private void initializeAclEvaluator() { _aclEvaluator = new Evaluator(_currentFlow, _srcInterface, _namedAcls, _namedIpSpaces); }
Evaluator aclEval = new Evaluator(flow, null, ImmutableMap.of(), ImmutableMap.of()); List<FirewallSessionTraceInfo> matchingSessions = sessions.stream() .filter(session -> aclEval.visit(session.getSessionFlows())) .collect(Collectors.toList()); checkState(matchingSessions.size() < 2, "Flow cannot match more than 1 session");
@Override protected boolean matchesSafely(AclLineMatchExpr item, Description mismatchDescription) { boolean matches = Evaluator.matches(item, _flow, _srcInterface, _availableAcls, _namedIpSpaces); if (!matches) { mismatchDescription.appendText(String.format("did not match and was %s", item)); } return matches; } }
private void eval(Transformation transformation) { Transformation node = transformation; while (node != null) { if (_aclEvaluator.visit(node.getGuard())) { StepEvaluator stepEvaluator = new StepEvaluator(); boolean transformed = node.getTransformationSteps().stream() .map(stepEvaluator::visit) .reduce(Boolean::logicalOr) .orElse(false); // noop transformation steps can generate tracesteps without transforming the flow _traceSteps.addAll(stepEvaluator.getTraceSteps()); if (transformed) { _currentFlow = _flowBuilder.build(); initializeAclEvaluator(); } node = node.getAndThen(); } else { node = node.getOrElse(); } } } }
public static boolean matches( AclLineMatchExpr item, Flow flow, String srcInterface, Map<String, IpAccessList> availableAcls, Map<String, IpSpace> namedIpSpaces) { return item.accept(new Evaluator(flow, srcInterface, availableAcls, namedIpSpaces)); }
public FilterResult filter( Flow flow, String srcInterface, Map<String, IpAccessList> availableAcls, Map<String, IpSpace> namedIpSpaces, LineAction defaultAction) { Evaluator evaluator = new Evaluator(flow, srcInterface, availableAcls, namedIpSpaces); for (int i = 0; i < _lines.size(); i++) { IpAccessListLine line = _lines.get(i); if (line.getMatchCondition().accept(evaluator)) { return new FilterResult(i, line.getAction()); } } return new FilterResult(null, defaultAction); }