#!/usr/bin/env bash
# debug-mode-host.sh — Test debug ja4ebpf avec trafic host→VM
# Usage: ./debug-mode-host.sh rocky9
set -euo pipefail

VM="${1:-rocky9}"
cd "$(dirname "$0")"

echo "=== [1] Setup VM: nginx + ja4ebpf debug ==="
vagrant ssh "$VM" -- "sudo bash -c '
    PATH=/usr/local/bin:\$PATH
    # Install debug binary
    cp /tmp/ja4ebpf-debug /usr/local/bin/ja4ebpf
    chmod +x /usr/local/bin/ja4ebpf

    # Start nginx
    nginx -s stop 2>/dev/null || true; sleep 1
    mkdir -p /run/nginx /var/www/html
    echo {\"ok\":true} > /var/www/html/health
    cat > /etc/nginx/nginx.conf << \"NEOF\"
worker_processes 1;
events { worker_connections 64; }
http {
    server {
        listen 80;
        listen 443 ssl;
        ssl_certificate /etc/pki/tls/certs/nginx.crt;
        ssl_certificate_key /etc/pki/tls/private/nginx.key;
        root /var/www/html;
    }
}
NEOF
    openssl req -x509 -nodes -days 365 -subj /CN=test -newkey rsa:2048 \
      -keyout /etc/pki/tls/private/nginx.key -out /etc/pki/tls/certs/nginx.crt 2>/dev/null
    nginx

    # Start ja4ebpf debug
    pkill ja4ebpf 2>/dev/null || true; sleep 1
    cat > /tmp/ja4-debug.yml << \"YEOF\"
interface: eth0
ssl_lib_path: \"/usr/lib64/libssl.so.3\"
debug: true
clickhouse:
  dsn: \"clickhouse://default:@127.0.0.1:9000/ja4_logs\"
  batch_size: 50
  flush_secs: 1
correlation:
  timeout_ms: 500
  slowloris_ms: 10000
log:
  level: \"debug\"
  format: \"text\"
YEOF
    JA4EBPF_CONFIG=/tmp/ja4-debug.yml ja4ebpf > /tmp/ja4-debug.log 2>&1 &
    sleep 3
    PID=\$(pgrep ja4ebpf || echo NONE)
    echo \"  ja4ebpf PID=\$PID\"
    if [ \"\$PID\" = \"NONE\" ]; then cat /tmp/ja4-debug.log; exit 1; fi

    # Open firewall
    firewall-cmd --add-service=http --add-service=https 2>/dev/null || true

    # Show eth0 IP
    ip -4 addr show eth0 | awk \"/inet /{sub(/\\/.*/,\"\",\\\$2); print \\\"  eth0 IP: \\\"\\\$2; exit}\"
'" 2>&1

echo ""
echo "=== [2] Get VM IP ==="
VM_IP=$(vagrant ssh "$VM" -- "ip -4 addr show eth0" 2>/dev/null | awk '/inet /{sub(/\/.*/,"",$2); print $2; exit}')
echo "  VM IP: $VM_IP"

if [ -z "$VM_IP" ]; then
    echo "  ERROR: no eth0 IP found"
    exit 1
fi

echo ""
echo "=== [3] Generate traffic from HOST to VM ==="
for i in $(seq 1 3); do
    curl -sf "http://$VM_IP/health" -o /dev/null -w "  HTTP $i: %{http_code}\n" 2>&1 || echo "  HTTP $i: FAIL"
    curl -skf "https://$VM_IP/health" -o /dev/null -w "  HTTPS $i: %{http_code}\n" 2>&1 || echo "  HTTPS $i: FAIL"
done

echo ""
echo "=== [4] Wait for debug dump (8s) ==="
sleep 8

echo ""
echo "=== [5] Collect results ==="
vagrant ssh "$VM" -- "sudo bash -c '
    echo \"  ja4ebpf: \$(pgrep ja4ebpf > /dev/null && echo alive || echo DEAD)\"
    echo \"\"
    echo \"  === BPF stats ===\"
    STATS_MAP_ID=\$(bpftool map show name xdp_stats 2>/dev/null | grep -oP \"id \K\d+\" || echo NONE)
    if [ \"\$STATS_MAP_ID\" != \"NONE\" ]; then
        bpftool map dump id \$STATS_MAP_ID 2>/dev/null | sed \"s/^/  /\"
    else
        echo \"  xdp_stats map not found!\"
    fi
    echo \"\"
    echo \"  === Log tail ===\"
    tail -30 /tmp/ja4-debug.log | sed \"s/^/  /\"

    # Cleanup
    pkill ja4ebpf 2>/dev/null || true
    nginx -s stop 2>/dev/null || true
'" 2>&1