feat: multi-distro VM tests, ja4ebpf eBPF improvements, bot-detector scoring

ja4ebpf: - Refactor BPF TC capture with improved SYN offset handling and TCP option parsing - Enhance TLS uprobe SSL hooking for better key extraction - Add ClickHouse writer improvements for HTTP log materialized views - Update RPM spec for Rocky Linux 8/9/10, fix systemd service - Simplify loader with cleaner bpf2go integration bot-detector: - Add H2 SETTINGS per-parameter comparison in browser_matcher - Enhance browser signatures and scoring pipeline - Improve preprocessing and cycle detection infra: - Multi-distro Vagrantfile (centos8, rocky9, rocky10) with per-distro provisioning - New Makefile targets: vm-up-all, test-vm-matrix, test-vm-centos8/rocky10 - Add debug helpers and run-test-from-host.sh for host-driven VM testing - Update run-tests-vm.sh for cross-distro compatibility - Remove accidental binary blob (\004) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-13 01:09:33 +02:00
parent d81463a589
commit d75825278e
32 changed files with 2148 additions and 890 deletions
--- a/tests/vm/run-test-from-host.sh
+++ b/tests/vm/run-test-from-host.sh
@ -0,0 +1,119 @@
+#!/usr/bin/env bash
+# =============================================================================
+# run-test-from-host.sh — Orchestrateur de test VM depuis le host
+#
+# Lance le test complet d'une stack sur une VM :
+#   1. Rsync les fichiers
+#   2. Démarre les services dans la VM (en background via SSH)
+#   3. Génère le trafic depuis le HOST vers l'IP eth0 de la VM
+#   4. Lance la vérification dans la VM
+#
+# Usage :
+#   ./tests/vm/run-test-from-host.sh rocky9 nginx
+#   ./tests/vm/run-test-from-host.sh centos8 apache
+#   make test-vm-nginx
+# =============================================================================
+set -euo pipefail
+
+VM="${1:-rocky9}"
+STACK="${2:-nginx}"
+VM_DIR="$(cd "$(dirname "$0")" && pwd)"
+
+GREEN='\033[0;32m'; RED='\033[0;31m'; YELLOW='\033[1;33m'; RESET='\033[0m'
+BOLD='\033[1m'
+
+log()  { echo -e "${BOLD}[$VM/$STACK]${RESET} $(date +%H:%M:%S) $*"; }
+pass() { echo -e "  ${GREEN}PASS${RESET}  $*"; }
+fail() { echo -e "  ${RED}FAIL${RESET}  $*"; }
+
+cd "$VM_DIR"
+
+# ── 1. Synchroniser les fichiers ─────────────────────────────────────────────
+log "Rsync fichiers vers $VM..."
+vagrant rsync "$VM"
+
+# ── 2. Obtenir l'IP eth0 de la VM ────────────────────────────────────────────
+VM_IP=$(vagrant ssh "$VM" -- 'ip -4 addr show eth0' 2>/dev/null \
+    | awk '/inet / {sub(/\/.*/, "", $2); print $2; exit}')
+
+if [ -z "$VM_IP" ]; then
+    fail "Impossible d'obtenir l'IP eth0 de $VM"
+    exit 1
+fi
+log "IP eth0 : $VM_IP"
+
+# ── 3. Démarrer les services dans la VM (en background) ──────────────────────
+log "Démarrage des services dans $VM ($STACK)..."
+
+# Nettoyer le signal de l'itération précédente
+vagrant ssh "$VM" -- 'sudo rm -f /tmp/ja4ebpf-traffic-done' 2>/dev/null || true
+
+# Lancer le script de test en mode "start" dans la VM
+# Le script attendra le signal /tmp/ja4ebpf-traffic-done
+vagrant ssh "$VM" -- "sudo bash /ja4-platform/tests/vm/run-tests-vm.sh $STACK start" &
+VM_PID=$!
+
+# ── 4. Attendre que les services soient prêts ────────────────────────────────
+log "Attente démarrage des services (30s)..."
+sleep 30
+
+# ── 5. Vérifier que les services répondent ───────────────────────────────────
+log "Vérification connectivité..."
+if curl -sf "http://$VM_IP/health" >/dev/null 2>&1; then
+    pass "HTTP $VM_IP:80 OK"
+else
+    fail "HTTP $VM_IP:80 injoignable"
+fi
+if curl -sf -k "https://$VM_IP/health" >/dev/null 2>&1; then
+    pass "HTTPS $VM_IP:443 OK"
+else
+    fail "HTTPS $VM_IP:443 injoignable"
+fi
+
+# ── 6. Générer le trafic depuis le host ──────────────────────────────────────
+log "Génération du trafic host → $VM_IP..."
+for path in / /health /data /api/users; do
+    curl -sf -k "https://$VM_IP$path" >/dev/null 2>&1 || true
+    curl -sf "http://$VM_IP$path" >/dev/null 2>&1 || true
+    curl -sf -k -X POST "https://$VM_IP/api/data" -d '{"test":1}' >/dev/null 2>&1 || true
+    curl -sf -k -X PUT "https://$VM_IP/data" >/dev/null 2>&1 || true
+    curl -sf -k -X DELETE "https://$VM_IP/data/1" >/dev/null 2>&1 || true
+    curl -sf -k -X HEAD "https://$VM_IP$path" >/dev/null 2>&1 || true
+done
+
+# HTTP/2 via Python si disponible
+if python3 -c "import httpx" 2>/dev/null; then
+    python3 -c "
+import httpx, ssl, warnings
+warnings.filterwarnings('ignore')
+ctx = ssl.create_default_context()
+ctx.check_hostname = False
+ctx.verify_mode = ssl.CERT_NONE
+with httpx.Client(http2=True, verify=False) as c:
+    for p in ['/', '/health', '/data']:
+        try: c.get('https://$VM_IP' + p)
+        except: pass
+" 2>/dev/null && pass "HTTP/2 généré" || true
+fi
+
+log "Attente flush ja4ebpf (15s)..."
+sleep 15
+
+# ── 7. Signaler à la VM de lancer la vérification ────────────────────────────
+log "Signal de vérification..."
+vagrant ssh "$VM" -- 'sudo touch /tmp/ja4ebpf-traffic-done' 2>/dev/null
+
+# ── 8. Attendre la fin du processus VM ───────────────────────────────────────
+log "Attente résultat..."
+wait $VM_PID 2>/dev/null
+RESULT=$?
+
+if [ $RESULT -eq 0 ]; then
+    echo ""
+    echo -e "  ${GREEN}${BOLD}$VM/$STACK : SUCCÈS${RESET}"
+else
+    echo ""
+    echo -e "  ${RED}${BOLD}$VM/$STACK : ÉCHEC (code $RESULT)${RESET}"
+fi
+
+exit $RESULT