diff options
author | 2022-01-18 14:14:44 -0500 | |
---|---|---|
committer | 2022-01-18 14:14:44 -0500 | |
commit | 4dd1e92ba1c0687d3f5860ccc58c80d28c8905b8 (patch) | |
tree | 49fc769149cbc3a343cee46838c6a19c9e4145f3 /src/fnettrace | |
parent | gitlab-ci: fix debian_ci build (dh_missing hostnames) (#4865) (diff) | |
download | firejail-4dd1e92ba1c0687d3f5860ccc58c80d28c8905b8.tar.gz firejail-4dd1e92ba1c0687d3f5860ccc58c80d28c8905b8.tar.zst firejail-4dd1e92ba1c0687d3f5860ccc58c80d28c8905b8.zip |
nettrace fixes
Diffstat (limited to 'src/fnettrace')
-rw-r--r-- | src/fnettrace/fnettrace.h | 9 | ||||
-rw-r--r-- | src/fnettrace/hostnames | 2 | ||||
-rw-r--r-- | src/fnettrace/main.c | 72 | ||||
-rw-r--r-- | src/fnettrace/radix.c | 52 |
4 files changed, 106 insertions, 29 deletions
diff --git a/src/fnettrace/fnettrace.h b/src/fnettrace/fnettrace.h index 59b9618a9..66b7378da 100644 --- a/src/fnettrace/fnettrace.h +++ b/src/fnettrace/fnettrace.h | |||
@@ -29,11 +29,10 @@ | |||
29 | #include <stdarg.h> | 29 | #include <stdarg.h> |
30 | //#define DEBUG 1 | 30 | //#define DEBUG 1 |
31 | 31 | ||
32 | //#define NETLOCK_INTERVAL 15 | 32 | #define NETLOCK_INTERVAL 60 // seconds |
33 | #define NETLOCK_INTERVAL 60 | 33 | #define DISPLAY_INTERVAL 2 // seconds |
34 | #define DISPLAY_INTERVAL 2 | 34 | #define DISPLAY_TTL 4 // display intervals (4 * 2 seconds) |
35 | #define DISPLAY_TTL 4 | 35 | #define DISPLAY_BW_UNITS 20 // length of the bandwidth bar |
36 | #define DISPLAY_BW_UNITS 20 | ||
37 | 36 | ||
38 | 37 | ||
39 | static inline void ansi_topleft(void) { | 38 | static inline void ansi_topleft(void) { |
diff --git a/src/fnettrace/hostnames b/src/fnettrace/hostnames index a808a3b09..e24ecf218 100644 --- a/src/fnettrace/hostnames +++ b/src/fnettrace/hostnames | |||
@@ -20,7 +20,7 @@ | |||
20 | # | 20 | # |
21 | # Static Internet Map | 21 | # Static Internet Map |
22 | # | 22 | # |
23 | # Unfortunately, we cannot do a hostname lookup. This will leak a lot of | 23 | # Unfortunately we cannot do a hostname lookup. This will leak a lot of |
24 | # information about what network resources we access. | 24 | # information about what network resources we access. |
25 | # A static map, helped out by geoip package available on all Linux distros, | 25 | # A static map, helped out by geoip package available on all Linux distros, |
26 | # will have to do it for now! | 26 | # will have to do it for now! |
diff --git a/src/fnettrace/main.c b/src/fnettrace/main.c index d5772328c..331311ee8 100644 --- a/src/fnettrace/main.c +++ b/src/fnettrace/main.c | |||
@@ -26,7 +26,7 @@ static int arg_netfilter = 0; | |||
26 | static char *arg_log = NULL; | 26 | static char *arg_log = NULL; |
27 | 27 | ||
28 | typedef struct hnode_t { | 28 | typedef struct hnode_t { |
29 | struct hnode_t *hnext; // used for hash table | 29 | struct hnode_t *hnext; // used for hash table and unused linked list |
