nettrace

author: netblue30 <netblue30@protonmail.com> 2021-12-28 12:19:44 -0500
committer: netblue30 <netblue30@protonmail.com> 2021-12-28 12:19:44 -0500
commit: e9843593cbf107de641801bd9871c357e967dc99 (patch)
tree: 1f03b0d93178b9605c73e05c2ccf66a8945fe4b9
parent: nettrace/netlock (diff)
download: firejail-e9843593cbf107de641801bd9871c357e967dc99.tar.gz
firejail-e9843593cbf107de641801bd9871c357e967dc99.tar.zst
firejail-e9843593cbf107de641801bd9871c357e967dc99.zip
5 files changed, 44 insertions, 0 deletions
diff --git a/.gitignore b/.gitignore
index ace86f218..29e0b63d6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -43,6 +43,7 @@ src/profstats/profstats
 src/bash_completion/firejail.bash_completion
 src/zsh_completion/_firejail
 src/jailcheck/jailcheck
+src/fnettrace/fnettrace
 uids.h
 seccomp
 seccomp.debug
diff --git a/README.md b/README.md
index b16b55d6a..e52a02d34 100644
--- a/README.md
+++ b/README.md
@@ -296,6 +296,24 @@ INTRUSION DETECTION SYSTEM (IDS)
              as it contains running processes.
 `````
+### Network Monitor
+`````
+       --nettrace=name|pid
+              Monitor TCP and UDP traffic coming into the sandbox specified by
+              name or pid. Only networked sandboxes  created  with  --net  are
+              supported.
+              $ firejail --nettrace=browser
+              9.9.9.9:53              =>      192.168.1.60    UDP: 122 B/sec
+              72.21.91.29:80          =>      192.168.1.60    TCP: 257 B/sec
+              80.92.126.65:123        =>      192.168.1.60    UDP: 25 B/sec
+              69.30.241.50:443        =>      192.168.1.60    TCP: 88 KB/sec
+              140.82.112.4:443        =>      192.168.1.60    TCP: 1861 B/sec
+              (14 streams in the last one minute)
+`````
 ### Profile Statistics
 A small tool to print profile statistics. Compile and install as usual. The tool is installed in /usr/lib/firejail directory.
diff --git a/RELNOTES b/RELNOTES
index e16099b39..d0211ce27 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -5,6 +5,7 @@ firejail (0.9.67) baseline; urgency=low
  * deterministic shutdown (--deterministic-exit-code,
     --deterministic-shutdown) (#4635)
  * noprinters command (#4607)
+  * network monitor (--nettrace)
  * build: firecfg.config is now installed to /etc/firejail/ (#4669)
  * removed --disable-whitelist at compile time
  * removed whitelist=yes/no in /etc/firejail/firejail.config
diff --git a/src/firejail/usage.c b/src/firejail/usage.c
index 4a0f05528..b993cb80c 100644
--- a/src/firejail/usage.c
+++ b/src/firejail/usage.c
@@ -150,6 +150,7 @@ static char *usage_str =
        "\tparent interfaces.\n"
        "    --netns=name - Run the program in a named, persistent network namespace.\n"
        "    --netstats - monitor network statistics.\n"
+        "    --nettrace - monitor TCP and UDP traffic coming into the sandbox.\n"
 #endif
        "    --nice=value - set nice value.\n"
        "    --no3d - disable 3D hardware acceleration.\n"
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index 09e7165a7..b366fed7c 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -1479,6 +1479,29 @@ PID  User    RX(KB/s) TX(KB/s) Command
 1294 netblue 53.355   1.473    firejail \-\-net=eth0 firefox
 .br
 7383 netblue 9.045    0.112    firejail \-\-net=eth0 transmission
+.TP
+\fB\-\-nettrace=name|pid
+Monitor TCP and UDP traffic coming into the sandbox specified by name or pid. Only networked sandboxes
+created with \-\-net are supported.
+.br
+.br
+$ firejail --nettrace=browser
+.br
+9.9.9.9:53              =>      192.168.1.60    UDP: 122 B/sec
+.br
+72.21.91.29:80          =>      192.168.1.60    TCP: 257 B/sec
+.br
+80.92.126.65:123        =>      192.168.1.60    UDP: 25 B/sec
+.br
+69.30.241.50:443        =>      192.168.1.60    TCP: 88 KB/sec
+.br
+140.82.112.4:443        =>      192.168.1.60    TCP: 1861 B/sec
+.br
+.br
+(14 streams in the last one minute)
 #endif
 .TP
 \fB\-\-nice=value
author	netblue30 <netblue30@protonmail.com>	2021-12-28 12:19:44 -0500
committer	netblue30 <netblue30@protonmail.com>	2021-12-28 12:19:44 -0500
commit	e9843593cbf107de641801bd9871c357e967dc99 (patch)
tree	1f03b0d93178b9605c73e05c2ccf66a8945fe4b9
parent	nettrace/netlock (diff)
download	firejail-e9843593cbf107de641801bd9871c357e967dc99.tar.gz firejail-e9843593cbf107de641801bd9871c357e967dc99.tar.zst firejail-e9843593cbf107de641801bd9871c357e967dc99.zip

diff --git a/.gitignore b/.gitignore index ace86f218..29e0b63d6 100644 --- a/.gitignore +++ b/.gitignore
@@ -43,6 +43,7 @@ src/profstats/profstats
43	src/bash_completion/firejail.bash_completion	43	src/bash_completion/firejail.bash_completion
44	src/zsh_completion/_firejail	44	src/zsh_completion/_firejail
45	src/jailcheck/jailcheck	45	src/jailcheck/jailcheck
		46	src/fnettrace/fnettrace
46	uids.h	47	uids.h
47	seccomp	48	seccomp
48	seccomp.debug	49	seccomp.debug


diff --git a/README.md b/README.md index b16b55d6a..e52a02d34 100644 --- a/README.md +++ b/README.md
@@ -296,6 +296,24 @@ INTRUSION DETECTION SYSTEM (IDS)
296	as it contains running processes.	296	as it contains running processes.
