fix(ja4ebpf): split bpf2go generate into Ja4Tc + Ja4Ssl, fix RPM systemd-rpm-macros

- Use two separate //go:generate directives (Ja4Tc for tc_capture.c, Ja4Ssl for uprobe_ssl.c) to avoid duplicate LICENSE symbol and multi-file clang issue - Update loader.go to hold tcObjs/sslObjs separately with correct field names: UprobeSslSetFd, UprobeSslReadEntry, UretprobeSslReadExit, KprobeAccept4Entry, KretprobeAccept4Exit - Add systemd-rpm-macros to all three RPM build stages (el8/el9/el10) so that %{_unitdir} macro resolves correctly - RPMs now build successfully for el8, el9, el10 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-04-11 23:21:11 +02:00
parent a1e4c1dad5
commit 3b047b680a
155 changed files with 197011 additions and 599 deletions
--- a/tests/integration/nginx/platform/nginx.conf
+++ b/tests/integration/nginx/platform/nginx.conf
@ -0,0 +1,82 @@
+# nginx.conf — Stack de test nginx + ja4ebpf
+# HTTP/2 activé (h2) pour tester le parsing de la preface HTTP/2 par ja4ebpf.
+
+user nginx;
+worker_processes auto;
+error_log /var/log/nginx/error.log warn;
+pid /run/nginx/nginx.pid;
+
+events {
+    worker_connections 1024;
+    use epoll;
+}
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+    sendfile on;
+    keepalive_timeout 65;
+    keepalive_requests 200;
+
+    # Log format étendu (debug)
+    log_format main '$remote_addr - $remote_user [$time_local] '
+                    '"$request" $status $body_bytes_sent '
+                    '"$http_referer" "$http_user_agent" '
+                    'ssl_protocol=$ssl_protocol ssl_cipher=$ssl_cipher';
+
+    access_log /var/log/nginx/access.log main;
+
+    # ── Serveur HTTP (port 80) ─────────────────────────────────────────────
+    server {
+        listen 80;
+        server_name _;
+
+        location /health {
+            return 200 '{"status":"ok","stack":"nginx"}';
+            add_header Content-Type application/json;
+        }
+
+        # Redirection HTTPS optionnelle (trafic HTTP testé directement)
+        location / {
+            root /var/www/html;
+            index index.html;
+            try_files $uri $uri/ =404;
+        }
+    }
+
+    # ── Serveur HTTPS (port 443) avec HTTP/2 ──────────────────────────────
+    server {
+        listen 443 ssl;
+        http2 on;
+        server_name _;
+
+        ssl_certificate     /etc/pki/tls/certs/nginx.crt;
+        ssl_certificate_key /etc/pki/tls/private/nginx.key;
+
+        # Suites de chiffrement variées pour générer plusieurs JA4 distincts
+        ssl_protocols       TLSv1.2 TLSv1.3;
+        ssl_ciphers         HIGH:!aNULL:!MD5;
+        ssl_prefer_server_ciphers off;
+
+        # Activation du session resumption (teste le parsing ja4ebpf de session IDs)
+        ssl_session_cache   shared:SSL:10m;
+        ssl_session_timeout 10m;
+
+        location /health {
+            return 200 '{"status":"ok","stack":"nginx","tls":true}';
+            add_header Content-Type application/json;
+        }
+
+        location / {
+            root /var/www/html;
+            index index.html;
+            try_files $uri $uri/ =404;
+        }
+
+        # Endpoint POST pour tester la capture des requêtes avec body
+        location /api/ {
+            return 200 '{"result":"accepted"}';
+            add_header Content-Type application/json;
+        }
+    }
+}