ipfixprobe - introduce process QUIC plugin

Author: Pavel Siska

src/plugins/process/CMakeLists.txt

@@ -18,6 +18,7 @@ add_subdirectory(dnssd)
 add_subdirectory(netbios)
 add_subdirectory(passiveDns)
 add_subdirectory(smtp)
+add_subdirectory(quic)
 
 if (ENABLE_PROCESS_EXPERIMENTAL)
 	add_subdirectory(sip)

src/plugins/process/quic/CMakeLists.txt

@@ -0,0 +1,28 @@
+project(ipfixprobe-process-quic VERSION 1.0.0 DESCRIPTION "ipfixprobe-process-quic plugin")
+
+add_library(ipfixprobe-process-quic MODULE
+    src/quic.cpp
+    src/quic.hpp
+	src/quic_parser.cpp
+    src/quic_parser.hpp
+)
+
+set_target_properties(ipfixprobe-process-quic PROPERTIES
+	CXX_VISIBILITY_PRESET hidden
+	VISIBILITY_INLINES_HIDDEN YES
+)
+
+target_include_directories(ipfixprobe-process-quic PRIVATE
+	${CMAKE_SOURCE_DIR}/include/
+	${CMAKE_SOURCE_DIR}/src/plugins/process/common
+)
+
+target_link_libraries(ipfixprobe-process-quic PRIVATE 
+	crypto # TODO
+	ipfixprobe-process-tls-parser
+)
+
+install(
+    TARGETS ipfixprobe-process-quic
+    LIBRARY DESTINATION "${INSTALL_DIR_LIB}/ipfixprobe/process/"
+)

src/plugins/process/quic/README.md

@@ -1,41 +1,50 @@
-/* SPDX-License-Identifier: BSD-3-Clause
- * Copyright (C) 2021-2022, CESNET z.s.p.o.
- */
-
 /**
- * \file quic.cpp
- * \brief Plugin for enriching flows for quic data.
- * \author Andrej Lukacovic [email protected]
- * \author Karel Hynek <[email protected]>
- * \author Jonas Mücke <[email protected]>
- * \date 2023
+ * @file
+ * @brief Plugin for parsing basicplus traffic.
+ * @author Andrej Lukacovic [email protected]
+ * @author Karel Hynek <[email protected]>
+ * @author Jonas Mücke <[email protected]>
+ * @author Pavel Siska <[email protected]>
+ *
+ * Copyright (c) 2025 CESNET
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
  */
 
+#include "quic.hpp"
+
 #ifdef WITH_NEMEA
 #include <unirec/unirec.h>
 #endif
 
-#include "quic.hpp"
+#include <ipfixprobe/pluginFactory/pluginManifest.hpp>
+#include <ipfixprobe/pluginFactory/pluginRegistrar.hpp>
 
 namespace ipxp {
-int RecordExtQUIC::REGISTERED_ID = -1;
+int RecordExtQUIC::REGISTERED_ID = ProcessPluginIDGenerator::instance().generatePluginID();
 
-__attribute__((constructor)) static void register_this_plugin()
-{
-	static PluginRecord rec = PluginRecord("quic", []() { return new QUICPlugin(); });
+static const PluginManifest quicPluginManifest = {
+	.name = "quic",
+	.description = "Quic process plugin for parsing quic traffic.",
+	.pluginVersion = "1.0.0",
+	.apiVersion = "1.0.0",
+	.usage = nullptr,
+};
 
-	register_plugin(&rec);
-	RecordExtQUIC::REGISTERED_ID = register_extension();
+QUICPlugin::QUICPlugin(const std::string& params)
+{
+	(void) params;
 }
 
-QUICPlugin::QUICPlugin() {}
-
 QUICPlugin::~QUICPlugin()
 {
 	close();
 }
 
-void QUICPlugin::init(const char* params) {}
+void QUICPlugin::init(const char* params)
+{
+	(void) params;
+}
 
 void QUICPlugin::close() {}
 
@@ -251,6 +260,9 @@ void QUICPlugin::set_client_hello_fields(
 	const Packet& pkt,
 	bool new_quic_flow)
 {
+	(void) rec;
+	(void) pkt;
+
 	process_quic->quic_get_token_length(quic_data->quic_token_length);
 	char dcid[MAX_CID_LEN] = {0};
 	uint8_t dcid_len = 0;
@@ -262,7 +274,7 @@ void QUICPlugin::set_client_hello_fields(
 		 != QUICParser::QUIC_CONSTANTS::QUIC_UNUSED_VARIABLE_LENGTH_INT)
 		&& (quic_data->quic_token_length > 0)
 		&& ((quic_data->retry_scid_length == dcid_len)
-			|| (!new_quic_flow) && (quic_data->retry_scid_length == dcid_len))
+			|| ((!new_quic_flow) && (quic_data->retry_scid_length == dcid_len)))
 		&& ((strncmp(quic_data->retry_scid, dcid, std::min(quic_data->retry_scid_length, dcid_len))
 			 == 0)
 			|| ((!new_quic_flow)
@@ -433,6 +445,7 @@ int QUICPlugin::process_quic(
 				pkt,
 				new_quic_flow);
 			// fallthrough to set cids
+			[[fallthrough]];
 		case QUICParser::PACKET_TYPE::HANDSHAKE:
 			// -1 sets stores intermediately.
 			set_cid_fields(quic_data, rec, &process_quic, toServer, new_quic_flow, pkt);
@@ -485,6 +498,7 @@ int QUICPlugin::process_quic(
 
 int QUICPlugin::pre_create(Packet& pkt)
 {
+	(void) pkt;
 	return 0;
 }
 
@@ -495,6 +509,8 @@ int QUICPlugin::post_create(Flow& rec, const Packet& pkt)
 
 int QUICPlugin::pre_update(Flow& rec, Packet& pkt)
 {
+	(void) rec;
+	(void) pkt;
 	return 0;
 }
 
