Skip to content

Commit 808ad8c

Browse files
lukacanPavel Siska
lukacan
authored and
Pavel Siska
committed
QUIC: remove unused vars, copy raw quic data into buffer
1 parent 4fc5ff6 commit 808ad8c

File tree

2 files changed

+46
-30
lines changed

2 files changed

+46
-30
lines changed

process/quic.cpp

Lines changed: 38 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -932,44 +932,41 @@ bool QUICPlugin::quic_assemble()
932932
// https://www.rfc-editor.org/rfc/rfc9000.html#name-ack-frames
933933
//skip type
934934
offset++;
935-
uint64_t quic_largest_acknowledged = quic_get_variable_length(decrypted_payload,offset);
936-
uint64_t quic_ack_delay = quic_get_variable_length(decrypted_payload,offset);
935+
quic_get_variable_length(decrypted_payload,offset);
936+
quic_get_variable_length(decrypted_payload,offset);
937937
uint64_t quic_ack_range_count = quic_get_variable_length(decrypted_payload,offset);
938-
uint64_t quic_first_ack_range = quic_get_variable_length(decrypted_payload,offset);
938+
quic_get_variable_length(decrypted_payload,offset);
939939

940940

941-
uint64_t quic_gap;
942-
uint64_t quic_ack_range_length;
941+
943942

944943
for (uint x = 0 ; x < quic_ack_range_count;x++)
945944
{
946-
quic_gap = quic_get_variable_length(decrypted_payload,offset);
947-
quic_ack_range_length = quic_get_variable_length(decrypted_payload,offset);
945+
quic_get_variable_length(decrypted_payload,offset);
946+
quic_get_variable_length(decrypted_payload,offset);
948947
}
949948

950949
} else if (*(decrypted_payload + offset) == ACK2)
951950
{
952951
// https://www.rfc-editor.org/rfc/rfc9000.html#name-ack-frames
953952
//skip type
954953
offset++;
955-
uint64_t quic_largest_acknowledged = quic_get_variable_length(decrypted_payload,offset);
956-
uint64_t quic_ack_delay = quic_get_variable_length(decrypted_payload,offset);
954+
quic_get_variable_length(decrypted_payload,offset);
955+
quic_get_variable_length(decrypted_payload,offset);
957956
uint64_t quic_ack_range_count = quic_get_variable_length(decrypted_payload,offset);
958-
uint64_t quic_first_ack_range = quic_get_variable_length(decrypted_payload,offset);
957+
quic_get_variable_length(decrypted_payload,offset);
959958

960959

961-
uint64_t quic_gap;
962-
uint64_t quic_ack_range_length;
963960

964961
for (uint x = 0 ; x < quic_ack_range_count;x++)
965962
{
966-
quic_gap = quic_get_variable_length(decrypted_payload,offset);
967-
quic_ack_range_length = quic_get_variable_length(decrypted_payload,offset);
963+
quic_get_variable_length(decrypted_payload,offset);
964+
quic_get_variable_length(decrypted_payload,offset);
968965
}
969966

970-
uint64_t ect0 = quic_get_variable_length(decrypted_payload,offset);
971-
uint64_t ect1 = quic_get_variable_length(decrypted_payload,offset);
972-
uint64_t ecn_ce = quic_get_variable_length(decrypted_payload,offset);
967+
quic_get_variable_length(decrypted_payload,offset);
968+
quic_get_variable_length(decrypted_payload,offset);
969+
quic_get_variable_length(decrypted_payload,offset);
973970

974971

975972
} else if (*(decrypted_payload + offset) == CONNECTION_CLOSE1)
@@ -978,8 +975,8 @@ bool QUICPlugin::quic_assemble()
978975
//skip type
979976
offset++;
980977

981-
uint64_t error_code = quic_get_variable_length(decrypted_payload,offset);
982-
uint64_t frame_type = quic_get_variable_length(decrypted_payload,offset);
978+
quic_get_variable_length(decrypted_payload,offset);
979+
quic_get_variable_length(decrypted_payload,offset);
983980
uint64_t reason_phrase_length = quic_get_variable_length(decrypted_payload,offset);
984981
offset+= reason_phrase_length;
985982

@@ -988,7 +985,7 @@ bool QUICPlugin::quic_assemble()
988985
// https://www.rfc-editor.org/rfc/rfc9000.html#name-connection_close-frames
989986
//skip type
990987
offset++;
991-
uint64_t error_code = quic_get_variable_length(decrypted_payload,offset);
988+
quic_get_variable_length(decrypted_payload,offset);
992989
uint64_t reason_phrase_length = quic_get_variable_length(decrypted_payload,offset);
993990
offset+= reason_phrase_length;
994991

