QUICとhttp3の理解("curl --http3" + wiresharkで)

QUIC

下の図がわかりやすいと思う。 https://datatracker.ietf.org/meeting/98/materials/slides-98-edu-sessf-quic-tutorial/

https://datatracker.ietf.org/meeting/98/materials/slides-98-edu-sessf-quic-tutorial/

参考url

コマンド

  • curl”は新しいバージョンにしないと”—http3”は対応しない。ymuski/curl-http3のdockerを使ってる
# google.comは既にhttp3対応しているので。
# 後述のように復号化するのにkey.logが必要。
touch key.log
docker run -it -v $(pwd)/key.log:/opt/key.log --rm ymuski/curl-http3 /bin/bash -c "SSLKEYLOGFILE=key.log curl -IL https://www.google.com --http3 --trace /dev/stdout"
== Info:   Trying 216.58.220.100:443...
== Info: Connect socket 6 over QUIC to 216.58.220.100:443
== Info: Sent QUIC client Initial, ALPN: h3-29,h3-28,h3-27
== Info: Connected to www.google.com () port 443 (#0)
== Info: h3 [:method: HEAD]
== Info: h3 [:path: /]
== Info: h3 [:scheme: https]
== Info: h3 [:authority: www.google.com]
== Info: h3 [user-agent: curl/7.76.1-DEV]
== Info: h3 [accept: */*]
== Info: Using HTTP/3 Stream ID: 0 (easy handle 0x55609370f3e0)
=> Send header, 81 bytes (0x51)
0000: 48 45 41 44 20 2f 20 48 54 54 50 2f 33 0d 0a 48 HEAD / HTTP/3..H
0010: 6f 73 74 3a 20 77 77 77 2e 67 6f 6f 67 6c 65 2e ost: www.google.
0020: 63 6f 6d 0d 0a 75 73 65 72 2d 61 67 65 6e 74 3a com..user-agent:
0030: 20 63 75 72 6c 2f 37 2e 37 36 2e 31 2d 44 45 56  curl/7.76.1-DEV
0040: 0d 0a 61 63 63 65 70 74 3a 20 2a 2f 2a 0d 0a 0d ..accept: */*...
0050: 0a                                              .
<= Recv header, 11 bytes (0xb)
0000: 48 54 54 50 2f 33 20 32 30 30 0a                HTTP/3 200.
HTTP/3 200
<= Recv header, 44 bytes (0x2c)
0000: 63 6f 6e 74 65 6e 74 2d 74 79 70 65 3a 20 74 65 content-type: te
0010: 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 xt/html; charset
0020: 3d 49 53 4f 2d 38 38 35 39 2d 31 0a             =ISO-8859-1.
content-type: text/html; charset=ISO-8859-1
<= Recv header, 68 bytes (0x44)
0000: 70 33 70 3a 20 43 50 3d 22 54 68 69 73 20 69 73 p3p: CP="This is
0010: 20 6e 6f 74 20 61 20 50 33 50 20 70 6f 6c 69 63  not a P3P polic
0020: 79 21 20 53 65 65 20 67 2e 63 6f 2f 70 33 70 68 y! See g.co/p3ph
0030: 65 6c 70 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 elp for more inf
0040: 6f 2e 22 0a                                     o.".
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
<= Recv header, 36 bytes (0x24)
0000: 64 61 74 65 3a 20 53 61 74 2c 20 32 34 20 53 65 date: Sat, 24 Se
0010: 70 20 32 30 32 32 20 30 39 3a 34 33 3a 34 39 20 p 2022 09:43:49
0020: 47 4d 54 0a                                     GMT.
date: Sat, 24 Sep 2022 09:43:49 GMT
<= Recv header, 12 bytes (0xc)
0000: 73 65 72 76 65 72 3a 20 67 77 73 0a             server: gws.
server: gws
<= Recv header, 20 bytes (0x14)
0000: 78 2d 78 73 73 2d 70 72 6f 74 65 63 74 69 6f 6e x-xss-protection
0010: 3a 20 30 0a                                     : 0.
x-xss-protection: 0
<= Recv header, 28 bytes (0x1c)
0000: 78 2d 66 72 61 6d 65 2d 6f 70 74 69 6f 6e 73 3a x-frame-options:
0010: 20 53 41 4d 45 4f 52 49 47 49 4e 0a              SAMEORIGIN.
x-frame-options: SAMEORIGIN
<= Recv header, 39 bytes (0x27)
0000: 65 78 70 69 72 65 73 3a 20 53 61 74 2c 20 32 34 expires: Sat, 24
0010: 20 53 65 70 20 32 30 32 32 20 30 39 3a 34 33 3a  Sep 2022 09:43:
0020: 34 39 20 47 4d 54 0a                            49 GMT.
expires: Sat, 24 Sep 2022 09:43:49 GMT
<= Recv header, 23 bytes (0x17)
0000: 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 3a 20 70 cache-control: p
0010: 72 69 76 61 74 65 0a                            rivate.
cache-control: private
<= Recv header, 108 bytes (0x6c)
0000: 73 65 74 2d 63 6f 6f 6b 69 65 3a 20 31 50 5f 4a set-cookie: 1P_J
0010: 41 52 3d 32 30 32 32 2d 30 39 2d 32 34 2d 30 39 AR=2022-09-24-09
0020: 3b 20 65 78 70 69 72 65 73 3d 4d 6f 6e 2c 20 32 ; expires=Mon, 2
0030: 34 2d 4f 63 74 2d 32 30 32 32 20 30 39 3a 34 33 4-Oct-2022 09:43
0040: 3a 34 39 20 47 4d 54 3b 20 70 61 74 68 3d 2f 3b :49 GMT; path=/;
