From b1b2b8817032c18fb147bc096945bf0aad6a216e Mon Sep 17 00:00:00 2001
From: Gaukas Wang <i@gaukas.wang>
Date: Thu, 6 Jun 2024 09:58:17 -0600
Subject: [PATCH] fix: save QUIC visitor when H3 is enabled only

otherwise the TLS-fallback will incorrectly overwrite the cached QUIC fingerprint's sender.

Signed-off-by: Gaukas Wang <i@gaukas.wang>
---
 modcaddy/handler/handler.go | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/modcaddy/handler/handler.go b/modcaddy/handler/handler.go
index 86cd622..519fcb2 100644
--- a/modcaddy/handler/handler.go
+++ b/modcaddy/handler/handler.go
@@ -170,12 +170,17 @@ func (h *Handler) serveQUIC(wr http.ResponseWriter, req *http.Request, next cadd
 
 	// h.logger.Debug(fmt.Sprintf("Fetched QUIC fingerprint for %s", req.RemoteAddr))
 
-	// Get IP part of the RemoteAddr
-	ip, _, err := net.SplitHostPort(req.RemoteAddr)
-	if err == nil {
-		h.reservoir.NewQUICVisitor(ip, req.RemoteAddr)
-	} else {
-		h.logger.Error(fmt.Sprintf("Can't extract IP from %s: %v", req.RemoteAddr, err))
+	// If this is a QUIC request, we record the IP address as a QUIC visitor
+	// so this QUIC fingerprint is associated with the IP address and can be
+	// fetched for even HTTP-over-TLS (TCP-based) requests.
+	if req.ProtoMajor == 3 {
+		// Get IP part of the RemoteAddr
+		ip, _, err := net.SplitHostPort(req.RemoteAddr)
+		if err == nil {
+			h.reservoir.NewQUICVisitor(ip, req.RemoteAddr)
+		} else {
+			h.logger.Error(fmt.Sprintf("Can't extract IP from %s: %v", req.RemoteAddr, err))
+		}
 	}
 
 	qfp.UserAgent = req.UserAgent()