From f21ec81d4376a33a690bc8c222ca96fcfc7528a7 Mon Sep 17 00:00:00 2001
From: AnyVM-Tech AO <agent@anyvm.tech>
Date: Mon, 27 Apr 2026 19:36:43 +0000
Subject: [PATCH] chore(scanner): point worker bundle at
 AnyVM-Tech/anyscan-engine-c fork
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Phase 2 PR 1 of 4 of the AF_XDP integration plan (PR #65 §9.1) ships a
refactor of the scanner C source (engine.c dispatch table + --io-engine
CLI flag + PF_RING ZC dispatch fix) which lives in a fork of the third-party
upstream scanner repository:

  - Upstream:        github.com/Lorikazzzz/VulnScanner-zmap-alternative-
  - Fork:            github.com/AnyVM-Tech/anyscan-engine-c
  - Phase 2 PR 1 commit on the fork:
      AnyVM-Tech/anyscan-engine-c@998c66b on
      branch perf/portscan-afxdp-phase2-pr1

Why fork: the plan §9.1 calls out that the upstream scanner is third-party
and proposes a fork under AnyVM-Tech as the resting place for the
integration patches (AF_XDP send/receive paths in PRs 2 + 3, build
integration in PR 4, and follow-on PF_RING ZC cluster init).

This commit only updates the AnyScan-side scripts to resolve from the new
fork:

  - install-external-deps.sh:11-12 — clone URL and local checkout dir now
    default to the AnyVM-Tech fork. Both can still be overridden via the
    existing ANYSCAN_VULNSCANNER_REPO_URL / ANYSCAN_VULNSCANNER_REPO_DIR
    environment variables (no behaviour change for callers that set them).
  - package-worker-bundle.sh:519-525 — preferred lookup order is now
    `anyscan-engine-c/scanner` first, the legacy
    `VulnScanner-zmap-alternative-/scanner` directory second (kept for
    transitional dev checkouts), and `/opt/anyscan/bin/scanner` last.

What is NOT in this PR:
  - The actual AF_XDP send/receive paths (PR 2 + 3 of Phase 2).
  - The Makefile / install-external-deps.sh `USE_AF_XDP=1` build flag
    plumbing (PR 4 of Phase 2).
  - Live c6in.metal benchmarks (PR 5 of Phase 2).
  - AnyGPT submodule pointer bump.
  - Any change to runtime.env or to the AIMD rate controller.

Test plan:
  - `cargo build --workspace` (release) — clean.
  - `cargo test --workspace --no-fail-fast` — 437 tests pass (matches
    post-#66 baseline: 371 + 31 + 2 + 33).
  - `python3 -m py_compile vulnscanner-zmap-adapter.py` — clean.
  - On the scanner fork:
      - `make` (default AF_PACKET) — builds.
      - `make test` — 11 dispatch smoke tests pass.
      - `gcc -fsyntax-only -DUSE_PFRING_ZC ...` — compiles, dispatch reaches
        the ZC thread bodies.
      - `./scanner --io-engine=af_xdp` exits 1 with a clear "USE_AF_XDP=1
        not set; AF_XDP send/receive paths land in PRs 2 + 3" message.
      - `./scanner --io-engine=pfring_zc` (without USE_PFRING_ZC) exits 1
        with the equivalent compile-flag error.
      - `./scanner --io-engine=bogus` exits 1 with "Unknown --io-engine".

Refs: AnyVM-Tech/AnyScan PR #65, plan §3.1 + §3.3 + §9.1.
---
 install-external-deps.sh | 8 ++++++--
 package-worker-bundle.sh | 8 +++++++-
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/install-external-deps.sh b/install-external-deps.sh
index c376c85..e8eb6f3 100755
--- a/install-external-deps.sh
+++ b/install-external-deps.sh
@@ -8,8 +8,12 @@ RUNTIME_ENV_DIR="$(dirname "$RUNTIME_ENV_FILE")"
 LOCAL_ENV_FILE="$SCRIPT_DIR/.external-runtime.env"
 LOCAL_BOOTSTRAP_ARTIFACT_DIR="${ANYSCAN_LOCAL_BOOTSTRAP_ARTIFACT_DIR:-$REPO_ROOT/.cache/anyscan/bootstrap-artifacts}"
 
-VULNSCANNER_REPO_URL="${ANYSCAN_VULNSCANNER_REPO_URL:-https://github.com/Lorikazzzz/VulnScanner-zmap-alternative.git}"
-VULNSCANNER_REPO_DIR="${ANYSCAN_VULNSCANNER_REPO_DIR:-$REPO_ROOT/VulnScanner-zmap-alternative-}"
+# The scanner C source lives in AnyVM-Tech/anyscan-engine-c — a fork of the
+# upstream Lorikazzzz/VulnScanner-zmap-alternative- repo that AnyVM-Tech can
+# carry patches against (AF_XDP integration, PF_RING ZC dispatch fix, etc.).
+# See plans/2026-04-27-portscan-afxdp-plan-v1.md §9.1.
+VULNSCANNER_REPO_URL="${ANYSCAN_VULNSCANNER_REPO_URL:-https://github.com/AnyVM-Tech/anyscan-engine-c.git}"
+VULNSCANNER_REPO_DIR="${ANYSCAN_VULNSCANNER_REPO_DIR:-$REPO_ROOT/anyscan-engine-c}"
 VULNSCANNER_BIN_PATH="$VULNSCANNER_REPO_DIR/scanner"
 VULNSCANNER_INSTALLED_BIN="/opt/anyscan/bin/scanner"
 
diff --git a/package-worker-bundle.sh b/package-worker-bundle.sh
index 6bd655d..14a8690 100755
--- a/package-worker-bundle.sh
+++ b/package-worker-bundle.sh
@@ -517,7 +517,13 @@ main() {
     strip_binary "$bundle_root/bin/agentd"
 
     if [ -z "$SCANNER_SOURCE_BIN" ]; then
-        if [ -x "$SCRIPT_DIR/../../VulnScanner-zmap-alternative-/scanner" ]; then
+        # Prefer the AnyVM-Tech fork of the scanner C source (anyscan-engine-c)
+        # which carries the AF_XDP integration patches; fall back to the legacy
+        # upstream-clone path and the system-installed binary.
+        # See plans/2026-04-27-portscan-afxdp-plan-v1.md §9.1.
+        if [ -x "$SCRIPT_DIR/../../anyscan-engine-c/scanner" ]; then
+            SCANNER_SOURCE_BIN="$SCRIPT_DIR/../../anyscan-engine-c/scanner"
+        elif [ -x "$SCRIPT_DIR/../../VulnScanner-zmap-alternative-/scanner" ]; then
             SCANNER_SOURCE_BIN="$SCRIPT_DIR/../../VulnScanner-zmap-alternative-/scanner"
         elif [ -x /opt/anyscan/bin/scanner ]; then
             SCANNER_SOURCE_BIN="/opt/anyscan/bin/scanner"