cisco_acl_intp 0.0.3 → 0.0.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +3 -0
- data/.rubocop.yml +2 -2
- data/.travis.yml +4 -2
- data/Gemfile +7 -6
- data/README.md +23 -18
- data/Rakefile +11 -13
- data/cisco_acl_intp.gemspec +7 -7
- data/lib/cisco_acl_intp/acc.rb +111 -0
- data/lib/cisco_acl_intp/{ace.rb → ace_base.rb} +9 -8
- data/lib/cisco_acl_intp/{extended_ace.rb → ace_extended.rb} +8 -10
- data/lib/cisco_acl_intp/{standard_ace.rb → ace_standard.rb} +5 -5
- data/lib/cisco_acl_intp/acespec_base.rb +15 -0
- data/lib/cisco_acl_intp/{ace_ip.rb → acespec_ip.rb} +14 -22
- data/lib/cisco_acl_intp/{ace_other_qualifiers.rb → acespec_other_qualifiers.rb} +7 -7
- data/lib/cisco_acl_intp/{ace_port.rb → acespec_port.rb} +10 -13
- data/lib/cisco_acl_intp/{ace_port_opr.rb → acespec_port_opr.rb} +75 -73
- data/lib/cisco_acl_intp/{ace_port_opr_base.rb → acespec_port_opr_base.rb} +49 -34
- data/lib/cisco_acl_intp/{ace_proto.rb → acespec_proto.rb} +4 -4
- data/lib/cisco_acl_intp/{ace_proto_base.rb → acespec_proto_base.rb} +8 -8
- data/lib/cisco_acl_intp/{ace_srcdst.rb → acespec_srcdst.rb} +9 -8
- data/lib/cisco_acl_intp/{ace_tcp_flags.rb → acespec_tcp_flags.rb} +4 -4
- data/lib/cisco_acl_intp/acl.rb +1 -1
- data/lib/cisco_acl_intp/acl_base.rb +108 -80
- data/lib/cisco_acl_intp/{mono_function_acl.rb → acl_category_base.rb} +5 -5
- data/lib/cisco_acl_intp/acl_utils.rb +1 -1
- data/lib/cisco_acl_intp/parser.rb +388 -406
- data/lib/cisco_acl_intp/parser.ry +8 -3
- data/lib/cisco_acl_intp/parser_api.rb +4 -4
- data/lib/cisco_acl_intp/scanner.rb +8 -10
- data/lib/cisco_acl_intp/scanner_special_token_handler.rb +3 -3
- data/lib/cisco_acl_intp/version.rb +1 -1
- data/spec/cisco_acl_intp/{extended_ace_spec.rb → ace_extended_spec.rb} +157 -128
- data/spec/cisco_acl_intp/ace_spec.rb +21 -19
- data/spec/cisco_acl_intp/{standard_ace_spec.rb → ace_standard_spec.rb} +7 -11
- data/spec/cisco_acl_intp/{ace_ip_spec.rb → acespec_ip_spec.rb} +34 -34
- data/spec/cisco_acl_intp/{ace_other_qualifier_spec.rb → acespec_other_qualifier_spec.rb} +18 -18
- data/spec/cisco_acl_intp/acespec_port_operator_spec.rb +331 -0
- data/spec/cisco_acl_intp/{ace_port_spec.rb → acespec_port_spec.rb} +33 -33
- data/spec/cisco_acl_intp/{ace_proto_spec.rb → acespec_proto_spec.rb} +61 -61
- data/spec/cisco_acl_intp/{ace_srcdst_spec.rb → acespec_srcdst_spec.rb} +113 -54
- data/spec/cisco_acl_intp/{ace_tcp_flags_spec.rb → acespec_tcp_flags_spec.rb} +10 -10
- data/spec/cisco_acl_intp/acl_base_spec.rb +14 -12
- data/spec/cisco_acl_intp/{extended_acl_spec.rb → acl_extended_spec.rb} +28 -28
- data/spec/cisco_acl_intp/{standard_acl_spec.rb → acl_standard_spec.rb} +24 -23
- data/spec/cisco_acl_intp/cisco_acl_intp_spec.rb +1 -1