@@ -535,4 +551,7 @@ void QUICPlugin::finish(bool print_stats)
 		std::cout << "   Parsed SNI: " << parsed_initial << std::endl;
 	}
 }
+
+static const PluginRegistrar<QUICPlugin, ProcessPluginFactory> quicRegistrar(quicPluginManifest);
+
 } // namespace ipxp

src/plugins/process/quic.cpp src/plugins/process/quic/src/quic.cppsrc/plugins/process/quic.cpp renamed to src/plugins/process/quic/src/quic.cpp

@@ -1,18 +1,17 @@
-/* SPDX-License-Identifier: BSD-3-Clause
- * Copyright (C) 2021-2022, CESNET z.s.p.o.
- */
-
 /**
- * \file quic.hpp
- * \brief Plugin for enriching flows for quic data.
- * \author Andrej Lukacovic [email protected]
- * \author Karel Hynek <[email protected]>
- * \author Jonas Mücke <[email protected]>
- * \date 2023
+ * @file
+ * @brief Plugin for parsing basicplus traffic.
+ * @author Andrej Lukacovic [email protected]
+ * @author Karel Hynek <[email protected]>
+ * @author Jonas Mücke <[email protected]>
+ * @author Pavel Siska <[email protected]>
+ *
+ * Copyright (c) 2025 CESNET
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
  */
 
-#ifndef IPXP_PROCESS_QUIC_HPP
-#define IPXP_PROCESS_QUIC_HPP
+#pragma once
 
 #ifdef WITH_NEMEA
 #include "fields.h"
@@ -364,7 +363,7 @@ struct RecordExtQUIC : public RecordExt {
  */
 class QUICPlugin : public ProcessPlugin {
 public:
-	QUICPlugin();
+	QUICPlugin(const std::string& params);
 	~QUICPlugin();
 	void init(const char* params);
 	void close();
@@ -424,5 +423,3 @@ class QUICPlugin : public ProcessPlugin {
 };
 
 } // namespace ipxp
-
-#endif /* IPXP_PROCESS_QUIC_HPP */

src/plugins/process/quic.hpp src/plugins/process/quic/src/quic.hppsrc/plugins/process/quic.hpp renamed to src/plugins/process/quic/src/quic.hpp

@@ -498,6 +498,8 @@ bool expand_label(
 	 * "... the actual length precedes the vector's contents in the byte stream ... "
 	 * */
 
+	(void) context_hash;
+
 	const unsigned int label_prefix_length = (unsigned int) strlen(label_prefix);
 	const unsigned int label_length = (unsigned int) strlen(label);
 
@@ -772,6 +774,8 @@ bool QUICParser::quic_encrypt_sample(uint8_t* plaintext)
 
 bool QUICParser::quic_decrypt_initial_header(const uint8_t* payload_pointer, uint64_t offset)
 {
+	(void) offset;
+
 	uint8_t plaintext[SAMPLE_LENGTH];
 	uint8_t mask[5] = {0};
 	uint8_t full_pkn[4] = {0};
@@ -1116,6 +1120,8 @@ bool QUICParser::quic_parse_initial_header(
 	const uint8_t* payload_end,
 	uint64_t& offset)
 {
+	(void) pkt;
+
 	token_length = quic_get_variable_length(payload_pointer, offset);
 	if (!quic_check_pointer_pos((payload_pointer + offset), payload_end)) {
 		return false;
@@ -1211,6 +1217,8 @@ bool QUICParser::quic_parse_header(
 	uint8_t* payload_pointer,
 	uint8_t* payload_end)
 {
+	(void) pkt;
+
 	if (!quic_check_pointer_pos((payload_pointer + offset), payload_end)) {
 		return false;
 	}
@@ -1276,6 +1284,9 @@ bool QUICParser::quic_parse_header(
 
 bool QUICParser::quic_parse_headers(const Packet& pkt, bool forceInitialParsing)
 {
+	(void) pkt;
+	(void) forceInitialParsing;
+
 	uint8_t* pkt_payload_pointer = (uint8_t*) pkt.payload;
 	uint8_t* payload_pointer = pkt_payload_pointer;
 	uint64_t offset = 0;

src/plugins/process/quic_parser.cpp …plugins/process/quic/src/quic_parser.cppsrc/plugins/process/quic_parser.cpp renamed to src/plugins/process/quic/src/quic_parser.cpp src/plugins/process/quic_parser.cpp renamed to src/plugins/process/quic/src/quic_parser.cpp

@@ -11,12 +11,11 @@
  * \date 2023
  */
 
-#include "tls_parser.hpp"
-
 #include <ipfixprobe/byte-utils.hpp>
-#include <ipfixprobe/process.hpp>
+#include <ipfixprobe/processPlugin.hpp>
 #include <openssl/evp.h>
 #include <openssl/kdf.h>
+#include <tlsParser/tls_parser.hpp>
 
 #define HASH_SHA2_256_LENGTH 32
 #define TLS13_AEAD_NONCE_LENGTH 12