changes to compile on Linux (gcc 4.6.3)

AI-IDS · Dec 13, 2015 · 997a7e5 · 997a7e5
1 parent edab50c
commit 997a7e5
Show file tree

Hide file tree

Showing 30 changed files with 175 additions and 101 deletions.
diff --git a/README.md b/README.md
@@ -6,6 +6,13 @@ Some feature might not be calculated exactly same way as in KDD, because there w
 
 Features in KDD should be the same as features introduced by Lee & Stolfo in their work [2].
 
+## Status
+* Current version is not 100% guarenteed to be perfect in sense that some features might be calculated bit different algorighms than KDD '99 dataset a Lee & Stolfo used. Hovewer, it is suitable for educational purposes.
+* Compiled & tested in following environments:
+  * Windows 7 x64, MSCV 2015 (14), WinPcap 4.1.3
+  * Windows 7 x64, MSCV 2013 (12), WinPcap 4.1.3
+  * Ubuntu 12.04 x64, gcc 4.6.3, libpcap 4.2
+
 ## Features
 * Subset of KDD '99 features [1]
   * Content features (columns 10-22 of KDD) are not included
@@ -23,6 +30,12 @@ Features in KDD should be the same as features introduced by Lee & Stolfo in the
 4. Statistical engine
   * Computes derived features (columns 23-41 of KDD)
 
+## Planned sections in this readme
+* TODOs (e.g. IP checksum checking not implemented)
+* Known/possible problems, bugs & limitations
+* Build instructions
+
+
 ## Main sources of feature documentation
 [1] KDD Cup 1999 Data, http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
 

diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
@@ -7,6 +7,11 @@ file(GLOB SOURCES
 set(INCLUDES ${PCAP_INCLUDE_DIR})
 set(LIBS ${PCAP_LIBRARIES})
 
+if(UNIX)
+  # gcc warning: scoped enums only available with -std=c++0x or -std=gnu++0
+  SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wall -std=gnu++0x")
+endif()
+
 # ntohs() function in Windows
 if( WIN32 )
   set( LIBS ${LIBS} "Ws2_32")

diff --git a/src/Config.cpp b/src/Config.cpp
@@ -1,6 +1,5 @@
 #include "Config.h"
 
-
 namespace FeatureExtractor {
 	/**
 	 * Constructor for default timeout values:

diff --git a/src/Config.h b/src/Config.h
@@ -1,6 +1,6 @@
 #pragma once
 
-#include <stdint.h>
+#include "types.h"
 
 namespace FeatureExtractor {
 
@@ -20,8 +20,6 @@ namespace FeatureExtractor {
 		int pcap_read_timeout;
 		size_t additional_frame_len;
 
-		// TODO: getters & setter for above
-
 		/**
 		 * IP reassembly
 		 */

diff --git a/src/Conversation.cpp b/src/Conversation.cpp
@@ -223,6 +223,12 @@ namespace FeatureExtractor {
 
 	const char *Conversation::get_service_str() const 
 	{
+		// Ensure size of strins matches number of values for enum at compilation time
+#ifdef static_assert
+		static_assert(sizeof(Conversation::SERVICE_NAMES) / sizeof(char *) == NUMBER_OF_SERVICES,
+			"Mapping of services to strings failed: number of string does not match number of values");
+#endif
+
 		return SERVICE_NAMES[get_service()];
 	}
 
@@ -238,6 +244,8 @@ namespace FeatureExtractor {
 		case ICMP:
 			return "icmp";
 			break;
+		default:
+			break;
 		}
 		return "UNKNOWN";
 	}
@@ -256,6 +264,9 @@ namespace FeatureExtractor {
 		case S3:
 			return true;
 			break;
+
+		default:
+			break;
 		}
 
 		return false;
@@ -329,6 +340,7 @@ namespace FeatureExtractor {
 		case S4: return "S4"; break;
 		case S2F: return "S2F"; break;
 		case S3F: return "S3F"; break;
+		default: break;
 		}
 
 		return "UNKNOWN";
@@ -339,20 +351,25 @@ namespace FeatureExtractor {
 		return (this->get_last_ts() < other.get_last_ts());
 	}
 
