gfwleak/mesa-platform-quic
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: gfwleak:v2.0.1
Branches Tags
gfwleak:master gfwleak:support-aarch64 gfwleak:fix-chlo-fragment gfwleak:dev-2.0
gfwleak:v2.0.14 gfwleak:v2.0.13 gfwleak:v2.0.12 gfwleak:v2.0.11 gfwleak:v2.0.10 gfwleak:v2.0.9 gfwleak:v2.0.8 gfwleak:v2.0.7 gfwleak:v2.0.6 gfwleak:v2.0.5 gfwleak:v2.0.4 gfwleak:v2.0.3 gfwleak:v2.0.2 gfwleak:v2.0.1 gfwleak:v2.0.0
...
compare: gfwleak:v2.0.8
Branches Tags
gfwleak:master gfwleak:support-aarch64 gfwleak:fix-chlo-fragment gfwleak:dev-2.0
gfwleak:v2.0.14 gfwleak:v2.0.13 gfwleak:v2.0.12 gfwleak:v2.0.11 gfwleak:v2.0.10 gfwleak:v2.0.9 gfwleak:v2.0.8 gfwleak:v2.0.7 gfwleak:v2.0.6 gfwleak:v2.0.5 gfwleak:v2.0.4 gfwleak:v2.0.3 gfwleak:v2.0.2 gfwleak:v2.0.1 gfwleak:v2.0.0

10 Commits
v2.0.1 ... v2.0.8

Author SHA1 Message Date
yangwei
4d731800bf 🐞 fix(parse_quic_uncryption_payload): 增加长度判断,修复长度异常时造成的内存非法读 
附test/pcap/quic_len-2.pcapng为解析长度异常的包
 2023-07-28 23:24:57 +08:00
yangwei
1b678406e7 🔧 build(cmake version): 更新最低版本要求至3.10,修复changelog脚本生成可能报错的问题 2023-07-28 23:22:51 +08:00
yangwei
479fd1a771 🐞 fix(quic version len): 增加包长判断,避免读越界 2023-07-26 19:21:14 +08:00
liuxueli
bfeae04470 Debug版本链接ASAN,用于定位问题 2023-07-26 11:19:32 +08:00
liuxueli
513732e4f1 第一个数据包仅解析一次,节省cpu 2023-06-27 13:34:19 +08:00
liuxueli
96f9ce34ca 收到上层业务返回drop pkt状态时,不关闭对流的处理 2023-02-16 10:20:46 +08:00
liuxueli
ffb443ed7e OMPUB-527: 从解密后的client hello负载中解析user agent参数时,未对参数长度负值进行判断导致parse_quic_transport_parameter函数死循环触发sapp的watchdog timeout 2022-06-16 15:39:13 +08:00
liuxueli
98c567cf88 TSG-9724: 适配Rocky Linux8.5 2022-03-11 13:19:05 +08:00
刘学利
d76065f87e Merge branch 'feature-use-nginx-quic' into 'master' 
TSG-8455 基于Nginx-QUIC和OpenSSL重构QUIC解析层

See merge request MESA_Platform/quic!3
 2021-11-12 08:39:24 +00:00
刘学利
3605410615 TSG-8455 基于Nginx-QUIC和OpenSSL重构QUIC解析层 2021-11-12 08:39:24 +00:00
26 changed files with 1553 additions and 1598 deletions
Expand all files Collapse all files

171
.gitlab-ci.yml
View File

@@ -1,41 +1,71 @@
image: "git.mesalab.cn:7443/mesa_platform/build-env:master"
variables:
GIT_STRATEGY: "clone"
BUILD_IMAGE_CENTOS7: "git.mesalab.cn:7443/mesa_platform/build-env:master"
BUILD_IMAGE_CENTOS8: "git.mesalab.cn:7443/mesa_platform/build-env:rockylinux"
BUILD_PADDING_PREFIX: /tmp/padding_for_CPACK_RPM_BUILD_SOURCE_DIRS_PREFIX_PREFIX_PREFIX_PREFIX_PREFIX_PREFIX/
INSTALL_PREFIX: "/opt/MESA/lib/"
INSTALL_DEPENDENCY_LIBRARY: libMESA_handle_logger-devel libcjson-devel libMESA_field_stat2-devel sapp-devel framework_env libMESA_prof_load-devel sapp-devel openssl-devel glib2-devel libasan libbreakpad_mini-devel libMESA_htable-devel systemd-devel
INSTALL_DEPENDENCY_PLATFORM: sapp-devel libasan systemd-devel libnsl glib2-devel
INSTALL_DEPENDENCY_FRAMEWORK: libMESA_handle_logger-devel libcjson-devel libMESA_field_stat2-devel framework_env libMESA_prof_load-devel libbreakpad_mini-devel libMESA_htable-devel
INSTALL_PREFIX: "/home/mesasoft/sapp_run/"
stages:
- build
- test
- package
.build_by_travis:
.build_before_script:
before_script:
- mkdir -p $BUILD_PADDING_PREFIX/$CI_PROJECT_NAMESPACE/
- ln -s $CI_PROJECT_DIR $BUILD_PADDING_PREFIX/$CI_PROJECT_PATH
- cd $BUILD_PADDING_PREFIX/$CI_PROJECT_PATH
- chmod +x ./ci/travis.sh
script:
- yum makecache
- ./ci/travis.sh
- cd build
- yum install -y elfutils-libelf-devel
.build_by_travis_for_centos7:
stage: build
image: $BUILD_IMAGE_CENTOS7
extends: .build_before_script
script:
- yum install -y libmnl-devel
- yum install -y libnfnetlink-devel
- ./ci/travis.sh
- cd build
tags:
- share
run_test:
.build_by_travis_for_centos8:
stage: build
image: $BUILD_IMAGE_CENTOS8
extends: .build_before_script
script:
- dnf --enablerepo=powertools install -y libmnl-devel
- dnf --enablerepo=powertools install -y libnfnetlink-devel
- ./ci/travis.sh
tags:
- share
run_test_for_centos7:
stage: test
extends: .build_by_travis
extends: .build_by_travis_for_centos7
script:
- yum makecache
- ./ci/travis.sh
- cd build
- ctest --verbose
branch_build_debug:
run_test_for_centos8:
stage: test
extends: .build_by_travis_for_centos8
script:
- yum makecache
- ./ci/travis.sh
- cd build
- ctest3 --verbose
branch_build_debug_for_centos7:
stage: build
extends: .build_by_travis
extends: .build_by_travis_for_centos7
variables:
BUILD_TYPE: Debug
except:
@@ -43,19 +73,19 @@ branch_build_debug:
- /^master.*$/i
- tags
branch_build_release:
branch_build_release_for_centos7:
stage: build
variables:
BUILD_TYPE: RelWithDebInfo
extends: .build_by_travis
extends: .build_by_travis_for_centos7
except:
- /^develop.*$/i
- /^master.*$/i
- tags
develop_build_debug:
stage: package
extends: .build_by_travis
develop_build_debug_for_centos7:
stage: build
extends: .build_by_travis_for_centos7
variables:
BUILD_TYPE: Debug
PACKAGE: 1
@@ -72,9 +102,9 @@ develop_build_debug:
- /^develop.*$/i
- /^master.*$/i
develop_build_release:
stage: package
extends: .build_by_travis
develop_build_release_for_centos7:
stage: build
extends: .build_by_travis_for_centos7
variables:
BUILD_TYPE: RelWithDebInfo
PACKAGE: 1
@@ -90,15 +120,16 @@ develop_build_release:
- /^develop.*$/i
- /^master.*$/i
release_build_debug:
release_build_debug_for_centos7:
stage: package
variables:
BUILD_TYPE: Debug
PACKAGE: 1
UPLOAD_RPM: 1
ASAN_OPTION: ADDRESS
PULP3_REPO_NAME: protocol-stable-x86_64.el7
PULP3_DIST_NAME: protocol-stable-x86_64.el7
extends: .build_by_travis
extends: .build_by_travis_for_centos7
artifacts:
name: "quic-$CI_COMMIT_REF_NAME-debug"
paths:
@@ -106,7 +137,7 @@ release_build_debug:
only:
- tags
release_build_release:
release_build_release_for_centos7:
stage: package
variables:
BUILD_TYPE: RelWithDebInfo
@@ -116,7 +147,99 @@ release_build_release:
SYMBOL_TARGET: quic
PULP3_REPO_NAME: protocol-stable-x86_64.el7
PULP3_DIST_NAME: protocol-stable-x86_64.el7
extends: .build_by_travis
extends: .build_by_travis_for_centos7
artifacts:
name: "quic-$CI_COMMIT_REF_NAME-release"
paths:
- build/*.rpm
only:
- tags
branch_build_debug_for_centos8:
stage: build
extends: .build_by_travis_for_centos8
variables:
BUILD_TYPE: Debug
except:
- /^develop.*$/i
- /^master.*$/i
- tags
branch_build_release_for_centos8:
stage: build
variables:
BUILD_TYPE: RelWithDebInfo
extends: .build_by_travis_for_centos8
except:
- /^develop.*$/i
- /^master.*$/i
- tags
develop_build_debug_for_centos8:
stage: build
extends: .build_by_travis_for_centos8
variables:
BUILD_TYPE: Debug
PACKAGE: 1
UPLOAD_RPM: 1
ASAN_OPTION: ADDRESS
TESTING_VERSION_BUILD: 1
PULP3_REPO_NAME: protocol-testing-x86_64.el8
PULP3_DIST_NAME: protocol-testing-x86_64.el8
artifacts:
name: "quic-$CI_COMMIT_REF_NAME-debug"
paths:
- build/*.rpm
only:
- /^develop.*$/i
- /^master.*$/i
develop_build_release_for_centos8:
stage: build
extends: .build_by_travis_for_centos8
variables:
BUILD_TYPE: RelWithDebInfo
PACKAGE: 1
UPLOAD_RPM: 1
TESTING_VERSION_BUILD: 1
PULP3_REPO_NAME: protocol-testing-x86_64.el8
PULP3_DIST_NAME: protocol-testing-x86_64.el8
artifacts:
name: "quic-$CI_COMMIT_REF_NAME-release"
paths:
- build/*.rpm
only:
- /^develop.*$/i
- /^master.*$/i
release_build_debug_for_centos8:
stage: package
variables:
BUILD_TYPE: Debug
PACKAGE: 1
UPLOAD_RPM: 1
ASAN_OPTION: ADDRESS
PULP3_REPO_NAME: protocol-stable-x86_64.el8
PULP3_DIST_NAME: protocol-stable-x86_64.el8
extends: .build_by_travis_for_centos8
artifacts:
name: "quic-$CI_COMMIT_REF_NAME-debug"
paths:
- build/*.rpm
only:
- tags
release_build_release_for_centos8:
stage: package
variables:
BUILD_TYPE: RelWithDebInfo
PACKAGE: 1
UPLOAD_RPM: 1
UPLOAD_SYMBOL_FILES: 1
SYMBOL_TARGET: quic
PULP3_REPO_NAME: protocol-stable-x86_64.el8
PULP3_DIST_NAME: protocol-stable-x86_64.el8
extends: .build_by_travis_for_centos8
artifacts:
name: "quic-$CI_COMMIT_REF_NAME-release"
paths:

10
CMakeLists.txt
View File

@@ -1,4 +1,4 @@
cmake_minimum_required (VERSION 2.8)
cmake_minimum_required (VERSION 2.8...3.10)
set(lib_name quic)
@@ -32,21 +32,19 @@ set(CMAKE_INSTALL_PREFIX /home/mesasoft/sapp_run)
include_directories(include)
include_directories(/opt/MESA/include/MESA/)
include_directories(/usr/include/glib-2.0/)
#include_directories(/usr/include/glib-2.0/include/)
include_directories(/usr/lib64/glib-2.0/include)
add_subdirectory(support)
file(GLOB SRC
"src/*.cpp"
)
set(DEPEND_DYN_LIB ssl crypto MESA_handle_logger)
set(DEPEND_DYN_LIB MESA_handle_logger)
# Shared Library Output
add_library(quic SHARED ${SRC})
set_target_properties(quic PROPERTIES LINK_FLAGS "-Wl,--version-script=${PROJECT_SOURCE_DIR}/src/version.map")
set_target_properties(quic PROPERTIES PREFIX "")
target_link_libraries(quic ${DNS_DEPEND_DYN_LIB} glib-2.0 pthread -Wl,--whole-archive libgpg-error-static -Wl,--no-whole-archive libgcrypt-static)
target_link_libraries(quic ${DNS_DEPEND_DYN_LIB} pthread -Wl,--no-whole-archive openssl-crypto-static -Wl,--no-whole-archive openssl-ssl-static)
set_target_properties(quic PROPERTIES OUTPUT_NAME ${lib_name})
enable_testing()

10
ci/travis.sh
View File

@@ -33,12 +33,16 @@ env | sort
: "${COMPILER_IS_GNUCXX:=OFF}"
# Install dependency from YUM
if [ -n "${INSTALL_DEPENDENCY_LIBRARY}" ]; then
yum install -y $INSTALL_DEPENDENCY_LIBRARY
if [ -n "${INSTALL_DEPENDENCY_FRAMEWORK}" ]; then
yum install -y $INSTALL_DEPENDENCY_FRAMEWORK
source /etc/profile.d/framework.sh
fi
if [ $ASAN_OPTION ];then
if [ -n "${INSTALL_DEPENDENCY_PLATFORM}" ]; then
yum install -y $INSTALL_DEPENDENCY_PLATFORM
fi
if [ $ASAN_OPTION ] && [ -f "/opt/rh/devtoolset-7/enable" ] ;then
source /opt/rh/devtoolset-7/enable
fi

17
cmake/Package.cmake
View File

@@ -12,18 +12,18 @@ set(CPACK_PACKAGE_VERSION_MINOR "${VERSION_MINOR}")
set(CPACK_PACKAGE_VERSION_PATCH "${VERSION_PATCH}.${VERSION_BUILD}")
set(CPACK_PACKAGING_INSTALL_PREFIX ${CMAKE_INSTALL_PREFIX})
set(CPACK_PACKAGE_VERSION "${VERSION_MAJOR}.${VERSION_MINOR}.${VERSION_PATCH}.${VERSION_BUILD}")
execute_process(COMMAND bash -c "echo -ne \"`uname -r | awk -F'.' '{print $5\".\"$6\".\"$7}'`\"" OUTPUT_VARIABLE SYSTEM_VERSION)
execute_process(COMMAND sh changelog.sh ${CMAKE_BINARY_DIR} WORKING_DIRECTORY ${PROJECT_SOURCE_DIR}/cmake)
SET(CPACK_RPM_CHANGELOG_FILE ${CMAKE_BINARY_DIR}/changelog.txt)
# RPM Build
set(CPACK_GENERATOR "RPM")
set(CPACK_RPM_AUTO_GENERATED_FILE_NAME ON)
set(CPACK_RPM_FILE_NAME "RPM-DEFAULT")
set(CPACK_RPM_PACKAGE_VENDOR "MESA")
set(CPACK_RPM_PACKAGE_AUTOREQPROV "yes")
set(CPACK_RPM_PACKAGE_RELEASE_LIBRARY "on")
set(CPACK_RPM_PACKAGE_RELEASE_DIST "on")
set(CPACK_RPM_DEBUGINFO_PACKAGE "on")
set(CPACK_RPM_PACKAGE_DEBUG 1)
set(CPACK_RPM_COMPONENT_INSTALL ON)
set(CPACK_COMPONENTS_IGNORE_GROUPS 1)
@@ -32,17 +32,12 @@ set(CPACK_COMPONENT_HEADER_DISPLAY_NAME "develop")
set(CPACK_COMPONENT_LIBRARIES_REQUIRED TRUE)
set(CPACK_RPM_LIBRARIES_PACKAGE_NAME ${MY_RPM_NAME_PREFIX})
set(CPACK_RPM_LIBRARIES_FILE_NAME "${CPACK_RPM_LIBRARIES_PACKAGE_NAME}-${CPACK_PACKAGE_VERSION}-${SYSTEM_VERSION}.rpm")
set(CPACK_RPM_LIBRARIES_DEBUGINFO_FILE_NAME "${CPACK_RPM_LIBRARIES_PACKAGE_NAME}-debuginfo-${CPACK_PACKAGE_VERSION}-${SYSTEM_VERSION}.rpm")
set(CPACK_COMPONENT_LIBRARIES_GROUP "libraries")
set(CPACK_COMPONENT_PROFILE_GROUP "libraries")
set(CPACK_COMPONENT_LIBRARIES_GROUP "LIBRARIES")
set(CPACK_COMPONENT_PROFILE_GROUP "LIBRARIES")
set(CPACK_COMPONENT_HEADER_REQUIRED TRUE)
set(CPACK_RPM_HEADER_PACKAGE_NAME "${MY_RPM_NAME_PREFIX}-devel")
set(CPACK_RPM_HEADER_FILE_NAME "${CPACK_RPM_HEADER_PACKAGE_NAME}-${CPACK_PACKAGE_VERSION}-${SYSTEM_VERSION}.rpm")
set(CPACK_RPM_HEADER_DEBUGINFO_FILE_NAME "${CPACK_RPM_HEADER_PACKAGE_NAME}-debuginfo-${CPACK_PACKAGE_VERSION}-${SYSTEM_VERSION}.rpm")
set(CPACK_COMPONENT_HEADER_GROUP "header")
set(CPACK_COMPONENT_HEADER_GROUP "HEADER")
set(CPACK_RPM_HEADER_PACKAGE_REQUIRES_PRE ${CPACK_RPM_LIBRARIES_PACKAGE_NAME})
set(CPACK_RPM_HEADER_PACKAGE_CONFLICTS ${CPACK_RPM_HEADER_PACKAGE_NAME})

