public Builder then(AclIpSpaceLine line) { if (_full) { return this; } _full = line.getIpSpace() instanceof UniverseIpSpace; _lines.add(line); return this; }
private LineAction action(Ip ip, Map<String, IpSpace> namedIpSpaces) { return _lines.stream() .filter(line -> line.getIpSpace().containsIp(ip, namedIpSpaces)) .map(AclIpSpaceLine::getAction) .findFirst() .orElse(LineAction.DENY); }
@Override public Boolean visitAclIpSpace(AclIpSpace aclIpSpace) { return aclIpSpace.getLines().stream() .filter(line -> line.getAction() == LineAction.PERMIT) .allMatch(line -> line.getIpSpace().accept(this)); }
private String computeLineDescription(AclIpSpaceLine line, IpSpaceDescriber describer) { String srcText = line.getSrcText(); if (srcText != null) { return srcText; } return line.getIpSpace().accept(describer); }
@Override public String visitAclIpSpace(AclIpSpace aclIpSpace) { String metadataDescription = computeMetadataDescription(aclIpSpace); if (metadataDescription != null) { return metadataDescription; } ImmutableList.Builder<String> lineDescs = ImmutableList.builder(); CommonUtil.<AclIpSpaceLine>forEachWithIndex( aclIpSpace.getLines(), (i, line) -> lineDescs.add(String.format("%d: %s", i, line.getIpSpace().accept(this)))); return lineDescs.build().toString(); }
@Override public Boolean visitAclIpSpace(AclIpSpace aclIpSpace) { for (AclIpSpaceLine line : aclIpSpace.getLines()) { if (line.getAction() == LineAction.PERMIT && ipSpaceMayIntersectWildcard(line.getIpSpace())) { return true; } if (line.getAction() == LineAction.DENY && ipSpaceContainsWildcard(line.getIpSpace())) { return false; } } return false; }
@Override public IpSpace visitAclIpSpace(AclIpSpace aclIpSpace) { /* Just specialize the IpSpace of each acl line. */ List<AclIpSpaceLine> specializedLines = aclIpSpace.getLines().stream() .map(line -> line.toBuilder().setIpSpace(visit(line.getIpSpace())).build()) .filter(line -> line.getIpSpace() != EmptyIpSpace.INSTANCE) .collect(ImmutableList.toImmutableList()); if (specializedLines.isEmpty()) { return EmptyIpSpace.INSTANCE; } if (specializedLines.stream() .allMatch(aclIpSpaceLine -> aclIpSpaceLine.getAction() == LineAction.DENY)) { return EmptyIpSpace.INSTANCE; } return AclIpSpace.of(specializedLines); }
@Override public Boolean visitAclIpSpace(AclIpSpace aclIpSpace) { for (AclIpSpaceLine line : aclIpSpace.getLines()) { if (line.getAction() == LineAction.DENY && ipSpaceMayIntersectWildcard(line.getIpSpace())) { return true; } if (line.getAction() == LineAction.PERMIT && ipSpaceContainsWildcard(line.getIpSpace())) { return false; } } /* * If we reach this point, no PERMIT line is guaranteed to contain ipWildcard. This means * it's possible (though not certain) that this does not contain ipWildcard. */ return true; }
IpSpace simplifiedLineIpSpace = line.getIpSpace().accept(this); if (simplifiedLineIpSpace == EmptyIpSpace.INSTANCE) { continue; return simplifiedLines.get(0).getIpSpace(); .getIpSpace() .equals(UniverseIpSpace.INSTANCE) && simplifiedLines.stream().allMatch(line -> line.getAction() == LineAction.PERMIT)) {
@Override public IpSpace visitAclIpSpace(AclIpSpace aclIpSpace) { AclIpSpace.Builder renamedSpace = AclIpSpace.builder(); aclIpSpace .getLines() .forEach( line -> { IpSpace space = line.getIpSpace().accept(this); renamedSpace.thenAction(line.getAction(), space); }); return renamedSpace.build(); }
@Override public BooleanExpr visitAclIpSpace(AclIpSpace aclIpSpace) { return matchAnyField( field -> { // right fold BooleanExpr expr = FalseExpr.INSTANCE; for (int i = aclIpSpace.getLines().size() - 1; i >= 0; i--) { AclIpSpaceLine line = aclIpSpace.getLines().get(i); expr = new IfThenElse( new IpSpaceMatchExpr(line.getIpSpace(), _namedIpSpaces, field).getExpr(), line.getAction() == LineAction.PERMIT ? TrueExpr.INSTANCE : FalseExpr.INSTANCE, expr); } return expr; }); }
@Override public BoolExpr visitAclIpSpace(AclIpSpace aclIpSpace) { BoolExpr expr = _context.mkFalse(); for (AclIpSpaceLine aclIpSpaceLine : Lists.reverse(aclIpSpace.getLines())) { BoolExpr matchExpr = aclIpSpaceLine.getIpSpace().accept(this); BoolExpr actionExpr = aclIpSpaceLine.getAction() == LineAction.PERMIT ? _context.mkTrue() : _context.mkFalse(); expr = (BoolExpr) _context.mkITE(matchExpr, actionExpr, expr); } return expr; }
@Override public BDD visitAclIpSpace(AclIpSpace aclIpSpace) { BDD bdd = _factory.zero(); for (AclIpSpaceLine aclIpSpaceLine : Lists.reverse(aclIpSpace.getLines())) { bdd = visit(aclIpSpaceLine.getIpSpace()) .ite( aclIpSpaceLine.getAction() == LineAction.PERMIT ? _factory.one() : _factory.zero(), bdd); } return bdd; }
@Override public Boolean visitAclIpSpace(AclIpSpace aclIpSpace) { String name = _aclTracer.getIpSpaceNames().get(aclIpSpace); _aclTracer.newTrace(); List<AclIpSpaceLine> lines = aclIpSpace.getLines(); for (int i = 0; i < lines.size(); i++) { AclIpSpaceLine line = lines.get(i); if (line.getIpSpace().accept(this)) { if (name != null) { _aclTracer.recordAction( name, _aclTracer.getIpSpaceMetadata().get(aclIpSpace), i, line, _ip, _ipDescription, _ipSpaceDescriber); } _aclTracer.endTrace(); return line.getAction() == LineAction.PERMIT; } _aclTracer.nextLine(); } if (name != null) { _aclTracer.recordDefaultDeny( name, _aclTracer.getIpSpaceMetadata().get(aclIpSpace), _ip, _ipDescription); } _aclTracer.endTrace(); return false; }
/** * @param aclIpSpace The {@link AclIpSpace} to dereference * @return An {@link AclIpSpace} identical to the original but with all uses of {@link * IpSpaceReference} replaced with the dereferenced {@link IpSpace} they represent * @throws CircularReferenceException if original {@link AclIpSpace} points to a cyclical * reference. * @throws UndefinedReferenceException if original {@link AclIpSpace} points to an undefined * reference. */ @Override public IpSpace visitAclIpSpace(AclIpSpace aclIpSpace) throws CircularReferenceException, UndefinedReferenceException { AclIpSpace.Builder sanitizedSpace = AclIpSpace.builder(); for (AclIpSpaceLine line : aclIpSpace.getLines()) { IpSpace ipSpace = line.getIpSpace().accept(this); sanitizedSpace.thenAction(line.getAction(), ipSpace); } // No cycles/undefined references in this AclIpSpace. Return reference-free version. return sanitizedSpace.build(); }