384 lines
13 KiB
C
384 lines
13 KiB
C
/* packet-quic.c
|
|
* Routines for Quick UDP Internet Connections dissection
|
|
* Copyright 2013, Alexis La Goutte <alexis.lagoutte at gmail dot com>
|
|
*
|
|
* $Id$
|
|
*
|
|
* Wireshark - Network traffic analyzer
|
|
* By Gerald Combs <gerald@wireshark.org>
|
|
* Copyright 1998 Gerald Combs
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License along
|
|
* with this program; if not, write to the Free Software Foundation, Inc.,
|
|
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
*/
|
|
|
|
/*
|
|
QUIC Wire Layout Specification : https://docs.google.com/document/d/1WJvyZflAO2pq77yOLbp9NsGjC1CHetAXV8I0fQe-B_U/
|
|
|
|
QUIC source code in Chromium : https://code.google.com/p/chromium/codesearch#chromium/src/net/quic/quic_utils.h&sq=package:chromium
|
|
|
|
*/
|
|
#include "config.h"
|
|
|
|
#include <glib.h>
|
|
|
|
#include <epan/packet.h>
|
|
#include <epan/prefs.h>
|
|
|
|
void proto_register_quic(void);
|
|
void proto_reg_handoff_quic(void);
|
|
|
|
static int proto_quic = -1;
|
|
static int hf_quic_puflags = -1;
|
|
static int hf_quic_puflags_vrsn = -1;
|
|
static int hf_quic_puflags_rst = -1;
|
|
static int hf_quic_puflags_guid = -1;
|
|
static int hf_quic_puflags_seq = -1;
|
|
static int hf_quic_puflags_rsv = -1;
|
|
static int hf_quic_guid = -1;
|
|
static int hf_quic_version = -1;
|
|
static int hf_quic_sequence = -1;
|
|
#if 0 /* Decode Private Flags is not yet ready... */
|
|
static int hf_quic_prflags = -1;
|
|
static int hf_quic_prflags_entropy = -1;
|
|
static int hf_quic_prflags_fecg = -1;
|
|
static int hf_quic_prflags_fec = -1;
|
|
static int hf_quic_prflags_rsv = -1;
|
|
#endif
|
|
static int hf_quic_payload = -1;
|
|
|
|
static guint g_quic_port = 80;
|
|
static guint g_quics_port = 443;
|
|
|
|
static gint ett_quic = -1;
|
|
static gint ett_quic_puflags = -1;
|
|
static gint ett_quic_prflags = -1;
|
|
|
|
#define QUIC_MIN_LENGTH 3
|
|
|
|
/**************************************************************************/
|
|
/* Public Flags */
|
|
/**************************************************************************/
|
|
#define PUFLAGS_VRSN 0x01
|
|
#define PUFLAGS_RST 0x02
|
|
#define PUFLAGS_GUID 0x0C
|
|
#define PUFLAGS_SEQ 0x30
|
|
#define PUFLAGS_RSV 0xC0
|
|
|
|
static const value_string puflags_guid_vals[] = {
|
|
{ 0, "0 Byte" },
|
|
{ 1, "1 Bytes" },
|
|
{ 2, "4 Bytes" },
|
|
{ 3, "8 Bytes" },
|
|
{ 0, NULL }
|
|
};
|
|
|
|
static const value_string puflags_seq_vals[] = {
|
|
{ 0, "1 Byte" },
|
|
{ 1, "2 Bytes" },
|
|
{ 2, "4 Bytes" },
|
|
{ 3, "6 Bytes" },
|
|
{ 0, NULL }
|
|
};
|
|
|
|
/**************************************************************************/
|
|
/* Private Flags */
|
|
/**************************************************************************/
|
|
#define PRFLAGS_ENTROPY 0x01
|
|
#define PRFLAGS_FECG 0x02
|
|
#define PRFLAGS_FEC 0x04
|
|
#define PRFLAGS_RSV 0xF8
|
|
|
|
static int
|
|