2
cmake/changelog.sh
View File

@@ -1,4 +1,4 @@
#!/bin/sh
work_path=$1
branch=`git status | grep branch | awk '{print $NF}'`
branch=`git status | grep 'On branch' | awk '{print $NF}'`
git log --branches=$branch --no-merges --date=local --show-signature --pretty="* %ad %an %ae %nhash: %H%ncommit:%n%B" | awk -F"-" '{print "- "$0}' | sed 's/- \*/\*/g' | sed 's/- $//g' | sed 's/-/ -/g' | sed 's/[0-9]\{2\}:[0-9]\{2\}:[0-9]\{2\}//g' > $work_path/changelog.txt

70
demo/parse_quic_transport_parameter.cpp Normal file
View File

@@ -0,0 +1,70 @@
//https://jira.geedge.net/browse/OMPUB-527
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
static int msb2_varint_decode(const unsigned char *buf, long *out)
{
unsigned long val = buf[0] & 0x3f;
unsigned int nfollow = 1<<(buf[0]>>6);
switch (nfollow-1)
{
case 7: val = (val << 8) | buf[nfollow - 7]; /*fail through*/
case 6: val = (val << 8) | buf[nfollow - 6]; /*fail through*/
case 5: val = (val << 8) | buf[nfollow - 5]; /*fail through*/
case 4: val = (val << 8) | buf[nfollow - 4]; /*fail through*/
case 3: val = (val << 8) | buf[nfollow - 3]; /*fail through*/
case 2: val = (val << 8) | buf[nfollow - 2]; /*fail through*/
case 1: val = (val << 8) | buf[nfollow-1];
case 0: break;
}
*out=val;
return nfollow;
}
int parse_quic_transport_parameter(const char *quic_para, int quic_para_len, int thread_seq)
{
int one_para_length=0;
int para_offset=0;
long one_para_type=0;
while(quic_para_len > para_offset)
{
para_offset+=msb2_varint_decode((const unsigned char *)(quic_para+para_offset), &one_para_type);
switch(one_para_type)
{
//case EXT_QUIC_PARAM_USER_AGENT: // 2021-10-20 deprecated
case 0x3129:
one_para_length=quic_para[para_offset++]; // length=1
if(one_para_length+para_offset>quic_para_len)
{
return 0;
}
//para_offset+=copy_extension_tag(quic_para+para_offset, one_para_length, &client_hello->user_agent, thread_seq);
return 1;
default:
one_para_length=(int)(quic_para[para_offset++]); // length=1
if(one_para_length<0 || one_para_length>quic_para_len)
{
break;
}
para_offset+=one_para_length;
break;
}
}
return 0;
}
int main(int argc, char *argv[])
{
char buff1[106]={0x80, 0x0, 0x47, 0x52, 0x4, 0x0, 0x0, 0x0, 0x1, 0x20, 0x4, 0x80, 0x1, 0x0, 0x0, 0xf, 0x0, 0x4, 0x4, 0x80, 0xf0, 0x0, 0x0, 0x8, 0x2, 0x40, 0x64, 0x7, 0x4, 0x80, 0x60, 0x0, 0x0, 0x9, 0x2, 0x40, 0x67, 0x6, 0x4, 0x80, 0x60, 0x0, 0x0, 0x80, 0xff, 0x73, 0xdb, 0xc, 0x0, 0x0, 0x0, 0x1, 0x3a, 0x6a, 0x9b, 0xaa, 0x4f, 0x2f, 0xbd, 0xc, 0xd5, 0xe2, 0xae, 0x32, 0x45, 0x6, 0x2e, 0xf, 0xc5, 0x82, 0x94, 0x3d, 0x5d, 0xb2, 0x69, 0x2c, 0x25, 0xbd, 0xd5, 0x85, 0x99, 0x72, 0xeb, 0x3, 0x2, 0x45, 0xc0, 0x1, 0x4, 0x80, 0x0, 0x75, 0x30, 0x71, 0x28, 0x4, 0x52, 0x56, 0x43, 0x4d, 0x5, 0x4, 0x80, 0x60, 0x0, 0x0};
char buff2[99]={0x71, 0x27, 0x4, 0x80, 0x2, 0xa5, 0xb2, 0xe4, 0xcf, 0x74, 0x5b, 0xf5, 0x6, 0x41, 0x20, 0x0, 0x8, 0x2, 0x40, 0x64, 0x4, 0x4, 0x80, 0xd4, 0x9f, 0xb7, 0x6f, 0xdf, 0xed, 0x48, 0x94, 0x18, 0xd7, 0x53, 0xf7, 0x92, 0x6, 0x94, 0xa0, 0x0, 0x0, 0x1, 0x4, 0x80, 0x0, 0x75, 0x30, 0xf, 0x0, 0x80, 0xff, 0x73, 0xdb, 0xc, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x8a, 0x7a, 0x8a, 0x3a, 0x9, 0x2, 0x40, 0x67, 0x3, 0x2, 0x45, 0xc0, 0x5, 0x4, 0x80, 0x60, 0x0, 0x0, 0x71, 0x28, 0x4, 0x52, 0x56, 0x43, 0x4d, 0x20, 0x4, 0x80, 0x1, 0x0, 0x0, 0x7, 0x4, 0x80, 0x60, 0x0, 0x0};
parse_quic_transport_parameter(buff1, 106, 0);
parse_quic_transport_parameter(buff2, 99, 0);
return 0;
}

4
include/quic.h
View File

@@ -49,7 +49,7 @@ struct quic_info
//buff_len minimun 32bytes
int quic_version_int2string(unsigned int version, char *buff, int buff_len);
//ret: 0: not quic, >0: quic version
unsigned int quic_protocol_identify(struct streaminfo *a_stream, void *a_packet, char *out_sni, int *out_sni_len, char *out_ua, int *out_ua_len);
//ret: NULL: not quic, quic_info: quic version
struct quic_info *quic_protocol_identify(const struct streaminfo *a_stream);
#endif /* SRC__QUIC_H__ */

55
src/Makefile
View File

@@ -1,55 +0,0 @@
CC = gcc
CCC = g++
INCLUDES = -I/opt/MESA/include/ -I/home/sjzn/workspace/iquic_ngtcp2/openssl/build/include
LIB = -L./opt/MESA/lib/ -L/home/sjzn/workspace/iquic_ngtcp2/openssl/build/lib -lssl -lcrypto
#CFLAGS = -g3 -Wall -fPIC $(INCLUDES)
#CCCFLAGS = -std=c++11 -g3 -Wall -fPIC $(INCLUDES)
CFLAGS = -g3 -Wall -fPIC
CCCFLAGS = -std=c++11 -g3 -Wall -fPIC
TARGET = quic.so
INF = quic.inf
INSTALL_TARGET=$(TARGET)
LIB_FILE = $(wildcard ../lib/*.a)
SOURCES = $(wildcard *.c) $(wildcard gquic/*.c)
OBJECTS = $(SOURCES:.c=.o)
DEPS = $(SOURCES:.c=.d)
all:$(TARGET)
$(TARGET):$(OBJECTS) $(LIB_FILE)
$(CCC) -shared $(CFLAGS) $(OBJECTS) $(LIB) -o $@
cp $(TARGET) ../bin/
%.o:%.c
$(CC) -c -o $@ $(CFLAGS) $< $(INCLUDES)
%.o:%.cpp
$(CCC) -c -o $@ $(CCCFLAGS) $< $(INCLUDES)
-include $(DEPS)
clean :
rm -f $(OBJECTS) $(DEPS) $(TARGET)
help:
@echo "-------OBJECTS--------" $(OBJECTS)
PLUGIN_PATH=./plug/protocol
CONFLIST_NAME=conflist_protocol.inf
PLUGIN_DIR_NAME=quic
PLUGIN_INF_NAME=quic.inf
PAPP_PATH=/home/sjzn/gitFile/ceiec/sapp
TARGET_DIR=$(PAPP_PATH)/$(PLUGIN_PATH)/$(PLUGIN_DIR_NAME)/
INSERT_FILE=$(PAPP_PATH)/$(PLUGIN_PATH)/$(CONFLIST_NAME)
INSERT_CONTENT=$(PLUGIN_PATH)/$(PLUGIN_DIR_NAME)/$(PLUGIN_INF_NAME)
install:
mkdir -p $(TARGET_DIR)
cp -r ../bin/*.inf $(TARGET_DIR)
cp -r ../bin/*.so $(TARGET_DIR)
@ret=`cat $(INSERT_FILE)|grep $(INSERT_CONTENT)|wc -l`;if [ $$ret -eq 0 ];then echo $(INSERT_CONTENT) >>$(INSERT_FILE);fi
CONF_DIR=$(PAPP_PATH)/conf/
conf:
mkdir -p $(CONF_DIR)
cp -r ../bin/quic $(CONF_DIR)

