/** Set-theoretic intersection of multiple IpSpaces */ public static @Nullable IpSpace intersection(Iterable<IpSpace> ipSpaces) { return intersection(ipSpaces.spliterator()); }
/** Set-theoretic intersection of multiple IpSpaces */ public static @Nullable IpSpace intersection(IpSpace... ipSpaces) { return intersection(Arrays.spliterator(ipSpaces)); }
@VisibleForTesting IpSpace computeExitsNetworkPerInterface(String hostname, String vrfName, String interfaceName) { // the connected subnet is full if (!_interfacesWithMissingDevices.get(hostname).contains(interfaceName)) { return EmptyIpSpace.INSTANCE; } IpSpace dstIpsWithUnownedNextHopIpArpFalsePerInterface = _dstIpsWithUnownedNextHopIpArpFalse.get(hostname).get(vrfName).get(interfaceName); // Returns the union of the following 2 cases: // 1. Arp for dst ip and dst ip is external // 2. Arp for next hop ip, next hop ip is not owned by any interfaces, and dst ip is external return AclIpSpace.intersection( // dest ip is external _externalIps, // arp for dst Ip OR arp for external next-hop IP AclIpSpace.union( _arpFalseDestIp.get(hostname).get(vrfName).get(interfaceName), dstIpsWithUnownedNextHopIpArpFalsePerInterface)); }
@Nullable private static IpSpace intersection(IpSpace ipSpace1, IpSpace ipSpace2) { if (isUniverse(ipSpace1)) { return ipSpace2; } if (isUniverse(ipSpace2)) { return ipSpace1; } return AclIpSpace.intersection(ipSpace1, ipSpace2); }
@VisibleForTesting IpSpace computeInsufficientInfoPerInterface( String hostname, String vrfName, String interfaceName) { // If interface is full (no missing devices), it cannot be insufficient info if (!_interfacesWithMissingDevices.get(hostname).contains(interfaceName)) { return EmptyIpSpace.INSTANCE; } IpSpace ipSpaceElsewhere = AclIpSpace.difference( _internalIps, _interfaceHostSubnetIps.get(hostname).get(vrfName).get(interfaceName)); // case 1: arp for dst ip, dst ip is internal but not in any subnet of the interface IpSpace ipSpaceInternalDstIp = AclIpSpace.intersection( _arpFalseDestIp.get(hostname).get(vrfName).get(interfaceName), ipSpaceElsewhere); // case 2: arp for nhip, nhip is not owned by interfaces, dst ip is internal IpSpace dstIpsWithUnownedNextHopIpArpFalsePerInterafce = _dstIpsWithUnownedNextHopIpArpFalse.get(hostname).get(vrfName).get(interfaceName); IpSpace ipSpaceInternalDstIpUnownedNexthopIp = AclIpSpace.intersection(dstIpsWithUnownedNextHopIpArpFalsePerInterafce, _internalIps); // case 3: arp for nhip, nhip is owned by some interfaces IpSpace ipSpaceOwnedNextHopIp = _dstIpsWithOwnedNextHopIpArpFalse.get(hostname).get(vrfName).get(interfaceName); return AclIpSpace.union( ipSpaceInternalDstIp, ipSpaceInternalDstIpUnownedNexthopIp, ipSpaceOwnedNextHopIp); }
/** * Returns true if this {@link IkePhase1Key} can be used with the given localInterface and * matchIdentity * * @param localInterface {@link Interface} name on which this {@link IkePhase1Key} is intended to * be used * @param matchIdentity {@link IpWildcard} for the remote peers with which this {@link * IkePhase1Key} is intended to be used * @return true if this {@link IkePhase1Key} can be used with the given localInterface and * matchIdentity */ public boolean match(String localInterface, IpWildcard matchIdentity) { return matchIdentity != null && new IpSpaceRepresentative() .getRepresentative(AclIpSpace.intersection(_remoteIdentity, matchIdentity.toIpSpace())) .isPresent() && (_localInterface.equals(UNSET_LOCAL_INTERFACE) || Objects.equals(_localInterface, localInterface)); }
@Test public void testIntersection() { IpIpSpace ipSpace = Ip.parse("1.2.3.4").toIpSpace(); assertThat(intersection(null, null), nullValue()); assertThat( intersection(null, UniverseIpSpace.INSTANCE, null), equalTo(UniverseIpSpace.INSTANCE)); assertThat(intersection(ipSpace, null, UniverseIpSpace.INSTANCE), equalTo(ipSpace)); assertThat(intersection(EmptyIpSpace.INSTANCE, ipSpace), equalTo(EmptyIpSpace.INSTANCE)); }
AclIpSpace.intersection( _arpFalseDestIp.get(node).get(vrf).get(iface), _interfaceHostSubnetIps.get(node).get(vrf).get(iface),
@Test public void testIntersect_nonTrivialDstIpIntersection() { HeaderSpace h1 = HeaderSpace.builder().setDstIps(IP1).build(); HeaderSpace h2 = HeaderSpace.builder().setDstIps(IP2).build(); HeaderSpace h3 = HeaderSpace.builder().setDstIps(AclIpSpace.intersection(IP1, IP2)).build(); assertThat(intersect(h1, h2), equalTo(Optional.of(h3))); }
public static Optional<HeaderSpace> intersect(HeaderSpace h1, HeaderSpace h2) { checkArgument(isUnconstrained(h1.getSrcOrDstIps())); checkArgument(isUnconstrained(h2.getSrcOrDstIps())); checkArgument(isUnconstrained(h1.getSrcOrDstPorts())); checkArgument(isUnconstrained(h2.getSrcOrDstPorts())); checkArgument(isUnconstrained(h1.getSrcOrDstProtocols())); checkArgument(isUnconstrained(h2.getSrcOrDstProtocols())); try { return Optional.of( HeaderSpace.builder() .setDscps(intersectSimpleSets(h1.getDscps(), h2.getDscps())) .setDstIps(intersection(h1.getDstIps(), h2.getDstIps())) .setDstPorts(intersectSubRangeSets(h1.getDstPorts(), h2.getDstPorts())) .setDstProtocols(intersectSimpleSets(h1.getDstProtocols(), h2.getDstProtocols())) .setIpProtocols(intersectSimpleSets(h1.getIpProtocols(), h2.getIpProtocols())) .setIcmpCodes(intersectSubRangeSets(h1.getIcmpCodes(), h2.getIcmpCodes())) .setIcmpTypes(intersectSubRangeSets(h1.getIcmpTypes(), h2.getIcmpTypes())) .setNotDstIps(AclIpSpace.union(h1.getNotDstIps(), h2.getNotDstIps())) .setNotDstPorts(Sets.union(h1.getNotDstPorts(), h2.getNotDstPorts())) .setNotSrcIps(AclIpSpace.union(h1.getNotSrcIps(), h2.getNotSrcIps())) .setNotSrcPorts(Sets.union(h1.getNotSrcPorts(), h2.getNotSrcPorts())) .setSrcIps(AclIpSpace.intersection(h1.getSrcIps(), h2.getSrcIps())) .setSrcOrDstPorts(intersectSubRangeSets(h1.getSrcOrDstPorts(), h2.getSrcOrDstPorts())) .setSrcPorts(intersectSubRangeSets(h1.getSrcPorts(), h2.getSrcPorts())) .setTcpFlags(intersectTcpFlagMatchConditions(h1.getTcpFlags(), h2.getTcpFlags())) .build()); } catch (NoIntersection e) { return Optional.empty(); } }