dissect_quic_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
|
|
void *data _U_)
|
|
{
|
|
proto_item *ti, *ti_puflags/*, *ti_prflags, *expert_ti*/;
|
|
proto_tree *quic_tree, *puflags_tree/*, *prflags_tree*/;
|
|
guint offset = 0;
|
|
guint8 puflags, len_guid, len_seq;
|
|
guint64 guid, seq;
|
|
|
|
if (tvb_length(tvb) < QUIC_MIN_LENGTH)
|
|
return 0;
|
|
|
|
col_set_str(pinfo->cinfo, COL_PROTOCOL, "QUIC");
|
|
|
|
ti = proto_tree_add_item(tree, proto_quic, tvb, 0, -1, ENC_NA);
|
|
quic_tree = proto_item_add_subtree(ti, ett_quic);
|
|
|
|
/* Public Flags */
|
|
ti_puflags = proto_tree_add_item(quic_tree, hf_quic_puflags, tvb, offset, 1, ENC_NA);
|
|
puflags_tree = proto_item_add_subtree(ti_puflags, ett_quic_puflags);
|
|
proto_tree_add_item(puflags_tree, hf_quic_puflags_vrsn, tvb, offset, 1, ENC_NA);
|
|
proto_tree_add_item(puflags_tree, hf_quic_puflags_rst, tvb, offset, 1, ENC_NA);
|
|
proto_tree_add_item(puflags_tree, hf_quic_puflags_guid, tvb, offset, 1, ENC_NA);
|
|
proto_tree_add_item(puflags_tree, hf_quic_puflags_seq, tvb, offset, 1, ENC_NA);
|
|
proto_tree_add_item(puflags_tree, hf_quic_puflags_rsv, tvb, offset, 1, ENC_NA);
|
|
|
|
puflags = tvb_get_guint8(tvb, offset);
|
|
|
|
offset += 1;
|
|
|
|
/* GUID */
|
|
|
|
/* Get len of GUID (and GUID), may be a more easy function to get the length... */
|
|
switch((puflags & PUFLAGS_GUID) >> 2){
|
|
case 0:
|
|
len_guid = 0;
|
|
guid = 0;
|
|
break;
|
|
case 1:
|
|
len_guid = 1;
|
|
guid = tvb_get_guint8(tvb, offset);
|
|
break;
|
|
case 2:
|
|
len_guid = 4;
|
|
guid = tvb_get_letohl(tvb, offset);
|
|
break;
|
|
case 3:
|
|
len_guid = 8;
|
|
guid = tvb_get_letoh64(tvb, offset);
|
|
break;
|
|
default: /* It is only between 0..3 but Clang(Analyser) i don't like this... ;-) */
|
|
len_guid = 8;
|
|
guid = tvb_get_letoh64(tvb, offset);
|
|
break;
|
|
}
|
|
|
|
proto_tree_add_item(quic_tree, hf_quic_guid, tvb, offset, len_guid, ENC_LITTLE_ENDIAN);
|
|
offset += len_guid;
|
|
|
|
/* Version */
|
|
if(puflags & PUFLAGS_VRSN){
|
|
proto_tree_add_item(quic_tree, hf_quic_version, tvb, offset, 4, ENC_ASCII||ENC_NA);
|
|
offset += 4;
|
|
}
|
|
|
|
/* Sequence */
|
|
|
|
/* Get len of sequence (and sequence), may be a more easy function to get the length... */
|
|
switch((puflags & PUFLAGS_SEQ) >> 4){
|
|
case 0:
|
|
len_seq = 1;
|
|
seq = tvb_get_guint8(tvb, offset);
|
|
break;
|
|
case 1:
|
|
len_seq = 2;
|
|
seq = tvb_get_letohs(tvb, offset);
|
|
break;
|
|
case 2:
|
|
len_seq = 4;
|
|
seq = tvb_get_letohl(tvb, offset);
|
|
break;
|
|
case 3:
|
|
len_seq = 6;
|
|
seq = tvb_get_letoh48(tvb, offset);
|
|
break;
|
|
default: /* It is only between 0..3 but Clang(Analyser) i don't like this... ;-) */
|
|
len_seq = 6;
|
|
seq = tvb_get_letoh48(tvb, offset);
|
|
break;
|
|
}
|
|
proto_tree_add_item(quic_tree, hf_quic_sequence, tvb, offset, len_seq, ENC_LITTLE_ENDIAN);
|
|
offset += len_seq;
|
|
|
|
col_add_fstr(pinfo->cinfo, COL_INFO, "GUID: %" G_GINT64_MODIFIER "u, Seq: %" G_GINT64_MODIFIER "u", guid, seq);
