summaryrefslogtreecommitdiffstats
path: root/verigraph/service/src/mcnet/netobjs
diff options
context:
space:
mode:
Diffstat (limited to 'verigraph/service/src/mcnet/netobjs')
-rw-r--r--verigraph/service/src/mcnet/netobjs/AclFirewall.java123
-rw-r--r--verigraph/service/src/mcnet/netobjs/DumbNode.java42
-rw-r--r--verigraph/service/src/mcnet/netobjs/EndHost.java100
-rw-r--r--verigraph/service/src/mcnet/netobjs/PacketModel.java70
-rw-r--r--verigraph/service/src/mcnet/netobjs/PolitoAntispam.java124
-rw-r--r--verigraph/service/src/mcnet/netobjs/PolitoCache.java177
-rw-r--r--verigraph/service/src/mcnet/netobjs/PolitoEndHost.java100
-rw-r--r--verigraph/service/src/mcnet/netobjs/PolitoErrFunction.java96
-rw-r--r--verigraph/service/src/mcnet/netobjs/PolitoFieldModifier.java91
-rw-r--r--verigraph/service/src/mcnet/netobjs/PolitoIDS.java140
-rw-r--r--verigraph/service/src/mcnet/netobjs/PolitoMailClient.java106
-rw-r--r--verigraph/service/src/mcnet/netobjs/PolitoMailServer.java117
-rw-r--r--verigraph/service/src/mcnet/netobjs/PolitoNF.java101
-rw-r--r--verigraph/service/src/mcnet/netobjs/PolitoNat.java176
-rw-r--r--verigraph/service/src/mcnet/netobjs/PolitoVpnAccess.java142
-rw-r--r--verigraph/service/src/mcnet/netobjs/PolitoVpnExit.java142
-rw-r--r--verigraph/service/src/mcnet/netobjs/PolitoWebClient.java107
-rw-r--r--verigraph/service/src/mcnet/netobjs/PolitoWebServer.java114
18 files changed, 2068 insertions, 0 deletions
diff --git a/verigraph/service/src/mcnet/netobjs/AclFirewall.java b/verigraph/service/src/mcnet/netobjs/AclFirewall.java
new file mode 100644
index 0000000..4ae3421
--- /dev/null
+++ b/verigraph/service/src/mcnet/netobjs/AclFirewall.java
@@ -0,0 +1,123 @@
+/*******************************************************************************
+ * Copyright (c) 2017 Politecnico di Torino and others.
+ *
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Apache License, Version 2.0
+ * which accompanies this distribution, and is available at
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *******************************************************************************/
+
+package mcnet.netobjs;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import com.microsoft.z3.BoolExpr;
+import com.microsoft.z3.Context;
+import com.microsoft.z3.DatatypeExpr;
+import com.microsoft.z3.Expr;
+import com.microsoft.z3.FuncDecl;
+import com.microsoft.z3.IntExpr;
+import com.microsoft.z3.Solver;
+import com.microsoft.z3.Sort;
+
+import mcnet.components.NetContext;
+import mcnet.components.Network;
+import mcnet.components.NetworkObject;
+import mcnet.components.Tuple;
+
+/** Represents a Firewall with the associated Access Control List
+ *
+ */
+public class AclFirewall extends NetworkObject{
+
+ List<BoolExpr> constraints;
+ Context ctx;
+ DatatypeExpr fw;
+ ArrayList<Tuple<DatatypeExpr,DatatypeExpr>> acls;
+ Network net;
+ NetContext nctx;
+ FuncDecl acl_func;
+
+ public AclFirewall(Context ctx, Object[]... args) {
+ super(ctx, args);
+ }
+
+ @Override
+ protected void init(Context ctx, Object[]... args) {
+ this.ctx = ctx;
+ isEndHost=false;
+ constraints = new ArrayList<BoolExpr>();
+ acls = new ArrayList<Tuple<DatatypeExpr,DatatypeExpr>>();
+ z3Node = ((NetworkObject)args[0][0]).getZ3Node();
+ fw = z3Node;
+ net = (Network)args[0][1];
+ nctx = (NetContext)args[0][2];
+ net.saneSend(this);
+ firewallSendRules();
+ }
+
+ /**
+ * Wrap add acls
+ * @param policy
+ */
+ public void setPolicy(ArrayList<Tuple<DatatypeExpr, DatatypeExpr>> policy){
+ addAcls(policy);
+ }
+
+ public void addAcls(ArrayList<Tuple<DatatypeExpr,DatatypeExpr>> acls){
+ this.acls.addAll(acls);
+ }
+
+ @Override
+ public DatatypeExpr getZ3Node() {
+ return fw;
+ }
+
+
+ @Override
+ protected void addConstraints(Solver solver) {
+ BoolExpr[] constr = new BoolExpr[constraints.size()];
+ solver.add(constraints.toArray(constr));
+ aclConstraints(solver);
+ }
+
+ private void firewallSendRules (){
+ Expr p_0 = ctx.mkConst(fw+"_firewall_send_p_0", nctx.packet);
+ Expr n_0 = ctx.mkConst(fw+"_firewall_send_n_0", nctx.node);
+ Expr n_1 = ctx.mkConst(fw+"_firewall_send_n_1", nctx.node);
+ IntExpr t_0 = ctx.mkIntConst(fw+"_firewall_send_t_0");
+ IntExpr t_1 = ctx.mkIntConst(fw+"_firewall_send_t_1");
+ acl_func = ctx.mkFuncDecl(fw+"_acl_func", new Sort[]{nctx.address, nctx.address},ctx.mkBoolSort());
+
+ //Constraint1 send(fw, n_0, p, t_0) -> (exist n_1,t_1 : (recv(n_1, fw, p, t_1) &&
+ // t_1 < t_0 && !acl_func(p.src,p.dest))
+ constraints.add(
+ ctx.mkForall(new Expr[]{n_0, p_0, t_0},
+ ctx.mkImplies(
+ (BoolExpr)nctx.send.apply(new Expr[]{ fw, n_0, p_0, t_0}),
+ ctx.mkExists(new Expr[]{t_1},
+ ctx.mkAnd(ctx.mkLt(t_1,t_0),
+ ctx.mkExists(new Expr[]{n_1},
+ nctx.recv.apply(n_1, fw, p_0, t_1),1,null,null,null,null),
+ ctx.mkNot((BoolExpr)acl_func.apply(nctx.pf.get("src").apply(p_0), nctx.pf.get("dest").apply(p_0)))),1,null,null,null,null)),1,null,null,null,null));
+
+ }
+
+ private void aclConstraints(Solver solver){
+ if (acls.size() == 0)
+ return;
+ Expr a_0 = ctx.mkConst(fw+"_firewall_acl_a_0", nctx.address);
+ Expr a_1 = ctx.mkConst(fw+"_firewall_acl_a_1", nctx.address);
+ BoolExpr[] acl_map = new BoolExpr[acls.size()];
+ for(int y=0;y<acls.size();y++){
+ Tuple<DatatypeExpr,DatatypeExpr> tp = acls.get(y);
+ acl_map[y] = ctx.mkOr(ctx.mkAnd(ctx.mkEq(a_0,tp._1),ctx.mkEq(a_1,tp._2)), ctx.mkAnd(ctx.mkEq(a_0,tp._2),ctx.mkEq(a_1,tp._1)));
+ }
+ //Constraint2 acl_func(a_0,a_1) == or(foreach ip1,ip2 in acl_map ((a_0 == ip1 && a_1 == ip2)||(a_0 == ip2 && a_1 == ip1)))
+ solver.add(ctx.mkForall(new Expr[]{a_0, a_1},
+ ctx.mkEq(
+ acl_func.apply(a_0, a_1),
+ ctx.mkOr(acl_map)),1,null,null,null,null));
+ }
+} \ No newline at end of file
diff --git a/verigraph/service/src/mcnet/netobjs/DumbNode.java b/verigraph/service/src/mcnet/netobjs/DumbNode.java
new file mode 100644
index 0000000..012ff40
--- /dev/null
+++ b/verigraph/service/src/mcnet/netobjs/DumbNode.java
@@ -0,0 +1,42 @@
+/*******************************************************************************
+ * Copyright (c) 2017 Politecnico di Torino and others.
+ *
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Apache License, Version 2.0
+ * which accompanies this distribution, and is available at
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *******************************************************************************/
+
+package mcnet.netobjs;
+
+import com.microsoft.z3.Context;
+import com.microsoft.z3.DatatypeExpr;
+import com.microsoft.z3.Solver;
+
+import mcnet.components.NetworkObject;
+
+/**
+ * This is just a wrapper around z3 instances. The idea is that by using this we perhaps need to have
+ * fewer (or no) ifs to deal with the case where we don't instantiate an object for a node
+ *
+ */
+public class DumbNode extends NetworkObject {
+ public DumbNode(Context ctx, Object[]... args){
+ super(ctx,args);
+ }
+
+ @Override
+ protected void addConstraints(Solver solver) {
+ return;
+ }
+
+ @Override
+ protected void init(Context ctx, Object[]... args) {
+ isEndHost=true;
+ this.z3Node = (DatatypeExpr)args[0][0];
+ }
+ @Override
+ public DatatypeExpr getZ3Node() {
+ return z3Node;
+ }
+}
diff --git a/verigraph/service/src/mcnet/netobjs/EndHost.java b/verigraph/service/src/mcnet/netobjs/EndHost.java
new file mode 100644
index 0000000..99cf732
--- /dev/null
+++ b/verigraph/service/src/mcnet/netobjs/EndHost.java
@@ -0,0 +1,100 @@
+/*******************************************************************************
+ * Copyright (c) 2017 Politecnico di Torino and others.
+ *
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Apache License, Version 2.0
+ * which accompanies this distribution, and is available at
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *******************************************************************************/
+
+package mcnet.netobjs;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import com.microsoft.z3.BoolExpr;
+import com.microsoft.z3.Context;
+import com.microsoft.z3.DatatypeExpr;
+import com.microsoft.z3.Expr;
+import com.microsoft.z3.IntExpr;
+import com.microsoft.z3.Solver;
+
+import mcnet.components.NetContext;
+import mcnet.components.Network;
+import mcnet.components.NetworkObject;
+/**
+ * End host network objects
+ *
+ */
+public class EndHost extends NetworkObject{
+
+ List<BoolExpr> constraints;
+ Context ctx;
+ DatatypeExpr node;
+ Network net;
+ NetContext nctx;
+
+ public EndHost(Context ctx, Object[]... args) {
+ super(ctx, args);
+ }
+
+ @Override
+ protected void init(Context ctx, Object[]... args) {
+ this.ctx = ctx;
+ isEndHost=true;
+ constraints = new ArrayList<BoolExpr>();
+ z3Node = ((NetworkObject)args[0][0]).getZ3Node();
+ node = z3Node;
+ net = (Network)args[0][1];
+ nctx = (NetContext)args[0][2];
+ endHostRules();
+ }
+
+ @Override
+ public DatatypeExpr getZ3Node() {
+ return node;
+ }
+
+ @Override
+ protected void addConstraints(Solver solver) {
+ BoolExpr[] constr = new BoolExpr[constraints.size()];
+ solver.add(constraints.toArray(constr));
+ }
+
+ public void endHostRules (){
+ Expr n_0 = ctx.mkConst("eh_"+node+"_n_0", nctx.node);
+ IntExpr t_0 = ctx.mkIntConst("eh_"+node+"_t_0");
+ Expr p_0 = ctx.mkConst("eh_"+node+"_p_0", nctx.packet);
+
+ //Constraint1 send(node, n_0, p, t_0) -> nodeHasAddr(node,p.src)
+ constraints.add(
+ ctx.mkForall(new Expr[]{n_0, p_0, t_0},
+ ctx.mkImplies(
+ (BoolExpr)nctx.send.apply( new Expr[]{ node, n_0, p_0, t_0}),
+ (BoolExpr)nctx.nodeHasAddr.apply(new Expr[]{node, nctx.pf.get("src").apply(p_0)})),1,null,null,null,null));
+ //Constraint2 send(node, n_0, p, t_0) -> p.origin == node
+ constraints.add(
+ ctx.mkForall(new Expr[]{n_0, p_0, t_0},
+ ctx.mkImplies(
+ (BoolExpr)nctx.send.apply( new Expr[]{ node, n_0, p_0, t_0}),
+ ctx.mkEq(nctx.pf.get("origin").apply(p_0),node)),1,null,null,null,null));
+ //Constraint3 send(node, n_0, p, t_0) -> p.orig_body == p.body
+ constraints.add(
+ ctx.mkForall(new Expr[]{n_0, p_0, t_0},
+ ctx.mkImplies(
+ (BoolExpr)nctx.send.apply(new Expr[]{ node, n_0, p_0, t_0}),
+ ctx.mkEq(nctx.pf.get("orig_body").apply(p_0),nctx.pf.get("body").apply(p_0))),1,null,null,null,null));
+ //Constraint4 recv(n_0, node, p, t_0) -> nodeHasAddr(node,p.dest)
+ constraints.add(
+ ctx.mkForall(new Expr[]{n_0, p_0, t_0},
+ ctx.mkImplies(
+ (BoolExpr)nctx.recv.apply( new Expr[]{ n_0, node, p_0, t_0}),
+ (BoolExpr)nctx.nodeHasAddr.apply(new Expr[]{node, nctx.pf.get("dest").apply(p_0)})),1,null,null,null,null));
+
+// Just a try: here we state that an endhost is not able to issue a HTTP response traffic
+// See PolitoCache.py model for constants definition (2 means HTTP_RESPONSE, 1 means HTTP_REQUEST)
+// constraints.add(ctx.mkForall(new Expr[]{n_0, p_0, t_0},
+// ctx.mkImplies((BoolExpr)nctx.send.apply(node, n_0, p_0, t_0),
+// ctx.mkEq(nctx.pf.get("proto").apply(p_0), ctx.mkInt(1))),1,null,null,null,null));
+ }
+} \ No newline at end of file
diff --git a/verigraph/service/src/mcnet/netobjs/PacketModel.java b/verigraph/service/src/mcnet/netobjs/PacketModel.java
new file mode 100644
index 0000000..5761861
--- /dev/null
+++ b/verigraph/service/src/mcnet/netobjs/PacketModel.java
@@ -0,0 +1,70 @@
+/*******************************************************************************
+ * Copyright (c) 2017 Politecnico di Torino and others.
