remove firemon --interface option - it is a duplication of firejail --net.print

author: netblue30 <netblue30@protonmail.com> 2023-03-08 11:13:02 -0500
committer: netblue30 <netblue30@protonmail.com> 2023-03-08 11:13:02 -0500
commit: 0e48f9933c19e297b9d629b4416c7f94d411d333 (patch)
tree: c2e3b3840174410da34a63ea8de1739fd189b3d0 /src/firemon
parent: add ipv6 support in --net.print (diff)
download: firejail-0e48f9933c19e297b9d629b4416c7f94d411d333.tar.gz
firejail-0e48f9933c19e297b9d629b4416c7f94d411d333.tar.zst
firejail-0e48f9933c19e297b9d629b4416c7f94d411d333.zip
3 files changed, 1 insertions, 192 deletions
diff --git a/src/firemon/firemon.c b/src/firemon/firemon.c
index 01167e555..d82f387ff 100644
--- a/src/firemon/firemon.c
+++ b/src/firemon/firemon.c
@@ -30,7 +30,6 @@ int arg_debug = 0;
 static int arg_route = 0;
 static int arg_arp = 0;
 static int arg_tree = 0;
-static int arg_interface = 0;
 static int arg_seccomp = 0;
 static int arg_caps = 0;
 static int arg_cpu = 0;
@@ -178,13 +177,6 @@ int main(int argc, char **argv) {
                        arg_seccomp = 1;
                else if (strcmp(argv[i], "--caps") == 0)
                        arg_caps = 1;
-                else if (strcmp(argv[i], "--interface") == 0) {
-                        if (getuid() != 0) {
-                                fprintf(stderr, "Error: you need to be root to run this command\n");
-                                exit(1);
-                        }
-                        arg_interface = 1;
-                }
 #ifdef HAVE_NETWORK
                else if (strcmp(argv[i], "--route") == 0)
                        arg_route = 1;
@@ -261,13 +253,12 @@ int main(int argc, char **argv) {
        // if --name requested without other options, print all data
        if (pid && !arg_cpu && !arg_seccomp && !arg_caps && !arg_apparmor &&
-            !arg_x11 && !arg_interface && !arg_route && !arg_arp) {
+            !arg_x11  && !arg_route && !arg_arp) {
                arg_tree = 1;
                arg_cpu = 1;
                arg_seccomp = 1;
                arg_caps = 1;
                arg_x11 = 1;
-                arg_interface = 1;
                arg_route = 1;
                arg_arp = 1;
                arg_apparmor = 1;
@@ -295,10 +286,6 @@ int main(int argc, char **argv) {
                x11((pid_t) pid, print_procs);
                print_procs = 0;
        }
-        if (arg_interface && getuid() == 0) {
-                interface((pid_t) pid, print_procs);
-                print_procs = 0;
-        }
        if (arg_route) {
                route((pid_t) pid, print_procs);
                print_procs = 0;
diff --git a/src/firemon/firemon.h b/src/firemon/firemon.h
index dae071e89..8b6e75fc3 100644
--- a/src/firemon/firemon.h
+++ b/src/firemon/firemon.h
@@ -57,9 +57,6 @@ void top(void) __attribute__((noreturn));
 // list.c
 void list(void);
-// interface.c
-void interface(pid_t pid, int print_procs);
 // arp.c
 void arp(pid_t pid, int print_procs);
diff --git a/src/firemon/interface.c b/src/firemon/interface.c
deleted file mode 100644
index a8e78133b..000000000
--- a/src/firemon/interface.c
+++ /dev/null
@@ -1,175 +0,0 @@
-/*
- * Copyright (C) 2014-2023 Firejail Authors
- *
- * This file is part of firejail project
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-*/
-#include "firemon.h"
-#include "../include/gcov_wrapper.h"
-#include <sys/types.h>
-#include <sys/wait.h>
-#include <netdb.h>
-#include <arpa/inet.h>
