diff --git a/src/gquic.h b/src/gquic.h index 6cbcdf5..3415791 100644 --- a/src/gquic.h +++ b/src/gquic.h @@ -15,10 +15,13 @@ #define QUIC_COMM_CERT (1<quic_info); - session_info.buf=buff; - session_info.buflen=buff_len; - + + if(region_mask==QUIC_INTEREST_KEY_MASK) + { + session_info.plugid=g_quic_param.quic_plugid; + session_info.prot_flag=0; + session_info.session_state=SESSION_STATE_CLOSE; + session_info.app_info=NULL; + session_info.buf=NULL; + session_info.buflen=0; + } + else + { + session_info.plugid=g_quic_param.quic_plugid; + session_info.prot_flag=(((unsigned long long)1)<quic_info); + session_info.buf=buff; + session_info.buflen=buff_len; + } state=PROT_PROCESS(&session_info, &(_context->business_pme), pstream->threadnum, pstream, a_packet); if(state&PROT_STATE_DROPPKT) @@ -130,6 +141,31 @@ unsigned long long get_variable_length(char *p, int offset, int v_len) return 0; } +long long bit_to_value(char *payload, unsigned char flags, unsigned long long *out_value, int *used_len) +{ + switch(flags&0x3) // packet number + { + case 0x3: // 6 bytes + *out_value=get_variable_length(payload, *used_len, 6); + *used_len+=6; + break; + case 0x2: // 4 bytes + *out_value=(unsigned long long)ntohl(*(unsigned int *)(payload+*used_len)); + *used_len+=4; + break; + case 0x1: // 2bytes + *out_value=(unsigned long long)ntohs(*(unsigned short *)(payload+*used_len)); + *used_len+=2; + break; + default: // 1 byte + *out_value=payload[*used_len]; + *used_len+=1; + break; + } + + return 0; +} + int get_quic_tlv(char *start_pos, quic_tlv_t *tlv, int len, int type, int thread_seq) { if(tlv->value==NULL && len>0) @@ -160,7 +196,7 @@ int get_stream_id(struct streaminfo *pstream, struct _quic_context* _context, ch *used_len+=2; //data length } - offset_len=(frame_type&GQUIC_SPECIAL_FRAME_STREAM_OFFSET) ? (frame_type&GQUIC_SPECIAL_FRAME_STREAM_ID)+1 : 0; + offset_len=(frame_type&GQUIC_SPECIAL_FRAME_STREAM_OFFSET) ? (((frame_type&GQUIC_SPECIAL_FRAME_STREAM_OFFSET))>>2)+1 : 0; _context->quic_info.frame_hdr.offset=get_variable_length(payload, *used_len, offset_len); *used_len+=offset_len; @@ -213,6 +249,29 @@ static enum _QUIC_VERSION parse_q0to43_header(struct streaminfo *pstream, struct public_flags=payload[*used_len]; *used_len+=1; + gquic_hdr->public_flags=public_flags; + + if((public_flags&GQUIC_PUBLIC_FLAG_RST) && _context->is_quic==TRUE) + { + gquic_hdr->is_reset=TRUE; //Public Reset Packet + return QUIC_VERSION_UNKNOWN; + + } + + if(pstream->curdir==DIR_S2C && gquic_hdr->public_flags&GQUIC_PUBLIC_FLAG_VERSION) + { + gquic_hdr->is_version_negotiation=TRUE; // Version Negotiation Packet + + gquic_hdr->negotiation_version_num=(payload_len-*used_len)/sizeof(int); + gquic_hdr->negotiation_version_list=(unsigned int *)dictator_malloc(pstream->threadnum, payload_len-*used_len); + + for(i=0; inegotiation_version_num; i++) + { + gquic_hdr->negotiation_version_list[i]=*(unsigned int *)(payload+*used_len); + *used_len+=sizeof(unsigned int); + } + return QUIC_VERSION_UNKNOWN; + } //For Public Reset and Version Negotiation Packets (sent by the server) which don't have a packet number if(!public_flags&GQUIC_PUBLIC_FLAG_PKT_NUM) @@ -226,71 +285,53 @@ static enum _QUIC_VERSION parse_q0to43_header(struct streaminfo *pstream, struct return QUIC_VERSION_UNKNOWN; } } - - gquic_hdr->public_flags=public_flags; if(gquic_hdr->public_flags&GQUIC_PUBLIC_FLAG_CID) { *(unsigned