code_public/ja4sentinel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
60 Commits 1 Branch 0 Tags
965720a18364f8ddc0b19501f159c30f6c2d9e4c
Commit Graph

24 Commits

Author SHA1 Message Date
Jacquin Antoine
965720a183 release: version 1.0.9 - Add SNI, ALPN, TLS version extraction and architecture.yml compliance
Some checks failed
Build RPM Package / Build RPM Packages (CentOS 7, Rocky 8/9/10) (push) Has been cancelled
Details 
New features:
- Extract SNI (Server Name Indication) from TLS ClientHello
- Extract ALPN (Application-Layer Protocol Negotiation) protocols
- Detect TLS version from ClientHello using tlsfingerprint library
- Add ConnID field for TCP flow correlation
- Add SensorID field for multi-sensor deployments
- Add SynToCHMs timing field for behavioral detection
- Add AsyncBuffer configuration for output queue sizing

Architecture changes:
- Remove JA4Hash from LogRecord (JA4 format includes its own hash portions)
- Update api.TLSClientHello with new TLS metadata fields
- Update api.LogRecord with correlation, TLS, and timing fields
- Ensure 100% compliance with architecture.yml specification

Tests:
- Add unit tests for TLS extension extraction (SNI, ALPN, Version)
- Update tests for new LogRecord schema without JA4Hash
- Add tests for AsyncBuffer configuration

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
 2026-03-02 19:32:16 +01:00
Jacquin Antoine
fd162982d9 v1.0.8: Add configurable log level and immediate service stop
Some checks failed
Build RPM Package / Build RPM Packages (CentOS 7, Rocky 8/9/10) (push) Has been cancelled
Details 
- Add log_level config option (debug, info, warn, error)
- Add JA4SENTINEL_LOG_LEVEL environment variable support
- Set TimeoutStopSec=2 for immediate stop on restart/stop
- Consolidate config files into single example (config.yml.example)
- Update RPM changelog

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
 2026-03-01 02:51:11 +01:00
Jacquin Antoine
d89c90dc03 release: version 1.0.7
Some checks failed
Build RPM Package / Build RPM Packages (CentOS 7, Rocky 8/9/10) (push) Has been cancelled
Details 
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
 2026-03-01 02:28:00 +01:00
Jacquin Antoine
f0276b17ab release: version 1.0.6
Some checks failed
Build RPM Package / Build RPM Packages (CentOS 7, Rocky 8/9/10) (push) Has been cancelled
Details 
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
 2026-03-01 01:49:43 +01:00
Jacquin Antoine
40c3fad90e fix: unix socket path to /var/run/logcorrelator/network.sock
Some checks failed
Build RPM Package / Build RPM Packages (CentOS 7, Rocky 8/9/10) (push) Has been cancelled
Details 
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
 2026-03-01 01:44:55 +01:00
Jacquin Antoine
a69de782cb release: version 1.0.5 - fix TCP options detection (NOP/EOL/SACK)
Some checks failed
Build RPM Package / Build RPM Packages (CentOS 7, Rocky 8/9/10) (push) Has been cancelled
Details 
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
 2026-03-01 01:27:27 +01:00
Jacquin Antoine
a3f5d9a50c fix(rpm): move version macro definition before Version field
Some checks failed
Build RPM Package / Build RPM Packages (CentOS 7, Rocky 8/9/10) (push) Has been cancelled
Details 
The %{spec_version} macro was being referenced in the Version field
before it was defined, causing RPM packages to show literal '%{spec_version}'
instead of the actual version number.

Moving the macro definition to the top of the spec file ensures it's
expanded correctly during rpmbuild.

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
 2026-03-01 01:15:24 +01:00
Jacquin Antoine
a4b691c0b3 release: version 1.0.4
Some checks failed
Build RPM Package / Build RPM Packages (CentOS 7, Rocky 8/9/10) (push) Has been cancelled
Details 
- Bump version from 1.0.2 to 1.0.4
- Add changelog entry for sdnotify integration
- Author: Jacquin Antoine <rpm@arkel.fr>

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
 2026-03-01 01:08:28 +01:00
Jacquin Antoine
dcd6bd0a94 feat: add systemd sdnotify support (ready, watchdog, stopping)
Some checks failed
Build RPM Package / Build RPM Packages (CentOS 7, Rocky 8/9/10) (push) Has been cancelled
Details 
- Add github.com/coreos/go-systemd/v22/daemon dependency
- Signal SdNotifyReady after configuration is loaded
- Start watchdog goroutine that pings systemd every WatchdogSec/2
- Signal SdNotifyStopping during graceful shutdown
- Update systemd unit file:
  - Type=notify (instead of simple)
  - WatchdogSec=30 (auto-restart if service hangs)
  - NotifyAccess=main (only main process can notify)

