FEATURE:
- Add exclude_source_ips configuration option
- Support single IPs and CIDR ranges (IPv4/IPv6)
- Filter packets before TLS processing
- New ipfilter package with unit tests
- Log exclusion configuration at startup
Packaging:
- Update RPM spec to version 1.1.9
- Update changelog with feature details
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
- Restore all changelog entries from versions 1.0.0 to 1.1.7
- Keep single %changelog section (no duplicates)
- Preserves complete package history
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
Features:
- Add local_ips configuration option for filtering traffic to local machine
- Auto-detection of local IP addresses (excludes loopback 127.x.x.x, ::1)
- Support interface 'any' for capturing on all network interfaces
- Add Linux SLL (cooked capture) support for interface 'any'
- Generate BPF filter with 'dst host' for local IP filtering
- Add LinkType field to RawPacket for proper packet parsing
Testing:
- Add unit tests for local IP detection (detectLocalIPs, extractIP)
- Add unit tests for SLL packet parsing (IPv4 and IPv6)
- Update capture tests for new packetToRawPacket method
Configuration:
- Update config.yml.example with local_ips documentation
- Update RPM spec to version 1.1.6 with changelog
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
Bugfix:
- Use unixgram (DGRAM) instead of unix (STREAM) for socket output
- Fixes "protocol wrong type for socket" error
- DGRAM sockets are connectionless, better suited for log shipping
Packaging:
- Update RPM spec to version 1.1.5
- Update changelog
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
- config.yml.example: Unix socket enabled by default, stdout commented out
- internal/output/writers.go: Remove all internal logging from UnixSocketWriter
and FileWriter - only LogRecord JSON data is sent to outputs
- architecture.yml: Update description to mention 'socket UNIX par défaut'
- packaging/rpm/ja4sentinel.spec: Bump version to 1.1.1, update changelog
Diagnostic logs (error, debug, warning) now only go to stdout when enabled.
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
- Add Reopenable interface in api/types.go for log rotation support
- Add FileWriter.Reopen() method to reopen log files after rotation
- Add MultiWriter.Reopen() method to propagate rotation to all writers
- Update main.go to handle SIGHUP signal for systemctl reload
- Add logrotate configuration file (packaging/logrotate/ja4sentinel)
- Update systemd service with ExecReload for graceful rotation
- Update architecture.yml with logrotate documentation
- Update RPM spec and Dockerfile.package to include logrotate files
- Bump version to 1.1.0
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
New features:
- Extract SNI (Server Name Indication) from TLS ClientHello
- Extract ALPN (Application-Layer Protocol Negotiation) protocols
- Detect TLS version from ClientHello using tlsfingerprint library
- Add ConnID field for TCP flow correlation
- Add SensorID field for multi-sensor deployments
- Add SynToCHMs timing field for behavioral detection
- Add AsyncBuffer configuration for output queue sizing
Architecture changes:
- Remove JA4Hash from LogRecord (JA4 format includes its own hash portions)
- Update api.TLSClientHello with new TLS metadata fields
- Update api.LogRecord with correlation, TLS, and timing fields
- Ensure 100% compliance with architecture.yml specification
Tests:
- Add unit tests for TLS extension extraction (SNI, ALPN, Version)
- Update tests for new LogRecord schema without JA4Hash
- Add tests for AsyncBuffer configuration
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
The %{spec_version} macro was being referenced in the Version field
before it was defined, causing RPM packages to show literal '%{spec_version}'
instead of the actual version number.
Moving the macro definition to the top of the spec file ensures it's
expanded correctly during rpmbuild.
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
- Bump version from 1.0.2 to 1.0.4
- Add changelog entry for sdnotify integration
- Author: Jacquin Antoine <rpm@arkel.fr>
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
- Add github.com/coreos/go-systemd/v22/daemon dependency
- Signal SdNotifyReady after configuration is loaded
- Start watchdog goroutine that pings systemd every WatchdogSec/2
- Signal SdNotifyStopping during graceful shutdown
- Update systemd unit file:
- Type=notify (instead of simple)
- WatchdogSec=30 (auto-restart if service hangs)
- NotifyAccess=main (only main process can notify)
Benefits:
- systemd knows when service is truly ready
- Automatic detection of hung/frozen service
- Better integration with systemd supervision
- More accurate service status reporting
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
- Update Makefile to extract PKG_VERSION from spec file
Reads '%define spec_version 1.0.2' as default version
- Update spec file with proper version macro logic
Version field now uses %{spec_version}
Supports override via --define 'build_version X.Y.Z'
Falls back to 1.0.2 when build_version is not defined
This ensures RPM packages are built with the correct version
defined in the spec file (1.0.2) instead of hardcoded 1.0.0.
