Skip to content

next/743/70x/20250224/v1#12663

Merged
victorjulien merged 6 commits intoOISF:main-7.0.xfrom
victorjulien:next/743/70x/20250224/v1
Feb 25, 2025
Merged

next/743/70x/20250224/v1#12663
victorjulien merged 6 commits intoOISF:main-7.0.xfrom
victorjulien:next/743/70x/20250224/v1

Conversation

@victorjulien
Copy link
Member

@victorjulien victorjulien commented Feb 24, 2025

@catenacyber
quic: move all_consuming check to callee
26a1d02 
Will alow to have decode_frames accept one additional parameter
with past fragment data

(cherry picked from commit ee04d66)
@catenacyber
quic: parse ack frame number 3
ce90ff1 
cf rfc9000 section 19.3. ACK Frames

Ticket: 7556
(cherry picked from commit 68adc87)
@catenacyber
quic: handle fragmented hello over multiple packets
31d57ef 
Ticket: 7556

To do so, we need to add 2 buffers (one for each direction)
to the QuicState structure, so that on parsing the second packet
with hello/crypto fragment, we still have the data of the first
hello/crypto fragment.

Use a hardcoded limit so that these buffers cannot grow indefinitely
and set an event when reaching the limit

(cherry picked from commit f295cc0)
@catenacyber
quic: handle retry packets
ac6dcd6 
Ticket: 7556
(cherry picked from commit 6d8910d)
@catenacyber
quic: decrypt only initial packets
530f1a4 
Ticket: 7556

Avoids failed_decrypt events when the first packet seen is not
a Quic Initial packet

(cherry picked from commit d61f36c)
@catenacyber
quic: discard late retry packets
05bf4a8 
Ticket: 7556

See RFC 9000 section 17.2.5.2 :
After the client has received and processed an Initial
or Retry packet from the server,
it MUST discard any subsequent Retry packets that it receives.

(cherry picked from commit 726de55)
@victorjulien victorjulien requested review from a team and catenacyber as code owners February 24, 2025 16:51
jasonish
jasonish approved these changes Feb 24, 2025
View reviewed changes
Copy link
Member

@jasonish jasonish left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Staging looks OK.

@victorjulien
Copy link
Member Author

victorjulien commented Feb 24, 2025

@ct0br0 this will require a baseline update. Can you prepare that?

@victorjulien victorjulien added the needs baseline update QA will need a new base line label Feb 24, 2025
@suricata-qa
Copy link

suricata-qa commented Feb 24, 2025

WARNING:

field baseline test %
SURI_TLPW1_stats_chk
.app_layer.tx.quic 995 1030 103.52%
.app_layer.error.quic.parser 35 0 -

Pipeline 24876

@victorjulien victorjulien merged commit 05bf4a8 into OISF:main-7.0.x Feb 25, 2025
88 checks passed
@victorjulien victorjulien mentioned this pull request Feb 25, 2025
Merged
@victorjulien victorjulien deleted the next/743/70x/20250224/v1 branch February 25, 2025 06:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jasonish jasonish jasonish approved these changes

@catenacyber catenacyber Awaiting requested review from catenacyber catenacyber is a code owner

Assignees

No one assigned

Labels

needs baseline update QA will need a new base line

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@victorjulien @suricata-qa @jasonish @catenacyber