some-ip analyzer documentation - read the docs · 2019. 4. 2. · some-ip_analyzer documentation,...

SOME-IP_Analyzer DocumentationRelease 0.1

TUMi8 SURF Team

November 15, 2016

Contents

1 Javadoc 31.1 surf.SomeIPAnalyzer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

i

SOME-IP_Analyzer Documentation, Release 0.1

Contents:

# Installation

Copy required and system-specific native libraries (libjnetpcap and libsigar) into resources/natives. Note that they areavailable directly from jnetpcap and sigar. The versions of the provided native libraries have to be compliant with theused versions of jnetpcap and sigar.

Execute ‘mvn package’ to build the system.

# Usage

Execute ‘java -Djava.library.path=resources/natives -jar target/SomeIPAnalyzer-1.0.jar’ to run the system.

# Parameters

• Use -r to define Rules File. A sample is given in resources/rules/rules.config.

• Use -d to define Directory containing .pcap-files, e.g. resources/traces.

• Use -f to define .pcap File, e.g. resources/traces/trace.pcap.

• Use -c to define Config File, e.g. resources/config/config.properties.

• Use -i to define Live Capture Interface.

Configuration and Rules File are mandatory. You can choose to either capture from an interface (-i), read a directorycontaining .pcap files (-d) or directly provide a single .pcap file (-f). Note that pcapng is not provided, you can useeditcap for conversion.

# Configuration Files

## Basic Configuration File: config.properties

The configuration file is provided with -c option, e.g. resources/config/config.properties The format is as follows:

‘ ini metaDataFile=resources/config/config.xml verbose=false monitoring=truemonitoringFile=resources/measurement/monitoring.csv ‘

• metaDataFile provides the use case specific meta data

• verbose provides additional output on the console

• monitoring start monitoring thread that is capturing memory usage

• monitoringFile location of monitoring file, not that the information is appended

The meta data file is provided via configuration file, e.g. resources/config/config.xml. It contains the list of serversand clients with corresponding IP and MAC addresses.

## Metadata File: config.xml

The meta datafile provides information about the running entities in the system. The file is given as xml. In theconfiguration you can specify servers as well as clients with their MAC and IP addresses. This information is addedas Esper internal variable that represent a list of all client and a list of all servers. The can be accessed as follow:

‘ sql SELECT * FROM SomeIPPacket s WHERE s.srcIP in (clientIPs) ‘

The meta data file has the following structure:

‘‘‘ xml

1A:AA:AA:AA:AA:AA 10.0.0.1

Contents 1


9B:BB:BB:BB:BB:BB 10.1.0.9

‘‘‘

2 Contents

CHAPTER 1

Javadoc

1.1 surf.SomeIPAnalyzer

1.1.1 EsperClient

public class EsperClient extends Thread

Fields

CONFIGURATION_FILE

public static String CONFIGURATION_FILENon-Optional: Used Configuration file with needed specifications.

DIR

public static String DIROptional: Folder containing .pcap Files containing pakets to be analyzed.

EsperEngine

public static String EsperEngineName of the Esper Engine.

FILE

public static String FILEOptional: .pcap File containing pakets to be analyzed.

INTERFACE

public static String INTERFACEOptional: Interface to listen on and capture pakets from this source.

3

http://docs.oracle.com/javase/6/docs/api/java/lang/Thread.htmlhttp://docs.oracle.com/javase/6/docs/api/java/lang/String.htmlhttp://docs.oracle.com/javase/6/docs/api/java/lang/String.htmlhttp://docs.oracle.com/javase/6/docs/api/java/lang/String.htmlhttp://docs.oracle.com/javase/6/docs/api/java/lang/String.htmlhttp://docs.oracle.com/javase/6/docs/api/java/lang/String.html


ListenerList

public static ArrayList ListenerListA List of all active Listeners, this includes predefined listeners as well as dynamically added listeners.

MONITORING_FILE

public static String MONITORING_FILEFile were the measured data of the motniroing thread is stored afterwards.

RULES_FILE

public static String RULES_FILENon-Optional: Rules file containing EPL Rules and other definitions.

cepAdm

public static EPAdministrator cepAdmEsper Administrator Instance.

cepRT

public static EPRuntime cepRTEsper Runtime Instance.

config

public static Configuration configEsper Configuration Instance.

epService

public static EPServiceProvider epServiceEsper Service Provider Instance.

helperListenerID

public static MyListener helperListenerIDSpecific predefined Listener to look after changes in the ID-IP relationship.

helperListenerIP

public static MyListener helperListenerIPSpecific predefined Listener to look after changes in the IP-ID relationship.

4 Chapter 1. Javadoc

http://docs.oracle.com/javase/6/docs/api/java/util/ArrayList.htmlhttp://docs.oracle.com/javase/6/docs/api/java/lang/String.htmlhttp://docs.oracle.com/javase/6/docs/api/java/lang/String.html


monitoring

public static Boolean monitoringWhether or not monitoring of the process itself is activated, mainly memory consumption.

verbose

public static Boolean verboseVerbose-Mode can be set to true using the configuration file and more status information is printed out.

Constructors

EsperClient

public EsperClient(String[] args)Constructor for the Analyzer itself. Takes all commandline arguments for parsing and initialized all neededfields aboth.

Methods

run

public void run()Starts the Esper Engine itself.

1.1.2 EventSender

public class EventSender extends ThreadParsed packets are passed to a seperate sender running in a single thread.

Constructors

EventSender

public EventSender()Standard Constructor.

Methods

run

public void run()Regarding the source of input, the interface is opened, a file is read or a whole directory is used. The appropriateParsing Option is choosen. Claculation Times are printed afterwards.

1.1. surf.SomeIPAnalyzer 5

http://docs.oracle.com/javase/6/docs/api/java/lang/Boolean.htmlhttp://docs.oracle.com/javase/6/docs/api/java/lang/Boolean.htmlhttp://docs.oracle.com/javase/6/docs/api/java/lang/String.htmlhttp://docs.oracle.com/javase/6/docs/api/java/lang/Thread.html


1.1.3 MalformedListener

public class MalformedListener extends MyListenerSpecific Listener that gets a single SomeIP-Paket per call. Prints the Paket in verbose mode.

Constructors

MalformedListener

public MalformedListener(String message, Boolean verbose)Uses MyListener as super Class. Sets the print message and verbose mode from configuration File.

Methods

update

public void update(EventBean[] newData, EventBean[] oldData)Callback in case of a triggering event. Statistics are updated and Error message is printed (verbose mode).

1.1.4 Monitor

public class Monitor extends ThreadMonitoring Class for monitoring the Engine during runtime. Usage can be configured using configuration file.Uses a single thread.

Fields

cpuTotalList

public ArrayList cpuTotalListList for measurements of used CPU Time.

memResList

public ArrayList memResListList for measurements of resident memory usage.

memShareList

public ArrayList memShareListList for measurements of shared memory usage.

memVirtList

public ArrayList memVirtListList for measurements of virtual memory usage.


http://docs.oracle.com/javase/6/docs/api/java/lang/String.htmlhttp://docs.oracle.com/javase/6/docs/api/java/lang/Boolean.htmlhttp://docs.oracle.com/javase/6/docs/api/java/lang/Thread.htmlhttp://docs.oracle.com/javase/6/docs/api/java/sql/package-summary.htmlhttp://docs.oracle.com/javase/6/docs/api/java/sql/Timestamp.htmlhttp://docs.oracle.com/javase/6/docs/api/java/lang/Long.htmlhttp://docs.oracle.com/javase/6/docs/api/java/sql/package-summary.htmlhttp://docs.oracle.com/javase/6/docs/api/java/sql/Timestamp.htmlhttp://docs.oracle.com/javase/6/docs/api/java/lang/Long.htmlhttp://docs.oracle.com/javase/6/docs/api/java/sql/package-summary.htmlhttp://docs.oracle.com/javase/6/docs/api/java/sql/Timestamp.htmlhttp://docs.oracle.com/javase/6/docs/api/java/lang/Long.htmlhttp://docs.oracle.com/javase/6/docs/api/java/sql/package-summary.htmlhttp://docs.oracle.com/javase/6/docs/api/java/sql/Timestamp.htmlhttp://docs.oracle.com/javase/6/docs/api/java/lang/Long.html


pid

public long pidCurrent PID of the process.

