This directory contains a program that uses Binary-Decision Diagrams (BDDs) for modeling the flow of packets in a network. An abstraction of a packet is called a frame. BDDs allow a set-based analysis of packet flow by computing the set of frames that can reach various points in a network.
This program has been implemented in the Objective Caml System. The program has been designed so that others can easily make use of the BDD modules contained within this program.
An action list is a list of accept and deny lines that determine the action of a packet filter. Each line contains two bit sequences. A bit sequence is represented by a string of hexadecimal digits enclosed in double quotes. An example:
"fa1"
A permit line is written:
Accept(<pattern>,<mask>)
A frame is accepted if it matches the bits in <pattern> in the
positions given by the on bits in the <mask>. Thus
Accept("1","5") accepts any bit sequence that has its first
bit on and its third bit off.
A deny line is written:
Reject(<pattern>,<mask>)
A frame is rejected if it matches the bits in <pattern> in the positions given by the on bits in the <mask>.
An action list is a comma separated list of lines surrounded by brackets. An example:
[Accept("f","f"), Accept("0","3"),
Accept("2","7"), Accept("6","f")]
Here is another way to describe the same filter.
[Reject("e","f"), Accept("0","1"), Accept("f","f")]
Action lists are used to represent sets. An action list represents the set of frames that are accepted by a packet filter when given the action list.
A frame geometry is a filter geometry and a frame stage. A frame stage is a map from networks to sets of frames. The set is represented by an action list. Let <label> be the name of a network as a sequence of characters surrounded by double quotes. Let <actions> be the action list associated with that network. The frame stage of that network is given by:
node(<label>,<actions>).
A filter geometry gives the filters that allow packets to travel between networks. Given a packet filter that allows some packets on network <source> to flow to <destination> which is defined by <actions>, this part of a filter geometry is given by:
edge(<source>,<destination>,<actions>).
A complete example:
node("a", [Accept("0","8")]).
edge("a", "b", [Accept("f", "f"), Reject("1", "1"),
Reject("e", "f"), Accept("", "")]).
node("b", []).
The frame program takes a frame geometry and produces
a new frame geometry that is the result of propagating all of the sets
at each frame stage through all possible packet filters. For example,
the result of running the program on the previous frame geometry is:
node("a", [Accept("0", "8")]).
edge("a", "b", [Accept("f", "f"),
Reject("e", "f"),
Accept("0", "1")]).
node("b", [Accept("0", "9")]).
Notice that packets that have their first and fourth bit off make
it to network "b".
The usage message for the prop program follows:
$ prop -help Usage: prop [options] [input [output]] -utn int - unique table number (default 1) -uts int - unique table size (default 509) -ctn int - computed table number (default 1) -cts int - computed table size (default 509) -- - treat remaining args as file names
The table number and size parameters refer to the hash tables used in the BDD module. For most users, the default values will suffice.