cisco_acl_intp 0.0.3 → 0.0.4

data/lib/cisco_acl_intp/{ace_port_opr_base.rb → acespec_port_opr_base.rb}

@@ -1,9 +1,9 @@
 # -*- coding: utf-8 -*-
-require 'cisco_acl_intp/acl_base'
+require 'cisco_acl_intp/acc'
 
 module CiscoAclIntp
   # TCP/UDP Port Set Operator Class
-  class AcePortOperatorBase < AclContainerBase
+  class AcePortOperatorBase < AceSpecBase
     # @return
     attr_reader :operator
 
@@ -11,7 +11,7 @@ module CiscoAclIntp
     # @return [AceProtoSpecBase]
     attr_reader :begin_port
     # alias for unary operator
-    alias_method :port, :begin_port
+    alias port begin_port
 
     # @param [AceProtoSpecBase] value Port No. (higher)
     # @return [AceProtoSpecBase]
@@ -52,70 +52,85 @@ module CiscoAclIntp
     def contains?(other)
       case other
       when AcePortOpEq
-        compare_eq(other)
+        contains_eq?(other)
       when AcePortOpNeq
-        compare_neq(other)
+        contains_neq?(other)
       when AcePortOpLt
-        compare_lt(other)
+        contains_lt?(other)
       when AcePortOpGt
-        compare_gt(other)
+        contains_gt?(other)
       when AcePortOpRange
-        compare_range(other)
+        contains_range?(other)
       else
-        contains_default(other)
+        check_any_operator(other)
       end
     end
 
     private
 
+    # ANY operator check
+    # @param [AcePortOpAny] other Another operator
+    # @return [Boolean]
+    def check_any_operator(other)
+      case other
+      when AcePortOpStrictAny
+        # must match before AcePortOpAny (Base Class)
+        contains_strict_any?(other)
+      when AcePortOpAny
+        contains_any?(other)
+      else
+        false # unknown operator
+      end
+    end
+
+    # Operate ANY containing check
+    # @param [AcePortOpAny] _other Another operator
+    # @return [Boolean]
+    def contains_any?(_other)
+      false
+    end
+
+    # Operate STRICT_ANY containing check
+    # @param [AcePortOpStrictAny] _other Another operator
+    # @return [Boolean]
+    def contains_strict_any?(_other)
+      false
+    end
+
     # Operate EQUAL containing check
-    # @param [AcePortOperator] other Another operator
+    # @param [AcePortOpEq] _other Another operator
     # @return [Boolean]
-    def compare_eq(other)
+    def contains_eq?(_other)
       false
     end
 
     # Operate NOT_EQUAL containing check
-    # @param [AcePortOperator] other Another operator
+    # @param [AcePortOpNeq] _other Another operator
     # @return [Boolean]
-    def compare_neq(other)
+    def contains_neq?(_other)
       false
     end
 
     # Operate LOWER_THAN containing check
-    # @param [AcePortOperator] other Another operator
+    # @param [AcePortOpLt] _other Another operator
     # @return [Boolean]
-    def compare_lt(other)
+    def contains_lt?(_other)
       false
     end
 
     # Operate GREATER_THAN containing check
-    # @param [AcePortOperator] other Another operator
+    # @param [AcePortOpGt] _other Another operator
     # @return [Boolean]
-    def compare_gt(other)
+    def contains_gt?(_other)
       false
     end
 
     # Operate RANGE containing check
-    # @param [AcePortOperator] other Another operator
+    # @param [AcePortOpRange] _other Another operator
     # @return [Boolean]
-    def compare_range(other)
+    def contains_range?(_other)
       false
     end
-
-    # Operate *ANY containing check
-    # @param [AcePortOperator] other Another operator
-    # @return [Boolean]
-    def contains_default(other)
-      case other
-      when AcePortOpAny
-        true
-      when AcePortOpStrictAny
-        false
-      else
-        false
-      end
-    end
   end
 
   # Unary operator base class
@@ -124,7 +139,7 @@ module CiscoAclIntp
     def initialize(*args)
       super
       if @begin_port.nil?
-        fail AclArgumentError, 'Port did not specified in unary operator'
+        raise AclArgumentError, 'Port did not specified in unary operator'
       end
       @end_port = nil
     end

data/lib/cisco_acl_intp/{ace_proto.rb → acespec_proto.rb}

@@ -1,5 +1,5 @@
 # -*- coding: utf-8 -*-
-require 'cisco_acl_intp/ace_proto_base'
+require 'cisco_acl_intp/acespec_proto_base'
 
 module CiscoAclIntp
   # IP protocol number/name container
@@ -24,7 +24,7 @@ module CiscoAclIntp
       'tcp' => 6,
       'udp' => 17,
       'ip' => -1 # dummy
-    }
+    }.freeze
 