long long *)gquic_hdr->server_CID=get_variable_length(payload, *used_len, sizeof(gquic_hdr->server_CID)); *used_len+=sizeof(unsigned long long); // CID length + + _context->is_quic=TRUE; } - if(gquic_hdr->public_flags&GQUIC_PUBLIC_FLAG_VERSION && ntohs(*(unsigned short *)(payload+*used_len))==0x5130) + if(gquic_hdr->public_flags&GQUIC_PUBLIC_FLAG_VERSION && (*(unsigned char *)(payload+*used_len)==0x51)) { gquic_hdr->quic_version=(unsigned int)ntohl(*(unsigned int *)(payload+*used_len)); *used_len+=sizeof(int); // skip version + + _context->is_quic=TRUE; } - else + + if(_context->is_quic==FALSE) { return QUIC_VERSION_UNKNOWN; } - switch(gquic_hdr->public_flags&0x30) // packet number - { - case 0x30: // 6 bytes - gquic_hdr->packet_number=get_variable_length(payload, *used_len, 6); - *used_len+=6; - break; - case 0x20: // 4 bytes - gquic_hdr->packet_number=(unsigned long long)ntohl(*(unsigned int *)(payload+*used_len)); - *used_len+=4; - break; - case 0x10: // 2bytes - gquic_hdr->packet_number=(unsigned long long)ntohs(*(unsigned short *)(payload+*used_len)); - *used_len+=2; - break; - default: // 1 byte - gquic_hdr->packet_number=payload[*used_len]; - *used_len+=1; - break; - } + bit_to_value(payload, gquic_hdr->public_flags>>4, &gquic_hdr->packet_number, used_len); if(gquic_hdr->public_flags==GQUIC_PUBLIC_FLAG_NONCE) { *used_len+=32; //diversification nonce } - - if(gquic_hdr->public_flags&GQUIC_PUBLIC_FLAG_VERSION) - { - // Version 11 reduced the length of null encryption authentication tag from 16 to 12 bytes - if(gquic_hdr->quic_version > GQUIC_VERSION_Q010) - { - *used_len+=12; - } - else - { - *used_len+=16; - } - // Version 34 removed entropy bits from packets and ACK frames, - // removed private flag from packet header and changed the ACK format to specify ranges of packets acknowledged rather than missing ranges. - if(gquic_hdr->quic_version < GQUIC_VERSION_Q034) - { - *used_len+=1; //private flags - } + // Version 11 reduced the length of null encryption authentication tag from 16 to 12 bytes + if(gquic_hdr->quic_version > GQUIC_VERSION_Q010) + { + *used_len+=12; + } + else + { + *used_len+=16; + } + + // Version 34 removed entropy bits from packets and ACK frames, + // removed private flag from packet header and changed the ACK format to specify ranges of packets acknowledged rather than missing ranges. + if(gquic_hdr->quic_version < GQUIC_VERSION_Q034) + { + *used_len+=1; //private flags } - _context->is_quic==QUIC_TRUE; + _context->is_quic=TRUE; MESA_handle_runtime_log(g_quic_param.logger, RLOG_LV_DEBUG, @@ -345,7 +386,7 @@ enum _QUIC_VERSION parse_quic_header(struct streaminfo *pstream, struct _quic_co *used_len+=12; //message authentication hash - _context->is_quic==QUIC_TRUE; + _context->is_quic=TRUE; for(i=0,len=0;iserver_CID_len; i++) { @@ -509,140 +550,56 @@ int parse_extension_tag(struct streaminfo *pstream, struct _quic_stream **quic_s return ret; } -#if 0 -int gquic_frame_type_ack(struct quic_stream* a_quic_stream, char * quic_data, UINT32 quic_data_len, UINT8 frame_type, UINT32 *used_len) +int gquic_frame_type_ack(struct streaminfo *pstream, struct _quic_context* _context, char *payload, int payload_len, int *used_len, char frame_type, void *a_packet) { - UINT8 num_timestamp, num_ranges, num_revived, num_blocks; - UINT32 