diff --git a/bin/main.conf b/bin/main.conf index 8109155..13b4496 100644 --- a/bin/main.conf +++ b/bin/main.conf @@ -3,4 +3,5 @@ QUIC_PORT_LIST=443;8443;4433; LOG_LEVEL=30 LOG_PATH="./log/quic/quic" DECRYPTED_SWITCH=2 -MAX_PARSE_PKT_NUM=3 +#MAX_PARSE_PKT_NUM=3 +MAX_CHLO_SIZE=4096 diff --git a/src/quic_entry.cpp b/src/quic_entry.cpp index 52d3ccd..afd40b3 100644 --- a/src/quic_entry.cpp +++ b/src/quic_entry.cpp @@ -155,22 +155,22 @@ void *quic_session_ctx_new_cb(struct session *sess, void *plugin_env) stellar_session_plugin_dettach_current_session(sess); return NULL; } - int thread_seq = session_get_current_thread_id(sess); - size_t payload_len = -1; + size_t payload_len = 0; const char * payload = session_get0_current_payload(sess, &payload_len); if(NULL == payload || payload_len <= 0) { stellar_session_plugin_dettach_current_session(sess); return NULL; } - struct quic_info tmp_qinfo = {}; - if(PARSE_RESULT_UNKNOWN == parse_quic_all_version(quic_plugin_env, &tmp_qinfo, payload, payload_len, thread_seq)) + int payload_offset = 0; + enum QUIC_VERSION_T quic_ver = is_quic_protocol(payload, payload_len, &payload_offset); + if(QUIC_VERSION_UNKNOWN == quic_ver) { stellar_session_plugin_dettach_current_session(sess); return NULL; } struct quic_context *qcontext = (struct quic_context *)CALLOC(1, sizeof(struct quic_context)); - memcpy(&qcontext->quic_info, &tmp_qinfo, sizeof(struct quic_info)); + qcontext->quic_info.quic_version = (unsigned int )quic_ver; struct quic_message *qmsg = quic_create_message(QUIC_NEW, qcontext); quic_session_mq_publish_message_safe(sess, quic_plugin_env->quic_topic_id, qmsg); return (void *)qcontext; @@ -181,6 +181,9 @@ void quic_session_ctx_free_cb(struct session *sess, void *session_ctx, void *plu if(session_ctx){ struct quic_context *qcontext = (struct quic_context *)session_ctx; free_quicinfo(&qcontext->quic_info); + if(qcontext->quic_buf.buffer){ + free(qcontext->quic_buf.buffer); + } FREE(session_ctx); } return; @@ -207,7 +210,8 @@ extern "C" void *QUIC_ONLOAD(struct stellar *st) MESA_load_profile_string_def(g_quic_proto_conffile, "QUIC", "LOG_PATH", quic_plugin_env->log_path, sizeof(quic_plugin_env->log_path), g_quic_log_path); MESA_load_profile_int_def(g_quic_proto_conffile, "QUIC", "DECRYPTED_SWITCH", &quic_plugin_env->decrypted_switch, 2); - MESA_load_profile_int_def(g_quic_proto_conffile, "QUIC", "MAX_PARSE_PKT_NUM", &quic_plugin_env->max_parse_pkt_num, 3); + // MESA_load_profile_int_def(g_quic_proto_conffile, "QUIC", "MAX_PARSE_PKT_NUM", &quic_plugin_env->max_parse_pkt_num, 3); + MESA_load_profile_int_def(g_quic_proto_conffile, "QUIC", "MAX_CHLO_SIZE", &quic_plugin_env->max_chlo_size, 4096); MESA_load_profile_string_def(g_quic_proto_conffile, "QUIC", "QUIC_PORT_LIST", buff, sizeof(buff), "443;8443;"); quic_plugin_env->quic_port_num=parse_quic_port(buff, quic_plugin_env->quic_port_list, SUPPORT_QUIC_PORT_NUM); diff --git a/src/quic_entry.h b/src/quic_entry.h index 9b4e6fa..a35c808 100644 --- a/src/quic_entry.h +++ b/src/quic_entry.h @@ -31,7 +31,8 @@ struct quic_param int level; int quic_port_num; int decrypted_switch; - int max_parse_pkt_num; + // int max_parse_pkt_num; + int max_chlo_size; // int