Merge remote-tracking branch 'origin/topic/awelzel/4198-4201-quic-maintenance'

* origin/topic/awelzel/4198-4201-quic-maintenance:
  QUIC/decrypt_crypto: Rename all_data to data
  QUIC: Confirm before forwarding data to SSL
  QUIC: Parse all QUIC packets in a UDP datagram
  QUIC: Only slurp till packet end, not till &eod

testing/btest/Baseline/scripts.base.protocols.quic.analyzer-confirmations/conn.log.cut

@@ -0,0 +1,3 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+ts	uid	history	service
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	Dd	ssl,quic

testing/btest/Baseline/scripts.base.protocols.quic.analyzer-confirmations/out

@@ -0,0 +1,3 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+analyzer_confirmation, 1692198386.837988, CHhAvVGS1DHFjwGM9, Analyzer::ANALYZER_QUIC
+analyzer_confirmation, 1692198386.837988, CHhAvVGS1DHFjwGM9, Analyzer::ANALYZER_SSL

testing/btest/Baseline/scripts.base.protocols.quic.chromium/conn.log.cut

@@ -1,3 +1,3 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 ts	uid	history	service
-XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	Dd	quic,ssl
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	Dd	ssl,quic

testing/btest/Baseline/scripts.base.protocols.quic.chromium/quic.log

@@ -7,5 +7,5 @@
 #open XXXX-XX-XX-XX-XX-XX
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	client_initial_dcid	client_scid	server_scid	server_name	client_protocol	history
 #types	time	string	addr	port	addr	port	string	string	string	string	string	string	string
-XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	82.239.54.117	53727	110.213.53.115	443	1	95412c47018cdfe8	(empty)	d5412c47018cdfe8	api.cirrus-ci.com	h3	ISisH
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	82.239.54.117	53727	110.213.53.115	443	1	95412c47018cdfe8	(empty)	d5412c47018cdfe8	api.cirrus-ci.com	h3	ISishH
 #close XXXX-XX-XX-XX-XX-XX

testing/btest/Baseline/scripts.base.protocols.quic.curl-http3/conn.log.cut

@@ -1,3 +1,3 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 ts	uid	history	service
-XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	Dd	quic,ssl
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	Dd	ssl,quic

testing/btest/Baseline/scripts.base.protocols.quic.events/out

@@ -4,17 +4,20 @@
 1.0, initial_packet, C4J4Th3PJpwUYZZ6gc, T, 1, 1b036a11, 
 1.0, initial_packet, C4J4Th3PJpwUYZZ6gc, F, 1, , fc674735
 1.0, handshake_packet, F, C4J4Th3PJpwUYZZ6gc, 1, , fc674735
+1.0, handshake_packet, F, C4J4Th3PJpwUYZZ6gc, 1, , fc674735
 1.0, initial_packet, C4J4Th3PJpwUYZZ6gc, T, 1, fc674735, 
 1.0, handshake_packet, T, C4J4Th3PJpwUYZZ6gc, 1, ef3a4e06, 
 zerortt.pcap
 1.0, initial_packet, C4J4Th3PJpwUYZZ6gc, T, 1, b7c7841c64883e3261d840, 
 1.0, initial_packet, C4J4Th3PJpwUYZZ6gc, F, 1, , 8d2041ac
 1.0, handshake_packet, F, C4J4Th3PJpwUYZZ6gc, 1, , 8d2041ac
+1.0, handshake_packet, F, C4J4Th3PJpwUYZZ6gc, 1, , 8d2041ac
 1.0, initial_packet, C4J4Th3PJpwUYZZ6gc, T, 1, 8d2041ac, 
 1.0, handshake_packet, T, C4J4Th3PJpwUYZZ6gc, 1, 5b7bc400, 
 1.0, initial_packet, CtPZjS20MLrsMUOJi2, T, 1, 15ae5e5e4962163f410b5529fc125bbc, 
 1.0, zero_rtt_packet, T, CtPZjS20MLrsMUOJi2, 1, 15ae5e5e4962163f410b5529fc125bbc, 
 1.0, initial_packet, CtPZjS20MLrsMUOJi2, F, 1, , e483a751
+1.0, handshake_packet, F, CtPZjS20MLrsMUOJi2, 1, , e483a751
 1.0, zero_rtt_packet, T, CtPZjS20MLrsMUOJi2, 1, 15ae5e5e4962163f410b5529fc125bbc, 
 1.0, zero_rtt_packet, T, CtPZjS20MLrsMUOJi2, 1, 15ae5e5e4962163f410b5529fc125bbc, 
 1.0, zero_rtt_packet, T, CtPZjS20MLrsMUOJi2, 1, 15ae5e5e4962163f410b5529fc125bbc, 

