HTTP3: Use NG-HTTP3 to dissect headers.
All code by Omer Shapira. Copy of MR #9330 with minor fixes.
This commit is contained in:
parent
80f9a28921
commit
8564c8d525
|
@ -0,0 +1,62 @@
|
|||
# Find the system's Nghttp3 includes and library
|
||||
#
|
||||
# NGHTTP3_INCLUDE_DIRS - where to find nghttp3.h
|
||||
# NGHTTP3_LIBRARIES - List of libraries when using nghttp3
|
||||
# NGHTTP3_FOUND - True if nghttp3 found
|
||||
# NGHTTP3_DLL_DIR - (Windows) Path to the Nghttp2 DLL
|
||||
# NGHTTP3_DLL - (Windows) Name of the Nghttp2 DLL
|
||||
|
||||
include( FindWSWinLibs )
|
||||
FindWSWinLibs( "nghttp3-.*" "NGHTTP3_HINTS" )
|
||||
|
||||
if( NOT WIN32)
|
||||
find_package(PkgConfig)
|
||||
pkg_search_module(NGHTTP3 libnghttp3)
|
||||
endif()
|
||||
|
||||
find_path( NGHTTP3_INCLUDE_DIR
|
||||
NAMES nghttp3/nghttp3.h
|
||||
HINTS
|
||||
"${NGHTTP3_INCLUDEDIR}"
|
||||
"${NGHTTP3_HINTS}/include"
|
||||
PATHS /usr/local/include /usr/include
|
||||
)
|
||||
|
||||
find_library( NGHTTP3_LIBRARY
|
||||
NAMES nghttp3
|
||||
HINTS
|
||||
"${NGHTTP3_LIBDIR}"
|
||||
"${NGHTTP3_HINTS}/lib"
|
||||
PATHS /usr/local/lib /usr/lib
|
||||
)
|
||||
|
||||
include( FindPackageHandleStandardArgs )
|
||||
find_package_handle_standard_args( NGHTTP3 DEFAULT_MSG NGHTTP3_LIBRARY NGHTTP3_INCLUDE_DIR )
|
||||
|
||||
if( NGHTTP3_FOUND )
|
||||
set( NGHTTP3_INCLUDE_DIRS ${NGHTTP3_INCLUDE_DIR} )
|
||||
set( NGHTTP3_LIBRARIES ${NGHTTP3_LIBRARY} )
|
||||
if (WIN32)
|
||||
set ( NGHTTP3_DLL_DIR "${NGHTTP3_HINTS}/bin"
|
||||
CACHE PATH "Path to nghttp3 DLL"
|
||||
)
|
||||
file( GLOB _nghttp3_dll RELATIVE "${NGHTTP3_DLL_DIR}"
|
||||
"${NGHTTP3_DLL_DIR}/nghttp3.dll"
|
||||
)
|
||||
set ( NGHTTP3_DLL ${_nghttp3_dll}
|
||||
CACHE FILEPATH "nghttp3 DLL file name"
|
||||
)
|
||||
file( GLOB _nghttp3_pdb RELATIVE "${NGHTTP3_DLL_DIR}"
|
||||
"${NGHTTP3_DLL_DIR}/nghttp3.pdb"
|
||||
)
|
||||
set ( NGHTTP3_PDB ${_nghttp3_pdb}
|
||||
CACHE FILEPATH "nghttp3 PDB file name"
|
||||
)
|
||||
mark_as_advanced( NGHTTP3_DLL_DIR NGHTTP3_DLL NGHTTP3_PDB )
|
||||
endif()
|
||||
else()
|
||||
set( NGHTTP3_INCLUDE_DIRS )
|
||||
set( NGHTTP3_LIBRARIES )
|
||||
endif()
|
||||
|
||||
mark_as_advanced( NGHTTP3_LIBRARIES NGHTTP3_INCLUDE_DIRS )
|
|
@ -0,0 +1,103 @@
|
|||
|
||||
# Supported features
|
||||
The HTTP3 dissector is a work in progress.
|
||||
|
||||
At the moment, the following aspects of HTTP3 are supported:
|
||||
- Diseciton of different HTTP3 stream types
|
||||
- Dissection of different HTTP3 frame types
|
||||
- Dissection of HTTP header fields
|
||||
- Dissection of QPACK instructions
|
||||
|
||||
In addition, the dissector suports decoding of the HTTP3
|
||||
header fields. This ability requires `nghttp3` third-party library.
|
||||
|
||||
## High-level overview
|
||||
The HTTP3 dissector is invoked by the QUIC dissector.
