diff options
author | julien zhang <zhang.jun3g@zte.com.cn> | 2017-09-12 14:47:37 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@opnfv.org> | 2017-09-12 14:47:37 +0000 |
commit | 8153ff1bac0ec3664c777302396698e4fb5f34b9 (patch) | |
tree | 2b97892774e3ced5f0c10e400657d28f9222749b /verigraph/service | |
parent | 96de9387460091e7cf0dc5fde1afaa637a8b2b79 (diff) | |
parent | a42de79292d9541db7865b54e93be2d0b6e6a094 (diff) |
Merge "update verigraph"
Diffstat (limited to 'verigraph/service')
37 files changed, 0 insertions, 4881 deletions
diff --git a/verigraph/service/src/mcnet/components/Checker.java b/verigraph/service/src/mcnet/components/Checker.java deleted file mode 100644 index 3c13d28..0000000 --- a/verigraph/service/src/mcnet/components/Checker.java +++ /dev/null @@ -1,363 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2017 Politecnico di Torino and others. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Apache License, Version 2.0 - * which accompanies this distribution, and is available at - * http://www.apache.org/licenses/LICENSE-2.0 - *******************************************************************************/ - -package mcnet.components; - - -import java.util.ArrayList; -import java.util.Arrays; -import java.util.List; - -import com.microsoft.z3.BoolExpr; -import com.microsoft.z3.Context; -import com.microsoft.z3.Expr; -import com.microsoft.z3.IntExpr; -import com.microsoft.z3.Model; -import com.microsoft.z3.Solver; -import com.microsoft.z3.Status; - -/**Various checks for specific properties in the network. - * - */ -public class Checker { - - Context ctx; - Network net; - NetContext nctx; - Solver solver; - ArrayList<BoolExpr> constraints; - public BoolExpr [] assertions; - public Status result; - public Model model; - - - public Checker(Context context,NetContext nctx,Network network){ - this.ctx = context; - this.net = network; - this.nctx = nctx; - this.solver = ctx.mkSolver(); - this.constraints = new ArrayList<BoolExpr>(); - } - - /**Resets the constraints - * - */ - public void clearState (){ - this.solver.reset(); - this.constraints = new ArrayList<BoolExpr>(); - } - - /**Checks whether the source provided can reach the destination - * - * @param src - * @param dest - * @return - */ - public IsolationResult checkIsolationProperty (NetworkObject src, NetworkObject dest){ - assert(net.elements.contains(src)); - assert(net.elements.contains(dest)); - solver.push (); - addConstraints(); - - Expr p0 = ctx.mkConst("check_isolation_p0_"+src.getZ3Node()+"_"+dest.getZ3Node(), nctx.packet); - Expr p1 = ctx.mkConst("check_isolation_p1_"+src.getZ3Node()+"_"+dest.getZ3Node(), nctx.packet); - Expr n_0 =ctx.mkConst("check_isolation_n_0_"+src.getZ3Node()+"_"+dest.getZ3Node(), nctx.node); - Expr n_1 =ctx.mkConst("check_isolation_n_1_"+src.getZ3Node()+"_"+dest.getZ3Node(), nctx.node); - IntExpr t_0 = ctx.mkIntConst("check_isolation_t0_"+src.getZ3Node()+"_"+dest.getZ3Node()); - IntExpr t_1 = ctx.mkIntConst("check_isolation_t1_"+src.getZ3Node()+"_"+dest.getZ3Node()); - - // Constraint1 recv(n_0,destNode,p0,t_0) - this.solver.add((BoolExpr)nctx.recv.apply(n_0, dest.getZ3Node(), p0, t_0)); - - // Constraint2 send(srcNode,n_1,p1,t_1) - this.solver.add((BoolExpr)nctx.send.apply(src.getZ3Node(), n_1, p1, t_1)); - - // Constraint3 nodeHasAddr(srcNode,p1.srcAddr) - this.solver.add((BoolExpr)nctx.nodeHasAddr.apply(src.getZ3Node(), nctx.pf.get("src").apply(p1))); - - // Constraint4 p1.origin == srcNode - this.solver.add(ctx.mkEq(nctx.pf.get("origin").apply(p1), src.getZ3Node())); - - // Constraint5 nodeHasAddr(destNode,p1.destAddr) - this.solver.add((BoolExpr)nctx.nodeHasAddr.apply(dest.getZ3Node(), nctx.pf.get("dest").apply(p1))); - - //NON sembrano necessari - // this.solver.add(z3.Or(this.ctx.nodeHasAddr(src.getZ3Node(), this.ctx.packet.src(p0)),\ - // this.ctx.nodeHasAddr(n_0, this.ctx.packet.src(p0)),\ - // this.ctx.nodeHasAddr(n_1, this.ctx.packet.src(p0)))) - //this.solver.add(this.ctx.packet.dest(p1) == this.ctx.packet.dest(p0)) - - // Constraint6 p1.origin == p0.origin - this.solver.add(ctx.mkEq(nctx.pf.get("origin").apply(p1),nctx.pf.get("origin").apply(p0))); - - // Constraint7 nodeHasAddr(destNode, p0.destAddr) - this.solver.add((BoolExpr)nctx.nodeHasAddr.apply(dest.getZ3Node(), nctx.pf.get("dest").apply(p0))); - - result = this.solver.check(); - model = null; - assertions = this.solver.getAssertions(); - if (result == Status.SATISFIABLE){ - model = this.solver.getModel(); - } - this.solver.pop(); - return new IsolationResult(ctx,result, p0, n_0, t_1, t_0, nctx, assertions, model); - } - - - - public IsolationResult CheckIsolationFlowProperty (NetworkObject src, NetworkObject dest){ - assert(net.elements.contains(src)); - assert(net.elements.contains(dest)); - solver.push (); - addConstraints(); - - Expr p = ctx.mkConst("check_isolation_p_"+src.getZ3Node()+"_"+dest.getZ3Node(), nctx.packet); - Expr n_0 =ctx.mkConst("check_isolation_n_0_"+src.getZ3Node()+"_"+dest.getZ3Node(), nctx.node); - Expr n_1 =ctx.mkConst("check_isolation_n_1_"+src.getZ3Node()+"_"+dest.getZ3Node(), nctx.node); - Expr n_2 =ctx.mkConst("check_isolation_n_1_"+src.getZ3Node()+"_"+dest.getZ3Node(), nctx.node); - - IntExpr t_0 = ctx.mkIntConst("check_isolation_t0_"+src.getZ3Node()+"_"+dest.getZ3Node()); - IntExpr t_1 = ctx.mkIntConst("check_isolation_t1_"+src.getZ3Node()+"_"+dest.getZ3Node()); - IntExpr t_2 = ctx.mkIntConst("check_isolation_t2_"+src.getZ3Node()+"_"+dest.getZ3Node()); - - // Constraint1 recv(n_0,destNode,p,t_0) - this.solver.add((BoolExpr)nctx.recv.apply(n_0, dest.getZ3Node(), p, t_0)); - - // Constraint2 send(srcNode,n_1,p1,t_1) - this.solver.add((BoolExpr)nctx.send.apply(src.getZ3Node(), n_1, p, t_1)); - - // Constraint3 nodeHasAddr(srcNode,p.srcAddr) - this.solver.add((BoolExpr)nctx.nodeHasAddr.apply(src.getZ3Node(), nctx.pf.get("src").apply(p))); - - // Constraint4 p.origin == srcNode - this.solver.add(ctx.mkEq(nctx.pf.get("origin").apply(p), src.getZ3Node())); - - - Expr p_2 = ctx.mkConst("check_isolation_p_flow_"+src.getZ3Node()+"_"+dest.getZ3Node(), nctx.packet); - - // Constraint5 there does not exist p_2, n_2, t_2 : - // send(destNode,n_2,p_2,t_2) && - // p_2.srcAddr == p. destAddr && - // p_2.srcPort == p.destPort && - // p_2.destPort == p.srcPort && - // p_2.destt == p.src && - // t_2 < t_0 - this.solver.add(ctx.mkNot(ctx.mkExists(new Expr[]{p_2,n_2,t_2}, - ctx.mkAnd( - (BoolExpr)nctx.send.apply(dest.getZ3Node(), n_2, p_2, t_2), - ctx.mkEq(nctx.pf.get("src").apply(p_2), nctx.pf.get("dest").apply(p)), - ctx.mkEq(nctx.pf.get("src_port").apply(p_2), nctx.pf.get("dest_port").apply(p)), - ctx.mkEq(nctx.pf.get("dest_port").apply(p_2), nctx.pf.get("src_port").apply(p)), - ctx.mkEq(nctx.pf.get("dest").apply(p_2), nctx.pf.get("src").apply(p)), - ctx.mkLt(t_2,t_0)),1,null,null,null,null))); - - - result = this.solver.check(); - model = null; - assertions = this.solver.getAssertions(); - if (result == Status.SATISFIABLE){ - model = this.solver.getModel(); - } - this.solver.pop(); - return new IsolationResult(ctx,result, p, n_0, t_1, t_0, nctx, assertions, model); - } - - - - public IsolationResult CheckNodeTraversalProperty (NetworkObject src, NetworkObject dest, NetworkObject node){ - assert(net.elements.contains(src)); - assert(net.elements.contains(dest)); - solver.push (); - addConstraints(); - - Expr p = ctx.mkConst("check_isolation_p_"+src.getZ3Node()+"_"+dest.getZ3Node(), nctx.packet); - - Expr n_0 =ctx.mkConst("check_isolation_n_0_"+src.getZ3Node()+"_"+dest.getZ3Node(), nctx.node); - Expr n_1 =ctx.mkConst("check_isolation_n_1_"+src.getZ3Node()+"_"+dest.getZ3Node(), nctx.node); - Expr n_2 =ctx.mkConst("check_isolation_n_1_"+src.getZ3Node()+"_"+dest.getZ3Node(), nctx.node); - - IntExpr t_0 = ctx.mkIntConst("check_isolation_t0_"+src.getZ3Node()+"_"+dest.getZ3Node()); - IntExpr t_1 = ctx.mkIntConst("check_isolation_t1_"+src.getZ3Node()+"_"+dest.getZ3Node()); - IntExpr t_2 = ctx.mkIntConst("check_isolation_t2_"+src.getZ3Node()+"_"+dest.getZ3Node()); - - // Constraint1 recv(n_0,destNode,p,t_0) - this.solver.add((BoolExpr)nctx.recv.apply(n_0, dest.getZ3Node(), p, t_0)); - - // Constraint2 send(srcNode,n_1,p1,t_1) - this.solver.add((BoolExpr)nctx.send.apply(src.getZ3Node(), n_1, p, t_1)); - - // Constraint3 nodeHasAddr(srcNode,p.srcAddr) - this.solver.add((BoolExpr)nctx.nodeHasAddr.apply(src.getZ3Node(), nctx.pf.get("src").apply(p))); - - // Constraint4 p.origin == srcNode - this.solver.add(ctx.mkEq(nctx.pf.get("origin").apply(p), src.getZ3Node())); - - - // Constraint5 there does not exist n_2, t_2 : recv(n_2,node,p,t_2) && t_2 < t_0 - this.solver.add(ctx.mkNot(ctx.mkExists(new Expr[]{n_2,t_2}, - ctx.mkAnd( - (BoolExpr)nctx.recv.apply(n_2, node.getZ3Node(), p, t_2), - ctx.mkLt(t_2,t_0)),1,null,null,null,null))); - - // Constraint 6 there does not exist n_2, t_2 : send(node,n_2,p,t_2) && t_2 < t_0 - this.solver.add(ctx.mkNot(ctx.mkExists(new Expr[]{n_2,t_2}, - ctx.mkAnd( - (BoolExpr)nctx.send.apply(node.getZ3Node(), n_2, p, t_2), - ctx.mkLt(t_2,t_0)),1,null,null,null,null))); - - - result = this.solver.check(); - model = null; - assertions = this.solver.getAssertions(); - if (result == Status.SATISFIABLE){ - model = this.solver.getModel(); - } - this.solver.pop(); - return new IsolationResult(ctx,result, p, n_0, t_1, t_0, nctx, assertions, model); - - } - - public IsolationResult CheckLinkTraversalProperty (NetworkObject src, NetworkObject dest, NetworkObject le0, NetworkObject le1){ - assert(net.elements.contains(src)); - assert(net.elements.contains(dest)); - solver.push (); - addConstraints(); - - Expr p = ctx.mkConst("check_isolation_p_"+src.getZ3Node()+"_"+dest.getZ3Node(), nctx.packet); - - Expr n_0 =ctx.mkConst("check_isolation_n_0_"+src.getZ3Node()+"_"+dest.getZ3Node(), nctx.node); - Expr n_1 =ctx.mkConst("check_isolation_n_1_"+src.getZ3Node()+"_"+dest.getZ3Node(), nctx.node); - - IntExpr t_0 = ctx.mkIntConst("check_isolation_t0_"+src.getZ3Node()+"_"+dest.getZ3Node()); - IntExpr t_1 = ctx.mkIntConst("check_isolation_t1_"+src.getZ3Node()+"_"+dest.getZ3Node()); - IntExpr t_2 = ctx.mkIntConst("check_isolation_t2_"+src.getZ3Node()+"_"+dest.getZ3Node()); - - // Constraint1 recv(n_0,destNode,p,t_0) - this.solver.add((BoolExpr)nctx.recv.apply(n_0, dest.getZ3Node(), p, t_0)); - - // Constraint2 send(srcNode,n_1,p1,t_1) - this.solver.add((BoolExpr)nctx.send.apply(src.getZ3Node(), n_1, p, t_1)); - - // Constraint3 nodeHasAddr(srcNode,p.srcAddr) - this.solver.add((BoolExpr)nctx.nodeHasAddr.apply(src.getZ3Node(), nctx.pf.get("src").apply(p))); - - // Constraint4 p.origin == srcNode - this.solver.add(ctx.mkEq(nctx.pf.get("origin").apply(p), src.getZ3Node())); - - // Constraint5 ∃ t_1, t_2 : - // send(linkNode0,linkNode1,p,t_1) && - // recv(linkNode0,linkNode1,p,t_2) && - // t_1 < t_0 && - // t_2 < t_0 - this.solver.add(ctx.mkExists(new Expr[]{t_1,t_2}, - ctx.mkAnd( - (BoolExpr)nctx.send.apply(le0.getZ3Node(), le1.getZ3Node(), p, t_1), - (BoolExpr)nctx.recv.apply(le0.getZ3Node(), le1.getZ3Node(), p, t_2), - ctx.mkLt(t_1,t_0), - ctx.mkLt(t_2,t_0)),1,null,null,null,null)); - - - result = this.solver.check(); - model = null; - assertions = this.solver.getAssertions(); - if (result == Status.SATISFIABLE){ - model = this.solver.getModel(); - } - this.solver.pop(); - return new IsolationResult(ctx,result, p, n_0, t_1, t_0, nctx, assertions, model); - - } - - public Result CheckDataIsolationPropertyCore (NetworkObject src, NetworkObject dest){ - assert(net.elements.contains(src)); - assert(net.elements.contains(dest)); - List<BoolExpr> constr = this.getConstraints(); - Expr p = ctx.mkConst("check_isolation_p_"+src.getZ3Node()+"_"+dest.getZ3Node(), nctx.packet); - - Expr n_0 =ctx.mkConst("check_isolation_n_0_"+src.getZ3Node()+"_"+dest.getZ3Node(), nctx.node); - IntExpr t = ctx.mkIntConst("check_isolation_t_"+src.getZ3Node()+"_"+dest.getZ3Node()); - - // Constraint1 recv(n_0,destNode,p,t) - constr.add((BoolExpr)nctx.recv.apply(n_0, dest.getZ3Node(), p, t)); - - // Constraint2 p.origin == srcNode - this.solver.add(ctx.mkEq(nctx.pf.get("origin").apply(p), src.getZ3Node())); - - this.solver.push(); - - // Constraint3 for each constraint( n -> constraint) - ArrayList<BoolExpr> names =new ArrayList<BoolExpr>(); - for(BoolExpr con : constr){ - BoolExpr n = ctx.mkBoolConst(""+con); - names.add(n); - this.solver.add(ctx.mkImplies(n, con)); - } - - BoolExpr[] nam = new BoolExpr[names.size()]; - result = this.solver.check(names.toArray(nam)); - Result ret =null; - - if (result == Status.SATISFIABLE){ - System.out.println("SAT"); - ret = new Result(ctx,this.solver.getModel()); - }else if(result == Status.UNSATISFIABLE){ - System.out.println("unsat"); - ret = new Result(ctx,this.solver.getUnsatCore()); - } - this.solver.pop(); - return ret; - } - - public DataIsolationResult CheckDataIsolationProperty(NetworkObject src, NetworkObject dest){ - assert(net.elements.contains(src)); - assert(net.elements.contains(dest)); - solver.push (); - addConstraints(); - - Expr p = ctx.mkConst("check_isolation_p_"+src.getZ3Node()+"_"+dest.getZ3Node(), nctx.packet); - - Expr n_0 =ctx.mkConst("check_isolation_n_0_"+src.getZ3Node()+"_"+dest.getZ3Node(), nctx.node); - IntExpr t = ctx.mkIntConst("check_isolation_t_"+src.getZ3Node()+"_"+dest.getZ3Node()); - - // Constraint1 recv(n_0,destNode,p,t) - this.solver.add((BoolExpr)nctx.recv.apply(n_0, dest.getZ3Node(), p, t)); - - // Constraint2 p.origin == srcNode - this.solver.add(ctx.mkEq(nctx.pf.get("origin").apply(p), src.getZ3Node())); - - result = this.solver.check(); - model = null; - assertions = this.solver.getAssertions(); - if (result == Status.SATISFIABLE){ - model = this.solver.getModel(); - } - this.solver.pop(); - return new DataIsolationResult(ctx,result, p, n_0, t, nctx, assertions, model); - } - - - - - public void addConstraints(){ - nctx.addConstraints(solver); - net.addConstraints(solver); - for (NetworkObject el : net.elements) - el.addConstraints(solver); - } - - - public List<BoolExpr> getConstraints(){ - Solver l = ctx.mkSolver(); - nctx.addConstraints(l); - net.addConstraints(l); - for (NetworkObject el : net.elements) - el.addConstraints(l); - return Arrays.asList(l.getAssertions()); - } -} diff --git a/verigraph/service/src/mcnet/components/Core.java b/verigraph/service/src/mcnet/components/Core.java deleted file mode 100644 index c72b9e3..0000000 --- a/verigraph/service/src/mcnet/components/Core.java +++ /dev/null @@ -1,44 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2017 Politecnico di Torino and others. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Apache License, Version 2.0 - * which accompanies this distribution, and is available at - * http://www.apache.org/licenses/LICENSE-2.0 - *******************************************************************************/ - -package mcnet.components; -import com.microsoft.z3.Context; -import com.microsoft.z3.Solver; - -/**Core component for everything that matters - * - */ -public abstract class Core{ - - final int MAX_PORT = 512; - - /** - * Base class for all objects in the modeling framework - * @param ctx - * @param args - */ - public Core(Context ctx, Object[]... args){ // Object[]... -> The nearest way to implement variable length argument lists - //in Java, in the most generic way. - init(ctx,args); - } - /** - * Override _init for any constructor initialization. Avoids having to explicitly call super.__init__ every Time.class - * @param ctx - * @param args - */ - abstract protected void init(Context ctx,Object[]... args); - - /** - * Add constraints to solver - * @param solver - */ - abstract protected void addConstraints(Solver solver); -} - - diff --git a/verigraph/service/src/mcnet/components/DataIsolationResult.java b/verigraph/service/src/mcnet/components/DataIsolationResult.java deleted file mode 100644 index b90a47f..0000000 --- a/verigraph/service/src/mcnet/components/DataIsolationResult.java +++ /dev/null @@ -1,41 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2017 Politecnico di Torino and others. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Apache License, Version 2.0 - * which accompanies this distribution, and is available at - * http://www.apache.org/licenses/LICENSE-2.0 - *******************************************************************************/ - -package mcnet.components; - -import com.microsoft.z3.BoolExpr; -import com.microsoft.z3.Context; -import com.microsoft.z3.Expr; -import com.microsoft.z3.Model; -import com.microsoft.z3.Status; - - -/**Data structure for the response to a check request for data isolation property - * - */ -public class DataIsolationResult { - - Context ctx; - public NetContext nctx; - public Status result; - public Model model; - public Expr violating_packet,last_hop,last_time,t_1; - public BoolExpr [] assertions; - - public DataIsolationResult(Context ctx,Status result, Expr violating_packet, Expr last_hop, Expr last_time, NetContext nctx, BoolExpr[] assertions, Model model){ - this.ctx = ctx; - this.result = result; - this.violating_packet = violating_packet; - this.last_hop = last_hop; - this.model = model; - this.last_time = last_time; - this.assertions = assertions; - } -} - diff --git a/verigraph/service/src/mcnet/components/IsolationResult.java b/verigraph/service/src/mcnet/components/IsolationResult.java deleted file mode 100644 index 1ecaccc..0000000 --- a/verigraph/service/src/mcnet/components/IsolationResult.java +++ /dev/null @@ -1,42 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2017 Politecnico di Torino and others. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Apache License, Version 2.0 - * which accompanies this distribution, and is available at - * http://www.apache.org/licenses/LICENSE-2.0 - *******************************************************************************/ - -package mcnet.components; - -import com.microsoft.z3.BoolExpr; -import com.microsoft.z3.Context; -import com.microsoft.z3.Expr; -import com.microsoft.z3.Model; -import com.microsoft.z3.Status; - -/** - * Data structure for the response to check requests for isolation properties - * - */ -public class IsolationResult { - - Context ctx; - public NetContext nctx; - public Status result; - public Model model; - public Expr violating_packet,last_hop,last_send_time,last_recv_time,t_1; - public BoolExpr [] assertions; - - public IsolationResult(Context ctx,Status result, Expr violating_packet, Expr last_hop, Expr last_send_time, Expr last_recv_time,NetContext nctx, BoolExpr[] assertions, Model model){ - this.ctx = ctx; - this.result = result; - this.violating_packet = violating_packet; - this.last_hop = last_hop; - this.model = model; - this.last_send_time = last_send_time; - this.last_recv_time = last_recv_time; - this.assertions = assertions; - } -} - diff --git a/verigraph/service/src/mcnet/components/NetContext.java b/verigraph/service/src/mcnet/components/NetContext.java deleted file mode 100644 index ece31c5..0000000 --- a/verigraph/service/src/mcnet/components/NetContext.java +++ /dev/null @@ -1,340 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2017 Politecnico di Torino and others. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Apache License, Version 2.0 - * which accompanies this distribution, and is available at - * http://www.apache.org/licenses/LICENSE-2.0 - *******************************************************************************/ - -package mcnet.components; - -import java.util.ArrayList; -import java.util.HashMap; -import java.util.List; - -import com.microsoft.z3.BoolExpr; -import com.microsoft.z3.Constructor; -import com.microsoft.z3.Context; -import com.microsoft.z3.DatatypeExpr; -import com.microsoft.z3.DatatypeSort; -import com.microsoft.z3.EnumSort; -import com.microsoft.z3.Expr; -import com.microsoft.z3.FuncDecl; -import com.microsoft.z3.IntExpr; -import com.microsoft.z3.Solver; -import com.microsoft.z3.Sort; - -import mcnet.netobjs.DumbNode; - -/** - * Basic fields and other things required for model checking. - * - */ -public class NetContext extends Core{ - - - List<BoolExpr> constraints; - List<Core> policies; - - public HashMap<String,NetworkObject> nm; //list of nodes, callable by node name - public HashMap<String,DatatypeExpr> am; // list of addresses, callable by address name - public HashMap<String,FuncDecl> pf; - Context ctx; - public EnumSort node,address; - public FuncDecl src_port,dest_port,nodeHasAddr,addrToNode,send,recv; - public DatatypeSort packet; - - /* Constants definition - - used in the packet proto field */ - public final int HTTP_REQUEST = 1; - public final int HTTP_RESPONSE = 2; - public final int POP3_REQUEST = 3; - public final int POP3_RESPONSE = 4; - - /** - * Context for all of the rest that follows. Every network needs one of these - * @param ctx - * @param args - */ - public NetContext(Context ctx,Object[]... args ){ - super(ctx,args); - - } - - @Override - protected void init(Context ctx, Object[]... args) { - this.ctx = ctx; - nm = new HashMap<String,NetworkObject>(); //list of nodes, callable by node name - am = new HashMap<String,DatatypeExpr>(); // list of addresses, callable by address name - pf= new HashMap<String,FuncDecl>() ; - - mkTypes((String[])args[0],(String[])args[1]); - - constraints = new ArrayList<BoolExpr>(); - policies = new ArrayList<Core>(); - - baseCondition(); - } - - /** - * A policy is a collection of shared algorithms or functions used by multiple components - * (for instance compression or DPI policies etc). - * @param policy - */ - public void AddPolicy (NetworkObject policy){ - policies.add(policy); - } - - @Override - protected void addConstraints(Solver solver) { - BoolExpr[] constr = new BoolExpr[constraints.size()]; - solver.add(constraints.toArray(constr)); - for (Core policy : policies){ - policy.addConstraints(solver); - } - } - - private void mkTypes (String[] nodes, String[] addresses){ - //Nodes in a network - node = ctx.mkEnumSort("Node", nodes); - for(int i=0;i<node.getConsts().length;i++){ - DatatypeExpr fd = (DatatypeExpr)node.getConst(i); - DumbNode dn =new DumbNode(ctx,new Object[]{fd}); - nm.put(fd.toString(),dn); - } - - //Addresses for this network - String[] new_addr = new String[addresses.length+1]; - for(int k=0;k<addresses.length;k++) - new_addr[k] = addresses[k]; - - new_addr[new_addr.length-1] = "null"; - address = ctx.mkEnumSort("Address", new_addr); - for(int i=0;i<address.getConsts().length;i++){ - DatatypeExpr fd = (DatatypeExpr)address.getConst(i); - am.put(fd.toString(),fd); - } - - // Type for packets, contains (some of these are currently represented as relations): - // - src: Source address - // - dest: Destination address - // - origin: Node where the data originated. (Node) - // - body: Packet contents. (Integer) - // - seq: Sequence number for packets. (Integer) - // - options: A representation for IP options. (Integer) - - String[] fieldNames = new String[]{ - "src","dest","inner_src","inner_dest","origin","orig_body","body","seq","proto","emailFrom","url","options","encrypted"}; - Sort[] srt = new Sort[]{ - address,address,address,address,node,ctx.mkIntSort(),ctx.mkIntSort(),ctx.mkIntSort(), - ctx.mkIntSort(),ctx.mkIntSort(),ctx.mkIntSort(),ctx.mkIntSort(),ctx.mkBoolSort()}; - Constructor packetcon = ctx.mkConstructor("packet", "is_packet", fieldNames, srt, null); - packet = ctx.mkDatatypeSort("packet", new Constructor[] {packetcon}); - - for(int i=0;i<fieldNames.length;i++){ - pf.put(fieldNames[i], packet.getAccessors()[0][i]); // pf to get packet's function declarations by name - } - - src_port = ctx.mkFuncDecl("sport", packet, ctx.mkIntSort()); - dest_port = ctx.mkFuncDecl("dport", packet, ctx.mkIntSort()); - - // Some commonly used relations - - // nodeHasAddr: node -> address -> boolean - nodeHasAddr = ctx.mkFuncDecl("nodeHasAddr", new Sort[]{node, address},ctx.mkBoolSort()); - - // addrToNode: address -> node - addrToNode = ctx.mkFuncDecl("addrToNode", address, node); - - // Send and receive both have the form: - // source-> destination -> packet-> int-> bool - - // send: node -> node -> packet-> int-> bool - send = ctx.mkFuncDecl("send", new Sort[]{ node, node, packet, ctx.mkIntSort()},ctx.mkBoolSort()); - - // recv: node -> node -> packet-> int-> bool - recv = ctx.mkFuncDecl("recv", new Sort[]{ node, node, packet, ctx.mkIntSort()},ctx.mkBoolSort()); - - } - - /** - * Set up base conditions for the network - */ - private void baseCondition(){ - // Basic constraints for the overall model - Expr n_0 = ctx.mkConst("ctx_base_n_0", node); - Expr n_1 = ctx.mkConst("ctx_base_n_1", node); - Expr n_2 = ctx.mkConst("ctx_base_n_2", node); - Expr p_0 = ctx.mkConst("ctx_base_p_0", packet); - Expr p_1 = ctx.mkConst("ctx_base_p_1", packet); - IntExpr t_0 = ctx.mkIntConst("ctx_base_t_0"); - IntExpr t_1 = ctx.mkIntConst("ctx_base_t_1"); - - // Constraint1 send(n_0, n_1, p_0, t_0) -> n_0 != n_1 - constraints.add( - ctx.mkForall(new Expr[]{n_0, n_1, p_0, t_0}, - ctx.mkImplies((BoolExpr)send.apply(n_0, n_1, p_0, t_0),ctx.mkNot(ctx.mkEq( n_0, n_1))),1,null,null,null,null)); - - // Constraint2 recv(n_0, n_1, p_0, t_0) -> n_0 != n_1 - constraints.add( - ctx.mkForall(new Expr[]{n_0, n_1, p_0, t_0}, - ctx.mkImplies((BoolExpr)recv.apply(n_0, n_1, p_0, t_0),ctx.mkNot(ctx.mkEq( n_0, n_1))),1,null,null,null,null)); - - // Constraint3 send(n_0, n_1, p_0, t_0) -> p_0.src != p_0.dest - constraints.add( - ctx.mkForall(new Expr[]{n_0, n_1, p_0, t_0}, - ctx.mkImplies((BoolExpr)send.apply(n_0, n_1, p_0, t_0), - ctx.mkNot(ctx.mkEq( pf.get("src").apply(p_0), pf.get("dest").apply(p_0)))),1,null,null,null,null)); - - // Constraint4 recv(n_0, n_1, p_0, t_0) -> p_0.src != p_0.dest - constraints.add( - ctx.mkForall(new Expr[]{n_0, n_1, p_0, t_0}, - ctx.mkImplies((BoolExpr)recv.apply(n_0, n_1, p_0, t_0), - ctx.mkNot(ctx.mkEq(pf.get("src").apply(p_0),pf.get("dest").apply(p_0)))),1,null,null,null,null)); - - // Constraint5 recv(n_0, n_1, p, t_0) -> send(n_0, n_1, p, t_1) && t_1 < t_0 - constraints.add( - ctx.mkForall(new Expr[]{n_0, n_1, p_0, t_0}, - ctx.mkImplies((BoolExpr)recv.apply(n_0, n_1, p_0, t_0), - ctx.mkExists(new Expr[]{t_1}, - ctx.mkAnd((BoolExpr)send.apply(n_0, n_1, p_0, t_1), - ctx.mkLt(t_1, t_0)),1,null,null,null,null)),1,null,null,null,null)); - - // Constraint6 send(n_0, n_1, p, t_0) -> p.src_port > 0 && p.dest_port < MAX_PORT - constraints.add( - ctx.mkForall(new Expr[]{n_0, n_1, p_0, t_0}, - ctx.mkImplies((BoolExpr)send.apply(n_0, n_1, p_0, t_0), - ctx.mkAnd( ctx.mkGe((IntExpr)src_port.apply(p_0),(IntExpr)ctx.mkInt(0)), - ctx.mkLt((IntExpr)src_port.apply(p_0),(IntExpr) ctx.mkInt(MAX_PORT)))),1,null,null,null,null)); - - // Constraint7 recv(n_0, n_1, p, t_0) -> p.src_port > 0 && p.dest_port < MAX_PORT - constraints.add( - ctx.mkForall(new Expr[]{n_0, n_1, p_0, t_0}, - ctx.mkImplies((BoolExpr)recv.apply(n_0, n_1, p_0, t_0), - ctx.mkAnd( ctx.mkGe((IntExpr)dest_port.apply(p_0),(IntExpr)ctx.mkInt(0)), - ctx.mkLt((IntExpr)dest_port.apply(p_0),(IntExpr) ctx.mkInt(MAX_PORT)))),1,null,null,null,null)); - - // Constraint8 recv(n_0, n_1, p_0, t_0) -> t_0 > 0 - constraints.add( - ctx.mkForall(new Expr[]{n_0, n_1, p_0, t_0}, - ctx.mkImplies((BoolExpr)recv.apply(n_0, n_1, p_0, t_0), - ctx.mkGt(t_0,ctx.mkInt(0))),1,null,null,null,null)); - - // Constraint9 send(n_0, n_1, p_0, t_0) -> t_0 > 0 - constraints.add( - ctx.mkForall(new Expr[]{n_0, n_1, p_0, t_0}, - ctx.mkImplies((BoolExpr)send.apply(n_0, n_1, p_0, t_0), - ctx.mkGt(t_0,ctx.mkInt(0))),1,null,null,null,null)); - - // Extra constriants for supporting the VPN gateway - constraints.add( - ctx.mkForall(new Expr[]{n_0, n_1, p_0, t_0}, - ctx.mkImplies( - ctx.mkAnd((BoolExpr)send.apply(n_0, n_1, p_0, t_0), - ctx.mkNot(ctx.mkEq(this.pf.get("inner_src").apply(p_0), this.am.get("null")))), - ctx.mkNot(ctx.mkEq(this.pf.get("inner_src").apply(p_0), this.pf.get("inner_dest").apply(p_0)))),1,null,null,null,null)); - - constraints.add( - ctx.mkForall(new Expr[]{n_0, n_1, p_0, t_0}, - ctx.mkImplies( - ctx.mkAnd((BoolExpr)send.apply(n_0, n_1, p_0, t_0), - ctx.mkEq(this.pf.get("inner_src").apply(p_0), this.am.get("null"))), - ctx.mkEq(this.pf.get("inner_src").apply(p_0), this.pf.get("inner_dest").apply(p_0))),1,null,null,null,null)); - - constraints.add( - ctx.mkForall(new Expr[]{n_0, n_1, p_0, t_0}, - ctx.mkImplies( - ctx.mkAnd((BoolExpr)send.apply(n_0, n_1, p_0, t_0), - ctx.mkEq(this.pf.get("inner_dest").apply(p_0), this.am.get("null"))), - ctx.mkEq(this.pf.get("inner_src").apply(p_0), this.pf.get("inner_dest").apply(p_0))),1,null,null,null,null)); - - constraints.add( - ctx.mkForall(new Expr[]{n_0, n_1, p_0, t_0}, - ctx.mkImplies( - ctx.mkAnd((BoolExpr)recv.apply(n_0, n_1, p_0, t_0), - ctx.mkNot(ctx.mkEq(this.pf.get("inner_src").apply(p_0), this.am.get("null")))), - ctx.mkNot(ctx.mkEq(this.pf.get("inner_src").apply(p_0), this.pf.get("inner_dest").apply(p_0)))),1,null,null,null,null)); - - constraints.add( - ctx.mkForall(new Expr[]{n_0, n_1, p_0, t_0}, - ctx.mkImplies( - ctx.mkAnd((BoolExpr)recv.apply(n_0, n_1, p_0, t_0), - ctx.mkEq(this.pf.get("inner_src").apply(p_0), this.am.get("null"))), - ctx.mkEq(this.pf.get("inner_src").apply(p_0), this.pf.get("inner_dest").apply(p_0))),1,null,null,null,null)); - - constraints.add( - ctx.mkForall(new Expr[]{n_0, n_1, p_0, t_0}, - ctx.mkImplies( - ctx.mkAnd((BoolExpr)recv.apply(n_0, n_1, p_0, t_0), - ctx.mkEq(this.pf.get("inner_dest").apply(p_0), this.am.get("null"))), - ctx.mkEq(this.pf.get("inner_src").apply(p_0), this.pf.get("inner_dest").apply(p_0))),1,null,null,null,null)); - - constraints.add( - ctx.mkForall(new Expr[]{n_0, n_1, p_0, t_0, n_2, p_1, t_1}, - ctx.mkImplies( - ctx.mkAnd( - ctx.mkLt(t_1, t_0), - (BoolExpr)send.apply(n_0, n_1, p_0, t_0), - (BoolExpr)this.pf.get("encrypted").apply(p_1), - (BoolExpr)recv.apply(n_2, n_0, p_1, t_1), - (BoolExpr)this.pf.get("encrypted").apply(p_0)), - ctx.mkAnd( - ctx.mkEq(this.pf.get("inner_src").apply(p_1), this.pf.get("inner_src").apply(p_0)), - ctx.mkEq(this.pf.get("inner_dest").apply(p_1), this.pf.get("inner_dest").apply(p_0)), - ctx.mkEq(this.pf.get("origin").apply(p_1), this.pf.get("origin").apply(p_0)), - ctx.mkEq(this.pf.get("orig_body").apply(p_1), this.pf.get("orig_body").apply(p_0)), - ctx.mkEq(this.pf.get("body").apply(p_1), this.pf.get("body").apply(p_0)), - ctx.mkEq(this.pf.get("seq").apply(p_1), this.pf.get("seq").apply(p_0)), - ctx.mkEq(this.pf.get("proto").apply(p_1), this.pf.get("proto").apply(p_0)), - ctx.mkEq(this.pf.get("emailFrom").apply(p_1), this.pf.get("emailFrom").apply(p_0)), - ctx.mkEq(this.pf.get("url").apply(p_1), this.pf.get("url").apply(p_0)), - ctx.mkEq(this.pf.get("options").apply(p_1), this.pf.get("options").apply(p_0)))),1,null,null,null,null) - ); - } - - /** - * Two packets have equal headers - * @param p1 - * @param p2 - * @return - */ - public BoolExpr PacketsHeadersEqual(Expr p1, Expr p2){ - return ctx.mkAnd(new BoolExpr[]{ - ctx.mkEq(pf.get("src").apply(p1), pf.get("src").apply(p2)), - ctx.mkEq(pf.get("dest").apply(p1), pf.get("dest").apply(p2)), - ctx.mkEq(pf.get("origin").apply(p1), pf.get("origin").apply(p2)), - ctx.mkEq(pf.get("seq").apply(p1), pf.get("seq").apply(p2)), - ctx.mkEq(src_port.apply(p1), src_port.apply(p2)), - ctx.mkEq(dest_port.apply(p1), dest_port.apply(p2)), - ctx.mkEq(pf.get("options").apply(p1), pf.get("options").apply(p2))}); - } - - /** - * Two packets have equal bodies - * @param p1 - * @param p2 - * @return - */ - public BoolExpr PacketContentEqual(Expr p1, Expr p2){ - return ctx.mkEq(pf.get("body").apply(p1), pf.get("body").apply(p2)); - } - - - /* seems to be useless - * - public Function failurePredicate (NetContext context) - { - return (NetworkObject node) -> ctx.mkNot(context.failed (node.z3Node)); - - }*/ - - public BoolExpr destAddrPredicate (Expr p, DatatypeExpr address){ - return ctx.mkEq(pf.get("dest").apply(p),address); - } - - public BoolExpr srcAddrPredicate (Expr p, DatatypeExpr address){ - return ctx.mkEq(pf.get("src").apply(p),address); - } - -}
\ No newline at end of file diff --git a/verigraph/service/src/mcnet/components/Network.java b/verigraph/service/src/mcnet/components/Network.java deleted file mode 100644 index c04f771..0000000 --- a/verigraph/service/src/mcnet/components/Network.java +++ /dev/null @@ -1,296 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2017 Politecnico di Torino and others. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Apache License, Version 2.0 - * which accompanies this distribution, and is available at - * http://www.apache.org/licenses/LICENSE-2.0 - *******************************************************************************/ - -package mcnet.components; -import java.util.ArrayList; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -import com.microsoft.z3.BoolExpr; -import com.microsoft.z3.Context; -import com.microsoft.z3.DatatypeExpr; -import com.microsoft.z3.Expr; -import com.microsoft.z3.IntExpr; -import com.microsoft.z3.Solver; -import com.microsoft.z3.Z3Exception; - -/**Model for a network, encompasses routing and wiring - * - */ -public class Network extends Core{ - - Context ctx; - NetContext nctx; - List<BoolExpr> constraints; - List<NetworkObject> elements; - - - - public Network(Context ctx,Object[]... args) { - super(ctx, args); - } - - @Override - protected void init(Context ctx, Object[]... args) { - this.ctx = ctx; - this.nctx = (NetContext) args[0][0]; - constraints = new ArrayList<BoolExpr>(); - elements = new ArrayList<NetworkObject>(); - - } - - /**Composes the network linking the configured network objects - * - * @param elements - */ - public void attach (NetworkObject ... elements){ - for(NetworkObject el : elements) - this.elements.add(el); - } - - @Override - protected void addConstraints(Solver solver) { - try { - BoolExpr[] constr = new BoolExpr[constraints.size()]; - solver.add(constraints.toArray(constr)); - } catch (Z3Exception e) { - e.printStackTrace(); - } - } - - /** - * Specify host to address mapping. - * Handles the case in which we have more than one address for a node - * @param addrmap - */ - public void setAddressMappings(ArrayList<Tuple<NetworkObject,ArrayList<DatatypeExpr>>> addrmap){ - // Set address mapping for nodes. - for (Tuple<NetworkObject,ArrayList<DatatypeExpr>> entry : addrmap) { - NetworkObject node=entry._1; - List<DatatypeExpr> addr=entry._2; - Expr a_0 = ctx.mkConst(node+"_address_mapping_a_0",nctx.address); - ArrayList<BoolExpr> or_clause = new ArrayList<BoolExpr>(); - - // Constraint 1 addrToNode(foreach ad in addr) = node - for (DatatypeExpr ad : addr){ - constraints.add(ctx.mkEq(nctx.addrToNode.apply(ad), node.getZ3Node())); - or_clause.add(ctx.mkEq(a_0,ad)); - } - BoolExpr[] orClause = new BoolExpr[or_clause.size()]; - - // Constraint 2 nodeHasAddr(node, a_0) == Or(foreach ad in addr (a_0 == ad)) - // Note we need the iff here to make sure that we set nodeHasAddr to false - // for other addresses. - constraints.add(ctx.mkForall(new Expr[]{a_0}, - ctx.mkEq(ctx.mkOr(or_clause.toArray(orClause)), nctx.nodeHasAddr.apply(node.getZ3Node(), a_0)),1,null,null,null,null)); - } - } - - - - /** - * Don't forward packets addressed to node - * @param node - */ - public void saneSend(NetworkObject node){ - Expr n_0 = ctx.mkConst(node+"_saneSend_n_0", nctx.node); - Expr p_0 = ctx.mkConst(node+"_saneSend_p_0", nctx.packet); - IntExpr t_0 = ctx.mkIntConst(node+"_saneSend_t_0"); - // Constant: node - //Constraint send(node, n_0, p, t_0) -> !nodeHasAddr(node, p.dest) - constraints.add( - ctx.mkForall(new Expr[]{n_0, p_0, t_0}, - ctx.mkImplies((BoolExpr)nctx.send.apply(node.getZ3Node(),n_0, p_0, t_0), - ctx.mkNot((BoolExpr)nctx.nodeHasAddr.apply( node.getZ3Node(), - nctx.pf.get("dest").apply(p_0)))),1,null,null,null,null)); - } - - /** - * Node sends all traffic through gateway - * @param node - * @param gateway - */ - public void setGateway (NetworkObject node, NetworkObject gateway){ - // SetGateway(self, node, gateway): All packets from node are sent through gateway - Expr n_0 = ctx.mkConst(node+"_gateway_n_0", nctx.node); - Expr p_0 = ctx.mkConst(node+"_gateway_p_0", nctx.packet); - IntExpr t_0 = ctx.mkIntConst(node+"_gateway_t_0"); - - //Constraint send(node, n_0, p_0, t_0) -> n_0 = gateway - constraints.add( - ctx.mkForall(new Expr[]{n_0, p_0, t_0}, - ctx.mkImplies( - (BoolExpr)nctx.send.apply(node.getZ3Node(), n_0, p_0, t_0), - ctx.mkEq(n_0,gateway.getZ3Node())),1,null,null,null,null)); - -// constraints.add(ctx.mkForall(new Expr[]{n_0, p_0, t_0}, -// ctx.mkImplies((BoolExpr)nctx.recv.apply(n_0, node.getZ3Node(), p_0, t_0), -// ctx.mkEq(n_0,gateway.getZ3Node())),1,null,null,null,null)); - } - - /** - * Assigns a specific routing table to a network object. Routing entries in the form: address -> node - * @param node - * @param routing_table - */ - public void routingTable (NetworkObject node,ArrayList<Tuple<DatatypeExpr,NetworkObject>> routing_table){ - compositionPolicy(node,routing_table); - } - - /** - * Composition policies steer packets between middleboxes. - * @param node - * @param policy - */ - public void compositionPolicy (NetworkObject node,ArrayList<Tuple<DatatypeExpr,NetworkObject>> policy){ - //Policy is of the form predicate -> node - Expr p_0 = ctx.mkConst(node+"_composition_p_0", nctx.packet); - Expr n_0 = ctx.mkConst(node+"_composition_n_0", nctx.node); - Expr t_0 = ctx.mkIntConst(node+"_composition_t_0"); - - HashMap<String,ArrayList<BoolExpr>> collected = new HashMap<String,ArrayList<BoolExpr>>(); - HashMap<String,NetworkObject> node_dict = new HashMap<String,NetworkObject>(); - BoolExpr predicates; - for(int y=0;y<policy.size();y++){ - Tuple<DatatypeExpr,NetworkObject> tp = policy.get(y); - if(collected.containsKey(""+tp._2)) collected.get(""+tp._2).add(nctx.destAddrPredicate(p_0,tp._1)); - else{ - ArrayList<BoolExpr> alb = new ArrayList<BoolExpr>(); - alb.add(nctx.destAddrPredicate(p_0,tp._1)); - collected.put(""+tp._2,alb); - } - node_dict.put(""+tp._2, tp._2); - } - - //Constraint foreach rtAddr,rtNode in rt( send(node, n_0, p_0, t_0) && - // Or(foreach rtAddr in rt destAddrPredicate(p_0,rtAddr)) -> n_0 == rtNode ) - for (Map.Entry<String,ArrayList<BoolExpr>> entry : collected.entrySet()) { - BoolExpr[] pred = new BoolExpr[entry.getValue().size()]; - predicates = ctx.mkOr(entry.getValue().toArray(pred)); - - constraints.add(ctx.mkForall(new Expr[]{n_0, p_0, t_0}, - ctx.mkImplies(ctx.mkAnd((BoolExpr)nctx.send.apply(node.getZ3Node(), n_0, p_0, t_0), predicates), - ctx.mkEq(n_0, node_dict.get(entry.getKey()).getZ3Node())),1,null,null,null,null)); - } - } - - /** - * Routing entries are in the form: address -> node. Also allows packet to be sent to another box for further processing - * @param node - * @param routing_table - * @param shunt_node - */ - public void routingTableShunt (NetworkObject node,ArrayList<Tuple<DatatypeExpr,NetworkObject>> routing_table,NetworkObject shunt_node){ - compositionPolicyShunt(node,routing_table,shunt_node); - } - - /** - * Composition policies steer packets between middleboxes.Policy is in the form: predicate -> node - * @param node - * @param routing_table - * @param shunt_node - */ - public void compositionPolicyShunt (NetworkObject node,ArrayList<Tuple<DatatypeExpr,NetworkObject>> routing_table,NetworkObject shunt_node){ - Expr p_0 = ctx.mkConst(node+"_composition_p_0", nctx.packet); - Expr n_0 = ctx.mkConst(node+"_composition_n_0", nctx.node); - Expr t_0 = ctx.mkIntConst(node+"_composition_t_0"); - - HashMap<String,ArrayList<BoolExpr>> collected = new HashMap<String,ArrayList<BoolExpr>>(); - HashMap<String,NetworkObject> node_dict = new HashMap<String,NetworkObject>(); - BoolExpr predicates; - for(int y=0;y<routing_table.size();y++){ - Tuple<DatatypeExpr,NetworkObject> tp = routing_table.get(y); - if(collected.containsKey(""+tp._2)) collected.get(""+tp._2).add(nctx.destAddrPredicate(p_0,tp._1)); - else{ - ArrayList<BoolExpr> alb = new ArrayList<BoolExpr>(); - alb.add(nctx.destAddrPredicate(p_0,tp._1)); - collected.put(""+tp._2,alb); - } - node_dict.put(""+tp._2, tp._2); - } - - //Constraint foreach rtAddr,rtNode in rt( send(node, n_0, p_0, t_0) && - // Or(foreach rtAddr in rt destAddrPredicate(p_0,rtAddr)) -> n_0 == rtNode ) - for (Map.Entry<String,ArrayList<BoolExpr>> entry : collected.entrySet()) { - BoolExpr[] pred = new BoolExpr[entry.getValue().size()]; - predicates = ctx.mkOr(entry.getValue().toArray(pred)); - - constraints.add(ctx.mkForall(new Expr[]{n_0, p_0, t_0}, - ctx.mkImplies(ctx.mkAnd((BoolExpr)nctx.send.apply(node.getZ3Node(), n_0, p_0, t_0), predicates), - ctx.mkOr(ctx.mkEq(n_0, node_dict.get(entry.getKey()).getZ3Node()),ctx.mkEq(n_0, shunt_node.getZ3Node()))),1,null,null,null,null)); - } - - } - -// public void SimpleIsolation (NetworkObject node, ArrayList<DatatypeExpr> addresses){ -// Expr p = ctx.mkConst(node+"_s_p", nctx.packet); -// Expr n = ctx.mkConst(node+"_s_n", nctx.node); -// IntExpr t = ctx.mkInt(node+"_s_t"); -// -// BoolExpr[] a_pred= new BoolExpr[addresses.size()]; -// for(int y=0;y<addresses.size();y++){ -// DatatypeExpr de = addresses.get(y); -// a_pred[y] = ctx.mkOr(ctx.mkEq(nctx.pf.get("src").apply(p), de),ctx.mkEq(nctx.pf.get("dest").apply(p), de)); -// } -// -// constraints.add( -// ctx.mkForall(new Expr[]{p, n, t}, -// ctx.mkImplies((BoolExpr)nctx.recv.apply(n, node.getZ3Node(), p, t), -// ctx.mkOr(a_pred)),1,null,null,null,null)); -// constraints.add( -// ctx.mkForall(new Expr[]{p, n, t}, -// ctx.mkImplies((BoolExpr)nctx.send.apply(node.getZ3Node(), n, p, t), -// ctx.mkOr(a_pred)),1,null,null,null,null)); -// } - - - /** - * Set isolation constraints on a node. - * Doesn't need to be set but useful when interfering policies are in play. - * @param node - * @param adjacencies - * - */ - public void SetIsolationConstraint ( NetworkObject node, ArrayList<NetworkObject> adjacencies){ - - Expr n_0 = ctx.mkConst(node+"_isolation_n_0", nctx.node); - Expr p_0 = ctx.mkConst(node+"_isolation_p_0", nctx.packet); - IntExpr t_0 = ctx.mkInt(node+"_isolation_t_0"); - - BoolExpr[] adj = new BoolExpr[adjacencies.size()]; - for(int y=0;y<adjacencies.size();y++){ - NetworkObject no = adjacencies.get(y); - adj[y] = ctx.mkEq(n_0,no.getZ3Node()); - } - BoolExpr clause = ctx.mkOr(adj); - - constraints.add(ctx.mkForall(new Expr[]{n_0, p_0, t_0}, - ctx.mkImplies((BoolExpr)nctx.send.apply(node.getZ3Node(), n_0, p_0, t_0), - clause),1,null,null,null,null)); - constraints.add(ctx.mkForall(new Expr[]{n_0, p_0, t_0}, - ctx.mkImplies((BoolExpr)nctx.recv.apply(n_0, node.getZ3Node(), p_0, t_0), - clause),1,null,null,null,null)); - } - - /** - * Return all currently attached endhosts - * @return NetworkObject - */ - public List<String> EndHosts(){ - List<String> att_nos = new ArrayList<String>(); - for(NetworkObject el :elements){ - if(el.isEndHost){ - System.out.println("el: "+el); - att_nos.add(el.getZ3Node().toString()); - } - } - return att_nos; - } -} diff --git a/verigraph/service/src/mcnet/components/NetworkObject.java b/verigraph/service/src/mcnet/components/NetworkObject.java deleted file mode 100644 index 0de3937..0000000 --- a/verigraph/service/src/mcnet/components/NetworkObject.java +++ /dev/null @@ -1,57 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2017 Politecnico di Torino and others. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Apache License, Version 2.0 - * which accompanies this distribution, and is available at - * http://www.apache.org/licenses/LICENSE-2.0 - *******************************************************************************/ - -package mcnet.components; - -import com.microsoft.z3.Context; -import com.microsoft.z3.DatatypeExpr; - -/** Represents a generic network object. - * - */ -public abstract class NetworkObject extends Core{ - - public NetworkObject(Context ctx,Object[]... args) { - super(ctx,args); - } - - protected DatatypeExpr z3Node; - protected boolean isEndHost; - /** - * Get a reference to the z3 node this class wraps around - * @return - */ - abstract public DatatypeExpr getZ3Node(); - - public String toString(){ - return z3Node.toString(); - } - - //There is probably an error: z3Node.hashCode = 0 because AST.hashCode() has always hash=0 - /*public int hashCode(){ - return z3Node.hashCode(); - }*/ - - /** - * A simple way to determine the set of endhosts - * @return - */ - public boolean isEndHost(){ - return isEndHost; - } - - /** - * Wrap methods to set policy - * @param policy - * @throws UnsupportedOperationException - */ - void setPolicy (Object policy) throws UnsupportedOperationException{ - throw new UnsupportedOperationException(); - } -} diff --git a/verigraph/service/src/mcnet/components/Result.java b/verigraph/service/src/mcnet/components/Result.java deleted file mode 100644 index acb23f1..0000000 --- a/verigraph/service/src/mcnet/components/Result.java +++ /dev/null @@ -1,43 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2017 Politecnico di Torino and others. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Apache License, Version 2.0 - * which accompanies this distribution, and is available at - * http://www.apache.org/licenses/LICENSE-2.0 - *******************************************************************************/ - -package mcnet.components; - -import com.microsoft.z3.BoolExpr; -import com.microsoft.z3.Context; -import com.microsoft.z3.Model; - -/**Data structure for the core of the response to a check request for data isolation property - * - */ -public class Result { - Context ctx; - public Model model; - public BoolExpr[] unsat_core; - -/** - * - * @param ctx - * @param model - */ - public Result(Context ctx, Model model){ - this.ctx = ctx; - this.model = model; - } - -/** - * - * @param ctx - * @param unsat_core - */ - public Result(Context ctx, BoolExpr[] unsat_core){ - this.ctx = ctx; - this.unsat_core = unsat_core; -} -} diff --git a/verigraph/service/src/mcnet/components/Tuple.java b/verigraph/service/src/mcnet/components/Tuple.java deleted file mode 100644 index 849d607..0000000 --- a/verigraph/service/src/mcnet/components/Tuple.java +++ /dev/null @@ -1,35 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2017 Politecnico di Torino and others. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Apache License, Version 2.0 - * which accompanies this distribution, and is available at - * http://www.apache.org/licenses/LICENSE-2.0 - *******************************************************************************/ - -package mcnet.components; - -/** A data structure which is an utility to make a generic couple of objects with different types in Java - * - */ -public class Tuple<T, U> { - public final T _1; - public final U _2; - - - public Tuple(T arg1,U arg2) { - super(); - this._1 = arg1; - this._2 = arg2; - } - - public Tuple(){ - this._1 = null; - this._2 = null; - } - - @Override - public String toString() { - return String.format("(%s, %s)", _1, _2); - } - }
