Przeglądaj źródła

Omit ToS validity test, rename tests to extraTests, fix bug of writing an empty ip_statistics to database

aidmar.wainakh 7 lat temu
rodzic
commit
dbd20d23f4

+ 7 - 7
code_boost/src/cxx/pcap_processor.cpp

@@ -6,12 +6,12 @@ using namespace Tins;
  * Creates a new pcap_processor object.
  * @param path The path where the PCAP to get analyzed is locatated.
  */
-pcap_processor::pcap_processor(std::string path, std::string tests) {
+pcap_processor::pcap_processor(std::string path, std::string extraTests) {
     filePath = path;
     // Aidmar
-    if(tests == "True")
-        stats.setDoTests(true);
-    else  stats.setDoTests(false);;
+    if(extraTests == "True")
+        stats.setDoExtraTests(true);
+    else stats.setDoExtraTests(false);;
 }
 
 /**
@@ -146,7 +146,7 @@ void pcap_processor::collect_statistics() {
             std::chrono::microseconds currentCaptureDuration = lastPktTimestamp - firstTimestamp;
 
             // For each interval
-            if(currentCaptureDuration>barrier && barrier.count() > 0){ // barrier becomes negative in last interval
+            if(currentCaptureDuration>barrier && barrier.count() > 0){ // TO-DO: ensure this case does not happen: barrier becomes negative in last interval
                 stats.addIntervalStat(timeInterval, intervalStartTimestamp, lastPktTimestamp);
                 timeIntervalCounter++;
                 barrier =  barrier+timeInterval;
@@ -237,7 +237,7 @@ void pcap_processor::process_packets(const Packet &pkt) {
         // Protocol distribution - layer 4
         PDU::PDUType p = pdu_l4->pdu_type();  
         
-        // Aidmar - Tests for IPv4: payload
+        // Aidmar - check for IPv4: payload
         if (pdu_l3_type == PDU::PDUType::IP) {
             stats.checkPayload(pdu_l4);
           }
@@ -310,7 +310,7 @@ bool inline pcap_processor::file_exists(const std::string &filePath) {
  */
 //int main() {
 //    std::cout << "Starting application." << std::endl;
-//    pcap_processor pcap = pcap_processor("/home/anonymous/Downloads/ID2T-toolkit/code/20min_iscx_11jun.pcap", "False");
+//    pcap_processor pcap = pcap_processor("/home/anonymous/Downloads/ID2T-toolkit/captures/col/capture_3.pcap", "False");
 //
 //    long double t = pcap.get_timestamp_mu_sec(87);
 //    std::cout << t << std::endl;

+ 1 - 1
code_boost/src/cxx/pcap_processor.h

@@ -23,7 +23,7 @@ public:
     /*
     * Class constructor
     */
-    pcap_processor(std::string path, std::string tests);
+    pcap_processor(std::string path, std::string extraTests);
 
     /*
      * Attributes

+ 39 - 37
code_boost/src/cxx/statistics.cpp

@@ -17,7 +17,7 @@ using namespace Tins;
  * @param pdu_l4 The packet that should be checked if it has a payload or not.
  */
 void statistics::checkPayload(const PDU *pdu_l4) {
-    if(this->getDoTests()) {
+    if(this->getDoExtraTests()) {
         // pdu_l4: Tarnsport layer 4
         int pktSize = pdu_l4->size();
         int headerSize = pdu_l4->header_size(); // TCP/UDP header
@@ -35,7 +35,7 @@ void statistics::checkPayload(const PDU *pdu_l4) {
  * @param tcpPkt The packet to get checked.
  */
 void statistics::checkTCPChecksum(std::string ipAddressSender, std::string ipAddressReceiver, TCP tcpPkt) {
-    if(this->getDoTests()) {
+    if(this->getDoExtraTests()) {
         if(check_tcpChecksum(ipAddressSender, ipAddressReceiver, tcpPkt))
             correctTCPChecksumCount++;
         else incorrectTCPChecksumCount++;
@@ -48,7 +48,7 @@ void statistics::checkTCPChecksum(std::string ipAddressSender, std::string ipAdd
  * @param intervalStartTimestamp The timstamp where the interval starts.
  */
 std::vector<float> statistics::calculateLastIntervalIPsEntropy(std::chrono::microseconds intervalStartTimestamp){
-    if(this->getDoTests()) {
+    if(this->getDoExtraTests()) {
         std::vector<int> IPsSrcPktsCounts;
         std::vector<int> IPsDstPktsCounts;
 