|
||||
|
||||
The essential call tree:
|
||||
- `dissect_http3`
|
||||
Main entry point. Depending on the stream type, invokes one of the following:
|
||||
- `dissect_http3_uni_stream`
|
||||
Processes unidirectional streams, including the control streams,
|
||||
the QPACK encoder/decoder streams, and the HTTP3 server push streams.
|
||||
NOTE: the HTTP3 server push streams support is rudimental.
|
||||
- `dissect_http3_qpack_enc`
|
||||
Dissects the QPACK encoder stream.
|
||||
If Wireshark was built with the optional `nghttp3` library,
|
||||
this function is also responsible on updating the state
|
||||
of the QPACK decoder.
|
||||
- `dissect_http3_frame`
|
||||
Processed HTTP3 frames from the client-initiated bidirectional stream.
|
||||
Determines the frame type, and dispatches the call to one of the
|
||||
sub-dissectors:
|
||||
- `dissect_http3_data`
|
||||
Dissects the `HTTP3_DATA` frames.
|
||||
- `dissect_http3_headers`
|
||||
Dissects the `HTTP3_HEADER` frames.
|
||||
If Wireshark was built with the optional `nghttp3` library,
|
||||
this function attempts to decode the header fields, using
|
||||
the QPACK decoder.
|
||||
- `dissect_http3_settings`
|
||||
Dissects the `HTTP3_SETTINGS` frames.
|
||||
|
||||
### Overview of the HTTP3 header dissection
|
||||
The QPACK implementation from `nghttp3` requires a separate QPACK decoder instance
|
||||
for every HTTP3 connection. The different HTTP3 streams that constitute a single
|
||||
HTTP3 conneciton are sharing the same QPACK decoder instance.
|
||||
|
||||
The HTTP3 dissector interacts with the QPACK decoder in 2 ways:
|
||||
- On the reception of QPACK encoder data (which is delivered on a dedicated unidirectional stream),
|
||||
the dissector updates the connection's decoder instance.
|
||||
- On the reception of compressed HTTP3 headers, the dissector uses the connection's decoder
|
||||
to uncompress the HTTP headers.
|
||||
|
||||
If decompression succeeds, the dissector adds tree items to the packet tree. Otherwise,
|
||||
the dissector adds expert info items.
|
||||
|
||||
The decompression can fail due to several reasons:
|
||||
- If the instruction count required by the compressed HTTP3 headers
|
||||
exceeds the maximal instruction count that the QPACK decoder is aware of,
|
||||
the decoding becomes "blocked". This situation can occure when the QUIC packets
|
||||
that carry the QPACK encoder instructions are dropped/reordered.
|
||||
- If the state of the decoder becomes invalid, which may happen when a "garbage"
|
||||
data is received on the QUIC stream.
|
||||
- Lastly, the decoding can fail if the underlying QUIC desegmentation is
|
||||
not working correctly.
|
||||
|
||||
### Overview of HTTP3 data frames dissection
|
||||
The higher-level dissectors that could use HTTP3 (e.g. WebTransport) need to be able
|
||||
to access the contents of a single HTTP3 stream as a contiguous span of data.
|
||||
|
||||
For that purpose, the HTTP3 dissector is defining a custom conversation finder.
|
||||
See functions `http3_find_inner_conversation` and `http3_reset_inner_conversation`.
|
||||
|
||||
## Essential data structures
|
||||
### File-level state
|
||||
#### `HTTP3_CONN_INFO_MAP`
|
||||
The `HTTP3_CONN_INFO_MAP` contains session-level information for every HTTP3 connection
|
||||
in a PCAP file. This map is lazily allocated, and is cleared upon exiting the file scope.
|
||||
|
||||
### HTTP3 header caches
|
||||
The dissector attempts to conserve memory, by avoding allocating memory for
|
||||
duplicate header names/values. Instead, the dissector keeps the decoded names/values
|
||||
in two caches: `HTTP3_HEADER_CACHE` and `HTTP3_HEADER_DEF_CACHE`. The former stores
|
||||
the decoded HTTP3 header values, and the latter stores the decoded HTTP3 header names.
|
||||
|
||||
### Connection-level state
|
||||
#### `http3_session_info_t`
|
||||
The `http3_session_info_t` keeps the state of the QPACK decoder. Every HTTP3 connection
|
||||
corresponds to a single session. In the future, the session may be shared between multiple
|
||||
connections, to support connection migration or multipath HTTP3.
|
||||
At the moment, there are no shared sessions.
