QUIC: gQUIC Q044 always use CHLO from gQUIC (with tag)
authorAlexis La Goutte <alexis.lagoutte@gmail.com>
Mon, 10 Sep 2018 20:35:10 +0000 (22:35 +0200)
committerPeter Wu <peter@lekensteyn.nl>
Thu, 11 Oct 2018 08:39:36 +0000 (08:39 +0000)
Bug: 15131
Change-Id: I26af8d31939725824fd57000bc9ce57e8034def9
Reviewed-on: https://code.wireshark.org/review/29575
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
epan/dissectors/CMakeLists.txt
epan/dissectors/packet-gquic.c
epan/dissectors/packet-gquic.h [new file with mode: 0644]
epan/dissectors/packet-quic.c

index adb3104779523201f64a64c4422f0ee7fbda8519..86ae83c3b98f8d046b4a5cde6fc886b355441140 100644 (file)
@@ -352,6 +352,7 @@ set(DISSECTOR_PUBLIC_HEADERS
        packet-gmr1_common.h
        packet-gmr1_rr.h
        packet-gprscdr.h
+       packet-gquic.h
        packet-gre.h
        packet-gsm_a_common.h
        packet-gsm_a_rr.h
index 6afab079e381b19e3719d193026b99018d9f1274..7a9b43d33e74a6e7c4c50a3f3d5c633709a61fe9 100644 (file)
@@ -25,6 +25,7 @@ QUIC source code in Chromium : https://code.google.com/p/chromium/codesearch#chr
 #include <epan/conversation.h>
 #include <epan/dissectors/packet-http2.h>
 #include <wsutil/strtoi.h>
+#include "packet-gquic.h"
 
 void proto_register_gquic(void);
 void proto_reg_handoff_gquic(void);
@@ -186,6 +187,7 @@ static expert_field ei_gquic_tag_length = EI_INIT;
 static expert_field ei_gquic_tag_unknown = EI_INIT;
 static expert_field ei_gquic_version_invalid = EI_INIT;
 
+
 typedef struct gquic_info_data {
     guint8 version;
     gboolean version_valid;
@@ -1097,7 +1099,7 @@ static guint32 get_len_packet_number(guint8 puflags){
     return 6;
 }
 
-static gboolean is_gquic_unencrypt(tvbuff_t *tvb, packet_info *pinfo, guint offset, guint16 len_pkn, gquic_info_data_t *gquic_info){
+gboolean is_gquic_unencrypt(tvbuff_t *tvb, packet_info *pinfo, guint offset, guint16 len_pkn, gquic_info_data_t *gquic_info){
     guint8 frame_type;
     guint8 num_ranges, num_revived, num_blocks = 0, num_timestamp;
     guint32 len_stream = 0, len_offset = 0, len_data = 0, len_largest_observed = 1, len_missing_packet = 1;
@@ -1986,8 +1988,7 @@ dissect_gquic_frame_type(tvbuff_t *tvb, packet_info *pinfo, proto_tree *gquic_tr
 
 }
 
-
-static int
+int
 dissect_gquic_unencrypt(tvbuff_t *tvb, packet_info *pinfo, proto_tree *gquic_tree, guint offset, guint8 len_pkn, gquic_info_data_t *gquic_info){
     proto_item *ti_prflags;
     proto_tree *prflags_tree;
@@ -2015,6 +2016,44 @@ dissect_gquic_unencrypt(tvbuff_t *tvb, packet_info *pinfo, proto_tree *gquic_tre
 