+
+// Allow using localtime instead of localtime_s 
+#ifdef _MSC_VER
+	#pragma warning(disable:4996)
+#endif
 	void Conversation::print_human() const
 	{
 		// TODO: WTF ugly code, just for debugging, so nasrac..
 		stringstream ss;
 
-		//struct tm *ltime;
-		struct tm timeinfo;
+		struct tm *ltime;
+		//struct tm timeinfo;
 		char timestr[16];
 		time_t local_tv_sec;
-		local_tv_sec = start_ts.get_secs();
-		//ltime = localtime(&local_tv_sec);
-		localtime_s(&timeinfo, &local_tv_sec);
-		//strftime(timestr, sizeof timestr, "%H:%M:%S", ltime);
-		strftime(timestr, sizeof timestr, "%H:%M:%S", &timeinfo);
+		//local_tv_sec = start_ts.get_secs();
+		ltime = localtime(&local_tv_sec);
+		//localtime_s(&timeinfo, &local_tv_sec);
+		strftime(timestr, sizeof timestr, "%H:%M:%S", ltime);
+		//strftime(timestr, sizeof timestr, "%H:%M:%S", &timeinfo);
 
 		ss << "CONVERSATION ";
 		if (five_tuple.get_ip_proto() == ICMP) {

diff --git a/src/Conversation.h b/src/Conversation.h
@@ -17,7 +17,9 @@ namespace FeatureExtractor {
 	enum conversation_state_t {
 		// General states
 		INIT,		// Nothing happened yet.
-		SF,			// Normal establishment and termination. Note that this is the same symbol as for state S1. You can tell the two apart because for S1 there will not be any byte counts in the summary, while for SF there will be.
+		SF,			// Normal establishment and termination. Note that this is the same 
+					// symbol as for state S1. You can tell the two apart because for S1 there
+					// will not be any byte counts in the summary, while for SF there will be.
 
 		// TCP specific
 		S0,			// Connection attempt seen, no reply.
@@ -143,8 +145,6 @@ namespace FeatureExtractor {
 
 		// Array for mapping service_t to string (char *)
 		static const char* const SERVICE_NAMES[NUMBER_OF_SERVICES];
-		static_assert(sizeof(Conversation::SERVICE_NAMES) / sizeof(char *) == NUMBER_OF_SERVICES, 
-			"Mapping of services to strings failed: number of string does not match number of values");
 
 	protected:
 		FiveTuple five_tuple;

diff --git a/src/ConversationFeatures.cpp b/src/ConversationFeatures.cpp
@@ -170,6 +170,8 @@ namespace FeatureExtractor {
 		this->dst_host_same_srv_count = dst_host_same_srv_count;
 	}
 
+	// Allow using localtime instead of localtime_s 
+	#pragma warning(disable : 4996)
 	void ConversationFeatures::print(bool print_extra_features) const
 	{
 		stringstream ss;
@@ -224,15 +226,15 @@ namespace FeatureExtractor {
 			ss << ft->get_dst_port() << ',';
 
 			// Time (e.g.: 2010-06-14T00:11:23)
-			//struct tm *ltime;
-			struct tm timeinfo;
+			struct tm *ltime;
+			//struct tm timeinfo;
 			char timestr[20];
 			time_t local_tv_sec;
 			local_tv_sec = conv->get_last_ts().get_secs();
-			//ltime = localtime(&local_tv_sec);
-			localtime_s(&timeinfo, &local_tv_sec);
-			//strftime(timestr, sizeof timestr, "%Y-%m-%dT%H:%M:%S", ltime);
-			strftime(timestr, sizeof timestr, "%Y-%m-%dT%H:%M:%S", &timeinfo);
+			ltime = localtime(&local_tv_sec);
+			//localtime_s(&timeinfo, &local_tv_sec);
+			strftime(timestr, sizeof timestr, "%Y-%m-%dT%H:%M:%S", ltime);
+			//strftime(timestr, sizeof timestr, "%Y-%m-%dT%H:%M:%S", &timeinfo);
 			ss << timestr;
 		}
 

diff --git a/src/ConversationFeatures.h b/src/ConversationFeatures.h
@@ -1,6 +1,6 @@
 #pragma once
 
