aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/lib/protocols/quic.c193
-rwxr-xr-xtests/do.sh5
-rw-r--r--tests/result/quic.pcap.out2
3 files changed, 105 insertions, 95 deletions
diff --git a/src/lib/protocols/quic.c b/src/lib/protocols/quic.c
index 2e1ad6628..cbc95519d 100644
--- a/src/lib/protocols/quic.c
+++ b/src/lib/protocols/quic.c
@@ -46,111 +46,118 @@
static void ndpi_int_quic_add_connection(struct ndpi_detection_module_struct
*ndpi_struct, struct ndpi_flow_struct *flow)
{
- ndpi_int_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_QUIC, NDPI_REAL_PROTOCOL);
+ ndpi_int_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_QUIC, NDPI_REAL_PROTOCOL);
}
int connect_id(const unsigned char pflags)
{
- u_int cid_len;
+ u_int cid_len;
- // Check CID length.
- switch (pflags & QUIC_CID_MASK)
- {
- case CID_LEN_8: cid_len = 8; break;
- case CID_LEN_4: cid_len = 4; break;
- case CID_LEN_1: cid_len = 1; break;
- case CID_LEN_0: cid_len = 0; break;
- default:
- return -1;
-
- }
- // Return offset.
- return cid_len + 1;
+ // Check CID length.
+ switch (pflags & QUIC_CID_MASK)
+ {
+ case CID_LEN_8: cid_len = 8; break;
+ case CID_LEN_4: cid_len = 4; break;
+ case CID_LEN_1: cid_len = 1; break;
+ case CID_LEN_0: cid_len = 0; break;
+ default:
+ return -1;
+
+ }
+ // Return offset.
+ return cid_len + 1;
}
int sequence(const unsigned char *payload)
{
- unsigned char conv[6] = {0};
- u_int seq_value = -1;
- u_int seq_lens;
- u_int cid_offs;
- int i;
-
- // Search SEQ bytes length.
- switch (payload[0] & QUIC_SEQ_MASK)
- {
- case SEQ_LEN_6: seq_lens = 6; break;
- case SEQ_LEN_4: seq_lens = 4; break;
- case SEQ_LEN_2: seq_lens = 2; break;
- case SEQ_LEN_1: seq_lens = 1; break;
- default:
- return -1;
- }
- // Retrieve SEQ offset.
- cid_offs = connect_id(payload[0]);
-
- if (cid_offs >= 0 && seq_lens > 0)
- {
- for (i = 0; i < seq_lens; i++)
- conv[i] = payload[cid_offs + i];
-
- seq_value = SEQ_CONV(conv);
- }
- // Return SEQ dec value;
- return seq_value;
+ unsigned char conv[6] = {0};
+ u_int seq_value = -1;
+ u_int seq_lens;
+ u_int cid_offs;
+ int i;
+
+ // Search SEQ bytes length.
+ switch (payload[0] & QUIC_SEQ_MASK)
+ {
+ case SEQ_LEN_6: seq_lens = 6; break;
+ case SEQ_LEN_4: seq_lens = 4; break;
+ case SEQ_LEN_2: seq_lens = 2; break;
+ case SEQ_LEN_1: seq_lens = 1; break;
+ default:
+ return -1;
+ }
+ // Retrieve SEQ offset.
+ cid_offs = connect_id(payload[0]);
+
+ if (cid_offs >= 0 && seq_lens > 0)
+ {
+ for (i = 0; i < seq_lens; i++)
+ conv[i] = payload[cid_offs + i];
+
+ seq_value = SEQ_CONV(conv);
+ }
+ // Return SEQ dec value;
+ return seq_value;
}
void ndpi_search_quic(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
- struct ndpi_packet_struct *packet = &flow->packet;
- u_int ver_offs;
-
- if(packet->udp != NULL) {
- NDPI_LOG(NDPI_PROTOCOL_QUIC, ndpi_struct, NDPI_LOG_DEBUG, "calculating quic over udp.\n");
-
- // Settings without version. First check if PUBLIC FLAGS & SEQ bytes are 0x0. SEQ must be 1 at least.
- if ((packet->payload[0] == 0x00 && packet->payload[1] != 0x00) || ((packet->payload[0] & QUIC_NO_V_RES_RSV) == 0))
- {
- if (sequence(packet->payload) < 1)
- {
-
- NDPI_LOG(NDPI_PROTOCOL_QUIC, ndpi_struct, NDPI_LOG_DEBUG, "exclude quic.\n");
- NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_QUIC);
- }
-
- NDPI_LOG(NDPI_PROTOCOL_QUIC, ndpi_struct, NDPI_LOG_DEBUG, "found quic.\n");
- ndpi_int_quic_add_connection(ndpi_struct, flow);
- }
-
- // Check if version, than the CID length.
- else if (packet->payload[0] & QUIC_VER_MASK)
- {
- // Skip CID length.
- ver_offs = connect_id(packet->payload[0]);
-
- if (ver_offs >= 0){
- unsigned char vers[] = {packet->payload[ver_offs], packet->payload[ver_offs + 1],
- packet->payload[ver_offs + 2], packet->payload[ver_offs + 3]};
-
- // Version Match.
