From 997a7e5e0efa9285aad8f02699108de359688b0b Mon Sep 17 00:00:00 2001 From: bittomix Date: Sun, 13 Dec 2015 01:26:26 +0100 Subject: [PATCH] changes to compile on Linux (gcc 4.6.3) --- README.md | 13 ++++++++++++ src/CMakeLists.txt | 5 +++++ src/Config.cpp | 1 - src/Config.h | 4 +--- src/Conversation.cpp | 31 +++++++++++++++++++++------- src/Conversation.h | 6 +++--- src/ConversationFeatures.cpp | 14 +++++++------ src/ConversationFeatures.h | 2 +- src/ConversationReconstructor.cpp | 8 +++++++- src/FiveTuple.cpp | 2 +- src/IntervalKeeper.h | 2 +- src/IpDatagram.cpp | 17 +++++++++------- src/IpFragment.cpp | 2 +- src/IpReassemblyBuffer.cpp | 4 ++-- src/IpReassemblyBufferHoleList.h | 2 ++ src/Packet.cpp | 18 +++++++++------- src/Sniffer.cpp | 4 +--- src/StatsPerHost.cpp | 6 ++++-- src/StatsPerHost.h | 2 +- src/StatsPerService.cpp | 1 - src/StatsPerService.h | 2 +- src/StatsWindow.cpp | 14 ++++++------- src/StatsWindow.h | 2 +- src/StatsWindowCount.cpp | 13 ++++++------ src/StatsWindowTime.cpp | 12 +++++------ src/Timestamp.h | 2 +- src/main.cpp | 29 ++++++++++++++++---------- src/net.cpp | 10 ++++----- src/net.h | 34 ++++++++++++++++++------------- src/types.h | 14 +++++++++++++ 30 files changed, 175 insertions(+), 101 deletions(-) create mode 100644 src/types.h diff --git a/README.md b/README.md index 237684a..8d1f7bf 100644 --- a/README.md +++ b/README.md @@ -6,6 +6,13 @@ Some feature might not be calculated exactly same way as in KDD, because there w Features in KDD should be the same as features introduced by Lee & Stolfo in their work [2]. +## Status +* Current version is not 100% guarenteed to be perfect in sense that some features might be calculated bit different algorighms than KDD '99 dataset a Lee & Stolfo used. Hovewer, it is suitable for educational purposes. +* Compiled & tested in following environments: + * Windows 7 x64, MSCV 2015 (14), WinPcap 4.1.3 + * Windows 7 x64, MSCV 2013 (12), WinPcap 4.1.3 + * Ubuntu 12.04 x64, gcc 4.6.3, libpcap 4.2 + ## Features * Subset of KDD '99 features [1] * Content features (columns 10-22 of KDD) are not included @@ -23,6 +30,12 @@ Features in KDD should be the same as features introduced by Lee & Stolfo in the 4. Statistical engine * Computes derived features (columns 23-41 of KDD) +## Planned sections in this readme +* TODOs (e.g. IP checksum checking not implemented) +* Known/possible problems, bugs & limitations +* Build instructions + + ## Main sources of feature documentation [1] KDD Cup 1999 Data, http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 01c3eab..4ee033e 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -7,6 +7,11 @@ file(GLOB SOURCES set(INCLUDES ${PCAP_INCLUDE_DIR}) set(LIBS ${PCAP_LIBRARIES}) +if(UNIX) + # gcc warning: scoped enums only available with -std=c++0x or -std=gnu++0 + SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wall -std=gnu++0x") +endif() + # ntohs() function in Windows if( WIN32 ) set( LIBS ${LIBS} "Ws2_32") diff --git a/src/Config.cpp b/src/Config.cpp index a9889f0..e109912 100644 --- a/src/Config.cpp +++ b/src/Config.cpp @@ -1,6 +1,5 @@ #include "Config.h" - namespace FeatureExtractor { /** * Constructor for default timeout values: diff --git a/src/Config.h b/src/Config.h index 61dcb1f..4bcef50 100644 --- a/src/Config.h +++ b/src/Config.h @@ -1,6 +1,6 @@ #pragma once -#include +#include "types.h" namespace FeatureExtractor { @@ -20,8 +20,6 @@ namespace FeatureExtractor { int pcap_read_timeout; size_t additional_frame_len; - // TODO: getters & setter for above - /** * IP reassembly */ diff --git a/src/Conversation.cpp b/src/Conversation.cpp index 675e20d..c71e7f2 100644 --- a/src/Conversation.cpp +++ b/src/Conversation.cpp @@ -223,6 +223,12 @@ namespace FeatureExtractor { const char *Conversation::get_service_str() const { + // Ensure size of strins matches number of values for enum at compilation time +#ifdef static_assert + static_assert(sizeof(Conversation::SERVICE_NAMES) / sizeof(char *) == NUMBER_OF_SERVICES, + "Mapping of services to strings failed: number of string does not match number of values"); +#endif + return SERVICE_NAMES[get_service()]; } @@ -238,6 +244,8 @@ namespace FeatureExtractor { case ICMP: return "icmp"; break; + default: + break; } return "UNKNOWN"; } @@ -256,6 +264,9 @@ namespace FeatureExtractor { case S3: return true; break; + + default: + break; } return false; @@ -329,6 +340,7 @@ namespace FeatureExtractor { case S4: return "S4"; break; case S2F: return "S2F"; break; case S3F: return "S3F"; break; + default: break; } return "UNKNOWN"; @@ -339,20 +351,25 @@ namespace FeatureExtractor { return (this->get_last_ts() < other.get_last_ts()); } + +// Allow using localtime instead of localtime_s +#ifdef _MSC_VER + #pragma warning(disable:4996) +#endif void Conversation::print_human() const { // TODO: WTF ugly code, just for debugging, so nasrac.. stringstream ss; - //struct tm *ltime; - struct tm timeinfo; + struct tm *ltime; + //struct tm timeinfo; char timestr[16]; time_t local_tv_sec; - local_tv_sec = start_ts.get_secs(); - //ltime = localtime(&local_tv_sec); - localtime_s(&timeinfo, &local_tv_sec); - //strftime(timestr, sizeof timestr, "%H:%M:%S", ltime); - strftime(timestr, sizeof timestr, "%H:%M:%S", &timeinfo); + //local_tv_sec = start_ts.get_secs(); + ltime = localtime(&local_tv_sec); + //localtime_s(&timeinfo, &local_tv_sec); + strftime(timestr, sizeof timestr, "%H:%M:%S", ltime); + //strftime(timestr, sizeof timestr, "%H:%M:%S", &timeinfo); ss << "CONVERSATION "; if (five_tuple.get_ip_proto() == ICMP) { diff --git a/src/Conversation.h b/src/Conversation.h index a499102..9ca9fb1 100644 --- a/src/Conversation.h +++ b/src/Conversation.h @@ -17,7 +17,9 @@ namespace FeatureExtractor { enum conversation_state_t { // General states INIT, // Nothing happened yet. - SF, // Normal establishment and termination. Note that this is the same symbol as for state S1. You can tell the two apart because for S1 there will not be any byte counts in the summary, while for SF there will be. + SF, // Normal establishment and termination. Note that this is the same + // symbol as for state S1. You can tell the two apart because for S1 there + // will not be any byte counts in the summary, while for SF there will be. // TCP specific S0, // Connection attempt seen, no reply. @@ -143,8 +145,6 @@ namespace FeatureExtractor { // Array for mapping service_t to string (char *) static const char* const SERVICE_NAMES[NUMBER_OF_SERVICES]; - static_assert(sizeof(Conversation::SERVICE_NAMES) / sizeof(char *) == NUMBER_OF_SERVICES, - "Mapping of services to strings failed: number of string does not match number of values"); protected: FiveTuple five_tuple; diff --git a/src/ConversationFeatures.cpp b/src/ConversationFeatures.cpp index 89226d8..2700c3b 100644 --- a/src/ConversationFeatures.cpp +++ b/src/ConversationFeatures.cpp @@ -170,6 +170,8 @@ namespace FeatureExtractor { this->dst_host_same_srv_count = dst_host_same_srv_count; } + // Allow using localtime instead of localtime_s + #pragma warning(disable : 4996) void ConversationFeatures::print(bool print_extra_features) const { stringstream ss; @@ -224,15 +226,15 @@ namespace FeatureExtractor { ss << ft->get_dst_port() << ','; // Time (e.g.: 2010-06-14T00:11:23) - //struct tm *ltime; - struct tm timeinfo; + struct tm *ltime; + //struct tm timeinfo; char timestr[20]; time_t local_tv_sec; local_tv_sec = conv->get_last_ts().get_secs(); - //ltime = localtime(&local_tv_sec); - localtime_s(&timeinfo, &local_tv_sec); - //strftime(timestr, sizeof timestr, "%Y-%m-%dT%H:%M:%S", ltime); - strftime(timestr, sizeof timestr, "%Y-%m-%dT%H:%M:%S", &timeinfo); + ltime = localtime(&local_tv_sec); + //localtime_s(&timeinfo, &local_tv_sec); + strftime(timestr, sizeof timestr, "%Y-%m-%dT%H:%M:%S", ltime); + //strftime(timestr, sizeof timestr, "%Y-%m-%dT%H:%M:%S", &timeinfo); ss << timestr; } diff --git a/src/ConversationFeatures.h b/src/ConversationFeatures.h index f264511..1b495d4 100644 --- a/src/ConversationFeatures.h +++ b/src/ConversationFeatures.h @@ -1,6 +1,6 @@ #pragma once -#include +#include "types.h" #include "Conversation.h" namespace FeatureExtractor { diff --git a/src/ConversationReconstructor.cpp b/src/ConversationReconstructor.cpp index 27cec47..9fde084 100644 --- a/src/ConversationReconstructor.cpp +++ b/src/ConversationReconstructor.cpp @@ -1,10 +1,12 @@ #include "ConversationReconstructor.h" +#include "types.h" #include "TcpConnection.h" #include "UdpConversation.h" #include "IcmpConversation.h" #include #include + namespace FeatureExtractor { using namespace std; @@ -83,8 +85,12 @@ namespace FeatureExtractor { case ICMP: conversation = new IcmpConversation(packet); break; + + default: + break; } - assert(conversation != nullptr && "Attempt to add NULL conversation to conversation map"); + assert(conversation != nullptr && "Attempt to add NULL " + "conversation to conversation map. Possible unhadnled IP protocol value"); it = conv_map.insert(it, ConversationMap::value_type(key, conversation)); } diff --git a/src/FiveTuple.cpp b/src/FiveTuple.cpp index 8fa33b0..7cddf10 100644 --- a/src/FiveTuple.cpp +++ b/src/FiveTuple.cpp @@ -3,7 +3,7 @@ namespace FeatureExtractor { FiveTuple::FiveTuple() - : src_ip(0), dst_ip(0), src_port(0), dst_port(0), ip_proto(PROTO_ZERO) + : ip_proto(PROTO_ZERO), src_ip(0), dst_ip(0), src_port(0), dst_port(0) { } diff --git a/src/IntervalKeeper.h b/src/IntervalKeeper.h index faea9b0..7f1bc8e 100644 --- a/src/IntervalKeeper.h +++ b/src/IntervalKeeper.h @@ -1,6 +1,6 @@ #pragma once -#include +#include "types.h" #include "Timestamp.h" namespace FeatureExtractor { diff --git a/src/IpDatagram.cpp b/src/IpDatagram.cpp index 9477014..c809cfc 100644 --- a/src/IpDatagram.cpp +++ b/src/IpDatagram.cpp @@ -46,20 +46,23 @@ namespace FeatureExtractor { this->frame_count++; } - +// Allow