+ *
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Apache License, Version 2.0
+ * which accompanies this distribution, and is available at
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *******************************************************************************/
+
+package mcnet.netobjs;
+
+import com.microsoft.z3.DatatypeExpr;
+
+/*
+ * Fields that can be configured -> "dest","body","seq","proto","emailFrom","url","options"
+ */
+public class PacketModel {
+
+ private DatatypeExpr ip_dest;
+ private Integer body;
+ private Integer seq;
+ private Integer proto;
+ private Integer emailFrom;
+ private Integer url;
+ private Integer options;
+
+ public DatatypeExpr getIp_dest() {
+ return ip_dest;
+ }
+ public void setIp_dest(DatatypeExpr ip_dest) {
+ this.ip_dest = ip_dest;
+ }
+ public Integer getBody() {
+ return body;
+ }
+ public void setBody(Integer body) {
+ this.body = body;
+ }
+ public Integer getSeq() {
+ return seq;
+ }
+ public void setSeq(Integer seq) {
+ this.seq = seq;
+ }
+ public Integer getProto() {
+ return proto;
+ }
+ public void setProto(Integer proto) {
+ this.proto = proto;
+ }
+ public Integer getEmailFrom() {
+ return emailFrom;
+ }
+ public void setEmailFrom(Integer emailFrom) {
+ this.emailFrom = emailFrom;
+ }
+ public Integer getUrl() {
+ return url;
+ }
+ public void setUrl(Integer url) {
+ this.url = url;
+ }
+ public Integer getOptions() {
+ return options;
+ }
+ public void setOptions(Integer options) {
+ this.options = options;
+ }
+
+}
diff --git a/verigraph/service/src/mcnet/netobjs/PolitoAntispam.java b/verigraph/service/src/mcnet/netobjs/PolitoAntispam.java
new file mode 100644
index 0000000..abb4615
--- /dev/null
+++ b/verigraph/service/src/mcnet/netobjs/PolitoAntispam.java
@@ -0,0 +1,124 @@
+/*******************************************************************************
+ * Copyright (c) 2017 Politecnico di Torino and others.
+ *
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Apache License, Version 2.0
+ * which accompanies this distribution, and is available at
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *******************************************************************************/
+
+package mcnet.netobjs;
+
+
+import java.util.ArrayList;
+import java.util.List;
+
+import com.microsoft.z3.BoolExpr;
+import com.microsoft.z3.Context;
+import com.microsoft.z3.DatatypeExpr;
+import com.microsoft.z3.Expr;
+import com.microsoft.z3.FuncDecl;
+import com.microsoft.z3.IntExpr;
+import com.microsoft.z3.Solver;
+
+import mcnet.components.NetContext;
+import mcnet.components.Network;
+import mcnet.components.NetworkObject;
+
+/**
+ * Model of an anti-spam node
+ *
+ */
+public class PolitoAntispam extends NetworkObject{
+
+ List<BoolExpr> constraints;
+ Context ctx;
+ DatatypeExpr politoAntispam;
+ Network net;
+ NetContext nctx;
+ FuncDecl isInBlacklist;
+
+ public PolitoAntispam(Context ctx, Object[]... args) {
+ super(ctx, args);
+ }
+
+ @Override
+ protected void init(Context ctx, Object[]... args) {
+ this.ctx = ctx;
+ isEndHost=false;
+ constraints = new ArrayList<BoolExpr>();
+ z3Node = ((NetworkObject)args[0][0]).getZ3Node();
+ politoAntispam = z3Node;
+ net = (Network)args[0][1];
+ nctx = (NetContext)args[0][2];
+ //net.saneSend(this);
+ }
+
+ @Override
+ public DatatypeExpr getZ3Node() {
+ return politoAntispam;
+ }
+
+ @Override
+ protected void addConstraints(Solver solver) {
+ BoolExpr[] constr = new BoolExpr[constraints.size()];
+ solver.add(constraints.toArray(constr));
+ }
+
+ public void installAntispam (int[] blackList){
+ Expr n_0 = ctx.mkConst(politoAntispam+"_n_0", nctx.node);
+ Expr n_1 = ctx.mkConst(politoAntispam+"_n_1", nctx.node);
+ Expr p_0 = ctx.mkConst(politoAntispam+"_p_0", nctx.packet);
+ IntExpr t_0 = ctx.mkIntConst(politoAntispam+"_t_0");
+ IntExpr t_1 = ctx.mkIntConst(politoAntispam+"_t_1");
+ IntExpr ef_0 = ctx.mkIntConst(politoAntispam+"_ef_0");
+
+ isInBlacklist = ctx.mkFuncDecl(politoAntispam+"_isInBlacklist", ctx.mkIntSort(), ctx.mkBoolSort());
+ BoolExpr[] blConstraint = new BoolExpr[blackList.length];
+ if(blackList.length != 0){
+ for (int i=0;i<blackList.length;i++)
+ blConstraint[i]=(ctx.mkEq(ef_0,ctx.mkInt(blackList[i])));
+ //Constraint1a if(isInBlackList(ef_0) == or(for bl in blacklist (ef_0==bl)) ? true : false
+ constraints.add(ctx.mkForall(new Expr[]{ef_0}, ctx.mkIff((BoolExpr)isInBlacklist.apply(ef_0),ctx.mkOr(blConstraint)),1,null,null,null,null));
+ }else{
+ //Constraint1b isInblackList(ef_0) == false
+ constraints.add(ctx.mkForall(new Expr[]{ef_0}, ctx.mkEq((BoolExpr)isInBlacklist.apply(ef_0), ctx.mkBool(false)),1,null,null,null,null));
+ }
+
+ //Constraint2 send(politoAntispam, n_0, p, t_0) && p.proto(POP3_RESP) ->
+ // (exist n_1,t_1 : (recv(n_1, politoAntispam, p, t_1) && t_1 < t_0)) && !isInBlackList(p.emailFrom)
+ constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0},
+ ctx.mkImplies(ctx.mkAnd((BoolExpr)nctx.send.apply(politoAntispam, n_0, p_0, t_0), ctx.mkEq(nctx.pf.get("proto").apply(p_0), ctx.mkInt(nctx.POP3_RESPONSE))),
+ ctx.mkAnd( ctx.mkExists(new Expr[]{n_1, t_1},
+ ctx.mkAnd((BoolExpr)nctx.recv.apply(n_1, politoAntispam, p_0, t_1), ctx.mkLt(t_1 , t_0)),1,null,null,null,null),
+ ctx.mkNot((BoolExpr)isInBlacklist.apply(nctx.pf.get("emailFrom").apply(p_0))))),1,null,null,null,null));
+
+ //Constraint3 send(politoAntispam, n_0, p, t_0) && p.proto(POP3_REQ) ->
+ // (exist n_1,t_1 : (recv(n_1, politoAntispam, p, t_1) && t_1 < t_0))
+ constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0},
+ ctx.mkImplies(ctx.mkAnd((BoolExpr)nctx.send.apply(politoAntispam, n_0, p_0, t_0), ctx.mkEq(nctx.pf.get("proto").apply(p_0), ctx.mkInt(nctx.POP3_REQUEST))),
+ ctx.mkAnd(ctx.mkExists(new Expr[]{n_1, t_1},
+ ctx.mkAnd((BoolExpr)nctx.recv.apply(n_1, politoAntispam, p_0, t_1),
+ ctx.mkLt(t_1 , t_0)),1,null,null,null,null))),1,null,null,null,null));
+
+ //Constraint4 send(politoAntispam, politoErrFunction, p, t_0) ->
+ // (exist n_1,t_1 : (recv(n_1, politoAntispam, p, t_1) && t_1 < t_0 && p.emailFrom ==1))
+ constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0},
+ ctx.mkImplies((BoolExpr)nctx.send.apply(politoAntispam, nctx.nm.get("politoErrFunction").getZ3Node(), p_0, t_0),
+ ctx.mkAnd(ctx.mkExists(new Expr[]{n_1, t_1},
+ ctx.mkAnd((BoolExpr)nctx.recv.apply(n_1, politoAntispam, p_0, t_1),
+ ctx.mkLt(t_1 , t_0),
+ ctx.mkEq(nctx.pf.get("emailFrom").apply(p_0),ctx.mkInt(1))),1,null,null,null,null))),1,null,null,null,null));
+
+ //Constraint5 send(politoAntispam, n_0, p, t_0) -> p.proto == POP_REQ || p.protpo == POP_RESP
+ constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0},
+ ctx.mkImplies((BoolExpr)nctx.send.apply(politoAntispam, n_0, p_0, t_0),
+ ctx.mkOr( ctx.mkEq(nctx.pf.get("proto").apply(p_0), ctx.mkInt(nctx.POP3_REQUEST)),
+ ctx.mkEq(nctx.pf.get("proto").apply(p_0), ctx.mkInt(nctx.POP3_RESPONSE)))),1,null,null,null,null));
+
+ //Constraint6 send(politoAntispam, n_0, p, t_0) -> nodeHasAddr(politoAntispam,p.src)
+ constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0},
+ ctx.mkImplies((BoolExpr)nctx.send.apply(politoAntispam, n_0, p_0, t_0),
+ ctx.mkNot((BoolExpr)nctx.nodeHasAddr.apply(politoAntispam,nctx.pf.get("src").apply(p_0)))),1,null,null,null,null));
+ }
+ } \ No newline at end of file
diff --git a/verigraph/service/src/mcnet/netobjs/PolitoCache.java b/verigraph/service/src/mcnet/netobjs/PolitoCache.java
new file mode 100644
index 0000000..948915c
--- /dev/null
+++ b/verigraph/service/src/mcnet/netobjs/PolitoCache.java
@@ -0,0 +1,177 @@
+/*******************************************************************************
+ * Copyright (c) 2017 Politecnico di Torino and others.
