From 3ecb11b15226e91614b26f14324305183f4401d5 Mon Sep 17 00:00:00 2001 From: Andrea Buscarinu Date: Fri, 15 May 2015 02:51:39 +0200 Subject: Create quic.c --- src/lib/protocols/quic.c | 100 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 100 insertions(+) create mode 100644 src/lib/protocols/quic.c (limited to 'src/lib/protocols/quic.c') diff --git a/src/lib/protocols/quic.c b/src/lib/protocols/quic.c new file mode 100644 index 000000000..6a9fd48b8 --- /dev/null +++ b/src/lib/protocols/quic.c @@ -0,0 +1,100 @@ +/* + * quic.c + * + * Copyright (C) 2015 - Andrea Buscarinu + * Copyright (C) 2015 - Michele Campus + * Copyright (C) 2012-15 - ntop.org + * + * This module is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This module is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License. + * If not, see . + * + */ + + +#include "ndpi_api.h" + +#define SEQ_CID_MASK_ALL 0x3c // 0011 1100 +#define QUIC_VER_MASK 0x01 // 0000 0001 +#define CID_LEN_8 0x0C // 0000 1100 +#define CID_LEN_4 0x08 // 0000 1000 +#define CID_LEN_1 0x04 // 0000 0100 +#define CID_LEN_0 0x00 // 0000 0000 +#define CID_MASK 0x0C // 0000 1100 + + +#ifdef NDPI_PROTOCOL_QUIC +static void ndpi_int_quic_add_connection(struct ndpi_detection_module_struct + *ndpi_struct, struct ndpi_flow_struct *flow) +{ + ndpi_int_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_QUIC, NDPI_REAL_PROTOCOL); +} + +void ndpi_search_quic(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) +{ + struct ndpi_packet_struct *packet = &flow->packet; + u_int16_t dport = 0, sport = 0; + u_int ver_offset; + u_int cid_len; + + if(packet->udp != NULL) { + sport = ntohs(packet->udp->source), dport = ntohs(packet->udp->dest); + NDPI_LOG(NDPI_PROTOCOL_QUIC, ndpi_struct, NDPI_LOG_DEBUG, "calculating quic over udp.\n"); + + // Settings without version. First check if PUBLIC FLAGS & SEQ bytes are 0x0. SEQ must be 1 at least. + if ((sport == 443 || dport == 443) && (((packet->payload[0] == 0x00 && packet->payload[1] != 0x00) || + (packet->payload[0] == 0x10) || (packet->payload[0] == 0x0c) || + (packet->payload[0] == 0x1c)) || (packet->payload[0] & SEQ_CID_MASK_ALL))) + { + NDPI_LOG(NDPI_PROTOCOL_QUIC, ndpi_struct, NDPI_LOG_DEBUG, "found quic.\n"); + ndpi_int_quic_add_connection(ndpi_struct, flow); + + // Check if version, than the CID length. + } else if (packet->payload[0] & QUIC_VER_MASK) + { + // Has version, check CID length. + switch (packet->payload[0] & CID_MASK) + { + case CID_LEN_8: cid_len = 8; break; + case CID_LEN_4: cid_len = 4; break; + case CID_LEN_1: cid_len = 1; break; + case CID_LEN_0: cid_len = 0; break; + default: + NDPI_LOG(NDPI_PROTOCOL_QUIC, ndpi_struct, NDPI_LOG_DEBUG, "exclude quic.