|
||||
|
||||
### Stream-level state
|
||||
#### `http3_stream_info_t`
|
||||
The `http3_stream_info_t` keeps the information about the individual HTTP3 streams,
|
||||
as well as mapping to the underlying QUIC streams.
|
||||
|
||||
### Frame-level state
|
||||
#### `http3_header_field_t`
|
||||
The `http3_header_field_t` keeps the information about a single HTTP header.
|
||||
It contains both the encoded and the decoded representation of the header.
|
||||
The actual decoded strings are stored in `HTTP3_HEADER_CACHE`/`HTTP3_HEADER_DEF_CACHE`;
|
||||
the individual `http3_header_field_t` instances contain pointers to the strings.
|
|
@ -74,7 +74,7 @@ static int hf_http3_frame_payload = -1;
|
|||
|
||||
static int hf_http3_data = -1;
|
||||
|
||||
static int hf_http3_headers = -1;
|
||||
//static int hf_http3_headers = -1;
|
||||
static int hf_http3_headers_count = -1;
|
||||
static int hf_http3_header = -1;
|
||||
static int hf_http3_header_length = -1;
|
||||
|
@ -87,7 +87,7 @@ static int hf_http3_header_request_full_uri = -1;
|
|||
static int hf_http3_header_qpack_blocked = -1;
|
||||
static int hf_http3_header_qpack_blocked_stream_rcint = -1;
|
||||
static int hf_http3_header_qpack_blocked_decoder_wicnt = -1;
|
||||
static int hf_http3_header_qpack_fatal = -1;
|
||||
//static int hf_http3_header_qpack_fatal = -1;
|
||||
|
||||
#ifdef HAVE_NGHTTP3
|
||||
/* Static HTTP3 headers */
|
||||
|
@ -143,12 +143,12 @@ static int hf_http3_headers_via = -1;
|
|||
static int hf_http3_headers_www_authenticate = -1;
|
||||
#endif
|
||||
|
||||
static int hf_http3_qpack = -1;
|
||||
//static int hf_http3_qpack = -1;
|
||||
static int hf_http3_qpack_encoder = -1;
|
||||
static int hf_http3_qpack_encoder_length = -1;
|
||||
//static int hf_http3_qpack_encoder_length = -1;
|
||||
static int hf_http3_qpack_encoder_icnt = -1;
|
||||
static int hf_http3_qpack_encoder_icnt_inc = -1;
|
||||
static int hf_http3_qpack_encoder_opcode = -1;
|
||||
//static int hf_http3_qpack_encoder_opcode = -1;
|
||||
static int hf_http3_qpack_encoder_opcode_insert_indexed = -1;
|
||||
static int hf_http3_qpack_encoder_opcode_insert_indexed_ref = -1;
|
||||
static int hf_http3_qpack_encoder_opcode_insert_indexed_val = -1;
|
||||
|
@ -159,7 +159,7 @@ static int hf_http3_qpack_encoder_opcode_insert_hname = -1;
|
|||
static int hf_http3_qpack_encoder_opcode_insert_val = -1;
|
||||
static int hf_http3_qpack_encoder_opcode_insert_hval = -1;
|
||||
static int hf_http3_qpack_encoder_opcode_duplicate = -1;
|
||||
static int hf_http3_qpack_encoder_opcode_duplicate_val = -1;
|
||||
//static int hf_http3_qpack_encoder_opcode_duplicate_val = -1;
|
||||
static int hf_http3_qpack_encoder_opcode_dtable_cap = -1;
|
||||
static int hf_http3_qpack_encoder_opcode_dtable_cap_val = -1;
|
||||
|
||||
|
@ -177,11 +177,11 @@ static int hf_http3_priority_update_element_id = -1;
|
|||
static int hf_http3_priority_update_field_value = -1;
|
||||
|
||||
/* QPACK dissection EIs */
|
||||
static expert_field ei_http3_qpack_enc_update = EI_INIT;
|
||||
//static expert_field ei_http3_qpack_enc_update = EI_INIT;
|
||||
static expert_field ei_http3_qpack_failed = EI_INIT;
|
||||
/* HTTP3 dissection EIs */
|
||||