+ *
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Apache License, Version 2.0
+ * which accompanies this distribution, and is available at
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *******************************************************************************/
+
+package mcnet.netobjs;
+
+
+import java.util.ArrayList;
+import java.util.List;
+
+import com.microsoft.z3.BoolExpr;
+import com.microsoft.z3.Context;
+import com.microsoft.z3.DatatypeExpr;
+import com.microsoft.z3.Expr;
+import com.microsoft.z3.FuncDecl;
+import com.microsoft.z3.IntExpr;
+import com.microsoft.z3.Solver;
+import com.microsoft.z3.Sort;
+
+import mcnet.components.NetContext;
+import mcnet.components.Network;
+import mcnet.components.NetworkObject;
+/**Cache Model
+ *
+ */
+public class PolitoCache extends NetworkObject{
+
+ List<BoolExpr> constraints;
+ Context ctx;
+ DatatypeExpr politoCache;
+ Network net;
+ NetContext nctx;
+ FuncDecl isInBlacklist;
+
+ public PolitoCache(Context ctx, Object[]... args) {
+ super(ctx, args);
+ }
+
+ @Override
+ protected void init(Context ctx, Object[]... args) {
+ this.ctx = ctx;
+ isEndHost=false;
+ constraints = new ArrayList<BoolExpr>();
+ z3Node = ((NetworkObject)args[0][0]).getZ3Node();
+ politoCache = z3Node;
+ net = (Network)args[0][1];
+ nctx = (NetContext)args[0][2];
+ //net.saneSend(this);
+ }
+
+ @Override
+ public DatatypeExpr getZ3Node() {
+ return politoCache;
+ }
+
+ @Override
+ protected void addConstraints(Solver solver) {
+ BoolExpr[] constr = new BoolExpr[constraints.size()];
+ solver.add(constraints.toArray(constr));
+ }
+
+ public void installCache (NetworkObject[] internalNodes){
+ Expr n_0 = ctx.mkConst("politoCache_"+politoCache+"_n_0", nctx.node);
+ Expr n_1 = ctx.mkConst("politoCache_"+politoCache+"_n_1", nctx.node);
+ Expr n_2 = ctx.mkConst("politoCache_"+politoCache+"_n_2", nctx.node);
+ Expr p_0 = ctx.mkConst("politoCache_"+politoCache+"_p_0", nctx.packet);
+ Expr p_1 = ctx.mkConst("politoCache_"+politoCache+"_p_1", nctx.packet);
+ Expr p_2 = ctx.mkConst("politoCache_"+politoCache+"_p_2", nctx.packet);
+
+ IntExpr t_0 = ctx.mkIntConst("politoCache_"+politoCache+"_t_0");
+ IntExpr t_1 = ctx.mkIntConst("politoCache_"+politoCache+"_t_1");
+ IntExpr t_2 = ctx.mkIntConst("politoCache_"+politoCache+"_t_2");
+
+ Expr a_0 = ctx.mkConst(politoCache+"politoCache_a_0", nctx.node);
+ IntExpr u_0 = ctx.mkIntConst("politoCache_"+politoCache+"_u_0");
+
+ FuncDecl isInternalNode = ctx.mkFuncDecl(politoCache+"_isInternalNode", nctx.node, ctx.mkBoolSort());
+ FuncDecl isInCache = ctx.mkFuncDecl(politoCache+"_isInCache", new Sort[]{ctx.mkIntSort(),ctx.mkIntSort()}, ctx.mkBoolSort());
+
+ assert(internalNodes.length!=0); //No internal nodes => Should never happen
+
+ //Modeling the behavior of the isInternalNode() and isInCache() functions
+ BoolExpr[] internalNodesConstraint = new BoolExpr[internalNodes.length];
+ for(int w=0;w<internalNodesConstraint.length;w++)
+ internalNodesConstraint[w]= (ctx.mkEq(a_0,internalNodes[w].getZ3Node()));
+
+ //Constraint1 if(isInternalNode(a_0) == or(listadeinodiinterni) ? True : false
+ constraints.add(
+ ctx.mkForall(new Expr[]{a_0},
+ ctx.mkIff((BoolExpr)isInternalNode.apply(a_0), ctx.mkOr(internalNodesConstraint)),1,null,null,null,null));
+
+// constraints.add(ctx.mkForall(new Expr[]{a_0}, ctx.mkEq(isInternalNode.apply(a_0),ctx.mkOr(internalNodesConstraint)),1,null,null,null,null));
+
+// constraints.add(ctx.mkForall(new Expr[]{u_0, t_0},
+// ctx.mkITE(ctx.mkExists(new Expr[]{t_1, t_2, p_1, p_2, n_1, n_2},
+// ctx.mkAnd(ctx.mkLt(t_1, t_2),
+// ctx.mkLt(t_1, t_0),
+// ctx.mkLt(t_2, t_0),
+// (BoolExpr)nctx.recv.apply(n_1, politoCache, p_1, t_1),
+// (BoolExpr)nctx.recv.apply(n_2, politoCache, p_2, t_2),
+// ctx.mkEq(nctx.pf.get("proto").apply(p_1),ctx.mkInt(nctx.HTTP_REQUEST)),
+// ctx.mkEq(nctx.pf.get("proto").apply(p_2),ctx.mkInt(nctx.HTTP_RESPONSE)),
+// (BoolExpr)isInternalNode.apply(n_1),
+// ctx.mkNot((BoolExpr)isInternalNode.apply(n_2)),
+// ctx.mkEq(nctx.pf.get("url").apply(p_1),u_0),
+// ctx.mkEq(nctx.pf.get("url").apply(p_2),u_0)),1,null,null,null,null),
+// ctx.mkEq(isInCache.apply(u_0,t_0),ctx.mkBool(true)),ctx.mkEq(isInCache.apply(u_0,t_0),ctx.mkBool(false))),1,null,null,null,null));
+//
+
+ //Constraint2 isInCache(u_0,t_0), exist t_1, t_2, p_1, p_2, n_1, n_2 :
+ // ( t_1< t_2 < t_0 && recv(n_1, politoCache, p_1, t_1) && recv(n_2, politoCache, p_2, t_2))) &&
+ // p_1.proto == HTTP_REQ && p_2.proto == HTTP_RESP &&
+ // isInternalNode(n_1) && !isInternalNode(n_2) &&
+ // p_1.url == u_0 && p_2.url == u_0 )
+ constraints.add(
+ ctx.mkForall(new Expr[]{u_0, t_0},
+ ctx.mkImplies((BoolExpr)isInCache.apply(u_0, t_0),
+ ctx.mkExists(new Expr[]{t_1,t_2,p_1,p_2,n_1, n_2},
+ ctx.mkAnd(
+ ctx.mkLt(t_1, t_2),
+ ctx.mkLt(t_1, t_0),
+ ctx.mkLt(t_2, t_0),
+ (BoolExpr)nctx.recv.apply(n_1, politoCache, p_1, t_1),
+ (BoolExpr)nctx.recv.apply(n_2, politoCache, p_2, t_2),
+ ctx.mkEq(nctx.pf.get("proto").apply(p_1), ctx.mkInt(nctx.HTTP_REQUEST)),
+ ctx.mkEq(nctx.pf.get("proto").apply(p_2), ctx.mkInt(nctx.HTTP_RESPONSE)),
+ (BoolExpr)isInternalNode.apply(n_1),
+ ctx.mkNot((BoolExpr)isInternalNode.apply(n_2)),
+ ctx.mkEq(nctx.pf.get("url").apply(p_1), u_0),
+ ctx.mkEq(nctx.pf.get("url").apply(p_2), u_0)),1,null,null,null,null)),1,null,null,null,null));
+// //Always in cache
+// constraints.add(ctx.mkForall(new Expr[]{u_0, t_0},ctx.mkEq(isInCache.apply(u_0,t_0),ctx.mkBool(true)),1,null,null,null,null));
+
+ //Constraint3 Modeling the behavior of the cache
+ // send(politoCache, n_0, p, t_0) && !isInternalNode(n_0) ->
+ // (exist t_1,n_1 :
+ // (t_1 < t_0 && recv(n_1, politoCache, p, t_1) &&
+ // p.proto == HTTP_REQ && !isInCache(p.url,t_0))
+ constraints.add(
+ ctx.mkForall(new Expr[]{n_0,p_0, t_0},
+ ctx.mkImplies(
+ ctx.mkAnd((BoolExpr)nctx.send.apply(politoCache,n_0,p_0,t_0),ctx.mkNot((BoolExpr)isInternalNode.apply(n_0))),
+ ctx.mkAnd(ctx.mkExists(new Expr[]{t_1, n_1},
+ ctx.mkAnd(
+ ctx.mkLt(t_1, t_0),
+ (BoolExpr)isInternalNode.apply(n_1),
+ (BoolExpr)nctx.recv.apply(n_1, politoCache, p_0, t_1)),1,null,null,null,null),
+ ctx.mkEq(nctx.pf.get("proto").apply(p_0), ctx.mkInt(nctx.HTTP_REQUEST)),
+ ctx.mkNot((BoolExpr)isInCache.apply(nctx.pf.get("url").apply(p_0), t_0)))),1,null,null,null,null));
+
+ //Constraint4 send(politoCache, n_0, p, t_0) && isInternalNode(n_0) ->
+ // (exist p_1,t_1 :
+ // (t_1 < t_0 && recv(n_0, politoCache, p_1, t_1) &&
+ // p_1.proto == HTTP_REQ && p.proto == HTTP_RESP &&
+ // p_1.url == p.url && p.src == p_1.dest && p.dest==p_1.src
+ // && isInCache(p.url,t_0))
+ constraints.add(
+ ctx.mkForall(new Expr[]{n_0,p_0, t_0},
+ ctx.mkImplies(
+ ctx.mkAnd((BoolExpr)nctx.send.apply(politoCache,n_0,p_0,t_0),(BoolExpr)isInternalNode.apply(n_0)),
+ ctx.mkAnd(ctx.mkExists(new Expr[]{p_1, t_1},
+ ctx.mkAnd(
+ ctx.mkLt(t_1, t_0),
+ (BoolExpr)nctx.recv.apply(n_0, politoCache, p_1, t_1),
+ ctx.mkEq(nctx.pf.get("proto").apply(p_1), ctx.mkInt(nctx.HTTP_REQUEST)),
+ ctx.mkEq(nctx.pf.get("url").apply(p_1), nctx.pf.get("url").apply(p_0))),1,null,null,null,null),
+ ctx.mkEq(nctx.pf.get("proto").apply(p_0), ctx.mkInt(nctx.HTTP_RESPONSE)),
+ ctx.mkEq(nctx.pf.get("src").apply(p_0), nctx.pf.get("dest").apply(p_1)),
+ ctx.mkEq(nctx.pf.get("dest").apply(p_0), nctx.pf.get("src").apply(p_1)),
+ (BoolExpr)isInCache.apply(nctx.pf.get("url").apply(p_0), t_0))),1,null,null,null,null));
+ }
+} \ No newline at end of file
diff --git a/verigraph/service/src/mcnet/netobjs/PolitoEndHost.java b/verigraph/service/src/mcnet/netobjs/PolitoEndHost.java
new file mode 100644
index 0000000..e12579f
--- /dev/null
+++ b/verigraph/service/src/mcnet/netobjs/PolitoEndHost.java
@@ -0,0 +1,100 @@
+/*******************************************************************************
+ * Copyright (c) 2017 Politecnico di Torino and others.
+ *
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Apache License, Version 2.0
+ * which accompanies this distribution, and is available at
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *******************************************************************************/
+
+package mcnet.netobjs;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import com.microsoft.z3.BoolExpr;
+import com.microsoft.z3.Context;
+import com.microsoft.z3.DatatypeExpr;
+import com.microsoft.z3.Expr;
+import com.microsoft.z3.IntExpr;
+import com.microsoft.z3.Solver;
+
+import mcnet.components.NetContext;
+import mcnet.components.Network;
+import mcnet.components.NetworkObject;
+
+public class PolitoEndHost extends NetworkObject {
+
+ List<BoolExpr> constraints = new ArrayList<BoolExpr>();
+ Context ctx;
+ DatatypeExpr politoEndHost;
+ Network net;
+ NetContext nctx;
+
+ public PolitoEndHost(Context ctx, Object[]... args) {
+ super(ctx, args);
+ }
+
+ @Override
+ public DatatypeExpr getZ3Node() {
+ return politoEndHost;
+ }
+
+ @Override
+ protected void init(Context ctx, Object[]... args) {
+ this.ctx = ctx;
+ this.isEndHost = true;
+ this.politoEndHost = this.z3Node = ((NetworkObject)args[0][0]).getZ3Node();
+ this.net = (Network)args[0][1];
+ this.nctx = (NetContext)args[0][2];
+ }
+
+ @Override
+ protected void addConstraints(Solver solver) {
+ BoolExpr[] constr = new BoolExpr[constraints.size()];
+ solver.add(constraints.toArray(constr));
+ }
+
+ /*
+ * Fields that can be configured -> "dest","body","seq","proto","emailFrom","url","options"
+ */
+ public void installEndHost (PacketModel packet){
+ System.out.println("Installing PolitoEndHost...");
+ Expr n_0 = ctx.mkConst("PolitoEndHost_"+politoEndHost+"_n_0", nctx.node);
+ Expr p_0 = ctx.mkConst("PolitoEndHost_"+politoEndHost+"_p_0", nctx.packet);
+ IntExpr t_0 = ctx.mkIntConst("PolitoEndHost_"+politoEndHost+"_t_0");
+ BoolExpr predicatesOnPktFields = ctx.mkTrue();
+
+ if(packet.getIp_dest() != null)
+ predicatesOnPktFields = ctx.mkAnd(predicatesOnPktFields, ctx.mkEq(nctx.pf.get("dest").apply(p_0), packet.getIp_dest()));
+ if(packet.getBody() != null)
+ predicatesOnPktFields = ctx.mkAnd(predicatesOnPktFields, ctx.mkEq(nctx.pf.get("body").apply(p_0), ctx.mkInt(packet.getBody())));
+ if(packet.getEmailFrom() != null)
+ predicatesOnPktFields = ctx.mkAnd(predicatesOnPktFields, ctx.mkEq(nctx.pf.get("emailFrom").apply(p_0), ctx.mkInt(packet.getEmailFrom())));
+ if(packet.getOptions() != null)
+ predicatesOnPktFields = ctx.mkAnd(predicatesOnPktFields, ctx.mkEq(nctx.pf.get("options").apply(p_0), ctx.mkInt(packet.getOptions())));
+ if(packet.getProto() != null)
+ predicatesOnPktFields = ctx.mkAnd(predicatesOnPktFields, ctx.mkEq(nctx.pf.get("proto").apply(p_0), ctx.mkInt(packet.getProto())));
+ if(packet.getSeq() != null)
+ predicatesOnPktFields = ctx.mkAnd(predicatesOnPktFields, ctx.mkEq(nctx.pf.get("seq").apply(p_0), ctx.mkInt(packet.getSeq())));
+ if(packet.getUrl() != null)
+ predicatesOnPktFields = ctx.mkAnd(predicatesOnPktFields, ctx.mkEq(nctx.pf.get("url").apply(p_0), ctx.mkInt(packet.getUrl())));
+
+ //Constraint1 send(politoWebClient, n_0, p, t_0) -> p.origin == politoWebClient && p.orig_body == p.body && nodeHasAddr(politoWebClient,p.src)
+ constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0},
+ ctx.mkImplies((BoolExpr)nctx.send.apply(politoEndHost, n_0, p_0, t_0),
+ ctx.mkAnd(predicatesOnPktFields,
+ ctx.mkEq(nctx.pf.get("orig_body").apply(p_0),nctx.pf.get("body").apply(p_0)),
+ ctx.mkEq(nctx.pf.get("origin").apply(p_0),politoEndHost),
+ (BoolExpr)nctx.nodeHasAddr.apply(politoEndHost,nctx.pf.get("src").apply(p_0)))),1,null,null,null,null));
+
+ //Constraint2 recv(n_0, politoWebClient, p, t_0) -> nodeHasAddr(politoWebClient,p.dest)
+ constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0},
+ ctx.mkImplies((BoolExpr)nctx.recv.apply(n_0,politoEndHost, p_0, t_0),
+ (BoolExpr)nctx.nodeHasAddr.apply(politoEndHost,nctx.pf.get("dest").apply(p_0))),1,null,null,null,null));
+
+ System.out.println("Done.");
+ return;
+ }
+
+}
diff --git a/verigraph/service/src/mcnet/netobjs/PolitoErrFunction.java b/verigraph/service/src/mcnet/netobjs/PolitoErrFunction.java
new file mode 100644
index 0000000..5f84b9f
--- /dev/null
+++ b/verigraph/service/src/mcnet/netobjs/PolitoErrFunction.java
@@ -0,0 +1,96 @@
+/*******************************************************************************
+ * Copyright (c) 2017 Politecnico di Torino and others.
