diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2021-02-03 11:54:11 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-02-03 11:54:11 +0100 |
| commit | 8c0ea694f86b184c0d09c7e76aa760336dfe0b62 (patch) | |
| tree | e9963c26b32c9ef887d89a55ff219e57577858e5 /python | |
| parent | 8cee718e8b3a64ac9b66f88844f43f0594c1bb37 (diff) | |
HTTP: fix user-agent parsing (#1124)
User-agent information is used to try to detect the user OS; since the
UA is extracted for QUIC traffic too, the "detected_os" field must be
generic and not associated to HTTP flows only.
Otherwise, you might overwrite some "tls_quic_stun" fields (SNI...) with
random data.
Strangely enough, the "detected_os" field is never used: it is never
logged, or printed, or exported...
Diffstat (limited to 'python')
| -rw-r--r-- | python/ndpi.py | 4 | ||||
| -rw-r--r-- | python/ndpi_typestruct.py | 4 |
2 files changed, 4 insertions, 4 deletions
diff --git a/python/ndpi.py b/python/ndpi.py index 6bc166487..c545e7998 100644 --- a/python/ndpi.py +++ b/python/ndpi.py @@ -1068,6 +1068,8 @@ struct ndpi_flow_struct { uint8_t num_request_headers, num_response_headers; uint8_t request_version; /* 0=1.0 and 1=1.1. Create an enum for this? */ uint16_t response_status_code; /* 200, 404, etc. */ + uint8_t detected_os[32]; /* Via HTTP/QUIC User-Agent */ + } http; /* @@ -1145,8 +1147,6 @@ struct ndpi_flow_struct { } ubntac2; struct { - /* Via HTTP User-Agent */ - uint8_t detected_os[32]; /* Via HTTP X-Forwarded-For */ uint8_t nat_ip[24]; } http; diff --git a/python/ndpi_typestruct.py b/python/ndpi_typestruct.py index 889257dea..743f52ed2 100644 --- a/python/ndpi_typestruct.py +++ b/python/ndpi_typestruct.py @@ -456,6 +456,7 @@ class Http(Structure): ("num_response_headers", c_uint8), ("request_version", c_uint8), ("response_status_code", c_uint16), + ("detected_os", c_char * 32), ] @@ -535,7 +536,6 @@ class Ubntac2(Structure): class Http2(Structure): _fields_ = [ - ("detected_os", c_char * 32), ("nat_ip", c_char * 24) ] @@ -861,4 +861,4 @@ ndpi.ndpi_set_protocol_detection_bitmask2.argtypes = [POINTER(NDPIDetectionModul ndpi.ndpi_twalk.argtypes = [c_void_p, CFUNCTYPE(None, c_void_p, c_int32, c_int, c_void_p), c_void_p] """ ndpi_tdestroy: node destroy. """ -ndpi.ndpi_tdestroy.argtypes = [c_void_p, CFUNCTYPE(None, c_void_p)]
\ No newline at end of file +ndpi.ndpi_tdestroy.argtypes = [c_void_p, CFUNCTYPE(None, c_void_p)] |