cisco_acl_intp 0.0.3 → 0.0.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +3 -0
- data/.rubocop.yml +2 -2
- data/.travis.yml +4 -2
- data/Gemfile +7 -6
- data/README.md +23 -18
- data/Rakefile +11 -13
- data/cisco_acl_intp.gemspec +7 -7
- data/lib/cisco_acl_intp/acc.rb +111 -0
- data/lib/cisco_acl_intp/{ace.rb → ace_base.rb} +9 -8
- data/lib/cisco_acl_intp/{extended_ace.rb → ace_extended.rb} +8 -10
- data/lib/cisco_acl_intp/{standard_ace.rb → ace_standard.rb} +5 -5
- data/lib/cisco_acl_intp/acespec_base.rb +15 -0
- data/lib/cisco_acl_intp/{ace_ip.rb → acespec_ip.rb} +14 -22
- data/lib/cisco_acl_intp/{ace_other_qualifiers.rb → acespec_other_qualifiers.rb} +7 -7
- data/lib/cisco_acl_intp/{ace_port.rb → acespec_port.rb} +10 -13
- data/lib/cisco_acl_intp/{ace_port_opr.rb → acespec_port_opr.rb} +75 -73
- data/lib/cisco_acl_intp/{ace_port_opr_base.rb → acespec_port_opr_base.rb} +49 -34
- data/lib/cisco_acl_intp/{ace_proto.rb → acespec_proto.rb} +4 -4
- data/lib/cisco_acl_intp/{ace_proto_base.rb → acespec_proto_base.rb} +8 -8
- data/lib/cisco_acl_intp/{ace_srcdst.rb → acespec_srcdst.rb} +9 -8
- data/lib/cisco_acl_intp/{ace_tcp_flags.rb → acespec_tcp_flags.rb} +4 -4
- data/lib/cisco_acl_intp/acl.rb +1 -1
- data/lib/cisco_acl_intp/acl_base.rb +108 -80
- data/lib/cisco_acl_intp/{mono_function_acl.rb → acl_category_base.rb} +5 -5
- data/lib/cisco_acl_intp/acl_utils.rb +1 -1
- data/lib/cisco_acl_intp/parser.rb +388 -406
- data/lib/cisco_acl_intp/parser.ry +8 -3
- data/lib/cisco_acl_intp/parser_api.rb +4 -4
- data/lib/cisco_acl_intp/scanner.rb +8 -10
- data/lib/cisco_acl_intp/scanner_special_token_handler.rb +3 -3
- data/lib/cisco_acl_intp/version.rb +1 -1
- data/spec/cisco_acl_intp/{extended_ace_spec.rb → ace_extended_spec.rb} +157 -128
- data/spec/cisco_acl_intp/ace_spec.rb +21 -19
- data/spec/cisco_acl_intp/{standard_ace_spec.rb → ace_standard_spec.rb} +7 -11
- data/spec/cisco_acl_intp/{ace_ip_spec.rb → acespec_ip_spec.rb} +34 -34
- data/spec/cisco_acl_intp/{ace_other_qualifier_spec.rb → acespec_other_qualifier_spec.rb} +18 -18
- data/spec/cisco_acl_intp/acespec_port_operator_spec.rb +331 -0
- data/spec/cisco_acl_intp/{ace_port_spec.rb → acespec_port_spec.rb} +33 -33
- data/spec/cisco_acl_intp/{ace_proto_spec.rb → acespec_proto_spec.rb} +61 -61
- data/spec/cisco_acl_intp/{ace_srcdst_spec.rb → acespec_srcdst_spec.rb} +113 -54
- data/spec/cisco_acl_intp/{ace_tcp_flags_spec.rb → acespec_tcp_flags_spec.rb} +10 -10
- data/spec/cisco_acl_intp/acl_base_spec.rb +14 -12
- data/spec/cisco_acl_intp/{extended_acl_spec.rb → acl_extended_spec.rb} +28 -28
- data/spec/cisco_acl_intp/{standard_acl_spec.rb → acl_standard_spec.rb} +24 -23
- data/spec/cisco_acl_intp/cisco_acl_intp_spec.rb +1 -1
- data/spec/cisco_acl_intp/parser_spec.rb +12 -12
- data/spec/cisco_acl_intp/scanner_spec.rb +31 -36
- data/spec/parser_fullfill_patterns.rb +6 -7
- data/spec/spec_helper.rb +6 -6
- data/tools/check_acl.rb +1 -1
- metadata +60 -59
- data/lib/cisco_acl_intp/single_acl_base.rb +0 -137
- data/spec/cisco_acl_intp/ace_port_operator_spec.rb +0 -340
@@ -14,41 +14,39 @@ ip access-list extended FA8-OUT
|
|
14
14
|
deny udp any any eq bootpc
|
15
15
|
permit ip any any
|
16
16
|
EOL
|
17
|
-
@s.scan_line(acl).