\ No newline at end of file diff --git a/verigraph/service/src/mcnet/netobjs/AclFirewall.java b/verigraph/service/src/mcnet/netobjs/AclFirewall.java deleted file mode 100644 index 4ae3421..0000000 --- a/verigraph/service/src/mcnet/netobjs/AclFirewall.java +++ /dev/null @@ -1,123 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2017 Politecnico di Torino and others. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Apache License, Version 2.0 - * which accompanies this distribution, and is available at - * http://www.apache.org/licenses/LICENSE-2.0 - *******************************************************************************/ - -package mcnet.netobjs; - -import java.util.ArrayList; -import java.util.List; - -import com.microsoft.z3.BoolExpr; -import com.microsoft.z3.Context; -import com.microsoft.z3.DatatypeExpr; -import com.microsoft.z3.Expr; -import com.microsoft.z3.FuncDecl; -import com.microsoft.z3.IntExpr; -import com.microsoft.z3.Solver; -import com.microsoft.z3.Sort; - -import mcnet.components.NetContext; -import mcnet.components.Network; -import mcnet.components.NetworkObject; -import mcnet.components.Tuple; - -/** Represents a Firewall with the associated Access Control List - * - */ -public class AclFirewall extends NetworkObject{ - - List<BoolExpr> constraints; - Context ctx; - DatatypeExpr fw; - ArrayList<Tuple<DatatypeExpr,DatatypeExpr>> acls; - Network net; - NetContext nctx; - FuncDecl acl_func; - - public AclFirewall(Context ctx, Object[]... args) { - super(ctx, args); - } - - @Override - protected void init(Context ctx, Object[]... args) { - this.ctx = ctx; - isEndHost=false; - constraints = new ArrayList<BoolExpr>(); - acls = new ArrayList<Tuple<DatatypeExpr,DatatypeExpr>>(); - z3Node = ((NetworkObject)args[0][0]).getZ3Node(); - fw = z3Node; - net = (Network)args[0][1]; - nctx = (NetContext)args[0][2]; - net.saneSend(this); - firewallSendRules(); - } - - /** - * Wrap add acls - * @param policy - */ - public void setPolicy(ArrayList<Tuple<DatatypeExpr, DatatypeExpr>> policy){ - addAcls(policy); - } - - public void addAcls(ArrayList<Tuple<DatatypeExpr,DatatypeExpr>> acls){ - this.acls.addAll(acls); - } - - @Override - public DatatypeExpr getZ3Node() { - return fw; - } - - - @Override - protected void addConstraints(Solver solver) { - BoolExpr[] constr = new BoolExpr[constraints.size()]; - solver.add(constraints.toArray(constr)); - aclConstraints(solver); - } - - private void firewallSendRules (){ - Expr p_0 = ctx.mkConst(fw+"_firewall_send_p_0", nctx.packet); - Expr n_0 = ctx.mkConst(fw+"_firewall_send_n_0", nctx.node); - Expr n_1 = ctx.mkConst(fw+"_firewall_send_n_1", nctx.node); - IntExpr t_0 = ctx.mkIntConst(fw+"_firewall_send_t_0"); - IntExpr t_1 = ctx.mkIntConst(fw+"_firewall_send_t_1"); - acl_func = ctx.mkFuncDecl(fw+"_acl_func", new Sort[]{nctx.address, nctx.address},ctx.mkBoolSort()); - - //Constraint1 send(fw, n_0, p, t_0) -> (exist n_1,t_1 : (recv(n_1, fw, p, t_1) && - // t_1 < t_0 && !acl_func(p.src,p.dest)) - constraints.add( - ctx.mkForall(new Expr[]{n_0, p_0, t_0}, - ctx.mkImplies( - (BoolExpr)nctx.send.apply(new Expr[]{ fw, n_0, p_0, t_0}), - ctx.mkExists(new Expr[]{t_1}, - ctx.mkAnd(ctx.mkLt(t_1,t_0), - ctx.mkExists(new Expr[]{n_1}, - nctx.recv.apply(n_1, fw, p_0, t_1),1,null,null,null,null), - ctx.mkNot((BoolExpr)acl_func.apply(nctx.pf.get("src").apply(p_0), nctx.pf.get("dest").apply(p_0)))),1,null,null,null,null)),1,null,null,null,null)); - - } - - private void aclConstraints(Solver solver){ - if (acls.size() == 0) - return; - Expr a_0 = ctx.mkConst(fw+"_firewall_acl_a_0", nctx.address); - Expr a_1 = ctx.mkConst(fw+"_firewall_acl_a_1", nctx.address); - BoolExpr[] acl_map = new BoolExpr[acls.size()]; - for(int y=0;y<acls.size();y++){ - Tuple<DatatypeExpr,DatatypeExpr> tp = acls.get(y); - acl_map[y] = ctx.mkOr(ctx.mkAnd(ctx.mkEq(a_0,tp._1),ctx.mkEq(a_1,tp._2)), ctx.mkAnd(ctx.mkEq(a_0,tp._2),ctx.mkEq(a_1,tp._1))); - } - //Constraint2 acl_func(a_0,a_1) == or(foreach ip1,ip2 in acl_map ((a_0 == ip1 && a_1 == ip2)||(a_0 == ip2 && a_1 == ip1))) - solver.add(ctx.mkForall(new Expr[]{a_0, a_1}, - ctx.mkEq( - acl_func.apply(a_0, a_1), - ctx.mkOr(acl_map)),1,null,null,null,null)); - } -}
\ No newline at end of file diff --git a/verigraph/service/src/mcnet/netobjs/DumbNode.java b/verigraph/service/src/mcnet/netobjs/DumbNode.java deleted file mode 100644 index 012ff40..0000000 --- a/verigraph/service/src/mcnet/netobjs/DumbNode.java +++ /dev/null @@ -1,42 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2017 Politecnico di Torino and others. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Apache License, Version 2.0 - * which accompanies this distribution, and is available at - * http://www.apache.org/licenses/LICENSE-2.0 - *******************************************************************************/ - -package mcnet.netobjs; - -import com.microsoft.z3.Context; -import com.microsoft.z3.DatatypeExpr; -import com.microsoft.z3.Solver; - -import mcnet.components.NetworkObject; - -/** - * This is just a wrapper around z3 instances. The idea is that by using this we perhaps need to have - * fewer (or no) ifs to deal with the case where we don't instantiate an object for a node - * - */ -public class DumbNode extends NetworkObject { - public DumbNode(Context ctx, Object[]... args){ - super(ctx,args); - } - - @Override - protected void addConstraints(Solver solver) { - return; - } - - @Override - protected void init(Context ctx, Object[]... args) { - isEndHost=true; - this.z3Node = (DatatypeExpr)args[0][0]; - } - @Override - public DatatypeExpr getZ3Node() { - return z3Node; - } -} diff --git a/verigraph/service/src/mcnet/netobjs/EndHost.java b/verigraph/service/src/mcnet/netobjs/EndHost.java deleted file mode 100644 index 99cf732..0000000 --- a/verigraph/service/src/mcnet/netobjs/EndHost.java +++ /dev/null @@ -1,100 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2017 Politecnico di Torino and others. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Apache License, Version 2.0 - * which accompanies this distribution, and is available at - * http://www.apache.org/licenses/LICENSE-2.0 - *******************************************************************************/ - -package mcnet.netobjs; - -import java.util.ArrayList; -import java.util.List; - -import com.microsoft.z3.BoolExpr; -import com.microsoft.z3.Context; -import com.microsoft.z3.DatatypeExpr; -import com.microsoft.z3.Expr; -import com.microsoft.z3.IntExpr; -import com.microsoft.z3.Solver; - -import mcnet.components.NetContext; -import mcnet.components.Network; -import mcnet.components.NetworkObject; -/** - * End host network objects - * - */ -public class EndHost extends NetworkObject{ - - List<BoolExpr> constraints; - Context ctx; - DatatypeExpr node; - Network net; - NetContext nctx; - - public EndHost(Context ctx, Object[]... args) { - super(ctx, args); - } - - @Override - protected void init(Context ctx, Object[]... args) { - this.ctx = ctx; - isEndHost=true; - constraints = new ArrayList<BoolExpr>(); - z3Node = ((NetworkObject)args[0][0]).getZ3Node(); - node = z3Node; - net = (Network)args[0][1]; - nctx = (NetContext)args[0][2]; - endHostRules(); - } - - @Override - public DatatypeExpr getZ3Node() { - return node; - } - - @Override - protected void addConstraints(Solver solver) { - BoolExpr[] constr = new BoolExpr[constraints.size()]; - solver.add(constraints.toArray(constr)); - } - - public void endHostRules (){ - Expr n_0 = ctx.mkConst("eh_"+node+"_n_0", nctx.node); - IntExpr t_0 = ctx.mkIntConst("eh_"+node+"_t_0"); - Expr p_0 = ctx.mkConst("eh_"+node+"_p_0", nctx.packet); - - //Constraint1 send(node, n_0, p, t_0) -> nodeHasAddr(node,p.src) - constraints.add( - ctx.mkForall(new Expr[]{n_0, p_0, t_0}, - ctx.mkImplies( - (BoolExpr)nctx.send.apply( new Expr[]{ node, n_0, p_0, t_0}), - (BoolExpr)nctx.nodeHasAddr.apply(new Expr[]{node, nctx.pf.get("src").apply(p_0)})),1,null,null,null,null)); - //Constraint2 send(node, n_0, p, t_0) -> p.origin == node - constraints.add( - ctx.mkForall(new Expr[]{n_0, p_0, t_0}, - ctx.mkImplies( - (BoolExpr)nctx.send.apply( new Expr[]{ node, n_0, p_0, t_0}), - ctx.mkEq(nctx.pf.get("origin").apply(p_0),node)),1,null,null,null,null)); - //Constraint3 send(node, n_0, p, t_0) -> p.orig_body == p.body - constraints.add( - ctx.mkForall(new Expr[]{n_0, p_0, t_0}, - ctx.mkImplies( - (BoolExpr)nctx.send.apply(new Expr[]{ node, n_0, p_0, t_0}), - ctx.mkEq(nctx.pf.get("orig_body").apply(p_0),nctx.pf.get("body").apply(p_0))),1,null,null,null,null)); - //Constraint4 recv(n_0, node, p, t_0) -> nodeHasAddr(node,p.dest) - constraints.add( - ctx.mkForall(new Expr[]{n_0, p_0, t_0}, - ctx.mkImplies( - (BoolExpr)nctx.recv.apply( new Expr[]{ n_0, node, p_0, t_0}), - (BoolExpr)nctx.nodeHasAddr.apply(new Expr[]{node, nctx.pf.get("dest").apply(p_0)})),1,null,null,null,null)); - -// Just a try: here we state that an endhost is not able to issue a HTTP response traffic -// See PolitoCache.py model for constants definition (2 means HTTP_RESPONSE, 1 means HTTP_REQUEST) -// constraints.add(ctx.mkForall(new Expr[]{n_0, p_0, t_0}, -// ctx.mkImplies((BoolExpr)nctx.send.apply(node, n_0, p_0, t_0), -// ctx.mkEq(nctx.pf.get("proto").apply(p_0), ctx.mkInt(1))),1,null,null,null,null)); - } -}
\ No newline at end of file diff --git a/verigraph/service/src/mcnet/netobjs/PacketModel.java b/verigraph/service/src/mcnet/netobjs/PacketModel.java deleted file mode 100644 index 5761861..0000000 --- a/verigraph/service/src/mcnet/netobjs/PacketModel.java +++ /dev/null @@ -1,70 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2017 Politecnico di Torino and others. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Apache License, Version 2.0 - * which accompanies this distribution, and is available at - * http://www.apache.org/licenses/LICENSE-2.0 - *******************************************************************************/ - -package mcnet.netobjs; - -import com.microsoft.z3.DatatypeExpr; - -/* - * Fields that can be configured -> "dest","body","seq","proto","emailFrom","url","options" - */ -public class PacketModel { - - private DatatypeExpr ip_dest; - private Integer body; - private Integer seq; - private Integer proto; - private Integer emailFrom; - private Integer url; - private Integer options; - - public DatatypeExpr getIp_dest() { - return ip_dest; - } - public void setIp_dest(DatatypeExpr ip_dest) { - this.ip_dest = ip_dest; - } - public Integer getBody() { - return body; - } - public void setBody(Integer body) { - this.body = body; - } - public Integer getSeq() { - return seq; - } - public void setSeq(Integer seq) { - this.seq = seq; - } - public Integer getProto() { - return proto; - } - public void setProto(Integer proto) { - this.proto = proto; - } - public Integer getEmailFrom() { - return emailFrom; - } - public void setEmailFrom(Integer emailFrom) { - this.emailFrom = emailFrom; - } - public Integer getUrl() { - return url; - } - public void setUrl(Integer url) { - this.url = url; - } - public Integer getOptions() { - return options; - } - public void setOptions(Integer options) { - this.options = options; - } - -} diff --git a/verigraph/service/src/mcnet/netobjs/PolitoAntispam.java b/verigraph/service/src/mcnet/netobjs/PolitoAntispam.java deleted file mode 100644 index abb4615..0000000 --- a/verigraph/service/src/mcnet/netobjs/PolitoAntispam.java +++ /dev/null @@ -1,124 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2017 Politecnico di Torino and others. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Apache License, Version 2.0 - * which accompanies this distribution, and is available at - * http://www.apache.org/licenses/LICENSE-2.0 - *******************************************************************************/ - -package mcnet.netobjs; - - -import java.util.ArrayList; -import java.util.List; - -import com.microsoft.z3.BoolExpr; -import com.microsoft.z3.Context; -import com.microsoft.z3.DatatypeExpr; -import com.microsoft.z3.Expr; -import com.microsoft.z3.FuncDecl; -import com.microsoft.z3.IntExpr; -import com.microsoft.z3.Solver; - -import mcnet.components.NetContext; -import mcnet.components.Network; -import mcnet.components.NetworkObject; - -/** - * Model of an anti-spam node - * - */ -public class PolitoAntispam extends NetworkObject{ - - List<BoolExpr> constraints; - Context ctx; - DatatypeExpr politoAntispam; - Network net; - NetContext nctx; - FuncDecl isInBlacklist; - - public PolitoAntispam(Context ctx, Object[]... args) { - super(ctx, args); - } - - @Override - protected void init(Context ctx, Object[]... args) { - this.ctx = ctx; - isEndHost=false; - constraints = new ArrayList<BoolExpr>(); - z3Node = ((NetworkObject)args[0][0]).getZ3Node(); - politoAntispam = z3Node; - net = (Network)args[0][1]; - nctx = (NetContext)args[0][2]; - //net.saneSend(this); - } - - @Override - public DatatypeExpr getZ3Node() { - return politoAntispam; - } - - @Override - protected void addConstraints(Solver solver) { - BoolExpr[] constr = new BoolExpr[constraints.size()]; - solver.add(constraints.toArray(constr)); - } - - public void installAntispam (int[] blackList){ - Expr n_0 = ctx.mkConst(politoAntispam+"_n_0", nctx.node); - Expr n_1 = ctx.mkConst(politoAntispam+"_n_1", nctx.node); - Expr p_0 = ctx.mkConst(politoAntispam+"_p_0", nctx.packet); - IntExpr t_0 = ctx.mkIntConst(politoAntispam+"_t_0"); - IntExpr t_1 = ctx.mkIntConst(politoAntispam+"_t_1"); - IntExpr ef_0 = ctx.mkIntConst(politoAntispam+"_ef_0"); - - isInBlacklist = ctx.mkFuncDecl(politoAntispam+"_isInBlacklist", ctx.mkIntSort(), ctx.mkBoolSort()); - BoolExpr[] blConstraint = new BoolExpr[blackList.length]; - if(blackList.length != 0){ - for (int i=0;i<blackList.length;i++) - blConstraint[i]=(ctx.mkEq(ef_0,ctx.mkInt(blackList[i]))); - //Constraint1a if(isInBlackList(ef_0) == or(for bl in blacklist (ef_0==bl)) ? true : false - constraints.add(ctx.mkForall(new Expr[]{ef_0}, ctx.mkIff((BoolExpr)isInBlacklist.apply(ef_0),ctx.mkOr(blConstraint)),1,null,null,null,null)); - }else{ - //Constraint1b isInblackList(ef_0) == false - constraints.add(ctx.mkForall(new Expr[]{ef_0}, ctx.mkEq((BoolExpr)isInBlacklist.apply(ef_0), ctx.mkBool(false)),1,null,null,null,null)); - } - - //Constraint2 send(politoAntispam, n_0, p, t_0) && p.proto(POP3_RESP) -> - // (exist n_1,t_1 : (recv(n_1, politoAntispam, p, t_1) && t_1 < t_0)) && !isInBlackList(p.emailFrom) - constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0}, - ctx.mkImplies(ctx.mkAnd((BoolExpr)nctx.send.apply(politoAntispam, n_0, p_0, t_0), ctx.mkEq(nctx.pf.get("proto").apply(p_0), ctx.mkInt(nctx.POP3_RESPONSE))), - ctx.mkAnd( ctx.mkExists(new Expr[]{n_1, t_1}, - ctx.mkAnd((BoolExpr)nctx.recv.apply(n_1, politoAntispam, p_0, t_1), ctx.mkLt(t_1 , t_0)),1,null,null,null,null), - ctx.mkNot((BoolExpr)isInBlacklist.apply(nctx.pf.get("emailFrom").apply(p_0))))),1,null,null,null,null)); - - //Constraint3 send(politoAntispam, n_0, p, t_0) && p.proto(POP3_REQ) -> - // (exist n_1,t_1 : (recv(n_1, politoAntispam, p, t_1) && t_1 < t_0)) - constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0}, - ctx.mkImplies(ctx.mkAnd((BoolExpr)nctx.send.apply(politoAntispam, n_0, p_0, t_0), ctx.mkEq(nctx.pf.get("proto").apply(p_0), ctx.mkInt(nctx.POP3_REQUEST))), - ctx.mkAnd(ctx.mkExists(new Expr[]{n_1, t_1}, - ctx.mkAnd((BoolExpr)nctx.recv.apply(n_1, politoAntispam, p_0, t_1), - ctx.mkLt(t_1 , t_0)),1,null,null,null,null))),1,null,null,null,null)); - - //Constraint4 send(politoAntispam, politoErrFunction, p, t_0) -> - // (exist n_1,t_1 : (recv(n_1, politoAntispam, p, t_1) && t_1 < t_0 && p.emailFrom ==1)) - constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0}, - ctx.mkImplies((BoolExpr)nctx.send.apply(politoAntispam, nctx.nm.get("politoErrFunction").getZ3Node(), p_0, t_0), - ctx.mkAnd(ctx.mkExists(new Expr[]{n_1, t_1}, - ctx.mkAnd((BoolExpr)nctx.recv.apply(n_1, politoAntispam, p_0, t_1), - ctx.mkLt(t_1 , t_0), - ctx.mkEq(nctx.pf.get("emailFrom").apply(p_0),ctx.mkInt(1))),1,null,null,null,null))),1,null,null,null,null)); - - //Constraint5 send(politoAntispam, n_0, p, t_0) -> p.proto == POP_REQ || p.protpo == POP_RESP - constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0}, - ctx.mkImplies((BoolExpr)nctx.send.apply(politoAntispam, n_0, p_0, t_0), - ctx.mkOr( ctx.mkEq(nctx.pf.get("proto").apply(p_0), ctx.mkInt(nctx.POP3_REQUEST)), - ctx.mkEq(nctx.pf.get("proto").apply(p_0), ctx.mkInt(nctx.POP3_RESPONSE)))),1,null,null,null,null)); - - //Constraint6 send(politoAntispam, n_0, p, t_0) -> nodeHasAddr(politoAntispam,p.src) - constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0}, - ctx.mkImplies((BoolExpr)nctx.send.apply(politoAntispam, n_0, p_0, t_0), - ctx.mkNot((BoolExpr)nctx.nodeHasAddr.apply(politoAntispam,nctx.pf.get("src").apply(p_0)))),1,null,null,null,null)); - } - }
\ No newline at end of file diff --git a/verigraph/service/src/mcnet/netobjs/PolitoCache.java b/verigraph/service/src/mcnet/netobjs/PolitoCache.java deleted file mode 100644 index 948915c..0000000 --- a/verigraph/service/src/mcnet/netobjs/PolitoCache.java +++ /dev/null @@ -1,177 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2017 Politecnico di Torino and others. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Apache License, Version 2.0 - * which accompanies this distribution, and is available at - * http://www.apache.org/licenses/LICENSE-2.0 - *******************************************************************************/ - -package mcnet.netobjs; - - -import java.util.ArrayList; -import java.util.List; - -import com.microsoft.z3.BoolExpr; -import com.microsoft.z3.Context; -import com.microsoft.z3.DatatypeExpr; -import com.microsoft.z3.Expr; -import com.microsoft.z3.FuncDecl; -import com.microsoft.z3.IntExpr; -import com.microsoft.z3.Solver; -import com.microsoft.z3.Sort; - -import mcnet.components.NetContext; -import mcnet.components.Network; -import mcnet.components.NetworkObject; -/**Cache Model - * - */ -public class PolitoCache extends NetworkObject{ - - List<BoolExpr> constraints; - Context ctx; - DatatypeExpr politoCache; - Network net; - NetContext nctx; - FuncDecl isInBlacklist; - - public PolitoCache(Context ctx, Object[]... args) { - super(ctx, args); - } - - @Override - protected void init(Context ctx, Object[]... args) { - this.ctx = ctx; - isEndHost=false; - constraints = new ArrayList<BoolExpr>(); - z3Node = ((NetworkObject)args[0][0]).getZ3Node(); - politoCache = z3Node; - net = (Network)args[0][1]; - nctx = (NetContext)args[0][2]; - //net.saneSend(this); - } - - @Override - public DatatypeExpr getZ3Node() { - return politoCache; - } - - @Override - protected void addConstraints(Solver solver) { - BoolExpr[] constr = new BoolExpr[constraints.size()]; - solver.add(constraints.toArray(constr)); - } - - public void installCache (NetworkObject[] internalNodes){ - Expr n_0 = ctx.mkConst("politoCache_"+politoCache+"_n_0", nctx.node); - Expr n_1 = ctx.mkConst("politoCache_"+politoCache+"_n_1", nctx.node); - Expr n_2 = ctx.mkConst("politoCache_"+politoCache+"_n_2", nctx.node); - Expr p_0 = ctx.mkConst("politoCache_"+politoCache+"_p_0", nctx.packet); - Expr p_1 = ctx.mkConst("politoCache_"+politoCache+"_p_1", nctx.packet); - Expr p_2 = ctx.mkConst("politoCache_"+politoCache+"_p_2", nctx.packet); - - IntExpr t_0 = ctx.mkIntConst("politoCache_"+politoCache+"_t_0"); - IntExpr t_1 = ctx.mkIntConst("politoCache_"+politoCache+"_t_1"); - IntExpr t_2 = ctx.mkIntConst("politoCache_"+politoCache+"_t_2"); - - Expr a_0 = ctx.mkConst(politoCache+"politoCache_a_0", nctx.node); - IntExpr u_0 = ctx.mkIntConst("politoCache_"+politoCache+"_u_0"); - - FuncDecl isInternalNode = ctx.mkFuncDecl(politoCache+"_isInternalNode", nctx.node, ctx.mkBoolSort()); - FuncDecl isInCache = ctx.mkFuncDecl(politoCache+"_isInCache", new Sort[]{ctx.mkIntSort(),ctx.mkIntSort()}, ctx.mkBoolSort()); - - assert(internalNodes.length!=0); //No internal nodes => Should never happen - - //Modeling the behavior of the isInternalNode() and isInCache() functions - BoolExpr[] internalNodesConstraint = new BoolExpr[internalNodes.length]; - for(int w=0;w<internalNodesConstraint.length;w++) - internalNodesConstraint[w]= (ctx.mkEq(a_0,internalNodes[w].getZ3Node())); - - //Constraint1 if(isInternalNode(a_0) == or(listadeinodiinterni) ? True : false - constraints.add( - ctx.mkForall(new Expr[]{a_0}, - ctx.mkIff((BoolExpr)isInternalNode.apply(a_0), ctx.mkOr(internalNodesConstraint)),1,null,null,null,null)); - -// constraints.add(ctx.mkForall(new Expr[]{a_0}, ctx.mkEq(isInternalNode.apply(a_0),ctx.mkOr(internalNodesConstraint)),1,null,null,null,null)); - -// constraints.add(ctx.mkForall(new Expr[]{u_0, t_0}, -// ctx.mkITE(ctx.mkExists(new Expr[]{t_1, t_2, p_1, p_2, n_1, n_2}, -// ctx.mkAnd(ctx.mkLt(t_1, t_2), -// ctx.mkLt(t_1, t_0), -// ctx.mkLt(t_2, t_0), -// (BoolExpr)nctx.recv.apply(n_1, politoCache, p_1, t_1), -// (BoolExpr)nctx.recv.apply(n_2, politoCache, p_2, t_2), -// ctx.mkEq(nctx.pf.get("proto").apply(p_1),ctx.mkInt(nctx.HTTP_REQUEST)), -// ctx.mkEq(nctx.pf.get("proto").apply(p_2),ctx.mkInt(nctx.HTTP_RESPONSE)), -// (BoolExpr)isInternalNode.apply(n_1), -// ctx.mkNot((BoolExpr)isInternalNode.apply(n_2)), -// ctx.mkEq(nctx.pf.get("url").apply(p_1),u_0), -// ctx.mkEq(nctx.pf.get("url").apply(p_2),u_0)),1,null,null,null,null), -// ctx.mkEq(isInCache.apply(u_0,t_0),ctx.mkBool(true)),ctx.mkEq(isInCache.apply(u_0,t_0),ctx.mkBool(false))),1,null,null,null,null)); -// - - //Constraint2 isInCache(u_0,t_0), exist t_1, t_2, p_1, p_2, n_1, n_2 : - // ( t_1< t_2 < t_0 && recv(n_1, politoCache, p_1, t_1) && recv(n_2, politoCache, p_2, t_2))) && - // p_1.proto == HTTP_REQ && p_2.proto == HTTP_RESP && - // isInternalNode(n_1) && !isInternalNode(n_2) && - // p_1.url == u_0 && p_2.url == u_0 ) - constraints.add( - ctx.mkForall(new Expr[]{u_0, t_0}, - ctx.mkImplies((BoolExpr)isInCache.apply(u_0, t_0), - ctx.mkExists(new Expr[]{t_1,t_2,p_1,p_2,n_1, n_2}, - ctx.mkAnd( - ctx.mkLt(t_1, t_2), - ctx.mkLt(t_1, t_0), - ctx.mkLt(t_2, t_0), - (BoolExpr)nctx.recv.apply(n_1, politoCache, p_1, t_1), - (BoolExpr)nctx.recv.apply(n_2, politoCache, p_2, t_2), - ctx.mkEq(nctx.pf.get("proto").apply(p_1), ctx.mkInt(nctx.HTTP_REQUEST)), - ctx.mkEq(nctx.pf.get("proto").apply(p_2), ctx.mkInt(nctx.HTTP_RESPONSE)), - (BoolExpr)isInternalNode.apply(n_1), - ctx.mkNot((BoolExpr)isInternalNode.apply(n_2)), - ctx.mkEq(nctx.pf.get("url").apply(p_1), u_0), - ctx.mkEq(nctx.pf.get("url").apply(p_2), u_0)),1,null,null,null,null)),1,null,null,null,null)); -// //Always in cache -// constraints.add(ctx.mkForall(new Expr[]{u_0, t_0},ctx.mkEq(isInCache.apply(u_0,t_0),ctx.mkBool(true)),1,null,null,null,null)); - - //Constraint3 Modeling the behavior of the cache - // send(politoCache, n_0, p, t_0) && !isInternalNode(n_0) -> - // (exist t_1,n_1 : - // (t_1 < t_0 && recv(n_1, politoCache, p, t_1) && - // p.proto == HTTP_REQ && !isInCache(p.url,t_0)) - constraints.add( - ctx.mkForall(new Expr[]{n_0,p_0, t_0}, - ctx.mkImplies( - ctx.mkAnd((BoolExpr)nctx.send.apply(politoCache,n_0,p_0,t_0),ctx.mkNot((BoolExpr)isInternalNode.apply(n_0))), - ctx.mkAnd(ctx.mkExists(new Expr[]{t_1, n_1}, - ctx.mkAnd( - ctx.mkLt(t_1, t_0), - (BoolExpr)isInternalNode.apply(n_1), - (BoolExpr)nctx.recv.apply(n_1, politoCache, p_0, t_1)),1,null,null,null,null), - ctx.mkEq(nctx.pf.get("proto").apply(p_0), ctx.mkInt(nctx.HTTP_REQUEST)), - ctx.mkNot((BoolExpr)isInCache.apply(nctx.pf.get("url").apply(p_0), t_0)))),1,null,null,null,null)); - - //Constraint4 send(politoCache, n_0, p, t_0) && isInternalNode(n_0) -> - // (exist p_1,t_1 : - // (t_1 < t_0 && recv(n_0, politoCache, p_1, t_1) && - // p_1.proto == HTTP_REQ && p.proto == HTTP_RESP && - // p_1.url == p.url && p.src == p_1.dest && p.dest==p_1.src - // && isInCache(p.url,t_0)) - constraints.add( - ctx.mkForall(new Expr[]{n_0,p_0, t_0}, - ctx.mkImplies( - ctx.mkAnd((BoolExpr)nctx.send.apply(politoCache,n_0,p_0,t_0),(BoolExpr)isInternalNode.apply(n_0)), - ctx.mkAnd(ctx.mkExists(new Expr[]{p_1, t_1}, - ctx.mkAnd( - ctx.mkLt(t_1, t_0), - (BoolExpr)nctx.recv.apply(n_0, politoCache, p_1, t_1), - ctx.mkEq(nctx.pf.get("proto").apply(p_1), ctx.mkInt(nctx.HTTP_REQUEST)), - ctx.mkEq(nctx.pf.get("url").apply(p_1), nctx.pf.get("url").apply(p_0))),1,null,null,null,null), - ctx.mkEq(nctx.pf.get("proto").apply(p_0), ctx.mkInt(nctx.HTTP_RESPONSE)), - ctx.mkEq(nctx.pf.get("src").apply(p_0), nctx.pf.get("dest").apply(p_1)), - ctx.mkEq(nctx.pf.get("dest").apply(p_0), nctx.pf.get("src").apply(p_1)), - (BoolExpr)isInCache.apply(nctx.pf.get("url").apply(p_0), t_0))),1,null,null,null,null)); - } -}
