fix(ja4ebpf): split bpf2go generate into Ja4Tc + Ja4Ssl, fix RPM systemd-rpm-macros

- Use two separate //go:generate directives (Ja4Tc for tc_capture.c, Ja4Ssl
  for uprobe_ssl.c) to avoid duplicate LICENSE symbol and multi-file clang issue
- Update loader.go to hold tcObjs/sslObjs separately with correct field names:
  UprobeSslSetFd, UprobeSslReadEntry, UretprobeSslReadExit,
  KprobeAccept4Entry, KretprobeAccept4Exit
- Add systemd-rpm-macros to all three RPM build stages (el8/el9/el10)
  so that %{_unitdir} macro resolves correctly
- RPMs now build successfully for el8, el9, el10

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Makefile

@@ -1,17 +1,19 @@
 # =============================================================================
 # ja4-platform — Monorepo Makefile
-# All targets use new service names:
-#   sentinel, correlator, bot-detector, dashboard, mod-reqin-log
+# Service de capture : ja4ebpf (eBPF CO-RE)
 # =============================================================================
 
-.PHONY: help build-all test-all rpm-all dist \
-        build-sentinel test-sentinel rpm-sentinel \
-        test-integration test-integration-keep test-integration-down \
-        test-mod-reqin-log rpm-mod-reqin-log \
-        build-correlator test-correlator rpm-correlator \
+VERSION ?= $(shell git describe --tags --always 2>/dev/null || echo dev)
+
+.PHONY: help \
+        build-all test-all rpm-all dist \
+        build-ja4ebpf test-ja4ebpf rpm-ja4ebpf \
         build-bot-detector test-bot-detector \
         build-dashboard test-dashboard \
         test-ja4common-python \
+        test-all-stacks test-nginx test-nginx-varnish test-hitch-varnish test-apache \
+        test-matrix \
+        test-integration test-integration-keep test-integration-down \
         reload-prod-logs init-stack import-prod-data init-and-import \
         purge-db
 
@@ -24,30 +26,31 @@ help: ## Affiche cette aide
 	@echo ""
 	@echo "  Build"
 	@echo "    make build-all              Construit toutes les images Docker"
-	@echo "    make build-sentinel         Image sentinel (capture TLS/TCP)"
-	@echo "    make build-correlator       Image correlator (corrélation logs)"
+	@echo "    make build-ja4ebpf          Image ja4ebpf (agent eBPF CO-RE)"
 	@echo "    make build-bot-detector     Image bot-detector (détection ML)"
 	@echo "    make build-dashboard        Image dashboard (SOC UI)"
 	@echo ""
-	@echo "  Tests"
+	@echo "  Tests unitaires"
 	@echo "    make test-all               Lance tous les tests unitaires"
-	@echo "    make test-sentinel          Tests Go sentinel (NET_RAW)"
-	@echo "    make test-correlator        Tests Go correlator (80% coverage)"
-	@echo "    make test-bot-detector      Tests Python bot-detector (36 tests)"
+	@echo "    make test-ja4ebpf           Tests Go ja4ebpf"
+	@echo "    make test-bot-detector      Tests Python bot-detector"
 	@echo "    make test-dashboard         Tests Python dashboard"
 	@echo "    make test-ja4common-python  Tests Python ja4_common"
-	@echo "    make test-mod-reqin-log     Tests C mod-reqin-log (cmocka)"
 	@echo ""
-	@echo "  Intégration"
-	@echo "    make test-integration       Tests full-stack (Docker Compose)"
-	@echo "    make test-integration-keep  Idem, stack reste active après"
-	@echo "    make test-integration-down  Arrête la stack d'intégration"
+	@echo "  Tests d'intégration (par stack)"
+	@echo "    make test-all-stacks        Toutes les stacks sur Rocky Linux 9"
+	@echo "    make test-apache            Stack Apache + ja4ebpf"
+	@echo "    make test-nginx             Stack nginx + ja4ebpf"
+	@echo "    make test-nginx-varnish     Stack nginx + Varnish + ja4ebpf"
+	@echo "    make test-hitch-varnish     Stack hitch + Varnish + ja4ebpf"
+	@echo ""
+	@echo "  Matrice multi-distro"
+	@echo "    make test-matrix            Toutes stacks × el8/el9/el10"
+	@echo "    make test-matrix MATRIX_STACKS=nginx,apache MATRIX_DISTROS=el9,el10"
 	@echo ""
 	@echo "  RPM"
-	@echo "    make rpm-all                Construit tous les RPMs (el8/el9/el10)"
-	@echo "    make rpm-sentinel           RPM sentinel"
-	@echo "    make rpm-correlator         RPM correlator"
-	@echo "    make rpm-mod-reqin-log      RPM mod-reqin-log"
+	@echo "    make rpm-all                Construit tous les RPMs ja4ebpf (el8/el9/el10)"
+	@echo "    make rpm-ja4ebpf            RPMs ja4ebpf (el8, el9, el10)"
 	@echo "    make dist                   Alias de rpm-all"
 	@echo ""
 	@echo "  Base de données"
@@ -58,84 +61,50 @@ help: ## Affiche cette aide
 	@echo "    make purge-db               Supprime et recrée les bases ja4_*"
 	@echo ""
 