|
|
|
|
#if 0 /* Decode Private Flags is not yet ready... */
|
|
/* Private Flags */
|
|
ti_prflags = proto_tree_add_item(quic_tree, hf_quic_prflags, tvb, offset, 1, ENC_NA);
|
|
prflags_tree = proto_item_add_subtree(ti_prflags, ett_quic_prflags);
|
|
proto_tree_add_item(prflags_tree, hf_quic_prflags_entropy, tvb, offset, 1, ENC_NA);
|
|
proto_tree_add_item(prflags_tree, hf_quic_prflags_fecg, tvb, offset, 1, ENC_NA);
|
|
proto_tree_add_item(prflags_tree, hf_quic_prflags_fec, tvb, offset, 1, ENC_NA);
|
|
proto_tree_add_item(prflags_tree, hf_quic_prflags_rsv, tvb, offset, 1, ENC_NA);
|
|
offset +=1;
|
|
#endif
|
|
|
|
/* Payload... (encrypted... TODO FIX !) */
|
|
proto_tree_add_item(quic_tree, hf_quic_payload, tvb, offset, -1, ENC_NA);
|
|
|
|
return offset;
|
|
}
|
|
|
|
static int
|
|
dissect_quic(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
|
|
void *data _U_)
|
|
{
|
|
return dissect_quic_common(tvb, pinfo, tree, NULL);
|
|
}
|
|
|
|
static int
|
|
dissect_quics(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
|
|
void *data _U_)
|
|
{
|
|
return dissect_quic_common(tvb, pinfo, tree, NULL);
|
|
}
|
|
|
|
void
|
|
proto_register_quic(void)
|
|
{
|
|
module_t *quic_module;
|
|
|
|
static hf_register_info hf[] = {
|
|
{ &hf_quic_puflags,
|
|
{ "Public Flags", "quic.puflags",
|
|
FT_UINT8, BASE_HEX, NULL, 0x0,
|
|
"Specifying per-packet public flags", HFILL }
|
|
},
|
|
{ &hf_quic_puflags_vrsn,
|
|
{ "Version", "quic.puflags.version",
|
|
FT_BOOLEAN, 8, TFS(&tfs_yes_no), PUFLAGS_VRSN,
|
|
"Signifies that this packet also contains the version of the QUIC protocol", HFILL }
|
|
},
|
|
{ &hf_quic_puflags_rst,
|
|
{ "Reset", "quic.puflags.reset",
|
|
FT_BOOLEAN, 8, TFS(&tfs_yes_no), PUFLAGS_RST,
|
|
"Signifies that this packet is a public reset packet", HFILL }
|
|
},
|
|
{ &hf_quic_puflags_guid,
|
|
{ "GUID Length", "quic.puflags.guid",
|
|
FT_UINT8, BASE_HEX, VALS(puflags_guid_vals), PUFLAGS_GUID,
|
|
"Signifies the Length of GUID", HFILL }
|
|
},
|
|
{ &hf_quic_puflags_seq,
|
|
{ "Sequence Length", "quic.puflags.seq",
|
|
FT_UINT8, BASE_HEX, VALS(puflags_seq_vals), PUFLAGS_SEQ,
|
|
"Signifies the Length of Sequence", HFILL }
|
|
},
|
|
{ &hf_quic_puflags_rsv,
|
|
{ "Reserved", "quic.puflags.rsv",
|
|
FT_UINT8, BASE_HEX, NULL, PUFLAGS_RSV,
|
|
"Must be Zero", HFILL }
|
|
},
|
|
{ &hf_quic_guid,
|
|
{ "GUID", "quic.guid",
|
|
FT_UINT64, BASE_DEC, NULL, 0x0,
|
|
"Globally Unique Identifier 64 bit pseudo random number", HFILL }
|
|
},
|
|
{ &hf_quic_version,
|
|
{ "Version", "quic.version",
|
|
FT_STRING, BASE_NONE, NULL, 0x0,
|
|
"32 bit opaque tag that represents the version of the QUIC", HFILL }
|
|
},
|
|
{ &hf_quic_sequence,
|
|
{ "Sequence", "quic.sequence",
|
|
FT_UINT64, BASE_DEC, NULL, 0x0,
|
|
"The lower 8, 16, 32, or 48 bits of the sequence number", HFILL }
|
|
},
|
|
#if 0 /* Decode Private Flags is not yet ready... */
|
|
{ &hf_quic_prflags,
|
|
{ "Private Flags", "quic.prflags",
|
|