0050: 20 64 6f 6d 61 69 6e 3d 2e 67 6f 6f 67 6c 65 2e  domain=.google.
0060: 63 6f 6d 3b 20 53 65 63 75 72 65 0a             com; Secure.
set-cookie: 1P_JAR=2022-09-24-09; expires=Mon, 24-Oct-2022 09:43:49 GMT; path=/; domain=.google.com; Secure
<= Recv header, 174 bytes (0xae)
0000: 73 65 74 2d 63 6f 6f 6b 69 65 3a 20 41 45 43 3d set-cookie: AEC=
0010: 41 61 6b 6e 69 47 4d 38 37 6b 4d 79 47 67 77 78 AakniGM87kMyGgwx
0020: 39 6d 6c 39 4f 31 76 4f 2d 4c 4b 2d 49 66 58 59 9ml9O1vO-LK-IfXY
0030: 70 79 39 44 38 41 4f 4b 35 6f 46 35 32 70 73 68 py9D8AOK5oF52psh
0040: 4c 6f 4d 58 4f 79 56 76 76 41 3b 20 65 78 70 69 LoMXOyVvvA; expi
0050: 72 65 73 3d 54 68 75 2c 20 32 33 2d 4d 61 72 2d res=Thu, 23-Mar-
0060: 32 30 32 33 20 30 39 3a 34 33 3a 34 39 20 47 4d 2023 09:43:49 GM
0070: 54 3b 20 70 61 74 68 3d 2f 3b 20 64 6f 6d 61 69 T; path=/; domai
0080: 6e 3d 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3b 20 53 n=.google.com; S
0090: 65 63 75 72 65 3b 20 48 74 74 70 4f 6e 6c 79 3b ecure; HttpOnly;
00a0: 20 53 61 6d 65 53 69 74 65 3d 6c 61 78 0a        SameSite=lax.
set-cookie: AEC=AakniGM87kMyGgwx9ml9O1vO-LK-IfXYpy9D8AOK5oF52pshLoMXOyVvvA; expires=Thu, 23-Mar-2023 09:43:49 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
<= Recv header, 269 bytes (0x10d)
0000: 73 65 74 2d 63 6f 6f 6b 69 65 3a 20 4e 49 44 3d set-cookie: NID=
0010: 35 31 31 3d 74 6a 46 55 61 6a 72 7a 64 48 79 6f 511=tjFUajrzdHyo
0020: 6c 47 50 5f 42 68 2d 76 66 2d 34 64 50 53 72 48 lGP_Bh-vf-4dPSrH
0030: 47 73 77 46 4d 45 79 63 38 38 44 30 62 36 31 47 GswFMEyc88D0b61G
0040: 43 39 58 69 50 66 31 62 2d 5f 37 78 36 53 5f 61 C9XiPf1b-_7x6S_a
0050: 48 57 7a 5f 73 43 54 49 41 51 44 39 64 45 66 6f HWz_sCTIAQD9dEfo
0060: 70 78 37 6a 37 43 61 59 4d 2d 4a 57 4f 4b 41 79 px7j7CaYM-JWOKAy
0070: 51 78 56 58 69 31 49 41 5f 30 67 4e 55 63 4b 72 QxVXi1IA_0gNUcKr
0080: 62 57 4d 61 73 2d 65 43 36 7a 78 6a 58 4c 43 50 bWMas-eC6zxjXLCP
0090: 63 57 46 70 70 5a 51 4a 67 51 6f 5a 5a 31 4e 51 cWFppZQJgQoZZ1NQ
00a0: 71 45 47 6d 52 49 55 6c 34 72 6d 5a 79 46 6e 31 qEGmRIUl4rmZyFn1
00b0: 6b 69 7a 49 45 6c 6e 74 74 35 6c 47 67 46 30 3b kizIElntt5lGgF0;
00c0: 20 65 78 70 69 72 65 73 3d 53 75 6e 2c 20 32 36  expires=Sun, 26
00d0: 2d 4d 61 72 2d 32 30 32 33 20 30 39 3a 34 33 3a -Mar-2023 09:43:
00e0: 34 39 20 47 4d 54 3b 20 70 61 74 68 3d 2f 3b 20 49 GMT; path=/;
00f0: 64 6f 6d 61 69 6e 3d 2e 67 6f 6f 67 6c 65 2e 63 domain=.google.c
0100: 6f 6d 3b 20 48 74 74 70 4f 6e 6c 79 0a          om; HttpOnly.
set-cookie: NID=511=tjFUajrzdHyolGP_Bh-vf-4dPSrHGswFMEyc88D0b61GC9XiPf1b-_7x6S_aHWz_sCTIAQD9dEfopx7j7CaYM-JWOKAyQxVXi1IA_0gNUcKrbWMas-eC6zxjXLCPcWFppZQJgQoZZ1NQqEGmRIUl4rmZyFn1kizIElntt5lGgF0; expires=Sun, 26-Mar-2023 09:43:49 GMT; path=/; domain=.google.com; HttpOnly
<= Recv header, 172 bytes (0xac)
0000: 61 6c 74 2d 73 76 63 3a 20 68 33 3d 22 3a 34 34 alt-svc: h3=":44
0010: 33 22 3b 20 6d 61 3d 32 35 39 32 30 30 30 2c 68 3"; ma=2592000,h
0020: 33 2d 32 39 3d 22 3a 34 34 33 22 3b 20 6d 61 3d 3-29=":443"; ma=
0030: 32 35 39 32 30 30 30 2c 68 33 2d 51 30 35 30 3d 2592000,h3-Q050=
0040: 22 3a 34 34 33 22 3b 20 6d 61 3d 32 35 39 32 30 ":443"; ma=25920
0050: 30 30 2c 68 33 2d 51 30 34 36 3d 22 3a 34 34 33 00,h3-Q046=":443
0060: 22 3b 20 6d 61 3d 32 35 39 32 30 30 30 2c 68 33 "; ma=2592000,h3
0070: 2d 51 30 34 33 3d 22 3a 34 34 33 22 3b 20 6d 61 -Q043=":443"; ma
0080: 3d 32 35 39 32 30 30 30 2c 71 75 69 63 3d 22 3a =2592000,quic=":
0090: 34 34 33 22 3b 20 6d 61 3d 32 35 39 32 30 30 30 443"; ma=2592000
00a0: 3b 20 76 3d 22 34 36 2c 34 33 22 0a             ; v="46,43".
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
== Info: Connection #0 to host www.google.com left intact
# これをwiresharkでみる。条件を"ip.addr == 216.58.220.100"と指定すると良い。
  • QUIC handshakeからQUICのpayloadが暗号化されるので、key.logをPreference > Advancedで設定する。(自分はVersion 3.6.7 (v3.6.7-0-g4a304d7ec222)で問題なかったので、新しいバージョンだとできるはず)

