Support trace for QUIC Frames

Extend the existing QUIC tracing capability for frames. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from openssl/openssl#20914)
MrE-Fog · Jun 4, 2023 · 9b5aaa1 · 9b5aaa1
1 parent b41189d
commit 9b5aaa1
Show file tree

Hide file tree

Showing 4 changed files with 467 additions and 5 deletions.
diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h
@@ -242,6 +242,9 @@ extern "C" {
 /* Pseudo content types for QUIC */
 # define SSL3_RT_QUIC_DATAGRAM            0x200
 # define SSL3_RT_QUIC_PACKET              0x201
+# define SSL3_RT_QUIC_FRAME_FULL          0x202
+# define SSL3_RT_QUIC_FRAME_HEADER        0x203
+# define SSL3_RT_QUIC_FRAME_PADDING       0x204
 
 # define SSL3_AL_WARNING                 1
 # define SSL3_AL_FATAL                   2

diff --git a/ssl/quic/quic_record_rx.c b/ssl/quic/quic_record_rx.c
@@ -1110,6 +1110,7 @@ int ossl_qrx_read_pkt(OSSL_QRX *qrx, OSSL_QRX_PKT **ppkt)
         = BIO_ADDR_family(&rxe->local) != AF_UNSPEC ? &rxe->local : NULL;
     rxe->pkt.qrx            = qrx;
     *ppkt = &rxe->pkt;
+
     return 1;
 }
 

diff --git a/ssl/quic/quic_rx_depack.c b/ssl/quic/quic_rx_depack.c
@@ -188,11 +188,14 @@ static int depack_do_frame_stop_sending(PACKET *pkt,
 
 static int depack_do_frame_crypto(PACKET *pkt, QUIC_CHANNEL *ch,
                                   OSSL_QRX_PKT *parent_pkt,
-                                  OSSL_ACKM_RX_PKT *ackm_data)
+                                  OSSL_ACKM_RX_PKT *ackm_data,
+                                  uint64_t *datalen)
 {
     OSSL_QUIC_FRAME_CRYPTO f;
     QUIC_RSTREAM *rstream;
 
+    *datalen = 0;
+
     if (!ossl_quic_wire_decode_frame_crypto(pkt, &f)) {
         ossl_quic_channel_raise_protocol_error(ch,
                                                QUIC_ERR_FRAME_ENCODING_ERROR,
@@ -217,6 +220,8 @@ static int depack_do_frame_crypto(PACKET *pkt, QUIC_CHANNEL *ch,
                                       f.offset, f.data, f.len, 0))
         return 0;
 
+    *datalen = f.len;
+
     return 1;
 }
 
@@ -381,12 +386,15 @@ static int depack_do_implicit_stream_create(QUIC_CHANNEL *ch,
 static int depack_do_frame_stream(PACKET *pkt, QUIC_CHANNEL *ch,
                                   OSSL_QRX_PKT *parent_pkt,
                                   OSSL_ACKM_RX_PKT *ackm_data,
-                                  uint64_t frame_type)
+                                  uint64_t frame_type,
+                                  uint64_t *datalen)
 {
     OSSL_QUIC_FRAME_STREAM frame_data;
     QUIC_STREAM *stream;
     uint64_t fce;
 
+    *datalen = 0;
+
     if (!ossl_quic_wire_decode_frame_stream(pkt, &frame_data)) {
         ossl_quic_channel_raise_protocol_error(ch,
                                                QUIC_ERR_FRAME_ENCODING_ERROR,
@@ -452,6 +460,8 @@ static int depack_do_frame_stream(PACKET *pkt, QUIC_CHANNEL *ch,
                                       frame_data.is_fin))
         return 0;
 
+    *datalen = frame_data.len;
+
     return 1;
 }
 
@@ -795,6 +805,11 @@ static int depack_process_frames(QUIC_CHANNEL *ch, PACKET *pkt,
 
     while (PACKET_remaining(pkt) > 0) {
         uint64_t frame_type;
+        const unsigned char *sof = NULL;
+        uint64_t datalen = 0;
+
+        if (ch->msg_callback != NULL)
+            sof = PACKET_data(pkt);
 
         if (!ossl_quic_wire_peek_frame_header(pkt, &frame_type))
             return 0;
@@ -863,7 +878,7 @@ static int depack_process_frames(QUIC_CHANNEL *ch, PACKET *pkt,
                                                        "CRYPTO frame not valid in 0-RTT");
                 return 0;
             }
-            if (!depack_do_frame_crypto(pkt, ch, parent_pkt, ackm_data))
+            if (!depack_do_frame_crypto(pkt, ch, parent_pkt, ackm_data, &datalen))
                 return 0;
             break;
         case OSSL_QUIC_FRAME_TYPE_NEW_TOKEN:
@@ -897,7 +912,7 @@ static int depack_process_frames(QUIC_CHANNEL *ch, PACKET *pkt,
                 return 0;
             }
             if (!depack_do_frame_stream(pkt, ch, parent_pkt, ackm_data,
-                                        frame_type))
+                                        frame_type, &datalen))
                 return 0;
             break;
 
@@ -1077,6 +1092,23 @@ static int depack_process_frames(QUIC_CHANNEL *ch, PACKET *pkt,
                                                    "Unknown frame type received");
             return 0;
         }
+
+        if (ch->msg_callback != NULL) {
+            int ctype = SSL3_RT_QUIC_FRAME_FULL;
+
+            size_t framelen = PACKET_data(pkt) - sof;
+
+            if (frame_type == OSSL_QUIC_FRAME_TYPE_PADDING) {
+                ctype = SSL3_RT_QUIC_FRAME_PADDING;
+            } else if (OSSL_QUIC_FRAME_TYPE_IS_STREAM(frame_type)
+                    || frame_type == OSSL_QUIC_FRAME_TYPE_CRYPTO) {
+                ctype = SSL3_RT_QUIC_FRAME_HEADER;
+                framelen -= (size_t)datalen;
+            }
+
+            ch->msg_callback(0, OSSL_QUIC1_VERSION, ctype, sof, framelen,
+                             ch->msg_callback_s, ch->msg_callback_arg);
+        }
     }
 
     return 1;