diff --git a/src/gquic.h b/src/gquic.h index 7afb3b3..0c0f182 100644 --- a/src/gquic.h +++ b/src/gquic.h @@ -8,90 +8,6 @@ #ifndef _GQUIC_H_ #define _GQUIC_H_ -//https://github.com/quicwg/base-drafts/wiki/QUIC-Versions -enum _QUIC_VERSION -{ - QUIC_VERSION_UNKNOWN=0, - //google - GQUIC_VERSION_Q001=0x51303031, - GQUIC_VERSION_Q002=0x51303032, - GQUIC_VERSION_Q003=0x51303033, - GQUIC_VERSION_Q004=0x51303034, - GQUIC_VERSION_Q005=0x51303035, - GQUIC_VERSION_Q006=0x51303036, - GQUIC_VERSION_Q007=0x51303037, - GQUIC_VERSION_Q008=0x51303038, - GQUIC_VERSION_Q009=0x51303039, - - GQUIC_VERSION_Q010=0x51303130, - GQUIC_VERSION_Q011=0x51303131, - GQUIC_VERSION_Q012=0x51303132, - GQUIC_VERSION_Q013=0x51303133, - GQUIC_VERSION_Q014=0x51303134, - GQUIC_VERSION_Q015=0x51303135, - GQUIC_VERSION_Q016=0x51303136, - GQUIC_VERSION_Q017=0x51303137, - GQUIC_VERSION_Q018=0x51303138, - GQUIC_VERSION_Q019=0x51303139, - - GQUIC_VERSION_Q020=0x51303230, - GQUIC_VERSION_Q021=0x51303231, - GQUIC_VERSION_Q022=0x51303332, - GQUIC_VERSION_Q023=0x51303333, - GQUIC_VERSION_Q024=0x51303234, - GQUIC_VERSION_Q025=0x51303235, - GQUIC_VERSION_Q026=0x51303236, - GQUIC_VERSION_Q027=0x51303237, - GQUIC_VERSION_Q028=0x51303238, - GQUIC_VERSION_Q029=0x51303239, - - GQUIC_VERSION_Q030=0x51303330, - GQUIC_VERSION_Q031=0x51303331, - GQUIC_VERSION_Q032=0x51303332, - GQUIC_VERSION_Q033=0x51303333, - GQUIC_VERSION_Q034=0x51303334, - GQUIC_VERSION_Q035=0x51303335, - GQUIC_VERSION_Q036=0x51303336, - GQUIC_VERSION_Q037=0x51303337, - GQUIC_VERSION_Q038=0x51303338, - GQUIC_VERSION_Q039=0x51303339, - - GQUIC_VERSION_Q040=0x51303430, - GQUIC_VERSION_Q041=0x51303431, - GQUIC_VERSION_Q042=0x51303432, - GQUIC_VERSION_Q043=0x51303433, - GQUIC_VERSION_Q044=0x51303434, - GQUIC_VERSION_Q045=0x51303435, - GQUIC_VERSION_Q046=0x51303436, - GQUIC_VERSION_Q047=0x51303437, - GQUIC_VERSION_Q048=0x51303438, //Google QUIC with TLS - GQUIC_VERSION_Q049=0x51303439, //Google QUIC with TLS - - GQUIC_VERSION_Q050=0x51303530, - GQUIC_VERSION_Q051=0x51303531, - GQUIC_VERSION_Q052=0x51303532, - GQUIC_VERSION_Q053=0x51303533, - GQUIC_VERSION_Q054=0x51303534, - GQUIC_VERSION_Q055=0x51303535, - GQUIC_VERSION_Q056=0x51303536, - GQUIC_VERSION_Q057=0x51303537, - GQUIC_VERSION_Q058=0x51303538, - GQUIC_VERSION_Q059=0x51303539, - - GQUIC_VERSION_Q099=0x51303939, - - //Google Proxied QUIC - PQUIC_VERSION_PROX=0x50524f58 - //GOQUIC_VERSION_GO=0x51474f[0-255], - //quicly - //QUICKLY_VERSION_QUICLY=0x91c170[0-255] - - //IETF - //IQUIC_VERSION_=0xf10000 - -}; - - #define QUIC_INTEREST_KEY (1<0: quic +int quic_protocol_identify(struct streaminfo *a_stream, void *a_packet, char *out_sni, int out_sni_len); -int quic_init_stream(void **pme, int thread_seq); // **pme=(struct _quic_context* ) -void quic_release_stream(struct streaminfo *a_tcp, void **pme, int thread_seq); -enum _QUIC_VERSION is_quic_protocol(struct streaminfo *pstream, struct _quic_context* _context, char *payload, int payload_len, int *used_len); #endif /* SRC_GQUIC_H_ */ diff --git a/src/gquic_process.c b/src/gquic_process.c index 13cd369..41a65f8 100644 --- a/src/gquic_process.c +++ b/src/gquic_process.c @@ -613,21 +613,21 @@ int gquic_frame_type_stream(struct streaminfo *pstream, struct _quic_context* _c switch(message_tag) { case CHLO: //MTAG_CHLO; - ret=parse_extension_tag(pstream, &_context->quic_info.client_hello, a_packet, payload, payload_len, used_len, tag_num); + ret=parse_extension_tag(pstream, &(_context->quic_info.client_hello), a_packet, payload, payload_len, used_len, tag_num); if(ret>=0 && _context->call_business) { ret=quic_callPlugins(pstream, _context, (void *)(_context->quic_info.client_hello), sizeof(void *), QUIC_CLIENT_HELLO_MASK, a_packet); } break; case SHLO: //MTAG_SHLO; - ret=parse_extension_tag(pstream, &_context->quic_info.server_hello, a_packet, payload, payload_len, used_len, tag_num); + ret=parse_extension_tag(pstream, &(_context->quic_info.server_hello), a_packet, payload, payload_len, used_len, tag_num); if(ret>=0 && _context->call_business) { ret=quic_callPlugins(pstream, _context, (void *)(_context->quic_info.server_hello), sizeof(void *), QUIC_SERVER_HELLO_MASK, a_packet); } break; case REJ: //MTAG_REJ; - ret=parse_extension_tag(pstream, &_context->quic_info.rejection, a_packet, payload, payload_len, used_len, tag_num); + ret=parse_extension_tag(pstream, &(_context->quic_info.rejection), a_packet, payload, payload_len, used_len, tag_num); if(ret>=0 && _context->call_business) { ret=quic_callPlugins(pstream, _context, (void *)(_context->quic_info.rejection), sizeof(void *), QUIC_REJECTION_MASK, a_packet); @@ -637,7 +637,7 @@ int gquic_frame_type_stream(struct streaminfo *pstream, struct _quic_context* _c break; } - return (ret>=0) ? ret : APP_STATE_GIVEME; + return ret; } //frame type->stream->offset->data length @@ -796,6 +796,7 @@ int gquic_proc_unencrypt(struct streaminfo *pstream, struct _quic_context* _cont //QUIC_DATA:is quic data pcap;QUIC_TRUE:is handshake pcap;QUIC_RETURN_DROPME:not quic protocol; int parse_gquic_Q046(struct streaminfo *pstream, struct _quic_context* _context, void *a_packet, char * payload, int payload_len, int *used_len) { + int ret=APP_STATE_GIVEME; unsigned char frame_type; unsigned short tag_num=0; unsigned int stream_id, message_tag; @@ -807,15 +808,20 @@ int parse_gquic_Q046(struct streaminfo *pstream, struct _quic_context* _context, if(frame_type&IQUIC_FRAME_STREAM_HEX08) { - gquic_frame_type_stream(pstream, _context, payload, payload_len, used_len, frame_type, a_packet); + ret=gquic_frame_type_stream(pstream, _context, payload, payload_len, used_len, frame_type, a_packet); } else { return 0; //todo } + + if(ret&APP_STATE_DROPME || ret&APP_STATE_DROPPKT) + { + return ret; + } } - return QUIC_RETURN_NORM; + return