- data/spec/cisco_acl_intp/parser_spec.rb +12 -12
- data/spec/cisco_acl_intp/scanner_spec.rb +31 -36
- data/spec/parser_fullfill_patterns.rb +6 -7
- data/spec/spec_helper.rb +6 -6
- data/tools/check_acl.rb +1 -1
- metadata +60 -59
- data/lib/cisco_acl_intp/single_acl_base.rb +0 -137
- data/spec/cisco_acl_intp/ace_port_operator_spec.rb +0 -340
@@ -1,9 +1,9 @@
|
|
1
1
|
# -*- coding: utf-8 -*-
|
2
|
-
require 'cisco_acl_intp/
|
2
|
+
require 'cisco_acl_intp/acc'
|
3
3
|
|
4
4
|
module CiscoAclIntp
|
5
5
|
# TCP/UDP Port Set Operator Class
|
6
|
-
class AcePortOperatorBase <
|
6
|
+
class AcePortOperatorBase < AceSpecBase
|
7
7
|
# @return
|
8
8
|
attr_reader :operator
|
9
9
|
|
@@ -11,7 +11,7 @@ module CiscoAclIntp
|
|
11
11
|
# @return [AceProtoSpecBase]
|
12
12
|
attr_reader :begin_port
|
13
13
|
# alias for unary operator
|
14
|
-
|
14
|
+
alias port begin_port
|
15
15
|
|
16
16
|
# @param [AceProtoSpecBase] value Port No. (higher)
|
17
17
|
# @return [AceProtoSpecBase]
|
@@ -52,70 +52,85 @@ module CiscoAclIntp
|
|
52
52
|
def contains?(other)
|
53
53
|
case other
|
54
54
|
when AcePortOpEq
|
55
|
-
|
55
|
+
contains_eq?(other)
|
56
56
|
when AcePortOpNeq
|
57
|
-
|
57
|
+
contains_neq?(other)
|
58
58
|
when AcePortOpLt
|
59
|
-
|
59
|
+
contains_lt?(other)
|
60
60
|
when AcePortOpGt
|
61
|
-
|
61
|
+
contains_gt?(other)
|
62
62
|
when AcePortOpRange
|
63
|
-
|
63
|
+
contains_range?(other)
|
64
64
|
else
|
65
|
-
|
65
|
+
check_any_operator(other)
|
66
66
|
end
|
67
67
|
end
|
68
68
|
|
69
69
|
private
|
70
70
|
|
71
|
+
# ANY operator check
|
72
|
+
# @param [AcePortOpAny] other Another operator
|
73
|
+
# @return [Boolean]
|
74
|
+
def check_any_operator(other)
|
75
|
+
case other
|
76
|
+
when AcePortOpStrictAny
|
77
|
+
# must match before AcePortOpAny (Base Class)
|
78
|
+
contains_strict_any?(other)
|
79
|
+
when AcePortOpAny
|
80
|
+
contains_any?(other)
|
81
|
+
else
|
82
|
+
false # unknown operator
|
83
|
+
end
|
84
|
+
end
|
85
|
+
|
86
|
+
# Operate ANY containing check
|
87
|
+
# @param [AcePortOpAny] _other Another operator
|
88
|
+
# @return [Boolean]
|
89
|
+
def contains_any?(_other)
|
90
|
+
false
|
91
|
+
end
|
92
|
+
|
93
|
+
# Operate STRICT_ANY containing check
|
94
|
+
# @param [AcePortOpStrictAny] _other Another operator
|
95
|
+
# @return [Boolean]
|
96
|
+
def contains_strict_any?(_other)
|
97
|
+
false
|
98
|
+
end
|
99
|
+
|
71
100
|
# Operate EQUAL containing check
|
72
|
-
# @param [
|
101
|
+
# @param [AcePortOpEq] _other Another operator
|
73
102
|
# @return [Boolean]
|
74
|
-
def
|
103
|
+
def contains_eq?(_other)
|
75
104
|
false
|
76
105
|
end
|
77
106
|
|
78
107
|
# Operate NOT_EQUAL containing check
|
79
|
-
# @param [
|
108
|
+