static expert_field ei_http3_unknown_stream_type = EI_INIT;
|
||||
static expert_field ei_http3_data_not_decoded = EI_INIT;
|
||||
//static expert_field ei_http3_data_not_decoded = EI_INIT;
|
||||
/* Encoded data EIs */
|
||||
static expert_field ei_http3_header_encoded_state = EI_INIT;
|
||||
/* HTTP3 header decoding EIs */
|
||||
|
@ -580,7 +580,7 @@ http3_nghttp3_malloc(size_t size, void *user_data _U_)
|
|||
static void
|
||||
http3_nghttp3_free(void *ptr, void *user_data _U_)
|
||||
{
|
||||
return wmem_free(wmem_file_scope(), ptr);
|
||||
wmem_free(wmem_file_scope(), ptr);
|
||||
}
|
||||
|
||||
static void *
|
||||
|
@ -1759,7 +1759,7 @@ dissect_http3_uni_stream(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, in
|
|||
proto_tree *stream_tree;
|
||||
const gchar *stream_display_name;
|
||||
|
||||
ti_stream = proto_tree_add_item(tree, hf_http3_stream_uni, tvb, offset, 1, ENC_NA);
|
||||
ti_stream = proto_tree_add_item(tree, hf_http3_stream_uni, tvb, offset, -1, ENC_NA);
|
||||
stream_tree = proto_item_add_subtree(ti_stream, ett_http3_stream_uni);
|
||||
|
||||
if (stream_info->offset == 0) {
|
||||
|
@ -1767,21 +1767,20 @@ dissect_http3_uni_stream(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, in
|
|||
&lenvar);
|
||||
offset += lenvar;
|
||||
http3_stream->uni_stream_type = stream_type;
|
||||
if (http3_is_reserved_code(stream_type)) {
|
||||
// Reserved to exercise requirement that unknown types are ignored.
|
||||
proto_item_set_text(ti_stream_type, "Stream Type: Reserved (%#" PRIx64 ")", stream_type);
|
||||
stream_display_name = "Reserved";
|
||||
}
|
||||
else {
|
||||
stream_display_name = val64_to_str_const(stream_type, http3_stream_types, "Unknown");
|
||||
}
|
||||
proto_item_set_text(ti_stream, "UNI STREAM: %s off=%" PRIu64 "", stream_display_name, stream_info->stream_offset);
|
||||
} else {
|
||||
stream_type = http3_stream->uni_stream_type;
|
||||
ti_stream_type = proto_tree_add_item(stream_tree, hf_http3_stream_uni_type, tvb, offset, -1, ENC_NA);
|
||||
/*ti_stream_type = proto_tree_add_item(stream_tree, hf_http3_stream_uni_type, tvb, offset, -1, ENC_NA);*/
|
||||
}
|
||||
|
||||
if (http3_is_reserved_code(stream_type)) {
|
||||
// Reserved to exercise requirement that unknown types are ignored.
|
||||
proto_item_set_text(ti_stream_type, "Stream Type: Reserved (%#" PRIx64 ")", stream_type);
|
||||
stream_display_name = "Reserved";
|
||||
} else {
|
||||
stream_display_name = val64_to_str_const(stream_type, http3_stream_types, "Unknown");
|
||||
}
|
||||
|
||||
proto_item_set_text(ti_stream, "UNI STREAM: %s off=%" PRIu64 "", stream_display_name, stream_info->stream_offset);
|
||||
|
||||
switch (stream_type) {
|
||||
case HTTP3_STREAM_TYPE_CONTROL:
|
||||
break;
|
||||
|
@ -2214,11 +2213,11 @@ proto_register_http3(void)
|
|||
NULL, HFILL }
|
||||
},
|
||||
/* Headers */
|
||||
{ &hf_http3_headers,
|
||||
{ "Header", "http3.headers",
|
||||
FT_UINT32, BASE_DEC, NULL, 0x0,
|
||||
NULL, HFILL }
|
||||
},
|
||||
//{ &hf_http3_headers,
|
||||
// { "Header", "http3.headers",
|
||||
// FT_UINT32, BASE_DEC, NULL, 0x0,
|
||||
// NULL, HFILL }
|
||||
//},
|
||||
{ &hf_http3_headers_count,
|
||||
{ "Headers Count", "http3.headers.count",
|
||||
