SSF.App.DDoS
Class SpoofFloodTracer

java.lang.Object
  |
  +--SSF.App.DDoS.SpoofFloodTracer

public class SpoofFloodTracer

extends java.lang.Object

version 1.0.4
SpoofFloodTracer: tracing spoofed ip packets flood with given destination address.

Field Summary

static byte	BROKEN
protected CD_DDoSTracer	cTracer doing cross-domain DDoS tracing
protected java.lang.String	curNhiPrefix the starting "domain" nhi prefix
protected float	curTime the simulated time cost by now
protected boolean	DEBUG debug switch
protected java.util.LinkedList	domainQueue data structure used for BFS search
static byte	END_CHECK
protected float	endTime the end time of relevant flows.
protected java.lang.String	flowFilePrefix the flow data file name prefix
protected int	level the first "level" levels of nhi prefix is considered as domain ID.
protected java.lang.String	mapFile the map data file name
protected NetMap	netMap storing topology information
protected long	nFlows_t the threashold of the absolute number of flows, default 80
protected long	oldRecCount used when computing the simulated time cost
protected static float	PROCESS_RECORD_COST simulated time cost of "processing" a single record
protected float	ratio_t the threashhold of the ratio, default 25%
protected StreamInterface	Rec recorder used to record trace data for animation
protected java.util.LinkedList	recordList
static byte	START_CHECK
protected float	startTime the start time of relevant flows
static java.lang.String	STREAM_TYPE record type of the trace back record
protected java.lang.String	streamID stream ID
static byte	SUSPICIOUS
protected int	targetIP the target ip of the spoofed flood
protected java.lang.String	traceOutputFile file store trace data for animation

Constructor Summary

SpoofFloodTracer()
Dumb constructor that does nothing.

Method Summary

void	config(com.renesys.raceway.DML.Configuration cfg) configur the tracer with DML configuration
int	createMap() Read topology data in for the future query.
protected void	domainTrace(SSF.App.DDoS.SpoofFloodTracer.DomainInfo dInfo) trace back in a given domain
protected void	gotDomain(long localFlow, SSF.App.DDoS.SpoofFloodTracer.DomainInfo dInfo) operations when the local domain is suspicious
protected void	gotIngressPoint(SSF.App.DDoS.TraceInfo tInfo) operations when got an suspected ingress point.
protected boolean	isLocalSuspicious(long localFlow, long egressFlow) check wether the local domain is responsible for a faire amount of flood
static void	main(java.lang.String[] argv)
protected void	record(java.lang.String nhiPrefix, float curTime, byte status)
static java.lang.String	recordToString(byte[] bytes, int offset, int length)
void	reportStatus() report the value of all the status variables
void	reset() reset the variables to the status before the tracing back, but not the time
void	setNumFlows(long nFlows)
void	setRatio(float rate)
void	setStreamID(java.lang.String streamID)
void	setTarget(int ip, java.lang.String domainNhiPrefix)
void	setTraceOutputFile(java.lang.String fname)
protected void	summarize()
protected boolean	suspiciousIngressPoint(SSF.App.DDoS.TraceInfo tInfo, long egressFlow) check to see whether a given ingress point is responsible for a fair amount of the flood.
void	traceback() trace back to the sources of the spoofed flood

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

START_CHECK

public static final byte START_CHECK

See Also:

Constant Field Values

SUSPICIOUS

public static final byte SUSPICIOUS

See Also:

Constant Field Values

END_CHECK

public static final byte END_CHECK

See Also:

Constant Field Values

BROKEN

public static final byte BROKEN

See Also:

Constant Field Values

Rec

protected StreamInterface Rec

recorder used to record trace data for animation

STREAM_TYPE

public static final java.lang.String STREAM_TYPE

record type of the trace back record

See Also:

Constant Field Values

traceOutputFile

protected java.lang.String traceOutputFile

file store trace data for animation

PROCESS_RECORD_COST

protected static final float PROCESS_RECORD_COST

simulated time cost of "processing" a single record

See Also:

Constant Field Values

DEBUG

protected boolean DEBUG

debug switch

streamID

protected java.lang.String streamID

stream ID

netMap

protected NetMap netMap

storing topology information

cTracer

protected CD_DDoSTracer cTracer

doing cross-domain DDoS tracing

targetIP

protected int targetIP

the target ip of the spoofed flood

startTime

protected float startTime

the start time of relevant flows

endTime

protected float endTime

the end time of relevant flows.

ratio_t

protected float ratio_t

the threashhold of the ratio, default 25%

nFlows_t

protected long nFlows_t

the threashold of the absolute number of flows, default 80

curNhiPrefix

protected java.lang.String curNhiPrefix

the starting "domain" nhi prefix

flowFilePrefix

protected java.lang.String flowFilePrefix

the flow data file name prefix

mapFile

protected java.lang.String mapFile

the map data file name

curTime

protected float curTime

the simulated time cost by now

level

protected int level

the first "level" levels of nhi prefix is considered as domain ID. default = 1

domainQueue

protected java.util.LinkedList domainQueue

data structure used for BFS search

recordList

protected java.util.LinkedList recordList

oldRecCount

protected long oldRecCount

used when computing the simulated time cost

Constructor Detail

SpoofFloodTracer

public SpoofFloodTracer()

Dumb constructor that does nothing.

Method Detail

reportStatus

public void reportStatus()

report the value of all the status variables

createMap

public int createMap()

Read topology data in for the future query.

setTraceOutputFile

public void setTraceOutputFile(java.lang.String fname)

setStreamID

public void setStreamID(java.lang.String streamID)

setTarget

public void setTarget(int ip,
                      java.lang.String domainNhiPrefix)

setRatio

public void setRatio(float rate)

setNumFlows

public void setNumFlows(long nFlows)

config

public void config(com.renesys.raceway.DML.Configuration cfg)
            throws com.renesys.raceway.DML.configException

configur the tracer with DML configuration

com.renesys.raceway.DML.configException

reset

public void reset()

reset the variables to the status before the tracing back, but not the time

traceback

public void traceback()

trace back to the sources of the spoofed flood

domainTrace

protected void domainTrace(SSF.App.DDoS.SpoofFloodTracer.DomainInfo dInfo)

trace back in a given domain

suspiciousIngressPoint

protected boolean suspiciousIngressPoint(SSF.App.DDoS.TraceInfo tInfo,
                                         long egressFlow)

check to see whether a given ingress point is responsible for a fair amount of the flood.

gotIngressPoint

protected void gotIngressPoint(SSF.App.DDoS.TraceInfo tInfo)

operations when got an suspected ingress point.

isLocalSuspicious

protected boolean isLocalSuspicious(long localFlow,
                                    long egressFlow)

check wether the local domain is responsible for a faire amount of flood

gotDomain

protected void gotDomain(long localFlow,
                         SSF.App.DDoS.SpoofFloodTracer.DomainInfo dInfo)

operations when the local domain is suspicious

summarize

protected void summarize()

record

protected void record(java.lang.String nhiPrefix,
                      float curTime,
                      byte status)

recordToString

public static java.lang.String recordToString(byte[] bytes,
                                              int offset,
                                              int length)

main

public static void main(java.lang.String[] argv)