Skip to content

Quic crypto reassembly 7556 backport7#12661

Merged
victorjulien merged 6 commits intoOISF:main-7.0.xfrom
catenacyber:quic-crypto-reassembly-7556-backport7
Feb 25, 2025
Merged

Quic crypto reassembly 7556 backport7#12661
victorjulien merged 6 commits intoOISF:main-7.0.xfrom
catenacyber:quic-crypto-reassembly-7556-backport7

Conversation

@catenacyber
Copy link
Contributor

@catenacyber catenacyber commented Feb 23, 2025

@catenacyber
quic: move all_consuming check to callee
26a1d02 
Will alow to have decode_frames accept one additional parameter
with past fragment data

(cherry picked from commit ee04d66)
@catenacyber
quic: parse ack frame number 3
ce90ff1 
cf rfc9000 section 19.3. ACK Frames

Ticket: 7556
(cherry picked from commit 68adc87)
@catenacyber
quic: handle fragmented hello over multiple packets
31d57ef 
Ticket: 7556

To do so, we need to add 2 buffers (one for each direction)
to the QuicState structure, so that on parsing the second packet
with hello/crypto fragment, we still have the data of the first
hello/crypto fragment.

Use a hardcoded limit so that these buffers cannot grow indefinitely
and set an event when reaching the limit

(cherry picked from commit f295cc0)
@catenacyber
quic: handle retry packets
ac6dcd6 
Ticket: 7556
(cherry picked from commit 6d8910d)
@catenacyber
quic: decrypt only initial packets
530f1a4 
Ticket: 7556

Avoids failed_decrypt events when the first packet seen is not
a Quic Initial packet

(cherry picked from commit d61f36c)
@catenacyber
quic: discard late retry packets
05bf4a8 
Ticket: 7556

See RFC 9000 section 17.2.5.2 :
After the client has received and processed an Initial
or Retry packet from the server,
it MUST discard any subsequent Retry packets that it receives.

(cherry picked from commit 726de55)
@catenacyber catenacyber requested a review from a team as a code owner February 23, 2025 20:30
@codecov
Copy link

codecov bot commented Feb 23, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 83.30%. Comparing base (13a76e0) to head (05bf4a8).
Report is 6 commits behind head on main-7.0.x.

Additional details and impacted files 
@@              Coverage Diff               @@
##           main-7.0.x   #12661      +/-   ##
==============================================
+ Coverage       83.28%   83.30%   +0.01%     
==============================================
  Files             922      922              
  Lines          261083   261171      +88     
==============================================
+ Hits           217437   217556     +119     
+ Misses          43646    43615      -31
Flag Coverage Δ
fuzzcorpus 64.34% <92.92%> (+0.03%) ⬆️
suricata-verify 63.54% <90.26%> (+0.04%) ⬆️
unittests 62.36% <29.56%> (-0.02%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

@suricata-qa
Copy link

suricata-qa commented Feb 24, 2025

WARNING:

field baseline test %
SURI_TLPW1_stats_chk
.app_layer.tx.quic 995 1030 103.52%
.app_layer.error.quic.parser 35 0 -

Pipeline 24871

@victorjulien victorjulien mentioned this pull request Feb 24, 2025
Merged
@victorjulien victorjulien merged commit 05bf4a8 into OISF:main-7.0.x Feb 25, 2025
88 checks passed
@victorjulien
Copy link
Member

victorjulien commented Feb 25, 2025

Merged in #12663, thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@victorjulien victorjulien victorjulien approved these changes

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@catenacyber @suricata-qa @victorjulien