From: Victor Julien <vjulien@oisf.net>
Date: Sun, 16 Jan 2022 13:07:21 +0000 (+0100)
Subject: quic: log user agent when available
X-Git-Tag: suricata-7.0.0-beta1~1001
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4c13b73c4d7c566c4a438dc1f759132a6d97a175;p=thirdparty%2Fsuricata.git

quic: log user agent when available
---

diff --git a/rust/src/quic/logger.rs b/rust/src/quic/logger.rs
index 6d981fa514..19426776dd 100644
--- a/rust/src/quic/logger.rs
+++ b/rust/src/quic/logger.rs
@@ -26,6 +26,9 @@ fn log_template(tx: &QuicTransaction, js: &mut JsonBuilder) -> Result<(), JsonEr
         if let Some(sni) = &tx.sni {
             js.set_string("sni", &String::from_utf8_lossy(&sni))?;
         }
+        if let Some(ua) = &tx.ua {
+            js.set_string("ua", &String::from_utf8_lossy(&ua))?;
+        }
     }
     js.open_array("cyu")?;
     for cyu in &tx.cyu {
diff --git a/rust/src/quic/quic.rs b/rust/src/quic/quic.rs
index 35876d2152..8b16765f87 100644
--- a/rust/src/quic/quic.rs
+++ b/rust/src/quic/quic.rs
@@ -34,17 +34,19 @@ pub struct QuicTransaction {
     pub header: QuicHeader,
     pub cyu: Vec<Cyu>,
     pub sni: Option<Vec<u8>>,
+    pub ua: Option<Vec<u8>>,
     tx_data: AppLayerTxData,
 }
 
 impl QuicTransaction {
-    fn new(header: QuicHeader, data: QuicData, sni: Option<Vec<u8>>) -> Self {
+    fn new(header: QuicHeader, data: QuicData, sni: Option<Vec<u8>>, ua: Option<Vec<u8>>) -> Self {
         let cyu = Cyu::generate(&header, &data.frames);
         QuicTransaction {
             tx_id: 0,
             header,
             cyu,
             sni,
+            ua,
             tx_data: AppLayerTxData::new(),
         }
     }
@@ -84,8 +86,8 @@ impl QuicState {
         self.transactions.iter().find(|&tx| tx.tx_id == tx_id + 1)
     }
 
-    fn new_tx(&mut self, header: QuicHeader, data: QuicData, sni: Option<Vec<u8>>) -> QuicTransaction {
-        let mut tx = QuicTransaction::new(header, data, sni);
+    fn new_tx(&mut self, header: QuicHeader, data: QuicData, sni: Option<Vec<u8>>, ua: Option<Vec<u8>>) -> QuicTransaction {
+        let mut tx = QuicTransaction::new(header, data, sni, ua);
         self.max_tx_id += 1;
         tx.tx_id = self.max_tx_id;
         return tx;
@@ -117,12 +119,17 @@ impl QuicState {
                     // no tx for the short header (data) frames
                     if header.ty != QuicType::Short {
                         let mut sni : Option<Vec<u8>> = None;
+                        let mut ua : Option<Vec<u8>> = None;
                         for frame in &data.frames {
                             if let Frame::Stream(s) = frame {
                                 if let Some(tags) = &s.tags {
                                     for (tag, value) in tags {
                                         if tag == &StreamTag::Sni {
                                             sni = Some(value.to_vec());
+                                        } else if tag == &StreamTag::Uaid {
+                                            ua = Some(value.to_vec());
+                                        }
+                                        if sni.is_some() && ua.is_some() {
                                             break;
                                         }
                                     }
@@ -130,7 +137,7 @@ impl QuicState {
                             }
                         }
 
-                        let transaction = self.new_tx(header, data, sni);
+                        let transaction = self.new_tx(header, data, sni, ua);
                         self.transactions.push(transaction);
                     }
                     return true;