First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

QUIC-IETF Filter can't display ack_range

  • retag add tags

Hi, I have found that wireshark has supported QUIC-IETF analyse. So, I made a test to see if it worked.

And I use ngtcp2 to do quic traffic, the quic-version is quic-draft-27, and record sslkeylogfile, dump flow into pcap file. You can look up to ngtcp2 by refering https://github.com/ngtcp2/ngtcp2

Finally, with wireshark-3.2.3, and configure TLS decrypt pre-master key,I have displayed quic field successfully, for example, it show ack_delay, but it can't print ack_range filed where I find is supported in https://www.wireshark.org/docs/dfref/...

so, my question is why the wireshark can't display ack_range field.

Hope for your reply.

tinker's avatar
1
tinker
asked 2020-04-23 07:27:20 +0000, updated 2020-04-23 07:28:14 +0000
edit flag offensive 0 remove flag close merge delete

Comments

Is quic.ack.ack_range_count > 0 ?

Chuckc's avatar Chuckc (2020-04-23 13:01:18 +0000) edit
more
  • delete

sorry but I can't upload an image, there is the text copy from wireshark below.

It is really strange that both the largest_ack and first_ack_range > 0 , but there is no ack_range

Frame 19: 94 bytes on wire (752 bits), 94 bytes captured (752 bits) Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00) Internet Protocol Version 4, Src: 127.0.0.1, Dst: 127.0.0.1 User Datagram Protocol, Src Port: 60867, Dst Port: 443 Source Port: 60867 Destination Port: 443 Length: 60 Checksum: 0xfe4f [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] QUIC IETF QUIC Connection information [Connection Number: 0] [Packet Length: 52] QUIC Short Header DCID=9af84a6705b6b5b4ebb7bd46724255ead4b2 PKN=1 0... .... = Header Form: Short Header (0) .1.. .... = Fixed Bit: True ..0. .... = Spin Bit: False ...0 0... = Reserved: 0 .... .0 ... (more)

tinker's avatar tinker (2020-04-24 01:39:45 +0000) edit
more
  • delete

Have you looked through the quic 27 draft?

"The First ACK Range is encoded as an ACK Range"

ACK Range Count: 0 
First ACK Range: 11
Chuckc's avatar Chuckc (2020-04-24 03:28:03 +0000) edit
more
  • delete

fine, It my confuse with IETF QUIC, thank you for your reply.

tinker's avatar tinker (2020-04-24 08:32:26 +0000) edit
more
  • delete
add a comment see more comments

1 Answer

0

ack_range only added when ack_range_count > 0: (epan/dissectors/packet-quic.c)

   /* ACK Ranges - Repeated "Ack Range Count" */
    while (ack_range_count) {

        /* Gap To Next Block */
        proto_tree_add_item_ret_varint(ft_tree, hf_quic_ack_gap, tvb, offset, -1, ENC_VARINT_QUIC, NULL, &lenvar);
        offset += lenvar;

        proto_tree_add_item_ret_varint(ft_tree, hf_quic_ack_ack_range, tvb, offset, -1, ENC_VARINT_QUIC, NULL, &lenvar);
        offset += lenvar;

        ack_range_count--;
    }

Sample captures here

Chuckc's avatar
3k
Chuckc
answered 2020-04-23 13:10:46 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer