Nan Xiao's Blog

“argument to variable-length array may be too large [-Wvla-larger-than=]” warning

I use gcc-9 from CentOS:

$ /opt/rh/devtoolset-9/root/usr/bin/gcc --version
gcc (GCC) 9.3.1 20200408 (Red Hat 9.3.1-2)
Copyright (C) 2019 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

And I found if using -O3 compile option, for some Variable-length array in C programming language, gcc will report following warning:

warning: argument to variable-length array may be too large [-Wvla-larger-than=]
  596 |  uint8_t header[header_size];
      |          ^~~~~~~~~~~~~~~~~~

If not using -O3 option, the warning won’t be generated.

Create IETF QUIC pcap file (continued)

My previous post introduces how to create QUIC pcap file, but it ignores the encryption part, so I create a new project to illustrate it. Furthermore, if you are curious about generating keys, my another article can be a good reference!

The caveat of using Chrome to test QUIC implementation

This document gives a detailed information about how to use Chrome to test QUIC implementation. But from my test:

$ /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome \
  --enable-quic \
  --quic-version=h3-T051 \
  --origin-to-force-quic-on=r2---sn-fxc25nn-nwje.googlevideo.com:443 \
  https://r2---sn-fxc25nn-nwje.googlevideo.com/

Opening in existing browser session.

If Chrome is already running, the above command will open tab in existing browser session, and it will use current existing Chrome process’s QUIC version, e.g, T050. So to test different QUIC versions, you should close current running Chrome processes.

Use Wireshark to decrypt TLS flows

TLS debugging is an awesome introduction of using Wireshark to debug TLS issues (The presentation material can be found here). I just summarise how to decrypt TLS flows here:

(1) Set the filter and capture only TLS flows:

(2) Open chromium and save session secrets in command line:

SSLKEYLOGFILE="$PWD/keys.txt" /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --user-data-dir=/tmp/cr

(3)After saving pcap file, Load key and decrypt TLS flows:

Split TCP packets in pcap file

Sometimes, to simulate one corner case, i.e., the TCP layer splits one application record into multiple packets, I need to use libpcap to tweak pcap files. E.g., for following diagram:

I split frame 8 into 3 parts, one will be appended to frame 7, and the remaining 2 parts will be 2 separated packets.

Generally speaking, only length field in IP header and Sequence number field in TCP header need to be modified. The source code and pcap file can be referenced here.