\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_QUIC); + } + + // Version offset. + ver_offset = 1 + cid_len; + unsigned char vers[] = { packet->payload[ver_offset + 1], packet->payload[ver_offset + 2], + packet->payload[ver_offset + 3], packet->payload[ver_offset + 4]}; + // Check version match. + if (vers[0] == 'Q' && vers[1] == '0' && + (vers[2] == '2' && (vers[3] == '5' || vers[3] == '4' || vers[3] == '3' || vers[3] == '2' || + vers[3] == '1' || vers[3] == '0')) || + (vers[2] == '1' && (vers[3] == '9' || vers[3] == '8' || vers[3] == '7' || vers[3] == '6' || + vers[3] == '5' || vers[3] == '4' || vers[3] == '3' || vers[3] == '2' || + vers[3] == '1' || vers[3] == '0')) || + (vers[2] == '0' && vers[3] == '9')) + + { + NDPI_LOG(NDPI_PROTOCOL_QUIC, ndpi_struct, NDPI_LOG_DEBUG, "found quic.\n"); + ndpi_int_quic_add_connection(ndpi_struct, flow); + } + } else + { + NDPI_LOG(NDPI_PROTOCOL_QUIC, ndpi_struct, NDPI_LOG_DEBUG, "exclude quic.\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_QUIC); + } + } +} +#endif -- cgit v1.2.3 From 7ad38d6c20afd29f32fa09033fdd994b74e23c78 Mon Sep 17 00:00:00 2001 From: Andrea Buscarinu Date: Mon, 18 May 2015 17:47:39 +0200 Subject: Update quic.c --- src/lib/protocols/quic.c | 80 ++++++++++++++++++++++++++++++++---------------- 1 file changed, 54 insertions(+), 26 deletions(-) (limited to 'src/lib/protocols/quic.c') diff --git a/src/lib/protocols/quic.c b/src/lib/protocols/quic.c index 6a9fd48b8..6e032e594 100644 --- a/src/lib/protocols/quic.c +++ b/src/lib/protocols/quic.c @@ -1,8 +1,8 @@ /* * quic.c * - * Copyright (C) 2015 - Andrea Buscarinu - * Copyright (C) 2015 - Michele Campus + * Andrea Buscarinu - + * Michele Campus - * Copyright (C) 2012-15 - ntop.org * * This module is free software: you can redistribute it and/or modify @@ -29,6 +29,7 @@ #define CID_LEN_4 0x08 // 0000 1000 #define CID_LEN_1 0x04 // 0000 0100 #define CID_LEN_0 0x00 // 0000 0000 +#define SEQ_MASK 0xf3 // 1111 0011 #define CID_MASK 0x0C // 0000 1100 @@ -43,18 +44,44 @@ void ndpi_search_quic(struct ndpi_detection_module_struct *ndpi_struct, struct n { struct ndpi_packet_struct *packet = &flow->packet; u_int16_t dport = 0, sport = 0; - u_int ver_offset; + u_int ver_offs; + u_int seq_offs; u_int cid_len; if(packet->udp != NULL) { sport = ntohs(packet->udp->source), dport = ntohs(packet->udp->dest); NDPI_LOG(NDPI_PROTOCOL_QUIC, ndpi_struct, NDPI_LOG_DEBUG, "calculating quic over udp.\n"); - // Settings without version. First check if PUBLIC FLAGS & SEQ bytes are 0x0. SEQ must be 1 at least. - if ((sport == 443 || dport == 443) && (((packet->payload[0] == 0x00 && packet->payload[1] != 0x00) || - (packet->payload[0] == 0x10) || (packet->payload[0] == 0x0c) || - (packet->payload[0] == 0x1c)) || (packet->payload[0] & SEQ_CID_MASK_ALL))) + // Settings without version. First check if 0x00 PUBLIC FLAGS and SEQ != 0x00. SEQ must be 1 at least. + if ((sport == 80 || dport == 80 || sport == 443 || dport == 443) && ((packet->payload[0] == 0x00 && packet->payload[1] != 0x00) || + (packet->payload[0] & SEQ_CID_MASK_ALL))) { + // Filter packets with 1 byte SEQ. + if (packet->payload[0] & SEQ_MASK == 0) + { + // Has no version, 1 byte SEQ. + // Check CID length. + switch (packet->payload[0] & CID_MASK) + { + case CID_LEN_8: cid_len = 8; break; + case CID_LEN_4: cid_len = 4; break; + case CID_LEN_1: cid_len = 1; break; + case CID_LEN_0: cid_len = 0; break; + default: + NDPI_LOG(NDPI_PROTOCOL_QUIC, ndpi_struct, NDPI_LOG_DEBUG, "exclude quic.