diff options
| author |  netblue30 <netblue30@protonmail.com> | 2022-01-18 14:14:44 -0500 |
|---|---|---|
| committer | netblue30 <netblue30@protonmail.com> | 2022-01-18 14:14:44 -0500 |
| commit | 4dd1e92ba1c0687d3f5860ccc58c80d28c8905b8 (patch) | |
| tree | 49fc769149cbc3a343cee46838c6a19c9e4145f3 /src/fnettrace | |
| parent | gitlab-ci: fix debian_ci build (dh_missing hostnames) (#4865) (diff) | |
| download | firejail-4dd1e92ba1c0687d3f5860ccc58c80d28c8905b8.tar.gz firejail-4dd1e92ba1c0687d3f5860ccc58c80d28c8905b8.tar.zst firejail-4dd1e92ba1c0687d3f5860ccc58c80d28c8905b8.zip | |
nettrace fixes
Diffstat (limited to 'src/fnettrace')
| -rw-r--r-- | src/fnettrace/fnettrace.h | 9 | ||||
| -rw-r--r-- | src/fnettrace/hostnames | 2 | ||||
| -rw-r--r-- | src/fnettrace/main.c | 72 | ||||
| -rw-r--r-- | src/fnettrace/radix.c | 52 |
4 files changed, 106 insertions, 29 deletions
diff --git a/src/fnettrace/fnettrace.h b/src/fnettrace/fnettrace.h index 59b9618a9..66b7378da 100644 --- a/src/fnettrace/fnettrace.h +++ b/src/fnettrace/fnettrace.h | |||
| @@ -29,11 +29,10 @@ | |||
| 29 | #include <stdarg.h> | 29 | #include <stdarg.h> |
| 30 | //#define DEBUG 1 | 30 | //#define DEBUG 1 |
| 31 | 31 | ||
| 32 | //#define NETLOCK_INTERVAL 15 | 32 | #define NETLOCK_INTERVAL 60 // seconds |
| 33 | #define NETLOCK_INTERVAL 60 | 33 | #define DISPLAY_INTERVAL 2 // seconds |
| 34 | #define DISPLAY_INTERVAL 2 | 34 | #define DISPLAY_TTL 4 // display intervals (4 * 2 seconds) |
| 35 | #define DISPLAY_TTL 4 | 35 | #define DISPLAY_BW_UNITS 20 // length of the bandwidth bar |
| 36 | #define DISPLAY_BW_UNITS 20 | ||
| 37 | 36 | ||
| 38 | 37 | ||
| 39 | static inline void ansi_topleft(void) { | 38 | static inline void ansi_topleft(void) { |
diff --git a/src/fnettrace/hostnames b/src/fnettrace/hostnames index a808a3b09..e24ecf218 100644 --- a/src/fnettrace/hostnames +++ b/src/fnettrace/hostnames | |||
| @@ -20,7 +20,7 @@ | |||
| 20 | # | 20 | # |
| 21 | # Static Internet Map | 21 | # Static Internet Map |
| 22 | # | 22 | # |
| 23 | # Unfortunately, we cannot do a hostname lookup. This will leak a lot of | 23 | # Unfortunately we cannot do a hostname lookup. This will leak a lot of |
| 24 | # information about what network resources we access. | 24 | # information about what network resources we access. |
| 25 | # A static map, helped out by geoip package available on all Linux distros, | 25 | # A static map, helped out by geoip package available on all Linux distros, |
| 26 | # will have to do it for now! | 26 | # will have to do it for now! |
diff --git a/src/fnettrace/main.c b/src/fnettrace/main.c index d5772328c..331311ee8 100644 --- a/src/fnettrace/main.c +++ b/src/fnettrace/main.c | |||
| @@ -26,7 +26,7 @@ static int arg_netfilter = 0; | |||
| 26 | static char *arg_log = NULL; | 26 | static char *arg_log = NULL; |
| 27 | 27 | ||
| 28 | typedef struct hnode_t { | 28 | typedef struct hnode_t { |
| 29 | struct hnode_t *hnext; // used for hash table | 29 | struct hnode_t *hnext; // used for hash table and unused linked list |