プロトコル

  • とりあえず、TLS1.3の部分でQUIC由来と思われる部分をピックアップする

QUIC initial, ClientHello: クライアント → サーバー

  • TCPの3 way handshakeはない。
  • Payload部分にはCRYPTOフレーム(TLS1.3のClientHello)が入る。
    • “—http3”と指定したので、ALPN(Application-Layer Protocol Negotiation)は”h3-29”, “h3-28”, “h3-27”(application_layer_protocol_negotiation)
Extension: application_layer_protocol_negotiation (len=20)
    Type: application_layer_protocol_negotiation (16)
    Length: 20
    ALPN Extension Length: 18
    ALPN Protocol
        ALPN string length: 5
        ALPN Next Protocol: h3-29
        ALPN string length: 5
        ALPN Next Protocol: h3-28
        ALPN string length: 5
        ALPN Next Protocol: h3-27

詳細

  • UDP以降の部分のみのパース結果を載せている。
Frame 145: 1242 bytes on wire (9936 bits), 1242 bytes captured (9936 bits) on interface en0, id 0
Ethernet II, Src: Apple_b3:a4:ef (38:f9:d3:b3:a4:ef), Dst: Mitsubis_84:95:2d (10:4b:46:84:95:2d)
User Datagram Protocol, Src Port: 60282, Dst Port: 443
    Source Port: 60282
    Destination Port: 443
    Length: 1208
    Checksum: 0x8e90 [unverified]
    [Checksum Status: Unverified]
    [Stream index: 11]
    [Timestamps]
        [Time since first frame: 0.000000000 seconds]
        [Time since previous frame: 0.000000000 seconds]
    UDP payload (1200 bytes)
QUIC IETF
    QUIC Connection information
        [Connection Number: 2]
    [Packet Length: 336]
    1... .... = Header Form: Long Header (1)
    .1.. .... = Fixed Bit: True
    ..00 .... = Packet Type: Initial (0)
    .... 00.. = Reserved: 0
    .... ..00 = Packet Number Length: 1 bytes (0)
    Version: draft-29 (0xff00001d)
    Destination Connection ID Length: 16
    Destination Connection ID: 88758606f0322a5bbb4ab785d77f9224
    Source Connection ID Length: 20
    Source Connection ID: 199f225869a15581ea105e2683da3e4e977db844
    Token Length: 0
    Length: 290
    Packet Number: 0
    Payload: 639ec334c1035e39d656aca14f49b521a148d4bd2fc8f27a40232bbc50f166df2cb24a87…
    CRYPTO
        Frame Type: CRYPTO (0x0000000000000006)
        Offset: 0
        Length: 269
        Crypto Data
        TLSv1.3 Record Layer: Handshake Protocol: Client Hello
            Handshake Protocol: Client Hello
                Handshake Type: Client Hello (1)
                Length: 265
                Version: TLS 1.2 (0x0303)
                Random: 664ffabc2a24c1410327c812202fd53bc874c5fa67724f0f3c84a2d05971d130
                Session ID Length: 0
                Cipher Suites Length: 6
                Cipher Suites (3 suites)
                    Cipher Suite: TLS_AES_128_GCM_SHA256 (0x1301)
                    Cipher Suite: TLS_AES_256_GCM_SHA384 (0x1302)
                    Cipher Suite: TLS_CHACHA20_POLY1305_SHA256 (0x1303)
                Compression Methods Length: 1
                Compression Methods (1 method)
                    Compression Method: null (0)
                Extensions Length: 218
                Extension: server_name (len=19)
                    Type: server_name (0)
                    Length: 19
                    Server Name Indication extension
                        Server Name list length: 17
                        Server Name Type: host_name (0)
                        Server Name length: 14
                        Server Name: www.google.com
                Extension: supported_groups (len=8)
                    Type: supported_groups (10)
                    Length: 8
                    Supported Groups List Length: 6
                    Supported Groups (3 groups)
                        Supported Group: x25519 (0x001d)
                        Supported Group: secp256r1 (0x0017)
                        Supported Group: secp384r1 (0x0018)
                Extension: application_layer_protocol_negotiation (len=20)
                    Type: application_layer_protocol_negotiation (16)
                    Length: 20
                    ALPN Extension Length: 18
                    ALPN Protocol
                        ALPN string length: 5
                        ALPN Next Protocol: h3-29
                        ALPN string length: 5
                        ALPN Next Protocol: h3-28
                        ALPN string length: 5
                        ALPN Next Protocol: h3-27
                Extension: signature_algorithms (len=20)
                    Type: signature_algorithms (13)
                    Length: 20
                    Signature Hash Algorithms Length: 18
                    Signature Hash Algorithms (9 algorithms)
                        Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)
                            Signature Hash Algorithm Hash: SHA256 (4)
                            Signature Hash Algorithm Signature: ECDSA (3)
                        Signature Algorithm: rsa_pss_rsae_sha256 (0x0804)
                            Signature Hash Algorithm Hash: Unknown (8)
                            Signature Hash Algorithm Signature: SM2 (4)
                        Signature Algorithm: rsa_pkcs1_sha256 (0x0401)
                            Signature Hash Algorithm Hash: SHA256 (4)
                            Signature Hash Algorithm Signature: RSA (1)
                        Signature Algorithm: ecdsa_secp384r1_sha384 (0x0503)
                            Signature Hash Algorithm Hash: SHA384 (5)
                            Signature Hash Algorithm Signature: ECDSA (3)
                        Signature Algorithm: rsa_pss_rsae_sha384 (0x0805)
                            Signature Hash Algorithm Hash: Unknown (8)
                            Signature Hash Algorithm Signature: Unknown (5)
                        Signature Algorithm: rsa_pkcs1_sha384 (0x0501)
                            Signature Hash Algorithm Hash: SHA384 (5)
                            Signature Hash Algorithm Signature: RSA (1)
                        Signature Algorithm: rsa_pss_rsae_sha512 (0x0806)
                            Signature Hash Algorithm Hash: Unknown (8)
                            Signature Hash Algorithm Signature: Unknown (6)
                        Signature Algorithm: rsa_pkcs1_sha512 (0x0601)
                            Signature Hash Algorithm Hash: SHA512 (6)
                            Signature Hash Algorithm Signature: RSA (1)
                        Signature Algorithm: rsa_pkcs1_sha1 (0x0201)
                            Signature Hash Algorithm Hash: SHA1 (2)
                            Signature Hash Algorithm Signature: RSA (1)
                Extension: key_share (len=38)
                    Type: key_share (51)
                    Length: 38
                    Key Share extension
                        Client Key Share Length: 36
                        Key Share Entry: Group: x25519, Key Exchange length: 32
                            Group: x25519 (29)
                            Key Exchange Length: 32
                            Key Exchange: 128f5580196c43a62ff26bc4164109a05e5136abf8bb02e39eadd61945b6d104
                Extension: psk_key_exchange_modes (len=2)
                    Type: psk_key_exchange_modes (45)
                    Length: 2
                    PSK Key Exchange Modes Length: 1
                    PSK Key Exchange Mode: PSK with (EC)DHE key establishment (psk_dhe_ke) (1)
                Extension: supported_versions (len=3)
                    Type: supported_versions (43)
                    Length: 3
                    Supported Versions length: 2
                    Supported Version: TLS 1.3 (0x0304)
                Extension: quic_transport_parameters (drafts version) (len=76)
                    Type: quic_transport_parameters (drafts version) (65445)
                    Length: 76
                    Parameter: max_idle_timeout (len=4) 60000 ms
                        Type: max_idle_timeout (0x01)
                        Length: 4
                        Value: 8000ea60
                        max_idle_timeout: 60000
                    Parameter: max_udp_payload_size (len=4) 65527
                        Type: max_udp_payload_size (0x03)
                        Length: 4
                        Value: 8000fff7
                        max_udp_payload_size: 65527
                    Parameter: initial_max_data (len=4) 1048576
                        Type: initial_max_data (0x04)
                        Length: 4
                        Value: 80100000
                        initial_max_data: 1048576
                    Parameter: initial_max_stream_data_bidi_local (len=4) 1048576
                        Type: initial_max_stream_data_bidi_local (0x05)
                        Length: 4
                        Value: 80100000
                        initial_max_stream_data_bidi_local: 1048576
                    Parameter: initial_max_stream_data_bidi_remote (len=4) 1048576
                        Type: initial_max_stream_data_bidi_remote (0x06)
                        Length: 4
                        Value: 80100000
                        initial_max_stream_data_bidi_remote: 1048576
                    Parameter: initial_max_stream_data_uni (len=4) 1048576
                        Type: initial_max_stream_data_uni (0x07)
                        Length: 4
                        Value: 80100000
                        initial_max_stream_data_uni: 1048576
                    Parameter: initial_max_streams_bidi (len=4) 262144
                        Type: initial_max_streams_bidi (0x08)
                        Length: 4
                        Value: 80040000
                        initial_max_streams_bidi: 262144
                    Parameter: initial_max_streams_uni (len=4) 262144
                        Type: initial_max_streams_uni (0x09)
                        Length: 4
                        Value: 80040000
                        initial_max_streams_uni: 262144
                    Parameter: ack_delay_exponent (len=1)
                        Type: ack_delay_exponent (0x0a)
                        Length: 1
                        Value: 03
                        ack_delay_exponent: 3
                    Parameter: GREASE (len=1) 25
                        Type: GREASE (0x0b)
                        Length: 1
                        Value: 19
                        max_ack_delay: 25
                    Parameter: initial_source_connection_id (len=20)
                        Type: initial_source_connection_id (0x0f)
                        Length: 20
                        Value: 199f225869a15581ea105e2683da3e4e977db844
                        Initial Source Connection ID: 199f225869a15581ea105e2683da3e4e977db844
                [JA3 Fullstring: 771,4865-4866-4867,0-10-16-13-51-45-43-65445,29-23-24,]
                [JA3: 92e76078d514999cd950474995dab2b5]
QUIC IETF
    [Expert Info (Note/Protocol): (Random) padding data appended to the datagram]
        [(Random) padding data appended to the datagram]
        [Severity level: Note]
        [Group: Protocol]