APP_STATE_GIVEME; } //cid->version->nounce->pkt num->ahn hash(12) @@ -854,6 +860,11 @@ int quic_process(struct streaminfo *pstream, struct _quic_context* _context, int default: break; } + + if(ret&APP_STATE_DROPME | ret&APP_STATE_DROPPKT) + { + return ret; + } } if(_context->is_quic==TRUE) @@ -873,3 +884,31 @@ int quic_process(struct streaminfo *pstream, struct _quic_context* _context, int return APP_STATE_DROPME;; } + +int quic_protocol_identify(struct streaminfo *a_stream, void *a_packet, char *out_sni, int out_sni_len) +{ + int ret=APP_STATE_GIVEME; + int sni_len=0,len=0; + void *pme=NULL; + char *sni=NULL; + struct _quic_context *_context=NULL; + + quic_init_stream(&pme, a_stream->threadnum); + _context=(struct _quic_context *)pme; + + ret=quic_process(a_stream, _context, a_stream->threadnum, a_packet); + if(ret!=PROT_STATE_DROPME) + { + if(_context->quic_info.client_hello!=NULL) + { + sni=(char *)(_context->quic_info.client_hello->ext_tags[_context->quic_info.client_hello->sni_idx].value); + sni_len=_context->quic_info.client_hello->ext_tags[_context->quic_info.client_hello->sni_idx].length; + len= sni_len>(out_sni_len-1) ? (out_sni_len-1) : sni_len; + memcpy(out_sni, sni, len); + } + } + + quic_release_stream(&pme, a_stream->threadnum); + + return len; +} diff --git a/src/gquic_process.h b/src/gquic_process.h index 90072b9..52a8ebd 100644 --- a/src/gquic_process.h +++ b/src/gquic_process.h @@ -152,6 +152,105 @@ #define TAG_RSEQ 0x52534551 #define TAG_CADR 0x43414452 +//https://github.com/quicwg/base-drafts/wiki/QUIC-Versions +enum _QUIC_VERSION +{ + QUIC_VERSION_UNKNOWN=0, + //google + GQUIC_VERSION_Q001=0x51303031, + GQUIC_VERSION_Q002=0x51303032, + GQUIC_VERSION_Q003=0x51303033, + GQUIC_VERSION_Q004=0x51303034, + GQUIC_VERSION_Q005=0x51303035, + GQUIC_VERSION_Q006=0x51303036, + GQUIC_VERSION_Q007=0x51303037, + GQUIC_VERSION_Q008=0x51303038, + GQUIC_VERSION_Q009=0x51303039, + + GQUIC_VERSION_Q010=0x51303130, + GQUIC_VERSION_Q011=0x51303131, + GQUIC_VERSION_Q012=0x51303132, + GQUIC_VERSION_Q013=0x51303133, + GQUIC_VERSION_Q014=0x51303134, + GQUIC_VERSION_Q015=0x51303135, + GQUIC_VERSION_Q016=0x51303136, + GQUIC_VERSION_Q017=0x51303137, + GQUIC_VERSION_Q018=0x51303138, + GQUIC_VERSION_Q019=0x51303139, + + GQUIC_VERSION_Q020=0x51303230, + GQUIC_VERSION_Q021=0x51303231, + GQUIC_VERSION_Q022=0x51303332, + GQUIC_VERSION_Q023=0x51303333, + GQUIC_VERSION_Q024=0x51303234, + GQUIC_VERSION_Q025=0x51303235, + GQUIC_VERSION_Q026=0x51303236, + GQUIC_VERSION_Q027=0x51303237, + GQUIC_VERSION_Q028=0x51303238, + GQUIC_VERSION_Q029=0x51303239, + + GQUIC_VERSION_Q030=0x51303330, + GQUIC_VERSION_Q031=0x51303331, + GQUIC_VERSION_Q032=0x51303332, + GQUIC_VERSION_Q033=0x51303333, + GQUIC_VERSION_Q034=0x51303334, + GQUIC_VERSION_Q035=0x51303335, + GQUIC_VERSION_Q036=0x51303336, + GQUIC_VERSION_Q037=0x51303337, + GQUIC_VERSION_Q038=0x51303338, + GQUIC_VERSION_Q039=0x51303339, + + GQUIC_VERSION_Q040=0x51303430, + GQUIC_VERSION_Q041=0x51303431, + GQUIC_VERSION_Q042=0x51303432, + GQUIC_VERSION_Q043=0x51303433, + GQUIC_VERSION_Q044=0x51303434, + GQUIC_VERSION_Q045=0x51303435, + GQUIC_VERSION_Q046=0x51303436, + GQUIC_VERSION_Q047=0x51303437, + GQUIC_VERSION_Q048=0x51303438, //Google