gfwleak/mesa-platform-quic
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TSG-8364: 重构代码,只解QUIC链接的第一个数据包

Browse Source
This commit is contained in:
liuxueli
2021-11-10 11:55:22 +03:00
parent fa5af89690
commit 11c3aa538a
23 changed files with 1145 additions and 2264 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
CMakeLists.txt
View File

@@ -30,7 +30,7 @@ endif()
set(CMAKE_INSTALL_PREFIX /home/mesasoft/sapp_run) set(CMAKE_INSTALL_PREFIX /home/mesasoft/sapp_run)
include_directories(inc) include_directories(include)
include_directories(/opt/MESA/include/MESA/) include_directories(/opt/MESA/include/MESA/)
include_directories(/usr/include/glib-2.0/) include_directories(/usr/include/glib-2.0/)
#include_directories(/usr/include/glib-2.0/include/) #include_directories(/usr/include/glib-2.0/include/)

10
README.md
View File

@@ -1,9 +1,3 @@
# gquic quic
https://www.chromium.org/quic
gquic protocol parse plugin
Chromium currently support two kinds of QUIC versions, GoogleQUIC and IETF QUIC.
https://quiche.googlesource.com/quiche/+/refs/heads/master/quic/core/quic_versions.h https://quiche.googlesource.com/quiche/+/refs/heads/master/quic/core/quic_versions.h

275
demo/demo.cpp
View File

@@ -1,275 +0,0 @@
#include <stdio.h>
#include <string.h>
#include <assert.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <dirent.h>
#include <pwd.h>
#include <grp.h>
#include <time.h>
#include <locale.h>
#include <langinfo.h>
#include <stdio.h>
#include <stdint.h>
#include <assert.h>
#include <stdlib.h>
#include <arpa/inet.h>
#include "gquic_process.h"
#include "quic_analysis.h"
#include "parser_quic.h"
static int check_length(int last_len, int field_len)
{
return ((last_len-field_len>0) ? 1 : 0);
}
int get_quic_tlv(char *start_pos, quic_tlv_t *tlv, int len, int type, int thread_seq)
{
if(tlv->value==NULL && len>0)
{
tlv->value=(char *)calloc(1, len+1);
memset(tlv->value, 0, len+1);
tlv->length=len;
tlv->type=type;
memcpy(tlv->value, start_pos, tlv->length);
}
return 0;
}
static int get_value(unsigned char *payload, int *offset, int len)
{
switch(len)
{
case 1:
return (int)(payload[(*offset)++]);
break;
case 2:
(*offset)+=len;
return (int)ntohs(*(unsigned short *)(payload+*offset-len));
break;
case 3:
(*offset)+=len;
return ((int)*(payload-2+*offset)<<16|
(int)*(payload-1+*offset)<<8|
(int)*(payload+*offset)<<0);
break;
case 4:
(*offset)+=len;
return (int)ntohl(*(unsigned int *)(payload+*offset-len));
break;
case 32:
(*offset)+=len;
return 0;
break;
default:
break;
}
return 0;
}
int parse_encrypt_parameter(struct _quic_stream *quic_stream, unsigned char *payload, int payload_len, int thread_seq)
{
int used_len=0,length=0;
while(payload_len>used_len)
{
if(payload[used_len]> 0x00 && payload[used_len]<=0x20)
{
get_value(payload, &used_len, 1); //type=1
length=get_value(payload, &used_len, 1); // length=1
used_len+=length;
continue;
}
if((*(unsigned short *)(payload+used_len)) == htons(EXT_QUIC_PARAM_USER_AGENT))
{
quic_stream->ua_idx=quic_stream->ext_tag_num++;
get_value(payload, &used_len, 2); //type=2
length=get_value(payload, &used_len, 1); // length=1
get_quic_tlv((char *)payload+used_len, &(quic_stream->ext_tags[quic_stream->ua_idx]), length, EXT_QUIC_PARAM_USER_AGENT, thread_seq);
used_len+=length;
continue;
}
if(*(unsigned int *)(payload+used_len) == htonl(EXT_QUIC_PARAM_QUIC_VERSION))
{
quic_stream->ver_idx=quic_stream->ext_tag_num++;
get_value(payload, &used_len, 4); //type=4
length=get_value(payload, &used_len, 1); // length=1
get_quic_tlv((char *)payload+used_len, &(quic_stream->ext_tags[quic_stream->ver_idx]), length, EXT_QUIC_PARAM_QUIC_VERSION, thread_seq);
*(unsigned int *)quic_stream->ext_tags[quic_stream->ver_idx].value=(unsigned int)htonl(*(unsigned int *)quic_stream->ext_tags[quic_stream->ver_idx].value);
used_len+=length;
continue;
}
if((*(unsigned int *)(payload+used_len))== htonl(EXT_QUIC_PARAM_GREASE_HIGH4) && (*(unsigned int *)(payload+used_len+4))== htonl(EXT_QUIC_PARAM_GREASE_LOW4))
{
used_len+=8; //type=8
length=get_value(payload, &used_len, 1); // length=1
used_len+=length;
continue;
}
break;
}
return 0;
}
int parse_encrypt_server_name(struct _quic_stream *quic_stream, unsigned char *payload, int payload_len, int thread_seq)
{
int ext_len=0,used_len=0;
ext_len=get_value(payload, &used_len, 2); //Server Name List length
if(ext_len>0 && ext_len>payload_len)
{
return 0;
}
if(get_value(payload, &used_len, 1)==0) //Server Name type
{
ext_len=get_value(payload, &used_len, 2); //Server Name length
if(ext_len<0 || ext_len>payload_len)
{
return 0;
}
quic_stream->sni_idx=quic_stream->ext_tag_num++;
get_quic_tlv((char *)payload+used_len, &(quic_stream->ext_tags[quic_stream->sni_idx]), ext_len, EXTENSION_SERVER_NAME, thread_seq);
}
else
{
return 0;
}
return 1;
}
int parse_encrypt_client_hello(void *pstream, struct _quic_stream *quic_stream, void *a_packet, unsigned char *payload, int payload_len)
{
int used_len=0;
int flags=0,ret=0;
int skip_len=0,client_hello_len=0;
int ext_type=0, extension_total_len=0;
get_value(payload, &used_len, 1); //handshake type
client_hello_len=get_value(payload, &used_len, 3); //client hello length
get_value(payload, &used_len, 2); //ssl_version
get_value(payload, &used_len, 32); //Random
skip_len=(int)get_value(payload, &used_len, 1); //Session ID length
if(!check_length(payload_len-used_len, skip_len))
{
return flags;
}
used_len+=skip_len;
skip_len=(int)get_value(payload, &used_len, 2); //Ciper Suites length
if(!check_length(payload_len-used_len, skip_len))
{
return flags;
}
used_len+=skip_len;
skip_len=(int)get_value(payload, &used_len, 1); //Compression Methods
if(!check_length(payload_len-used_len, skip_len))
{
return flags;
}
used_len+=skip_len;
extension_total_len=(int)get_value(payload, &used_len, 2); //Extension length
if(!check_length(payload_len-used_len, extension_total_len) && (extension_total_len!=payload_len-used_len))
{
return flags;
}
quic_stream->ext_tags=(quic_tlv_t *)calloc(1, sizeof(quic_tlv_t)*3);
memset(quic_stream->ext_tags, 0, sizeof(quic_tlv_t)*3);
while(extension_total_len>used_len)
{
ext_type=get_value(payload, &used_len, 2); //Extension type
skip_len=get_value(payload, &used_len, 2); //length
if(!check_length(payload_len-used_len, skip_len) || skip_len==0)
{
return flags;
}
switch(ext_type)
{
case EXTENSION_SERVER_NAME:
ret=parse_encrypt_server_name(quic_stream, payload+used_len, skip_len, 0);
if(ret==0)
{
break;
}
flags=1;
break;
case EXTENSION_QUIC_PARAM:
parse_encrypt_parameter(quic_stream, payload+used_len, skip_len, 0);
break;
case EXTENSION_SUPPORT_GROUP:
case EXTENSION_APP_PROT_NEGO:
case EXTENSION_SIG_ALGORITHM:
case EXTENSION_KEY_SHARE:
case EXTENSION_PSK_EXCHANGE:
case EXTENSION_SUPP_SSL_VER:
case EXTENSION_COMPRESS_CERT:
break;
default:
break;
}
used_len+=skip_len;
}
return flags;
}
int main(int argc, char *argv[])
{
if(argc<1)
{
return -1;
}
struct stat statbuf;
if (stat(argv[1], &statbuf) == -1)
{
return -1;
}
unsigned char *payload=(unsigned char *)calloc(1, statbuf.st_size);
FILE *fp=fopen(argv[1], "rb");
if(fp)
{
int size=fread(payload, 1, 1315, fp);
assert(size==1315);
//assert(size==statbuf.st_size);
struct _quic_stream * quic_stream=(struct _quic_stream *)calloc(1, sizeof(struct _quic_stream));
parse_encrypt_client_hello(NULL, quic_stream, NULL, payload+4, 1314)-4;
fclose(fp);
fp=NULL;
free(quic_stream);
quic_stream=NULL;
free(payload);
payload=NULL;
}
return 0;
}

96
inc/gquic.h
View File

@@ -1,96 +0,0 @@
/*
* quic.h
*
* Created on: 2019-4-4
* Author: root
*/
#ifndef _GQUIC_H_
#define _GQUIC_H_
#define QUIC_INTEREST_KEY (1<<QUIC_INTEREST_KEY_MASK)
#define QUIC_CLIENT_HELLO (1<<QUIC_CLIENT_HELLO_MASK)
#define QUIC_SERVER_HELLO (1<<QUIC_SERVER_HELLO_MASK)
#define QUIC_CACHED_CERT (1<<QUIC_CACHED_CERT_MASK)
#define QUIC_COMM_CERT (1<<QUIC_COMM_CERT_MASK)
#define QUIC_CERT_CHAIN (1<<QUIC_CERT_CHAIN_MASK)
#define QUIC_APPLICATION_DATA (1<<QUIC_APPLICATION_DATA_MASK)
#define QUIC_USEING_VERSION (1<<QUIC_USEING_VERSION_MASK)
#define QUIC_NEGOTIATION_VERSION (1<<QUIC_NEGOTIATION_VERSION_MASK)
#define QUIC_REJECTION (1<<QUIC_REJECTION_MASK)
enum quic_interested_region
{
QUIC_INTEREST_KEY_MASK = 0,
QUIC_CLIENT_HELLO_MASK,
QUIC_SERVER_HELLO_MASK,
QUIC_CACHED_CERT_MASK,
QUIC_COMM_CERT_MASK,
QUIC_CERT_CHAIN_MASK,
QUIC_APPLICATION_DATA_MASK,
QUIC_USEING_VERSION_MASK,
QUIC_NEGOTIATION_VERSION_MASK,
QUIC_REJECTION_MASK
};
typedef struct _quic_tlv
{
unsigned int type;
unsigned int length;
void *value;
}quic_tlv_t;
#define MAX_CONNECT_ID_LEN 18
struct _quic_public_header
{
unsigned char public_flags;
unsigned char is_reset;
unsigned char is_sepcial_packet; // special Packets
unsigned char is_version_negotiation;
unsigned char server_CID_len;
unsigned char client_CID_len;
unsigned char negotiation_version_num;
unsigned int quic_version;
unsigned long long packet_number;
unsigned char server_CID[MAX_CONNECT_ID_LEN]; ////use first 8 bytes if GQUIC version 1~43
unsigned char client_CID[MAX_CONNECT_ID_LEN]; // no used if GQUIC version 1~43
unsigned int *negotiation_version_list;
};
struct _gquic_frame_header
{
unsigned char frame_type;
unsigned char fin_state;
unsigned short data_len;
unsigned int stream_id;
unsigned long long offset;
};
struct _quic_stream
{
unsigned char count;
unsigned char sni_idx;
unsigned char ua_idx;
unsigned char ver_idx;
unsigned int ext_tag_num; //number of extensions or tags
quic_tlv_t *ext_tags; //extensions or tags
};
struct _quic_info
{
struct _quic_stream *rejection;
struct _quic_stream *client_hello;
struct _quic_stream *server_hello;
struct _gquic_frame_header frame_hdr;
struct _quic_public_header quic_hdr;
};
//buff_len minimun 32bytes
int quic_version_int2string(unsigned int version, char *buff, int buff_len);
//ret: 0: not quic, >0: quic version
unsigned int quic_protocol_identify(struct streaminfo *a_stream, void *a_packet, char *out_sni, int *out_sni_len, char *out_ua, int *out_ua_len);
#endif /* SRC_GQUIC_H_ */