@@ -101,7 +101,7 @@ std::vector<float> statistics::calculateLastIntervalIPsEntropy(std::chrono::micr
  * Calculates cumulative entropy of source and destination IPs, i.e., the entropy for packets from the beginning of the pcap file. 
  */
 std::vector<float> statistics::calculateIPsCumEntropy(){
-    if(this->getDoTests()) {
+    if(this->getDoExtraTests()) {
         std::vector <std::string> IPs;
         std::vector <float> IPsSrcProb;
         std::vector <float> IPsDstProb;
@@ -178,21 +178,15 @@ void statistics::addIntervalStat(std::chrono::duration<int, std::micro> interval
     interval_statistics[lastPktTimestamp_s].payload_count = payloadCount - lastIntervalPayloadCount;
     interval_statistics[lastPktTimestamp_s].incorrect_checksum_count = incorrectTCPChecksumCount - lastIntervalIncorrectTCPChecksumCount;
     interval_statistics[lastPktTimestamp_s].correct_checksum_count = correctTCPChecksumCount - lastIntervalCorrectTCPChecksumCount;
-    interval_statistics[lastPktTimestamp_s].invalid_tos_count = invalidToSCount - lastIntervalInvalidToSCount;
-    interval_statistics[lastPktTimestamp_s].valid_tos_count = validToSCount - lastIntervalValidToSCount;
     interval_statistics[lastPktTimestamp_s].new_ip_count = ip_statistics.size() - lastIntervalCumNewIPCount;
     interval_statistics[lastPktTimestamp_s].new_ttl_count = ttl_values.size() - lastIntervalCumNewTTLCount;
     interval_statistics[lastPktTimestamp_s].new_win_size_count = win_values.size() - lastIntervalCumNewWinSizeCount;
     interval_statistics[lastPktTimestamp_s].new_tos_count = tos_values.size() - lastIntervalCumNewToSCount;
     interval_statistics[lastPktTimestamp_s].new_mss_count = mss_values.size() - lastIntervalCumNewMSSCount;
 
-    //std::cout<<invalidToSCount<<","<<validToSCount<<"\n";
-
     lastIntervalPayloadCount = payloadCount;
     lastIntervalIncorrectTCPChecksumCount = incorrectTCPChecksumCount;
     lastIntervalCorrectTCPChecksumCount = correctTCPChecksumCount;
-    lastIntervalInvalidToSCount = invalidToSCount;
-    lastIntervalValidToSCount = validToSCount;
     lastIntervalCumPktCount = packetCount;
     lastIntervalCumSumPktSize = sumPacketSize;
     lastIntervalCumNewIPCount =  ip_statistics.size();
@@ -559,29 +553,37 @@ void statistics::writeToDatabase(std::string database_path) {
 
     float avgPacketRate = (packetCount / duration);
     long avgPacketSize = getAvgPacketSize();
-    long avgPacketsSentPerHost = (sumPacketsSent / senderCountIP);
-    float avgBandwidthInKBits = (sumBandwidthIn / senderCountIP) * 8;
-    float avgBandwidthOutInKBits = (sumBandwidthOut / senderCountIP) * 8;
-
-    // Create database and write information
-    statistics_db db(database_path);
-    db.writeStatisticsFile(packetCount, getCaptureDurationSeconds(),
-                           getFormattedTimestamp(timestamp_firstPacket.seconds(), timestamp_firstPacket.microseconds()),
-                           getFormattedTimestamp(timestamp_lastPacket.seconds(), timestamp_lastPacket.microseconds()),
-                           avgPacketRate, avgPacketSize, avgPacketsSentPerHost, avgBandwidthInKBits,
-                           avgBandwidthOutInKBits);
-    db.writeStatisticsIP(ip_statistics);
-    db.writeStatisticsTTL(ttl_distribution);
-    db.writeStatisticsIpMac(ip_mac_mapping);
-    //db.writeStatisticsMss(ip_sumMss);
-    db.writeStatisticsPorts(ip_ports);
-    db.writeStatisticsProtocols(protocol_distribution);
-    // Aidmar
-    db.writeStatisticsMss_dist(mss_distribution);
-    db.writeStatisticsTos_dist(tos_distribution);
-    db.writeStatisticsWin(win_distribution);
-    db.writeStatisticsConv(conv_statistics);
-    db.writeStatisticsInterval(interval_statistics);
+    if(senderCountIP>0) {
+        long avgPacketsSentPerHost = (sumPacketsSent / senderCountIP);
+        float avgBandwidthInKBits = (sumBandwidthIn / senderCountIP) * 8;
+        float avgBandwidthOutInKBits = (sumBandwidthOut / senderCountIP) * 8;
+
+        // Create database and write information
+        statistics_db db(database_path);
+        db.writeStatisticsFile(packetCount, getCaptureDurationSeconds(),
+                               getFormattedTimestamp(timestamp_firstPacket.seconds(), timestamp_firstPacket.microseconds()),
+                               getFormattedTimestamp(timestamp_lastPacket.seconds(), timestamp_lastPacket.microseconds()),
+                               avgPacketRate, avgPacketSize, avgPacketsSentPerHost, avgBandwidthInKBits,
+                               avgBandwidthOutInKBits);
+        db.writeStatisticsIP(ip_statistics);
+        db.writeStatisticsTTL(ttl_distribution);
+        db.writeStatisticsIpMac(ip_mac_mapping);
+        //db.writeStatisticsMss(ip_sumMss);
+        db.writeStatisticsPorts(ip_ports);
+        db.writeStatisticsProtocols(protocol_distribution);
+        // Aidmar
+        db.writeStatisticsMss_dist(mss_distribution);
+        db.writeStatisticsTos_dist(tos_distribution);
+        db.writeStatisticsWin(win_distribution);
+        db.writeStatisticsConv(conv_statistics);
+        db.writeStatisticsInterval(interval_statistics);
+    }
+    else {
+        // Tinslib failed to recognize the types of the packets in the input PCAP
+        std::cout<<"ERROR: Statistics could not be collected from the input PCAP!"<<"\n";
+        return;
+    }
+
 }
 
