feat(e2e): add multi-IP endpoint architecture with dedicated traffic VM
Replace single-service-per-endpoint with all-ips mode running nginx, apache, and hitch+varnish simultaneously on 3 dedicated IPs per VM (eth1 alias IPs). Add a dedicated traffic VM with curl-impersonate for realistic TLS fingerprints, parallelized traffic generation, and paired SNI_HOSTS/TARGET_IPS lists for per-VM per-service hostname identification (e.g. rocky9-nginx-platform.test). Key changes: - run-tests-vm.sh: add setup_all_ips(), IP-specific Listen/bind directives with reset-before-apply pattern, graceful service availability checks - run-e2e-test.sh: traffic VM architecture, all-ips mode, eth1 network, paired IP/SNI lists, updated cleanup for alias IPs - generate-traffic.sh: parallel background jobs, curl-impersonate detection, auto source interface detection via ip route get, Host header in HTTP traffic - Vagrantfile: add traffic VM with provision-traffic.sh - provision-traffic.sh: install curl-impersonate and httpx for traffic gen - test-rpm.sh: multi-interface TC check, updated ja4ebpf config - clickhouse-init.sh: load CSV stubs for Anubis/bot-networks dictionaries - Remove obsolete correlator/sentinel/mod-reqin-log docs - Add h2_settings_ack column to http_logs schema - Upgrade Go toolchain to 1.25.0 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Jacquin Antoine
@ -167,11 +167,15 @@ yum install -y /tmp/ja4ebpf-test.rpm 2>&1 | tail -3
|
||||
echo " [B] Configure..."
|
||||
mkdir -p /etc/ja4ebpf
|
||||
cat > /etc/ja4ebpf/config.yml << 'CONF_EOF'
|
||||
interface: eth0
|
||||
interfaces:
|
||||
- any
|
||||
ssl_lib_path: "/usr/lib64/libssl.so.3"
|
||||
listen_ports:
|
||||
- 80
|
||||
- 443
|
||||
debug: true
|
||||
clickhouse:
|
||||
dsn: "clickhouse://default:@127.0.0.1:9000/ja4_logs"
|
||||
dsn: "clickhouse://default:@127.0.0.1:9000/ja4_logs?async_insert=0"
|
||||
batch_size: 50
|
||||
flush_secs: 1
|
||||
correlation:
|
||||
@ -214,11 +218,17 @@ if ! kill -0 $JA4PID 2>/dev/null; then
|
||||
fi
|
||||
echo " PID=$JA4PID"
|
||||
|
||||
# Check TC ingress filter
|
||||
if tc filter show dev eth0 ingress 2>/dev/null | grep -qi "bpf\|direct-action"; then
|
||||
echo " TC: attached"
|
||||
# Check TC ingress filter (multi-interface)
|
||||
ATTACHED=0
|
||||
for IFACE in $(ls /sys/class/net/ 2>/dev/null | grep -v lo); do
|
||||
if tc filter show dev "$IFACE" ingress 2>/dev/null | grep -qi "bpf\|direct-action"; then
|
||||
ATTACHED=$((ATTACHED + 1))
|
||||
fi
|
||||
done
|
||||
if [ "$ATTACHED" -gt 0 ]; then
|
||||
echo " TC: attached on $ATTACHED interface(s)"
|
||||
else
|
||||
echo " WARN: TC filter not detected"
|
||||
echo " WARN: TC filter not detected on any interface"
|
||||
fi
|
||||
SETUP_EOF
|
||||
|
||||
|
||||
Reference in New Issue
Block a user