Skip to content

Commit

Permalink
Added continuous reading feature
Browse files Browse the repository at this point in the history
  • Loading branch information
Jelena Mirkovic committed Aug 17, 2021
1 parent 5b7c515 commit b9f6949
Show file tree
Hide file tree
Showing 3 changed files with 132 additions and 97 deletions.
199 changes: 109 additions & 90 deletions as.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1877,108 +1877,127 @@ int main (int argc, char *argv[])
}
else //if (file_in)
{
cout<<"Format is "<<format<<endl;
int isdir = 0;
vector<string> tracefiles;
vector<string> tracefiles, newfiles, *processfiles;
vector<string> inputs;
struct stat s;
inputs.push_back(file_in);
int i = 0;
// Recursively read if there are several directories that hold the files
while(i < inputs.size())
bool first = true;
while(true)
{
if(stat(inputs[i].c_str(),&s) == 0 )
sleep(1);
inputs.clear();
newfiles.clear();
struct stat s;
inputs.push_back(file_in);
int i = 0;
// Recursively read if there are several directories that hold the files
while(i < inputs.size())
{
if(s.st_mode & S_IFDIR )
if(stat(inputs[i].c_str(),&s) == 0 )
{
// it's a directory, read it and fill in
// list of files
DIR *dir;
struct dirent *ent;

if ((dir = opendir (inputs[i].c_str())) != NULL) {
// Remember all the files and directories within directory
while ((ent = readdir (dir)) != NULL) {
if((strcmp(ent->d_name,".") != 0) && (strcmp(ent->d_name,"..") != 0)){
inputs.push_back(string(inputs[i]) + "/" + string(ent->d_name));
if(s.st_mode & S_IFDIR )
{
// it's a directory, read it and fill in
// list of files
DIR *dir;
struct dirent *ent;

if ((dir = opendir (inputs[i].c_str())) != NULL) {
// Remember all the files and directories within directory
while ((ent = readdir (dir)) != NULL) {
if((strcmp(ent->d_name,".") != 0) && (strcmp(ent->d_name,"..") != 0)){
inputs.push_back(string(inputs[i]) + "/" + string(ent->d_name));
}
}
closedir (dir);
} else {
perror("Could not read directory ");
exit(1);
}
}
closedir (dir);
} else {
perror("Could not read directory ");
exit(1);
}
else if(s.st_mode & S_IFREG)
{
if (find(tracefiles.begin(), tracefiles.end(), inputs[i]) != tracefiles.end())
{
}
else
{
tracefiles.push_back(inputs[i]);
if (!first)
newfiles.push_back(inputs[i]);
}
}
// Ignore other file types
}
i++;
}
inputs.clear();
if (first)
processfiles = &tracefiles;
else
processfiles = &newfiles;

std::sort(processfiles->begin(), processfiles->end(), sortbyFilename());
for (vector<string>::iterator vit=processfiles->begin(); vit != processfiles->end(); vit++)
{
cout<<"Files to read "<<vit->c_str()<<endl;
}
int started = 1;
if (startfile != NULL)
started = 0;
double start = time(0);
// Go through processfiles and read each one

for (vector<string>::iterator vit=processfiles->begin(); vit != processfiles->end(); vit++)
{
const char* file = vit->c_str();

if (!started && startfile && strstr(file,startfile) == NULL)
{
continue;
}

started = 1;

// Now read from file
char cmd[MAXLINE];
cout<<"Reading from "<<file<<endl;
firsttimeinfile = 0;

if (!strcmp(format, "pcap") || !strcmp(format, "plive"))
{
char ebuf[MAXLINE];
pcap_t *pt;
if (is_live)
pt = pcap_open_live(file, MAXLINE, 1, 1000, ebuf);
else
pt = pcap_open_offline (file, ebuf);
read_from_file(pt, format);
}
else if(s.st_mode & S_IFREG)
else
{
tracefiles.push_back(inputs[i]);
if (!strcmp(format, "nf"))
{
sprintf(cmd,"nfdump -r %s -o pipe 2>/dev/null", file);
}
else if (!strcmp(format, "ft"))
{
sprintf(cmd,"ft2nfdump -r %s | nfdump -r - -o pipe", file);
}
else if (!strcmp(format, "fr"))
{
sprintf(cmd,"gunzip -c %s", file);
}
nf = popen(cmd, "r");
read_from_file(nf, format);
pclose(nf);
}
// Ignore other file types
cout<<"Done with the file "<<file<<" time "<<time(0)<<" flows "<<allflows<<endl;
if (endfile && strstr(file,endfile) != 0)
break;
}
i++;
first = false;
}
inputs.clear();

