Initial commitv1.0.1

1 files changed, 346 insertions, 0 deletions

diff --git a/src/quic_process.h b/src/quic_process.h
new file mode 100644
index 0000000..4bb66c8
--- /dev/null
+++ b/src/quic_process.h
@@ -0,0 +1,346 @@
+#pragma once
+
+#include <stddef.h>
+#include <stdbool.h>
+
+#include "quic_decoder.h"
+#include "quic_entry.h"
+
+#define QUIC_LONG_HEADER_MASK	0x80
+
+#define	GQUIC_VERSION_44to48_CID_MASK	0x0F
+#define	GQUIC_VERSION_44to48_PKN_LEN_MASK	0x03
+#define	GQUIC_VERSION_0to43_PKN_LEN_MASK	0x30                
+
+#define GQUIC_PUBLIC_FLAG_VERSION	0x01
+#define GQUIC_PUBLIC_FLAG_RST		0x02
+#define GQUIC_PUBLIC_FLAG_NONCE		0x04
+#define	GQUIC_PUBLIC_FLAG_CID		0x08
+#define	GQUIC_PUBLIC_FLAG_PKT_NUM	0x30
+
+//GQIIC  Frame type                                     
+#define GQUIC_SPECIAL_FRAME_FLAG		0xE0 // Special Frame Types 
+#define GQUIC_SPECIAL_FRAME_STREAM		0x80
+#define GQUIC_SPECIAL_FRAME_ACK			0x40
+#define GQUIC_SPECIAL_FRAME_CONGEST_FB	0x20
+
+#define GQUIC_SPECIAL_FRAME_STREAM_FIN		0x40 // FIN
+#define GQUIC_SPECIAL_FRAME_STREAM_DLEN 	0x20 //stream length
+#define GQUIC_SPECIAL_FRAME_STREAM_OFFSET 	0x1C //offset header field
+#define GQUIC_SPECIAL_FRAME_STREAM_ID	 	0x03 //offset header field
+
+#define GQUIC_REGULAR_FRAME_PADDING				0x00
+#define GQUIC_REGULAR_FRAME_RST_STREAM			0x01
+#define GQUIC_REGULAR_FRAME_CONNECTION_CLOSE	0x02
+#define GQUIC_REGULAR_FRAME_GOAWAY				0x03
+#define GQUIC_REGULAR_FRAME_WINDOW_UPDATE		0x04
+#define GQUIC_REGULAR_FRAME_BLOCKED				0x05
+#define GQUIC_REGULAR_FRAME_STOP_WAITING		0x06
+#define GQUIC_REGULAR_FRAME_PING				0x07
+
+// https://www.rfc-editor.org/rfc/rfc9000.html#name-frames-and-frame-types 
+#define	IQUIC_FRAME_PADDING	0x00
+#define	IQUIC_FRAME_PING	0x01
+#define IQUIC_FRAME_ACK		0x02
+#define IQUIC_FRAME_RST_STREAM	0x03
+#define IQUIC_FRAME_STOP_WAITING	0x04
+#define IQUIC_FRAME_CRYPTO	0x06
+#define IQUIC_FRAME_NEW_TOKEN	0x07
+#define IQUIC_FRAME_STREAM	0x08
+#define IQUIC_FRAME_MAX_DATA	0x10
+#define IQUIC_FRAME_MAX_STREAM_DATA	0x11
+#define IQUIC_FRAME_MAX_STREAMS	0x12
+#define IQUIC_FRAME_DATA_BLOCKED	0x13
+#define IQUIC_FRAME_STREAM_DATA_BLOCKED	0x14
+#define IQUIC_FRAME_STREAMS_BLOCKED	0x15
+#define IQUIC_FRAME_NEW_CONNECTION_ID	0x18
+#define IQUIC_FRAME_RETIRE_CONNECTION_ID	0x19
+#define IQUIC_FRAME_PATH_CHALLENGE	0x1A
+#define IQUIC_FRAME_PATH_RESPONSE	0x1B
+#define IQUIC_FRAME_CONNECTION_CLOSE	0x1C
+#define IQUIC_FRAME_APPLICATION_CLOSE	0x1D
+#define IQUIC_FRAME_HANDSHAKE_DONE	0x1E
+
+#define QUIC_HANDSHAKE_TYPE_CLIENTHELLO	0x01
+
+//https://datatracker.ietf.org/doc/html/draft-ietf-quic-transport-27#section-12.4
