packages/secubox-dpi/.gitignore

@@ -1,4 +0,0 @@
-# debian/rules build artifacts (Go collector + module caches)
-collector/secubox-dpi-collector
-_gocache/
-_gopath/

packages/secubox-dpi/debian/changelog

@@ -1,19 +1,3 @@
-secubox-dpi (1.1.0-1~bookworm1) bookworm; urgency=low
-
-  * #687 Phase 2/3: ship the per-device R3 cloud-exfiltration pipeline as a
-    proper package — no more manual scp deploys.
-    - Build the pure-stdlib Go collector (secubox-dpi-collector) offline for
-      arm64 in debian/rules (GOTOOLCHAIN=local, GOPROXY=off).
-    - Ship sbin/secubox-dpi-flowcap (ndpiReader capture loop) +
-      secubox-dpi-flowcap.service (auto-enabled), Nice 15 / MemoryMax 256M.
-    - GET /api/v1/dpi/exfil serves the collector state; dashboard gains the
-      "Cloud Exfiltration Watch" panel with per-device service categorization
-      (cloud/filehost/messaging/ai/media/game/social/adult).
-  * Architecture: all -> arm64 (now ships a compiled collector).
-  * Depends: libndpi-bin (provides ndpiReader); Build-Depends: golang-go.
-
- -- Gerald KERMA <devel@cybermind.fr>  Mon, 22 Jun 2026 09:30:00 +0000
-
 secubox-dpi (1.0.5-1~bookworm1) bookworm; urgency=low
 
   * Clarify Description: this is the netifyd-backed analytics layer

packages/secubox-dpi/debian/control

@@ -2,14 +2,14 @@ Source: secubox-dpi
 Section: net
 Priority: optional
 Maintainer: Gerald KERMA <devel@cybermind.fr>
-Build-Depends: debhelper-compat (= 13), golang-go (>= 2:1.22~)
+Build-Depends: debhelper-compat (= 13)
 Standards-Version: 4.6.2
 Homepage: https://cybermind.fr/secubox
 Rules-Requires-Root: no
 
 Package: secubox-dpi
-Architecture: arm64
-Depends: ${misc:Depends}, secubox-core (>= 1.0), iproute2, libndpi-bin
+Architecture: all
+Depends: ${misc:Depends}, secubox-core (>= 1.0), iproute2
 Recommends: netifyd, secubox-netifyd
 Description: SecuBox DPI Analytics — netifyd-backed app/protocol classification
  Analytics layer on top of netifyd: top applications, top protocols,

packages/secubox-dpi/debian/postinst

@@ -7,10 +7,6 @@ case "$1" in
         --home /var/lib/secubox --shell /usr/sbin/nologin secubox
     install -d -o root -g root -m 1777 /run/secubox
     install -d -o secubox -g secubox -m 755 /var/lib/secubox
-    # #687 exfil collector state dir — collector (root) writes state.json 0644,
-    # dpi API (secubox) reads it; keep 0755 so secubox can traverse.
-    install -d -o root -g root -m 0755 /var/lib/secubox/dpi
-    install -d -o root -g root -m 0755 /run/secubox/dpi
     systemctl daemon-reload
     systemctl enable secubox-dpi.service
     systemctl start  secubox-dpi.service || true

packages/secubox-dpi/debian/rules

@@ -1,34 +1,8 @@
 #!/usr/bin/make -f
-# SPDX-License-Identifier: LicenseRef-CMSD-1.0
-# SecuBox-Deb :: secubox-dpi — DPI dashboard (Python) + R3 exfil collector (Go)
-#
-# The per-device cloud-exfiltration collector (#687) is a pure-stdlib Go binary
-# cross-built for arm64, fully offline (no module download): the collector has
-# no external deps so no vendor tree is needed. GOTOOLCHAIN=local pins the build
-# to the distro Go; GOPROXY=off forbids any network. CI cross-builds the same.
-export DH_VERBOSE = 1
-
-export GOOS = linux
-export GOARCH = arm64
-export CGO_ENABLED = 0
-export GOPROXY = off
-export GOTOOLCHAIN = local
-# Keep the Go build/module cache inside the build tree (sandbox-friendly).
-export GOCACHE = $(CURDIR)/_gocache
-export GOPATH  = $(CURDIR)/_gopath
-
 %:
 	dh $@
 
