code_public/ja4sentinel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

release: version 1.0.9 - Add SNI, ALPN, TLS version extraction and architecture.yml compliance
Some checks failed
Build RPM Package / Build RPM Packages (CentOS 7, Rocky 8/9/10) (push) Has been cancelled
Details

Browse Source 
New features:
- Extract SNI (Server Name Indication) from TLS ClientHello
- Extract ALPN (Application-Layer Protocol Negotiation) protocols
- Detect TLS version from ClientHello using tlsfingerprint library
- Add ConnID field for TCP flow correlation
- Add SensorID field for multi-sensor deployments
- Add SynToCHMs timing field for behavioral detection
- Add AsyncBuffer configuration for output queue sizing

Architecture changes:
- Remove JA4Hash from LogRecord (JA4 format includes its own hash portions)
- Update api.TLSClientHello with new TLS metadata fields
- Update api.LogRecord with correlation, TLS, and timing fields
- Ensure 100% compliance with architecture.yml specification

Tests:
- Add unit tests for TLS extension extraction (SNI, ALPN, Version)
- Update tests for new LogRecord schema without JA4Hash
- Add tests for AsyncBuffer configuration

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
This commit is contained in:
Jacquin Antoine
2026-03-02 19:32:16 +01:00
parent fd162982d9
commit 965720a183
12 changed files with 854 additions and 392 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
internal/config/loader_test.go
View File

@ -93,7 +93,7 @@ func TestMergeConfigs(t *testing.T) {
PacketBufferSize: 2000,
},
Outputs: []api.OutputConfig{
{Type: "stdout", Enabled: true},
{Type: "stdout", Enabled: true, AsyncBuffer: 5000},
},
}
@ -117,6 +117,9 @@ func TestMergeConfigs(t *testing.T) {
if result.Core.PacketBufferSize != 2000 {
t.Errorf("PacketBufferSize = %v, want 2000", result.Core.PacketBufferSize)
}
if result.Outputs[0].AsyncBuffer != 5000 {
t.Errorf("Outputs[0].AsyncBuffer = %v, want 5000", result.Outputs[0].AsyncBuffer)
}
}
func TestValidate(t *testing.T) {
@ -345,6 +348,20 @@ func TestValidate_InvalidOutputs(t *testing.T) {
},
wantErr: false,
},
{
name: "output with AsyncBuffer zero (default)",
outputs: []api.OutputConfig{
{Type: "stdout", Enabled: true, AsyncBuffer: 0},
},
wantErr: false,
},
{
name: "output with custom AsyncBuffer",
outputs: []api.OutputConfig{
{Type: "unix_socket", Enabled: true, AsyncBuffer: 5000, Params: map[string]string{"socket_path": "/tmp/x.sock"}},
},
wantErr: false,
},
}
for _, tt := range tests {