-#include <ifaddrs.h>
-#include <net/if.h>
-#include <linux/connector.h>
-#include <linux/netlink.h>
-#include <linux/if_link.h>
-#include <linux/sockios.h>
-#include <sys/ioctl.h>
-//#include <net/route.h>
-//#include <linux/if_bridge.h>
-// print IP addresses for all interfaces
-static void net_ifprint(void) {
-        uint32_t ip;
-        uint32_t mask;
-        struct ifaddrs *ifaddr, *ifa;
-        int fd;
-        if ((fd = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
-                fprintf(stderr, "Error: cannot open AF_INET socket\n");
-                exit(1);
-        }
-        if (getifaddrs(&ifaddr) == -1)
-                errExit("getifaddrs");
-        // walk through the linked list
-        printf("  Link status:\n");
-        for (ifa = ifaddr; ifa != NULL; ifa = ifa->ifa_next) {
-                if (ifa->ifa_addr == NULL)
-                        continue;
-                if (ifa->ifa_addr->sa_family == AF_PACKET) {
-                        if (ifa->ifa_flags & IFF_RUNNING && ifa->ifa_flags & IFF_UP) {
-                                if (ifa->ifa_data != NULL) {
-                                        struct rtnl_link_stats *stats = ifa->ifa_data;
-                                        // extract mac address
-                                        struct ifreq ifr;
-                                        memset(&ifr, 0, sizeof(ifr));
-                                        strncpy(ifr.ifr_name,  ifa->ifa_name, IFNAMSIZ - 1);
-                                        int rv = ioctl (fd, SIOCGIFHWADDR, &ifr);
-                                        if (rv == 0)
-                                                printf("     %s UP, %02x:%02x:%02x:%02x:%02x:%02x\n",
-                                                        ifa->ifa_name, PRINT_MAC((unsigned char *) &ifr.ifr_hwaddr.sa_data));
-                                        else
-                                                printf("     %s UP\n", ifa->ifa_name);
-                                        printf("          tx/rx: %u/%u packets,  %u/%u bytes\n",
-                                                stats->tx_packets, stats->rx_packets,
-                                                stats->tx_bytes, stats->rx_bytes);
-                                }
-                        }
-                        else
-                                printf("     %s DOWN\n", ifa->ifa_name);
-                }
-        }
-        // walk through the linked list
-        printf("  IPv4 status:\n");
-        for (ifa = ifaddr; ifa != NULL; ifa = ifa->ifa_next) {
-                if (ifa->ifa_addr == NULL)
-                        continue;
-                if (ifa->ifa_addr->sa_family == AF_INET) {
-                        struct sockaddr_in *si = (struct sockaddr_in *) ifa->ifa_netmask;
-                        mask = ntohl(si->sin_addr.s_addr);
-                        si = (struct sockaddr_in *) ifa->ifa_addr;
-                        ip = ntohl(si->sin_addr.s_addr);
-                        char *status;
-                        if (ifa->ifa_flags & IFF_RUNNING && ifa->ifa_flags & IFF_UP)
-                                status = "UP";
-                        else
-                                status = "DOWN";
-                        printf("     %s %s, %d.%d.%d.%d/%u\n",
-                                ifa->ifa_name, status, PRINT_IP(ip), mask2bits(mask));
-                }
-        }
