@Override public Boolean visitMatchHeaderSpace(MatchHeaderSpace matchHeaderSpace) { return trace(matchHeaderSpace.getHeaderspace()); }
public static AclTrace trace( @Nonnull IpAccessList ipAccessList, @Nonnull Flow flow, @Nullable String srcInterface, @Nonnull Map<String, IpAccessList> availableAcls, @Nonnull Map<String, IpSpace> namedIpSpaces, @Nonnull Map<String, IpSpaceMetadata> namedIpSpaceMetadata) { AclTracer tracer = new AclTracer(flow, srcInterface, availableAcls, namedIpSpaces, namedIpSpaceMetadata); tracer.trace(ipAccessList); return tracer.getTrace(); }
public void recordAction( @Nonnull String aclIpSpaceName, @Nullable IpSpaceMetadata ipSpaceMetadata, int index, @Nonnull AclIpSpaceLine line, Ip ip, String ipDescription, IpSpaceDescriber describer) { if (line.getAction() == LineAction.PERMIT) { _currentTreeNode.setEvent( new PermittedByAclIpSpaceLine( aclIpSpaceName, ipSpaceMetadata, index, computeLineDescription(line, describer), ip, ipDescription)); } else { _currentTreeNode.setEvent( new DeniedByAclIpSpaceLine( aclIpSpaceName, ipSpaceMetadata, index, computeLineDescription(line, describer), ip, ipDescription)); } }
private boolean reportIfNamed(IpSpace ipSpace) { boolean result = ipSpace.containsIp(_ip, _aclTracer.getNamedIpSpaces()); String name = _aclTracer.getIpSpaceNames().get(ipSpace); if (name != null) { _aclTracer.recordNamedIpSpaceAction( name, ipSpace.accept(_ipSpaceDescriber), _aclTracer.getIpSpaceMetadata().get(ipSpace), result, _ip, _ipDescription); } return result; }
@Override public Boolean visitIpSpaceReference(IpSpaceReference ipSpaceReference) { String name = ipSpaceReference.getName(); IpSpace ipSpace = _aclTracer.getNamedIpSpaces().get(name); if (ipSpace != null) { _aclTracer.newTrace(); Boolean accepted = ipSpace.accept(this); _aclTracer.endTrace(); return accepted; } else { return false; } }
@Override public Boolean visitAclIpSpace(AclIpSpace aclIpSpace) { String name = _aclTracer.getIpSpaceNames().get(aclIpSpace); _aclTracer.newTrace(); List<AclIpSpaceLine> lines = aclIpSpace.getLines(); for (int i = 0; i < lines.size(); i++) { AclIpSpaceLine line = lines.get(i); if (line.getIpSpace().accept(this)) { if (name != null) { _aclTracer.recordAction( name, _aclTracer.getIpSpaceMetadata().get(aclIpSpace), i, line, _ip, _ipDescription, _ipSpaceDescriber); } _aclTracer.endTrace(); return line.getAction() == LineAction.PERMIT; } _aclTracer.nextLine(); } if (name != null) { _aclTracer.recordDefaultDeny( name, _aclTracer.getIpSpaceMetadata().get(aclIpSpace), _ip, _ipDescription); } _aclTracer.endTrace(); return false; }
private boolean trace(@Nonnull IpAccessList ipAccessList) { List<IpAccessListLine> lines = ipAccessList.getLines(); newTrace(); for (int i = 0; i < lines.size(); i++) { IpAccessListLine line = lines.get(i); if (line.getMatchCondition().accept(this)) { recordAction(ipAccessList, i, line); endTrace(); return line.getAction() == LineAction.PERMIT; } nextLine(); } recordDefaultDeny(ipAccessList); endTrace(); return false; }
@Test public void testVisitEmptyIpSpace() { IpSpace ipSpace = EmptyIpSpace.INSTANCE; IpSpaceDescriber describerWithMetadata = new IpSpaceDescriber( new AclTracer( _flow, null, ImmutableMap.of(), ImmutableMap.of(TEST_NAME, ipSpace), ImmutableMap.of(TEST_NAME, TEST_METADATA))); assertThat(ipSpace.accept(_describerNoNamesNorMetadata), equalTo(ipSpace.toString())); assertThat(ipSpace.accept(describerWithMetadata), equalTo(TEST_METADATA_DESCRIPTION)); }
private @Nullable String computeMetadataDescription(IpSpace ipSpace) { IpSpaceMetadata ipSpaceMetadata = _aclTracer.getIpSpaceMetadata().get(ipSpace); if (ipSpaceMetadata != null) { return String.format( "'%s' named '%s'", ipSpaceMetadata.getSourceType(), ipSpaceMetadata.getSourceName()); } return null; }
@Override public String visitIpSpaceReference(IpSpaceReference ipSpaceReference) { String metadataDescription = computeMetadataDescription(ipSpaceReference); if (metadataDescription != null) { return metadataDescription; } String name = ipSpaceReference.getName(); IpSpace referencedSpace = _aclTracer.getNamedIpSpaces().get(name); String defaultValue = String.format("An IpSpace named '%s'", name); if (referencedSpace == null) { return defaultValue; } String referencedMetadataDescription = computeMetadataDescription(referencedSpace); if (referencedMetadataDescription != null) { return referencedMetadataDescription; } return defaultValue; }
