release: version 1.1.15 - Fix ALPN detection for malformed TLS extensions
Some checks failed
Build RPM Package / Build RPM Packages (CentOS 7, Rocky 8/9/10) (push) Has been cancelled
Some checks failed
Build RPM Package / Build RPM Packages (CentOS 7, Rocky 8/9/10) (push) Has been cancelled
- FIX: ALPN (tls_alpn) not appearing in logs for packets with truncated extensions - Add sanitizeTLSRecord fallback in extractTLSExtensions (tlsparse/parser.go) - Mirrors sanitization already present in fingerprint/engine.go - ALPN now correctly extracted even when ParseClientHello fails on raw payload - Bump version to 1.1.15 in main.go and packaging/rpm/ja4sentinel.spec Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This commit is contained in:
toto
@ -271,16 +271,17 @@ func extractIP(addr net.Addr) net.IP {
|
||||
}
|
||||
|
||||
// buildBPFFilter builds a BPF filter for the specified ports and local IPs
|
||||
// Filter: (tcp port 443 or tcp port 8443) and (dst host 192.168.1.10 or dst host 10.0.0.5)
|
||||
// Filter: (tcp dst port 443 or tcp dst port 8443) and (dst host 192.168.1.10 or dst host 10.0.0.5)
|
||||
// Uses "tcp dst port" to only capture client→server traffic (not server→client responses)
|
||||
func (c *CaptureImpl) buildBPFFilter(ports []uint16, localIPs []string) string {
|
||||
if len(ports) == 0 {
|
||||
return "tcp"
|
||||
}
|
||||
|
||||
// Build port filter
|
||||
// Build port filter (dst port only to avoid capturing server responses)
|
||||
portParts := make([]string, len(ports))
|
||||
for i, port := range ports {
|
||||
portParts[i] = fmt.Sprintf("tcp port %d", port)
|
||||
portParts[i] = fmt.Sprintf("tcp dst port %d", port)
|
||||
}
|
||||
portFilter := "(" + strings.Join(portParts, ") or (") + ")"
|
||||
|
||||
|
||||
Reference in New Issue
Block a user