Skip to content

Commit

Permalink
improve quic classification (arkime#2592)
Browse files Browse the repository at this point in the history
  • Loading branch information
@awick
awick authored Jan 10, 2024
1 parent 9345e8f commit 6262df9
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 2 deletions.
1 change: 1 addition & 0 deletions CHANGELOG
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,7 @@ NOTICE: Create a parliament config file before upgrading (see https://arkime.com
- #2553 fix rules range matching not working always
- #2554 support fieldSet tcpflag rules
- #2576 support different dlt for pcap-over-ip
- #2592 fix sometimes not identifying quic protocol correctly
## Cont3xt
- #2121 new bulk UI and support for bulk queries
- #2271 lots of keyboard shortcut improvements
Expand Down
4 changes: 2 additions & 2 deletions capture/parsers/quic.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -403,7 +403,7 @@ LOCAL void quic_ietf_udp_classify(ArkimeSession_t *session, const uint8_t *data,
// Source
int slen = 0;
BSB_IMPORT_u08(bsb, slen);
if (slen != 0)
if (slen > 16)
return;
BSB_IMPORT_skip(bsb, slen);

Expand All @@ -413,7 +413,7 @@ LOCAL void quic_ietf_udp_classify(ArkimeSession_t *session, const uint8_t *data,

// Length
uint32_t packet_len = quic_get_number(&bsb);
if (packet_len != BSB_REMAINING(bsb)) {
if (packet_len < 100 || packet_len > BSB_REMAINING(bsb)) {
char ipStr[200];
arkime_session_pretty_string(session, ipStr, sizeof(ipStr));
LOG("Couldn't parse header packet len %u remaining %ld %s", packet_len, (long)BSB_REMAINING(bsb), ipStr);
Expand Down

0 comments on commit 6262df9

Please sign in to comment.