code_public/ja4-platform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: update documentation for kretprobe recvfrom fix

Browse Source 
Update all documentation to reflect the resolved HTTP nginx capture
issue via kretprobe on __x64_sys_recvfrom.

Changes:
- README.md: Update HTTP status table showing kretprobe is now working
- docs/services/ja4ebpf.md: Replace tracepoint with kretprobe in hooks table,
  mark issue as resolved with validation reference
- docs/architecture.md: Clarify TC HTTP plain capture is packet-level only

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Jacquin Antoine
2026-04-20 13:30:02 +02:00
parent 3e00e7bc7b
commit bb2160efbc
3 changed files with 50 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@ -50,7 +50,8 @@
| Service | Langage | Description | Interface |
|---------|---------|-------------|-----------|
| [ja4ebpf](docs/services/ja4ebpf.md) | Go 1.24 + C eBPF (CO-RE) | Agent eBPF passif : TC ingress (L3/L4/L5), uprobe SSL_read (L7 HTTPS), TC port 80/8080 (HTTP clair), corrélation in-memory, insert ClickHouse | INSERT batch ClickHouse |
| [ja4ebpf](docs/services/ja4ebpf.md) | Go 1.24 + C eBPF (CO-RE) | Agent eBPF passif : TC ingress (L3/L4/L5), uprobe SSL_read (L7 HTTPS), kretprobe recvfrom (L7 HTTP nginx), corrélation in-memory, insert ClickHouse | INSERT batch ClickHouse |
| **État HTTP** : ✅ HTTPS via SSL uprobes (headers complets) — ✅ HTTP nginx via kretprobe recvfrom (headers complets) — ⚠️ HTTP plain via TC (paquets bruts) |
| [bot-detector](docs/services/bot-detector.md) | Python 3.11 | Ensemble ML triple-voix (EIF+AE+XGB), clustering HDBSCAN, explicabilité SHAP | ClickHouse read/write, HTTP `:8080` |
| [dashboard](docs/services/dashboard.md) | Python 3.11 | Tableau de bord SOC : 9 endpoints JSON, 8 pages HTML | HTTP `:8000` |