-override_dh_auto_build:
-	cd collector && go build -trimpath -ldflags=-s -o secubox-dpi-collector .
-
-# The arm64 cross-binary cannot run its tests on the build host; CI runs Go
-# unit tests on the host arch instead.
-override_dh_auto_test:
-
 override_dh_auto_install:
-	# Python API + dashboard (arch-independent payload, shipped in the arm64 deb)
 	install -d debian/secubox-dpi/usr/lib/secubox/dpi/
 	cp -r api debian/secubox-dpi/usr/lib/secubox/dpi/
 	install -d debian/secubox-dpi/usr/share/secubox/www
@@ -38,15 +12,3 @@ override_dh_auto_install:
 	# Modular nginx config
 	install -d debian/secubox-dpi/etc/nginx/secubox.d
 	[ -f nginx/dpi.conf ] && cp nginx/dpi.conf debian/secubox-dpi/etc/nginx/secubox.d/ || true
-	# #687 R3 exfil pipeline: Go collector + capture loop
-	install -d debian/secubox-dpi/usr/sbin
-	install -m 0755 collector/secubox-dpi-collector debian/secubox-dpi/usr/sbin/secubox-dpi-collector
-	install -m 0755 sbin/secubox-dpi-flowcap        debian/secubox-dpi/usr/sbin/secubox-dpi-flowcap
-	# flowcap unit — installed into the tree so dh_installsystemd auto-enables it
-	install -d debian/secubox-dpi/usr/lib/systemd/system
-	install -m 0644 systemd/secubox-dpi-flowcap.service \
-	  debian/secubox-dpi/usr/lib/systemd/system/secubox-dpi-flowcap.service
-
-override_dh_auto_clean:
-	rm -f collector/secubox-dpi-collector
-	rm -rf _gocache _gopath

packages/secubox-dpi/systemd/secubox-dpi-flowcap.service

@@ -1,10 +1,10 @@
 # SPDX-License-Identifier: LicenseRef-CMSD-1.0
-# Per-device flow-DPI on the R3 tap (#687): ndpiReader → Go collector →
-# cloud-exfiltration scenarios → /var/lib/secubox/dpi/state.json (served by the
-# secubox-dpi dashboard at /api/v1/dpi/exfil).
+# Per-device flow-DPI on the R3 tap (#687, Phase 2): ndpiReader → Go collector →
+# cloud-exfiltration scenarios → /var/lib/secubox/dpi/state.json (read by the
+# secubox-dpi dashboard).
 [Unit]
 Description=SecuBox-Deb DPI flow capture + exfil collector (#687)
-After=network-online.target
+After=network-online.target secubox-toolbox-mitm-wg.service
 Wants=network-online.target
 
 [Service]
@@ -12,12 +12,12 @@ Type=simple
 ExecStart=/usr/sbin/secubox-dpi-flowcap
 Restart=always
 RestartSec=10
-# ndpiReader needs raw packet capture on wg-toolbox; nothing else.
-AmbientCapabilities=CAP_NET_RAW CAP_NET_ADMIN
-# Light on a saturated board (~1% CPU observed); bound memory + low priority.
 Nice=15
-CPUWeight=20
+# ndpiReader needs raw packet capture on wg-toolbox.
+AmbientCapabilities=CAP_NET_RAW CAP_NET_ADMIN
+# Bound memory; nDPI flow table + collector are light (~20 MB observed).
 MemoryMax=256M
+CPUWeight=20
 
 [Install]
 WantedBy=multi-user.target