code_boost/src/cxx/pcap_processor.cpp

@@ -8,7 +8,7 @@ using namespace Tins;
  */
 pcap_processor::pcap_processor(std::string path, std::string extraTests) {
     filePath = path;
-    hasUntracked = false;
+    hasUnrecognized = false;
     if(extraTests == "True")
         stats.setDoExtraTests(true);
     else stats.setDoExtraTests(false);;
@@ -238,39 +238,18 @@ void pcap_processor::process_packets(const Packet &pkt) {
         stats.assignMacAddress(ipAddressSender, macAddressSender);
         stats.assignMacAddress(ipAddressReceiver, macAddressReceiver);
 
-    } //PDU is ARP
-    else if(pdu_l3_type == PDU::PDUType::ARP) {
-        const ARP &ipLayer = (const ARP &) *pdu_l3;
-        ipAddressSender = ipLayer.sender_ip_addr().to_string();
-        ipAddressReceiver = ipLayer.target_ip_addr().to_string();
-
-        // Protocol distribution
-        stats.incrementProtocolCount(ipAddressSender, "ARP");
-        stats.increaseProtocolByteCount(ipAddressSender, "ARP", sizeCurrentPacket);
-
-        // Assign IP Address to MAC Address
-        stats.assignMacAddress(ipAddressSender, macAddressSender);
-
-        EthernetII eth = (const EthernetII &) *pdu_l2;
-
-        stats.incrementUntrackedPDUCount(macAddressSender, macAddressReceiver, eth.payload_type());
-
-        if(!hasUntracked) {
-            std::cerr << "Unrecognized PDUs detected: Check 'untracked_pdus' table!" << std::endl;
-            hasUntracked = true;
-        }
-
-    }
-
+    } //PDU is unrecognized
     else {
-        if(!hasUntracked) {
-            std::cerr << "Unrecognized PDUs detected: Check 'untracked_pdus' table!" << std::endl;
-            hasUntracked = true;
+        if(!hasUnrecognized) {
+            std::cerr << "Unrecognized PDUs detected: Check 'unrecognized_pdus' table!" << std::endl;
+            hasUnrecognized = true;
         }
 
         EthernetII eth = (const EthernetII &) *pdu_l2;
+        Tins::Timestamp ts = pkt.timestamp();
+        std::string timestamp_pkt = stats.getFormattedTimestamp(ts.seconds(), ts.microseconds());
 
-        stats.incrementUntrackedPDUCount(macAddressSender, macAddressReceiver, eth.payload_type());
+        stats.incrementUnrecognizedPDUCount(macAddressSender, macAddressReceiver, eth.payload_type(), timestamp_pkt);
     }
 
     // Layer 4 - Transport -------------------------------

code_boost/src/cxx/pcap_processor.h

@@ -30,7 +30,7 @@ public:
      */
     statistics stats;
     std::string filePath;
-    bool hasUntracked;
+    bool hasUnrecognized;
 
     /*
      * Methods

code_boost/src/cxx/statistics.cpp

@@ -367,8 +367,10 @@ void statistics::increasePortByteCount(std::string ipAddressSender, int outgoing
  * @param dstMac The MAC address of the packet receiver.
  * @param typeNumber The payload type number of the packet.
  */
-void statistics::incrementUntrackedPDUCount(std::string srcMac, std::string dstMac, uint32_t typeNumber) {
-    untracked_PDUs[{srcMac, dstMac, typeNumber}]++;
+void statistics::incrementUnrecognizedPDUCount(std::string srcMac, std::string dstMac, uint32_t typeNumber,
+                                               std::string timestamp) {
+    unrecognized_PDUs[{srcMac, dstMac, typeNumber}].count++;
+    unrecognized_PDUs[{srcMac, dstMac, typeNumber}].timestamp_last_occurrence = timestamp;
 }
 
 /**
@@ -650,7 +652,7 @@ void statistics::writeToDatabase(std::string database_path) {
         db.writeStatisticsConv(conv_statistics);
         db.writeStatisticsInterval(interval_statistics);
         db.writeDbVersion();
-        db.writeStatisticsUntrackedPDUs(untracked_PDUs);
+        db.writeStatisticsUnrecognizedPDUs(unrecognized_PDUs);
     }
     else {
         // Tinslib failed to recognize the types of the packets in the input PCAP

code_boost/src/cxx/statistics.h

@@ -289,18 +289,29 @@ struct ipAddress_inOut_port {
  * - Destination MAC address
  * - Payload type number
  */
-struct untracked_PDU {
+struct unrecognized_PDU {
     std::string srcMacAddress;
     std::string dstMacAddress;
     uint32_t typeNumber;
 
-    bool operator==(const untracked_PDU &other) const {
+    bool operator==(const unrecognized_PDU &other) const {
         return srcMacAddress == other.srcMacAddress
                && dstMacAddress == other.dstMacAddress
                && typeNumber == other.typeNumber;
     }
 };
 
