summaryrefslogtreecommitdiff
path: root/src/quic_process.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/quic_process.cpp')
-rw-r--r--src/quic_process.cpp124
1 files changed, 114 insertions, 10 deletions
diff --git a/src/quic_process.cpp b/src/quic_process.cpp
index 3cd0352..b17b750 100644
--- a/src/quic_process.cpp
+++ b/src/quic_process.cpp
@@ -520,7 +520,7 @@ int parse_tls_client_hello(struct quic_client_hello **client_hello, const char *
int parse_quic_decrypted_payload(struct quic_info *quic_info, const char * payload, int payload_len, int thread_seq)
{
- char join_payload[2048]={0};
+ char join_payload[MAX_CLIENT_HELLO_CHUNK_SIZE]={};
int join_payload_len=sizeof(join_payload);
unsigned int quic_version=quic_info->quic_version;
@@ -767,9 +767,109 @@ enum QUIC_VERSION is_quic_protocol(const char *payload, int payload_len, int *pa
return quic_version;
}
-unsigned char parse_quic_all_version(struct quic_info *quic_info, const char *payload, int payload_len, int thread_seq)
+static void quic_chlo_chunk_assemble(struct quic_buffer *qbuf, unsigned char *new_payload, int new_len, int thread_seq)
{
- int ret=0, payload_offset=0;
+ if(NULL == new_payload || new_len <= 0){
+ return;
+ }
+ if(NULL == qbuf->buffer){
+ qbuf->buffer = (unsigned char *)dictator_malloc(thread_seq, MAX_CLIENT_HELLO_CHUNK_SIZE);
+ qbuf->max_size = MAX_CLIENT_HELLO_CHUNK_SIZE;
+ }
+ int max_copy_len = MIN((int)(qbuf->max_size - qbuf->datalen), new_len);
+ memcpy(qbuf->buffer + qbuf->datalen, new_payload, max_copy_len);
+ qbuf->datalen += max_copy_len;
+}
+
+static int get_chlo_total_length(const unsigned char *payload, int payload_len)
+{
+ const struct quic_client_hello_msg_hdr *chlo_hdr=(const struct quic_client_hello_msg_hdr *)payload;
+ int chlo_len=0;
+ uint8_t *p = (uint8_t *)&chlo_len;
+ p[2] = chlo_hdr->client_hello_len[0];
+ p[1] = chlo_hdr->client_hello_len[1];
+ p[0] = chlo_hdr->client_hello_len[2];
+ return chlo_len;
+}
+/*
+ 1: is chlo, and complete!
+ 0: is chlo, but fragment;
+ -1: not support
+*/
+static int quic_chlo_is_complete(enum QUIC_VERSION quic_version, const unsigned char *payload, int payload_len)
+{
+ if(!( (quic_version>=MVFST_VERSION_00 && quic_version<=MVFST_VERSION_0F) ||
+ (quic_version>=GQUIC_VERSION_T050 && quic_version<=GQUIC_VERSION_T059) ||
+ (quic_version>=IQUIC_VERSION_I022 && quic_version<=IQUIC_VERSION_I029) ||
+ (quic_version==IQUIC_VERSION_RFC9000)))
+ {
+ return -1;
+ }
+
+ if((payload[0] != 0x06) && (payload[0] != 0x08))
+ {
+ return -1;
+ }
+ int payload_offset = 0;
+ long frame_offset, frame_length;
+ payload_offset = 1; //skip frame type
+ payload_offset+=msb2_varint_decode(payload+payload_offset, &frame_offset);
+ payload_offset+=msb2_varint_decode(payload+payload_offset, &frame_length);
+
+ if(payload[payload_offset] != QUIC_HANDSHAKE_TYPE_CLIENTHELLO)
+ {
+ return -1;
+ }
+ int expect_len = get_chlo_total_length(payload + payload_offset, payload_len-payload_offset);
+ if(payload_len-payload_offset >= expect_len){
+ return 1;
+ }
+ return 0;
+}
+
+static enum PARSE_RESULT quic_decrypting_payload(struct quic_context *qcontext, unsigned char *udp_payload, int udp_payload_len, int thread_seq)
+{
+ struct quic_buffer *qbuf = &qcontext->quic_buf;
+ unsigned char *quic_decrypted_payload;
+ int ret, quic_decrypted_payload_len;
+ quic_dpt_t *dpt = quic_deprotection_new();
+ enum PARSE_RESULT parse_result = PARSE_RESULT_UNKNOWN;
+
+ if(quic_deprotection(dpt, (const u_char *)udp_payload, udp_payload_len) < 0){
+ goto err_exit;
+ }
+
+ if(qbuf->datalen > 0){ //some fragment exist
+ quic_chlo_chunk_assemble(qbuf, dpt->payload.data, dpt->payload.len, thread_seq);
+ quic_decrypted_payload = qbuf->buffer;
+ quic_decrypted_payload_len = qbuf->datalen;
+ }else{
+ quic_decrypted_payload = dpt->payload.data;
+ quic_decrypted_payload_len = dpt->payload.len;
+ }
+