+//IQIIC  Frame type (GQUIC_Q046 is iQUIC 17)
+
+
+/**************************************************************************/
+/*                      Message tag                                       */
+/**************************************************************************/
+#define CHLO 0x43484C4F
+#define SHLO 0x53484C4F
+#define REJ  0x52454A00
+#define PRST 0x50525354
+
+
+/**************************************************************************/
+/*                      Tag                                               */
+/**************************************************************************/
+#define TAG_SNI  0x534E4900
+#define TAG_VER  0x56455200
+#define TAG_UAID 0x55414944
+
+
+#define	EXTENSION_SERVER_NAME	0x0000
+#define	EXTENSION_SUPPORT_GROUP	0x000A
+#define	EXTENSION_APP_PROT_NEGO	0x0010	//application layer protocol negotiation
+#define	EXTENSION_SIG_ALGORITHM	0x000D
+#define	EXTENSION_KEY_SHARE		0x0033
+#define	EXTENSION_PSK_EXCHANGE	0x002D
+#define	EXTENSION_SUPP_SSL_VER	0x002B
+#define	EXTENSION_QUIC_PARAM_TLS_33	0x0039  /* draft-ietf-quic-tls-33 */
+#define	EXTENSION_QUIC_PARAM_TLS_13	0xFFA5  /* 0xffa5 draft-ietf-quic-tls-13 */
+#define	EXTENSION_COMPRESS_CERT	0x001B
+#define	EXTENTION_UNKNOWN		0x4469
+
+//  https://www.iana.org/assignments/quic/quic.xhtml
+#define	EXT_QUIC_PARAM_ORIGINAL_DST_CONN_ID		0x00
+#define	EXT_QUIC_PARAM_MAX_IDLE_TIMEOUT			0x01
+#define	EXT_QUIC_PARAM_STATELESS_RST_TOKEN		0x02
+#define	EXT_QUIC_PARAM_MAX_UDP_PAYLOAD			0x03
+#define	EXT_QUIC_PARAM_MAX_INIT_DATA			0x04
+#define	EXT_QUIC_PARAM_MAX_STREAM_BIDI_LOCAL	0x05
+#define	EXT_QUIC_PARAM_MAX_STREAM_BIDI_REMOTE	0x06
+#define	EXT_QUIC_PARAM_MAX_STREAM_UNI			0x07
+#define	EXT_QUIC_PARAM_MAX_STREAMS_BIDI			0x08
+#define	EXT_QUIC_PARAM_MAX_STREAMS_UNI			0x09
+#define	EXT_QUIC_PARAM_ACK_DELAY_EXPONENT		0x0A
+#define	EXT_QUIC_PARAM_MAX_ACK_DELAY			0x0B
+#define	EXT_QUIC_PARAM_DISABLE_ACTIVE_MIGRATION	0x0C
+#define	EXT_QUIC_PARAM_PREFERRED_ADDRESS		0x0D
+#define	EXT_QUIC_PARAM_ACTIVE_CONN_ID_LINIT		0x0E
+#define	EXT_QUIC_PARAM_INIT_SRC_CONN_ID			0x0F
+#define	EXT_QUIC_PARAM_RETRY_SRC_CONN_ID		0x10
+#define	EXT_QUIC_PARAM_MAX_DATAGRAM_FRAME_SIZE	0x20
+#define	EXT_QUIC_PARAM_INIT_RTT					0x3127
+#define	EXT_QUIC_PARAM_GOOGLE_CONN_OPTIONS		0x3128
+#define	EXT_QUIC_PARAM_USER_AGENT				0x3129 // 2021-10-20 deprecated
+#define	EXT_QUIC_PARAM_QUIC_VERSION				0x4752
+
+//https://github.com/quicwg/base-drafts/wiki/QUIC-Versions
+/*
+  https://www.chromium.org/quic/quic-faq/ 
+  In June of 2021, Chromium defaults to supporting IETF QUIC draft29 and gQUIC Q050.
