analyzer: make http3/quic handling more reliable

2026-02-11 15:49:32 +05:30
parent c3fe0ea16f
commit 43cb4755d0
4 changed files with 59 additions and 22 deletions
--- a/analyzer/udp/quic.go
+++ b/analyzer/udp/quic.go
@@ -1,6 +1,7 @@
 package udp

 import (
+	"errors"
 	"sort"

 	"git.difuse.io/Difuse/Mellaris/analyzer"
@@ -50,7 +51,14 @@ func (s *quicStream) Feed(rev bool, data []byte) (u *analyzer.PropUpdate, done b
 	const minDataSize = 41

 	frs, err := quic.ReadCryptoFrames(data)
-	if err != nil || len(frs) == 0 {
+	if err != nil {
+		if errors.Is(err, quic.ErrNotInitialPacket) {
+			return nil, false
+		}
+		s.invalidCount++
+		return nil, s.invalidCount >= quicInvalidCountThreshold
+	}
+	if len(frs) == 0 {
 		s.invalidCount++
 		return nil, s.invalidCount >= quicInvalidCountThreshold
 	}
@@ -64,8 +72,8 @@ func (s *quicStream) Feed(rev bool, data []byte) (u *analyzer.PropUpdate, done b
 	}

 	if pl[0] != internal.TypeClientHello {
-		s.invalidCount++
-		return nil, s.invalidCount >= quicInvalidCountThreshold
+		// Not a ClientHello (e.g. server-direction CRYPTO); ignore.
+		return nil, false
 	}

 	chLen := int(pl[1])<<16 | int(pl[2])<<8 | int(pl[3])