# @param [AcePortOpNeq] _other Another operator
|
80
109
|
# @return [Boolean]
|
81
|
-
def
|
110
|
+
def contains_neq?(_other)
|
82
111
|
false
|
83
112
|
end
|
84
113
|
|
85
114
|
# Operate LOWER_THAN containing check
|
86
|
-
# @param [
|
115
|
+
# @param [AcePortOpLt] _other Another operator
|
87
116
|
# @return [Boolean]
|
88
|
-
def
|
117
|
+
def contains_lt?(_other)
|
89
118
|
false
|
90
119
|
end
|
91
120
|
|
92
121
|
# Operate GREATER_THAN containing check
|
93
|
-
# @param [
|
122
|
+
# @param [AcePortOpGt] _other Another operator
|
94
123
|
# @return [Boolean]
|
95
|
-
def
|
124
|
+
def contains_gt?(_other)
|
96
125
|
false
|
97
126
|
end
|
98
127
|
|
99
128
|
# Operate RANGE containing check
|
100
|
-
# @param [
|
129
|
+
# @param [AcePortOpRange] _other Another operator
|
101
130
|
# @return [Boolean]
|
102
|
-
def
|
131
|
+
def contains_range?(_other)
|
103
132
|
false
|
104
133
|
end
|
105
|
-
|
106
|
-
# Operate *ANY containing check
|
107
|
-
# @param [AcePortOperator] other Another operator
|
108
|
-
# @return [Boolean]
|
109
|
-
def contains_default(other)
|
110
|
-
case other
|
111
|
-
when AcePortOpAny
|
112
|
-
true
|
113
|
-
when AcePortOpStrictAny
|
114
|
-
false
|
115
|
-
else
|
116
|
-
false
|
117
|
-
end
|
118
|
-
end
|
119
134
|
end
|
120
135
|
|
121
136
|
# Unary operator base class
|
@@ -124,7 +139,7 @@ module CiscoAclIntp
|
|
124
139
|
def initialize(*args)
|
125
140
|
super
|
126
141
|
if @begin_port.nil?
|
127
|
-
|
142
|
+
raise AclArgumentError, 'Port did not specified in unary operator'
|
128
143
|
end
|
129
144
|
@end_port = nil
|
130
145
|
end
|
@@ -1,5 +1,5 @@
|
|
1
1
|
# -*- coding: utf-8 -*-
|
2
|
-
require 'cisco_acl_intp/
|
2
|
+
require 'cisco_acl_intp/acespec_proto_base'
|
3
3
|
|
4
4
|
module CiscoAclIntp
|
5
5
|
# IP protocol number/name container
|
@@ -24,7 +24,7 @@ module CiscoAclIntp
|
|
24
24
|
'tcp' => 6,
|
25
25
|
'udp' => 17,
|
26
26
|
'ip' => -1 # dummy
|
27
|
-
}
|
27
|
+
}.freeze
|
28
28
|
|
29
29
|
# Constructor
|
30
30
|
# @param [String, Integer] proto_id L3 Protocol ID (No. or Name)
|
@@ -124,7 +124,7 @@ module CiscoAclIntp
|
|
124
124
|
'uucp' => 540,
|
125
125
|
'whois' => 43,
|
126
126
|
'www' => 80
|
127
|
-
}
|
127
|
+
}.freeze
|
128
128
|
|
129
129
|
# Constructor
|
130
130
|
# @param [String, Integer] proto_id Protocol ID (No. or Name)
|
@@ -179,7 +179,7 @@ module CiscoAclIntp
|
|
179
179
|
'time' => 37,
|
180
180
|
'who' => 513,
|
181
181
|
'xdmcp' => 177
|
182
|
-
}
|
182
|
+
}.freeze
|
183
183
|
|
184
184
|
# Constructor
|
185
185
|
# @param [String, Integer] proto_id Protocol ID (No. or Name)
|
@@ -1,9 +1,9 @@
|
|
1
1
|
# -*- coding: utf-8 -*-
|
2
|
-
require 'cisco_acl_intp/
|
2
|
+
require 'cisco_acl_intp/acespec_base'