Constructors

Monitor

public Monitor()Constructor to initialize all needed variables.

Methods

memResAverage

public double memResAverage()

memShareAverage

public double memShareAverage()Function to calulate the shared memory used in average.

memVirtAverage

public double memVirtAverage()Function to calulate the virtual memory used in average.

run

public void run()A maesurement is done every 100ms and the statistics are updated.

stopExec

public void stopExec()Method to stop the Monitoring task externally. Used from the main class.

updateStats

public void updateStats()Updating the statistics (shared /virtual/ resident memory and CPU). New measurement is appended to appropri-ate list.



1.1.5 MyListener

public class MyListener implements UpdateListenerListeners Base Class

Fields

counter

public int counterNumber of events triggered.

message

public String messageMessage to print in case of a triggering event.

Constructors

MyListener

public MyListener(String message)Standard Constructor.

Methods

update

public void update(EventBean[] newData, EventBean[] oldData)Dummy Class that should be overwritten by specific Listeners to implement the callback actions.

updateStats

public void updateStats()Update statistics of the listener. So far, Counter of Events triggered the listener.

1.1.6 SomeIPAnalyzer

public class SomeIPAnalyzerMain Class of the project.

Fields

Analyzer

public static EsperClient AnalyzerInstance of the Esper Engine that is evaluating the rules.


http://docs.oracle.com/javase/6/docs/api/java/lang/String.htmlhttp://docs.oracle.com/javase/6/docs/api/java/lang/String.html


Methods

main

public static void main(String[] args)Main method of the project. First, commandline arguments are checked and a new Analyzer is initialized.Monitor is started as seperate thread, if configured. Esper Engine is started as seperate thread.

setClientID

public static int setClientID(SomeIPPacket s)Extracts the Client ID of a given SOME-IP Packet and returns this value as the new ID. The statictics of thecorresponding Listener is updated, in this case helperListenerIP.

Parameters

• s – The incomming SomeIP-Paket from the stream.

Returns The client ID of the incomming SOME-IP Paket

setClientIP

public static int setClientIP(SomeIPPacket s)Extracts the Source IP of a given SOME-IP Packet and returns this value as the new IP. The statictics of thecorresponding Listener is updated, in this case helperListenerID.

Parameters

• s – The incomming SomeIP-Paket from the stream.

Returns The source IP of the incomming SOME-IP Paket

1.1.7 SomeIPListener

public class SomeIPListener extends MyListenerSpecific Listener for one incomming SOMEIP-Paket.

Constructors

SomeIPListener

public SomeIPListener(String message, Boolean verbose)Uses MyListener as super Class. Sets the print message and verbose mode from configuration File.

Methods

update



http://docs.oracle.com/javase/6/docs/api/java/lang/String.htmlhttp://docs.oracle.com/javase/6/docs/api/java/lang/String.htmlhttp://docs.oracle.com/javase/6/docs/api/java/lang/Boolean.html


1.1.8 SomeIPPacket

public class SomeIPPacketSOME-IP Paket follows the AUTOSAR Standards and Definitions.

Fields

ERROR

public static final int ERRORMESSAGE-TYPE 81(hex) = Error

E_MALFORMED_MESSAGE

public static final int E_MALFORMED_MESSAGEERROR-CODE 9 = Malformed message

E_NOT_OK

public static final int E_NOT_OKERROR-CODE 1 = NOT OK

E_NOT_REACHABLE

public static final int E_NOT_REACHABLEERROR-CODE 5 = Not Reachable

E_NOT_READY

public static final int E_NOT_READYERROR-CODE 4 = Not Ready

E_OK

public static final int E_OKERROR-CODE 0 = OK

E_TIMEOUT

public static final int E_TIMEOUTERROR-CODE 6 = Timeout

E_UNKNOWN_METHOD

public static final int E_UNKNOWN_METHODERROR-CODE 3 = Methon unknown



E_UNKNOWN_SERVICE

public static final int E_UNKNOWN_SERVICEERROR-CODE 2 = Service unkown

E_WRONG_INTERFACE_VERSION

public static final int E_WRONG_INTERFACE_VERSIONERROR-CODE 8 = Wrong Interface Version

E_WRONG_PROTOCOL_VERSION

public static final int E_WRONG_PROTOCOL_VERSIONERROR-CODE 7 = Wrong Protocol Version

INTERFACE

public static final int INTERFACEInterface Version is set to 1.

