From be20851fdc84af5c7e68cdeccd21d685b80b2bf2 Mon Sep 17 00:00:00 2001 From: hexiaole Date: Tue, 12 Nov 2024 18:10:04 +0800 Subject: [PATCH 1/4] BasicFlow: remove redundant increment for flowLengthStats In BasicFlow.java:firstPacket, the variable flowLengthStats is added by payload of packet twice rather than once. The first time is after enter BasicFlow.java:firstPacket, and before checking whether it is forward packet or backward packet. The second time is after checking whether it is forward packet or backward packet. This commit remove the second redundant one. --- src/main/java/cic/cs/unb/ca/jnetpcap/BasicFlow.java | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/main/java/cic/cs/unb/ca/jnetpcap/BasicFlow.java b/src/main/java/cic/cs/unb/ca/jnetpcap/BasicFlow.java index d8f05dee..7b863256 100644 --- a/src/main/java/cic/cs/unb/ca/jnetpcap/BasicFlow.java +++ b/src/main/java/cic/cs/unb/ca/jnetpcap/BasicFlow.java @@ -139,7 +139,6 @@ public void firstPacket(BasicPacketInfo packet){ if(Arrays.equals(this.src, packet.getSrc())){ this.min_seg_size_forward = packet.getHeaderBytes(); Init_Win_bytes_forward = packet.getTCPWindow(); - this.flowLengthStats.addValue((double)packet.getPayloadBytes()); this.fwdPktStats.addValue((double)packet.getPayloadBytes()); this.fHeaderBytes = packet.getHeaderBytes(); this.forwardLastSeen = packet.getTimeStamp(); @@ -153,7 +152,6 @@ public void firstPacket(BasicPacketInfo packet){ } }else{ Init_Win_bytes_backward = packet.getTCPWindow(); - this.flowLengthStats.addValue((double)packet.getPayloadBytes()); this.bwdPktStats.addValue((double)packet.getPayloadBytes()); this.bHeaderBytes = packet.getHeaderBytes(); this.backwardLastSeen = packet.getTimeStamp(); From 4e19a64c8125528b6de3204624bae2de37012d4c Mon Sep 17 00:00:00 2001 From: hexiaole Date: Tue, 12 Nov 2024 18:21:54 +0800 Subject: [PATCH 2/4] BasicFlow: fix bug for PSH and URG flags counting In the first packet of a flow which is handled in BasicFlow.java:firstPacket, the flags PSH and URG are counted correctly. But in the second and after packets of a flow which is handled in BasicFlow.java:addPacket, the flags PSH and URG are not counted correctly. This commit counts PSH and URG flags correctly for the second and after packets. --- .../java/cic/cs/unb/ca/jnetpcap/BasicFlow.java | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/src/main/java/cic/cs/unb/ca/jnetpcap/BasicFlow.java b/src/main/java/cic/cs/unb/ca/jnetpcap/BasicFlow.java index 7b863256..eaedbdca 100644 --- a/src/main/java/cic/cs/unb/ca/jnetpcap/BasicFlow.java +++ b/src/main/java/cic/cs/unb/ca/jnetpcap/BasicFlow.java @@ -182,7 +182,13 @@ public void addPacket(BasicPacketInfo packet){ } this.fwdPktStats.addValue((double)packet.getPayloadBytes()); this.fHeaderBytes +=packet.getHeaderBytes(); - this.forward.add(packet); + this.forward.add(packet); + if(packet.hasFlagPSH()){ + this.fPSH_cnt++; + } + if(packet.hasFlagURG()){ + this.fURG_cnt++; + } this.forwardBytes+=packet.getPayloadBytes(); if (this.forward.size()>1) this.forwardIAT.addValue(currentTimestamp -this.forwardLastSeen); @@ -194,6 +200,12 @@ public void addPacket(BasicPacketInfo packet){ Init_Win_bytes_backward = packet.getTCPWindow(); this.bHeaderBytes+=packet.getHeaderBytes(); this.backward.add(packet); + if(packet.hasFlagPSH()){ + this.bPSH_cnt++; + } + if(packet.hasFlagURG()){ + this.bURG_cnt++; + } this.backwardBytes+=packet.getPayloadBytes(); if (this.backward.size()>1) this.backwardIAT.addValue(currentTimestamp-this.backwardLastSeen); From da3e74125262d242b23a5aa43ac7e65d96e0d533 Mon Sep 17 00:00:00 2001 From: hexiaole Date: Tue, 12 Nov 2024 18:35:29 +0800 Subject: [PATCH 3/4] BasicFlow: fix bugs for the source ip of a flow In the first packet of a flow which is