feat: maximize data completeness across L3/L4/TLS/HTTP layers and add E2E test infra
Add SSL_write uprobe for HTTP response capture, HPACK decoder for HTTP/2 header extraction, and AcceptCache for reliable SSL/TC session correlation. Populate all ClickHouse fields including tcp_meta_options, ip_meta_total_length, syn_to_clienthello_ms, client_headers, TLS cipher suites/extensions, and h2_enable_connect_protocol. Increase BPF capture buffers (HTTP 512B, TLS 1024B). Add distributed E2E testing infrastructure with multi-VM Vagrant setup. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Jacquin Antoine
@ -15,16 +15,17 @@ type SessionKey struct {
|
||||
|
||||
// L3L4 contient les caractéristiques réseau et transport de la connexion.
|
||||
type L3L4 struct {
|
||||
DstIP [4]byte // adresse IP destination
|
||||
DstPort uint16 // port destination
|
||||
TTL uint8 // TTL IP observé dans le SYN
|
||||
DFBit bool // bit Don't Fragment actif
|
||||
IPID uint16 // champ identification IP
|
||||
WindowSize uint16 // taille de fenêtre TCP initiale
|
||||
WindowScale uint8 // facteur d'échelle de fenêtre (0xFF = absent)
|
||||
MSS uint16 // Maximum Segment Size (0 = absent)
|
||||
TCPOptionsRaw []byte // options TCP brutes (max 40 octets)
|
||||
SYNTimestamp time.Time // horodatage du paquet SYN
|
||||
DstIP [4]byte // adresse IP destination
|
||||
DstPort uint16 // port destination
|
||||
TTL uint8 // TTL IP observé dans le SYN
|
||||
DFBit bool // bit Don't Fragment actif
|
||||
IPID uint16 // champ identification IP
|
||||
IPTotalLength uint16 // longueur totale IP (octets)
|
||||
WindowSize uint16 // taille de fenêtre TCP initiale
|
||||
WindowScale uint8 // facteur d'échelle de fenêtre (0xFF = absent)
|
||||
MSS uint16 // Maximum Segment Size (0 = absent)
|
||||
TCPOptionsRaw []byte // options TCP brutes (max 40 octets)
|
||||
SYNTimestamp time.Time // horodatage du paquet SYN
|
||||
}
|
||||
|
||||
// TLSInfo contient les données extraites du ClientHello TLS.
|
||||
@ -43,15 +44,16 @@ type TLSInfo struct {
|
||||
|
||||
// HTTP2Settings contient les paramètres SETTINGS et WINDOW_UPDATE du client HTTP/2.
|
||||
type HTTP2Settings struct {
|
||||
HeaderTableSize int32 // SETTINGS_HEADER_TABLE_SIZE (-1 si absent)
|
||||
EnablePush int32 // SETTINGS_ENABLE_PUSH
|
||||
MaxConcurrentStreams int32 // SETTINGS_MAX_CONCURRENT_STREAMS
|
||||
InitialWindowSize int32 // SETTINGS_INITIAL_WINDOW_SIZE
|
||||
MaxFrameSize int32 // SETTINGS_MAX_FRAME_SIZE
|
||||
MaxHeaderListSize int32 // SETTINGS_MAX_HEADER_LIST_SIZE
|
||||
UnknownSettings int32 // paramètre 0x7 (JA4H2)
|
||||
WindowUpdateIncrement uint32 // valeur WINDOW_UPDATE sur stream 0
|
||||
PseudoHeaderOrder []string // ordre des pseudo-headers [:method, :authority, ...]
|
||||
HeaderTableSize int32 // SETTINGS_HEADER_TABLE_SIZE (-1 si absent)
|
||||
EnablePush int32 // SETTINGS_ENABLE_PUSH
|
||||
MaxConcurrentStreams int32 // SETTINGS_MAX_CONCURRENT_STREAMS
|
||||
InitialWindowSize int32 // SETTINGS_INITIAL_WINDOW_SIZE
|
||||
MaxFrameSize int32 // SETTINGS_MAX_FRAME_SIZE
|
||||
MaxHeaderListSize int32 // SETTINGS_MAX_HEADER_LIST_SIZE
|
||||
UnknownSettings int32 // paramètre 0x7 (JA4H2)
|
||||
EnableConnectProtocol int32 // SETTINGS_ENABLE_CONNECT_PROTOCOL (0x8, RFC 8441)
|
||||
WindowUpdateIncrement uint32 // valeur WINDOW_UPDATE sur stream 0
|
||||
PseudoHeaderOrder []string // ordre des pseudo-headers [:method, :authority, ...]
|
||||
}
|
||||
|
||||
// HTTPRequest représente une requête HTTP observée dans la session.
|
||||
|
||||
Reference in New Issue
Block a user