 }
 
+int
+dissect_gquic_ietf(tvbuff_t *tvb, packet_info *pinfo, proto_tree *gquic_tree, guint offset, guint32 version){
+    conversation_t  *conv;
+    gquic_info_data_t  *gquic_info;
+    guint64 pkn;
+
+   /* get conversation, create if necessary*/
+    conv = find_or_create_conversation(pinfo);
+
+    /* get associated state information, create if necessary */
+    gquic_info = (gquic_info_data_t *)conversation_get_proto_data(conv, proto_gquic);
+
+    if (!gquic_info) {
+        gquic_info = wmem_new(wmem_file_scope(), gquic_info_data_t);
+        gquic_info->version = (guint8)version;
+        gquic_info->encoding = ENC_LITTLE_ENDIAN;
+        gquic_info->version_valid = TRUE;
+        gquic_info->server_port = 443;
+        conversation_add_proto_data(conv, proto_gquic, gquic_info);
+    }
+
+    proto_tree_add_item_ret_uint64(gquic_tree, hf_gquic_packet_number, tvb, offset, 4, ENC_BIG_ENDIAN, &pkn);
+    offset += 4;
+
+    if (is_gquic_unencrypt(tvb, pinfo, offset, tvb_reported_length_remaining(tvb, offset), gquic_info)){
+        offset = dissect_gquic_unencrypt(tvb, pinfo, gquic_tree, offset, tvb_reported_length_remaining(tvb, offset), gquic_info);
+    }else {     /* Payload... (encrypted... TODO FIX !) */
+        col_add_str(pinfo->cinfo, COL_INFO, "Payload (Encrypted)");
+        proto_tree_add_item(gquic_tree, hf_gquic_payload, tvb, offset, -1, ENC_NA);
+        offset += tvb_reported_length_remaining(tvb, offset);
+    }
+
+    col_append_fstr(pinfo->cinfo, COL_INFO, ", PKN: %" G_GINT64_MODIFIER "u", pkn);
+
+    return offset;
+}
+
+
 static int
 dissect_gquic_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
         void *data _U_)
diff --git a/epan/dissectors/packet-gquic.h b/epan/dissectors/packet-gquic.h
new file mode 100644 (file)
index 0000000..4d39cb7
--- /dev/null
@@ -0,0 +1,31 @@
+/* packet-gquic.h
+ * Routines for (Google) Quick UDP Internet Connections dissection
+ * Copyright 2013, Alexis La Goutte <alexis.lagoutte at gmail dot com>
+ *
+ * Wireshark - Network traffic analyzer
+ * By Gerald Combs <gerald@wireshark.org>
+ * Copyright 1998 Gerald Combs
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#ifndef __PACKET_GQUIC_H__
+#define __PACKET_GQUIC_H__
+
+int
+dissect_gquic_ietf(tvbuff_t *tvb, packet_info *pinfo, proto_tree *gquic_tree, guint offset, guint32 version);
+
+#endif
+
+/*
+ * Editor modelines  -  http://www.wireshark.org/tools/modelines.html
+ *
+ * Local variables:
+ * c-basic-offset: 4
+ * tab-width: 8
+ * indent-tabs-mode: nil
+ * End:
+ *
+ * vi: set shiftwidth=4 tabstop=8 expandtab:
+ * :indentSize=4:tabSize=8:noTabs=true:
+ */
index 38add1658233d4f9667f12db8cfb3c09ae0f7479..14f5baac13a13ecfa438a27e1d7146d380d704d4 100644 (file)
@@ -27,6 +27,7 @@
 #include "packet-tls.h"
 #include <epan/prefs.h>
 #include <wsutil/pint.h>
+#include "packet-gquic.h"
 
 #if GCRYPT_VERSION_NUMBER >= 0x010600 /* 1.6.0 */
 /* Whether to provide support for authentication in addition to decryption. */
@@ -1901,6 +1902,10 @@ dissect_quic_long_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *quic_tre
 
     offset = dissect_quic_long_header_common(tvb, pinfo, quic_tree, offset, quic_packet, &version, &dcid, &scid);
 
+    if (conn->version == 0x51303434) { /* gQUIC Q044 */
+        return dissect_gquic_ietf(tvb, pinfo, quic_tree, offset, conn->version);
+    }
+
     if (long_packet_type == QUIC_LPT_INITIAL) {
         proto_tree_add_item_ret_varint(quic_tree, hf_quic_token_length, tvb, offset, -1, ENC_VARINT_QUIC, &token_length, &len_token_length);
         offset += len_token_length;
@@ -2069,7 +2074,7 @@ quic_get_message_tvb(tvbuff_t *tvb, const guint offset)
         guint version = tvb_get_ntohl(tvb, offset + 1);
         // If this is not a VN packet but a valid long form, extract a subset.
         // TODO check for valid QUIC versions as future versions might change the format.
-        if (version != 0) {
+        if (version != 0 && !is_gquic_version(version)) {
             guint8 cid_lengths = tvb_get_guint8(tvb, offset + 5);
             guint8 dcil = cid_lengths >> 4;
             guint8 scil = cid_lengths & 0xf;