Fix quic sniffer
This commit is contained in:
@@ -1,21 +1,29 @@
|
||||
package sniff
|
||||
|
||||
import (
|
||||
"crypto/tls"
|
||||
|
||||
"github.com/sagernet/sing-box/common/ja3"
|
||||
)
|
||||
|
||||
// Chromium sends separate client hello packets, but UQUIC has not yet implemented this behavior
|
||||
// The cronet without this behavior does not have version 115
|
||||
var uQUICChrome115 = &ja3.ClientHello{
|
||||
Version: tls.VersionTLS12,
|
||||
CipherSuites: []uint16{4865, 4866, 4867},
|
||||
Extensions: []uint16{0, 10, 13, 16, 27, 43, 45, 51, 57, 17513},
|
||||
EllipticCurves: []uint16{29, 23, 24},
|
||||
SignatureAlgorithms: []uint16{1027, 2052, 1025, 1283, 2053, 1281, 2054, 1537, 513},
|
||||
}
|
||||
const (
|
||||
// X25519Kyber768Draft00 - post-quantum curve used by Go crypto/tls
|
||||
x25519Kyber768Draft00 uint16 = 0x11EC // 4588
|
||||
// renegotiation_info extension used by Go crypto/tls
|
||||
extensionRenegotiationInfo uint16 = 0xFF01 // 65281
|
||||
)
|
||||
|
||||
func maybeUQUIC(fingerprint *ja3.ClientHello) bool {
|
||||
return !uQUICChrome115.Equals(fingerprint, true)
|
||||
// isQUICGo detects native quic-go by checking for Go crypto/tls specific features.
|
||||
// Note: uQUIC with Chromium mimicry cannot be reliably distinguished from real Chromium
|
||||
// since it uses the same TLS fingerprint, so it will be identified as Chromium.
|
||||
func isQUICGo(fingerprint *ja3.ClientHello) bool {
|
||||
for _, curve := range fingerprint.EllipticCurves {
|
||||
if curve == x25519Kyber768Draft00 {
|
||||
return true
|
||||
}
|
||||
}
|
||||
for _, ext := range fingerprint.Extensions {
|
||||
if ext == extensionRenegotiationInfo {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user