X-Git-Url: http://plrg.eecs.uci.edu/git/?p=pingpong.git;a=blobdiff_plain;f=Code%2FProjects%2FSmartPlugDetector%2Fsrc%2Fmain%2Fjava%2Fedu%2Fuci%2Fiotproject%2Futil%2FPcapPacketUtils.java;h=067af93edd6acf435ab154480b0a1434d2a9fa02;hp=715f2e27350932e3863ca74858a5d0b47c2599e0;hb=6647790f717c4e02d11d6f1bfbe847a83dd1f32f;hpb=579e5f9d8af276e0e62e0ee39d104e048a4eb6ec
diff --git a/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/util/PcapPacketUtils.java b/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/util/PcapPacketUtils.java
index 715f2e2..067af93 100644
--- a/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/util/PcapPacketUtils.java
+++ b/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/util/PcapPacketUtils.java
@@ -1,13 +1,15 @@
package edu.uci.iotproject.util;
-import edu.uci.iotproject.Conversation;
+import edu.uci.iotproject.trafficreassembly.layer3.Conversation;
import edu.uci.iotproject.analysis.PcapPacketPair;
import edu.uci.iotproject.analysis.TcpConversationUtils;
import edu.uci.iotproject.analysis.TriggerTrafficExtractor;
import org.apache.commons.math3.stat.clustering.Cluster;
import org.pcap4j.core.PcapPacket;
+import org.pcap4j.packet.EthernetPacket;
import org.pcap4j.packet.IpV4Packet;
import org.pcap4j.packet.TcpPacket;
+import org.pcap4j.util.MacAddress;
import java.util.*;
@@ -26,6 +28,30 @@ public final class PcapPacketUtils {
*/
private static final int SIGNATURE_MERGE_THRESHOLD = 5;
+ /**
+ * This is an overlap counter (we consider overlaps between signatures if it happens more than once)
+ */
+ private static int mOverlapCounter = 0;
+
+
+ /**
+ * Gets the source address of the Ethernet part of {@code packet}.
+ * @param packet The packet for which the Ethernet source address is to be extracted.
+ * @return The source address of the Ethernet part of {@code packet}.
+ */
+ public static MacAddress getEthSrcAddr(PcapPacket packet) {
+ return getEthernetPacketOrThrow(packet).getHeader().getSrcAddr();
+ }
+
+ /**
+ * Gets the destination address of the Ethernet part of {@code packet}.
+ * @param packet The packet for which the Ethernet destination address is to be extracted.
+ * @return The destination address of the Ethernet part of {@code packet}.
+ */
+ public static MacAddress getEthDstAddr(PcapPacket packet) {
+ return getEthernetPacketOrThrow(packet).getHeader().getDstAddr();
+ }
+
/**
* Determines if a given {@link PcapPacket} wraps a {@link TcpPacket}.
* @param packet The {@link PcapPacket} to inspect.
@@ -92,7 +118,7 @@ public final class PcapPacketUtils {
* @param port The port to look for in the tcp.port field of {@code packet}.
* @return {@code true} if the given ip+port match the corresponding fields in {@code packet}.
*/
- public static boolean isSource(PcapPacket packet, String ip, int port) {
+ public static boolean isSource(PcapPacket packet, String ip, int port) {
IpV4Packet ipPacket = Objects.requireNonNull(packet.get(IpV4Packet.class));
// For now we only support TCP flows.
TcpPacket tcpPacket = Objects.requireNonNull(packet.get(TcpPacket.class));
@@ -153,7 +179,7 @@ public final class PcapPacketUtils {
}
/**
- * Checks if {@code packet} wraps a TCP packet that has the ACK flag set.
+ * Checks if {@code packet} wraps a TCP packet th at has the ACK flag set.
* @param packet A {@link PcapPacket} that is suspected to contain a {@link TcpPacket} for which the ACK flag is set.
* @return {@code true} iff {@code packet} contains a {@code TcpPacket} for which the ACK flag is set,
* {@code false} otherwise.
@@ -183,7 +209,7 @@ public final class PcapPacketUtils {
ppListOfList.add(ppList);
}
// Sort the list of lists based on the first packet's timestamp!
- Collections.sort(ppListOfList, (p1, p2) -> p1.get(0).getTimestamp().compareTo(p2.get(0).getTimestamp()));
+ Collections.sort(ppListOfList, (p1, p2) -> p1. get(0).getTimestamp().compareTo(p2.get(0).getTimestamp()));
return ppListOfList;
}
@@ -199,8 +225,12 @@ public final class PcapPacketUtils {
*/
public static List>>
mergeSignatures(List>> signatures, List conversations) {
- // Make a copy first.
- List>> copySignatures = new ArrayList<>(signatures);
+
+ // TODO: THIS IS NOT A DEEP COPY; IT BASICALLY CREATES A REFERENCE TO THE SAME LIST OBJECT
+ // List>> copySignatures = new ArrayList<>(signatures);
+ // Make a deep copy first.
