TSG-7627: 解析加密GQUIC048 SNI导致watchdog timeout

5 files changed, 44 insertions, 3 deletions

diff --git a/src/gquic_process.cpp b/src/gquic_process.cpp
index e84e7eb..2f3ce62 100644
--- a/src/gquic_process.cpp
+++ b/src/gquic_process.cpp
@@ -13,7 +13,7 @@
 
 #include "gquic_process.h"
 #include "quic_analysis.h"
-#include "parser-quic.h"
+#include "parser_quic.h"
 
 int is_iquic(enum _QUIC_VERSION quic_version)
 {
@@ -60,6 +60,32 @@ int is_iquic(enum _QUIC_VERSION quic_version)
 	return FALSE;
 }
 
+int is_quic_port(struct streaminfo *pstream)
+{
+	switch(pstream->addr.addrtype)
+	{
+		case	ADDR_TYPE_IPV4:
+		case	__ADDR_TYPE_IP_PAIR_V4:
+			if(ntohs(pstream->addr.ipv4->source)!=443 && ntohs(pstream->addr.ipv4->dest)!=443)
+			{
+				return 0;
+			}
+			break;
+		case	ADDR_TYPE_IPV6:
+		case	__ADDR_TYPE_IP_PAIR_V6:
+			if(ntohs(pstream->addr.ipv6->source)!=443 && ntohs(pstream->addr.ipv6->dest)!=443)
+			{
+				return 0;
+			}
+			break;
+		default:
+			return 0;
+			break;
+	}
+
+	return 1;
+}
+
 static int get_value(unsigned char *payload, int *offset, int len)
 {
 	switch(len)
@@ -1108,7 +1134,7 @@ int quic_process(struct streaminfo *pstream, struct _quic_context* _context, int
 				break;
 			default:
 				if(	((is_gquic>=MVFST_VERSION_00 && is_gquic<=MVFST_VERSION_0F)		||
-						(is_gquic>=GQUIC_VERSION_Q047 && is_gquic<=GQUIC_VERSION_Q059)	||
+						(is_gquic>=GQUIC_VERSION_Q049 && is_gquic<=GQUIC_VERSION_Q059)	||
 						(is_gquic>=GQUIC_VERSION_T050 && is_gquic<=GQUIC_VERSION_T059)	||
 						(is_gquic>=GQUIC_VERSION_T050 && is_gquic<=GQUIC_VERSION_T059)	||
 						(is_gquic>=IQUIC_VERSION_I022 && is_gquic<=IQUIC_VERSION_I029)	||
@@ -1166,6 +1192,11 @@ int quic_protocol_identify(struct streaminfo *a_stream, void *a_packet, char *ou
 	void *pme=NULL;
 	char *sni=NULL;
 	struct _quic_context *_context=NULL;
+
+	if(!is_quic_port(a_stream))
+	{
+		return len;
+	}
 	
 	quic_init_stream(&pme, a_stream->threadnum);
 	_context=(struct _quic_context *)pme;
diff --git a/src/parser-quic.cpp b/src/parser_quic.cpp
index 421e06e..de3b968 100644
--- a/src/parser-quic.cpp
+++ b/src/parser_quic.cpp
@@ -10,7 +10,7 @@
 #include <stdlib.h>
 #include <string.h>
 
-#include "parser-quic.h"
+#include "parser_quic.h"
 #include "wsgcrypt.h"
 #include "utils.h"
 #include "pint.h"
diff --git a/src/parser-quic.h b/src/parser_quic.h
index a295bb5..a295bb5 100644
--- a/src/parser-quic.h
+++ b/src/parser_quic.h
diff --git a/src/quic_analysis.cpp b/src/quic_analysis.cpp
index 9c71ac4..23dff35 100644
--- a/src/quic_analysis.cpp
+++ b/src/quic_analysis.cpp
@@ -7,6 +7,8 @@
 #include "gquic.h"
 #include "quic_analysis.h"
 #include "gquic_process.h"
+#include "parser_quic.h"
+
 #include <stdio.h>
 #include <MESA/stream_inc/stream_base.h>
 #include <MESA/MESA_handle_logger.h>
@@ -156,6 +158,8 @@ extern "C" int QUIC_INIT(void)
 		 return -1;
 	}
 
+	gcry_init();
+
 	return 0;
 }/*QUICINIT*/
 
@@ -242,6 +246,11 @@ extern "C" char QUIC_ENTRY(struct streaminfo *pstream, void**pme, int thread_seq
 		return APP_STATE_DROPME;
 	}
 
+	if(!is_quic_port(pstream))
+	{
+		return APP_STATE_DROPME;
+	}
+
 	if(*pme==NULL)
 	{
 		quic_init_stream(pme, thread_seq);
diff --git a/src/quic_analysis.h b/src/quic_analysis.h
index 71c8c67..e8866b7 100644
--- a/src/quic_analysis.h
+++ b/src/quic_analysis.h
@@ -41,6 +41,7 @@ enum quic_mes_type{
 
 extern struct _quic_param_t g_quic_param;
 
+int is_quic_port(struct streaminfo *pstream);
 void quic_release_exts(int thread_seq, quic_tlv_t *ext_tags, int ext_tag_num);
 
 #endif /* SRC_QUIC_ANALYSIS_H_ */