From: Victor Julien <vjulien@oisf.net>
Date: Fri, 14 Jan 2022 15:31:34 +0000 (+0100)
Subject: quic: log version as string
X-Git-Tag: suricata-7.0.0-beta1~1005
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ccab28aad3cc6ca15c887af3345191f823efcc57;p=thirdparty%2Fsuricata.git

quic: log version as string

Log as Q043, Q044, Q045, Q046. If the version is not supported/recognized,
log the 4 bytes as hex.

Only log for txs based on long headers.
---

diff --git a/rust/src/quic/logger.rs b/rust/src/quic/logger.rs
index 619364ea68..98bcdd3689 100644
--- a/rust/src/quic/logger.rs
+++ b/rust/src/quic/logger.rs
@@ -20,8 +20,9 @@ use crate::jsonbuilder::{JsonBuilder, JsonError};
 
 fn log_template(tx: &QuicTransaction, js: &mut JsonBuilder) -> Result<(), JsonError> {
     js.open_object("quic")?;
-    js.set_uint("version", u32::from(tx.header.version).into())?;
-
+    if tx.header.flags.is_long {
+        js.set_string("version", String::from(tx.header.version).as_str())?;
+    }
     js.open_array("cyu")?;
     for cyu in &tx.cyu {
         js.start_object()?;
diff --git a/rust/src/quic/parser.rs b/rust/src/quic/parser.rs
index 7888e9c995..f4626563cd 100644
--- a/rust/src/quic/parser.rs
+++ b/rust/src/quic/parser.rs
@@ -52,6 +52,17 @@ impl QuicVersion {
     }
 }
 
+impl From<QuicVersion> for String {
+    fn from(from: QuicVersion) -> Self {
+        match from {
+            QuicVersion(0x51303433) => "Q043".to_string(),
+            QuicVersion(0x51303434) => "Q044".to_string(),
+            QuicVersion(0x51303435) => "Q045".to_string(),
+            QuicVersion(0x51303436) => "Q046".to_string(),
+            QuicVersion(x) => format!("{:x}", x),
+        }
+    }
+}
 impl From<QuicVersion> for u32 {
     fn from(from: QuicVersion) -> Self {
         from.0