|
18
|
-
[
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
17
|
+
expect(@s.scan_line(acl)).to eq(
|
18
|
+
[
|
19
|
+
[:NAMED_ACL, 'ip access-list'],
|
20
|
+
%w(extended extended),
|
21
|
+
[:STRING, 'FA8-OUT'],
|
22
|
+
[:EOS, nil],
|
23
|
+
%w(deny deny),
|
24
|
+
%w(udp udp),
|
25
|
+
%w(any any),
|
26
|
+
%w(any any),
|
27
|
+
%w(eq eq),
|
28
|
+
%w(bootpc bootpc),
|
29
|
+
[:EOS, nil],
|
30
|
+
%w(permit permit),
|
31
|
+
%w(ip ip),
|
32
|
+
%w(any any),
|
33
|
+
%w(any any),
|
34
|
+
[:EOS, nil],
|
35
|
+
[false, 'EOF']
|
36
|
+
])
|
36
37
|
end
|
37
38
|
|
38
39
|
tokens = YAML.load_file(_spec_conf_dir('single_tokens.yml'))
|
39
40
|
tokens.each do |each|
|
40
41
|
# run test
|
41
42
|
it "should be parsed single token: #{each}" do
|
42
|
-
@s.scan_line(each).
|
43
|
-
eq [
|
43
|
+
expect(@s.scan_line(each)).to eq [
|
44
44
|
[each, each],
|
45
45
|
[:EOS, nil],
|
46
|
-
[:EOS, nil],
|
47
46
|
[false, 'EOF']
|
48
47
|
]
|
49
48
|
end
|
50
49
|
end
|
51
|
-
|
52
50
|
end # scan_line
|
53
51
|
|
54
52
|
describe '#scan_file' do
|
@@ -73,19 +71,18 @@ EOL
|
|
73
71
|
lines.each do |each_line|
|
74
72
|
file.puts each_line[:line]
|
75
73
|
|
74
|
+
next unless each_line[:tokens]
|
76
75
|
# make tokens data
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
tokens.push [each_token, each_token]
|
85
|
-
end
|
76
|
+
each_line[:tokens].each do |each_token|
|
77
|
+
case each_token
|
78
|
+
when Array
|
79
|
+
(symbstr, val) = each_token
|
80
|
+
tokens.push [symbstr.intern, val] # symbolize
|
81
|
+
when String
|
82
|
+
tokens.push [each_token, each_token]
|
86
83
|
end
|
87
|
-
tokens.push [:EOS, nil] # End of String
|
88
84
|
end
|
85
|
+
tokens.push [:EOS, nil] # End of String
|
89
86
|
end
|
90
87
|
tokens.push [false, 'EOF'] # last token (End of File)
|
91
88
|
end
|
@@ -106,13 +103,11 @@ EOL
|
|
106
103
|
#{each_test[:test_description]}" do
|
107
104
|
tokens = YAML.load_file(token_file)
|
108
105
|
File.open(acl_file) do |file|
|
109
|
-
@s.scan_file(file).
