From: Rahmadi Trimananda Date: Fri, 23 Aug 2019 00:00:59 +0000 (-0700) Subject: Adding VPN style matching (lump all packets into one big flow). X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=795561a83a8cedbe8a8116f5c1abf6146cb87b23;p=pingpong.git Adding VPN style matching (lump all packets into one big flow). --- diff --git a/Code/Projects/PacketLevelSignatureExtractor/.idea/modules.xml b/Code/Projects/PacketLevelSignatureExtractor/.idea/modules.xml deleted file mode 100644 index 0b5d8f6..0000000 --- a/Code/Projects/PacketLevelSignatureExtractor/.idea/modules.xml +++ /dev/null @@ -1,10 +0,0 @@ - - - - - - - - - - \ No newline at end of file diff --git a/Code/Projects/PacketLevelSignatureExtractor/.idea/modules/PacketLevelSignatureExtractor.iml b/Code/Projects/PacketLevelSignatureExtractor/.idea/modules/PacketLevelSignatureExtractor.iml deleted file mode 100644 index 21e02c3..0000000 --- a/Code/Projects/PacketLevelSignatureExtractor/.idea/modules/PacketLevelSignatureExtractor.iml +++ /dev/null @@ -1,13 +0,0 @@ - - - - - - - - - - - - - \ No newline at end of file diff --git a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2SignatureDetector.java b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2SignatureDetector.java index 1eb2d0a..126ede3 100644 --- a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2SignatureDetector.java +++ b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2SignatureDetector.java @@ -109,6 +109,7 @@ public class Layer2SignatureDetector implements PacketListener, ClusterMatcherOb // Parse optional parameters. List> onSignatureMacFilters = null, offSignatureMacFilters = null; + String vpnClientMacAddress = null; final int optParamsStartIdx = 7; if (args.length > optParamsStartIdx) { for (int i = optParamsStartIdx; i < args.length; i++) { @@ -121,6 +122,8 @@ public class Layer2SignatureDetector implements PacketListener, ClusterMatcherOb } else if (args[i].equalsIgnoreCase("-sout")) { // Next argument is a boolean true/false literal. DUPLICATE_OUTPUT_TO_STD_OUT = Boolean.parseBoolean(args[i+1]); + } else if (args[i].equalsIgnoreCase("-vpn")) { + vpnClientMacAddress = args[i+1]; } } } @@ -163,14 +166,15 @@ public class Layer2SignatureDetector implements PacketListener, ClusterMatcherOb } Layer2SignatureDetector onDetector = onSignatureMacFilters == null ? new Layer2SignatureDetector(onSignature, TRAINING_ROUTER_WLAN_MAC, ROUTER_WLAN_MAC, signatureDuration, - isRangeBasedForOn, eps, onMaxSkippedPackets) : + isRangeBasedForOn, eps, onMaxSkippedPackets, vpnClientMacAddress) : new Layer2SignatureDetector(onSignature, TRAINING_ROUTER_WLAN_MAC, ROUTER_WLAN_MAC, - onSignatureMacFilters, signatureDuration, isRangeBasedForOn, eps, onMaxSkippedPackets); + onSignatureMacFilters, signatureDuration, isRangeBasedForOn, eps, onMaxSkippedPackets, + vpnClientMacAddress); Layer2SignatureDetector offDetector = offSignatureMacFilters == null ? new Layer2SignatureDetector(offSignature, TRAINING_ROUTER_WLAN_MAC, ROUTER_WLAN_MAC, signatureDuration, - isRangeBasedForOff, eps, offMaxSkippedPackets) : + isRangeBasedForOff, eps, offMaxSkippedPackets, vpnClientMacAddress) : new Layer2SignatureDetector(offSignature, TRAINING_ROUTER_WLAN_MAC, ROUTER_WLAN_MAC, offSignatureMacFilters, - signatureDuration, isRangeBasedForOff, eps, offMaxSkippedPackets); + signatureDuration, isRangeBasedForOff, eps, offMaxSkippedPackets, vpnClientMacAddress); final List detectedEvents = new ArrayList<>(); onDetector.addObserver((signature, match) -> { UserAction event = new UserAction(UserAction.Type.TOGGLE_ON, match.get(0).get(0).getTimestamp()); @@ -245,7 +249,7 @@ public class Layer2SignatureDetector