55
include/quic.h Normal file
View File

@@ -0,0 +1,55 @@
/*
* quic.h
*
* Created on: 2021-11-08
* Author: liuxueli
*/
#ifndef __QUIC_H__
#define __QUIC_H__
#define QUIC_INTEREST_KEY (1<<QUIC_INTEREST_KEY_MASK)
#define QUIC_CLIENT_HELLO (1<<QUIC_CLIENT_HELLO_MASK)
#define QUIC_SERVER_HELLO (1<<QUIC_SERVER_HELLO_MASK)
#define QUIC_CACHED_CERT (1<<QUIC_CACHED_CERT_MASK)
#define QUIC_COMM_CERT (1<<QUIC_COMM_CERT_MASK)
#define QUIC_CERT_CHAIN (1<<QUIC_CERT_CHAIN_MASK)
#define QUIC_APPLICATION_DATA (1<<QUIC_APPLICATION_DATA_MASK)
#define QUIC_USEING_VERSION (1<<QUIC_USEING_VERSION_MASK)
#define QUIC_NEGOTIATION_VERSION (1<<QUIC_NEGOTIATION_VERSION_MASK)
#define QUIC_REJECTION (1<<QUIC_REJECTION_MASK)
enum quic_interested_region
{
QUIC_INTEREST_KEY_MASK = 0,
QUIC_CLIENT_HELLO_MASK,
QUIC_SERVER_HELLO_MASK,
QUIC_CACHED_CERT_MASK,
QUIC_COMM_CERT_MASK,
QUIC_CERT_CHAIN_MASK,
QUIC_APPLICATION_DATA_MASK,
QUIC_USEING_VERSION_MASK,
QUIC_NEGOTIATION_VERSION_MASK,
QUIC_REJECTION_MASK
};
struct quic_client_hello
{
char *sni;
char *user_agent;
};
struct quic_info
{
unsigned int quic_version;
struct quic_client_hello *client_hello;
};
//buff_len minimun 32bytes
int quic_version_int2string(unsigned int version, char *buff, int buff_len);
//ret: 0: not quic, >0: quic version
unsigned int quic_protocol_identify(struct streaminfo *a_stream, void *a_packet, char *out_sni, int *out_sni_len, char *out_ua, int *out_ua_len);
#endif /* SRC__QUIC_H__ */

1558
src/gquic_process.cpp
View File

File diff suppressed because it is too large Load Diff

11
src/parser_quic.cpp → src/quic_deprotection.cpp
View File

@@ -10,11 +10,11 @@
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include "parser_quic.h"
#include "wsgcrypt.h"
#include "utils.h"
#include "pint.h" #include "pint.h"
#include "gcrypt.h" #include "gcrypt.h"
#include "quic_deprotection.h"
#include "quic_deprotection_wsgcrypt.h"
#include "quic_deprotection_utils.h"
// #define DEBUG_PARSER_QUIC // #define DEBUG_PARSER_QUIC
@@ -163,8 +163,9 @@ static void quic_decrypt_message(quic_pp_cipher *pp_cipher, const char *payload,
header[0] = first_byte; header[0] = first_byte;
guint i; guint i;
for (i = 0; i < pkn_len; i++) for (i = 0; i < pkn_len; i++)
{
header[header_length - 1 - i] = (guint8)(packet_number >> (8 * i)); header[header_length - 1 - i] = (guint8)(packet_number >> (8 * i));
}
// Input is "header || ciphertext (buffer) || auth tag (16 bytes)" // Input is "header || ciphertext (buffer) || auth tag (16 bytes)"
// buffer_length = length - (header_length + 16); // buffer_length = length - (header_length + 16);
// buffer_length = 297 - (2 + 16); // buffer_length = 297 - (2 + 16);
@@ -752,7 +753,7 @@ static void free_quic_cipher(quic_ciphers *initial_ciphers)
} }
int dissect_quic(const char *payload, unsigned int length, unsigned char *out, unsigned int *out_length) int quic_deprotection(const char *payload, unsigned int length, unsigned char *out, unsigned int *out_length)
{ {
guint offset = 0; guint offset = 0;
quic_packet_info_t quic_packet; quic_packet_info_t quic_packet;

2
src/parser_quic.h → src/quic_deprotection.h
View File

@@ -14,7 +14,7 @@ extern "C" {
#endif #endif
/*ret: 1 sucess*/ /*ret: 1 sucess*/
int dissect_quic(const char *payload, unsigned int length, unsigned char *out, unsigned int *out_length); int quic_deprotection(const char *payload, unsigned int length, unsigned char *out, unsigned int *out_length);
int gcry_init(); int gcry_init();
#ifdef __cplusplus #ifdef __cplusplus

4
src/utils.cpp → src/quic_deprotection_utils.cpp
View File

@@ -10,9 +10,9 @@
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include "utils.h"
#include "wsgcrypt.h"
#include "pint.h" #include "pint.h"
#include "quic_deprotection_utils.h"
#include "quic_deprotection_wsgcrypt.h"
/* /*
* Computes HKDF-Expand-Label(Secret, Label, Hash(context_value), Length) with a * Computes HKDF-Expand-Label(Secret, Label, Hash(context_value), Length) with a

0
src/utils.h → src/quic_deprotection_utils.h
View File

2
src/wsgcrypt.cpp → src/quic_deprotection_wsgcrypt.cpp
View File

@@ -10,7 +10,7 @@
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include "wsgcrypt.h" #include "quic_deprotection_wsgcrypt.h"
gcry_error_t ws_hmac_buffer(int algo, void *digest, const void *buffer, size_t length, const void *key, size_t keylen) gcry_error_t ws_hmac_buffer(int algo, void *digest, const void *buffer, size_t length, const void *key, size_t keylen)
{ {

