Ver código fonte

record unrecognized PDUs

created table for unrecognized PDUs
print warning once if unrecognized PDUs are detected
Stefano Acquaviti 6 anos atrás
pai
commit
7815de113a

+ 18 - 5
code_boost/src/cxx/pcap_processor.cpp

@@ -8,6 +8,7 @@ using namespace Tins;
  */
 pcap_processor::pcap_processor(std::string path, std::string extraTests) {
     filePath = path;
+    hasUntracked = false;
     if(extraTests == "True")
         stats.setDoExtraTests(true);
     else stats.setDoExtraTests(false);;
@@ -243,21 +244,33 @@ void pcap_processor::process_packets(const Packet &pkt) {
         ipAddressSender = ipLayer.sender_ip_addr().to_string();
         ipAddressReceiver = ipLayer.target_ip_addr().to_string();
 
-        // IP distribution
-        stats.addIpStat_packetSent(filePath, ipAddressSender, ipLayer.target_ip_addr().to_string(), sizeCurrentPacket, pkt.timestamp());
-
         // Protocol distribution
         stats.incrementProtocolCount(ipAddressSender, "ARP");
         stats.increaseProtocolByteCount(ipAddressSender, "ARP", sizeCurrentPacket);
 
         // Assign IP Address to MAC Address
         stats.assignMacAddress(ipAddressSender, macAddressSender);
-        stats.assignMacAddress(ipAddressReceiver, macAddressReceiver);
+
+        EthernetII eth = (const EthernetII &) *pdu_l2;
+
+        stats.incrementUntrackedPDUCount(macAddressSender, macAddressReceiver, eth.payload_type());
+
+        if(!hasUntracked) {
+            std::cerr << "Unrecognized PDUs detected: Check 'untracked_pdus' table!" << std::endl;
+            hasUntracked = true;
+        }
 
     }
 
     else {
-        std::cout << "Unknown PDU Type on L3: " << pdu_l3_type << std::endl;
+        if(!hasUntracked) {
+            std::cerr << "Unrecognized PDUs detected: Check 'untracked_pdus' table!" << std::endl;
+            hasUntracked = true;
+        }
+
+        EthernetII eth = (const EthernetII &) *pdu_l2;
+
+        stats.incrementUntrackedPDUCount(macAddressSender, macAddressReceiver, eth.payload_type());
     }
 
     // Layer 4 - Transport -------------------------------

+ 1 - 0
code_boost/src/cxx/pcap_processor.h

@@ -30,6 +30,7 @@ public:
      */
     statistics stats;
     std::string filePath;
+    bool hasUntracked;
 
     /*
      * Methods

+ 13 - 0
code_boost/src/cxx/statistics.cpp

@@ -359,6 +359,18 @@ void statistics::increasePortByteCount(std::string ipAddressSender, int outgoing
     ip_ports[{ipAddressReceiver, "in", incomingPort, protocol}].byteCount += bytesSent;
 }
 
+/**
+ * Increments the packet counter for
+ * - the given sender MAC address and
+ * - the given receiver MAC address.
+ * @param srcMac The MAC address of the packet sender.
+ * @param dstMac The MAC address of the packet receiver.
+ * @param typeNumber The payload type number of the packet.
+ */
+void statistics::incrementUntrackedPDUCount(std::string srcMac, std::string dstMac, uint32_t typeNumber) {
+    untracked_PDUs[{srcMac, dstMac, typeNumber}]++;
+}
+
 /**
  * Creates a new statistics object.
  */
@@ -638,6 +650,7 @@ void statistics::writeToDatabase(std::string database_path) {
         db.writeStatisticsConv(conv_statistics);
         db.writeStatisticsInterval(interval_statistics);
         db.writeDbVersion();
+        db.writeStatisticsUntrackedPDUs(untracked_PDUs);
     }
     else {
         // Tinslib failed to recognize the types of the packets in the input PCAP

+ 35 - 0
code_boost/src/cxx/statistics.h

@@ -285,6 +285,24 @@ struct ipAddress_inOut_port {
     }
 };
 
