improve quic dissector

2026-01-05 05:19:59 -06:00 · 2025-08-06 18:28:45 +02:00
parent 52e13ee3b5
commit 2b5daa95ac
6 changed files with 1422 additions and 71 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -8,6 +8,17 @@ version = "2.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "512761e0bb2578dd7380c6baaa0f4ce03e84f95e960231d1dec8bf4d7d6e2627"

+[[package]]
+name = "aes"
+version = "0.8.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b169f7a6d4742236a0a00c541b845991d0ac43e546831af1249753ab4c3aa3a0"
+dependencies = [
+ "cfg-if",
+ "cipher",
+ "cpufeatures",
+]
+
 [[package]]
 name = "aho-corasick"
 version = "1.1.3"
@@ -194,6 +205,16 @@ dependencies = [
 "windows-link",
 ]

+[[package]]
+name = "cipher"
+version = "0.4.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "773f3b9af64447d2ce9850330c473515014aa235e6a783b02db81ff39e4a3dad"
+dependencies = [
+ "crypto-common",
+ "inout",
+]
+
 [[package]]
 name = "clap"
 version = "4.5.37"
@@ -278,6 +299,15 @@ version = "0.8.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "773648b94d0e5d620f64f280777445740e61fe701025087ec8b57f45c791888b"

+[[package]]
+name = "cpufeatures"
+version = "0.2.17"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "59ed5838eebb26a2bb2e58f6d5b5316989ae9d08bab10e0e6d103e656d1b0280"
+dependencies = [
+ "libc",
+]
+
 [[package]]
 name = "crc32fast"
 version = "1.4.2"
@@ -386,6 +416,16 @@ dependencies = [
 "winapi",
 ]

+[[package]]
+name = "crypto-common"
+version = "0.1.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3"
+dependencies = [
+ "generic-array",
+ "typenum",
+]
+
 [[package]]
 name = "darling"
 version = "0.20.11"
@@ -576,6 +616,16 @@ version = "0.1.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d9c4f5dac5e15c24eb999c26181a6ca40b39fe946cbe4c263c7209467bc83af2"

+[[package]]
+name = "generic-array"
+version = "0.14.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a"
+dependencies = [
+ "typenum",
+ "version_check",
+]
+
 [[package]]
 name = "gethostname"
 version = "0.4.3"
@@ -586,6 +636,17 @@ dependencies = [
 "windows-targets 0.48.5",
 ]

+[[package]]
+name = "getrandom"
+version = "0.2.16"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "335ff9f135e4384c8150d6f27c6daed433577f86b4750418338c01a1a2528592"
+dependencies = [
+ "cfg-if",
+ "libc",
+ "wasi",
+]
+
 [[package]]
 name = "hashbrown"
 version = "0.14.5"
@@ -670,6 +731,15 @@ version = "2.0.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f4c7245a08504955605670dbf141fceab975f15ca21570696aebe9d2e71576bd"

+[[package]]
+name = "inout"
+version = "0.1.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "879f10e63c20629ecabbb64a8010319738c66a5cd0c29b02d63d272b03751d01"
+dependencies = [
+ "generic-array",
+]
+
 [[package]]
 name = "instability"
 version = "0.3.7"
@@ -1158,6 +1228,20 @@ version = "0.8.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "2b15c43186be67a4fd63bee50d0303afffcef381492ebe2c5d87f324e1b8815c"

+[[package]]
+name = "ring"
+version = "0.17.14"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a4689e6c2294d81e88dc6261c768b63bc4fcdb852be6d1352498b114f61383b7"
+dependencies = [
+ "cc",
+ "cfg-if",
+ "getrandom",
+ "libc",
+ "untrusted",
+ "windows-sys 0.52.0",
+]
+
 [[package]]
 name = "rustix"
 version = "0.38.44"
@@ -1188,6 +1272,7 @@ dependencies = [
 name = "rustnet"
 version = "0.1.0"
 dependencies = [
+ "aes",
 "anyhow",
 "arboard",
 "chrono",
@@ -1202,6 +1287,7 @@ dependencies = [
 "pnet_datalink",
 "procfs",
 "ratatui",
+ "ring",
 "simple-logging",
 "simplelog",
 ]
@@ -1433,6 +1519,12 @@ dependencies = [
 "time-core",
 ]

+[[package]]
+name = "typenum"
+version = "1.18.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1dccffe3ce07af9386bfd29e80c0ab1a8205a2fc34e4bcd40364df902cfa8f3f"
+
 [[package]]
 name = "unicode-ident"
 version = "1.0.18"
@@ -1468,12 +1560,24 @@ version = "0.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1fc81956842c57dac11422a97c3b8195a1ff727f06e85c84ed2e8aa277c9a0fd"

