Skip to content

Tools

Jump to bottom
Peter Wu edited this page May 20, 2020 · 120 revisions

This is a listing of tools for analysing, debugging and visualising QUIC (and potentially the HTTP mapping). See also the Implementations listing.

Wireshark

Wireshark has a GQUIC decoder1 and IETF-QUIC decoder. HTTP analysis is possible via integration with the HTTP/2 decoder. http3 is not yet supported. To enable handshake/payload decryption, use a Wireshark version that matches the QUIC version:

# First Wireshark version Last WS version notes
-28 v3.3.0rc0-1246-g2b9796adc6 Done
-27 v3.3.0rc0-572-ge4138a3b98 / 3.2.2 Done
-26 v3.3.0rc0-572-ge4138a3b98 / 3.2.2 No wire changes.
-25 v3.3.0rc0-452-gddc03b8c87 / 3.2.2 Done
-24 v3.1.2rc0-16-g71e03ef042 Done
-23 v3.1.1rc0-323-gf95d3a6 Done
-22 v3.1.0rc0-1289-g3967f60 Done
-21 v3.1.0rc0-1288-gbafe354 Done
-20 v3.1.0rc0-615-g28773689e0 / 3.0.2 3.0.x / v3.1.0rc0-1286-gb2a437e Done.
-19 v3.1.0rc0-520-ga65f7f5838 / 3.0.2 3.0.x / v3.1.0rc0-1286-gb2a437e Done.
-18 v2.9.1rc0-487-gd486593ce3 3.0.x / v3.1.0rc0-1285-g954b958aa1 Done since v2.9.1rc0-500-g064a5c90ca
-17 v2.9.1rc0-332-ga0b9e8b652 3.0.x / v3.1.0rc0-1285-g954b958aa1 Done since v2.9.1rc0-456-g19630453bf
-16 v2.9.1rc0-100-g0964b04ee3 v2.9.1rc0-331-gf1fa8df324 Compatible with -15 (no packet change)
-15 v2.9.0rc0-2528-g9bd1c8f155 v2.9.1rc0-331-gf1fa8df324 Available on 2.9.0
-14 v2.9.0rc0-1858-g0aaaa49af3 v2.9.1rc0-108-g075785bd20 Done.
-13 v2.9.0rc0-1850-g2fd42045f5 v2.9.1rc0-100-g0964b04ee3 Decryption updated.
-12 v2.9.0rc0-1816-g81710c7d3c v2.9.0rc0-1863-g7b65208ef3 Last draft to use TLS Exporter Secret.
-11 v2.9.0rc0-291-gee3bc52192 v2.9.0rc0-1829-g1d2fd4f411 +Connection migration (untested)
-10 v2.9.0rc0-200-g88435354c0 v2.9.0rc0-1779-g351ea5940e
-09 v2.5.2rc0-68-geea63ae2a7 2.6.x / v2.9.0rc0-173-g71ddbb69f5 Supports payload decryption (-09)
-08 ? v2.9.0rc0-173-g71ddbb69f5

Automated builds (macOS and Windows): https://www.wireshark.org/download/automated/
Upstream bug (with sample captures/keys): https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13881
Patches under review: https://code.wireshark.org/review/#/q/status:open+branch:master+topic:QUIC

Payload decryption (>= draft -13) requires QUIC/TLS 1.3 traffic secrets following the SSLKEYLOGFILE key log file format. OpenSSL supports this via its keylog callback.

If your QUIC traffic is not properly detected by Wireshark, note that:

  • Wireshark uses a heuristics approach to detect QUIC based on the version number. If you use an experimental version number, it might not be detected as QUIC traffic.
  • Dissectors using a standard port (such as 44818 for EtherNet-IP-2) usually takes precedence.
  • To solve this, explicitly use Decode As QUIC via the GUI or via the command line option -dudp.port==443,quic.
  • If you use non-standard draft version numbers in the version field, Wireshark will assume the latest draft version.