|
106
|
+
expect(@s.scan_file(file)).to eq tokens
|
110
107
|
end
|
111
108
|
end
|
112
109
|
end # tests.each
|
113
|
-
|
114
110
|
end # scan_file
|
115
|
-
|
116
111
|
end # describe Scanner
|
117
112
|
|
118
113
|
### Local variables:
|
@@ -7,7 +7,7 @@ TOKEN_SEQ_FILE_LIST = [
|
|
7
7
|
'stdacl_token_seq.yml',
|
8
8
|
'extacl_token_seq.yml',
|
9
9
|
# 'extacl_objgrp_token_seq.yml'
|
10
|
-
]
|
10
|
+
].freeze
|
11
11
|
|
12
12
|
# return spec conf dir
|
13
13
|
def _spec_conf_dir(file)
|
@@ -34,13 +34,12 @@ def gen_testcase(tokens, fields)
|
|
34
34
|
end
|
35
35
|
|
36
36
|
def create_data(field_patterns, leftover_results)
|
37
|
-
field_patterns.
|
37
|
+
field_patterns.each_with_object([]) do |each, curr_results|
|
38
38
|
leftover_results.each do |each_res|
|
39
39
|
## do not add pattern that has multiple 'false'
|
40
40
|
## add single fault pattern.
|
41
|
-
|
42
|
-
|
43
|
-
end
|
41
|
+
next unless each[:valid] || each_res[:valid]
|
42
|
+
curr_results.push(single_data(each, each_res))
|
44
43
|
end
|
45
44
|
curr_results
|
46
45
|
end
|
@@ -126,7 +125,7 @@ describe 'Parser' do
|
|
126
125
|
it 'should be parsed acl [<%= now %>]: <%= t[:data] %>' do
|
127
126
|
datastr = '<%= t[:data] %>'
|
128
127
|
@parser.parse_string(datastr)
|
129
|
-
@parser.contains_error
|
128
|
+
expect(@parser.contains_error?).to be_falsey
|
130
129
|
end
|
131
130
|
<%-
|
132
131
|
else
|
@@ -134,7 +133,7 @@ describe 'Parser' do
|
|
134
133
|
it 'should not be parsed acl [<%= now %>]: <%= t[:data] %>' do
|
135
134
|
datastr = StringIO.new('<%= t[:data] %>', 'r')
|
136
135
|
@parser.parse_file(datastr)
|
137
|
-
@parser.contains_error
|
136
|
+
expect(@parser.contains_error?).to be_truthy
|
138
137
|
end
|
139
138
|
<%-
|
140
139
|
end
|
data/spec/spec_helper.rb
CHANGED
@@ -15,10 +15,10 @@ end
|
|
15
15
|
require 'cisco_acl_intp'
|
16
16
|
|
17
17
|
include CiscoAclIntp
|
18
|
-
|
18
|
+
AccessControlContainer.disable_color
|
19
19
|
|
20
|
-
RSpec::Matchers.define :be_aclstr do |
|
21
|
-
match do |
|
20
|
+
RSpec::Matchers.define :be_aclstr do |expected_str|
|
21
|
+
match do |actual_str|
|
22
22
|
a = actual_str.strip
|
23
23
|
b = expected_str.strip
|
24
24
|
a.split(/\s+/) == b.split(/[\s\r\n]+/)
|
@@ -30,12 +30,12 @@ end
|
|
30
30
|
# hash to hash-code-string
|
31
31
|
def _pph(hash)
|
32
32
|
kv = []
|
33
|
-
hash.each do |
|
33
|
+
hash.each do |k, v|
|
34
34
|
case v
|
35
35
|
when String
|
36
|
-
kv.push %
|
36
|
+
kv.push %(:#{k}=>"#{v}")
|
37
37
|
else
|
38
|
-
kv.push %
|
38
|
+
kv.push %(:#{k}=>#{v})
|
39
39
|
end
|
40
40
|
end
|
41
41
|
kv.join(',')
|
data/tools/check_acl.rb
CHANGED
@@ -6,7 +6,7 @@ require 'optparse'
|
|
6
6
|
require 'cisco_acl_intp'
|
7
7
|
|
8
8
|
opts = {}
|
9
|
-
OptionParser.new do |
|
9
|
+
OptionParser.new do |each|
|
10
10
|
each.banner = "ruby #{$PROGRAM_NAME} [options] [args]"
|
11
11
|
each.on('-c MODE', '--color', 'enable coloring (MODE=[term, html]') do |x|
|
12
12
|
opts[:color] = x.intern
|
metadata
CHANGED
@@ -1,57 +1,57 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cisco_acl_intp
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- stereocat
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2016-04-17 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: netaddr
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
16
16
|
requirements:
|
17
|
-
- - ~>
|
17
|
+
- - "~>"
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 1.5.
