improve quic dissector

2026-01-06 05:49:52 -06:00 · 2025-08-06 18:28:45 +02:00
parent 52e13ee3b5
commit 2b5daa95ac
6 changed files with 1422 additions and 71 deletions
--- a/src/network/dpi/quic.rs
+++ b/src/network/dpi/quic.rs
--- a/src/network/merge.rs
+++ b/src/network/merge.rs
@@ -181,6 +181,9 @@ fn merge_dpi_info(conn: &mut Connection, dpi_result: &DpiResult) {
                    if old_info.version_string.is_none() {
                        old_info.version_string = new_info.version_string.clone();
                    }
+                    if new_info.tls_info.is_some() {
+                        old_info.tls_info = new_info.tls_info.clone();
+                    }
                }
                (_, ApplicationProtocol::Quic(_)) => {
                    warn!("QUIC DPI info not found in existing connection");
--- a/src/network/types.rs
+++ b/src/network/types.rs
@@ -47,16 +47,15 @@ impl std::fmt::Display for ApplicationProtocol {
            }
            ApplicationProtocol::Ssh => write!(f, "SSH"),
            ApplicationProtocol::Quic(info) => {
-                let mut parts = vec!["QUIC"];
-                if let Some(version) = &info.version_string {
-                    parts.push(&version);
+                if let Some(tls_info) = &info.tls_info {
+                    if let Some(sni) = &tls_info.sni {
+                        write!(f, "QUIC ({})", sni)
+                    } else {
+                        write!(f, "QUIC")
+                    }
+                } else {
+                    write!(f, "QUIC")
                }
-                let connection_state = info.connection_state.to_string();
-                parts.push(&connection_state);
-                if let Some(connection_id) = &info.connection_id_hex {
-                    parts.push(&connection_id);
-                }
-                write!(f, "{}", parts.join(" "))
            }
        }
    }
@@ -239,6 +238,10 @@ pub struct QuicInfo {
    pub connection_id: Vec<u8>,
    pub connection_id_hex: Option<String>,
    pub connection_state: QuicConnectionState,
+
+    // New fields for enhanced information
+    pub tls_info: Option<TlsInfo>, // Extracted TLS handshake info
+    pub has_crypto_frame: bool,    // Whether packet contains CRYPTO frame
 }

 impl QuicInfo {
@@ -249,6 +252,8 @@ impl QuicInfo {
            packet_type: QuicPacketType::Unknown,
            connection_id: Vec::new(),
            connection_state: QuicConnectionState::Unknown,
+            tls_info: None,
+            has_crypto_frame: false,
        }
    }
 }
@@ -315,13 +320,6 @@ fn quic_version_to_string(version: u32) -> Option<String> {
    }
 }

-fn quick_connection_id_to_hex(id: &[u8]) -> String {
-    id.iter()
-        .map(|b| format!("{:02x}", b))
-        .collect::<Vec<String>>()
-        .join(":")
-}
-
 #[derive(Debug, Clone)]
 pub struct DpiInfo {
    pub application: ApplicationProtocol,
--- a/src/ui.rs
+++ b/src/ui.rs
@@ -577,6 +577,18 @@ fn draw_connection_details(
                    }
                }
                crate::network::types::ApplicationProtocol::Quic(info) => {
+                    if let Some(tls_info) = &info.tls_info {
+                        let sni = tls_info.sni.clone().unwrap_or_else(|| "-".to_string());
+                        details_text.push(Line::from(vec![
+                            Span::styled("  QUIC SNI: ", Style::default().fg(Color::Cyan)),
+                            Span::raw(sni),
+                        ]));
+                        let alpn = tls_info.alpn.join(", ");
+                        details_text.push(Line::from(vec![
+                            Span::styled("  QUIC ALPN: ", Style::default().fg(Color::Cyan)),
+                            Span::raw(alpn),
+                        ]));
+                    }
                    if let Some(version) = info.version_string.as_ref() {
                        details_text.push(Line::from(vec![
                            Span::styled("  QUIC Version: ", Style::default().fg(Color::Cyan)),