+ List>> copySignatures = new ArrayList<>();
+ listDeepCopy(copySignatures, signatures);
// Traverse and look into the pairs of signatures.
for (int first = 0; first < signatures.size(); first++) {
List> firstList = signatures.get(first);
@@ -241,6 +271,9 @@ public final class PcapPacketUtils {
if (secondList.size() < SIGNATURE_MERGE_THRESHOLD) {
// Prune the unsuccessfully merged signatures (i.e., these will have size() < maxSignatureEl).
final int maxNumOfEl = maxSignatureEl;
+ // TODO: DOUBLE CHECK IF WE REALLY NEED TO PRUNE FAILED BINDINGS
+ // TODO: SOMETIMES THE SEQUENCES ARE JUST INCOMPLETE
+ // TODO: AND BOTH THE COMPLETE AND INCOMPLETE SEQUENCES ARE VALID SIGNATURES!
firstList.removeIf(el -> el.size() < maxNumOfEl);
// Remove the merged set of signatures when successful.
signatures.remove(secondList);
@@ -254,6 +287,28 @@ public final class PcapPacketUtils {
return signatures;
}
+ /**
+ * Deep copy to create an entirely new {@link List} of {@link List} of {@link List} of {@link PcapPacket} objects.
+ * @param destList A {@link List} of {@link List} of {@link List} of
+ * {@link PcapPacket} objects that will be the final container of the deep copy
+ * @param sourceList A {@link List} of {@link List} of {@link List} of
+ * {@link PcapPacket} objects that will be the source of the deep copy.
+ */
+ private static void listDeepCopy(List>> destList, List>> sourceList) {
+
+ for(List> llPcapPacket : sourceList) {
+ List> tmpListOfList = new ArrayList<>();
+ for(List lPcapPacket : llPcapPacket) {
+ List tmpList = new ArrayList<>();
+ for(PcapPacket pcapPacket : lPcapPacket) {
+ tmpList.add(pcapPacket);
+ }
+ tmpListOfList.add(tmpList);
+ }
+ destList.add(tmpListOfList);
+ }
+ }
+
/**
* Sort the signatures in the {@code List} of {@code List} of {@code List} of {@code PcapPacket} objects.
* The purpose of this is to sort the order of signatures in the signature list. For detection purposes, we need
@@ -268,9 +323,11 @@ public final class PcapPacketUtils {
public static List>> sortSignatures(List>> signatures) {
// TODO: This is the simplest solution!!! Might not cover all corner cases.
// TODO: Sort the list of lists based on the first packet's timestamps!
- //Collections.sort(signatures, (p1, p2) -> {
- // return p1.get(0).get(0).getTimestamp().compareTo(p2.get(0).get(0).getTimestamp());
- //});
+// Collections.sort(signatures, (p1, p2) -> {
+// //return p1.get(0).get(0).getTimestamp().compareTo(p2.get(0).get(0).getTimestamp());
+// int compare = p1.get(0).get(0).getTimestamp().compareTo(p2.get(0).get(0).getTimestamp());
+// return compare;
+// });
// TODO: The following is a more complete solution that covers corner cases.
// Sort the list of lists based on one-to-one comparison between timestamps of signatures on both lists.
// This also takes into account the fact that the number of signatures in the two lists could be different.
@@ -289,14 +346,17 @@ public final class PcapPacketUtils {
if (Math.abs(timestamp1 - timestamp2) < TriggerTrafficExtractor.INCLUSION_WINDOW_MILLIS) {
// If these two are within INCLUSION_WINDOW_MILLIS window then compare!
compare = p1.get(count1).get(0).getTimestamp().compareTo(p2.get(count2).get(0).getTimestamp());
- if (comparePrev != 0) { // First time since it is 0
- if (Integer.signum(compare) != Integer.signum(comparePrev)) {
- // Throw an exception if the order of the two signatures is not consistent,
- // E.g., 111, 222, 333 in one occassion and 222, 333, 111 in the other.
- throw new Error("For some reason, the order of signatures are not always consistent!" +
- "Returning the original data structure of signatures...");
- }
- }
+// if (comparePrev != 0) { // First time since it is 0
+// if (Integer.signum(compare) != Integer.signum(comparePrev)) {
+// // Throw an exception if the order of the two signatures is not consistent,
+// // E.g., 111, 222, 333 in one occassion and 222, 333, 111 in the other.
+// throw new Error("OVERLAP WARNING: " + "" +
+// "Please remove one of the sequences: " +
+// p1.get(0).get(0).length() + "... OR " +
+// p2.get(0).get(0).length() + "...");
+// }
+// }
+ overlapChecking(compare, comparePrev, p1.get(count1), p2.get(count2));
comparePrev = compare;
count1++;
count2++;
@@ -314,14 +374,111 @@ public final class PcapPacketUtils {
return signatures;
}
+ /**
+ * Checks for overlapping between two packet sequences.
+ * @param compare Current comparison value between packet sequences p1 and p2
+ * @param comparePrev Previous comparison value between packet sequences p1 and p2
+ * @param sequence1 The packet sequence ({@link List} of {@link PcapPacket} objects).