+ *
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Apache License, Version 2.0
+ * which accompanies this distribution, and is available at
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *******************************************************************************/
+
+package mcnet.netobjs;
+
+
+import java.util.ArrayList;
+import java.util.List;
+
+import com.microsoft.z3.BoolExpr;
+import com.microsoft.z3.Context;
+import com.microsoft.z3.DatatypeExpr;
+import com.microsoft.z3.Expr;
+import com.microsoft.z3.FuncDecl;
+import com.microsoft.z3.IntExpr;
+import com.microsoft.z3.Solver;
+
+import mcnet.components.NetContext;
+import mcnet.components.Network;
+import mcnet.components.NetworkObject;
+/**Error Function objects
+ *
+ */
+public class PolitoErrFunction extends NetworkObject{
+
+ List<BoolExpr> constraints;
+ Context ctx;
+ DatatypeExpr politoErrFunction;
+ Network net;
+ NetContext nctx;
+ FuncDecl isInBlacklist;
+
+ public PolitoErrFunction(Context ctx, Object[]... args) {
+ super(ctx, args);
+ }
+
+ @Override
+ protected void init(Context ctx, Object[]... args) {
+ this.ctx = ctx;
+ isEndHost=true;
+ constraints = new ArrayList<BoolExpr>();
+ z3Node = ((NetworkObject)args[0][0]).getZ3Node();
+ politoErrFunction = z3Node;
+ net = (Network)args[0][1];
+ nctx = (NetContext)args[0][2];
+ errFunctionRules();
+ //net.saneSend(this);
+ }
+
+ @Override
+ public DatatypeExpr getZ3Node() {
+ return politoErrFunction;
+ }
+
+ @Override
+ protected void addConstraints(Solver solver) {
+// System.out.println("[ERR FUNC] Installing rules.");
+ BoolExpr[] constr = new BoolExpr[constraints.size()];
+ solver.add(constraints.toArray(constr));
+ }
+
+ private void errFunctionRules (){
+ Expr n_0 = ctx.mkConst("PolitoErrFunction_"+politoErrFunction+"_n_0", nctx.node);
+ Expr p_0 = ctx.mkConst("PolitoErrFunction_"+politoErrFunction+"_p_0", nctx.packet);
+ IntExpr t_0 = ctx.mkIntConst("PolitoErrFunction_"+politoErrFunction+"_t_0");
+
+// constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0},
+// ctx.mkImplies((BoolExpr)nctx.send.apply(politoErrFunction, n_0, p_0, t_0),
+// (BoolExpr)nctx.nodeHasAddr.apply(politoErrFunction, nctx.pf.get("src").apply(p_0))),1,null,null,null,null));
+// constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0},
+// ctx.mkImplies((BoolExpr)nctx.send.apply(politoErrFunction, n_0, p_0, t_0),
+// ctx.mkEq(nctx.pf.get("origin").apply(p_0), politoErrFunction)),1,null,null,null,null));
+//
+// constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0},
+// ctx.mkImplies((BoolExpr)nctx.send.apply(politoErrFunction, n_0, p_0, t_0),
+// ctx.mkEq(nctx.pf.get("orig_body").apply(p_0),nctx.pf.get("body").apply(p_0))),1,null,null,null,null));
+
+
+// Constraint1 We want the ErrFunction not to send out any packet
+// send(politoErrFunction, n_0, p, t_0) -> 1 == 2
+ constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0},
+ ctx.mkImplies((BoolExpr)nctx.send.apply(politoErrFunction, n_0, p_0, t_0),
+ ctx.mkEq(ctx.mkInt(1),ctx.mkInt(2))),1,null,null,null,null));
+
+// constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0},
+// ctx.mkImplies( (BoolExpr)nctx.send.apply(n_0, politoErrFunction, p_0, t_0),
+// (BoolExpr)nctx.nodeHasAddr.apply(politoErrFunction, nctx.pf.get("dest").apply(p_0))),1,null,null,null,null));
+
+ }
+ } \ No newline at end of file
diff --git a/verigraph/service/src/mcnet/netobjs/PolitoFieldModifier.java b/verigraph/service/src/mcnet/netobjs/PolitoFieldModifier.java
new file mode 100644
index 0000000..6d8d8fe
--- /dev/null
+++ b/verigraph/service/src/mcnet/netobjs/PolitoFieldModifier.java
@@ -0,0 +1,91 @@
+/*******************************************************************************
+ * Copyright (c) 2017 Politecnico di Torino and others.
+ *
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Apache License, Version 2.0
+ * which accompanies this distribution, and is available at
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *******************************************************************************/
+
+package mcnet.netobjs;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import com.microsoft.z3.BoolExpr;
+import com.microsoft.z3.Context;
+import com.microsoft.z3.DatatypeExpr;
+import com.microsoft.z3.Expr;
+import com.microsoft.z3.IntExpr;
+import com.microsoft.z3.Solver;
+
+import mcnet.components.NetContext;
+import mcnet.components.Network;
+import mcnet.components.NetworkObject;
+
+public class PolitoFieldModifier extends NetworkObject {
+
+ List<BoolExpr> constraints;
+ Context ctx;
+ DatatypeExpr politoFieldModifier;
+ Network net;
+ NetContext nctx;
+
+ public PolitoFieldModifier(Context ctx, Object[]... args) {
+ super(ctx, args);
+ }
+
+ @Override
+ public DatatypeExpr getZ3Node() {
+ return politoFieldModifier;
+ }
+
+ @Override
+ protected void init(Context ctx, Object[]... args) {
+ this.ctx = ctx;
+ isEndHost=false;
+ constraints = new ArrayList<BoolExpr>();
+ z3Node = ((NetworkObject)args[0][0]).getZ3Node();
+ politoFieldModifier = z3Node;
+ net = (Network)args[0][1];
+ nctx = (NetContext)args[0][2];
+ }
+
+ @Override
+ protected void addConstraints(Solver solver) {
+ BoolExpr[] constr = new BoolExpr[constraints.size()];
+ solver.add(constraints.toArray(constr));
+ }
+
+ public void installFieldModifier (){
+ Expr x = ctx.mkConst("politoFieldModifier_"+politoFieldModifier+"_x", nctx.node);
+ Expr y = ctx.mkConst("politoFieldModifier_"+politoFieldModifier+"_y", nctx.node);
+ Expr p_0 = ctx.mkConst("politoFieldModifier_"+politoFieldModifier+"_p_0", nctx.packet);
+ Expr p_1 = ctx.mkConst("politoFieldModifier_"+politoFieldModifier+"_p_1", nctx.packet);
+
+ IntExpr t_0 = ctx.mkIntConst("politoFieldModifier_"+politoFieldModifier+"_t_0");
+ IntExpr t_1 = ctx.mkIntConst("politoFieldModifier_"+politoFieldModifier+"_t_1");
+
+ constraints.add(
+ ctx.mkForall(new Expr[]{t_0, p_0, x},
+ ctx.mkImplies((BoolExpr)nctx.send.apply(politoFieldModifier,x,p_0,t_0),
+ ctx.mkExists(new Expr[]{y, p_1, t_1},
+ ctx.mkAnd(ctx.mkLt(t_1, t_0),
+ (BoolExpr)nctx.recv.apply(y, politoFieldModifier, p_1, t_1),
+ ctx.mkEq(nctx.pf.get("encrypted").apply(p_0), nctx.pf.get("encrypted").apply(p_1)),
+ ctx.mkEq(nctx.pf.get("src").apply(p_0), nctx.pf.get("src").apply(p_1)),
+ ctx.mkEq(nctx.pf.get("dest").apply(p_0), nctx.pf.get("dest").apply(p_1)),
+ ctx.mkEq(nctx.pf.get("inner_src").apply(p_0), nctx.pf.get("inner_src").apply(p_1)),
+ ctx.mkEq(nctx.pf.get("inner_dest").apply(p_0), nctx.pf.get("inner_dest").apply(p_1)),
+ ctx.mkEq(nctx.pf.get("origin").apply(p_0), nctx.pf.get("origin").apply(p_1)),
+ ctx.mkEq(nctx.pf.get("orig_body").apply(p_0), nctx.pf.get("orig_body").apply(p_1)),
+ ctx.mkEq(nctx.pf.get("body").apply(p_0), nctx.pf.get("body").apply(p_1)),
+ ctx.mkEq(nctx.pf.get("seq").apply(p_0), nctx.pf.get("seq").apply(p_1)),
+ ctx.mkEq(nctx.pf.get("proto").apply(p_0), nctx.pf.get("proto").apply(p_1)),
+ ctx.mkEq(nctx.pf.get("emailFrom").apply(p_0), nctx.pf.get("emailFrom").apply(p_1)),
+ ctx.mkNot(ctx.mkEq(nctx.pf.get("url").apply(p_0), nctx.pf.get("url").apply(p_1))),
+ ctx.mkEq(nctx.pf.get("options").apply(p_0), nctx.pf.get("options").apply(p_1))),1,null,null,null,null)),
+ 1,null,null,null,null));
+ }
+
+} \ No newline at end of file
diff --git a/verigraph/service/src/mcnet/netobjs/PolitoIDS.java b/verigraph/service/src/mcnet/netobjs/PolitoIDS.java
new file mode 100644
index 0000000..6f2cddf
--- /dev/null
+++ b/verigraph/service/src/mcnet/netobjs/PolitoIDS.java
@@ -0,0 +1,140 @@
+/*******************************************************************************
+ * Copyright (c) 2017 Politecnico di Torino and others.
+ *
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Apache License, Version 2.0
+ * which accompanies this distribution, and is available at
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *******************************************************************************/
+
+package mcnet.netobjs;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import com.microsoft.z3.BoolExpr;
+import com.microsoft.z3.Context;
+import com.microsoft.z3.DatatypeExpr;
+import com.microsoft.z3.Expr;
+import com.microsoft.z3.FuncDecl;
+import com.microsoft.z3.IntExpr;
+import com.microsoft.z3.Solver;
+
+import mcnet.components.NetContext;
+import mcnet.components.Network;
+import mcnet.components.NetworkObject;
+
+public class PolitoIDS extends NetworkObject {
+
+ public static final int DROGA = 1; //no go
+ public static final int GATTINI = 2; //go
+
+ Context ctx;
+ List<BoolExpr> constraints = new ArrayList<BoolExpr>();
+ DatatypeExpr politoIDS;
+ Network net;
+ NetContext nctx;
+ FuncDecl isInBlacklist;
+
+
+ public PolitoIDS(Context ctx, Object[]...args){
+ super(ctx, args);
+ }
+
+ @Override
+ public DatatypeExpr getZ3Node() {
+ return politoIDS;
+ }
+
+ @Override
+ protected void init(Context ctx, Object[]... args) {
+
+ this.ctx = ctx;
+ this.isEndHost = false;
+ this.politoIDS = this.z3Node = ((NetworkObject)args[0][0]).getZ3Node();
+ this.net = (Network)args[0][1];
+ this.nctx = (NetContext)args[0][2];
+
+ }
+
+ @Override
+ protected void addConstraints(Solver solver) {
+ BoolExpr[] constr = new BoolExpr[constraints.size()];
+ solver.add(constraints.toArray(constr));
+
+ }
+
+ public void installIDS(int[] blackList){
+ Expr n_0 = ctx.mkConst(politoIDS + "_n_0", nctx.node);
+ Expr n_1 = ctx.mkConst(politoIDS + "_n_1", nctx.node);
+ Expr p_0 = ctx.mkConst(politoIDS + "_p_0", nctx.packet);
+ IntExpr t_0 = ctx.mkIntConst(politoIDS + "_t_0");
+ IntExpr t_1 = ctx.mkIntConst(politoIDS + "_t_1");
+ Expr b_0 = ctx.mkIntConst(politoIDS + "_b_0");
+
+ isInBlacklist = ctx.mkFuncDecl(politoIDS + "_isInBlacklist", ctx.mkIntSort(), ctx.mkBoolSort());
+
+
+ BoolExpr[] blConstraints = new BoolExpr[blackList.length];
+ if(blackList.length != 0){
+
+ for(int i = 0; i<blackList.length; i++)
+ blConstraints[i] = ctx.mkEq(b_0, ctx.mkInt(blackList[i]));
+
+ this.constraints.add(ctx.mkForall(new Expr[]{b_0},
+ ctx.mkIff((BoolExpr)isInBlacklist.apply(b_0), ctx.mkOr(blConstraints)),
+ 1,
+ null, null, null, null));
+ }else{
+ this.constraints.add(ctx.mkForall(new Expr[]{b_0},
+ ctx.mkEq(isInBlacklist.apply(b_0), ctx.mkBool(false)),
+ 1,
+ null, null, null, null));
+ }
+
+ //Constraint2 send(politoIDS, n_0, p, t_0) && (p.proto(HTTP_RESPONSE) || p.proto(HTTP_REQUEST)) ->
+ // (exist n_1,t_1 : (recv(n_1, politoIDS, p, t_1) && t_1 < t_0)) && !isInBlackList(p.body)
+
+ this.constraints.add(ctx.mkForall(new Expr[]{n_0, p_0, t_0},
+ ctx.mkImplies(ctx.mkAnd((BoolExpr)nctx.send.apply(politoIDS, n_0, p_0, t_0), ctx.mkOr(ctx.mkEq(nctx.pf.get("proto").apply(p_0), ctx.mkInt(nctx.HTTP_RESPONSE)), ctx.mkEq(nctx.pf.get("proto").apply(p_0), ctx.mkInt(nctx.HTTP_REQUEST)))),
+ ctx.mkAnd(ctx.mkExists(new Expr[]{n_1,t_1},
+ ctx.mkAnd((BoolExpr)nctx.recv.apply(n_1,politoIDS,p_0,t_1),ctx.mkLt(t_1, t_0)),
+ 1,
+ null, null, null, null),
+ ctx.mkNot((BoolExpr)isInBlacklist.apply(nctx.pf.get("body").apply(p_0))))),
+ 1,
+ null, null, null, null));
+
+ //Constraint3 send(politoIDS, n_0, p, t_0) && p.proto(HTTP_REQUEST) ->
+ // (exist n_1,t_1 : (recv(n_1, politoIDS, p, t_1) && t_1 < t_0)) Constraint not needed anymore (included in contr. 2)
+ /*
+ this.constraints.add(ctx.mkForall(new Expr[]{n_0, p_0, t_0},
+ ctx.mkImplies(ctx.mkAnd((BoolExpr)nctx.send.apply(politoIDS, n_0, p_0, t_0), ctx.mkEq(nctx.pf.get("proto").apply(p_0), ctx.mkInt(nctx.HTTP_REQUEST))),
+ ctx.mkAnd(ctx.mkExists(new Expr[]{n_1,t_1},
+ ctx.mkAnd((BoolExpr)nctx.recv.apply(n_1,politoIDS,p_0,t_1),ctx.mkLt(t_1, t_0)),
+ 1,
+ null, null, null, null))),
+ 1,
+ null, null, null, null));
+ */
+
+ //Constraint5 send(politoIDS, n_0, p, t_0) -> p.proto == HTTP_REQ || p.protpo == HTTP_RESP
+
+ this.constraints.add(ctx.mkForall(new Expr[]{n_0, p_0, t_0},
+ ctx.mkImplies((BoolExpr)nctx.send.apply(politoIDS, n_0, p_0, t_0),
+ ctx.mkOr(ctx.mkEq(nctx.pf.get("proto").apply(p_0), ctx.mkInt(nctx.HTTP_REQUEST)),
+ ctx.mkEq(nctx.pf.get("proto").apply(p_0), ctx.mkInt(nctx.HTTP_RESPONSE)))),
+ 1,
+ null,null,null,null));
+
+ //Constraint6 send(politoIDS, n_0, p, t_0) -> nodeHasAddr(politoIDS,p.src)
+
+ this.constraints.add(ctx.mkForall(new Expr[]{n_0, p_0, t_0},
+ ctx.mkImplies((BoolExpr)nctx.send.apply(politoIDS, n_0, p_0, t_0),
+ ctx.mkNot((BoolExpr)nctx.nodeHasAddr.apply(politoIDS,nctx.pf.get("src").apply(p_0)))),
+ 1,
+ null,null,null,null));
+
+ }
+
+}
diff --git a/verigraph/service/src/mcnet/netobjs/PolitoMailClient.java b/verigraph/service/src/mcnet/netobjs/PolitoMailClient.java
new file mode 100644
index 0000000..6925258
--- /dev/null
+++ b/verigraph/service/src/mcnet/netobjs/PolitoMailClient.java
@@ -0,0 +1,106 @@
+/*******************************************************************************
+ * Copyright (c) 2017 Politecnico di Torino and others.