0
src/wsgcrypt.h → src/quic_deprotection_wsgcrypt.h
View File

197
src/quic_analysis.cpp → src/quic_entry.cpp
View File

@@ -1,20 +1,20 @@
/* /*
* quic_analysis.c * quic_entry.cpp
* *
* Created on: 2019Äê4ÔÂ2ÈÕ * Created on: 2021-11-09
* Author: root * Author: liuxueli
*/ */
#include "gquic.h"
#include "quic_analysis.h"
#include "gquic_process.h"
#include "parser_quic.h"
#include <stdio.h> #include <stdio.h>
#include <MESA/stream_inc/stream_base.h> #include <MESA/stream_inc/stream_base.h>
#include <MESA/MESA_handle_logger.h> #include <MESA/MESA_handle_logger.h>
#include <MESA/MESA_prof_load.h> #include <MESA/MESA_prof_load.h>
#include "quic.h"
#include "quic_entry.h"
#include "quic_process.h"
#include "quic_deprotection.h"
struct _quic_param_t g_quic_param; struct quic_param g_quic_param;
const char *g_quic_proto_conffile="./conf/quic/main.conf"; const char *g_quic_proto_conffile="./conf/quic/main.conf";
const char *g_quic_regionname_conffile="./conf/quic/quic.conf"; const char *g_quic_regionname_conffile="./conf/quic/quic.conf";
@@ -106,71 +106,100 @@ static int parse_quic_port(char *port_list, unsigned short *quic_port, int quic_
} }
int quic_init_stream(void **pme, int thread_seq) int quic_init_context(void **pme, int thread_seq)
{ {
struct _quic_context *_context=(struct _quic_context *)dictator_malloc(thread_seq, sizeof(struct _quic_context)); struct quic_context *context=(struct quic_context *)dictator_malloc(thread_seq, sizeof(struct quic_context));
memset(_context, 0, sizeof(struct _quic_context)); memset(context, 0, sizeof(struct quic_context));
*pme=(void*)_context; *pme=(void*)context;
return 0; return 0;
} }
void quic_release_exts(int thread_seq, quic_tlv_t *ext_tags, int ext_tag_num) void quic_free_client_hello(struct quic_client_hello *client_hello, int thread_seq)
{ {
int i=0; if(client_hello==NULL)
if(ext_tags!=NULL)
{ {
for(i=0; i<ext_tag_num; i++) return ;
{
if(ext_tags[i].value!=NULL)
{
dictator_free(thread_seq, ext_tags[i].value);
ext_tags[i].value=NULL;
}
} }
dictator_free(thread_seq, ext_tags); if(client_hello->sni)
ext_tags=NULL; {
dictator_free(thread_seq, client_hello->sni);
client_hello->sni=NULL;
} }
if(client_hello->user_agent)
{
dictator_free(thread_seq, client_hello->user_agent);
client_hello->user_agent=NULL;
} }
void quic_release_stream(void** pme, int thread_seq) dictator_free(thread_seq, client_hello);
{ client_hello=NULL;
struct _quic_context *_context = (struct _quic_context *)*pme;
if(NULL!=_context)
{
if(_context->quic_info.client_hello!=NULL)
{
quic_release_exts(thread_seq, _context->quic_info.client_hello->ext_tags, _context->quic_info.client_hello->ext_tag_num);
dictator_free(thread_seq, _context->quic_info.client_hello);
_context->quic_info.client_hello=NULL;
}
if(_context->quic_info.server_hello!=NULL)
{
quic_release_exts(thread_seq, _context->quic_info.server_hello->ext_tags, _context->quic_info.server_hello->ext_tag_num);
dictator_free(thread_seq, _context->quic_info.server_hello);
_context->quic_info.server_hello=NULL;
}
if(_context->quic_info.rejection!=NULL)
{
quic_release_exts(thread_seq, _context->quic_info.rejection->ext_tags, _context->quic_info.rejection->ext_tag_num);
dictator_free(thread_seq, _context->quic_info.rejection);
_context->quic_info.rejection=NULL;
}
dictator_free(thread_seq, _context);
_context=NULL;
*pme=NULL;
}
return ; return ;
} }
void quic_free_context(void** pme, int thread_seq)
{
if(NULL==*pme)
{
return ;
}
struct quic_context *context = (struct quic_context *)*pme;
quic_free_client_hello(context->quic_info.client_hello, thread_seq);
dictator_free(thread_seq, *pme);
*pme=NULL;
return;
}
extern "C" unsigned char QUIC_ENTRY(struct streaminfo *pstream, void**pme, int thread_seq, void *a_packet)
{
unsigned char state=0;
struct quic_context *context=(struct quic_context *)*pme;
if((g_quic_param.quic_interested_region_flag<QUIC_KEY) || (!is_quic_port(pstream)))
{
return APP_STATE_DROPME;
}
if(*pme==NULL)
{
quic_init_context(pme, thread_seq);
context=(struct quic_context *)*pme;
}
switch(pstream->opstate)
{
case OP_STATE_PENDING:
state=quic_analyze_entry(pstream, context, thread_seq, a_packet);
break;
case OP_STATE_DATA:
state=quic_call_business_plug(pstream, context, (char *)pstream->pudpdetail->pdata, pstream->pudpdetail->datalen, QUIC_APPLICATION_DATA_MASK, a_packet);
break;
case OP_STATE_CLOSE:
if(pstream->pudpdetail->pdata!=NULL && pstream->pudpdetail->datalen>0)
{
state=quic_call_business_plug(pstream, context, (char *)pstream->pudpdetail->pdata, pstream->pudpdetail->datalen, QUIC_APPLICATION_DATA_MASK, a_packet);
}
state=quic_call_business_plug(pstream, context, NULL, 0, QUIC_INTEREST_KEY_MASK, a_packet);
break;
}
if(state&APP_STATE_DROPME || state&APP_STATE_DROPPKT || pstream->opstate==OP_STATE_CLOSE)
{
quic_free_context(pme, thread_seq);
*pme=NULL;
return state;
}
return APP_STATE_GIVEME;
}
extern "C" int QUIC_INIT(void) extern "C" int QUIC_INIT(void)
{ {
int ret=0; int ret=0;
@@ -179,12 +208,12 @@ extern "C" int QUIC_INIT(void)
int region_id=0; int region_id=0;
char region_name[REGION_NAME_LEN]={0}; char region_name[REGION_NAME_LEN]={0};
memset(&g_quic_param,0,sizeof(struct _quic_param_t)); memset(&g_quic_param,0,sizeof(struct quic_param));
MESA_load_profile_int_def(g_quic_proto_conffile, "QUIC", "LOG_LEVEL", &g_quic_param.level, RLOG_LV_FATAL); MESA_load_profile_int_def(g_quic_proto_conffile, "QUIC", "LOG_LEVEL", &g_quic_param.level, RLOG_LV_FATAL);
MESA_load_profile_string_def(g_quic_proto_conffile, "QUIC", "LOG_PATH", g_quic_param.log_path, sizeof(g_quic_param.log_path), "./log/quic/quic"); MESA_load_profile_string_def(g_quic_proto_conffile, "QUIC", "LOG_PATH", g_quic_param.log_path, sizeof(g_quic_param.log_path), "./log/quic/quic");
MESA_load_profile_int_def(g_quic_proto_conffile, "QUIC", "DUMP_PCAKET_SWITCH", &g_quic_param.dump_packet_switch, 0); MESA_load_profile_int_def(g_quic_proto_conffile, "QUIC", "DECRYPTED_SWITCH", &g_quic_param.decrypted_switch, 2);
MESA_load_profile_string_def(g_quic_proto_conffile, "QUIC", "QUIC_PORT_LIST", buff, sizeof(buff), "443;8443;"); MESA_load_profile_string_def(g_quic_proto_conffile, "QUIC", "QUIC_PORT_LIST", buff, sizeof(buff), "443;8443;");
g_quic_param.quic_port_num=parse_quic_port(buff, g_quic_param.quic_port_list, SUPPORT_QUIC_PORT_NUM); g_quic_param.quic_port_num=parse_quic_port(buff, g_quic_param.quic_port_list, SUPPORT_QUIC_PORT_NUM);
@@ -230,12 +259,7 @@ extern "C" int QUIC_INIT(void)
gcry_init(); gcry_init();
return 0; return 0;
}/*QUICINIT*/ }
extern "C" void QUIC_DESTROY(void)
{
return ;
}/*QUICDESTROY*/
extern "C" void QUIC_GETPLUGID(unsigned short plugid) extern "C" void QUIC_GETPLUGID(unsigned short plugid)
{ {
@@ -251,7 +275,7 @@ extern "C" void QUIC_PROT_FUNSTAT(unsigned long long protflag)
g_quic_param.quic_interested_region_flag=protflag; g_quic_param.quic_interested_region_flag=protflag;
MESA_handle_runtime_log(g_quic_param.logger, RLOG_LV_FATAL, "QUIC_PROT_FUNSTAT", "interested_region_flag: %llu", g_quic_param.quic_interested_region_flag); MESA_handle_runtime_log(g_quic_param.logger, RLOG_LV_FATAL, "QUIC_PROT_FUNSTAT", "interested_region_flag: %llu", g_quic_param.quic_interested_region_flag);
return; return;
}/*PROT_FUNSTAT*/ }
extern "C" unsigned long long quic_getRegionID(char *string, int str_len,const char g_string[MAX_REGION_NUM][REGION_NAME_LEN]) extern "C" unsigned long long quic_getRegionID(char *string, int str_len,const char g_string[MAX_REGION_NUM][REGION_NAME_LEN])
{ {
@@ -305,49 +329,8 @@ extern "C" long long QUIC_FLAG_CHANGE(char* flag_str)
return protflag; return protflag;
} }
extern "C" char QUIC_ENTRY(struct streaminfo *pstream, void**pme, int thread_seq, void *a_packet) extern "C" void QUIC_DESTROY(void)
{ {
int ret=0; return ;
struct _quic_context *_context=(struct _quic_context *)*pme;
if(g_quic_param.quic_interested_region_flag<QUIC_KEY)
{
return APP_STATE_DROPME;
}
if(!is_quic_port(pstream))
{
return APP_STATE_DROPME;
}
if(*pme==NULL)
{
quic_init_stream(pme, thread_seq);
_context=(struct _quic_context *)*pme;
_context->call_business=TRUE;
}
switch(pstream->opstate)
{
case OP_STATE_PENDING:
case OP_STATE_DATA:
ret=quic_process(pstream, _context, thread_seq, a_packet);
break;
case OP_STATE_CLOSE:
ret=quic_process(pstream, _context, thread_seq, a_packet);
quic_callPlugins(pstream, _context, NULL, 0, QUIC_INTEREST_KEY_MASK, a_packet);
break;
default:
break;
}
if(ret&APP_STATE_DROPME || ret&APP_STATE_DROPPKT || pstream->opstate==OP_STATE_CLOSE)
{
quic_release_stream(pme, thread_seq);
*pme=NULL;
return ret;
}
return APP_STATE_GIVEME;
} }

11
src/quic_analysis.h → src/quic_entry.h
View File

@@ -1,7 +1,7 @@
#ifndef _QUIC_ANALYSIS_H_ #ifndef _QUIC_ANALYSIS_H_
#define _QUIC_ANALYSIS_H_ #define _QUIC_ANALYSIS_H_
#include "gquic.h" #include "quic.h"
#define FALSE 0x00 #define FALSE 0x00
#define TRUE 0x01 #define TRUE 0x01
@@ -20,14 +20,14 @@
#define MAX_REGION_NUM 15 #define MAX_REGION_NUM 15
#define REGION_NAME_LEN 32 #define REGION_NAME_LEN 32
struct _quic_param_t struct quic_param
{ {
unsigned long long quic_interested_region_flag; unsigned long long quic_interested_region_flag;
unsigned long long quic_region_cnt; unsigned long long quic_region_cnt;
unsigned short quic_plugid; unsigned short quic_plugid;
int level; int level;
int quic_port_num; int quic_port_num;
int dump_packet_switch; int decrypted_switch;
unsigned short quic_port_list[SUPPORT_QUIC_PORT_NUM]; unsigned short quic_port_list[SUPPORT_QUIC_PORT_NUM];
char quic_conf_regionname[MAX_REGION_NUM][REGION_NAME_LEN]; char quic_conf_regionname[MAX_REGION_NUM][REGION_NAME_LEN];
char log_path[128]; char log_path[128];
@@ -45,10 +45,9 @@ enum quic_mes_type{
MSG_UNKNOWN = 255 MSG_UNKNOWN = 255
}; };
extern struct _quic_param_t g_quic_param; extern struct quic_param g_quic_param;
int is_quic_port(struct streaminfo *pstream); int is_quic_port(struct streaminfo *pstream);
void quic_release_exts(int thread_seq, quic_tlv_t *ext_tags, int ext_tag_num); void quic_free_client_hello(struct quic_client_hello *client_hello, int thread_seq);
#endif /* SRC_QUIC_ANALYSIS_H_ */ #endif /* SRC_QUIC_ANALYSIS_H_ */

