1 package edu.uci.iotproject;
3 import org.pcap4j.core.*;
4 import org.pcap4j.packet.*;
5 import org.pcap4j.packet.DnsPacket;
6 import org.pcap4j.packet.namednumber.DnsResourceRecordType;
8 import java.util.ArrayList;
9 import java.util.Arrays;
10 import java.util.Collections;
11 import java.util.HashMap;
12 import java.util.List;
15 import java.io.EOFException;
16 import java.net.UnknownHostException;
17 import java.util.concurrent.TimeoutException;
20 * TODO add class documentation.
22 * @author Janus Varmarken
24 public class FlowPattern {
27 // TP-Link Local ON packet lengths (TCP payload only), extracted from ON event at Feb 13, 2018 13:38:04
28 // of the 5 switch data collection:
29 // 517 1448 1448 1448 855 191 51 490 1027 31
31 ArrayList<Integer> packetLengths = new ArrayList<>();
32 packetLengths.addAll(Arrays.asList(new Integer[] {517, 1448, 1448, 1448, 855, 191, 51, 490, 1027, 31}));
33 TP_LINK_LOCAL_ON = new FlowPattern("TP_LINK_LOCAL_ON", "events.tplinkra.com", packetLengths);
36 public static final FlowPattern TP_LINK_LOCAL_ON;
41 private final String patternId;
44 * The hostname that this {@code FlowPattern} is associated with.
46 private final String hostname; // The hostname that this {@code FlowPattern} is associated with.
49 * The order of packet lengths that defines this {@link FlowPattern}
50 * TODO: this is a simplified representation, we should also include information about direction of each packet.
52 private final List<Integer> flowPacketOrder;
54 private final Map<String, List<Integer>> hostnameToPacketOrderMap;
55 private final PcapHandle pcap;
65 public FlowPattern(String patternId, String hostname, PcapHandle pcap) {
66 this.patternId = patternId;
67 this.hostname = hostname;
69 this.hostnameToPacketOrderMap = null;
70 this.flowPacketOrder = new ArrayList<Integer>();
75 * Process the PcapHandle to strip off unnecessary packets and just get the integer array of packet lengths
77 private void processPcap() {
81 while ((packet = pcap.getNextPacketEx()) != null) {
82 // For now, we only work support pattern search in TCP over IPv4.
83 IpV4Packet ipPacket = packet.get(IpV4Packet.class);
84 TcpPacket tcpPacket = packet.get(TcpPacket.class);
85 if (ipPacket == null || tcpPacket == null)
87 if (tcpPacket.getPayload() == null) // We skip non-payload control packets as these are less predictable
89 int packetLength = tcpPacket.getPayload().length();
90 flowPacketOrder.add(packetLength);
92 } catch (EOFException eofe) {
93 System.out.println("[ FlowPattern ] Finished processing a training PCAP stream!");
94 System.out.println("[ FlowPattern ] Pattern for " + patternId + ": " + Arrays.toString(flowPacketOrder.toArray()));
95 } catch (PcapNativeException |
97 NotOpenException ex) {
105 * @param patternId Label for this pattern
106 * @param hostname Hostname associated with this pattern
107 * @param flowPacketOrder List of packets in order
109 public FlowPattern(String patternId, String hostname, List<Integer> flowPacketOrder) {
110 this.patternId = patternId;
111 this.hostname = hostname;
112 this.hostnameToPacketOrderMap = null;
114 this.flowPacketOrder = Collections.unmodifiableList(flowPacketOrder);
120 public FlowPattern(String patternId, String hostname, Map<String, List<Integer>> hostnameToPacketOrderMap) {
121 this.patternId = patternId;
122 this.hostname = hostname;
124 this.flowPacketOrder = null;
125 this.hostnameToPacketOrderMap = Collections.unmodifiableMap(hostnameToPacketOrderMap);
128 public String getPatternId() {
132 public String getHostname() {
137 * Get the the sequence of packet lengths that defines this {@code FlowPattern}.
138 * @return the sequence of packet lengths that defines this {@code FlowPattern}.
140 public List<Integer> getPacketOrder() {
141 return flowPacketOrder;
145 * Get the length of the List of {@code FlowPattern}.
146 * @return the length of the List of {@code FlowPattern}.
148 public int getLength() {
149 return flowPacketOrder.size();