diff --git a/demo/demo.cpp b/demo/demo.cpp index e69845b..dfafb19 100644 --- a/demo/demo.cpp +++ b/demo/demo.cpp @@ -173,7 +173,7 @@ int parse_encrypt_client_hello(void *pstream, struct _quic_stream *quic_stream, used_len+=skip_len; extension_total_len=(int)get_value(payload, &used_len, 2); //Extension length - if(!check_length(payload_len-used_len, extension_total_len)) + if(!check_length(payload_len-used_len, extension_total_len) && (extension_total_len!=payload_len-used_len)) { return flags; } diff --git a/src/gquic_process.cpp b/src/gquic_process.cpp index 0f185ca..fa7f641 100644 --- a/src/gquic_process.cpp +++ b/src/gquic_process.cpp @@ -1169,7 +1169,7 @@ int parse_encrypt_client_hello(struct streaminfo *pstream, struct _quic_stream * used_len+=skip_len; extension_total_len=(int)get_value(payload, &used_len, 2); //Extension length - if(!check_length(payload_len-used_len, extension_total_len)) + if(!check_length(payload_len-used_len, extension_total_len) && (payload_len-used_len!=extension_total_len)) { return flags; } @@ -1235,6 +1235,9 @@ int parse_decrypt_quic(struct streaminfo *pstream, struct _quic_context* _contex { _context->quic_info.client_hello=(struct _quic_stream *)dictator_malloc(pstream->threadnum, sizeof(struct _quic_stream)); memset(_context->quic_info.client_hello, 0, sizeof(struct _quic_stream)); + _context->quic_info.client_hello->sni_idx=0xFF; + _context->quic_info.client_hello->ua_idx=0xFF; + _context->quic_info.client_hello->ver_idx=0xFF; } ret=parse_encrypt_client_hello(pstream, _context->quic_info.client_hello, a_packet, payload+*used_len, payload_len-*used_len); //Frame Type=1, offset=1, length=2 if(ret>0 && _context->call_business) @@ -1314,7 +1317,7 @@ int quic_process(struct streaminfo *pstream, struct _quic_context* _context, int ret=dissect_quic((char *)udp_detail->pdata, udp_detail->datalen, decrypt_payload, &decrypt_payload_len); if(ret!=1) { - return APP_STATE_DROPME; + return APP_STATE_GIVEME; } ret=parse_decrypt_quic(pstream, _context, a_packet, decrypt_payload, decrypt_payload_len, &used_len); break; @@ -1373,7 +1376,7 @@ unsigned int quic_protocol_identify(struct streaminfo *a_stream, void *a_packet, ret=quic_process(a_stream, _context, a_stream->threadnum, a_packet); if(ret!=PROT_STATE_DROPME && _context->is_quic!=QUIC_VERSION_UNKNOWN) { - if(_context->quic_info.client_hello!=NULL) + if(_context->quic_info.client_hello!=NULL && _context->quic_info.client_hello->ext_tags!=NULL) { if(_context->quic_info.client_hello->sni_idx!=0xFF) { diff --git a/test/pcap/iquic/29/quic_result.json b/test/pcap/iquic/29/quic_result.json index e9eb40e..6cee24e 100644 --- a/test/pcap/iquic/29/quic_result.json +++ b/test/pcap/iquic/29/quic_result.json @@ -3,9 +3,13 @@ "VERSION": "IETF QUIC 29", "SNI": "www.facebook.com", "name": "QUIC_RESULT_1" + }, { + "Tuple4": "223.104.233.102.13650>203.208.40.98.443", + "VERSION": "IETF QUIC 29", + "name": "QUIC_RESULT_2" }, { "Tuple4": "192.168.50.33.57220>114.250.70.38.443", "VERSION": "IETF QUIC 29", "SNI": "securepubads.g.doubleclick.net", - "name": "QUIC_RESULT_2" + "name": "QUIC_RESULT_3" }] diff --git a/test/pcap/rfc9000/2-ietf-rfc9000-124.88.191.113.39716-114.250.66.33-443.pcap b/test/pcap/rfc9000/2-ietf-rfc9000-124.88.191.113.39716-114.250.66.33-443.pcap new file mode 100644 index 0000000..ee760fb Binary files /dev/null and b/test/pcap/rfc9000/2-ietf-rfc9000-124.88.191.113.39716-114.250.66.33-443.pcap differ diff --git a/test/pcap/rfc9000/quic_result.json b/test/pcap/rfc9000/quic_result.json index 33179dc..38f21e3 100644 --- a/test/pcap/rfc9000/quic_result.json +++ b/test/pcap/rfc9000/quic_result.json @@ -1,8 +1,11 @@ -[ - { - "Tuple4": "192.168.60.32.59699>64.233.164.84.443", - "VERSION": "IETF QUIC RFC9000", - "SNI": "accounts.google.com", - "name": "QUIC_RESULT_1" - } -] +[{ + "Tuple4": "192.168.60.32.59699>64.233.164.84.443", + "VERSION": "IETF QUIC RFC9000", + "SNI": "accounts.google.com", + "name": "QUIC_RESULT_1" + }, { + "Tuple4": "124.88.191.113.39716>114.250.66.33.443", + "VERSION": "IETF QUIC RFC9000", + "SNI": "safebrowsing.googleapis.com", + "name": "QUIC_RESULT_2" +}]