From 9613c943e074a3ef56e1736db9effb6788497992 Mon Sep 17 00:00:00 2001
From: Nardi Ivan <nardi.ivan@gmail.com>
Date: Thu, 29 Oct 2020 20:49:28 +0100
Subject: [PATCH] QUIC: fix connection lookup for Version Negotiation packets

VN packets don't have any real packet type, even if they have a long header
---
 epan/dissectors/packet-quic.c | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/epan/dissectors/packet-quic.c b/epan/dissectors/packet-quic.c
index 58f63220a4..4842a98adc 100644
--- a/epan/dissectors/packet-quic.c
+++ b/epan/dissectors/packet-quic.c
@@ -455,6 +455,7 @@ static const value_string quic_short_long_header_vals[] = {
 #define QUIC_LPT_0RTT       0x1
 #define QUIC_LPT_HANDSHAKE  0x2
 #define QUIC_LPT_RETRY      0x3
+#define QUIC_LPT_VER_NEG    0xfe    /* Version Negotiation packets don't have any real packet type */
 #define QUIC_SHORT_PACKET   0xff    /* dummy value that is definitely not LPT */
 
 static const value_string quic_long_packet_type_vals[] = {
@@ -462,6 +463,7 @@ static const value_string quic_long_packet_type_vals[] = {
     { QUIC_LPT_RETRY, "Retry" },
     { QUIC_LPT_HANDSHAKE, "Handshake" },
     { QUIC_LPT_0RTT, "0-RTT" },
+    /* Version Negotiation packets never use this mapping, so no need to add QUIC_LPT_VER_NEG */
     { 0, NULL }
 };
 
@@ -857,7 +859,7 @@ quic_connection_find(packet_info *pinfo, guint8 long_packet_type,
         conn = (quic_info_data_t *) wmem_map_lookup(quic_initial_connections, dcid);
         *from_server = FALSE;
     } else {
-        // Find a connection for Handshake and Server Initial packets by
+        // Find a connection for Handshake, Version Negotiation and Server Initial packets by
         // matching their DCID against the SCIDs of the original Initial packets
         // from the peer. For Client Initial packets, match DCID of the first
         // Client Initial (these may contain ACK frames).
@@ -2978,7 +2980,9 @@ quic_get_message_tvb(tvbuff_t *tvb, const guint offset)
 
 /**
  * Extracts necessary information from header to find any existing connection.
- * "long_packet_type" is set to QUIC_SHORT_PACKET for short header packets.
+ * There are two special values for "long_packet_type":
+ *  * QUIC_SHORT_PACKET for short header packets;
+ *  * QUIC_LPT_VER_NEG for Version Negotiation packets.
  * DCID and SCID are not modified unless available. For short header packets,
  * DCID length is unknown, so the caller should truncate it as needed.
  */
@@ -3002,6 +3006,11 @@ quic_extract_header(tvbuff_t *tvb, guint8 *long_packet_type, guint32 *version,
     *version = tvb_get_ntohl(tvb, offset);
 
     if (is_long_header) {
+        /* VN packets don't have any real packet type field, even if they have
+           a long header: use a dummy value */
+        if (*version == 0x00000000)
+            *long_packet_type = QUIC_LPT_VER_NEG;
+
         // skip version
         offset += 4;