 /**
@@ -602,12 +604,12 @@ void statistics::addPacketSize(uint32_t packetSize) {
 }
 
 // Aidmar
-void statistics::setDoTests(bool var) {
-    doTests = var;
+void statistics::setDoExtraTests(bool var) {
+    doExtraTests = var;
 }
 
-bool statistics::getDoTests() {
-    return doTests;
+bool statistics::getDoExtraTests() {
+    return doExtraTests;
 }
 
 

+ 24 - 21
code_boost/src/cxx/statistics.h

@@ -218,11 +218,6 @@ struct entry_intervalStat {
     int new_tos_count;
     int new_mss_count;
 
-    // Predictability score
-    //float ip_src_pred_score;
-    //float ip_dst_pred_score;
-
-
     bool operator==(const entry_intervalStat &other) const {
         return pkts_count == other.pkts_count
                && kbytes == other.kbytes
@@ -249,10 +244,6 @@ struct entry_intervalStat {
  * - Number of packets from B to A
  */
 struct entry_convStat {
-//    long pkts_A_B;
-//    long pkts_B_A;
-//    std::vector<std::chrono::microseconds> pkts_A_B_timestamp;
-//    std::vector<std::chrono::microseconds> pkts_B_A_timestamp;
     long pkts_count;
     float avg_pkt_rate;
     std::vector<std::chrono::microseconds> pkts_timestamp;
@@ -452,8 +443,8 @@ public:
     ip_stats getStatsForIP(std::string ipAddress);
 
     // Aidmar
-    bool getDoTests();
-    void setDoTests(bool var);
+    bool getDoExtraTests();
+    void setDoExtraTests(bool var);
 
 private:
     /*
@@ -464,15 +455,19 @@ private:
     float sumPacketSize = 0;
     int packetCount = 0;
 
-    // Aidmar
-    bool doTests = false;
+    /* Extra tests includes:
+     * - calculate IPs entropies for intervals
+     * - calculate IPs cumulative entropies interval-wise
+     * - check payload availability
+     * - chech TCP checksum correctness
+    */
+    bool doExtraTests = false;
 
     int payloadCount = 0;
     int incorrectTCPChecksumCount = 0;
     int correctTCPChecksumCount = 0;
-    int validToSCount = 0;
-    int invalidToSCount = 0;
 
+    // Variables that are used for interval-wise tests
     int lastIntervalPayloadCount = 0;
     int lastIntervalIncorrectTCPChecksumCount = 0;
     int lastIntervalCorrectTCPChecksumCount = 0;
@@ -492,20 +487,32 @@ private:
     // {IP Address, TTL value, count}
     std::unordered_map<ipAddress_ttl, int> ttl_distribution;
 
-    // Aidmar
     // {IP Address, MSS value, count}
     std::unordered_map<ipAddress_mss, int> mss_distribution;
+
     // {IP Address, Win size, count}
     std::unordered_map<ipAddress_win, int> win_distribution;
+
+    // {IP Address, ToS value, count}
+    std::unordered_map<ipAddress_tos, int> tos_distribution;
+
     // {IP Address A, Port A, IP Address B, Port B,   #packets_A_B, #packets_B_A}
     std::unordered_map<conv, entry_convStat> conv_statistics;
+
     std::unordered_map<std::string, entry_intervalStat> interval_statistics;
-    std::unordered_map<ipAddress_tos, int> tos_distribution;
+
+
+
     // {TTL value, count}
     std::unordered_map<int, int> ttl_values;
+
     // {Win size, count}
     std::unordered_map<int, int> win_values;
+
+    // {ToS, count}
     std::unordered_map<int, int> tos_values;
+
+    // {MSS, count}
     std::unordered_map<int, int> mss_values;
 
     // {IP Address, Protocol, count}
@@ -523,10 +530,6 @@ private:
     // Aidmar
     // {DSCP value, count}
     std::unordered_map<int, int> dscp_distribution;
-
-    // Aidmar - comment out
-    // {IP Address, avg MSS}
-    //std::unordered_map<std::string, int> ip_sumMss;
 };