Use the X-AnyConnect-Identifier-Platform header to identify mobile clients

That is, if the header contains "android" or "apple-ios" mark it as
a mobile client. The header X-AnyConnect-Identifier-DeviceType is only
considered for logging purposes and appended to the user-agent name
if present.

doc/sample.config

@@ -198,7 +198,7 @@ dpd = 90
 # be higher to prevent such clients being awaken too 
 # often by the DPD messages, and save battery.
 # The mobile clients are distinguished from the header
-# 'X-AnyConnect-Identifier-DeviceType'.
+# 'X-AnyConnect-Identifier-Platform'.
 mobile-dpd = 1800
 
 # MTU discovery (DPD must be enabled)

src/http-heads.gperf

@@ -18,5 +18,6 @@ X-CSTP-Address-Type, HEADER_CSTP_ATYPE
 X-CSTP-Hostname, HEADER_HOSTNAME
 X-CSTP-Full-IPv6-Capability, HEADER_FULL_IPV6
 X-AnyConnect-Identifier-DeviceType, HEADER_DEVICE_TYPE
+X-AnyConnect-Identifier-Platform, HEADER_PLATFORM
 X-Support-HTTP-Auth, HEADER_SUPPORT_SPNEGO
 Authorization, HEADER_AUTHORIZATION

src/ipc.proto

@@ -160,6 +160,7 @@ message session_info_msg
 	optional bytes remote_addr = 7;
 
 	optional string hostname = 8;
+	optional string device_type = 9;
 }
 
 /* WORKER_BAN_IP: sent from worker to main */

src/main-worker-cmd.c

@@ -360,9 +360,14 @@ int handle_worker_commands(main_server_st * s, struct proc_st *proc)
 			if (tmsg->dtls_compr)
 				strlcpy(proc->dtls_compr, tmsg->dtls_compr,
 					 sizeof(proc->dtls_compr));
-			if (tmsg->user_agent)
+
+			if (tmsg->user_agent && tmsg->device_type == NULL)
 				strlcpy(proc->user_agent, tmsg->user_agent,
 					 sizeof(proc->user_agent));
+			else if (tmsg->user_agent && tmsg->device_type)
+				snprintf(proc->user_agent, sizeof(proc->user_agent), "%s / %s",
+					 tmsg->user_agent, tmsg->device_type);
+
 			if (tmsg->hostname) {
 				strlcpy(proc->hostname, tmsg->hostname,
 					 sizeof(proc->hostname));

src/ocserv-args.def

@@ -294,7 +294,7 @@ dpd = 90
 # be higher to prevent such clients being awaken too 
 # often by the DPD messages, and save battery.
 # The mobile clients are distinguished from the header
-# 'X-AnyConnect-Identifier-DeviceType'.
+# 'X-AnyConnect-Identifier-Platform'.
 mobile-dpd = 1800
 
 # MTU discovery (DPD must be enabled)

src/vpn.h

@@ -400,7 +400,7 @@ struct main_server_st;
 
 #define MAX_BANNER_SIZE 256
 #define MAX_USERNAME_SIZE 64
-#define MAX_AGENT_NAME 48
+#define MAX_AGENT_NAME 64
 #define MAX_PASSWORD_SIZE 64
 #define TLS_MASTER_SIZE 48
 #define MAX_HOSTNAME_SIZE MAX_USERNAME_SIZE

src/worker-http.c

@@ -231,7 +231,27 @@ void header_value_check(struct worker_st *ws, struct http_req_st *req)
 
 		break;
 	case HEADER_DEVICE_TYPE:
-		req->is_mobile = 1;
+		if (value_length + 1 > sizeof(req->devtype)) {
+			req->devtype[0] = 0;
+			goto cleanup;
+		}
+		memcpy(req->devtype, value, value_length);
+		req->devtype[value_length] = 0;
+
+		oclog(ws, LOG_DEBUG,
+		      "Device-type: '%s'", value);
+		break;
+	case HEADER_PLATFORM:
+		if (strncasecmp(value, "apple-ios", 9) == 0 ||
+		    strncasecmp(value, "android", 7) == 0) {
+
+			oclog(ws, LOG_DEBUG,
+			      "Platform: '%s' (mobile)", value);
+			req->is_mobile = 1;
+		} else {
+			oclog(ws, LOG_DEBUG,
+			      "Platform: '%s'", value);
+		}
 		break;
 	case HEADER_SUPPORT_SPNEGO:
 		ws_switch_auth_to(ws, AUTH_TYPE_GSSAPI);

src/worker-vpn.c

@@ -754,6 +754,10 @@ void session_info_send(worker_st * ws)
 		msg.user_agent = ws->req.user_agent;
 	}
 
+	if (ws->req.devtype[0] != 0) {
+		msg.device_type = ws->req.devtype;
+	}
+
 	if (ws->req.hostname[0] != 0) {
 		msg.hostname = ws->req.hostname;
 	}

src/worker.h

@@ -54,6 +54,7 @@ enum {
 	HEADER_CSTP_BASE_MTU,
 	HEADER_CSTP_ATYPE,
 	HEADER_DEVICE_TYPE,
+	HEADER_PLATFORM,
 	HEADER_DTLS_CIPHERSUITE,
 	HEADER_CONNECTION,
 	HEADER_FULL_IPV6,
@@ -119,6 +120,7 @@ struct http_req_st {
 	str_st value;
 	unsigned int header_state;
 
+	char devtype[MAX_AGENT_NAME]; /* Device-Type */
 	char hostname[MAX_HOSTNAME_SIZE];
 	char user_agent[MAX_AGENT_NAME];
 	unsigned user_agent_type;