871
src/quic_process.cpp Normal file
View File

@@ -0,0 +1,871 @@
/*
* quic_analyze_entry.cpp
*
* Created on: 2021-11-09
* Author: liuxueli
*/
#include <stdio.h>
#include <assert.h>
#include <stdbool.h>
#include <stdint.h>
#include <sys/time.h>
#include <arpa/inet.h>
#include <MESA/stream.h>
#include <MESA/MESA_handle_logger.h>
#include "quic_entry.h"
#include "quic_process.h"
#include "quic_deprotection.h"
#define PARSE_RESULT_UNKNOWN 0
#define PARSE_RESULT_VERSION 1
#define PARSE_RESULT_CLIENT_HELLO 2
#ifndef PRINTADDR
#define PRINTADDR(a, b) ((b)<RLOG_LV_FATAL ? printaddr(&(a->addr), a->threadnum) : "")
#endif
#ifndef MIN
#define MIN(a, b) (((a) < (b)) ? (a) : (b))
#endif
struct quic_client_hello_msg_hdr
{
uint8_t handshake_type;
uint8_t client_hello_len[3];
uint16_t tls_version;
uint8_t random[32];
};
int check_port(unsigned short port)
{
int i=0;
for(i=0; i< g_quic_param.quic_port_num; i++)
{
if(g_quic_param.quic_port_list[i]==port)
{
return 1;
}
}
return 0;
}
int is_quic_port(struct streaminfo *pstream)
{
unsigned short source=0, dest=0;
switch(pstream->addr.addrtype)
{
case ADDR_TYPE_IPV4:
case __ADDR_TYPE_IP_PAIR_V4:
source=(unsigned short)ntohs(pstream->addr.ipv4->source);
dest=(unsigned short)ntohs(pstream->addr.ipv4->dest);
break;
case ADDR_TYPE_IPV6:
case __ADDR_TYPE_IP_PAIR_V6:
source=(unsigned short)ntohs(pstream->addr.ipv6->source);
dest=(unsigned short)ntohs(pstream->addr.ipv6->dest);
break;
default:
return 0;
break;
}
if(check_port(source) || check_port(dest))
{
return 1;
}
return 0;
}
static int gquic_pkn_bit2length(unsigned char bit_value)
{
switch(bit_value)
{
case 0x30: return 6;
case 0x20: return 4;
case 0x10: return 2;
default:
return 1;
}
return 1;
}
static int copy_extension_tag(const char *tag_start_pos, int tag_len, char **out, int thread_seq)
{
if(tag_start_pos!=NULL && tag_len>0)
{
(*out)=(char *)dictator_malloc(thread_seq, tag_len+1);
memcpy(*out, tag_start_pos, tag_len);
(*out)[tag_len]='\0';
return tag_len;
}
return 0;
}
//Source: https://wise2.ipac.caltech.edu/staff/slw/docs/html/varint_8h_source.html
static int msb2_varint_decode(const unsigned char *buf, long *out)
{
unsigned long val = buf[0] & 0x3f;
unsigned int nfollow = 1<<(buf[0]>>6);
switch (nfollow-1)
{
case 7: val = (val << 8) | buf[nfollow - 7]; /*fail through*/
case 6: val = (val << 8) | buf[nfollow - 6]; /*fail through*/
case 5: val = (val << 8) | buf[nfollow - 5]; /*fail through*/
case 4: val = (val << 8) | buf[nfollow - 4]; /*fail through*/
case 3: val = (val << 8) | buf[nfollow - 3]; /*fail through*/
case 2: val = (val << 8) | buf[nfollow - 2]; /*fail through*/
case 1: val = (val << 8) | buf[nfollow-1];
case 0: break;
}
*out=val;
return nfollow;
}
int quic_call_business_state(struct quic_context *context)
{
UCHAR state = 0;
if(0==context->link_state)
{
state=SESSION_STATE_PENDING|SESSION_STATE_DATA;
context->link_state=1;
}
else
{
state=SESSION_STATE_DATA;
}
return state;
}
unsigned char quic_call_business_plug(struct streaminfo *pstream, struct quic_context *context, void *buff, int buff_len, enum quic_interested_region region_mask, void *a_packet)
{
char state=PROT_STATE_GIVEME;
char app_state=APP_STATE_GIVEME;
stSessionInfo session_info={0};
if(region_mask==QUIC_INTEREST_KEY_MASK)
{
session_info.plugid=g_quic_param.quic_plugid;
session_info.prot_flag=0;
session_info.session_state=SESSION_STATE_CLOSE;
session_info.app_info=NULL;
session_info.buf=NULL;
session_info.buflen=0;
}
else
{
session_info.plugid=g_quic_param.quic_plugid;
session_info.prot_flag=(((unsigned long long)1)<<region_mask);
session_info.session_state=quic_call_business_state(context) ;
session_info.app_info=(void*)(&context->quic_info);
session_info.buf=buff;
session_info.buflen=buff_len;
}
state=PROT_PROCESS(&session_info, &(context->business_pme), pstream->threadnum, pstream, a_packet);
if(state&PROT_STATE_DROPPKT)
{
app_state=APP_STATE_DROPPKT;
}
return app_state;
}
/*
//https://docs.google.com/document/d/1FcpCJGTDEMblAs-Bm5TYuqhHyUqeWpqrItw2vkMFsdY/edit
Long Header (used for packets that are sent prior to the completion of version negotiation and establishment of 1-RTT keys):
+-+-+-+-+-+-+-+-+
|1|1|T|T|R|R|P|P|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Version (32) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|DCIL(4)|SCIL(4)|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Destination Connection ID (0/64) ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Source Connection ID (0/64) ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Packet Number (8/16/24/32) ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
*/
static int join_client_hello_frames(const char *payload, int payload_len, char *join_payload, int *join_payload_len)
{
int joined_length=0;
int payload_offset=0;
long frame_type=0, frame_offset=0, frame_length=0;
for(; payload_offset<payload_len; )
{
frame_type=payload[payload_offset++]; // Frame Type=1
if(frame_type==IQUIC_FRAME_PADDING || frame_type==IQUIC_FRAME_PING)
{
continue;
}
payload_offset+=msb2_varint_decode((const unsigned char *)(payload+payload_offset), &frame_offset);
payload_offset+=msb2_varint_decode((const unsigned char *)(payload+payload_offset), &frame_length);
if(joined_length+frame_length>(*join_payload_len) || frame_offset<0 || frame_offset+frame_length>payload_len)
{
return -1;
}
memcpy(join_payload+frame_offset, payload+payload_offset, frame_length);
joined_length+=frame_length;
payload_offset+=frame_length;
}
(*join_payload_len)=joined_length;
return joined_length;
}
static int parse_gquic_version_44to48_header(const char *payload, int payload_len, int *payload_offset)
{
unsigned pkn_length=0;
unsigned char client_CID_len=0;
unsigned char server_CID_len=0;
unsigned char public_flags=payload[*payload_offset];
*payload_offset+=1; //skip public flags
*payload_offset+=sizeof(int); // skip version
if((payload[*payload_offset])&GQUIC_VERSION_44to48_CID_MASK)
{
client_CID_len=(payload[*payload_offset]&GQUIC_VERSION_44to48_CID_MASK) + 3;
}
if((payload[*payload_offset]>>4)&GQUIC_VERSION_44to48_CID_MASK)
{
server_CID_len=((payload[*payload_offset]>>4)&GQUIC_VERSION_44to48_CID_MASK) + 3;
}
*payload_offset+=1; // both connection_id length
*payload_offset+=server_CID_len; // Destination connection id length
*payload_offset+=client_CID_len; // source connection id length
pkn_length=(public_flags&GQUIC_VERSION_44to48_PKN_LEN_MASK)+1;
*payload_offset+=pkn_length;
*payload_offset+=12; //message authentication hash
return 1;
}
int parse_special_frame_stream(struct quic_info* quic_info, const char *payload, int payload_len, int thread_seq)
{
int tag_num = 0;
int payload_offset=0;
unsigned int message_tag;
int pass_tag_num=0;
int ext_tag_type=0;
int tag_value_start_offset=0;
int total_tag_len=0,one_tag_len=0;
int parse_result=PARSE_RESULT_VERSION;
int one_tag_offset_end=0,pre_one_tag_offset_end=0;
if(payload_len-payload_offset<=8)
{
return PARSE_RESULT_VERSION;
}
switch(quic_info->quic_version)
{
case GQUIC_VERSION_Q041:
payload_offset+=1; // unknown
case GQUIC_VERSION_Q044:
message_tag=(unsigned int)ntohl(*(unsigned int *)(payload+payload_offset));
payload_offset+=4;
tag_num=*(int *)(payload+payload_offset);
payload_offset+=4; //tag_num
break;
default:
message_tag=(unsigned int)ntohl(*(unsigned int *)(payload+payload_offset));
payload_offset+=4;
tag_num=*(unsigned short *)(payload+payload_offset);
payload_offset+=2; //tag_num
payload_offset+=2; //padding
break;
}
if(message_tag!=CHLO || tag_num>64 || tag_num<=0)
{
return PARSE_RESULT_VERSION;
}
quic_info->client_hello=(struct quic_client_hello *)dictator_malloc(thread_seq, sizeof(struct quic_client_hello));
memset(quic_info->client_hello, 0, sizeof(struct quic_client_hello));
tag_value_start_offset=payload_offset+tag_num*4*2; // skip length of type and offset, type(offset)=szieof(int)
while(tag_num>pass_tag_num)
{
ext_tag_type=ntohl(*(unsigned int *)(payload+payload_offset));
payload_offset+=sizeof(int);
one_tag_offset_end=*(unsigned int *)(payload+payload_offset);
payload_offset+=sizeof(int);
one_tag_len=one_tag_offset_end-pre_one_tag_offset_end;
if(one_tag_len<=0 || (one_tag_offset_end>=payload_len) || (one_tag_len+tag_value_start_offset)>payload_len)
{
break;
}
switch(ext_tag_type)
{
case TAG_UAID:
copy_extension_tag(payload+tag_value_start_offset, one_tag_len, &quic_info->client_hello->user_agent, thread_seq);
parse_result=PARSE_RESULT_CLIENT_HELLO;
break;
case TAG_SNI:
copy_extension_tag(payload+tag_value_start_offset, one_tag_len, &quic_info->client_hello->sni, thread_seq);
parse_result=PARSE_RESULT_CLIENT_HELLO;
break;
default:
break;
}
pass_tag_num++;
tag_value_start_offset+=one_tag_len;
total_tag_len+=one_tag_len;
pre_one_tag_offset_end=one_tag_offset_end;
}
return parse_result;
}
int parse_quic_transport_parameter(struct quic_client_hello *client_hello, const char *quic_para, int quic_para_len, int thread_seq)
{
int one_para_length=0;
int para_offset=0;
long one_para_type=0;
while(quic_para_len > para_offset)
{
para_offset+=msb2_varint_decode((const unsigned char *)(quic_para+para_offset), &one_para_type);
switch(one_para_type)
{
case EXT_QUIC_PARAM_USER_AGENT: // 2021-10-20 deprecated
one_para_length=quic_para[para_offset++]; // length=1
if(one_para_length+para_offset>quic_para_len)
{
return 0;
}
para_offset+=copy_extension_tag(quic_para+para_offset, one_para_length, &client_hello->user_agent, thread_seq);
return 1;
default:
one_para_length=quic_para[para_offset++]; // length=1
para_offset+=one_para_length;
break;
}
}
return 0;
}
int parse_extension_server_name(struct quic_client_hello *client_hello, const char *ext_server_name, int ext_server_name_length, int thread_seq)
{
unsigned short sni_type=0;
unsigned short sni_length=0;
unsigned short extension_offset=0;
unsigned short server_name_list_len=0;
server_name_list_len=ntohs(*(unsigned short *)(ext_server_name+extension_offset)); //Server Name List length
if(server_name_list_len<=0 || server_name_list_len>ext_server_name_length)
{
return 0;
}
extension_offset+=2; //Server Name List length
sni_type=ext_server_name[extension_offset++]; //Server Name type
if(sni_type!=EXTENSION_SERVER_NAME)
{
return 0;
}
sni_length=ntohs(*(unsigned short*)(ext_server_name+extension_offset)); //Server Name length
if(sni_length<=0 || sni_length>ext_server_name_length)
{
return 0;
}
extension_offset+=2;
copy_extension_tag(ext_server_name+extension_offset, sni_length, &client_hello->sni, thread_seq);
return 1;
}
int parse_tls_client_hello(struct quic_client_hello **client_hello, const char *payload, int payload_len, int thread_seq)
{
int ret=0,skip_len=0;
int payload_offset=0;
int extension_offset=0;
const char *extension_start_pos=NULL;
int parse_result=PARSE_RESULT_VERSION;
unsigned short one_ext_type=0, one_ext_len=0, extension_total_len=0;
if(payload_len-payload_offset<=sizeof(struct quic_client_hello_msg_hdr))
{
return PARSE_RESULT_VERSION;
}
// handshake type(1), client hello length(3), ssl_version(2), Random(32)
payload_offset+=sizeof(struct quic_client_hello_msg_hdr);
skip_len=payload[payload_offset++]; //Session ID length
if(payload_len-payload_offset<=skip_len)
{
return PARSE_RESULT_VERSION;
}
payload_offset+=skip_len;
skip_len=ntohs(*(unsigned short *)(payload+payload_offset)); //Ciper Suites length
if(payload_len-payload_offset<=skip_len+2)
{
return PARSE_RESULT_VERSION;
}
payload_offset+=skip_len+2;
skip_len=payload[payload_offset++]; //Compression Methods
if(payload_len-payload_offset<skip_len)
{
return PARSE_RESULT_VERSION;
}
payload_offset+=skip_len;
extension_total_len=ntohs(*(unsigned short *)(payload+payload_offset)); //Extension length
if(payload_len-payload_offset<extension_total_len)
{
return PARSE_RESULT_VERSION;
}
payload_offset+=2;
if(*client_hello==NULL)
{
*client_hello=(struct quic_client_hello *)dictator_malloc(thread_seq, sizeof(struct quic_client_hello));
memset(*client_hello, 0, sizeof(struct quic_client_hello));
}
extension_start_pos=payload+payload_offset;