|
3
3
|
|
4
4
|
module CiscoAclIntp
|
5
5
|
# IP/TCP/UDP protocol number and protocol name container base
|
6
|
-
class AceProtoSpecBase <
|
6
|
+
class AceProtoSpecBase < AceSpecBase
|
7
7
|
include Comparable
|
8
8
|
|
9
9
|
# @return [String] Protocol name
|
@@ -23,7 +23,7 @@ module CiscoAclIntp
|
|
23
23
|
# because there are keys exists including '-'.
|
24
24
|
DUMMY_PROTO_TABLE = {
|
25
25
|
'any' => -1 # dummy
|
26
|
-
}
|
26
|
+
}.freeze
|
27
27
|
|
28
28
|
# Protocol Table
|
29
29
|
# @return [Hash] Protocol table
|
@@ -52,14 +52,14 @@ module CiscoAclIntp
|
|
52
52
|
when Integer
|
53
53
|
define_param_by_integer(proto_id)
|
54
54
|
else
|
55
|
-
|
55
|
+
raise AclArgumentError, "invalid protocol id #{proto_id}"
|
56
56
|
end
|
57
57
|
end
|
58
58
|
|
59
59
|
# Check the port number in valid range of port number
|
60
60
|
# @return [Boolean]
|
61
61
|
def valid_range?
|
62
|
-
(0
|
62
|
+
(0..@max_num).cover?(@number)
|
63
63
|
end
|
64
64
|
|
65
65
|
# Check the port name is known or not.
|
@@ -128,7 +128,7 @@ module CiscoAclIntp
|
|
128
128
|
if proto_table.key?(@name)
|
129
129
|
proto_table[@name]
|
130
130
|
else
|
131
|
-
|
131
|
+
raise AclArgumentError, "Unknown protocol name: #{@name}"
|
132
132
|
end
|
133
133
|
end
|
134
134
|
|
@@ -139,7 +139,7 @@ module CiscoAclIntp
|
|
139
139
|
if valid_name?
|
140
140
|
@number = name_to_number
|
141
141
|
else
|
142
|
-
|
142
|
+
raise AclArgumentError, "Unknown protocol name: #{@name}"
|
143
143
|
end
|
144
144
|
end
|
145
145
|
|
@@ -150,7 +150,7 @@ module CiscoAclIntp
|
|
150
150
|
if valid_range?
|
151
151
|
@name = number_to_name
|
152
152
|
else
|
153
|
-
|
153
|
+
raise AclArgumentError, "Invalid protocol number: #{@number}"
|
154
154
|
end
|
155
155
|
end
|
156
156
|
end
|
@@ -1,15 +1,15 @@
|
|
1
1
|
# -*- coding: utf-8 -*-
|
2
2
|
require 'netaddr'
|
3
|
-
require 'cisco_acl_intp/
|
4
|
-
require 'cisco_acl_intp/
|
5
|
-
require 'cisco_acl_intp/
|
6
|
-
require 'cisco_acl_intp/
|
3
|
+
require 'cisco_acl_intp/acespec_ip'
|
4
|
+
require 'cisco_acl_intp/acespec_port'
|
5
|
+
require 'cisco_acl_intp/acespec_other_qualifiers'
|
6
|
+
require 'cisco_acl_intp/acespec_tcp_flags'