testing/btest/Baseline/scripts.base.protocols.quic.firefox/conn.log.cut

@@ -1,3 +1,3 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 ts	uid	history	service
-XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	Dd	quic,ssl
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	Dd	ssl,quic

testing/btest/Baseline/scripts.base.protocols.quic.fragmented-crypto/conn.log.cut

@@ -1,3 +1,3 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 ts	uid	history	service
-XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	Dd	quic,ssl
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	Dd	ssl,quic

testing/btest/Baseline/scripts.base.protocols.quic.interop.quic-go_quic-go.handshake/conn.log.cut

@@ -2,4 +2,4 @@
 ts	uid	history	service
 0.015059	ClEkJM2Vm5giqnMf4h	-	-
 0.001000	CHhAvVGS1DHFjwGM9	-	-
-0.648580	C4J4Th3PJpwUYZZ6gc	Dd	quic,ssl
+0.648580	C4J4Th3PJpwUYZZ6gc	Dd	ssl,quic

testing/btest/Baseline/scripts.base.protocols.quic.interop.quic-go_quic-go.handshake/quic.log

@@ -7,5 +7,5 @@
 #open XXXX-XX-XX-XX-XX-XX
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	client_initial_dcid	client_scid	server_scid	server_name	client_protocol	history
 #types	time	string	addr	port	addr	port	string	string	string	string	string	string	string
-1.000000	C4J4Th3PJpwUYZZ6gc	193.167.0.100	40084	193.167.100.100	443	1	a771f6161a4072c0bf10	(empty)	5911deff	server4:443	hq-interop	ISishIH
+1.000000	C4J4Th3PJpwUYZZ6gc	193.167.0.100	40084	193.167.100.100	443	1	a771f6161a4072c0bf10	(empty)	5911deff	server4:443	hq-interop	ISishhIH
 #close XXXX-XX-XX-XX-XX-XX

testing/btest/Baseline/scripts.base.protocols.quic.interop.quic-go_quic-go.retry/conn.log.cut

@@ -2,4 +2,4 @@
 ts	uid	history	service
 0.000000	CHhAvVGS1DHFjwGM9	-	-
 0.016059	ClEkJM2Vm5giqnMf4h	-	-
-0.669020	C4J4Th3PJpwUYZZ6gc	Dd	quic,ssl
+0.669020	C4J4Th3PJpwUYZZ6gc	Dd	ssl,quic

testing/btest/Baseline/scripts.base.protocols.quic.interop.quic-go_quic-go.retry/quic.log

@@ -8,5 +8,5 @@
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	client_initial_dcid	client_scid	server_scid	server_name	client_protocol	history
 #types	time	string	addr	port	addr	port	string	string	string	string	string	string	string
 1.000000	C4J4Th3PJpwUYZZ6gc	193.167.0.100	42834	193.167.100.100	443	1	4a8294bf9201d6cf	(empty)	-	server4:443	hq-interop	ISr
-1.000000	C4J4Th3PJpwUYZZ6gc	193.167.0.100	42834	193.167.100.100	443	1	1b036a11	(empty)	fc674735	server4:443	hq-interop	ISishIH
+1.000000	C4J4Th3PJpwUYZZ6gc	193.167.0.100	42834	193.167.100.100	443	1	1b036a11	(empty)	fc674735	server4:443	hq-interop	ISishhIH
 #close XXXX-XX-XX-XX-XX-XX

testing/btest/Baseline/scripts.base.protocols.quic.interop.quic-go_quic-go.zerortt/conn.log.cut

@@ -2,5 +2,5 @@
 ts	uid	history	service
 0.015059	ClEkJM2Vm5giqnMf4h	-	-
 0.001000	CHhAvVGS1DHFjwGM9	-	-
-0.790739	CtPZjS20MLrsMUOJi2	Dd	quic,ssl
-0.718160	C4J4Th3PJpwUYZZ6gc	Dd	quic,ssl
+0.790739	CtPZjS20MLrsMUOJi2	Dd	ssl,quic
+0.718160	C4J4Th3PJpwUYZZ6gc	Dd	ssl,quic

testing/btest/Baseline/scripts.base.protocols.quic.interop.quic-go_quic-go.zerortt/quic.log