QUIC with TLS + GQUIC_VERSION_Q049=0x51303439, //Google QUIC with TLS + + GQUIC_VERSION_Q050=0x51303530, + GQUIC_VERSION_Q051=0x51303531, + GQUIC_VERSION_Q052=0x51303532, + GQUIC_VERSION_Q053=0x51303533, + GQUIC_VERSION_Q054=0x51303534, + GQUIC_VERSION_Q055=0x51303535, + GQUIC_VERSION_Q056=0x51303536, + GQUIC_VERSION_Q057=0x51303537, + GQUIC_VERSION_Q058=0x51303538, + GQUIC_VERSION_Q059=0x51303539, + + GQUIC_VERSION_Q099=0x51303939, + + //Google Proxied QUIC + PQUIC_VERSION_PROX=0x50524f58 + //GOQUIC_VERSION_GO=0x51474f[0-255], + //quicly + //QUICKLY_VERSION_QUICLY=0x91c170[0-255] + + //IETF + //IQUIC_VERSION_=0xf10000 + +}; + +struct _quic_context +{ + int is_quic; + int link_state; + int call_business; + void *business_pme; + struct _quic_info quic_info; +}; + +int quic_process(struct streaminfo *pstream, struct _quic_context* _context, int thread_seq, void* a_packet); + +int quic_init_stream(void **pme, int thread_seq); // **pme=(struct _quic_context* ) +void quic_release_stream(void **pme, int thread_seq); +enum _QUIC_VERSION is_quic_protocol(struct streaminfo *pstream, struct _quic_context* _context, char *payload, int payload_len, int *used_len); + + struct _gquic_reset_public_header { unsigned char public_flags; diff --git a/src/quic_analysis.c b/src/quic_analysis.c index 907e945..11a7c0c 100644 --- a/src/quic_analysis.c +++ b/src/quic_analysis.c @@ -37,13 +37,11 @@ static __attribute__((__used__)) const char * GIT_VERSION_UNKNOWN = NULL; } #endif -const char QUIC_VERSION_20200601=0; +const char QUIC_VERSION_20200603=0; int quic_init_stream(void **pme, int thread_seq) { - struct _quic_context *_context=(struct _quic_context *)*pme; - - _context=(struct _quic_context *)dictator_malloc(thread_seq, sizeof(struct _quic_context)); + struct _quic_context *_context=(struct _quic_context *)dictator_malloc(thread_seq, sizeof(struct _quic_context)); memset(_context, 0, sizeof(struct _quic_context)); *pme=(void*)_context; @@ -72,7 +70,7 @@ void quic_release_exts(int thread_seq, quic_tlv_t *ext_tags, int ext_tag_num) } -void quic_release_stream(struct streaminfo *a_tcp, void** pme, int thread_seq) +void quic_release_stream(void** pme, int thread_seq) { struct _quic_context *_context = (struct _quic_context *)*pme; if(NULL!=_context) @@ -273,12 +271,11 @@ extern "C" char QUIC_ENTRY(struct streaminfo *pstream, void**pme, int thread_seq if(ret&APP_STATE_DROPME|| pstream->opstate==OP_STATE_CLOSE) { - quic_release_stream(pstream, pme, thread_seq); + quic_release_stream(pme, thread_seq); *pme=NULL; return ret; } return APP_STATE_GIVEME; -}/*QUICNIT*/ - +}