+ * @param sequence2 The packet sequence ({@link List} of {@link PcapPacket} objects).
+ */
+ private static void overlapChecking(int compare, int comparePrev, List sequence1, List sequence2) {
+
+ // Check if p1 occurs before p2 but both have same overlap
+ if (comparePrev != 0) { // First time since it is 0
+ if (Integer.signum(compare) != Integer.signum(comparePrev)) {
+ // Throw an exception if the order of the two signatures is not consistent,
+ // E.g., 111, 222, 333 in one occassion and 222, 333, 111 in the other.
+ throw new Error("OVERLAP WARNING: " + "" +
+ "Two sequences have some overlap. Please remove one of the sequences: " +
+ sequence1.get(0).length() + "... OR " +
+ sequence2.get(0).length() + "...");
+ }
+ }
+ // Check if p1 is longer than p2 and p2 occurs during the occurrence of p1
+ int lastIndexOfSequence1 = sequence1.size() - 1;
+ int lastIndexOfSequence2 = sequence2.size() - 1;
+ int compareLast =
+ sequence1.get(lastIndexOfSequence1).getTimestamp().compareTo(sequence2.get(lastIndexOfSequence2).getTimestamp());
+ // Check the signs of compare and compareLast
+ if ((compare <= 0 && compareLast > 0) ||
+ (compareLast <= 0 && compare > 0)) {
+ mOverlapCounter++;
+ // TODO: Probably not the best approach but we consider overlap if it happens more than once
+ if (mOverlapCounter > 1) {
+ throw new Error("OVERLAP WARNING: " + "" +
+ "One sequence is in the other. Please remove one of the sequences: " +
+ sequence1.get(0).length() + "... OR " +
+ sequence2.get(0).length() + "...");
+ }
+ }
+
+ }
+
/**
* Gets the {@link IpV4Packet} contained in {@code packet}, or throws a {@link NullPointerException} if
* {@code packet} does not contain an {@link IpV4Packet}.
- * @param packet A {@link PcapPacket} that is expected to contain a {@link IpV4Packet}.
+ * @param packet A {@link PcapPacket} that is expected to contain an {@link IpV4Packet}.
* @return The {@link IpV4Packet} contained in {@code packet}.
* @throws NullPointerException if {@code packet} does not encapsulate an {@link IpV4Packet}.
*/
private static IpV4Packet getIpV4PacketOrThrow(PcapPacket packet) {
return Objects.requireNonNull(packet.get(IpV4Packet.class), "not an IPv4 packet");
}
+
+ /**
+ * Gets the {@link EthernetPacket} contained in {@code packet}, or throws a {@link NullPointerException} if
+ * {@code packet} does not contain an {@link EthernetPacket}.
+ * @param packet A {@link PcapPacket} that is expected to contain an {@link EthernetPacket}.
+ * @return The {@link EthernetPacket} contained in {@code packet}.
+ * @throws NullPointerException if {@code packet} does not encapsulate an {@link EthernetPacket}.
+ */
+ private static final EthernetPacket getEthernetPacketOrThrow(PcapPacket packet) {
+ return Objects.requireNonNull(packet.get(EthernetPacket.class), "not an Ethernet packet");
+ }
+
+ /**
+ * Print signatures in {@code List} of {@code List} of {@code List} of {@code PcapPacket} objects.
+ *
+ * @param signatures A {@link List} of {@link List} of {@link List} of
+ * {@link PcapPacket} objects that needs to be printed.
+ */
+ public static void printSignatures(List>> signatures) {
+
+ // Iterate over the list of all clusters/sequences
+ int sequenceCounter = 0;
+ for(List> listListPcapPacket : signatures) {
+ // Iterate over every member of a cluster/sequence
+ System.out.print("====== SEQUENCE " + ++sequenceCounter);
+ System.out.println(" - " + listListPcapPacket.size() + " MEMBERS ======");
+ for(List listPcapPacket : listListPcapPacket) {
+ // Print out packet lengths in a sequence
+ int packetCounter = 0;
+ for(PcapPacket pcapPacket : listPcapPacket) {
+ if(pcapPacket != null) {
+ System.out.print(pcapPacket.length());
+ }
+ if(packetCounter < listPcapPacket.size() - 1) {
+ System.out.print(" "); // Provide space if not last packet
+ } else {
+ System.out.println(); // Newline if last packet
+ }
+ packetCounter++;
+ }
+ }
+ }
+ }
+
+ /**
+ * Remove a sequence in a signature object.
+ *
+ * @param signatures A {@link List} of {@link List} of {@link List} of
+ * {@link PcapPacket} objects.
+ * @param sequenceIndex An index for a sequence that consists of {{@link List} of {@link List} of
+ * {@link PcapPacket} objects.
+ */
+ public static void removeSequenceFromSignature(List>> signatures, int sequenceIndex) {
+
+ // Sequence index starts from 0
+ signatures.remove(sequenceIndex);
+ }
}