|
19
|
+
version: 1.5.1
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
|
-
- - ~>
|
24
|
+
- - "~>"
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 1.5.
|
26
|
+
version: 1.5.1
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: term-ansicolor
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
30
30
|
requirements:
|
31
|
-
- - ~>
|
31
|
+
- - "~>"
|
32
32
|
- !ruby/object:Gem::Version
|
33
|
-
version: 1.3.
|
33
|
+
version: 1.3.2
|
34
34
|
type: :runtime
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
|
-
- - ~>
|
38
|
+
- - "~>"
|
39
39
|
- !ruby/object:Gem::Version
|
40
|
-
version: 1.3.
|
40
|
+
version: 1.3.2
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
42
|
name: bundler
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
44
44
|
requirements:
|
45
|
-
- - ~>
|
45
|
+
- - "~>"
|
46
46
|
- !ruby/object:Gem::Version
|
47
|
-
version: 1.
|
47
|
+
version: 1.1l.2
|
48
48
|
type: :development
|
49
49
|
prerelease: false
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
51
51
|
requirements:
|
52
|
-
- - ~>
|
52
|
+
- - "~>"
|
53
53
|
- !ruby/object:Gem::Version
|
54
|
-
version: 1.
|
54
|
+
version: 1.1l.2
|
55
55
|
description: Cisco ACL Interpreter
|
56
56
|
email:
|
57
57
|
- stereocat@gmail.com
|
@@ -59,12 +59,12 @@ executables: []
|
|
59
59
|
extensions: []
|
60
60
|
extra_rdoc_files: []
|
61
61
|
files:
|
62
|
-
- .coveralls.yml
|
63
|
-
- .gitignore
|
64
|
-
- .rspec
|
65
|
-
- .rubocop.yml
|
66
|
-
- .travis.yml
|
67
|
-
- .yardopts
|
62
|
+
- ".coveralls.yml"
|
63
|
+
- ".gitignore"
|
64
|
+
- ".rspec"
|
65
|
+
- ".rubocop.yml"
|
66
|
+
- ".travis.yml"
|
67
|
+
- ".yardopts"
|
68
68
|
- Gemfile
|
69
69
|
- LICENSE.txt
|
70
70
|
- README.md
|
@@ -75,45 +75,46 @@ files:
|
|
75
75
|
- acl_examples/numd-acl.txt
|
76
76
|
- cisco_acl_intp.gemspec
|
77
77
|
- lib/cisco_acl_intp.rb
|
78
|
-
- lib/cisco_acl_intp/
|
79
|
-
- lib/cisco_acl_intp/
|
80
|
-
- lib/cisco_acl_intp/
|
81
|
-
- lib/cisco_acl_intp/
|
82
|
-
- lib/cisco_acl_intp/
|
83
|
-
- lib/cisco_acl_intp/
|
84
|
-
- lib/cisco_acl_intp/
|
85
|
-
- lib/cisco_acl_intp/
|
86
|
-
- lib/cisco_acl_intp/
|
87
|
-
- lib/cisco_acl_intp/
|
78
|
+
- lib/cisco_acl_intp/acc.rb
|
79
|
+
- lib/cisco_acl_intp/ace_base.rb
|
80
|
+
- lib/cisco_acl_intp/ace_extended.rb
|
81
|
+
- lib/cisco_acl_intp/ace_standard.rb
|
82
|
+
- lib/cisco_acl_intp/acespec_base.rb
|
83
|
+
- lib/cisco_acl_intp/acespec_ip.rb
|
84
|
+
- lib/cisco_acl_intp/acespec_other_qualifiers.rb