NOTIFICATION

public static final int NOTIFICATIONMESSAGE-TYPE 2 = Notification

REQUEST

public static final int REQUESTMESSAGE-TYPE 0 = Request

REQUEST_NO_RETURN

public static final int REQUEST_NO_RETURNMESSAGE-TYPE 1 = Request_No_Return (Fire and Forget)

RESPONSE

public static final int RESPONSEMESSAGE-TYPE 80(hex) = Response

VERSION

public static final int VERSIONProtocol Version is set to 1, as defined in the standard.



clientID

int clientIDSOME-IP Header Field: client ID - 1. Part of request ID

dstIP

int dstIPDestination IP Address (From the IP-Header)

dstMAC

long dstMACDestnation MAC Address (From the Ethernet-Header)

dstPort

int dstPortDestination Port (From the UDP-Header)

interfaceVersion

int interfaceVersionSOME-IP Header Field: interface version

length

int lengthSOME-IP Header Field: Length of the SOME-IP paket (payload + header, header excl. messageID, requestID,length)

methodEventFlag

int methodEventFlagSOME-IP Header Field: First Bit of method ID

methodID

int methodIDSOME-IP Header Field: method ID - 2. Part of message ID

protocolVersion

int protocolVersionSOME-IP Header Field: protocol version



requestID

int requestIDSOME-IP Header Field: request ID

returnCode

int returnCodeSOME-IP Header Field: return/error code

serviceID

int serviceIDSOME-IP Header Field: service ID - 1. Part of message ID

sessionID

int sessionIDSOME-IP Header Field: session ID - 2. Part of request ID

srcIP

int srcIPSource IP Address (From the IP-Header)

srcMAC

long srcMACSource MAC Address. (From the Ethernet-Header)

srcPort

int srcPortSource Port (From the UDP-Header)

timestamp

long timestampTimestamp of the SOME-IP Paket. (.pcap Information)

type

int typeSOME-IP Header Field: message type



Constructors

SomeIPPacket

public SomeIPPacket(PcapPacket pkt, Ethernet ether, Ip4 ip, Udp udp)Generates the complete SOME-Paket as defined above.

Return The SomeIP-Paket with SomeIP-Header definitions.

Methods

getClientID

public int getClientID()Getter-Method, required for Esper.

getDstIP

public int getDstIP()Getter-Method, required for Esper.

getDstMAC

public long getDstMAC()Getter-Method, required for Esper.

getDstPort

public int getDstPort()Getter-Method, required for Esper.

getInterfaceVersion

public int getInterfaceVersion()Getter-Method, required for Esper.

getLength

public int getLength()Getter-Method, required for Esper.

getMethodID

public int getMethodID()Getter-Method, required for Esper.



getProtocolVersion

public int getProtocolVersion()Getter-Method, required for Esper.

getRequestID

public int getRequestID()Getter-Method, required for Esper.

getReturnCode

public int getReturnCode()Getter-Method, required for Esper.

getServiceID

public int getServiceID()Getter-Method, required for Esper.

getSessionID

public int getSessionID()Getter-Method, required for Esper.

getSrcIP

public int getSrcIP()Getter-Method, required for Esper.

getSrcMAC

public long getSrcMAC()Getter-Method, required for Esper.

getSrcPort

public int getSrcPort()Getter-Method, required for Esper.

getTimestamp

public long getTimestamp()Getter-Method, required for Esper.



getType

public int getType()Getter-Method, required for Esper.

methodEventFlag

public int methodEventFlag()Getter-Method, required for Esper.

print

public void print()Printer Method for a SomeIP-Paket.