+ *
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Apache License, Version 2.0
+ * which accompanies this distribution, and is available at
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *******************************************************************************/
+
+package mcnet.netobjs;
+
+
+import java.util.ArrayList;
+import java.util.List;
+
+import com.microsoft.z3.BoolExpr;
+import com.microsoft.z3.Context;
+import com.microsoft.z3.DatatypeExpr;
+import com.microsoft.z3.Expr;
+import com.microsoft.z3.FuncDecl;
+import com.microsoft.z3.IntExpr;
+import com.microsoft.z3.Solver;
+
+import mcnet.components.NetContext;
+import mcnet.components.Network;
+import mcnet.components.NetworkObject;
+/**
+ * MailClient objects
+ *
+ */
+public class PolitoMailClient extends NetworkObject{
+
+ List<BoolExpr> constraints;
+ Context ctx;
+ DatatypeExpr politoMailClient;
+ Network net;
+ NetContext nctx;
+ FuncDecl isInBlacklist;
+
+ public PolitoMailClient(Context ctx, Object[]... args) {
+ super(ctx, args);
+ }
+
+ @Override
+ protected void init(Context ctx, Object[]... args) {
+ this.ctx = ctx;
+ isEndHost=true;
+ constraints = new ArrayList<BoolExpr>();
+ z3Node = ((NetworkObject)args[0][0]).getZ3Node();
+ politoMailClient = z3Node;
+ net = (Network)args[0][1];
+ nctx = (NetContext)args[0][2];
+ DatatypeExpr ipServer = (DatatypeExpr) args[0][3];
+ mailClientRules(ipServer);
+ //net.saneSend(this);
+ }
+
+ @Override
+ public DatatypeExpr getZ3Node() {
+ return politoMailClient;
+ }
+
+ @Override
+ protected void addConstraints(Solver solver) {
+// System.out.println("[MailClient] Installing rules.");
+ BoolExpr[] constr = new BoolExpr[constraints.size()];
+ solver.add(constraints.toArray(constr));
+ }
+
+ private void mailClientRules (DatatypeExpr ipServer){
+ Expr n_0 = ctx.mkConst("PolitoMailClient_"+politoMailClient+"_n_0", nctx.node);
+ Expr p_0 = ctx.mkConst("PolitoMailClient_"+politoMailClient+"_p_0", nctx.packet);
+ IntExpr t_0 = ctx.mkIntConst("PolitoMailClient_"+politoMailClient+"_t_0");
+
+// Constraint1 send(politoMailClient, n_0, p, t_0) -> nodeHasAddr(politoMailClient,p.src)
+ constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0},
+ ctx.mkImplies((BoolExpr)nctx.send.apply(politoMailClient, n_0, p_0, t_0),
+ (BoolExpr)nctx.nodeHasAddr.apply(politoMailClient,nctx.pf.get("src").apply(p_0))),1,null,null,null,null));
+
+// Constraint2 send(politoMailClient, n_0, p, t_0) -> p.origin == politoMailClient
+ constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0},
+ ctx.mkImplies((BoolExpr)nctx.send.apply(politoMailClient, n_0, p_0, t_0),
+ ctx.mkEq(nctx.pf.get("origin").apply(p_0),politoMailClient)),1,null,null,null,null));
+
+// Constraint3 send(politoMailClient, n_0, p, t_0) -> p.orig_body == p.body
+ constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0},
+ ctx.mkImplies((BoolExpr)nctx.send.apply(politoMailClient, n_0, p_0, t_0),
+ ctx.mkEq(nctx.pf.get("orig_body").apply(p_0),nctx.pf.get("body").apply(p_0))),1,null,null,null,null));
+
+// Constraint4 recv(n_0, politoMailClient, p, t_0) -> nodeHasAddr(politoMailClient,p.dest)
+ constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0},
+ ctx.mkImplies((BoolExpr)nctx.recv.apply(n_0,politoMailClient, p_0, t_0),
+ (BoolExpr)nctx.nodeHasAddr.apply(politoMailClient,nctx.pf.get("dest").apply(p_0))),1,null,null,null,null));
+
+// Constraint5 This client is only able to produce POP3 requests
+// send(politoMailClient, n_0, p, t_0) -> p.proto == POP3_REQ
+ constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0},
+ ctx.mkImplies((BoolExpr)nctx.send.apply(politoMailClient, n_0, p_0, t_0),
+ ctx.mkEq(nctx.pf.get("proto").apply(p_0), ctx.mkInt(nctx.POP3_REQUEST))),1,null,null,null,null));
+
+// Constraint6 send(politoMailClient, n_0, p, t_0) -> p.dest == ip_mailServer
+ constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0},
+ ctx.mkImplies((BoolExpr)nctx.send.apply(politoMailClient, n_0, p_0, t_0),
+ ctx.mkEq(nctx.pf.get("dest").apply(p_0), ipServer)),1,null,null,null,null));
+ }
+}
diff --git a/verigraph/service/src/mcnet/netobjs/PolitoMailServer.java b/verigraph/service/src/mcnet/netobjs/PolitoMailServer.java
new file mode 100644
index 0000000..c464195
--- /dev/null
+++ b/verigraph/service/src/mcnet/netobjs/PolitoMailServer.java
@@ -0,0 +1,117 @@
+/*******************************************************************************
+ * Copyright (c) 2017 Politecnico di Torino and others.
+ *
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Apache License, Version 2.0
+ * which accompanies this distribution, and is available at
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *******************************************************************************/
+
+package mcnet.netobjs;
+
+
+import java.util.ArrayList;
+import java.util.List;
+
+import com.microsoft.z3.BoolExpr;
+import com.microsoft.z3.Context;
+import com.microsoft.z3.DatatypeExpr;
+import com.microsoft.z3.Expr;
+import com.microsoft.z3.FuncDecl;
+import com.microsoft.z3.IntExpr;
+import com.microsoft.z3.Solver;
+
+import mcnet.components.NetContext;
+import mcnet.components.Network;
+import mcnet.components.NetworkObject;
+/** Mail server objects
+ *
+ */
+public class PolitoMailServer extends NetworkObject{
+
+ List<BoolExpr> constraints;
+ Context ctx;
+ DatatypeExpr politoMailServer;
+ Network net;
+ NetContext nctx;
+ FuncDecl isInBlacklist;
+
+ public PolitoMailServer(Context ctx, Object[]... args) {
+ super(ctx, args);
+ }
+
+ @Override
+ protected void init(Context ctx, Object[]... args) {
+ this.ctx = ctx;
+ isEndHost=false;
+ constraints = new ArrayList<BoolExpr>();
+ z3Node = ((NetworkObject)args[0][0]).getZ3Node();
+ politoMailServer = z3Node;
+ net = (Network)args[0][1];
+ nctx = (NetContext)args[0][2];
+ mailServerRules();
+ net.saneSend(this);
+ }
+
+ @Override
+ public DatatypeExpr getZ3Node() {
+ return politoMailServer;
+ }
+
+ @Override
+ protected void addConstraints(Solver solver) {
+ BoolExpr[] constr = new BoolExpr[constraints.size()];
+ solver.add(constraints.toArray(constr));
+ }
+
+ private void mailServerRules (){
+ Expr n_0 = ctx.mkConst(politoMailServer+"_n_0", nctx.node);
+ Expr p_0 = ctx.mkConst(politoMailServer+"_p_0", nctx.packet);
+ Expr p_1 = ctx.mkConst(politoMailServer+"_p_1", nctx.packet);
+ IntExpr t_0 = ctx.mkIntConst(politoMailServer+"_t_0");
+ IntExpr t_1 = ctx.mkIntConst(politoMailServer+"_t_1");
+
+// Constraint1 send(politoMailServer, n_0, p, t_0) -> nodeHasAddr(politoMailServer,p.src)
+ constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0},
+ ctx.mkImplies((BoolExpr)nctx.send.apply(politoMailServer, n_0, p_0, t_0),
+ (BoolExpr)nctx.nodeHasAddr.apply(politoMailServer,nctx.pf.get("src").apply(p_0))),1,null,null,null,null));
+
+// Constraint2 send(politoMailServer, n_0, p, t_0) -> p.origin == politoMailServer
+ constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0},
+ ctx.mkImplies((BoolExpr)nctx.send.apply(politoMailServer, n_0, p_0, t_0),
+ ctx.mkEq(nctx.pf.get("origin").apply(p_0),politoMailServer)),1,null,null,null,null));
+
+// Constraint3 send(politoMailServer, n_0, p, t_0) -> p.orig_body == p.body
+ constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0},
+ ctx.mkImplies((BoolExpr)nctx.send.apply(politoMailServer, n_0, p_0, t_0),
+ ctx.mkEq(nctx.pf.get("orig_body").apply(p_0),nctx.pf.get("body").apply(p_0))),1,null,null,null,null));
+
+// Constraint4 recv(n_0, politoMailServer, p, t_0) -> nodeHasAddr(politoMailServer,p.dest)
+ constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0},
+ ctx.mkImplies((BoolExpr)nctx.recv.apply(n_0,politoMailServer, p_0, t_0),
+ (BoolExpr)nctx.nodeHasAddr.apply(politoMailServer,nctx.pf.get("dest").apply(p_0))),1,null,null,null,null));
+
+// Constraint5 send(politoMailServer, n_0, p, t_0) -> p.proto == POP3_RESP && p.emailFrom == 1
+ constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0},
+ ctx.mkImplies((BoolExpr)nctx.send.apply(politoMailServer, n_0, p_0, t_0),
+ ctx.mkAnd( ctx.mkEq(nctx.pf.get("proto").apply(p_0), ctx.mkInt(nctx.POP3_RESPONSE)),
+ ctx.mkEq(nctx.pf.get("emailFrom").apply(p_0), ctx.mkInt(1)))),1,null,null,null,null));
+
+// Constraint6 send(politoMailServer, n_0, p, t_0) ->
+// (exist p_1, t_1 : (t_1 < t_0 && recv(n_0, politoMailServer, p_1, t_1) &&
+// p_0.proto == POP3_RESP && p_1.proto == POP3_REQ && p_0.dest == p_1.src )
+
+ constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0},
+ ctx.mkImplies((BoolExpr)nctx.send.apply(politoMailServer, n_0, p_0, t_0),
+ ctx.mkExists(new Expr[]{p_1, t_1},
+ ctx.mkAnd(ctx.mkLt(t_1, t_0),
+ (BoolExpr)nctx.recv.apply(n_0, politoMailServer, p_1, t_1),
+ ctx.mkEq(nctx.pf.get("proto").apply(p_0), ctx.mkInt(nctx.POP3_RESPONSE)),
+ ctx.mkEq(nctx.pf.get("proto").apply(p_1), ctx.mkInt(nctx.POP3_REQUEST)),
+ ctx.mkEq(nctx.pf.get("dest").apply(p_0), nctx.pf.get("src").apply(p_1))),1,null,null,null,null)),1,null,null,null,null));
+
+// constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0},
+// ctx.mkImplies((BoolExpr)nctx.send.apply(politoMailServer, n_0, p_0, t_0),
+// ctx.mkEq(nctx.pf.get("emailFrom").apply(p_0),ctx.mkInt(2))),1,null,null,null,null));
+ }
+} \ No newline at end of file
diff --git a/verigraph/service/src/mcnet/netobjs/PolitoNF.java b/verigraph/service/src/mcnet/netobjs/PolitoNF.java
new file mode 100644
index 0000000..53cae28
--- /dev/null
+++ b/verigraph/service/src/mcnet/netobjs/PolitoNF.java
@@ -0,0 +1,101 @@
+/*******************************************************************************
+ * Copyright (c) 2017 Politecnico di Torino and others.
