From 8c0ea694f86b184c0d09c7e76aa760336dfe0b62 Mon Sep 17 00:00:00 2001
From: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>
Date: Wed, 3 Feb 2021 11:54:11 +0100
Subject: HTTP: fix user-agent parsing (#1124)

User-agent information is used to try to detect the user OS; since the
UA is extracted for QUIC traffic too, the "detected_os" field must be
generic and not associated to HTTP flows only.

Otherwise, you might overwrite some "tls_quic_stun" fields (SNI...) with
random data.

Strangely enough, the "detected_os" field is never used: it is never
logged, or printed, or exported...
---
 python/ndpi.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'python/ndpi.py')

diff --git a/python/ndpi.py b/python/ndpi.py
index 6bc166487..c545e7998 100644
--- a/python/ndpi.py
+++ b/python/ndpi.py
@@ -1068,6 +1068,8 @@ struct ndpi_flow_struct {
     uint8_t num_request_headers, num_response_headers;
     uint8_t request_version; /* 0=1.0 and 1=1.1. Create an enum for this? */
     uint16_t response_status_code; /* 200, 404, etc. */
+    uint8_t detected_os[32]; /* Via HTTP/QUIC User-Agent */
+
   } http;
 
   /* 
@@ -1145,8 +1147,6 @@ struct ndpi_flow_struct {
     } ubntac2;
 
     struct {
-      /* Via HTTP User-Agent */
-      uint8_t detected_os[32];
       /* Via HTTP X-Forwarded-For */
       uint8_t nat_ip[24];
     } http;
-- 
cgit v1.2.3