Merge branch 'unrecognized_PDUs' of stefan.schmidt/ID2T-toolkit into master

code_boost/src/cxx/pcap_processor.cpp

@@ -8,6 +8,7 @@ using namespace Tins;
  */
 pcap_processor::pcap_processor(std::string path, std::string extraTests) {
     filePath = path;
+    hasUnrecognized = false;
     if(extraTests == "True")
         stats.setDoExtraTests(true);
     else stats.setDoExtraTests(false);;
@@ -236,8 +237,19 @@ void pcap_processor::process_packets(const Packet &pkt) {
         // Assign IP Address to MAC Address
         stats.assignMacAddress(ipAddressSender, macAddressSender);
         stats.assignMacAddress(ipAddressReceiver, macAddressReceiver);
-    } else {
-        std::cout << "Unknown PDU Type on L3: " << pdu_l3_type << std::endl;
+
+    } //PDU is unrecognized
+    else {
+        if(!hasUnrecognized) {
+            std::cerr << "Unrecognized PDUs detected: Check 'unrecognized_pdus' table!" << std::endl;
+            hasUnrecognized = true;
+        }
+
+        EthernetII eth = (const EthernetII &) *pdu_l2;
+        Tins::Timestamp ts = pkt.timestamp();
+        std::string timestamp_pkt = stats.getFormattedTimestamp(ts.seconds(), ts.microseconds());
+
+        stats.incrementUnrecognizedPDUCount(macAddressSender, macAddressReceiver, eth.payload_type(), timestamp_pkt);
     }
 
     // Layer 4 - Transport -------------------------------

code_boost/src/cxx/pcap_processor.h

@@ -30,6 +30,7 @@ public:
      */
     statistics stats;
     std::string filePath;
+    bool hasUnrecognized;
 
     /*
      * Methods

code_boost/src/cxx/statistics.cpp

@@ -359,6 +359,20 @@ void statistics::increasePortByteCount(std::string ipAddressSender, int outgoing
     ip_ports[{ipAddressReceiver, "in", incomingPort, protocol}].byteCount += bytesSent;
 }
 
+/**
+ * Increments the packet counter for
+ * - the given sender MAC address and
+ * - the given receiver MAC address.
+ * @param srcMac The MAC address of the packet sender.
+ * @param dstMac The MAC address of the packet receiver.
+ * @param typeNumber The payload type number of the packet.
+ */
+void statistics::incrementUnrecognizedPDUCount(std::string srcMac, std::string dstMac, uint32_t typeNumber,
+                                               std::string timestamp) {
+    unrecognized_PDUs[{srcMac, dstMac, typeNumber}].count++;
+    unrecognized_PDUs[{srcMac, dstMac, typeNumber}].timestamp_last_occurrence = timestamp;
+}
+
 /**
  * Creates a new statistics object.
  */
@@ -638,6 +652,7 @@ void statistics::writeToDatabase(std::string database_path) {
         db.writeStatisticsConv(conv_statistics);
         db.writeStatisticsInterval(interval_statistics);
         db.writeDbVersion();
+        db.writeStatisticsUnrecognizedPDUs(unrecognized_PDUs);
     }
     else {
         // Tinslib failed to recognize the types of the packets in the input PCAP

code_boost/src/cxx/statistics.h

@@ -285,6 +285,35 @@ struct ipAddress_inOut_port {
     }
 };
 
+/*
+ * Struct used to represent:
+ * - Source MAC address
+ * - Destination MAC address
+ * - Payload type number
+ */
+struct unrecognized_PDU {
+    std::string srcMacAddress;
+    std::string dstMacAddress;
+    uint32_t typeNumber;
+
+    bool operator==(const unrecognized_PDU &other) const {
+        return srcMacAddress == other.srcMacAddress
+               && dstMacAddress == other.dstMacAddress
+               && typeNumber == other.typeNumber;
+    }
+};
+
+/*
+ * Struct used to represent:
+ * - Number of occurrences
+ * - Formatted timestamp of last occurrence
+ */
+struct unrecognized_PDU_stat {
+    int count;
+    std::string timestamp_last_occurrence;
+};
+
+
 /*
  * Definition of hash functions for structs used as key in unordered_map
  */
@@ -368,6 +397,18 @@ namespace std {
                    ^ (hash<int>()(k.portNumber) << 1);
         }
     };
+
+    template<>
+    struct hash<unrecognized_PDU> {
+        std::size_t operator()(const unrecognized_PDU &k) const {
+            using std::size_t;
+            using std::hash;
+            using std::string;
+            return ((hash<string>()(k.srcMacAddress)
+                     ^ (hash<string>()(k.dstMacAddress) << 1)) >> 1)
+                   ^ (hash<uint32_t>()(k.typeNumber) << 1);
+        }
+    };
 }
 