//tracefiles.push_back(file_in);

std::sort(tracefiles.begin(), tracefiles.end(), sortbyFilename());
for (vector<string>::iterator vit=tracefiles.begin(); vit != tracefiles.end(); vit++)
{
cout<<"Files to read "<<vit->c_str()<<endl;
}
int started = 1;
if (startfile != NULL)
started = 0;
double start = time(0);
// Go through tracefiles and read each one
cout<<"Format is "<<format<<endl;
for (vector<string>::iterator vit=tracefiles.begin(); vit != tracefiles.end(); vit++)
{
const char* file = vit->c_str();

if (!started && startfile && strstr(file,startfile) == NULL)
{
continue;
}

started = 1;

// Now read from file
char cmd[MAXLINE];
cout<<"Reading from "<<file<<endl;
firsttimeinfile = 0;

if (!strcmp(format, "pcap") || !strcmp(format, "plive"))
{
char ebuf[MAXLINE];
pcap_t *pt;
if (is_live)
pt = pcap_open_live(file, MAXLINE, 1, 1000, ebuf);
else
pt = pcap_open_offline (file, ebuf);
read_from_file(pt, format);
}
else
{
if (!strcmp(format, "nf"))
{
sprintf(cmd,"nfdump -r %s -o pipe 2>/dev/null", file);
}
else if (!strcmp(format, "ft"))
{
sprintf(cmd,"ft2nfdump -r %s | nfdump -r - -o pipe", file);
}
else if (!strcmp(format, "fr"))
{
sprintf(cmd,"gunzip -c %s", file);
}
nf = popen(cmd, "r");
read_from_file(nf, format);
pclose(nf);
}
cout<<"Done with the file "<<file<<" time "<<time(0)<<" flows "<<allflows<<endl;
if (endfile && strstr(file,endfile) != 0)
break;
}
}
save_history();
return 0;
Expand Down
6 changes: 3 additions & 3 deletions ground-truth/doublecheck.pl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ sub getmax
$attacks{$i}{'pstart'} = $pstart;
$attacks{$i}{'pstop'} = $pstop;
print "Read type $type\n";
$stats{$target}{$start} = $i;
$stats{$target}{$start+$i} = $i;
print "Pushed $i at target $target\n";

$targets{$target} = 1;
Expand Down Expand Up @@ -106,7 +106,7 @@ sub getmax
$i++;
}
close($fh);
if (0)
if (1)
{
for $t (keys %targets)
{
Expand Down Expand Up @@ -182,7 +182,7 @@ sub getmax
$and = $attacks{$i}{'type'} & $j;
if ($and > 0)
{
if (0)
if (1)
{
print "perl pull.pl $t $map{$j}{'val'} $t.txt > $t.$j.txt type $attacks{$i}{'type'}\n";
system("perl pull.pl $t $map{$j}{'val'} $t.txt > $t.$j.txt");
Expand Down
24 changes: 20 additions & 4 deletions ground-truth/match.pl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,13 +32,14 @@

$attacks{$i}{'line'} = $line;
$attacks{$i}{'type'} = $type;
$attacks{$i}{'matched'} = 0;
$attacks{$i}{'matched'} = "";

#print "Attack $i on $target start $start stop $stop\n";
$i++;
}
close($fh);
$fh = new IO::File($ARGV[1]);
$maxat = scalar(keys %attacks);
while(<$fh>)
{
#11819559 2.36.86.0 low 7830000000 962720 20200207 16:45:0 - 17:55:0 4 1581122865 -1
Expand All @@ -57,6 +58,11 @@
$matched = 0;
for $i (sort {$a <=> $b} keys %attacks)
{
# Do not match with new attacks
if ($i >= $maxat)
{
next;
}
if ($attacks{$i}{'target'} ne $target)
{
next;
Expand All @@ -72,8 +78,18 @@
#print "Potential match $attacks{$i}{'line'} matching type $attacks{$i}{'type'} and $type and is $and\n";
if ($and != 0)
{
#print "$_ matches $attacks{$i}{'line'}\n";
$attacks{$i}{'matched'} = "$sev $start $stop $type\n";
#print "$_ matches $attacks{$i}{'line'} matched for $i is $attacks{$i}{'matched'}\n";
if ($attacks{$i}{'matched'} eq "")
{
$attacks{$i}{'matched'} = "$sev $start $stop $type\n";
}
else
{
$k = scalar(keys %attacks);
#print "Adding attack $k with $sev $start $stop $type\n";
$attacks{$k}{'line'} = $attacks{$i}{'line'};
$attacks{$k}{'matched'} = "$sev $start $stop $type\n";
}
$matched = 1;
}
}
Expand All @@ -87,7 +103,7 @@

for $i (sort {$a <=> $b} keys %attacks)
{
if ($attacks{$i}{'matched'})
if ($attacks{$i}{'matched'} ne "")
{
$line = $attacks{$i}{'line'};
$line =~ s/types \d+/types $attacks{$i}{'type'}/;
Expand Down

0 comments on commit b9f6949

Please sign in to comment.