code_public/ja4-platform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(ja4ebpf): Rocky Linux RPM builder, remove correlated field, fix thesis

Browse Source 
- Dockerfile.package: migre go-builder de golang:bookworm (Debian) vers
  rockylinux:9, installe Go depuis le tarball officiel, remplace apt par
  dnf (clang llvm libbpf-devel bpftool)

- Suppression du champ 'correlated' de l'agent ja4ebpf : avec eBPF/XDP,
  la corrélation L3/L4↔L7 est toujours implicite par présence des champs.
  Supprimé de : session.go, manager.go, main.go (x5), clickhouse.go

- Thèse (6 corrections listées + cohérence correlated) :
  1. §3.5 + §3.9.1 : SSL_read retourne des octets bruts sans respecter les
     frontières H2 → buffer circulaire de réassemblage en Go userspace
  2. §3.1 : supprimé libpcap + CAP_NET_RAW, remplacé par définition uprobe
  3. §4 + §7 : compte exact 96 features en 8 familles (Famille 1–8),
     supprimé taxonomie F1–F11 obsolète, tous les totaux mis à jour
  4. §2.4 + §8 : remplacé 7 fausses URLs arXiv par [Référence à vérifier]
  5. §4 Famille 2 : ja4_drift_ratio → renvoi à Famille 8 (définition complète)
  6. §6.4 : ajouté limite 'Overhead de l'uprobe SSL_read'
  + §3.6 : supprimé correlated=0/1 du texte architectural

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This commit is contained in:
toto
2026-04-12 04:48:40 +02:00
parent b1218a2367
commit 957918c565
19 changed files with 104 additions and 92 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
tests/vm/.vagrant/bundler/global.sol Normal file
View File

@ -0,0 +1 @@
{"dependencies":[["racc",["~> 1.4"]],["nokogiri",["~> 1.6"]],["diffy",[">= 0"]],["rexml",[">= 0"]],["xml-simple",[">= 0"]],["logger",[">= 0"]],["mime-types-data",["~> 3.2025",">= 3.2025.0507"]],["mime-types",[">= 0"]],["io-console",["~> 0.5"]],["reline",[">= 0"]],["formatador",[">= 0.2","< 2.0"]],["excon",["~> 1.0"]],["builder",[">= 0"]],["fog-core",["~> 2"]],["ruby-libvirt",[">= 0.7.0"]],["json",[">= 0"]],["fog-xml",["~> 0.1.1"]],["multi_json",["~> 1.10"]],["fog-json",[">= 0"]],["fog-libvirt",[">= 0.6.0"]],["vagrant-libvirt",["= 0.12.2"]],["vagrant-qemu",["= 0.3.12"]]],"checksum":"8812dc95b590d4059a84fe716eaa6eea39b29aecb1c994c959de405ba3705361","vagrant_version":"2.4.9"}

1
tests/vm/.vagrant/machines/default/libvirt/action_provision Normal file
View File

@ -0,0 +1 @@
1.5:243a2344-d92e-47f5-b78c-fa70c5285248

1
tests/vm/.vagrant/machines/default/libvirt/box_meta Normal file
View File

@ -0,0 +1 @@
{"name":"generic/rocky9","version":"4.3.12","provider":"libvirt","directory":"boxes/generic-VAGRANTSLASH-rocky9/4.3.12/amd64/libvirt"}

1
tests/vm/.vagrant/machines/default/libvirt/created_networks Normal file
View File

@ -0,0 +1 @@
ec3ab786-8897-487f-8de2-2b3e73fd3319

1
tests/vm/.vagrant/machines/default/libvirt/creator_uid Normal file
View File

@ -0,0 +1 @@
1000

1
tests/vm/.vagrant/machines/default/libvirt/id Normal file
View File

@ -0,0 +1 @@
243a2344-d92e-47f5-b78c-fa70c5285248

1
tests/vm/.vagrant/machines/default/libvirt/index_uuid Normal file
View File

@ -0,0 +1 @@
67ff6c32d5a64e68ad3806a9d4af8342

8
tests/vm/.vagrant/machines/default/libvirt/private_key Normal file
View File

@ -0,0 +1,8 @@
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAA
AAtzc2gtZWQyNTUxOQAAACCLqXhq0Z8AH3V0G6LME2qcBsbuzvbzalThwUqf
wm2WDwAAAJAKdG7jCnRu4wAAAAtzc2gtZWQyNTUxOQAAACCLqXhq0Z8AH3V0
G6LME2qcBsbuzvbzalThwUqfwm2WDwAAAEC2yLRWUE/0Llex3rQ/T1xAhX+O
xmzbOFc2WdVulooaw4upeGrRnwAfdXQboswTapwGxu7O9vNqVOHBSp/CbZYP
AAAAB3ZhZ3JhbnQBAgMEBQY=
-----END OPENSSH PRIVATE KEY-----

1
tests/vm/.vagrant/machines/default/libvirt/synced_folders Normal file
View File

@ -0,0 +1 @@
{"rsync":{"/ja4-platform":{"type":"rsync","rsync__exclude":[".git/","old/","*.rpm","dist/"],"guestpath":"/ja4-platform","hostpath":"/home/antitbone/work/ja4-platform","disabled":false,"__vagrantfile":true,"exclude":[".git/","old/","*.rpm","dist/"],"owner":"vagrant","group":"vagrant"}}}

1
tests/vm/.vagrant/machines/default/libvirt/vagrant_cwd Normal file
View File

@ -0,0 +1 @@
/home/antitbone/work/ja4-platform/tests/vm

12
tests/vm/.vagrant/rgloader/loader.rb Normal file
View File

@ -0,0 +1,12 @@
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: BUSL-1.1
# This file loads the proper rgloader/loader.rb file that comes packaged
# with Vagrant so that encoded files can properly run with Vagrant.
if ENV["VAGRANT_INSTALLER_EMBEDDED_DIR"]
require File.expand_path(
"rgloader/loader", ENV["VAGRANT_INSTALLER_EMBEDDED_DIR"])
else
raise "Encoded files can't be read outside of the Vagrant installer."
end