using localtime instead of localtime_s +#ifdef _MSC_VER + #pragma warning(disable:4996) +#endif void IpDatagram::print_human() const { Packet::print_human(); if (get_eth_type() == IPV4) { - //struct tm *ltime; - struct tm timeinfo; + struct tm *ltime; + //struct tm timeinfo; char timestr[16]; time_t local_tv_sec; local_tv_sec = end_ts.get_secs(); - //ltime = localtime(&local_tv_sec); - localtime_s(&timeinfo, &local_tv_sec); - //strftime(timestr, sizeof timestr, "%H:%M:%S", ltime); - strftime(timestr, sizeof timestr, "%H:%M:%S", &timeinfo); + ltime = localtime(&local_tv_sec); + //localtime_s(&timeinfo, &local_tv_sec); + strftime(timestr, sizeof timestr, "%H:%M:%S", ltime); + //strftime(timestr, sizeof timestr, "%H:%M:%S", &timeinfo); cout << " IP datagram end ts: " << timestr << endl; } } diff --git a/src/IpFragment.cpp b/src/IpFragment.cpp index 88f4815..eff13db 100644 --- a/src/IpFragment.cpp +++ b/src/IpFragment.cpp @@ -1,5 +1,5 @@ #include -#include "IPFragment.h" +#include "IpFragment.h" namespace FeatureExtractor { using namespace std; diff --git a/src/IpReassemblyBuffer.cpp b/src/IpReassemblyBuffer.cpp index 146c6ef..7772fe5 100644 --- a/src/IpReassemblyBuffer.cpp +++ b/src/IpReassemblyBuffer.cpp @@ -5,8 +5,8 @@ namespace FeatureExtractor { using namespace std; IpReassemblyBuffer::IpReassemblyBuffer() - : datagram(nullptr), frame_count(0), total_length(0) - , first_frag_ts(), last_frag_ts() + : datagram(nullptr), first_frag_ts(), last_frag_ts() + , frame_count(0), total_length(0) { } diff --git a/src/IpReassemblyBufferHoleList.h b/src/IpReassemblyBufferHoleList.h index 36fe342..a35241c 100644 --- a/src/IpReassemblyBufferHoleList.h +++ b/src/IpReassemblyBufferHoleList.h @@ -1,5 +1,7 @@ #pragma once +#include "types.h" + namespace FeatureExtractor { class IpReassemblyBufferHoleList { diff --git a/src/Packet.cpp b/src/Packet.cpp index ac4c675..5856999 100644 --- a/src/Packet.cpp +++ b/src/Packet.cpp @@ -155,20 +155,24 @@ namespace FeatureExtractor { return 1; } +// Allow using localtime instead of localtime_s +#ifdef _MSC_VER + #pragma warning(disable:4996) +#endif void Packet::print_human() const { // TODO: WTF ugly code, just for debugging, mal si branic.. stringstream ss; - //struct tm *ltime; - struct tm timeinfo; + struct tm *ltime; + //struct tm timeinfo; char timestr[16]; time_t local_tv_sec; - local_tv_sec = start_ts.get_secs(); - //ltime = localtime(&local_tv_sec); - localtime_s(&timeinfo, &local_tv_sec); - //strftime(timestr, sizeof timestr, "%H:%M:%S", ltime); - strftime(timestr, sizeof timestr, "%H:%M:%S", &timeinfo); + //local_tv_sec = start_ts.get_secs(); + ltime = localtime(&local_tv_sec); + //localtime_s(&timeinfo, &local_tv_sec); + strftime(timestr, sizeof timestr, "%H:%M:%S", ltime); + //strftime(timestr, sizeof timestr, "%H:%M:%S", &timeinfo); ss << timestr; ss << (is_eth2() ? " ETHERNET II" : " NON-ETHERNET"); diff --git a/src/Sniffer.cpp b/src/Sniffer.cpp index 9da7110..1bbd14e 100644 --- a/src/Sniffer.cpp +++ b/src/Sniffer.cpp @@ -1,12 +1,10 @@ #include +#include #include "Sniffer.h" #include "net.h" #include -// prevent localtime warning --> solved with localtime_s -//#pragma warning(disable : 4996) - // Unknown netmask constant for filter creation #ifndef PCAP_NETMASK_UNKNOWN #define PCAP_NETMASK_UNKNOWN 0xffffffff diff --git a/src/StatsPerHost.cpp b/src/StatsPerHost.cpp index 975230d..85bd365 100644 --- a/src/StatsPerHost.cpp +++ b/src/StatsPerHost.cpp @@ -1,8 +1,10 @@ #include "StatsPerHost.h" -// Disable C4351 warning message: +// MSVC: Disable C4351 warning message: // new behavior: elements of array 'StatsPerHost::same_srv_counts' will be default initialized -#pragma warning(disable:4351) +#ifdef _MSC_VER + #pragma warning(disable:4351) +#endif namespace FeatureExtractor { diff --git a/src/StatsPerHost.h b/src/StatsPerHost.h index dfa0d61..c5533bf 100644 --- a/src/StatsPerHost.h +++ b/src/StatsPerHost.h @@ -1,6 +1,6 @@ #pragma once -#include +#include "types.h" #include "StatsCollector.h" #include "FeatureUpdater.h" diff --git a/src/StatsPerService.cpp b/src/StatsPerService.cpp index 084b654..6733654 100644 --- a/src/StatsPerService.cpp +++ b/src/StatsPerService.cpp @@ -1,6 +1,5 @@ #include "StatsPerService.h" - namespace FeatureExtractor { StatsPerService::StatsPerService() : feature_updater(nullptr) diff --git a/src/StatsPerService.h b/src/StatsPerService.h index 1e9dc3c..cc80852 100644 --- a/src/StatsPerService.h +++ b/src/StatsPerService.h @@ -1,6 +1,6 @@ #pragma once -#include +#include "types.h" #include "StatsCollector.h" #include "FeatureUpdater.h" diff --git a/src/StatsWindow.cpp b/src/StatsWindow.cpp index 8a10e2d..7d22c09 100644 --- a/src/StatsWindow.cpp +++ b/src/StatsWindow.cpp @@ -20,9 +20,9 @@ namespace FeatureExtractor { StatsWindow::~StatsWindow() { // Deallocate leftover conversations in the queue - while (!queue.empty()) { - Conversation *conv = queue.front(); - queue.pop(); + while (!finished_convs.empty()) { + Conversation *conv = finished_convs.front(); + finished_convs.pop(); // Object commits suicide if no more references to it conv->deregister_reference(); @@ -38,7 +38,7 @@ namespace FeatureExtractor { // Find or insert with single lookup: // http://stackoverflow.com/a/101980/3503528 - map::iterator it = per_host.lower_bound(dst_ip); + typename map::iterator it = per_host.lower_bound(dst_ip); if (it != per_host.end() && !(per_host.key_comp()(dst_ip, it->first))) { // Found @@ -47,7 +47,7 @@ namespace FeatureExtractor { else { // The key does not exist in the map // Add it to the map + update iterator to point to new item - it = per_host.insert(it, map::value_type(dst_ip, TStatsPerHost(feature_updater))); + it = per_host.insert(it, typename map::value_type(dst_ip, TStatsPerHost(feature_updater))); stats = &it->second; } @@ -61,7 +61,7 @@ namespace FeatureExtractor { service_t service = conv->get_service(); // Forward to per host stats - map::iterator it = per_host.find(dst_ip); + typename map::iterator it = per_host.find(dst_ip); assert(it != per_host.end() && "Reporting removal of convesation not in queue: no such dst. IP record"); TStatsPerHost *this_host = &it->second; this_host->report_conversation_removal(conv); @@ -90,7 +90,7 @@ namespace FeatureExtractor { // Add new connection to window queue (+ register reference) conv->register_reference(); - queue.push(conv); + finished_convs.push(conv); perform_window_maintenance(conv); } diff --git a/src/StatsWindow.h b/src/StatsWindow.h index 63529f9..3afd81e 100644 --- a/src/StatsWindow.h +++ b/src/StatsWindow.h @@ -28,7 +28,7 @@ namespace FeatureExtractor { // Queue, methods, feature src_diff_host_rate // Queue of conversation in observed window - queuequeue; + queuefinished_convs; // Statistics per host (destination IP) map per_host; diff --git a/src/StatsWindowCount.cpp b/src/StatsWindowCount.cpp index 055d2ae..ae0cb1b 100644 --- a/src/StatsWindowCount.cpp +++ b/src/StatsWindowCount.cpp @@ -8,19 +8,18 @@ namespace FeatureExtractor { template StatsWindowCount::StatsWindowCount() - : StatsWindow(new FeatureUpdaterCount()) + : StatsWindow(new FeatureUpdaterCount()) , window_size(100) // Default size = 100 conversations { } template StatsWindowCount::StatsWindowCount(unsigned int window_size) - : StatsWindow(new FeatureUpdaterCount()) + : StatsWindow(new FeatureUpdaterCount()) , window_size(window_size) { } - template StatsWindowCount::~StatsWindowCount() { @@ -30,12 +29,12 @@ namespace FeatureExtractor { template void StatsWindowCount::perform_window_maintenance(const Conversation *new_conv) { - while (queue.size() > window_size) { - Conversation *conv = queue.front(); - queue.pop(); + while (this->finished_convs.size() > window_size) { + Conversation *conv = this->finished_convs.front(); + this->finished_convs.pop(); // Exclude removed conversation from stats - report_conversation_removal(conv); + this->report_conversation_removal(conv); // Object commits suicide if no more references to it conv->deregister_reference(); diff --git a/src/StatsWindowTime.cpp b/src/StatsWindowTime.cpp index 06f31f4..0e458fc 100644 --- a/src/StatsWindowTime.cpp +++ b/src/StatsWindowTime.cpp @@ -8,14 +8,14 @@ namespace FeatureExtractor { template StatsWindowTime::StatsWindowTime() - : StatsWindow(new FeatureUpdaterTime()) + : StatsWindow(new FeatureUpdaterTime()) , window_size_ms(2000) // Default size = 2 sec. { } template StatsWindowTime::StatsWindowTime(unsigned int window_size_ms) - : StatsWindow(new FeatureUpdaterTime()) + : StatsWindow(new FeatureUpdaterTime()) , window_size_ms(window_size_ms) { } @@ -32,12 +32,12 @@ namespace FeatureExtractor { Timestamp max_delete_ts = now - (window_size_ms * 1000); // Substract usecs // Delete all conversations with last timestamp <= max_delete_ts - while (!queue.empty() && queue.front()->get_last_ts() <= max_delete_ts) { - Conversation *conv = queue.front(); - queue.pop(); + while (!this->finished_convs.empty() && this->finished_convs.front()->get_last_ts() <= max_delete_ts) { + Conversation *conv = this->finished_convs.front(); + this->finished_convs.pop(); // Exclude removed conversation from stats - report_conversation_removal(conv); + this->report_conversation_removal(conv); // Object commits suicide if no more references to it conv->deregister_reference(); diff --git a/src/Timestamp.h b/src/Timestamp.h index b340640..c627ec8 100644 --- a/src/Timestamp.h +++ b/src/Timestamp.h @@ -1,6 +1,6 @@ #pragma once -#include +#include "types.h" // Bug in win WpdPack_4_1_2: On line 69 of pcap-stdinc.h, 'inline' is re-defined // http://www.winpcap.org/pipermail/winpcap-bugs/2013-November/001760.html // Solved by including pcap.h after standard libs diff --git a/src/main.cpp b/src/main.cpp index 1750cfb..ef870e6 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -4,7 +4,9 @@ #include #include // std::bad_alloc #include +#include #include + #include "Config.h" #include "Sniffer.h" #include "IpReassembler.h" @@ -17,19 +19,21 @@ using namespace FeatureExtractor; static volatile bool temination_requested = false; void signal_handler(int signum); -void usage(char *name); +void usage(const char *name); void list_interfaces(); void parse_args(int argc, char **argv, Config *config); -void invalid_option(char *opt, char *progname); -void invalid_option_value(char *opt, char *val, char *progname); +void invalid_option(const char *opt, const char *progname); +void invalid_option_value(const char *opt, const char *val, const char *progname); void extract(Sniffer *sniffer, const Config *config, bool is_running_live); int main(int argc, char **argv) { // Register signal handler for termination signal(SIGINT, signal_handler); - signal(SIGBREAK, signal_handler); signal(SIGTERM, signal_handler); +#ifdef SIGBREAK + signal(SIGBREAK, signal_handler); +#endif try { Config config; @@ -94,7 +98,9 @@ void extract(Sniffer *sniffer, const Config *config, bool is_running_live) assert((eth_type == IPV4 && (ip_proto == TCP || ip_proto == UDP || ip_proto == ICMP)) && "Sniffer returned packet that is not (TCP or UDP or ICMP)"); - // IP Reassembly + Timestamp now = frag->get_end_ts(); + + // IP Reassembly, frag must not be used after this datagr = reasm.reassemble(frag); // Conversation reconstruction @@ -103,7 +109,6 @@ void extract(Sniffer *sniffer, const Config *config, bool is_running_live) } else { // Tell conversation reconstruction just how the time goes on - Timestamp now = frag->get_end_ts(); conv_reconstructor.report_time(now); } } @@ -133,11 +138,13 @@ void extract(Sniffer *sniffer, const Config *config, bool is_running_live) } } -void usage(char *name) +void usage(const char *name) { // Option '-' orignaly meant to use big read timeouts and exit on first timeout. Other approach used // because original approach did not work (does this option make sense now?). - cout << "Usage: " << name << " [OPTION]... [FILE]" << endl + cout << "KDD'99-like feature extractor" << endl + << "Build time : " << __DATE__ << " " << __TIME__ << endl << endl + << "Usage: " << name << " [OPTION]... [FILE]" << endl << " -h, --help Display this usage " << endl << " -l, --list List interfaces " << endl << " -i NUMBER Capture from interface with given number (default 1)" << endl @@ -276,7 +283,7 @@ void parse_args(int argc, char **argv, Config *config) if (argc <= ++i) invalid_option_value(argv[i - 1], "", argv[0]); - out_stream = ofstream(argv[i]); + out_stream.open(argv[i]); // streambuf *coutbuf = std::cout.rdbuf(); //save old buf cout.rdbuf(out_stream.rdbuf()); //redirect std::cout break; @@ -477,14 +484,14 @@ void parse_args(int argc, char **argv, Config *config) } } -void invalid_option(char *opt, char *progname) +void invalid_option(const char *opt, const char *progname) { cout << "Invalid option '" << opt << "'" << endl << endl; usage(progname); exit(1); } -void invalid_option_value(char *opt, char *val, char *progname) +void invalid_option_value(const char *opt, const char *val, const char *progname) { cout << "Invalid value '" << val << "' for option '" << opt << "'" << endl << endl; usage(progname); diff --git a/src/net.cpp b/src/net.cpp