\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_QUIC); + } + + seq_offs = cid_len + 1; + + // SEQ must be 1 at least. + if(packet->payload[seq_offs] == 0) + { + NDPI_LOG(NDPI_PROTOCOL_QUIC, ndpi_struct, NDPI_LOG_DEBUG, "exclude quic.\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_QUIC); + } + } + NDPI_LOG(NDPI_PROTOCOL_QUIC, ndpi_struct, NDPI_LOG_DEBUG, "found quic.\n"); ndpi_int_quic_add_connection(ndpi_struct, flow); @@ -73,28 +100,29 @@ void ndpi_search_quic(struct ndpi_detection_module_struct *ndpi_struct, struct n NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_QUIC); } - // Version offset. - ver_offset = 1 + cid_len; - unsigned char vers[] = { packet->payload[ver_offset + 1], packet->payload[ver_offset + 2], - packet->payload[ver_offset + 3], packet->payload[ver_offset + 4]}; - // Check version match. - if (vers[0] == 'Q' && vers[1] == '0' && - (vers[2] == '2' && (vers[3] == '5' || vers[3] == '4' || vers[3] == '3' || vers[3] == '2' || - vers[3] == '1' || vers[3] == '0')) || - (vers[2] == '1' && (vers[3] == '9' || vers[3] == '8' || vers[3] == '7' || vers[3] == '6' || - vers[3] == '5' || vers[3] == '4' || vers[3] == '3' || vers[3] == '2' || - vers[3] == '1' || vers[3] == '0')) || - (vers[2] == '0' && vers[3] == '9')) + // Skip CID length. + ver_offs = cid_len + 1 +1; + unsigned char vers[] = {packet->payload[ver_offs], packet->payload[ver_offs + 1], + packet->payload[ver_offs + 2], packet->payload[ver_offs + 3]}; + + // Check version match. + if (vers[0] == 'Q' && vers[1] == '0' && + (vers[2] == '2' && (vers[3] == '5' || vers[3] == '4' || vers[3] == '3' || vers[3] == '2' || + vers[3] == '1' || vers[3] == '0')) || + (vers[2] == '1' && (vers[3] == '9' || vers[3] == '8' || vers[3] == '7' || vers[3] == '6' || + vers[3] == '5' || vers[3] == '4' || vers[3] == '3' || vers[3] == '2' || + vers[3] == '1' || vers[3] == '0')) || + (vers[2] == '0' && vers[3] == '9')) + { + NDPI_LOG(NDPI_PROTOCOL_QUIC, ndpi_struct, NDPI_LOG_DEBUG, "found quic.\n"); + ndpi_int_quic_add_connection(ndpi_struct, flow); + } + } else { - NDPI_LOG(NDPI_PROTOCOL_QUIC, ndpi_struct, NDPI_LOG_DEBUG, "found quic.\n"); - ndpi_int_quic_add_connection(ndpi_struct, flow); + NDPI_LOG(NDPI_PROTOCOL_QUIC, ndpi_struct, NDPI_LOG_DEBUG, "exclude quic.\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_QUIC); } - } else - { - NDPI_LOG(NDPI_PROTOCOL_QUIC, ndpi_struct, NDPI_LOG_DEBUG, "exclude quic.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_QUIC); } } -} #endif -- cgit v1.2.3 From 2f120eff37d70f59c4b55d54645fdadf4ca21069 Mon Sep 17 00:00:00 2001 From: Andrea Buscarinu Date: Mon, 18 May 2015 17:50:01 +0200 Subject: Update quic.c --- src/lib/protocols/quic.