|
85
|
+
- lib/cisco_acl_intp/acespec_port.rb
|
86
|
+
- lib/cisco_acl_intp/acespec_port_opr.rb
|
87
|
+
- lib/cisco_acl_intp/acespec_port_opr_base.rb
|
88
|
+
- lib/cisco_acl_intp/acespec_proto.rb
|
89
|
+
- lib/cisco_acl_intp/acespec_proto_base.rb
|
90
|
+
- lib/cisco_acl_intp/acespec_srcdst.rb
|
91
|
+
- lib/cisco_acl_intp/acespec_tcp_flags.rb
|
88
92
|
- lib/cisco_acl_intp/acl.rb
|
89
93
|
- lib/cisco_acl_intp/acl_base.rb
|
94
|
+
- lib/cisco_acl_intp/acl_category_base.rb
|
90
95
|
- lib/cisco_acl_intp/acl_utils.rb
|
91
|
-
- lib/cisco_acl_intp/extended_ace.rb
|
92
|
-
- lib/cisco_acl_intp/mono_function_acl.rb
|
93
96
|
- lib/cisco_acl_intp/parser.rb
|
94
97
|
- lib/cisco_acl_intp/parser.ry
|
95
98
|
- lib/cisco_acl_intp/parser_api.rb
|
96
99
|
- lib/cisco_acl_intp/scanner.rb
|
97
100
|
- lib/cisco_acl_intp/scanner_special_token_handler.rb
|
98
|
-
- lib/cisco_acl_intp/single_acl_base.rb
|
99
|
-
- lib/cisco_acl_intp/standard_ace.rb
|
100
101
|
- lib/cisco_acl_intp/version.rb
|
101
|
-
- spec/cisco_acl_intp/
|
102
|
-
- spec/cisco_acl_intp/ace_other_qualifier_spec.rb
|
103
|
-
- spec/cisco_acl_intp/ace_port_operator_spec.rb
|
104
|
-
- spec/cisco_acl_intp/ace_port_spec.rb
|
105
|
-
- spec/cisco_acl_intp/ace_proto_spec.rb
|
102
|
+
- spec/cisco_acl_intp/ace_extended_spec.rb
|
106
103
|
- spec/cisco_acl_intp/ace_spec.rb
|
107
|
-
- spec/cisco_acl_intp/
|
108
|
-
- spec/cisco_acl_intp/
|
104
|
+
- spec/cisco_acl_intp/ace_standard_spec.rb
|
105
|
+
- spec/cisco_acl_intp/acespec_ip_spec.rb
|
106
|
+
- spec/cisco_acl_intp/acespec_other_qualifier_spec.rb
|
107
|
+
- spec/cisco_acl_intp/acespec_port_operator_spec.rb
|
108
|
+
- spec/cisco_acl_intp/acespec_port_spec.rb
|
109
|
+
- spec/cisco_acl_intp/acespec_proto_spec.rb
|
110
|
+
- spec/cisco_acl_intp/acespec_srcdst_spec.rb
|
111
|
+
- spec/cisco_acl_intp/acespec_tcp_flags_spec.rb
|
109
112
|
- spec/cisco_acl_intp/acl_base_spec.rb
|
113
|
+
- spec/cisco_acl_intp/acl_extended_spec.rb
|
114
|
+
- spec/cisco_acl_intp/acl_standard_spec.rb
|
110
115
|
- spec/cisco_acl_intp/cisco_acl_intp_spec.rb
|
111
|
-
- spec/cisco_acl_intp/extended_ace_spec.rb
|
112
|
-
- spec/cisco_acl_intp/extended_acl_spec.rb
|
113
116
|
- spec/cisco_acl_intp/parser_spec.rb
|
114
117
|
- spec/cisco_acl_intp/scanner_spec.rb
|
115
|
-
- spec/cisco_acl_intp/standard_ace_spec.rb
|
116
|
-
- spec/cisco_acl_intp/standard_acl_spec.rb
|
117
118
|
- spec/conf/extacl_objgrp_token_seq.yml
|
118
119
|