+ ret = quic_chlo_is_complete((enum QUIC_VERSION)qcontext->quic_info.quic_version, quic_decrypted_payload, quic_decrypted_payload_len);
+ if(0 == ret){
+ if(NULL == qbuf->buffer || 0 == qbuf->datalen){
+ quic_chlo_chunk_assemble(qbuf, dpt->payload.data, dpt->payload.len, thread_seq);
+ }
+ parse_result = PARSE_RESULT_VERSION;
+ goto fun_exit;
+ }
+ parse_result = (enum PARSE_RESULT)parse_quic_decrypted_payload(&qcontext->quic_info, (char *)quic_decrypted_payload, quic_decrypted_payload_len, thread_seq);
+
+fun_exit:
+ quic_deprotection_free(dpt);
+ return parse_result;
+
+err_exit:
+ quic_deprotection_free(dpt);
+ return PARSE_RESULT_VERSION;
+}
+
+unsigned char parse_quic_all_version(struct quic_context *qcontext, const char *payload, int payload_len, int thread_seq)
+{
+ int payload_offset=0;
enum QUIC_VERSION quic_version=QUIC_VERSION_UNKNOWN;
if(payload==NULL || payload_len<=0)
@@ -783,13 +883,13 @@ unsigned char parse_quic_all_version(struct quic_info *quic_info, const char *pa
return PARSE_RESULT_UNKNOWN;
}
- quic_info->quic_version=quic_version;
+ qcontext->quic_info.quic_version=quic_version;
if(quic_version>=GQUIC_VERSION_Q001 && quic_version<=GQUIC_VERSION_Q048)
{
if(payload_len > payload_offset)
{
- return parse_quic_uncryption_payload(quic_info, payload+payload_offset, payload_len-payload_offset, thread_seq);
+ return parse_quic_uncryption_payload(&qcontext->quic_info, payload+payload_offset, payload_len-payload_offset, thread_seq);
}
return PARSE_RESULT_VERSION;
}
@@ -802,6 +902,7 @@ unsigned char parse_quic_all_version(struct quic_info *quic_info, const char *pa
&& g_quic_param.decrypted_switch>0
)
{
+#if 0
quic_dpt_t *dpt = quic_deprotection_new();
if (quic_deprotection(dpt, (const u_char *)payload, payload_len) != 0)
{
@@ -816,6 +917,9 @@ unsigned char parse_quic_all_version(struct quic_info *quic_info, const char *pa
return ret;
}
quic_deprotection_free(dpt);
+#else
+ return quic_decrypting_payload(qcontext, (unsigned char *)payload, payload_len, thread_seq);
+#endif
}
else
{
@@ -844,7 +948,7 @@ unsigned char quic_analyze_entry(const struct streaminfo *pstream, struct quic_c
parse_result=PARSE_RESULT_PAYLOAD;
break;
case PARSE_RESULT_VERSION:
- parse_result=parse_quic_all_version(&(context->quic_info), (const char *)udp_detail->pdata, udp_detail->datalen, thread_seq);
+ parse_result=parse_quic_all_version(context, (const char *)udp_detail->pdata, udp_detail->datalen, thread_seq);
if(parse_result==PARSE_RESULT_VERSION || parse_result==PARSE_RESULT_UNKNOWN)
{
parse_result=PARSE_RESULT_PAYLOAD;
@@ -872,7 +976,7 @@ unsigned char quic_analyze_entry(const struct streaminfo *pstream, struct quic_c
parse_result=PARSE_RESULT_PAYLOAD;
break;
}
- parse_result=parse_quic_all_version(&(context->quic_info), (const char *)udp_detail->pdata, udp_detail->datalen, thread_seq);
+ parse_result=parse_quic_all_version(context, (const char *)udp_detail->pdata, udp_detail->datalen, thread_seq);
break;
}
@@ -904,15 +1008,15 @@ struct quic_info *quic_protocol_identify(const struct streaminfo *a_stream)
return NULL;
}
- struct quic_info tmp_quic_info={0, NULL};
+ struct quic_context tmp_qcontext = {};
unsigned char parse_result=APP_STATE_GIVEME;
- parse_result=parse_quic_all_version(&tmp_quic_info, (const char *)a_stream->pudpdetail->pdata, a_stream->pudpdetail->datalen, a_stream->threadnum);
+ parse_result=parse_quic_all_version(&tmp_qcontext, (const char *)a_stream->pudpdetail->pdata, a_stream->pudpdetail->datalen, a_stream->threadnum);
if(parse_result!=PARSE_RESULT_UNKNOWN)
{
struct quic_context *context=(struct quic_context *)dictator_malloc(a_stream->threadnum, sizeof(struct quic_context));
memset(context, 0, sizeof(struct quic_context));
- context->quic_info=tmp_quic_info;
+ context->quic_info=tmp_qcontext.quic_info;
context->parse_first_pkt=1;
context->pre_parse_state=PARSE_RESULT_UNKNOWN;
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-31 00:46:44 +0000