code_public/ja4-platform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3353b3ae8208be6ec55bca8c3f5b99d451d9cedc
ja4-platform/services/ja4ebpf/internal/loader/ja4tc_x86_bpfel.go
Jacquin Antoine f0c8fe81c6 feat(ja4ebpf): add multi-interface TC, LPM_TRIE ignore_src, unit tests, and fix bugs 
- Add multi-interface TC attachment (default "any" = all UP interfaces)
- Add BPF LPM_TRIE map ignored_src for kernel-side CIDR filtering
- Add userspace ignore_src filtering for SSL/accept4 path via net.IPNet.Contains()
- Add AcceptCache for fd→SessionKey correlation with TTL and Close()
- Add 5 test files covering writer, procutil, dispatcher, accept_cache, and cmd
- Fix formatTCPOptions infinite loop on EOL (case 0 break→return)
- Fix pseudoOrderToShort panic on empty slice (negative cap)
- Fix AcceptCache goroutine leak (add done channel + Close())
- Update config.yml.example with interfaces, listen_ports, ignore_src
- Rewrite docs/services/ja4ebpf.md (was massively stale: XDP, RingBuffer, etc.)
- Fix stale XDP/RingBuffer references in docs/architecture.md, thesis, tls.go

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-16 01:49:26 +02:00

218 lines
5.0 KiB
Go
Raw Blame History

// Code generated by bpf2go; DO NOT EDIT.
//go:build 386 || amd64
package loader
import (
"bytes"
_ "embed"
"fmt"
"io"
"github.com/cilium/ebpf"
)
type Ja4TcAcceptEvent struct {
PidTgid uint64
Fd uint32
SrcIp uint32
SrcPort uint16
TimestampNs uint64
}
type Ja4TcAcceptKey struct {
PidTgid uint64
Fd uint32
}
type Ja4TcHttpPlainEvent struct {
Payload [4096]uint8
SrcIp uint32
DstIp uint32
SrcPort uint16
DstPort uint16
PayloadLen uint16
TimestampNs uint64
}
type Ja4TcSslConnInfo struct {
Fd uint32
SrcIp uint32
SrcPort uint16
}
type Ja4TcSslDataEvent struct {
PidTgid uint64
Fd uint32
SrcIp uint32
SrcPort uint16
Data [4096]uint8
DataLen uint32
TimestampNs uint64
Direction uint8
}
type Ja4TcSslReadArgs struct {
SslPtr uint64
BufPtr uint64
Num uint32
}
type Ja4TcTlsHelloEvent struct {
Payload [2048]uint8
SrcIp uint32
DstIp uint32
SrcPort uint16
DstPort uint16
PayloadLen uint16
TimestampNs uint64
}
// LoadJa4Tc returns the embedded CollectionSpec for Ja4Tc.
func LoadJa4Tc() (*ebpf.CollectionSpec, error) {
reader := bytes.NewReader(_Ja4TcBytes)
spec, err := ebpf.LoadCollectionSpecFromReader(reader)
if err != nil {
return nil, fmt.Errorf("can't load Ja4Tc: %w", err)
}
return spec, err
}
// LoadJa4TcObjects loads Ja4Tc and converts it into a struct.
//
// The following types are suitable as obj argument:
//
// *Ja4TcObjects
// *Ja4TcPrograms
// *Ja4TcMaps
//
// See ebpf.CollectionSpec.LoadAndAssign documentation for details.
func LoadJa4TcObjects(obj interface{}, opts *ebpf.CollectionOptions) error {
spec, err := LoadJa4Tc()
if err != nil {
return err
}
return spec.LoadAndAssign(obj, opts)
}
// Ja4TcSpecs contains maps and programs before they are loaded into the kernel.
//
// It can be passed ebpf.CollectionSpec.Assign.
type Ja4TcSpecs struct {
Ja4TcProgramSpecs
Ja4TcMapSpecs
