backport to master, from TSG-21660:fix support QUIC CHLO fragment

.gitignore

@@ -10,3 +10,5 @@ build*/
 src/inc
 src/lib64
 cmake-build-*/
+.cache/
+.vscode/

src/quic_entry.cpp

@@ -149,7 +149,10 @@ void quic_free_context(const struct streaminfo *a_stream, int bridge_id, void *d
 	{
 		struct quic_context *context = (struct quic_context *)data;
 		quic_free_client_hello(context->quic_info.client_hello, a_stream->threadnum);
-		
+		if(context->quic_buf.buffer)
+		{
+			dictator_free(a_stream->threadnum, context->quic_buf.buffer);
+		}
 		dictator_free(a_stream->threadnum, data);
 	}
 }

src/quic_process.cpp

@@ -520,7 +520,7 @@ int parse_tls_client_hello(struct quic_client_hello **client_hello, const char *
 
 int parse_quic_decrypted_payload(struct quic_info *quic_info, const char * payload, int payload_len, int thread_seq)
 {
-	char join_payload[2048]={0};
+	char join_payload[MAX_CLIENT_HELLO_CHUNK_SIZE]={};
 	int join_payload_len=sizeof(join_payload);
 	unsigned int quic_version=quic_info->quic_version;
 
@@ -767,9 +767,109 @@ enum QUIC_VERSION is_quic_protocol(const char *payload, int payload_len, int *pa
 	return quic_version;
 }
 
-unsigned char parse_quic_all_version(struct quic_info *quic_info, const char *payload, int payload_len, int thread_seq)
+static void quic_chlo_chunk_assemble(struct quic_buffer *qbuf, unsigned char *new_payload, int new_len, int thread_seq)
 {
-	int ret=0, payload_offset=0;
+	if(NULL == new_payload || new_len <= 0){
+		return;
+	}
+	if(NULL == qbuf->buffer){
+		qbuf->buffer = (unsigned char *)dictator_malloc(thread_seq, MAX_CLIENT_HELLO_CHUNK_SIZE);
+		qbuf->max_size = MAX_CLIENT_HELLO_CHUNK_SIZE;
+	}
+	int max_copy_len = MIN((int)(qbuf->max_size - qbuf->datalen), new_len);
+	memcpy(qbuf->buffer + qbuf->datalen, new_payload, max_copy_len);
+	qbuf->datalen += max_copy_len;
+}
+
+static int get_chlo_total_length(const unsigned char *payload, int payload_len)
+{
+	const struct quic_client_hello_msg_hdr *chlo_hdr=(const struct quic_client_hello_msg_hdr *)payload;
+	int chlo_len=0;
+	uint8_t *p = (uint8_t *)&chlo_len;
+	p[2] = chlo_hdr->client_hello_len[0];
+	p[1] = chlo_hdr->client_hello_len[1];
+	p[0] = chlo_hdr->client_hello_len[2];
+	return chlo_len;
+}
+/*
+	1: is chlo, and complete!
+	0: is chlo, but fragment;
+	-1: not support
+*/
+static int quic_chlo_is_complete(enum QUIC_VERSION quic_version, const unsigned char *payload, int payload_len)
+{
+	if(!( (quic_version>=MVFST_VERSION_00 && quic_version<=MVFST_VERSION_0F)	||
+		(quic_version>=GQUIC_VERSION_T050 && quic_version<=GQUIC_VERSION_T059)	||
+		(quic_version>=IQUIC_VERSION_I022 && quic_version<=IQUIC_VERSION_I029)	||
+		(quic_version==IQUIC_VERSION_RFC9000)))
+	{
+		return -1;
+	}
+
+	if((payload[0] != 0x06) && (payload[0] != 0x08)) 
+	{
+		return -1;
+	}
+	int payload_offset = 0;
+	long frame_offset, frame_length;
+	payload_offset = 1; //skip frame type
+	payload_offset+=msb2_varint_decode(payload+payload_offset, &frame_offset);
+	payload_offset+=msb2_varint_decode(payload+payload_offset, &frame_length);
+
+	if(payload[payload_offset] != QUIC_HANDSHAKE_TYPE_CLIENTHELLO)
+	{
+		return -1;
+	}
+	int expect_len = get_chlo_total_length(payload + payload_offset, payload_len-payload_offset);
+	if(payload_len-payload_offset >= expect_len){
+		return 1;
+	}
+	return 0;
+}
+
+static enum PARSE_RESULT quic_decrypting_payload(struct quic_context *qcontext, unsigned char *udp_payload, int udp_payload_len, int thread_seq)
+{
+	struct quic_buffer *qbuf = &qcontext->quic_buf;
+	unsigned char *quic_decrypted_payload;
+	int ret, quic_decrypted_payload_len;
+	quic_dpt_t *dpt = quic_deprotection_new();
+	enum PARSE_RESULT parse_result = PARSE_RESULT_UNKNOWN;
+
+	if(quic_deprotection(dpt, (const u_char *)udp_payload, udp_payload_len) < 0){
+		goto err_exit;
+	}
+
+	if(qbuf->datalen > 0){ //some fragment exist
+		quic_chlo_chunk_assemble(qbuf, dpt->payload.data, dpt->payload.len, thread_seq);
+		quic_decrypted_payload = qbuf->buffer;
+		quic_decrypted_payload_len = qbuf->datalen;
+	}else{
+		quic_decrypted_payload = dpt->payload.data;
+		quic_decrypted_payload_len = dpt->payload.len;
+	}
+
+	ret = quic_chlo_is_complete((enum QUIC_VERSION)qcontext->quic_info.quic_version, quic_decrypted_payload, quic_decrypted_payload_len);
+	if(0 == ret){
+		if(NULL == qbuf->buffer || 0 == qbuf->datalen){
+			quic_chlo_chunk_assemble(qbuf, dpt->payload.data, dpt->payload.len, thread_seq);
+		}
+		parse_result = PARSE_RESULT_VERSION;
+		goto fun_exit;
+	}
+	parse_result = (enum PARSE_RESULT)parse_quic_decrypted_payload(&qcontext->quic_info, (char *)quic_decrypted_payload, quic_decrypted_payload_len, thread_seq);
+
+fun_exit:	
+	quic_deprotection_free(dpt);
+	return parse_result;
+
+err_exit:
+	quic_deprotection_free(dpt);
+	return PARSE_RESULT_VERSION;
+}
+
+unsigned char parse_quic_all_version(struct quic_context *qcontext, const char *payload, int payload_len, int thread_seq)
+{
+	int  payload_offset=0;
 	enum QUIC_VERSION quic_version=QUIC_VERSION_UNKNOWN;
 
