From 8564c8d525ddf0e9b46453a705b3f862a1923c62 Mon Sep 17 00:00:00 2001 From: Omer Shapira Date: Fri, 25 Aug 2023 15:18:56 +0200 Subject: [PATCH] HTTP3: Use NG-HTTP3 to dissect headers. All code by Omer Shapira. Copy of MR #9330 with minor fixes. --- cmake/modules/FindNGHTTP3.cmake | 62 ++++++++++++++ doc/http3.md | 103 ++++++++++++++++++++++++ epan/dissectors/packet-http3.c | 125 ++++++++++++++--------------- epan/dissectors/packet-quic.c | 24 +++--- epan/dissectors/packet-tls-utils.c | 9 +-- epan/dissectors/packet-tls-utils.h | 2 +- epan/dissectors/packet-tls.c | 29 ++----- tools/macos-setup.sh | 2 +- tools/win-setup.ps1 | 1 + 9 files changed, 250 insertions(+), 107 deletions(-) create mode 100644 cmake/modules/FindNGHTTP3.cmake create mode 100644 doc/http3.md diff --git a/cmake/modules/FindNGHTTP3.cmake b/cmake/modules/FindNGHTTP3.cmake new file mode 100644 index 0000000000..9ec5404b94 --- /dev/null +++ b/cmake/modules/FindNGHTTP3.cmake @@ -0,0 +1,62 @@ +# Find the system's Nghttp3 includes and library +# +# NGHTTP3_INCLUDE_DIRS - where to find nghttp3.h +# NGHTTP3_LIBRARIES - List of libraries when using nghttp3 +# NGHTTP3_FOUND - True if nghttp3 found +# NGHTTP3_DLL_DIR - (Windows) Path to the Nghttp2 DLL +# NGHTTP3_DLL - (Windows) Name of the Nghttp2 DLL + +include( FindWSWinLibs ) +FindWSWinLibs( "nghttp3-.*" "NGHTTP3_HINTS" ) + +if( NOT WIN32) + find_package(PkgConfig) + pkg_search_module(NGHTTP3 libnghttp3) +endif() + +find_path( NGHTTP3_INCLUDE_DIR + NAMES nghttp3/nghttp3.h + HINTS + "${NGHTTP3_INCLUDEDIR}" + "${NGHTTP3_HINTS}/include" + PATHS /usr/local/include /usr/include +) + +find_library( NGHTTP3_LIBRARY + NAMES nghttp3 + HINTS + "${NGHTTP3_LIBDIR}" + "${NGHTTP3_HINTS}/lib" + PATHS /usr/local/lib /usr/lib +) + +include( FindPackageHandleStandardArgs ) +find_package_handle_standard_args( NGHTTP3 DEFAULT_MSG NGHTTP3_LIBRARY NGHTTP3_INCLUDE_DIR ) + +if( NGHTTP3_FOUND ) + set( NGHTTP3_INCLUDE_DIRS ${NGHTTP3_INCLUDE_DIR} ) + set( NGHTTP3_LIBRARIES ${NGHTTP3_LIBRARY} ) + if (WIN32) + set ( NGHTTP3_DLL_DIR "${NGHTTP3_HINTS}/bin" + CACHE PATH "Path to nghttp3 DLL" + ) + file( GLOB _nghttp3_dll RELATIVE "${NGHTTP3_DLL_DIR}" + "${NGHTTP3_DLL_DIR}/nghttp3.dll" + ) + set ( NGHTTP3_DLL ${_nghttp3_dll} + CACHE FILEPATH "nghttp3 DLL file name" + ) + file( GLOB _nghttp3_pdb RELATIVE "${NGHTTP3_DLL_DIR}" + "${NGHTTP3_DLL_DIR}/nghttp3.pdb" + ) + set ( NGHTTP3_PDB ${_nghttp3_pdb} + CACHE FILEPATH "nghttp3 PDB file name" + ) + mark_as_advanced( NGHTTP3_DLL_DIR NGHTTP3_DLL NGHTTP3_PDB ) + endif() +else() + set( NGHTTP3_INCLUDE_DIRS ) + set( NGHTTP3_LIBRARIES ) +endif() + +mark_as_advanced( NGHTTP3_LIBRARIES NGHTTP3_INCLUDE_DIRS ) diff --git a/doc/http3.md b/doc/http3.md new file mode 100644 index 0000000000..9fc10851ee --- /dev/null +++ b/doc/http3.md @@ -0,0 +1,103 @@ + +# Supported features +The HTTP3 dissector is a work in progress. + +At the moment, the following aspects of HTTP3 are supported: +- Diseciton of different HTTP3 stream types +- Dissection of different HTTP3 frame types +- Dissection of HTTP header fields +- Dissection of QPACK instructions + +In addition, the dissector suports