UPF_Firewall/UPF_Firewall/Examples/NAT-FW/NAT-FW.thy

226 lines
7.3 KiB
Plaintext

(*****************************************************************************
* Copyright (c) 2005-2010 ETH Zurich, Switzerland
* 2008-2015 Achim D. Brucker, Germany
* 2009-2016 Université Paris-Sud, France
* 2015-2016 The University of Sheffield, UK
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
* met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* * Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
*
* * Neither the name of the copyright holders nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*****************************************************************************)
section \<open>Example: NAT\<close>
theory
"NAT-FW"
imports
"../../UPF-Firewall"
begin
definition subnet1 :: "adr\<^sub>i\<^sub>p net" where
"subnet1 = {{(d,e). d > 1 \<and> d < 256}}"
definition subnet2 :: "adr\<^sub>i\<^sub>p net" where
"subnet2 = {{(d,e). d > 500 \<and> d < 1256}}"
definition
"accross_subnets x \<equiv>
((src x \<sqsubset> subnet1 \<and> (dest x \<sqsubset> subnet2)) \<or>
(src x \<sqsubset> subnet2 \<and> (dest x \<sqsubset> subnet1)))"
definition
filter :: "(adr\<^sub>i\<^sub>p, DummyContent) FWPolicy" where
"filter = allow_from_port_to (1::port) subnet1 subnet2 ++
allow_from_port_to (2::port) subnet1 subnet2 ++
allow_from_port_to (3::port) subnet1 subnet2 ++ deny_all"
definition
nat_0 where
"nat_0 = (A\<^sub>f(\<lambda>x. {x}))"
lemmas UnfoldPolicy0 =filter_def nat_0_def
NATLemmas
ProtocolPortCombinators.ProtocolCombinators
adr\<^sub>i\<^sub>pLemmas
packet_defs accross_subnets_def
subnet1_def subnet2_def
lemmas subnets = subnet1_def subnet2_def
definition Adr11 :: "int set"
where "Adr11 = {d. d > 2 \<and> d < 3}"
definition Adr21 :: "int set" where
"Adr21 = {d. d > 502 \<and> d < 503}"
definition nat_1 where
"nat_1 = nat_0 ++ (srcPat2pool_IntPort Adr11 Adr21)"
definition policy_1 where
"policy_1 = ((\<lambda> (x,y). x) o_f
((nat_1 \<Otimes>\<^sub>2 filter) o (\<lambda> x. (x,x))))"
lemmas UnfoldPolicy1 = UnfoldPolicy0 nat_1_def Adr11_def Adr21_def policy_1_def
definition Adr12 :: "int set"
where "Adr12 = {d. d > 4 \<and> d < 6}"
definition Adr22 :: "int set" where
"Adr22 = {d. d > 504 \<and> d < 506}"
definition nat_2 where
"nat_2 = nat_1 ++ (srcPat2pool_IntPort Adr12 Adr22)"
definition policy_2 where
"policy_2 = ((\<lambda> (x,y). x) o_f
((nat_2 \<Otimes>\<^sub>2 filter) o (\<lambda> x. (x,x))))"
lemmas UnfoldPolicy2 = UnfoldPolicy1 nat_2_def Adr12_def Adr22_def policy_2_def
definition Adr13 :: "int set"
where "Adr13 = {d. d > 6 \<and> d < 9}"
definition Adr23 :: "int set" where
"Adr23 = {d. d > 506 \<and> d < 509}"
definition nat_3 where
"nat_3 = nat_2 ++ (srcPat2pool_IntPort Adr13 Adr23)"
definition policy_3 where
"policy_3 = ((\<lambda> (x,y). x) o_f
((nat_3 \<Otimes>\<^sub>2 filter) o (\<lambda> x. (x,x))))"
lemmas UnfoldPolicy3 = UnfoldPolicy2 nat_3_def Adr13_def Adr23_def policy_3_def
definition Adr14 :: "int set"
