mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
QUIC: Handle CRYPTO frames across multiple INITIAL packets
Instead of sending the accumulated CRYPTO frames after processing an INITIAL packet, add logic to determine the total length of the TLS Client or Server Hello (by peeking into the first 4 byte). Once all CRYPTO frames have arrived, flush the reassembled data to the TLS analyzer at once.
This commit is contained in:
Arne Welzel
parent
e459d96fb6
commit
ae90524027
11 changed files with 169 additions and 76 deletions
|
|
@ -0,0 +1,3 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
ts uid history service
|
||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 D quic,ssl
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
ts uid server_name history
|
||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 googleads.g.doubleclick.net IIIS
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
ts uid version cipher curve server_name resumed last_alert next_protocol established ssl_history
|
||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 - - - googleads.g.doubleclick.net F - - F C
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
ts uid history service
|
||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 Dd quic,ssl
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
ts uid server_name history
|
||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 googleads.g.doubleclick.net IIISZZZiIiIIIIIIZ
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
ts uid version cipher curve server_name resumed last_alert next_protocol established ssl_history
|
||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 - - - googleads.g.doubleclick.net F - - F C
|
||||
Binary file not shown.
Binary file not shown.
|
|
@ -0,0 +1,12 @@
|
|||
# @TEST-DOC: Pcap with CRYPTO frames fragemented over multiple INITIAL packets. The pcap only contains 3 INITIAL packets. Check what logs are created.
|
||||
|
||||
# @TEST-REQUIRES: ${SCRIPTS}/have-spicy
|
||||
# @TEST-EXEC: zeek -Cr $TRACES/quic/quic-multiple-initial-fragmented-crypto-only-initial.pcap base/protocols/quic
|
||||
# @TEST-EXEC: test ! -f analyzer.log
|
||||
# @TEST-EXEC: test ! -f dpd.log
|
||||
# @TEST-EXEC: zeek-cut -m ts uid history service < conn.log > conn.log.cut
|
||||
# @TEST-EXEC: btest-diff conn.log.cut
|
||||
# @TEST-EXEC: zeek-cut -m ts uid server_name history < quic.log > quic.log.cut
|
||||
# @TEST-EXEC: btest-diff quic.log.cut
|
||||
# @TEST-EXEC: zeek-cut -m ts uid version cipher curve server_name resumed last_alert next_protocol established ssl_history < ssl.log > ssl.log.cut
|
||||
# @TEST-EXEC: btest-diff ssl.log.cut
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
# @TEST-DOC: Pcap with CRYPTO frames fragemented over multiple INITIAL packets.
|
||||
|
||||
# @TEST-REQUIRES: ${SCRIPTS}/have-spicy
|
||||
# @TEST-EXEC: zeek -Cr $TRACES/quic/quic-multiple-initial-fragmented-crypto.pcap base/protocols/quic
|
||||
# @TEST-EXEC: test ! -f analyzer.log
|
||||
# @TEST-EXEC: test ! -f dpd.log
|
||||
# @TEST-EXEC: zeek-cut -m ts uid history service < conn.log > conn.log.cut
|
||||
# @TEST-EXEC: btest-diff conn.log.cut
|
||||
# @TEST-EXEC: zeek-cut -m ts uid server_name history < quic.log > quic.log.cut
|
||||
# @TEST-EXEC: btest-diff quic.log.cut
|
||||
# @TEST-EXEC: zeek-cut -m ts uid version cipher curve server_name resumed last_alert next_protocol established ssl_history < ssl.log > ssl.log.cut
|
||||
# @TEST-EXEC: btest-diff ssl.log.cut
|
||||
Loading…
Add table
Add a link
Reference in a new issue