diff --git a/NAT/NAT.thy b/NAT/NAT.thy index 226c2d0..c0ec57e 100644 --- a/NAT/NAT.thy +++ b/NAT/NAT.thy @@ -37,61 +37,60 @@ subsection{* Network Address Translation *} theory - NAT -imports - "../PacketFilter/PacketFilter" + NAT + imports + "../PacketFilter/PacketFilter" begin definition src2pool :: "'\ set \ ('\::adr,'\) packet \ ('\,'\) packet set" where - "src2pool t = (\ p. ({(i,s,d,da). (i = id p \ s \ t \ d = dest p \ da = content p)}))" + "src2pool t = (\ p. ({(i,s,d,da). (i = id p \ s \ t \ d = dest p \ da = content p)}))" definition src2poolAP where - "src2poolAP t = A\<^sub>f (src2pool t)" + "src2poolAP t = A\<^sub>f (src2pool t)" definition srcNat2pool :: "'\ set \ '\ set \ ('\::adr,'\) packet \ ('\,'\) packet set" where - "srcNat2pool srcs transl = {x. src x \ srcs} \ (src2poolAP transl)" + "srcNat2pool srcs transl = {x. src x \ srcs} \ (src2poolAP transl)" definition src2poolPort :: "int set \ (adr\<^sub>i\<^sub>p,'\) packet \ (adr\<^sub>i\<^sub>p,'\) packet set" where - "src2poolPort t = (\ p. ({(i,(s1,s2),(d1,d2),da). + "src2poolPort t = (\ p. ({(i,(s1,s2),(d1,d2),da). (i = id p \ s1 \ t \ s2 = (snd (src p)) \ d1 = (fst (dest p)) \ d2 = snd (dest p) \ da = content p)}))" definition src2poolPort_Protocol :: "int set \ (adr\<^sub>i\<^sub>p\<^sub>p,'\) packet \ (adr\<^sub>i\<^sub>p\<^sub>p,'\) packet set" where - "src2poolPort_Protocol t = (\ p. ({(i,(s1,s2,s3),(d1,d2,d3), da). + "src2poolPort_Protocol t = (\ p. ({(i,(s1,s2,s3),(d1,d2,d3), da). (i = id p \ s1 \ t \ s2 = (fst (snd (src p))) \ s3 = snd (snd (src p)) \ (d1,d2,d3) = dest p \ da = content p)}))" definition srcNat2pool_IntPort :: "address set \ address set \ (adr\<^sub>i\<^sub>p,'\) packet \ (adr\<^sub>i\<^sub>p,'\) packet set" where - "srcNat2pool_IntPort srcs transl = + "srcNat2pool_IntPort srcs transl = {x. fst (src x) \ srcs} \ (A\<^sub>f (src2poolPort transl))" definition srcNat2pool_IntProtocolPort :: "int set \ int set \ (adr\<^sub>i\<^sub>p\<^sub>p,'\) packet \ (adr\<^sub>i\<^sub>p\<^sub>p,'\) packet set" where - "srcNat2pool_IntProtocolPort srcs transl = + "srcNat2pool_IntProtocolPort srcs transl = {x. (fst ( (src x))) \ srcs} \ (A\<^sub>f (src2poolPort_Protocol transl))" definition srcPat2poolPort_t :: "int set \ (adr\<^sub>i\<^sub>p,'\) packet \ (adr\<^sub>i\<^sub>p,'\) packet set" where - "srcPat2poolPort_t t = (\ p. ({(i,(s1,s2),(d1,d2),da). + "srcPat2poolPort_t t = (\ p. ({(i,(s1,s2),(d1,d2),da). (i = id p \ s1 \ t \ d1 = (fst (dest p)) \ d2 = snd (dest p)\ da = content p)}))" definition srcPat2poolPort_Protocol_t :: "int set \ (adr\<^sub>i\<^sub>p\<^sub>p,'\) packet \ (adr\<^sub>i\<^sub>p\<^sub>p,'\) packet set" where - "srcPat2poolPort_Protocol_t t = (\ p. ({(i,(s1,s2,s3),(d1,d2,d3),da). + "srcPat2poolPort_Protocol_t t = (\ p. ({(i,(s1,s2,s3),(d1,d2,d3),da). (i = id p \ s1 \ t \ s3 = src_protocol p \ (d1,d2,d3) = dest p \ da = content p)}))" definition srcPat2pool_IntPort :: "int set \ int set \ (adr\<^sub>i\<^sub>p,'\) packet \ (adr\<^sub>i\<^sub>p,'\) packet set" where - "srcPat2pool_IntPort srcs transl = + "srcPat2pool_IntPort srcs transl = {x. (fst (src x)) \ srcs} \ (A\<^sub>f (srcPat2poolPort_t transl))" definition srcPat2pool_IntProtocol :: "int set \ int set \ (adr\<^sub>i\<^sub>p\<^sub>p,'\) packet \ (adr\<^sub>i\<^sub>p\<^sub>p,'\) packet set" where - "srcPat2pool_IntProtocol srcs transl = + "srcPat2pool_IntProtocol srcs transl = {x. (fst (src x)) \ srcs} \ (A\<^sub>f (srcPat2poolPort_Protocol_t transl))" - text{* The following lemmas are used for achieving a normalized output format of packages after applying NAT. This is used, e.g., by our firewall execution tool. @@ -103,7 +102,7 @@ lemma datasimp: "{(i, (s1, s2, s3), aba). = {(i, (s1, s2, s3), aba). i = i1 \ s1 = i101 \ s3 = iudp \ (\ ((a,aa,b),ba). a = i110 \ aa = X606X3 \ b = X607X4 \ ba = data) aba}" -by auto + by auto lemma datasimp2: "{(i, (s1, s2, s3), aba). \a aa b ba. aba = ((a, aa, b), ba) \ i = i1 \ s1 = i132 \ s3 = iudp \ @@ -111,7 +110,7 @@ lemma datasimp2: "{(i, (s1, s2, s3), aba). = {(i, (s1, s2, s3), aba). i = i1 \ s1 = i132 \ s3 = iudp \ s2 = i1 \ (\ ((a,aa,b),ba). a = i110 \ aa = i4 \ b = iudp \ ba = data) aba}" -by auto + by auto lemma datasimp3: "{(i, (s1, s2, s3), aba). \ a aa b ba. aba = ((a, aa, b), ba) \ i = i1 \ i115 < s1 \ s1 < i124 \ @@ -119,7 +118,7 @@ lemma datasimp3: "{(i, (s1, s2, s3), aba). = {(i, (s1, s2, s3), aba). i = i1 \ i115 < s1 \ s1 < i124 \ s3 = iudp \ s2 = ii1 \ (\ ((a,aa,b),ba). a = i110 & aa = i3 & b = itcp & ba = data) aba}" -by auto + by auto lemma datasimp4: "{(i, (s1, s2, s3), aba). \a aa b ba. aba = ((a, aa, b), ba) \ i = i1 \ s1 = i132 \ s3 = iudp \ @@ -127,7 +126,7 @@ lemma datasimp4: "{(i, (s1, s2, s3), aba). = {(i, (s1, s2, s3), aba). i = i1 \ s1 = i132 \ s3 = iudp \ s2 = ii1 \ (\ ((a,aa,b),ba). a = i110 \ aa = i7 \ b = itcp \ ba = data) aba}" -by auto + by auto lemma datasimp5: " {(i, (s1, s2, s3), aba). i = i1 \ s1 = i101 \ s3 = iudp \ (\ ((a,aa,b),ba). a = i110 \ aa = X606X3 \ @@ -135,7 +134,7 @@ lemma datasimp5: " {(i, (s1, s2, s3), aba). = {(i, (s1, s2, s3), (a,aa,b),ba). i = i1 \ s1 = i101 \ s3 = iudp \ a = i110 \ aa = X606X3 \ b = X607X4 \ ba = data}" -by auto + by auto lemma datasimp6: "{(i, (s1, s2, s3), aba). i = i1 \ s1 = i132 \ s3 = iudp \ s2 = i1 \ @@ -143,7 +142,7 @@ lemma datasimp6: "{(i, (s1, s2, s3), aba). = {(i, (s1, s2, s3), (a,aa,b),ba). i = i1 \ s1 = i132 \ s3 = iudp \ s2 = i1 \ a = i110 \ aa = i4 \ b = iudp \ ba = data}" -by auto + by auto lemma datasimp7: "{(i, (s1, s2, s3), aba). i = i1 \ i115 < s1 \ s1 < i124 \ s3 = iudp \ s2 = ii1 \ @@ -151,13 +150,13 @@ lemma datasimp7: "{(i, (s1, s2, s3), aba). = {(i, (s1, s2, s3), (a,aa,b),ba). i = i1 \ i115 < s1 \ s1 < i124 \ s3 = iudp \ s2 = ii1 \ a = i110 \ aa = i3 \ b = itcp \ ba = data}" -by auto + by auto lemma datasimp8: "{(i, (s1, s2, s3), aba). i = i1 \ s1 = i132 \ s3 = iudp \ s2 = ii1 \ (\ ((a,aa,b),ba). a = i110 \ aa = i7 \ b = itcp \ ba = data) aba} = {(i, (s1, s2, s3), (a,aa,b),ba). i = i1 \ s1 = i132 \ s3 = iudp \ s2 = ii1 \ a = i110 \ aa = i7 \ b = itcp \ ba = data}" -by auto + by auto lemmas datasimps = datasimp datasimp2 datasimp3 datasimp4 datasimp5 datasimp6 datasimp7 datasimp8 @@ -167,4 +166,4 @@ lemmas NATLemmas = src2pool_def src2poolPort_def srcNat2pool_IntProtocolPort_def srcNat2pool_IntPort_def srcPat2poolPort_t_def srcPat2poolPort_Protocol_t_def srcPat2pool_IntPort_def srcPat2pool_IntProtocol_def -end +end \ No newline at end of file