     # Constructor
     # @param [String, Integer] proto_id L3 Protocol ID (No. or Name)
@@ -124,7 +124,7 @@ module CiscoAclIntp
       'uucp' => 540,
       'whois' => 43,
       'www' => 80
-    }
+    }.freeze
 
     # Constructor
     # @param [String, Integer] proto_id Protocol ID (No. or Name)
@@ -179,7 +179,7 @@ module CiscoAclIntp
       'time' => 37,
       'who' => 513,
       'xdmcp' => 177
-    }
+    }.freeze
 
     # Constructor
     # @param [String, Integer] proto_id Protocol ID (No. or Name)

data/lib/cisco_acl_intp/{ace_proto_base.rb → acespec_proto_base.rb}

@@ -1,9 +1,9 @@
 # -*- coding: utf-8 -*-
-require 'cisco_acl_intp/acl_base'
+require 'cisco_acl_intp/acespec_base'
 
 module CiscoAclIntp
   # IP/TCP/UDP protocol number and protocol name container base
-  class AceProtoSpecBase < AclContainerBase
+  class AceProtoSpecBase < AceSpecBase
     include Comparable
 
     # @return [String] Protocol name
@@ -23,7 +23,7 @@ module CiscoAclIntp
     #   because there are keys exists including '-'.
     DUMMY_PROTO_TABLE = {
       'any' => -1 # dummy
-    }
+    }.freeze
 
     # Protocol Table
     # @return [Hash] Protocol table
@@ -52,14 +52,14 @@ module CiscoAclIntp
       when Integer
         define_param_by_integer(proto_id)
       else
-        fail AclArgumentError, "invalid protocol id #{proto_id}"
+        raise AclArgumentError, "invalid protocol id #{proto_id}"
       end
     end
 
     # Check the port number in valid range of port number
     # @return [Boolean]
     def valid_range?
-      (0 .. @max_num).include?(@number)
+      (0..@max_num).cover?(@number)
     end
 
     # Check the port name is known or not.
@@ -128,7 +128,7 @@ module CiscoAclIntp
       if proto_table.key?(@name)
         proto_table[@name]
       else
-        fail AclArgumentError, "Unknown protocol name: #{@name}"
+        raise AclArgumentError, "Unknown protocol name: #{@name}"
       end
     end
 
@@ -139,7 +139,7 @@ module CiscoAclIntp
       if valid_name?
         @number = name_to_number
       else
-        fail AclArgumentError, "Unknown protocol name: #{@name}"
+        raise AclArgumentError, "Unknown protocol name: #{@name}"
       end
     end
 
@@ -150,7 +150,7 @@ module CiscoAclIntp
       if valid_range?
         @name = number_to_name
       else
-        fail AclArgumentError, "Invalid protocol number: #{@number}"
+        raise AclArgumentError, "Invalid protocol number: #{@number}"
       end
     end
   end

data/lib/cisco_acl_intp/{ace_srcdst.rb → acespec_srcdst.rb}

@@ -1,15 +1,15 @@
 # -*- coding: utf-8 -*-
 require 'netaddr'
-require 'cisco_acl_intp/ace_ip'
-require 'cisco_acl_intp/ace_port'
-require 'cisco_acl_intp/ace_other_qualifiers'
-require 'cisco_acl_intp/ace_tcp_flags'
+require 'cisco_acl_intp/acespec_ip'
+require 'cisco_acl_intp/acespec_port'
+require 'cisco_acl_intp/acespec_other_qualifiers'
+require 'cisco_acl_intp/acespec_tcp_flags'
 
 module CiscoAclIntp
   # IP Address and TCP/UDP Port Info
   # @todo Src/Dst takes Network Object Group or IP/wildcard.
   #    "object-group" is not implemented yet.
-  class AceSrcDstSpec < AclContainerBase
+  class AceSrcDstSpec < AceSpecBase
     # @param [AceIpSpec] value IP address and Wildcard-mask
     # @return [AceIpSpec]
     attr_accessor :ip_spec
@@ -103,7 +103,7 @@ module CiscoAclIntp
       elsif @options.key?(:ipaddr)
         AceIpSpec.new(@options)
       else
-        fail AclArgumentError, 'Not specified: ip spec'
+        raise AclArgumentError, 'Not specified: ip spec'
       end
     end
 
