add roundTripTime to conversation_statistics

code_boost/src/cxx/pcap_processor.cpp

@@ -371,7 +371,8 @@ void pcap_processor::process_packets(const Packet &pkt) {
             stats.increaseProtocolByteCount(ipAddressSender, "TCP", sizeCurrentPacket);
 
             // Conversation statistics
-            stats.addConvStat(ipAddressSender, tcpPkt.sport(), ipAddressReceiver, tcpPkt.dport(), pkt.timestamp());
+            const TCP& tcp = pdu_l4->rfind_pdu<TCP>();
+            stats.addConvStat(ipAddressSender, tcpPkt.sport(), ipAddressReceiver, tcpPkt.dport(), pkt.timestamp(), tcp.flags());
             stats.addConvStatExt(ipAddressSender,tcpPkt.sport(), ipAddressReceiver, tcpPkt.dport(), "TCP", pkt.timestamp());
 
             // Window Size distribution
@@ -395,6 +396,7 @@ void pcap_processor::process_packets(const Packet &pkt) {
             stats.increaseProtocolByteCount(ipAddressSender, "UDP", sizeCurrentPacket);
             stats.incrementPortCount(ipAddressSender, udpPkt.sport(), ipAddressReceiver, udpPkt.dport(), "UDP");
             stats.increasePortByteCount(ipAddressSender, udpPkt.sport(), ipAddressReceiver, udpPkt.dport(), sizeCurrentPacket, "UDP");
+            //TODO: (optional) add udp flag support?
             stats.addConvStatExt(ipAddressSender,udpPkt.sport(), ipAddressReceiver, udpPkt.dport(), "UDP", pkt.timestamp());
         } else if (p == PDU::PDUType::ICMP) {
             stats.incrementProtocolCount(ipAddressSender, "ICMP");

code_boost/src/cxx/statistics.cpp

@@ -356,7 +356,7 @@ void statistics::addIntervalStat(std::chrono::duration<int, std::micro> interval
  * @param dport The destination port.
  * @param timestamp The timestamp of the packet.
  */
-void statistics::addConvStat(const std::string &ipAddressSender,int sport,const std::string &ipAddressReceiver,int dport, std::chrono::microseconds timestamp){
+void statistics::addConvStat(const std::string &ipAddressSender,int sport,const std::string &ipAddressReceiver,int dport, std::chrono::microseconds timestamp, small_uint<12> flags){
 
     conv f1 = {ipAddressReceiver, dport, ipAddressSender, sport};
     conv f2 = {ipAddressSender, sport, ipAddressReceiver, dport};
@@ -367,6 +367,7 @@ void statistics::addConvStat(const std::string &ipAddressSender,int sport,const
         if(conv_statistics[f1].pkts_count<=3)
             conv_statistics[f1].interarrival_time.push_back(std::chrono::duration_cast<std::chrono::microseconds> (timestamp - conv_statistics[f1].pkts_timestamp.back()));
         conv_statistics[f1].pkts_timestamp.push_back(timestamp);
+        conv_statistics[f1].tcp_types.push_back(flags);
     }
     // Add new conversation A(ipAddressSender, sport), B(ipAddressReceiver, dport)
     else{
@@ -374,6 +375,7 @@ void statistics::addConvStat(const std::string &ipAddressSender,int sport,const
         if(conv_statistics[f2].pkts_timestamp.size()>0 && conv_statistics[f2].pkts_count<=3 )
             conv_statistics[f2].interarrival_time.push_back(std::chrono::duration_cast<std::chrono::microseconds> (timestamp - conv_statistics[f2].pkts_timestamp.back()));
         conv_statistics[f2].pkts_timestamp.push_back(timestamp);
+        conv_statistics[f2].tcp_types.push_back(flags);
     }
 }
 

code_boost/src/cxx/statistics.h

@@ -60,7 +60,7 @@ struct conv{
                && portA == other.portA
                &&ipAddressB == other.ipAddressB
                && portB == other.portB;
-    }    
+    }
 };
 
 /*
@@ -84,7 +84,7 @@ struct convWithProt{
                &&ipAddressB == other.ipAddressB
                && portB == other.portB
                && protocol == other.protocol;
-    }    
+    }
 };
 
 /*
@@ -302,13 +302,15 @@ struct entry_convStat {
     std::vector<std::chrono::microseconds> pkts_timestamp;
     std::vector<std::chrono::microseconds> interarrival_time;
     std::chrono::microseconds avg_interarrival_time;
+    std::vector<small_uint<12>> tcp_types;
 
     bool operator==(const entry_convStat &other) const {
         return pkts_count == other.pkts_count
                && avg_pkt_rate == avg_pkt_rate
                && pkts_timestamp == other.pkts_timestamp
                && interarrival_time == other.interarrival_time
-               && avg_interarrival_time == other.avg_interarrival_time;
+               && avg_interarrival_time == other.avg_interarrival_time
+               && tcp_types == other.tcp_types;
     }
 };
 
@@ -347,7 +349,7 @@ struct commInterval{
         return start == other.start
                && end == other.end
                && pkts_count == other.pkts_count;
-    }    
+    }
 };
 
 /*
@@ -465,7 +467,7 @@ namespace std {
                      ^ (hash<int>()(k.winSize) << 1)) >> 1);
         }
     };
-    
+
     template<>
     struct hash<conv> {
         std::size_t operator()(const conv &k) const {
@@ -492,7 +494,7 @@ namespace std {
                      ^ (hash<string>()(c.protocol));
         }
     };
-    
+
     template<>
     struct hash<ipAddress_protocol> {
         std::size_t operator()(const ipAddress_protocol &k) const {
@@ -552,7 +554,7 @@ public:
 
     void incrementWinCount(const std::string &ipAddress, int winSize);
 