297	`````	297	`````
298		298
		299	### Network Monitor
		300	`````
		301	--nettrace=name\|pid
		302	Monitor TCP and UDP traffic coming into the sandbox specified by
		303	name or pid. Only networked sandboxes created with --net are
		304	supported.
		305
		306	$ firejail --nettrace=browser
		307	9.9.9.9:53 => 192.168.1.60 UDP: 122 B/sec
		308	72.21.91.29:80 => 192.168.1.60 TCP: 257 B/sec
		309	80.92.126.65:123 => 192.168.1.60 UDP: 25 B/sec
		310	69.30.241.50:443 => 192.168.1.60 TCP: 88 KB/sec
		311	140.82.112.4:443 => 192.168.1.60 TCP: 1861 B/sec
		312
		313	(14 streams in the last one minute)
		314
		315	`````
		316
299	### Profile Statistics	317	### Profile Statistics
300		318
301	A small tool to print profile statistics. Compile and install as usual. The tool is installed in /usr/lib/firejail directory.	319	A small tool to print profile statistics. Compile and install as usual. The tool is installed in /usr/lib/firejail directory.


diff --git a/RELNOTES b/RELNOTES index e16099b39..d0211ce27 100644 --- a/RELNOTES +++ b/RELNOTES
@@ -5,6 +5,7 @@ firejail (0.9.67) baseline; urgency=low
5	* deterministic shutdown (--deterministic-exit-code,	5	* deterministic shutdown (--deterministic-exit-code,
6	--deterministic-shutdown) (#4635)	6	--deterministic-shutdown) (#4635)
7	* noprinters command (#4607)	7	* noprinters command (#4607)
		8	* network monitor (--nettrace)
8	* build: firecfg.config is now installed to /etc/firejail/ (#4669)	9	* build: firecfg.config is now installed to /etc/firejail/ (#4669)
9	* removed --disable-whitelist at compile time	10	* removed --disable-whitelist at compile time
10	* removed whitelist=yes/no in /etc/firejail/firejail.config	11	* removed whitelist=yes/no in /etc/firejail/firejail.config


diff --git a/src/firejail/usage.c b/src/firejail/usage.c index 4a0f05528..b993cb80c 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c
@@ -150,6 +150,7 @@ static char *usage_str =
150	"\tparent interfaces.\n"	150	"\tparent interfaces.\n"
151	" --netns=name - Run the program in a named, persistent network namespace.\n"	151	" --netns=name - Run the program in a named, persistent network namespace.\n"
152	" --netstats - monitor network statistics.\n"	152	" --netstats - monitor network statistics.\n"
		153	" --nettrace - monitor TCP and UDP traffic coming into the sandbox.\n"
153	#endif	154	#endif
154	" --nice=value - set nice value.\n"	155	" --nice=value - set nice value.\n"
155	" --no3d - disable 3D hardware acceleration.\n"	156	" --no3d - disable 3D hardware acceleration.\n"


diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 09e7165a7..b366fed7c 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt
@@ -1479,6 +1479,29 @@ PID User RX(KB/s) TX(KB/s) Command
1479	1294 netblue 53.355 1.473 firejail \-\-net=eth0 firefox	1479	1294 netblue 53.355 1.473 firejail \-\-net=eth0 firefox
1480	.br	1480	.br
1481	7383 netblue 9.045 0.112 firejail \-\-net=eth0 transmission	1481	7383 netblue 9.045 0.112 firejail \-\-net=eth0 transmission
		1482	.TP
		1483	\fB\-\-nettrace=name\|pid
		1484	Monitor TCP and UDP traffic coming into the sandbox specified by name or pid. Only networked sandboxes
		1485	created with \-\-net are supported.
		1486	.br
		1487
		1488	.br
		1489	$ firejail --nettrace=browser
		1490	.br
		1491	9.9.9.9:53 => 192.168.1.60 UDP: 122 B/sec
		1492	.br
		1493	72.21.91.29:80 => 192.168.1.60 TCP: 257 B/sec
		1494	.br
		1495	80.92.126.65:123 => 192.168.1.60 UDP: 25 B/sec
		1496	.br
		1497	69.30.241.50:443 => 192.168.1.60 TCP: 88 KB/sec
		1498	.br
		1499	140.82.112.4:443 => 192.168.1.60 TCP: 1861 B/sec
		1500	.br
		1501
		1502	.br
		1503	(14 streams in the last one minute)
		1504
1482	#endif	1505	#endif
1483	.TP	1506	.TP
1484	\fB\-\-nice=value	1507	\fB\-\-nice=value