diff options
| author | Nardi Ivan <nardi.ivan@gmail.com> | 2022-08-10 18:25:44 +0200 |
|---|---|---|
| committer | Toni <matzeton@googlemail.com> | 2022-08-24 15:38:30 +0200 |
| commit | 8bfb1712d8b69c1faf2d9e23e741659c06f4a7df (patch) | |
| tree | e7cc5e1bd04a9c5ce2b3ea164bc2bb4cca780967 /tests/result | |
| parent | 0c8bc9f0555fa19d56bb686a2233772ae408f77b (diff) | |
QUIC: add support for 0-RTT packets received before the Initial
RFC9001 4.6.1: "A client that wishes to send 0-RTT packets uses the
early_data extension in the ClientHello message of a subsequent handshake;
see Section 4.2.10 of [TLS13]. It then sends application data in 0-RTT
packets."
That means the client sends before the CH (in the Initial) and then the
0-RTT (in the same UDP datagram or not)".
However, because of packet loss or out-of-order delivery, it might
happens that a 0-RTT packet is received before the Initial (the original
one or a retransmission).
For example, Google and Facebook servers save 0-RTT packets for a small
amount of time in hopes of receiving the corresponding Initial.
Update the QUIC dissector to detect 0-RTT packets and keep looking for
the Initial.
Issue found by @utoni in #1706; the trace example has been taken from that
PR.
Diffstat (limited to 'tests/result')
| -rw-r--r-- | tests/result/quic_0RTT.pcap.out | 21 |
1 files changed, 12 insertions, 9 deletions
diff --git a/tests/result/quic_0RTT.pcap.out b/tests/result/quic_0RTT.pcap.out index 102ca515e..9496dd97f 100644 --- a/tests/result/quic_0RTT.pcap.out +++ b/tests/result/quic_0RTT.pcap.out @@ -1,8 +1,8 @@ Guessed flow protos: 0 -DPI Packets (UDP): 1 (1.00 pkts/flow) -Confidence DPI : 1 (flows) -Num dissector calls: 64 (64.00 diss/flow) +DPI Packets (UDP): 4 (2.00 pkts/flow) +Confidence DPI : 2 (flows) +Num dissector calls: 186 (93.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) @@ -10,20 +10,23 @@ LRU cache stun: 0/0/0 (insert/search/found) LRU cache tls_cert: 0/0/0 (insert/search/found) LRU cache mining: 0/0/0 (insert/search/found) LRU cache msteams: 0/0/0 (insert/search/found) -Automa host: 2/0 (search/found) -Automa domain: 1/0 (search/found) +Automa host: 3/1 (search/found) +Automa domain: 2/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 1/0 (search/found) Automa common alpns: 0/0 (search/found) -Patricia risk mask: 0/0 (search/found) +Patricia risk mask: 2/0 (search/found) Patricia risk: 0/0 (search/found) -Patricia protocols: 0/0 (search/found) +Patricia protocols: 4/3 (search/found) +Google 15 5178 1 QUIC 2 2588 1 JA3 Host Stats: IP Address # JA3C - 1 ::1 1 + 1 192.168.2.100 1 + 2 ::1 1 - 1 UDP [::1]:60459 <-> [::1]:4443 [proto: 188/QUIC][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/1294 bytes][Goodput ratio: 95/95][0.00 sec][Hostname/SNI: abcd][ALPN: h3-32][TLS Supported Versions: TLSv1.3;TLSv1.3 (draft);TLSv1.3 (draft);TLSv1.3 (draft)][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][TLSv1.3][JA3C: a7b629a5bd67bfc25e2c78b3daa4c12f][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] + 1 UDP 192.168.2.100:51972 <-> 142.250.181.227:443 [proto: 188.126/QUIC.Google][Encrypted][Confidence: DPI][cat: Web/5][7 pkts/2168 bytes <-> 8 pkts/3010 bytes][Goodput ratio: 86/89][0.23 sec][Hostname/SNI: ssl.gstatic.com][ALPN: h3][TLS Supported Versions: TLSv1.3][bytes ratio: -0.163 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 36/10 121/30 45/14][Pkt Len c2s/s2c min/avg/max/stddev: 75/67 310/376 1292/1292 416/426][TLSv1.3][JA3C: 06b6b2a2cba0b7deeaaa6a3d8374d627][Plen Bins: 26,20,20,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0] + 2 UDP [::1]:60459 <-> [::1]:4443 [proto: 188/QUIC][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/1294 bytes][Goodput ratio: 95/95][0.00 sec][Hostname/SNI: abcd][ALPN: h3-32][TLS Supported Versions: TLSv1.3;TLSv1.3 (draft);TLSv1.3 (draft);TLSv1.3 (draft)][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][TLSv1.3][JA3C: a7b629a5bd67bfc25e2c78b3daa4c12f][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] |