Benefits:
- systemd knows when service is truly ready
- Automatic detection of hung/frozen service
- Better integration with systemd supervision
- More accurate service status reporting

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
 2026-03-01 01:06:20 +01:00
Jacquin Antoine
78c9102602 fix(packaging): use version from spec file for RPM builds
Some checks failed
Build RPM Package / Build RPM Packages (CentOS 7, Rocky 8/9/10) (push) Has been cancelled
Details 
- Update Makefile to extract PKG_VERSION from spec file
  Reads '%define spec_version 1.0.2' as default version
- Update spec file with proper version macro logic
  Version field now uses %{spec_version}
  Supports override via --define 'build_version X.Y.Z'
  Falls back to 1.0.2 when build_version is not defined

This ensures RPM packages are built with the correct version
defined in the spec file (1.0.2) instead of hardcoded 1.0.0.

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
 2026-03-01 00:38:21 +01:00
Jacquin Antoine
1bf0f46ce5 chore: remove unused files and code
Some checks failed
Build RPM Package / Build RPM Packages (CentOS 7, Rocky 8/9/10) (push) Has been cancelled
Details 
- Delete obsolete RPM maintainer scripts (postinst, prerm, postrm)
  Scripts are now embedded in ja4sentinel.spec
- Delete unused RPM test script (test-rpm.sh)
  Referenced non-existent el7 builds, not integrated in CI
- Remove unused constants and functions from api/types.go:
  - DefaultInterface, DefaultPort, DefaultBPFFilter
  - DefaultFlowTimeout, DefaultPacketBuffer
  - LogLevelDebug, LogLevelInfo, LogLevelWarn, LogLevelError
  - DefaultConfig() function
- Update Makefile with RPM_DIR variable for consistency

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
 2026-03-01 00:26:48 +01:00
Jacquin Antoine
b137b3df85 fix(packaging): run service as root for packet capture
Some checks failed
Build RPM Package / Build RPM Packages (CentOS 7, Rocky 8/9/10) (push) Has been cancelled
Details 
- Change systemd service to run as root instead of ja4sentinel user
- Remove user/group creation from RPM spec (%pre script)
- Update %post to set root:root ownership on directories
- Adjust security hardening for root execution (ProtectSystem=strict)
- Add ReadWritePaths for writable directories

Fixes: systemd error 'Failed at step USER spawning /usr/bin/ja4sentinel: No such process'

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
 2026-03-01 00:14:23 +01:00
Jacquin Antoine
0eff3a77c1 refactor(packaging): migrate from fpm to rpmbuild for RPM packaging 
- Replace fpm with native rpmbuild in Dockerfile.package
- Setup proper rpmbuild directory structure (BUILD, RPMS, SOURCES, SPECS)
- Make spec file version dynamic via %{?build_version} macro
- Improve %post script with better systemd detection and error handling
- RPM now correctly uses VERSION build argument

Builds RPM packages for el8, el9, and el10 distributions.

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
 2026-03-01 00:12:44 +01:00
Jacquin Antoine
64fc0db1d9 release: mise à jour spec RPM version 1.0.2
Some checks failed
Build RPM Package / Build RPM Packages (CentOS 7, Rocky 8/9/10) (push) Has been cancelled
Details 
- Version: 1.0.1 → 1.0.2
- libpcap >= 1.9.0 (suppression support CentOS 7)
- Mise à jour du changelog RPM
- Description mise à jour (Rocky/Alma/RHEL 8+)

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
 2026-02-28 21:29:52 +01:00
Jacquin Antoine
d14d6d6bf0 chore: bump version to 1.0.1 with changelog updates
Some checks failed
Build RPM Package / Build RPM Packages (CentOS 7, Rocky 8/9/10) (push) Has been cancelled
Details 
- Update RPM spec version from 1.0.0 to 1.0.1
- Add comprehensive changelog entries for v1.0.1:
  - Configurable packet channel buffer size
  - Timestamp field in LogRecord
  - Race condition fix in packet capture
  - Strengthened TLS limits and socket timeouts
  - Improved configuration validation
  - Systemd service file inclusion in RPMs
  - Unified Docker-based packaging
  - Added unit tests and Godoc documentation

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
 2026-02-28 20:10:56 +01:00
Jacquin Antoine
0be3ea9220 refactor: packaging RPM uniquement avec builder Rocky Linux 9
Some checks failed
Build RPM Package / Build RPM Packages (CentOS 7, Rocky 8/9/10) (push) Has been cancelled
Details 
- Suppression complète du support DEB (Debian/Ubuntu)
- Builder Rocky Linux 9 pour compatibilité binaire maximale
- Compilation dynamique avec libpcap comme dépendance runtime
- Activation du dépôt CRB pour libpcap-devel
- RPM générés pour el7, el8, el9, el10
- Mise à jour documentation et workflows GitHub Actions

