projects / pingpong.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
TcpReassembler: skip non-IPv4 traffic; SignatureDetector: add paths to d-link evaluat...
[pingpong.git] / Code / Projects / SmartPlugDetector / src / main / java / edu / uci / iotproject / TcpReassembler.java
diff --git a/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/TcpReassembler.java b/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/TcpReassembler.java
index d54e12428c9a3e83f5a319fc53a73b0f0fab6745..70c096aae8972fe8dbbd6b45d01f0be7b529f4d9 100644 (file)
--- a/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/TcpReassembler.java
+++ b/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/TcpReassembler.java
@@ -2,12 +2,14 @@ package edu.uci.iotproject;
 
 import org.pcap4j.core.PacketListener;
 import org.pcap4j.core.PcapPacket;
+import org.pcap4j.packet.IpV4Packet;
 import org.pcap4j.packet.TcpPacket;
 
 import java.util.*;
 
 /**
  * Reassembles TCP conversations (streams).
+ * <b>Note: current version only supports TCP over IPv4.</b>
  *
  * @author Janus Varmarken {@literal <jvarmark@uci.edu>}
  * @author Rahmadi Trimananda {@literal <rtrimana@uci.edu>}
@@ -38,8 +40,9 @@ public class TcpReassembler implements PacketListener {
 
     @Override
     public void gotPacket(PcapPacket pcapPacket) {
+        IpV4Packet ipPacket = pcapPacket.get(IpV4Packet.class);
         TcpPacket tcpPacket = pcapPacket.get(TcpPacket.class);
-        if (tcpPacket == null) {
+        if (ipPacket == null || tcpPacket == null) {
             return;
         }
         // ... TODO?
@@ -148,13 +151,15 @@ public class TcpReassembler implements PacketListener {
         if (!conv.isRetransmission(srvSynPacket) && !conv.addSynPacket(srvSynPacket)) {
             // For safety/debugging: if NOT a retransmission and add fails,
             // something has gone terribly wrong/invariant is broken.
-            throw new IllegalStateException("Attempt to add SYN ACK packet that was NOT a retransmission failed." +
+            throw new AssertionError("Attempt to add SYN ACK packet that was NOT a retransmission failed." +
                     Conversation.class.getSimpleName() + " invariant broken.");
         }
     }
 
     private void processRstPacket(PcapPacket rstPacket) {
         Conversation conv = getOngoingConversationOrCreateNew(rstPacket);
+        // Add RST packet to conversation.
+        conv.addRstPacket(rstPacket);
         // Move conversation to set of terminated conversations.
         mTerminatedConversations.add(conv);
         mOpenConversations.remove(conv, conv);
@@ -219,7 +224,11 @@ public class TcpReassembler implements PacketListener {
                 conv = Conversation.fromPcapPacket(pcapPacket, false);
             } else {
                 // TODO: can we do anything else but arbitrarily select who is designated as the server in this case?
-                conv = Conversation.fromPcapPacket(pcapPacket, false);
+                // We can check if the IP prefix matches a local IP when handling traffic observed inside the local
+                // network, but that obviously won't be a useful strategy for an observer at the WAN port.
+                String srcIp = pcapPacket.get(IpV4Packet.class).getHeader().getSrcAddr().getHostAddress();
+                boolean clientIsSrc = srcIp.startsWith("10.0.1.") || srcIp.startsWith("192.168.1.");
+                conv = Conversation.fromPcapPacket(pcapPacket, clientIsSrc);
             }
             mOpenConversations.put(conv, conv);
         }
PingPong 1.0: packet-level signatures extractor and detector.