diff options
| author | Peter Wu <peter@lekensteyn.nl> | 2018-09-19 00:42:44 +0200 |
|---|---|---|
| committer | Alexis La Goutte <alexis.lagoutte@gmail.com> | 2018-09-19 05:46:18 +0000 |
| commit | 17bc055138bcf5819742739fa4ada67c60c7b9f4 (patch) | |
| tree | 4fe86cf7fe1085b26e83c28745694b1f29b10a60 /epan/dissectors/packet-quic.c | |
| parent | fc9e404ab2dd2d76e92fc492126cc489c17d019a (diff) | |
QUIC: recognize short header packets after connection migration
Improve QUIC heuristics to detect Short Header packets that have a DCID
matching with an earlier connection. Tested with "picoquicdemo -f".
Change-Id: I0c28e527ffa29784f8752a695e2d22bdea9797c4
Ping-Bug: 13881
Reviewed-on: https://code.wireshark.org/review/29728
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Diffstat (limited to 'epan/dissectors/packet-quic.c')
| -rw-r--r-- | epan/dissectors/packet-quic.c | 31 |
1 files changed, 30 insertions, 1 deletions
diff --git a/epan/dissectors/packet-quic.c b/epan/dissectors/packet-quic.c index 5a142ca810..9102b1774b 100644 --- a/epan/dissectors/packet-quic.c +++ b/epan/dissectors/packet-quic.c @@ -2250,6 +2250,34 @@ dissect_quic(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, return offset; } +static gboolean +dissect_quic_short_header_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) +{ + // If this capture does not contain QUIC, skip the more expensive checks. + if (quic_cid_lengths == 0) { + return FALSE; + } + + // Is this a SH packet after connection migration? SH (draft -14): + // Flag (1) + DCID (4-18) + PKN (1/2/4) + encrypted payload (>= 16). + if (tvb_captured_length(tvb) < 1 + 4 + 1 + 16) { + return FALSE; + } + + // DCID length is unknown, so extract the maximum and look for a match. + quic_cid_t dcid = {.len=18}; + tvb_memcpy(tvb, dcid.cid, 1, 18); + gboolean from_server; + if (!quic_connection_find(pinfo, QUIC_SHORT_PACKET, &dcid, &from_server)) { + return FALSE; + } + + conversation_t *conversation = find_or_create_conversation(pinfo); + conversation_set_dissector(conversation, quic_handle); + dissect_quic(tvb, pinfo, tree, NULL); + return TRUE; +} + static gboolean dissect_quic_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) { /* @@ -2276,7 +2304,8 @@ static gboolean dissect_quic_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree flags = tvb_get_guint8(tvb, offset); /* Check if long Packet is set */ if((flags & 0x80) == 0) { - return FALSE; + // Perhaps this is a short header, check it. + return dissect_quic_short_header_heur(tvb, pinfo, tree); } offset += 1; |