThat(permitResult.get().getExampleFlow(), hasDstIp(IP3)); }
@Test public void testMatchSrcInterface() { Optional<SearchFiltersResult> result = _batfish.reachFilter(_config, toMatchLineAcl(0, SRC_ACL), _allLocationsParams); assertThat( result.get().getExampleFlow(), allOf(hasIngressInterface(nullValue()), hasDstIp(IP0))); result = _batfish.reachFilter(_config, toMatchLineAcl(1, SRC_ACL), _allLocationsParams); assertThat(result.get().getExampleFlow(), allOf(hasIngressInterface(IFACE1), hasDstIp(IP1))); result = _batfish.reachFilter(_config, toMatchLineAcl(2, SRC_ACL), _allLocationsParams); assertThat(result.get().getExampleFlow(), allOf(hasIngressInterface(IFACE2), hasDstIp(IP2))); // cannot have two different source interfaces result = _batfish.reachFilter(_config, toMatchLineAcl(3, SRC_ACL), _allLocationsParams); assertThat(result, equalTo(Optional.empty())); // cannot have originate from device and have a source interface result = _batfish.reachFilter(_config, toMatchLineAcl(4, SRC_ACL), _allLocationsParams); assertThat(result, equalTo(Optional.empty())); }
@Test public void testSourceInterfaceParameter() { SearchFiltersParameters params = _allLocationsParams .toBuilder() .setStartLocationSpecifier(new NameRegexInterfaceLinkLocationSpecifier(IFACE1)) .build(); // can match line 1 because IFACE1 is specified Optional<SearchFiltersResult> result = _batfish.reachFilter(_config, toMatchLineAcl(1, SRC_ACL), params); assertThat(result.get().getExampleFlow(), allOf(hasIngressInterface(IFACE1), hasDstIp(IP1))); // cannot match line 2 because IFACE2 is not specified result = _batfish.reachFilter(_config, toMatchLineAcl(2, SRC_ACL), params); assertThat("Should not find a result", !result.isPresent()); }
@Test public void testToMatchLineAcl_0() { IpAccessList matchLine0Acl = IpAccessList.builder() .setName("foo") .setLines( ImmutableList.of( IpAccessListLine.accepting().setMatchCondition(matchDstIp("1.1.1.1")).build())) .build(); assertThat(toMatchLineAcl(0, _acl), equalTo(matchLine0Acl)); }
@Test public void testToMatchLineAcl_2() { IpAccessList matchLine2Acl = IpAccessList.builder() .setName("foo") .setLines( ImmutableList.of( IpAccessListLine.rejecting().setMatchCondition(matchDstIp("1.1.1.1")).build(), IpAccessListLine.rejecting().setMatchCondition(matchDstIp("1.1.1.2")).build(), IpAccessListLine.accepting().setMatchCondition(matchDstIp("1.1.1.3")).build())) .build(); assertThat(toMatchLineAcl(2, _acl), equalTo(matchLine2Acl)); }