\ No newline at end of file diff --git a/verigraph/service/src/mcnet/netobjs/PolitoEndHost.java b/verigraph/service/src/mcnet/netobjs/PolitoEndHost.java deleted file mode 100644 index e12579f..0000000 --- a/verigraph/service/src/mcnet/netobjs/PolitoEndHost.java +++ /dev/null @@ -1,100 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2017 Politecnico di Torino and others. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Apache License, Version 2.0 - * which accompanies this distribution, and is available at - * http://www.apache.org/licenses/LICENSE-2.0 - *******************************************************************************/ - -package mcnet.netobjs; - -import java.util.ArrayList; -import java.util.List; - -import com.microsoft.z3.BoolExpr; -import com.microsoft.z3.Context; -import com.microsoft.z3.DatatypeExpr; -import com.microsoft.z3.Expr; -import com.microsoft.z3.IntExpr; -import com.microsoft.z3.Solver; - -import mcnet.components.NetContext; -import mcnet.components.Network; -import mcnet.components.NetworkObject; - -public class PolitoEndHost extends NetworkObject { - - List<BoolExpr> constraints = new ArrayList<BoolExpr>(); - Context ctx; - DatatypeExpr politoEndHost; - Network net; - NetContext nctx; - - public PolitoEndHost(Context ctx, Object[]... args) { - super(ctx, args); - } - - @Override - public DatatypeExpr getZ3Node() { - return politoEndHost; - } - - @Override - protected void init(Context ctx, Object[]... args) { - this.ctx = ctx; - this.isEndHost = true; - this.politoEndHost = this.z3Node = ((NetworkObject)args[0][0]).getZ3Node(); - this.net = (Network)args[0][1]; - this.nctx = (NetContext)args[0][2]; - } - - @Override - protected void addConstraints(Solver solver) { - BoolExpr[] constr = new BoolExpr[constraints.size()]; - solver.add(constraints.toArray(constr)); - } - - /* - * Fields that can be configured -> "dest","body","seq","proto","emailFrom","url","options" - */ - public void installEndHost (PacketModel packet){ - System.out.println("Installing PolitoEndHost..."); - Expr n_0 = ctx.mkConst("PolitoEndHost_"+politoEndHost+"_n_0", nctx.node); - Expr p_0 = ctx.mkConst("PolitoEndHost_"+politoEndHost+"_p_0", nctx.packet); - IntExpr t_0 = ctx.mkIntConst("PolitoEndHost_"+politoEndHost+"_t_0"); - BoolExpr predicatesOnPktFields = ctx.mkTrue(); - - if(packet.getIp_dest() != null) - predicatesOnPktFields = ctx.mkAnd(predicatesOnPktFields, ctx.mkEq(nctx.pf.get("dest").apply(p_0), packet.getIp_dest())); - if(packet.getBody() != null) - predicatesOnPktFields = ctx.mkAnd(predicatesOnPktFields, ctx.mkEq(nctx.pf.get("body").apply(p_0), ctx.mkInt(packet.getBody()))); - if(packet.getEmailFrom() != null) - predicatesOnPktFields = ctx.mkAnd(predicatesOnPktFields, ctx.mkEq(nctx.pf.get("emailFrom").apply(p_0), ctx.mkInt(packet.getEmailFrom()))); - if(packet.getOptions() != null) - predicatesOnPktFields = ctx.mkAnd(predicatesOnPktFields, ctx.mkEq(nctx.pf.get("options").apply(p_0), ctx.mkInt(packet.getOptions()))); - if(packet.getProto() != null) - predicatesOnPktFields = ctx.mkAnd(predicatesOnPktFields, ctx.mkEq(nctx.pf.get("proto").apply(p_0), ctx.mkInt(packet.getProto()))); - if(packet.getSeq() != null) - predicatesOnPktFields = ctx.mkAnd(predicatesOnPktFields, ctx.mkEq(nctx.pf.get("seq").apply(p_0), ctx.mkInt(packet.getSeq()))); - if(packet.getUrl() != null) - predicatesOnPktFields = ctx.mkAnd(predicatesOnPktFields, ctx.mkEq(nctx.pf.get("url").apply(p_0), ctx.mkInt(packet.getUrl()))); - - //Constraint1 send(politoWebClient, n_0, p, t_0) -> p.origin == politoWebClient && p.orig_body == p.body && nodeHasAddr(politoWebClient,p.src) - constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0}, - ctx.mkImplies((BoolExpr)nctx.send.apply(politoEndHost, n_0, p_0, t_0), - ctx.mkAnd(predicatesOnPktFields, - ctx.mkEq(nctx.pf.get("orig_body").apply(p_0),nctx.pf.get("body").apply(p_0)), - ctx.mkEq(nctx.pf.get("origin").apply(p_0),politoEndHost), - (BoolExpr)nctx.nodeHasAddr.apply(politoEndHost,nctx.pf.get("src").apply(p_0)))),1,null,null,null,null)); - - //Constraint2 recv(n_0, politoWebClient, p, t_0) -> nodeHasAddr(politoWebClient,p.dest) - constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0}, - ctx.mkImplies((BoolExpr)nctx.recv.apply(n_0,politoEndHost, p_0, t_0), - (BoolExpr)nctx.nodeHasAddr.apply(politoEndHost,nctx.pf.get("dest").apply(p_0))),1,null,null,null,null)); - - System.out.println("Done."); - return; - } - -} diff --git a/verigraph/service/src/mcnet/netobjs/PolitoErrFunction.java b/verigraph/service/src/mcnet/netobjs/PolitoErrFunction.java deleted file mode 100644 index 5f84b9f..0000000 --- a/verigraph/service/src/mcnet/netobjs/PolitoErrFunction.java +++ /dev/null @@ -1,96 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2017 Politecnico di Torino and others. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Apache License, Version 2.0 - * which accompanies this distribution, and is available at - * http://www.apache.org/licenses/LICENSE-2.0 - *******************************************************************************/ - -package mcnet.netobjs; - - -import java.util.ArrayList; -import java.util.List; - -import com.microsoft.z3.BoolExpr; -import com.microsoft.z3.Context; -import com.microsoft.z3.DatatypeExpr; -import com.microsoft.z3.Expr; -import com.microsoft.z3.FuncDecl; -import com.microsoft.z3.IntExpr; -import com.microsoft.z3.Solver; - -import mcnet.components.NetContext; -import mcnet.components.Network; -import mcnet.components.NetworkObject; -/**Error Function objects - * - */ -public class PolitoErrFunction extends NetworkObject{ - - List<BoolExpr> constraints; - Context ctx; - DatatypeExpr politoErrFunction; - Network net; - NetContext nctx; - FuncDecl isInBlacklist; - - public PolitoErrFunction(Context ctx, Object[]... args) { - super(ctx, args); - } - - @Override - protected void init(Context ctx, Object[]... args) { - this.ctx = ctx; - isEndHost=true; - constraints = new ArrayList<BoolExpr>(); - z3Node = ((NetworkObject)args[0][0]).getZ3Node(); - politoErrFunction = z3Node; - net = (Network)args[0][1]; - nctx = (NetContext)args[0][2]; - errFunctionRules(); - //net.saneSend(this); - } - - @Override - public DatatypeExpr getZ3Node() { - return politoErrFunction; - } - - @Override - protected void addConstraints(Solver solver) { -// System.out.println("[ERR FUNC] Installing rules."); - BoolExpr[] constr = new BoolExpr[constraints.size()]; - solver.add(constraints.toArray(constr)); - } - - private void errFunctionRules (){ - Expr n_0 = ctx.mkConst("PolitoErrFunction_"+politoErrFunction+"_n_0", nctx.node); - Expr p_0 = ctx.mkConst("PolitoErrFunction_"+politoErrFunction+"_p_0", nctx.packet); - IntExpr t_0 = ctx.mkIntConst("PolitoErrFunction_"+politoErrFunction+"_t_0"); - -// constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0}, -// ctx.mkImplies((BoolExpr)nctx.send.apply(politoErrFunction, n_0, p_0, t_0), -// (BoolExpr)nctx.nodeHasAddr.apply(politoErrFunction, nctx.pf.get("src").apply(p_0))),1,null,null,null,null)); -// constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0}, -// ctx.mkImplies((BoolExpr)nctx.send.apply(politoErrFunction, n_0, p_0, t_0), -// ctx.mkEq(nctx.pf.get("origin").apply(p_0), politoErrFunction)),1,null,null,null,null)); -// -// constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0}, -// ctx.mkImplies((BoolExpr)nctx.send.apply(politoErrFunction, n_0, p_0, t_0), -// ctx.mkEq(nctx.pf.get("orig_body").apply(p_0),nctx.pf.get("body").apply(p_0))),1,null,null,null,null)); - - -// Constraint1 We want the ErrFunction not to send out any packet -// send(politoErrFunction, n_0, p, t_0) -> 1 == 2 - constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0}, - ctx.mkImplies((BoolExpr)nctx.send.apply(politoErrFunction, n_0, p_0, t_0), - ctx.mkEq(ctx.mkInt(1),ctx.mkInt(2))),1,null,null,null,null)); - -// constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0}, -// ctx.mkImplies( (BoolExpr)nctx.send.apply(n_0, politoErrFunction, p_0, t_0), -// (BoolExpr)nctx.nodeHasAddr.apply(politoErrFunction, nctx.pf.get("dest").apply(p_0))),1,null,null,null,null)); - - } - }
\ No newline at end of file diff --git a/verigraph/service/src/mcnet/netobjs/PolitoFieldModifier.java b/verigraph/service/src/mcnet/netobjs/PolitoFieldModifier.java deleted file mode 100644 index 6d8d8fe..0000000 --- a/verigraph/service/src/mcnet/netobjs/PolitoFieldModifier.java +++ /dev/null @@ -1,91 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2017 Politecnico di Torino and others. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Apache License, Version 2.0 - * which accompanies this distribution, and is available at - * http://www.apache.org/licenses/LICENSE-2.0 - *******************************************************************************/ - -package mcnet.netobjs; - -import java.util.ArrayList; -import java.util.List; - -import com.microsoft.z3.BoolExpr; -import com.microsoft.z3.Context; -import com.microsoft.z3.DatatypeExpr; -import com.microsoft.z3.Expr; -import com.microsoft.z3.IntExpr; -import com.microsoft.z3.Solver; - -import mcnet.components.NetContext; -import mcnet.components.Network; -import mcnet.components.NetworkObject; - -public class PolitoFieldModifier extends NetworkObject { - - List<BoolExpr> constraints; - Context ctx; - DatatypeExpr politoFieldModifier; - Network net; - NetContext nctx; - - public PolitoFieldModifier(Context ctx, Object[]... args) { - super(ctx, args); - } - - @Override - public DatatypeExpr getZ3Node() { - return politoFieldModifier; - } - - @Override - protected void init(Context ctx, Object[]... args) { - this.ctx = ctx; - isEndHost=false; - constraints = new ArrayList<BoolExpr>(); - z3Node = ((NetworkObject)args[0][0]).getZ3Node(); - politoFieldModifier = z3Node; - net = (Network)args[0][1]; - nctx = (NetContext)args[0][2]; - } - - @Override - protected void addConstraints(Solver solver) { - BoolExpr[] constr = new BoolExpr[constraints.size()]; - solver.add(constraints.toArray(constr)); - } - - public void installFieldModifier (){ - Expr x = ctx.mkConst("politoFieldModifier_"+politoFieldModifier+"_x", nctx.node); - Expr y = ctx.mkConst("politoFieldModifier_"+politoFieldModifier+"_y", nctx.node); - Expr p_0 = ctx.mkConst("politoFieldModifier_"+politoFieldModifier+"_p_0", nctx.packet); - Expr p_1 = ctx.mkConst("politoFieldModifier_"+politoFieldModifier+"_p_1", nctx.packet); - - IntExpr t_0 = ctx.mkIntConst("politoFieldModifier_"+politoFieldModifier+"_t_0"); - IntExpr t_1 = ctx.mkIntConst("politoFieldModifier_"+politoFieldModifier+"_t_1"); - - constraints.add( - ctx.mkForall(new Expr[]{t_0, p_0, x}, - ctx.mkImplies((BoolExpr)nctx.send.apply(politoFieldModifier,x,p_0,t_0), - ctx.mkExists(new Expr[]{y, p_1, t_1}, - ctx.mkAnd(ctx.mkLt(t_1, t_0), - (BoolExpr)nctx.recv.apply(y, politoFieldModifier, p_1, t_1), - ctx.mkEq(nctx.pf.get("encrypted").apply(p_0), nctx.pf.get("encrypted").apply(p_1)), - ctx.mkEq(nctx.pf.get("src").apply(p_0), nctx.pf.get("src").apply(p_1)), - ctx.mkEq(nctx.pf.get("dest").apply(p_0), nctx.pf.get("dest").apply(p_1)), - ctx.mkEq(nctx.pf.get("inner_src").apply(p_0), nctx.pf.get("inner_src").apply(p_1)), - ctx.mkEq(nctx.pf.get("inner_dest").apply(p_0), nctx.pf.get("inner_dest").apply(p_1)), - ctx.mkEq(nctx.pf.get("origin").apply(p_0), nctx.pf.get("origin").apply(p_1)), - ctx.mkEq(nctx.pf.get("orig_body").apply(p_0), nctx.pf.get("orig_body").apply(p_1)), - ctx.mkEq(nctx.pf.get("body").apply(p_0), nctx.pf.get("body").apply(p_1)), - ctx.mkEq(nctx.pf.get("seq").apply(p_0), nctx.pf.get("seq").apply(p_1)), - ctx.mkEq(nctx.pf.get("proto").apply(p_0), nctx.pf.get("proto").apply(p_1)), - ctx.mkEq(nctx.pf.get("emailFrom").apply(p_0), nctx.pf.get("emailFrom").apply(p_1)), - ctx.mkNot(ctx.mkEq(nctx.pf.get("url").apply(p_0), nctx.pf.get("url").apply(p_1))), - ctx.mkEq(nctx.pf.get("options").apply(p_0), nctx.pf.get("options").apply(p_1))),1,null,null,null,null)), - 1,null,null,null,null)); - } - -}
\ No newline at end of file diff --git a/verigraph/service/src/mcnet/netobjs/PolitoIDS.java b/verigraph/service/src/mcnet/netobjs/PolitoIDS.java deleted file mode 100644 index 6f2cddf..0000000 --- a/verigraph/service/src/mcnet/netobjs/PolitoIDS.java +++ /dev/null @@ -1,140 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2017 Politecnico di Torino and others. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Apache License, Version 2.0 - * which accompanies this distribution, and is available at - * http://www.apache.org/licenses/LICENSE-2.0 - *******************************************************************************/ - -package mcnet.netobjs; - -import java.util.ArrayList; -import java.util.List; - -import com.microsoft.z3.BoolExpr; -import com.microsoft.z3.Context; -import com.microsoft.z3.DatatypeExpr; -import com.microsoft.z3.Expr; -import com.microsoft.z3.FuncDecl; -import com.microsoft.z3.IntExpr; -import com.microsoft.z3.Solver; - -import mcnet.components.NetContext; -import mcnet.components.Network; -import mcnet.components.NetworkObject; - -public class PolitoIDS extends NetworkObject { - - public static final int DROGA = 1; //no go - public static final int GATTINI = 2; //go - - Context ctx; - List<BoolExpr> constraints = new ArrayList<BoolExpr>(); - DatatypeExpr politoIDS; - Network net; - NetContext nctx; - FuncDecl isInBlacklist; - - - public PolitoIDS(Context ctx, Object[]...args){ - super(ctx, args); - } - - @Override - public DatatypeExpr getZ3Node() { - return politoIDS; - } - - @Override - protected void init(Context ctx, Object[]... args) { - - this.ctx = ctx; - this.isEndHost = false; - this.politoIDS = this.z3Node = ((NetworkObject)args[0][0]).getZ3Node(); - this.net = (Network)args[0][1]; - this.nctx = (NetContext)args[0][2]; - - } - - @Override - protected void addConstraints(Solver solver) { - BoolExpr[] constr = new BoolExpr[constraints.size()]; - solver.add(constraints.toArray(constr)); - - } - - public void installIDS(int[] blackList){ - Expr n_0 = ctx.mkConst(politoIDS + "_n_0", nctx.node); - Expr n_1 = ctx.mkConst(politoIDS + "_n_1", nctx.node); - Expr p_0 = ctx.mkConst(politoIDS + "_p_0", nctx.packet); - IntExpr t_0 = ctx.mkIntConst(politoIDS + "_t_0"); - IntExpr t_1 = ctx.mkIntConst(politoIDS + "_t_1"); - Expr b_0 = ctx.mkIntConst(politoIDS + "_b_0"); - - isInBlacklist = ctx.mkFuncDecl(politoIDS + "_isInBlacklist", ctx.mkIntSort(), ctx.mkBoolSort()); - - - BoolExpr[] blConstraints = new BoolExpr[blackList.length]; - if(blackList.length != 0){ - - for(int i = 0; i<blackList.length; i++) - blConstraints[i] = ctx.mkEq(b_0, ctx.mkInt(blackList[i])); - - this.constraints.add(ctx.mkForall(new Expr[]{b_0}, - ctx.mkIff((BoolExpr)isInBlacklist.apply(b_0), ctx.mkOr(blConstraints)), - 1, - null, null, null, null)); - }else{ - this.constraints.add(ctx.mkForall(new Expr[]{b_0}, - ctx.mkEq(isInBlacklist.apply(b_0), ctx.mkBool(false)), - 1, - null, null, null, null)); - } - - //Constraint2 send(politoIDS, n_0, p, t_0) && (p.proto(HTTP_RESPONSE) || p.proto(HTTP_REQUEST)) -> - // (exist n_1,t_1 : (recv(n_1, politoIDS, p, t_1) && t_1 < t_0)) && !isInBlackList(p.body) - - this.constraints.add(ctx.mkForall(new Expr[]{n_0, p_0, t_0}, - ctx.mkImplies(ctx.mkAnd((BoolExpr)nctx.send.apply(politoIDS, n_0, p_0, t_0), ctx.mkOr(ctx.mkEq(nctx.pf.get("proto").apply(p_0), ctx.mkInt(nctx.HTTP_RESPONSE)), ctx.mkEq(nctx.pf.get("proto").apply(p_0), ctx.mkInt(nctx.HTTP_REQUEST)))), - ctx.mkAnd(ctx.mkExists(new Expr[]{n_1,t_1}, - ctx.mkAnd((BoolExpr)nctx.recv.apply(n_1,politoIDS,p_0,t_1),ctx.mkLt(t_1, t_0)), - 1, - null, null, null, null), - ctx.mkNot((BoolExpr)isInBlacklist.apply(nctx.pf.get("body").apply(p_0))))), - 1, - null, null, null, null)); - - //Constraint3 send(politoIDS, n_0, p, t_0) && p.proto(HTTP_REQUEST) -> - // (exist n_1,t_1 : (recv(n_1, politoIDS, p, t_1) && t_1 < t_0)) Constraint not needed anymore (included in contr. 2) - /* - this.constraints.add(ctx.mkForall(new Expr[]{n_0, p_0, t_0}, - ctx.mkImplies(ctx.mkAnd((BoolExpr)nctx.send.apply(politoIDS, n_0, p_0, t_0), ctx.mkEq(nctx.pf.get("proto").apply(p_0), ctx.mkInt(nctx.HTTP_REQUEST))), - ctx.mkAnd(ctx.mkExists(new Expr[]{n_1,t_1}, - ctx.mkAnd((BoolExpr)nctx.recv.apply(n_1,politoIDS,p_0,t_1),ctx.mkLt(t_1, t_0)), - 1, - null, null, null, null))), - 1, - null, null, null, null)); - */ - - //Constraint5 send(politoIDS, n_0, p, t_0) -> p.proto == HTTP_REQ || p.protpo == HTTP_RESP - - this.constraints.add(ctx.mkForall(new Expr[]{n_0, p_0, t_0}, - ctx.mkImplies((BoolExpr)nctx.send.apply(politoIDS, n_0, p_0, t_0), - ctx.mkOr(ctx.mkEq(nctx.pf.get("proto").apply(p_0), ctx.mkInt(nctx.HTTP_REQUEST)), - ctx.mkEq(nctx.pf.get("proto").apply(p_0), ctx.mkInt(nctx.HTTP_RESPONSE)))), - 1, - null,null,null,null)); - - //Constraint6 send(politoIDS, n_0, p, t_0) -> nodeHasAddr(politoIDS,p.src) - - this.constraints.add(ctx.mkForall(new Expr[]{n_0, p_0, t_0}, - ctx.mkImplies((BoolExpr)nctx.send.apply(politoIDS, n_0, p_0, t_0), - ctx.mkNot((BoolExpr)nctx.nodeHasAddr.apply(politoIDS,nctx.pf.get("src").apply(p_0)))), - 1, - null,null,null,null)); - - } - -} diff --git a/verigraph/service/src/mcnet/netobjs/PolitoMailClient.java b/verigraph/service/src/mcnet/netobjs/PolitoMailClient.java deleted file mode 100644 index 6925258..0000000 --- a/verigraph/service/src/mcnet/netobjs/PolitoMailClient.java +++ /dev/null @@ -1,106 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2017 Politecnico di Torino and others. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Apache License, Version 2.0 - * which accompanies this distribution, and is available at - * http://www.apache.org/licenses/LICENSE-2.0 - *******************************************************************************/ - -package mcnet.netobjs; - - -import java.util.ArrayList; -import java.util.List; - -import com.microsoft.z3.BoolExpr; -import com.microsoft.z3.Context; -import com.microsoft.z3.DatatypeExpr; -import com.microsoft.z3.Expr; -import com.microsoft.z3.FuncDecl; -import com.microsoft.z3.IntExpr; -import com.microsoft.z3.Solver; - -import mcnet.components.NetContext; -import mcnet.components.Network; -import mcnet.components.NetworkObject; -/** - * MailClient objects - * - */ -public class PolitoMailClient extends NetworkObject{ - - List<BoolExpr> constraints; - Context ctx; - DatatypeExpr politoMailClient; - Network net; - NetContext nctx; - FuncDecl isInBlacklist; - - public PolitoMailClient(Context ctx, Object[]... args) { - super(ctx, args); - } - - @Override - protected void init(Context ctx, Object[]... args) { - this.ctx = ctx; - isEndHost=true; - constraints = new ArrayList<BoolExpr>(); - z3Node = ((NetworkObject)args[0][0]).getZ3Node(); - politoMailClient = z3Node; - net = (Network)args[0][1]; - nctx = (NetContext)args[0][2]; - DatatypeExpr ipServer = (DatatypeExpr) args[0][3]; - mailClientRules(ipServer); - //net.saneSend(this); - } - - @Override - public DatatypeExpr getZ3Node() { - return politoMailClient; - } - - @Override - protected void addConstraints(Solver solver) { -// System.out.println("[MailClient] Installing rules."); - BoolExpr[] constr = new BoolExpr[constraints.size()]; - solver.add(constraints.toArray(constr)); - } - - private void mailClientRules (DatatypeExpr ipServer){ - Expr n_0 = ctx.mkConst("PolitoMailClient_"+politoMailClient+"_n_0", nctx.node); - Expr p_0 = ctx.mkConst("PolitoMailClient_"+politoMailClient+"_p_0", nctx.packet); - IntExpr t_0 = ctx.mkIntConst("PolitoMailClient_"+politoMailClient+"_t_0"); - -// Constraint1 send(politoMailClient, n_0, p, t_0) -> nodeHasAddr(politoMailClient,p.src) - constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0}, - ctx.mkImplies((BoolExpr)nctx.send.apply(politoMailClient, n_0, p_0, t_0), - (BoolExpr)nctx.nodeHasAddr.apply(politoMailClient,nctx.pf.get("src").apply(p_0))),1,null,null,null,null)); - -// Constraint2 send(politoMailClient, n_0, p, t_0) -> p.origin == politoMailClient - constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0}, - ctx.mkImplies((BoolExpr)nctx.send.apply(politoMailClient, n_0, p_0, t_0), - ctx.mkEq(nctx.pf.get("origin").apply(p_0),politoMailClient)),1,null,null,null,null)); - -// Constraint3 send(politoMailClient, n_0, p, t_0) -> p.orig_body == p.body - constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0}, - ctx.mkImplies((BoolExpr)nctx.send.apply(politoMailClient, n_0, p_0, t_0), - ctx.mkEq(nctx.pf.get("orig_body").apply(p_0),nctx.pf.get("body").apply(p_0))),1,null,null,null,null)); - -// Constraint4 recv(n_0, politoMailClient, p, t_0) -> nodeHasAddr(politoMailClient,p.dest) - constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0}, - ctx.mkImplies((BoolExpr)nctx.recv.apply(n_0,politoMailClient, p_0, t_0), - (BoolExpr)nctx.nodeHasAddr.apply(politoMailClient,nctx.pf.get("dest").apply(p_0))),1,null,null,null,null)); - -// Constraint5 This client is only able to produce POP3 requests -// send(politoMailClient, n_0, p, t_0) -> p.proto == POP3_REQ - constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0}, - ctx.mkImplies((BoolExpr)nctx.send.apply(politoMailClient, n_0, p_0, t_0), - ctx.mkEq(nctx.pf.get("proto").apply(p_0), ctx.mkInt(nctx.POP3_REQUEST))),1,null,null,null,null)); - -// Constraint6 send(politoMailClient, n_0, p, t_0) -> p.dest == ip_mailServer - constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0}, - ctx.mkImplies((BoolExpr)nctx.send.apply(politoMailClient, n_0, p_0, t_0), - ctx.mkEq(nctx.pf.get("dest").apply(p_0), ipServer)),1,null,null,null,null)); - } -} diff --git a/verigraph/service/src/mcnet/netobjs/PolitoMailServer.java b/verigraph/service/src/mcnet/netobjs/PolitoMailServer.java deleted file mode 100644 index c464195..0000000 --- a/verigraph/service/src/mcnet/netobjs/PolitoMailServer.java +++ /dev/null @@ -1,117 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2017 Politecnico di Torino and others. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Apache License, Version 2.0 - * which accompanies this distribution, and is available at - * http://www.apache.org/licenses/LICENSE-2.0 - *******************************************************************************/ - -package mcnet.netobjs; - - -import java.util.ArrayList; -import java.util.List; - -import com.microsoft.z3.BoolExpr; -import com.microsoft.z3.Context; -import com.microsoft.z3.DatatypeExpr; -import com.microsoft.z3.Expr; -import com.microsoft.z3.FuncDecl; -import com.microsoft.z3.IntExpr; -import com.microsoft.z3.Solver; - -import mcnet.components.NetContext; -import mcnet.components.Network; -import mcnet.components.NetworkObject; -/** Mail server objects - * - */ -public class PolitoMailServer extends NetworkObject{ - - List<BoolExpr> constraints; - Context ctx; - DatatypeExpr politoMailServer; - Network net; - NetContext nctx; - FuncDecl isInBlacklist; - - public PolitoMailServer(Context ctx, Object[]... args) { - super(ctx, args); - } - - @Override - protected void init(Context ctx, Object[]... args) { - this.ctx = ctx; - isEndHost=false; - constraints = new ArrayList<BoolExpr>(); - z3Node = ((NetworkObject)args[0][0]).getZ3Node(); - politoMailServer = z3Node; - net = (Network)args[0][1]; - nctx = (NetContext)args[0][2]; - mailServerRules(); - net.saneSend(this); - } - - @Override - public DatatypeExpr getZ3Node() { - return politoMailServer; - } - - @Override - protected void addConstraints(Solver solver) { - BoolExpr[] constr = new BoolExpr[constraints.size()]; - solver.add(constraints.toArray(constr)); - } - - private void mailServerRules (){ - Expr n_0 = ctx.mkConst(politoMailServer+"_n_0", nctx.node); - Expr p_0 = ctx.mkConst(politoMailServer+"_p_0", nctx.packet); - Expr p_1 = ctx.mkConst(politoMailServer+"_p_1", nctx.packet); - IntExpr t_0 = ctx.mkIntConst(politoMailServer+"_t_0"); - IntExpr t_1 = ctx.mkIntConst(politoMailServer+"_t_1"); - -// Constraint1 send(politoMailServer, n_0, p, t_0) -> nodeHasAddr(politoMailServer,p.src) - constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0}, - ctx.mkImplies((BoolExpr)nctx.send.apply(politoMailServer, n_0, p_0, t_0), - (BoolExpr)nctx.nodeHasAddr.apply(politoMailServer,nctx.pf.get("src").apply(p_0))),1,null,null,null,null)); - -// Constraint2 send(politoMailServer, n_0, p, t_0) -> p.origin == politoMailServer - constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0}, - ctx.mkImplies((BoolExpr)nctx.send.apply(politoMailServer, n_0, p_0, t_0), - ctx.mkEq(nctx.pf.get("origin").apply(p_0),politoMailServer)),1,null,null,null,null)); - -// Constraint3 send(politoMailServer, n_0, p, t_0) -> p.orig_body == p.body - constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0}, - ctx.mkImplies((BoolExpr)nctx.send.apply(politoMailServer, n_0, p_0, t_0), - ctx.mkEq(nctx.pf.get("orig_body").apply(p_0),nctx.pf.get("body").apply(p_0))),1,null,null,null,null)); - -// Constraint4 recv(n_0, politoMailServer, p, t_0) -> nodeHasAddr(politoMailServer,p.dest) - constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0}, - ctx.mkImplies((BoolExpr)nctx.recv.apply(n_0,politoMailServer, p_0, t_0), - (BoolExpr)nctx.nodeHasAddr.apply(politoMailServer,nctx.pf.get("dest").apply(p_0))),1,null,null,null,null)); - -// Constraint5 send(politoMailServer, n_0, p, t_0) -> p.proto == POP3_RESP && p.emailFrom == 1 - constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0}, - ctx.mkImplies((BoolExpr)nctx.send.apply(politoMailServer, n_0, p_0, t_0), - ctx.mkAnd( ctx.mkEq(nctx.pf.get("proto").apply(p_0), ctx.mkInt(nctx.POP3_RESPONSE)), - ctx.mkEq(nctx.pf.get("emailFrom").apply(p_0), ctx.mkInt(1)))),1,null,null,null,null)); - -// Constraint6 send(politoMailServer, n_0, p, t_0) -> -// (exist p_1, t_1 : (t_1 < t_0 && recv(n_0, politoMailServer, p_1, t_1) && -// p_0.proto == POP3_RESP && p_1.proto == POP3_REQ && p_0.dest == p_1.src ) - - constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0}, - ctx.mkImplies((BoolExpr)nctx.send.apply(politoMailServer, n_0, p_0, t_0), - ctx.mkExists(new Expr[]{p_1, t_1}, - ctx.mkAnd(ctx.mkLt(t_1, t_0), - (BoolExpr)nctx.recv.apply(n_0, politoMailServer, p_1, t_1), - ctx.mkEq(nctx.pf.get("proto").apply(p_0), ctx.mkInt(nctx.POP3_RESPONSE)), - ctx.mkEq(nctx.pf.get("proto").apply(p_1), ctx.mkInt(nctx.POP3_REQUEST)), - ctx.mkEq(nctx.pf.get("dest").apply(p_0), nctx.pf.get("src").apply(p_1))),1,null,null,null,null)),1,null,null,null,null)); - -// constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0}, -// ctx.mkImplies((BoolExpr)nctx.send.apply(politoMailServer, n_0, p_0, t_0), -// ctx.mkEq(nctx.pf.get("emailFrom").apply(p_0),ctx.mkInt(2))),1,null,null,null,null)); - } -}
\ No newline at end of file diff --git a/verigraph/service/src/mcnet/netobjs/PolitoNF.java b/verigraph/service/src/mcnet/netobjs/PolitoNF.java deleted file mode 100644 index 53cae28..0000000 --- a/verigraph/service/src/mcnet/netobjs/PolitoNF.java +++ /dev/null @@ -1,101 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2017 Politecnico di Torino and others. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Apache License, Version 2.0 - * which accompanies this distribution, and is available at - * http://www.apache.org/licenses/LICENSE-2.0 - *******************************************************************************/ - -package mcnet.netobjs; - - -import java.util.ArrayList; -import java.util.List; - -import com.microsoft.z3.BoolExpr; -import com.microsoft.z3.Context; -import com.microsoft.z3.DatatypeExpr; -import com.microsoft.z3.Expr; -import com.microsoft.z3.FuncDecl; -import com.microsoft.z3.IntExpr; -import com.microsoft.z3.Solver; -import com.microsoft.z3.Sort; - -import mcnet.components.NetContext; -import mcnet.components.Network; -import mcnet.components.NetworkObject; - -/** First example of custom network function: a simple filter - * - */ -public class PolitoNF extends NetworkObject{ - - List<BoolExpr> constraints; - Context ctx; - DatatypeExpr politoNF; - Network net; - NetContext nctx; - FuncDecl isInBlacklist; - - - public PolitoNF(Context ctx, Object[]... args) { - super(ctx, args); - } - - @Override - protected void init(Context ctx, Object[]... args) { - this.ctx = ctx; - isEndHost=false; - constraints = new ArrayList<BoolExpr>(); - z3Node = ((NetworkObject)args[0][0]).getZ3Node(); - politoNF = z3Node; - net = (Network)args[0][1]; - nctx = (NetContext)args[0][2]; - //net.saneSend(this); - } - - public void politoNFRules (DatatypeExpr ipA,DatatypeExpr ipB){ -// System.out.println("[PolitoNf] Installing rules"); - Expr n_0 = ctx.mkConst("politoNF_"+politoNF+"_n_0", nctx.node); - Expr n_1 = ctx.mkConst("politoNF_"+politoNF+"_n_1", nctx.node); - Expr p_0 = ctx.mkConst("politoNF_"+politoNF+"_p_0", nctx.packet); - IntExpr t_0 = ctx.mkIntConst("politoNF_"+politoNF+"_t_0"); - IntExpr t_1 = ctx.mkIntConst("politoNF_"+politoNF+"_t_1"); - Expr a_0 = ctx.mkConst(politoNF+"_politoNF_a_0", nctx.address); - Expr a_1 = ctx.mkConst(politoNF+"_politoNF_a_1", nctx.address); - - FuncDecl myFunction = ctx.mkFuncDecl(politoNF+"_myFunction", new Sort[]{nctx.address,nctx.address}, ctx.mkBoolSort()); - - BoolExpr myConstraint = ctx.mkForall(new Expr[]{n_0, p_0, t_0}, - ctx.mkImplies((BoolExpr)nctx.send.apply(politoNF, n_0, p_0, t_0), - ctx.mkExists(new Expr[]{n_1, t_1}, - ctx.mkAnd((BoolExpr)nctx.recv.apply(n_1, politoNF, p_0, t_1), - ctx.mkLt(t_1 , t_0), - (BoolExpr)myFunction.apply(nctx.pf.get("src").apply(p_0), nctx.pf.get("dest").apply(p_0))),1,null,null,null,null)),1,null,null,null,null); - - BoolExpr funcConstraint = ctx.mkOr(ctx.mkAnd(ctx.mkEq(a_0, ipA), ctx.mkEq(a_1, ipB)), ctx.mkAnd(ctx.mkEq(a_0,ipB), ctx.mkEq(a_1,ipA))); - - // Constraint1 myFunction(a_0,a_1) == ((a_0 == ipA && a_1 == ipB) || (a_0 == ipB && a_1 == ipA)) - constraints.add( - ctx.mkForall(new Expr[]{a_0,a_1}, - ctx.mkEq(myFunction.apply(a_0, a_1), funcConstraint),1,null,null,null,null)); - - //Constraint2 send(politoNF, n_0, p, t_0) -> - // (exist n_1,t_1 : (t_1 < t_0 && recv(n_1, politoNF, p, t_1) && myFunction(p.src,p.dest)) - constraints.add(myConstraint); - - } - - @Override - protected void addConstraints(Solver solver) { - BoolExpr[] constr = new BoolExpr[constraints.size()]; - solver.add(constraints.toArray(constr)); - } - - @Override - public DatatypeExpr getZ3Node() { - return politoNF; - } - - }
\ No newline at end of file diff --git a/verigraph/service/src/mcnet/netobjs/PolitoNat.java b/verigraph/service/src/mcnet/netobjs/PolitoNat.java deleted file mode 100644 index 6d8a36d..0000000 --- a/verigraph/service/src/mcnet/netobjs/PolitoNat.java +++ /dev/null @@ -1,176 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2017 Politecnico di Torino and others. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Apache License, Version 2.0 - * which accompanies this distribution, and is available at - * http://www.apache.org/licenses/LICENSE-2.0 - *******************************************************************************/ - -package mcnet.netobjs; - - -import java.util.ArrayList; -import java.util.List; - -import com.microsoft.z3.BoolExpr; -import com.microsoft.z3.Context; -import com.microsoft.z3.DatatypeExpr; -import com.microsoft.z3.Expr; -import com.microsoft.z3.FuncDecl; -import com.microsoft.z3.IntExpr; -import com.microsoft.z3.Solver; - -import mcnet.components.NetContext; -import mcnet.components.Network; -import mcnet.components.NetworkObject; -/** - * NAT Model object - * - */ -public class PolitoNat extends NetworkObject{ - List<BoolExpr> constraints; - Context ctx; - DatatypeExpr nat; - List<DatatypeExpr> private_addresses; - List<NetworkObject> private_node; - Network net; - NetContext nctx; - FuncDecl private_addr_func ; - - public PolitoNat(Context ctx, Object[]... args) { - super(ctx, args); - } - - @Override - protected void init(Context ctx, Object[]... args) { - this.ctx = ctx; - isEndHost=false; - constraints = new ArrayList<BoolExpr>(); - z3Node = ((NetworkObject)args[0][0]).getZ3Node(); - nat = z3Node; - net = (Network)args[0][1]; - nctx = (NetContext)args[0][2]; - private_addresses = new ArrayList<DatatypeExpr>(); - private_node = new ArrayList<NetworkObject>(); - net.saneSend(this); - } - - @Override - public DatatypeExpr getZ3Node() { - return nat; - } - - @Override - protected void addConstraints(Solver solver) { - BoolExpr[] constr = new BoolExpr[constraints.size()]; - solver.add(constraints.toArray(constr)); - } - - /* - private void addPrivateAdd(List<DatatypeExpr> address){ - private_addresses.addAll(address); - } - */ - - public List<DatatypeExpr> getPrivateAddress(){ - return private_addresses; - } - - public void natModel(DatatypeExpr natIp){ - Expr x = ctx.mkConst("x", nctx.node); - Expr y = ctx.mkConst("y", nctx.node); - Expr z = ctx.mkConst("z", nctx.node); - - Expr p_0 = ctx.mkConst("p_0", nctx.packet); - Expr p_1 = ctx.mkConst("p_1", nctx.packet); - Expr p_2 = ctx.mkConst("p_2", nctx.packet); - - IntExpr t_0 = ctx.mkIntConst("t_0"); - IntExpr t_1 = ctx.mkIntConst("t_1"); - IntExpr t_2 = ctx.mkIntConst("t_2"); - -// private_addr_func = ctx.mkFuncDecl("private_addr_func", nctx.address, ctx.mkBoolSort()); - private_addr_func = ctx.mkFuncDecl(nat + "_nat_func", nctx.address, ctx.mkBoolSort()); - - //Constraint1 -// "send(nat, x, p_0, t_0) && !private_addr_func(p_0.dest) -> -// p_0.src == ip_politoNat && -// (exist y, p_1,t_1 : -// (recv(y, nat, p_1, t_1) && t_1 < t_0 && -// private_addr_func(p1.src) && -// p_1.origin == p_0.origin && -// same for p_1.<dest,orig_body,body,seq,proto,emailFrom,url,options> == p_0.<...>) " - constraints.add( ctx.mkForall(new Expr[]{t_0, p_0, x}, - ctx.mkImplies( - ctx.mkAnd((BoolExpr)nctx.send.apply(nat, x, p_0, t_0), - ctx.mkNot((BoolExpr)private_addr_func.apply(nctx.pf.get("dest").apply(p_0)))), - ctx.mkAnd( - ctx.mkEq(nctx.pf.get("src").apply(p_0),natIp), - ctx.mkExists(new Expr[]{y, p_1, t_1}, - ctx.mkAnd( - (BoolExpr)nctx.recv.apply(y, nat, p_1, t_1), - ctx.mkLt(t_1 , t_0), - (BoolExpr)private_addr_func.apply(nctx.pf.get("src").apply(p_1)), - ctx.mkEq(nctx.pf.get("origin").apply(p_1),nctx.pf.get("origin").apply(p_0)), - ctx.mkEq(nctx.pf.get("dest").apply(p_1),nctx.pf.get("dest").apply(p_0)), - ctx.mkEq(nctx.pf.get("orig_body").apply(p_1),nctx.pf.get("orig_body").apply(p_0)), - ctx.mkEq(nctx.pf.get("body").apply(p_1),nctx.pf.get("body").apply(p_0)), - ctx.mkEq(nctx.pf.get("seq").apply(p_1),nctx.pf.get("seq").apply(p_0)), - ctx.mkEq(nctx.pf.get("proto").apply(p_1),nctx.pf.get("proto").apply(p_0)), - ctx.mkEq(nctx.pf.get("emailFrom").apply(p_1),nctx.pf.get("emailFrom").apply(p_0)), - ctx.mkEq(nctx.pf.get("url").apply(p_1),nctx.pf.get("url").apply(p_0)), - ctx.mkEq(nctx.pf.get("options").apply(p_1),nctx.pf.get("options").apply(p_0))),1,null,null,null,null))),1,null,null,null,null)); - - //Constraint2 -// send(nat, x, p_0, t_0) && private_addr_func(p_0.dest) -> -// !private_addr_func(p_0.src) && -// (exist y, p_1,t_1 : -// (recv(y, nat, p_1, t_1) && t_1 < t_0 && -// !private_addr_func(p1.src) && -// p_1.dest == ip_politoNat && -// p_1.origin == p_0.origin && -// same for p_1.<src,orig_body,body,seq,proto,emailFrom,url,options> == p_0.<...>) - constraints.add( ctx.mkForall(new Expr[]{x, p_0, t_0}, - ctx.mkImplies( - ctx.mkAnd((BoolExpr)nctx.send.apply(nat, x, p_0, t_0), - (BoolExpr)private_addr_func.apply(nctx.pf.get("dest").apply(p_0))), - ctx.mkAnd( - ctx.mkNot((BoolExpr)private_addr_func.apply(nctx.pf.get("src").apply(p_0))), - ctx.mkExists(new Expr[]{y, p_1, t_1}, - ctx.mkAnd( - ctx.mkLt(t_1 , t_0), - (BoolExpr)nctx.recv.apply(y, nat, p_1, t_1), - ctx.mkNot((BoolExpr)private_addr_func.apply(nctx.pf.get("src").apply(p_1))), - ctx.mkEq(nctx.pf.get("dest").apply(p_1),natIp), - ctx.mkEq(nctx.pf.get("src").apply(p_1),nctx.pf.get("src").apply(p_0)), - ctx.mkEq(nctx.pf.get("origin").apply(p_0),nctx.pf.get("origin").apply(p_1)), - ctx.mkEq(nctx.pf.get("orig_body").apply(p_1),nctx.pf.get("orig_body").apply(p_0)), - ctx.mkEq(nctx.pf.get("body").apply(p_1),nctx.pf.get("body").apply(p_0)), - ctx.mkEq(nctx.pf.get("seq").apply(p_1),nctx.pf.get("seq").apply(p_0)), - ctx.mkEq(nctx.pf.get("proto").apply(p_1),nctx.pf.get("proto").apply(p_0)), - ctx.mkEq(nctx.pf.get("emailFrom").apply(p_1),nctx.pf.get("emailFrom").apply(p_0)), - ctx.mkEq(nctx.pf.get("url").apply(p_1),nctx.pf.get("url").apply(p_0)), - ctx.mkEq(nctx.pf.get("options").apply(p_1),nctx.pf.get("options").apply(p_0)), - ctx.mkExists(new Expr[]{z, p_2, t_2}, - ctx.mkAnd( - ctx.mkLt(t_2 , t_1), - (BoolExpr)nctx.recv.apply(z, nat, p_2, t_2), - (BoolExpr)private_addr_func.apply(nctx.pf.get("src").apply(p_2)), - ctx.mkEq(nctx.pf.get("src").apply(p_1),nctx.pf.get("dest").apply(p_2)), - ctx.mkEq(nctx.pf.get("src").apply(p_0),nctx.pf.get("dest").apply(p_2)), - ctx.mkEq(nctx.pf.get("src").apply(p_2),nctx.pf.get("dest").apply(p_0))),1,null,null,null,null)),1,null,null,null,null))),1,null,null,null,null)); - } - - public void setInternalAddress(ArrayList<DatatypeExpr> internalAddress){ - List<BoolExpr> constr = new ArrayList<BoolExpr>(); - Expr n_0 = ctx.mkConst("nat_node", nctx.address); - - for(DatatypeExpr n : internalAddress){ - constr.add(ctx.mkEq(n_0,n)); - } - BoolExpr[] constrs = new BoolExpr[constr.size()]; - //Constraint private_addr_func(n_0) == or(n_0==n foreach internal address) - constraints.add(ctx.mkForall(new Expr[]{n_0}, ctx.mkEq(private_addr_func.apply(n_0),ctx.mkOr(constr.toArray(constrs))),1,null,null,null,null)); - } -}
\ No newline at end of file diff --git a/verigraph/service/src/mcnet/netobjs/PolitoVpnAccess.java b/verigraph/service/src/mcnet/netobjs/PolitoVpnAccess.java deleted file mode 100644 index e6fc5fe..0000000 --- a/verigraph/service/src/mcnet/netobjs/PolitoVpnAccess.java +++ /dev/null @@ -1,142 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2017 Politecnico di Torino and others. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Apache License, Version 2.0 - * which accompanies this distribution, and is available at - * http://www.apache.org/licenses/LICENSE-2.0 - *******************************************************************************/ - -package mcnet.netobjs; - -import java.util.ArrayList; -import java.util.List; - -import com.microsoft.z3.BoolExpr; -import com.microsoft.z3.Context; -import com.microsoft.z3.DatatypeExpr; -import com.microsoft.z3.Expr; -import com.microsoft.z3.FuncDecl; -import com.microsoft.z3.IntExpr; -import com.microsoft.z3.Solver; - -import mcnet.components.NetContext; -import mcnet.components.Network; -import mcnet.components.NetworkObject; - -public class PolitoVpnAccess extends NetworkObject { - - List<BoolExpr> constraints = new ArrayList<BoolExpr>(); - DatatypeExpr politoVpnAccess; - FuncDecl private_addr_func; - NetContext nctx; - Context ctx; - Network net; - - public PolitoVpnAccess(Context ctx, Object[]... args) { - super(ctx, args); - } - - @Override - public DatatypeExpr getZ3Node() { - return politoVpnAccess; - } - - @Override - protected void init(Context ctx, Object[]... args) { - this.ctx = ctx; - this.isEndHost = false; - this.politoVpnAccess = this.z3Node = ((NetworkObject)args[0][0]).getZ3Node(); - this.net = (Network)args[0][1]; - this.nctx = (NetContext)args[0][2]; - } - - @Override - protected void addConstraints(Solver solver) { - BoolExpr[] constr = new BoolExpr[constraints.size()]; - solver.add(constraints.toArray(constr)); - } - - public void vpnAccessModel(DatatypeExpr vpnAccessIp, DatatypeExpr vpnExitIp) { - Expr x = ctx.mkConst("vpn_x", nctx.node); - Expr y = ctx.mkConst("vpn_y", nctx.node); - - Expr p_0 = ctx.mkConst("vpn_p_0", nctx.packet); - Expr p_1 = ctx.mkConst("vpn_p_1", nctx.packet); - - IntExpr t_0 = ctx.mkIntConst("vpn_t_0"); - IntExpr t_1 = ctx.mkIntConst("vpn_t_1"); - - private_addr_func = ctx.mkFuncDecl("vpn_private_addr_func", nctx.address, ctx.mkBoolSort()); - - BoolExpr constraint1 = ctx.mkForall(new Expr[]{t_0, p_0, x}, - ctx.mkImplies(ctx.mkAnd( - (BoolExpr)nctx.send.apply(politoVpnAccess, x, p_0, t_0), - ctx.mkEq(nctx.pf.get("inner_src").apply(p_0), nctx.am.get("null"))), - ctx.mkAnd( - (BoolExpr)private_addr_func.apply(nctx.pf.get("dest").apply(p_0)), - ctx.mkNot((BoolExpr)nctx.pf.get("encrypted").apply(p_0)), - ctx.mkExists(new Expr[]{y, p_1, t_1}, - ctx.mkAnd((BoolExpr)nctx.recv.apply(y, politoVpnAccess, p_1, t_1), - ctx.mkLt(t_1, t_0), - (BoolExpr)nctx.pf.get("encrypted").apply(p_1), - ctx.mkEq(nctx.pf.get("src").apply(p_1), vpnExitIp), - ctx.mkEq(nctx.pf.get("dest").apply(p_1), vpnAccessIp), - ctx.mkEq(nctx.pf.get("inner_src").apply(p_1), nctx.pf.get("src").apply(p_0)), - ctx.mkEq(nctx.pf.get("inner_dest").apply(p_1), nctx.pf.get("dest").apply(p_0)), - ctx.mkEq(nctx.pf.get("origin").apply(p_1), nctx.pf.get("origin").apply(p_0)), - ctx.mkEq(nctx.pf.get("orig_body").apply(p_1), nctx.pf.get("orig_body").apply(p_0)), - ctx.mkEq(nctx.pf.get("body").apply(p_1), nctx.pf.get("body").apply(p_0)), - ctx.mkEq(nctx.pf.get("seq").apply(p_1), nctx.pf.get("seq").apply(p_0)), - ctx.mkEq(nctx.pf.get("proto").apply(p_1), nctx.pf.get("proto").apply(p_0)), - ctx.mkEq(nctx.pf.get("emailFrom").apply(p_1), nctx.pf.get("emailFrom").apply(p_0)), - ctx.mkEq(nctx.pf.get("url").apply(p_1), nctx.pf.get("url").apply(p_0)), - ctx.mkEq(nctx.pf.get("options").apply(p_1), nctx.pf.get("options").apply(p_0))), 1, null, null, null, null))), - 1,null,null,null,null); - - constraints.add(constraint1); - - BoolExpr constraint2 = ctx.mkForall(new Expr[]{t_0, p_0, x}, - ctx.mkImplies(ctx.mkAnd( - (BoolExpr)nctx.send.apply(politoVpnAccess, x, p_0, t_0), - ctx.mkNot(ctx.mkEq(nctx.pf.get("inner_src").apply(p_0), nctx.am.get("null")))), - ctx.mkAnd( - ctx.mkEq(nctx.pf.get("src").apply(p_0), vpnAccessIp), - ctx.mkEq(nctx.pf.get("dest").apply(p_0), vpnExitIp), - (BoolExpr)private_addr_func.apply(nctx.pf.get("inner_src").apply(p_0)), - ctx.mkNot(ctx.mkEq(nctx.pf.get("inner_dest").apply(p_0), vpnAccessIp)), - (BoolExpr)nctx.pf.get("encrypted").apply(p_0), - ctx.mkExists(new Expr[]{y, p_1, t_1}, - ctx.mkAnd((BoolExpr)nctx.recv.apply(y, politoVpnAccess, p_1, t_1), - ctx.mkLt(t_1, t_0), - ctx.mkNot((BoolExpr)nctx.pf.get("encrypted").apply(p_1)), - ctx.mkEq(nctx.pf.get("src").apply(p_1), nctx.pf.get("inner_src").apply(p_0)), - ctx.mkEq(nctx.pf.get("dest").apply(p_1), nctx.pf.get("inner_dest").apply(p_0)), - ctx.mkEq(nctx.pf.get("inner_src").apply(p_1), nctx.am.get("null")), - ctx.mkEq(nctx.pf.get("inner_dest").apply(p_1), nctx.am.get("null")), - ctx.mkEq(nctx.pf.get("origin").apply(p_1), nctx.pf.get("origin").apply(p_0)), - ctx.mkEq(nctx.pf.get("orig_body").apply(p_1), nctx.pf.get("orig_body").apply(p_0)), - ctx.mkEq(nctx.pf.get("body").apply(p_1), nctx.pf.get("body").apply(p_0)), - ctx.mkEq(nctx.pf.get("seq").apply(p_1), nctx.pf.get("seq").apply(p_0)), - ctx.mkEq(nctx.pf.get("proto").apply(p_1), nctx.pf.get("proto").apply(p_0)), - ctx.mkEq(nctx.pf.get("emailFrom").apply(p_1), nctx.pf.get("emailFrom").apply(p_0)), - ctx.mkEq(nctx.pf.get("url").apply(p_1), nctx.pf.get("url").apply(p_0)), - ctx.mkEq(nctx.pf.get("options").apply(p_1), nctx.pf.get("options").apply(p_0))), 1, null, null, null, null))), - 1,null,null,null,null); - - constraints.add(constraint2); - } - - public void setInternalAddress(ArrayList<DatatypeExpr> internalAddress){ - List<BoolExpr> constr = new ArrayList<BoolExpr>(); - Expr n_0 = ctx.mkConst("vpn_node", nctx.address); - - for(DatatypeExpr n : internalAddress){ - constr.add(ctx.mkEq(n_0,n)); - } - BoolExpr[] constrs = new BoolExpr[constr.size()]; - //Constraint private_addr_func(n_0) == or(n_0==n foreach internal address) - constraints.add(ctx.mkForall(new Expr[]{n_0}, ctx.mkEq(private_addr_func.apply(n_0),ctx.mkOr(constr.toArray(constrs))),1,null,null,null,null)); - } - -}