+/*
+ * Struct used to represent:
+ * - Source MAC address
+ * - Destination MAC address
+ * - Payload type number
+ */
+struct untracked_PDU {
+    std::string srcMacAddress;
+    std::string dstMacAddress;
+    uint32_t typeNumber;
+
+    bool operator==(const untracked_PDU &other) const {
+        return srcMacAddress == other.srcMacAddress
+               && dstMacAddress == other.dstMacAddress
+               && typeNumber == other.typeNumber;
+    }
+};
+
 /*
  * Definition of hash functions for structs used as key in unordered_map
  */
@@ -368,6 +386,18 @@ namespace std {
                    ^ (hash<int>()(k.portNumber) << 1);
         }
     };
+
+    template<>
+    struct hash<untracked_PDU> {
+        std::size_t operator()(const untracked_PDU &k) const {
+            using std::size_t;
+            using std::hash;
+            using std::string;
+            return ((hash<string>()(k.srcMacAddress)
+                     ^ (hash<string>()(k.dstMacAddress) << 1)) >> 1)
+                   ^ (hash<uint32_t>()(k.typeNumber) << 1);
+        }
+    };
 }
 
 class statistics {
@@ -415,6 +445,8 @@ public:
 
     void increaseProtocolByteCount(std::string ipAddress, std::string protocol, long bytesSent);
 
+    void incrementUntrackedPDUCount(std::string srcMac, std::string dstMac, uint32_t typeNumber);
+
     void incrementPortCount(std::string ipAddressSender, int outgoingPort, std::string ipAddressReceiver,
                             int incomingPort, std::string protocol);
 
@@ -547,6 +579,9 @@ private:
 
     // {IP Address, MAC Address}
     std::unordered_map<std::string, std::string> ip_mac_mapping;
+
+    // {Source MAC, Destination MAC, typeNumber, #count}
+    std::unordered_map<untracked_PDU, int> untracked_PDUs;
 };
 
 

+ 31 - 0
code_boost/src/cxx/statistics_db.cpp

@@ -567,4 +567,35 @@ bool statistics_db::pathExists(std::string path)
     {
         return false;
     }
+}
+/**
+ * Writes the untracked PDUs into the database.
+ * @param untracked_PDUs The untracked PDUs from class statistics.
+ */
+void statistics_db::writeStatisticsUntrackedPDUs(std::unordered_map<untracked_PDU, int> untracked_PDUs) {
+    try {
+        db->exec("DROP TABLE IF EXISTS untracked_pdus");
+        SQLite::Transaction transaction(*db);
+        const char *createTable = "CREATE TABLE untracked_pdus ("
+                "srcMac TEXT COLLATE NOCASE,"
+                "dstMac TEXT COLLATE NOCASE,"
+                "typeNumber INTEGER,"
+                "pktCount INTEGER,"
+                "PRIMARY KEY(srcMac,dstMac,typeNumber));";
+        db->exec(createTable);
+        SQLite::Statement query(*db, "INSERT INTO untracked_pdus VALUES (?, ?, ?, ?)");
+        for (auto it = untracked_PDUs.begin(); it != untracked_PDUs.end(); ++it) {
+            untracked_PDU e = it->first;
+            query.bind(1, e.srcMacAddress);
+            query.bind(2, e.dstMacAddress);
+            query.bind(3, e.typeNumber);
+            query.bind(4, it->second);
+            query.exec();
+            query.reset();
+        }
+        transaction.commit();
+    }
+    catch (std::exception &e) {
+        std::cout << "Exception in statistics_db: " << e.what() << std::endl;
+    }
 }

+ 2 - 0
code_boost/src/cxx/statistics_db.h

@@ -60,6 +60,8 @@ public:
 
     bool pathExists(std::string path);
 
+    void writeStatisticsUntrackedPDUs(std::unordered_map<untracked_PDU, int> untracked_PDUs);
+
 private:
     // Pointer to the SQLite database
     std::unique_ptr<SQLite::Database> db;