Fix: erreur 'libpcap.so.0.8: cannot open shared object file' sur Rocky Linux 9

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
 2026-02-28 18:15:46 +01:00
Jacquin Antoine
86649b1630 feat: generate RPM packages for CentOS 7, Rocky Linux 8/9/10
Some checks failed
Build RPM Package / Build RPM Package (Rocky Linux) (push) Has been cancelled
Details
Build DEB Package / Build DEB Package (Debian/Ubuntu) (push) Has been cancelled
Details 
- Update Dockerfile.package to build RPMs for multiple distributions
  using a unified fpm-based approach
- Add RPM maintainer scripts (postinst, prerm, postrm) for proper
  installation and service management
- Update ja4sentinel.spec for CentOS 7+ compatibility
- Add packaging/systemd/config.yml as default configuration
- Update test-rpm.sh to test installation on all 4 target distributions
- Fix CentOS 7 repository configuration (EOL - vault.centos.org)

Generated RPMs:
- el7: CentOS 7 (libpcap >= 1.4.0)
- el8: Rocky Linux 8 (libpcap >= 1.9.0)
- el9: Rocky Linux 9 (libpcap >= 1.9.0)
- el10: AlmaLinux 10 / Rocky Linux 10 (libpcap >= 1.9.0)

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
 2026-02-28 17:02:58 +01:00
Jacquin Antoine
27eaa8aa4c refactor: update packaging test scripts to use Docker directly
Some checks failed
Build DEB Package / Build DEB Package (Debian/Ubuntu) (push) Has been cancelled
Details
Build RPM Package / Build RPM Package (Rocky Linux) (push) Has been cancelled
Details 
- Remove dependency on Dockerfile.deb and Dockerfile.rpm
- Use debian:latest and rockylinux:8 containers directly
- Simplify test scripts by removing intermediate image builds
- Remove obsolete test-install-deb.sh and test-install-rpm.sh

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
 2026-02-27 16:18:15 +01:00
Jacquin Antoine
9c91884b7f refactor: remove obsolete packaging files
Some checks failed
Build DEB Package / Build DEB Package (Debian/Ubuntu) (push) Has been cancelled
Details
Build RPM Package / Build RPM Package (Rocky Linux) (push) Has been cancelled
Details 
- Remove Dockerfile.deb and Dockerfile.rpm (replaced by Dockerfile.package)
- Remove build-deb.sh and build-rpm.sh (replaced by fpm in Dockerfile.package)
- Remove test Dockerfiles and old test packages
- Keep only: deb/, rpm/, systemd/ directories with maintainer scripts

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
 2026-02-27 16:06:34 +01:00
Jacquin Antoine
9280cb545c feat: version 1.0.0 avec corrections critiques et nommage de packages 
Ajout du point d'entrée principal :
- cmd/ja4sentinel/main.go : pipeline complet avec gestion des signaux
- Intégration des modules (capture, tlsparse, fingerprint, output)
- Shutdown propre avec context.Context

Corrections du parsing TLS :
- Flow key unidirectionnel (client → serveur uniquement)
- Timeout de flux configurable via FlowTimeoutSec
- Structure ConnectionFlow simplifiée

Améliorations de l'API :
- Champs TCPMSS et TCPWScale en pointeurs (omitempty correct)
- NewLogRecord mis à jour pour les champs optionnels

Mise à jour de l'architecture :
- architecture.yml : documentation des champs optionnels
- Règles de flux unidirectionnel documentées

Système de packages :
- Version par défaut : 1.0.0
- Nommage cohérent : ja4sentinel_1.0.0_amd64.deb
- Scripts build-deb.sh et build-rpm.sh simplifiés
- Extraction correcte des checksums

Tests :
- TestFlowKey mis à jour pour le format unidirectionnel
- Tous les tests passent (go test ./...)
- go vet clean

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
 2026-02-26 23:24:42 +01:00
Jacquin Antoine
410467f099 feat: ajouter pipeline CI complet (tests, build, packages)
Some checks failed
Build DEB Package / Build DEB Package (Debian/Ubuntu) (push) Has been cancelled
Details
Build RPM Package / Build RPM Package (Rocky Linux) (push) Has been cancelled
Details 
- Ajout des cibles make ci, ci-test, ci-build, ci-package, ci-package-test
- Correction des chemins de sortie des packages (build/deb, build/rpm)
- Build RPM sur Rocky Linux 9 pour dépendances correctes (libpcap.so.1)
- Fix tests RPM (command -v au lieu de which, fallback libpcap)
- Tous les tests passent (11/11 DEB, 11/11 RPM)