| 30 | struct hnode_t *dnext; // used to display stremas on the screen | 30 | struct hnode_t *dnext; // used to display stremas on the screen |
| 31 | uint32_t ip_src; | 31 | uint32_t ip_src; |
| 32 | uint32_t bytes; // number of bytes received in the last display interval | 32 | uint32_t bytes; // number of bytes received in the last display interval |
| @@ -45,6 +45,36 @@ HNode *htable[HMAX] = {NULL}; | |||
| 45 | // display linked list | 45 | // display linked list |
| 46 | HNode *dlist = NULL; | 46 | HNode *dlist = NULL; |
| 47 | 47 | ||
| 48 | |||
| 49 | // speed up malloc/free | ||
| 50 | #define HNODE_MAX_MALLOC 16 | ||
| 51 | static HNode *hnode_unused = NULL; | ||
| 52 | static int hnode_malloc_cnt = 0; | ||
| 53 | HNode *hmalloc(void) { | ||
| 54 | if (hnode_unused == NULL) { | ||
| 55 | hnode_unused = malloc(sizeof(HNode) * HNODE_MAX_MALLOC); | ||
| 56 | if (!hnode_unused) | ||
| 57 | errExit("malloc"); | ||
| 58 | memset(hnode_unused, 0, sizeof(HNode) * HNODE_MAX_MALLOC); | ||
| 59 | HNode *ptr = hnode_unused; | ||
| 60 | int i; | ||
| 61 | for ( i = 1; i < HNODE_MAX_MALLOC; i++, ptr++) | ||
| 62 | ptr->hnext = hnode_unused + i; | ||
| 63 | } | ||
| 64 | |||
| 65 | HNode *rv = hnode_unused; | ||
| 66 | hnode_unused = hnode_unused->hnext; | ||
| 67 | return rv; | ||
| 68 | } | ||
| 69 | |||
| 70 | void hfree(HNode *ptr) { | ||
| 71 | assert(ptr); | ||
| 72 | memset(ptr, 0, sizeof(HNode)); | ||
| 73 | ptr->hnext = hnode_unused; | ||
| 74 | hnode_unused = ptr; | ||
| 75 | } | ||
| 76 | |||
| 77 | |||
| 48 | static void hnode_add(uint32_t ip_src, uint8_t protocol, uint16_t port_src, uint32_t bytes) { | 78 | static void hnode_add(uint32_t ip_src, uint8_t protocol, uint16_t port_src, uint32_t bytes) { |
| 49 | uint8_t h = hash(ip_src); | 79 | uint8_t h = hash(ip_src); |
| 50 | 80 | ||
| @@ -65,9 +95,8 @@ static void hnode_add(uint32_t ip_src, uint8_t protocol, uint16_t port_src, uint | |||
| 65 | #ifdef DEBUG | 95 | #ifdef DEBUG |
| 66 | printf("malloc %d.%d.%d.%d\n", PRINT_IP(ip_src)); | 96 | printf("malloc %d.%d.%d.%d\n", PRINT_IP(ip_src)); |
| 67 | #endif | 97 | #endif |
| 68 | HNode *hnew = malloc(sizeof(HNode)); | 98 | HNode *hnew = hmalloc(); |
| 69 | if (!hnew) | 99 | assert(hnew); |
| 70 | errExit("malloc"); | ||
| 71 | hnew->hostname = NULL; | 100 | hnew->hostname = NULL; |
| 72 | hnew->ip_src = ip_src; | 101 | hnew->ip_src = ip_src; |
| 73 | hnew->port_src = port_src; | 102 | hnew->port_src = port_src; |
| @@ -117,7 +146,7 @@ static void hnode_free(HNode *elem) { | |||
| 117 | htable[h] = elem->hnext; | 146 | htable[h] = elem->hnext; |
| 118 | else | 147 | else |
| 119 | prev->hnext = elem->hnext; | 148 | prev->hnext = elem->hnext; |
| 120 | free(elem); | 149 | hfree(elem); |
| 121 | } | 150 | } |
| 122 | 151 | ||
| 123 | #ifdef DEBUG | 152 | #ifdef DEBUG |
| @@ -194,14 +223,15 @@ static unsigned adjust_bandwidth(unsigned bw) { | |||
| 194 | 223 | ||
