osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

QUIC: recognize short header packets after connection migration 

Improve QUIC heuristics to detect Short Header packets that have a DCID
matching with an earlier connection. Tested with "picoquicdemo -f".

Change-Id: I0c28e527ffa29784f8752a695e2d22bdea9797c4
Ping-Bug: 13881
Reviewed-on: https://code.wireshark.org/review/29728
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This commit is contained in:
Peter Wu 2018-09-19 00:42:44 +02:00 committed by Alexis La Goutte
parent fc9e404ab2
commit 17bc055138
1 changed files with 30 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
epan/dissectors/packet-quic.c
View File

@ -2250,6 +2250,34 @@ dissect_quic(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
return offset;
}
static gboolean
dissect_quic_short_header_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
// If this capture does not contain QUIC, skip the more expensive checks.
if (quic_cid_lengths == 0) {
return FALSE;
}
// Is this a SH packet after connection migration? SH (draft -14):
// Flag (1) + DCID (4-18) + PKN (1/2/4) + encrypted payload (>= 16).
if (tvb_captured_length(tvb) < 1 + 4 + 1 + 16) {
return FALSE;
}
// DCID length is unknown, so extract the maximum and look for a match.
quic_cid_t dcid = {.len=18};
tvb_memcpy(tvb, dcid.cid, 1, 18);
gboolean from_server;
if (!quic_connection_find(pinfo, QUIC_SHORT_PACKET, &dcid, &from_server)) {
return FALSE;
}
conversation_t *conversation = find_or_create_conversation(pinfo);
conversation_set_dissector(conversation, quic_handle);
dissect_quic(tvb, pinfo, tree, NULL);
return TRUE;
}
static gboolean dissect_quic_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
{
/*
@ -2276,7 +2304,8 @@ static gboolean dissect_quic_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree
flags = tvb_get_guint8(tvb, offset);
/* Check if long Packet is set */
if((flags & 0x80) == 0) {
return FALSE;
// Perhaps this is a short header, check it.
return dissect_quic_short_header_heur(tvb, pinfo, tree);
}
offset += 1;