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/lib/protocols/quic.c') diff --git a/src/lib/protocols/quic.c b/src/lib/protocols/quic.c index 6e032e594..c194b0aec 100644 --- a/src/lib/protocols/quic.c +++ b/src/lib/protocols/quic.c @@ -101,7 +101,7 @@ void ndpi_search_quic(struct ndpi_detection_module_struct *ndpi_struct, struct n } // Skip CID length. - ver_offs = cid_len + 1 +1; + ver_offs = cid_len + 1; unsigned char vers[] = {packet->payload[ver_offs], packet->payload[ver_offs + 1], packet->payload[ver_offs + 2], packet->payload[ver_offs + 3]}; -- cgit v1.2.3 From bbb7091a582e74e83c2c2255e926d2832463b54e Mon Sep 17 00:00:00 2001 From: Andrea Buscarinu Date: Tue, 19 May 2015 02:20:57 +0200 Subject: Update quic.c Added more SEQ and CID controls. --- src/lib/protocols/quic.c | 182 +++++++++++++++++++++++++++++------------------ 1 file changed, 112 insertions(+), 70 deletions(-) (limited to 'src/lib/protocols/quic.c') diff --git a/src/lib/protocols/quic.c b/src/lib/protocols/quic.c index c194b0aec..a538a21e3 100644 --- a/src/lib/protocols/quic.c +++ b/src/lib/protocols/quic.c @@ -23,14 +23,26 @@ #include "ndpi_api.h" -#define SEQ_CID_MASK_ALL 0x3c // 0011 1100 -#define QUIC_VER_MASK 0x01 // 0000 0001 -#define CID_LEN_8 0x0C // 0000 1100 -#define CID_LEN_4 0x08 // 0000 1000 -#define CID_LEN_1 0x04 // 0000 0100 -#define CID_LEN_0 0x00 // 0000 0000 -#define SEQ_MASK 0xf3 // 1111 0011 -#define CID_MASK 0x0C // 0000 1100 +#define QUIC_NO_V_RES_RSV 0xf3 // 1100 0011 + +#define QUIC_CID_MASK 0x0C // 0000 1100 +#define QUIC_VER_MASK 0x01 // 0000 0001 +#define QUIC_SEQ_MASK 0x30 // 0011 0000 + +#define CID_LEN_8 0x0C // 0000 1100 +#define CID_LEN_4 0x08 // 0000 1000 +#define CID_LEN_1 0x04 // 0000 0100 +#define CID_LEN_0 0x00 // 0000 0000 + +#define SEQ_LEN_6 0x30 // 0011 0000 +#define SEQ_LEN_4 0x20 // 0010 0000 +#define SEQ_LEN_2 0x10 // 0001 0000 +#define SEQ_LEN_1 0x00 // 0000 0000 + +#define SEQ_CONV_6(ARR) (ARR[0] | ARR[1] | ARR[2] | ARR[3] | ARR[4] | ARR[5] << 8) +#define SEQ_CONV_4(ARR) (ARR[0] | ARR[1] | ARR[2] | ARR[3] << 8) +#define SEQ_CONV_2(ARR) (ARR[0] | ARR[1] << 8) +#define SEQ_CONV_1(ARR) (ARR[0] << 8) #ifdef NDPI_PROTOCOL_QUIC @@ -40,89 +52,119 @@ static void ndpi_int_quic_add_connection(struct ndpi_detection_module_struct ndpi_int_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_QUIC, NDPI_REAL_PROTOCOL); } +int connect_id(const unsigned char pflags) +{ + u_int cid_len; + + // Check CID length. + switch (pflags & QUIC_CID_MASK) + { + case CID_LEN_8: cid_len = 8; break; + case CID_LEN_4: cid_len = 4; break; + case CID_LEN_1: cid_len = 1; break; + case CID_LEN_0: cid_len = 0; break; + default: + return -1; + + } + // Return offset. + return cid_len + 1; +} + +int sequence(const unsigned char *payload) +{ + unsigned char* conv; + u_int seq_len; + u_int cid_offs; + u_int seq_value; + int i; + + switch (payload[0] & QUIC_SEQ_MASK) + { + case SEQ_LEN_6: seq_len = 6; break; + case SEQ_LEN_4: seq_len = 4; break; + case SEQ_LEN_2: seq_len = 2; break; + case SEQ_LEN_1: seq_len = 1; break; + default: + return -1; + } + + if (seq_len > 0) calloc(seq_len, sizeof(unsigned char)); + cid_offs = connect_id(payload[0]); + + if (cid_offs >= 0) + { + for (i = cid_offs; i < seq_len; i++) + conv[i] = payload[i]; + + switch (seq_len) + { + case 6: seq_value = SEQ_CONV_6(conv); break; + case 