30 | struct hnode_t *dnext; // used to display stremas on the screen | 30 | struct hnode_t *dnext; // used to display stremas on the screen |
31 | uint32_t ip_src; | 31 | uint32_t ip_src; |
32 | uint32_t bytes; // number of bytes received in the last display interval | 32 | uint32_t bytes; // number of bytes received in the last display interval |
@@ -45,6 +45,36 @@ HNode *htable[HMAX] = {NULL}; | |||
45 | // display linked list | 45 | // display linked list |
46 | HNode *dlist = NULL; | 46 | HNode *dlist = NULL; |
47 | 47 | ||
48 | |||
49 | // speed up malloc/free | ||
50 | #define HNODE_MAX_MALLOC 16 | ||
51 | static HNode *hnode_unused = NULL; | ||
52 | static int hnode_malloc_cnt = 0; | ||
53 | HNode *hmalloc(void) { | ||
54 | if (hnode_unused == NULL) { | ||
55 | hnode_unused = malloc(sizeof(HNode) * HNODE_MAX_MALLOC); | ||
56 | if (!hnode_unused) | ||
57 | errExit("malloc"); | ||
58 | memset(hnode_unused, 0, sizeof(HNode) * HNODE_MAX_MALLOC); | ||
59 | HNode *ptr = hnode_unused; | ||
60 | int i; | ||
61 | for ( i = 1; i < HNODE_MAX_MALLOC; i++, ptr++) | ||
62 | ptr->hnext = hnode_unused + i; | ||
63 | } | ||
64 | |||
65 | HNode *rv = hnode_unused; | ||
66 | hnode_unused = hnode_unused->hnext; | ||
67 | return rv; | ||
68 | } | ||
69 | |||
70 | void hfree(HNode *ptr) { | ||
71 | assert(ptr); | ||
72 | memset(ptr, 0, sizeof(HNode)); | ||
73 | ptr->hnext = hnode_unused; | ||
74 | hnode_unused = ptr; | ||
75 | } | ||
76 | |||
77 | |||
48 | static void hnode_add(uint32_t ip_src, uint8_t protocol, uint16_t port_src, uint32_t bytes) { | 78 | static void hnode_add(uint32_t ip_src, uint8_t protocol, uint16_t port_src, uint32_t bytes) { |
49 | uint8_t h = hash(ip_src); | 79 | uint8_t h = hash(ip_src); |
50 | 80 | ||
@@ -65,9 +95,8 @@ static void hnode_add(uint32_t ip_src, uint8_t protocol, uint16_t port_src, uint | |||
65 | #ifdef DEBUG | 95 | #ifdef DEBUG |
66 | printf("malloc %d.%d.%d.%d\n", PRINT_IP(ip_src)); | 96 | printf("malloc %d.%d.%d.%d\n", PRINT_IP(ip_src)); |
67 | #endif | 97 | #endif |
68 | HNode *hnew = malloc(sizeof(HNode)); | 98 | HNode *hnew = hmalloc(); |
69 | if (!hnew) | 99 | assert(hnew); |
70 | errExit("malloc"); | ||
71 | hnew->hostname = NULL; | 100 | hnew->hostname = NULL; |
72 | hnew->ip_src = ip_src; | 101 | hnew->ip_src = ip_src; |
73 | hnew->port_src = port_src; | 102 | hnew->port_src = port_src; |
@@ -117,7 +146,7 @@ static void hnode_free(HNode *elem) { | |||
117 | htable[h] = elem->hnext; | 146 | htable[h] = elem->hnext; |
118 | else | 147 | else |
119 | prev->hnext = elem->hnext; | 148 | prev->hnext = elem->hnext; |
120 | free(elem); | 149 | hfree(elem); |
121 | } | 150 | } |
122 | 151 | ||
123 | #ifdef DEBUG | 152 | #ifdef DEBUG |
@@ -194,14 +223,15 @@ static unsigned adjust_bandwidth(unsigned bw) { | |||
194 | 223 | ||
