QUIC sniffer: handle multiple initial packets (#3802)

* QUIC sniffer: handle multiple initial packets Basically copied from Vigilans/v2ray-core@8f33db0 Co-Authored-By: Vigilans <vigilans@foxmail.com> * Remove unnecessary file --------- Co-authored-by: Vigilans <vigilans@foxmail.com>
2024-09-21 09:26:23 +00:00 · 2024-09-14 01:32:43 +08:00 · 2024-09-14 01:32:43 +08:00 · 781aaee21f
commit 781aaee21f
parent 7970f240de
3 changed files with 217 additions and 178 deletions
--- a/app/dispatcher/default.go
+++ b/app/dispatcher/default.go
@ -41,8 +41,14 @@ func (r *cachedReader) Cache(b *buf.Buffer) {
 	if !mb.IsEmpty() {
 		r.cache, _ = buf.MergeMulti(r.cache, mb)
 	}
+	cacheLen := r.cache.Len()
+	if cacheLen <= b.Cap() {
 		b.Clear()
-	rawBytes := b.Extend(buf.Size)
+	} else {
+		b.Release()
+		*b = *buf.NewWithSize(cacheLen)
+	}
+	rawBytes := b.Extend(cacheLen)
 	n := r.cache.Copy(rawBytes)
 	b.Resize(0, int32(n))
 	r.Unlock()
--- a/common/buf/buffer.go
+++ b/common/buf/buffer.go
@ -207,6 +207,21 @@ func (b *Buffer) Len() int32 {
 	return b.end - b.start
 }

+// Cap returns the capacity of the buffer content.
+func (b *Buffer) Cap() int32 {
+	if b == nil {
+		return 0
+	}
+	return int32(len(b.v))
+}
+
+// NewWithSize creates a Buffer with 0 length and capacity with at least the given size.
+func NewWithSize(size int32) *Buffer {
+	return &Buffer{
+		v:         bytespool.Alloc(size),
+	}
+}
+
 // IsEmpty returns true if the buffer is empty.
 func (b *Buffer) IsEmpty() bool {
 	return b.Len() == 0
--- a/common/protocol/quic/sniff.go
+++ b/common/protocol/quic/sniff.go
@ -47,11 +47,19 @@ var (
 )

 func SniffQUIC(b []byte) (*SniffHeader, error) {
+	// Crypto data separated across packets
+	cryptoLen := 0
+	cryptoData := bytespool.Alloc(int32(len(b)))
+	defer bytespool.Free(cryptoData)
+
+	// Parse QUIC packets
+	for len(b) > 0 {
 		buffer := buf.FromBytes(b)
 		typeByte, err := buffer.ReadByte()
 		if err != nil {
 			return nil, errNotQuic
 		}
+
 		isLongHeader := typeByte&0x80 > 0
 		if !isLongHeader || typeByte&0x40 == 0 {
 			return nil, errNotQuicInitial
@ -63,16 +71,14 @@ func SniffQUIC(b []byte) (*SniffHeader, error) {
 		}

 		versionNumber := binary.BigEndian.Uint32(vb)
-
 		if versionNumber != 0 && typeByte&0x40 == 0 {
 			return nil, errNotQuic
 		} else if versionNumber != versionDraft29 && versionNumber != version1 {
 			return nil, errNotQuic
 		}

-	if (typeByte&0x30)>>4 != 0x0 {
-		return nil, errNotQuicInitial
-	}
+		packetType := (typeByte & 0x30) >> 4
+		isQuicInitial := packetType == 0x0

 		var destConnID []byte
 		if l, err := buffer.ReadByte(); err != nil {
@ -102,6 +108,15 @@ func SniffQUIC(b []byte) (*SniffHeader, error) {
 		}

 		hdrLen := len(b) - int(buffer.Len())
+		if len(b) < hdrLen+int(packetLen) {
+			return nil, common.ErrNoClue // Not enough data to read as a QUIC packet. QUIC is UDP-based, so this is unlikely to happen.
+		}
+
+		restPayload := b[hdrLen+int(packetLen):]
+		if !isQuicInitial { // Skip this packet if it's not initial packet
+			b = restPayload
+			continue
+		}

 		origPNBytes := make([]byte, 4)
 		copy(origPNBytes, b[hdrLen:hdrLen+4])
@ -142,10 +157,6 @@ func SniffQUIC(b []byte) (*SniffHeader, error) {
 			packetNumber = uint32(n)
 		}

-	if packetNumber != 0 && packetNumber != 1 {
-		return nil, errNotQuicInitial
-	}
-
 		extHdrLen := hdrLen + int(packetNumberLength)
 		copy(b[extHdrLen:hdrLen+4], origPNBytes[packetNumberLength:])
 		data := b[extHdrLen : int(packetLen)+hdrLen]
@ -160,10 +171,6 @@ func SniffQUIC(b []byte) (*SniffHeader, error) {
 			return nil, err
 		}
 		buffer = buf.FromBytes(decrypted)
-
-	cryptoLen := uint(0)
-	cryptoData := bytespool.Alloc(buffer.Len())
-	defer bytespool.Free(cryptoData)
 		for i := 0; !buffer.IsEmpty(); i++ {
 			frameType := byte(0x0) // Default to PADDING frame
 			for frameType == 0x0 && !buffer.IsEmpty() {
@ -214,8 +221,14 @@ func SniffQUIC(b []byte) (*SniffHeader, error) {
 				if err != nil || length > uint64(buffer.Len()) {
 					return nil, io.ErrUnexpectedEOF
 				}
-			if cryptoLen < uint(offset+length) {
-				cryptoLen = uint(offset + length)
+				if cryptoLen < int(offset+length) {
+					cryptoLen = int(offset + length)
+					if len(cryptoData) < cryptoLen {
+						newCryptoData := bytespool.Alloc(int32(cryptoLen))
+						copy(newCryptoData, cryptoData)
+						bytespool.Free(cryptoData)
+						cryptoData = newCryptoData
+					}
 				}
 				if _, err := buffer.Read(cryptoData[offset : offset+length]); err != nil { // Field: Crypto Data
 					return nil, io.ErrUnexpectedEOF
@ -244,9 +257,14 @@ func SniffQUIC(b []byte) (*SniffHeader, error) {
 		tlsHdr := &ptls.SniffHeader{}
 		err = ptls.ReadClientHello(cryptoData[:cryptoLen], tlsHdr)
 		if err != nil {
-		return nil, err
+			// The crypto data may have not been fully recovered in current packets,
+			// So we continue to sniff rest packets.
+			b = restPayload
+			continue
 		}
 		return &SniffHeader{domain: tlsHdr.Domain()}, nil
+	}
+	return nil, common.ErrNoClue
 }

 func hkdfExpandLabel(hash crypto.Hash, secret, context []byte, label string, length int) []byte {