- spec/conf/extacl_token_seq.yml
|
119
120
|
- spec/conf/extended_acl.yml
|
@@ -135,37 +136,37 @@ require_paths:
|
|
135
136
|
- lib
|
136
137
|
required_ruby_version: !ruby/object:Gem::Requirement
|
137
138
|
requirements:
|
138
|
-
- -
|
139
|
+
- - ">="
|
139
140
|
- !ruby/object:Gem::Version
|
140
141
|
version: '0'
|
141
142
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
142
143
|
requirements:
|
143
|
-
- -
|
144
|
+
- - ">="
|
144
145
|
- !ruby/object:Gem::Version
|
145
146
|
version: '0'
|
146
147
|
requirements: []
|
147
148
|
rubyforge_project:
|
148
|
-
rubygems_version: 2.
|
149
|
+
rubygems_version: 2.5.1
|
149
150
|
signing_key:
|
150
151
|
specification_version: 4
|
151
152
|
summary: Cisco IOS Access Control List Interpreter
|
152
153
|
test_files:
|
153
|
-
- spec/cisco_acl_intp/
|
154
|
-
- spec/cisco_acl_intp/ace_other_qualifier_spec.rb
|
155
|
-
- spec/cisco_acl_intp/ace_port_operator_spec.rb
|
156
|
-
- spec/cisco_acl_intp/ace_port_spec.rb
|
157
|
-
- spec/cisco_acl_intp/ace_proto_spec.rb
|
154
|
+
- spec/cisco_acl_intp/ace_extended_spec.rb
|
158
155
|
- spec/cisco_acl_intp/ace_spec.rb
|
159
|
-
- spec/cisco_acl_intp/
|
160
|
-
- spec/cisco_acl_intp/
|
156
|
+
- spec/cisco_acl_intp/ace_standard_spec.rb
|
157
|
+
- spec/cisco_acl_intp/acespec_ip_spec.rb
|
158
|
+
- spec/cisco_acl_intp/acespec_other_qualifier_spec.rb
|
159
|
+
- spec/cisco_acl_intp/acespec_port_operator_spec.rb
|
160
|
+
- spec/cisco_acl_intp/acespec_port_spec.rb
|
161
|
+
- spec/cisco_acl_intp/acespec_proto_spec.rb
|
162
|
+
- spec/cisco_acl_intp/acespec_srcdst_spec.rb
|
163
|
+
- spec/cisco_acl_intp/acespec_tcp_flags_spec.rb
|
161
164
|
- spec/cisco_acl_intp/acl_base_spec.rb
|
165
|
+
- spec/cisco_acl_intp/acl_extended_spec.rb
|
166
|
+
- spec/cisco_acl_intp/acl_standard_spec.rb
|
162
167
|
- spec/cisco_acl_intp/cisco_acl_intp_spec.rb
|
163
|
-
- spec/cisco_acl_intp/extended_ace_spec.rb
|
164
|
-
- spec/cisco_acl_intp/extended_acl_spec.rb
|
165
168
|
- spec/cisco_acl_intp/parser_spec.rb
|
166
169
|
- spec/cisco_acl_intp/scanner_spec.rb
|
167
|
-
- spec/cisco_acl_intp/standard_ace_spec.rb
|
168
|
-
- spec/cisco_acl_intp/standard_acl_spec.rb
|
169
170
|
- spec/conf/extacl_objgrp_token_seq.yml
|
170
171
|
- spec/conf/extacl_token_seq.yml
|
171
172
|
- spec/conf/extended_acl.yml
|
@@ -1,137 +0,0 @@
|
|
1
|
-
# -*- coding: utf-8 -*-
|
2
|
-
require 'forwardable'
|
3
|
-
require 'cisco_acl_intp/extended_ace'
|
4
|
-
require 'cisco_acl_intp/acl_utils'