\ No newline at end of file diff --git a/verigraph/service/src/mcnet/netobjs/PolitoVpnExit.java b/verigraph/service/src/mcnet/netobjs/PolitoVpnExit.java deleted file mode 100644 index fb2341f..0000000 --- a/verigraph/service/src/mcnet/netobjs/PolitoVpnExit.java +++ /dev/null @@ -1,142 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2017 Politecnico di Torino and others. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Apache License, Version 2.0 - * which accompanies this distribution, and is available at - * http://www.apache.org/licenses/LICENSE-2.0 - *******************************************************************************/ - -package mcnet.netobjs; - -import java.util.ArrayList; -import java.util.List; - -import com.microsoft.z3.BoolExpr; -import com.microsoft.z3.Context; -import com.microsoft.z3.DatatypeExpr; -import com.microsoft.z3.Expr; -import com.microsoft.z3.FuncDecl; -import com.microsoft.z3.IntExpr; -import com.microsoft.z3.Solver; - -import mcnet.components.NetContext; -import mcnet.components.Network; -import mcnet.components.NetworkObject; - -public class PolitoVpnExit extends NetworkObject { - - List<BoolExpr> constraints = new ArrayList<BoolExpr>(); - DatatypeExpr politoVpnExit; - FuncDecl private_addr_func; - NetContext nctx; - Context ctx; - Network net; - - public PolitoVpnExit(Context ctx, Object[]... args) { - super(ctx, args); - } - - @Override - public DatatypeExpr getZ3Node() { - return politoVpnExit; - } - - @Override - protected void init(Context ctx, Object[]... args) { - this.ctx = ctx; - this.isEndHost = false; - this.politoVpnExit = this.z3Node = ((NetworkObject)args[0][0]).getZ3Node(); - this.net = (Network)args[0][1]; - this.nctx = (NetContext)args[0][2]; - } - - @Override - protected void addConstraints(Solver solver) { - BoolExpr[] constr = new BoolExpr[constraints.size()]; - solver.add(constraints.toArray(constr)); - } - - public void vpnAccessModel(DatatypeExpr vpnAccessIp, DatatypeExpr vpnExitIp) { - Expr x = ctx.mkConst("vpn_x", nctx.node); - Expr y = ctx.mkConst("vpn_y", nctx.node); - - Expr p_0 = ctx.mkConst("vpn_p_0", nctx.packet); - Expr p_1 = ctx.mkConst("vpn_p_1", nctx.packet); - - IntExpr t_0 = ctx.mkIntConst("vpn_t_0"); - IntExpr t_1 = ctx.mkIntConst("vpn_t_1"); - - private_addr_func = ctx.mkFuncDecl("vpn_private_addr_func", nctx.address, ctx.mkBoolSort()); - - BoolExpr constraint1 = ctx.mkForall(new Expr[]{t_0, p_0, x}, - ctx.mkImplies(ctx.mkAnd( - (BoolExpr)nctx.send.apply(politoVpnExit, x, p_0, t_0), - ctx.mkEq(nctx.pf.get("inner_src").apply(p_0), nctx.am.get("null"))), - ctx.mkAnd( - (BoolExpr)private_addr_func.apply(nctx.pf.get("src").apply(p_0)), - ctx.mkNot((BoolExpr)nctx.pf.get("encrypted").apply(p_0)), - ctx.mkExists(new Expr[]{y, p_1, t_1}, - ctx.mkAnd((BoolExpr)nctx.recv.apply(y, politoVpnExit, p_1, t_1), - ctx.mkLt(t_1, t_0), - (BoolExpr)nctx.pf.get("encrypted").apply(p_1), - ctx.mkEq(nctx.pf.get("src").apply(p_1), vpnAccessIp), - ctx.mkEq(nctx.pf.get("dest").apply(p_1), vpnExitIp), - ctx.mkEq(nctx.pf.get("inner_src").apply(p_1), nctx.pf.get("src").apply(p_0)), - ctx.mkEq(nctx.pf.get("inner_dest").apply(p_1), nctx.pf.get("dest").apply(p_0)), - ctx.mkEq(nctx.pf.get("origin").apply(p_1), nctx.pf.get("origin").apply(p_0)), - ctx.mkEq(nctx.pf.get("orig_body").apply(p_1), nctx.pf.get("orig_body").apply(p_0)), - ctx.mkEq(nctx.pf.get("body").apply(p_1), nctx.pf.get("body").apply(p_0)), - ctx.mkEq(nctx.pf.get("seq").apply(p_1), nctx.pf.get("seq").apply(p_0)), - ctx.mkEq(nctx.pf.get("proto").apply(p_1), nctx.pf.get("proto").apply(p_0)), - ctx.mkEq(nctx.pf.get("emailFrom").apply(p_1), nctx.pf.get("emailFrom").apply(p_0)), - ctx.mkEq(nctx.pf.get("url").apply(p_1), nctx.pf.get("url").apply(p_0)), - ctx.mkEq(nctx.pf.get("options").apply(p_1), nctx.pf.get("options").apply(p_0))), 1, null, null, null, null))), - 1,null,null,null,null); - - constraints.add(constraint1); - - BoolExpr constraint2 = ctx.mkForall(new Expr[]{t_0, p_0, x}, - ctx.mkImplies(ctx.mkAnd( - (BoolExpr)nctx.send.apply(politoVpnExit, x, p_0, t_0), - ctx.mkNot(ctx.mkEq(nctx.pf.get("inner_src").apply(p_0), nctx.am.get("null")))), - ctx.mkAnd( - ctx.mkEq(nctx.pf.get("src").apply(p_0), vpnExitIp), - ctx.mkEq(nctx.pf.get("dest").apply(p_0), vpnAccessIp), - (BoolExpr)private_addr_func.apply(nctx.pf.get("dest").apply(p_0)), - ctx.mkNot(ctx.mkEq(nctx.pf.get("inner_dest").apply(p_1), vpnExitIp)), - (BoolExpr)nctx.pf.get("encrypted").apply(p_0), - ctx.mkExists(new Expr[]{y, p_1, t_1}, - ctx.mkAnd((BoolExpr)nctx.recv.apply(y, politoVpnExit, p_1, t_1), - ctx.mkLt(t_1, t_0), - ctx.mkNot((BoolExpr)nctx.pf.get("encrypted").apply(p_1)), - ctx.mkEq(nctx.pf.get("src").apply(p_1), nctx.pf.get("inner_src").apply(p_0)), - ctx.mkEq(nctx.pf.get("dest").apply(p_1), nctx.pf.get("inner_dest").apply(p_0)), - ctx.mkEq(nctx.pf.get("inner_src").apply(p_1), nctx.am.get("null")), - ctx.mkEq(nctx.pf.get("inner_dest").apply(p_1), nctx.am.get("null")), - ctx.mkEq(nctx.pf.get("origin").apply(p_1), nctx.pf.get("origin").apply(p_0)), - ctx.mkEq(nctx.pf.get("orig_body").apply(p_1), nctx.pf.get("orig_body").apply(p_0)), - ctx.mkEq(nctx.pf.get("body").apply(p_1), nctx.pf.get("body").apply(p_0)), - ctx.mkEq(nctx.pf.get("seq").apply(p_1), nctx.pf.get("seq").apply(p_0)), - ctx.mkEq(nctx.pf.get("proto").apply(p_1), nctx.pf.get("proto").apply(p_0)), - ctx.mkEq(nctx.pf.get("emailFrom").apply(p_1), nctx.pf.get("emailFrom").apply(p_0)), - ctx.mkEq(nctx.pf.get("url").apply(p_1), nctx.pf.get("url").apply(p_0)), - ctx.mkEq(nctx.pf.get("options").apply(p_1), nctx.pf.get("options").apply(p_0))), 1, null, null, null, null))), - 1,null,null,null,null); - - constraints.add(constraint2); - } - - public void setInternalAddress(ArrayList<DatatypeExpr> internalAddress){ - List<BoolExpr> constr = new ArrayList<BoolExpr>(); - Expr n_0 = ctx.mkConst("vpn_node", nctx.address); - - for(DatatypeExpr n : internalAddress){ - constr.add(ctx.mkEq(n_0,n)); - } - BoolExpr[] constrs = new BoolExpr[constr.size()]; - //Constraint private_addr_func(n_0) == or(n_0==n foreach internal address) - constraints.add(ctx.mkForall(new Expr[]{n_0}, ctx.mkEq(private_addr_func.apply(n_0),ctx.mkOr(constr.toArray(constrs))),1,null,null,null,null)); - } - -}
\ No newline at end of file diff --git a/verigraph/service/src/mcnet/netobjs/PolitoWebClient.java b/verigraph/service/src/mcnet/netobjs/PolitoWebClient.java deleted file mode 100644 index 28e2cf2..0000000 --- a/verigraph/service/src/mcnet/netobjs/PolitoWebClient.java +++ /dev/null @@ -1,107 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2017 Politecnico di Torino and others. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Apache License, Version 2.0 - * which accompanies this distribution, and is available at - * http://www.apache.org/licenses/LICENSE-2.0 - *******************************************************************************/ - -package mcnet.netobjs; - - -import java.util.ArrayList; -import java.util.List; - -import com.microsoft.z3.BoolExpr; -import com.microsoft.z3.Context; -import com.microsoft.z3.DatatypeExpr; -import com.microsoft.z3.Expr; -import com.microsoft.z3.FuncDecl; -import com.microsoft.z3.IntExpr; -import com.microsoft.z3.Solver; - -import mcnet.components.NetContext; -import mcnet.components.Network; -import mcnet.components.NetworkObject; - -/** - * WebClient - */ -public class PolitoWebClient extends NetworkObject{ - - List<BoolExpr> constraints; - Context ctx; - DatatypeExpr politoWebClient; - Network net; - NetContext nctx; - FuncDecl isInBlacklist; - - public PolitoWebClient(Context ctx, Object[]... args) { - super(ctx, args); - } - - @Override - protected void init(Context ctx, Object[]... args) { - this.ctx = ctx; - isEndHost=true; - constraints = new ArrayList<BoolExpr>(); - z3Node = ((NetworkObject)args[0][0]).getZ3Node(); - politoWebClient = z3Node; - net = (Network)args[0][1]; - nctx = (NetContext)args[0][2]; - DatatypeExpr ipServer = (DatatypeExpr) args[0][3]; - webClientRules(ipServer); - //net.saneSend(this); - } - - @Override - public DatatypeExpr getZ3Node() { - return politoWebClient; - } - - @Override - protected void addConstraints(Solver solver) { -// System.out.println("[MailClient] Installing rules."); - BoolExpr[] constr = new BoolExpr[constraints.size()]; - solver.add(constraints.toArray(constr)); - } - - private void webClientRules (DatatypeExpr ipServer){ - Expr n_0 = ctx.mkConst("PolitoWebClient_"+politoWebClient+"_n_0", nctx.node); - Expr p_0 = ctx.mkConst("PolitoWebClient_"+politoWebClient+"_p_0", nctx.packet); - IntExpr t_0 = ctx.mkIntConst("PolitoWebClient_"+politoWebClient+"_t_0"); - - //Constraint1 send(politoWebClient, n_0, p, t_0) -> nodeHasAddr(politoWebClient,p.src) - constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0}, - ctx.mkImplies((BoolExpr)nctx.send.apply(politoWebClient, n_0, p_0, t_0), - (BoolExpr)nctx.nodeHasAddr.apply(politoWebClient,nctx.pf.get("src").apply(p_0))),1,null,null,null,null)); - - //Constraint2 send(politoWebClient, n_0, p, t_0) -> p.origin == politoWebClient - constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0}, - ctx.mkImplies((BoolExpr)nctx.send.apply(politoWebClient, n_0, p_0, t_0), - ctx.mkEq(nctx.pf.get("origin").apply(p_0),politoWebClient)),1,null,null,null,null)); - - //Constraint3 send(politoWebClient, n_0, p, t_0) -> p.orig_body == p.body - constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0}, - ctx.mkImplies((BoolExpr)nctx.send.apply(politoWebClient, n_0, p_0, t_0), - ctx.mkEq(nctx.pf.get("orig_body").apply(p_0),nctx.pf.get("body").apply(p_0))),1,null,null,null,null)); - - //Constraint4 recv(n_0, politoWebClient, p, t_0) -> nodeHasAddr(politoWebClient,p.dest) - constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0}, - ctx.mkImplies((BoolExpr)nctx.recv.apply(n_0,politoWebClient, p_0, t_0), - (BoolExpr)nctx.nodeHasAddr.apply(politoWebClient,nctx.pf.get("dest").apply(p_0))),1,null,null,null,null)); - - - //Constraint5 This client is only able to produce HTTP requests - // send(politoWebClient, n_0, p, t_0) -> p.proto == HTTP_REQ - constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0}, - ctx.mkImplies((BoolExpr)nctx.send.apply(politoWebClient, n_0, p_0, t_0), - ctx.mkEq(nctx.pf.get("proto").apply(p_0), ctx.mkInt(nctx.HTTP_REQUEST))),1,null,null,null,null)); - - //Constraint6 send(politoWebClient, n_0, p, t_0) -> p.dest == ipServer - constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0}, - ctx.mkImplies((BoolExpr)nctx.send.apply(politoWebClient, n_0, p_0, t_0), - ctx.mkEq(nctx.pf.get("dest").apply(p_0), ipServer)),1,null,null,null,null)); - } - } diff --git a/verigraph/service/src/mcnet/netobjs/PolitoWebServer.java b/verigraph/service/src/mcnet/netobjs/PolitoWebServer.java deleted file mode 100644 index 54710d9..0000000 --- a/verigraph/service/src/mcnet/netobjs/PolitoWebServer.java +++ /dev/null @@ -1,114 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2017 Politecnico di Torino and others. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Apache License, Version 2.0 - * which accompanies this distribution, and is available at - * http://www.apache.org/licenses/LICENSE-2.0 - *******************************************************************************/ - -package mcnet.netobjs; - - -import java.util.ArrayList; -import java.util.List; - -import com.microsoft.z3.BoolExpr; -import com.microsoft.z3.Context; -import com.microsoft.z3.DatatypeExpr; -import com.microsoft.z3.Expr; -import com.microsoft.z3.FuncDecl; -import com.microsoft.z3.IntExpr; -import com.microsoft.z3.Solver; - -import mcnet.components.NetContext; -import mcnet.components.Network; -import mcnet.components.NetworkObject; -/** - * WebServer object - * - */ -public class PolitoWebServer extends NetworkObject{ - - List<BoolExpr> constraints; - Context ctx; - DatatypeExpr node; - Network net; - NetContext nctx; - FuncDecl isInBlacklist; - - public PolitoWebServer(Context ctx, Object[]... args) { - super(ctx, args); - } - - @Override - protected void init(Context ctx, Object[]... args) { - this.ctx = ctx; - isEndHost=true; - constraints = new ArrayList<BoolExpr>(); - z3Node = ((NetworkObject)args[0][0]).getZ3Node(); - node = z3Node; - net = (Network)args[0][1]; - nctx = (NetContext)args[0][2]; - webServerRules(); - } - - @Override - public DatatypeExpr getZ3Node() { - return node; - } - - @Override - protected void addConstraints(Solver solver) { - BoolExpr[] constr = new BoolExpr[constraints.size()]; - solver.add(constraints.toArray(constr)); - } - - private void webServerRules (){ - Expr n_0 = ctx.mkConst("webserver_"+node+"_n_0", nctx.node); - Expr p_0 = ctx.mkConst("webserver_"+node+"_p_0", nctx.packet); - Expr p_1 = ctx.mkConst("webserver_"+node+"_p_1", nctx.packet); - IntExpr t_0 = ctx.mkIntConst("webserver_"+node+"_t_0"); - IntExpr t_1 = ctx.mkIntConst("webserver_"+node+"_t_1"); - - //Constraint1 send(politoWebServer, n_0, p, t_0) -> nodeHasAddr(politoWebServer,p.src) - constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0}, - ctx.mkImplies((BoolExpr)nctx.send.apply(node, n_0, p_0, t_0), - (BoolExpr)nctx.nodeHasAddr.apply(node,nctx.pf.get("src").apply(p_0))),1,null,null,null,null)); - - //Constraint2 send(politoWebServer, n_0, p, t_0) -> p.origin == politoWebServer - constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0}, - ctx.mkImplies((BoolExpr)nctx.send.apply(node, n_0, p_0, t_0), - ctx.mkEq(nctx.pf.get("origin").apply(p_0),node)),1,null,null,null,null)); - - //Constraint3 send(politoWebServer, n_0, p, t_0) -> p.orig_body == p.body - constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0}, - ctx.mkImplies((BoolExpr)nctx.send.apply(node, n_0, p_0, t_0), - ctx.mkEq(nctx.pf.get("orig_body").apply(p_0),nctx.pf.get("body").apply(p_0))), - 1,null,null,null,null)); - - //Constraint4 recv(n_0, politoWebServer, p, t_0) -> nodeHasAddr(politoWebServer,p.dest) - constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0}, - ctx.mkImplies((BoolExpr)nctx.recv.apply(n_0,node, p_0, t_0), - (BoolExpr)nctx.nodeHasAddr.apply(node,nctx.pf.get("dest").apply(p_0))),1,null,null,null,null)); - - //Constraint5 - // send(politoWebServer, n_0, p, t_0) -> - // (exist p_1,t_1 : - // (t_1 < t_0 && recv(n_0, politoWebServer, p_1, t_1) && - // p_0.proto == HTTP_RESP && p_1.proto == HTTP_REQ && - // p_0.dest == p_1.src && p_0.src == p_1.dest && p_0.url == p_1.url) - constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0}, - ctx.mkImplies((BoolExpr)nctx.send.apply(node, n_0, p_0, t_0), - ctx.mkExists(new Expr[]{p_1, t_1}, - ctx.mkAnd( - ctx.mkLt(t_1, t_0), - ctx.mkEq(nctx.pf.get("url").apply(p_0), nctx.pf.get("url").apply(p_1)), - (BoolExpr)nctx.recv.apply(n_0, node, p_1, t_1), - ctx.mkEq(nctx.pf.get("proto").apply(p_0), ctx.mkInt(nctx.HTTP_RESPONSE)), - ctx.mkEq(nctx.pf.get("proto").apply(p_1), ctx.mkInt(nctx.HTTP_REQUEST)), - ctx.mkEq(nctx.pf.get("dest").apply(p_0), nctx.pf.get("src").apply(p_1)), - ctx.mkEq(nctx.pf.get("src").apply(p_0), nctx.pf.get("dest").apply(p_1))), - 1,null,null,null,null)),1,null,null,null,null)); - } -} diff --git a/verigraph/service/src/tests/j-verigraph-generator/README.md b/verigraph/service/src/tests/j-verigraph-generator/README.md deleted file mode 100644 index c796af7..0000000 --- a/verigraph/service/src/tests/j-verigraph-generator/README.md +++ /dev/null @@ -1,54 +0,0 @@ -.. This work is licensed under a Creative Commons Attribution 4.0 International License. -.. http://creativecommons.org/licenses/by/4.0 - -CODE\_GENERATOR Java serializer and formatter - -UTILITY Contains utility methods used by other modules - -JSON\_GENERATOR Interactive module to generate the configuration files -(default names are "chains.json" and "config.json") "chains.json" -describes all the chains of nodes belonging to a certain scenario - -TEST\_CLASS\_GENERATOR Generates one or multiple test scenarios given -the two configuration files above (default names are "chains.json" and -"config.json") All the test scenarios have to be placed in the examples -folder (i. e. under "j-verigraph/service/src/tests/examples"). Here is -the script help: - -test\_class\_generator.py -c -f -o - -Supposing the module gets executed from the project root directory (i.e. -"j-verigraph"), a sample command is the following: - -service/src/tests/j-verigraph-generator/test\_class\_generator.py -c -"service/src/tests/j-verigraph-generator/examples/budapest/chains.json" --f -"service/src/tests/j-verigraph-generator/examples/budapest/config.json" --o "service/src/tests/examples/Scenario" - -Keep in mind that in the previous command "Scenario" represents a prefix -which will be followed by an underscore and an incremental number -starting from 1, which represents the n-th scenario starting from the -previously mentioned "chains.json" file (this file can indeed contain -multiple chains). - -TEST\_GENERATOR Generates a file which performs the verification test -through Z3 (theorem prover from Microsoft Research) given a certain -scenario generated with the above snippet. All the test modules have to -be placed under the "tests" directory (i.e. under -"j-verigraph/service/src/tests"). Here is the module help: - -test\_generator.py -i -o -s -d - -Supposing the module gets executed from the project root directory (i.e. -"j-verigraph") a sample command given the previously generated scenario -is the following: - -service/src/tests/j-verigraph-generator/test\_generator.py -i -service/src/tests/examples/Scenario\_1.java -o -service/src/tests/Test.java -s user1 -d webserver - -The aforementioned "Test.java" file can be compiled and executed -normally. Its output will be either "SAT" or "UNSAT". For possible -statistics the test is repeated 10 times and the average execution time -in seconds is printed to the console. diff --git a/verigraph/service/src/tests/j-verigraph-generator/__init__.py b/verigraph/service/src/tests/j-verigraph-generator/__init__.py deleted file mode 100644 index d8a620f..0000000 --- a/verigraph/service/src/tests/j-verigraph-generator/__init__.py +++ /dev/null @@ -1,8 +0,0 @@ -############################################################################## -# Copyright (c) 2017 Politecnico di Torino and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## diff --git a/verigraph/service/src/tests/j-verigraph-generator/batch_generator.py b/verigraph/service/src/tests/j-verigraph-generator/batch_generator.py deleted file mode 100644 index 517bdf7..0000000 --- a/verigraph/service/src/tests/j-verigraph-generator/batch_generator.py +++ /dev/null @@ -1,186 +0,0 @@ -#!/usr/bin/python - -############################################################################## -# Copyright (c) 2017 Politecnico di Torino and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## - -import json -from pprint import pprint -import sys, getopt -import commands -import os -from config import * -from utility import * -import subprocess - -#global variables -chains = {} -chains["chains"] = [] -routing = {} -routing["routing_table"] = [] -configuration = {} -configuration["nodes"] = [] -#end of global variables - - -#generates json file describing the chains (default chains.json) -def generate_chains(curr_dir, multiplier, flowspace): - filename = "chains.json" - - multiplier = int(multiplier) - number_of_chains = multiplier*multiplier - for i in range(0, int(number_of_chains)): - chains["chains"].insert(i, {}) - chains["chains"][i]["id"] = i+1 - chains["chains"][i]["flowspace"] = flowspace - chain_nodes = multiplier - chains["chains"][i]["nodes"] = [] - #set attributes for nth client - chains["chains"][i]["nodes"].insert(0, {}) - node_name = "client_" + str((i%multiplier)+1) - chains["chains"][i]["nodes"][0]["name"] = node_name - node_type = "web_client" - chains["chains"][i]["nodes"][0]["functional_type"] = node_type - node_address = "ip_web_client_" + str((i%multiplier)+1) - chains["chains"][i]["nodes"][0]["address"] = node_address - #set attributes for chain of firewalls - for j in range(1, chain_nodes+1): - chains["chains"][i]["nodes"].insert(j, {}) - node_name = "firewall_" + str(j) - chains["chains"][i]["nodes"][j]["name"] = node_name - node_type = "firewall" - chains["chains"][i]["nodes"][j]["functional_type"] = node_type - node_address = "ip_firewall_" + str(j) - chains["chains"][i]["nodes"][j]["address"] = node_address - #set attributes for nth web server - chains["chains"][i]["nodes"].insert(chain_nodes+1, {}) - node_name = "server_" + str((i%multiplier)+1) - chains["chains"][i]["nodes"][chain_nodes+1]["name"] = node_name - node_type = "web_server" - chains["chains"][i]["nodes"][chain_nodes+1]["functional_type"] = node_type - node_address = "ip_web_server_" + str((i%multiplier)+1) - chains["chains"][i]["nodes"][chain_nodes+1]["address"] = node_address - #pprint(chains) - with smart_open(curr_dir + "/" + filename) as f: - print >>f, json.dumps(chains) - return filename - -#generates json file describing the node configurations (default config.json) -def generate_config(curr_dir): - chains_file = "chains.json" - - chains = parse_chains(curr_dir + "/" + chains_file) - - print "Chains read from file:" - pprint(chains) - chains_id = [] - - for chain_id, chain in chains.items(): - chains_id.append(chain_id) - print "Chain #" + str(chain_id) + " has " + str(len(chain)) + " elements" - for node_name in chain.keys(): - print node_name + " ", - print "" - - - filename = "config.json" - - config_names = [] - - i = -1 - - for number_of_chain in chains_id: - number_of_nodes = len(chains[number_of_chain].keys()) - - # for i in range(0, number_of_nodes): - - for node_name, node_map in chains[number_of_chain].items(): - if node_name in config_names: - continue - config_names.append(node_name) - i += 1 - configuration["nodes"].insert(i, {}) - # node_id = raw_input("Node #" + str(i+1) + " id? -->") - # configuration["nodes"][i]["id"] = node_id - configuration["nodes"][i]["id"] = node_name - - name_split = node_name.split("_") - - #init = raw_input("Any parameter for inizialization of node " + node_name + "? (N/Y)-->") - init_list = devices_initialization[node_map["functional_type"]] - if init_list != []: - for init_item in init_list: - init_param = "ip_" + init_item + "_" + name_split[1] - configuration["nodes"][i][init_item] = init_param - - node_description = name_split[0] + " denies any traffic from web_client #" + name_split[1] + " to web_server #" + name_split[1] - configuration["nodes"][i]["description"] = node_description - while(True): - #node_configuration_type = raw_input("Node " + node_id +"'s configuration type (list, maps)? (L/M) -->") - #n = search_node_in_chains(node_id) - - node_configuration_type = devices_configuration_methods[node_map["functional_type"]] - if node_configuration_type == "list": - #list - configuration["nodes"][i]["configuration"] = [] - - break - if node_configuration_type == "maps": - #maps - configuration["nodes"][i]["configuration"] = [] - n_entries = 1 - - for m in range(0, n_entries): - configuration["nodes"][i]["configuration"].insert(m, {}) - - map_elements = 1 - - for n in range(0, map_elements): - key = "ip_web_server_" + name_split[1] - value = "ip_web_client_" + name_split[1] - configuration["nodes"][i]["configuration"][m][key] = value - break - else: - print "Invalid config, please edit the config file" - #pprint(configuration) - with smart_open(curr_dir + "/" + filename) as f: - print >>f, json.dumps(configuration) - return filename - -def main(argv): - #exit if any command line argument is missing - if len(argv) < 4: - print 'batch_generator.py -m <multiplier> -o <output_directory>' - sys.exit(2) - #initialize json file names - chains_file = '' - configuration_file = '' - output_dir = '' - multiplier = '' - #parse command line arguments and exit if there is an error - try: - opts, args = getopt.getopt(argv,"hm:o:",["mutliplier=","help","odir="]) - except getopt.GetoptError as err: - print str(err) - print 'batch_generator.py -m <multiplier> -o <output_directory>' - sys.exit(2) - for opt, arg in opts: - if opt in ("-h", "--help"): - print 'batch_generator.py -m <multiplier> -o <output_directory>' - sys.exit() - elif opt in ("-o", "--output"): - output_dir = arg - elif opt in ("-m", "--multiplier"): - multiplier = arg - - generate_chains(output_dir, multiplier, "tcp=80") - generate_config(output_dir) - - -if __name__ == "__main__": - main(sys.argv[1:]) diff --git a/verigraph/service/src/tests/j-verigraph-generator/code_generator.py b/verigraph/service/src/tests/j-verigraph-generator/code_generator.py deleted file mode 100644 index 5b9834f..0000000 --- a/verigraph/service/src/tests/j-verigraph-generator/code_generator.py +++ /dev/null @@ -1,59 +0,0 @@ -#!