code_public/ja4-platform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
ja4-platform/tests/vm/debug-mode.sh
Jacquin Antoine d75825278e feat: multi-distro VM tests, ja4ebpf eBPF improvements, bot-detector scoring 
ja4ebpf:
- Refactor BPF TC capture with improved SYN offset handling and TCP option parsing
- Enhance TLS uprobe SSL hooking for better key extraction
- Add ClickHouse writer improvements for HTTP log materialized views
- Update RPM spec for Rocky Linux 8/9/10, fix systemd service
- Simplify loader with cleaner bpf2go integration

bot-detector:
- Add H2 SETTINGS per-parameter comparison in browser_matcher
- Enhance browser signatures and scoring pipeline
- Improve preprocessing and cycle detection

infra:
- Multi-distro Vagrantfile (centos8, rocky9, rocky10) with per-distro provisioning
- New Makefile targets: vm-up-all, test-vm-matrix, test-vm-centos8/rocky10
- Add debug helpers and run-test-from-host.sh for host-driven VM testing
- Update run-tests-vm.sh for cross-distro compatibility
- Remove accidental binary blob (\004)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-13 01:09:33 +02:00

99 lines
2.9 KiB
Bash
Raw Permalink Blame History

#!/usr/bin/env bash
# debug-mode.sh — Test rapide du mode debug ja4ebpf sur une VM
# Usage: vagrant upload /ja4-platform/tests/vm/debug-mode.sh /tmp/debug-mode.sh rocky9
# vagrant ssh rocky9 -- 'sudo bash /tmp/debug-mode.sh'
set -euo pipefail
echo "=== [1] Install debug binary ==="
cp /tmp/ja4ebpf-debug /usr/local/bin/ja4ebpf
chmod +x /usr/local/bin/ja4ebpf
echo "=== [2] Start nginx ==="
nginx -s stop 2>/dev/null || true; sleep 1
mkdir -p /run/nginx /var/www/html
echo '{"ok":true}' > /var/www/html/health
# Minimal nginx config for TLS
cat > /etc/nginx/nginx.conf << 'NEOF'
worker_processes 1;
events { worker_connections 64; }
http {
server {
listen 80;
listen 443 ssl;
ssl_certificate /etc/pki/tls/certs/nginx.crt;
ssl_certificate_key /etc/pki/tls/private/nginx.key;
root /var/www/html;
}
}
NEOF
openssl req -x509 -nodes -days 365 -subj /CN=test -newkey rsa:2048 \
-keyout /etc/pki/tls/private/nginx.key -out /etc/pki/tls/certs/nginx.crt 2>/dev/null
nginx && echo " nginx ready"
echo "=== [3] Start ja4ebpf in DEBUG mode ==="
pkill ja4ebpf 2>/dev/null || true; sleep 1
# Config with debug=true — no ClickHouse needed in debug mode
cat > /tmp/ja4-debug.yml << 'YEOF'
interface: eth0
ssl_lib_path: "/usr/lib64/libssl.so.3"
debug: true
clickhouse:
dsn: "clickhouse://default:@127.0.0.1:9000/ja4_logs"
batch_size: 50
flush_secs: 1
correlation:
timeout_ms: 500
slowloris_ms: 10000
log:
level: "debug"
format: "text"
YEOF
JA4EBPF_CONFIG=/tmp/ja4-debug.yml ja4ebpf > /tmp/ja4-debug.log 2>&1 &
sleep 3
JA4PID=$(pgrep ja4ebpf || echo NONE)
if [ "$JA4PID" = "NONE" ]; then
echo " ja4ebpf DEAD! Log:"
cat /tmp/ja4-debug.log
exit 1
fi
echo " ja4ebpf PID=$JA4PID"
# Verify XDP
echo " XDP check:"
ip -d link show dev eth0 | grep -i xdp || echo " (no XDP attached)"
echo "=== [4] Generate traffic ==="
ETH0_IP=$(ip -4 addr show eth0 | awk '/inet /{sub(/\/.*/,"",$2); print $2; exit}')
echo " eth0 IP: $ETH0_IP"
# HTTP traffic from localhost via eth0 IP
for i in $(seq 1 5); do
curl -sf "http://$ETH0_IP/health" -o /dev/null 2>&1 && echo " HTTP $i: OK" || echo " HTTP $i: FAIL"
curl -skf "https://$ETH0_IP/health" -o /dev/null 2>&1 && echo " HTTPS $i: OK" || echo " HTTPS $i: FAIL"
done
echo "=== [5] Wait for debug dump (6s) ==="
sleep 6
echo "=== [6] Results ==="
echo " ja4ebpf: $(pgrep ja4ebpf > /dev/null && echo alive || echo DEAD)"
echo ""
echo " === Last 20 lines of log ==="
tail -20 /tmp/ja4-debug.log | sed 's/^/ /'
echo ""
echo " === BPF map stats (bpftool) ==="
STATS_MAP_ID=$(bpftool map show name xdp_stats 2>/dev/null | grep -oP 'id \K\d+' || echo NONE)
if [ "$STATS_MAP_ID" != "NONE" ]; then
bpftool map dump id $STATS_MAP_ID 2>/dev/null | head -40 | sed 's/^/ /'
else
echo " xdp_stats map not found!"
fi
# Cleanup
pkill ja4ebpf 2>/dev/null || true
nginx -s stop 2>/dev/null || true
Reference in New Issue View Git Blame Copy Permalink