@@ -112,7 +112,7 @@ module CiscoAclIntp
     # @see #initialize
     def define_portspec
       if @options.key?(:port_spec) &&
-          @options[:port_spec].kind_of?(AcePortSpec)
+         @options[:port_spec].is_a?(AcePortSpec)
         @options[:port_spec]
       elsif @options.key?(:operator)
         AcePortSpec.new(
@@ -122,7 +122,8 @@ module CiscoAclIntp
         )
       else
         # in standard acl, not used port_spec
-        # if not specified port spec: default: any port
+        # if not specified port spec: default: any port.
+        # port spec should be ignored except tcp/udp protocol.
         AcePortSpec.new(operator: 'any')
       end
     end

data/lib/cisco_acl_intp/{ace_tcp_flags.rb → acespec_tcp_flags.rb}

@@ -1,11 +1,11 @@
 # -*- coding: utf-8 -*-
 
 require 'forwardable'
-require 'cisco_acl_intp/acl_base'
+require 'cisco_acl_intp/acespec_base'
 
 module CiscoAclIntp
   # TCP flag container
-  class AceTcpFlag < AclContainerBase
+  class AceTcpFlag < AceSpecBase
     # @param [String] value TCP flag name
     # @return [String]
     attr_accessor :flag
@@ -31,7 +31,7 @@ module CiscoAclIntp
   end
 
   # TCP flag list container
-  class AceTcpFlagList < AclContainerBase
+  class AceTcpFlagList < AceSpecBase
     extend Forwardable
 
     # @param [Array] value TCP Flags
@@ -50,7 +50,7 @@ module CiscoAclIntp
     # Generate string for Cisco IOS access list
     # @return [String]
     def to_s
-      tag_port(@list.map { |each| each.to_s }.join(' '))
+      tag_port(@list.map(&:to_s).join(' '))
     end
 
     # @param [AceTcpFlagList] other RHS Object

data/lib/cisco_acl_intp/acl.rb

@@ -1,7 +1,7 @@
 # -*- coding: utf-8 -*-
 
 require 'forwardable'
-require 'cisco_acl_intp/mono_function_acl'
+require 'cisco_acl_intp/acl_category_base'
 
 module CiscoAclIntp
   # Named extended ACL container

data/lib/cisco_acl_intp/acl_base.rb

@@ -1,107 +1,135 @@
 # -*- coding: utf-8 -*-
-
-require 'term/ansicolor'
+require 'forwardable'
+require 'cisco_acl_intp/ace_extended'
+require 'cisco_acl_intp/acl_utils'
+require 'cisco_acl_intp/acc'
 
 module CiscoAclIntp
-  # Standard Error Handler of CiscoAclParser
-  class AclError < StandardError; end
+  # ACL (access-list) container.
+  # ACL is composed of ACL-Header and ACE-List.
+  # ACL has list(set) of ACE and functions to operate ACE list.
+  class AclBase < AccessControlContainer
+    extend Forwardable
+    include Enumerable
+    include AceSearchUtility
+
+    # @return [String] name ACL name,
+    #   when numbered acl, /\d+/ string
+    attr_reader :name
+    # Some Enumerable included methods returns Array of ACE objects
+    # (e.g. sort),the returned Array was used as ACE object by
+    # overwrite accessor 'list'.
+    # @return [Array<AceBase>] list ACE object Array
+    attr_accessor :list
+    # @return [String, Symbol] acl_type ACL type
+    attr_reader :acl_type
+    # @return [String, Symbol] name_type ACL name type
+    attr_reader :name_type
+
+    def_delegators :@list, :each # for Enumerable
+    def_delegators :@list, :push, :pop, :shift, :unshift
+    def_delegators :@list, :size, :length
+
+    # Increment number of ACL sequence number
+    SEQ_NUM_DIV = 10
 
-  # Argument Error Handler of CiscoAclParser
-  class AclArgumentError < AclError; end
+    # Constructor
+    # @param [String] name ACL name
+    # @return [AclBase]
+    def initialize(name)
+      @name = name # ACL name
+      @list = [] # List of ACE
+      @seq_number = 0 # Sequence Number of ACE
 
-  # Acl container common utility and status management
-  class AclContainerBase
-    class << self
-      # Color mode: defined as a class instance variable
-      attr_accessor :color_mode
+      @acl_type = nil # :standard or :extended
+      @name_type = nil # :named or :numbered
     end
 
-    # Disables coloring
-    def self.disable_color
-      @color_mode = :none
+    # duplicate ACE list
+    # @param [Array<AceBase>] list List of ACE
+    # @return [AclBase]
+    def dup_with_list(list)
+      acl = dup
+      acl.list = list.dup
+      acl
     end
 
-    # Generate string for Cisco IOS access list
-    # @abstract
-    # @return [String]
-    def to_s
-      fail AclError, 'Not overridden AclContainerBase::to_s'
+    # Add ACE to ACL (push with sequence number)
+    # @param [AceBase] ace ACE object
+    def add_entry(ace)
+      # 'ace' is AceBase Object
+      # it will be ExtendedAce/StandardAce/RemarkAce/EvaluateAce
+      ace.seq_number = (@list.length + 1) * SEQ_NUM_DIV unless ace.seq_number?
+      @list.push ace
     end
 