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
- Change systemd service to run as root instead of ja4sentinel user
- Remove user/group creation from RPM spec (%pre script)
- Update %post to set root:root ownership on directories
- Adjust security hardening for root execution (ProtectSystem=strict)
- Add ReadWritePaths for writable directories
Fixes: systemd error 'Failed at step USER spawning /usr/bin/ja4sentinel: No such process'
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
- Version: 1.0.1 → 1.0.2
- libpcap >= 1.9.0 (suppression support CentOS 7)
- Mise à jour du changelog RPM
- Description mise à jour (Rocky/Alma/RHEL 8+)
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
- Suppression complète du support DEB (Debian/Ubuntu)
- Builder Rocky Linux 9 pour compatibilité binaire maximale
- Compilation dynamique avec libpcap comme dépendance runtime
- Activation du dépôt CRB pour libpcap-devel
- RPM générés pour el7, el8, el9, el10
- Mise à jour documentation et workflows GitHub Actions
Fix: erreur 'libpcap.so.0.8: cannot open shared object file' sur Rocky Linux 9
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
- Remove dependency on Dockerfile.deb and Dockerfile.rpm
- Use debian:latest and rockylinux:8 containers directly
- Simplify test scripts by removing intermediate image builds
- Remove obsolete test-install-deb.sh and test-install-rpm.sh
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
- Remove Dockerfile.deb and Dockerfile.rpm (replaced by Dockerfile.package)
- Remove build-deb.sh and build-rpm.sh (replaced by fpm in Dockerfile.package)
- Remove test Dockerfiles and old test packages
- Keep only: deb/, rpm/, systemd/ directories with maintainer scripts
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
Ajout du point d'entrée principal :
- cmd/ja4sentinel/main.go : pipeline complet avec gestion des signaux
- Intégration des modules (capture, tlsparse, fingerprint, output)
- Shutdown propre avec context.Context
Corrections du parsing TLS :
- Flow key unidirectionnel (client → serveur uniquement)
- Timeout de flux configurable via FlowTimeoutSec
- Structure ConnectionFlow simplifiée
Améliorations de l'API :
- Champs TCPMSS et TCPWScale en pointeurs (omitempty correct)
- NewLogRecord mis à jour pour les champs optionnels
Mise à jour de l'architecture :
- architecture.yml : documentation des champs optionnels
- Règles de flux unidirectionnel documentées
Système de packages :
- Version par défaut : 1.0.0
- Nommage cohérent : ja4sentinel_1.0.0_amd64.deb
- Scripts build-deb.sh et build-rpm.sh simplifiés
- Extraction correcte des checksums
Tests :
- TestFlowKey mis à jour pour le format unidirectionnel
- Tous les tests passent (go test ./...)
- go vet clean
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
- Ajout des cibles make ci, ci-test, ci-build, ci-package, ci-package-test
- Correction des chemins de sortie des packages (build/deb, build/rpm)
- Build RPM sur Rocky Linux 9 pour dépendances correctes (libpcap.so.1)
- Fix tests RPM (command -v au lieu de which, fallback libpcap)
- Tous les tests passent (11/11 DEB, 11/11 RPM)
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
Cible: Rocky Linux 9 (compatible RHEL/CentOS)
Changes:
- packaging/Dockerfile.rpm: Build pour Rocky Linux
- packaging/build-rpm.sh: Ajout paramètre distribution (rocky/rhel/centos)
- packaging/rpm/ja4sentinel.spec:
* Condition %if 0%{?rhel} >= 8 pour compatibilité RHEL
* Description mise à jour avec Rocky Linux
- packaging/test/Dockerfile.rpm: Test sur Rocky Linux 9
- packaging/test/test-*.sh: Tests spécifiques Rocky Linux
- .github/workflows/build-rpm.yml:
* Nom du job: 'Build RPM Package (Rocky Linux)'
* TARGET_DIST: rockylinux:9
* Simplification du build via Docker
Documentation:
- README.md: Instructions d'installation pour .rpm (Rocky/RHEL) et .deb (Debian/Ubuntu)
- Remplacement des instructions de build par installation via packages
Compatibilité:
- Rocky Linux 8.x et 9.x
- RHEL 8.x et 9.x
- CentOS Stream 8 et 9
- AlmaLinux 8.x et 9.x
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