195 | static void hnode_print(unsigned bw) { | 224 | static void hnode_print(unsigned bw) { |
196 | assert(!arg_netfilter); | 225 | assert(!arg_netfilter); |
197 | ansi_clrscr(); | 226 | bw = (bw < 1024 * DISPLAY_INTERVAL)? 1024 * DISPLAY_INTERVAL: bw; |
198 | |||
199 | #ifdef DEBUG | 227 | #ifdef DEBUG |
200 | printf("*********************\n"); | 228 | printf("*********************\n"); |
201 | debug_dlist(); | 229 | debug_dlist(); |
202 | printf("-----------------------------\n"); | 230 | printf("-----------------------------\n"); |
203 | debug_hnode(); | 231 | debug_hnode(); |
204 | printf("*********************\n"); | 232 | printf("*********************\n"); |
233 | #else | ||
234 | ansi_clrscr(); | ||
205 | #endif | 235 | #endif |
206 | 236 | ||
207 | // get terminal size | 237 | // get terminal size |
@@ -291,6 +321,17 @@ static void hnode_print(unsigned bw) { | |||
291 | ptr = next; | 321 | ptr = next; |
292 | } | 322 | } |
293 | 323 | ||
324 | #ifdef DEBUG | ||
325 | { | ||
326 | int cnt = 0; | ||
327 | HNode *ptr = hnode_unused; | ||
328 | while (ptr) { | ||
329 | cnt++; | ||
330 | ptr = ptr->hnext; | ||
331 | } | ||
332 | printf("hnode unused %d\n", cnt); | ||
333 | } | ||
334 | #endif | ||
294 | } | 335 | } |
295 | 336 | ||
296 | static void run_trace(void) { | 337 | static void run_trace(void) { |
@@ -343,9 +384,22 @@ static void run_trace(void) { | |||
343 | 384 | ||
344 | unsigned bytes = recvfrom(sock, buf, MAX_BUF_SIZE, 0, NULL, NULL); | 385 | unsigned bytes = recvfrom(sock, buf, MAX_BUF_SIZE, 0, NULL, NULL); |
345 | if (bytes >= 20) { // size of IP header | 386 | if (bytes >= 20) { // size of IP header |
346 | bw += bytes + 14; // assume a 14 byte Ethernet layer | 387 | #ifdef DEBUG |
388 | { | ||
389 | uint32_t ip_src; | ||
390 | memcpy(&ip_src, buf + 12, 4); | ||
391 | ip_src = ntohl(ip_src); | ||
392 | |||
393 | uint32_t ip_dst; | ||
394 | memcpy(&ip_dst, buf + 16, 4); | ||
395 | ip_dst = ntohl(ip_dst); | ||
396 | printf("%d.%d.%d.%d -> %d.%d.%d.%d, %u bytes\n", PRINT_IP(ip_src), PRINT_IP(ip_dst), bytes); | ||
397 | } | ||
398 | #endif | ||
347 | // filter out loopback traffic | 399 | // filter out loopback traffic |
348 | if (buf[12] != 127) { | 400 | if (buf[12] != 127 && buf[16] != 127) { |
401 | bw += bytes + 14; // assume a 14 byte Ethernet layer | ||
402 | |||
349 | uint32_t ip_src; | 403 | uint32_t ip_src; |
350 | memcpy(&ip_src, buf + 12, 4); | 404 | memcpy(&ip_src, buf + 12, 4); |
351 | ip_src = ntohl(ip_src); | 405 | ip_src = ntohl(ip_src); |
diff --git a/src/fnettrace/radix.c b/src/fnettrace/radix.c index b9104bd39..c9493717d 100644 --- a/src/fnettrace/radix.c +++ b/src/fnettrace/radix.c | |||
@@ -34,18 +34,44 @@ typedef struct rnode_t { | |||
34 | RNode *head = 0; | 34 | RNode *head = 0; |
35 | int radix_nodes = 0; | 35 | int radix_nodes = 0; |
36 | 36 | ||
