HTTP: fix user-agent parsing (#1124)

User-agent information is used to try to detect the user OS; since the
UA is extracted for QUIC traffic too, the "detected_os" field must be
generic and not associated to HTTP flows only.

Otherwise, you might overwrite some "tls_quic_stun" fields (SNI...) with
random data.

Strangely enough, the "detected_os" field is never used: it is never
logged, or printed, or exported...

4 files changed, 7 insertions, 8 deletions

diff --git a/python/ndpi.py b/python/ndpi.py
index 6bc166487..c545e7998 100644
--- a/python/ndpi.py
+++ b/python/ndpi.py
@@ -1068,6 +1068,8 @@ struct ndpi_flow_struct {
     uint8_t num_request_headers, num_response_headers;
     uint8_t request_version; /* 0=1.0 and 1=1.1. Create an enum for this? */
     uint16_t response_status_code; /* 200, 404, etc. */
+    uint8_t detected_os[32]; /* Via HTTP/QUIC User-Agent */
+
   } http;
 
   /* 
@@ -1145,8 +1147,6 @@ struct ndpi_flow_struct {
     } ubntac2;
 
     struct {
-      /* Via HTTP User-Agent */
-      uint8_t detected_os[32];
       /* Via HTTP X-Forwarded-For */
       uint8_t nat_ip[24];
     } http;
diff --git a/python/ndpi_typestruct.py b/python/ndpi_typestruct.py
index 889257dea..743f52ed2 100644
--- a/python/ndpi_typestruct.py
+++ b/python/ndpi_typestruct.py
@@ -456,6 +456,7 @@ class Http(Structure):
         ("num_response_headers", c_uint8),
         ("request_version", c_uint8),
         ("response_status_code", c_uint16),
+        ("detected_os", c_char * 32),
     ]
 
 
@@ -535,7 +536,6 @@ class Ubntac2(Structure):
 
 class Http2(Structure):
     _fields_ = [
-        ("detected_os", c_char * 32),
         ("nat_ip", c_char * 24)
     ]
 
@@ -861,4 +861,4 @@ ndpi.ndpi_set_protocol_detection_bitmask2.argtypes = [POINTER(NDPIDetectionModul
 ndpi.ndpi_twalk.argtypes = [c_void_p, CFUNCTYPE(None, c_void_p, c_int32, c_int, c_void_p), c_void_p]
 
 """ ndpi_tdestroy: node destroy. """
-ndpi.ndpi_tdestroy.argtypes = [c_void_p, CFUNCTYPE(None, c_void_p)]
\ No newline at end of file
+ndpi.ndpi_tdestroy.argtypes = [c_void_p, CFUNCTYPE(None, c_void_p)]
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index 79c8b6c71..0ce2310c8 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -1239,6 +1239,7 @@ struct ndpi_flow_struct {
     u_int8_t num_request_headers, num_response_headers;
     u_int8_t request_version; /* 0=1.0 and 1=1.1. Create an enum for this? */
     u_int16_t response_status_code; /* 200, 404, etc. */
+    u_char detected_os[32]; /* Via HTTP/QUIC User-Agent */
   } http;
 
   /* 
@@ -1316,8 +1317,6 @@ struct ndpi_flow_struct {
     } ubntac2;
 
     struct {
-      /* Via HTTP User-Agent */
-      u_char detected_os[32];
       /* Via HTTP X-Forwarded-For */
       u_char nat_ip[24];
     } http;
diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c
index eec2a7bf1..07b777863 100644
--- a/src/lib/protocols/http.c
+++ b/src/lib/protocols/http.c
@@ -336,8 +336,8 @@ static void setHttpUserAgent(struct ndpi_detection_module_struct *ndpi_struct,
   /* Good reference for future implementations:
    * https://github.com/ua-parser/uap-core/blob/master/regexes.yaml */
 
-  snprintf((char*)flow->protos.http.detected_os,
-	   sizeof(flow->protos.http.detected_os), "%s", ua);
+  snprintf((char*)flow->http.detected_os,
+	   sizeof(flow->http.detected_os), "%s", ua);
 }
 
 /* ************************************************************* */