From 2080cc73655a55a25b7d643b8c194d450425e753 Mon Sep 17 00:00:00 2001
From: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>
Date: Thu, 7 Jan 2021 10:56:39 +0100
Subject: QUIC: add suppport for DNS-over-QUIC (#1107)

Even if it is only an early internet draft, DoQ has already (at least)
one deployed implementation.
See: https://www.zdnet.com/article/ad-blocker-adguard-deploys-worlds-first-dns-over-quic-resolver/
Draft: https://tools.ietf.org/html/draft-huitema-dprive-dnsoquic-00

In the future, if this protocol will be really used, it might be worth to
rename NDPI_PROTOCOL_DOH_DOT in NDPI_PROTOCOL_DOH_DOT_DOQ
---
 src/lib/protocols/quic.c | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'src/lib/protocols/quic.c')

diff --git a/src/lib/protocols/quic.c b/src/lib/protocols/quic.c
index 48a9db734..a4c93ed1e 100644
--- a/src/lib/protocols/quic.c
+++ b/src/lib/protocols/quic.c
@@ -1191,6 +1191,13 @@ static void process_tls(struct ndpi_detection_module_struct *ndpi_struct,
      Negotiated version is only present in the ServerHello message too, but
      fortunately, QUIC always uses TLS version 1.3 */
   flow->protos.stun_ssl.ssl.ssl_version = 0x0304;
+
+  /* DNS-over-QUIC: ALPN is "doq" or "doq-XXX" (for drafts versions) */
+  if(flow->protos.stun_ssl.ssl.alpn &&
+     strncmp(flow->protos.stun_ssl.ssl.alpn, "doq", 3) == 0) {
+    NDPI_LOG_DBG(ndpi_struct, "Found DOQ (ALPN: [%s])\n", flow->protos.stun_ssl.ssl.alpn);
+    ndpi_int_change_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DOH_DOT, NDPI_PROTOCOL_QUIC);
+  }
 }
 static void process_chlo(struct ndpi_detection_module_struct *ndpi_struct,
 			 struct ndpi_flow_struct *flow,
-- 
cgit v1.2.3