4: seq_value = SEQ_CONV_4(conv); break; + case 2: seq_value = SEQ_CONV_2(conv); break; + case 1: seq_value = SEQ_CONV_1(conv); break; + default: + return -1; + } + // Return SEQ int value; + return seq_value; + } +} + void ndpi_search_quic(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; u_int16_t dport = 0, sport = 0; u_int ver_offs; - u_int seq_offs; - u_int cid_len; - if(packet->udp != NULL) { + if(packet->udp != NULL) { sport = ntohs(packet->udp->source), dport = ntohs(packet->udp->dest); NDPI_LOG(NDPI_PROTOCOL_QUIC, ndpi_struct, NDPI_LOG_DEBUG, "calculating quic over udp.\n"); - // Settings without version. First check if 0x00 PUBLIC FLAGS and SEQ != 0x00. SEQ must be 1 at least. + // Settings without version. First check if PUBLIC FLAGS & SEQ bytes are 0x0. SEQ must be 1 at least. if ((sport == 80 || dport == 80 || sport == 443 || dport == 443) && ((packet->payload[0] == 0x00 && packet->payload[1] != 0x00) || - (packet->payload[0] & SEQ_CID_MASK_ALL))) + (packet->payload[0] & (QUIC_NO_V_RES_RSV) == 0))) { - // Filter packets with 1 byte SEQ. - if (packet->payload[0] & SEQ_MASK == 0) + if (sequence(packet->payload) < 1) { - // Has no version, 1 byte SEQ. - // Check CID length. - switch (packet->payload[0] & CID_MASK) - { - case CID_LEN_8: cid_len = 8; break; - case CID_LEN_4: cid_len = 4; break; - case CID_LEN_1: cid_len = 1; break; - case CID_LEN_0: cid_len = 0; break; - default: - NDPI_LOG(NDPI_PROTOCOL_QUIC, ndpi_struct, NDPI_LOG_DEBUG, "exclude quic.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_QUIC); - } - - seq_offs = cid_len + 1; - // SEQ must be 1 at least. - if(packet->payload[seq_offs] == 0) - { - NDPI_LOG(NDPI_PROTOCOL_QUIC, ndpi_struct, NDPI_LOG_DEBUG, "exclude quic.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_QUIC); - } + NDPI_LOG(NDPI_PROTOCOL_QUIC, ndpi_struct, NDPI_LOG_DEBUG, "exclude quic.\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_QUIC); } NDPI_LOG(NDPI_PROTOCOL_QUIC, ndpi_struct, NDPI_LOG_DEBUG, "found quic.\n"); ndpi_int_quic_add_connection(ndpi_struct, flow); + } // Check if version, than the CID length. - } else if (packet->payload[0] & QUIC_VER_MASK) + else if (packet->payload[0] & QUIC_VER_MASK) { - // Has version, check CID length. - switch (packet->payload[0] & CID_MASK) - { - case CID_LEN_8: cid_len = 8; break; - case CID_LEN_4: cid_len = 4; break; - case CID_LEN_1: cid_len = 1; break; - case CID_LEN_0: cid_len = 0; break; - default: - NDPI_LOG(NDPI_PROTOCOL_QUIC, ndpi_struct, NDPI_LOG_DEBUG, "exclude quic.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_QUIC); - } - // Skip CID length. - ver_offs = cid_len + 1; - unsigned char vers[] = {packet->payload[ver_offs], packet->payload[ver_offs + 1], - packet->payload[ver_offs + 2], packet->payload[ver_offs + 3]}; - - // Check version match. - if (vers[0] == 'Q' && vers[1] == '0' && - (vers[2] == '2' && (vers[3] == '5' || vers[3] == '4' || vers[3] == '3' || vers[3] == '2' || - vers[3] == '1' || vers[3] == '0')) || - (vers[2] == '1' && (vers[3] == '9' || vers[3] == '8' || vers[3] == '7' || vers[3] == '6' || - vers[3] == '5' || vers[3] == '4' || vers[3] == '3' || vers[3] == '2' || - vers[3] == '1' || vers[3] == '0')) || - (vers[2] == '0' && vers[3] == '9')) - - { - NDPI_LOG(NDPI_PROTOCOL_QUIC, ndpi_struct, NDPI_LOG_DEBUG, "found quic.