+ *
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Apache License, Version 2.0
+ * which accompanies this distribution, and is available at
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *******************************************************************************/
+
+package mcnet.netobjs;
+
+
+import java.util.ArrayList;
+import java.util.List;
+
+import com.microsoft.z3.BoolExpr;
+import com.microsoft.z3.Context;
+import com.microsoft.z3.DatatypeExpr;
+import com.microsoft.z3.Expr;
+import com.microsoft.z3.FuncDecl;
+import com.microsoft.z3.IntExpr;
+import com.microsoft.z3.Solver;
+import com.microsoft.z3.Sort;
+
+import mcnet.components.NetContext;
+import mcnet.components.Network;
+import mcnet.components.NetworkObject;
+
+/** First example of custom network function: a simple filter
+ *
+ */
+public class PolitoNF extends NetworkObject{
+
+ List<BoolExpr> constraints;
+ Context ctx;
+ DatatypeExpr politoNF;
+ Network net;
+ NetContext nctx;
+ FuncDecl isInBlacklist;
+
+
+ public PolitoNF(Context ctx, Object[]... args) {
+ super(ctx, args);
+ }
+
+ @Override
+ protected void init(Context ctx, Object[]... args) {
+ this.ctx = ctx;
+ isEndHost=false;
+ constraints = new ArrayList<BoolExpr>();
+ z3Node = ((NetworkObject)args[0][0]).getZ3Node();
+ politoNF = z3Node;
+ net = (Network)args[0][1];
+ nctx = (NetContext)args[0][2];
+ //net.saneSend(this);
+ }
+
+ public void politoNFRules (DatatypeExpr ipA,DatatypeExpr ipB){
+// System.out.println("[PolitoNf] Installing rules");
+ Expr n_0 = ctx.mkConst("politoNF_"+politoNF+"_n_0", nctx.node);
+ Expr n_1 = ctx.mkConst("politoNF_"+politoNF+"_n_1", nctx.node);
+ Expr p_0 = ctx.mkConst("politoNF_"+politoNF+"_p_0", nctx.packet);
+ IntExpr t_0 = ctx.mkIntConst("politoNF_"+politoNF+"_t_0");
+ IntExpr t_1 = ctx.mkIntConst("politoNF_"+politoNF+"_t_1");
+ Expr a_0 = ctx.mkConst(politoNF+"_politoNF_a_0", nctx.address);
+ Expr a_1 = ctx.mkConst(politoNF+"_politoNF_a_1", nctx.address);
+
+ FuncDecl myFunction = ctx.mkFuncDecl(politoNF+"_myFunction", new Sort[]{nctx.address,nctx.address}, ctx.mkBoolSort());
+
+ BoolExpr myConstraint = ctx.mkForall(new Expr[]{n_0, p_0, t_0},
+ ctx.mkImplies((BoolExpr)nctx.send.apply(politoNF, n_0, p_0, t_0),
+ ctx.mkExists(new Expr[]{n_1, t_1},
+ ctx.mkAnd((BoolExpr)nctx.recv.apply(n_1, politoNF, p_0, t_1),
+ ctx.mkLt(t_1 , t_0),
+ (BoolExpr)myFunction.apply(nctx.pf.get("src").apply(p_0), nctx.pf.get("dest").apply(p_0))),1,null,null,null,null)),1,null,null,null,null);
+
+ BoolExpr funcConstraint = ctx.mkOr(ctx.mkAnd(ctx.mkEq(a_0, ipA), ctx.mkEq(a_1, ipB)), ctx.mkAnd(ctx.mkEq(a_0,ipB), ctx.mkEq(a_1,ipA)));
+
+ // Constraint1 myFunction(a_0,a_1) == ((a_0 == ipA && a_1 == ipB) || (a_0 == ipB && a_1 == ipA))
+ constraints.add(
+ ctx.mkForall(new Expr[]{a_0,a_1},
+ ctx.mkEq(myFunction.apply(a_0, a_1), funcConstraint),1,null,null,null,null));
+
+ //Constraint2 send(politoNF, n_0, p, t_0) ->
+ // (exist n_1,t_1 : (t_1 < t_0 && recv(n_1, politoNF, p, t_1) && myFunction(p.src,p.dest))
+ constraints.add(myConstraint);
+
+ }
+
+ @Override
+ protected void addConstraints(Solver solver) {
+ BoolExpr[] constr = new BoolExpr[constraints.size()];
+ solver.add(constraints.toArray(constr));
+ }
+
+ @Override
+ public DatatypeExpr getZ3Node() {
+ return politoNF;
+ }
+
+ } \ No newline at end of file
diff --git a/verigraph/service/src/mcnet/netobjs/PolitoNat.java b/verigraph/service/src/mcnet/netobjs/PolitoNat.java
new file mode 100644
index 0000000..6d8a36d
--- /dev/null
+++ b/verigraph/service/src/mcnet/netobjs/PolitoNat.java
@@ -0,0 +1,176 @@
+/*******************************************************************************
+ * Copyright (c) 2017 Politecnico di Torino and others.
+ *
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Apache License, Version 2.0
+ * which accompanies this distribution, and is available at
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *******************************************************************************/
+
+package mcnet.netobjs;
+
+
+import java.util.ArrayList;
+import java.util.List;
+
+import com.microsoft.z3.BoolExpr;
+import com.microsoft.z3.Context;
+import com.microsoft.z3.DatatypeExpr;
+import com.microsoft.z3.Expr;
+import com.microsoft.z3.FuncDecl;
+import com.microsoft.z3.IntExpr;
+import com.microsoft.z3.Solver;
+
+import mcnet.components.NetContext;
+import mcnet.components.Network;
+import mcnet.components.NetworkObject;
+/**
+ * NAT Model object
+ *
+ */
+public class PolitoNat extends NetworkObject{
+ List<BoolExpr> constraints;
+ Context ctx;
+ DatatypeExpr nat;
+ List<DatatypeExpr> private_addresses;
+ List<NetworkObject> private_node;
+ Network net;
+ NetContext nctx;
+ FuncDecl private_addr_func ;
+
+ public PolitoNat(Context ctx, Object[]... args) {
+ super(ctx, args);
+ }
+
+ @Override
+ protected void init(Context ctx, Object[]... args) {
+ this.ctx = ctx;
+ isEndHost=false;
+ constraints = new ArrayList<BoolExpr>();
+ z3Node = ((NetworkObject)args[0][0]).getZ3Node();
+ nat = z3Node;
+ net = (Network)args[0][1];
+ nctx = (NetContext)args[0][2];
+ private_addresses = new ArrayList<DatatypeExpr>();
+ private_node = new ArrayList<NetworkObject>();
+ net.saneSend(this);
+ }
+
+ @Override
+ public DatatypeExpr getZ3Node() {
+ return nat;
+ }
+
+ @Override
+ protected void addConstraints(Solver solver) {
+ BoolExpr[] constr = new BoolExpr[constraints.size()];
+ solver.add(constraints.toArray(constr));
+ }
+
+ /*
+ private void addPrivateAdd(List<DatatypeExpr> address){
+ private_addresses.addAll(address);
+ }
+ */
+
+ public List<DatatypeExpr> getPrivateAddress(){
+ return private_addresses;
+ }
+
+ public void natModel(DatatypeExpr natIp){
+ Expr x = ctx.mkConst("x", nctx.node);
+ Expr y = ctx.mkConst("y", nctx.node);
+ Expr z = ctx.mkConst("z", nctx.node);
+
+ Expr p_0 = ctx.mkConst("p_0", nctx.packet);
+ Expr p_1 = ctx.mkConst("p_1", nctx.packet);
+ Expr p_2 = ctx.mkConst("p_2", nctx.packet);
+
+ IntExpr t_0 = ctx.mkIntConst("t_0");
+ IntExpr t_1 = ctx.mkIntConst("t_1");
+ IntExpr t_2 = ctx.mkIntConst("t_2");
+
+// private_addr_func = ctx.mkFuncDecl("private_addr_func", nctx.address, ctx.mkBoolSort());
+ private_addr_func = ctx.mkFuncDecl(nat + "_nat_func", nctx.address, ctx.mkBoolSort());
+
+ //Constraint1
+// "send(nat, x, p_0, t_0) && !private_addr_func(p_0.dest) ->
+// p_0.src == ip_politoNat &&
+// (exist y, p_1,t_1 :
+// (recv(y, nat, p_1, t_1) && t_1 < t_0 &&
+// private_addr_func(p1.src) &&
+// p_1.origin == p_0.origin &&
+// same for p_1.<dest,orig_body,body,seq,proto,emailFrom,url,options> == p_0.<...>) "
+ constraints.add( ctx.mkForall(new Expr[]{t_0, p_0, x},
+ ctx.mkImplies(
+ ctx.mkAnd((BoolExpr)nctx.send.apply(nat, x, p_0, t_0),
+ ctx.mkNot((BoolExpr)private_addr_func.apply(nctx.pf.get("dest").apply(p_0)))),
+ ctx.mkAnd(
+ ctx.mkEq(nctx.pf.get("src").apply(p_0),natIp),
+ ctx.mkExists(new Expr[]{y, p_1, t_1},
+ ctx.mkAnd(
+ (BoolExpr)nctx.recv.apply(y, nat, p_1, t_1),
+ ctx.mkLt(t_1 , t_0),
+ (BoolExpr)private_addr_func.apply(nctx.pf.get("src").apply(p_1)),
+ ctx.mkEq(nctx.pf.get("origin").apply(p_1),nctx.pf.get("origin").apply(p_0)),
+ ctx.mkEq(nctx.pf.get("dest").apply(p_1),nctx.pf.get("dest").apply(p_0)),
+ ctx.mkEq(nctx.pf.get("orig_body").apply(p_1),nctx.pf.get("orig_body").apply(p_0)),
+ ctx.mkEq(nctx.pf.get("body").apply(p_1),nctx.pf.get("body").apply(p_0)),
+ ctx.mkEq(nctx.pf.get("seq").apply(p_1),nctx.pf.get("seq").apply(p_0)),
+ ctx.mkEq(nctx.pf.get("proto").apply(p_1),nctx.pf.get("proto").apply(p_0)),
+ ctx.mkEq(nctx.pf.get("emailFrom").apply(p_1),nctx.pf.get("emailFrom").apply(p_0)),
+ ctx.mkEq(nctx.pf.get("url").apply(p_1),nctx.pf.get("url").apply(p_0)),
+ ctx.mkEq(nctx.pf.get("options").apply(p_1),nctx.pf.get("options").apply(p_0))),1,null,null,null,null))),1,null,null,null,null));
+
+ //Constraint2
+// send(nat, x, p_0, t_0) && private_addr_func(p_0.dest) ->
+// !private_addr_func(p_0.src) &&
+// (exist y, p_1,t_1 :
+// (recv(y, nat, p_1, t_1) && t_1 < t_0 &&
+// !private_addr_func(p1.src) &&
+// p_1.dest == ip_politoNat &&
+// p_1.origin == p_0.origin &&
+// same for p_1.<src,orig_body,body,seq,proto,emailFrom,url,options> == p_0.<...>)
+ constraints.add( ctx.mkForall(new Expr[]{x, p_0, t_0},
+ ctx.mkImplies(
+ ctx.mkAnd((BoolExpr)nctx.send.apply(nat, x, p_0, t_0),
+ (BoolExpr)private_addr_func.apply(nctx.pf.get("dest").apply(p_0))),
+ ctx.mkAnd(
+ ctx.mkNot((BoolExpr)private_addr_func.apply(nctx.pf.get("src").apply(p_0))),
+ ctx.mkExists(new Expr[]{y, p_1, t_1},
+ ctx.mkAnd(
+ ctx.mkLt(t_1 , t_0),
+ (BoolExpr)nctx.recv.apply(y, nat, p_1, t_1),
+ ctx.mkNot((BoolExpr)private_addr_func.apply(nctx.pf.get("src").apply(p_1))),
+ ctx.mkEq(nctx.pf.get("dest").apply(p_1),natIp),
+ ctx.mkEq(nctx.pf.get("src").apply(p_1),nctx.pf.get("src").apply(p_0)),
+ ctx.mkEq(nctx.pf.get("origin").apply(p_0),nctx.pf.get("origin").apply(p_1)),
+ ctx.mkEq(nctx.pf.get("orig_body").apply(p_1),nctx.pf.get("orig_body").apply(p_0)),
+ ctx.mkEq(nctx.pf.get("body").apply(p_1),nctx.pf.get("body").apply(p_0)),
+ ctx.mkEq(nctx.pf.get("seq").apply(p_1),nctx.pf.get("seq").apply(p_0)),
+ ctx.mkEq(nctx.pf.get("proto").apply(p_1),nctx.pf.get("proto").apply(p_0)),
+ ctx.mkEq(nctx.pf.get("emailFrom").apply(p_1),nctx.pf.get("emailFrom").apply(p_0)),
+ ctx.mkEq(nctx.pf.get("url").apply(p_1),nctx.pf.get("url").apply(p_0)),
+ ctx.mkEq(nctx.pf.get("options").apply(p_1),nctx.pf.get("options").apply(p_0)),
+ ctx.mkExists(new Expr[]{z, p_2, t_2},
+ ctx.mkAnd(
+ ctx.mkLt(t_2 , t_1),
+ (BoolExpr)nctx.recv.apply(z, nat, p_2, t_2),
+ (BoolExpr)private_addr_func.apply(nctx.pf.get("src").apply(p_2)),
+ ctx.mkEq(nctx.pf.get("src").apply(p_1),nctx.pf.get("dest").apply(p_2)),
+ ctx.mkEq(nctx.pf.get("src").apply(p_0),nctx.pf.get("dest").apply(p_2)),
+ ctx.mkEq(nctx.pf.get("src").apply(p_2),nctx.pf.get("dest").apply(p_0))),1,null,null,null,null)),1,null,null,null,null))),1,null,null,null,null));
+ }
+
+ public void setInternalAddress(ArrayList<DatatypeExpr> internalAddress){
+ List<BoolExpr> constr = new ArrayList<BoolExpr>();
+ Expr n_0 = ctx.mkConst("nat_node", nctx.address);
+
+ for(DatatypeExpr n : internalAddress){
+ constr.add(ctx.mkEq(n_0,n));
+ }
+ BoolExpr[] constrs = new BoolExpr[constr.size()];
+ //Constraint private_addr_func(n_0) == or(n_0==n foreach internal address)
+ constraints.add(ctx.mkForall(new Expr[]{n_0}, ctx.mkEq(private_addr_func.apply(n_0),ctx.mkOr(constr.toArray(constrs))),1,null,null,null,null));
+ }
+} \ No newline at end of file
diff --git a/verigraph/service/src/mcnet/netobjs/PolitoVpnAccess.java b/verigraph/service/src/mcnet/netobjs/PolitoVpnAccess.java
new file mode 100644
index 0000000..e6fc5fe
--- /dev/null
+++ b/verigraph/service/src/mcnet/netobjs/PolitoVpnAccess.java
@@ -0,0 +1,142 @@
+/*******************************************************************************
+ * Copyright (c) 2017 Politecnico di Torino and others.