+[[package]]
+name = "untrusted"
+version = "0.9.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1"
+
 [[package]]
 name = "utf8parse"
 version = "0.2.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821"

+[[package]]
+name = "version_check"
+version = "0.9.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a"
+
 [[package]]
 name = "wasi"
 version = "0.11.0+wasi-snapshot-preview1"
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -15,10 +15,12 @@ num_cpus = "1.17"
 pcap = "2.2"
 pnet_datalink = "0.35"
 clap = { version = "4.5", features = ["derive"] }
-simple-logging = "2.0.2"
+simple-logging = "2.0"
 simplelog = "0.12"
 chrono = "0.4"
-ratatui = { version = "0.29.0", features = ["all-widgets"] }
+ratatui = { version = "0.29", features = ["all-widgets"] }
+ring = "0.17"
+aes = "0.8"

 [target.'cfg(target_os = "linux")'.dependencies]
 procfs = "0.16"
--- a/src/network/dpi/quic.rs
+++ b/src/network/dpi/quic.rs
--- a/src/network/merge.rs
+++ b/src/network/merge.rs
@@ -181,6 +181,9 @@ fn merge_dpi_info(conn: &mut Connection, dpi_result: &DpiResult) {
                    if old_info.version_string.is_none() {
                        old_info.version_string = new_info.version_string.clone();
                    }
+                    if new_info.tls_info.is_some() {
+                        old_info.tls_info = new_info.tls_info.clone();
+                    }
                }
                (_, ApplicationProtocol::Quic(_)) => {
                    warn!("QUIC DPI info not found in existing connection");
--- a/src/network/types.rs
+++ b/src/network/types.rs
@@ -47,16 +47,15 @@ impl std::fmt::Display for ApplicationProtocol {
            }
            ApplicationProtocol::Ssh => write!(f, "SSH"),
            ApplicationProtocol::Quic(info) => {
-                let mut parts = vec!["QUIC"];
-                if let Some(version) = &info.version_string {
-                    parts.push(&version);
+                if let Some(tls_info) = &info.tls_info {
+                    if let Some(sni) = &tls_info.sni {
+                        write!(f, "QUIC ({})", sni)
+                    } else {
+                        write!(f, "QUIC")
+                    }
+                } else {
+                    write!(f, "QUIC")
                }
-                let connection_state = info.connection_state.to_string();
-                parts.push(&connection_state);
-                if let Some(connection_id) = &info.connection_id_hex {
-                    parts.push(&connection_id);
-                }
-                write!(f, "{}", parts.join(" "))
            }
        }
    }
@@ -239,6 +238,10 @@ pub struct QuicInfo {
    pub connection_id: Vec<u8>,
    pub connection_id_hex: Option<String>,
    pub connection_state: QuicConnectionState,
+
+    // New fields for enhanced information
+    pub tls_info: Option<TlsInfo>, // Extracted TLS handshake info
+    pub has_crypto_frame: bool,    // Whether packet contains CRYPTO frame
 }

 impl QuicInfo {
@@ -249,6 +252,8 @@ impl QuicInfo {
            packet_type: QuicPacketType::Unknown,
            connection_id: Vec::new(),
            connection_state: QuicConnectionState::Unknown,
+            tls_info: None,
+            has_crypto_frame: false,
        }
    }
 }
@@ -315,13 +320,6 @@ fn quic_version_to_string(version: u32) -> Option<String> {
    }
 }

-fn quick_connection_id_to_hex(id: &[u8]) -> String {
-    id.iter()
-        .map(|b| format!("{:02x}", b))
-        .collect::<Vec<String>>()
-        .join(":")
-}
-
 #[derive(Debug, Clone)]
 pub struct DpiInfo {
    pub application: ApplicationProtocol,
--- a/src/ui.rs
+++ b/src/ui.rs
@@ -577,6 +577,18 @@ fn draw_connection_details(
                    }
                }
                crate::network::types::ApplicationProtocol::Quic(info) => {
+                    if let Some(tls_info) = &info.tls_info {
+                        let sni = tls_info.sni.clone().unwrap_or_else(|| "-".to_string());
+                        details_text.push(Line::from(vec![
+                            Span::styled("  QUIC SNI: ", Style::default().fg(Color::Cyan)),
+                            Span::raw(sni),
+                        ]));
+                        let alpn = tls_info.alpn.join(", ");
+                        details_text.push(Line::from(vec![
+                            Span::styled("  QUIC ALPN: ", Style::default().fg(Color::Cyan)),
+                            Span::raw(alpn),
+                        ]));
+                    }
                    if let Some(version) = info.version_string.as_ref() {
                        details_text.push(Line::from(vec![
                            Span::styled("  QUIC Version: ", Style::default().fg(Color::Cyan)),