\n"); - ndpi_int_quic_add_connection(ndpi_struct, flow); - } - } else - { - NDPI_LOG(NDPI_PROTOCOL_QUIC, ndpi_struct, NDPI_LOG_DEBUG, "exclude quic.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_QUIC); + ver_offs = connect_id(packet->payload[0]); + + if (ver_offs >= 0){ + unsigned char vers[] = {packet->payload[ver_offs], packet->payload[ver_offs + 1], + packet->payload[ver_offs + 2], packet->payload[ver_offs + 3]}; + + // Version Match. + if (vers[0] == 'Q' && vers[1] == '0' && + (vers[2] == '2' && (vers[3] == '5' || vers[3] == '4' || vers[3] == '3' || vers[3] == '2' || + vers[3] == '1' || vers[3] == '0')) || + (vers[2] == '1' && (vers[3] == '9' || vers[3] == '8' || vers[3] == '7' || vers[3] == '6' || + vers[3] == '5' || vers[3] == '4' || vers[3] == '3' || vers[3] == '2' || + vers[3] == '1' || vers[3] == '0')) || + (vers[2] == '0' && vers[3] == '9')) + + { + NDPI_LOG(NDPI_PROTOCOL_QUIC, ndpi_struct, NDPI_LOG_DEBUG, "found quic.\n"); + ndpi_int_quic_add_connection(ndpi_struct, flow); + } } + } else + { + NDPI_LOG(NDPI_PROTOCOL_QUIC, ndpi_struct, NDPI_LOG_DEBUG, "exclude quic.\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_QUIC); } - } + } +} #endif -- cgit v1.2.3 From 31b43b19f7de092fdc52f218422778cc5b2c423f Mon Sep 17 00:00:00 2001 From: Andrea Buscarinu Date: Tue, 19 May 2015 02:41:48 +0200 Subject: Update quic.c Removed ports --- src/lib/protocols/quic.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) (limited to 'src/lib/protocols/quic.c') diff --git a/src/lib/protocols/quic.c b/src/lib/protocols/quic.c index a538a21e3..0f633ec1a 100644 --- a/src/lib/protocols/quic.c +++ b/src/lib/protocols/quic.c @@ -114,16 +114,13 @@ int sequence(const unsigned char *payload) void ndpi_search_quic(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - u_int16_t dport = 0, sport = 0; u_int ver_offs; if(packet->udp != NULL) { - sport = ntohs(packet->udp->source), dport = ntohs(packet->udp->dest); NDPI_LOG(NDPI_PROTOCOL_QUIC, ndpi_struct, NDPI_LOG_DEBUG, "calculating quic over udp.\n"); // Settings without version. First check if PUBLIC FLAGS & SEQ bytes are 0x0. SEQ must be 1 at least. - if ((sport == 80 || dport == 80 || sport == 443 || dport == 443) && ((packet->payload[0] == 0x00 && packet->payload[1] != 0x00) || - (packet->payload[0] & (QUIC_NO_V_RES_RSV) == 0))) + if ((packet->payload[0] == 0x00 && packet->payload[1] != 0x00) || (packet->payload[0] & (QUIC_NO_V_RES_RSV) == 0)) { if (sequence(packet->payload) < 1) { -- cgit v1.2.3 From 57926cc97da148a593f08191d09e3003427a8712 Mon Sep 17 00:00:00 2001 From: Andrea Buscarinu Date: Wed, 20 May 2015 04:10:29 +0200 Subject: Update quic.c Fix version mask and syntax errors --- src/lib/protocols/quic.c | 49 +++++++++++++++++++----------------------------- 1 file changed, 19 insertions(+), 30 deletions(-) (limited