1Wireshark is not capable of decrypting GQUIC packets itself, even if NSS Keylogging has been configured. However, if a decrypted trace is supplied to Wireshark it will correctly dissect GQUIC if the "Force decrypt" option is enabled in the Settings.

Wireshark draft support

General issues
To-do items for draft -28 completion
To-do items for draft -27 completion (completed)
To-do items for draft -25 completion (completed)
To-do items for draft -24 completion (completed)
To-do items for draft -23 completion (completed)
To-do items for draft -22 completion (completed)
To-do items for draft -21 completion (completed)
To-do items for draft -20 completion (completed)
To-do items for draft -19 completion (completed)
  • Removal of VERSION_NEGOTIATION_ERROR (0x9) error code.
  • Removal of QuicVersion fields in TransportParameters. https://code.wireshark.org/review/32833
  • idle_timeout (0x0001) was changed from seconds to milliseconds.
To-do items for draft -18 completion (completed)
To-do items for draft -17 completion (completed)
To-do items for draft -16 completion (completed)
To-do items for draft -15 completion (completed)
To-do items for draft -14 completion (completed)
To-do items for draft -13 completion (more or less complete)
To-do items for draft -12 completion (completed and obsolete)
To-do items for draft -11 completion (completed and obsolete)

QUIC Tracker

QUIC-Tracker is a test suite for IETF-QUIC. It exchanges packets with IETF-QUIC implementations to verify whether an implementation conforms with the IETF specification. The test suite is consisting of several test scenarii. Each of them tests a particular feature of the QUIC protocol. The test suite runs daily, and its results are available on its website.

It currently supports QUIC draft-22 and TLS 1.3.

qvalve

qvalve can predictably impair QUIC flows, by dropping, reordering or duplicating individual packets and sequences of packets. It is a non-transparent UDP proxy that should be interposed between a QUIC client and a QUIC server. The behavior of qvalve is configured with rules specified in a simple language.

spindump

The "Spindump" tool is a Unix command-line utility that can be used for latency monitoring in traffic passing through an interface. The tool performs passive, in-network monitoring. It is not a tool to monitor traffic content or metadata of individual connections, and indeed that is not possible in the Internet as most connections are encrypted. The tool looks at the characteristics of transport protocols, such as the QUIC Spin Bit, and attempts to derive information about round-trip times for individual connections or for the aggregate or average values. The tool supports TCP, QUIC, COAP, DNS, and ICMP traffic, as well as both IPv4 and IPv6.

  • Language: C
  • Version: google QUIC, draft-16, draft-17, draft-18, draft-19, draft-20, draft-21, draft-22, draft-23, draft-24, draft-25
  • Roles: in-network tool
  • Handshake: QUIC only, does not peek into TLS or HTTP messaging inside
  • Protocol IDs: 0x00000001 0xff000010, 0xff000011, 0xff000012, 0xff000013, 0xff000014, 0xff000015, 0xff000016, 0xff000017, 0xff000018,0xff000019,0x50435131, etc.
  • Public server: n.a.

h2load

h2load is load testing tool and now experimentally supports HTTP/3.

  • Language: C++
  • Version: draft-27
  • Roles: client
  • Handshake: TLS 1.3
  • Protocol IDs: 0xff00001b
  • ALPN: h3-27

qlog

qlog is a standard logging format for QUIC and HTTP/3. It is based on JSON to be both human and machine-readable. It is currently supported by over half of current QUIC implementations.

qvis

Toolsuite for visualizing QUIC+HTTP/3 qlog and pcap files. Includes a sequence diagram, congestion graph, multiplexing diagram and packetization visualization.

QUIC network simulator

Simulation framework for automated benchmarking of QUIC implementations. Allows extensive network simulations using ns-3.

Source code: https://github.com/marten-seemann/quic-network-simulator/

QUIC interop runner

Interoperability testing framework. Allows running automated tests between different QUIC implementations.

Top pages

Clone this wiki locally