/usr/bin/python - -############################################################################## -# Copyright (c) 2017 Politecnico di Torino and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## - -import sys, string - -class CodeGeneratorBackend: - - def begin(self, tab="\t"): - self.code = [] - self.tab = tab - self.level = 0 - - def end(self): - return string.join(self.code, "") - - def write(self, string): - self.code.append(self.tab * self.level + string) - - def writeln(self, string): - self.code.append(self.tab * self.level + string + "\n") - - def append(self, string): - self.code.append(string) - - def indent(self): - self.level = self.level + 1 - - def dedent(self): - if self.level == 0: - raise SyntaxError, "internal error in code generator" - self.level = self.level - 1 - - def write_list(self, data, delimiter=True, wrapper="'"): - if delimiter == True: - self.code.append("{") - first = True - for element in data: - if (first == False): - self.code.append(", ") - else: - first = False - if wrapper == "'": - self.code.append("'" + str(element) + "'") - elif wrapper == "\"": - self.code.append("\"" + str(element) + "\"") - elif wrapper == "b": - self.code.append("(" + str(element) + ")") - else: - self.code.append(str(element)) - if delimiter == True: - self.code.append("}") diff --git a/verigraph/service/src/tests/j-verigraph-generator/config.py b/verigraph/service/src/tests/j-verigraph-generator/config.py deleted file mode 100644 index 3fe5d6c..0000000 --- a/verigraph/service/src/tests/j-verigraph-generator/config.py +++ /dev/null @@ -1,88 +0,0 @@ -#!/usr/bin/python - -############################################################################## -# Copyright (c) 2017 Politecnico di Torino and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## - -devices_to_classes = { "webclient" : "PolitoWebClient", - "webserver" : "PolitoWebServer", - "cache" : "PolitoCache", - "nat" : "PolitoNat", - "firewall" : "AclFirewall", - "mailclient" : "PolitoMailClient", - "mailserver" : "PolitoMailServer", - "antispam" : "PolitoAntispam", - "endpoint": "EndHost", - "dpi": "PolitoIDS", - "endhost": "PolitoEndHost", - "vpnaccess":"PolitoVpnAccess", - "vpnexit":"PolitoVpnExit", - "fieldmodifier":"PolitoFieldModifier" - } -devices_to_configuration_methods = {"webclient" : "", - "webserver" : "", - "cache" : "installCache", - "nat" : "setInternalAddress", - "firewall" : "addAcls", - "mailclient" : "", - "mailserver" : "", - "antispam" : "", - "endpoint": "", - "dpi": "installIDS", - "endhost": "installEndHost", - "vpnaccess":"vpnAccessModel", - "vpnexit":"vpnAccessModel", - "fieldmodifier":"installFieldModifier" - } -devices_initialization = { "webclient" : ["webserver"], - "webserver" : [], - "cache" : [], - "nat" : [], - "firewall" : [], - "mailclient" : ["mailserver"], - "mailserver" : [], - "antispam" : [], - "endpoint": [], - "dpi":[] , - "endhost":[], - "vpnaccess":[], - "vpnexit":[], - "fieldmodifier":[] - } - -convert_configuration_property_to_ip = { "webclient" : ["value"], - "webserver" : [], - "cache" : ["value"], - "nat" : ["value"], - "firewall" : ["key", "value"], - "mailclient" : ["value"], - "mailserver" : [], - "antispam" : [], - "endpoint": [], - "dpi": [], - "endhost": [], - "vpnaccess": ["value"], - "vpnexit": ["value"], - "fieldmodifier": [] - } - -devices_configuration_fields = { "webclient" : "", - "webserver" : "", - "cache" : "cached address", - "nat" : "natted address", - "firewall" : "acl entry", - "mailclient" : "", - "mailserver" : "", - "antispam" : "", - "endpoint": "", - "dpi":"words blacklist", - "endhost":"", - "vpnaccess":"vpn access", - "vpnexit":"vpn exit", - "fieldmodifier":"field modifier" - } diff --git a/verigraph/service/src/tests/j-verigraph-generator/json_generator.py b/verigraph/service/src/tests/j-verigraph-generator/json_generator.py deleted file mode 100644 index d65ea43..0000000 --- a/verigraph/service/src/tests/j-verigraph-generator/json_generator.py +++ /dev/null @@ -1,261 +0,0 @@ -#!/usr/bin/python - -############################################################################## -# Copyright (c) 2017 Politecnico di Torino and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## - -import json -from pprint import pprint -import sys -import commands -import os -from config import * -from utility import * -import batch_generator -import subprocess - -#global variables -chains = {} -chains["chains"] = [] -routing = {} -routing["routing_table"] = [] -configuration = {} -configuration["nodes"] = [] -#end of global variables - - - -#generates json file describing the chains (default chains.json) -def generate_chains(curr_dir): - filename = "chains.json" - fn = raw_input("Please enter a file name for the json file describing the nodes chains (default \"chains.json\") -->") - if fn != "": - filename = fn - - number_of_chains = check_input_is_int("Please enter the number of chains you wish to simulate: -->") - for i in range(0, int(number_of_chains)): - chains["chains"].insert(i, {}) - #decomment the following 2 lines to make chain id an arbitrary integer - #chain_id = check_input_is_int("Chain #" + str(i+1) + " id? -->") - #chains["chains"][i]["id"] = chain_id - chains["chains"][i]["id"] = i+1 - flowspace = raw_input("Chain #" + str(i+1) + " flowspace? -->") - chains["chains"][i]["flowspace"] = flowspace - chain_nodes = check_input_is_int("How many nodes does the chain #" + str(i+1) + " have? -->") - chains["chains"][i]["nodes"] = [] - for j in range(0, chain_nodes): - chains["chains"][i]["nodes"].insert(j, {}) - node_name = raw_input("Node #" + str(j+1) + " name? -->") - chains["chains"][i]["nodes"][j]["name"] = node_name - print "Available functional types are:" - for device in devices_to_classes.keys(): - print device + " ", - while True: - node_type = raw_input("Node #" + str(j+1) + " functional_type (see valid options above)? -->") - if node_type in devices_to_classes.keys(): - break - chains["chains"][i]["nodes"][j]["functional_type"] = node_type - node_address = raw_input("Node #" + str(j+1) + " address? -->") - chains["chains"][i]["nodes"][j]["address"] = node_address - #pprint(chains) - with smart_open(curr_dir + "/" + filename) as f: - print >>f, json.dumps(chains) - return filename - -#generates json file describing the node configurations (default config.json) -def generate_config(curr_dir): - chains_file = "chains.json" - while True: - list_files(curr_dir) - fn = raw_input("Please enter the file name of the json file containing the chains (default \"chains.json\") -->") - if fn != "": - chains_file = fn - try: - chains = parse_chains(curr_dir + "/" + chains_file) - except: - print "Chains file is not valid" - continue - break - print "Chains read from file:" - pprint(chains) - chains_id = [] - - for chain_id, chain in chains.items(): - chains_id.append(chain_id) - print "Chain #" + str(chain_id) + " has " + str(len(chain)) + " elements" - for node_name in chain.keys(): - print node_name + " ", - print "" - - while True: - number_of_chain = check_input_is_int("Please enter the number of the chain you wish to configure: -->") - if number_of_chain in chains_id: - break - else: - print "Please enter a valid chain id (see options above)" - - filename = "config.json" - fn = raw_input("Please enter a file name for the json file describing the nodes configuration (default \"config.json\") -->") - if fn != "": - filename = fn - - number_of_nodes = len(chains[number_of_chain].keys()) - -# for i in range(0, number_of_nodes): - i = -1 - for node_name, node_map in chains[number_of_chain].items(): - i += 1 - configuration["nodes"].insert(i, {}) -# node_id = raw_input("Node #" + str(i+1) + " id? -->") -# configuration["nodes"][i]["id"] = node_id - configuration["nodes"][i]["id"] = node_name - #init = raw_input("Any parameter for inizialization of node " + node_name + "? (N/Y)-->") - init_list = devices_initialization[node_map["functional_type"]] - if init_list != []: - for init_item in init_list: - init_param = raw_input("Please enter the IP address of parameter \"" + init_item + "\" for node " + node_name + ": -->") - configuration["nodes"][i][init_item] = init_param - - node_description = raw_input("Node " + node_name +"'s configuration description? -->") - configuration["nodes"][i]["description"] = node_description - while(True): - #node_configuration_type = raw_input("Node " + node_id +"'s configuration type (list, maps)? (L/M) -->") - #n = search_node_in_chains(node_id) - - node_configuration_type = devices_configuration_methods[node_map["functional_type"]] - if node_configuration_type == "list": - #list - configuration["nodes"][i]["configuration"] = [] - config_elements = check_input_is_int("How many configuration elements for node " + node_name + "? (type 0 to skip configuration) -->") - for e in range(0, config_elements): - element = raw_input("\tPlease enter " + devices_configuration_fields[node_map["functional_type"]] + "#" + str(e+1) + " -->") - configuration["nodes"][i]["configuration"].append(element) - break - elif node_configuration_type == "maps": - #maps - configuration["nodes"][i]["configuration"] = [] - n_entries = check_input_is_int("How many maps for the configuration of node " + node_name + "? (type 0 to skip configuration) -->") - - for m in range(0, n_entries): - configuration["nodes"][i]["configuration"].insert(m, {}) - - map_elements = check_input_is_int("How many elements for map #" + str(m+1) + "? -->") - - for n in range(0, map_elements): - key = raw_input("\tKey for " + devices_configuration_fields[node_map["functional_type"]] + "#" + str(n+1) + ": -->") - value = raw_input("\tValue for " + devices_configuration_fields[node_map["functional_type"]] + "#" + str(n+1) + ": -->") - configuration["nodes"][i]["configuration"][m][key] = value - break - else: - print "Invalid config, please edit the config file" - #pprint(configuration) - with smart_open(curr_dir + "/" + filename) as f: - print >>f, json.dumps(configuration) - return filename - - -def main(): - - chains_file = "" - configuration_file = "" - routing_file = "" - curr_dir = os.getcwd() - current_path = curr_dir - - set_dir = raw_input("Change working directory? (" + curr_dir + ") (N/Y) -->") - if set_dir == "Y" or set_dir == "y": - print "List of subdirectories:" - print list_directories(curr_dir) - while True: - curr_dir = os.path.abspath(raw_input("Enter working path (relative or absolute path are supported) -->")) - if os.path.exists(curr_dir): - current_path = curr_dir - break - else: - print "Please enter a valid path!" - - directory = raw_input("Do you want to create a new test directory? (N/Y) -->") - if directory == "Y" or directory =="y": - directory_name = raw_input("Directory name? -->") - print commands.getoutput("mkdir -v " + curr_dir + "/" + directory_name) - current_path = curr_dir + "/" + directory_name - - print "Files will be created at " + current_path - - firewall_chain = False - - while True: - choice = raw_input("""CHAINS?\n - Choose one of the following options:\n - 1) Automatic generation of chains.json and config.json for an N-firewall chain - 2) Generate step-by-step - 3) Verify the integrity of an existing json file - 4) Skip step\n-->""") - try: - if int(choice) == 1: - multiplier = check_input_is_int("Please enter N -->") - arguments = ["-m", str(multiplier), "-o", current_path] - batch_generator.main(arguments) - firewall_chain = True - break - elif int(choice) == 2: - chains_file = generate_chains(current_path) - break - elif int(choice) == 3: - chains_file = raw_input("Input file for CHAINS? -->") - if(check_chains_integrity(current_path + "/" + chains_file)) == True: - break - else: - print "Input json file for CHAINS not well formed, please try again!" - elif int(choice) == 4: - break - else: - print "Invalid choice, please try again!" - except ValueError, e: - print "Invalid choice, please try again!" - continue - - while True: - - if firewall_chain == True: - chains_file = "chains.json" - configuration_file = "config.json" - routing_file = "" - break - - choice = raw_input("""CONFIGURATION?\n - Choose one of the following options:\n - 1) Generate step-by-step - 2) Verify the integrity of an existing json file - 3) Skip step\n-->""") - try: - if int(choice) == 1: - configuration_file = generate_config(current_path) - break - elif int(choice) == 2: - configuration_file = raw_input("Input file for CONFIGURATION? -->") - if(check_config_integrity(current_path + "/" + configuration_file)) == True: - break - else: - print "Input json file for CONFIGURATION not well formed, please try again!" - elif int(choice) == 3: - break - else: - print "Invalid choice, please try again!" - except ValueError, e: - print "Invalid choice, please try again!" - continue - - print "All done, you are ready to launch the test generator like so:" - print "test_class_generator.py -c " + chains_file + " -f " + configuration_file + " -o <output_file>" - - return chains_file, configuration_file, routing_file, current_path - - -if __name__ == "__main__": - main() diff --git a/verigraph/service/src/tests/j-verigraph-generator/routing_generator.py b/verigraph/service/src/tests/j-verigraph-generator/routing_generator.py deleted file mode 100644 index c8956f2..0000000 --- a/verigraph/service/src/tests/j-verigraph-generator/routing_generator.py +++ /dev/null @@ -1,80 +0,0 @@ -#!/usr/bin/python - -############################################################################## -# Copyright (c) 2017 Politecnico di Torino and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## - -from pprint import pprint -import sys, getopt -import os -from utility import * - -# used by test_class_generator -def generate_routing_from_chain(chain): - routing = {} - routing["routing_table"] = {} - - chain = chain["nodes"] - for i in range(0, len(chain)): - routing["routing_table"][chain[i]["name"]] = {} - for j in range(i-1, -1, -1): - routing["routing_table"][chain[i]["name"]][chain[j]["address"]] = chain[i-1]["name"] - for k in range (i+1, len(chain)): - routing["routing_table"][chain[i]["name"]][chain[k]["address"]] = chain[i+1]["name"] - pprint(routing) - return routing - -def generate_routing_from_chains_file(chains_file, chain_number): - routing = {} - routing["routing_table"] = {} - - chains = convert_unicode_to_ascii(parse_json_file(chains_file)) - chain = None - for chn in chains["chains"]: - if chn["id"] == chain_number: - chain = chn["nodes"] - break - if chain == None: - return routing - - for i in range(0, len(chain)): - routing["routing_table"][chain[i]["name"]] = {} - for j in range(i-1, -1, -1): - routing["routing_table"][chain[i]["name"]][chain[j]["address"]] = chain[i-1]["name"] - for k in range (i+1, len(chain)): - routing["routing_table"][chain[i]["name"]][chain[k]["address"]] = chain[i+1]["name"] - pprint(routing) - return routing - -def main(argv): - if len(argv) < 4: - print 'routing_generator.py -c <chains_file> -n <chain_number>' - sys.exit(2) - chains_file = "" - chain_number = "" - try: - opts, args = getopt.getopt(argv,"hc:n:",["chains=","id="]) - except getopt.GetoptError: - print 'routing_generator.py -c <chains_file> -n <chain_number>' - sys.exit(2) - for opt, arg in opts: - if opt == '-h': - print 'routing_generator.py -c <chains_file> -n <chain_number>' - sys.exit() - elif opt in ("-c", "--chains"): - chains_file = arg - elif opt in ("-n", "--id"): - chain_number = arg - - print "Chains file is " + chains_file - print "Chain id is " + chain_number - - return generate_routing_from_chains_file(chains_file, chain_number) - -if __name__ == '__main__': - main(sys.argv[1:])
\ No newline at end of file diff --git a/verigraph/service/src/tests/j-verigraph-generator/test_class_generator.py b/verigraph/service/src/tests/j-verigraph-generator/test_class_generator.py deleted file mode 100644 index 7bf446c..0000000 --- a/verigraph/service/src/tests/j-verigraph-generator/test_class_generator.py +++ /dev/null @@ -1,399 +0,0 @@ -#!/usr/bin/python - -############################################################################## -# Copyright (c) 2017 Politecnico di Torino and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## - -from pprint import pprint -from pprint import pformat -import sys, getopt -from code_generator import CodeGeneratorBackend -import os, errno -from config import * -from utility import * -from routing_generator import * -import logging -from pip._vendor.pkg_resources import null_ns_handler - -#generates a custom test file -def generate_test_file(chain, number, configuration, output_file="test_class"): - - route = {} - config = {} - chn = {} - - #initiatlize the config dictionary for each node - for node in chain["nodes"]: - config[node["name"]] = {} - - #initiatlize the route dictionary for each node - for node in chain["nodes"]: - route[node["name"]] = {} - - #initiatlize the chn dictionary for each node - for node in chain["nodes"]: - chn[node["name"]] = {} - - #set chn values: chn[name][key] = value - for node in chain["nodes"]: - for key, value in node.items(): - try: - #name key is redundant in map - if key != "name": - chn[node["name"]][key] = value - except KeyError, e: - logging.debug("Field " + str(key) + " not found for node " + str(node["name"])) - logging.debug("Cotinuing...") - continue - - #debug print of chn - logging.debug(pformat((chn))) - - routing = generate_routing_from_chain(chain) - - for node_name, node_rt in routing["routing_table"].items(): - route[node_name] = node_rt - - #debug print of route - logging.debug(pformat((route))) - - #set config: config[node_name][key] = value - for node in configuration["nodes"]: - for key, value in node.items(): - #id field is redundant - if key != "id": - try: - if key == "configuration": - #init config[node_name][key] with an empty array - config[node["id"]][key] = [] - - for value_item in value: - change_key = "key" in convert_configuration_property_to_ip[chn[node["id"]]["functional_type"]] - change_value = "value" in convert_configuration_property_to_ip[chn[node["id"]]["functional_type"]] - if (change_key==False and change_value==False): - config[node["id"]][key].append(value_item) - continue - # config[node_name][configuration] is a dictionary - if isinstance(value_item, dict): - for config_item_key, config_item_value in value_item.items(): - new_key = config_item_key - changed_key = False - changed_value = False - if change_key and config_item_key in chn.keys(): - changed_key = True - new_key = "ip_" + str(config_item_key) - value_item[new_key] = str(config_item_value) - del value_item[config_item_key] - if change_value and config_item_value in chn.keys(): - changed_value = True - new_value = "ip_" + str(config_item_value) - value_item[new_key] = new_value - if(change_key==changed_key) and (change_value==changed_value): - config[node["id"]][key].append(value_item) - else: - if change_value: - if value_item in chn.keys(): - new_value = "ip_" + str(value_item) - config[node["id"]][key].append(new_value) - else: - config[node["id"]][key].append(str(value_item)) - else: - config[node["id"]][key] = value - except KeyError, e: - #node not found in current chain - logging.debug("Field '" + key + "' not found for node '" + str(node["id"]) + "'") - logging.debug(key + " probably doesn't belong to the current chain, thus it will be skipped") - #sys.exit(1) - continue - - # debug print of config - logging.debug(pformat((config))) - - #prepare a few more helpful data structures - nodes_names = [] - nodes_types = [] - nodes_addresses = [] - nodes_ip_mappings = [] - nodes_rt = {} - - #initialize vectors for node names and routing tables - for name in chn.keys(): - nodes_names.append(name) - nodes_rt[name] = [] - - #add functional types, addresses and ip mapping to vectors - for node, field in chn.items(): - nodes_types.append(field["functional_type"]) - nodes_addresses.append(field["address"]) - nodes_ip_mappings.append(field["address"]) - - for node, rt in route.items(): - for dest, next_hop in rt.items(): - row = "nctx.am.get(\"" + dest + "\"), " + next_hop - try: - nodes_rt[node].append(row) - except KeyError, e: - #node not found, notify and exit - logging.debug("Node " + node + " not found!") - sys.exit(1) - - #begin file generation - logging.debug("* instantiating chain #" + str(number)) - dirname = os.path.dirname(output_file) - basename = os.path.basename(output_file) - basename = os.path.splitext(basename)[0] - basename = basename[0].upper() + basename[1:] - with smart_open(dirname + "/" + basename + "_" + str(number) + ".java") as f: - c = CodeGeneratorBackend() - c.begin(tab=" ") - - c.writeln("package tests.scenarios;") - - #imports here - c.writeln("import java.util.ArrayList;") - c.writeln("import com.microsoft.z3.Context;") - c.writeln("import com.microsoft.z3.DatatypeExpr;") - - c.writeln("import mcnet.components.Checker;") - c.writeln("import mcnet.components.NetContext;") - c.writeln("import mcnet.components.Network;") - c.writeln("import mcnet.components.NetworkObject;") - c.writeln("import mcnet.components.Tuple;") - c.writeln("import mcnet.netobjs.PacketModel;") - - #import components - #for i in range(0, len(nodes_names)): - # c.writeln("import mcnet.netobjs." + devices_to_classes[str(nodes_types[i])] + ";") - - for key, value in devices_to_classes.items(): - c.writeln("import mcnet.netobjs." + value + ";") - - c.writeln("public class " + basename + "_" + str(number) + "{") - - c.indent() - c.writeln("public