handled in BasicFlow.java:firstPacket, when calling function:updateFlowBulk, the BasicFlow.src is null, but the BasicFlow.src is used to compare with the source ip of the first packet. In function:updateFlowBulk, in order to compare with BasicFlow.src and the source ip of the first packet, the code use operator == rather than Arrays.equals. This commit fixes these 2 bugs. --- .../java/cic/cs/unb/ca/jnetpcap/BasicFlow.java | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/src/main/java/cic/cs/unb/ca/jnetpcap/BasicFlow.java b/src/main/java/cic/cs/unb/ca/jnetpcap/BasicFlow.java index eaedbdca..e85d4ca3 100644 --- a/src/main/java/cic/cs/unb/ca/jnetpcap/BasicFlow.java +++ b/src/main/java/cic/cs/unb/ca/jnetpcap/BasicFlow.java @@ -119,6 +119,14 @@ public void initParameters(){ public void firstPacket(BasicPacketInfo packet){ + if(this.src==null){ + this.src = packet.getSrc(); + this.srcPort = packet.getSrcPort(); + } + if(this.dst==null){ + this.dst = packet.getDst(); + this.dstPort = packet.getDstPort(); + } updateFlowBulk(packet); detectUpdateSubflows(packet); checkFlags(packet); @@ -128,14 +136,6 @@ public void firstPacket(BasicPacketInfo packet){ this.endActiveTime = packet.getTimeStamp(); this.flowLengthStats.addValue((double)packet.getPayloadBytes()); - if(this.src==null){ - this.src = packet.getSrc(); - this.srcPort = packet.getSrcPort(); - } - if(this.dst==null){ - this.dst = packet.getDst(); - this.dstPort = packet.getDstPort(); - } if(Arrays.equals(this.src, packet.getSrc())){ this.min_seg_size_forward = packet.getHeaderBytes(); Init_Win_bytes_forward = packet.getTCPWindow(); @@ -391,7 +391,7 @@ void detectUpdateSubflows( BasicPacketInfo packet ){ public void updateFlowBulk (BasicPacketInfo packet){ - if(this.src == packet.getSrc()){ + if(Arrays.equals(this.src, packet.getSrc())){ updateForwardBulk(packet,blastBulkTS); }else { updateBackwardBulk(packet,flastBulkTS); From 5696f02c2172d022c184d7a684bf16ac35e92179 Mon Sep 17 00:00:00 2001 From: hexiaole Date: Tue, 12 Nov 2024 18:42:12 +0800 Subject: [PATCH 4/4] FlowGenerator: fix bug for a closed flow When handling a closed flow which receives FIN flag, the code from FlowGenerator.java:addPacket check if the flow receive FIN flag on both direction, but the code incorrectly use function:getBwdFINFlags + function:getBwdFINFlags == 2 rather than function:getFwdFINFlags + function:getBwdFINFlags == 2. This commit fixes this bug. --- src/main/java/cic/cs/unb/ca/jnetpcap/FlowGenerator.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/java/cic/cs/unb/ca/jnetpcap/FlowGenerator.java b/src/main/java/cic/cs/unb/ca/jnetpcap/FlowGenerator.java index 6f546975..a4046452 100644 --- a/src/main/java/cic/cs/unb/ca/jnetpcap/FlowGenerator.java +++ b/src/main/java/cic/cs/unb/ca/jnetpcap/FlowGenerator.java @@ -132,7 +132,7 @@ public void addPacket(BasicPacketInfo packet){ // 1.- we add the packet-in-process to the flow (it is the last packet) // 2.- we move the flow to finished flow list // 3.- we eliminate the flow from the current flow list - if ((flow.getBwdFINFlags() + flow.getBwdFINFlags()) == 2) { + if ((flow.getFwdFINFlags() + flow.getBwdFINFlags()) == 2) { logger.debug("FlagFIN current has {} flow",currentFlows.size()); flow.addPacket(packet); if (mListener != null) { @@ -163,7 +163,7 @@ public void addPacket(BasicPacketInfo packet){ // 1.- we add the packet-in-process to the flow (it is the last packet) // 2.- we move the flow to finished flow list // 3.- we eliminate the flow from the current flow list - if ((flow.getBwdFINFlags() + flow.getBwdFINFlags()) == 2) { + if ((flow.getFwdFINFlags() + flow.getBwdFINFlags()) == 2) { logger.debug("FlagFIN current has {} flow",currentFlows.size()); flow.addPacket(packet); if (mListener != null) {