osmocom
/
wireshark
11
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

QUIC: gQUIC Q044 always use CHLO from gQUIC (with tag) 

Bug: 15131
Change-Id: I26af8d31939725824fd57000bc9ce57e8034def9
Reviewed-on: https://code.wireshark.org/review/29575
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This commit is contained in:
Alexis La Goutte 2018-09-10 22:35:10 +02:00 committed by Peter Wu
parent b804d0d5ee
commit 9fcb4af6b6
4 changed files with 80 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
epan/dissectors/CMakeLists.txt
View File

@ -352,6 +352,7 @@ set(DISSECTOR_PUBLIC_HEADERS
packet-gmr1_common.h
packet-gmr1_rr.h
packet-gprscdr.h
packet-gquic.h
packet-gre.h
packet-gsm_a_common.h
packet-gsm_a_rr.h

45
epan/dissectors/packet-gquic.c
View File

@ -25,6 +25,7 @@ QUIC source code in Chromium : https://code.google.com/p/chromium/codesearch#chr
#include <epan/conversation.h>
#include <epan/dissectors/packet-http2.h>
#include <wsutil/strtoi.h>
#include "packet-gquic.h"
void proto_register_gquic(void);
void proto_reg_handoff_gquic(void);
@ -186,6 +187,7 @@ static expert_field ei_gquic_tag_length = EI_INIT;
static expert_field ei_gquic_tag_unknown = EI_INIT;
static expert_field ei_gquic_version_invalid = EI_INIT;
typedef struct gquic_info_data {
guint8 version;
gboolean version_valid;
@ -1097,7 +1099,7 @@ static guint32 get_len_packet_number(guint8 puflags){
return 6;
}
static gboolean is_gquic_unencrypt(tvbuff_t *tvb, packet_info *pinfo, guint offset, guint16 len_pkn, gquic_info_data_t *gquic_info){
gboolean is_gquic_unencrypt(tvbuff_t *tvb, packet_info *pinfo, guint offset, guint16 len_pkn, gquic_info_data_t *gquic_info){
guint8 frame_type;
guint8 num_ranges, num_revived, num_blocks = 0, num_timestamp;
guint32 len_stream = 0, len_offset = 0, len_data = 0, len_largest_observed = 1, len_missing_packet = 1;
@ -1986,8 +1988,7 @@ dissect_gquic_frame_type(tvbuff_t *tvb, packet_info *pinfo, proto_tree *gquic_tr
}
static int
int
dissect_gquic_unencrypt(tvbuff_t *tvb, packet_info *pinfo, proto_tree *gquic_tree, guint offset, guint8 len_pkn, gquic_info_data_t *gquic_info){
proto_item *ti_prflags;
proto_tree *prflags_tree;
@ -2015,6 +2016,44 @@ dissect_gquic_unencrypt(tvbuff_t *tvb, packet_info *pinfo, proto_tree *gquic_tre
}
int
dissect_gquic_ietf(tvbuff_t *tvb, packet_info *pinfo, proto_tree *gquic_tree, guint offset, guint32 version){
conversation_t *conv;
gquic_info_data_t *gquic_info;
guint64 pkn;
/* get conversation, create if necessary*/
conv = find_or_create_conversation(pinfo);
/* get associated state information, create if necessary */
gquic_info = (gquic_info_data_t *)conversation_get_proto_data(conv, proto_gquic);
if (!gquic_info) {
gquic_info = wmem_new(wmem_file_scope(), gquic_info_data_t);
gquic_info->version = (guint8)version;
gquic_info->encoding = ENC_LITTLE_ENDIAN;
gquic_info->version_valid = TRUE;
gquic_info->server_port = 443;
conversation_add_proto_data(conv, proto_gquic, gquic_info);
}
proto_tree_add_item_ret_uint64(gquic_tree, hf_gquic_packet_number, tvb, offset, 4, ENC_BIG_ENDIAN, &pkn);
offset += 4;
if (is_gquic_unencrypt(tvb, pinfo, offset, tvb_reported_length_remaining(tvb, offset), gquic_info)){
offset = dissect_gquic_unencrypt(tvb, pinfo, gquic_tree, offset, tvb_reported_length_remaining(tvb, offset), gquic_info);
}else { /* Payload... (encrypted... TODO FIX !) */
col_add_str(pinfo->cinfo, COL_INFO, "Payload (Encrypted)");
proto_tree_add_item(gquic_tree, hf_gquic_payload, tvb, offset, -1, ENC_NA);
offset += tvb_reported_length_remaining(tvb, offset);
}
col_append_fstr(pinfo->cinfo, COL_INFO, ", PKN: %" G_GINT64_MODIFIER "u", pkn);
return offset;
}
static int
dissect_gquic_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
void *data _U_)

31
epan/dissectors/packet-gquic.h Normal file
View File

@ -0,0 +1,31 @@
/* packet-gquic.h
* Routines for (Google) Quick UDP Internet Connections dissection
* Copyright 2013, Alexis La Goutte <alexis.lagoutte at gmail dot com>
*
* Wireshark - Network traffic analyzer
* By Gerald Combs <gerald@wireshark.org>
* Copyright 1998 Gerald Combs
*
* SPDX-License-Identifier: GPL-2.0-or-later
*/
#ifndef __PACKET_GQUIC_H__
#define __PACKET_GQUIC_H__
int
dissect_gquic_ietf(tvbuff_t *tvb, packet_info *pinfo, proto_tree *gquic_tree, guint offset, guint32 version);
#endif
/*
* Editor modelines - http://www.wireshark.org/tools/modelines.html
*
* Local variables:
* c-basic-offset: 4
* tab-width: 8
* indent-tabs-mode: nil
* End:
*
* vi: set shiftwidth=4 tabstop=8 expandtab:
* :indentSize=4:tabSize=8:noTabs=true:
*/

7
epan/dissectors/packet-quic.c
View File

@ -27,6 +27,7 @@
#include "packet-tls.h"
#include <epan/prefs.h>
#include <wsutil/pint.h>
#include "packet-gquic.h"
#if GCRYPT_VERSION_NUMBER >= 0x010600 /* 1.6.0 */
/* Whether to provide support for authentication in addition to decryption. */
@ -1901,6 +1902,10 @@ dissect_quic_long_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *quic_tre
offset = dissect_quic_long_header_common(tvb, pinfo, quic_tree, offset, quic_packet, &version, &dcid, &scid);
if (conn->version == 0x51303434) { /* gQUIC Q044 */
return dissect_gquic_ietf(tvb, pinfo, quic_tree, offset, conn->version);
}
if (long_packet_type == QUIC_LPT_INITIAL) {
proto_tree_add_item_ret_varint(quic_tree, hf_quic_token_length, tvb, offset, -1, ENC_VARINT_QUIC, &token_length, &len_token_length);
offset += len_token_length;
@ -2069,7 +2074,7 @@ quic_get_message_tvb(tvbuff_t *tvb, const guint offset)
guint version = tvb_get_ntohl(tvb, offset + 1);
// If this is not a VN packet but a valid long form, extract a subset.
// TODO check for valid QUIC versions as future versions might change the format.
if (version != 0) {
if (version != 0 && !is_gquic_version(version)) {
guint8 cid_lengths = tvb_get_guint8(tvb, offset + 5);
guint8 dcil = cid_lengths >> 4;
guint8 scil = cid_lengths & 0xf;