CICFlowMeter
CICFlowMeter copied to clipboard
ahlashkari
Question in function `firstPacket` of class `BasicFlow`
The code of function firstPacket of class BasicFlow is shown as follows:
public void firstPacket(BasicPacketInfo packet) {
updateFlowBulk(packet);
detectUpdateSubflows(packet);
checkFlags(packet);
this.flowStartTime = packet.getTimeStamp();
this.flowLastSeen = packet.getTimeStamp();
this.startActiveTime = packet.getTimeStamp();
this.endActiveTime = packet.getTimeStamp();
this.flowLengthStats.addValue((double) packet.getPayloadBytes()); // <- This line
if (this.src == null) {
this.src = packet.getSrc();
this.srcPort = packet.getSrcPort();
}
if (this.dst == null) {
this.dst = packet.getDst();
this.dstPort = packet.getDstPort();
}
if (Arrays.equals(this.src, packet.getSrc())) {
this.min_seg_size_forward = packet.getHeaderBytes();
Init_Win_bytes_forward = packet.getTCPWindow();
this.flowLengthStats.addValue((double) packet.getPayloadBytes()); // <- This line
this.fwdPktStats.addValue((double) packet.getPayloadBytes());
this.fHeaderBytes = packet.getHeaderBytes();
this.forwardLastSeen = packet.getTimeStamp();
this.forwardBytes += packet.getPayloadBytes();
this.forward.add(packet);
if (packet.hasFlagPSH()) {
this.fPSH_cnt++;
}
if (packet.hasFlagURG()) {
this.fURG_cnt++;
}
} else {
Init_Win_bytes_backward = packet.getTCPWindow();
this.flowLengthStats.addValue((double) packet.getPayloadBytes()); // <- This line
this.bwdPktStats.addValue((double) packet.getPayloadBytes());
this.bHeaderBytes = packet.getHeaderBytes();
this.backwardLastSeen = packet.getTimeStamp();
this.backwardBytes += packet.getPayloadBytes();
this.backward.add(packet);
if (packet.hasFlagPSH()) {
this.bPSH_cnt++;
}
if (packet.hasFlagURG()) {
this.bURG_cnt++;
}
}
this.protocol = packet.getProtocol();
this.flowId = packet.getFlowId();
}
My question is: According to the logic, when the first packet of a flow comes, the BasicFlow class should statistic once and only once the information of packet length, header bytes, payload length... But the lines I label here show that the property flowLengthStats will be added itself at least twice? I think that is unreasonable.
I want to know the reason why to write like this, thank you.
Yes, this is actually a bug, but after I apply some machine learning methods on ids 2018 dataset, this does not affect too much the whole picture.
I don't think it's getting hit twice. The two lines are in related if and else blocks. Only one of the two will ever run.
It needs to be run in both blocks (or once outside of both) because we need to include that packet in the length calculation.
I don't think it's getting hit twice. The two lines are in related
ifandelseblocks. Only one of the two will ever run.It needs to be run in both blocks (or once outside of both) because we need to include that packet in the length calculation.
It is actually replication. The condition is only for checking if the current flow is forward or backward. I think they just forgot deleting that line when they copy codes from if block to else block.
It is actually replication. The condition is only for checking if the current flow is forward or backward. I think they just forgot deleting that line when they copy codes from if block to else block.
Under what circumstances would both lines run?
It is actually replication. The condition is only for checking if the current flow is forward or backward. I think they just forgot deleting that line when they copy codes from if block to else block.
Under what circumstances would both lines run?
Both lines? Did you mean 2 lines in if blocks and else blocks. If yes, those lines are redundant. When they read the first packet, they only needed to add its payload volume into the statistical sequence once. However, they replicated that work as they put it into if/else blocks. Add payload size twice is really non-sense, however, base on my experiment, it did not affect too much the whole picture, so just leave them there.
Ah. Yep. No, I missed it where it wasn't in the if/else.
Right you are! Carry on!