+*/
+enum QUIC_VERSION_T
+{
+	QUIC_VERSION_UNKNOWN=0,
+	//NetApp
+	QUANT_VERSION_00=0x45474700,
+	QUANT_VERSION_FF=0x454747FF,
+
+	//Private Octopus
+	PICOQUIC_VERSION_30=0x50435130,
+	
+	//google
+	GQUIC_VERSION_Q001=0x51303031,
+	GQUIC_VERSION_Q002=0x51303032,
+	GQUIC_VERSION_Q003=0x51303033,
+	GQUIC_VERSION_Q004=0x51303034,
+	GQUIC_VERSION_Q005=0x51303035,
+	GQUIC_VERSION_Q006=0x51303036,
+	GQUIC_VERSION_Q007=0x51303037,
+	GQUIC_VERSION_Q008=0x51303038,
+	GQUIC_VERSION_Q009=0x51303039,
+	
+	GQUIC_VERSION_Q010=0x51303130,
+	GQUIC_VERSION_Q011=0x51303131,
+	GQUIC_VERSION_Q012=0x51303132,
+	GQUIC_VERSION_Q013=0x51303133,
+	GQUIC_VERSION_Q014=0x51303134,
+	GQUIC_VERSION_Q015=0x51303135,
+	GQUIC_VERSION_Q016=0x51303136,
+	GQUIC_VERSION_Q017=0x51303137,
+	GQUIC_VERSION_Q018=0x51303138,
+	GQUIC_VERSION_Q019=0x51303139,
+	
+	GQUIC_VERSION_Q020=0x51303230,
+	GQUIC_VERSION_Q021=0x51303231,
+	GQUIC_VERSION_Q022=0x51303232,
+	GQUIC_VERSION_Q023=0x51303233,
+	GQUIC_VERSION_Q024=0x51303234,
+	GQUIC_VERSION_Q025=0x51303235,
+	GQUIC_VERSION_Q026=0x51303236,
+	GQUIC_VERSION_Q027=0x51303237,
+	GQUIC_VERSION_Q028=0x51303238,
+	GQUIC_VERSION_Q029=0x51303239,
+	
+	GQUIC_VERSION_Q030=0x51303330,
+	GQUIC_VERSION_Q031=0x51303331,
+	GQUIC_VERSION_Q032=0x51303332,
+	GQUIC_VERSION_Q033=0x51303333,
+	GQUIC_VERSION_Q034=0x51303334,
+	GQUIC_VERSION_Q035=0x51303335,
+	GQUIC_VERSION_Q036=0x51303336,
+	GQUIC_VERSION_Q037=0x51303337,
+	GQUIC_VERSION_Q038=0x51303338,
+	GQUIC_VERSION_Q039=0x51303339,
+
+	GQUIC_VERSION_Q040=0x51303430,
+	GQUIC_VERSION_Q041=0x51303431,
+	GQUIC_VERSION_Q042=0x51303432,
+	GQUIC_VERSION_Q043=0x51303433,
+	GQUIC_VERSION_Q044=0x51303434,
+	GQUIC_VERSION_Q045=0x51303435,
+	GQUIC_VERSION_Q046=0x51303436,
+	GQUIC_VERSION_Q047=0x51303437,
+	GQUIC_VERSION_Q048=0x51303438, 
+	GQUIC_VERSION_Q049=0x51303439,
+
+    GQUIC_VERSION_Q050=0x51303530,
+    GQUIC_VERSION_Q051=0x51303531,
+    GQUIC_VERSION_Q052=0x51303532,
+    GQUIC_VERSION_Q053=0x51303533,
+    GQUIC_VERSION_Q054=0x51303534,
+    GQUIC_VERSION_Q055=0x51303535,
+    GQUIC_VERSION_Q056=0x51303536,
+    GQUIC_VERSION_Q057=0x51303537,
+    GQUIC_VERSION_Q058=0x51303538,
+    GQUIC_VERSION_Q059=0x51303539,
+    
