Add support for linking up tcpConnection with hosts and packets

src/main/java/de/hsh/inform/orientdb_project/Main.java

@@ -17,7 +17,7 @@ public class Main {
 	public static void main(String[] args) {
 		// TODO: Make this configurable or easy to exchange.
 		String filename = "/home/jpt/Temp/tcpdump_2";
-		OrientDbHelperService odhs = new OrientDbHelperService("192.168.0.110", "hshtest", "root", "root");
+		OrientDbHelperService odhs = new OrientDbHelperService("127.0.0.1", "hshtest", "root", "root");
 
 		// Clean up existing database and set up schema from scratch
 		odhs.cleanUpServer();

src/main/java/de/hsh/inform/orientdb_project/model/TcpConnection.java

@@ -1,7 +1,12 @@
 package de.hsh.inform.orientdb_project.model;
 
+import java.util.LinkedList;
+
 import org.pcap4j.packet.TcpPacket;
 
+import com.tinkerpop.blueprints.Vertex;
+
+
 public class TcpConnection {
 	
 	public long startTs;
@@ -19,6 +24,8 @@ public class TcpConnection {
 	public long volumeSourceToTarget;
 	public long volumeTargetToSource;
 
+	public LinkedList<Vertex> knownTcpPacketVertices;
+	
 	
 	public TcpConnection(TcpPacket tcp, String sourceIp, String targetIp, long ts, int ms) {
 		this.setStart(ts, ms);
@@ -27,6 +34,7 @@ public class TcpConnection {
 		this.sourcePort = tcp.getHeader().getSrcPort().valueAsInt();
 		this.targetIp = targetIp;
 		this.targetPort = tcp.getHeader().getDstPort().valueAsInt();
+		this.knownTcpPacketVertices = new LinkedList<Vertex>();
 	}
 
 	public void setStart(long ts, int ms) {
@@ -69,5 +77,26 @@ public class TcpConnection {
 		sb.append(this.getTotalVolume());
 		return sb.toString();
 	}
+	
+	public void addKnownTcpPacketVertex(Vertex tcpPacketVertex) {
+		this.knownTcpPacketVertices.add(tcpPacketVertex);
+	}
+
+	public Object[] getArguments() {
+		Object[] arguments = {
+				"startTs", this.startTs,
+				"startMs", this.startMs,
+				"endTs", this.endTs,
+				"endMs", this.endMs,
+				"sourceIp", this.sourceIp,
+				"sourcePort", this.sourcePort,
+				"targetIp", this.targetIp,
+				"targetPort", this.targetPort,
+				"volumeSourceToTarget", this.volumeSourceToTarget,
+				"volumeTargetToSource", this.volumeTargetToSource,
+				"totalVolume", this.getTotalVolume(),
+			};
+		return arguments;
+	}
 
 }

src/main/java/de/hsh/inform/orientdb_project/orientdb/HighPerformanceKappaOrientDbNetdataImportService.java

@@ -120,17 +120,20 @@ public class HighPerformanceKappaOrientDbNetdataImportService extends AbstractNe
 		Edge isContainedInEdge = this.og.addEdge("class:isContainedIn", this.tcpPacket, this.ipPacket, "isContainedIn");
 		// Track tcp connections
 		TcpConnection tcpConnection = this.getTcpConnectionFor(tcp);
-		// If connection exists and still "up to date" aka time difference < 1s
-		if(tcpConnection != null && (ts - tcpConnection.endTs <= 1)) {
-			// Update tcpConnection data
-			if(tcpConnection.sourceIp.equals(this.ipPacket.getProperty("sourceIp"))) {
-				// SourceIp -> TargetIp
-				tcpConnection.addVolumeSourceToTarget(tcp.getRawData().length - tcp.getHeader().length());
-			} else {
-				// TargetIp -> SourceIp
-				tcpConnection.addVolumeTargetToSource(tcp.getRawData().length - tcp.getHeader().length());
+		// If connection exists ...
+		if(tcpConnection != null) {
+			// ... and still "up to date" aka time difference < 2s
+			if(ts - tcpConnection.endTs < 2) {
+				// Update tcpConnection data
+				if(tcpConnection.sourceIp.equals(this.ipPacket.getProperty("sourceIp"))) {
+					// SourceIp -> TargetIp
+					tcpConnection.addVolumeSourceToTarget(tcp.getRawData().length - tcp.getHeader().length());
+				} else {
+					// TargetIp -> SourceIp
+					tcpConnection.addVolumeTargetToSource(tcp.getRawData().length - tcp.getHeader().length());
+				}
+				tcpConnection.setEnd(ts, ms);
 			}
-			tcpConnection.setEnd(ts, ms);
 		} else {
 			// Else create a new one and add it to the list.
 			String sourceIp = this.ipPacket.getProperty("sourceIp");
@@ -138,7 +141,8 @@ public class HighPerformanceKappaOrientDbNetdataImportService extends AbstractNe
 			tcpConnection = new TcpConnection(tcp, sourceIp, targetIp, ts, ms);
 			this.addKnownTcpConnectionFor(tcpConnection, tcp);
 		}
-		
+		// Remember tcpPacketVertex in tcpConnection for later edges
+		tcpConnection.addKnownTcpPacketVertex(this.tcpPacket);
 	}
 	
