code_public/ja4sentinel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

release: version 1.1.6 - Add local IP filtering and SLL support
Some checks failed
Build RPM Package / Build RPM Packages (CentOS 7, Rocky 8/9/10) (push) Has been cancelled
Details

Browse Source 
Features:
- Add local_ips configuration option for filtering traffic to local machine
- Auto-detection of local IP addresses (excludes loopback 127.x.x.x, ::1)
- Support interface 'any' for capturing on all network interfaces
- Add Linux SLL (cooked capture) support for interface 'any'
- Generate BPF filter with 'dst host' for local IP filtering
- Add LinkType field to RawPacket for proper packet parsing

Testing:
- Add unit tests for local IP detection (detectLocalIPs, extractIP)
- Add unit tests for SLL packet parsing (IPv4 and IPv6)
- Update capture tests for new packetToRawPacket method

Configuration:
- Update config.yml.example with local_ips documentation
- Update RPM spec to version 1.1.6 with changelog

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
This commit is contained in:
toto
2026-03-04 11:02:53 +01:00
parent 96372e6181
commit 027730b360
8 changed files with 714 additions and 67 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
api/types.go
View File

@ -21,6 +21,7 @@ type Config struct {
Interface string `json:"interface"`
ListenPorts []uint16 `json:"listen_ports"`
BPFFilter string `json:"bpf_filter,omitempty"`
LocalIPs []string `json:"local_ips,omitempty"` // Local IPs to monitor (empty = auto-detect, excludes loopback)
FlowTimeoutSec int `json:"flow_timeout_sec,omitempty"` // Timeout for TLS handshake extraction (default: 30)
PacketBufferSize int `json:"packet_buffer_size,omitempty"` // Buffer size for packet channel (default: 1000)
LogLevel string `json:"log_level,omitempty"` // Log level: debug, info, warn, error (default: info)
@ -44,8 +45,9 @@ type TCPMeta struct {
// RawPacket represents a raw packet captured from the network
type RawPacket struct {
Data []byte `json:"-"` // Not serialized
Data []byte `json:"-"` // Raw packet data including link-layer header
Timestamp int64 `json:"timestamp"` // nanoseconds since epoch
LinkType int `json:"-"` // Link type (1=Ethernet, 101=Linux SLL, etc.)
}
// TLSClientHello represents a client-side TLS ClientHello with IP/TCP metadata