@Override protected Map<String, IpSpace> featureValueOf(Configuration actual) { return actual.getIpSpaces(); } }
private static Map<String, IpSpaceSpecializer> computeIpSpaceSpecializers( BDDPacket pkt, BDD headerSpaceBdd, Map<String, Configuration> configs) { return toImmutableMap( configs, Entry::getKey, configEntry -> BDDIpSpaceSpecializer.specializeByDstIp( pkt, headerSpaceBdd, configEntry.getValue().getIpSpaces(), true)); }
@Override protected IpSpace featureValueOf(Configuration actual) { return actual.getIpSpaces().get(_name); } }
private Map<String, AclLineMatchExprToBooleanExpr> computeAclLineMatchExprToBooleanExprs() { return toImmutableMap( _configurations, Entry::getKey, e -> { Configuration config = e.getValue(); return new AclLineMatchExprToBooleanExpr( config.getIpAccessLists(), config.getIpSpaces(), _sourceInterfaceField, _sourceInterfaceFieldValues.getOrDefault(e.getKey(), ImmutableMap.of())); }); }
private static Map<String, IpAccessListSpecializer> computeIpAccessListSpecializers( BDDPacket pkt, BDD headerSpaceBdd, Map<String, Configuration> configs) { return toImmutableMap( configs, Entry::getKey, configEntry -> new BDDIpAccessListSpecializer( pkt, headerSpaceBdd, configEntry.getValue().getIpSpaces(), BDDSourceManager.forInterfaces(pkt, configEntry.getValue().activeInterfaces()))); }
/** * Returns true if the next node and interface responds for ARP request for given arpIp * * @param arpIp ARP for given {@link Ip} * @param forwardingAnalysis {@link ForwardingAnalysis} for the given network * @param node {@link Configuration} of the next node * @param iface Name of the interface in the next node to be tested for ARP * @return true if ARP request will get a response */ static boolean isArpSuccessful( Ip arpIp, ForwardingAnalysis forwardingAnalysis, Configuration node, String iface) { return forwardingAnalysis .getArpReplies() .get(node.getHostname()) .get(iface) .containsIp(arpIp, node.getIpSpaces()); }
/** * Provides a matcher that matches if the IpAccessList accepts a flow at the provided source * interface given the definitions in the provided configuration. */ public static Accepts accepts( @Nonnull Flow flow, @Nullable String srcInterface, @Nonnull Configuration configuration) { return new Accepts( flow, srcInterface, configuration.getIpAccessLists(), configuration.getIpSpaces()); }
/** * Provides a matcher that matches if the IpAccessList rejects a flow at the provided source * interface given the provided acl definitions. */ public static Rejects rejects( @Nonnull Flow flow, @Nullable String srcInterface, @Nonnull Configuration configuration) { return new Rejects( flow, srcInterface, configuration.getIpAccessLists(), configuration.getIpSpaces()); }
/** * Lazily compute the ACL BDDs, since we may only need some of them (depending on ignoreFilters, * forbidden transit nodes, etc). When ignoreFilters is enabled, we still need the ACLs used in * NATs. This is simpler than trying to precompute which ACLs we actually need. */ private static Map<String, Map<String, Supplier<BDD>>> computeAclBDDs( BDDPacket bddPacket, Map<String, BDDSourceManager> bddSourceManagers, Map<String, Configuration> configs) { return toImmutableMap( configs, Entry::getKey, nodeEntry -> { Configuration config = nodeEntry.getValue(); IpAccessListToBDD aclToBdd = IpAccessListToBDD.create( bddPacket, bddSourceManagers.get(config.getHostname()), config.getIpAccessLists(), config.getIpSpaces()); return toImmutableMap( config.getIpAccessLists(), Entry::getKey, aclEntry -> Suppliers.memoize(() -> aclToBdd.toBdd(aclEntry.getValue()))); }); }
currentFlowTraces, hops, _configurations.get(ingressNodeName).getIpSpaces(), flow, new TreeSet<>(),
.get(outgoingInterface.getVrfName()) .get(outgoingInterfaceName) .containsIp(arpIp, c.getIpSpaces())) { FlowDisposition disposition = computeDisposition(
.get(c.getAllInterfaces().get(nextHopInterfaceName).getVrfName()) .get(nextHopInterfaceName) .containsIp(arpIp, c.getIpSpaces())) { FlowDisposition disposition = computeDisposition(
private TransformationToTransition initTransformationToTransformation(Configuration node) { return new TransformationToTransition( _bddPacket, new IpAccessListToBDD( _bddPacket, _bddSourceManagers.get(node.getHostname()), new HeaderSpaceToBDD( _bddPacket, node.getIpSpaces(), _dstIpSpaceToBDD, _srcIpSpaceToBDD), node.getIpAccessLists())); }
BDDAcl x = BDDAcl.create(_pkt, in, conf.getIpAccessLists(), conf.getIpSpaces()); _inAcls.put(ge, x); BDDAcl x = BDDAcl.create(_pkt, out, conf.getIpAccessLists(), conf.getIpSpaces()); _outAcls.put(ge, x);
.get(edge.getNode2()) .get(edge.getInt2()) .containsIp(arpIp, _configurations.get(edge.getNode2()).getIpSpaces())) { return;
.forEach( (name, addressObject) -> { _c.getIpSpaces().put(name, addressObject.getIpSpace()); _c.getIpSpaceMetadata() .put(name, new IpSpaceMetadata(name, ADDRESS_OBJECT.getDescription())); .forEach( (name, addressGroup) -> { _c.getIpSpaces() .put( name,
new HeaderSpaceToBDD(bddPacket, baseConfig.getIpSpaces()).toBDD(headerSpace); BDD baseAclBDD = BDDAcl.create( bddPacket, baseAcl, baseConfig.getIpAccessLists(), baseConfig.getIpSpaces(), mgr) .getBdd() .and(headerSpaceBDD) BDD deltaAclBDD = BDDAcl.create( bddPacket, deltaAcl, deltaConfig.getIpAccessLists(), deltaConfig.getIpSpaces(), mgr) .getBdd() .and(headerSpaceBDD) baseAcl, baseConfig.getIpAccessLists(), baseConfig.getIpSpaces(), deltaAcl, deltaConfig.getIpAccessLists(), deltaConfig.getIpSpaces()))); deltaAcl, deltaConfig.getIpAccessLists(), deltaConfig.getIpSpaces(), baseAcl, baseConfig.getIpAccessLists(), baseConfig.getIpSpaces())));
BDD headerSpaceBDD = new HeaderSpaceToBDD(bddPacket, node.getIpSpaces()).toBDD(headerSpace); BDD bdd = BDDAcl.create(bddPacket, acl, node.getIpAccessLists(), node.getIpSpaces(), mgr) .getBdd() .and(headerSpaceBDD) acl, node.getIpAccessLists(), node.getIpSpaces()) : null));
toImmutableMap(_configurations, Entry::getKey, entry -> entry.getValue().getIpSpaces()); AclLineMatchExpr headerSpace = firstNonNull(builder._headerSpace, AclLineMatchExprs.TRUE); BDDPacket pkt = new BDDPacket();
flow.getIngressInterface(), c.getIpAccessLists(), c.getIpSpaces(), c.getIpSpaceMetadata()); FilterResult result = filter.filter(flow, flow.getIngressInterface(), c.getIpAccessLists(), c.getIpSpaces()); Integer matchLine = result.getMatchLine(); String lineDesc = "no-match";