def in_group_exp(val, ptype):
if len(val) == 0:
log_and_raise("in_group value list should not be empty.")
if val[0] is None:
log_and_raise("in_group expects a valid sequence of predicate values.",
val[1])
return PyComplexPred(PyLiteral(compile.EXPGROUP, [val, ptype]))
def in_group2(val, ptype, pinfo, arg):
if val is None:
log_and_raise(
'in_group predicate expects a valid registered group string name.',
arg)
if pinfo[compile.SIDE_IDX] == compile.SRC_S:
if ptype == compile.SWSRC or ptype == Flow_expr.LOCSRC or \
ptype == Flow_expr.HSRC:
gtype = Flow_expr.HGROUPSRC
elif ptype == Flow_expr.USRC:
gtype = Flow_expr.UGROUPSRC
elif ptype == Flow_expr.DLSRC or ptype == Flow_expr.NWSRC:
gtype = Flow_expr.ADDRGROUPSRC
else:
log_and_raise('unknown ptype value')
elif pinfo[compile.SIDE_IDX] == compile.DST_S:
if ptype == compile.SWDST or ptype == Flow_expr.LOCDST or \
ptype == Flow_expr.HDST:
gtype = Flow_expr.HGROUPDST
elif ptype == Flow_expr.UDST:
gtype = Flow_expr.UGROUPDST
elif ptype == Flow_expr.DLDST or ptype == Flow_expr.NWDST:
gtype = Flow_expr.ADDRGROUPDST
else:
log_and_raise('unknown ptype value')
else:
log_and_raise('unknown SIDE value in in_group definition.')
return PyComplexPred(PyLiteral(gtype, [val, ptype]))
def protocol2(val, arg):
if val is None:
log_and_raise('protocol predicate expects a defined protocol.', arg)
if isinstance(val, basestring):
val = [val]
return PyComplexPred(PyLiteral(compile.PROTO, val))
def isConnResponse():
async = AsyncPred(defer.Deferred())
async .d.callback(
PyComplexPred(PyLiteral(Flow_expr.CONN_ROLE, [Flow_expr.RESPONSE])))
return async
def isConnRequest():
async = AsyncPred(defer.Deferred())
async .d.callback(
PyComplexPred(PyLiteral(Flow_expr.CONN_ROLE, [Flow_expr.REQUEST])))
return async
def conn_role2(val, arg):
if val is None:
log_and_raise('conn_role predicate expects a role.', arg)
return PyComplexPred(PyLiteral(Flow_expr.CONN_ROLE, [val]))
def udst2(val, arg):
if val is None:
log_and_raise('udst predicate expects a registered user principal.',
arg)
return PyComplexPred(PyLiteral(Flow_expr.UDST, [val]))
def dldst2(val, arg):
if val is None:
log_and_raise('dldst predicate expects a valid link layer address.',
arg)
return PyComplexPred(PyLiteral(Flow_expr.DLDST, [val]))
def locdst2(val, arg):
if val is None:
log_and_raise(
'locdst predicate expects a registered location principal.', arg)
return PyComplexPred(PyLiteral(Flow_expr.LOCDST, [val]))
def subnetdst2(val, arg):
if val is None:
log_and_raise(
'subnetdst predicated expects a full IP address with the CIDR prefix length.',
arg)
return PyComplexPred(PyLiteral(Flow_expr.SUBNETDST, [val]))
def tpdst2(val, arg):
if val is None:
log_and_raise(
'tpdst predicate expects a valid transport protocol port.', arg)
return PyComplexPred(PyLiteral(Flow_expr.TPDST, [val]))
def nwproto2(val, arg):
if val is None:
log_and_raise('nwproto predicate expects a valid network protocol.',
arg)
return PyComplexPred(PyLiteral(Flow_expr.NWPROTO, [val]))
def nwdst2(val, arg):
if val is None:
log_and_raise('nwdst predicate expects a valid network address.', arg)
return PyComplexPred(PyLiteral(Flow_expr.NWDST, [val]))
def dltype2(val, arg):
if val is None:
log_and_raise('dltype predicate expects a valid dl type.', arg)
return PyComplexPred(PyLiteral(Flow_expr.DLTYPE, [val]))
def hsrc2(val, arg):
if val is None:
log_and_raise('hsrc predicate expects a registered host principal.',
arg)
return PyComplexPred(PyLiteral(Flow_expr.HSRC, [val]))
def func2(fn, arg):
if fn is None:
log_and_raise(
'func predicate expects a callable function taking a single argument (the flow).',
arg)
return PyComplexPred(PyLiteral(Flow_expr.FUNC, [fn]))
def dlvlan2(val, arg):
if val is None:
log_and_raise('dlvlan predicate expects a valid vlan id.', arg)
return PyComplexPred(PyLiteral(Flow_expr.DLVLAN, [val]))