-#include <stdint.h>
+#include "types.h"
 #include "Conversation.h"
 
 namespace FeatureExtractor {

diff --git a/src/ConversationReconstructor.cpp b/src/ConversationReconstructor.cpp
@@ -1,10 +1,12 @@
 #include "ConversationReconstructor.h"
+#include "types.h"
 #include "TcpConnection.h"
 #include "UdpConversation.h"
 #include "IcmpConversation.h"
 #include <assert.h>
 #include <algorithm>
 
+
 namespace FeatureExtractor {
 	using namespace std;
 
@@ -83,8 +85,12 @@ namespace FeatureExtractor {
 			case ICMP:
 				conversation = new IcmpConversation(packet);
 				break;
+
+			default:
+				break;
 			}
-			assert(conversation != nullptr && "Attempt to add NULL conversation to conversation map");
+			assert(conversation != nullptr && "Attempt to add NULL "
+				"conversation to conversation map. Possible unhadnled IP protocol value");
 
 			it = conv_map.insert(it, ConversationMap::value_type(key, conversation));
 		}

diff --git a/src/FiveTuple.cpp b/src/FiveTuple.cpp
@@ -3,7 +3,7 @@
 namespace FeatureExtractor {
 
 	FiveTuple::FiveTuple()
-		: src_ip(0), dst_ip(0), src_port(0), dst_port(0), ip_proto(PROTO_ZERO)
+		: ip_proto(PROTO_ZERO), src_ip(0), dst_ip(0), src_port(0), dst_port(0)
 	{
 	}
 

diff --git a/src/IntervalKeeper.h b/src/IntervalKeeper.h
@@ -1,6 +1,6 @@
 #pragma once
 
-#include <stdint.h>
+#include "types.h"
 #include "Timestamp.h"
 
 namespace FeatureExtractor {

diff --git a/src/IpDatagram.cpp b/src/IpDatagram.cpp
@@ -46,20 +46,23 @@ namespace FeatureExtractor {
 		this->frame_count++;
 	}
 
-
+// Allow using localtime instead of localtime_s 
+#ifdef _MSC_VER
+	#pragma warning(disable:4996)
+#endif
 	void IpDatagram::print_human() const
 	{
 		Packet::print_human();
 		if (get_eth_type() == IPV4) {
-			//struct tm *ltime;
-			struct tm timeinfo;
+			struct tm *ltime;
+			//struct tm timeinfo;
 			char timestr[16];
 			time_t local_tv_sec;
 			local_tv_sec = end_ts.get_secs();
-			//ltime = localtime(&local_tv_sec);
-			localtime_s(&timeinfo, &local_tv_sec);
-			//strftime(timestr, sizeof timestr, "%H:%M:%S", ltime);
-			strftime(timestr, sizeof timestr, "%H:%M:%S", &timeinfo);
+			ltime = localtime(&local_tv_sec);
+			//localtime_s(&timeinfo, &local_tv_sec);
+			strftime(timestr, sizeof timestr, "%H:%M:%S", ltime);
+			//strftime(timestr, sizeof timestr, "%H:%M:%S", &timeinfo);
 			cout << "  IP datagram end ts: " << timestr << endl;
 		}
 	}

diff --git a/src/IpFragment.cpp b/src/IpFragment.cpp
@@ -1,5 +1,5 @@
 #include <iostream>
-#include "IPFragment.h"
+#include "IpFragment.h"
 
 namespace FeatureExtractor {
 	using namespace std;

diff --git a/src/IpReassemblyBuffer.cpp b/src/IpReassemblyBuffer.cpp
@@ -5,8 +5,8 @@ namespace FeatureExtractor {
 	using namespace std;
 