- if (vers[0] == 'Q' && vers[1] == '0' &&
- (vers[2] == '2' && (vers[3] == '5' || vers[3] == '4' || vers[3] == '3' || vers[3] == '2' ||
- vers[3] == '1' || vers[3] == '0')) ||
- (vers[2] == '1' && (vers[3] == '9' || vers[3] == '8' || vers[3] == '7' || vers[3] == '6' ||
- vers[3] == '5' || vers[3] == '4' || vers[3] == '3' || vers[3] == '2' ||
- vers[3] == '1' || vers[3] == '0')) ||
- (vers[2] == '0' && vers[3] == '9'))
-
- {
- NDPI_LOG(NDPI_PROTOCOL_QUIC, ndpi_struct, NDPI_LOG_DEBUG, "found quic.\n");
- ndpi_int_quic_add_connection(ndpi_struct, flow);
- }
- }
- } else
- {
- NDPI_LOG(NDPI_PROTOCOL_QUIC, ndpi_struct, NDPI_LOG_DEBUG, "exclude quic.\n");
- NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_QUIC);
- }
- }
+ struct ndpi_packet_struct *packet = &flow->packet;
+ u_int ver_offs;
+
+ if(packet->udp != NULL) {
+ u_int16_t sport = ntohs(packet->udp->source), dport = ntohs(packet->udp->dest);
+
+ NDPI_LOG(NDPI_PROTOCOL_QUIC, ndpi_struct, NDPI_LOG_DEBUG, "calculating quic over udp.\n");
+
+ if(((packet->payload[0] & 0xF0) != 0)
+ || (!(sport == 80 || dport == 80 || sport == 443 || dport == 443)))
+ goto exclude_quic;
+
+ // Settings without version. First check if PUBLIC FLAGS & SEQ bytes are 0x0. SEQ must be 1 at least.
+ if ((packet->payload[0] == 0x00 && packet->payload[1] != 0x00) || ((packet->payload[0] & QUIC_NO_V_RES_RSV) == 0))
+ {
+ if (sequence(packet->payload) < 1)
+ {
+
+ NDPI_LOG(NDPI_PROTOCOL_QUIC, ndpi_struct, NDPI_LOG_DEBUG, "exclude quic.\n");
+ NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_QUIC);
+ }
+
+ NDPI_LOG(NDPI_PROTOCOL_QUIC, ndpi_struct, NDPI_LOG_DEBUG, "found quic.\n");
+ ndpi_int_quic_add_connection(ndpi_struct, flow);
+ }
+
+ // Check if version, than the CID length.
+ else if (packet->payload[0] & QUIC_VER_MASK)
+ {
+ // Skip CID length.
+ ver_offs = connect_id(packet->payload[0]);
+
+ if (ver_offs >= 0){
+ unsigned char vers[] = {packet->payload[ver_offs], packet->payload[ver_offs + 1],
+ packet->payload[ver_offs + 2], packet->payload[ver_offs + 3]};
+
+ // Version Match.
+ if (vers[0] == 'Q' && vers[1] == '0' &&
+ (vers[2] == '2' && (vers[3] == '5' || vers[3] == '4' || vers[3] == '3' || vers[3] == '2' ||
+ vers[3] == '1' || vers[3] == '0')) ||
+ (vers[2] == '1' && (vers[3] == '9' || vers[3] == '8' || vers[3] == '7' || vers[3] == '6' ||
+ vers[3] == '5' || vers[3] == '4' || vers[3] == '3' || vers[3] == '2' ||
+ vers[3] == '1' || vers[3] == '0')) ||
+ (vers[2] == '0' && vers[3] == '9'))
+
+ {
+ NDPI_LOG(NDPI_PROTOCOL_QUIC, ndpi_struct, NDPI_LOG_DEBUG, "found quic.\n");
+ ndpi_int_quic_add_connection(ndpi_struct, flow);
+ }
+ }
+ } else
+ {
+ exclude_quic:
+ NDPI_LOG(NDPI_PROTOCOL_QUIC, ndpi_struct, NDPI_LOG_DEBUG, "exclude quic.\n");
+ NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_QUIC);
+ }
+ }
}
#endif
diff --git a/tests/do.sh b/tests/do.sh
index 4f81906f7..e7d28aa9c 100755
--- a/tests/do.sh
+++ b/tests/do.sh
@@ -15,13 +15,16 @@ build_results() {
check_results() {
for f in $PCAPS; do
if [ -f result/$f.out ]; then
- $READER -q -i pcap/$f -w /tmp/reader.out
+ CMD="$READER -q -i pcap/$f -w /tmp/reader.out"
+ $CMD
NUM_DIFF=`diff result/$f.out /tmp/reader.out | wc -l`
if [ $NUM_DIFF -eq 0 ]; then
echo "$f\t OK"
else
echo "$f\t ERROR"
+ echo "$CMD"
+ diff result/$f.out /tmp/reader.out
fi
/bin/rm /tmp/reader.out
diff --git a/tests/result/quic.pcap.out b/tests/result/quic.pcap.out
index 283fb04d2..900864e4d 100644
--- a/tests/result/quic.pcap.out
+++ b/tests/result/quic.pcap.out
@@ -1 +1 @@
-Unknown 413 254874 1
+Quic 413 254874 1
Powered by cgit, Themed by Ted Yin.