@Test public void testVisitUniverseIpSpace() { IpSpace ipSpace = UniverseIpSpace.INSTANCE; IpSpaceDescriber describerWithMetadata = new IpSpaceDescriber( new AclTracer( _flow, null, ImmutableMap.of(), ImmutableMap.of(TEST_NAME, ipSpace), ImmutableMap.of(TEST_NAME, TEST_METADATA))); assertThat(ipSpace.accept(_describerNoNamesNorMetadata), equalTo(ipSpace.toString())); assertThat(ipSpace.accept(describerWithMetadata), equalTo(TEST_METADATA_DESCRIPTION)); } }
@Override public Boolean visitPermittedByAcl(PermittedByAcl permittedByAcl) { return trace(_availableAcls.get(permittedByAcl.getAclName())); }
@Test public void testVisitPrefixIpSpace() { IpSpace ipSpace = Prefix.parse("1.0.0.0/24").toIpSpace(); IpSpaceDescriber describerWithMetadata = new IpSpaceDescriber( new AclTracer( _flow, null, ImmutableMap.of(), ImmutableMap.of(TEST_NAME, ipSpace), ImmutableMap.of(TEST_NAME, TEST_METADATA))); assertThat(ipSpace.accept(_describerNoNamesNorMetadata), equalTo("1.0.0.0/24")); assertThat(ipSpace.accept(describerWithMetadata), equalTo(TEST_METADATA_DESCRIPTION)); }
@Test public void testDefaultDeniedByIpAccessList() { IpAccessList acl = IpAccessList.builder().setName(ACL_NAME).build(); Map<String, IpAccessList> availableAcls = ImmutableMap.of(ACL_NAME, acl); Map<String, IpSpace> namedIpSpaces = ImmutableMap.of(); Map<String, IpSpaceMetadata> namedIpSpaceMetadata = ImmutableMap.of(); AclTrace trace = AclTracer.trace( acl, FLOW, SRC_INTERFACE, availableAcls, namedIpSpaces, namedIpSpaceMetadata); /* The ACL has no lines, so the only event should be a default deny */ assertThat(trace, hasEvents(contains(isDefaultDeniedByIpAccessListNamed(ACL_NAME)))); }
@Test public void testVisitIpWildcardIpSpace() { IpSpace ipSpace = new IpWildcard("1.0.1.4:4.3.2.1").toIpSpace(); IpSpaceDescriber describerWithMetadata = new IpSpaceDescriber( new AclTracer( _flow, null, ImmutableMap.of(), ImmutableMap.of(TEST_NAME, ipSpace), ImmutableMap.of(TEST_NAME, TEST_METADATA))); assertThat(ipSpace.accept(_describerNoNamesNorMetadata), equalTo("1.0.1.4:4.3.2.1")); assertThat(ipSpace.accept(describerWithMetadata), equalTo(TEST_METADATA_DESCRIPTION)); }
@Test public void testDeniedByIpAccessListLine() { IpAccessList acl = IpAccessList.builder() .setName(ACL_NAME) .setLines(ImmutableList.of(IpAccessListLine.REJECT_ALL)) .build(); Map<String, IpAccessList> availableAcls = ImmutableMap.of(ACL_NAME, acl); Map<String, IpSpace> namedIpSpaces = ImmutableMap.of(); Map<String, IpSpaceMetadata> namedIpSpaceMetadata = ImmutableMap.of(); AclTrace trace = AclTracer.trace( acl, FLOW, SRC_INTERFACE, availableAcls, namedIpSpaces, namedIpSpaceMetadata); assertThat( trace, hasEvents( contains( isDeniedByIpAccessListLineThat( allOf( DeniedByIpAccessListLineMatchers.hasName(ACL_NAME), DeniedByIpAccessListLineMatchers.hasIndex(0)))))); }
@Test public void testVisitIpIpSpace() { IpSpace ipSpace = Ip.parse("1.0.0.0").toIpSpace(); IpSpaceDescriber describerWithMetadata = new IpSpaceDescriber( new AclTracer( _flow, null, ImmutableMap.of(), ImmutableMap.of(TEST_NAME, ipSpace), ImmutableMap.of(TEST_NAME, TEST_METADATA))); assertThat(ipSpace.accept(_describerNoNamesNorMetadata), equalTo("1.0.0.0")); assertThat(ipSpace.accept(describerWithMetadata), equalTo(TEST_METADATA_DESCRIPTION)); }
@Test public void testPermittedByIpAccessListLine() { IpAccessList acl = IpAccessList.builder() .setName(ACL_NAME) .setLines(ImmutableList.of(IpAccessListLine.ACCEPT_ALL)) .build(); Map<String, IpAccessList> availableAcls = ImmutableMap.of(ACL_NAME, acl); Map<String, IpSpace> namedIpSpaces = ImmutableMap.of(); Map<String, IpSpaceMetadata> namedIpSpaceMetadata = ImmutableMap.of(); AclTrace trace = AclTracer.trace( acl, FLOW, SRC_INTERFACE, availableAcls, namedIpSpaces, namedIpSpaceMetadata); assertThat( trace, hasEvents( contains( isPermittedByIpAccessListLineThat( allOf( PermittedByIpAccessListLineMatchers.hasName(ACL_NAME), PermittedByIpAccessListLineMatchers.hasIndex(0)))))); }