 	public void handleIcmpPacket(IcmpV4CommonPacket icmp, long ts, int ms) {
@@ -228,14 +232,29 @@ public class HighPerformanceKappaOrientDbNetdataImportService extends AbstractNe
 	}
 	
 	public void afterImport() {
-		// TODO: Insert all TcpConnections!
+		// TODO: Link TcpConnections up with their tcpPackets!
 		System.out.println("All done. Processing collected TcpConnections ...");
 		for(LinkedList<TcpConnection> connList : this.knownTcpConnections.values()) {
 			for(TcpConnection conn : connList) {
-				// TODO
-				System.out.println(conn.toString());
+				Vertex currentTcpConnection = this.og.addVertex("class:TcpConnection", conn.getArguments());
+				// Look up already created source and target host vertices
+				Vertex sourceHost = this.knownHosts.get(conn.sourceIp);
+				Vertex targetHost = this.knownHosts.get(conn.targetIp);
+				// Link them up with the tcpConnection
+				// class, from, to, label
+				Edge hasSourceHost = this.og.addEdge("class:hasSourceHost", currentTcpConnection, sourceHost, "hasSourceHost");
+				Edge hasTargetHost = this.og.addEdge("class:hasTargetHost", currentTcpConnection, targetHost, "hasTargetHost");
+
+				Edge isSourceHostFor = this.og.addEdge("class:isSourceHostFor", sourceHost, currentTcpConnection, "isSourceHostFor");
+				Edge isTargetHostFor = this.og.addEdge("class:isTargetHostFor", targetHost, currentTcpConnection, "isTargetHostFor");
+				// Now link it up to all related tcpPackets
+				for(Vertex tcpPacketVertex : conn.knownTcpPacketVertices) {
+					Edge hasRelatedTcpPacket = this.og.addEdge("class:hasRelatedTcpPacket", currentTcpConnection, tcpPacketVertex, "hasRelatedTcpPacket");
+					Edge belongsToTcpConnection = this.og.addEdge("class:belongsToTcpConnection", tcpPacketVertex, currentTcpConnection, "belongsToTcpConnection");
+				}
 			}
 		}
+		System.out.println("Done importing TcpConnections. End of afterImport() routine.");
 	}
 
 

src/main/java/de/hsh/inform/orientdb_project/orientdb/OrientDbHelperService.java

@@ -158,8 +158,10 @@ public class OrientDbHelperService {
 		hostType.createProperty("internal", OType.BOOLEAN);
 		
 		OrientVertexType tcpConnectionType = og.createVertexType("TcpConnection", "V");
-		tcpConnectionType.createProperty("start", OType.DATETIME);
-		tcpConnectionType.createProperty("end", OType.DATETIME);
+		tcpConnectionType.createProperty("startTs", OType.LONG);
+		tcpConnectionType.createProperty("startMs", OType.INTEGER);
+		tcpConnectionType.createProperty("endTs", OType.LONG);
+		tcpConnectionType.createProperty("endMs", OType.INTEGER);
 		tcpConnectionType.createProperty("sourcePort", OType.INTEGER);
 		tcpConnectionType.createProperty("targetPort", OType.INTEGER);
 		tcpConnectionType.createProperty("volumeSourceToTarget", OType.LONG);
@@ -171,6 +173,22 @@ public class OrientDbHelperService {
 		OrientEdgeType containsType = og.createEdgeType("contains", "E");
 		containsType.setDescription("contains");
 
+		OrientEdgeType hasSourceHostType = og.createEdgeType("hasSourceHost", "E");
+		hasSourceHostType.setDescription("hasSourceHost");
+		OrientEdgeType hasTargetHostType = og.createEdgeType("hasTargetHost", "E");
+		hasTargetHostType.setDescription("hasTargetHost");
+
+		OrientEdgeType isSourceHostForType = og.createEdgeType("isSourceHostFor", "E");
+		isSourceHostForType.setDescription("isSourceHostFor");
+		OrientEdgeType isTargetHostForType = og.createEdgeType("isTargetHostFor", "E");
+		isTargetHostForType.setDescription("isTargetHostFor");
+		
+		OrientEdgeType belongsToTcpConnectionType = og.createEdgeType("belongsToTcpConnection", "E");
+		belongsToTcpConnectionType.setDescription("belongsToTcpConnection");
+		
+		OrientEdgeType hasRelatedTcpPacketType = og.createEdgeType("hasRelatedTcpPacket", "E");
+		hasRelatedTcpPacketType.setDescription("hasRelatedTcpPacket");
+		
 		og.shutdown();
 	}