@@ -1109,24 +1106,30 @@ return true;
11091106
}
11101107
bool QUICPlugin::quic_parse_data(const Packet &pkt,RecordExtQUIC * rec)
11111108
{
1109+
1110+
if(pkt.payload_len > CURRENT_BUFFER_SIZE)
1111+
{
1112+
DEBUG_MSG("Error, payload length bigger than buffer size\n");
1113+
return false;
1114+
}
1115+
1116+
1117+
memcpy(tmp_packet_mem,pkt.payload,sizeof(uint8_t) * pkt.payload_len);
1118+
uint8_t *tmp_pointer = tmp_packet_mem;
11121119

1113-
1114-
uint8_t *tmp_pointer = (uint8_t *) pkt.payload;
11151120
uint64_t offset = 0;
1116-
const uint8_t *payload_end = (uint8_t *) pkt.payload + pkt.payload_len;
1121+
const uint8_t *payload_end = (uint8_t *) tmp_packet_mem + pkt.payload_len;
11171122

11181123

11191124

11201125
// set header pointer to the start of header
1121-
header = (uint8_t *) (tmp_pointer + offset); // set header pointer
1122-
1126+
header = tmp_packet_mem;
11231127

11241128

11251129

11261130
// pointer to the first byte, version and dcid length
11271131
quic_h1 = (quic_header1 *) (tmp_pointer + offset);
11281132

1129-
11301133
if (!handle_version(rec))
11311134
{
11321135
return false;
@@ -1207,6 +1210,7 @@ bool QUICPlugin::quic_parse_data(const Packet &pkt,RecordExtQUIC * rec)
12071210
// read payload, we do not know packet number length, so payload will be adjusted later (after de-obfuscating header)
12081211
payload = (tmp_pointer + offset);
12091212

1213+
12101214

12111215
// read sample, sample is always assuming that packet number has length 4 bytes, so we do not need to know exact pkn length for reading sample.
12121216
offset += sizeof(uint8_t) * 4;
@@ -1249,8 +1253,13 @@ bool QUICPlugin::quic_check_initial(uint8_t packet0)
12491253
bool QUICPlugin::process_quic(RecordExtQUIC *quic_data, const Packet &pkt)
12501254
{
12511255

1252-
memset(decrypted_payload,0,1500);
1253-
memset(assembled_payload,0,1500);
1256+
1257+
// buffer for decrypted payload
1258+
memset(decrypted_payload,0,CURRENT_BUFFER_SIZE);
1259+
//buffer for reassembled payload
1260+
memset(assembled_payload,0,CURRENT_BUFFER_SIZE);
1261+
// buffer for raw data (quic content copied here)
1262+
memset(tmp_packet_mem,0,CURRENT_BUFFER_SIZE);
12541263

12551264
// check if packet contains LONG HEADER and is of type INITIAL
12561265
if (pkt.ip_proto != 17 || !quic_check_initial(pkt.payload[0])) {
@@ -1261,6 +1270,7 @@ bool QUICPlugin::process_quic(RecordExtQUIC *quic_data, const Packet &pkt)
12611270
// check port a.k.a direction, Server side does not contain ClientHello packets so neither SNI, but implemented for future expansion
12621271
if (pkt.dst_port == 443) {
12631272
if (!quic_parse_data(pkt,quic_data)) {
1273+
DEBUG_MSG("Error, parsing failed\n");
12641274
return false;
12651275
}
12661276
if (!quic_create_initial_secrets(CommSide::CLIENT_IN)) {

process/quic.hpp

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -97,6 +97,9 @@ UR_FIELDS(
9797
#define quic_serverIn_hkdf sizeof("tls13 server in") + sizeof(uint16_t) + sizeof(uint8_t) + sizeof(uint8_t)
9898

9999

100+
#define CURRENT_BUFFER_SIZE 1500
101+
102+
100103
// Frame types which can occure in Initial packets
101104
// https://www.rfc-editor.org/rfc/rfc9000.html#name-frame-types
102105
#define CRYPTO 0x06
@@ -296,8 +299,11 @@ class QUICPlugin : public ProcessPlugin
296299
uint8_t *sample;
297300

298301
// final decrypted payload
299-
uint8_t decrypted_payload[1500];
300-
uint8_t assembled_payload[1500];
302+
uint8_t decrypted_payload[CURRENT_BUFFER_SIZE];
303+
uint8_t assembled_payload[CURRENT_BUFFER_SIZE];
304+
305+
306+
uint8_t tmp_packet_mem[CURRENT_BUFFER_SIZE];
301307
uint8_t *final_payload;
302308

303309

0 commit comments

Comments
 (0)