+    GQUIC_VERSION_Q099=0x51303939,
+
+	//Google QUIC with TLS 48 - 49 (T048 - T049)
+	GQUIC_VERSION_T048=0x54303438,
+	GQUIC_VERSION_T049=0x54303439,
+	
+	//Google QUIC with TLS 50 - 59 (T050 - T059)
+	GQUIC_VERSION_T050=0x54303530,
+	GQUIC_VERSION_T051=0x54303531,
+	GQUIC_VERSION_T052=0x54303532,
+	GQUIC_VERSION_T053=0x54303533,
+	GQUIC_VERSION_T054=0x54303534,
+	GQUIC_VERSION_T055=0x54303535,
+	GQUIC_VERSION_T056=0x54303536,
+	GQUIC_VERSION_T057=0x54303537,
+	GQUIC_VERSION_T058=0x54303538,
+	GQUIC_VERSION_T059=0x54303539,
+
+	//Google QUIC with TLS 99 (T099)
+	GQUIC_VERSION_T099=0x54303939,
+	
+	//Google Proxied QUIC
+	PQUIC_VERSION_PROX=0x50524f58,
+
+	//quic-go
+	QUIC_GO_VERSION_00=0x51474F00,
+	QUIC_GO_VERSION_FF=0x51474FFF,
+
+	//quicly
+	QUICLY_VERSION_00=0x91c17000,
+	QUICLY_VERSION_FF=0x91c170FF,
+	
+	//Microsoft
+	MSQUIC_VERSION_00=0xabcd0000,
+	MSQUIC_VERSION_0F=0xabcd000F,
+
+	//Mozilla
+	MOZQUIC_VERSION_00=0xf123f0c0,
+	MOZQUIC_VERSION_0F=0xf123f0cF,
+
+	//Facebook
+	MVFST_VERSION_00=0xfaceb000,
+	MVFST_VERSION_01=0xfaceb001,
+	MVFST_VERSION_02=0xfaceb002,
+	MVFST_VERSION_03=0xfaceb003,
+	MVFST_VERSION_04=0xfaceb004,
+	MVFST_VERSION_05=0xfaceb005,
+	MVFST_VERSION_06=0xfaceb006,
+	MVFST_VERSION_07=0xfaceb007,
+	MVFST_VERSION_08=0xfaceb008,
+	MVFST_VERSION_09=0xfaceb009,
+	MVFST_VERSION_0A=0xfaceb00A,
+	MVFST_VERSION_0B=0xfaceb00B,
+	MVFST_VERSION_0C=0xfaceb00C,
+	MVFST_VERSION_0D=0xfaceb00D,
+	MVFST_VERSION_0E=0xfaceb00E,
+	MVFST_VERSION_0F=0xfaceb00F,
+	
+	//IETF
+	IQUIC_VERSION_RFC9000=0x00000001,
+	IQUIC_VERSION_I001=0xFF000001,
+	IQUIC_VERSION_I002=0xFF000002,
+	IQUIC_VERSION_I003=0xFF000003,
+	IQUIC_VERSION_I004=0xFF000004,
+	IQUIC_VERSION_I005=0xFF000005,
+	IQUIC_VERSION_I006=0xFF000006,
+	IQUIC_VERSION_I007=0xFF000007,
+	IQUIC_VERSION_I008=0xFF000008,
+	IQUIC_VERSION_I009=0xFF000009,
+	IQUIC_VERSION_I010=0xFF00000A,
+	IQUIC_VERSION_I011=0xFF00000B,
+	IQUIC_VERSION_I012=0xFF00000C,
+	IQUIC_VERSION_I013=0xFF00000D,
+	IQUIC_VERSION_I014=0xFF00000E,
+	IQUIC_VERSION_I015=0xFF00000F,
+	IQUIC_VERSION_I016=0xFF000010,
+	IQUIC_VERSION_I017=0xFF000011,
+	IQUIC_VERSION_I018=0xFF000012,
+	IQUIC_VERSION_I019=0xFF000013,
+	IQUIC_VERSION_I020=0xFF000014,