-    void addConvStat(const std::string &ipAddressSender,int sport, const std::string &ipAddressReceiver,int dport, std::chrono::microseconds timestamp);
+    void addConvStat(const std::string &ipAddressSender,int sport, const std::string &ipAddressReceiver,int dport, std::chrono::microseconds timestamp, small_uint<12> flags);
 
     void addConvStatExt(const std::string &ipAddressSender,int sport, const std::string &ipAddressReceiver,int dport, const std::string &protocol, std::chrono::microseconds timestamp);
 
@@ -596,12 +598,12 @@ public:
     void setTimestampFirstPacket(Tins::Timestamp ts);
 
     void setTimestampLastPacket(Tins::Timestamp ts);
-    
+
     Tins::Timestamp getTimestampFirstPacket();
     Tins::Timestamp getTimestampLastPacket();
 
     void assignMacAddress(const std::string &ipAddress, const std::string &macAddress);
-    
+
     void addIpStat_packetSent(const std::string &ipAddressSender, const std::string &ipAddressReceiver, long bytesSent, std::chrono::microseconds timestamp);
 
     int getPacketCount();

code_boost/src/cxx/statistics_db.cpp

@@ -3,11 +3,14 @@
 #include <iostream>
 #include <sstream>
 #include <fstream>
+#include <numeric>
 #include <unistd.h>
 #include <stdio.h>
 #include <pybind11/pybind11.h>
 namespace py = pybind11;
 
+using namespace Tins;
+
 /**
  * Creates a new statistics_db object. Opens an existing database located at database_path. If not existing, creates
  * a new database at database_path.
@@ -443,9 +446,10 @@ void statistics_db::writeStatisticsConv(std::unordered_map<conv, entry_convStat>
                 "avgDelay INTEGER,"
                 "minDelay INTEGER,"
                 "maxDelay INTEGER,"
+                "roundTripTime INTEGER,"
                 "PRIMARY KEY(ipAddressA,portA,ipAddressB,portB));";
         db->exec(createTable);
-        SQLite::Statement query(*db, "INSERT INTO conv_statistics VALUES (?, ?, ?, ?, ?,  ?, ?, ?, ?)");
+        SQLite::Statement query(*db, "INSERT INTO conv_statistics VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
 
         // Calculate average of inter-arrival times and average packet rate
         for (auto it = convStatistics.begin(); it != convStatistics.end(); ++it) {
@@ -466,6 +470,38 @@ void statistics_db::writeStatisticsConv(std::unordered_map<conv, entry_convStat>
                     e.avg_interarrival_time = (std::chrono::microseconds) sumDelay / e.interarrival_time.size(); // average
                 else e.avg_interarrival_time = (std::chrono::microseconds) 0;
 
+                std::vector<std::chrono::microseconds>::const_iterator i1;
+                std::vector<small_uint<12>>::const_iterator i2;
+                std::chrono::microseconds roundTripTime = std::chrono::microseconds(0);
+                std::vector<std::chrono::microseconds> roundTripTimes;
+                bool flag = false;
+                if (e.pkts_timestamp.size() != e.tcp_types.size()) {
+                    std::cout << "shit..."<< std::endl;
+                }
+                for(i1 = e.pkts_timestamp.begin(), i2 = e.tcp_types.begin();
+                    i1 < e.pkts_timestamp.end(), i2 < e.tcp_types.end();
+                    ++i1, ++i2) {
+                    if (*i2 == TCP::SYN && !flag) {
+                        roundTripTime = *i1;
+                        flag = true;
+                    } else if (*i2 == TCP::ACK && flag) {
+                        roundTripTime = *i1 - roundTripTime;
+                        flag = false;
+                        roundTripTimes.push_back(roundTripTime);
+                        roundTripTime = std::chrono::microseconds(0);
+                    }
+                }
+
+                if (roundTripTimes.size() != 0) {
+                    std::vector<std::chrono::microseconds>::const_iterator it;
+                    for(it = roundTripTimes.begin(); it < roundTripTimes.end(); ++it) {
+                        roundTripTime += *it;
+                    }
+                    roundTripTime = roundTripTime / roundTripTimes.size();
+                } else {
+                    roundTripTime = std::chrono::microseconds(-1);
+                }
+
                 std::chrono::microseconds start_timesttamp = e.pkts_timestamp[0];
                 std::chrono::microseconds end_timesttamp = e.pkts_timestamp.back();
                 std::chrono::microseconds conn_duration = end_timesttamp - start_timesttamp;
@@ -480,6 +516,7 @@ void statistics_db::writeStatisticsConv(std::unordered_map<conv, entry_convStat>
                 query.bind(7, (int) e.avg_interarrival_time.count());
                 query.bind(8, minDelay);
                 query.bind(9, maxDelay);
+                query.bind(10, static_cast<int>(roundTripTime.count()));
                 query.exec();
                 query.reset();
 

code_boost/src/cxx/statistics_db.h

@@ -5,6 +5,7 @@
 #ifndef CPP_PCAPREADER_STATISTICSDB_H
 #define CPP_PCAPREADER_STATISTICSDB_H
 
+#include <tins/tins.h>
 #include <iostream>
 #include <memory>
 #include <string>