213
src/pint.h
View File

@@ -1,213 +0,0 @@
/* pint.h
* Definitions for extracting and translating integers safely and portably
* via pointers.
*
* Wireshark - Network traffic analyzer
* By Gerald Combs <gerald@wireshark.org>
* Copyright 1998 Gerald Combs
*
* SPDX-License-Identifier: GPL-2.0-or-later
*/
#ifndef __PINT_H__
#define __PINT_H__
#include <glib.h>
/* Routines that take a possibly-unaligned pointer to a 16-bit, 24-bit,
* 32-bit, 40-bit, ... 64-bit integral quantity, in a particular byte
* order, and fetch the value and return it in host byte order.
*
* The pntohN() routines fetch big-endian values; the pletohN() routines
* fetch little-endian values.
*/
static inline guint16 pntoh16(const void *p)
{
return (guint16)*((const guint8 *)(p)+0)<<8|
(guint16)*((const guint8 *)(p)+1)<<0;
}
static inline guint32 pntoh24(const void *p)
{
return (guint32)*((const guint8 *)(p)+0)<<16|
(guint32)*((const guint8 *)(p)+1)<<8|
(guint32)*((const guint8 *)(p)+2)<<0;
}
static inline guint32 pntoh32(const void *p)
{
return (guint32)*((const guint8 *)(p)+0)<<24|
(guint32)*((const guint8 *)(p)+1)<<16|
(guint32)*((const guint8 *)(p)+2)<<8|
(guint32)*((const guint8 *)(p)+3)<<0;
}
static inline guint64 pntoh40(const void *p)
{
return (guint64)*((const guint8 *)(p)+0)<<32|
(guint64)*((const guint8 *)(p)+1)<<24|
(guint64)*((const guint8 *)(p)+2)<<16|
(guint64)*((const guint8 *)(p)+3)<<8|
(guint64)*((const guint8 *)(p)+4)<<0;
}
static inline guint64 pntoh48(const void *p)
{
return (guint64)*((const guint8 *)(p)+0)<<40|
(guint64)*((const guint8 *)(p)+1)<<32|
(guint64)*((const guint8 *)(p)+2)<<24|
(guint64)*((const guint8 *)(p)+3)<<16|
(guint64)*((const guint8 *)(p)+4)<<8|
(guint64)*((const guint8 *)(p)+5)<<0;
}
static inline guint64 pntoh56(const void *p)
{
return (guint64)*((const guint8 *)(p)+0)<<48|
(guint64)*((const guint8 *)(p)+1)<<40|
(guint64)*((const guint8 *)(p)+2)<<32|
(guint64)*((const guint8 *)(p)+3)<<24|
(guint64)*((const guint8 *)(p)+4)<<16|
(guint64)*((const guint8 *)(p)+5)<<8|
(guint64)*((const guint8 *)(p)+6)<<0;
}
static inline guint64 pntoh64(const void *p)
{
return (guint64)*((const guint8 *)(p)+0)<<56|
(guint64)*((const guint8 *)(p)+1)<<48|
(guint64)*((const guint8 *)(p)+2)<<40|
(guint64)*((const guint8 *)(p)+3)<<32|
(guint64)*((const guint8 *)(p)+4)<<24|
(guint64)*((const guint8 *)(p)+5)<<16|
(guint64)*((const guint8 *)(p)+6)<<8|
(guint64)*((const guint8 *)(p)+7)<<0;
}
static inline guint16 pletoh16(const void *p)
{
return (guint16)*((const guint8 *)(p)+1)<<8|
(guint16)*((const guint8 *)(p)+0)<<0;
}
static inline guint32 pletoh24(const void *p)
{
return (guint32)*((const guint8 *)(p)+2)<<16|
(guint32)*((const guint8 *)(p)+1)<<8|
(guint32)*((const guint8 *)(p)+0)<<0;
}
static inline guint32 pletoh32(const void *p)
{
return (guint32)*((const guint8 *)(p)+3)<<24|
(guint32)*((const guint8 *)(p)+2)<<16|
(guint32)*((const guint8 *)(p)+1)<<8|
(guint32)*((const guint8 *)(p)+0)<<0;
}
static inline guint64 pletoh40(const void *p)
{
return (guint64)*((const guint8 *)(p)+4)<<32|
(guint64)*((const guint8 *)(p)+3)<<24|
(guint64)*((const guint8 *)(p)+2)<<16|
(guint64)*((const guint8 *)(p)+1)<<8|
(guint64)*((const guint8 *)(p)+0)<<0;
}
static inline guint64 pletoh48(const void *p)
{
return (guint64)*((const guint8 *)(p)+5)<<40|
(guint64)*((const guint8 *)(p)+4)<<32|
(guint64)*((const guint8 *)(p)+3)<<24|
(guint64)*((const guint8 *)(p)+2)<<16|
(guint64)*((const guint8 *)(p)+1)<<8|
(guint64)*((const guint8 *)(p)+0)<<0;
}
static inline guint64 pletoh56(const void *p)
{
return (guint64)*((const guint8 *)(p)+6)<<48|
(guint64)*((const guint8 *)(p)+5)<<40|
(guint64)*((const guint8 *)(p)+4)<<32|
(guint64)*((const guint8 *)(p)+3)<<24|
(guint64)*((const guint8 *)(p)+2)<<16|
(guint64)*((const guint8 *)(p)+1)<<8|
(guint64)*((const guint8 *)(p)+0)<<0;
}
static inline guint64 pletoh64(const void *p)
{
return (guint64)*((const guint8 *)(p)+7)<<56|
(guint64)*((const guint8 *)(p)+6)<<48|
(guint64)*((const guint8 *)(p)+5)<<40|
(guint64)*((const guint8 *)(p)+4)<<32|
(guint64)*((const guint8 *)(p)+3)<<24|
(guint64)*((const guint8 *)(p)+2)<<16|
(guint64)*((const guint8 *)(p)+1)<<8|
(guint64)*((const guint8 *)(p)+0)<<0;
}
/* Pointer routines to put items out in a particular byte order.
* These will work regardless of the byte alignment of the pointer.
*/
static inline void phton16(guint8 *p, guint16 v)
{
p[0] = (guint8)(v >> 8);
p[1] = (guint8)(v >> 0);
}
static inline void phton32(guint8 *p, guint32 v)
{
p[0] = (guint8)(v >> 24);
p[1] = (guint8)(v >> 16);
p[2] = (guint8)(v >> 8);
p[3] = (guint8)(v >> 0);
}
static inline void phton64(guint8 *p, guint64 v) {
p[0] = (guint8)(v >> 56);
p[1] = (guint8)(v >> 48);
p[2] = (guint8)(v >> 40);
p[3] = (guint8)(v >> 32);
p[4] = (guint8)(v >> 24);
p[5] = (guint8)(v >> 16);
p[6] = (guint8)(v >> 8);
p[7] = (guint8)(v >> 0);
}
static inline void phtole32(guint8 *p, guint32 v) {
p[0] = (guint8)(v >> 0);
p[1] = (guint8)(v >> 8);
p[2] = (guint8)(v >> 16);
p[3] = (guint8)(v >> 24);
}
static inline void phtole64(guint8 *p, guint64 v) {
p[0] = (guint8)(v >> 0);
p[1] = (guint8)(v >> 8);
p[2] = (guint8)(v >> 16);
p[3] = (guint8)(v >> 24);
p[4] = (guint8)(v >> 32);
p[5] = (guint8)(v >> 40);
p[6] = (guint8)(v >> 48);
p[7] = (guint8)(v >> 56);
}
/* Subtract two guint32s with respect to wraparound */
#define guint32_wraparound_diff(higher, lower) ((higher>lower)?(higher-lower):(higher+0xffffffff-lower+1))
#endif /* PINT_H */
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
*
* Local Variables:
* c-basic-offset: 4
* tab-width: 8
* indent-tabs-mode: nil
* End:
*
* ex: set shiftwidth=4 tabstop=8 expandtab:
* :indentSize=4:tabSize=8:noTabs=true:
*/