QUIC Initial, ServerHello: サーバー → クライアント

  • versionはVersion: draft-29 (0xff00001d), h3-29で合意した
  • Destination Connection IDはClientHelloのSource ConnectionIDと一致してる
  • Payload部分にはQUICのACKフレームとCRYPTOフレーム(TLS1.3のServerHello)が入る。
    • ACKについてはRFC9000で Receivers send ACK frames (types 0x02 and 0x03) to inform senders of packets they have received and processed. とある
    • PADDINGもされてる(1200byteにするための0埋め)
  • これ以降QUICのpayload部分は暗号化される
    • QUICはTCP相当の設定もpayloadに含んでいるので、従来のTCPとは違いこれらの設定が暗号化されてる(のでより安全)、という利点がある

詳細

Frame 146: 1242 bytes on wire (9936 bits), 1242 bytes captured (9936 bits) on interface en0, id 0
Internet Protocol Version 4, Src: 216.58.220.100, Dst: 192.168.1.6
User Datagram Protocol, Src Port: 443, Dst Port: 60282
    Source Port: 443
    Destination Port: 60282
    Length: 1208
    Checksum: 0xa2fe [unverified]
    [Checksum Status: Unverified]
    [Stream index: 11]
    [Timestamps]
        [Time since first frame: 0.007535000 seconds]
        [Time since previous frame: 0.007535000 seconds]
    UDP payload (1200 bytes)
QUIC IETF
    QUIC Connection information
        [Connection Number: 2]
    [Packet Length: 1200]
    1... .... = Header Form: Long Header (1)
    .1.. .... = Fixed Bit: True
    ..00 .... = Packet Type: Initial (0)
    .... 00.. = Reserved: 0
    .... ..00 = Packet Number Length: 1 bytes (0)
    Version: draft-29 (0xff00001d)
    Destination Connection ID Length: 20
    Destination Connection ID: 199f225869a15581ea105e2683da3e4e977db844
    Source Connection ID Length: 8
    Source Connection ID: 88758606f0322a5b
    Token Length: 0
    Length: 1162
    Packet Number: 1
    Payload: bfd2e6357a2dc0a1975253c58d2d7ea71bda66c2bde206ec06d805146f30c7844c838a67…
    ACK
        Frame Type: ACK (0x0000000000000002)
        Largest Acknowledged: 0
        ACK Delay: 0
        ACK Range Count: 0
        First ACK Range: 0
    CRYPTO
        Frame Type: CRYPTO (0x0000000000000006)
        Offset: 0
        Length: 90
        Crypto Data
        TLSv1.3 Record Layer: Handshake Protocol: Server Hello
            Handshake Protocol: Server Hello
                Handshake Type: Server Hello (2)
                Length: 86
                Version: TLS 1.2 (0x0303)
                Random: 7eb236141fa8f4daa7f6caf17b0974dac0fbcbe3264194cb3779ebefe86bbc63
                Session ID Length: 0
                Cipher Suite: TLS_AES_128_GCM_SHA256 (0x1301)
                Compression Method: null (0)
                Extensions Length: 46
                Extension: key_share (len=36)
                    Type: key_share (51)
                    Length: 36
                    Key Share extension
                        Key Share Entry: Group: x25519, Key Exchange length: 32
                            Group: x25519 (29)
                            Key Exchange Length: 32
                            Key Exchange: cbc40b773b9dbfc7bfde852c7c43742094d4d0c53957e0e5f68804bb626e190b
                Extension: supported_versions (len=2)
                    Type: supported_versions (43)
                    Length: 2
                    Supported Version: TLS 1.3 (0x0304)
                [JA3S Fullstring: 771,4865,51-43]
                [JA3S: eb1d94daa7e0344597e756a1fb6e7054]
    PADDING Length: 1046
        Frame Type: PADDING (0x0000000000000000)
        [Padding Length: 1046]

QUICInitial, ACK: クライアント → サーバー

  • ACKを送っている。
    • Payloadが暗号化されていないので、ServerHelloが来たらすぐに返送するようになっているのだと思う。
  • DestinationIDもこの時点でわかっているので3b533bbc52e5fd4eとしてる

詳細

Frame 147: 1242 bytes on wire (9936 bits), 1242 bytes captured (9936 bits) on interface en0, id 0
Ethernet II, Src: Apple_b3:a4:ef (38:f9:d3:b3:a4:ef), Dst: Mitsubis_84:95:2d (10:4b:46:84:95:2d)
Internet Protocol Version 4, Src: 192.168.1.6, Dst: 216.58.220.100
User Datagram Protocol, Src Port: 60282, Dst Port: 443
    Source Port: 60282
    Destination Port: 443
    Length: 1208
    Checksum: 0x49d4 [unverified]
    [Checksum Status: Unverified]
    [Stream index: 11]
    [Timestamps]
        [Time since first frame: 0.008098000 seconds]
        [Time since previous frame: 0.000563000 seconds]
    UDP payload (1200 bytes)
QUIC IETF
    QUIC Connection information
        [Connection Number: 2]
    [Packet Length: 60]
    1... .... = Header Form: Long Header (1)
    .1.. .... = Fixed Bit: True
    ..00 .... = Packet Type: Initial (0)
    .... 00.. = Reserved: 0
    .... ..00 = Packet Number Length: 1 bytes (0)
    Version: draft-29 (0xff00001d)
    Destination Connection ID Length: 8
    Destination Connection ID: 88758606f0322a5b
    Source Connection ID Length: 20
    Source Connection ID: 199f225869a15581ea105e2683da3e4e977db844
    Token Length: 0
    Length: 22
    Packet Number: 1
    Payload: 850f3279f9fef8fd7c213ea116c4c5e19f1b488c7f
    ACK
        Frame Type: ACK (0x0000000000000002)
        Largest Acknowledged: 1
        ACK Delay: 15
        ACK Range Count: 0
        First ACK Range: 0
QUIC IETF
    [Expert Info (Note/Protocol): (Random) padding data appended to the datagram]
        [(Random) padding data appended to the datagram]
        [Severity level: Note]
        [Group: Protocol]

QUIC handshake, (Ping): クライアント → サーバー

  • ServerHelloの時点で鍵交換は完了しているので、この先のメッセージはAES_128_GCMで暗号化(AEAD)される
    • QUICのpayloadが暗号化されているようだ
      • 上のkey.logを与えないと、下のようにdecryptできないと警告がでるので
    [Expert Info (Warning/Decryption): Failed to create decryption context: Secrets are not available]
        [Failed to create decryption context: Secrets are not available]
        [Severity level: Warning]
        [Group: Decryption]
    Remaining Payload: 45732f4e9130531ad4fa666b29f0913829cee72a23aa339fc27f2d290b99cff7052de9df…
  • PINGフレームのみ
    • Endpoints can use PING frames (type=0x01) to verify that their peers are still alive or to check reachability to the peer.
    • タイムアウトを防ぐためにやっているようだ。(あんまり気にしなくて良さそう)

詳細

Frame 148: 100 bytes on wire (800 bits), 100 bytes captured (800 bits) on interface en0, id 0
Ethernet II, Src: Apple_b3:a4:ef (38:f9:d3:b3:a4:ef), Dst: Mitsubis_84:95:2d (10:4b:46:84:95:2d)
User Datagram Protocol, Src Port: 60282, Dst Port: 443
    Source Port: 60282
    Destination Port: 443
    Length: 66
    Checksum: 0x2dc2 [unverified]
    [Checksum Status: Unverified]
    [Stream index: 11]
    [Timestamps]
        [Time since first frame: 0.033620000 seconds]
        [Time since previous frame: 0.025522000 seconds]
    UDP payload (58 bytes)
QUIC IETF
    QUIC Connection information
        [Connection Number: 2]
    [Packet Length: 58]
    1... .... = Header Form: Long Header (1)
    .1.. .... = Fixed Bit: True
    ..10 .... = Packet Type: Handshake (2)
    .... 00.. = Reserved: 0
    .... ..00 = Packet Number Length: 1 bytes (0)
    Version: draft-29 (0xff00001d)
    Destination Connection ID Length: 8
    Destination Connection ID: 88758606f0322a5b
    Source Connection ID Length: 20
    Source Connection ID: 199f225869a15581ea105e2683da3e4e977db844
    Length: 21
    Packet Number: 0
    Payload: 9f3c4005313d571999f64786ac2c11235c07773b
    PING
        Frame Type: PING (0x0000000000000001)
    PADDING Length: 3
        Frame Type: PADDING (0x0000000000000000)
        [Padding Length: 3]

