|
|
|
|
@ -83,24 +83,25 @@ module Rules = struct
|
|
|
|
|
(* Bon, ce module n'est vraiment pas très joli… *)
|
|
|
|
|
|
|
|
|
|
let compile_addrs_list getter expr negate zones addrs_list =
|
|
|
|
|
Expr.Set
|
|
|
|
|
(PrefixSet.fold
|
|
|
|
|
(fun prefix acc -> getter negate prefix @ acc)
|
|
|
|
|
(PrefixSet.of_addrs_list zones addrs_list)
|
|
|
|
|
[]
|
|
|
|
|
|> List.map expr)
|
|
|
|
|
PrefixSet.fold
|
|
|
|
|
(fun prefix acc -> getter negate prefix @ acc)
|
|
|
|
|
(PrefixSet.of_addrs_list zones addrs_list)
|
|
|
|
|
[]
|
|
|
|
|
|> List.map expr
|
|
|
|
|
|
|
|
|
|
let compile_match_addrs getter expr field zones addrs_list =
|
|
|
|
|
[
|
|
|
|
|
Stmt.Match
|
|
|
|
|
( Match.Eq,
|
|
|
|
|
Expr.Payload field,
|
|
|
|
|
compile_addrs_list getter expr false zones addrs_list );
|
|
|
|
|
Stmt.Match
|
|
|
|
|
( Match.NotEq,
|
|
|
|
|
Expr.Payload field,
|
|
|
|
|
compile_addrs_list getter expr true zones addrs_list );
|
|
|
|
|
]
|
|
|
|
|
let equal = compile_addrs_list getter expr false zones addrs_list in
|
|
|
|
|
let not_equal = compile_addrs_list getter expr true zones addrs_list in
|
|
|
|
|
let stmts =
|
|
|
|
|
match equal with
|
|
|
|
|
| [] -> []
|
|
|
|
|
| _ -> [ Stmt.Match (Match.Eq, Expr.Payload field, Expr.Set equal) ]
|
|
|
|
|
in
|
|
|
|
|
match not_equal with
|
|
|
|
|
| [] -> stmts
|
|
|
|
|
| _ ->
|
|
|
|
|
Stmt.Match (Match.NotEq, Expr.Payload field, Expr.Set not_equal)
|
|
|
|
|
:: stmts
|
|
|
|
|
|
|
|
|
|
let compile_match_ipv4 field =
|
|
|
|
|
compile_match_addrs Prefix.to_ipv4_list Expr.ipv4 (Payload.Ipv4 field)
|
|
|
|
|
|