1899
src/quic_deprotection.cpp
View File

File diff suppressed because it is too large Load Diff

126
src/quic_deprotection.h
View File

@@ -1,24 +1,116 @@
/**
* parser-quic.h
*
* Created on 2020-11-26
* @author: qyc
*
*
*/
#ifndef PARSER_QUIC_H
#define PARSER_QUIC_H
#ifndef _QUIC_DEPROTECTION_H
#define _QUIC_DEPROTECTION_H
#ifdef __cplusplus
extern "C" {
#ifdef __cpluscplus
extern "C"
{
#endif
/*ret: 1 sucess*/
int quic_deprotection(const char *payload, unsigned int length, unsigned char *out, unsigned int *out_length);
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <unistd.h>
#include <fcntl.h>
#include <signal.h>
#include <sys/stat.h>
#include <arpa/inet.h>
int gcry_init();
#ifdef __cplusplus
#ifdef DEBUG_SWITCH
#define LOG_DEBUG(format, ...) \
{ \
fprintf(stdout, format "\n", ##__VA_ARGS__); \
fflush(stdout); \
}
#define LOG_WARN(format, ...) \
{ \
fprintf(stderr, format "\n", ##__VA_ARGS__); \
fflush(stderr); \
}
#define LOG_ERROR(format, ...) \
{ \
fprintf(stderr, format "\n", ##__VA_ARGS__); \
fflush(stderr); \
}
#else
#define LOG_DEBUG(format, ...)
#define LOG_WARN(format, ...)
#define LOG_ERROR(format, ...)
#endif
#define QUIC_MAX_UDP_PAYLOAD_SIZE 65527
#define quic_string(str) \
{ \
sizeof(str) - 1, (u_char *)str \
}
typedef struct
{
size_t len;
u_char *data;
} quic_str_t;
typedef struct quic_secret_s
{
quic_str_t secret;
quic_str_t key;
quic_str_t iv;
quic_str_t hp;
} quic_secret_t;
typedef enum
{
ssl_encryption_initial = 0,
ssl_encryption_early_data = 1,
ssl_encryption_handshake = 2,
ssl_encryption_application = 3,
} ssl_encryption_level_t;
typedef enum
{
LONG = 0,
SHORT = 1,
} quic_header_type;
typedef struct
{
quic_secret_t client_secret;
ssl_encryption_level_t level; // QUIC Packet Process Level
quic_header_type header_type; // QUIC Packet Header Type
uint32_t version; // QUIC Version
uint8_t flags; // QUIC Flags
u_char *data; // QUIC Packet Data
size_t len; // QUIC Packet Length
u_char *pos; // Process Ptr
uint64_t largest_pkt_num;
quic_str_t dcid; // QUIC DCID
quic_str_t scid; // QUIC SCID
quic_str_t token; // QUIC TOKEN
size_t pkt_len;
uint64_t pkt_num; // QUIC Packet Number
u_char *plaintext;
quic_str_t payload; // Decrypted data
unsigned key_phase : 1;
} quic_dpt_t;
quic_dpt_t *quic_deprotection_new(void);
void quic_deprotection_free(quic_dpt_t *dpt);
void quic_deprotection_dump(quic_dpt_t *dpt);
int quic_deprotection(quic_dpt_t *dpt, const u_char *payload, size_t payload_len);
#ifdef __cpluscplus
}
#endif
#endif //PARSER_QUIC_H
#endif

136
src/quic_deprotection_utils.cpp
View File

@@ -1,136 +0,0 @@
/**
* utils.c
*
* Created on 2020-11-27
* @author: qyc
*
* @explain:
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "pint.h"
#include "quic_deprotection_utils.h"
#include "quic_deprotection_wsgcrypt.h"
/*
* Computes HKDF-Expand-Label(Secret, Label, Hash(context_value), Length) with a
* custom label prefix. If "context_hash" is NULL, then an empty context is
* used. Otherwise it must have the same length as the hash algorithm output.
*/
static gboolean tls13_hkdf_expand_label_context(int md, const StringInfo *secret, const char *label_prefix, const char *label, const guint8 *context_hash, guint8 context_length, guint16 out_len, guchar **out)
{
/* RFC 8446 Section 7.1:
* HKDF-Expand-Label(Secret, Label, Context, Length) =
* HKDF-Expand(Secret, HkdfLabel, Length)
* struct {
* uint16 length = Length;
* opaque label<7..255> = "tls13 " + Label; // "tls13 " is label prefix.
* opaque context<0..255> = Context;
* } HkdfLabel;
*
* RFC 5869 HMAC-based Extract-and-Expand Key Derivation Function (HKDF):
* HKDF-Expand(PRK, info, L) -> OKM
*/
gcry_error_t err;
const guint label_prefix_length = (guint)strlen(label_prefix);
const guint label_length = (guint)strlen(label);
// Some sanity checks
g_assert(label_length > 0 && label_prefix_length + label_length <= 255);
// info = HkdfLabel { length, label, context }
GByteArray *info = g_byte_array_new();
const guint16 length = g_htons(out_len);
g_byte_array_append(info, (const guint8 *)&length, sizeof(length));
const guint8 label_vector_length = label_prefix_length + label_length;
g_byte_array_append(info, &label_vector_length, 1);
g_byte_array_append(info, (const guint8 *)label_prefix, label_prefix_length);
g_byte_array_append(info, (const guint8 *)label, label_length);
g_byte_array_append(info, &context_length, 1);
if (context_length)
g_byte_array_append(info, context_hash, context_length);
*out = (guchar *)g_malloc(out_len);
err = hkdf_expand(md, secret->data, secret->data_len, info->data, info->len, *out, out_len);
g_byte_array_free(info, TRUE);
if (err) {
printf("%s failed %d: %s\n", G_STRFUNC, md, gcry_strerror(err));
g_free(*out);
*out = NULL;
return FALSE;
}
return TRUE;
}
gboolean tls13_hkdf_expand_label(int md, const StringInfo *secret, const char *label_prefix, const char *label, guint16 out_len, guchar **out)
{
return tls13_hkdf_expand_label_context(md, secret, label_prefix, label, NULL, 0, out_len, out);
}
static guint8 tvb_get_guint8(const char *tvb, const gint offset)
{
const guint8 *ptr;
ptr = (guint8 *)tvb + offset;
return *ptr;
}
static guint16 tvb_get_ntohs(const char *tvb, const gint offset)
{
const guint8 *ptr;
ptr = (guint8 *)tvb + offset;
return pntoh16(ptr);
}
static guint32 tvb_get_ntohl(const char *tvb, const gint offset)
{
const guint8 *ptr;
ptr = (guint8 *)tvb + offset;
return pntoh32(ptr);
}
static guint64 tvb_get_ntoh64(const char *tvb, const gint offset)
{
const guint8 *ptr;
ptr = (guint8 *)tvb + offset;
return pntoh64(ptr);
}
guint tvb_get_varint(const char *tvb, guint offset, guint maxlen, guint64 *value, const guint encoding)
{
*value = 0;
if (encoding & ENC_VARINT_QUIC) {
// calculate variable length
*value = tvb_get_guint8(tvb, offset);
switch((*value) >> 6) {
case 0: /* 0b00 => 1 byte length (6 bits Usable) */
(*value) &= 0x3F;
return 1;
case 1: /* 0b01 => 2 bytes length (14 bits Usable) */
*value = tvb_get_ntohs(tvb, offset) & 0x3FFF;
return 2;
case 2: /* 0b10 => 4 bytes length (30 bits Usable) */
*value = tvb_get_ntohl(tvb, offset) & 0x3FFFFFFF;
return 4;
case 3: /* 0b11 => 8 bytes length (62 bits Usable) */
*value = tvb_get_ntoh64(tvb, offset) & G_GUINT64_CONSTANT(0x3FFFFFFFFFFFFFFF);
return 8;
default: /* No Possible */
g_assert_not_reached();
break;
}
}
// 10 bytes scanned, but no bytes' msb is zero
return 0;
}

43
src/quic_deprotection_utils.h
View File

@@ -1,43 +0,0 @@
/**
* utils.h
*
* Created on 2020-11-27
* @author: qyc
*
* @explain:
*/
#ifndef UTILS_H
#define UTILS_H
#ifdef __cplusplus
extern "C" {
#endif
#include "glib.h"
/*
* Decodes a variable-length integer used in QUIC protocol
* See https://tools.ietf.org/html/draft-ietf-quic-transport-08#section-8.1
*/
#define ENC_VARINT_QUIC 0x00000004
/* Explicit and implicit nonce length (RFC 5116 - Section 3.2.1) */
#define TLS13_AEAD_NONCE_LENGTH 12
/* XXX Should we use GByteArray instead? */
typedef struct _StringInfo {
// Backing storage which may be larger than data_len
guchar *data;
// Length of the meaningful part of data
guint data_len;
} StringInfo;
gboolean tls13_hkdf_expand_label(int md, const StringInfo *secret, const char *label_prefix, const char *label, guint16 out_len, guchar **out);
guint tvb_get_varint(const char *tvb, guint offset, guint maxlen, guint64 *value, const guint encoding);
#ifdef __cplusplus
}
#endif
#endif //UTILS_H