decoding of the HTTP3 +header fields. This ability requires `nghttp3` third-party library. + +## High-level overview +The HTTP3 dissector is invoked by the QUIC dissector. + +The essential call tree: +- `dissect_http3` + Main entry point. Depending on the stream type, invokes one of the following: + - `dissect_http3_uni_stream` + Processes unidirectional streams, including the control streams, + the QPACK encoder/decoder streams, and the HTTP3 server push streams. + NOTE: the HTTP3 server push streams support is rudimental. + - `dissect_http3_qpack_enc` + Dissects the QPACK encoder stream. + If Wireshark was built with the optional `nghttp3` library, + this function is also responsible on updating the state + of the QPACK decoder. + - `dissect_http3_frame` + Processed HTTP3 frames from the client-initiated bidirectional stream. + Determines the frame type, and dispatches the call to one of the + sub-dissectors: + - `dissect_http3_data` + Dissects the `HTTP3_DATA` frames. + - `dissect_http3_headers` + Dissects the `HTTP3_HEADER` frames. + If Wireshark was built with the optional `nghttp3` library, + this function attempts to decode the header fields, using + the QPACK decoder. + - `dissect_http3_settings` + Dissects the `HTTP3_SETTINGS` frames. + +### Overview of the HTTP3 header dissection +The QPACK implementation from `nghttp3` requires a separate QPACK decoder instance +for every HTTP3 connection. The different HTTP3 streams that constitute a single +HTTP3 conneciton are sharing the same QPACK decoder instance. + +The HTTP3 dissector interacts with the QPACK decoder in 2 ways: +- On the reception of QPACK encoder data (which is delivered on a dedicated unidirectional stream), + the dissector updates the connection's decoder instance. +- On the reception of compressed HTTP3 headers, the dissector uses the connection's decoder + to uncompress the HTTP headers. + +If decompression succeeds, the dissector adds tree items to the packet tree. Otherwise, +the dissector adds expert info items. + +The decompression can fail due to several reasons: +- If the instruction count required by the compressed HTTP3 headers + exceeds the maximal instruction count that the QPACK decoder is aware of, + the decoding becomes "blocked". This situation can occure when the QUIC packets + that carry the QPACK encoder instructions are dropped/reordered. +- If the state of the decoder becomes invalid, which may happen when a "garbage" + data is received on the QUIC stream. +- Lastly, the decoding can fail if the underlying QUIC desegmentation is + not working correctly. + +### Overview of HTTP3 data frames dissection +The higher-level dissectors that could use HTTP3 (e.g. WebTransport) need to be able +to access the contents of a single HTTP3 stream as a contiguous span of data. + +For that purpose, the HTTP3 dissector is defining a custom conversation finder. +See functions `http3_find_inner_conversation` and `http3_reset_inner_conversation`. + +## Essential data structures +### File-level state +#### `HTTP3_CONN_INFO_MAP` +The `HTTP3_CONN_INFO_MAP` contains session-level information for every HTTP3 connection +in a PCAP file. This map is lazily allocated, and is cleared upon exiting the file scope. + +### HTTP3 header caches +The dissector attempts to conserve memory, by avoding allocating memory for +duplicate header names/values. Instead, the dissector keeps the decoded names/values +in two caches: `HTTP3_HEADER_CACHE` and `HTTP3_HEADER_DEF_CACHE`. The former stores +the decoded HTTP3 header values, and the latter stores the decoded HTTP3 header names. + +### Connection-level state +#### `http3_session_info_t` +The `http3_session_info_t` keeps the state of the QPACK decoder. Every HTTP3 connection +corresponds to a single session. In the future, the session may be shared between multiple +connections, to support connection migration or multipath HTTP3. +At the moment, there are no shared sessions. + +### Stream-level state +#### `http3_stream_info_t` +The `http3_stream_info_t` keeps the information about the individual HTTP3 streams, +as well as mapping to the underlying QUIC streams. + +### Frame-level state +#### `http3_header_field_t` +The `http3_header_field_t` keeps the information about a single HTTP header. +It contains both the encoded and the decoded representation of the header. +The actual decoded strings are stored in `HTTP3_HEADER_CACHE`/`HTTP3_HEADER_DEF_CACHE`; +the individual `http3_header_field_t` instances contain pointers to the strings. \ No newline at end of file diff --git a/epan/dissectors/packet-http3.c b/epan/dissectors/packet-http3.c index 801d6012f9..b81e1b15d9 100644 --- a/epan/dissectors/packet-http3.c +++ b/epan/dissectors/packet-http3.c @@ -74,7 +74,7 @@ static int hf_http3_frame_payload = -1; static int hf_http3_data = -1; -static int hf_http3_headers = -1; +//static int hf_http3_headers = -1; static int hf_http3_headers_count = -1; static int hf_http3_header = -1; static int hf_http3_header_length = -1; @@ -87,7 +87,7 @@ static int hf_http3_header_request_full_uri = -1; static int hf_http3_header_qpack_blocked = -1; static int hf_http3_header_qpack_blocked_stream_rcint = -1; static int hf_http3_header_qpack_blocked_decoder_wicnt = -1; -static int hf_http3_header_qpack_fatal = -1; +//static int hf_http3_header_qpack_fatal = -1; #ifdef HAVE_NGHTTP3 /* Static HTTP3 headers */ @@ -143,12 +143,12 @@ static int hf_http3_headers_via = -1; static int hf_http3_headers_www_authenticate = -1; #endif -static int hf_http3_qpack = -1; +//static int hf_http3_qpack = -1; static int hf_http3_qpack_encoder = -1; -static int hf_http3_qpack_encoder_length = -1; +//static int hf_http3_qpack_encoder_length = -1; static int hf_http3_qpack_encoder_icnt = -1; static int hf_http3_qpack_encoder_icnt_inc = -1; -static int hf_http3_qpack_encoder_opcode = -1; +//static int hf_http3_qpack_encoder_opcode = -1; static int hf_http3_qpack_encoder_opcode_insert_indexed = -1; static int hf_http3_qpack_encoder_opcode_insert_indexed_ref = -1; static int hf_http3_qpack_encoder_opcode_insert_indexed_val = -1; @@ -159,7 +159,7 @@ static int hf_http3_qpack_encoder_opcode_insert_hname = -1; static int hf_http3_qpack_encoder_opcode_insert_val = -1; static int hf_http3_qpack_encoder_opcode_insert_hval = -1; static int hf_http3_qpack_encoder_opcode_duplicate = -1; -static int hf_http3_qpack_encoder_opcode_duplicate_val = -1; +//static int hf_http3_qpack_encoder_opcode_duplicate_val = -1; static int hf_http3_qpack_encoder_opcode_dtable_cap = -1; static int hf_http3_qpack_encoder_opcode_dtable_cap_val = -1; @@ -177,11 +177,11 @@ static int hf_http3_priority_update_element_id = -1; static int hf_http3_priority_update_field_value = -1; /* QPACK dissection EIs */ -static expert_field ei_http3_qpack_enc_update = EI_INIT; +//static expert_field ei_http3_qpack_enc_update = EI_INIT; static expert_field ei_http3_qpack_failed = EI_INIT; /* HTTP3 dissection EIs */ static expert_field ei_http3_unknown_stream_type = EI_INIT; -static expert_field ei_http3_data_not_decoded = EI_INIT; +//static expert_field ei_http3_data_not_decoded = EI_INIT; /* Encoded data EIs */ static expert_field ei_http3_header_encoded_state = EI_INIT; /* HTTP3 header decoding EIs */ @@ -580,7 +580,7 @@ http3_nghttp3_malloc(size_t size, void *user_data _U_) static void http3_nghttp3_free(void *ptr, void *user_data _U_) { - return wmem_free(wmem_file_scope(), ptr); + wmem_free(wmem_file_scope(), ptr); } static void * @@ -1759,7 +1759,7 @@ dissect_http3_uni_stream(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, in proto_tree *stream_tree; const gchar *stream_display_name; - ti_stream = proto_tree_add_item(tree, hf_http3_stream_uni, tvb, offset, 1, ENC_NA); + ti_stream = proto_tree_add_item(tree, hf_http3_stream_uni, tvb, offset, -1, ENC_NA); stream_tree = proto_item_add_subtree(ti_stream, ett_http3_stream_uni); if (stream_info->offset == 0) { @@ -1767,21 +1767,20 @@ dissect_http3_uni_stream(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, in &lenvar); offset += lenvar; http3_stream->uni_stream_type = stream_type; + if (http3_is_reserved_code(stream_type)) { + // Reserved to exercise requirement that unknown types are ignored. + proto_item_set_text(ti_stream_type, "Stream Type: Reserved (%#" PRIx64 ")", stream_type); + stream_display_name = "Reserved"; + } + else { + stream_display_name = val64_to_str_const(stream_type, http3_stream_types, "Unknown"); + } + proto_item_set_text(ti_stream, "UNI STREAM: %s off=%" PRIu64 "", stream_display_name, stream_info->stream_offset); } else { stream_type = http3_stream->uni_stream_type; - ti_stream_type = proto_tree_add_item(stream_tree, hf_http3_stream_uni_type, tvb, offset, -1, ENC_NA); + /*ti_stream_type = proto_tree_add_item(stream_tree, hf_http3_stream_uni_type, tvb, offset, -1, ENC_NA);*/ } - if (http3_is_reserved_code(stream_type)) { - // Reserved to exercise requirement that unknown types are ignored. - proto_item_set_text(ti_stream_type, "Stream Type: Reserved (%#" PRIx64 ")", stream_type); - stream_display_name = "Reserved"; - } else { - stream_display_name = val64_to_str_const(stream_type, http3_stream_types, "Unknown"); - } - - proto_item_set_text(ti_stream, "UNI STREAM: %s off=%" PRIu64 "", stream_display_name, stream_info->stream_offset); - switch (stream_type) { case HTTP3_STREAM_TYPE_CONTROL: break; @@ -2214,11 +2213,11 @@ proto_register_http3(void) NULL, HFILL } }, /* Headers */ - { &hf_http3_headers, - { "Header", "http3.headers", - FT_UINT32, BASE_DEC, NULL, 0x0, - NULL, HFILL } - }, + //{ &hf_http3_headers, + // { "Header", "http3.headers", + // FT_UINT32, BASE_DEC, NULL, 0x0, + // NULL, HFILL } + //}, { &hf_http3_headers_count, { "Headers Count", "http3.headers.count", FT_UINT32, BASE_DEC, NULL, 0x0, @@ -2274,26 +2273,26 @@ proto_register_http3(void) FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } }, - { &hf_http3_header_qpack_fatal, - { "QPACK decoding error", "http3.header.qpack.fatal", - FT_BOOLEAN, BASE_NONE, NULL, 0x0, - NULL, HFILL } - }, - { &hf_http3_qpack, - { "QPACK", "http3.qpack", - FT_BYTES, BASE_NONE, NULL, 0x0, - NULL, HFILL } - }, + //{ &hf_http3_header_qpack_fatal, + // { "QPACK decoding error", "http3.header.qpack.fatal", + // FT_BOOLEAN, BASE_NONE, NULL, 0x0, + // NULL, HFILL } + //}, + //{ &hf_http3_qpack, + // { "QPACK", "http3.qpack", + // FT_BYTES, BASE_NONE, NULL, 0x0, + // NULL, HFILL } + //}, { &hf_http3_qpack_encoder, { "QPACK encoder", "http3.qpack.encoder", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } }, - { &hf_http3_qpack_encoder_length, - { "QPACK encoder update length", "http3.qpack.encoder.length", - FT_UINT32, BASE_DEC, NULL, 0x0, - NULL, HFILL } - }, + //{ &hf_http3_qpack_encoder_length, + // { "QPACK encoder update length", "http3.qpack.encoder.length", + // FT_UINT32, BASE_DEC, NULL, 0x0, + // NULL, HFILL } + //}, { &hf_http3_qpack_encoder_icnt, { "QPACK encoder instruction count", "http3.qpack.encoder.icnt", FT_UINT32, BASE_DEC, NULL, 0x0, @@ -2304,11 +2303,11 @@ proto_register_http3(void) FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } }, - { &hf_http3_qpack_encoder_opcode, - { "QPACK encoder opcode", "http3.qpack.encoder.opcode", - FT_BYTES, BASE_NONE, NULL, 0x0, - NULL, HFILL } - }, + //{ &hf_http3_qpack_encoder_opcode, + // { "QPACK encoder opcode", "http3.qpack.encoder.opcode", + // FT_BYTES, BASE_NONE, NULL, 0x0, + // NULL, HFILL } + // }, { &hf_http3_qpack_encoder_opcode_insert_indexed, { "Insert with Name Reference", "http3.qpack.encoder.opcode.insert_indexed", FT_BYTES, BASE_NONE, NULL, 0x0, @@ -2359,11 +2358,11 @@ proto_register_http3(void) FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } }, - { &hf_http3_qpack_encoder_opcode_duplicate_val, - { "Duplicate Index", "http3.qpack.encoder.opcode.duplicate.val", - FT_BYTES, BASE_NONE, NULL, 0x0, - NULL, HFILL } - }, + //{ &hf_http3_qpack_encoder_opcode_duplicate_val, + // { "Duplicate Index", "http3.qpack.encoder.opcode.duplicate.val", + // FT_BYTES, BASE_NONE, NULL, 0x0, + // NULL, HFILL } + //}, { &hf_http3_qpack_encoder_opcode_dtable_cap, { "Set Dynamic Table Capacity", "http3.qpack.encoder.opcode.dtable_cap", FT_BYTES, BASE_NONE, NULL, 0x0, @@ -2455,16 +2454,16 @@ proto_register_http3(void) { "http3.unknown_stream_type", PI_UNDECODED, PI_WARN, "An unknown stream type was encountered", EXPFILL } }, - { &ei_http3_data_not_decoded, - { "http3.data_not_decoded", PI_UNDECODED, PI_WARN, - "Data not decoded", EXPFILL } - }, - { &ei_http3_qpack_enc_update , - { "http3.qpack_enc_update", PI_UNDECODED, PI_WARN, - "Success