FT_UINT32, BASE_DEC, NULL, 0x0,
|
||||
|
@ -2274,26 +2273,26 @@ proto_register_http3(void)
|
|||
FT_UINT32, BASE_DEC, NULL, 0x0,
|
||||
NULL, HFILL }
|
||||
},
|
||||
{ &hf_http3_header_qpack_fatal,
|
||||
{ "QPACK decoding error", "http3.header.qpack.fatal",
|
||||
FT_BOOLEAN, BASE_NONE, NULL, 0x0,
|
||||
NULL, HFILL }
|
||||
},
|
||||
{ &hf_http3_qpack,
|
||||
{ "QPACK", "http3.qpack",
|
||||
FT_BYTES, BASE_NONE, NULL, 0x0,
|
||||
NULL, HFILL }
|
||||
},
|
||||
//{ &hf_http3_header_qpack_fatal,
|
||||
// { "QPACK decoding error", "http3.header.qpack.fatal",
|
||||
// FT_BOOLEAN, BASE_NONE, NULL, 0x0,
|
||||
// NULL, HFILL }
|
||||
//},
|
||||
//{ &hf_http3_qpack,
|
||||
// { "QPACK", "http3.qpack",
|
||||
// FT_BYTES, BASE_NONE, NULL, 0x0,
|
||||
// NULL, HFILL }
|
||||
//},
|
||||
{ &hf_http3_qpack_encoder,
|
||||
{ "QPACK encoder", "http3.qpack.encoder",
|
||||
FT_BYTES, BASE_NONE, NULL, 0x0,
|
||||
NULL, HFILL }
|
||||
},
|
||||
{ &hf_http3_qpack_encoder_length,
|
||||
{ "QPACK encoder update length", "http3.qpack.encoder.length",
|
||||
FT_UINT32, BASE_DEC, NULL, 0x0,
|
||||
NULL, HFILL }
|
||||
},
|
||||
//{ &hf_http3_qpack_encoder_length,
|
||||
// { "QPACK encoder update length", "http3.qpack.encoder.length",
|
||||
// FT_UINT32, BASE_DEC, NULL, 0x0,
|
||||
// NULL, HFILL }
|
||||
//},
|
||||
{ &hf_http3_qpack_encoder_icnt,
|
||||
{ "QPACK encoder instruction count", "http3.qpack.encoder.icnt",
|
||||
FT_UINT32, BASE_DEC, NULL, 0x0,
|
||||
|
@ -2304,11 +2303,11 @@ proto_register_http3(void)
|
|||
FT_UINT32, BASE_DEC, NULL, 0x0,
|
||||
NULL, HFILL }
|
||||
},
|
||||
{ &hf_http3_qpack_encoder_opcode,
|
||||
{ "QPACK encoder opcode", "http3.qpack.encoder.opcode",
|
||||
FT_BYTES, BASE_NONE, NULL, 0x0,
|
||||
NULL, HFILL }
|
||||
},
|
||||
//{ &hf_http3_qpack_encoder_opcode,
|
||||
// { "QPACK encoder opcode", "http3.qpack.encoder.opcode",
|
||||
// FT_BYTES, BASE_NONE, NULL, 0x0,
|
||||
// NULL, HFILL }
|
||||
// },
|
||||
{ &hf_http3_qpack_encoder_opcode_insert_indexed,
|
||||
{ "Insert with Name Reference", "http3.qpack.encoder.opcode.insert_indexed",
|
||||
FT_BYTES, BASE_NONE, NULL, 0x0,
|
||||
|
@ -2359,11 +2358,11 @@ proto_register_http3(void)
|
|||
FT_BYTES, BASE_NONE, NULL, 0x0,
|
||||
NULL, HFILL }
|
||||
},
|
||||
{ &hf_http3_qpack_encoder_opcode_duplicate_val,
|
||||
{ "Duplicate Index", "http3.qpack.encoder.opcode.duplicate.val",
|
||||
FT_BYTES, BASE_NONE, NULL, 0x0,
|
||||
NULL, HFILL }
|
||||
},
|
||||
//{ &hf_http3_qpack_encoder_opcode_duplicate_val,
|
||||
// { "Duplicate Index", "http3.qpack.encoder.opcode.duplicate.val",
|
||||
// FT_BYTES, BASE_NONE, NULL, 0x0,
|
||||
// NULL, HFILL }
|
||||
//},
|
||||
{ &hf_http3_qpack_encoder_opcode_dtable_cap,
|
||||
{ "Set Dynamic Table Capacity", "http3.qpack.encoder.opcode.dtable_cap",
|
||||
FT_BYTES, BASE_NONE, NULL, 0x0,
|
||||
|
@ -2455,16 +2454,16 @@ proto_register_http3(void)
|
|||
{ "http3.unknown_stream_type", PI_UNDECODED, PI_WARN,
|
||||
"An unknown stream type was encountered", EXPFILL }
|
||||
},
|
||||
{ &ei_http3_data_not_decoded,
|
||||
{ "http3.data_not_decoded", PI_UNDECODED, PI_WARN,
|
||||
"Data not decoded", EXPFILL }
|
||||
},
|
||||
{ &ei_http3_qpack_enc_update ,
|
||||
