code_public/ja4sentinel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
80 Commits 1 Branch 0 Tags
e9e523d8a2d89f7047673b9fb9fed3b765daf518
Commit Graph

10 Commits

Author SHA1 Message Date
toto
432509f8f4 feature: add source IP exclusion with CIDR support 
Features:
- Add exclude_source_ips configuration option
- Support single IPs (192.168.1.1) and CIDR ranges (10.0.0.0/8)
- Filter packets in parser before TLS processing
- Log exclusion configuration at startup
- New ipfilter package with IP/CIDR matching
- Unit tests for ipfilter package

Configuration example:
  exclude_source_ips:
    - "10.0.0.0/8"       # Exclude private network
    - "192.168.1.1"      # Exclude specific IP
    - "172.16.0.0/12"    # Exclude another range
    - "2001:db8::/32"    # IPv6 support

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
 2026-03-04 11:57:48 +01:00
toto
027730b360 release: version 1.1.6 - Add local IP filtering and SLL support
Some checks failed
Build RPM Package / Build RPM Packages (CentOS 7, Rocky 8/9/10) (push) Has been cancelled
Details 
Features:
- Add local_ips configuration option for filtering traffic to local machine
- Auto-detection of local IP addresses (excludes loopback 127.x.x.x, ::1)
- Support interface 'any' for capturing on all network interfaces
- Add Linux SLL (cooked capture) support for interface 'any'
- Generate BPF filter with 'dst host' for local IP filtering
- Add LinkType field to RawPacket for proper packet parsing

Testing:
- Add unit tests for local IP detection (detectLocalIPs, extractIP)
- Add unit tests for SLL packet parsing (IPv4 and IPv6)
- Update capture tests for new packetToRawPacket method

Configuration:
- Update config.yml.example with local_ips documentation
- Update RPM spec to version 1.1.6 with changelog

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
 2026-03-04 11:02:53 +01:00
Jacquin Antoine
6e5addd6d4 Change default output to Unix socket
Some checks failed
Build RPM Package / Build RPM Packages (CentOS 7, Rocky 8/9/10) (push) Has been cancelled
Details 
- config.yml.example: Unix socket enabled by default, stdout commented out
- internal/output/writers.go: Remove all internal logging from UnixSocketWriter
  and FileWriter - only LogRecord JSON data is sent to outputs
- architecture.yml: Update description to mention 'socket UNIX par défaut'
- packaging/rpm/ja4sentinel.spec: Bump version to 1.1.1, update changelog

Diagnostic logs (error, debug, warning) now only go to stdout when enabled.

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
 2026-03-02 21:19:57 +01:00
Jacquin Antoine
fd162982d9 v1.0.8: Add configurable log level and immediate service stop
Some checks failed
Build RPM Package / Build RPM Packages (CentOS 7, Rocky 8/9/10) (push) Has been cancelled
Details 
- Add log_level config option (debug, info, warn, error)
- Add JA4SENTINEL_LOG_LEVEL environment variable support
- Set TimeoutStopSec=2 for immediate stop on restart/stop
- Consolidate config files into single example (config.yml.example)
- Update RPM changelog

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
 2026-03-01 02:51:11 +01:00
Jacquin Antoine
18d2978499 feat: use log_level parameter for Unix socket output
Some checks failed
Build RPM Package / Build RPM Packages (CentOS 7, Rocky 8/9/10) (push) Has been cancelled
Details 
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
 2026-03-01 02:24:51 +01:00
Jacquin Antoine
fb45c34940 feat: add debug mode for Unix socket output
Some checks failed
Build RPM Package / Build RPM Packages (CentOS 7, Rocky 8/9/10) (push) Has been cancelled
Details 
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
 2026-03-01 02:22:05 +01:00
Jacquin Antoine
e862139fca fix: socket path to network.socket 
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
 2026-03-01 02:14:32 +01:00
Jacquin Antoine
40c3fad90e fix: unix socket path to /var/run/logcorrelator/network.sock
Some checks failed
Build RPM Package / Build RPM Packages (CentOS 7, Rocky 8/9/10) (push) Has been cancelled
Details 
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
 2026-03-01 01:44:55 +01:00
Jacquin Antoine
dfd5e49dd9 feat(config): add configurable packet channel buffer size
Some checks failed
Build DEB Package / Build DEB Package (Debian/Ubuntu) (push) Has been cancelled
Details
Build RPM Package / Build RPM Package (Rocky Linux) (push) Has been cancelled
Details 
- Add PacketBufferSize field to api.Config struct
- Add DefaultPacketBuffer constant (1000 packets)
- Add JA4SENTINEL_PACKET_BUFFER_SIZE environment variable support
- Update mergeConfigs to handle PacketBufferSize override
- Update main.go to use configurable buffer size with fallback
- Update config.yml.example with packet_buffer_size option

Allows tuning for high-traffic environments by increasing buffer size
via config file or environment variable

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
 2026-02-27 00:07:45 +01:00
Jacquin Antoine
efd4481729 feat: implémentation complète du pipeline JA4 + Docker + tests 
Nouveaux modules:
- cmd/ja4sentinel/main.go : point d'entrée avec pipeline capture→parse→fingerprint→output
- internal/config/loader.go : chargement YAML + env (JA4SENTINEL_*) + validation
- internal/tlsparse/parser.go : extraction ClientHello avec suivi d'état de flux (NEW/WAIT_CLIENT_HELLO/JA4_DONE)
- internal/fingerprint/engine.go : génération JA4/JA3 via psanford/tlsfingerprint
- internal/output/writers.go : StdoutWriter, FileWriter, UnixSocketWriter, MultiWriter

Infrastructure:
- Dockerfile (multi-stage), Dockerfile.dev, Dockerfile.test-server
- Makefile (build, test, lint, docker-build-*)
- docker-compose.test.yml pour tests d'intégration
- README.md (276 lignes) avec architecture, config, exemples

API (api/types.go):
- Ajout Close() aux interfaces Capture et Parser
- Ajout FlowTimeoutSec dans Config (défaut: 30s, env: JA4SENTINEL_FLOW_TIMEOUT)
- ServiceLog: +Timestamp, +TraceID, +ConnID
- LogRecord: champs flatten (ip_meta_*, tcp_meta_*, ja4*)
- Helper NewLogRecord() pour conversion TLSClientHello+Fingerprints→LogRecord

Architecture (architecture.yml):
- Documentation module logging + interfaces LoggerFactory/Logger
- Section service.systemd complète (unit, security, capabilities)
- Section logging.strategy (JSON lines, champs, règles)
- api.Config: +FlowTimeoutSec documenté

Fixes/cleanup:
- Suppression internal/api/types.go (consolidé dans api/types.go)
- Correction imports logging (ja4sentinel/api)
- .dockerignore / .gitignore
- config.yml.example

Tests:
- Tous les modules ont leurs tests (*_test.go)
- Tests unitaires : capture, config, fingerprint, output, tlsparse
- Tests d'intégration via docker-compose.test.yml

Build:
- Binaires dans dist/ (make build → dist/ja4sentinel)
- Docker runtime avec COPY --from=builder /app/dist/

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
 2026-02-25 20:02:52 +01:00