QUIC handshake, EncryptedExtensions, Certificate(部分): サーバー → クライアント)

  • ServerHelloの時点で鍵交換は完了しているので、この先のメッセージはAES_128_GCMで暗号化(AEAD)される
    • TCPのヘッダの中にあったざまざまな情報をQUICではペイロードに入れて暗号化できている、ところが嬉しい
  • TLS1.3のEncryptedExtensionsを送っている
    • ServerHelloでは暗号化されていないので、安全に情報を伝えるためにextensionを別で送るようになっている。
    • application_layer_protocol_negotiation extensionでh3-29で同意した
    • FF73DBはversion_informationとのこと。
  • Certificateも部分的に送っている
    • Handshake Protocol: Certificate (fragment)とあるとおり

詳細

Frame 149: 1242 bytes on wire (9936 bits), 1242 bytes captured (9936 bits) on interface en0, id 0
Ethernet II, Src: Mitsubis_84:95:2d (10:4b:46:84:95:2d), Dst: Apple_b3:a4:ef (38:f9:d3:b3:a4:ef)
User Datagram Protocol, Src Port: 443, Dst Port: 60282
    Source Port: 443
    Destination Port: 60282
    Length: 1208
    Checksum: 0x0bc7 [unverified]
    [Checksum Status: Unverified]
    [Stream index: 11]
    [Timestamps]
        [Time since first frame: 0.040445000 seconds]
        [Time since previous frame: 0.006825000 seconds]
    UDP payload (1200 bytes)
QUIC IETF
    QUIC Connection information
        [Connection Number: 2]
    [Packet Length: 1200]
    1... .... = Header Form: Long Header (1)
    .1.. .... = Fixed Bit: True
    ..10 .... = Packet Type: Handshake (2)
    .... 00.. = Reserved: 0
    .... ..00 = Packet Number Length: 1 bytes (0)
    Version: draft-29 (0xff00001d)
    Destination Connection ID Length: 20
    Destination Connection ID: 199f225869a15581ea105e2683da3e4e977db844
    Source Connection ID Length: 8
    Source Connection ID: 88758606f0322a5b
    Length: 1163
    Packet Number: 2
    Payload: deb51a9b57814b23ba467fb1c7156be8aab0de1a2d2b25c2a5ead62f02f971fbcd2b8cf9…
    CRYPTO
        Frame Type: CRYPTO (0x0000000000000006)
        Offset: 0
        Length: 1142
        Crypto Data
        TLSv1.3 Record Layer: Handshake Protocol: Multiple Handshake Messages
            Handshake Protocol: c
                Handshake Type: Encrypted Extensions (8)
                Length: 195
                Extensions Length: 193
                Extension: server_name (len=0)
                    Type: server_name (0)
                    Length: 0
                Extension: application_layer_protocol_negotiation (len=8)
                    Type: application_layer_protocol_negotiation (16)
                    Length: 8
                    ALPN Extension Length: 6
                    ALPN Protocol
                        ALPN string length: 5
                        ALPN Next Protocol: h3-29
                Extension: quic_transport_parameters (drafts version) (len=173)
                    Type: quic_transport_parameters (drafts version) (65445)
                    Length: 173
                    Parameter: google_quic_version (len=25)
                        Type: google_quic_version (0x4752)
                        Length: 25
                        Value: ff00001d1400000001ff00001d513035305130343651303433
                        Google QUIC version: draft-29 (0xff00001d)
                        Google Supported Versions Length: 20
                        Google Supported Version: 1 (0x00000001)
                        Google Supported Version: draft-29 (0xff00001d)
                        Google Supported Version: Google Q050 (0x51303530)
                        Google Supported Version: Google Q046 (0x51303436)
                        Google Supported Version: Google Q043 (0x51303433)
                    Parameter: Unknown 0xff73db (len=28)
                        Type: Unknown (0xff73db)
                        Length: 28
                        Value: ff00001d00000001ff00001d5130353051303436ea8a7a0a51303433
                    Parameter: initial_max_streams_bidi (len=2) 100
                        Type: initial_max_streams_bidi (0x08)
                        Length: 2
                        Value: 4064
                        initial_max_streams_bidi: 100
                    Parameter: initial_max_data (len=4) 196608
                        Type: initial_max_data (0x04)
                        Length: 4
                        Value: 80030000
                        initial_max_data: 196608
                    Parameter: initial_max_streams_uni (len=2) 103
                        Type: initial_max_streams_uni (0x09)
                        Length: 2
                        Value: 4067
                        initial_max_streams_uni: 103
                    Parameter: stateless_reset_token (len=16)
                        Type: stateless_reset_token (0x02)
                        Length: 16
                        Value: 9362f5507acd9bef9196657827b2e56e
                        stateless_reset_token: 9362f5507acd9bef9196657827b2e56e
                    Parameter: max_udp_payload_size (len=2) 1472
                        Type: max_udp_payload_size (0x03)
                        Length: 2
                        Value: 45c0
                        max_udp_payload_size: 1472
                    Parameter: GREASE (len=5)
                        Type: GREASE (0x35de07450b493654)
                        Length: 5
                        Value: d86782fdef
                    Parameter: max_idle_timeout (len=4) 240000 ms
                        Type: max_idle_timeout (0x01)
                        Length: 4
                        Value: 8003a980
                        max_idle_timeout: 240000
                    Parameter: disable_active_migration (len=0)
                        Type: disable_active_migration (0x0c)
                        Length: 0
                        Value: <MISSING>
                    Parameter: initial_max_stream_data_bidi_local (len=4) 131072
                        Type: initial_max_stream_data_bidi_local (0x05)
                        Length: 4
                        Value: 80020000
                        initial_max_stream_data_bidi_local: 131072
                    Parameter: initial_max_stream_data_uni (len=4) 131072
                        Type: initial_max_stream_data_uni (0x07)
                        Length: 4
                        Value: 80020000
                        initial_max_stream_data_uni: 131072
                    Parameter: original_destination_connection_id (len=16)
                        Type: original_destination_connection_id (0x00)
                        Length: 16
                        Value: 88758606f0322a5bbb4ab785d77f9224
                        original_destination_connection_id: 88758606f0322a5bbb4ab785d77f9224
                    Parameter: initial_source_connection_id (len=8)
                        Type: initial_source_connection_id (0x0f)
                        Length: 8
                        Value: 88758606f0322a5b
                        Initial Source Connection ID: 88758606f0322a5b
                    Parameter: initial_max_stream_data_bidi_remote (len=4) 131072
                        Type: initial_max_stream_data_bidi_remote (0x06)
                        Length: 4
                        Value: 80020000
                        initial_max_stream_data_bidi_remote: 131072
                    Parameter: max_datagram_frame_size (len=4) 65536
                        Type: max_datagram_frame_size (0x20)
                        Length: 4
                        Value: 80010000
                        max_datagram_frame_size: 65536
            Handshake Protocol: Certificate (fragment)
            Reassembled Handshake Message in frame: 155