|
7
7
|
|
8
8
|
module CiscoAclIntp
|
9
9
|
# IP Address and TCP/UDP Port Info
|
10
10
|
# @todo Src/Dst takes Network Object Group or IP/wildcard.
|
11
11
|
# "object-group" is not implemented yet.
|
12
|
-
class AceSrcDstSpec <
|
12
|
+
class AceSrcDstSpec < AceSpecBase
|
13
13
|
# @param [AceIpSpec] value IP address and Wildcard-mask
|
14
14
|
# @return [AceIpSpec]
|
15
15
|
attr_accessor :ip_spec
|
@@ -103,7 +103,7 @@ module CiscoAclIntp
|
|
103
103
|
elsif @options.key?(:ipaddr)
|
104
104
|
AceIpSpec.new(@options)
|
105
105
|
else
|
106
|
-
|
106
|
+
raise AclArgumentError, 'Not specified: ip spec'
|
107
107
|
end
|
108
108
|
end
|
109
109
|
|
@@ -112,7 +112,7 @@ module CiscoAclIntp
|
|
112
112
|
# @see #initialize
|
113
113
|
def define_portspec
|
114
114
|
if @options.key?(:port_spec) &&
|
115
|
-
|
115
|
+
@options[:port_spec].is_a?(AcePortSpec)
|
116
116
|
@options[:port_spec]
|
117
117
|
elsif @options.key?(:operator)
|
118
118
|
AcePortSpec.new(
|
@@ -122,7 +122,8 @@ module CiscoAclIntp
|
|
122
122
|
)
|
123
123
|
else
|
124
124
|
# in standard acl, not used port_spec
|
125
|
-
# if not specified port spec: default: any port
|
125
|
+
# if not specified port spec: default: any port.
|
126
|
+
# port spec should be ignored except tcp/udp protocol.
|
126
127
|
AcePortSpec.new(operator: 'any')
|
127
128
|
end
|
128
129
|
end
|
@@ -1,11 +1,11 @@
|
|
1
1
|
# -*- coding: utf-8 -*-
|
2
2
|
|
3
3
|
require 'forwardable'
|
4
|
-
require 'cisco_acl_intp/
|
4
|
+
require 'cisco_acl_intp/acespec_base'
|
5
5
|
|
6
6
|
module CiscoAclIntp
|
7
7
|
# TCP flag container
|
8
|
-
class AceTcpFlag <
|
8
|
+
class AceTcpFlag < AceSpecBase
|
9
9
|
# @param [String] value TCP flag name
|
10
10
|
# @return [String]
|
11
11
|
attr_accessor :flag
|
@@ -31,7 +31,7 @@ module CiscoAclIntp
|
|
31
31
|
end
|
32
32
|
|
33
33
|
# TCP flag list container
|
34
|
-
class AceTcpFlagList <
|
34
|
+
class AceTcpFlagList < AceSpecBase
|
35
35
|
extend Forwardable
|
36
36
|
|
37
37
|
# @param [Array] value TCP Flags
|
@@ -50,7 +50,7 @@ module CiscoAclIntp
|
|
50
50
|
# Generate string for Cisco IOS access list
|
51
51
|
# @return [String]
|
52
52
|
def to_s
|
53
|
-
tag_port(@list.map
|
53
|
+
tag_port(@list.map(&:to_s).join(' '))
|
54
54
|
end
|
55
55
|
|
56
56
|
# @param [AceTcpFlagList] other RHS Object
|
data/lib/cisco_acl_intp/acl.rb
CHANGED
@@ -1,107 +1,135 @@
|
|
1
1
|
# -*- coding: utf-8 -*-
|
2
|
-
|
3
|
-
require '
|
2
|
+
require 'forwardable'
|
3
|
+
require 'cisco_acl_intp/ace_extended'
|
4
|
+
require 'cisco_acl_intp/acl_utils'
|
5
|
+
require 'cisco_acl_intp/acc'