@@ -7,6 +7,6 @@
 #open XXXX-XX-XX-XX-XX-XX
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	client_initial_dcid	client_scid	server_scid	server_name	client_protocol	history
 #types	time	string	addr	port	addr	port	string	string	string	string	string	string	string
-1.000000	CtPZjS20MLrsMUOJi2	193.167.0.100	49394	193.167.100.100	443	1	15ae5e5e4962163f410b5529fc125bbc	(empty)	e483a751	server4:443	hq-interop	ISZisZZZZZZZZZZZZZZZZZZZZZZZZZZZIH
-1.000000	C4J4Th3PJpwUYZZ6gc	193.167.0.100	60492	193.167.100.100	443	1	b7c7841c64883e3261d840	(empty)	8d2041ac	server4:443	hq-interop	ISishIH
+1.000000	CtPZjS20MLrsMUOJi2	193.167.0.100	49394	193.167.100.100	443	1	15ae5e5e4962163f410b5529fc125bbc	(empty)	e483a751	server4:443	hq-interop	ISZishZZZZZZZZZZZZZZZZZZZZZZZZZZZIH
+1.000000	C4J4Th3PJpwUYZZ6gc	193.167.0.100	60492	193.167.100.100	443	1	b7c7841c64883e3261d840	(empty)	8d2041ac	server4:443	hq-interop	ISishhIH
 #close XXXX-XX-XX-XX-XX-XX

testing/btest/Baseline/scripts.base.protocols.quic.merlinc2/conn.log.cut

@@ -0,0 +1,3 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+ts	uid	history	service
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	Dd	ssl,quic

testing/btest/Baseline/scripts.base.protocols.quic.merlinc2/quic.log

@@ -0,0 +1,11 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	quic
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	client_initial_dcid	client_scid	server_scid	server_name	client_protocol	history
+#types	time	string	addr	port	addr	port	string	string	string	string	string	string	string
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	10.0.0.4	53241	24.199.110.233	443	1	f21fdf87f736f235846c7f460ca017	1b3ff910	eab5f6f4	-	h3	ISishhIH
+#close XXXX-XX-XX-XX-XX-XX

testing/btest/Baseline/scripts.base.protocols.quic.merlinc2/ssl.log

@@ -0,0 +1,11 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	ssl
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	cipher	curve	server_name	resumed	last_alert	next_protocol	established	ssl_history	cert_chain_fps	client_cert_chain_fps	sni_matches_cert
+#types	time	string	addr	port	addr	port	string	string	string	string	bool	string	string	bool	string	vector[string]	vector[string]	bool
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	10.0.0.4	53241	24.199.110.233	443	TLSv13	TLS_AES_128_GCM_SHA256	x25519	-	F	-	-	F	Cs	-	-	-
+#close XXXX-XX-XX-XX-XX-XX

testing/btest/Baseline/scripts.base.protocols.quic.quicdoq/conn.log.cut

@@ -1,3 +1,3 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 ts	uid	history	service
-XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	Dd	quic,ssl
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	Dd	ssl,quic

testing/btest/Baseline/scripts.base.protocols.quic.quicdoq/quic.log

@@ -7,5 +7,5 @@
 #open XXXX-XX-XX-XX-XX-XX
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	client_initial_dcid	client_scid	server_scid	server_name	client_protocol	history
 #types	time	string	addr	port	addr	port	string	string	string	string	string	string	string
-XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	127.0.0.1	46907	127.0.0.1	853	1	fda05288ab9ff546	0fb934775f247b8e	a31f4933d8727231	-	doq	ISishH
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	127.0.0.1	46907	127.0.0.1	853	1	fda05288ab9ff546	0fb934775f247b8e	a31f4933d8727231	-	doq	ISishhH
 #close XXXX-XX-XX-XX-XX-XX

testing/btest/Baseline/scripts.base.protocols.quic.quicv2-echo-443/conn.log.cut

@@ -1,3 +1,3 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 ts	uid	history	service
-XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	Dd	quic,ssl
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	Dd	ssl,quic