37 | // get rid of the malloc overhead | ||
38 | #define RNODE_MAX_MALLOC 128 | ||
39 | static RNode *rnode_unused = NULL; | ||
40 | static int rnode_malloc_cnt = 0; | ||
41 | static RNode *rmalloc(void) { | ||
42 | if (rnode_unused == NULL || rnode_malloc_cnt >= RNODE_MAX_MALLOC) { | ||
43 | rnode_unused = malloc(sizeof(RNode) * RNODE_MAX_MALLOC); | ||
44 | if (!rnode_unused) | ||
45 | errExit("malloc"); | ||
46 | memset(rnode_unused, 0, sizeof(RNode) * RNODE_MAX_MALLOC); | ||
47 | rnode_malloc_cnt = 0; | ||
48 | } | ||
49 | |||
50 | rnode_malloc_cnt++; | ||
51 | return rnode_unused + rnode_malloc_cnt - 1; | ||
52 | } | ||
53 | |||
54 | |||
55 | static inline char *duplicate_name(const char *name) { | ||
56 | assert(name); | ||
57 | |||
58 | if (strcmp(name, "United States") == 0) | ||
59 | return "United States"; | ||
60 | else if (strcmp(name, "Amazon") == 0) | ||
61 | return "Amazon"; | ||
62 | return strdup(name); | ||
63 | } | ||
64 | |||
37 | static inline RNode *addOne(RNode *ptr, char *name) { | 65 | static inline RNode *addOne(RNode *ptr, char *name) { |
38 | assert(ptr); | 66 | assert(ptr); |
39 | if (ptr->one) | 67 | if (ptr->one) |
40 | return ptr->one; | 68 | return ptr->one; |
41 | RNode *node = malloc(sizeof(RNode)); | 69 | RNode *node = rmalloc(); |
42 | if (!node) | 70 | assert(node); |
43 | errExit("malloc"); | ||
44 | memset(node, 0, sizeof(RNode)); | ||
45 | if (name) { | 71 | if (name) { |
46 | node->name = strdup(name); | 72 | node->name = duplicate_name(name); |
47 | if (!node->name) | 73 | if (!node->name) |
48 | errExit("strdup"); | 74 | errExit("duplicate name"); |
49 | } | 75 | } |
50 | 76 | ||
51 | ptr->one = node; | 77 | ptr->one = node; |
@@ -56,14 +82,12 @@ static inline RNode *addZero(RNode *ptr, char *name) { | |||
56 | assert(ptr); | 82 | assert(ptr); |
57 | if (ptr->zero) | 83 | if (ptr->zero) |
58 | return ptr->zero; | 84 | return ptr->zero; |
59 | RNode *node = malloc(sizeof(RNode)); | 85 | RNode *node = rmalloc(); |
60 | if (!node) | 86 | assert(node); |
61 | errExit("malloc"); | ||
62 | memset(node, 0, sizeof(RNode)); | ||
63 | if (name) { | 87 | if (name) { |
64 | node->name = strdup(name); | 88 | node->name = duplicate_name(name); |
65 | if (!node->name) | 89 | if (!node->name) |
66 | errExit("strdup"); | 90 | errExit("duplicate name"); |
67 | } | 91 | } |
68 | 92 | ||
69 | ptr->zero = node; | 93 | ptr->zero = node; |
@@ -97,9 +121,9 @@ char *radix_add(uint32_t ip, uint32_t mask, char *name) { | |||
97 | } | 121 | } |
98 | assert(ptr); | 122 | assert(ptr); |
99 | if (!ptr->name) { | 123 | if (!ptr->name) { |
100 | ptr->name = strdup(name); | 124 | ptr->name = duplicate_name(name); |
101 | if (!ptr->name) | 125 | if (!ptr->name) |
102 | errExit("strdup"); | 126 | errExit("duplicate_name"); |
103 | } | 127 | } |
104 | 128 | ||
105 | return ptr->name; | 129 | return ptr->name; |