Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
18392 commits 386 branches 195 tags 256 MiB
Commit graph

16 commits

Author SHA1 Message Date
Arne Welzel
fe89a521d1 QUIC: Use initial destination conn_id for decryption 
Ensure the client side also uses the initial destination connection ID
for decryption purposes instead of the one from the current long header
packet. PCAP from local WiFi hotspot.
 2025-05-05 14:34:11 +02:00
Arne Welzel
ae90524027 QUIC: Handle CRYPTO frames across multiple INITIAL packets 
Instead of sending the accumulated CRYPTO frames after processing an
INITIAL packet, add logic to determine the total length of the TLS
Client or Server Hello (by peeking into the first 4 byte). Once all
CRYPTO frames have arrived, flush the reassembled data to the TLS
analyzer at once.
 2025-05-05 14:34:11 +02:00
Arne Welzel
5d9d3921a6 QUIC: Confirm before forwarding data to SSL 
Fixes #4201
 2025-02-03 17:36:41 +01:00
Arne Welzel
6a14e64a17 QUIC: Parse all QUIC packets in a UDP datagram 
A UDP datagram may contain multiple QUIC packets, but the parser so far
handled only the very first packet, ignoring any subsequent packets.

Fixes #4198
 2025-02-03 17:36:37 +01:00
Arne Welzel
7bdc856f0d QUIC/decrypt_crypto: Actually check if decryption was successful 
...and bail if it wasn't.

PCAP was produced using OSS-Fuzz input from issue 383379789.
 2024-12-15 20:39:26 -07:00
Robin Sommer
1837e0289a
Bump Spicy to current main. 
This requires a few baseline updates, and a tweak to one test
canonifier.
 2024-01-29 09:59:46 +01:00
Arne Welzel
ec9ed81250 quic: Handle and log unhandled_version 2024-01-09 17:10:11 +01:00
Arne Welzel
0796a191c6 quic: tests: Require have-spicy 2024-01-05 11:37:35 +01:00
Arne Welzel
50cdac922f quic: analyzer: Recognize and report unknown versions better 
This makes the analyzer.log entry more informative by including the
actual version and also allows to handle this scenario in script land
if needed.
 2024-01-05 11:37:03 +01:00
Arne Welzel
727091ed67 quic: tests: Add QUIC v2 test cases 
Produced using examples from the go-quic project, patching the clients
to force QUIC v2.
 2024-01-05 11:36:57 +01:00
Arne Welzel
ebb8780d6a quic: Skip new test if have-quic is false 2023-10-20 20:57:19 +02:00
Arne Welzel
6604010a05 quic: Bump maximum history length, make configurable 
From zeek/spicy-quic#15
 2023-10-20 20:42:30 +02:00
Arne Welzel
1774a25f00 ci/btest: Remove spicy-quic helper, disable Spicy on CentOS 7 
The have-quic pattern wasn't great and it wouldn't scale.
 2023-10-11 17:17:23 +02:00
Arne Welzel
3f99aa7996 testing/quic: Fixups and simplification after Zeek integration 2023-10-11 14:10:22 +02:00
Arne Welzel
359f8d2ae6 quic: Squashed follow-ups: quic.log, tests, various fixes, performance 2023-10-11 14:10:22 +02:00
Joost
44d7c45723 quic: Initial implementation 2023-10-11 14:10:22 +02:00