From 8c0ea694f86b184c0d09c7e76aa760336dfe0b62 Mon Sep 17 00:00:00 2001
From: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>
Date: Wed, 3 Feb 2021 11:54:11 +0100
Subject: HTTP: fix user-agent parsing (#1124)

User-agent information is used to try to detect the user OS; since the
UA is extracted for QUIC traffic too, the "detected_os" field must be
generic and not associated to HTTP flows only.

Otherwise, you might overwrite some "tls_quic_stun" fields (SNI...) with
random data.

Strangely enough, the "detected_os" field is never used: it is never
logged, or printed, or exported...
---
 python/ndpi.py            | 4 ++--
 python/ndpi_typestruct.py | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

(limited to 'python')

diff --git a/python/ndpi.py b/python/ndpi.py
index 6bc166487..c545e7998 100644
--- a/python/ndpi.py
+++ b/python/ndpi.py
@@ -1068,6 +1068,8 @@ struct ndpi_flow_struct {
     uint8_t num_request_headers, num_response_headers;
     uint8_t request_version; /* 0=1.0 and 1=1.1. Create an enum for this? */
     uint16_t response_status_code; /* 200, 404, etc. */
+    uint8_t detected_os[32]; /* Via HTTP/QUIC User-Agent */
+
   } http;
 
   /* 
@@ -1145,8 +1147,6 @@ struct ndpi_flow_struct {
     } ubntac2;
 
     struct {
-      /* Via HTTP User-Agent */
-      uint8_t detected_os[32];
       /* Via HTTP X-Forwarded-For */
       uint8_t nat_ip[24];
     } http;
diff --git a/python/ndpi_typestruct.py b/python/ndpi_typestruct.py
index 889257dea..743f52ed2 100644
--- a/python/ndpi_typestruct.py
+++ b/python/ndpi_typestruct.py
@@ -456,6 +456,7 @@ class Http(Structure):
         ("num_response_headers", c_uint8),
         ("request_version", c_uint8),
         ("response_status_code", c_uint16),
+        ("detected_os", c_char * 32),
     ]
 
 
@@ -535,7 +536,6 @@ class Ubntac2(Structure):
 
 class Http2(Structure):
     _fields_ = [
-        ("detected_os", c_char * 32),
         ("nat_ip", c_char * 24)
     ]
 
@@ -861,4 +861,4 @@ ndpi.ndpi_set_protocol_detection_bitmask2.argtypes = [POINTER(NDPIDetectionModul
 ndpi.ndpi_twalk.argtypes = [c_void_p, CFUNCTYPE(None, c_void_p, c_int32, c_int, c_void_p), c_void_p]
 
 """ ndpi_tdestroy: node destroy. """
-ndpi.ndpi_tdestroy.argtypes = [c_void_p, CFUNCTYPE(None, c_void_p)]
\ No newline at end of file
+ndpi.ndpi_tdestroy.argtypes = [c_void_p, CFUNCTYPE(None, c_void_p)]
-- 
cgit v1.2.3