{ "http3.qpack_enc_update", PI_UNDECODED, PI_WARN,
|
||||
"Success decoding QPACK buffer", EXPFILL }
|
||||
},
|
||||
//{ &ei_http3_data_not_decoded,
|
||||
// { "http3.data_not_decoded", PI_UNDECODED, PI_WARN,
|
||||
// "Data not decoded", EXPFILL }
|
||||
// },
|
||||
// { &ei_http3_qpack_enc_update,
|
||||
// { "http3.qpack_enc_update", PI_UNDECODED, PI_WARN,
|
||||
// "Success decoding QPACK buffer", EXPFILL }
|
||||
// },
|
||||
{ &ei_http3_qpack_failed,
|
||||
{ "http3.qpack_enc_failed", PI_UNDECODED, PI_WARN,
|
||||
{ "http3.qpack_enc_failed", PI_UNDECODED, PI_NOTE,
|
||||
"Error decoding QPACK buffer", EXPFILL }
|
||||
},
|
||||
{ &ei_http3_header_encoded_state ,
|
||||
|
@ -2472,15 +2471,15 @@ proto_register_http3(void)
|
|||
"HTTP3 header encoded block", EXPFILL }
|
||||
},
|
||||
{ &ei_http3_header_decoding_failed ,
|
||||
{ "http3.expert.header_decoding.failed", PI_UNDECODED, PI_WARN,
|
||||
{ "http3.expert.header_decoding.failed", PI_UNDECODED, PI_NOTE,
|
||||
"Failed to decode HTTP3 header name/value", EXPFILL }
|
||||
},
|
||||
{ &ei_http3_header_decoding_blocked,
|
||||
{ "http3.expert.header_decoding.blocked", PI_UNDECODED, PI_WARN,
|
||||
{ "http3.expert.header_decoding.blocked", PI_UNDECODED, PI_NOTE,
|
||||
"Failed to decode HTTP3 header name/value (blocked on QPACK)", EXPFILL}
|
||||
},
|
||||
{ &ei_http3_header_decoding_no_output,
|
||||
{ "http3.expert.header_decoding.no_output", PI_UNDECODED, PI_WARN,
|
||||
{ "http3.expert.header_decoding.no_output", PI_UNDECODED, PI_NOTE,
|
||||
"Failed to decode HTTP3 header name/value (QPACK decoder no emission)", EXPFILL}
|
||||
},
|
||||
};
|
||||
|
|
|
@ -166,8 +166,8 @@ static int hf_quic_af_sequence_number = -1;
|
|||
static int hf_quic_af_ack_eliciting_threshold = -1;
|
||||
static int hf_quic_af_request_max_ack_delay = -1;
|
||||
static int hf_quic_af_reordering_threshold = -1;
|
||||
static int hf_quic_af_ignore_order = -1;
|
||||
static int hf_quic_af_ignore_ce = -1;
|
||||
//static int hf_quic_af_ignore_order = -1;
|
||||
//static int hf_quic_af_ignore_ce = -1;
|
||||
static int hf_quic_ts = -1;
|
||||
static int hf_quic_unpredictable_bits = -1;
|
||||
static int hf_quic_stateless_reset_token = -1;
|
||||
|
@ -5355,16 +5355,16 @@ proto_register_quic(void)
|
|||
FT_UINT64, BASE_DEC, NULL, 0x0,
|
||||
"The value that indicates the maximum packet reordering before eliciting an immediate ACK", HFILL }
|
||||
},
|
||||
{ &hf_quic_af_ignore_order,
|
||||
{ "Ignore Order", "quic.af.ignore_order",
|
||||
FT_BOOLEAN, 8, NULL, 0x02,
|
||||
"This field is set to true by an endpoint that does not wish to receive an immediate acknowledgement when the peer receives a packet out of order", HFILL }
|
||||
},
|
||||
{ &hf_quic_af_ignore_ce,
|
||||
{ "Ignore CE", "quic.af.ignore_ce",
|
||||
FT_BOOLEAN, 8, NULL, 0x01,
|
||||
"This field is set to true by an endpoint that does not wish to receive an immediate acknowledgement when the peer receives CE-marked packets", HFILL }
|
||||
},
|
||||
//{ &hf_quic_af_ignore_order,
|
||||
// { "Ignore Order", "quic.af.ignore_order",
|
||||
// FT_BOOLEAN, 8, NULL, 0x02,
|
||||
// "This field is set to true by an endpoint that does not wish to receive an immediate acknowledgement when the peer receives a packet out of order", HFILL }
