// Parse optional parameters.
List<Function<Layer2Flow, Boolean>> onSignatureMacFilters = null, offSignatureMacFilters = null;
+ String vpnClientMacAddress = null;
final int optParamsStartIdx = 7;
if (args.length > optParamsStartIdx) {
for (int i = optParamsStartIdx; i < args.length; i++) {
} else if (args[i].equalsIgnoreCase("-sout")) {
// Next argument is a boolean true/false literal.
DUPLICATE_OUTPUT_TO_STD_OUT = Boolean.parseBoolean(args[i+1]);
+ } else if (args[i].equalsIgnoreCase("-vpn")) {
+ vpnClientMacAddress = args[i+1];
}
}
}
}
Layer2SignatureDetector onDetector = onSignatureMacFilters == null ?
new Layer2SignatureDetector(onSignature, TRAINING_ROUTER_WLAN_MAC, ROUTER_WLAN_MAC, signatureDuration,
- isRangeBasedForOn, eps, onMaxSkippedPackets) :
+ isRangeBasedForOn, eps, onMaxSkippedPackets, vpnClientMacAddress) :
new Layer2SignatureDetector(onSignature, TRAINING_ROUTER_WLAN_MAC, ROUTER_WLAN_MAC,
- onSignatureMacFilters, signatureDuration, isRangeBasedForOn, eps, onMaxSkippedPackets);
+ onSignatureMacFilters, signatureDuration, isRangeBasedForOn, eps, onMaxSkippedPackets,
+ vpnClientMacAddress);
Layer2SignatureDetector offDetector = offSignatureMacFilters == null ?
new Layer2SignatureDetector(offSignature, TRAINING_ROUTER_WLAN_MAC, ROUTER_WLAN_MAC, signatureDuration,
- isRangeBasedForOff, eps, offMaxSkippedPackets) :
+ isRangeBasedForOff, eps, offMaxSkippedPackets, vpnClientMacAddress) :
new Layer2SignatureDetector(offSignature, TRAINING_ROUTER_WLAN_MAC, ROUTER_WLAN_MAC, offSignatureMacFilters,
- signatureDuration, isRangeBasedForOff, eps, offMaxSkippedPackets);
+ signatureDuration, isRangeBasedForOff, eps, offMaxSkippedPackets, vpnClientMacAddress);
final List<UserAction> detectedEvents = new ArrayList<>();
onDetector.addObserver((signature, match) -> {
UserAction event = new UserAction(UserAction.Type.TOGGLE_ON, match.get(0).get(0).getTimestamp());
/**
* In charge of reassembling layer 2 packet flows.
*/
- private final Layer2FlowReassembler mFlowReassembler = new Layer2FlowReassembler();
+ private Layer2FlowReassembler mFlowReassembler;
private final List<SignatureDetectorObserver> mObservers = new ArrayList<>();
public Layer2SignatureDetector(List<List<List<PcapPacket>>> searchedSignature, String trainingRouterWlanMac,
String routerWlanMac, int signatureDuration, boolean isRangeBased, double eps,
- int limitSkippedPackets) {
+ int limitSkippedPackets, String vpnClientMacAddress) {
this(searchedSignature, trainingRouterWlanMac, routerWlanMac, null, signatureDuration, isRangeBased,
- eps, limitSkippedPackets);
+ eps, limitSkippedPackets, vpnClientMacAddress);
}
public Layer2SignatureDetector(List<List<List<PcapPacket>>> searchedSignature, String trainingRouterWlanMac,
String routerWlanMac, List<Function<Layer2Flow, Boolean>> flowFilters,
- int inclusionTimeMillis, boolean isRangeBased, double eps, int limitSkippedPackets) {
+ int inclusionTimeMillis, boolean isRangeBased, double eps, int limitSkippedPackets,
+ String vpnClientMacAddress) {
if (flowFilters != null && flowFilters.size() != searchedSignature.size()) {
throw new IllegalArgumentException("If flow filters are used, there must be a flow filter for each cluster " +
"of the signature.");
}
mClusterMatcherIds = Collections.unmodifiableMap(clusterMatcherIds);
// Register all cluster matchers to receive a notification whenever a new flow is encountered.
+ if (vpnClientMacAddress != null) {
+ mFlowReassembler = new Layer2FlowReassembler(vpnClientMacAddress);
+ } else {
+ mFlowReassembler = new Layer2FlowReassembler();
+ }
mClusterMatchers.forEach(cm -> mFlowReassembler.addObserver(cm));
mInclusionTimeMillis =
inclusionTimeMillis == 0 ? TriggerTrafficExtractor.INCLUSION_WINDOW_MILLIS : inclusionTimeMillis;
private final List<Layer2FlowReassemblerObserver> mObservers = new ArrayList<>();
+ private String mVpnClientMacAddress = null;
+
+ public Layer2FlowReassembler() { }
+
+ public Layer2FlowReassembler(String vpnClientMacAddress) {
+ mVpnClientMacAddress = vpnClientMacAddress;
+ }
+
@Override
public void gotPacket(PcapPacket packet) {
// TODO: update to 802.11 packet...?
MacAddress srcAddr = ethPkt.getHeader().getSrcAddr();
MacAddress dstAddr = ethPkt.getHeader().getDstAddr();
- String key = keyFromAddresses(srcAddr, dstAddr);
+ String key = null;
+ if (mVpnClientMacAddress != null) {
+ if (srcAddr.toString().equals(mVpnClientMacAddress)) {
+ key = srcAddr.toString();
+ } else if (dstAddr.toString().equals(mVpnClientMacAddress)) {
+ key = dstAddr.toString();
+ } else {
+ return;
+ }
+ } else {
+ key = keyFromAddresses(srcAddr, dstAddr);
+ }
// Create a new list if this pair of MAC addresses where not previously encountered and add packet to that list,
// or simply add to an existing list if one is present.
mFlows.computeIfAbsent(key, k -> {