|
5
|
-
|
6
|
-
module CiscoAclIntp
|
7
|
-
# Single access-list container base
|
8
|
-
class SingleAclBase < AclContainerBase
|
9
|
-
extend Forwardable
|
10
|
-
include Enumerable
|
11
|
-
include AceSearchUtility
|
12
|
-
|
13
|
-
# @return [String] name ACL name,
|
14
|
-
# when numbered acl, /\d+/ string
|
15
|
-
attr_reader :name
|
16
|
-
# Some Enumerable included methods returns Array of ACE objects
|
17
|
-
# (e.g. sort),the returned Array was used as ACE object by
|
18
|
-
# overwrite accessor 'list'.
|
19
|
-
# @return [Array<AceBase>] list ACE object Array
|
20
|
-
attr_accessor :list
|
21
|
-
# @return [String, Symbol] acl_type ACL type
|
22
|
-
attr_reader :acl_type
|
23
|
-
# @return [String, Symbol] name_type ACL name type
|
24
|
-
attr_reader :name_type
|
25
|
-
|
26
|
-
def_delegators :@list, :each # for Enumerable
|
27
|
-
def_delegators :@list, :push, :pop, :shift, :unshift
|
28
|
-
def_delegators :@list, :size, :length
|
29
|
-
|
30
|
-
# Increment number of ACL sequence number
|
31
|
-
SEQ_NUM_DIV = 10
|
32
|
-
|
33
|
-
# Constructor
|
34
|
-
# @param [String] name ACL name
|
35
|
-
# @return [SingleAclBase]
|
36
|
-
def initialize(name)
|
37
|
-
@name = name
|
38
|
-
@list = []
|
39
|
-
@seq_number = 0
|
40
|
-
|
41
|
-
@acl_type = nil # :standard or :extended
|
42
|
-
@name_type = nil # :named or :numbered
|
43
|
-
end
|
44
|
-
|
45
|
-
# duplicate ACE list
|
46
|
-
# @param [Array<AceBase>] list List of ACE
|
47
|
-
# @return [SingleAclBase]
|
48
|
-
def dup_with_list(list)
|
49
|
-
acl = dup
|
50
|
-
acl.list = list.dup
|
51
|
-
acl
|
52
|
-
end
|
53
|
-
|
54
|
-
# Add ACE to ACL (push with sequence number)
|
55
|
-
# @param [AceBase] ace ACE object
|
56
|
-
def add_entry(ace)
|
57
|
-
# 'ace' is AceBase Object
|
58
|
-
# it will be ExtendedAce/StandardAce/RemarkAce/EvaluateAce
|
59
|
-
ace.seq_number? ||
|
60
|
-
ace.seq_number = (@list.length + 1) * SEQ_NUM_DIV
|
61
|
-
@list.push ace
|
62
|
-
end
|
63
|
-
|
64
|
-
# Renumber ACL by list sequence
|
65
|
-
def renumber
|
66
|
-
# re-numbering seq_number of each entry
|
67
|
-
@list.reduce(SEQ_NUM_DIV) do |number, each|
|
68
|
-
each.seq_number = number
|
69
|
-
number + SEQ_NUM_DIV
|
70
|
-
end
|
71
|
-
end
|
72
|
-
|
73
|
-
# Check equality
|
74
|
-
# @return [Boolean]
|
75
|
-
def ==(other)
|
76
|
-
if @acl_type &&
|
77
|
-
@name_type &&
|
78
|
-
@acl_type == other.acl_type &&
|
79
|
-
@name_type == other.name_type
|
80
|
-
@list == other.list
