From a69de782cb25d419c75be5de3ba15ffbaed6c8bb Mon Sep 17 00:00:00 2001
From: Jacquin Antoine <rpm@arkel.fr>
Date: Sun, 1 Mar 2026 01:27:27 +0100
Subject: [PATCH] release: version 1.0.5 - fix TCP options detection
 (NOP/EOL/SACK)

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
---
 Dockerfile.package             | 4 ++--
 cmd/ja4sentinel/main.go        | 2 +-
 internal/tlsparse/parser.go    | 9 +++++++++
 packaging/rpm/ja4sentinel.spec | 2 +-
 4 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/Dockerfile.package b/Dockerfile.package
index fd5afb0..104c999 100644
--- a/Dockerfile.package
+++ b/Dockerfile.package
@@ -35,7 +35,7 @@ COPY . .
 
 # Build binary for Linux
 # Binary will be dynamically linked but compatible with all RHEL-based distros
-ARG VERSION=1.0.0
+ARG VERSION=1.0.5
 ARG BUILD_TIME=""
 ARG GIT_COMMIT=""
 RUN mkdir -p dist && \
@@ -53,7 +53,7 @@ FROM rockylinux:9 AS rpm-builder
 WORKDIR /package
 
 # VERSION must be redeclared for each stage that needs it
-ARG VERSION=1.0.0
+ARG VERSION=1.0.5
 
 # Install rpm-build tools (Rocky Linux 9)
 RUN dnf install -y \
diff --git a/cmd/ja4sentinel/main.go b/cmd/ja4sentinel/main.go
index 2ce3d4d..a0b92f7 100644
--- a/cmd/ja4sentinel/main.go
+++ b/cmd/ja4sentinel/main.go
@@ -22,7 +22,7 @@ import (
 
 var (
 	// Version information (set via ldflags)
-	Version   = "1.0.0"
+	Version   = "1.0.5"
 	BuildTime = "unknown"
 	GitCommit = "unknown"
 )
diff --git a/internal/tlsparse/parser.go b/internal/tlsparse/parser.go
index 1fdf19d..9c815c7 100644
--- a/internal/tlsparse/parser.go
+++ b/internal/tlsparse/parser.go
@@ -344,6 +344,12 @@ func extractTCPMeta(tcp *layers.TCP) api.TCPMeta {
 	// Parse TCP options
 	for _, opt := range tcp.Options {
 		switch opt.OptionType {
+		case layers.TCPOptionKindEndList:
+			// End of Options List - skip silently
+			continue
+		case layers.TCPOptionKindNop:
+			// No Operation (padding) - skip silently
+			continue
 		case layers.TCPOptionKindMSS:
 			if len(opt.OptionData) >= 2 {
 				meta.MSS = binary.BigEndian.Uint16(opt.OptionData[:2])
@@ -358,6 +364,9 @@ func extractTCPMeta(tcp *layers.TCP) api.TCPMeta {
 			meta.Options = append(meta.Options, "WS")
 		case layers.TCPOptionKindSACKPermitted:
 			meta.Options = append(meta.Options, "SACK")
+		case layers.TCPOptionKindSACK:
+			// SACK blocks (actual SACK data, not just permitted)
+			meta.Options = append(meta.Options, "SACK")
 		case layers.TCPOptionKindTimestamps:
 			meta.Options = append(meta.Options, "TS")
 		default:
diff --git a/packaging/rpm/ja4sentinel.spec b/packaging/rpm/ja4sentinel.spec
index dcd6436..920f67b 100644
--- a/packaging/rpm/ja4sentinel.spec
+++ b/packaging/rpm/ja4sentinel.spec
@@ -3,7 +3,7 @@
 %if %{defined build_version}
 %define spec_version %{build_version}
 %else
-%define spec_version 1.0.4
+%define spec_version 1.0.5
 %endif
 
 Name:           ja4sentinel