1.1.9 SomeIPParser

public class SomeIPParserSomeIP Parser Class.

Methods

inputFromFile

public static void inputFromFile(String filename, EPRuntime cepRT)Read a single File and send every Paket to the Esper Engine.

Parameters

• filename – .pcap file to read

• cepRT – Esper Engine the parsed paket is sent to

inputFromInterface

public static void inputFromInterface(String interfaceI, EPRuntime cepRT)Cpature from interface and send every Paket to the Esper Engine.

Parameters

• interfaceI – interface to capture from

• cepRT – Esper Engine the parsed paket is sent to

1.1.10 TwoSomeIPListener

public class TwoSomeIPListener extends MyListenerSpecific Listener that gets two SomeIP-Pakets per call. Prints the first Paket in verbose mode.


http://docs.oracle.com/javase/6/docs/api/java/lang/String.htmlhttp://docs.oracle.com/javase/6/docs/api/java/lang/String.html


Constructors

TwoSomeIPListener

public TwoSomeIPListener(String message, Boolean verbose)Uses MyListener as super Class. Sets the print message and verbose mode from configuration File.

Methods

update


1.1.11 helper

public class helperHelper Class for different stuff.

Methods

getFiles

public static ArrayList getFiles(String dir)List all files in a given directory

Parameters

• dir – Directory to list

Returns List of files contained in dir

readConfiguration

public static String readConfiguration(String fileName, String property)Read a single entry in the configuration

Parameters

• fileName – Configuration File

• property – entry (property) to read

Returns value of the read property

setConfig

public static void setConfig(Configuration config)Set predefined variables to the esper engine.

Parameters

• config – Espers Configuration


http://docs.oracle.com/javase/6/docs/api/java/lang/String.htmlhttp://docs.oracle.com/javase/6/docs/api/java/lang/Boolean.htmlhttp://docs.oracle.com/javase/6/docs/api/java/util/ArrayList.htmlhttp://docs.oracle.com/javase/6/docs/api/java/lang/String.htmlhttp://docs.oracle.com/javase/6/docs/api/java/lang/String.htmlhttp://docs.oracle.com/javase/6/docs/api/java/lang/String.htmlhttp://docs.oracle.com/javase/6/docs/api/java/lang/String.htmlhttp://docs.oracle.com/javase/6/docs/api/java/lang/String.html


setMetaInfo

public static void setMetaInfo(Configuration config, String filename)Read the metadata given in the metadata file defined in the configuration file

Parameters

• config – Espers Configuration

• filename – metadata file containing additional environment information

setRules

public static void setRules(EPAdministrator cepAdm, ArrayList ListenerList, String filename,Boolean verbose)

Read the rules from the rules file and load rules that are defined as ‘used’

Parameters

• cepAdm – Espers EP Administrator

• ListenerList – List of all listeners, new listeners are appended to

• filename – rules file containing rules and other definitions

• verbose – print additional output or not

writeToFile

public static void writeToFile(Monitor monitor, String filename)The monitoring measurements done by the monitoring thread are written to the output file specified in theconfiguration file

Parameters

• monitor – Monitoring Class holding the measurement lists

• filename – configured filename for storing the data


http://docs.oracle.com/javase/6/docs/api/java/lang/String.htmlhttp://docs.oracle.com/javase/6/docs/api/java/util/ArrayList.htmlhttp://docs.oracle.com/javase/6/docs/api/java/lang/String.htmlhttp://docs.oracle.com/javase/6/docs/api/java/lang/Boolean.htmlhttp://docs.oracle.com/javase/6/docs/api/java/lang/String.html

Index

AAnalyzer (Java field), 8

CcepAdm (Java field), 4cepRT (Java field), 4clientID (Java field), 12config (Java field), 4CONFIGURATION_FILE (Java field), 3counter (Java field), 8cpuTotalList (Java field), 6

DDIR (Java field), 3dstIP (Java field), 12dstMAC (Java field), 12dstPort (Java field), 12

