From c50a8d4808bbe3f41cbe5e681e84a1eb52129cb1 Mon Sep 17 00:00:00 2001
From: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>
Date: Sat, 6 Mar 2021 05:48:36 +0100
Subject: Add support for Snapchat voip calls (#1147)

* Add support for Snapchat voip calls

Snapchat multiplexes some of its audio/video real time traffic with QUIC
sessions. The peculiarity of these sessions is that they are Q046 and
don't have any SNI.

* Fix tests with libgcrypt disabled
---
 tests/do.sh.in                        |   2 +-
 tests/pcap/snapchat_call.pcapng       | Bin 0 -> 14856 bytes
 tests/result/snapchat_call.pcapng.out |   3 +++
 3 files changed, 4 insertions(+), 1 deletion(-)
 create mode 100644 tests/pcap/snapchat_call.pcapng
 create mode 100644 tests/result/snapchat_call.pcapng.out

(limited to 'tests')

diff --git a/tests/do.sh.in b/tests/do.sh.in
index 193698d58..85ef1ff63 100755
--- a/tests/do.sh.in
+++ b/tests/do.sh.in
@@ -5,7 +5,7 @@ cd "$(dirname "${0}")"
 FUZZY_TESTING_ENABLED=@BUILD_FUZZTARGETS@
 
 GCRYPT_ENABLED=@GCRYPT_ENABLED@
-GCRYPT_PCAPS="gquic.pcap quic-23.pcap quic-24.pcap quic-27.pcap quic-28.pcap quic-29.pcap quic-mvfst-22.pcap quic-mvfst-27.pcap quic-mvfst-exp.pcap quic_q50.pcap quic_t50.pcap quic_t51.pcap quic_0RTT.pcap quic_interop_V.pcapng quic-33.pcapng doq.pcapng doq_adguard.pcapng dlt_ppp.pcap os_detected.pcapng"
+GCRYPT_PCAPS="gquic.pcap quic-23.pcap quic-24.pcap quic-27.pcap quic-28.pcap quic-29.pcap quic-mvfst-22.pcap quic-mvfst-27.pcapng quic-mvfst-exp.pcap quic_q50.pcap quic_t50.pcap quic_t51.pcap quic_0RTT.pcap quic_interop_V.pcapng quic-33.pcapng doq.pcapng doq_adguard.pcapng dlt_ppp.pcap os_detected.pcapng"
 READER="../example/ndpiReader -p ../example/protos.txt -c ../example/categories.txt -r ../example/risky_domains.txt -j ../example/ja3_fingerprints.csv -S ../example/sha1_fingerprints.csv"
 
 RC=0
diff --git a/tests/pcap/snapchat_call.pcapng b/tests/pcap/snapchat_call.pcapng
new file mode 100644
index 000000000..cdcac9894
Binary files /dev/null and b/tests/pcap/snapchat_call.pcapng differ
diff --git a/tests/result/snapchat_call.pcapng.out b/tests/result/snapchat_call.pcapng.out
new file mode 100644
index 000000000..ee151591b
--- /dev/null
+++ b/tests/result/snapchat_call.pcapng.out
@@ -0,0 +1,3 @@
+SnapchatCall	50	12772	1
+
+	1	UDP 192.168.12.169:42083 <-> 18.184.138.142:443 [proto: 188.255/QUIC.SnapchatCall][cat: Web/5][25 pkts/5295 bytes <-> 25 pkts/7477 bytes][Goodput ratio: 80/86][8.29 sec][bytes ratio: -0.171 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 288/246 1313/1315 376/342][Pkt Len c2s/s2c min/avg/max/stddev: 65/62 212/299 1392/1392 365/419][Risk: ** SNI TLS extension was missing **][PLAIN TEXT (AESGCC20)][Plen Bins: 28,44,0,2,2,0,0,2,4,4,0,0,2,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0]
-- 
cgit v1.2.3