Skip to content

Commit

Permalink
Merge remote-tracking branch 'origin/topic/robin/bump-spicy'
Browse files Browse the repository at this point in the history
* origin/topic/robin/bump-spicy:
  Bump Spicy.
  Remove support for old Spicy versions from QUIC analyzer.
  • Loading branch information
rsmmr committed Apr 15, 2024
2 parents 6c88bd1 + ed4aed4 commit 5236c73
Show file tree
Hide file tree
Showing 4 changed files with 12 additions and 51 deletions.
8 changes: 8 additions & 0 deletions CHANGES
Original file line number Diff line number Diff line change
@@ -1,3 +1,11 @@
7.0.0-dev.119 | 2024-04-15 17:52:44 +0200

* Bump Spicy. (Robin Sommer, Corelight)

Includes a couple of updates for the QUIC analyzer.

* Remove support for old Spicy versions from QUIC analyzer. (Robin Sommer, Corelight)

7.0.0-dev.116 | 2024-04-11 15:26:05 -0700

* Make sure that vcpkg isn't preferred if pcap_root_dir is passed in (Tim Wojtulewicz)
Expand Down
2 changes: 1 addition & 1 deletion VERSION
Original file line number Diff line number Diff line change
@@ -1 +1 @@
7.0.0-dev.116
7.0.0-dev.119
2 changes: 1 addition & 1 deletion auxil/spicy
Submodule spicy updated 79 files
+103 −0 CHANGES
+23 −0 NEWS.rst
+1 −1 VERSION
+4 −0 doc/autogen/types/generic-begin.rst
+4 −0 doc/autogen/types/generic-end.rst
+8 −0 doc/autogen/types/generic-new.rst
+5 −0 doc/autogen/types/generic-pack.rst
+5 −0 doc/autogen/types/generic-unpack.rst
+10 −8 doc/autogen/types/generic.rst
+2 −8 doc/autogen/types/sink.rst
+3 −3 doc/autogen/types/strong-reference.rst
+1 −1 doc/autogen/types/unit.rst
+11 −0 doc/programming/examples/_parse-websocket-bitfield.spicy
+9 −9 doc/programming/examples/_unit-params-string.spicy
+1 −1 doc/programming/examples/_unit-params-string.spicy.output
+8 −0 doc/programming/language/functions.rst
+43 −5 doc/programming/language/statements.rst
+87 −0 doc/programming/language/types.rst
+51 −36 doc/programming/parsing.rst
+51 −28 doc/scripts/spicy-doc-to-rst
+14 −0 hilti/runtime/include/types/reference.h
+12 −1 hilti/toolchain/include/ast/node.h
+25 −3 hilti/toolchain/include/ast/type.h
+10 −8 hilti/toolchain/src/ast/operators/generic.cc
+5 −5 hilti/toolchain/src/ast/operators/reference.cc
+4 −4 hilti/toolchain/src/ast/operators/signed-integer.cc
+4 −4 hilti/toolchain/src/ast/operators/unsigned-integer.cc
+1 −1 hilti/toolchain/src/compiler/codegen/types.cc
+23 −4 hilti/toolchain/src/compiler/coercer.cc
+1 −1 hilti/toolchain/src/compiler/resolver.cc
+1 −2 spicy/toolchain/include/ast/forward.h
+1 −2 spicy/toolchain/include/ast/node-tag.h
+1 −2 spicy/toolchain/include/ast/operators/sink.h
+4 −1 spicy/toolchain/include/ast/types/unit-items/sink.h
+1 −2 spicy/toolchain/include/ast/visitor-dispatcher.h
+7 −28 spicy/toolchain/src/ast/operators/sink.cc
