diff options
author | John Thacker <johnthacker@gmail.com> | 2022-07-21 02:16:48 -0400 |
---|---|---|
committer | John Thacker <johnthacker@gmail.com> | 2022-07-24 23:27:38 -0400 |
commit | cb3fd3b5cde74fe0b164b19898950184935dacba (patch) | |
tree | 05b9b278d986b0fd8d4af00a066f3f5ec768521b /test | |
parent | 081bc13eb87bb9aa679c3909821751125c5433a7 (diff) |
quic: Handle out-of-order CRYPTO frames, aka "Chaos Protection"
Implement out of order buffering and desegmentation for QUIC
CRYPTO frames. Particularly useful for Chrome's "Chaos Protection"
that intentionally introduces them, but handles out of order
CRYPTO frames in different UDP payloads as well. (Buffering
packets at a higher encryption level until the out of order
lower level frames have arrived is a different issue.)
Adds a preference, which defaults to on since if there is
out of order, it's not very useful to turn it off.
Fix #17732. Fix #18215.
Diffstat (limited to 'test')
-rw-r--r-- | test/captures/quic-fragmented-handshakes.pcapng.gz | bin | 0 -> 32804 bytes | |||
-rw-r--r-- | test/suite_dissection.py | 36 |
2 files changed, 36 insertions, 0 deletions
diff --git a/test/captures/quic-fragmented-handshakes.pcapng.gz b/test/captures/quic-fragmented-handshakes.pcapng.gz Binary files differnew file mode 100644 index 0000000000..f029a46f48 --- /dev/null +++ b/test/captures/quic-fragmented-handshakes.pcapng.gz diff --git a/test/suite_dissection.py b/test/suite_dissection.py index c5aaa9be5b..68c07a17d3 100644 --- a/test/suite_dissection.py +++ b/test/suite_dissection.py @@ -702,6 +702,42 @@ class case_dissect_tls(subprocesstest.SubprocessTestCase): @fixtures.mark_usefixtures('test_env') @fixtures.uses_fixtures +class case_dissect_quic(subprocesstest.SubprocessTestCase): + def check_quic_tls_handshake_reassembly(self, cmd_tshark, capture_file, + extraArgs=[]): + # An assortment of QUIC carrying TLS handshakes that need to be + # reassembled, including fragmented in one packet, fragmented in + # multiple packets, fragmented in multiple out of order packets, + # retried, retried with overlap from the original packets, and retried + # with one of the original packets missing (but all data there.) + # Include -zexpert just to be sure that nothing Warn or higher occured. + # Note level expert infos may be expected with the overlaps and + # retransmissions. + proc = self.assertRun([cmd_tshark, + '-r', capture_file('quic-fragmented-handshakes.pcapng.gz'), + '-zexpert,warn', + '-Ytls.handshake.type', + '-o', 'gui.column.format:"Handshake Type","%Cus:tls.handshake.type:0:R"', + ] + extraArgs) + self.assertEqual(self.countOutput('Client Hello'), 18) + self.assertEqual(self.countOutput('Server Hello'), 2) + self.assertEqual(self.countOutput('Finished'), 2) + self.assertEqual(self.countOutput('New Session Ticket,New Session Ticket'), 1) + self.assertEqual(self.countOutput('Certificate'), 2) + self.assertFalse(self.grepOutput('Warns')) + self.assertFalse(self.grepOutput('Errors')) + + def test_quic_tls_handshake_reassembly(self, cmd_tshark, capture_file): + '''Verify that QUIC and TLS handshake reassembly works.''' + self.check_quic_tls_handshake_reassembly(cmd_tshark, capture_file) + + def test_quic_tls_handshake_reassembly_2(self, cmd_tshark, capture_file): + '''Verify that QUIC and TLS handshake reassembly works (second pass).''' + self.check_quic_tls_handshake_reassembly( + cmd_tshark, capture_file, extraArgs=['-2']) + +@fixtures.mark_usefixtures('test_env') +@fixtures.uses_fixtures class case_decompress_smb2(subprocesstest.SubprocessTestCase): def extract_compressed_payload(self, cmd_tshark, capture_file, frame_num): proc = self.assertRun((cmd_tshark, |