diff options
| author | Alexis La Goutte <alexis.lagoutte@gmail.com> | 2016-05-10 20:01:20 +0200 |
|---|---|---|
| committer | Alexis La Goutte <alexis.lagoutte@gmail.com> | 2016-05-10 22:21:50 +0200 |
| commit | d233459195b1c43b85226cc79032b4bf4b51d33a (patch) | |
| tree | 2faf166b0ceff710af26656c4d3bf60afc1aa156 | |
| parent | 6dab2b8c62cbe7f5b8dc5419e06bff074c68c9df (diff) | |
QUIC: Remove a wrong heuritics
There is always the QUIC version on first frame
| -rw-r--r-- | src/lib/protocols/quic.c | 51 | ||||
| -rw-r--r-- | tests/result/NTPv3.pcap.out | 4 | ||||
| -rw-r--r-- | tests/result/starcraft_battle.pcap.out | 5 |
3 files changed, 5 insertions, 55 deletions
diff --git a/src/lib/protocols/quic.c b/src/lib/protocols/quic.c index 103a8e817..b67aa991c 100644 --- a/src/lib/protocols/quic.c +++ b/src/lib/protocols/quic.c @@ -69,39 +69,6 @@ static int connect_id(const unsigned char pflags) return cid_len + 1; } -static int sequence(const unsigned char *payload) -{ - unsigned char conv[6] = {0}; - u_int seq_value = -1; - int seq_lens; - int cid_offs; - int i; - - // Search SEQ bytes length. - switch (payload[0] & QUIC_SEQ_MASK) - { - case SEQ_LEN_6: seq_lens = 6; break; - case SEQ_LEN_4: seq_lens = 4; break; - case SEQ_LEN_2: seq_lens = 2; break; - case SEQ_LEN_1: seq_lens = 1; break; - default: - return -1; - } - // Retrieve SEQ offset. - cid_offs = connect_id(payload[0]); - - if (cid_offs >= 0 && seq_lens > 0) - { - for (i = 0; i < seq_lens; i++) - conv[i] = payload[cid_offs + i]; - - seq_value = SEQ_CONV(conv); - } - - // Return SEQ dec value; - return seq_value; -} - void ndpi_search_quic(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; @@ -118,23 +85,7 @@ void ndpi_search_quic(struct ndpi_detection_module_struct *ndpi_struct, struct n NDPI_LOG(NDPI_PROTOCOL_QUIC, ndpi_struct, NDPI_LOG_DEBUG, "exclude quic.\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_QUIC); - - // Settings without version. First check if PUBLIC FLAGS & SEQ bytes are 0x0. SEQ must be 1 at least. - if ((packet->payload[0] == 0x00 && packet->payload[1] != 0x00) || ((packet->payload[0] & QUIC_NO_V_RES_RSV) == 0)) - { - if (sequence(packet->payload) < 1) - { - - NDPI_LOG(NDPI_PROTOCOL_QUIC, ndpi_struct, NDPI_LOG_DEBUG, "exclude quic.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_QUIC); - } - - NDPI_LOG(NDPI_PROTOCOL_QUIC, ndpi_struct, NDPI_LOG_DEBUG, "found quic.\n"); - ndpi_int_quic_add_connection(ndpi_struct, flow); - } - - // Check if version, than the CID length. - else if (packet->payload[0] & QUIC_VER_MASK) + if (packet->payload[0] & QUIC_VER_MASK) { // Skip CID length. ver_offs = connect_id(packet->payload[0]); diff --git a/tests/result/NTPv3.pcap.out b/tests/result/NTPv3.pcap.out index d7937ec96..91d817e5e 100644 --- a/tests/result/NTPv3.pcap.out +++ b/tests/result/NTPv3.pcap.out @@ -1,3 +1,3 @@ -QUIC 1 90 1 +NTP 1 90 1 - 1 UDP 78.46.76.2:80 <-> 175.144.140.29:123 [proto: 188/QUIC][1 pkts/90 bytes] + 1 UDP 78.46.76.2:80 <-> 175.144.140.29:123 [proto: 9/NTP][1 pkts/90 bytes] diff --git a/tests/result/starcraft_battle.pcap.out b/tests/result/starcraft_battle.pcap.out index fe08da9b8..af94d88b9 100644 --- a/tests/result/starcraft_battle.pcap.out +++ b/tests/result/starcraft_battle.pcap.out @@ -6,8 +6,7 @@ HTTPDownload 179 134204 1 WorldOfWarcraft 9 880 1 IGMP 2 120 1 SSL 41 2782 12 -Google 14 1588 3 -QUIC 6 475 1 +Google 20 2063 4 Starcraft 236 51494 6 1 TCP 80.239.186.21:80 <-> 192.168.1.100:3516 [proto: 7/HTTP][12 pkts/3680 bytes][Host: eu.launcher.battle.net] @@ -40,7 +39,7 @@ Starcraft 236 51494 6 28 TCP 80.239.186.26:443 <-> 192.168.1.100:3476 [proto: 91/SSL][1 pkts/60 bytes] 29 TCP 80.239.186.40:443 <-> 192.168.1.100:3478 [proto: 91/SSL][1 pkts/60 bytes] 30 TCP 192.168.1.100:3508 <-> 87.248.221.254:80 [proto: 7.60/HTTP.HTTPDownload][179 pkts/134204 bytes][Host: llnw.blizzard.com] - 31 UDP 173.194.40.22:443 <-> 192.168.1.100:53568 [proto: 188/QUIC][6 pkts/475 bytes] + 31 UDP 173.194.40.22:443 <-> 192.168.1.100:53568 [proto: 188.126/QUIC.Google][6 pkts/475 bytes] 32 UDP 192.168.1.100:55468 <-> 192.168.1.254:53 [proto: 5/DNS][4 pkts/556 bytes][Host: bnetcmsus-a.akamaihd.net] 33 UDP 192.168.1.100:58818 <-> 192.168.1.254:53 [proto: 5/DNS][4 pkts/432 bytes][Host: 91.252.30.192.in-addr.arpa] 34 UDP 192.168.1.100:58844 <-> 192.168.1.254:53 [proto: 5/DNS][2 pkts/210 bytes][Host: 40.186.239.80.in-addr.arpa] |