Pcap1
include pcap
include order
type type_bits
interpret type_bits -> bv[7]
object quic_long_type = {
type this = {initial,retry,handshake,zero_rtt_protected}
}
type cid
interpret cid -> bv[64]
type version
interpret version -> bv[32]
type pkt_num
interpret pkt_num -> bv[32]
type quic_packet = struct {
hdr_long : bool,
hdr_type : type_bits,
hdr_cid : cid,
hdr_version : version,
hdr_pkt_num : pkt_num
}
include quic_deser
instance pc : pcap(quic_packet,quic_deser)
action show_packet(src:ip.endpoint,dst:ip.endpoint,pkt:quic_packet)
import show_packet
For each endpoint, the set of connectino ids that have been sent
relation conn_seen(E:ip.endpoint,C:cid)
function last_pkt_num(E:ip.endpoint,C:cid) : pkt_num
after init {
conn_seen(E,C) := false;
}
implement pc.handle(src:ip.endpoint,dst:ip.endpoint,pkt:quic_packet) {
call show_packet(src,dst,pkt);
var cid := pkt.hdr_cid;
var pnum := pkt.hdr_pkt_num;
if ~conn_seen(src,cid) {
conn_seen(src,cid) := true;
}
else {
var last := last_pkt_num(src,cid);
if pkt.hdr_long | pkt.hdr_type = 0x1d {
if some(n:pkt_num) n > last & bfe[0][31](n) = pnum minimizing n {
pnum := n
}
}
else if pkt.hdr_type = 0x1e {
if some(n:pkt_num) n > last & bfe[0][15](n) = pnum minimizing n {
pnum := n
}
}
else {
if some(n:pkt_num) n > last & bfe[0][7](n) = pnum minimizing n {
pnum := n
}
}
};
last_pkt_num(src,cid) := pnum
}
attribute radix=16