69
src/quic_deprotection_wsgcrypt.cpp
View File

@@ -1,69 +0,0 @@
/**
* wsgcrypt.c
*
* Created on 2020-11-26
* @author: qyc
*
* @explain:
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "quic_deprotection_wsgcrypt.h"
gcry_error_t ws_hmac_buffer(int algo, void *digest, const void *buffer, size_t length, const void *key, size_t keylen)
{
gcry_md_hd_t hmac_handle;
gcry_error_t result = gcry_md_open(&hmac_handle, algo, GCRY_MD_FLAG_HMAC);
if (result) {
return result;
}
result = gcry_md_setkey(hmac_handle, key, keylen);
if (result) {
gcry_md_close(hmac_handle);
return result;
}
gcry_md_write(hmac_handle, buffer, length);
memcpy(digest, gcry_md_read(hmac_handle, 0), gcry_md_get_algo_dlen(algo));
gcry_md_close(hmac_handle);
return GPG_ERR_NO_ERROR;
}
gcry_error_t hkdf_expand(int hashalgo, const guint8 *prk, guint prk_len, const guint8 *info, guint info_len, guint8 *out, guint out_len)
{
// Current maximum hash output size: 48 bytes for SHA-384.
guchar lastoutput[48];
gcry_md_hd_t h;
gcry_error_t err;
const guint hash_len = gcry_md_get_algo_dlen(hashalgo);
// Some sanity checks
if (!(out_len > 0 && out_len <= 255 * hash_len) || !(hash_len > 0 && hash_len <= sizeof(lastoutput)))
return GPG_ERR_INV_ARG;
err = gcry_md_open(&h, hashalgo, GCRY_MD_FLAG_HMAC);
if (err)
return err;
guint offset;
for (offset = 0; offset < out_len; offset += hash_len) {
gcry_md_reset(h);
// Set PRK
gcry_md_setkey(h, prk, prk_len);
if (offset > 0)
// T(1..N)
gcry_md_write(h, lastoutput, hash_len);
// info
gcry_md_write(h, info, info_len);
// constant 0x01..N
gcry_md_putc(h, (guint8)(offset / hash_len + 1));
memcpy(lastoutput, gcry_md_read(h, hashalgo), hash_len);
memcpy(out + offset, lastoutput, MIN(hash_len, out_len - offset));
}
gcry_md_close(h);
return 0;
}

78
src/quic_deprotection_wsgcrypt.h
View File

@@ -1,78 +0,0 @@
/**
* wsgcrypt.h
*
* Created on 2020-11-26
* @author: qyc
*
* @explain:
*/
#ifndef WSGCRYPT_H
#define WSGCRYPT_H
#ifdef __cplusplus
extern "C" {
#endif
#include "gcrypt.h"
#include "glib.h"
/*
* Define HAVE_LIBGCRYPT_AEAD here, because it's used in several source
* files.
*/
#if GCRYPT_VERSION_NUMBER >= 0x010600 /* 1.6.0 */
/* Whether to provide support for authentication in addition to decryption. */
#define HAVE_LIBGCRYPT_AEAD
#endif
/*
* Define some other "do we have?" items as well.
*/
#if GCRYPT_VERSION_NUMBER >= 0x010700 /* 1.7.0 */
/* Whether ChaCh20 PNE can be supported. */
#define HAVE_LIBGCRYPT_CHACHA20
/* Whether AEAD_CHACHA20_POLY1305 can be supported. */
#define HAVE_LIBGCRYPT_CHACHA20_POLY1305
#endif
#define HASH_SHA2_256_LENGTH 32
/* Convenience function to calculate the HMAC from the data in BUFFER
of size LENGTH with key KEY of size KEYLEN using the algorithm ALGO avoiding the creating of a
hash object. The hash is returned in the caller provided buffer
DIGEST which must be large enough to hold the digest of the given
algorithm. */
gcry_error_t ws_hmac_buffer(int algo, void *digest, const void *buffer, size_t length, const void *key, size_t keylen);
/**
* RFC 5869 HMAC-based Extract-and-Expand Key Derivation Function (HKDF):
* HKDF-Expand(PRK, info, L) -> OKM
*
* @param hashalgo [in] Libgcrypt hash algorithm identifier.
* @param prk [in] Pseudo-random key.
* @param prk_len [in] Length of prk.
* @param info [in] Optional context (can be NULL if info_len is zero).
* @param info_len [in] Length of info.
* @param out [out] Output keying material.
* @param out_len [in] Size of output keying material.
* @return 0 on success and an error code otherwise.
*/
gcry_error_t hkdf_expand(int hashalgo, const guint8 *prk, guint prk_len, const guint8 *info, guint info_len, guint8 *out, guint out_len);
/*
* Calculate HKDF-Extract(salt, IKM) -> PRK according to RFC 5869.
* Caller MUST ensure that 'prk' is large enough to store the digest from hash
* algorithm 'hashalgo' (e.g. 32 bytes for SHA-256).
*/
static inline gcry_error_t hkdf_extract(int hashalgo, const guint8 *salt, size_t salt_len, const guint8 *ikm, size_t ikm_len, guint8 *prk)
{
/* PRK = HMAC-Hash(salt, IKM) where salt is key, and IKM is input. */
return ws_hmac_buffer(hashalgo, prk, ikm, ikm_len, salt, salt_len);
}
#ifdef __cplusplus
}
#endif
#endif //WSGCRYPT_H

62
src/quic_entry.cpp
View File

@@ -6,9 +6,11 @@
*/
#include <stdio.h>
#include <MESA/stream_inc/stream_base.h>
#include <MESA/MESA_handle_logger.h>
#include <MESA/stream.h>
#include <MESA/MESA_prof_load.h>
#include <MESA/MESA_handle_logger.h>
#include "quic.h"
#include "quic_entry.h"
#include "quic_process.h"
@@ -141,47 +143,44 @@ void quic_free_client_hello(struct quic_client_hello *client_hello, int thread_s
return ;
}
void quic_free_context(void** pme, int thread_seq)
void quic_free_context(const struct streaminfo *a_stream, int bridge_id, void *data)
{
if(NULL==*pme)
if(NULL!=data)
{
return ;
struct quic_context *context = (struct quic_context *)data;
quic_free_client_hello(context->quic_info.client_hello, a_stream->threadnum);
dictator_free(a_stream->threadnum, data);
}
struct quic_context *context = (struct quic_context *)*pme;
quic_free_client_hello(context->quic_info.client_hello, thread_seq);
dictator_free(thread_seq, *pme);
*pme=NULL;
return;
}
extern "C" unsigned char QUIC_ENTRY(struct streaminfo *pstream, void**pme, int thread_seq, void *a_packet)
extern "C" unsigned char QUIC_ENTRY(const struct streaminfo *pstream, void**pme, int thread_seq, const void *a_packet)
{
unsigned char state=0;
struct quic_context *context=(struct quic_context *)*pme;
if((g_quic_param.quic_interested_region_flag<QUIC_KEY) || (!is_quic_port(pstream)))
{
return APP_STATE_DROPME;
}
if(*pme==NULL)
if(pstream->opstate==OP_STATE_PENDING)
{
quic_init_context(pme, thread_seq);
context=(struct quic_context *)*pme;
*pme=stream_bridge_async_data_get(pstream, g_quic_param.context_bridge_id);
if(*pme==NULL)
{
*pme=dictator_malloc(thread_seq, sizeof(struct quic_context));
memset(*pme, 0, sizeof(struct quic_context));
}
}
unsigned char state=0;
struct quic_context *context=(struct quic_context *)*pme;
state=quic_analyze_entry(pstream, context, thread_seq, a_packet);
if(pstream->opstate==OP_STATE_CLOSE)
{
state=quic_call_business_plug(pstream, context, NULL, 0, QUIC_INTEREST_KEY_MASK, a_packet);
}
state=quic_analyze_entry(pstream, context, thread_seq, a_packet);
if(state&APP_STATE_DROPME || state&APP_STATE_DROPPKT || pstream->opstate==OP_STATE_CLOSE)
{
quic_free_context(pme, thread_seq);
if(state&APP_STATE_DROPME || pstream->opstate==OP_STATE_CLOSE)
{
quic_call_business_plug(pstream, context, NULL, 0, QUIC_INTEREST_KEY_MASK, a_packet);
quic_free_context(pstream, g_quic_param.context_bridge_id, *pme);
stream_bridge_async_data_put(pstream, g_quic_param.context_bridge_id, NULL);
*pme=NULL;
return state;
}
@@ -233,7 +232,7 @@ extern "C" int QUIC_INIT(void)
return -1;
}
strncpy(g_quic_param.quic_conf_regionname[region_id], region_name, strlen(region_name));
memcpy(g_quic_param.quic_conf_regionname[region_id], region_name, MIN(sizeof(g_quic_param.quic_conf_regionname[region_id])-1, strlen(region_name)));
g_quic_param.quic_region_cnt++;
memset(region_name, 0, sizeof(region_name));
}
@@ -246,7 +245,8 @@ extern "C" int QUIC_INIT(void)
return -1;
}
gcry_init();
g_quic_param.context_bridge_id=stream_bridge_build("QUIC_CONTEXT", "w");
stream_bridge_register_data_free_cb(g_quic_param.context_bridge_id, quic_free_context);
return 0;
}
@@ -321,6 +321,8 @@ extern "C" long long QUIC_FLAG_CHANGE(char* flag_str)
extern "C" void QUIC_DESTROY(void)
{
MESA_destroy_runtime_log_handle(g_quic_param.logger);
g_quic_param.logger = NULL;
return ;
}