decoding QPACK buffer", EXPFILL } - }, + //{ &ei_http3_data_not_decoded, + // { "http3.data_not_decoded", PI_UNDECODED, PI_WARN, + // "Data not decoded", EXPFILL } + // }, + // { &ei_http3_qpack_enc_update, + // { "http3.qpack_enc_update", PI_UNDECODED, PI_WARN, + // "Success decoding QPACK buffer", EXPFILL } + // }, { &ei_http3_qpack_failed, - { "http3.qpack_enc_failed", PI_UNDECODED, PI_WARN, + { "http3.qpack_enc_failed", PI_UNDECODED, PI_NOTE, "Error decoding QPACK buffer", EXPFILL } }, { &ei_http3_header_encoded_state , @@ -2472,15 +2471,15 @@ proto_register_http3(void) "HTTP3 header encoded block", EXPFILL } }, { &ei_http3_header_decoding_failed , - { "http3.expert.header_decoding.failed", PI_UNDECODED, PI_WARN, + { "http3.expert.header_decoding.failed", PI_UNDECODED, PI_NOTE, "Failed to decode HTTP3 header name/value", EXPFILL } }, { &ei_http3_header_decoding_blocked, - { "http3.expert.header_decoding.blocked", PI_UNDECODED, PI_WARN, + { "http3.expert.header_decoding.blocked", PI_UNDECODED, PI_NOTE, "Failed to decode HTTP3 header name/value (blocked on QPACK)", EXPFILL} }, { &ei_http3_header_decoding_no_output, - { "http3.expert.header_decoding.no_output", PI_UNDECODED, PI_WARN, + { "http3.expert.header_decoding.no_output", PI_UNDECODED, PI_NOTE, "Failed to decode HTTP3 header name/value (QPACK decoder no emission)", EXPFILL} }, }; diff --git a/epan/dissectors/packet-quic.c b/epan/dissectors/packet-quic.c index 1a020cde43..0be6b7f85f 100644 --- a/epan/dissectors/packet-quic.c +++ b/epan/dissectors/packet-quic.c @@ -166,8 +166,8 @@ static int hf_quic_af_sequence_number = -1; static int hf_quic_af_ack_eliciting_threshold = -1; static int hf_quic_af_request_max_ack_delay = -1; static int hf_quic_af_reordering_threshold = -1; -static int hf_quic_af_ignore_order = -1; -static int hf_quic_af_ignore_ce = -1; +//static int hf_quic_af_ignore_order = -1; +//static int hf_quic_af_ignore_ce = -1; static int hf_quic_ts = -1; static int hf_quic_unpredictable_bits = -1; static int hf_quic_stateless_reset_token = -1; @@ -5355,16 +5355,16 @@ proto_register_quic(void) FT_UINT64, BASE_DEC, NULL, 0x0, "The value that indicates the maximum packet reordering before eliciting an immediate ACK", HFILL } }, - { &hf_quic_af_ignore_order, - { "Ignore Order", "quic.af.ignore_order", - FT_BOOLEAN, 8, NULL, 0x02, - "This field is set to true by an endpoint that does not wish to receive an immediate acknowledgement when the peer receives a packet out of order", HFILL } - }, - { &hf_quic_af_ignore_ce, - { "Ignore CE", "quic.af.ignore_ce", - FT_BOOLEAN, 8, NULL, 0x01, - "This field is set to true by an endpoint that does not wish to receive an immediate acknowledgement when the peer receives CE-marked packets", HFILL } - }, + //{ &hf_quic_af_ignore_order, + // { "Ignore Order", "quic.af.ignore_order", + // FT_BOOLEAN, 8, NULL, 0x02, + // "This field is set to true by an endpoint that does not wish to receive an immediate acknowledgement when the peer receives a packet out of order", HFILL } + //}, + //{ &hf_quic_af_ignore_ce, + // { "Ignore CE", "quic.af.ignore_ce", + // FT_BOOLEAN, 8, NULL, 0x01, + // "This field