 	if(payload==NULL || payload_len<=0)
@@ -783,13 +883,13 @@ unsigned char parse_quic_all_version(struct quic_info *quic_info, const char *pa
 		return PARSE_RESULT_UNKNOWN;
 	}
 	
-	quic_info->quic_version=quic_version;
+	qcontext->quic_info.quic_version=quic_version;
 	
 	if(quic_version>=GQUIC_VERSION_Q001 && quic_version<=GQUIC_VERSION_Q048)
 	{
 		if(payload_len > payload_offset)
 		{
-			return parse_quic_uncryption_payload(quic_info, payload+payload_offset, payload_len-payload_offset, thread_seq);
+			return parse_quic_uncryption_payload(&qcontext->quic_info, payload+payload_offset, payload_len-payload_offset, thread_seq);
 		}
 		return PARSE_RESULT_VERSION;
 	}
@@ -802,6 +902,7 @@ unsigned char parse_quic_all_version(struct quic_info *quic_info, const char *pa
 			&& g_quic_param.decrypted_switch>0
 					)
 	{
+#if 0		
 		quic_dpt_t *dpt = quic_deprotection_new();
 		if (quic_deprotection(dpt, (const u_char *)payload, payload_len) != 0)
 		{
@@ -816,6 +917,9 @@ unsigned char parse_quic_all_version(struct quic_info *quic_info, const char *pa
 			return ret;
 		}
 		quic_deprotection_free(dpt);
+#else
+		return quic_decrypting_payload(qcontext, (unsigned char *)payload, payload_len, thread_seq);
+#endif		
 	}
 	else
 	{
@@ -844,7 +948,7 @@ unsigned char quic_analyze_entry(const struct streaminfo *pstream, struct quic_c
 			parse_result=PARSE_RESULT_PAYLOAD;
 			break;
 		case	PARSE_RESULT_VERSION:
-			parse_result=parse_quic_all_version(&(context->quic_info), (const char *)udp_detail->pdata, udp_detail->datalen, thread_seq);
+			parse_result=parse_quic_all_version(context, (const char *)udp_detail->pdata, udp_detail->datalen, thread_seq);
 			if(parse_result==PARSE_RESULT_VERSION || parse_result==PARSE_RESULT_UNKNOWN)
 			{
 				parse_result=PARSE_RESULT_PAYLOAD;
@@ -872,7 +976,7 @@ unsigned char quic_analyze_entry(const struct streaminfo *pstream, struct quic_c
 				parse_result=PARSE_RESULT_PAYLOAD;
 				break;
 			}
-			parse_result=parse_quic_all_version(&(context->quic_info), (const char *)udp_detail->pdata, udp_detail->datalen, thread_seq);
+			parse_result=parse_quic_all_version(context, (const char *)udp_detail->pdata, udp_detail->datalen, thread_seq);
 			break;
 	}
 	
@@ -904,15 +1008,15 @@ struct quic_info *quic_protocol_identify(const struct streaminfo *a_stream)
 		return NULL;
 	}
 