| 195 | static void hnode_print(unsigned bw) { | 224 | static void hnode_print(unsigned bw) { |
| 196 | assert(!arg_netfilter); | 225 | assert(!arg_netfilter); |
| 197 | ansi_clrscr(); | 226 | bw = (bw < 1024 * DISPLAY_INTERVAL)? 1024 * DISPLAY_INTERVAL: bw; |
| 198 | |||
| 199 | #ifdef DEBUG | 227 | #ifdef DEBUG |
| 200 | printf("*********************\n"); | 228 | printf("*********************\n"); |
| 201 | debug_dlist(); | 229 | debug_dlist(); |
| 202 | printf("-----------------------------\n"); | 230 | printf("-----------------------------\n"); |
| 203 | debug_hnode(); | 231 | debug_hnode(); |
| 204 | printf("*********************\n"); | 232 | printf("*********************\n"); |
| 233 | #else | ||
| 234 | ansi_clrscr(); | ||
| 205 | #endif | 235 | #endif |
| 206 | 236 | ||
| 207 | // get terminal size | 237 | // get terminal size |
| @@ -291,6 +321,17 @@ static void hnode_print(unsigned bw) { | |||
| 291 | ptr = next; | 321 | ptr = next; |
| 292 | } | 322 | } |
| 293 | 323 | ||
| 324 | #ifdef DEBUG | ||
| 325 | { | ||
| 326 | int cnt = 0; | ||
| 327 | HNode *ptr = hnode_unused; | ||
| 328 | while (ptr) { | ||
| 329 | cnt++; | ||
| 330 | ptr = ptr->hnext; | ||
| 331 | } | ||
| 332 | printf("hnode unused %d\n", cnt); | ||
| 333 | } | ||
| 334 | #endif | ||
| 294 | } | 335 | } |
| 295 | 336 | ||
| 296 | static void run_trace(void) { | 337 | static void run_trace(void) { |
| @@ -343,9 +384,22 @@ static void run_trace(void) { | |||
| 343 | 384 | ||
| 344 | unsigned bytes = recvfrom(sock, buf, MAX_BUF_SIZE, 0, NULL, NULL); | 385 | unsigned bytes = recvfrom(sock, buf, MAX_BUF_SIZE, 0, NULL, NULL); |
| 345 | if (bytes >= 20) { // size of IP header | 386 | if (bytes >= 20) { // size of IP header |
| 346 | bw += bytes + 14; // assume a 14 byte Ethernet layer | 387 | #ifdef DEBUG |
| 388 | { | ||
| 389 | uint32_t ip_src; | ||
| 390 | memcpy(&ip_src, buf + 12, 4); | ||
| 391 | ip_src = ntohl(ip_src); | ||
| 392 | |||
| 393 | uint32_t ip_dst; | ||
| 394 | memcpy(&ip_dst, buf + 16, 4); | ||
| 395 | ip_dst = ntohl(ip_dst); | ||
| 396 | printf("%d.%d.%d.%d -> %d.%d.%d.%d, %u bytes\n", PRINT_IP(ip_src), PRINT_IP(ip_dst), bytes); | ||
| 397 | } | ||
| 398 | #endif | ||
| 347 | // filter out loopback traffic | 399 | // filter out loopback traffic |
| 348 | if (buf[12] != 127) { | 400 | if (buf[12] != 127 && buf[16] != 127) { |
| 401 | bw += bytes + 14; // assume a 14 byte Ethernet layer | ||
| 402 | |||
| 349 | uint32_t ip_src; | 403 | uint32_t ip_src; |
| 350 | memcpy(&ip_src, buf + 12, 4); | 404 | memcpy(&ip_src, buf + 12, 4); |
| 351 | ip_src = ntohl(ip_src); | 405 | ip_src = ntohl(ip_src); |
diff --git a/src/fnettrace/radix.c b/src/fnettrace/radix.c index b9104bd39..c9493717d 100644 --- a/src/fnettrace/radix.c +++ b/src/fnettrace/radix.c | |||
| @@ -34,18 +34,44 @@ typedef struct rnode_t { | |||
| 34 | RNode *head = 0; | 34 | RNode *head = 0; |
| 35 | int radix_nodes = 0; | 35 | int radix_nodes = 0; |
| 36 | 36 | ||
