FEATURE:
- Add exclude_source_ips configuration option
- Support single IPs and CIDR ranges (IPv4/IPv6)
- Filter packets before TLS processing
- New ipfilter package with unit tests
- Log exclusion configuration at startup
Packaging:
- Update RPM spec to version 1.1.9
- Update changelog with feature details
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
Features:
- Add exclude_source_ips configuration option
- Support single IPs (192.168.1.1) and CIDR ranges (10.0.0.0/8)
- Filter packets in parser before TLS processing
- Log exclusion configuration at startup
- New ipfilter package with IP/CIDR matching
- Unit tests for ipfilter package
Configuration example:
exclude_source_ips:
- "10.0.0.0/8" # Exclude private network
- "192.168.1.1" # Exclude specific IP
- "172.16.0.0/12" # Exclude another range
- "2001:db8::/32" # IPv6 support
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
- Restore all changelog entries from versions 1.0.0 to 1.1.7
- Keep single %changelog section (no duplicates)
- Preserves complete package history
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
Features:
- Add local_ips configuration option for filtering traffic to local machine
- Auto-detection of local IP addresses (excludes loopback 127.x.x.x, ::1)
- Support interface 'any' for capturing on all network interfaces
- Add Linux SLL (cooked capture) support for interface 'any'
- Generate BPF filter with 'dst host' for local IP filtering
- Add LinkType field to RawPacket for proper packet parsing
Testing:
- Add unit tests for local IP detection (detectLocalIPs, extractIP)
- Add unit tests for SLL packet parsing (IPv4 and IPv6)
- Update capture tests for new packetToRawPacket method
Configuration:
- Update config.yml.example with local_ips documentation
- Update RPM spec to version 1.1.6 with changelog
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
Bugfix:
- Use unixgram (DGRAM) instead of unix (STREAM) for socket output
- Fixes "protocol wrong type for socket" error
- DGRAM sockets are connectionless, better suited for log shipping
Packaging:
- Update RPM spec to version 1.1.5
- Update changelog
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
- Change net.DialTimeout from "unix" to "unixgram"
- Fixes "protocol wrong type for socket" error
- DGRAM sockets are connectionless, better suited for log shipping
- Update test to use net.ListenUnixgram instead of net.Listen
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
- Add FileWriterOption type and WithFileErrorCallback option
- Add reportError method to FileWriter for error reporting
- Update Builder to propagate error callback to file writers
- File write errors now logged via the same callback mechanism
- Helps diagnose permission or disk space issues
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
- config.yml.example: Unix socket enabled by default, stdout commented out
- internal/output/writers.go: Remove all internal logging from UnixSocketWriter
and FileWriter - only LogRecord JSON data is sent to outputs
- architecture.yml: Update description to mention 'socket UNIX par défaut'
- packaging/rpm/ja4sentinel.spec: Bump version to 1.1.1, update changelog
Diagnostic logs (error, debug, warning) now only go to stdout when enabled.
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
- Add Reopenable interface in api/types.go for log rotation support
- Add FileWriter.Reopen() method to reopen log files after rotation
- Add MultiWriter.Reopen() method to propagate rotation to all writers
- Update main.go to handle SIGHUP signal for systemctl reload
- Add logrotate configuration file (packaging/logrotate/ja4sentinel)
- Update systemd service with ExecReload for graceful rotation
- Update architecture.yml with logrotate documentation
- Update RPM spec and Dockerfile.package to include logrotate files
- Bump version to 1.1.0
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
New features:
- Extract SNI (Server Name Indication) from TLS ClientHello
- Extract ALPN (Application-Layer Protocol Negotiation) protocols
- Detect TLS version from ClientHello using tlsfingerprint library
- Add ConnID field for TCP flow correlation
- Add SensorID field for multi-sensor deployments
- Add SynToCHMs timing field for behavioral detection
- Add AsyncBuffer configuration for output queue sizing
Architecture changes:
- Remove JA4Hash from LogRecord (JA4 format includes its own hash portions)
- Update api.TLSClientHello with new TLS metadata fields
- Update api.LogRecord with correlation, TLS, and timing fields
- Ensure 100% compliance with architecture.yml specification
Tests:
- Add unit tests for TLS extension extraction (SNI, ALPN, Version)
- Update tests for new LogRecord schema without JA4Hash
- Add tests for AsyncBuffer configuration
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
The %{spec_version} macro was being referenced in the Version field
before it was defined, causing RPM packages to show literal '%{spec_version}'
instead of the actual version number.