FT_UINT8, BASE_HEX, NULL, 0x0,
|
|
"Specifying per-packet Private flags", HFILL }
|
|
},
|
|
{ &hf_quic_prflags_entropy,
|
|
{ "Entropy", "quic.prflags.entropy",
|
|
FT_BOOLEAN, 8, TFS(&tfs_yes_no), PRFLAGS_ENTROPY,
|
|
"For data packets, signifies that this packet contains the 1 bit of entropy, for fec packets, contains the xor of the entropy of protected packets", HFILL }
|
|
},
|
|
{ &hf_quic_prflags_fecg,
|
|
{ "FEC Group", "quic.prflags.fecg",
|
|
FT_BOOLEAN, 8, TFS(&tfs_yes_no), PRFLAGS_FECG,
|
|
"Indicates whether the fec byte is present.", HFILL }
|
|
},
|
|
{ &hf_quic_prflags_fec,
|
|
{ "FEC", "quic.prflags.fec",
|
|
FT_BOOLEAN, 8, TFS(&tfs_yes_no), PRFLAGS_FEC,
|
|
"Signifies that this packet represents an FEC packet", HFILL }
|
|
},
|
|
{ &hf_quic_prflags_rsv,
|
|
{ "Reserved", "quic.prflags.rsv",
|
|
FT_UINT8, BASE_HEX, NULL, PRFLAGS_RSV,
|
|
"Must be Zero", HFILL }
|
|
},
|
|
#endif
|
|
|
|
{ &hf_quic_payload,
|
|
{ "Payload", "quic.payload",
|
|
FT_BYTES, BASE_NONE, NULL, 0x0,
|
|
"Quic Payload..", HFILL }
|
|
},
|
|
|
|
};
|
|
|
|
|
|
static gint *ett[] = {
|
|
&ett_quic,
|
|
&ett_quic_puflags,
|
|
&ett_quic_prflags
|
|
};
|
|
|
|
proto_quic = proto_register_protocol("QUIC (Quick UDP Internet Connections)",
|
|
"QUIC", "quic");
|
|
|
|
proto_register_field_array(proto_quic, hf, array_length(hf));
|
|
proto_register_subtree_array(ett, array_length(ett));
|
|
|
|
quic_module = prefs_register_protocol(proto_quic, proto_reg_handoff_quic);
|
|
|
|
|
|
prefs_register_uint_preference(quic_module, "udp.quic.port", "QUIC UDP Port",
|
|
"QUIC UDP port if other than the default",
|
|
10, &g_quic_port);
|
|
|
|
prefs_register_uint_preference(quic_module, "udp.quics.port", "QUICS UDP Port",
|
|
"QUICS (Secure) UDP port if other than the default",
|
|
10, &g_quics_port);
|
|
}
|
|
|
|
void
|
|
proto_reg_handoff_quic(void)
|
|
{
|
|
static gboolean initialized = FALSE;
|
|
static dissector_handle_t quic_handle;
|
|
static dissector_handle_t quics_handle;
|
|
static int current_quic_port;
|
|
static int current_quics_port;
|
|
|
|
if (!initialized) {
|
|
quic_handle = new_create_dissector_handle(dissect_quic,
|
|
proto_quic);
|
|
quics_handle = new_create_dissector_handle(dissect_quics,
|
|
proto_quic);
|
|
initialized = TRUE;
|
|
|
|
} else {
|
|
dissector_delete_uint("udp.port", current_quic_port, quic_handle);
|
|
dissector_delete_uint("udp.port", current_quics_port, quics_handle);
|
|
}
|
|
|
|
current_quic_port = g_quic_port;
|
|
current_quics_port = g_quics_port;
|
|
|
|
|
|
dissector_add_uint("udp.port", current_quic_port, quic_handle);
|
|
dissector_add_uint("udp.port", current_quics_port, quics_handle);
|
|
}
|
|
|
|
|
|
/*
|
|
* Editor modelines - http://www.wireshark.org/tools/modelines.html
|
|
*
|
|
* Local variables:
|
|
* c-basic-offset: 4
|
|
* tab-width: 8
|
|
* indent-tabs-mode: nil
|
|
* End:
|
|
*
|
|
* vi: set shiftwidth=4 tabstop=8 expandtab:
|
|
* :indentSize=4:tabSize=8:noTabs=true:
|
|
*/
|