|
||||
//},
|
||||
//{ &hf_quic_af_ignore_ce,
|
||||
// { "Ignore CE", "quic.af.ignore_ce",
|
||||
// FT_BOOLEAN, 8, NULL, 0x01,
|
||||
// "This field is set to true by an endpoint that does not wish to receive an immediate acknowledgement when the peer receives CE-marked packets", HFILL }
|
||||
//},
|
||||
|
||||
/* TIME STAMP */
|
||||
{ &hf_quic_ts,
|
||||
|
|
|
@ -8950,7 +8950,7 @@ ssl_is_authoritative_version_message(guint8 content_type, guint8 handshake_type,
|
|||
*/
|
||||
void
|
||||
tls_scan_server_hello(tvbuff_t *tvb, guint32 offset, guint32 offset_end,
|
||||
guint16 *server_version, gboolean *is_hrr, guint16 *max_supported_version)
|
||||
guint16 *server_version, gboolean *is_hrr)
|
||||
{
|
||||
/* SHA256("HelloRetryRequest") */
|
||||
static const guint8 tls13_hrr_random_magic[] = {
|
||||
|
@ -8985,12 +8985,7 @@ tls_scan_server_hello(tvbuff_t *tvb, guint32 offset, guint32 offset_end,
|
|||
break; /* not enough data for type, length and data */
|
||||
}
|
||||
if (ext_type == SSL_HND_HELLO_EXT_SUPPORTED_VERSIONS && ext_len == 2) {
|
||||
guint16 higher_version = tvb_get_ntohs(tvb, offset + 4);
|
||||
if (max_supported_version) {
|
||||
*max_supported_version = higher_version;
|
||||
} else {
|
||||
*server_version = higher_version;
|
||||
}
|
||||
*server_version = tvb_get_ntohs(tvb, offset + 4);
|
||||
return;
|
||||
}
|
||||
offset += 4 + ext_len;
|
||||
|
|
|
@ -824,7 +824,7 @@ ssl_is_valid_handshake_type(guint8 hs_type, gboolean is_dtls);
|
|||
|
||||
extern void
|
||||
tls_scan_server_hello(tvbuff_t *tvb, guint32 offset, guint32 offset_end,
|
||||
guint16 *server_version, gboolean *is_hrr, guint16 *max_supported_version);
|
||||
guint16 *server_version, gboolean *is_hrr);
|
||||
|
||||
extern void
|
||||
ssl_try_set_version(SslSession *session, SslDecryptSession *ssl,
|
||||
|
|
|
@ -2581,7 +2581,6 @@ dissect_tls_handshake(tvbuff_t *tvb, packet_info *pinfo,
|
|||
|
||||
if (!PINFO_FD_VISITED(pinfo)) {
|
||||
// 1. (First pass:) If a previous handshake message needed reasembly.
|
||||
ssl_debug_printf("%s Handshake %s fragmented", G_STRFUNC, (*hs_reassembly_id_p) ? " is " : " is not ");
|
||||
if (*hs_reassembly_id_p) {
|
||||
// Continuation, so a previous fragment *must* exist.
|
||||
fh = fragment_get(&tls_hs_reassembly_table, pinfo, *hs_reassembly_id_p, NULL);
|
||||
|
@ -2789,13 +2788,9 @@ dissect_tls_handshake_full(tvbuff_t *tvb, packet_info *pinfo,
|
|||
}
|
||||
|
||||
if (is_first_msg && msg_type == SSL_HND_SERVER_HELLO && length > 2) {
|
||||
guint16 server_version, max_supported_version;
|
||||
|
||||
tls_scan_server_hello(tvb, offset + 4, offset + 4 + length, &server_version, &is_hrr, &max_supported_version);
|
||||
if (ssl && ssl->session.version != server_version && ssl->session.version == max_supported_version) {
|
||||
server_version = max_supported_version;
|
||||
}
|
||||
guint16 server_version;
|
||||
|
||||
tls_scan_server_hello(tvb, offset + 4, offset + 4 + length, &server_version, &is_hrr);
|
||||
ssl_try_set_version(session, ssl, SSL_ID_HANDSHAKE, SSL_HND_SERVER_HELLO, FALSE, server_version);
|
||||
if (is_hrr) {
|
||||
msg_type_str = "Hello Retry Request";