 class statistics {
@@ -415,6 +456,9 @@ public:
 
     void increaseProtocolByteCount(std::string ipAddress, std::string protocol, long bytesSent);
 
+    void incrementUnrecognizedPDUCount(std::string srcMac, std::string dstMac, uint32_t typeNumber,
+                                       std::string timestamp);
+
     void incrementPortCount(std::string ipAddressSender, int outgoingPort, std::string ipAddressReceiver,
                             int incomingPort, std::string protocol);
 
@@ -547,6 +591,9 @@ private:
 
     // {IP Address, MAC Address}
     std::unordered_map<std::string, std::string> ip_mac_mapping;
+
+    // {Source MAC, Destination MAC, typeNumber, #count, #timestamp of last occurrence}
+    std::unordered_map<unrecognized_PDU, unrecognized_PDU_stat> unrecognized_PDUs;
 };
 
 

code_boost/src/cxx/statistics_db.cpp

@@ -567,4 +567,38 @@ bool statistics_db::pathExists(std::string path)
     {
         return false;
     }
+}
+/**
+ * Writes the unrecognized PDUs into the database.
+ * @param unrecognized_PDUs The unrecognized PDUs from class statistics.
+ */
+void statistics_db::writeStatisticsUnrecognizedPDUs(std::unordered_map<unrecognized_PDU, unrecognized_PDU_stat>
+                                                    unrecognized_PDUs) {
+    try {
+        db->exec("DROP TABLE IF EXISTS unrecognized_pdus");
+        SQLite::Transaction transaction(*db);
+        const char *createTable = "CREATE TABLE unrecognized_pdus ("
+                "srcMac TEXT COLLATE NOCASE,"
+                "dstMac TEXT COLLATE NOCASE,"
+                "etherType INTEGER,"
+                "pktCount INTEGER,"
+                "timestampLastOccurrence TEXT,"
+                "PRIMARY KEY(srcMac,dstMac,etherType));";
+        db->exec(createTable);
+        SQLite::Statement query(*db, "INSERT INTO unrecognized_pdus VALUES (?, ?, ?, ?, ?)");
+        for (auto it = unrecognized_PDUs.begin(); it != unrecognized_PDUs.end(); ++it) {
+            unrecognized_PDU e = it->first;
+            query.bind(1, e.srcMacAddress);
+            query.bind(2, e.dstMacAddress);
+            query.bind(3, e.typeNumber);
+            query.bind(4, it->second.count);
+            query.bind(5, it->second.timestamp_last_occurrence);
+            query.exec();
+            query.reset();
+        }
+        transaction.commit();
+    }
+    catch (std::exception &e) {
+        std::cout << "Exception in statistics_db: " << e.what() << std::endl;
+    }
 }

code_boost/src/cxx/statistics_db.h

@@ -23,7 +23,7 @@ public:
     /*
      * Database version: Increment number on every change in the C++ code!
      */
-    static const int DB_VERSION = 3;
+    static const int DB_VERSION = 4;
 
     /*
      * Methods for writing values into database
@@ -60,6 +60,8 @@ public:
 
     bool pathExists(std::string path);
 
+    void writeStatisticsUnrecognizedPDUs(std::unordered_map<unrecognized_PDU, unrecognized_PDU_stat> unrecognized_PDUs);
+
 private:
     // Pointer to the SQLite database
     std::unique_ptr<SQLite::Database> db;