|
4
6
|
|
5
7
|
module CiscoAclIntp
|
6
|
-
#
|
7
|
-
|
8
|
+
# ACL (access-list) container.
|
9
|
+
# ACL is composed of ACL-Header and ACE-List.
|
10
|
+
# ACL has list(set) of ACE and functions to operate ACE list.
|
11
|
+
class AclBase < AccessControlContainer
|
12
|
+
extend Forwardable
|
13
|
+
include Enumerable
|
14
|
+
include AceSearchUtility
|
15
|
+
|
16
|
+
# @return [String] name ACL name,
|
17
|
+
# when numbered acl, /\d+/ string
|
18
|
+
attr_reader :name
|
19
|
+
# Some Enumerable included methods returns Array of ACE objects
|
20
|
+
# (e.g. sort),the returned Array was used as ACE object by
|
21
|
+
# overwrite accessor 'list'.
|
22
|
+
# @return [Array<AceBase>] list ACE object Array
|
23
|
+
attr_accessor :list
|
24
|
+
# @return [String, Symbol] acl_type ACL type
|
25
|
+
attr_reader :acl_type
|
26
|
+
# @return [String, Symbol] name_type ACL name type
|
27
|
+
attr_reader :name_type
|
28
|
+
|
29
|
+
def_delegators :@list, :each # for Enumerable
|
30
|
+
def_delegators :@list, :push, :pop, :shift, :unshift
|
31
|
+
def_delegators :@list, :size, :length
|
32
|
+
|
33
|
+
# Increment number of ACL sequence number
|
34
|
+
SEQ_NUM_DIV = 10
|
8
35
|
|
9
|
-
|
10
|
-
|
36
|
+
# Constructor
|
37
|
+
# @param [String] name ACL name
|
38
|
+
# @return [AclBase]
|
39
|
+
def initialize(name)
|
40
|
+
@name = name # ACL name
|
41
|
+
@list = [] # List of ACE
|
42
|
+
@seq_number = 0 # Sequence Number of ACE
|
11
43
|
|
12
|
-
|
13
|
-
|
14
|
-
class << self
|
15
|
-
# Color mode: defined as a class instance variable
|
16
|
-
attr_accessor :color_mode
|
44
|
+
@acl_type = nil # :standard or :extended
|
45
|
+
@name_type = nil # :named or :numbered
|
17
46
|
end
|
18
47
|
|
19
|
-
#
|
20
|
-
|
21
|
-
|
48
|
+
# duplicate ACE list
|
49
|
+
# @param [Array<AceBase>] list List of ACE
|
50
|
+
# @return [AclBase]
|
51
|
+
def dup_with_list(list)
|
52
|
+
acl = dup
|
53
|
+
acl.list = list.dup
|
54
|
+
acl
|
22
55
|
end
|
23
56
|
|
24
|
-
#
|
25
|
-
# @
|
26
|
-
|
27
|
-
|
28
|
-
|
57
|
+
# Add ACE to ACL (push with sequence number)
|
58
|
+
# @param [AceBase] ace ACE object
|
59
|
+
def add_entry(ace)
|
60
|
+
# 'ace' is AceBase Object
|
61
|
+
# it will be ExtendedAce/StandardAce/RemarkAce/EvaluateAce
|
62
|
+
ace.seq_number = (@list.length + 1) * SEQ_NUM_DIV unless ace.seq_number?
|
63
|
+
@list.push ace
|
29
64
|
end
|
30
65
|
|
31
|
-
|
66
|
+
# Renumber ACL by list sequence
|
67
|
+
def renumber
|
68
|
+
# re-numbering seq_number of each entry
|
69
|
+
@list.reduce(SEQ_NUM_DIV) do |number, each|
|
70
|
+
each.seq_number = number
|
71
|
+
number + SEQ_NUM_DIV
|
72
|
+
end
|
73
|
+
end
|
32
74
|
|
33
|
-
#
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
protocol: Term::ANSIColor.cyan,
|
43
|
-
port: Term::ANSIColor.cyan,
|
44
|
-
other_qualifier: Term::ANSIColor.green,
|
45
|
-
error: [Term::ANSIColor.red, Term::ANSIColor.bold].join
|
46
|
-
}
|
75
|
+
# Check equality
|
76
|
+
# @return [Boolean]
|
77
|
+
def ==(other)
|
78
|
+
@acl_type &&
|
79
|
+
@name_type &&
|
80
|
+
@acl_type == other.acl_type &&
|
81
|
+
@name_type == other.name_type &&
|
82
|
+
@list == other.list
|
83
|
+
end
|
47
84
|
|
48
