1 package edu.uci.iotproject.detection.layer2;
3 import edu.uci.iotproject.util.PcapPacketUtils;
4 import org.pcap4j.core.PcapPacket;
5 import org.pcap4j.util.MacAddress;
7 import javax.crypto.Mac;
8 import java.net.InetAddress;
9 import java.net.UnknownHostException;
10 import java.util.ArrayList;
11 import java.util.Arrays;
12 import java.util.List;
15 * Base class for layer 2 matchers ({@code Layer2SequenceMatcher} and {@code Layer2RangeMatcher}).
17 * @author Janus Varmarken {@literal <jvarmark@uci.edu>}
18 * @author Rahmadi Trimananda {@literal <rtrimana@uci.edu>}
20 abstract public class Layer2AbstractMatcher {
23 * Buffer of actual packets seen so far that match the searched range (i.e., constitutes a subsequence).
25 protected final List<PcapPacket> mMatchedPackets = new ArrayList<>();
28 * Models the directions of packets. As the sequence matcher assumes that it is only presented
29 * with packet from a single flow (packets exchanged between two devices), we can model the packet directions with a
30 * single bit. We don't have any notion "phone to device" or "device to phone" as we don't know the MAC addresses
31 * of devices in advance during matching.
33 protected final boolean[] mPacketDirections;
38 protected MacAddress mTrainingRouterWlanMac;
39 protected MacAddress mRouterWlanMac;
42 * Create a {@code Layer2AbstractMatcher}.
43 * @param sequence The sequence of the signature.
44 * @param routerWlanMac The router's WLAN MAC (used for determining the direction of packets).
46 public Layer2AbstractMatcher(List<PcapPacket> sequence, String trainingRouterWlanMac, String routerWlanMac) {
47 mPacketDirections = new boolean[sequence.size()];
48 if (mTrainingRouterWlanMac != null && mRouterWlanMac != null) {
49 mTrainingRouterWlanMac = MacAddress.getByName(trainingRouterWlanMac);
50 mRouterWlanMac = MacAddress.getByName(routerWlanMac);
52 mTrainingRouterWlanMac = null;
53 mRouterWlanMac = null;
55 // Compute packet directions for sequence.
56 for (int i = 0; i < sequence.size(); i++) {
58 // No previous packet; boolean parameter is ignored in this special case.
59 mPacketDirections[i] = getPacketDirection(null, true, sequence.get(i));
61 // Base direction marker on direction of previous packet.
62 PcapPacket prevPkt = sequence.get(i-1);
63 boolean prevPktDirection = mPacketDirections[i-1];
64 mPacketDirections[i] = getPacketDirection(prevPkt, prevPktDirection, sequence.get(i));
70 * Compute the direction of a packet based on the previous packet. If no previous packet is provided, the direction
71 * of {@code currPkt} is {@code true} by definition.
72 * @param prevPkt The previous packet, if any.
73 * @param prevPktDirection The computed direction of the previous packet
74 * @param currPkt The current packet for which the direction is to be determined.
75 * @return The direction of {@code currPkt}.
77 protected boolean getPacketDirection(PcapPacket prevPkt, boolean prevPktDirection, PcapPacket currPkt) {
79 // No Router's WLAN MAC is given; no reference for direction
80 if (mTrainingRouterWlanMac == null && mRouterWlanMac == null) {
81 if (prevPkt == null) {
82 // By definition, use true as direction marker for first packet
86 if (PcapPacketUtils.getEthSrcAddr(prevPkt).equals(PcapPacketUtils.getEthSrcAddr(currPkt))) {
87 // Current packet goes in same direction as previous packet.
88 return prevPktDirection;
90 // Current packet goes in opposite direction of previous packet.
91 return !prevPktDirection;
94 // If we determine direction based on Router's WLAN MAC (only for traffic with
95 // 1) We assign true for the packet if the source is router (meaning S->C direction).
96 // 2) We assign false for the packet if the source is device (meaning C->S direction).
97 if (PcapPacketUtils.getEthSrcAddr(currPkt).equals(mTrainingRouterWlanMac) ||
98 PcapPacketUtils.getEthSrcAddr(currPkt).equals(mRouterWlanMac)) {
106 /* TODO: We can reuse this getPacketDirection if we do remove the router's MAC address filtering for directions
107 protected boolean getPacketDirection(PcapPacket prevPkt, boolean prevPktDirection, PcapPacket currPkt) {
109 if (prevPkt == null) {
110 // By definition, use true as direction marker for first packet
114 if (PcapPacketUtils.getEthSrcAddr(prevPkt).equals(PcapPacketUtils.getEthSrcAddr(currPkt))) {
115 // Current packet goes in same direction as previous packet.
116 return prevPktDirection;
118 // Current packet goes in opposite direction of previous packet.
119 return !prevPktDirection;
124 * See the implementer class for the following method.
127 * @return {@code true} if this {@code Layer2SequenceMatcher} could advance by adding {@code packet} to its set of
128 * matched packets, {@code false} otherwise.
130 public abstract boolean matchPacket(PcapPacket packet);
133 * See the implementer class for the following method.
135 public abstract int getTargetSequencePacketCount();
137 public int getMatchedPacketsCount() {
138 return mMatchedPackets.size();
141 public List<PcapPacket> getMatchedPackets() {
142 return mMatchedPackets;
146 * Utility for {@code getMatchedPackets().get(getMatchedPackets().size()-1)}.
147 * @return The last matched packet, or {@code null} if no packets have been matched yet.
149 public PcapPacket getLastPacket() {
150 //return mSequence.size() > 0 ? mSequence.get(mSequence.size()-1) : null;
151 return mMatchedPackets.size() > 0 ? mMatchedPackets.get(mMatchedPackets.size()-1) : null;