fix(ja4ebpf): split bpf2go generate into Ja4Tc + Ja4Ssl, fix RPM systemd-rpm-macros
- Use two separate //go:generate directives (Ja4Tc for tc_capture.c, Ja4Ssl
for uprobe_ssl.c) to avoid duplicate LICENSE symbol and multi-file clang issue
- Update loader.go to hold tcObjs/sslObjs separately with correct field names:
UprobeSslSetFd, UprobeSslReadEntry, UretprobeSslReadExit,
KprobeAccept4Entry, KretprobeAccept4Exit
- Add systemd-rpm-macros to all three RPM build stages (el8/el9/el10)
so that %{_unitdir} macro resolves correctly
- RPMs now build successfully for el8, el9, el10
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This commit is contained in:
toto
123
old/services/mod-reqin-log/mod_reqin_log.spec
Normal file
123
old/services/mod-reqin-log/mod_reqin_log.spec
Normal file
@ -0,0 +1,123 @@
|
||||
%global spec_version 1.0.19
|
||||
|
||||
Name: mod_reqin_log
|
||||
Version: %{spec_version}
|
||||
Release: 1%{?dist}
|
||||
Summary: Apache HTTPD module for logging HTTP requests as JSON to Unix socket
|
||||
|
||||
License: Apache-2.0
|
||||
URL: https://github.com/example/mod_reqin_log
|
||||
Vendor: Developer <dev@example.com>
|
||||
BuildArch: x86_64
|
||||
|
||||
Requires: httpd
|
||||
|
||||
%description
|
||||
Apache HTTPD module for logging HTTP requests as JSON to Unix socket.
|
||||
Features non-blocking I/O with automatic reconnection, configurable headers
|
||||
with truncation support, and built-in sensitive headers blacklist.
|
||||
|
||||
%prep
|
||||
# No source extraction needed - binaries are pre-built
|
||||
|
||||
%build
|
||||
# No build needed - binaries are pre-built
|
||||
|
||||
%install
|
||||
mkdir -p %{buildroot}/%{_libdir}/httpd/modules
|
||||
mkdir -p %{buildroot}/%{_sysconfdir}/httpd/conf.d
|
||||
mkdir -p %{buildroot}/%{_docdir}/%{name}
|
||||
|
||||
install -m 755 %{_pkgroot}/%{_libdir}/httpd/modules/mod_reqin_log.so %{buildroot}/%{_libdir}/httpd/modules/
|
||||
install -m 644 %{_pkgroot}/%{_sysconfdir}/httpd/conf.d/mod_reqin_log.conf %{buildroot}/%{_sysconfdir}/httpd/conf.d/
|
||||
|
||||
%files
|
||||
%{_libdir}/httpd/modules/mod_reqin_log.so
|
||||
%config(noreplace) %{_sysconfdir}/httpd/conf.d/mod_reqin_log.conf
|
||||
%doc %{_docdir}/%{name}
|
||||
|
||||
%changelog
|
||||
* Thu Mar 05 2026 Developer <dev@example.com> - 1.0.19
|
||||
- FEATURE: Add client_headers JSON field - ordered list of all header names
|
||||
as received from the client, preserving original order and case
|
||||
- DOC: Update architecture.yml with client_headers field and example_full
|
||||
|
||||
* Thu Mar 05 2026 Developer <dev@example.com> - 1.0.18
|
||||
- FIX: JsonSockLogMaxHeaders now counts configured headers (by position in list)
|
||||
regardless of their presence in the request, matching the documented behavior
|
||||
|
||||
* Thu Mar 05 2026 Developer <dev@example.com> - 1.0.17
|
||||
- CONFIG: Extend default JsonSockLogHeaders list (User-Agent, Referer, X-Forwarded-For,
|
||||
Sec-CH-UA*, Sec-Fetch-*, Accept, Accept-Language, Accept-Encoding)
|
||||
- CONFIG: Raise DEFAULT_MAX_HEADERS from 10 to 25
|
||||
- DOC: Update architecture.yml and conf/mod_reqin_log.conf accordingly
|
||||
|
||||
* Thu Mar 05 2026 Developer <dev@example.com> - 1.0.16
|
||||
- FIX: Skip subrequests and internal redirects to log only the original client request
|
||||
- DOC: Document subrequest/redirect filtering in architecture.yml
|
||||
|
||||
* Thu Mar 05 2026 Developer <dev@example.com> - 1.0.15
|
||||
- FIX: timestamp field now uses r->request_time (request reception time) instead of apr_time_now()
|
||||
- DOC: Remove unparsed_uri and fragment fields from architecture.yml (not logged)