is set to true by an endpoint that does not wish to receive an immediate acknowledgement when the peer receives CE-marked packets", HFILL } + //}, /* TIME STAMP */ { &hf_quic_ts, diff --git a/epan/dissectors/packet-tls-utils.c b/epan/dissectors/packet-tls-utils.c index 98bb4277c7..99d52d7820 100644 --- a/epan/dissectors/packet-tls-utils.c +++ b/epan/dissectors/packet-tls-utils.c @@ -8950,7 +8950,7 @@ ssl_is_authoritative_version_message(guint8 content_type, guint8 handshake_type, */ void tls_scan_server_hello(tvbuff_t *tvb, guint32 offset, guint32 offset_end, - guint16 *server_version, gboolean *is_hrr, guint16 *max_supported_version) + guint16 *server_version, gboolean *is_hrr) { /* SHA256("HelloRetryRequest") */ static const guint8 tls13_hrr_random_magic[] = { @@ -8985,12 +8985,7 @@ tls_scan_server_hello(tvbuff_t *tvb, guint32 offset, guint32 offset_end, break; /* not enough data for type, length and data */ } if (ext_type == SSL_HND_HELLO_EXT_SUPPORTED_VERSIONS && ext_len == 2) { - guint16 higher_version = tvb_get_ntohs(tvb, offset + 4); - if (max_supported_version) { - *max_supported_version = higher_version; - } else { - *server_version = higher_version; - } + *server_version = tvb_get_ntohs(tvb, offset + 4); return; } offset += 4 + ext_len; diff --git a/epan/dissectors/packet-tls-utils.h b/epan/dissectors/packet-tls-utils.h index 9fd089f741..190c48cee4 100644 --- a/epan/dissectors/packet-tls-utils.h +++ b/epan/dissectors/packet-tls-utils.h @@ -824,7 +824,7 @@ ssl_is_valid_handshake_type(guint8 hs_type, gboolean is_dtls); extern void tls_scan_server_hello(tvbuff_t *tvb, guint32 offset, guint32 offset_end, - guint16 *server_version, gboolean *is_hrr, guint16 *max_supported_version); + guint16 *server_version, gboolean *is_hrr); extern void ssl_try_set_version(SslSession *session, SslDecryptSession *ssl, diff --git a/epan/dissectors/packet-tls.c b/epan/dissectors/packet-tls.c index 24f85fec62..670fc47a68 100644 --- a/epan/dissectors/packet-tls.c +++ b/epan/dissectors/packet-tls.c @@ -2581,7 +2581,6 @@ dissect_tls_handshake(tvbuff_t *tvb, packet_info *pinfo, if (!PINFO_FD_VISITED(pinfo)) { // 1. (First pass:) If a previous handshake message needed reasembly. - ssl_debug_printf("%s Handshake %s fragmented", G_STRFUNC, (*hs_reassembly_id_p) ? " is " : " is not "); if (*hs_reassembly_id_p) { // Continuation, so a previous fragment *must* exist. fh = fragment_get(&tls_hs_reassembly_table, pinfo, *hs_reassembly_id_p, NULL); @@ -2789,13 +2788,9 @@ dissect_tls_handshake_full(tvbuff_t *tvb, packet_info *pinfo, } if (is_first_msg && msg_type == SSL_HND_SERVER_HELLO && length > 2) { - guint16 server_version, max_supported_version; - - tls_scan_server_hello(tvb, offset + 4, offset + 4 + length, &server_version, &is_hrr, &max_supported_version); - if (ssl && ssl->session.version != server_version && ssl->session.version == max_supported_version) { - server_version = max_supported_version; - } + guint16 server_version; + tls_scan_server_hello(tvb, offset + 4, offset + 4 + length, &server_version, &is_hrr); ssl_try_set_version(session, ssl, SSL_ID_HANDSHAKE, SSL_HND_SERVER_HELLO, FALSE, server_version); if (is_hrr) { msg_type_str = "Hello Retry Request"; @@ -2869,7 +2864,6 @@ dissect_tls_handshake_full(tvbuff_t *tvb, packet_info *pinfo, break; case SSL_HND_SERVER_HELLO: - ssl_debug_printf("%s SSL_HND_SERVER_HELLO\n", G_STRFUNC); ssl_dissect_hnd_srv_hello(&dissect_ssl3_hf, tvb, pinfo, ssl_hand_tree, offset, offset + length, session, ssl, FALSE, is_hrr); if (ssl) { @@ -4127,26 +4121,15 @@ tls13_get_quic_secret(packet_info *pinfo, gboolean is_from_server, int type, gui ws_assert_not_reached(); } - ssl_debug_printf("%s Looking for QUIC %s of size %d..%d for client_random of size %d bytes: ", - G_STRFUNC, label, secret_min_len, secret_max_len, ssl->client_random.data_len); - ssl_print_data("Client random", ssl->client_random.data, ssl->client_random.data_len); - ssl_print_data("Server random", ssl->server_random.data, ssl->server_random.data_len); - StringInfo *secret = (StringInfo *)g_hash_table_lookup(key_map, &ssl->client_random); - - if (!secret) { - ssl_debug_printf("%s Can not find QUIC %s of size %d..%d: not found\n", - G_STRFUNC, label, secret_min_len, secret_max_len); - return 0; - } - - if (secret->data_len < secret_min_len || secret->data_len > secret_max_len) { - ssl_debug_printf("%s Cannot find QUIC %s: size %d out of bounds %d..%d\n", - G_STRFUNC, label, secret->data_len, secret_min_len, secret_max_len); + if (!secret || secret->data_len < secret_min_len || secret->data_len > secret_max_len) { + ssl_debug_printf("%s Cannot find QUIC %s of size %d..%d, found bad size %d!\n", + G_STRFUNC, label, secret_min_len, secret_max_len, secret ? secret->data_len : 0); return 0; } ssl_debug_printf("%s Retrieved QUIC traffic secret.\n", G_STRFUNC); + ssl_print_string("Client Random", &ssl->client_random); ssl_print_string(label, secret); memcpy(secret_out, secret->data, secret->data_len); return secret->data_len; diff --git a/tools/macos-setup.sh b/tools/macos-setup.sh index 4cc0baa8f6..346a02b4fa 100755 --- a/tools/macos-setup.sh +++ b/tools/macos-setup.sh @@ -177,7 +177,7 @@ LIBSSH_VERSION=0.9.6 # mmdbresolve MAXMINDDB_VERSION=1.4.3 NGHTTP2_VERSION=1.46.0 -NGHTTP3_VERSION=0.6.0 +NGHTTP3_VERSION=0.14.0 SPANDSP_VERSION=0.0.6 SPEEXDSP_VERSION=1.2.0 if [ "$SPANDSP_VERSION" ]; then diff --git a/tools/win-setup.ps1 b/tools/win-setup.ps1 index 8fb6d8e6f1..d3459b59a7 100644 --- a/tools/win-setup.ps1 +++ b/tools/win-setup.ps1 @@ -87,6 +87,7 @@ $X64Archives = @{ "lz4/lz4-1.9.3-1-win64ws.zip" = "7129515893ffdc439f4ffe9673c4bc43f9042e910bb2607e68dde6b99a1ab058"; "minizip/minizip-1.2.11-4-win64ws.zip" = "dd6bf24e2d946465ad19aa4f8c38e0db91da6585887935de68011982cd6fb2cb"; "nghttp2/nghttp2-1.49.0-1-win64ws.zip" = "215919ec20be62101d4704ec2464bfb72c5677126c5245b92ba495a3d30642ca"; + "nghttp3/nghttp3-0.14.0-1-x64-windows-ws.zip" = "233ab84530cbf2800bc55723f91269600ea6792907b14413acf5e26ff31019b1"; "opus/opus-1.3.1-3-win64ws.zip" = "1f7a55a6d2d7215dffa4a43bca8ca05024bd4ba1ac3d0d0c405fd38b09cc2205"; "pcre2/pcre2-10.40-1-win64ws.zip" = "17eee615990b23bc859a862c19f5ac10c61776587603bc452285abe073a0fad9"; "sbc/sbc-2.0-1-x64-windows-ws.zip" = "d1a58f977dcffa168b11b280bd10228191582d263b7c901e50cde7c1c43d9c04";