+3 −3 spicy/toolchain/src/ast/operators/unit.cc
+9 −10 spicy/toolchain/src/compiler/codegen/codegen.cc
+1 −2 spicy/toolchain/src/compiler/codegen/parser-builder.cc
+5 −4 spicy/toolchain/src/compiler/codegen/unit-builder.cc
+19 −7 spicy/toolchain/src/compiler/parser/parser.yy
+8 −4 spicy/toolchain/src/compiler/parser/scanner.ll
+14 −0 spicy/toolchain/src/compiler/printer.cc
+20 −0 spicy/toolchain/src/compiler/validator.cc
+3 −3 tests/Baseline/hilti.ast.basic-module/debug.log
+5 −0 tests/Baseline/hilti.types.function.in-out-param-fail/output
+10 −0 tests/Baseline/hilti.types.integer.mutate-fail/output
+0 −1 tests/Baseline/hilti.types.struct.params-write-fail/output
+3 −3 tests/Baseline/spicy.types.real.coercion-fail/output
+4 −0 tests/Baseline/spicy.types.reference.function-parameters/output
+2 −2 tests/Baseline/spicy.types.struct.init-fail/output
+1 −1 tests/Baseline/spicy.types.unit.begin-uninit/output
+2 −2 tests/Baseline/spicy.types.unit.context-fail/output
+1 −1 tests/Baseline/spicy.types.unit.context-undeclared/output
+23 −23 tests/Baseline/spicy.types.unit.hooks-across-imports/.stderr
+4 −0 tests/Baseline/spicy.types.unit.params-inout-fail/output
+2 −0 tests/Baseline/spicy.types.unit.params-inout-sink/output
+3 −0 tests/Baseline/spicy.types.unit.params-reference-fail/output
+4 −0 tests/Baseline/spicy.types.unit.params-reference/output
+3 −0 tests/Baseline/spicy.types.unit.params-sink-fail-2/output
+6 −0 tests/Baseline/spicy.types.unit.params-sink-fail/output
+0 −1 tests/Baseline/spicy.types.unit.params-write-fail/output
+2 −2 tests/Baseline/spicy.types.unit.size-validation-fail/output
+2 −2 tests/Baseline/spicy.types.unit.struct-ctor-init-2/output
+22 −22 tests/Baseline/spicy.types.unit.sub-unit/.stderr
+2 −2 tests/Baseline/spicy.types.unit.synchronize-nested/output
+3 −3 tests/Baseline/spicy.types.unit.synchronize/output
+3 −3 tests/Baseline/spicy.types.unit.var-initialization/output
+20 −0 tests/hilti/types/function/in-out-param-fail.hlt
+26 −0 tests/hilti/types/integer/mutate-fail.hlt
+29 −0 tests/spicy/types/reference/function-parameters.spicy
+10 −0 tests/spicy/types/reference/operators.spicy
+13 −0 tests/spicy/types/unit/params-forward-reference.spicy
+13 −0 tests/spicy/types/unit/params-inout-fail.spicy
+27 −0 tests/spicy/types/unit/params-inout-sink.spicy
+5 −5 tests/spicy/types/unit/params-inout.spicy
+8 −0 tests/spicy/types/unit/params-reference-fail.spicy
+31 −0 tests/spicy/types/unit/params-reference.spicy
+18 −0 tests/spicy/types/unit/params-sink-fail.spicy
51 changes: 2 additions & 49 deletions src/analyzer/protocol/quic/QUIC.spicy
Original file line number Diff line number Diff line change
Expand Up @@ -67,11 +67,7 @@ type ConnectionIDInfo = struct {
client_initial_processed: bool;
server_initial_processed: bool;