}
// Ja4TcSpecs contains programs before they are loaded into the kernel.
//
// It can be passed ebpf.CollectionSpec.Assign.
type Ja4TcProgramSpecs struct {
CaptureTc *ebpf.ProgramSpec `ebpf:"capture_tc"`
}
// Ja4TcMapSpecs contains maps before they are loaded into the kernel.
//
// It can be passed ebpf.CollectionSpec.Assign.
type Ja4TcMapSpecs struct {
HttpBuf *ebpf.MapSpec `ebpf:"__http_buf"`
SslBuf *ebpf.MapSpec `ebpf:"__ssl_buf"`
TlsBuf *ebpf.MapSpec `ebpf:"__tls_buf"`
AcceptMap *ebpf.MapSpec `ebpf:"accept_map"`
AllowedPorts *ebpf.MapSpec `ebpf:"allowed_ports"`
FdConnMap *ebpf.MapSpec `ebpf:"fd_conn_map"`
IgnoredSrc *ebpf.MapSpec `ebpf:"ignored_src"`
PbAccept *ebpf.MapSpec `ebpf:"pb_accept"`
PbHttpPlain *ebpf.MapSpec `ebpf:"pb_http_plain"`
PbSslData *ebpf.MapSpec `ebpf:"pb_ssl_data"`
PbTcpSyn *ebpf.MapSpec `ebpf:"pb_tcp_syn"`
PbTlsHello *ebpf.MapSpec `ebpf:"pb_tls_hello"`
SslArgsMap *ebpf.MapSpec `ebpf:"ssl_args_map"`
SslConnMap *ebpf.MapSpec `ebpf:"ssl_conn_map"`
TcStats *ebpf.MapSpec `ebpf:"tc_stats"`
}
// Ja4TcObjects contains all objects after they have been loaded into the kernel.
//
// It can be passed to LoadJa4TcObjects or ebpf.CollectionSpec.LoadAndAssign.
type Ja4TcObjects struct {
Ja4TcPrograms
Ja4TcMaps
}
func (o *Ja4TcObjects) Close() error {
return _Ja4TcClose(
&o.Ja4TcPrograms,
&o.Ja4TcMaps,
)
}
// Ja4TcMaps contains all maps after they have been loaded into the kernel.
//
// It can be passed to LoadJa4TcObjects or ebpf.CollectionSpec.LoadAndAssign.
type Ja4TcMaps struct {
HttpBuf *ebpf.Map `ebpf:"__http_buf"`
SslBuf *ebpf.Map `ebpf:"__ssl_buf"`
TlsBuf *ebpf.Map `ebpf:"__tls_buf"`
AcceptMap *ebpf.Map `ebpf:"accept_map"`
AllowedPorts *ebpf.Map `ebpf:"allowed_ports"`
FdConnMap *ebpf.Map `ebpf:"fd_conn_map"`
IgnoredSrc *ebpf.Map `ebpf:"ignored_src"`
PbAccept *ebpf.Map `ebpf:"pb_accept"`
PbHttpPlain *ebpf.Map `ebpf:"pb_http_plain"`
PbSslData *ebpf.Map `ebpf:"pb_ssl_data"`
PbTcpSyn *ebpf.Map `ebpf:"pb_tcp_syn"`
PbTlsHello *ebpf.Map `ebpf:"pb_tls_hello"`
SslArgsMap *ebpf.Map `ebpf:"ssl_args_map"`
SslConnMap *ebpf.Map `ebpf:"ssl_conn_map"`
TcStats *ebpf.Map `ebpf:"tc_stats"`
}
func (m *Ja4TcMaps) Close() error {
return _Ja4TcClose(
m.HttpBuf,
m.SslBuf,
m.TlsBuf,
m.AcceptMap,
m.AllowedPorts,
m.FdConnMap,
m.IgnoredSrc,
m.PbAccept,
m.PbHttpPlain,
m.PbSslData,
m.PbTcpSyn,
m.PbTlsHello,
m.SslArgsMap,
m.SslConnMap,
m.TcStats,
)
}
// Ja4TcPrograms contains all programs after they have been loaded into the kernel.
//
// It can be passed to LoadJa4TcObjects or ebpf.CollectionSpec.LoadAndAssign.
type Ja4TcPrograms struct {
CaptureTc *ebpf.Program `ebpf:"capture_tc"`
}
func (p *Ja4TcPrograms) Close() error {
return _Ja4TcClose(
p.CaptureTc,
)
}
func _Ja4TcClose(closers ...io.Closer) error {
for _, closer := range closers {
if err := closer.Close(); err != nil {
return err
}
}
return nil
}
// Do not access this directly.
//
//go:embed ja4tc_x86_bpfel.o
var _Ja4TcBytes []byte
Reference in New Issue View Git Blame Copy Permalink