QUIC handshake, ACK(クライアント → サーバー)

  • ACKだが、これは何に対する合意なんだろうか?
    • TLS1.3ではEncryptedExtensions → Certificate → CertificateVerifyと立て続けに送るので。

詳細

Frame 150: 101 bytes on wire (808 bits), 101 bytes captured (808 bits) on interface en0, id 0
Ethernet II, Src: Apple_b3:a4:ef (38:f9:d3:b3:a4:ef), Dst: Mitsubis_84:95:2d (10:4b:46:84:95:2d)
User Datagram Protocol, Src Port: 60282, Dst Port: 443
QUIC IETF
    QUIC Connection information
        [Connection Number: 2]
    [Packet Length: 59]
    1... .... = Header Form: Long Header (1)
    .1.. .... = Fixed Bit: True
    ..10 .... = Packet Type: Handshake (2)
    .... 00.. = Reserved: 0
    .... ..00 = Packet Number Length: 1 bytes (0)
    Version: draft-29 (0xff00001d)
    Destination Connection ID Length: 8
    Destination Connection ID: 88758606f0322a5b
    Source Connection ID Length: 20
    Source Connection ID: 199f225869a15581ea105e2683da3e4e977db844
    Length: 22
    Packet Number: 1
    Payload: e2107615b0a987057ad4c7b0d7c994d1d09c28ef1f
    ACK
        Frame Type: ACK (0x0000000000000002)
        Largest Acknowledged: 2
        ACK Delay: 4
        ACK Range Count: 0
        First ACK Range: 0

QUIC handshake, Certificate(途中まで): サーバー → クライアント

  • Certificateメッセージ(部分)を送っている

詳細

Frame 151: 1242 bytes on wire (9936 bits), 1242 bytes captured (9936 bits) on interface en0, id 0
Ethernet II, Src: Mitsubis_84:95:2d (10:4b:46:84:95:2d), Dst: Apple_b3:a4:ef (38:f9:d3:b3:a4:ef)
Internet Protocol Version 4, Src: 216.58.220.100, Dst: 192.168.1.6
User Datagram Protocol, Src Port: 443, Dst Port: 60282
    Source Port: 443
    Destination Port: 60282
    Length: 1208
    Checksum: 0xe02f [unverified]
    [Checksum Status: Unverified]
    [Stream index: 11]
    [Timestamps]
        [Time since first frame: 0.041845000 seconds]
        [Time since previous frame: 0.000777000 seconds]
    UDP payload (1200 bytes)
QUIC IETF
    QUIC Connection information
        [Connection Number: 2]
    [Packet Length: 1200]
    1... .... = Header Form: Long Header (1)
    .1.. .... = Fixed Bit: True
    ..10 .... = Packet Type: Handshake (2)
    .... 00.. = Reserved: 0
    .... ..00 = Packet Number Length: 1 bytes (0)
    Version: draft-29 (0xff00001d)
    Destination Connection ID Length: 20
    Destination Connection ID: 199f225869a15581ea105e2683da3e4e977db844
    Source Connection ID Length: 8
    Source Connection ID: 88758606f0322a5b
    Length: 1163
    Packet Number: 3
    Payload: 8e85572215410eef23779d420678785fa5515913fa8750d9203980ca8d68b48371a49fe4…
    CRYPTO
        Frame Type: CRYPTO (0x0000000000000006)
        Offset: 1142
        Length: 1141
        Crypto Data
        TLSv1.3 Record Layer: Handshake Protocol: Multiple Handshake Messages
            Handshake Protocol: Certificate (fragment)
            Reassembled Handshake Message in frame: 155
Frame 152: 1242 bytes on wire (9936 bits), 1242 bytes captured (9936 bits) on interface en0, id 0
Ethernet II, Src: Mitsubis_84:95:2d (10:4b:46:84:95:2d), Dst: Apple_b3:a4:ef (38:f9:d3:b3:a4:ef)
Internet Protocol Version 4, Src: 216.58.220.100, Dst: 192.168.1.6
User Datagram Protocol, Src Port: 443, Dst Port: 60282
    Source Port: 443
    Destination Port: 60282
    Length: 1208
    Checksum: 0x864a [unverified]
    [Checksum Status: Unverified]
    [Stream index: 11]
    [Timestamps]
        [Time since first frame: 0.042046000 seconds]
        [Time since previous frame: 0.000201000 seconds]
    UDP payload (1200 bytes)
QUIC IETF
    QUIC Connection information
        [Connection Number: 2]
    [Packet Length: 1200]
    1... .... = Header Form: Long Header (1)
    .1.. .... = Fixed Bit: True
    ..10 .... = Packet Type: Handshake (2)
    .... 00.. = Reserved: 0
    .... ..00 = Packet Number Length: 1 bytes (0)
    Version: draft-29 (0xff00001d)
    Destination Connection ID Length: 20
    Destination Connection ID: 199f225869a15581ea105e2683da3e4e977db844
    Source Connection ID Length: 8
    Source Connection ID: 88758606f0322a5b
    Length: 1163
    Packet Number: 4
    Payload: 3c9fef53071ee7746ff8a187670caffa0bcde13bf839f21fc90f4cae7ceab089ba7313d2…
    CRYPTO
        Frame Type: CRYPTO (0x0000000000000006)
        Offset: 2283
        Length: 1141
        Crypto Data
        TLSv1.3 Record Layer: Handshake Protocol: Multiple Handshake Messages
            Handshake Protocol: Certificate (fragment)
            Reassembled Handshake Message in frame: 155
Frame 153: 1242 bytes on wire (9936 bits), 1242 bytes captured (9936 bits) on interface en0, id 0
Ethernet II, Src: Mitsubis_84:95:2d (10:4b:46:84:95:2d), Dst: Apple_b3:a4:ef (38:f9:d3:b3:a4:ef)
User Datagram Protocol, Src Port: 443, Dst Port: 60282
    Source Port: 443
    Destination Port: 60282
    Length: 1208
    Checksum: 0x6566 [unverified]
    [Checksum Status: Unverified]
    [Stream index: 11]
    [Timestamps]
        [Time since first frame: 0.042254000 seconds]
        [Time since previous frame: 0.000208000 seconds]
    UDP payload (1200 bytes)
QUIC IETF
    QUIC Connection information
        [Connection Number: 2]
    [Packet Length: 1200]
    1... .... = Header Form: Long Header (1)
    .1.. .... = Fixed Bit: True
    ..10 .... = Packet Type: Handshake (2)
    .... 00.. = Reserved: 0
    .... ..00 = Packet Number Length: 1 bytes (0)
    Version: draft-29 (0xff00001d)
    Destination Connection ID Length: 20
    Destination Connection ID: 199f225869a15581ea105e2683da3e4e977db844
    Source Connection ID Length: 8
    Source Connection ID: 88758606f0322a5b
    Length: 1163
    Packet Number: 5
    Payload: 97a28227b26e45c442b17bc354b09eedf9c7a228fd81c199aa20ae49b9b4366d203d4371…
    CRYPTO
        Frame Type: CRYPTO (0x0000000000000006)
        Offset: 3424
        Length: 1141
        Crypto Data
        TLSv1.3 Record Layer: Handshake Protocol: Multiple Handshake Messages
            Handshake Protocol: Certificate (fragment)
            Reassembled Handshake Message in frame: 155
Frame 154: 1242 bytes on wire (9936 bits), 1242 bytes captured (9936 bits) on interface en0, id 0
Ethernet II, Src: Mitsubis_84:95:2d (10:4b:46:84:95:2d), Dst: Apple_b3:a4:ef (38:f9:d3:b3:a4:ef)
User Datagram Protocol, Src Port: 443, Dst Port: 60282
    Source Port: 443
    Destination Port: 60282
    Length: 1208
    Checksum: 0x8109 [unverified]
    [Checksum Status: Unverified]
    [Stream index: 11]
    [Timestamps]
        [Time since first frame: 0.042438000 seconds]
        [Time since previous frame: 0.000184000 seconds]
    UDP payload (1200 bytes)
QUIC IETF
    QUIC Connection information
        [Connection Number: 2]
    [Packet Length: 1200]
    1... .... = Header Form: Long Header (1)
    .1.. .... = Fixed Bit: True
    ..10 .... = Packet Type: Handshake (2)
    .... 00.. = Reserved: 0
    .... ..00 = Packet Number Length: 1 bytes (0)
    Version: draft-29 (0xff00001d)
    Destination Connection ID Length: 20
    Destination Connection ID: 199f225869a15581ea105e2683da3e4e977db844
    Source Connection ID Length: 8
    Source Connection ID: 88758606f0322a5b
    Length: 1163
    Packet Number: 6
    Payload: 54668a9013616ae98728b3f64da406586b8a3de3bff928a5bbd1e7b605e6b4e51ccee342…
    CRYPTO
        Frame Type: CRYPTO (0x0000000000000006)
        Offset: 4565
        Length: 1141
        Crypto Data
        TLSv1.3 Record Layer: Handshake Protocol: Multiple Handshake Messages
            Handshake Protocol: Certificate (fragment)
            Reassembled Handshake Message in frame: 155

