QUIC: remove extraction of user-agent (#2650)

In very old (G)QUIC versions by Google, the user agent was available on
plain text. That is not true anymore, since about end of 2021.
See: https://github.com/google/quiche/commit/f282c934f4731a9f4be93409c9f3e8687f0566a7

3 files changed, 6 insertions, 42 deletions

diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c
index 644af63f7..1a341797e 100644
--- a/src/lib/protocols/http.c
+++ b/src/lib/protocols/http.c
@@ -775,9 +775,9 @@ static void ndpi_check_user_agent(struct ndpi_detection_module_struct *ndpi_stru
 
 /* ************************************************************* */
 
-void http_process_user_agent(struct ndpi_detection_module_struct *ndpi_struct,
-			     struct ndpi_flow_struct *flow,
-			     const u_int8_t *ua_ptr, u_int16_t ua_ptr_len) {
+static void http_process_user_agent(struct ndpi_detection_module_struct *ndpi_struct,
+                                    struct ndpi_flow_struct *flow,
+                                    const u_int8_t *ua_ptr, u_int16_t ua_ptr_len) {
   /**
       Format examples:
       Mozilla/5.0 (iPad; U; CPU OS 3_2 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko) ....
diff --git a/src/lib/protocols/quic.c b/src/lib/protocols/quic.c
index 7e1a08ac1..e7b217862 100644
--- a/src/lib/protocols/quic.c
+++ b/src/lib/protocols/quic.c
@@ -1423,7 +1423,7 @@ void process_chlo(struct ndpi_detection_module_struct *ndpi_struct,
   uint32_t prev_offset;
   uint32_t tag_offset_start, offset, len;
   ndpi_protocol_match_result ret_match;
-  int sni_found = 0, ua_found = 0, icsl_found = 0;
+  int sni_found = 0, icsl_found = 0;
 
   if(crypto_data_len < 6)
     return;
@@ -1478,19 +1478,7 @@ void process_chlo(struct ndpi_detection_module_struct *ndpi_struct,
       }
       
       sni_found = 1;
-      if (ua_found && icsl_found)
-        return;
-    }
-
-    if(memcmp(tag, "UAID", 4) == 0) {
-      u_int uaid_offset = tag_offset_start + prev_offset;
-            
-      NDPI_LOG_DBG2(ndpi_struct, "UA: [%.*s]\n", len, &crypto_data[uaid_offset]);
-	
-      http_process_user_agent(ndpi_struct, flow, &crypto_data[uaid_offset], len); /* http.c */
-      ua_found = 1;
-	
-      if (sni_found && icsl_found)
+      if(icsl_found)
         return;
     }
 
@@ -1501,7 +1489,7 @@ void process_chlo(struct ndpi_detection_module_struct *ndpi_struct,
       NDPI_LOG_DBG2(ndpi_struct, "ICSL: %d\n", flow->protos.tls_quic.quic_idle_timeout_sec);
       icsl_found = 1;
 
-      if (sni_found && ua_found)
+      if(sni_found)
         return;
     }
 
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index 073e22dcd..a1184cf27 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -3163,30 +3163,6 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct,
 		  if(s_offset+param_len > final_offset)
 		    break;
 
-		  if(param_type==0x3129) {
-#ifdef DEBUG_TLS
-		    printf("UA [%.*s]\n", (int)param_len, &packet->payload[s_offset]);
-#endif
-		    http_process_user_agent(ndpi_struct, flow, &packet->payload[s_offset], param_len);
-		    break;
-		  }
-		  if(param_type == 0x01) {
-                    uint64_t max_idle_timeout;
-
-                    /* max_idle_timeout format changed across draft versions.
-                       Nowdays, we are interested only in latest draft, so check
-                       only for the RFC format */
-                    if(is_quic_ver_greater_than(quic_version, 27)) {
-                      if(param_len > 0 &&
-                         quic_len_buffer_still_required(packet->payload[s_offset]) <= (int)param_len) {
-                        quic_len(&packet->payload[s_offset], &max_idle_timeout);
-                        flow->protos.tls_quic.quic_idle_timeout_sec = max_idle_timeout / 1000;
-#ifdef DEBUG_TLS
-                        printf("Max Idle Timeout: %d\n", flow->protos.tls_quic.quic_idle_timeout_sec);
-#endif
-                      }
-                    }
-		  }
 		  s_offset += param_len;
 		}
 	      } else if(extension_id == 21) { /* Padding */