-# --- Root -------------------------------------------------------------------
+# ── Cibles agrégées ──────────────────────────────────────────────────────────
 
-build-all: build-sentinel build-correlator build-bot-detector build-dashboard
+build-all: build-ja4ebpf build-bot-detector build-dashboard
 	@echo "All services built."
 
-test-all: test-sentinel test-correlator test-bot-detector test-dashboard test-ja4common-python
-	@echo "All tests completed."
+test-all: test-ja4ebpf test-bot-detector test-dashboard test-ja4common-python
+	@echo "All unit tests completed."
 
-rpm-all: rpm-sentinel rpm-correlator rpm-mod-reqin-log
+rpm-all: rpm-ja4ebpf
 	@echo "All RPMs built."
 
 dist: rpm-all
-	@echo "Distribution packages ready in services/*/dist/"
+	@echo "RPMs disponibles dans services/ja4ebpf/dist/"
 
-# --- sentinel (was ja4sentinel) ---------------------------------------------
+# ── ja4ebpf (agent eBPF CO-RE) ───────────────────────────────────────────────
 
-build-sentinel:
+build-ja4ebpf:
 	docker build \
-	  --build-arg VERSION=$$(git -C services/sentinel describe --tags --always 2>/dev/null || echo dev) \
-	  --build-arg GIT_COMMIT=$$(git rev-parse --short HEAD 2>/dev/null || echo unknown) \
-	  --build-arg BUILD_TIME=$$(date -u +%Y-%m-%dT%H:%M:%SZ) \
-	  -f services/sentinel/Dockerfile \
-	  -t ja4-platform/sentinel:latest \
+	  -f services/ja4ebpf/Dockerfile \
+	  --build-arg BUILD_VERSION=$(VERSION) \
+	  -t ja4-platform/ja4ebpf:latest \
 	  .
 
-test-sentinel:
-	# Tests run inside Docker — no native Go required on the host
-	docker build -f services/sentinel/Dockerfile.dev -t ja4-platform/sentinel-tests:latest .
-	docker run --rm --cap-add=NET_RAW --cap-add=NET_ADMIN ja4-platform/sentinel-tests:latest
-
-rpm-sentinel:
-	# Méthode: Dockerfile.package → builder Go → rpm-builder (rpmbuild ×3) → output alpine
+test-ja4ebpf:
 	docker build \
-	  -f services/sentinel/Dockerfile.package \
+	  -f services/ja4ebpf/Dockerfile.tests \
+	  -t ja4-platform/ja4ebpf-tests:latest \
+	  .
+	docker run --rm ja4-platform/ja4ebpf-tests:latest
+
+rpm-ja4ebpf:
+	# Build multi-distro : el8 (AlmaLinux 8) + el9 (Rocky 9) + el10 (AlmaLinux 10)
+	# Sortie : services/ja4ebpf/dist/el{8,9,10}/ja4ebpf-*.rpm
+	docker build \
+	  -f services/ja4ebpf/Dockerfile.package \
 	  --target output \
-	  --output type=local,dest=services/sentinel/dist \
-	  --build-arg VERSION=$(shell git -C services/sentinel describe --tags --always 2>/dev/null || echo dev) \
+	  --output type=local,dest=services/ja4ebpf/dist \
+	  --build-arg BUILD_VERSION=$(VERSION) \
 	  .
-	@echo "📦 RPMs sentinel dans services/sentinel/dist/"
+	@echo ""
+	@echo "RPMs produits :"
+	@find services/ja4ebpf/dist -name '*.rpm' | sort | sed 's/^/  /'
 