@if SPICY_VERSION >= 10800
ssl_handle: zeek::ProtocolHandle &optional;
@else
did_ssl_begin: bool;
@endif
};

##############
Expand Down Expand Up @@ -223,11 +219,7 @@ public type LongHeaderPacketV2 = unit(inout outer: LongHeaderPacket) {
# Just eat the data for event raising.
public type UnhandledVersion = unit(header: LongHeaderPacket) {
var header: LongHeaderPacket = header;
@if SPICY_VERSION >= 10800
payload: skip bytes &eod;
@else
payload: bytes &eod;
@endif
};

public type LongHeaderPacket = unit {
Expand Down Expand Up @@ -280,7 +272,7 @@ public type LongHeaderPacket = unit {
};

# A QUIC Frame.
public type Frame = unit(header: LongHeaderPacket, from_client: bool, inout crypto_sink: sink) {
public type Frame = unit(header: LongHeaderPacket, from_client: bool, crypto_sink: sink&) {
frame_type : uint8 &convert=cast<FrameType>($$);

# TODO: add other FrameTypes as well
Expand All @@ -292,11 +284,7 @@ public type Frame = unit(header: LongHeaderPacket, from_client: bool, inout cryp
crypto_sink.write(self.c.cryptodata, self.c.offset.result);
}
FrameType::CONNECTION_CLOSE1 -> : ConnectionClosePayload(header);
@if SPICY_VERSION >= 10800
FrameType::PADDING -> : skip /\x00*/; # eat the padding
@else
FrameType::PADDING -> : /\x00*/; # eat the padding
@endif
FrameType::PING -> : void;
* -> : void {
throw "unhandled frame type %s in %s" % (self.frame_type, header.first_byte.packet_type);
Expand Down Expand Up @@ -354,31 +342,19 @@ type InitialPacket = unit(header: LongHeaderPacket) {
# includes the packet number field, but we
# do not know its length yet. We need the
# payload for sampling, however.
@if SPICY_VERSION >= 10800
payload: skip bytes &size=self.length.result;
@else
payload: bytes &size=self.length.result;
@endif
};

type ZeroRTTPacket = unit(header: LongHeaderPacket) {
var header: LongHeaderPacket = header;
length: VariableLengthInteger;
@if SPICY_VERSION >= 10800
payload: skip bytes &size=self.length.result;
@else
payload: bytes &size=self.length.result;
@endif
};

type HandshakePacket = unit(header: LongHeaderPacket) {
var header: LongHeaderPacket = header;
length: VariableLengthInteger;
@if SPICY_VERSION >= 10800
payload: skip bytes &size=self.length.result;
@else
payload: bytes &size=self.length.result;
@endif
};


Expand Down Expand Up @@ -414,20 +390,12 @@ public type ShortHeader = unit(dest_conn_id_length: uint8) {

# TODO: investigate whether we can parse something useful out of this
public type ShortPacketPayload = unit {
@if SPICY_VERSION >= 10800
payload: skip bytes &eod;
@else
payload: bytes &eod;
@endif
};

# TODO: investigate whether we can do something useful with this
public type EncryptedLongPacketPayload = unit {
@if SPICY_VERSION >= 10800
payload: skip bytes &eod;
@else
payload: bytes &eod;
@endif
};

# Buffer all crypto messages (which might be fragmented and unordered)
Expand All @@ -447,7 +415,7 @@ type CryptoBuffer = unit() {
#
# A UDP datagram contains one or more QUIC packets.
##############
type Packet = unit(from_client: bool, inout context: ConnectionIDInfo&) {
type Packet = unit(from_client: bool, context: ConnectionIDInfo&) {
var decrypted_data: bytes;
var full_packet: bytes;
var start: iterator<stream>;
Expand All @@ -457,16 +425,9 @@ type Packet = unit(from_client: bool, inout context: ConnectionIDInfo&) {

# Attach an SSL analyzer to this connection once.
on %init {
@if SPICY_VERSION >= 10800
if ( ! context?.ssl_handle ) {
context.ssl_handle = zeek::protocol_handle_get_or_create("SSL");
}
@else
if ( ! context.did_ssl_begin ) {
zeek::protocol_begin("SSL");
context.did_ssl_begin = True;
}
@endif

self.start = self.input();
}
Expand Down Expand Up @@ -497,13 +458,8 @@ type Packet = unit(from_client: bool, inout context: ConnectionIDInfo&) {
context.initial_destination_conn_id = b"";

# Allow re-opening the SSL analyzer the next time around.
@if SPICY_VERSION >= 10800
zeek::protocol_handle_close(context.ssl_handle);
unset context.ssl_handle;
@else
zeek::protocol_end();
context.did_ssl_begin = False;
@endif
}
}
};
Expand Down Expand Up @@ -578,10 +534,7 @@ type Packet = unit(from_client: bool, inout context: ConnectionIDInfo&) {
zeek::protocol_data_in(
from_client
, b"\x16\x03\x03" + length_bytes + handshake_data
# With Spicy 1.8.0, can use the SSL handle directly.
@if SPICY_VERSION >= 10800
, context.ssl_handle
@endif
);

# Stop decryption attempts after processing the very first INITIAL
Expand Down

0 comments on commit 5236c73

Please sign in to comment.