section\<open>Example: Executing an Iptables ruleset in Isabelle\<close>theory

1. section\<open>Example: Executing an Iptables ruleset in Isabelle\<close>
2. theory Executable_Iptables
3. imports Alternative_Semantics "Primitive_Matchers/Common_Primitive_Matcher"
4. (* arbitrarily: *) "Examples/SQRL_Shorewall/SQRL_2015_nospoof"
5. begin
6. text\<open>This is just a little example theory that demonstrates that one can directly
7. execute a loaded ruleset on an inductively defined semantics.
8. Unfortunately, doing so is only possible with the \textbf{values} command and we cannot
9. extract or document its result automatically.
10. This makes for an interesting toy example, but nothing more.\<close>
11.  
12. code_pred (modes: i \<Rightarrow> i \<Rightarrow> i \<Rightarrow> i \<Rightarrow> o \<Rightarrow> bool as compute_iptables_bigstep_r) iptables_bigstep_r .
13. print_theorems
14.  
15. definition "some_p \<equiv> \<lparr>p_iiface = ''lmd'', p_oiface = ''lup'',
16. p_src = ipv4addr_of_dotdecimal (10,13,42,130), p_dst= ipv4addr_of_dotdecimal (80,237,132,143),
17. p_proto=TCP, p_sport=51065, p_dport=80, p_tcp_flags = {},
18. p_payload = '''', p_tag_ctstate = CT_New\<rparr>"
19.  
20. (*values "{t. (\<lambda>_. None),(\<lambda>m p. the (ternary_to_bool (common_matcher m p))),some_p\<turnstile> \<langle>[],Undecided\<rangle> \<Rightarrow> t}"
21. This won't work. I have no idea if one somehow can make it work\<dots> *)
22. term "map_of_string_ipv4 filter_fw1"
23. definition "entry_rs \<equiv> [Rule MatchAny (Call ''FORWARD''), Rule MatchAny filter_fw1_FORWARD_default_policy]"
24.  
25. value [code] "Predicate.the (compute_iptables_bigstep_r
26. (map_of_string_ipv4 filter_fw1)
27. (\<lambda>m p. the (ternary_to_bool (common_matcher m p)))
28. some_p
29. entry_rs)"
30.  
31.  
32.  
33. end