 	IpReassemblyBuffer::IpReassemblyBuffer()
-		: datagram(nullptr), frame_count(0), total_length(0)
-		, first_frag_ts(), last_frag_ts()
+		: datagram(nullptr), first_frag_ts(), last_frag_ts()
+		, frame_count(0), total_length(0)
 	{
 	}
 

diff --git a/src/IpReassemblyBufferHoleList.h b/src/IpReassemblyBufferHoleList.h
@@ -1,5 +1,7 @@
 #pragma once
 
+#include "types.h"
+
 namespace FeatureExtractor {
 	class IpReassemblyBufferHoleList
 	{

diff --git a/src/Packet.cpp b/src/Packet.cpp
@@ -155,20 +155,24 @@ namespace FeatureExtractor {
 		return 1;
 	}
 
+// Allow using localtime instead of localtime_s 
+#ifdef _MSC_VER
+	#pragma warning(disable:4996)
+#endif
 	void Packet::print_human() const
 	{
 		// TODO: WTF ugly code, just for debugging, mal si branic..
 		stringstream ss;
 
-		//struct tm *ltime;
-		struct tm timeinfo;
+		struct tm *ltime;
+		//struct tm timeinfo;
 		char timestr[16];
 		time_t local_tv_sec;
-		local_tv_sec = start_ts.get_secs();
-		//ltime = localtime(&local_tv_sec);
-		localtime_s(&timeinfo, &local_tv_sec);
-		//strftime(timestr, sizeof timestr, "%H:%M:%S", ltime);
-		strftime(timestr, sizeof timestr, "%H:%M:%S", &timeinfo);
+		//local_tv_sec = start_ts.get_secs();
+		ltime = localtime(&local_tv_sec);
+		//localtime_s(&timeinfo, &local_tv_sec);
+		strftime(timestr, sizeof timestr, "%H:%M:%S", ltime);
+		//strftime(timestr, sizeof timestr, "%H:%M:%S", &timeinfo);
 		ss << timestr;
 
 		ss << (is_eth2() ? " ETHERNET II" : " NON-ETHERNET");

diff --git a/src/Sniffer.cpp b/src/Sniffer.cpp
@@ -1,12 +1,10 @@
 
 #include <iostream>
+#include <cstdlib>
 #include "Sniffer.h"
 #include "net.h"
 #include <assert.h>
 
-// prevent localtime warning --> solved with localtime_s
-//#pragma warning(disable : 4996)
-
 // Unknown netmask constant for filter creation
 #ifndef PCAP_NETMASK_UNKNOWN
 #define PCAP_NETMASK_UNKNOWN 0xffffffff

diff --git a/src/StatsPerHost.cpp b/src/StatsPerHost.cpp
@@ -1,8 +1,10 @@
 #include "StatsPerHost.h"
 
-// Disable C4351 warning message:
+// MSVC: Disable C4351 warning message:
 // new behavior: elements of array 'StatsPerHost::same_srv_counts' will be default initialized
-#pragma warning(disable:4351)
+#ifdef _MSC_VER
+	#pragma warning(disable:4351)
+#endif
 
 namespace FeatureExtractor {
 

diff --git a/src/StatsPerHost.h b/src/StatsPerHost.h
@@ -1,6 +1,6 @@
 #pragma once
 
-#include <stdint.h>
+#include "types.h"
 #include "StatsCollector.h"
 #include "FeatureUpdater.h"
 

diff --git a/src/StatsPerService.cpp b/src/StatsPerService.cpp
@@ -1,6 +1,5 @@
 #include "StatsPerService.h"
 
-
 namespace FeatureExtractor {
 	StatsPerService::StatsPerService()
 		: feature_updater(nullptr)

diff --git a/src/StatsPerService.h b/src/StatsPerService.h
@@ -1,6 +1,6 @@
 #pragma once
 
-#include <stdint.h>
+#include "types.h"
 #include "StatsCollector.h"
 #include "FeatureUpdater.h"