context_bridge_id; int exdata_id; int udp_topic_id; //as subscriber diff --git a/src/quic_process.cpp b/src/quic_process.cpp index 95778dc..9432cc7 100644 --- a/src/quic_process.cpp +++ b/src/quic_process.cpp @@ -5,6 +5,7 @@ * Author: liuxueli */ +#include #include #include #include @@ -122,7 +123,7 @@ static int gquic_pkn_bit2length(unsigned char bit_value) return 1; } -static int copy_extension_tag(const char *tag_start_pos, int tag_len, qstring *out, int thread_seq) +static int copy_extension_tag(const unsigned char *tag_start_pos, int tag_len, qstring *out) { if(tag_start_pos!=NULL && tag_len>0) { @@ -184,7 +185,7 @@ Long Header (used for packets that are sent prior to the completion of version n */ -static int join_client_hello_frames(const char *payload, int payload_len, char *join_payload, int *join_payload_len) +static int join_client_hello_frames(const unsigned char *payload, int payload_len, unsigned char *join_payload, int *join_payload_len) { int joined_length=0; int payload_offset=0; @@ -247,7 +248,7 @@ static int parse_gquic_version_44to48_header(const char *payload, int payload_le return 1; } -int parse_special_frame_stream(struct quic_info* quic_info, const char *payload, int payload_len, int thread_seq) +int parse_special_frame_stream(struct quic_info* quic_info, const unsigned char *payload, int payload_len) { int tag_num = 0; int payload_offset=0; @@ -315,11 +316,11 @@ int parse_special_frame_stream(struct quic_info* quic_info, const char *payload, switch(ext_tag_type) { case TAG_UAID: - copy_extension_tag(payload+tag_value_start_offset, one_tag_len, &quic_info->user_agent, thread_seq); + copy_extension_tag(payload+tag_value_start_offset, one_tag_len, &quic_info->user_agent); parse_result=PARSE_RESULT_CLIENT_HELLO; break; case TAG_SNI: - copy_extension_tag(payload+tag_value_start_offset, one_tag_len, &quic_info->sni, thread_seq); + copy_extension_tag(payload+tag_value_start_offset, one_tag_len, &quic_info->sni); parse_result=PARSE_RESULT_CLIENT_HELLO; break; default: @@ -335,7 +336,7 @@ int parse_special_frame_stream(struct quic_info* quic_info, const char *payload, return parse_result; } -int parse_quic_transport_parameter(struct quic_info *quic_info, const char *quic_para, int quic_para_len, int thread_seq) +int parse_quic_transport_parameter(struct quic_info *quic_info, const unsigned char *quic_para, int quic_para_len) { int one_para_length=0; int para_offset=0; @@ -352,7 +353,7 @@ int parse_quic_transport_parameter(struct quic_info *quic_info, const char *quic { return 0; } - para_offset+=copy_extension_tag(quic_para+para_offset, one_para_length, &quic_info->user_agent, thread_seq); + para_offset+=copy_extension_tag(quic_para+para_offset, one_para_length, &quic_info->user_agent); return 1; default: one_para_length=(int)(quic_para[para_offset++]); // length=1 @@ -368,7 +369,7 @@ int parse_quic_transport_parameter(struct quic_info *quic_info, const char *quic return 0; } -int parse_extension_server_name(struct quic_info *quic_info, const char *ext_server_name, int ext_server_name_length, int thread_seq) +int parse_extension_server_name(struct quic_info *quic_info, const unsigned char *ext_server_name, int ext_server_name_length) { unsigned short sni_type=0; unsigned short sni_length=0; @@ -395,17 +396,17 @@ int parse_extension_server_name(struct quic_info *quic_info, const char *ext_ser } extension_offset+=2; - copy_extension_tag(ext_server_name+extension_offset, sni_length, &quic_info->sni, thread_seq); + copy_extension_tag(ext_server_name+extension_offset, sni_length, &quic_info->sni); return 1; } -int parse_tls_client_hello(struct quic_info *quic_info, const char *payload, int payload_len, int thread_seq) +int parse_tls_client_hello(struct quic_info *quic_info, const unsigned char *payload, int payload_len) { int ret=0,skip_len=0; int payload_offset=0; int extension_offset=0; - const char *extension_start_pos=NULL; + const unsigned char *extension_start_pos=NULL; int parse_result=PARSE_RESULT_VERSION; unsigned short one_ext_type=0, one_ext_len=0, extension_total_len=0; @@ -470,11 +471,11 @@ int parse_tls_client_hello(struct quic_info *quic_info, const char *payload, int switch(one_ext_type) { case EXTENSION_SERVER_NAME: - ret=parse_extension_server_name(quic_info, extension_start_pos+extension_offset, one_ext_len, thread_seq); + ret=parse_extension_server_name(quic_info, extension_start_pos+extension_offset, one_ext_len); break; case EXTENSION_QUIC_PARAM_TLS_13: case EXTENSION_QUIC_PARAM_TLS_33: - ret=parse_quic_transport_parameter(quic_info, extension_start_pos+extension_offset, one_ext_len, thread_seq); + ret=parse_quic_transport_parameter(quic_info, extension_start_pos+extension_offset, one_ext_len); break; default: break; @@ -492,9 +493,20 @@ int parse_tls_client_hello(struct quic_info *quic_info, const char *payload, int return parse_result; } -int parse_quic_decrypted_payload(struct quic_info *quic_info, const char * payload, int payload_len, int thread_seq) +int get_chlo_total_length(const unsigned char *payload, int payload_len) { - char join_payload[2048]={0}; + const struct quic_client_hello_msg_hdr *chlo_hdr=(const struct quic_client_hello_msg_hdr *)payload; + int chlo_len=0; + uint8_t *p = (uint8_t *)&chlo_len; + p[2] = chlo_hdr->client_hello_len[0]; + p[1] = chlo_hdr->client_hello_len[1]; + p[0] = chlo_hdr->client_hello_len[2]; + return chlo_len; +} + +int parse_quic_decrypted_payload(struct quic_info *quic_info, const unsigned char * payload, int payload_len) +{ + unsigned char join_payload[MAX_CLIENT_HELLO_CHUNK_SIZE]={0}; int join_payload_len=sizeof(join_payload); unsigned int quic_version=quic_info->quic_version; @@ -512,18 +524,18 @@ int parse_quic_decrypted_payload(struct quic_info *quic_info, const char * paylo if(join_payload[0] == QUIC_HANDSHAKE_TYPE_CLIENTHELLO) { - return parse_tls_client_hello(quic_info, join_payload, join_payload_len, thread_seq); + return parse_tls_client_hello(quic_info, join_payload, join_payload_len); } } else //if(quic_version>=GQUIC_VERSION_Q047 && quic_version<=GQUIC_VERSION_Q059) { - return parse_special_frame_stream(quic_info, (char *)payload+4, payload_len-4, thread_seq); // Frame type=1,offset=1,length=2 + return parse_special_frame_stream(quic_info, payload+4, payload_len-4); // Frame type=1,offset=1,length=2 } return PARSE_RESULT_VERSION; } -int