QUIC HandShake, Certificate(終わり), CertificateVerify, Finished, http3: サーバー → クライアント

詳細

Frame 155: 1206 bytes on wire (9648 bits), 1206 bytes captured (9648 bits) on interface en0, id 0
Ethernet II, Src: Mitsubis_84:95:2d (10:4b:46:84:95:2d), Dst: Apple_b3:a4:ef (38:f9:d3:b3:a4:ef)
User Datagram Protocol, Src Port: 443, Dst Port: 60282
    Source Port: 443
    Destination Port: 60282
    Length: 1172
    Checksum: 0x95bc [unverified]
    [Checksum Status: Unverified]
    [Stream index: 11]
    [Timestamps]
        [Time since first frame: 0.042439000 seconds]
        [Time since previous frame: 0.000001000 seconds]
    UDP payload (1164 bytes)
QUIC IETF
    QUIC Connection information
        [Connection Number: 2]
    [Packet Length: 1081]
    1... .... = Header Form: Long Header (1)
    .1.. .... = Fixed Bit: True
    ..10 .... = Packet Type: Handshake (2)
    .... 00.. = Reserved: 0
    .... ..00 = Packet Number Length: 1 bytes (0)
    Version: draft-29 (0xff00001d)
    Destination Connection ID Length: 20
    Destination Connection ID: 199f225869a15581ea105e2683da3e4e977db844
    Source Connection ID Length: 8
    Source Connection ID: 88758606f0322a5b
    Length: 1044
    Packet Number: 7
    Payload: b843825498ec80988e11a333465f8a656933a19f2becb27e0171a31c3cd7ed85cf8e9807…
    ACK
        Frame Type: ACK (0x0000000000000002)
        Largest Acknowledged: 0
        ACK Delay: 0
        ACK Range Count: 0
        First ACK Range: 0
    CRYPTO
        Frame Type: CRYPTO (0x0000000000000006)
        Offset: 5706
        Length: 1017
        Crypto Data
        TLSv1.3 Record Layer: Handshake Protocol: Multiple Handshake Messages
            Handshake Protocol: Certificate (last fragment)
            [6 Reassembled Handshake Fragments (6409 bytes): #149(943), #151(1141), #152(1141), #153(1141), #154(1141), #155(902)]
                [Frame: 149, payload: 0-942 (943 bytes)]
                [Frame: 151, payload: 943-2083 (1141 bytes)]
                [Frame: 152, payload: 2084-3224 (1141 bytes)]
                [Frame: 153, payload: 3225-4365 (1141 bytes)]
                [Frame: 154, payload: 4366-5506 (1141 bytes)]
                [Frame: 155, payload: 5507-6408 (902 bytes)]
                [Handshake Fragment count: 6]
            Handshake Protocol: Certificate
                Handshake Type: Certificate (11)
                Length: 6405
                Certificate Request Context Length: 0
                Certificates Length: 6401
                Certificates (6401 bytes)
# 中略(gistにある)
            Handshake Protocol: Certificate Verify
                Handshake Type: Certificate Verify (15)
                Length: 75
                Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)
                    Signature Hash Algorithm Hash: SHA256 (4)
                    Signature Hash Algorithm Signature: ECDSA (3)
                Signature length: 71
                Signature: 3045022100c578cbd952845bea5a35b4e096324c1cfc837a2d54b6ca2de4fa3ed90af68a…
            Handshake Protocol: Finished
                Handshake Type: Finished (20)
                Length: 32
                Verify Data
QUIC IETF
    [Packet Length: 83]
    QUIC Short Header DCID=199f225869a15581ea105e2683da3e4e977db844 PKN=8
        0... .... = Header Form: Short Header (0)
        .1.. .... = Fixed Bit: True
        ..0. .... = Spin Bit: False
        ...0 0... = Reserved: 0
        .... .0.. = Key Phase Bit: False
        .... ..01 = Packet Number Length: 2 bytes (1)
        Destination Connection ID: 199f225869a15581ea105e2683da3e4e977db844
        Packet Number: 8
        Protected Payload: f5063ae0523fb6b8732e5fb2e47c61ecb9e824656c59692bc8c1a52723df24573fc255b7…
    STREAM id=3 fin=0 off=0 len=42 dir=Unidirectional origin=Server-initiated
        Frame Type: STREAM (0x0000000000000008)
            .... ...0 = Fin: False
            .... ..0. = Len(gth): False
            .... .0.. = Off(set): False
        Stream ID: 3
            .... .... .... .... .... .... .... .... .... .... .... .... .... .... .... ...1 = Stream initiator: Server-initiated (1)
            .... .... .... .... .... .... .... .... .... .... .... .... .... .... .... ..1. = Stream direction: Unidirectional (1)
        Stream Data: 00041d01800100000680010000074064c000000c54574536c00000004ca77d7cc0000006…
Hypertext Transfer Protocol Version 3
    Stream Type: Control Stream (0x0000000000000000)
    Type: SETTINGS (0x0000000000000004)
    Length: 29
    Frame Payload: 01800100000680010000074064c000000c54574536c00000004ca77d7c
    Settings - Max Table Capacity: 65536
        Settings Identifier: Max Table Capacity (0x0000000000000001)
        Settings Value: 65536
        Max Table Capacity: 65536
    Settings - Max Field Section Size: 65536
        Settings Identifier: Max Field Section Size (0x0000000000000006)
        Settings Value: 65536
        Max header list size: 65536
    Settings - Blocked Streams: 100
        Settings Identifier: Blocked Streams (0x0000000000000007)
        Settings Value: 100
        Blocked Streams: 100
    Settings - GREASE
        Type: GREASE (0xc54574536)
        Settings Value: 1286045052
    Type: Reserved (0x62bfe3694)
    Length: 1
    Frame Payload: e2