-	struct quic_info tmp_quic_info={0, NULL};
+	struct quic_context tmp_qcontext = {};
 	unsigned char parse_result=APP_STATE_GIVEME;
 
-	parse_result=parse_quic_all_version(&tmp_quic_info, (const char *)a_stream->pudpdetail->pdata, a_stream->pudpdetail->datalen, a_stream->threadnum);
+	parse_result=parse_quic_all_version(&tmp_qcontext, (const char *)a_stream->pudpdetail->pdata, a_stream->pudpdetail->datalen, a_stream->threadnum);
 	if(parse_result!=PARSE_RESULT_UNKNOWN)
 	{
 		struct quic_context *context=(struct quic_context *)dictator_malloc(a_stream->threadnum, sizeof(struct quic_context));
 		memset(context, 0, sizeof(struct quic_context));
-		context->quic_info=tmp_quic_info;
+		context->quic_info=tmp_qcontext.quic_info;
 		context->parse_first_pkt=1;
 		context->pre_parse_state=PARSE_RESULT_UNKNOWN;
 		

src/quic_process.h

@@ -279,6 +279,14 @@ enum QUIC_VERSION
 	IQUIC_VERSION_I032=0xFF000020
 };
 
+#define MAX_CLIENT_HELLO_CHUNK_SIZE (4096)
+struct quic_buffer
+{
+	unsigned char *buffer;
+	size_t max_size;
+	size_t datalen;
+};
+
 struct quic_context
 {
 	unsigned char link_state;
@@ -288,6 +296,7 @@ struct quic_context
 	unsigned char padding[4];
 	void *business_pme;
 	struct quic_info quic_info;
+	struct quic_buffer quic_buf; // for client hello fragment
 };
 
 unsigned char quic_analyze_entry(const struct streaminfo *pstream, struct quic_context* context, int thread_seq, const void* a_packet);

test/CMakeLists.txt

@@ -59,3 +59,4 @@ add_test(NAME QUIC_RFC9000_FRAGMENT COMMAND proto_test_main ${CMAKE_CURRENT_SOUR
 add_test(NAME QUIC_RFC9000_SPECIAL COMMAND proto_test_main ${CMAKE_CURRENT_SOURCE_DIR}/pcap/rfc9000-special/${lib_name}_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/pcap/rfc9000-special/ -name *.pcap|sort -V" WORKING_DIRECTORY ${PROTO_TEST_RUN_DIR})
 add_test(NAME QUIC_AIRPORT COMMAND proto_test_main ${CMAKE_CURRENT_SOURCE_DIR}/pcap/airport/${lib_name}_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/pcap/airport -name *.pcap|sort -V" WORKING_DIRECTORY ${PROTO_TEST_RUN_DIR})
 add_test(NAME QUIC_SPECIAL COMMAND proto_test_main ${CMAKE_CURRENT_SOURCE_DIR}/pcap/special/${lib_name}_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/pcap/special/ -name *.pcap|sort -V" WORKING_DIRECTORY ${PROTO_TEST_RUN_DIR})
+add_test(NAME QUIC_CHLO_FRAGMENT COMMAND proto_test_main ${CMAKE_CURRENT_SOURCE_DIR}/pcap/rfc9000-chlo-fragment/${lib_name}_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/pcap/rfc9000-chlo-fragment/ -name *.pcap|sort -V" WORKING_DIRECTORY ${PROTO_TEST_RUN_DIR})

test/pcap/rfc9000-chlo-fragment/quic_result.json

@@ -0,0 +1,32 @@
+[
+    {
+        "Tuple4": "2607:5d00:2:2::38:2.53977>2404:6800:4005:807::2004.443",
+        "VERSION": "IETF QUIC RFC9000",
+        "SNI": "www.google.com",
+        "name": "QUIC_RESULT_1"
+    },
+    {
+        "Tuple4": "2607:5d00:2:2::38:2.50835>2404:6800:4005:80d::2003.443",
+        "VERSION": "IETF QUIC RFC9000",
+        "SNI": "www.google.com.hk",
+        "name": "QUIC_RESULT_2"
+    },
+    {
+        "Tuple4": "192.168.64.25.61166>157.240.245.35.443",
+        "VERSION": "IETF QUIC RFC9000",
+        "SNI": "www.facebook.com",
+        "name": "QUIC_RESULT_3"
+    },
+    {
+        "Tuple4": "2607:5d00:2:2::38:2.54817>2404:6800:4005:80c::200a.443",
+        "VERSION": "IETF QUIC RFC9000",
+        "SNI": "optimizationguide-pa.googleapis.com",
+        "name": "QUIC_RESULT_4"
+    },
+    {
+        "Tuple4": "192.168.54.157.60388>142.250.71.164.443",
+        "VERSION": "IETF QUIC RFC9000",
+        "SNI": "www.google.com",
+        "name": "QUIC_RESULT_5"
+    }
+]