Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

iptables fixes #488

Merged
merged 3 commits into from
Oct 5, 2017
Merged

iptables fixes #488

merged 3 commits into from
Oct 5, 2017

Conversation

dspicuzzbbn
Copy link
Contributor

This PR fixes two things:

  • Allows not specifying the :FORWARD ACCEPT [0:0] style of defaults (iptables-save doesn't require it, so neither should batfish)
  • Applies iptables rules without explicit interfaces specified to all interfaces, and adds a test for that

@dspicuzzbbn
Copy link
Contributor Author

This partially resolves #485, but I believe that there are further issues that need to be investigated by someone else.

@dspicuzzbbn dspicuzzbbn mentioned this pull request Oct 2, 2017
Closed
@virtuald
Added test rig which includes reachability, protection, and transit
05e695d 
* Also includes iptables for routers, this should make sure we dont break this feature again going forward
* Fixes batfish#464
@dspicuzzbbn
Copy link
Contributor Author

We've added another commit with a new iptables testrig that does more comprehensive tests.

@dhalperi dhalperi requested a review from arifogel October 4, 2017 19:04
arifogel
arifogel reviewed Oct 5, 2017
View reviewed changes
Copy link
Member

@arifogel arifogel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it's good, but I'm not ready to approve until we can clarify the expected result of the reachability unit tests.

tests/basic/example-iptables-protection.ref
"answerElements" : [
{
"class" : "org.batfish.datamodel.FlowHistory"
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this supposed to be empty? What about the other reachability answers?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jkhourybbn?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes all three questions are supposed to be empty. A non empty result is a violation of the policy. The questions are crafted so they return no results.

arifogel
arifogel approved these changes Oct 5, 2017
View reviewed changes
Copy link
Member

@arifogel arifogel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK

@arifogel arifogel merged commit a40e992 into batfish:master Oct 5, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@virtuald virtuald virtuald left review comments

@jkhourybbn jkhourybbn jkhourybbn left review comments

@arifogel arifogel arifogel approved these changes

Assignees

@arifogel arifogel

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@dspicuzzbbn @virtuald @arifogel @jkhourybbn