while(extension_total_len > extension_offset)
{
one_ext_type=ntohs(*(unsigned short *)(extension_start_pos+extension_offset)); //Extension type
extension_offset+=2;
one_ext_len=ntohs(*(unsigned short *)(extension_start_pos+extension_offset)); //length
extension_offset+=2;
if(extension_total_len-extension_offset<one_ext_len)
{
break;
}
switch(one_ext_type)
{
case EXTENSION_SERVER_NAME:
ret=parse_extension_server_name(*client_hello, extension_start_pos+extension_offset, one_ext_len, thread_seq);
break;
case EXTENSION_QUIC_PARAM_TLS_13:
case EXTENSION_QUIC_PARAM_TLS_33:
ret=parse_quic_transport_parameter(*client_hello, extension_start_pos+extension_offset, one_ext_len, thread_seq);
break;
default:
break;
}
if(ret==1)
{
ret=0;
parse_result=PARSE_RESULT_CLIENT_HELLO;
}
extension_offset+=one_ext_len;
}
return parse_result;
}
int parse_quic_decrypted_payload(struct quic_info *quic_info, const char * payload, int payload_len, int thread_seq)
{
char join_payload[2048]={0};
int join_payload_len=sizeof(join_payload);
unsigned int quic_version=quic_info->quic_version;
if( (quic_version>=MVFST_VERSION_00 && quic_version<=MVFST_VERSION_0F) ||
(quic_version>=GQUIC_VERSION_T050 && quic_version<=GQUIC_VERSION_T059) ||
(quic_version>=IQUIC_VERSION_I022 && quic_version<=IQUIC_VERSION_I029) ||
(quic_version==IQUIC_VERSION_RFC9000)
)
{
join_payload_len=join_client_hello_frames(payload, payload_len, join_payload, &join_payload_len);
if(join_payload_len<=0)
{
return PARSE_RESULT_VERSION;
}
if(join_payload[0] == QUIC_HANDSHAKE_TYPE_CLIENTHELLO)
{
return parse_tls_client_hello(&(quic_info->client_hello), join_payload, join_payload_len, thread_seq);
}
}
else //if(quic_version>=GQUIC_VERSION_Q047 && quic_version<=GQUIC_VERSION_Q059)
{
return parse_special_frame_stream(quic_info, (char *)payload+4, payload_len-4, thread_seq); // Frame type=1,offset=1,length=2
}
return PARSE_RESULT_VERSION;
}
int parse_quic_uncryption_payload(struct quic_info *quic_info, const char * payload, int payload_len, int thread_seq)
{
int stream_id_len=0;
int offset_len=0;
unsigned char frame_type;
int payload_offset=0;
frame_type=payload[payload_offset];
payload_offset+=1; //skip frame_type
//https://docs.google.com/document/d/1WJvyZflAO2pq77yOLbp9NsGjC1CHetAXV8I0fQe-B_U/edit#
//Frame Type: The Frame Type byte is an 8-bit value containing various flags (1fdooossB):
if(frame_type&GQUIC_SPECIAL_FRAME_STREAM || (frame_type&0xC0)==GQUIC_SPECIAL_FRAME_ACK)
{
stream_id_len=(frame_type&GQUIC_SPECIAL_FRAME_STREAM_ID)+1;
if(payload_len-payload_offset<=stream_id_len)
{
return PARSE_RESULT_VERSION;
}
payload_offset+=stream_id_len; // stream ID length
if(frame_type&GQUIC_SPECIAL_FRAME_STREAM_DLEN)
{
if(payload_len-payload_offset<2)
{
return PARSE_RESULT_VERSION;
}
payload_offset+=2; //data length
}
if(frame_type&GQUIC_SPECIAL_FRAME_STREAM_OFFSET)
{//The next three 'ooo' bits encode the length of the Offset header field as 0, 16, 24, 32, 40, 48, 56, or 64 bits long.
offset_len= (((frame_type&GQUIC_SPECIAL_FRAME_STREAM_OFFSET))>>2)+1;
if(payload_len-payload_offset<=offset_len)
{
return PARSE_RESULT_VERSION;
}
payload_offset+=offset_len; //data length
}
return parse_special_frame_stream(quic_info, payload+payload_offset, payload_len-payload_offset, thread_seq);
}
return PARSE_RESULT_VERSION;
}
/*
//https://docs.google.com/document/d/1WJvyZflAO2pq77yOLbp9NsGjC1CHetAXV8I0fQe-B_U/edit
--- src
0 1 2 3 4 8
+--------+--------+--------+--------+--------+--- ---+
| Public | Connection ID (64) ... | ->
|Flags(8)| (optional) |
+--------+--------+--------+--------+--------+--- ---+
9 10 11 12
+--------+--------+--------+--------+
| QUIC Version (32) | ->
| (optional) |
+--------+--------+--------+--------+
13 14 15 16 17 18 19 20
+--------+--------+--------+--------+--------+--------+--------+--------+
| Diversification Nonce | ->
| (optional) |
+--------+--------+--------+--------+--------+--------+--------+--------+
21 22 23 24 25 26 27 28
+--------+--------+--------+--------+--------+--------+--------+--------+
| Diversification Nonce Continued | ->
| (optional) |
+--------+--------+--------+--------+--------+--------+--------+--------+
29 30 31 32 33 34 35 36
+--------+--------+--------+--------+--------+--------+--------+--------+
| Diversification Nonce Continued | ->
| (optional) |
+--------+--------+--------+--------+--------+--------+--------+--------+
37 38 39 40 41 42 43 44
+--------+--------+--------+--------+--------+--------+--------+--------+
| Diversification Nonce Continued | ->
| (optional) |
+--------+--------+--------+--------+--------+--------+--------+--------+
45 46 47 48 49 50
+--------+--------+--------+--------+--------+--------+
| Packet Number (8, 16, 32, or 48) |
| (variable length) |
+--------+--------+--------+--------+--------+--------+
*/
enum QUIC_VERSION identify_gquic_version0to43(const char *payload, int payload_len, int *payload_offset)
{
unsigned char pkn_length=0;
unsigned char public_flags=0;
enum QUIC_VERSION quic_version=QUIC_VERSION_UNKNOWN;
public_flags=payload[*payload_offset];
*payload_offset+=1;
if(!(public_flags&GQUIC_PUBLIC_FLAG_VERSION))
{
return QUIC_VERSION_UNKNOWN;
}
/*
0x08 = Indicates the full 8 byte Connection ID is present in the packet.
This must be set in all packets until negotiated to a different value for a given direction
(e.g., client may request fewer bytes of the Connection ID be presented)
*/
if(public_flags&GQUIC_PUBLIC_FLAG_CID)
{
*payload_offset+=8; // CID length
}
if(public_flags&GQUIC_PUBLIC_FLAG_VERSION && (*(unsigned char *)(payload+*payload_offset)==0x51))
{
quic_version=(enum QUIC_VERSION)ntohl(*(unsigned int *)(payload+*payload_offset));
*payload_offset+=sizeof(int); // skip version
}
if(quic_version<GQUIC_VERSION_Q001 || quic_version>GQUIC_VERSION_Q043)
{
return QUIC_VERSION_UNKNOWN;
}
pkn_length=gquic_pkn_bit2length(public_flags&GQUIC_VERSION_0to43_PKN_LEN_MASK);
*payload_offset+=pkn_length; // packet number length
if(public_flags==GQUIC_PUBLIC_FLAG_NONCE)
{
*payload_offset+=32; //diversification nonce
}
// Version 11 reduced the length of null encryption authentication tag from 16 to 12 bytes
if(quic_version > GQUIC_VERSION_Q010)
{
*payload_offset+=12;
}
else
{
*payload_offset+=16;
}
// Version 34 removed entropy bits from packets and ACK frames,
// removed private flag from packet header and changed the ACK format to specify ranges of packets acknowledged rather than missing ranges.
if(quic_version < GQUIC_VERSION_Q034)
{
*payload_offset+=1; //private flags
}
return quic_version;
}
enum QUIC_VERSION identify_quic_version(const char *payload, int payload_len, int *payload_offset)
{
enum QUIC_VERSION quic_version=(enum QUIC_VERSION)ntohl(*(unsigned int *)(payload+(*payload_offset+1)));
if(quic_version>=GQUIC_VERSION_Q044 && quic_version<=GQUIC_VERSION_Q048)
{
parse_gquic_version_44to48_header(payload, payload_len, payload_offset);
return quic_version;
}
else if(
(quic_version==GQUIC_VERSION_Q099) ||
(quic_version==PICOQUIC_VERSION_30) ||
(quic_version==PQUIC_VERSION_PROX) ||
(quic_version==GQUIC_VERSION_T099) ||
(quic_version>=GQUIC_VERSION_Q049 && quic_version<=GQUIC_VERSION_Q050) ||
(quic_version>=GQUIC_VERSION_Q051 && quic_version<=GQUIC_VERSION_Q059) ||
(quic_version>=GQUIC_VERSION_T048 && quic_version<=GQUIC_VERSION_T049) ||
(quic_version>=GQUIC_VERSION_T050 && quic_version<=GQUIC_VERSION_T059) ||
(quic_version>=QUANT_VERSION_00 && quic_version<=QUANT_VERSION_FF) ||
(quic_version>=QUIC_GO_VERSION_00 && quic_version<=QUIC_GO_VERSION_FF) ||
(quic_version>=QUICLY_VERSION_00 && quic_version<=QUICLY_VERSION_FF) ||
(quic_version>=MSQUIC_VERSION_00 && quic_version<=MSQUIC_VERSION_0F) ||
(quic_version>=MOZQUIC_VERSION_00 && quic_version<=MOZQUIC_VERSION_0F) ||
(quic_version>=MVFST_VERSION_00 && quic_version<=MVFST_VERSION_0F) ||
(quic_version>=IQUIC_VERSION_I001 && quic_version<=IQUIC_VERSION_I032) ||
(quic_version==IQUIC_VERSION_RFC9000)
)
{
return quic_version;
}
return QUIC_VERSION_UNKNOWN;
}
enum QUIC_VERSION is_quic_protocol(const char *payload, int payload_len, int *payload_offset)
{
enum QUIC_VERSION quic_version=QUIC_VERSION_UNKNOWN;
unsigned char frame_type=(unsigned char)(payload[0]);
if(frame_type&QUIC_LONG_HEADER_MASK)
{
quic_version=identify_quic_version(payload, payload_len, payload_offset);
}
else if(frame_type<QUIC_LONG_HEADER_MASK)
{
quic_version=identify_gquic_version0to43(payload, payload_len, payload_offset);
}
else
{
return QUIC_VERSION_UNKNOWN;
}
return quic_version;
}
int parse_quic_all_version(struct quic_info *quic_info, const char *payload, int payload_len, int thread_seq)
{
int ret=0, payload_offset=0;
unsigned char decrypt_payload[2048]={0};
unsigned int decrypt_payload_len=sizeof(decrypt_payload);
enum QUIC_VERSION quic_version=QUIC_VERSION_UNKNOWN;
if(payload==NULL || payload_len<=0)
{
return PARSE_RESULT_UNKNOWN;
}
quic_version=is_quic_protocol(payload, payload_len, &payload_offset);
if(quic_version==QUIC_VERSION_UNKNOWN)
{
return PARSE_RESULT_UNKNOWN;
}
quic_info->quic_version=quic_version;
if(quic_version>=GQUIC_VERSION_Q001 && quic_version<=GQUIC_VERSION_Q048)
{
return parse_quic_uncryption_payload(quic_info, payload+payload_offset, payload_len-payload_offset, thread_seq);
}
else if(((quic_version>=MVFST_VERSION_00 && quic_version<=MVFST_VERSION_0F) ||
(quic_version>=GQUIC_VERSION_Q049 && quic_version<=GQUIC_VERSION_Q059) ||
(quic_version>=GQUIC_VERSION_T050 && quic_version<=GQUIC_VERSION_T059) ||
(quic_version>=GQUIC_VERSION_T050 && quic_version<=GQUIC_VERSION_T059) ||
(quic_version>=IQUIC_VERSION_I022 && quic_version<=IQUIC_VERSION_I029) ||
(quic_version==IQUIC_VERSION_RFC9000))
&& g_quic_param.decrypted_switch>0
)
{
ret=quic_deprotection(payload, payload_len, decrypt_payload, &decrypt_payload_len);
if(ret!=1 || decrypt_payload_len<=0)
{
return PARSE_RESULT_VERSION;
}
if(g_quic_param.decrypted_switch==2)
{
return parse_quic_decrypted_payload(quic_info, (const char *)decrypt_payload, decrypt_payload_len, thread_seq);
}
}
else
{
return PARSE_RESULT_VERSION;
}
return PARSE_RESULT_VERSION;
}
unsigned char quic_analyze_entry(struct streaminfo *pstream, struct quic_context* context, int thread_seq, void* a_packet)
{
int ret=PARSE_RESULT_UNKNOWN;
if(pstream==NULL || pstream->pudpdetail==NULL)
{
return APP_STATE_DROPME;
}
struct udpdetail *udp_detail=pstream->pudpdetail;
ret=parse_quic_all_version(&(context->quic_info), (const char *)udp_detail->pdata, udp_detail->datalen, thread_seq);
switch(ret)
{
case PARSE_RESULT_VERSION:
return quic_call_business_plug(pstream, context, (void *)&(context->quic_info.quic_version), sizeof(unsigned int), QUIC_USEING_VERSION_MASK, a_packet);
case PARSE_RESULT_CLIENT_HELLO:
return quic_call_business_plug(pstream, context, (void *)&(context->quic_info), sizeof(void *), QUIC_CLIENT_HELLO_MASK, a_packet);
default:
break;
}
return APP_STATE_DROPME;
}
static int copy_client_hello_extension(char *src, char *dest, int d_len)
{
if(src==NULL || dest==NULL || d_len<=0)
{
return 0;
}
int len=MIN((int)strlen(src), d_len-1);
memcpy(dest, src, len);
dest[len]='\0';
return len;
}
unsigned int quic_protocol_identify(struct streaminfo *a_stream, void *a_packet, char *out_sni, int *out_sni_len, char *out_ua, int *out_ua_len)
{
int ret=APP_STATE_GIVEME;
struct quic_info quic_info={0, NULL};
unsigned int quic_version=QUIC_VERSION_UNKNOWN;
if(!is_quic_port(a_stream) || a_stream==NULL || a_stream->pudpdetail==NULL)
{
return quic_version;
}
ret=parse_quic_all_version(&quic_info, (const char *)a_stream->pudpdetail->pdata, a_stream->pudpdetail->datalen, a_stream->threadnum);
if(ret!=PARSE_RESULT_UNKNOWN)
{
if(quic_info.client_hello!=NULL)
{
*out_sni_len=copy_client_hello_extension(quic_info.client_hello->sni, out_sni, *out_sni_len);
*out_ua_len=copy_client_hello_extension(quic_info.client_hello->user_agent, out_ua, *out_ua_len);
quic_free_client_hello(quic_info.client_hello, a_stream->threadnum);
}
else
{
*out_sni_len=0;
*out_ua_len=0;
}
quic_version=quic_info.quic_version;
}
return quic_version;
}

