Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

QUIC: Use initial destination conn_id for decryption

Browse source 
Ensure the client side also uses the initial destination connection ID
for decryption purposes instead of the one from the current long header
packet. PCAP from local WiFi hotspot.
This commit is contained in:
Arne Welzel 2025-04-30 15:48:17 +02:00
parent ae90524027
commit fe89a521d1
6 changed files with 29 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

12
testing/btest/scripts/base/protocols/quic/decrypt-fail-google-de-51833.zeek Normal file
View file

@ -0,0 +1,12 @@
# @TEST-DOC: PCAP for which decryption failed due to not using the initial destination connection ID consistently.
# @TEST-REQUIRES: ${SCRIPTS}/have-spicy
# @TEST-EXEC: zeek -Cr $TRACES/quic/quic-decrypt-fail-google-de-51833.pcap base/protocols/quic
# @TEST-EXEC: test ! -f analyzer.log
# @TEST-EXEC: test ! -f dpd.log
# @TEST-EXEC: zeek-cut -m ts uid history service < conn.log > conn.log.cut
# @TEST-EXEC: btest-diff conn.log.cut
# @TEST-EXEC: zeek-cut -m ts uid server_name history < quic.log > quic.log.cut
# @TEST-EXEC: btest-diff quic.log.cut
# @TEST-EXEC: zeek-cut -m ts uid version cipher curve server_name resumed last_alert next_protocol established ssl_history < ssl.log > ssl.log.cut
# @TEST-EXEC: btest-diff ssl.log.cut