diff --git a/ReadMe.txt b/ReadMe.txt index 399bd7bf..1fecdda8 100644 --- a/ReadMe.txt +++ b/ReadMe.txt @@ -66,7 +66,7 @@ ECE Flag Count Number of packets with ECE down/Up Ratio Download and upload ratio Average Packet Size Average size of packet Fwd Segment Size Avg Average size observed in the forward direction -Bwd Segment Size Avg Average number of bytes bulk rate in the backward direction +Bwd Segment Size Avg Average size observed in the backward direction Fwd Bytes/Bulk Avg Average number of bytes bulk rate in the forward direction Fwd Packet/Bulk Avg Average number of packets bulk rate in the forward direction Fwd Bulk Rate Avg Average number of bulk rate in the forward direction diff --git a/src/main/java/cic/cs/unb/ca/jnetpcap/BasicFlow.java b/src/main/java/cic/cs/unb/ca/jnetpcap/BasicFlow.java index 79ac0055..d8f05dee 100644 --- a/src/main/java/cic/cs/unb/ca/jnetpcap/BasicFlow.java +++ b/src/main/java/cic/cs/unb/ca/jnetpcap/BasicFlow.java @@ -28,6 +28,8 @@ public class BasicFlow { private int bPSH_cnt; private int fURG_cnt; private int bURG_cnt; + private int fFIN_cnt; + private int bFIN_cnt; private long Act_data_pkt_forward; private long min_seg_size_forward; @@ -108,6 +110,8 @@ public void initParameters(){ this.bPSH_cnt=0; this.fURG_cnt=0; this.bURG_cnt=0; + this.fFIN_cnt=0; + this.bFIN_cnt=0; this.fHeaderBytes=0L; this.bHeaderBytes=0L; @@ -346,7 +350,7 @@ void detectUpdateSubflows( BasicPacketInfo packet ){ sfAcHelper = packet.getTimeStamp(); } //System.out.print(" - "+(packet.timeStamp - sfLastPacketTS)); - if( (packet.getTimeStamp() - (sfLastPacketTS)/(double)1000000) > 1.0 ){ + if(((packet.getTimeStamp() - sfLastPacketTS)/(double)1000000) > 1.0){ sfCount ++ ; long lastSFduration = packet.getTimeStamp() - sfAcHelper; updateActiveIdleTime(packet.getTimeStamp(), this.activityTimeout); @@ -677,7 +681,7 @@ public String dumpFlowBasedFeatures(){ dump+=fAvgBytesPerBulk()+","; dump+=fAvgPacketsPerBulk()+","; dump+=fAvgBulkRate()+","; - dump+=fAvgBytesPerBulk()+","; + dump+=bAvgBytesPerBulk()+","; dump+=bAvgPacketsPerBulk()+","; dump+=bAvgBulkRate()+","; @@ -975,6 +979,24 @@ public int getBwdURGFlags() { return bURG_cnt; } + public int getFwdFINFlags() { + return fFIN_cnt; + } + + public int getBwdFINFlags() { + return bFIN_cnt; + } + + public int setFwdFINFlags() { + fFIN_cnt++; + return fFIN_cnt; + } + + public int setBwdFINFlags() { + bFIN_cnt++; + return bFIN_cnt; + } + public long getFwdHeaderLength() { return fHeaderBytes; } diff --git a/src/main/java/cic/cs/unb/ca/jnetpcap/FlowGenerator.java b/src/main/java/cic/cs/unb/ca/jnetpcap/FlowGenerator.java index 60566578..6f546975 100644 --- a/src/main/java/cic/cs/unb/ca/jnetpcap/FlowGenerator.java +++ b/src/main/java/cic/cs/unb/ca/jnetpcap/FlowGenerator.java @@ -4,6 +4,8 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import java.util.Arrays; + import java.io.File; import java.io.FileOutputStream; import java.io.IOException; @@ -106,24 +108,118 @@ public void addPacket(BasicPacketInfo packet){ logger.debug("Timeout current has {} flow",cfsize); } - // Flow finished due FIN flag (tcp only): +// // Flow finished due FIN flag (tcp only): +// // 1.- we add the packet-in-process to the flow (it is the last packet) +// // 2.- we move the flow to finished flow list +// // 3.- we eliminate the flow from the current flow list +// }else if(packet.hasFlagFIN()){ +// logger.debug("FlagFIN current has {} flow",currentFlows.size()); +// flow.addPacket(packet); +// if (mListener != null) { +// mListener.onFlowGenerated(flow); +// } else { +// finishedFlows.put(getFlowCount(), flow); +// } +// currentFlows.remove(id); + }else if(packet.hasFlagFIN()){ + // + // Forward Flow + // + if (Arrays.equals(flow.getSrc(), packet.getSrc())) { + // How many forward FIN received? + if (flow.setFwdFINFlags() == 1) { + // Flow finished due FIN flag (tcp only)?: + // 1.