Skip to content

Commit

Permalink
checking for obsolete entries in an ACL
Browse files Browse the repository at this point in the history
  • Loading branch information
fbuetler committed Apr 17, 2024
1 parent e5b1f72 commit e67b7ba
Show file tree
Hide file tree
Showing 2 changed files with 29 additions and 1 deletion.
22 changes: 21 additions & 1 deletion private/path/pathpol/acl.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,9 @@ import (
var (
// ErrNoDefault indicates that there is no default acl entry.
ErrNoDefault = errors.New("ACL does not have a default")
// ErrObsoleteEntries indicates that there is a default acl entry posisioned in
// the middle, making the following acl entries obsolete.
ErrObsoleteEntries = errors.New("ACL has a default entry posisioned in the middle, making the following entries obsolete")
)

type ACL struct {
Expand Down Expand Up @@ -97,9 +100,26 @@ func (a *ACL) evalInterface(iface snet.PathInterface, ingress bool) ACLAction {
}

func validateACL(entries []*ACLEntry) error {
if len(entries) == 0 || !entries[len(entries)-1].Rule.matchesAll() {
if len(entries) == 0 {
return ErrNoDefault
}

foundAt := -1
for i, e := range entries {
if e.Rule.matchesAll() {
foundAt = i
break
}
}

if foundAt < 0 {
return ErrNoDefault
}

if foundAt != len(entries)-1 {
return ErrObsoleteEntries
}

return nil
}

Expand Down
8 changes: 8 additions & 0 deletions private/path/pathpol/acl_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,14 @@ func TestUnmarshalJSON(t *testing.T) {
"Entry with hop predicates": {
Input: `["+ 42", "-"]`,
},
"Obsolete entries (first)": {
Input: `["-", "+ 27"]`,
ExpectedErr: ErrObsoleteEntries,
},
"Obsolete entries (in the middle)": {
Input: `["+ 42", "-", "+ 27", "- 30"]`,
ExpectedErr: ErrObsoleteEntries,
},
}
for name, test := range tests {
t.Run(name, func(t *testing.T) {
Expand Down

0 comments on commit e67b7ba

Please sign in to comment.