len_largest_observed=0, len_missing_packet=0; + unsigned char num_timestamp; + unsigned char num_blocks=0,gap_to_next_block=0;; + unsigned short largest_acked_delta_time=0; + unsigned long long ack_block_length=0; + unsigned long long largest_observed_ack=0; + + bit_to_value(payload, frame_type>>2, &largest_observed_ack, used_len); // frame_type -> LL + largest_acked_delta_time=ntohs(*(unsigned short *)(payload+*used_len)); + *used_len+=sizeof(unsigned short); + + if(frame_type&0x20) // frame_type -> n + { + num_blocks=(*(unsigned char *)(payload+*used_len))-1; + } + bit_to_value(payload, frame_type>>2, &ack_block_length, used_len); // frame_type -> mm + + if(num_blocks>0) + { + gap_to_next_block=*(unsigned char *)(payload+*used_len); + *used_len+=1; + + *used_len+=(num_blocks*sizeof(unsigned int)); //Ack block length + } + + num_timestamp=*(unsigned char *)(payload+*used_len); + *used_len += 1; - *used_len+=1; - len_largest_observed = read_largest_observed_len(frame_type); - len_missing_packet = read_missing_packet_len(frame_type); - //No longer Entropy after Q034 - if(a_quic_stream->version < 34) + if(num_timestamp > 0) { - //Send Entropy - *used_len += 1; - *used_len += len_largest_observed; - *used_len += 2; //ack delay time - strncpy((char*)&num_timestamp, quic_data+*used_len,1); - *used_len += 1; - if(num_timestamp > 0) - { - *used_len += 1; - *used_len += 4; - *used_len += (num_timestamp - 1)*(1+2); - } - if(frame_type & ACK_N) - { - strncpy((char*)&num_ranges, quic_data+*used_len,1); - *used_len += 1; - - *used_len += num_ranges*(len_missing_packet+1); - - strncpy((char*)&num_revived, quic_data+*used_len,1); - *used_len += 1; - - //Num Revived x Length Largest Observed - *used_len += num_revived*len_largest_observed; - } - } - else - { - *used_len += len_largest_observed; //Largest Acked - *used_len += 2; //Largest Acked Delta Time - - if(frame_type & ACK_N) //Ack Block - { - strncpy((char*)&num_blocks, quic_data+*used_len,1); - *used_len += 1; - } - - *used_len += len_missing_packet; //First Ack Block Length - if(num_blocks) - { - //Gap to next block - *used_len += 1; - num_blocks -= 1; - *used_len += (num_blocks - 1)*len_missing_packet; - } - - strncpy((char*)&num_timestamp, quic_data+*used_len,1); //Timestamp - *used_len += 1; - if(num_timestamp > 0) - { - *used_len += 1; //Delta Largest Acked - *used_len += 4; //Time Since Largest Acked - - //Num Timestamp x (Delta Largest Acked + Time Since Previous Timestamp) - *used_len += (num_timestamp - 1)*(1+2); - } + *used_len+=sizeof(unsigned char); //Delta Largest Observed + *used_len+= sizeof(unsigned int); //First Timestamp + *used_len+=(num_timestamp-1)*(1+2); //1+2=Delta Largest Observed+Time Since Previous Timestamp } + MESA_handle_runtime_log(g_quic_param.logger, + RLOG_LV_DEBUG, + "QUIC_ACK", + "largest_observed_ack: %llu largest_acked_delta_time: %u num_blocks: %d ack_block_length: %d num_timestamp: %d addr: %s", + largest_observed_ack, + largest_acked_delta_time, + num_blocks, + ack_block_length, + num_timestamp, + printaddr(&pstream->addr, pstream->threadnum)); + return 0; } -// return value: Have no meaning, only numerical value -int gquic_frame_type_control(struct quic_stream* a_quic_stream, char * quic_data, UINT32 quic_data_len, UINT8 frame_type, uint32_t pkt_num_len, UINT32 *used_len) -{ - int len_reason; - *used_len+=1; - - switch(frame_type) - { - case RST_STREAM: - *used_len +=4; //stream id - *used_len+=8; //Byte Offset - *used_len+=4; //Error Code - a_quic_stream->fin_flag=QUIC_TRUE; - break; - case CONNECTION_CLOSE: - len_reason = 0; - *used_len += 4; //Error Code - len_reason = a_pntoh16(quic_data, *used_len); //Reason Phrase Length - *used_len += 2; - //Reason Phrase,If length remaining == len_reason, it is Connection Close - if(get_remaining_len(quic_data_len, *used_len) == len_reason) - { - return QUIC_DATA; - } - a_quic_stream->fin_flag=(a_quic_stream->fin_flag==QUIC_FALSE) ? QUIC_HALF_CLOSE : QUIC_TRUE; - break; - case GOAWAY: - len_reason = 0; - *used_len += 4; //Error Code - *used_len += 4; //Last Good Stream ID - len_reason = a_pntoh16(quic_data, *used_len); //Reason Phrase Length - *used_len += 2; - *used_len += len_reason; //Reason Phrase - break; - case WINDOW_UPDATE: - *used_len += 4; //Stream ID - *used_len += 8; //Byte Offset - break; - case BLOCKED: - *used_len += 4; //Stream ID - break; - case STOP_WAITING: - //No longer Entropy after Q034 - if(a_quic_stream->version < 34) - { - *used_len += 1; // Send Entropy - } - //Least Unacked Delta - *used_len += pkt_num_len; - break; - case PING: //No Payload - case PADDING: - default: - return QUIC_FALSE; - break; - } - - return QUIC_TRUE; -} -#endif - int gquic_frame_type_stream(struct streaminfo *pstream, struct _quic_context* _context, char *payload, int payload_len, int *used_len, char frame_type, void *a_packet) { int ret=0; @@ -675,10 +632,10 @@ int gquic_frame_type_stream(struct streaminfo *pstream, struct _quic_context* _c } break; case REJ: //MTAG_REJ; - ret=parse_extension_tag(pstream, &_context->quic_info.rej, a_packet, payload, payload_len, used_len, tag_num); + ret=parse_extension_tag(pstream, &_context->quic_info.rejection, a_packet, payload, payload_len, used_len, tag_num); if(ret>=0) { - ret=quic_callPlugins(pstream, _context, (void *)(_context->quic_info.rej), sizeof(void *), QUIC_SERVER_HELLO_MASK, a_packet); + ret=quic_callPlugins(pstream, _context, (void *)(_context->quic_info.rejection), sizeof(void *), QUIC_REJECTION_MASK, a_packet); } break; default: @@ -692,7 +649,12 @@ int gquic_frame_type_stream(struct streaminfo *pstream, struct _quic_context* _c int gquic_proc_unencrypt(struct streaminfo *pstream, struct _quic_context* _context, void *a_packet, char * payload, int payload_len, int *used_len) { unsigned int ret=0; - unsigned char frame_type; + unsigned char frame_type=0; + unsigned int stream_id=0; + unsigned int error_code=0; + unsigned short reason_phrase_length=0; + unsigned long long byte_offset=0; + unsigned long long least_unacked_delta=0; while(*used_lenaddr, pstream->threadnum)); + + return quic_callPlugins(pstream, _context, NULL, 0, QUIC_INTEREST_KEY_MASK, a_packet); break; case GQUIC_REGULAR_FRAME_CONNECTION_CLOSE: - return 0; //todo + error_code=(unsigned int)get_variable_length(payload, *used_len, sizeof(unsigned int)); + *used_len+=sizeof(unsigned int); + + reason_phrase_length=(unsigned short)get_variable_length(payload, *used_len, sizeof(unsigned short)); + *used_len+=sizeof(unsigned short); + + *used_len+=reason_phrase_length; // skip Reason Phrase + + MESA_handle_runtime_log(g_quic_param.logger, + RLOG_LV_DEBUG, + "QUIC_CONNECTION_CLOSE", + "error_code: %u reason_phrase_length: %d addr: %s", + error_code, + reason_phrase_length, + printaddr(&pstream->addr, pstream->threadnum)); + + return quic_callPlugins(pstream, _context, NULL, 0, QUIC_INTEREST_KEY_MASK, a_packet); break; case GQUIC_REGULAR_FRAME_GOAWAY: - return 0; //todo + error_code=(unsigned int)get_variable_length(payload, *used_len, sizeof(unsigned int)); + *used_len+=sizeof(unsigned int); + + //Last Good Stream ID + stream_id=(unsigned int)get_variable_length(payload, *used_len, sizeof(unsigned int)); + *used_len+=sizeof(unsigned int); + + reason_phrase_length=(unsigned short)get_variable_length(payload, *used_len, sizeof(unsigned short)); + *used_len+=sizeof(unsigned short); + + *used_len+=reason_phrase_length; // skip Reason Phrase + + MESA_handle_runtime_log(g_quic_param.logger, + RLOG_LV_DEBUG, + "QUIC_GOAWAY", + "error_code: %u Last Good Stream ID: %u reason_phrase_length: %d addr: %s", + error_code, + stream_id, + reason_phrase_length, + printaddr(&pstream->addr, pstream->threadnum)); break; case GQUIC_REGULAR_FRAME_WINDOW_UPDATE: - return 0; //todo + stream_id=(unsigned int)get_variable_length(payload, *used_len, sizeof(unsigned int)); + *used_len+=sizeof(unsigned int); + + byte_offset=get_variable_length(payload, *used_len, sizeof(unsigned long long)); + *used_len+=sizeof(unsigned long long); + + MESA_handle_runtime_log(g_quic_param.logger, + RLOG_LV_DEBUG, + "QUIC_WINDOW_UPDATE", + "stream_id: %u byte_offset: %llu addr: %s", + stream_id, + byte_offset, + printaddr(&pstream->addr, pstream->threadnum)); break; case GQUIC_REGULAR_FRAME_BLOCKED: - return 0; //todo + stream_id=(unsigned int)get_variable_length(payload, *used_len, sizeof(unsigned int)); + *used_len+=sizeof(unsigned int); + + MESA_handle_runtime_log(g_quic_param.logger, + RLOG_LV_DEBUG, + "QUIC_STOP_WAITING", + "stream_id: %u addr: %s", + stream_id, + printaddr(&pstream->addr, pstream->threadnum)); break; case GQUIC_REGULAR_FRAME_STOP_WAITING: - return 0; //todo + bit_to_value(payload, _context->quic_info.quic_hdr.public_flags>>4, &least_unacked_delta, used_len); + + MESA_handle_runtime_log(g_quic_param.logger, + RLOG_LV_DEBUG, + "QUIC_STOP_WAITING", + "least_unacked_delta: %llu addr: %s", + least_unacked_delta, + printaddr(&pstream->addr, pstream->threadnum)); break; case GQUIC_REGULAR_FRAME_PING: - return 0; //todo + //The PING frame contains no payload. + //The receiver of a PING frame simply needs to ACK the packet containing this frame break; default: //Regular Frame Types if(frame_type&GQUIC_SPECIAL_FRAME_STREAM) { ret=gquic_frame_type_stream(pstream, _context, payload, payload_len, used_len, frame_type, a_packet); } - else if(frame_type&GQUIC_SPECIAL_FRAME_ACK) + else if((frame_type&0xC0)==GQUIC_SPECIAL_FRAME_ACK) // high bit set 0; (frame_type: 01nullmmB) { - return 0; //todo + ret=gquic_frame_type_stream(pstream, _context, payload, payload_len, used_len, frame_type, a_packet); } - else if(frame_type&GQUIC_SPECIAL_FRAME_CONGEST_FB) + else if((frame_type&0xE0)==GQUIC_SPECIAL_FRAME_CONGEST_FB) // high two bits set 0; (frame_type: 01nullmmB) { - return 0; //todo + //not used } else { @@ -744,6 +787,11 @@ int gquic_proc_unencrypt(struct streaminfo *pstream, struct _quic_context* _cont } break; } + + if(ret&APP_STATE_DROPME || ret&APP_STATE_DROPPKT) + { + return ret; + } } return APP_STATE_GIVEME; @@ -793,7 +841,7 @@ int quic_process(struct streaminfo *pstream, struct _quic_context* _context, int { if(_context->quic_info.quic_hdr.packet_number==1) { - ret=quic_callPlugins(pstream, _context, &(_context->quic_info.quic_hdr.quic_version), sizeof(_context->quic_info.quic_hdr.quic_version), QUIC_VERSION_MASK, a_packet); + ret=quic_callPlugins(pstream, _context, &(_context->quic_info.quic_hdr.quic_version), sizeof(_context->quic_info.quic_hdr.quic_version), QUIC_USEING_VERSION_MASK, a_packet); if(ret&APP_STATE_DROPME | ret&APP_STATE_DROPPKT) { return ret; @@ -813,8 +861,17 @@ int quic_process(struct streaminfo *pstream, struct _quic_context* _context, int } } - if(_context->is_quic==QUIC_TRUE) + if(_context->is_quic==TRUE) { + if(_context->quic_info.quic_hdr.is_reset) + { + return quic_callPlugins(pstream, _context, NULL, 0, QUIC_INTEREST_KEY_MASK, a_packet); + } + + if(_context->quic_info.quic_hdr.is_version_negotiation) + { + return quic_callPlugins(pstream, _context, NULL, 0, QUIC_NEGOTIATION_VERSION_MASK, a_packet); + } return APP_STATE_GIVEME; } diff --git a/src/gquic_process.h b/src/gquic_process.h index be68d42..6be0649 100644 --- a/src/gquic_process.h +++ b/src/gquic_process.h @@ -107,12 +107,6 @@ enum _QUIC_VERSION }; -struct _gquic_reset_public_header -{ - unsigned char public_flags; - unsigned long long connection_id; - unsigned int tag; -}; //GQIIC Frame type #define GQUIC_SPECIAL_FRAME_FLAG 0xE0 // Special Frame Types @@ -243,10 +237,19 @@ struct _gquic_reset_public_header #define TAG_RSEQ 0x52534551 #define TAG_CADR 0x43414452 +struct _gquic_reset_public_header +{ + unsigned char public_flags; + unsigned long long connection_id; + unsigned int tag; +}; - -int quic_process(struct streaminfo *pstream, struct _quic_context* _context, int thread_seq, void* a_packet); - +struct _gquic_ack_frame_header +{ + unsigned long long largest_acked; + unsigned short largest_acked_delta_time; + unsigned int tag; +}; #endif diff --git a/src/quic_analysis.c b/src/quic_analysis.c index f0b20be..2988db8 100644 --- a/src/quic_analysis.c +++ b/src/quic_analysis.c @@ -37,7 +37,7 @@ static __attribute__((__used__)) const char * GIT_VERSION_UNKNOWN = NULL; } #endif -const char QUIC_VERSION_20200522=0; +const char QUIC_VERSION_20200601=0; int quic_init_stream(void **pme, int thread_seq) { @@ -91,11 +91,11 @@ void quic_release_stream(struct streaminfo *a_tcp, void** pme, int thread_seq) _context->quic_info.server_hello=NULL; } - if(_context->quic_info.rej!=NULL) + if(_context->quic_info.rejection!=NULL) { - quic_release_exts(thread_seq, _context->quic_info.rej->ext_tags, _context->quic_info.rej->ext_tag_num); - dictator_free(thread_seq, _context->quic_info.rej); - _context->quic_info.rej=NULL; + quic_release_exts(thread_seq, _context->quic_info.rejection->ext_tags, _context->quic_info.rejection->ext_tag_num); + dictator_free(thread_seq, _context->quic_info.rejection); + _context->quic_info.rejection=NULL; } dictator_free(thread_seq, _context); diff --git a/src/quic_analysis.h b/src/quic_analysis.h index 51ccd57..7743cf8 100644 --- a/src/quic_analysis.h +++ b/src/quic_analysis.h @@ -3,8 +3,10 @@ #include "gquic.h" -#define QUIC_TRUE 0x01 -#define QUIC_FALSE 0x00 +#define FALSE 0x00 +#define TRUE 0x01 + + #define QUIC_HALF_CLOSE 0x01 #define QUIC_WHOLE_CLOSE 0x02 #define QUIC_DATA 0x03