|
-
#
|
49
|
-
# @param [
|
50
|
-
#
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
when :html
|
56
|
-
%Q(<span class="acltag_#{tag}">)
|
57
|
-
else
|
58
|
-
''
|
59
|
-
end
|
85
|
+
# Find lists of ACEs that contains flow by options
|
86
|
+
# @param [Hash] opts Options (target packet info)
|
87
|
+
# options are same as #find_aces_with
|
88
|
+
# @see #find_aces_with
|
89
|
+
# @return [Array<AceBase>] List of ACEs or nil(not found)
|
90
|
+
def find_aces_contains(opts)
|
91
|
+
find_aces_with(opts) { |ace, target_ace| ace.contains?(target_ace) }
|
60
92
|
end
|
61
93
|
|
62
|
-
#
|
63
|
-
# @
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
'</span>'
|
70
|
-
else
|
71
|
-
''
|
72
|
-
end
|
94
|
+
# Find lists of ACEs that is contained flow by options
|
95
|
+
# @param [Hash] opts Options (target packet info)
|
96
|
+
# options are same as #find_aces_with
|
97
|
+
# @see #find_aces_with
|
98
|
+
# @return [Array<AceBase>] List of ACEs or nil(not found)
|
99
|
+
def find_aces_contained(opts)
|
100
|
+
find_aces_with(opts) { |ace, target_ace| target_ace.contains?(ace) }
|
73
101
|
end
|
74
102
|
|
75
|
-
#
|
76
|
-
# @
|
77
|
-
#
|
78
|
-
# @
|
79
|
-
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
|
103
|
+
# Find lists of ACEs
|
104
|
+
# @note In Standard ACL, only src_ip option is used and another
|
105
|
+
# conditions are ignored (if specified).
|
106
|
+
# @param [Hash] opts Options (target flow info),
|
107
|
+
# @option opts [Integer,String] protocol L3 protocol No./Name
|
108
|
+
# @option opts [String] src_ip Source IP Address
|
109
|
+
# @option opts [String] src_operator Source port operator.
|
110
|
+
# @option opts [Integer,String] src_begin_port Source Port No./Name
|
111
|
+
# @option opts [Integer,String] src_end_port Source Port No./Name
|
112
|
+
# @option opts [String] dst_ip Destination IP Address
|
113
|
+
# @option opts [Integer,String] dst_begin_port Destination Port No./Name
|
114
|
+
# @option opts [Integer,String] dst_end_port Destination Port No./Name
|
115
|
+
# @yield Find lists of ACEs
|
116
|
+
# @yieldparam [ExtendedAce] ace ACE
|
117
|
+
# @yieldparam [ExtendedAce] target_ace Target ACE
|
118
|
+
# @yieldreturn [Boolean] Condition to find
|
119
|
+
# @return [Array<AceBase>] List of ACEs or nil(not found)
|
120
|
+
def find_aces_with(opts)
|
121
|
+
target_ace = target_ace(opts)
|
122
|
+
@list.find { |ace| yield(ace, target_ace) }
|
84
123
|
end
|
85
124
|
|
86
|
-
# acl string clean-up
|
125
|
+
# acl string clean-up (override)
|
87
126
|
# @param [String] str ACL string.
|
88
127
|
# @return [String]
|
89
128
|
def clean_acl_string(str)
|
90
|
-
str
|
91
|
-
end
|
92
|
-
|
93
|
-
# Generate tagging method dynamically.
|
94
|
-
# @raise [NoMethodError]
|
95
|
-
def method_missing(name, *args)
|
96
|
-
name.to_s =~ /^tag_(.+)$/ && tag = Regexp.last_match(1).intern
|
97
|
-
if TERM_COLOR_TABLE.key?(tag)
|
98
|
-
generate_tagged_str(tag, *args)
|
99
|
-
else
|
100
|
-
super
|
101
|
-
end
|
129
|
+
str =~ /remark/ ? str : super
|
102
130
|
end
|
103
131
|
end
|
104
|
-
end
|
132
|
+
end # module
|
105
133
|
|
106
134
|
### Local variables:
|
107
135
|
### mode: Ruby
|