feat(e2e): add distributed E2E test framework with parametric traffic generation

Add run-e2e-test.sh with CLI parameters (--hits, --http-ratio, --dns, --tls, --src-ips, --keep-analysis, --up) for configurable traffic generation. Traffic runs from VM endpoints with multiple source IPs (alias IPs on eth0) to produce distinct sessions for the ML pipeline. Fix curl TLS flags (--tlsv1.2 instead of --tls-v1-2), skip redundant local verification in distributed mode, and fix dashboard is_available() cache that never retried after ClickHouse recovery. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-15 00:09:32 +02:00
parent 7894d39f1c
commit f88b739992
40 changed files with 2154 additions and 337 deletions
--- a/services/ja4ebpf/internal/loader/ja4tc_x86_bpfel.go
+++ b/services/ja4ebpf/internal/loader/ja4tc_x86_bpfel.go
@ -25,18 +25,47 @@ type Ja4TcAcceptKey struct {
 	Fd      uint32
 }

+type Ja4TcHttpPlainEvent struct {
+	Payload     [4096]uint8
+	SrcIp       uint32
+	DstIp       uint32
+	SrcPort     uint16
+	DstPort     uint16
+	PayloadLen  uint16
+	TimestampNs uint64
+}
+
 type Ja4TcSslConnInfo struct {
 	Fd      uint32
 	SrcIp   uint32
 	SrcPort uint16
 }

+type Ja4TcSslDataEvent struct {
+	PidTgid     uint64
+	Fd          uint32
+	SrcIp       uint32
+	SrcPort     uint16
+	Data        [4096]uint8
+	DataLen     uint32
+	TimestampNs uint64
+	Direction   uint8
+}
+
 type Ja4TcSslReadArgs struct {
 	SslPtr uint64
 	BufPtr uint64
 	Num    uint32
 }

+type Ja4TcTlsHelloEvent struct {
+	Payload     [2048]uint8
+	SrcIp       uint32
+	SrcPort     uint16
+	PayloadLen  uint16
+	TimestampNs uint64
+}
+
 // LoadJa4Tc returns the embedded CollectionSpec for Ja4Tc.
 func LoadJa4Tc() (*ebpf.CollectionSpec, error) {
 	reader := bytes.NewReader(_Ja4TcBytes)
@ -78,22 +107,26 @@ type Ja4TcSpecs struct {
 //
 // It can be passed ebpf.CollectionSpec.Assign.
 type Ja4TcProgramSpecs struct {
-	CaptureXdp *ebpf.ProgramSpec `ebpf:"capture_xdp"`
+	CaptureTc *ebpf.ProgramSpec `ebpf:"capture_tc"`
 }

 // Ja4TcMapSpecs contains maps before they are loaded into the kernel.
 //
 // It can be passed ebpf.CollectionSpec.Assign.
 type Ja4TcMapSpecs struct {
+	HttpBuf     *ebpf.MapSpec `ebpf:"__http_buf"`
+	SslBuf      *ebpf.MapSpec `ebpf:"__ssl_buf"`
+	TlsBuf      *ebpf.MapSpec `ebpf:"__tls_buf"`
 	AcceptMap   *ebpf.MapSpec `ebpf:"accept_map"`
 	FdConnMap   *ebpf.MapSpec `ebpf:"fd_conn_map"`
-	RbAccept    *ebpf.MapSpec `ebpf:"rb_accept"`
-	RbHttpPlain *ebpf.MapSpec `ebpf:"rb_http_plain"`
-	RbSslData   *ebpf.MapSpec `ebpf:"rb_ssl_data"`
-	RbTcpSyn    *ebpf.MapSpec `ebpf:"rb_tcp_syn"`
-	RbTlsHello  *ebpf.MapSpec `ebpf:"rb_tls_hello"`
+	PbAccept    *ebpf.MapSpec `ebpf:"pb_accept"`
+	PbHttpPlain *ebpf.MapSpec `ebpf:"pb_http_plain"`
+	PbSslData   *ebpf.MapSpec `ebpf:"pb_ssl_data"`
+	PbTcpSyn    *ebpf.MapSpec `ebpf:"pb_tcp_syn"`
+	PbTlsHello  *ebpf.MapSpec `ebpf:"pb_tls_hello"`
 	SslArgsMap  *ebpf.MapSpec `ebpf:"ssl_args_map"`
 	SslConnMap  *ebpf.MapSpec `ebpf:"ssl_conn_map"`
+	TcStats     *ebpf.MapSpec `ebpf:"tc_stats"`
 }

 // Ja4TcObjects contains all objects after they have been loaded into the kernel.
@ -115,28 +148,36 @@ func (o *Ja4TcObjects) Close() error {
 //
 // It can be passed to LoadJa4TcObjects or ebpf.CollectionSpec.LoadAndAssign.
 type Ja4TcMaps struct {
+	HttpBuf     *ebpf.Map `ebpf:"__http_buf"`
+	SslBuf      *ebpf.Map `ebpf:"__ssl_buf"`
+	TlsBuf      *ebpf.Map `ebpf:"__tls_buf"`
 	AcceptMap   *ebpf.Map `ebpf:"accept_map"`
 	FdConnMap   *ebpf.Map `ebpf:"fd_conn_map"`
-	RbAccept    *ebpf.Map `ebpf:"rb_accept"`
-	RbHttpPlain *ebpf.Map `ebpf:"rb_http_plain"`
-	RbSslData   *ebpf.Map `ebpf:"rb_ssl_data"`
-	RbTcpSyn    *ebpf.Map `ebpf:"rb_tcp_syn"`
-	RbTlsHello  *ebpf.Map `ebpf:"rb_tls_hello"`
+	PbAccept    *ebpf.Map `ebpf:"pb_accept"`
+	PbHttpPlain *ebpf.Map `ebpf:"pb_http_plain"`
+	PbSslData   *ebpf.Map `ebpf:"pb_ssl_data"`
+	PbTcpSyn    *ebpf.Map `ebpf:"pb_tcp_syn"`
+	PbTlsHello  *ebpf.Map `ebpf:"pb_tls_hello"`
 	SslArgsMap  *ebpf.Map `ebpf:"ssl_args_map"`
 	SslConnMap  *ebpf.Map `ebpf:"ssl_conn_map"`
+	TcStats     *ebpf.Map `ebpf:"tc_stats"`
 }

 func (m *Ja4TcMaps) Close() error {
 	return _Ja4TcClose(
+		m.HttpBuf,
+		m.SslBuf,
+		m.TlsBuf,
 		m.AcceptMap,
 		m.FdConnMap,
-		m.RbAccept,
-		m.RbHttpPlain,
-		m.RbSslData,
-		m.RbTcpSyn,
-		m.RbTlsHello,
+		m.PbAccept,
+		m.PbHttpPlain,
+		m.PbSslData,
+		m.PbTcpSyn,
+		m.PbTlsHello,
 		m.SslArgsMap,
 		m.SslConnMap,
+		m.TcStats,
 	)
 }

@ -144,12 +185,12 @@ func (m *Ja4TcMaps) Close() error {
 //
 // It can be passed to LoadJa4TcObjects or ebpf.CollectionSpec.LoadAndAssign.
 type Ja4TcPrograms struct {
-	CaptureXdp *ebpf.Program `ebpf:"capture_xdp"`
+	CaptureTc *ebpf.Program `ebpf:"capture_tc"`
 }

 func (p *Ja4TcPrograms) Close() error {
 	return _Ja4TcClose(
-		p.CaptureXdp,
+		p.CaptureTc,
 	)
 }