implements PacketListener, ClusterMatcherOb /** * In charge of reassembling layer 2 packet flows. */ - private final Layer2FlowReassembler mFlowReassembler = new Layer2FlowReassembler(); + private Layer2FlowReassembler mFlowReassembler; private final List mObservers = new ArrayList<>(); @@ -261,14 +265,15 @@ public class Layer2SignatureDetector implements PacketListener, ClusterMatcherOb public Layer2SignatureDetector(List>> searchedSignature, String trainingRouterWlanMac, String routerWlanMac, int signatureDuration, boolean isRangeBased, double eps, - int limitSkippedPackets) { + int limitSkippedPackets, String vpnClientMacAddress) { this(searchedSignature, trainingRouterWlanMac, routerWlanMac, null, signatureDuration, isRangeBased, - eps, limitSkippedPackets); + eps, limitSkippedPackets, vpnClientMacAddress); } public Layer2SignatureDetector(List>> searchedSignature, String trainingRouterWlanMac, String routerWlanMac, List> flowFilters, - int inclusionTimeMillis, boolean isRangeBased, double eps, int limitSkippedPackets) { + int inclusionTimeMillis, boolean isRangeBased, double eps, int limitSkippedPackets, + String vpnClientMacAddress) { if (flowFilters != null && flowFilters.size() != searchedSignature.size()) { throw new IllegalArgumentException("If flow filters are used, there must be a flow filter for each cluster " + "of the signature."); @@ -296,6 +301,11 @@ public class Layer2SignatureDetector implements PacketListener, ClusterMatcherOb } mClusterMatcherIds = Collections.unmodifiableMap(clusterMatcherIds); // Register all cluster matchers to receive a notification whenever a new flow is encountered. + if (vpnClientMacAddress != null) { + mFlowReassembler = new Layer2FlowReassembler(vpnClientMacAddress); + } else { + mFlowReassembler = new Layer2FlowReassembler(); + } mClusterMatchers.forEach(cm -> mFlowReassembler.addObserver(cm)); mInclusionTimeMillis = inclusionTimeMillis == 0 ? TriggerTrafficExtractor.INCLUSION_WINDOW_MILLIS : inclusionTimeMillis; diff --git a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/trafficreassembly/layer2/Layer2FlowReassembler.java b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/trafficreassembly/layer2/Layer2FlowReassembler.java index e7b7304..b993793 100644 --- a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/trafficreassembly/layer2/Layer2FlowReassembler.java +++ b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/trafficreassembly/layer2/Layer2FlowReassembler.java @@ -27,6 +27,14 @@ public class Layer2FlowReassembler implements PacketListener { private final List mObservers = new ArrayList<>(); + private String mVpnClientMacAddress = null; + + public Layer2FlowReassembler() { } + + public Layer2FlowReassembler(String vpnClientMacAddress) { + mVpnClientMacAddress = vpnClientMacAddress; + } + @Override public void gotPacket(PcapPacket packet) { // TODO: update to 802.11 packet...? @@ -35,7 +43,18 @@ public class Layer2FlowReassembler implements PacketListener { MacAddress srcAddr = ethPkt.getHeader().getSrcAddr(); MacAddress dstAddr = ethPkt.getHeader().getDstAddr(); - String key = keyFromAddresses(srcAddr, dstAddr); + String key = null; + if (mVpnClientMacAddress != null) { + if (srcAddr.toString().equals(mVpnClientMacAddress)) { + key = srcAddr.toString(); + } else if (dstAddr.toString().equals(mVpnClientMacAddress)) { + key = dstAddr.toString(); + } else { + return; + } + } else { + key = keyFromAddresses(srcAddr, dstAddr); + } // Create a new list if this pair of MAC addresses where not previously encountered and add packet to that list, // or simply add to an existing list if one is present. mFlows.computeIfAbsent(key, k -> {