| 37 | // get rid of the malloc overhead | ||
| 38 | #define RNODE_MAX_MALLOC 128 | ||
| 39 | static RNode *rnode_unused = NULL; | ||
| 40 | static int rnode_malloc_cnt = 0; | ||
| 41 | static RNode *rmalloc(void) { | ||
| 42 | if (rnode_unused == NULL || rnode_malloc_cnt >= RNODE_MAX_MALLOC) { | ||
| 43 | rnode_unused = malloc(sizeof(RNode) * RNODE_MAX_MALLOC); | ||
| 44 | if (!rnode_unused) | ||
| 45 | errExit("malloc"); | ||
| 46 | memset(rnode_unused, 0, sizeof(RNode) * RNODE_MAX_MALLOC); | ||
| 47 | rnode_malloc_cnt = 0; | ||
| 48 | } | ||
| 49 | |||
| 50 | rnode_malloc_cnt++; | ||
| 51 | return rnode_unused + rnode_malloc_cnt - 1; | ||
| 52 | } | ||
| 53 | |||
| 54 | |||
| 55 | static inline char *duplicate_name(const char *name) { | ||
| 56 | assert(name); | ||
| 57 | |||
| 58 | if (strcmp(name, "United States") == 0) | ||
| 59 | return "United States"; | ||
| 60 | else if (strcmp(name, "Amazon") == 0) | ||
| 61 | return "Amazon"; | ||
| 62 | return strdup(name); | ||
| 63 | } | ||
| 64 | |||
| 37 | static inline RNode *addOne(RNode *ptr, char *name) { | 65 | static inline RNode *addOne(RNode *ptr, char *name) { |
| 38 | assert(ptr); | 66 | assert(ptr); |
| 39 | if (ptr->one) | 67 | if (ptr->one) |
| 40 | return ptr->one; | 68 | return ptr->one; |
| 41 | RNode *node = malloc(sizeof(RNode)); | 69 | RNode *node = rmalloc(); |
| 42 | if (!node) | 70 | assert(node); |
| 43 | errExit("malloc"); | ||
| 44 | memset(node, 0, sizeof(RNode)); | ||
| 45 | if (name) { | 71 | if (name) { |
| 46 | node->name = strdup(name); | 72 | node->name = duplicate_name(name); |
| 47 | if (!node->name) | 73 | if (!node->name) |
| 48 | errExit("strdup"); | 74 | errExit("duplicate name"); |
| 49 | } | 75 | } |
| 50 | 76 | ||
| 51 | ptr->one = node; | 77 | ptr->one = node; |
| @@ -56,14 +82,12 @@ static inline RNode *addZero(RNode *ptr, char *name) { | |||
| 56 | assert(ptr); | 82 | assert(ptr); |
| 57 | if (ptr->zero) | 83 | if (ptr->zero) |
| 58 | return ptr->zero; | 84 | return ptr->zero; |
| 59 | RNode *node = malloc(sizeof(RNode)); | 85 | RNode *node = rmalloc(); |
| 60 | if (!node) | 86 | assert(node); |
| 61 | errExit("malloc"); | ||
| 62 | memset(node, 0, sizeof(RNode)); | ||
| 63 | if (name) { | 87 | if (name) { |
| 64 | node->name = strdup(name); | 88 | node->name = duplicate_name(name); |
| 65 | if (!node->name) | 89 | if (!node->name) |
| 66 | errExit("strdup"); | 90 | errExit("duplicate name"); |
| 67 | } | 91 | } |
| 68 | 92 | ||
| 69 | ptr->zero = node; | 93 | ptr->zero = node; |
| @@ -97,9 +121,9 @@ char *radix_add(uint32_t ip, uint32_t mask, char *name) { | |||
| 97 | } | 121 | } |
| 98 | assert(ptr); | 122 | assert(ptr); |
| 99 | if (!ptr->name) { | 123 | if (!ptr->name) { |
| 100 | ptr->name = strdup(name); | 124 | ptr->name = duplicate_name(name); |
| 101 | if (!ptr->name) | 125 | if (!ptr->name) |
| 102 | errExit("strdup"); | 126 | errExit("duplicate_name"); |
| 103 | } | 127 | } |
| 104 | 128 | ||
| 105 | return ptr->name; | 129 | return ptr->name; |