/** * Create a {@link BDDSourceManager} for a specified {@link IpAccessList}. To minimize the number * of {@link BDD} bits used, it will only track interfaces referenced by the ACL. */ public static BDDSourceManager forIpAccessList( BDDPacket pkt, Set<String> activeInterfaces, Map<String, IpAccessList> namedAcls, IpAccessList acl) { Set<String> referencedSources = referencedSources(namedAcls, acl); return forSources(pkt, activeInterfaces, referencedSources); }
Set<String> sources = new HashSet<>(); for (IpAccessList acl : config.getIpAccessLists().values()) { referencedSources(config.getIpAccessLists(), acl).stream() .filter(active::contains) .forEach(sources::add);
@Test public void testExprs() { Map<String, IpAccessList> namedAcls = ImmutableMap.of(); assertThat(referencedSources(namedAcls, TRUE), equalTo(ImmutableSet.of())); assertThat(referencedSources(namedAcls, FALSE), equalTo(ImmutableSet.of())); assertThat( referencedSources(namedAcls, ORIGINATING_FROM_DEVICE), equalTo(ImmutableSet.of(SOURCE_ORIGINATING_FROM_DEVICE))); assertThat(referencedSources(namedAcls, matchDst(Ip.AUTO)), equalTo(ImmutableSet.of())); assertThat( referencedSources(namedAcls, matchSrcInterface("a", "b", "c")), equalTo(ImmutableSet.of("a", "b", "c"))); assertThat( referencedSources(namedAcls, and(matchSrcInterface("a"), matchSrcInterface("b", "c"))), equalTo(ImmutableSet.of("a", "b", "c"))); assertThat( referencedSources(namedAcls, not(matchSrcInterface("a", "b", "c"))), equalTo(ImmutableSet.of("a", "b", "c"))); assertThat( referencedSources(namedAcls, or(matchSrcInterface("a"), matchSrcInterface("b", "c"))), equalTo(ImmutableSet.of("a", "b", "c"))); }
@Test public void testAcl() { IpAccessList.Builder aclBuilder = IpAccessList.builder().setName("foo"); IpAccessList acl = aclBuilder.setLines(ImmutableList.of(IpAccessListLine.ACCEPT_ALL)).build(); Map<String, IpAccessList> namedAcls = ImmutableMap.of(); assertThat(referencedSources(namedAcls, acl), equalTo(ImmutableSet.of())); acl = aclBuilder .setLines( ImmutableList.of( accepting().setMatchCondition(matchSrcInterface("a")).build(), rejecting().setMatchCondition(matchSrcInterface("b")).build(), accepting().setMatchCondition(matchSrcInterface("c")).build())) .build(); assertThat(referencedSources(namedAcls, acl), equalTo(ImmutableSet.of("a", "b", "c"))); }
@Test public void testPermittedByAcl() { IpAccessList.Builder aclBuilder = IpAccessList.builder().setName("foo"); IpAccessList acl = aclBuilder .setLines( ImmutableList.of( IpAccessListLine.accepting().setMatchCondition(matchSrcInterface("a")).build())) .build(); Map<String, IpAccessList> namedAcls = ImmutableMap.of(acl.getName(), acl); assertThat( referencedSources(namedAcls, new PermittedByAcl(acl.getName())), equalTo(ImmutableSet.of("a"))); } }
Sets.difference(resolveSources(parameters, node.getHostname()), inactiveInterfaces); Set<String> referencedSources = referencedSources(node.getIpAccessLists(), acl);
referencedSources(baseConfig.getIpAccessLists(), baseAcl), referencedSources(deltaConfig.getIpAccessLists(), deltaAcl));