testing/btest/Baseline/scripts.base.protocols.quic.quicv2-echo-443/quic.log

@@ -7,5 +7,5 @@
 #open XXXX-XX-XX-XX-XX-XX
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	client_initial_dcid	client_scid	server_scid	server_name	client_protocol	history
 #types	time	string	addr	port	addr	port	string	string	string	string	string	string	string
-XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	127.0.0.1	49320	127.0.0.1	443	quicv2	fa603212c8688817af3d3238735bc7	(empty)	b168b5cc	localhost	quic-echo-example	ISIIisIH
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	127.0.0.1	49320	127.0.0.1	443	quicv2	fa603212c8688817af3d3238735bc7	(empty)	b168b5cc	localhost	quic-echo-example	ISIIishIH
 #close XXXX-XX-XX-XX-XX-XX

testing/btest/Baseline/scripts.base.protocols.quic.quicv2-http3-443/conn.log.cut

@@ -1,3 +1,3 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 ts	uid	history	service
-XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	Dd	quic,ssl
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	Dd	ssl,quic

testing/btest/Baseline/scripts.base.protocols.quic.quicv2-http3-443/quic.log

@@ -7,5 +7,5 @@
 #open XXXX-XX-XX-XX-XX-XX
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	client_initial_dcid	client_scid	server_scid	server_name	client_protocol	history
 #types	time	string	addr	port	addr	port	string	string	string	string	string	string	string
-XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	127.0.0.1	50841	127.0.0.1	443	quicv2	bdf0c5b27927cc667e58d95b	71b8f3f4	cdc8b6e6	-	h3	ISishIHH
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	127.0.0.1	50841	127.0.0.1	443	quicv2	bdf0c5b27927cc667e58d95b	71b8f3f4	cdc8b6e6	-	h3	ISishhIHH
 #close XXXX-XX-XX-XX-XX-XX

testing/btest/Baseline/scripts.base.protocols.quic.run-pcap/conn.log.cut

@@ -1,3 +1,3 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 ts	uid	history	service
-XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	Dd	quic,ssl
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	Dd	ssl,quic

testing/btest/Traces/README

@@ -38,3 +38,6 @@ Trace Index/Sources:
 - http/docker-http-upgrade.pcap
   Provided by blightzero on #4068
   https://github.com/zeek/zeek/issues/4068
+- quic/merlinc2_Zeek_example.pcapng
+  Provided by Faan Rossouw on #4198
+  https://github.com/zeek/zeek/issues/4198

testing/btest/scripts/base/protocols/quic/analyzer-confirmations.zeek

@@ -0,0 +1,15 @@
+# @TEST-DOC: Test the order of analyzer confirmations for QUIC and SSL, QUIC should come first.
+
+# @TEST-REQUIRES: ${SCRIPTS}/have-spicy
+# @TEST-EXEC: zeek -Cr $TRACES/quic/chromium-115.0.5790.110-api-cirrus-com.pcap %INPUT >out
+# @TEST-EXEC: zeek-cut -m ts uid history service < conn.log > conn.log.cut
+# @TEST-EXEC: TEST_DIFF_CANONIFIER= btest-diff out
+# @TEST-EXEC: btest-diff conn.log.cut
+
+@load base/protocols/quic
+
+
+event analyzer_confirmation_info(atype: AllAnalyzers::Tag, info: AnalyzerConfirmationInfo)
+	{
+	print "analyzer_confirmation", network_time(), info$c$uid, atype;
+	}

testing/btest/scripts/base/protocols/quic/merlinc2.zeek

@@ -0,0 +1,8 @@
+# @TEST-DOC: Test PCAP for Merlin C2 from issue #4198
+
+# @TEST-REQUIRES: ${SCRIPTS}/have-spicy
+# @TEST-EXEC: zeek -Cr $TRACES/quic/merlinc2_Zeek_example.pcapng base/protocols/quic
+# @TEST-EXEC: zeek-cut -m ts uid history service < conn.log > conn.log.cut
+# @TEST-EXEC: btest-diff conn.log.cut
+# @TEST-EXEC: btest-diff ssl.log
+# @TEST-EXEC: btest-diff quic.log

testing/external/commit-hash.zeek-testing

@@ -1 +1 @@
-5e5b54025ed7c3c2a9a23dadbb5b35fde15501e0
+7c0850401dd97661932c5ea8544429c9c12a185f