-        // walk through the linked list
-        printf("  IPv6 status:\n");
-        for (ifa = ifaddr; ifa != NULL; ifa = ifa->ifa_next) {
-                if (ifa->ifa_addr == NULL)
-                        continue;
-                if (ifa->ifa_addr->sa_family == AF_INET6) {
-                        char host[NI_MAXHOST];
-                        int s = getnameinfo(ifa->ifa_addr, sizeof(struct sockaddr_in6),
-                                host, NI_MAXHOST, NULL, 0, NI_NUMERICHOST);
-                        if (s == 0) {
-                                char *ptr;
-                                if ((ptr = strchr(host, '%')) != NULL)
-                                        *ptr = '\0';
-                                char *status;
-                                if (ifa->ifa_flags & IFF_RUNNING && ifa->ifa_flags & IFF_UP)
-                                        status = "UP";
-                                else
-                                        status = "DOWN";
-                                printf("     %s %s, %s\n", ifa->ifa_name, status, host);
-                        }
-                }
-        }
-        freeifaddrs(ifaddr);
-        close(fd);
-}
-static void print_sandbox(pid_t pid) {
-        pid_t child = fork();
-        if (child == -1)
-                return;
-        if (child == 0) {
-                int rv = join_namespace(pid, "net");
-                if (rv)
-                        return;
-                net_ifprint();
-                __gcov_flush();
-                _exit(0);
-        }
-        // wait for the child to finish
-        waitpid(child, NULL, 0);
-}
-void interface(pid_t pid, int print_procs) {
-        pid_read(pid); // a pid of 0 will include all processes
-        // print processes
-        int i;
-        for (i = 0; i < max_pids; i++) {
-                if (pids[i].level == 1) {
-                        if (print_procs || pid == 0)
-                                pid_print_list(i, arg_wrap);
-                        int child = find_child(i);
-                        if (child != -1) {
-                                print_sandbox(child);
-                        }
-                }
-        }
-        printf("\n");
-}
author	netblue30 <netblue30@protonmail.com>	2023-03-08 11:13:02 -0500
committer	netblue30 <netblue30@protonmail.com>	2023-03-08 11:13:02 -0500
commit	0e48f9933c19e297b9d629b4416c7f94d411d333 (patch)
tree	c2e3b3840174410da34a63ea8de1739fd189b3d0 /src/firemon
parent	add ipv6 support in --net.print (diff)
download	firejail-0e48f9933c19e297b9d629b4416c7f94d411d333.tar.gz firejail-0e48f9933c19e297b9d629b4416c7f94d411d333.tar.zst firejail-0e48f9933c19e297b9d629b4416c7f94d411d333.zip

diff --git a/src/firemon/firemon.c b/src/firemon/firemon.c index 01167e555..d82f387ff 100644 --- a/src/firemon/firemon.c +++ b/src/firemon/firemon.c
@@ -30,7 +30,6 @@ int arg_debug = 0;
30	static int arg_route = 0;	30	static int arg_route = 0;
31	static int arg_arp = 0;	31	static int arg_arp = 0;
32	static int arg_tree = 0;	32	static int arg_tree = 0;
33	static int arg_interface = 0;
34	static int arg_seccomp = 0;	33	static int arg_seccomp = 0;
35	static int arg_caps = 0;	34	static int arg_caps = 0;
36	static int arg_cpu = 0;	35	static int arg_cpu = 0;
@@ -178,13 +177,6 @@ int main(int argc, char **argv) {
178	arg_seccomp = 1;	177	arg_seccomp = 1;
179	else if (strcmp(argv[i], "--caps") == 0)	178	else if (strcmp(argv[i], "--caps") == 0)
180	arg_caps = 1;	179	arg_caps = 1;
