diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2025-01-06 13:45:12 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-01-06 13:45:12 +0100 |
| commit | 2e20f670dddd0e3bfc0baa7e272744664322171b (patch) | |
| tree | 40fe4a1d9abebe4082e428780d06c843bad28114 /src/lib | |
| parent | e77ff5ebd8981bf72c3981aeab3899850027973f (diff) | |
QUIC: extract "max idle timeout" parameter (#2649)
Even if it is only the proposed value by the client (and not the
negotiated one), it might be use as hint for timeout by the (external)
flows manager
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/protocols/quic.c | 20 | ||||
| -rw-r--r-- | src/lib/protocols/tls.c | 17 |
2 files changed, 32 insertions, 5 deletions
diff --git a/src/lib/protocols/quic.c b/src/lib/protocols/quic.c index 12ec27048..498ca9802 100644 --- a/src/lib/protocols/quic.c +++ b/src/lib/protocols/quic.c @@ -129,8 +129,7 @@ static int is_quic_ver_less_than(uint32_t version, uint8_t max_version) uint8_t u8_ver = get_u8_quic_ver(version); return u8_ver && u8_ver <= max_version; } - -static int is_quic_ver_greater_than(uint32_t version, uint8_t min_version) +int is_quic_ver_greater_than(uint32_t version, uint8_t min_version) { return get_u8_quic_ver(version) >= min_version; } @@ -1424,7 +1423,7 @@ void process_chlo(struct ndpi_detection_module_struct *ndpi_struct, uint32_t prev_offset; uint32_t tag_offset_start, offset, len; ndpi_protocol_match_result ret_match; - int sni_found = 0, ua_found = 0; + int sni_found = 0, ua_found = 0, icsl_found = 0; if(crypto_data_len < 6) return; @@ -1479,7 +1478,7 @@ void process_chlo(struct ndpi_detection_module_struct *ndpi_struct, } sni_found = 1; - if (ua_found) + if (ua_found && icsl_found) return; } @@ -1491,7 +1490,18 @@ void process_chlo(struct ndpi_detection_module_struct *ndpi_struct, http_process_user_agent(ndpi_struct, flow, &crypto_data[uaid_offset], len); /* http.c */ ua_found = 1; - if (sni_found) + if (sni_found && icsl_found) + return; + } + + if(memcmp(tag, "ICSL", 4) == 0 && len >= 4) { + u_int icsl_offset = tag_offset_start + prev_offset; + + flow->protos.tls_quic.quic_idle_timeout_sec = le32toh((*(uint32_t *)&crypto_data[icsl_offset])); + NDPI_LOG_DBG2(ndpi_struct, "ICSL: %d\n", flow->protos.tls_quic.quic_idle_timeout_sec); + icsl_found = 1; + + if (sni_found && ua_found) return; } diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c index ae28ab7a8..0fdac846a 100644 --- a/src/lib/protocols/tls.c +++ b/src/lib/protocols/tls.c @@ -3170,6 +3170,23 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct, http_process_user_agent(ndpi_struct, flow, &packet->payload[s_offset], param_len); break; } + if(param_type == 0x01) { + uint64_t max_idle_timeout; + + /* max_idle_timeout format changed across draft versions. + Nowdays, we are interested only in latest draft, so check + only for the RFC format */ + if(is_quic_ver_greater_than(quic_version, 27)) { + if(param_len > 0 && + quic_len_buffer_still_required(packet->payload[s_offset]) <= (int)param_len) { + quic_len(&packet->payload[s_offset], &max_idle_timeout); + flow->protos.tls_quic.quic_idle_timeout_sec = max_idle_timeout / 1000; +#ifdef DEBUG_TLS + printf("Max Idle Timeout: %d\n", flow->protos.tls_quic.quic_idle_timeout_sec); +#endif + } + } + } s_offset += param_len; } } else if(extension_id == 21) { /* Padding */ |