Improve QUIC and network sniffing with more robust error handling

Vigilans · Vigilans · commit 45aaf354f43f · 2025-02-12T23:22:16.000+08:00
* Max sniffing attempts based on network type
* Handle additional edge cases in QUIC packet parsing (only initial packets have tokens)
* Prevent premature timeout in network sniffing (io.EOF)
diff --git a/app/dispatcher/default.go b/app/dispatcher/default.go
@@ -4,6 +4,7 @@ package dispatcher
 
 import (
 	"context"
+	"io"
 	"strings"
 	"sync"
 	"time"
@@ -256,6 +257,16 @@ func sniffer(ctx context.Context, cReader *cachedReader, metadataOnly bool, netw
 		return metaresult, metadataErr
 	}
 
+	var maxAttempt int
+	switch network {
+	case net.Network_TCP:
+		maxAttempt = 2
+	case net.Network_UDP:
+		maxAttempt = 5
+	default:
+		maxAttempt = 2
+	}
+
 	contentResult, contentErr := func() (SniffResult, error) {
 		totalAttempt := 0
 		for {
@@ -264,14 +275,14 @@ func sniffer(ctx context.Context, cReader *cachedReader, metadataOnly bool, netw
 				return nil, ctx.Err()
 			default:
 				totalAttempt++
-				if totalAttempt > 2 {
+				if totalAttempt > maxAttempt {
 					return nil, errSniffingTimeout
 				}
 
 				cReader.Cache(payload)
 				if !payload.IsEmpty() {
 					result, err := sniffer.Sniff(ctx, payload.Bytes(), network)
-					if err != common.ErrNoClue {
+					if err != common.ErrNoClue && err != io.EOF {
 						return result, err
 					}
 				}
diff --git a/common/protocol/quic/sniff.go b/common/protocol/quic/sniff.go
@@ -94,13 +94,15 @@ func SniffQUIC(b []byte) (*SniffHeader, error) {
 			return nil, errNotQuic
 		}
 
-		tokenLen, err := quicvarint.Read(buffer)
-		if err != nil || tokenLen > uint64(len(b)) {
-			return nil, errNotQuic
-		}
+		if isQuicInitial { // Only initial packets have token, see https://datatracker.ietf.org/doc/html/rfc9000#section-17.2.2
+			tokenLen, err := quicvarint.Read(buffer)
+			if err != nil || tokenLen > uint64(len(b)) {
+				return nil, errNotQuic
+			}
 
-		if _, err = buffer.ReadBytes(int32(tokenLen)); err != nil {
-			return nil, errNotQuic
+			if _, err = buffer.ReadBytes(int32(tokenLen)); err != nil {
+				return nil, errNotQuic
+			}
 		}
 
 		packetLen, err := quicvarint.Read(buffer)