- we add the packet-in-process to the flow (it is the last packet) + // 2.- we move the flow to finished flow list + // 3.- we eliminate the flow from the current flow list + if ((flow.getBwdFINFlags() + flow.getBwdFINFlags()) == 2) { + logger.debug("FlagFIN current has {} flow",currentFlows.size()); + flow.addPacket(packet); + if (mListener != null) { + mListener.onFlowGenerated(flow); + } else { + finishedFlows.put(getFlowCount(), flow); + } + currentFlows.remove(id); + // Forward Flow Finished. + } else { + logger.info("Forward flow closed due to FIN Flag"); + flow.updateActiveIdleTime(currentTimestamp,this.flowActivityTimeOut); + flow.addPacket(packet); + currentFlows.put(id,flow); + } + }else{ + // some error + // TODO: review what to do with the packet + logger.warn("Forward flow received {} FIN packets", flow.getFwdFINFlags()); + } + // + // Backward Flow + // + } else { + // How many backward FIN packets received? + if (flow.setBwdFINFlags() == 1) { + // Flow finished due FIN flag (tcp only)?: + // 1.- we add the packet-in-process to the flow (it is the last packet) + // 2.- we move the flow to finished flow list + // 3.- we eliminate the flow from the current flow list + if ((flow.getBwdFINFlags() + flow.getBwdFINFlags()) == 2) { + logger.debug("FlagFIN current has {} flow",currentFlows.size()); + flow.addPacket(packet); + if (mListener != null) { + mListener.onFlowGenerated(flow); + } else { + finishedFlows.put(getFlowCount(), flow); + } + currentFlows.remove(id); + // Backward Flow Finished. + } else { + logger.info("Backwards flow closed due to FIN Flag"); + flow.updateActiveIdleTime(currentTimestamp,this.flowActivityTimeOut); + flow.addPacket(packet); + currentFlows.put(id,flow); + } + }else{ + // some error + // TODO: review what to do with the packet + logger.warn("Backward flow received {} FIN packets", flow.getBwdFINFlags()); + } + } + // Flow finished due RST flag (tcp only): // 1.- we add the packet-in-process to the flow (it is the last packet) // 2.- we move the flow to finished flow list - // 3.- we eliminate the flow from the current flow list - }else if(packet.hasFlagFIN()){ - logger.debug("FlagFIN current has {} flow",currentFlows.size()); - flow.addPacket(packet); + // 3.- we eliminate the flow from the current flow list + }else if(packet.hasFlagRST()){ + logger.debug("FlagRST current has {} flow",currentFlows.size()); + flow.addPacket(packet); if (mListener != null) { mListener.onFlowGenerated(flow); - } - else { + } else { finishedFlows.put(getFlowCount(), flow); } - currentFlows.remove(id); + currentFlows.remove(id); }else{ - flow.updateActiveIdleTime(currentTimestamp,this.flowActivityTimeOut); - flow.addPacket(packet); - currentFlows.put(id,flow); + // + // Forward Flow and fwdFIN = 0 + // + if (Arrays.equals(flow.getSrc(), packet.getSrc()) && (flow.getFwdFINFlags() == 0)) { + flow.updateActiveIdleTime(currentTimestamp,this.flowActivityTimeOut); + flow.addPacket(packet); + currentFlows.put(id,flow); + // + // Backward Flow and bwdFIN = 0 + // + } else if (flow.getBwdFINFlags() == 0) { + flow.updateActiveIdleTime(currentTimestamp,this.flowActivityTimeOut); + flow.addPacket(packet); + currentFlows.put(id,flow); + // + // FLOW already closed!!! + // + } else { + logger.warn("FLOW already closed! fwdFIN {} bwdFIN {}", flow.getFwdFINFlags(), flow.getBwdFINFlags()); + // TODO: we just discard the packet? + } } }else{ currentFlows.put(packet.fwdFlowId(), new BasicFlow(bidirectional,packet, this.flowActivityTimeOut));