|
81
|
-
end
|
82
|
-
end
|
83
|
-
|
84
|
-
# Find lists of ACEs that contains flow by options
|
85
|
-
# @param [Hash] opts Options (target packet info)
|
86
|
-
# options are same as #find_aces_with
|
87
|
-
# @see #find_aces_with
|
88
|
-
# @return [Array<AceBase>] List of ACEs or nil(not found)
|
89
|
-
def find_aces_contains(opts)
|
90
|
-
find_aces_with(opts) { |ace, target_ace| ace.contains?(target_ace) }
|
91
|
-
end
|
92
|
-
|
93
|
-
# Find lists of ACEs that is contained flow by options
|
94
|
-
# @param [Hash] opts Options (target packet info)
|
95
|
-
# options are same as #find_aces_with
|
96
|
-
# @see #find_aces_with
|
97
|
-
# @return [Array<AceBase>] List of ACEs or nil(not found)
|
98
|
-
def find_aces_contained(opts)
|
99
|
-
find_aces_with(opts) { |ace, target_ace| target_ace.contains?(ace) }
|
100
|
-
end
|
101
|
-
|
102
|
-
# Find lists of ACEs
|
103
|
-
# @note In Standard ACL, only src_ip option is used and another
|
104
|
-
# conditions are ignored (if specified).
|
105
|
-
# @param [Hash] opts Options (target flow info),
|
106
|
-
# @option opts [Integer,String] protocol L3 protocol No./Name
|
107
|
-
# @option opts [String] src_ip Source IP Address
|
108
|
-
# @option opts [String] src_operator Source port operator.
|
109
|
-
# @option opts [Integer,String] src_begin_port Source Port No./Name
|
110
|
-
# @option opts [Integer,String] src_end_port Source Port No./Name
|
111
|
-
# @option opts [String] dst_ip Destination IP Address
|
112
|
-
# @option opts [Integer,String] dst_begin_port Destination Port No./Name
|
113
|
-
# @option opts [Integer,String] dst_end_port Destination Port No./Name
|
114
|
-
# @yield Find lists of ACEs
|
115
|
-
# @yieldparam [ExtendedAce] ace ACE
|
116
|
-
# @yieldparam [ExtendedAce] target_ace Target ACE
|
117
|
-
# @yieldreturn [Boolean] Condition to find
|
118
|
-
# @return [Array<AceBase>] List of ACEs or nil(not found)
|
119
|
-
def find_aces_with(opts)
|
120
|
-
target_ace = target_ace(opts)
|
121
|
-
@list.find { |ace| yield(ace, target_ace) }
|
122
|
-
end
|
123
|
-
|
124
|
-
# acl string clean-up (override)
|
125
|
-
# @param [String] str ACL string.
|
126
|
-
# @return [String]
|
127
|
-
def clean_acl_string(str)
|
128
|
-
str =~ /remark/ ? str : super
|
129
|
-
end
|
130
|
-
end
|
131
|
-
end # module
|
132
|
-
|
133
|
-
### Local variables:
|
134
|
-
### mode: Ruby
|
135
|
-
### coding: utf-8-unix
|
136
|
-
### indent-tabs-mode: nil
|
137
|
-
### End:
|