+ *
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Apache License, Version 2.0
+ * which accompanies this distribution, and is available at
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *******************************************************************************/
+
+package mcnet.netobjs;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import com.microsoft.z3.BoolExpr;
+import com.microsoft.z3.Context;
+import com.microsoft.z3.DatatypeExpr;
+import com.microsoft.z3.Expr;
+import com.microsoft.z3.FuncDecl;
+import com.microsoft.z3.IntExpr;
+import com.microsoft.z3.Solver;
+
+import mcnet.components.NetContext;
+import mcnet.components.Network;
+import mcnet.components.NetworkObject;
+
+public class PolitoVpnAccess extends NetworkObject {
+
+ List<BoolExpr> constraints = new ArrayList<BoolExpr>();
+ DatatypeExpr politoVpnAccess;
+ FuncDecl private_addr_func;
+ NetContext nctx;
+ Context ctx;
+ Network net;
+
+ public PolitoVpnAccess(Context ctx, Object[]... args) {
+ super(ctx, args);
+ }
+
+ @Override
+ public DatatypeExpr getZ3Node() {
+ return politoVpnAccess;
+ }
+
+ @Override
+ protected void init(Context ctx, Object[]... args) {
+ this.ctx = ctx;
+ this.isEndHost = false;
+ this.politoVpnAccess = this.z3Node = ((NetworkObject)args[0][0]).getZ3Node();
+ this.net = (Network)args[0][1];
+ this.nctx = (NetContext)args[0][2];
+ }
+
+ @Override
+ protected void addConstraints(Solver solver) {
+ BoolExpr[] constr = new BoolExpr[constraints.size()];
+ solver.add(constraints.toArray(constr));
+ }
+
+ public void vpnAccessModel(DatatypeExpr vpnAccessIp, DatatypeExpr vpnExitIp) {
+ Expr x = ctx.mkConst("vpn_x", nctx.node);
+ Expr y = ctx.mkConst("vpn_y", nctx.node);
+
+ Expr p_0 = ctx.mkConst("vpn_p_0", nctx.packet);
+ Expr p_1 = ctx.mkConst("vpn_p_1", nctx.packet);
+
+ IntExpr t_0 = ctx.mkIntConst("vpn_t_0");
+ IntExpr t_1 = ctx.mkIntConst("vpn_t_1");
+
+ private_addr_func = ctx.mkFuncDecl("vpn_private_addr_func", nctx.address, ctx.mkBoolSort());
+
+ BoolExpr constraint1 = ctx.mkForall(new Expr[]{t_0, p_0, x},
+ ctx.mkImplies(ctx.mkAnd(
+ (BoolExpr)nctx.send.apply(politoVpnAccess, x, p_0, t_0),
+ ctx.mkEq(nctx.pf.get("inner_src").apply(p_0), nctx.am.get("null"))),
+ ctx.mkAnd(
+ (BoolExpr)private_addr_func.apply(nctx.pf.get("dest").apply(p_0)),
+ ctx.mkNot((BoolExpr)nctx.pf.get("encrypted").apply(p_0)),
+ ctx.mkExists(new Expr[]{y, p_1, t_1},
+ ctx.mkAnd((BoolExpr)nctx.recv.apply(y, politoVpnAccess, p_1, t_1),
+ ctx.mkLt(t_1, t_0),
+ (BoolExpr)nctx.pf.get("encrypted").apply(p_1),
+ ctx.mkEq(nctx.pf.get("src").apply(p_1), vpnExitIp),
+ ctx.mkEq(nctx.pf.get("dest").apply(p_1), vpnAccessIp),
+ ctx.mkEq(nctx.pf.get("inner_src").apply(p_1), nctx.pf.get("src").apply(p_0)),
+ ctx.mkEq(nctx.pf.get("inner_dest").apply(p_1), nctx.pf.get("dest").apply(p_0)),
+ ctx.mkEq(nctx.pf.get("origin").apply(p_1), nctx.pf.get("origin").apply(p_0)),
+ ctx.mkEq(nctx.pf.get("orig_body").apply(p_1), nctx.pf.get("orig_body").apply(p_0)),
+ ctx.mkEq(nctx.pf.get("body").apply(p_1), nctx.pf.get("body").apply(p_0)),
+ ctx.mkEq(nctx.pf.get("seq").apply(p_1), nctx.pf.get("seq").apply(p_0)),
+ ctx.mkEq(nctx.pf.get("proto").apply(p_1), nctx.pf.get("proto").apply(p_0)),
+ ctx.mkEq(nctx.pf.get("emailFrom").apply(p_1), nctx.pf.get("emailFrom").apply(p_0)),
+ ctx.mkEq(nctx.pf.get("url").apply(p_1), nctx.pf.get("url").apply(p_0)),
+ ctx.mkEq(nctx.pf.get("options").apply(p_1), nctx.pf.get("options").apply(p_0))), 1, null, null, null, null))),
+ 1,null,null,null,null);
+
+ constraints.add(constraint1);
+
+ BoolExpr constraint2 = ctx.mkForall(new Expr[]{t_0, p_0, x},
+ ctx.mkImplies(ctx.mkAnd(
+ (BoolExpr)nctx.send.apply(politoVpnAccess, x, p_0, t_0),
+ ctx.mkNot(ctx.mkEq(nctx.pf.get("inner_src").apply(p_0), nctx.am.get("null")))),
+ ctx.mkAnd(
+ ctx.mkEq(nctx.pf.get("src").apply(p_0), vpnAccessIp),
+ ctx.mkEq(nctx.pf.get("dest").apply(p_0), vpnExitIp),
+ (BoolExpr)private_addr_func.apply(nctx.pf.get("inner_src").apply(p_0)),
+ ctx.mkNot(ctx.mkEq(nctx.pf.get("inner_dest").apply(p_0), vpnAccessIp)),
+ (BoolExpr)nctx.pf.get("encrypted").apply(p_0),
+ ctx.mkExists(new Expr[]{y, p_1, t_1},
+ ctx.mkAnd((BoolExpr)nctx.recv.apply(y, politoVpnAccess, p_1, t_1),
+ ctx.mkLt(t_1, t_0),
+ ctx.mkNot((BoolExpr)nctx.pf.get("encrypted").apply(p_1)),
+ ctx.mkEq(nctx.pf.get("src").apply(p_1), nctx.pf.get("inner_src").apply(p_0)),
+ ctx.mkEq(nctx.pf.get("dest").apply(p_1), nctx.pf.get("inner_dest").apply(p_0)),
+ ctx.mkEq(nctx.pf.get("inner_src").apply(p_1), nctx.am.get("null")),
+ ctx.mkEq(nctx.pf.get("inner_dest").apply(p_1), nctx.am.get("null")),
+ ctx.mkEq(nctx.pf.get("origin").apply(p_1), nctx.pf.get("origin").apply(p_0)),
+ ctx.mkEq(nctx.pf.get("orig_body").apply(p_1), nctx.pf.get("orig_body").apply(p_0)),
+ ctx.mkEq(nctx.pf.get("body").apply(p_1), nctx.pf.get("body").apply(p_0)),
+ ctx.mkEq(nctx.pf.get("seq").apply(p_1), nctx.pf.get("seq").apply(p_0)),
+ ctx.mkEq(nctx.pf.get("proto").apply(p_1), nctx.pf.get("proto").apply(p_0)),
+ ctx.mkEq(nctx.pf.get("emailFrom").apply(p_1), nctx.pf.get("emailFrom").apply(p_0)),
+ ctx.mkEq(nctx.pf.get("url").apply(p_1), nctx.pf.get("url").apply(p_0)),
+ ctx.mkEq(nctx.pf.get("options").apply(p_1), nctx.pf.get("options").apply(p_0))), 1, null, null, null, null))),
+ 1,null,null,null,null);
+
+ constraints.add(constraint2);
+ }
+
+ public void setInternalAddress(ArrayList<DatatypeExpr> internalAddress){
+ List<BoolExpr> constr = new ArrayList<BoolExpr>();
+ Expr n_0 = ctx.mkConst("vpn_node", nctx.address);
+
+ for(DatatypeExpr n : internalAddress){
+ constr.add(ctx.mkEq(n_0,n));
+ }
+ BoolExpr[] constrs = new BoolExpr[constr.size()];
+ //Constraint private_addr_func(n_0) == or(n_0==n foreach internal address)
+ constraints.add(ctx.mkForall(new Expr[]{n_0}, ctx.mkEq(private_addr_func.apply(n_0),ctx.mkOr(constr.toArray(constrs))),1,null,null,null,null));
+ }
+
+} \ No newline at end of file
diff --git a/verigraph/service/src/mcnet/netobjs/PolitoVpnExit.java b/verigraph/service/src/mcnet/netobjs/PolitoVpnExit.java
new file mode 100644
index 0000000..fb2341f
--- /dev/null
+++ b/verigraph/service/src/mcnet/netobjs/PolitoVpnExit.java
@@ -0,0 +1,142 @@
+/*******************************************************************************
+ * Copyright (c) 2017 Politecnico di Torino and others.
+ *
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Apache License, Version 2.0
+ * which accompanies this distribution, and is available at
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *******************************************************************************/
+
+package mcnet.netobjs;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import com.microsoft.z3.BoolExpr;
+import com.microsoft.z3.Context;
+import com.microsoft.z3.DatatypeExpr;
+import com.microsoft.z3.Expr;
+import com.microsoft.z3.FuncDecl;
+import com.microsoft.z3.IntExpr;
+import com.microsoft.z3.Solver;
+
+import mcnet.components.NetContext;
+import mcnet.components.Network;
+import mcnet.components.NetworkObject;
+
+public class PolitoVpnExit extends NetworkObject {
+
+ List<BoolExpr> constraints = new ArrayList<BoolExpr>();
+ DatatypeExpr politoVpnExit;
+ FuncDecl private_addr_func;
+ NetContext nctx;
+ Context ctx;
+ Network net;
+
+ public PolitoVpnExit(Context ctx, Object[]... args) {
+ super(ctx, args);
+ }
+
+ @Override
+ public DatatypeExpr getZ3Node() {
+ return politoVpnExit;
+ }
+
+ @Override
+ protected void init(Context ctx, Object[]... args) {
+ this.ctx = ctx;
+ this.isEndHost = false;
+ this.politoVpnExit = this.z3Node = ((NetworkObject)args[0][0]).getZ3Node();
+ this.net = (Network)args[0][1];
+ this.nctx = (NetContext)args[0][2];
+ }
+
+ @Override
+ protected void addConstraints(Solver solver) {
+ BoolExpr[] constr = new BoolExpr[constraints.size()];
+ solver.add(constraints.toArray(constr));
+ }
+
+ public void vpnAccessModel(DatatypeExpr vpnAccessIp, DatatypeExpr vpnExitIp) {
+ Expr x = ctx.mkConst("vpn_x", nctx.node);
+ Expr y = ctx.mkConst("vpn_y", nctx.node);
+
+ Expr p_0 = ctx.mkConst("vpn_p_0", nctx.packet);
+ Expr p_1 = ctx.mkConst("vpn_p_1", nctx.packet);
+
+ IntExpr t_0 = ctx.mkIntConst("vpn_t_0");
+ IntExpr t_1 = ctx.mkIntConst("vpn_t_1");
+
+ private_addr_func = ctx.mkFuncDecl("vpn_private_addr_func", nctx.address, ctx.mkBoolSort());
+
+ BoolExpr constraint1 = ctx.mkForall(new Expr[]{t_0, p_0, x},
+ ctx.mkImplies(ctx.mkAnd(
+ (BoolExpr)nctx.send.apply(politoVpnExit, x, p_0, t_0),
+ ctx.mkEq(nctx.pf.get("inner_src").apply(p_0), nctx.am.get("null"))),
+ ctx.mkAnd(
+ (BoolExpr)private_addr_func.apply(nctx.pf.get("src").apply(p_0)),
+ ctx.mkNot((BoolExpr)nctx.pf.get("encrypted").apply(p_0)),
+ ctx.mkExists(new Expr[]{y, p_1, t_1},
+ ctx.mkAnd((BoolExpr)nctx.recv.apply(y, politoVpnExit, p_1, t_1),
+ ctx.mkLt(t_1, t_0),
+ (BoolExpr)nctx.pf.get("encrypted").apply(p_1),
+ ctx.mkEq(nctx.pf.get("src").apply(p_1), vpnAccessIp),
+ ctx.mkEq(nctx.pf.get("dest").apply(p_1), vpnExitIp),
+ ctx.mkEq(nctx.pf.get("inner_src").apply(p_1), nctx.pf.get("src").apply(p_0)),
+ ctx.mkEq(nctx.pf.get("inner_dest").apply(p_1), nctx.pf.get("dest").apply(p_0)),
+ ctx.mkEq(nctx.pf.get("origin").apply(p_1), nctx.pf.get("origin").apply(p_0)),
+ ctx.mkEq(nctx.pf.get("orig_body").apply(p_1), nctx.pf.get("orig_body").apply(p_0)),
+ ctx.mkEq(nctx.pf.get("body").apply(p_1), nctx.pf.get("body").apply(p_0)),
+ ctx.mkEq(nctx.pf.get("seq").apply(p_1), nctx.pf.get("seq").apply(p_0)),
+ ctx.mkEq(nctx.pf.get("proto").apply(p_1), nctx.pf.get("proto").apply(p_0)),
+ ctx.mkEq(nctx.pf.get("emailFrom").apply(p_1), nctx.pf.get("emailFrom").apply(p_0)),
+ ctx.mkEq(nctx.pf.get("url").apply(p_1), nctx.pf.get("url").apply(p_0)),
+ ctx.mkEq(nctx.pf.get("options").apply(p_1), nctx.pf.get("options").apply(p_0))), 1, null, null, null, null))),
+ 1,null,null,null,null);
+
+ constraints.add(constraint1);
+
+ BoolExpr constraint2 = ctx.mkForall(new Expr[]{t_0, p_0, x},
+ ctx.mkImplies(ctx.mkAnd(
+ (BoolExpr)nctx.send.apply(politoVpnExit, x, p_0, t_0),
+ ctx.mkNot(ctx.mkEq(nctx.pf.get("inner_src").apply(p_0), nctx.am.get("null")))),
+ ctx.mkAnd(
+ ctx.mkEq(nctx.pf.get("src").apply(p_0), vpnExitIp),
+ ctx.mkEq(nctx.pf.get("dest").apply(p_0), vpnAccessIp),
+ (BoolExpr)private_addr_func.apply(nctx.pf.get("dest").apply(p_0)),
+ ctx.mkNot(ctx.mkEq(nctx.pf.get("inner_dest").apply(p_1), vpnExitIp)),
+ (BoolExpr)nctx.pf.get("encrypted").apply(p_0),
+ ctx.mkExists(new Expr[]{y, p_1, t_1},
+ ctx.mkAnd((BoolExpr)nctx.recv.apply(y, politoVpnExit, p_1, t_1),
+ ctx.mkLt(t_1, t_0),
+ ctx.mkNot((BoolExpr)nctx.pf.get("encrypted").apply(p_1)),
+ ctx.mkEq(nctx.pf.get("src").apply(p_1), nctx.pf.get("inner_src").apply(p_0)),
+ ctx.mkEq(nctx.pf.get("dest").apply(p_1), nctx.pf.get("inner_dest").apply(p_0)),
+ ctx.mkEq(nctx.pf.get("inner_src").apply(p_1), nctx.am.get("null")),
+ ctx.mkEq(nctx.pf.get("inner_dest").apply(p_1), nctx.am.get("null")),
+ ctx.mkEq(nctx.pf.get("origin").apply(p_1), nctx.pf.get("origin").apply(p_0)),
+ ctx.mkEq(nctx.pf.get("orig_body").apply(p_1), nctx.pf.get("orig_body").apply(p_0)),
+ ctx.mkEq(nctx.pf.get("body").apply(p_1), nctx.pf.get("body").apply(p_0)),
+ ctx.mkEq(nctx.pf.get("seq").apply(p_1), nctx.pf.get("seq").apply(p_0)),
+ ctx.mkEq(nctx.pf.get("proto").apply(p_1), nctx.pf.get("proto").apply(p_0)),
+ ctx.mkEq(nctx.pf.get("emailFrom").apply(p_1), nctx.pf.get("emailFrom").apply(p_0)),
+ ctx.mkEq(nctx.pf.get("url").apply(p_1), nctx.pf.get("url").apply(p_0)),
+ ctx.mkEq(nctx.pf.get("options").apply(p_1), nctx.pf.get("options").apply(p_0))), 1, null, null, null, null))),
+ 1,null,null,null,null);
+
+ constraints.add(constraint2);
+ }
+
+ public void setInternalAddress(ArrayList<DatatypeExpr> internalAddress){
+ List<BoolExpr> constr = new ArrayList<BoolExpr>();
+ Expr n_0 = ctx.mkConst("vpn_node", nctx.address);
+
+ for(DatatypeExpr n : internalAddress){
+ constr.add(ctx.mkEq(n_0,n));
+ }
+ BoolExpr[] constrs = new BoolExpr[constr.size()];
+ //Constraint private_addr_func(n_0) == or(n_0==n foreach internal address)
+ constraints.add(ctx.mkForall(new Expr[]{n_0}, ctx.mkEq(private_addr_func.apply(n_0),ctx.mkOr(constr.toArray(constrs))),1,null,null,null,null));
+ }
+
+} \ No newline at end of file
diff --git a/verigraph/service/src/mcnet/netobjs/PolitoWebClient.java b/verigraph/service/src/mcnet/netobjs/PolitoWebClient.java
new file mode 100644
index 0000000..28e2cf2
--- /dev/null
+++ b/verigraph/service/src/mcnet/netobjs/PolitoWebClient.java
@@ -0,0 +1,107 @@
+/*******************************************************************************
+ * Copyright (c) 2017 Politecnico di Torino and others.