where "Adr14 = {d. d > 8 \<and> d < 12}"
definition Adr24 :: "int set" where
"Adr24 = {d. d > 508 \<and> d < 512}"
definition nat_4 where
"nat_4 = nat_3 ++ (srcPat2pool_IntPort Adr14 Adr24)"
definition policy_4 where
"policy_4 = ((\<lambda> (x,y). x) o_f
((nat_4 \<Otimes>\<^sub>2 filter) o (\<lambda> x. (x,x))))"
lemmas UnfoldPolicy4 = UnfoldPolicy3 nat_4_def Adr14_def Adr24_def policy_4_def
definition Adr15 :: "int set"
where "Adr15 = {d. d > 10 \<and> d < 15}"
definition Adr25 :: "int set" where
"Adr25 = {d. d > 510 \<and> d < 515}"
definition nat_5 where
"nat_5 = nat_4 ++ (srcPat2pool_IntPort Adr15 Adr25)"
definition policy_5 where
"policy_5 = ((\<lambda> (x,y). x) o_f
((nat_5 \<Otimes>\<^sub>2 filter) o (\<lambda> x. (x,x))))"
lemmas UnfoldPolicy5 = UnfoldPolicy4 nat_5_def Adr15_def Adr25_def policy_5_def
definition Adr16 :: "int set"
where "Adr16 = {d. d > 12 \<and> d < 18}"
definition Adr26 :: "int set" where
"Adr26 = {d. d > 512 \<and> d < 518}"
definition nat_6 where
"nat_6 = nat_5 ++ (srcPat2pool_IntPort Adr16 Adr26)"
definition policy_6 where
"policy_6 = ((\<lambda> (x,y). x) o_f
((nat_6 \<Otimes>\<^sub>2 filter) o (\<lambda> x. (x,x))))"
lemmas UnfoldPolicy6 = UnfoldPolicy5 nat_6_def Adr16_def Adr26_def policy_6_def
definition Adr17 :: "int set"
where "Adr17 = {d. d > 14 \<and> d < 21}"
definition Adr27 :: "int set" where
"Adr27 = {d. d > 514 \<and> d < 521}"
definition nat_7 where
"nat_7 = nat_6 ++ (srcPat2pool_IntPort Adr17 Adr27)"
definition policy_7 where
"policy_7 = ((\<lambda> (x,y). x) o_f
((nat_7 \<Otimes>\<^sub>2 filter) o (\<lambda> x. (x,x))))"
lemmas UnfoldPolicy7 = UnfoldPolicy6 nat_7_def Adr17_def Adr27_def policy_7_def
definition Adr18 :: "int set"
where "Adr18 = {d. d > 16 \<and> d < 24}"
definition Adr28 :: "int set" where
"Adr28 = {d. d > 516 \<and> d < 524}"
definition nat_8 where
"nat_8 = nat_7 ++ (srcPat2pool_IntPort Adr18 Adr28)"
definition policy_8 where
"policy_8 = ((\<lambda> (x,y). x) o_f
((nat_8 \<Otimes>\<^sub>2 filter) o (\<lambda> x. (x,x))))"
lemmas UnfoldPolicy8 = UnfoldPolicy7 nat_8_def Adr18_def Adr28_def policy_8_def
definition Adr19 :: "int set"
where "Adr19 = {d. d > 18 \<and> d < 27}"
definition Adr29 :: "int set" where
"Adr29 = {d. d > 518 \<and> d < 527}"
definition nat_9 where
"nat_9 = nat_8 ++ (srcPat2pool_IntPort Adr19 Adr29)"
definition policy_9 where
"policy_9 = ((\<lambda> (x,y). x) o_f
((nat_9 \<Otimes>\<^sub>2 filter) o (\<lambda> x. (x,x))))"
lemmas UnfoldPolicy9 = UnfoldPolicy8 nat_9_def Adr19_def Adr29_def policy_9_def
definition Adr110 :: "int set"
where "Adr110 = {d. d > 20 \<and> d < 30}"
definition Adr210 :: "int set" where
"Adr210 = {d. d > 520 \<and> d < 530}"
definition nat_10 where
"nat_10 = nat_9 ++ (srcPat2pool_IntPort Adr110 Adr210)"
definition policy_10 where
"policy_10 = ((\<lambda> (x,y). x) o_f
((nat_10 \<Otimes>\<^sub>2 filter) o (\<lambda> x. (x,x))))"
lemmas UnfoldPolicy10 = UnfoldPolicy9 nat_10_def Adr110_def Adr210_def policy_10_def
end