(feat/webrtc-sniffer): implement dtls parser

vlad9486 · vlad9486 · commit db7206cd456a · 2025-02-20T13:34:56.000+01:00
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/tools/webrtc-sniffer/Cargo.toml b/tools/webrtc-sniffer/Cargo.toml
@@ -13,5 +13,6 @@ sudo = { version = "0.6.0" }
 hex = { version = "0.4.3" }
 etherparse = { version = "0.17.0" }
 thiserror = { version = "2.0" }
+nom = { version = "8.0.0" }
 
 p2p = { path = "../../p2p" }
diff --git a/tools/webrtc-sniffer/src/dtls/header.rs b/tools/webrtc-sniffer/src/dtls/header.rs
@@ -0,0 +1,109 @@
+use std::fmt;
+
+use nom::{
+    bytes::complete::take,
+    error::{Error, ErrorKind},
+    number::complete::{be_u16, be_u8},
+    Err, IResult,
+};
+
+#[repr(u8)]
+#[derive(Clone, Copy, Debug, PartialEq, Eq)]
+pub enum ContentType {
+    ChangeCipherSpec = 20,
+    Alert = 21,
+    Handshake = 22,
+    ApplicationData = 23,
+}
+
+impl ContentType {
+    pub fn from_u8(value: u8) -> Option<Self> {
+        match value {
+            20 => Some(ContentType::ChangeCipherSpec),
+            21 => Some(ContentType::Alert),
+            22 => Some(ContentType::Handshake),
+            23 => Some(ContentType::ApplicationData),
+            _ => None,
+        }
+    }
+}
+
+#[derive(Clone, Copy, Debug, PartialEq, Eq)]
+pub struct Chunk<'a> {
+    pub ty: ContentType,
+    pub epoch: u16,
+    pub sequence_number: u64,
+    pub length: u16,
+    pub body: &'a [u8],
+}
+
+impl fmt::Display for Chunk<'_> {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        let Chunk {
+            ty,
+            epoch,
+            sequence_number: seq,
+            length,
+            ..
+        } = self;
+        write!(f, "{ty:?}, epoch={epoch}, seq={seq:012x}, len={length}")
+    }
+}
+
+impl<'a> Chunk<'a> {
+    pub fn parse(input: &'a [u8]) -> IResult<&'a [u8], Self> {
+        let (input, ty_byte) = be_u8(input)?;
+        let ty = ContentType::from_u8(ty_byte)
+            .ok_or_else(|| Err::Error(Error::new(input, ErrorKind::Alt)))?;
+
+        let (input, legacy_record_version) = be_u16(input)?;
+        if legacy_record_version != 0xFEFD {
+            return Err(Err::Error(Error::new(input, ErrorKind::Alt)));
+        }
+
+        let (input, epoch) = be_u16(input)?;
+        let (input, sequence_number_bytes) = take(6usize)(input)?;
+        let sequence_number = {
+            let mut buf = [0u8; 8];
+            buf[2..].copy_from_slice(sequence_number_bytes);
+            u64::from_be_bytes(buf)
+        };
+        let (input, length) = be_u16(input)?;
+        let (input, body) = take(length as usize)(input)?;
+
+        let header = Chunk {
+            ty,
+            epoch,
+            sequence_number,
+            length,
+            body,
+        };
+
+        Ok((input, header))
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn test_parse_header() {
+        let bytes: &[u8] = &[
+            22, // ContentType::Handshake
+            0xFE, 0xFD, // legacy_record_version (0xFEFD for DTLS 1.0)
+            0x00, 0x01, // epoch
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x01, // sequence_number
+            0x00, 0x13, // length
+        ];
+
+        let result = Chunk::parse(bytes);
+        assert!(result.is_ok());
+        let (_, header) = result.unwrap();
+
+        assert_eq!(header.ty, ContentType::Handshake);
+        assert_eq!(header.epoch, 1);
+        assert_eq!(header.sequence_number, 1);
+        assert_eq!(header.length, 19);
+    }
+}
diff --git a/tools/webrtc-sniffer/src/dtls/mod.rs b/tools/webrtc-sniffer/src/dtls/mod.rs
@@ -0,0 +1,45 @@
+mod header;
+
+use nom::IResult;
+use p2p::identity::SecretKey;
+
+use super::MsgHeader;
+
+use self::header::Chunk;
+
+pub struct State {
+    secret_key: SecretKey,
+    inner: Inner,
+}
+
+enum Inner {
+    Initial,
+    RecvHello,
+}
+
+impl State {
+    pub fn new(secret_key: SecretKey) -> Self {
+        State {
+            secret_key,
+            inner: Inner::Initial,
+        }
+    }
+
+    pub fn handle<'data>(
+        &mut self,
+        hrd: MsgHeader,
+        mut data: &'data [u8],
+        incoming: bool,
+    ) -> IResult<&'data [u8], ()> {
+        let _ = incoming;
+        loop {
+            let (rest, chunk) = Chunk::parse(data)?;
+            log::info!("{hrd} {chunk}");
+            if rest.is_empty() {
+                break Ok((rest, ()));
+            } else {
+                data = rest;
+            }
+        }
+    }
+}
diff --git a/tools/webrtc-sniffer/src/lib.rs b/tools/webrtc-sniffer/src/lib.rs
@@ -1,56 +1,71 @@
 mod net;
 