|
||||
|
@ -2869,7 +2864,6 @@ dissect_tls_handshake_full(tvbuff_t *tvb, packet_info *pinfo,
|
|||
break;
|
||||
|
||||
case SSL_HND_SERVER_HELLO:
|
||||
ssl_debug_printf("%s SSL_HND_SERVER_HELLO\n", G_STRFUNC);
|
||||
ssl_dissect_hnd_srv_hello(&dissect_ssl3_hf, tvb, pinfo, ssl_hand_tree,
|
||||
offset, offset + length, session, ssl, FALSE, is_hrr);
|
||||
if (ssl) {
|
||||
|
@ -4127,26 +4121,15 @@ tls13_get_quic_secret(packet_info *pinfo, gboolean is_from_server, int type, gui
|
|||
ws_assert_not_reached();
|
||||
}
|
||||
|
||||
ssl_debug_printf("%s Looking for QUIC %s of size %d..%d for client_random of size %d bytes: ",
|
||||
G_STRFUNC, label, secret_min_len, secret_max_len, ssl->client_random.data_len);
|
||||
ssl_print_data("Client random", ssl->client_random.data, ssl->client_random.data_len);
|
||||
ssl_print_data("Server random", ssl->server_random.data, ssl->server_random.data_len);
|
||||
|
||||
StringInfo *secret = (StringInfo *)g_hash_table_lookup(key_map, &ssl->client_random);
|
||||
|
||||
if (!secret) {
|
||||
ssl_debug_printf("%s Can not find QUIC %s of size %d..%d: not found\n",
|
||||
G_STRFUNC, label, secret_min_len, secret_max_len);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (secret->data_len < secret_min_len || secret->data_len > secret_max_len) {
|
||||
ssl_debug_printf("%s Cannot find QUIC %s: size %d out of bounds %d..%d\n",
|
||||
G_STRFUNC, label, secret->data_len, secret_min_len, secret_max_len);
|
||||
if (!secret || secret->data_len < secret_min_len || secret->data_len > secret_max_len) {
|
||||
ssl_debug_printf("%s Cannot find QUIC %s of size %d..%d, found bad size %d!\n",
|
||||
G_STRFUNC, label, secret_min_len, secret_max_len, secret ? secret->data_len : 0);
|
||||
return 0;
|
||||
}
|
||||
|
||||
ssl_debug_printf("%s Retrieved QUIC traffic secret.\n", G_STRFUNC);
|
||||
ssl_print_string("Client Random", &ssl->client_random);
|
||||
ssl_print_string(label, secret);
|
||||
memcpy(secret_out, secret->data, secret->data_len);
|
||||
return secret->data_len;
|
||||
|
|
|
@ -177,7 +177,7 @@ LIBSSH_VERSION=0.9.6
|
|||
# mmdbresolve
|
||||
MAXMINDDB_VERSION=1.4.3
|
||||
NGHTTP2_VERSION=1.46.0
|
||||
NGHTTP3_VERSION=0.6.0
|
||||
NGHTTP3_VERSION=0.14.0
|
||||
SPANDSP_VERSION=0.0.6
|
||||
SPEEXDSP_VERSION=1.2.0
|
||||
if [ "$SPANDSP_VERSION" ]; then
|
||||
|
|
|
@ -87,6 +87,7 @@ $X64Archives = @{
|
|||
"lz4/lz4-1.9.3-1-win64ws.zip" = "7129515893ffdc439f4ffe9673c4bc43f9042e910bb2607e68dde6b99a1ab058";
|
||||
"minizip/minizip-1.2.11-4-win64ws.zip" = "dd6bf24e2d946465ad19aa4f8c38e0db91da6585887935de68011982cd6fb2cb";
|
||||
"nghttp2/nghttp2-1.49.0-1-win64ws.zip" = "215919ec20be62101d4704ec2464bfb72c5677126c5245b92ba495a3d30642ca";
|
||||
"nghttp3/nghttp3-0.14.0-1-x64-windows-ws.zip" = "233ab84530cbf2800bc55723f91269600ea6792907b14413acf5e26ff31019b1";
|
||||
"opus/opus-1.3.1-3-win64ws.zip" = "1f7a55a6d2d7215dffa4a43bca8ca05024bd4ba1ac3d0d0c405fd38b09cc2205";
|
||||
"pcre2/pcre2-10.40-1-win64ws.zip" = "17eee615990b23bc859a862c19f5ac10c61776587603bc452285abe073a0fad9";
|
||||
"sbc/sbc-2.0-1-x64-windows-ws.zip" = "d1a58f977dcffa168b11b280bd10228191582d263b7c901e50cde7c1c43d9c04";
|
||||
|
|
Loading…
Reference in New Issue