+/*
+ * Struct used to represent:
+ * - Number of occurrences
+ * - Formatted timestamp of last occurrence
+ */
+struct unrecognized_PDU_stat {
+    int count;
+    std::string timestamp_last_occurrence;
+};
+
+
 /*
  * Definition of hash functions for structs used as key in unordered_map
  */
@@ -386,8 +397,8 @@ namespace std {
     };
 
     template<>
-    struct hash<untracked_PDU> {
-        std::size_t operator()(const untracked_PDU &k) const {
+    struct hash<unrecognized_PDU> {
+        std::size_t operator()(const unrecognized_PDU &k) const {
             using std::size_t;
             using std::hash;
             using std::string;
@@ -443,7 +454,8 @@ public:
 
     void increaseProtocolByteCount(std::string ipAddress, std::string protocol, long bytesSent);
 
-    void incrementUntrackedPDUCount(std::string srcMac, std::string dstMac, uint32_t typeNumber);
+    void incrementUnrecognizedPDUCount(std::string srcMac, std::string dstMac, uint32_t typeNumber,
+                                       std::string timestamp);
 
     void incrementPortCount(std::string ipAddressSender, int outgoingPort, std::string ipAddressReceiver,
                             int incomingPort);
@@ -578,8 +590,8 @@ private:
     // {IP Address, MAC Address}
     std::unordered_map<std::string, std::string> ip_mac_mapping;
 
-    // {Source MAC, Destination MAC, typeNumber, #count}
-    std::unordered_map<untracked_PDU, int> untracked_PDUs;
+    // {Source MAC, Destination MAC, typeNumber, #count, #timestamp of last occurrence}
+    std::unordered_map<unrecognized_PDU, unrecognized_PDU_stat> unrecognized_PDUs;
 };
 
 

code_boost/src/cxx/statistics_db.cpp

@@ -455,27 +455,30 @@ void statistics_db::writeDbVersion(){
 }
 
 /**
- * Writes the untracked PDUs into the database.
- * @param untracked_PDUs The untracked PDUs from class statistics.
+ * Writes the unrecognized PDUs into the database.
+ * @param unrecognized_PDUs The unrecognized PDUs from class statistics.
  */
-void statistics_db::writeStatisticsUntrackedPDUs(std::unordered_map<untracked_PDU, int> untracked_PDUs) {
+void statistics_db::writeStatisticsUnrecognizedPDUs(std::unordered_map<unrecognized_PDU, unrecognized_PDU_stat>
+                                                    unrecognized_PDUs) {
     try {
-        db->exec("DROP TABLE IF EXISTS untracked_pdus");
+        db->exec("DROP TABLE IF EXISTS unrecognized_pdus");
         SQLite::Transaction transaction(*db);
-        const char *createTable = "CREATE TABLE untracked_pdus ("
+        const char *createTable = "CREATE TABLE unrecognized_pdus ("
                 "srcMac TEXT COLLATE NOCASE,"
                 "dstMac TEXT COLLATE NOCASE,"
-                "typeNumber INTEGER,"
+                "etherType INTEGER,"
                 "pktCount INTEGER,"
-                "PRIMARY KEY(srcMac,dstMac,typeNumber));";
+                "timestampLastOccurrence TEXT,"
+                "PRIMARY KEY(srcMac,dstMac,etherType));";
         db->exec(createTable);
-        SQLite::Statement query(*db, "INSERT INTO untracked_pdus VALUES (?, ?, ?, ?)");
-        for (auto it = untracked_PDUs.begin(); it != untracked_PDUs.end(); ++it) {
-            untracked_PDU e = it->first;
+        SQLite::Statement query(*db, "INSERT INTO unrecognized_pdus VALUES (?, ?, ?, ?, ?)");
+        for (auto it = unrecognized_PDUs.begin(); it != unrecognized_PDUs.end(); ++it) {
+            unrecognized_PDU e = it->first;
             query.bind(1, e.srcMacAddress);
             query.bind(2, e.dstMacAddress);
             query.bind(3, e.typeNumber);
-            query.bind(4, it->second);
+            query.bind(4, it->second.count);
+            query.bind(5, it->second.timestamp_last_occurrence);
             query.exec();
             query.reset();
         }

code_boost/src/cxx/statistics_db.h

@@ -52,7 +52,7 @@ public:
 
     void writeDbVersion();
 
-    void writeStatisticsUntrackedPDUs(std::unordered_map<untracked_PDU, int> untracked_PDUs);
+    void writeStatisticsUnrecognizedPDUs(std::unordered_map<unrecognized_PDU, unrecognized_PDU_stat> unrecognized_PDUs);
 
 private:
     // Pointer to the SQLite database