146
src/gquic_process.h → src/quic_process.h
View File

@@ -1,5 +1,5 @@
/* /*
* quic_process.h * quic_analyze_entry.h
* *
* Created on: 2019<EFBFBD><EFBFBD>4<EFBFBD><EFBFBD>2<EFBFBD><EFBFBD> * Created on: 2019<EFBFBD><EFBFBD>4<EFBFBD><EFBFBD>2<EFBFBD><EFBFBD>
* Author: root * Author: root
@@ -12,10 +12,13 @@
#include <stdint.h> #include <stdint.h>
#include <stdbool.h> #include <stdbool.h>
#include "gquic.h" #include "quic.h"
//#define VERSION_LEN 4 #define QUIC_LONG_HEADER_MASK 0x80
//#define VER_Q046
#define GQUIC_VERSION_44to48_CID_MASK 0x0F
#define GQUIC_VERSION_44to48_PKN_LEN_MASK 0x03
#define GQUIC_VERSION_0to43_PKN_LEN_MASK 0x30
#define GQUIC_PUBLIC_FLAG_VERSION 0x01 #define GQUIC_PUBLIC_FLAG_VERSION 0x01
#define GQUIC_PUBLIC_FLAG_RST 0x02 #define GQUIC_PUBLIC_FLAG_RST 0x02
@@ -43,58 +46,13 @@
#define GQUIC_REGULAR_FRAME_STOP_WAITING 0x06 #define GQUIC_REGULAR_FRAME_STOP_WAITING 0x06
#define GQUIC_REGULAR_FRAME_PING 0x07 #define GQUIC_REGULAR_FRAME_PING 0x07
#define GQUIC_SPECIAL_FRAME_FLAG 0xE0 // Special Frame Types #define IQUIC_FRAME_PADDING 0x00
#define GQUIC_SPECIAL_FRAME_STREAM 0x80 #define IQUIC_FRAME_PING 0x01
#define GQUIC_SPECIAL_FRAME_ACK 0x40
#define GQUIC_SPECIAL_FRAME_CONGEST_FB 0x20
#define GQUIC_SPECIAL_FRAME_STREAM_FIN 0x40 // FIN
#define GQUIC_SPECIAL_FRAME_STREAM_DLEN 0x20 //stream length
#define GQUIC_SPECIAL_FRAME_STREAM_OFFSET 0x1C //offset header field
#define GQUIC_SPECIAL_FRAME_STREAM_ID 0x03 //offset header field
#define GQUIC_REGULAR_FRAME_PADDING 0x00
#define GQUIC_REGULAR_FRAME_RST_STREAM 0x01
#define GQUIC_REGULAR_FRAME_CONNECTION_CLOSE 0x02
#define GQUIC_REGULAR_FRAME_GOAWAY 0x03
#define GQUIC_REGULAR_FRAME_WINDOW_UPDATE 0x04
#define GQUIC_REGULAR_FRAME_BLOCKED 0x05
#define GQUIC_REGULAR_FRAME_STOP_WAITING 0x06
#define GQUIC_REGULAR_FRAME_PING 0x07
#define QUIC_HANDSHAKE_TYPE_CLIENTHELLO 0x01
//https://datatracker.ietf.org/doc/html/draft-ietf-quic-transport-27#section-12.4 //https://datatracker.ietf.org/doc/html/draft-ietf-quic-transport-27#section-12.4
//IQIIC Frame type (GQUIC_Q046 is iQUIC 17) //IQIIC Frame type (GQUIC_Q046 is iQUIC 17)
#define IQUIC_FRAME_PADDING 0x00
#define IQUIC_FRAME_PING 0x01
#define IQUIC_FRAME_ACK_HEX02 0x02
#define IQUIC_FRAME_ACK_HEX03 0x03
#define IQUIC_FRAME_RESET_STREAM 0x04
#define IQUIC_FRAME_STOP_SENDING 0x05
#define IQUIC_FRAME_CRYPTO 0x06
#define IQUIC_FRAME_NEW_TOKEN 0x07
#define IQUIC_FRAME_STREAM_HEX08 0x08
#define IQUIC_FRAME_STREAM_HEX09 0x09
#define IQUIC_FRAME_STREAM_HEX0A 0x0A
#define IQUIC_FRAME_STREAM_HEX0B 0x0B
#define IQUIC_FRAME_STREAM_HEX0C 0x0C
#define IQUIC_FRAME_STREAM_HEX0D 0x0D
#define IQUIC_FRAME_STREAM_HEX0E 0x0E
#define IQUIC_FRAME_STREAM_HEX0F 0x0F
#define IQUIC_FRAME_MAX_DATA 0x10
#define IQUIC_FRAME_MAX_STREAM_DATA 0x11
#define IQUIC_FRAME_MAX_STREAMS_HEX12 0x12
#define IQUIC_FRAME_MAX_STREAMS_HEX13 0x13
#define IQUIC_FRAME_DATA_BLOCKED 0x14
#define IQUIC_FRAME_STREAM_DATA_BLOCKED 0x15
#define IQUIC_FRAME_STREAMS_BLOCKED_HEX16 0x16
#define IQUIC_FRAME_STREAMS_BLOCKED_HEX17 0x17
#define IQUIC_FRAME_NEW_CONNECTION_ID 0x18
#define IQUIC_FRAME_RETIRE_CONNECTION_ID 0x19
#define IQUIC_FRAME_PATH_CHALLENGE 0x1A
#define IQUIC_FRAME_PATH_RESPONSE 0x1B
#define IQUIC_FRAME_CONNECTION_CLOSE_HEX1C 0x1C
#define IQUIC_FRAME_CONNECTION_CLOSE_HEX1D 0x1D
/**************************************************************************/ /**************************************************************************/
@@ -109,50 +67,10 @@
/**************************************************************************/ /**************************************************************************/
/* Tag */ /* Tag */
/**************************************************************************/ /**************************************************************************/
#define TAG_PAD 0x50414400
#define TAG_SNI 0x534E4900 #define TAG_SNI 0x534E4900
#define TAG_VER 0x56455200 #define TAG_VER 0x56455200
#define TAG_CCS 0x43435300
#define TAG_UAID 0x55414944 #define TAG_UAID 0x55414944
#define TAG_PDMD 0x50444d44
#define TAG_STK 0x53544b00
#define TAG_SNO 0x534E4F00
#define TAG_PROF 0x50524F46
#define TAG_SCFG 0x53434647
#define TAG_RREJ 0x5252454A
#define TAG_CRT 0x435254FF
#define TAG_AEAD 0x41454144
#define TAG_SCID 0x53434944
#define TAG_PUBS 0x50554253
#define TAG_KEXS 0x4B455853
#define TAG_OBIT 0x4F424954
#define TAG_EXPY 0x45585059
#define TAG_NONC 0x4E4F4E43
#define TAG_MSPC 0x4D535043
#define TAG_TCID 0x54434944
#define TAG_SRBF 0x53524246
#define TAG_ICSL 0x4943534C
#define TAG_SCLS 0x53434C53
#define TAG_COPT 0x434F5054
#define TAG_CCRT 0x43435254
#define TAG_IRTT 0x49525454
#define TAG_CFCW 0x43464357
#define TAG_SFCW 0x53464357
#define TAG_CETV 0x43455456
#define TAG_XLCT 0x584C4354
#define TAG_NONP 0x4E4F4E50
#define TAG_CSCT 0x43534354
#define TAG_CTIM 0x4354494D
#define TAG_MIDS 0x4D494453
#define TAG_FHOL 0x46484F4C
#define TAG_STTL 0x5354544C
#define TAG_SMHL 0x534D484C
#define TAG_TBKP 0x54424B50
/* Public Reset Tag */
#define TAG_RNON 0x524E4F4E
#define TAG_RSEQ 0x52534551
#define TAG_CADR 0x43414452
#define EXTENSION_SERVER_NAME 0x0000 #define EXTENSION_SERVER_NAME 0x0000
#define EXTENSION_SUPPORT_GROUP 0x000A #define EXTENSION_SUPPORT_GROUP 0x000A
@@ -185,13 +103,13 @@
#define EXT_QUIC_PARAM_INIT_SRC_CONN_ID 0x0F #define EXT_QUIC_PARAM_INIT_SRC_CONN_ID 0x0F
#define EXT_QUIC_PARAM_RETRY_SRC_CONN_ID 0x10 #define EXT_QUIC_PARAM_RETRY_SRC_CONN_ID 0x10
#define EXT_QUIC_PARAM_MAX_DATAGRAM_FRAME_SIZE 0x20 #define EXT_QUIC_PARAM_MAX_DATAGRAM_FRAME_SIZE 0x20
#define EXT_QUIC_PARAM_INIT_RTT 0x7127 #define EXT_QUIC_PARAM_INIT_RTT 0x3127
#define EXT_QUIC_PARAM_GOOGLE_CONN_OPTIONS 0x7128 #define EXT_QUIC_PARAM_GOOGLE_CONN_OPTIONS 0x3128
#define EXT_QUIC_PARAM_USER_AGENT 0x7129 // 2021-10-20 deprecated #define EXT_QUIC_PARAM_USER_AGENT 0x3129 // 2021-10-20 deprecated
#define EXT_QUIC_PARAM_QUIC_VERSION 0x4752 #define EXT_QUIC_PARAM_QUIC_VERSION 0x4752
//https://github.com/quicwg/base-drafts/wiki/QUIC-Versions //https://github.com/quicwg/base-drafts/wiki/QUIC-Versions
enum _QUIC_VERSION enum QUIC_VERSION
{ {
QUIC_VERSION_UNKNOWN=0, QUIC_VERSION_UNKNOWN=0,
//NetApp //NetApp
@@ -361,39 +279,17 @@ enum _QUIC_VERSION
IQUIC_VERSION_I032=0xFF000020 IQUIC_VERSION_I032=0xFF000020
}; };
struct _quic_context struct quic_context
{ {
int is_quic; unsigned char link_state;
int is_decrypt; unsigned char padding[7];
int cb_version;
int link_state;
int call_business;
void *business_pme; void *business_pme;
struct _quic_info quic_info; struct quic_info quic_info;
}; };
int quic_process(struct streaminfo *pstream, struct _quic_context* _context, int thread_seq, void* a_packet); int parse_quic_all_version(struct quic_info* quic_info, const char *payload, int payload_len, int thread_seq);
unsigned char quic_analyze_entry(struct streaminfo *pstream, struct quic_context* context, int thread_seq, void* a_packet);
int quic_init_stream(void **pme, int thread_seq); // **pme=(struct _quic_context* ) unsigned char quic_call_business_plug(struct streaminfo *pstream, struct quic_context *context, void *buff, int buff_len, enum quic_interested_region region_mask, void *a_packet);
void quic_release_stream(void **pme, int thread_seq);
enum _QUIC_VERSION is_quic_protocol(struct streaminfo *pstream, struct _quic_context* _context, char *payload, int payload_len, int *used_len);
struct _gquic_reset_public_header
{
unsigned char public_flags;
unsigned long long connection_id;
unsigned int tag;
};
struct _gquic_ack_frame_header
{
unsigned long long largest_acked;
unsigned short largest_acked_delta_time;
unsigned int tag;
};
char quic_callPlugins(struct streaminfo *pstream, struct _quic_context *_context, void *buff, int buff_len, enum quic_interested_region region_mask, void *a_packet);
#endif #endif