index 0b65ae6..c1b1aa9 100644 --- a/src/net.cpp +++ b/src/net.cpp @@ -75,13 +75,13 @@ namespace FeatureExtractor { return (((uint8_t *) this) + header_length()); } - tcp_field_flags_t::tcp_field_flags_t() : tcp_field_flags_t(0) + tcp_field_flags_t::tcp_field_flags_t(uint8_t flags) + : flags(flags) {} - tcp_field_flags_t::tcp_field_flags_t(uint8_t flags) - { - this->flags = flags; - } + tcp_field_flags_t::tcp_field_flags_t() + : flags(0) + {} bool tcp_field_flags_t::fin() const { diff --git a/src/net.h b/src/net.h index 67b6ccc..c7bff18 100644 --- a/src/net.h +++ b/src/net.h @@ -1,6 +1,12 @@ #pragma once -#include +#include "types.h" + +// ntoh fuctions +#if !defined(_WIN32) && !defined(WIN32) && !defined(__CYGWIN__) && !defined(__MINGW32__) && !defined(__BORLANDC__) +#include +#endif + // Bug in win WpdPack_4_1_2: On line 69 of pcap-stdinc.h, 'inline' is re-defined // http://www.winpcap.org/pipermail/winpcap-bugs/2013-November/001760.html // Solved by including pcap.h after standard libs @@ -23,7 +29,7 @@ namespace FeatureExtractor { /* * Ethernet header */ - typedef struct { + struct ether_header_t { uint8_t dst_addr[6]; uint8_t src_addr[6]; eth_field_type_t type_length; @@ -33,7 +39,7 @@ namespace FeatureExtractor { bool is_ethernet2() const; bool is_type_ipv4() const; uint8_t *get_eth2_sdu() const; - } ether_header_t; + }; /* * IP protocol field @@ -48,7 +54,7 @@ namespace FeatureExtractor { /* * IP header */ - typedef struct { + struct ip_header_t { uint8_t ver_ihl; // 4 bits version and 4 bits internet header length uint8_t tos; uint16_t total_length; @@ -71,29 +77,29 @@ namespace FeatureExtractor { size_t frag_offset() const; const char *protocol_str() const; uint8_t *get_sdu() const; - } ip_header_t; + }; /* * UDP header */ - typedef struct { + struct udp_header_t { uint16_t src_port; uint16_t dst_port; uint16_t length; uint16_t checksum; static const size_t UDP_MIN_HEADER_LENGTH = 8; - } udp_header_t; + }; /* * TCP flags field */ - typedef struct tcp_field_flags_t { + struct tcp_field_flags_t { uint8_t flags; tcp_field_flags_t(); tcp_field_flags_t(uint8_t flags); - bool fin() const; + bool fin() const; bool syn() const; bool rst() const; bool psh() const; @@ -101,12 +107,12 @@ namespace FeatureExtractor { bool urg() const; // Urgent bool ece() const; // ECN Echo bool cwr() const; // Congestion Window Reduced - } tcp_field_flags_t; + }; /* * TCP header */ - typedef struct { + struct tcp_header_t { uint16_t src_port; uint16_t dst_port; uint32_t seq; @@ -118,7 +124,7 @@ namespace FeatureExtractor { uint16_t urgent_p; static const size_t TCP_MIN_HEADER_LENGTH = 20; - } tcp_header_t; + }; @@ -146,11 +152,11 @@ namespace FeatureExtractor { /* * ICMP header */ - typedef struct { + struct icmp_header_t { icmp_field_type_t type; uint8_t code; uint16_t checksum; static const size_t ICMP_MIN_HEADER_LENGTH = 8; - } icmp_header_t; + }; } \ No newline at end of file diff --git a/src/types.h b/src/types.h new file mode 100644 index 0000000..4876a68 --- /dev/null +++ b/src/types.h @@ -0,0 +1,14 @@ +#pragma once + +#define __STDC_LIMIT_MACROS +#define __STDC_CONSTANT_MACROS +#include + +#define __need_size_t +#define __need_NULL +#include + +// nullptr is keyword from C++11 +#ifndef nullptr +#define nullptr NULL +#endif