+mod dtls;
+
+use std::{borrow::Cow, collections::BTreeMap, fmt, net::SocketAddr};
+
 use p2p::identity::SecretKey;
 
 use pcap::{Activated, Capture, Savefile};
 
+type State = dtls::State;
+
+#[derive(Clone, Copy)]
+pub struct MsgHeader {
+    src: SocketAddr,
+    dst: SocketAddr,
+    len: u16,
+}
+
+impl fmt::Display for MsgHeader {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        let MsgHeader { src, dst, len } = self;
+        write!(f, "{src} -> {dst} {len}")
+    }
+}
+
 pub fn run<T: Activated + ?Sized>(
     capture: Capture<T>,
     file: Option<Savefile>,
     secret_key: SecretKey,
 ) -> Result<(), net::DissectError> {
-    let _ = secret_key;
+    let mut connections = BTreeMap::<(SocketAddr, SocketAddr), State>::new();
 
+    let mut buffer = None::<Vec<u8>>;
     for item in net::UdpIter::new(capture, file) {
         let (src, dst, data) = item?;
-        log::info!("{src} -> {dst}: {} {}", data.len(), hex::encode(data));
-    }
 
-    Ok(())
-}
+        let hdr = MsgHeader {
+            src,
+            dst,
+            len: data.len() as _,
+        };
 
-pub fn handle(packet: pcap::Packet) {
-    use std::net::{IpAddr, SocketAddr};
-
-    use etherparse::{NetSlice, SlicedPacket, TransportSlice};
-
-    let eth = SlicedPacket::from_ethernet(packet.data).unwrap();
-    if let (Some(net), Some(transport)) = (eth.net, eth.transport) {
-        let (src_ip, dst_ip) = match net {
-            NetSlice::Ipv4(ip) => (
-                IpAddr::V4(ip.header().source().into()),
-                IpAddr::V4(ip.header().destination().into()),
-            ),
-            NetSlice::Ipv6(ip) => (
-                IpAddr::V6(ip.header().source().into()),
-                IpAddr::V6(ip.header().destination().into()),
-            ),
-            NetSlice::Arp(_) => return,
+        // skip STUN/TURN
+        if data[4..8].eq(b"\x21\x12\xa4\x42") {
+            continue;
+        }
+
+        let data = if let Some(mut buffer) = buffer.take() {
+            buffer.extend_from_slice(&data);
+            Cow::Owned(buffer)
+        } else {
+            Cow::Borrowed(data.as_ref())
         };
-        let (src_port, dst_port, slice) = match transport {
-            TransportSlice::Udp(udp) => (udp.source_port(), udp.destination_port(), udp.payload()),
-            _ => return,
+
+        let res = if let Some(cn) = connections.get_mut(&(src, dst)) {
+            cn.handle(hdr, &data, true)
+        } else {
+            connections
+                .entry((dst, src))
+                .or_insert_with(|| State::new(secret_key.clone()))
+                .handle(hdr, &data, false)
         };
 
-        let (src, dst, data) = (
-            SocketAddr::new(src_ip, src_port),
-            SocketAddr::new(dst_ip, dst_port),
-            slice,
-        );
-        log::info!(
-            "{src} -> {dst}: {} {}",
-            data.len(),
-            hex::encode(&data[..data.len().min(12)])
-        );
+        if let Err(nom::Err::Incomplete(_)) = res {
+            buffer = Some(data.into_owned());
+        }
     }
+
+    Ok(())
 }
