import edu.uci.iotproject.Conversation;
import edu.uci.iotproject.DnsMap;
+import edu.uci.iotproject.FinAckPair;
import edu.uci.iotproject.util.PcapPacketUtils;
import org.pcap4j.core.PcapPacket;
import org.pcap4j.packet.IpV4Packet;
*/
public class TcpConversationUtils {
-
/**
* <p>
* Given a {@link Conversation}, extract its set of "packet pairs", i.e., pairs of request-reply packets.
return result;
}
+ /**
+ * Given a {@link Collection} of {@link Conversation}s, builds a {@link Map} from {@link String} to {@link List}
+ * of {@link Conversation}s such that each key is the <em>concatenation of the packet lengths of all payload packets
+ * (i.e., the set of packets returned by {@link Conversation#getPackets()}) separated by a delimiter</em> of any
+ * {@link Conversation} pointed to by that key. In other words, what the {@link Conversation}s {@code cs} pointed to
+ * by the key {@code s} have in common is that they all contain exactly the same number of payload packets <em>and
+ * </em> these payload packets are identical across all {@code Conversation}s in {@code convs} in terms of packet
+ * length and packet order. For example, if the key is "152 440 550", this means that every individual
+ * {@code Conversation} in the list of {@code Conversation}s pointed to by that key contain exactly three payload
+ * packet of lengths 152, 440, and 550, and these three packets are ordered the in the order prescribed by the key.
+ *
+ * @param conversations The collection of {@code Conversation}s to group by packet sequence.
+ * @return a {@link Map} from {@link String} to {@link List} of {@link Conversation}s such that each key is the
+ * <em>concatenation of the packet lengths of all payload packets (i.e., the set of packets returned by
+ * {@link Conversation#getPackets()}) separated by a delimiter</em> of any {@link Conversation} pointed to
+ * by that key.
+ */
+ public static Map<String, List<Conversation>> groupConversationsByPacketSequence(Collection<Conversation> conversations) {
+ Map<String, List<Conversation>> result = new HashMap<>();
+ for (Conversation conv : conversations) {
+ if (conv.getPackets().size() == 0) {
+ // Skip conversations with no payload packets.
+ continue;
+ }
+ StringBuilder sb = new StringBuilder();
+ // Add SYN and SYNACK at front of sequence to indicate if we saw the handshake or if recording started in
+ // the middle of the conversation.
+ for (PcapPacket syn : conv.getSynPackets()) {
+ TcpPacket.TcpHeader tcpHeader = syn.get(TcpPacket.class).getHeader();
+ if (tcpHeader.getSyn() && tcpHeader.getAck()) {
+ // Only append a space if there's preceding content.
+ appendSpaceIfNotEmpty(sb);
+ sb.append("SYNACK");
+ } else if (tcpHeader.getSyn()) {
+ if (sb.length() != 0) {
+ // If present in the trace, the client's SYN should be at the front of the list, so it should be
+ // appended as the first item.
+ throw new AssertionError("StringBuilder had content when appending SYN");
+ }
+ sb.append("SYN");
+ }
+ }
+ // Then append the length of all application data packets.
+ for (PcapPacket pp : conv.getPackets()) {
+ // Only append a space if there's preceding content.
+ appendSpaceIfNotEmpty(sb);
+ sb.append("(" + conv.getDirection(pp).toCompactString() + "_" + pp.length() + ")");
+ }
+ // Then append the logged FINs to indicate if conversation was terminated gracefully.
+ for (FinAckPair fap : conv.getFinAckPairs()) {
+ appendSpaceIfNotEmpty(sb);
+ sb.append(fap.isAcknowledged() ? "FINACK" : "FIN");
+ }
+ // Then append the logged RSTs to indicate if conversation was terminated abruptly.
+ for (PcapPacket pp : conv.getRstPackets()) {
+ appendSpaceIfNotEmpty(sb);
+ sb.append("RST");
+ }
+ List<Conversation> oneItemList = new ArrayList<>();
+ oneItemList.add(conv);
+ result.merge(sb.toString(), oneItemList, (oldList, newList) -> {
+ oldList.addAll(newList);
+ return oldList;
+ });
+ }
+ return result;
+ }
+
/**
* Given a {@link Conversation}, counts the frequencies of each unique packet length seen as part of the
* {@code Conversation}.
}
return result;
}
+
+ /**
+ * Appends a space to {@code sb} <em>iff</em> {@code sb} already contains some content.
+ * @param sb A {@link StringBuilder} that should have a space appended <em>iff</em> it is not empty.
+ */
+ private static void appendSpaceIfNotEmpty(StringBuilder sb) {
+ if (sb.length() != 0) {
+ sb.append(" ");
+ }
+ }
}
projects / pingpong.git / blobdiff