+	IQUIC_VERSION_I021=0xFF000015,
+	IQUIC_VERSION_I022=0xFF000016,
+	IQUIC_VERSION_I023=0xFF000017,
+	IQUIC_VERSION_I024=0xFF000018,
+	IQUIC_VERSION_I025=0xFF000019,
+	IQUIC_VERSION_I026=0xFF00001A,
+	IQUIC_VERSION_I027=0xFF00001B,
+	IQUIC_VERSION_I028=0xFF00001C,
+	IQUIC_VERSION_I029=0xFF00001D,
+	IQUIC_VERSION_I030=0xFF00001E,
+	IQUIC_VERSION_I031=0xFF00001F,
+	IQUIC_VERSION_I032=0xFF000020
+};
+
+struct quic_info
+{
+	unsigned int quic_version;
+	char quic_version_str[QUIC_VERSION_STRING_MAX_SIZE];
+	qstring sni;
+	qstring user_agent;
+	qstring payload;
+};
+
+#define MAX_CLIENT_HELLO_CHUNK_SIZE (4096)
+struct quic_buffer{
+	int is_completed;
+	unsigned char *buffer;
+	size_t max_size;
+	size_t datalen;
+};
+
+struct quic_context
+{
+	unsigned int parse_payload_size;
+	struct quic_info quic_info;
+	struct quic_buffer quic_buf;  //for client hello fragment
+};
+
+#define QUIC_MSG_HDR_MAGIC  0x51554943 // ASCII: "QUIC"
+struct quic_message
+{
+	unsigned int magic;
+	enum quic_message_type type;
+	struct quic_context *qctx;
+};
+
+enum PARSE_RESULT
+{
+	PARSE_RESULT_UNKNOWN,
+	PARSE_RESULT_VERSION,
+	PARSE_RESULT_CLIENT_HELLO,
+	PARSE_RESULT_PAYLOAD,
+	PARSE_RESULT_MAX
+};
+
+enum PARSE_RESULT parse_quic_all_version(const struct quic_param *g_quic_plugin_env, struct quic_info *quic_info, const char *payload, int payload_len, int thread_seq);
+void quic_analyze_entry(struct session *sess, const struct quic_param *g_quic_plug_env, struct quic_context* context, int thread_seq, const char *payload, size_t payload_len);
+// unsigned char quic_call_business_plug(const struct streaminfo *pstream, struct quic_context *context, void *buff, int buff_len, enum quic_interested_region region_mask, const void *a_packet);
+int quic_protocol_identify(struct session *sess, struct quic_param *g_quic_plug_env);
+struct quic_message *quic_create_message(enum quic_message_type mtype, struct quic_context *context);
+void quic_session_mq_publish_message_safe(struct session *sess, int topic_id, void *msg);
+enum QUIC_VERSION_T is_quic_protocol(const char *payload, int payload_len, int *payload_offset);
+int quic_version_int2string(unsigned int version, char *buff, int buff_len);
\ No newline at end of file