/** * Scope the headerspace permitted by an {@link IpAccessList} to those flows that also match * {@code invariantExpr}. */ @VisibleForTesting static IpAccessList scopedAcl(AclLineMatchExpr invariantExpr, IpAccessList acl) { return IpAccessList.builder() .setName(INVARIANT_ACL_NAME) .setLines( ImmutableList.<IpAccessListLine>builder() .add(rejecting(not(invariantExpr))) .add(accepting(new PermittedByAcl(acl.getName()))) .build()) .build(); } }
private AclLineMatchExpr resolveHeaderSpace() throws InvalidReachabilityParametersException { AclLineMatchExpr expr = and( firstNonNull(_params.getHeaderSpace(), AclLineMatchExprs.TRUE), matchDst(resolveDestinationIpSpace())); return _params.getInvertSearch() ? AclLineMatchExprs.not(expr) : expr; }
@Test public void testNegate() { MatcherAssert.assertThat(_toBdd.getMemoizedBdd(MATCH_DST_IP), equalTo(Optional.empty())); BDD bdd = _toBdd.visit(not(MATCH_DST_IP)); MatcherAssert.assertThat(_toBdd.getMemoizedBdd(MATCH_DST_IP), equalTo(Optional.of(bdd.not()))); }
@Test public void visitOriginatingFromDevice() { assertThat(negate(ORIGINATING_FROM_DEVICE), equalTo(not(ORIGINATING_FROM_DEVICE))); }
@Test public void visitMatchSrcInterface() { MatchSrcInterface matchSrcInterface = AclLineMatchExprs.matchSrcInterface("foo"); assertThat(negate(matchSrcInterface), equalTo(not(matchSrcInterface))); }
@Test public void visitPermittedByAcl() { PermittedByAcl permittedByFoo = permittedByAcl("foo"); assertThat(negate(permittedByFoo), equalTo(not(permittedByFoo))); }
@Test public void testExprs() { Map<String, IpAccessList> namedAcls = ImmutableMap.of(); assertThat(referencedSources(namedAcls, TRUE), equalTo(ImmutableSet.of())); assertThat(referencedSources(namedAcls, FALSE), equalTo(ImmutableSet.of())); assertThat( referencedSources(namedAcls, ORIGINATING_FROM_DEVICE), equalTo(ImmutableSet.of(SOURCE_ORIGINATING_FROM_DEVICE))); assertThat(referencedSources(namedAcls, matchDst(Ip.AUTO)), equalTo(ImmutableSet.of())); assertThat( referencedSources(namedAcls, matchSrcInterface("a", "b", "c")), equalTo(ImmutableSet.of("a", "b", "c"))); assertThat( referencedSources(namedAcls, and(matchSrcInterface("a"), matchSrcInterface("b", "c"))), equalTo(ImmutableSet.of("a", "b", "c"))); assertThat( referencedSources(namedAcls, not(matchSrcInterface("a", "b", "c"))), equalTo(ImmutableSet.of("a", "b", "c"))); assertThat( referencedSources(namedAcls, or(matchSrcInterface("a"), matchSrcInterface("b", "c"))), equalTo(ImmutableSet.of("a", "b", "c"))); }
earlierDenyLineExprs.add(not(expr));
@Test public void visitAndMatchExpr() { assertThat( negate(and(ORIGINATING_FROM_DEVICE, TRUE, FALSE)), equalTo(or(not(ORIGINATING_FROM_DEVICE), FALSE, TRUE))); }
@Test public void visitOrMatchExpr() { assertThat( negate(or(ORIGINATING_FROM_DEVICE, TRUE, FALSE)), equalTo(and(not(ORIGINATING_FROM_DEVICE), FALSE, TRUE))); }
@Test public void visitMatchHeaderSpace() { AclLineMatchExpr matchHeaderSpace = match(HeaderSpace.builder().build()); assertThat(negate(matchHeaderSpace), equalTo(not(matchHeaderSpace))); }
? not(parameters.getHeaderSpace()) : parameters.getHeaderSpace();