4
src/quic_version.cpp
View File

@@ -1,8 +1,8 @@
#include <stdio.h> #include <stdio.h>
#include <string.h> #include <string.h>
#include "gquic.h" #include "quic.h"
#include "gquic_process.h" #include "quic_process.h"
int quic_version_int2string(unsigned int version, char *buff, int buff_len) int quic_version_int2string(unsigned int version, char *buff, int buff_len)
{ {

72
test/pcap/airport/quic_result.json
View File

@@ -1,94 +1,94 @@
[{ [{
"Tuple4": "10.56.160.76.47427>213.55.110.12.443",
"VERSION": "Google QUIC 43",
"SNI": "r1---sn-xuj-5qqz.googlevideo.com",
"UA": "com.google.android.youtube Cronet/96.0.4655.4",
"name": "QUIC_RESULT_1"
}, {
"Tuple4": "10.56.160.76.38866>197.156.74.141.443",
"VERSION": "Google QUIC 43",
"SNI": "r2---sn-xuj-5qqs.googlevideo.com",
"UA": "com.google.android.youtube Cronet/96.0.4655.4",
"name": "QUIC_RESULT_2"
}, {
"Tuple4": "10.56.160.76.44417>216.58.209.132.443", "Tuple4": "10.56.160.76.44417>216.58.209.132.443",
"VERSION": "IETF QUIC RFC9000",
"SNI": "www.google.com", "SNI": "www.google.com",
"UA": "com.google.android.googlequicksearchbox Cronet/96.0.4664.17", "UA": "com.google.android.googlequicksearchbox Cronet/96.0.4664.17",
"name": "QUIC_RESULT_3" "VERSION": "IETF QUIC RFC9000",
"name": "QUIC_RESULT_1"
}, {
"Tuple4": "10.56.160.76.47427>213.55.110.12.443",
"SNI": "r1---sn-xuj-5qqz.googlevideo.com",
"UA": "com.google.android.youtube Cronet/96.0.4655.4",
"VERSION": "Google QUIC 43",
"name": "QUIC_RESULT_2"
}, { }, {
"Tuple4": "10.56.160.76.39996>142.250.185.33.443", "Tuple4": "10.56.160.76.39996>142.250.185.33.443",
"VERSION": "IETF QUIC RFC9000",
"SNI": "yt3.ggpht.com", "SNI": "yt3.ggpht.com",
"UA": "com.google.android.youtube Cronet/96.0.4655.4", "UA": "com.google.android.youtube Cronet/96.0.4655.4",
"name": "QUIC_RESULT_4" "VERSION": "IETF QUIC RFC9000",
"name": "QUIC_RESULT_3"
}, { }, {
"Tuple4": "10.56.160.76.48527>216.58.209.130.443", "Tuple4": "10.56.160.76.48527>216.58.209.130.443",
"VERSION": "IETF QUIC RFC9000",
"SNI": "www.googleadservices.com", "SNI": "www.googleadservices.com",
"UA": "com.google.android.youtube Cronet/96.0.4655.4", "UA": "com.google.android.youtube Cronet/96.0.4655.4",
"name": "QUIC_RESULT_5" "VERSION": "IETF QUIC RFC9000",
"name": "QUIC_RESULT_4"
}, { }, {
"Tuple4": "10.56.160.76.43569>197.156.74.146.443", "Tuple4": "10.56.160.76.43569>197.156.74.146.443",
"VERSION": "Google QUIC 43",
"SNI": "r7---sn-xuj-5qqs.googlevideo.com", "SNI": "r7---sn-xuj-5qqs.googlevideo.com",
"UA": "com.google.android.youtube Cronet/96.0.4655.4", "UA": "com.google.android.youtube Cronet/96.0.4655.4",
"name": "QUIC_RESULT_6" "VERSION": "Google QUIC 43",
"name": "QUIC_RESULT_5"
}, { }, {
"Tuple4": "10.56.160.76.52114>197.156.74.147.443", "Tuple4": "10.56.160.76.52114>197.156.74.147.443",
"VERSION": "Google QUIC 43",
"SNI": "r8---sn-xuj-5qqs.googlevideo.com", "SNI": "r8---sn-xuj-5qqs.googlevideo.com",
"UA": "com.google.android.youtube Cronet/96.0.4655.4", "UA": "com.google.android.youtube Cronet/96.0.4655.4",
"name": "QUIC_RESULT_7" "VERSION": "Google QUIC 43",
"name": "QUIC_RESULT_6"
}, { }, {
"Tuple4": "10.56.160.76.59023>213.55.110.13.443", "Tuple4": "10.56.160.76.59023>213.55.110.13.443",
"VERSION": "Google QUIC 43",
"SNI": "r2---sn-xuj-5qqz.googlevideo.com", "SNI": "r2---sn-xuj-5qqz.googlevideo.com",
"UA": "com.google.android.youtube Cronet/96.0.4655.4", "UA": "com.google.android.youtube Cronet/96.0.4655.4",
"name": "QUIC_RESULT_8" "VERSION": "Google QUIC 43",
"name": "QUIC_RESULT_7"
}, { }, {
"Tuple4": "10.56.160.76.46224>197.156.74.140.443", "Tuple4": "10.56.160.76.46224>197.156.74.140.443",
"VERSION": "Google QUIC 43",
"SNI": "r1---sn-xuj-5qqs.googlevideo.com", "SNI": "r1---sn-xuj-5qqs.googlevideo.com",
"UA": "com.google.android.youtube Cronet/96.0.4655.4", "UA": "com.google.android.youtube Cronet/96.0.4655.4",
"name": "QUIC_RESULT_9" "VERSION": "Google QUIC 43",
"name": "QUIC_RESULT_8"
}, { }, {
"Tuple4": "10.56.160.76.54334>197.156.74.145.443", "Tuple4": "10.56.160.76.54334>197.156.74.145.443",
"VERSION": "Google QUIC 43",
"SNI": "r6---sn-xuj-5qqs.googlevideo.com", "SNI": "r6---sn-xuj-5qqs.googlevideo.com",
"UA": "com.google.android.youtube Cronet/96.0.4655.4", "UA": "com.google.android.youtube Cronet/96.0.4655.4",
"name": "QUIC_RESULT_10" "VERSION": "Google QUIC 43",
"name": "QUIC_RESULT_9"
}, { }, {
"Tuple4": "10.56.160.76.41069>142.250.180.42.443", "Tuple4": "10.56.160.76.41069>142.250.180.42.443",
"VERSION": "IETF QUIC RFC9000",
"SNI": "youtubei.googleapis.com", "SNI": "youtubei.googleapis.com",
"UA": "com.google.android.youtube Cronet/96.0.4655.4", "UA": "com.google.android.youtube Cronet/96.0.4655.4",
"name": "QUIC_RESULT_11" "VERSION": "IETF QUIC RFC9000",
"name": "QUIC_RESULT_10"
}, { }, {
"Tuple4": "10.56.160.76.48756>213.55.110.14.443", "Tuple4": "10.56.160.76.48756>213.55.110.14.443",
"VERSION": "Google QUIC 43",
"SNI": "r3---sn-xuj-5qqz.googlevideo.com", "SNI": "r3---sn-xuj-5qqz.googlevideo.com",
"UA": "com.google.android.youtube Cronet/96.0.4655.4", "UA": "com.google.android.youtube Cronet/96.0.4655.4",
"name": "QUIC_RESULT_12" "VERSION": "Google QUIC 43",
"name": "QUIC_RESULT_11"
}, { }, {
"Tuple4": "10.56.160.76.51113>142.250.180.54.443", "Tuple4": "10.56.160.76.51113>142.250.180.54.443",
"VERSION": "IETF QUIC RFC9000",
"SNI": "i.ytimg.com", "SNI": "i.ytimg.com",
"UA": "com.google.android.youtube Cronet/96.0.4655.4", "UA": "com.google.android.youtube Cronet/96.0.4655.4",
"VERSION": "IETF QUIC RFC9000",
"name": "QUIC_RESULT_12"
}, {
"Tuple4": "10.56.160.76.38866>197.156.74.141.443",
"SNI": "r2---sn-xuj-5qqs.googlevideo.com",
"UA": "com.google.android.youtube Cronet/96.0.4655.4",
"VERSION": "Google QUIC 43",
"name": "QUIC_RESULT_13" "name": "QUIC_RESULT_13"
}, { }, {
"Tuple4": "10.56.160.76.46131>196.188.31.18.443", "Tuple4": "10.56.160.76.46131>196.188.31.18.443",
"VERSION": "Facebook mvfst 02",
"SNI": "video.fadd1-1.fna.fbcdn.net", "SNI": "video.fadd1-1.fna.fbcdn.net",
"VERSION": "Facebook mvfst 02",
"name": "QUIC_RESULT_14" "name": "QUIC_RESULT_14"
}, { }, {
"Tuple4": "10.56.160.76.40267>102.132.96.18.443", "Tuple4": "10.56.160.76.40267>102.132.96.18.443",
"VERSION": "Facebook mvfst 02",
"SNI": "graph.facebook.com", "SNI": "graph.facebook.com",
"VERSION": "Facebook mvfst 02",
"name": "QUIC_RESULT_15" "name": "QUIC_RESULT_15"
}, { }, {
"Tuple4": "10.56.160.76.46761>196.188.31.17.443", "Tuple4": "10.56.160.76.46761>196.188.31.17.443",
"VERSION": "Facebook mvfst 02",
"SNI": "scontent.fadd1-1.fna.fbcdn.net", "SNI": "scontent.fadd1-1.fna.fbcdn.net",
"VERSION": "Facebook mvfst 02",
"name": "QUIC_RESULT_16" "name": "QUIC_RESULT_16"
}] }]