-# --- mod-reqin-log (was mod_reqin_log) --------------------------------------
-
-test-mod-reqin-log:
-	docker build -f services/mod-reqin-log/Dockerfile.tests -t ja4-platform/mod-reqin-log-tests:latest .
-	docker run --rm ja4-platform/mod-reqin-log-tests:latest
-
-rpm-mod-reqin-log:
-	# Méthode: Dockerfile.package → builder C (×3 distros) → rpm-builder (rpmbuild ×3) → output alpine
-	docker build \
-	  -f services/mod-reqin-log/Dockerfile.package \
-	  --target output \
-	  --output type=local,dest=services/mod-reqin-log/dist \
-	  .
-	@echo "📦 RPMs mod-reqin-log dans services/mod-reqin-log/dist/"
-
-# --- correlator (was logcorrelator) -----------------------------------------
-
-build-correlator:
-	docker build \
-	  -f services/correlator/Dockerfile \
-	  -t ja4-platform/correlator:latest \
-	  .
-
-test-correlator:
-	# Tests run inside the Dockerfile builder stage (80% coverage gate enforced)
-	docker build --target builder -f services/correlator/Dockerfile -t ja4-platform/correlator-tests:latest .
-
-rpm-correlator:
-	# Méthode: Dockerfile.package → builder Go → rpm-builder (rpmbuild ×3) → output alpine
-	docker build \
-	  -f services/correlator/Dockerfile.package \
-	  --target output \
-	  --output type=local,dest=services/correlator/dist \
-	  --build-arg VERSION=$(shell git -C services/correlator describe --tags --always 2>/dev/null || echo dev) \
-	  .
-	@echo "📦 RPMs correlator dans services/correlator/dist/"
-
-# --- bot-detector (was bot_detector) ----------------------------------------
+# ── bot-detector ─────────────────────────────────────────────────────────────
 
 build-bot-detector:
 	docker build \
@@ -150,7 +119,7 @@ test-bot-detector:
 	  .
 	docker run --rm ja4-platform/bot-detector-tests:latest
 
-# --- dashboard --------------------------------------------------------------
+# ── dashboard ────────────────────────────────────────────────────────────────
 
 build-dashboard:
 	docker build \
@@ -165,7 +134,7 @@ test-dashboard:
 	  .
 	docker run --rm ja4-platform/dashboard-tests:latest
 
-# --- shared/python/ja4_common -----------------------------------------------
+# ── shared/python/ja4_common ─────────────────────────────────────────────────
 
 test-ja4common-python:
 	docker build \
@@ -174,18 +143,47 @@ test-ja4common-python:
 	  shared/python/ja4_common/
 	docker run --rm ja4-platform/ja4common-python-tests:latest
 
-# --- integration (full-stack) -----------------------------------------------
+# ── Tests d'intégration par stack ────────────────────────────────────────────
 
-test-integration:
-	cd tests/integration && ./run-tests.sh
+test-all-stacks: ## Toutes les stacks sur la distro par défaut (Rocky Linux 9)
+	cd tests/integration && bash run-all-stacks.sh
+
+test-apache:
+	cd tests/integration && bash apache/run-tests.sh
+
+test-nginx:
+	cd tests/integration && bash nginx/run-tests.sh
+
+test-nginx-varnish:
+	cd tests/integration && bash nginx-varnish/run-tests.sh
+
+test-hitch-varnish:
+	cd tests/integration && bash hitch-varnish/run-tests.sh
+
+# ── Matrice multi-distro ─────────────────────────────────────────────────────
+
+test-matrix: ## Toutes stacks × el8 + el9 + el10
+	cd tests/integration && bash run-distro-matrix.sh \
+	  $${MATRIX_STACKS:+--stacks=$${MATRIX_STACKS}} \
+	  $${MATRIX_DISTROS:+--distros=$${MATRIX_DISTROS}}
+
+# ── Compat : anciens targets d'intégration ───────────────────────────────────
+
+test-integration: ## Ancien target — alias vers test-all-stacks
+	$(MAKE) test-all-stacks
 
 test-integration-keep:
-	cd tests/integration && ./run-tests.sh --no-down
+	cd tests/integration && bash run-all-stacks.sh --no-down
 
 test-integration-down:
-	cd tests/integration && docker compose down -v --remove-orphans
+	cd tests/integration && \
+	  for stack in apache nginx nginx-varnish hitch-varnish; do \
+	    [ -f "$$stack/docker-compose.yml" ] && \
+	      docker compose -f "$$stack/docker-compose.yml" down -v --remove-orphans 2>/dev/null || true; \
+	  done
+
+# ── Base de données ───────────────────────────────────────────────────────────
 
-# ── Dev data ─────────────────────────────────────────────────────────────────
 reload-prod-logs:
 	./scripts/reload-prod-logs.sh