EE_MALFORMED_MESSAGE (Java field), 10E_NOT_OK (Java field), 10E_NOT_REACHABLE (Java field), 10E_NOT_READY (Java field), 10E_OK (Java field), 10E_TIMEOUT (Java field), 10E_UNKNOWN_METHOD (Java field), 10E_UNKNOWN_SERVICE (Java field), 11E_WRONG_INTERFACE_VERSION (Java field), 11E_WRONG_PROTOCOL_VERSION (Java field), 11epService (Java field), 4ERROR (Java field), 10EsperClient (Java class), 3EsperClient(String[]) (Java constructor), 5EsperEngine (Java field), 3EventSender (Java class), 5EventSender() (Java constructor), 5

FFILE (Java field), 3

GgetClientID() (Java method), 14getDstIP() (Java method), 14getDstMAC() (Java method), 14getDstPort() (Java method), 14getFiles(String) (Java method), 17getInterfaceVersion() (Java method), 14getLength() (Java method), 14getMethodID() (Java method), 14getProtocolVersion() (Java method), 15getRequestID() (Java method), 15getReturnCode() (Java method), 15getServiceID() (Java method), 15getSessionID() (Java method), 15getSrcIP() (Java method), 15getSrcMAC() (Java method), 15getSrcPort() (Java method), 15getTimestamp() (Java method), 15getType() (Java method), 16

Hhelper (Java class), 17helperListenerID (Java field), 4helperListenerIP (Java field), 4

IinputFromFile(String, EPRuntime) (Java method), 16inputFromInterface(String, EPRuntime) (Java method),

16INTERFACE (Java field), 3, 11interfaceVersion (Java field), 12

Llength (Java field), 12ListenerList (Java field), 4

Mmain(String[]) (Java method), 9MalformedListener (Java class), 6MalformedListener(String, Boolean) (Java constructor), 6

19


memResAverage() (Java method), 7memResList (Java field), 6memShareAverage() (Java method), 7memShareList (Java field), 6memVirtAverage() (Java method), 7memVirtList (Java field), 6message (Java field), 8methodEventFlag (Java field), 12methodEventFlag() (Java method), 16methodID (Java field), 12Monitor (Java class), 6Monitor() (Java constructor), 7monitoring (Java field), 5MONITORING_FILE (Java field), 4MyListener (Java class), 8MyListener(String) (Java constructor), 8

NNOTIFICATION (Java field), 11

Ppid (Java field), 7print() (Java method), 16protocolVersion (Java field), 12

RreadConfiguration(String, String) (Java method), 17REQUEST (Java field), 11REQUEST_NO_RETURN (Java field), 11requestID (Java field), 13RESPONSE (Java field), 11returnCode (Java field), 13RULES_FILE (Java field), 4run() (Java method), 5, 7

SserviceID (Java field), 13sessionID (Java field), 13setClientID(SomeIPPacket) (Java method), 9setClientIP(SomeIPPacket) (Java method), 9setConfig(Configuration) (Java method), 17setMetaInfo(Configuration, String) (Java method), 18setRules(EPAdministrator, ArrayList, String, Boolean)

(Java method), 18SomeIPAnalyzer (Java class), 8SomeIPListener (Java class), 9SomeIPListener(String, Boolean) (Java constructor), 9SomeIPPacket (Java class), 10SomeIPPacket(PcapPacket, Ethernet, Ip4, Udp) (Java

constructor), 14SomeIPParser (Java class), 16srcIP (Java field), 13srcMAC (Java field), 13

srcPort (Java field), 13stopExec() (Java method), 7surf.SomeIPAnalyzer (package), 3

Ttimestamp (Java field), 13TwoSomeIPListener (Java class), 16TwoSomeIPListener(String, Boolean) (Java constructor),

17type (Java field), 13

Uupdate(EventBean[], EventBean[]) (Java method), 6, 8, 9,

17updateStats() (Java method), 7, 8

Vverbose (Java field), 5VERSION (Java field), 11

WwriteToFile(Monitor, String) (Java method), 18

20 Index

Javadocsurf.SomeIPAnalyzer

some-ip analyzer documentation - read the docs · 2019. 4. 2. · some-ip_analyzer documentation,...

Documents