Checker check;") - # declare components - for i in range(0, len(nodes_names)): - c.writeln("public " + devices_to_classes[str(nodes_types[i])] + " " + str(nodes_names[i]) + ";") - - # method setDevices - c.writeln("private void setDevices(Context ctx, NetContext nctx, Network net){") - c.indent() - for i in range(0, len(nodes_names)): - c.write(str(nodes_names[i]) + " = new " + devices_to_classes[str(nodes_types[i])] + "(ctx, new Object[]{nctx.nm.get(\"" + nodes_names[i] + "\"), net, nctx") - if devices_initialization[nodes_types[i]] != [] : - for param in devices_initialization[nodes_types[i]]: - print "configuring node " + nodes_names[i] - for config_param in config[nodes_names[i]]["configuration"]: - if param in config_param: - c.append(", nctx.am.get(\"" + config_param[param] + "\")") - c.append("});\n") - c.dedent() - c.writeln("}") - # end method setDevices - - # method doMappings - c.writeln("private void doMappings(NetContext nctx, ArrayList<Tuple<NetworkObject,ArrayList<DatatypeExpr>>> adm){") - c.indent() - for i in range(0, len(nodes_names)): - c.writeln("ArrayList<DatatypeExpr> al" + str(i) + " = new ArrayList<DatatypeExpr>();") - c.writeln("al" + str(i) + ".add(nctx.am.get(\"" + nodes_ip_mappings[i] + "\"));") - c.writeln("adm.add(new Tuple<>((NetworkObject)" + nodes_names[i] + ", al" + str(i) + "));") - c.dedent() - c.writeln("}") - # end method doMappings - - # for each node methods setRouting and configureDevice - for i in range(0, len(nodes_names)): - # method setRouting - c.writeln("private void setRouting" + nodes_names[i] + "(NetContext nctx, Network net, ArrayList<Tuple<DatatypeExpr,NetworkObject>> rt_" + nodes_names[i] + "){") - c.indent() - for row in nodes_rt[nodes_names[i]]: - c.writeln("rt_" + nodes_names[i] + ".add(new Tuple<DatatypeExpr,NetworkObject>(" + row + "));") - c.writeln("net.routingTable(" + nodes_names[i] + ", rt_" + nodes_names[i] + ");") - c.dedent() - c.writeln("}") - # end method setRouting - # method configureDevice - c.writeln("private void configureDevice" + nodes_names[i] + "(NetContext nctx) {") - c.indent() - #configure middle-box only if its configuration is not empty - if config[nodes_names[i]]["configuration"] != [] : - if nodes_types[i] == "cache": - c.write(nodes_names[i] + "." + devices_to_configuration_methods[nodes_types[i]] + "(new NetworkObject[]") - cache_ips = config[nodes_names[i]]["configuration"] - cache_hosts = [] - for cache_ip in cache_ips: - i = -1 - for host in nodes_addresses: - i += 1 - if host == cache_ip: - cache_hosts.append(nodes_names[i]) - c.write_list(formatted_list_from_list_of_maps(cache_hosts), wrapper="") - c.append(");\n") - elif nodes_types[i] == "nat": - c.writeln("ArrayList<DatatypeExpr> ia" + str(i) +" = new ArrayList<DatatypeExpr>();") - config_elements = [] - config_elements = formatted_list_from_list_of_maps(config[nodes_names[i]]["configuration"]) - for address in config_elements: - c.writeln("ia" + str(i) + ".add(nctx.am.get(\"" + address + "\"));") - c.writeln(nodes_names[i] + ".natModel(nctx.am.get(\"ip_" + nodes_names[i] + "\"));") - c.writeln(nodes_names[i] + "." + devices_to_configuration_methods[nodes_types[i]] + "(ia" + str(i) +");") - elif nodes_types[i] == "firewall": - c.writeln("ArrayList<Tuple<DatatypeExpr,DatatypeExpr>> acl" + str(i) + " = new ArrayList<Tuple<DatatypeExpr,DatatypeExpr>>();") - for config_element in config[nodes_names[i]]["configuration"]: - if isinstance(config_element,dict): - for key, value in config_element.items(): - if key in nodes_addresses and value in nodes_addresses: - c.writeln("acl" + str(i) + ".add(new Tuple<DatatypeExpr,DatatypeExpr>(nctx.am.get(\"" + key + "\"),nctx.am.get(\"" + value + "\")));") - c.writeln(nodes_names[i] + "." + devices_to_configuration_methods[nodes_types[i]] + "(acl" + str(i) + ");") - elif nodes_types[i] == "antispam": - c.write(nodes_names[i] + "." + devices_to_configuration_methods[nodes_types[i]] + "(new int[]") - c.write_list(formatted_list_from_list_of_maps(config[nodes_names[i]]["configuration"])) - c.append(");\n") - elif nodes_types[i] == "dpi": - for index in range(0, len(config[nodes_names[i]]["configuration"])): - config[nodes_names[i]]["configuration"][index] = "String.valueOf(\"" + str(config[nodes_names[i]]["configuration"][index]) + "\").hashCode()" - c.write(nodes_names[i] + "." + devices_to_configuration_methods[nodes_types[i]] + "(new int[]") - c.write_list(formatted_list_from_list_of_maps(config[nodes_names[i]]["configuration"]), wrapper="") - c.append(");\n") - elif nodes_types[i] == "endhost": - c.writeln("PacketModel pModel" + str(i) + " = new PacketModel();") - if "body" in config[nodes_names[i]]["configuration"][0]: - c.writeln("pModel" + str(i) + ".setBody(String.valueOf(\"" + config[nodes_names[i]]["configuration"][0]["body"] + "\").hashCode());") - if "sequence" in config[nodes_names[i]]["configuration"][0]: - c.writeln("pModel" + str(i) + ".setSeq(" + config[nodes_names[i]]["configuration"][0]["sequence"] + ");") - if "protocol" in config[nodes_names[i]]["configuration"][0]: - c.writeln("pModel" + str(i) + ".setProto(nctx." + config[nodes_names[i]]["configuration"][0]["protocol"] + ");") - if "email_from" in config[nodes_names[i]]["configuration"][0]: - c.writeln("pModel" + str(i) + ".setEmailFrom(String.valueOf(\"" + config[nodes_names[i]]["configuration"][0]["email_from"] + "\").hashCode());") - if "url" in config[nodes_names[i]]["configuration"][0]: - c.writeln("pModel" + str(i) + ".setUrl(String.valueOf(\"" + config[nodes_names[i]]["configuration"][0]["url"] + "\").hashCode());") - if "options" in config[nodes_names[i]]["configuration"][0]: - c.writeln("pModel" + str(i) + ".setOptions(String.valueOf(\"" + config[nodes_names[i]]["configuration"][0]["options"] + "\").hashCode());") - if "destination" in config[nodes_names[i]]["configuration"][0]: - c.writeln("pModel" + str(i) + ".setIp_dest(nctx.am.get(\"" + config[nodes_names[i]]["configuration"][0]["destination"] + "\"));") - - c.writeln(nodes_names[i] + "." + devices_to_configuration_methods[nodes_types[i]] + "(pModel" + str(i) + ");") - elif nodes_types[i] == "vpnaccess": - c.writeln(nodes_names[i] + "." + devices_to_configuration_methods[nodes_types[i]] + "(nctx.am.get(\"" + nodes_addresses[i] + "\"), nctx.am.get(\"" + config[nodes_names[i]]["configuration"][0]["vpnexit"] + "\"));") - elif nodes_types[i] == "vpnexit": - c.writeln(nodes_names[i] + "." + devices_to_configuration_methods[nodes_types[i]] + "(nctx.am.get(\"" + config[nodes_names[i]]["configuration"][0]["vpnaccess"] + "\"), nctx.am.get(\"" + nodes_addresses[i] + "\"));") - - # config is empty but configure device anyway - elif nodes_types[i] == "fieldmodifier": - c.writeln(nodes_names[i] + "." + devices_to_configuration_methods[nodes_types[i]] + "();") - c.dedent() - c.writeln("}") - # end method configureDevice - - - c.writeln("public " + basename + "_" + str(number) + "(Context ctx){") - c.indent() - c.write("NetContext nctx = new NetContext (ctx,new String[]") - c.write_list(nodes_names, wrapper="\"") - c.append(", new String[]") - c.write_list(nodes_addresses, wrapper="\"") - c.append(");\n") - c.writeln("Network net = new Network (ctx,new Object[]{nctx});") - # call method setDevices - c.writeln("setDevices(ctx, nctx, net);") - - #SET ADDRESS MAPPINGS - c.writeln("ArrayList<Tuple<NetworkObject,ArrayList<DatatypeExpr>>> adm = new ArrayList<Tuple<NetworkObject,ArrayList<DatatypeExpr>>>();") - # call doMappings - c.writeln("doMappings(nctx, adm);") - c.writeln("net.setAddressMappings(adm);") - - #CONFIGURE ROUTING TABLE - for i in range(0, len(nodes_names)): - c.writeln("ArrayList<Tuple<DatatypeExpr,NetworkObject>> rt_" + nodes_names[i] + " = new ArrayList<Tuple<DatatypeExpr,NetworkObject>>(); ") - c.writeln("setRouting" + nodes_names[i] + "(nctx, net, rt_" + nodes_names[i] + ");") - - #ATTACH DEVICES - c.write("net.attach(") - c.write_list(nodes_names, delimiter = False, wrapper="") - c.append(");\n") - - #CONFIGURE MIDDLE-BOXES - for i in range(0, len(nodes_names)): - c.writeln("configureDevice" + nodes_names[i] + "(nctx);") - - c.writeln("check = new Checker(ctx,nctx,net);") - - c.dedent() - c.writeln("}") - - c.dedent() - c.writeln("}") - - #write c object to file - print >>f, c.end() - - logging.debug("wrote test file " + os.path.abspath(dirname + "/" + basename + "_" + str(number)) + ".java" + " successfully!") - - -def main(argv): - #exit if any command line argument is missing - if len(argv) < 6: - print 'test_class_generator.py -c <chain_file> -f <conf_file> -o <output_name>' - sys.exit(1) - - #initialize json file names - chains_file = '' - configuration_file = '' - output_file = '' - - #parse command line arguments and exit in case of any error - try: - opts, args = getopt.getopt(argv,"hc:f:r:o:",["help","chain=","config=","route=","ofile="]) - except getopt.GetoptError as err: - print str(err) - print 'test_class_generator.py -c <chain_file> -f <conf_file> -o <output_name>' - sys.exit(2) - for opt, arg in opts: - if opt in ("-h", "--help"): - print 'test_class_generator.py -c <chain_file> -f <conf_file> -o <output_name' - sys.exit() - elif opt in ("-c", "--chain"): - chains_file = arg - elif opt in ("-f", "--config"): - configuration_file = arg - elif opt in ("-o", "--ofile"): - output_file = arg - - #set logging - logging.basicConfig(stream=sys.stderr, level=logging.DEBUG) - - #parse chains file - chains = convert_unicode_to_ascii(parse_json_file(chains_file)) - - #parse configuration file - configuration = convert_unicode_to_ascii(parse_json_file(configuration_file)) - - logging.debug(pformat((chains))) - logging.debug(pformat((configuration))) - - #custom formatted prints - print_chains(chains) - print_configuration(configuration) - - #counter for the number of chains - number_of_chains = 0 - - #generate test classes - for chain in chains["chains"]: - #increment the number of chains - number_of_chains += 1; - #generate test files - generate_test_file(chain, number_of_chains, configuration, output_file) - - -if __name__ == "__main__": - main(sys.argv[1:]) - diff --git a/verigraph/service/src/tests/j-verigraph-generator/test_generator.py b/verigraph/service/src/tests/j-verigraph-generator/test_generator.py deleted file mode 100644 index f4629bb..0000000 --- a/verigraph/service/src/tests/j-verigraph-generator/test_generator.py +++ /dev/null @@ -1,160 +0,0 @@ -#!/usr/bin/python - -############################################################################## -# Copyright (c) 2017 Politecnico di Torino and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## - -from pprint import pprint -from code_generator import CodeGeneratorBackend -import sys, getopt -import contextlib -import os -from utility import * -import logging - -def main(argv): - if len(argv) < 8: - print 'test_generator.py -i <inputfile> -o <outputfile> -s <source> -d <destination>' - sys.exit(2) - #initialize command line arguments values - inputfile = '' - outputfile = '' - source = '' - destination = '' - #parse command line arguments and exit if there is an error - try: - opts, args = getopt.getopt(argv,"hi:o:s:d:",["ifile=","ofile=","source=","destination="]) - except getopt.GetoptError: - print 'test_generator.py -i <inputfile> -o <outputfile> -s <source> -d <destination>' - sys.exit(2) - for opt, arg in opts: - if opt == '-h': - print 'test_generator.py -i <inputfile> -o <outputfile> -s <source> -d <destination>' - sys.exit() - elif opt in ("-i", "--ifile"): - inputfile = arg - elif opt in ("-o", "--ofile"): - outputfile = arg - elif opt in ("-s", "--source"): - source = arg - elif opt in ("-d", "--destination"): - destination = arg - #set logging - logging.basicConfig(stream=sys.stderr, level=logging.INFO) - #capitalize ouput filename - dirname = os.path.dirname(outputfile) - basename = os.path.basename(outputfile) - basename = os.path.splitext(basename)[0] - basename = basename[0].upper() + basename[1:] - - #print arguments - logging.debug('Input file is', inputfile) - logging.debug('Output file is', dirname + "/" + basename) - logging.debug('Source node is', source) - logging.debug('Destination node is', destination) - - #begin file generation - with smart_open(dirname + "/" + basename + ".java") as f: - c = CodeGeneratorBackend() - c.begin(tab=" ") - c.writeln("package tests;") - c.writeln("import java.util.Calendar;") - c.writeln("import java.util.Date;") - c.writeln("import java.util.HashMap;") - - c.writeln("import com.microsoft.z3.Context;") - c.writeln("import com.microsoft.z3.FuncDecl;") - c.writeln("import com.microsoft.z3.Model;") - c.writeln("import com.microsoft.z3.Status;") - c.writeln("import com.microsoft.z3.Z3Exception;") - c.writeln("import mcnet.components.IsolationResult;") - - - inputfile = os.path.basename(inputfile) - c.writeln("import tests.scenarios." + os.path.splitext(inputfile)[0] + ";") - c.writeln("public class " + basename + "{") - - c.indent() - c.writeln("Context ctx;") - - c.write("public void resetZ3() throws Z3Exception{\n\ - HashMap<String, String> cfg = new HashMap<String, String>();\n\ - cfg.put(\"model\", \"true\");\n\ - ctx = new Context(cfg);\n\ - \r\t}\n") - - c.write("public void printVector (Object[] array){\n\ - int i=0;\n\ - System.out.println( \"*** Printing vector ***\");\n\ - for (Object a : array){\n\ - i+=1;\n\ - System.out.println( \"#\"+i);\n\ - System.out.println(a);\n\ - System.out.println( \"*** \"+ i+ \" elements printed! ***\");\n\ - }\n\ - \r\t}\n") - - c.write("public void printModel (Model model) throws Z3Exception{\n\ - for (FuncDecl d : model.getFuncDecls()){\n\ - System.out.println(d.getName() +\" = \"+ d.toString());\n\ - System.out.println(\"\");\n\ - }\n\ - \r\t}\n") - - c.writeln("public int run() throws Z3Exception{") - c.indent() - - c.writeln(basename + " p = new " + basename + "();") - - #adding time estimation - #c.writeln("int k = 0;") - #c.writeln("long t = 0;") - - #c.writeln("for(;k<1;k++){") - #c.indent() - - c.writeln("p.resetZ3();") - - c.write(os.path.splitext(inputfile)[0] + " model = new " + os.path.splitext(inputfile)[0] + "(p.ctx);\n") - - #c.writeln("Calendar cal = Calendar.getInstance();") - #c.writeln("Date start_time = cal.getTime();") - - c.write("IsolationResult ret =model.check.checkIsolationProperty(model.") - c.append(source + ", model." + destination + ");\n") - #c.writeln("Calendar cal2 = Calendar.getInstance();") - #c.writeln("t = t+(cal2.getTime().getTime() - start_time.getTime());") - - c.writeln("if (ret.result == Status.UNSATISFIABLE){\n\ - System.out.println(\"UNSAT\");\n\ - return -1;\n\ - }else if (ret.result == Status.SATISFIABLE){\n\ - System.out.println(\"SAT\");\n\ - return 0;\n\ - }else{\n\ - System.out.println(\"UNKNOWN\");\n\ - return -2;\n\ - \r\t\t}") - - #c.dedent() - #c.writeln("}") - - #c.writeln("") - #c.writeln("System.out.printf(\"Mean execution time " + source + " -> " + destination + ": %.16f\", ((float) t/(float)1000)/k);") - - c.dedent() - c.writeln("}") - - c.dedent() - c.writeln("}") - - print >>f, c.end() - logging.debug("File " + os.path.abspath(dirname + "/" + basename + ".java") + " has been successfully generated!!") - -if __name__ == "__main__": - main(sys.argv[1:]) diff --git a/verigraph/service/src/tests/j-verigraph-generator/utility.py b/verigraph/service/src/tests/j-verigraph-generator/utility.py deleted file mode 100644 index 47d0180..0000000 --- a/verigraph/service/src/tests/j-verigraph-generator/utility.py +++ /dev/null @@ -1,257 +0,0 @@ -#!/usr/bin/python - -############################################################################## -# Copyright (c) 2017 Politecnico di Torino and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## - -import json -import contextlib -import sys -import os -import subprocess -from pprint import pprint - -#manages output easily (can either write to file or to stdout) -@contextlib.contextmanager -def smart_open(filename=None): - if filename and filename != '-': - fh = open(filename, 'w') - else: - fh = sys.stdout - try: - yield fh - finally: - if fh is not sys.stdout: - fh.close() - -def check_input_is_int(text): - while True: - data = raw_input(text) - try: - int_value = int(data) - except ValueError: - print "Please enter a valid number!" - continue - return int_value - -#parses a json file into a unicode dictionary -def parse_json_file(filename): - with open(filename) as json_file: - return json.load(json_file) - -#returns an ascii dictionary from a unicode one -def convert_unicode_to_ascii(input): - if isinstance(input, dict): - return {convert_unicode_to_ascii(key): convert_unicode_to_ascii(value) for key, value in input.iteritems()} - elif isinstance(input, list): - return [convert_unicode_to_ascii(element) for element in input] - elif isinstance(input, unicode): - return input.encode('utf-8') - else: - return input - -#parses a chains file -def parse_chains(chains_file): - chains_json = convert_unicode_to_ascii(parse_json_file(chains_file)) - - chains = {} - - for chn in chains_json["chains"]: - try: - chains[chn["id"]] = {} - #initiatlize the config dictionary for each node - for node in chn["nodes"]: - chains[chn["id"]][node["name"]] = {} - except: - raise KeyError("Chains file is not valid!") - - for chn in chains_json["chains"]: - try: - #set chn values ---> chn(name, (field, value)) - for node in chn["nodes"]: - for key, value in node.items(): - #name key is redundant in map - if key != "name": - chains[chn["id"]][node["name"]][key] = value - except: - raise KeyError("Chains file is not valid!") - return chains - -def check_chains_integrity(filename): - print "Checking input file..." - try: - chains = convert_unicode_to_ascii(parse_json_file(filename)) - print "File correctly parsed" - if isinstance(chains["chains"], list) == False: - print "Child of chains is not a list!" - return False - for chain in chains["chains"]: - print "Chain found, checking its fields..." - print "Checking chain id field... " - chain["id"] - print "OK!" - print "Checking chain flowspace field... " - chain["flowspace"] - print "OK!" - if isinstance(chain["nodes"], list) == False: - print "Chain #" + chain["id"] + " does not have a list of nodes!" - return False - for node in chain["nodes"]: - print "Node found, checking its fields..." - print "Checking node name... " - node["name"] - print "OK!" - print "Checking node functional_type field... " - node["functional_type"] - print "OK!" - print "Checking node address field... " - node["address"] - print "OK!" - except (KeyboardInterrupt, SystemExit): - raise - except: - print "One or more required fields are missing!" - return False - print filename + " validated successfully!" - return True - -def check_config_integrity(filename): - print "Checking input file..." - try: - config = convert_unicode_to_ascii(parse_json_file(filename)) - pprint(config) - print "File correctly parsed" - if isinstance(config["nodes"], list) == False: - print "Child of nodes is not a list!" - return False - for node in config["nodes"]: - print "Node found, checking its fields..." - print "Checking id field... " - node["id"] - print "OK!" - print "Checking description field... " - node["description"] - print "OK!" - print "Checking configuration field... " - node["configuration"] - print "OK!" - if isinstance(node["configuration"], list) == False: - print "Checking if node configuration is a list..." - print "Node with id " + node["id"] + " does not have a configuration list!" - return False - for c in node["configuration"]: - print "Checking if node configuration element is a string or a dictionary..." - if (isinstance(c, str) == False and isinstance(c, dict) == False): - print "At least one element of node with id " + node["id"] + " has an invalid configuration (it is neither a string or a map)" - return False - except (KeyboardInterrupt, SystemExit): - raise - except: - print "One or more required fields are missing!" - return False - print filename + " validated successfully!" - return True - -def check_routing_integrity(filename): - print "Checking input file..." - try: - routing = convert_unicode_to_ascii(parse_json_file(filename)) - print "File correctly parsed" - if isinstance(routing["routing_table"], list) == False: - print "Child of routing_table is not a list!" - return False - for node in routing["routing_table"]: - if isinstance(node, dict) == False: - print "Child of routing_table is not a map!" - return False - for n, rt in node.items(): - if isinstance(rt, list) == False: - print "Routing table of element " + n + " is not a list!" - return False - for entry in rt: - if isinstance(entry, dict) == False: - print "Invalid entry for node " + n + " (not a map)!" - return False - except (KeyboardInterrupt, SystemExit): - raise - except: - print "One or more required fields are missing!" - return False - return True - -#prints every node for each input chain -def print_chains(chains): - for chain in chains["chains"]: - print "CHAIN #" + str(chain["id"]) - for node in chain["nodes"]: - print "Name: " + str(node["name"]) - print "Functional type: " + str(node["functional_type"]) - print "Address: " + str(node["address"]) - print "-----------------------------------" - print "" - -#prints every node's configuration -def print_configuration(configuration): - print "NODES CONFIGURATION" - for node in configuration["nodes"]: - print "Name: " + str(node["id"]) - print "Description: " + str(node["description"]) - print "Configuration: " - pprint(node["configuration"]) - print "-----------------------------------" - print "" - -#print every node's routing table -def print_routing_table(routing): - print "ROUTING" - for table in routing["routing_table"]: - for node,rt in table.items(): - print "Name: " + str(node) - pprint(rt) - print "-----------------------------------" - print "" - -#returns a list of tuple [(k1, v1), (k2, v2)] from a list of maps like [{k1 : v1},{k2 : v2}] -def formatted_list_from_list_of_maps(maps): - l = [] - for map in maps: - if isinstance(map, dict): - for k, v in map.items(): - #l.append("(ctx." + str(k) + ", ctx." + str(v) + ")") - l.append(str(k)) - l.append(str(v)) - else: - #l.append("ctx." + map) - l.append(map) - return l - -def list_directories(dir): - #output = subprocess.call(["ls", "-d", "*/"]) - output = subprocess.call(["find", dir, "-type", "d"]) - - #TREE VERSION - #find = subprocess.Popen(["find", ".", "-type", "d"], stdout=subprocess.PIPE) - #output = subprocess.check_output(["sed", "-e", "s/[^-][^\/]*\// |/g", "-e", "s/|\([^ ]\)/|-\1/"], stdin=find.stdout) - #find.wait() - -# ps = subprocess.Popen(('ps', '-A'), stdout=subprocess.PIPE) -# output = subprocess.check_output(('grep', 'process_name'), stdin=ps.stdout) -# ps.wait() - return output - -def list_files(dir): - output = subprocess.call(["find", dir, "-type", "f"]) - return output - -def search_node_in_chains(n): - found = [] - for chain in chains["chains"]: - for node in chain["nodes"]: - if node["name"] == n: - found.append(node) - return found
\ No newline at end of file |