Difuse/Mellaris
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

analyzer: make http3/quic handling more reliable

Browse Source
This commit is contained in:
hayzam
2026-02-11 16:11:12 +05:30
parent fc38d0fa9d
commit 5fda34a476
2 changed files with 114 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

93
analyzer/udp/internal/quic/payload.go
View File

@@ -12,6 +12,16 @@ import (
"golang.org/x/crypto/hkdf" "golang.org/x/crypto/hkdf"
) )
var defaultPNMaxGuesses = []int64{
0, 1, 2, 3, 4, 8, 16, 32, 64, 128, 256, 512, 1024, 2048, 4096,
}
type ReadCryptoFramesOptions struct {
AdditionalConnectionIDs [][]byte
TryServerSecret bool
PacketNumberMaxGuesses []int64
}
func ReadCryptoPayload(packet []byte) ([]byte, error) { func ReadCryptoPayload(packet []byte) ([]byte, error) {
frs, err := ReadCryptoFrames(packet) frs, err := ReadCryptoFrames(packet)
if err != nil { if err != nil {
@@ -26,6 +36,11 @@ func ReadCryptoPayload(packet []byte) ([]byte, error) {
// ReadCryptoFrames decrypts a QUIC Initial client packet and returns CRYPTO frames. // ReadCryptoFrames decrypts a QUIC Initial client packet and returns CRYPTO frames.
func ReadCryptoFrames(packet []byte) ([]CryptoFrame, error) { func ReadCryptoFrames(packet []byte) ([]CryptoFrame, error) {
return ReadCryptoFramesWithOptions(packet, nil)
}
// ReadCryptoFramesWithOptions decrypts a QUIC Initial packet and returns CRYPTO frames.
func ReadCryptoFramesWithOptions(packet []byte, opts *ReadCryptoFramesOptions) ([]CryptoFrame, error) {
hdr, offset, err := ParseInitialHeader(packet) hdr, offset, err := ParseInitialHeader(packet)
if err != nil { if err != nil {
return nil, err return nil, err
@@ -38,13 +53,6 @@ func ReadCryptoFrames(packet []byte) ([]CryptoFrame, error) {
return nil, errors.New("invalid packet") return nil, errors.New("invalid packet")
} }
initialSecret := hkdf.Extract(crypto.SHA256.New, hdr.DestConnectionID, getSalt(hdr.Version))
clientSecret := hkdfExpandLabel(crypto.SHA256.New, initialSecret, "client in", []byte{}, crypto.SHA256.Size())
key, err := NewInitialProtectionKey(clientSecret, hdr.Version)
if err != nil {
return nil, fmt.Errorf("NewInitialProtectionKey: %w", err)
}
pp := NewPacketProtector(key)
// https://datatracker.ietf.org/doc/html/draft-ietf-quic-tls-32#name-client-initial // https://datatracker.ietf.org/doc/html/draft-ietf-quic-tls-32#name-client-initial
// //
// "The unprotected header includes the connection ID and a 4-byte packet number encoding for a packet number of 2" // "The unprotected header includes the connection ID and a 4-byte packet number encoding for a packet number of 2"
@@ -52,21 +60,49 @@ func ReadCryptoFrames(packet []byte) ([]CryptoFrame, error) {
return nil, fmt.Errorf("packet is too short: %d < %d", len(packet), offset+hdr.Length) return nil, fmt.Errorf("packet is too short: %d < %d", len(packet), offset+hdr.Length)
} }
packetView := packet[:offset+hdr.Length] packetView := packet[:offset+hdr.Length]
pnMaxGuesses := []int64{0, 1, 2, 3, 4, 8, 16}
candidateConnIDs := [][]byte{hdr.DestConnectionID}
if opts != nil {
candidateConnIDs = append(candidateConnIDs, opts.AdditionalConnectionIDs...)
}
candidateConnIDs = uniqueNonEmptyConnectionIDs(candidateConnIDs)
pnMaxGuesses := defaultPNMaxGuesses
if opts != nil && len(opts.PacketNumberMaxGuesses) > 0 {
pnMaxGuesses = opts.PacketNumberMaxGuesses
}
labels := []string{"client in"}
if opts != nil && opts.TryServerSecret {
labels = append(labels, "server in")
}
var lastErr error var lastErr error
for _, pnMax := range pnMaxGuesses { for _, connID := range candidateConnIDs {
packetCopy := append([]byte(nil), packetView...) initialSecret := hkdf.Extract(crypto.SHA256.New, connID, getSalt(hdr.Version))
unProtectedPayload, err := pp.UnProtect(packetCopy, offset, pnMax) for _, label := range labels {
if err != nil { secret := hkdfExpandLabel(crypto.SHA256.New, initialSecret, label, []byte{}, crypto.SHA256.Size())
lastErr = err key, err := NewInitialProtectionKey(secret, hdr.Version)
continue if err != nil {
lastErr = fmt.Errorf("NewInitialProtectionKey: %w", err)
continue
}
pp := NewPacketProtector(key)
for _, pnMax := range pnMaxGuesses {
packetCopy := append([]byte(nil), packetView...)
unProtectedPayload, err := pp.UnProtect(packetCopy, offset, pnMax)
if err != nil {
lastErr = err
continue
}
frs, err := extractCryptoFrames(bytes.NewReader(unProtectedPayload))
if err != nil {
lastErr = err
continue
}
return frs, nil
}
} }
frs, err := extractCryptoFrames(bytes.NewReader(unProtectedPayload))
if err != nil {
lastErr = err
continue
}
return frs, nil
} }
if lastErr != nil { if lastErr != nil {
return nil, lastErr return nil, lastErr
@@ -301,6 +337,23 @@ func skipN(r *bytes.Reader, n uint64) error {
return err return err
} }
func uniqueNonEmptyConnectionIDs(ids [][]byte) [][]byte {
out := make([][]byte, 0, len(ids))
seen := make(map[string]struct{}, len(ids))
for _, id := range ids {
if len(id) == 0 {
continue
}
k := string(id)
if _, ok := seen[k]; ok {
continue
}
seen[k] = struct{}{}
out = append(out, append([]byte(nil), id...))
}
return out
}
// assembleCryptoFrames assembles multiple crypto frames into a single slice (if possible). // assembleCryptoFrames assembles multiple crypto frames into a single slice (if possible).
// It returns an error if the frames cannot be assembled. This can happen if the frames are not contiguous. // It returns an error if the frames cannot be assembled. This can happen if the frames are not contiguous.
func assembleCryptoFrames(frames []CryptoFrame) []byte { func assembleCryptoFrames(frames []CryptoFrame) []byte {