|
||||
- DOC: Update timestamp description and example_full in architecture.yml
|
||||
|
||||
* Mon Mar 02 2026 Developer <dev@example.com> - 1.0.14
|
||||
- REFACTOR: Harmonize JSON field construction - all fields now end with comma
|
||||
- FIX: Remove duplicate comma between query and host fields
|
||||
- FIX: Fix buffer corruption in dynbuf_append (copy null terminator)
|
||||
- PACKAGING: Config file marked as %config(noreplace)
|
||||
- CHANGE: Remove unparsed_uri, fragment, content_length fields
|
||||
|
||||
* Mon Mar 02 2026 Developer <dev@example.com> - 1.0.13
|
||||
- FIX: Correct JSON string length parameters for query and fragment fields
|
||||
- FIX: Add null-termination after buffer reallocation in dynbuf_append
|
||||
- CHANGE: Remove unparsed_uri, fragment, and content_length fields from JSON output
|
||||
- TEST: Update unit tests to match dynbuf_append fix
|
||||
|
||||
* Mon Mar 02 2026 Developer <dev@example.com> - 1.0.9
|
||||
- CHANGE: Remove req_id field from JSON output
|
||||
- FEATURE: Add query and fragment fields (URI components)
|
||||
|
||||
* Mon Mar 02 2026 Developer <dev@example.com> - 1.0.8
|
||||
- FEATURE: Add req_id, scheme, unparsed_uri, args, keepalives, content_length fields to JSON output
|
||||
- FIX: Change socket type from SOCK_STREAM to SOCK_DGRAM per architecture.yml
|
||||
|
||||
* Sun Mar 01 2026 Developer <dev@example.com> - 1.0.6
|
||||
- BUILD: Fix RPM package paths in Dockerfile.package (el8, el9, el10 directories)
|
||||
- BUILD: Fix Makefile RPM extraction with separate volume mounts
|
||||
- BUILD: Remove unused scripts (build.sh, test.sh)
|
||||
- BUILD: Remove Python integration tests (not automated in CI)
|
||||
- DOCS: Update README.md and architecture.yml for RPM-only packaging
|
||||
- CLEANUP: Remove DEB and el7 references
|
||||
|
||||
* Sat Feb 28 2026 Developer <dev@example.com> - 1.0.2
|
||||
- SECURITY: Add input sanitization for method, path, host, and http_version fields
|
||||
- SECURITY: Add Host header truncation (256 chars max) to prevent log injection
|
||||
- IMPROVEMENT: Add LOG_THROTTLED macro for consistent error reporting
|
||||
- IMPROVEMENT: Improve socket state double-check pattern
|
||||
- IMPROVEMENT: Fix const qualifier warnings in get_header() function
|
||||
- IMPROVEMENT: Add flags field to module definition
|
||||
- IMPROVEMENT: Add -Wno-error=format-security to Makefile
|
||||
- TEST: Add 4 new unit tests for input sanitization
|
||||
- DOC: Clarify timestamp precision
|
||||
- DOC: Update README and architecture.yml
|
||||
- BUILD: Update package version to 1.0.2
|
||||
|
||||
* Fri Feb 27 2026 Developer <dev@example.com> - 1.0.1
|
||||
- FIX: Fix socket reconnection logic
|
||||
- FIX: Improve error logging to prevent error_log flooding
|
||||
- IMPROVEMENT: Add built-in sensitive headers blacklist
|
||||
- IMPROVEMENT: Add thread-safe socket FD access via mutex
|
||||
- TEST: Add comprehensive unit tests
|
||||
- TEST: Add integration tests for socket loss and recovery
|
||||
- DOC: Add comprehensive README with configuration examples
|
||||
- DOC: Add architecture.yml documenting module design decisions
|
||||
|
||||
* Thu Feb 26 2026 Developer <dev@example.com> - 1.0.0
|
||||
- Initial release
|
||||
- Apache HTTPD 2.4 module for logging HTTP requests as JSON to Unix socket
|
||||
- Non-blocking I/O with automatic reconnection
|
||||
- Configurable headers with truncation support
|
||||
- Compatible with prefork, worker, and event MPMs
|
||||
- Built-in sensitive headers blacklist
|
||||
- Throttled error reporting to prevent log flooding
|
||||
Reference in New Issue
Block a user