Moving the macro definition to the top of the spec file ensures it's
expanded correctly during rpmbuild.
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
- Bump version from 1.0.2 to 1.0.4
- Add changelog entry for sdnotify integration
- Author: Jacquin Antoine <rpm@arkel.fr>
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
- Add github.com/coreos/go-systemd/v22/daemon dependency
- Signal SdNotifyReady after configuration is loaded
- Start watchdog goroutine that pings systemd every WatchdogSec/2
- Signal SdNotifyStopping during graceful shutdown
- Update systemd unit file:
- Type=notify (instead of simple)
- WatchdogSec=30 (auto-restart if service hangs)
- NotifyAccess=main (only main process can notify)
Benefits:
- systemd knows when service is truly ready
- Automatic detection of hung/frozen service
- Better integration with systemd supervision
- More accurate service status reporting
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
- Update Makefile to extract PKG_VERSION from spec file
Reads '%define spec_version 1.0.2' as default version
- Update spec file with proper version macro logic
Version field now uses %{spec_version}
Supports override via --define 'build_version X.Y.Z'
Falls back to 1.0.2 when build_version is not defined
This ensures RPM packages are built with the correct version
defined in the spec file (1.0.2) instead of hardcoded 1.0.0.
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
- Restore api.DefaultConfig() - used by internal/config/loader.go
- Restore DefaultInterface, DefaultPort, DefaultBPFFilter constants
- Restore DefaultFlowTimeout, DefaultPacketBuffer constants
- Remove unused LogLevel* constants (never referenced in codebase)
docs(architecture.yml): update packaging and service sections
- Update packaging tool from fpm to rpmbuild
- Remove CentOS 7 / RHEL 7 from target distros (EOL)
- Update rpm_builder stage description for rpmbuild workflow
- Add spec_file section with version_macro documentation
- Update service to run as root (required for packet capture)
- Update security sandboxing to match current systemd unit
- Remove pid_file (not used)
- Update binary_path from /usr/local/bin to /usr/bin
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
- Change systemd service to run as root instead of ja4sentinel user
- Remove user/group creation from RPM spec (%pre script)
- Update %post to set root:root ownership on directories
- Adjust security hardening for root execution (ProtectSystem=strict)
- Add ReadWritePaths for writable directories
Fixes: systemd error 'Failed at step USER spawning /usr/bin/ja4sentinel: No such process'
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
- Declare ARG VERSION in rpm-builder stage for FPM to access
- Add packages/ directory to .gitignore (build artifacts)
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
- Version: 1.0.1 → 1.0.2
- libpcap >= 1.9.0 (suppression support CentOS 7)
- Mise à jour du changelog RPM
- Description mise à jour (Rocky/Alma/RHEL 8+)
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
- CentOS 7 n'est plus supporté (EOL en juin 2024)
- Minimum requis : Rocky Linux 8 / AlmaLinux 8 / RHEL 8
- Nettoyage des fichiers RPM el7
- Mise à jour de la documentation
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
- Ajout de usr/lib/systemd/system/ja4sentinel.service dans les packages fpm
- Correction du COPY pour utiliser le chemin local au lieu du builder
- Testé et validé sur Rocky Linux 9
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
- Suppression complète du support DEB (Debian/Ubuntu)
- Builder Rocky Linux 9 pour compatibilité binaire maximale
- Compilation dynamique avec libpcap comme dépendance runtime
- Activation du dépôt CRB pour libpcap-devel
- RPM générés pour el7, el8, el9, el10
- Mise à jour documentation et workflows GitHub Actions
Fix: erreur 'libpcap.so.0.8: cannot open shared object file' sur Rocky Linux 9
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