43
analyzer/udp/quic.go
View File

@@ -1,6 +1,7 @@
package udp package udp
import ( import (
"bytes"
"errors" "errors"
"sort" "sort"
@@ -43,6 +44,7 @@ type quicStream struct {
debugCount int debugCount int
frames map[int64][]byte frames map[int64][]byte
maxEnd int64 maxEnd int64
connIDs [][]byte
} }
func (s *quicStream) Feed(rev bool, data []byte) (u *analyzer.PropUpdate, done bool) { func (s *quicStream) Feed(rev bool, data []byte) (u *analyzer.PropUpdate, done bool) {
@@ -51,13 +53,34 @@ func (s *quicStream) Feed(rev bool, data []byte) (u *analyzer.PropUpdate, done b
// + compression methods (2 bytes) + no extensions // + compression methods (2 bytes) + no extensions
const minDataSize = 41 const minDataSize = 41
frs, err := quic.ReadCryptoFrames(data) var parsedHdr *quic.Header
if hdr, _, err := quic.ParseInitialHeader(data); err == nil {
parsedHdr = hdr
s.rememberConnID(hdr.DestConnectionID)
s.rememberConnID(hdr.SrcConnectionID)
}
frs, err := quic.ReadCryptoFramesWithOptions(data, &quic.ReadCryptoFramesOptions{
AdditionalConnectionIDs: s.connIDs,
TryServerSecret: true,
})
if err != nil { if err != nil {
if errors.Is(err, quic.ErrNotInitialPacket) { if errors.Is(err, quic.ErrNotInitialPacket) {
return nil, false return nil, false
} }
if s.debugCount < 4 { if s.debugCount < 4 {
s.logger.Debugf("failed to read QUIC CRYPTO frames: %v", err) if parsedHdr != nil {
s.logger.Debugf(
"failed to read QUIC CRYPTO frames: version=%x dcid_len=%d scid_len=%d token_len=%d conn_id_hints=%d err=%v",
parsedHdr.Version,
len(parsedHdr.DestConnectionID),
len(parsedHdr.SrcConnectionID),
len(parsedHdr.Token),
len(s.connIDs),
err,
)
} else {
s.logger.Debugf("failed to read QUIC CRYPTO frames: %v", err)
}
s.debugCount++ s.debugCount++
} }
s.invalidCount++ s.invalidCount++
@@ -164,3 +187,19 @@ func (s *quicStream) contiguousPayloadFromZero() []byte {
} }
return out return out
} }
func (s *quicStream) rememberConnID(cid []byte) {
if len(cid) == 0 {
return
}
for _, existing := range s.connIDs {
if bytes.Equal(existing, cid) {
return
}
}
// Keep this bounded; QUIC CID rotations are small for handshake parsing.
if len(s.connIDs) >= 8 {
s.connIDs = s.connIDs[1:]
}
s.connIDs = append(s.connIDs, append([]byte(nil), cid...))
}