parse_quic_uncryption_payload(struct quic_info *quic_info, const char * payload, int payload_len, int thread_seq) +int parse_quic_uncryption_payload(struct quic_info *quic_info, const unsigned char * payload, int payload_len) { int stream_id_len=0; int offset_len=0; @@ -564,7 +576,7 @@ int parse_quic_uncryption_payload(struct quic_info *quic_info, const char * payl payload_offset+=offset_len; //data length } - return parse_special_frame_stream(quic_info, payload+payload_offset, payload_len-payload_offset, thread_seq); + return parse_special_frame_stream(quic_info, payload+payload_offset, payload_len-payload_offset); } return PARSE_RESULT_VERSION; @@ -741,29 +753,116 @@ enum QUIC_VERSION_T is_quic_protocol(const char *payload, int payload_len, int * return quic_version; } -enum PARSE_RESULT parse_quic_all_version(const struct quic_param *g_quic_plugin_env, struct quic_info *quic_info, const char *payload, int payload_len, int thread_seq) +// +static void quic_chlo_chunk_assemble(struct quic_buffer *qbuf, unsigned char *new_payload, int new_len) { - int ret = 0, payload_offset = 0; + if(NULL == new_payload || new_len <= 0){ + return; + } + if(NULL == qbuf->buffer){ + qbuf->buffer = (unsigned char *)calloc(1, MAX_CLIENT_HELLO_CHUNK_SIZE); + qbuf->max_size = MAX_CLIENT_HELLO_CHUNK_SIZE; + } + int max_copy_len = MIN((int)(qbuf->max_size - qbuf->datalen), new_len); + memcpy(qbuf->buffer + qbuf->datalen, new_payload, max_copy_len); + qbuf->datalen += max_copy_len; +} + +/* + 1: is chlo, and complete! + 0: is chlo, but fragment; + -1: not support +*/ +static int quic_chlo_is_complete(enum QUIC_VERSION_T quic_version, const unsigned char *payload, int payload_len) +{ + if(!( (quic_version>=MVFST_VERSION_00 && quic_version<=MVFST_VERSION_0F) || + (quic_version>=GQUIC_VERSION_T050 && quic_version<=GQUIC_VERSION_T059) || + (quic_version>=IQUIC_VERSION_I022 && quic_version<=IQUIC_VERSION_I029) || + (quic_version==IQUIC_VERSION_RFC9000))) + { + return -1; + } + + if((payload[0] != IQUIC_FRAME_CRYPTO) && (payload[0] != 0x08)) + { + return -1; + } + int payload_offset = 0; + long frame_offset, frame_length; + payload_offset = 1; //skip frame type + payload_offset+=msb2_varint_decode(payload+payload_offset, &frame_offset); + payload_offset+=msb2_varint_decode(payload+payload_offset, &frame_length); + + if(payload[payload_offset] != QUIC_HANDSHAKE_TYPE_CLIENTHELLO) + { + return -1; + } + int expect_len = get_chlo_total_length(payload + payload_offset, payload_len-payload_offset); + if(payload_len-payload_offset >= expect_len){ + return 1; + } + return 0; +} + +static enum PARSE_RESULT quic_decrypting_payload(struct quic_context *qcontext, unsigned char *udp_payload, int udp_payload_len) +{ + struct quic_buffer *qbuf = &qcontext->quic_buf; + unsigned char *quic_decrypted_payload; + int ret, quic_decrypted_payload_len; + quic_dpt_t *dpt = quic_deprotection_new(); + + if(quic_deprotection(dpt, (const u_char *)udp_payload, udp_payload_len) < 0){ + goto err_exit; + } + + if(qbuf->datalen > 0){ //some fragment exist + quic_chlo_chunk_assemble(qbuf, dpt->payload.data, dpt->payload.len); + quic_decrypted_payload = qbuf->buffer; + quic_decrypted_payload_len = qbuf->datalen; + }else{ + quic_decrypted_payload = dpt->payload.data; + quic_decrypted_payload_len = dpt->payload.len; + } + + ret = quic_chlo_is_complete((enum QUIC_VERSION_T)qcontext->quic_info.quic_version, quic_decrypted_payload, quic_decrypted_payload_len); + if(0 == ret){ + if(NULL == qbuf->buffer || 0 == qbuf->datalen){ + quic_chlo_chunk_assemble(qbuf, dpt->payload.data, dpt->payload.len); + } + goto fun_exit; + } + parse_quic_decrypted_payload(&qcontext->quic_info, quic_decrypted_payload, quic_decrypted_payload_len); + +fun_exit: + quic_deprotection_free(dpt); + return PARSE_RESULT_VERSION; + +err_exit: + quic_deprotection_free(dpt); + return PARSE_RESULT_UNKNOWN; +} + +enum PARSE_RESULT parse_quic_all_version(const struct quic_param *g_quic_plugin_env, struct quic_context *qcontext, const char *payload, int payload_len) +{ + struct quic_info *quic_info = &qcontext->quic_info; + int payload_offset = 0; enum QUIC_VERSION_T quic_version = QUIC_VERSION_UNKNOWN; if (payload == NULL || payload_len <= 0) { return PARSE_RESULT_UNKNOWN; } - quic_version = is_quic_protocol(payload, payload_len, &payload_offset); if (quic_version == QUIC_VERSION_UNKNOWN) { return PARSE_RESULT_UNKNOWN; } - quic_info->quic_version = quic_version; - if (quic_version >= GQUIC_VERSION_Q001 && quic_version <= GQUIC_VERSION_Q048) { if (payload_len > payload_offset) { - return (enum PARSE_RESULT)parse_quic_uncryption_payload(quic_info, payload + payload_offset, payload_len - payload_offset, thread_seq); + return (enum PARSE_RESULT)parse_quic_uncryption_payload(quic_info, (const unsigned char *)payload + payload_offset, payload_len - payload_offset); } return PARSE_RESULT_VERSION; } @@ -775,20 +874,7 @@ enum PARSE_RESULT parse_quic_all_version(const struct quic_param *g_quic_plugin_ (quic_version == IQUIC_VERSION_RFC9000)) && g_quic_plugin_env->decrypted_switch > 0) { - quic_dpt_t *dpt = quic_deprotection_new(); - if (quic_deprotection(dpt, (const u_char *)payload, payload_len) != 0) - { - quic_deprotection_free(dpt); - return PARSE_RESULT_VERSION; - } - - if (g_quic_plugin_env->decrypted_switch == 2) - { - ret = parse_quic_decrypted_payload(quic_info, (const char *)dpt->payload.data, dpt->payload.len, thread_seq); - quic_deprotection_free(dpt); - return (enum PARSE_RESULT)ret; - } - quic_deprotection_free(dpt); + return quic_decrypting_payload(qcontext, (unsigned char *)payload, payload_len); } else { @@ -804,7 +890,8 @@ void quic_analyze_entry(struct session *sess, const struct quic_param *g_quic_pl int push_payload = 0; enum PARSE_RESULT parse_res = PARSE_RESULT_UNKNOWN; - if ((qcontext->parse_pkt_cnt++) >= g_quic_plugin_env->max_parse_pkt_num){ + qcontext->parse_payload_size += payload_len; + if (qcontext->parse_payload_size > (unsigned int)g_quic_plugin_env->max_chlo_size){ push_payload = 1; }else{ if(0 == qcontext->msg_state[QUIC_VERSION] @@ -812,7 +899,7 @@ void quic_analyze_entry(struct session *sess, const struct quic_param *g_quic_pl || 0 == qcontext->msg_state[QUIC_USER_AGENT]){ if(NULL == qcontext->quic_info.sni.iov_base || NULL == qcontext->quic_info.user_agent.iov_base){ - parse_res = parse_quic_all_version(g_quic_plugin_env, &(qcontext->quic_info), payload, payload_len, thread_seq); + parse_res = parse_quic_all_version(g_quic_plugin_env, qcontext, payload, payload_len); if(PARSE_RESULT_VERSION == parse_res){ push_payload = 1; } diff --git a/src/quic_process.h b/src/quic_process.h index 6bca878..2595fb7 100644 --- a/src/quic_process.h +++ b/src/quic_process.h @@ -46,8 +46,28 @@ #define GQUIC_REGULAR_FRAME_STOP_WAITING 0x06 #define GQUIC_REGULAR_FRAME_PING 0x07 +// https://www.rfc-editor.org/rfc/rfc9000.html#name-frames-and-frame-types #define IQUIC_FRAME_PADDING 0x00 #define IQUIC_FRAME_PING 0x01 +#define IQUIC_FRAME_ACK 0x02 +#define IQUIC_FRAME_RST_STREAM 0x03 +#define IQUIC_FRAME_STOP_WAITING 0x04 +#define IQUIC_FRAME_CRYPTO 0x06 +#define IQUIC_FRAME_NEW_TOKEN 0x07 +#define IQUIC_FRAME_STREAM 0x08 +#define IQUIC_FRAME_MAX_DATA 0x10 +#define IQUIC_FRAME_MAX_STREAM_DATA 0x11 +#define IQUIC_FRAME_MAX_STREAMS 0x12 +#define IQUIC_FRAME_DATA_BLOCKED 0x13 +#define IQUIC_FRAME_STREAM_DATA_BLOCKED 0x14 +#define IQUIC_FRAME_STREAMS_BLOCKED 0x15 +#define IQUIC_FRAME_NEW_CONNECTION_ID 0x18 +#define IQUIC_FRAME_RETIRE_CONNECTION_ID 0x19 +#define IQUIC_FRAME_PATH_CHALLENGE 0x1A +#define IQUIC_FRAME_PATH_RESPONSE 0x1B +#define IQUIC_FRAME_CONNECTION_CLOSE 0x1C +#define IQUIC_FRAME_APPLICATION_CLOSE 0x1D +#define IQUIC_FRAME_HANDSHAKE_DONE 0x1E #define QUIC_HANDSHAKE_TYPE_CLIENTHELLO 0x01 @@ -279,29 +299,29 @@ enum QUIC_VERSION_T IQUIC_VERSION_I032=0xFF000020 }; -// struct quic_client_hello -// { -// char *sni; -// char *user_agent; -// }; - struct quic_info { unsigned int quic_version; qstring sni; qstring user_agent; qstring payload; - // struct quic_client_hello *client_hello; +}; + +#define MAX_CLIENT_HELLO_CHUNK_SIZE (4096) +struct quic_buffer{ + unsigned char *buffer; + size_t max_size; + size_t datalen; }; struct quic_context { - unsigned char link_state; - unsigned char parse_pkt_cnt; - unsigned char pre_parse_state; - unsigned char parse_first_pkt; + unsigned int parse_payload_size; + // unsigned char pre_parse_state; + // unsigned char parse_first_pkt; unsigned char msg_state[QUIC_MSG_MAX]; struct quic_info quic_info; + struct quic_buffer quic_buf; //for client hello fragment }; #define QUIC_MSG_HDR_MAGIC 0x51554943 // ASCII: "QUIC" @@ -327,5 +347,6 @@ void quic_analyze_entry(struct session *sess, const struct quic_param *g_quic_pl int quic_protocol_identify(struct session *sess, struct quic_param *g_quic_plug_env); struct quic_message *quic_create_message(enum quic_message_type mtype, struct quic_context *context); void quic_session_mq_publish_message_safe(struct session *sess, int topic_id, void *msg); +enum QUIC_VERSION_T is_quic_protocol(const char *payload, int payload_len, int *payload_offset); #endif diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt index 4e6df7e..b5b2b8a 100644 --- a/test/CMakeLists.txt +++ b/test/CMakeLists.txt @@ -42,6 +42,7 @@ add_test(NAME QUIC_RFC9000_FRAGMENT COMMAND ./${proto_test_main} ${CMAKE_CURRENT add_test(NAME QUIC_RFC9000_SPECIAL COMMAND ./${proto_test_main} ${CMAKE_CURRENT_SOURCE_DIR}/pcap/rfc9000-special/${lib_name}_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/pcap/rfc9000-special/ -name *.pcap|sort -V" WORKING_DIRECTORY ${PROTO_TEST_RUN_DIR}) add_test(NAME QUIC_AIRPORT COMMAND ./${proto_test_main} ${CMAKE_CURRENT_SOURCE_DIR}/pcap/airport/${lib_name}_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/pcap/airport -name *.pcap|sort -V" WORKING_DIRECTORY ${PROTO_TEST_RUN_DIR}) add_test(NAME QUIC_SPECIAL COMMAND ./${proto_test_main} ${CMAKE_CURRENT_SOURCE_DIR}/pcap/special/${lib_name}_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/pcap/special/ -name *.pcap|sort -V" WORKING_DIRECTORY ${PROTO_TEST_RUN_DIR}) +add_test(NAME QUIC_RFC9000_CHLO_FRAGMENT COMMAND ./${proto_test_main} ${CMAKE_CURRENT_SOURCE_DIR}/pcap/rfc9000-chlo-fragment/${lib_name}_result.json -f "find ${CMAKE_CURRENT_SOURCE_DIR}/pcap/rfc9000-chlo-fragment/ -name *.pcap|sort -V" WORKING_DIRECTORY ${PROTO_TEST_RUN_DIR}) set_tests_properties(IQUIC_29_TEST GQUIC_23_TEST @@ -66,5 +67,6 @@ set_tests_properties(IQUIC_29_TEST QUIC_RFC9000_SPECIAL QUIC_AIRPORT QUIC_SPECIAL + QUIC_RFC9000_CHLO_FRAGMENT PROPERTIES FIXTURES_REQUIRED TestFixture) \ No newline at end of file diff --git a/test/pcap/rfc9000-chlo-fragment/1-google-chlo-fragment-2.pcap b/test/pcap/rfc9000-chlo-fragment/1-google-chlo-fragment-2.pcap new file mode 100644 index 0000000..c9115fe Binary files /dev/null and b/test/pcap/rfc9000-chlo-fragment/1-google-chlo-fragment-2.pcap differ diff --git a/test/pcap/rfc9000-chlo-fragment/2-google-chlo-fragment-3.pcap b/test/pcap/rfc9000-chlo-fragment/2-google-chlo-fragment-3.pcap new file mode 100644 index 0000000..80ea303 Binary files /dev/null and b/test/pcap/rfc9000-chlo-fragment/2-google-chlo-fragment-3.pcap differ diff --git a/test/pcap/rfc9000-chlo-fragment/3-facebook-chlo-fragment-2.pcap b/test/pcap/rfc9000-chlo-fragment/3-facebook-chlo-fragment-2.pcap new file mode 100644 index 0000000..afde2ee Binary files /dev/null and b/test/pcap/rfc9000-chlo-fragment/3-facebook-chlo-fragment-2.pcap differ diff --git a/test/pcap/rfc9000-chlo-fragment/4-googleapis.com-chlo-fragment-3.pcap b/test/pcap/rfc9000-chlo-fragment/4-googleapis.com-chlo-fragment-3.pcap new file mode 100644 index 0000000..1dd5354 Binary files /dev/null and b/test/pcap/rfc9000-chlo-fragment/4-googleapis.com-chlo-fragment-3.pcap differ diff --git a/test/pcap/rfc9000-chlo-fragment/quic_result.json b/test/pcap/rfc9000-chlo-fragment/quic_result.json new file mode 100644 index 0000000..47931bc --- /dev/null +++ b/test/pcap/rfc9000-chlo-fragment/quic_result.json @@ -0,0 +1,26 @@ +[ + { + "Tuple4": "2607:5d00:2:2::38:2.53977>2404:6800:4005:807::2004.443", + "VERSION": "IETF QUIC RFC9000", + "SNI": "www.google.com", + "name": "QUIC_RESULT_1" + }, + { + "Tuple4": "2607:5d00:2:2::38:2.50835>2404:6800:4005:80d::2003.443", + "VERSION": "IETF QUIC RFC9000", + "SNI": "www.google.com.hk", + "name": "QUIC_RESULT_2" + }, + { + "Tuple4": "192.168.64.25.61166>157.240.245.35.443", + "VERSION": "IETF QUIC RFC9000", + "SNI": "www.facebook.com", + "name": "QUIC_RESULT_3" + }, + { + "Tuple4": "2607:5d00:2:2::38:2.54817>2404:6800:4005:80c::200a.443", + "VERSION": "IETF QUIC RFC9000", + "SNI": "optimizationguide-pa.googleapis.com", + "name": "QUIC_RESULT_4" + } +] \ No newline at end of file