+ *
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Apache License, Version 2.0
+ * which accompanies this distribution, and is available at
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *******************************************************************************/
+
+package mcnet.netobjs;
+
+
+import java.util.ArrayList;
+import java.util.List;
+
+import com.microsoft.z3.BoolExpr;
+import com.microsoft.z3.Context;
+import com.microsoft.z3.DatatypeExpr;
+import com.microsoft.z3.Expr;
+import com.microsoft.z3.FuncDecl;
+import com.microsoft.z3.IntExpr;
+import com.microsoft.z3.Solver;
+
+import mcnet.components.NetContext;
+import mcnet.components.Network;
+import mcnet.components.NetworkObject;
+
+/**
+ * WebClient
+ */
+public class PolitoWebClient extends NetworkObject{
+
+ List<BoolExpr> constraints;
+ Context ctx;
+ DatatypeExpr politoWebClient;
+ Network net;
+ NetContext nctx;
+ FuncDecl isInBlacklist;
+
+ public PolitoWebClient(Context ctx, Object[]... args) {
+ super(ctx, args);
+ }
+
+ @Override
+ protected void init(Context ctx, Object[]... args) {
+ this.ctx = ctx;
+ isEndHost=true;
+ constraints = new ArrayList<BoolExpr>();
+ z3Node = ((NetworkObject)args[0][0]).getZ3Node();
+ politoWebClient = z3Node;
+ net = (Network)args[0][1];
+ nctx = (NetContext)args[0][2];
+ DatatypeExpr ipServer = (DatatypeExpr) args[0][3];
+ webClientRules(ipServer);
+ //net.saneSend(this);
+ }
+
+ @Override
+ public DatatypeExpr getZ3Node() {
+ return politoWebClient;
+ }
+
+ @Override
+ protected void addConstraints(Solver solver) {
+// System.out.println("[MailClient] Installing rules.");
+ BoolExpr[] constr = new BoolExpr[constraints.size()];
+ solver.add(constraints.toArray(constr));
+ }
+
+ private void webClientRules (DatatypeExpr ipServer){
+ Expr n_0 = ctx.mkConst("PolitoWebClient_"+politoWebClient+"_n_0", nctx.node);
+ Expr p_0 = ctx.mkConst("PolitoWebClient_"+politoWebClient+"_p_0", nctx.packet);
+ IntExpr t_0 = ctx.mkIntConst("PolitoWebClient_"+politoWebClient+"_t_0");
+
+ //Constraint1 send(politoWebClient, n_0, p, t_0) -> nodeHasAddr(politoWebClient,p.src)
+ constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0},
+ ctx.mkImplies((BoolExpr)nctx.send.apply(politoWebClient, n_0, p_0, t_0),
+ (BoolExpr)nctx.nodeHasAddr.apply(politoWebClient,nctx.pf.get("src").apply(p_0))),1,null,null,null,null));
+
+ //Constraint2 send(politoWebClient, n_0, p, t_0) -> p.origin == politoWebClient
+ constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0},
+ ctx.mkImplies((BoolExpr)nctx.send.apply(politoWebClient, n_0, p_0, t_0),
+ ctx.mkEq(nctx.pf.get("origin").apply(p_0),politoWebClient)),1,null,null,null,null));
+
+ //Constraint3 send(politoWebClient, n_0, p, t_0) -> p.orig_body == p.body
+ constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0},
+ ctx.mkImplies((BoolExpr)nctx.send.apply(politoWebClient, n_0, p_0, t_0),
+ ctx.mkEq(nctx.pf.get("orig_body").apply(p_0),nctx.pf.get("body").apply(p_0))),1,null,null,null,null));
+
+ //Constraint4 recv(n_0, politoWebClient, p, t_0) -> nodeHasAddr(politoWebClient,p.dest)
+ constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0},
+ ctx.mkImplies((BoolExpr)nctx.recv.apply(n_0,politoWebClient, p_0, t_0),
+ (BoolExpr)nctx.nodeHasAddr.apply(politoWebClient,nctx.pf.get("dest").apply(p_0))),1,null,null,null,null));
+
+
+ //Constraint5 This client is only able to produce HTTP requests
+ // send(politoWebClient, n_0, p, t_0) -> p.proto == HTTP_REQ
+ constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0},
+ ctx.mkImplies((BoolExpr)nctx.send.apply(politoWebClient, n_0, p_0, t_0),
+ ctx.mkEq(nctx.pf.get("proto").apply(p_0), ctx.mkInt(nctx.HTTP_REQUEST))),1,null,null,null,null));
+
+ //Constraint6 send(politoWebClient, n_0, p, t_0) -> p.dest == ipServer
+ constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0},
+ ctx.mkImplies((BoolExpr)nctx.send.apply(politoWebClient, n_0, p_0, t_0),
+ ctx.mkEq(nctx.pf.get("dest").apply(p_0), ipServer)),1,null,null,null,null));
+ }
+ }
diff --git a/verigraph/service/src/mcnet/netobjs/PolitoWebServer.java b/verigraph/service/src/mcnet/netobjs/PolitoWebServer.java
new file mode 100644
index 0000000..54710d9
--- /dev/null
+++ b/verigraph/service/src/mcnet/netobjs/PolitoWebServer.java
@@ -0,0 +1,114 @@
+/*******************************************************************************
+ * Copyright (c) 2017 Politecnico di Torino and others.
+ *
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Apache License, Version 2.0
+ * which accompanies this distribution, and is available at
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *******************************************************************************/
+
+package mcnet.netobjs;
+
+
+import java.util.ArrayList;
+import java.util.List;
+
+import com.microsoft.z3.BoolExpr;
+import com.microsoft.z3.Context;
+import com.microsoft.z3.DatatypeExpr;
+import com.microsoft.z3.Expr;
+import com.microsoft.z3.FuncDecl;
+import com.microsoft.z3.IntExpr;
+import com.microsoft.z3.Solver;
+
+import mcnet.components.NetContext;
+import mcnet.components.Network;
+import mcnet.components.NetworkObject;
+/**
+ * WebServer object
+ *
+ */
+public class PolitoWebServer extends NetworkObject{
+
+ List<BoolExpr> constraints;
+ Context ctx;
+ DatatypeExpr node;
+ Network net;
+ NetContext nctx;
+ FuncDecl isInBlacklist;
+
+ public PolitoWebServer(Context ctx, Object[]... args) {
+ super(ctx, args);
+ }
+
+ @Override
+ protected void init(Context ctx, Object[]... args) {
+ this.ctx = ctx;
+ isEndHost=true;
+ constraints = new ArrayList<BoolExpr>();
+ z3Node = ((NetworkObject)args[0][0]).getZ3Node();
+ node = z3Node;
+ net = (Network)args[0][1];
+ nctx = (NetContext)args[0][2];
+ webServerRules();
+ }
+
+ @Override
+ public DatatypeExpr getZ3Node() {
+ return node;
+ }
+
+ @Override
+ protected void addConstraints(Solver solver) {
+ BoolExpr[] constr = new BoolExpr[constraints.size()];
+ solver.add(constraints.toArray(constr));
+ }
+
+ private void webServerRules (){
+ Expr n_0 = ctx.mkConst("webserver_"+node+"_n_0", nctx.node);
+ Expr p_0 = ctx.mkConst("webserver_"+node+"_p_0", nctx.packet);
+ Expr p_1 = ctx.mkConst("webserver_"+node+"_p_1", nctx.packet);
+ IntExpr t_0 = ctx.mkIntConst("webserver_"+node+"_t_0");
+ IntExpr t_1 = ctx.mkIntConst("webserver_"+node+"_t_1");
+
+ //Constraint1 send(politoWebServer, n_0, p, t_0) -> nodeHasAddr(politoWebServer,p.src)
+ constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0},
+ ctx.mkImplies((BoolExpr)nctx.send.apply(node, n_0, p_0, t_0),
+ (BoolExpr)nctx.nodeHasAddr.apply(node,nctx.pf.get("src").apply(p_0))),1,null,null,null,null));
+
+ //Constraint2 send(politoWebServer, n_0, p, t_0) -> p.origin == politoWebServer
+ constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0},
+ ctx.mkImplies((BoolExpr)nctx.send.apply(node, n_0, p_0, t_0),
+ ctx.mkEq(nctx.pf.get("origin").apply(p_0),node)),1,null,null,null,null));
+
+ //Constraint3 send(politoWebServer, n_0, p, t_0) -> p.orig_body == p.body
+ constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0},
+ ctx.mkImplies((BoolExpr)nctx.send.apply(node, n_0, p_0, t_0),
+ ctx.mkEq(nctx.pf.get("orig_body").apply(p_0),nctx.pf.get("body").apply(p_0))),
+ 1,null,null,null,null));
+
+ //Constraint4 recv(n_0, politoWebServer, p, t_0) -> nodeHasAddr(politoWebServer,p.dest)
+ constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0},
+ ctx.mkImplies((BoolExpr)nctx.recv.apply(n_0,node, p_0, t_0),
+ (BoolExpr)nctx.nodeHasAddr.apply(node,nctx.pf.get("dest").apply(p_0))),1,null,null,null,null));
+
+ //Constraint5
+ // send(politoWebServer, n_0, p, t_0) ->
+ // (exist p_1,t_1 :
+ // (t_1 < t_0 && recv(n_0, politoWebServer, p_1, t_1) &&
+ // p_0.proto == HTTP_RESP && p_1.proto == HTTP_REQ &&
+ // p_0.dest == p_1.src && p_0.src == p_1.dest && p_0.url == p_1.url)
+ constraints.add( ctx.mkForall(new Expr[]{n_0, p_0, t_0},
+ ctx.mkImplies((BoolExpr)nctx.send.apply(node, n_0, p_0, t_0),
+ ctx.mkExists(new Expr[]{p_1, t_1},
+ ctx.mkAnd(
+ ctx.mkLt(t_1, t_0),
+ ctx.mkEq(nctx.pf.get("url").apply(p_0), nctx.pf.get("url").apply(p_1)),
+ (BoolExpr)nctx.recv.apply(n_0, node, p_1, t_1),
+ ctx.mkEq(nctx.pf.get("proto").apply(p_0), ctx.mkInt(nctx.HTTP_RESPONSE)),
+ ctx.mkEq(nctx.pf.get("proto").apply(p_1), ctx.mkInt(nctx.HTTP_REQUEST)),
+ ctx.mkEq(nctx.pf.get("dest").apply(p_0), nctx.pf.get("src").apply(p_1)),
+ ctx.mkEq(nctx.pf.get("src").apply(p_0), nctx.pf.get("dest").apply(p_1))),
+ 1,null,null,null,null)),1,null,null,null,null));
+ }
+}