8
src/quic_entry.h
View File

@@ -3,6 +3,10 @@
#include "quic.h"
#ifndef MIN
#define MIN(a, b) (((a) < (b)) ? (a) : (b))
#endif
#define FALSE 0x00
#define TRUE 0x01
#define MAYBE 0x02
@@ -29,6 +33,7 @@ struct quic_param
int quic_port_num;
int decrypted_switch;
int max_parse_pkt_num;
int context_bridge_id;
unsigned short quic_port_list[SUPPORT_QUIC_PORT_NUM];
char quic_conf_regionname[MAX_REGION_NUM][REGION_NAME_LEN];
char log_path[128];
@@ -47,8 +52,7 @@ enum quic_mes_type{
};
extern struct quic_param g_quic_param;
int is_quic_port(struct streaminfo *pstream);
void quic_free_client_hello(struct quic_client_hello *client_hello, int thread_seq);
int is_quic_port(const struct streaminfo *pstream);
#endif /* SRC_QUIC_ANALYSIS_H_ */

112
src/quic_process.cpp
View File

@@ -31,10 +31,6 @@ enum PARSE_RESULT
#define PRINTADDR(a, b) ((b)<RLOG_LV_FATAL ? printaddr(&(a->addr), a->threadnum) : "")
#endif
#ifndef MIN
#define MIN(a, b) (((a) < (b)) ? (a) : (b))
#endif
struct quic_client_hello_msg_hdr
{
uint8_t handshake_type;
@@ -57,7 +53,7 @@ int check_port(unsigned short port)
return 0;
}
int is_quic_port(struct streaminfo *pstream)
int is_quic_port(const struct streaminfo *pstream)
{
unsigned short source=0, dest=0;
@@ -152,7 +148,7 @@ int quic_call_business_state(struct quic_context *context)
return state;
}
unsigned char quic_call_business_plug(struct streaminfo *pstream, struct quic_context *context, void *buff, int buff_len, enum quic_interested_region region_mask, void *a_packet)
unsigned char quic_call_business_plug(const struct streaminfo *pstream, struct quic_context *context, void *buff, int buff_len, enum quic_interested_region region_mask, const void *a_packet)
{
char state=PROT_STATE_GIVEME;
char app_state=APP_STATE_GIVEME;
@@ -176,7 +172,7 @@ unsigned char quic_call_business_plug(struct streaminfo *pstream, struct quic_co
session_info.buf=buff;
session_info.buflen=buff_len;
}
state=PROT_PROCESS(&session_info, &(context->business_pme), pstream->threadnum, pstream, a_packet);
state=PROT_PROCESS(&session_info, &(context->business_pme), pstream->threadnum, (struct streaminfo *)pstream, a_packet);
if(state&PROT_STATE_DROPPKT)
{
@@ -376,7 +372,11 @@ int parse_quic_transport_parameter(struct quic_client_hello *client_hello, const
para_offset+=copy_extension_tag(quic_para+para_offset, one_para_length, &client_hello->user_agent, thread_seq);
return 1;
default:
one_para_length=quic_para[para_offset++]; // length=1
one_para_length=(int)(quic_para[para_offset++]); // length=1
if(one_para_length<0 || one_para_length>quic_para_len)
{
break;
}
para_offset+=one_para_length;
break;
}
@@ -426,7 +426,7 @@ int parse_tls_client_hello(struct quic_client_hello **client_hello, const char *
int parse_result=PARSE_RESULT_VERSION;
unsigned short one_ext_type=0, one_ext_len=0, extension_total_len=0;
if(payload_len-payload_offset<=sizeof(struct quic_client_hello_msg_hdr))
if(payload_len-payload_offset<=(int)sizeof(struct quic_client_hello_msg_hdr))
{
return PARSE_RESULT_VERSION;
}
@@ -737,6 +737,11 @@ enum QUIC_VERSION is_quic_protocol(const char *payload, int payload_len, int *pa
enum QUIC_VERSION quic_version=QUIC_VERSION_UNKNOWN;
unsigned char frame_type=(unsigned char)(payload[0]);
if(payload_len<=4)
{
return QUIC_VERSION_UNKNOWN;
}
if(frame_type&QUIC_LONG_HEADER_MASK)
{
quic_version=identify_quic_version(payload, payload_len, payload_offset);
@@ -756,8 +761,6 @@ enum QUIC_VERSION is_quic_protocol(const char *payload, int payload_len, int *pa
unsigned char parse_quic_all_version(struct quic_info *quic_info, const char *payload, int payload_len, int thread_seq)
{
int ret=0, payload_offset=0;
unsigned char decrypt_payload[2048]={0};
unsigned int decrypt_payload_len=sizeof(decrypt_payload);
enum QUIC_VERSION quic_version=QUIC_VERSION_UNKNOWN;
if(payload==NULL || payload_len<=0)
@@ -775,7 +778,11 @@ unsigned char parse_quic_all_version(struct quic_info *quic_info, const char *pa
if(quic_version>=GQUIC_VERSION_Q001 && quic_version<=GQUIC_VERSION_Q048)
{
return parse_quic_uncryption_payload(quic_info, payload+payload_offset, payload_len-payload_offset, thread_seq);
if(payload_len > payload_offset)
{
return parse_quic_uncryption_payload(quic_info, payload+payload_offset, payload_len-payload_offset, thread_seq);
}
return PARSE_RESULT_VERSION;
}
else if(((quic_version>=MVFST_VERSION_00 && quic_version<=MVFST_VERSION_0F) ||
(quic_version>=GQUIC_VERSION_Q049 && quic_version<=GQUIC_VERSION_Q059) ||
@@ -786,16 +793,20 @@ unsigned char parse_quic_all_version(struct quic_info *quic_info, const char *pa
&& g_quic_param.decrypted_switch>0
)
{
ret=quic_deprotection(payload, payload_len, decrypt_payload, &decrypt_payload_len);
if(ret!=1 || decrypt_payload_len<=0)
quic_dpt_t *dpt = quic_deprotection_new();
if (quic_deprotection(dpt, (const u_char *)payload, payload_len) != 0)
{
quic_deprotection_free(dpt);
return PARSE_RESULT_VERSION;
}
if(g_quic_param.decrypted_switch==2)
{
return parse_quic_decrypted_payload(quic_info, (const char *)decrypt_payload, decrypt_payload_len, thread_seq);
ret = parse_quic_decrypted_payload(quic_info, (const char *)dpt->payload.data, dpt->payload.len, thread_seq);
quic_deprotection_free(dpt);
return ret;
}
quic_deprotection_free(dpt);
}
else
{
@@ -806,12 +817,12 @@ unsigned char parse_quic_all_version(struct quic_info *quic_info, const char *pa
}
unsigned char quic_analyze_entry(struct streaminfo *pstream, struct quic_context* context, int thread_seq, void* a_packet)
unsigned char quic_analyze_entry(const struct streaminfo *pstream, struct quic_context* context, int thread_seq, const void* a_packet)
{
unsigned char parse_result=PARSE_RESULT_UNKNOWN;
char state=APP_STATE_GIVEME;
if(pstream==NULL || pstream->pudpdetail==NULL)
if(pstream==NULL || pstream->pudpdetail==NULL || context==NULL)
{
return APP_STATE_DROPME;
}
@@ -820,7 +831,7 @@ unsigned char quic_analyze_entry(struct streaminfo *pstream, struct quic_context
switch(context->pre_parse_state)
{
case PARSE_RESULT_CLIENT_HELLO:
case PARSE_RESULT_CLIENT_HELLO:
parse_result=PARSE_RESULT_PAYLOAD;
break;
case PARSE_RESULT_VERSION:
@@ -833,6 +844,20 @@ unsigned char quic_analyze_entry(struct streaminfo *pstream, struct quic_context
case PARSE_RESULT_PAYLOAD:
case PARSE_RESULT_UNKNOWN:
default:
if(context->parse_first_pkt==1)
{
context->parse_first_pkt=0;
if(context->quic_info.client_hello==NULL)
{
parse_result=PARSE_RESULT_VERSION;
}
else
{
parse_result=PARSE_RESULT_CLIENT_HELLO;
}
break;
}
if((context->parse_pkt_cnt++)>=g_quic_param.max_parse_pkt_num)
{
parse_result=PARSE_RESULT_PAYLOAD;
@@ -863,49 +888,30 @@ unsigned char quic_analyze_entry(struct streaminfo *pstream, struct quic_context
return state;
}
static int copy_client_hello_extension(char *src, char *dest, int d_len)
struct quic_info *quic_protocol_identify(const struct streaminfo *a_stream)
{
if(src==NULL || dest==NULL || d_len<=0)
{
return 0;
}
int len=MIN((int)strlen(src), d_len-1);
memcpy(dest, src, len);
dest[len]='\0';
return len;
}
unsigned int quic_protocol_identify(struct streaminfo *a_stream, void *a_packet, char *out_sni, int *out_sni_len, char *out_ua, int *out_ua_len)
{
unsigned char parse_result=APP_STATE_GIVEME;
struct quic_info quic_info={0, NULL};
unsigned int quic_version=QUIC_VERSION_UNKNOWN;
if(!is_quic_port(a_stream) || a_stream==NULL || a_stream->pudpdetail==NULL)
{
return quic_version;
return NULL;
}
parse_result=parse_quic_all_version(&quic_info, (const char *)a_stream->pudpdetail->pdata, a_stream->pudpdetail->datalen, a_stream->threadnum);
struct quic_info tmp_quic_info={0, NULL};
unsigned char parse_result=APP_STATE_GIVEME;
parse_result=parse_quic_all_version(&tmp_quic_info, (const char *)a_stream->pudpdetail->pdata, a_stream->pudpdetail->datalen, a_stream->threadnum);
if(parse_result!=PARSE_RESULT_UNKNOWN)
{
if(quic_info.client_hello!=NULL)
{
*out_sni_len=copy_client_hello_extension(quic_info.client_hello->sni, out_sni, *out_sni_len);
*out_ua_len=copy_client_hello_extension(quic_info.client_hello->user_agent, out_ua, *out_ua_len);
quic_free_client_hello(quic_info.client_hello, a_stream->threadnum);
}
else
{
*out_sni_len=0;
*out_ua_len=0;
}
quic_version=quic_info.quic_version;
struct quic_context *context=(struct quic_context *)dictator_malloc(a_stream->threadnum, sizeof(struct quic_context));
memset(context, 0, sizeof(struct quic_context));
context->quic_info=tmp_quic_info;
context->parse_first_pkt=1;
context->pre_parse_state=PARSE_RESULT_UNKNOWN;
stream_bridge_async_data_put(a_stream, g_quic_param.context_bridge_id, (void *)context);
return &(context->quic_info);
}
return quic_version;
return NULL;
}