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
 2026-02-25 22:43:53 +01:00
Jacquin Antoine
c62101a08e fix: Support Debian Bookworm et Ubuntu pour le package .deb 
Cible: Debian Bookworm (12) et Ubuntu 22.04+

Changes:
- packaging/Dockerfile.deb: Build via Docker avec Go 1.24
- packaging/build-deb.sh: Ajout paramètre distribution (debian/ubuntu)
- packaging/test/Dockerfile.deb: Test sur Debian Bookworm
- packaging/test/test-*.sh: Tests spécifiques Debian/Ubuntu
- .github/workflows/build-deb.yml:
  * Nom du job: 'Build DEB Package (Debian/Ubuntu)'
  * TARGET_DIST: debian:bookworm
  * Build simplifié via Docker
- Makefile: package-deb utilise Docker (cohérent avec RPM)

Compatibilité:
- Debian 11 (Bullseye)
- Debian 12 (Bookworm)
- Ubuntu 20.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 24.04 LTS

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
 2026-02-25 21:25:45 +01:00
Jacquin Antoine
6f7c5450f8 fix: Support Rocky Linux 9 pour le package RPM 
Cible: Rocky Linux 9 (compatible RHEL/CentOS)

Changes:
- packaging/Dockerfile.rpm: Build pour Rocky Linux
- packaging/build-rpm.sh: Ajout paramètre distribution (rocky/rhel/centos)
- packaging/rpm/ja4sentinel.spec:
  * Condition %if 0%{?rhel} >= 8 pour compatibilité RHEL
  * Description mise à jour avec Rocky Linux
- packaging/test/Dockerfile.rpm: Test sur Rocky Linux 9
- packaging/test/test-*.sh: Tests spécifiques Rocky Linux
- .github/workflows/build-rpm.yml:
  * Nom du job: 'Build RPM Package (Rocky Linux)'
  * TARGET_DIST: rockylinux:9
  * Simplification du build via Docker

Documentation:
- README.md: Instructions d'installation pour .rpm (Rocky/RHEL) et .deb (Debian/Ubuntu)
- Remplacement des instructions de build par installation via packages

Compatibilité:
- Rocky Linux 8.x et 9.x
- RHEL 8.x et 9.x
- CentOS Stream 8 et 9
- AlmaLinux 8.x et 9.x

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
 2026-02-25 21:17:37 +01:00
Jacquin Antoine
61bf05454e feat: CI/CD pour packages .deb et .rpm + tests d'installation 
Nouveaux workflows GitHub Actions:
- .github/workflows/build-deb.yml : Build et release DEB sur Ubuntu
- .github/workflows/build-rpm.yml : Build et release RPM sur Fedora
- Déclenchement sur tags v*, push main/master, workflow_dispatch
- Upload des artifacts et création automatique de release

Système de build de packages:
- packaging/build-deb.sh : Script de build .deb avec sanitization version
- packaging/build-rpm.sh : Script de build .rpm (via Docker)
- packaging/Dockerfile.deb : Container Ubuntu 22.04 pour build DEB
- packaging/Dockerfile.rpm : Container Go 1.24 + rpm pour build RPM

Fichiers de configuration systemd:
- packaging/systemd/ja4sentinel.service : Unit avec security hardening
  * NoNewPrivileges, ProtectSystem, ProtectHome
  * CAP_NET_RAW, CAP_NET_ADMIN pour packet capture
- packaging/systemd/config.yml : Configuration par défaut

Scripts mainteneur DEB:
- packaging/deb/postinst : Création user/group, dirs, config
- packaging/deb/prerm : Stop service avant upgrade/remove
- packaging/deb/postrm : Cleanup complet en purge

Spec file RPM:
- packaging/rpm/ja4sentinel.spec : Spec complet avec dependencies
  * Requires: systemd, libpcap
  * %pre/%post/%preun/%postun scripts

Tests d'installation dans containers:
- packaging/test/test-deb.sh : Build + test Docker Ubuntu
- packaging/test/test-rpm.sh : Build + test Docker Fedora
- packaging/test/test-install-deb.sh : 11 tests automatisés
- packaging/test/test-install-rpm.sh : 11 tests automatisés
- Dockerfile.deb/rpm : Containers de test dédiés

Makefile:
- package-deb : Build .deb
- package-rpm : Build .rpm via Docker (no-cache)
- package : Build les deux
- test-package-deb : Build + test installation DEB
- test-package-rpm : Build + test installation RPM
- test-package : Test les deux packages

Tests:
-  DEB: 11/11 tests passés (binaire, config, service, user, dirs)
-  RPM: Build réussi (3.3 MB)
- Version sanitization pour git tags (ex: efd4481-dirty → 0.0.0+efd4481-dirty)

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
 2026-02-25 21:05:23 +01:00