181	else if (strcmp(argv[i], "--interface") == 0) {
182	if (getuid() != 0) {
183	fprintf(stderr, "Error: you need to be root to run this command\n");
184	exit(1);
185	}
186	arg_interface = 1;
187	}
188	#ifdef HAVE_NETWORK	180	#ifdef HAVE_NETWORK
189	else if (strcmp(argv[i], "--route") == 0)	181	else if (strcmp(argv[i], "--route") == 0)
190	arg_route = 1;	182	arg_route = 1;
@@ -261,13 +253,12 @@ int main(int argc, char **argv) {
261		253
262	// if --name requested without other options, print all data	254	// if --name requested without other options, print all data
263	if (pid && !arg_cpu && !arg_seccomp && !arg_caps && !arg_apparmor &&	255	if (pid && !arg_cpu && !arg_seccomp && !arg_caps && !arg_apparmor &&
264	!arg_x11 && !arg_interface && !arg_route && !arg_arp) {	256	!arg_x11 && !arg_route && !arg_arp) {
265	arg_tree = 1;	257	arg_tree = 1;
266	arg_cpu = 1;	258	arg_cpu = 1;
267	arg_seccomp = 1;	259	arg_seccomp = 1;
268	arg_caps = 1;	260	arg_caps = 1;
269	arg_x11 = 1;	261	arg_x11 = 1;
270	arg_interface = 1;
271	arg_route = 1;	262	arg_route = 1;
272	arg_arp = 1;	263	arg_arp = 1;
273	arg_apparmor = 1;	264	arg_apparmor = 1;
@@ -295,10 +286,6 @@ int main(int argc, char **argv) {
295	x11((pid_t) pid, print_procs);	286	x11((pid_t) pid, print_procs);
296	print_procs = 0;	287	print_procs = 0;
297	}	288	}
298	if (arg_interface && getuid() == 0) {
299	interface((pid_t) pid, print_procs);
300	print_procs = 0;
301	}
302	if (arg_route) {	289	if (arg_route) {
303	route((pid_t) pid, print_procs);	290	route((pid_t) pid, print_procs);
304	print_procs = 0;	291	print_procs = 0;


diff --git a/src/firemon/firemon.h b/src/firemon/firemon.h index dae071e89..8b6e75fc3 100644 --- a/src/firemon/firemon.h +++ b/src/firemon/firemon.h
@@ -57,9 +57,6 @@ void top(void) __attribute__((noreturn));
57	// list.c	57	// list.c
58	void list(void);	58	void list(void);
59		59
60	// interface.c
61	void interface(pid_t pid, int print_procs);
62
63	// arp.c	60	// arp.c
64	void arp(pid_t pid, int print_procs);	61	void arp(pid_t pid, int print_procs);
65		62


diff --git a/src/firemon/interface.c b/src/firemon/interface.c deleted file mode 100644 index a8e78133b..000000000 --- a/src/firemon/interface.c +++ /dev/null
@@ -1,175 +0,0 @@
1	/*
2	* Copyright (C) 2014-2023 Firejail Authors
3	*
4	* This file is part of firejail project
5	*
6	* This program is free software; you can redistribute it and/or modify
7	* it under the terms of the GNU General Public License as published by
8	* the Free Software Foundation; either version 2 of the License, or
9	* (at your option) any later version.
10	*
11	* This program is distributed in the hope that it will be useful,
12	* but WITHOUT ANY WARRANTY; without even the implied warranty of
13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14	* GNU General Public License for more details.
15	*
16	* You should have received a copy of the GNU General Public License along
17	* with this program; if not, write to the Free Software Foundation, Inc.,
18	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
19	*/
20	#include "firemon.h"
21	#include "../include/gcov_wrapper.h"
22	#include <sys/types.h>
23	#include <sys/wait.h>
24	#include <netdb.h>
25	#include <arpa/inet.h>
26	#include <ifaddrs.h>
27	#include <net/if.h>
28	#include <linux/connector.h>
29	#include <linux/netlink.h>
30	#include <linux/if_link.h>
31	#include <linux/sockios.h>
32	#include <sys/ioctl.h>
33
34	//#include <net/route.h>
