diff options
| -rw-r--r-- | src/lib/protocols/quic.c | 14 | ||||
| -rw-r--r-- | tests/pcap/quic.pcap | bin | 261506 -> 349710 bytes | |||
| -rw-r--r-- | tests/result/quic.pcap.out | 12 | ||||
| -rw-r--r-- | tests/result/starcraft_battle.pcap.out | 5 |
4 files changed, 25 insertions, 6 deletions
diff --git a/src/lib/protocols/quic.c b/src/lib/protocols/quic.c index 5370b9209..a3e247134 100644 --- a/src/lib/protocols/quic.c +++ b/src/lib/protocols/quic.c @@ -45,11 +45,15 @@ #define DIGIT(X, Y, Z) ((isdigit(X) && isdigit(Y) && isdigit(Z)) ? (INT(X) * 100 + INT(Y) * 10 + INT(Z)) : 0) #ifdef NDPI_PROTOCOL_QUIC + + + static void ndpi_int_quic_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_QUIC, NDPI_PROTOCOL_UNKNOWN); } + static int connect_id(const unsigned char pflags) { u_int cid_len; @@ -69,6 +73,7 @@ static int connect_id(const unsigned char pflags) return cid_len + 1; } + static int sequence(const unsigned char *payload) { char test[6] = {0}; @@ -94,6 +99,7 @@ static int sequence(const unsigned char *payload) return memcmp(payload + cid_offs, test, seq_lens); } + void ndpi_search_quic(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; @@ -154,10 +160,14 @@ void ndpi_search_quic(struct ndpi_detection_module_struct *ndpi_struct, struct n } } + void init_quic_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { - ndpi_set_bitmask_protocol_detection("QUIC", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_QUIC, ndpi_search_quic, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); + ndpi_set_bitmask_protocol_detection("QUIC", ndpi_struct, detection_bitmask, *id, + NDPI_PROTOCOL_QUIC, + ndpi_search_quic, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD, + SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); *id += 1; } diff --git a/tests/pcap/quic.pcap b/tests/pcap/quic.pcap Binary files differindex 5de878c1a..b437d2854 100644 --- a/tests/pcap/quic.pcap +++ b/tests/pcap/quic.pcap diff --git a/tests/result/quic.pcap.out b/tests/result/quic.pcap.out index 5cde7c822..3dc6ff20a 100644 --- a/tests/result/quic.pcap.out +++ b/tests/result/quic.pcap.out @@ -1,3 +1,11 @@ -QUIC 413 254874 1 +QUIC 512 341494 9 - 1 UDP 216.58.212.101:443 <-> 192.168.1.109:57833 [proto: 188/QUIC][413 pkts/254874 bytes] + 1 UDP 192.168.1.105:48445 <-> 216.58.214.110:443 [proto: 188/QUIC][3 pkts/2863 bytes] + 2 UDP 192.168.1.105:53817 <-> 216.58.210.225:443 [proto: 188/QUIC][2 pkts/2784 bytes] + 3 UDP 216.58.212.101:443 <-> 192.168.1.109:57833 [proto: 188/QUIC][413 pkts/254874 bytes] + 4 UDP 172.217.16.3:443 <-> 192.168.1.105:40461 [proto: 188/QUIC][3 pkts/364 bytes] + 5 UDP 172.217.16.4:443 <-> 192.168.1.105:45669 [proto: 188/QUIC][5 pkts/4334 bytes] + 6 UDP 192.168.1.105:34438 <-> 216.58.210.238:443 [proto: 188/QUIC][7 pkts/6545 bytes] + 7 UDP 192.168.1.109:35236 <-> 216.58.210.206:443 [proto: 188/QUIC][69 pkts/58433 bytes] + 8 UDP 192.168.1.105:40030 <-> 216.58.201.227:443 [proto: 188/QUIC][6 pkts/5729 bytes] + 9 UDP 192.168.1.105:55934 <-> 216.58.201.238:443 [proto: 188/QUIC][4 pkts/5568 bytes] diff --git a/tests/result/starcraft_battle.pcap.out b/tests/result/starcraft_battle.pcap.out index af94d88b9..fe08da9b8 100644 --- a/tests/result/starcraft_battle.pcap.out +++ b/tests/result/starcraft_battle.pcap.out @@ -6,7 +6,8 @@ HTTPDownload 179 134204 1 WorldOfWarcraft 9 880 1 IGMP 2 120 1 SSL 41 2782 12 -Google 20 2063 4 +Google 14 1588 3 +QUIC 6 475 1 Starcraft 236 51494 6 1 TCP 80.239.186.21:80 <-> 192.168.1.100:3516 [proto: 7/HTTP][12 pkts/3680 bytes][Host: eu.launcher.battle.net] @@ -39,7 +40,7 @@ Starcraft 236 51494 6 28 TCP 80.239.186.26:443 <-> 192.168.1.100:3476 [proto: 91/SSL][1 pkts/60 bytes] 29 TCP 80.239.186.40:443 <-> 192.168.1.100:3478 [proto: 91/SSL][1 pkts/60 bytes] 30 TCP 192.168.1.100:3508 <-> 87.248.221.254:80 [proto: 7.60/HTTP.HTTPDownload][179 pkts/134204 bytes][Host: llnw.blizzard.com] - 31 UDP 173.194.40.22:443 <-> 192.168.1.100:53568 [proto: 188.126/QUIC.Google][6 pkts/475 bytes] + 31 UDP 173.194.40.22:443 <-> 192.168.1.100:53568 [proto: 188/QUIC][6 pkts/475 bytes] 32 UDP 192.168.1.100:55468 <-> 192.168.1.254:53 [proto: 5/DNS][4 pkts/556 bytes][Host: bnetcmsus-a.akamaihd.net] 33 UDP 192.168.1.100:58818 <-> 192.168.1.254:53 [proto: 5/DNS][4 pkts/432 bytes][Host: 91.252.30.192.in-addr.arpa] 34 UDP 192.168.1.100:58844 <-> 192.168.1.254:53 [proto: 5/DNS][2 pkts/210 bytes][Host: 40.186.239.80.in-addr.arpa] |