HTTP: fix user-agent parsing (#1124)

User-agent information is used to try to detect the user OS; since the UA is extracted for QUIC traffic too, the "detected_os" field must be generic and not associated to HTTP flows only. Otherwise, you might overwrite some "tls_quic_stun" fields (SNI...) with random data. Strangely enough, the "detected_os" field is never used: it is never logged, or printed, or exported...
author: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> 2021-02-03 11:54:11 +0100
committer: GitHub <noreply@github.com> 2021-02-03 11:54:11 +0100
commit: 8c0ea694f86b184c0d09c7e76aa760336dfe0b62 (patch)
tree: e9963c26b32c9ef887d89a55ff219e57577858e5 /python/ndpi.py
parent: 8cee718e8b3a64ac9b66f88844f43f0594c1bb37 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/python/ndpi.py b/python/ndpi.py
index 6bc166487..c545e7998 100644
--- a/python/ndpi.py
+++ b/python/ndpi.py
@@ -1068,6 +1068,8 @@ struct ndpi_flow_struct {
     uint8_t num_request_headers, num_response_headers;
     uint8_t request_version; /* 0=1.0 and 1=1.1. Create an enum for this? */
     uint16_t response_status_code; /* 200, 404, etc. */
+    uint8_t detected_os[32]; /* Via HTTP/QUIC User-Agent */
+
   } http;
 
   /* 
@@ -1145,8 +1147,6 @@ struct ndpi_flow_struct {
     } ubntac2;
 
     struct {
-      /* Via HTTP User-Agent */
-      uint8_t detected_os[32];
       /* Via HTTP X-Forwarded-For */
       uint8_t nat_ip[24];
     } http;
author	Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>	2021-02-03 11:54:11 +0100
committer	GitHub <noreply@github.com>	2021-02-03 11:54:11 +0100
commit	8c0ea694f86b184c0d09c7e76aa760336dfe0b62 (patch)
tree	e9963c26b32c9ef887d89a55ff219e57577858e5 /python/ndpi.py
parent	8cee718e8b3a64ac9b66f88844f43f0594c1bb37 (diff)