8
test/pcap/gquic/43/quic_result.json
View File

@@ -1,15 +1,15 @@
[{ [{
"Tuple4": "192.168.50.26.55209>34.102.215.99.443", "Tuple4": "112.43.145.231.18699>112.46.25.216.443",
"SNI": "client.weixin.qq.com",
"VERSION": "Google QUIC 43", "VERSION": "Google QUIC 43",
"name": "QUIC_RESULT_1" "name": "QUIC_RESULT_1"
}, { }, {
"Tuple4": "192.168.50.26.60851>34.102.215.99.443", "Tuple4": "192.168.50.26.55209>34.102.215.99.443",
"VERSION": "Google QUIC 43", "VERSION": "Google QUIC 43",
"name": "QUIC_RESULT_2" "name": "QUIC_RESULT_2"
}, { }, {
"Tuple4": "112.43.145.231.18699>112.46.25.216.443", "Tuple4": "192.168.50.26.60851>34.102.215.99.443",
"VERSION": "Google QUIC 43", "VERSION": "Google QUIC 43",
"SNI": "client.weixin.qq.com",
"name": "QUIC_RESULT_3" "name": "QUIC_RESULT_3"
}, { }, {
"Tuple4": "192.168.50.26.63533>34.102.215.99.443", "Tuple4": "192.168.50.26.63533>34.102.215.99.443",

4
test/pcap/gquic/44/quic_result.json
View File

@@ -57,8 +57,6 @@
}, { }, {
"Tuple4": "85.117.117.190.11567>64.233.165.94.443", "Tuple4": "85.117.117.190.11567>64.233.165.94.443",
"VERSION": "Google QUIC 44", "VERSION": "Google QUIC 44",
"SNI": "www.google.kz",
"UA": "dev Chrome/73.0.3664.3 Windows NT 6.3; Win64; x64",
"name": "QUIC_RESULT_10" "name": "QUIC_RESULT_10"
}, { }, {
"Tuple4": "85.117.117.190.48098>173.194.221.95.443", "Tuple4": "85.117.117.190.48098>173.194.221.95.443",
@@ -69,8 +67,6 @@
}, { }, {
"Tuple4": "85.117.119.57.4009>64.233.162.155.443", "Tuple4": "85.117.119.57.4009>64.233.162.155.443",
"VERSION": "Google QUIC 44", "VERSION": "Google QUIC 44",
"SNI": "stats.g.doubleclick.net",
"UA": "dev Chrome/73.0.3664.3 Windows NT 6.1; Win64; x64",
"name": "QUIC_RESULT_12" "name": "QUIC_RESULT_12"
}, { }, {
"Tuple4": "85.117.126.11.11719>64.233.165.138.443", "Tuple4": "85.117.126.11.11719>64.233.165.138.443",

6
test/pcap/iquic/29/quic_result.json
View File

@@ -1,7 +1,8 @@
[{ [{
"Tuple4": "192.168.50.29.61891>31.13.77.35.443", "Tuple4": "192.168.50.29.61891>31.13.77.35.443",
"VERSION": "IETF QUIC 29",
"SNI": "www.facebook.com", "SNI": "www.facebook.com",
"UA": "Chrome/86.0.4240.183 Windows NT 10.0; Win64; x64",
"VERSION": "IETF QUIC 29",
"name": "QUIC_RESULT_1" "name": "QUIC_RESULT_1"
}, { }, {
"Tuple4": "223.104.233.102.13650>203.208.40.98.443", "Tuple4": "223.104.233.102.13650>203.208.40.98.443",
@@ -9,9 +10,8 @@
"name": "QUIC_RESULT_2" "name": "QUIC_RESULT_2"
}, { }, {
"Tuple4": "192.168.50.33.57220>114.250.70.38.443", "Tuple4": "192.168.50.33.57220>114.250.70.38.443",
"VERSION": "IETF QUIC 29",
"SNI": "securepubads.g.doubleclick.net", "SNI": "securepubads.g.doubleclick.net",
"UA": "Chrome/90.0.4430.72 Windows NT 10.0; Win64; x64", "UA": "Chrome/90.0.4430.72 Windows NT 10.0; Win64; x64",
"VERSION": "IETF QUIC 29",
"name": "QUIC_RESULT_3" "name": "QUIC_RESULT_3"
}] }]

12
test/pcap/tquic/quic_result.json
View File

@@ -1,21 +1,25 @@
[{ [{
"Tuple4": "195.12.120.14.41803>173.194.222.101.443", "Tuple4": "195.12.120.14.41803>173.194.222.101.443",
"VERSION": "Google QUIC with TLS 51",
"SNI": "clients4.google.com", "SNI": "clients4.google.com",
"UA": "Chrome/87.0.4280.101 Android 9; ANE-LX1",
"VERSION": "Google QUIC with TLS 51",
"name": "QUIC_RESULT_1" "name": "QUIC_RESULT_1"
}, { }, {
"Tuple4": "195.12.120.14.39526>64.233.165.113.443", "Tuple4": "195.12.120.14.39526>64.233.165.113.443",
"VERSION": "Google QUIC with TLS 51",
"SNI": "m.youtube.com", "SNI": "m.youtube.com",
"UA": "Chrome/87.0.4280.101 Android 9; ANE-LX1",
"VERSION": "Google QUIC with TLS 51",
"name": "QUIC_RESULT_2" "name": "QUIC_RESULT_2"
}, { }, {
"Tuple4": "195.12.120.14.41747>173.194.222.138.443", "Tuple4": "195.12.120.14.41747>173.194.222.138.443",
"VERSION": "Google QUIC with TLS 51",
"SNI": "clients4.google.com", "SNI": "clients4.google.com",
"UA": "Chrome/87.0.4280.101 Android 9; ANE-LX1",
"VERSION": "Google QUIC with TLS 51",
"name": "QUIC_RESULT_3" "name": "QUIC_RESULT_3"
}, { }, {
"Tuple4": "195.12.120.14.59012>173.194.222.138.443", "Tuple4": "195.12.120.14.59012>173.194.222.138.443",
"VERSION": "Google QUIC with TLS 51",
"SNI": "clients4.google.com", "SNI": "clients4.google.com",
"UA": "Chrome/87.0.4280.101 Android 9; ANE-LX1",
"VERSION": "Google QUIC with TLS 51",
"name": "QUIC_RESULT_4" "name": "QUIC_RESULT_4"
}] }]

27
test/quic_test_plug.cpp
View File

@@ -4,15 +4,13 @@
* *
*/ */
#include <stdio.h> #include <stdio.h>
#include <time.h> #include <time.h>
#include <unistd.h> #include <unistd.h>
#include <assert.h> #include <assert.h>
#include "cJSON.h" #include "cJSON.h"
#include "gquic.h" #include "quic.h"
#include "MESA_prof_load.h" #include "MESA_prof_load.h"
#include <MESA/stream.h> #include <MESA/stream.h>
@@ -26,7 +24,7 @@ extern "C" unsigned char QUIC_TEST_PLUG_ENTRY(stSessionInfo *session_info, void
assert(NULL != session_info || pme != NULL); assert(NULL != session_info || pme != NULL);
cJSON *ctx = (cJSON *)*pme; cJSON *ctx = (cJSON *)*pme;
struct _quic_info *quic_info=NULL; struct quic_info *quic_info=NULL;
char version_str[128]={0}; char version_str[128]={0};
unsigned int version = 0; unsigned int version = 0;
@@ -47,9 +45,22 @@ extern "C" unsigned char QUIC_TEST_PLUG_ENTRY(stSessionInfo *session_info, void
{ {
break; break;
} }
quic_info = (struct _quic_info *)session_info->app_info; quic_info = (struct quic_info *)session_info->app_info;
cJSON_AddStringToObject(ctx, "SNI", (char *)(quic_info->client_hello->ext_tags[quic_info->client_hello->sni_idx].value)); if(quic_info->client_hello==NULL)
cJSON_AddStringToObject(ctx, "UA", (char *)(quic_info->client_hello->ext_tags[quic_info->client_hello->ua_idx].value)); {
break;
}
if(quic_info->client_hello->sni!=NULL)
{
cJSON_AddStringToObject(ctx, "SNI", (char *)(quic_info->client_hello->sni));
}
if(quic_info->client_hello->user_agent!=NULL)
{
cJSON_AddStringToObject(ctx, "UA", (char *)(quic_info->client_hello->user_agent));
}
quic_version_int2string((unsigned int)(quic_info->quic_version), version_str, sizeof(version_str));
cJSON_AddStringToObject(ctx, "VERSION", version_str);
break; break;
case QUIC_USEING_VERSION: case QUIC_USEING_VERSION:
version = *(unsigned int *)(session_info->buf); version = *(unsigned int *)(session_info->buf);
@@ -86,7 +97,7 @@ extern "C" int QUIC_TEST_PLUG_INIT()
extern "C" void QUIC_TEST_PLUG_DESTROY(void) extern "C" void QUIC_TEST_PLUG_DESTROY(void)
{ {
return ; return ;
}/*CHAR_DESTRORY*/ }