#!/usr/bin/env bash
# debug-mode.sh — Test rapide du mode debug ja4ebpf sur une VM
# Usage: vagrant upload /ja4-platform/tests/vm/debug-mode.sh /tmp/debug-mode.sh rocky9
#        vagrant ssh rocky9 -- 'sudo bash /tmp/debug-mode.sh'
set -euo pipefail

echo "=== [1] Install debug binary ==="
cp /tmp/ja4ebpf-debug /usr/local/bin/ja4ebpf
chmod +x /usr/local/bin/ja4ebpf

echo "=== [2] Start nginx ==="
nginx -s stop 2>/dev/null || true; sleep 1
mkdir -p /run/nginx /var/www/html
echo '{"ok":true}' > /var/www/html/health
# Minimal nginx config for TLS
cat > /etc/nginx/nginx.conf << 'NEOF'
worker_processes 1;
events { worker_connections 64; }
http {
    server {
        listen 80;
        listen 443 ssl;
        ssl_certificate /etc/pki/tls/certs/nginx.crt;
        ssl_certificate_key /etc/pki/tls/private/nginx.key;
        root /var/www/html;
    }
}
NEOF
openssl req -x509 -nodes -days 365 -subj /CN=test -newkey rsa:2048 \
  -keyout /etc/pki/tls/private/nginx.key -out /etc/pki/tls/certs/nginx.crt 2>/dev/null
nginx && echo "  nginx ready"

echo "=== [3] Start ja4ebpf in DEBUG mode ==="
pkill ja4ebpf 2>/dev/null || true; sleep 1

# Config with debug=true — no ClickHouse needed in debug mode
cat > /tmp/ja4-debug.yml << 'YEOF'
interface: eth0
ssl_lib_path: "/usr/lib64/libssl.so.3"
debug: true
clickhouse:
  dsn: "clickhouse://default:@127.0.0.1:9000/ja4_logs"
  batch_size: 50
  flush_secs: 1
correlation:
  timeout_ms: 500
  slowloris_ms: 10000
log:
  level: "debug"
  format: "text"
YEOF

JA4EBPF_CONFIG=/tmp/ja4-debug.yml ja4ebpf > /tmp/ja4-debug.log 2>&1 &
sleep 3

JA4PID=$(pgrep ja4ebpf || echo NONE)
if [ "$JA4PID" = "NONE" ]; then
    echo "  ja4ebpf DEAD! Log:"
    cat /tmp/ja4-debug.log
    exit 1
fi
echo "  ja4ebpf PID=$JA4PID"

# Verify XDP
echo "  XDP check:"
ip -d link show dev eth0 | grep -i xdp || echo "  (no XDP attached)"

echo "=== [4] Generate traffic ==="
ETH0_IP=$(ip -4 addr show eth0 | awk '/inet /{sub(/\/.*/,"",$2); print $2; exit}')
echo "  eth0 IP: $ETH0_IP"

# HTTP traffic from localhost via eth0 IP
for i in $(seq 1 5); do
    curl -sf "http://$ETH0_IP/health" -o /dev/null 2>&1 && echo "  HTTP $i: OK" || echo "  HTTP $i: FAIL"
    curl -skf "https://$ETH0_IP/health" -o /dev/null 2>&1 && echo "  HTTPS $i: OK" || echo "  HTTPS $i: FAIL"
done

echo "=== [5] Wait for debug dump (6s) ==="
sleep 6

echo "=== [6] Results ==="
echo "  ja4ebpf: $(pgrep ja4ebpf > /dev/null && echo alive || echo DEAD)"
echo ""
echo "  === Last 20 lines of log ==="
tail -20 /tmp/ja4-debug.log | sed 's/^/  /'

echo ""
echo "  === BPF map stats (bpftool) ==="
STATS_MAP_ID=$(bpftool map show name xdp_stats 2>/dev/null | grep -oP 'id \K\d+' || echo NONE)
if [ "$STATS_MAP_ID" != "NONE" ]; then
    bpftool map dump id $STATS_MAP_ID 2>/dev/null | head -40 | sed 's/^/  /'
else
    echo "  xdp_stats map not found!"
fi

# Cleanup
pkill ja4ebpf 2>/dev/null || true
nginx -s stop 2>/dev/null || true