add timestamp of last occurrence of unrecognized packet to table

also don't give ARP packets special treatment anymore

code_boost/src/cxx/pcap_processor.cpp

@@ -238,30 +238,7 @@ void pcap_processor::process_packets(const Packet &pkt) {
         stats.assignMacAddress(ipAddressSender, macAddressSender);
         stats.assignMacAddress(ipAddressReceiver, macAddressReceiver);
 
-    } //PDU is ARP
-    else if(pdu_l3_type == PDU::PDUType::ARP) {
-        const ARP &ipLayer = (const ARP &) *pdu_l3;
-        ipAddressSender = ipLayer.sender_ip_addr().to_string();
-        ipAddressReceiver = ipLayer.target_ip_addr().to_string();
-
-        // Protocol distribution
-        stats.incrementProtocolCount(ipAddressSender, "ARP");
-        stats.increaseProtocolByteCount(ipAddressSender, "ARP", sizeCurrentPacket);
-
-        // Assign IP Address to MAC Address
-        stats.assignMacAddress(ipAddressSender, macAddressSender);
-
-        EthernetII eth = (const EthernetII &) *pdu_l2;
-
-        stats.incrementUnrecognizedPDUCount(macAddressSender, macAddressReceiver, eth.payload_type());
-
-        if(!hasUnrecognized) {
-            std::cerr << "Unrecognized PDUs detected: Check 'unrecognized_pdus' table!" << std::endl;
-            hasUnrecognized = true;
-        }
-
-    }
-
+    } //PDU is unrecognized
     else {
         if(!hasUnrecognized) {
             std::cerr << "Unrecognized PDUs detected: Check 'unrecognized_pdus' table!" << std::endl;
@@ -269,8 +246,10 @@ void pcap_processor::process_packets(const Packet &pkt) {
         }
 
         EthernetII eth = (const EthernetII &) *pdu_l2;
+        Tins::Timestamp ts = pkt.timestamp();
+        std::string timestamp_pkt = stats.getFormattedTimestamp(ts.seconds(), ts.microseconds());
 
-        stats.incrementUnrecognizedPDUCount(macAddressSender, macAddressReceiver, eth.payload_type());
+        stats.incrementUnrecognizedPDUCount(macAddressSender, macAddressReceiver, eth.payload_type(), timestamp_pkt);
     }
 
     // Layer 4 - Transport -------------------------------

code_boost/src/cxx/statistics.cpp

@@ -367,8 +367,10 @@ void statistics::increasePortByteCount(std::string ipAddressSender, int outgoing
  * @param dstMac The MAC address of the packet receiver.
  * @param typeNumber The payload type number of the packet.
  */
-void statistics::incrementUnrecognizedPDUCount(std::string srcMac, std::string dstMac, uint32_t typeNumber) {
-    unrecognized_PDUs[{srcMac, dstMac, typeNumber}]++;
+void statistics::incrementUnrecognizedPDUCount(std::string srcMac, std::string dstMac, uint32_t typeNumber,
+                                               std::string timestamp) {
+    unrecognized_PDUs[{srcMac, dstMac, typeNumber}].count++;
+    unrecognized_PDUs[{srcMac, dstMac, typeNumber}].timestamp_last_occurrence = timestamp;
 }
 
 /**

code_boost/src/cxx/statistics.h

@@ -301,6 +301,17 @@ struct unrecognized_PDU {
     }
 };
 
+/*
+ * Struct used to represent:
+ * - Number of occurrences
+ * - Formatted timestamp of last occurrence
+ */
+struct unrecognized_PDU_stat {
+    int count;
+    std::string timestamp_last_occurrence;
+};
+
+
 /*
  * Definition of hash functions for structs used as key in unordered_map
  */
@@ -443,7 +454,8 @@ public:
 
     void increaseProtocolByteCount(std::string ipAddress, std::string protocol, long bytesSent);
 
-    void incrementUnrecognizedPDUCount(std::string srcMac, std::string dstMac, uint32_t typeNumber);
+    void incrementUnrecognizedPDUCount(std::string srcMac, std::string dstMac, uint32_t typeNumber,
+                                       std::string timestamp);
 
     void incrementPortCount(std::string ipAddressSender, int outgoingPort, std::string ipAddressReceiver,
                             int incomingPort);
@@ -578,8 +590,8 @@ private:
     // {IP Address, MAC Address}
     std::unordered_map<std::string, std::string> ip_mac_mapping;
 
-    // {Source MAC, Destination MAC, typeNumber, #count}
-    std::unordered_map<unrecognized_PDU, int> unrecognized_PDUs;
+    // {Source MAC, Destination MAC, typeNumber, #count, #timestamp of last occurrence}
+    std::unordered_map<unrecognized_PDU, unrecognized_PDU_stat> unrecognized_PDUs;
 };
 
 

code_boost/src/cxx/statistics_db.cpp

@@ -458,7 +458,8 @@ void statistics_db::writeDbVersion(){
  * Writes the unrecognized PDUs into the database.
  * @param unrecognized_PDUs The unrecognized PDUs from class statistics.
  */
-void statistics_db::writeStatisticsUnrecognizedPDUs(std::unordered_map<unrecognized_PDU, int> unrecognized_PDUs) {
+void statistics_db::writeStatisticsUnrecognizedPDUs(std::unordered_map<unrecognized_PDU, unrecognized_PDU_stat>
+                                                    unrecognized_PDUs) {
     try {
         db->exec("DROP TABLE IF EXISTS unrecognized_pdus");
         SQLite::Transaction transaction(*db);
@@ -467,15 +468,17 @@ void statistics_db::writeStatisticsUnrecognizedPDUs(std::unordered_map<unrecogni
                 "dstMac TEXT COLLATE NOCASE,"
                 "etherType INTEGER,"
                 "pktCount INTEGER,"
+                "timestampLastOccurrence TEXT,"
                 "PRIMARY KEY(srcMac,dstMac,etherType));";
         db->exec(createTable);
-        SQLite::Statement query(*db, "INSERT INTO unrecognized_pdus VALUES (?, ?, ?, ?)");
+        SQLite::Statement query(*db, "INSERT INTO unrecognized_pdus VALUES (?, ?, ?, ?, ?)");
         for (auto it = unrecognized_PDUs.begin(); it != unrecognized_PDUs.end(); ++it) {
             unrecognized_PDU e = it->first;
             query.bind(1, e.srcMacAddress);
             query.bind(2, e.dstMacAddress);
             query.bind(3, e.typeNumber);
-            query.bind(4, it->second);
+            query.bind(4, it->second.count);
+            query.bind(5, it->second.timestamp_last_occurrence);
             query.exec();
             query.reset();
         }

code_boost/src/cxx/statistics_db.h

@@ -52,7 +52,7 @@ public:
 
     void writeDbVersion();
 
-    void writeStatisticsUnrecognizedPDUs(std::unordered_map<unrecognized_PDU, int> unrecognized_PDUs);
+    void writeStatisticsUnrecognizedPDUs(std::unordered_map<unrecognized_PDU, unrecognized_PDU_stat> unrecognized_PDUs);
 
 private:
     // Pointer to the SQLite database