7
src/quic_process.h
View File

@@ -284,13 +284,14 @@ struct quic_context
unsigned char link_state;
unsigned char parse_pkt_cnt;
unsigned char pre_parse_state;
unsigned char padding[5];
unsigned char parse_first_pkt;
unsigned char padding[4];
void *business_pme;
struct quic_info quic_info;
};
unsigned char quic_analyze_entry(struct streaminfo *pstream, struct quic_context* context, int thread_seq, void* a_packet);
unsigned char quic_call_business_plug(struct streaminfo *pstream, struct quic_context *context, void *buff, int buff_len, enum quic_interested_region region_mask, void *a_packet);
unsigned char quic_analyze_entry(const struct streaminfo *pstream, struct quic_context* context, int thread_seq, const void* a_packet);
unsigned char quic_call_business_plug(const struct streaminfo *pstream, struct quic_context *context, void *buff, int buff_len, enum quic_interested_region region_mask, const void *a_packet);
#endif

9
src/version.map Normal file
View File

@@ -0,0 +1,9 @@
VERS_2.4{
global:
extern "C++" {
QUIC_*;
*quic_version_int2string*;
*quic_protocol_identify*;
};
local: *;
};

48
support/CMakeLists.txt
View File

@@ -1,34 +1,28 @@
# CMakeFiles for 3rd vendor library
include(ExternalProject)
### libgpg-error
ExternalProject_Add(libgpg-error PREFIX libgpg-error
URL ${CMAKE_CURRENT_SOURCE_DIR}/libgpg-error-1.42.tar.bz2
URL_MD5 133fed221ba8f63f5842858a1ff67cb3
BUILD_COMMAND ""
CONFIGURE_COMMAND CPPFLAGS=-fPIC ./configure --enable-static --prefix=<INSTALL_DIR> CFLAGS=-fPIC CXXFLAGS=-fPIC LDFLAGS=-fPIC
### OpenSSL 1.1.1
ExternalProject_Add(OpenSSL PREFIX openssl
URL ${CMAKE_CURRENT_SOURCE_DIR}/openssl-1.1.1l.tar.gz
URL_MD5 ac0d4387f3ba0ad741b0580dd45f6ff3
CONFIGURE_COMMAND ./Configure linux-x86_64 --prefix=<INSTALL_DIR> --openssldir=<INSTALL_DIR>/lib/ssl enable-ec_nistp_64_gcc_128 no-shared
BUILD_COMMAND ${MAKE_COMMAND}
INSTALL_COMMAND make install_sw
BUILD_IN_SOURCE 1)
ExternalProject_Get_Property(libgpg-error INSTALL_DIR)
ExternalProject_Get_Property(OpenSSL INSTALL_DIR)
set(OPENSSL_INCLUDE_DIRECTORIES ${INSTALL_DIR}/include)
set(OPENSSL_LINK_DIRECTORIES ${INSTALL_DIR}/lib)
set(OPENSSL_PKGCONFIG_PATH ${INSTALL_DIR}/lib/pkgconfig/)
file(MAKE_DIRECTORY ${INSTALL_DIR}/include)
add_library(libgpg-error-static STATIC IMPORTED GLOBAL)
add_dependencies(libgpg-error-static libgpg-error)
set_property(TARGET libgpg-error-static PROPERTY IMPORTED_LOCATION ${INSTALL_DIR}/lib/libgpg-error.a)
set_property(TARGET libgpg-error-static PROPERTY INTERFACE_INCLUDE_DIRECTORIES ${INSTALL_DIR}/include/)
add_library(openssl-crypto-static STATIC IMPORTED GLOBAL)
add_dependencies(openssl-crypto-static OpenSSL)
set_property(TARGET openssl-crypto-static PROPERTY IMPORTED_LOCATION ${INSTALL_DIR}/lib/libcrypto.a)
set_property(TARGET openssl-crypto-static PROPERTY INTERFACE_INCLUDE_DIRECTORIES ${INSTALL_DIR}/include)
### libgcrypt
ExternalProject_Add(libgcrypt PREFIX libgcrypt
URL ${CMAKE_CURRENT_SOURCE_DIR}/libgcrypt-1.9.4.tar.bz2
URL_MD5 edc7becfe09c75d8f95ff7623e40c52e
BUILD_COMMAND ""
DEPENDS libgpg-error-static
CONFIGURE_COMMAND CPPFLAGS=-fPIC ./configure --enable-static --disable-doc --prefix=<INSTALL_DIR> --with-libgpg-error-prefix=${CMAKE_CURRENT_BINARY_DIR}/libgpg-error/ CFLAGS=-fPIC CXXFLAGS=-fPIC LDFLAGS=-fPIC
BUILD_IN_SOURCE 1)
ExternalProject_Get_Property(libgcrypt INSTALL_DIR)
file(MAKE_DIRECTORY ${INSTALL_DIR}/include)
add_library(libgcrypt-static STATIC IMPORTED GLOBAL)
add_dependencies(libgcrypt-static libgcrypt)
set_property(TARGET libgcrypt-static PROPERTY IMPORTED_LOCATION ${INSTALL_DIR}/lib/libgcrypt.a)
set_property(TARGET libgcrypt-static PROPERTY INTERFACE_INCLUDE_DIRECTORIES ${INSTALL_DIR}/include/)
add_library(openssl-ssl-static STATIC IMPORTED GLOBAL)
add_dependencies(openssl-ssl-static OpenSSL)
set_property(TARGET openssl-ssl-static PROPERTY IMPORTED_LOCATION ${INSTALL_DIR}/lib/libssl.a)
set_property(TARGET openssl-ssl-static PROPERTY INTERFACE_INCLUDE_DIRECTORIES ${INSTALL_DIR}/include)

BIN
support/libgcrypt-1.9.4.tar.bz2
View File

Binary file not shown.

BIN
support/libgpg-error-1.42.tar.bz2
View File

Binary file not shown.

BIN
support/openssl-1.1.1l.tar.gz Normal file
View File

Binary file not shown.

2
test/CMakeLists.txt
View File

@@ -1,4 +1,4 @@
cmake_minimum_required (VERSION 2.8)
cmake_minimum_required (VERSION 2.8...3.10)
set(lib_name quic)
project(${lib_name}_test)

BIN
test/pcap/quic_len_-2.pcapng Normal file
View File

Binary file not shown.