QUIC HandShake: クライアント → サーバー

  • ACKしてる
Frame 156: 101 bytes on wire (808 bits), 101 bytes captured (808 bits) on interface en0, id 0
Ethernet II, Src: Apple_b3:a4:ef (38:f9:d3:b3:a4:ef), Dst: Mitsubis_84:95:2d (10:4b:46:84:95:2d)
Internet Protocol Version 4, Src: 192.168.1.6, Dst: 216.58.220.100
User Datagram Protocol, Src Port: 60282, Dst Port: 443
    Source Port: 60282
    Destination Port: 443
    Length: 67
    Checksum: 0xc784 [unverified]
    [Checksum Status: Unverified]
    [Stream index: 11]
    [Timestamps]
        [Time since first frame: 0.042565000 seconds]
        [Time since previous frame: 0.000126000 seconds]
    UDP payload (59 bytes)
QUIC IETF
    QUIC Connection information
        [Connection Number: 2]
    [Packet Length: 59]
    1... .... = Header Form: Long Header (1)
    .1.. .... = Fixed Bit: True
    ..10 .... = Packet Type: Handshake (2)
    .... 00.. = Reserved: 0
    .... ..00 = Packet Number Length: 1 bytes (0)
    Version: draft-29 (0xff00001d)
    Destination Connection ID Length: 8
    Destination Connection ID: 88758606f0322a5b
    Source Connection ID Length: 20
    Source Connection ID: 199f225869a15581ea105e2683da3e4e977db844
    Length: 22
    Packet Number: 2
    Payload: 4a6f2448253c8f1dad2ffc611894cdce26977b62f1
    ACK
        Frame Type: ACK (0x0000000000000002)
        Largest Acknowledged: 3
        ACK Delay: 6
        ACK Range Count: 0
        First ACK Range: 1
  • ここから先はTODO
    • TLSの役目が終わってアプリケーションレイヤーメインなので現状あまり興味がないというのもある
    • 自分がTCPそこまで詳しくないからというのもある
  • PKNはpacKet Number
    • PKN4でリクエストヘッダを送って、PKN13でレスポンスヘッダが来ている
      • ただ、ヘッダ部はテキスト形式ではなくバイナリ形式なので、"curl"でやった結果がそのままdumpファイルに表示されるわけではないんだよね。

  • PKN 9でNewSessionTIcketがきてる
Frame 163: 680 bytes on wire (5440 bits), 680 bytes captured (5440 bits) on interface en0, id 0

Ethernet II, Src: Mitsubis_84:95:2d (10:4b:46:84:95:2d), Dst: Apple_b3:a4:ef (38:f9:d3:b3:a4:ef)
Internet Protocol Version 4, Src: 216.58.220.100, Dst: 192.168.1.6
User Datagram Protocol, Src Port: 443, Dst Port: 60282
    Source Port: 443
    Destination Port: 60282
    Length: 646
    Checksum: 0xf954 [unverified]
    [Checksum Status: Unverified]
    [Stream index: 11]
    [Timestamps]
        [Time since first frame: 0.049471000 seconds]
        [Time since previous frame: 0.005372000 seconds]
    UDP payload (638 bytes)
QUIC IETF
    QUIC Connection information
        [Connection Number: 2]
    [Packet Length: 638]
    QUIC Short Header DCID=199f225869a15581ea105e2683da3e4e977db844 PKN=9
        0... .... = Header Form: Short Header (0)
        .1.. .... = Fixed Bit: True
        ..0. .... = Spin Bit: False
        ...0 0... = Reserved: 0
        .... .0.. = Key Phase Bit: False
        .... ..00 = Packet Number Length: 1 bytes (0)
        Destination Connection ID: 199f225869a15581ea105e2683da3e4e977db844
        Packet Number: 9
        Protected Payload: a2c25fdeb71ae6bc0d83b004d2afc2dae449f31b682dcd620f208c8a43a07054b1ef7236…
    CRYPTO
        Frame Type: CRYPTO (0x0000000000000006)
        Offset: 0
        Length: 596
        Crypto Data
        TLSv1.3 Record Layer: Handshake Protocol: Multiple Handshake Messages
            Handshake Protocol: New Session Ticket
            Handshake Protocol: New Session Ticket
  • PKN10でhandshake done
Frame 164: 171 bytes on wire (1368 bits), 171 bytes captured (1368 bits) on interface en0, id 0
    Interface id: 0 (en0)
        Interface name: en0
        Interface description: Wi-Fi
    Encapsulation type: Ethernet (1)
    Arrival Time: Sep 24, 2022 18:43:49.084911000 JST
    [Time shift for this packet: 0.000000000 seconds]
    Epoch Time: 1664012629.084911000 seconds
    [Time delta from previous captured frame: 0.000002000 seconds]
    [Time delta from previous displayed frame: 0.000002000 seconds]
    [Time since reference or first frame: 45.235804000 seconds]
    Frame Number: 164
    Frame Length: 171 bytes (1368 bits)
    Capture Length: 171 bytes (1368 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ethertype:ip:udp:quic]
    [Coloring Rule Name: UDP]
    [Coloring Rule String: udp]
Ethernet II, Src: Mitsubis_84:95:2d (10:4b:46:84:95:2d), Dst: Apple_b3:a4:ef (38:f9:d3:b3:a4:ef)
    Destination: Apple_b3:a4:ef (38:f9:d3:b3:a4:ef)
        Address: Apple_b3:a4:ef (38:f9:d3:b3:a4:ef)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Source: Mitsubis_84:95:2d (10:4b:46:84:95:2d)
        Address: Mitsubis_84:95:2d (10:4b:46:84:95:2d)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 216.58.220.100, Dst: 192.168.1.6
    0100 .... = Version: 4
    .... 0101 = Header Length: 20 bytes (5)
    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
        0000 00.. = Differentiated Services Codepoint: Default (0)
        .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
    Total Length: 157
    Identification: 0x0000 (0)
    Flags: 0x40, Don't fragment
        0... .... = Reserved bit: Not set
        .1.. .... = Don't fragment: Set
        ..0. .... = More fragments: Not set
    ...0 0000 0000 0000 = Fragment Offset: 0
    Time to Live: 58
    Protocol: UDP (17)
    Header Checksum: 0xca02 [validation disabled]
    [Header checksum status: Unverified]
    Source Address: 216.58.220.100
    Destination Address: 192.168.1.6
User Datagram Protocol, Src Port: 443, Dst Port: 60282
    Source Port: 443
    Destination Port: 60282
    Length: 137
    Checksum: 0xa954 [unverified]
    [Checksum Status: Unverified]
    [Stream index: 11]
    [Timestamps]
        [Time since first frame: 0.049473000 seconds]
        [Time since previous frame: 0.000002000 seconds]
    UDP payload (129 bytes)
QUIC IETF
    QUIC Connection information
        [Connection Number: 2]
    [Packet Length: 129]
    QUIC Short Header DCID=199f225869a15581ea105e2683da3e4e977db844 PKN=10
        0... .... = Header Form: Short Header (0)
        .1.. .... = Fixed Bit: True
        ..0. .... = Spin Bit: False
        ...0 0... = Reserved: 0
        .... .0.. = Key Phase Bit: False
        .... ..01 = Packet Number Length: 2 bytes (1)
        Destination Connection ID: 199f225869a15581ea105e2683da3e4e977db844
        Packet Number: 10
        Protected Payload: dd42be65bd1b82cddf4ca192e22552933962a503bbda6a7fb1c654d85fd64d64591c7e6f…
    HANDSHAKE_DONE
        Frame Type: HANDSHAKE_DONE (0x000000000000001e)
    NEW_TOKEN
        Frame Type: NEW_TOKEN (0x0000000000000007)
        (Token) Length: 86
        Token: 00beee223273e35e7dc2d3a91664bd1894f1bdcf4daadc94e6ed56919ffc01d18218fbb0