-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Lazy evaluation of policies' allowed connections #496
Comments
Regarding bullet#2 and bullet#3 above (#496): |
Moved to NP-Guard repo. See here |
In the new optimized evaluation of allowed connections, a lot of work is done in preprocessing, that is, when building network configs.
This may increase runtime for certain queries, which do not rely on allowed connections (e.g.,
allCaptured
,disjointness
).Moreover, if a network-config is defined but not used, we pay the price for preprocessing its policies.
Suggestions:
{ all allowed connections, captured allowed connections, denied connections, pass connections }
according to query requirements.NetworkPolicy
level, only calculate allowed-connections when needed. That is, initialize the variables storing allowed connections toNone
, and only when theallowed_connections()
function is called for the first time calculate the required HCS.NetworkPolicy
to when its allowed connections are actually required.NetworkConfig
level. Use two variables for captured connection and all connections. Populate these variables lazily.The text was updated successfully, but these errors were encountered: