diff options
author | glitsj16 <glitsj16@users.noreply.github.com> | 2023-07-06 17:11:59 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-07-06 17:11:59 +0000 |
commit | 2ed64f0d89da91ad901099385520e879346f7865 (patch) | |
tree | f520d17586a3ab4a51bb43031e5878b69089a19e /src/fnettrace | |
parent | rssguard.profile: add netlink to protocol (diff) | |
parent | Merge pull request #5885 from pirate486743186/lobster (diff) | |
download | firejail-2ed64f0d89da91ad901099385520e879346f7865.tar.gz firejail-2ed64f0d89da91ad901099385520e879346f7865.tar.zst firejail-2ed64f0d89da91ad901099385520e879346f7865.zip |
Merge branch 'netblue30:master' into rssguard
Diffstat (limited to 'src/fnettrace')
-rw-r--r-- | src/fnettrace/Makefile | 7 | ||||
-rw-r--r-- | src/fnettrace/main.c | 34 | ||||
-rw-r--r-- | src/fnettrace/radix.c | 93 | ||||
-rw-r--r-- | src/fnettrace/radix.h | 2 | ||||
-rw-r--r-- | src/fnettrace/static-ip-map.txt (renamed from src/fnettrace/static-ip-map) | 137 |
5 files changed, 267 insertions, 6 deletions
diff --git a/src/fnettrace/Makefile b/src/fnettrace/Makefile index fe74afda2..9748a3b47 100644 --- a/src/fnettrace/Makefile +++ b/src/fnettrace/Makefile | |||
@@ -7,3 +7,10 @@ PROG = fnettrace | |||
7 | TARGET = $(PROG) | 7 | TARGET = $(PROG) |
8 | 8 | ||
9 | include $(ROOT)/src/prog.mk | 9 | include $(ROOT)/src/prog.mk |
10 | |||
11 | all: $(TARGET) static-ip-map | ||
12 | static-ip-map: static-ip-map.txt fnettrace | ||
13 | ./fnettrace --squash-map=static-ip-map.txt > static-ip-map | ||
14 | |||
15 | |||
16 | |||
diff --git a/src/fnettrace/main.c b/src/fnettrace/main.c index 3eb7a13f5..2d5072379 100644 --- a/src/fnettrace/main.c +++ b/src/fnettrace/main.c | |||
@@ -677,7 +677,9 @@ static const char *const usage_str = | |||
677 | "Options:\n" | 677 | "Options:\n" |
678 | " --help, -? - this help screen\n" | 678 | " --help, -? - this help screen\n" |
679 | " --log=filename - netlocker logfile\n" | 679 | " --log=filename - netlocker logfile\n" |
680 | " --netfilter - build the firewall rules and commit them.\n" | 680 | " --netfilter - build the firewall rules and commit them\n" |
681 | " --print-map - print IP map\n" | ||
682 | " --squash-map - compress IP map\n" | ||
681 | " --tail - \"tail -f\" functionality\n" | 683 | " --tail - \"tail -f\" functionality\n" |
682 | "Examples:\n" | 684 | "Examples:\n" |
683 | " # fnettrace - traffic trace\n" | 685 | " # fnettrace - traffic trace\n" |
@@ -710,6 +712,36 @@ int main(int argc, char **argv) { | |||
710 | usage(); | 712 | usage(); |
711 | return 0; | 713 | return 0; |
712 | } | 714 | } |
715 | else if (strcmp(argv[i], "--print-map") == 0) { | ||
716 | char *fname = "static-ip-map.txt"; | ||
717 | load_hostnames(fname); | ||
718 | radix_print(); | ||
719 | return 0; | ||
720 | } | ||
721 | else if (strncmp(argv[i], "--squash-map=", 13) == 0) { | ||
722 | if (i !=(argc - 1)) { | ||
723 | fprintf(stderr, "Error: please provide a map file\n"); | ||
724 | return 1; | ||
725 | } | ||
726 | load_hostnames(argv[i] + 13); | ||
727 | int in = radix_nodes; | ||
728 | radix_squash(); | ||
729 | radix_squash(); | ||
730 | radix_squash(); | ||
731 | radix_squash(); | ||
732 | radix_squash(); | ||
733 | |||
734 | printf("#\n"); | ||
735 | printf("# This file is part of firejail project\n"); | ||
736 | printf("# The following list of addresses was compiled from various public sources.\n"); | ||
737 | printf("# License GPLv2\n"); | ||
738 | printf("#\n"); | ||
739 | |||
740 | radix_print(); | ||
741 | printf("\n#\n#\n# input %d, output %d\n#\n#\n", in, radix_nodes); | ||
742 | fprintf(stderr, "static ip map: input %d, output %d\n", in, radix_nodes); | ||
743 | return 0; | ||
744 | } | ||
713 | else if (strcmp(argv[i], "--netfilter") == 0) | 745 | else if (strcmp(argv[i], "--netfilter") == 0) |
714 | arg_netfilter = 1; | 746 | arg_netfilter = 1; |
715 | else if (strcmp(argv[i], "--tail") == 0) | 747 | else if (strcmp(argv[i], "--tail") == 0) |
diff --git a/src/fnettrace/radix.c b/src/fnettrace/radix.c index a1d510a61..f0a22da74 100644 --- a/src/fnettrace/radix.c +++ b/src/fnettrace/radix.c | |||
@@ -55,10 +55,14 @@ static RNode *rmalloc(void) { | |||
55 | static inline char *duplicate_name(const char *name) { | 55 | static inline char *duplicate_name(const char *name) { |
56 | assert(name); | 56 | assert(name); |
57 | 57 | ||
58 | if (strcmp(name, "United States") == 0) | 58 | if (strcmp(name, "Amazon") == 0) |
59 | return "United States"; | ||
60 | else if (strcmp(name, "Amazon") == 0) | ||
61 | return "Amazon"; | 59 | return "Amazon"; |
60 | else if (strcmp(name, "Digital Ocean") == 0) | ||
61 | return "Digital Ocean"; | ||
62 | else if (strcmp(name, "Linode") == 0) | ||
63 | return "Linode"; | ||
64 | else if (strcmp(name, "Google") == 0) | ||
65 | return "Google"; | ||
62 | return strdup(name); | 66 | return strdup(name); |
63 | } | 67 | } |
64 | 68 | ||
@@ -152,3 +156,86 @@ char *radix_longest_prefix_match(uint32_t ip) { | |||
152 | 156 | ||
153 | return (rv)? rv->name: NULL; | 157 | return (rv)? rv->name: NULL; |
154 | } | 158 | } |
159 | |||
160 | static uint32_t sum; | ||
161 | static void print(RNode *ptr, int level) { | ||
162 | if (!ptr) | ||
163 | return; | ||
164 | if (ptr->name) { | ||
165 | printf("%d.%d.%d.%d/%d ", PRINT_IP(sum << (32 - level)), level); | ||
166 | printf("%s\n", ptr->name); | ||
167 | } | ||
168 | |||
169 | if (ptr->zero == NULL && ptr->one == NULL) | ||
170 | return; | ||
171 | |||
172 | level++; | ||
173 | sum <<= 1; | ||
174 | print(ptr->zero, level); | ||
175 | sum++; | ||
176 | print(ptr->one, level); | ||
177 | sum--; | ||
178 | sum >>= 1; | ||
179 | } | ||
180 | |||
181 | void radix_print(void) { | ||
182 | if (!head) | ||
183 | return; | ||
184 | printf("\n"); | ||
185 | sum = 0; | ||
186 | print(head->zero, 1); | ||
187 | assert(sum == 0); | ||
188 | sum = 1; | ||
189 | print(head->one, 1); | ||
190 | assert(sum == 1); | ||
191 | } | ||
192 | |||
193 | static inline int strnullcmp(const char *a, const char *b) { | ||
194 | if (!a || !b) | ||
195 | return -1; | ||
196 | return strcmp(a, b); | ||
197 | } | ||
198 | |||
199 | void squash(RNode *ptr, int level) { | ||
200 | if (!ptr) | ||
201 | return; | ||
202 | |||
203 | if (ptr->name == NULL && | ||
204 | ptr->zero && ptr->one && | ||
205 | strnullcmp(ptr->zero->name, ptr->one->name) == 0 && | ||
206 | !ptr->zero->zero && !ptr->zero->one && | ||
207 | !ptr->one->zero && !ptr->one->one) { | ||
208 | ptr->name = ptr->one->name; | ||
209 | // fprintf(stderr, "squashing %d.%d.%d.%d/%d ", PRINT_IP(sum << (32 - level)), level); | ||
210 | // fprintf(stderr, "%s\n", ptr->name); | ||
211 | ptr->zero = NULL; | ||
212 | ptr->one = NULL; | ||
213 | radix_nodes--; | ||
214 | return; | ||
215 | } | ||
216 | |||
217 | if (ptr->zero == NULL && ptr->one == NULL) | ||
218 | return; | ||
219 | |||
220 | level++; | ||
221 | sum <<= 1; | ||
222 | squash(ptr->zero, level); | ||
223 | sum++; | ||
224 | squash(ptr->one, level); | ||
225 | sum--; | ||
226 | sum >>= 1; | ||
227 | } | ||
228 | |||
229 | // using stderr for printing | ||
230 | void radix_squash(void) { | ||
231 | if (!head) | ||
232 | return; | ||
233 | |||
234 | sum = 0; | ||
235 | squash(head->zero, 1); | ||
236 | assert(sum == 0); | ||
237 | sum = 1; | ||
238 | squash(head->one, 1); | ||
239 | assert(sum == 1); | ||
240 | |||
241 | } | ||
diff --git a/src/fnettrace/radix.h b/src/fnettrace/radix.h index d75fe3999..349d0e4b8 100644 --- a/src/fnettrace/radix.h +++ b/src/fnettrace/radix.h | |||
@@ -23,5 +23,7 @@ | |||
23 | extern int radix_nodes; | 23 | extern int radix_nodes; |
24 | char *radix_longest_prefix_match(uint32_t ip); | 24 | char *radix_longest_prefix_match(uint32_t ip); |
25 | char *radix_add(uint32_t ip, uint32_t mask, char *name); | 25 | char *radix_add(uint32_t ip, uint32_t mask, char *name); |
26 | void radix_print(void); | ||
27 | void radix_squash(void); | ||
26 | 28 | ||
27 | #endif | 29 | #endif |
diff --git a/src/fnettrace/static-ip-map b/src/fnettrace/static-ip-map.txt index f7758896e..92c55d148 100644 --- a/src/fnettrace/static-ip-map +++ b/src/fnettrace/static-ip-map.txt | |||
@@ -44,6 +44,13 @@ | |||
44 | 172.16.0.0/16 local network | 44 | 172.16.0.0/16 local network |
45 | 169.254.0.0/16 local link | 45 | 169.254.0.0/16 local link |
46 | 46 | ||
47 | # multicast | ||
48 | 224.0.0.0/4 multicast | ||
49 | 224.0.0.9/32 RIPv2 | ||
50 | 224.0.0.5/32 OSPF | ||
51 | 224.0.0.6/32 OSPF | ||
52 | 224.0.0.251/32 Multicast DNS | ||
53 | |||
47 | # huge address ranges | 54 | # huge address ranges |
48 | 4.0.0.0/9 Level 3 | 55 | 4.0.0.0/9 Level 3 |
49 | 4.128.0.0/9 Microsoft | 56 | 4.128.0.0/9 Microsoft |
@@ -67,8 +74,7 @@ | |||
67 | 55.0.0.0/8 US Army | 74 | 55.0.0.0/8 US Army |
68 | 56.0.0.0/8 US Postal Service | 75 | 56.0.0.0/8 US Postal Service |
69 | 73.0.0.0/8 Comcast | 76 | 73.0.0.0/8 Comcast |
70 | 205.0.0.0/8 US Army | 77 | 214.0.0.0/8 US Army |
71 | 214.0.0.0/8 US Army | ||
72 | 215.0.0.0/8 US Army | 78 | 215.0.0.0/8 US Army |
73 | 79 | ||
74 | # DNS | 80 | # DNS |
@@ -107,6 +113,7 @@ | |||
107 | 37.77.184.0/21 Netflix | 113 | 37.77.184.0/21 Netflix |
108 | 45.57.0.0/17 Netflix | 114 | 45.57.0.0/17 Netflix |
109 | 45.58.64.0/20 Dropbox | 115 | 45.58.64.0/20 Dropbox |
116 | 45.88.203.0/24 Gab | ||
110 | 45.113.128.0/22 Twitch | 117 | 45.113.128.0/22 Twitch |
111 | 47.88.0.0/14 Alibaba | 118 | 47.88.0.0/14 Alibaba |
112 | 52.223.192.0/18 Twitch | 119 | 52.223.192.0/18 Twitch |
@@ -166,6 +173,7 @@ | |||
166 | 185.125.188.0/22 Ubuntu One | 173 | 185.125.188.0/22 Ubuntu One |
167 | 185.199.108.0/22 GitHub | 174 | 185.199.108.0/22 GitHub |
168 | 185.205.69.0/24 Tutanota | 175 | 185.205.69.0/24 Tutanota |
176 | 185.238.113.0/24 Bitchute | ||
169 | 188.64.224.0/21 Twitter | 177 | 188.64.224.0/21 Twitter |
170 | 190.217.33.0/24 Steam | 178 | 190.217.33.0/24 Steam |
171 | 192.0.64.0/18 Wordpress | 179 | 192.0.64.0/18 Wordpress |
@@ -188,6 +196,30 @@ | |||
188 | 208.75.76.0/22 Netflix | 196 | 208.75.76.0/22 Netflix |
189 | 208.78.164.0/22 Steam | 197 | 208.78.164.0/22 Steam |
190 | 208.80.152.0/22 Wikipedia | 198 | 208.80.152.0/22 Wikipedia |
199 | |||
200 | # Level 3 | ||
201 | 205.128.0.0/14 Level 3 | ||
202 | 205.180.0.0/14 Level 3 | ||
203 | 205.184.0.0/19 Level 3 | ||
204 | 205.184.32.0/20 Level 3 | ||
205 | 205.184.96.0/19 Level 3 | ||
206 | 205.184.128.0/18 Level 3 | ||
207 | 205.184.192.0/20 Level 3 | ||
208 | 205.184.240.0/20 Level 3 | ||
209 | 205.128.0.0/14 Level 3 | ||
210 | 205.180.0.0/14 Level 3 | ||
211 | 205.184.0.0/19 Level 3 | ||
212 | 205.184.32.0/20 Level 3 | ||
213 | 205.184.96.0/19 Level 3 | ||
214 | 205.184.128.0/18 Level 3 | ||
215 | 205.184.192.0/20 Level 3 | ||
216 | 205.184.240.0/20 Level 3 | ||
217 | 205.187.32.0/20 Level 3 | ||
218 | 205.187.80.0/20 Level 3 | ||
219 | 205.187.128.0/19 Level 3 | ||
220 | 205.187.176.0/20 Level 3 | ||
221 | 205.187.192.0/18 Level 3 | ||
222 | 205.224.0.0/14 Level 3 | ||
191 | 209.244.0.0/14 Level 3 | 223 | 209.244.0.0/14 Level 3 |
192 | 224 | ||
193 | # WholeSale Internet | 225 | # WholeSale Internet |
@@ -204,6 +236,28 @@ | |||
204 | 69.16.174.0/23 StackPath | 236 | 69.16.174.0/23 StackPath |
205 | 69.16.176.0/20 StackPath | 237 | 69.16.176.0/20 StackPath |
206 | 151.139.0.0/16 StackPath | 238 | 151.139.0.0/16 StackPath |
239 | 205.185.194.0/23 StackPath | ||
240 | 205.185.196.0/23 StackPath | ||
241 | 205.185.198.0/24 StackPath | ||
242 | 205.185.200.0/21 StackPath | ||
243 | 205.185.212.0/23 StackPath | ||
244 | 205.185.215.0/24 StackPath | ||
245 | 205.185.216.0/23 StackPath | ||
246 | 205.185.219.0/24 StackPath | ||
247 | 205.185.220.0/24 StackPath | ||
248 | 205.185.215.0/24 StackPath | ||
249 | 205.185.216.0/23 StackPath | ||
250 | 205.185.219.0/24 StackPath | ||
251 | 205.185.220.0/24 StackPath | ||
252 | 205.185.194.0/23 StackPath | ||
253 | 205.185.196.0/23 StackPath | ||
254 | 205.185.198.0/24 StackPath | ||
255 | 205.185.200.0/21 StackPath | ||
256 | 205.185.212.0/23 StackPath | ||
257 | 205.185.215.0/24 StackPath | ||
258 | 205.185.216.0/23 StackPath | ||
259 | 205.185.219.0/24 StackPath | ||
260 | 205.185.220.0/24 StackPath | ||
207 | 261 | ||
208 | # Linode | 262 | # Linode |
209 | 103.29.68.0/22 Linode | 263 | 103.29.68.0/22 Linode |
@@ -314,6 +368,7 @@ | |||
314 | 96.6.0.0/15 Akamai | 368 | 96.6.0.0/15 Akamai |
315 | 96.16.0.0/15 Akamai | 369 | 96.16.0.0/15 Akamai |
316 | 104.64.0.0/10 Akamai | 370 | 104.64.0.0/10 Akamai |
371 | 173.222.0.0/15 Akamai | ||
317 | 184.24.0.0/13 Akamai | 372 | 184.24.0.0/13 Akamai |
318 | 184.50.0.0/15 Akamai | 373 | 184.50.0.0/15 Akamai |
319 | 184.84.0.0/14 Akamai | 374 | 184.84.0.0/14 Akamai |
@@ -371,6 +426,13 @@ | |||
371 | 192.229.128.0/17 MCI | 426 | 192.229.128.0/17 MCI |
372 | 427 | ||
373 | # Microsoft | 428 | # Microsoft |
429 | 20.40.0.0/13 Microsoft | ||
430 | 20.64.0.0/10 Microsoft | ||
431 | 20.48.0.0/12 Microsoft | ||
432 | 20.128.0.0/16 Microsoft | ||
433 | 20.33.0.0/16 Microsoft | ||
434 | 20.36.0.0/14 Microsoft | ||
435 | 20.34.0.0/15 Microsoft | ||
374 | 40.76.0.0/14 Microsoft | 436 | 40.76.0.0/14 Microsoft |
375 | 40.96.0.0/12 Microsoft | 437 | 40.96.0.0/12 Microsoft |
376 | 40.112.0.0/13 Microsoft | 438 | 40.112.0.0/13 Microsoft |
@@ -5407,3 +5469,74 @@ | |||
5407 | 209.97.144.0/20 Digital Ocean | 5469 | 209.97.144.0/20 Digital Ocean |
5408 | 209.97.160.0/20 Digital Ocean | 5470 | 209.97.160.0/20 Digital Ocean |
5409 | 209.97.176.0/20 Digital Ocean | 5471 | 209.97.176.0/20 Digital Ocean |
5472 | |||
5473 | # Leaseweb | ||
5474 | 185.28.70.0/24 Leaseweb | ||
5475 | 108.177.128.0/22 Leaseweb | ||
5476 | 108.177.216.0/22 Leaseweb | ||
5477 | 108.177.244.0/22 Leaseweb | ||
5478 | 108.62.152.0/21 Leaseweb | ||
5479 | 108.62.192.0/22 Leaseweb | ||
5480 | 108.62.197.0/24 Leaseweb | ||
5481 | 108.62.199.0/24 Leaseweb | ||
5482 | 108.62.220.0/22 Leaseweb | ||
5483 | 108.62.5.0/24 Leaseweb | ||
5484 | 108.62.56.0/21 Leaseweb | ||
5485 | 142.234.104.0/21 Leaseweb | ||
5486 | 142.234.168.0/21 Leaseweb | ||
5487 | 142.234.180.0/22 Leaseweb | ||
5488 | 142.234.188.0/22 Leaseweb | ||
5489 | 142.234.232.0/21 Leaseweb | ||
5490 | 142.234.248.0/22 Leaseweb | ||
5491 | 142.91.116.0/22 Leaseweb | ||
5492 | 142.91.208.0/22 Leaseweb | ||
5493 | 142.91.88.0/21 Leaseweb | ||
5494 | 147.255.224.0/21 Leaseweb | ||
5495 | 172.241.120.0/22 Leaseweb | ||
5496 | 172.241.136.0/22 Leaseweb | ||
5497 | 172.241.156.0/22 Leaseweb | ||
5498 | 172.241.200.0/22 Leaseweb | ||
5499 | 173.208.118.0/24 Leaseweb | ||
5500 | 173.208.32.0/21 Leaseweb | ||
5501 | 173.234.180.0/22 Leaseweb | ||
5502 | 173.234.80.0/22 Leaseweb | ||
5503 | 173.234.88.0/23 Leaseweb | ||
5504 | 174.34.144.0/24 Leaseweb | ||
5505 | 174.34.145.0/24 Leaseweb | ||
5506 | 216.6.228.0/24 Leaseweb | ||
5507 | 216.6.236.0/24 Leaseweb | ||
5508 | 23.105.64.0/19 Leaseweb | ||
5509 | 23.106.0.0/19 Leaseweb | ||
5510 | 23.106.192.0/19 Leaseweb | ||
5511 | 23.108.128.0/19 Leaseweb | ||
5512 | 23.108.224.0/19 Leaseweb | ||
5513 | 23.19.104.0/22 Leaseweb | ||
5514 | 23.19.124.0/22 Leaseweb | ||
5515 | 23.19.128.0/22 Leaseweb | ||
5516 | 23.19.168.0/22 Leaseweb | ||
5517 | 23.19.216.0/22 Leaseweb | ||
5518 | 23.19.248.0/22 Leaseweb | ||
5519 | 23.19.32.0/21 Leaseweb | ||
5520 | 23.19.80.0/21 Leaseweb | ||
5521 | 23.81.0.0/21 Leaseweb | ||
5522 | 23.81.136.0/21 Leaseweb | ||
5523 | 23.81.208.0/21 Leaseweb | ||
5524 | 23.82.144.0/21 Leaseweb | ||
5525 | 23.82.192.0/20 Leaseweb | ||
5526 | 23.82.208.0/21 Leaseweb | ||
5527 | 23.82.216.0/21 Leaseweb | ||
5528 | 23.82.224.0/21 Leaseweb | ||
5529 | 23.82.240.0/21 Leaseweb | ||
5530 | 23.82.32.0/21 Leaseweb | ||
5531 | 23.82.72.0/21 Leaseweb | ||
5532 | 64.120.106.0/24 Leaseweb | ||
5533 | 64.120.123.0/24 Leaseweb | ||
5534 | 64.120.16.0/22 Leaseweb | ||
5535 | 64.120.2.0/24 Leaseweb | ||
5536 | 64.120.4.0/22 Leaseweb | ||
5537 | 64.120.48.0/22 Leaseweb | ||
5538 | 64.120.65.0/24 Leaseweb | ||
5539 | 64.120.68.0/24 Leaseweb | ||
5540 | 64.120.69.0/24 Leaseweb | ||
5541 | 69.147.236.0/24 Leaseweb | ||
5542 | 70.32.34.0/24 Leaseweb | ||