to 'src/lib/protocols/quic.c') diff --git a/src/lib/protocols/quic.c b/src/lib/protocols/quic.c index 0f633ec1a..2e1ad6628 100644 --- a/src/lib/protocols/quic.c +++ b/src/lib/protocols/quic.c @@ -23,7 +23,7 @@ #include "ndpi_api.h" -#define QUIC_NO_V_RES_RSV 0xf3 // 1100 0011 +#define QUIC_NO_V_RES_RSV 0xC3 // 1100 0011 #define QUIC_CID_MASK 0x0C // 0000 1100 #define QUIC_VER_MASK 0x01 // 0000 0001 @@ -39,10 +39,7 @@ #define SEQ_LEN_2 0x10 // 0001 0000 #define SEQ_LEN_1 0x00 // 0000 0000 -#define SEQ_CONV_6(ARR) (ARR[0] | ARR[1] | ARR[2] | ARR[3] | ARR[4] | ARR[5] << 8) -#define SEQ_CONV_4(ARR) (ARR[0] | ARR[1] | ARR[2] | ARR[3] << 8) -#define SEQ_CONV_2(ARR) (ARR[0] | ARR[1] << 8) -#define SEQ_CONV_1(ARR) (ARR[0] << 8) +#define SEQ_CONV(ARR) (ARR[0] | ARR[1] | ARR[2] | ARR[3] | ARR[4] | ARR[5] << 8) #ifdef NDPI_PROTOCOL_QUIC @@ -55,7 +52,7 @@ static void ndpi_int_quic_add_connection(struct ndpi_detection_module_struct int connect_id(const unsigned char pflags) { u_int cid_len; - + // Check CID length. switch (pflags & QUIC_CID_MASK) { @@ -73,42 +70,34 @@ int connect_id(const unsigned char pflags) int sequence(const unsigned char *payload) { - unsigned char* conv; - u_int seq_len; + unsigned char conv[6] = {0}; + u_int seq_value = -1; + u_int seq_lens; u_int cid_offs; - u_int seq_value; int i; + // Search SEQ bytes length. switch (payload[0] & QUIC_SEQ_MASK) { - case SEQ_LEN_6: seq_len = 6; break; - case SEQ_LEN_4: seq_len = 4; break; - case SEQ_LEN_2: seq_len = 2; break; - case SEQ_LEN_1: seq_len = 1; break; + case SEQ_LEN_6: seq_lens = 6; break; + case SEQ_LEN_4: seq_lens = 4; break; + case SEQ_LEN_2: seq_lens = 2; break; + case SEQ_LEN_1: seq_lens = 1; break; default: return -1; } - - if (seq_len > 0) calloc(seq_len, sizeof(unsigned char)); + // Retrieve SEQ offset. cid_offs = connect_id(payload[0]); - if (cid_offs >= 0) + if (cid_offs >= 0 && seq_lens > 0) { - for (i = cid_offs; i < seq_len; i++) - conv[i] = payload[i]; + for (i = 0; i < seq_lens; i++) + conv[i] = payload[cid_offs + i]; - switch (seq_len) - { - case 6: seq_value = SEQ_CONV_6(conv); break; - case 4: seq_value = SEQ_CONV_4(conv); break; - case 2: seq_value = SEQ_CONV_2(conv); break; - case 1: seq_value = SEQ_CONV_1(conv); break; - default: - return -1; - } - // Return SEQ int value; - return seq_value; + seq_value = SEQ_CONV(conv); } + // Return SEQ dec value; + return seq_value; } void ndpi_search_quic(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) @@ -120,7 +109,7 @@ void ndpi_search_quic(struct ndpi_detection_module_struct *ndpi_struct, struct n NDPI_LOG(NDPI_PROTOCOL_QUIC, ndpi_struct, NDPI_LOG_DEBUG, "calculating quic over udp.\n"); // Settings without version. First check if PUBLIC FLAGS & SEQ bytes are 0x0. SEQ must be 1 at least. - if ((packet->payload[0] == 0x00 && packet->payload[1] != 0x00) || (packet->payload[0] & (QUIC_NO_V_RES_RSV) == 0)) + if ((packet->payload[0] == 0x00 && packet->payload[1] != 0x00) || ((packet->payload[0] & QUIC_NO_V_RES_RSV) == 0)) { if (sequence(packet->payload) < 1) { -- cgit v1.2.3