35	//#include <linux/if_bridge.h>
36
37	// print IP addresses for all interfaces
38	static void net_ifprint(void) {
39	uint32_t ip;
40	uint32_t mask;
41	struct ifaddrs ifaddr, ifa;
42
43	int fd;
44	if ((fd = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
45	fprintf(stderr, "Error: cannot open AF_INET socket\n");
46	exit(1);
47	}
48
49	if (getifaddrs(&ifaddr) == -1)
50	errExit("getifaddrs");
51
52	// walk through the linked list
53	printf(" Link status:\n");
54	for (ifa = ifaddr; ifa != NULL; ifa = ifa->ifa_next) {
55	if (ifa->ifa_addr == NULL)
56	continue;
57
58	if (ifa->ifa_addr->sa_family == AF_PACKET) {
59	if (ifa->ifa_flags & IFF_RUNNING && ifa->ifa_flags & IFF_UP) {
60	if (ifa->ifa_data != NULL) {
61	struct rtnl_link_stats *stats = ifa->ifa_data;
62
63	// extract mac address
64	struct ifreq ifr;
65	memset(&ifr, 0, sizeof(ifr));
66	strncpy(ifr.ifr_name, ifa->ifa_name, IFNAMSIZ - 1);
67	int rv = ioctl (fd, SIOCGIFHWADDR, &ifr);
68
69	if (rv == 0)
70	printf(" %s UP, %02x:%02x:%02x:%02x:%02x:%02x\n",
71	ifa->ifa_name, PRINT_MAC((unsigned char *) &ifr.ifr_hwaddr.sa_data));
72	else
73	printf(" %s UP\n", ifa->ifa_name);
74
75	printf(" tx/rx: %u/%u packets, %u/%u bytes\n",
76	stats->tx_packets, stats->rx_packets,
77	stats->tx_bytes, stats->rx_bytes);
78	}
79	}
80	else
81	printf(" %s DOWN\n", ifa->ifa_name);
82	}
83	}
84
85
86	// walk through the linked list
87	printf(" IPv4 status:\n");
88	for (ifa = ifaddr; ifa != NULL; ifa = ifa->ifa_next) {
89	if (ifa->ifa_addr == NULL)
90	continue;
91
92	if (ifa->ifa_addr->sa_family == AF_INET) {
93	struct sockaddr_in si = (struct sockaddr_in ) ifa->ifa_netmask;
94	mask = ntohl(si->sin_addr.s_addr);
95	si = (struct sockaddr_in *) ifa->ifa_addr;
96	ip = ntohl(si->sin_addr.s_addr);
97
98	char *status;
99	if (ifa->ifa_flags & IFF_RUNNING && ifa->ifa_flags & IFF_UP)
100	status = "UP";
101	else
102	status = "DOWN";
103
104	printf(" %s %s, %d.%d.%d.%d/%u\n",
105	ifa->ifa_name, status, PRINT_IP(ip), mask2bits(mask));
106	}
107	}
108
109
110	// walk through the linked list
111	printf(" IPv6 status:\n");
112	for (ifa = ifaddr; ifa != NULL; ifa = ifa->ifa_next) {
113	if (ifa->ifa_addr == NULL)
114	continue;
115
116	if (ifa->ifa_addr->sa_family == AF_INET6) {
117	char host[NI_MAXHOST];
118	int s = getnameinfo(ifa->ifa_addr, sizeof(struct sockaddr_in6),
119	host, NI_MAXHOST, NULL, 0, NI_NUMERICHOST);
120	if (s == 0) {
121	char *ptr;
122	if ((ptr = strchr(host, '%')) != NULL)
123	*ptr = '\0';
124	char *status;
125	if (ifa->ifa_flags & IFF_RUNNING && ifa->ifa_flags & IFF_UP)
126	status = "UP";
127	else
128	status = "DOWN";
129
130	printf(" %s %s, %s\n", ifa->ifa_name, status, host);
131	}
132	}
133	}
134
135	freeifaddrs(ifaddr);
136	close(fd);
137	}
138
139	static void print_sandbox(pid_t pid) {
140	pid_t child = fork();
141	if (child == -1)
142	return;
143
144	if (child == 0) {
145	int rv = join_namespace(pid, "net");
146	if (rv)
147	return;
148	net_ifprint();
149
150	__gcov_flush();
151
152	_exit(0);
153	}
154
155	// wait for the child to finish
156	waitpid(child, NULL, 0);
157	}
158
159	void interface(pid_t pid, int print_procs) {
160	pid_read(pid); // a pid of 0 will include all processes
161
162	// print processes
163	int i;
164	for (i = 0; i < max_pids; i++) {
165	if (pids[i].level == 1) {
166	if (print_procs \|\| pid == 0)
167	pid_print_list(i, arg_wrap);
168	int child = find_child(i);
169	if (child != -1) {
170	print_sandbox(child);
171	}
172	}
173	}
174	printf("\n");
175	}