Fix variable padding size

tumi8 · Sep 14, 2021 · 177f230 · 177f230
1 parent 82c1adf
commit 177f230
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 10 deletions.
diff --git a/README.md b/README.md
@@ -64,13 +64,19 @@ zmap -q -M quic_initial -p"443" --output-module="csv" \
 * `--output-module=csv`: save as csv
 * `-f "..."`: specifies fields that will be stored in the output file
 * `-o output.csv`: name of the output file
-* `--probe-args="padding:X"` [optional]: changes default (1200 bytes necessary) padding to X bytes
+* `--probe-args="padding:X"` [optional]: changes default padding to X bytes
 * `$address`: IPv4 address
 * `$netmask`: 0-32
 
-With the `--probe-args="padding:X"` argument, we are able to scan with 
-packets that do not follow the current specification of using at least 1200 Bytes as payload. 
-Responses may come from wrongly configured QUIC clients.
+
+The Initial packet should be at least 1200 Bytes long according to the specification.
+The default padding is 1200 - sizeof(long_quic_header) [22 Bytes] = 1178 Bytes
+
+With the `--probe-args="padding:X"` argument, we can scan target using Initial packets 
+that do not follow the current specification. 
+* Default: X=1178
+* Initial packets without padding: X=0
+* Initial packets with size 300: X=278
 
 License and Copyright
 ---------------------

diff --git a/src/probe_modules/module_quic_initial.c b/src/probe_modules/module_quic_initial.c
@@ -34,7 +34,7 @@
 
 #define UNUSED __attribute__((unused))
 
-static int padding_length = QUIC_PACKET_LENGTH;
+static int padding_length = QUIC_PACKET_LENGTH - sizeof(quic_long_hdr);
 
 static inline uint64_t make_quic_conn_id(char a, char b, char c, char d, char e,
 					 char f, char g, char h)
@@ -105,7 +105,7 @@ int quic_initial_init_perthread(void *buf, macaddr_t *src, macaddr_t *gw,
 				__attribute__((unused)) void **arg_ptr)
 {
 	// set length of udp msg
-	int udp_send_msg_len = padding_length;
+	int udp_send_msg_len = padding_length + sizeof(quic_long_hdr);
 	//log_debug("prepare", "UDP PAYLOAD LEN: %d", udp_send_msg_len);
 
 	memset(buf, 0, MAX_PACKET_SIZE);
@@ -149,7 +149,7 @@ int quic_initial_make_packet(void *buf, UNUSED size_t *buf_len,
 	uint8_t *payload = (uint8_t *)&udp_header[1];
 	int payload_len = 0;
 
-	memset(payload, 0, padding_length);
+	memset(payload, 0, padding_length + sizeof(quic_long_hdr));
 
 	quic_long_hdr *common_hdr = (quic_long_hdr *)payload;
 
@@ -165,12 +165,11 @@ int quic_initial_make_packet(void *buf, UNUSED size_t *buf_len,
 	common_hdr->dst_conn_id = connection_id;
 	common_hdr->src_conn_id_length = 0x00;
 	common_hdr->token_length = 0x00;
-	common_hdr->length = padding_length - sizeof(quic_long_hdr) +
-			     sizeof(common_hdr->packet_number);
+	common_hdr->length = padding_length + sizeof(common_hdr->packet_number);
 	common_hdr->packet_number = 0x0000;
 
 	// Padding was already done with memset
-	payload_len = padding_length;
+	payload_len = padding_length + sizeof(quic_long_hdr);
 
 	// Update the IP and UDP headers to match the new payload length
 	ip_header->ip_len =