-    private
+    # Renumber ACL by list sequence
+    def renumber
+      # re-numbering seq_number of each entry
+      @list.reduce(SEQ_NUM_DIV) do |number, each|
+        each.seq_number = number
+        number + SEQ_NUM_DIV
+      end
+    end
 
-    # Table of ACL Tag color codes for terminal
-    TERM_COLOR_TABLE = {
-      header: Term::ANSIColor.on_blue,
-      type: Term::ANSIColor.underline,
-      action: Term::ANSIColor.intense_magenta,
-      name: Term::ANSIColor.bold,
-      remark: Term::ANSIColor.blink,
-      ip: [Term::ANSIColor.green, Term::ANSIColor.underline].join,
-      mask: Term::ANSIColor.yellow,
-      protocol: Term::ANSIColor.cyan,
-      port: Term::ANSIColor.cyan,
-      other_qualifier: Term::ANSIColor.green,
-      error: [Term::ANSIColor.red, Term::ANSIColor.bold].join
-    }
+    # Check equality
+    # @return [Boolean]
+    def ==(other)
+      @acl_type &&
+        @name_type &&
+        @acl_type == other.acl_type &&
+        @name_type == other.name_type &&
+        @list == other.list
+    end
 
-    # Generate header of ACL tag
-    # @param [Symbol] tag Tag symbol.
-    # @return [String] Tagged string.
-    def generate_tag_header(tag)
-      case AclContainerBase.color_mode
-      when :term
-        TERM_COLOR_TABLE[tag]
-      when :html
-        %Q(<span class="acltag_#{tag}">)
-      else
-        ''
-      end
+    # Find lists of ACEs that contains flow by options
+    # @param [Hash] opts Options (target packet info)
+    #   options are same as #find_aces_with
+    # @see #find_aces_with
+    # @return [Array<AceBase>] List of ACEs or nil(not found)
+    def find_aces_contains(opts)
+      find_aces_with(opts) { |ace, target_ace| ace.contains?(target_ace) }
     end
 
-    # Generate footer of ACL tag
-    # @return [String] Tagged string.
-    def generate_tag_footer
-      case AclContainerBase.color_mode
-      when :term
-        Term::ANSIColor.clear
-      when :html
-        '</span>'
-      else
-        ''
-      end
+    # Find lists of ACEs that is contained flow by options
+    # @param [Hash] opts Options (target packet info)
+    #   options are same as #find_aces_with
+    # @see #find_aces_with
+    # @return [Array<AceBase>] List of ACEs or nil(not found)
+    def find_aces_contained(opts)
+      find_aces_with(opts) { |ace, target_ace| target_ace.contains?(ace) }
     end
 
-    # Generate tagged ACL string.
-    # @param [Symbol] tag Tag symbol.
-    # @param [Array] args Array of argments.
-    # @return [String] Tagged string.
-    def generate_tagged_str(tag, *args)
-      tag_head = generate_tag_header(tag)
-      tag_body = args.join
-      tag_foot = generate_tag_footer
-      [tag_head, tag_body, tag_foot].join
+    # Find lists of ACEs
+    # @note In Standard ACL, only src_ip option is used and another
+    #   conditions are ignored (if specified).
+    # @param [Hash] opts Options (target flow info),
+    # @option opts [Integer,String] protocol L3 protocol No./Name
+    # @option opts [String] src_ip Source IP Address
+    # @option opts [String] src_operator Source port operator.
+    # @option opts [Integer,String] src_begin_port Source Port No./Name
+    # @option opts [Integer,String] src_end_port Source Port No./Name
+    # @option opts [String] dst_ip Destination IP Address
+    # @option opts [Integer,String] dst_begin_port Destination Port No./Name
+    # @option opts [Integer,String] dst_end_port Destination Port No./Name
+    # @yield Find lists of ACEs
+    # @yieldparam [ExtendedAce] ace ACE
+    # @yieldparam [ExtendedAce] target_ace Target ACE
+    # @yieldreturn [Boolean] Condition to find
+    # @return [Array<AceBase>] List of ACEs or nil(not found)
+    def find_aces_with(opts)
+      target_ace = target_ace(opts)
+      @list.find { |ace| yield(ace, target_ace) }
     end
 
-    # acl string clean-up
+    # acl string clean-up (override)
     # @param [String] str ACL string.
     # @return [String]
     def clean_acl_string(str)
-      str.strip.gsub(/\s+/, ' ')
-    end
-
-    # Generate tagging method dynamically.
-    # @raise [NoMethodError]
-    def method_missing(name, *args)
-      name.to_s =~ /^tag_(.+)$/ && tag = Regexp.last_match(1).intern
-      if TERM_COLOR_TABLE.key?(tag)
-        generate_tagged_str(tag, *args)
-      else
-        super
-      end
+      str =~ /remark/ ? str : super
     end
   end
-end
+end # module
 
 ### Local variables:
 ### mode: Ruby